role handling (#351)

lechnerc77 · web-flow · commit 7091072be5e5 · 2022-12-06T16:13:35.000+01:00
diff --git a/libs/python/btp_cli.py b/libs/python/btp_cli.py
@@ -15,7 +15,7 @@
 import time
 import requests
 import json
-from libs.python.helperRolesAndUsers import assignUsersToEnvironments, assignUsersToGlobalAndSubaccount, getSubaccountAdmins, assignUsersToRoleCollectionsForServices, assignUsersToCustomRoleCollections
+from libs.python.helperRolesAndUsers import assignUsersToEnvironments, assignUsersToGlobalAndSubaccount, assignUsersToRoleCollectionsForServices, assignUsersToCustomRoleCollections
 
 from libs.python.helperServices import BTPSERVICE, BTPSERVICEEncoder, getServiceParameterDefinition, readAllServicesFromUsecaseFile
 from libs.python.helperLog import initLogger
@@ -319,7 +319,10 @@ def create_subaccount(self):
             log.success("using subaccount name >" + subaccount + "<")
             log.success("using subaccount domain >" + subdomain + "<")
 
-            subaccountadmins = getSubaccountAdmins(self)
+            # We add the owner of the execution as subaccount admin
+            # The remaining list of subaccount admins is added via user groups and role collections
+            subaccountadmins = '["' + self.myemail + '"]'
+
             globalAccount = self.globalaccount
 
             log.header("Create sub account >" + subaccount +
diff --git a/libs/python/helperRolesAndUsers.py b/libs/python/helperRolesAndUsers.py
@@ -1,9 +1,5 @@
 from libs.python.helperCommandExecution import runCommandAndGetJsonResult, runShellCommandFlex, runShellCommand
-# from libs.python.helperGeneric import save_collected_metadata
 from libs.python.helperJson import getJsonFromFile
-# import re
-# import os
-# import sys
 import logging
 
 log = logging.getLogger(__name__)
@@ -26,54 +22,10 @@ def getMembersForRolecollection(btpUsecase, rolecollection):
     return users
 
 
-def getMembersForRolecollectionTypeAndLevel(btpUsecase, type, level):
-    rolecollections = btpUsecase.definedRoleCollections
-
-    checkType = type is not None
-    checkLevel = level is not None
-
-    users = []
-    users.append(btpUsecase.myemail)
-    if rolecollections:
-        for rolecollection in rolecollections:
-            thisType = rolecollection.get("type")
-            thisLevel = rolecollection.get("level")
-            addMembers = False
-            if checkLevel is True and thisLevel == level:
-                addMembers = True
-            if checkType is True and thisType == type:
-                addMembers = True
-            if checkType is False and checkLevel is False:
-                addMembers = True
-            if addMembers is True:
-                members = getMembersForRolecollection(
-                    btpUsecase, rolecollection)
-                for member in members:
-                    users.append(member)
-        users = list(dict.fromkeys(users))
-    return users
-
-
-def getSubaccountAdmins(btpUsecase):
-    result = "["
-
-    users = getMembersForRolecollectionTypeAndLevel(
-        btpUsecase, "account", None)
-    if users:
-        for user in users:
-            if user == users[-1]:
-                result += '"' + user + '"]'
-            else:
-                result += '"' + user + '" , '
-    else:
-        result = "[]"
-
-    return result
-
-
 def getRoleCollectionsOfServices(btpUsecase):
     # Use case file can be remote, so we need to provide authentication information
-    usecase = getJsonFromFile(btpUsecase.usecasefile, btpUsecase.externalConfigAuthMethod, btpUsecase.externalConfigUserName, btpUsecase.externalConfigPassword, btpUsecase.externalConfigToken)
+    usecase = getJsonFromFile(btpUsecase.usecasefile, btpUsecase.externalConfigAuthMethod,
+                              btpUsecase.externalConfigUserName, btpUsecase.externalConfigPassword, btpUsecase.externalConfigToken)
     items = []
     if usecase.get("services") is not None:
         for service in usecase.get("services"):
@@ -148,15 +100,6 @@ def assignUsergroupsToRoleCollection(btpUsecase, rolecollection):
             "Checkout the default parameters file and the other released use cases to understand how to do it.")
 
 
-def getSelfDefinedRoleCollections(btpUsecase):
-    items = []
-    if btpUsecase.definedRoleCollections:
-        for rolecollection in btpUsecase.definedRoleCollections:
-            items.append(rolecollection)
-
-    return items
-
-
 def getRoleCollectionsOfTypeAndLevel(btpUsecase, type, level):
     rolecollections = btpUsecase.definedRoleCollections
     checkType = type is not None
@@ -384,4 +327,4 @@ def determineIdpForRoleCollection(btpUsecase, rolecollection):
         # A role collection specific IdP is configured - overrules the default IdP
         idp = rolecollection.get("idp")
 
-    return idp
+    return idp
