def delete(self, name): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ lock_name = self._get_lock_name_for_key(name=name) # Note: We use lock to avoid a race with self._coordinator.get_lock(lock_name): kvp_db = self.__get_by_name(name=name) if not kvp_db: abort(http_client.NOT_FOUND) return LOG.debug('DELETE /keys/ lookup with name=%s found object: %s', name, kvp_db) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception('Database delete encountered exception during ' 'delete of name="%s". ', name) abort(http_client.INTERNAL_SERVER_ERROR, str(e)) return extra = {'kvp_db': kvp_db} LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def delete(self, name): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ lock_name = self._get_lock_name_for_key(name=name) # Note: We use lock to avoid a race with self._coordinator.get_lock(lock_name): kvp_db = self._get_by_name(resource_name=name) if not kvp_db: abort(http_client.NOT_FOUND) return LOG.debug('DELETE /keys/ lookup with name=%s found object: %s', name, kvp_db) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception('Database delete encountered exception during ' 'delete of name="%s". ', name) abort(http_client.INTERNAL_SERVER_ERROR, str(e)) return extra = {'kvp_db': kvp_db} LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def delete(self, name, requester_user, scope=FULL_SYSTEM_SCOPE, user=None): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ if not scope: scope = FULL_SYSTEM_SCOPE if not requester_user: requester_user = UserDB(cfg.CONF.system_user.user) scope = get_datastore_full_scope(scope) self._validate_scope(scope=scope) user = user or requester_user.name # Validate that the authenticated user is admin if user query param is provided rbac_utils = get_rbac_backend().get_utils_class() rbac_utils.assert_user_is_admin_if_user_query_param_is_provided( user_db=requester_user, user=user, require_rbac=True) key_ref = get_key_reference(scope=scope, name=name, user=user) lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope) # Note: We use lock to avoid a race with self._coordinator.get_lock(lock_name): from_model_kwargs = {"mask_secrets": True} kvp_api = self._get_one_by_scope_and_name( name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs) kvp_db = KeyValuePairAPI.to_model(kvp_api) LOG.debug( "DELETE /keys/ lookup with scope=%s name=%s found object: %s", scope, name, kvp_db, ) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception( "Database delete encountered exception during " 'delete of name="%s". ', name, ) abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e)) return extra = {"kvp_db": kvp_db} LOG.audit("KeyValuePair deleted. KeyValuePair.id=%s" % (kvp_db.id), extra=extra) return Response(status=http_client.NO_CONTENT)
def delete(self, name, requester_user, scope=FULL_SYSTEM_SCOPE, user=None): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ if not scope: scope = FULL_SYSTEM_SCOPE if not requester_user: requester_user = UserDB(cfg.CONF.system_user.user) scope = get_datastore_full_scope(scope) self._validate_scope(scope=scope) user = user or requester_user.name # Validate that the authenticated user is admin if user query param is provided rbac_utils = get_rbac_backend().get_utils_class() rbac_utils.assert_user_is_admin_if_user_query_param_is_provided(user_db=requester_user, user=user, require_rbac=True) key_ref = get_key_reference(scope=scope, name=name, user=user) lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope) # Note: We use lock to avoid a race with self._coordinator.get_lock(lock_name): from_model_kwargs = {'mask_secrets': True} kvp_api = self._get_one_by_scope_and_name( name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs ) kvp_db = KeyValuePairAPI.to_model(kvp_api) LOG.debug('DELETE /keys/ lookup with scope=%s name=%s found object: %s', scope, name, kvp_db) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception('Database delete encountered exception during ' 'delete of name="%s". ', name) abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e)) return extra = {'kvp_db': kvp_db} LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra) return Response(status=http_client.NO_CONTENT)
def test_system_transform(self): k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5')) k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6')) k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7')) k8 = KeyValuePair.add_or_update( KeyValuePairDB(name='k8', value='v8', scope=FULL_SYSTEM_SCOPE)) try: transformer = datatransform.get_transformer(PAYLOAD) mapping = { 'ip5': '{{trigger.k2}}-static', 'ip6': '{{st2kv.system.k6}}-static', 'ip7': '{{st2kv.system.k7}}-static' } result = transformer(mapping) expected = { 'ip5': 'v2-static', 'ip6': 'v6-static', 'ip7': 'v7-static' } self.assertEqual(result, expected) finally: KeyValuePair.delete(k5) KeyValuePair.delete(k6) KeyValuePair.delete(k7) KeyValuePair.delete(k8)
def test_system_transform(self): rule = self.models['rules']['rule_action_default_value_render_fail.yaml'] runner_type_db = mock.Mock() runner_type_db.runner_parameters = {} action_db = mock.Mock() action_db.parameters = {} k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5')) k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6')) k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7')) k8 = KeyValuePair.add_or_update(KeyValuePairDB(name='k8', value='v8', scope=FULL_SYSTEM_SCOPE)) params = {'ip5': '{{trigger.k2}}-static', 'ip6': '{{st2kv.system.k6}}-static', 'ip7': '{{st2kv.system.k7}}-static'} expected_params = {'ip5': 'v2-static', 'ip6': 'v6-static', 'ip7': 'v7-static'} try: self.assertResolvedParamsMatchExpected(rule=rule, trigger_instance=MOCK_TRIGGER_INSTANCE_4, params=params, expected_params=expected_params) finally: KeyValuePair.delete(k5) KeyValuePair.delete(k6) KeyValuePair.delete(k7) KeyValuePair.delete(k8)
def delete(self, name, scope=FULL_SYSTEM_SCOPE, user=None): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ if not scope: scope = FULL_SYSTEM_SCOPE scope = get_datastore_full_scope(scope) self._validate_scope(scope=scope) requester_user = get_requester() user = user or requester_user # Validate that the authenticated user is admin if user query param is provided assert_request_user_is_admin_if_user_query_param_is_provided( request=pecan.request, user=user) key_ref = get_key_reference(scope=scope, name=name, user=user) lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope) # Note: We use lock to avoid a race with self._coordinator.get_lock(lock_name): from_model_kwargs = {'mask_secrets': True} kvp_api = self._get_one_by_scope_and_name( name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs) kvp_db = KeyValuePairAPI.to_model(kvp_api) LOG.debug( 'DELETE /keys/ lookup with scope=%s name=%s found object: %s', scope, name, kvp_db) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception( 'Database delete encountered exception during ' 'delete of name="%s". ', name) abort(http_client.INTERNAL_SERVER_ERROR, str(e)) return extra = {'kvp_db': kvp_db} LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def delete(self, name, scope=FULL_SYSTEM_SCOPE, user=None): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ if not scope: scope = FULL_SYSTEM_SCOPE scope = get_datastore_full_scope(scope) self._validate_scope(scope=scope) requester_user = get_requester() user = user or requester_user # Validate that the authenticated user is admin if user query param is provided assert_request_user_is_admin_if_user_query_param_is_provider(request=pecan.request, user=user) key_ref = get_key_reference(scope=scope, name=name, user=user) lock_name = self._get_lock_name_for_key(name=key_ref, scope=scope) # Note: We use lock to avoid a race with self._coordinator.get_lock(lock_name): from_model_kwargs = {'mask_secrets': True} kvp_api = self._get_one_by_scope_and_name( name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs ) kvp_db = KeyValuePairAPI.to_model(kvp_api) LOG.debug('DELETE /keys/ lookup with scope=%s name=%s found object: %s', scope, name, kvp_db) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception('Database delete encountered exception during ' 'delete of name="%s". ', name) abort(http_client.INTERNAL_SERVER_ERROR, str(e)) return extra = {'kvp_db': kvp_db} LOG.audit('KeyValuePair deleted. KeyValuePair.id=%s' % (kvp_db.id), extra=extra)
def tearDownClass(cls): headers = {'content-type': 'application/json', 'X-Auth-Token': str(SYS_TOKEN.token)} cls.app.delete('/v1/actions/%s' % cls.action['id'], headers=headers) cls.app.delete('/v1/actions/%s' % cls.action_encrypt['id'], headers=headers) # unregister key-value pairs for tests [KeyValuePair.delete(x) for x in cls.kvps] super(ActionExecutionControllerTestCaseAuthEnabled, cls).tearDownClass()
def test_chain_runner_vars_system_params(self, request): kvps = [] try: kvps.append( KeyValuePair.add_or_update( KeyValuePairDB(name='a', value='two'))) chain_runner = acr.get_runner() chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS chain_runner.action = ACTION_2 chain_runner.container_service = RunnerContainerService() chain_runner.pre_run() chain_runner.run({}) self.assertNotEqual(chain_runner.chain_holder.actionchain, None) expected_value = {'inttype': 1, 'strtype': 'two', 'booltype': True} mock_args, _ = request.call_args self.assertEqual(mock_args[0].parameters, expected_value) finally: for kvp in kvps: KeyValuePair.delete(kvp)
def test_chain_runner_vars_system_params(self, request): kvps = [] try: kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name='a', value='two'))) chain_runner = acr.get_runner() chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS chain_runner.action = ACTION_2 chain_runner.container_service = RunnerContainerService() chain_runner.pre_run() chain_runner.run({}) self.assertNotEqual(chain_runner.chain_holder.actionchain, None) expected_value = {'inttype': 1, 'strtype': 'two', 'booltype': True} mock_args, _ = request.call_args self.assertEqual(mock_args[0].parameters, expected_value) finally: for kvp in kvps: KeyValuePair.delete(kvp)
def test_chain_runner_vars_system_params(self, request): action_ref = ResourceReference.to_string_reference(name=ACTION_2.name, pack=ACTION_2.pack) kvps = [] try: kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name='a', value='two'))) chain_runner = acr.get_runner() chain_runner.entry_point = CHAIN_WITH_SYSTEM_VARS chain_runner.action = ACTION_2 chain_runner.liveaction = LiveActionDB(action=action_ref) chain_runner.pre_run() chain_runner.run({}) self.assertNotEqual(chain_runner.chain_holder.actionchain, None) expected_value = {'inttype': 1, 'strtype': 'two', 'booltype': True} mock_args, _ = request.call_args self.assertEqual(mock_args[0].parameters, expected_value) finally: for kvp in kvps: KeyValuePair.delete(kvp)
def tearDownClass(cls): headers = { "content-type": "application/json", "X-Auth-Token": str(SYS_TOKEN.token), } cls.app.delete("/v1/actions/%s" % cls.action["id"], headers=headers) cls.app.delete("/v1/actions/%s" % cls.action_encrypt["id"], headers=headers) # unregister key-value pairs for tests [KeyValuePair.delete(x) for x in cls.kvps] super(ActionExecutionControllerTestCaseAuthEnabled, cls).tearDownClass()
def test_chain_runner_typed_system_params(self, request): action_ref = ResourceReference.to_string_reference( name=ACTION_2.name, pack=ACTION_2.pack ) kvps = [] try: kvps.append(KeyValuePair.add_or_update(KeyValuePairDB(name="a", value="1"))) kvps.append( KeyValuePair.add_or_update(KeyValuePairDB(name="a.b.c", value="two")) ) chain_runner = acr.get_runner() chain_runner.entry_point = CHAIN_SYSTEM_PARAMS chain_runner.action = ACTION_2 chain_runner.liveaction = LiveActionDB(action=action_ref) chain_runner.pre_run() chain_runner.run({}) self.assertNotEqual(chain_runner.chain_holder.actionchain, None) expected_value = {"inttype": 1, "strtype": "two"} mock_args, _ = request.call_args self.assertEqual(mock_args[0].parameters, expected_value) finally: for kvp in kvps: KeyValuePair.delete(kvp)
def tearDownClass(cls): headers = { 'content-type': 'application/json', 'X-Auth-Token': str(SYS_TOKEN.token) } cls.app.delete('/v1/actions/%s' % cls.action['id'], headers=headers) cls.app.delete('/v1/actions/%s' % cls.action_encrypt['id'], headers=headers) # unregister key-value pairs for tests [KeyValuePair.delete(x) for x in cls.kvps] super(ActionExecutionControllerTestCaseAuthEnabled, cls).tearDownClass()
def test_system_transform(self): k5 = KeyValuePair.add_or_update(KeyValuePairDB(name="k5", value="v5")) k6 = KeyValuePair.add_or_update(KeyValuePairDB(name="k6", value="v6")) k7 = KeyValuePair.add_or_update(KeyValuePairDB(name="k7", value="v7")) try: transformer = datatransform.get_transformer(PAYLOAD) mapping = {"ip5": "{{trigger.k2}}-static", "ip6": "{{system.k6}}-static", "ip7": "{{system.k7}}-static"} result = transformer(mapping) expected = {"ip5": "v2-static", "ip6": "v6-static", "ip7": "v7-static"} self.assertEqual(result, expected) finally: KeyValuePair.delete(k5) KeyValuePair.delete(k6) KeyValuePair.delete(k7)
def test_system_transform(self): rule = self.models["rules"][ "rule_action_default_value_render_fail.yaml"] runner_type_db = mock.Mock() runner_type_db.runner_parameters = {} action_db = mock.Mock() action_db.parameters = {} k5 = KeyValuePair.add_or_update(KeyValuePairDB(name="k5", value="v5")) k6 = KeyValuePair.add_or_update(KeyValuePairDB(name="k6", value="v6")) k7 = KeyValuePair.add_or_update(KeyValuePairDB(name="k7", value="v7")) k8 = KeyValuePair.add_or_update( KeyValuePairDB(name="k8", value="v8", scope=FULL_SYSTEM_SCOPE)) params = { "ip5": "{{trigger.k2}}-static", "ip6": "{{st2kv.system.k6}}-static", "ip7": "{{st2kv.system.k7}}-static", } expected_params = { "ip5": "v2-static", "ip6": "v6-static", "ip7": "v7-static" } try: self.assertResolvedParamsMatchExpected( rule=rule, trigger_instance=MOCK_TRIGGER_INSTANCE_4, params=params, expected_params=expected_params, ) finally: KeyValuePair.delete(k5) KeyValuePair.delete(k6) KeyValuePair.delete(k7) KeyValuePair.delete(k8)
def test_system_transform(self): k5 = KeyValuePair.add_or_update(KeyValuePairDB(name='k5', value='v5')) k6 = KeyValuePair.add_or_update(KeyValuePairDB(name='k6', value='v6')) k7 = KeyValuePair.add_or_update(KeyValuePairDB(name='k7', value='v7')) k8 = KeyValuePair.add_or_update(KeyValuePairDB(name='k8', value='v8', scope=FULL_SYSTEM_SCOPE)) try: transformer = datatransform.get_transformer(PAYLOAD) mapping = {'ip5': '{{trigger.k2}}-static', 'ip6': '{{st2kv.system.k6}}-static', 'ip7': '{{st2kv.system.k7}}-static', 'ip8': '{{system.k8}}-static'} result = transformer(mapping) expected = {'ip5': 'v2-static', 'ip6': 'v6-static', 'ip7': 'v7-static', 'ip8': 'v8-static'} self.assertEqual(result, expected) finally: KeyValuePair.delete(k5) KeyValuePair.delete(k6) KeyValuePair.delete(k7) KeyValuePair.delete(k8)
def delete(self, name, requester_user, scope=None, user=None): """ Delete the key value pair. Handles requests: DELETE /keys/1 """ if not scope or scope == ALL_SCOPE: # Default to system scope scope = FULL_SYSTEM_SCOPE if not requester_user: requester_user = UserDB(name=cfg.CONF.system_user.user) scope = get_datastore_full_scope(scope) self._validate_scope(scope=scope) user = user or requester_user.name rbac_utils = get_rbac_backend().get_utils_class() # Validate that the authenticated user is admin if user query param is provided rbac_utils.assert_user_is_admin_if_user_query_param_is_provided( user_db=requester_user, user=user, require_rbac=True) # Set key reference for system or user scope key_ref = get_key_reference(scope=scope, name=name, user=user) extra = { "scope": scope, "name": name, "user": user, "key_ref": key_ref } LOG.debug("DELETE /v1/keys/%s", name, extra=extra) # Setup a kvp database object used for verifying permission kvp_db = KeyValuePairDB( uid="%s:%s:%s" % (ResourceType.KEY_VALUE_PAIR, scope, key_ref), scope=scope, name=key_ref, ) # Check that user has permission to the key value pair. # If RBAC is enabled, this check will verify if user has system role with all access. # If RBAC is enabled, this check guards against a user accessing another user's kvp. # If RBAC is enabled, user needs to be explicitly granted permission to delete a system kvp. # The check is sufficient to allow decryption of the system kvp. rbac_utils.assert_user_has_resource_db_permission( user_db=requester_user, resource_db=kvp_db, permission_type=PermissionType.KEY_VALUE_PAIR_DELETE, ) # Acquire a lock to avoid race condition between concurrent API calls with self._coordinator.get_lock( self._get_lock_name_for_key(name=key_ref, scope=scope)): from_model_kwargs = {"mask_secrets": True} kvp_api = self._get_one_by_scope_and_name( name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs) kvp_db = KeyValuePairAPI.to_model(kvp_api) extra["kvp_db"] = kvp_db LOG.debug("DELETE /v1/keys/%s", name, extra=extra) try: KeyValuePair.delete(kvp_db) except Exception as e: LOG.exception( "Database delete encountered exception during " 'delete of name="%s". ', name, ) abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e)) return LOG.audit("DELETE /v1/keys/%s succeeded id=%s", name, kvp_db.id, extra=extra) return Response(status=http_client.NO_CONTENT)