Merge "Don't create multiple trust IDs per alarm"
This commit is contained in:
commit
5363ff8500
@ -386,6 +386,16 @@ class Alarm(base.Base):
|
|||||||
def _is_trust_url(url):
|
def _is_trust_url(url):
|
||||||
return url.scheme.startswith('trust+')
|
return url.scheme.startswith('trust+')
|
||||||
|
|
||||||
|
def _get_existing_trust_ids(self):
|
||||||
|
for action in itertools.chain(self.ok_actions or [],
|
||||||
|
self.alarm_actions or [],
|
||||||
|
self.insufficient_data_actions or []):
|
||||||
|
url = netutils.urlsplit(action)
|
||||||
|
if self._is_trust_url(url):
|
||||||
|
trust_id = url.username
|
||||||
|
if trust_id and url.password == 'delete':
|
||||||
|
yield trust_id
|
||||||
|
|
||||||
def update_actions(self, old_alarm=None):
|
def update_actions(self, old_alarm=None):
|
||||||
trustor_user_id = pecan.request.headers.get('X-User-Id')
|
trustor_user_id = pecan.request.headers.get('X-User-Id')
|
||||||
trustor_project_id = pecan.request.headers.get('X-Project-Id')
|
trustor_project_id = pecan.request.headers.get('X-Project-Id')
|
||||||
@ -395,46 +405,48 @@ class Alarm(base.Base):
|
|||||||
else:
|
else:
|
||||||
roles = []
|
roles = []
|
||||||
auth_plugin = pecan.request.environ.get('keystone.token_auth')
|
auth_plugin = pecan.request.environ.get('keystone.token_auth')
|
||||||
|
|
||||||
|
if old_alarm:
|
||||||
|
prev_trust_ids = set(old_alarm._get_existing_trust_ids())
|
||||||
|
else:
|
||||||
|
prev_trust_ids = set()
|
||||||
|
trust_id = prev_trust_ids.pop() if prev_trust_ids else None
|
||||||
|
trust_id_used = False
|
||||||
|
|
||||||
for actions in (self.ok_actions, self.alarm_actions,
|
for actions in (self.ok_actions, self.alarm_actions,
|
||||||
self.insufficient_data_actions):
|
self.insufficient_data_actions):
|
||||||
if actions is not None:
|
if actions is not None:
|
||||||
for index, action in enumerate(actions[:]):
|
for index, action in enumerate(actions[:]):
|
||||||
url = netutils.urlsplit(action)
|
url = netutils.urlsplit(action)
|
||||||
if self._is_trust_url(url):
|
if self._is_trust_url(url):
|
||||||
if '@' not in url.netloc:
|
if '@' in url.netloc:
|
||||||
|
continue
|
||||||
|
if trust_id is None:
|
||||||
# We have a trust action without a trust ID,
|
# We have a trust action without a trust ID,
|
||||||
# create it
|
# create it
|
||||||
trust_id = keystone_client.create_trust_id(
|
trust_id = keystone_client.create_trust_id(
|
||||||
pecan.request.cfg,
|
pecan.request.cfg,
|
||||||
trustor_user_id, trustor_project_id, roles,
|
trustor_user_id, trustor_project_id, roles,
|
||||||
auth_plugin)
|
auth_plugin)
|
||||||
netloc = '%s:delete@%s' % (trust_id, url.netloc)
|
if trust_id_used:
|
||||||
url = list(url)
|
pw = ''
|
||||||
url[1] = netloc
|
else:
|
||||||
actions[index] = urlparse.urlunsplit(url)
|
pw = ':delete'
|
||||||
if old_alarm:
|
trust_id_used = True
|
||||||
new_actions = list(itertools.chain(
|
netloc = '%s%s@%s' % (trust_id, pw, url.netloc)
|
||||||
self.ok_actions or [],
|
url = urlparse.SplitResult(url.scheme, netloc,
|
||||||
self.alarm_actions or [],
|
url.path, url.query,
|
||||||
self.insufficient_data_actions or []))
|
url.fragment)
|
||||||
for action in itertools.chain(
|
actions[index] = url.geturl()
|
||||||
old_alarm.ok_actions or [],
|
if trust_id is not None and not trust_id_used:
|
||||||
old_alarm.alarm_actions or [],
|
prev_trust_ids.add(trust_id)
|
||||||
old_alarm.insufficient_data_actions or []):
|
for old_trust_id in prev_trust_ids:
|
||||||
if action not in new_actions:
|
keystone_client.delete_trust_id(old_trust_id, auth_plugin)
|
||||||
self.delete_trust(action)
|
|
||||||
|
|
||||||
def delete_actions(self):
|
def delete_actions(self):
|
||||||
for action in itertools.chain(self.ok_actions or [],
|
|
||||||
self.alarm_actions or [],
|
|
||||||
self.insufficient_data_actions or []):
|
|
||||||
self.delete_trust(action)
|
|
||||||
|
|
||||||
def delete_trust(self, action):
|
|
||||||
auth_plugin = pecan.request.environ.get('keystone.token_auth')
|
auth_plugin = pecan.request.environ.get('keystone.token_auth')
|
||||||
url = netutils.urlsplit(action)
|
for trust_id in self._get_existing_trust_ids():
|
||||||
if self._is_trust_url(url) and url.password:
|
keystone_client.delete_trust_id(trust_id, auth_plugin)
|
||||||
keystone_client.delete_trust_id(url.username, auth_plugin)
|
|
||||||
|
|
||||||
|
|
||||||
Alarm.add_attributes(**{"%s_rule" % ext.name: ext.plugin
|
Alarm.add_attributes(**{"%s_rule" % ext.name: ext.plugin
|
||||||
|
Loading…
Reference in New Issue
Block a user