当前位置: 首页>>代码示例>>Python>>正文


Python PermissionGrant.add_or_update方法代码示例

本文整理汇总了Python中st2common.persistence.rbac.PermissionGrant.add_or_update方法的典型用法代码示例。如果您正苦于以下问题:Python PermissionGrant.add_or_update方法的具体用法?Python PermissionGrant.add_or_update怎么用?Python PermissionGrant.add_or_update使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在st2common.persistence.rbac.PermissionGrant的用法示例。


在下文中一共展示了PermissionGrant.add_or_update方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(PolicyTypeControllerRBACTestCase, self).setUp()
        self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                               fixtures_dict=TEST_FIXTURES)

        file_name = 'fake_policy_type_1.yaml'
        PolicyTypeControllerRBACTestCase.POLICY_TYPE_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name]

        file_name = 'fake_policy_type_2.yaml'
        PolicyTypeControllerRBACTestCase.POLICY_TYPE_2 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name]

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='policy_type_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['policy_type_list'] = user_1_db

        user_2_db = UserDB(name='policy_type_view')
        user_2_db = User.add_or_update(user_2_db)
        self.users['policy_type_view'] = user_2_db

        # Roles
        # policy_type_list
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.POLICY_TYPE,
                                     permission_types=[PermissionType.POLICY_TYPE_LIST])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='policy_type_list', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['policy_type_list'] = role_1_db

        # policy_type_view on timer 1
        policy_type_uid = self.models['policytypes']['fake_policy_type_1.yaml'].get_uid()
        grant_db = PermissionGrantDB(resource_uid=policy_type_uid,
                                     resource_type=ResourceType.POLICY_TYPE,
                                     permission_types=[PermissionType.POLICY_TYPE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='policy_type_view', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['policy_type_view'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['policy_type_list'].name,
            role=self.roles['policy_type_list'].name,
            source='assignments/%s.yaml' % self.users['policy_type_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['policy_type_view'].name,
            role=self.roles['policy_type_view'].name,
            source='assignments/%s.yaml' % self.users['policy_type_view'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:62,代码来源:test_policies_rbac.py

示例2: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(RunnerPermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='custom_role_runner_view_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_runner_view_grant'] = user_1_db

        user_2_db = UserDB(name='custom_role_runner_modify_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_runner_modify_grant'] = user_2_db

        # Create some mock resources on which permissions can be granted
        runner_1_db = RunnerTypeDB(name='runner_1')
        self.resources['runner_1'] = runner_1_db

        runner_2_db = RunnerTypeDB(name='runner_2')
        self.resources['runner_2'] = runner_2_db

        # Create some mock roles with associated permission grants
        # Custom role - "runner_view" grant on runner_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['runner_1'].get_uid(),
                                     resource_type=ResourceType.RUNNER,
                                     permission_types=[PermissionType.RUNNER_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_runner_view_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_runner_view_grant'] = role_db

        # Custom role - "runner_modify" grant on runner_2
        grant_db = PermissionGrantDB(resource_uid=self.resources['runner_2'].get_uid(),
                                     resource_type=ResourceType.RUNNER,
                                     permission_types=[PermissionType.RUNNER_MODIFY])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_runner_modify_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_runner_modify_grant'] = role_db

        # Create some mock role assignments
        user_db = self.users['custom_role_runner_view_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_runner_view_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_runner_modify_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_runner_modify_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:Bala96,项目名称:st2,代码行数:56,代码来源:test_rbac_resolvers_runner.py

示例3: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(WebhookControllerRBACTestCase, self).setUp()

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='webhook_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['webhook_list'] = user_1_db

        user_2_db = UserDB(name='webhook_view')
        user_2_db = User.add_or_update(user_2_db)
        self.users['webhook_view'] = user_2_db

        # Roles
        # webhook_list
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_LIST])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='webhook_list', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['webhook_list'] = role_1_db

        # webhook_view on webhook 1 (git)
        name = 'git'
        webhook_db = WebhookDB(name=name)
        webhook_uid = webhook_db.get_uid()
        grant_db = PermissionGrantDB(resource_uid=webhook_uid,
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='webhook_view', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['webhook_view'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['webhook_list'].name,
            role=self.roles['webhook_list'].name,
            source='assignments/%s.yaml' % self.users['webhook_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['webhook_view'].name,
            role=self.roles['webhook_view'].name,
            source='assignments/%s.yaml' % self.users['webhook_view'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:52,代码来源:test_webhooks_rbac.py

示例4: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(ExecutionViewsFiltersControllerRBACTestCase, self).setUp()

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='execution_views_filters_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['execution_views_filters_list'] = user_1_db

        # Roles
        # trace_list
        permission_types = [PermissionType.EXECUTION_VIEWS_FILTERS_LIST]
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.EXECUTION,
                                     permission_types=permission_types)
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='execution_views_filters_list',
                           permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['execution_views_filters_list'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['execution_views_filters_list'].name,
            role=self.roles['execution_views_filters_list'].name,
            source='assignments/%s.yaml' % self.users['execution_views_filters_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:31,代码来源:test_executions_filters_rbac.py

示例5: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(WebhookPermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='custom_role_webhook_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_webhook_grant'] = user_1_db

        # Create some mock resources on which permissions can be granted
        webhook_1_db = WebhookDB(name='st2/')
        self.resources['webhook_1'] = webhook_1_db

        # Create some mock roles with associated permission grants
        # Custom role - "webhook_send" grant on webhook_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['webhook_1'].get_uid(),
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_SEND])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_webhook_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_webhook_grant'] = role_db

        # Create some mock role assignments
        user_db = self.users['custom_role_webhook_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name, role=self.roles['custom_role_webhook_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:32,代码来源:test_rbac_resolvers_webhook.py

示例6: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(ActionControllerRBACTestCase, self).setUp()
        self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                 fixtures_dict=TEST_FIXTURES)

        file_name = 'action1.yaml'
        ActionControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'actions': [file_name]})['actions'][file_name]

        # Insert mock users, roles and assignments

        # Users
        user_2_db = UserDB(name='action_create')
        user_2_db = User.add_or_update(user_2_db)
        self.users['action_create'] = user_2_db

        # Roles
        # action_create grant on parent pack
        grant_db = PermissionGrantDB(resource_uid='pack:examples',
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.ACTION_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='action_create', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['action_create'] = role_1_db

        # Role assignments
        user_db = self.users['action_create']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['action_create'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:Bala96,项目名称:st2,代码行数:36,代码来源:test_actions_rbac.py

示例7: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(RBACControllerTestCase, self).setUp()

        permissions = [PermissionType.RULE_CREATE,
                       PermissionType.RULE_VIEW,
                       PermissionType.RULE_MODIFY,
                       PermissionType.RULE_DELETE]

        for name in permissions:
            user_db = UserDB(name=name)
            user_db = User.add_or_update(user_db)
            self.users[name] = user_db

            # Roles
            # action_create grant on parent pack
            grant_db = PermissionGrantDB(resource_uid='pack:examples',
                                         resource_type=ResourceType.PACK,
                                         permission_types=[name])
            grant_db = PermissionGrant.add_or_update(grant_db)
            grant_2_db = PermissionGrantDB(resource_uid='action:wolfpack:action-1',
                                           resource_type=ResourceType.ACTION,
                                           permission_types=[PermissionType.ACTION_EXECUTE])
            grant_2_db = PermissionGrant.add_or_update(grant_2_db)
            permission_grants = [str(grant_db.id), str(grant_2_db.id)]
            role_db = RoleDB(name=name, permission_grants=permission_grants)
            role_db = Role.add_or_update(role_db)
            self.roles[name] = role_db

            # Role assignments
            role_assignment_db = UserRoleAssignmentDB(
                user=user_db.name,
                role=role_db.name,
                source='assignments/%s.yaml' % user_db.name)
            UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user='user_two',
            role='role_two',
            source='assignments/user_two.yaml',
            is_remote=True)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:43,代码来源:test_rbac.py

示例8: create_permission_grant

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
def create_permission_grant(role_db, resource_uid, resource_type, permission_types):
    """
    Create a new permission grant and add it to the provided role.

    :param role_db: Role to add the permission assignment to.
    :type role_db: :class:`RoleDB`
    """
    # Create or update the PermissionGrantDB
    permission_grant_db = PermissionGrantDB(
        resource_uid=resource_uid, resource_type=resource_type, permission_types=permission_types
    )
    permission_grant_db = PermissionGrant.add_or_update(permission_grant_db)

    # Add assignment to the role
    role_db.update(push__permission_grants=str(permission_grant_db.id))

    return permission_grant_db
开发者ID:rlugojr,项目名称:st2,代码行数:19,代码来源:rbac.py

示例9: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(ActionViewsControllerRBACTestCase, self).setUp()
        self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                               fixtures_dict=TEST_FIXTURES)

        file_name = 'a1.yaml'
        ActionViewsControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'actions': [file_name]})['actions'][file_name]

        file_name = 'a2.yaml'
        ActionViewsControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'actions': [file_name]})['actions'][file_name]

        # Insert mock users, roles and assignments

        # Users
        user_2_db = UserDB(name='action_view_a1')
        user_2_db = User.add_or_update(user_2_db)
        self.users['action_view_a1'] = user_2_db

        # Roles

        # action_view on a1
        action_uid = self.models['actions']['a1.yaml'].get_uid()
        grant_db = PermissionGrantDB(resource_uid=action_uid,
                                     resource_type=ResourceType.ACTION,
                                     permission_types=[PermissionType.ACTION_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='action_view_a1', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['action_view_a1'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['action_view_a1'].name,
            role=self.roles['action_view_a1'].name,
            source='assignments/%s.yaml' % self.users['action_view_a1'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:43,代码来源:test_action_views_rbac.py

示例10: _insert_common_mock_roles

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def _insert_common_mock_roles(self):
        # Insert common mock roles
        admin_role_db = rbac_services.get_role_by_name(name=SystemRole.ADMIN)
        observer_role_db = rbac_services.get_role_by_name(name=SystemRole.OBSERVER)
        self.roles['admin_role'] = admin_role_db
        self.roles['observer_role'] = observer_role_db

        # Custom role 1 - no grants
        role_1_db = rbac_services.create_role(name='custom_role_1')
        self.roles['custom_role_1'] = role_1_db

        # Custom role 2 - one grant on pack_1
        # "pack_create" on pack_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.PACK_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_3_db = RoleDB(name='custom_role_pack_grant', permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['custom_role_pack_grant'] = role_3_db
开发者ID:Bala96,项目名称:st2,代码行数:23,代码来源:test_rbac_resolvers.py

示例11: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(RuleControllerRBACTestCase, self).setUp()
        self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                fixtures_dict=TEST_FIXTURES)

        file_name = 'rule_with_webhook_trigger.yaml'
        RuleControllerRBACTestCase.RULE_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'rules': [file_name]})['rules'][file_name]

        file_name = 'rule_example_pack.yaml'
        RuleControllerRBACTestCase.RULE_2 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'rules': [file_name]})['rules'][file_name]

        # Insert mock users, roles and assignments
        self = self
        self.users = {}
        self.roles = {}

        # Users
        user_1_db = UserDB(name='rule_create')
        user_1_db = User.add_or_update(user_1_db)
        self.users['rule_create'] = user_1_db

        user_2_db = UserDB(name='rule_create_webhook_create')
        user_2_db = User.add_or_update(user_2_db)
        self.users['rule_create_webhook_create'] = user_2_db

        user_3_db = UserDB(name='rule_create_webhook_create_core_local_execute')
        user_3_db = User.add_or_update(user_3_db)
        self.users['rule_create_webhook_create_core_local_execute'] = user_3_db

        # Roles
        # rule_create grant on parent pack
        grant_db = PermissionGrantDB(resource_uid='pack:examples',
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.RULE_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='rule_create', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['rule_create'] = role_1_db

        # rule_create grant on parent pack, webhook_create on webhook "sample"
        grant_1_db = PermissionGrantDB(resource_uid='pack:examples',
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.RULE_CREATE])
        grant_1_db = PermissionGrant.add_or_update(grant_1_db)
        grant_2_db = PermissionGrantDB(resource_uid='webhook:sample',
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_CREATE])
        grant_2_db = PermissionGrant.add_or_update(grant_2_db)
        permission_grants = [str(grant_1_db.id), str(grant_2_db.id)]
        role_2_db = RoleDB(name='rule_create_webhook_create', permission_grants=permission_grants)
        role_2_db = Role.add_or_update(role_2_db)
        self.roles['rule_create_webhook_create'] = role_2_db

        # rule_create grant on parent pack, webhook_create on webhook "sample", action_execute on
        # core.local
        grant_1_db = PermissionGrantDB(resource_uid='pack:examples',
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.RULE_CREATE])
        grant_1_db = PermissionGrant.add_or_update(grant_1_db)
        grant_2_db = PermissionGrantDB(resource_uid='webhook:sample',
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_CREATE])
        grant_2_db = PermissionGrant.add_or_update(grant_2_db)
        grant_3_db = PermissionGrantDB(resource_uid='action:core:local',
                                     resource_type=ResourceType.ACTION,
                                     permission_types=[PermissionType.ACTION_EXECUTE])
        grant_3_db = PermissionGrant.add_or_update(grant_3_db)
        permission_grants = [str(grant_1_db.id), str(grant_2_db.id), str(grant_3_db.id)]
        role_3_db = RoleDB(name='rule_create_webhook_create_core_local_execute',
                           permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['rule_create_webhook_create_core_local_execute'] = role_3_db

        # Role assignments
        user_db = self.users['rule_create']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_create'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_create_webhook_create']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_create_webhook_create'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_create_webhook_create_core_local_execute']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_create_webhook_create_core_local_execute'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:AlexeyDeyneko,项目名称:st2,代码行数:98,代码来源:test_rules_rbac.py

示例12: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(ActionAliasPermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='alias_pack_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['alias_pack_grant'] = user_1_db

        user_2_db = UserDB(name='alias_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['alias_grant'] = user_2_db

        user_3_db = UserDB(name='pack_alias_all_grant')
        user_3_db = User.add_or_update(user_3_db)
        self.users['pack_alias_all_grant'] = user_3_db

        user_4_db = UserDB(name='alias_all_grant')
        user_4_db = User.add_or_update(user_4_db)
        self.users['alias_all_grant'] = user_4_db

        user_5_db = UserDB(name='alias_modify_grant')
        user_5_db = User.add_or_update(user_5_db)
        self.users['alias_modify_grant'] = user_5_db

        user_6_db = UserDB(name='alias_pack_alias_create_grant')
        user_6_db = User.add_or_update(user_6_db)
        self.users['alias_pack_alias_create_grant'] = user_6_db

        user_7_db = UserDB(name='alias_pack_alias_all_grant')
        user_7_db = User.add_or_update(user_7_db)
        self.users['alias_pack_alias_all_grant'] = user_7_db

        user_8_db = UserDB(name='alias_alias_create_grant')
        user_8_db = User.add_or_update(user_8_db)
        self.users['alias_alias_create_grant'] = user_8_db

        user_10_db = UserDB(name='alias_list_grant')
        user_10_db = User.add_or_update(user_10_db)
        self.users['alias_list_grant'] = user_10_db

        # Create some mock resources on which permissions can be granted
        alias_1_db = ActionAliasDB(pack='test_pack_1', name='alias1', formats=['a'],
                                   action_ref='core.local')
        self.resources['alias_1'] = alias_1_db

        alias_2_db = ActionAliasDB(pack='test_pack_1', name='alias2', formats=['a'],
                                   action_ref='core.local')
        self.resources['alias_2'] = alias_2_db

        alias_3_db = ActionAliasDB(pack='test_pack_2', name='alias3', formats=['a'],
                                   action_ref='core.local')
        self.resources['alias_3'] = alias_3_db

        # Create some mock roles with associated permission grants
        # One grant on parent pack, action_alias_view on pack1
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.ACTION_ALIAS_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_3_db = RoleDB(name='alias_pack_grant',
                           permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['alias_pack_grant'] = role_3_db

        # "action_alias_view" on alias_3
        grant_db = PermissionGrantDB(resource_uid=self.resources['alias_3'].get_uid(),
                                     resource_type=ResourceType.ACTION_ALIAS,
                                     permission_types=[PermissionType.ACTION_ALIAS_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='alias_grant', permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['alias_grant'] = role_4_db

        # Custom role - "action_alias_all" grant on a parent pack
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.ACTION_ALIAS_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='pack_alias_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['pack_alias_all_grant'] = role_4_db

        # Custom role - "action_alias_all" grant on alias
        grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(),
                                     resource_type=ResourceType.ACTION_ALIAS,
                                     permission_types=[PermissionType.ACTION_ALIAS_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='alias_all_grant', permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['alias_all_grant'] = role_4_db

        # Custom role - "alias_modify" on alias_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(),
                                     resource_type=ResourceType.ACTION_ALIAS,
                                     permission_types=[PermissionType.ACTION_ALIAS_MODIFY])
#.........这里部分代码省略.........
开发者ID:lyandut,项目名称:st2,代码行数:103,代码来源:test_rbac_resolvers_action_alias.py

示例13: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(ExecutionPermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_unrelated_pack_action_grant'] = user_1_db

        user_2_db = UserDB(name='custom_role_pack_action_grant_unrelated_permission')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_pack_action_grant_unrelated_permission'] = user_2_db

        user_3_db = UserDB(name='custom_role_pack_action_view_grant')
        user_3_db = User.add_or_update(user_3_db)
        self.users['custom_role_pack_action_view_grant'] = user_3_db

        user_4_db = UserDB(name='custom_role_action_view_grant')
        user_4_db = User.add_or_update(user_4_db)
        self.users['custom_role_action_view_grant'] = user_4_db

        user_5_db = UserDB(name='custom_role_pack_action_execute_grant')
        user_5_db = User.add_or_update(user_5_db)
        self.users['custom_role_pack_action_execute_grant'] = user_5_db

        user_6_db = UserDB(name='custom_role_action_execute_grant')
        user_6_db = User.add_or_update(user_6_db)
        self.users['custom_role_action_execute_grant'] = user_6_db

        user_7_db = UserDB(name='custom_role_pack_action_all_grant')
        user_7_db = User.add_or_update(user_7_db)
        self.users['custom_role_pack_action_all_grant'] = user_7_db

        user_8_db = UserDB(name='custom_role_action_all_grant')
        user_8_db = User.add_or_update(user_8_db)
        self.users['custom_role_action_all_grant'] = user_8_db

        # Create some mock resources on which permissions can be granted
        action_1_db = ActionDB(pack='test_pack_2', name='action1', entry_point='',
                               runner_type={'name': 'run-local'})
        action_1_db = Action.add_or_update(action_1_db)
        self.resources['action_1'] = action_1_db

        runner = {'name': 'run-python'}
        liveaction = {'action': 'test_pack_2.action1'}
        status = action_constants.LIVEACTION_STATUS_REQUESTED

        action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'}
        exec_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction,
                                      status=status)
        exec_1_db = ActionExecution.add_or_update(exec_1_db)
        self.resources['exec_1'] = exec_1_db

        # Create some mock roles with associated permission grants
        # Custom role - one grant to an unrelated pack
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.ACTION_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_unrelated_pack_action_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_unrelated_pack_action_grant'] = role_db

        # Custom role - one grant of unrelated permission type to parent action pack
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_pack_action_grant_unrelated_permission',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_pack_action_grant_unrelated_permission'] = role_db

        # Custom role - one grant of "action_view" to the parent pack of the action the execution
        # belongs to
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.ACTION_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_pack_action_view_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_pack_action_view_grant'] = role_db

        # Custom role - one grant of "action_view" to the action the execution belongs to
        grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
                                     resource_type=ResourceType.ACTION,
                                     permission_types=[PermissionType.ACTION_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_action_view_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_action_view_grant'] = role_db

        # Custom role - one grant of "action_execute" to the parent pack of the action the
        # execution belongs to
#.........这里部分代码省略.........
开发者ID:agilee,项目名称:st2,代码行数:103,代码来源:test_rbac_resolvers_execution.py

示例14: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(ApiKeyControllerRBACTestCase, self).setUp()
        self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                               fixtures_dict=TEST_FIXTURES)

        file_name = 'apikey1.yaml'
        ApiKeyControllerRBACTestCase.API_KEY_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'apikeys': [file_name]})['apikeys'][file_name]

        file_name = 'apikey2.yaml'
        ApiKeyControllerRBACTestCase.API_KEY_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'apikeys': [file_name]})['apikeys'][file_name]

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='api_key_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['api_key_list'] = user_1_db

        user_2_db = UserDB(name='api_key_view')
        user_2_db = User.add_or_update(user_2_db)
        self.users['api_key_view'] = user_2_db

        user_3_db = UserDB(name='api_key_create')
        user_3_db = User.add_or_update(user_3_db)
        self.users['api_key_create'] = user_3_db

        # Roles
        # api_key_list
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.API_KEY,
                                     permission_types=[PermissionType.API_KEY_LIST])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='api_key_list', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['api_key_list'] = role_1_db

        # api_key_view on apikey1
        api_key_uid = self.models['apikeys']['apikey1.yaml'].get_uid()

        grant_db = PermissionGrantDB(resource_uid=api_key_uid,
                                     resource_type=ResourceType.API_KEY,
                                     permission_types=[PermissionType.API_KEY_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='api_key_view', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['api_key_view'] = role_1_db

        # api_key_list
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.API_KEY,
                                     permission_types=[PermissionType.API_KEY_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='api_key_create', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['api_key_create'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['api_key_list'].name,
            role=self.roles['api_key_list'].name,
            source='assignments/%s.yaml' % self.users['api_key_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['api_key_view'].name,
            role=self.roles['api_key_view'].name,
            source='assignments/%s.yaml' % self.users['api_key_view'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['api_key_create'].name,
            role=self.roles['api_key_create'].name,
            source='assignments/%s.yaml' % self.users['api_key_create'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:83,代码来源:test_auth_api_keys_rbac.py

示例15: setUp

# 需要导入模块: from st2common.persistence.rbac import PermissionGrant [as 别名]
# 或者: from st2common.persistence.rbac.PermissionGrant import add_or_update [as 别名]
    def setUp(self):
        super(RuleEnforcementPermissionsResolverTestCase, self).setUp()

        register_internal_trigger_types()

        # Create some mock users
        user_1_db = UserDB(name='1_role_rule_pack_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_rule_pack_grant'] = user_1_db

        user_2_db = UserDB(name='1_role_rule_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_rule_grant'] = user_2_db

        user_3_db = UserDB(name='custom_role_pack_rule_all_grant')
        user_3_db = User.add_or_update(user_3_db)
        self.users['custom_role_pack_rule_all_grant'] = user_3_db

        user_4_db = UserDB(name='custom_role_rule_all_grant')
        user_4_db = User.add_or_update(user_4_db)
        self.users['custom_role_rule_all_grant'] = user_4_db

        user_5_db = UserDB(name='custom_role_rule_modify_grant')
        user_5_db = User.add_or_update(user_5_db)
        self.users['custom_role_rule_modify_grant'] = user_5_db

        user_6_db = UserDB(name='rule_pack_rule_create_grant')
        user_6_db = User.add_or_update(user_6_db)
        self.users['rule_pack_rule_create_grant'] = user_6_db

        user_7_db = UserDB(name='rule_pack_rule_all_grant')
        user_7_db = User.add_or_update(user_7_db)
        self.users['rule_pack_rule_all_grant'] = user_7_db

        user_8_db = UserDB(name='rule_rule_create_grant')
        user_8_db = User.add_or_update(user_8_db)
        self.users['rule_rule_create_grant'] = user_8_db

        user_9_db = UserDB(name='rule_rule_all_grant')
        user_9_db = User.add_or_update(user_9_db)
        self.users['rule_rule_all_grant'] = user_9_db

        user_10_db = UserDB(name='custom_role_rule_list_grant')
        user_10_db = User.add_or_update(user_10_db)
        self.users['custom_role_rule_list_grant'] = user_10_db

        # Create some mock resources on which permissions can be granted
        rule_1_db = RuleDB(pack='test_pack_1', name='rule1', action={'ref': 'core.local'},
                           trigger='core.st2.key_value_pair.create')
        rule_1_db = Rule.add_or_update(rule_1_db)
        self.resources['rule_1'] = rule_1_db

        rule_enforcement_1_db = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()),
                                                  execution_id=str(bson.ObjectId()),
                                                  rule={'ref': rule_1_db.ref,
                                                        'uid': rule_1_db.uid,
                                                        'id': str(rule_1_db.id)})
        rule_enforcement_1_db = RuleEnforcement.add_or_update(rule_enforcement_1_db)
        self.resources['rule_enforcement_1'] = rule_enforcement_1_db

        rule_2_db = RuleDB(pack='test_pack_1', name='rule2')
        rule_2_db = Rule.add_or_update(rule_2_db)
        self.resources['rule_2'] = rule_2_db

        rule_enforcement_2_db = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()),
                                                  execution_id=str(bson.ObjectId()),
                                                  rule={'ref': rule_2_db.ref,
                                                        'uid': rule_2_db.uid,
                                                        'id': str(rule_2_db.id)})
        rule_enforcement_2_db = RuleEnforcement.add_or_update(rule_enforcement_2_db)
        self.resources['rule_enforcement_2'] = rule_enforcement_2_db

        rule_3_db = RuleDB(pack='test_pack_2', name='rule3')
        rule_3_db = Rule.add_or_update(rule_3_db)
        self.resources['rule_3'] = rule_3_db

        rule_enforcement_3_db = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()),
                                                  execution_id=str(bson.ObjectId()),
                                                  rule={'ref': rule_3_db.ref,
                                                        'uid': rule_3_db.uid,
                                                        'id': str(rule_3_db.id)})
        rule_enforcement_3_db = RuleEnforcement.add_or_update(rule_enforcement_3_db)
        self.resources['rule_enforcement_3'] = rule_enforcement_3_db

        # Create some mock roles with associated permission grants
        # Custom role 2 - one grant on parent pack
        # "rule_view" on pack_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_3_db = RoleDB(name='custom_role_rule_pack_grant',
                           permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['custom_role_rule_pack_grant'] = role_3_db

        # Custom role 4 - one grant on rule
        # "rule_view on rule_3
        grant_db = PermissionGrantDB(resource_uid=self.resources['rule_3'].get_uid(),
#.........这里部分代码省略.........
开发者ID:Bala96,项目名称:st2,代码行数:103,代码来源:test_rbac_resolvers_rule_enforcement.py


注:本文中的st2common.persistence.rbac.PermissionGrant.add_or_update方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。