def list_share_entries(self, cluster_id, cluster_name, org=None, vdc=None):
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
# Consider system users if client is from system org
if self._client.is_sysadmin():
sys_org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict( # noqa:E501
self._client, shared_constants.SYSTEM_ORG_NAME)
org_user_id_to_name_dict.update(sys_org_user_id_to_name_dict)
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
page_num = result_count = 0
while True:
page_num += 1
response_body = acl_svc.get_def_entity_acl_response(
page_num, cli_constants.CLI_ENTRIES_PER_PAGE)
result_total = response_body[
shared_constants.PaginationKey.RESULT_TOTAL] # noqa: E501
values = response_body[shared_constants.PaginationKey.VALUES]
if len(values) == 0:
break
acl_values = []
for entry in values:
acl_entry = common_models.ClusterAclEntry(**entry)
# If there is no username found, the user must be a system
# user, so a generic name is shown
acl_entry.username = org_user_id_to_name_dict.get(
acl_entry.memberId,
shared_constants.SYSTEM_USER_GENERIC_NAME) # noqa: E501
acl_values.append(
acl_entry.construct_filtered_dict(
include=CLUSTER_ACL_LIST_FIELDS))
result_count += len(values)
yield acl_values, result_count < result_total
def unshare_cluster(self,
cluster_id,
cluster_name,
users: list,
org=None,
vdc=None):
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Get acl entry ids for users
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, set(users), org_href)
users_ids: set = {user_id for _, user_id in name_to_id.items()}
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
delete_acl_ids = []
for acl_entry in acl_svc.list_def_entity_acl_entries():
if acl_entry.memberId in users_ids:
delete_acl_ids.append(acl_entry.id)
users_ids.remove(acl_entry.memberId)
if len(users_ids) > 0:
org_user_id_to_name_dict = \
vcd_utils.create_org_user_id_to_name_dict(self._client, org)
missing_users = [
org_user_id_to_name_dict[user_id] for user_id in users_ids
] # noqa: E501
raise Exception(f'Cluster {cluster_name or cluster_id} is not '
f'currently shared with: {missing_users}')
# Delete cluster acl entries
for acl_id in delete_acl_ids:
acl_svc.unshare_def_entity(acl_id)
def share_cluster(self,
cluster_id,
cluster_name,
users: list,
access_level_id,
org=None,
vdc=None):
"""Share the cluster with the users in user_name_to_id_dict.
:param str cluster_id: cluster id
:param str cluster_name: cluster name
:param list users: users to share cluster with
:param str access_level_id: access level id of shared users
:param str vdc: name of the vdc where the cluster is
:param str org: name of the org where the users are
"""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Ensure current cluster user access level is not reduced
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, set(users), org_href)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
logger_wire = logger.CLIENT_WIRE_LOGGER \
if utils.str_to_bool(
os.getenv(cli_constants.ENV_CSE_CLIENT_WIRE_LOGGING)
) \
else logger.NULL_LOGGER
acl_svc = cluster_acl_svc.ClusterACLService(
cluster_id=cluster_id,
client=self._client,
logger_debug=logger.CLIENT_LOGGER,
logger_wire=logger_wire)
for acl_entry in acl_svc.list_def_entity_acl_entries():
username = org_user_id_to_name_dict.get(acl_entry.memberId)
if name_to_id.get(username):
curr_access_level = acl_entry.accessLevelId # noqa: E501
if client_utils.access_level_reduced(access_level_id,
curr_access_level):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level}')
# share TKG-S def entity
acl_entry = common_models.ClusterAclEntry(
grantType=shared_constants.MEMBERSHIP_GRANT_TYPE,
accessLevelId=access_level_id,
memberId=None)
for _, user_id in name_to_id.items():
acl_entry.memberId = user_id
acl_svc.share_def_entity(acl_entry)
def unshare_cluster(self,
cluster_id,
cluster_name,
users: list,
org=None,
vdc=None):
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Get acl entry ids for users
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, set(users), org_href)
users_ids: set = {user_id for _, user_id in name_to_id.items()}
logger_wire = logger.CLIENT_WIRE_LOGGER \
if utils.str_to_bool(
os.getenv(cli_constants.ENV_CSE_CLIENT_WIRE_LOGGING)
)\
else logger.NULL_LOGGER
acl_svc = cluster_acl_svc.ClusterACLService(
cluster_id=cluster_id,
client=self._client,
logger_debug=logger.CLIENT_LOGGER,
logger_wire=logger_wire)
delete_acl_ids = []
for acl_entry in acl_svc.list_def_entity_acl_entries():
if acl_entry.memberId in users_ids:
delete_acl_ids.append(acl_entry.id)
users_ids.remove(acl_entry.memberId)
if len(users_ids) > 0:
org_user_id_to_name_dict = \
vcd_utils.create_org_user_id_to_name_dict(self._client, org)
missing_users = [
org_user_id_to_name_dict[user_id] for user_id in users_ids
] # noqa: E501
raise Exception(f'Cluster {cluster_name or cluster_id} is not '
f'currently shared with: {missing_users}')
# Delete cluster acl entries
for acl_id in delete_acl_ids:
acl_svc.unshare_def_entity(acl_id)
def share_cluster(self, cluster_id, cluster_name, users: list,
access_level_id, org=None, vdc=None):
"""Share the cluster with the users in user_name_to_id_dict.
:param str cluster_id: cluster id
:param str cluster_name: cluster name
:param list users: users to share cluster with
:param str access_level_id: access level id of shared users
:param str vdc: name of the vdc where the cluster is
:param str org: name of the org where the users are
"""
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
# Ensure current cluster user access level is not reduced
org_href = self._client.get_org_by_name(org).get('href')
name_to_id: dict = client_utils.create_user_name_to_id_dict(
self._client, users, org_href)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
for acl_entry in acl_svc.list_def_entity_acl_entries():
username = org_user_id_to_name_dict.get(acl_entry.memberId)
if name_to_id.get(username):
curr_access_level = acl_entry.accessLevelId # noqa: E501
if client_utils.access_level_reduced(access_level_id,
curr_access_level):
raise Exception(f'{username} currently has higher access '
f'level: {curr_access_level}')
# share TKG def entity
payload = {
shared_constants.AccessControlKey.GRANT_TYPE:
shared_constants.MEMBERSHIP_GRANT_TYPE,
shared_constants.AccessControlKey.ACCESS_LEVEL_ID:
access_level_id,
shared_constants.AccessControlKey.MEMBER_ID: None
}
for _, user_id in name_to_id.items():
payload[shared_constants.AccessControlKey.MEMBER_ID] = user_id
acl_svc.share_def_entity(payload)
def list_share_entries(self, cluster_id, cluster_name, org=None, vdc=None):
if not cluster_id:
cluster_id = self.get_cluster_id_by_name(cluster_name, org, vdc)
org_user_id_to_name_dict = vcd_utils.create_org_user_id_to_name_dict(
self._client, org)
acl_svc = cluster_acl_svc.ClusterACLService(cluster_id, self._client)
page_num = result_count = 0
while True:
page_num += 1
response_body = acl_svc.get_def_entity_acl_response(
page_num, cli_constants.CLI_ENTRIES_PER_PAGE)
result_total = response_body[shared_constants.PaginationKey.RESULT_TOTAL] # noqa: E501
values = response_body[shared_constants.PaginationKey.VALUES]
if len(values) == 0:
break
acl_values = []
for entry in values:
acl_entry = common_models.ClusterAclEntry(**entry)
acl_entry.username = org_user_id_to_name_dict.get(acl_entry.memberId) # noqa: E501
acl_values.append(acl_entry.construct_filtered_dict(
include=CLUSTER_ACL_LIST_FIELDS))
result_count += len(values)
yield acl_values, result_count < result_total