def test_create_for_new_role_id(self):
role_id = 'new-id'
lib.create_role(self.acls, role_id)
self.assert_cib_equal(self.create_cib().append_to_first_tag_name(
'configuration',
'<acls><acl_role id="{0}"/></acls>'.format(role_id)))
def test_create_for_new_role_id(self):
role_id = 'new-id'
lib.create_role(self.cib.tree, role_id)
self.assert_cib_equal(
self.create_cib().append_to_first_tag_name(
'configuration',
'<acls><acl_role id="{0}"/></acls>'.format(role_id)
)
)
def run_create_role(argv):
if len(argv) < 1:
raise utils.CmdLineInputError()
role_id = argv.pop(0)
description = ""
desc_key = 'description='
if argv and argv[0].startswith(desc_key) and len(argv[0]) > len(desc_key):
description = argv.pop(0)[len(desc_key):]
permission_info_list = argv_to_permission_info_list(argv)
cib = get_cib(get_cib_xml())
create_role(cib, role_id, description)
add_permissions_to_role(cib, role_id, permission_info_list)
replace_cib_configuration(cib)
def test_refuse_invalid_id(self):
assert_raise_library_error(
lambda: lib.create_role(self.cib.tree, '#invalid'),
(
severities.ERROR,
report_codes.INVALID_ID,
{'id': '#invalid'},
),
)
def test_refuse_existing_role_id(self):
role_id = 'role1'
self.fixture_add_role(role_id)
self.assert_raise_library_error(
lambda: lib.create_role(self.cib.tree, role_id),
(
severities.ERROR,
error_codes.ACL_ROLE_ALREADY_EXISTS,
{'id': role_id},
),
)
def test_refuse_existing_non_role_id(self):
self.cib.append_to_first_tag_name(
'nodes', '<node id="node-id" uname="node-hostname"/>')
assert_raise_library_error(
lambda: lib.create_role(self.cib.tree, 'node-id'),
(
severities.ERROR,
report_codes.ID_ALREADY_EXISTS,
{
'id': 'node-id'
},
),
)
def test_refuse_existing_non_role_id(self):
self.cib.append_to_first_tag_name(
'nodes',
'<node id="node-id" uname="node-hostname"/>'
)
assert_raise_library_error(
lambda: lib.create_role(self.cib.tree, 'node-id'),
(
severities.ERROR,
report_codes.ID_ALREADY_EXISTS,
{'id': 'node-id'},
),
)
def test_refuse_invalid_id(self):
assert_raise_library_error(
lambda: lib.create_role(self.cib.tree, "#invalid"),
(
severities.ERROR,
report_codes.INVALID_ID_BAD_CHAR,
{
"id": "#invalid",
"id_description": "ACL role",
"invalid_character": "#",
"is_first_char": True,
},
),
)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
with cib_acl_section(lib_env) as acl_section:
if permission_info_list:
acl.validate_permissions(acl_section, permission_info_list)
role_el = acl.create_role(acl_section, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
with cib_acl_section(lib_env) as acl_section:
if permission_info_list:
acl.validate_permissions(acl_section, permission_info_list)
role_el = acl.create_role(acl_section, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
if permission_info_list:
acl.validate_permissions(cib, permission_info_list)
role_el = acl.create_role(cib, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
lib_env.push_cib(cib)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
if permission_info_list:
acl.validate_permissions(cib, permission_info_list)
role_el = acl.create_role(cib, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
lib_env.push_cib(cib)
