foreman_dlm 2.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/Rakefile +4 -2
- data/app/controllers/api/v2/dlmlock_events_controller.rb +2 -0
- data/app/controllers/api/v2/dlmlocks_controller.rb +14 -11
- data/app/controllers/concerns/foreman/controller/parameters/dlmlocks.rb +2 -0
- data/app/controllers/concerns/foreman_dlm/find_host_by_client_cert.rb +2 -0
- data/app/controllers/concerns/foreman_dlm/find_host_by_ip.rb +2 -0
- data/app/controllers/concerns/foreman_dlm/update_checkin_time.rb +2 -0
- data/app/controllers/foreman_dlm/application_controller.rb +2 -0
- data/app/controllers/foreman_dlm/dlmlocks_controller.rb +4 -10
- data/app/helpers/foreman_dlm/dlmlock_helper.rb +2 -0
- data/app/jobs/foreman_dlm/refresh_dlmlock_status.rb +2 -0
- data/app/models/concerns/foreman_dlm/dlm_facet_host_extensions.rb +2 -0
- data/app/models/concerns/foreman_dlm/expirable.rb +2 -0
- data/app/models/concerns/foreman_dlm/host_extensions.rb +10 -8
- data/app/models/concerns/foreman_dlm/host_monitoring_extensions.rb +3 -1
- data/app/models/concerns/foreman_dlm/user_extensions.rb +6 -4
- data/app/models/foreman_dlm/dlm_facet.rb +2 -0
- data/app/models/foreman_dlm/dlmlock/update.rb +2 -0
- data/app/models/foreman_dlm/dlmlock.rb +11 -9
- data/app/models/foreman_dlm/dlmlock_event.rb +2 -0
- data/app/models/host_status/dlmlock_status.rb +2 -0
- data/app/views/api/v2/dlmlock_events/index.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/acquire.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/base.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/create.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/index.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/main.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/release.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/show.json.rabl +2 -0
- data/app/views/api/v2/dlmlocks/update.json.rabl +2 -0
- data/app/views/api/v2/errors/precondition_failed.json.rabl +2 -0
- data/app/views/foreman_dlm/api/v2/dlm_facets/base.json.rabl +2 -0
- data/app/views/foreman_dlm/api/v2/dlm_facets/base_with_root.json.rabl +2 -0
- data/app/views/foreman_dlm/api/v2/dlm_facets/show.json.rabl +2 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20170824084100_add_dlmlock.foreman_dlm.rb +2 -0
- data/db/migrate/20180627150003_rename_dlmlock_sti_models.rb +3 -1
- data/db/migrate/20180704162345_add_dlmlock_events.rb +2 -0
- data/db/migrate/20180711090022_add_hosts_fk_to_dlmlocks.rb +2 -0
- data/db/migrate/20180711111903_create_dlm_facets.foreman_dlm.rb +2 -0
- data/db/migrate/20180713113208_update_permissions_for_scoped_models.rb +2 -0
- data/lib/foreman_dlm/engine.rb +70 -70
- data/lib/foreman_dlm/version.rb +3 -1
- data/lib/foreman_dlm.rb +2 -0
- data/lib/tasks/dlmlock_events.rake +2 -0
- data/lib/tasks/foreman_dlm_tasks.rake +2 -20
- data/locale/gemspec.rb +3 -1
- data/test/controllers/api/v2/dlmlocks_controller_test.rb +12 -10
- data/test/controllers/api/v2/dlmlocks_dlmlock_events_controller_test.rb +2 -0
- data/test/controllers/api/v2/hosts_controller_test.rb +2 -0
- data/test/controllers/find_host_by_client_cert_test.rb +5 -3
- data/test/controllers/foreman_dlm/dlmlocks_test.rb +2 -0
- data/test/controllers/hosts_controller_test.rb +3 -1
- data/test/factories/dlm_facets.rb +2 -0
- data/test/factories/dlmlock.rb +2 -0
- data/test/factories/dlmlock_events.rb +2 -0
- data/test/factories/host.rb +2 -0
- data/test/integration/foreman_dlm/dlmlocks_test.rb +9 -3
- data/test/jobs/refresh_dlmlock_status_test.rb +2 -0
- data/test/models/foreman_dlm/dlm_facet_test.rb +2 -0
- data/test/models/foreman_dlm/dlmlock_event_test.rb +2 -0
- data/test/models/foreman_dlm/dlmlock_test.rb +26 -24
- data/test/models/host_managed_test.rb +2 -0
- data/test/models/host_monitoring_test.rb +2 -0
- data/test/models/host_status/dlmlock_status_test.rb +2 -2
- data/test/models/user_test.rb +2 -0
- data/test/test_plugin_helper.rb +2 -0
- data/test/unit/foreman_dlm/access_permissions_test.rb +18 -0
- metadata +12 -38
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3b80fdd6f962a1cb1ab338f061bea43d0ea641f7b34f647c225bf6abc2a366f4
|
|
4
|
+
data.tar.gz: b7860026fa2dd1c7885011297483b79de657678123e1b25960c974ee4505e9cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d647bbeaeaefac4d7eb91396e68815348da49713d149b000b30619ef8b808ca86b9f0a90bb2b5409454023286399136d847d15aab1c54785c0430a455b1d480c
|
|
7
|
+
data.tar.gz: dc5b9bd8d089fbbecaae290e501aa7536f689cd0c8af96f154cff9fef449c8d68dea560e7051e967180c9457aa29dffd7e9bba388406e82d7a605011ef9f06e9
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Foreman Distributed Lock Manager
|
|
2
2
|
|
|
3
|
-
[<img src="https://
|
|
3
|
+
[<img src="https://raw.githubusercontent.com/dm-drogeriemarkt/.github/refs/heads/main/assets/dmtech-open-source-badge.svg">](https://www.dmtech.de/)
|
|
4
4
|
|
|
5
5
|
This is a plugin for Foreman that allows Foreman to act as a distributed lock manager.
|
|
6
6
|
Updates are key to security, but updates of an operating system are hard to apply and existing tools are hard to manage at scale. This might lead to a large drift between important security updates becoming available and all your hosts being successfully patched. Security experts recommend to install updates as soon as they come available. The ability to easily update software is the most effective way to improve server security. Automation is key to ensure this goal is reached.
|
|
@@ -15,6 +15,8 @@ With this plugin servers can acquire a lock in Foreman to ensure only one server
|
|
|
15
15
|
| >= 1.15 | ~> 0.1 |
|
|
16
16
|
| >= 1.17 | ~> 1.0 |
|
|
17
17
|
| >= 3.0 | ~> 2.0 |
|
|
18
|
+
| >= 3.9 | ~> 3.0 |
|
|
19
|
+
| >= 3.13 | ~> 4.0 |
|
|
18
20
|
|
|
19
21
|
## Installation
|
|
20
22
|
|
data/Rakefile
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env rake
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
2
4
|
begin
|
|
3
5
|
require 'bundler/setup'
|
|
4
6
|
rescue LoadError
|
|
@@ -20,7 +22,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
|
|
|
20
22
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
|
21
23
|
end
|
|
22
24
|
|
|
23
|
-
APP_RAKEFILE = File.expand_path('
|
|
25
|
+
APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
|
|
24
26
|
|
|
25
27
|
Bundler::GemHelper.install_tasks
|
|
26
28
|
|
|
@@ -38,7 +40,7 @@ task default: :test
|
|
|
38
40
|
begin
|
|
39
41
|
require 'rubocop/rake_task'
|
|
40
42
|
RuboCop::RakeTask.new
|
|
41
|
-
rescue
|
|
43
|
+
rescue StandardError
|
|
42
44
|
puts 'Rubocop not loaded.'
|
|
43
45
|
end
|
|
44
46
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Api
|
|
2
4
|
module V2
|
|
3
5
|
class DlmlocksController < V2::BaseController
|
|
@@ -37,7 +39,8 @@ module Api
|
|
|
37
39
|
error 404, 'Lock could not be found.'
|
|
38
40
|
param :id, String, :required => true, :desc => N_('Id or name of the DLM lock')
|
|
39
41
|
|
|
40
|
-
def show
|
|
42
|
+
def show
|
|
43
|
+
end
|
|
41
44
|
|
|
42
45
|
api :POST, '/dlmlocks', N_('Create a DLM lock')
|
|
43
46
|
param_group :dlmlock, :as => :create
|
|
@@ -52,7 +55,7 @@ module Api
|
|
|
52
55
|
param_group :dlmlock
|
|
53
56
|
|
|
54
57
|
def update
|
|
55
|
-
process_response @dlmlock.
|
|
58
|
+
process_response @dlmlock.update(dlmlocks_params)
|
|
56
59
|
end
|
|
57
60
|
|
|
58
61
|
api :DELETE, '/dlmlocks/:id/', N_('Delete a DLM lock')
|
|
@@ -133,16 +136,16 @@ module Api
|
|
|
133
136
|
logger.info 'Denying access because no host could be detected.'
|
|
134
137
|
if User.current
|
|
135
138
|
render_error 'access_denied',
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
139
|
+
:status => :forbidden,
|
|
140
|
+
:locals => {
|
|
141
|
+
:details => 'You need to authenticate with a valid client cert. The DN has to match a known host.',
|
|
142
|
+
}
|
|
140
143
|
else
|
|
141
144
|
render_error 'unauthorized',
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
145
|
+
:status => :unauthorized,
|
|
146
|
+
:locals => {
|
|
147
|
+
:user_login => get_client_cert_hostname,
|
|
148
|
+
}
|
|
146
149
|
end
|
|
147
150
|
end
|
|
148
151
|
true
|
|
@@ -163,7 +166,7 @@ module Api
|
|
|
163
166
|
deny_access
|
|
164
167
|
else
|
|
165
168
|
render_error 'precondition_failed', :status => :precondition_failed, :locals => {
|
|
166
|
-
:message => 'Precondition failed. Lock is in invalid state for this operation.'
|
|
169
|
+
:message => 'Precondition failed. Lock is in invalid state for this operation.',
|
|
167
170
|
}
|
|
168
171
|
end
|
|
169
172
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module ForemanDlm
|
|
2
4
|
class DlmlocksController < ::ForemanDlm::ApplicationController
|
|
3
5
|
include ::Foreman::Controller::AutoCompleteSearch
|
|
@@ -9,7 +11,8 @@ module ForemanDlm
|
|
|
9
11
|
@dlmlocks = resource_base_search_and_page(:host)
|
|
10
12
|
end
|
|
11
13
|
|
|
12
|
-
def show
|
|
14
|
+
def show
|
|
15
|
+
end
|
|
13
16
|
|
|
14
17
|
def destroy
|
|
15
18
|
if @dlmlock.destroy
|
|
@@ -59,15 +62,6 @@ module ForemanDlm
|
|
|
59
62
|
ForemanDlm::Dlmlock
|
|
60
63
|
end
|
|
61
64
|
|
|
62
|
-
# see https://projects.theforeman.org/issues/25976
|
|
63
|
-
# can be removed for Foreman 1.22+
|
|
64
|
-
def auto_complete_controller_name
|
|
65
|
-
current_version = Gem::Version.new(Foreman::Version.new.notag)
|
|
66
|
-
return '/foreman_dlm/dlmlocks' if current_version >= Gem::Version.new('1.20') && current_version < Gem::Version.new('1.22')
|
|
67
|
-
|
|
68
|
-
controller_name
|
|
69
|
-
end
|
|
70
|
-
|
|
71
65
|
private
|
|
72
66
|
|
|
73
67
|
def action_permission
|
|
@@ -1,19 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module ForemanDlm
|
|
2
4
|
module HostExtensions
|
|
3
5
|
extend ActiveSupport::Concern
|
|
4
6
|
|
|
5
7
|
included do
|
|
6
8
|
has_many :dlmlocks,
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
class_name: 'ForemanDlm::Dlmlock',
|
|
10
|
+
foreign_key: 'host_id',
|
|
11
|
+
dependent: :nullify,
|
|
12
|
+
inverse_of: :host
|
|
11
13
|
|
|
12
14
|
has_many :dlmlock_events,
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
class_name: 'ForemanDlm::DlmlockEvent',
|
|
16
|
+
foreign_key: 'host_id',
|
|
17
|
+
dependent: :destroy,
|
|
18
|
+
inverse_of: :host
|
|
17
19
|
|
|
18
20
|
define_model_callbacks :lock, :only => :after
|
|
19
21
|
define_model_callbacks :unlock, :only => :after
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module ForemanDlm
|
|
2
4
|
module HostMonitoringExtensions
|
|
3
5
|
extend ActiveSupport::Concern
|
|
@@ -31,7 +33,7 @@ module ForemanDlm
|
|
|
31
33
|
{
|
|
32
34
|
comment: _('Host acquired lock.'),
|
|
33
35
|
start_time: Time.current.to_i,
|
|
34
|
-
end_time: Time.current.advance(:minutes => 180).to_i
|
|
36
|
+
end_time: Time.current.advance(:minutes => 180).to_i,
|
|
35
37
|
}
|
|
36
38
|
end
|
|
37
39
|
end
|
|
@@ -1,13 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module ForemanDlm
|
|
2
4
|
module UserExtensions
|
|
3
5
|
extend ActiveSupport::Concern
|
|
4
6
|
|
|
5
7
|
included do
|
|
6
8
|
has_many :dlmlock_events,
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
class_name: 'ForemanDlm::DlmlockEvent',
|
|
10
|
+
foreign_key: 'user_id',
|
|
11
|
+
dependent: :nullify,
|
|
12
|
+
inverse_of: :user
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
15
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module ForemanDlm
|
|
2
4
|
class Dlmlock < ApplicationRecord
|
|
3
5
|
include Authorizable
|
|
@@ -13,9 +15,9 @@ module ForemanDlm
|
|
|
13
15
|
belongs_to_host
|
|
14
16
|
|
|
15
17
|
has_many :dlmlock_events,
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
18
|
+
class_name: '::ForemanDlm::DlmlockEvent',
|
|
19
|
+
dependent: :destroy,
|
|
20
|
+
inverse_of: :dlmlock
|
|
19
21
|
|
|
20
22
|
validates :name, presence: true, uniqueness: true
|
|
21
23
|
|
|
@@ -67,7 +69,7 @@ module ForemanDlm
|
|
|
67
69
|
def locked_by?(host)
|
|
68
70
|
self.host == host
|
|
69
71
|
end
|
|
70
|
-
|
|
72
|
+
alias_method :acquired_by?, :locked_by?
|
|
71
73
|
|
|
72
74
|
def disabled?
|
|
73
75
|
!enabled?
|
|
@@ -76,7 +78,7 @@ module ForemanDlm
|
|
|
76
78
|
def locked?
|
|
77
79
|
host.present?
|
|
78
80
|
end
|
|
79
|
-
|
|
81
|
+
alias_method :taken?, :locked?
|
|
80
82
|
|
|
81
83
|
def humanized_type
|
|
82
84
|
_('Generic Lock')
|
|
@@ -91,7 +93,7 @@ module ForemanDlm
|
|
|
91
93
|
query = {
|
|
92
94
|
id: id,
|
|
93
95
|
host_id: [new_host.try(:id), old_host.try(:id)],
|
|
94
|
-
enabled: true
|
|
96
|
+
enabled: true,
|
|
95
97
|
}
|
|
96
98
|
|
|
97
99
|
updated = self.class.where(query).update(changes.merge(updated_at: Time.now.utc))
|
|
@@ -127,9 +129,9 @@ module ForemanDlm
|
|
|
127
129
|
)
|
|
128
130
|
end
|
|
129
131
|
|
|
130
|
-
def run_callback(
|
|
131
|
-
|
|
132
|
-
logger.debug { "custom hook after_#{callback} on #{
|
|
132
|
+
def run_callback(host, callback)
|
|
133
|
+
host.run_callbacks callback do
|
|
134
|
+
logger.debug { "custom hook after_#{callback} on #{host} will be executed if defined." }
|
|
133
135
|
true
|
|
134
136
|
end
|
|
135
137
|
end
|
data/config/routes.rb
CHANGED