roman
/
sastools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

make cli location and command dynamic

master
Gerry Nelson 5 years ago
parent
539a0c82d2
commit
4a80096aa4
6 changed files with 83 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 28
      applyfolderauthorization.py
  2. 17
      createbinarybackup.py
  3. 25
      explainaccess.py
  4. 12
      getpath.py
  5. 19
      snapshotreports.py
  6. 13
      testfolderaccess.py

28
applyfolderauthorization.py
View File

@ -10,14 +10,14 @@
# #
# Format of input csv file is 6 columns # Format of input csv file is 6 columns
# Column 1 is the full path to the folder # Column 1 is the full path to the folder
# Column 2 is the principal type # Column 2 is the principal type
# Column 3 is the principal name # Column 3 is the principal name
# Column 4 is the access setting (grant or prohibit) # Column 4 is the access setting (grant or prohibit)
# Column 5 is the permissions on the folder # Column 5 is the permissions on the folder
# Column 6 is the conveyed permissions on the folder's contents # Column 6 is the conveyed permissions on the folder's contents
# #
# For example: # For example:
# /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure" # /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure"
# #
# Copyright 2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # Copyright 2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
# #
@ -40,12 +40,16 @@ import json
import subprocess import subprocess
from sharedfunctions import callrestapi, getfolderid, file_accessible, printresult from sharedfunctions import callrestapi, getfolderid, file_accessible, printresult
# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION # get cli location from properties
clidir='/opt/sas/viya/home/bin/' propertylist=getapplicationproperties()
#clidir='c:\\admincli\\'
clidir=propertylist["sascli.location"]
cliexe=propertylist["sascli.executable"]
# setup command-line arguements clicommand=os.path.join(clidir,cliexe)
# setup command-line arguements
parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents") parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
parser.add_argument("-f","--file", help="Full path to CSV file. Format of csv: 'folderpath,principaltype,principalid,grant_or_prohibit,perms_on_folder,perms_on_contents",required='True') parser.add_argument("-f","--file", help="Full path to CSV file. Format of csv: 'folderpath,principaltype,principalid,grant_or_prohibit,perms_on_folder,perms_on_contents",required='True')
args = parser.parse_args() args = parser.parse_args()
@ -74,14 +78,14 @@ if check:
folderid=getfolderid(folderpath) folderid=getfolderid(folderpath)
folderuri=folderid[0] folderuri=folderid[0]
reqval='/folders/folders/'+folderuri reqval='/folders/folders/'+folderuri
# Construct JSON objects from auth rules defined in CSV. Two JSON objects are created for each row of CSV; one for perms on the folder object, one for conveyed perms on the object's contents. # Construct JSON objects from auth rules defined in CSV. Two JSON objects are created for each row of CSV; one for perms on the folder object, one for conveyed perms on the object's contents.
value_dict_object={"description":"Created by applyfolderauthorizations.py", value_dict_object={"description":"Created by applyfolderauthorizations.py",
"objectUri":reqval, "objectUri":reqval,
"permissions":folderpermissions.split(','), "permissions":folderpermissions.split(','),
"principalType":principaltype, "principalType":principaltype,
"principal":principalname, "principal":principalname,
"type":accesssetting "type":accesssetting
} }
value_dict_container={"description":"Created by applyfolderauthorizations.py", value_dict_container={"description":"Created by applyfolderauthorizations.py",
"containerUri":reqval, "containerUri":reqval,
@ -101,17 +105,17 @@ if check:
} }
constructed_bulk_rules_list.append(constructed_rule_dict_object) constructed_bulk_rules_list.append(constructed_rule_dict_object)
constructed_bulk_rules_list.append(constructed_rule_dict_container) constructed_bulk_rules_list.append(constructed_rule_dict_container)
else: else:
print("ERROR: cannot read "+file) print("ERROR: cannot read "+file)
print("Writing out bulk rule JSON file to bulk_rules_list.json") print("Writing out bulk rule JSON file to bulk_rules_list.json")
# Construct JSON schema containing rules # Construct JSON schema containing rules
bulk_rules_list_string=json.dumps(constructed_bulk_rules_list,indent=2) bulk_rules_list_string=json.dumps(constructed_bulk_rules_list,indent=2)
with open("bulk_rules_list.json", "w") as text_file: with open("bulk_rules_list.json", "w") as text_file:
text_file.write(bulk_rules_list_string+'\n') text_file.write(bulk_rules_list_string+'\n')
# Execute sas-admin CLI to apply rules from JSON schema # Execute sas-admin CLI to apply rules from JSON schema
command=clidir+'sas-admin authorization create-rules --file bulk_rules_list.json' command=clicommand+' authorization create-rules --file bulk_rules_list.json'
print("Executing command: "+command) print("Executing command: "+command)
subprocess.call(command, shell=True) subprocess.call(command, shell=True)

17
createbinarybackup.py
View File

@ -23,8 +23,19 @@
# limitations under the License. # limitations under the License.
# #
# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION # get python version
clidir='/opt/sas/viya/home/bin/' version=int(str(sys.version_info[0]))
# get cli location from properties
propertylist=getapplicationproperties()
clidir=propertylist["sascli.location"]
cliexe=propertylist["sascli.executable"]
clicommand=os.path.join(clidir,cliexe)
debug=False debug=False
defaultBackupScheduleName="DEFAULT_BACKUP_SCHEDULE" defaultBackupScheduleName="DEFAULT_BACKUP_SCHEDULE"
newScheduleName="BINARY_BACKUP_SCHEDULE" newScheduleName="BINARY_BACKUP_SCHEDULE"
@ -104,7 +115,7 @@ if debug:
print('jobExecutionRequest_json:') print('jobExecutionRequest_json:')
print(jobExecutionRequest_json) print(jobExecutionRequest_json)
# STEP 3 of 4: Get the href to submit the job from the create jobExecution response # STEP 3 of 4: Get the href to submit the job from the create jobExecution response
links=jobExecutionRequest_json['links'] links=jobExecutionRequest_json['links']
href_found=False href_found=False

25
explainaccess.py
View File

@ -21,7 +21,7 @@
# 4. As 1. with a header row and the folder path, which is useful if you concatenate sets of results in one file # 4. As 1. with a header row and the folder path, which is useful if you concatenate sets of results in one file
# ./explainaccess.py -f /folderA/folderB -p --header # ./explainaccess.py -f /folderA/folderB -p --header
# #
# 5. As 1. showing only rows which include a direct grant or prohibit # 5. As 1. showing only rows which include a direct grant or prohibit
# ./explainaccess.py -f /folderA/folderB --direct_only # ./explainaccess.py -f /folderA/folderB --direct_only
# #
# 6. Explain direct and indirect permissions on a service endpoint. Note in the results that there are no conveyed permissions. # 6. Explain direct and indirect permissions on a service endpoint. Note in the results that there are no conveyed permissions.
@ -35,7 +35,7 @@
# since none of add, remove or create are applicable to a report. # since none of add, remove or create are applicable to a report.
# ./explainaccess.py -u /reports/reports/e2e0e601-b5a9-4601-829a-c5137f7441c6 --header -l read update delete secure # ./explainaccess.py -u /reports/reports/e2e0e601-b5a9-4601-829a-c5137f7441c6 --header -l read update delete secure
# #
# 9. Explain direct and indirect permissions on a folder expressed as a URI. Keep the default permissions list, but for completeness # 9. Explain direct and indirect permissions on a folder expressed as a URI. Keep the default permissions list, but for completeness
# we must also specify -c true to request conveyed permissions be displayed, as they are not displayed by default for URIs. # we must also specify -c true to request conveyed permissions be displayed, as they are not displayed by default for URIs.
# ./explainaccess.py -u /folders/folders/9145d26a-2c0d-4523-8835-ad186bb57fa6 --header -p -c true # ./explainaccess.py -u /folders/folders/9145d26a-2c0d-4523-8835-ad186bb57fa6 --header -p -c true
# #
@ -54,8 +54,17 @@
# limitations under the License. # limitations under the License.
# #
# get python version
version=int(str(sys.version_info[0]))
# get cli location from properties
propertylist=getapplicationproperties()
clidir=propertylist["sascli.location"]
cliexe=propertylist["sascli.executable"]
clicommand=os.path.join(clidir,cliexe)
clidir='/opt/sas/viya/home/bin/'
debug=False debug=False
direct_only=False direct_only=False
valid_permissions=['read','update','delete','secure','add','remove','create'] valid_permissions=['read','update','delete','secure','add','remove','create']
@ -119,7 +128,7 @@ for permission in permissions:
if permission not in valid_permissions: if permission not in valid_permissions:
raise Exception(permission+' is not the name of a permission. Valid permissions are: '+' '.join(map(str, valid_permissions))) raise Exception(permission+' is not the name of a permission. Valid permissions are: '+' '.join(map(str, valid_permissions)))
# Two ways this program can be used: for a folder, or for a URI. # Two ways this program can be used: for a folder, or for a URI.
if path_to_folder: if path_to_folder:
getfolderid_result_json=getfolderid(path_to_folder) getfolderid_result_json=getfolderid(path_to_folder)
@ -141,7 +150,7 @@ if path_to_folder:
convey=False convey=False
else: else:
convey=True convey=True
else: else:
explainuri=objecturi explainuri=objecturi
# This tool explains the permissions of any object. # This tool explains the permissions of any object.
@ -161,7 +170,7 @@ else:
else: else:
convey=False convey=False
#Use the /authorization/decision endpoint to ask for an explanation of the rules that are relevant to principals on this URI #Use the /authorization/decision endpoint to ask for an explanation of the rules that are relevant to principals on this URI
#See Authorization API documentation in swagger at http://swagger.na.sas.com/apis/authorization/v4/apidoc.html#op:createExplanation #See Authorization API documentation in swagger at http://swagger.na.sas.com/apis/authorization/v4/apidoc.html#op:createExplanation
endpoint='/authorization/decision' endpoint='/authorization/decision'
@ -215,7 +224,7 @@ for pi in e:
# Permissions on object # Permissions on object
for permission in permissions: for permission in permissions:
# Not all objects have all the permissions # Not all objects have all the permissions
# Note that some objects do have permissions which are not meaningful for that object. # Note that some objects do have permissions which are not meaningful for that object.
# E.g. SASAdministrators are granted Add and Remove on reports, by an OOTB rule which grants SASAdministrators all permissions (including Add and Remove) on /**. # E.g. SASAdministrators are granted Add and Remove on reports, by an OOTB rule which grants SASAdministrators all permissions (including Add and Remove) on /**.
# Meanwhile, Add and Remove are not shown in the View or Edit Authotizations dialogs for reports in EV etc. # Meanwhile, Add and Remove are not shown in the View or Edit Authotizations dialogs for reports in EV etc.
# So, while it may be correct for the /authorization/decisions endpoint to explain that SASAdministrators are granted Add and Remove on a report, # So, while it may be correct for the /authorization/decisions endpoint to explain that SASAdministrators are granted Add and Remove on a report,
@ -271,7 +280,7 @@ for pi in e:
else: else:
# This permission was absent from the expanation for this principal # This permission was absent from the expanation for this principal
outstr=outstr+',' outstr=outstr+','
# Conveyed permissions # Conveyed permissions
if convey: if convey:
for permission in permissions: for permission in permissions:
# Not all objects have all the permissions # Not all objects have all the permissions

12
getpath.py
View File

@ -31,7 +31,17 @@
# #
clidir='/opt/sas/viya/home/bin/' # get python version
version=int(str(sys.version_info[0]))
# get cli location from properties
propertylist=getapplicationproperties()
clidir=propertylist["sascli.location"]
cliexe=propertylist["sascli.executable"]
clicommand=os.path.join(clidir,cliexe)
debug=False debug=False
# Import Python modules # Import Python modules

19
snapshotreports.py
View File

@ -45,8 +45,17 @@ from sharedfunctions import getfolderid, callrestapi, getpath
# get python version # get python version
version=int(str(sys.version_info[0])) version=int(str(sys.version_info[0]))
# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION # get python version
clidir='/opt/sas/viya/home/bin/' version=int(str(sys.version_info[0]))
# get cli location from properties
propertylist=getapplicationproperties()
clidir=propertylist["sascli.location"]
cliexe=propertylist["sascli.executable"]
clicommand=os.path.join(clidir,cliexe)
# get input parameters # get input parameters
parser = argparse.ArgumentParser(description="Export Viya Reports each to its own unique transfer package") parser = argparse.ArgumentParser(description="Export Viya Reports each to its own unique transfer package")
@ -151,7 +160,7 @@ if areyousure.upper() =='Y':
json_name=json_name.replace(")","_") json_name=json_name.replace(")","_")
json_name=json_name.replace(" ","-") json_name=json_name.replace(" ","-")
command=clidir+'sas-admin transfer export -u /reports/reports/'+id+' --name "'+package_name+'"' command=clicommand+' transfer export -u /reports/reports/'+id+' --name "'+package_name+'"'
print(command) print(command)
subprocess.call(command, shell=True) subprocess.call(command, shell=True)
@ -161,12 +170,12 @@ if areyousure.upper() =='Y':
package_id=package_info['items'][0]['id'] package_id=package_info['items'][0]['id']
completefile=os.path.join(path,json_name+'.json') completefile=os.path.join(path,json_name+'.json')
command=clidir+'sas-admin transfer download --file '+completefile+' --id '+package_id command=clicommand+' transfer download --file '+completefile+' --id '+package_id
print(command) print(command)
subprocess.call(command, shell=True) subprocess.call(command, shell=True)
#time.sleep(1) #time.sleep(1)
if autotranferremove: if autotranferremove:
print(clidir+'sas-admin transfer delete --id '+package_id+"\n") print(clicommand+' transfer delete --id '+package_id+"\n")
remTransferObject = subprocess.Popen(clidir+'sas-admin transfer delete --id '+package_id, stdin=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) remTransferObject = subprocess.Popen(clidir+'sas-admin transfer delete --id '+package_id, stdin=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
remTransferObjectOutput = remTransferObject.communicate(b'Y\n') remTransferObjectOutput = remTransferObject.communicate(b'Y\n')
remTransferObject.wait() remTransferObject.wait()

13
testfolderaccess.py
View File

@ -24,8 +24,17 @@
# limitations under the License. # limitations under the License.
# #
# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION # get python version
clidir='/opt/sas/viya/home/bin/' version=int(str(sys.version_info[0]))
# get cli location from properties
propertylist=getapplicationproperties()
clidir=propertylist["sascli.location"]
cliexe=propertylist["sascli.executable"]
clicommand=os.path.join(clidir,cliexe)
debug=False debug=False
# Import Python modules # Import Python modules

Write Preview
Loading…
Cancel
Save