def put(self, data):
"""Modify this alarm.
:param data: an alarm within the request body.
"""
rbac.enforce('change_alarm', pecan.request)
# Ensure alarm exists
alarm_in = self._alarm()
now = timeutils.utcnow()
data.alarm_id = self._id
user, project = rbac.get_limited_to(pecan.request.headers)
if user:
data.user_id = user
elif data.user_id == wtypes.Unset:
data.user_id = alarm_in.user_id
if project:
data.project_id = project
elif data.project_id == wtypes.Unset:
data.project_id = alarm_in.project_id
data.timestamp = now
if alarm_in.state != data.state:
data.state_timestamp = now
else:
data.state_timestamp = alarm_in.state_timestamp
# make sure alarms are unique by name per project.
if alarm_in.name != data.name:
alarms = list(self.conn.get_alarms(name=data.name,
project=data.project_id))
if alarms:
raise base.ClientSideError(
_("Alarm with name=%s exists") % data.name,
status_code=409)
ALARMS_RULES[data.type].plugin.update_hook(data)
old_data = Alarm.from_db_model(alarm_in)
old_alarm = old_data.as_dict(alarm_models.Alarm)
data.update_actions(old_data)
updated_alarm = data.as_dict(alarm_models.Alarm)
try:
alarm_in = alarm_models.Alarm(**updated_alarm)
except Exception:
LOG.exception(_("Error while putting alarm: %s") % updated_alarm)
raise base.ClientSideError(_("Alarm incorrect"))
alarm = self.conn.update_alarm(alarm_in)
change = dict((k, v) for k, v in updated_alarm.items()
if v != old_alarm[k] and k not in
['timestamp', 'state_timestamp'])
self._record_change(change, now, on_behalf_of=alarm.project_id)
return Alarm.from_db_model(alarm)
def post(self, data):
"""Create a new alarm.
:param data: an alarm within the request body.
"""
rbac.enforce('create_alarm', pecan.request)
conn = pecan.request.alarm_storage_conn
now = timeutils.utcnow()
data.alarm_id = str(uuid.uuid4())
user_limit, project_limit = rbac.get_limited_to(pecan.request.headers)
def _set_ownership(aspect, owner_limitation, header):
attr = '%s_id' % aspect
requested_owner = getattr(data, attr)
explicit_owner = requested_owner != wtypes.Unset
caller = pecan.request.headers.get(header)
if (owner_limitation and explicit_owner
and requested_owner != caller):
raise base.ProjectNotAuthorized(requested_owner, aspect)
actual_owner = (owner_limitation or
requested_owner if explicit_owner else caller)
setattr(data, attr, actual_owner)
_set_ownership('user', user_limit, 'X-User-Id')
_set_ownership('project', project_limit, 'X-Project-Id')
# Check if there's room for one more alarm
if is_over_quota(conn, data.project_id, data.user_id):
raise OverQuota(data)
data.timestamp = now
data.state_timestamp = now
ALARMS_RULES[data.type].plugin.create_hook(data)
data.update_actions()
change = data.as_dict(alarm_models.Alarm)
# make sure alarms are unique by name per project.
alarms = list(conn.get_alarms(name=data.name,
project=data.project_id))
if alarms:
raise base.ClientSideError(
_("Alarm with name='%s' exists") % data.name,
status_code=409)
try:
alarm_in = alarm_models.Alarm(**change)
except Exception:
LOG.exception(_("Error while posting alarm: %s") % change)
raise base.ClientSideError(_("Alarm incorrect"))
alarm = conn.create_alarm(alarm_in)
self._record_creation(conn, change, alarm.alarm_id, now)
return Alarm.from_db_model(alarm)
def put(self, data):
"""Modify this alarm.
:param data: an alarm within the request body.
"""
rbac.enforce('change_alarm', pecan.request)
# Ensure alarm exists
alarm_in = self._alarm()
now = timeutils.utcnow()
data.alarm_id = self._id
user, project = rbac.get_limited_to(pecan.request.headers)
if user:
data.user_id = user
elif data.user_id == wtypes.Unset:
data.user_id = alarm_in.user_id
if project:
data.project_id = project
elif data.project_id == wtypes.Unset:
data.project_id = alarm_in.project_id
data.timestamp = now
if alarm_in.state != data.state:
data.state_timestamp = now
else:
data.state_timestamp = alarm_in.state_timestamp
alarm_in.severity = data.severity
# make sure alarms are unique by name per project.
if alarm_in.name != data.name:
alarms = list(
self.conn.get_alarms(name=data.name, project=data.project_id))
if alarms:
raise base.ClientSideError(_("Alarm with name=%s exists") %
data.name,
status_code=409)
ALARMS_RULES[data.type].plugin.update_hook(data)
old_alarm = Alarm.from_db_model(alarm_in).as_dict(alarm_models.Alarm)
updated_alarm = data.as_dict(alarm_models.Alarm)
try:
alarm_in = alarm_models.Alarm(**updated_alarm)
except Exception:
LOG.exception(_("Error while putting alarm: %s") % updated_alarm)
raise base.ClientSideError(_("Alarm incorrect"))
alarm = self.conn.update_alarm(alarm_in)
change = dict(
(k, v) for k, v in updated_alarm.items()
if v != old_alarm[k] and k not in ['timestamp', 'state_timestamp'])
self._record_change(change, now, on_behalf_of=alarm.project_id)
return Alarm.from_db_model(alarm)
def post(self, data):
"""Create a new alarm.
:param data: an alarm within the request body.
"""
rbac.enforce('create_alarm', pecan.request)
conn = pecan.request.alarm_storage_conn
now = timeutils.utcnow()
data.alarm_id = str(uuid.uuid4())
user_limit, project_limit = rbac.get_limited_to(pecan.request.headers)
def _set_ownership(aspect, owner_limitation, header):
attr = '%s_id' % aspect
requested_owner = getattr(data, attr)
explicit_owner = requested_owner != wtypes.Unset
caller = pecan.request.headers.get(header)
if (owner_limitation and explicit_owner
and requested_owner != caller):
raise base.ProjectNotAuthorized(requested_owner, aspect)
actual_owner = (owner_limitation or
requested_owner if explicit_owner else caller)
setattr(data, attr, actual_owner)
_set_ownership('user', user_limit, 'X-User-Id')
_set_ownership('project', project_limit, 'X-Project-Id')
# Check if there's room for one more alarm
if is_over_quota(conn, data.project_id, data.user_id):
raise OverQuota(data)
data.timestamp = now
data.state_timestamp = now
ALARMS_RULES[data.type].plugin.create_hook(data)
data.update_actions()
change = data.as_dict(alarm_models.Alarm)
# make sure alarms are unique by name per project.
alarms = list(conn.get_alarms(name=data.name,
project=data.project_id))
if alarms:
raise base.ClientSideError(
_("Alarm with name='%s' exists") % data.name,
status_code=409)
try:
alarm_in = alarm_models.Alarm(**change)
except Exception:
LOG.exception(_("Error while posting alarm: %s") % change)
raise base.ClientSideError(_("Alarm incorrect"))
alarm = conn.create_alarm(alarm_in)
self._record_creation(conn, change, alarm.alarm_id, now)
return Alarm.from_db_model(alarm)
def wrapped(*args, **kwargs):
usr_limit, proj_limit = rbac.get_limited_to(pecan.request.headers)
# If User and Project are None, you have full access.
if usr_limit and proj_limit:
# since this decorator get's called out of wsme context
# raising exception results internal error so call abort
# for handling the error
ex = base.ProjectNotAuthorized(proj_limit)
pecan.core.abort(status_code=ex.code, detail=ex.msg)
return func(*args, **kwargs)
def wrapped(*args, **kwargs):
usr_limit, proj_limit = rbac.get_limited_to(pecan.request.headers)
# If User and Project are None, you have full access.
if usr_limit and proj_limit:
# since this decorator get's called out of wsme context
# raising exception results internal error so call abort
# for handling the error
ex = base.ProjectNotAuthorized(proj_limit)
pecan.core.abort(status_code=ex.code, detail=ex.msg)
return func(*args, **kwargs)
def _build_rbac_query_filters():
filters = {"t_filter": [], "admin_proj": None}
# Returns user_id, proj_id for non-admins
user_id, proj_id = rbac.get_limited_to(pecan.request.headers)
# If non-admin, filter events by user and project
if user_id and proj_id:
filters["t_filter"].append({"key": "project_id", "string": proj_id, "op": "eq"})
filters["t_filter"].append({"key": "user_id", "string": user_id, "op": "eq"})
elif not user_id and not proj_id:
filters["admin_proj"] = pecan.request.headers.get("X-Project-Id")
return filters
def _build_rbac_query_filters():
filters = {'t_filter': [], 'admin_proj': None}
# Returns user_id, proj_id for non-admins
user_id, proj_id = rbac.get_limited_to(pecan.request.headers)
# If non-admin, filter events by user and project
if user_id and proj_id:
filters['t_filter'].append({"key": "project_id", "string": proj_id,
"op": "eq"})
filters['t_filter'].append({"key": "user_id", "string": user_id,
"op": "eq"})
elif not user_id and not proj_id:
filters['admin_proj'] = pecan.request.headers.get('X-Project-Id')
return filters
