From cc356d2ca198a6cdd4a68814b6f78283abdcc30a Mon Sep 17 00:00:00 2001 From: ImMin5 Date: Wed, 18 Dec 2024 13:16:13 +0900 Subject: [PATCH] feat: add get_accessible_configs api to PublicConfig for USER role_type --- .../config/interface/grpc/public_config.py | 6 ++ .../config/model/public_config/request.py | 7 ++ .../config/service/public_config_service.py | 96 +++++++++++++++---- 3 files changed, 89 insertions(+), 20 deletions(-) diff --git a/src/spaceone/config/interface/grpc/public_config.py b/src/spaceone/config/interface/grpc/public_config.py index 0fd8702..35aaabf 100644 --- a/src/spaceone/config/interface/grpc/public_config.py +++ b/src/spaceone/config/interface/grpc/public_config.py @@ -38,6 +38,12 @@ def get(self, request, context): response: dict = public_config_svc.get(params) return self.dict_to_message(response) + def get_accessible_configs(self, request, context): + params, metadata = self.parse_request(request, context) + public_config_svc = PublicConfigService(metadata) + response: dict = public_config_svc.get_accessible_configs(params) + return self.dict_to_message(response) + def list(self, request, context): params, metadata = self.parse_request(request, context) public_config_svc = PublicConfigService(metadata) diff --git a/src/spaceone/config/model/public_config/request.py b/src/spaceone/config/model/public_config/request.py index e36c794..5ee5985 100644 --- a/src/spaceone/config/model/public_config/request.py +++ b/src/spaceone/config/model/public_config/request.py @@ -7,6 +7,7 @@ "PublicConfigSetRequest", "PublicConfigDeleteRequest", "PublicConfigGetRequest", + "PublicConfigGetAccessibleConfigRequest", "PublicConfigSearchQueryRequest", "PublicConfigQueryRequest", ] @@ -61,6 +62,12 @@ class PublicConfigGetRequest(BaseModel): domain_id: str +class PublicConfigGetAccessibleConfigRequest(BaseModel): + query: Union[dict, None] = None + name: Union[str, None] = None + domain_id: str + + class PublicConfigSearchQueryRequest(BaseModel): query: Union[dict, None] = None name: Union[str, None] = None diff --git a/src/spaceone/config/service/public_config_service.py b/src/spaceone/config/service/public_config_service.py index 646b371..6ef6a78 100644 --- a/src/spaceone/config/service/public_config_service.py +++ b/src/spaceone/config/service/public_config_service.py @@ -115,11 +115,13 @@ def update(self, params: PublicConfigUpdateRequest) -> Union[PublicConfigRespons # ) # return PublicConfigResponse(**public_config_vo.to_dict()) - @transaction(permission="config:PublicConfig.write", + @transaction(permission="config:PublicConfig.read", role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER", "WORKSPACE_MEMBER"]) + @change_value_by_rule("APPEND", "workspace_id", "*") + @change_value_by_rule("APPEND", "project_id", "*") @convert_model - def delete(self, params: PublicConfigDeleteRequest) -> None: - """Delete workspace config + def get(self, params: PublicConfigGetRequest) -> Union[PublicConfigResponse, dict]: + """Get workspace config Args: params (dict): { @@ -131,21 +133,71 @@ def delete(self, params: PublicConfigDeleteRequest) -> None: } Returns: - None + public_config_vo (object) """ - workspace_id = params.workspace_id - project_id = params.project_id or params.user_projects + public_config_vo = self.public_config_mgr.get_public_config(params.name, params.domain_id, params.workspace_id, + params.user_projects) - public_config_vo = self.public_config_mgr.get_public_config(params.name, params.domain_id, workspace_id, - project_id) - self.public_config_mgr.delete_public_config_by_vo(public_config_vo) + return PublicConfigResponse(**public_config_vo.to_dict()) - @transaction(permission="config:PublicConfig.read", + @transaction(permission="config:PublicConfig.read", role_types=["USER"]) + @convert_model + def get_accessible_configs(self, params: PublicConfigGetAccessibleConfigRequest) -> Union[ + PublicConfigsResponse, dict]: + """Get accessible workspace config + + Args: + params (dict): { + "query": "dict", + 'name': 'str', # required + + 'domain_id': 'str' # injected from auth + } + + Returns: + public_config_vo (object) + """ + + query = params.query or {} + if "filter" not in query: + query["filter"] = [] + + query_filter = [ + { + "key": "domain_id", + "value": params.domain_id, + "operator": "eq" + }, + { + "key": "resource_group", + "value": "DOMAIN", + "operator": "eq" + } + ] + + query["filter"].extend(query_filter) + + if params.name: + query["filter"].append({ + "key": "name ", + "value": params.name, + "operator": "eq" + }) + + _LOGGER.debug(f'[get_accessible_configs] query: {query}') + + public_config_vos, total_count = self.public_config_mgr.list_public_configs(query) + + public_configs_info = [public_config_vo.to_dict() for public_config_vo in public_config_vos] + + return PublicConfigsResponse(results=public_configs_info, total_count=total_count) + + @transaction(permission="config:PublicConfig.write", role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER", "WORKSPACE_MEMBER"]) @convert_model - def get(self, params: PublicConfigGetRequest) -> Union[PublicConfigResponse, dict]: - """Get workspace config + def delete(self, params: PublicConfigDeleteRequest) -> None: + """Delete workspace config Args: params (dict): { @@ -157,20 +209,22 @@ def get(self, params: PublicConfigGetRequest) -> Union[PublicConfigResponse, dic } Returns: - public_config_vo (object) + None """ - public_config_vo = self.public_config_mgr.get_public_config(params.name, params.domain_id, params.workspace_id, - params.user_projects) + workspace_id = params.workspace_id + project_id = params.project_id or params.user_projects - return PublicConfigResponse(**public_config_vo.to_dict()) + public_config_vo = self.public_config_mgr.get_public_config(params.name, params.domain_id, workspace_id, + project_id) + self.public_config_mgr.delete_public_config_by_vo(public_config_vo) @transaction(permission="config:PublicConfig.read", role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER", "WORKSPACE_MEMBER"]) - @append_query_filter(["name", "domain_id"]) @append_keyword_filter(["name"]) @change_value_by_rule("APPEND", "workspace_id", "*") @change_value_by_rule("APPEND", "project_id", "*") + @append_query_filter(["name", "workspace_id", "users_project", "domain_id"]) @convert_model def list(self, params: PublicConfigSearchQueryRequest) -> Union[PublicConfigsResponse, dict]: """List workspace configs @@ -191,12 +245,14 @@ def list(self, params: PublicConfigSearchQueryRequest) -> Union[PublicConfigsRes query = params.query or {} public_config_vos, total_count = self.public_config_mgr.list_public_configs(query) - workspaces_info = [public_config_vo.to_dict() for public_config_vo in public_config_vos] - return PublicConfigsResponse(results=workspaces_info, total_count=total_count) + public_configs_info = [public_config_vo.to_dict() for public_config_vo in public_config_vos] + return PublicConfigsResponse(results=public_configs_info, total_count=total_count) @transaction(permission="config:PublicConfig.read", role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER", "WORKSPACE_MEMBER"]) - @append_query_filter(["workspace_id", "domain_id"]) + @change_value_by_rule("APPEND", "workspace_id", "*") + @change_value_by_rule("APPEND", "project_id", "*") + @append_query_filter(["users_project", "workspace_id", "domain_id"]) @append_keyword_filter(["name"]) @convert_model def stat(self, params: PublicConfigQueryRequest) -> dict: