foreman_ansible 6.3.3 → 7.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a67f34724383faf6ead25e0d28e47d86b30d817839e3d9e3e6ef0531f9a4c5a
-  data.tar.gz: e758ebdaa34fe47e84aac20c5cd12af9013cad2d17810b73f894a7b6177e570b
+  metadata.gz: 76cdda389998bc85d45534a8feeb54fde36c671401665e5b337101b952efeae4
+  data.tar.gz: df707b59de63cd0cf66f553765a9e9a8e659cf2bdb4049198ce12eaff58f12fd
 SHA512:
-  metadata.gz: 0a3f9e4fe92c5325908b61e9542e4a99c4256f1c9b0b66f58873e73c8fa3b90194d39a054c2857060edc37ebd214b2186d8dced6078950f936ec8e9ae4b5fde4
-  data.tar.gz: 82aab4e76eedc22109debf0c1a60bc316c512677749dff6b1a53a4357c66d16dee37260fdc53ce643b362fcbc253a5ad6b3c8ff9636c736faee22ad229f821b7
+  metadata.gz: d54c5b84429025c6f2f8be0914ab870d8f5945ea97430cdb7129dbff4ceaffc3812608c6a020a0284b454c54542dd61d4682bcdab1532bc6a012b30ef0c48cbe
+  data.tar.gz: 16628e25e09230f8deeabf013bc0cc4277c271f8efde4d5691fab8a925ba1bac3c94b6b79c929e13dedded52bcd7a6406d474db10f5dd39619991227d9fd00c8

data/app/controllers/api/v2/ansible_inventories_controller.rb

@@ -90,7 +90,7 @@ module Api
       private
 
       def schedule_params
-        template_name = Setting::Ansible.find_by(:name => 'ansible_inventory_template').value
+        template_name = Setting['ansible_inventory_template']
         @report_template = ReportTemplate.find_by!(:name => template_name)
         params[:id] = @report_template.id
         params[:report_format] = 'json' if params[:report_format].blank?

data/app/graphql/mutations/ansible_variable_overrides/create.rb

@@ -0,0 +1,26 @@
+module Mutations
+  module AnsibleVariableOverrides
+    class Create < ::Mutations::CreateMutation
+      graphql_name 'CreateAnsibleVariableOverrideMutation'
+      description 'Creates Ansible Variable Override'
+
+      resource_class LookupValue
+
+      argument :host_id, Int, required: true
+      argument :lookup_key_id, Int, required: true
+      argument :value, ::Types::RawJson, required: true
+      argument :match, String, required: true
+      argument :omit, Boolean
+
+      field :overriden_ansible_variable, ::Types::OverridenAnsibleVariable, :null => true
+
+      def resolve(host_id:, **kwargs)
+        result = super kwargs
+        host = Host.find host_id
+        vars = AnsibleVariable.where :id => kwargs[:lookup_key_id]
+        resolver = ::ForemanAnsible::OverrideResolver.new(host, vars)
+        result.merge :overriden_ansible_variable => ::Presenters::OverridenAnsibleVariablePresenter.new(vars.first, resolver)
+      end
+    end
+  end
+end

data/app/graphql/mutations/ansible_variable_overrides/delete.rb

@@ -0,0 +1,38 @@
+module Mutations
+  module AnsibleVariableOverrides
+    class Delete < ::Mutations::DeleteMutation
+      graphql_name 'DeleteAnsibleVariableOverride'
+      description 'Deletes Ansible Variable Override'
+
+      resource_class LookupValue
+
+      argument :host_id, Int, required: true
+      argument :variable_id, Int, required: true
+
+      field :overriden_ansible_variable, ::Types::OverridenAnsibleVariable, :null => true
+
+      def resolve(id:, host_id:, variable_id:)
+        host = Host.find_by :id => host_id
+        variable = AnsibleVariable.find_by :id => variable_id
+        return resource_not_found(_('Host not found by id: %s'), host_id) unless host
+        return resource_not_found(_('Ansible Variable not found by id: %s'), variable_id) unless variable
+        authorize!(host, :view)
+        authorize!(variable, :edit)
+
+        result = super id: id
+        resolver = ::ForemanAnsible::OverrideResolver.new(host, [variable.id])
+        result.merge :overriden_ansible_variable => ::Presenters::OverridenAnsibleVariablePresenter.new(variable, resolver)
+      end
+
+      def resource_not_found(message)
+        {
+          :overriden_ansible_variable => nil,
+          :errros => [{
+            :path => ['base'],
+            :message => message
+          }]
+        }
+      end
+    end
+  end
+end

data/app/graphql/mutations/ansible_variable_overrides/update.rb

@@ -0,0 +1,26 @@
+module Mutations
+  module AnsibleVariableOverrides
+    class Update < ::Mutations::UpdateMutation
+      graphql_name 'UpdateAnsibleVariableOverrideMutation'
+      description 'Updates Ansible Variable Override'
+
+      resource_class LookupValue
+
+      argument :value, ::Types::RawJson, required: true
+      argument :match, String, required: false
+      argument :omit, Boolean, required: false
+      argument :host_id, Int, required: true
+      argument :ansible_variable_id, Int, required: true
+
+      field :overriden_ansible_variable, ::Types::OverridenAnsibleVariable, :null => true
+
+      def resolve(host_id:, ansible_variable_id:, **kwargs)
+        result = super kwargs
+        host = Host.find host_id
+        vars = AnsibleVariable.where :id => ansible_variable_id
+        resolver = ::ForemanAnsible::OverrideResolver.new(host, vars.pluck(:id))
+        result.merge :overriden_ansible_variable => ::Presenters::OverridenAnsibleVariablePresenter.new(vars.first, resolver)
+      end
+    end
+  end
+end

data/app/graphql/mutations/hosts/assign_ansible_roles.rb

@@ -0,0 +1,37 @@
+module Mutations
+  module Hosts
+    class AssignAnsibleRoles < ::Mutations::UpdateMutation
+      resource_class Host::Managed
+
+      argument :ansible_role_ids, [Integer], required: true
+
+      field :host, Types::Host, 'The updated host.', null: false
+
+      def resolve(id:, ansible_role_ids:)
+        host = load_object_by(id: id)
+        authorize!(host, :edit)
+
+        existing = host.host_ansible_roles
+        updated_ids = []
+        attrs = []
+
+        ansible_role_ids.each do |role_id|
+          current = existing.find_by :ansible_role_id => role_id
+          attrs << { :id => current&.id, :position => attrs.count + 1, :ansible_role_id => role_id }
+          updated_ids << current.id if current
+        end
+
+        existing.where.not(:id => updated_ids).each do |item|
+          attrs << { :id => item.id, :position => attrs.count + 1, :_destroy => true }
+        end
+
+        host.host_ansible_roles_attributes = attrs
+        save_object(host)
+      end
+
+      def result_key
+        :host
+      end
+    end
+  end
+end

data/app/graphql/presenters/ansible_role_presenter.rb

@@ -0,0 +1,12 @@
+module Presenters
+  class AnsibleRolePresenter
+    attr_reader :ansible_role, :inherited
+
+    delegate :id, :name, :association, :to => :ansible_role
+
+    def initialize(ansible_role, inherited)
+      @ansible_role = ansible_role
+      @inherited = inherited
+    end
+  end
+end

data/app/graphql/presenters/overriden_ansible_variable_presenter.rb

@@ -0,0 +1,19 @@
+module Presenters
+  class OverridenAnsibleVariablePresenter
+    attr_reader :ansible_variable
+
+    delegate :id, :key, :description, :override?,
+             :parameter_type, :hidden_value?, :omit, :required,
+             :validator_type, :validator_rule, :default_value,
+             :ansible_role, :current_value, :to => :ansible_variable
+
+    def initialize(ansible_variable, override_resolver)
+      @ansible_variable = ansible_variable
+      @override_resolver = override_resolver
+    end
+
+    def current_value
+      @override_resolver.resolve @ansible_variable
+    end
+  end
+end

data/app/graphql/types/ansible_role.rb

@@ -0,0 +1,9 @@
+module Types
+  class AnsibleRole < BaseObject
+    description 'Ansible role'
+
+    global_id_field :id
+
+    field :name, String, :null => false
+  end
+end

data/app/graphql/types/ansible_variable.rb

@@ -0,0 +1,23 @@
+module Types
+  class AnsibleVariable < BaseObject
+    description 'Ansible Variable'
+
+    global_id_field :id
+
+    field :key, String
+    field :override, Boolean
+    field :description, String
+    field :hidden_value, Boolean
+    field :parameter_type, String
+    field :omit, Boolean
+    field :required, Boolean
+    field :validator_type, String
+    field :validator_rule, String
+    field :default_value, ::Types::RawJson
+    field :ansible_role_name, String
+
+    def ansible_role_name
+      object.ansible_role.name
+    end
+  end
+end

data/app/graphql/types/ansible_variable_override.rb

@@ -0,0 +1,9 @@
+module Types
+  class AnsibleVariableOverride < GraphQL::Types::Relay::BaseObject
+    description 'Override value for Ansible Variable'
+
+    field :value, ::Types::RawJson, :null => false
+    field :element, ::Types::RawJson, :null => false
+    field :element_name, ::Types::RawJson, :null => false
+  end
+end

data/app/graphql/types/inherited_ansible_role.rb

@@ -0,0 +1,13 @@
+module Types
+  class InheritedAnsibleRole < ::Types::AnsibleRole
+    field :inherited, Boolean, :null => false
+
+    def object_class
+      object.ansible_role.class
+    end
+
+    def load_object
+      object.ansible_role
+    end
+  end
+end

data/app/graphql/types/overriden_ansible_variable.rb

@@ -0,0 +1,27 @@
+module Types
+  class OverridenAnsibleVariable < ::Types::AnsibleVariable
+    description 'Ansible Variable with an override value for a host'
+    model_class ::AnsibleVariable
+
+    field :current_value, ::Types::AnsibleVariableOverride, :null => true
+    field :lookup_values, ::Types::LookupValue.connection_type do
+      argument :match, String, required: false
+    end
+
+    field :meta, ::Types::Meta, resolve: (proc do |object|
+      {
+        :can_edit => ::User.current.can?(object.ansible_variable.permission_name(:edit), object.ansible_variable),
+        :can_destroy => ::User.current.can?(object.ansible_variable.permission_name(:destroy), object.ansible_variable)
+      }
+    end)
+
+    def lookup_values(match: nil)
+      return CollectionLoader.for(object.ansible_variable.class, :lookup_values).load(object.ansible_variable) unless match
+
+      scope = lambda do |sc|
+        sc.where(:match => match)
+      end
+      CollectionLoader.for(object.ansible_variable.class, :lookup_values, scope).load(object.ansible_variable)
+    end
+  end
+end

data/app/helpers/foreman_ansible/ansible_reports_helper.rb

@@ -4,21 +4,19 @@ module ForemanAnsible
   # This module takes the config reports stored in Foreman for Ansible and
   # modifies them to be properly presented in views
   module AnsibleReportsHelper
-    ANSIBLE_META_KEYS = %w[
-      _ansible_parsed _ansible_no_log _ansible_item_result
-      _ansible_ignore_errors _ansible_verbose_always _ansible_verbose_override
-    ].freeze
-    ANSIBLE_HIDDEN_KEYS = %w[
-      invocation module_args results ansible_facts
-      stdout stderr
-    ].freeze
-
     def ansible_module_name(log)
       source_value = log.source&.value
       name = source_value.split(':')[0].strip if source_value&.include?(':')
       name
     end
 
+    def ansible_task_name(log)
+      source_value = log.source&.value
+      return source_value || no_data_message unless source_value.include? ':'
+      name = source_value.split(':')[1].strip if source_value.include?(':')
+      name || no_data_message
+    end
+
     def ansible_run_in_check_mode?(log)
       log.message&.value == 'check_mode_enabled' if check_mode_log?(log)
     end
@@ -27,12 +25,36 @@ module ForemanAnsible
       log.source&.value == 'check_mode'
     end
 
-    def ansible_module_args(log)
-      report_json_viewer module_invocations parsed_message_json(log)
+    def ansible_module_message(log)
+      msg_json = parsed_message_json(log)
+      module_action = msg_json['module']
+      case module_action
+      when 'package'
+        msg_json['results'].empty? ? msg_json['msg'] : msg_json['results']
+      when 'template'
+        module_args = msg_json['invocation']['module_args']
+        _("Rendered template #{module_args['_original_basename']} to #{msg_json['dest']}")
+      when 'service'
+        _("Service #{msg_json['name']} #{msg_json['state']} (enabled: #{msg_json['enabled']})")
+      when 'group'
+        _("User group #{msg_json['name']} #{msg_json['state']}, gid: #{msg_json['gid']}")
+      when 'user'
+        _("User #{msg_json['name']} #{msg_json['state']}, uid: #{msg_json['uid']}")
+      when 'cron'
+        module_args = msg_json['invocation']['module_args']
+        _("Cron job: #{module_args['minute']} #{module_args['hour']} #{module_args['day']} #{module_args['month']} #{module_args['weekday']} #{module_args['job']} (disabled: #{module_args['disabled']})")
+      when 'copy'
+        module_args = msg_json['invocation']['module_args']
+        _("Copy #{module_args['_original_basename']} to #{msg_json['dest']}")
+      when 'command', 'shell'
+        msg_json['stdout_lines']
+      else
+        no_data_message
+      end
     end
 
-    def ansible_module_message(log)
-      report_json_viewer hash_with_keys_removed parsed_message_json(log)
+    def no_data_message
+      _('No additional data')
     end
 
     def ansible_report_origin_icon
@@ -49,49 +71,8 @@ module ForemanAnsible
       false
     end
 
-    def report_json_viewer(json)
-      react_component('ReportJsonViewer', data: json)
-    end
-
     private
 
-    def module_invocations(hash)
-      invocations = []
-      invocations << hash.delete('invocation')
-      results = hash.delete('results')
-      invocations << results
-      invocations = invocations.compact.flatten.map do |ih|
-        ih.is_a?(Hash) ? remove_keys(ih) : ih
-      end
-      invocations
-    end
-
-    def pretty_print_hash(hash)
-      prettyp = JSON.pretty_generate(remove_keys(hash))
-      prettyp.gsub!(/{\n*/, "\n")
-      prettyp.gsub!(/},*\n*/, "\n")
-      prettyp.gsub!(/^(\[|\])/, '')
-      prettyp.gsub!(/^[\s]*$\n/, '')
-      paragraph_style = 'white-space:pre;padding: 2em 0'
-      tag(:p, prettyp, :style => paragraph_style)
-    end
-
-    def hash_with_keys_removed(hash)
-      new_hash = remove_keys(hash)
-      remove_keys(new_hash, ANSIBLE_HIDDEN_KEYS)
-    end
-
-    def remove_keys(hash, keys = ANSIBLE_META_KEYS)
-      hash.each do |key, value|
-        if value.is_a? Array
-          value.each { |h| remove_keys(h) if h.is_a? Hash }
-        elsif value.is_a? Hash
-          remove_keys(value)
-        end
-        hash.delete(key) if keys.include? key
-      end
-    end
-
     def parsed_message_json(log)
       JSON.parse(log.message.value)
     rescue StandardError => e

data/app/models/concerns/foreman_ansible/host_managed_extensions.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'ipaddress'
+require 'resolv'
 module ForemanAnsible
   # Relations to make Host::Managed 'have' ansible roles
   module HostManagedExtensions
@@ -16,7 +16,7 @@ module ForemanAnsible
                  :dependent => :destroy
         scoped_search :relation => :ansible_roles, :on => :name,
                       :complete_value => true, :rename => :ansible_role,
-                      :only_explicit => true
+                      :only_explicit => true, ext_method: :search_by_role
 
         before_provision :play_ansible_roles
         audit_associations :ansible_roles
@@ -30,6 +30,14 @@ module ForemanAnsible
       hostgroup.inherited_and_own_ansible_roles
     end
 
+    def own_ansible_roles
+      ansible_roles.where.not(:id => inherited_ansible_roles.pluck(:id))
+    end
+
+    def available_ansible_roles
+      AnsibleRole.where.not(:id => all_ansible_roles.pluck(:id))
+    end
+
     # This one should be fixed, disabled for the moment as we're
     # in a rush to get the release out
     def play_ansible_roles
@@ -39,7 +47,7 @@ module ForemanAnsible
       composer.triggering.mode = :future
       composer.triggering.start_at = (
         Time.zone.now +
-        Setting::Ansible[:ansible_post_provision_timeout].to_i.seconds
+        Setting[:ansible_post_provision_timeout].to_i.seconds
       )
       composer.trigger!
       logger.info("Task for Ansible roles on #{self} before_provision: "\
@@ -58,12 +66,23 @@ module ForemanAnsible
       def import_host(*args)
         host = super(*args)
         hostname = args[0]
-        if IPAddress.valid?(hostname) &&
+        if (Resolv::IPv4::Regex.match?(hostname) || Resolv::IPv6::Regex.match?(hostname)) &&
            (host_nic = Nic::Interface.find_by(:ip => hostname))
           host = host_nic.host
         end
         host
       end
+
+      def search_by_role(_key, operator, value)
+        conditions = sanitize_sql_for_conditions(["ansible_roles.name #{operator} ?", value_to_sql(operator, value)])
+        host_ids = ::Host::Managed.joins(:ansible_roles).where(conditions).distinct.pluck(:id)
+        hostgroup_ids = ::Hostgroup.unscoped.with_taxonomy_scope.joins(:ansible_roles).where(conditions).map(&:subtree_ids).flatten
+
+        conds = []
+        conds << "hosts.id IN(#{host_ids.join(',')})" if host_ids.present?
+        conds << "hosts.hostgroup_id IN(#{hostgroup_ids.uniq.join(',')})" if hostgroup_ids.present?
+        { conditions: conds.join(' OR ').presence || '1 = 0' }
+      end
     end
   end
 end

data/app/models/concerns/foreman_ansible/hostgroup_extensions.rb

@@ -13,6 +13,7 @@ module ForemanAnsible
                :dependent => :destroy
       accepts_nested_attributes_for :hostgroup_ansible_roles, :allow_destroy => true
       audit_associations :ansible_roles
+      include_in_clone :ansible_roles
 
       def inherited_ansible_roles
         ancestors.reduce([]) do |roles, hostgroup|

data/app/models/foreman_ansible/ansible_provider.rb

@@ -18,6 +18,10 @@ if defined? ForemanRemoteExecution
           'Ansible'
         end
 
+        def provider_input_namespace
+          :ansible
+        end
+
         def proxy_command_options(template_invocation, host)
           super(template_invocation, host).merge(
             'ansible_inventory' => ::ForemanAnsible::InventoryCreator.new(
@@ -28,7 +32,8 @@ if defined? ForemanRemoteExecution
               template_invocation.template
             ),
             :name => host.name,
-            :check_mode => host.host_param('ansible_roles_check_mode')
+            :check_mode => host.host_param('ansible_roles_check_mode'),
+            :cleanup_working_dirs => cleanup_working_dirs?(host)
           )
         end
 
@@ -52,20 +57,65 @@ if defined? ForemanRemoteExecution
           host_setting(host, 'remote_execution_effective_user_password')
         end
 
-        def host_setting(host, setting)
-          host.params[setting.to_s] || Setting[setting]
-        end
-
         def supports_effective_user?
           true
         end
 
+        def provider_inputs
+          [
+            ForemanRemoteExecution::ProviderInput.new(
+              name: 'tags',
+              label: _('Tags'),
+              value: '',
+              value_type: 'plain',
+              description: 'Tags used for Ansible execution'
+            ),
+            ForemanRemoteExecution::ProviderInput.new(
+              name: 'tags_flag',
+              label: _('Include/Exclude Tags'),
+              value: 'include',
+              description: 'Option whether to include or exclude tags',
+              options: "include\nexclude"
+            )
+          ]
+        end
+
+        def provider_inputs_doc
+          opts = provider_inputs.find { |input| input.name == 'tags_flag' }.options.split("\n")
+          {
+            :namespace => provider_input_namespace,
+            :opts => { :desc => N_('Ansible provider specific inputs') },
+            :children => [
+              {
+                :name => :tags,
+                :type => Array,
+                :opts => { :required => false, :desc => N_('A comma separated list of tags to use for Ansible run') }
+              },
+              {
+                :name => :tags_flag,
+                :type => opts,
+                :opts => { :required => false, :desc => N_('Include\Exclude tags for Ansible run') }
+              }
+            ]
+          }
+        end
+
+        def proxy_command_provider_inputs(template_invocation)
+          tags = template_invocation.provider_input_values.find_by(:name => 'tags')&.value || ''
+          tags_flag = template_invocation.provider_input_values.find_by(:name => 'tags_flag')&.value || ''
+          { :tags => tags, :tags_flag => tags_flag }
+        end
+
         def proxy_operation_name
           'ansible-runner'
         end
 
         def proxy_action_class
-          'ForemanAnsibleCore::TaskLauncher::Playbook::PlaybookRunnerAction'
+          'Proxy::Ansible::TaskLauncher::Playbook::PlaybookRunnerAction'
+        end
+
+        def proxy_batch_size
+          Setting['foreman_ansible_proxy_batch_size']
         end
 
         private

data/app/services/foreman_ansible/ansible_report_importer.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'ipaddress'
+require 'resolv'
 module ForemanAnsible
   # Ensures Ansible reports from hosts where the IP was used, are assigned
   # to the right hostname in Foreman
@@ -10,7 +10,7 @@ module ForemanAnsible
       def host
         hostname = name.downcase
         if AnsibleReportScanner.ansible_report?(raw) &&
-           IPAddress.valid?(hostname) &&
+           (Resolv::IPv4::Regex.match?(hostname) || Resolv::IPv6::Regex.match?(hostname)) &&
            Nic::Interface.find_by(:ip => hostname)
           @host = Nic::Interface.find_by(:ip => hostname).host
         end

data/app/services/foreman_ansible/inventory_creator.rb

@@ -103,7 +103,7 @@ module ForemanAnsible
         'ansible_port' => host_setting(host, 'remote_execution_ssh_port'),
         'ansible_host' => AnsibleProvider.find_ip_or_hostname(host)
       }
-      if @template_invocation.effective_user.present?
+      if @template_invocation.effective_user.present? && @template_invocation.effective_user != params['ansible_user']
         params['ansible_become_user'] = @template_invocation.effective_user
         params['ansible_become'] = true
       end

data/app/services/foreman_ansible/override_resolver.rb

@@ -0,0 +1,22 @@
+module ForemanAnsible
+  # Service which resolves override values for hosts
+  class OverrideResolver
+    attr_reader :overrides, :ansible_variables
+
+    def initialize(host, variable_ids = [])
+      raise(Foreman::Exception.new('OverrideResolver needs a host to resolve overrides')) unless host
+      @ansible_variables = if variable_ids.empty?
+                             AnsibleVariable.where(:ansible_role_id => host.all_ansible_roles, :override => true)
+                           else
+                             AnsibleVariable.where(:id => variable_ids, :override => true)
+                           end
+      @overrides = @ansible_variables.values_hash(host).raw
+    end
+
+    def resolve(ansible_variable)
+      override = @overrides[ansible_variable.id]
+      return unless override
+      override[ansible_variable.key]
+    end
+  end
+end

data/app/views/api/v2/ansible_override_values/index.json.rabl

@@ -0,0 +1,3 @@
+collection @override_values
+
+extends 'api/v2/ansible_override_values/show'

data/app/views/api/v2/ansible_variables/show.json.rabl

@@ -10,7 +10,7 @@ attributes :id, :variable, :ansible_role, :ansible_role_id, :description, :overr
 node do |ansible_variable|
   {
     :override_values => partial(
-      'api/v2/override_values/index',
+      'api/v2/ansible_override_values/index',
       :object => ansible_variable.lookup_values
     )
   }

data/app/views/foreman_ansible/ansible_roles/_hostgroup_ansible_roles_button.erb

@@ -5,11 +5,14 @@
     display_link_if_authorized(_('Run all Ansible roles'), hash_for_play_roles_hostgroup_path(id: hostgroup), :'data-no-turbolink' => true, title: _('Run all Ansible roles on hosts belonging to this host group'))
   end
 
+  assign_jobs = link_to(_("Configure Ansible Job"), "/ansible/hostgroups/#{hostgroup.id}", { class: 'la' })
+
   actions = [
     display_link_if_authorized(_('Nest'),    hash_for_nest_hostgroup_path(:id => hostgroup)),
     display_link_if_authorized(_('Clone'),   hash_for_clone_hostgroup_path(:id => hostgroup))
   ]
   actions.push play_roles if User.current.can?(:create_job_invocations)
+  actions.push assign_jobs if User.current.can?(:view_job_invocations) && User.current.can?(:view_recurring_logics)
   actions.push display_delete_if_authorized(hash_for_hostgroup_path(:id => hostgroup).merge(:auth_object => hostgroup, :authorizer => authorizer), :data => { :confirm => warning_message(hostgroup) })
 
   action_buttons(*actions)