def create_user_name_to_id_dict(client: Client, users_set: set, org_href): """Get a dictionary of users to user ids from a list of user names. :param Client client: current client :param set users_set: set of user names :param str org_href: href of the org to search in :return: dict of user name keys and user id values :rtype: dict :raise Exception is not all id's are found for users """ own_users_set = users_set.copy() org = vcd_org.Org(client, org_href) org_users = org.list_users() user_name_to_id_dict = {} for user_str_elem in org_users: curr_user_dict = vcd_utils.to_dict(user_str_elem, exclude=[]) curr_user_name = curr_user_dict['name'] if curr_user_name in own_users_set: user_id = extract_id_from_href(curr_user_dict['href']) user_name_to_id_dict[ curr_user_name] = shared_constants.USER_URN_PREFIX + user_id # noqa: E501 own_users_set.remove(curr_user_name) # Stop searching if all needed names and ids found if len(own_users_set) == 0: break if len(own_users_set) > 0: raise Exception(f"No user ids found for: {list(own_users_set)}") return user_name_to_id_dict
def get_org_name_from_ovdc_id(sysadmin_client: vcd_client.Client, vdc_id): """Get org_name from vdc_id using OVDC_TO_ORG_MAP. Update OVDC_TO_ORG_MAP for new {org_name:vdc_id} pair :param vdc_id: unique ovdc id :return: org_name :rtype: str """ raise_error_if_not_sysadmin(sysadmin_client) if vdc_id in OVDC_TO_ORG_MAP: return OVDC_TO_ORG_MAP.get(vdc_id) vdc_href = f"{sysadmin_client.get_api_uri()}/vdc/{vdc_id}" vdc_resource = sysadmin_client.get_resource(get_admin_href(vdc_href)) vdc_obj = VDC(sysadmin_client, resource=vdc_resource) link = vcd_client.find_link(vdc_obj.get_resource(), vcd_client.RelationType.UP, vcd_client.EntityType.ADMIN_ORG.value) org = vcd_org.Org(sysadmin_client, href=link.href) OVDC_TO_ORG_MAP[vdc_id] = org.get_name() return org.get_name()
def get_org_name_href_from_ovdc_id(sysadmin_client: vcd_client.Client, vdc_id): """Get org name and href from vdc_id using OVDC_TO_ORG_MAP. Update OVDC_TO_ORG_MAP for new vdc_id :param vdc_id: unique ovdc id :return: org's name and href :rtype: dict """ raise_error_if_user_not_from_system_org(sysadmin_client) if vdc_id in OVDC_TO_ORG_MAP: return OVDC_TO_ORG_MAP.get(vdc_id) vdc_href = f"{sysadmin_client.get_api_uri()}/vdc/{vdc_id}" vdc_resource = sysadmin_client.get_resource(get_admin_href(vdc_href)) vdc_obj = VDC(sysadmin_client, resource=vdc_resource) link = vcd_client.find_link(vdc_obj.get_resource(), vcd_client.RelationType.UP, vcd_client.EntityType.ADMIN_ORG.value) org_href = link.href org = vcd_org.Org(sysadmin_client, href=org_href) org_name = org.get_name() result = {'name': org_name, 'href': org_href} OVDC_TO_ORG_MAP[vdc_id] = result return result
def get_missing_rights_for_cluster_force_delete(client: vcd_client.Client, is_cluster_owner=False, logger=NULL_LOGGER) -> set: """ Find the missing rights for force-deleting the cluster. :param vcd_client.Client client: current client :param bool is_cluster_owner: true if the client is cluster owner :param logging.Logger logger: logger to record errors. :return: all missing rights :rtype: set :raises: OperationNotSupportedException :raises: Exception for any unexpected errors """ role_name = "" try: role_name = get_user_role_name(client) org_obj = vcd_org.Org(client, resource=client.get_org()) role_obj = vcd_role.Role( client, resource=org_obj.get_role_resource(role_name)) # noqa: E501 logger.debug(f"role_name:{role_name}") role_rights = set() for right_dict in role_obj.list_rights(): role_rights.update(right_dict.values()) logger.debug(f"rights of role:{role_name}--{role_rights}") missing_rights = set() if not server_constants.VAPP_DELETE_RIGHTS.issubset(role_rights): missing_rights.update(server_constants.VAPP_DELETE_RIGHTS) if not server_constants.DNAT_DELETE_RIGHTS.issubset(role_rights): missing_rights.update(server_constants.DNAT_DELETE_RIGHTS) if is_cluster_owner: if not server_constants.CSE_NATIVE_CLUSTER_FULL_ACCESS_RIGHTS.issubset( role_rights ) and not server_constants.CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS.issubset( role_rights): # noqa: E501 missing_rights.update( server_constants.CSE_NATIVE_CLUSTER_FULL_ACCESS_RIGHTS ) # noqa: E501 else: if not server_constants.CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS.issubset( role_rights): # noqa: E501 missing_rights.update( server_constants. CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS ) # noqa: E501 except OperationNotSupportedException as err: logger.warning( f"Cannot determine the rights associated with role:{role_name} {err}" ) # noqa: E501 raise except Exception as err: logger.warning( f"Cannot determine the rights associated with role:{role_name} {err}" ) # noqa: E501 raise logger.debug(f"missing rights of role:{role_name}--{missing_rights}") return missing_rights
def get_org(client, org_name=None): """Get the specified or currently logged-in Org object. :param pyvcloud.vcd.client.Client client: :param str org_name: which org to use. If None, uses currently logged-in org from @client. :return: pyvcloud Org object :rtype: pyvcloud.vcd.org.Org :raises EntityNotFoundException: if the org could not be found. """ if not org_name: org_sparse_resource = client.get_org() org = vcd_org.Org(client, href=org_sparse_resource.get('href')) else: org = vcd_org.Org(client, resource=client.get_org_by_name(org_name)) return org
def rights(self): if self._rights is None: # Query is restricted to system administrator org = vcd_org.Org(self.sysadmin_client, href=self.org_href) role = vcd_role.Role(self.sysadmin_client, resource=org.get_role_resource(self.role)) self._rights = [] for right_dict in role.list_rights(): right_name = right_dict.get('name') if right_name is not None: self._rights.append(right_name) return self._rights
def get_org_user_names(client: vcd_client.Client, org_name): """Get a set of user names in an org. :param vcd_client.Client client: current client :param str org_name: org name to search for users :return: set of user names :rtype: set """ org_href = client.get_org_by_name(org_name).get('href') org = vcd_org.Org(client, org_href) str_elem_users: list = org.list_users() user_names: set = set() for user_str_elem in str_elem_users: curr_user_dict = to_dict(user_str_elem, exclude=[]) user_name = curr_user_dict['name'] user_names.add(user_name) return user_names
def create_org_user_id_to_name_dict(client: vcd_client.Client, org_name): """Get a dictionary of users ids to user names. :param vcd_client.Client client: current client :param str org_name: org name to search for users :return: dict of user id keys and user name values :rtype: dict """ org_href = client.get_org_by_name(org_name).get('href') org = vcd_org.Org(client, org_href) users: list = org.list_users() user_id_to_name_dict = {} for user_str_elem in users: curr_user_dict = to_dict(user_str_elem, exclude=[]) user_name = curr_user_dict['name'] user_urn = USER_URN_PREFIX + \ extract_id_from_href(curr_user_dict['href']) user_id_to_name_dict[user_urn] = user_name return user_id_to_name_dict
def rights(self): # If the user is unable to fetch the list of rights, then they # can't be sys admin or org admin. And anyone other than those # two shouldn't be able to see their own set of rights. if self._rights is None: try: org = vcd_org.Org(self.client, href=self.org_href) role = vcd_role.Role(self.client, resource=org.get_role_resource(self.role)) self._rights = [] for right_dict in role.list_rights(): right_name = right_dict.get('name') if right_name is not None: self._rights.append(right_name) # maybe replace with Forbidden exception? except Exception: msg = f"Unable to fetch right records for User: {self.name}" logger.SERVER_LOGGER.debug(msg, exc_info=True) return self._rights
def ovdc_list(request_data, op_ctx: ctx.OperationContext): """Request handler for ovdc list operation. :return: List of dictionaries with org VDC k8s provider metadata. """ defaults = {RequestKey.LIST_PKS_PLANS: False} validated_data = {**defaults, **request_data} list_pks_plans = utils.str_to_bool( validated_data[RequestKey.LIST_PKS_PLANS]) # noqa: E501 # Record telemetry data cse_params = copy.deepcopy(validated_data) cse_params[RequestKey.LIST_PKS_PLANS] = list_pks_plans record_user_action_details(cse_operation=CseOperation.OVDC_LIST, cse_params=cse_params) if list_pks_plans and not op_ctx.client.is_sysadmin(): raise e.UnauthorizedRequestError( 'Operation denied. Enterprise PKS plans visible only ' 'to System Administrators.') # Ideally this should be extracted out to ovdc_utils, but the mandatory # usage of sysadmin client along with a potentially non-sysadmin client # means that the function signature require both tenant client and # sysadmin client, which is very awkward if op_ctx.client.is_sysadmin(): org_resource_list = op_ctx.client.get_org_list() else: org_resource_list = list(op_ctx.client.get_org()) ovdcs = [] for org_resource in org_resource_list: org = vcd_org.Org(op_ctx.client, resource=org_resource) for vdc_sparse in org.list_vdcs(): ovdc_name = vdc_sparse['name'] org_name = org.get_name() k8s_metadata = ovdc_utils.get_ovdc_k8s_provider_metadata( op_ctx.sysadmin_client, ovdc_name=ovdc_name, org_name=org_name) k8s_provider = k8s_metadata[K8S_PROVIDER_KEY] ovdc_dict = { 'name': ovdc_name, 'org': org_name, 'k8s provider': k8s_provider } if list_pks_plans: pks_plans = '' pks_server = '' if k8s_provider == K8sProvider.PKS: # vc name for vdc can only be found using typed query q = op_ctx.client.get_typed_query( vcd_client.ResourceType.ADMIN_ORG_VDC.value, query_result_format=vcd_client.QueryResultFormat. RECORDS, # noqa: E501 qfilter=f"name=={ovdc_name};orgName=={org_name}") # should only ever be one element in the generator ovdc_records = list(q.execute()) if len(ovdc_records) == 0: raise vcd_e.EntityNotFoundException( f"Org VDC {ovdc_name} not found in org {org_name}") ovdc_record = None for record in ovdc_records: ovdc_record = pyvcd_utils.to_dict( record, resource_type=vcd_client.ResourceType. ADMIN_ORG_VDC.value) # noqa: E501 break vc_to_pks_plans_map = {} pks_contexts = pksbroker_manager.create_pks_context_for_all_accounts_in_org( op_ctx) # noqa: E501 for pks_context in pks_contexts: if pks_context['vc'] in vc_to_pks_plans_map: continue pks_broker = pksbroker.PksBroker(pks_context, op_ctx) plans = pks_broker.list_plans() plan_names = [plan.get('name') for plan in plans] vc_to_pks_plans_map[pks_context['vc']] = \ [plan_names, pks_context['host']] pks_plan_and_server_info = vc_to_pks_plans_map.get( ovdc_record['vcName'], []) if len(pks_plan_and_server_info) > 0: pks_plans = pks_plan_and_server_info[0] pks_server = pks_plan_and_server_info[1] ovdc_dict['pks api server'] = pks_server ovdc_dict['available pks plans'] = pks_plans ovdcs.append(ovdc_dict) return ovdcs