insights-api-common 3.5.0 → 3.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7c6702af3cef107f81d349b3995a33cb1fb29b1384bfa9c76ea18e997e9c418
-  data.tar.gz: 42a9b71481b07c97bbb8d327c98b21d9008786e5ebd8886cfc88dc498ec34f98
+  metadata.gz: 4403934725fa19d242e7ff6b13e2a527d3bd900b9313f78d1d796fff8e6505ba
+  data.tar.gz: 619b1d292841e9f43423acf51875c6ef44772966138bdf853a914738b9ddd2ad
 SHA512:
-  metadata.gz: 327d4de25378b3fc553af5989d8e922f07a8085dc9f0f73793154648bd93312144f10ccbe7c0b3ed9544febc14d3643c9e2dbd0a873abf085576299c71af7138
-  data.tar.gz: 3b79d627f4848aa40010e341fd77c3a828b2ca0d23c624f31a01fe6359cbdf6b46b0a1b96600da80df07a6518862102437e84fa1bde389b17ecb0525f2f933e5
+  metadata.gz: efd17459f9aa21d14764f007e1dd037f3fe3880ac26c27c0b57c9d78a366e17fef334f544e8620545417928e70e680a736af8e5811ea4151cc46210ace82805d
+  data.tar.gz: e152265a66258e585d625ea5cd32ff86b602af983dabaa44e0535ee9dbb55799b311ca6a3b43e605d32d5e9f9a6c9efd0e2157c514e94448c5e1d6a72c0eac46

data/lib/insights/api/common/rbac/seed.rb

@@ -12,9 +12,14 @@ module Insights
 
           def process
             Insights::API::Common::Request.with_request(@request) do
-              create_groups
-              create_roles
-              create_policies
+              begin
+                create_groups
+                create_roles
+                add_roles_to_groups
+              rescue RBACApiClient::ApiError => e
+                Rails.logger.error("Exception when RBACApiClient::ApiError : #{e}")
+                raise
+              end
             end
           end
 
@@ -24,20 +29,14 @@ module Insights
             current = current_groups
             names = current.collect(&:name)
             group = RBACApiClient::Group.new
-            begin
-              Service.call(RBACApiClient::GroupApi) do |api_instance|
-                @acl_data['groups'].each do |grp|
-                  next if names.include?(grp['name'])
-
-                  Rails.logger.info("Creating #{grp['name']}")
-                  group.name = grp['name']
-                  group.description = grp['description']
-                  api_instance.create_group(group)
-                end
+            Service.call(RBACApiClient::GroupApi) do |api_instance|
+              @acl_data['groups'].each do |grp|
+                next if names.include?(grp['name'])
+
+                group.name = grp['name']
+                group.description = grp['description']
+                api_instance.create_group(group)
               end
-            rescue RBACApiClient::ApiError => e
-              Rails.logger.error("Exception when calling GroupApi->create_group: #{e}")
-              raise
             end
           end
 
@@ -51,25 +50,20 @@ module Insights
             current = current_roles
             names = current.collect(&:name)
             role_in = RBACApiClient::RoleIn.new
-            begin
-              Service.call(RBACApiClient::RoleApi) do |api_instance|
-                @acl_data['roles'].each do |role|
-                  next if names.include?(role['name'])
-
-                  role_in.name = role['name']
-                  role_in.access = []
-                  role['access'].each do |obj|
-                    access = RBACApiClient::Access.new
-                    access.permission = obj['permission']
-                    access.resource_definitions = create_rds(obj)
-                    role_in.access << access
-                  end
-                  api_instance.create_roles(role_in)
+            Service.call(RBACApiClient::RoleApi) do |api_instance|
+              @acl_data['roles'].each do |role|
+                next if names.include?(role['name'])
+
+                role_in.name = role['name']
+                role_in.access = []
+                role['access'].each do |obj|
+                  access = RBACApiClient::Access.new
+                  access.permission = obj['permission']
+                  access.resource_definitions = create_rds(obj)
+                  role_in.access << access
                 end
+                api_instance.create_roles(role_in)
               end
-            rescue RBACApiClient::ApiError => e
-              Rails.logger.error("Exception when calling RoleApi->create_roles: #{e}")
-              raise
             end
           end
 
@@ -85,38 +79,35 @@ module Insights
             end
           end
 
+          def add_new_role_to_group(api_instance, group_uuid, role_uuid)
+            role_in = RBACApiClient::GroupRoleIn.new
+            role_in.roles = [role_uuid]
+            api_instance.add_role_to_group(group_uuid, role_in)
+          end
+
+          def role_exists_in_group?(api_instance, group_uuid, role_uuid)
+            api_instance.list_roles_for_group(group_uuid).any? do |role|
+              role.uuid == role_uuid
+            end
+          end
+
           def current_roles
             Service.call(RBACApiClient::RoleApi) do |api|
               Service.paginate(api, :list_roles, {}).to_a
             end
           end
 
-          def create_policies
-            names = current_policies.collect(&:name)
+          def add_roles_to_groups
             groups = current_groups
             roles = current_roles
-            policy_in = RBACApiClient::PolicyIn.new
-            begin
-              Service.call(RBACApiClient::PolicyApi) do |api_instance|
-                @acl_data['policies'].each do |policy|
-                  next if names.include?(policy['name'])
-
-                  policy_in.name = policy['name']
-                  policy_in.description = policy['description']
-                  policy_in.group = find_uuid('Group', groups, policy['group']['name'])
-                  policy_in.roles = [find_uuid('Role', roles, policy['role']['name'])]
-                  api_instance.create_policies(policy_in)
-                end
-              end
-            rescue RBACApiClient::ApiError => e
-              Rails.logger.error("Exception when calling PolicyApi->create_policies: #{e}")
-              raise
-            end
-          end
+            Service.call(RBACApiClient::GroupApi) do |api_instance|
+              @acl_data['policies'].each do |link|
+                group_uuid = find_uuid('Group', groups, link['group']['name'])
+                role_uuid = find_uuid('Role', roles, link['role']['name'])
+                next if role_exists_in_group?(api_instance, group_uuid, role_uuid)
 
-          def current_policies
-            Service.call(RBACApiClient::PolicyApi) do |api|
-              Service.paginate(api, :list_policies, {}).to_a
+                add_new_role_to_group(api_instance, group_uuid, role_uuid)
+              end
             end
           end
 

data/lib/insights/api/common/rbac/service.rb

@@ -4,12 +4,18 @@ module Insights
       module RBAC
         require 'rbac-api-client'
 
+        class NetworkError  < StandardError; end
+        class TimedOutError < StandardError; end
+
         class Service
           def self.call(klass)
             setup
             yield init(klass)
           rescue RBACApiClient::ApiError => err
-            Rails.logger.error("RBACApiClient::ApiError #{err.message} ")
+            raise TimedOutError.new('Connection timed out') if err.code.nil?
+            raise NetworkError.new(err.message) if err.code.zero?
+
+            Rails.logger.error("#{err.class}: #{err.message} ")
             raise
           end
 
@@ -30,6 +36,10 @@ module Insights
                   fetched += result.data.count
                   break if count == fetched || result.data.empty?
                 end
+              rescue RBACApiClient::ApiError => err
+                raise TimedOutError.new('Connection timed out') if err.code.nil?
+                raise NetworkError.new(err.message) if err.code.zero?
+                raise
               rescue StandardError => e
                 Rails.logger.error("Exception when calling pagination on #{method} #{e}")
                 raise

data/lib/insights/api/common/rbac/validate_groups.rb

@@ -0,0 +1,24 @@
+module Insights
+  module API
+    module Common
+      module RBAC
+        class ValidateGroups
+          def initialize(group_uuids)
+            @group_uuids = group_uuids
+          end
+
+          def process
+            return unless Insights::API::Common::RBAC::Access.enabled?
+
+            Service.call(RBACApiClient::GroupApi) do |api|
+              uuids = SortedSet.new
+              Service.paginate(api, :list_groups, {}).each { |group| uuids << group.uuid }
+              missing = @group_uuids - uuids
+              raise Insights::API::Common::InvalidParameter, "The following group uuids are missing #{missing.to_a.join(",")}" unless missing.empty?
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/version.rb

@@ -1,7 +1,7 @@
 module Insights
   module API
     module Common
-      VERSION = "3.5.0".freeze
+      VERSION = "3.6.0".freeze
     end
   end
 end

data/spec/support/rbac_seed_context.rb

@@ -0,0 +1,17 @@
+RSpec.shared_context "rbac_seed_objects" do
+  let(:app_name) { 'catalog' }
+  let(:resource) { "portfolios" }
+  let(:group1) { instance_double(RBACApiClient::GroupOut, :name => 'Test Group', :uuid => "123") }
+  let(:role1) { instance_double(RBACApiClient::RoleOut, :name => "Test Role", :uuid => "67899") }
+  let(:role1_in) { RBACApiClient::GroupRoleIn.new }
+
+  let(:role1_detail) { instance_double(RBACApiClient::RoleWithAccess, :name => role1.name, :uuid => role1.uuid, :access => [access1]) }
+  let(:groups) { [group1] }
+  let(:roles) { [role1] }
+  let(:filter1) { instance_double(RBACApiClient::ResourceDefinitionFilter, :key => 'id', :operation => 'equal', :value => "99") }
+  let(:resource_def1) { instance_double(RBACApiClient::ResourceDefinition, :attribute_filter => filter1) }
+  let(:access1) { instance_double(RBACApiClient::Access, :permission => "#{app_name}:#{resource}:read", :resource_definitions => [resource_def1]) }
+  let(:group_uuids) { [group1.uuid] }
+  let(:api_instance) { double }
+  let(:rs_class) { class_double("Insights::API::Common::RBAC::Service").as_stubbed_const(:transfer_nested_constants => true) }
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: insights-api-common
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.6.0
 platform: ruby
 authors:
 - Insights Authors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-25 00:00:00.000000000 Z
+date: 2020-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acts_as_tenant
@@ -365,6 +365,7 @@ files:
 - lib/insights/api/common/rbac/seed.rb
 - lib/insights/api/common/rbac/service.rb
 - lib/insights/api/common/rbac/utilities.rb
+- lib/insights/api/common/rbac/validate_groups.rb
 - lib/insights/api/common/request.rb
 - lib/insights/api/common/routing.rb
 - lib/insights/api/common/status.rb
@@ -374,6 +375,7 @@ files:
 - lib/insights/api/common/version.rb
 - lib/tasks/insights/api/common_tasks.rake
 - spec/support/default_as_json.rb
+- spec/support/rbac_seed_context.rb
 - spec/support/rbac_shared_contexts.rb
 - spec/support/requests_spec_helper.rb
 - spec/support/service_spec_helper.rb