def _handle_schedule_execution(self, liveaction_api):
"""
:param liveaction: LiveActionAPI object.
:type liveaction: :class:`LiveActionAPI`
"""
# Assert the permissions
action_ref = liveaction_api.action
action_db = action_utils.get_action_by_ref(action_ref)
user = liveaction_api.user or get_requester()
assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
# TODO: Validate user is admin if user is provided
assert_request_user_is_admin_if_user_query_param_is_provider(request=pecan.request,
user=user)
try:
return self._schedule_execution(liveaction=liveaction_api, user=user)
except ValueError as e:
LOG.exception('Unable to execute action.')
abort(http_client.BAD_REQUEST, str(e))
except jsonschema.ValidationError as e:
LOG.exception('Unable to execute action. Parameter validation failed.')
abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message))
except TraceNotFoundException as e:
abort(http_client.BAD_REQUEST, str(e))
except ValueValidationException as e:
raise e
except Exception as e:
LOG.exception('Unable to execute action. Unexpected error encountered.')
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _schedule_execution(self, action_alias_db, params, notify, context):
action_ref = action_alias_db.action_ref
action_db = action_utils.get_action_by_ref(action_ref)
if not action_db:
raise StackStormDBObjectNotFoundError('Action with ref "%s" not found ' % (action_ref))
assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
try:
# prior to shipping off the params cast them to the right type.
params = action_param_utils.cast_params(action_ref=action_alias_db.action_ref,
params=params,
cast_overrides=CAST_OVERRIDES)
if not context:
context = {
'action_alias_ref': reference.get_ref_from_model(action_alias_db),
'user': get_system_username()
}
liveaction = LiveActionDB(action=action_alias_db.action_ref, context=context,
parameters=params, notify=notify)
_, action_execution_db = action_service.request(liveaction)
return ActionExecutionAPI.from_model(action_execution_db)
except ValueError as e:
LOG.exception('Unable to execute action.')
pecan.abort(http_client.BAD_REQUEST, str(e))
except jsonschema.ValidationError as e:
LOG.exception('Unable to execute action. Parameter validation failed.')
pecan.abort(http_client.BAD_REQUEST, str(e))
except Exception as e:
LOG.exception('Unable to execute action. Unexpected error encountered.')
pecan.abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _handle_schedule_execution(self, liveaction):
# Assert the permissions
action_ref = liveaction.action
action_db = action_utils.get_action_by_ref(action_ref)
assert_request_user_has_resource_db_permission(
request=pecan.request,
resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
try:
return self._schedule_execution(liveaction=liveaction)
except ValueError as e:
LOG.exception('Unable to execute action.')
abort(http_client.BAD_REQUEST, str(e))
except jsonschema.ValidationError as e:
LOG.exception(
'Unable to execute action. Parameter validation failed.')
abort(http_client.BAD_REQUEST,
re.sub("u'([^']*)'", r"'\1'", e.message))
except TraceNotFoundException as e:
abort(http_client.BAD_REQUEST, str(e))
except Exception as e:
LOG.exception(
'Unable to execute action. Unexpected error encountered.')
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _handle_schedule_execution(self, liveaction_api):
"""
:param liveaction: LiveActionAPI object.
:type liveaction: :class:`LiveActionAPI`
"""
# Assert the permissions
action_ref = liveaction_api.action
action_db = action_utils.get_action_by_ref(action_ref)
user = liveaction_api.user or get_requester()
assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
# TODO: Validate user is admin if user is provided
assert_request_user_is_admin_if_user_query_param_is_provider(request=pecan.request,
user=user)
try:
return self._schedule_execution(liveaction=liveaction_api, user=user)
except ValueError as e:
LOG.exception('Unable to execute action.')
abort(http_client.BAD_REQUEST, str(e))
except jsonschema.ValidationError as e:
LOG.exception('Unable to execute action. Parameter validation failed.')
abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message))
except TraceNotFoundException as e:
abort(http_client.BAD_REQUEST, str(e))
except ValueValidationException as e:
raise e
except Exception as e:
LOG.exception('Unable to execute action. Unexpected error encountered.')
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def func_wrapper(*args, **kwargs):
hook = '/'.join(args[1:]) # TODO: There must be a better way to do this.
webhook_db = WebhookDB(name=hook)
resource_db = webhook_db
utils.assert_request_user_has_resource_db_permission(request=pecan.request,
resource_db=resource_db,
permission_type=permission_type)
return func(*args, **kwargs)
def func_wrapper(*args, **kwargs):
controller_instance = args[0]
resource_id = args[1] # Note: This can either be id, name or ref
get_one_db_method = controller_instance.get_one_db_method
resource_db = get_one_db_method(resource_id)
utils.assert_request_user_has_resource_db_permission(request=pecan.request,
resource_db=resource_db,
permission_type=permission_type)
return func(*args, **kwargs)
def func_wrapper(*args, **kwargs):
hook = '/'.join(
args[1:]) # TODO: There must be a better way to do this.
webhook_db = WebhookDB(name=hook)
resource_db = webhook_db
utils.assert_request_user_has_resource_db_permission(
request=pecan.request,
resource_db=resource_db,
permission_type=permission_type)
return func(*args, **kwargs)
def func_wrapper(*args, **kwargs):
controller_instance = args[0]
resource_id = args[1] # Note: This can either be id, name or ref
get_one_db_method = controller_instance.get_one_db_method
resource_db = get_one_db_method(resource_id)
utils.assert_request_user_has_resource_db_permission(
request=pecan.request,
resource_db=resource_db,
permission_type=permission_type)
return func(*args, **kwargs)
def get_one(self, ref_or_id, *file_path_components):
"""
Outputs the content of a specific file in a pack.
Handles requests:
GET /packs/views/file/<pack_ref_or_id>/<file path>
"""
pack_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
if not pack_db:
msg = 'Pack with ref_or_id "%s" does not exist' % (ref_or_id)
raise StackStormDBObjectNotFoundError(msg)
if not file_path_components:
raise ValueError('Missing file path')
file_path = os.path.join(*file_path_components)
pack_ref = pack_db.ref
# Note: Until list filtering is in place we don't require RBAC check for icon file
if file_path not in WHITELISTED_FILE_PATHS:
assert_request_user_has_resource_db_permission(
request=pecan.request,
resource_db=pack_db,
permission_type=PermissionType.PACK_VIEW)
normalized_file_path = get_pack_file_abs_path(pack_ref=pack_ref,
file_path=file_path)
if not normalized_file_path or not os.path.isfile(
normalized_file_path):
# Ignore references to files which don't exist on disk
raise StackStormDBObjectNotFoundError('File "%s" not found' %
(file_path))
file_size, file_mtime = self._get_file_stats(
file_path=normalized_file_path)
if not self._is_file_changed(file_mtime):
self._add_cache_headers(file_mtime)
response.status = http_client.NOT_MODIFIED
return response
if file_size is not None and file_size > MAX_FILE_SIZE:
msg = ('File %s exceeds maximum allowed file size (%s bytes)' %
(file_path, MAX_FILE_SIZE))
raise ValueError(msg)
content_type = mimetypes.guess_type(
normalized_file_path)[0] or 'application/octet-stream'
self._add_cache_headers(file_mtime)
response.headers['Content-Type'] = content_type
response.body = self._get_file_content(file_path=normalized_file_path)
return response
def get_one(self, ref_or_id, *file_path_components):
"""
Outputs the content of a specific file in a pack.
Handles requests:
GET /packs/views/file/<pack_ref_or_id>/<file path>
"""
pack_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
if not pack_db:
msg = 'Pack with ref_or_id "%s" does not exist' % (ref_or_id)
raise StackStormDBObjectNotFoundError(msg)
if not file_path_components:
raise ValueError('Missing file path')
file_path = os.path.join(*file_path_components)
pack_ref = pack_db.ref
# Note: Until list filtering is in place we don't require RBAC check for icon file
if file_path not in WHITELISTED_FILE_PATHS:
assert_request_user_has_resource_db_permission(request=pecan.request,
resource_db=pack_db, permission_type=PermissionType.PACK_VIEW)
normalized_file_path = get_pack_file_abs_path(pack_ref=pack_ref, file_path=file_path)
if not normalized_file_path or not os.path.isfile(normalized_file_path):
# Ignore references to files which don't exist on disk
raise StackStormDBObjectNotFoundError('File "%s" not found' % (file_path))
file_size, file_mtime = self._get_file_stats(file_path=normalized_file_path)
if not self._is_file_changed(file_mtime):
self._add_cache_headers(file_mtime)
response.status = http_client.NOT_MODIFIED
return response
if file_size is not None and file_size > MAX_FILE_SIZE:
msg = ('File %s exceeds maximum allowed file size (%s bytes)' %
(file_path, MAX_FILE_SIZE))
raise ValueError(msg)
content_type = mimetypes.guess_type(normalized_file_path)[0] or 'application/octet-stream'
self._add_cache_headers(file_mtime)
response.headers['Content-Type'] = content_type
response.body = self._get_file_content(file_path=normalized_file_path)
return response
def _schedule_execution(self, action_alias_db, params, notify, context):
action_ref = action_alias_db.action_ref
action_db = action_utils.get_action_by_ref(action_ref)
if not action_db:
raise StackStormDBObjectNotFoundError(
'Action with ref "%s" not found ' % (action_ref))
assert_request_user_has_resource_db_permission(
request=request,
resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
try:
# prior to shipping off the params cast them to the right type.
params = action_param_utils.cast_params(
action_ref=action_alias_db.action_ref,
params=params,
cast_overrides=CAST_OVERRIDES)
if not context:
context = {
'action_alias_ref':
reference.get_ref_from_model(action_alias_db),
'user':
get_system_username()
}
liveaction = LiveActionDB(action=action_alias_db.action_ref,
context=context,
parameters=params,
notify=notify)
_, action_execution_db = action_service.request(liveaction)
return ActionExecutionAPI.from_model(action_execution_db)
except ValueError as e:
LOG.exception('Unable to execute action.')
abort(http_client.BAD_REQUEST, str(e))
except jsonschema.ValidationError as e:
LOG.exception(
'Unable to execute action. Parameter validation failed.')
abort(http_client.BAD_REQUEST, str(e))
except Exception as e:
LOG.exception(
'Unable to execute action. Unexpected error encountered.')
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _handle_schedule_execution(self, liveaction):
# Assert the permissions
action_ref = liveaction.action
action_db = action_utils.get_action_by_ref(action_ref)
assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db,
permission_type=PermissionType.ACTION_EXECUTE)
try:
return self._schedule_execution(liveaction=liveaction)
except ValueError as e:
LOG.exception('Unable to execute action.')
abort(http_client.BAD_REQUEST, str(e))
except jsonschema.ValidationError as e:
LOG.exception('Unable to execute action. Parameter validation failed.')
abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message))
except TraceNotFoundException as e:
abort(http_client.BAD_REQUEST, str(e))
except Exception as e:
LOG.exception('Unable to execute action. Unexpected error encountered.')
abort(http_client.INTERNAL_SERVER_ERROR, str(e))