def create_user_name_to_id_dict(client: Client, users_set: set, org_href):
"""Get a dictionary of users to user ids from a list of user names.
:param Client client: current client
:param set users_set: set of user names
:param str org_href: href of the org to search in
:return: dict of user name keys and user id values
:rtype: dict
:raise Exception is not all id's are found for users
"""
own_users_set = users_set.copy()
org = vcd_org.Org(client, org_href)
org_users = org.list_users()
user_name_to_id_dict = {}
for user_str_elem in org_users:
curr_user_dict = vcd_utils.to_dict(user_str_elem, exclude=[])
curr_user_name = curr_user_dict['name']
if curr_user_name in own_users_set:
user_id = extract_id_from_href(curr_user_dict['href'])
user_name_to_id_dict[
curr_user_name] = shared_constants.USER_URN_PREFIX + user_id # noqa: E501
own_users_set.remove(curr_user_name)
# Stop searching if all needed names and ids found
if len(own_users_set) == 0:
break
if len(own_users_set) > 0:
raise Exception(f"No user ids found for: {list(own_users_set)}")
return user_name_to_id_dict
def get_org_name_from_ovdc_id(sysadmin_client: vcd_client.Client, vdc_id):
"""Get org_name from vdc_id using OVDC_TO_ORG_MAP.
Update OVDC_TO_ORG_MAP for new {org_name:vdc_id} pair
:param vdc_id: unique ovdc id
:return: org_name
:rtype: str
"""
raise_error_if_not_sysadmin(sysadmin_client)
if vdc_id in OVDC_TO_ORG_MAP:
return OVDC_TO_ORG_MAP.get(vdc_id)
vdc_href = f"{sysadmin_client.get_api_uri()}/vdc/{vdc_id}"
vdc_resource = sysadmin_client.get_resource(get_admin_href(vdc_href))
vdc_obj = VDC(sysadmin_client, resource=vdc_resource)
link = vcd_client.find_link(vdc_obj.get_resource(),
vcd_client.RelationType.UP,
vcd_client.EntityType.ADMIN_ORG.value)
org = vcd_org.Org(sysadmin_client, href=link.href)
OVDC_TO_ORG_MAP[vdc_id] = org.get_name()
return org.get_name()
def get_org_name_href_from_ovdc_id(sysadmin_client: vcd_client.Client, vdc_id):
"""Get org name and href from vdc_id using OVDC_TO_ORG_MAP.
Update OVDC_TO_ORG_MAP for new vdc_id
:param vdc_id: unique ovdc id
:return: org's name and href
:rtype: dict
"""
raise_error_if_user_not_from_system_org(sysadmin_client)
if vdc_id in OVDC_TO_ORG_MAP:
return OVDC_TO_ORG_MAP.get(vdc_id)
vdc_href = f"{sysadmin_client.get_api_uri()}/vdc/{vdc_id}"
vdc_resource = sysadmin_client.get_resource(get_admin_href(vdc_href))
vdc_obj = VDC(sysadmin_client, resource=vdc_resource)
link = vcd_client.find_link(vdc_obj.get_resource(),
vcd_client.RelationType.UP,
vcd_client.EntityType.ADMIN_ORG.value)
org_href = link.href
org = vcd_org.Org(sysadmin_client, href=org_href)
org_name = org.get_name()
result = {'name': org_name, 'href': org_href}
OVDC_TO_ORG_MAP[vdc_id] = result
return result
def get_missing_rights_for_cluster_force_delete(client: vcd_client.Client,
is_cluster_owner=False,
logger=NULL_LOGGER) -> set:
"""
Find the missing rights for force-deleting the cluster.
:param vcd_client.Client client: current client
:param bool is_cluster_owner: true if the client is cluster owner
:param logging.Logger logger: logger to record errors.
:return: all missing rights
:rtype: set
:raises: OperationNotSupportedException
:raises: Exception for any unexpected errors
"""
role_name = ""
try:
role_name = get_user_role_name(client)
org_obj = vcd_org.Org(client, resource=client.get_org())
role_obj = vcd_role.Role(
client,
resource=org_obj.get_role_resource(role_name)) # noqa: E501
logger.debug(f"role_name:{role_name}")
role_rights = set()
for right_dict in role_obj.list_rights():
role_rights.update(right_dict.values())
logger.debug(f"rights of role:{role_name}--{role_rights}")
missing_rights = set()
if not server_constants.VAPP_DELETE_RIGHTS.issubset(role_rights):
missing_rights.update(server_constants.VAPP_DELETE_RIGHTS)
if not server_constants.DNAT_DELETE_RIGHTS.issubset(role_rights):
missing_rights.update(server_constants.DNAT_DELETE_RIGHTS)
if is_cluster_owner:
if not server_constants.CSE_NATIVE_CLUSTER_FULL_ACCESS_RIGHTS.issubset(
role_rights
) and not server_constants.CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS.issubset(
role_rights): # noqa: E501
missing_rights.update(
server_constants.CSE_NATIVE_CLUSTER_FULL_ACCESS_RIGHTS
) # noqa: E501
else:
if not server_constants.CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS.issubset(
role_rights): # noqa: E501
missing_rights.update(
server_constants.
CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS
) # noqa: E501
except OperationNotSupportedException as err:
logger.warning(
f"Cannot determine the rights associated with role:{role_name} {err}"
) # noqa: E501
raise
except Exception as err:
logger.warning(
f"Cannot determine the rights associated with role:{role_name} {err}"
) # noqa: E501
raise
logger.debug(f"missing rights of role:{role_name}--{missing_rights}")
return missing_rights
def get_org(client, org_name=None):
"""Get the specified or currently logged-in Org object.
:param pyvcloud.vcd.client.Client client:
:param str org_name: which org to use. If None, uses currently logged-in
org from @client.
:return: pyvcloud Org object
:rtype: pyvcloud.vcd.org.Org
:raises EntityNotFoundException: if the org could not be found.
"""
if not org_name:
org_sparse_resource = client.get_org()
org = vcd_org.Org(client, href=org_sparse_resource.get('href'))
else:
org = vcd_org.Org(client, resource=client.get_org_by_name(org_name))
return org
def rights(self):
if self._rights is None:
# Query is restricted to system administrator
org = vcd_org.Org(self.sysadmin_client, href=self.org_href)
role = vcd_role.Role(self.sysadmin_client,
resource=org.get_role_resource(self.role))
self._rights = []
for right_dict in role.list_rights():
right_name = right_dict.get('name')
if right_name is not None:
self._rights.append(right_name)
return self._rights
def get_org_user_names(client: vcd_client.Client, org_name):
"""Get a set of user names in an org.
:param vcd_client.Client client: current client
:param str org_name: org name to search for users
:return: set of user names
:rtype: set
"""
org_href = client.get_org_by_name(org_name).get('href')
org = vcd_org.Org(client, org_href)
str_elem_users: list = org.list_users()
user_names: set = set()
for user_str_elem in str_elem_users:
curr_user_dict = to_dict(user_str_elem, exclude=[])
user_name = curr_user_dict['name']
user_names.add(user_name)
return user_names
def create_org_user_id_to_name_dict(client: vcd_client.Client, org_name):
"""Get a dictionary of users ids to user names.
:param vcd_client.Client client: current client
:param str org_name: org name to search for users
:return: dict of user id keys and user name values
:rtype: dict
"""
org_href = client.get_org_by_name(org_name).get('href')
org = vcd_org.Org(client, org_href)
users: list = org.list_users()
user_id_to_name_dict = {}
for user_str_elem in users:
curr_user_dict = to_dict(user_str_elem, exclude=[])
user_name = curr_user_dict['name']
user_urn = USER_URN_PREFIX + \
extract_id_from_href(curr_user_dict['href'])
user_id_to_name_dict[user_urn] = user_name
return user_id_to_name_dict
def rights(self):
# If the user is unable to fetch the list of rights, then they
# can't be sys admin or org admin. And anyone other than those
# two shouldn't be able to see their own set of rights.
if self._rights is None:
try:
org = vcd_org.Org(self.client, href=self.org_href)
role = vcd_role.Role(self.client,
resource=org.get_role_resource(self.role))
self._rights = []
for right_dict in role.list_rights():
right_name = right_dict.get('name')
if right_name is not None:
self._rights.append(right_name)
# maybe replace with Forbidden exception?
except Exception:
msg = f"Unable to fetch right records for User: {self.name}"
logger.SERVER_LOGGER.debug(msg, exc_info=True)
return self._rights
def ovdc_list(request_data, op_ctx: ctx.OperationContext):
"""Request handler for ovdc list operation.
:return: List of dictionaries with org VDC k8s provider metadata.
"""
defaults = {RequestKey.LIST_PKS_PLANS: False}
validated_data = {**defaults, **request_data}
list_pks_plans = utils.str_to_bool(
validated_data[RequestKey.LIST_PKS_PLANS]) # noqa: E501
# Record telemetry data
cse_params = copy.deepcopy(validated_data)
cse_params[RequestKey.LIST_PKS_PLANS] = list_pks_plans
record_user_action_details(cse_operation=CseOperation.OVDC_LIST,
cse_params=cse_params)
if list_pks_plans and not op_ctx.client.is_sysadmin():
raise e.UnauthorizedRequestError(
'Operation denied. Enterprise PKS plans visible only '
'to System Administrators.')
# Ideally this should be extracted out to ovdc_utils, but the mandatory
# usage of sysadmin client along with a potentially non-sysadmin client
# means that the function signature require both tenant client and
# sysadmin client, which is very awkward
if op_ctx.client.is_sysadmin():
org_resource_list = op_ctx.client.get_org_list()
else:
org_resource_list = list(op_ctx.client.get_org())
ovdcs = []
for org_resource in org_resource_list:
org = vcd_org.Org(op_ctx.client, resource=org_resource)
for vdc_sparse in org.list_vdcs():
ovdc_name = vdc_sparse['name']
org_name = org.get_name()
k8s_metadata = ovdc_utils.get_ovdc_k8s_provider_metadata(
op_ctx.sysadmin_client, ovdc_name=ovdc_name, org_name=org_name)
k8s_provider = k8s_metadata[K8S_PROVIDER_KEY]
ovdc_dict = {
'name': ovdc_name,
'org': org_name,
'k8s provider': k8s_provider
}
if list_pks_plans:
pks_plans = ''
pks_server = ''
if k8s_provider == K8sProvider.PKS:
# vc name for vdc can only be found using typed query
q = op_ctx.client.get_typed_query(
vcd_client.ResourceType.ADMIN_ORG_VDC.value,
query_result_format=vcd_client.QueryResultFormat.
RECORDS, # noqa: E501
qfilter=f"name=={ovdc_name};orgName=={org_name}")
# should only ever be one element in the generator
ovdc_records = list(q.execute())
if len(ovdc_records) == 0:
raise vcd_e.EntityNotFoundException(
f"Org VDC {ovdc_name} not found in org {org_name}")
ovdc_record = None
for record in ovdc_records:
ovdc_record = pyvcd_utils.to_dict(
record,
resource_type=vcd_client.ResourceType.
ADMIN_ORG_VDC.value) # noqa: E501
break
vc_to_pks_plans_map = {}
pks_contexts = pksbroker_manager.create_pks_context_for_all_accounts_in_org(
op_ctx) # noqa: E501
for pks_context in pks_contexts:
if pks_context['vc'] in vc_to_pks_plans_map:
continue
pks_broker = pksbroker.PksBroker(pks_context, op_ctx)
plans = pks_broker.list_plans()
plan_names = [plan.get('name') for plan in plans]
vc_to_pks_plans_map[pks_context['vc']] = \
[plan_names, pks_context['host']]
pks_plan_and_server_info = vc_to_pks_plans_map.get(
ovdc_record['vcName'], [])
if len(pks_plan_and_server_info) > 0:
pks_plans = pks_plan_and_server_info[0]
pks_server = pks_plan_and_server_info[1]
ovdc_dict['pks api server'] = pks_server
ovdc_dict['available pks plans'] = pks_plans
ovdcs.append(ovdc_dict)
return ovdcs
