add applyfolderauthorization.py & update README.md & EXAMPLES.md (#47)

* Create getauditrecords.py

* Update README.md

* create listmodels.py

* Update README.md to include listmodels.py

* add support to list model projects and repositories

* Update info in readme.md to reflect new name

* add applyauthorizationrules.py and add instructions in README

* update EXAMPLES.md with applyfolderauthorization.py sample command & sample input CSV

* fix applyfolderauthorization example and remove extraneous quotes from EXAMPLES.md

* made files executable

* remove '=====' from list of tools in README.md

EXAMPLES.md

@@ -266,7 +266,7 @@ importpackages.py -d /tmp/mypackage -q
 #
 # none of the above conditions will prevent the processing of additional items in the csv
 
-./creategroups.py" -f /tmp/newgroups.csv
+./creategroups.py -f /tmp/newgroups.csv
 
 Format of csv file is four columns
 Column 1 group id 
@@ -279,3 +279,28 @@ group2,"Group 2","My Group 2"
 group3,"Group 3","My Group3",geladm
 group1,"Group 1","group 1"
 ```  
+
+**applyfolderauthorization.py**
+
+```bash
+# create folder authorization rules using a csv file as input
+#
+# if the rule already exists it will not be added and the response (from the CLI command) is printed
+#
+
+./applyfolderauthorization.py -f /tmp/folderauths.csv
+
+Format of input csv file is 6 columns
+Column 1 is the full path to the folder
+Column 2 is the principal type 
+Column 3 is the principal name
+Column 4 is the access setting (grant or prohibit)
+Column 5 is the permissions on the folder
+Column 6 is the conveyed permissions on the folder's contents 
+
+For example:
+/gelcontent/GELCorp/Marketing/Reports,group,Marketing,grant,"read,add,remove","read,update,delete,add,remove"
+/gelcontent/GELCorp/Marketing/Reports,user,Douglas,grant,"read,update,add,remove,delete,secure","read,update,add,remove,delete,secure"
+/gelcontent/GELCorp/Marketing/Analyses,group,Marketing,grant,"read,add,remove","read,update,delete,add,remove"
+/gelcontent/GELCorp/Marketing/Work in Progress,group,Marketing,grant,"read,update,add,remove,delete,secure","read,update,add,remove,delete,secure"
+```  

README.md

@@ -113,6 +113,7 @@ Additional tools provide more complex functionality by combining multiple calls
 * **listgroupsandmembers.py** list all groups and all their members
 * **getauditrecords.py** lists audit records from SAS Infrastructure Data Server in CSV or JSON format using REST calls.
 * **listmodelobjects.py** lists basic information about model content (models, projects and repositories).
+* **applyfolderauthorization.py** apply authorization rules to folders in bulk from a source CSV file.
 
 
 Check back for additional tools and if you build a tool feel free to contribute it to the collection.

applyfolderauthorization.py

@@ -0,0 +1,117 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# applyfolderauthorization.py
+#
+#
+# Change History
+#
+# 17Mar20 Initial development
+#
+# Format of input csv file is 6 columns
+# Column 1 is the full path to the folder
+# Column 2 is the principal type 
+# Column 3 is the principal name
+# Column 4 is the access setting (grant or prohibit)
+# Column 5 is the permissions on the folder
+# Column 6 is the conveyed permissions on the folder's contents 
+#
+# For example:
+# /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure" 
+#
+# Copyright 2020, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the License);
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+import argparse
+import csv
+import os
+import json
+import subprocess
+from sharedfunctions import callrestapi, getfolderid, file_accessible, printresult
+
+# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION
+clidir='/opt/sas/viya/home/bin/'
+#clidir='c:\\admincli\\'
+
+
+# setup command-line arguements    
+parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
+parser.add_argument("-f","--file", help="Full path to CSV file. Format of csv: 'folderpath,principaltype,principalid,grant_or_prohibit,perms_on_folder,perms_on_contents",required='True')
+args = parser.parse_args()
+file=args.file
+
+reqtype="post"
+
+check=file_accessible(file,'r')
+constructed_bulk_rules_list=[]
+
+# file can be read
+if check:
+#    print("file: "+file)
+    with open(file, 'rt') as f:
+        filecontents = csv.reader(f)
+        for row in filecontents:
+            folderpath=row[0]
+            principaltype=row[1]
+            principalname=row[2]
+            accesssetting=row[3]
+            folderpermissions=row[4]
+            conveyedpermissions=row[5]
+
+#            print("Creating auth rules for "+folderpath)
+
+            folderid=getfolderid(folderpath)
+            folderuri=folderid[0]
+            reqval='/folders/folders/'+folderuri
+           
+# Construct JSON objects from auth rules defined in CSV. Two JSON objects are created for each row of CSV; one for perms on the folder object, one for conveyed perms on the object's contents.
+            value_dict_object={"description":"Created by applyfolderauthorizations.py",
+                        "objectUri":reqval,
+                        "permissions":folderpermissions.split(','),
+                        "principalType":principaltype,
+                        "principal":principalname,
+                        "type":accesssetting                        
+                       }
+            value_dict_container={"description":"Created by applyfolderauthorizations.py",
+                                  "containerUri":reqval,
+                                  "permissions":conveyedpermissions.split(','),
+                                  "principalType":principaltype,
+                                  "principal":principalname,
+                                  "type":accesssetting
+                                 }
+
+            constructed_rule_dict_object={
+                                   "op":"add",
+                                    "value":value_dict_object
+                                   }
+            constructed_rule_dict_container={
+                                       "op":"add",
+                                       "value":value_dict_container
+                                      }
+            constructed_bulk_rules_list.append(constructed_rule_dict_object)
+            constructed_bulk_rules_list.append(constructed_rule_dict_container)
+            
+else:
+    print("ERROR: cannot read "+file)
+
+print("Writing out bulk rule JSON file to bulk_rules_list.json")
+# Construct JSON schema containing rules 
+bulk_rules_list_string=json.dumps(constructed_bulk_rules_list,indent=2)
+with open("bulk_rules_list.json", "w") as text_file:
+    text_file.write(bulk_rules_list_string+'\n')
+
+# Execute sas-admin CLI to apply rules from JSON schema
+command=clidir+'sas-admin authorization create-rules --file bulk_rules_list.json'
+print("Executing command: "+command)
+subprocess.call(command, shell=True)