diff --git a/roles/cobald/library/influx_bucket.py b/roles/cobald/library/influx_bucket.py index 53c6dcc..e2152ff 100755 --- a/roles/cobald/library/influx_bucket.py +++ b/roles/cobald/library/influx_bucket.py @@ -92,13 +92,13 @@ class Bucket: self.result = None self.f = lambda: self._create({ "orgID": self.org_id, - "description": self.description, + "description": self.description if self.description else None, "name": self.name, "retentionRules": [] }) else: self.result = x[0] - if self.description == x[0]["description"]: + if self.description == x[0].get("description", ""): return False # everything matches -> no change needed else: self.result = x[0] diff --git a/roles/cobald/library/influx_token.py b/roles/cobald/library/influx_token.py index ff9f872..b94c64b 100755 --- a/roles/cobald/library/influx_token.py +++ b/roles/cobald/library/influx_token.py @@ -141,11 +141,22 @@ class Token: self.f() def _match_perms(self, pa, pb): - a = pa.copy() - b = pb.copy() - for i in a: + def g(match, lst): + for idx, i in enumerate(lst): + if i['action'] != match['action']: + continue + for k, v in match['resource'].items(): + if k not in i['resource'] or i['resource'][k] != v: + continue + else: # first best match + return idx + else: + raise ValueError + + b = [b.copy() for b in pb] + for i in pa: try: - b.remove(i) + b.pop(g(i, b)) except ValueError: return False # permission i not present in b @@ -187,7 +198,12 @@ if __name__ == "__main__": name=dict(type='str'), org=dict(type='str'), orgID=dict(type='str'), - type=dict(type='str', required=True), + type=dict(type='str', required=True, choices=[ + "authorizations", "buckets", "dashboards", "orgs", + "sources", "tasks", "telegrafs", "users", "variables", + "scrapers", "secrets", "labels", "views", "documents", + "notificationRules", "notificationEndpoints", "checks", + "dbrp", "flows", "annotations", "functions"]), ), required=True), ), required=True), force=dict(type="bool", default=False),