adding rbac filtering for policy

akumar91 · akumar91 · commit 32415289ab2d · 2018-07-25T14:14:51.000-05:00
diff --git a/recipes/perl/api_requests.pl b/recipes/perl/api_requests.pl
@@ -1,5 +1,6 @@
 #!/usr/bin/env perl
 use LWP::UserAgent;
+use JSON;
 
 my $content_type_v2 = "application/vnd.netbackup+json; version=2.0";
 
@@ -46,11 +47,13 @@ sub perform_login {
     if ($resp->is_success) {
         my $message = decode_json($resp->content);
         $token = $message->{"token"};
+        print "Login succeeded with status code: ", $resp->code, "\n";
     }
     else {
         print "HTTP POST error code: ", $resp->code, "\n";
         print "HTTP POST error message: ", $resp->message, "\n";
     }
+    return $token;
 }
 
 # create VMWare policy with the name vmware_test_policy with default values
@@ -174,7 +177,7 @@ sub read_policy {
 }
 
 # subroutine to read policy and extract generation number from response
-my $genertion;
+my $generation;
 sub read_policy_extract_Generation_Number_From_Response {
     my $policy_name = "vmware_test_policy";
     my $url = "$base_url/config/policies/$policy_name";
@@ -366,7 +369,21 @@ sub delete_schedule {
 # subroutine to delete policy
 sub delete_policy {
 
-    my $policy_name = "vmware_test_policy";
+    my @argument_list = @_;
+    my $policy_name = $argument_list[0];
+
+    # check if the user provides the token to use otherwise
+    # use the default token created from the perform_login subroutine.
+    if ($argument_list[1] ne "") {
+        $token = $argument_list[1];
+    }
+
+    # if the user provides the policyname use that to delete otherwise
+    # delete the policy named "vmware_test_policy".
+    if ($policy_name eq "") {
+        $policy_name = "vmware_test_policy";
+    }
+
     my $url = "$base_url/config/policies/$policy_name";
 
     my $req = HTTP::Request->new(DELETE => $url);
@@ -378,7 +395,7 @@ sub delete_policy {
 
     my $resp = $ua->request($req);
     if ($resp->is_success) {
-        print "Policy is deleted with status code: ", $resp->code, "\n";
+        print "Policy [$policy_name] is deleted with status code: ", $resp->code, "\n";
     }
     else {
         print "HTTP DELETE error code: ", $resp->code, "\n";
diff --git a/recipes/perl/api_requests_rbac_policy.pl b/recipes/perl/api_requests_rbac_policy.pl
@@ -0,0 +1,223 @@
+#!/usr/bin/env perl
+use LWP::UserAgent;
+use JSON;
+
+my $content_type_v2 = "application/vnd.netbackup+json; version=2.0";
+
+my $json = JSON->new;
+my $ua = LWP::UserAgent->new(
+                ssl_opts => { verify_hostname => 0, verify_peer => 0},
+            );
+
+# create object group to access only VMware policies
+my $object_group_id;
+sub create_rbac_object_group_for_VMware_policy {
+
+    my @argument_list = @_;
+    my $base_url = $argument_list[0];
+    my $token = $argument_list[1];
+
+    my $url = "$base_url/rbac/object-groups";
+    my $object_group_name = "VMwarePolicy";
+
+    my $req = HTTP::Request->new(POST => $url);
+    $req->header('content-type' => $content_type_v2);
+    $req->header('Authorization' => $token);
+
+    my $post_data = qq({ "data": { "type": "object-group", "attributes": {
+    "name": "$object_group_name", "criteria": [
+    { "objectCriterion": "policyType eq 40", "objectType": "NBPolicy" } ]} } });
+    $req->content($post_data);
+
+    print "\n\n**************************************************************";
+    print "\n\n Making POST Request to create object group to access only VMware policies \n\n";
+
+    my $resp = $ua->request($req);
+    if ($resp->is_success) {
+        my $json_message = decode_json($resp->decoded_content);
+        $object_group_id = $json_message->{"data"}{"id"};
+        print "Object group [$object_group_name] is created with id [$object_group_id] to access only VMware policies with status code: ", $resp->code, "\n";
+    }
+    else {
+        print "HTTP POST error code: ", $resp->code, "\n";
+        print "HTTP POST error message: ", $resp->message, "\n";
+    }
+}
+
+# create access rule for a user with object group
+my $access_rule_id;
+sub create_rbac_access_rules {
+
+    my @argument_list = @_;
+    my $base_url = $argument_list[0];
+    my $token = $argument_list[1];
+    my $user = $argument_list[2];
+    my $domain = $argument_list[3];
+    my $domainType = $argument_list[4];
+
+    my $url = "$base_url/rbac/access-rules";
+
+    my $req = HTTP::Request->new(POST => $url);
+    $req->header('content-type' => $content_type_v2);
+    $req->header('Authorization' => $token);
+
+    my $post_data = qq({ "data": { "type": "access-rule", "attributes": {
+    "description": "adding VMwarePolicy object group"}, "relationships": {
+    "userPrincipal": { "data": { "type" : "user-principal", "id": "$domain:$user:$domainType:$user" } },
+    "objectGroup": { "data": { "type": "object-group", "id": "$object_group_id" } },
+    "role": { "data": { "type": "role", "id": "3" } } } } });
+    $req->content($post_data);
+
+    print "\n\n**************************************************************";
+    print "\n\n Making POST Request to create access rule \n\n";
+
+    my $resp = $ua->request($req);
+    if ($resp->is_success) {
+        my $json_message = decode_json($resp->decoded_content);
+        $access_rule_id = $json_message->{"data"}{"id"};
+        print "Access rule is created with id [$access_rule_id] to access only VMware policies with status code: ", $resp->code, "\n";
+    }
+    else {
+        print "HTTP POST error code: ", $resp->code, "\n";
+        print "HTTP POST error message: ", $resp->message, "\n";
+    }
+}
+
+# subroutine to delete the object group
+sub delete_rbac_object_group_for_VMware_policy {
+
+    my @argument_list = @_;
+    my $base_url = $argument_list[0];
+    my $token = $argument_list[1];
+
+    my $url = "$base_url/rbac/object-groups/$object_group_id";
+
+    my $req = HTTP::Request->new(DELETE => $url);
+    $req->header('content-type' => $content_type_v2);
+    $req->header('Authorization' => $token);
+
+    print "\n\n**************************************************************";
+    print "\n\n Making DELETE Request to remove the object group \n\n";
+
+    my $resp = $ua->request($req);
+    if ($resp->is_success) {
+        print "Policy is deleted with status code: ", $resp->code, "\n";
+    }
+    else {
+        print "HTTP DELETE error code: ", $resp->code, "\n";
+        print "HTTP DELETE error message: ", $resp->message, "\n";
+    }
+}
+
+# subroutine to delete the object group
+sub delete_rbac_access_rule {
+
+    my @argument_list = @_;
+    my $base_url = $argument_list[0];
+    my $token = $argument_list[1];
+
+    my $url = "$base_url/rbac/access-rules/$access_rule_id";
+
+    my $req = HTTP::Request->new(DELETE => $url);
+    $req->header('content-type' => $content_type_v2);
+    $req->header('Authorization' => $token);
+
+    print "\n\n**************************************************************";
+    print "\n\n Making DELETE Request to remove the object group \n\n";
+
+    my $resp = $ua->request($req);
+    if ($resp->is_success) {
+        print "Policy is deleted with status code: ", $resp->code, "\n";
+    }
+    else {
+        print "HTTP DELETE error code: ", $resp->code, "\n";
+        print "HTTP DELETE error message: ", $resp->message, "\n";
+    }
+}
+
+# create VMWare policy with the name vmware_test_policy with default values
+sub create_bpnbat_user {
+
+    my @argument_list = @_;
+    my $username = $argument_list[0];
+    my $domainName = $argument_list[1];
+    my $password = $argument_list[2];
+
+    print "\n\n**************************************************************";
+    print "\n\n Creating user for RBAC filtering using bpnbat \n\n";
+
+    if ( $^O =~ /MSWin32/ ) {
+        my $path = 'C:/\"Program Files\"/Veritas/NetBackup/bin/bpnbat.exe';
+        my $rc = system(qq($path -AddUser $username $domainName $password)); # returns exit status values
+        die "system() failed with status $rc" unless $rc == 0;
+    } else {
+        my $path = '/usr/openv/netbackup/bin/bpnbat';
+        my $rc = system(qq($path -AddUser $username $domainName $password)); # returns exit status values
+        die "system() failed with status $rc" unless $rc == 0;
+    }
+    print "\n\n";
+}
+
+# create VMWare policy with the name vmware_test_policy with default values
+sub create_oracle_policy_with_defaults {
+
+    my @argument_list = @_;
+    my $base_url = $argument_list[0];
+    my $token = $argument_list[1];
+
+    my $url = "$base_url/config/policies";
+    my $policy_name = "oracle_test_policy";
+
+    my $req = HTTP::Request->new(POST => $url);
+    $req->header('content-type' => $content_type_v2);
+    $req->header('Authorization' => $token);
+
+    my $post_data = qq({ "data": { "type": "policy", "id": "$policy_name", "attributes": {
+    "policy": { "policyName": "$policy_name", "policyType": "Oracle" } } } });
+    $req->content($post_data);
+
+    print "\n\n**************************************************************";
+    print "\n\n Making POST Request to create Oracle policy with defaults \n\n";
+
+    my $resp = $ua->request($req);
+    if ($resp->is_success) {
+        print "Policy [$policy_name] with default values is create with status code: ", $resp->code, "\n";
+    }
+    else {
+        print "HTTP POST error code: ", $resp->code, "\n";
+        print "HTTP POST error message: ", $resp->message, "\n";
+    }
+}
+
+# create VMWare policy with the name vmware_test_policy with default values
+sub create_vmware_policy_with_defaults {
+
+    my @argument_list = @_;
+    my $base_url = $argument_list[0];
+    my $token = $argument_list[1];
+
+    my $url = "$base_url/config/policies";
+    my $policy_name = "vmware_test_policy";
+
+    my $req = HTTP::Request->new(POST => $url);
+    $req->header('content-type' => $content_type_v2);
+    $req->header('Authorization' => $token);
+
+    my $post_data = qq({ "data": { "type": "policy", "id": "$policy_name", "attributes": {
+    "policy": { "policyName": "$policy_name", "policyType": "VMware" } } } });
+    $req->content($post_data);
+
+    print "\n\n**************************************************************";
+    print "\n\n Making POST Request to create VMWare policy with defaults \n\n";
+
+    my $resp = $ua->request($req);
+    if ($resp->is_success) {
+        print "Policy [$policy_name] with default values is create with status code: ", $resp->code, "\n";
+    }
+    else {
+        print "HTTP POST error code: ", $resp->code, "\n";
+        print "HTTP POST error message: ", $resp->message, "\n";
+    }
+}
+
+1;
diff --git a/recipes/perl/create_policy_in_one_step.pl b/recipes/perl/create_policy_in_one_step.pl
@@ -25,10 +25,6 @@
 my $domainType;
 my $base_url;
 
-
-#change this as per your host name
-$fqdn_hostname = "localhost";
-
 # subroutines for printing usage and library information required to run the script.
 sub print_usage {
     print("\n\nUsage:");
diff --git a/recipes/perl/create_policy_step_by_step.pl b/recipes/perl/create_policy_step_by_step.pl
@@ -25,10 +25,6 @@
 my $domainType;
 my $base_url;
 
-
-#change this as per your host name
-$fqdn_hostname = "localhost";
-
 # subroutines for printing usage and library information required to run the script.
 sub print_usage {
     print("\n\nUsage:");
diff --git a/recipes/perl/rbac_filtering_in_policy.pl b/recipes/perl/rbac_filtering_in_policy.pl
