Skip to content

Instantly share code, notes, and snippets.

@rhtyd rhtyd/create-rolemaps.py
Last active Mar 22, 2016

Embed
What would you like to do?
Dynamic role-based API checker for CloudStack - Migration from old commands.properties file
#!/bin/env python
# Usage: python <script> <commands.properties file>
import sys
import uuid
def createMappings(apis):
# All apis allowed for root Admin
print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow')")
# ResourceAdmin, DomainAdmin, User
roles = [2, 3, 4]
octetKey = {2:2, 3:4, 4:8}
for role in roles:
for api in sorted(apis.keys()):
value = int(apis[api])
if value & octetKey[role] > 0:
print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow') ON DUPLICATE KEY UPDATE rule=rule;" % (role, api))
def main():
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (1, '%s', 'Admin', 'Admin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4())
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (2, '%s', 'Resource Admin', 'ResourceAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4())
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (3, '%s', 'Domain Admin', 'DomainAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4())
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (4, '%s', 'User', 'User') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4())
with open(sys.argv[1]) as f:
data = f.read()
apiMap = {} # {name = octet}
for line in data.split('\n'):
if not line or line == '' or line.startswith('#'):
continue
name, value = line.split('=')
apiMap[name] = value
createMappings(apiMap)
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.