forked from vmware/go-vcloud-director
/
global_role.go
383 lines (316 loc) · 13.2 KB
/
global_role.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
/*
* Copyright 2021 VMware, Inc. All rights reserved. Licensed under the Apache v2 License.
*/
package govcd
import (
"fmt"
"net/url"
"github.com/vmware/go-vcloud-director/v2/types/v56"
)
type GlobalRole struct {
GlobalRole *types.GlobalRole
client *Client
}
// GetAllGlobalRoles retrieves all global roles. Query parameters can be supplied to perform additional filtering
// Only System administrator can handle global roles
func (client *Client) GetAllGlobalRoles(queryParameters url.Values) ([]*GlobalRole, error) {
if !client.IsSysAdmin {
return nil, fmt.Errorf("only system administrator can handle global roles")
}
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
urlRef, err := client.OpenApiBuildEndpoint(endpoint)
if err != nil {
return nil, err
}
typeResponses := []*types.GlobalRole{{}}
err = client.OpenApiGetAllItems(minimumApiVersion, urlRef, queryParameters, &typeResponses, nil)
if err != nil {
return nil, err
}
// Wrap all typeResponses into GlobalRole types with client
returnGlobalRoles := make([]*GlobalRole, len(typeResponses))
for sliceIndex := range typeResponses {
returnGlobalRoles[sliceIndex] = &GlobalRole{
GlobalRole: typeResponses[sliceIndex],
client: client,
}
}
return returnGlobalRoles, nil
}
// GetGlobalRoleByName retrieves a global role by given name
func (client *Client) GetGlobalRoleByName(name string) (*GlobalRole, error) {
queryParams := url.Values{}
queryParams.Add("filter", "name=="+name)
globalRoles, err := client.GetAllGlobalRoles(queryParams)
if err != nil {
return nil, err
}
if len(globalRoles) == 0 {
return nil, ErrorEntityNotFound
}
if len(globalRoles) > 1 {
return nil, fmt.Errorf("more than one global role found with name '%s'", name)
}
return globalRoles[0], nil
}
// GetGlobalRoleById retrieves global role by given ID
func (client *Client) GetGlobalRoleById(id string) (*GlobalRole, error) {
if !client.IsSysAdmin {
return nil, fmt.Errorf("only system administrator can handle global roles")
}
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
if id == "" {
return nil, fmt.Errorf("empty GlobalRole id")
}
urlRef, err := client.OpenApiBuildEndpoint(endpoint, id)
if err != nil {
return nil, err
}
globalRole := &GlobalRole{
GlobalRole: &types.GlobalRole{},
client: client,
}
err = client.OpenApiGetItem(minimumApiVersion, urlRef, nil, globalRole.GlobalRole, nil)
if err != nil {
return nil, err
}
return globalRole, nil
}
// CreateGlobalRole creates a new global role as a system administrator
func (client *Client) CreateGlobalRole(newGlobalRole *types.GlobalRole) (*GlobalRole, error) {
if !client.IsSysAdmin {
return nil, fmt.Errorf("only system administrator can handle global roles")
}
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
urlRef, err := client.OpenApiBuildEndpoint(endpoint)
if err != nil {
return nil, err
}
if newGlobalRole.BundleKey == "" {
newGlobalRole.BundleKey = types.VcloudUndefinedKey
}
if newGlobalRole.PublishAll == nil {
newGlobalRole.PublishAll = takeBoolPointer(false)
}
returnGlobalRole := &GlobalRole{
GlobalRole: &types.GlobalRole{},
client: client,
}
err = client.OpenApiPostItem(minimumApiVersion, urlRef, nil, newGlobalRole, returnGlobalRole.GlobalRole, nil)
if err != nil {
return nil, fmt.Errorf("error creating global role: %s", err)
}
return returnGlobalRole, nil
}
// Update updates existing global role
func (globalRole *GlobalRole) Update() (*GlobalRole, error) {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
minimumApiVersion, err := globalRole.client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
if globalRole.GlobalRole.Id == "" {
return nil, fmt.Errorf("cannot update role without id")
}
urlRef, err := globalRole.client.OpenApiBuildEndpoint(endpoint, globalRole.GlobalRole.Id)
if err != nil {
return nil, err
}
returnGlobalRole := &GlobalRole{
GlobalRole: &types.GlobalRole{},
client: globalRole.client,
}
err = globalRole.client.OpenApiPutItem(minimumApiVersion, urlRef, nil, globalRole.GlobalRole, returnGlobalRole.GlobalRole, nil)
if err != nil {
return nil, fmt.Errorf("error updating global role: %s", err)
}
return returnGlobalRole, nil
}
// Delete deletes global role
func (globalRole *GlobalRole) Delete() error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
minimumApiVersion, err := globalRole.client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return err
}
if globalRole.GlobalRole.Id == "" {
return fmt.Errorf("cannot delete global role without id")
}
urlRef, err := globalRole.client.OpenApiBuildEndpoint(endpoint, globalRole.GlobalRole.Id)
if err != nil {
return err
}
err = globalRole.client.OpenApiDeleteItem(minimumApiVersion, urlRef, nil, nil)
if err != nil {
return fmt.Errorf("error deleting global role: %s", err)
}
return nil
}
// getContainerTenants retrieves all tenants associated with a given rights container (Global Role, Rights Bundle).
// Query parameters can be supplied to perform additional filtering
func getContainerTenants(client *Client, rightsContainerId, endpoint string, queryParameters url.Values) ([]types.OpenApiReference, error) {
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
urlRef, err := client.OpenApiBuildEndpoint(endpoint + rightsContainerId + "/tenants")
if err != nil {
return nil, err
}
typeResponses := types.OpenApiItems{
Values: []types.OpenApiReference{},
}
err = client.OpenApiGetAllItems(minimumApiVersion, urlRef, queryParameters, &typeResponses.Values, nil)
if err != nil {
return nil, err
}
return typeResponses.Values, nil
}
// publishContainerToTenants is a generic function that publishes or unpublishes a rights collection (Global Role, or Rights bundle) to tenants
// containerType is an informative string (one of "GlobalRole", "RightsBundle")
// name and id are the name and ID of the collection
// endpoint is the API endpoint used as a basis for the POST operation
// tenants is a collection of tenants (ID+name) to be added
// publishType can be one of "add", "remove", "replace"
func publishContainerToTenants(client *Client, containerType, name, id, endpoint string, tenants []types.OpenApiReference, publishType string) error {
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return err
}
if id == "" {
return fmt.Errorf("cannot update %s without id", containerType)
}
if name == "" {
return fmt.Errorf("empty name given for %s %s", containerType, id)
}
var operation string
var action func(apiVersion string, urlRef *url.URL, params url.Values, payload, outType interface{}, additionalHeader map[string]string) error
switch publishType {
case "add":
operation = "/tenants/publish"
action = client.OpenApiPostItem
case "replace":
operation = "/tenants"
action = client.OpenApiPutItem
case "remove":
operation = "/tenants/unpublish"
action = client.OpenApiPostItem
}
urlRef, err := client.OpenApiBuildEndpoint(endpoint, id, operation)
if err != nil {
return err
}
var input types.OpenApiItems
for _, tenant := range tenants {
input.Values = append(input.Values, types.OpenApiReference{
Name: tenant.Name,
ID: tenant.ID,
})
}
var pages types.OpenApiPages
err = action(minimumApiVersion, urlRef, nil, &input, &pages, nil)
if err != nil {
return fmt.Errorf("error publishing %s %s to tenants: %s", containerType, name, err)
}
return nil
}
// publishContainerToAllTenants is a generic function that publishes or unpublishes a rights collection ( Global Role, or Rights bundle) to all tenants
// containerType is an informative string (one of "GlobalRole", "RightsBundle")
// name and id are the name and ID of the collection
// endpoint is the API endpoint used as a basis for the POST operation
// If "publish" is false, it will revert the operation
func publishContainerToAllTenants(client *Client, containerType, name, id, endpoint string, publish bool) error {
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return err
}
if id == "" {
return fmt.Errorf("cannot update %s without id", containerType)
}
if name == "" {
return fmt.Errorf("empty name given for %s %s", containerType, id)
}
operation := "/tenants/publishAll"
if !publish {
operation = "/tenants/unpublishAll"
}
urlRef, err := client.OpenApiBuildEndpoint(endpoint, id, operation)
if err != nil {
return err
}
var pages types.OpenApiPages
err = client.OpenApiPostItem(minimumApiVersion, urlRef, nil, &pages, &pages, nil)
if err != nil {
return fmt.Errorf("error publishing %s %s to tenants: %s", containerType, name, err)
}
return nil
}
// AddRights adds a collection of rights to a global role
func (globalRole *GlobalRole) AddRights(newRights []types.OpenApiReference) error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return addRightsToRole(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, newRights, nil)
}
// UpdateRights replaces existing rights with the given collection of rights
func (globalRole *GlobalRole) UpdateRights(newRights []types.OpenApiReference) error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return updateRightsInRole(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, newRights, nil)
}
// RemoveRights removes specific rights from a global role
func (globalRole *GlobalRole) RemoveRights(removeRights []types.OpenApiReference) error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return removeRightsFromRole(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, removeRights, nil)
}
// RemoveAllRights removes all rights from a global role
func (globalRole *GlobalRole) RemoveAllRights() error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return removeAllRightsFromRole(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, nil)
}
// GetRights retrieves all rights belonging to a given Global Role. Query parameters can be supplied to perform additional
// filtering
func (globalRole *GlobalRole) GetRights(queryParameters url.Values) ([]*types.Right, error) {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return getRights(globalRole.client, globalRole.GlobalRole.Id, endpoint, queryParameters, nil)
}
// GetTenants retrieves all tenants associated to a given Global Role. Query parameters can be supplied to perform additional
// filtering
func (globalRole *GlobalRole) GetTenants(queryParameters url.Values) ([]types.OpenApiReference, error) {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return getContainerTenants(globalRole.client, globalRole.GlobalRole.Id, endpoint, queryParameters)
}
// PublishTenants publishes a global role to one or more tenants, adding to tenants that may already been there
func (globalRole *GlobalRole) PublishTenants(tenants []types.OpenApiReference) error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return publishContainerToTenants(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, tenants, "add")
}
// ReplacePublishedTenants publishes a global role to one or more tenants, removing the tenants already present
func (globalRole *GlobalRole) ReplacePublishedTenants(tenants []types.OpenApiReference) error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return publishContainerToTenants(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, tenants, "replace")
}
// UnpublishTenants remove tenats from a global role
func (globalRole *GlobalRole) UnpublishTenants(tenants []types.OpenApiReference) error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return publishContainerToTenants(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, tenants, "remove")
}
// PublishAllTenants publishes a global role to all tenants
func (globalRole *GlobalRole) PublishAllTenants() error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return publishContainerToAllTenants(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, true)
}
// UnpublishAllTenants remove publication status of a global role from all tenants
func (globalRole *GlobalRole) UnpublishAllTenants() error {
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointGlobalRoles
return publishContainerToAllTenants(globalRole.client, "GlobalRole", globalRole.GlobalRole.Name, globalRole.GlobalRole.Id, endpoint, false)
}