/// <summary> /// Retrieves all the server RBAC roles which are able to complete the api method supplied. If on George or less this will return an empty list. /// </summary> /// <param name="ApiMethodToRoleCheck">RbacMethod to check</param> /// <param name="Connection">server connection to retrieve roles from</param> /// <returns></returns> public static List <Role> ValidRoleList(RbacMethod ApiMethodToRoleCheck, IXenConnection Connection) { List <Role> rolesAbleToCompleteApiCall = new List <Role>(); foreach (Role role in Connection.Cache.Roles) { List <Role> subroles = (List <Role>)Connection.ResolveAll <Role>(role.subroles); if (subroles.Find( delegate(Role r) { return(r.CanPerform(ApiMethodToRoleCheck)); }) != null) { rolesAbleToCompleteApiCall.Add(role); } } // don't do this assert with simulator connections. These will always have no roles. if (!Connection.HostnameWithPort.EndsWith(".xml", StringComparison.InvariantCultureIgnoreCase)) { // No roles able to perform API call is a bug, because Pool Admins should be able to do everything. // Usually caused by a typo, or by running a new action against an old server without checking. System.Diagnostics.Trace.Assert(rolesAbleToCompleteApiCall.Count > 0, String.Format("No roles able to perform API call {0}", ApiMethodToRoleCheck)); } return(rolesAbleToCompleteApiCall); }
/// <summary> /// Can this subrole perform this API call? /// </summary> /// <param name="rbacMethod">The API call which we want to perform</param> /// <returns></returns> private bool CanPerform(RbacMethod rbacMethod) { // Does the method name match? if (name_label == rbacMethod.Method) { return(true); } // Is the call a hash table modification, and if so, does the // more specific name match? if (!String.IsNullOrEmpty(rbacMethod.Key)) { string whole = rbacMethod.ToString(); if (name_label.EndsWith("*")) // e.g. vm.add_to_other_config/key:Foo* { string stripped_name = name_label.TrimEnd('*'); if (whole.StartsWith(stripped_name)) { return(true); } } else // e.g. vm.add_to_other_config/key:Foo { if (name_label == whole) { return(true); } } } return(false); }
public void AddApiCheck(RbacMethod method) { ApiCallsToCheck.Add(method); }