x
/
ranger
Code Issues Proposed changes

Added support for update group 

Change-Id: Ib43895a0e46c340caddb124f78499f110a19d04f
This commit is contained in:
Chi Lo 2019-05-30 10:03:14 -07:00
parent 0eb5de0fca
commit 7ad8645fc9
5 changed files with 138 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
orm/services/customer_manager/cms_rest/controllers/v1/orm/group/root.py
View File

@ -91,21 +91,26 @@ class GroupController(rest.RestController):
@wsexpose(GroupResultWrapper, str, body=Group, rest_content_types='json',
status_code=200)
def put(self, group_id, group):
def put(self, group_uuid, group):
LOG.info("GroupController - UpdateGroup: " + str(group))
authentication.authorize(request, 'groups:update')
try:
group_logic = GroupLogic()
result = group_logic.update_group(group,
group_id,
group_uuid,
request.transaction_id)
response.status = 200
LOG.info(
"GroupController - UpdateGroup finished well: " + str(group))
event_details = 'Group {} {} updated in regions: {}, ' \
'with users: {}'.format(group_uuid,
group.name,
[r.name for r in group.regions],
[u.id for u in group.users])
utils.audit_trail('update group', request.transaction_id,
request.headers, group_id,
event_details='')
request.headers, group_uuid,
event_details=event_details)
except ErrorStatus as exception:
LOG.log_exception("Failed in UpdateGroup", exception)
@ -154,18 +159,18 @@ class GroupController(rest.RestController):
error_details=exception.message)
@wsexpose(None, str, rest_content_types='json', status_code=204)
def delete(self, group_id):
def delete(self, group_uuid):
authentication.authorize(request, 'groups:delete')
group_logic = GroupLogic()
try:
LOG.info("GroupController - DeleteGroup: uuid is " + group_id)
group_logic.delete_group_by_uuid(group_id)
LOG.info("GroupController - DeleteGroup: uuid is " + group_uuid)
group_logic.delete_group_by_uuid(group_uuid)
LOG.info("GroupController - DeleteGroup finished well")
event_details = 'Group {} deleted'.format(group_id)
event_details = 'Group {} deleted'.format(group_uuid)
utils.audit_trail('delete group', request.transaction_id,
request.headers, group_id,
request.headers, group_uuid,
event_details=event_details)
except ErrorStatus as exception:

36
orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py
View File

@ -125,8 +125,35 @@ class Groups(Base, CMSBaseModel):
regions = [group_region.to_wsme() for group_region in
self.group_regions if group_region.region_id != -1]
roles = [group_role.get_role_name() for group_role in
self.groups_roles]
# Create a dict using customer uuid as key
unique_customer_roles = {}
for customer in self.groups_customer_roles:
if customer.customer.uuid in unique_customer_roles:
unique_customer_roles[customer.customer.uuid].append(
customer.groups_role.role.name)
else:
unique_customer_roles[customer.customer.uuid] = [
customer.groups_role.role.name]
# Create a dict using domain name key
unique_domain_roles = {}
for domain in self.groups_domain_roles:
if domain.domain_name in unique_domain_roles:
unique_domain_roles[domain.domain_name].append(
domain.groups_role.role.name)
else:
unique_domain_roles[domain.domain_name] = [
domain.groups_role.role.name]
# Set up output using customer and domain dict
roles = []
for customer_uuid, customer_roles in unique_customer_roles.items():
roles.append(
GroupWsmeModels.RoleAssignment(roles=customer_roles,
customer=customer_uuid))
for domain_name, domain_roles in unique_domain_roles.items():
roles.append(GroupWsmeModels.RoleAssignment(roles=domain_roles,
domain=domain_name))
users = []
unique_domain = {}
@ -145,7 +172,7 @@ class Groups(Base, CMSBaseModel):
name=name,
uuid=uuid,
regions=regions,
roles=sorted(roles),
roles=roles,
users=users,
enabled=enabled,
domain=domain_name)
@ -271,9 +298,6 @@ class GroupsRole(Base, CMSBaseModel):
"group_id": self.group_id
}
def get_role_name(self):
return self.role.name
'''
' GroupsCustomerRole is a DataObject and contains all the fields defined in

134
orm/services/customer_manager/cms_rest/logic/group_logic.py
View File

@ -36,18 +36,18 @@ class GroupLogic(object):
raise ErrorStatus(400, "Group Name can not be blank.")
sql_group = datamanager.add_group(group, uuid)
sql_group_id = sql_group.uuid
datamanager.add_group_region(sql_group.uuid, -1)
# add any region along with the users assigned to it to the group
self.add_regions_to_db(group.regions, sql_group.uuid, datamanager)
# add group default users
self.add_default_user_db(datamanager, group.users, [], sql_group_id)
self.add_default_user_db(datamanager, group.users, [], sql_group.uuid)
# add default user(s) to all regions where group is assigned to
self.add_default_users_to_regions_db(datamanager, sql_group, group.users)
self.add_roles_to_db(group.roles, sql_group.uuid, datamanager)
return sql_group
def add_region_users_to_db(self, datamanager, group_uuid, region_id):
@ -131,6 +131,45 @@ class GroupLogic(object):
datamanager.add_groups_user(group_uuid, sql_user.id,
region_id, domain_value)
def add_roles_to_db(self, role_assignments, group_uuid, datamanager,
region=None):
if not role_assignments:
return
[assignment.validate_model() for assignment in role_assignments]
region_record = datamanager.get_record('groups_region')
# If region is not specified, then get all the regions already
# associated with the group for role assginement; otherwise,
# just assign roles for the passed in region only.
if region is None:
groups_regions = region_record.get_regions_for_group(group_uuid)
else:
groups_regions = [region_record.get_region_by_keys(group_uuid,
region)]
for role_assignment in role_assignments:
for role in role_assignment.roles:
role_id = datamanager.get_role_id_by_name(role)
for group_region in groups_regions:
region_id = group_region.region_id
if role_assignment.domain:
datamanager.add_groups_role_on_domain(
group_uuid,
role_id,
region_id,
role_assignment.domain)
elif role_assignment.customer:
customer_id = datamanager.get_customer_id_by_uuid(
role_assignment.customer)
datamanager.add_groups_role_on_customer(
group_uuid,
role_id,
region_id,
customer_id)
datamanager.flush()
def assign_roles(self,
group_uuid,
role_assignments,
@ -139,43 +178,10 @@ class GroupLogic(object):
datamanager = DataManager()
try:
[assignment.validate_model() for assignment in role_assignments]
self.add_roles_to_db(
role_assignments, group_uuid, datamanager, region)
group_record = datamanager.get_record('group')
region_record = datamanager.get_record('groups_region')
# If region is not specified, then get all the regions already
# associated with the group for role assginement; otherwise,
# just assign roles for the passed in region only.
if region is None:
groups_regions = region_record.get_regions_for_group(
group_uuid)
else:
groups_regions = [region_record.get_region_by_keys(
group_uuid, region)]
for role_assignment in role_assignments:
for role in role_assignment.roles:
role_id = datamanager.get_role_id_by_name(role)
for group_region in groups_regions:
region_id = group_region.region_id
if role_assignment.domain:
datamanager.add_groups_role_on_domain(
group_uuid,
role_id,
region_id,
role_assignment.domain)
elif role_assignment.customer:
customer_id = datamanager.get_customer_id_by_uuid(
role_assignment.customer)
datamanager.add_groups_role_on_customer(
group_uuid,
role_id,
region_id,
customer_id)
datamanager.flush()
group = group_record.read_group_by_uuid(group_uuid)
group_dict = group.get_proxy_dict()
@ -537,6 +543,26 @@ class GroupLogic(object):
return group_result_wrapper
def resolve_regions_actions(self, old_regions_dict, new_regions_dict):
for region in new_regions_dict:
old_region = next(
(r for r in old_regions_dict if r["name"] == region["name"]),
None)
if old_region:
region["action"] = "modify"
else:
region["action"] = "create"
for region in old_regions_dict:
new_region = next(
(r for r in new_regions_dict if r["name"] == region["name"]),
None)
if not new_region:
region["action"] = "delete"
new_regions_dict.append(region)
return new_regions_dict
def update_group(self, group, group_uuid, transaction_id):
datamanager = DataManager()
try:
@ -549,24 +575,33 @@ class GroupLogic(object):
if not sql_group:
raise ErrorStatus(
404, 'group {0} was not found'.format(group_uuid))
# old_group_dict = sql_group.get_proxy_dict()
group_record.delete_by_primary_key(group_id)
datamanager.flush()
sql_group = self.build_full_group(group, group_uuid,
sql_group = self.build_full_group(group,
group_uuid,
datamanager)
# new_group_dict = sql_group.get_proxy_dict()
# new_group_dict["regions"] = self.resolve_regions_actions(
# old_group_dict["regions"],
# new_group_dict["regions"])
datamanager.flush()
# if not len(new_group_dict['regions']) == 0:
# RdsProxy.send_group_dict(
# new_group_dict, transaction_id, "PUT")
group_result_wrapper = build_response(group_uuid,
transaction_id,
'update_group')
datamanager.flush()
datamanager.commit()
return group_result_wrapper
except Exception as exp:
LOG.log_exception("GroupLogic - Failed to CreateGroup", exp)
LOG.log_exception("GroupLogic - Failed to UpdateGroup", exp)
datamanager.rollback()
raise
@ -768,19 +803,24 @@ class GroupLogic(object):
unique_customer = {}
for customer in sql_customers_roles:
if customer.customer.uuid in unique_customer:
unique_customer[customer.customer.uuid].append(customer.groups_role.role.name)
unique_customer[customer.customer.uuid].append(
customer.groups_role.role.name)
else:
unique_customer[customer.customer.uuid] = [customer.groups_role.role.name]
unique_customer[customer.customer.uuid] = [
customer.groups_role.role.name]
for customer, role_list in unique_customer.items():
role_result.append(RoleResult(roles=role_list, customer=customer))
role_result.append(
RoleResult(roles=role_list, customer=customer))
unique_domain = {}
for domain in sql_domains_roles:
if domain.domain_name in unique_domain:
unique_domain[domain.domain_name].append(domain.groups_role.role.name)
unique_domain[domain.domain_name].append(
domain.groups_role.role.name)
else:
unique_domain[domain.domain_name] = [domain.groups_role.role.name]
unique_domain[domain.domain_name] = [
domain.groups_role.role.name]
for domain, role_list in unique_domain.items():
role_result.append(RoleResult(roles=role_list, domain=domain))

11
orm/services/customer_manager/cms_rest/model/GroupModels.py
View File

@ -12,9 +12,11 @@ class RoleAssignment(Model):
customer = wsme.wsattr(wsme.types.text, mandatory=False)
domain = wsme.wsattr(wsme.types.text, mandatory=False)
def __init__(self, domain="", customer="", roles=[]):
self.domain = domain
self.customer = customer
def __init__(self, domain=None, customer=None, roles=[]):
if domain is not None:
self.domain = domain
if customer is not None:
self.customer = customer
self.roles = roles
def validate_model(self):
@ -29,7 +31,6 @@ class RoleAssignment(Model):
class User(Model):
# id = wsme.wsattr(wsme.types.text, mandatory=True)
id = wsme.wsattr([str])
domain = wsme.wsattr(wsme.types.text, mandatory=True)
@ -91,7 +92,7 @@ class Group(Model):
enabled = wsme.wsattr(bool, mandatory=True)
regions = wsme.wsattr([Region], mandatory=False)
users = wsme.wsattr([User], mandatory=False)
roles = wsme.wsattr([str], mandatory=False)
roles = wsme.wsattr([RoleAssignment], mandatory=False)
def __init__(self, description="", name="", enabled=False, roles=[],
regions=[], users=[], status="", domain='default', uuid=None):

2
orm/services/resource_distributor/rds/services/yaml_group_builder.py
View File

@ -83,7 +83,7 @@ def yamlbuilder(alldata, region):
resources["resources"][template_name] = {
'type': 'OS::Keystone::GroupRoleAssignment\n',
'properties': {
'group': "%s" % group_name,
'group': "{get_resource: %s}" % group_name,
'group_domain': "%s" % jsondata['domain_name'],
'roles': roles
}