def enforce(self): rule_spec = {'ref': self.rule.ref, 'id': str(self.rule.id), 'uid': self.rule.uid} enforcement_db = RuleEnforcementDB(trigger_instance_id=str(self.trigger_instance.id), rule=rule_spec) extra = { 'trigger_instance_db': self.trigger_instance, 'rule_db': self.rule } execution_db = None try: execution_db = self._do_enforce() # pylint: disable=no-member enforcement_db.execution_id = str(execution_db.id) extra['execution_db'] = execution_db except Exception as e: # Record the failure reason in the RuleEnforcement. enforcement_db.failure_reason = e.message LOG.exception('Failed kicking off execution for rule %s.', self.rule, extra=extra) finally: self._update_enforcement(enforcement_db) # pylint: disable=no-member if not execution_db or execution_db.status not in EXEC_KICKED_OFF_STATES: LOG.audit('Rule enforcement failed. Execution of Action %s failed. ' 'TriggerInstance: %s and Rule: %s', self.rule.action.ref, self.trigger_instance, self.rule, extra=extra) else: LOG.audit('Rule enforced. Execution %s, TriggerInstance %s and Rule %s.', execution_db, self.trigger_instance, self.rule, extra=extra) return execution_db
def test_status_set_to_failed_for_objects_which_predate_status_field(self): rule = {"ref": "foo_pack.foo_rule", "uid": "rule:foo_pack:foo_rule"} # 1. No status field explicitly set and no failure reason enforcement_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), rule=rule, execution_id=str(bson.ObjectId()), ) enforcement_db = RuleEnforcement.add_or_update(enforcement_db) self.assertEqual(enforcement_db.status, RULE_ENFORCEMENT_STATUS_SUCCEEDED) # 2. No status field, with failure reason, status should be set to failed enforcement_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), rule=rule, execution_id=str(bson.ObjectId()), failure_reason="so much fail", ) enforcement_db = RuleEnforcement.add_or_update(enforcement_db) self.assertEqual(enforcement_db.status, RULE_ENFORCEMENT_STATUS_FAILED) # 3. Explcit status field - succeeded + failure reasun enforcement_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), rule=rule, execution_id=str(bson.ObjectId()), status=RULE_ENFORCEMENT_STATUS_SUCCEEDED, failure_reason="so much fail", ) enforcement_db = RuleEnforcement.add_or_update(enforcement_db) self.assertEqual(enforcement_db.status, RULE_ENFORCEMENT_STATUS_FAILED) # 4. Explcit status field - succeeded + no failure reasun enforcement_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), rule=rule, execution_id=str(bson.ObjectId()), status=RULE_ENFORCEMENT_STATUS_SUCCEEDED, ) enforcement_db = RuleEnforcement.add_or_update(enforcement_db) self.assertEqual(enforcement_db.status, RULE_ENFORCEMENT_STATUS_SUCCEEDED) # 5. Explcit status field - failed + no failure reasun enforcement_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), rule=rule, execution_id=str(bson.ObjectId()), status=RULE_ENFORCEMENT_STATUS_FAILED, ) enforcement_db = RuleEnforcement.add_or_update(enforcement_db) self.assertEqual(enforcement_db.status, RULE_ENFORCEMENT_STATUS_FAILED)
def enforce(self): # TODO: Refactor this to avoid additional lookup in cast_params # TODO: rename self.rule.action -> self.rule.action_exec_spec action_ref = self.rule.action['ref'] action_db = action_db_util.get_action_by_ref(action_ref) if not action_db: raise ValueError('Action "%s" doesn\'t exist' % (action_ref)) data = self.data_transformer(self.rule.action.parameters) LOG.info('Invoking action %s for trigger_instance %s with data %s.', self.rule.action.ref, self.trigger_instance.id, json.dumps(data)) # update trace before invoking the action. trace_context = self._update_trace() LOG.debug('Updated trace %s with rule %s.', trace_context, self.rule.id) context = { 'trigger_instance': reference.get_ref_from_model(self.trigger_instance), 'rule': reference.get_ref_from_model(self.rule), 'user': get_system_username(), TRACE_CONTEXT: trace_context } extra = {'trigger_instance_db': self.trigger_instance, 'rule_db': self.rule} rule_spec = {'ref': self.rule.ref, 'id': str(self.rule.id), 'uid': self.rule.uid} enforcement_db = RuleEnforcementDB(trigger_instance_id=str(self.trigger_instance.id), rule=rule_spec) try: execution_db = RuleEnforcer._invoke_action(self.rule.action, data, context) # pylint: disable=no-member enforcement_db.execution_id = str(execution_db.id) # pylint: enable=no-member except: LOG.exception('Failed kicking off execution for rule %s.', self.rule, extra=extra) return None finally: self._update_enforcement(enforcement_db) extra['execution_db'] = execution_db # pylint: disable=no-member if execution_db.status not in EXEC_KICKED_OFF_STATES: # pylint: enable=no-member LOG.audit('Rule enforcement failed. Execution of Action %s failed. ' 'TriggerInstance: %s and Rule: %s', self.rule.action.name, self.trigger_instance, self.rule, extra=extra) return execution_db LOG.audit('Rule enforced. Execution %s, TriggerInstance %s and Rule %s.', execution_db, self.trigger_instance, self.rule, extra=extra) return execution_db
def _create_rule_enforcement(self, failure_reason, exc): """ Note: We also create RuleEnforcementDB for rules which failed to match due to an exception. Without that, only way for users to find out about those failes matches is by inspecting the logs. """ failure_reason = ( 'Failed to match rule "%s" against trigger instance "%s": %s: %s' % (self.rule.ref, str( self.trigger_instance.id), failure_reason, str(exc))) rule_spec = { 'ref': self.rule.ref, 'id': str(self.rule.id), 'uid': self.rule.uid } enforcement_db = RuleEnforcementDB( trigger_instance_id=str(self.trigger_instance.id), rule=rule_spec, failure_reason=failure_reason, status=RULE_ENFORCEMENT_STATUS_FAILED) try: RuleEnforcement.add_or_update(enforcement_db) except: extra = {'enforcement_db': enforcement_db} LOG.exception('Failed writing enforcement model to db.', extra=extra) return enforcement_db
def _create_save_rule_enforcement(): created = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()), rule={ 'ref': 'foo_pack.foo_rule', 'uid': 'rule:foo_pack:foo_rule' }, execution_id=str(bson.ObjectId())) return RuleEnforcement.add_or_update(created)
def enforce(self): rule_spec = { 'ref': self.rule.ref, 'id': str(self.rule.id), 'uid': self.rule.uid } enforcement_db = RuleEnforcementDB(trigger_instance_id=str( self.trigger_instance.id), rule=rule_spec) extra = { 'trigger_instance_db': self.trigger_instance, 'rule_db': self.rule } execution_db = None try: execution_db = self._do_enforce() # pylint: disable=no-member enforcement_db.execution_id = str(execution_db.id) extra['execution_db'] = execution_db except Exception as e: # Record the failure reason in the RuleEnforcement. enforcement_db.failure_reason = e.message LOG.exception('Failed kicking off execution for rule %s.', self.rule, extra=extra) finally: self._update_enforcement(enforcement_db) # pylint: disable=no-member if not execution_db or execution_db.status not in EXEC_KICKED_OFF_STATES: LOG.audit( 'Rule enforcement failed. Execution of Action %s failed. ' 'TriggerInstance: %s and Rule: %s', self.rule.action.ref, self.trigger_instance, self.rule, extra=extra) else: LOG.audit( 'Rule enforced. Execution %s, TriggerInstance %s and Rule %s.', execution_db, self.trigger_instance, self.rule, extra=extra) return execution_db
def _create_save_rule_enforcement(): created = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), rule={ "ref": "foo_pack.foo_rule", "uid": "rule:foo_pack:foo_rule" }, execution_id=str(bson.ObjectId()), ) return RuleEnforcement.add_or_update(created)
def enforce(self): rule_spec = { "ref": self.rule.ref, "id": str(self.rule.id), "uid": self.rule.uid, } enforcement_db = RuleEnforcementDB( trigger_instance_id=str(self.trigger_instance.id), rule=rule_spec ) extra = {"trigger_instance_db": self.trigger_instance, "rule_db": self.rule} execution_db = None try: execution_db = self._do_enforce() # pylint: disable=no-member enforcement_db.execution_id = str(execution_db.id) enforcement_db.status = RULE_ENFORCEMENT_STATUS_SUCCEEDED extra["execution_db"] = execution_db except Exception as e: # Record the failure reason in the RuleEnforcement. enforcement_db.status = RULE_ENFORCEMENT_STATUS_FAILED enforcement_db.failure_reason = six.text_type(e) LOG.exception( "Failed kicking off execution for rule %s.", self.rule, extra=extra ) finally: self._update_enforcement(enforcement_db) # pylint: disable=no-member if not execution_db or execution_db.status not in EXEC_KICKED_OFF_STATES: LOG.audit( "Rule enforcement failed. Execution of Action %s failed. " "TriggerInstance: %s and Rule: %s", self.rule.action.ref, self.trigger_instance, self.rule, extra=extra, ) else: LOG.audit( "Rule enforced. Execution %s, TriggerInstance %s and Rule %s.", execution_db, self.trigger_instance, self.rule, extra=extra, ) return execution_db
def enforce(self): params = self.get_resolved_parameters() LOG.info('Invoking action %s for trigger_instance %s with params %s.', self.rule.action.ref, self.trigger_instance.id, json.dumps(params)) # update trace before invoking the action. trace_context = self._update_trace() LOG.debug('Updated trace %s with rule %s.', trace_context, self.rule.id) context = { 'trigger_instance': reference.get_ref_from_model(self.trigger_instance), 'rule': reference.get_ref_from_model(self.rule), 'user': get_system_username(), TRACE_CONTEXT: trace_context } extra = { 'trigger_instance_db': self.trigger_instance, 'rule_db': self.rule } rule_spec = { 'ref': self.rule.ref, 'id': str(self.rule.id), 'uid': self.rule.uid } enforcement_db = RuleEnforcementDB(trigger_instance_id=str( self.trigger_instance.id), rule=rule_spec) try: execution_db = RuleEnforcer._invoke_action(self.rule.action, params, context) # pylint: disable=no-member enforcement_db.execution_id = str(execution_db.id) # pylint: enable=no-member except: LOG.exception('Failed kicking off execution for rule %s.', self.rule, extra=extra) return None finally: self._update_enforcement(enforcement_db) extra['execution_db'] = execution_db # pylint: disable=no-member if execution_db.status not in EXEC_KICKED_OFF_STATES: # pylint: enable=no-member LOG.audit( 'Rule enforcement failed. Execution of Action %s failed. ' 'TriggerInstance: %s and Rule: %s', self.rule.action.name, self.trigger_instance, self.rule, extra=extra) return execution_db LOG.audit( 'Rule enforced. Execution %s, TriggerInstance %s and Rule %s.', execution_db, self.trigger_instance, self.rule, extra=extra) return execution_db
def setUp(self): super(RuleEnforcementPermissionsResolverTestCase, self).setUp() register_internal_trigger_types() # Create some mock users user_1_db = UserDB(name='1_role_rule_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_rule_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_rule_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_rule_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_rule_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_rule_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_rule_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_rule_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_rule_modify_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_rule_modify_grant'] = user_5_db user_6_db = UserDB(name='rule_pack_rule_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['rule_pack_rule_create_grant'] = user_6_db user_7_db = UserDB(name='rule_pack_rule_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['rule_pack_rule_all_grant'] = user_7_db user_8_db = UserDB(name='rule_rule_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['rule_rule_create_grant'] = user_8_db user_9_db = UserDB(name='rule_rule_all_grant') user_9_db = User.add_or_update(user_9_db) self.users['rule_rule_all_grant'] = user_9_db user_10_db = UserDB(name='custom_role_rule_list_grant') user_10_db = User.add_or_update(user_10_db) self.users['custom_role_rule_list_grant'] = user_10_db # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test_pack_1', name='rule1', action={'ref': 'core.local'}, trigger='core.st2.key_value_pair.create') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db rule_enforcement_1_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), execution_id=str(bson.ObjectId()), rule={ 'ref': rule_1_db.ref, 'uid': rule_1_db.uid, 'id': str(rule_1_db.id) }) rule_enforcement_1_db = RuleEnforcement.add_or_update( rule_enforcement_1_db) self.resources['rule_enforcement_1'] = rule_enforcement_1_db rule_2_db = RuleDB(pack='test_pack_1', name='rule2') rule_2_db = Rule.add_or_update(rule_2_db) self.resources['rule_2'] = rule_2_db rule_enforcement_2_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), execution_id=str(bson.ObjectId()), rule={ 'ref': rule_2_db.ref, 'uid': rule_2_db.uid, 'id': str(rule_2_db.id) }) rule_enforcement_2_db = RuleEnforcement.add_or_update( rule_enforcement_2_db) self.resources['rule_enforcement_2'] = rule_enforcement_2_db rule_3_db = RuleDB(pack='test_pack_2', name='rule3') rule_3_db = Rule.add_or_update(rule_3_db) self.resources['rule_3'] = rule_3_db rule_enforcement_3_db = RuleEnforcementDB( trigger_instance_id=str(bson.ObjectId()), execution_id=str(bson.ObjectId()), rule={ 'ref': rule_3_db.ref, 'uid': rule_3_db.uid, 'id': str(rule_3_db.id) }) rule_enforcement_3_db = RuleEnforcement.add_or_update( rule_enforcement_3_db) self.resources['rule_enforcement_3'] = rule_enforcement_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "rule_view" on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_rule_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_rule_pack_grant'] = role_3_db # Custom role 4 - one grant on rule # "rule_view on rule_3 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_3'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_grant'] = role_4_db # Custom role - "rule_all" grant on a parent rule pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_rule_all_grant'] = role_4_db # Custom role - "rule_all" grant on a rule grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_all_grant'] = role_4_db # Custom role - "rule_modify" on role_1 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_rule_modify_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_rule_modify_grant'] = role_5_db # Custom role - "rule_create" grant on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='rule_pack_rule_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['rule_pack_rule_create_grant'] = role_6_db # Custom role - "rule_all" grant on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='rule_pack_rule_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['rule_pack_rule_all_grant'] = role_7_db # Custom role - "rule_create" grant on rule_1 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='rule_rule_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['rule_rule_create_grant'] = role_8_db # Custom role - "rule_all" grant on rule_1 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_9_db = RoleDB(name='rule_rule_all_grant', permission_grants=permission_grants) role_9_db = Role.add_or_update(role_9_db) self.roles['rule_rule_all_grant'] = role_9_db # Custom role - "rule_list" grant grant_db = PermissionGrantDB( resource_uid=None, resource_type=None, permission_types=[PermissionType.RULE_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_10_db = RoleDB(name='custom_role_rule_list_grant', permission_grants=permission_grants) role_10_db = Role.add_or_update(role_10_db) self.roles['custom_role_rule_list_grant'] = role_10_db # Create some mock role assignments user_db = self.users['custom_role_rule_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_pack_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_modify_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_pack_rule_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_pack_rule_create_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_rule_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_rule_create_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_list_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def enforce(self): # TODO: Refactor this to avoid additional lookup in cast_params # TODO: rename self.rule.action -> self.rule.action_exec_spec action_ref = self.rule.action['ref'] action_db = action_db_util.get_action_by_ref(action_ref) if not action_db: raise ValueError('Action "%s" doesn\'t exist' % (action_ref)) data = self.data_transformer(self.rule.action.parameters) LOG.info('Invoking action %s for trigger_instance %s with data %s.', self.rule.action.ref, self.trigger_instance.id, json.dumps(data)) # update trace before invoking the action. trace_context = self._update_trace() LOG.debug('Updated trace %s with rule %s.', trace_context, self.rule.id) context = { 'trigger_instance': reference.get_ref_from_model(self.trigger_instance), 'rule': reference.get_ref_from_model(self.rule), 'user': get_system_username(), TRACE_CONTEXT: trace_context } extra = { 'trigger_instance_db': self.trigger_instance, 'rule_db': self.rule } rule_spec = { 'ref': self.rule.ref, 'id': str(self.rule.id), 'uid': self.rule.uid } enforcement_db = RuleEnforcementDB(trigger_instance_id=str( self.trigger_instance.id), rule=rule_spec) try: execution_db = RuleEnforcer._invoke_action(self.rule.action, data, context) # pylint: disable=no-member enforcement_db.execution_id = str(execution_db.id) # pylint: enable=no-member except: LOG.exception('Failed kicking off execution for rule %s.', self.rule, extra=extra) return None finally: self._update_enforcement(enforcement_db) extra['execution_db'] = execution_db # pylint: disable=no-member if execution_db.status not in EXEC_KICKED_OFF_STATES: # pylint: enable=no-member LOG.audit( 'Rule enforcement failed. Execution of Action %s failed. ' 'TriggerInstance: %s and Rule: %s', self.rule.action.name, self.trigger_instance, self.rule, extra=extra) return execution_db LOG.audit( 'Rule enforced. Execution %s, TriggerInstance %s and Rule %s.', execution_db, self.trigger_instance, self.rule, extra=extra) return execution_db