Re: [ovirt-users] Python-SDK4: How to list user permissions?
El 2017-03-29 12:35, Juan Hernández escribió: On 03/29/2017 01:05 PM, nico...@devels.es wrote: Hi, I'm trying to get a user's list of permissions, i.e., list all permissions a user have on VMs and VmPools. In SDK3 that was easy as I could run (being 'u' a User object): for perm in u.permissions.list(): vm = perm.get_vm() vmpool = perm.get_vmpool() if vm or vmpool: print "User has some permissions!" In SDK4 I cannot reproduce the same logic. u.permissions returns an empty list ([]). What I have so far is something like this: for u in users_serv.list(): if u.user_name == 'admin@internal': continue vms_service = sys_serv.vms_service() for vm in vms_service.list(): vms = vms_service.vm_service(id=vm.id) ps = vms.permissions_service() for perm in ps.list(): perm_service = ps.permission_service(id=perm.id) getperm = perm_service.get() if getperm.user.user_name == u.user_name: print "Permission for %s" % (u.user_name) if getperm.vm: print "VM: %s" % (getperm.vm.id) if getperm.vm_pool: print "VmPool: %s" % (getperm.vm_pool.id) However, this seems a bit overkill. We have nearly 850 VMs and for a single user this takes about 25 minutes to run. Additionally, it doesn't seem to return any permission, although I know this user has some permissions over 2 VMs (not sure where is it messed up). I also tried using the system_service.permissions_service() but it seems to return only the global permissions. Is there an easier way to do this? Thanks! Version 4 of the SDK makes a clear distinction between what are pure containers of data (like the User class) and what are services (like the UsersService class). Therefore when you call 'u.permissions' in version 4 of the SD you get nothing, because the object that you retrieved previously doesn't contain the permissions, only a link. That is exactly how the API behaves. When you do this: GET /ovirt-engine/api/users/{user:id} You only get the data of the user, and some links to other related data, like the permissions: myuser ... In version 4 of the SDK the simple way to follow the link is to use the Connection.follow_link method. So, you need something like this: ---8<--- # Find the user: users_service = connection.system_service().users_service() user = users_service.list(search='name=myuser')[0] # Follow the link to the permissions of the user: perms = connection.follow_link(user.permissions) for perm in perms: if perm.vm or perm.vm_pool: print "User has some permissions!" --->8--- Thanks, that makes things much easier! Regards, Nicolás ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Python-SDK4: How to list user permissions?
On 03/29/2017 01:05 PM, nico...@devels.es wrote: > Hi, > > I'm trying to get a user's list of permissions, i.e., list all > permissions a user have on VMs and VmPools. > > In SDK3 that was easy as I could run (being 'u' a User object): > > for perm in u.permissions.list(): > vm = perm.get_vm() > vmpool = perm.get_vmpool() > > if vm or vmpool: > print "User has some permissions!" > > In SDK4 I cannot reproduce the same logic. u.permissions returns an > empty list ([]). > > What I have so far is something like this: > > for u in users_serv.list(): > if u.user_name == 'admin@internal': > continue > > vms_service = sys_serv.vms_service() > for vm in vms_service.list(): > vms = vms_service.vm_service(id=vm.id) > ps = vms.permissions_service() > for perm in ps.list(): > perm_service = ps.permission_service(id=perm.id) > getperm = perm_service.get() > if getperm.user.user_name == u.user_name: > print "Permission for %s" % (u.user_name) > if getperm.vm: > print "VM: %s" % (getperm.vm.id) > if getperm.vm_pool: > print "VmPool: %s" % (getperm.vm_pool.id) > > However, this seems a bit overkill. We have nearly 850 VMs and for a > single user this takes about 25 minutes to run. Additionally, it doesn't > seem to return any permission, although I know this user has some > permissions over 2 VMs (not sure where is it messed up). > > I also tried using the system_service.permissions_service() but it seems > to return only the global permissions. > > Is there an easier way to do this? > > Thanks! Version 4 of the SDK makes a clear distinction between what are pure containers of data (like the User class) and what are services (like the UsersService class). Therefore when you call 'u.permissions' in version 4 of the SD you get nothing, because the object that you retrieved previously doesn't contain the permissions, only a link. That is exactly how the API behaves. When you do this: GET /ovirt-engine/api/users/{user:id} You only get the data of the user, and some links to other related data, like the permissions: myuser ... In version 4 of the SDK the simple way to follow the link is to use the Connection.follow_link method. So, you need something like this: ---8<--- # Find the user: users_service = connection.system_service().users_service() user = users_service.list(search='name=myuser')[0] # Follow the link to the permissions of the user: perms = connection.follow_link(user.permissions) for perm in perms: if perm.vm or perm.vm_pool: print "User has some permissions!" --->8--- ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Python-SDK4: How to list user permissions?
Hi, I'm trying to get a user's list of permissions, i.e., list all permissions a user have on VMs and VmPools. In SDK3 that was easy as I could run (being 'u' a User object): for perm in u.permissions.list(): vm = perm.get_vm() vmpool = perm.get_vmpool() if vm or vmpool: print "User has some permissions!" In SDK4 I cannot reproduce the same logic. u.permissions returns an empty list ([]). What I have so far is something like this: for u in users_serv.list(): if u.user_name == 'admin@internal': continue vms_service = sys_serv.vms_service() for vm in vms_service.list(): vms = vms_service.vm_service(id=vm.id) ps = vms.permissions_service() for perm in ps.list(): perm_service = ps.permission_service(id=perm.id) getperm = perm_service.get() if getperm.user.user_name == u.user_name: print "Permission for %s" % (u.user_name) if getperm.vm: print "VM: %s" % (getperm.vm.id) if getperm.vm_pool: print "VmPool: %s" % (getperm.vm_pool.id) However, this seems a bit overkill. We have nearly 850 VMs and for a single user this takes about 25 minutes to run. Additionally, it doesn't seem to return any permission, although I know this user has some permissions over 2 VMs (not sure where is it messed up). I also tried using the system_service.permissions_service() but it seems to return only the global permissions. Is there an easier way to do this? Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users