RubyGems - rs_user_policy - Versions diffs - 0.0.2 → 0.0.3 - Mend

rs_user_policy 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

data/README.rdoc CHANGED

@@ -2,6 +2,9 @@
 A useful tool for managing many users across many child accounts in a RightScale Enterprise Edition
+While the tests are not exhaustive, the current build status is..
+{<img src="https://travis-ci.org/rgeyer/rs_user_policy.png" />}[https://travis-ci.org/rgeyer/rs_user_policy]
 == Usage
 The binary contained in this gem accepts two files as inputs to determine it's behavior.  The first, is a policy JSON file which specifies the permissions to be applied to users.

data/bin/rs_user_policy CHANGED

@@ -45,7 +45,7 @@ accounts = []
 user_href_resource_map = {}
 user_email_resource_map = {}
 permission_delete_order = [
-  'enterprise_admin',
+  'enterprise_manager',
   'admin',
   'security_manager',
   'actor',
@@ -58,26 +58,34 @@ permission_delete_order = [
   'observer'
 ]
+log.info("The dry_run option was selected, no action will be taken, but the user_assignments output and audit_log files will be written reflecting the actions which would have been taken") if opts[:dry_run]
 user_assignments_output = "user_assignments-#{timestamp}.json"
 audit_log = AuditLog.new opts.merge(:timestamp => timestamp)
-client = RightApi::Client.new(:email => opts[:rs_email], :password => opts[:rs_pass], :account_id => opts[:rs_acct_num])
-master_account = client.accounts(:id => opts[:rs_acct_num]).show()
-client.users().index.each do |user|
-  user_href_resource_map[user.href] = user
-  user_email_resource_map[user.email] = user
+policy = {}
+def valid_policy_json_file?(json_file, &block)
+  # TODO: Also validate that the policy file is in the correct form.
+  # I.E. {
+  #   "policy-name": {
+  #     "account-href-or-default": ["list", "of", "permissions"]
+  #   }
+  #}
+  yield JSON.parse(File.read(json_file))
+  return true
+rescue JSON::ParserError
+  return false
 end
-accounts << {:client => client, :href => master_account.href, :name => master_account.name}
-log.info("The dry_run option was selected, no action will be taken, but the user_assignments output and audit_log files will be written reflecting the actions which would have been taken") if opts[:dry_run]
-log.info("Operating on the Enterprise Master Account #{master_account.name}")
 if File.exists? opts[:policy]
-  # TODO: Validate policy file format
-  policy = JSON.parse(File.read(opts[:policy]))
+  if valid_policy_json_file?(opts[:policy]) do |p|
+      policy = p
+    end
+  else
+    log.fatal("The policy file named #{opts[:policy]} is not a properly formatted json file!")
+    exit 1
+  end
 else
   log.fatal("The policy file named #{opts[:policy]} was not found!")
   exit 1
@@ -94,6 +102,17 @@ else
   log.warn("No user_assignments file was specified.  All users will be treated as immutable and written to the user_assigments output file.")
 end
+client = RightApi::Client.new(:email => opts[:rs_email], :password => opts[:rs_pass], :account_id => opts[:rs_acct_num])
+master_account = client.accounts(:id => opts[:rs_acct_num]).show()
+client.users().index.each do |user|
+  user_href_resource_map[user.href] = user
+  user_email_resource_map[user.email] = user
+end
+accounts << {:client => client, :href => master_account.href, :name => master_account.name}
+log.info("Operating on the Enterprise Master Account #{master_account.name}")
 begin
   client.child_accounts().index.each do |child|
     child_client = RightApi::Client.new(:email => opts[:rs_email], :password => opts[:rs_pass], :account_id => Utilities.id_from_href(child.href))
@@ -155,9 +174,12 @@ accounts.each do |account|
         audit_log.add_entry(email, account[:name], 'deleted', 'deleted')
       else
         user_policy = []
-        user_policy = policy[user_assignments[email]][account[:href]] if policy[user_assignments[email]].key?(account[:href])
-        user_policy = policy[user_assignments[email]]['default'] if policy[user_assignments[email]].key?('default')
-        removed = user.keys - user_policy
+        if policy[user_assignments[email]].key?(account[:href])
+          user_policy = policy[user_assignments[email]][account[:href]]
+        elsif policy[user_assignments[email]].key?('default')
+          user_policy = policy[user_assignments[email]]['default']
+        end
+        removed = (user_policy.length == 0) ? user.keys : user.keys - user_policy
         added = user_policy - user.keys
         changes = "-#{removed} +#{added}"
         unless opts[:dry_run]

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rs_user_policy
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-11-03 00:00:00.000000000 Z
+date: 2012-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: right_api_client
@@ -71,7 +71,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1930275068111788648
+      hash: -2736044117757199136
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -80,10 +80,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1930275068111788648
+      hash: -2736044117757199136
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.23
+rubygems_version: 1.8.24
 signing_key:
 specification_version: 3
 summary: Manages users across many different child accounts of a RightScale Enterprise