class Insights::API::Common::RBAC::Seed

Public Class Methods

new(seed_file, user_file = nil) click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 8
def initialize(seed_file, user_file = nil)
  @acl_data = YAML.load_file(seed_file)
  @request = Insights::API::Common::Request.current || create_request(user_file)
end

Public Instance Methods

process() click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 13
def process
  Insights::API::Common::Request.with_request(@request) do
    begin
      create_groups
      create_roles
      add_roles_to_groups
    rescue RBACApiClient::ApiError => e
      Rails.logger.error("Exception when RBACApiClient::ApiError : #{e}")
      raise
    end
  end
end

Private Instance Methods

add_new_role_to_group(api_instance, group_uuid, role_uuid) click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 82
def add_new_role_to_group(api_instance, group_uuid, role_uuid)
  role_in = RBACApiClient::GroupRoleIn.new
  role_in.roles = [role_uuid]
  api_instance.add_role_to_group(group_uuid, role_in)
end
add_roles_to_groups() click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 100
def add_roles_to_groups
  groups = current_groups
  roles = current_roles
  Service.call(RBACApiClient::GroupApi) do |api_instance|
    @acl_data['policies'].each do |link|
      group_uuid = find_uuid('Group', groups, link['group']['name'])
      role_uuid = find_uuid('Role', roles, link['role']['name'])
      next if role_exists_in_group?(api_instance, group_uuid, role_uuid)

      add_new_role_to_group(api_instance, group_uuid, role_uuid)
    end
  end
end
create_groups() click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 28
def create_groups
  current = current_groups
  names = current.collect(&:name)
  group = RBACApiClient::Group.new
  Service.call(RBACApiClient::GroupApi) do |api_instance|
    @acl_data['groups'].each do |grp|
      next if names.include?(grp['name'])

      group.name = grp['name']
      group.description = grp['description']
      api_instance.create_group(group)
    end
  end
end
create_rds(obj) click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 70
def create_rds(obj)
  obj.fetch('resource_definitions', []).collect do |item|
    RBACApiClient::ResourceDefinition.new.tap do |rd|
      rd.attribute_filter = RBACApiClient::ResourceDefinitionFilter.new.tap do |rdf|
        rdf.key = item['attribute_filter']['key']
        rdf.value = item['attribute_filter']['value']
        rdf.operation = item['attribute_filter']['operation']
      end
    end
  end
end
create_request(user_file) click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 121
def create_request(user_file)
  raise "File #{user_file} not found" unless File.exist?(user_file)

  user = YAML.load_file(user_file)
  {:headers => {'x-rh-identity' => Base64.strict_encode64(user.to_json)}, :original_url => '/'}
end
create_roles() click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 49
def create_roles
  current = current_roles
  names = current.collect(&:name)
  role_in = RBACApiClient::RoleIn.new
  Service.call(RBACApiClient::RoleApi) do |api_instance|
    @acl_data['roles'].each do |role|
      next if names.include?(role['name'])

      role_in.name = role['name']
      role_in.access = []
      role['access'].each do |obj|
        access = RBACApiClient::Access.new
        access.permission = obj['permission']
        access.resource_definitions = create_rds(obj)
        role_in.access << access
      end
      api_instance.create_roles(role_in)
    end
  end
end
current_groups() click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 43
def current_groups
  Service.call(RBACApiClient::GroupApi) do |api|
    Service.paginate(api, :list_groups,  {}).to_a
  end
end
current_roles() click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 94
def current_roles
  Service.call(RBACApiClient::RoleApi) do |api|
    Service.paginate(api, :list_roles, {}).to_a
  end
end
find_uuid(type, data, name) click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 114
def find_uuid(type, data, name)
  result = data.detect { |item| item.name == name }
  raise "#{type} #{name} not found in RBAC service" unless result

  result.uuid
end
role_exists_in_group?(api_instance, group_uuid, role_uuid) click to toggle source
# File lib/insights/api/common/rbac/seed.rb, line 88
def role_exists_in_group?(api_instance, group_uuid, role_uuid)
  api_instance.list_roles_for_group(group_uuid).any? do |role|
    role.uuid == role_uuid
  end
end