def _set_role(data, context):
role = Role()
role.ParseFromString(data)
if not role.name:
raise InvalidTransaction("The name must be set in a role")
if not role.policy_name:
raise InvalidTransaction("A role must contain a policy name.")
# Check that the policy refernced exists
policy_address = _get_policy_address(role.policy_name)
entries_list = _get_data(policy_address, context)
if entries_list == []:
raise InvalidTransaction(
"Cannot set Role: {}, the Policy: {} is not set.".format(
role.name, role.policy_name))
else:
policy_list = PolicyList()
policy_list.ParseFromString(entries_list[0].data)
exist = False
for policy in policy_list.policies:
if policy.name == role.policy_name:
exist = True
break
if not exist:
raise InvalidTransaction(
"Cannot set Role {}, the Policy {} is not set.".format(
role.name, role.policy_name))
address = _get_role_address(role.name)
entries_list = _get_data(address, context)
# Store role in a Roleist incase of hash collisions
role_list = RoleList()
if entries_list != []:
role_list.ParseFromString(entries_list[0].data)
# sort all roles by using sorted(roles, Role.name)
roles = [x for x in role_list.roles if x.name != role.name]
roles.append(role)
roles = sorted(roles, key=lambda role: role.name)
# set RoleList at the address above.
addresses = context.set_state([
StateEntry(address=address,
data=RoleList(roles=roles).SerializeToString())
])
if not addresses:
LOGGER.warning('Failed to set role %s at %s', role.name, address)
raise InternalError('Unable to save role {}'.format(role.name))
context.add_event(event_type="identity_update",
attributes=[("updated", role.name)])
LOGGER.debug("Set role: \n%s", role)
def create_get_role_response(self, name, policy_name=None):
data = None
if policy_name is not None:
role = Role(name=name, policy_name=policy_name)
role_list = RoleList(roles=[role])
data = role_list.SerializeToString()
return self._factory.create_get_response({
self._role_to_address(name): data})
def _create_tp_process_request(self, payload):
inputs = []
outputs = []
if payload.type == IdentityPayload.ROLE:
role = Role()
role.ParseFromString(payload.data)
inputs = [self._role_to_address(role.name),
self._policy_to_address(role.policy_name)]
outputs = [self._role_to_address(role.name)]
else:
policy = Policy()
policy.ParseFromString(payload.data)
inputs = [self._policy_to_address(policy.name)]
outputs = [self._role_to_address(policy.name)]
return self._factory.create_tp_process_request(
payload.SerializeToString(), inputs, outputs, [])
def create_set_role_request(self, name, policy_name):
role = Role(name=name, policy_name=policy_name)
role_list = RoleList(roles=[role])
return self._factory.create_set_request({
self._role_to_address(name): role_list.SerializeToString()})
def create_role_transaction(self, name, policy_name):
role = Role(name=name, policy_name=policy_name)
payload = IdentityPayload(type=IdentityPayload.ROLE,
data=role.SerializeToString())
return self._create_tp_process_request(payload)