Dynamic role-based API checker for CloudStack - Migration from old commands.properties file
#!/bin/env python | |
# Usage: python <script> <commands.properties file> | |
import sys | |
import uuid | |
def createMappings(apis): | |
# All apis allowed for root Admin | |
print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow')") | |
# ResourceAdmin, DomainAdmin, User | |
roles = [2, 3, 4] | |
octetKey = {2:2, 3:4, 4:8} | |
for role in roles: | |
for api in sorted(apis.keys()): | |
value = int(apis[api]) | |
if value & octetKey[role] > 0: | |
print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow') ON DUPLICATE KEY UPDATE rule=rule;" % (role, api)) | |
def main(): | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (1, '%s', 'Admin', 'Admin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (2, '%s', 'Resource Admin', 'ResourceAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (3, '%s', 'Domain Admin', 'DomainAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (4, '%s', 'User', 'User') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
with open(sys.argv[1]) as f: | |
data = f.read() | |
apiMap = {} # {name = octet} | |
for line in data.split('\n'): | |
if not line or line == '' or line.startswith('#'): | |
continue | |
name, value = line.split('=') | |
apiMap[name] = value | |
createMappings(apiMap) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment