def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
LOG.info('Synchronizing users role assignments...')
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs])
results = {}
for role_assignment_api in role_assignment_apis:
username = role_assignment_api.username
user_db = username_to_user_db_map.get(username, None)
if not user_db:
LOG.debug(('Skipping role assignments for user "%s" which doesn\'t exist in the '
'database' % (username)))
continue
role_assignment_dbs = rbac_services.get_role_assignments_for_user(user_db=user_db)
result = self._sync_user_role_assignments(user_db=user_db,
role_assignment_dbs=role_assignment_dbs,
role_assignment_api=role_assignment_api)
results[username] = result
LOG.info('User role assignments synchronized')
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
LOG.info("Synchronizing users role assignments...")
username_to_role_assignment_map = dict([(api.username, api) for api in role_assignment_apis])
user_dbs = User.get_all()
results = {}
for user_db in user_dbs:
username = user_db.name
role_assignment_api = username_to_role_assignment_map.get(username, None)
role_assignment_dbs = rbac_services.get_role_assignments_for_user(user_db=user_db)
result = self._sync_user_role_assignments(
user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api
)
results[username] = result
LOG.info("User role assignments synchronized")
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
LOG.info('Synchronizing users role assignments...')
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db)
for user_db in user_dbs])
username_to_role_assignment_api_map = dict([
(role_assignment_api.username, role_assignment_api)
for role_assignment_api in role_assignment_apis
])
# Note: We process assignments for all the users (ones specified in the assignment files
# and ones which are in the databse). We want to make sure assignments are correctly
# deleted from the databse for users which existing in the databse, but have no assignment
# file on disk.
all_usernames = (username_to_user_db_map.keys() +
username_to_role_assignment_api_map.keys())
all_usernames = list(set(all_usernames))
results = {}
for username in all_usernames:
role_assignment_api = username_to_role_assignment_api_map.get(
username, None)
user_db = username_to_user_db_map.get(username, None)
if not user_db:
# Note: We allow assignments to be created for the users which don't exist in the
# DB yet because user creation in StackStorm is lazy (we only create UserDB) object
# when user first logs in.
user_db = UserDB(name=username)
LOG.debug((
'User "%s" doesn\'t exist in the DB, creating assignment anyway'
% (username)))
role_assignment_dbs = rbac_services.get_role_assignments_for_user(
user_db=user_db, include_remote=False)
result = self._sync_user_role_assignments(
user_db=user_db,
role_assignment_dbs=role_assignment_dbs,
role_assignment_api=role_assignment_api)
results[username] = result
LOG.info('User role assignments synchronized')
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
LOG.info('Synchronizing users role assignments...')
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db)
for user_db in user_dbs])
results = {}
for role_assignment_api in role_assignment_apis:
username = role_assignment_api.username
user_db = username_to_user_db_map.get(username, None)
if not user_db:
# Note: We allow assignments to be created for the users which don't exist in the
# DB yet because user creation in StackStorm is lazy (we only create UserDB) object
# when user first logs in.
user_db = UserDB(name=username)
LOG.debug((
'User "%s" doesn\'t exist in the DB, creating assignment anyway'
% (username)))
role_assignment_dbs = rbac_services.get_role_assignments_for_user(
user_db=user_db)
result = self._sync_user_role_assignments(
user_db=user_db,
role_assignment_dbs=role_assignment_dbs,
role_assignment_api=role_assignment_api)
results[username] = result
LOG.info('User role assignments synchronized')
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
LOG.info('Synchronizing users role assignments...')
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db)
for user_db in user_dbs])
results = {}
for role_assignment_api in role_assignment_apis:
username = role_assignment_api.username
user_db = username_to_user_db_map.get(username, None)
if not user_db:
LOG.debug((
'Skipping role assignments for user "%s" which doesn\'t exist in the '
'database' % (username)))
continue
role_assignment_dbs = rbac_services.get_role_assignments_for_user(
user_db=user_db)
result = self._sync_user_role_assignments(
user_db=user_db,
role_assignment_dbs=role_assignment_dbs,
role_assignment_api=role_assignment_api)
results[username] = result
LOG.info('User role assignments synchronized')
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
LOG.info('Synchronizing users role assignments...')
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs])
results = {}
for role_assignment_api in role_assignment_apis:
username = role_assignment_api.username
user_db = username_to_user_db_map.get(username, None)
if not user_db:
# Note: We allow assignments to be created for the users which don't exist in the
# DB yet because user creation in StackStorm is lazy (we only create UserDB) object
# when user first logs in.
user_db = UserDB(name=username)
LOG.debug(('User "%s" doesn\'t exist in the DB, creating assignment anyway' %
(username)))
role_assignment_dbs = rbac_services.get_role_assignments_for_user(user_db=user_db)
result = self._sync_user_role_assignments(user_db=user_db,
role_assignment_dbs=role_assignment_dbs,
role_assignment_api=role_assignment_api)
results[username] = result
LOG.info('User role assignments synchronized')
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
assert isinstance(role_assignment_apis, (list, tuple))
LOG.info('Synchronizing users role assignments...')
# Note: We exclude remote assignments because sync tool is not supposed to manipulate
# remote assignments
role_assignment_dbs = rbac_services.get_all_role_assignments(
include_remote=False)
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db)
for user_db in user_dbs])
username_to_role_assignment_apis_map = defaultdict(list)
username_to_role_assignment_dbs_map = defaultdict(list)
for role_assignment_api in role_assignment_apis:
username = role_assignment_api.username
username_to_role_assignment_apis_map[username].append(
role_assignment_api)
for role_assignment_db in role_assignment_dbs:
username = role_assignment_db.user
username_to_role_assignment_dbs_map[username].append(
role_assignment_db)
# Note: We process assignments for all the users (ones specified in the assignment files
# and ones which are in the database). We want to make sure assignments are correctly
# deleted from the database for users which existing in the database, but have no
# assignment file on disk and for assignments for users which don't exist in the database.
all_usernames = (list(username_to_user_db_map.keys()) +
list(username_to_role_assignment_apis_map.keys()) +
list(username_to_role_assignment_dbs_map.keys()))
all_usernames = list(set(all_usernames))
results = {}
for username in all_usernames:
user_db = username_to_user_db_map.get(username, None)
if not user_db:
# Note: We allow assignments to be created for the users which don't exist in the
# DB yet because user creation in StackStorm is lazy (we only create UserDB) object
# when user first logs in.
user_db = UserDB(name=username)
LOG.debug((
'User "%s" doesn\'t exist in the DB, creating assignment anyway'
% (username)))
role_assignment_apis = username_to_role_assignment_apis_map.get(
username, [])
role_assignment_dbs = username_to_role_assignment_dbs_map.get(
username, [])
# Additional safety assert to ensure we don't accidentally manipulate remote
# assignments
for role_assignment_db in role_assignment_dbs:
assert role_assignment_db.is_remote is False
result = self._sync_user_role_assignments(
user_db=user_db,
role_assignment_dbs=role_assignment_dbs,
role_assignment_apis=role_assignment_apis)
results[username] = result
LOG.info('User role assignments synchronized')
return results
def sync_users_role_assignments(self, role_assignment_apis):
"""
Synchronize role assignments for all the users in the database.
:param role_assignment_apis: Role assignments API objects for the assignments loaded
from the files.
:type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI`
:return: Dictionary with created and removed role assignments for each user.
:rtype: ``dict``
"""
assert isinstance(role_assignment_apis, (list, tuple))
LOG.info('Synchronizing users role assignments...')
# Note: We exclude remote assignments because sync tool is not supposed to manipulate
# remote assignments
role_assignment_dbs = rbac_services.get_all_role_assignments(include_remote=False)
user_dbs = User.get_all()
username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs])
username_to_role_assignment_apis_map = defaultdict(list)
username_to_role_assignment_dbs_map = defaultdict(list)
for role_assignment_api in role_assignment_apis:
username = role_assignment_api.username
username_to_role_assignment_apis_map[username].append(role_assignment_api)
for role_assignment_db in role_assignment_dbs:
username = role_assignment_db.user
username_to_role_assignment_dbs_map[username].append(role_assignment_db)
# Note: We process assignments for all the users (ones specified in the assignment files
# and ones which are in the database). We want to make sure assignments are correctly
# deleted from the database for users which existing in the database, but have no
# assignment file on disk and for assignments for users which don't exist in the database.
all_usernames = (list(username_to_user_db_map.keys()) +
list(username_to_role_assignment_apis_map.keys()) +
list(username_to_role_assignment_dbs_map.keys()))
all_usernames = list(set(all_usernames))
results = {}
for username in all_usernames:
user_db = username_to_user_db_map.get(username, None)
if not user_db:
# Note: We allow assignments to be created for the users which don't exist in the
# DB yet because user creation in StackStorm is lazy (we only create UserDB) object
# when user first logs in.
user_db = UserDB(name=username)
LOG.debug(('User "%s" doesn\'t exist in the DB, creating assignment anyway' %
(username)))
role_assignment_apis = username_to_role_assignment_apis_map.get(username, [])
role_assignment_dbs = username_to_role_assignment_dbs_map.get(username, [])
# Additional safety assert to ensure we don't accidentally manipulate remote
# assignments
for role_assignment_db in role_assignment_dbs:
assert role_assignment_db.is_remote is False
result = self._sync_user_role_assignments(
user_db=user_db, role_assignment_dbs=role_assignment_dbs,
role_assignment_apis=role_assignment_apis)
results[username] = result
LOG.info('User role assignments synchronized')
return results
