From 9da5065700f73cf05931005ddd3a12aa45fb1b7a Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Tue, 12 Jul 2022 11:07:04 -0700 Subject: [PATCH] Two updates (#1536) New CRoS actions Allow child privileges in create|update adminrole --- src/GamCommands.txt | 4 +++- src/gam/gapi/directory/cros.py | 11 +++++++++-- src/gam/gapi/directory/roles.py | 32 +++++++++++++++++++++----------- 3 files changed, 33 insertions(+), 14 deletions(-) diff --git a/src/GamCommands.txt b/src/GamCommands.txt index f35415a2..69f3440b 100644 --- a/src/GamCommands.txt +++ b/src/GamCommands.txt @@ -1303,7 +1303,9 @@ gam update chatmessage name deprovision_retiring_device| deprovision_upgrade_transfer| disable| - reenable + reenable| + pre_provisioned_disable| + pre_provisioned_reenable gam update cros action [acknowledge_device_touch_requirement] diff --git a/src/gam/gapi/directory/cros.py b/src/gam/gapi/directory/cros.py index f7fc2268..a191d7a0 100644 --- a/src/gam/gapi/directory/cros.py +++ b/src/gam/gapi/directory/cros.py @@ -151,12 +151,19 @@ def doUpdateCros(): elif action == 'deprovisionupgradetransfer': action = 'deprovision' deprovisionReason = 'upgrade_transfer' - elif action not in ['disable', 'reenable']: + elif action in ['disable', 'reenable']: + pass + elif action == 'preprovisioneddisable': + action = 'pre_provisioned_disable' + elif action == 'preprovisionedreenable': + action = 'pre_provisioned_reenable' + else: controlflow.system_error_exit(2, f'expected action of ' \ f'deprovision_same_model_replace, ' \ f'deprovision_different_model_replace, ' \ f'deprovision_retiring_device, ' \ - f'deprovision_upgrade_transfer, disable or reenable,' + f'deprovision_upgrade_transfer, disable, reenable, '\ + f'pre_provisioned_disable, pre_provisioned_reenable'\ f' got {action}') action_body = {'action': action} if deprovisionReason: diff --git a/src/gam/gapi/directory/roles.py b/src/gam/gapi/directory/roles.py index e3e8e76a..592e0f8a 100644 --- a/src/gam/gapi/directory/roles.py +++ b/src/gam/gapi/directory/roles.py @@ -58,22 +58,32 @@ def getRoleId(role): def getPrivileges(body, privs, action): - all_privileges = gapi_directory_privileges.print_(return_only=True) + def expandChildPrivileges(privilege): + for childPrivilege in privilege.get('childPrivileges', []): + childPrivileges[childPrivilege['privilegeName']] = childPrivilege['serviceId'] + expandChildPrivileges(childPrivilege) + + allPrivileges = {} + ouPrivileges = {} + childPrivileges = {} + for privilege in gapi_directory_privileges.print_(return_only=True): + allPrivileges[privilege['privilegeName']] = privilege['serviceId'] + if privilege['isOuScopable']: + ouPrivileges[privilege['privilegeName']] = privilege['serviceId'] + expandChildPrivileges(privilege) if privs == 'ALL': - body['rolePrivileges'] = [ - {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges - ] + body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in allPrivileges.items()] elif privs == 'ALL_OU': - body['rolePrivileges'] = [ - {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable') - ] + body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in ouPrivileges.items()] else: body.setdefault('rolePrivileges', []) for priv in privs.split(','): - for p in all_privileges: - if priv == p['privilegeName']: - body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']}) - break + if priv in allPrivileges: + body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': allPrivileges[priv]}) + elif priv in ouPrivileges: + body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': ouPrivileges[priv]}) + elif priv in childPrivileges: + body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': childPrivileges[priv]}) else: controlflow.invalid_argument_exit(priv, f'gam {action} adminrole privileges')