def role_create(role, principal, endpoint_id): """ Executor for `globus endpoint role show` """ principal_type, principal_val = principal client = get_client() if principal_type == "identity": principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( "Identity does not exist. " "Use --provision-identity to auto-provision an identity." ) elif principal_type == "provision-identity": principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = "identity" role_doc = assemble_generic_doc( "role", principal_type=principal_type, principal=principal_val, role=role ) res = client.add_endpoint_role(endpoint_id, role_doc) formatted_print(res, simple_text="ID: {}".format(res["id"]))
def role_create(role, principal, endpoint_id): """ Create a role on an endpoint. You must have sufficient privileges to modify the roles on the endpoint. Either *--group* or *--identity* is required. You may not pass both. Which one of these options you use will determine the 'Principal Type' on the role, and the value given will be the 'Principal' of the resulting role. The term "Principal" is used in the sense of "a security principal", an entity which has some privileges associated with it. """ principal_type, principal_val = principal client = get_client() if principal_type == "identity": principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( "Identity does not exist. " "Use --provision-identity to auto-provision an identity.") elif principal_type == "provision-identity": principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = "identity" role_doc = assemble_generic_doc("role", principal_type=principal_type, principal=principal_val, role=role) res = client.add_endpoint_role(endpoint_id, role_doc) formatted_print(res, simple_text="ID: {}".format(res["id"]))
def role_create(role, principal, endpoint_id): """ Executor for `globus endpoint role show` """ principal_type, principal_val = principal client = get_client() if principal_type == 'identity': principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( 'Identity does not exist. ' 'Use --provision-identity to auto-provision an identity.') elif principal_type == 'provision-identity': principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = 'identity' role_doc = assemble_generic_doc('role', principal_type=principal_type, principal=principal_val, role=role) res = client.add_endpoint_role(endpoint_id, role_doc) formatted_print(res, simple_text='ID: {}'.format(res['id']))
def create_command(principal, permissions, endpoint_plus_path, notify_email, notify_message): """ Create a new access control rule on the target endpoint, granting users new permissions on the given path. The target endpoint must be a shared endpoint, as only these use access control lists to manage permissions. The '--permissions' option is required, and exactly one of '--all-authenticated' '--anonymous', '--group', or '--identity' is required to know to whom permissions are being granted. """ if not principal: raise click.UsageError( "A security principal is required for this command") endpoint_id, path = endpoint_plus_path principal_type, principal_val = principal client = get_client() if principal_type == "identity": principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( "Identity does not exist. " "Use --provision-identity to auto-provision an identity.") elif principal_type == "provision-identity": principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = "identity" if not notify_email: notify_message = None rule_data = assemble_generic_doc( "access", permissions=permissions, principal=principal_val, principal_type=principal_type, path=path, notify_email=notify_email, notify_message=notify_message, ) res = client.add_endpoint_acl_rule(endpoint_id, rule_data) formatted_print( res, text_format=FORMAT_TEXT_RECORD, fields=[("Message", "message"), ("Rule ID", "access_id")], )
def endpoint_search(filter_fulltext, filter_owner_id, filter_scope): """ Executor for `globus endpoint search` """ if filter_scope == "all" and not filter_fulltext: raise click.UsageError( "When searching all endpoints (--filter-scope=all, the default), " "a full-text search filter is required. Other scopes (e.g. " "--filter-scope=recently-used) may be used without specifying " "an additional filter." ) client = get_client() owner_id = filter_owner_id if owner_id: owner_id = maybe_lookup_identity_id(owner_id) search_iterator = client.endpoint_search( filter_fulltext=filter_fulltext, filter_scope=filter_scope, filter_owner_id=owner_id, ) formatted_print( search_iterator, fields=ENDPOINT_LIST_FIELDS, json_converter=iterable_response_to_dict, )
def create_command( principal, permissions, endpoint_plus_path, notify_email, notify_message ): """ Executor for `globus endpoint permission create` """ if not principal: raise click.UsageError("A security principal is required for this command") endpoint_id, path = endpoint_plus_path principal_type, principal_val = principal client = get_client() if principal_type == "identity": principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( "Identity does not exist. " "Use --provision-identity to auto-provision an identity." ) elif principal_type == "provision-identity": principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = "identity" if not notify_email: notify_message = None rule_data = assemble_generic_doc( "access", permissions=permissions, principal=principal_val, principal_type=principal_type, path=path, notify_email=notify_email, notify_message=notify_message, ) res = client.add_endpoint_acl_rule(endpoint_id, rule_data) formatted_print( res, text_format=FORMAT_TEXT_RECORD, fields=[("Message", "message"), ("Rule ID", "access_id")], )
def create_command(principal, permissions, endpoint_plus_path, notify_email, notify_message): """ Executor for `globus endpoint permission create` """ if not principal: raise click.UsageError( "A security principal is required for this command") endpoint_id, path = endpoint_plus_path principal_type, principal_val = principal client = get_client() if principal_type == "identity": principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( "Identity does not exist. " "Use --provision-identity to auto-provision an identity.") elif principal_type == "provision-identity": principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = "identity" if not notify_email: notify_message = None rule_data = assemble_generic_doc( "access", permissions=permissions, principal=principal_val, principal_type=principal_type, path=path, notify_email=notify_email, notify_message=notify_message, ) res = client.add_endpoint_acl_rule(endpoint_id, rule_data) formatted_print( res, text_format=FORMAT_TEXT_RECORD, fields=[("Message", "message"), ("Rule ID", "access_id")], )
def create_command(principal, permissions, endpoint_plus_path, notify_email, notify_message): """ Executor for `globus endpoint permission create` """ if not principal: raise click.UsageError( 'A security principal is required for this command') endpoint_id, path = endpoint_plus_path principal_type, principal_val = principal client = get_client() if principal_type == 'identity': principal_val = maybe_lookup_identity_id(principal_val) if not principal_val: raise click.UsageError( 'Identity does not exist. ' 'Use --provision-identity to auto-provision an identity.') elif principal_type == 'provision-identity': principal_val = maybe_lookup_identity_id(principal_val, provision=True) principal_type = 'identity' if not notify_email: notify_message = None rule_data = assemble_generic_doc('access', permissions=permissions, principal=principal_val, principal_type=principal_type, path=path, notify_email=notify_email, notify_message=notify_message) res = client.add_endpoint_acl_rule(endpoint_id, rule_data) formatted_print(res, text_format=FORMAT_TEXT_RECORD, fields=[('Message', 'message'), ('Rule ID', 'access_id')])
def endpoint_search(filter_fulltext, limit, filter_owner_id, filter_scope): """ Search for Globus endpoints with search filters. If --filter-scope is set to the default of 'all', then FILTER_FULLTEXT is required. If FILTER_FULLTEXT is given, endpoints which have attributes (display name, legacy name, description, organization, department, keywords) that match the search text will be returned. The result size limit is 100 endpoints. """ if filter_scope == "all" and not filter_fulltext: raise click.UsageError( "When searching all endpoints (--filter-scope=all, the default), " "a full-text search filter is required. Other scopes (e.g. " "--filter-scope=recently-used) may be used without specifying " "an additional filter." ) client = get_client() owner_id = filter_owner_id if owner_id: owner_id = maybe_lookup_identity_id(owner_id) search_iterator = client.endpoint_search( filter_fulltext=filter_fulltext, filter_scope=filter_scope, filter_owner_id=owner_id, num_results=limit, ) formatted_print( search_iterator, fields=ENDPOINT_LIST_FIELDS, json_converter=iterable_response_to_dict, ) if search_iterator.limit_less_than_available_results: click.echo( click.style( """ WARNING: More results were available from the Endpoint Search API, but you specified a limit lower than the number of available results """, fg="yellow", ), err=True, )
def endpoint_search(filter_fulltext, limit, filter_owner_id, filter_scope): """ Executor for `globus endpoint search` """ if filter_scope == "all" and not filter_fulltext: raise click.UsageError( "When searching all endpoints (--filter-scope=all, the default), " "a full-text search filter is required. Other scopes (e.g. " "--filter-scope=recently-used) may be used without specifying " "an additional filter." ) client = get_client() owner_id = filter_owner_id if owner_id: owner_id = maybe_lookup_identity_id(owner_id) search_iterator = client.endpoint_search( filter_fulltext=filter_fulltext, filter_scope=filter_scope, filter_owner_id=owner_id, num_results=limit, ) formatted_print( search_iterator, fields=ENDPOINT_LIST_FIELDS, json_converter=iterable_response_to_dict, ) if search_iterator.limit_less_than_available_results: click.echo( click.style( """ WARNING: More results were available from the Endpoint Search API, but you specified a limit lower than the number of available results """, fg="yellow", ), err=True, )
def endpoint_search(filter_fulltext, filter_owner_id, filter_scope): """ Executor for `globus endpoint search` """ if filter_scope == 'all' and not filter_fulltext: raise click.UsageError( 'When searching all endpoints (--filter-scope=all, the default), ' 'a full-text search filter is required. Other scopes (e.g. ' '--filter-scope=recently-used) may be used without specifying ' 'an additional filter.') client = get_client() owner_id = filter_owner_id if owner_id: owner_id = maybe_lookup_identity_id(owner_id) search_iterator = client.endpoint_search(filter_fulltext=filter_fulltext, filter_scope=filter_scope, filter_owner_id=owner_id) formatted_print(search_iterator, fields=ENDPOINT_LIST_FIELDS, json_converter=iterable_response_to_dict)