1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
|
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------
# Generated file, DO NOT EDIT
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------------------------
from msrest import Serializer, Deserializer
from ...client import Client
from . import models
class SecurityClient(Client):
"""Security
:param str base_url: Service URL
:param Authentication creds: Authenticated credentials.
"""
def __init__(self, base_url=None, creds=None):
super(SecurityClient, self).__init__(base_url, creds)
client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
self._serialize = Serializer(client_models)
self._deserialize = Deserializer(client_models)
resource_area_identifier = None
def remove_access_control_entries(self, security_namespace_id, token=None, descriptors=None):
"""RemoveAccessControlEntries.
Remove the specified ACEs from the ACL belonging to the specified token.
:param str security_namespace_id: Security namespace identifier.
:param str token: The token whose ACL should be modified.
:param str descriptors: String containing a list of identity descriptors separated by ',' whose entries should be removed.
:rtype: bool
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
query_parameters = {}
if token is not None:
query_parameters['token'] = self._serialize.query('token', token, 'str')
if descriptors is not None:
query_parameters['descriptors'] = self._serialize.query('descriptors', descriptors, 'str')
response = self._send(http_method='DELETE',
location_id='ac08c8ff-4323-4b08-af90-bcd018d380ce',
version='5.0',
route_values=route_values,
query_parameters=query_parameters)
return self._deserialize('bool', response)
def set_access_control_entries(self, container, security_namespace_id):
"""SetAccessControlEntries.
Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of [ACEs](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20entries/set%20access%20control%20entries?#accesscontrolentry) and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.
:param :class:`<object> <azure.devops.v5_0.security.models.object>` container:
:param str security_namespace_id: Security namespace identifier.
:rtype: [AccessControlEntry]
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
content = self._serialize.body(container, 'object')
response = self._send(http_method='POST',
location_id='ac08c8ff-4323-4b08-af90-bcd018d380ce',
version='5.0',
route_values=route_values,
content=content)
return self._deserialize('[AccessControlEntry]', self._unwrap_collection(response))
def query_access_control_lists(self, security_namespace_id, token=None, descriptors=None, include_extended_info=None, recurse=None):
"""QueryAccessControlLists.
Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.
:param str security_namespace_id: Security namespace identifier.
:param str token: Security token
:param str descriptors: An optional filter string containing a list of identity descriptors separated by ',' whose ACEs should be retrieved. If this is left null, entire ACLs will be returned.
:param bool include_extended_info: If true, populate the extended information properties for the access control entries contained in the returned lists.
:param bool recurse: If true and this is a hierarchical namespace, return child ACLs of the specified token.
:rtype: [AccessControlList]
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
query_parameters = {}
if token is not None:
query_parameters['token'] = self._serialize.query('token', token, 'str')
if descriptors is not None:
query_parameters['descriptors'] = self._serialize.query('descriptors', descriptors, 'str')
if include_extended_info is not None:
query_parameters['includeExtendedInfo'] = self._serialize.query('include_extended_info', include_extended_info, 'bool')
if recurse is not None:
query_parameters['recurse'] = self._serialize.query('recurse', recurse, 'bool')
response = self._send(http_method='GET',
location_id='18a2ad18-7571-46ae-bec7-0c7da1495885',
version='5.0',
route_values=route_values,
query_parameters=query_parameters)
return self._deserialize('[AccessControlList]', self._unwrap_collection(response))
def remove_access_control_lists(self, security_namespace_id, tokens=None, recurse=None):
"""RemoveAccessControlLists.
Remove access control lists under the specfied security namespace.
:param str security_namespace_id: Security namespace identifier.
:param str tokens: One or more comma-separated security tokens
:param bool recurse: If true and this is a hierarchical namespace, also remove child ACLs of the specified tokens.
:rtype: bool
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
query_parameters = {}
if tokens is not None:
query_parameters['tokens'] = self._serialize.query('tokens', tokens, 'str')
if recurse is not None:
query_parameters['recurse'] = self._serialize.query('recurse', recurse, 'bool')
response = self._send(http_method='DELETE',
location_id='18a2ad18-7571-46ae-bec7-0c7da1495885',
version='5.0',
route_values=route_values,
query_parameters=query_parameters)
return self._deserialize('bool', response)
def set_access_control_lists(self, access_control_lists, security_namespace_id):
"""SetAccessControlLists.
Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten.
:param :class:`<VssJsonCollectionWrapper> <azure.devops.v5_0.security.models.VssJsonCollectionWrapper>` access_control_lists: A list of ACLs to create or update.
:param str security_namespace_id: Security namespace identifier.
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
content = self._serialize.body(access_control_lists, 'VssJsonCollectionWrapper')
self._send(http_method='POST',
location_id='18a2ad18-7571-46ae-bec7-0c7da1495885',
version='5.0',
route_values=route_values,
content=content)
def has_permissions_batch(self, eval_batch):
"""HasPermissionsBatch.
Evaluates multiple permissions for the calling user. Note: This method does not aggregate the results, nor does it short-circuit if one of the permissions evaluates to false.
:param :class:`<PermissionEvaluationBatch> <azure.devops.v5_0.security.models.PermissionEvaluationBatch>` eval_batch: The set of evaluation requests.
:rtype: :class:`<PermissionEvaluationBatch> <azure.devops.v5_0.security.models.PermissionEvaluationBatch>`
"""
content = self._serialize.body(eval_batch, 'PermissionEvaluationBatch')
response = self._send(http_method='POST',
location_id='cf1faa59-1b63-4448-bf04-13d981a46f5d',
version='5.0',
content=content)
return self._deserialize('PermissionEvaluationBatch', response)
def has_permissions(self, security_namespace_id, permissions=None, tokens=None, always_allow_administrators=None, delimiter=None):
"""HasPermissions.
Evaluates whether the caller has the specified permissions on the specified set of security tokens.
:param str security_namespace_id: Security namespace identifier.
:param int permissions: Permissions to evaluate.
:param str tokens: One or more security tokens to evaluate.
:param bool always_allow_administrators: If true and if the caller is an administrator, always return true.
:param str delimiter: Optional security token separator. Defaults to ",".
:rtype: [bool]
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
if permissions is not None:
route_values['permissions'] = self._serialize.url('permissions', permissions, 'int')
query_parameters = {}
if tokens is not None:
query_parameters['tokens'] = self._serialize.query('tokens', tokens, 'str')
if always_allow_administrators is not None:
query_parameters['alwaysAllowAdministrators'] = self._serialize.query('always_allow_administrators', always_allow_administrators, 'bool')
if delimiter is not None:
query_parameters['delimiter'] = self._serialize.query('delimiter', delimiter, 'str')
response = self._send(http_method='GET',
location_id='dd3b8bd6-c7fc-4cbd-929a-933d9c011c9d',
version='5.0',
route_values=route_values,
query_parameters=query_parameters)
return self._deserialize('[bool]', self._unwrap_collection(response))
def remove_permission(self, security_namespace_id, descriptor, permissions=None, token=None):
"""RemovePermission.
Removes the specified permissions on a security token for a user or group.
:param str security_namespace_id: Security namespace identifier.
:param str descriptor: Identity descriptor of the user to remove permissions for.
:param int permissions: Permissions to remove.
:param str token: Security token to remove permissions for.
:rtype: :class:`<AccessControlEntry> <azure.devops.v5_0.security.models.AccessControlEntry>`
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
if permissions is not None:
route_values['permissions'] = self._serialize.url('permissions', permissions, 'int')
query_parameters = {}
if descriptor is not None:
query_parameters['descriptor'] = self._serialize.query('descriptor', descriptor, 'str')
if token is not None:
query_parameters['token'] = self._serialize.query('token', token, 'str')
response = self._send(http_method='DELETE',
location_id='dd3b8bd6-c7fc-4cbd-929a-933d9c011c9d',
version='5.0',
route_values=route_values,
query_parameters=query_parameters)
return self._deserialize('AccessControlEntry', response)
def query_security_namespaces(self, security_namespace_id=None, local_only=None):
"""QuerySecurityNamespaces.
List all security namespaces or just the specified namespace.
:param str security_namespace_id: Security namespace identifier.
:param bool local_only: If true, retrieve only local security namespaces.
:rtype: [SecurityNamespaceDescription]
"""
route_values = {}
if security_namespace_id is not None:
route_values['securityNamespaceId'] = self._serialize.url('security_namespace_id', security_namespace_id, 'str')
query_parameters = {}
if local_only is not None:
query_parameters['localOnly'] = self._serialize.query('local_only', local_only, 'bool')
response = self._send(http_method='GET',
location_id='ce7b9f95-fde9-4be8-a86d-83b366f0b87a',
version='5.0',
route_values=route_values,
query_parameters=query_parameters)
return self._deserialize('[SecurityNamespaceDescription]', self._unwrap_collection(response))
|