def _setup_action_models(cls):
action_db = ActionDB()
action_db.name = 'action-1'
action_db.description = 'awesomeness'
action_db.enabled = True
action_db.pack = 'wolfpack'
action_db.entry_point = ''
action_db.runner_type = {'name': 'test-runner'}
action_db.parameters = {
'actionstr': {
'type': 'string',
'required': True
},
'actionint': {
'type': 'number',
'default': 10
},
'runnerdummy': {
'type': 'string',
'default': 'actiondummy',
'immutable': True
},
'runnerimmutable': {
'type': 'string',
'default': 'failed_override'
},
'actionimmutable': {
'type': 'string',
'default': 'actionimmutable',
'immutable': True
}
}
ParamsUtilsTest.action_db = action_db
def setup_action_models(cls):
action_db = ActionDB()
action_db.name = 'action-1'
action_db.description = 'awesomeness'
action_db.enabled = True
action_db.pack = 'wolfpack'
action_db.ref = ResourceReference(name=action_db.name, pack=action_db.pack).ref
action_db.entry_point = ''
action_db.runner_type = {'name': 'test-runner'}
action_db.parameters = {
'actionstr': {'type': 'string', 'position': 1, 'required': True},
'actionint': {'type': 'number', 'default': 10, 'position': 0},
'runnerdummy': {'type': 'string', 'default': 'actiondummy'}
}
ActionDBUtilsTestCase.action_db = Action.add_or_update(action_db)
liveaction_db = LiveActionDB()
liveaction_db.status = 'initializing'
liveaction_db.start_timestamp = get_datetime_utc_now()
liveaction_db.action = ActionDBUtilsTestCase.action_db.ref
params = {
'actionstr': 'foo',
'some_key_that_aint_exist_in_action_or_runner': 'bar',
'runnerint': 555
}
liveaction_db.parameters = params
ActionDBUtilsTestCase.liveaction_db = LiveAction.add_or_update(liveaction_db)
def setup_action_models(cls):
action_db = ActionDB()
action_db.name = 'action-1'
action_db.description = 'awesomeness'
action_db.enabled = True
action_db.pack = 'wolfpack'
action_db.entry_point = ''
action_db.runner_type = {'name': 'test-runner'}
action_db.parameters = {
'actionstr': {'type': 'string', 'position': 1, 'required': True},
'actionint': {'type': 'number', 'default': 10, 'position': 0},
'runnerdummy': {'type': 'string', 'default': 'actiondummy'}
}
ActionDBUtilsTestCase.action_db = Action.add_or_update(action_db)
actionexec_db = ActionExecutionDB()
actionexec_db.status = 'initializing'
actionexec_db.start_timestamp = datetime.datetime.utcnow()
actionexec_db.action = ResourceReference(
name=ActionDBUtilsTestCase.action_db.name,
pack=ActionDBUtilsTestCase.action_db.pack).ref
params = {
'actionstr': 'foo',
'some_key_that_aint_exist_in_action_or_runner': 'bar',
'runnerint': 555
}
actionexec_db.parameters = params
ActionDBUtilsTestCase.actionexec_db = ActionExecution.add_or_update(actionexec_db)
def _register_action(self, pack, action):
content = self._meta_loader.load(action)
try:
model = Action.get_by_name(str(content['name']))
except ValueError:
model = ActionDB()
model.name = content['name']
model.description = content['description']
model.enabled = content['enabled']
model.pack = pack
model.entry_point = content['entry_point']
model.parameters = content.get('parameters', {})
runner_type = str(content['runner_type'])
valid_runner_type, runner_type_db = self._has_valid_runner_type(
runner_type)
if valid_runner_type:
model.runner_type = {'name': runner_type_db.name}
else:
LOG.exception('Runner type %s doesn\'t exist.', runner_type)
raise
try:
model = Action.add_or_update(model)
LOG.audit('Action created. Action %s from %s.', model, action)
except Exception:
LOG.exception('Failed to write action to db %s.', model.name)
raise
def test_get_uid(self):
pack_1_db = PackDB(ref='test_pack')
pack_2_db = PackDB(ref='examples')
self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack')
self.assertEqual(pack_2_db.get_uid(), 'pack:examples')
action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action')
action_2_db = ActionDB(pack='core', name='local', ref='core.local')
self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action')
self.assertEqual(action_2_db.get_uid(), 'action:core:local')
def _register_action(self, pack, action):
with open(action, 'r') as fd:
try:
content = json.load(fd)
except ValueError:
LOG.exception('Failed loading action json from %s.', action)
raise
try:
model = Action.get_by_name(str(content['name']))
except ValueError:
model = ActionDB()
model.name = content['name']
model.description = content['description']
model.enabled = content['enabled']
model.pack = pack
model.entry_point = content['entry_point']
model.parameters = content.get('parameters', {})
runner_type = str(content['runner_type'])
valid_runner_type, runner_type_db = self._has_valid_runner_type(runner_type)
if valid_runner_type:
model.runner_type = {'name': runner_type_db.name}
else:
LOG.exception('Runner type %s doesn\'t exist.')
raise
try:
model = Action.add_or_update(model)
LOG.audit('Action created. Action %s from %s.', model, action)
except Exception:
LOG.exception('Failed to write action to db %s.', model.name)
raise
def test_uid_is_populated_on_save(self):
pack_1_db = PackDB(ref='test_pack', name='test', description='foo', version='1.0.0',
author='dev', email='*****@*****.**')
pack_1_db = Pack.add_or_update(pack_1_db)
pack_1_db.reload()
self.assertEqual(pack_1_db.uid, 'pack:test_pack')
action_1_db = ActionDB(name='local', pack='core', ref='core.local', entry_point='',
runner_type={'name': 'local-shell-cmd'})
action_1_db = Action.add_or_update(action_1_db)
action_1_db.reload()
self.assertEqual(action_1_db.uid, 'action:core:local')
def test_uid_is_populated_on_save(self):
pack_1_db = PackDB(ref='test_pack', name='test', description='foo', version='1.0',
author='dev', email='*****@*****.**')
pack_1_db = Pack.add_or_update(pack_1_db)
pack_1_db.reload()
self.assertEqual(pack_1_db.uid, 'pack:test_pack')
action_1_db = ActionDB(name='local', pack='core', ref='core.local', entry_point='',
runner_type={'name': 'local-shell-cmd'})
action_1_db = Action.add_or_update(action_1_db)
action_1_db.reload()
self.assertEqual(action_1_db.uid, 'action:core:local')
def _register_action(self, pack, action):
content = self._meta_loader.load(action)
action_ref = ResourceReference(pack=pack, name=str(content['name']))
model = action_utils.get_action_by_ref(action_ref)
if not model:
model = ActionDB()
model.name = content['name']
model.description = content['description']
model.enabled = content['enabled']
model.pack = pack
model.entry_point = content['entry_point']
model.parameters = content.get('parameters', {})
runner_type = str(content['runner_type'])
valid_runner_type, runner_type_db = self._has_valid_runner_type(runner_type)
if valid_runner_type:
model.runner_type = {'name': runner_type_db.name}
else:
LOG.exception('Runner type %s doesn\'t exist.', runner_type)
raise
try:
model = Action.add_or_update(model)
LOG.audit('Action created. Action %s from %s.', model, action)
except Exception:
LOG.exception('Failed to write action to db %s.', model.name)
raise
def setup_action_models(cls):
pack = 'wolfpack'
name = 'action-1'
parameters = {
'actionint': {'type': 'number', 'default': 10, 'position': 0},
'actionfloat': {'type': 'float', 'required': False, 'position': 1},
'actionstr': {'type': 'string', 'required': True, 'position': 2},
'actionbool': {'type': 'boolean', 'required': False, 'position': 3},
'actionlist': {'type': 'list', 'required': False, 'position': 4},
'actionobject': {'type': 'object', 'required': False, 'position': 5},
'actionnull': {'type': 'null', 'required': False, 'position': 6},
'runnerdummy': {'type': 'string', 'default': 'actiondummy'}
}
action_db = ActionDB(pack=pack, name=name, description='awesomeness',
enabled=True,
ref=ResourceReference(name=name, pack=pack).ref,
entry_point='', runner_type={'name': 'test-runner'},
parameters=parameters)
ActionDBUtilsTestCase.action_db = Action.add_or_update(action_db)
liveaction_db = LiveActionDB()
liveaction_db.status = 'initializing'
liveaction_db.start_timestamp = get_datetime_utc_now()
liveaction_db.action = ActionDBUtilsTestCase.action_db.ref
params = {
'actionstr': 'foo',
'some_key_that_aint_exist_in_action_or_runner': 'bar',
'runnerint': 555
}
liveaction_db.parameters = params
ActionDBUtilsTestCase.liveaction_db = LiveAction.add_or_update(liveaction_db)
def user_has_rule_action_permission(user_db, action_ref):
"""
Check that the currently logged-in has necessary permissions on the action used / referenced
inside the rule.
Note: Rules can reference actions which don't yet exist in the system.
"""
if not cfg.CONF.rbac.enable:
return True
action_db = action_utils.get_action_by_ref(ref=action_ref)
if not action_db:
# We allow rules to be created for actions which don't yet exist in the
# system
ref = ResourceReference.from_string_reference(ref=action_ref)
action_db = ActionDB(pack=ref.pack, name=ref.name, ref=action_ref)
rbac_backend = get_backend_instance(cfg.CONF.rbac.backend)
action_resolver = rbac_backend.get_resolver_for_resource_type(
ResourceType.ACTION)
has_action_permission = action_resolver.user_has_resource_db_permission(
user_db=user_db,
resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
if has_action_permission:
return True
return False
def test_format_secret_rule_parameters_are_masked(
self, mock__get_referenced_action_model):
expected_result = {
'description': 'Test description',
'tags': [],
'type': {
'ref': 'standard',
'parameters': {}
},
'enabled': True,
'trigger': 'test tigger',
'metadata_file': None,
'context': {},
'criteria': {},
'action': {
'ref': '1234',
'parameters': {
'parameter1': 'value1',
'parameter2': '********'
}
},
'uid': 'rule:testpack:test.action',
'pack': 'testpack',
'ref': 'testpack.test.action',
'id': None,
'name': 'test.action'
}
parameters = {
'parameter1': {
'type': 'string',
'required': False
},
'parameter2': {
'type': 'string',
'required': False,
'secret': True
}
}
mock_action_db = ActionDB(pack='testpack',
name='test.action',
parameters=parameters)
mock__get_referenced_action_model.return_value = mock_action_db
cfg.CONF.set_override(group='log', name='mask_secrets', override=True)
mock_rule_db = RuleDB(pack='testpack',
name='test.action',
description='Test description',
trigger='test tigger',
action={
'ref': '1234',
'parameters': {
'parameter1': 'value1',
'parameter2': 'value2'
}
})
result = mock_rule_db.to_serializable_dict(True)
self.assertEqual(expected_result, result)
def _create_save_action(runnertype, metadata=False):
created = ActionDB()
created.name = 'action-1'
created.description = 'awesomeness'
created.enabled = True
created.entry_point = '/tmp/action.py'
created.pack = 'wolfpack'
created.runner_type = {'name': runnertype.name}
if not metadata:
created.parameters = {'p1': None, 'p2': None, 'p3': None}
else:
created.parameters = {
'p1': {'type': 'string', 'required': True},
'p2': {'type': 'number', 'default': 2868},
'p3': {'type': 'boolean', 'default': False}
}
return Action.add_or_update(created)
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
# Verify that same set of parameters always results in the same hash
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash).hexdigest()
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')
policy_db = PolicyDB(pack='dummy', name='policy1')
self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
def _create_save_action(runnertype, metadata=False):
name = 'action-1'
pack = 'wolfpack'
ref = ResourceReference(pack=pack, name=name).ref
created = ActionDB(name=name, description='awesomeness', enabled=True,
entry_point='/tmp/action.py', pack=pack,
ref=ref,
runner_type={'name': runnertype.name})
if not metadata:
created.parameters = {'p1': None, 'p2': None, 'p3': None}
else:
created.parameters = {
'p1': {'type': 'string', 'required': True},
'p2': {'type': 'number', 'default': 2868},
'p3': {'type': 'boolean', 'default': False}
}
return Action.add_or_update(created)
def _create_save_action(runnertype, metadata=False):
name = 'action-1'
pack = 'wolfpack'
ref = ResourceReference(pack=pack, name=name).ref
created = ActionDB(name=name, description='awesomeness', enabled=True,
entry_point='/tmp/action.py', pack=pack,
ref=ref,
runner_type={'name': runnertype.name})
if not metadata:
created.parameters = {'p1': None, 'p2': None, 'p3': None}
else:
created.parameters = {
'p1': {'type': 'string', 'required': True},
'p2': {'type': 'number', 'default': 2868},
'p3': {'type': 'boolean', 'default': False}
}
return Action.add_or_update(created)
def _create_save_action(runnertype, metadata=False):
name = "action-1"
pack = "wolfpack"
ref = ResourceReference(pack=pack, name=name).ref
created = ActionDB(
name=name,
description="awesomeness",
enabled=True,
entry_point="/tmp/action.py",
pack=pack,
ref=ref,
runner_type={"name": runnertype.name},
)
if not metadata:
created.parameters = {
"p1": None,
"p2": None,
"p3": None,
"p4": None
}
else:
created.parameters = {
"p1": {
"type": "string",
"required": True
},
"p2": {
"type": "number",
"default": 2868
},
"p3": {
"type": "boolean",
"default": False
},
"p4": {
"type": "string",
"secret": True
},
}
return Action.add_or_update(created)
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
# Verify that same set of parameters always results in the same hash
parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}, 'b': u'unicode'}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash).hexdigest()
parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'b': u'unicode', 'd': {'g': 1, 'h': 2}}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
def _setup_action_models(cls):
action_db = ActionDB()
action_db.name = 'action-1'
action_db.description = 'awesomeness'
action_db.enabled = True
action_db.pack = 'wolfpack'
action_db.entry_point = ''
action_db.runner_type = {'name': 'test-runner'}
action_db.parameters = {
'actionstr': {'type': 'string', 'required': True},
'actionint': {'type': 'number', 'default': 10},
'runnerdummy': {'type': 'string', 'default': 'actiondummy', 'immutable': True},
'runnerimmutable': {'type': 'string', 'default': 'failed_override'},
'actionimmutable': {'type': 'string', 'default': 'actionimmutable', 'immutable': True}
}
ParamsUtilsTest.action_db = action_db
def _create_save_action(runnertype, metadata=False):
name = "action-1"
pack = "wolfpack"
ref = ResourceReference(pack=pack, name=name).ref
created = ActionDB(
name=name,
description="awesomeness",
enabled=True,
entry_point="/tmp/action.py",
pack=pack,
ref=ref,
runner_type={"name": runnertype.name},
)
if not metadata:
created.parameters = {"p1": None, "p2": None, "p3": None}
else:
created.parameters = {
"p1": {"type": "string", "required": True},
"p2": {"type": "number", "default": 2868},
"p3": {"type": "boolean", "default": False},
}
return Action.add_or_update(created)
def test_format_secret_action_parameters_are_masked(self):
formatter = ConsoleLogFormatter()
mock_message = 'test message 1'
parameters = {
'parameter1': {
'type': 'string',
'required': False
},
'parameter2': {
'type': 'string',
'required': False,
'secret': True
}
}
mock_action_db = ActionDB(pack='testpack', name='test.action', parameters=parameters)
action = mock_action_db.to_serializable_dict()
parameters = {
'parameter1': 'value1',
'parameter2': 'value2'
}
mock_action_execution_db = ActionExecutionDB(action=action, parameters=parameters)
record = MockRecord()
record.msg = mock_message
# Add "extra" attributes
record._action_execution_db = mock_action_execution_db
expected_msg_part = (r"'parameters': {u?'parameter1': u?'value1', "
r"u?'parameter2': u?'\*\*\*\*\*\*\*\*'}")
message = formatter.format(record=record)
self.assertTrue('test message 1' in message)
self.assertRegexpMatches(message, expected_msg_part)
def test_format_secret_action_parameters_are_masked(self):
formatter = ConsoleLogFormatter()
mock_message = 'test message 1'
parameters = {
'parameter1': {
'type': 'string',
'required': False
},
'parameter2': {
'type': 'string',
'required': False,
'secret': True
}
}
mock_action_db = ActionDB(pack='testpack',
name='test.action',
parameters=parameters)
action = mock_action_db.to_serializable_dict()
parameters = {'parameter1': 'value1', 'parameter2': 'value2'}
mock_action_execution_db = ActionExecutionDB(action=action,
parameters=parameters)
record = MockRecord()
record.msg = mock_message
# Add "extra" attributes
record._action_execution_db = mock_action_execution_db
expected_msg_part = (r"'parameters': {u?'parameter1': u?'value1', "
r"u?'parameter2': u?'\*\*\*\*\*\*\*\*'}")
message = formatter.format(record=record)
self.assertTrue('test message 1' in message)
self.assertRegexpMatches(message, expected_msg_part)
def test_get_uid(self):
pack_1_db = PackDB(ref='test_pack')
pack_2_db = PackDB(ref='examples')
self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack')
self.assertEqual(pack_2_db.get_uid(), 'pack:examples')
action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action')
action_2_db = ActionDB(pack='core', name='local', ref='core.local')
self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action')
self.assertEqual(action_2_db.get_uid(), 'action:core:local')
def test_get_uid(self):
pack_1_db = PackDB(ref="test_pack")
pack_2_db = PackDB(ref="examples")
self.assertEqual(pack_1_db.get_uid(), "pack:test_pack")
self.assertEqual(pack_2_db.get_uid(), "pack:examples")
action_1_db = ActionDB(pack="examples",
name="my_action",
ref="examples.my_action")
action_2_db = ActionDB(pack="core", name="local", ref="core.local")
self.assertEqual(action_1_db.get_uid(), "action:examples:my_action")
self.assertEqual(action_2_db.get_uid(), "action:core:local")
def test_format_secret_action_parameters_are_masked(self):
formatter = ConsoleLogFormatter()
mock_message = 'test message 1'
mock_action_db = ActionDB()
mock_action_db.name = 'test.action'
mock_action_db.pack = 'testpack'
mock_action_db.parameters = {
'parameter1': {
'type': 'string',
'required': False
},
'parameter2': {
'type': 'string',
'required': False,
'secret': True
}
}
mock_action_execution_db = ActionExecutionDB()
mock_action_execution_db.action = mock_action_db.to_serializable_dict()
mock_action_execution_db.parameters = {
'parameter1': 'value1',
'parameter2': 'value2'
}
record = MockRecord()
record.msg = mock_message
# Add "extra" attributes
record._action_execution_db = mock_action_execution_db
expected_msg_part = "'parameters': {'parameter1': 'value1', 'parameter2': '********'}"
message = formatter.format(record=record)
self.assertTrue('test message 1' in message)
self.assertTrue(expected_msg_part in message)
def test_get_uid(self):
pack_db = PackDB(ref="ma_pack")
self.assertEqual(pack_db.get_uid(), "pack:ma_pack")
self.assertTrue(pack_db.has_valid_uid())
sensor_type_db = SensorTypeDB(name="sname", pack="spack")
self.assertEqual(sensor_type_db.get_uid(), "sensor_type:spack:sname")
self.assertTrue(sensor_type_db.has_valid_uid())
action_db = ActionDB(name="aname", pack="apack", runner_type={})
self.assertEqual(action_db.get_uid(), "action:apack:aname")
self.assertTrue(action_db.has_valid_uid())
rule_db = RuleDB(name="rname", pack="rpack")
self.assertEqual(rule_db.get_uid(), "rule:rpack:rname")
self.assertTrue(rule_db.has_valid_uid())
trigger_type_db = TriggerTypeDB(name="ttname", pack="ttpack")
self.assertEqual(trigger_type_db.get_uid(), "trigger_type:ttpack:ttname")
self.assertTrue(trigger_type_db.has_valid_uid())
trigger_db = TriggerDB(name="tname", pack="tpack")
self.assertTrue(trigger_db.get_uid().startswith("trigger:tpack:tname:"))
# Verify that same set of parameters always results in the same hash
parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()
parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
parameters = {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
parameters = {"b": "unicode", "c": [1, 2, 3], "d": {"h": 2, "g": 1}, "a": 1}
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
parameters = OrderedDict(
{"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
)
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
policy_type_db = PolicyTypeDB(resource_type="action", name="concurrency")
self.assertEqual(policy_type_db.get_uid(), "policy_type:action:concurrency")
self.assertTrue(policy_type_db.has_valid_uid())
policy_db = PolicyDB(pack="dummy", name="policy1")
self.assertEqual(policy_db.get_uid(), "policy:dummy:policy1")
api_key_db = ApiKeyDB(key_hash="valid")
self.assertEqual(api_key_db.get_uid(), "api_key:valid")
self.assertTrue(api_key_db.has_valid_uid())
api_key_db = ApiKeyDB()
self.assertEqual(api_key_db.get_uid(), "api_key:")
self.assertFalse(api_key_db.has_valid_uid())
def test_command_construction_correct_default_parameter_values_are_used(
self):
runner_parameters = {}
action_db_parameters = {
"project": {
"type": "string",
"default": "st2",
"position": 0,
},
"version": {
"type": "string",
"position": 1,
"required": True
},
"fork": {
"type": "string",
"position": 2,
"default": "StackStorm",
},
"branch": {
"type": "string",
"position": 3,
"default": "master",
},
"update_changelog": {
"type": "boolean",
"position": 4,
"default": False
},
"local_repo": {
"type": "string",
"position": 5,
},
}
context = {}
action_db = ActionDB(pack="dummy", name="action")
runner = LocalShellScriptRunner("id")
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
"project": "st2flow",
"version": "3.0.0",
"fork": "StackStorm",
"local_repo": "/tmp/repo",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2flow",
"version": "3.0.0",
"fork": "StackStorm",
"branch": "master", # default value used
"update_changelog": False, # default value used
"local_repo": "/tmp/repo",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(
name="dummy",
action_exec_id="dummy",
script_local_path_abs="/tmp/local.sh",
named_args=named_args,
positional_args=positional_args,
)
command_string = shell_script_action.get_full_command_string()
expected = "/tmp/local.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo"
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
"project": "st2web",
"version": "3.1.0",
"fork": "StackStorm1",
"update_changelog": True,
"local_repo": "/tmp/repob",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2web",
"version": "3.1.0",
"fork": "StackStorm1",
"branch": "master", # default value used
"update_changelog": True, # default value used
"local_repo": "/tmp/repob",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(
name="dummy",
action_exec_id="dummy",
script_local_path_abs="/tmp/local.sh",
named_args=named_args,
positional_args=positional_args,
)
command_string = shell_script_action.get_full_command_string()
expected = "/tmp/local.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob"
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
"project": "st2rbac",
"version": "3.2.0",
"fork": "StackStorm2",
"update_changelog": None,
"local_repo": "/tmp/repoc",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2rbac",
"version": "3.2.0",
"fork": "StackStorm2",
"branch": "master", # default value used
"update_changelog": False, # default value used
"local_repo": "/tmp/repoc",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(
name="dummy",
action_exec_id="dummy",
script_local_path_abs="/tmp/local.sh",
named_args=named_args,
positional_args=positional_args,
)
command_string = shell_script_action.get_full_command_string()
expected = "/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc"
self.assertEqual(command_string, expected)
def test_command_construction_correct_default_parameter_values_are_used(self):
runner_parameters = {}
action_db_parameters = {
'project': {
'type': 'string',
'default': 'st2',
'position': 0,
},
'version': {
'type': 'string',
'position': 1,
'required': True
},
'fork': {
'type': 'string',
'position': 2,
'default': 'StackStorm',
},
'branch': {
'type': 'string',
'position': 3,
'default': 'master',
},
'update_mistral': {
'type': 'boolean',
'position': 4,
'default': False
},
'update_changelog': {
'type': 'boolean',
'position': 5,
'default': False
},
'local_repo': {
'type': 'string',
'position': 6,
}
}
context = {}
action_db = ActionDB(pack='dummy', name='action')
runner = LocalShellScriptRunner('id')
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'local_repo': '/tmp/repo'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'branch': 'master', # default value used
'update_mistral': False, # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repo'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2flow 3.0.0 StackStorm master 0 0 /tmp/repo'
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'update_changelog': True,
'local_repo': '/tmp/repob'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'branch': 'master', # default value used
'update_mistral': False, # default value used
'update_changelog': True, # default value used
'local_repo': '/tmp/repob'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2web 3.1.0 StackStorm1 master 0 1 /tmp/repob'
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'update_changelog': None,
'local_repo': '/tmp/repoc'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'branch': 'master', # default value used
'update_mistral': False, # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repoc'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 0 /tmp/repoc'
self.assertEqual(command_string, expected)
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
self.assertTrue(pack_db.has_valid_uid())
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
self.assertTrue(sensor_type_db.has_valid_uid())
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
self.assertTrue(action_db.has_valid_uid())
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
self.assertTrue(rule_db.has_valid_uid())
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
self.assertTrue(trigger_type_db.has_valid_uid())
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
# Verify that same set of parameters always results in the same hash
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')
self.assertTrue(policy_type_db.has_valid_uid())
policy_db = PolicyDB(pack='dummy', name='policy1')
self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
api_key_db = ApiKeyDB(key_hash='valid')
self.assertEqual(api_key_db.get_uid(), 'api_key:valid')
self.assertTrue(api_key_db.has_valid_uid())
api_key_db = ApiKeyDB()
self.assertEqual(api_key_db.get_uid(), 'api_key:')
self.assertFalse(api_key_db.has_valid_uid())
class NotifierTestCase(unittest2.TestCase):
class MockDispatcher(object):
def __init__(self, tester):
self.tester = tester
self.notify_trigger = ResourceReference.to_string_reference(
pack=NOTIFY_TRIGGER_TYPE['pack'],
name=NOTIFY_TRIGGER_TYPE['name'])
self.action_trigger = ResourceReference.to_string_reference(
pack=ACTION_TRIGGER_TYPE['pack'],
name=ACTION_TRIGGER_TYPE['name'])
def dispatch(self, *args, **kwargs):
try:
self.tester.assertEqual(len(args), 1)
self.tester.assertTrue('payload' in kwargs)
payload = kwargs['payload']
if args[0] == self.notify_trigger:
self.tester.assertEqual(payload['status'], 'succeeded')
self.tester.assertTrue('execution_id' in payload)
self.tester.assertEqual(payload['execution_id'],
MOCK_EXECUTION_ID)
self.tester.assertTrue('start_timestamp' in payload)
self.tester.assertTrue('end_timestamp' in payload)
self.tester.assertEqual('core.local',
payload['action_ref'])
self.tester.assertEqual('Action succeeded.',
payload['message'])
self.tester.assertTrue('data' in payload)
self.tester.assertTrue('run-local-cmd',
payload['runner_ref'])
if args[0] == self.action_trigger:
self.tester.assertEqual(payload['status'], 'succeeded')
self.tester.assertTrue('execution_id' in payload)
self.tester.assertEqual(payload['execution_id'],
MOCK_EXECUTION_ID)
self.tester.assertTrue('start_timestamp' in payload)
self.tester.assertEqual('core.local',
payload['action_name'])
self.tester.assertEqual('core.local',
payload['action_ref'])
self.tester.assertTrue('result' in payload)
self.tester.assertTrue('parameters' in payload)
self.tester.assertTrue('run-local-cmd',
payload['runner_ref'])
except Exception:
self.tester.fail('Test failed')
@mock.patch(
'st2common.util.action_db.get_action_by_ref',
mock.MagicMock(return_value=ActionDB(
pack='core', name='local', runner_type={'name': 'run-local-cmd'})))
@mock.patch('st2common.util.action_db.get_runnertype_by_name',
mock.MagicMock(return_value=RunnerTypeDB(runner_parameters={}))
)
@mock.patch.object(
Action, 'get_by_ref',
mock.MagicMock(return_value={'runner_type': {
'name': 'run-local-cmd'
}}))
@mock.patch.object(Policy, 'query', mock.MagicMock(return_value=[]))
@mock.patch.object(Notifier, '_get_execution_id_for_liveaction',
mock.MagicMock(return_value=MOCK_EXECUTION_ID))
def test_notify_triggers(self):
liveaction = LiveActionDB(action='core.local')
liveaction.description = ''
liveaction.status = 'succeeded'
liveaction.parameters = {}
on_success = NotificationSubSchema(message='Action succeeded.')
on_failure = NotificationSubSchema(message='Action failed.')
liveaction.notify = NotificationSchema(on_success=on_success,
on_failure=on_failure)
liveaction.start_timestamp = date_utils.get_datetime_utc_now()
dispatcher = NotifierTestCase.MockDispatcher(self)
notifier = Notifier(connection=None,
queues=[],
trigger_dispatcher=dispatcher)
notifier.process(liveaction)
class NotifierTestCase(unittest2.TestCase):
class MockDispatcher(object):
def __init__(self, tester):
self.tester = tester
self.notify_trigger = ResourceReference.to_string_reference(
pack=NOTIFY_TRIGGER_TYPE['pack'],
name=NOTIFY_TRIGGER_TYPE['name'])
self.action_trigger = ResourceReference.to_string_reference(
pack=ACTION_TRIGGER_TYPE['pack'],
name=ACTION_TRIGGER_TYPE['name'])
def dispatch(self, *args, **kwargs):
try:
self.tester.assertEqual(len(args), 1)
self.tester.assertTrue('payload' in kwargs)
payload = kwargs['payload']
if args[0] == self.notify_trigger:
self.tester.assertEqual(payload['status'], 'succeeded')
self.tester.assertTrue('execution_id' in payload)
self.tester.assertEqual(payload['execution_id'], str(MOCK_EXECUTION.id))
self.tester.assertTrue('start_timestamp' in payload)
self.tester.assertTrue('end_timestamp' in payload)
self.tester.assertEqual('core.local', payload['action_ref'])
self.tester.assertEqual('Action succeeded.', payload['message'])
self.tester.assertTrue('data' in payload)
self.tester.assertTrue('run-local-cmd', payload['runner_ref'])
if args[0] == self.action_trigger:
self.tester.assertEqual(payload['status'], 'succeeded')
self.tester.assertTrue('execution_id' in payload)
self.tester.assertEqual(payload['execution_id'], str(MOCK_EXECUTION.id))
self.tester.assertTrue('start_timestamp' in payload)
self.tester.assertEqual('core.local', payload['action_name'])
self.tester.assertEqual('core.local', payload['action_ref'])
self.tester.assertTrue('result' in payload)
self.tester.assertTrue('parameters' in payload)
self.tester.assertTrue('run-local-cmd', payload['runner_ref'])
except Exception:
self.tester.fail('Test failed')
@mock.patch('st2common.util.action_db.get_action_by_ref', mock.MagicMock(
return_value=ActionDB(pack='core', name='local', runner_type={'name': 'run-local-cmd'},
parameters={})))
@mock.patch('st2common.util.action_db.get_runnertype_by_name', mock.MagicMock(
return_value=RunnerTypeDB(runner_parameters={})))
@mock.patch.object(Action, 'get_by_ref', mock.MagicMock(
return_value={'runner_type': {'name': 'run-local-cmd'}}))
@mock.patch.object(Policy, 'query', mock.MagicMock(
return_value=[]))
@mock.patch.object(Notifier, '_get_execution_for_liveaction', mock.MagicMock(
return_value=MOCK_EXECUTION))
@mock.patch.object(Notifier, '_get_trace_context', mock.MagicMock(return_value={}))
def test_notify_triggers(self):
liveaction = LiveActionDB(action='core.local')
liveaction.description = ''
liveaction.status = 'succeeded'
liveaction.parameters = {}
on_success = NotificationSubSchema(message='Action succeeded.')
on_failure = NotificationSubSchema(message='Action failed.')
liveaction.notify = NotificationSchema(on_success=on_success,
on_failure=on_failure)
liveaction.start_timestamp = date_utils.get_datetime_utc_now()
liveaction.end_timestamp = liveaction.start_timestamp + datetime.timedelta(seconds=50)
dispatcher = NotifierTestCase.MockDispatcher(self)
notifier = Notifier(connection=None, queues=[], trigger_dispatcher=dispatcher)
notifier.process(liveaction)
@mock.patch('st2common.util.action_db.get_action_by_ref', mock.MagicMock(
return_value=ActionDB(pack='core', name='local', runner_type={'name': 'run-local-cmd'})))
@mock.patch('st2common.util.action_db.get_runnertype_by_name', mock.MagicMock(
return_value=RunnerTypeDB(runner_parameters={'runner_foo': 'foo'})))
@mock.patch.object(Action, 'get_by_ref', mock.MagicMock(
return_value={'runner_type': {'name': 'run-local-cmd'}}))
@mock.patch.object(Policy, 'query', mock.MagicMock(
return_value=[]))
@mock.patch.object(Notifier, '_get_execution_for_liveaction', mock.MagicMock(
return_value=MOCK_EXECUTION))
@mock.patch.object(Notifier, '_post_generic_trigger', mock.MagicMock(
return_value=True))
@mock.patch.object(Notifier, '_get_trace_context', mock.MagicMock(return_value={}))
@mock.patch('st2common.transport.reactor.TriggerDispatcher.dispatch')
def test_notify_triggers_jinja_patterns(self, dispatch):
liveaction = LiveActionDB(action='core.local')
liveaction.description = ''
liveaction.status = 'succeeded'
liveaction.parameters = {'cmd': 'mamma mia', 'runner_foo': 'foo'}
on_success = NotificationSubSchema(message='Command {{action_parameters.cmd}} succeeded.',
data={'stdout': '{{action_results.stdout}}'})
liveaction.notify = NotificationSchema(on_success=on_success)
liveaction.start_timestamp = date_utils.get_datetime_utc_now()
liveaction.end_timestamp = liveaction.start_timestamp + datetime.timedelta(seconds=50)
notifier = Notifier(connection=None, queues=[])
notifier.process(liveaction)
exp = {'status': 'succeeded',
'start_timestamp': isotime.format(liveaction.start_timestamp),
'route': 'notify.default', 'runner_ref': 'run-local-cmd',
'channel': 'notify.default', 'message': u'Command mamma mia succeeded.',
'data': {'result': '{}', 'stdout': 'stuff happens'},
'action_ref': u'core.local',
'execution_id': str(MOCK_EXECUTION.id),
'end_timestamp': isotime.format(liveaction.end_timestamp)}
dispatch.assert_called_once_with('core.st2.generic.notifytrigger', payload=exp,
trace_context={})
notifier.process(liveaction)
def setUp(self):
super(ExecutionPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_unrelated_pack_action_grant'] = user_1_db
user_2_db = UserDB(name='custom_role_pack_action_grant_unrelated_permission')
user_2_db = User.add_or_update(user_2_db)
self.users['custom_role_pack_action_grant_unrelated_permission'] = user_2_db
user_3_db = UserDB(name='custom_role_pack_action_view_grant')
user_3_db = User.add_or_update(user_3_db)
self.users['custom_role_pack_action_view_grant'] = user_3_db
user_4_db = UserDB(name='custom_role_action_view_grant')
user_4_db = User.add_or_update(user_4_db)
self.users['custom_role_action_view_grant'] = user_4_db
user_5_db = UserDB(name='custom_role_pack_action_execute_grant')
user_5_db = User.add_or_update(user_5_db)
self.users['custom_role_pack_action_execute_grant'] = user_5_db
user_6_db = UserDB(name='custom_role_action_execute_grant')
user_6_db = User.add_or_update(user_6_db)
self.users['custom_role_action_execute_grant'] = user_6_db
user_7_db = UserDB(name='custom_role_pack_action_all_grant')
user_7_db = User.add_or_update(user_7_db)
self.users['custom_role_pack_action_all_grant'] = user_7_db
user_8_db = UserDB(name='custom_role_action_all_grant')
user_8_db = User.add_or_update(user_8_db)
self.users['custom_role_action_all_grant'] = user_8_db
# Create some mock resources on which permissions can be granted
action_1_db = ActionDB(pack='test_pack_2', name='action1', entry_point='',
runner_type={'name': 'run-local'})
action_1_db = Action.add_or_update(action_1_db)
self.resources['action_1'] = action_1_db
runner = {'name': 'run-python'}
liveaction = {'action': 'test_pack_2.action1'}
status = action_constants.LIVEACTION_STATUS_REQUESTED
action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'}
exec_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction,
status=status)
exec_1_db = ActionExecution.add_or_update(exec_1_db)
self.resources['exec_1'] = exec_1_db
# Create some mock roles with associated permission grants
# Custom role - one grant to an unrelated pack
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_unrelated_pack_action_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_unrelated_pack_action_grant'] = role_db
# Custom role - one grant of unrelated permission type to parent action pack
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.RULE_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_pack_action_grant_unrelated_permission',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_pack_action_grant_unrelated_permission'] = role_db
# Custom role - one grant of "action_view" to the parent pack of the action the execution
# belongs to
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_pack_action_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_pack_action_view_grant'] = role_db
# Custom role - one grant of "action_view" to the action the execution belongs to
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_action_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_action_view_grant'] = role_db
# Custom role - one grant of "action_execute" to the parent pack of the action the
# execution belongs to
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_pack_action_execute_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_pack_action_execute_grant'] = role_db
# Custom role - one grant of "action_execute" to the the action the execution belongs to
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_action_execute_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_action_execute_grant'] = role_db
# Custom role - "action_all" grant on a parent action pack the execution belongs to
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_pack_action_all_grant',
permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_pack_action_all_grant'] = role_4_db
# Custom role - "action_all" grant on action the execution belongs to
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_action_all_grant',
permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_action_all_grant'] = role_4_db
# Create some mock role assignments
user_db = self.users['custom_role_unrelated_pack_action_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_unrelated_pack_action_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_grant_unrelated_permission']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_grant_unrelated_permission'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_view_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_action_view_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_execute_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_execute_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_execute_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_action_execute_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_all_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_action_all_grant'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
from st2common.util import reference
from st2reactor.rules.enforcer import RuleEnforcer
import st2tests.config as tests_config
MOCK_TRIGGER = TriggerDB()
MOCK_TRIGGER.id = 'trigger-test.id'
MOCK_TRIGGER.name = 'trigger-test.name'
MOCK_TRIGGER.pack = 'dummypack1'
MOCK_TRIGGER_INSTANCE = TriggerInstanceDB()
MOCK_TRIGGER_INSTANCE.id = 'triggerinstance-test'
MOCK_TRIGGER_INSTANCE.trigger = reference.get_ref_from_model(MOCK_TRIGGER)
MOCK_TRIGGER_INSTANCE.payload = {}
MOCK_TRIGGER_INSTANCE.occurrence_time = datetime.datetime.utcnow()
MOCK_ACTION = ActionDB()
MOCK_ACTION.id = 'action-test-1.id'
MOCK_ACTION.name = 'action-test-1.name'
MOCK_ACTION_EXECUTION = ActionExecutionDB()
MOCK_ACTION_EXECUTION.id = 'actionexec-test-1.id'
MOCK_ACTION_EXECUTION.name = 'actionexec-test-1.name'
MOCK_ACTION_EXECUTION.status = 'scheduled'
MOCK_RULE_1 = RuleDB()
MOCK_RULE_1.id = 'rule-test-1'
MOCK_RULE_1.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_1.criteria = {}
MOCK_RULE_1.action = ActionExecutionSpecDB()
MOCK_RULE_1.action.ref = reference.get_ref_from_model(MOCK_ACTION)
MOCK_RULE_1.enabled = True
name='trigger-test.name',
type='system.test')
MOCK_TRIGGER_INSTANCE = TriggerInstanceDB(
trigger=MOCK_TRIGGER.get_reference().ref,
occurrence_time=date_utils.get_datetime_utc_now(),
payload={
'p1': 'v1',
'p2': 'preYYYpost',
'bool': True,
'int': 1,
'float': 0.8
})
MOCK_ACTION = ActionDB(id=bson.ObjectId(),
pack='wolfpack',
name='action-test-1.name')
MOCK_RULE_1 = RuleDB(
id=bson.ObjectId(),
pack='wolfpack',
name='some1',
trigger=reference.get_str_resource_ref_from_model(MOCK_TRIGGER),
criteria={},
action=ActionExecutionSpecDB(ref="somepack.someaction"))
MOCK_RULE_2 = RuleDB(
id=bson.ObjectId(),
pack='wolfpack',
name='some2',
trigger=reference.get_str_resource_ref_from_model(MOCK_TRIGGER),
def test_command_construction_correct_default_parameter_values_are_used(self):
runner_parameters = {}
action_db_parameters = {
'project': {
'type': 'string',
'default': 'st2',
'position': 0,
},
'version': {
'type': 'string',
'position': 1,
'required': True
},
'fork': {
'type': 'string',
'position': 2,
'default': 'StackStorm',
},
'branch': {
'type': 'string',
'position': 3,
'default': 'master',
},
'update_changelog': {
'type': 'boolean',
'position': 4,
'default': False
},
'local_repo': {
'type': 'string',
'position': 5,
}
}
context = {}
action_db = ActionDB(pack='dummy', name='action')
runner = LocalShellScriptRunner('id')
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'local_repo': '/tmp/repo'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'branch': 'master', # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repo'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo'
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'update_changelog': True,
'local_repo': '/tmp/repob'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'branch': 'master', # default value used
'update_changelog': True, # default value used
'local_repo': '/tmp/repob'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob'
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'update_changelog': None,
'local_repo': '/tmp/repoc'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'branch': 'master', # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repoc'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc'
self.assertEqual(command_string, expected)
def setup_action_models(cls):
action_db = ActionDB()
action_db.name = 'action-1'
action_db.description = 'awesomeness'
action_db.enabled = True
action_db.pack = 'wolfpack'
action_db.entry_point = ''
action_db.runner_type = {'name': 'test-runner'}
action_db.parameters = {
'actionstr': {'type': 'string', 'required': True},
'actionint': {'type': 'number', 'default': 10},
'runnerdummy': {'type': 'string', 'default': 'actiondummy'},
'runnerimmutable': {'type': 'string', 'default': 'failed_override'},
'actionimmutable': {'type': 'string', 'default': 'actionimmutable', 'immutable': True}
}
RunnerContainerTest.action_db = Action.add_or_update(action_db)
action_db = ActionDB()
action_db.name = 'action-2'
action_db.description = 'awesomeness'
action_db.enabled = True
action_db.pack = 'wolfpack'
action_db.entry_point = ''
action_db.runner_type = {'name': 'test-failingrunner'}
action_db.parameters = {}
RunnerContainerTest.failingaction_db = Action.add_or_update(action_db)
MOCK_TRIGGER.name = 'trigger-test.name'
MOCK_TRIGGER.pack = 'dummy_pack_1'
MOCK_TRIGGER.type = 'system.test'
MOCK_TRIGGER_INSTANCE = TriggerInstanceDB()
MOCK_TRIGGER_INSTANCE.id = bson.ObjectId()
MOCK_TRIGGER_INSTANCE.trigger = MOCK_TRIGGER.get_reference().ref
MOCK_TRIGGER_INSTANCE.payload = {
'p1': 'v1',
'bool': True,
'int': 1,
'float': 0.8
}
MOCK_TRIGGER_INSTANCE.occurrence_time = datetime.datetime.utcnow()
MOCK_ACTION = ActionDB()
MOCK_ACTION.id = bson.ObjectId()
MOCK_ACTION.name = 'action-test-1.name'
MOCK_RULE_1 = RuleDB()
MOCK_RULE_1.id = bson.ObjectId()
MOCK_RULE_1.name = "some1"
MOCK_RULE_1.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_1.criteria = {}
MOCK_RULE_1.action = ActionExecutionSpecDB(ref="somepack.someaction")
MOCK_RULE_2 = RuleDB()
MOCK_RULE_2.id = bson.ObjectId()
MOCK_RULE_1.name = "some2"
MOCK_RULE_2.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_2.criteria = {}
def test_command_construction_correct_default_parameter_values_are_used(
self):
runner_parameters = {}
action_db_parameters = {
"project": {
"type": "string",
"default": "st2",
"position": 0,
},
"version": {
"type": "string",
"position": 1,
"required": True
},
"fork": {
"type": "string",
"position": 2,
"default": "StackStorm",
},
"branch": {
"type": "string",
"position": 3,
"default": "master",
},
"update_changelog": {
"type": "boolean",
"position": 4,
"default": False
},
"local_repo": {
"type": "string",
"position": 5,
},
}
context = {}
action_db = ActionDB(pack="dummy", name="action")
runner = ParamikoRemoteScriptRunner("id")
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
"project": "st2flow",
"version": "3.0.0",
"fork": "StackStorm",
"local_repo": "/tmp/repo",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2flow",
"version": "3.0.0",
"fork": "StackStorm",
"branch": "master", # default value used
"update_changelog": False, # default value used
"local_repo": "/tmp/repo",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
remote_action = ParamikoRemoteScriptAction(
"foo-script",
"id",
script_local_path_abs="/tmp/script.sh",
script_local_libs_path_abs=None,
named_args=named_args,
positional_args=positional_args,
env_vars={},
on_behalf_user="******",
user="******",
remote_dir="/tmp",
hosts=["127.0.0.1"],
cwd="/test/cwd/",
)
command_string = remote_action.get_full_command_string()
expected = "cd /test/cwd/ && /tmp/script.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo"
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
"project": "st2web",
"version": "3.1.0",
"fork": "StackStorm1",
"update_changelog": True,
"local_repo": "/tmp/repob",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2web",
"version": "3.1.0",
"fork": "StackStorm1",
"branch": "master", # default value used
"update_changelog": True, # default value used
"local_repo": "/tmp/repob",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
remote_action = ParamikoRemoteScriptAction(
"foo-script",
"id",
script_local_path_abs="/tmp/script.sh",
script_local_libs_path_abs=None,
named_args=named_args,
positional_args=positional_args,
env_vars={},
on_behalf_user="******",
user="******",
remote_dir="/tmp",
hosts=["127.0.0.1"],
cwd="/test/cwd/",
)
command_string = remote_action.get_full_command_string()
expected = "cd /test/cwd/ && /tmp/script.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob"
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
"project": "st2rbac",
"version": "3.2.0",
"fork": "StackStorm2",
"update_changelog": None,
"local_repo": "/tmp/repoc",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2rbac",
"version": "3.2.0",
"fork": "StackStorm2",
"branch": "master", # default value used
"update_changelog": False, # default value used
"local_repo": "/tmp/repoc",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
remote_action = ParamikoRemoteScriptAction(
"foo-script",
"id",
script_local_path_abs="/tmp/script.sh",
script_local_libs_path_abs=None,
named_args=named_args,
positional_args=positional_args,
env_vars={},
on_behalf_user="******",
user="******",
remote_dir="/tmp",
hosts=["127.0.0.1"],
cwd="/test/cwd/",
)
command_string = remote_action.get_full_command_string()
expected = "cd /test/cwd/ && /tmp/script.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc"
self.assertEqual(command_string, expected)
from st2tests import DbTestCase
MOCK_TRIGGER = TriggerDB()
MOCK_TRIGGER.id = bson.ObjectId()
MOCK_TRIGGER.name = 'trigger-test.name'
MOCK_TRIGGER.pack = 'dummy_pack_1'
MOCK_TRIGGER.type = 'system.test'
MOCK_TRIGGER_INSTANCE = TriggerInstanceDB()
MOCK_TRIGGER_INSTANCE.id = bson.ObjectId()
MOCK_TRIGGER_INSTANCE.trigger = MOCK_TRIGGER.get_reference().ref
MOCK_TRIGGER_INSTANCE.payload = {'p1': 'v1'}
MOCK_TRIGGER_INSTANCE.occurrence_time = datetime.datetime.utcnow()
MOCK_ACTION = ActionDB()
MOCK_ACTION.id = bson.ObjectId()
MOCK_ACTION.name = 'action-test-1.name'
MOCK_RULE_1 = RuleDB()
MOCK_RULE_1.id = bson.ObjectId()
MOCK_RULE_1.name = "some1"
MOCK_RULE_1.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_1.criteria = {}
MOCK_RULE_1.action = ActionExecutionSpecDB(ref="somepack.someaction")
MOCK_RULE_2 = RuleDB()
MOCK_RULE_2.id = bson.ObjectId()
MOCK_RULE_1.name = "some2"
MOCK_RULE_2.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_2.criteria = {}
class NotifierTestCase(CleanDbTestCase):
class MockDispatcher(object):
def __init__(self, tester):
self.tester = tester
self.notify_trigger = ResourceReference.to_string_reference(
pack=NOTIFY_TRIGGER_TYPE['pack'],
name=NOTIFY_TRIGGER_TYPE['name'])
self.action_trigger = ResourceReference.to_string_reference(
pack=ACTION_TRIGGER_TYPE['pack'],
name=ACTION_TRIGGER_TYPE['name'])
def dispatch(self, *args, **kwargs):
try:
self.tester.assertEqual(len(args), 1)
self.tester.assertTrue('payload' in kwargs)
payload = kwargs['payload']
if args[0] == self.notify_trigger:
self.tester.assertEqual(payload['status'], 'succeeded')
self.tester.assertTrue('execution_id' in payload)
self.tester.assertEqual(payload['execution_id'],
str(MOCK_EXECUTION.id))
self.tester.assertTrue('start_timestamp' in payload)
self.tester.assertTrue('end_timestamp' in payload)
self.tester.assertEqual('core.local',
payload['action_ref'])
self.tester.assertEqual('Action succeeded.',
payload['message'])
self.tester.assertTrue('data' in payload)
self.tester.assertTrue('run-local-cmd',
payload['runner_ref'])
if args[0] == self.action_trigger:
self.tester.assertEqual(payload['status'], 'succeeded')
self.tester.assertTrue('execution_id' in payload)
self.tester.assertEqual(payload['execution_id'],
str(MOCK_EXECUTION.id))
self.tester.assertTrue('start_timestamp' in payload)
self.tester.assertEqual('core.local',
payload['action_name'])
self.tester.assertEqual('core.local',
payload['action_ref'])
self.tester.assertTrue('result' in payload)
self.tester.assertTrue('parameters' in payload)
self.tester.assertTrue('run-local-cmd',
payload['runner_ref'])
except Exception:
self.tester.fail('Test failed')
@mock.patch(
'st2common.util.action_db.get_action_by_ref',
mock.MagicMock(
return_value=ActionDB(pack='core',
name='local',
runner_type={'name': 'run-local-cmd'},
parameters={})))
@mock.patch(
'st2common.util.action_db.get_runnertype_by_name',
mock.MagicMock(
return_value=RunnerTypeDB(name='foo', runner_parameters={})))
@mock.patch.object(
Action, 'get_by_ref',
mock.MagicMock(return_value={'runner_type': {
'name': 'run-local-cmd'
}}))
@mock.patch.object(Policy, 'query', mock.MagicMock(return_value=[]))
@mock.patch.object(Notifier, '_get_trace_context',
mock.MagicMock(return_value={}))
def test_notify_triggers(self):
liveaction_db = LiveActionDB(action='core.local')
liveaction_db.id = bson.ObjectId()
liveaction_db.description = ''
liveaction_db.status = 'succeeded'
liveaction_db.parameters = {}
on_success = NotificationSubSchema(message='Action succeeded.')
on_failure = NotificationSubSchema(message='Action failed.')
liveaction_db.notify = NotificationSchema(on_success=on_success,
on_failure=on_failure)
liveaction_db.start_timestamp = date_utils.get_datetime_utc_now()
liveaction_db.end_timestamp = (liveaction_db.start_timestamp +
datetime.timedelta(seconds=50))
LiveAction.add_or_update(liveaction_db)
execution = MOCK_EXECUTION
execution.liveaction = vars(LiveActionAPI.from_model(liveaction_db))
execution.status = liveaction_db.status
dispatcher = NotifierTestCase.MockDispatcher(self)
notifier = Notifier(connection=None,
queues=[],
trigger_dispatcher=dispatcher)
notifier.process(execution)
@mock.patch(
'st2common.util.action_db.get_action_by_ref',
mock.MagicMock(
return_value=ActionDB(pack='core',
name='local',
runner_type={'name': 'run-local-cmd'},
parameters={})))
@mock.patch(
'st2common.util.action_db.get_runnertype_by_name',
mock.MagicMock(
return_value=RunnerTypeDB(name='foo', runner_parameters={})))
@mock.patch.object(
Action, 'get_by_ref',
mock.MagicMock(return_value={'runner_type': {
'name': 'run-local-cmd'
}}))
@mock.patch.object(Policy, 'query', mock.MagicMock(return_value=[]))
@mock.patch.object(Notifier, '_get_trace_context',
mock.MagicMock(return_value={}))
def test_notify_triggers_end_timestamp_none(self):
liveaction_db = LiveActionDB(action='core.local')
liveaction_db.id = bson.ObjectId()
liveaction_db.description = ''
liveaction_db.status = 'succeeded'
liveaction_db.parameters = {}
on_success = NotificationSubSchema(message='Action succeeded.')
on_failure = NotificationSubSchema(message='Action failed.')
liveaction_db.notify = NotificationSchema(on_success=on_success,
on_failure=on_failure)
liveaction_db.start_timestamp = date_utils.get_datetime_utc_now()
# This tests for end_timestamp being set to None, which can happen when a policy cancels
# a request.
# The assertions within "MockDispatcher.dispatch" will validate that the underlying code
# handles this properly, so all we need to do is keep the call to "notifier.process" below
liveaction_db.end_timestamp = None
LiveAction.add_or_update(liveaction_db)
execution = MOCK_EXECUTION
execution.liveaction = vars(LiveActionAPI.from_model(liveaction_db))
execution.status = liveaction_db.status
dispatcher = NotifierTestCase.MockDispatcher(self)
notifier = Notifier(connection=None,
queues=[],
trigger_dispatcher=dispatcher)
notifier.process(execution)
@mock.patch(
'st2common.util.action_db.get_action_by_ref',
mock.MagicMock(return_value=ActionDB(
pack='core', name='local', runner_type={'name': 'run-local-cmd'})))
@mock.patch('st2common.util.action_db.get_runnertype_by_name',
mock.MagicMock(return_value=RunnerTypeDB(
name='foo', runner_parameters={'runner_foo': 'foo'})))
@mock.patch.object(
Action, 'get_by_ref',
mock.MagicMock(return_value={'runner_type': {
'name': 'run-local-cmd'
}}))
@mock.patch.object(Policy, 'query', mock.MagicMock(return_value=[]))
@mock.patch.object(Notifier, '_post_generic_trigger',
mock.MagicMock(return_value=True))
@mock.patch.object(Notifier, '_get_trace_context',
mock.MagicMock(return_value={}))
@mock.patch('st2common.transport.reactor.TriggerDispatcher.dispatch')
def test_notify_triggers_jinja_patterns(self, dispatch):
liveaction_db = LiveActionDB(action='core.local')
liveaction_db.id = bson.ObjectId()
liveaction_db.description = ''
liveaction_db.status = 'succeeded'
liveaction_db.parameters = {'cmd': 'mamma mia', 'runner_foo': 'foo'}
on_success = NotificationSubSchema(
message='Command {{action_parameters.cmd}} succeeded.',
data={'stdout': '{{action_results.stdout}}'})
liveaction_db.notify = NotificationSchema(on_success=on_success)
liveaction_db.start_timestamp = date_utils.get_datetime_utc_now()
liveaction_db.end_timestamp = (liveaction_db.start_timestamp +
datetime.timedelta(seconds=50))
LiveAction.add_or_update(liveaction_db)
execution = MOCK_EXECUTION
execution.liveaction = vars(LiveActionAPI.from_model(liveaction_db))
execution.status = liveaction_db.status
notifier = Notifier(connection=None, queues=[])
notifier.process(execution)
exp = {
'status': 'succeeded',
'start_timestamp': isotime.format(liveaction_db.start_timestamp),
'route': 'notify.default',
'runner_ref': 'run-local-cmd',
'channel': 'notify.default',
'message': u'Command mamma mia succeeded.',
'data': {
'result': '{}',
'stdout': 'stuff happens'
},
'action_ref': u'core.local',
'execution_id': str(MOCK_EXECUTION.id),
'end_timestamp': isotime.format(liveaction_db.end_timestamp)
}
dispatch.assert_called_once_with('core.st2.generic.notifytrigger',
payload=exp,
trace_context={})
notifier.process(execution)
def setUp(self):
super(InquiryPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='custom_role_inquiry_list_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_inquiry_list_grant'] = user_1_db
user_2_db = UserDB(name='custom_role_inquiry_view_grant')
user_2_db = User.add_or_update(user_2_db)
self.users['custom_role_inquiry_view_grant'] = user_2_db
user_3_db = UserDB(name='custom_role_inquiry_respond_grant')
user_3_db = User.add_or_update(user_3_db)
self.users['custom_role_inquiry_respond_grant'] = user_3_db
user_4_db = UserDB(name='custom_role_inquiry_all_grant')
user_4_db = User.add_or_update(user_4_db)
self.users['custom_role_inquiry_all_grant'] = user_4_db
user_5_db = UserDB(name='custom_role_inquiry_inherit')
user_5_db = User.add_or_update(user_5_db)
self.users['custom_role_inquiry_inherit'] = user_5_db
# Create a workflow for testing inheritance of action_execute permission
# to inquiry_respond permission
wf_db = ActionDB(pack='examples',
name='mistral-ask-basic',
entry_point='',
runner_type={'name': 'mistral-v2'})
wf_db = Action.add_or_update(wf_db)
self.resources['wf'] = wf_db
runner = {'name': 'mistral-v2'}
liveaction = {'action': 'examples.mistral-ask-basic'}
status = action_constants.LIVEACTION_STATUS_PAUSED
# Spawn workflow
action = {'uid': wf_db.get_uid(), 'pack': 'examples'}
wf_exc_db = ActionExecutionDB(action=action,
runner=runner,
liveaction=liveaction,
status=status)
wf_exc_db = ActionExecution.add_or_update(wf_exc_db)
# Create an Inquiry on which permissions can be granted
action_1_db = ActionDB(pack='core',
name='ask',
entry_point='',
runner_type={'name': 'inquirer'})
action_1_db = Action.add_or_update(action_1_db)
self.resources['action_1'] = action_1_db
runner = {'name': 'inquirer'}
liveaction = {'action': 'core.ask'}
status = action_constants.LIVEACTION_STATUS_PENDING
# For now, Inquiries are "borrowing" the ActionExecutionDB model,
# so we have to test with that model
action = {'uid': action_1_db.get_uid(), 'pack': 'core'}
inquiry_1_db = ActionExecutionDB(action=action,
runner=runner,
liveaction=liveaction,
status=status)
# A separate inquiry that has a parent (so we can test workflow permission inheritance)
inquiry_2_db = ActionExecutionDB(action=action,
runner=runner,
liveaction=liveaction,
status=status,
parent=str(wf_exc_db.id))
# A bit gross, but it's what we have to do since Inquiries
# don't yet have their own data model
def get_uid():
return "inquiry"
inquiry_1_db.get_uid = get_uid
inquiry_2_db.get_uid = get_uid
inquiry_1_db = ActionExecution.add_or_update(inquiry_1_db)
inquiry_2_db = ActionExecution.add_or_update(inquiry_2_db)
self.resources['inquiry_1'] = inquiry_1_db
self.resources['inquiry_2'] = inquiry_2_db
############################################################
# Create some mock roles with associated permission grants #
############################################################
# Custom role - "inquiry_list" grant
grant_db = PermissionGrantDB(
resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_list_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_list_grant'] = role_db
# Custom role - "inquiry_view" grant
grant_db = PermissionGrantDB(
resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_view_grant'] = role_db
# Custom role - "inquiry_respond" grant
grant_db = PermissionGrantDB(
resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_RESPOND])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_respond_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_respond_grant'] = role_db
# Custom role - "inquiry_all" grant
grant_db = PermissionGrantDB(
resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_all_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_all_grant'] = role_db
# Custom role - inheritance grant
grant_db = PermissionGrantDB(
resource_uid=self.resources['wf'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_inherit',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_inherit'] = role_db
#####################################
# Create some mock role assignments #
#####################################
user_db = self.users['custom_role_inquiry_list_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_list_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_view_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_respond_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_respond_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_inherit']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_inherit'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self):
super(InquiryPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='custom_role_inquiry_list_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_inquiry_list_grant'] = user_1_db
user_2_db = UserDB(name='custom_role_inquiry_view_grant')
user_2_db = User.add_or_update(user_2_db)
self.users['custom_role_inquiry_view_grant'] = user_2_db
user_3_db = UserDB(name='custom_role_inquiry_respond_grant')
user_3_db = User.add_or_update(user_3_db)
self.users['custom_role_inquiry_respond_grant'] = user_3_db
user_4_db = UserDB(name='custom_role_inquiry_all_grant')
user_4_db = User.add_or_update(user_4_db)
self.users['custom_role_inquiry_all_grant'] = user_4_db
user_5_db = UserDB(name='custom_role_inquiry_inherit')
user_5_db = User.add_or_update(user_5_db)
self.users['custom_role_inquiry_inherit'] = user_5_db
# Create a workflow for testing inheritance of action_execute permission
# to inquiry_respond permission
wf_db = ActionDB(pack='examples', name='mistral-ask-basic', entry_point='',
runner_type={'name': 'mistral-v2'})
wf_db = Action.add_or_update(wf_db)
self.resources['wf'] = wf_db
runner = {'name': 'mistral-v2'}
liveaction = {'action': 'examples.mistral-ask-basic'}
status = action_constants.LIVEACTION_STATUS_PAUSED
# Spawn workflow
action = {'uid': wf_db.get_uid(), 'pack': 'examples'}
wf_exc_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction,
status=status)
wf_exc_db = ActionExecution.add_or_update(wf_exc_db)
# Create an Inquiry on which permissions can be granted
action_1_db = ActionDB(pack='core', name='ask', entry_point='',
runner_type={'name': 'inquirer'})
action_1_db = Action.add_or_update(action_1_db)
self.resources['action_1'] = action_1_db
runner = {'name': 'inquirer'}
liveaction = {'action': 'core.ask'}
status = action_constants.LIVEACTION_STATUS_PENDING
# For now, Inquiries are "borrowing" the ActionExecutionDB model,
# so we have to test with that model
action = {'uid': action_1_db.get_uid(), 'pack': 'core'}
inquiry_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction,
status=status)
# A separate inquiry that has a parent (so we can test workflow permission inheritance)
inquiry_2_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction,
status=status, parent=str(wf_exc_db.id))
# A bit gross, but it's what we have to do since Inquiries
# don't yet have their own data model
def get_uid():
return "inquiry"
inquiry_1_db.get_uid = get_uid
inquiry_2_db.get_uid = get_uid
inquiry_1_db = ActionExecution.add_or_update(inquiry_1_db)
inquiry_2_db = ActionExecution.add_or_update(inquiry_2_db)
self.resources['inquiry_1'] = inquiry_1_db
self.resources['inquiry_2'] = inquiry_2_db
############################################################
# Create some mock roles with associated permission grants #
############################################################
# Custom role - "inquiry_list" grant
grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_list_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_list_grant'] = role_db
# Custom role - "inquiry_view" grant
grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_view_grant'] = role_db
# Custom role - "inquiry_respond" grant
grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_RESPOND])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_respond_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_respond_grant'] = role_db
# Custom role - "inquiry_all" grant
grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(),
resource_type=ResourceType.INQUIRY,
permission_types=[PermissionType.INQUIRY_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_all_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_all_grant'] = role_db
# Custom role - inheritance grant
grant_db = PermissionGrantDB(resource_uid=self.resources['wf'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_inquiry_inherit',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_inquiry_inherit'] = role_db
#####################################
# Create some mock role assignments #
#####################################
user_db = self.users['custom_role_inquiry_list_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_list_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_view_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_respond_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_respond_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_inquiry_inherit']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_inquiry_inherit'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self):
super(ActionPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='1_role_action_pack_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_action_pack_grant'] = user_1_db
user_2_db = UserDB(name='1_role_action_grant')
user_2_db = User.add_or_update(user_2_db)
self.users['custom_role_action_grant'] = user_2_db
user_3_db = UserDB(name='custom_role_pack_action_all_grant')
user_3_db = User.add_or_update(user_3_db)
self.users['custom_role_pack_action_all_grant'] = user_3_db
user_4_db = UserDB(name='custom_role_action_all_grant')
user_4_db = User.add_or_update(user_4_db)
self.users['custom_role_action_all_grant'] = user_4_db
user_5_db = UserDB(name='custom_role_action_execute_grant')
user_5_db = User.add_or_update(user_5_db)
self.users['custom_role_action_execute_grant'] = user_5_db
user_6_db = UserDB(name='action_pack_action_create_grant')
user_6_db = User.add_or_update(user_6_db)
self.users['action_pack_action_create_grant'] = user_6_db
user_7_db = UserDB(name='action_pack_action_all_grant')
user_7_db = User.add_or_update(user_7_db)
self.users['action_pack_action_all_grant'] = user_7_db
user_8_db = UserDB(name='action_action_create_grant')
user_8_db = User.add_or_update(user_8_db)
self.users['action_action_create_grant'] = user_8_db
user_9_db = UserDB(name='action_action_all_grant')
user_9_db = User.add_or_update(user_9_db)
self.users['action_action_all_grant'] = user_9_db
user_10_db = UserDB(name='custom_role_action_list_grant')
user_10_db = User.add_or_update(user_10_db)
self.users['custom_role_action_list_grant'] = user_10_db
# Create some mock resources on which permissions can be granted
action_1_db = ActionDB(pack='test_pack_1', name='action1', entry_point='',
runner_type={'name': 'local-shell-cmd'})
action_1_db = Action.add_or_update(action_1_db)
self.resources['action_1'] = action_1_db
action_2_db = ActionDB(pack='test_pack_1', name='action2', entry_point='',
runner_type={'name': 'local-shell-cmd'})
action_2_db = Action.add_or_update(action_1_db)
self.resources['action_2'] = action_2_db
action_3_db = ActionDB(pack='test_pack_2', name='action3', entry_point='',
runner_type={'name': 'local-shell-cmd'})
action_3_db = Action.add_or_update(action_3_db)
self.resources['action_3'] = action_3_db
# Create some mock roles with associated permission grants
# Custom role 2 - one grant on parent pack
# "action_view" on pack_1
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_3_db = RoleDB(name='custom_role_action_pack_grant',
permission_grants=permission_grants)
role_3_db = Role.add_or_update(role_3_db)
self.roles['custom_role_action_pack_grant'] = role_3_db
# Custom role 4 - one grant on action
# "action_view" on action_3
grant_db = PermissionGrantDB(resource_uid=self.resources['action_3'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_action_grant', permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_action_grant'] = role_4_db
# Custom role - "action_all" grant on a parent action pack
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_pack_action_all_grant',
permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_pack_action_all_grant'] = role_4_db
# Custom role - "action_all" grant on action
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_action_all_grant'] = role_4_db
# Custom role - "action_execute" on action_1
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_5_db = RoleDB(name='custom_role_action_execute_grant',
permission_grants=permission_grants)
role_5_db = Role.add_or_update(role_5_db)
self.roles['custom_role_action_execute_grant'] = role_5_db
# Custom role - "action_create" grant on pack_1
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_CREATE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_6_db = RoleDB(name='action_pack_action_create_grant',
permission_grants=permission_grants)
role_6_db = Role.add_or_update(role_6_db)
self.roles['action_pack_action_create_grant'] = role_6_db
# Custom role - "action_all" grant on pack_1
grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_7_db = RoleDB(name='action_pack_action_all_grant',
permission_grants=permission_grants)
role_7_db = Role.add_or_update(role_7_db)
self.roles['action_pack_action_all_grant'] = role_7_db
# Custom role - "action_create" grant on action_1
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_CREATE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_8_db = RoleDB(name='action_action_create_grant',
permission_grants=permission_grants)
role_8_db = Role.add_or_update(role_8_db)
self.roles['action_action_create_grant'] = role_8_db
# Custom role - "action_all" grant on action_1
grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_9_db = RoleDB(name='action_action_all_grant',
permission_grants=permission_grants)
role_9_db = Role.add_or_update(role_9_db)
self.roles['action_action_all_grant'] = role_9_db
# Custom role - "action_list" grant
grant_db = PermissionGrantDB(resource_uid=None,
resource_type=None,
permission_types=[PermissionType.ACTION_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_10_db = RoleDB(name='custom_role_action_list_grant',
permission_grants=permission_grants)
role_10_db = Role.add_or_update(role_10_db)
self.roles['custom_role_action_list_grant'] = role_10_db
# Create some mock role assignments
user_db = self.users['custom_role_action_pack_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_action_pack_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_action_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_action_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_execute_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['action_pack_action_create_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['action_pack_action_create_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['action_pack_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['action_pack_action_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['action_action_create_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['action_action_create_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['action_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['action_action_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_list_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name, role=self.roles['custom_role_action_list_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
from st2common.util import reference
from st2reactor.rules.enforcer import RuleEnforcer
import st2tests.config as tests_config
MOCK_TRIGGER = TriggerDB()
MOCK_TRIGGER.id = 'trigger-test.id'
MOCK_TRIGGER.name = 'trigger-test.name'
MOCK_TRIGGER.pack = 'dummypack1'
MOCK_TRIGGER_INSTANCE = TriggerInstanceDB()
MOCK_TRIGGER_INSTANCE.id = 'triggerinstance-test'
MOCK_TRIGGER_INSTANCE.trigger = reference.get_ref_from_model(MOCK_TRIGGER)
MOCK_TRIGGER_INSTANCE.payload = {}
MOCK_TRIGGER_INSTANCE.occurrence_time = datetime.datetime.utcnow()
MOCK_ACTION = ActionDB()
MOCK_ACTION.id = 'action-test-1.id'
MOCK_ACTION.name = 'action-test-1.name'
MOCK_ACTION_EXECUTION = ActionExecutionDB()
MOCK_ACTION_EXECUTION.id = 'actionexec-test-1.id'
MOCK_ACTION_EXECUTION.name = 'actionexec-test-1.name'
MOCK_ACTION_EXECUTION.status = 'scheduled'
MOCK_RULE_1 = RuleDB()
MOCK_RULE_1.id = 'rule-test-1'
MOCK_RULE_1.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_1.criteria = {}
MOCK_RULE_1.action = ActionExecutionSpecDB()
MOCK_RULE_1.action.ref = reference.get_ref_from_model(MOCK_ACTION)
MOCK_RULE_1.enabled = True
def setUp(self):
super(ExecutionPermissionsResolverTestCase, self).setUp()
# Create some mock users
user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant')
user_1_db = User.add_or_update(user_1_db)
self.users['custom_role_unrelated_pack_action_grant'] = user_1_db
user_2_db = UserDB(
name='custom_role_pack_action_grant_unrelated_permission')
user_2_db = User.add_or_update(user_2_db)
self.users[
'custom_role_pack_action_grant_unrelated_permission'] = user_2_db
user_3_db = UserDB(name='custom_role_pack_action_view_grant')
user_3_db = User.add_or_update(user_3_db)
self.users['custom_role_pack_action_view_grant'] = user_3_db
user_4_db = UserDB(name='custom_role_action_view_grant')
user_4_db = User.add_or_update(user_4_db)
self.users['custom_role_action_view_grant'] = user_4_db
user_5_db = UserDB(name='custom_role_pack_action_execute_grant')
user_5_db = User.add_or_update(user_5_db)
self.users['custom_role_pack_action_execute_grant'] = user_5_db
user_6_db = UserDB(name='custom_role_action_execute_grant')
user_6_db = User.add_or_update(user_6_db)
self.users['custom_role_action_execute_grant'] = user_6_db
user_7_db = UserDB(name='custom_role_pack_action_all_grant')
user_7_db = User.add_or_update(user_7_db)
self.users['custom_role_pack_action_all_grant'] = user_7_db
user_8_db = UserDB(name='custom_role_action_all_grant')
user_8_db = User.add_or_update(user_8_db)
self.users['custom_role_action_all_grant'] = user_8_db
user_9_db = UserDB(name='custom_role_execution_list_grant')
user_9_db = User.add_or_update(user_5_db)
self.users['custom_role_execution_list_grant'] = user_9_db
# Create some mock resources on which permissions can be granted
action_1_db = ActionDB(pack='test_pack_2',
name='action1',
entry_point='',
runner_type={'name': 'run-local'})
action_1_db = Action.add_or_update(action_1_db)
self.resources['action_1'] = action_1_db
runner = {'name': 'run-python'}
liveaction = {'action': 'test_pack_2.action1'}
status = action_constants.LIVEACTION_STATUS_REQUESTED
action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'}
exec_1_db = ActionExecutionDB(action=action,
runner=runner,
liveaction=liveaction,
status=status)
exec_1_db = ActionExecution.add_or_update(exec_1_db)
self.resources['exec_1'] = exec_1_db
# Create some mock roles with associated permission grants
# Custom role - one grant to an unrelated pack
grant_db = PermissionGrantDB(
resource_uid=self.resources['pack_1'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_unrelated_pack_action_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_unrelated_pack_action_grant'] = role_db
# Custom role - one grant of unrelated permission type to parent action pack
grant_db = PermissionGrantDB(
resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.RULE_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(
name='custom_role_pack_action_grant_unrelated_permission',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles[
'custom_role_pack_action_grant_unrelated_permission'] = role_db
# Custom role - one grant of "action_view" to the parent pack of the action the execution
# belongs to
grant_db = PermissionGrantDB(
resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_pack_action_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_pack_action_view_grant'] = role_db
# Custom role - one grant of "action_view" to the action the execution belongs to
grant_db = PermissionGrantDB(
resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_action_view_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_action_view_grant'] = role_db
# Custom role - one grant of "action_execute" to the parent pack of the action the
# execution belongs to
grant_db = PermissionGrantDB(
resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_pack_action_execute_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_pack_action_execute_grant'] = role_db
# Custom role - one grant of "action_execute" to the the action the execution belongs to
grant_db = PermissionGrantDB(
resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_EXECUTE])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_db = RoleDB(name='custom_role_action_execute_grant',
permission_grants=permission_grants)
role_db = Role.add_or_update(role_db)
self.roles['custom_role_action_execute_grant'] = role_db
# Custom role - "action_all" grant on a parent action pack the execution belongs to
grant_db = PermissionGrantDB(
resource_uid=self.resources['pack_2'].get_uid(),
resource_type=ResourceType.PACK,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_pack_action_all_grant',
permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_pack_action_all_grant'] = role_4_db
# Custom role - "action_all" grant on action the execution belongs to
grant_db = PermissionGrantDB(
resource_uid=self.resources['action_1'].get_uid(),
resource_type=ResourceType.ACTION,
permission_types=[PermissionType.ACTION_ALL])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_4_db = RoleDB(name='custom_role_action_all_grant',
permission_grants=permission_grants)
role_4_db = Role.add_or_update(role_4_db)
self.roles['custom_role_action_all_grant'] = role_4_db
# Custom role - "execution_list" grant
grant_db = PermissionGrantDB(
resource_uid=None,
resource_type=None,
permission_types=[PermissionType.EXECUTION_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_5_db = RoleDB(name='custom_role_execution_list_grant',
permission_grants=permission_grants)
role_5_db = Role.add_or_update(role_5_db)
self.roles['custom_role_execution_list_grant'] = role_5_db
# Create some mock role assignments
user_db = self.users['custom_role_unrelated_pack_action_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_unrelated_pack_action_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users[
'custom_role_pack_action_grant_unrelated_permission']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.
roles['custom_role_pack_action_grant_unrelated_permission'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_view_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_view_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_action_view_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_execute_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_execute_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_execute_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_action_execute_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_pack_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_pack_action_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_action_all_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_action_all_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
user_db = self.users['custom_role_execution_list_grant']
role_assignment_db = UserRoleAssignmentDB(
user=user_db.name,
role=self.roles['custom_role_execution_list_grant'].name,
source='assignments/%s.yaml' % user_db.name)
UserRoleAssignment.add_or_update(role_assignment_db)
"list": ["v1", True, 1],
"recursive_list": [
{
"field_name": "Status",
"to_value": "Approved",
},
{
"field_name": "Signed off by",
"to_value": "Stanley",
},
],
},
)
MOCK_ACTION = ActionDB(id=bson.ObjectId(),
pack="wolfpack",
name="action-test-1.name")
MOCK_RULE_1 = RuleDB(
id=bson.ObjectId(),
pack="wolfpack",
name="some1",
trigger=reference.get_str_resource_ref_from_model(MOCK_TRIGGER),
criteria={},
action=ActionExecutionSpecDB(ref="somepack.someaction"),
)
MOCK_RULE_2 = RuleDB(
id=bson.ObjectId(),
pack="wolfpack",
name="some2",
