You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 lines
5.7 KiB
142 lines
5.7 KiB
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
#
|
|
# listcastablesandeffectiveaccess.py
|
|
# January 2019
|
|
#
|
|
# Usage:
|
|
# listcastablesandeffectiveaccess.py [--noheader] [--rowlevelsecurity] [--sourcetables] [-d]
|
|
#
|
|
# Examples:
|
|
#
|
|
# 1. Return list of all effective access on all CAS tables in all CAS libraries on all servers
|
|
# ./listcastablesandeffectiveaccess.py
|
|
#
|
|
# Copyright © 2019, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the License);
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
debug=False
|
|
|
|
|
|
# Import Python modules
|
|
import argparse
|
|
import sys
|
|
from sharedfunctions import callrestapi
|
|
|
|
# Define exception handler so that we only output trace info from errors when in debug mode
|
|
def exception_handler(exception_type, exception, traceback, debug_hook=sys.excepthook):
|
|
if debug:
|
|
debug_hook(exception_type, exception, traceback)
|
|
else:
|
|
print (exception_type.__name__, exception)
|
|
|
|
sys.excepthook = exception_handler
|
|
|
|
identity_cols=['identity','identityType']
|
|
permissions=['readInfo','select','limitedPromote','promote','createTable','dropTable','deleteSource','insert','update','delete','alterTable','alterCaslib','manageAccess']
|
|
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument("--noheader", action='store_true', help="Do not print the header row")
|
|
parser.add_argument("--rowlevelsecurity", action='store_true', help="Get row level security (i.e. table filters on the select permission)")
|
|
parser.add_argument("--sourcetables", action='store_true', help="Get effective permissions for source tables, rather than in-memory tables which is the default")
|
|
parser.add_argument("-d","--debug", action='store_true', help="Debug")
|
|
args = parser.parse_args()
|
|
noheader=args.noheader
|
|
rowlevelsecurity=args.rowlevelsecurity
|
|
sourcetables=args.sourcetables
|
|
debug=args.debug
|
|
|
|
if rowlevelsecurity:
|
|
permissions.append("tableFilter")
|
|
|
|
# Print header row unless noheader argument was specified
|
|
if not noheader:
|
|
print('server,caslib,table,'+','.join(map(str, identity_cols))+','+','.join(map(str, permissions)))
|
|
|
|
|
|
endpoint='/casManagement/servers'
|
|
method='get'
|
|
|
|
#make the rest call
|
|
serverlist_result_json=callrestapi(endpoint,method)
|
|
|
|
if debug:
|
|
print(serverlist_result_json)
|
|
print('serverlist_result_json is a '+type(serverlist_result_json).__name__+' object') #serverlist_result_json is a dict object
|
|
|
|
servers = serverlist_result_json['items']
|
|
|
|
for server in servers:
|
|
servername=server['name']
|
|
|
|
# List the caslibs in this server
|
|
endpoint='/casManagement/servers/'+servername+'/caslibs?excludeItemLinks=true&limit=10000'
|
|
method='get'
|
|
caslibs_result_json=callrestapi(endpoint,method)
|
|
if debug:
|
|
print(caslibs_result_json)
|
|
print('caslibs_result_json is a '+type(caslibs_result_json).__name__+' object') #caslibs_result_json is a dict object
|
|
caslibs=caslibs_result_json['items']
|
|
|
|
for caslib in caslibs:
|
|
caslibname=caslib['name']
|
|
#print(servername+','+caslibname)
|
|
|
|
# Get the tables in the caslib
|
|
endpoint='/casManagement/servers/'+servername+'/caslibs/'+caslibname+'/tables?excludeItemLinks=true&limit=10000'
|
|
method='get'
|
|
#print('about to list tables')
|
|
|
|
tables_result_json=callrestapi(endpoint,method,stoponerror=False)
|
|
|
|
if debug:
|
|
print(tables_result_json)
|
|
print('tables_result_json is a '+type(tables_result_json).__name__+' object') #tables_result_json is a dict object
|
|
if tables_result_json is not None:
|
|
if tables_result_json['count']==0:
|
|
print(servername+','+caslibname+',[0 tables]')
|
|
if 'items' not in tables_result_json:
|
|
print(servername+','+caslibname+','+tables_result_json['message'])
|
|
else:
|
|
tables=tables_result_json['items']
|
|
for table in tables:
|
|
tablename=table['name']
|
|
# We have the in-memory table name, but if the user requested it, try to use the source table name instead
|
|
if sourcetables and 'tableReference' in table:
|
|
if 'sourceTableName' in table['tableReference']:
|
|
tablename=table['tableReference']['sourceTableName']
|
|
|
|
# Get effective Access Controls on this table
|
|
endpoint='/casAccessManagement/servers/'+servername+'/caslibs/'+caslibname+'/tableControls/'+tablename+'?accessControlType=effective'
|
|
method='get'
|
|
tableaccess_result_json=callrestapi(endpoint,method)
|
|
|
|
#print(tableaccess_result_json)
|
|
for ai in tableaccess_result_json['items']:
|
|
output=servername+','+caslibname+','+tablename
|
|
for col in identity_cols:
|
|
if col in ai:
|
|
output=output+','+ai[col]
|
|
else:
|
|
output=output+','
|
|
for col in permissions:
|
|
if col in ai:
|
|
output=output+','+ai[col]
|
|
else:
|
|
output=output+','
|
|
print output
|
|
else:
|
|
#tables_result_json is None
|
|
print(servername+','+caslibname+',[error getting tables]')
|
|
|