Re: [ovirt-users] Python-SDK4: How to list user permissions?
El 2017-03-29 12:35, Juan Hernández escribió:
On 03/29/2017 01:05 PM, nico...@devels.es wrote:
Hi,
I'm trying to get a user's list of permissions, i.e., list all
permissions a user have on VMs and VmPools.
In SDK3 that was easy as I could run (being 'u' a User object):
for perm in u.permissions.list():
vm = perm.get_vm()
vmpool = perm.get_vmpool()
if vm or vmpool:
print "User has some permissions!"
In SDK4 I cannot reproduce the same logic. u.permissions returns an
empty list ([]).
What I have so far is something like this:
for u in users_serv.list():
if u.user_name == 'admin@internal':
continue
vms_service = sys_serv.vms_service()
for vm in vms_service.list():
vms = vms_service.vm_service(id=vm.id)
ps = vms.permissions_service()
for perm in ps.list():
perm_service = ps.permission_service(id=perm.id)
getperm = perm_service.get()
if getperm.user.user_name == u.user_name:
print "Permission for %s" % (u.user_name)
if getperm.vm:
print "VM: %s" % (getperm.vm.id)
if getperm.vm_pool:
print "VmPool: %s" % (getperm.vm_pool.id)
However, this seems a bit overkill. We have nearly 850 VMs and for a
single user this takes about 25 minutes to run. Additionally, it
doesn't
seem to return any permission, although I know this user has some
permissions over 2 VMs (not sure where is it messed up).
I also tried using the system_service.permissions_service() but it
seems
to return only the global permissions.
Is there an easier way to do this?
Thanks!
Version 4 of the SDK makes a clear distinction between what are pure
containers of data (like the User class) and what are services (like
the
UsersService class). Therefore when you call 'u.permissions' in version
4 of the SD you get nothing, because the object that you retrieved
previously doesn't contain the permissions, only a link. That is
exactly
how the API behaves. When you do this:
GET /ovirt-engine/api/users/{user:id}
You only get the data of the user, and some links to other related
data,
like the permissions:
myuser
...
In version 4 of the SDK the simple way to follow the link is to use the
Connection.follow_link method. So, you need something like this:
---8<---
# Find the user:
users_service = connection.system_service().users_service()
user = users_service.list(search='name=myuser')[0]
# Follow the link to the permissions of the user:
perms = connection.follow_link(user.permissions)
for perm in perms:
if perm.vm or perm.vm_pool:
print "User has some permissions!"
--->8---
Thanks, that makes things much easier!
Regards,
Nicolás
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Python-SDK4: How to list user permissions?
On 03/29/2017 01:05 PM, nico...@devels.es wrote:
> Hi,
>
> I'm trying to get a user's list of permissions, i.e., list all
> permissions a user have on VMs and VmPools.
>
> In SDK3 that was easy as I could run (being 'u' a User object):
>
> for perm in u.permissions.list():
> vm = perm.get_vm()
> vmpool = perm.get_vmpool()
>
> if vm or vmpool:
> print "User has some permissions!"
>
> In SDK4 I cannot reproduce the same logic. u.permissions returns an
> empty list ([]).
>
> What I have so far is something like this:
>
> for u in users_serv.list():
> if u.user_name == 'admin@internal':
> continue
>
> vms_service = sys_serv.vms_service()
> for vm in vms_service.list():
> vms = vms_service.vm_service(id=vm.id)
> ps = vms.permissions_service()
> for perm in ps.list():
> perm_service = ps.permission_service(id=perm.id)
> getperm = perm_service.get()
> if getperm.user.user_name == u.user_name:
> print "Permission for %s" % (u.user_name)
> if getperm.vm:
> print "VM: %s" % (getperm.vm.id)
> if getperm.vm_pool:
> print "VmPool: %s" % (getperm.vm_pool.id)
>
> However, this seems a bit overkill. We have nearly 850 VMs and for a
> single user this takes about 25 minutes to run. Additionally, it doesn't
> seem to return any permission, although I know this user has some
> permissions over 2 VMs (not sure where is it messed up).
>
> I also tried using the system_service.permissions_service() but it seems
> to return only the global permissions.
>
> Is there an easier way to do this?
>
> Thanks!
Version 4 of the SDK makes a clear distinction between what are pure
containers of data (like the User class) and what are services (like the
UsersService class). Therefore when you call 'u.permissions' in version
4 of the SD you get nothing, because the object that you retrieved
previously doesn't contain the permissions, only a link. That is exactly
how the API behaves. When you do this:
GET /ovirt-engine/api/users/{user:id}
You only get the data of the user, and some links to other related data,
like the permissions:
myuser
...
In version 4 of the SDK the simple way to follow the link is to use the
Connection.follow_link method. So, you need something like this:
---8<---
# Find the user:
users_service = connection.system_service().users_service()
user = users_service.list(search='name=myuser')[0]
# Follow the link to the permissions of the user:
perms = connection.follow_link(user.permissions)
for perm in perms:
if perm.vm or perm.vm_pool:
print "User has some permissions!"
--->8---
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Python-SDK4: How to list user permissions?
Hi, I'm trying to get a user's list of permissions, i.e., list all permissions a user have on VMs and VmPools. In SDK3 that was easy as I could run (being 'u' a User object): for perm in u.permissions.list(): vm = perm.get_vm() vmpool = perm.get_vmpool() if vm or vmpool: print "User has some permissions!" In SDK4 I cannot reproduce the same logic. u.permissions returns an empty list ([]). What I have so far is something like this: for u in users_serv.list(): if u.user_name == 'admin@internal': continue vms_service = sys_serv.vms_service() for vm in vms_service.list(): vms = vms_service.vm_service(id=vm.id) ps = vms.permissions_service() for perm in ps.list(): perm_service = ps.permission_service(id=perm.id) getperm = perm_service.get() if getperm.user.user_name == u.user_name: print "Permission for %s" % (u.user_name) if getperm.vm: print "VM: %s" % (getperm.vm.id) if getperm.vm_pool: print "VmPool: %s" % (getperm.vm_pool.id) However, this seems a bit overkill. We have nearly 850 VMs and for a single user this takes about 25 minutes to run. Additionally, it doesn't seem to return any permission, although I know this user has some permissions over 2 VMs (not sure where is it messed up). I also tried using the system_service.permissions_service() but it seems to return only the global permissions. Is there an easier way to do this? Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
