roman
/
sastools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

add applyfolderauthorization.py & update README.md & EXAMPLES.md (#47) 

* Create getauditrecords.py

* Update README.md

* create listmodels.py

* Update README.md to include listmodels.py

* add support to list model projects and repositories

* Update info in readme.md to reflect new name

* add applyauthorizationrules.py and add instructions in README

* update EXAMPLES.md with applyfolderauthorization.py sample command & sample input CSV

* fix applyfolderauthorization example and remove extraneous quotes from EXAMPLES.md

* made files executable

* remove '=====' from list of tools in README.md
master
Ajmal Farzam 6 years ago
committed by GitHub
parent
2cfdbf5ebd
commit
87674a81c9
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 144 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      EXAMPLES.md
  2. 1
      README.md
  3. 117
      applyfolderauthorization.py
  4. 0
      getauditrecords.py
  5. 0
      listmodelobjects.py

27
EXAMPLES.md
View File

@ -266,7 +266,7 @@ importpackages.py -d /tmp/mypackage -q
# #
# none of the above conditions will prevent the processing of additional items in the csv # none of the above conditions will prevent the processing of additional items in the csv
./creategroups.py" -f /tmp/newgroups.csv ./creategroups.py -f /tmp/newgroups.csv
Format of csv file is four columns Format of csv file is four columns
Column 1 group id Column 1 group id
@ -279,3 +279,28 @@ group2,"Group 2","My Group 2"
group3,"Group 3","My Group3",geladm group3,"Group 3","My Group3",geladm
group1,"Group 1","group 1" group1,"Group 1","group 1"
``` ```
**applyfolderauthorization.py**
```bash
# create folder authorization rules using a csv file as input
#
# if the rule already exists it will not be added and the response (from the CLI command) is printed
#
./applyfolderauthorization.py -f /tmp/folderauths.csv
Format of input csv file is 6 columns
Column 1 is the full path to the folder
Column 2 is the principal type
Column 3 is the principal name
Column 4 is the access setting (grant or prohibit)
Column 5 is the permissions on the folder
Column 6 is the conveyed permissions on the folder's contents
For example:
/gelcontent/GELCorp/Marketing/Reports,group,Marketing,grant,"read,add,remove","read,update,delete,add,remove"
/gelcontent/GELCorp/Marketing/Reports,user,Douglas,grant,"read,update,add,remove,delete,secure","read,update,add,remove,delete,secure"
/gelcontent/GELCorp/Marketing/Analyses,group,Marketing,grant,"read,add,remove","read,update,delete,add,remove"
/gelcontent/GELCorp/Marketing/Work in Progress,group,Marketing,grant,"read,update,add,remove,delete,secure","read,update,add,remove,delete,secure"
```

1
README.md
View File

@ -113,6 +113,7 @@ Additional tools provide more complex functionality by combining multiple calls
* **listgroupsandmembers.py** list all groups and all their members * **listgroupsandmembers.py** list all groups and all their members
* **getauditrecords.py** lists audit records from SAS Infrastructure Data Server in CSV or JSON format using REST calls. * **getauditrecords.py** lists audit records from SAS Infrastructure Data Server in CSV or JSON format using REST calls.
* **listmodelobjects.py** lists basic information about model content (models, projects and repositories). * **listmodelobjects.py** lists basic information about model content (models, projects and repositories).
* **applyfolderauthorization.py** apply authorization rules to folders in bulk from a source CSV file.
Check back for additional tools and if you build a tool feel free to contribute it to the collection. Check back for additional tools and if you build a tool feel free to contribute it to the collection.

117
applyfolderauthorization.py
View File

@ -0,0 +1,117 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# applyfolderauthorization.py
#
#
# Change History
#
# 17Mar20 Initial development
#
# Format of input csv file is 6 columns
# Column 1 is the full path to the folder
# Column 2 is the principal type
# Column 3 is the principal name
# Column 4 is the access setting (grant or prohibit)
# Column 5 is the permissions on the folder
# Column 6 is the conveyed permissions on the folder's contents
#
# For example:
# /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure"
#
# Copyright 2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the License);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import argparse
import csv
import os
import json
import subprocess
from sharedfunctions import callrestapi, getfolderid, file_accessible, printresult
# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION
clidir='/opt/sas/viya/home/bin/'
#clidir='c:\\admincli\\'
# setup command-line arguements
parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
parser.add_argument("-f","--file", help="Full path to CSV file. Format of csv: 'folderpath,principaltype,principalid,grant_or_prohibit,perms_on_folder,perms_on_contents",required='True')
args = parser.parse_args()
file=args.file
reqtype="post"
check=file_accessible(file,'r')
constructed_bulk_rules_list=[]
# file can be read
if check:
# print("file: "+file)
with open(file, 'rt') as f:
filecontents = csv.reader(f)
for row in filecontents:
folderpath=row[0]
principaltype=row[1]
principalname=row[2]
accesssetting=row[3]
folderpermissions=row[4]
conveyedpermissions=row[5]
# print("Creating auth rules for "+folderpath)
folderid=getfolderid(folderpath)
folderuri=folderid[0]
reqval='/folders/folders/'+folderuri
# Construct JSON objects from auth rules defined in CSV. Two JSON objects are created for each row of CSV; one for perms on the folder object, one for conveyed perms on the object's contents.
value_dict_object={"description":"Created by applyfolderauthorizations.py",
"objectUri":reqval,
"permissions":folderpermissions.split(','),
"principalType":principaltype,
"principal":principalname,
"type":accesssetting
}
value_dict_container={"description":"Created by applyfolderauthorizations.py",
"containerUri":reqval,
"permissions":conveyedpermissions.split(','),
"principalType":principaltype,
"principal":principalname,
"type":accesssetting
}
constructed_rule_dict_object={
"op":"add",
"value":value_dict_object
}
constructed_rule_dict_container={
"op":"add",
"value":value_dict_container
}
constructed_bulk_rules_list.append(constructed_rule_dict_object)
constructed_bulk_rules_list.append(constructed_rule_dict_container)
else:
print("ERROR: cannot read "+file)
print("Writing out bulk rule JSON file to bulk_rules_list.json")
# Construct JSON schema containing rules
bulk_rules_list_string=json.dumps(constructed_bulk_rules_list,indent=2)
with open("bulk_rules_list.json", "w") as text_file:
text_file.write(bulk_rules_list_string+'\n')
# Execute sas-admin CLI to apply rules from JSON schema
command=clidir+'sas-admin authorization create-rules --file bulk_rules_list.json'
print("Executing command: "+command)
subprocess.call(command, shell=True)

0
getauditrecords.py
View File

0
listmodelobjects.py
View File

Write Preview
Loading…
Cancel
Save