add python changes for rbac

Author: akumar91

recipes/python/create_policy_in_one_step.py

@@ -77,16 +77,16 @@ def read_command_line_arguments():
 
 jwt = policy_api_requests.perform_login(username, password, domainName, domainType, base_url)
 
-createPolicy = policy_api_requests.post_netbackup_VMwarePolicy(jwt, base_url)
+policy_api_requests.post_netbackup_VMwarePolicy(jwt, base_url)
 
-listPolicies = policy_api_requests.get_netbackup_policies(jwt, base_url)
+policy_api_requests.get_netbackup_policies(jwt, base_url)
 
-readPolicy = policy_api_requests.get_netbackup_policy(jwt, base_url)
+policy_api_requests.get_netbackup_policy(jwt, base_url)
 
-updatePolicy = policy_api_requests.put_netbackup_policy(jwt, base_url)
+policy_api_requests.put_netbackup_policy(jwt, base_url)
 
-readPolicy = policy_api_requests.get_netbackup_policy(jwt, base_url)
+policy_api_requests.get_netbackup_policy(jwt, base_url)
 
-deletePolicy = policy_api_requests.delete_VMware_netbackup_policy(jwt, base_url)
+policy_api_requests.delete_VMware_netbackup_policy(jwt, base_url)
 
-listPolicies = policy_api_requests.get_netbackup_policies(jwt, base_url)
+policy_api_requests.get_netbackup_policies(jwt, base_url)

recipes/python/create_policy_step_by_step.py

@@ -77,26 +77,26 @@ def read_command_line_arguments():
 
 jwt = policy_api_requests.perform_login(username, password, domainName, domainType, base_url)
 
-createPolicy = policy_api_requests.post_netbackup_VMwarePolicy_defaults(jwt, base_url)
+policy_api_requests.post_netbackup_VMwarePolicy_defaults(jwt, base_url)
 
-listPolicies = policy_api_requests.get_netbackup_policies(jwt, base_url)
+policy_api_requests.get_netbackup_policies(jwt, base_url)
 
-readPolicy = policy_api_requests.get_netbackup_policy(jwt, base_url)
+policy_api_requests.get_netbackup_policy(jwt, base_url)
 
-updatePolicy = policy_api_requests.put_netbackup_policy(jwt, base_url)
+policy_api_requests.put_netbackup_policy(jwt, base_url)
 
-addClient = policy_api_requests.put_netbackup_client(jwt, base_url)
+policy_api_requests.put_netbackup_client(jwt, base_url)
 
-addBackupSelection = policy_api_requests.put_netbackup_backupselections(jwt, base_url)
+policy_api_requests.put_netbackup_backupselections(jwt, base_url)
 
-addSchedule = policy_api_requests.put_netbackup_schedule(jwt, base_url)
+policy_api_requests.put_netbackup_schedule(jwt, base_url)
 
-readPolicy = policy_api_requests.get_netbackup_policy(jwt, base_url)
+policy_api_requests.get_netbackup_policy(jwt, base_url)
 
-deleteClient = policy_api_requests.delete_netbackup_client(jwt, base_url)
+policy_api_requests.delete_netbackup_client(jwt, base_url)
 
-deleteSchedule = policy_api_requests.delete_netbackup_schedule(jwt, base_url)
+policy_api_requests.delete_netbackup_schedule(jwt, base_url)
 
-deletePolicy = policy_api_requests.delete_VMware_netbackup_policy(jwt, base_url)
+policy_api_requests.delete_VMware_netbackup_policy(jwt, base_url)
 
-listPolicies = policy_api_requests.get_netbackup_policies(jwt, base_url)
+policy_api_requests.get_netbackup_policies(jwt, base_url)

recipes/python/policy_api_requests.py

@@ -18,7 +18,7 @@ def perform_login(username, password, domainName, domainType, base_url):
 	resp = requests.post(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 201:
-		raise Exception('Login API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('Login API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\nThe response code of the Login API: {}\n".format(resp.status_code))
 
@@ -51,7 +51,7 @@ def post_netbackup_VMwarePolicy_defaults(jwt, base_url):
 	resp = requests.post(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('Create Policy API with defaults failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('Create Policy API with defaults failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\n {} with defaults is created with status code : {}\n".format(testVMwarePolicyName,resp.status_code))
 
@@ -77,12 +77,12 @@ def post_netbackup_OraclePolicy_defaults(jwt, base_url):
 				}
 	headers = {'Content-Type': content_type, 'Authorization': jwt}
 
-	print("\nMaking POST Request to create VMware Policy with defaults \n")
+	print("\nMaking POST Request to create Oracle Policy with defaults \n")
 
 	resp = requests.post(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('Create Policy API with defaults failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('Create Policy API with defaults failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\n {} with defaults is created with status code : {}\n".format(testVMwarePolicyName,resp.status_code))
 
@@ -222,7 +222,7 @@ def post_netbackup_VMwarePolicy(jwt, base_url):
 	resp = requests.post(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('Create Policy API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('Create Policy API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\n {} with out defaults is created with status code : {}\n".format(testVMwarePolicyName,resp.status_code))
 
@@ -235,7 +235,7 @@ def get_netbackup_policies(jwt, base_url):
 	resp = requests.get(url, headers=headers, verify=False)
 
 	if resp.status_code != 200:
-		raise Exception('List Policies API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('List Policies API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\nList policy succeeded with status code: {}\n".format(resp.status_code))
 	print("\n Json Response body for List policies  : \n{}\n".format(json.loads(resp.content)))
@@ -251,7 +251,7 @@ def get_netbackup_policy(jwt, base_url):
 	resp = requests.get(url, headers=headers, verify=False)
 
 	if resp.status_code != 200:
-		raise Exception('GET Policy API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('GET Policy API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\nGet policy details on {} succeeded with status code: {}\n".format(testVMwarePolicyName, resp.status_code))
 	print("\n The E-tag for the get policy : {}\n".format(resp.headers['ETag']))
@@ -268,7 +268,7 @@ def delete_VMware_netbackup_policy(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE Policy API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE Policy API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\nThe policy is deleted with status code: {}\n".format(resp.status_code))
 
@@ -281,7 +281,7 @@ def delete_Oracle_netbackup_policy(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE Policy API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE Policy API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\nThe policy is deleted with status code: {}\n".format(resp.status_code))
 
@@ -315,7 +315,7 @@ def put_netbackup_policy(jwt, base_url):
 	resp = requests.put(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('PUT Policy API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('PUT Policy API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 	etag = resp.headers['ETag']
 	print("\n{} Updated with status code : {}\n".format(testVMwarePolicyName, resp.status_code))
 
@@ -339,7 +339,7 @@ def put_netbackup_client(jwt, base_url):
 	resp = requests.put(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 201:
-		raise Exception('PUT Client API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('PUT Client API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 	etag = resp.headers['ETag']
 	print("\n{} is added to {} with status code : {}\n".format(testClientName, testVMwarePolicyName, resp.status_code))
 
@@ -353,7 +353,7 @@ def delete_netbackup_client(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE Client API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE Client API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 	etag = resp.headers['ETag']
 	print("\nClient {} is deleted from {} with status code: {}\n".format(testClientName, testVMwarePolicyName, resp.status_code))
 
@@ -367,7 +367,7 @@ def delete_netbackup_schedule(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE schedule API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE schedule API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 	etag = resp.headers['ETag']
 	print("\n {} is deleted from the {} with status code: {}\n".format(testScheduleName, testVMwarePolicyName, resp.status_code))
 
@@ -380,7 +380,7 @@ def delete_netbackup_backupselections(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE Backupselections API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE Backupselections API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\n BackupSelections is deleted for the {}  with status code : {}\n".format(testVMwarePolicyName, resp.status_code))
 
@@ -404,7 +404,7 @@ def put_netbackup_backupselections(jwt, base_url):
 	resp = requests.put(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('PUT Backupselections API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('PUT Backupselections API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 	etag = resp.headers['ETag']
 	print("\n Backupselections added to {} with status code: {}\n".format(testVMwarePolicyName, resp.status_code))
 
@@ -501,6 +501,6 @@ def put_netbackup_schedule(jwt, base_url):
 	resp = requests.put(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 201:
-		raise Exception('PUT Schedule API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('PUT Schedule API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 	etag = resp.headers['ETag']
 	print("\n{} is added to {} with status code : {}\n".format(testScheduleName, testVMwarePolicyName, resp.status_code))

recipes/python/rbac_filtering_in_policy.py

@@ -75,23 +75,40 @@ def read_command_line_arguments():
 
 base_url = protocol + "://" + nbmaster + ":" + str(port) + "/netbackup"
 
+# perform login using user defined user and use the token for subsequent operations
 jwt = policy_api_requests.perform_login(username, password, domainName, domainType, base_url)
 
 rbac_policy_api_requests.post_rbac_object_group_for_VMware_policy(jwt, base_url)
+# -------------------------------------------------------------- #
+#  Create a new rbac user locally using bpnbat to assign object
+#  level permissions to the newly created user and perform
+#  subsequent operations.
+# -------------------------------------------------------------- #
 rbac_policy_api_requests.create_bpnbat_user(new_rbac_user, new_rbac_domain, new_rbac_pass)
+rbac_policy_api_requests.post_rbac_access_rules(jwt, base_url)
+# create_access_rule
 
 policy_api_requests.post_netbackup_VMwarePolicy_defaults(jwt, base_url)
 policy_api_requests.post_netbackup_OraclePolicy_defaults(jwt, base_url)
 
+# list policies should display both oracle and vmware policy for admin user
+policy_api_requests.get_netbackup_policies(jwt, base_url)
+
 new_rbac_jwt = policy_api_requests.perform_login(new_rbac_user, new_rbac_pass, new_rbac_domain, new_rbac_domainType, base_url)
 
+# all policy operations will only be allowed for vmware policyType for the user "testuser" since
+# we added vmware object level permissions to the user
+policy_api_requests.get_netbackup_policies(new_rbac_jwt, base_url)
+
+# delete pre-existing vmware policy and try to recreate with new rbac user
 policy_api_requests.delete_VMware_netbackup_policy(jwt, base_url)
 policy_api_requests.post_netbackup_VMwarePolicy_defaults(new_rbac_jwt, base_url)
+# new "testuser" should not be able to create oracle 
 policy_api_requests.post_netbackup_OraclePolicy_defaults(new_rbac_jwt, base_url)
 
 policy_api_requests.delete_VMware_netbackup_policy(new_rbac_jwt, base_url)
 policy_api_requests.delete_Oracle_netbackup_policy(jwt, base_url)
 
+rbac_policy_api_requests.delete_rbac_access_rule(jwt, base_url)
 rbac_policy_api_requests.delete_rbac_object_group_for_VMware_policy(jwt, base_url)
 
-policy_api_requests.get_netbackup_policies(jwt, base_url)

recipes/python/rbac_policy_api_requests.py

@@ -31,11 +31,53 @@ def post_rbac_object_group_for_VMware_policy(jwt, base_url):
 	resp = requests.post(url, headers=headers, json=req_body, verify=False)
 
 	if resp.status_code != 201:
-		raise Exception('Create object group API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('Create object group API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	object_group_id = resp.json()['data']['id']
 	print("\n The object group is created with status code : {}\n".format(resp.status_code))
 
+def post_rbac_access_rules(jwt, base_url):
+	global access_rule_id
+	url = base_url + "/rbac/access-rules"
+	req_body = {
+					"data": {
+						"type": "access-rule",
+						"attributes": {
+							"description": "adding VMwarePolicy object group"
+						},
+						"relationships": {
+							"userPrincipal": {
+								"data": {
+									"type": "user-principal",
+									"id": "rmnus:testuser:vx:testuser"
+								}
+							},
+							"objectGroup": {
+								"data": {
+									"type": "object-group",
+									"id": object_group_id
+								}
+							},
+							"role": {
+								"data": {
+									"type": "role",
+									"id": "3"
+								}
+							}
+						}
+					}
+				}
+	headers = {'Content-Type': content_type, 'Authorization': jwt}
+	
+	print("\n Making POST Request to create access rule \n")
+	
+	resp = requests.post(url, headers=headers, json=req_body, verify=False)
+	
+	if resp.status_code != 201:
+		print('Create object group API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
+	
+	access_rule_id = resp.json()['data']['id']
+	
 def delete_rbac_object_group_for_VMware_policy(jwt, base_url):
 	url = base_url + "/rbac/object-groups/" + object_group_id
 	headers = {'Content-Type': content_type, 'Authorization': jwt}
@@ -45,7 +87,7 @@ def delete_rbac_object_group_for_VMware_policy(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE object group API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE object group API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\n The object group is deleted with status code: {}\n".format(resp.status_code))
 
@@ -58,7 +100,7 @@ def delete_rbac_access_rule(jwt, base_url):
 	resp = requests.delete(url, headers=headers, verify=False)
 
 	if resp.status_code != 204:
-		raise Exception('DELETE access rule API failed with status code {} and {}'.format(resp.status_code, resp.json()))
+		print('DELETE access rule API failed with status code {} and {}\n'.format(resp.status_code, resp.json()))
 
 	print("\n The access rule is deleted with status code: {}\n".format(resp.status_code))