|
2 | 2 | """ |
3 | 3 | Manage app ans organisation v2 permissions for NRLF apps in a given environment ENV |
4 | 4 | """ |
| 5 | +import json |
5 | 6 | import os |
6 | 7 | from enum import Enum |
7 | 8 |
|
@@ -63,6 +64,22 @@ def _list_s3_keys(file_key_prefix: str) -> list[str]: |
63 | 64 | return keys |
64 | 65 |
|
65 | 66 |
|
| 67 | +def _get_perms_from_s3(file_key: str) -> str | None: |
| 68 | + s3 = _get_s3_client() |
| 69 | + |
| 70 | + try: |
| 71 | + item = s3.get_object(Bucket=nrl_auth_bucket_name, Key=file_key) |
| 72 | + except s3.exceptions.NoSuchKey: |
| 73 | + print(f"Permissions file {file_key} does not exist in the bucket.") |
| 74 | + return None |
| 75 | + |
| 76 | + if "Body" not in item: |
| 77 | + print(f"No body found for permissions file {file_key}.") |
| 78 | + return None |
| 79 | + |
| 80 | + return item["Body"].read().decode("utf-8") |
| 81 | + |
| 82 | + |
66 | 83 | def list_apps(supplier_type: SupplierType) -> None: |
67 | 84 | """ |
68 | 85 | List all consumer or producer applications in the NRL environment. |
@@ -103,7 +120,6 @@ def list_orgs(supplier_type: SupplierType, app_id: str) -> None: |
103 | 120 | """ |
104 | 121 | List all organizations for a specific consumer or producer application. |
105 | 122 | """ |
106 | | - |
107 | 123 | if supplier_type.lower() not in SupplierType.list(): |
108 | 124 | print("Usage: list organisations for a given app and supplier type") |
109 | 125 | print(" list_orgs consumer <app_id>") |
@@ -150,14 +166,85 @@ def list_available_access_controls() -> None: |
150 | 166 | print(f"- {control}") |
151 | 167 |
|
152 | 168 |
|
| 169 | +def _print_perm( |
| 170 | + perms_pretty: dict, lookup_path: str, perm_pretty_name: str, perm_key: str |
| 171 | +): |
| 172 | + print() |
| 173 | + access_controls = perms_pretty.get(perm_key, []) |
| 174 | + if access_controls: |
| 175 | + print(f"{lookup_path} has these {perm_pretty_name}s:") |
| 176 | + for control in access_controls: |
| 177 | + print(f"- {control}") |
| 178 | + else: |
| 179 | + print(f"{lookup_path} has no {perm_pretty_name}s") |
| 180 | + |
| 181 | + |
| 182 | +def show_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None: |
| 183 | + """ |
| 184 | + Show the permissions for a given application or organization. |
| 185 | + """ |
| 186 | + if supplier_type.lower() not in SupplierType.list() or not app_id: |
| 187 | + print("Usage: show permissions for a given organisation or app") |
| 188 | + print(" show_perms consumer <app_id> <org_ods>") |
| 189 | + print(" show_perms producer <app_id> <org_ods>") |
| 190 | + print(" show_perms consumer <app_id>") |
| 191 | + print(" show_perms producer <app_id>") |
| 192 | + return |
| 193 | + |
| 194 | + if org_ods: |
| 195 | + lookup_path = f"{supplier_type}/{app_id}/{org_ods}.json" |
| 196 | + else: |
| 197 | + lookup_path = f"{supplier_type}/{app_id}.json" |
| 198 | + |
| 199 | + perms_ugly = _get_perms_from_s3(lookup_path) |
| 200 | + |
| 201 | + if not perms_ugly: |
| 202 | + print(f"No permissions file found for {lookup_path}.") |
| 203 | + return |
| 204 | + |
| 205 | + perms_pretty = json.loads(perms_ugly) |
| 206 | + if not perms_pretty: |
| 207 | + print(f"No pointer-types found in permission file for {lookup_path}.") |
| 208 | + return |
| 209 | + |
| 210 | + pretty_type_data = { |
| 211 | + pointertype_perm: TYPE_ATTRIBUTES.get( |
| 212 | + pointertype_perm, {"display": "Unknown type"} |
| 213 | + ) |
| 214 | + for pointertype_perm in perms_pretty.get("types") |
| 215 | + } |
| 216 | + types = [ |
| 217 | + "%-45s (%s)" |
| 218 | + % (pretty_type_data[pointertype_perm]["display"][:44], pointertype_perm) |
| 219 | + for pointertype_perm in perms_pretty.get("types") |
| 220 | + ] |
| 221 | + print(f"{lookup_path} is allowed to access these pointer-types:") |
| 222 | + for type_display in types: |
| 223 | + print(f"- {type_display}") |
| 224 | + |
| 225 | + _print_perm( |
| 226 | + perms_pretty, |
| 227 | + lookup_path, |
| 228 | + perm_pretty_name="access control", |
| 229 | + perm_key="access_controls", |
| 230 | + ) |
| 231 | + |
| 232 | + # _print_perm( |
| 233 | + # perms_pretty, |
| 234 | + # lookup_path, |
| 235 | + # perm_pretty_name="API interaction", |
| 236 | + # perm_key="interaction", |
| 237 | + # ) |
| 238 | + |
| 239 | + |
153 | 240 | if __name__ == "__main__": |
154 | 241 | fire.Fire( |
155 | 242 | { |
156 | 243 | "list_apps": list_apps, |
157 | 244 | "list_orgs": list_orgs, |
158 | 245 | "list_available_pointer_types": list_available_pointer_types, |
159 | 246 | "list_available_access_controls": list_available_access_controls, |
160 | | - # "show_perms": show_perms, |
| 247 | + "show_perms": show_perms, |
161 | 248 | # "set_perms": set_perms, |
162 | 249 | # "clear_perms": clear_perms, |
163 | 250 | } |
|
0 commit comments