def _handle_schedule_execution(self, liveaction_api): """ :param liveaction: LiveActionAPI object. :type liveaction: :class:`LiveActionAPI` """ # Assert the permissions action_ref = liveaction_api.action action_db = action_utils.get_action_by_ref(action_ref) user = liveaction_api.user or get_requester() assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db, permission_type=PermissionType.ACTION_EXECUTE) # TODO: Validate user is admin if user is provided assert_request_user_is_admin_if_user_query_param_is_provider(request=pecan.request, user=user) try: return self._schedule_execution(liveaction=liveaction_api, user=user) except ValueError as e: LOG.exception('Unable to execute action.') abort(http_client.BAD_REQUEST, str(e)) except jsonschema.ValidationError as e: LOG.exception('Unable to execute action. Parameter validation failed.') abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message)) except TraceNotFoundException as e: abort(http_client.BAD_REQUEST, str(e)) except ValueValidationException as e: raise e except Exception as e: LOG.exception('Unable to execute action. Unexpected error encountered.') abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _schedule_execution(self, action_alias_db, params, notify, context): action_ref = action_alias_db.action_ref action_db = action_utils.get_action_by_ref(action_ref) if not action_db: raise StackStormDBObjectNotFoundError('Action with ref "%s" not found ' % (action_ref)) assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db, permission_type=PermissionType.ACTION_EXECUTE) try: # prior to shipping off the params cast them to the right type. params = action_param_utils.cast_params(action_ref=action_alias_db.action_ref, params=params, cast_overrides=CAST_OVERRIDES) if not context: context = { 'action_alias_ref': reference.get_ref_from_model(action_alias_db), 'user': get_system_username() } liveaction = LiveActionDB(action=action_alias_db.action_ref, context=context, parameters=params, notify=notify) _, action_execution_db = action_service.request(liveaction) return ActionExecutionAPI.from_model(action_execution_db) except ValueError as e: LOG.exception('Unable to execute action.') pecan.abort(http_client.BAD_REQUEST, str(e)) except jsonschema.ValidationError as e: LOG.exception('Unable to execute action. Parameter validation failed.') pecan.abort(http_client.BAD_REQUEST, str(e)) except Exception as e: LOG.exception('Unable to execute action. Unexpected error encountered.') pecan.abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _handle_schedule_execution(self, liveaction): # Assert the permissions action_ref = liveaction.action action_db = action_utils.get_action_by_ref(action_ref) assert_request_user_has_resource_db_permission( request=pecan.request, resource_db=action_db, permission_type=PermissionType.ACTION_EXECUTE) try: return self._schedule_execution(liveaction=liveaction) except ValueError as e: LOG.exception('Unable to execute action.') abort(http_client.BAD_REQUEST, str(e)) except jsonschema.ValidationError as e: LOG.exception( 'Unable to execute action. Parameter validation failed.') abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message)) except TraceNotFoundException as e: abort(http_client.BAD_REQUEST, str(e)) except Exception as e: LOG.exception( 'Unable to execute action. Unexpected error encountered.') abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _handle_schedule_execution(self, liveaction_api): """ :param liveaction: LiveActionAPI object. :type liveaction: :class:`LiveActionAPI` """ # Assert the permissions action_ref = liveaction_api.action action_db = action_utils.get_action_by_ref(action_ref) user = liveaction_api.user or get_requester() assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db, permission_type=PermissionType.ACTION_EXECUTE) # TODO: Validate user is admin if user is provided assert_request_user_is_admin_if_user_query_param_is_provider(request=pecan.request, user=user) try: return self._schedule_execution(liveaction=liveaction_api, user=user) except ValueError as e: LOG.exception('Unable to execute action.') abort(http_client.BAD_REQUEST, str(e)) except jsonschema.ValidationError as e: LOG.exception('Unable to execute action. Parameter validation failed.') abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message)) except TraceNotFoundException as e: abort(http_client.BAD_REQUEST, str(e)) except ValueValidationException as e: raise e except Exception as e: LOG.exception('Unable to execute action. Unexpected error encountered.') abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def func_wrapper(*args, **kwargs): hook = '/'.join(args[1:]) # TODO: There must be a better way to do this. webhook_db = WebhookDB(name=hook) resource_db = webhook_db utils.assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=resource_db, permission_type=permission_type) return func(*args, **kwargs)
def func_wrapper(*args, **kwargs): controller_instance = args[0] resource_id = args[1] # Note: This can either be id, name or ref get_one_db_method = controller_instance.get_one_db_method resource_db = get_one_db_method(resource_id) utils.assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=resource_db, permission_type=permission_type) return func(*args, **kwargs)
def func_wrapper(*args, **kwargs): hook = '/'.join( args[1:]) # TODO: There must be a better way to do this. webhook_db = WebhookDB(name=hook) resource_db = webhook_db utils.assert_request_user_has_resource_db_permission( request=pecan.request, resource_db=resource_db, permission_type=permission_type) return func(*args, **kwargs)
def func_wrapper(*args, **kwargs): controller_instance = args[0] resource_id = args[1] # Note: This can either be id, name or ref get_one_db_method = controller_instance.get_one_db_method resource_db = get_one_db_method(resource_id) utils.assert_request_user_has_resource_db_permission( request=pecan.request, resource_db=resource_db, permission_type=permission_type) return func(*args, **kwargs)
def get_one(self, ref_or_id, *file_path_components): """ Outputs the content of a specific file in a pack. Handles requests: GET /packs/views/file/<pack_ref_or_id>/<file path> """ pack_db = self._get_by_ref_or_id(ref_or_id=ref_or_id) if not pack_db: msg = 'Pack with ref_or_id "%s" does not exist' % (ref_or_id) raise StackStormDBObjectNotFoundError(msg) if not file_path_components: raise ValueError('Missing file path') file_path = os.path.join(*file_path_components) pack_ref = pack_db.ref # Note: Until list filtering is in place we don't require RBAC check for icon file if file_path not in WHITELISTED_FILE_PATHS: assert_request_user_has_resource_db_permission( request=pecan.request, resource_db=pack_db, permission_type=PermissionType.PACK_VIEW) normalized_file_path = get_pack_file_abs_path(pack_ref=pack_ref, file_path=file_path) if not normalized_file_path or not os.path.isfile( normalized_file_path): # Ignore references to files which don't exist on disk raise StackStormDBObjectNotFoundError('File "%s" not found' % (file_path)) file_size, file_mtime = self._get_file_stats( file_path=normalized_file_path) if not self._is_file_changed(file_mtime): self._add_cache_headers(file_mtime) response.status = http_client.NOT_MODIFIED return response if file_size is not None and file_size > MAX_FILE_SIZE: msg = ('File %s exceeds maximum allowed file size (%s bytes)' % (file_path, MAX_FILE_SIZE)) raise ValueError(msg) content_type = mimetypes.guess_type( normalized_file_path)[0] or 'application/octet-stream' self._add_cache_headers(file_mtime) response.headers['Content-Type'] = content_type response.body = self._get_file_content(file_path=normalized_file_path) return response
def get_one(self, ref_or_id, *file_path_components): """ Outputs the content of a specific file in a pack. Handles requests: GET /packs/views/file/<pack_ref_or_id>/<file path> """ pack_db = self._get_by_ref_or_id(ref_or_id=ref_or_id) if not pack_db: msg = 'Pack with ref_or_id "%s" does not exist' % (ref_or_id) raise StackStormDBObjectNotFoundError(msg) if not file_path_components: raise ValueError('Missing file path') file_path = os.path.join(*file_path_components) pack_ref = pack_db.ref # Note: Until list filtering is in place we don't require RBAC check for icon file if file_path not in WHITELISTED_FILE_PATHS: assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=pack_db, permission_type=PermissionType.PACK_VIEW) normalized_file_path = get_pack_file_abs_path(pack_ref=pack_ref, file_path=file_path) if not normalized_file_path or not os.path.isfile(normalized_file_path): # Ignore references to files which don't exist on disk raise StackStormDBObjectNotFoundError('File "%s" not found' % (file_path)) file_size, file_mtime = self._get_file_stats(file_path=normalized_file_path) if not self._is_file_changed(file_mtime): self._add_cache_headers(file_mtime) response.status = http_client.NOT_MODIFIED return response if file_size is not None and file_size > MAX_FILE_SIZE: msg = ('File %s exceeds maximum allowed file size (%s bytes)' % (file_path, MAX_FILE_SIZE)) raise ValueError(msg) content_type = mimetypes.guess_type(normalized_file_path)[0] or 'application/octet-stream' self._add_cache_headers(file_mtime) response.headers['Content-Type'] = content_type response.body = self._get_file_content(file_path=normalized_file_path) return response
def _schedule_execution(self, action_alias_db, params, notify, context): action_ref = action_alias_db.action_ref action_db = action_utils.get_action_by_ref(action_ref) if not action_db: raise StackStormDBObjectNotFoundError( 'Action with ref "%s" not found ' % (action_ref)) assert_request_user_has_resource_db_permission( request=request, resource_db=action_db, permission_type=PermissionType.ACTION_EXECUTE) try: # prior to shipping off the params cast them to the right type. params = action_param_utils.cast_params( action_ref=action_alias_db.action_ref, params=params, cast_overrides=CAST_OVERRIDES) if not context: context = { 'action_alias_ref': reference.get_ref_from_model(action_alias_db), 'user': get_system_username() } liveaction = LiveActionDB(action=action_alias_db.action_ref, context=context, parameters=params, notify=notify) _, action_execution_db = action_service.request(liveaction) return ActionExecutionAPI.from_model(action_execution_db) except ValueError as e: LOG.exception('Unable to execute action.') abort(http_client.BAD_REQUEST, str(e)) except jsonschema.ValidationError as e: LOG.exception( 'Unable to execute action. Parameter validation failed.') abort(http_client.BAD_REQUEST, str(e)) except Exception as e: LOG.exception( 'Unable to execute action. Unexpected error encountered.') abort(http_client.INTERNAL_SERVER_ERROR, str(e))
def _handle_schedule_execution(self, liveaction): # Assert the permissions action_ref = liveaction.action action_db = action_utils.get_action_by_ref(action_ref) assert_request_user_has_resource_db_permission(request=pecan.request, resource_db=action_db, permission_type=PermissionType.ACTION_EXECUTE) try: return self._schedule_execution(liveaction=liveaction) except ValueError as e: LOG.exception('Unable to execute action.') abort(http_client.BAD_REQUEST, str(e)) except jsonschema.ValidationError as e: LOG.exception('Unable to execute action. Parameter validation failed.') abort(http_client.BAD_REQUEST, re.sub("u'([^']*)'", r"'\1'", e.message)) except TraceNotFoundException as e: abort(http_client.BAD_REQUEST, str(e)) except Exception as e: LOG.exception('Unable to execute action. Unexpected error encountered.') abort(http_client.INTERNAL_SERVER_ERROR, str(e))