-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat Gluster Storage
A.6. Python SDK Example: Permissions
getRoles
def getRoles(): """ Return list of all roles """ return [role.get_name() for role in API.roles.list()]
getRolePermissions
def getRolePermissions(roleName): """ Return permissions of role """ role = API.roles.get(roleName) return [perm.get_name() for perm in role.get_permits().list()]
getSuperUserPermissions
def getSuperUserPermissions(): """ Return SuperUser permissions(all possible permissions) """ return getRolePermissions('SuperUser')
addRoleToUser
def addRoleToUser(roleName, userName=config.USER_NAME, domainName=config.USER_DOMAIN): """ Add system permissions to user. Parameters: * roleName - role permissions to add * userName - name of user who will be added permissions * domainName - domain of user """ LOGGER.info("Adding role '%s' to user '%s'" % (roleName, userName)) user = getUser(userName, domainName) if user is None: return user.roles.add(API.roles.get(roleName)) assert user.roles.get(roleName) is not None
removeAllRolesFromUser
def removeAllRolesFromUser(userName=config.USER_NAME, domainName=config.USER_DOMAIN): """ Removes all permissions from user. Parameters: * userName - name of user * domainName - domain of user """ LOGGER.info("Removing all roles from user %s" % userName) user = getUser(userName, domainName) if user is None: return for role in user.roles.list(): LOGGER.info("Removing " + role.get_name()) role.delete() assert len(user.roles.list()) == 0, "Unable to remove roles from user '%s'" % user.get_name()
removeRoleFromUser
def removeRoleFromUser(roleName, userName=config.USER_NAME, domainName=config.USER_DOMAIN): """ Remove role(System permissions) from user. Parameters: * roleName - name of role * userName - name of user * domainName - domain of user """ LOGGER.info("Removing role %s to user %s" % (roleName, userName)) user = getUser(userName, domainName) if user is None: return role = user.roles.get(roleName) role.delete() role = user.roles.get(roleName) assert role is None, "Unable to remove role '%s'" % roleName
givePermissionsToGroup
def givePermissionsToGroup(templateName, roleName='UserTemplateBasedVm', group="Everyone"): """ Give permission to group. Parameters: * templateName - name of template to add group perms * roleName - name of role which perms to be added * group - On which group should be perms added """ template = getObjectByName(API.templates, templateName) r = API.roles.get(roleName) g = API.groups.get(group) g.permissions.add(params.Permission(role=r, template=template)) LOGGER.info("Adding permissions on template '%s' role '%s' for group '%s'.", template.get_name(), roleName, group)
givePermissionToObject
def givePermissionToObject(rhsc_object, roleName, userName=config.USER_NAME, domainName=config.USER_DOMAIN, user_object=None, role_object=None): """ Add role permission to user on object. Parameters: * rhsc_object - object to add role permissions on * roleName - Role permissions to be added * userName - user who should be added permissions * domainName - domain of user * user_object - temporaly, because uf bug 869334 * role_object - temporaly, because uf bug 869334 """ # FIXME: rhsc_object can be one of: # [API.clusters, API.datacenters, API.disks, API.groups, API.hosts, # API.storagedomains, API.templates, API.vms, API.vmpools] try: user = getUser(userName, domainName) if user is None: return except errors.RequestError as e: # User cant access /users url. Bug 869334. Workaround user = user_object try: role = API.roles.get(roleName) except errors.RequestError as e: # User cant access /roles url. Bug 869334. Workaround role = role_object if rhsc_object is None or user is None or role is None: LOGGER.warning("Unable to add permissions on 'None' object") returnremoving the first digit from a line permissionParam = params.Permission(user=user, role=role) try: rhsc_object.permissions.add(permissionParam) except AttributeError as e: # Bz 869334 - after BZ ok, could be removed pass msg = "Added permission on '%s' with role '%s' for user '%s'" LOGGER.info(msg % (type(rhsc_object).__name__, roleName, user.get_name()))
givePermissionToCluster
def removeAllPermissionFromCluster(clusterName): cluster = getObjectByName(API.clusters, clusterName) removeAllPermissionFromObject(cluster)
removeAllPermissionFromObject
def removeAllPermissionFromObject(rhsc_object): """ Removes all permissions from object Parameters: * rhsc_object - object from which permissions should be removed """ LOGGER.info("Removing all permissions from object '%s'" % type(rhsc_object).__name__) if rhsc_object is None: LOGGER.info("Tying to remove perms from object that dont exists") return permissions = rhsc_object.permissions.list() for perm in permissions: perm.delete()
removeAllPermissionFromCluster
def removeAllPermissionFromCluster(clusterName): cluster = getObjectByName(API.clusters, clusterName) removeAllPermissionFromObject(cluster)
22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug