Two updates (#1536)

New CRoS actions Allow child privileges in create|update adminrole
2026-06-28 18:01:36 +00:00 · 2022-07-12 11:07:04 -07:00
parent 22e155998d
commit 9da5065700
3 changed files with 33 additions and 14 deletions
--- a/src/gam/gapi/directory/cros.py
+++ b/src/gam/gapi/directory/cros.py
@@ -151,12 +151,19 @@ def doUpdateCros():
            elif action == 'deprovisionupgradetransfer':
                action = 'deprovision'
                deprovisionReason = 'upgrade_transfer'
-            elif action not in ['disable', 'reenable']:
+            elif action in ['disable', 'reenable']:
+                pass
+            elif action == 'preprovisioneddisable':
+                action = 'pre_provisioned_disable'
+            elif action == 'preprovisionedreenable':
+                action = 'pre_provisioned_reenable'
+            else:
                controlflow.system_error_exit(2, f'expected action of ' \
                    f'deprovision_same_model_replace, ' \
                    f'deprovision_different_model_replace, ' \
                    f'deprovision_retiring_device, ' \
-                    f'deprovision_upgrade_transfer, disable or reenable,'
+                    f'deprovision_upgrade_transfer, disable, reenable, '\
+                    f'pre_provisioned_disable, pre_provisioned_reenable'\
                    f' got {action}')
            action_body = {'action': action}
            if deprovisionReason:
--- a/src/gam/gapi/directory/roles.py
+++ b/src/gam/gapi/directory/roles.py
@@ -58,22 +58,32 @@ def getRoleId(role):


 def getPrivileges(body, privs, action):
-    all_privileges = gapi_directory_privileges.print_(return_only=True)
+    def expandChildPrivileges(privilege):
+        for childPrivilege in privilege.get('childPrivileges', []):
+            childPrivileges[childPrivilege['privilegeName']] = childPrivilege['serviceId']
+            expandChildPrivileges(childPrivilege)
+
+    allPrivileges = {}
+    ouPrivileges = {}
+    childPrivileges = {}
+    for privilege in gapi_directory_privileges.print_(return_only=True):
+        allPrivileges[privilege['privilegeName']] = privilege['serviceId']
+        if privilege['isOuScopable']:
+            ouPrivileges[privilege['privilegeName']] = privilege['serviceId']
+        expandChildPrivileges(privilege)
    if privs == 'ALL':
-        body['rolePrivileges'] = [
-            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges
-            ]
+        body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in allPrivileges.items()]
    elif privs == 'ALL_OU':
-        body['rolePrivileges'] = [
-            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable')
-            ]
+        body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in ouPrivileges.items()]
    else:
      body.setdefault('rolePrivileges', [])
      for priv in privs.split(','):
-          for p in all_privileges:
-              if priv == p['privilegeName']:
-                body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']})
-                break
+          if priv in allPrivileges:
+              body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': allPrivileges[priv]})
+          elif priv in ouPrivileges:
+              body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': ouPrivileges[priv]})
+          elif priv in childPrivileges:
+              body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': childPrivileges[priv]})
          else:
              controlflow.invalid_argument_exit(priv,
                                                f'gam {action} adminrole privileges')