def get_user_rights(sys_admin_client, user_session):
"""Return rights associated with the role of an user.
:param pyvcloud.vcd.client.Client sys_admin_client: the sys admin cilent
that will be used to query vCD about the rights and roles of the
concerned user.
:param lxml.objectify.ObjectifiedElement user_session:
:return: the list of rights contained in the role of the user
(corresponding to the user_session).
:rtype: list of str
"""
user_org_link = find_link(resource=user_session,
rel=RelationType.DOWN,
media_type=EntityType.ORG.value)
user_org_href = user_org_link.href
org = Org(sys_admin_client, href=user_org_href)
user_role_name = user_session.get('roles')
role = Role(sys_admin_client,
resource=org.get_role_resource(user_role_name))
user_rights = []
user_rights_as_list_of_dict = role.list_rights()
for right_dict in user_rights_as_list_of_dict:
user_rights.append(right_dict.get('name'))
return user_rights
def get_user_rights(user_client, user_session):
"""Lists rights of the current user.
Args:
client (pyvcloud.vcd.client.Client): Session of the requesting user
Returns:
list: List of rights IDs
"""
user_rights_list = []
# Start a sys admin session
admin_client = login_as_system_admin()
# Get org from user
user_org = Org(user_client, resource=user_client.get_org())
# Get admin object from the user's org
admin_org = Org(admin_client, href=user_org.href)
# Get role for user
user_role = user_session.get('roles')
# Get admin object from role
admin_role = Role(admin_client,
resource=user_org.get_role_resource(user_role))
# Iterate on rights applied to the role
for right in admin_role.list_rights():
user_rights_list.append(right.get('id'))
return user_rights_list
def info(ctx, role_name, org_name):
try:
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_resource = org.get_role_resource(role_name)
stdout(to_dict(role_resource, exclude=['Link', 'RightReferences']),
ctx)
except Exception as e:
stderr(e, ctx)
def info(ctx, role_name, org_name):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_resource = org.get_role_resource(role_name)
stdout(
to_dict(role_resource, exclude=['Link', 'RightReferences']), ctx)
except Exception as e:
stderr(e, ctx)
def assign_native_rights(role_name, right_list=None, logger=NULL_LOGGER):
logger.debug(f"Assigning rights {right_list} to the role {role_name}")
if not right_list:
logger.debug(f"Skipping assigning native rights to role {role_name}")
return
try:
test_org = Org(CLIENT, href=TEST_ORG_HREF)
role_resource = test_org.get_role_resource(role_name)
role = Role(CLIENT, resource=role_resource)
initial_right_set = set([r['name'] for r in role.list_rights()])
right_set = set(right_list)
initial_right_set.update(right_set)
role.add_rights(list(initial_right_set), test_org)
except Exception as e:
logger.warning(f"Failed to assign native rights "
f"{right_list} to role {role_name}: {e} ")
def clone(ctx, original_role_name, new_role_name, org_name, description):
try:
restore_session(ctx)
client = ctx.obj['client']
if org_name is not None:
org_href = client.get_org_by_name(org_name).get('href')
else:
org_href = ctx.obj['profiles'].get('org_href')
org = Org(client, href=org_href)
role_resource = org.get_role_resource(original_role_name)
# get original role description
if description is None:
description = to_dict(role_resource)['Description']
# get original role rights
role = Role(client, resource=role_resource)
raw_rights = role.list_rights() # list of dicts: {'name': 'right'}
rights = [right_dict['name'] for right_dict in raw_rights]
role = org.create_role(new_role_name, description, rights)
stdout(to_dict(role, exclude=['Link', 'RightReferences']), ctx)
except Exception as e:
stderr(e, ctx)
class Roles(VcdAnsibleModule):
def __init__(self, **kwargs):
super(Roles, self).__init__(**kwargs)
self.org = Org(self.client, resource=self.client.get_org())
def manage_states(self):
state = self.params.get('state')
if state == 'present':
return self.create()
if state == 'absent':
return self.delete()
if state == 'update':
return self.update()
def manage_operations(self):
operation = self.params.get('operation')
if operation == "list_rights":
return self.list_rights()
if operation == "list_roles":
return self.list_roles()
def create(self):
role_name = self.params.get('role_name')
role_description = self.params.get('role_description')
role_rights = self.params.get('role_rights')
response = dict()
response['changed'] = False
try:
self.org.get_role_record(role_name)
except EntityNotFoundException:
self.org.create_role(role_name, role_description, role_rights)
response['msg'] = 'Role {} has been created.'.format(role_name)
response['changed'] = True
else:
response['warnings'] = 'Role {} is already present.'.format(
role_name)
return response
def update(self):
role_name = self.params.get('role_name')
role_description = self.params.get('role_description')
role_rights = self.params.get('role_rights')
response = dict()
response['changed'] = False
role = self.org.get_role_record(role_name)
role_resource = self.org.get_role_resource(role_name)
role_resource.Description = E.Description(role_description)
role_rights = tuple() if role_rights is None else role_rights
for role_right in tuple(role_rights):
role_right_record = self.org.get_right_record(role_right)
role_resource.RightReferences.append(
E.RightReference(name=role_right_record.get('name'),
href=role_right_record.get('href'),
type=EntityType.RIGHT.value))
self.client.put_resource(role.get('href'), role_resource,
EntityType.ROLE.value)
response['msg'] = 'Role {} has been updated.'.format(role_name)
response['changed'] = True
return response
def delete(self):
role_name = self.params.get('role_name')
response = dict()
response['changed'] = False
try:
self.org.get_role_record(role_name)
self.org.delete_role(role_name)
response['msg'] = 'Role {} has been deleted.'.format(role_name)
response['changed'] = True
except EntityNotFoundException:
response['warnings'] = 'Role {} is not present.'.format(role_name)
return response
def list_rights(self):
response = dict()
response['changed'] = False
response['msg'] = self.org.list_rights_of_org()
return response
def list_roles(self):
response = dict()
response['changed'] = False
response['msg'] = self.org.list_roles()
return response
