def create_cse_service_role(client,
msg_update_callback=utils.NullPrinter(),
logger_debug=SERVER_CLI_LOGGER):
"""Create Service Role for CSE operations.
The method can only be called by System Administrator user
:param client: pyvcloud.vcd.client to interact with VCD HOST
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object.
:raises pyvcloud.vcd.exceptions.BadRequestException when Role already exist
:raises pyvcloud.vcd.exceptions.EntityNotFoundException when Right doesn't
exist
"""
# We can't check if the user is Sysadmin or some other user in system org,
# as the values will need to be hardcoded.
# For now just check if its system org or not.
vcd_utils.raise_error_if_user_not_from_system_org(client)
system_org = Org(client, resource=client.get_org())
system_org.create_role(server_constants.CSE_SERVICE_ROLE_NAME,
server_constants.CSE_SERVICE_ROLE_DESC,
server_constants.CSE_SERVICE_ROLE_RIGHTS)
msg = f"Successfully created {server_constants.CSE_SERVICE_ROLE_NAME}"
msg_update_callback.general(msg)
logger_debug.info(msg)
return
def test_create_role(self):
logged_in_org = self.client.get_org()
org = Org(self.client, resource=logged_in_org)
role_name = self.config['vcd']['role_name']
org.create_role(role_name, 'test description', ('Disk: View Properties',))
role_record = org.get_role(role_name)
assert self.config['vcd']['role_name'] == role_record.get('name')
def create(ctx, role_name, description, rights, org_name):
try:
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, org_href)
role = org.create_role(role_name, description, rights)
stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx)
except Exception as e:
stderr(e, ctx)
def create(ctx, role_name, description, rights, org_name):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role = org.create_role(role_name, description, rights)
stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx)
except Exception as e:
stderr(e, ctx)
def clone(ctx, original_role_name, new_role_name, org_name, description):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_resource = org.get_role_resource(original_role_name)
# get original role description
if description is None:
description = to_dict(role_resource)['Description']
# get original role rights
role = Role(client, resource=role_resource)
raw_rights = role.list_rights() # list of dicts: {'name': 'right'}
rights = [right_dict['name'] for right_dict in raw_rights]
role = org.create_role(new_role_name, description, rights)
stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx)
except Exception as e:
stderr(e, ctx)
class Roles(VcdAnsibleModule):
def __init__(self, **kwargs):
super(Roles, self).__init__(**kwargs)
self.org = Org(self.client, resource=self.client.get_org())
def manage_states(self):
state = self.params.get('state')
if state == 'present':
return self.create()
if state == 'absent':
return self.delete()
if state == 'update':
return self.update()
def manage_operations(self):
operation = self.params.get('operation')
if operation == "list_rights":
return self.list_rights()
if operation == "list_roles":
return self.list_roles()
def create(self):
role_name = self.params.get('role_name')
role_description = self.params.get('role_description')
role_rights = self.params.get('role_rights')
response = dict()
response['changed'] = False
try:
self.org.get_role_record(role_name)
except EntityNotFoundException:
self.org.create_role(role_name, role_description, role_rights)
response['msg'] = 'Role {} has been created.'.format(role_name)
response['changed'] = True
else:
response['warnings'] = 'Role {} is already present.'.format(
role_name)
return response
def update(self):
role_name = self.params.get('role_name')
role_description = self.params.get('role_description')
role_rights = self.params.get('role_rights')
response = dict()
response['changed'] = False
role = self.org.get_role_record(role_name)
role_resource = self.org.get_role_resource(role_name)
role_resource.Description = E.Description(role_description)
role_rights = tuple() if role_rights is None else role_rights
for role_right in tuple(role_rights):
role_right_record = self.org.get_right_record(role_right)
role_resource.RightReferences.append(
E.RightReference(name=role_right_record.get('name'),
href=role_right_record.get('href'),
type=EntityType.RIGHT.value))
self.client.put_resource(role.get('href'), role_resource,
EntityType.ROLE.value)
response['msg'] = 'Role {} has been updated.'.format(role_name)
response['changed'] = True
return response
def delete(self):
role_name = self.params.get('role_name')
response = dict()
response['changed'] = False
try:
self.org.get_role_record(role_name)
self.org.delete_role(role_name)
response['msg'] = 'Role {} has been deleted.'.format(role_name)
response['changed'] = True
except EntityNotFoundException:
response['warnings'] = 'Role {} is not present.'.format(role_name)
return response
def list_rights(self):
response = dict()
response['changed'] = False
response['msg'] = self.org.list_rights_of_org()
return response
def list_roles(self):
response = dict()
response['changed'] = False
response['msg'] = self.org.list_roles()
return response
