Update severity check and cert-alarm override

Updating check for user input in severity value, and alarm enabled/disabled. For the severity value updating the check and Logging when an user override exist. In case of alarm enabled/disabled changing the conditions to clear the existing alarms for the certificate when the user disable the alarm. Test Plan: PASS: Add user override in the certificate and check if the severity changes in the cert-alarm alarm. PASS: Add user override and check for the custom log warning that the cert-alarm will use now a user custom value for the severity. PASS: Disable the alarm for the certificate and check if all related alarms have been cleared. PASS: Change the field back to Enabled and check if all alarms is raised. Closes-Bug: 2002823 Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com> Change-Id: I032ef6e880fbede4422df360fdf560602fec95f8
2023-01-11 15:30:56 -03:00 · 2023-01-11 15:30:56 -03:00 · dfe5af1413
parent 6d1911c01f
commit dfe5af1413
3 changed files with 49 additions and 32 deletions
--- a/sysinv/sysinv/sysinv/sysinv/cert_alarm/audit.py
+++ b/sysinv/sysinv/sysinv/sysinv/cert_alarm/audit.py
@ -209,42 +209,44 @@ class CertAlarmAudit(object):
        else:
            threshold = alarm_before_days

-        if days_to_expiry > threshold:
+        is_alarm_enabled = self.alarm_override_check_passed(cert_name)
+
+        if is_alarm_enabled:
+            if days_to_expiry > threshold:
+                self.clear_expiring_soon(cert_name, entity_id)
+                self.clear_expired(cert_name, entity_id)
+            else:
+                if days_to_expiry < 0:
+                    # Expired. Clear expiring-soon & raise expired
+                    self.clear_expiring_soon(cert_name, entity_id)
+                    self.raise_expired(cert_name, entity_id)
+                else:
+                    self.clear_expired(cert_name, entity_id)
+                    self.clear_expiring_soon(cert_name, entity_id)
+                    self.raise_expiring_soon(cert_name, entity_id)
+        else:
            self.clear_expiring_soon(cert_name, entity_id)
            self.clear_expired(cert_name, entity_id)
-        else:
-            if days_to_expiry < 0:
-                # Expired. Clear expiring-soon & raise expired
-                self.clear_expiring_soon(cert_name, entity_id)
-                self.raise_expired(cert_name, entity_id)
-            else:
-                self.clear_expired(cert_name, entity_id)
-                self.clear_expiring_soon(cert_name, entity_id)
-                self.raise_expiring_soon(cert_name, entity_id)

    def raise_expiring_soon(self, cert_name, entity_id):
-        if self.alarm_override_check_passed(cert_name):
-            self.fm_obj.set_fault(entity_id,
-                                  fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
-                                  fm_constants.FM_ALARM_STATE_SET)
+        self.fm_obj.set_fault(entity_id,
+                              fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
+                              fm_constants.FM_ALARM_STATE_SET)

    def clear_expiring_soon(self, cert_name, entity_id):
-        if self.alarm_override_check_passed(cert_name):
-            self.fm_obj.set_fault(entity_id,
-                                  fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
-                                  fm_constants.FM_ALARM_STATE_CLEAR)
+        self.fm_obj.set_fault(entity_id,
+                              fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
+                              fm_constants.FM_ALARM_STATE_CLEAR)

    def raise_expired(self, cert_name, entity_id):
-        if self.alarm_override_check_passed(cert_name):
-            self.fm_obj.set_fault(entity_id,
-                                  fm_constants.FM_ALARM_ID_CERT_EXPIRED,
-                                  fm_constants.FM_ALARM_STATE_SET)
+        self.fm_obj.set_fault(entity_id,
+                              fm_constants.FM_ALARM_ID_CERT_EXPIRED,
+                              fm_constants.FM_ALARM_STATE_SET)

    def clear_expired(self, cert_name, entity_id):
-        if self.alarm_override_check_passed(cert_name):
-            self.fm_obj.set_fault(entity_id,
-                                  fm_constants.FM_ALARM_ID_CERT_EXPIRED,
-                                  fm_constants.FM_ALARM_STATE_CLEAR)
+        self.fm_obj.set_fault(entity_id,
+                              fm_constants.FM_ALARM_ID_CERT_EXPIRED,
+                              fm_constants.FM_ALARM_STATE_CLEAR)

    def alarm_override_check_passed(self, cert_name):
        '''
--- a/sysinv/sysinv/sysinv/sysinv/cert_alarm/fm.py
+++ b/sysinv/sysinv/sysinv/sysinv/cert_alarm/fm.py
@ -100,12 +100,9 @@ class FaultApiMgr(object):
            return alarm_severity

        # Check for annotation overrides
-        if cert_name in utils.CERT_SNAPSHOT:
-            snapshot = utils.CERT_SNAPSHOT[cert_name]
-            override = snapshot.get(constants.CERT_ALARM_ANNOTATION_ALARM_SEVERITY,
-                                    alarm_severity)
-            if override != "unknown":  # Cannot have "unknown" for fault severity
-                alarm_severity = override
+        has_override, override = utils.get_severity_user_override(cert_name)
+        if has_override:
+            alarm_severity = override

        return alarm_severity

--- a/sysinv/sysinv/sysinv/sysinv/cert_alarm/utils.py
+++ b/sysinv/sysinv/sysinv/sysinv/cert_alarm/utils.py
@ -154,6 +154,24 @@ def is_certname_already_processed(certname):
    return ret


+def get_severity_user_override(cert_name):
+    """
+    Get Severity User Override if there is any custom value for severity
+    If yes, it will return True and the value the user requested
+    if not return False and None.
+    """
+    if cert_name in CERT_SNAPSHOT:
+        snapshot = CERT_SNAPSHOT[cert_name]
+        override = snapshot.get(constants.CERT_ALARM_ANNOTATION_ALARM_SEVERITY,
+                                constants.CERT_ALARM_DEFAULT_ANNOTATION_ALARM_SEVERITY)
+        if override != 'unknown':
+            LOG.info('Cert: %s severity value overwritten by user override' %
+                    cert_name)
+            return True, override
+
+    return False, None
+
+
 def collect_certificate_data_for_ssl_cas():
    """
    Collect certificate data for SSL_CA files