insights-api-common 3.5.0 → 3.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f7c6702af3cef107f81d349b3995a33cb1fb29b1384bfa9c76ea18e997e9c418
4
- data.tar.gz: 42a9b71481b07c97bbb8d327c98b21d9008786e5ebd8886cfc88dc498ec34f98
3
+ metadata.gz: 4403934725fa19d242e7ff6b13e2a527d3bd900b9313f78d1d796fff8e6505ba
4
+ data.tar.gz: 619b1d292841e9f43423acf51875c6ef44772966138bdf853a914738b9ddd2ad
5
5
  SHA512:
6
- metadata.gz: 327d4de25378b3fc553af5989d8e922f07a8085dc9f0f73793154648bd93312144f10ccbe7c0b3ed9544febc14d3643c9e2dbd0a873abf085576299c71af7138
7
- data.tar.gz: 3b79d627f4848aa40010e341fd77c3a828b2ca0d23c624f31a01fe6359cbdf6b46b0a1b96600da80df07a6518862102437e84fa1bde389b17ecb0525f2f933e5
6
+ metadata.gz: efd17459f9aa21d14764f007e1dd037f3fe3880ac26c27c0b57c9d78a366e17fef334f544e8620545417928e70e680a736af8e5811ea4151cc46210ace82805d
7
+ data.tar.gz: e152265a66258e585d625ea5cd32ff86b602af983dabaa44e0535ee9dbb55799b311ca6a3b43e605d32d5e9f9a6c9efd0e2157c514e94448c5e1d6a72c0eac46
@@ -12,9 +12,14 @@ module Insights
12
12
 
13
13
  def process
14
14
  Insights::API::Common::Request.with_request(@request) do
15
- create_groups
16
- create_roles
17
- create_policies
15
+ begin
16
+ create_groups
17
+ create_roles
18
+ add_roles_to_groups
19
+ rescue RBACApiClient::ApiError => e
20
+ Rails.logger.error("Exception when RBACApiClient::ApiError : #{e}")
21
+ raise
22
+ end
18
23
  end
19
24
  end
20
25
 
@@ -24,20 +29,14 @@ module Insights
24
29
  current = current_groups
25
30
  names = current.collect(&:name)
26
31
  group = RBACApiClient::Group.new
27
- begin
28
- Service.call(RBACApiClient::GroupApi) do |api_instance|
29
- @acl_data['groups'].each do |grp|
30
- next if names.include?(grp['name'])
31
-
32
- Rails.logger.info("Creating #{grp['name']}")
33
- group.name = grp['name']
34
- group.description = grp['description']
35
- api_instance.create_group(group)
36
- end
32
+ Service.call(RBACApiClient::GroupApi) do |api_instance|
33
+ @acl_data['groups'].each do |grp|
34
+ next if names.include?(grp['name'])
35
+
36
+ group.name = grp['name']
37
+ group.description = grp['description']
38
+ api_instance.create_group(group)
37
39
  end
38
- rescue RBACApiClient::ApiError => e
39
- Rails.logger.error("Exception when calling GroupApi->create_group: #{e}")
40
- raise
41
40
  end
42
41
  end
43
42
 
@@ -51,25 +50,20 @@ module Insights
51
50
  current = current_roles
52
51
  names = current.collect(&:name)
53
52
  role_in = RBACApiClient::RoleIn.new
54
- begin
55
- Service.call(RBACApiClient::RoleApi) do |api_instance|
56
- @acl_data['roles'].each do |role|
57
- next if names.include?(role['name'])
58
-
59
- role_in.name = role['name']
60
- role_in.access = []
61
- role['access'].each do |obj|
62
- access = RBACApiClient::Access.new
63
- access.permission = obj['permission']
64
- access.resource_definitions = create_rds(obj)
65
- role_in.access << access
66
- end
67
- api_instance.create_roles(role_in)
53
+ Service.call(RBACApiClient::RoleApi) do |api_instance|
54
+ @acl_data['roles'].each do |role|
55
+ next if names.include?(role['name'])
56
+
57
+ role_in.name = role['name']
58
+ role_in.access = []
59
+ role['access'].each do |obj|
60
+ access = RBACApiClient::Access.new
61
+ access.permission = obj['permission']
62
+ access.resource_definitions = create_rds(obj)
63
+ role_in.access << access
68
64
  end
65
+ api_instance.create_roles(role_in)
69
66
  end
70
- rescue RBACApiClient::ApiError => e
71
- Rails.logger.error("Exception when calling RoleApi->create_roles: #{e}")
72
- raise
73
67
  end
74
68
  end
75
69
 
@@ -85,38 +79,35 @@ module Insights
85
79
  end
86
80
  end
87
81
 
82
+ def add_new_role_to_group(api_instance, group_uuid, role_uuid)
83
+ role_in = RBACApiClient::GroupRoleIn.new
84
+ role_in.roles = [role_uuid]
85
+ api_instance.add_role_to_group(group_uuid, role_in)
86
+ end
87
+
88
+ def role_exists_in_group?(api_instance, group_uuid, role_uuid)
89
+ api_instance.list_roles_for_group(group_uuid).any? do |role|
90
+ role.uuid == role_uuid
91
+ end
92
+ end
93
+
88
94
  def current_roles
89
95
  Service.call(RBACApiClient::RoleApi) do |api|
90
96
  Service.paginate(api, :list_roles, {}).to_a
91
97
  end
92
98
  end
93
99
 
94
- def create_policies
95
- names = current_policies.collect(&:name)
100
+ def add_roles_to_groups
96
101
  groups = current_groups
97
102
  roles = current_roles
98
- policy_in = RBACApiClient::PolicyIn.new
99
- begin
100
- Service.call(RBACApiClient::PolicyApi) do |api_instance|
101
- @acl_data['policies'].each do |policy|
102
- next if names.include?(policy['name'])
103
-
104
- policy_in.name = policy['name']
105
- policy_in.description = policy['description']
106
- policy_in.group = find_uuid('Group', groups, policy['group']['name'])
107
- policy_in.roles = [find_uuid('Role', roles, policy['role']['name'])]
108
- api_instance.create_policies(policy_in)
109
- end
110
- end
111
- rescue RBACApiClient::ApiError => e
112
- Rails.logger.error("Exception when calling PolicyApi->create_policies: #{e}")
113
- raise
114
- end
115
- end
103
+ Service.call(RBACApiClient::GroupApi) do |api_instance|
104
+ @acl_data['policies'].each do |link|
105
+ group_uuid = find_uuid('Group', groups, link['group']['name'])
106
+ role_uuid = find_uuid('Role', roles, link['role']['name'])
107
+ next if role_exists_in_group?(api_instance, group_uuid, role_uuid)
116
108
 
117
- def current_policies
118
- Service.call(RBACApiClient::PolicyApi) do |api|
119
- Service.paginate(api, :list_policies, {}).to_a
109
+ add_new_role_to_group(api_instance, group_uuid, role_uuid)
110
+ end
120
111
  end
121
112
  end
122
113
 
@@ -4,12 +4,18 @@ module Insights
4
4
  module RBAC
5
5
  require 'rbac-api-client'
6
6
 
7
+ class NetworkError < StandardError; end
8
+ class TimedOutError < StandardError; end
9
+
7
10
  class Service
8
11
  def self.call(klass)
9
12
  setup
10
13
  yield init(klass)
11
14
  rescue RBACApiClient::ApiError => err
12
- Rails.logger.error("RBACApiClient::ApiError #{err.message} ")
15
+ raise TimedOutError.new('Connection timed out') if err.code.nil?
16
+ raise NetworkError.new(err.message) if err.code.zero?
17
+
18
+ Rails.logger.error("#{err.class}: #{err.message} ")
13
19
  raise
14
20
  end
15
21
 
@@ -30,6 +36,10 @@ module Insights
30
36
  fetched += result.data.count
31
37
  break if count == fetched || result.data.empty?
32
38
  end
39
+ rescue RBACApiClient::ApiError => err
40
+ raise TimedOutError.new('Connection timed out') if err.code.nil?
41
+ raise NetworkError.new(err.message) if err.code.zero?
42
+ raise
33
43
  rescue StandardError => e
34
44
  Rails.logger.error("Exception when calling pagination on #{method} #{e}")
35
45
  raise
@@ -0,0 +1,24 @@
1
+ module Insights
2
+ module API
3
+ module Common
4
+ module RBAC
5
+ class ValidateGroups
6
+ def initialize(group_uuids)
7
+ @group_uuids = group_uuids
8
+ end
9
+
10
+ def process
11
+ return unless Insights::API::Common::RBAC::Access.enabled?
12
+
13
+ Service.call(RBACApiClient::GroupApi) do |api|
14
+ uuids = SortedSet.new
15
+ Service.paginate(api, :list_groups, {}).each { |group| uuids << group.uuid }
16
+ missing = @group_uuids - uuids
17
+ raise Insights::API::Common::InvalidParameter, "The following group uuids are missing #{missing.to_a.join(",")}" unless missing.empty?
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -1,7 +1,7 @@
1
1
  module Insights
2
2
  module API
3
3
  module Common
4
- VERSION = "3.5.0".freeze
4
+ VERSION = "3.6.0".freeze
5
5
  end
6
6
  end
7
7
  end
@@ -0,0 +1,17 @@
1
+ RSpec.shared_context "rbac_seed_objects" do
2
+ let(:app_name) { 'catalog' }
3
+ let(:resource) { "portfolios" }
4
+ let(:group1) { instance_double(RBACApiClient::GroupOut, :name => 'Test Group', :uuid => "123") }
5
+ let(:role1) { instance_double(RBACApiClient::RoleOut, :name => "Test Role", :uuid => "67899") }
6
+ let(:role1_in) { RBACApiClient::GroupRoleIn.new }
7
+
8
+ let(:role1_detail) { instance_double(RBACApiClient::RoleWithAccess, :name => role1.name, :uuid => role1.uuid, :access => [access1]) }
9
+ let(:groups) { [group1] }
10
+ let(:roles) { [role1] }
11
+ let(:filter1) { instance_double(RBACApiClient::ResourceDefinitionFilter, :key => 'id', :operation => 'equal', :value => "99") }
12
+ let(:resource_def1) { instance_double(RBACApiClient::ResourceDefinition, :attribute_filter => filter1) }
13
+ let(:access1) { instance_double(RBACApiClient::Access, :permission => "#{app_name}:#{resource}:read", :resource_definitions => [resource_def1]) }
14
+ let(:group_uuids) { [group1.uuid] }
15
+ let(:api_instance) { double }
16
+ let(:rs_class) { class_double("Insights::API::Common::RBAC::Service").as_stubbed_const(:transfer_nested_constants => true) }
17
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: insights-api-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.5.0
4
+ version: 3.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Insights Authors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-25 00:00:00.000000000 Z
11
+ date: 2020-02-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: acts_as_tenant
@@ -365,6 +365,7 @@ files:
365
365
  - lib/insights/api/common/rbac/seed.rb
366
366
  - lib/insights/api/common/rbac/service.rb
367
367
  - lib/insights/api/common/rbac/utilities.rb
368
+ - lib/insights/api/common/rbac/validate_groups.rb
368
369
  - lib/insights/api/common/request.rb
369
370
  - lib/insights/api/common/routing.rb
370
371
  - lib/insights/api/common/status.rb
@@ -374,6 +375,7 @@ files:
374
375
  - lib/insights/api/common/version.rb
375
376
  - lib/tasks/insights/api/common_tasks.rake
376
377
  - spec/support/default_as_json.rb
378
+ - spec/support/rbac_seed_context.rb
377
379
  - spec/support/rbac_shared_contexts.rb
378
380
  - spec/support/requests_spec_helper.rb
379
381
  - spec/support/service_spec_helper.rb