Two updates (#1536)

New CRoS actions

Allow child privileges in create|update adminrole
This commit is contained in:
Ross Scroggs
2022-07-12 11:07:04 -07:00
committed by GitHub
parent 22e155998d
commit 9da5065700
3 changed files with 33 additions and 14 deletions

View File

@@ -1303,7 +1303,9 @@ gam update chatmessage name <String>
deprovision_retiring_device| deprovision_retiring_device|
deprovision_upgrade_transfer| deprovision_upgrade_transfer|
disable| disable|
reenable reenable|
pre_provisioned_disable|
pre_provisioned_reenable
gam update cros <CrOSEntity> action <CrOSAction> [acknowledge_device_touch_requirement] gam update cros <CrOSEntity> action <CrOSAction> [acknowledge_device_touch_requirement]

View File

@@ -151,12 +151,19 @@ def doUpdateCros():
elif action == 'deprovisionupgradetransfer': elif action == 'deprovisionupgradetransfer':
action = 'deprovision' action = 'deprovision'
deprovisionReason = 'upgrade_transfer' deprovisionReason = 'upgrade_transfer'
elif action not in ['disable', 'reenable']: elif action in ['disable', 'reenable']:
pass
elif action == 'preprovisioneddisable':
action = 'pre_provisioned_disable'
elif action == 'preprovisionedreenable':
action = 'pre_provisioned_reenable'
else:
controlflow.system_error_exit(2, f'expected action of ' \ controlflow.system_error_exit(2, f'expected action of ' \
f'deprovision_same_model_replace, ' \ f'deprovision_same_model_replace, ' \
f'deprovision_different_model_replace, ' \ f'deprovision_different_model_replace, ' \
f'deprovision_retiring_device, ' \ f'deprovision_retiring_device, ' \
f'deprovision_upgrade_transfer, disable or reenable,' f'deprovision_upgrade_transfer, disable, reenable, '\
f'pre_provisioned_disable, pre_provisioned_reenable'\
f' got {action}') f' got {action}')
action_body = {'action': action} action_body = {'action': action}
if deprovisionReason: if deprovisionReason:

View File

@@ -58,22 +58,32 @@ def getRoleId(role):
def getPrivileges(body, privs, action): def getPrivileges(body, privs, action):
all_privileges = gapi_directory_privileges.print_(return_only=True) def expandChildPrivileges(privilege):
for childPrivilege in privilege.get('childPrivileges', []):
childPrivileges[childPrivilege['privilegeName']] = childPrivilege['serviceId']
expandChildPrivileges(childPrivilege)
allPrivileges = {}
ouPrivileges = {}
childPrivileges = {}
for privilege in gapi_directory_privileges.print_(return_only=True):
allPrivileges[privilege['privilegeName']] = privilege['serviceId']
if privilege['isOuScopable']:
ouPrivileges[privilege['privilegeName']] = privilege['serviceId']
expandChildPrivileges(privilege)
if privs == 'ALL': if privs == 'ALL':
body['rolePrivileges'] = [ body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in allPrivileges.items()]
{'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges
]
elif privs == 'ALL_OU': elif privs == 'ALL_OU':
body['rolePrivileges'] = [ body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in ouPrivileges.items()]
{'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable')
]
else: else:
body.setdefault('rolePrivileges', []) body.setdefault('rolePrivileges', [])
for priv in privs.split(','): for priv in privs.split(','):
for p in all_privileges: if priv in allPrivileges:
if priv == p['privilegeName']: body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': allPrivileges[priv]})
body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']}) elif priv in ouPrivileges:
break body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': ouPrivileges[priv]})
elif priv in childPrivileges:
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': childPrivileges[priv]})
else: else:
controlflow.invalid_argument_exit(priv, controlflow.invalid_argument_exit(priv,
f'gam {action} adminrole privileges') f'gam {action} adminrole privileges')