def get_user_rights(sys_admin_client, user_session):
"""Return rights associated with the role of an user.
:param pyvcloud.vcd.client.Client sys_admin_client: the sys admin cilent
that will be used to query vCD about the rights and roles of the
concerned user.
:param lxml.objectify.ObjectifiedElement user_session:
:return: the list of rights contained in the role of the user
(corresponding to the user_session).
:rtype: list of str
"""
user_org_link = find_link(resource=user_session,
rel=RelationType.DOWN,
media_type=EntityType.ORG.value)
user_org_href = user_org_link.href
org = Org(sys_admin_client, href=user_org_href)
user_role_name = user_session.get('roles')
role = Role(sys_admin_client,
resource=org.get_role_resource(user_role_name))
user_rights = []
user_rights_as_list_of_dict = role.list_rights()
for right_dict in user_rights_as_list_of_dict:
user_rights.append(right_dict.get('name'))
return user_rights
def test_08_unlink_role_from_template(self):
logged_in_org = self.client.get_org()
org = Org(self.client, resource=logged_in_org)
role_name = self.config['vcd']['role_name']
role_record = org.get_role_record(role_name)
role = Role(self.client, href=role_record.get('href'))
role.unlink()
def get_user_rights(user_client, user_session):
"""Lists rights of the current user.
Args:
client (pyvcloud.vcd.client.Client): Session of the requesting user
Returns:
list: List of rights IDs
"""
user_rights_list = []
# Start a sys admin session
admin_client = login_as_system_admin()
# Get org from user
user_org = Org(user_client, resource=user_client.get_org())
# Get admin object from the user's org
admin_org = Org(admin_client, href=user_org.href)
# Get role for user
user_role = user_session.get('roles')
# Get admin object from role
admin_role = Role(admin_client,
resource=user_org.get_role_resource(user_role))
# Iterate on rights applied to the role
for right in admin_role.list_rights():
user_rights_list.append(right.get('id'))
return user_rights_list
def test_03_get_rights(self):
logged_in_org = self.client.get_org()
org = Org(self.client, resource=logged_in_org)
role_name = self.config['vcd']['role_name']
role_record = org.get_role_record(role_name)
role = Role(self.client, href=role_record.get('href'))
rights = role.list_rights()
assert len(rights) > 0
def list_rights(ctx, role_name, org_name):
try:
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, org_href)
role_record = org.get_role(role_name)
role = Role(client, href=role_record.get('href'))
rights = role.list_rights()
stdout(rights, ctx)
except Exception as e:
stderr(e, ctx)
def add_right(ctx, role_name, rights, org_name):
try:
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_record = org.get_role_record(role_name)
role = Role(client, href=role_record.get('href'))
role.add_rights(list(rights), org)
stdout('Rights added successfully to the role \'%s\'' % role_name, ctx)
except Exception as e:
stderr(e, ctx)
def add_right(ctx, role_name, rights, org_name):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_record = org.get_role_record(role_name)
role = Role(client, href=role_record.get('href'))
role.add_rights(list(rights), org)
stdout('Rights added successfully to the role \'%s\'' % role_name, ctx)
except Exception as e:
stderr(e, ctx)
def list_rights(ctx, role_name, org_name):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_record = org.get_role_record(role_name)
role = Role(client, href=role_record.get('href'))
rights = role.list_rights()
stdout(rights, ctx)
except Exception as e:
stderr(e, ctx)
def assign_native_rights(role_name, right_list=None, logger=NULL_LOGGER):
logger.debug(f"Assigning rights {right_list} to the role {role_name}")
if not right_list:
logger.debug(f"Skipping assigning native rights to role {role_name}")
return
try:
test_org = Org(CLIENT, href=TEST_ORG_HREF)
role_resource = test_org.get_role_resource(role_name)
role = Role(CLIENT, resource=role_resource)
initial_right_set = set([r['name'] for r in role.list_rights()])
right_set = set(right_list)
initial_right_set.update(right_set)
role.add_rights(list(initial_right_set), test_org)
except Exception as e:
logger.warning(f"Failed to assign native rights "
f"{right_list} to role {role_name}: {e} ")
def link(ctx, role_name, org_name):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_record = org.get_role_record(role_name)
role = Role(client, href=role_record.get('href'))
role.link()
stdout('Role \'%s\' has been successfully linked'
' to it\'s template.' % role_name, ctx)
except Exception as e:
stderr(e, ctx)
def link(ctx, role_name, org_name):
try:
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, org_href)
role_record = org.get_role(role_name)
role = Role(client, href=role_record.get('href'))
role.link()
stdout(
'Role \'%s\' has been successfully linked to it\'s template.' %
role_name, ctx)
except Exception as e:
stderr(e, ctx)
def remove_right(ctx, role_name, rights, org_name):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_record = org.get_role_record(role_name)
role = Role(client, href=role_record.get('href'))
role.remove_rights(list(rights))
stdout('Removed rights successfully from the role \'%s\'' % role_name,
ctx)
except Exception as e:
stderr(e, ctx)
def test_09_add_rights_to_Role(self):
org_in_use = self.config['vcd']['org_in_use']
org = Org(self.client,
href=self.client.get_org_by_name(org_in_use).get('href'))
role_name = self.config['vcd']['role_name']
right_name = self.config['vcd']['right_name']
role_record = org.get_role_record(role_name)
role = Role(self.client, href=role_record.get('href'))
updated_role_resource = role.add_rights([right_name], org)
success = False
if hasattr(updated_role_resource, 'RightReferences') and \
hasattr(updated_role_resource.RightReferences, 'RightReference'):
for right in updated_role_resource.RightReferences.RightReference:
if right.get('name') == right_name:
success = True
break
assert success
def clone(ctx, original_role_name, new_role_name, org_name, description):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_resource = org.get_role_resource(original_role_name)
# get original role description
if description is None:
description = to_dict(role_resource)['Description']
# get original role rights
role = Role(client, resource=role_resource)
raw_rights = role.list_rights() # list of dicts: {'name': 'right'}
rights = [right_dict['name'] for right_dict in raw_rights]
role = org.create_role(new_role_name, description, rights)
stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx)
except Exception as e:
stderr(e, ctx)