From 4a80096aa4ddbc41cc032c26ebc909b8b193bc17 Mon Sep 17 00:00:00 2001 From: Gerry Nelson Date: Tue, 24 Nov 2020 14:00:42 -0500 Subject: [PATCH] make cli location and command dynamic --- applyfolderauthorization.py | 28 ++++++++++++++++------------ createbinarybackup.py | 17 ++++++++++++++--- explainaccess.py | 25 +++++++++++++++++-------- getpath.py | 12 +++++++++++- snapshotreports.py | 19 ++++++++++++++----- testfolderaccess.py | 13 +++++++++++-- 6 files changed, 83 insertions(+), 31 deletions(-) diff --git a/applyfolderauthorization.py b/applyfolderauthorization.py index ad2bf76..78979ae 100755 --- a/applyfolderauthorization.py +++ b/applyfolderauthorization.py @@ -10,14 +10,14 @@ # # Format of input csv file is 6 columns # Column 1 is the full path to the folder -# Column 2 is the principal type +# Column 2 is the principal type # Column 3 is the principal name # Column 4 is the access setting (grant or prohibit) # Column 5 is the permissions on the folder -# Column 6 is the conveyed permissions on the folder's contents +# Column 6 is the conveyed permissions on the folder's contents # # For example: -# /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure" +# /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure" # # Copyright 2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # @@ -40,12 +40,16 @@ import json import subprocess from sharedfunctions import callrestapi, getfolderid, file_accessible, printresult -# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION -clidir='/opt/sas/viya/home/bin/' -#clidir='c:\\admincli\\' +# get cli location from properties +propertylist=getapplicationproperties() +clidir=propertylist["sascli.location"] +cliexe=propertylist["sascli.executable"] -# setup command-line arguements +clicommand=os.path.join(clidir,cliexe) + + +# setup command-line arguements parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents") parser.add_argument("-f","--file", help="Full path to CSV file. Format of csv: 'folderpath,principaltype,principalid,grant_or_prohibit,perms_on_folder,perms_on_contents",required='True') args = parser.parse_args() @@ -74,14 +78,14 @@ if check: folderid=getfolderid(folderpath) folderuri=folderid[0] reqval='/folders/folders/'+folderuri - + # Construct JSON objects from auth rules defined in CSV. Two JSON objects are created for each row of CSV; one for perms on the folder object, one for conveyed perms on the object's contents. value_dict_object={"description":"Created by applyfolderauthorizations.py", "objectUri":reqval, "permissions":folderpermissions.split(','), "principalType":principaltype, "principal":principalname, - "type":accesssetting + "type":accesssetting } value_dict_container={"description":"Created by applyfolderauthorizations.py", "containerUri":reqval, @@ -101,17 +105,17 @@ if check: } constructed_bulk_rules_list.append(constructed_rule_dict_object) constructed_bulk_rules_list.append(constructed_rule_dict_container) - + else: print("ERROR: cannot read "+file) print("Writing out bulk rule JSON file to bulk_rules_list.json") -# Construct JSON schema containing rules +# Construct JSON schema containing rules bulk_rules_list_string=json.dumps(constructed_bulk_rules_list,indent=2) with open("bulk_rules_list.json", "w") as text_file: text_file.write(bulk_rules_list_string+'\n') # Execute sas-admin CLI to apply rules from JSON schema -command=clidir+'sas-admin authorization create-rules --file bulk_rules_list.json' +command=clicommand+' authorization create-rules --file bulk_rules_list.json' print("Executing command: "+command) subprocess.call(command, shell=True) diff --git a/createbinarybackup.py b/createbinarybackup.py index 6ef1eef..ad96448 100755 --- a/createbinarybackup.py +++ b/createbinarybackup.py @@ -23,8 +23,19 @@ # limitations under the License. # -# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION -clidir='/opt/sas/viya/home/bin/' +# get python version +version=int(str(sys.version_info[0])) + +# get cli location from properties +propertylist=getapplicationproperties() + +clidir=propertylist["sascli.location"] +cliexe=propertylist["sascli.executable"] + +clicommand=os.path.join(clidir,cliexe) + + + debug=False defaultBackupScheduleName="DEFAULT_BACKUP_SCHEDULE" newScheduleName="BINARY_BACKUP_SCHEDULE" @@ -104,7 +115,7 @@ if debug: print('jobExecutionRequest_json:') print(jobExecutionRequest_json) -# STEP 3 of 4: Get the href to submit the job from the create jobExecution response +# STEP 3 of 4: Get the href to submit the job from the create jobExecution response links=jobExecutionRequest_json['links'] href_found=False diff --git a/explainaccess.py b/explainaccess.py index c106a75..b13caa6 100755 --- a/explainaccess.py +++ b/explainaccess.py @@ -21,7 +21,7 @@ # 4. As 1. with a header row and the folder path, which is useful if you concatenate sets of results in one file # ./explainaccess.py -f /folderA/folderB -p --header # -# 5. As 1. showing only rows which include a direct grant or prohibit +# 5. As 1. showing only rows which include a direct grant or prohibit # ./explainaccess.py -f /folderA/folderB --direct_only # # 6. Explain direct and indirect permissions on a service endpoint. Note in the results that there are no conveyed permissions. @@ -35,7 +35,7 @@ # since none of add, remove or create are applicable to a report. # ./explainaccess.py -u /reports/reports/e2e0e601-b5a9-4601-829a-c5137f7441c6 --header -l read update delete secure # -# 9. Explain direct and indirect permissions on a folder expressed as a URI. Keep the default permissions list, but for completeness +# 9. Explain direct and indirect permissions on a folder expressed as a URI. Keep the default permissions list, but for completeness # we must also specify -c true to request conveyed permissions be displayed, as they are not displayed by default for URIs. # ./explainaccess.py -u /folders/folders/9145d26a-2c0d-4523-8835-ad186bb57fa6 --header -p -c true # @@ -54,8 +54,17 @@ # limitations under the License. # +# get python version +version=int(str(sys.version_info[0])) + +# get cli location from properties +propertylist=getapplicationproperties() + +clidir=propertylist["sascli.location"] +cliexe=propertylist["sascli.executable"] + +clicommand=os.path.join(clidir,cliexe) -clidir='/opt/sas/viya/home/bin/' debug=False direct_only=False valid_permissions=['read','update','delete','secure','add','remove','create'] @@ -119,7 +128,7 @@ for permission in permissions: if permission not in valid_permissions: raise Exception(permission+' is not the name of a permission. Valid permissions are: '+' '.join(map(str, valid_permissions))) -# Two ways this program can be used: for a folder, or for a URI. +# Two ways this program can be used: for a folder, or for a URI. if path_to_folder: getfolderid_result_json=getfolderid(path_to_folder) @@ -141,7 +150,7 @@ if path_to_folder: convey=False else: convey=True - + else: explainuri=objecturi # This tool explains the permissions of any object. @@ -161,7 +170,7 @@ else: else: convey=False - + #Use the /authorization/decision endpoint to ask for an explanation of the rules that are relevant to principals on this URI #See Authorization API documentation in swagger at http://swagger.na.sas.com/apis/authorization/v4/apidoc.html#op:createExplanation endpoint='/authorization/decision' @@ -215,7 +224,7 @@ for pi in e: # Permissions on object for permission in permissions: # Not all objects have all the permissions - # Note that some objects do have permissions which are not meaningful for that object. + # Note that some objects do have permissions which are not meaningful for that object. # E.g. SASAdministrators are granted Add and Remove on reports, by an OOTB rule which grants SASAdministrators all permissions (including Add and Remove) on /**. # Meanwhile, Add and Remove are not shown in the View or Edit Authotizations dialogs for reports in EV etc. # So, while it may be correct for the /authorization/decisions endpoint to explain that SASAdministrators are granted Add and Remove on a report, @@ -271,7 +280,7 @@ for pi in e: else: # This permission was absent from the expanation for this principal outstr=outstr+',' - # Conveyed permissions + # Conveyed permissions if convey: for permission in permissions: # Not all objects have all the permissions diff --git a/getpath.py b/getpath.py index b04f474..ae3fe53 100755 --- a/getpath.py +++ b/getpath.py @@ -31,7 +31,17 @@ # -clidir='/opt/sas/viya/home/bin/' +# get python version +version=int(str(sys.version_info[0])) + +# get cli location from properties +propertylist=getapplicationproperties() + +clidir=propertylist["sascli.location"] +cliexe=propertylist["sascli.executable"] + +clicommand=os.path.join(clidir,cliexe) + debug=False # Import Python modules diff --git a/snapshotreports.py b/snapshotreports.py index 8f2e6b1..896889b 100755 --- a/snapshotreports.py +++ b/snapshotreports.py @@ -45,8 +45,17 @@ from sharedfunctions import getfolderid, callrestapi, getpath # get python version version=int(str(sys.version_info[0])) -# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION -clidir='/opt/sas/viya/home/bin/' +# get python version +version=int(str(sys.version_info[0])) + +# get cli location from properties +propertylist=getapplicationproperties() + +clidir=propertylist["sascli.location"] +cliexe=propertylist["sascli.executable"] + +clicommand=os.path.join(clidir,cliexe) + # get input parameters parser = argparse.ArgumentParser(description="Export Viya Reports each to its own unique transfer package") @@ -151,7 +160,7 @@ if areyousure.upper() =='Y': json_name=json_name.replace(")","_") json_name=json_name.replace(" ","-") - command=clidir+'sas-admin transfer export -u /reports/reports/'+id+' --name "'+package_name+'"' + command=clicommand+' transfer export -u /reports/reports/'+id+' --name "'+package_name+'"' print(command) subprocess.call(command, shell=True) @@ -161,12 +170,12 @@ if areyousure.upper() =='Y': package_id=package_info['items'][0]['id'] completefile=os.path.join(path,json_name+'.json') - command=clidir+'sas-admin transfer download --file '+completefile+' --id '+package_id + command=clicommand+' transfer download --file '+completefile+' --id '+package_id print(command) subprocess.call(command, shell=True) #time.sleep(1) if autotranferremove: - print(clidir+'sas-admin transfer delete --id '+package_id+"\n") + print(clicommand+' transfer delete --id '+package_id+"\n") remTransferObject = subprocess.Popen(clidir+'sas-admin transfer delete --id '+package_id, stdin=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) remTransferObjectOutput = remTransferObject.communicate(b'Y\n') remTransferObject.wait() diff --git a/testfolderaccess.py b/testfolderaccess.py index a24d70e..0c3f34f 100755 --- a/testfolderaccess.py +++ b/testfolderaccess.py @@ -24,8 +24,17 @@ # limitations under the License. # -# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION -clidir='/opt/sas/viya/home/bin/' +# get python version +version=int(str(sys.version_info[0])) + +# get cli location from properties +propertylist=getapplicationproperties() + +clidir=propertylist["sascli.location"] +cliexe=propertylist["sascli.executable"] + +clicommand=os.path.join(clidir,cliexe) + debug=False # Import Python modules