Python RoleDefinitionFileFormatAPI Examples

Example #1

File: test_rbac_syncer.py Project: cognifloyd/st2-open-rbac

    def test_sync_roles_locally_removed_roles_are_removed_from_db(self):
        syncer = RBACDefinitionsDBSyncer()

        # Initial state, DB is empty, we sync with two roles defined on disk
        self.assertEqual(len(Role.get_all()), 0)

        api1 = RoleDefinitionFileFormatAPI(name='test_role_1',
                                           description='test description 1',
                                           permission_grants=[])
        api2 = RoleDefinitionFileFormatAPI(name='test_role_2',
                                           description='test description 2',
                                           permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(
            role_definition_apis=[api1, api2])
        self.assertEqual(len(created_role_dbs), 2)
        self.assertItemsEqual(deleted_role_dbs, [])

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 2)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertRoleDBObjectExists(role_db=created_role_dbs[1])

        # We sync again, this time with one role (role 1) removed locally
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(
            role_definition_apis=[api2])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertEqual(len(deleted_role_dbs), 2)

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 1)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertEqual(Role.get_all()[0].name, 'test_role_2')

Example #2

File: test_rbac_syncer.py Project: Itxaka/st2

    def test_sync_roles_single_role_definition_two_grants(self):
        syncer = RBACDefinitionsDBSyncer()

        # One role with two grants
        permission_grants = [{
            'resource_uid': 'pack:mapack1',
            'permission_types': ['pack_all']
        }, {
            'resource_uid': 'pack:mapack2',
            'permission_types': ['rule_view', 'action_view']
        }]
        api = RoleDefinitionFileFormatAPI(name='test_role_2',
                                          description='test description 2',
                                          permission_grants=permission_grants)
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(
            role_definition_apis=[api])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertItemsEqual(deleted_role_dbs, [])
        self.assertEqual(created_role_dbs[0].name, 'test_role_2')
        self.assertEqual(created_role_dbs[0].description, 'test description 2')
        self.assertEqual(len(created_role_dbs[0].permission_grants), 2)

        # Assert role and grants have been created in the DB
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])

        for permission_grant_id in created_role_dbs[0].permission_grants:
            self.assertGrantDBObjectExists(permission_grant_id)

Example #3

File: loader.py Project: alexmakarski/st2

    def load_role_definition_from_file(self, file_path):
        """
        Load role definition from file.

        :param file_path: Path to the role definition file.
        :type file_path: ``str``

        :return: Role definition.
        :rtype: :class:`RoleDefinitionFileFormatAPI`
        """
        content = self._meta_loader.load(file_path)

        role_definition_api = RoleDefinitionFileFormatAPI(**content)
        role_definition_api.validate()

        return role_definition_api

Example #4

File: loader.py Project: cognifloyd/st2-open-rbac

    def load_role_definition_from_file(self, file_path):
        """
        Load role definition from file.

        :param file_path: Path to the role definition file.
        :type file_path: ``str``

        :return: Role definition.
        :rtype: :class:`RoleDefinitionFileFormatAPI`
        """
        content = self._meta_loader.load(file_path)

        if not content:
            msg = ('Role definition file "%s" is empty and invalid' % file_path)
            raise ValueError(msg)

        role_definition_api = RoleDefinitionFileFormatAPI(**content)
        role_definition_api = role_definition_api.validate()

        return role_definition_api

Example #5

File: loader.py Project: nzlosh/st2

    def load_role_definition_from_file(self, file_path):
        """
        Load role definition from file.

        :param file_path: Path to the role definition file.
        :type file_path: ``str``

        :return: Role definition.
        :rtype: :class:`RoleDefinitionFileFormatAPI`
        """
        content = self._meta_loader.load(file_path)

        if not content:
            msg = ('Role definition file "%s" is empty and invalid' % file_path)
            raise ValueError(msg)

        role_definition_api = RoleDefinitionFileFormatAPI(**content)
        role_definition_api = role_definition_api.validate()

        return role_definition_api

Example #6

File: test_rbac_syncer.py Project: lordlight/st2

    def test_sync_roles_single_role_definition_no_grants(self):
        syncer = RBACDefinitionsDBSyncer()

        # One role with no grants
        api = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
                                          permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertItemsEqual(deleted_role_dbs, [])
        self.assertEqual(created_role_dbs[0].name, 'test_role_1')
        self.assertEqual(created_role_dbs[0].description, 'test description 1')
        self.assertItemsEqual(created_role_dbs[0].permission_grants, [])

        # Assert role has been created in the DB
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])