/**
* Gets specified orchestration rule
*
* @param int $ruleId Numeric identifier of the rule
* @param bool $modify optional Modifying flag
*
* @return RoleScript Returns the Script Entity on success
*
* @throws ApiErrorException
*/
public function getRule($ruleId, $modify = false)
{
$rule = RoleScript::findPk($ruleId);
if (!$rule) {
throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Requested Rule either does not exist or is not owned by your environment.");
}
if (!$this->hasPermissions($rule, $modify)) {
//Checks entity level write access permissions
throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions");
}
return $rule;
}
/**
* @test
*/
public function testComplex()
{
$user = $this->getUser();
$environment = $this->getEnvironment();
$fictionController = new ApiController();
//foreach iterates through values in order of ads
//we need to remove rules first, then - scripts
//we initialize data set for removal with non-existing rule
$this->ruleToDelete(-1);
/* @var $roles Role[] */
$roles = $this->getTestRoles();
/* @var $role Role */
$role = array_shift($roles);
/* @var $scalrRole Role */
$scalrRole = Role::findOne([['envId' => null, 'accountId' => null]]);
/* @var $script Script */
$script = static::createEntity(new Script(), ['name' => 'test-role-scripts', 'description' => 'test-role-scripts', '']);
$isWindows = $role->getOs()->family == 'windows';
/* @var $version ScriptVersion */
$version = static::createEntity(new ScriptVersion(), ['scriptId' => $script->id, 'version' => $script->getLatestVersion()->version + 1, 'content' => $isWindows ? '#!cmd' : '#!/bin/sh']);
$script->os = $isWindows ? 'windows' : 'linux';
$script->save();
$scalrRoleScriptData = ['trigger' => ['type' => RoleScriptAdapter::TRIGGER_SINGLE_EVENT, 'event' => ['id' => 'HostInit']], 'target' => ['type' => RoleScriptAdapter::TARGET_TRIGGERING_FARM_ROLE], 'action' => ['actionType' => RoleScriptAdapter::ACTION_SCRIPT, 'scriptVersion' => ['script' => ['id' => $script->id], 'version' => $version->version]]];
$localRoleScriptData = ['trigger' => ['type' => RoleScriptAdapter::TRIGGER_ALL_EVENTS], 'target' => ['type' => RoleScriptAdapter::TARGET_NULL], 'action' => ['actionType' => RoleScriptAdapter::ACTION_URI, 'uri' => 'https://example.com']];
//post scalr rule
$response = $this->postRule($role->id, $scalrRoleScriptData);
$this->assertEquals(201, $response->status, $this->printResponseError($response));
$ruleId = $response->getBody()->data->id;
/* @var $rule RoleScript */
$rule = RoleScript::findPk($ruleId);
$this->assertNotEmpty($rule);
$this->ruleToDelete($ruleId);
$this->assertObjectEqualsEntity($scalrRoleScriptData, $rule);
//post local rule
$response = $this->postRule($role->id, $localRoleScriptData);
$this->assertEquals(201, $response->status, $this->printResponseError($response));
$ruleId = $response->getBody()->data->id;
/* @var $rule RoleScript */
$rule = RoleScript::findPk($ruleId);
$this->assertNotEmpty($rule);
$this->ruleToDelete($ruleId);
$this->assertObjectEqualsEntity($localRoleScriptData, $rule);
//post rule to environment-scoped role
$response = $this->postRule($scalrRole->id, $scalrRoleScriptData);
$this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION);
//post rule already existing
$data = $scalrRoleScriptData;
$data['id'] = $ruleId;
$response = $this->postRule($role->id, $data);
$this->assertEquals(201, $response->status, $this->printResponseError($response));
$ruleId = $response->getBody()->data->id;
$this->ruleToDelete($ruleId);
$this->assertNotEquals($data['id'], $ruleId);
//post rule with script that does not exists
$data = $scalrRoleScriptData;
$data['action']['scriptVersion']['script']['id'] = Script::findOne([], ['id' => true])->id + 1;
$response = $this->postRule($role->id, $data);
$this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND);
//post rule with version that does not exists
$data = $scalrRoleScriptData;
$data['action']['scriptVersion']['version'] = Script::findPk($data['action']['scriptVersion']['script']['id'])->getLatestVersion()->version + 1;
$response = $this->postRule($role->id, $data);
$this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND);
//post rule with properties that not existing
$data = $scalrRoleScriptData;
$data['foo'] = 'bar';
$response = $this->postRule($role->id, $data);
$this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE);
//post rule without required fields
$data = $localRoleScriptData;
unset($data['action']);
$response = $this->postRule($role->id, $data);
$this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE);
//post rule with invalid field
$data = $localRoleScriptData;
$data['action'] = '';
$response = $this->postRule($role->id, $data);
$this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE);
//fetch rule
$response = $this->getRule($role->id, $rule->id);
$this->assertEquals(200, $response->status, $this->printResponseError($response));
$this->assertObjectEqualsEntity($response->getBody()->data, $rule);
//fetch rule that doe not exists
$response = $this->getRule($role->id, RoleScript::findOne([], ['id' => ''])->id + 1);
$this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND);
//fetch rule with missmatch role id
$response = $this->getRule(Role::findOne([], ['id' => ''])->id + 1, $rule->id);
$this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_VALUE);
//test have access to all listed rules
$rules = $this->listRules($role->id);
foreach ($rules as $rule) {
$this->assertTrue(RoleScript::findPk($rule->id)->hasAccessPermissions($user));
}
$listUri = static::getUserApiUrl("/scripts");
//test invalid filters
$response = $this->request($listUri, Request::METHOD_GET, ['foo' => 'bar']);
$this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE);
//test invalid filters values
$response = $this->request($listUri, Request::METHOD_GET, ['scope' => 'foobar']);
$this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_VALUE);
//delete script
/* @var $rule RoleScript */
$rule = static::createEntity(new RoleScript(), ['roleId' => $role->id, 'scriptId' => $script->id]);
$response = $this->deleteRule($role->id, $rule->id);
$this->assertEquals(200, $response->status, $this->printResponseError($response));
//delete scalr-scoped script
/* @var $rule RoleScript */
$rule = static::createEntity(new RoleScript(), ['roleId' => $scalrRole->id, 'scriptId' => $script->id, 'version' => -1]);
$response = $this->deleteRule($scalrRole->id, $rule->id);
$this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION);
//delete script that does not exists
$response = $this->deleteRule($role->id, RoleScript::findOne([], ['id' => ''])->id + 1);
$this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND);
}
/**
* {@inheritdoc}
* @see \Scalr\Api\DataType\ApiEntityAdapter::validateEntity()
*/
public function validateEntity($entity)
{
if (!$entity instanceof RoleScript) {
throw new InvalidArgumentException(sprintf("First argument must be instance of Scalr\\Model\\Entity\\RoleScript class"));
}
if ($entity->id !== null) {
if (!RoleScript::findPk($entity->id)) {
throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find out the rule with ID: %d", $entity->id));
}
}
//Getting the role initiates check permissions
$role = $this->controller->getRole($entity->roleId);
if (!empty($entity->scriptId)) {
if ($entity->version == ScriptVersion::LATEST_SCRIPT_VERSION) {
$found = ScriptVersion::findOne([['scriptId' => $entity->scriptId]], null, ['version' => false]);
} else {
$found = ScriptVersion::findPk($entity->scriptId, $entity->version);
}
if (empty($found)) {
throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find version %d of the script with ID: %d", $entity->version, $entity->scriptId));
}
if (Script::findPk($entity->scriptId)->os == 'windows' && $role->getOs()->family != 'windows') {
throw new ApiErrorException(409, ErrorMessage::ERR_OS_MISMATCH, "Script OS family does not match role OS family");
}
}
if (empty($entity->eventName)) {
$entity->eventName = '*';
} else {
if ($entity->eventName !== '*') {
if (array_key_exists($entity->eventName, array_merge(EVENT_TYPE::getScriptingEventsWithScope(), EventDefinition::getList($this->controller->getUser()->id, $this->controller->getEnvironment()->id))) === false) {
throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Could not find out the event '{$entity->eventName}'");
}
if ($entity->scriptType == OrchestrationRule::ORCHESTRATION_RULE_TYPE_CHEF && in_array($entity->eventName, EVENT_TYPE::getChefRestrictedEvents())) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Chef can't be used with {$entity->eventName}");
}
}
}
if (!$this->controller->hasPermissions($entity, true)) {
//Checks entity level write access permissions
throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions");
}
}
