def fix_opset(db, name, contents):
""" Update a single opset.
Creates the opset name if it doesn't exist, and then syncs the
operations/permissions in `contents` to the Cerebrum database.
"""
logger.debug('Checking opset %s' % name)
co = Factory.get('Constants')(db)
baos = BofhdAuthOpSet(db)
baos.clear()
try:
baos.find_by_name(name)
except Errors.NotFoundError:
baos.populate(name)
baos.write_db()
logger.info('OpSet %s unknown, created it', name)
current_operations = dict([(int(row['op_code']), int(row['op_id']))
for row in baos.list_operations()])
for k in contents.keys():
op_code = co.AuthRoleOp(k)
try:
int(op_code)
except Errors.NotFoundError:
logger.error("Operation %s not defined" % k)
continue
current_op_id = current_operations.get(int(op_code), None)
if current_op_id is None:
current_op_id = baos.add_operation(op_code)
logger.info('OpSet %s got new operation %s', name, k)
else:
# already there
del current_operations[int(op_code)]
current_attrs = [
row['attr'] for row in baos.list_operation_attrs(current_op_id)
]
for a in contents[k].get('attrs', []):
if a not in current_attrs:
baos.add_op_attrs(current_op_id, a)
logger.info("Add attr for %s:%s: %s", name, k, a)
else:
current_attrs.remove(a)
for a in current_attrs:
baos.del_op_attrs(current_op_id, a)
logger.info("Remove attr for %s:%s: %s", name, k, a)
for op in current_operations:
# TBD: In theory this should be op_id, should
# the DB have a unique constraint?
baos.del_operation(op, current_operations[op])
logger.info('OpSet %s had unwanted operation %s, removed it', name,
co.AuthRoleOp(op))
baos.write_db()
def fix_opset(db, name, contents):
""" Update a single opset.
Creates the opset name if it doesn't exist, and then syncs the
operations/permissions in `contents` to the Cerebrum database.
"""
logger.debug('Checking opset %s' % name)
co = Factory.get('Constants')(db)
baos = BofhdAuthOpSet(db)
baos.clear()
try:
baos.find_by_name(name)
except Errors.NotFoundError:
baos.populate(name)
baos.write_db()
logger.info('OpSet %s unknown, created it', name)
current_operations = dict([(int(row['op_code']), int(row['op_id']))
for row in baos.list_operations()])
for k in contents.keys():
op_code = co.AuthRoleOp(k)
try:
int(op_code)
except Errors.NotFoundError:
logger.error("Operation %s not defined" % k)
continue
current_op_id = current_operations.get(int(op_code), None)
if current_op_id is None:
current_op_id = baos.add_operation(op_code)
logger.info('OpSet %s got new operation %s', name, k)
else:
# already there
del current_operations[int(op_code)]
current_attrs = [row['attr'] for row in
baos.list_operation_attrs(current_op_id)]
for a in contents[k].get('attrs', []):
if a not in current_attrs:
baos.add_op_attrs(current_op_id, a)
logger.info("Add attr for %s:%s: %s", name, k, a)
else:
current_attrs.remove(a)
for a in current_attrs:
baos.del_op_attrs(current_op_id, a)
logger.info("Remove attr for %s:%s: %s", name, k, a)
for op in current_operations:
# TBD: In theory this should be op_id, should
# the DB have a unique constraint?
baos.del_operation(op, current_operations[op])
logger.info('OpSet %s had unwanted operation %s, removed it',
name, co.AuthRoleOp(op))
baos.write_db()
def fix_opset(name, contents):
"""Fix an operation set by giving it the operations defined in operation_sets,
and removing other operations that shouldn't be there. If the opset doesn't
exist, it is first created."""
logger.debug('Checking opset %s' % name)
baos = BofhdAuthOpSet(db)
baos.clear()
try:
baos.find_by_name(name)
except Errors.NotFoundError:
baos.populate(name)
baos.write_db()
logger.info('OpSet %s unknown, created it', name)
current_operations = dict([(int(row['op_code']), int(row['op_id']))
for row in baos.list_operations()])
for k in contents.keys():
op_code = co.AuthRoleOp(k)
try:
int(op_code)
except Errors.NotFoundError:
logger.error("Operation %s not defined" % k)
continue
current_op_id = current_operations.get(int(op_code), None)
if current_op_id is None:
current_op_id = baos.add_operation(op_code)
logger.info('OpSet %s got new operation %s', name, k)
else:
# already there
del current_operations[int(op_code)]
current_attrs = [row['attr']
for row in baos.list_operation_attrs(current_op_id)]
for a in contents[k].get('attrs', []):
if a not in current_attrs:
baos.add_op_attrs(current_op_id, a)
logger.info("Add attr for %s:%s: %s", name, k, a)
else:
current_attrs.remove(a)
for a in current_attrs:
baos.del_op_attrs(current_op_id, a)
logger.info("Remove attr for %s:%s: %s", name, k, a)
for op in current_operations:
#TBD: In theory this should be op_id, should
# the DB have a unique constraint?
baos.del_operation(op, current_operations[op])
logger.info('OpSet %s had unwanted operation %s, removed it',
name, co.AuthRoleOp(op))
baos.write_db()
