def create_required_opsets(operation_sets, db): """Make sure the necessary auth op sets are in the db. If such an opset already exists, force the specified set of auth_operation. """ const = Factory.get("Constants")() baos = BofhdAuthOpSet(db) for auth_opset in operation_sets: baos.clear() try: baos.find_by_name(auth_opset) except Errors.NotFoundError: baos.populate(auth_opset) baos.write_db() requested_opcodes = set( int(const.human2constant(x, const.AuthRoleOp)) for x in operation_sets[auth_opset]) existing_opcodes = set( int(row["op_code"]) for row in baos.list_operations()) for op_code in requested_opcodes.difference(existing_opcodes): logger.debug( "Adding operation opcode=%s (code_str=%s) to opset %s " "(opset_id=%s)", op_code, str(const.AuthRoleOp(op_code)), baos.name, baos.op_set_id) baos.add_operation(op_code) for op_code in existing_opcodes.difference(requested_opcodes): logger.debug( "Deleting operation opcode=%s (code_str=%s) from opset %s " "(opset_id=%s)", op_code, str(const.AuthRoleOp(op_code)), baos.name, baos.op_set_id) baos.del_operation(op_code) baos.write_db()
def create_required_opsets(operation_sets, db): """Make sure the necessary auth op sets are in the db. If such an opset already exists, force the specified set of auth_operation. """ const = Factory.get("Constants")() baos = BofhdAuthOpSet(db) for auth_opset in operation_sets: baos.clear() try: baos.find_by_name(auth_opset) except Errors.NotFoundError: baos.populate(auth_opset) baos.write_db() requested_opcodes = set(int(const.human2constant(x, const.AuthRoleOp)) for x in operation_sets[auth_opset]) existing_opcodes = set(int(row["op_code"]) for row in baos.list_operations()) for op_code in requested_opcodes.difference(existing_opcodes): logger.debug("Adding operation opcode=%s (code_str=%s) to opset %s " "(opset_id=%s)", op_code, str(const.AuthRoleOp(op_code)), baos.name, baos.op_set_id) baos.add_operation(op_code) for op_code in existing_opcodes.difference(requested_opcodes): logger.debug("Deleting operation opcode=%s (code_str=%s) from opset %s " "(opset_id=%s)", op_code, str(const.AuthRoleOp(op_code)), baos.name, baos.op_set_id) baos.del_operation(op_code) baos.write_db()
def fix_opset(db, name, contents): """ Update a single opset. Creates the opset name if it doesn't exist, and then syncs the operations/permissions in `contents` to the Cerebrum database. """ logger.debug('Checking opset %s' % name) co = Factory.get('Constants')(db) baos = BofhdAuthOpSet(db) baos.clear() try: baos.find_by_name(name) except Errors.NotFoundError: baos.populate(name) baos.write_db() logger.info('OpSet %s unknown, created it', name) current_operations = dict([(int(row['op_code']), int(row['op_id'])) for row in baos.list_operations()]) for k in contents.keys(): op_code = co.AuthRoleOp(k) try: int(op_code) except Errors.NotFoundError: logger.error("Operation %s not defined" % k) continue current_op_id = current_operations.get(int(op_code), None) if current_op_id is None: current_op_id = baos.add_operation(op_code) logger.info('OpSet %s got new operation %s', name, k) else: # already there del current_operations[int(op_code)] current_attrs = [ row['attr'] for row in baos.list_operation_attrs(current_op_id) ] for a in contents[k].get('attrs', []): if a not in current_attrs: baos.add_op_attrs(current_op_id, a) logger.info("Add attr for %s:%s: %s", name, k, a) else: current_attrs.remove(a) for a in current_attrs: baos.del_op_attrs(current_op_id, a) logger.info("Remove attr for %s:%s: %s", name, k, a) for op in current_operations: # TBD: In theory this should be op_id, should # the DB have a unique constraint? baos.del_operation(op, current_operations[op]) logger.info('OpSet %s had unwanted operation %s, removed it', name, co.AuthRoleOp(op)) baos.write_db()
def fix_opset(db, name, contents): """ Update a single opset. Creates the opset name if it doesn't exist, and then syncs the operations/permissions in `contents` to the Cerebrum database. """ logger.debug('Checking opset %s' % name) co = Factory.get('Constants')(db) baos = BofhdAuthOpSet(db) baos.clear() try: baos.find_by_name(name) except Errors.NotFoundError: baos.populate(name) baos.write_db() logger.info('OpSet %s unknown, created it', name) current_operations = dict([(int(row['op_code']), int(row['op_id'])) for row in baos.list_operations()]) for k in contents.keys(): op_code = co.AuthRoleOp(k) try: int(op_code) except Errors.NotFoundError: logger.error("Operation %s not defined" % k) continue current_op_id = current_operations.get(int(op_code), None) if current_op_id is None: current_op_id = baos.add_operation(op_code) logger.info('OpSet %s got new operation %s', name, k) else: # already there del current_operations[int(op_code)] current_attrs = [row['attr'] for row in baos.list_operation_attrs(current_op_id)] for a in contents[k].get('attrs', []): if a not in current_attrs: baos.add_op_attrs(current_op_id, a) logger.info("Add attr for %s:%s: %s", name, k, a) else: current_attrs.remove(a) for a in current_attrs: baos.del_op_attrs(current_op_id, a) logger.info("Remove attr for %s:%s: %s", name, k, a) for op in current_operations: # TBD: In theory this should be op_id, should # the DB have a unique constraint? baos.del_operation(op, current_operations[op]) logger.info('OpSet %s had unwanted operation %s, removed it', name, co.AuthRoleOp(op)) baos.write_db()
def fix_opset(name, contents): """Fix an operation set by giving it the operations defined in operation_sets, and removing other operations that shouldn't be there. If the opset doesn't exist, it is first created.""" logger.debug('Checking opset %s' % name) baos = BofhdAuthOpSet(db) baos.clear() try: baos.find_by_name(name) except Errors.NotFoundError: baos.populate(name) baos.write_db() logger.info('OpSet %s unknown, created it', name) current_operations = dict([(int(row['op_code']), int(row['op_id'])) for row in baos.list_operations()]) for k in contents.keys(): op_code = co.AuthRoleOp(k) try: int(op_code) except Errors.NotFoundError: logger.error("Operation %s not defined" % k) continue current_op_id = current_operations.get(int(op_code), None) if current_op_id is None: current_op_id = baos.add_operation(op_code) logger.info('OpSet %s got new operation %s', name, k) else: # already there del current_operations[int(op_code)] current_attrs = [row['attr'] for row in baos.list_operation_attrs(current_op_id)] for a in contents[k].get('attrs', []): if a not in current_attrs: baos.add_op_attrs(current_op_id, a) logger.info("Add attr for %s:%s: %s", name, k, a) else: current_attrs.remove(a) for a in current_attrs: baos.del_op_attrs(current_op_id, a) logger.info("Remove attr for %s:%s: %s", name, k, a) for op in current_operations: #TBD: In theory this should be op_id, should # the DB have a unique constraint? baos.del_operation(op, current_operations[op]) logger.info('OpSet %s had unwanted operation %s, removed it', name, co.AuthRoleOp(op)) baos.write_db()