Skip to content

Commit

Permalink
Add RBAC content guard support
Browse files Browse the repository at this point in the history
fixes: pulp#352
  • Loading branch information
gerrod3 committed Aug 31, 2021
1 parent a0f44a7 commit 50d929e
Show file tree
Hide file tree
Showing 5 changed files with 162 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGES/352.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added commands for CRUD RBAC Content Guards
2 changes: 2 additions & 0 deletions pulpcore/cli/core/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from pulpcore.cli.core.access_policy import access_policy
from pulpcore.cli.core.artifact import artifact
from pulpcore.cli.core.content import content
from pulpcore.cli.core.content_guard import content_guard
from pulpcore.cli.core.export import export
from pulpcore.cli.core.exporter import exporter
from pulpcore.cli.core.group import group
Expand All @@ -28,6 +29,7 @@
main.add_command(export)
main.add_command(exporter)
main.add_command(group)
main.add_command(content_guard)
main.add_command(importer)
main.add_command(orphan)
main.add_command(orphans) # This one is deprecated
Expand Down
105 changes: 105 additions & 0 deletions pulpcore/cli/core/content_guard.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
import gettext
from typing import List, Optional

import click

from pulpcore.cli.common.context import (
PluginRequirement,
PulpContext,
pass_entity_context,
pass_pulp_context,
)
from pulpcore.cli.common.generic import (
create_command,
destroy_command,
href_option,
list_command,
load_json_callback,
name_option,
show_command,
update_command,
)
from pulpcore.cli.core.context import PulpContentGuardContext, PulpRbacContentGuardContext

_ = gettext.gettext


@click.group()
@pass_pulp_context
@click.pass_context
def content_guard(ctx: click.Context, pulp_ctx: PulpContext) -> None:
ctx.obj = PulpContentGuardContext(pulp_ctx)


create_options = [click.option("--name", required=True), click.option("--description")]
filter_options = [click.option("--name")]
lookup_options = [name_option, href_option]

content_guard.add_command(list_command(decorators=filter_options))


@content_guard.group()
@pass_pulp_context
@click.pass_context
def rbac(ctx: click.Context, pulp_ctx: PulpContext) -> None:
pulp_ctx.needs_plugin(PluginRequirement("core", "3.15.0.dev"))
ctx.obj = PulpRbacContentGuardContext(pulp_ctx)


rbac.add_command(list_command(decorators=filter_options))
rbac.add_command(create_command(decorators=create_options))
rbac.add_command(show_command(decorators=lookup_options))
rbac.add_command(update_command(decorators=lookup_options))
rbac.add_command(destroy_command(decorators=lookup_options))


@rbac.command()
@name_option
@href_option
@click.option(
"--groups",
help=_("List of groups to assign download permission to"),
callback=load_json_callback,
)
@click.option(
"--users",
help=_("List of users to assign download permission to"),
callback=load_json_callback,
)
@pass_entity_context
@pass_pulp_context
def assign(
pulp_ctx: PulpContext,
guard_ctx: PulpRbacContentGuardContext,
users: Optional[List[str]],
groups: Optional[List[str]],
) -> None:
href = guard_ctx.entity["pulp_href"]
result = guard_ctx.assign(href=href, users=users, groups=groups)
pulp_ctx.output_result(result)


@rbac.command()
@name_option
@href_option
@click.option(
"--groups",
help=_("List of groups to remove download permission from"),
callback=load_json_callback,
)
@click.option(
"--users",
help=_("List of users to remove download permission from"),
callback=load_json_callback,
)
@pass_entity_context
@pass_pulp_context
def remove(
pulp_ctx: PulpContext,
guard_ctx: PulpRbacContentGuardContext,
users: Optional[List[str]],
groups: Optional[List[str]],
) -> None:
href = guard_ctx.entity["pulp_href"]
result = guard_ctx.remove(href=href, users=users, groups=groups)
pulp_ctx.output_result(result)
28 changes: 28 additions & 0 deletions pulpcore/cli/core/context.py
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,13 @@ def scope(self) -> Dict[str, Any]:
return {PulpGroupContext.HREF: self.group_ctx.pulp_href}


class PulpContentGuardContext(PulpEntityContext):
ENTITY = "content guard"
ENTITIES = "content guards"
HREF_PATTERN = r"^/pulp/api/v3/contentguards/(?P<plugin>\w+)/(?P<resource_type>\w+)/"
LIST_ID = "contentguards_list"


class PulpImporterContext(PulpEntityContext):
ENTITY = "PulpImporter"
HREF = "pulp_importer_href"
Expand All @@ -293,6 +300,27 @@ class PulpImporterContext(PulpEntityContext):
LIST_ID = "importers_core_pulp_list"


class PulpRbacContentGuardContext(PulpContentGuardContext):
ENTITY = "RBAC content guard"
ENTITIES = "RBAC content guards"
HREF = "r_b_a_c_content_guard_href"
LIST_ID = "contentguards_core_rbac_list"
CREATE_ID = "contentguards_core_rbac_create"
UPDATE_ID = "contentguards_core_rbac_partial_update"
DELETE_ID = "contentguards_core_rbac_delete"
READ_ID = "contentguards_core_rbac_read"
ASSIGN_ID = "contentguards_core_rbac_assign_permission"
REMOVE_ID = "contentguards_core_rbac_remove_permission"

def assign(self, href: str, users: Optional[List[str]], groups: Optional[List[str]]) -> Any:
body = self.preprocess_body({"usernames": users, "groupnames": groups})
return self.pulp_ctx.call(self.ASSIGN_ID, parameters={self.HREF: href}, body=body)

def remove(self, href: str, users: Optional[List[str]], groups: Optional[List[str]]) -> Any:
body = self.preprocess_body({"usernames": users, "groupnames": groups})
return self.pulp_ctx.call(self.REMOVE_ID, parameters={self.HREF: href}, body=body)


class PulpSigningServiceContext(PulpEntityContext):
ENTITY = "signing service"
ENTITIES = "signing services"
Expand Down
26 changes: 26 additions & 0 deletions tests/scripts/pulpcore/test_content_guards.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/bin/bash

# shellcheck source=tests/scripts/config.source
. "$(dirname "$(dirname "$(realpath "$0")")")"/config.source

pulp debug has-plugin --name "core" --min-version "3.15.1" || exit 3

cleanup() {
pulp content-guard rbac destroy --name "cli_test_guard" || true
pulp group destroy --name "cli_test_group" || true
}
trap cleanup EXIT

expect_succ pulp content-guard rbac create --name "cli_test_guard"
expect_succ pulp content-guard list
test "$(echo "$OUTPUT" | jq -r length)" -gt "0"
expect_succ pulp content-guard rbac list --name "cli_test_guard"
test "$(echo "$OUTPUT" | jq -r length)" -eq "1"
expect_succ pulp content-guard rbac show --name "cli_test_guard"

expect_succ pulp group create --name "cli_test_group"
expect_succ pulp content-guard rbac assign --name "cli_test_guard" --groups '["cli_test_group"]'
test "$(echo "$OUTPUT" | jq -r '.groups' | jq -r length)" -eq "1"
expect_succ pulp content-guard rbac remove --name "cli_test_guard" --users '["admin"]' --groups '["cli_test_group"]'
test "$(echo "$OUTPUT" | jq -r '.users' | jq -r length)" -eq "0"
test "$(echo "$OUTPUT" | jq -r '.groups' | jq -r length)" -eq "0"

0 comments on commit 50d929e

Please sign in to comment.