mirror of
https://github.com/ansible/awx.git
synced 2024-10-30 05:25:29 +03:00
Added RBAC migration code
This commit is contained in:
parent
332b8b3b49
commit
9f33835582
@ -21,6 +21,7 @@ from awx.main.constants import CLOUD_PROVIDERS
|
|||||||
from awx.main.fields import AutoOneToOneField, ImplicitRoleField
|
from awx.main.fields import AutoOneToOneField, ImplicitRoleField
|
||||||
from awx.main.managers import HostManager
|
from awx.main.managers import HostManager
|
||||||
from awx.main.models.base import * # noqa
|
from awx.main.models.base import * # noqa
|
||||||
|
from awx.main.models.organization import Permission # for rbac migration
|
||||||
from awx.main.models.jobs import Job
|
from awx.main.models.jobs import Job
|
||||||
from awx.main.models.unified_jobs import * # noqa
|
from awx.main.models.unified_jobs import * # noqa
|
||||||
from awx.main.models.mixins import ResourceMixin
|
from awx.main.models.mixins import ResourceMixin
|
||||||
@ -112,6 +113,48 @@ class Inventory(CommonModel, ResourceMixin):
|
|||||||
role_name='Inventory Executor',
|
role_name='Inventory Executor',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def migrate_to_rbac(self):
|
||||||
|
migrated_users = []
|
||||||
|
migrated_teams = []
|
||||||
|
|
||||||
|
for perm in Permission.objects.filter(inventory=self):
|
||||||
|
role = None
|
||||||
|
execrole = None
|
||||||
|
if perm.permission_type == 'admin':
|
||||||
|
role = self.admin_role
|
||||||
|
pass
|
||||||
|
elif perm.permission_type == 'read':
|
||||||
|
role = self.auditor_role
|
||||||
|
pass
|
||||||
|
elif perm.permission_type == 'write':
|
||||||
|
role = self.updater_role
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
raise Exception('Unhandled permission type for inventory: %s' % perm.permission_type)
|
||||||
|
if perm.run_ad_hoc_commands:
|
||||||
|
execrole = self.executor_role
|
||||||
|
|
||||||
|
if perm.team:
|
||||||
|
if role:
|
||||||
|
perm.team.member_role.children.add(role)
|
||||||
|
if execrole:
|
||||||
|
perm.team.member_role.children.add(execrole)
|
||||||
|
|
||||||
|
migrated_teams.append(perm.team)
|
||||||
|
|
||||||
|
if perm.user:
|
||||||
|
if role:
|
||||||
|
role.members.add(perm.user)
|
||||||
|
if execrole:
|
||||||
|
execrole.members.add(perm.user)
|
||||||
|
migrated_users.append(perm.user)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'migrated_users': migrated_users,
|
||||||
|
'migrated_teams': migrated_teams,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
def get_absolute_url(self):
|
def get_absolute_url(self):
|
||||||
return reverse('api:inventory_detail', args=(self.pk,))
|
return reverse('api:inventory_detail', args=(self.pk,))
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user