From 58a4c22aa2ffd1467e23c0cb3af931562ff64eb9 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 30 Nov 2022 11:40:36 -0500
Subject: [PATCH] Allow custom privilege levels through messages layer

If a user has created custom roles, designate custom. as
a prefix to indicate they really
mean what they say
---
 confluent_server/confluent/messages.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py
index 48ee3126..1c9ce2b4 100644
--- a/confluent_server/confluent/messages.py
+++ b/confluent_server/confluent/messages.py
@@ -845,8 +845,9 @@ class InputCredential(ConfluentMessage):
             inputdata['uid'] = int(inputdata['uid'])
         if ('privilege_level' in inputdata and
               inputdata['privilege_level'] not in self.valid_privilege_levels):
-            raise exc.InvalidArgumentException('privilege_level is not one of '
-                                        + ','.join(self.valid_privilege_levels))
+            if not inputdata['privilege_level'].startswith('custom.'):
+                raise exc.InvalidArgumentException('privilege_level is not one of '
+                                            + ','.join(self.valid_privilege_levels))
         if ('enabled' in inputdata and
             inputdata['enabled'] not in self.valid_enabled_values):
             raise exc.InvalidArgumentException('valid values for enabled are '