insights-api-common 3.5.0 → 3.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f7c6702af3cef107f81d349b3995a33cb1fb29b1384bfa9c76ea18e997e9c418
4
- data.tar.gz: 42a9b71481b07c97bbb8d327c98b21d9008786e5ebd8886cfc88dc498ec34f98
3
+ metadata.gz: 4403934725fa19d242e7ff6b13e2a527d3bd900b9313f78d1d796fff8e6505ba
4
+ data.tar.gz: 619b1d292841e9f43423acf51875c6ef44772966138bdf853a914738b9ddd2ad
5
5
  SHA512:
6
- metadata.gz: 327d4de25378b3fc553af5989d8e922f07a8085dc9f0f73793154648bd93312144f10ccbe7c0b3ed9544febc14d3643c9e2dbd0a873abf085576299c71af7138
7
- data.tar.gz: 3b79d627f4848aa40010e341fd77c3a828b2ca0d23c624f31a01fe6359cbdf6b46b0a1b96600da80df07a6518862102437e84fa1bde389b17ecb0525f2f933e5
6
+ metadata.gz: efd17459f9aa21d14764f007e1dd037f3fe3880ac26c27c0b57c9d78a366e17fef334f544e8620545417928e70e680a736af8e5811ea4151cc46210ace82805d
7
+ data.tar.gz: e152265a66258e585d625ea5cd32ff86b602af983dabaa44e0535ee9dbb55799b311ca6a3b43e605d32d5e9f9a6c9efd0e2157c514e94448c5e1d6a72c0eac46
@@ -12,9 +12,14 @@ module Insights
12
12
 
13
13
  def process
14
14
  Insights::API::Common::Request.with_request(@request) do
15
- create_groups
16
- create_roles
17
- create_policies
15
+ begin
16
+ create_groups
17
+ create_roles
18
+ add_roles_to_groups
19
+ rescue RBACApiClient::ApiError => e
20
+ Rails.logger.error("Exception when RBACApiClient::ApiError : #{e}")
21
+ raise
22
+ end
18
23
  end
19
24
  end
20
25
 
@@ -24,20 +29,14 @@ module Insights
24
29
  current = current_groups
25
30
  names = current.collect(&:name)
26
31
  group = RBACApiClient::Group.new
27
- begin
28
- Service.call(RBACApiClient::GroupApi) do |api_instance|
29
- @acl_data['groups'].each do |grp|
30
- next if names.include?(grp['name'])
31
-
32
- Rails.logger.info("Creating #{grp['name']}")
33
- group.name = grp['name']
34
- group.description = grp['description']
35
- api_instance.create_group(group)
36
- end
32
+ Service.call(RBACApiClient::GroupApi) do |api_instance|
33
+ @acl_data['groups'].each do |grp|
34
+ next if names.include?(grp['name'])
35
+
36
+ group.name = grp['name']
37
+ group.description = grp['description']
38
+ api_instance.create_group(group)
37
39
  end
38
- rescue RBACApiClient::ApiError => e
39
- Rails.logger.error("Exception when calling GroupApi->create_group: #{e}")
40
- raise
41
40
  end
42
41
  end
43
42
 
@@ -51,25 +50,20 @@ module Insights
51
50
  current = current_roles
52
51
  names = current.collect(&:name)
53
52
  role_in = RBACApiClient::RoleIn.new
54
- begin
55
- Service.call(RBACApiClient::RoleApi) do |api_instance|
56
- @acl_data['roles'].each do |role|
57
- next if names.include?(role['name'])
58
-
59
- role_in.name = role['name']
60
- role_in.access = []
61
- role['access'].each do |obj|
62
- access = RBACApiClient::Access.new
63
- access.permission = obj['permission']
64
- access.resource_definitions = create_rds(obj)
65
- role_in.access << access
66
- end
67
- api_instance.create_roles(role_in)
53
+ Service.call(RBACApiClient::RoleApi) do |api_instance|
54
+ @acl_data['roles'].each do |role|
55
+ next if names.include?(role['name'])
56
+
57
+ role_in.name = role['name']
58
+ role_in.access = []
59
+ role['access'].each do |obj|
60
+ access = RBACApiClient::Access.new
61
+ access.permission = obj['permission']
62
+ access.resource_definitions = create_rds(obj)
63
+ role_in.access << access
68
64
  end
65
+ api_instance.create_roles(role_in)
69
66
  end
70
- rescue RBACApiClient::ApiError => e
71
- Rails.logger.error("Exception when calling RoleApi->create_roles: #{e}")
72
- raise
73
67
  end
74
68
  end
75
69
 
@@ -85,38 +79,35 @@ module Insights
85
79
  end
86
80
  end
87
81
 
82
+ def add_new_role_to_group(api_instance, group_uuid, role_uuid)
83
+ role_in = RBACApiClient::GroupRoleIn.new
84
+ role_in.roles = [role_uuid]
85
+ api_instance.add_role_to_group(group_uuid, role_in)
86
+ end
87
+
88
+ def role_exists_in_group?(api_instance, group_uuid, role_uuid)
89
+ api_instance.list_roles_for_group(group_uuid).any? do |role|
90
+ role.uuid == role_uuid
91
+ end
92
+ end
93
+
88
94
  def current_roles
89
95
  Service.call(RBACApiClient::RoleApi) do |api|
90
96
  Service.paginate(api, :list_roles, {}).to_a
91
97
  end
92
98
  end
93
99
 
94
- def create_policies
95
- names = current_policies.collect(&:name)
100
+ def add_roles_to_groups
96
101
  groups = current_groups
97
102
  roles = current_roles
98
- policy_in = RBACApiClient::PolicyIn.new
99
- begin
100
- Service.call(RBACApiClient::PolicyApi) do |api_instance|
101
- @acl_data['policies'].each do |policy|
102
- next if names.include?(policy['name'])
103
-
104
- policy_in.name = policy['name']
105
- policy_in.description = policy['description']
106
- policy_in.group = find_uuid('Group', groups, policy['group']['name'])
107
- policy_in.roles = [find_uuid('Role', roles, policy['role']['name'])]
108
- api_instance.create_policies(policy_in)
109
- end
110
- end
111
- rescue RBACApiClient::ApiError => e
112
- Rails.logger.error("Exception when calling PolicyApi->create_policies: #{e}")
113
- raise
114
- end
115
- end
103
+ Service.call(RBACApiClient::GroupApi) do |api_instance|
104
+ @acl_data['policies'].each do |link|
105
+ group_uuid = find_uuid('Group', groups, link['group']['name'])
106
+ role_uuid = find_uuid('Role', roles, link['role']['name'])
107
+ next if role_exists_in_group?(api_instance, group_uuid, role_uuid)
116
108
 
117
- def current_policies
118
- Service.call(RBACApiClient::PolicyApi) do |api|
119
- Service.paginate(api, :list_policies, {}).to_a
109
+ add_new_role_to_group(api_instance, group_uuid, role_uuid)
110
+ end
120
111
  end
121
112
  end
122
113
 
@@ -4,12 +4,18 @@ module Insights
4
4
  module RBAC
5
5
  require 'rbac-api-client'
6
6
 
7
+ class NetworkError < StandardError; end
8
+ class TimedOutError < StandardError; end
9
+
7
10
  class Service
8
11
  def self.call(klass)
9
12
  setup
10
13
  yield init(klass)
11
14
  rescue RBACApiClient::ApiError => err
12
- Rails.logger.error("RBACApiClient::ApiError #{err.message} ")
15
+ raise TimedOutError.new('Connection timed out') if err.code.nil?
16
+ raise NetworkError.new(err.message) if err.code.zero?
17
+
18
+ Rails.logger.error("#{err.class}: #{err.message} ")
13
19
  raise
14
20
  end
15
21
 
@@ -30,6 +36,10 @@ module Insights
30
36
  fetched += result.data.count
31
37
  break if count == fetched || result.data.empty?
32
38
  end
39
+ rescue RBACApiClient::ApiError => err
40
+ raise TimedOutError.new('Connection timed out') if err.code.nil?
41
+ raise NetworkError.new(err.message) if err.code.zero?
42
+ raise
33
43
  rescue StandardError => e
34
44
  Rails.logger.error("Exception when calling pagination on #{method} #{e}")
35
45
  raise
@@ -0,0 +1,24 @@
1
+ module Insights
2
+ module API
3
+ module Common
4
+ module RBAC
5
+ class ValidateGroups
6
+ def initialize(group_uuids)
7
+ @group_uuids = group_uuids
8
+ end
9
+
10
+ def process
11
+ return unless Insights::API::Common::RBAC::Access.enabled?
12
+
13
+ Service.call(RBACApiClient::GroupApi) do |api|
14
+ uuids = SortedSet.new
15
+ Service.paginate(api, :list_groups, {}).each { |group| uuids << group.uuid }
16
+ missing = @group_uuids - uuids
17
+ raise Insights::API::Common::InvalidParameter, "The following group uuids are missing #{missing.to_a.join(",")}" unless missing.empty?
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -1,7 +1,7 @@
1
1
  module Insights
2
2
  module API
3
3
  module Common
4
- VERSION = "3.5.0".freeze
4
+ VERSION = "3.6.0".freeze
5
5
  end
6
6
  end
7
7
  end
@@ -0,0 +1,17 @@
1
+ RSpec.shared_context "rbac_seed_objects" do
2
+ let(:app_name) { 'catalog' }
3
+ let(:resource) { "portfolios" }
4
+ let(:group1) { instance_double(RBACApiClient::GroupOut, :name => 'Test Group', :uuid => "123") }
5
+ let(:role1) { instance_double(RBACApiClient::RoleOut, :name => "Test Role", :uuid => "67899") }
6
+ let(:role1_in) { RBACApiClient::GroupRoleIn.new }
7
+
8
+ let(:role1_detail) { instance_double(RBACApiClient::RoleWithAccess, :name => role1.name, :uuid => role1.uuid, :access => [access1]) }
9
+ let(:groups) { [group1] }
10
+ let(:roles) { [role1] }
11
+ let(:filter1) { instance_double(RBACApiClient::ResourceDefinitionFilter, :key => 'id', :operation => 'equal', :value => "99") }
12
+ let(:resource_def1) { instance_double(RBACApiClient::ResourceDefinition, :attribute_filter => filter1) }
13
+ let(:access1) { instance_double(RBACApiClient::Access, :permission => "#{app_name}:#{resource}:read", :resource_definitions => [resource_def1]) }
14
+ let(:group_uuids) { [group1.uuid] }
15
+ let(:api_instance) { double }
16
+ let(:rs_class) { class_double("Insights::API::Common::RBAC::Service").as_stubbed_const(:transfer_nested_constants => true) }
17
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: insights-api-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.5.0
4
+ version: 3.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Insights Authors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-25 00:00:00.000000000 Z
11
+ date: 2020-02-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: acts_as_tenant
@@ -365,6 +365,7 @@ files:
365
365
  - lib/insights/api/common/rbac/seed.rb
366
366
  - lib/insights/api/common/rbac/service.rb
367
367
  - lib/insights/api/common/rbac/utilities.rb
368
+ - lib/insights/api/common/rbac/validate_groups.rb
368
369
  - lib/insights/api/common/request.rb
369
370
  - lib/insights/api/common/routing.rb
370
371
  - lib/insights/api/common/status.rb
@@ -374,6 +375,7 @@ files:
374
375
  - lib/insights/api/common/version.rb
375
376
  - lib/tasks/insights/api/common_tasks.rake
376
377
  - spec/support/default_as_json.rb
378
+ - spec/support/rbac_seed_context.rb
377
379
  - spec/support/rbac_shared_contexts.rb
378
380
  - spec/support/requests_spec_helper.rb
379
381
  - spec/support/service_spec_helper.rb