feature/rbac-roles - add role commands; namespaces.addgroup - use object_roles, not object_permissions

[himdel]

(draft until the feature/rbac-roles galaxy_ng & ansible-hub-ui branches get merged in master)

This addresses compatibility with the new (4.6+) rbac roles:

AAH-1691:
galaxykit role list
galaxykit role create <rolename> <description> --permissions <permissions>
galaxykit role delete <rolename>
galaxykit role perm list <rolename>
galaxykit role perm add <rolename> <perm>
galaxykit role perm remove <rolename> <perm>

AAH-1692:
galaxykit group role add <group> <role>
galaxykit group role remove <group> <role>

No-Issue:
make galaxykit namespace addgroup <namespace> <group> work again, by sending object_roles instead of object_permissions

Removed:
galaxykit group perm list <groupname>
galaxykit group perm add <groupname> <perm>
galaxykit group perm remove <groupname> <perm>

Removed methods:

• groups.get_permissions (replaced by roles.get_permissions)
• groups.set_permissions (replaced by roles.set_permissions with add_permissions=[])
• groups.delete_permission (replaced by roles.set_permissions with remove_permissions=[])
• client.set_permissions (not sure if unused, or if we just need to change it to call roles.set_permissions instead of groups.set_permissions)

---

Also adding vim swapfiles to gitignore,
and adding a client.patch method, used by role perm add/remove.

[hendersonreed]

Looks good to me! We'll need to remember that this is a breaking change for when we do our next version bump.

[himdel]

Thanks!
Moving back to draft since we're not doing rbac for 4.5.0 anymore.

This needs to come back with the revert of today's/tomorrow's revert of ansible/galaxy_ng#1057 :)

EDIT: that evolved into the feature/rbac-roles branch

[himdel]

@jerabekjiri This should be ready to address AAH-1691 & AAH-1692, do we need anything else to test the rbac branch properly?

@hendersonreed I've updated this and added some more backward incompatible changes (removes client.set_permissions and galaxykit group perm * commands), is this still ok (for when the feature branches gets merged in master)? Do you know if it'd be better to update client.set_permissions to update role permissions instead, instead of removing it?

[jerabekjiri]

Works great 👍
tested and looks like it covers all we need :)

[hendersonreed]

Backwards in-compatible changes are fine right now I think, particularly because the galaxykit usage on the QE side is still relatively minimal (migrating the IQE test suite to use more galaxykit features is an incremental process).

We'll just need to ensure that we bump the version properly when we release.

[himdel]

@chr-stian The last commits are adding a dependency on ansible again. Given the context of #54, #55 and #39 (comment), I'll ask you to create a separate PR for those changes.

I'm restoring this PR to the original state and rebasing on top of current main, my priority here is to have UI tests working so we can merge the branches soon :).

[chr-stian]

yes, wait_for_task throws GalaxyError. I could fix it easily by changing it to GalaxyClientError. But I can wait.

[himdel]

@hendersonreed do we have your blessing to merge this one? :)

[hendersonreed]

I think so! right now no one I know of is using master anyways, so this shouldn't break anything anyways, and the rbac branches have been merged.