def explain_granted(self,
member_name,
resource_name,
role=None,
permission=None):
"""Provide data on all possibilities on
how a member has access to a resources.
Args:
member_name (str): the member to explain granted
resource_name (str): the resource to explain granted
role (str): the role to explain granted, one of role or permission
should be not none
permission (str): the permission to explain granted, one of role
or permission should be not none
Returns:
proto: the returned proto message of explain_granted
Raises:
Exception: Either role or permission must be set
"""
if not oneof(role is not None, permission is not None):
raise Exception('Either role or permission name must be set')
request = explain_pb2.ExplainGrantedRequest()
if role is not None:
request.role = role
else:
request.permission = permission
request.resource = resource_name
request.member = member_name
return self.stub.ExplainGranted(request, metadata=self.metadata())
def explain_denied(self,
member_name,
resource_names,
roles=None,
permission_names=None):
"""List possibilities to grant access which is currently denied.
Args:
member_name (str): the member to explain denied
resource_names (list): the resources to explain denied
roles (list): the roles to explain denied, one of roles or
permission_names should be not none
permission_names (list): the permissions to explain denied,
one of roles or permission_names should be not none
Returns:
object: generator of proto message of bindingstrategies.
Raises:
Exception: Either roles or permission names must be set
"""
roles = [] if roles is None else roles
permission_names = [] if permission_names is None else permission_names
if not oneof(roles != [], permission_names != []):
raise Exception('Either roles or permission names must be set')
request = explain_pb2.ExplainDeniedRequest(
member=member_name,
resources=resource_names,
roles=roles,
permissions=permission_names)
return self.stub.ExplainDenied(request, metadata=self.metadata())