# %pip install python-dotenv
# %pip install domolibrary --upgradeCreating and UPSERTing custom roles with DomoLibrary
a short post on using DomoLibrary to create and update custom roles with new grant lists and auto assign users to that role
Project Configuration
⚙️ configure environment variables
This script assumes the use of a dotenv file (in this example sample_config.txt)
from dotenv import dotenv_values
env = dotenv_values("sample_config.txt")
envOrderedDict([('ROLE_NAME', 'dl_department_admin'),
('ROLE_DESCRIPTION', 'deployed via domo_library script'),
('ROLE_GRANTS',
'alert.edit, alert.actions, content.card.embed, content.export, content.variable.edit, audit, datastore.create, dataset.manage, dataset.export, publish.subscribers.manage, user.invite, group.edit, certifiedcontent.admin, certifiedcontent.request'),
('ROLE_EMAILS', 'test1@test.com, test2@test.com'),
('ROLE_NAME2', 'dl_test'),
('ROLE_DESCRIPTION2', 'deployed via domo_library script'),
('ROLE_GRANTS2', 'alert.edit, alert.actions, content.card.embed'),
('ROLE_EMAILS2',
'test3@test.com, test3@test.com, test4@test.com')])⚙️ Creds config and roles to create
the domolibrary features a class based and function based approach to interacting with domo entities.
use the domolibrary.client.DomoAuth objects to handle api authentication
access_tokens can be configured in Domo > Auth > Security > Access Token and have the benefit of not requiring direct signon access in environments that are using SSO
import domolibrary.client.DomoAuth as dmda
import os
token_auth = dmda.DomoTokenAuth(
domo_instance=os.environ['DOMO_INSTANCE'],
domo_access_token=os.environ["DOMO_ACCESS_TOKEN"],
)
await token_auth.get_auth_token()
assert isinstance(token_auth.token, str)Templatize user input with classes
The custom EnvRole class allows users to define configuration in the .env file; however ensures conformity and reduces code redundancy by templatizing the required input.
from pprint import pprint
from dataclasses import dataclass
import domolibrary.classes.DomoGrant as dmg
from typing import List
@dataclass
class EnvRole:
name: str
description: str
grant_ls: List[
dmg.DomoGrant
] # grants are consistent across domo instances so can be defined on initialization
user_ls: List[
str
] # each instance would have a diferent user_id associated with each instance so should be handled on a per instance basis (DomoUsers expect a set user id)
"""custom class for templatizing roles to create"""
def __init__(
self,
name: str,
description: str,
grants_str: str, # comma separated string of grant_ids
user_str: [str],
):
self.name = name
self.description = description
self.grant_ls = [
dmg.DomoGrant(id=grant.strip()) for grant in grants_str.split(",")
]
self.user_ls = [user.strip() for user in user_str.split(",")]
# List of roles that will be created
roles_to_create = [
EnvRole(
name=env["ROLE_NAME"],
description=env["ROLE_DESCRIPTION"],
grants_str=env["ROLE_GRANTS"],
user_str=env["ROLE_EMAILS"],
),
EnvRole(
name=env["ROLE_NAME2"],
description=env["ROLE_DESCRIPTION2"],
grants_str=env["ROLE_GRANTS2"],
user_str=env["ROLE_EMAILS2"],
),
]
pprint(roles_to_create)[EnvRole(name='dl_department_admin',
description='deployed via domo_library script',
grant_ls=[DomoGrant(id='alert.edit',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='alert.actions',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='content.card.embed',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='content.export',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='content.variable.edit',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='audit',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='datastore.create',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='dataset.manage',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='dataset.export',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='publish.subscribers.manage',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='user.invite',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='group.edit',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='certifiedcontent.admin',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='certifiedcontent.request',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None)],
user_ls=['test1@test.com', 'test2@test.com']),
EnvRole(name='dl_test',
description='deployed via domo_library script',
grant_ls=[DomoGrant(id='alert.edit',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='alert.actions',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None),
DomoGrant(id='content.card.embed',
display_group=None,
title=None,
depends_on_ls=None,
description=None,
role_membership_ls=None)],
user_ls=['test3@test.com', 'test3@test.com', 'test4@test.com'])]Define Functions that bridge the EnvRole with domolibrary classes
In the examples below, the functions are very simple and just call the API with passthrough parameters; however, more customization could be added for example defining a default role_description if one wasn’t provided.
Notice how upsert_super_admin doesn’t even accept a list of grants and instead pulls a list of all available grants from that Domo Instance.
This might be necessary because Domo by default doesn’t grant all grants to the Admin role.
import domolibrary.classes.DomoRole as dmr
import domolibrary.client.DomoAuth as dmda
async def upsert_role(
auth: dmda.DomoAuth,
role_name: str,
role_description: str,
grant_ls: List[dmg.DomoGrant],
debug_api: bool = False,
return_raw : bool = False
):
return await dmr.DomoRoles.upsert_role(
auth=auth, name=role_name, description=role_description, grant_ls=grant_ls, debug_api = debug_api, return_raw = return_raw
)sample implementation of upsert_role
roles_to_create[EnvRole(name='dl_department_admin', description='deployed via domo_library script', grant_ls=[DomoGrant(id='alert.edit', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='alert.actions', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='content.card.embed', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='content.export', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='content.variable.edit', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='audit', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='datastore.create', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='dataset.manage', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='dataset.export', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='publish.subscribers.manage', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='user.invite', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='group.edit', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='certifiedcontent.admin', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='certifiedcontent.request', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None)], user_ls=['test1@test.com', 'test2@test.com']),
EnvRole(name='dl_test', description='deployed via domo_library script', grant_ls=[DomoGrant(id='alert.edit', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='alert.actions', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None), DomoGrant(id='content.card.embed', display_group=None, title=None, depends_on_ls=None, description=None, role_membership_ls=None)], user_ls=['test3@test.com', 'test3@test.com', 'test4@test.com'])]import datetime as dt
role = roles_to_create[0]
try:
await upsert_role(
auth=token_auth,
role_name=role.name,
role_description=f"{role.description} - updated {dt.date.today()}",
grant_ls=role.grant_ls,
debug_api = True,
return_raw = False
)
except Exception as e:
print(e)type object 'DomoRoles' has no attribute 'upsert_role'import datetime as dt
import domolibrary.classes.DomoInstanceConfig as dmic
# grants for super admin role are getting directly from instance using get_all_instance_grants
async def upsert_super_admin(
auth: dmda.DomoAuth,
role_name: str,
role_description=f"all grants - updated on {dt.date.today()}",
debug_api: bool = False,
debug_prn: bool = False,
):
domo_instance = dmic.DomoInstanceConfig(auth=auth)
all_grants = await domo_instance.get_grants()
sa_role = await dmr.DomoRoles.upsert_role(
name=role_name,
description=role_description,
auth=auth,
debug_api=debug_api,
grant_ls=all_grants,
)
return sa_role--------------------------------------------------------------------------- NameError Traceback (most recent call last) Cell In[8], line 2 1 import datetime as dt ----> 2 import domolibrary.classes.DomoInstanceConfig as dmic 5 # grants for super admin role are getting directly from instance using get_all_instance_grants 6 async def upsert_super_admin( 7 auth: dmda.DomoAuth, 8 role_name: str, (...) 11 debug_prn: bool = False, 12 ): File /workspaces/domolibrary/domolibrary/classes/DomoInstanceConfig.py:79 76 import domolibrary.classes.DomoInstanceConfig_ApiClient as dicli 77 import domolibrary.classes.DomoInstanceConfig_MFA as dimfa ---> 79 import domolibrary.classes.DomoPublish as dmpb 80 import domolibrary.classes.DomoRole as dmrl 82 # %% ../../nbs/classes/50_DomoInstanceConfig.ipynb 7 File /workspaces/domolibrary/domolibrary/classes/DomoPublish.py:21 18 import domolibrary.client.DomoAuth as dmda 19 import domolibrary.routes.publish as publish_routes ---> 21 import domolibrary.classes.DomoLineage as dmdl 23 import domolibrary.utils.chunk_execution as dmce 24 import domolibrary.client.DomoError as dmde File /workspaces/domolibrary/domolibrary/classes/DomoLineage.py:16 13 import httpx 15 import domolibrary.client.DomoAuth as dmda ---> 16 import domolibrary.classes.DomoDatacenter as dmdc 17 import domolibrary.client.DomoError as dmde 19 import domolibrary.routes.datacenter as datacenter_routes File /workspaces/domolibrary/domolibrary/classes/DomoDatacenter.py:255 228 return await dmce.gather_with_concurrency( 229 n=60, 230 *[ (...) 238 ] 239 ) 241 # %% ../../nbs/classes/50_DomoDatacenter.ipynb 20 242 @patch_to(DomoDatacenter, cls_method=True) 243 async def get_cards_admin_summary( 244 cls, 245 auth=dmda.DomoAuth, 246 page_ids: List[str] = None, 247 card_search_text: str = None, 248 page_search_text: str = None, 249 maximum: int = None, # maximum number of results to return 250 # can accept one value or a list of values 251 return_raw: bool = False, 252 debug_api: bool = False, 253 debug_loop: bool = False, 254 session: httpx.AsyncClient = None, --> 255 ) -> list[dmc.DomoCard]: 256 """search Domo Datacenter card api.""" 258 import domolibrary.classes.DomoCard as dmc NameError: name 'dmc' is not defined
sample implementation of creating a super_admin role
try:
await upsert_super_admin(auth=token_auth, role_name="super_admin")
except Exception as e:
print(e)create user
At code execution, it is possible that a user may need to be a specific role, but that user and the role haven’t been deployed to the instance yet.
The proper order of operations would be to create a role and then assign the user to that role. You cannot create a user without defining their role membership
import domolibrary.classes.DomoUser as dmu
async def upsert_user(
auth: dmda.DomoAuth,
email_address: str,
role_id: str,
debug_api: bool = False,
):
return await dmu.DomoUsers.upsert_user(
email_address=email_address, role_id=role_id, auth=auth, debug_api=debug_api
)sample implementation of upsert_user
role = roles_to_create[0]
await upsert_user(auth=token_auth, role_id=4, email_address="test23@test.com")Main Implementation
With one function, create_role which calls upsert_roleandupsert_userwe can quickly map over theEnvRoleclass and rapidly deploy a consistent set of roles to one or many domo instances just by swapping out the [DomoAuth`](https://jaewilson07.github.io/domo_library/client/domoauth.html#domoauth) object.
Notice the intentional use of asyncio to execute code asynchronously where appropriate. We must deploy a role before deploying users, but we could configure multiple roles simultaneously because they are not dependent.
import datetime as dt
import asyncio
async def create_role(
role_name, role_description, grant_ls, email_ls, auth, debug_prn: bool = False
):
if debug_prn:
pprint(
{
"name": role_name,
"description": role_description,
"grant_ls": grant_ls,
"email_ls": email_ls,
}
)
domo_role = await upsert_role(
auth=auth,
role_name=role_name,
role_description=f"{role_description} - updated {dt.date.today()}",
grant_ls=grant_ls,
)
return await asyncio.gather(
*[
upsert_user(auth=auth, role_id=domo_role.id, email_address=email_address)
for email_address in email_ls
]
)sample implementation of create_role
try:
await asyncio.gather(
*[
create_role(
role_name=role.name,
role_description=role.description,
grant_ls=role.grant_ls,
email_ls=role.user_ls,
auth=token_auth,
)
for role in roles_to_create
]
)
except Exception as e:
print(e)