def manage_events(self, evids=None, excludeIds=None, params=None, uid=None, asof=None, limit=None, timeout=None): if Zuul.checkPermission(ZEN_MANAGE_EVENTS, self.context): return True if params.get('excludeNonActionables'): return Zuul.checkPermission('ZenCommon', self.context) return False
def manage_events(self, evids=None, excludeIds=None, params=None, uid=None, asof=None, limit=None, timeout=None): user = self.context.dmd.ZenUsers.getUserSettings() if Zuul.checkPermission(ZEN_MANAGE_EVENTS, self.context): return True if params.get('excludeNonActionables'): return Zuul.checkPermission('ZenCommon', self.context) try: if uid is not None: organizer_name = self.context.dmd.Devices.getOrganizer(uid).getOrganizerName() else: return self._hasPermissionsForAllEvents(ZEN_MANAGE_EVENTS, evids) except (AttributeError, KeyError): return False manage_events_for = (r.managedObjectName() for r in user.getAllAdminRoles() if r.role in READ_WRITE_ROLES) return organizer_name in manage_events_for
def updateConfigFiles(self, id, configFiles): """ Updates the configuration files for an application specified by id. The configFiles parameters is an array of dictionaries of the form: { filename: "blah", content: "line 1\nline 2\n..." } The filename parameter serves as the "id" of each configFile passed in. """ if not Zuul.checkPermission('Manage DMD'): return DirectResponse.fail("You don't have permission to set update config files", sticky=False) facade = self._getFacade() deployedApp = facade.get(id) newConfigs = [] for deployedAppConfig in deployedApp.configurations: if deployedAppConfig.filename in [ cf['filename'] for cf in configFiles ]: audit('UI.Applications.UpdateConfigFiles', service=id, servicename=deployedApp.name, filename=deployedAppConfig.filename) deployedAppConfig.content = next((cf['content'] for cf in configFiles if cf['filename'] == deployedAppConfig.filename)) newConfigs.append(deployedAppConfig) deployedApp.configurations = newConfigs return DirectResponse.succeed()
def add_ovirt(self, url, username, domain, password, collector='localhost'): # Check the permissions on the context context = self.context.dmd.Devices.oVirt if not Zuul.checkPermission(ZEN_MANAGE_DMD, context): message = "Insufficient privileges to add an oVirt infrastructure" audit('UI.oVirt.Login', url=url) return DirectResponse.fail(message) facade = self._getFacade() success, message = facade.add_ovirt(url, username, domain, password, collector) if success: audit('UI.oVirt.Add', url=url, username=username, domain=domain, password=password, collector=collector, jobId=message) return DirectResponse.succeed(jobId=message) else: return DirectResponse.fail(message)
def write_event_logs(self, evid=None, message=None): data = self.detail(evid).data['event'][0] uuid = data['component_uuid'] or data['device_uuid'] if uuid is None: ctx = self.context else: ctx = self.manager.getObject(uuid) return Zuul.checkPermission(ZEN_MANAGE_EVENTS, ctx)
def wrapped_fn(f, self, *args, **kwargs): context = kwargs[contextKeywordArgument] if isinstance(context, basestring): context = self.context.unrestrictedTraverse(context) if not Zuul.checkPermission(permission, context): args = (f.__name__, permission) raise Unauthorized('Calling %s requires "%s" permission.' % args) return f(self, *args, **kwargs)
def iconCls(self): icon = None if self._root._showSeverityIcons: obj = self._get_object() if Zuul.checkPermission(ZEN_VIEW, obj): sev = self._loadSeverity() icon = self.getIconCls(sev) return icon
def query(self, limit=None, start=None, sort=None, dir=None, params=None, page=None, history=False, uid=None, criteria=()): """ Retrieve a list of services based on a set of parameters. @type limit: integer @param limit: (optional) Number of items to return; used in pagination (default: None) @type start: integer @param start: (optional) Offset to return the results from; used in pagination (default: None) @type sort: string @param sort: (optional) Key on which to sort the return results (default: None) @type dir: string @param dir: (optional) Sort order; can be either 'ASC' or 'DESC' (default: None) @type params: dictionary @param params: (optional) Key-value pair of filters for this search. @type history: boolean @param history: not used @type uid: string @param uid: Service class UID to query @type criteria: list @param criteria: not used @rtype: DirectResponse @return: B{Properties}: - services: ([dictionary]) List of objects representing services - totalCount: (integer) Total number of services - hash: (string) Hashcheck of the current services state - disabled: (boolean) True if current user cannot manage services """ if uid is None: uid = "/".join(self.context.getPhysicalPath()) if isinstance(params, basestring): params = unjson(params) services = self.api.getList(limit, start, sort, dir, params, uid, criteria) disabled = not Zuul.checkPermission('Manage DMD') data = Zuul.marshal(services['serviceInfos'], keys=('name', 'description', 'count', 'uid', 'port')) return DirectResponse(services=data, totalCount=services['total'], hash=services['hash'], disabled=disabled)
def query(self, limit=None, start=None, sort=None, dir=None, params=None, page=None, history=False, uid=None, criteria=()): """ Retrieve a list of processes based on a set of parameters. @type limit: integer @param limit: (optional) Number of items to return; used in pagination (default: None) @type start: integer @param start: (optional) Offset to return the results from; used in pagination (default: None) @type sort: string @param sort: (optional) Key on which to sort the return results (default: None) @type dir: string @param dir: (optional) Sort order; can be either 'ASC' or 'DESC' (default: None) @type params: dictionary @param params: (optional) Key-value pair of filters for this search. @type history: boolean @param history: not used @type uid: string @param uid: Service class UID to query @type criteria: list @param criteria: not used @rtype: DirectResponse @return: B{Properties}: - processes: ([dictionary]) List of objects representing processes - totalCount: (integer) Total number of processes - hash: (string) Hashcheck of the current processes state - disabled: (boolean) True if current user cannot manage processes """ facade = self._getFacade() if uid is None: uid = self.context if isinstance(params, basestring): params = unjson(params) processes = facade.getList(limit, start, sort, dir, params, uid, criteria) disabled = not Zuul.checkPermission('Manage DMD') data = Zuul.marshal(processes) return DirectResponse(processes=data, totalCount=processes.total, hash=processes.hash_, disabled=disabled)
def saveDashboard(self, **data): user = getSecurityManager().getUser() facade = self._getFacade() obj = facade._getObject(data['uid']) if obj.owner != user.getId() and not Zuul.checkPermission( ZEN_MANAGE_DMD, facade.context): raise Exception("you have no permission to edit this dashboard") result = facade.saveDashboard(data) if data.get('audit'): audit('UI.Dashboard.Edit', data_=data) return DirectResponse.succeed(data=Zuul.marshal(result))
def wrapped_fn(f, self, *args, **kwargs): if callable(permission): if not permission(self, *args, **kwargs): args = (f.__name__, permission.__name__) raise Unauthorized('Calling %s requires "%s" permission' % args) return f(self, *args, **kwargs) else: if not Zuul.checkPermission(permission, self.context): args = (f.__name__, permission) raise Unauthorized('Calling %s requires "%s" permission' % args) return f(self, *args, **kwargs)
def deleteDashboard(self, uid): user = getSecurityManager().getUser() facade = self._getFacade() obj = facade._getObject(uid) # can't delete the default dashboard if obj.getPrimaryId() == "/zport/dmd/ZenUsers/dashboards/default": return if obj.owner != user.getId() and not Zuul.checkPermission( ZEN_DELETE, facade.context): raise Exception("You have no permission to delete this dashboard") result = facade.deleteObject(uid) audit('UI.Dashboard.Remove', uid) return DirectResponse.succeed(data=Zuul.marshal(result))
def events(self): severities = self.getEventSeverities() events = {} zep = getFacade('zep') events = dict((zep.getSeverityName(sev).lower(), counts) for (sev, counts) in severities.iteritems()) # If the user does not have view permissions, we reset the rainbow if hasattr(self, "_object") and not Zuul.checkPermission(ZEN_VIEW, self._object): for sev, counts in events.iteritems(): counts['count'] = 0 counts['acknowledged_count'] = 0 return events
def events(self): severities = self.getEventSeverities() events = {} zep = getFacade('zep') events = dict((zep.getSeverityName(sev).lower(), counts) for (sev, counts) in severities.iteritems()) # If the user does not have view permissions, we reset the rainbow if hasattr(self, "_object") and not Zuul.checkPermission( ZEN_VIEW, self._object): for sev, counts in events.iteritems(): counts['count'] = 0 counts['acknowledged_count'] = 0 return events
def getInfo(self, uid, keys=None): """Returns a dictionary of the properties of an object. @type uid: string @param uid: Unique identifier of an object @type keys: list @param keys: (optional) List of keys to include in the returned dictionary. If None then all keys will be returned @rtype: DirectResponse @return: B{Properties} - data: (dictionary) Object properties """ network = self.api.getInfo(uid) data = Zuul.marshal(network, keys) disabled = not Zuul.checkPermission("Manage DMD") return DirectResponse.succeed(data=data, disabled=disabled)
def deleteJobs(self, jobids): # Make sure they have permission to delete. if not Zuul.checkPermission('Manage DMD'): return DirectResponse.fail("You don't have permission to execute this command", sticky=False) deletedJobs = [] for id_ in jobids: try: self.api.deleteJob(id_) except NoSuchJobException: log.debug("Unable to delete job: %s No such job found.", id_) else: deletedJobs.append(id_) if deletedJobs: audit('UI.Jobs.Delete', ids=deletedJobs) return DirectResponse.succeed(deletedJobs=Zuul.marshal(deletedJobs))
def getInfo(self, uid, keys=None): """ Returns a dictionary of the properties of an object @type uid: string @param uid: Unique identifier of an object @type keys: list @param keys: (optional) List of keys to include in the returned dictionary. If None then all keys will be returned @rtype: DirectResponse @return: B{Properties} - data: (dictionary) Object properties """ network = self.api.getInfo(uid) data = Zuul.marshal(network, keys) disabled = not Zuul.checkPermission('Manage DMD') return DirectResponse.succeed(data=data, disabled=disabled)
def query(self, limit=None, start=None, sort=None, dir=None, params=None, page=None, history=False, uid=None, criteria=()): """ Retrieve a list of services based on a set of parameters. @type limit: integer @param limit: (optional) Number of items to return; used in pagination (default: None) @type start: integer @param start: (optional) Offset to return the results from; used in pagination (default: None) @type sort: string @param sort: (optional) Key on which to sort the return results (default: None) @type dir: string @param dir: (optional) Sort order; can be either 'ASC' or 'DESC' (default: None) @type params: dictionary @param params: (optional) Key-value pair of filters for this search. @type history: boolean @param history: not used @type uid: string @param uid: Service class UID to query @type criteria: list @param criteria: not used @rtype: DirectResponse @return: B{Properties}: - services: ([dictionary]) List of objects representing services - totalCount: (integer) Total number of services - hash: (string) Hashcheck of the current services state - disabled: (boolean) True if current user cannot manage services """ if uid is None: uid = "/".join(self.context.getPhysicalPath()) if isinstance(params, basestring): params = unjson(params) services = self.api.getList(limit, start, sort, dir, params, uid, criteria) disabled = not Zuul.checkPermission('Manage DMD') data = Zuul.marshal(services['serviceInfos'], keys=('name','description', 'count', 'uid','port')) return DirectResponse(services=data, totalCount=services['total'], hash=services['hash'], disabled=disabled)
def deleteJobs(self, jobids): # Make sure they have permission to delete. if not Zuul.checkPermission('Manage DMD'): return DirectResponse.fail( "You don't have permission to execute this command", sticky=False) deletedJobs = [] for id_ in jobids: try: self.api.deleteJob(id_) except NoSuchJobException: log.debug("Unable to delete job: %s No such job found.", id_) else: deletedJobs.append(id_) if deletedJobs: audit('UI.Jobs.Delete', ids=deletedJobs) return DirectResponse.succeed( deletedJobs=Zuul.marshal(deletedJobs))
def restart(self, uids): """ Will issue the command to restart the selected ids @type uids: Array[Strings] @param uids: List of valid daemon ids that will need to restarted @rtype: DirectResposne @return: DirectReponse of success if no errors are encountered """ if not Zuul.checkPermission('Manage DMD'): return DirectResponse.fail("You don't have permission to restart a daemon", sticky=False) facade = self._getFacade() for uid in uids: facade.restart(uid) audit('UI.Applications.Restart', uid) if len(uids) > 1: return DirectResponse.succeed("Restarted %s daemons" % len(uids)) return DirectResponse.succeed()
def getInfo(self, uid, keys=None): """ Get the properties of a service. @type uid: string @param uid: Unique identifier of a service @type keys: list @param keys: (optional) List of keys to include in the returned dictionary. If None then all keys will be returned (default: None) @rtype: DirectResponse @return: B{Properties} - data: (dictionary) Object representing a service's properties - disabled: (boolean) True if current user cannot manage services """ service = self.api.getInfo(uid) data = Zuul.marshal(service, keys) if 'serviceKeys' in data and isinstance(data['serviceKeys'], (tuple, list)): data['serviceKeys'] = ', '.join(data['serviceKeys']) disabled = not Zuul.checkPermission('Manage DMD') return DirectResponse.succeed(data=data, disabled=disabled)
def setAutoStart(self, uids, enabled): """ Enables or disables autostart on all applications passed into uids. If it is already in that state it is a noop. @type uids: Array[Strings] @param uids: List of valid daemon ids that will need to enabled @type enabled: boolean @param uids: true for enabled or false for disabled @rtype: DirectResposne @return: DirectReponse of success if no errors are encountered """ if not Zuul.checkPermission('Manage DMD'): return DirectResponse.fail("You don't have permission to set autostart", sticky=False) facade = self._getFacade() applications = facade.query() for app in applications: if app.id in uids: app.autostart = enabled audit('UI.Applications.AutoStart', app.id, {'autostart': enabled}) return DirectResponse.succeed()
def _buildFilter(self, uids, params, specificEventUuids=None, includeContextInUid=True): """ Construct a dictionary that can be converted into an EventFilter protobuf. @type params: dictionary @param params: (optional) Key-value pair of filters for this search. (default: None) @type uids: iterable(string) @param uids: (optional) Contexts for the query (default: None) """ if not uids: uids = [] elif isinstance(uids, basestring): uids = [uids] if params: log.debug('logging params for building filter: %s', params) if isinstance(params, basestring): params = loads(params) # params comes from the grid's filtering column - # some of these properties are normal properties on an event # while others are considered event details. Separate the # two here. params, details = self.zep.parseParameterDetails(params) filterEventUuids = [] # No specific event uuids passed in- # check for event ids from the grid parameters if specificEventUuids is None: log.debug('No specific event uuids were passed in.') # The evid's from params only ever mean anything for filtering - if # specific uuids are passed in, this filter will ignore the grid # parameters and just act on or filter using these specific event uuids. evid = params.get('evid') if evid: if not isinstance(evid, (list, tuple)): evid = [evid] filterEventUuids.extend(evid) # Specific event uuids were passed in, use those for this filter. else: log.debug('Specific event uuids passed in: %s', specificEventUuids) if not isinstance(specificEventUuids, (list, tuple)): filterEventUuids = [specificEventUuids] else: filterEventUuids = specificEventUuids log.debug('FilterEventUuids is: %s', filterEventUuids) # 'tags' comes from managed object guids. # see Zuul/security/security.py param_tags = params.get('tags') if params.get( 'excludeNonActionables') and not Zuul.checkPermission( ZEN_MANAGE_EVENTS, self.context): if not param_tags: us = self.context.dmd.ZenUsers.getUserSettings() param_tags = [ IGlobalIdentifier(ar.managedObject()).getGUID() for ar in us.getAllAdminRoles() ] if param_tags: param_tags = [ tag for tag in param_tags if Zuul.checkPermission( ZEN_MANAGE_EVENTS, self.manager.getObject(tag)) ] if not param_tags: param_tags = [ 'dne' ] # Filter everything (except "does not exist'). An empty tag list would be ignored. filter_params = { 'severity': params.get('severity'), 'status': [i for i in params.get('eventState', [])], 'event_class': filter(None, [params.get('eventClass')]), 'first_seen': params.get('firstTime') and self._timeRange(params.get('firstTime')), 'last_seen': params.get('lastTime') and self._timeRange(params.get('lastTime')), 'status_change': params.get('stateChange') and self._timeRange(params.get('stateChange')), 'uuid': filterEventUuids, 'count_range': params.get('count'), 'element_title': params.get('device'), 'element_sub_title': params.get('component'), 'event_summary': params.get('summary'), 'current_user_name': params.get('ownerid'), 'agent': params.get('agent'), 'monitor': params.get('monitor'), 'fingerprint': params.get('dedupid'), 'tags': param_tags, 'details': details, 'event_key': params.get('eventKey'), 'event_class_key': params.get('eventClassKey'), 'event_group': params.get('eventGroup'), 'message': params.get('message'), } parsed_params = self._filterParser.parseParams(params) filter_params.update(parsed_params) parsed_details = self._filterParser.parseDetails(details) if len(parsed_details) > 0: filter_params['details'].update(parsed_details) event_filter = self.zep.createEventFilter(**filter_params) log.debug( 'Found params for building filter, ended up building the following:' ) log.debug(event_filter) elif specificEventUuids: # if they passed in specific uuids but not other params event_filter = self.zep.createEventFilter(uuid=specificEventUuids) else: log.debug('Did not get parameters, using empty filter.') event_filter = {} if not uids and includeContextInUid: uids = [self.context] contexts = (resolve_context(uid) for uid in uids) context_uuids = [] for context in contexts: if context and context.id not in ('Events', 'dmd'): try: # make a specific instance of tag_filter just for the context tag. if not context_uuids: context_tag_filter = {'tag_uuids': context_uuids} # if it exists, filter['tag_filter'] will be a list. just append the special # context tag filter to whatever that list is. tag_filter = event_filter.setdefault('tag_filter', []) tag_filter.append(context_tag_filter) context_uuids.append(IGlobalIdentifier(context).getGUID()) except TypeError: if isinstance(context, EventClass): event_filter['event_class'] = [context.getDmdKey()] else: raise Exception('Unknown context %s' % context) log.debug('Final filter will be:') log.debug(event_filter) return event_filter
def _buildFilter(self, uid, params, specificEventUuids=None): """ Construct a dictionary that can be converted into an EventFilter protobuf. @type params: dictionary @param params: (optional) Key-value pair of filters for this search. (default: None) @type uid: string @param uid: (optional) Context for the query (default: None) """ if params: log.debug('logging params for building filter: %s', params) if isinstance(params, basestring): params = loads(params) # params comes from the grid's filtering column - # some of these properties are normal properties on an event # while others are considered event details. Separate the # two here. params, details = self.zep.parseParameterDetails(params) filterEventUuids = [] # No specific event uuids passed in- # check for event ids from the grid parameters if specificEventUuids is None: log.debug('No specific event uuids were passed in.') # The evid's from params only ever mean anything for filtering - if # specific uuids are passed in, this filter will ignore the grid # parameters and just act on or filter using these specific event uuids. evid = params.get('evid') if evid: if not isinstance(evid, (list, tuple)): evid = [evid] filterEventUuids.extend(evid) # Specific event uuids were passed in, use those for this filter. else: log.debug('Specific event uuids passed in: %s', specificEventUuids) if not isinstance(specificEventUuids, (list, tuple)): filterEventUuids = [specificEventUuids] else: filterEventUuids = specificEventUuids log.debug('FilterEventUuids is: %s', filterEventUuids) # 'tags' comes from managed object guids. # see Zuul/security/security.py param_tags = params.get('tags') if params.get('excludeNonActionables') and not Zuul.checkPermission(ZEN_MANAGE_EVENTS, self.context): if not param_tags: us = self.context.dmd.ZenUsers.getUserSettings() param_tags = [IGlobalIdentifier(ar.managedObject()).getGUID() for ar in us.getAllAdminRoles()] if param_tags: param_tags = [tag for tag in param_tags if Zuul.checkPermission(ZEN_MANAGE_EVENTS, self.manager.getObject(tag))] if not param_tags: param_tags = ['dne'] # Filter everything (except "does not exist'). An empty tag list would be ignored. filter_params = { 'severity': params.get('severity'), 'status': [i for i in params.get('eventState', [])], 'event_class': filter(None, [params.get('eventClass')]), 'first_seen': params.get('firstTime') and self._timeRange(params.get('firstTime')), 'last_seen': params.get('lastTime') and self._timeRange(params.get('lastTime')), 'status_change': params.get('stateChange') and self._timeRange(params.get('stateChange')), 'uuid': filterEventUuids, 'count_range': params.get('count'), 'element_title': params.get('device'), 'element_sub_title': params.get('component'), 'event_summary': params.get('summary'), 'current_user_name': params.get('ownerid'), 'agent': params.get('agent'), 'monitor': params.get('monitor'), 'fingerprint': params.get('dedupid'), 'tags': param_tags, 'details': details, 'event_key': params.get('eventKey'), 'event_class_key': params.get('eventClassKey'), 'event_group': params.get('eventGroup'), 'message': params.get('message'), } parsed_params = self._filterParser.parseParams(params) filter_params.update(parsed_params) parsed_details = self._filterParser.parseDetails(details) if len(parsed_details) > 0: filter_params['details'].update(parsed_details) event_filter = self.zep.createEventFilter(**filter_params) log.debug('Found params for building filter, ended up building the following:') log.debug(event_filter) elif specificEventUuids: # if they passed in specific uuids but not other params event_filter = self.zep.createEventFilter( uuid=specificEventUuids ) else: log.debug('Did not get parameters, using empty filter.') event_filter = {} if uid is None: uid = self.context context = resolve_context(uid) if context and context.id not in ('Events', 'dmd'): try: # make a specific instance of tag_filter just for the context tag. context_tag_filter = { 'tag_uuids': [IGlobalIdentifier(context).getGUID()] } # if it exists, filter['tag_filter'] will be a list. just append the special # context tag filter to whatever that list is. tag_filter = event_filter.setdefault('tag_filter', []) tag_filter.append(context_tag_filter) except TypeError: if isinstance(context, EventClass): event_filter['event_class'] = [context.getDmdKey()] else: raise Exception('Unknown context %s' % context) log.debug('Final filter will be:') log.debug(event_filter) return event_filter