def get_user_rights(sys_admin_client, user_session):
    """Return rights associated with the role of an user.

    :param pyvcloud.vcd.client.Client sys_admin_client: the sys admin cilent
        that will be used to query vCD about the rights and roles of the
        concerned user.
    :param lxml.objectify.ObjectifiedElement user_session:

    :return: the list of rights contained in the role of the user
        (corresponding to the user_session).

    :rtype: list of str
    """
    user_org_link = find_link(resource=user_session,
                              rel=RelationType.DOWN,
                              media_type=EntityType.ORG.value)
    user_org_href = user_org_link.href
    org = Org(sys_admin_client, href=user_org_href)
    user_role_name = user_session.get('roles')
    role = Role(sys_admin_client,
                resource=org.get_role_resource(user_role_name))

    user_rights = []
    user_rights_as_list_of_dict = role.list_rights()
    for right_dict in user_rights_as_list_of_dict:
        user_rights.append(right_dict.get('name'))
    return user_rights
Ejemplo n.º 2
0
 def test_08_unlink_role_from_template(self):
     logged_in_org = self.client.get_org()
     org = Org(self.client, resource=logged_in_org)
     role_name = self.config['vcd']['role_name']
     role_record = org.get_role_record(role_name)
     role = Role(self.client, href=role_record.get('href'))
     role.unlink()
Ejemplo n.º 3
0
def get_user_rights(user_client, user_session):
    """Lists rights of the current user.

    Args:
        client (pyvcloud.vcd.client.Client): Session of the requesting user

    Returns:
        list: List of rights IDs
    """
    user_rights_list = []
    # Start a sys admin session
    admin_client = login_as_system_admin()
    # Get org from user
    user_org = Org(user_client, resource=user_client.get_org())
    # Get admin object from the user's org
    admin_org = Org(admin_client, href=user_org.href)
    # Get role for user
    user_role = user_session.get('roles')
    # Get admin object from role
    admin_role = Role(admin_client,
                      resource=user_org.get_role_resource(user_role))
    # Iterate on rights applied to the role
    for right in admin_role.list_rights():
        user_rights_list.append(right.get('id'))
    return user_rights_list
Ejemplo n.º 4
0
 def test_03_get_rights(self):
     logged_in_org = self.client.get_org()
     org = Org(self.client, resource=logged_in_org)
     role_name = self.config['vcd']['role_name']
     role_record = org.get_role_record(role_name)
     role = Role(self.client, href=role_record.get('href'))
     rights = role.list_rights()
     assert len(rights) > 0
Ejemplo n.º 5
0
def list_rights(ctx, role_name, org_name):
    try:
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, org_href)
        role_record = org.get_role(role_name)
        role = Role(client, href=role_record.get('href'))
        rights = role.list_rights()
        stdout(rights, ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 6
0
def add_right(ctx, role_name, rights, org_name):
    try:
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, href=org_href)
        role_record = org.get_role_record(role_name)
        role = Role(client, href=role_record.get('href'))
        role.add_rights(list(rights), org)
        stdout('Rights added successfully to the role \'%s\'' % role_name, ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 7
0
def add_right(ctx, role_name, rights, org_name):
    try:
        restore_session(ctx)
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, href=org_href)
        role_record = org.get_role_record(role_name)
        role = Role(client, href=role_record.get('href'))
        role.add_rights(list(rights), org)
        stdout('Rights added successfully to the role \'%s\'' % role_name, ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 8
0
def list_rights(ctx, role_name, org_name):
    try:
        restore_session(ctx)
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, href=org_href)
        role_record = org.get_role_record(role_name)
        role = Role(client, href=role_record.get('href'))
        rights = role.list_rights()
        stdout(rights, ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 9
0
def assign_native_rights(role_name, right_list=None, logger=NULL_LOGGER):
    logger.debug(f"Assigning rights {right_list} to the role {role_name}")
    if not right_list:
        logger.debug(f"Skipping assigning native rights to role {role_name}")
        return
    try:
        test_org = Org(CLIENT, href=TEST_ORG_HREF)
        role_resource = test_org.get_role_resource(role_name)
        role = Role(CLIENT, resource=role_resource)
        initial_right_set = set([r['name'] for r in role.list_rights()])
        right_set = set(right_list)
        initial_right_set.update(right_set)
        role.add_rights(list(initial_right_set), test_org)
    except Exception as e:
        logger.warning(f"Failed to assign native rights "
                       f"{right_list} to role {role_name}: {e} ")
Ejemplo n.º 10
0
def link(ctx, role_name, org_name):
    try:
        restore_session(ctx)
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, href=org_href)
        role_record = org.get_role_record(role_name)
        role = Role(client, href=role_record.get('href'))
        role.link()
        stdout('Role \'%s\' has been successfully linked'
               ' to it\'s template.' % role_name, ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 11
0
def link(ctx, role_name, org_name):
    try:
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, org_href)
        role_record = org.get_role(role_name)
        role = Role(client, href=role_record.get('href'))
        role.link()
        stdout(
            'Role \'%s\' has been successfully linked to it\'s template.' %
            role_name, ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 12
0
def remove_right(ctx, role_name, rights, org_name):
    try:
        restore_session(ctx)
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, href=org_href)
        role_record = org.get_role_record(role_name)
        role = Role(client, href=role_record.get('href'))
        role.remove_rights(list(rights))
        stdout('Removed rights successfully from the role \'%s\'' % role_name,
               ctx)
    except Exception as e:
        stderr(e, ctx)
Ejemplo n.º 13
0
    def test_09_add_rights_to_Role(self):
        org_in_use = self.config['vcd']['org_in_use']
        org = Org(self.client,
                  href=self.client.get_org_by_name(org_in_use).get('href'))
        role_name = self.config['vcd']['role_name']
        right_name = self.config['vcd']['right_name']

        role_record = org.get_role_record(role_name)
        role = Role(self.client, href=role_record.get('href'))

        updated_role_resource = role.add_rights([right_name], org)
        success = False
        if hasattr(updated_role_resource, 'RightReferences') and \
                hasattr(updated_role_resource.RightReferences, 'RightReference'):
            for right in updated_role_resource.RightReferences.RightReference:
                if right.get('name') == right_name:
                    success = True
                    break
        assert success
Ejemplo n.º 14
0
def clone(ctx, original_role_name, new_role_name, org_name, description):
    try:
        restore_session(ctx)
        client = ctx.obj['client']
        if org_name is not None:
            org_href = client.get_org_by_name(org_name).get('href')
        else:
            org_href = ctx.obj['profiles'].get('org_href')
        org = Org(client, href=org_href)

        role_resource = org.get_role_resource(original_role_name)
        # get original role description
        if description is None:
            description = to_dict(role_resource)['Description']

        # get original role rights
        role = Role(client, resource=role_resource)
        raw_rights = role.list_rights()  # list of dicts: {'name': 'right'}
        rights = [right_dict['name'] for right_dict in raw_rights]

        role = org.create_role(new_role_name, description, rights)
        stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx)
    except Exception as e:
        stderr(e, ctx)