From d26ec21d5b577cf1deb158b22a82b20c769efd29 Mon Sep 17 00:00:00 2001
From: Lucy Fu <lufu@redhat.com>
Date: Tue, 4 Apr 2017 14:42:37 -0400
Subject: [PATCH 1/3] Expose event's target to automate.

---
 .../service_models/miq_ae_service_event_stream.rb                | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/miq_automation_engine/service_models/miq_ae_service_event_stream.rb b/lib/miq_automation_engine/service_models/miq_ae_service_event_stream.rb
index 4e39e344eee..1986cb2c4e4 100644
--- a/lib/miq_automation_engine/service_models/miq_ae_service_event_stream.rb
+++ b/lib/miq_automation_engine/service_models/miq_ae_service_event_stream.rb
@@ -9,6 +9,7 @@ class MiqAeServiceEventStream < MiqAeServiceModelBase
     expose :dest_vm,               :association => true, :method => :dest_vm_or_template
     expose :dest_host,             :association => true
     expose :service,               :association => true
+    expose :target,                :association => true
 
     def event_namespace
       object_class.name

From 25a6df9ecccd964da69befbd743227b73ba2b63b Mon Sep 17 00:00:00 2001
From: Lucy Fu <lufu@redhat.com>
Date: Tue, 4 Apr 2017 17:24:49 -0400
Subject: [PATCH 2/3] Add request_orchestration_stack_retire into events.

---
 db/fixtures/miq_event_definition_sets.csv | 3 ++-
 db/fixtures/miq_event_definitions.csv     | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/db/fixtures/miq_event_definition_sets.csv b/db/fixtures/miq_event_definition_sets.csv
index b5373ec24fc..b2f1c0f8c3b 100644
--- a/db/fixtures/miq_event_definition_sets.csv
+++ b/db/fixtures/miq_event_definition_sets.csv
@@ -8,6 +8,7 @@ vm_operational,VM Operation
 vm_configurational,VM Configuration
 vm_process,VM Lifecycle
 service_process,Service Lifecycle
+orchestration_process,Orchestration Lifecycle
 storage_operational,Datastore Operation
 auth_validation,Authentication Validation
-container_operations,Container Operation
\ No newline at end of file
+container_operations,Container Operation
diff --git a/db/fixtures/miq_event_definitions.csv b/db/fixtures/miq_event_definitions.csv
index 078a7f07202..d1d72f15c31 100644
--- a/db/fixtures/miq_event_definitions.csv
+++ b/db/fixtures/miq_event_definitions.csv
@@ -165,6 +165,11 @@ service_started,Service Started,Default,service_process
 request_service_stop,Service Stop Request,Default,service_process
 service_stopped,Service Stopped,Default,service_process
 
+#
+# Orchestration
+#
+request_orchestration_stack_retire,Orchestration Stack Retire Request,Default,orchestration_process
+
 #
 # Container Operations
 #

From 67db0f4ea62e09327ff34e3601087d8781681135 Mon Sep 17 00:00:00 2001
From: Lucy Fu <lufu@redhat.com>
Date: Tue, 4 Apr 2017 14:43:40 -0400
Subject: [PATCH 3/3] Add builtin method to check policy result for prevent
 action.

---
 .../miq_ae_engine/miq_ae_builtin_method.rb    |  8 ++++++++
 .../engine/miq_ae_builtin_method_spec.rb      | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 spec/lib/miq_automation_engine/engine/miq_ae_builtin_method_spec.rb

diff --git a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_builtin_method.rb b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_builtin_method.rb
index e8bb807a31b..49c2ee31ffc 100644
--- a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_builtin_method.rb
+++ b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_builtin_method.rb
@@ -153,6 +153,14 @@ def self.miq_event_enforce_policy(obj, _inputs)
       event_object_from_workspace(obj).process_evm_event
     end
 
+    def self.miq_check_policy_prevent(obj, _inputs)
+      event = event_object_from_workspace(obj)
+      if event.full_data && event.full_data[:policy][:prevented]
+        msg = "Event #{event.event_type} for #{event.target} was terminated: #{event.message}"
+        raise MiqAeException::StopInstantiation, msg
+      end
+    end
+
     def self.event_object_from_workspace(obj)
       event = obj.workspace.get_obj_from_path("/")['event_stream']
       raise MiqAeException::MethodParmMissing, "Event not specified" if event.nil?
diff --git a/spec/lib/miq_automation_engine/engine/miq_ae_builtin_method_spec.rb b/spec/lib/miq_automation_engine/engine/miq_ae_builtin_method_spec.rb
new file mode 100644
index 00000000000..5dde6218a5f
--- /dev/null
+++ b/spec/lib/miq_automation_engine/engine/miq_ae_builtin_method_spec.rb
@@ -0,0 +1,19 @@
+describe MiqAeEngine::MiqAeBuiltinMethod do
+  describe '.miq_check_policy_prevent' do
+    let(:event)     { FactoryGirl.create(:miq_event) }
+    let(:svc_event) { MiqAeMethodService::MiqAeServiceEventStream.find(event.id) }
+    let(:workspace) { double('WORKSPACE', :get_obj_from_path => { 'event_stream' => svc_event }) }
+    let(:obj)       { double('OBJ', :workspace => workspace) }
+
+    subject { described_class.send(:miq_check_policy_prevent, obj, {}) }
+
+    it 'with policy not prevented' do
+      expect { subject }.not_to raise_error
+    end
+
+    it 'with policy prevented' do
+      event.update_attributes(:full_data => {:policy => {:prevented => true}})
+      expect { subject }.to raise_error(MiqAeException::StopInstantiation)
+    end
+  end
+end