Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(migrate) #256

Merged
merged 1 commit into from
Dec 10, 2019
Merged

fix(migrate) #256

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 24 additions & 9 deletions bin/migrate_acl_authz.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,9 @@ def main():
from indexd.default_settings import settings
driver = settings["config"]["INDEX"]["driver"]
try:
acl_converter = ACLConverter(args.arborist, getattr(args, "sheepdog"))
acl_converter = ACLConverter(
args.arborist, getattr(args, "sheepdog"), getattr(args, "use_tags")
)
except EnvironmentError:
logger.error("can't continue without database connection")
sys.exit(1)
Expand Down Expand Up @@ -100,6 +102,12 @@ def parse_args():
parser.add_argument(
"--arborist-url", dest="arborist", help="URL for the arborist service"
)
parser.add_argument(
"--tags",
dest="use_tags",
help="Whether to use arborist tags. If set to False, the resource paths will be used",
default=False,
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome!

parser.add_argument(
"--chunk-size",
dest="chunk_size",
Expand All @@ -116,7 +124,7 @@ def parse_args():


class ACLConverter(object):
def __init__(self, arborist_url, sheepdog_db=None):
def __init__(self, arborist_url, sheepdog_db=None, use_tags=False):
self.arborist_url = arborist_url.rstrip("/")
self.programs = set()
self.projects = dict()
Expand All @@ -126,10 +134,13 @@ def __init__(self, arborist_url, sheepdog_db=None):
logger.info("using namespace {}".format(self.namespace))
else:
logger.info("not using any auth namespace")
# map resource paths to tags in arborist so we can save http calls
self.arborist_resources = dict()
self.use_sheepdog_db = bool(sheepdog_db)

# if "use_tags" is True, map resource paths to tags in arborist so
# we can save http calls
self.use_arborist_tags = use_tags
self.arborist_resources = dict()

if sheepdog_db:
engine = create_engine(sheepdog_db, echo=False)
try:
Expand Down Expand Up @@ -176,8 +187,9 @@ def acl_to_authz(self, record):
# really mis-formatted, like `["u'phs000123'"]`, or have spaces left in
acl_item = acl_item.strip(" ")
acl_item = acl_item.lstrip("u'")
if acl_item != "*":
acl_item = re.sub(r"\W+", "", acl_item)
# Pauline 2019-12-10 Disabling this, causes a bug when removing "-"
# if acl_item != "*":
# acl_item = re.sub(r"\W+", "", acl_item)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sweet


# update path based on ACL entry
if not acl_item:
Expand Down Expand Up @@ -262,10 +274,13 @@ def acl_to_authz(self, record):
)
if not tag:
raise EnvironmentError("couldn't reach arborist")
self.arborist_resources[path] = tag
logger.info("using tag {} for path {}".format(tag, path))

return self.arborist_resources[path]
if self.use_arborist_tags:
self.arborist_resources[path] = tag
logger.info("using tag {} for path {}".format(tag, path))
return self.arborist_resources[path]

return path


def column_windows(session, column, windowsize, start=None):
Expand Down