def get_user_rights(sys_admin_client, user_session): """Return rights associated with the role of an user. :param pyvcloud.vcd.client.Client sys_admin_client: the sys admin cilent that will be used to query vCD about the rights and roles of the concerned user. :param lxml.objectify.ObjectifiedElement user_session: :return: the list of rights contained in the role of the user (corresponding to the user_session). :rtype: list of str """ user_org_link = find_link(resource=user_session, rel=RelationType.DOWN, media_type=EntityType.ORG.value) user_org_href = user_org_link.href org = Org(sys_admin_client, href=user_org_href) user_role_name = user_session.get('roles') role = Role(sys_admin_client, resource=org.get_role_resource(user_role_name)) user_rights = [] user_rights_as_list_of_dict = role.list_rights() for right_dict in user_rights_as_list_of_dict: user_rights.append(right_dict.get('name')) return user_rights
def get_user_rights(user_client, user_session): """Lists rights of the current user. Args: client (pyvcloud.vcd.client.Client): Session of the requesting user Returns: list: List of rights IDs """ user_rights_list = [] # Start a sys admin session admin_client = login_as_system_admin() # Get org from user user_org = Org(user_client, resource=user_client.get_org()) # Get admin object from the user's org admin_org = Org(admin_client, href=user_org.href) # Get role for user user_role = user_session.get('roles') # Get admin object from role admin_role = Role(admin_client, resource=user_org.get_role_resource(user_role)) # Iterate on rights applied to the role for right in admin_role.list_rights(): user_rights_list.append(right.get('id')) return user_rights_list
def info(ctx, role_name, org_name): try: client = ctx.obj['client'] if org_name is not None: org_href = client.get_org_by_name(org_name).get('href') else: org_href = ctx.obj['profiles'].get('org_href') org = Org(client, href=org_href) role_resource = org.get_role_resource(role_name) stdout(to_dict(role_resource, exclude=['Link', 'RightReferences']), ctx) except Exception as e: stderr(e, ctx)
def info(ctx, role_name, org_name): try: restore_session(ctx) client = ctx.obj['client'] if org_name is not None: org_href = client.get_org_by_name(org_name).get('href') else: org_href = ctx.obj['profiles'].get('org_href') org = Org(client, href=org_href) role_resource = org.get_role_resource(role_name) stdout( to_dict(role_resource, exclude=['Link', 'RightReferences']), ctx) except Exception as e: stderr(e, ctx)
def assign_native_rights(role_name, right_list=None, logger=NULL_LOGGER): logger.debug(f"Assigning rights {right_list} to the role {role_name}") if not right_list: logger.debug(f"Skipping assigning native rights to role {role_name}") return try: test_org = Org(CLIENT, href=TEST_ORG_HREF) role_resource = test_org.get_role_resource(role_name) role = Role(CLIENT, resource=role_resource) initial_right_set = set([r['name'] for r in role.list_rights()]) right_set = set(right_list) initial_right_set.update(right_set) role.add_rights(list(initial_right_set), test_org) except Exception as e: logger.warning(f"Failed to assign native rights " f"{right_list} to role {role_name}: {e} ")
def clone(ctx, original_role_name, new_role_name, org_name, description): try: restore_session(ctx) client = ctx.obj['client'] if org_name is not None: org_href = client.get_org_by_name(org_name).get('href') else: org_href = ctx.obj['profiles'].get('org_href') org = Org(client, href=org_href) role_resource = org.get_role_resource(original_role_name) # get original role description if description is None: description = to_dict(role_resource)['Description'] # get original role rights role = Role(client, resource=role_resource) raw_rights = role.list_rights() # list of dicts: {'name': 'right'} rights = [right_dict['name'] for right_dict in raw_rights] role = org.create_role(new_role_name, description, rights) stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx) except Exception as e: stderr(e, ctx)
class Roles(VcdAnsibleModule): def __init__(self, **kwargs): super(Roles, self).__init__(**kwargs) self.org = Org(self.client, resource=self.client.get_org()) def manage_states(self): state = self.params.get('state') if state == 'present': return self.create() if state == 'absent': return self.delete() if state == 'update': return self.update() def manage_operations(self): operation = self.params.get('operation') if operation == "list_rights": return self.list_rights() if operation == "list_roles": return self.list_roles() def create(self): role_name = self.params.get('role_name') role_description = self.params.get('role_description') role_rights = self.params.get('role_rights') response = dict() response['changed'] = False try: self.org.get_role_record(role_name) except EntityNotFoundException: self.org.create_role(role_name, role_description, role_rights) response['msg'] = 'Role {} has been created.'.format(role_name) response['changed'] = True else: response['warnings'] = 'Role {} is already present.'.format( role_name) return response def update(self): role_name = self.params.get('role_name') role_description = self.params.get('role_description') role_rights = self.params.get('role_rights') response = dict() response['changed'] = False role = self.org.get_role_record(role_name) role_resource = self.org.get_role_resource(role_name) role_resource.Description = E.Description(role_description) role_rights = tuple() if role_rights is None else role_rights for role_right in tuple(role_rights): role_right_record = self.org.get_right_record(role_right) role_resource.RightReferences.append( E.RightReference(name=role_right_record.get('name'), href=role_right_record.get('href'), type=EntityType.RIGHT.value)) self.client.put_resource(role.get('href'), role_resource, EntityType.ROLE.value) response['msg'] = 'Role {} has been updated.'.format(role_name) response['changed'] = True return response def delete(self): role_name = self.params.get('role_name') response = dict() response['changed'] = False try: self.org.get_role_record(role_name) self.org.delete_role(role_name) response['msg'] = 'Role {} has been deleted.'.format(role_name) response['changed'] = True except EntityNotFoundException: response['warnings'] = 'Role {} is not present.'.format(role_name) return response def list_rights(self): response = dict() response['changed'] = False response['msg'] = self.org.list_rights_of_org() return response def list_roles(self): response = dict() response['changed'] = False response['msg'] = self.org.list_roles() return response