Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container ssa annotate success #15031

Merged
merged 2 commits into from
Nov 20, 2017
Merged

Container ssa annotate success #15031

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
803fbfd
annotating container images with successful compliance
May 7, 2017
7334216
move to one annotating function for policy results
Aug 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions app/models/miq_action.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -724,31 +724,32 @@ def action_container_image_analyze(action, rec, inputs)
rec.scan
end

def action_container_image_annotate_deny_execution(action, rec, inputs)
def action_container_image_annotate_scan_results(action, rec, inputs)
MiqPolicy.logger.info("MIQ(#{__method__}): Now executing [#{action.description}]")
error_prefix = "MIQ(#{__method__}): Unable to perform action [#{action.description}], "
unless rec.kind_of?(ContainerImage)
MiqPolicy.logger.error("#{error_prefix} object [#{rec.inspect}] is not a Container Image")
return
end

unless rec.respond_to?(:annotate_deny_execution)
unless rec.respond_to?(:annotate_scan_policy_results)
MiqPolicy.logger.error("#{error_prefix} ContainerImage is not linked with an OpenShift image")
return
end

if inputs[:synchronous]
MiqPolicy.logger.info("MIQ(#{__method__}): Now executing [#{action.description}] for event "\
"[#{inputs[:event].description}]")
rec.annotate_deny_execution(inputs[:policy].name)
rec.annotate_scan_policy_results(inputs[:policy].name, inputs[:result])
else
MiqPolicy.logger.info("MIQ(#{__method__}): Queueing [#{action.description}] for event "\
"[#{inputs[:event].description}]")
MiqQueue.submit_job(
:service => "ems_operations",
:affinity => rec.ext_management_system,
:class_name => rec.class.name,
:method_name => "annotate_deny_execution",
:args => inputs[:policy].name,
:method_name => :annotate_scan_policy_results,
:args => [inputs[:policy].name, inputs[:result]],
:instance_id => rec.id,
:priority => MiqQueue::HIGH_PRIORITY,
)
Expand Down
2 changes: 2 additions & 0 deletions db/fixtures/miq_actions.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ script,Execute an external script
prevent,Prevent current event from proceeding
container_image_analyze,Initiate SmartState Analysis for Container Image
container_image_annotate_deny_execution,Prevent container image from running on OpenShift
container_image_annotate_allow_execution,Mark container image as safe for running on OpenShift
container_image_annotate_scan_results,Annotate image with scan results and execution prevention status
vm_start,Start Virtual Machine
vm_stop,Stop Virtual Machine
vm_suspend,Suspend Virtual Machine
Expand Down
19 changes: 17 additions & 2 deletions db/fixtures/miq_policy_sets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,23 @@
default:
enabled:
MiqAction:
name: container_image_annotate_deny_execution
description: Prevent container image from running on OpenShift
name: container_image_annotate_scan_results
description: Annotate image with scan results and execution prevention status
action_type: default
options: {}
- qualifier: success
success_sequence: 1
success_synchronous: true
MiqEventDefinition:
name: containerimage_compliance_check
description: Container Image Compliance Check
event_type: Default
definition:
default:
enabled:
MiqAction:
name: container_image_annotate_scan_results
description: Annotate image with scan results and execution prevention status
action_type: default
options: {}
Condition:
Expand Down
4 changes: 2 additions & 2 deletions spec/models/miq_action_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,14 +218,14 @@
end
end

context "#action_container_image_annotate_deny_execution" do
context "#action_container_image_annotate_scan_results" do
let(:container_image) { FactoryGirl.create(:container_image) }
let(:event) { FactoryGirl.create(:miq_event_definition, :name => "whatever") }
let(:action) { FactoryGirl.create(:miq_action, :name => "container_image_annotate_deny_execution") }

it "will not annotate if the method is unavailable" do
expect(MiqQueue).to receive(:put).exactly(0).times
action.action_container_image_annotate_deny_execution(action, container_image, :event => event)
action.action_container_image_annotate_scan_results(action, container_image, :event => event)
end
end

Expand Down