def share_cluster(self, cluster_id, cluster_name, users: list, access_level_id, org=None, vdc=None): """Share the cluster with the users in user_name_to_id_dict. :param str cluster_id: cluster id :param str cluster_name: cluster name :param list users: users to share cluster with :param str access_level_id: access level id of shared users :param str vdc: name of the vdc where the cluster is :param str org: name of the org where the users are """ if not cluster_id: cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc) # Ensure current cluster user access level is not reduced org_href = self._client.get_org_by_name(org).get('href') name_to_id: dict = client_utils.create_user_name_to_id_dict( self._client, set(users), org_href) org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict( self._client, org) logger_wire = logger.CLIENT_WIRE_LOGGER \ if utils.str_to_bool( os.getenv(cli_constants.ENV_CSE_CLIENT_WIRE_LOGGING) ) \ else logger.NULL_LOGGER acl_svc = cluster_acl_svc.ClusterACLService( cluster_id=cluster_id, client=self._client, logger_debug=logger.CLIENT_LOGGER, logger_wire=logger_wire) for acl_entry in acl_svc.list_def_entity_acl_entries(): username = org_user_id_to_name_dict.get(acl_entry.memberId) if name_to_id.get(username): curr_access_level = acl_entry.accessLevelId # noqa: E501 if client_utils.access_level_reduced(access_level_id, curr_access_level): raise Exception(f'{username} currently has higher access ' f'level: {curr_access_level}') # share TKG-S def entity acl_entry = common_models.ClusterAclEntry( grantType=shared_constants.MEMBERSHIP_GRANT_TYPE, accessLevelId=access_level_id, memberId=None) for _, user_id in name_to_id.items(): acl_entry.memberId = user_id acl_svc.share_def_entity(acl_entry)
def share_cluster(self, cluster_id, cluster_name, users: list, access_level_id, org=None, vdc=None): """Share the cluster with the users in user_name_to_id_dict. :param str cluster_id: cluster id :param str cluster_name: cluster name :param list users: users to share cluster with :param str access_level_id: access level id of shared users :param str vdc: name of the vdc where the cluster is :param str org: name of the org where the users are """ if not cluster_id: cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc) # Ensure current cluster user access level is not reduced org_href = self._client.get_org_by_name(org).get('href') name_to_id: dict = client_utils.create_user_name_to_id_dict( self._client, users, org_href) org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict( self._client, org) acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client) for acl_entry in acl_svc.list_def_entity_acl_entries(): username = org_user_id_to_name_dict.get(acl_entry.memberId) if name_to_id.get(username): curr_access_level = acl_entry.accessLevelId # noqa: E501 if client_utils.access_level_reduced(access_level_id, curr_access_level): raise Exception(f'{username} currently has higher access ' f'level: {curr_access_level}') # share TKG def entity payload = { shared_constants.AccessControlKey.GRANT_TYPE: shared_constants.MEMBERSHIP_GRANT_TYPE, shared_constants.AccessControlKey.ACCESS_LEVEL_ID: access_level_id, shared_constants.AccessControlKey.MEMBER_ID: None } for _, user_id in name_to_id.items(): payload[shared_constants.AccessControlKey.MEMBER_ID] = user_id acl_svc.share_def_entity(payload)
def share_cluster(self, cluster_id, cluster_name, users: list, access_level_id, org, vdc): """Share cluster with passed in users.""" if not cluster_id: cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc) org_href = self._client.get_org_by_name(org).get('href') name_to_id: dict = client_utils.create_user_name_to_id_dict( self._client, users, org_href) # Parse user id info update_acl_entries = [] for username, user_id in name_to_id.items(): acl_entry = common_models.ClusterAclEntry( memberId=user_id, username=username, accessLevelId=access_level_id) update_acl_entries.append(acl_entry) # Only retain entries that are not updated for acl_entry in self._native_cluster_api.\ list_native_cluster_acl_entries(cluster_id): username = acl_entry.username if name_to_id.get(username): # Check that access level is not reduced curr_access_level_id = acl_entry.accessLevelId if client_utils.access_level_reduced(access_level_id, curr_access_level_id): raise Exception(f'{username} currently has higher access ' f'level: {curr_access_level_id}') else: update_acl_entries.append(acl_entry) update_acl_values = \ [acl_entry.construct_filtered_dict(include=cli_constants.CLUSTER_ACL_UPDATE_REQUEST_FIELDS) # noqa: E501 for acl_entry in update_acl_entries] self._native_cluster_api.put_cluster_acl(cluster_id, update_acl_values)