def assign_role_to_group(lib_env, role_id, group_id):
"""
Assign role with id role_id to group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to group
group_id -- id of acl_group element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section, role_id, acl.find_group(acl_section, group_id),
)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section, role_id, acl.find_target(acl_section, target_id),
)
def test_success_target(self):
target = self.cib.tree.find(".//acl_target[@id='target1']")
lib.assign_role(self.cib.tree, "role1", target)
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
"configuration", """
<acls>
<acl_role id="role1"/>
<acl_role id="role2"/>
<acl_target id="target1">
<role id="role2"/>
<role id="role1"/>
</acl_target>
<acl_group id="group1"/>
</acls>
"""))
def assign_role_to_group(lib_env, role_id, group_id):
"""
Assign role with id role_id to group with id group_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to group
group_id -- id of acl_group element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section,
role_id,
acl.find_group(acl_section, group_id),
)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section,
role_id,
acl.find_target(acl_section, target_id),
)
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(acl.find_target(cib, target_id),
acl.find_role(cib, role_id))
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def _assign_roles_to_element(cib, element, role_id_list):
"""
Assign roles from role_id_list to element.
Raises LibraryError on any failure.
cib -- cib etree node
element -- element to which specified roles should be assigned
role_id_list -- list of role id
"""
report_list = []
for role_id in role_id_list:
try:
acl.assign_role(element, acl.find_role(cib, role_id))
except acl.AclError as e:
report_list.append(acl.acl_error_to_report_item(e))
if report_list:
raise LibraryError(*report_list)
def assign_role_not_specific(lib_env, role_id, target_or_group_id):
"""
Assign role wth id role_id to target or group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnviroment
role_id -- id of role which should be assigne to target/group
target_or_group_id -- id of target/group element
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section,
role_id,
acl.find_target_or_group(acl_section, target_or_group_id),
)
def assign_role_not_specific(lib_env, role_id, target_or_group_id):
"""
Assign role with id role_id to target or group with id target_or_group_id.
Target element has bigger priority so if there are target and group with
the same id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnviroment
role_id -- id of role which should be assigned to target/group
target_or_group_id -- id of target/group element
"""
with cib_acl_section(lib_env) as acl_section:
acl.assign_role(
acl_section,
role_id,
acl.find_target_or_group(acl_section, target_or_group_id),
)
def _assign_roles_to_element(cib, element, role_id_list):
"""
Assign roles from role_id_list to element.
Raises LibraryError on any failure.
cib -- cib etree node
element -- element to which specified roles should be assigned
role_id_list -- list of role id
"""
report_list = []
for role_id in role_id_list:
try:
acl.assign_role(element, acl.find_role(cib, role_id))
except acl.AclError as e:
report_list.append(acl.acl_error_to_report_item(e))
if report_list:
raise LibraryError(*report_list)
def test_success_target(self):
target = self.cib.tree.find(".//acl_target[@id='target1']")
lib.assign_role(self.cib.tree, "role1", target)
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
"configuration",
"""
<acls>
<acl_role id="role1"/>
<acl_role id="role2"/>
<acl_target id="target1">
<role id="role2"/>
<role id="role1"/>
</acl_target>
<acl_group id="group1"/>
</acls>
"""
))
def assign_role_to_target(lib_env, role_id, target_id):
"""
Assign role with id role_id to target with id target_id.
Raises LibraryError on any failure.
lib_env -- LibraryEnvironment
role_id -- id of acl_role element which should be assigned to target
target_id -- id of acl_target element to which role should be assigned
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(
acl.find_target(cib, target_id), acl.find_role(cib, role_id)
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_role_already_assigned(self):
target = self.cib.tree.find(".//acl_target[@id='target1']")
assert_raise_library_error(
lambda: lib.assign_role(self.cib.tree, "role2", target),
(severities.ERROR,
report_codes.CIB_ACL_ROLE_IS_ALREADY_ASSIGNED_TO_TARGET, {
"role_id": "role2",
"target_id": "target1",
}))
def assign_role_not_specific(lib_env, role_id, target_or_group_id):
"""
Assign role wth id role_id to target or group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnviroment
role_id -- id of role which should be assigne to target/group
target_or_group_id -- id of target/group element
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(_get_target_or_group(cib, target_or_group_id),
acl.find_role(cib, role_id))
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_sucess_group(self):
group = self.cib.tree.find(".//acl_group[@id='{0}']".format("group1"))
role = self.cib.tree.find(".//acl_role[@id='{0}']".format("role1"))
lib.assign_role(group, role)
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
"configuration",
"""
<acls>
<acl_role id="role1"/>
<acl_role id="role2"/>
<acl_target id="target1">
<role id="role2"/>
</acl_target>
<acl_group id="group1">
<role id="role1"/>
</acl_group>
</acls>
"""
))
def assign_role_not_specific(lib_env, role_id, target_or_group_id):
"""
Assign role wth id role_id to target or group with id target_or_group_id.
Target element has bigger pririty so if there are target and group with same
id only target element will be affected by this function.
Raises LibraryError on any failure.
lib_env -- LibraryEnviroment
role_id -- id of role which should be assigne to target/group
target_or_group_id -- id of target/group element
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
try:
acl.assign_role(
_get_target_or_group(cib, target_or_group_id),
acl.find_role(cib, role_id)
)
except acl.AclError as e:
raise LibraryError(acl.acl_error_to_report_item(e))
lib_env.push_cib(cib)
def test_role_already_assigned(self):
target = self.cib.tree.find(".//acl_target[@id='target1']")
assert_raise_library_error(
lambda: lib.assign_role(self.cib.tree, "role2", target),
(
severities.ERROR,
report_codes.CIB_ACL_ROLE_IS_ALREADY_ASSIGNED_TO_TARGET,
{
"role_id": "role2",
"target_id": "target1",
}
)
)
