def test_autodelete(self):
target = self.cib.tree.find(".//acl_group[@id='{0}']".format("group1"))
lib.unassign_role(target, "role1", True)
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
"configuration", """
<acls>
<acl_role id="role1"/>
<acl_role id="role2"/>
<acl_target id="target1">
<role id="role3"/>
<role id="role2"/>
</acl_target>
</acls>
"""))
def test_autodelete(self):
target = self.cib.tree.find(".//acl_group[@id='{0}']".format("group1"))
lib.unassign_role(target, "role1", True)
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
"configuration",
"""
<acls>
<acl_role id="role1"/>
<acl_role id="role2"/>
<acl_target id="target1">
<role id="role3"/>
<role id="role2"/>
</acl_target>
</acls>
"""
))
def unassign_role_from_group(lib_env,
role_id,
group_id,
autodelete_group=False):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(acl.find_group(acl_section, group_id), role_id,
autodelete_group)
def test_success_group(self):
group = self.cib.tree.find(".//acl_group[@id='{0}']".format("group1"))
lib.unassign_role(group, "role1")
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
"configuration",
"""
<acls>
<acl_role id="role1"/>
<acl_role id="role2"/>
<acl_target id="target1">
<role id="role3"/>
<role id="role2"/>
</acl_target>
<acl_group id="group1"/>
</acls>
""",
))
def test_role_not_assigned(self):
target = self.cib.tree.find(
".//acl_target[@id='{0}']".format("target1"))
assert_raise_library_error(
lambda: lib.unassign_role(target, "role1"),
(severities.ERROR,
report_codes.CIB_ACL_ROLE_IS_NOT_ASSIGNED_TO_TARGET, {
"role_id": "role1",
"target_id": "target1",
}))
def unassign_role_from_group(
lib_env, role_id, group_id, autodelete_group=False
):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(
acl.find_group(acl_section, group_id),
role_id,
autodelete_group
)
def unassign_role_not_specific(lib_env,
role_id,
target_or_group_id,
autodelete_target_group=False):
"""
Unassign role with role_id from target/group with id target_or_group_id.
Target element has bigger priority so if there are target and group with
the same id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target/group
target_or_group_id -- id of acl_target/acl_group element
autodelete_target_group -- if True remove target/group element if has no
more role assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(
acl.find_target_or_group(acl_section, target_or_group_id), role_id,
autodelete_target_group)
def unassign_role_not_specific(lib_env,
role_id,
target_or_group_id,
autodelete_target_group=False):
"""
Unassign role with role_id from target/group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target/group
target_or_group_id -- id of acl_target/acl_group element
autodelete_target_group -- if True remove target/group element if has no
more role assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
acl.unassign_role(_get_target_or_group(cib, target_or_group_id), role_id,
autodelete_target_group)
lib_env.push_cib(cib)
def unassign_role_from_group(lib_env,
role_id,
group_id,
autodelete_group=False):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(acl.find_group(cib, group_id), role_id,
autodelete_group)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def unassign_role_not_specific(
lib_env, role_id, target_or_group_id, autodelete_target_group=False
):
"""
Unassign role with role_id from target/group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target/group
target_or_group_id -- id of acl_target/acl_group element
autodelete_target_group -- if True remove target/group element if has no
more role assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.unassign_role(
acl.find_target_or_group(acl_section, target_or_group_id),
role_id,
autodelete_target_group
)
def unassign_role_not_specific(
lib_env, role_id, target_or_group_id, autodelete_target_group=False
):
"""
Unassign role with role_id from target/group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from target/group
target_or_group_id -- id of acl_target/acl_group element
autodelete_target_group -- if True remove target/group element if has no
more role assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
acl.unassign_role(
_get_target_or_group(cib, target_or_group_id),
role_id,
autodelete_target_group
)
lib_env.push_cib(cib)
def unassign_role_from_group(
lib_env, role_id, group_id, autodelete_group=False
):
"""
Unassign role with role_id from group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of role which should be unassigned from group
group_id -- id of acl_group element
autodelete_target -- if True remove group element if has no more role
assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.unassign_role(
acl.find_group(cib, group_id),
role_id,
autodelete_group
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_role_not_assigned(self):
target = self.cib.tree.find(
".//acl_target[@id='{0}']".format("target1")
)
assert_raise_library_error(
lambda: lib.unassign_role(target, "role1"),
(
severities.ERROR,
report_codes.CIB_ACL_ROLE_IS_NOT_ASSIGNED_TO_TARGET,
{
"role_id": "role1",
"target_id": "target1",
}
)
)