def policy_list_roles(self, operator, filter):
"""Return a list of roles that match the given filters."""
# This method is available for everyone
role = Role(self.db)
filters = self._parse_filters(filter,
{'name': str,
'date': self._parse_create_date_range,
'create': self._parse_create_date_range,
'desc': str,
'foundation': str},
default_filter='name',
default_value=None)
date_start = date_end = None
if filters['date']:
date_start, date_end = filters['date']
if date_end is NotSet: # only the specific date should be used
date_end = date_start
create_start = create_end = None
if filters['create']:
create_start, create_end = filters['create']
if create_end is NotSet: # only the specific date should be used
create_end = create_start
ret = []
for row in role.search(name=filters['name'],
description=filters['desc'],
create_start=create_start,
create_end=create_end,
foundation_start=date_start,
foundation_end=date_end,
foundation=filters['foundation']):
ret.append({
'name': row['name'],
'desc': row['description'],
})
return sorted(ret, key=lambda r: r['name'])
def policy_list_roles(self, operator, filter):
"""Return a list of roles that match the given filters."""
# This method is available for everyone
role = Role(self.db)
filters = self._parse_filters(filter, {
'name': str,
'date': self._parse_create_date_range,
'create': self._parse_create_date_range,
'desc': str,
'foundation': str,
},
default_filter='name',
default_value=None)
date_start = date_end = None
if filters['date']:
date_start, date_end = filters['date']
if date_end is NotSet: # only the specific date should be used
date_end = date_start
create_start = create_end = None
if filters['create']:
create_start, create_end = filters['create']
if create_end is NotSet: # only the specific date should be used
create_end = create_start
ret = []
for row in role.search(name=filters['name'],
description=filters['desc'],
create_start=create_start,
create_end=create_end,
foundation_start=date_start,
foundation_end=date_end,
foundation=filters['foundation']):
ret.append({'name': row['name'], 'desc': row['description']})
return sorted(ret, key=lambda r: r['name'])
def process_relationships(stream):
"""Produce a csv list of all relationships between source components and
target components, and their kind of relationship."""
logger.info('process_relationships started')
db = Factory.get('Database')()
role = Role(db)
for row in role.search_relations():
stream.write(';'.join(
(row['source_name'], str(row['relationship_str']),
row['target_name'])))
stream.write('\n')
logger.info('process_relationships done')
def process_relationships(stream):
"""Produce a csv list of all relationships between source components and
target components, and their kind of relationship."""
logger.info('process_relationships started')
db = Factory.get('Database')()
role = Role(db)
for row in role.search_relations():
stream.write(';'.join((row['source_name'],
text_type(row['relationship_str']),
row['target_name'])))
stream.write('\n')
logger.info('process_relationships done')
def policy_role_create(self,
operator,
name,
description,
foundation,
foundation_date=None):
"""Adds a new role and its data. Its can only consist of lowercased,
alpha numrice characters and -."""
self.ba.assert_dns_superuser(operator.get_entity_id())
role = Role(self.db)
# validate data
tmp = role.illegal_attr(description)
if tmp:
raise CerebrumError('Illegal description: %s' % tmp)
tmp = role.illegal_attr(foundation)
if tmp:
raise CerebrumError('Illegal foundation: %s' % tmp)
foundation_date = self._parse_date(foundation_date)
# check that name isn't already in use
try:
comp = self._get_component(name)
except CerebrumError:
pass
else:
raise CerebrumError('A policy already exists with name: %s' % name)
role.populate(name, description, foundation, foundation_date)
role.write_db()
return "New role %s created" % role.component_name
def process_roles(stream):
"""Produce a csv list of all roles and its direct members."""
logger.info('process_roles started')
db = Factory.get('Database')()
role = Role(db)
# TODO: might want to use search_relations directly, and map it in python
# instead of have a relations call for every role (there might be a lot of
# roles in the future?).
for row in role.search():
stream.write(';'.join(
(row['name'], row['description'], row['foundation']
or '', row['created_at'].strftime('%Y-%m-%d'),
','.join(m['target_name'] for m in role.search_relations(
source_id=row['component_id'])))))
stream.write('\n')
logger.info('process_roles done')
def policy_role_create(self, operator, name, description, foundation,
foundation_date=None):
"""Adds a new role and its data.
It can only consist of lowercased, alpha numrice characters and -.
"""
self.ba.assert_dns_superuser(operator.get_entity_id())
role = Role(self.db)
# validate data
tmp = role.illegal_attr(description)
if tmp:
raise CerebrumError('Illegal description: %r' % tmp)
tmp = role.illegal_attr(foundation)
if tmp:
raise CerebrumError('Illegal foundation: %r' % tmp)
foundation_date = self._parse_date(foundation_date)
# check that name isn't already in use
try:
self._get_component(name)
except CerebrumError:
pass
else:
raise CerebrumError('A policy already exists with name: %r' % name)
role.populate(name, description, foundation, foundation_date)
role.write_db()
return "New role %s created" % role.component_name
def process_roles(stream):
"""Produce a csv list of all roles and its direct members."""
logger.info('process_roles started')
db = Factory.get('Database')()
role = Role(db)
# TODO: might want to use search_relations directly, and map it in python
# instead of have a relations call for every role (there might be a lot of
# roles in the future?).
for row in role.search():
stream.write(';'.join((row['name'],
row['description'],
row['foundation'] or '',
row['created_at'].strftime('%Y-%m-%d'),
','.join(m['target_name'] for m in
role.search_relations(
source_id=row['component_id'])))))
stream.write('\n')
logger.info('process_roles done')
def __init__(self, db, logger):
"""Initialize the sync with hostpolicy objects.."""
super(HostpolicySync, self).__init__(db, logger)
self.component = PolicyComponent(self.db)
self.role = Role(self.db)
self.atom = Atom(self.db)
