mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-11 12:08:51 +01:00
implementing a method to get groups to remove
* implement a way to remove roles from a user without removing groups of roles the user keeps
This commit is contained in:
parent
bc85d07921
commit
556d1f744b
@ -228,6 +228,50 @@ class Roles:
|
|||||||
parentroles.add(role)
|
parentroles.add(role)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def get_groups_to_remove(self, current_roles, roles_to_remove):
|
||||||
|
"""get groups to remove from list of roles to remove and current roles"""
|
||||||
|
current_roles = Set(current_roles)
|
||||||
|
|
||||||
|
ret = {}
|
||||||
|
roles_to_remove = Set(roles_to_remove)
|
||||||
|
tmp = Set([])
|
||||||
|
# get sub roles of the role to remove that the user belongs to
|
||||||
|
# if we remove a role, there is no reason to keep the sub roles
|
||||||
|
for r in roles_to_remove:
|
||||||
|
for sr in self._get_subroles(r):
|
||||||
|
if not sr in roles_to_remove and sr in current_roles:
|
||||||
|
tmp.add(sr)
|
||||||
|
|
||||||
|
roles_to_remove = roles_to_remove.union(tmp)
|
||||||
|
roles = current_roles.difference(Set(roles_to_remove))
|
||||||
|
groups_roles = self._get_groups(roles)
|
||||||
|
groups_roles_to_remove = self._get_groups(roles_to_remove)
|
||||||
|
|
||||||
|
# if groups belongs to roles the user keeps, don't remove it
|
||||||
|
for b in groups_roles_to_remove:
|
||||||
|
if b in groups_roles:
|
||||||
|
groups_roles_to_remove[b] = \
|
||||||
|
groups_roles_to_remove[b].difference(groups_roles[b])
|
||||||
|
return groups_roles_to_remove
|
||||||
|
|
||||||
|
def _get_groups(self, roles):
|
||||||
|
ret = {}
|
||||||
|
for r in roles:
|
||||||
|
for b in self.flatten[r]['backends_groups']:
|
||||||
|
groups = self.flatten[r]['backends_groups'][b]
|
||||||
|
if b not in ret:
|
||||||
|
ret[b] = Set(groups)
|
||||||
|
ret[b] = ret[b].union(Set(groups))
|
||||||
|
return ret
|
||||||
|
|
||||||
|
def _get_subroles(self, role):
|
||||||
|
ret = Set([])
|
||||||
|
for sr in self.graph[role]['sub_roles']:
|
||||||
|
tmp = self._get_subroles(sr)
|
||||||
|
tmp.add(sr)
|
||||||
|
ret = ret.union(tmp)
|
||||||
|
return ret
|
||||||
|
|
||||||
def get_roles(self, groups):
|
def get_roles(self, groups):
|
||||||
"""get list of roles and list of standalone groups"""
|
"""get list of roles and list of standalone groups"""
|
||||||
roles = Set([])
|
roles = Set([])
|
||||||
|
@ -58,6 +58,15 @@ class TestError(object):
|
|||||||
else:
|
else:
|
||||||
raise AssertionError("expected an exception")
|
raise AssertionError("expected an exception")
|
||||||
|
|
||||||
|
def testGroupsRemove(self):
|
||||||
|
inv = Roles('./tests/cfg/roles.yml')
|
||||||
|
groups = inv.get_groups_to_remove(
|
||||||
|
['admin-lv2', 'admin-lv3', 'users'],
|
||||||
|
['admin-lv2']
|
||||||
|
)
|
||||||
|
expected = {'ad': Set(['Administrators', 'Domain Controllers']), 'ldap': Set(['cn=nagios admins,ou=group,dc=example,dc=com', 'cn=puppet admins,ou=group,dc=example,dc=com', 'cn=dns admins,ou=group,dc=example,dc=com'])}
|
||||||
|
assert groups == expected
|
||||||
|
|
||||||
def testGetGroup(self):
|
def testGetGroup(self):
|
||||||
inv = Roles('./tests/cfg/roles.yml')
|
inv = Roles('./tests/cfg/roles.yml')
|
||||||
res = inv.get_groups('users')
|
res = inv.get_groups('users')
|
||||||
|
Loading…
Reference in New Issue
Block a user