feat(usergroup): manages extended RBAC roles in usergroup

rapyuta-robotics · Sep 4, 2023 · df98172 · df98172
1 parent e6b398a
commit df98172
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 6 deletions.
diff --git a/riocli/jsonschema/schemas/usergroup-schema.yaml b/riocli/jsonschema/schemas/usergroup-schema.yaml
@@ -86,6 +86,11 @@ definitions:
         pattern: "^project-([a-z0-9]{20}|[a-z]{24})$"
       name:
         type: string
+      role:
+        type: string
+        enum:
+          - viewer
+          - admin
     oneOf:
       - required:
           - guid

diff --git a/riocli/usergroup/inspect.py b/riocli/usergroup/inspect.py
@@ -53,9 +53,10 @@ def to_manifest(usergroup: UserGroup, org_guid: str) -> typing.Dict:
     """
     Transform a usergroup resource to a rio apply manifest construct
     """
+    role_map = {i['projectGUID']: i['groupRole'] for i in usergroup.role_in_projects}
     members = {m.email_id for m in usergroup.members}
     admins = {a.email_id for a in usergroup.admins}
-    projects = [p.name for p in usergroup.projects]
+    projects = [{'name': p.name, 'role': role_map[p.guid]} for p in usergroup.projects]
 
     return {
         'apiVersion': 'api.rapyuta.io/v2',

diff --git a/riocli/usergroup/model.py b/riocli/usergroup/model.py
@@ -72,6 +72,7 @@ def delete_object(self, client: Client, obj: typing.Any) -> typing.Any:
         return client.delete_usergroup(self.metadata.organization, obj.guid)
 
     def _modify_payload(self, group: typing.Dict) -> typing.Dict:
+        group['spec']['userGroupRoleInProjects'] = []
         for entity in ('members', 'admins'):
             for u in group['spec'].get(entity, []):
                 if USER_GUID in u:
@@ -80,10 +81,16 @@ def _modify_payload(self, group: typing.Dict) -> typing.Dict:
                 u.pop(USER_EMAIL)
 
         for p in group['spec'].get('projects', []):
-            if 'guid' in p:
-                continue
-            p['guid'] = self.project_name_to_guid_map.get(p['name'])
-            p.pop('name')
+            if 'guid' not in p:
+                p['guid'] = self.project_name_to_guid_map.get(p['name'])
+                p.pop('name')
+
+            if 'role' in p:
+                group['spec']['userGroupRoleInProjects'].append({
+                    'projectGUID': p['guid'],
+                    'groupRole': p['role'],
+                })
+                p.pop('role')
 
         return group
 
@@ -106,7 +113,8 @@ def _create_update_payload(old: typing.Any, new: typing.Dict) -> typing.Dict:
                 'members': {'add': [], 'remove': []},
                 'projects': {'add': [], 'remove': []},
                 'admins': {'add': [], 'remove': []}
-            }
+            },
+            'userGroupRoleInProjects': new['spec'].get('userGroupRoleInProjects', []),
         }
 
         entity_sets = {