Merge pull request #25 from blackducksoftware/gsnyder/project-and-user-roles-improvements

Extending capabilities for role management of users, user groups, and project roles

Author: gsnyder2007

blackduck/HubRestApi.py

@@ -1,4 +1,4 @@
 
-VERSION = (0, 0, 9)
+VERSION = (0, 0, 10)
 
 __version__ = '.'.join(map(str, VERSION))

blackduck/__version__.py

@@ -0,0 +1,28 @@
+
+
+import argparse
+import json
+import logging
+import sys
+
+
+from blackduck.HubRestApi import HubInstance
+
+
+parser = argparse.ArgumentParser()
+parser.add_argument("project_name")
+parser.add_argument("application_id")
+parser.add_argument("--overwrite", default = False, action='store_true', help="If overwrite is set will over write the current application id with the new one")
+
+args = parser.parse_args()
+
+hub = HubInstance()
+
+# TODO: Debug overwrite, keep getting 412 response on PUT
+
+response = hub.assign_project_application_id(args.project_name, args.application_id, overwrite=args.overwrite)
+
+if response and response.status_code == 201:
+logging.info("successfully assigned application id {} to project {}".format(args.application_id, args.project_name))
+else:
+logging.warning("Failed to assign application id {} to project {}".format(args.application_id, args.project_name))

examples/assign_application_id_to_project.py

@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+import argparse
+import json
+
+from blackduck.HubRestApi import HubInstance
+
+hub = HubInstance()
+
+global_roles = [
+"Component Manager",
+"Global Code Scanner",
+"License Manager",
+"Policy Manager",
+"Project Creator",
+"Super User",
+"System Administrator",
+"All"
+]
+
+parser = argparse.ArgumentParser("Assign a global role to a user group")
+parser.add_argument("group_name", help="The user group name")
+parser.add_argument("role", choices=global_roles, help="Assign a global role to the user group. If you choose 'All' then all global roles will be assigned to the user group")
+
+args = parser.parse_args()
+
+user_groups = hub.get_user_groups(parameters={'q':args.group_name})
+
+if user_groups['totalCount'] == 1:
+user_group = user_groups['items'][0]
+
+if user_group:
+if args.role == 'All':
+roles_to_assign = [r for r in global_roles if r != 'All']
+else:
+roles_to_assign = [args.role]
+for role_to_assign in roles_to_assign:
+response = hub.assign_role_to_user_or_group(role_to_assign, user_group)
+if response.status_code == 201:
+print("Successfully assigned role {} to user group {}".format(role_to_assign, args.group_name))
+elif response.status_code == 412:
+print("Failed to assign role {} to group {} due to status code 412. Has the role already been assigned?".format(role_to_assign, args.group_name))
+else:
+print("Failed to assign role {} to group {}. status code: {}".format(role_to_assign, args.group_name, response.status_code))

examples/assign_role_to_user_group.py

@@ -0,0 +1,53 @@
+'''
+Created on January 21, 2019
+
+@author: gsnyder
+
+Assign a user group to a project, providing the project-specific roles the user group should have (on the project)
+
+'''
+
+import argparse
+import json
+import logging
+import sys
+
+from blackduck.HubRestApi import HubInstance
+
+
+project_roles = [
+"BOM Manager",
+"Policy Violation Reviewer",
+"Project Code Scanner",
+"Project Manager",
+"Security Manager",
+]
+
+project_roles_str = ",".join(project_roles)
+
+parser = argparse.ArgumentParser("Assign a user group to a project along with a list of project roles (optional)")
+parser.add_argument("group", help="The name of a user group to assign to the project")
+parser.add_argument("project", help="The name of the project you want to assign the group to")
+parser.add_argument(
+"--project_roles", help="A file with the project-specific roles ({}) that will be granted to the user group, one per line".format(
+project_roles_str))
+
+args = parser.parse_args()
+
+logging.basicConfig(format='%(asctime)s:%(levelname)s:%(message)s', stream=sys.stdout, level=logging.DEBUG)
+
+hub = HubInstance()
+
+if args.project_roles:
+project_roles_l = list()
+with open(args.project_roles) as f:
+project_roles_l = [role.strip() for role in f.readlines()]
+else:
+project_roles_l = []
+
+response = hub.assign_user_group_to_project(args.project, args.group, project_roles_l)
+if response and response.status_code == 201:
+logging.info("Successfully assigned user group {} to project {} with project-roles {}".format(
+args.group, args.project, project_roles_l))
+else:
+logging.warning("Failed to assign group {} to project {}".format(args.group, args.project))

examples/assign_user_group_to_project.py

@@ -0,0 +1,22 @@
+from blackduck.HubRestApi import HubInstance
+
+hub = HubInstance()
+
+
+policy_data = {"name":"new-rule",
+"description":"description",
+"severity":"BLOCKER",
+"enabled":True,
+"overridable":True,
+"policyType":"BOM_COMPONENT_DISALLOW",
+"expression":{
+"operator":"AND",
+"expressions":[{
+"name":"HIGH_SEVERITY_VULN_COUNT",
+"operation":"EQ",
+"parameters":{"values":["0"]}}]},"wait":True}
+
+import pdb; pdb.set_trace()
+result = hub.create_policy(policy_data)
+
+print(result)

examples/create_policy.py

@@ -0,0 +1,19 @@
+
+import argparse
+import json
+
+from blackduck.HubRestApi import HubInstance
+
+parser = argparse.ArgumentParser()
+parser.add_argument("project_name")
+parser.add_argument("--version", default="1.0", type=str)
+parser.add_argument("--description", default="", type=str)
+
+args = parser.parse_args()
+
+hub = HubInstance()
+
+response = hub.create_project(args.project_name, args.version, parameters = {
+"description": args.description
+})
+print(response.status_code)

examples/create_project.py

@@ -0,0 +1,59 @@
+'''
+Created on Dec 4, 2018
+
+@author: gsnyder
+
+Create a new user_group
+
+'''
+import argparse
+import json
+import logging
+from pprint import pprint
+import sys
+
+from blackduck.HubRestApi import HubInstance
+
+
+user_group_types = ['INTERNAL', 'EXTERNAL']
+
+parser = argparse.ArgumentParser("Create a new user_group")
+parser.add_argument("usergroupname")
+parser.add_argument("--externalGroupName", default=None)
+parser.add_argument("--type", choices=user_group_types, default="INTERNAL")
+parser.add_argument("--active", default=True)
+
+args = parser.parse_args()
+
+logging.basicConfig(stream=sys.stdout, level=logging.DEBUG)
+
+hub = HubInstance()
+
+if args.externalGroupName:
+external_group_name = args.externalGroupName
+else:
+external_group_name = args.usergroupname
+
+if args.type == 'INTERNAL':
+location = hub.create_user_group({
+'name': args.usergroupname,
+'createdFrom': args.type,
+'active': args.active,
+})
+elif args.type == 'EXTERNAL':
+location = hub.create_user_group({
+'name': args.usergroupname,
+'externalName': external_group_name,
+'createdFrom': args.type,
+'active': args.active,
+})
+else:
+print("You must choose a valid type {}".format(user_group_types))
+
+logging.info("Created user_group {} at location {}".format(args.usergroupname, location))
+
+
+
+
+
+

examples/create_user_group.py

@@ -0,0 +1,34 @@
+import argparse
+
+
+from blackduck.HubRestApi import HubInstance
+
+global_roles = [
+"Component Manager",
+"Global Code Scanner",
+"License Manager",
+"Policy Manager",
+"Project Creator",
+"Super User",
+"System Administrator",
+"All"
+]
+
+parser = argparse.ArgumentParser("Delete a global role from a user group")
+parser.add_argument("group_name")
+parser.add_argument("role", choices=global_roles, help="Delete a global role from the user group. If set to 'All' will delete all global roles from the user group")
+
+args = parser.parse_args()
+
+hub = HubInstance()
+
+group = hub.get_user_group_by_name(args.group_name)
+if group:
+if args.role == 'All':
+roles_to_delete = [r for r in global_roles if r != 'All']
+else:
+roles_to_delete = [args.role]
+for role_to_delete in roles_to_delete:
+print("Deleting role {} from user group {}".format(role_to_delete, args.group_name))
+response = hub.delete_role_from_user_or_group(role_to_delete, group)
+print("Deleted role {}".format(role_to_delete))

examples/delete_role_from_user_group.py

@@ -39,11 +39,7 @@ def serialize_to_file(file, data):
 user_group_data_prepped_to_copy = []
 
 for user_group in user_groups_to_copy['items']:
-user_group_roles_response = source_hub.get_roles_for_user_or_group(user_group)
-if user_group_roles_response:
-user_group_roles = user_group_roles_response.json()
-else:
-user_group_roles = []
+user_group_roles = source_hub.get_roles_for_user_or_group(user_group)
 
 user_group_data_raw.append({
 'user_group': user_group, 'roles': user_group_roles