yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/huawei/cloudgroup.go (about)

     1  // Copyright 2019 Yunion
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package huawei
    16  
    17  import (
    18  	"fmt"
    19  	"strings"
    20  
    21  	"yunion.io/x/jsonutils"
    22  	"yunion.io/x/pkg/errors"
    23  
    24  	"yunion.io/x/cloudmux/pkg/cloudprovider"
    25  )
    26  
    27  type SCloudgroup struct {
    28  	client      *SHuaweiClient
    29  	Name        string
    30  	Description string
    31  	Id          string
    32  	CreateTime  string
    33  }
    34  
    35  func (group *SCloudgroup) GetName() string {
    36  	return group.Name
    37  }
    38  
    39  func (group *SCloudgroup) GetDescription() string {
    40  	return group.Description
    41  }
    42  
    43  func (group *SCloudgroup) GetGlobalId() string {
    44  	return group.Id
    45  }
    46  
    47  func (group *SCloudgroup) Delete() error {
    48  	return group.client.DeleteGroup(group.Id)
    49  }
    50  
    51  func (group *SCloudgroup) AddUser(name string) error {
    52  	user, err := group.client.GetIClouduserByName(name)
    53  	if err != nil {
    54  		return errors.Wrap(err, "GetIClouduserByName")
    55  	}
    56  	return group.client.AddUserToGroup(group.Id, user.GetGlobalId())
    57  }
    58  
    59  func (group *SCloudgroup) RemoveUser(name string) error {
    60  	user, err := group.client.GetIClouduserByName(name)
    61  	if err != nil {
    62  		if errors.Cause(err) == cloudprovider.ErrNotFound {
    63  			return nil
    64  		}
    65  		return errors.Wrapf(err, "GetIClouduserByName(%s)", name)
    66  	}
    67  	return group.client.RemoveUserFromGroup(group.Id, user.GetGlobalId())
    68  }
    69  
    70  func (group *SCloudgroup) DetachSystemPolicy(roleId string) error {
    71  	return group.client.DetachGroupRole(group.Id, roleId)
    72  }
    73  
    74  func (group *SCloudgroup) DetachCustomPolicy(roleId string) error {
    75  	return group.client.DetachGroupCustomRole(group.Id, roleId)
    76  }
    77  
    78  func (group *SCloudgroup) AttachSystemPolicy(roleId string) error {
    79  	return group.client.AttachGroupRole(group.Id, roleId)
    80  }
    81  
    82  func (group *SCloudgroup) AttachCustomPolicy(roleId string) error {
    83  	return group.client.AttachGroupCustomRole(group.Id, roleId)
    84  }
    85  
    86  func (group *SCloudgroup) GetISystemCloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
    87  	roles, err := group.client.GetGroupRoles(group.Id)
    88  	if err != nil {
    89  		return nil, errors.Wrap(err, "GetGroupRoles")
    90  	}
    91  	ret := []cloudprovider.ICloudpolicy{}
    92  	for i := range roles {
    93  		_, err := group.client.GetRole(roles[i].GetName())
    94  		if err != nil {
    95  			if errors.Cause(err) == cloudprovider.ErrNotFound {
    96  				continue
    97  			}
    98  			return nil, errors.Wrapf(err, "GetRole(%s)", roles[i].GetName())
    99  		}
   100  		ret = append(ret, &roles[i])
   101  	}
   102  	return ret, nil
   103  }
   104  
   105  func (group *SCloudgroup) GetICustomCloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
   106  	roles, err := group.client.GetGroupRoles(group.Id)
   107  	if err != nil {
   108  		return nil, errors.Wrap(err, "GetGroupRoles")
   109  	}
   110  	ret := []cloudprovider.ICloudpolicy{}
   111  	for i := range roles {
   112  		_, err := group.client.GetCustomRole(roles[i].GetName())
   113  		if err != nil {
   114  			if errors.Cause(err) == cloudprovider.ErrNotFound {
   115  				continue
   116  			}
   117  			return nil, errors.Wrapf(err, "GetRole(%s)", roles[i].GetName())
   118  		}
   119  		ret = append(ret, &roles[i])
   120  	}
   121  	return ret, nil
   122  }
   123  
   124  func (group *SCloudgroup) GetICloudusers() ([]cloudprovider.IClouduser, error) {
   125  	users, err := group.client.GetGroupUsers(group.Id)
   126  	if err != nil {
   127  		return nil, err
   128  	}
   129  	ret := []cloudprovider.IClouduser{}
   130  	for i := range users {
   131  		users[i].client = group.client
   132  		ret = append(ret, &users[i])
   133  	}
   134  	return ret, nil
   135  }
   136  
   137  func (self *SHuaweiClient) GetGroups(domainId, name string) ([]SCloudgroup, error) {
   138  	params := map[string]string{}
   139  	if len(domainId) > 0 {
   140  		params["domain_id"] = self.ownerId
   141  	}
   142  	if len(name) > 0 {
   143  		params["name"] = name
   144  	}
   145  
   146  	client, err := self.newGeneralAPIClient()
   147  	if err != nil {
   148  		return nil, errors.Wrap(err, "newGeneralAPIClient")
   149  	}
   150  
   151  	groups := []SCloudgroup{}
   152  	err = doListAllWithNextLink(client.Groups.List, params, &groups)
   153  	if err != nil {
   154  		return nil, errors.Wrap(err, "doListAllWithOffset")
   155  	}
   156  	return groups, nil
   157  }
   158  
   159  func (self *SHuaweiClient) GetICloudgroups() ([]cloudprovider.ICloudgroup, error) {
   160  	groups, err := self.GetGroups("", "")
   161  	if err != nil {
   162  		return nil, errors.Wrap(err, "GetGroup")
   163  	}
   164  	ret := []cloudprovider.ICloudgroup{}
   165  	for i := range groups {
   166  		if groups[i].Name != "admin" {
   167  			groups[i].client = self
   168  			ret = append(ret, &groups[i])
   169  		}
   170  	}
   171  	return ret, nil
   172  }
   173  
   174  func (self *SHuaweiClient) GetGroupUsers(groupId string) ([]SClouduser, error) {
   175  	client, err := self.newGeneralAPIClient()
   176  	if err != nil {
   177  		return nil, errors.Wrap(err, "newGeneralAPIClient")
   178  	}
   179  
   180  	resp, err := client.Groups.ListInContextWithSpec(nil, fmt.Sprintf("%s/users", groupId), nil, "users")
   181  	if err != nil {
   182  		return nil, errors.Wrap(err, "")
   183  	}
   184  	users := []SClouduser{}
   185  	err = jsonutils.Update(&users, resp.Data)
   186  	if err != nil {
   187  		return nil, errors.Wrap(err, "jsonutils.Update")
   188  	}
   189  	return users, nil
   190  }
   191  
   192  func (self *SHuaweiClient) GetGroupRoles(groupId string) ([]SRole, error) {
   193  	client, err := self.newGeneralAPIClient()
   194  	if err != nil {
   195  		return nil, errors.Wrap(err, "newGeneralAPIClient")
   196  	}
   197  	resp, err := client.Domains.ListRoles(self.ownerId, groupId)
   198  	if err != nil {
   199  		return nil, errors.Wrap(err, "ListRoles")
   200  	}
   201  	roles := []SRole{}
   202  	err = jsonutils.Update(&roles, resp.Data)
   203  	if err != nil {
   204  		return nil, errors.Wrap(err, "jsonutils.Update")
   205  	}
   206  	return roles, nil
   207  }
   208  
   209  func (self *SHuaweiClient) CreateGroup(name, desc string) (*SCloudgroup, error) {
   210  	params := map[string]string{
   211  		"name": name,
   212  	}
   213  	if len(desc) > 0 {
   214  		params["description"] = desc
   215  	}
   216  	client, err := self.newGeneralAPIClient()
   217  	if err != nil {
   218  		return nil, errors.Wrap(err, "newGeneralAPIClient")
   219  	}
   220  
   221  	group := SCloudgroup{client: self}
   222  	err = DoCreate(client.Groups.Create, jsonutils.Marshal(map[string]interface{}{"group": params}), &group)
   223  	if err != nil {
   224  		return nil, errors.Wrap(err, "DoCreate")
   225  	}
   226  	return &group, nil
   227  }
   228  
   229  func (self *SHuaweiClient) CreateICloudgroup(name, desc string) (cloudprovider.ICloudgroup, error) {
   230  	group, err := self.CreateGroup(name, desc)
   231  	if err != nil {
   232  		return nil, errors.Wrap(err, "CreateGroup")
   233  	}
   234  	return group, nil
   235  }
   236  
   237  func (self *SHuaweiClient) DeleteGroup(id string) error {
   238  	client, err := self.newGeneralAPIClient()
   239  	if err != nil {
   240  		return errors.Wrap(err, "newGeneralAPIClient")
   241  	}
   242  	return DoDeleteWithSpec(client.Groups.DeleteInContextWithSpec, nil, id, "", nil, nil)
   243  }
   244  
   245  func (self *SHuaweiClient) GetICloudgroupByName(name string) (cloudprovider.ICloudgroup, error) {
   246  	groups, err := self.GetGroups(self.ownerId, name)
   247  	if err != nil {
   248  		return nil, errors.Wrap(err, "GetGroups")
   249  	}
   250  	if len(groups) == 0 {
   251  		return nil, cloudprovider.ErrNotFound
   252  	}
   253  	if len(groups) > 1 {
   254  		return nil, cloudprovider.ErrDuplicateId
   255  	}
   256  	groups[0].client = self
   257  	return &groups[0], nil
   258  }
   259  
   260  func (self *SHuaweiClient) AddUserToGroup(groupId, userId string) error {
   261  	client, err := self.newGeneralAPIClient()
   262  	if err != nil {
   263  		return errors.Wrap(err, "newGeneralAPIClient")
   264  	}
   265  	_, err = client.Groups.UpdateInContextWithSpec(nil, groupId, fmt.Sprintf("users/%s", userId), nil, "")
   266  	return err
   267  }
   268  
   269  func (self *SHuaweiClient) RemoveUserFromGroup(groupId, userId string) error {
   270  	client, err := self.newGeneralAPIClient()
   271  	if err != nil {
   272  		return errors.Wrap(err, "newGeneralAPIClient")
   273  	}
   274  	_, err = client.Groups.DeleteInContextWithSpec(nil, groupId, fmt.Sprintf("users/%s", userId), nil, nil, "")
   275  	return err
   276  }
   277  
   278  func (self *SHuaweiClient) GetCustomRoles() ([]SRole, error) {
   279  	params := map[string]string{}
   280  
   281  	client, err := self.newGeneralAPIClient()
   282  	if err != nil {
   283  		return nil, errors.Wrap(err, "newGeneralAPIClient")
   284  	}
   285  
   286  	client.Roles.SetVersion("v3.0/OS-ROLE")
   287  	defer client.Roles.SetVersion("v3.0")
   288  
   289  	roles := []SRole{}
   290  	err = doListAllWithNextLink(client.Roles.List, params, &roles)
   291  	if err != nil {
   292  		return nil, errors.Wrap(err, "doListAllWithOffset")
   293  	}
   294  	return roles, nil
   295  }
   296  
   297  func (self *SHuaweiClient) GetCustomRole(name string) (*SRole, error) {
   298  	roles, err := self.GetCustomRoles()
   299  	if err != nil {
   300  		return nil, errors.Wrapf(err, "GetCustomRoles(%s)", name)
   301  	}
   302  	for i := range roles {
   303  		if roles[i].DisplayName == name {
   304  			return &roles[i], nil
   305  		}
   306  	}
   307  	return nil, errors.Wrapf(cloudprovider.ErrNotFound, name)
   308  }
   309  
   310  func (self *SHuaweiClient) GetRole(name string) (*SRole, error) {
   311  	roles, err := self.GetRoles("", "")
   312  	if err != nil {
   313  		return nil, errors.Wrapf(err, "GetRoles(%s)", name)
   314  	}
   315  	for i := range roles {
   316  		if roles[i].DisplayName == name {
   317  			return &roles[i], nil
   318  		}
   319  	}
   320  	return nil, errors.Wrapf(cloudprovider.ErrNotFound, name)
   321  }
   322  
   323  func (self *SHuaweiClient) DetachGroupRole(groupId, roleId string) error {
   324  	client, err := self.newGeneralAPIClient()
   325  	if err != nil {
   326  		return errors.Wrap(err, "newGeneralAPIClient")
   327  	}
   328  	role, err := self.GetRole(roleId)
   329  	if err != nil {
   330  		return errors.Wrapf(err, "GetRole(%s)", roleId)
   331  	}
   332  	if role.Type == "AX" || role.Type == "AA" {
   333  		err = client.Domains.AddRole(self.ownerId, groupId, role.Id)
   334  		if err != nil {
   335  			return errors.Wrapf(err, "AddRole")
   336  		}
   337  		if strings.Contains(strings.ToLower(role.Policy.String()), "obs") {
   338  			err = client.Projects.AddProjectRole(self.GetMosProjectId(), groupId, role.Id)
   339  			if err != nil {
   340  				return errors.Wrapf(err, "AddProjectRole")
   341  			}
   342  		}
   343  	}
   344  	if role.Type == "XA" || role.Type == "AA" {
   345  		projects, err := self.GetProjects()
   346  		if err != nil {
   347  			return errors.Wrapf(err, "GetProjects")
   348  		}
   349  		for _, project := range projects {
   350  			err = client.Projects.AddProjectRole(project.ID, groupId, role.Id)
   351  			if err != nil {
   352  				return errors.Wrapf(err, "AddProjectRole")
   353  			}
   354  		}
   355  	}
   356  	return nil
   357  }
   358  
   359  func (self *SHuaweiClient) AttachGroupRole(groupId, roleId string) error {
   360  	client, err := self.newGeneralAPIClient()
   361  	if err != nil {
   362  		return errors.Wrap(err, "newGeneralAPIClient")
   363  	}
   364  	role, err := self.GetRole(roleId)
   365  	if err != nil {
   366  		return errors.Wrapf(err, "GetRole(%s)", roleId)
   367  	}
   368  	if role.Type == "AX" || role.Type == "AA" {
   369  		err = client.Domains.AddRole(self.ownerId, groupId, role.Id)
   370  		if err != nil {
   371  			return errors.Wrapf(err, "AddRole")
   372  		}
   373  		if strings.Contains(strings.ToLower(role.Policy.String()), "obs") {
   374  			err = client.Projects.AddProjectRole(self.GetMosProjectId(), groupId, role.Id)
   375  			if err != nil {
   376  				return errors.Wrapf(err, "AddProjectRole")
   377  			}
   378  		}
   379  	}
   380  	if role.Type == "XA" || role.Type == "AA" {
   381  		projects, err := self.GetProjects()
   382  		if err != nil {
   383  			return errors.Wrapf(err, "GetProjects")
   384  		}
   385  		for _, project := range projects {
   386  			err = client.Projects.AddProjectRole(project.ID, groupId, role.Id)
   387  			if err != nil {
   388  				return errors.Wrapf(err, "AddProjectRole")
   389  			}
   390  		}
   391  	}
   392  	return nil
   393  }
   394  
   395  func (self *SHuaweiClient) AttachGroupCustomRole(groupId, roleId string) error {
   396  	client, err := self.newGeneralAPIClient()
   397  	if err != nil {
   398  		return errors.Wrap(err, "newGeneralAPIClient")
   399  	}
   400  	role, err := self.GetCustomRole(roleId)
   401  	if err != nil {
   402  		return errors.Wrapf(err, "GetRole(%s)", roleId)
   403  	}
   404  	if role.Type == "AX" || role.Type == "AA" {
   405  		err = client.Domains.AddRole(self.ownerId, groupId, role.Id)
   406  		if err != nil {
   407  			return errors.Wrapf(err, "AddRole")
   408  		}
   409  		if strings.Contains(strings.ToLower(role.Policy.String()), "obs") {
   410  			err = client.Projects.AddProjectRole(self.GetMosProjectId(), groupId, role.Id)
   411  			if err != nil {
   412  				return errors.Wrapf(err, "AddProjectRole")
   413  			}
   414  		}
   415  	}
   416  	if role.Type == "XA" || role.Type == "AA" {
   417  		projects, err := self.GetProjects()
   418  		if err != nil {
   419  			return errors.Wrapf(err, "GetProjects")
   420  		}
   421  		for _, project := range projects {
   422  			err = client.Projects.AddProjectRole(project.ID, groupId, role.Id)
   423  			if err != nil {
   424  				return errors.Wrapf(err, "AddProjectRole")
   425  			}
   426  		}
   427  	}
   428  	return nil
   429  }
   430  
   431  func (self *SHuaweiClient) DetachGroupCustomRole(groupId, roleId string) error {
   432  	client, err := self.newGeneralAPIClient()
   433  	if err != nil {
   434  		return errors.Wrap(err, "newGeneralAPIClient")
   435  	}
   436  	role, err := self.GetCustomRole(roleId)
   437  	if err != nil {
   438  		return errors.Wrapf(err, "GetCustomRole(%s)", roleId)
   439  	}
   440  	if role.Type == "AX" || role.Type == "AA" {
   441  		err = client.Domains.DeleteRole(self.ownerId, groupId, role.Id)
   442  		if err != nil {
   443  			return errors.Wrapf(err, "DeleteRole")
   444  		}
   445  		if strings.Contains(strings.ToLower(role.Policy.String()), "obs") {
   446  			err = client.Projects.DeleteProjectRole(self.GetMosProjectId(), groupId, role.Id)
   447  			if err != nil {
   448  				return errors.Wrapf(err, "DeleteProjectRole")
   449  			}
   450  		}
   451  	}
   452  	if role.Type == "XA" || role.Type == "AA" {
   453  		projects, err := self.GetProjects()
   454  		if err != nil {
   455  			return errors.Wrapf(err, "GetProjects")
   456  		}
   457  		for _, project := range projects {
   458  			err = client.Projects.DeleteProjectRole(project.ID, groupId, role.Id)
   459  			if err != nil {
   460  				return errors.Wrapf(err, "DeleteProjectRole")
   461  			}
   462  		}
   463  	}
   464  	return nil
   465  }