diff --git a/etc/policy.json b/etc/policy.json index 7d540a055..becf77c8e 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -61,5 +61,6 @@ "event_triggers:delete": "rule:admin_or_owner", "event_triggers:get": "rule:admin_or_owner", "event_triggers:list": "rule:admin_or_owner", + "event_triggers:list:all_projects": "rule:admin_only", "event_triggers:update": "rule:admin_or_owner" } diff --git a/mistral/api/controllers/v2/event_trigger.py b/mistral/api/controllers/v2/event_trigger.py index ee8286867..05f88d2c3 100644 --- a/mistral/api/controllers/v2/event_trigger.py +++ b/mistral/api/controllers/v2/event_trigger.py @@ -37,7 +37,7 @@ class EventTriggersController(rest.RestController): @wsme_pecan.wsexpose(resources.EventTrigger, types.uuid) def get(self, id): """Returns the specified event_trigger.""" - acl.enforce('event_trigger:get', auth_ctx.ctx()) + acl.enforce('event_triggers:get', auth_ctx.ctx()) LOG.info('Fetch event trigger [id=%s]', id) @@ -50,7 +50,7 @@ class EventTriggersController(rest.RestController): status_code=201) def post(self, event_trigger): """Creates a new event trigger.""" - acl.enforce('event_trigger:create', auth_ctx.ctx()) + acl.enforce('event_triggers:create', auth_ctx.ctx()) values = event_trigger.to_dict() input_keys = [k for k in values if values[k]] @@ -85,7 +85,7 @@ class EventTriggersController(rest.RestController): change them is to delete the event trigger first, then create a new event trigger with new params. """ - acl.enforce('event_trigger:update', auth_ctx.ctx()) + acl.enforce('event_triggers:update', auth_ctx.ctx()) values = event_trigger.to_dict() @@ -109,7 +109,7 @@ class EventTriggersController(rest.RestController): @wsme_pecan.wsexpose(None, types.uuid, status_code=204) def delete(self, id): """Delete event trigger.""" - acl.enforce('event_trigger:delete', auth_ctx.ctx()) + acl.enforce('event_triggers:delete', auth_ctx.ctx()) LOG.info("Delete event trigger [id=%s]", id) @@ -121,15 +121,20 @@ class EventTriggersController(rest.RestController): @rest_utils.wrap_wsme_controller_exception @wsme_pecan.wsexpose(resources.EventTriggers, types.uuid, int, types.uniquelist, types.list, types.uniquelist, - types.jsontype) + bool, types.jsontype) def get_all(self, marker=None, limit=None, sort_keys='created_at', - sort_dirs='asc', fields='', **filters): + sort_dirs='asc', fields='', all_projects=False, **filters): """Return all event triggers.""" - acl.enforce('event_trigger:list', auth_ctx.ctx()) + acl.enforce('event_triggers:list', auth_ctx.ctx()) - LOG.info("Fetch event triggers. marker=%s, limit=%s, sort_keys=%s, " - "sort_dirs=%s, fields=%s, filters=%s", marker, limit, - sort_keys, sort_dirs, fields, filters) + if all_projects: + acl.enforce('event_triggers:list:all_projects', auth_ctx.ctx()) + + LOG.info( + "Fetch event triggers. marker=%s, limit=%s, sort_keys=%s, " + "sort_dirs=%s, fields=%s, all_projects=%s, filters=%s", marker, + limit, sort_keys, sort_dirs, fields, all_projects, filters + ) return rest_utils.get_all( resources.EventTriggers, @@ -142,5 +147,6 @@ class EventTriggersController(rest.RestController): sort_keys=sort_keys, sort_dirs=sort_dirs, fields=fields, + all_projects=all_projects, **filters ) diff --git a/mistral/db/v2/api.py b/mistral/db/v2/api.py index 9e5a615c9..2cef2344b 100644 --- a/mistral/db/v2/api.py +++ b/mistral/db/v2/api.py @@ -507,7 +507,7 @@ def get_event_trigger(id, insecure=False): def get_event_triggers(insecure=False, limit=None, marker=None, sort_keys=None, sort_dirs=None, fields=None, **kwargs): return IMPL.get_event_triggers( - insecure=False, + insecure=insecure, limit=limit, marker=marker, sort_keys=sort_keys, diff --git a/mistral/event_engine/default_event_engine.py b/mistral/event_engine/default_event_engine.py index a7bd54739..f0b3f9e89 100644 --- a/mistral/event_engine/default_event_engine.py +++ b/mistral/event_engine/default_event_engine.py @@ -212,7 +212,7 @@ class DefaultEventEngine(base.EventEngine): def _start_listeners(self): triggers = db_api.get_event_triggers(insecure=True) - LOG.info('Find %s event triggers.', len(triggers)) + LOG.info('Found %s event triggers.', len(triggers)) for trigger in triggers: exchange_topic = (trigger.exchange, trigger.topic) diff --git a/mistral/tests/unit/api/v2/test_event_trigger.py b/mistral/tests/unit/api/v2/test_event_trigger.py index 0dd1ede8f..2ff10282e 100644 --- a/mistral/tests/unit/api/v2/test_event_trigger.py +++ b/mistral/tests/unit/api/v2/test_event_trigger.py @@ -20,6 +20,7 @@ from mistral.db.v2 import api as db_api from mistral.db.v2.sqlalchemy import models from mistral import exceptions as exc from mistral.tests.unit.api import base +from mistral.tests.unit import base as unit_base WF = models.WorkflowDefinition( spec={ @@ -209,3 +210,15 @@ class TestEventTriggerController(base.APITest): self.assertEqual(1, len(resp.json['event_triggers'])) self.assertDictEqual(TRIGGER, resp.json['event_triggers'][0]) + + @mock.patch('mistral.db.v2.api.get_event_triggers') + @mock.patch('mistral.context.MistralContext.from_environ') + def test_get_all_projects_admin(self, mock_context, mock_get_wf_defs): + admin_ctx = unit_base.get_context(admin=True) + mock_context.return_value = admin_ctx + + resp = self.app.get('/v2/event_triggers?all_projects=true') + + self.assertEqual(200, resp.status_int) + + self.assertTrue(mock_get_wf_defs.call_args[1].get('insecure', False)) diff --git a/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py b/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py index 2f8cc0807..7008204c7 100644 --- a/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py +++ b/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py @@ -2957,7 +2957,7 @@ class EventTriggerTest(SQLAlchemyTest): self.assertEqual(created, fetched) - def test_get_event_triggers_insecure(self): + def test_get_event_triggers_not_insecure(self): for t in EVENT_TRIGGERS: db_api.create_event_trigger(t) @@ -2965,7 +2965,7 @@ class EventTriggerTest(SQLAlchemyTest): self.assertEqual(2, len(fetched)) - def test_get_event_triggers_not_insecure(self): + def test_get_event_triggers_insecure(self): db_api.create_event_trigger(EVENT_TRIGGERS[0]) # Switch to another tenant.