morpheus-cli 6.1.0 → 6.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Dockerfile +1 -1
- data/lib/morpheus/api/api_client.rb +8 -0
- data/lib/morpheus/api/cypher_interface.rb +11 -5
- data/lib/morpheus/api/load_balancer_pool_nodes_interface.rb +8 -0
- data/lib/morpheus/api/load_balancer_pools_interface.rb +4 -4
- data/lib/morpheus/api/load_balancer_pools_secondary_interface.rb +9 -0
- data/lib/morpheus/api/roles_interface.rb +8 -8
- data/lib/morpheus/cli/commands/load_balancer_pool_nodes.rb +87 -0
- data/lib/morpheus/cli/commands/load_balancer_pools.rb +7 -4
- data/lib/morpheus/cli/commands/roles.rb +403 -586
- data/lib/morpheus/cli/commands/users.rb +46 -2
- data/lib/morpheus/cli/mixins/provisioning_helper.rb +6 -6
- data/lib/morpheus/cli/version.rb +1 -1
- metadata +5 -2
@@ -139,6 +139,9 @@ class Morpheus::Cli::Roles
|
|
139
139
|
opts.on('-a','--all', "Display All Access Lists") do
|
140
140
|
options[:include_all_access] = true
|
141
141
|
end
|
142
|
+
opts.on(nil, '--include-default-access', "Include default access levels in the output (returns all available resources)") do
|
143
|
+
options[:include_default_access] = true
|
144
|
+
end
|
142
145
|
opts.on('--account-id ID', String, "Clarify Owner of Role") do |val|
|
143
146
|
if has_complete_access
|
144
147
|
options[:account_id] = val.to_s
|
@@ -166,7 +169,7 @@ EOT
|
|
166
169
|
account_id = account ? account['id'] : nil
|
167
170
|
|
168
171
|
params.merge!(parse_query_options(options))
|
169
|
-
|
172
|
+
params['includeDefaultAccess'] = true if options[:include_default_access]
|
170
173
|
@roles_interface.setopts(options)
|
171
174
|
if options[:dry_run]
|
172
175
|
if args[0].to_s =~ /\A\d{1,}\Z/
|
@@ -181,13 +184,13 @@ EOT
|
|
181
184
|
json_response = nil
|
182
185
|
role = nil
|
183
186
|
if args[0].to_s =~ /\A\d{1,}\Z/
|
184
|
-
json_response = @roles_interface.get(account_id, args[0].to_i)
|
187
|
+
json_response = @roles_interface.get(account_id, args[0].to_i, params)
|
185
188
|
role = json_response['role']
|
186
189
|
else
|
187
190
|
role = find_role_by_name_or_id(account_id, args[0])
|
188
191
|
exit 1 if role.nil?
|
189
192
|
# refetch from show action, argh
|
190
|
-
json_response = @roles_interface.get(account_id, role['id'])
|
193
|
+
json_response = @roles_interface.get(account_id, role['id'], params)
|
191
194
|
role = json_response['role']
|
192
195
|
end
|
193
196
|
|
@@ -201,17 +204,20 @@ EOT
|
|
201
204
|
|
202
205
|
print_h2 "Permissions", options
|
203
206
|
print cyan
|
207
|
+
permissions = json_response['featurePermissions'] || role['permissions'] || []
|
204
208
|
if options[:include_feature_access] || options[:include_all_access]
|
205
|
-
rows =
|
209
|
+
rows = permissions.collect do |it|
|
206
210
|
{
|
207
211
|
code: it['code'],
|
208
212
|
name: it['name'],
|
209
|
-
|
213
|
+
category: it['subCategory'].to_s.titleize,
|
210
214
|
access: format_access_string(it['access']),
|
211
215
|
}
|
212
216
|
end
|
213
217
|
if options[:sort]
|
214
218
|
rows.sort! {|a,b| a[options[:sort]] <=> b[options[:sort]] }
|
219
|
+
else
|
220
|
+
rows.sort! {|a,b| [a[:category],a[:name],a[:code]] <=> [b[:category],b[:name],b[:code]] }
|
215
221
|
end
|
216
222
|
if options[:direction] == 'desc'
|
217
223
|
rows.reverse!
|
@@ -220,7 +226,7 @@ EOT
|
|
220
226
|
phrase_regexp = /#{Regexp.escape(options[:phrase])}/i
|
221
227
|
rows = rows.select {|row| row[:code].to_s =~ phrase_regexp || row[:name].to_s =~ phrase_regexp }
|
222
228
|
end
|
223
|
-
print as_pretty_table(rows, [:
|
229
|
+
print as_pretty_table(rows, [:category, :name, :code, :access], options)
|
224
230
|
# print reset,"\n"
|
225
231
|
else
|
226
232
|
print cyan,"Use --feature-access to list feature access","\n"
|
@@ -255,23 +261,20 @@ EOT
|
|
255
261
|
if has_group_access
|
256
262
|
#print_h2 "Group Access: #{get_access_string(json_response['globalSiteAccess'])}", options
|
257
263
|
print cyan
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
}
|
266
|
-
end
|
267
|
-
print as_pretty_table(rows, [:name, :access], options)
|
268
|
-
else
|
269
|
-
print cyan,"Use -g, --group-access to list custom access","\n"
|
264
|
+
print_h2 "Group Access", options
|
265
|
+
if options[:include_group_access] || options[:include_all_access]
|
266
|
+
rows = json_response['sites'].collect do |it|
|
267
|
+
{
|
268
|
+
name: it['name'],
|
269
|
+
access: format_access_string(it['access'], ["none","read","full"]),
|
270
|
+
}
|
270
271
|
end
|
271
|
-
|
272
|
+
if !options[:include_default_access]
|
273
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
274
|
+
end
|
275
|
+
print as_pretty_table(rows, [:name, :access], options)
|
272
276
|
else
|
273
|
-
|
274
|
-
# print cyan,bold,"Group Access: #{get_access_string(json_response['globalSiteAccess'])}",reset,"\n"
|
277
|
+
print cyan,"Use -g, --group-access to list custom access","\n"
|
275
278
|
end
|
276
279
|
end
|
277
280
|
|
@@ -279,15 +282,18 @@ EOT
|
|
279
282
|
print cyan
|
280
283
|
#puts "Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}"
|
281
284
|
#print "\n"
|
282
|
-
if json_response['sites'].find{|it|
|
285
|
+
if json_response['sites'].find{|it| it['access'] && it['access'] != 'default'}
|
283
286
|
print_h2 "Cloud Access", options
|
284
287
|
if options[:include_cloud_access] || options[:include_all_access]
|
285
|
-
rows = json_response['zones'].
|
288
|
+
rows = json_response['zones'].collect do |it|
|
286
289
|
{
|
287
290
|
name: it['name'],
|
288
291
|
access: format_access_string(it['access'], ["none","read","full"]),
|
289
292
|
}
|
290
293
|
end
|
294
|
+
if !options[:include_default_access]
|
295
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
296
|
+
end
|
291
297
|
print as_pretty_table(rows, [:name, :access], options)
|
292
298
|
else
|
293
299
|
print cyan,"Use -c, --cloud-access to list custom access","\n"
|
@@ -316,8 +322,11 @@ EOT
|
|
316
322
|
access: format_access_string(it['access'], ["none","read","full"]),
|
317
323
|
}
|
318
324
|
end
|
325
|
+
if !options[:include_default_access]
|
326
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
327
|
+
end
|
319
328
|
print as_pretty_table(rows, [:name, :access], options)
|
320
|
-
elsif instance_type_permissions.find {|it|
|
329
|
+
elsif instance_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
321
330
|
print_h2 "Instance Type Access", options
|
322
331
|
print cyan,"Use -i, --instance-type-access to list custom access","\n"
|
323
332
|
end
|
@@ -327,14 +336,14 @@ EOT
|
|
327
336
|
print cyan
|
328
337
|
if options[:include_blueprint_access] || options[:include_all_access]
|
329
338
|
print_h2 "Blueprint Access", options
|
330
|
-
rows = blueprint_permissions.
|
339
|
+
rows = blueprint_permissions.collect do |it|
|
331
340
|
{
|
332
341
|
name: it['name'],
|
333
342
|
access: format_access_string(it['access'], ["none","read","full"]),
|
334
343
|
}
|
335
344
|
end
|
336
345
|
print as_pretty_table(rows, [:name, :access], options)
|
337
|
-
elsif blueprint_permissions.find {|it|
|
346
|
+
elsif blueprint_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
338
347
|
print_h2 "Blueprint Access", options
|
339
348
|
print cyan,"Use -b, --blueprint-access to list custom access","\n"
|
340
349
|
end
|
@@ -344,14 +353,17 @@ EOT
|
|
344
353
|
print cyan
|
345
354
|
if options[:include_catalog_item_type_access] || options[:include_all_access]
|
346
355
|
print_h2 "Catalog Item Type Access", options
|
347
|
-
rows = catalog_item_type_permissions.
|
356
|
+
rows = catalog_item_type_permissions.collect do |it|
|
348
357
|
{
|
349
358
|
name: it['name'],
|
350
359
|
access: format_access_string(it['access'], ["none","read","full"]),
|
351
360
|
}
|
352
361
|
end
|
362
|
+
if !options[:include_default_access]
|
363
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
364
|
+
end
|
353
365
|
print as_pretty_table(rows, [:name, :access], options)
|
354
|
-
elsif catalog_item_type_permissions.find {|it|
|
366
|
+
elsif catalog_item_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
355
367
|
print_h2 "Catalog Item Type Access", options
|
356
368
|
print cyan,"Use --catalog-item-type-access to list access","\n"
|
357
369
|
end
|
@@ -368,7 +380,7 @@ EOT
|
|
368
380
|
}
|
369
381
|
end
|
370
382
|
print as_pretty_table(rows, [:name, :access], options)
|
371
|
-
elsif persona_permissions.find {|it|
|
383
|
+
elsif persona_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
372
384
|
print_h2 "Persona Access", options
|
373
385
|
print cyan,"Use --persona-access to list access","\n"
|
374
386
|
end
|
@@ -378,14 +390,17 @@ EOT
|
|
378
390
|
print cyan
|
379
391
|
if options[:include_vdi_pool_access] || options[:include_all_access]
|
380
392
|
print_h2 "VDI Pool Access", options
|
381
|
-
rows = vdi_pool_permissions.
|
393
|
+
rows = vdi_pool_permissions.collect do |it|
|
382
394
|
{
|
383
395
|
name: it['name'],
|
384
396
|
access: format_access_string(it['access'], ["none","full"]),
|
385
397
|
}
|
386
398
|
end
|
399
|
+
if !options[:include_default_access]
|
400
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
401
|
+
end
|
387
402
|
print as_pretty_table(rows, [:name, :access], options)
|
388
|
-
elsif vdi_pool_permissions.find {|it|
|
403
|
+
elsif vdi_pool_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
389
404
|
print_h2 "VDI Pool Access", options
|
390
405
|
print cyan,"Use --vdi-pool-access to list custom access","\n"
|
391
406
|
end
|
@@ -395,14 +410,17 @@ EOT
|
|
395
410
|
print cyan
|
396
411
|
if options[:include_report_type_access] || options[:include_all_access]
|
397
412
|
print_h2 "Report Type Access", options
|
398
|
-
rows = report_type_permissions.
|
413
|
+
rows = report_type_permissions.collect do |it|
|
399
414
|
{
|
400
415
|
name: it['name'],
|
401
416
|
access: format_access_string(it['access'], ["none","full"]),
|
402
417
|
}
|
403
418
|
end
|
419
|
+
if !options[:include_default_access]
|
420
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
421
|
+
end
|
404
422
|
print as_pretty_table(rows, [:name, :access], options)
|
405
|
-
elsif report_type_permissions.find {|it|
|
423
|
+
elsif report_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
406
424
|
print_h2 "Report Type Access", options
|
407
425
|
print cyan,"Use --report-type-access to list custom access","\n"
|
408
426
|
end
|
@@ -418,8 +436,11 @@ EOT
|
|
418
436
|
access: format_access_string(it['access'], ["none","full"]),
|
419
437
|
}
|
420
438
|
end
|
439
|
+
if !options[:include_default_access]
|
440
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
441
|
+
end
|
421
442
|
print as_pretty_table(rows, [:name, :access], options)
|
422
|
-
elsif task_permissions.find {|it|
|
443
|
+
elsif task_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
423
444
|
print_h2 "Task Access", options
|
424
445
|
print cyan,"Use --task-access to list custom access","\n"
|
425
446
|
end
|
@@ -429,14 +450,17 @@ EOT
|
|
429
450
|
print cyan
|
430
451
|
if options[:include_workflow_access] || options[:include_all_access]
|
431
452
|
print_h2 "Workflow", options
|
432
|
-
rows = workflow_permissions.
|
453
|
+
rows = workflow_permissions.collect do |it|
|
433
454
|
{
|
434
455
|
name: it['name'],
|
435
456
|
access: format_access_string(it['access'], ["none","full"]),
|
436
457
|
}
|
437
458
|
end
|
459
|
+
if !options[:include_default_access]
|
460
|
+
rows = rows.select {|row| row[:access] && row[:access] != 'default '}
|
461
|
+
end
|
438
462
|
print as_pretty_table(rows, [:name, :access], options)
|
439
|
-
elsif workflow_permissions.find {|it|
|
463
|
+
elsif workflow_permissions.find {|it| it['access'] && it['access'] != 'default'}
|
440
464
|
print_h2 "Workflow", options
|
441
465
|
print cyan,"Use --workflow-access to list custom access","\n"
|
442
466
|
end
|
@@ -530,11 +554,14 @@ EOT
|
|
530
554
|
{
|
531
555
|
code: it['code'],
|
532
556
|
name: it['name'],
|
557
|
+
category: it['subCategory'].to_s.titleize,
|
533
558
|
access: format_access_string(it['access']),
|
534
559
|
}
|
535
560
|
end
|
536
561
|
if options[:sort]
|
537
562
|
rows.sort! {|a,b| a[options[:sort]] <=> b[options[:sort]] }
|
563
|
+
else
|
564
|
+
rows.sort! {|a,b| [a[:category],a[:name],a[:code]] <=> [b[:category],b[:name],b[:code]] }
|
538
565
|
end
|
539
566
|
if options[:direction] == 'desc'
|
540
567
|
rows.reverse!
|
@@ -543,7 +570,7 @@ EOT
|
|
543
570
|
phrase_regexp = /#{Regexp.escape(options[:phrase])}/i
|
544
571
|
rows = rows.select {|row| row[:code].to_s =~ phrase_regexp || row[:name].to_s =~ phrase_regexp }
|
545
572
|
end
|
546
|
-
print as_pretty_table(rows, [:
|
573
|
+
print as_pretty_table(rows, [:category, :name, :code, :access], options)
|
547
574
|
else
|
548
575
|
puts "No permissions found"
|
549
576
|
end
|
@@ -557,135 +584,15 @@ EOT
|
|
557
584
|
optparse = Morpheus::Cli::OptionParser.new do |opts|
|
558
585
|
opts.banner = subcommand_usage("[name] [options]")
|
559
586
|
build_option_type_options(opts, options, add_role_option_types)
|
560
|
-
opts
|
561
|
-
options[:permissions] ||= {}
|
562
|
-
parse_access_csv(options[:permissions], val, args, optparse)
|
563
|
-
end
|
564
|
-
opts.add_hidden_option('--permissions')
|
565
|
-
opts.on('--feature-access CODE=ACCESS', String, "Set feature permission access by permission code. Example: dashboard=read,operations-wiki=full" ) do |val|
|
566
|
-
options[:permissions] ||= {}
|
567
|
-
parse_access_csv(options[:permissions], val, args, optparse)
|
568
|
-
end
|
569
|
-
opts.on('--global-group-access ACCESS', String, "Update the global group (site) access: [none|read|full]" ) do |val|
|
570
|
-
params['globalSiteAccess'] = val.to_s.downcase
|
571
|
-
end
|
572
|
-
opts.add_hidden_option('--global-group-access')
|
573
|
-
opts.on('--default-group-access ACCESS', String, "Update the default group (site) access: [none|read|full]" ) do |val|
|
574
|
-
params['globalSiteAccess'] = val.to_s.downcase
|
575
|
-
end
|
576
|
-
opts.on('--groups ID=ACCESS', String, "Set group (site) to a custom access by group id. Example: 1=none,2=full,3=read" ) do |val|
|
577
|
-
options[:group_permissions] ||= {}
|
578
|
-
parse_access_csv(options[:group_permissions], val, args, optparse)
|
579
|
-
end
|
580
|
-
opts.on('--global-cloud-access ACCESS', String, "Update the global cloud (zone) access: [none|read|full]" ) do |val|
|
581
|
-
params['globalZoneAccess'] = val.to_s.downcase
|
582
|
-
end
|
583
|
-
opts.add_hidden_option('--global-cloud-access')
|
584
|
-
opts.on('--default-cloud-access ACCESS', String, "Update the default cloud (zone) access: [none|read|full]" ) do |val|
|
585
|
-
params['globalZoneAccess'] = val.to_s.downcase
|
586
|
-
end
|
587
|
-
opts.on('--clouds ID=ACCESS', String, "Set cloud (zone) to a custom access by cloud id. Example: 1=none,2=full,3=read" ) do |val|
|
588
|
-
options[:cloud_permissions] ||= {}
|
589
|
-
parse_access_csv(options[:cloud_permissions], val, args, optparse)
|
590
|
-
end
|
591
|
-
opts.on('--global-instance-type-access ACCESS', String, "Update the global instance type access: [none|full]" ) do |val|
|
592
|
-
params['globalInstanceTypeAccess'] = val.to_s.downcase
|
593
|
-
end
|
594
|
-
opts.add_hidden_option('--global-instance-type-access')
|
595
|
-
opts.on('--default-instance-type-access ACCESS', String, "Update the default instance type access: [none|full]" ) do |val|
|
596
|
-
params['globalInstanceTypeAccess'] = val.to_s.downcase
|
597
|
-
end
|
598
|
-
opts.on('--instance-types CODE=ACCESS', String, "Set instance type to a custom access instance type code. Example: nginx=full,apache=none" ) do |val|
|
599
|
-
options[:instance_type_permissions] ||= {}
|
600
|
-
parse_access_csv(options[:instance_type_permissions], val, args, optparse)
|
601
|
-
end
|
602
|
-
opts.on('--global-blueprint-access ACCESS', String, "Update the global blueprint access: [none|full]" ) do |val|
|
603
|
-
params['globalAppTemplateAccess'] = val.to_s.downcase
|
604
|
-
end
|
605
|
-
opts.add_hidden_option('--global-blueprint-access')
|
606
|
-
opts.on('--default-blueprint-access ACCESS', String, "Update the default blueprint access: [none|full]" ) do |val|
|
607
|
-
params['globalAppTemplateAccess'] = val.to_s.downcase
|
608
|
-
end
|
609
|
-
opts.on('--blueprints ID=ACCESS', String, "Set blueprint to a custom access by blueprint id. Example: 1=full,2=none" ) do |val|
|
610
|
-
options[:blueprint_permissions] ||= {}
|
611
|
-
parse_access_csv(options[:blueprint_permissions], val, args, optparse)
|
612
|
-
end
|
613
|
-
opts.on('--global-catalog-item-type-access ACCESS', String, "Update the global catalog item type access: [none|full]" ) do |val|
|
614
|
-
params['globalCatalogItemTypeAccess'] = val.to_s.downcase
|
615
|
-
end
|
616
|
-
opts.add_hidden_option('--global-catalog-item-type-access')
|
617
|
-
opts.on('--default-catalog-item-type-access ACCESS', String, "Update the default catalog item type access: [none|full]" ) do |val|
|
618
|
-
params['globalCatalogItemTypeAccess'] = val.to_s.downcase
|
619
|
-
end
|
620
|
-
opts.on('--catalog-item-types CODE=ACCESS', String, "Set catalog item type to a custom access by catalog item type id. Example: 1=full,2=none" ) do |val|
|
621
|
-
options[:catalog_item_type_permissions] ||= {}
|
622
|
-
parse_access_csv(options[:catalog_item_type_permissions], val, args, optparse)
|
623
|
-
end
|
624
|
-
opts.on('--default-persona-access ACCESS', String, "Update the default persona access: [none|full]" ) do |val|
|
625
|
-
params['globalPersonaAccess'] = val.to_s.downcase
|
626
|
-
end
|
627
|
-
opts.on('--personas CODE=ACCESS', String, "Set persona to a custom access by persona code. Example: standard=full,serviceCatalog=full,vdi=full" ) do |val|
|
628
|
-
options[:persona_permissions] ||= {}
|
629
|
-
parse_access_csv(options[:persona_permissions], val, args, optparse)
|
630
|
-
end
|
631
|
-
opts.on('--global-vdi-pool-access-access ACCESS', String, "Update the global VDI pool access: [none|full]" ) do |val|
|
632
|
-
params['globalVdiPoolAccess'] = val.to_s.downcase
|
633
|
-
end
|
634
|
-
opts.add_hidden_option('--global-vdi-pool-access-access')
|
635
|
-
opts.on('--default-vdi-pool-access-access ACCESS', String, "Update the default VDI pool access: [none|full]" ) do |val|
|
636
|
-
params['globalVdiPoolAccess'] = val.to_s.downcase
|
637
|
-
end
|
638
|
-
opts.on('--vdi-pools ID=ACCESS', String, "Set VDI pool to a custom access by VDI pool id. Example: 1=full,2=none" ) do |val|
|
639
|
-
options[:vdi_pool_permissions] ||= {}
|
640
|
-
parse_access_csv(options[:vdi_pool_permissions], val, args, optparse)
|
641
|
-
end
|
642
|
-
opts.on('--global-report-type-access ACCESS', String, "Update the global report type access: [none|full]" ) do |val|
|
643
|
-
params['globalReportTypeAccess'] = val.to_s.downcase
|
644
|
-
end
|
645
|
-
opts.on('--default-report-type-access ACCESS', String, "Update the default report type access: [none|full]" ) do |val|
|
646
|
-
params['globalReportTypeAccess'] = val.to_s.downcase
|
647
|
-
end
|
648
|
-
opts.add_hidden_option('--default-report-type-access')
|
649
|
-
opts.on('--report-types CODE=ACCESS', String, "Set report type to a custom access by report type code. Example: appCost=none,guidance=full" ) do |val|
|
650
|
-
options[:report_type_permissions] ||= {}
|
651
|
-
parse_access_csv(options[:report_type_permissions], val, args, optparse)
|
652
|
-
end
|
653
|
-
opts.on('--global-task-access ACCESS', String, "Set the global task access: [none|full]" ) do |val|
|
654
|
-
params['globalTaskAccess'] = val.to_s.downcase
|
655
|
-
end
|
656
|
-
opts.add_hidden_option('--global-task-access')
|
657
|
-
opts.on('--default-task-access ACCESS', String, "Set the default task access: [none|full]" ) do |val|
|
658
|
-
params['globalTaskAccess'] = val.to_s.downcase
|
659
|
-
end
|
660
|
-
opts.on('--tasks ID=ACCESS', String, "Set task to a custom access by task id. Example: 1=none,2=full" ) do |val|
|
661
|
-
options[:task_permissions] ||= {}
|
662
|
-
parse_access_csv(options[:task_permissions], val, args, optparse)
|
663
|
-
end
|
664
|
-
opts.on('--global-workflow-access ACCESS', String, "Set the default workflow access: [none|full]" ) do |val|
|
665
|
-
params['globalTaskSetAccess'] = val.to_s.downcase
|
666
|
-
end
|
667
|
-
opts.add_hidden_option('--global-workflow-access')
|
668
|
-
opts.on('--default-workflow-access ACCESS', String, "Set the default workflow access: [none|full]" ) do |val|
|
669
|
-
params['globalTaskSetAccess'] = val.to_s.downcase
|
670
|
-
end
|
671
|
-
opts.on('--workflows ID=ACCESS', String, "Set workflow to a custom access by workflow id. Example: 1=none,2=full" ) do |val|
|
672
|
-
options[:workflow_permissions] ||= {}
|
673
|
-
parse_access_csv(options[:workflow_permissions], val, args, optparse)
|
674
|
-
end
|
675
|
-
opts.on('--reset-permissions', "Reset all feature permission access to none. This can be used in conjunction with --permissions to recreate the feature permission access for the role." ) do
|
676
|
-
options[:reset_permissions] = true
|
677
|
-
end
|
678
|
-
opts.add_hidden_option('--reset-permissions')
|
679
|
-
opts.on('--reset-feature-access', "Reset all feature permission access to none. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
|
680
|
-
options[:reset_permissions] = true
|
681
|
-
end
|
682
|
-
opts.on('--reset-all-access', "Reset all access to none including permissions, global groups, instance types, etc. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
|
683
|
-
options[:reset_all_access] = true
|
684
|
-
end
|
587
|
+
build_role_access_options(opts, options, params)
|
685
588
|
opts.on('--owner ID', String, "Set the owner/tenant/account for the role by account id. Only master tenants with full permission for Tenant and Role may use this option." ) do |val|
|
686
589
|
params['owner'] = val
|
687
590
|
end
|
688
|
-
|
591
|
+
opts.on(nil, '--include-default-access', "Include default access levels in the response (returns all available resources)") do
|
592
|
+
options[:include_default_access] = true
|
593
|
+
end
|
594
|
+
build_standard_add_options(opts, options)
|
595
|
+
opts.footer = <<-EOT
|
689
596
|
Create a new role.
|
690
597
|
[name] is required. This is a unique name (authority) for the new role.
|
691
598
|
All the role permissions and access values can be configured.
|
@@ -695,7 +602,6 @@ Only the specified permissions,instance types, etc. are updated.
|
|
695
602
|
Use --reset-feature-access to set access to "none" for all unspecified feature permissions.
|
696
603
|
Use --reset-all-access to set access to "none" for all unspecified feature permissions and default access values for groups, instance types, etc.
|
697
604
|
EOT
|
698
|
-
build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
|
699
605
|
end
|
700
606
|
optparse.parse!(args)
|
701
607
|
verify_args!(args:args, optparse:optparse, max:1)
|
@@ -721,199 +627,73 @@ EOT
|
|
721
627
|
# argh, some options depend on others here...eg. multitenant is only available when roleType == 'user'
|
722
628
|
#prompt_option_types = update_role_option_types()
|
723
629
|
|
724
|
-
role_payload = params
|
725
630
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'authority', 'fieldLabel' => 'Name', 'type' => 'text', 'required' => true, 'displayOrder' => 1}], options[:options])
|
726
|
-
|
631
|
+
params['authority'] = v_prompt['authority']
|
727
632
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text', 'displayOrder' => 2}], options[:options])
|
728
|
-
|
633
|
+
params['description'] = v_prompt['description']
|
729
634
|
|
730
635
|
if params['owner']
|
731
636
|
if @is_master_account && has_complete_access
|
732
|
-
|
637
|
+
params['owner'] = params['owner']
|
733
638
|
else
|
734
639
|
print_red_alert "You do not have the necessary authority to use owner option"
|
735
640
|
return
|
736
641
|
end
|
737
642
|
elsif @is_master_account && has_complete_access
|
738
643
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'owner', 'fieldLabel' => 'Owner', 'type' => 'select', 'selectOptions' => role_owner_options, 'defaultValue' => current_account['id'], 'displayOrder' => 3}], options[:options])
|
739
|
-
|
644
|
+
params['owner'] = v_prompt['owner']
|
740
645
|
else
|
741
|
-
|
646
|
+
params['owner'] = current_account['id']
|
742
647
|
end
|
743
648
|
|
744
|
-
if @is_master_account &&
|
649
|
+
if @is_master_account && params['owner'] == current_account['id']
|
745
650
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'roleType', 'fieldLabel' => 'Type', 'type' => 'select', 'selectOptions' => role_type_options, 'defaultValue' => 'user', 'displayOrder' => 4}], options[:options])
|
746
|
-
|
651
|
+
params['roleType'] = v_prompt['roleType']
|
747
652
|
else
|
748
|
-
|
653
|
+
params['roleType'] = 'user'
|
749
654
|
end
|
750
655
|
|
751
|
-
|
656
|
+
if options[:cloud_permissions] && params['roleType'] == 'user'
|
657
|
+
raise_command_error "The --clouds option is only available for user roles, not account roles"
|
658
|
+
end
|
659
|
+
if options[:group_permissions] && params['roleType'] == 'account'
|
660
|
+
raise_command_error "The --groups option is only available for account roles, not user roles"
|
661
|
+
end
|
662
|
+
|
663
|
+
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'baseRole', 'fieldLabel' => 'Copy From Role', 'type' => 'select', 'selectOptions' => base_role_options(params), 'displayOrder' => 5}], options[:options])
|
752
664
|
if v_prompt['baseRole'].to_s != ''
|
753
665
|
base_role = find_role_by_name_or_id(account_id, v_prompt['baseRole'])
|
754
666
|
exit 1 if base_role.nil?
|
755
|
-
|
667
|
+
params['baseRoleId'] = base_role['id']
|
756
668
|
end
|
757
669
|
|
758
|
-
if @is_master_account &&
|
759
|
-
if
|
670
|
+
if @is_master_account && params['owner'] == current_account['id']
|
671
|
+
if params['roleType'] == 'user'
|
760
672
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'multitenant', 'fieldLabel' => 'Multitenant', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'A Multitenant role is automatically copied into all existing subaccounts as well as placed into a subaccount when created. Useful for providing a set of predefined roles a Customer can use', 'displayOrder' => 5}], options[:options])
|
761
|
-
|
762
|
-
if
|
673
|
+
params['multitenant'] = ['on','true'].include?(v_prompt['multitenant'].to_s)
|
674
|
+
if params['multitenant']
|
763
675
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'multitenantLocked', 'fieldLabel' => 'Multitenant Locked', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'Prevents subtenants from branching off this role/modifying it.'}], options[:options])
|
764
|
-
|
676
|
+
params['multitenantLocked'] = ['on','true'].include?(v_prompt['multitenantLocked'].to_s)
|
765
677
|
end
|
766
678
|
end
|
767
679
|
end
|
768
680
|
|
769
681
|
# v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'optionSource' => 'personas', 'description' => 'Default Persona'}], options[:options], @api_client)
|
770
682
|
v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'selectOptions' => get_persona_select_options(), 'description' => 'Default Persona'}], options[:options], @api_client)
|
771
|
-
|
772
|
-
|
773
|
-
# bulk permissions
|
774
|
-
if options[:permissions]
|
775
|
-
perms_array = []
|
776
|
-
options[:permissions].each do |k,v|
|
777
|
-
perm_code = k
|
778
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
779
|
-
perms_array << {"code" => perm_code, "access" => access_value}
|
780
|
-
end
|
781
|
-
params['permissions'] = perms_array
|
782
|
-
end
|
783
|
-
if options[:group_permissions]
|
784
|
-
perms_array = []
|
785
|
-
options[:group_permissions].each do |k,v|
|
786
|
-
site_id = k
|
787
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
788
|
-
if site_id =~ /\A\d{1,}\Z/
|
789
|
-
perms_array << {"id" => site_id.to_i, "access" => access_value}
|
790
|
-
else
|
791
|
-
perms_array << {"name" => site_id, "access" => access_value}
|
792
|
-
end
|
793
|
-
end
|
794
|
-
params['sites'] = perms_array
|
795
|
-
end
|
796
|
-
if options[:cloud_permissions]
|
797
|
-
perms_array = []
|
798
|
-
options[:cloud_permissions].each do |k,v|
|
799
|
-
zone_id = k
|
800
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
801
|
-
if zone_id =~ /\A\d{1,}\Z/
|
802
|
-
perms_array << {"id" => zone_id.to_i, "access" => access_value}
|
803
|
-
else
|
804
|
-
perms_array << {"name" => zone_id, "access" => access_value}
|
805
|
-
end
|
806
|
-
perms_array << {"id" => zone_id, "access" => access_value}
|
807
|
-
end
|
808
|
-
params['zones'] = perms_array
|
809
|
-
end
|
810
|
-
if options[:instance_type_permissions]
|
811
|
-
perms_array = []
|
812
|
-
options[:instance_type_permissions].each do |k,v|
|
813
|
-
instance_type_code = k
|
814
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
815
|
-
perms_array << {"code" => instance_type_code, "access" => access_value}
|
816
|
-
end
|
817
|
-
params['instanceTypes'] = perms_array
|
818
|
-
end
|
819
|
-
if options[:blueprint_permissions]
|
820
|
-
perms_array = []
|
821
|
-
options[:blueprint_permissions].each do |k,v|
|
822
|
-
blueprint_id = k
|
823
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
824
|
-
if blueprint_id =~ /\A\d{1,}\Z/
|
825
|
-
perms_array << {"id" => blueprint_id.to_i, "access" => access_value}
|
826
|
-
else
|
827
|
-
perms_array << {"name" => blueprint_id, "access" => access_value}
|
828
|
-
end
|
829
|
-
end
|
830
|
-
params['appTemplates'] = perms_array
|
831
|
-
end
|
832
|
-
if options[:catalog_item_type_permissions]
|
833
|
-
perms_array = []
|
834
|
-
options[:catalog_item_type_permissions].each do |k,v|
|
835
|
-
catalog_item_type_id = k
|
836
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
837
|
-
if catalog_item_type_id =~ /\A\d{1,}\Z/
|
838
|
-
perms_array << {"id" => catalog_item_type_id.to_i, "access" => access_value}
|
839
|
-
else
|
840
|
-
perms_array << {"name" => catalog_item_type_id, "access" => access_value}
|
841
|
-
end
|
842
|
-
end
|
843
|
-
params['catalogItemTypes'] = perms_array
|
683
|
+
params['defaultPersona'] = {'code' => v_prompt['defaultPersona']} unless v_prompt['defaultPersona'].to_s.strip.empty?
|
844
684
|
|
845
|
-
|
846
|
-
|
847
|
-
|
848
|
-
options[:persona_permissions].each do |k,v|
|
849
|
-
persona_code = k
|
850
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
851
|
-
perms_array << {"code" => persona_code, "access" => access_value}
|
852
|
-
end
|
853
|
-
params['personas'] = perms_array
|
854
|
-
end
|
855
|
-
if options[:vdi_pool_permissions]
|
856
|
-
perms_array = []
|
857
|
-
options[:vdi_pool_permissions].each do |k,v|
|
858
|
-
vdi_pool_id = k
|
859
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
860
|
-
if vdi_pool_id =~ /\A\d{1,}\Z/
|
861
|
-
perms_array << {"id" => vdi_pool_id.to_i, "access" => access_value}
|
862
|
-
else
|
863
|
-
perms_array << {"name" => vdi_pool_id, "access" => access_value}
|
864
|
-
end
|
865
|
-
end
|
866
|
-
params['vdiPools'] = perms_array
|
867
|
-
end
|
868
|
-
if options[:report_type_permissions]
|
869
|
-
perms_array = []
|
870
|
-
options[:report_type_permissions].each do |k,v|
|
871
|
-
report_type_code = k
|
872
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
873
|
-
perms_array << {"code" => report_type_code, "access" => access_value}
|
874
|
-
end
|
875
|
-
params['reportTypes'] = perms_array
|
876
|
-
end
|
877
|
-
if options[:task_permissions]
|
878
|
-
perms_array = []
|
879
|
-
options[:task_permissions].each do |k,v|
|
880
|
-
task_id = k
|
881
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
882
|
-
if task_id =~ /\A\d{1,}\Z/
|
883
|
-
perms_array << {"id" => task_id.to_i, "access" => access_value}
|
884
|
-
else
|
885
|
-
perms_array << {"name" => task_id, "access" => access_value}
|
886
|
-
end
|
887
|
-
end
|
888
|
-
params['tasks'] = perms_array
|
889
|
-
end
|
890
|
-
if options[:workflow_permissions]
|
891
|
-
perms_array = []
|
892
|
-
options[:workflow_permissions].each do |k,v|
|
893
|
-
workflow_id = k
|
894
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
895
|
-
if workflow_id =~ /\A\d{1,}\Z/
|
896
|
-
perms_array << {"id" => workflow_id.to_i, "access" => access_value}
|
897
|
-
else
|
898
|
-
perms_array << {"name" => workflow_id, "access" => access_value}
|
899
|
-
end
|
900
|
-
end
|
901
|
-
params['workflows'] = perms_array
|
902
|
-
end
|
903
|
-
if options[:reset_permissions]
|
904
|
-
params["resetPermissions"] = true
|
905
|
-
end
|
906
|
-
if options[:reset_all_access]
|
907
|
-
params["resetAllAccess"] = true
|
908
|
-
end
|
909
|
-
payload = {"role" => role_payload}
|
685
|
+
# bulk role permissions
|
686
|
+
parse_role_access_options(options, params)
|
687
|
+
payload = {"role" => params}
|
910
688
|
end
|
689
|
+
query_params = parse_query_options(options)
|
690
|
+
query_params['includeDefaultAccess'] = true if options[:include_default_access]
|
911
691
|
@roles_interface.setopts(options)
|
912
692
|
if options[:dry_run]
|
913
|
-
print_dry_run @roles_interface.dry.create(account_id, payload)
|
693
|
+
print_dry_run @roles_interface.dry.create(account_id, payload, query_params)
|
914
694
|
return
|
915
695
|
end
|
916
|
-
json_response = @roles_interface.create(account_id, payload)
|
696
|
+
json_response = @roles_interface.create(account_id, payload, query_params)
|
917
697
|
|
918
698
|
if options[:json]
|
919
699
|
print JSON.pretty_generate(json_response)
|
@@ -934,13 +714,13 @@ EOT
|
|
934
714
|
get_args.push "--account-id", account['id'].to_s
|
935
715
|
end
|
936
716
|
|
937
|
-
details_options = [
|
717
|
+
details_options = [params["authority"]]
|
938
718
|
if account
|
939
719
|
details_options.push "--account-id", account['id'].to_s
|
940
720
|
end
|
941
721
|
|
942
|
-
if
|
943
|
-
details_options.push "--account-id",
|
722
|
+
if params['owner']
|
723
|
+
details_options.push "--account-id", params['owner'].to_s
|
944
724
|
end
|
945
725
|
get(details_options)
|
946
726
|
|
@@ -956,127 +736,9 @@ EOT
|
|
956
736
|
optparse = Morpheus::Cli::OptionParser.new do |opts|
|
957
737
|
opts.banner = subcommand_usage("[role] [options]")
|
958
738
|
build_option_type_options(opts, options, update_role_option_types)
|
959
|
-
opts
|
960
|
-
|
961
|
-
|
962
|
-
end
|
963
|
-
opts.add_hidden_option('--permissions')
|
964
|
-
opts.on('--feature-access CODE=ACCESS', String, "Set feature permission access by permission code. Example: dashboard=read,operations-wiki=full" ) do |val|
|
965
|
-
options[:permissions] ||= {}
|
966
|
-
parse_access_csv(options[:permissions], val, args, optparse)
|
967
|
-
end
|
968
|
-
opts.on('--global-group-access ACCESS', String, "Update the global group (site) access: [none|read|full]" ) do |val|
|
969
|
-
params['globalSiteAccess'] = val.to_s.downcase
|
970
|
-
end
|
971
|
-
opts.add_hidden_option('--global-group-access')
|
972
|
-
opts.on('--default-group-access ACCESS', String, "Update the default group (site) access: [none|read|full]" ) do |val|
|
973
|
-
params['globalSiteAccess'] = val.to_s.downcase
|
974
|
-
end
|
975
|
-
opts.on('--groups ID=ACCESS', String, "Set group (site) to a custom access by group id. Example: 1=none,2=full,3=read" ) do |val|
|
976
|
-
options[:group_permissions] ||= {}
|
977
|
-
parse_access_csv(options[:group_permissions], val, args, optparse)
|
978
|
-
end
|
979
|
-
opts.on('--global-cloud-access ACCESS', String, "Update the global cloud (zone) access: [none|read|full]" ) do |val|
|
980
|
-
params['globalZoneAccess'] = val.to_s.downcase
|
981
|
-
end
|
982
|
-
opts.add_hidden_option('--global-cloud-access')
|
983
|
-
opts.on('--default-cloud-access ACCESS', String, "Update the default cloud (zone) access: [none|read|full]" ) do |val|
|
984
|
-
params['globalZoneAccess'] = val.to_s.downcase
|
985
|
-
end
|
986
|
-
opts.on('--clouds ID=ACCESS', String, "Set cloud (zone) to a custom access by cloud id. Example: 1=none,2=full,3=read" ) do |val|
|
987
|
-
options[:cloud_permissions] ||= {}
|
988
|
-
parse_access_csv(options[:cloud_permissions], val, args, optparse)
|
989
|
-
end
|
990
|
-
opts.on('--global-instance-type-access ACCESS', String, "Update the global instance type access: [none|full]" ) do |val|
|
991
|
-
params['globalInstanceTypeAccess'] = val.to_s.downcase
|
992
|
-
end
|
993
|
-
opts.add_hidden_option('--global-instance-type-access')
|
994
|
-
opts.on('--default-instance-type-access ACCESS', String, "Update the default instance type access: [none|full]" ) do |val|
|
995
|
-
params['globalInstanceTypeAccess'] = val.to_s.downcase
|
996
|
-
end
|
997
|
-
opts.on('--instance-types CODE=ACCESS', String, "Set instance type to a custom access instance type code. Example: nginx=full,apache=none" ) do |val|
|
998
|
-
options[:instance_type_permissions] ||= {}
|
999
|
-
parse_access_csv(options[:instance_type_permissions], val, args, optparse)
|
1000
|
-
end
|
1001
|
-
opts.on('--global-blueprint-access ACCESS', String, "Update the global blueprint access: [none|full]" ) do |val|
|
1002
|
-
params['globalAppTemplateAccess'] = val.to_s.downcase
|
1003
|
-
end
|
1004
|
-
opts.add_hidden_option('--global-blueprint-access')
|
1005
|
-
opts.on('--default-blueprint-access ACCESS', String, "Update the default blueprint access: [none|full]" ) do |val|
|
1006
|
-
params['globalAppTemplateAccess'] = val.to_s.downcase
|
1007
|
-
end
|
1008
|
-
opts.on('--blueprints ID=ACCESS', String, "Set blueprint to a custom access by blueprint id. Example: 1=full,2=none" ) do |val|
|
1009
|
-
options[:blueprint_permissions] ||= {}
|
1010
|
-
parse_access_csv(options[:blueprint_permissions], val, args, optparse)
|
1011
|
-
end
|
1012
|
-
opts.on('--global-catalog-item-type-access ACCESS', String, "Update the global catalog item type access: [none|full]" ) do |val|
|
1013
|
-
params['globalCatalogItemTypeAccess'] = val.to_s.downcase
|
1014
|
-
end
|
1015
|
-
opts.add_hidden_option('--global-catalog-item-type-access')
|
1016
|
-
opts.on('--default-catalog-item-type-access ACCESS', String, "Update the default catalog item type access: [none|full]" ) do |val|
|
1017
|
-
params['globalCatalogItemTypeAccess'] = val.to_s.downcase
|
1018
|
-
end
|
1019
|
-
opts.on('--catalog-item-types CODE=ACCESS', String, "Set catalog item type to a custom access by catalog item type id. Example: 1=full,2=none" ) do |val|
|
1020
|
-
options[:catalog_item_type_permissions] ||= {}
|
1021
|
-
parse_access_csv(options[:catalog_item_type_permissions], val, args, optparse)
|
1022
|
-
end
|
1023
|
-
opts.on('--personas CODE=ACCESS', String, "Set persona to a custom access by persona code. Example: standard=full,serviceCatalog=full,vdi=full" ) do |val|
|
1024
|
-
options[:persona_permissions] ||= {}
|
1025
|
-
parse_access_csv(options[:persona_permissions], val, args, optparse)
|
1026
|
-
end
|
1027
|
-
opts.on('--global-vdi-pool-access ACCESS', String, "Update the global VDI pool access: [none|full]" ) do |val|
|
1028
|
-
params['globalVdiPoolAccess'] = val.to_s.downcase
|
1029
|
-
end
|
1030
|
-
opts.add_hidden_option('--global-vdi-pool-access')
|
1031
|
-
opts.on('--default-vdi-pool-access ACCESS', String, "Update the default VDI pool access: [none|full]" ) do |val|
|
1032
|
-
params['globalVdiPoolAccess'] = val.to_s.downcase
|
1033
|
-
end
|
1034
|
-
opts.on('--vdi-pools ID=ACCESS', String, "Set VDI pool to a custom access by VDI pool id. Example: 1=full,2=none" ) do |val|
|
1035
|
-
options[:vdi_pool_permissions] ||= {}
|
1036
|
-
parse_access_csv(options[:vdi_pool_permissions], val, args, optparse)
|
1037
|
-
end
|
1038
|
-
opts.on('--global-report-type-access ACCESS', String, "Update the global report type access: [none|full]" ) do |val|
|
1039
|
-
params['globalReportTypeAccess'] = val.to_s.downcase
|
1040
|
-
end
|
1041
|
-
opts.add_hidden_option('--global-report-type-access')
|
1042
|
-
opts.on('--default-report-type-access ACCESS', String, "Update the default report type access: [none|full]" ) do |val|
|
1043
|
-
params['globalReportTypeAccess'] = val.to_s.downcase
|
1044
|
-
end
|
1045
|
-
opts.on('--report-types CODE=ACCESS', String, "Set report type to a custom access by report type code. Example: appCost=none,guidance=full" ) do |val|
|
1046
|
-
options[:report_type_permissions] ||= {}
|
1047
|
-
parse_access_csv(options[:report_type_permissions], val, args, optparse)
|
1048
|
-
end
|
1049
|
-
opts.on('--global-task-access ACCESS', String, "Update the global task access: [none|full]" ) do |val|
|
1050
|
-
params['globalTaskAccess'] = val.to_s.downcase
|
1051
|
-
end
|
1052
|
-
opts.add_hidden_option('--global-task-access')
|
1053
|
-
opts.on('--default-task-access ACCESS', String, "Update the default task access: [none|full]" ) do |val|
|
1054
|
-
params['globalTaskAccess'] = val.to_s.downcase
|
1055
|
-
end
|
1056
|
-
opts.on('--tasks ID=ACCESS', String, "Set task to a custom access by task id. Example: 1=none,2=full" ) do |val|
|
1057
|
-
options[:task_permissions] ||= {}
|
1058
|
-
parse_access_csv(options[:task_permissions], val, args, optparse)
|
1059
|
-
end
|
1060
|
-
opts.on('--global-workflow-access ACCESS', String, "Update the global workflow access: [none|full]" ) do |val|
|
1061
|
-
params['globalTaskSetAccess'] = val.to_s.downcase
|
1062
|
-
end
|
1063
|
-
opts.add_hidden_option('--global-workflow-access')
|
1064
|
-
opts.on('--default-workflow-access ACCESS', String, "Update the default workflow access: [none|full]" ) do |val|
|
1065
|
-
params['globalTaskSetAccess'] = val.to_s.downcase
|
1066
|
-
end
|
1067
|
-
opts.on('--workflows ID=ACCESS', String, "Set workflow to a custom access by workflow id. Example: 1=none,2=full" ) do |val|
|
1068
|
-
options[:workflow_permissions] ||= {}
|
1069
|
-
parse_access_csv(options[:workflow_permissions], val, args, optparse)
|
1070
|
-
end
|
1071
|
-
opts.on('--reset-permissions', "Reset all feature permission access to none. This can be used in conjunction with --permissions to recreate the feature permission access for the role." ) do
|
1072
|
-
options[:reset_permissions] = true
|
1073
|
-
end
|
1074
|
-
opts.add_hidden_option('--reset-permissions')
|
1075
|
-
opts.on('--reset-feature-access', "Reset all feature permission access to none. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
|
1076
|
-
options[:reset_permissions] = true
|
1077
|
-
end
|
1078
|
-
opts.on('--reset-all-access', "Reset all access to none including permissions, global groups, instance types, etc. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
|
1079
|
-
options[:reset_all_access] = true
|
739
|
+
build_role_access_options(opts, options, params)
|
740
|
+
opts.on(nil, '--include-default-access', "Include default access levels in the output (returns all available resources)") do
|
741
|
+
options[:include_default_access] = true
|
1080
742
|
end
|
1081
743
|
build_standard_update_options(opts, options)
|
1082
744
|
opts.footer = <<-EOT
|
@@ -1122,154 +784,28 @@ EOT
|
|
1122
784
|
prompt_option_types = prompt_option_types.reject {|it| ['multitenant','multitenantLocked'].include?(it['fieldName']) }
|
1123
785
|
end
|
1124
786
|
#params = Morpheus::Cli::OptionTypes.prompt(prompt_option_types, options[:options], @api_client, options[:params])
|
1125
|
-
|
1126
|
-
|
1127
|
-
if options[:permissions]
|
1128
|
-
perms_array = []
|
1129
|
-
options[:permissions].each do |k,v|
|
1130
|
-
perm_code = k
|
1131
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1132
|
-
perms_array << {"code" => perm_code, "access" => access_value}
|
1133
|
-
end
|
1134
|
-
params['permissions'] = perms_array
|
1135
|
-
end
|
1136
|
-
if options[:group_permissions]
|
1137
|
-
perms_array = []
|
1138
|
-
options[:group_permissions].each do |k,v|
|
1139
|
-
site_id = k
|
1140
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1141
|
-
if site_id =~ /\A\d{1,}\Z/
|
1142
|
-
perms_array << {"id" => site_id.to_i, "access" => access_value}
|
1143
|
-
else
|
1144
|
-
perms_array << {"name" => site_id, "access" => access_value}
|
1145
|
-
end
|
1146
|
-
end
|
1147
|
-
params['sites'] = perms_array
|
1148
|
-
end
|
1149
|
-
if options[:cloud_permissions]
|
1150
|
-
perms_array = []
|
1151
|
-
options[:cloud_permissions].each do |k,v|
|
1152
|
-
zone_id = k
|
1153
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1154
|
-
if zone_id =~ /\A\d{1,}\Z/
|
1155
|
-
perms_array << {"id" => zone_id.to_i, "access" => access_value}
|
1156
|
-
else
|
1157
|
-
perms_array << {"name" => zone_id, "access" => access_value}
|
1158
|
-
end
|
1159
|
-
perms_array << {"id" => zone_id, "access" => access_value}
|
1160
|
-
end
|
1161
|
-
params['zones'] = perms_array
|
1162
|
-
end
|
1163
|
-
if options[:instance_type_permissions]
|
1164
|
-
perms_array = []
|
1165
|
-
options[:instance_type_permissions].each do |k,v|
|
1166
|
-
instance_type_code = k
|
1167
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1168
|
-
perms_array << {"code" => instance_type_code, "access" => access_value}
|
1169
|
-
end
|
1170
|
-
params['instanceTypes'] = perms_array
|
1171
|
-
end
|
1172
|
-
if options[:blueprint_permissions]
|
1173
|
-
perms_array = []
|
1174
|
-
options[:blueprint_permissions].each do |k,v|
|
1175
|
-
blueprint_id = k
|
1176
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1177
|
-
if blueprint_id =~ /\A\d{1,}\Z/
|
1178
|
-
perms_array << {"id" => blueprint_id.to_i, "access" => access_value}
|
1179
|
-
else
|
1180
|
-
perms_array << {"name" => blueprint_id, "access" => access_value}
|
1181
|
-
end
|
1182
|
-
end
|
1183
|
-
params['appTemplates'] = perms_array
|
1184
|
-
end
|
1185
|
-
if options[:catalog_item_type_permissions]
|
1186
|
-
perms_array = []
|
1187
|
-
options[:catalog_item_type_permissions].each do |k,v|
|
1188
|
-
catalog_item_type_id = k
|
1189
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1190
|
-
if catalog_item_type_id =~ /\A\d{1,}\Z/
|
1191
|
-
perms_array << {"id" => catalog_item_type_id.to_i, "access" => access_value}
|
1192
|
-
else
|
1193
|
-
perms_array << {"name" => catalog_item_type_id, "access" => access_value}
|
1194
|
-
end
|
1195
|
-
end
|
1196
|
-
params['catalogItemTypes'] = perms_array
|
1197
|
-
|
1198
|
-
end
|
1199
|
-
if options[:persona_permissions]
|
1200
|
-
perms_array = []
|
1201
|
-
options[:persona_permissions].each do |k,v|
|
1202
|
-
persona_code = k
|
1203
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1204
|
-
perms_array << {"code" => persona_code, "access" => access_value}
|
1205
|
-
end
|
1206
|
-
params['personas'] = perms_array
|
1207
|
-
end
|
1208
|
-
if options[:vdi_pool_permissions]
|
1209
|
-
perms_array = []
|
1210
|
-
options[:vdi_pool_permissions].each do |k,v|
|
1211
|
-
vdi_pool_id = k
|
1212
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1213
|
-
if vdi_pool_id =~ /\A\d{1,}\Z/
|
1214
|
-
perms_array << {"id" => vdi_pool_id.to_i, "access" => access_value}
|
1215
|
-
else
|
1216
|
-
perms_array << {"name" => vdi_pool_id, "access" => access_value}
|
1217
|
-
end
|
1218
|
-
end
|
1219
|
-
params['vdiPools'] = perms_array
|
1220
|
-
end
|
1221
|
-
if options[:report_type_permissions]
|
1222
|
-
perms_array = []
|
1223
|
-
options[:report_type_permissions].each do |k,v|
|
1224
|
-
report_type_code = k
|
1225
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1226
|
-
perms_array << {"code" => report_type_code, "access" => access_value}
|
1227
|
-
end
|
1228
|
-
params['reportTypes'] = perms_array
|
1229
|
-
end
|
1230
|
-
if options[:task_permissions]
|
1231
|
-
perms_array = []
|
1232
|
-
options[:task_permissions].each do |k,v|
|
1233
|
-
task_id = k
|
1234
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1235
|
-
if task_id =~ /\A\d{1,}\Z/
|
1236
|
-
perms_array << {"id" => task_id.to_i, "access" => access_value}
|
1237
|
-
else
|
1238
|
-
perms_array << {"name" => task_id, "access" => access_value}
|
1239
|
-
end
|
1240
|
-
end
|
1241
|
-
params['tasks'] = perms_array
|
1242
|
-
end
|
1243
|
-
if options[:workflow_permissions]
|
1244
|
-
perms_array = []
|
1245
|
-
options[:workflow_permissions].each do |k,v|
|
1246
|
-
workflow_id = k
|
1247
|
-
access_value = v.to_s.empty? ? "none" : v.to_s
|
1248
|
-
if workflow_id =~ /\A\d{1,}\Z/
|
1249
|
-
perms_array << {"id" => workflow_id.to_i, "access" => access_value}
|
1250
|
-
else
|
1251
|
-
perms_array << {"name" => workflow_id, "access" => access_value}
|
1252
|
-
end
|
1253
|
-
end
|
1254
|
-
params['taskSets'] = perms_array
|
1255
|
-
end
|
1256
|
-
if options[:reset_permissions]
|
1257
|
-
params["resetPermissions"] = true
|
787
|
+
if options[:cloud_permissions] && role['roleType'] == 'user'
|
788
|
+
raise_command_error "The --clouds option is only available for user roles, not account roles"
|
1258
789
|
end
|
1259
|
-
if options[:
|
1260
|
-
|
790
|
+
if options[:group_permissions] && role['roleType'] == 'account'
|
791
|
+
raise_command_error "The --groups option is only available for account roles, not user roles"
|
1261
792
|
end
|
793
|
+
# bulk role permissions
|
794
|
+
parse_role_access_options(options, params)
|
795
|
+
|
1262
796
|
if params.empty?
|
1263
797
|
raise_command_error "Specify at least one option to update.\n#{optparse}"
|
1264
798
|
end
|
1265
799
|
payload = {"role" => params}
|
1266
800
|
end
|
801
|
+
query_params = parse_query_options(options)
|
802
|
+
query_params['includeDefaultAccess'] = true if options[:include_default_access]
|
1267
803
|
@roles_interface.setopts(options)
|
1268
804
|
if options[:dry_run]
|
1269
|
-
print_dry_run @roles_interface.dry.update(account_id, role['id'], payload)
|
805
|
+
print_dry_run @roles_interface.dry.update(account_id, role['id'], payload, query_params)
|
1270
806
|
return
|
1271
807
|
end
|
1272
|
-
json_response = @roles_interface.update(account_id, role['id'], payload)
|
808
|
+
json_response = @roles_interface.update(account_id, role['id'], payload, query_params)
|
1273
809
|
render_response(json_response, options, "role") do
|
1274
810
|
role = json_response['role']
|
1275
811
|
display_name = role['authority'] rescue ''
|
@@ -2988,18 +2524,299 @@ Update default workflow access for a role.
|
|
2988
2524
|
has_access
|
2989
2525
|
end
|
2990
2526
|
|
2991
|
-
def parse_access_csv(output, val
|
2527
|
+
def parse_access_csv(output, val)
|
2992
2528
|
output ||= {}
|
2993
2529
|
val.split(",").each do |value_pair|
|
2994
2530
|
# split on '=' only because ':' is included in the permission name
|
2995
2531
|
k,v = value_pair.include?("=") ? value_pair.strip.split("=") : [value_pair, ""]
|
2996
|
-
k.
|
2997
|
-
|
2998
|
-
|
2999
|
-
|
2532
|
+
next if k.to_s.empty?
|
2533
|
+
k = k.to_s.strip
|
2534
|
+
v = v.to_s.strip
|
2535
|
+
if k.empty?
|
2536
|
+
# ignore blank values, extra comma maybe?
|
2537
|
+
next
|
2538
|
+
end
|
2539
|
+
if v == ""
|
2540
|
+
raise_command_error "permission '#{k}=#{v}' is invalid. The access value is required eg. [default|none|read|full]"
|
3000
2541
|
end
|
3001
2542
|
output[k] = v
|
3002
2543
|
end
|
3003
2544
|
return output
|
3004
2545
|
end
|
2546
|
+
|
2547
|
+
# role permission access options shared by add and update
|
2548
|
+
def build_role_access_options(opts, options, params)
|
2549
|
+
opts.on('--permissions CODE=ACCESS', String, "Set feature permission access by permission code. Example: dashboard=read,operations-wiki=full" ) do |val|
|
2550
|
+
options[:permissions] ||= {}
|
2551
|
+
parse_access_csv(options[:permissions], val)
|
2552
|
+
end
|
2553
|
+
opts.add_hidden_option('--permissions')
|
2554
|
+
opts.on('--feature-access CODE=ACCESS', String, "Set feature permission access by permission code. Example: dashboard=read,operations-wiki=full" ) do |val|
|
2555
|
+
options[:permissions] ||= {}
|
2556
|
+
parse_access_csv(options[:permissions], val)
|
2557
|
+
end
|
2558
|
+
opts.on('--global-group-access ACCESS', String, "Update the global group (site) access: [none|read|full]" ) do |val|
|
2559
|
+
params['globalSiteAccess'] = val.to_s.downcase
|
2560
|
+
end
|
2561
|
+
opts.add_hidden_option('--global-group-access')
|
2562
|
+
opts.on('--default-group-access ACCESS', String, "Update the default group (site) access: [none|read|full]" ) do |val|
|
2563
|
+
params['globalSiteAccess'] = val.to_s.downcase
|
2564
|
+
end
|
2565
|
+
opts.on('--groups ID=ACCESS', String, "Set group (site) to a custom access by group id. Example: 1=none,2=full,3=read" ) do |val|
|
2566
|
+
options[:group_permissions] ||= {}
|
2567
|
+
parse_access_csv(options[:group_permissions], val)
|
2568
|
+
end
|
2569
|
+
opts.on('--global-cloud-access ACCESS', String, "Update the global cloud (zone) access: [none|read|full]" ) do |val|
|
2570
|
+
params['globalZoneAccess'] = val.to_s.downcase
|
2571
|
+
end
|
2572
|
+
opts.add_hidden_option('--global-cloud-access')
|
2573
|
+
opts.on('--default-cloud-access ACCESS', String, "Update the default cloud (zone) access: [none|read|full]" ) do |val|
|
2574
|
+
params['globalZoneAccess'] = val.to_s.downcase
|
2575
|
+
end
|
2576
|
+
opts.on('--clouds ID=ACCESS', String, "Set cloud (zone) to a custom access by cloud id. Example: 1=none,2=full,3=read" ) do |val|
|
2577
|
+
options[:cloud_permissions] ||= {}
|
2578
|
+
parse_access_csv(options[:cloud_permissions], val)
|
2579
|
+
end
|
2580
|
+
opts.on('--global-instance-type-access ACCESS', String, "Update the global instance type access: [none|full]" ) do |val|
|
2581
|
+
params['globalInstanceTypeAccess'] = val.to_s.downcase
|
2582
|
+
end
|
2583
|
+
opts.add_hidden_option('--global-instance-type-access')
|
2584
|
+
opts.on('--default-instance-type-access ACCESS', String, "Update the default instance type access: [none|full]" ) do |val|
|
2585
|
+
params['globalInstanceTypeAccess'] = val.to_s.downcase
|
2586
|
+
end
|
2587
|
+
opts.on('--instance-types CODE=ACCESS', String, "Set instance type to a custom access instance type code. Example: nginx=full,apache=none" ) do |val|
|
2588
|
+
options[:instance_type_permissions] ||= {}
|
2589
|
+
parse_access_csv(options[:instance_type_permissions], val)
|
2590
|
+
end
|
2591
|
+
opts.on('--global-blueprint-access ACCESS', String, "Update the global blueprint access: [none|full]" ) do |val|
|
2592
|
+
params['globalAppTemplateAccess'] = val.to_s.downcase
|
2593
|
+
end
|
2594
|
+
opts.add_hidden_option('--global-blueprint-access')
|
2595
|
+
opts.on('--default-blueprint-access ACCESS', String, "Update the default blueprint access: [none|full]" ) do |val|
|
2596
|
+
params['globalAppTemplateAccess'] = val.to_s.downcase
|
2597
|
+
end
|
2598
|
+
opts.on('--blueprints ID=ACCESS', String, "Set blueprint to a custom access by blueprint id. Example: 1=full,2=none" ) do |val|
|
2599
|
+
options[:blueprint_permissions] ||= {}
|
2600
|
+
parse_access_csv(options[:blueprint_permissions], val)
|
2601
|
+
end
|
2602
|
+
opts.on('--global-catalog-item-type-access ACCESS', String, "Update the global catalog item type access: [none|full]" ) do |val|
|
2603
|
+
params['globalCatalogItemTypeAccess'] = val.to_s.downcase
|
2604
|
+
end
|
2605
|
+
opts.add_hidden_option('--global-catalog-item-type-access')
|
2606
|
+
opts.on('--default-catalog-item-type-access ACCESS', String, "Update the default catalog item type access: [none|full]" ) do |val|
|
2607
|
+
params['globalCatalogItemTypeAccess'] = val.to_s.downcase
|
2608
|
+
end
|
2609
|
+
opts.on('--catalog-item-types CODE=ACCESS', String, "Set catalog item type to a custom access by catalog item type id. Example: 1=full,2=none" ) do |val|
|
2610
|
+
options[:catalog_item_type_permissions] ||= {}
|
2611
|
+
parse_access_csv(options[:catalog_item_type_permissions], val)
|
2612
|
+
end
|
2613
|
+
opts.on('--default-persona-access ACCESS', String, "Update the default persona access: [none|full]" ) do |val|
|
2614
|
+
params['globalPersonaAccess'] = val.to_s.downcase
|
2615
|
+
end
|
2616
|
+
opts.on('--personas CODE=ACCESS', String, "Set persona to a custom access by persona code. Example: standard=full,serviceCatalog=full,vdi=full" ) do |val|
|
2617
|
+
options[:persona_permissions] ||= {}
|
2618
|
+
parse_access_csv(options[:persona_permissions], val)
|
2619
|
+
end
|
2620
|
+
opts.on('--global-vdi-pool-access ACCESS', String, "Update the global VDI pool access: [none|full]" ) do |val|
|
2621
|
+
params['globalVdiPoolAccess'] = val.to_s.downcase
|
2622
|
+
end
|
2623
|
+
opts.add_hidden_option('--global-vdi-pool-access')
|
2624
|
+
opts.on('--default-vdi-pool-access ACCESS', String, "Update the default VDI pool access: [none|full]" ) do |val|
|
2625
|
+
params['globalVdiPoolAccess'] = val.to_s.downcase
|
2626
|
+
end
|
2627
|
+
opts.on('--vdi-pools ID=ACCESS', String, "Set VDI pool to a custom access by VDI pool id. Example: 1=full,2=none" ) do |val|
|
2628
|
+
options[:vdi_pool_permissions] ||= {}
|
2629
|
+
parse_access_csv(options[:vdi_pool_permissions], val)
|
2630
|
+
end
|
2631
|
+
opts.on('--global-report-type-access ACCESS', String, "Update the global report type access: [none|full]" ) do |val|
|
2632
|
+
params['globalReportTypeAccess'] = val.to_s.downcase
|
2633
|
+
end
|
2634
|
+
opts.on('--default-report-type-access ACCESS', String, "Update the default report type access: [none|full]" ) do |val|
|
2635
|
+
params['globalReportTypeAccess'] = val.to_s.downcase
|
2636
|
+
end
|
2637
|
+
opts.add_hidden_option('--default-report-type-access')
|
2638
|
+
opts.on('--report-types CODE=ACCESS', String, "Set report type to a custom access by report type code. Example: appCost=none,guidance=full" ) do |val|
|
2639
|
+
options[:report_type_permissions] ||= {}
|
2640
|
+
parse_access_csv(options[:report_type_permissions], val)
|
2641
|
+
end
|
2642
|
+
opts.on('--global-task-access ACCESS', String, "Set the global task access: [none|full]" ) do |val|
|
2643
|
+
params['globalTaskAccess'] = val.to_s.downcase
|
2644
|
+
end
|
2645
|
+
opts.add_hidden_option('--global-task-access')
|
2646
|
+
opts.on('--default-task-access ACCESS', String, "Set the default task access: [none|full]" ) do |val|
|
2647
|
+
params['globalTaskAccess'] = val.to_s.downcase
|
2648
|
+
end
|
2649
|
+
opts.on('--tasks ID=ACCESS', String, "Set task to a custom access by task id. Example: 1=none,2=full" ) do |val|
|
2650
|
+
options[:task_permissions] ||= {}
|
2651
|
+
parse_access_csv(options[:task_permissions], val)
|
2652
|
+
end
|
2653
|
+
opts.on('--global-workflow-access ACCESS', String, "Set the default workflow access: [none|full]" ) do |val|
|
2654
|
+
params['globalTaskSetAccess'] = val.to_s.downcase
|
2655
|
+
end
|
2656
|
+
opts.add_hidden_option('--global-workflow-access')
|
2657
|
+
opts.on('--default-workflow-access ACCESS', String, "Set the default workflow access: [none|full]" ) do |val|
|
2658
|
+
params['globalTaskSetAccess'] = val.to_s.downcase
|
2659
|
+
end
|
2660
|
+
opts.on('--workflows ID=ACCESS', String, "Set workflow to a custom access by workflow id. Example: 1=none,2=full" ) do |val|
|
2661
|
+
options[:workflow_permissions] ||= {}
|
2662
|
+
parse_access_csv(options[:workflow_permissions], val)
|
2663
|
+
end
|
2664
|
+
opts.on('--reset-permissions', "Reset all feature permission access to none. This can be used in conjunction with --permissions to recreate the feature permission access for the role." ) do
|
2665
|
+
options[:reset_permissions] = true
|
2666
|
+
end
|
2667
|
+
opts.add_hidden_option('--reset-permissions')
|
2668
|
+
opts.on('--reset-feature-access', "Reset all feature permission access to none. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
|
2669
|
+
options[:reset_permissions] = true
|
2670
|
+
end
|
2671
|
+
opts.on('--reset-all-access', "Reset all access to none including permissions, global groups, instance types, etc. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
|
2672
|
+
options[:reset_all_access] = true
|
2673
|
+
end
|
2674
|
+
end
|
2675
|
+
|
2676
|
+
# parse bulk permissions payload
|
2677
|
+
def parse_role_access_options(options, params)
|
2678
|
+
if options[:permissions]
|
2679
|
+
perms_array = []
|
2680
|
+
options[:permissions].each do |k,v|
|
2681
|
+
perm_code = k
|
2682
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2683
|
+
perms_array << {"code" => perm_code, "access" => access_value}
|
2684
|
+
end
|
2685
|
+
params['permissions'] = perms_array
|
2686
|
+
end
|
2687
|
+
if options[:group_permissions]
|
2688
|
+
perms_array = []
|
2689
|
+
options[:group_permissions].each do |k,v|
|
2690
|
+
site_id = k
|
2691
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2692
|
+
if site_id =~ /\A\d{1,}\Z/
|
2693
|
+
perms_array << {"id" => site_id.to_i, "access" => access_value}
|
2694
|
+
else
|
2695
|
+
perms_array << {"name" => site_id, "access" => access_value}
|
2696
|
+
end
|
2697
|
+
end
|
2698
|
+
params['sites'] = perms_array
|
2699
|
+
end
|
2700
|
+
if options[:cloud_permissions]
|
2701
|
+
perms_array = []
|
2702
|
+
options[:cloud_permissions].each do |k,v|
|
2703
|
+
zone_id = k
|
2704
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2705
|
+
if zone_id =~ /\A\d{1,}\Z/
|
2706
|
+
perms_array << {"id" => zone_id.to_i, "access" => access_value}
|
2707
|
+
else
|
2708
|
+
perms_array << {"name" => zone_id, "access" => access_value}
|
2709
|
+
end
|
2710
|
+
end
|
2711
|
+
params['zones'] = perms_array
|
2712
|
+
end
|
2713
|
+
if options[:instance_type_permissions]
|
2714
|
+
perms_array = []
|
2715
|
+
options[:instance_type_permissions].each do |k,v|
|
2716
|
+
instance_type_code = k
|
2717
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2718
|
+
if instance_type_code =~ /\A\d{1,}\Z/
|
2719
|
+
perms_array << {"id" => instance_type_code.to_i, "access" => access_value}
|
2720
|
+
else
|
2721
|
+
perms_array << {"code" => instance_type_code, "access" => access_value}
|
2722
|
+
end
|
2723
|
+
end
|
2724
|
+
params['instanceTypes'] = perms_array
|
2725
|
+
end
|
2726
|
+
if options[:blueprint_permissions]
|
2727
|
+
perms_array = []
|
2728
|
+
options[:blueprint_permissions].each do |k,v|
|
2729
|
+
blueprint_id = k
|
2730
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2731
|
+
if blueprint_id =~ /\A\d{1,}\Z/
|
2732
|
+
perms_array << {"id" => blueprint_id.to_i, "access" => access_value}
|
2733
|
+
else
|
2734
|
+
perms_array << {"name" => blueprint_id, "access" => access_value}
|
2735
|
+
end
|
2736
|
+
end
|
2737
|
+
params['appTemplates'] = perms_array
|
2738
|
+
end
|
2739
|
+
if options[:catalog_item_type_permissions]
|
2740
|
+
perms_array = []
|
2741
|
+
options[:catalog_item_type_permissions].each do |k,v|
|
2742
|
+
catalog_item_type_id = k
|
2743
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2744
|
+
if catalog_item_type_id =~ /\A\d{1,}\Z/
|
2745
|
+
perms_array << {"id" => catalog_item_type_id.to_i, "access" => access_value}
|
2746
|
+
else
|
2747
|
+
perms_array << {"name" => catalog_item_type_id, "access" => access_value}
|
2748
|
+
end
|
2749
|
+
end
|
2750
|
+
params['catalogItemTypes'] = perms_array
|
2751
|
+
|
2752
|
+
end
|
2753
|
+
if options[:persona_permissions]
|
2754
|
+
perms_array = []
|
2755
|
+
options[:persona_permissions].each do |k,v|
|
2756
|
+
persona_code = k
|
2757
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2758
|
+
perms_array << {"code" => persona_code, "access" => access_value}
|
2759
|
+
end
|
2760
|
+
params['personas'] = perms_array
|
2761
|
+
end
|
2762
|
+
if options[:vdi_pool_permissions]
|
2763
|
+
perms_array = []
|
2764
|
+
options[:vdi_pool_permissions].each do |k,v|
|
2765
|
+
vdi_pool_id = k
|
2766
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2767
|
+
if vdi_pool_id =~ /\A\d{1,}\Z/
|
2768
|
+
perms_array << {"id" => vdi_pool_id.to_i, "access" => access_value}
|
2769
|
+
else
|
2770
|
+
perms_array << {"name" => vdi_pool_id, "access" => access_value}
|
2771
|
+
end
|
2772
|
+
end
|
2773
|
+
params['vdiPools'] = perms_array
|
2774
|
+
end
|
2775
|
+
if options[:report_type_permissions]
|
2776
|
+
perms_array = []
|
2777
|
+
options[:report_type_permissions].each do |k,v|
|
2778
|
+
report_type_code = k
|
2779
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2780
|
+
if report_type_code =~ /\A\d{1,}\Z/
|
2781
|
+
perms_array << {"id" => report_type_code.to_i, "access" => access_value}
|
2782
|
+
else
|
2783
|
+
perms_array << {"code" => report_type_code, "access" => access_value}
|
2784
|
+
end
|
2785
|
+
end
|
2786
|
+
params['reportTypes'] = perms_array
|
2787
|
+
end
|
2788
|
+
if options[:task_permissions]
|
2789
|
+
perms_array = []
|
2790
|
+
options[:task_permissions].each do |k,v|
|
2791
|
+
task_id = k
|
2792
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2793
|
+
if task_id =~ /\A\d{1,}\Z/
|
2794
|
+
perms_array << {"id" => task_id.to_i, "access" => access_value}
|
2795
|
+
else
|
2796
|
+
perms_array << {"name" => task_id, "access" => access_value}
|
2797
|
+
end
|
2798
|
+
end
|
2799
|
+
params['tasks'] = perms_array
|
2800
|
+
end
|
2801
|
+
if options[:workflow_permissions]
|
2802
|
+
perms_array = []
|
2803
|
+
options[:workflow_permissions].each do |k,v|
|
2804
|
+
workflow_id = k
|
2805
|
+
access_value = v.to_s.empty? ? "none" : v.to_s
|
2806
|
+
if workflow_id =~ /\A\d{1,}\Z/
|
2807
|
+
perms_array << {"id" => workflow_id.to_i, "access" => access_value}
|
2808
|
+
else
|
2809
|
+
perms_array << {"name" => workflow_id, "access" => access_value}
|
2810
|
+
end
|
2811
|
+
end
|
2812
|
+
params['taskSets'] = perms_array
|
2813
|
+
end
|
2814
|
+
if options[:reset_permissions]
|
2815
|
+
params["resetPermissions"] = true
|
2816
|
+
end
|
2817
|
+
if options[:reset_all_access]
|
2818
|
+
params["resetAllAccess"] = true
|
2819
|
+
end
|
2820
|
+
end
|
2821
|
+
|
3005
2822
|
end
|