def delete(self, name):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
lock_name = self._get_lock_name_for_key(name=name)
# Note: We use lock to avoid a race
with self._coordinator.get_lock(lock_name):
kvp_db = self.__get_by_name(name=name)
if not kvp_db:
abort(http_client.NOT_FOUND)
return
LOG.debug('DELETE /keys/ lookup with name=%s found object: %s', name, kvp_db)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception('Database delete encountered exception during '
'delete of name="%s". ', name)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
extra = {'kvp_db': kvp_db}
LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def delete(self, name):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
lock_name = self._get_lock_name_for_key(name=name)
# Note: We use lock to avoid a race
with self._coordinator.get_lock(lock_name):
kvp_db = self._get_by_name(resource_name=name)
if not kvp_db:
abort(http_client.NOT_FOUND)
return
LOG.debug('DELETE /keys/ lookup with name=%s found object: %s', name, kvp_db)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception('Database delete encountered exception during '
'delete of name="%s". ', name)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
extra = {'kvp_db': kvp_db}
LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def delete(self, name, requester_user, scope=FULL_SYSTEM_SCOPE, user=None):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
if not scope:
scope = FULL_SYSTEM_SCOPE
if not requester_user:
requester_user = UserDB(cfg.CONF.system_user.user)
scope = get_datastore_full_scope(scope)
self._validate_scope(scope=scope)
user = user or requester_user.name
# Validate that the authenticated user is admin if user query param is provided
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_is_admin_if_user_query_param_is_provided(
user_db=requester_user, user=user, require_rbac=True)
key_ref = get_key_reference(scope=scope, name=name, user=user)
lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope)
# Note: We use lock to avoid a race
with self._coordinator.get_lock(lock_name):
from_model_kwargs = {"mask_secrets": True}
kvp_api = self._get_one_by_scope_and_name(
name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs)
kvp_db = KeyValuePairAPI.to_model(kvp_api)
LOG.debug(
"DELETE /keys/ lookup with scope=%s name=%s found object: %s",
scope,
name,
kvp_db,
)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception(
"Database delete encountered exception during "
'delete of name="%s". ',
name,
)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
extra = {"kvp_db": kvp_db}
LOG.audit("KeyValuePair deleted. KeyValuePair.id=%s" % (kvp_db.id),
extra=extra)
return Response(status=http_client.NO_CONTENT)
def delete(self, name, requester_user, scope=FULL_SYSTEM_SCOPE, user=None):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
if not scope:
scope = FULL_SYSTEM_SCOPE
if not requester_user:
requester_user = UserDB(cfg.CONF.system_user.user)
scope = get_datastore_full_scope(scope)
self._validate_scope(scope=scope)
user = user or requester_user.name
# Validate that the authenticated user is admin if user query param is provided
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_is_admin_if_user_query_param_is_provided(user_db=requester_user,
user=user,
require_rbac=True)
key_ref = get_key_reference(scope=scope, name=name, user=user)
lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope)
# Note: We use lock to avoid a race
with self._coordinator.get_lock(lock_name):
from_model_kwargs = {'mask_secrets': True}
kvp_api = self._get_one_by_scope_and_name(
name=key_ref,
scope=scope,
from_model_kwargs=from_model_kwargs
)
kvp_db = KeyValuePairAPI.to_model(kvp_api)
LOG.debug('DELETE /keys/ lookup with scope=%s name=%s found object: %s',
scope, name, kvp_db)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception('Database delete encountered exception during '
'delete of name="%s". ', name)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
extra = {'kvp_db': kvp_db}
LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
return Response(status=http_client.NO_CONTENT)
def test_system_transform(self):
k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5'))
k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6'))
k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7'))
k8 = KeyValuePair.add_or_update(
KeyValuePairDB(name='k8', value='v8', scope=FULL_SYSTEM_SCOPE))
try:
transformer = datatransform.get_transformer(PAYLOAD)
mapping = {
'ip5': '{{trigger.k2}}-static',
'ip6': '{{st2kv.system.k6}}-static',
'ip7': '{{st2kv.system.k7}}-static'
}
result = transformer(mapping)
expected = {
'ip5': 'v2-static',
'ip6': 'v6-static',
'ip7': 'v7-static'
}
self.assertEqual(result, expected)
finally:
KeyValuePair.delete(k5)
KeyValuePair.delete(k6)
KeyValuePair.delete(k7)
KeyValuePair.delete(k8)
def test_system_transform(self):
rule = self.models['rules']['rule_action_default_value_render_fail.yaml']
runner_type_db = mock.Mock()
runner_type_db.runner_parameters = {}
action_db = mock.Mock()
action_db.parameters = {}
k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5'))
k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6'))
k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7'))
k8 = KeyValuePair.add_or_update(KeyValuePairDB(name='k8', value='v8',
scope=FULL_SYSTEM_SCOPE))
params = {'ip5': '{{trigger.k2}}-static',
'ip6': '{{st2kv.system.k6}}-static',
'ip7': '{{st2kv.system.k7}}-static'}
expected_params = {'ip5': 'v2-static',
'ip6': 'v6-static',
'ip7': 'v7-static'}
try:
self.assertResolvedParamsMatchExpected(rule=rule,
trigger_instance=MOCK_TRIGGER_INSTANCE_4,
params=params,
expected_params=expected_params)
finally:
KeyValuePair.delete(k5)
KeyValuePair.delete(k6)
KeyValuePair.delete(k7)
KeyValuePair.delete(k8)
def test_system_transform(self):
rule = self.models['rules']['rule_action_default_value_render_fail.yaml']
runner_type_db = mock.Mock()
runner_type_db.runner_parameters = {}
action_db = mock.Mock()
action_db.parameters = {}
k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5'))
k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6'))
k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7'))
k8 = KeyValuePair.add_or_update(KeyValuePairDB(name='k8', value='v8',
scope=FULL_SYSTEM_SCOPE))
params = {'ip5': '{{trigger.k2}}-static',
'ip6': '{{st2kv.system.k6}}-static',
'ip7': '{{st2kv.system.k7}}-static'}
expected_params = {'ip5': 'v2-static',
'ip6': 'v6-static',
'ip7': 'v7-static'}
try:
self.assertResolvedParamsMatchExpected(rule=rule,
trigger_instance=MOCK_TRIGGER_INSTANCE_4,
params=params,
expected_params=expected_params)
finally:
KeyValuePair.delete(k5)
KeyValuePair.delete(k6)
KeyValuePair.delete(k7)
KeyValuePair.delete(k8)
def delete(self, name, scope=FULL_SYSTEM_SCOPE, user=None):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
if not scope:
scope = FULL_SYSTEM_SCOPE
scope = get_datastore_full_scope(scope)
self._validate_scope(scope=scope)
requester_user = get_requester()
user = user or requester_user
# Validate that the authenticated user is admin if user query param is provided
assert_request_user_is_admin_if_user_query_param_is_provided(
request=pecan.request, user=user)
key_ref = get_key_reference(scope=scope, name=name, user=user)
lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope)
# Note: We use lock to avoid a race
with self._coordinator.get_lock(lock_name):
from_model_kwargs = {'mask_secrets': True}
kvp_api = self._get_one_by_scope_and_name(
name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs)
kvp_db = KeyValuePairAPI.to_model(kvp_api)
LOG.debug(
'DELETE /keys/ lookup with scope=%s name=%s found object: %s',
scope, name, kvp_db)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception(
'Database delete encountered exception during '
'delete of name="%s". ', name)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
extra = {'kvp_db': kvp_db}
LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id),
extra=extra)
def delete(self, name, scope=FULL_SYSTEM_SCOPE, user=None):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
if not scope:
scope = FULL_SYSTEM_SCOPE
scope = get_datastore_full_scope(scope)
self._validate_scope(scope=scope)
requester_user = get_requester()
user = user or requester_user
# Validate that the authenticated user is admin if user query param is provided
assert_request_user_is_admin_if_user_query_param_is_provider(request=pecan.request,
user=user)
key_ref = get_key_reference(scope=scope, name=name, user=user)
lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope)
# Note: We use lock to avoid a race
with self._coordinator.get_lock(lock_name):
from_model_kwargs = {'mask_secrets': True}
kvp_api = self._get_one_by_scope_and_name(
name=key_ref,
scope=scope,
from_model_kwargs=from_model_kwargs
)
kvp_db = KeyValuePairAPI.to_model(kvp_api)
LOG.debug('DELETE /keys/ lookup with scope=%s name=%s found object: %s',
scope, name, kvp_db)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception('Database delete encountered exception during '
'delete of name="%s". ', name)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
extra = {'kvp_db': kvp_db}
LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def tearDownClass(cls):
headers = {'content-type': 'application/json', 'X-Auth-Token': str(SYS_TOKEN.token)}
cls.app.delete('/v1/actions/%s' % cls.action['id'], headers=headers)
cls.app.delete('/v1/actions/%s' % cls.action_encrypt['id'], headers=headers)
# unregister key-value pairs for tests
[KeyValuePair.delete(x) for x in cls.kvps]
super(ActionExecutionControllerTestCaseAuthEnabled, cls).tearDownClass()
def test_chain_runner_vars_system_params(self, request):
kvps = []
try:
kvps.append(
KeyValuePair.add_or_update(
KeyValuePairDB(name='a', value='two')))
chain_runner = acr.get_runner()
chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS
chain_runner.action = ACTION_2
chain_runner.container_service = RunnerContainerService()
chain_runner.pre_run()
chain_runner.run({})
self.assertNotEqual(chain_runner.chain_holder.actionchain, None)
expected_value = {'inttype': 1, 'strtype': 'two', 'booltype': True}
mock_args, _ = request.call_args
self.assertEqual(mock_args[0].parameters, expected_value)
finally:
for kvp in kvps:
KeyValuePair.delete(kvp)
def test_chain_runner_vars_system_params(self, request):
kvps = []
try:
kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name='a', value='two')))
chain_runner = acr.get_runner()
chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS
chain_runner.action = ACTION_2
chain_runner.container_service = RunnerContainerService()
chain_runner.pre_run()
chain_runner.run({})
self.assertNotEqual(chain_runner.chain_holder.actionchain, None)
expected_value = {'inttype': 1,
'strtype': 'two',
'booltype': True}
mock_args, _ = request.call_args
self.assertEqual(mock_args[0].parameters, expected_value)
finally:
for kvp in kvps:
KeyValuePair.delete(kvp)
def test_chain_runner_vars_system_params(self, request):
action_ref = ResourceReference.to_string_reference(name=ACTION_2.name, pack=ACTION_2.pack)
kvps = []
try:
kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name='a', value='two')))
chain_runner = acr.get_runner()
chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS
chain_runner.action = ACTION_2
chain_runner.liveaction = LiveActionDB(action=action_ref)
chain_runner.pre_run()
chain_runner.run({})
self.assertNotEqual(chain_runner.chain_holder.actionchain, None)
expected_value = {'inttype': 1,
'strtype': 'two',
'booltype': True}
mock_args, _ = request.call_args
self.assertEqual(mock_args[0].parameters, expected_value)
finally:
for kvp in kvps:
KeyValuePair.delete(kvp)
def test_chain_runner_vars_system_params(self, request):
action_ref = ResourceReference.to_string_reference(name=ACTION_2.name, pack=ACTION_2.pack)
kvps = []
try:
kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name='a', value='two')))
chain_runner = acr.get_runner()
chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS
chain_runner.action = ACTION_2
chain_runner.liveaction = LiveActionDB(action=action_ref)
chain_runner.pre_run()
chain_runner.run({})
self.assertNotEqual(chain_runner.chain_holder.actionchain, None)
expected_value = {'inttype': 1,
'strtype': 'two',
'booltype': True}
mock_args, _ = request.call_args
self.assertEqual(mock_args[0].parameters, expected_value)
finally:
for kvp in kvps:
KeyValuePair.delete(kvp)
def tearDownClass(cls):
headers = {
"content-type": "application/json",
"X-Auth-Token": str(SYS_TOKEN.token),
}
cls.app.delete("/v1/actions/%s" % cls.action["id"], headers=headers)
cls.app.delete("/v1/actions/%s" % cls.action_encrypt["id"],
headers=headers)
# unregister key-value pairs for tests
[KeyValuePair.delete(x) for x in cls.kvps]
super(ActionExecutionControllerTestCaseAuthEnabled,
cls).tearDownClass()
def test_chain_runner_typed_system_params(self, request):
action_ref = ResourceReference.to_string_reference(
name=ACTION_2.name, pack=ACTION_2.pack
)
kvps = []
try:
kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name="a", value="1")))
kvps.append(
KeyValuePair.add_or_update(KeyValuePairDB(name="a.b.c", value="two"))
)
chain_runner = acr.get_runner()
chain_runner.entry_point = CHAIN_SYSTEM_PARAMS
chain_runner.action = ACTION_2
chain_runner.liveaction = LiveActionDB(action=action_ref)
chain_runner.pre_run()
chain_runner.run({})
self.assertNotEqual(chain_runner.chain_holder.actionchain, None)
expected_value = {"inttype": 1, "strtype": "two"}
mock_args, _ = request.call_args
self.assertEqual(mock_args[0].parameters, expected_value)
finally:
for kvp in kvps:
KeyValuePair.delete(kvp)
def tearDownClass(cls):
headers = {
'content-type': 'application/json',
'X-Auth-Token': str(SYS_TOKEN.token)
}
cls.app.delete('/v1/actions/%s' % cls.action['id'], headers=headers)
cls.app.delete('/v1/actions/%s' % cls.action_encrypt['id'],
headers=headers)
# unregister key-value pairs for tests
[KeyValuePair.delete(x) for x in cls.kvps]
super(ActionExecutionControllerTestCaseAuthEnabled,
cls).tearDownClass()
def test_system_transform(self):
k5 = KeyValuePair.add_or_update(KeyValuePairDB(name="k5", value="v5"))
k6 = KeyValuePair.add_or_update(KeyValuePairDB(name="k6", value="v6"))
k7 = KeyValuePair.add_or_update(KeyValuePairDB(name="k7", value="v7"))
try:
transformer = datatransform.get_transformer(PAYLOAD)
mapping = {"ip5": "{{trigger.k2}}-static", "ip6": "{{system.k6}}-static", "ip7": "{{system.k7}}-static"}
result = transformer(mapping)
expected = {"ip5": "v2-static", "ip6": "v6-static", "ip7": "v7-static"}
self.assertEqual(result, expected)
finally:
KeyValuePair.delete(k5)
KeyValuePair.delete(k6)
KeyValuePair.delete(k7)
def test_system_transform(self):
rule = self.models["rules"][
"rule_action_default_value_render_fail.yaml"]
runner_type_db = mock.Mock()
runner_type_db.runner_parameters = {}
action_db = mock.Mock()
action_db.parameters = {}
k5 = KeyValuePair.add_or_update(KeyValuePairDB(name="k5", value="v5"))
k6 = KeyValuePair.add_or_update(KeyValuePairDB(name="k6", value="v6"))
k7 = KeyValuePair.add_or_update(KeyValuePairDB(name="k7", value="v7"))
k8 = KeyValuePair.add_or_update(
KeyValuePairDB(name="k8", value="v8", scope=FULL_SYSTEM_SCOPE))
params = {
"ip5": "{{trigger.k2}}-static",
"ip6": "{{st2kv.system.k6}}-static",
"ip7": "{{st2kv.system.k7}}-static",
}
expected_params = {
"ip5": "v2-static",
"ip6": "v6-static",
"ip7": "v7-static"
}
try:
self.assertResolvedParamsMatchExpected(
rule=rule,
trigger_instance=MOCK_TRIGGER_INSTANCE_4,
params=params,
expected_params=expected_params,
)
finally:
KeyValuePair.delete(k5)
KeyValuePair.delete(k6)
KeyValuePair.delete(k7)
KeyValuePair.delete(k8)
def test_system_transform(self):
k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5'))
k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6'))
k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7'))
k8 = KeyValuePair.add_or_update(KeyValuePairDB(name='k8', value='v8',
scope=FULL_SYSTEM_SCOPE))
try:
transformer = datatransform.get_transformer(PAYLOAD)
mapping = {'ip5': '{{trigger.k2}}-static',
'ip6': '{{st2kv.system.k6}}-static',
'ip7': '{{st2kv.system.k7}}-static',
'ip8': '{{system.k8}}-static'}
result = transformer(mapping)
expected = {'ip5': 'v2-static',
'ip6': 'v6-static',
'ip7': 'v7-static',
'ip8': 'v8-static'}
self.assertEqual(result, expected)
finally:
KeyValuePair.delete(k5)
KeyValuePair.delete(k6)
KeyValuePair.delete(k7)
KeyValuePair.delete(k8)
def delete(self, name, requester_user, scope=None, user=None):
"""
Delete the key value pair.
Handles requests:
DELETE /keys/1
"""
if not scope or scope == ALL_SCOPE:
# Default to system scope
scope = FULL_SYSTEM_SCOPE
if not requester_user:
requester_user = UserDB(name=cfg.CONF.system_user.user)
scope = get_datastore_full_scope(scope)
self._validate_scope(scope=scope)
user = user or requester_user.name
rbac_utils = get_rbac_backend().get_utils_class()
# Validate that the authenticated user is admin if user query param is provided
rbac_utils.assert_user_is_admin_if_user_query_param_is_provided(
user_db=requester_user, user=user, require_rbac=True)
# Set key reference for system or user scope
key_ref = get_key_reference(scope=scope, name=name, user=user)
extra = {
"scope": scope,
"name": name,
"user": user,
"key_ref": key_ref
}
LOG.debug("DELETE /v1/keys/%s", name, extra=extra)
# Setup a kvp database object used for verifying permission
kvp_db = KeyValuePairDB(
uid="%s:%s:%s" % (ResourceType.KEY_VALUE_PAIR, scope, key_ref),
scope=scope,
name=key_ref,
)
# Check that user has permission to the key value pair.
# If RBAC is enabled, this check will verify if user has system role with all access.
# If RBAC is enabled, this check guards against a user accessing another user's kvp.
# If RBAC is enabled, user needs to be explicitly granted permission to delete a system kvp.
# The check is sufficient to allow decryption of the system kvp.
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=kvp_db,
permission_type=PermissionType.KEY_VALUE_PAIR_DELETE,
)
# Acquire a lock to avoid race condition between concurrent API calls
with self._coordinator.get_lock(
self._get_lock_name_for_key(name=key_ref, scope=scope)):
from_model_kwargs = {"mask_secrets": True}
kvp_api = self._get_one_by_scope_and_name(
name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs)
kvp_db = KeyValuePairAPI.to_model(kvp_api)
extra["kvp_db"] = kvp_db
LOG.debug("DELETE /v1/keys/%s", name, extra=extra)
try:
KeyValuePair.delete(kvp_db)
except Exception as e:
LOG.exception(
"Database delete encountered exception during "
'delete of name="%s". ',
name,
)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
LOG.audit("DELETE /v1/keys/%s succeeded id=%s",
name,
kvp_db.id,
extra=extra)
return Response(status=http_client.NO_CONTENT)
