/create-rolemaps.py
Last active Mar 22, 2016
Dynamic role-based API checker for CloudStack - Migration from old commands.properties file
| #!/bin/env python | |
| # Usage: python <script> <commands.properties file> | |
| import sys | |
| import uuid | |
| def createMappings(apis): | |
| # All apis allowed for root Admin | |
| print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow')") | |
| # ResourceAdmin, DomainAdmin, User | |
| roles = [2, 3, 4] | |
| octetKey = {2:2, 3:4, 4:8} | |
| for role in roles: | |
| for api in sorted(apis.keys()): | |
| value = int(apis[api]) | |
| if value & octetKey[role] > 0: | |
| print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow') ON DUPLICATE KEY UPDATE rule=rule;" % (role, api)) | |
| def main(): | |
| print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (1, '%s', 'Admin', 'Admin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
| print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (2, '%s', 'Resource Admin', 'ResourceAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
| print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (3, '%s', 'Domain Admin', 'DomainAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
| print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (4, '%s', 'User', 'User') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
| with open(sys.argv[1]) as f: | |
| data = f.read() | |
| apiMap = {} # {name = octet} | |
| for line in data.split('\n'): | |
| if not line or line == '' or line.startswith('#'): | |
| continue | |
| name, value = line.split('=') | |
| apiMap[name] = value | |
| createMappings(apiMap) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment