def put(self, instance, ref_or_id):
op = 'PUT /policies/%s/' % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug('%s found object: %s', op, db_model)
db_model_id = db_model.id
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception('%s unable to update object from system pack.', op)
abort(http_client.BAD_REQUEST, str(e))
if not getattr(instance, 'pack', None):
instance.pack = db_model.pack
try:
db_model = self.model.to_model(instance)
db_model.id = db_model_id
db_model = self.access.add_or_update(db_model)
except (ValidationError, ValueError) as e:
LOG.exception('%s unable to update object: %s', op, db_model)
abort(http_client.BAD_REQUEST, str(e))
return
LOG.debug('%s updated object: %s', op, db_model)
LOG.audit('Policy updated. Policy.id=%s' % (db_model.id), extra={'policy_db': db_model})
return self.model.from_model(db_model)
def put(self, triggertype, triggertype_ref_or_id):
triggertype_db = self._get_by_ref_or_id(ref_or_id=triggertype_ref_or_id)
triggertype_id = triggertype_db.id
try:
validate_not_part_of_system_pack(triggertype_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
try:
triggertype_db = TriggerTypeAPI.to_model(triggertype)
if triggertype.id is not None and len(triggertype.id) > 0 and \
triggertype.id != triggertype_id:
LOG.warning('Discarding mismatched id=%s found in payload and using uri_id=%s.',
triggertype.id, triggertype_id)
triggertype_db.id = triggertype_id
old_triggertype_db = triggertype_db
triggertype_db = TriggerType.add_or_update(triggertype_db)
except (ValidationError, ValueError) as e:
LOG.exception('Validation failed for triggertype data=%s', triggertype)
abort(http_client.BAD_REQUEST, str(e))
return
extra = {'old_triggertype_db': old_triggertype_db, 'new_triggertype_db': triggertype_db}
LOG.audit('TriggerType updated. TriggerType.id=%s' % (triggertype_db.id), extra=extra)
triggertype_api = TriggerTypeAPI.from_model(triggertype_db)
return triggertype_api
def delete(self, ref_or_id):
"""
Delete a policy.
Handles requests:
POST /policies/1?_method=delete
DELETE /policies/1
DELETE /policies/mypack.mypolicy
"""
op = 'DELETE /policies/%s/' % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug('%s found object: %s', op, db_model)
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception('%s unable to delete object from system pack.', op)
abort(http_client.BAD_REQUEST, str(e))
try:
self.access.delete(db_model)
except Exception as e:
LOG.exception('%s unable to delete object: %s', op, db_model)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
LOG.debug('%s deleted object: %s', op, db_model)
LOG.audit('Policy deleted. Policy.id=%s' % (db_model.id), extra={'policy_db': db_model})
return None
def put(self, instance, ref_or_id):
op = 'PUT /policies/%s/' % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug('%s found object: %s', op, db_model)
db_model_id = db_model.id
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception('%s unable to update object from system pack.', op)
abort(http_client.BAD_REQUEST, str(e))
if not getattr(instance, 'pack', None):
instance.pack = db_model.pack
try:
db_model = self.model.to_model(instance)
db_model.id = db_model_id
db_model = self.access.add_or_update(db_model)
except (ValidationError, ValueError) as e:
LOG.exception('%s unable to update object: %s', op, db_model)
abort(http_client.BAD_REQUEST, str(e))
return
LOG.debug('%s updated object: %s', op, db_model)
LOG.audit('Policy updated. Policy.id=%s' % (db_model.id),
extra={'policy_db': db_model})
return self.model.from_model(db_model)
def delete(self, action_ref_or_id):
"""
Delete an action.
Handles requests:
POST /actions/1?_method=delete
DELETE /actions/1
DELETE /actions/mypack.myaction
"""
action_db = self._get_by_ref_or_id(ref_or_id=action_ref_or_id)
action_id = action_db.id
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
LOG.debug('DELETE /actions/ lookup with ref_or_id=%s found object: %s',
action_ref_or_id, action_db)
try:
Action.delete(action_db)
except Exception as e:
LOG.error('Database delete encountered exception during delete of id="%s". '
'Exception was %s', action_id, e)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
extra = {'action_db': action_db}
LOG.audit('Action deleted. Action.id=%s' % (action_db.id), extra=extra)
return None
def delete(self, ref_or_id):
"""
Delete a policy.
Handles requests:
POST /policies/1?_method=delete
DELETE /policies/1
DELETE /policies/mypack.mypolicy
"""
op = 'DELETE /policies/%s/' % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug('%s found object: %s', op, db_model)
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception('%s unable to delete object from system pack.', op)
abort(http_client.BAD_REQUEST, str(e))
try:
self.access.delete(db_model)
except Exception as e:
LOG.exception('%s unable to delete object: %s', op, db_model)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
LOG.debug('%s deleted object: %s', op, db_model)
LOG.audit('Policy deleted. Policy.id=%s' % (db_model.id),
extra={'policy_db': db_model})
return None
def put(self, triggertype_ref_or_id, triggertype):
try:
triggertype_db = self._get_by_ref_or_id(ref_or_id=triggertype_ref_or_id)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
triggertype_id = triggertype_db.id
try:
validate_not_part_of_system_pack(triggertype_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
try:
triggertype_db = TriggerTypeAPI.to_model(triggertype)
if triggertype.id is not None and len(triggertype.id) > 0 and \
triggertype.id != triggertype_id:
LOG.warning('Discarding mismatched id=%s found in payload and using uri_id=%s.',
triggertype.id, triggertype_id)
triggertype_db.id = triggertype_id
old_triggertype_db = triggertype_db
triggertype_db = TriggerType.add_or_update(triggertype_db)
except (ValidationError, ValueError) as e:
LOG.exception('Validation failed for triggertype data=%s', triggertype)
abort(http_client.BAD_REQUEST, str(e))
return
extra = {'old_triggertype_db': old_triggertype_db, 'new_triggertype_db': triggertype_db}
LOG.audit('TriggerType updated. TriggerType.id=%s' % (triggertype_db.id), extra=extra)
triggertype_api = TriggerTypeAPI.from_model(triggertype_db)
return triggertype_api
def put(self, action_ref_or_id, action):
action_db = self._get_by_ref_or_id(ref_or_id=action_ref_or_id)
action_id = action_db.id
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
if not getattr(action, 'pack', None):
action.pack = action_db.pack
try:
action_validator.validate_action(action)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
return
try:
action_db = ActionAPI.to_model(action)
action_db.id = action_id
action_db = Action.add_or_update(action_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update action data=%s', action)
abort(http_client.BAD_REQUEST, str(e))
return
action_api = ActionAPI.from_model(action_db)
LOG.debug('PUT /actions/ client_result=%s', action_api)
return action_api
def delete(self, triggertype_ref_or_id):
"""
Delete a triggertype.
Handles requests:
DELETE /triggertypes/1
DELETE /triggertypes/pack.name
"""
LOG.info('DELETE /triggertypes/ with ref_or_id=%s',
triggertype_ref_or_id)
triggertype_db = self._get_by_ref_or_id(ref_or_id=triggertype_ref_or_id)
triggertype_id = triggertype_db.id
try:
validate_not_part_of_system_pack(triggertype_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
try:
TriggerType.delete(triggertype_db)
except Exception as e:
LOG.exception('Database delete encountered exception during delete of id="%s". ',
triggertype_id)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
else:
extra = {'triggertype': triggertype_db}
LOG.audit('TriggerType deleted. TriggerType.id=%s' % (triggertype_db.id), extra=extra)
if not triggertype_db.parameters_schema:
TriggerTypeController._delete_shadow_trigger(triggertype_db)
return Response(status=http_client.NO_CONTENT)
def delete(self, triggertype_ref_or_id):
"""
Delete a triggertype.
Handles requests:
DELETE /triggertypes/1
DELETE /triggertypes/pack.name
"""
LOG.info('DELETE /triggertypes/ with ref_or_id=%s',
triggertype_ref_or_id)
triggertype_db = self._get_by_ref_or_id(ref_or_id=triggertype_ref_or_id)
triggertype_id = triggertype_db.id
try:
validate_not_part_of_system_pack(triggertype_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, six.text_type(e))
try:
TriggerType.delete(triggertype_db)
except Exception as e:
LOG.exception('Database delete encountered exception during delete of id="%s". ',
triggertype_id)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
else:
extra = {'triggertype': triggertype_db}
LOG.audit('TriggerType deleted. TriggerType.id=%s' % (triggertype_db.id), extra=extra)
if not triggertype_db.parameters_schema:
TriggerTypeController._delete_shadow_trigger(triggertype_db)
return Response(status=http_client.NO_CONTENT)
def post(self, action):
"""
Create a new action.
Handles requests:
POST /actions/
"""
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
# Write pack data files to disk (if any are provided)
data_files = getattr(action, 'data_files', [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_name=action.pack,
data_files=data_files)
action_model = ActionAPI.to_model(action)
LOG.debug('/actions/ POST verified ActionAPI object=%s', action)
action_db = Action.add_or_update(action_model)
LOG.debug('/actions/ POST saved ActionDB object=%s', action_db)
# Dispatch an internal trigger for each written data file. This way user
# automate comitting this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(
action_db=action_db, written_data_files=written_data_files)
extra = {'acion_db': action_db}
LOG.audit('Action created. Action.id=%s' % (action_db.id), extra=extra)
action_api = ActionAPI.from_model(action_db)
return action_api
def delete(self, action_ref_or_id):
"""
Delete an action.
Handles requests:
POST /actions/1?_method=delete
DELETE /actions/1
DELETE /actions/mypack.myaction
"""
action_db = self._get_by_ref_or_id(ref_or_id=action_ref_or_id)
action_id = action_db.id
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
LOG.debug('DELETE /actions/ lookup with ref_or_id=%s found object: %s',
action_ref_or_id, action_db)
try:
Action.delete(action_db)
except Exception as e:
LOG.error(
'Database delete encountered exception during delete of id="%s". '
'Exception was %s', action_id, e)
abort(http_client.INTERNAL_SERVER_ERROR, str(e))
return
extra = {'action_db': action_db}
LOG.audit('Action deleted. Action.id=%s' % (action_db.id), extra=extra)
return None
def post(self, action):
"""
Create a new action.
Handles requests:
POST /actions/
"""
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
# Write pack data files to disk (if any are provided)
data_files = getattr(action, 'data_files', [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_name=action.pack,
data_files=data_files)
action_model = ActionAPI.to_model(action)
LOG.debug('/actions/ POST verified ActionAPI object=%s', action)
action_db = Action.add_or_update(action_model)
LOG.debug('/actions/ POST saved ActionDB object=%s', action_db)
# Dispatch an internal trigger for each written data file. This way user
# automate comitting this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(action_db=action_db,
written_data_files=written_data_files)
extra = {'acion_db': action_db}
LOG.audit('Action created. Action.id=%s' % (action_db.id), extra=extra)
action_api = ActionAPI.from_model(action_db)
return action_api
def post(self, action, requester_user):
"""
Create a new action.
Handles requests:
POST /actions/
"""
permission_type = PermissionType.ACTION_CREATE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_api_permission(
user_db=requester_user,
resource_api=action,
permission_type=permission_type)
try:
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
except (
ValidationError,
ValueError,
ValueValidationException,
InvalidActionParameterException,
) as e:
LOG.exception("Unable to create action data=%s", action)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
# Write pack data files to disk (if any are provided)
data_files = getattr(action, "data_files", [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_ref=action.pack,
data_files=data_files)
action_model = ActionAPI.to_model(action)
LOG.debug("/actions/ POST verified ActionAPI object=%s", action)
action_db = Action.add_or_update(action_model)
LOG.debug("/actions/ POST saved ActionDB object=%s", action_db)
# Dispatch an internal trigger for each written data file. This way user
# automate comitting this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(
action_db=action_db, written_data_files=written_data_files)
extra = {"acion_db": action_db}
LOG.audit("Action created. Action.id=%s" % (action_db.id), extra=extra)
action_api = ActionAPI.from_model(action_db)
return Response(json=action_api, status=http_client.CREATED)
def put(self, action, ref_or_id, requester_user):
action_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
# Assert permissions
permission_type = PermissionType.ACTION_MODIFY
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=action_db,
permission_type=permission_type,
)
action_id = action_db.id
if not getattr(action, "pack", None):
action.pack = action_db.pack
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
# Write pack data files to disk (if any are provided)
data_files = getattr(action, "data_files", [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_ref=action.pack,
data_files=data_files)
try:
action_db = ActionAPI.to_model(action)
LOG.debug("/actions/ PUT incoming action: %s", action_db)
action_db.id = action_id
action_db = Action.add_or_update(action_db)
LOG.debug("/actions/ PUT after add_or_update: %s", action_db)
except (ValidationError, ValueError) as e:
LOG.exception("Unable to update action data=%s", action)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
# Dispatch an internal trigger for each written data file. This way user
# automate committing this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(
action_db=action_db, written_data_files=written_data_files)
action_api = ActionAPI.from_model(action_db)
LOG.debug("PUT /actions/ client_result=%s", action_api)
return action_api
def post(self, action, requester_user):
"""
Create a new action.
Handles requests:
POST /actions/
"""
permission_type = PermissionType.ACTION_CREATE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_api_permission(user_db=requester_user,
resource_api=action,
permission_type=permission_type)
try:
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
except (ValidationError, ValueError,
ValueValidationException, InvalidActionParameterException) as e:
LOG.exception('Unable to create action data=%s', action)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
# Write pack data files to disk (if any are provided)
data_files = getattr(action, 'data_files', [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_ref=action.pack,
data_files=data_files)
action_model = ActionAPI.to_model(action)
LOG.debug('/actions/ POST verified ActionAPI object=%s', action)
action_db = Action.add_or_update(action_model)
LOG.debug('/actions/ POST saved ActionDB object=%s', action_db)
# Dispatch an internal trigger for each written data file. This way user
# automate comitting this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(action_db=action_db,
written_data_files=written_data_files)
extra = {'acion_db': action_db}
LOG.audit('Action created. Action.id=%s' % (action_db.id), extra=extra)
action_api = ActionAPI.from_model(action_db)
return Response(json=action_api, status=http_client.CREATED)
def put(self, action, ref_or_id, requester_user):
action_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
# Assert permissions
permission_type = PermissionType.ACTION_MODIFY
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=action_db,
permission_type=permission_type)
action_id = action_db.id
if not getattr(action, 'pack', None):
action.pack = action_db.pack
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
# Write pack data files to disk (if any are provided)
data_files = getattr(action, 'data_files', [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_ref=action.pack,
data_files=data_files)
try:
action_db = ActionAPI.to_model(action)
LOG.debug('/actions/ PUT incoming action: %s', action_db)
action_db.id = action_id
action_db = Action.add_or_update(action_db)
LOG.debug('/actions/ PUT after add_or_update: %s', action_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update action data=%s', action)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
# Dispatch an internal trigger for each written data file. This way user
# automate committing this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(action_db=action_db,
written_data_files=written_data_files)
action_api = ActionAPI.from_model(action_db)
LOG.debug('PUT /actions/ client_result=%s', action_api)
return action_api
def delete(self, ref_or_id, requester_user):
"""
Delete an action.
Handles requests:
POST /actions/1?_method=delete
DELETE /actions/1
DELETE /actions/mypack.myaction
"""
action_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
action_id = action_db.id
permission_type = PermissionType.ACTION_DELETE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=action_db,
permission_type=permission_type,
)
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, six.text_type(e))
LOG.debug(
"DELETE /actions/ lookup with ref_or_id=%s found object: %s",
ref_or_id,
action_db,
)
try:
Action.delete(action_db)
except Exception as e:
LOG.error(
'Database delete encountered exception during delete of id="%s". '
"Exception was %s",
action_id,
e,
)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
extra = {"action_db": action_db}
LOG.audit("Action deleted. Action.id=%s" % (action_db.id), extra=extra)
return Response(status=http_client.NO_CONTENT)
def put(self, sensor_type, ref_or_id, requester_user):
# Note: Right now this function only supports updating of "enabled"
# attribute on the SensorType model.
# The reason for that is that SensorTypeAPI.to_model right now only
# knows how to work with sensor type definitions from YAML files.
sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
permission_type = PermissionType.SENSOR_MODIFY
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=sensor_type_db,
permission_type=permission_type,
)
sensor_type_id = sensor_type_db.id
try:
validate_not_part_of_system_pack(sensor_type_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, six.text_type(e))
return
if not getattr(sensor_type, "pack", None):
sensor_type.pack = sensor_type_db.pack
try:
old_sensor_type_db = sensor_type_db
sensor_type_db.id = sensor_type_id
sensor_type_db.enabled = getattr(sensor_type, "enabled", False)
sensor_type_db = SensorType.add_or_update(sensor_type_db)
except (ValidationError, ValueError) as e:
LOG.exception("Unable to update sensor_type data=%s", sensor_type)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
extra = {
"old_sensor_type_db": old_sensor_type_db,
"new_sensor_type_db": sensor_type_db,
}
LOG.audit("Sensor updated. Sensor.id=%s." % (sensor_type_db.id), extra=extra)
sensor_type_api = SensorTypeAPI.from_model(sensor_type_db)
return sensor_type_api
def put(self, instance, ref_or_id, requester_user):
op = "PUT /policies/%s/" % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug("%s found object: %s", op, db_model)
permission_type = PermissionType.POLICY_MODIFY
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=db_model,
permission_type=permission_type,
)
db_model_id = db_model.id
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception("%s unable to update object from system pack.", op)
abort(http_client.BAD_REQUEST, six.text_type(e))
if not getattr(instance, "pack", None):
instance.pack = db_model.pack
try:
db_model = self.model.to_model(instance)
db_model.id = db_model_id
db_model = self.access.add_or_update(db_model)
except (ValidationError, ValueError) as e:
LOG.exception("%s unable to update object: %s", op, db_model)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
LOG.debug("%s updated object: %s", op, db_model)
LOG.audit(
"Policy updated. Policy.id=%s" % (db_model.id),
extra={"policy_db": db_model},
)
exec_result = self.model.from_model(db_model)
return Response(json=exec_result, status=http_client.OK)
def put(self, triggertype_ref_or_id, triggertype):
LOG.info(
'PUT /triggertypes/ with triggertype ref_or_id=%s and data=%s',
triggertype_ref_or_id, triggertype)
try:
triggertype_db = self._get_by_ref_or_id(
ref_or_id=triggertype_ref_or_id)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
triggertype_id = triggertype_db.id
try:
validate_not_part_of_system_pack(triggertype_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
try:
triggertype_db = TriggerTypeAPI.to_model(triggertype)
if triggertype.id is not None and len(triggertype.id) > 0 and \
triggertype.id != triggertype_id:
LOG.warning(
'Discarding mismatched id=%s found in payload and using uri_id=%s.',
triggertype.id, triggertype_id)
triggertype_db.id = triggertype_id
old_triggertype_db = triggertype_db
triggertype_db = TriggerType.add_or_update(triggertype_db)
except (ValidationError, ValueError) as e:
LOG.exception('Validation failed for triggertype data=%s',
triggertype)
abort(http_client.BAD_REQUEST, str(e))
return
LOG.audit(
'TriggerType updated. TriggerType=%s and original TriggerType=%s',
triggertype_db, old_triggertype_db)
triggertype_api = TriggerTypeAPI.from_model(triggertype_db)
LOG.debug('PUT /triggertypes/ client_result=%s', triggertype_api)
return triggertype_api
def delete(self, ref_or_id, requester_user):
"""
Delete a policy.
Handles requests:
POST /policies/1?_method=delete
DELETE /policies/1
DELETE /policies/mypack.mypolicy
"""
op = "DELETE /policies/%s/" % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug("%s found object: %s", op, db_model)
permission_type = PermissionType.POLICY_DELETE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=db_model,
permission_type=permission_type,
)
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception("%s unable to delete object from system pack.", op)
abort(http_client.BAD_REQUEST, six.text_type(e))
try:
self.access.delete(db_model)
except Exception as e:
LOG.exception("%s unable to delete object: %s", op, db_model)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
LOG.debug("%s deleted object: %s", op, db_model)
LOG.audit(
"Policy deleted. Policy.id=%s" % (db_model.id),
extra={"policy_db": db_model},
)
# return None
return Response(status=http_client.NO_CONTENT)
def put(self, sensor_type, ref_or_id, requester_user):
# Note: Right now this function only supports updating of "enabled"
# attribute on the SensorType model.
# The reason for that is that SensorTypeAPI.to_model right now only
# knows how to work with sensor type definitions from YAML files.
sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
permission_type = PermissionType.SENSOR_MODIFY
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=sensor_type_db,
permission_type=permission_type)
sensor_type_id = sensor_type_db.id
try:
validate_not_part_of_system_pack(sensor_type_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, six.text_type(e))
return
if not getattr(sensor_type, 'pack', None):
sensor_type.pack = sensor_type_db.pack
try:
old_sensor_type_db = sensor_type_db
sensor_type_db.id = sensor_type_id
sensor_type_db.enabled = getattr(sensor_type, 'enabled', False)
sensor_type_db = SensorType.add_or_update(sensor_type_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update sensor_type data=%s', sensor_type)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
extra = {
'old_sensor_type_db': old_sensor_type_db,
'new_sensor_type_db': sensor_type_db
}
LOG.audit('Sensor updated. Sensor.id=%s.' % (sensor_type_db.id), extra=extra)
sensor_type_api = SensorTypeAPI.from_model(sensor_type_db)
return sensor_type_api
def put(self, ref_or_id, sensor_type):
# Note: Right now this function only supports updating of "enabled"
# attribute on the SensorType model.
# The reason for that is that SensorTypeAPI.to_model right now only
# knows how to work with sensor type definitions from YAML files.
try:
sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
sensor_type_id = sensor_type_db.id
try:
validate_not_part_of_system_pack(sensor_type_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
return
if not getattr(sensor_type, 'pack', None):
sensor_type.pack = sensor_type_db.pack
try:
old_sensor_type_db = sensor_type_db
sensor_type_db.id = sensor_type_id
sensor_type_db.enabled = getattr(sensor_type, 'enabled', False)
sensor_type_db = SensorType.add_or_update(sensor_type_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update sensor_type data=%s', sensor_type)
abort(http_client.BAD_REQUEST, str(e))
return
extra = {
'old_sensor_type_db': old_sensor_type_db,
'new_sensor_type_db': sensor_type_db
}
LOG.audit('Sensor updated. Sensor.id=%s.' % (sensor_type_db.id),
extra=extra)
sensor_type_api = SensorTypeAPI.from_model(sensor_type_db)
return sensor_type_api
def put(self, action_ref_or_id, action):
action_db = self._get_by_ref_or_id(ref_or_id=action_ref_or_id)
# Assert permissions
action_id = action_db.id
if not getattr(action, 'pack', None):
action.pack = action_db.pack
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
# Write pack data files to disk (if any are provided)
data_files = getattr(action, 'data_files', [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_name=action.pack,
data_files=data_files)
try:
action_db = ActionAPI.to_model(action)
LOG.debug('/actions/ PUT incoming action: %s', action_db)
action_db.id = action_id
action_db = Action.add_or_update(action_db)
LOG.debug('/actions/ PUT after add_or_update: %s', action_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update action data=%s', action)
abort(http_client.BAD_REQUEST, str(e))
return
# Dispatch an internal trigger for each written data file. This way user
# automate comitting this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(
action_db=action_db, written_data_files=written_data_files)
action_api = ActionAPI.from_model(action_db)
LOG.debug('PUT /actions/ client_result=%s', action_api)
return action_api
def put(self, ref_or_id, sensor_type):
# Note: Right now this function only supports updating of "enabled"
# attribute on the SensorType model.
# The reason for that is that SensorTypeAPI.to_model right now only
# knows how to work with sensor type definitions from YAML files.
try:
sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
sensor_type_id = sensor_type_db.id
try:
validate_not_part_of_system_pack(sensor_type_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
return
if not getattr(sensor_type, 'pack', None):
sensor_type.pack = sensor_type_db.pack
try:
old_sensor_type_db = sensor_type_db
sensor_type_db.id = sensor_type_id
sensor_type_db.enabled = getattr(sensor_type, 'enabled', False)
sensor_type_db = SensorType.add_or_update(sensor_type_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update sensor_type data=%s', sensor_type)
abort(http_client.BAD_REQUEST, str(e))
return
extra = {
'old_sensor_type_db': old_sensor_type_db,
'new_sensor_type_db': sensor_type_db
}
LOG.audit('Sensor updated. Sensor.id=%s.' % (sensor_type_db.id), extra=extra)
sensor_type_api = SensorTypeAPI.from_model(sensor_type_db)
return sensor_type_api
def put(self, action_ref_or_id, action):
action_db = self._get_by_ref_or_id(ref_or_id=action_ref_or_id)
# Assert permissions
action_id = action_db.id
if not getattr(action, 'pack', None):
action.pack = action_db.pack
# Perform validation
validate_not_part_of_system_pack(action)
action_validator.validate_action(action)
# Write pack data files to disk (if any are provided)
data_files = getattr(action, 'data_files', [])
written_data_files = []
if data_files:
written_data_files = self._handle_data_files(pack_name=action.pack,
data_files=data_files)
try:
action_db = ActionAPI.to_model(action)
action_db.id = action_id
action_db = Action.add_or_update(action_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update action data=%s', action)
abort(http_client.BAD_REQUEST, str(e))
return
# Dispatch an internal trigger for each written data file. This way user
# automate comitting this files to git using StackStorm rule
if written_data_files:
self._dispatch_trigger_for_written_data_files(action_db=action_db,
written_data_files=written_data_files)
action_api = ActionAPI.from_model(action_db)
LOG.debug('PUT /actions/ client_result=%s', action_api)
return action_api
def put(self, instance, ref_or_id, requester_user):
op = 'PUT /policies/%s/' % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug('%s found object: %s', op, db_model)
permission_type = PermissionType.POLICY_MODIFY
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=db_model,
permission_type=permission_type)
db_model_id = db_model.id
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception('%s unable to update object from system pack.', op)
abort(http_client.BAD_REQUEST, six.text_type(e))
if not getattr(instance, 'pack', None):
instance.pack = db_model.pack
try:
db_model = self.model.to_model(instance)
db_model.id = db_model_id
db_model = self.access.add_or_update(db_model)
except (ValidationError, ValueError) as e:
LOG.exception('%s unable to update object: %s', op, db_model)
abort(http_client.BAD_REQUEST, six.text_type(e))
return
LOG.debug('%s updated object: %s', op, db_model)
LOG.audit('Policy updated. Policy.id=%s' % (db_model.id), extra={'policy_db': db_model})
exec_result = self.model.from_model(db_model)
return Response(json=exec_result, status=http_client.OK)
def delete(self, ref_or_id, requester_user):
"""
Delete an action.
Handles requests:
POST /actions/1?_method=delete
DELETE /actions/1
DELETE /actions/mypack.myaction
"""
action_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
action_id = action_db.id
permission_type = PermissionType.ACTION_DELETE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=action_db,
permission_type=permission_type)
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, six.text_type(e))
LOG.debug('DELETE /actions/ lookup with ref_or_id=%s found object: %s',
ref_or_id, action_db)
try:
Action.delete(action_db)
except Exception as e:
LOG.error('Database delete encountered exception during delete of id="%s". '
'Exception was %s', action_id, e)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
extra = {'action_db': action_db}
LOG.audit('Action deleted. Action.id=%s' % (action_db.id), extra=extra)
return Response(status=http_client.NO_CONTENT)
def delete(self, ref_or_id, requester_user):
"""
Delete a policy.
Handles requests:
POST /policies/1?_method=delete
DELETE /policies/1
DELETE /policies/mypack.mypolicy
"""
op = 'DELETE /policies/%s/' % ref_or_id
db_model = self._get_by_ref_or_id(ref_or_id=ref_or_id)
LOG.debug('%s found object: %s', op, db_model)
permission_type = PermissionType.POLICY_DELETE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=db_model,
permission_type=permission_type)
try:
validate_not_part_of_system_pack(db_model)
except ValueValidationException as e:
LOG.exception('%s unable to delete object from system pack.', op)
abort(http_client.BAD_REQUEST, six.text_type(e))
try:
self.access.delete(db_model)
except Exception as e:
LOG.exception('%s unable to delete object: %s', op, db_model)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
LOG.debug('%s deleted object: %s', op, db_model)
LOG.audit('Policy deleted. Policy.id=%s' % (db_model.id), extra={'policy_db': db_model})
# return None
return Response(status=http_client.NO_CONTENT)
def put(self, action_ref_or_id, action):
try:
action_db = self._get_by_ref_or_id(ref_or_id=action_ref_or_id)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
action_id = action_db.id
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
if not getattr(action, 'pack', None):
action.pack = action_db.pack
try:
action_validator.validate_action(action)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, str(e))
return
try:
action_db = ActionAPI.to_model(action)
action_db.id = action_id
action_db = Action.add_or_update(action_db)
except (ValidationError, ValueError) as e:
LOG.exception('Unable to update action data=%s', action)
abort(http_client.BAD_REQUEST, str(e))
return
action_api = ActionAPI.from_model(action_db)
LOG.debug('PUT /actions/ client_result=%s', action_api)
return action_api
def delete(self, options, ref_or_id, requester_user):
"""
Delete an action.
Handles requests:
POST /actions/1?_method=delete
DELETE /actions/1
DELETE /actions/mypack.myaction
"""
action_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
action_id = action_db.id
permission_type = PermissionType.ACTION_DELETE
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=action_db,
permission_type=permission_type,
)
try:
validate_not_part_of_system_pack(action_db)
except ValueValidationException as e:
abort(http_client.BAD_REQUEST, six.text_type(e))
LOG.debug(
"DELETE /actions/ lookup with ref_or_id=%s found object: %s",
ref_or_id,
action_db,
)
pack_name = action_db["pack"]
entry_point = action_db["entry_point"]
metadata_file = action_db["metadata_file"]
try:
Action.delete(action_db)
except Exception as e:
LOG.error(
'Database delete encountered exception during delete of id="%s". '
"Exception was %s",
action_id,
e,
)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
if options.remove_files:
try:
delete_action_files_from_pack(
pack_name=pack_name,
entry_point=entry_point,
metadata_file=metadata_file,
)
except PermissionError as e:
LOG.error("No permission to delete resource files from disk.")
action_db.id = None
Action.add_or_update(action_db)
abort(http_client.FORBIDDEN, six.text_type(e))
return
except Exception as e:
LOG.error(
"Exception encountered during deleting resource files from disk. "
"Exception was %s",
e,
)
action_db.id = None
Action.add_or_update(action_db)
abort(http_client.INTERNAL_SERVER_ERROR, six.text_type(e))
return
extra = {"action_db": action_db}
LOG.audit("Action deleted. Action.id=%s" % (action_db.id), extra=extra)
return Response(status=http_client.NO_CONTENT)
