def create_target(tree, target_id):
"""
Creates new acl_target element with id target_id.
Raises LibraryError if target with wpecified id aleready exists.
tree -- etree node
target_id -- id of new target
"""
acl_el = get_acls(tree)
# id of element acl_target is not type ID in CIB ACL schema so we don't need
# to check if it is unique ID in whole CIB
if acl_el.find("./acl_target[@id='{0}']".format(target_id)) is not None:
raise LibraryError(reports.acl_target_already_exists(target_id))
return etree.SubElement(get_acls(tree), "acl_target", id=target_id)
def _get_target_like_list_with_tag(tree, tag):
output_list = []
for target_el in get_acls(tree).findall("./{0}".format(tag)):
output_list.append({
"id": target_el.get("id"),
"role_list": _get_role_list_of_target(target_el),
})
return output_list
def create_role(tree, role_id, description=""):
"""
role_id id of desired role
description role description
"""
check_new_id_applicable(tree, "ACL role", role_id)
role = etree.SubElement(get_acls(tree), "acl_role", id=role_id)
if description:
role.set("description", description)
def create_role(tree, role_id, description=""):
"""
role_id id of desired role
description role description
"""
__validate_role_id_for_create(tree, role_id)
role = etree.SubElement(get_acls(tree), "acl_role", id=role_id)
if description:
role.set("description", description)
def test_success_if_exists(self):
self.cib.append_to_first_tag_name(
"configuration",
'<acls><acl_role id="test_role" /></acls>'
)
self.assertEqual(
"test_role",
lib.get_acls(self.cib.tree)[0].get("id")
)
def test_success_if_exists(self):
self.cib.append_to_first_tag_name(
"configuration",
'<acls><acl_role id="test_role" /></acls>'
)
self.assertEqual(
"test_role",
lib.get_acls(self.cib.tree)[0].get("id")
)
def create_group(tree, group_id):
"""
Creates new acl_group element with specified id.
Raises LibraryError if tree contains element with id group_id.
tree -- etree node
group_id -- id of new group
"""
check_new_id_applicable(tree, "ACL group", group_id)
return etree.SubElement(get_acls(tree), "acl_group", id=group_id)
def find_group(tree, group_id):
"""
Returns acl_group etree element with specified id.
Raise AclGroupNotFound if group with group_id doesn't exist.
tree -- etree node
group_id -- id of group to find
"""
role = get_acls(tree).find('./acl_group[@id="{0}"]'.format(group_id))
if role is None:
raise AclGroupNotFound(group_id)
return role
def find_target(tree, target_id):
"""
Return acl_target etree element with specified id.
Raise AclTargetNotFound if target with specified id doesn't exist.
tree -- etree node
target_id -- if of target to find
"""
role = get_acls(tree).find('./acl_target[@id="{0}"]'.format(target_id))
if role is None:
raise AclTargetNotFound(target_id)
return role
def create_role(tree, role_id, description=None):
"""
Create new role element and add it to cib.
Returns newly created role element.
role_id id of desired role
description role description
"""
check_new_id_applicable(tree, "ACL role", role_id)
role = etree.SubElement(get_acls(tree), "acl_role", id=role_id)
if description:
role.set("description", description)
return role
def get_config(lib_env):
"""
Returns ACL configuration in disctionary. Fromat of output:
{
"target_list": <list of targets>,
"group_list": <list og groups>,
"role_list": <list of roles>,
}
lib_env -- LibraryEnvironment
"""
acl_section = get_acls(lib_env.get_cib(REQUIRED_CIB_VERSION))
return {
"target_list": acl.get_target_list(acl_section),
"group_list": acl.get_group_list(acl_section),
"role_list": acl.get_role_list(acl_section),
}
def get_config(lib_env):
"""
Returns ACL configuration in dictionary. Format of output:
{
"target_list": <list of targets>,
"group_list": <list og groups>,
"role_list": <list of roles>,
}
lib_env -- LibraryEnvironment
"""
acl_section = get_acls(lib_env.get_cib(REQUIRED_CIB_VERSION))
return {
"target_list": acl.get_target_list(acl_section),
"group_list": acl.get_group_list(acl_section),
"role_list": acl.get_role_list(acl_section),
}
def get_role_list(tree):
"""
Returns list of all acl_role elements from tree.
Format of items of output list:
{
"id": <role-id>,
"description": <role-description>,
"permission_list": [<see function _get_all_permission_list>, ...]
}
tree -- etree node
"""
output_list = []
for role_el in get_acls(tree).findall("./acl_role"):
role = etree_element_attibutes_to_dict(
role_el, ["id", "description"]
)
role["permission_list"] = _get_permission_list(role_el)
output_list.append(role)
return output_list
def test_success_if_missing(self):
acls = lib.get_acls(self.cib.tree)
self.assertEqual("acls", acls.tag)
self.assertEqual("configuration", acls.getparent().tag)
def cib_acl_section(env):
yield get_acls(env.get_cib(REQUIRED_CIB_VERSION))
env.push_cib()
def acls(self):
return get_acls(self.cib.tree)
def test_success_if_missing(self):
acls = lib.get_acls(self.cib.tree)
self.assertEqual("acls", acls.tag)
self.assertEqual("configuration", acls.getparent().tag)
def cib_acl_section(env):
cib = env.get_cib(REQUIRED_CIB_VERSION)
yield get_acls(cib)
env.push_cib(cib)
def cib_acl_section(env):
yield get_acls(env.get_cib())
env.push_cib()
def cib_acl_section(env):
cib = env.get_cib(REQUIRED_CIB_VERSION)
yield get_acls(cib)
env.push_cib(cib)
def acls(self):
return get_acls(self.cib.tree)
