Merge pull request ManageIQ#15031 from enoodle/container_ssa_annotate…

…_success Container ssa annotate success
juliancheal · Nov 20, 2017 · 9835af3 · 9835af3
2 parents 2a3700b + 7334216
commit 9835af3
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 9 deletions.
diff --git a/app/models/miq_action.rb b/app/models/miq_action.rb
@@ -724,31 +724,32 @@ def action_container_image_analyze(action, rec, inputs)
     rec.scan
   end
 
-  def action_container_image_annotate_deny_execution(action, rec, inputs)
+  def action_container_image_annotate_scan_results(action, rec, inputs)
+    MiqPolicy.logger.info("MIQ(#{__method__}): Now executing  [#{action.description}]")
     error_prefix = "MIQ(#{__method__}): Unable to perform action [#{action.description}], "
     unless rec.kind_of?(ContainerImage)
       MiqPolicy.logger.error("#{error_prefix} object [#{rec.inspect}] is not a Container Image")
       return
     end
 
-    unless rec.respond_to?(:annotate_deny_execution)
+    unless rec.respond_to?(:annotate_scan_policy_results)
       MiqPolicy.logger.error("#{error_prefix} ContainerImage is not linked with an OpenShift image")
       return
     end
 
     if inputs[:synchronous]
       MiqPolicy.logger.info("MIQ(#{__method__}): Now executing  [#{action.description}] for event "\
                             "[#{inputs[:event].description}]")
-      rec.annotate_deny_execution(inputs[:policy].name)
+      rec.annotate_scan_policy_results(inputs[:policy].name, inputs[:result])
     else
       MiqPolicy.logger.info("MIQ(#{__method__}): Queueing [#{action.description}] for event "\
                             "[#{inputs[:event].description}]")
       MiqQueue.submit_job(
         :service     => "ems_operations",
         :affinity    => rec.ext_management_system,
         :class_name  => rec.class.name,
-        :method_name => "annotate_deny_execution",
-        :args        => inputs[:policy].name,
+        :method_name => :annotate_scan_policy_results,
+        :args        => [inputs[:policy].name, inputs[:result]],
         :instance_id => rec.id,
         :priority    => MiqQueue::HIGH_PRIORITY,
       )

diff --git a/db/fixtures/miq_actions.csv b/db/fixtures/miq_actions.csv
@@ -11,6 +11,8 @@ script,Execute an external script
 prevent,Prevent current event from proceeding
 container_image_analyze,Initiate SmartState Analysis for Container Image
 container_image_annotate_deny_execution,Prevent container image from running on OpenShift
+container_image_annotate_allow_execution,Mark container image as safe for running on OpenShift
+container_image_annotate_scan_results,Annotate image with scan results and execution prevention status
 vm_start,Start Virtual Machine
 vm_stop,Stop Virtual Machine
 vm_suspend,Suspend Virtual Machine

diff --git a/db/fixtures/miq_policy_sets.yml b/db/fixtures/miq_policy_sets.yml
@@ -50,8 +50,23 @@
           default:
           enabled:
         MiqAction:
-          name: container_image_annotate_deny_execution
-          description: Prevent container image from running on OpenShift
+          name: container_image_annotate_scan_results
+          description: Annotate image with scan results and execution prevention status
+          action_type: default
+          options: {}
+      - qualifier: success
+        success_sequence: 1
+        success_synchronous: true
+        MiqEventDefinition:
+          name: containerimage_compliance_check
+          description: Container Image Compliance Check
+          event_type: Default
+          definition:
+          default:
+          enabled:
+        MiqAction:
+          name: container_image_annotate_scan_results
+          description: Annotate image with scan results and execution prevention status
           action_type: default
           options: {}
       Condition:

diff --git a/spec/models/miq_action_spec.rb b/spec/models/miq_action_spec.rb
@@ -218,14 +218,14 @@
     end
   end
 
-  context "#action_container_image_annotate_deny_execution" do
+  context "#action_container_image_annotate_scan_results" do
     let(:container_image) { FactoryGirl.create(:container_image) }
     let(:event) { FactoryGirl.create(:miq_event_definition, :name => "whatever") }
     let(:action) { FactoryGirl.create(:miq_action, :name => "container_image_annotate_deny_execution") }
 
     it "will not annotate if the method is unavailable" do
       expect(MiqQueue).to receive(:put).exactly(0).times
-      action.action_container_image_annotate_deny_execution(action, container_image, :event => event)
+      action.action_container_image_annotate_scan_results(action, container_image, :event => event)
     end
   end