/** * Gets specified orchestration rule * * @param int $ruleId Numeric identifier of the rule * @param bool $modify optional Modifying flag * * @return RoleScript Returns the Script Entity on success * * @throws ApiErrorException */ public function getRule($ruleId, $modify = false) { $rule = RoleScript::findPk($ruleId); if (!$rule) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Requested Rule either does not exist or is not owned by your environment."); } if (!$this->hasPermissions($rule, $modify)) { //Checks entity level write access permissions throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions"); } return $rule; }
/** * @test */ public function testComplex() { $user = $this->getUser(); $environment = $this->getEnvironment(); $fictionController = new ApiController(); //foreach iterates through values in order of ads //we need to remove rules first, then - scripts //we initialize data set for removal with non-existing rule $this->ruleToDelete(-1); /* @var $roles Role[] */ $roles = $this->getTestRoles(); /* @var $role Role */ $role = array_shift($roles); /* @var $scalrRole Role */ $scalrRole = Role::findOne([['envId' => null, 'accountId' => null]]); /* @var $script Script */ $script = static::createEntity(new Script(), ['name' => 'test-role-scripts', 'description' => 'test-role-scripts', '']); $isWindows = $role->getOs()->family == 'windows'; /* @var $version ScriptVersion */ $version = static::createEntity(new ScriptVersion(), ['scriptId' => $script->id, 'version' => $script->getLatestVersion()->version + 1, 'content' => $isWindows ? '#!cmd' : '#!/bin/sh']); $script->os = $isWindows ? 'windows' : 'linux'; $script->save(); $scalrRoleScriptData = ['trigger' => ['type' => RoleScriptAdapter::TRIGGER_SINGLE_EVENT, 'event' => ['id' => 'HostInit']], 'target' => ['type' => RoleScriptAdapter::TARGET_TRIGGERING_FARM_ROLE], 'action' => ['actionType' => RoleScriptAdapter::ACTION_SCRIPT, 'scriptVersion' => ['script' => ['id' => $script->id], 'version' => $version->version]]]; $localRoleScriptData = ['trigger' => ['type' => RoleScriptAdapter::TRIGGER_ALL_EVENTS], 'target' => ['type' => RoleScriptAdapter::TARGET_NULL], 'action' => ['actionType' => RoleScriptAdapter::ACTION_URI, 'uri' => 'https://example.com']]; //post scalr rule $response = $this->postRule($role->id, $scalrRoleScriptData); $this->assertEquals(201, $response->status, $this->printResponseError($response)); $ruleId = $response->getBody()->data->id; /* @var $rule RoleScript */ $rule = RoleScript::findPk($ruleId); $this->assertNotEmpty($rule); $this->ruleToDelete($ruleId); $this->assertObjectEqualsEntity($scalrRoleScriptData, $rule); //post local rule $response = $this->postRule($role->id, $localRoleScriptData); $this->assertEquals(201, $response->status, $this->printResponseError($response)); $ruleId = $response->getBody()->data->id; /* @var $rule RoleScript */ $rule = RoleScript::findPk($ruleId); $this->assertNotEmpty($rule); $this->ruleToDelete($ruleId); $this->assertObjectEqualsEntity($localRoleScriptData, $rule); //post rule to environment-scoped role $response = $this->postRule($scalrRole->id, $scalrRoleScriptData); $this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION); //post rule already existing $data = $scalrRoleScriptData; $data['id'] = $ruleId; $response = $this->postRule($role->id, $data); $this->assertEquals(201, $response->status, $this->printResponseError($response)); $ruleId = $response->getBody()->data->id; $this->ruleToDelete($ruleId); $this->assertNotEquals($data['id'], $ruleId); //post rule with script that does not exists $data = $scalrRoleScriptData; $data['action']['scriptVersion']['script']['id'] = Script::findOne([], ['id' => true])->id + 1; $response = $this->postRule($role->id, $data); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); //post rule with version that does not exists $data = $scalrRoleScriptData; $data['action']['scriptVersion']['version'] = Script::findPk($data['action']['scriptVersion']['script']['id'])->getLatestVersion()->version + 1; $response = $this->postRule($role->id, $data); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); //post rule with properties that not existing $data = $scalrRoleScriptData; $data['foo'] = 'bar'; $response = $this->postRule($role->id, $data); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //post rule without required fields $data = $localRoleScriptData; unset($data['action']); $response = $this->postRule($role->id, $data); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //post rule with invalid field $data = $localRoleScriptData; $data['action'] = ''; $response = $this->postRule($role->id, $data); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //fetch rule $response = $this->getRule($role->id, $rule->id); $this->assertEquals(200, $response->status, $this->printResponseError($response)); $this->assertObjectEqualsEntity($response->getBody()->data, $rule); //fetch rule that doe not exists $response = $this->getRule($role->id, RoleScript::findOne([], ['id' => ''])->id + 1); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); //fetch rule with missmatch role id $response = $this->getRule(Role::findOne([], ['id' => ''])->id + 1, $rule->id); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_VALUE); //test have access to all listed rules $rules = $this->listRules($role->id); foreach ($rules as $rule) { $this->assertTrue(RoleScript::findPk($rule->id)->hasAccessPermissions($user)); } $listUri = static::getUserApiUrl("/scripts"); //test invalid filters $response = $this->request($listUri, Request::METHOD_GET, ['foo' => 'bar']); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //test invalid filters values $response = $this->request($listUri, Request::METHOD_GET, ['scope' => 'foobar']); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_VALUE); //delete script /* @var $rule RoleScript */ $rule = static::createEntity(new RoleScript(), ['roleId' => $role->id, 'scriptId' => $script->id]); $response = $this->deleteRule($role->id, $rule->id); $this->assertEquals(200, $response->status, $this->printResponseError($response)); //delete scalr-scoped script /* @var $rule RoleScript */ $rule = static::createEntity(new RoleScript(), ['roleId' => $scalrRole->id, 'scriptId' => $script->id, 'version' => -1]); $response = $this->deleteRule($scalrRole->id, $rule->id); $this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION); //delete script that does not exists $response = $this->deleteRule($role->id, RoleScript::findOne([], ['id' => ''])->id + 1); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); }
/** * {@inheritdoc} * @see \Scalr\Api\DataType\ApiEntityAdapter::validateEntity() */ public function validateEntity($entity) { if (!$entity instanceof RoleScript) { throw new InvalidArgumentException(sprintf("First argument must be instance of Scalr\\Model\\Entity\\RoleScript class")); } if ($entity->id !== null) { if (!RoleScript::findPk($entity->id)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find out the rule with ID: %d", $entity->id)); } } //Getting the role initiates check permissions $role = $this->controller->getRole($entity->roleId); if (!empty($entity->scriptId)) { if ($entity->version == ScriptVersion::LATEST_SCRIPT_VERSION) { $found = ScriptVersion::findOne([['scriptId' => $entity->scriptId]], null, ['version' => false]); } else { $found = ScriptVersion::findPk($entity->scriptId, $entity->version); } if (empty($found)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find version %d of the script with ID: %d", $entity->version, $entity->scriptId)); } if (Script::findPk($entity->scriptId)->os == 'windows' && $role->getOs()->family != 'windows') { throw new ApiErrorException(409, ErrorMessage::ERR_OS_MISMATCH, "Script OS family does not match role OS family"); } } if (empty($entity->eventName)) { $entity->eventName = '*'; } else { if ($entity->eventName !== '*') { if (array_key_exists($entity->eventName, array_merge(EVENT_TYPE::getScriptingEventsWithScope(), EventDefinition::getList($this->controller->getUser()->id, $this->controller->getEnvironment()->id))) === false) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Could not find out the event '{$entity->eventName}'"); } if ($entity->scriptType == OrchestrationRule::ORCHESTRATION_RULE_TYPE_CHEF && in_array($entity->eventName, EVENT_TYPE::getChefRestrictedEvents())) { throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Chef can't be used with {$entity->eventName}"); } } } if (!$this->controller->hasPermissions($entity, true)) { //Checks entity level write access permissions throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions"); } }