roman
/
sastools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69 Commits
2 Branches
1 Tag
359 KiB
 
 
Tree: 87674a81c9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '87674a81c9'
${ noResults }
sastools/applyfolderauthorization.py

117 lines
4.5 KiB
Raw Blame History

#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# applyfolderauthorization.py
#
#
# Change History
#
# 17Mar20 Initial development
#
# Format of input csv file is 6 columns
# Column 1 is the full path to the folder
# Column 2 is the principal type
# Column 3 is the principal name
# Column 4 is the access setting (grant or prohibit)
# Column 5 is the permissions on the folder
# Column 6 is the conveyed permissions on the folder's contents
#
# For example:
# /gelcontent/gelcorp/marketing/reports,group,Marketing,grant,"read,add,remove","read,update,add,remove,delete,secure"
#
# Copyright 2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the License);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import argparse
import csv
import os
import json
import subprocess
from sharedfunctions import callrestapi, getfolderid, file_accessible, printresult
# CHANGE THIS VARIABLE IF YOUR CLI IS IN A DIFFERENT LOCATION
clidir='/opt/sas/viya/home/bin/'
#clidir='c:\\admincli\\'
# setup command-line arguements
parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
parser.add_argument("-f","--file", help="Full path to CSV file. Format of csv: 'folderpath,principaltype,principalid,grant_or_prohibit,perms_on_folder,perms_on_contents",required='True')
args = parser.parse_args()
file=args.file
reqtype="post"
check=file_accessible(file,'r')
constructed_bulk_rules_list=[]
# file can be read
if check:
# print("file: "+file)
with open(file, 'rt') as f:
filecontents = csv.reader(f)
for row in filecontents:
folderpath=row[0]
principaltype=row[1]
principalname=row[2]
accesssetting=row[3]
folderpermissions=row[4]
conveyedpermissions=row[5]
# print("Creating auth rules for "+folderpath)
folderid=getfolderid(folderpath)
folderuri=folderid[0]
reqval='/folders/folders/'+folderuri
# Construct JSON objects from auth rules defined in CSV. Two JSON objects are created for each row of CSV; one for perms on the folder object, one for conveyed perms on the object's contents.
value_dict_object={"description":"Created by applyfolderauthorizations.py",
"objectUri":reqval,
"permissions":folderpermissions.split(','),
"principalType":principaltype,
"principal":principalname,
"type":accesssetting
}
value_dict_container={"description":"Created by applyfolderauthorizations.py",
"containerUri":reqval,
"permissions":conveyedpermissions.split(','),
"principalType":principaltype,
"principal":principalname,
"type":accesssetting
}
constructed_rule_dict_object={
"op":"add",
"value":value_dict_object
}
constructed_rule_dict_container={
"op":"add",
"value":value_dict_container
}
constructed_bulk_rules_list.append(constructed_rule_dict_object)
constructed_bulk_rules_list.append(constructed_rule_dict_container)
else:
print("ERROR: cannot read "+file)
print("Writing out bulk rule JSON file to bulk_rules_list.json")
# Construct JSON schema containing rules
bulk_rules_list_string=json.dumps(constructed_bulk_rules_list,indent=2)
with open("bulk_rules_list.json", "w") as text_file:
text_file.write(bulk_rules_list_string+'\n')
# Execute sas-admin CLI to apply rules from JSON schema
command=clidir+'sas-admin authorization create-rules --file bulk_rules_list.json'
print("Executing command: "+command)
subprocess.call(command, shell=True)