def run_permission_add(argv): if len(argv) < 4: raise utils.CmdLineInputError() role_id = argv.pop(0) permission_info_list = argv_to_permission_info_list(argv) cib = get_cib(get_cib_xml()) provide_role(cib, role_id) add_permissions_to_role(cib, role_id, permission_info_list) replace_cib_configuration(cib)
def run_create_role(argv): if len(argv) < 1: raise utils.CmdLineInputError() role_id = argv.pop(0) description = "" desc_key = 'description=' if argv and argv[0].startswith(desc_key) and len(argv[0]) > len(desc_key): description = argv.pop(0)[len(desc_key):] permission_info_list = argv_to_permission_info_list(argv) cib = get_cib(get_cib_xml()) create_role(cib, role_id, description) add_permissions_to_role(cib, role_id, permission_info_list) replace_cib_configuration(cib)
def test_refuse_bad_permission_and_bad_scope_type(self): role_id = 'role1' self.fixture_add_role(role_id) assert_raise_library_error( lambda: lib.add_permissions_to_role( self.cib.tree, role_id, [('readX', 'xpathX', '/whatever')] ), ( severities.ERROR, report_codes.INVALID_OPTION_VALUE, { "option_name": "permission", "option_value": "readX", "allowed_values": ["read", "write", "deny"], } ), ( severities.ERROR, report_codes.INVALID_OPTION_VALUE, { "option_name": "scope type", "option_value": "xpathX", "allowed_values": ["xpath", "id"], } ), )
def add_permission(lib_env, role_id, permission_info_list): """ Add permissions do role with id role_id. If role doesn't exist it will be created. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of role permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) """ cib = lib_env.get_cib(REQUIRED_CIB_VERSION) acl.validate_permissions(cib, permission_info_list) acl.add_permissions_to_role( acl.provide_role(cib, role_id), permission_info_list ) lib_env.push_cib(cib)
def add_permission(lib_env, role_id, permission_info_list): """ Add permissions do role with id role_id. If role doesn't exist it will be created. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of role permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) """ with cib_acl_section(lib_env) as acl_section: acl.validate_permissions(acl_section, permission_info_list) acl.add_permissions_to_role( acl.provide_role(acl_section, role_id), permission_info_list )
def create_role(lib_env, role_id, permission_info_list, description): """ Create new acl role. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of new role which should be created permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) description -- text description for role """ with cib_acl_section(lib_env) as acl_section: if permission_info_list: acl.validate_permissions(acl_section, permission_info_list) role_el = acl.create_role(acl_section, role_id, description) if permission_info_list: acl.add_permissions_to_role(role_el, permission_info_list)
def test_add_for_correct_permissions(self): role_id = 'role1' self.fixture_add_role(role_id) lib.add_permissions_to_role( self.cib.tree, role_id, [('read', 'xpath', '/whatever')] ) self.assert_cib_equal( self.create_cib().append_to_first_tag_name('configuration', ''' <acls> <acl_role id="{0}"> <acl_permission id="{0}-read" kind="read" xpath="/whatever"/> </acl_role> </acls> '''.format(role_id)) )
def test_add_for_correct_permissions(self): role_id = "role1" self.fixture_add_role(role_id) lib.add_permissions_to_role( self.cib.tree.find(".//acl_role[@id='{0}']".format(role_id)), [("read", "xpath", "/whatever")], ) self.assert_cib_equal(self.create_cib().append_to_first_tag_name( "configuration", """ <acls> <acl_role id="{0}"> <acl_permission id="{0}-read" kind="read" xpath="/whatever"/> </acl_role> </acls> """.format(role_id), ))
def create_role(lib_env, role_id, permission_info_list, description): """ Create new acl role. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of new role which should be created permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) description -- text description for role """ cib = lib_env.get_cib(REQUIRED_CIB_VERSION) if permission_info_list: acl.validate_permissions(cib, permission_info_list) role_el = acl.create_role(cib, role_id, description) if permission_info_list: acl.add_permissions_to_role(role_el, permission_info_list) lib_env.push_cib(cib)
def test_refuse_add_for_nonexistent_role_id(self): role_id = 'role1' self.assert_raise_library_error( lambda: lib.add_permissions_to_role( self.cib.tree, role_id, [('read', 'xpath', '/whatever')] ), ( severities.ERROR, error_codes.ACL_ROLE_NOT_FOUND, {'role_id': role_id}, ), )
def test_refuse_pointing_to_nonexisten_id(self): role_id = 'role1' self.fixture_add_role(role_id) assert_raise_library_error( lambda: lib.add_permissions_to_role( self.cib.tree, role_id, [('read', 'id', 'non-existent')] ), ( severities.ERROR, report_codes.ID_NOT_FOUND, {'id': 'non-existent'} ), )
def test_refuse_add_for_nonexistent_role_id(self): role_id = 'role1' assert_raise_library_error( lambda: lib.add_permissions_to_role( self.cib.tree, role_id, [('read', 'xpath', '/whatever')] ), ( severities.ERROR, report_codes.ID_NOT_FOUND, { "id": role_id, "id_description": "role", } ), )
def test_refuse_bad_permission_and_bad_scope_type(self): role_id = 'role1' self.fixture_add_role(role_id) self.assert_raise_library_error( lambda: lib.add_permissions_to_role( self.cib.tree, role_id, [('readX', 'xpathX', '/whatever')] ), ( severities.ERROR, error_codes.BAD_ACL_PERMISSION, {'permission': 'readX'}, ), ( severities.ERROR, error_codes.BAD_ACL_SCOPE_TYPE, {'scope_type': 'xpathX'}, ), )