RubyGems - foreman_leapp - Versions diffs - 0.0.5 → 0.1.3 - Mend

foreman_leapp 0.0.5 → 0.1.3

Files changed (89) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac3a9d3e20cffd15a2af9742b3db9f7a85e8b2e431de19f87d7bd4a9a0085126
-  data.tar.gz: 7c4ff5f9d6eef8f247bd24132503dce1cc56e4252e268d68373d8b1ee7d29293
+  metadata.gz: de5248403683c119d2f8c4b7b331bbf5bc7125e408f8c5a0be2449191861926d
+  data.tar.gz: 4a08a8dc04d0e2d78fc76124b1cf5c2bc3c2cbb716f12bc376609d3d1e96ef9c
 SHA512:
-  metadata.gz: 256603788044ab3fbc6d8ad94c4407dfbddaf6617fc330df1f2bdbee00e89b43652a653e5ac92eb0ed9f5e8480620c701c76eb7431420c2985fc03e6620a0708
-  data.tar.gz: 8c941412d342bf483ce90409c38d2f30ad153c6680168791fc8221d7706c61cd034549c529d88f257d4760b0b95c43f7da196e13fdd1fda914e6cd1a40123785
+  metadata.gz: 3a2781a3d87d9b0b2dc94e8deb61f0a5ae3ca62c10d3a3d2a36efdab31edbca9a959c45dfd85b1e050061fc5af552d95bf4b85dddf7dba18731f55c3e9040bb1
+  data.tar.gz: 78f6881ddbb87523c898375bb5ba7d61bb0e9912deb50739f94a07035c77585ea0be585374e298bd41719baf1026ebed4e9b2e3137ce9efd300ae69408582312

data/README.md CHANGED

@@ -1,32 +1,23 @@
 # ForemanLeapp
-This plugin allows to run inplace upgrades for rhel7 vms in foreman using leapp tool.
-For more information about leapp check [github](https://github.com/oamg/leapp) or
-[developer docs](https://leapp.readthedocs.io/en/latest/).
+This plugin allows to run inplace upgrades for RHEL 7 hosts in Foreman using Leapp tool.
+For more information about Leapp tool check [github](https://github.com/oamg/leapp) or [developer docs](https://leapp.readthedocs.io/en/latest/).
 ## Installation
-See [How_to_Install_a_Plugin](http://projects.theforeman.org/projects/foreman/wiki/How_to_Install_a_Plugin)
-for how to install Foreman plugins
+See [Plugins Manual](https://www.theforeman.org/plugins/#2.Installation) for how to install Foreman plugins.
 ## Usage
-The plugin will add 2 remote execution jobs, "Run preupgrade via leapp" and "Run upgrade via leapp". Only
-preupgrade reports storage and retrieval has been implemented so far.
+The plugin will add following jobs:
+- Run preupgrade via Leapp
+- Remediation plan
+- Run upgrade via Leapp
-After running a preupgrade remote execution job on one or more foreman hosts the report can be retrieved from foreman db.
-The retrieval api looks like:
-- to fetch a specific preupgrade report - GET http://FOREMAN_URL:FOREMAN_PORT/api/v2/preupgrade_reports/REPORT_ID.
-- to fetch all reports for specific job invocation - GET http://FOREMAN_URL:FOREMAN_PORT/api/v2/aggregation/JOB_INVOCATION_ID.
-- to fetch last preupgrade report per host - GET http://FOREMAN_URL:FOREMAN_PORT/api/v2/preupgrade_reports/hosts/HOST_NAME_OR_ID/last.
-## TODO
-- Unit tests
-- Automate rubocop checks
-- Frontend (either from scratch or adapt the react/patternfly/typescript one for cockpit upgrades)
+## Api
+- `GET /api/preupgrade_reports` List Preupgrade reports
+- `GET /api/preupgrade_reports/:id` Show Preupgrade report
+- `GET /api/job_invocations/:id/preupgrade_reports` List Preupgrade reports for Job invocation
 ## Contributing

data/app/controllers/api/v2/concerns/api_authorizer.rb ADDED

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+module ApiAuthorizer
+  extend ActiveSupport::Concern
+  included do
+    before_action :hosts_permission
+  end
+  private
+  def hosts_permission
+    return if User.current.can?('view_hosts')
+    render_error 'access_denied', status: :forbidden,
+                                  locals: { details: _('Missing one of the required permissions: view_hosts'),
+                                            missing_permissions: 'view_hosts' }
+  end
+  def resource_scope(_options = {})
+    @resource_scope ||= begin
+      scope = PreupgradeReport.joins(:host).merge(Host.authorized(:view_hosts, Host))
+      scope = scope.where(job_invocation_id: params[:id]) if action_name == 'job_invocation'
+      scope
+    end
+  end
+end

data/app/controllers/api/v2/preupgrade_reports_controller.rb CHANGED

@@ -3,7 +3,9 @@
 module Api
   module V2
     class PreupgradeReportsController < ::Api::V2::BaseController
-      before_action :find_resource, only: %i[show]
+      include ApiAuthorizer
+      layout 'api/v2/layouts/index_layout', except: %i[show]
       api :GET, '/preupgrade_reports/', N_('List Preupgrade reports')
       param_group :search_and_pagination, ::Api::V2::BaseController
@@ -13,7 +15,24 @@ module Api
       api :GET, '/preupgrade_reports/:id', N_('Show Preupgrade report')
       param :id, :identifier, required: true
-      def show; end
+      def show
+        @preupgrade_report = resource_scope.find(params[:id])
+      end
+      api :GET, '/job_invocations/:id/preupgrade_reports', N_('List Preupgrade reports for Job invocation')
+      param :id, :identifier, required: true
+      def job_invocation
+        @preupgrade_reports = resource_scope_for_index.where(job_invocation_id: params[:id])
+      end
+      private
+      # By overriding path_to_authenticate we can require REX's permission view_job_invocations
+      def path_to_authenticate
+        params['action'] = 'show' if params['action'] == 'job_invocation'
+        Foreman::AccessControl.normalize_path_hash params.slice(:action, :id, :user_id)
+                                                         .merge({ controller: 'api/v2/job_invocations' })
+      end
     end
   end
 end

data/app/controllers/preupgrade_reports_controller.rb CHANGED

@@ -1,7 +1,17 @@
 # frozen_string_literal: true
 class PreupgradeReportsController < ::Api::V2::BaseController
+  include ApiAuthorizer
   def index
-    @preupgrade_reports = resource_scope.search_for(*search_options)
+    @preupgrade_reports = resource_scope.includes(:preupgrade_report_entries).search_for(*search_options)
+  end
+  private
+  # By overriding :path_to_authenticate we can require REX's :view_job_invocations permission
+  def path_to_authenticate
+    Foreman::AccessControl.normalize_path_hash params.slice(:action, :id, :user_id)
+                                                     .merge({ controller: 'job_invocations' })
   end
 end

data/app/lib/actions/preupgrade_job.rb CHANGED

@@ -8,7 +8,8 @@ module Actions
       end
       def plan(job_invocation, host, *_args)
-        return unless ::Helpers::JobHelper.correct_feature?(job_invocation, 'leapp_preupgrade')
+        return unless ::Helpers::JobHelper.correct_feature?(job_invocation, 'leapp_preupgrade') ||
+                      ::Helpers::JobHelper.correct_feature?(job_invocation, 'leapp_remediation_plan')
         plan_self(host_id: host.id, job_invocation_id: job_invocation.id)
       end

data/app/lib/helpers/job_helper.rb CHANGED

@@ -4,10 +4,9 @@ module Helpers
   module JobHelper
     class << self
       def correct_feature?(job_invocation, feature)
-        job_invocation.job_category == ::ForemanLeapp::JOB_CATEGORY &&
-          RemoteExecutionFeature.find_by(job_template_id: job_invocation.pattern_template_invocations
-                                                                        .pluck(:template_id)
-                                                                        .first)&.label == feature
+        RemoteExecutionFeature.where(job_template_id: job_invocation.pattern_template_invocations
+                                                                    .first
+                                                                    .template_id, label: feature).any?
       end
     end
   end

data/app/models/preupgrade_report.rb CHANGED

@@ -27,6 +27,7 @@ class PreupgradeReport < ::Report
       leapp_run_id: data['leapp_run_id'],
       summary: entry['summary'],
       tags: entry['tags'],
+      flags: entry['flags'],
       detail: entry['detail'] }
   end
 end

data/app/models/preupgrade_report_entry.rb CHANGED

@@ -5,6 +5,7 @@ class PreupgradeReportEntry < ApplicationRecord
   belongs_to_host
   serialize :tags, Array
+  serialize :flags, Array
   serialize :detail, JSON
   validates :preupgrade_report, :host, :hostname, :title, :actor, :audience, :severity, :leapp_run_id, presence: true

data/app/views/api/v2/preupgrade_report_entries/base.json.rabl CHANGED

@@ -1,4 +1,4 @@
 object @preupgrade_report_entry
 attributes :id, :preupgrade_report_id, :host_id, :hostname, :title, :actor, :audience,
-           :severity, :leapp_run_id, :summary, :tags, :created_at, :updated_at
+           :severity, :leapp_run_id, :summary, :tags, :flags, :created_at, :updated_at

data/app/views/api/v2/preupgrade_reports/job_invocation.json.rabl ADDED

@@ -0,0 +1,3 @@
+collection @preupgrade_reports
+extends 'api/v2/preupgrade_reports/base'

data/app/views/foreman_leapp/job_templates/leapp_check.erb ADDED

@@ -0,0 +1,15 @@
+<%#
+name: Check Leapp
+description_format: 'Check if Leapp package is installed.'
+kind: job_template
+job_category: Leapp
+provider_type: SSH
+snippet: true
+model: JobTemplate
+%>
+if ! command -v leapp > /dev/null
+then
+  echo "Leapp is not installed."
+  exit 1
+fi

data/app/views/foreman_leapp/job_templates/{preupgrade.erb → leapp_preupgrade.erb} RENAMED

@@ -1,14 +1,17 @@
 <%#
 kind: job_template
 name: Run preupgrade via Leapp
-job_category: Leapp
+job_category: Leapp - Preupgrade
 description_format: 'Upgradeability check for RHEL 7 host'
 provider_type: SSH
 feature: leapp_preupgrade
+model: JobTemplate
 %>
+<%= render_template 'Check Leapp' %>
+rm -f /var/log/leapp/leapp-report.json
 leapp preupgrade
-[ $? -eq 0 ]  || exit 1
 echo "===leap_upgrade_report_start==="
 cat /var/log/leapp/leapp-report.json

data/app/views/foreman_leapp/job_templates/leapp_remediation.erb ADDED

@@ -0,0 +1,29 @@
+<%#
+kind: job_template
+name: Run remediation plan via Leapp
+job_category: Other
+description_format: 'Run remediation plan via Leapp'
+provider_type: SSH
+feature: leapp_remediation_plan
+model: JobTemplate
+template_inputs:
+- name: remediation_ids
+  required: true
+  advanced: true
+  input_type: user
+  value_type: plain
+  description: List of remediation ids
+- name: run_preupgrade
+  description: Run preupgrade check again when remediation entries are fixed.
+  input_type: user
+  required: true
+  options: "true\nfalse"
+  default: "true"
+%>
+<%= render_template 'Check Leapp' %>
+<%= build_remediation_plan(input('remediation_ids').split(','), @host) %>
+<% if input('run_preupgrade') == 'true' %>
+  <%= render_template 'Run preupgrade via Leapp' %>
+<% end %>

data/app/views/foreman_leapp/job_templates/leapp_upgrade.erb ADDED

@@ -0,0 +1,26 @@
+<%#
+kind: job_template
+name: Run upgrade via Leapp
+job_category: Leapp - Upgrade
+description_format: 'Upgrade RHEL 7 host'
+provider_type: Ansible
+feature: leapp_upgrade
+model: JobTemplate
+template_inputs:
+- name: Reboot
+  description: Reboot the host automaticaly to continue with the upgrade
+  input_type: user
+  required: true
+  default: "true"
+  options: "true\nfalse"
+%>
+---
+- hosts: all
+  tasks:
+    - name: Run Leapp Upgrade
+      command: leapp upgrade
+<%- if input('Reboot') == "true" -%>
+    - name: Reboot the machine
+      reboot:
+        reboot_timeout: 1800
+<%- end -%>

data/app/views/job_invocations/_leapp_preupgrade_report.html.erb CHANGED

@@ -6,5 +6,6 @@
 <% end %>
 <%= react_component('PreupgradeReports', {
-  :url => preupgrade_reports_path(:search => "job_invocation_id = #{@job_invocation.id}")
+  :url => preupgrade_reports_path(:search => "job_invocation_id = #{@job_invocation.id}"),
+  :newJobInvocationUrl => new_job_invocation_path
 }) %>

data/config/routes.rb CHANGED

@@ -4,8 +4,9 @@ Rails.application.routes.draw do
   resources :preupgrade_reports, :only => %i[index]
   namespace :api, defaults: { format: 'json' } do
-    scope '(:apiv)', module: :v2, defaults: { apiv: 'v2'}, apiv: /v2/, constraints: ApiConstraints.new( version: 2, default: true) do
+    scope '(:apiv)', module: :v2, defaults: { apiv: 'v2' }, apiv: /v2/, constraints: ApiConstraints.new( version: 2, default: true) do
       resources :preupgrade_reports, only: %i[index show]
+      get 'job_invocations/:id/preupgrade_reports', to: 'preupgrade_reports#job_invocation'
     end
   end
 end

data/db/migrate/20200429080939_report_entries_flags.rb ADDED

@@ -0,0 +1,5 @@
+class ReportEntriesFlags < ActiveRecord::Migration[6.0]
+  def change
+    add_column :preupgrade_report_entries, :flags, :text
+  end
+end

data/db/seeds.d/10_leapp_preupgrade.rb CHANGED

@@ -9,7 +9,7 @@ User.as_anonymous_admin do
                     'job_templates/**/*.erb')].each do |template|
         template = JobTemplate.import_raw!(File.read(template),
                                            :default => true,
-                                           :locked => true,
+                                           :lock => true,
                                            :update => true)
         template.organizations = organizations if template.present?
         template.locations = locations if template.present?

data/lib/foreman_leapp/engine.rb CHANGED

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 module ForemanLeapp
-  JOB_CATEGORY = 'Leapp'
   class Engine < ::Rails::Engine
     engine_name 'foreman_leapp'
@@ -23,7 +21,7 @@ module ForemanLeapp
     initializer 'foreman_leapp.register_plugin', before: :finisher_hook do |_app|
       Foreman::Plugin.register :foreman_leapp do
-        requires_foreman '>= 1.16'
+        requires_foreman '>= 2.1'
         apipie_documented_controllers ["#{ForemanLeapp::Engine.root}/app/controllers/api/v2/*.rb"]
         extend_template_helpers ForemanLeapp::TemplateHelper
@@ -33,7 +31,10 @@ module ForemanLeapp
                          partial: 'job_invocations/leapp_preupgrade_report',
                          name: _('Leapp preupgrade report'),
                          id: 'leapp_preupgrade_report',
-                         onlyif: proc { |subject| ::Helpers::JobHelper.correct_feature?(subject, 'leapp_preupgrade') }
+                         onlyif: proc { |subject|
+                           ::Helpers::JobHelper.correct_feature?(subject, 'leapp_preupgrade') ||
+                             ::Helpers::JobHelper.correct_feature?(subject, 'leapp_remediation_plan')
+                         }
         end
       end
     end
@@ -41,8 +42,8 @@ module ForemanLeapp
     # Include concerns in this config.to_prepare block
     config.to_prepare do
       begin
-        HostsHelper.prepend ForemanLeapp::HostsHelperExtensions
-        Host::JobInvocation.include ForemanLeapp::JobInvocationExtensions
+        ::HostsHelper.prepend ForemanLeapp::HostsHelperExtensions
+        ::JobInvocation.include ForemanLeapp::JobInvocationExtensions
       rescue StandardError => e
         Rails.logger.warn "ForemanLeapp: skipping engine hook (#{e})"
       end

data/lib/foreman_leapp/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module ForemanLeapp
-  VERSION = '0.0.5'
+  VERSION = '0.1.3'
 end

data/package.json CHANGED

@@ -6,7 +6,7 @@
   "scripts": {
     "lint": "tfm-lint --plugin -d /webpack",
     "link-leapp-js": "./script/link_leapp_js.sh",
-    "test": "tfm-test --plugin",
+    "test": "tfm-test --plugin --config jest.config.js",
     "test:watch": "tfm-test --plugin --watchAll",
     "test:current": "tfm-test --plugin --watch",
     "publish-coverage": "tfm-publish-coverage",
@@ -32,10 +32,11 @@
     "@theforeman/builder": "^4.2.1",
     "@theforeman/eslint-plugin-foreman": "4.2.1",
     "@theforeman/stories": "^4.2.1",
-    "@theforeman/vendor-dev": "^4.2.1",
     "@theforeman/test": "^4.2.1",
+    "@theforeman/vendor-dev": "^4.2.1",
     "babel-eslint": "^10.0.0",
     "eslint": "^6.8.0",
+    "jest-svg-transformer": "^1.0.0",
     "prettier": "^1.19.1"
   },
   "dependencies": {

data/test/functional/api/v2/preupgrade_reports_controller_test.rb CHANGED

@@ -7,24 +7,107 @@ module Api
     class PreupgradeReportsControllerTest < ActionController::TestCase
       setup do
         @host = FactoryBot.create(:host)
-        @report = FactoryBot.create(:preupgrade_report, host: @host)
+        @job_invocation = FactoryBot.create(:job_invocation)
+        @report = FactoryBot.create(:preupgrade_report, host: @host, job_invocation: @job_invocation)
         @entry = FactoryBot.create(:preupgrade_report_entry, host: @host, preupgrade_report: @report)
       end
-      test 'should get index' do
-        get :index, session: set_session_user
+      test 'should get :index' do
+        get :index
         assert_response :success
-        assert_not_empty ActiveSupport::JSON.decode(@response.body)['results']
+        assert_not_empty JSON.parse(@response.body)['results']
       end
-      test 'should get detail of report and its entries' do
+      test 'should get :show' do
         get :show, params: { id: @report.id }
         assert_response :success
-        response = ActiveSupport::JSON.decode(@response.body)
+        response = JSON.parse(@response.body)
         assert_equal response['id'], @report.id
         assert_not_empty response['preupgrade_report_entries']
       end
+      test 'should get :job_invocation' do
+        get :job_invocation, params: { id: @job_invocation.id }
+        assert_response :success
+        assert_not_empty JSON.parse(@response.body)['results']
+      end
+      context 'with permissions' do
+        setup do
+          @user = FactoryBot.create(:user, admin: false)
+          setup_user('view', 'job_invocations', nil, @user)
+          setup_user('view', 'hosts', nil, @user)
+        end
+        test 'should get :index' do
+          get :index, session: set_session_user(@user)
+          assert_response :success
+          assert_not_empty JSON.parse(@response.body)['results']
+        end
+        test 'should get :show' do
+          get :show, params: { id: @report.id }, session: set_session_user(@user)
+          assert_response :success
+          assert_equal @report.id, JSON.parse(@response.body)['id']
+        end
+        test 'should get :job_invocation' do
+          get :job_invocation, params: { id: @job_invocation.id }, session: set_session_user(@user)
+          assert_response :success
+          assert_not_empty JSON.parse(@response.body)['results']
+        end
+      end
+      context 'without :view_job_invocations' do
+        setup do
+          @user = FactoryBot.create(:user, admin: false)
+          setup_user('view', 'hosts', nil, @user)
+        end
+        test 'should not get :index' do
+          get :index, session: set_session_user(@user)
+          assert_response :forbidden
+          assert_includes JSON.parse(@response.body)['error']['missing_permissions'], 'view_job_invocations'
+        end
+        test 'should not get :show' do
+          get :show, params: { id: @report.id }, session: set_session_user(@user)
+          assert_response :forbidden
+          assert_includes JSON.parse(@response.body)['error']['missing_permissions'], 'view_job_invocations'
+        end
+        test 'should not get :job_invocation' do
+          get :job_invocation, params: { id: @job_invocation.id }, session: set_session_user(@user)
+          assert_response :forbidden
+          assert_includes JSON.parse(@response.body)['error']['missing_permissions'], 'view_job_invocations'
+        end
+      end
+      context 'without :view_hosts' do
+        setup do
+          @user = FactoryBot.create(:user, admin: false)
+          setup_user('view', 'job_invocations', nil, @user)
+        end
+        test 'should not get :index' do
+          get :index, session: set_session_user(@user)
+          assert_response :forbidden
+          assert_includes JSON.parse(@response.body)['error']['missing_permissions'], 'view_hosts'
+        end
+        test 'should not get :job_invocation' do
+          get :show, params: { id: @report.id }, session: set_session_user(@user)
+          assert_response :forbidden
+          assert_includes JSON.parse(@response.body)['error']['missing_permissions'], 'view_hosts'
+        end
+        test 'should not get :job_invocation' do
+          get :job_invocation, params: { id: @job_invocation.id }, session: set_session_user(@user)
+          assert_response :forbidden
+          assert_includes JSON.parse(@response.body)['error']['missing_permissions'], 'view_hosts'
+        end
+      end
     end
   end
 end