def role_create(role, principal, endpoint_id):
"""
Executor for `globus endpoint role show`
"""
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity."
)
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
role_doc = assemble_generic_doc(
"role", principal_type=principal_type, principal=principal_val, role=role
)
res = client.add_endpoint_role(endpoint_id, role_doc)
formatted_print(res, simple_text="ID: {}".format(res["id"]))
def role_create(role, principal, endpoint_id):
"""
Create a role on an endpoint.
You must have sufficient privileges to modify the roles on the endpoint.
Either *--group* or *--identity* is required. You may not pass both.
Which one of these options you use will determine the 'Principal Type' on the
role, and the value given will be the 'Principal' of the resulting role.
The term "Principal" is used in the sense of "a security principal", an entity
which has some privileges associated with it.
"""
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity.")
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
role_doc = assemble_generic_doc("role",
principal_type=principal_type,
principal=principal_val,
role=role)
res = client.add_endpoint_role(endpoint_id, role_doc)
formatted_print(res, simple_text="ID: {}".format(res["id"]))
def role_create(role, principal, endpoint_id):
"""
Executor for `globus endpoint role show`
"""
principal_type, principal_val = principal
client = get_client()
if principal_type == 'identity':
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
'Identity does not exist. '
'Use --provision-identity to auto-provision an identity.')
elif principal_type == 'provision-identity':
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = 'identity'
role_doc = assemble_generic_doc('role',
principal_type=principal_type,
principal=principal_val,
role=role)
res = client.add_endpoint_role(endpoint_id, role_doc)
formatted_print(res, simple_text='ID: {}'.format(res['id']))
def create_command(principal, permissions, endpoint_plus_path, notify_email,
notify_message):
"""
Create a new access control rule on the target endpoint, granting users new
permissions on the given path.
The target endpoint must be a shared endpoint, as only these use access control
lists to manage permissions.
The '--permissions' option is required, and exactly one of '--all-authenticated'
'--anonymous', '--group', or '--identity' is required to know to whom permissions
are being granted.
"""
if not principal:
raise click.UsageError(
"A security principal is required for this command")
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity.")
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc(
"access",
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message,
)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(
res,
text_format=FORMAT_TEXT_RECORD,
fields=[("Message", "message"), ("Rule ID", "access_id")],
)
def endpoint_search(filter_fulltext, filter_owner_id, filter_scope):
"""
Executor for `globus endpoint search`
"""
if filter_scope == "all" and not filter_fulltext:
raise click.UsageError(
"When searching all endpoints (--filter-scope=all, the default), "
"a full-text search filter is required. Other scopes (e.g. "
"--filter-scope=recently-used) may be used without specifying "
"an additional filter."
)
client = get_client()
owner_id = filter_owner_id
if owner_id:
owner_id = maybe_lookup_identity_id(owner_id)
search_iterator = client.endpoint_search(
filter_fulltext=filter_fulltext,
filter_scope=filter_scope,
filter_owner_id=owner_id,
)
formatted_print(
search_iterator,
fields=ENDPOINT_LIST_FIELDS,
json_converter=iterable_response_to_dict,
)
def create_command(
principal, permissions, endpoint_plus_path, notify_email, notify_message
):
"""
Executor for `globus endpoint permission create`
"""
if not principal:
raise click.UsageError("A security principal is required for this command")
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity."
)
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc(
"access",
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message,
)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(
res,
text_format=FORMAT_TEXT_RECORD,
fields=[("Message", "message"), ("Rule ID", "access_id")],
)
def create_command(principal, permissions, endpoint_plus_path, notify_email,
notify_message):
"""
Executor for `globus endpoint permission create`
"""
if not principal:
raise click.UsageError(
"A security principal is required for this command")
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity.")
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc(
"access",
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message,
)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(
res,
text_format=FORMAT_TEXT_RECORD,
fields=[("Message", "message"), ("Rule ID", "access_id")],
)
def create_command(principal, permissions, endpoint_plus_path, notify_email,
notify_message):
"""
Executor for `globus endpoint permission create`
"""
if not principal:
raise click.UsageError(
'A security principal is required for this command')
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == 'identity':
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
'Identity does not exist. '
'Use --provision-identity to auto-provision an identity.')
elif principal_type == 'provision-identity':
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = 'identity'
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc('access',
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(res,
text_format=FORMAT_TEXT_RECORD,
fields=[('Message', 'message'), ('Rule ID', 'access_id')])
def endpoint_search(filter_fulltext, limit, filter_owner_id, filter_scope):
"""
Search for Globus endpoints with search filters. If --filter-scope is set to the
default of 'all', then FILTER_FULLTEXT is required.
If FILTER_FULLTEXT is given, endpoints which have attributes (display name,
legacy name, description, organization, department, keywords) that match the
search text will be returned. The result size limit is 100 endpoints.
"""
if filter_scope == "all" and not filter_fulltext:
raise click.UsageError(
"When searching all endpoints (--filter-scope=all, the default), "
"a full-text search filter is required. Other scopes (e.g. "
"--filter-scope=recently-used) may be used without specifying "
"an additional filter."
)
client = get_client()
owner_id = filter_owner_id
if owner_id:
owner_id = maybe_lookup_identity_id(owner_id)
search_iterator = client.endpoint_search(
filter_fulltext=filter_fulltext,
filter_scope=filter_scope,
filter_owner_id=owner_id,
num_results=limit,
)
formatted_print(
search_iterator,
fields=ENDPOINT_LIST_FIELDS,
json_converter=iterable_response_to_dict,
)
if search_iterator.limit_less_than_available_results:
click.echo(
click.style(
"""
WARNING: More results were available from the Endpoint Search API, but you
specified a limit lower than the number of available results
""",
fg="yellow",
),
err=True,
)
def endpoint_search(filter_fulltext, limit, filter_owner_id, filter_scope):
"""
Executor for `globus endpoint search`
"""
if filter_scope == "all" and not filter_fulltext:
raise click.UsageError(
"When searching all endpoints (--filter-scope=all, the default), "
"a full-text search filter is required. Other scopes (e.g. "
"--filter-scope=recently-used) may be used without specifying "
"an additional filter."
)
client = get_client()
owner_id = filter_owner_id
if owner_id:
owner_id = maybe_lookup_identity_id(owner_id)
search_iterator = client.endpoint_search(
filter_fulltext=filter_fulltext,
filter_scope=filter_scope,
filter_owner_id=owner_id,
num_results=limit,
)
formatted_print(
search_iterator,
fields=ENDPOINT_LIST_FIELDS,
json_converter=iterable_response_to_dict,
)
if search_iterator.limit_less_than_available_results:
click.echo(
click.style(
"""
WARNING: More results were available from the Endpoint Search API, but you
specified a limit lower than the number of available results
""",
fg="yellow",
),
err=True,
)
def endpoint_search(filter_fulltext, filter_owner_id, filter_scope):
"""
Executor for `globus endpoint search`
"""
if filter_scope == 'all' and not filter_fulltext:
raise click.UsageError(
'When searching all endpoints (--filter-scope=all, the default), '
'a full-text search filter is required. Other scopes (e.g. '
'--filter-scope=recently-used) may be used without specifying '
'an additional filter.')
client = get_client()
owner_id = filter_owner_id
if owner_id:
owner_id = maybe_lookup_identity_id(owner_id)
search_iterator = client.endpoint_search(filter_fulltext=filter_fulltext,
filter_scope=filter_scope,
filter_owner_id=owner_id)
formatted_print(search_iterator,
fields=ENDPOINT_LIST_FIELDS,
json_converter=iterable_response_to_dict)
