func deployDataToEvent(data *DeployData) error {
var evt event.Event
evt.UniqueID = data.ID
evt.Target = event.Target{Type: event.TargetTypeApp, Value: data.App}
evt.Owner = event.Owner{Type: event.OwnerTypeUser, Name: data.User}
evt.Kind = event.Kind{Type: event.KindTypePermission, Name: permission.PermAppDeploy.FullName()}
evt.StartTime = data.Timestamp
evt.EndTime = data.Timestamp.Add(data.Duration)
evt.Error = data.Error
evt.Log = data.Log
evt.RemoveDate = data.RemoveDate
a, err := GetByName(data.App)
if err == nil {
evt.Allowed = event.Allowed(permission.PermAppReadEvents, append(permission.Contexts(permission.CtxTeam, a.Teams),
permission.Context(permission.CtxApp, a.Name),
permission.Context(permission.CtxPool, a.Pool),
)...)
} else {
evt.Allowed = event.Allowed(permission.PermAppReadEvents)
}
startOpts := DeployOptions{
Commit: data.Commit,
Origin: data.Origin,
}
var otherData map[string]string
if data.Diff != "" {
otherData = map[string]string{"diff": data.Diff}
}
endData := map[string]string{"image": data.Image}
err = evt.RawInsert(startOpts, otherData, endData)
if mgo.IsDup(err) {
return nil
}
return err
}
func healingEventToEvent(data *HealingEvent) error {
var evt event.Event
evt.UniqueID = data.ID.(bson.ObjectId)
var startOpts, endOpts interface{}
switch data.Action {
case "node-healing":
evt.Target = event.Target{Type: event.TargetTypeNode, Value: data.FailingNode.Address}
var lastCheck *healer.NodeChecks
if data.Extra != nil {
checkRaw, err := json.Marshal(data.Extra)
if err == nil {
json.Unmarshal(checkRaw, &lastCheck)
}
}
startOpts = healer.NodeHealerCustomData{
Node: data.FailingNode,
Reason: data.Reason,
LastCheck: lastCheck,
}
endOpts = data.CreatedNode
poolName := data.FailingNode.Metadata["pool"]
evt.Allowed = event.Allowed(permission.PermPoolReadEvents, permission.Context(permission.CtxPool, poolName))
case "container-healing":
evt.Target = event.Target{Type: event.TargetTypeContainer, Value: data.FailingContainer.ID}
startOpts = data.FailingContainer
endOpts = data.CreatedContainer
a, err := app.GetByName(data.FailingContainer.AppName)
if err == nil {
evt.Allowed = event.Allowed(permission.PermAppReadEvents, append(permission.Contexts(permission.CtxTeam, a.Teams),
permission.Context(permission.CtxApp, a.Name),
permission.Context(permission.CtxPool, a.Pool),
)...)
} else {
evt.Allowed = event.Allowed(permission.PermAppReadEvents)
}
default:
return errors.Errorf("invalid action %q", data.Action)
}
evt.Owner = event.Owner{Type: event.OwnerTypeInternal}
evt.Kind = event.Kind{Type: event.KindTypeInternal, Name: "healer"}
evt.StartTime = data.StartTime
evt.EndTime = data.EndTime
evt.Error = data.Error
err := evt.RawInsert(startOpts, nil, endOpts)
if mgo.IsDup(err) {
return nil
}
return err
}
func (s *S) TestMigrateRCEventsNoApp(c *check.C) {
now := time.Unix(time.Now().Unix(), 0)
id := bson.NewObjectId()
var expected event.Event
expected.UniqueID = id
expected.Target = event.Target{Type: event.TargetTypeApp, Value: "a1"}
expected.Owner = event.Owner{Type: event.OwnerTypeUser, Name: "u1"}
expected.Kind = event.Kind{Type: event.KindTypePermission, Name: permission.PermAppDeploy.FullName()}
expected.StartTime = now
expected.EndTime = now.Add(time.Minute)
expected.Error = "err1"
expected.Log = "log1"
expected.Allowed = event.Allowed(permission.PermAppReadEvents)
s.checkEvtMatch(&expected, c)
}
func (s *S) TestMigrateRCEventsWithApp(c *check.C) {
a := app.App{Name: "a1", Platform: "zend", TeamOwner: s.team.Name}
err := app.CreateApp(&a, s.user)
c.Assert(err, check.IsNil)
now := time.Unix(time.Now().Unix(), 0)
id := bson.NewObjectId()
var expected event.Event
expected.UniqueID = id
expected.Target = event.Target{Type: event.TargetTypeApp, Value: "a1"}
expected.Owner = event.Owner{Type: event.OwnerTypeUser, Name: "u1"}
expected.Kind = event.Kind{Type: event.KindTypePermission, Name: permission.PermAppDeploy.FullName()}
expected.StartTime = now
expected.EndTime = now.Add(time.Minute)
expected.Error = "err1"
expected.Log = "log1"
expected.Allowed = event.Allowed(permission.PermAppReadEvents,
append(permission.Contexts(permission.CtxTeam, a.Teams),
permission.Context(permission.CtxApp, a.Name),
permission.Context(permission.CtxPool, a.Pool),
)...,
)
s.checkEvtMatch(&expected, c)
}
func setAllowed(evt *event.Event) (err error) {
defer func() {
if err != nil {
fmt.Printf("setting global context to evt %q: %s\n", evt.String(), err)
err = nil
}
}()
switch evt.Target.Type {
case event.TargetTypeApp:
var a *app.App
a, err = app.GetByName(evt.Target.Value)
if err != nil {
evt.Allowed = event.Allowed(permission.PermAppReadEvents)
if evt.Cancelable {
evt.Allowed = event.Allowed(permission.PermAppUpdateEvents)
}
return err
}
ctxs := append(permission.Contexts(permission.CtxTeam, a.Teams),
permission.Context(permission.CtxApp, a.Name),
permission.Context(permission.CtxPool, a.Pool),
)
evt.Allowed = event.Allowed(permission.PermAppReadEvents, ctxs...)
if evt.Cancelable {
evt.Allowed = event.Allowed(permission.PermAppUpdateEvents, ctxs...)
}
case event.TargetTypeTeam:
evt.Allowed = event.Allowed(permission.PermTeamReadEvents, permission.Context(permission.CtxTeam, evt.Target.Value))
case event.TargetTypeService:
s := service.Service{Name: evt.Target.Value}
err = s.Get()
if err != nil {
evt.Allowed = event.Allowed(permission.PermServiceReadEvents)
return err
}
evt.Allowed = event.Allowed(permission.PermServiceReadEvents,
append(permission.Contexts(permission.CtxTeam, s.OwnerTeams),
permission.Context(permission.CtxService, s.Name),
)...,
)
case event.TargetTypeServiceInstance:
v := strings.SplitN(evt.Target.Value, "/", 2)
if len(v) != 2 {
evt.Allowed = event.Allowed(permission.PermServiceInstanceReadEvents)
return nil
}
var si *service.ServiceInstance
si, err = service.GetServiceInstance(v[0], v[1])
if err != nil {
evt.Allowed = event.Allowed(permission.PermServiceInstanceReadEvents)
return err
}
evt.Allowed = event.Allowed(permission.PermServiceReadEvents,
append(permission.Contexts(permission.CtxTeam, si.Teams),
permission.Context(permission.CtxServiceInstance, evt.Target.Value),
)...,
)
case event.TargetTypePool:
evt.Allowed = event.Allowed(permission.PermPoolReadEvents, permission.Context(permission.CtxPool, evt.Target.Value))
case event.TargetTypeUser:
evt.Allowed = event.Allowed(permission.PermUserReadEvents, permission.Context(permission.CtxUser, evt.Target.Value))
case event.TargetTypeIaas:
evt.Allowed = event.Allowed(permission.PermMachineReadEvents, permission.Context(permission.CtxIaaS, evt.Target.Value))
case event.TargetTypeContainer:
var provisioners []provision.Provisioner
provisioners, err = provision.Registry()
if err != nil {
return err
}
var a provision.App
for _, p := range provisioners {
if finderProv, ok := p.(provision.UnitFinderProvisioner); ok {
a, err = finderProv.GetAppFromUnitID(evt.Target.Value)
_, isNotFound := err.(*provision.UnitNotFoundError)
if err == nil || !isNotFound {
break
}
}
}
if err != nil {
return err
}
evt.Allowed = event.Allowed(permission.PermAppReadEvents,
append(permission.Contexts(permission.CtxTeam, a.GetTeamsName()),
permission.Context(permission.CtxApp, a.GetName()),
permission.Context(permission.CtxPool, a.GetPool()),
)...,
)
case event.TargetTypeNode:
var provisioners []provision.Provisioner
provisioners, err = provision.Registry()
if err != nil {
return err
}
var ctxs []permission.PermissionContext
for _, p := range provisioners {
if nodeProvisioner, ok := p.(provision.NodeProvisioner); ok {
var nodes []provision.Node
nodes, err = nodeProvisioner.ListNodes([]string{evt.Target.Value})
if err != nil {
return err
}
ctxs = append(ctxs, permission.Context(permission.CtxPool, nodes[0].Pool()))
}
}
evt.Allowed = event.Allowed(permission.PermPoolReadEvents, ctxs...)
case event.TargetTypeRole:
evt.Allowed = event.Allowed(permission.PermRoleReadEvents)
default:
evt.Allowed = event.Allowed(permission.PermDebug)
}
return nil
}
