use of com.epam.pipeline.manager.docker.scan.ToolSecurityPolicyCheck in project cloud-pipeline by epam.
the class PipelineRunManager method runCmd.
/**
* Launches cmd command execution, uses Tool as ACL identity
* @param runVO
* @return
*/
@ToolSecurityPolicyCheck
public PipelineRun runCmd(PipelineStart runVO) {
Assert.notNull(runVO.getInstanceType(), messageHelper.getMessage(MessageConstants.SETTING_IS_NOT_PROVIDED, "instance_type"));
Assert.notNull(runVO.getHddSize(), messageHelper.getMessage(MessageConstants.SETTING_IS_NOT_PROVIDED, "instance_disk"));
int maxRunsNumber = preferenceManager.getPreference(SystemPreferences.LAUNCH_MAX_SCHEDULED_NUMBER);
LOGGER.debug("Allowed runs count - {}, actual - {}", maxRunsNumber, getNodeCount(runVO.getNodeCount(), 1));
Assert.isTrue(getNodeCount(runVO.getNodeCount(), 1) < maxRunsNumber, messageHelper.getMessage(MessageConstants.ERROR_EXCEED_MAX_RUNS_COUNT, maxRunsNumber, getNodeCount(runVO.getNodeCount(), 1)));
Tool tool = toolManager.loadByNameOrId(runVO.getDockerImage());
PipelineConfiguration configuration = configurationManager.getPipelineConfiguration(runVO, tool);
boolean clusterRun = configurationManager.initClusterConfiguration(configuration, true);
PipelineRun run = launchPipeline(configuration, null, null, runVO.getInstanceType(), runVO.getParentNodeId(), runVO.getConfigurationName(), null, runVO.getParentRunId(), null, null, runVO.getRunSids());
run.setParent(tool);
run.setAclClass(AclClass.TOOL);
if (clusterRun) {
runClusterWorkers(run, runVO, null, null, configuration);
}
return run;
}
use of com.epam.pipeline.manager.docker.scan.ToolSecurityPolicyCheck in project cloud-pipeline by epam.
the class PipelineRunManager method runPipeline.
/**
* Runs specified pipeline version, uses Pipeline as ACL identity
*
* @param runVO
* @return
*/
@ToolSecurityPolicyCheck
public PipelineRun runPipeline(PipelineStart runVO) {
Long pipelineId = runVO.getPipelineId();
String version = runVO.getVersion();
int maxRunsNumber = preferenceManager.getPreference(SystemPreferences.LAUNCH_MAX_SCHEDULED_NUMBER);
LOGGER.debug("Allowed runs count - {}, actual - {}", maxRunsNumber, getNodeCount(runVO.getNodeCount(), 1));
Assert.isTrue(getNodeCount(runVO.getNodeCount(), 1) < maxRunsNumber, messageHelper.getMessage(MessageConstants.ERROR_EXCEED_MAX_RUNS_COUNT, maxRunsNumber, getNodeCount(runVO.getNodeCount(), 1)));
Pipeline pipeline = pipelineManager.load(pipelineId);
PipelineConfiguration configuration = configurationManager.getPipelineConfiguration(runVO);
boolean isClusterRun = configurationManager.initClusterConfiguration(configuration, true);
// check that tool execution is allowed
toolApiService.loadToolForExecution(configuration.getDockerImage());
PipelineRun run = launchPipeline(configuration, pipeline, version, runVO.getInstanceType(), runVO.getParentNodeId(), runVO.getConfigurationName(), null, runVO.getParentRunId(), null, null, runVO.getRunSids());
run.setParent(pipeline);
if (isClusterRun) {
runClusterWorkers(run, runVO, version, pipeline, configuration);
}
return run;
}
use of com.epam.pipeline.manager.docker.scan.ToolSecurityPolicyCheck in project cloud-pipeline by epam.
the class PipelineRunManager method runPod.
/**
* Creates a new pod with a given run_id, doesn't create a new pipeline run
* @param runVO
* @return
*/
// TODO: refactoring
@ToolSecurityPolicyCheck
@Transactional(propagation = Propagation.REQUIRED)
public PipelineRun runPod(PipelineStart runVO) {
Assert.notNull(runVO.getCmdTemplate(), messageHelper.getMessage(MessageConstants.SETTING_IS_NOT_PROVIDED, "cmd_template"));
PipelineRun parentRun = loadPipelineRun(runVO.getUseRunId());
Assert.state(parentRun.getStatus() == TaskStatus.RUNNING, messageHelper.getMessage(MessageConstants.ERROR_PIPELINE_RUN_NOT_RUNNING, runVO.getUseRunId()));
PipelineConfiguration configuration = configurationManager.getPipelineConfiguration(runVO);
Tool tool = getToolForRun(configuration);
configuration.setSecretName(tool.getSecretName());
List<String> endpoints = tool.getEndpoints();
PipelineRun run = new PipelineRun();
run.setInstance(parentRun.getInstance());
run.setId(runVO.getUseRunId());
run.setStartDate(DateUtils.now());
run.setStatus(TaskStatus.RUNNING);
run.setPipelineName(DEFAULT_PIPELINE_NAME);
run.setPodId(getRootPodIDFromTool(tool.getImage(), run.getId()));
run.setDockerImage(configuration.getDockerImage());
run.setCmdTemplate(determinateCmdTemplateForRun(configuration));
run.setTimeout(runVO.getTimeout());
run.setCommitStatus(CommitStatus.NOT_COMMITTED);
run.setLastChangeCommitTime(DateUtils.now());
run.setRunSids(runVO.getRunSids());
run.setOwner(parentRun.getOwner());
String launchedCommand = pipelineLauncher.launch(run, configuration, endpoints, runVO.getUseRunId().toString(), false, parentRun.getPodId(), null);
run.setActualCmd(launchedCommand);
return run;
}
Aggregations