Last active
March 22, 2016 14:10
-
-
Save rohityadavcloud/646f9bf27ab2198f8b2d to your computer and use it in GitHub Desktop.
Dynamic role-based API checker for CloudStack - Migration from old commands.properties file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/env python | |
# Usage: python <script> <commands.properties file> | |
import sys | |
import uuid | |
def createMappings(apis): | |
# All apis allowed for root Admin | |
print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow')") | |
# ResourceAdmin, DomainAdmin, User | |
roles = [2, 3, 4] | |
octetKey = {2:2, 3:4, 4:8} | |
for role in roles: | |
for api in sorted(apis.keys()): | |
value = int(apis[api]) | |
if value & octetKey[role] > 0: | |
print("INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow') ON DUPLICATE KEY UPDATE rule=rule;" % (role, api)) | |
def main(): | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (1, '%s', 'Admin', 'Admin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (2, '%s', 'Resource Admin', 'ResourceAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (3, '%s', 'Domain Admin', 'DomainAdmin') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
print("INSERT INTO `cloud`.`roles` (`id`, `uuid`, `name`, `type`) values (4, '%s', 'User', 'User') ON DUPLICATE KEY UPDATE name=name;" % uuid.uuid4()) | |
with open(sys.argv[1]) as f: | |
data = f.read() | |
apiMap = {} # {name = octet} | |
for line in data.split('\n'): | |
if not line or line == '' or line.startswith('#'): | |
continue | |
name, value = line.split('=') | |
apiMap[name] = value | |
createMappings(apiMap) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment