yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/hcso/cloudgroup.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package hcso 16 17 import ( 18 "fmt" 19 "strings" 20 21 "yunion.io/x/jsonutils" 22 "yunion.io/x/pkg/errors" 23 24 "yunion.io/x/cloudmux/pkg/cloudprovider" 25 ) 26 27 type SCloudgroup struct { 28 client *SHuaweiClient 29 Name string 30 Description string 31 Id string 32 CreateTime string 33 } 34 35 func (group *SCloudgroup) GetName() string { 36 return group.Name 37 } 38 39 func (group *SCloudgroup) GetDescription() string { 40 return group.Description 41 } 42 43 func (group *SCloudgroup) GetGlobalId() string { 44 return group.Id 45 } 46 47 func (group *SCloudgroup) Delete() error { 48 return group.client.DeleteGroup(group.Id) 49 } 50 51 func (group *SCloudgroup) AddUser(name string) error { 52 user, err := group.client.GetIClouduserByName(name) 53 if err != nil { 54 return errors.Wrap(err, "GetIClouduserByName") 55 } 56 return group.client.AddUserToGroup(group.Id, user.GetGlobalId()) 57 } 58 59 func (group *SCloudgroup) RemoveUser(name string) error { 60 user, err := group.client.GetIClouduserByName(name) 61 if err != nil { 62 if errors.Cause(err) == cloudprovider.ErrNotFound { 63 return nil 64 } 65 return errors.Wrapf(err, "GetIClouduserByName(%s)", name) 66 } 67 return group.client.RemoveUserFromGroup(group.Id, user.GetGlobalId()) 68 } 69 70 func (group *SCloudgroup) DetachSystemPolicy(roleId string) error { 71 return group.client.DetachGroupRole(group.Id, roleId) 72 } 73 74 func (group *SCloudgroup) DetachCustomPolicy(roleId string) error { 75 return group.client.DetachGroupCustomRole(group.Id, roleId) 76 } 77 78 func (group *SCloudgroup) AttachSystemPolicy(roleId string) error { 79 return group.client.AttachGroupRole(group.Id, roleId) 80 } 81 82 func (group *SCloudgroup) AttachCustomPolicy(roleId string) error { 83 return group.client.AttachGroupCustomRole(group.Id, roleId) 84 } 85 86 func (group *SCloudgroup) GetISystemCloudpolicies() ([]cloudprovider.ICloudpolicy, error) { 87 roles, err := group.client.GetGroupRoles(group.Id) 88 if err != nil { 89 return nil, errors.Wrap(err, "GetGroupRoles") 90 } 91 ret := []cloudprovider.ICloudpolicy{} 92 for i := range roles { 93 _, err := group.client.GetRole(roles[i].GetName()) 94 if err != nil { 95 if errors.Cause(err) == cloudprovider.ErrNotFound { 96 continue 97 } 98 return nil, errors.Wrapf(err, "GetRole(%s)", roles[i].GetName()) 99 } 100 ret = append(ret, &roles[i]) 101 } 102 return ret, nil 103 } 104 105 func (group *SCloudgroup) GetICustomCloudpolicies() ([]cloudprovider.ICloudpolicy, error) { 106 roles, err := group.client.GetGroupRoles(group.Id) 107 if err != nil { 108 return nil, errors.Wrap(err, "GetGroupRoles") 109 } 110 ret := []cloudprovider.ICloudpolicy{} 111 for i := range roles { 112 _, err := group.client.GetCustomRole(roles[i].GetName()) 113 if err != nil { 114 if errors.Cause(err) == cloudprovider.ErrNotFound { 115 continue 116 } 117 return nil, errors.Wrapf(err, "GetRole(%s)", roles[i].GetName()) 118 } 119 ret = append(ret, &roles[i]) 120 } 121 return ret, nil 122 } 123 124 func (group *SCloudgroup) GetICloudusers() ([]cloudprovider.IClouduser, error) { 125 users, err := group.client.GetGroupUsers(group.Id) 126 if err != nil { 127 return nil, err 128 } 129 ret := []cloudprovider.IClouduser{} 130 for i := range users { 131 users[i].client = group.client 132 ret = append(ret, &users[i]) 133 } 134 return ret, nil 135 } 136 137 func (self *SHuaweiClient) GetGroups(domainId, name string) ([]SCloudgroup, error) { 138 params := map[string]string{} 139 if len(domainId) > 0 { 140 params["domain_id"] = self.ownerId 141 } 142 if len(name) > 0 { 143 params["name"] = name 144 } 145 146 client, err := self.newGeneralAPIClient() 147 if err != nil { 148 return nil, errors.Wrap(err, "newGeneralAPIClient") 149 } 150 151 groups := []SCloudgroup{} 152 err = doListAllWithNextLink(client.Groups.List, params, &groups) 153 if err != nil { 154 return nil, errors.Wrap(err, "doListAllWithOffset") 155 } 156 return groups, nil 157 } 158 159 func (self *SHuaweiClient) GetICloudgroups() ([]cloudprovider.ICloudgroup, error) { 160 groups, err := self.GetGroups("", "") 161 if err != nil { 162 return nil, errors.Wrap(err, "GetGroup") 163 } 164 ret := []cloudprovider.ICloudgroup{} 165 for i := range groups { 166 if groups[i].Name != "admin" { 167 groups[i].client = self 168 ret = append(ret, &groups[i]) 169 } 170 } 171 return ret, nil 172 } 173 174 func (self *SHuaweiClient) GetGroupUsers(groupId string) ([]SClouduser, error) { 175 client, err := self.newGeneralAPIClient() 176 if err != nil { 177 return nil, errors.Wrap(err, "newGeneralAPIClient") 178 } 179 180 resp, err := client.Groups.ListInContextWithSpec(nil, fmt.Sprintf("%s/users", groupId), nil, "users") 181 if err != nil { 182 return nil, errors.Wrap(err, "") 183 } 184 users := []SClouduser{} 185 err = jsonutils.Update(&users, resp.Data) 186 if err != nil { 187 return nil, errors.Wrap(err, "jsonutils.Update") 188 } 189 return users, nil 190 } 191 192 func (self *SHuaweiClient) GetGroupRoles(groupId string) ([]SRole, error) { 193 client, err := self.newGeneralAPIClient() 194 if err != nil { 195 return nil, errors.Wrap(err, "newGeneralAPIClient") 196 } 197 resp, err := client.Domains.ListRoles(self.ownerId, groupId) 198 if err != nil { 199 return nil, errors.Wrap(err, "ListRoles") 200 } 201 roles := []SRole{} 202 err = jsonutils.Update(&roles, resp.Data) 203 if err != nil { 204 return nil, errors.Wrap(err, "jsonutils.Update") 205 } 206 return roles, nil 207 } 208 209 func (self *SHuaweiClient) CreateGroup(name, desc string) (*SCloudgroup, error) { 210 params := map[string]string{ 211 "name": name, 212 } 213 if len(desc) > 0 { 214 params["description"] = desc 215 } 216 client, err := self.newGeneralAPIClient() 217 if err != nil { 218 return nil, errors.Wrap(err, "newGeneralAPIClient") 219 } 220 221 group := SCloudgroup{client: self} 222 err = DoCreate(client.Groups.Create, jsonutils.Marshal(map[string]interface{}{"group": params}), &group) 223 if err != nil { 224 return nil, errors.Wrap(err, "DoCreate") 225 } 226 return &group, nil 227 } 228 229 func (self *SHuaweiClient) CreateICloudgroup(name, desc string) (cloudprovider.ICloudgroup, error) { 230 group, err := self.CreateGroup(name, desc) 231 if err != nil { 232 return nil, errors.Wrap(err, "CreateGroup") 233 } 234 return group, nil 235 } 236 237 func (self *SHuaweiClient) DeleteGroup(id string) error { 238 client, err := self.newGeneralAPIClient() 239 if err != nil { 240 return errors.Wrap(err, "newGeneralAPIClient") 241 } 242 return DoDeleteWithSpec(client.Groups.DeleteInContextWithSpec, nil, id, "", nil, nil) 243 } 244 245 func (self *SHuaweiClient) GetICloudgroupByName(name string) (cloudprovider.ICloudgroup, error) { 246 groups, err := self.GetGroups(self.ownerId, name) 247 if err != nil { 248 return nil, errors.Wrap(err, "GetGroups") 249 } 250 if len(groups) == 0 { 251 return nil, cloudprovider.ErrNotFound 252 } 253 if len(groups) > 1 { 254 return nil, cloudprovider.ErrDuplicateId 255 } 256 groups[0].client = self 257 return &groups[0], nil 258 } 259 260 func (self *SHuaweiClient) AddUserToGroup(groupId, userId string) error { 261 client, err := self.newGeneralAPIClient() 262 if err != nil { 263 return errors.Wrap(err, "newGeneralAPIClient") 264 } 265 _, err = client.Groups.UpdateInContextWithSpec(nil, groupId, fmt.Sprintf("users/%s", userId), nil, "") 266 return err 267 } 268 269 func (self *SHuaweiClient) RemoveUserFromGroup(groupId, userId string) error { 270 client, err := self.newGeneralAPIClient() 271 if err != nil { 272 return errors.Wrap(err, "newGeneralAPIClient") 273 } 274 _, err = client.Groups.DeleteInContextWithSpec(nil, groupId, fmt.Sprintf("users/%s", userId), nil, nil, "") 275 return err 276 } 277 278 func (self *SHuaweiClient) DetachGroupRole(groupId, roleId string) error { 279 client, err := self.newGeneralAPIClient() 280 if err != nil { 281 return errors.Wrap(err, "newGeneralAPIClient") 282 } 283 role, err := self.GetRole(roleId) 284 if err != nil { 285 return errors.Wrapf(err, "GetRole(%s)", roleId) 286 } 287 if role.Type == "AX" || role.Type == "AA" { 288 err = client.Domains.DeleteRole(self.ownerId, groupId, role.Id) 289 if err != nil { 290 return errors.Wrapf(err, "DeleteRole") 291 } 292 if strings.Contains(strings.ToLower(role.Policy.String()), "obs") { 293 err = client.Projects.DeleteProjectRole(self.GetMosProjectId(), groupId, role.Id) 294 if err != nil { 295 return errors.Wrapf(err, "DeleteProjectRole") 296 } 297 } 298 } 299 if role.Type == "XA" || role.Type == "AA" { 300 projects, err := self.GetProjects() 301 if err != nil { 302 return errors.Wrapf(err, "GetProjects") 303 } 304 for _, project := range projects { 305 err = client.Projects.DeleteProjectRole(project.ID, groupId, role.Id) 306 if err != nil { 307 return errors.Wrapf(err, "DeleteProjectRole") 308 } 309 } 310 } 311 return nil 312 } 313 314 func (self *SHuaweiClient) DetachGroupCustomRole(groupId, roleId string) error { 315 client, err := self.newGeneralAPIClient() 316 if err != nil { 317 return errors.Wrap(err, "newGeneralAPIClient") 318 } 319 role, err := self.GetCustomRole(roleId) 320 if err != nil { 321 return errors.Wrapf(err, "GetCustomRole(%s)", roleId) 322 } 323 if role.Type == "AX" || role.Type == "AA" { 324 err = client.Domains.DeleteRole(self.ownerId, groupId, role.Id) 325 if err != nil { 326 return errors.Wrapf(err, "DeleteRole") 327 } 328 if strings.Contains(strings.ToLower(role.Policy.String()), "obs") { 329 err = client.Projects.DeleteProjectRole(self.GetMosProjectId(), groupId, role.Id) 330 if err != nil { 331 return errors.Wrapf(err, "DeleteProjectRole") 332 } 333 } 334 } 335 if role.Type == "XA" || role.Type == "AA" { 336 projects, err := self.GetProjects() 337 if err != nil { 338 return errors.Wrapf(err, "GetProjects") 339 } 340 for _, project := range projects { 341 err = client.Projects.DeleteProjectRole(project.ID, groupId, role.Id) 342 if err != nil { 343 return errors.Wrapf(err, "DeleteProjectRole") 344 } 345 } 346 } 347 return nil 348 } 349 350 func (self *SHuaweiClient) GetCustomRole(name string) (*SRole, error) { 351 roles, err := self.GetCustomRoles() 352 if err != nil { 353 return nil, errors.Wrapf(err, "GetCustomRoles(%s)", name) 354 } 355 for i := range roles { 356 if roles[i].DisplayName == name { 357 return &roles[i], nil 358 } 359 } 360 return nil, errors.Wrapf(cloudprovider.ErrNotFound, name) 361 } 362 363 func (self *SHuaweiClient) GetRole(name string) (*SRole, error) { 364 roles, err := self.GetRoles("", "") 365 if err != nil { 366 return nil, errors.Wrapf(err, "GetRoles(%s)", name) 367 } 368 for i := range roles { 369 if roles[i].DisplayName == name { 370 return &roles[i], nil 371 } 372 } 373 return nil, errors.Wrapf(cloudprovider.ErrNotFound, name) 374 } 375 376 func (self *SHuaweiClient) AttachGroupRole(groupId, roleId string) error { 377 client, err := self.newGeneralAPIClient() 378 if err != nil { 379 return errors.Wrap(err, "newGeneralAPIClient") 380 } 381 role, err := self.GetRole(roleId) 382 if err != nil { 383 return errors.Wrapf(err, "GetRole(%s)", roleId) 384 } 385 if role.Type == "AX" || role.Type == "AA" { 386 err = client.Domains.AddRole(self.ownerId, groupId, role.Id) 387 if err != nil { 388 return errors.Wrapf(err, "AddRole") 389 } 390 if strings.Contains(strings.ToLower(role.Policy.String()), "obs") { 391 err = client.Projects.AddProjectRole(self.GetMosProjectId(), groupId, role.Id) 392 if err != nil { 393 return errors.Wrapf(err, "AddProjectRole") 394 } 395 } 396 } 397 if role.Type == "XA" || role.Type == "AA" { 398 projects, err := self.GetProjects() 399 if err != nil { 400 return errors.Wrapf(err, "GetProjects") 401 } 402 for _, project := range projects { 403 err = client.Projects.AddProjectRole(project.ID, groupId, role.Id) 404 if err != nil { 405 return errors.Wrapf(err, "AddProjectRole") 406 } 407 } 408 } 409 return nil 410 } 411 412 func (self *SHuaweiClient) AttachGroupCustomRole(groupId, roleId string) error { 413 client, err := self.newGeneralAPIClient() 414 if err != nil { 415 return errors.Wrap(err, "newGeneralAPIClient") 416 } 417 role, err := self.GetCustomRole(roleId) 418 if err != nil { 419 return errors.Wrapf(err, "GetRole(%s)", roleId) 420 } 421 if role.Type == "AX" || role.Type == "AA" { 422 err = client.Domains.AddRole(self.ownerId, groupId, role.Id) 423 if err != nil { 424 return errors.Wrapf(err, "AddRole") 425 } 426 if strings.Contains(strings.ToLower(role.Policy.String()), "obs") { 427 err = client.Projects.AddProjectRole(self.GetMosProjectId(), groupId, role.Id) 428 if err != nil { 429 return errors.Wrapf(err, "AddProjectRole") 430 } 431 } 432 } 433 if role.Type == "XA" || role.Type == "AA" { 434 projects, err := self.GetProjects() 435 if err != nil { 436 return errors.Wrapf(err, "GetProjects") 437 } 438 for _, project := range projects { 439 err = client.Projects.AddProjectRole(project.ID, groupId, role.Id) 440 if err != nil { 441 return errors.Wrapf(err, "AddProjectRole") 442 } 443 } 444 } 445 return nil 446 }