foreman_maintain 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0fce23af3f0916264faaf404caa0164321bcb17d
-  data.tar.gz: f65633719449de4778bdc7d5eb6e328ad4b130d3
+  metadata.gz: c13cb8b4593007b12938ca47f1c7f921b5fd1d8d
+  data.tar.gz: af861bcb2ad7672b579529f30a64a155630729b4
 SHA512:
-  metadata.gz: 11b1ad761ebc5e73f2c4d211246f68825b1cf698b3d2ab7c8f60603d63005e57c0044b38b16ed9489b3ec8ae93bc5f79a4ece069e73760d600debe4ee37c8481
-  data.tar.gz: 7fb92a17ea9e84cbc480844887580128887f915bdee78e88543581bc611c7fe5253694d26abed0363f082314e5e6686e7d7d079fbe3d5344a24ec2b9a3aedf2a
+  metadata.gz: 9f2552e5bc5ceea333091a3235debfb27e22c24980ea215b7a51bf63f0c01667d573a86f99eb0bebcdc6451f453bb82931b24d0d39a68248b4f03fa2eb5024f8
+  data.tar.gz: f601e479e2ea8ffa74f61e8e7b194ec1bd962ea5b171d1fb78cf3da6e05c45fafedbf5460c173fe3df053861845c8ec3d112918bf5184ab7cc497e9e752e2793

data/definitions/checks/foreman/check_corrupted_roles.rb

@@ -0,0 +1,59 @@
+module Checks
+  module Foreman
+    class CheckCorruptedRoles < ForemanMaintain::Check
+      metadata do
+        label :corrupted_roles
+        for_feature :foreman_database
+        description 'Check for roles that have filters with multiple resources attached'
+        tags :pre_upgrade
+        confine do
+          check_min_version('foreman', '1.15')
+        end
+      end
+
+      def run
+        items = find_filter_permissions
+        assert(items.empty?,
+               'There are user roles with inconsistent filters',
+               :next_steps => Procedures::Foreman::FixCorruptedRoles.new)
+      end
+
+      def find_filter_permissions
+        feature(:foreman_database).query(self.class.inconsistent_filter_perms)
+      end
+
+      def self.inconsistent_filter_perms
+        subquery = <<-SQL
+          SELECT filters.id AS filter_id,
+                 filters.role_id,
+                 filters.search,
+                 filters.taxonomy_search,
+                 filters.override,
+                 filterings.id AS filtering_id,
+                 permissions.id AS permission_id,
+                 permissions.name AS permission_name,
+                 permissions.resource_type
+          FROM filters INNER JOIN filterings ON filters.id = filterings.filter_id
+                       INNER JOIN permissions ON permissions.id = filterings.permission_id
+        SQL
+
+        <<-SQL
+          SELECT DISTINCT first.filter_id,
+                          first.role_id,
+                          first.filtering_id,
+                          first.permission_id,
+                          first.permission_name,
+                          first.resource_type,
+                          first.search,
+                          first.taxonomy_search,
+                          first.override
+          FROM (#{subquery}) first JOIN (#{subquery}) second
+            ON first.filter_id = second.filter_id AND
+              ((first.resource_type IS NOT NULL AND second.resource_type IS NULL)
+                OR (first.resource_type IS NULL AND second.resource_type IS NOT NULL)
+                OR (first.resource_type != second.resource_type))
+        SQL
+      end
+    end
+  end
+end

data/definitions/features/downstream.rb

@@ -64,7 +64,7 @@ class Features::Downstream < ForemanMaintain::Feature
 
     rh_repos.concat(sat_and_tools_repos(rh_version_major, sat_version))
 
-    rh_repos << 'rhel-7-server-ansible-2.6-rpms' if sat_version.to_s == '6.4'
+    rh_repos << 'rhel-7-server-ansible-2.6-rpms' if sat_version >= version('6.4')
 
     if current_minor_version == '6.3' && sat_version.to_s != '6.4' && (
       feature(:puppet_server) && feature(:puppet_server).puppet_version.major == 4)

data/definitions/features/mongo.rb

@@ -70,19 +70,24 @@ class Features::Mongo < ForemanMaintain::Feature
     ['localhost', '127.0.0.1', hostname].include?(configuration['host'])
   end
 
+  # rubocop:disable Metrics/AbcSize
   def base_command(command, config = configuration, args = '')
     if config['ssl']
       ssl = ' --ssl'
-      if config['ca_path']
+      if config['ca_path'] && !config['ca_path'].empty?
         ca_cert = " --sslCAFile #{config['ca_path']}"
-        client_cert = " --sslPEMKeyFile #{config['ssl_certfile']}" if config['ssl_certfile']
       end
+      if config['ssl_certfile'] && !config['ssl_certfile'].empty?
+        client_cert = " --sslPEMKeyFile #{config['ssl_certfile']}"
+      end
+      verify_ssl = ' --sslAllowInvalidCertificates' if config['verify_ssl'] == false
     end
     username = " -u #{config['username']}" if config['username']
     password = " -p #{config['password']}" if config['password']
     host = "--host #{config['host']} --port #{config['port']}"
-    "#{command}#{username}#{password} #{host}#{ssl}#{ca_cert}#{client_cert} #{args}"
+    "#{command}#{username}#{password} #{host}#{ssl}#{verify_ssl}#{ca_cert}#{client_cert} #{args}"
   end
+  # rubocop:enable Metrics/AbcSize
 
   def mongo_command(args, config = configuration)
     base_command(core.client_command, config, "#{args} #{config['name']}")

data/definitions/procedures/foreman/fix_corrupted_roles.rb

@@ -0,0 +1,106 @@
+module Procedures::Foreman
+  class FixCorruptedRoles < ForemanMaintain::Procedure
+    metadata do
+      for_feature :foreman_database
+      tags :pre_migration
+      desc = 'Create additional filters so that each filter has only permissions of one resource'
+      description desc
+      confine do
+        check_min_version('foreman', '1.15')
+      end
+    end
+
+    def run
+      items = feature(:foreman_database).query(
+        Checks::Foreman::CheckCorruptedRoles.inconsistent_filter_perms
+      )
+      items.group_by { |item| item['filter_id'] }.each_value do |filter_perm_data|
+        inconsistent_sets = filter_perm_data.group_by { |perm_data| perm_data['resource_type'] }.
+                            values
+        find_records_to_update(inconsistent_sets).each do |set|
+          update_records set
+        end
+      end
+    end
+
+    private
+
+    def find_records_to_update(inconsistent_sets)
+      largest_set = inconsistent_sets.reduce([]) do |memo, set|
+        set.count > memo.count ? set : memo
+      end
+
+      inconsistent_sets.reject do |set|
+        set == largest_set
+      end
+    end
+
+    def update_records(set)
+      new_filter = create_filter set.first['role_id'],
+                                 set.first['search'],
+                                 set.first['taxonomy_search'],
+                                 set.first['override']
+      set.each do |item|
+        destroy_filtering item
+        next if !new_filter || new_filter.empty?
+        create_filtering item, new_filter
+      end
+    end
+
+    def create_filter(role_id, search, taxonomy_search, override)
+      feature(:foreman_database).query(
+        create_filter_query(search, role_id, taxonomy_search, override)
+      ).first
+    end
+
+    def escape_val(value)
+      value ? "'#{value}'" : 'NULL'
+    end
+
+    def create_filter_query(search, role_id, taxonomy_search, override)
+      <<-SQL
+        WITH rows AS (
+          INSERT INTO filters (search, role_id, taxonomy_search, override, created_at, updated_at)
+          VALUES (#{escape_val(search)}, #{role_id}, #{escape_val(taxonomy_search)}, '#{override}', '#{Time.now}', '#{Time.now}')
+          RETURNING id
+          )
+        SELECT id
+        FROM rows
+      SQL
+    end
+
+    def create_filtering(data, new_filter)
+      feature(:foreman_database).query(
+        create_filtering_query(data['permission_id'], new_filter['id'])
+      )
+    end
+
+    def destroy_filtering(data)
+      feature(:foreman_database).query(destroy_filtering_query(data['filtering_id']))
+    end
+
+    def destroy_filtering_query(filtering_id)
+      <<-SQL
+        WITH rows AS (
+          DELETE FROM filterings
+          WHERE id = #{filtering_id}
+          RETURNING id
+        )
+        SELECT id
+        FROM rows
+      SQL
+    end
+
+    def create_filtering_query(permission_id, filter_id)
+      <<-SQL
+        WITH rows AS (
+          INSERT INTO filterings (filter_id, permission_id, created_at, updated_at)
+          VALUES (#{filter_id}, #{permission_id}, '#{Time.now}', '#{Time.now}')
+          RETURNING id
+        )
+        SELECT id
+        FROM rows
+      SQL
+    end
+  end
+end

data/lib/foreman_maintain.rb

@@ -116,12 +116,9 @@ module ForemanMaintain
     end
 
     def init_logger
-      # Note - If timestamp added to filename then number of log files i.e second
-      # argument to Logger.new will not work as expected
-      filename = File.expand_path("#{config.log_dir}/foreman-maintain.log")
       # convert size in KB to Bytes
       log_fsize = config.log_file_size.to_i * 1024
-      @logger = Logger.new(filename, 10, log_fsize).tap do |logger|
+      @logger = Logger.new(config.log_filename, 10, log_fsize).tap do |logger|
         logger.level = LOGGER_LEVEL_MAPPING[config.log_level] || Logger::DEBUG
         logger.datetime_format = '%Y-%m-%d %H:%M:%S%z '
       end

data/lib/foreman_maintain/config.rb

@@ -3,7 +3,7 @@ module ForemanMaintain
   class Config
     attr_accessor :pre_setup_log_messages,
                   :config_file, :definitions_dirs, :log_level, :log_dir, :log_file_size,
-                  :storage_file, :backup_dir, :foreman_proxy_cert_path,
+                  :log_filename, :storage_file, :backup_dir, :foreman_proxy_cert_path,
                   :db_backup_dir, :completion_cache_file
 
     def initialize(options)
@@ -26,6 +26,9 @@ module ForemanMaintain
       @log_level = @options.fetch(:log_level, ::Logger::DEBUG)
       @log_dir = find_dir_path(@options.fetch(:log_dir, 'log'))
       @log_file_size = @options.fetch(:log_file_size, 10_000)
+      # Note - If timestamp added to filename then number of log files i.e second
+      # argument to Logger.new will not work as expected
+      @log_filename = File.expand_path("#{@log_dir}/foreman-maintain.log")
     end
 
     def load_backup_dir_paths

data/lib/foreman_maintain/utils/service/remote_db.rb

@@ -62,7 +62,9 @@ module ForemanMaintain::Utils
         if @db_feature.ping
           [0, "#{self} is remote and is UP.#{msg}"]
         else
-          [1, "#{self} is remote and is DOWN.#{msg}"]
+          [1, "#{self} is remote and is DOWN.#{msg}" \
+            "\n  Unable to connect to the remote database." \
+            "\n  See the log (#{ForemanMaintain.config.log_filename}) for more details.#{msg}"]
         end
       end
     end

data/lib/foreman_maintain/version.rb

@@ -1,3 +1,3 @@
 module ForemanMaintain
-  VERSION = '0.3.1'.freeze
+  VERSION = '0.3.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_maintain
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-31 00:00:00.000000000 Z
+date: 2019-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -125,6 +125,7 @@ files:
 - definitions/checks/check_epel_repository.rb
 - definitions/checks/disk/available_space.rb
 - definitions/checks/disk/performance.rb
+- definitions/checks/foreman/check_corrupted_roles.rb
 - definitions/checks/foreman/db_up.rb
 - definitions/checks/foreman/puppet_class_duplicates.rb
 - definitions/checks/foreman_openscap/invalid_report_associations.rb
@@ -192,6 +193,7 @@ files:
 - definitions/procedures/backup/snapshot/mount_pulp.rb
 - definitions/procedures/backup/snapshot/prepare_mount.rb
 - definitions/procedures/candlepin/delete_orphaned_records_from_env_content.rb
+- definitions/procedures/foreman/fix_corrupted_roles.rb
 - definitions/procedures/foreman_openscap/invalid_report_associations.rb
 - definitions/procedures/foreman_tasks/delete.rb
 - definitions/procedures/foreman_tasks/fetch_tasks_status.rb
@@ -327,7 +329,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.6.14.1
 signing_key: 
 specification_version: 4
 summary: Foreman maintenance tool belt