class Morpheus::Cli::Roles

Public Instance Methods

_get(id, options={}) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 165
def _get(id, options={})
  args = [id] # heh
  params = {}
  account = find_account_from_options(options)
  account_id = account ? account['id'] : nil

  params.merge!(parse_query_options(options))
  params['includeDefaultAccess'] = true if options[:include_default_access]
  @roles_interface.setopts(options)
  if options[:dry_run]
    if args[0].to_s =~ /\A\d{1,}\Z/
      print_dry_run @roles_interface.dry.get(account_id, args[0].to_i)
    else
      print_dry_run @roles_interface.dry.list(account_id, {name: args[0]})
    end
    return
  end

  load_whoami()
  json_response = nil
  role = nil
  if args[0].to_s =~ /\A\d{1,}\Z/
    json_response = @roles_interface.get(account_id, args[0].to_i, params)
    role = json_response['role']
  else
    role = find_role_by_name_or_id(account_id, args[0])
    exit 1 if role.nil?
    # refetch from show action, argh
    json_response = @roles_interface.get(account_id, role['id'], params)
    role = json_response['role']
  end

  render_response(json_response, options, 'role') do

    print cyan
    print_h1 "Role Details", options
    print cyan
    columns = @is_master_account ? role_column_definitions : subtenant_role_column_definitions
    print_description_list(columns, role, options)

    print_h2 "Permissions", options
    print cyan
    permissions = json_response['featurePermissions'] || role['permissions'] || []
    if options[:include_feature_access] || options[:include_all_access]
      rows = permissions.collect do |it|
        {
          code: it['code'],
          name: it['name'],
          category: it['subCategory'].to_s.titleize,
          access: format_access_string(it['access']),
        }
      end
      if options[:sort]
        rows.sort! {|a,b| a[options[:sort]] <=> b[options[:sort]] }
      else
        rows.sort! {|a,b| [a[:category],a[:name],a[:code]] <=> [b[:category],b[:name],b[:code]] }
      end
      if options[:direction] == 'desc'
        rows.reverse!
      end
      if options[:phrase]
        phrase_regexp = /#{Regexp.escape(options[:phrase])}/i
        rows = rows.select {|row| row[:code].to_s =~ phrase_regexp || row[:name].to_s =~ phrase_regexp }
      end
      print as_pretty_table(rows, [:category, :name, :code, :access], options)
      # print reset,"\n"
    else
      print cyan,"Use --feature-access to list feature access","\n"
    end

    has_group_access = true
    has_cloud_access = true
    print_h2 "Default Access", options
    global_access_columns = {
      "Groups" => lambda {|it| get_access_string(it['globalSiteAccess']) },
      "Clouds" => lambda {|it| get_access_string(it['globalZoneAccess']) },
      "Instance Types" => lambda {|it| get_access_string(it['globalInstanceTypeAccess']) },
      "Blueprints" => lambda {|it| get_access_string(it['globalAppTemplateAccess'] || it['globalBlueprintAccess']) },
      "Personas" => lambda {|it| get_access_string(it['globalPersonaAccess']) },
      "Report Types" => lambda {|it| get_access_string(it['globalReportTypeAccess']) },
      "Catalog Item Types" => lambda {|it| get_access_string(it['globalCatalogItemTypeAccess']) },
      "VDI Pools" => lambda {|it| get_access_string(it['globalVdiPoolAccess']) },
      "Workflows" => lambda {|it| get_access_string(it['globalTaskSetAccess']) },
      "Tasks" => lambda {|it| get_access_string(it['globalTaskAccess']) },
    }

    if role['roleType'].to_s.downcase == 'account'
      global_access_columns.delete("Groups")
      has_group_access = false
    else
      global_access_columns.delete("Clouds")
      has_cloud_access = false
    end

    print as_pretty_table([json_response], global_access_columns, options)

    if has_group_access
      #print_h2 "Group Access: #{get_access_string(json_response['globalSiteAccess'])}", options
      print cyan
      print_h2 "Group Access", options
      if options[:include_group_access] || options[:include_all_access]
        rows = json_response['sites'].collect do |it|
          {
            name: it['name'],
            access: format_access_string(it['access'], ["none","read","full"]),
          }
        end
        if !options[:include_default_access]
          rows = rows.select {|row| row[:access] && row[:access] != 'default '}
        end
        print as_pretty_table(rows, [:name, :access], options)
      else
        print cyan,"Use -g, --group-access to list custom access","\n"
      end
    end

    if has_cloud_access
      print cyan
      #puts "Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}"
      #print "\n"
      if json_response['sites'].find{|it| it['access'] && it['access'] != 'default'}
        print_h2 "Cloud Access", options
        if options[:include_cloud_access] || options[:include_all_access]
          rows = json_response['zones'].collect do |it|
            {
              name: it['name'],
              access: format_access_string(it['access'], ["none","read","full"]),
            }
          end
          if !options[:include_default_access]
            rows = rows.select {|row| row[:access] && row[:access] != 'default '}
          end
          print as_pretty_table(rows, [:name, :access], options)
        else
          print cyan,"Use -c, --cloud-access to list custom access","\n"
        end
        # print reset,"\n"
      else
        # print "\n"
        # print cyan,bold,"Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}",reset,"\n"
      end
    end

    print cyan
    # puts "Instance Type Access: #{get_access_string(json_response['globalInstanceTypeAccess'])}"
    # print "\n"
    instance_type_global_access = json_response['globalInstanceTypeAccess']
    instance_type_permissions = role['instanceTypes'] ? role['instanceTypes'] : (json_response['instanceTypePermissions'] || [])

    # if have any custom, then we want to show the flag indicator
    # if including, show

    if options[:include_instance_type_access] || options[:include_all_access]
      print_h2 "Instance Type Access", options
      rows = instance_type_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","read","full"]),
        }
      end
      if !options[:include_default_access]
        rows = rows.select {|row| row[:access] && row[:access] != 'default '}
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif instance_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Instance Type Access", options
      print cyan,"Use -i, --instance-type-access to list custom access","\n"
    end

    blueprint_global_access = json_response['globalAppTemplateAccess'] || json_response['globalBlueprintAccess']
    blueprint_permissions = (role['appTemplates'] || role['blueprints']) ? (role['appTemplates'] || role['blueprints']) : (json_response['appTemplatePermissions'] || json_response['blueprintPermissions'] || [])
    print cyan
    if options[:include_blueprint_access] || options[:include_all_access]
      print_h2 "Blueprint Access", options
      rows = blueprint_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","read","full"]),
        }
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif blueprint_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Blueprint Access", options
      print cyan,"Use -b, --blueprint-access to list custom access","\n"
    end

    catalog_item_type_global_access = json_response['globalCatalogItemTypeAccess']
    catalog_item_type_permissions = role['catalogItemTypes'] ? role['catalogItemTypes'] : (json_response['catalogItemTypePermissions'] || [])
    print cyan
    if options[:include_catalog_item_type_access] || options[:include_all_access]
      print_h2 "Catalog Item Type Access", options
      rows = catalog_item_type_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","read","full"]),
        }
      end
      if !options[:include_default_access]
        rows = rows.select {|row| row[:access] && row[:access] != 'default '}
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif catalog_item_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Catalog Item Type Access", options
      print cyan,"Use --catalog-item-type-access to list access","\n"
    end

    persona_global_access = json_response['globalPersonaAccess']
    persona_permissions = role['personas'] ? role['personas'] : (json_response['personaPermissions'] || [])
    print cyan
    if options[:include_persona_access] || options[:include_all_access]
      print_h2 "Persona Access", options
      rows = persona_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","full"]),
        }
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif persona_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Persona Access", options
      print cyan,"Use --persona-access to list access","\n"
    end

    vdi_pool_global_access = json_response['globalVdiPoolAccess']
    vdi_pool_permissions = role['vdiPools'] ? role['vdiPools'] : (json_response['vdiPoolPermissions'] || [])
    print cyan
    if options[:include_vdi_pool_access] || options[:include_all_access]
      print_h2 "VDI Pool Access", options
      rows = vdi_pool_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","full"]),
        }
      end
      if !options[:include_default_access]
        rows = rows.select {|row| row[:access] && row[:access] != 'default '}
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif vdi_pool_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "VDI Pool Access", options
      print cyan,"Use --vdi-pool-access to list custom access","\n"
    end

    report_type_global_access = json_response['globalReportTypeAccess']
    report_type_permissions = role['reportTypes'] ? role['reportTypes'] : (json_response['reportTypePermissions'] || [])
    print cyan
    if options[:include_report_type_access] || options[:include_all_access]
      print_h2 "Report Type Access", options
      rows = report_type_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","full"]),
        }
      end
      if !options[:include_default_access]
        rows = rows.select {|row| row[:access] && row[:access] != 'default '}
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif report_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Report Type Access", options
      print cyan,"Use --report-type-access to list custom access","\n"
    end

    task_global_access = json_response['globalTaskAccess']
    task_permissions = role['tasks'] ? role['tasks'] : (json_response['taskPermissions'] || [])
    print cyan
    if options[:include_task_access] || options[:include_all_access]
      print_h2 "Task Access", options
      rows = task_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","full"]),
        }
      end
      if !options[:include_default_access]
        rows = rows.select {|row| row[:access] && row[:access] != 'default '}
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif task_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Task Access", options
      print cyan,"Use --task-access to list custom access","\n"
    end

    workflow_global_access = json_response['globalTaskSetAccess']
    workflow_permissions = role['taskSets'] ? role['taskSets'] : (json_response['taskSetPermissions'] || [])
    print cyan
    if options[:include_workflow_access] || options[:include_all_access]
      print_h2 "Workflow", options
      rows = workflow_permissions.collect do |it|
        {
          name: it['name'],
          access: format_access_string(it['access'], ["none","full"]),
        }
      end
      if !options[:include_default_access]
        rows = rows.select {|row| row[:access] && row[:access] != 'default '}
      end
      print as_pretty_table(rows, [:name, :access], options)
    elsif workflow_permissions.find {|it| it['access'] && it['access'] != 'default'}
      print_h2 "Workflow", options
      print cyan,"Use --workflow-access to list custom access","\n"
    end
    print reset,"\n"
    return 0, nil
  end
end
add(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 581
  def add(args)
    options = {}
    params = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[name] [options]")
      build_option_type_options(opts, options, add_role_option_types)
      build_role_access_options(opts, options, params)
      opts.on('--owner ID', String, "Set the owner/tenant/account for the role by account id. Only master tenants with full permission for Tenant and Role may use this option." ) do |val|
        params['owner'] = val
      end
      opts.on(nil, '--include-default-access', "Include default access levels in the response (returns all available resources)") do
        options[:include_default_access] = true
      end
      build_standard_add_options(opts, options)
      opts.footer = <<-EOT
Create a new role.
[name] is required. This is a unique name (authority) for the new role.
All the role permissions and access values can be configured.
Use --feature-access "CODE=ACCESS,CODE=ACCESS" to update access levels for specific feature permissions identified by code. 
Use --default-instance-type-access custom --instance-types "CODE=ACCESS,CODE=ACCESS" to customize instance type access.
Only the specified permissions,instance types, etc. are updated.
Use --reset-feature-access to set access to "none" for all unspecified feature permissions.
Use --reset-all-access to set access to "none" for all unspecified feature permissions and default access values for groups, instance types, etc.
EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, max:1)
    if args[0]
      options[:options]['authority'] = args[0]
    end
    connect(options)
    begin

      load_whoami()
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil

      passed_options = options[:options] ? options[:options].reject {|k,v| k.is_a?(Symbol) } : {}
      payload = nil
      if options[:payload]
        payload = options[:payload]
        payload.deep_merge!({'role' => passed_options}) unless passed_options.empty?
      else
        # merge -O options into normally parsed options
        params.deep_merge!(passed_options)

        # argh, some options depend on others here...eg. multitenant is only available when roleType == 'user'
        #prompt_option_types = update_role_option_types()

        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'authority', 'fieldLabel' => 'Name', 'type' => 'text', 'required' => true, 'displayOrder' => 1}], options[:options])
        params['authority'] = v_prompt['authority']
        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text', 'displayOrder' => 2}], options[:options])
        params['description'] = v_prompt['description']
        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'landingUrl', 'fieldLabel' => 'landingUrl', 'type' => 'text', 'displayOrder' => 3, 'description' => 'An optional override for the default landing page after login for a user.'}], options[:options])
        params['landingUrl'] = v_prompt['landingUrl']

        if params['owner']
          if @is_master_account && has_complete_access
            params['owner'] = params['owner']
          else
            print_red_alert "You do not have the necessary authority to use owner option"
            return
          end
        elsif @is_master_account && has_complete_access
          v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'owner', 'fieldLabel' => 'Owner', 'type' => 'select', 'selectOptions' => role_owner_options, 'defaultValue' => current_account['id'], 'displayOrder' => 3}], options[:options])
          params['owner'] = v_prompt['owner']
        else
          params['owner'] = current_account['id']
        end  

        if @is_master_account && params['owner'] == current_account['id']
          v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'roleType', 'fieldLabel' => 'Type', 'type' => 'select', 'selectOptions' => role_type_options, 'defaultValue' => 'user', 'displayOrder' => 4}], options[:options])
          params['roleType'] = v_prompt['roleType']
        else
          params['roleType'] = 'user'
        end

        if options[:cloud_permissions] && params['roleType'] == 'user'
          raise_command_error "The --clouds option is only available for user roles, not account roles"
        end
        if options[:group_permissions] && params['roleType'] == 'account'
          raise_command_error "The --groups option is only available for account roles, not user roles"
        end

        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'baseRole', 'fieldLabel' => 'Copy From Role', 'type' => 'select', 'selectOptions' => base_role_options(params), 'displayOrder' => 5}], options[:options])
        if v_prompt['baseRole'].to_s != ''
          base_role = find_role_by_name_or_id(account_id, v_prompt['baseRole'])
          exit 1 if base_role.nil?
          params['baseRoleId'] = base_role['id']
        end

        if @is_master_account && params['owner'] == current_account['id']
          if params['roleType'] == 'user'
            v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'multitenant', 'fieldLabel' => 'Multitenant', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'A Multitenant role is automatically copied into all existing subaccounts as well as placed into a subaccount when created. Useful for providing a set of predefined roles a Customer can use', 'displayOrder' => 5}], options[:options])
            params['multitenant'] = ['on','true'].include?(v_prompt['multitenant'].to_s)
            if params['multitenant']
              v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'multitenantLocked', 'fieldLabel' => 'Multitenant Locked', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'Prevents subtenants from branching off this role/modifying it.'}], options[:options])
              params['multitenantLocked'] = ['on','true'].include?(v_prompt['multitenantLocked'].to_s)
            end
          end
        end

        # v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'optionSource' => 'personas', 'description' => 'Default Persona'}], options[:options], @api_client)
        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'selectOptions' => get_persona_select_options(), 'description' => 'Default Persona'}], options[:options], @api_client)
        params['defaultPersona'] = {'code' => v_prompt['defaultPersona']} unless v_prompt['defaultPersona'].to_s.strip.empty?

        # bulk role permissions
        parse_role_access_options(options, params)
        payload = {"role" => params}
      end
      query_params = parse_query_options(options)
      query_params['includeDefaultAccess'] = true if options[:include_default_access]
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.create(account_id, payload, query_params)
        return
      end
      json_response = @roles_interface.create(account_id, payload, query_params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
        return
      end

      role = json_response['role']
      display_name = role['authority'] rescue ''
      if account
        print_green_success "Added role #{display_name} to account #{account['name']}"
      else
        print_green_success "Added role #{display_name}"
      end

      get_args = [role['id']] + (options[:remote] ? ["-r",options[:remote]] : [])
      if account
        get_args.push "--account-id", account['id'].to_s
      end

      details_options = [params["authority"]]
      if account
        details_options.push "--account-id", account['id'].to_s
      end

      if params['owner']
        details_options.push "--account-id", params['owner'].to_s
      end
      get(details_options)

    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
connect(opts) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 27
def connect(opts)
  @api_client = establish_remote_appliance_connection(opts)
  @whoami_interface = @api_client.whoami
  @account_users_interface = @api_client.account_users
  @accounts_interface = @api_client.accounts
  @roles_interface = @api_client.roles
  @groups_interface = @api_client.groups
  @options_interface = @api_client.options
  @instances_interface = @api_client.instances
  @instance_types_interface = @api_client.instance_types
  @blueprints_interface = @api_client.blueprints
  @active_group_id = Morpheus::Cli::Groups.active_groups[@appliance_name]
end
get(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 94
  def get(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role]")
      opts.on('-p','--permissions', "Display Permissions [deprecated]") do |val|
        options[:include_feature_access] = true
      end
      opts.add_hidden_option('-p,')
      opts.on('-f','--feature-access', "Display Feature Access") do |val|
        options[:include_feature_access] = true
      end
      opts.on('-g','--group-access', "Display Group Access") do
        options[:include_group_access] = true
      end
      opts.on('-c','--cloud-access', "Display Cloud Access") do
        options[:include_cloud_access] = true
      end
      opts.on('-i','--instance-type-access', "Display Instance Type Access") do
        options[:include_instance_type_access] = true
      end
      opts.on('-b','--blueprint-access', "Display Blueprint Access") do
        options[:include_blueprint_access] = true
      end
      opts.on(nil,'--catalog-item-type-access', "Display Catalog Item Type Access") do
        options[:include_catalog_item_type_access] = true
      end
      opts.on(nil,'--personas', "Display Persona Access") do
        options[:include_persona_access] = true
      end
      opts.add_hidden_option('--personas')
      opts.on(nil,'--persona-access', "Display Persona Access") do
        options[:include_persona_access] = true
      end
      opts.on(nil,'--vdi-pool-access', "Display VDI Pool Access") do
        options[:include_vdi_pool_access] = true
      end
      opts.on(nil,'--report-type-access', "Display Report Type Access") do
        options[:include_report_type_access] = true
      end
      opts.on(nil,'--workflow-access', "Display Workflow Access") do
        options[:include_workflow_access] = true
      end
      opts.on(nil,'--task-access', "Display Task Access") do
        options[:include_task_access] = true
      end
      opts.on('-a','--all', "Display All Access Lists") do
        options[:include_all_access] = true
      end
      opts.on(nil, '--include-default-access', "Include default access levels in the output (returns all available resources)") do
        options[:include_default_access] = true
      end
      opts.on('--account-id ID', String, "Clarify Owner of Role") do |val|
        if has_complete_access
          options[:account_id] = val.to_s
        end
      end
      build_standard_get_options(opts, options)
      opts.footer = <<-EOT
Get details about a role.
[role] is required. This is the name (authority) or id of a role.
EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, min:1)
    connect(options)
    id_list = parse_id_list(args)
    return run_command_for_each_arg(id_list) do |arg|
      _get(arg, options)
    end
  end
handle(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 41
def handle(args)
  handle_subcommand(args)
end
list(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 45
def list(args)
  options = {}
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[search phrase]")
    opts.on( '--tenant TENANT', "Tenant Filter for list of Roles." ) do |val|
      options[:tenant] = val
    end
    build_standard_list_options(opts, options)
    opts.footer = "List roles."
  end
  optparse.parse!(args)
  # verify_args!(args:args, optparse:optparse, count:0)
  options[:phrase] = args.join(" ") if args.count > 0
  connect(options)

  account = find_account_from_options(options)
  account_id = account ? account['id'] : nil
  params = {}
  params.merge!(parse_list_options(options))
  @roles_interface.setopts(options)
  if options[:dry_run]
    print_dry_run @roles_interface.dry.list(account_id, params), options
    return 0, nil
  end
  load_whoami()
  if options[:tenant]
    params[:tenant] = options[:tenant]
  end
  json_response = @roles_interface.list(account_id, params)

  render_response(json_response, options, "roles") do
    roles = json_response['roles']
    title = "Morpheus Roles"
    subtitles = []
    subtitles += parse_list_subtitles(options)
    print_h1 title, subtitles, options
    if roles.empty?
      print cyan,"No roles found.",reset,"\n"
    else
      print cyan
      columns = @is_master_account ? role_column_definitions : subtenant_role_column_definitions
      print as_pretty_table(roles, columns.upcase_keys!, options)
      print_results_pagination(json_response)
    end
    print reset,"\n"
  end
  return 0, nil
end
list_permissions(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 472
def list_permissions(args)
  options = {}
  available_categories = ['feature', 'group', 'cloud', 'instance-type', 'blueprint', 'report-type', 'persona', 'catalog-item-type', 'vdi-pool', 'workflow', 'task']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [category]")
    build_common_options(opts, options, [:list, :json, :yaml, :csv, :fields, :dry_run, :remote])
    opts.footer = "List the access for a role.\n" +
      "[role] is required. This is the name or id of a role.\n" +
      "[category] is optional. Available categories: #{ored_list(available_categories)}"
  end

  optparse.parse!(args)
  verify_args!(args:args, optparse:optparse, min: 1, max:2)
  connect(options)

  category = args[1].to_s.downcase if args[1]

  if !category.nil? && !available_categories.include?(category)
    raise_command_error("invalid category: #{category}", args, optparse)
  end

  account = find_account_from_options(options)
  account_id = account ? account['id'] : nil

  @roles_interface.setopts(options)
  if options[:dry_run]
    if args[0].to_s =~ /\A\d{1,}\Z/
      print_dry_run @roles_interface.dry.get(account_id, args[0].to_i)
    else
      print_dry_run @roles_interface.dry.list(account_id, {name: args[0]})
    end
    return
  end

  if args[0].to_s =~ /\A\d{1,}\Z/
    role = @roles_interface.get(account_id, args[0].to_i)
  else
    role = find_role_by_name_or_id(account_id, args[0])
    exit 1 if role.nil?
    role = @roles_interface.get(account_id, role['id'])
  end

  available_categories.reject! {|category| category == 'cloud'} if role['role']['roleType'] == 'user'
  available_categories.reject! {|category| category == 'group'} if role['role']['roleType'] == 'account'

  permission_name = -> (s) {
    return 'sites' if s == 'group'
    return 'zones' if s == 'cloud'
    s = 'task-set' if s == 'workflow'
    s = 'app-template' if s == 'blueprint'
    s.split('-').map.with_index{|s,i| i == 0 ? s : s.capitalize}.join + 'Permissions'
  }
  permission_label = -> (s) {s.split('-').collect{|s| s.capitalize}.join(' ') + ' Permissions'}

  if category.nil?
    permissions = available_categories.reject{|category| role[permission_name.call(category)].nil?}.collect{|category|
      role[permission_name.call(category)].map{|perm| perm.merge({'category' => permission_label.call(category)})}
    }.flatten
  else
    permissions = role[permission_name.call(category)]
  end

  if options[:json]
    puts as_json(permissions, options)
    return 0
  elsif options[:yaml]
    puts as_yaml(permissions, options)
    return 0
  elsif options[:csv]
    puts records_as_csv(permissions, :include_fields => ['category', 'id', 'code', 'name', 'access', 'sub category'])
    return 0
  end

  print cyan
  print_h1 "Role: [#{role['role']['id']}#{(role['role']['owner'].nil? ? ']' : ", #{role['role']['owner']['name']}]")} #{role['role']['authority']}", options

  (category.nil? ? available_categories : [category]).each do |category|
    permissions = role[permission_name.call(category)]
    next if permissions.nil?
    print_h2 "#{permission_label.call(category)}", options
    if permissions.size > 0
      rows = permissions.collect do |it|
        {
          code: it['code'],
          name: it['name'],
          category: it['subCategory'].to_s.titleize,
          access: format_access_string(it['access']),
        }
      end
      if options[:sort]
        rows.sort! {|a,b| a[options[:sort]] <=> b[options[:sort]] }
      else
        rows.sort! {|a,b| [a[:category],a[:name],a[:code]] <=> [b[:category],b[:name],b[:code]] }
      end
      if options[:direction] == 'desc'
        rows.reverse!
      end
      if options[:phrase]
        phrase_regexp = /#{Regexp.escape(options[:phrase])}/i
        rows = rows.select {|row| row[:code].to_s =~ phrase_regexp || row[:name].to_s =~ phrase_regexp }
      end
      print as_pretty_table(rows, [:category, :name, :code, :access], options)
    else
      puts "No permissions found"
    end
  end
  print reset,"\n"
end
remove(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 830
  def remove(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role]")
      build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :remote])
      opts.footer = <<-EOT
Delete a role.
[role] is required. This is the name (authority) or id of a role.
EOT
    end
    optparse.parse!(args)
    if args.count < 1
      puts optparse
      exit 1
    end
    name = args[0]
    connect(options)
    begin

      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil

      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?
      unless options[:yes] || Morpheus::Cli::OptionTypes.confirm("Are you sure you want to delete the role #{role['authority']}?")
        exit
      end
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.destroy(account_id, role['id'])
        return
      end
      json_response = @roles_interface.destroy(account_id, role['id'])
      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} removed"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 735
  def update(args)
    options = {}
    params = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [options]")
      build_option_type_options(opts, options, update_role_option_types)
      build_role_access_options(opts, options, params)
      opts.on(nil, '--include-default-access', "Include default access levels in the output (returns all available resources)") do
        options[:include_default_access] = true
      end
      build_standard_update_options(opts, options)
      opts.footer = <<-EOT
Update a role.
[role] is required. This is the name (authority) or id of a role.
All the role permissions and access values can be configured.
Use --feature-access "CODE=ACCESS,CODE=ACCESS" to update access levels for specific feature permissions identified by code. 
Use --default-instance-type-access custom --instance-types "CODE=ACCESS,CODE=ACCESS" to customize instance type access.
Only the specified permissions,instance types, etc. are updated.
Use --reset-feature-access to set access to "none" for all unspecified feature permissions.
Use --reset-all-access to set access to "none" for all unspecified feature permissions and global access values for groups, instance types, etc.
EOT
    end
    optparse.parse!(args)

    verify_args!(args:args, optparse:optparse, count:1)
    
    name = args[0]
    connect(options)
    begin

      load_whoami()

      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil

      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      passed_options = options[:options] ? options[:options].reject {|k,v| k.is_a?(Symbol) } : {}
      payload = nil
      if options[:payload]
        payload = options[:payload]
        payload.deep_merge!({'role' => passed_options}) unless passed_options.empty?
      else
        # merge -O options into normally parsed options
        params.deep_merge!(passed_options)
        prompt_option_types = update_role_option_types()
        if !@is_master_account
          prompt_option_types = prompt_option_types.reject {|it| ['roleType', 'multitenant','multitenantLocked'].include?(it['fieldName']) }
        end
        if role['roleType'] != 'user'
          prompt_option_types = prompt_option_types.reject {|it| ['multitenant','multitenantLocked'].include?(it['fieldName']) }
        end
        #params = Morpheus::Cli::OptionTypes.prompt(prompt_option_types, options[:options], @api_client, options[:params])
        if options[:cloud_permissions] && role['roleType'] == 'user'
          raise_command_error "The --clouds option is only available for user roles, not account roles"
        end
        if options[:group_permissions] && role['roleType'] == 'account'
          raise_command_error "The --groups option is only available for account roles, not user roles"
        end
        # bulk role permissions
        parse_role_access_options(options, params)

        if params.empty?
          raise_command_error "Specify at least one option to update.\n#{optparse}"
        end
        payload = {"role" => params}
      end
      query_params = parse_query_options(options)
      query_params['includeDefaultAccess'] = true if options[:include_default_access]
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update(account_id, role['id'], payload, query_params)
        return
      end
      json_response = @roles_interface.update(account_id, role['id'], payload, query_params)
      render_response(json_response, options, "role") do
        role = json_response['role']
        display_name = role['authority'] rescue ''
        print_green_success "Updated role #{display_name}"

        get_args = [role['id']] + (options[:remote] ? ["-r",options[:remote]] : [])
        if account
          get_args.push "--account-id", account['id'].to_s
        end
        get(get_args)
      end
      return 0, nil

    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_blueprint_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1455
def update_blueprint_access(args)
  options = {}
  blueprint_id = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [blueprint] [access]")
    opts.on( '--blueprint ID', String, "Blueprint ID or Name" ) do |val|
      blueprint_id = val
    end
    opts.on( nil, '--all', "Update all blueprints at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a blueprint or all blueprints.\n" +
                  "[role] is required. This is the name or id of a role.\n" + 
                  "--blueprint or --all is required. This is the name or id of a blueprint.\n" + 
                  "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  # usage: update-blueprint-access [role] [access] --all
  #        update-blueprint-access [role] [blueprint] [access]
  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    blueprint_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !blueprint_id && !do_all
    raise_command_error("missing required argument: [blueprint] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    blueprint_global_access = role_json['globalAppTemplateAccess'] || role_json['globalBlueprintAccess']
    blueprint_permissions = role_json['appTemplatePermissions'] || role_json['blueprintPermissions'] || []

    # hacky, but support name or code lookup via the list returned in the show payload
    blueprint = nil
    if !do_all
      if blueprint_id.to_s =~ /\A\d{1,}\Z/
        blueprint = blueprint_permissions.find {|b| b['id'] == blueprint_id.to_i }
      else
        blueprint = blueprint_permissions.find {|b| b['name'] == blueprint_id || b['code'] == blueprint_id }
      end
      if blueprint.nil?
        print_red_alert "Blueprint not found: '#{blueprint_id}'"
        return 1
      end
    end

    params = {}
    if do_all
      params['allAppTemplates'] = true
      #params['allBlueprints'] = true
    else
      params['appTemplateId'] = blueprint['id']
      # params['blueprintId'] = blueprint['id']
    end
    params['access'] = access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_blueprint(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_blueprint(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all blueprints"
      else
        print_green_success "Role #{role['authority']} access updated for blueprint #{blueprint['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_catalog_item_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1617
def update_catalog_item_type_access(args)
  options = {}
  catalog_item_type_id = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [catalog-item-type] [access]")
    opts.on( '--catalog-item-type ID', String, "Catalog Item Type ID or Name" ) do |val|
      catalog_item_type_id = val
    end
    opts.on( nil, '--all', "Update all catalog item types at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a catalog item type or all types.\n" +
                  "[role] is required. This is the name or id of a role.\n" + 
                  "--catalog-item-type or --all is required. This is the name or id of a catalog item type.\n" + 
                  "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  # usage: update-catalog_item_type-access [role] [access] --all
  #        update-catalog_item_type-access [role] [catalog-item-type] [access]
  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    catalog_item_type_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !catalog_item_type_id && !do_all
    raise_command_error("missing required argument: [catalog-item-type] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    catalog_item_type_global_access = role_json['globalCatalogItemTypeAccess']
    catalog_item_type_permissions = role_json['catalogItemTypePermissions'] || role_json['catalogItemTypes'] []

    # hacky, but support name or code lookup via the list returned in the show payload
    catalog_item_type = nil
    if !do_all
      if catalog_item_type_id.to_s =~ /\A\d{1,}\Z/
        catalog_item_type = catalog_item_type_permissions.find {|b| b['id'] == catalog_item_type_id.to_i }
      else
        catalog_item_type = catalog_item_type_permissions.find {|b| b['name'] == catalog_item_type_id }
      end
      if catalog_item_type.nil?
        print_red_alert "Catalog Item Type not found: '#{catalog_item_type_id}'"
        return 1
      end
    end

    params = {}
    if do_all
      params['allCatalogItemTypes'] = true
    else
      params['catalogItemTypeId'] = catalog_item_type['id']
    end
    params['access'] = access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_catalog_item_type(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_catalog_item_type(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all catalog item types"
      else
        print_green_success "Role #{role['authority']} access updated for catalog item type #{catalog_item_type['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_cloud_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1155
  def update_cloud_access(args)
    options = {}
    cloud_id = nil
    access_value = nil
    do_all = false
    allowed_access_values = ['full', 'read', 'none', 'default']
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role]")
      opts.on( '-c', '--cloud CLOUD', "Cloud name or id" ) do |val|
        cloud_id = val
      end
      opts.on( nil, '--all', "Update all clouds at once." ) do
        do_all = true
      end
      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
        access_value = val
      end
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update role access for a cloud or all clouds.
[role] is required. This is the name or id of a role.
--cloud or --all is required. This is the name or id of a cloud.
--access is required. This is the new access value: #{ored_list(allowed_access_values)}
EOT
    end
    optparse.parse!(args)

    # usage: update-cloud-access [role] [access] --all
    #        update-cloud-access [role] [cloud] [access]
    name = args[0]
    if do_all
      verify_args!(args:args, optparse:optparse, min:1, max:2)
      access_value = args[1] if args[1]
    else
      verify_args!(args:args, optparse:optparse, min:1, max:3)
      cloud_id = args[1] if args[1]
      access_value = args[2] if args[2]
    end
    if !cloud_id && !do_all
      raise_command_error("missing required argument: [cloud] or --all", args, optparse)
    end
    if !access_value
      raise_command_error("missing required argument: [access]", args, optparse)
    end
    access_value = access_value.to_s.downcase
    if !allowed_access_values.include?(access_value)
      raise_command_error("invalid access value: #{access_value}", args, optparse)
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})

      cloud = nil
      if !do_all
        cloud = find_cloud_by_name_or_id_for_provisioning(nil, cloud_id)
        return 1 if cloud.nil?
        cloud_id = cloud['id']
      end
      params = {}
      if do_all
        params['allClouds'] = true
      else
        params['cloudId'] = cloud_id
      end
      params['access'] = access_value
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_cloud(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_cloud(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        if do_all
          print_green_success "Role #{role['authority']} access updated for all clouds"
        else
          print_green_success "Role #{role['authority']} access updated for cloud #{cloud['name']}"
        end
      end
      return 0
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_blueprint_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1403
  def update_default_blueprint_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
            opts.footer = <<-EOT
Update default blueprint access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full or none.
EOT
    end
    optparse.parse!(args)

    if args.count < 2
      puts optparse
      exit 1
    end
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      puts optparse
      exit 1
    end


    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: 'AppTemplate', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default blueprint access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_catalog_item_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1565
  def update_default_catalog_item_type_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
            opts.footer = <<-EOT
Update default catalog item type access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full or none.
EOT
    end
    optparse.parse!(args)

    if args.count < 2
      puts optparse
      exit 1
    end
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      puts optparse
      exit 1
    end


    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: 'CatalogItemType', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default catalog item type access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_cloud_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1103
  def update_default_cloud_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update default cloud access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full, read or none.
Only applicable to Tenant roles.
EOT
    end
    optparse.parse!(args)

    if args.count < 2
      puts optparse
      exit 1
    end
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'read', 'none', 'custom'].include?(access_value)
      puts optparse
      exit 1
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: 'ComputeZone', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default cloud access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_group_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 950
  def update_default_group_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update default group access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full, read, or none.
Only applicable to User roles.
EOT
    end
    optparse.parse!(args)

    if args.count < 2
      puts optparse
      exit 1
    end
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'read', 'none', 'custom'].include?(access_value)
      puts optparse
      exit 1
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: 'ComputeSite', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default group access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_instance_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1255
  def update_default_instance_type_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
            opts.footer = <<-EOT
Update default instance type access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full or none.
EOT
    end
    optparse.parse!(args)

    if args.count < 2
      puts optparse
      exit 1
    end
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      puts optparse
      exit 1
    end


    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: 'InstanceType', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default instance type access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_persona_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1720
  def update_default_persona_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update default persona access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full or none.
      EOT
    end
    optparse.parse!(args)

    if args.count < 2
      puts optparse
      exit 1
    end
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      puts optparse
      exit 1
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: 'Persona', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default persona access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_report_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2022
  def update_default_report_type_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update default report type access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full or none.
EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, count: 2)
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      raise_command_error("invalid access value: #{args[1]}", args, optparse)
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?
      # note: ReportTypes being plural is odd, the others are singular
      params = {permissionCode: 'ReportTypes', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default report type access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_task_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2178
  def update_default_task_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update default task access for a role.
[role] is required. This is the id of a role.
[access] is required. This is the access level to assign: full or none.
      EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, count: 2)
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      raise_command_error("invalid access value: #{args[1]}", args, optparse)
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?
      # note: ReportTypes being plural is odd, the others are singular
      params = {permissionCode: 'Task', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default task access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_vdi_pool_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1867
  def update_default_vdi_pool_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
            opts.footer = <<-EOT
Update default VDI pool access for a role.
[role] is required. This is the name (authority) or id of a role.
[access] is required. This is the access level to assign: full or none.
EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, count: 2)
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      raise_command_error("invalid access value: #{args[1]}", args, optparse)
    end


    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?
      # note: VdiPools being plural is odd, the others are singular
      params = {permissionCode: 'VdiPools', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default vdi pool access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_default_workflow_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2331
  def update_default_workflow_access(args)
    options = {}
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [access]")
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update default workflow access for a role.
[role] is required. This is the id of a role.
[access] is required. This is the access level to assign: full or none.
      EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, count: 2)
    name = args[0]
    access_value = args[1].to_s.downcase
    if !['full', 'none', 'custom'].include?(access_value)
      raise_command_error("invalid access value: #{args[1]}", args, optparse)
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?
      params = {permissionCode: 'TaskSet', access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} default workflow access updated"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_feature_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 875
  def update_feature_access(args)
    options = {}
    allowed_access_values = ["full", "full_decrypted", "group", "listfiles", "managerules", "no", "none", "provision", "read", "rolemappings", "user", "view", "yes"]
    permission_code = nil
    access_value = nil
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [permission] [access]")
      opts.on( '-p', '--permission CODE', "Permission code or name" ) do |val|
        permission_code = val
      end
      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}] (varies per permission)" ) do |val|
        access_value = val
      end
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update role access for a permission.
[role] is required. This is the name (authority) or id of a role.
[permission] is required. This is the code or name of a permission.
[access] is required. This is the new access value: #{ored_list(allowed_access_values)}
EOT
    end
    optparse.parse!(args)
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    name = args[0]
    permission_code = args[1] if args[1]
    access_value = args[2].to_s.downcase if args[2]

    if !permission_code
      raise_command_error("missing required argument: [permission]", args, optparse)
    end
    if !access_value
      raise_command_error("missing required argument: [access]", args, optparse)
    end
    # access_value = access_value.to_s.downcase
    # if !allowed_access_values.include?(access_value)
    #   raise_command_error("invalid access value: #{access_value}", args, optparse)
    # end
    # need to load the permission and then split accessTypes, so just allows all for now, server validates...
    # if !['full_decrypted','full', 'read', 'custom', 'none'].include?(access_value)
    #   puts optparse
    #   exit 1
    # end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      exit 1 if role.nil?

      params = {permissionCode: permission_code, access: access_value}
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_permission(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        print_green_success "Role #{role['authority']} permission #{permission_code} set to #{access_value}"
      end
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_global_blueprint_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1398
def update_global_blueprint_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_blueprint_access(args)
end
update_global_catalog_item_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1560
def update_global_catalog_item_type_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_catalog_item_type_access(args)
end
update_global_cloud_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1098
def update_global_cloud_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_cloud_access(args)
end
update_global_group_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 945
def update_global_group_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_group_access(args)
end
update_global_instance_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1250
def update_global_instance_type_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_instance_type_access(args)
end
update_global_report_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2017
def update_global_report_type_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_report_type_access(args)
end
update_global_task_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2173
def update_global_task_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_task_access(args)
end
update_global_vdi_pool_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1862
def update_global_vdi_pool_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_vdi_pool_access(args)
end
update_global_workflow_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2326
def update_global_workflow_access(args)
  puts "#{yellow}DEPRECATED#{reset}"
  update_default_workflow_access(args)
end
update_group_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1002
  def update_group_access(args)
    options = {}
    name = nil
    group_id = nil
    access_value = nil
    do_all = false
    allowed_access_values = ['full', 'read', 'none', 'default']
    optparse = Morpheus::Cli::OptionParser.new do |opts|
      opts.banner = subcommand_usage("[role] [group] [access]")
      opts.on( '-g', '--group GROUP', "Group name or id" ) do |val|
        group_id = val
      end
      opts.on( nil, '--all', "Update all groups at once." ) do
        do_all = true
      end
      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
        access_value = val
      end
      build_common_options(opts, options, [:json, :dry_run, :remote])
      opts.footer = <<-EOT
Update role access for a group or all groups.
[role] is required. This is the name or id of a role.
--group or --all is required. This is the name or id of a group.
--access is required. This is the new access value: #{ored_list(allowed_access_values)}
EOT
      
    end
    optparse.parse!(args)

    # usage: update-group-access [role] [access] --all
    #        update-group-access [role] [group] [access]
    name = args[0]
    if do_all
      verify_args!(args:args, optparse:optparse, min:1, max:2)
      access_value = args[1] if args[1]
    else
      verify_args!(args:args, optparse:optparse, min:1, max:3)
      group_id = args[1] if args[1]
      access_value = args[2] if args[2]
    end
    if !group_id && !do_all
      raise_command_error("missing required argument: [group] or --all", args, optparse)
    end
    if !access_value
      raise_command_error("missing required argument: [access]", args, optparse)
    end
    access_value = access_value.to_s.downcase
    if !allowed_access_values.include?(access_value)
      raise_command_error("invalid access value: #{access_value}", args, optparse)
    end

    connect(options)
    begin
      account = find_account_from_options(options)
      account_id = account ? account['id'] : nil
      role = find_role_by_name_or_id(account_id, name)
      return 1 if role.nil?

      group = nil
      if !do_all
        group = find_group_by_name_or_id_for_provisioning(group_id)
        return 1 if group.nil?
        group_id = group['id']
      end

      params = {}
      if do_all
        params['allGroups'] = true
      else
        params['groupId'] = group_id
      end
      params['access'] = access_value
      @roles_interface.setopts(options)
      if options[:dry_run]
        print_dry_run @roles_interface.dry.update_group(account_id, role['id'], params)
        return
      end
      json_response = @roles_interface.update_group(account_id, role['id'], params)

      if options[:json]
        print JSON.pretty_generate(json_response)
        print "\n"
      else
        if do_all
          print_green_success "Role #{role['authority']} access updated for all groups"
        else
          print_green_success "Role #{role['authority']} access updated for group #{group['name']}"
        end
      end
      return 0
    rescue RestClient::Exception => e
      print_rest_exception(e, options)
      exit 1
    end
  end
update_instance_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1307
def update_instance_type_access(args)
  options = {}
  instance_type_name = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [type] [access]")
    opts.on( '--instance-type INSTANCE_TYPE', String, "Instance Type name" ) do |val|
      instance_type_name = val
    end
    opts.on( nil, '--all', "Update all instance types at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for an instance type or all instance types.\n" +
                  "[role] is required. This is the name or id of a role.\n" + 
                  "--instance-type or --all is required. This is the name of an instance type.\n" + 
                  "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  if args.count < 1
    puts optparse
    return 1
  end
  name = args[0]
  # support old usage: [role] [instance-type] [access]
  instance_type_name ||= args[1]
  access_value ||= args[2]

  if (!instance_type_name && !do_all) || !access_value
    puts optparse
    return 1
  end
  
  access_value = access_value.to_s.downcase

  if !['full', 'none'].include?(access_value)
    puts optparse
    return 1
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    instance_type = nil
    if !do_all
      instance_type = find_instance_type_by_name(instance_type_name)
      return 1 if instance_type.nil?
    end

    params = {}
    if do_all
      params['allInstanceTypes'] = true
    else
      params['instanceTypeId'] = instance_type['id']
    end
    params['access'] = access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_instance_type(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_instance_type(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all instance types"
      else
        print_green_success "Role #{role['authority']} access updated for instance type #{instance_type['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_persona_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1771
def update_persona_access(args)
  options = {}
  persona_id = nil
  name = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [persona] [access]")
    opts.on( '--persona CODE', String, "Persona Code" ) do |val|
      persona_id = val
    end
    opts.on( nil, '--all', "Update all personas at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a persona or all personas.\n" +
                  "[role] is required. This is the name or id of a role.\n" + 
                  "--persona or --all is required. This is the code of a persona. Service Catalog, Standard, or Virtual Desktop\n" + 
                  "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  # usage: update-persona-access [role] [access] --all
  #        update-persona-access [role] [persona] [access]
  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    persona_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !persona_id && !do_all
    raise_command_error("missing required argument: [persona] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    
    # no lookup right now, pass the code serviceCatalog|standard
    persona_code = persona_id

    params = {}
    if do_all
      params['allPersonas'] = true
    else
      params['personaCode'] = persona_code
    end
    params['access'] = access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_persona(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_persona(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all personas"
      else
        print_green_success "Role #{role['authority']} access updated for persona #{persona_code}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_report_type_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2068
def update_report_type_access(args)
  options = {}
  report_type_id = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [report-type] [access]")
    opts.on( '--report-type ID', String, "Report Type ID or Name" ) do |val|
      report_type_id = val
    end
    opts.on( nil, '--all', "Update all report types at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a report type or all report types.\n" +
                  "[role] is required. This is the name or id of a role.\n" + 
                  "--report-type or --all is required. This is the name or id of a report type.\n" + 
                  "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  # usage: update-report-type-access [role] [access] --all
  #        update-report-type-access [role] [report-type] [access]
  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    report_type_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !report_type_id && !do_all
    raise_command_error("missing required argument: [report-type] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
    puts optparse
    return 1
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    report_type_global_access = role_json['globalReportTypeAccess']
    report_type_permissions = role_json['reportTypePermissions'] || role_json['reportTypes'] || []

    # hacky, but support name or code lookup via the list returned in the show payload
    report_type = nil
    if !do_all
      if report_type_id.to_s =~ /\A\d{1,}\Z/
        report_type = report_type_permissions.find {|b| b['id'] == report_type_id.to_i }
      else
        report_type = report_type_permissions.find {|b| b['name'] == report_type_id }
      end
      if report_type.nil?
        print_red_alert "Report Type not found: '#{report_type_id}'"
        return 1
      end
    end

    params = {}
    if do_all
      params['allReportTypes'] = true
    else
      params['reportTypeId'] = report_type['id']
    end
    params['access'] = access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_report_type(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_report_type(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all report types"
      else
        print_green_success "Role #{role['authority']} access updated for report type #{report_type['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_task_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2224
def update_task_access(args)
  options = {}
  task_id = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [task] [access]")
    opts.on( '--task ID', String, "Task ID, code or name" ) do |val|
      report_type_id = val
    end
    opts.on( nil, '--all', "Update all tasks at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a task or all tasks.\n" +
      "[role] is required. This is the name, code or id of a task.\n" +
      "--task or --all is required. This is the name, code or id of a task.\n" +
      "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    task_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !task_id && !do_all
    raise_command_error("missing required argument: [task] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
    puts optparse
    return 1
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    task_permissions = role_json['taskPermissions'] || role_json['tasks'] || []

    # hacky, but support name or code lookup via the list returned in the show payload
    task = nil
    if !do_all
      if task_id.to_s =~ /\A\d{1,}\Z/
        task = task_permissions.find {|b| b['id'] == task_id.to_i }
      else
        task = task_permissions.find {|b| b['name'] == task_id || b['code'] == task_id }
      end
      if task.nil?
        print_red_alert "Task not found: '#{task_id}'"
        return 1
      end
    end

    params = {}
    if do_all
      params['allTasks'] = true
    else
      params['taskId'] = task['id']
    end
    params['access'] = access_value == 'default' ? nil : access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_task(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_task(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all tasks"
      else
        print_green_success "Role #{role['authority']} access updated for task #{task['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_vdi_pool_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 1914
def update_vdi_pool_access(args)
  options = {}
  vdi_pool_id = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [vdi-pool] [access]")
    opts.on( '--vdi-pool ID', String, "VDI Pool ID or Name" ) do |val|
      vdi_pool_id = val
    end
    opts.on( nil, '--all', "Update all VDI pools at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a VDI pool or all VDI pools.\n" +
                  "[role] is required. This is the name or id of a role.\n" + 
                  "--vdi-pool or --all is required. This is the name or id of a VDI pool.\n" + 
                  "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    vdi_pool_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !vdi_pool_id && !do_all
    raise_command_error("missing required argument: [vdi-pool] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
    puts optparse
    return 1
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    vdi_pool_global_access = role_json['globalVdiPoolAccess']
    vdi_pool_permissions = role_json['vdiPoolPermissions'] || role_json['vdiPools'] || []

    # hacky, but support name or code lookup via the list returned in the show payload
    vdi_pool = nil
    if !do_all
      if vdi_pool_id.to_s =~ /\A\d{1,}\Z/
        vdi_pool = vdi_pool_permissions.find {|b| b['id'] == vdi_pool_id.to_i }
      else
        vdi_pool = vdi_pool_permissions.find {|b| b['name'] == vdi_pool_id }
      end
      if vdi_pool.nil?
        print_red_alert "VDI Pool not found: '#{vdi_pool_id}'"
        return 1
      end
    end

    params = {}
    if do_all
      params['allVdiPools'] = true
    else
      params['vdiPoolId'] = vdi_pool['id']
    end
    params['access'] = access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_vdi_pool(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_vdi_pool(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all VDI pools"
      else
        print_green_success "Role #{role['authority']} access updated for VDI pool #{vdi_pool['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end
update_workflow_access(args) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2376
def update_workflow_access(args)
  options = {}
  workflow_id = nil
  access_value = nil
  do_all = false
  allowed_access_values = ['full', 'none', 'default']
  optparse = Morpheus::Cli::OptionParser.new do |opts|
    opts.banner = subcommand_usage("[role] [workflow] [access]")
    opts.on( '--workflow ID', String, "Workflow ID, code or Name" ) do |val|
      workflow_id = val
    end
    opts.on( nil, '--all', "Update all workflows at once." ) do
      do_all = true
    end
    opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
      access_value = val
    end
    build_common_options(opts, options, [:json, :dry_run, :remote])
    opts.footer = "Update role access for a workflow or all workflows.\n" +
      "[role] is required. This is the name or id of a role.\n" +
      "--workflow or --all is required. This is the name, code or id of a workflow.\n" +
      "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
  end
  optparse.parse!(args)

  name = args[0]
  if do_all
    verify_args!(args:args, optparse:optparse, min:1, max:2)
    access_value = args[1] if args[1]
  else
    verify_args!(args:args, optparse:optparse, min:1, max:3)
    workflow_id = args[1] if args[1]
    access_value = args[2] if args[2]
  end
  if !workflow_id && !do_all
    raise_command_error("missing required argument: [workflow] or --all", args, optparse)
  end
  if !access_value
    raise_command_error("missing required argument: [access]", args, optparse)
  end
  access_value = access_value.to_s.downcase
  if !allowed_access_values.include?(access_value)
    raise_command_error("invalid access value: #{access_value}", args, optparse)
    puts optparse
    return 1
  end

  connect(options)
  begin
    account = find_account_from_options(options)
    account_id = account ? account['id'] : nil
    role = find_role_by_name_or_id(account_id, name)
    return 1 if role.nil?

    role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
    workflow_permissions = role_json['taskSetPermissions'] || role_json['taskSets'] || []

    # hacky, but support name or code lookup via the list returned in the show payload
    workflow = nil
    if !do_all
      if workflow_id.to_s =~ /\A\d{1,}\Z/
        workflow = workflow_permissions.find {|b| b['id'] == workflow_id.to_i }
      else
        workflow = workflow_permissions.find {|b| b['name'] == workflow_id }
      end
      if workflow.nil?
        print_red_alert "Workflow not found: '#{workflow_id}'"
        return 1
      end
    end

    params = {}
    if do_all
      params['allTaskSets'] = true
    else
      params['taskSetId'] = workflow['id']
    end
    params['access'] = access_value == 'default' ? nil : access_value
    @roles_interface.setopts(options)
    if options[:dry_run]
      print_dry_run @roles_interface.dry.update_task_set(account_id, role['id'], params)
      return
    end
    json_response = @roles_interface.update_task_set(account_id, role['id'], params)

    if options[:json]
      print JSON.pretty_generate(json_response)
      print "\n"
    else
      if do_all
        print_green_success "Role #{role['authority']} access updated for all workflows"
      else
        print_green_success "Role #{role['authority']} access updated for workflow #{workflow['name']}"
      end
    end
    return 0
  rescue RestClient::Exception => e
    print_rest_exception(e, options)
    exit 1
  end
end

Private Instance Methods

add_role_option_types() click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2480
def add_role_option_types
  [
    {'fieldName' => 'authority', 'fieldLabel' => 'Name', 'type' => 'text', 'required' => true},
    {'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text'},
    {'fieldName' => 'landingUrl', 'fieldLabel' => 'Landing URL', 'type' => 'text', 'description' => 'An optional override for the default landing page after login for a user.'},
    {'fieldName' => 'roleType', 'fieldLabel' => 'Role Type', 'type' => 'select', 'selectOptions' => [{'name' => 'User Role', 'value' => 'user'}, {'name' => 'Account Role', 'value' => 'account'}], 'defaultValue' => 'user'},
    {'fieldName' => 'baseRole', 'fieldLabel' => 'Copy From Role', 'type' => 'text'},
    {'fieldName' => 'multitenant', 'fieldLabel' => 'Multitenant', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'A Multitenant role is automatically copied into all existing subaccounts as well as placed into a subaccount when created. Useful for providing a set of predefined roles a Customer can use'},
    {'fieldName' => 'multitenantLocked', 'fieldLabel' => 'Multitenant Locked', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'Prevents subtenants from branching off this role/modifying it.'},
    {'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'selectOptions' => get_persona_select_options(), 'description' => 'Default Persona'}
  ]
end
base_role_options(role_payload) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2513
def base_role_options(role_payload)
  params = {"tenantId" => role_payload['owner'], "userId" => current_user['id'], "roleType" => role_payload['roleType'] }
  @options_interface.options_for_source("copyFromRole", params)['data']
end
build_role_access_options(opts, options, params) click to toggle source

role permission access options shared by add and update

# File lib/morpheus/cli/commands/roles.rb, line 2551
def build_role_access_options(opts, options, params)
  opts.on('--permissions CODE=ACCESS', String, "Set feature permission access by permission code. Example: dashboard=read,operations-wiki=full" ) do |val|
    options[:permissions] ||= {}
    parse_access_csv(options[:permissions], val)
  end
  opts.add_hidden_option('--permissions')
  opts.on('--feature-access CODE=ACCESS', String, "Set feature permission access by permission code. Example: dashboard=read,operations-wiki=full" ) do |val|
    options[:permissions] ||= {}
    parse_access_csv(options[:permissions], val)
  end
  opts.on('--global-group-access ACCESS', String, "Update the global group (site) access: [none|read|full]" ) do |val|
    params['globalSiteAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-group-access')
  opts.on('--default-group-access ACCESS', String, "Update the default group (site) access: [none|read|full]" ) do |val|
    params['globalSiteAccess'] = val.to_s.downcase
  end
  opts.on('--groups ID=ACCESS', String, "Set group (site) to a custom access by group id. Example: 1=none,2=full,3=read" ) do |val|
    options[:group_permissions] ||= {}
    parse_access_csv(options[:group_permissions], val)
  end
  opts.on('--global-cloud-access ACCESS', String, "Update the global cloud (zone) access: [none|read|full]" ) do  |val|
    params['globalZoneAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-cloud-access')
  opts.on('--default-cloud-access ACCESS', String, "Update the default cloud (zone) access: [none|read|full]" ) do  |val|
    params['globalZoneAccess'] = val.to_s.downcase
  end
  opts.on('--clouds ID=ACCESS', String, "Set cloud (zone) to a custom access by cloud id. Example: 1=none,2=full,3=read" ) do |val|
    options[:cloud_permissions] ||= {}
    parse_access_csv(options[:cloud_permissions], val)
  end
  opts.on('--global-instance-type-access ACCESS', String, "Update the global instance type access: [none|full]" ) do  |val|
    params['globalInstanceTypeAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-instance-type-access')
  opts.on('--default-instance-type-access ACCESS', String, "Update the default instance type access: [none|full]" ) do  |val|
    params['globalInstanceTypeAccess'] = val.to_s.downcase
  end
  opts.on('--instance-types CODE=ACCESS', String, "Set instance type to a custom access instance type code. Example: nginx=full,apache=none" ) do |val|
    options[:instance_type_permissions] ||= {}
    parse_access_csv(options[:instance_type_permissions], val)
  end
  opts.on('--global-blueprint-access ACCESS', String, "Update the global blueprint access: [none|full]" ) do  |val|
    params['globalAppTemplateAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-blueprint-access')
  opts.on('--default-blueprint-access ACCESS', String, "Update the default blueprint access: [none|full]" ) do  |val|
    params['globalAppTemplateAccess'] = val.to_s.downcase
  end
  opts.on('--blueprints ID=ACCESS', String, "Set blueprint to a custom access by blueprint id. Example: 1=full,2=none" ) do |val|
    options[:blueprint_permissions] ||= {}
    parse_access_csv(options[:blueprint_permissions], val)
  end
  opts.on('--global-catalog-item-type-access ACCESS', String, "Update the global catalog item type access: [none|full]" ) do  |val|
    params['globalCatalogItemTypeAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-catalog-item-type-access')
  opts.on('--default-catalog-item-type-access ACCESS', String, "Update the default catalog item type access: [none|full]" ) do  |val|
    params['globalCatalogItemTypeAccess'] = val.to_s.downcase
  end
  opts.on('--catalog-item-types CODE=ACCESS', String, "Set catalog item type to a custom access by catalog item type id. Example: 1=full,2=none" ) do |val|
    options[:catalog_item_type_permissions] ||= {}
    parse_access_csv(options[:catalog_item_type_permissions], val)
  end
  opts.on('--default-persona-access ACCESS', String, "Update the default persona access: [none|full]" ) do  |val|
    params['globalPersonaAccess'] = val.to_s.downcase
  end
  opts.on('--personas CODE=ACCESS', String, "Set persona to a custom access by persona code. Example: standard=full,serviceCatalog=full,vdi=full" ) do |val|
    options[:persona_permissions] ||= {}
    parse_access_csv(options[:persona_permissions], val)
  end
  opts.on('--global-vdi-pool-access ACCESS', String, "Update the global VDI pool access: [none|full]" ) do  |val|
    params['globalVdiPoolAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-vdi-pool-access')
  opts.on('--default-vdi-pool-access ACCESS', String, "Update the default VDI pool access: [none|full]" ) do  |val|
    params['globalVdiPoolAccess'] = val.to_s.downcase
  end
  opts.on('--vdi-pools ID=ACCESS', String, "Set VDI pool to a custom access by VDI pool id. Example: 1=full,2=none" ) do |val|
    options[:vdi_pool_permissions] ||= {}
    parse_access_csv(options[:vdi_pool_permissions], val)
  end
  opts.on('--global-report-type-access ACCESS', String, "Update the global report type access: [none|full]" ) do  |val|
    params['globalReportTypeAccess'] = val.to_s.downcase
  end
  opts.on('--default-report-type-access ACCESS', String, "Update the default report type access: [none|full]" ) do  |val|
    params['globalReportTypeAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--default-report-type-access')
  opts.on('--report-types CODE=ACCESS', String, "Set report type to a custom access by report type code. Example: appCost=none,guidance=full" ) do |val|
    options[:report_type_permissions] ||= {}
    parse_access_csv(options[:report_type_permissions], val)
  end
  opts.on('--global-task-access ACCESS', String, "Set the global task access: [none|full]" ) do  |val|
    params['globalTaskAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-task-access')
  opts.on('--default-task-access ACCESS', String, "Set the default task access: [none|full]" ) do  |val|
    params['globalTaskAccess'] = val.to_s.downcase
  end
  opts.on('--tasks ID=ACCESS', String, "Set task to a custom access by task id. Example: 1=none,2=full" ) do |val|
    options[:task_permissions] ||= {}
    parse_access_csv(options[:task_permissions], val)
  end
  opts.on('--global-workflow-access ACCESS', String, "Set the default workflow access: [none|full]" ) do  |val|
    params['globalTaskSetAccess'] = val.to_s.downcase
  end
  opts.add_hidden_option('--global-workflow-access')
  opts.on('--default-workflow-access ACCESS', String, "Set the default workflow access: [none|full]" ) do  |val|
    params['globalTaskSetAccess'] = val.to_s.downcase
  end
  opts.on('--workflows ID=ACCESS', String, "Set workflow to a custom access by workflow id. Example: 1=none,2=full" ) do |val|
    options[:workflow_permissions] ||= {}
    parse_access_csv(options[:workflow_permissions], val)
  end
  opts.on('--reset-permissions', "Reset all feature permission access to none. This can be used in conjunction with --permissions to recreate the feature permission access for the role." ) do
    options[:reset_permissions] = true
  end
  opts.add_hidden_option('--reset-permissions')
  opts.on('--reset-feature-access', "Reset all feature permission access to none. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
    options[:reset_permissions] = true
  end
  opts.on('--reset-all-access', "Reset all access to none including permissions, global groups, instance types, etc. This can be used in conjunction with --feature-access to recreate the feature permission access for the role." ) do
    options[:reset_all_access] = true
  end
end
get_persona_select_options() click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2501
def get_persona_select_options
  [
    {'name'=>'Service Catalog','value'=>'serviceCatalog'},
    {'name'=>'Standard','value'=>'standard'},
    {'name'=>'Virtual Desktop','value'=>'vdi'}
  ]
end
has_complete_access() click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2518
def has_complete_access
  has_access = false
  if @is_master_account
    admin_accounts = @user_permissions.select { |it| it['code'] == 'admin-accounts' && it['access'] == 'full'}
    admin_roles = @user_permissions.select { |it| it['code'] == 'admin-roles' && it['access'] == 'full' }
    if admin_accounts != nil && admin_roles != nil
      has_access = true
    end
  end
  has_access 
end
parse_access_csv(output, val) click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2530
def parse_access_csv(output, val)
  output ||= {}
  val.split(",").each do |value_pair|
    # split on '=' only because ':' is included in the permission name
    k,v = value_pair.include?("=") ? value_pair.strip.split("=") : [value_pair, ""]
    next if k.to_s.empty?
    k = k.to_s.strip
    v = v.to_s.strip
    if k.empty?
      # ignore blank values, extra comma maybe?
      next
    end
    if v == ""
      raise_command_error "permission '#{k}=#{v}' is invalid. The access value is required eg. [default|none|read|full]"
    end
    output[k] = v
  end
  return output
end
parse_role_access_options(options, params) click to toggle source

parse bulk permissions payload

# File lib/morpheus/cli/commands/roles.rb, line 2680
def parse_role_access_options(options, params)
  if options[:permissions]
    perms_array = []
    options[:permissions].each do |k,v|
      perm_code = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      perms_array << {"code" => perm_code, "access" => access_value}
    end
    params['permissions'] = perms_array
  end
  if options[:group_permissions]
    perms_array = []
    options[:group_permissions].each do |k,v|
      site_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if site_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => site_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => site_id, "access" => access_value}
      end
    end
    params['sites'] = perms_array
  end
  if options[:cloud_permissions]
    perms_array = []
    options[:cloud_permissions].each do |k,v|
      zone_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if zone_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => zone_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => zone_id, "access" => access_value}
      end
    end
    params['zones'] = perms_array
  end
  if options[:instance_type_permissions]
    perms_array = []
    options[:instance_type_permissions].each do |k,v|
      instance_type_code = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if instance_type_code =~ /\A\d{1,}\Z/
        perms_array << {"id" => instance_type_code.to_i, "access" => access_value}
      else
        perms_array << {"code" => instance_type_code, "access" => access_value}
      end
    end
    params['instanceTypes'] = perms_array
  end
  if options[:blueprint_permissions]
    perms_array = []
    options[:blueprint_permissions].each do |k,v|
      blueprint_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if blueprint_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => blueprint_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => blueprint_id, "access" => access_value}
      end
    end
    params['appTemplates'] = perms_array
  end
  if options[:catalog_item_type_permissions]
    perms_array = []
    options[:catalog_item_type_permissions].each do |k,v|
      catalog_item_type_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if catalog_item_type_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => catalog_item_type_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => catalog_item_type_id, "access" => access_value}
      end
    end
    params['catalogItemTypes'] = perms_array

  end
  if options[:persona_permissions]
    perms_array = []
    options[:persona_permissions].each do |k,v|
      persona_code = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      perms_array << {"code" => persona_code, "access" => access_value}
    end
    params['personas'] = perms_array
  end
  if options[:vdi_pool_permissions]
    perms_array = []
    options[:vdi_pool_permissions].each do |k,v|
      vdi_pool_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if vdi_pool_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => vdi_pool_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => vdi_pool_id, "access" => access_value}
      end
    end
    params['vdiPools'] = perms_array
  end
  if options[:report_type_permissions]
    perms_array = []
    options[:report_type_permissions].each do |k,v|
      report_type_code = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if report_type_code =~ /\A\d{1,}\Z/
        perms_array << {"id" => report_type_code.to_i, "access" => access_value}
      else
        perms_array << {"code" => report_type_code, "access" => access_value}
      end
    end
    params['reportTypes'] = perms_array
  end
  if options[:task_permissions]
    perms_array = []
    options[:task_permissions].each do |k,v|
      task_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if task_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => task_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => task_id, "access" => access_value}
      end
    end
    params['tasks'] = perms_array
  end
  if options[:workflow_permissions]
    perms_array = []
    options[:workflow_permissions].each do |k,v|
      workflow_id = k
      access_value = v.to_s.empty? ? "none" : v.to_s
      if workflow_id =~ /\A\d{1,}\Z/
        perms_array << {"id" => workflow_id.to_i, "access" => access_value}
      else
        perms_array << {"name" => workflow_id, "access" => access_value}
      end
    end
    params['taskSets'] = perms_array
  end
  if options[:reset_permissions]
    params["resetPermissions"] = true
  end
  if options[:reset_all_access]
    params["resetAllAccess"] = true
  end
end
role_owner_options() click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2509
def role_owner_options
  @options_interface.options_for_source("tenants", {})['data']
end
role_type_options() click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2497
def role_type_options
  [{'name' => 'User Role', 'value' => 'user'}, {'name' => 'Account Role', 'value' => 'account'}]
end
update_role_option_types() click to toggle source
# File lib/morpheus/cli/commands/roles.rb, line 2493
def update_role_option_types
  add_role_option_types.reject {|it| ['roleType', 'baseRole'].include?(it['fieldName']) }
end