def list_share_entries(self, cluster_id, cluster_name, org=None, vdc=None):
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
# Consider system users if client is from system org
if self._client.is_sysadmin():
sys_org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict( # noqa:E501
self._client, shared_constants.SYSTEM_ORG_NAME)
org_user_id_to_name_dict.update(sys_org_user_id_to_name_dict)
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
page_num = result_count = 0
while True:
page_num += 1
response_body = acl_svc.get_def_entity_acl_response(
page_num, cli_constants.CLI_ENTRIES_PER_PAGE)
result_total = response_body[
shared_constants.PaginationKey.RESULT_TOTAL] # noqa: E501
values = response_body[shared_constants.PaginationKey.VALUES]
if len(values) == 0:
break
acl_values = []
for entry in values:
acl_entry = common_models.ClusterAclEntry(**entry)
# If there is no username found, the user must be a system
# user, so a generic name is shown
acl_entry.username = org_user_id_to_name_dict.get(
acl_entry.memberId,
shared_constants.SYSTEM_USER_GENERIC_NAME) # noqa: E501
acl_values.append(
acl_entry.construct_filtered_dict(
include=CLUSTER_ACL_LIST_FIELDS))
result_count += len(values)
yield acl_values, result_count < result_total
def share_cluster(self,
cluster_id,
cluster_name,
users: list,
access_level_id,
org=None,
vdc=None):
"""Share the cluster with the users in user_name_to_id_dict.
:param str cluster_id: cluster id
:param str cluster_name: cluster name
:param list users: users to share cluster with
:param str access_level_id: access level id of shared users
:param str vdc: name of the vdc where the cluster is
:param str org: name of the org where the users are
"""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Ensure current cluster user access level is not reduced
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, set(users), org_href)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
logger_wire = logger.CLIENT_WIRE_LOGGER \
if utils.str_to_bool(
os.getenv(cli_constants.ENV_CSE_CLIENT_WIRE_LOGGING)
) \
else logger.NULL_LOGGER
acl_svc = cluster_acl_svc.ClusterACLService(
cluster_id=cluster_id,
client=self._client,
logger_debug=logger.CLIENT_LOGGER,
logger_wire=logger_wire)
for acl_entry in acl_svc.list_def_entity_acl_entries():
username = org_user_id_to_name_dict.get(acl_entry.memberId)
if name_to_id.get(username):
curr_access_level = acl_entry.accessLevelId # noqa: E501
if client_utils.access_level_reduced(access_level_id,
curr_access_level):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level}')
# share TKG-S def entity
acl_entry = common_models.ClusterAclEntry(
grantType=shared_constants.MEMBERSHIP_GRANT_TYPE,
accessLevelId=access_level_id,
memberId=None)
for _, user_id in name_to_id.items():
acl_entry.memberId = user_id
acl_svc.share_def_entity(acl_entry)
def list_native_cluster_acl_entries(self, cluster_id):
page_num = 0
while True:
page_num += 1
acl_response = self.get_single_page_cluster_acl(
cluster_id=cluster_id,
page=page_num,
page_size=shared_constants.CSE_PAGINATION_DEFAULT_PAGE_SIZE)
acl_values = acl_response['values']
if len(acl_values) == 0:
break
for acl_value in acl_values:
yield common_models.ClusterAclEntry(**acl_value)
def list_def_entity_acl_entries(self):
"""List def entity acl.
:return: Generator of cluster acl entries
:rtype: Generator[ClusterAclEntry]
"""
page_num = 0
while True:
page_num += 1
response_body = self.get_def_entity_acl_response(
page_num, shared_constants.CSE_PAGINATION_DEFAULT_PAGE_SIZE)
values = response_body[shared_constants.PaginationKey.VALUES]
if len(values) == 0:
break
for acl_entry in values:
yield common_models.ClusterAclEntry(**acl_entry)
def update_native_def_entity_acl(
self,
update_acl_entries: List[common_models.ClusterAclEntry], # noqa: E501
prev_user_id_to_acl_entry: Dict[str, common_models.ClusterAclEntry]
): # noqa: E501
"""Update native defined entity acl.
:param list update_acl_entries: list of def_models.ClusterAclEntry
:param dict prev_user_id_to_acl_entry: dict mapping user id to
def_models.ClusterAclEntry
:return: dictionary of memberId keys and access level values
"""
own_prev_user_id_to_acl_entry = prev_user_id_to_acl_entry.copy()
# Share defined entity
ent_org_user_id_names_dict = vcd_utils.create_org_user_id_to_name_dict(
client=self._client, org_name=self.def_entity.org.name)
user_acl_level_dict = {}
share_acl_entry = common_models.ClusterAclEntry(
grantType=shared_constants.MEMBERSHIP_GRANT_TYPE,
memberId=None,
accessLevelId=None)
for acl_entry in update_acl_entries:
user_id = acl_entry.memberId
if ent_org_user_id_names_dict.get(user_id) is None:
# This user must be from the system org and does not need
# to be re-shared. Sharing can not happen from a tenant user
# to a system user.
del own_prev_user_id_to_acl_entry[user_id]
continue
acl_level = acl_entry.accessLevelId
share_acl_entry.memberId = user_id
share_acl_entry.accessLevelId = acl_level
user_acl_level_dict[user_id] = acl_level
self.share_def_entity(share_acl_entry)
# Remove entry from previous user acl info
if own_prev_user_id_to_acl_entry.get(user_id):
del own_prev_user_id_to_acl_entry[user_id]
# Delete def entity acl entries not in update_acl_entries
for _, acl_entry in own_prev_user_id_to_acl_entry.items():
self.unshare_def_entity(acl_entry.id)
return user_acl_level_dict
def share_cluster(self, cluster_id, cluster_name, users: list,
access_level_id, org, vdc):
"""Share cluster with passed in users."""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, users, org_href)
# Parse user id info
update_acl_entries = []
for username, user_id in name_to_id.items():
acl_entry = common_models.ClusterAclEntry(
memberId=user_id,
username=username,
accessLevelId=access_level_id)
update_acl_entries.append(acl_entry)
# Only retain entries that are not updated
for acl_entry in self._native_cluster_api.\
list_native_cluster_acl_entries(cluster_id):
username = acl_entry.username
if name_to_id.get(username):
# Check that access level is not reduced
curr_access_level_id = acl_entry.accessLevelId
if client_utils.access_level_reduced(access_level_id,
curr_access_level_id):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level_id}')
else:
update_acl_entries.append(acl_entry)
update_acl_values = \
[acl_entry.construct_filtered_dict(include=cli_constants.CLUSTER_ACL_UPDATE_REQUEST_FIELDS) # noqa: E501
for acl_entry in update_acl_entries]
self._native_cluster_api.put_cluster_acl(cluster_id, update_acl_values)
def list_share_entries(self, cluster_id, cluster_name, org=None, vdc=None):
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
page_num = result_count = 0
while True:
page_num += 1
response_body = acl_svc.get_def_entity_acl_response(
page_num, cli_constants.CLI_ENTRIES_PER_PAGE)
result_total = response_body[shared_constants.PaginationKey.RESULT_TOTAL] # noqa: E501
values = response_body[shared_constants.PaginationKey.VALUES]
if len(values) == 0:
break
acl_values = []
for entry in values:
acl_entry = common_models.ClusterAclEntry(**entry)
acl_entry.username = org_user_id_to_name_dict.get(acl_entry.memberId) # noqa: E501
acl_values.append(acl_entry.construct_filtered_dict(
include=CLUSTER_ACL_LIST_FIELDS))
result_count += len(values)
yield acl_values, result_count < result_total