def assign_role_to_group(lib_env, role_id, group_id):
"""
Assign role with id role_id to group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to group
group_id -- id of acl_group element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section, role_id, acl.find_group(acl_section, group_id),
)
def assign_role_to_group(lib_env, role_id, group_id):
"""
Assign role with id role_id to group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to group
group_id -- id of acl_group element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section,
role_id,
acl.find_group(acl_section, group_id),
)
def assign_role_to_group(lib_env, role_id, group_id):
"""
Assign role with id role_id to group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to group
group_id -- id of acl_group element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(acl.find_group(cib, group_id),
acl.find_role(cib, role_id))
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_from_group(lib_env,
role_id,
group_id,
autodelete_group=False):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(acl.find_group(acl_section, group_id), role_id,
autodelete_group)
def assign_role_to_group(lib_env, role_id, group_id):
"""
Assign role with id role_id to group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to group
group_id -- id of acl_group element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(
acl.find_group(cib, group_id), acl.find_role(cib, role_id)
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def _get_target_or_group(cib, target_or_group_id):
"""
Returns acl_target or acl_group element with id target_or_group_id. Target
element has bigger pririty so if there are target and group with same id
only target element will be affected by this function.
Raises LibraryError if there is no target or group element with
specified id.
cib -- cib etree node
target_or_group_id -- id of target/group element which should be returned
"""
try:
return acl.find_target(cib, target_or_group_id)
except acl.AclTargetNotFound:
try:
return acl.find_group(cib, target_or_group_id)
except acl.AclGroupNotFound:
raise LibraryError(
reports.id_not_found(target_or_group_id, "user/group"))
def unassign_role_from_group(
lib_env, role_id, group_id, autodelete_group=False
):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(
acl.find_group(acl_section, group_id),
role_id,
autodelete_group
)
def _get_target_or_group(cib, target_or_group_id):
"""
Returns acl_target or acl_group element with id target_or_group_id. Target
element has bigger pririty so if there are target and group with same id
only target element will be affected by this function.
Raises LibraryError if there is no target or group element with
specified id.
cib -- cib etree node
target_or_group_id -- id of target/group element which should be returned
"""
try:
return acl.find_target(cib, target_or_group_id)
except acl.AclTargetNotFound:
try:
return acl.find_group(cib, target_or_group_id)
except acl.AclGroupNotFound:
raise LibraryError(
reports.id_not_found(target_or_group_id, "user/group")
)
def unassign_role_from_group(lib_env,
role_id,
group_id,
autodelete_group=False):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(acl.find_group(cib, group_id), role_id,
autodelete_group)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_from_group(
lib_env, role_id, group_id, autodelete_group=False
):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(
acl.find_group(cib, group_id),
role_id,
autodelete_group
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_not_found(self):
self.assert_raises(
lib.AclGroupNotFound,
lambda: lib.find_group(self.cib.tree, "group2"),
{"group_id": "group2"}
)
def test_success(self):
assert_xml_equal(
'<acl_group id="group1" description="desc"/>',
etree.tostring(lib.find_group(self.cib.tree, "group1")).decode()
)