def acl_error_to_report_item(e):
if e.__class__ == AclTargetNotFound:
return reports.id_not_found(e.target_id, "user")
elif e.__class__ == AclGroupNotFound:
return reports.id_not_found(e.group_id, "group")
elif e.__class__ == AclRoleNotFound:
return reports.id_not_found(e.role_id, "role")
raise e
def get_errors(self):
"""
Report why the element has not been found or booking its id failed
"""
if (self.element_found()
or (self._book_errors is not None and not self._book_errors)):
raise AssertionError(
"Improper usage: cannot report errors when there are none")
element = get_root(
self._context_element).find(f'.//*[@id="{self._element_id}"]')
if element is not None:
if element.tag in self._tag_list:
return [
reports.object_with_id_in_unexpected_context(
element.tag, self._element_id,
self._context_element.tag,
self._context_element.attrib.get("id", ""))
]
return [
reports.id_belongs_to_unexpected_type(
self._element_id,
expected_types=self._expected_types,
current_type=element.tag)
]
if self._book_errors is None:
return [
reports.id_not_found(
self._element_id, self._expected_types,
self._context_element.tag,
self._context_element.attrib.get("id", ""))
]
return self._book_errors
def validate_permissions(tree, permission_info_list):
"""
Validate given permission list.
Raise LibraryError if any of permission is not valid.
tree -- cib tree
permission_info_list -- list of tuples like this:
("read|write|deny", "xpath|id", <id-or-xpath-string>)
"""
report_items = []
allowed_permissions = ["read", "write", "deny"]
allowed_scopes = ["xpath", "id"]
for permission, scope_type, scope in permission_info_list:
if not permission in allowed_permissions:
report_items.append(
reports.invalid_option_value("permission", permission,
allowed_permissions))
if not scope_type in allowed_scopes:
report_items.append(
reports.invalid_option_value("scope type", scope_type,
allowed_scopes))
if scope_type == 'id' and not does_id_exist(tree, scope):
report_items.append(reports.id_not_found(scope, ["id"]))
if report_items:
raise LibraryError(*report_items)
def validate_permissions(tree, permission_info_list):
"""
Validate given permission list.
Raise LibraryError if any of permission is not valid.
tree -- cib tree
permission_info_list -- list of tuples like this:
("read|write|deny", "xpath|id", <id-or-xpath-string>)
"""
report_items = []
allowed_permissions = ["read", "write", "deny"]
allowed_scopes = ["xpath", "id"]
for permission, scope_type, scope in permission_info_list:
if not permission in allowed_permissions:
report_items.append(reports.invalid_option_value(
"permission",
permission,
allowed_permissions
))
if not scope_type in allowed_scopes:
report_items.append(reports.invalid_option_value(
"scope type",
scope_type,
allowed_scopes
))
if scope_type == 'id' and not does_id_exist(tree, scope):
report_items.append(reports.id_not_found(scope, "id"))
if report_items:
raise LibraryError(*report_items)
def find_element_by_tag_and_id(
tag, context_element, element_id, none_if_id_unused=False, id_description=""
):
"""
Return element with given tag and element_id under context_element. When
element does not exists raises LibraryError or return None if specified in
none_if_id_unused.
etree.Element(Tree) context_element is part of tree for element scan
string|list tag is expected tag (or list of tags) of search element
string element_id is id of search element
bool none_if_id_unused if the element is not found then return None if True
or raise a LibraryError if False
string id_description optional description for id
"""
tag_list = [tag] if is_string(tag) else tag
element_list = context_element.xpath(
'.//*[({0}) and @id="{1}"]'.format(
" or ".join(["self::{0}".format(one_tag) for one_tag in tag_list]),
element_id
)
)
if element_list:
return element_list[0]
element = get_root(context_element).find(
'.//*[@id="{0}"]'.format(element_id)
)
if element is not None:
raise LibraryError(
reports.id_belongs_to_unexpected_type(
element_id,
expected_types=tag_list,
current_type=element.tag
) if element.tag not in tag_list
else reports.object_with_id_in_unexpected_context(
element.tag,
element_id,
context_element.tag,
context_element.attrib.get("id", "")
)
)
if none_if_id_unused:
return None
raise LibraryError(
reports.id_not_found(
element_id,
id_description if id_description else "/".join(tag_list),
context_element.tag,
context_element.attrib.get("id", "")
)
)
def find_element_by_tag_and_id(
tag, context_element, element_id, none_if_id_unused=False, id_description=""
):
"""
Return element with given tag and element_id under context_element. When
element does not exists raises LibraryError or return None if specified in
none_if_id_unused.
etree.Element(Tree) context_element is part of tree for element scan
string|list tag is expected tag (or list of tags) of search element
string element_id is id of search element
bool none_if_id_unused is flag, when is True and element with element_id
does not exists function returns None
string id_description optional description for id
"""
tag_list = [tag] if is_string(tag) else tag
element_list = context_element.xpath(
'.//*[({0}) and @id="{1}"]'.format(
" or ".join(["self::{0}".format(one_tag) for one_tag in tag_list]),
element_id
)
)
if element_list:
return element_list[0]
element = get_root(context_element).find(
'.//*[@id="{0}"]'.format(element_id)
)
if element is not None:
raise LibraryError(
reports.id_belongs_to_unexpected_type(
element_id,
expected_types=tag_list,
current_type=element.tag
) if element.tag not in tag_list
else reports.object_with_id_in_unexpected_context(
element.tag,
element_id,
context_element.tag,
context_element.attrib.get("id", "")
)
)
if none_if_id_unused:
return None
raise LibraryError(
reports.id_not_found(
element_id,
id_description if id_description else "/".join(tag_list),
context_element.tag,
context_element.attrib.get("id", "")
)
)
def _find_permission(tree, permission_id):
"""
Returns acl_permission element with specified id.
Raises LibraryError if that permission doesn't exist.
tree -- etree node
permisson_id -- id of permision element
"""
permission = tree.find(".//acl_permission[@id='{0}']".format(permission_id))
if permission is not None:
return permission
raise LibraryError(reports.id_not_found(permission_id, "permission"))
def _resource_list_enable_disable(resource_el_list, func, cluster_state):
report_list = []
for resource_el in resource_el_list:
res_id = resource_el.attrib["id"]
try:
if not is_resource_managed(cluster_state, res_id):
report_list.append(reports.resource_is_unmanaged(res_id))
func(resource_el)
except ResourceNotFound:
report_list.append(
reports.id_not_found(
res_id, id_description="resource/clone/master/group"))
return report_list
def remove_group(tree, group_id):
"""
Removes acl_group element from tree with specified id.
Raises LibraryError if group with id group_id doesn't exist.
tree -- etree node
group_id -- id of group element to remove
"""
try:
group = find_group(tree, group_id)
group.getparent().remove(group)
except AclGroupNotFound:
raise LibraryError(reports.id_not_found(group_id, "group"))
def _resource_list_enable_disable(resource_el_list, func, cluster_state):
report_list = []
for resource_el in resource_el_list:
res_id = resource_el.attrib["id"]
try:
if not is_resource_managed(cluster_state, res_id):
report_list.append(reports.resource_is_unmanaged(res_id))
func(resource_el)
except ResourceNotFound:
report_list.append(
reports.id_not_found(
res_id, ["primitive", "clone", "group", "bundle"]))
return report_list
def remove_target(tree, target_id):
"""
Removes acl_target element from tree with specified id.
Raises LibraryError if target with id target_id doesn't exist.
tree -- etree node
target_id -- id of target element to remove
"""
try:
target = find_target(tree, target_id)
target.getparent().remove(target)
except AclTargetNotFound:
raise LibraryError(reports.id_not_found(target_id, "user"))
def get_recipient_by_id(tree, recipient_id):
"""
Returns recipient element with value recipient_value which belong to
specified alert.
Raises LibraryError if recipient doesn't exist.
tree -- cib etree node
recipient_id -- id of recipient
"""
recipient = get_alerts(tree).find(
"./alert/recipient[@id='{0}']".format(recipient_id))
if recipient is None:
raise LibraryError(reports.id_not_found(recipient_id, "Recipient"))
return recipient
def get_recipient_by_id(tree, recipient_id):
"""
Returns recipient element with value recipient_value which belong to
specified alert.
Raises LibraryError if recipient doesn't exist.
tree -- cib etree node
recipient_id -- id of recipient
"""
recipient = get_alerts(tree).find(
"./alert/recipient[@id='{0}']".format(recipient_id)
)
if recipient is None:
raise LibraryError(reports.id_not_found(recipient_id, "Recipient"))
return recipient
def _resource_list_enable_disable(
resource_el_list, func, id_provider, cluster_state
):
report_list = []
for resource_el in resource_el_list:
res_id = resource_el.attrib["id"]
try:
if not is_resource_managed(cluster_state, res_id):
report_list.append(reports.resource_is_unmanaged(res_id))
func(resource_el, id_provider)
except ResourceNotFound:
report_list.append(
reports.id_not_found(
res_id,
["primitive", "clone", "group", "bundle", "master"]
)
)
return report_list
def get_errors(self):
"""
Report why the element has not been found or booking its id failed
"""
if (
self.element_found()
or
(self._book_errors is not None and not self._book_errors)
):
raise AssertionError(
"Improper usage: cannot report errors when there are none"
)
element = get_root(self._context_element).find(
f'.//*[@id="{self._element_id}"]'
)
if element is not None:
if element.tag in self._tag_list:
return [
reports.object_with_id_in_unexpected_context(
element.tag,
self._element_id,
self._context_element.tag,
self._context_element.attrib.get("id", "")
)
]
return [
reports.id_belongs_to_unexpected_type(
self._element_id,
expected_types=self._expected_types,
current_type=element.tag
)
]
if self._book_errors is None:
return [
reports.id_not_found(
self._element_id,
self._expected_types,
self._context_element.tag,
self._context_element.attrib.get("id", "")
)
]
return self._book_errors
def _get_target_or_group(cib, target_or_group_id):
"""
Returns acl_target or acl_group element with id target_or_group_id. Target
element has bigger pririty so if there are target and group with same id
only target element will be affected by this function.
Raises LibraryError if there is no target or group element with
specified id.
cib -- cib etree node
target_or_group_id -- id of target/group element which should be returned
"""
try:
return acl.find_target(cib, target_or_group_id)
except acl.AclTargetNotFound:
try:
return acl.find_group(cib, target_or_group_id)
except acl.AclGroupNotFound:
raise LibraryError(
reports.id_not_found(target_or_group_id, "user/group"))
def _get_target_or_group(cib, target_or_group_id):
"""
Returns acl_target or acl_group element with id target_or_group_id. Target
element has bigger pririty so if there are target and group with same id
only target element will be affected by this function.
Raises LibraryError if there is no target or group element with
specified id.
cib -- cib etree node
target_or_group_id -- id of target/group element which should be returned
"""
try:
return acl.find_target(cib, target_or_group_id)
except acl.AclTargetNotFound:
try:
return acl.find_group(cib, target_or_group_id)
except acl.AclGroupNotFound:
raise LibraryError(
reports.id_not_found(target_or_group_id, "user/group")
)
def __validate_permissions(tree, permission_info_list):
report_items = []
allowed_permissions = ["read", "write", "deny"]
allowed_scopes = ["xpath", "id"]
for permission, scope_type, scope in permission_info_list:
if not permission in allowed_permissions:
report_items.append(reports.invalid_option_value(
"permission",
permission,
allowed_permissions
))
if not scope_type in allowed_scopes:
report_items.append(reports.invalid_option_value(
"scope type",
scope_type,
allowed_scopes
))
if scope_type == 'id' and not does_id_exist(tree, scope):
report_items.append(reports.id_not_found(scope, "id"))
if report_items:
raise LibraryError(*report_items)
def __find_role(tree, role_id):
role = tree.find('.//acl_role[@id="{0}"]'.format(role_id))
if role is not None:
return role
raise AclRoleNotFound(reports.id_not_found(role_id, "role"))
