Update severity check and cert-alarm override
Updating check for user input in severity value, and alarm enabled/disabled. For the severity value updating the check and Logging when an user override exist. In case of alarm enabled/disabled changing the conditions to clear the existing alarms for the certificate when the user disable the alarm. Test Plan: PASS: Add user override in the certificate and check if the severity changes in the cert-alarm alarm. PASS: Add user override and check for the custom log warning that the cert-alarm will use now a user custom value for the severity. PASS: Disable the alarm for the certificate and check if all related alarms have been cleared. PASS: Change the field back to Enabled and check if all alarms is raised. Closes-Bug: 2002823 Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com> Change-Id: I032ef6e880fbede4422df360fdf560602fec95f8
This commit is contained in:
parent
6d1911c01f
commit
dfe5af1413
|
@ -209,42 +209,44 @@ class CertAlarmAudit(object):
|
|||
else:
|
||||
threshold = alarm_before_days
|
||||
|
||||
if days_to_expiry > threshold:
|
||||
is_alarm_enabled = self.alarm_override_check_passed(cert_name)
|
||||
|
||||
if is_alarm_enabled:
|
||||
if days_to_expiry > threshold:
|
||||
self.clear_expiring_soon(cert_name, entity_id)
|
||||
self.clear_expired(cert_name, entity_id)
|
||||
else:
|
||||
if days_to_expiry < 0:
|
||||
# Expired. Clear expiring-soon & raise expired
|
||||
self.clear_expiring_soon(cert_name, entity_id)
|
||||
self.raise_expired(cert_name, entity_id)
|
||||
else:
|
||||
self.clear_expired(cert_name, entity_id)
|
||||
self.clear_expiring_soon(cert_name, entity_id)
|
||||
self.raise_expiring_soon(cert_name, entity_id)
|
||||
else:
|
||||
self.clear_expiring_soon(cert_name, entity_id)
|
||||
self.clear_expired(cert_name, entity_id)
|
||||
else:
|
||||
if days_to_expiry < 0:
|
||||
# Expired. Clear expiring-soon & raise expired
|
||||
self.clear_expiring_soon(cert_name, entity_id)
|
||||
self.raise_expired(cert_name, entity_id)
|
||||
else:
|
||||
self.clear_expired(cert_name, entity_id)
|
||||
self.clear_expiring_soon(cert_name, entity_id)
|
||||
self.raise_expiring_soon(cert_name, entity_id)
|
||||
|
||||
def raise_expiring_soon(self, cert_name, entity_id):
|
||||
if self.alarm_override_check_passed(cert_name):
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
|
||||
fm_constants.FM_ALARM_STATE_SET)
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
|
||||
fm_constants.FM_ALARM_STATE_SET)
|
||||
|
||||
def clear_expiring_soon(self, cert_name, entity_id):
|
||||
if self.alarm_override_check_passed(cert_name):
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
|
||||
fm_constants.FM_ALARM_STATE_CLEAR)
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRING_SOON,
|
||||
fm_constants.FM_ALARM_STATE_CLEAR)
|
||||
|
||||
def raise_expired(self, cert_name, entity_id):
|
||||
if self.alarm_override_check_passed(cert_name):
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRED,
|
||||
fm_constants.FM_ALARM_STATE_SET)
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRED,
|
||||
fm_constants.FM_ALARM_STATE_SET)
|
||||
|
||||
def clear_expired(self, cert_name, entity_id):
|
||||
if self.alarm_override_check_passed(cert_name):
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRED,
|
||||
fm_constants.FM_ALARM_STATE_CLEAR)
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
fm_constants.FM_ALARM_ID_CERT_EXPIRED,
|
||||
fm_constants.FM_ALARM_STATE_CLEAR)
|
||||
|
||||
def alarm_override_check_passed(self, cert_name):
|
||||
'''
|
||||
|
|
|
@ -100,12 +100,9 @@ class FaultApiMgr(object):
|
|||
return alarm_severity
|
||||
|
||||
# Check for annotation overrides
|
||||
if cert_name in utils.CERT_SNAPSHOT:
|
||||
snapshot = utils.CERT_SNAPSHOT[cert_name]
|
||||
override = snapshot.get(constants.CERT_ALARM_ANNOTATION_ALARM_SEVERITY,
|
||||
alarm_severity)
|
||||
if override != "unknown": # Cannot have "unknown" for fault severity
|
||||
alarm_severity = override
|
||||
has_override, override = utils.get_severity_user_override(cert_name)
|
||||
if has_override:
|
||||
alarm_severity = override
|
||||
|
||||
return alarm_severity
|
||||
|
||||
|
|
|
@ -154,6 +154,24 @@ def is_certname_already_processed(certname):
|
|||
return ret
|
||||
|
||||
|
||||
def get_severity_user_override(cert_name):
|
||||
"""
|
||||
Get Severity User Override if there is any custom value for severity
|
||||
If yes, it will return True and the value the user requested
|
||||
if not return False and None.
|
||||
"""
|
||||
if cert_name in CERT_SNAPSHOT:
|
||||
snapshot = CERT_SNAPSHOT[cert_name]
|
||||
override = snapshot.get(constants.CERT_ALARM_ANNOTATION_ALARM_SEVERITY,
|
||||
constants.CERT_ALARM_DEFAULT_ANNOTATION_ALARM_SEVERITY)
|
||||
if override != 'unknown':
|
||||
LOG.info('Cert: %s severity value overwritten by user override' %
|
||||
cert_name)
|
||||
return True, override
|
||||
|
||||
return False, None
|
||||
|
||||
|
||||
def collect_certificate_data_for_ssl_cas():
|
||||
"""
|
||||
Collect certificate data for SSL_CA files
|
||||
|
|
Loading…
Reference in New Issue