def test_acl_role_not_found(self):
assert_report_item_equal(
lib.acl_error_to_report_item(lib.AclRoleNotFound("id")),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "id",
"id_description": "role",
}
)
)
def remove_role(lib_env, role_id, autodelete_users_groups=False):
"""
Remove role with specified id from CIB.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be deleted
autodelete_users_groups -- if True targets and groups which are empty after
removal will be removed
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.remove_role(cib, role_id, autodelete_users_groups)
except acl.AclRoleNotFound as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(acl.find_target(cib, target_id),
acl.find_role(cib, role_id))
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def remove_role(lib_env, role_id, autodelete_users_groups=False):
"""
Remove role with specified id from CIB.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be deleted
autodelete_users_groups -- if True targets and groups which are empty after
removal will be removed
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.remove_role(cib, role_id, autodelete_users_groups)
except acl.AclRoleNotFound as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(
acl.find_target(cib, target_id), acl.find_role(cib, role_id)
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def _assign_roles_to_element(cib, element, role_id_list):
"""
Assign roles from role_id_list to element.
Raises LibraryError on any failure.
cib -- cib etree node
element -- element to which specified roles should be assigned
role_id_list -- list of role id
"""
report_list = []
for role_id in role_id_list:
try:
acl.assign_role(element, acl.find_role(cib, role_id))
except acl.AclError as e:
report_list.append(acl.acl_error_to_report_item(e))
if report_list:
raise LibraryError(*report_list)
def _assign_roles_to_element(cib, element, role_id_list):
"""
Assign roles from role_id_list to element.
Raises LibraryError on any failure.
cib -- cib etree node
element -- element to which specified roles should be assigned
role_id_list -- list of role id
"""
report_list = []
for role_id in role_id_list:
try:
acl.assign_role(element, acl.find_role(cib, role_id))
except acl.AclError as e:
report_list.append(acl.acl_error_to_report_item(e))
if report_list:
raise LibraryError(*report_list)
def assign_role_not_specific(lib_env, role_id, target_or_group_id):
"""
Assign role wth id role_id to target or group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnviroment
role_id -- id of role which should be assigne to target/group
target_or_group_id -- id of target/group element
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(_get_target_or_group(cib, target_or_group_id),
acl.find_role(cib, role_id))
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def assign_role_not_specific(lib_env, role_id, target_or_group_id):
"""
Assign role wth id role_id to target or group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnviroment
role_id -- id of role which should be assigne to target/group
target_or_group_id -- id of target/group element
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(
_get_target_or_group(cib, target_or_group_id),
acl.find_role(cib, role_id)
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_from_group(lib_env,
role_id,
group_id,
autodelete_group=False):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(acl.find_group(cib, group_id), role_id,
autodelete_group)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_from_group(
lib_env, role_id, group_id, autodelete_group=False
):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(
acl.find_group(cib, group_id),
role_id,
autodelete_group
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_unknown_exception(self):
self.assert_raises(
LibraryError,
lambda: lib.acl_error_to_report_item(LibraryError())
)
