def status_of_value( value ): ''' To be refactored ''' # Hack: rely on the order of values in ValidStatus validStatus = RssConfiguration.getValidStatus() try: return validStatus[ value ] except IndexError: #Temporary fix, not anymore InvalidStatus exception raising gLogger.error( 'status_of_value returning -1' ) return -1 ################################################################################ #EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF
def _runPolicies(self, policies, decissionParams=None): if decissionParams is None: decissionParams = self.decissionParams validStatus = RssConfiguration.getValidStatus() if not validStatus['OK']: return validStatus validStatus = validStatus['Value'] policyInvocationResults = [] for policyDict in policies: policyInvocationResult = self.pCaller.policyInvocation( decissionParams, policyDict) if not policyInvocationResult['OK']: # We should never enter this line ! Just in case there are policies # missconfigured ! _msg = 'runPolicies no OK: %s' % policyInvocationResult gLogger.error(_msg) return S_ERROR(_msg) policyInvocationResult = policyInvocationResult['Value'] if not 'Status' in policyInvocationResult: _msg = 'runPolicies (no Status): %s' % policyInvocationResult gLogger.error(_msg) return S_ERROR(_msg) if not policyInvocationResult['Status'] in validStatus: _msg = 'runPolicies ( not valid status ) %s' % policyInvocationResult[ 'Status'] gLogger.error(_msg) return S_ERROR(_msg) if not 'Reason' in policyInvocationResult: _msg = 'runPolicies (no Reason): %s' % policyInvocationResult gLogger.error(_msg) return S_ERROR(_msg) policyInvocationResults.append(policyInvocationResult) return S_OK(policyInvocationResults)
def _runPolicies( self, policies, decissionParams = None ): if decissionParams is None: decissionParams = self.decissionParams validStatus = RssConfiguration.getValidStatus() if not validStatus[ 'OK' ]: return validStatus validStatus = validStatus[ 'Value' ] policyInvocationResults = [] for policyDict in policies: policyInvocationResult = self.pCaller.policyInvocation( decissionParams, policyDict ) if not policyInvocationResult[ 'OK' ]: # We should never enter this line ! Just in case there are policies # missconfigured ! _msg = 'runPolicies no OK: %s' % policyInvocationResult gLogger.error( _msg ) return S_ERROR( _msg ) policyInvocationResult = policyInvocationResult[ 'Value' ] if not 'Status' in policyInvocationResult: _msg = 'runPolicies (no Status): %s' % policyInvocationResult gLogger.error( _msg ) return S_ERROR( _msg ) if not policyInvocationResult[ 'Status' ] in validStatus: _msg = 'runPolicies ( not valid status ) %s' % policyInvocationResult[ 'Status' ] gLogger.error( _msg ) return S_ERROR( _msg ) if not 'Reason' in policyInvocationResult: _msg = 'runPolicies (no Reason): %s' % policyInvocationResult gLogger.error( _msg ) return S_ERROR( _msg ) policyInvocationResults.append( policyInvocationResult ) return S_OK( policyInvocationResults )
def enforce( self, granularity = None, name = None, statusType = None, status = None, formerStatus = None, reason = None, siteType = None, serviceType = None, resourceType = None, tokenOwner = None, useNewRes = False, knownInfo = None ): ''' Enforce policies for given set of keyworkds. To be better explained. ''' ## real ban flag ######################################################### realBan = False if tokenOwner is not None: if tokenOwner == 'RS_SVC': realBan = True ## sanitize input ########################################################## ## IS IT REALLY NEEDED ?? validElements = RssConfiguration.getValidElements() if granularity is not None and granularity not in validElements: return S_ERROR( 'Granularity "%s" not valid' % granularity ) validStatusTypes = RssConfiguration.getValidStatusTypes() if statusType is not None and statusType not in validStatusTypes[ granularity ]['StatusType']: return S_ERROR( 'StatusType "%s" not valid' % statusType ) validStatus = RssConfiguration.getValidStatus() if status is not None and status not in validStatus: return S_ERROR( 'Status "%s" not valid' % status ) validStatus = RssConfiguration.getValidStatus() if formerStatus is not None and formerStatus not in validStatus: return S_ERROR( 'FormerStatus "%s" not valid' % formerStatus ) validSiteTypes = RssConfiguration.getValidSiteTypes() if siteType is not None and siteType not in validSiteTypes: return S_ERROR( 'SiteType "%s" not valid' % siteType ) validServiceTypes = RssConfiguration.getValidServiceTypes() if serviceType is not None and serviceType not in validServiceTypes: return S_ERROR( 'ServiceType "%s" not valid' % serviceType ) validResourceTypes = RssConfiguration.getValidResourceTypes() if resourceType is not None and resourceType not in validResourceTypes: return S_ERROR( 'ResourceType "%s" not valid' % resourceType ) ## policy setup ############################################################ self.pdp.setup( granularity = granularity, name = name, statusType = statusType, status = status, formerStatus = formerStatus, reason = reason, siteType = siteType, serviceType = serviceType, resourceType = resourceType, useNewRes = useNewRes ) ## policy decision ######################################################### resDecisions = self.pdp.takeDecision( knownInfo = knownInfo ) ## record all results before doing anything else for resP in resDecisions[ 'SinglePolicyResults' ]: if not resP.has_key( 'OLD' ): self.clients[ "rmClient" ].insertPolicyResultLog( granularity, name, resP[ 'PolicyName' ], statusType, resP[ 'Status' ], resP[ 'Reason' ], now ) else: gLogger.warn( 'OLD: %s' % resP ) res = resDecisions[ 'PolicyCombinedResult' ] actionBaseMod = "DIRAC.ResourceStatusSystem.PolicySystem.Actions" # Security mechanism in case there is no PolicyType returned if res == {}: EmptyAction(granularity, name, statusType, resDecisions).run() else: policyType = res[ 'PolicyType' ] if 'Resource_PolType' in policyType: action = Utils.voimport( '%s.ResourceAction' % actionBaseMod ) action.ResourceAction(granularity, name, statusType, resDecisions, rsClient=self.rsClient, rmClient=self.rmClient).run() if 'Alarm_PolType' in policyType: action = Utils.voimport( '%s.AlarmAction' % actionBaseMod ) action.AlarmAction(granularity, name, statusType, resDecisions, Clients=self.clients, Params={"Granularity" : granularity, "SiteType" : siteType, "ServiceType" : serviceType, "ResourceType" : resourceType}).run() if 'RealBan_PolType' in policyType and realBan: action = Utils.voimport( '%s.RealBanAction' % actionBaseMod ) action.RealBanAction(granularity, name, resDecisions).run() return resDecisions ################################################################################ #EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF
def enforce(self, granularity=None, name=None, statusType=None, status=None, formerStatus=None, reason=None, siteType=None, serviceType=None, resourceType=None, tokenOwner=None, useNewRes=False, knownInfo=None): ''' Enforce policies for given set of keyworkds. To be better explained. ''' ## real ban flag ######################################################### realBan = False if tokenOwner is not None: if tokenOwner == 'RS_SVC': realBan = True ## sanitize input ########################################################## ## IS IT REALLY NEEDED ?? validElements = RssConfiguration.getValidElements() if granularity is not None and granularity not in validElements: return S_ERROR('Granularity "%s" not valid' % granularity) validStatusTypes = RssConfiguration.getValidStatusTypes() if statusType is not None and statusType not in validStatusTypes[ granularity]['StatusType']: return S_ERROR('StatusType "%s" not valid' % statusType) validStatus = RssConfiguration.getValidStatus() if status is not None and status not in validStatus: return S_ERROR('Status "%s" not valid' % status) validStatus = RssConfiguration.getValidStatus() if formerStatus is not None and formerStatus not in validStatus: return S_ERROR('FormerStatus "%s" not valid' % formerStatus) validSiteTypes = RssConfiguration.getValidSiteTypes() if siteType is not None and siteType not in validSiteTypes: return S_ERROR('SiteType "%s" not valid' % siteType) validServiceTypes = RssConfiguration.getValidServiceTypes() if serviceType is not None and serviceType not in validServiceTypes: return S_ERROR('ServiceType "%s" not valid' % serviceType) validResourceTypes = RssConfiguration.getValidResourceTypes() if resourceType is not None and resourceType not in validResourceTypes: return S_ERROR('ResourceType "%s" not valid' % resourceType) ## policy setup ############################################################ self.pdp.setup(granularity=granularity, name=name, statusType=statusType, status=status, formerStatus=formerStatus, reason=reason, siteType=siteType, serviceType=serviceType, resourceType=resourceType, useNewRes=useNewRes) ## policy decision ######################################################### resDecisions = self.pdp.takeDecision(knownInfo=knownInfo) ## record all results before doing anything else for resP in resDecisions['SinglePolicyResults']: if not resP.has_key('OLD'): self.clients["rmClient"].insertPolicyResultLog( granularity, name, resP['PolicyName'], statusType, resP['Status'], resP['Reason'], now) else: gLogger.warn('OLD: %s' % resP) res = resDecisions['PolicyCombinedResult'] actionBaseMod = "DIRAC.ResourceStatusSystem.PolicySystem.Actions" # Security mechanism in case there is no PolicyType returned if res == {}: EmptyAction(granularity, name, statusType, resDecisions).run() else: policyType = res['PolicyType'] if 'Resource_PolType' in policyType: action = Utils.voimport('%s.ResourceAction' % actionBaseMod) action.ResourceAction(granularity, name, statusType, resDecisions, rsClient=self.rsClient, rmClient=self.rmClient).run() if 'Alarm_PolType' in policyType: action = Utils.voimport('%s.AlarmAction' % actionBaseMod) action.AlarmAction(granularity, name, statusType, resDecisions, Clients=self.clients, Params={ "Granularity": granularity, "SiteType": siteType, "ServiceType": serviceType, "ResourceType": resourceType }).run() if 'RealBan_PolType' in policyType and realBan: action = Utils.voimport('%s.RealBanAction' % actionBaseMod) action.RealBanAction(granularity, name, resDecisions).run() return resDecisions ################################################################################ #EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF