def validate_alarm(alarm):
project = v2_utils.get_auth_project(
alarm.project_id if alarm.project_id != wtypes.Unset else None)
for id in alarm.combination_rule.alarm_ids:
alarms = list(pecan.request.storage.get_alarms(
alarm_id=id, project=project))
if not alarms:
raise base.AlarmNotFound(id, project)
def _alarm(self):
self.conn = pecan.request.alarm_storage_conn
auth_project = rbac.get_limited_to_project(pecan.request.headers,
pecan.request.enforcer)
alarms = list(
self.conn.get_alarms(alarm_id=self._id, project=auth_project))
if not alarms:
raise base.AlarmNotFound(alarm=self._id, auth_project=auth_project)
return alarms[0]
def _enforce_rbac(self, rbac_directive):
# TODO(sileht): We should be able to relax this since we
# pass the alarm object to the enforcer.
auth_project = rbac.get_limited_to_project(pecan.request.headers,
pecan.request.enforcer)
alarms = list(
pecan.request.storage.get_alarms(alarm_id=self._id,
project=auth_project))
if not alarms:
raise base.AlarmNotFound(alarm=self._id, auth_project=auth_project)
alarm = alarms[0]
target = {'user_id': alarm.user_id, 'project_id': alarm.project_id}
rbac.enforce(rbac_directive, pecan.request.headers,
pecan.request.enforcer, target)
return alarm
def _enforce_rbac(self, rbac_directive):
auth_project = pecan.request.headers.get('X-Project-Id')
filters = {'alarm_id': self._id}
if not rbac.is_admin(pecan.request.headers):
filters['project_id'] = auth_project
alarms = pecan.request.storage.get_alarms(**filters)
if not alarms:
raise base.AlarmNotFound(alarm=self._id, auth_project=None)
alarm = alarms[0]
target = {'user_id': alarm.user_id, 'project_id': alarm.project_id}
rbac.enforce(rbac_directive, pecan.request.headers,
pecan.request.enforcer, target)
return alarm