admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9fb61c78af'
${ noResults }
SH-Deployer/apps/SA-ITOA/bin/rename_capabilities.py

98 lines
3.3 KiB
Raw Blame History

'''
A script gets all the roles and rename the capabilities to the new values as needed.
'''
import os
import sys
import json
import getpass
from splunk.clilib.bundle_paths import make_splunkhome_path
from splunk import rest, auth
sys.path.append(make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib']))
import itsi_path
from itsi.itsi_utils import ItsiSettingsImporter
SPLUNKD_HOST_PATH = 'https://localhost'
SPLUNK_USER = 'admin'
SPLUNK_PASSWORD = ''
session_key = auth.getSessionKey(SPLUNK_USER, SPLUNK_PASSWORD, SPLUNKD_HOST_PATH)
capabilities_map = {
'read-notable_event': 'read_notable_event',
'write-notable_event': 'write_notable_event',
'delete-notable_event': 'delete_notable_event',
'read-notable_event_action': 'read_notable_event_action',
'execute-notable_event_action': 'execute_notable_event_action',
'read-module_interface': 'read_module_interface',
'write-module_interface': 'write_module_interface',
'delete-module_interface': 'delete_module_interface',
'read-maintenance_calendar': 'read_maintenance_calendar',
'write-maintenance_calendar': 'write_maintenance_calendar',
'delete-maintenance_calendar': 'delete_maintenance_calendar',
}
old_capabilities = capabilities_map.keys()
new_capabilities = list(capabilities_map.values())
def verify_capabilities(capabilities):
need_to_save = False
for idx, old_c in enumerate(old_capabilities):
if old_c in capabilities:
index = capabilities.index(old_c)
capabilities[index] = new_capabilities[idx]
need_to_save = True
return capabilities, need_to_save
def save_updated_role(role_name, capabilities):
uri = '/services/authorization/roles/%s' % role_name
postargs = {'capabilities': capabilities}
try:
response, content = rest.simpleRequest(
uri,
method='POST',
sessionKey=session_key,
postargs=postargs,
raiseAllErrors=False)
if response.status != 200:
print('Unable to rename capabilities for role %s' % role_name)
else:
print('Successfully renamed capabilities for role %s' % role_name)
except Exception as e:
print('Unable to rename capabilities for role %s' % role_name)
print(e)
def get_all_roles_and_rename_capabilities():
uri = '/services/authorization/roles'
getargs = {'output_mode': 'json', 'count': 0}
try:
response, content = rest.simpleRequest(
uri,
method='GET',
getargs=getargs,
sessionKey=session_key,
raiseAllErrors=False)
res = json.loads(content)
for role_entry in res.get('entry', []):
role_content = role_entry.get('content', {})
capabilities = role_content.get('capabilities', [])
updated_capabilities, need_to_save = verify_capabilities(capabilities)
if need_to_save:
role_name = role_entry.get('name', '')
print('Found capabilities to rename for role %s' % role_name)
if role_name:
save_updated_role(role_name, updated_capabilities)
except Exception as e:
print(e)
return False
print('Successfully renamed capabilities')
return True
get_all_roles_and_rename_capabilities()
print("Done")
Reference in new issue View Git Blame Copy Permalink