insights-api-common 3.5.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4403934725fa19d242e7ff6b13e2a527d3bd900b9313f78d1d796fff8e6505ba
|
4
|
+
data.tar.gz: 619b1d292841e9f43423acf51875c6ef44772966138bdf853a914738b9ddd2ad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: efd17459f9aa21d14764f007e1dd037f3fe3880ac26c27c0b57c9d78a366e17fef334f544e8620545417928e70e680a736af8e5811ea4151cc46210ace82805d
|
7
|
+
data.tar.gz: e152265a66258e585d625ea5cd32ff86b602af983dabaa44e0535ee9dbb55799b311ca6a3b43e605d32d5e9f9a6c9efd0e2157c514e94448c5e1d6a72c0eac46
|
@@ -12,9 +12,14 @@ module Insights
|
|
12
12
|
|
13
13
|
def process
|
14
14
|
Insights::API::Common::Request.with_request(@request) do
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
begin
|
16
|
+
create_groups
|
17
|
+
create_roles
|
18
|
+
add_roles_to_groups
|
19
|
+
rescue RBACApiClient::ApiError => e
|
20
|
+
Rails.logger.error("Exception when RBACApiClient::ApiError : #{e}")
|
21
|
+
raise
|
22
|
+
end
|
18
23
|
end
|
19
24
|
end
|
20
25
|
|
@@ -24,20 +29,14 @@ module Insights
|
|
24
29
|
current = current_groups
|
25
30
|
names = current.collect(&:name)
|
26
31
|
group = RBACApiClient::Group.new
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
group.description = grp['description']
|
35
|
-
api_instance.create_group(group)
|
36
|
-
end
|
32
|
+
Service.call(RBACApiClient::GroupApi) do |api_instance|
|
33
|
+
@acl_data['groups'].each do |grp|
|
34
|
+
next if names.include?(grp['name'])
|
35
|
+
|
36
|
+
group.name = grp['name']
|
37
|
+
group.description = grp['description']
|
38
|
+
api_instance.create_group(group)
|
37
39
|
end
|
38
|
-
rescue RBACApiClient::ApiError => e
|
39
|
-
Rails.logger.error("Exception when calling GroupApi->create_group: #{e}")
|
40
|
-
raise
|
41
40
|
end
|
42
41
|
end
|
43
42
|
|
@@ -51,25 +50,20 @@ module Insights
|
|
51
50
|
current = current_roles
|
52
51
|
names = current.collect(&:name)
|
53
52
|
role_in = RBACApiClient::RoleIn.new
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
role_in.access << access
|
66
|
-
end
|
67
|
-
api_instance.create_roles(role_in)
|
53
|
+
Service.call(RBACApiClient::RoleApi) do |api_instance|
|
54
|
+
@acl_data['roles'].each do |role|
|
55
|
+
next if names.include?(role['name'])
|
56
|
+
|
57
|
+
role_in.name = role['name']
|
58
|
+
role_in.access = []
|
59
|
+
role['access'].each do |obj|
|
60
|
+
access = RBACApiClient::Access.new
|
61
|
+
access.permission = obj['permission']
|
62
|
+
access.resource_definitions = create_rds(obj)
|
63
|
+
role_in.access << access
|
68
64
|
end
|
65
|
+
api_instance.create_roles(role_in)
|
69
66
|
end
|
70
|
-
rescue RBACApiClient::ApiError => e
|
71
|
-
Rails.logger.error("Exception when calling RoleApi->create_roles: #{e}")
|
72
|
-
raise
|
73
67
|
end
|
74
68
|
end
|
75
69
|
|
@@ -85,38 +79,35 @@ module Insights
|
|
85
79
|
end
|
86
80
|
end
|
87
81
|
|
82
|
+
def add_new_role_to_group(api_instance, group_uuid, role_uuid)
|
83
|
+
role_in = RBACApiClient::GroupRoleIn.new
|
84
|
+
role_in.roles = [role_uuid]
|
85
|
+
api_instance.add_role_to_group(group_uuid, role_in)
|
86
|
+
end
|
87
|
+
|
88
|
+
def role_exists_in_group?(api_instance, group_uuid, role_uuid)
|
89
|
+
api_instance.list_roles_for_group(group_uuid).any? do |role|
|
90
|
+
role.uuid == role_uuid
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
88
94
|
def current_roles
|
89
95
|
Service.call(RBACApiClient::RoleApi) do |api|
|
90
96
|
Service.paginate(api, :list_roles, {}).to_a
|
91
97
|
end
|
92
98
|
end
|
93
99
|
|
94
|
-
def
|
95
|
-
names = current_policies.collect(&:name)
|
100
|
+
def add_roles_to_groups
|
96
101
|
groups = current_groups
|
97
102
|
roles = current_roles
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
policy_in.name = policy['name']
|
105
|
-
policy_in.description = policy['description']
|
106
|
-
policy_in.group = find_uuid('Group', groups, policy['group']['name'])
|
107
|
-
policy_in.roles = [find_uuid('Role', roles, policy['role']['name'])]
|
108
|
-
api_instance.create_policies(policy_in)
|
109
|
-
end
|
110
|
-
end
|
111
|
-
rescue RBACApiClient::ApiError => e
|
112
|
-
Rails.logger.error("Exception when calling PolicyApi->create_policies: #{e}")
|
113
|
-
raise
|
114
|
-
end
|
115
|
-
end
|
103
|
+
Service.call(RBACApiClient::GroupApi) do |api_instance|
|
104
|
+
@acl_data['policies'].each do |link|
|
105
|
+
group_uuid = find_uuid('Group', groups, link['group']['name'])
|
106
|
+
role_uuid = find_uuid('Role', roles, link['role']['name'])
|
107
|
+
next if role_exists_in_group?(api_instance, group_uuid, role_uuid)
|
116
108
|
|
117
|
-
|
118
|
-
|
119
|
-
Service.paginate(api, :list_policies, {}).to_a
|
109
|
+
add_new_role_to_group(api_instance, group_uuid, role_uuid)
|
110
|
+
end
|
120
111
|
end
|
121
112
|
end
|
122
113
|
|
@@ -4,12 +4,18 @@ module Insights
|
|
4
4
|
module RBAC
|
5
5
|
require 'rbac-api-client'
|
6
6
|
|
7
|
+
class NetworkError < StandardError; end
|
8
|
+
class TimedOutError < StandardError; end
|
9
|
+
|
7
10
|
class Service
|
8
11
|
def self.call(klass)
|
9
12
|
setup
|
10
13
|
yield init(klass)
|
11
14
|
rescue RBACApiClient::ApiError => err
|
12
|
-
|
15
|
+
raise TimedOutError.new('Connection timed out') if err.code.nil?
|
16
|
+
raise NetworkError.new(err.message) if err.code.zero?
|
17
|
+
|
18
|
+
Rails.logger.error("#{err.class}: #{err.message} ")
|
13
19
|
raise
|
14
20
|
end
|
15
21
|
|
@@ -30,6 +36,10 @@ module Insights
|
|
30
36
|
fetched += result.data.count
|
31
37
|
break if count == fetched || result.data.empty?
|
32
38
|
end
|
39
|
+
rescue RBACApiClient::ApiError => err
|
40
|
+
raise TimedOutError.new('Connection timed out') if err.code.nil?
|
41
|
+
raise NetworkError.new(err.message) if err.code.zero?
|
42
|
+
raise
|
33
43
|
rescue StandardError => e
|
34
44
|
Rails.logger.error("Exception when calling pagination on #{method} #{e}")
|
35
45
|
raise
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Insights
|
2
|
+
module API
|
3
|
+
module Common
|
4
|
+
module RBAC
|
5
|
+
class ValidateGroups
|
6
|
+
def initialize(group_uuids)
|
7
|
+
@group_uuids = group_uuids
|
8
|
+
end
|
9
|
+
|
10
|
+
def process
|
11
|
+
return unless Insights::API::Common::RBAC::Access.enabled?
|
12
|
+
|
13
|
+
Service.call(RBACApiClient::GroupApi) do |api|
|
14
|
+
uuids = SortedSet.new
|
15
|
+
Service.paginate(api, :list_groups, {}).each { |group| uuids << group.uuid }
|
16
|
+
missing = @group_uuids - uuids
|
17
|
+
raise Insights::API::Common::InvalidParameter, "The following group uuids are missing #{missing.to_a.join(",")}" unless missing.empty?
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
RSpec.shared_context "rbac_seed_objects" do
|
2
|
+
let(:app_name) { 'catalog' }
|
3
|
+
let(:resource) { "portfolios" }
|
4
|
+
let(:group1) { instance_double(RBACApiClient::GroupOut, :name => 'Test Group', :uuid => "123") }
|
5
|
+
let(:role1) { instance_double(RBACApiClient::RoleOut, :name => "Test Role", :uuid => "67899") }
|
6
|
+
let(:role1_in) { RBACApiClient::GroupRoleIn.new }
|
7
|
+
|
8
|
+
let(:role1_detail) { instance_double(RBACApiClient::RoleWithAccess, :name => role1.name, :uuid => role1.uuid, :access => [access1]) }
|
9
|
+
let(:groups) { [group1] }
|
10
|
+
let(:roles) { [role1] }
|
11
|
+
let(:filter1) { instance_double(RBACApiClient::ResourceDefinitionFilter, :key => 'id', :operation => 'equal', :value => "99") }
|
12
|
+
let(:resource_def1) { instance_double(RBACApiClient::ResourceDefinition, :attribute_filter => filter1) }
|
13
|
+
let(:access1) { instance_double(RBACApiClient::Access, :permission => "#{app_name}:#{resource}:read", :resource_definitions => [resource_def1]) }
|
14
|
+
let(:group_uuids) { [group1.uuid] }
|
15
|
+
let(:api_instance) { double }
|
16
|
+
let(:rs_class) { class_double("Insights::API::Common::RBAC::Service").as_stubbed_const(:transfer_nested_constants => true) }
|
17
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: insights-api-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Insights Authors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-02-
|
11
|
+
date: 2020-02-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acts_as_tenant
|
@@ -365,6 +365,7 @@ files:
|
|
365
365
|
- lib/insights/api/common/rbac/seed.rb
|
366
366
|
- lib/insights/api/common/rbac/service.rb
|
367
367
|
- lib/insights/api/common/rbac/utilities.rb
|
368
|
+
- lib/insights/api/common/rbac/validate_groups.rb
|
368
369
|
- lib/insights/api/common/request.rb
|
369
370
|
- lib/insights/api/common/routing.rb
|
370
371
|
- lib/insights/api/common/status.rb
|
@@ -374,6 +375,7 @@ files:
|
|
374
375
|
- lib/insights/api/common/version.rb
|
375
376
|
- lib/tasks/insights/api/common_tasks.rake
|
376
377
|
- spec/support/default_as_json.rb
|
378
|
+
- spec/support/rbac_seed_context.rb
|
377
379
|
- spec/support/rbac_shared_contexts.rb
|
378
380
|
- spec/support/requests_spec_helper.rb
|
379
381
|
- spec/support/service_spec_helper.rb
|