Merge pull request ManageIQ#14370 from lfu/prevent_request_vm_scan_14…

…33084 Add the logic to allow a policy to prevent request_vm_scan. (cherry picked from commit 83a1785) https://bugzilla.redhat.com/show_bug.cgi?id=1433435 (cherry picked from commit 22250ed)
agrare · Mar 17, 2017 · 9f3498c · 9f3498c
1 parent 714f1d4
commit 9f3498c
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 33 deletions.
diff --git a/app/models/vm_or_template/scanning.rb b/app/models/vm_or_template/scanning.rb
@@ -19,6 +19,10 @@ def scan(userid = "system", options = {})
       return nil
     end
 
+    check_policy_prevent(:request_vm_scan, :raw_scan, userid, options)
+  end
+
+  def raw_scan(userid = "system", options = {})
     options = {
       :target_id    => id,
       :target_class => self.class.base_class.name,
@@ -30,23 +34,13 @@ def scan(userid = "system", options = {})
 
     _log.info "NAME [#{options[:name]}] SCAN [#{options[:categories].inspect}] [#{options[:categories].class}]"
 
-    begin
-      inputs = {:vm => self, :host => host}
-      MiqEvent.raise_evm_job_event(self, {:type => "scan", :prefix => "request"}, inputs)
-    rescue => err
-      _log.warn("NAME [#{options[:name]}] #{err.message}")
-      return
-    end
-
-    begin
-      self.last_scan_attempt_on = Time.now.utc
-      save
-      job = Job.create_job("VmScan", options)
-      return job
-    rescue => err
-      _log.log_backtrace(err)
-      raise
-    end
+    self.last_scan_attempt_on = Time.now.utc
+    save
+    job = Job.create_job("VmScan", options)
+    return job
+  rescue => err
+    _log.log_backtrace(err)
+    raise
   end
 
   #

diff --git a/spec/models/job_proxy_dispatcher_embedded_scan_spec.rb b/spec/models/job_proxy_dispatcher_embedded_scan_spec.rb
@@ -63,7 +63,7 @@ def assert_at_most_x_scan_jobs_per_y_resource(x_scans, y_resource)
         before(:each) do
           allow(MiqVimBrokerWorker).to receive(:available_in_zone?).and_return(true)
 
-          @jobs = @vms.collect(&:scan)
+          @jobs = @vms.collect(&:raw_scan)
         end
 
         context "and embedded scans on ems" do

diff --git a/spec/models/job_proxy_dispatcher_get_eligible_proxies_for_job_spec.rb b/spec/models/job_proxy_dispatcher_get_eligible_proxies_for_job_spec.rb
@@ -19,7 +19,7 @@
 
       context "with a vm scan job, " do
         before(:each) do
-          @job = @vm.scan
+          @job = @vm.raw_scan
           @jpd.instance_of?(JobProxyDispatcher) ? @jpd.instance_variable_set(:@vm, @vm) : @jpd.send(:class_variable_set, :@@vm, @vm)
           @jpd.instance_variable_set(:@vm, @vm)
         end

diff --git a/spec/models/job_proxy_dispatcher_spec.rb b/spec/models/job_proxy_dispatcher_spec.rb
@@ -64,7 +64,7 @@
             @vm = @vms.first
             @vm.storage = nil
             @vm.save
-            @vm.scan
+            @vm.raw_scan
           end
 
           it "should expect queue_signal and dispatch without errors" do
@@ -82,7 +82,7 @@
             @vm.storage = nil
             @vm.vendor = "microsoft"
             @vm.save
-            @vm.scan
+            @vm.raw_scan
           end
 
           it "should run dispatch without calling queue_signal" do
@@ -99,7 +99,7 @@
             @vm.storage.store_type = "CSVFS"
             @vm.vendor = "microsoft"
             @vm.save
-            @vm.scan
+            @vm.raw_scan
           end
 
           it "should run dispatch without calling queue_signal" do
@@ -116,7 +116,7 @@
             @vm.storage.store_type = "XFS"
             @vm.vendor = "microsoft"
             @vm.save
-            @vm.scan
+            @vm.raw_scan
           end
 
           it "should expect queue_signal and dispatch without errors" do
@@ -142,7 +142,7 @@
             cfg.config.store_path(:repository_scanning, :defaultsmartproxy, @repo_proxy.id)
             allow(VMDB::Config).to receive(:new).and_return(cfg)
           end
-          @jobs = (@vms + @repo_vms).collect(&:scan)
+          @jobs = (@vms + @repo_vms).collect(&:raw_scan)
         end
 
         # Don't run these tests if we only want to run dispatch for load testing
@@ -177,7 +177,7 @@
 
     context "with container and vms jobs" do
       before(:each) do
-        @jobs = (@vms + @repo_vms).collect(&:scan)
+        @jobs = (@vms + @repo_vms).collect(&:raw_scan)
         @jobs += @container_images.map { |img| img.ext_management_system.raw_scan_job_create(img) }
         @dispatcher = JobProxyDispatcher.new
       end
@@ -258,15 +258,15 @@
 
     describe "#active_vm_scans_by_zone" do
       it "returns active vm scans for this zone" do
-        job = @vms.first.scan
+        job = @vms.first.raw_scan
         dispatcher = JobProxyDispatcher.new
         dispatcher.instance_variable_set(:@zone, MiqServer.my_zone) # memoized during pending_jobs call
         job.update(:dispatch_status => "active")
         expect(dispatcher.active_vm_scans_by_zone[job.zone]).to eq(1)
       end
 
       it "returns 0 for active vm scan for other zones" do
-        job = @vms.first.scan
+        job = @vms.first.raw_scan
         dispatcher = JobProxyDispatcher.new
         dispatcher.instance_variable_set(:@zone, MiqServer.my_zone) # memoized during pending_jobs call
         job.update(:dispatch_status => "active")

diff --git a/spec/models/job_proxy_dispatcher_vm_proxies4job_spec.rb b/spec/models/job_proxy_dispatcher_vm_proxies4job_spec.rb
@@ -66,7 +66,7 @@
 
       context "with a vm scan job, with no eligible proxies, " do
         before(:each) do
-          @job = @vm.scan
+          @job = @vm.raw_scan
           allow(@vm).to receive_messages(:storage2proxies => [])
           allow(@vm).to receive_messages(:storage2activeproxies => [])
         end

diff --git a/spec/models/job_spec.rb b/spec/models/job_spec.rb
@@ -13,7 +13,7 @@
       @schedule_worker_settings = MiqScheduleWorker.worker_settings
 
       @vm       = FactoryGirl.create(:vm_vmware, :ems_id => @ems.id, :host_id => @host.id)
-      @job      = @vm.scan
+      @job      = @vm.raw_scan
     end
 
     context "where job is dispatched but never started" do
@@ -126,7 +126,7 @@
         @zone2     = FactoryGirl.create(:zone, :name => "Zone 2")
         @ems2      = FactoryGirl.create(:ems_vmware, :zone => @zone2, :name => "Test EMS 2")
         @vm2       = FactoryGirl.create(:vm_vmware, :ems_id => @ems2.id)
-        @job2      = @vm2.scan
+        @job2      = @vm2.raw_scan
         @job2.zone = @zone2.name
         description = "Snapshot for scan job: #{@job2.guid}, EVM Server build: #{build} #{scan_type} Server Time: #{Time.now.utc.iso8601}"
         @snapshot2 = FactoryGirl.create(:snapshot, :vm_or_template_id => @vm2.id, :name => 'EvmSnapshot', :description => description)

diff --git a/spec/models/vm_scan_spec.rb b/spec/models/vm_scan_spec.rb
@@ -23,8 +23,13 @@
       @ems_auth  = FactoryGirl.create(:authentication, :resource => @ems)
 
       allow(MiqEventDefinition).to receive_messages(:find_by_name => true)
-      @job = @vm.scan
-      MiqQueue.delete_all # clear the queue items that are not related to Vm scan testing
+      allow(MiqAeEngine).to receive_messages(:deliver => ['ok', 'sucess', MiqAeEngine::MiqAeWorkspaceRuntime.new])
+
+      @vm.scan
+      job_item = MiqQueue.find_by(:class_name => "MiqAeEngine", :method_name => "deliver")
+      job_item.delivered(*job_item.deliver)
+
+      @job = Job.first
     end
 
     it "should start in a state of waiting_to_start" do
@@ -207,7 +212,13 @@
           :evm_owner             => @user,
           :storage               => @storage
         )
-        job = template.scan
+
+        Job.destroy_all # clear the first job from before section
+        template.scan
+        job_item = MiqQueue.find_by(:class_name => "MiqAeEngine", :method_name => "deliver")
+        job_item.delivered(*job_item.deliver)
+
+        job = Job.first
 
         expect(MiqAeEvent).to receive(:raise_evm_event).with(
           "vm_scan_start",

diff --git a/spec/models/vm_spec.rb b/spec/models/vm_spec.rb
@@ -190,6 +190,41 @@
     end
   end
 
+  context "#scan" do
+    before do
+      EvmSpecHelper.create_guid_miq_server_zone
+      @host = FactoryGirl.create(:host_vmware)
+      @vm = FactoryGirl.create(
+        :vm_vmware,
+        :host      => @host,
+        :miq_group => FactoryGirl.create(:miq_group)
+      )
+      FactoryGirl.create(:miq_event_definition, :name => :request_vm_scan)
+      # admin user is needed to process Events
+      User.super_admin || FactoryGirl.create(:user_with_group, :userid => "admin")
+    end
+
+    it "policy passes" do
+      expect_any_instance_of(ManageIQ::Providers::Vmware::InfraManager::Vm).to receive(:raw_scan)
+
+      allow(MiqAeEngine).to receive_messages(:deliver => ['ok', 'sucess', MiqAeEngine::MiqAeWorkspaceRuntime.new])
+      @vm.scan
+      status, message, result = MiqQueue.first.deliver
+      MiqQueue.first.delivered(status, message, result)
+    end
+
+    it "policy prevented" do
+      expect_any_instance_of(ManageIQ::Providers::Vmware::InfraManager::Vm).to_not receive(:raw_scan)
+
+      event = {:attributes => {"full_data" => {:policy => {:prevented => true}}}}
+      allow_any_instance_of(MiqAeEngine::MiqAeWorkspaceRuntime).to receive(:get_obj_from_path).with("/").and_return(:event_stream => event)
+      allow(MiqAeEngine).to receive_messages(:deliver => ['ok', 'sucess', MiqAeEngine::MiqAeWorkspaceRuntime.new])
+      @vm.scan
+      status, message, _result = MiqQueue.first.deliver
+      MiqQueue.first.delivered(status, message, MiqAeEngine::MiqAeWorkspaceRuntime.new)
+    end
+  end
+
   it "#save_drift_state" do
     # TODO: Beef up with more data
     vm = FactoryGirl.create(:vm_vmware)