8000 Merge pull request #123 from abaez/acl-1.5.0 · python-microservices/consulate@39e6c17 · GitHub
[go: up one dir, main page]
Skip to content

Commit 39e6c17

Browse files
gmrgmr
authored
Merge pull request gmr#123 from abaez/acl-1.5.0
Acl 1.5.0
2 parents e8acd07 + e4b46d7 commit 39e6c17

File tree

11 files changed

+690
-44
lines changed

11 files changed

+690
-44
lines changed

consulate/api/acl.py

Lines changed: 296 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,300 @@
77
from consulate.models import acl as model
88
from consulate.api import base
99
from consulate import exceptions
10+
# from typing import List, Dict, Union
1011

1112
LOGGER = logging.getLogger(__name__)
1213

14+
# ServiceIdentity = Dict[str, Union[str, List[str]]]
15+
# ServiceIdentities = List[ServiceIdentity]
16+
# PolicyLink = Dict[str, str]
17+
# PolicyLinks = List[PolicyLink]
18+
# RoleLink = Dict[str, str]
19+
# RoleLinks = List[RoleLink]
20+
1321

1422
class ACL(base.Endpoint):
1523
"""The ACL endpoints are used to create, update, destroy, and query ACL
1624
tokens.
1725
1826
"""
27+
def list_policies(self):
28+
"""List all ACL policies available in cluster.
29+
30+
:param rtype: list
31+
32+
"""
33+
return self._get(["policies"])
34+
35+
def read_policy(self, id):
36+
"""Read an existing policy with the given ID.
37+
38+
:param str id: The ID of the policy.
39+
:param rtype: dict
40+
41+
"""
42+
return self._get(["policy", id])
43+
44+
def create_policy(self,
45+
name,
46+
datacenters=None,
47+
description=None,
48+
rules=None):
49+
"""Create policy with name given and rules.
50+
51+
:param str name: name of the policy
52+
:param list() datacenters: A list of datacenters to filter on policy.
53+
:param str description: Human readable description of the policy.
54+
:param str rules: A json serializable string for ACL rules.
55+
:param rtype: dict
56+
57+
"""
58+
return self._put_response_body(["policy"], {},
59+
dict(
60+
model.ACLPolicy(
61+
name=name,
62+
datacenters=datacenters,
63+
description=description,
64+
rules=rules)))
65+
66+
def update_policy(self,
67+
id,
68+
name,
69+
datacenters=None,
70+
description=None,
71+
rules=None):
72+
"""Update policy with id given.
73+
74+
:param str id: A UUID for the policy to update.
75+
:param str name: name of the policy
76+
:param list() datacenters: A list of datacenters to filter on policy.
77+
:param str description: Human readable description of the policy.
78+
:param str rules: A json serializable string for ACL rules.
79+
:param rtype: dict
80+
81+
"""
82+
return self._put_response_body(["policy", id], {},
83+
dict(
84+
model.ACLPolicy(
85+
name=name,
86+
datacenters=datacenters,
87+
description=description,
88+
rules=rules)))
89+
90+
def delete_policy(self, id):
91+
"""Delete an existing policy with the given ID.
92+
93+
:param str id: The ID of the policy.
94+
:param rtype: bool
95+
96+
"""
97+
return self._delete(["policy", id])
98+
99+
def list_roles(self):
100+
"""List all ACL roles available in cluster
101+
:param rtype: list
102+
103+
"""
104+
return self._get(["roles"])
105+
106+
def read_role(self, id=None, name=None):
107+
"""Read an existing role with the given ID or Name.
108+
109+
:param str id: The ID of the role.
110+
:param str name: The name of the role.
111+
:param rtype: dict
112+
113+
"""
114+
if id is not None:
115+
return self._get(["role", id])
116+
elif name is not None:
117+
return self._get(["role", "name", name])
118+
else:
119+
raise exceptions.NotFound("Either id or name must be specified")
120+
121+
def create_role(self,
122+
name,
123+
description=None,
124+
policies=None,
125+
service_identities=None):
126+
"""Create an ACL role from a list of policies or service identities.
127+
128+
:param str name: The name of the ACL role. Must be unique.
129+
:param str description: The description of the ACL role.
130+
:param PolicyLinks policies: An array of PolicyLink.
131+
:param ServiceIdentities service_identities: A ServiceIdentity array.
132+
:param rtype: dict
133+
134+
"""
135+
return self._put_response_body(
136+
["role"], {},
137+
dict(
138+
model.ACLRole(name=name,
139+
description=description,
140+
policies=policies,
141+
service_identities=service_identities)))
142+
143+
def update_role(self,
144+
id,
145+
name,
146+
description=None,
147+
policies=None,
148+
service_identities=None):
149+
"""Update role with id given.
150+
151+
:param str id: A UUID for the policy to update.
152+
:param str name: name of the policy
153+
:param list() datacenters: A list of datacenters to filter on policy.
154+
:param str description: Human readable description of the policy.
155+
:param str rules: A json serializable string for ACL rules.
156+
:param rtype: dict
157+
158+
"""
159+
return self._put_response_body(
160+
["role", id], {},
161+
dict(
162+
model.ACLRole(name=name,
163+
description=description,
164+
policies=policies,
165+
service_identities=service_identities)))
166+
167+
def delete_role(self, id):
168+
"""Delete an existing role with the given ID.
169+
170+
:param str id: The ID of the role.
171+
:param rtype: bool
172+
173+
"""
174+
return self._delete(["policy", id])
175+
176+
def list_tokens(self):
177+
"""List all ACL tokens available in cluster.
178+
179+
:param rtype: list
180+
181+
"""
182+
return self._get(["tokens"])
183+
184+
def read_token(self, accessor_id):
185+
"""Read an existing token with the given ID.
186+
187+
:param str id: The ID of the role.
188+
:param rtype: dict
189+
190+
"""
191+
return self._get(["token", accessor_id])
192+
193+
def read_self_token(self):
194+
"""Retrieve the currently used token.
195+
196+
:param rtype: dict
197+
198+
"""
199+
return self._get(["token", "self"])
200+
201+
def create_token(self,
202+
accessor_id=None,
203+
description=None,
204+
expiration_time=None,
205+
expiration_ttl=None,
206+
local=False,
207+
policies=None,
208+
roles=None,
209+
secret_id=None,
210+
service_identities=None):
211+
"""Create a token from the roles, policies, and service identities
212+
provided.
213+
214+
:param str accessor_id: A UUID for accessing the token.
215+
:param str description: A human-readable description of the token.
216+
:param str expiration_time: The amount of time till the token expires.
217+
:param str expiration_ttl: Sets expiration_time to creation time +
218+
expiration_ttl value.
219+
:param bool local: Whether the token is only locally available in the
220+
current datacenter or to all datacenters defined.
221+
:param PolicyLinks policies: A PolicyLink array.
222+
:param RoleLinks roles: A RoleLink array.
223+
:param str secret_id: A UUID for making requests to consul.
224+
:param ServiceIdentities service_identities: A ServiceIdentity array.
225+
:param rtype: dict
226+
227+
"""
228+
return self._put_response_body(
229+
["token"], {},
230+
dict(
231+
model.ACLToken(accessor_id=accessor_id,
232+
description=description,
233+
expiration_time=expiration_time,
234+
expiration_ttl=expiration_ttl,
235+
local=local,
236+
policies=policies,
237+
roles=roles,
238+
secret_id=secret_id,
239+
service_identities=service_identities)))
240+
241+
def update_token(self,
242+
accessor_id,
243+
description=None,
244+
expiration_time=None,
245+
expiration_ttl=None,
246+
local=False,
247+
policies=None,
248+
roles=None,
249+
secret_id=None,
250+
service_identities=None):
251+
"""Create a token from the roles, policies, and service identities
252+
provided.
253+
254+
:param str accessor_id: A UUID for accessing the token.
255+
:param str description: A human-readable description of the token.
256+
:param str expiration_time: The amount of time till the token expires.
257+
:param str expiration_ttl: Sets expiration_time to creation time +
258+
expiration_ttl value.
259+
:param bool local: Whether the token is only locally available in the
260+
current datacenter or to all datacenters defined.
261+
:param PolicyLinks policies: A PolicyLink array.
262+
:param RoleLinks roles: A RoleLink array.
263+
:param str secret_id: A UUID for making requests to consul.
264+
:param ServiceIdentities service_identities: A ServiceIdentity array.
265+
:param rtype: dict
266+
267+
"""
268+
return self._put_response_body(
269+
["token", accessor_id], {},
270+
dict(
271+
model.ACLToken(accessor_id=accessor_id,
272+
description=description,
273+
expiration_time=expiration_time,
274+
expiration_ttl=expiration_ttl,
275+
local=local,
276+
policies=policies,
277+
roles=roles,
278+
secret_id=secret_id,
279+
service_identities=service_identities)))
280+
281+
def clone_token(self, accessor_id, description=None):
282+
"""Clone a token by the accessor_id.
283+
284+
:param str accessor_id: A UUID for accessing the token.
285+
:param str description: A human-readable description of the token.
286+
:param rtype: dict
287+
288+
"""
289+
return self._put_response_body(
290+
["token", accessor_id, "clone"], {},
291+
dict(model.ACLToken(description=description)))
292+
293+
def delete_token(self, accessor_id):
294+
"""Delete an existing token with the given AcccessorID.
295+
296+
:param str id: The AccessorID of the token.
297+
:param rtype: bool
298+
299+
"""
300+
return self._delete(["token", accessor_id])
301+
302+
# NOTE: Everything below here is deprecated post consul-1.4.0.
303+
19304
def bootstrap(self):
20305
"""This endpoint does a special one-time bootstrap of the ACL system,
21306
making the first management token if the acl_master_token is not
@@ -69,9 +354,11 @@ def create(self, name, acl_type='client', rules=None):
69354
:raises: consulate.exceptions.Forbidden
70355
71356
"""
72-
return self._put_response_body(
73-
['create'], {}, dict(model.ACL(
74-
name=name, type=acl_type, rules=rules)))['ID']
357+
return self._put_response_body(['create'], {},
358+
dict(
359+
model.ACL(name=name,
360+
type=acl_type,
361+
rules=rules)))['ID']
75362

76363
def clone(self, acl_id):
77364
"""Clone an existing ACL returning the new ACL ID
@@ -147,6 +434,9 @@ def update(self, acl_id, name, acl_type='client', rules=None):
147434
:raises: consulate.exceptions.Forbidden
148435
149436
"""
150-
return self._put_response_body(
151-
['update'], {}, dict(model.ACL(
152-
id=acl_id, name=name, type=acl_type, rules=rules)))['ID']
437+
return self._put_response_body(['update'], {},
438+
dict(
439+
model.ACL(id=acl_id,
440+
name=name,
441+
type=acl_type,
442+
rules=rules)))['ID']

consulate/api/base.py

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -61,12 +61,28 @@ def _get(self, params, query_params=None, raise_on_404=False,
6161
:rtype: dict or list or None
6262
6363
"""
64-
response = self._adapter.get(
65-
self._build_uri(params, query_params), timeout=timeout)
64+
response = self._adapter.get(self._build_uri(params, query_params),
65+
timeout=timeout)
6666
if utils.response_ok(response, raise_on_404):
6767
return response.body
6868
return []
6969

70+
def _delete(
71+
self,
72+
params,
73+
raise_on_404=False,
74+
):
75+
"""Perform a DELETE request
76+
77+
:param list params: List of path parts
78+
:rtype: bool
79+
80+
"""
81+
response = self._adapter.delete(self._build_uri(params))
82+
if utils.response_ok(response, raise_on_404):
83+
return response.body
84+
return False
85+
7086
def _get_list(self, params, query_params=None):
7187
"""Return a list queried from Consul
7288
@@ -105,8 +121,8 @@ def _put_no_response_body(self, url_parts, query=None, payload=None):
105121
self._adapter.put(self._build_uri(url_parts, query), payload))
106122

107123
def _put_response_body(self, url_parts, query=None, payload=None):
108-
response = self._adapter.put(
109-
self._build_uri(url_parts, query), data=payload)
124+
response = self._adapter.put(self._build_uri(url_parts, query),
125+
data=payload)
110126
if utils.response_ok(response):
111127
return response.body
112128

0 commit comments

Comments
 (0)
0