9355f5c2b9
Squashed commit of the following:
commit 4081e22202693bd7c4ea00e95daad8e628c6fd5a
Author: Oliver Gorwits <oliver@cpan.org>
Date: Mon May 29 21:02:07 2023 +0100
large rename of check_acl* to acl_matches*
commit 3cfa284ddd24d68765c255578cc5c184afbdcd83
Author: Oliver Gorwits <oliver@cpan.org>
Date: Fri May 19 20:39:03 2023 +0100
update permission doc
commit 8c7bb93cc5e9fafb770f98f446e45cbd94b14894
Author: Oliver Gorwits <oliver@cpan.org>
Date: Wed May 17 21:50:07 2023 +0100
migrate most check_acl_only to acl_matches_only
commit c47f699f2a22f08f2f3e093ed0f24c891e6f9a82
Author: Oliver Gorwits <oliver@cpan.org>
Date: Wed May 17 21:39:19 2023 +0100
rename check_acl* to be acl_matches*
commit a884a22c3ab1f3262118c3a47ed8e25b0b0a7336
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sun May 14 16:50:42 2023 +0100
update macsuck_no_deviceports to use acl_matches
commit 8c256af728721329b64d071fa529dfc844073ac6
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sun May 7 22:54:33 2023 +0100
update hide_deviceports to use acl_matches multi @things
commit cd5d9978aba1da459be4fed4500f395df13f7784
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sun May 7 22:53:38 2023 +0100
check_acl fix to allow all @things to offer a property before fallback to missing as empty string
commit 1a3ab9a7646e9f994f03126d45fc36e9e5a13ed5
Author: Oliver Gorwits <oliver@cpan.org>
Date: Tue May 2 15:31:17 2023 +0100
add ignore_deviceports to portproperties discover; improve comments
commit 51385ce89458dc939587dae902fda431719c22c9
Merge: b97c07d2 3f8ffe78
Author: Oliver Gorwits <oliver@cpan.org>
Date: Tue May 2 15:21:48 2023 +0100
Merge branch 'master' into og-acl_multidict
commit b97c07d237d750c1d9eb3095d8ff3908512eac2a
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sat Mar 25 14:37:53 2023 +0000
add support for arrayref of items, and unblessed hash, to check_acl
112 lines
3.2 KiB
Perl
112 lines
3.2 KiB
Perl
package App::Netdisco::Worker::Runner;
|
|
|
|
use Dancer qw/:moose :syntax/;
|
|
use Dancer::Plugin::DBIC 'schema';
|
|
use App::Netdisco::Util::Device 'get_device';
|
|
use App::Netdisco::Util::Permission qw/acl_matches acl_matches_only/;
|
|
use aliased 'App::Netdisco::Worker::Status';
|
|
|
|
use Try::Tiny;
|
|
use Time::HiRes ();
|
|
use Module::Load ();
|
|
use Scope::Guard 'guard';
|
|
use Storable 'dclone';
|
|
use Sys::SigAction 'timeout_call';
|
|
|
|
use Moo::Role;
|
|
use namespace::clean;
|
|
|
|
with 'App::Netdisco::Worker::Loader';
|
|
has 'job' => ( is => 'rw' );
|
|
|
|
# mixin code to run workers loaded via plugins
|
|
sub run {
|
|
my ($self, $job) = @_;
|
|
|
|
die 'cannot reuse a worker' if $self->job;
|
|
die 'bad job to run()'
|
|
unless ref $job eq 'App::Netdisco::Backend::Job';
|
|
|
|
$self->job($job);
|
|
$job->device( get_device($job->device) );
|
|
$self->load_workers();
|
|
|
|
# finalise job status when we exit
|
|
my $statusguard = guard { $job->finalise_status };
|
|
|
|
my @newuserconf = ();
|
|
my @userconf = @{ dclone (setting('device_auth') || []) };
|
|
|
|
# reduce device_auth by only/no
|
|
if (ref $job->device) {
|
|
foreach my $stanza (@userconf) {
|
|
my $no = (exists $stanza->{no} ? $stanza->{no} : undef);
|
|
my $only = (exists $stanza->{only} ? $stanza->{only} : undef);
|
|
|
|
next if $no and acl_matches($job->device, $no);
|
|
next if $only and not acl_matches_only($job->device, $only);
|
|
|
|
push @newuserconf, dclone $stanza;
|
|
}
|
|
|
|
# per-device action but no device creds available
|
|
return $job->add_status( Status->defer('deferred job with no device creds') )
|
|
if 0 == scalar @newuserconf && $self->transport_required;
|
|
}
|
|
|
|
# back up and restore device_auth
|
|
my $configguard = guard { set(device_auth => \@userconf) };
|
|
set(device_auth => \@newuserconf);
|
|
|
|
my $runner = sub {
|
|
my ($self, $job) = @_;
|
|
# roll everything back if we're testing
|
|
my $txn_guard = $ENV{ND2_DB_ROLLBACK}
|
|
? schema('netdisco')->storage->txn_scope_guard : undef;
|
|
|
|
# run check phase and if there are workers then one MUST be successful
|
|
$self->run_workers('workers_check');
|
|
|
|
# run other phases
|
|
if ($job->check_passed) {
|
|
$self->run_workers("workers_${_}") for qw/early main user store late/;
|
|
}
|
|
};
|
|
|
|
my $maxtime = ((defined setting($job->action .'_timeout'))
|
|
? setting($job->action .'_timeout') : setting('workers')->{'timeout'});
|
|
if ($maxtime) {
|
|
debug sprintf '%s: running with timeout %ss', $job->action, $maxtime;
|
|
if (timeout_call($maxtime, $runner, ($self, $job))) {
|
|
debug sprintf '%s: timed out!', $job->action;
|
|
$job->add_status( Status->error("job timed out after $maxtime sec") );
|
|
}
|
|
}
|
|
else {
|
|
debug sprintf '%s: running with no timeout', $job->action;
|
|
$runner->($self, $job);
|
|
}
|
|
}
|
|
|
|
sub run_workers {
|
|
my $self = shift;
|
|
my $job = $self->job or die error 'no job in worker job slot';
|
|
|
|
my $set = shift
|
|
or return $job->add_status( Status->error('missing set param') );
|
|
return unless ref [] eq ref $self->$set and 0 < scalar @{ $self->$set };
|
|
|
|
(my $phase = $set) =~ s/^workers_//;
|
|
$job->enter_phase($phase);
|
|
|
|
foreach my $worker (@{ $self->$set }) {
|
|
try { $job->add_status( $worker->($job) ) }
|
|
catch {
|
|
debug "-> $_" if $_;
|
|
$job->add_status( Status->error($_) );
|
|
};
|
|
}
|
|
}
|
|
|
|
true;
|