def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section, role_id, acl.find_target(acl_section, target_id),
)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section,
role_id,
acl.find_target(acl_section, target_id),
)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(acl.find_target(cib, target_id),
acl.find_role(cib, role_id))
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_from_target(lib_env,
role_id,
target_id,
autodelete_target=False):
"""
Unassign role with role_id from group with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target
target_id -- id of acl_target element
autodelete_target -- if True remove target element if has no more role
assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(acl.find_target(acl_section, target_id), role_id,
autodelete_target)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(
acl.find_target(cib, target_id), acl.find_role(cib, role_id)
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def _get_target_or_group(cib, target_or_group_id):
"""
Returns acl_target or acl_group element with id target_or_group_id. Target
element has bigger pririty so if there are target and group with same id
only target element will be affected by this function.
Raises LibraryError if there is no target or group element with
specified id.
cib -- cib etree node
target_or_group_id -- id of target/group element which should be returned
"""
try:
return acl.find_target(cib, target_or_group_id)
except acl.AclTargetNotFound:
try:
return acl.find_group(cib, target_or_group_id)
except acl.AclGroupNotFound:
raise LibraryError(
reports.id_not_found(target_or_group_id, "user/group"))
def unassign_role_from_target(
lib_env, role_id, target_id, autodelete_target=False
):
"""
Unassign role with role_id from group with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target
target_id -- id of acl_target element
autodelete_target -- if True remove target element if has no more role
assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(
acl.find_target(acl_section, target_id),
role_id,
autodelete_target
)
def _get_target_or_group(cib, target_or_group_id):
"""
Returns acl_target or acl_group element with id target_or_group_id. Target
element has bigger pririty so if there are target and group with same id
only target element will be affected by this function.
Raises LibraryError if there is no target or group element with
specified id.
cib -- cib etree node
target_or_group_id -- id of target/group element which should be returned
"""
try:
return acl.find_target(cib, target_or_group_id)
except acl.AclTargetNotFound:
try:
return acl.find_group(cib, target_or_group_id)
except acl.AclGroupNotFound:
raise LibraryError(
reports.id_not_found(target_or_group_id, "user/group")
)
def unassign_role_from_target(lib_env,
role_id,
target_id,
autodelete_target=False):
"""
Unassign role with role_id from group with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target
target_id -- id of acl_target element
autodelete_target -- if True remove target element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(acl.find_target(cib, target_id), role_id,
autodelete_target)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_from_target(
lib_env, role_id, target_id, autodelete_target=False
):
"""
Unassign role with role_id from group with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target
target_id -- id of acl_target element
autodelete_target -- if True remove target element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(
acl.find_target(cib, target_id),
role_id,
autodelete_target
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_not_found(self):
self.assert_raises(
lib.AclTargetNotFound,
lambda: lib.find_target(self.cib.tree, "target2"),
{"target_id": "target2"}
)
def test_success(self):
assert_xml_equal(
'<acl_target id="target1" description="test"/>',
etree.tostring(lib.find_target(self.cib.tree, "target1")).decode()
)