mirror of
https://github.com/ansible/awx.git
synced 2026-03-10 05:59:28 -02:30
Prioritize membership roles
since certain role grants will not be accepted by the api unless the user or team is part of the correct organization.
This commit is contained in:
Jeff Bradberry
@@ -1,6 +1,5 @@
|
|||||||
import itertools
|
import itertools
|
||||||
import logging
|
import logging
|
||||||
import queue
|
|
||||||
|
|
||||||
from awxkit.api.resources import resources
|
from awxkit.api.resources import resources
|
||||||
import awxkit.exceptions as exc
|
import awxkit.exceptions as exc
|
||||||
@@ -231,75 +230,75 @@ class ApiV2(base.Base):
|
|||||||
if not S:
|
if not S:
|
||||||
continue
|
continue
|
||||||
if name == 'roles':
|
if name == 'roles':
|
||||||
self._roles.put((_page, S))
|
self._roles.append((_page, S))
|
||||||
else:
|
else:
|
||||||
self._related.put((_page, name, S))
|
self._related.append((_page, name, S))
|
||||||
|
|
||||||
return changed
|
return changed
|
||||||
|
|
||||||
|
def _assign_role(self, endpoint, role):
|
||||||
|
if 'content_object' not in role:
|
||||||
|
return
|
||||||
|
obj_page = self._cache.get_by_natural_key(role['content_object'])
|
||||||
|
if obj_page is None:
|
||||||
|
return
|
||||||
|
role_page = obj_page.get_object_role(role['name'], by_name=True)
|
||||||
|
try:
|
||||||
|
endpoint.post({'id': role_page['id']})
|
||||||
|
except exc.NoContent: # desired exception on successful (dis)association
|
||||||
|
pass
|
||||||
|
|
||||||
|
def _assign_membership(self):
|
||||||
|
for _page, roles in self._roles:
|
||||||
|
role_endpoint = _page.json['related']['roles']
|
||||||
|
for role in roles:
|
||||||
|
if role['name'] == 'Member':
|
||||||
|
self._assign_role(role_endpoint, role)
|
||||||
|
|
||||||
def _assign_roles(self):
|
def _assign_roles(self):
|
||||||
while True:
|
for _page, roles in self._roles:
|
||||||
try:
|
role_endpoint = _page.json['related']['roles']
|
||||||
_page, roles = self._roles.get_nowait()
|
for role in roles:
|
||||||
self._roles.task_done()
|
if role['name'] != 'Member':
|
||||||
role_endpoint = _page.json['related']['roles']
|
self._assign_role(role_endpoint, role)
|
||||||
for role in roles:
|
|
||||||
if 'content_object' not in role:
|
|
||||||
continue # admin role
|
|
||||||
obj_page = self._cache.get_by_natural_key(role['content_object'])
|
|
||||||
if obj_page is not None:
|
|
||||||
role_page = obj_page.get_object_role(role['name'], by_name=True)
|
|
||||||
try:
|
|
||||||
role_endpoint.post({'id': role_page['id']})
|
|
||||||
except exc.NoContent: # desired exception on successful (dis)association
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
pass # admin role
|
|
||||||
except queue.Empty:
|
|
||||||
break
|
|
||||||
|
|
||||||
def _assign_related(self):
|
def _assign_related(self):
|
||||||
while True:
|
for _page, name, related_set in self._related:
|
||||||
try:
|
endpoint = _page.related[name]
|
||||||
_page, name, related_set = self._related.get_nowait()
|
if isinstance(related_set, dict): # Relateds that are just json blobs, e.g. survey_spec
|
||||||
self._related.task_done()
|
endpoint.post(related_set)
|
||||||
endpoint = _page.related[name]
|
return
|
||||||
if isinstance(related_set, dict): # Relateds that are just json blobs, e.g. survey_spec
|
|
||||||
endpoint.post(related_set)
|
|
||||||
return
|
|
||||||
|
|
||||||
if 'natural_key' not in related_set[0]: # It is an attach set
|
if 'natural_key' not in related_set[0]: # It is an attach set
|
||||||
# Try to impedance match
|
# Try to impedance match
|
||||||
related = endpoint.get(all_pages=True)
|
related = endpoint.get(all_pages=True)
|
||||||
existing = {rel['id'] for rel in related.results}
|
existing = {rel['id'] for rel in related.results}
|
||||||
for item in related_set:
|
for item in related_set:
|
||||||
rel_page = self._cache.get_by_natural_key(item)
|
rel_page = self._cache.get_by_natural_key(item)
|
||||||
if rel_page is None:
|
if rel_page is None:
|
||||||
continue # FIXME
|
continue # FIXME
|
||||||
if rel_page['id'] in existing:
|
if rel_page['id'] in existing:
|
||||||
continue
|
continue
|
||||||
try:
|
try:
|
||||||
post_data = {'id': rel_page['id']}
|
post_data = {'id': rel_page['id']}
|
||||||
endpoint.post(post_data)
|
endpoint.post(post_data)
|
||||||
log.error("endpoint: %s, id: %s", endpoint.endpoint, rel_page['id'])
|
log.error("endpoint: %s, id: %s", endpoint.endpoint, rel_page['id'])
|
||||||
except exc.NoContent: # desired exception on successful (dis)association
|
except exc.NoContent: # desired exception on successful (dis)association
|
||||||
pass
|
pass
|
||||||
except exc.Common as e:
|
except exc.Common as e:
|
||||||
log.error("Object association failed: %s.", e)
|
log.error("Object association failed: %s.", e)
|
||||||
log.debug("post_data: %r", post_data)
|
log.debug("post_data: %r", post_data)
|
||||||
raise
|
raise
|
||||||
else: # It is a create set
|
else: # It is a create set
|
||||||
self._cache.get_page(endpoint)
|
self._cache.get_page(endpoint)
|
||||||
self._import_list(endpoint, related_set)
|
self._import_list(endpoint, related_set)
|
||||||
|
|
||||||
# FIXME: deal with pruning existing relations that do not match the import set
|
# FIXME: deal with pruning existing relations that do not match the import set
|
||||||
except queue.Empty:
|
|
||||||
break
|
|
||||||
|
|
||||||
def import_assets(self, data):
|
def import_assets(self, data):
|
||||||
self._cache = page.PageCache()
|
self._cache = page.PageCache()
|
||||||
self._related = queue.Queue()
|
self._related = []
|
||||||
self._roles = queue.Queue()
|
self._roles = []
|
||||||
|
|
||||||
changed = False
|
changed = False
|
||||||
|
|
||||||
@@ -312,6 +311,7 @@ class ApiV2(base.Base):
|
|||||||
# FIXME: should we delete existing unpatched assets?
|
# FIXME: should we delete existing unpatched assets?
|
||||||
|
|
||||||
self._assign_related()
|
self._assign_related()
|
||||||
|
self._assign_membership()
|
||||||
self._assign_roles()
|
self._assign_roles()
|
||||||
|
|
||||||
return changed
|
return changed
|
||||||
|
|||||||
Reference in New Issue
Block a user