本文整理汇总了Python中st2common.persistence.rbac.UserRoleAssignment类的典型用法代码示例。如果您正苦于以下问题:Python UserRoleAssignment类的具体用法?Python UserRoleAssignment怎么用?Python UserRoleAssignment使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了UserRoleAssignment类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: setUp
def setUp(self):
super(APIControllerWithRBACTestCase, self).setUp()
self.users = {}
self.roles = {}
# Run RBAC migrations
run_all_rbac_migrations()
# Insert mock users with default role assignments
role_names = [SystemRole.SYSTEM_ADMIN, SystemRole.ADMIN, SystemRole.OBSERVER]
for role_name in role_names:
user_db = UserDB(name=role_name)
user_db = User.add_or_update(user_db)
self.users[role_name] = user_db
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=role_name)
UserRoleAssignment.add_or_update(role_assignment_db)
# Insert a user with no permissions and role assignments
user_1_db = UserDB(name='no_permissions')
user_1_db = User.add_or_update(user_1_db)
self.users['no_permissions'] = user_1_db
示例2: setUp
def setUp(self):
super(WebhookPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='custom_role_webhook_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_webhook_grant'] = user_1_db
# Create some mock resources on which permissions can be granted
webhook_1_db = WebhookDB(name='st2/')
self.resources['webhook_1'] = webhook_1_db
# Create some mock roles with associated permission grants
# Custom role - "webhook_send" grant on webhook_1
grant_db = PermissionGrantDB(resource_uid=self.resources['webhook_1'].get_uid(),
resource_type=ResourceType.WEBHOOK,
permission_types=[PermissionType.WEBHOOK_SEND])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_webhook_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_webhook_grant'] = role_db
# Create some mock role assignments
user_db = self.users['custom_role_webhook_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_webhook_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
示例3: setUp
def setUp(self):
super(RBACRoleAssignmentsControllerRBACTestCase, self).setUp()
# Insert mock users, roles and assignments
self.role_assignments = {}
# Users
user_1_db = UserDB(name='user_foo')
user_1_db = User.add_or_update(user_1_db)
self.users['user_foo'] = user_1_db
# Roles
role_1_db = RoleDB(name='user_foo', permission_grants=[])
role_1_db = Role.add_or_update(role_1_db)
self.roles['user_foo'] = role_1_db
# Role assignments
role_assignment_db = UserRoleAssignmentDB(
user=self.users['user_foo'].name,
role=self.roles['user_foo'].name,
source='assignments/%s.yaml' % self.users['user_foo'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
self.role_assignments['assignment_one'] = role_assignment_db
role_assignment_db = UserRoleAssignmentDB(
user='user_bar',
role=self.roles['user_foo'].name,
source='assignments/user_bar.yaml')
UserRoleAssignment.add_or_update(role_assignment_db)
self.role_assignments['assignment_two'] = role_assignment_db
示例4: _sync_user_role_assignments
def _sync_user_role_assignments(self, user_db, role_assignment_dbs, role_assignment_api):
"""
Synchronize role assignments for a particular user.
:param user_db: User to synchronize the assignments for.
:type user_db: :class:`UserDB`
:param role_assignment_dbs: Existing user role assignments.
:type role_assignment_dbs: ``list`` of :class:`UserRoleAssignmentDB`
:param role_assignment_api: Role assignment API for a particular user.
:param role_assignment_api: :class:`UserRoleAssignmentFileFormatAPI`
:rtype: ``tuple``
"""
db_role_names = [role_assignment_db.role for role_assignment_db in role_assignment_dbs]
db_role_names = set(db_role_names)
api_role_names = role_assignment_api.roles if role_assignment_api else []
api_role_names = set(api_role_names)
# A list of new assignments which should be added to the database
new_role_names = api_role_names.difference(db_role_names)
# A list of assgignments which need to be updated in the database
updated_role_names = db_role_names.intersection(api_role_names)
# A list of assignments which should be removed from the database
removed_role_names = db_role_names - api_role_names
LOG.debug('New assignments for user "%s": %r' % (user_db.name, new_role_names))
LOG.debug('Updated assignments for user "%s": %r' % (user_db.name, updated_role_names))
LOG.debug('Removed assignments for user "%s": %r' % (user_db.name, removed_role_names))
# Build a list of role assignments to delete
role_names_to_delete = updated_role_names.union(removed_role_names)
role_assignment_dbs_to_delete = [
role_assignment_db
for role_assignment_db in role_assignment_dbs
if role_assignment_db.role in role_names_to_delete
]
UserRoleAssignment.query(user=user_db.name, role__in=role_names_to_delete).delete()
LOG.debug('Removed %s assignments for user "%s"' % (len(role_assignment_dbs_to_delete), user_db.name))
# Build a list of roles assignments to create
role_names_to_create = new_role_names.union(updated_role_names)
role_dbs_to_assign = Role.query(name__in=role_names_to_create)
created_role_assignment_dbs = []
for role_db in role_dbs_to_assign:
if role_db.name in role_assignment_api.roles:
description = getattr(role_assignment_api, "description", None)
else:
description = None
assignment_db = rbac_services.assign_role_to_user(role_db=role_db, user_db=user_db, description=description)
created_role_assignment_dbs.append(assignment_db)
LOG.debug('Created %s new assignments for user "%s"' % (len(role_dbs_to_assign), user_db.name))
return (created_role_assignment_dbs, role_assignment_dbs_to_delete)
示例5: setUp
def setUp(self):
super(ActionControllerRBACTestCase, self).setUp()
self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
fixtures_dict=TEST_FIXTURES)
file_name = 'action1.yaml'
ActionControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures(
fixtures_pack=FIXTURES_PACK,
fixtures_dict={'actions': [file_name]})['actions'][file_name]
# Insert mock users, roles and assignments
# Users
user_2_db = UserDB(name='action_create')
user_2_db = User.add_or_update(user_2_db)
self.users['action_create'] = user_2_db
# Roles
# action_create grant on parent pack
grant_db = PermissionGrantDB(resource_uid='pack:examples',
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_CREATE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='action_create', permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['action_create'] = role_1_db
# Role assignments
user_db = self.users['action_create']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['action_create'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
示例6: setUp
def setUp(self):
super(ExecutionViewsFiltersControllerRBACTestCase, self).setUp()
# Insert mock users, roles and assignments
# Users
user_1_db = UserDB(name='execution_views_filters_list')
user_1_db = User.add_or_update(user_1_db)
self.users['execution_views_filters_list'] = user_1_db
# Roles
# trace_list
permission_types = [PermissionType.EXECUTION_VIEWS_FILTERS_LIST]
grant_db = PermissionGrantDB(resource_uid=None,
resource_type=ResourceType.EXECUTION,
permission_types=permission_types)
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='execution_views_filters_list',
permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['execution_views_filters_list'] = role_1_db
# Role assignments
role_assignment_db = UserRoleAssignmentDB(
user=self.users['execution_views_filters_list'].name,
role=self.roles['execution_views_filters_list'].name,
source='assignments/%s.yaml' % self.users['execution_views_filters_list'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
示例7: setUp
def setUp(self):
super(PolicyTypeControllerRBACTestCase, self).setUp()
self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
fixtures_dict=TEST_FIXTURES)
file_name = 'fake_policy_type_1.yaml'
PolicyTypeControllerRBACTestCase.POLICY_TYPE_1 = self.fixtures_loader.load_fixtures(
fixtures_pack=FIXTURES_PACK,
fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name]
file_name = 'fake_policy_type_2.yaml'
PolicyTypeControllerRBACTestCase.POLICY_TYPE_2 = self.fixtures_loader.load_fixtures(
fixtures_pack=FIXTURES_PACK,
fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name]
# Insert mock users, roles and assignments
# Users
user_1_db = UserDB(name='policy_type_list')
user_1_db = User.add_or_update(user_1_db)
self.users['policy_type_list'] = user_1_db
user_2_db = UserDB(name='policy_type_view')
user_2_db = User.add_or_update(user_2_db)
self.users['policy_type_view'] = user_2_db
# Roles
# policy_type_list
grant_db = PermissionGrantDB(resource_uid=None,
resource_type=ResourceType.POLICY_TYPE,
permission_types=[PermissionType.POLICY_TYPE_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='policy_type_list', permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['policy_type_list'] = role_1_db
# policy_type_view on timer 1
policy_type_uid = self.models['policytypes']['fake_policy_type_1.yaml'].get_uid()
grant_db = PermissionGrantDB(resource_uid=policy_type_uid,
resource_type=ResourceType.POLICY_TYPE,
permission_types=[PermissionType.POLICY_TYPE_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='policy_type_view', permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['policy_type_view'] = role_1_db
# Role assignments
role_assignment_db = UserRoleAssignmentDB(
user=self.users['policy_type_list'].name,
role=self.roles['policy_type_list'].name,
source='assignments/%s.yaml' % self.users['policy_type_list'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
role_assignment_db = UserRoleAssignmentDB(
user=self.users['policy_type_view'].name,
role=self.roles['policy_type_view'].name,
source='assignments/%s.yaml' % self.users['policy_type_view'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
示例8: setUp
def setUp(self):
super(RunnerPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='custom_role_runner_view_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_runner_view_grant'] = user_1_db
user_2_db = UserDB(name='custom_role_runner_modify_grant')
user_2_db = User.add_or_update(user_2_db)
self.users['custom_role_runner_modify_grant'] = user_2_db
# Create some mock resources on which permissions can be granted
runner_1_db = RunnerTypeDB(name='runner_1')
self.resources['runner_1'] = runner_1_db
runner_2_db = RunnerTypeDB(name='runner_2')
self.resources['runner_2'] = runner_2_db
# Create some mock roles with associated permission grants
# Custom role - "runner_view" grant on runner_1
grant_db = PermissionGrantDB(resource_uid=self.resources['runner_1'].get_uid(),
resource_type=ResourceType.RUNNER,
permission_types=[PermissionType.RUNNER_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_runner_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_runner_view_grant'] = role_db
# Custom role - "runner_modify" grant on runner_2
grant_db = PermissionGrantDB(resource_uid=self.resources['runner_2'].get_uid(),
resource_type=ResourceType.RUNNER,
permission_types=[PermissionType.RUNNER_MODIFY])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_runner_modify_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_runner_modify_grant'] = role_db
# Create some mock role assignments
user_db = self.users['custom_role_runner_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_runner_view_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_runner_modify_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_runner_modify_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
示例9: revoke_role_from_user
def revoke_role_from_user(role_db, user_db):
"""
Revoke role from a user.
:param role_db: Role to revoke.
:type role_db: :class:`RoleDB`
:param user_db: User to revoke the role from.
:type user_db: :class:`UserDB`
"""
role_assignment_db = UserRoleAssignment.get(user=user_db.name, role=role_db.name)
result = UserRoleAssignment.delete(role_assignment_db)
return result
示例10: setUp
def setUp(self):
super(WebhookControllerRBACTestCase, self).setUp()
# Insert mock users, roles and assignments
# Users
user_1_db = UserDB(name='webhook_list')
user_1_db = User.add_or_update(user_1_db)
self.users['webhook_list'] = user_1_db
user_2_db = UserDB(name='webhook_view')
user_2_db = User.add_or_update(user_2_db)
self.users['webhook_view'] = user_2_db
# Roles
# webhook_list
grant_db = PermissionGrantDB(resource_uid=None,
resource_type=ResourceType.WEBHOOK,
permission_types=[PermissionType.WEBHOOK_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='webhook_list', permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['webhook_list'] = role_1_db
# webhook_view on webhook 1 (git)
name = 'git'
webhook_db = WebhookDB(name=name)
webhook_uid = webhook_db.get_uid()
grant_db = PermissionGrantDB(resource_uid=webhook_uid,
resource_type=ResourceType.WEBHOOK,
permission_types=[PermissionType.WEBHOOK_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='webhook_view', permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['webhook_view'] = role_1_db
# Role assignments
role_assignment_db = UserRoleAssignmentDB(
user=self.users['webhook_list'].name,
role=self.roles['webhook_list'].name,
source='assignments/%s.yaml' % self.users['webhook_list'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
role_assignment_db = UserRoleAssignmentDB(
user=self.users['webhook_view'].name,
role=self.roles['webhook_view'].name,
source='assignments/%s.yaml' % self.users['webhook_view'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
示例11: setUp
def setUp(self):
super(APIControllersRBACTestCase, self).setUp()
# Register packs
if self.register_packs:
self._register_packs()
# Insert mock objects - those objects are used to test get one, edit and delete operations
self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
fixtures_dict=TEST_FIXTURES)
self.role_assignment_db_model = UserRoleAssignmentDB(
user='user', role='role', source='assignments/user.yaml')
UserRoleAssignment.add_or_update(self.role_assignment_db_model)
示例12: revoke_role_from_user
def revoke_role_from_user(role_db, user_db):
"""
Revoke role from a user.
:param role_db: Role to revoke.
:type role_db: :class:`RoleDB`
:param user_db: User to revoke the role from.
:type user_db: :class:`UserDB`
"""
role_assignment_dbs = UserRoleAssignment.query(user=user_db.name, role=role_db.name)
for role_assignment_db in role_assignment_dbs:
UserRoleAssignment.delete(role_assignment_db)
示例13: get_all_permission_grants_for_user
def get_all_permission_grants_for_user(user_db, resource_uid=None, resource_types=None, permission_types=None):
"""
Retrieve all the permission grants for a particular user optionally filtering on:
- Resource uid
- Resource types
- Permission types
The result is a union of all the permission grants assigned to the roles which are assigned to
the user.
:rtype: ``list`` or :class:`PermissionGrantDB`
"""
role_names = UserRoleAssignment.query(user=user_db.name).only("role").scalar("role")
permission_grant_ids = Role.query(name__in=role_names).scalar("permission_grants")
permission_grant_ids = sum(permission_grant_ids, [])
permission_grants_filters = {}
permission_grants_filters["id__in"] = permission_grant_ids
if resource_uid:
permission_grants_filters["resource_uid"] = resource_uid
if resource_types:
permission_grants_filters["resource_type__in"] = resource_types
if permission_types:
permission_grants_filters["permission_types__in"] = permission_types
permission_grant_dbs = PermissionGrant.query(**permission_grants_filters)
return permission_grant_dbs
示例14: get_role_assignments_for_user
def get_role_assignments_for_user(user_db):
"""
Retrieve all the UserRoleAssignmentDB objects for a particular user.
:param user_db: User to retrieve the role assignments for.
:type user_db: :class:`UserDB`
:rtype: ``list`` of :class:`UserRoleAssignmentDB`
"""
result = UserRoleAssignment.query(user=user_db.name)
return result
示例15: setUp
def setUp(self):
super(RBACControllerTestCase, self).setUp()
permissions = [PermissionType.RULE_CREATE,
PermissionType.RULE_VIEW,
PermissionType.RULE_MODIFY,
PermissionType.RULE_DELETE]
for name in permissions:
user_db = UserDB(name=name)
user_db = User.add_or_update(user_db)
self.users[name] = user_db
# Roles
# action_create grant on parent pack
grant_db = PermissionGrantDB(resource_uid='pack:examples',
resource_type=ResourceType.PACK,
permission_types=[name])
grant_db = PermissionGrant.add_or_update(grant_db)
grant_2_db = PermissionGrantDB(resource_uid='action:wolfpack:action-1',
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_2_db = PermissionGrant.add_or_update(grant_2_db)
permission_grants = [str(grant_db.id), str(grant_2_db.id)]
role_db = RoleDB(name=name, permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles[name] = role_db
# Role assignments
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=role_db.name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
role_assignment_db = UserRoleAssignmentDB(
user='user_two',
role='role_two',
source='assignments/user_two.yaml',
is_remote=True)
UserRoleAssignment.add_or_update(role_assignment_db)