Only handle event::SetSuppressed{Notifications,NotificationTypes} within the local zone

Note that even when passing `nullptr` as target zone to `RelayMessage()`, the cluster message will still be sent to the parent zone. These incoming messages will now be rejected by the parent nodes. At the moment, there's no way to only send within the local zone.
2021-03-15 10:28:11 +01:00 · 2021-03-15 10:28:11 +01:00 · 29727e06c0
parent 160d0ea371
commit 29727e06c0
2 changed files with 16 additions and 9 deletions
--- a/doc/19-technical-concepts.md
+++ b/doc/19-technical-concepts.md
@ -1434,7 +1434,7 @@ Message updates will be dropped when:
 * Checkable does not exist.
 * Origin endpoint's zone is not allowed to access this checkable.

-#### event::SuppressedNotifications <a id="technical-concepts-json-rpc-messages-event-setsupressednotifications"></a>
+#### event::SetSuppressedNotifications <a id="technical-concepts-json-rpc-messages-event-setsupressednotifications"></a>

 > Location: `clusterevents.cpp`

@ -1443,7 +1443,7 @@ Message updates will be dropped when:
 Key       | Value
 ----------|---------
 jsonrpc   | 2.0
-method    | event::SuppressedNotifications
+method    | event::SetSuppressedNotifications
 params    | Dictionary

 ##### Params
@ -1459,6 +1459,8 @@ supressed\_notifications | Number 	 | Bitmask for suppressed notifications.
 Event Sender: `Checkable::OnSuppressedNotificationsChanged`
 Event Receiver: `SuppressedNotificationsChangedAPIHandler`

+Used to sync the notification state of a host or service object within the same HA zone.
+
 ##### Permissions

 The receiver will not process messages from not configured endpoints.
@ -1466,7 +1468,7 @@ The receiver will not process messages from not configured endpoints.
 Message updates will be dropped when:

 * Checkable does not exist.
-* Origin endpoint's zone is not allowed to access this checkable.
+* Origin endpoint is not within the local zone.

 #### event::SetSuppressedNotificationTypes <a id="technical-concepts-json-rpc-messages-event-setsuppressednotificationtypes"></a>

@ -1487,6 +1489,8 @@ Key         		 | Type   | Description
 notification             | String | Notification name
 supressed\_notifications | Number | Bitmask for suppressed notifications.

+Used to sync the state of a notification object within the same HA zone.
+
 ##### Functions

 Event Sender: `Notification::OnSuppressedNotificationsChanged`
@ -1499,7 +1503,7 @@ The receiver will not process messages from not configured endpoints.
 Message updates will be dropped when:

 * Notification does not exist.
-* Origin endpoint's zone is not allowed to access this notification.
+* Origin endpoint is not within the local zone.


 #### event::SetNextNotification <a id="technical-concepts-json-rpc-messages-event-setnextnotification"></a>
@ -1705,6 +1709,9 @@ text      | String        | Notification text
 Event Sender: `Checkable::OnNotificationsRequested`
 Event Receiver: `SendNotificationsAPIHandler`

+Signals that notifications have to be sent within the same HA zone. This is relevant if the checkable and its
+notifications are active on different endpoints.
+
 ##### Permissions

 The receiver will not process messages from not configured endpoints.
@ -1712,7 +1719,7 @@ The receiver will not process messages from not configured endpoints.
 Message updates will be dropped when:

 * Checkable does not exist.
-* Origin endpoint's zone the same as the receiver. This binds notification messages to the HA zone.
+* Origin endpoint is not within the local zone.

 #### event::NotificationSentUser <a id="technical-concepts-json-rpc-messages-event-notificationsentuser"></a>

--- a/lib/icinga/clusterevents.cpp
+++ b/lib/icinga/clusterevents.cpp
@ -324,7 +324,7 @@ void ClusterEvents::SuppressedNotificationsChangedHandler(const Checkable::Ptr&
 	message->Set("method", "event::SetSuppressedNotifications");
 	message->Set("params", params);

-	listener->RelayMessage(origin, checkable, message, true);
+	listener->RelayMessage(origin, nullptr, message, true);
 }

 Value ClusterEvents::SuppressedNotificationsChangedAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
@ -352,7 +352,7 @@ Value ClusterEvents::SuppressedNotificationsChangedAPIHandler(const MessageOrigi
 	if (!checkable)
 		return Empty;

-	if (origin->FromZone && !origin->FromZone->CanAccessObject(checkable)) {
+	if (origin->FromZone && origin->FromZone != Zone::GetLocalZone()) {
 		Log(LogNotice, "ClusterEvents")
 			<< "Discarding 'suppressed notifications changed' message for checkable '" << checkable->GetName()
 			<< "' from '" << origin->FromClient->GetIdentity() << "': Unauthorized access.";
@ -380,7 +380,7 @@ void ClusterEvents::SuppressedNotificationTypesChangedHandler(const Notification
 	message->Set("method", "event::SetSuppressedNotificationTypes");
 	message->Set("params", params);

-	listener->RelayMessage(origin, notification, message, true);
+	listener->RelayMessage(origin, nullptr, message, true);
 }

 Value ClusterEvents::SuppressedNotificationTypesChangedAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
@ -398,7 +398,7 @@ Value ClusterEvents::SuppressedNotificationTypesChangedAPIHandler(const MessageO
 	if (!notification)
 		return Empty;

-	if (origin->FromZone && !origin->FromZone->CanAccessObject(notification)) {
+	if (origin->FromZone && origin->FromZone != Zone::GetLocalZone()) {
 		Log(LogNotice, "ClusterEvents")
 			<< "Discarding 'suppressed notification types changed' message for notification '" << notification->GetName()
 			<< "' from '" << origin->FromClient->GetIdentity() << "': Unauthorized access.";