def delete(self, id):
"""Delete the specified action_execution.
:param id: UUID of action execution to delete
"""
acl.enforce('action_executions:delete', context.ctx())
LOG.debug("Delete action_execution [id=%s]", id)
if not cfg.CONF.api.allow_action_execution_deletion:
raise exc.NotAllowedException("Action execution deletion is not "
"allowed.")
with db_api.transaction():
action_ex = db_api.get_action_execution(id)
if action_ex.task_execution_id:
raise exc.NotAllowedException(
"Only ad-hoc action execution can be deleted.")
if not states.is_completed(action_ex.state):
raise exc.NotAllowedException(
"Only completed action execution can be deleted.")
return db_api.delete_action_execution(id)
def update_workflow_definition(identifier, values, session=None):
wf_def = get_workflow_definition(identifier)
if wf_def.project_id != security.get_project_id():
raise exc.NotAllowedException(
"Can not update workflow of other tenants. "
"[workflow_identifier=%s]" % identifier)
if wf_def.is_system:
raise exc.InvalidActionException(
"Attempt to modify a system workflow: %s" % identifier)
if wf_def.scope == 'public' and values['scope'] == 'private':
cron_triggers = _get_associated_cron_triggers(identifier)
try:
[get_cron_trigger(name) for name in cron_triggers]
except exc.NotFoundException:
raise exc.NotAllowedException(
"Can not update scope of workflow that has triggers "
"associated in other tenants."
"[workflow_identifier=%s]" % identifier)
wf_def.update(values.copy())
return wf_def
def update_workflow_definition(identifier, values, session=None):
namespace = values.get('namespace')
wf_def = get_workflow_definition(identifier, namespace=namespace)
m_dbutils.check_db_obj_access(wf_def)
if wf_def.scope == 'public' and values['scope'] == 'private':
# Check cron triggers.
cron_triggers = get_cron_triggers(insecure=True, workflow_id=wf_def.id)
for c_t in cron_triggers:
if c_t.project_id != wf_def.project_id:
raise exc.NotAllowedException(
"Can not update scope of workflow that has cron triggers "
"associated in other tenants. [workflow_identifier=%s, "
"namespace=%s]" % (identifier, namespace))
# Check event triggers.
event_triggers = get_event_triggers(insecure=True,
workflow_id=wf_def.id)
for e_t in event_triggers:
if e_t.project_id != wf_def.project_id:
raise exc.NotAllowedException(
"Can not update scope of workflow that has event triggers "
"associated in other tenants. [workflow_identifier=%s, "
"namespace=%s]" % (identifier, namespace))
wf_def.update(values.copy())
return wf_def
def delete(self, id, force=False):
"""Delete the specified Execution.
:param id: UUID of execution to delete.
:param force: Optional. Force the deletion of unfinished executions.
Default: false. While the api is backward compatible
the behaviour is not the same. The new default is the
safer option
"""
acl.enforce('executions:delete', context.ctx())
LOG.debug("Delete execution [id=%s]", id)
if not force:
state = db_api.get_workflow_execution(
id, fields=(db_models.WorkflowExecution.state, ))[0]
if not states.is_completed(state):
raise exc.NotAllowedException(
"Only completed executions can be deleted. "
"Use --force to override this. "
"Execution {} is in {} state".format(id, state))
return rest_utils.rest_retry_on_db_error(
db_api.delete_workflow_execution)(id)
def delete_workflow_definition(identifier, session=None):
wf_def = get_workflow_definition(identifier)
if wf_def.project_id != security.get_project_id():
raise exc.NotAllowedException(
"Can not delete workflow of other users. [workflow_identifier=%s]"
% identifier)
if wf_def.is_system:
msg = "Attempt to delete a system workflow: %s" % identifier
raise exc.DataAccessException(msg)
cron_triggers = get_cron_triggers(insecure=True, workflow_id=wf_def.id)
if cron_triggers:
raise exc.DBError(
"Can't delete workflow that has cron triggers associated. "
"[workflow_identifier=%s], [cron_trigger_id(s)=%s]" %
(identifier, ', '.join([t.id for t in cron_triggers])))
event_triggers = get_event_triggers(insecure=True, workflow_id=wf_def.id)
if event_triggers:
raise exc.DBError(
"Can't delete workflow that has event triggers associated. "
"[workflow_identifier=%s], [event_trigger_id(s)=%s]" %
(identifier, ', '.join([t.id for t in event_triggers])))
# Delete workflow members first.
delete_resource_members(resource_type='workflow', resource_id=wf_def.id)
session.delete(wf_def)
def update_workflow_definition(identifier, values, session=None):
wf_def = get_workflow_definition(identifier)
if wf_def.project_id != security.get_project_id():
raise exc.NotAllowedException(
"Can not update workflow of other tenants. "
"[workflow_identifier=%s]" % identifier
)
if wf_def.is_system:
raise exc.InvalidActionException(
"Attempt to modify a system workflow: %s" % identifier
)
if wf_def.scope == 'public' and values['scope'] == 'private':
# Check cron triggers.
cron_triggers = get_cron_triggers(insecure=True, workflow_id=wf_def.id)
for c_t in cron_triggers:
if c_t.project_id != wf_def.project_id:
raise exc.NotAllowedException(
"Can not update scope of workflow that has cron triggers "
"associated in other tenants. [workflow_identifier=%s]" %
identifier
)
# Check event triggers.
event_triggers = get_event_triggers(
insecure=True,
workflow_id=wf_def.id
)
for e_t in event_triggers:
if e_t.project_id != wf_def.project_id:
raise exc.NotAllowedException(
"Can not update scope of workflow that has event triggers "
"associated in other tenants. [workflow_identifier=%s]" %
identifier
)
wf_def.update(values.copy())
return wf_def
def delete(self, id):
"""Delete the specified action_execution."""
LOG.info("Delete action_execution [id=%s]" % id)
if not cfg.CONF.api.allow_action_execution_deletion:
raise exc.NotAllowedException("Action execution deletion is not "
"allowed.")
action_ex = db_api.get_action_execution(id)
if action_ex.task_execution_id:
raise exc.NotAllowedException("Only ad-hoc action execution can "
"be deleted.")
if not states.is_completed(action_ex.state):
raise exc.NotAllowedException("Only completed action execution "
"can be deleted.")
return db_api.delete_action_execution(id)
def update_workflow_execution_env(wf_ex, env):
if not env:
return wf_ex
if wf_ex.state not in [states.IDLE, states.PAUSED, states.ERROR]:
raise exc.NotAllowedException(
'Updating env to workflow execution is only permitted if '
'it is in IDLE, PAUSED, or ERROR state.')
wf_ex.params['env'] = utils.merge_dicts(wf_ex.params['env'], env)
return wf_ex
def update_workflow_execution_env(wf_ex, env):
if not env:
return wf_ex
if wf_ex.state not in [states.IDLE, states.PAUSED, states.ERROR]:
raise exc.NotAllowedException(
'Updating env to workflow execution is only permitted if '
'it is in idle, paused, or re-runnable state.')
wf_ex.params['env'] = utils.merge_dicts(wf_ex.params['env'], env)
data_flow.add_environment_to_context(wf_ex)
return wf_ex
def check_db_obj_access(db_obj):
"""Check accessibility to db object."""
ctx = context.ctx()
is_admin = ctx.is_admin
if not is_admin and db_obj.project_id != security.get_project_id():
raise exc.NotAllowedException(
"Can not access %s resource of other projects, ID: %s" %
(db_obj.__class__.__name__, db_obj.id))
if not is_admin and hasattr(db_obj, 'is_system') and db_obj.is_system:
raise exc.InvalidActionException(
"Can not modify a system %s resource, ID: %s" %
(db_obj.__class__.__name__, db_obj.id))
def delete_workflow_definition(identifier, session=None):
wf_def = get_workflow_definition(identifier)
if wf_def.project_id != security.get_project_id():
raise exc.NotAllowedException(
"Can not delete workflow of other users. [workflow_identifier=%s]"
% identifier)
if wf_def.is_system:
msg = "Attempt to delete a system workflow: %s" % identifier
raise exc.DataAccessException(msg)
cron_triggers = _get_associated_cron_triggers(identifier)
if cron_triggers:
raise exc.DBException(
"Can't delete workflow that has triggers associated. "
"[workflow_identifier=%s], [cron_trigger_name(s)=%s]" %
(identifier, ', '.join(cron_triggers)))
session.delete(wf_def)
