From ed42da56ba9b8968c9d23ae34973b5de70dd1d3f Mon Sep 17 00:00:00 2001 From: Christopher Gallo Date: Thu, 6 Jun 2024 15:51:30 -0500 Subject: [PATCH] Reworked user permissions list to include permissions by department and be more accurate with new permissions being added #2156 --- SoftLayer/CLI/user/permissions.py | 29 +- .../SoftLayer_User_Permission_Department.py | 978 ++++++++++++++++++ SoftLayer/managers/user.py | 16 +- tests/CLI/modules/user_tests.py | 2 +- tests/managers/user_tests.py | 7 + 5 files changed, 1018 insertions(+), 14 deletions(-) create mode 100644 SoftLayer/fixtures/SoftLayer_User_Permission_Department.py diff --git a/SoftLayer/CLI/user/permissions.py b/SoftLayer/CLI/user/permissions.py index 4aaeeb12e..7f8fd06eb 100644 --- a/SoftLayer/CLI/user/permissions.py +++ b/SoftLayer/CLI/user/permissions.py @@ -1,4 +1,4 @@ -"""List A users permissions.""" +"""List a users permissions.""" import click import SoftLayer @@ -11,21 +11,31 @@ @click.argument('identifier') @environment.pass_env def cli(env, identifier): - """User Permissions.""" + """User Permissions. + + Some permissions here may also be managed by IBM IAM service. + See https://cloud.ibm.com/docs/account?topic=account-migrated_permissions for more details. + """ mgr = SoftLayer.UserManager(env.client) user_id = helpers.resolve_id(mgr.resolve_ids, identifier, 'username') object_mask = "mask[id, permissions, isMasterUserFlag, roles]" user = mgr.get_user(user_id, object_mask) - all_permissions = mgr.get_all_permissions() - user_permissions = perms_to_dict(user['permissions']) + all_permissions = mgr.get_permission_departments() + user_permissions = perms_to_dict(user['permissions']) + all_table = formatting.KeyValueTable(['Department', 'Permissions']) if user['isMasterUserFlag']: click.secho('This account is the Master User and has all permissions enabled', fg='green') env.fout(roles_table(user)) - env.fout(permission_table(user_permissions, all_permissions)) + for department in all_permissions: + all_table.add_row([ + department.get('name'), + permission_table(user_permissions, department.get('permissions', [])) + ]) + env.fout(all_table) def perms_to_dict(perms): @@ -39,18 +49,13 @@ def perms_to_dict(perms): def permission_table(user_permissions, all_permissions): """Creates a table of available permissions""" - table = formatting.Table(['Description', 'KeyName', 'Assigned']) + table = formatting.Table(['KeyName', 'Assigned', 'Description']) table.align['KeyName'] = 'l' table.align['Description'] = 'l' table.align['Assigned'] = 'l' for perm in all_permissions: assigned = user_permissions.get(perm['keyName'], False) - hide_permission_list = ['ACCOUNT_SUMMARY_VIEW', 'REQUEST_COMPLIANCE_REPORT', - 'COMPANY_EDIT', 'ONE_TIME_PAYMENTS', 'UPDATE_PAYMENT_DETAILS', - 'EU_LIMITED_PROCESSING_MANAGE', 'TICKET_ADD', 'TICKET_EDIT', - 'TICKET_SEARCH', 'TICKET_VIEW', 'TICKET_VIEW_ALL'] - if perm['keyName'] not in hide_permission_list: - table.add_row([perm['name'], perm['keyName'], assigned]) + table.add_row([perm['keyName'], assigned, perm['description']]) return table diff --git a/SoftLayer/fixtures/SoftLayer_User_Permission_Department.py b/SoftLayer/fixtures/SoftLayer_User_Permission_Department.py new file mode 100644 index 000000000..0510ff2a4 --- /dev/null +++ b/SoftLayer/fixtures/SoftLayer_User_Permission_Department.py @@ -0,0 +1,978 @@ +getAllObjects = [ + { + "description": "Administrative", + "id": 1, + "keyName": "ADMINISTRATIVE", + "name": "Administrative", + "permissions": [ + { + "createDate": None, + "departmentId": 1, + "description": "Permission to access account billing system type determination endpoint", + "id": 5088, + "key": None, + "keyName": "ACCOUNT_BILLING_SYSTEM", + "modifyDate": None, + "name": "Account Billing System" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Activate Partner Customer Account", + "id": 1315, + "key": "A_16", + "keyName": "ACTIVATE_PARTNER_ACCOUNT", + "modifyDate": None, + "name": "Activate Partner Customer Account" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Permission to create sub brands", + "id": 1313, + "key": "A_13", + "keyName": "ACCOUNT_BRAND_ADD", + "modifyDate": None, + "name": "Add Brand Account" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Permission to create customer account.", + "id": 1312, + "key": "A_14", + "keyName": "ACCOUNT_CUSTOMER_ADD", + "modifyDate": None, + "name": "Add Customer Account" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Permission to interface with the Automated Brand Migration process", + "id": 5089, + "key": None, + "keyName": "AUTOMATED_BRAND_MIGRATION", + "modifyDate": None, + "name": "Automated Brand Migration" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Modify the account and company profile associated with this account.", + "id": 1268, + "key": "A_2", + "keyName": "COMPANY_EDIT", + "modifyDate": None, + "name": "Edit Company Profile" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Permission to manage account notes", + "id": 5087, + "key": None, + "keyName": "MANAGE_ACCOUNT_NOTE", + "modifyDate": None, + "name": "Manage Account Notes" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Manage e-mail delivery service accounts.", + "id": 1308, + "key": "NET_4", + "keyName": "NETWORK_MESSAGE_DELIVERY_MANAGE", + "modifyDate": None, + "name": "Manage E-mail Delivery Service" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Provides users ability to toggle the EU Supported account flag.", + "id": 3693, + "key": "EU_1", + "keyName": "EU_LIMITED_PROCESSING_MANAGE", + "modifyDate": None, + "name": "Manage EU Supported Account Flag" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Create and manage notification subscribers for usage warnings and overages.", + "id": 1296, + "key": "NTF_1", + "keyName": "NTF_SUBSCRIBER_MANAGE", + "modifyDate": None, + "name": "Manage Notification Subscribers" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Manage users and assign permissions.", + "id": 1266, + "key": "A_0", + "keyName": "USER_MANAGE", + "modifyDate": None, + "name": "Manage Users" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Physically Access a Customer's Colo Cage", + "id": 1319, + "key": "DA_2", + "keyName": "DATACENTER_ROOM_ACCESS", + "modifyDate": None, + "name": "Physically Access a Customer's Colo Cage" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Physically Access a Datacenter", + "id": 1318, + "key": "DA_1", + "keyName": "DATACENTER_ACCESS", + "modifyDate": None, + "name": "Physically Access a Datacenter" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Submit one-time payments for this account.", + "id": 63, + "key": "A_4", + "keyName": "ONE_TIME_PAYMENTS", + "modifyDate": None, + "name": "Submit One-Time Payments" + }, + { + "createDate": None, + "departmentId": 1, + "description": "Update the recurring monthly payment information.", + "id": 62, + "key": "A_3", + "keyName": "UPDATE_PAYMENT_DETAILS", + "modifyDate": None, + "name": "Update Payment Details" + }, + { + "createDate": None, + "departmentId": 1, + "description": "View the account summary page including invoices and payments.", + "id": 64, + "key": "A_1", + "keyName": "ACCOUNT_SUMMARY_VIEW", + "modifyDate": None, + "name": "View Account Summary" + }, + { + "createDate": None, + "departmentId": 1, + "description": "View the account-wide event log history.", + "id": 1314, + "key": "A_15", + "keyName": "USER_EVENT_LOG_VIEW", + "modifyDate": None, + "name": "View Event Log" + } + ] + }, + { + "description": "Sales", + "id": 2, + "keyName": "SALES", + "name": "Sales", + "permissions": [ + { + "createDate": None, + "departmentId": 2, + "description": "Add new servers to the account.", + "id": 1267, + "key": "XX_1", + "keyName": "SERVER_ADD", + "modifyDate": None, + "name": "Add Server" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Add and upgrade any cloud computing instances on the account.", + "id": 1303, + "key": "A_11", + "keyName": "INSTANCE_UPGRADE", + "modifyDate": None, + "name": "Add/Upgrade Cloud Instances" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Add and upgrade any services on the account.", + "id": 1271, + "key": "A_7", + "keyName": "SERVICE_ADD", + "modifyDate": None, + "name": "Add/Upgrade Services" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Add and upgrade any storage services (StorageLayer) on the account.", + "id": 1265, + "key": "A_10", + "keyName": "ADD_SERVICE_STORAGE", + "modifyDate": None, + "name": "Add/Upgrade Storage (StorageLayer)" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Cancel any servers on the account.", + "id": 1270, + "key": "A_6", + "keyName": "SERVER_CANCEL", + "modifyDate": None, + "name": "Cancel Server" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Cancel any services on the account.", + "id": 1273, + "key": "A_9", + "keyName": "SERVICE_CANCEL", + "modifyDate": None, + "name": "Cancel Services" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Upgrade any servers on the account.", + "id": 1269, + "key": "A_5", + "keyName": "SERVER_UPGRADE", + "modifyDate": None, + "name": "Upgrade Server" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Upgrade Services", + "id": 1272, + "key": "A_8", + "keyName": "SERVICE_UPGRADE", + "modifyDate": None, + "name": "Upgrade Services" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Permission to view billing ACH information.", + "id": 5085, + "key": None, + "keyName": "VIEW_ACH_INFO", + "modifyDate": None, + "name": "View Billing ACH Information" + }, + { + "createDate": None, + "departmentId": 2, + "description": "Permission to view an order with reseller pricing.", + "id": 5086, + "key": None, + "keyName": "VIEW_RESELLER_ORDER", + "modifyDate": None, + "name": "View reseller order pricing" + } + ] + }, + { + "description": "Support", + "id": 3, + "keyName": "SUPPORT", + "name": "Support", + "permissions": [ + { + "createDate": None, + "departmentId": 3, + "description": "Add new support tickets.", + "id": 3, + "key": "T_7", + "keyName": "TICKET_ADD", + "modifyDate": None, + "name": "Add Tickets" + }, + { + "createDate": None, + "departmentId": 3, + "description": "Edit support tickets.", + "id": 2, + "key": "T_8", + "keyName": "TICKET_EDIT", + "modifyDate": None, + "name": "Edit Tickets" + }, + { + "createDate": None, + "departmentId": 3, + "description": "Search through previous tickets.", + "id": 203, + "key": "T_2", + "keyName": "TICKET_SEARCH", + "modifyDate": None, + "name": "Search Tickets" + }, + { + "createDate": None, + "departmentId": 3, + "description": "View all tickets regardless of which user the ticket is assigned to.", + "id": 1321, + "key": "T_6", + "keyName": "TICKET_VIEW_ALL", + "modifyDate": None, + "name": "View All Tickets" + }, + { + "createDate": None, + "departmentId": 3, + "description": "View tickets assigned to the user.", + "id": 1, + "key": "T_1", + "keyName": "TICKET_VIEW", + "modifyDate": None, + "name": "View Tickets" + } + ] + }, + { + "description": "Security", + "id": 4, + "keyName": "SECURITY", + "name": "Security", + "permissions": [ + { + "createDate": None, + "departmentId": 4, + "description": "Add, remove, and update certificates (includes the private key).", + "id": 1325, + "key": "SE_9", + "keyName": "SECURITY_CERTIFICATE_MANAGE", + "modifyDate": None, + "name": "Manage Certificates (SSL)" + }, + { + "createDate": None, + "departmentId": 4, + "description": "Create, edit and delete SAML authentication records.", + "id": 3664, + "key": "SM_1", + "keyName": "SAML_AUTHENTICATION_MANAGE", + "modifyDate": None, + "name": "Manage SAML Authentication" + }, + { + "createDate": None, + "departmentId": 4, + "description": "Add, remove, and update SSH keys.", + "id": 1320, + "key": "SE_10", + "keyName": "CUSTOMER_SSH_KEY_MANAGEMENT", + "modifyDate": None, + "name": "Manage SSH Keys" + }, + { + "createDate": None, + "departmentId": 4, + "description": "Request compliance reports.", + "id": 2442, + "key": "COM_1", + "keyName": "REQUEST_COMPLIANCE_REPORT", + "modifyDate": None, + "name": "Request Compliance Report" + }, + { + "createDate": None, + "departmentId": 4, + "description": "View certificates (includes the private key).", + "id": 1324, + "key": "SE_8", + "keyName": "SECURITY_CERTIFICATE_VIEW", + "modifyDate": None, + "name": "View Certificates (SSL)" + }, + { + "createDate": None, + "departmentId": 4, + "description": "Request and view Vulnerability Scans.", + "id": 1295, + "key": "SE_7", + "keyName": "VULN_SCAN_MANAGE", + "modifyDate": None, + "name": "Vulnerability Scanning" + } + ] + }, + { + "description": "Devices", + "id": 5, + "keyName": "DEVICES", + "name": "Devices", + "permissions": [ + { + "createDate": None, + "departmentId": 5, + "description": "Allows a user to access virtual dedicated hosts", + "id": 3679, + "key": "ALL_3", + "keyName": "ACCESS_ALL_DEDICATEDHOSTS", + "modifyDate": None, + "name": "Access Virtual DedicatedHosts" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Add IP Addresses to a server.", + "id": 1281, + "key": "H_6", + "keyName": "IP_ADD", + "modifyDate": None, + "name": "Add IP Addresses" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allow a user to access all guests on the account.", + "id": 1841, + "key": "ALL_2", + "keyName": "ACCESS_ALL_GUEST", + "modifyDate": None, + "name": "All Guest Access" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allow a user to access all hardware on the account.", + "id": 1821, + "key": "ALL_1", + "keyName": "ACCESS_ALL_HARDWARE", + "modifyDate": None, + "name": "All Hardware Access" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Edit hostname and domain name for devices on the account.", + "id": 1304, + "key": "H_7", + "keyName": "HOSTNAME_EDIT", + "modifyDate": None, + "name": "Edit Hostname/Domain" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allows users to edit Hardware Component Hard Drive Dirty Attribute.", + "id": 3742, + "key": None, + "keyName": "HARDWARE_COMPONENT_DRIVE_DIRTY_ATTRIBUTE_EDIT", + "modifyDate": None, + "name": "Hardware Component Hard Drive Dirty Attribute Edit" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View Host IDS logs.", + "id": 1294, + "key": "SE_6", + "keyName": "HOST_ID_MANAGE", + "modifyDate": None, + "name": "Host IDS" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View IPMI details regarding hardware and issue reboot commands through the portal.", + "id": 1277, + "key": "H_2", + "keyName": "REMOTE_MANAGEMENT", + "modifyDate": None, + "name": "IPMI Remote Management" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allows users to manage configuration template.", + "id": 3748, + "key": None, + "keyName": "MANAGE_CONFIGURATION_TEMPLATE", + "modifyDate": None, + "name": "Manage Configuration Template" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allows users to manage customer hardware.", + "id": 3746, + "key": None, + "keyName": "MANAGE_CUSTOMER_HARDWARE", + "modifyDate": None, + "name": "Manage Customer Hardware" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View and edit monitoring information for devices.", + "id": 1278, + "key": "H_3", + "keyName": "MONITORING_MANAGE", + "modifyDate": None, + "name": "Manage Device Monitoring" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Manage Customer Post Provisioning Scripts.", + "id": 541, + "key": "SO_8", + "keyName": "CUSTOMER_POST_PROVISION_SCRIPT_MANAGEMENT", + "modifyDate": None, + "name": "Manage Provisioning Scripts" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Manage Public Image Templates.", + "id": 1323, + "key": "I_1", + "keyName": "PUBLIC_IMAGE_MANAGE", + "modifyDate": None, + "name": "Manage Public Images" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Issue OS reloads and Rescue Kernel for devices.", + "id": 1279, + "key": "H_4", + "keyName": "SERVER_RELOAD", + "modifyDate": None, + "name": "OS Reloads and Rescue Kernel" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View storage details and edit storage passwords.", + "id": 1283, + "key": "NAS_2", + "keyName": "NAS_MANAGE", + "modifyDate": None, + "name": "Storage Manage" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View hardware information such as IP addresses, OS type, p", + "id": 163, + "key": "H_1", + "keyName": "HARDWARE_VIEW", + "modifyDate": None, + "name": "View Hardware Details" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allows users to view location reservation.", + "id": 3750, + "key": None, + "keyName": "VIEW_LOCATION_RESERVATION", + "modifyDate": None, + "name": "View Location Reservation" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View virtual dedicated host information. ", + "id": 3684, + "key": "VH_1", + "keyName": "DEDICATED_HOST_VIEW", + "modifyDate": None, + "name": "View Virtual Dedicated Host Details" + }, + { + "createDate": None, + "departmentId": 5, + "description": "View virtual server information such as IP addresses, OS type, passwords, e", + "id": 1302, + "key": "VG_1", + "keyName": "VIRTUAL_GUEST_VIEW", + "modifyDate": None, + "name": "View Virtual Server Details" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allows users to view and edit dedicated host.", + "id": 6278, + "key": None, + "keyName": "MANAGE_DEDICATED_HOST", + "modifyDate": None, + "name": "View and edit dedicated host" + }, + { + "createDate": None, + "departmentId": 5, + "description": "Allows users to view and edit virtual guest data.", + "id": 6280, + "key": None, + "keyName": "MANAGE_VIRTUAL_GUEST", + "modifyDate": None, + "name": "View and edit virtual guest" + } + ] + }, + { + "description": "Network", + "id": 6, + "keyName": "NETWORK", + "name": "Network", + "permissions": [ + { + "createDate": None, + "departmentId": 6, + "description": "When adding compute (Server or Cloud Instance), a", + "id": 3682, + "key": "NET_6", + "keyName": "PUBLIC_NETWORK_COMPUTE", + "modifyDate": None, + "name": "Add Compute with Public Network Port" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage content delivery network account.", + "id": 1298, + "key": "CDN_1", + "keyName": "CDN_ACCOUNT_MANAGE", + "modifyDate": None, + "name": "Manage CDN Account" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage content delivery network file transfers.", + "id": 1299, + "key": "CDN_2", + "keyName": "CDN_FILE_MANAGE", + "modifyDate": None, + "name": "Manage CDN File Transfers" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Add, edit, and view DNS records managed by SoftLayer.", + "id": 1275, + "key": "DNS_1", + "keyName": "DNS_MANAGE", + "modifyDate": None, + "name": "Manage DNS" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage all firewall rules.", + "id": 1322, + "key": "FW_1", + "keyName": "FIREWALL_RULE_MANAGE", + "modifyDate": None, + "name": "Manage Firewall Rules" + }, + { + "createDate": None, + "departmentId": 6, + "description": "View and edit firewall logs and settings.", + "id": 1290, + "key": "SE_2", + "keyName": "FIREWALL_MANAGE", + "modifyDate": None, + "name": "Manage Firewalls" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage IPSEC network tunnels.", + "id": 250, + "key": "NET_3", + "keyName": "NETWORK_TUNNEL_MANAGE", + "modifyDate": None, + "name": "Manage IPSEC Network Tunnels" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage load balancers.", + "id": 1289, + "key": "LBS_1", + "keyName": "LOADBALANCER_MANAGE", + "modifyDate": None, + "name": "Manage Load Balancers" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage network gateway appliances.", + "id": 1842, + "key": "GTW_1", + "keyName": "GATEWAY_MANAGE", + "modifyDate": None, + "name": "Manage Network Gateways" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage network IDs", + "id": 1293, + "key": "SE_5", + "keyName": "NETWORK_IDS_MANAGE", + "modifyDate": None, + "name": "Manage Network IDs" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage network subnet routes.", + "id": 1301, + "key": "NET_1", + "keyName": "NETWORK_ROUTE_MANAGE", + "modifyDate": None, + "name": "Manage Network Subnet Routes" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Enable and disable private network VLAN spanning.", + "id": 1297, + "key": "NET_2", + "keyName": "NETWORK_VLAN_SPANNING", + "modifyDate": None, + "name": "Manage Network VLAN Spanning" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage port status and speeds for connected devices.", + "id": 1285, + "key": "PO_1", + "keyName": "PORT_CONTROL", + "modifyDate": None, + "name": "Manage Port Control" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Permission to connect and disconnect account with the private endpoint service.", + "id": 5048, + "key": None, + "keyName": "MANAGE_PRIVATE_ENDPOINT_SERVICE", + "modifyDate": None, + "name": "Manage Private Endpoint Service" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Permission to Manage the Public Network", + "id": 3672, + "key": "MP_1", + "keyName": "MANAGE_PUBLIC_NETWORK", + "modifyDate": None, + "name": "Manage Public Network" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage security groups.", + "id": 3678, + "key": "NET_5", + "keyName": "MANAGE_SECURITY_GROUPS", + "modifyDate": None, + "name": "Manage Security Groups" + }, + { + "createDate": None, + "departmentId": 6, + "description": "Manage VPN access for all users.", + "id": 1316, + "key": "VPN_1", + "keyName": "VPN_MANAGE", + "modifyDate": None, + "name": "VPN Administration" + }, + { + "createDate": None, + "departmentId": 6, + "description": "View bandwidth statistics and graphs for hardware.", + "id": 1274, + "key": "B_1", + "keyName": "BANDWIDTH_MANAGE", + "modifyDate": None, + "name": "View Bandwidth Statistics" + }, + { + "createDate": None, + "departmentId": 6, + "description": "View content delivery network bandwidth statistics.", + "id": 1300, + "key": "CDN_3", + "keyName": "CDN_BANDWIDTH_VIEW", + "modifyDate": None, + "name": "View CDN Bandwidth Statistics" + } + ] + }, + { + "description": "Software", + "id": 7, + "keyName": "SOFTWARE", + "name": "Software", + "permissions": [ + { + "createDate": None, + "departmentId": 7, + "description": "View and edit antivirus / spyware logs and settings.", + "id": 1292, + "key": "SE_4", + "keyName": "ANTI_MALWARE_MANAGE", + "modifyDate": None, + "name": "Manage Antivirus/Spyware" + }, + { + "createDate": None, + "departmentId": 7, + "description": "Manage firewall software", + "id": 1291, + "key": "SE_3", + "keyName": "SOFTWARE_FIREWALL_MANAGE", + "modifyDate": None, + "name": "Manage Firewall Software" + }, + { + "createDate": None, + "departmentId": 7, + "description": "Permission to initiate and delete an openstack link.", + "id": 3514, + "key": None, + "keyName": "OPENSTACK_LINK", + "modifyDate": None, + "name": "Openstack Link" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View Customer Software Password", + "id": 240, + "key": "SO_9", + "keyName": "VIEW_CUSTOMER_SOFTWARE_PASSWORD", + "modifyDate": None, + "name": "View Customer Software Password" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View login information for Helm.", + "id": 1263, + "key": "SO_3", + "keyName": "VIEW_HELM", + "modifyDate": None, + "name": "View Helm" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View login information for Plesk.", + "id": 1262, + "key": "SO_2", + "keyName": "VIEW_PLESK", + "modifyDate": None, + "name": "View Plesk" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View login information for QuantaStor.", + "id": 1317, + "key": "SO_7", + "keyName": "VIEW_QUANTASTOR", + "modifyDate": None, + "name": "View QuantaStor" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View login information for Urchin.", + "id": 1264, + "key": "SO_4", + "keyName": "VIEW_URCHIN", + "modifyDate": None, + "name": "View Urchin" + }, + { + "createDate": None, + "departmentId": 7, + "description": "Allows users to view and edit disk image data.", + "id": 6279, + "key": None, + "keyName": "MANAGE_DISK_IMAGE", + "modifyDate": None, + "name": "View and edit disk image" + }, + { + "createDate": None, + "departmentId": 7, + "description": "Allows users to view and edit image template.", + "id": 6277, + "key": None, + "keyName": "IMAGE_TEMPLATE_MANAGE", + "modifyDate": None, + "name": "View and edit manage image template" + }, + { + "createDate": None, + "departmentId": 7, + "description": "Allows users to view and edit software component.", + "id": 6276, + "key": None, + "keyName": "SOFTWARE_MANAGE", + "modifyDate": None, + "name": "View and edit software component" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View login information for cPanel.", + "id": 1261, + "key": "SO_1", + "keyName": "VIEW_CPANEL", + "modifyDate": None, + "name": "View cPanel" + }, + { + "createDate": None, + "departmentId": 7, + "description": "View licenses", + "id": 1280, + "key": "H_5", + "keyName": "LICENSE_VIEW", + "modifyDate": None, + "name": "View licenses" + }, + { + "createDate": None, + "departmentId": 7, + "description": "Allows users to view software account license.", + "id": 6275, + "key": None, + "keyName": "SOFTWARE_LICENSE_MANAGE", + "modifyDate": None, + "name": "View software account license" + } + ] + } +] diff --git a/SoftLayer/managers/user.py b/SoftLayer/managers/user.py index 8e854426c..72b23dfda 100644 --- a/SoftLayer/managers/user.py +++ b/SoftLayer/managers/user.py @@ -15,6 +15,7 @@ LOGGER = logging.getLogger(__name__) +# pylint: disable=too-many-public-methods class UserManager(utils.IdentifierMixin, object): """Manages Users. @@ -76,7 +77,7 @@ def get_current_user(self, objectmask=None): return self.account_service.getCurrentUser(mask=objectmask) def get_all_permissions(self): - """Calls SoftLayer_User_CustomerPermissions_Permission::getAllObjects + """Calls User_Permission_Action::getAllObjects Stores the result in self.all_permissions :returns: A list of dictionaries that contains all valid permissions @@ -86,6 +87,19 @@ def get_all_permissions(self): self.all_permissions = sorted(permissions, key=itemgetter('keyName')) return self.all_permissions + def get_permission_departments(self): + """Calls SoftLayer_User_Permission_Department::getAllObjects + + Stores the result in self.all_permissions + :returns: A list of dictionaries that contains all valid permissions + """ + mask = "mask[permissions[id,keyName,description,name]]" + departments = self.client.call('User_Permission_Department', 'getAllObjects', mask=mask) + for i, department in enumerate(departments): + departments[i]['permissions'] = sorted(department.get('permissions'), key=itemgetter('keyName')) + + return departments + def get_all_notifications(self): """Calls SoftLayer_Email_Subscription::getAllObjects diff --git a/tests/CLI/modules/user_tests.py b/tests/CLI/modules/user_tests.py index 804c9ef1d..514d662ac 100644 --- a/tests/CLI/modules/user_tests.py +++ b/tests/CLI/modules/user_tests.py @@ -113,7 +113,7 @@ def test_print_hardware_access(self): def test_permissions_list(self): result = self.run_command(['user', 'permissions', '11100']) self.assert_no_fail(result) - self.assert_called_with('SoftLayer_User_Permission_Action', 'getAllObjects') + self.assert_called_with('SoftLayer_User_Permission_Department', 'getAllObjects') self.assert_called_with( 'SoftLayer_User_Customer', 'getObject', identifier=11100, mask='mask[id, permissions, isMasterUserFlag, roles]' diff --git a/tests/managers/user_tests.py b/tests/managers/user_tests.py index b5b5f9da1..f129e0c10 100644 --- a/tests/managers/user_tests.py +++ b/tests/managers/user_tests.py @@ -364,3 +364,10 @@ def test_get_api_authentication_keys(self): def test_remove_api_authentication_key(self): self.manager.remove_api_authentication_key(123456) self.assert_called_with('SoftLayer_User_Customer', 'removeApiAuthenticationKey') + + def test_get_permission_departments(self): + result = self.manager.get_permission_departments() + self.assert_called_with('SoftLayer_User_Permission_Department', 'getAllObjects') + # just making sure the lists are sorted. + self.assertEqual(result[0]['permissions'][0]['keyName'], 'ACCOUNT_BILLING_SYSTEM') + self.assertEqual(result[1]['permissions'][8]['keyName'], 'VIEW_ACH_INFO')