Skip to content

Commit

Permalink
sync grants by name not id - for better ux, bump version to 0.7.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@leondutoit
leondutoit committed Mar 5, 2020
1 parent 7d025af commit 4006065
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 16 deletions.
34 changes: 19 additions & 15 deletions iam/pgiam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -575,10 +575,9 @@ def capabilities_http_sync(self, capabilities, session_identity=None):
def capabilities_http_grants_sync(self, grants, session_identity=None):
"""
Synchronise a list of grants to the capabilities_http_grants table,
explicitly by capability_grant_id. The caller MUST provide IDs.
Although generating UUIDs may seem laborious, it is the only way
to ensure the sync is 100% correct, given the dynamic generation of
grants.
explicitly by capability_grant_name. The caller MUST provide a unique name.
The caller can optionally provide a UUID for the capability_grant_id
but it is not strictly necessary. The db will auto-generate one.
Semantics: over-write or append. The append writes cannot be
completely atomic, due to how rank numbers are set. When inserting
Expand All @@ -598,7 +597,7 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
grants: list of dicts
The following dict keys are compulsory:
capability_grant_id: uuid4
capability_grant_name: str
capability_grant_hostnames: str
capability_grant_namespace: str
capability_grant_http_method: str
Expand All @@ -612,7 +611,7 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
"""
res = True
required_keys = ['capability_grant_id', 'capability_names_allowed',
required_keys = ['capability_names_allowed', 'capability_grant_name',
'capability_grant_hostnames', 'capability_grant_namespace',
'capability_grant_http_method', 'capability_grant_rank',
'capability_grant_uri_pattern', 'capability_grant_required_groups']
Expand All @@ -629,7 +628,7 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
with session_scope(self.engine, session_identity) as session:
for grant in grants:
exists_query = """select count(*) from capabilities_http_grants
where capability_grant_id = :capability_grant_id"""
where capability_grant_name = :capability_grant_name"""
exists = session.execute(exists_query, grant).fetchone()[0]
input_keys = grant.keys()
for column in table_columns:
Expand All @@ -645,7 +644,6 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
update_query = """
update capabilities_http_grants set
capability_names_allowed = :capability_names_allowed,
capability_grant_name = :capability_grant_name,
capability_grant_hostnames = :capability_grant_hostnames,
capability_grant_namespace = :capability_grant_namespace,
capability_grant_http_method = :capability_grant_http_method,
Expand All @@ -658,15 +656,18 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
capability_grant_max_num_usages = :capability_grant_max_num_usages,
capability_grant_group_existence_check = :capability_grant_group_existence_check,
capability_grant_metadata = :capability_grant_metadata
where capability_grant_id = :capability_grant_id"""
where capability_grant_name = :capability_grant_name"""
session.execute(update_query, grant)
# get current grant_id from name
curr_grant_id = session.execute('select capability_grant_id from capabilities_http_grants \
where capability_grant_name = :name',
{'name': grant['capability_grant_name']}).fetchone()[0]
session.execute("select capability_grant_rank_set('{0}', '{1}')".format(
grant['capability_grant_id'], grant['capability_grant_rank']))
curr_grant_id, grant['capability_grant_rank']))
else:
insert_query = """
insert into capabilities_http_grants
(capability_grant_id,
capability_names_allowed,
(capability_names_allowed,
capability_grant_name,
capability_grant_hostnames,
capability_grant_namespace,
Expand All @@ -681,8 +682,7 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
capability_grant_group_existence_check,
capability_grant_metadata)
values
(:capability_grant_id,
:capability_names_allowed,
(:capability_names_allowed,
:capability_grant_name,
:capability_grant_hostnames,
:capability_grant_namespace,
Expand All @@ -697,7 +697,11 @@ def capabilities_http_grants_sync(self, grants, session_identity=None):
:capability_grant_group_existence_check,
:capability_grant_metadata)"""
session.execute(insert_query, grant)
new_grants.append({'id': grant['capability_grant_id'], 'rank' :grant['capability_grant_rank']})
# get current grant_id from name
curr_grant_id = session.execute('select capability_grant_id from capabilities_http_grants \
where capability_grant_name = :name',
{'name': grant['capability_grant_name']}).fetchone()[0]
new_grants.append({'id': curr_grant_id, 'rank' :grant['capability_grant_rank']})
with session_scope(self.engine, session_identity) as session:
for grant in new_grants:
session.execute("select capability_grant_rank_set('{0}', '{1}')".format(
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

setup(
name='pypg-iam',
version='0.6.0',
version='0.7.0',
description='python library for pg-iam',
author='Leon du Toit, Milen Kouylekov',
author_email='[email protected]',
Expand Down

0 comments on commit 4006065

Please sign in to comment.