Access control API examples
In this topic: |
These examples are written in Python, but should be simple enough to understand even without an in-depth knowledge of that language.
You can try out the example scripts on the sample project, or on your own project. If you use them on your own project, you need to change the value for project. You may also need to change the value for host from localhost to your own Klocwork Server host.
For additional information on request parameters, you can visit http(s)://<klocwork_server_host>:<klocwork_server_port>/review/api.
To create a new role
The following example allows you to create a new role, which will define what a user can do when accessing Validate or Klocwork Code Review.
import urllib, urllib2, os.path, getpass, sys, socket def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def set_role_permission_parameters(values, name, access_source_files, allowed_status_transitions, assign_role, change_issue_status, change_project_settings, create_build, create_project, create_stream, delete_build, delete_project, delete_stream, manage_modules, manage_roles, manage_users, use_local_configuration, webapi_access, execute_kwxsync): values['name'] = name if create_project is not None: values['create_project'] = create_project if create_stream is not None: values['create_stream'] = create_stream if manage_roles is not None: values['manage_roles'] = manage_roles if manage_users is not None: values['manage_users'] = manage_users if access_source_files is not None: values['access_source_files'] = access_source_files if assign_role is not None: values['assign_role'] = assign_role if change_project_settings is not None: values['change_project_settings'] = change_project_settings if create_build is not None: values['create_build'] = create_build if delete_build is not None: values['delete_build'] = delete_build if delete_project is not None: values['delete_project'] = delete_project if delete_stream is not None: values['delete_stream'] = delete_stream if manage_modules is not None: values['manage_modules'] = manage_modules if use_local_configuration is not None: values['use_local_configuration'] = use_local_configuration if change_issue_status is not None: values['change_issue_status'] = change_issue_status if allowed_status_transitions is not None: values['allowed_status_transitions'] = allowed_status_transitions if webapi_access is not None: values['webapi_access'] = webapi_access if execute_kwxsync is not None: values['execute_kwxsync'] = execute_kwxsync def create_role(url, user, name, create_project=None, create_stream=None, manage_roles=None, manage_users=None, access_source_files=None, assign_role=None, change_project_settings=None, create_build=None, delete_build=None, delete_project=None, delete_stream=None, manage_modules=None, use_local_configuration=None, change_issue_status=None, allowed_status_transitions=None, webapi_access=None, execute_kwxsync=None): values = {'action': 'create_role'} set_role_permission_parameters(values, name, access_source_files, allowed_status_transitions, assign_role, change_issue_status, change_project_settings, create_build, create_project, create_stream, delete_build, delete_project, delete_stream, manage_modules, manage_roles, manage_users, use_local_configuration, webapi_access, execute_kwxsync) values['user'] = user loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) role_name = "myrole" create_project = False create_stream = False manage_roles = True allowed_status_transitions = "Any,Analyze;Analyze,Fix" webapi_access = True execute_kwxsync = True try: create_role(url, user, role_name, create_project=create_project, create_stream=create_stream, manage_roles=manage_roles, allowed_status_transitions=allowed_status_transitions, webapi_access=webapi_access, execute_kwxsync=execute_kwxsync) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Role created!"
To delete a role
The following example allows you to delete a role which was created previously but is no longer required.
import urllib, urllib2, os.path, getpass, sys, socket def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def delete_role(url, user, name): values = {'action': 'delete_role', "name": name} values['user'] = user loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) role_name = "myrole" try: delete_role(url, user, role_name) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Role deleted!"
Print the list of role assignments
The following example shows you how to list role assignments assigned for each user.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() class Assignment(object): def __init__(self, attrs): self.name = attrs['name'] self.project_id = attrs['projectId'] if 'projectId' in attrs else None self.group = attrs['group'] def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.project_id == other.project_id and self.group == other.group def __repr__(self): return '{name:%s, projectId:%s, group:%s}' % (self.name, str(self.project_id), str(self.group)) class RoleAssignment(object): def __init__(self, attrs): self.name = attrs['name'] self.readonly = attrs['readonly'] self.assignments = [] for assign in attrs['assignments']: self.assignments.append(Assignment(assign)) def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.readonly == other.readonly and self.assignments == other.assignments def __repr__(self): return '{name:%s, readonly:%s, assignments:%s}' % (self.name, str(self.readonly), str(self.assignments)) def role_assignments(url, user, search): values = {"action":"role_assignments", "user": user} if search is not None: values["search"] = search loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) role_assignments = [] for role_assignment in response: role_assignments.append(RoleAssignment(json.loads(role_assignment))) return role_assignments host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) search = "myrole" try: response = role_assignments(url, user, search) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print response
Print the list of roles
The following example shows you how to list all roles available for users.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() class Permission(object): def __init__(self, attrs): self.name = attrs['name'] self.enabled = attrs['enabled'] def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.enabled == other.enabled def __repr__(self): return '{name:%s, enabled:%s}' % (self.name, str(self.enabled)) class StatusPermission(object): def __init__(self, attrs): self.fromStatus = attrs['from'] self.toStatus = attrs['to'] def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.fromStatus == other.fromStatus and self.toStatus == other.toStatus def __repr__(self): return '{from:%s, to:%s}' % (self.fromStatus, self.toStatus) class Role(object): def __init__(self, attrs): self.name = attrs['name'] self.readonly = attrs['readonly'] self.permissions = [] for perm in attrs['permissions']: self.permissions.append(Permission(perm)) self.statusPermissions = [] for perm in attrs['statusPermissions']: self.statusPermissions.append(StatusPermission(perm)) def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.readonly == other.readonly and self.permissions == other.permissions and self.statusPermissions == other.statusPermissions def __repr__(self): return '{name:%s, readonly:%s, permissions:%s, statusPermissions:%s}' % ( self.name, str(self.readonly), self.permissions, self.statusPermissions) def roles(url, user, search): values = {"action":"roles", "user": user} if search is not None: values["search"] = search loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) roles = [] for role in response: roles.append(Role(json.loads(role))) return roles host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) search = "myrole" try: response = roles(url, user, search) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print response
Update role assignments
The following example shows you how to update role assignment for a specified user.
import urllib, urllib2, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def update_role_assignment(url, user, name, account, group=None, project=None, remove=None): values = {'action': 'update_role_assignment'} values['name'] = name values['account'] = account if group is not None: values['group'] = group if project is not None: values['project'] = project if remove is not None: values['remove'] = remove values['user'] = user loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) role_name = "myrole" account = "usera" is_group = False project = "my project" remove = False try: update_role_assignment(url, user, role_name, account, is_group, project, remove) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Role assignment updated!"
Update role permissions
The following example shows you how to update permissions associated with a specified role.
import urllib, urllib2, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def set_role_permission_parameters(values, name, access_source_files, allowed_status_transitions, assign_role, change_issue_status, change_project_settings, create_build, create_project, create_stream, delete_build, delete_project, delete_stream, manage_modules, manage_roles, manage_users, use_local_configuration, webapi_access, execute_kwxsync): values['name'] = name if create_project is not None: values['create_project'] = create_project if create_stream is not None: values['create_stream'] = create_stream if manage_roles is not None: values['manage_roles'] = manage_roles if manage_users is not None: values['manage_users'] = manage_users if access_source_files is not None: values['access_source_files'] = access_source_files if assign_role is not None: values['assign_role'] = assign_role if change_project_settings is not None: values['change_project_settings'] = change_project_settings if create_build is not None: values['create_build'] = create_build if delete_build is not None: values['delete_build'] = delete_build if delete_project is not None: values['delete_project'] = delete_project if delete_stream is not None: values['delete_stream'] = delete_stream if manage_modules is not None: values['manage_modules'] = manage_modules if use_local_configuration is not None: values['use_local_configuration'] = use_local_configuration if change_issue_status is not None: values['change_issue_status'] = change_issue_status if allowed_status_transitions is not None: values['allowed_status_transitions'] = allowed_status_transitions if webapi_access is not None: values['webapi_access'] = webapi_acess if execute_kwxsync is not None: values['execute_kwxsync'] = execute_kwxsync def update_role_permissions(url, user, name, create_project=None, create_stream = None, manage_roles=None, manage_users=None, access_source_files=None, assign_role=None, change_project_settings=None, create_build=None, delete_build=None, delete_project=None, delete_stream = None, manage_modules=None, use_local_configuration=None, change_issue_status=None, allowed_status_transitions=None, webapi_access=None, execute_kwxsync): values = {'action': 'update_role_permissions'} set_role_permission_parameters(values, name, access_source_files, allowed_status_transitions, assign_role, change_issue_status, change_project_settings, create_build, create_project, create_stream, delete_build, delete_project, delete_stream, manage_modules, manage_roles, manage_users, use_local_configuration, webapi_access, execute_kwxsync) values['user'] = user loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) role_name = "myrole" create_project = False create_stream = False manage_roles = True allowed_status_transitions = "Any,Analyze;Analyze,Fix" webapi_access = True execute_kwxsync = True try: update_role_permissions(url, user, role_name, create_project=create_project, create_stream=create_stream, manage_roles=manage_roles, allowed_status_transitions=allowed_status_transitions, webapi_access=webapi_access, execute_kwxsync=execute_kwxsync) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Role permissions updated!"
To create a new user
The following example allows you to create a new user, who can access the Klocwork Product Portal.
import urllib, urllib2, os.path, getpass, sys, socket def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def create_user(url, user, name, password=None): values = {'action': 'create_user'} values['name'] = name if password is not None: values['password'] = password values['user'] = user loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) name = "user_a" password = "password" try: create_user(url, user, name, password) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "User created!"
To delete a user
The following example allows you to delete a user which was created previously but is no longer required.
import urllib, urllib2, os.path, getpass, sys, socket def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def delete_user(url, user, name): values = {'action': 'delete_user'} values['name'] = name values['user'] = user loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) name = "user_a" try: delete_user(url, user, name) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "User deleted!"
Print list of users
The following example shows you how to print the list of users.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() class RoleDescr(object): def __init__(self, attrs): self.name = attrs['name'] self.project_id = attrs['projectId'] if 'projectId' in attrs else None if attrs.has_key('group'): self.group = attrs['group'] else: self.group = None def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.project_id == other.project_id and self.group == other.group def __repr__(self): return '{name:%s, projectId:%s, group:%s}' % (self.name, self.project_id, self.group) class GroupDescr(object): def __init__(self, attrs): self.name = attrs['name'] self.readonly = attrs['readonly'] def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.readonly == other.readonly def __repr__(self): return '{name:%s, readonly:%s}' % (self.name, str(self.readonly)) class User(object): def __init__(self, attrs): print attrs self.name = attrs['name'] self.readonly = attrs['readonly'] self.roles = [] for r in attrs['roles']: self.roles.append(RoleDescr(r)) self.groups = [] for g in attrs['groups']: self.groups.append(GroupDescr(g)) self.users = None if attrs.has_key('users'): self.users = attrs['users'] def __hash__(self): return hash(self.__repr__()) def __eq__(self, other): return self.name == other.name and self.readonly == other.readonly and self.roles == other.roles and self.groups == other.groups and self.users == other.users def __repr__(self): return '{name:%s, readonly:%s, roles:%s, groups:%s, users:%s}' % (self.name, str(self.readonly), self.roles, self.groups, self.users) def users(url, user, search, limit): values = {"action":"users", "user": user, "search": search, "limit": limit} loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) users = [] for user in response: users.append(User(json.loads(user))) return users host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) search = "*" limit = 1000 try: response = users(url, user, search, limit) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print response
To create a new group
The following example allows you to create a new group, which you can use to control access for several users at a time.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def create_group(url, user, name, users_text=None): values = {'action': 'create_group'} values['name'] = name if users_text is not None: values['users'] = users_text loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() group = "group_name" users_text = "user_name" url = "http://%s:%d/review/api" % (host, port) try: create_group(url, user, group, users_text) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Group created!"
To delete a group
The following example allows you to delete a group which was created previously but is no longer required.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def delete_group(url, user, name): values = {'action': 'delete_group'} values['name'] = name loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() group = "group_name" url = "http://%s:%d/review/api" % (host, port) try: delete_group(url, user, group) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Group deleted!"
Print the list of groups
The following example shows you how to print the list of groups.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() class Account(object): def __init__(self, attrs): self.name = attrs['name'] self.readonly = attrs['readonly'] self.roles = [] for r in attrs['roles']: self.roles.append(RoleDescr(r)) self.groups = [] for g in attrs['groups']: self.groups.append(GroupDescr(g)) self.users = None if 'users' in attrs: self.users = attrs['users'] def __str__(self): return 'name:%s, readonly:%s, roles:%s, groups:%s, users:%s' % (self.name, str(self.readonly), self.roles, self.groups, self.users) def from_json(json_object): return Account(json_object) def groups(url, user, search=None, limit=None, list_users=None): values = {'action': 'groups'} if search is not None: values['search'] = search if limit is not None: values['limit'] = limit if list_users is not None: values['list_users'] = list_users loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) result = [] for record in response: result.append(json.loads(record, object_hook=from_json)) return result host = "localhost" port = 8080 user = getpass.getuser() url = "http://%s:%d/review/api" % (host, port) try: groups = groups(url, user) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Groups:" for group in groups: print group
Update a group
The following example shows you how to up the list of users in a group.
import urllib, urllib2, json, sys, os.path, getpass def getToken(host, port, user): ltoken = os.path.normpath(os.path.expanduser("~/.klocwork/ltoken")) ltokenFile = open(ltoken, 'r') for r in ltokenFile: rd = r.strip().split(';') if (rd[0] == socket.getfqdn(host) or rd[0] == socket.gethostbyname(socket.gethostname())) and rd[1] == str(port) and rd[2] == user: ltokenFile.close() return rd[3] ltokenFile.close() def update_group(url, user, name, users_text=None, remove_all=None): values = {'action': 'update_group'} values['name'] = name if users_text is not None: values['users'] = users_text if remove_all is not None: values['remove_all'] = remove_all loginToken = getToken(host, port, user) if loginToken is not None: values["ltoken"] = loginToken data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) host = "localhost" port = 8080 user = getpass.getuser() group = "group_name" users_text = "user_name" url = "http://%s:%d/review/api" % (host, port) try: update_group(url, user, group, users_text) except urllib2.HTTPError as e: print "Request failed: " + e.reason + ": " + e.read() else: print "Group updated!"