Prevents critical apps from being deleted.

If an app has a metadata stating deletion is prevented then system
application-delete will be rejected

Story: 2007960
Task: 41882
Signed-off-by: Suvro Ghosh <suvrojeet.ghosh@windriver.com>
Change-Id: I4401d3af6e7af354783edc945c1a5cdb72c1d0a1
This commit is contained in:
Suvro Ghosh 2021-02-11 13:40:47 -05:00
parent 663c8b67b3
commit b27f224803
5 changed files with 30 additions and 3 deletions

View File

@ -26,7 +26,7 @@ from sysinv.common import exception
from sysinv.common import utils as cutils
from sysinv.common import kubernetes
from sysinv.helm.lifecycle_hook import LifecycleHookInfo
from sysinv.openstack.common.rpc import common as rpc_common
import cgcs_patch.constants as patch_constants
LOG = log.getLogger(__name__)
@ -515,6 +515,9 @@ class KubeAppController(rest.RestController):
constants.APP_DELETE_OP)
self._app_lifecycle_actions(db_app,
lifecycle_hook_info)
except rpc_common.RemoteError as e:
raise wsme.exc.ClientSideError(_(
"Application-delete rejected: " + str(e.value)))
except Exception as e:
raise wsme.exc.ClientSideError(_(
"Application-delete rejected: " + str(e.message)))

View File

@ -1590,7 +1590,7 @@ APP_METADATA_FILTERS = 'filters'
APP_METADATA_FILTER_FIELD = 'filter_field'
APP_METADATA_PLATFORM_MANAGED_APP = 'platform_managed_app'
APP_METADATA_DESIRED_STATE = 'desired_state'
APP_METADATA_FORBIDDEN_MANUAL_OPERATIONS = 'forbidden_manual_operations'
APP_EVALUATE_REAPPLY_TYPE_HOST_ADD = 'host-add'
APP_EVALUATE_REAPPLY_TYPE_HOST_DELETE = 'host-delete'
APP_EVALUATE_REAPPLY_TYPE_HOST_REINSTALL = REINSTALL_ACTION

View File

@ -1540,5 +1540,9 @@ class LifecycleSemanticCheckException(SysinvException):
message = _("Semantic check hook for app failed.")
class LifecycleSemanticCheckOpererationBlocked(SysinvException):
message = _("%(op)s is disabled for this version of %(app)s")
class LifecycleMissingInfo(SysinvException):
message = _("Lifecycle hook missing information.")

View File

@ -12035,7 +12035,11 @@ class ConductorManager(service.PeriodicService):
LOG.debug("app_lifecycle_actions for app "
"{}, {}".format(rpc_app.name, hook_info))
self._app.app_lifecycle_actions(context, self, rpc_app, hook_info)
try:
self._app.app_lifecycle_actions(context, self, rpc_app, hook_info)
except exception.LifecycleSemanticCheckOpererationBlocked as e:
LOG.info("Metadata-evaluation: {}".format(e))
raise
def perform_app_upload(self, context, rpc_app, tarfile, lifecycle_hook_info_app_upload):
"""Handling of application upload request (via AppOperator)

View File

@ -44,6 +44,22 @@ class AppLifecycleOperator(object):
# To reject the reapply evaluation an app can override this
# hook and raise exception.LifecycleSemanticCheckException
pass
# Check if it is a delete operation
elif hook_info.operation == constants.APP_DELETE_OP:
try:
# Store the forbidden operations in a list
forbidden = conductor_obj.apps_metadata[
constants.APP_METADATA_APPS][app.name][
constants.APP_METADATA_BEHAVIOR][
constants.APP_METADATA_FORBIDDEN_MANUAL_OPERATIONS]
except KeyError:
pass
else:
# Check if deletion is a forbidden operation
if constants.APP_DELETE_OP in forbidden:
raise exception.LifecycleSemanticCheckOpererationBlocked(
op=constants.APP_DELETE_OP.capitalize(),
app=app.name)
# TODO(dvoicule) remove once each app has its lifecycle operator and takes care of its rbd
# this is here to keep the same functionality while decoupling