Skip to content

Commit

Permalink
move to one annotating function for policy results
Browse files Browse the repository at this point in the history
Erez Freiberger committed Oct 25, 2017
1 parent 803fbfd commit 7334216
Showing 4 changed files with 12 additions and 20 deletions.
19 changes: 5 additions & 14 deletions app/models/miq_action.rb
Original file line number Diff line number Diff line change
@@ -724,41 +724,32 @@ def action_container_image_analyze(action, rec, inputs)
rec.scan
end

def action_container_image_annotate_allow_execution(action, rec, inputs)
def action_container_image_annotate_scan_results(action, rec, inputs)
MiqPolicy.logger.info("MIQ(#{__method__}): Now executing [#{action.description}]")
openshift_container_image_annotate_method(action, rec, inputs, "annotate_allow_execution")
end

def action_container_image_annotate_deny_execution(action, rec, inputs)
MiqPolicy.logger.info("MIQ(#{__method__}): Now executing [#{action.description}]")
openshift_container_image_annotate_method(action, rec, inputs, "annotate_deny_execution")
end

def openshift_container_image_annotate_method(action, rec, inputs, method_name)
error_prefix = "MIQ(#{__method__}): Unable to perform action [#{action.description}], "
unless rec.kind_of?(ContainerImage)
MiqPolicy.logger.error("#{error_prefix} object [#{rec.inspect}] is not a Container Image")
return
end

unless rec.respond_to?(:annotate_deny_execution)
unless rec.respond_to?(:annotate_scan_policy_results)
MiqPolicy.logger.error("#{error_prefix} ContainerImage is not linked with an OpenShift image")
return
end

if inputs[:synchronous]
MiqPolicy.logger.info("MIQ(#{__method__}): Now executing [#{action.description}] for event "\
"[#{inputs[:event].description}]")
rec.send(method_name.to_sym, inputs[:policy].name)
rec.annotate_scan_policy_results(inputs[:policy].name, inputs[:result])
else
MiqPolicy.logger.info("MIQ(#{__method__}): Queueing [#{action.description}] for event "\
"[#{inputs[:event].description}]")
MiqQueue.submit_job(
:service => "ems_operations",
:affinity => rec.ext_management_system,
:class_name => rec.class.name,
:method_name => method_name,
:args => inputs[:policy].name,
:method_name => :annotate_scan_policy_results,
:args => [inputs[:policy].name, inputs[:result]],
:instance_id => rec.id,
:priority => MiqQueue::HIGH_PRIORITY,
)
1 change: 1 addition & 0 deletions db/fixtures/miq_actions.csv
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@ prevent,Prevent current event from proceeding
container_image_analyze,Initiate SmartState Analysis for Container Image
container_image_annotate_deny_execution,Prevent container image from running on OpenShift
container_image_annotate_allow_execution,Mark container image as safe for running on OpenShift
container_image_annotate_scan_results,Annotate image with scan results and execution prevention status
vm_start,Start Virtual Machine
vm_stop,Stop Virtual Machine
vm_suspend,Suspend Virtual Machine
8 changes: 4 additions & 4 deletions db/fixtures/miq_policy_sets.yml
Original file line number Diff line number Diff line change
@@ -50,8 +50,8 @@
default:
enabled:
MiqAction:
name: container_image_annotate_deny_execution
description: Prevent container image from running on OpenShift
name: container_image_annotate_scan_results
description: Annotate image with scan results and execution prevention status
action_type: default
options: {}
- qualifier: success
@@ -65,8 +65,8 @@
default:
enabled:
MiqAction:
name: container_image_annotate_allow_execution
description: Mark container image as safe for running on OpenShift
name: container_image_annotate_scan_results
description: Annotate image with scan results and execution prevention status
action_type: default
options: {}
Condition:
4 changes: 2 additions & 2 deletions spec/models/miq_action_spec.rb
Original file line number Diff line number Diff line change
@@ -218,14 +218,14 @@
end
end

context "#action_container_image_annotate_deny_execution" do
context "#action_container_image_annotate_scan_results" do
let(:container_image) { FactoryGirl.create(:container_image) }
let(:event) { FactoryGirl.create(:miq_event_definition, :name => "whatever") }
let(:action) { FactoryGirl.create(:miq_action, :name => "container_image_annotate_deny_execution") }

it "will not annotate if the method is unavailable" do
expect(MiqQueue).to receive(:put).exactly(0).times
action.action_container_image_annotate_deny_execution(action, container_image, :event => event)
action.action_container_image_annotate_scan_results(action, container_image, :event => event)
end
end

0 comments on commit 7334216

Please sign in to comment.