x/ranger
Code Issues Proposed changes

Added support for update group

Browse Source 
Change-Id: Ib43895a0e46c340caddb124f78499f110a19d04f
This commit is contained in:
Chi Lo 2019-05-30 10:03:14 -07:00
parent 0eb5de0fca
commit 7ad8645fc9
5 changed files with 138 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
orm/services/customer_manager/cms_rest/controllers/v1/orm/group/root.py
View File

@ -91,21 +91,26 @@ class GroupController(rest.RestController):
@wsexpose(GroupResultWrapper, str, body=Group, rest_content_types='json', @wsexpose(GroupResultWrapper, str, body=Group, rest_content_types='json',
status_code=200) status_code=200)
def put(self, group_id, group): def put(self, group_uuid, group):
LOG.info("GroupController - UpdateGroup: " + str(group)) LOG.info("GroupController - UpdateGroup: " + str(group))
authentication.authorize(request, 'groups:update') authentication.authorize(request, 'groups:update')
try: try:
group_logic = GroupLogic() group_logic = GroupLogic()
result = group_logic.update_group(group, result = group_logic.update_group(group,
group_id, group_uuid,
request.transaction_id) request.transaction_id)
response.status = 200 response.status = 200
LOG.info( LOG.info(
"GroupController - UpdateGroup finished well: " + str(group)) "GroupController - UpdateGroup finished well: " + str(group))
event_details = 'Group {} {} updated in regions: {}, ' \
'with users: {}'.format(group_uuid,
group.name,
[r.name for r in group.regions],
[u.id for u in group.users])
utils.audit_trail('update group', request.transaction_id, utils.audit_trail('update group', request.transaction_id,
request.headers, group_id, request.headers, group_uuid,
event_details='') event_details=event_details)
except ErrorStatus as exception: except ErrorStatus as exception:
LOG.log_exception("Failed in UpdateGroup", exception) LOG.log_exception("Failed in UpdateGroup", exception)
@ -154,18 +159,18 @@ class GroupController(rest.RestController):
error_details=exception.message) error_details=exception.message)
@wsexpose(None, str, rest_content_types='json', status_code=204) @wsexpose(None, str, rest_content_types='json', status_code=204)
def delete(self, group_id): def delete(self, group_uuid):
authentication.authorize(request, 'groups:delete') authentication.authorize(request, 'groups:delete')
group_logic = GroupLogic() group_logic = GroupLogic()
try: try:
LOG.info("GroupController - DeleteGroup: uuid is " + group_id) LOG.info("GroupController - DeleteGroup: uuid is " + group_uuid)
group_logic.delete_group_by_uuid(group_id) group_logic.delete_group_by_uuid(group_uuid)
LOG.info("GroupController - DeleteGroup finished well") LOG.info("GroupController - DeleteGroup finished well")
event_details = 'Group {} deleted'.format(group_id) event_details = 'Group {} deleted'.format(group_uuid)
utils.audit_trail('delete group', request.transaction_id, utils.audit_trail('delete group', request.transaction_id,
request.headers, group_id, request.headers, group_uuid,
event_details=event_details) event_details=event_details)
except ErrorStatus as exception: except ErrorStatus as exception:

36
orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py
View File

@ -125,8 +125,35 @@ class Groups(Base, CMSBaseModel):
regions = [group_region.to_wsme() for group_region in regions = [group_region.to_wsme() for group_region in
self.group_regions if group_region.region_id != -1] self.group_regions if group_region.region_id != -1]
roles = [group_role.get_role_name() for group_role in # Create a dict using customer uuid as key
self.groups_roles] unique_customer_roles = {}
for customer in self.groups_customer_roles:
if customer.customer.uuid in unique_customer_roles:
unique_customer_roles[customer.customer.uuid].append(
customer.groups_role.role.name)
else:
unique_customer_roles[customer.customer.uuid] = [
customer.groups_role.role.name]
# Create a dict using domain name key
unique_domain_roles = {}
for domain in self.groups_domain_roles:
if domain.domain_name in unique_domain_roles:
unique_domain_roles[domain.domain_name].append(
domain.groups_role.role.name)
else:
unique_domain_roles[domain.domain_name] = [
domain.groups_role.role.name]
# Set up output using customer and domain dict
roles = []
for customer_uuid, customer_roles in unique_customer_roles.items():
roles.append(
GroupWsmeModels.RoleAssignment(roles=customer_roles,
customer=customer_uuid))
for domain_name, domain_roles in unique_domain_roles.items():
roles.append(GroupWsmeModels.RoleAssignment(roles=domain_roles,
domain=domain_name))
users = [] users = []
unique_domain = {} unique_domain = {}
@ -145,7 +172,7 @@ class Groups(Base, CMSBaseModel):
name=name, name=name,
uuid=uuid, uuid=uuid,
regions=regions, regions=regions,
roles=sorted(roles), roles=roles,
users=users, users=users,
enabled=enabled, enabled=enabled,
domain=domain_name) domain=domain_name)
@ -271,9 +298,6 @@ class GroupsRole(Base, CMSBaseModel):
"group_id": self.group_id "group_id": self.group_id
} }
def get_role_name(self):
return self.role.name
''' '''
' GroupsCustomerRole is a DataObject and contains all the fields defined in ' GroupsCustomerRole is a DataObject and contains all the fields defined in

134
orm/services/customer_manager/cms_rest/logic/group_logic.py
View File

@ -36,18 +36,18 @@ class GroupLogic(object):
raise ErrorStatus(400, "Group Name can not be blank.") raise ErrorStatus(400, "Group Name can not be blank.")
sql_group = datamanager.add_group(group, uuid) sql_group = datamanager.add_group(group, uuid)
sql_group_id = sql_group.uuid
datamanager.add_group_region(sql_group.uuid, -1) datamanager.add_group_region(sql_group.uuid, -1)
# add any region along with the users assigned to it to the group # add any region along with the users assigned to it to the group
self.add_regions_to_db(group.regions, sql_group.uuid, datamanager) self.add_regions_to_db(group.regions, sql_group.uuid, datamanager)
# add group default users # add group default users
self.add_default_user_db(datamanager, group.users, [], sql_group_id) self.add_default_user_db(datamanager, group.users, [], sql_group.uuid)
# add default user(s) to all regions where group is assigned to # add default user(s) to all regions where group is assigned to
self.add_default_users_to_regions_db(datamanager, sql_group, group.users) self.add_default_users_to_regions_db(datamanager, sql_group, group.users)
self.add_roles_to_db(group.roles, sql_group.uuid, datamanager)
return sql_group return sql_group
def add_region_users_to_db(self, datamanager, group_uuid, region_id): def add_region_users_to_db(self, datamanager, group_uuid, region_id):
@ -131,6 +131,45 @@ class GroupLogic(object):
datamanager.add_groups_user(group_uuid, sql_user.id, datamanager.add_groups_user(group_uuid, sql_user.id,
region_id, domain_value) region_id, domain_value)
def add_roles_to_db(self, role_assignments, group_uuid, datamanager,
region=None):
if not role_assignments:
return
[assignment.validate_model() for assignment in role_assignments]
region_record = datamanager.get_record('groups_region')
# If region is not specified, then get all the regions already
# associated with the group for role assginement; otherwise,
# just assign roles for the passed in region only.
if region is None:
groups_regions = region_record.get_regions_for_group(group_uuid)
else:
groups_regions = [region_record.get_region_by_keys(group_uuid,
region)]
for role_assignment in role_assignments:
for role in role_assignment.roles:
role_id = datamanager.get_role_id_by_name(role)
for group_region in groups_regions:
region_id = group_region.region_id
if role_assignment.domain:
datamanager.add_groups_role_on_domain(
group_uuid,
role_id,
region_id,
role_assignment.domain)
elif role_assignment.customer:
customer_id = datamanager.get_customer_id_by_uuid(
role_assignment.customer)
datamanager.add_groups_role_on_customer(
group_uuid,
role_id,
region_id,
customer_id)
datamanager.flush()
def assign_roles(self, def assign_roles(self,
group_uuid, group_uuid,
role_assignments, role_assignments,
@ -139,43 +178,10 @@ class GroupLogic(object):
datamanager = DataManager() datamanager = DataManager()
try: try:
[assignment.validate_model() for assignment in role_assignments] self.add_roles_to_db(
role_assignments, group_uuid, datamanager, region)
group_record = datamanager.get_record('group') group_record = datamanager.get_record('group')
region_record = datamanager.get_record('groups_region')
# If region is not specified, then get all the regions already
# associated with the group for role assginement; otherwise,
# just assign roles for the passed in region only.
if region is None:
groups_regions = region_record.get_regions_for_group(
group_uuid)
else:
groups_regions = [region_record.get_region_by_keys(
group_uuid, region)]
for role_assignment in role_assignments:
for role in role_assignment.roles:
role_id = datamanager.get_role_id_by_name(role)
for group_region in groups_regions:
region_id = group_region.region_id
if role_assignment.domain:
datamanager.add_groups_role_on_domain(
group_uuid,
role_id,
region_id,
role_assignment.domain)
elif role_assignment.customer:
customer_id = datamanager.get_customer_id_by_uuid(
role_assignment.customer)
datamanager.add_groups_role_on_customer(
group_uuid,
role_id,
region_id,
customer_id)
datamanager.flush()
group = group_record.read_group_by_uuid(group_uuid) group = group_record.read_group_by_uuid(group_uuid)
group_dict = group.get_proxy_dict() group_dict = group.get_proxy_dict()
@ -537,6 +543,26 @@ class GroupLogic(object):
return group_result_wrapper return group_result_wrapper
def resolve_regions_actions(self, old_regions_dict, new_regions_dict):
for region in new_regions_dict:
old_region = next(
(r for r in old_regions_dict if r["name"] == region["name"]),
None)
if old_region:
region["action"] = "modify"
else:
region["action"] = "create"
for region in old_regions_dict:
new_region = next(
(r for r in new_regions_dict if r["name"] == region["name"]),
None)
if not new_region:
region["action"] = "delete"
new_regions_dict.append(region)
return new_regions_dict
def update_group(self, group, group_uuid, transaction_id): def update_group(self, group, group_uuid, transaction_id):
datamanager = DataManager() datamanager = DataManager()
try: try:
@ -549,24 +575,33 @@ class GroupLogic(object):
if not sql_group: if not sql_group:
raise ErrorStatus( raise ErrorStatus(
404, 'group {0} was not found'.format(group_uuid)) 404, 'group {0} was not found'.format(group_uuid))
# old_group_dict = sql_group.get_proxy_dict() # old_group_dict = sql_group.get_proxy_dict()
group_record.delete_by_primary_key(group_id) group_record.delete_by_primary_key(group_id)
datamanager.flush() datamanager.flush()
sql_group = self.build_full_group(group, group_uuid, sql_group = self.build_full_group(group,
group_uuid,
datamanager) datamanager)
# new_group_dict = sql_group.get_proxy_dict() # new_group_dict = sql_group.get_proxy_dict()
# new_group_dict["regions"] = self.resolve_regions_actions(
# old_group_dict["regions"],
# new_group_dict["regions"])
datamanager.flush()
# if not len(new_group_dict['regions']) == 0:
# RdsProxy.send_group_dict(
# new_group_dict, transaction_id, "PUT")
group_result_wrapper = build_response(group_uuid, group_result_wrapper = build_response(group_uuid,
transaction_id, transaction_id,
'update_group') 'update_group')
datamanager.flush()
datamanager.commit() datamanager.commit()
return group_result_wrapper return group_result_wrapper
except Exception as exp: except Exception as exp:
LOG.log_exception("GroupLogic - Failed to CreateGroup", exp) LOG.log_exception("GroupLogic - Failed to UpdateGroup", exp)
datamanager.rollback() datamanager.rollback()
raise raise
@ -768,19 +803,24 @@ class GroupLogic(object):
unique_customer = {} unique_customer = {}
for customer in sql_customers_roles: for customer in sql_customers_roles:
if customer.customer.uuid in unique_customer: if customer.customer.uuid in unique_customer:
unique_customer[customer.customer.uuid].append(customer.groups_role.role.name) unique_customer[customer.customer.uuid].append(
customer.groups_role.role.name)
else: else:
unique_customer[customer.customer.uuid] = [customer.groups_role.role.name] unique_customer[customer.customer.uuid] = [
customer.groups_role.role.name]
for customer, role_list in unique_customer.items(): for customer, role_list in unique_customer.items():
role_result.append(RoleResult(roles=role_list, customer=customer)) role_result.append(
RoleResult(roles=role_list, customer=customer))
unique_domain = {} unique_domain = {}
for domain in sql_domains_roles: for domain in sql_domains_roles:
if domain.domain_name in unique_domain: if domain.domain_name in unique_domain:
unique_domain[domain.domain_name].append(domain.groups_role.role.name) unique_domain[domain.domain_name].append(
domain.groups_role.role.name)
else: else:
unique_domain[domain.domain_name] = [domain.groups_role.role.name] unique_domain[domain.domain_name] = [
domain.groups_role.role.name]
for domain, role_list in unique_domain.items(): for domain, role_list in unique_domain.items():
role_result.append(RoleResult(roles=role_list, domain=domain)) role_result.append(RoleResult(roles=role_list, domain=domain))

11
orm/services/customer_manager/cms_rest/model/GroupModels.py
View File

@ -12,9 +12,11 @@ class RoleAssignment(Model):
customer = wsme.wsattr(wsme.types.text, mandatory=False) customer = wsme.wsattr(wsme.types.text, mandatory=False)
domain = wsme.wsattr(wsme.types.text, mandatory=False) domain = wsme.wsattr(wsme.types.text, mandatory=False)
def __init__(self, domain="", customer="", roles=[]): def __init__(self, domain=None, customer=None, roles=[]):
self.domain = domain if domain is not None:
self.customer = customer self.domain = domain
if customer is not None:
self.customer = customer
self.roles = roles self.roles = roles
def validate_model(self): def validate_model(self):
@ -29,7 +31,6 @@ class RoleAssignment(Model):
class User(Model): class User(Model):
# id = wsme.wsattr(wsme.types.text, mandatory=True)
id = wsme.wsattr([str]) id = wsme.wsattr([str])
domain = wsme.wsattr(wsme.types.text, mandatory=True) domain = wsme.wsattr(wsme.types.text, mandatory=True)
@ -91,7 +92,7 @@ class Group(Model):
enabled = wsme.wsattr(bool, mandatory=True) enabled = wsme.wsattr(bool, mandatory=True)
regions = wsme.wsattr([Region], mandatory=False) regions = wsme.wsattr([Region], mandatory=False)
users = wsme.wsattr([User], mandatory=False) users = wsme.wsattr([User], mandatory=False)
roles = wsme.wsattr([str], mandatory=False) roles = wsme.wsattr([RoleAssignment], mandatory=False)
def __init__(self, description="", name="", enabled=False, roles=[], def __init__(self, description="", name="", enabled=False, roles=[],
regions=[], users=[], status="", domain='default', uuid=None): regions=[], users=[], status="", domain='default', uuid=None):

2
orm/services/resource_distributor/rds/services/yaml_group_builder.py
View File

@ -83,7 +83,7 @@ def yamlbuilder(alldata, region):
resources["resources"][template_name] = { resources["resources"][template_name] = {
'type': 'OS::Keystone::GroupRoleAssignment\n', 'type': 'OS::Keystone::GroupRoleAssignment\n',
'properties': { 'properties': {
'group': "%s" % group_name, 'group': "{get_resource: %s}" % group_name,
'group_domain': "%s" % jsondata['domain_name'], 'group_domain': "%s" % jsondata['domain_name'],
'roles': roles 'roles': roles
} }