def share_cluster(self,
cluster_id,
cluster_name,
users: list,
access_level_id,
org=None,
vdc=None):
"""Share the cluster with the users in user_name_to_id_dict.
:param str cluster_id: cluster id
:param str cluster_name: cluster name
:param list users: users to share cluster with
:param str access_level_id: access level id of shared users
:param str vdc: name of the vdc where the cluster is
:param str org: name of the org where the users are
"""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Ensure current cluster user access level is not reduced
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, set(users), org_href)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
logger_wire = logger.CLIENT_WIRE_LOGGER \
if utils.str_to_bool(
os.getenv(cli_constants.ENV_CSE_CLIENT_WIRE_LOGGING)
) \
else logger.NULL_LOGGER
acl_svc = cluster_acl_svc.ClusterACLService(
cluster_id=cluster_id,
client=self._client,
logger_debug=logger.CLIENT_LOGGER,
logger_wire=logger_wire)
for acl_entry in acl_svc.list_def_entity_acl_entries():
username = org_user_id_to_name_dict.get(acl_entry.memberId)
if name_to_id.get(username):
curr_access_level = acl_entry.accessLevelId # noqa: E501
if client_utils.access_level_reduced(access_level_id,
curr_access_level):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level}')
# share TKG-S def entity
acl_entry = common_models.ClusterAclEntry(
grantType=shared_constants.MEMBERSHIP_GRANT_TYPE,
accessLevelId=access_level_id,
memberId=None)
for _, user_id in name_to_id.items():
acl_entry.memberId = user_id
acl_svc.share_def_entity(acl_entry)
def share_cluster(self, cluster_id, cluster_name, users: list,
access_level_id, org=None, vdc=None):
"""Share the cluster with the users in user_name_to_id_dict.
:param str cluster_id: cluster id
:param str cluster_name: cluster name
:param list users: users to share cluster with
:param str access_level_id: access level id of shared users
:param str vdc: name of the vdc where the cluster is
:param str org: name of the org where the users are
"""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Ensure current cluster user access level is not reduced
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, users, org_href)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
for acl_entry in acl_svc.list_def_entity_acl_entries():
username = org_user_id_to_name_dict.get(acl_entry.memberId)
if name_to_id.get(username):
curr_access_level = acl_entry.accessLevelId # noqa: E501
if client_utils.access_level_reduced(access_level_id,
curr_access_level):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level}')
# share TKG def entity
payload = {
shared_constants.AccessControlKey.GRANT_TYPE:
shared_constants.MEMBERSHIP_GRANT_TYPE,
shared_constants.AccessControlKey.ACCESS_LEVEL_ID:
access_level_id,
shared_constants.AccessControlKey.MEMBER_ID: None
}
for _, user_id in name_to_id.items():
payload[shared_constants.AccessControlKey.MEMBER_ID] = user_id
acl_svc.share_def_entity(payload)
def share_cluster(self, cluster_id, cluster_name, users: list,
access_level_id, org, vdc):
"""Share cluster with passed in users."""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, users, org_href)
# Parse user id info
update_acl_entries = []
for username, user_id in name_to_id.items():
acl_entry = common_models.ClusterAclEntry(
memberId=user_id,
username=username,
accessLevelId=access_level_id)
update_acl_entries.append(acl_entry)
# Only retain entries that are not updated
for acl_entry in self._native_cluster_api.\
list_native_cluster_acl_entries(cluster_id):
username = acl_entry.username
if name_to_id.get(username):
# Check that access level is not reduced
curr_access_level_id = acl_entry.accessLevelId
if client_utils.access_level_reduced(access_level_id,
curr_access_level_id):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level_id}')
else:
update_acl_entries.append(acl_entry)
update_acl_values = \
[acl_entry.construct_filtered_dict(include=cli_constants.CLUSTER_ACL_UPDATE_REQUEST_FIELDS) # noqa: E501
for acl_entry in update_acl_entries]
self._native_cluster_api.put_cluster_acl(cluster_id, update_acl_values)
