implementing a method to get groups to remove

* implement a way to remove roles from a user without removing groups of roles the user keeps
2024-11-11 12:08:51 +01:00 · 2015-06-08 22:50:54 +02:00 · 2015-06-08 22:50:54 +02:00 · 556d1f744b
commit 556d1f744b
parent bc85d07921
2 changed files with 53 additions and 0 deletions
--- a/ldapcherry/roles.py
+++ b/ldapcherry/roles.py
@ -228,6 +228,50 @@ class Roles:
            parentroles.add(role)
        return True
    def get_groups_to_remove(self, current_roles, roles_to_remove):
        """get groups to remove from list of roles to remove and current roles"""
        current_roles = Set(current_roles)
        ret = {}
        roles_to_remove = Set(roles_to_remove)
        tmp = Set([])
        # get sub roles of the role to remove that the user belongs to
        # if we remove a role, there is no reason to keep the sub roles
        for r in roles_to_remove:
            for sr in self._get_subroles(r):
                if not sr in roles_to_remove and sr in current_roles:
                    tmp.add(sr)
        roles_to_remove = roles_to_remove.union(tmp)
        roles = current_roles.difference(Set(roles_to_remove))
        groups_roles = self._get_groups(roles)
        groups_roles_to_remove = self._get_groups(roles_to_remove)
        # if groups belongs to roles the user keeps, don't remove it
        for b in groups_roles_to_remove:
            if b in groups_roles:
                groups_roles_to_remove[b] = \
                    groups_roles_to_remove[b].difference(groups_roles[b])
        return groups_roles_to_remove
    def _get_groups(self, roles):
        ret = {}
        for r in roles:
            for b in self.flatten[r]['backends_groups']:
                groups = self.flatten[r]['backends_groups'][b]
                if b not in ret:
                    ret[b] = Set(groups)
                ret[b] = ret[b].union(Set(groups))
        return ret
    def _get_subroles(self, role):
        ret = Set([])
        for sr in self.graph[role]['sub_roles']:
            tmp = self._get_subroles(sr)
            tmp.add(sr)
            ret = ret.union(tmp)
        return ret
    def get_roles(self, groups):
        """get list of roles and list of standalone groups"""
        roles = Set([])
--- a/tests/test_Roles.py
+++ b/tests/test_Roles.py
@ -58,6 +58,15 @@ class TestError(object):
        else:
            raise AssertionError("expected an exception")
    def testGroupsRemove(self):
        inv = Roles('./tests/cfg/roles.yml')
        groups = inv.get_groups_to_remove(
                ['admin-lv2', 'admin-lv3', 'users'],
                ['admin-lv2']
        )
        expected = {'ad': Set(['Administrators', 'Domain Controllers']), 'ldap': Set(['cn=nagios admins,ou=group,dc=example,dc=com', 'cn=puppet admins,ou=group,dc=example,dc=com', 'cn=dns admins,ou=group,dc=example,dc=com'])}
        assert groups == expected
    def testGetGroup(self):
        inv = Roles('./tests/cfg/roles.yml')
        res = inv.get_groups('users')