def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ LOG.info('Synchronizing users role assignments...') user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) results = {} for role_assignment_api in role_assignment_apis: username = role_assignment_api.username user_db = username_to_user_db_map.get(username, None) if not user_db: LOG.debug(('Skipping role assignments for user "%s" which doesn\'t exist in the ' 'database' % (username))) continue role_assignment_dbs = rbac_services.get_role_assignments_for_user(user_db=user_db) result = self._sync_user_role_assignments(user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api) results[username] = result LOG.info('User role assignments synchronized') return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ LOG.info("Synchronizing users role assignments...") username_to_role_assignment_map = dict([(api.username, api) for api in role_assignment_apis]) user_dbs = User.get_all() results = {} for user_db in user_dbs: username = user_db.name role_assignment_api = username_to_role_assignment_map.get(username, None) role_assignment_dbs = rbac_services.get_role_assignments_for_user(user_db=user_db) result = self._sync_user_role_assignments( user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api ) results[username] = result LOG.info("User role assignments synchronized") return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ LOG.info('Synchronizing users role assignments...') user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) username_to_role_assignment_api_map = dict([ (role_assignment_api.username, role_assignment_api) for role_assignment_api in role_assignment_apis ]) # Note: We process assignments for all the users (ones specified in the assignment files # and ones which are in the databse). We want to make sure assignments are correctly # deleted from the databse for users which existing in the databse, but have no assignment # file on disk. all_usernames = (username_to_user_db_map.keys() + username_to_role_assignment_api_map.keys()) all_usernames = list(set(all_usernames)) results = {} for username in all_usernames: role_assignment_api = username_to_role_assignment_api_map.get( username, None) user_db = username_to_user_db_map.get(username, None) if not user_db: # Note: We allow assignments to be created for the users which don't exist in the # DB yet because user creation in StackStorm is lazy (we only create UserDB) object # when user first logs in. user_db = UserDB(name=username) LOG.debug(( 'User "%s" doesn\'t exist in the DB, creating assignment anyway' % (username))) role_assignment_dbs = rbac_services.get_role_assignments_for_user( user_db=user_db, include_remote=False) result = self._sync_user_role_assignments( user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api) results[username] = result LOG.info('User role assignments synchronized') return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ LOG.info('Synchronizing users role assignments...') user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) results = {} for role_assignment_api in role_assignment_apis: username = role_assignment_api.username user_db = username_to_user_db_map.get(username, None) if not user_db: # Note: We allow assignments to be created for the users which don't exist in the # DB yet because user creation in StackStorm is lazy (we only create UserDB) object # when user first logs in. user_db = UserDB(name=username) LOG.debug(( 'User "%s" doesn\'t exist in the DB, creating assignment anyway' % (username))) role_assignment_dbs = rbac_services.get_role_assignments_for_user( user_db=user_db) result = self._sync_user_role_assignments( user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api) results[username] = result LOG.info('User role assignments synchronized') return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ LOG.info('Synchronizing users role assignments...') user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) results = {} for role_assignment_api in role_assignment_apis: username = role_assignment_api.username user_db = username_to_user_db_map.get(username, None) if not user_db: LOG.debug(( 'Skipping role assignments for user "%s" which doesn\'t exist in the ' 'database' % (username))) continue role_assignment_dbs = rbac_services.get_role_assignments_for_user( user_db=user_db) result = self._sync_user_role_assignments( user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api) results[username] = result LOG.info('User role assignments synchronized') return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ LOG.info('Synchronizing users role assignments...') user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) results = {} for role_assignment_api in role_assignment_apis: username = role_assignment_api.username user_db = username_to_user_db_map.get(username, None) if not user_db: # Note: We allow assignments to be created for the users which don't exist in the # DB yet because user creation in StackStorm is lazy (we only create UserDB) object # when user first logs in. user_db = UserDB(name=username) LOG.debug(('User "%s" doesn\'t exist in the DB, creating assignment anyway' % (username))) role_assignment_dbs = rbac_services.get_role_assignments_for_user(user_db=user_db) result = self._sync_user_role_assignments(user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_api=role_assignment_api) results[username] = result LOG.info('User role assignments synchronized') return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ assert isinstance(role_assignment_apis, (list, tuple)) LOG.info('Synchronizing users role assignments...') # Note: We exclude remote assignments because sync tool is not supposed to manipulate # remote assignments role_assignment_dbs = rbac_services.get_all_role_assignments( include_remote=False) user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) username_to_role_assignment_apis_map = defaultdict(list) username_to_role_assignment_dbs_map = defaultdict(list) for role_assignment_api in role_assignment_apis: username = role_assignment_api.username username_to_role_assignment_apis_map[username].append( role_assignment_api) for role_assignment_db in role_assignment_dbs: username = role_assignment_db.user username_to_role_assignment_dbs_map[username].append( role_assignment_db) # Note: We process assignments for all the users (ones specified in the assignment files # and ones which are in the database). We want to make sure assignments are correctly # deleted from the database for users which existing in the database, but have no # assignment file on disk and for assignments for users which don't exist in the database. all_usernames = (list(username_to_user_db_map.keys()) + list(username_to_role_assignment_apis_map.keys()) + list(username_to_role_assignment_dbs_map.keys())) all_usernames = list(set(all_usernames)) results = {} for username in all_usernames: user_db = username_to_user_db_map.get(username, None) if not user_db: # Note: We allow assignments to be created for the users which don't exist in the # DB yet because user creation in StackStorm is lazy (we only create UserDB) object # when user first logs in. user_db = UserDB(name=username) LOG.debug(( 'User "%s" doesn\'t exist in the DB, creating assignment anyway' % (username))) role_assignment_apis = username_to_role_assignment_apis_map.get( username, []) role_assignment_dbs = username_to_role_assignment_dbs_map.get( username, []) # Additional safety assert to ensure we don't accidentally manipulate remote # assignments for role_assignment_db in role_assignment_dbs: assert role_assignment_db.is_remote is False result = self._sync_user_role_assignments( user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_apis=role_assignment_apis) results[username] = result LOG.info('User role assignments synchronized') return results
def sync_users_role_assignments(self, role_assignment_apis): """ Synchronize role assignments for all the users in the database. :param role_assignment_apis: Role assignments API objects for the assignments loaded from the files. :type role_assignment_apis: ``list`` of :class:`UserRoleAssignmentFileFormatAPI` :return: Dictionary with created and removed role assignments for each user. :rtype: ``dict`` """ assert isinstance(role_assignment_apis, (list, tuple)) LOG.info('Synchronizing users role assignments...') # Note: We exclude remote assignments because sync tool is not supposed to manipulate # remote assignments role_assignment_dbs = rbac_services.get_all_role_assignments(include_remote=False) user_dbs = User.get_all() username_to_user_db_map = dict([(user_db.name, user_db) for user_db in user_dbs]) username_to_role_assignment_apis_map = defaultdict(list) username_to_role_assignment_dbs_map = defaultdict(list) for role_assignment_api in role_assignment_apis: username = role_assignment_api.username username_to_role_assignment_apis_map[username].append(role_assignment_api) for role_assignment_db in role_assignment_dbs: username = role_assignment_db.user username_to_role_assignment_dbs_map[username].append(role_assignment_db) # Note: We process assignments for all the users (ones specified in the assignment files # and ones which are in the database). We want to make sure assignments are correctly # deleted from the database for users which existing in the database, but have no # assignment file on disk and for assignments for users which don't exist in the database. all_usernames = (list(username_to_user_db_map.keys()) + list(username_to_role_assignment_apis_map.keys()) + list(username_to_role_assignment_dbs_map.keys())) all_usernames = list(set(all_usernames)) results = {} for username in all_usernames: user_db = username_to_user_db_map.get(username, None) if not user_db: # Note: We allow assignments to be created for the users which don't exist in the # DB yet because user creation in StackStorm is lazy (we only create UserDB) object # when user first logs in. user_db = UserDB(name=username) LOG.debug(('User "%s" doesn\'t exist in the DB, creating assignment anyway' % (username))) role_assignment_apis = username_to_role_assignment_apis_map.get(username, []) role_assignment_dbs = username_to_role_assignment_dbs_map.get(username, []) # Additional safety assert to ensure we don't accidentally manipulate remote # assignments for role_assignment_db in role_assignment_dbs: assert role_assignment_db.is_remote is False result = self._sync_user_role_assignments( user_db=user_db, role_assignment_dbs=role_assignment_dbs, role_assignment_apis=role_assignment_apis) results[username] = result LOG.info('User role assignments synchronized') return results