def system_admin_role():
role = Role(name="system_admin",
permissions=["system:read", "system:update",
"queue:read"]).save()
yield role
role.delete()
def roles():
role1 = Role(name="role1").save()
role2 = Role(name="role2").save()
yield [role1, role2]
role1.delete()
role2.delete()
def role_for_system_scope():
role = Role(
name="requestcreator", permissions=["request:create", "request:read"]
).save()
yield role
role.delete()
def role_for_garden_scope():
role = Role(
name="gardenreader",
permissions=["garden:read", "system:read", "job:read", "request:read"],
).save()
yield role
role.delete()
def user_admin_role():
role = Role(
name="user_admin",
permissions=["user:create", "user:read", "user:update", "user:delete"],
).save()
yield role
role.delete()
def event_forward_role():
role = Role(
name="event_forward",
permissions=["event:forward"],
).save()
yield role
role.delete()
def garden_read_role():
role = Role(
name="garden_read",
permissions=["garden:read"],
).save()
yield role
role.delete()
def garden_create_role():
role = Role(
name="garden_create",
permissions=["garden:create"],
).save()
yield role
role.delete()
def system_read_role():
role = Role(
name="system_admin",
permissions=["system:read"],
).save()
yield role
role.delete()
def queue_manager_role():
role = Role(
name="queue_manager",
permissions=["queue:read", "queue:delete"],
).save()
yield role
role.delete()
def garden_admin_role():
role = Role(
name="garden_admin",
permissions=["garden:read", "garden:update"],
).save()
yield role
role.delete()
def user_to_sync(self):
role = Role(name="role1").save()
role_assignment = RoleAssignment(role=role, domain={"scope": "Global"})
user = User(username="******",
password="******",
role_assignments=[role_assignment])
yield user
role.delete()
def remove_role(role: Role):
"""Remove a Role. This will also remove any references to the Role, such as those
in User role assignments.
Args:
role: The Role document object.
Returns:
None
"""
remove_role_assignments_for_role(role)
role.delete()
def operator_role():
role = Role(
name="operator",
permissions=[
"request:create",
"request:read",
"request:update",
"request:delete",
],
).save()
yield role
role.delete()
def job_manager_role():
role = Role(
name="job_manager",
permissions=[
"job:create",
"job:read",
"job:update",
"job:delete",
],
).save()
yield role
role.delete()
def user_with_role_assignments():
role = Role(name="assignedrole1", permissions=["garden:read"]).save()
role_assignment = RoleAssignment(domain={
"scope": "Garden",
"identifiers": {
"name": "garden1"
}
},
role=role)
user = User(username="******", role_assignments=[role_assignment]).save()
yield user
user.delete()
role.delete()
def role_for_global_scope():
role = Role(name="gardencreator", permissions=["garden:create"]).save()
yield role
role.delete()
def role(self):
role = Role(name="test_role",
permissions=[Permissions.REQUEST_READ.value]).save()
yield role
role.delete()
