foreman_remote_execution 3.1.0 → 3.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36a15d0142caa911a59ff7d9797ceab5dabb0e601f605c0fee3d547d1be168f5
-  data.tar.gz: d41aba8d661cae6ef74cfee2bd9e007a37f218c3056e9d9b8ae3a1de5f243bc6
+  metadata.gz: d093d837d0009e477549fba4700f3e0090045ba23f8b2c50fb05439fee53e403
+  data.tar.gz: 54dffc56caa3fa1bb72bb159b152d267d2e348b64b57322ea74cdf0ad9289cc1
 SHA512:
-  metadata.gz: 20d61e7658cda93e3f24340ae6caa65c1c7868f37e699d7e6a9da524f2acaef9cccdf86cd47a7d2a1386037ad5aac0900935f3c3b2b4706926f16e60245f1b64
-  data.tar.gz: 66e0c4b3af2d1feab711fe90b2af6a5ce08d4159501a1725a98243647a022431d871081bf2d1e82d46f8490c41589a1df6f15f2ee6f13391fb10df240bd41fe4
+  metadata.gz: e3524503031c73f86a0f3ed0b6c8dd39499f85df47052eca941f455552665b93ff041e5d6df9870cfb95ac1219017a561a483556306905bdc005caf252a5e088
+  data.tar.gz: 537da427406ce7c794d5e589e7e82f8c6fbda33a3a4231129905b69171421f41e98563c0496d9c7cc748f675d200729ec52f4d9067a8f7879972922358a2a868

data/.eslintrc

@@ -1,32 +1,7 @@
 {
-  "root": true,
-  "extends": ["airbnb-base", "./node_modules/@theforeman/vendor-dev/eslint.extends.js"],
-  "plugins": [
-    "react"
-  ],
-  "env": {
-    "browser": true,
-    "es6": true,
-    "node": true,
-    "jasmine": true,
-    "jest": true
-  },
-  "parser": "babel-eslint",
-  "rules": {
-    "react/jsx-uses-vars": "error",
-    "react/jsx-uses-react": "error",
-    "no-unused-vars": [
-      "error",
-      {
-        "vars": "all",
-        "args": "none"
-      }
-    ],
-    "no-underscore-dangle": "off",
-    "no-use-before-define": "off",
-    "import/prefer-default-export": "off",
-    // Import rules off for now due to HoundCI issue
-    "import/no-unresolved": "off",
-    "import/extensions": "off"
-  }
+  "plugins": ["@theforeman/foreman"],
+  "extends": [
+    "plugin:@theforeman/foreman/core",
+    "plugin:@theforeman/foreman/plugins"
+  ]
 }

data/.github/workflows/ci.yml

@@ -0,0 +1,100 @@
+name: CI
+on: [pull_request]
+env:
+  RAILS_ENV: test
+  DATABASE_URL: postgresql://postgres:@localhost/test
+  DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL: true
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+      - name: Setup
+        run: |
+          gem install bundler
+          bundle install --jobs=3 --retry=3
+      - name: Run rubocop
+        run: bundle exec rubocop
+  test_ruby:
+    runs-on: ubuntu-latest
+    needs: rubocop
+    services:
+      postgres:
+        image: postgres:12.1
+        ports: ['5432:5432']
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+    strategy:
+      fail-fast: false
+      matrix:
+        foreman-core-branch: [2.1-stable, develop]
+        ruby-version: [2.5, 2.6]
+        node-version: [12]
+    steps:
+      - run: sudo apt-get install build-essential libcurl4-openssl-dev zlib1g-dev libpq-dev
+      - uses: actions/checkout@v2
+        with:
+          repository: theforeman/foreman
+          ref: ${{ matrix.foreman-core-branch }}
+      - uses: actions/checkout@v2
+        with:
+          path: foreman_remote_execution
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Setup Node
+        uses: actions/setup-node@v1
+        with:
+          node-version:  ${{ matrix.node-version }}
+      - uses: actions/cache@v1
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-fgems-${{ matrix.ruby-version }}-${{ hashFiles('Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-fgems-${{ matrix.ruby-version }}-
+      - name: Setup Bundler
+        run: |
+          echo "gem 'foreman_remote_execution', path: './foreman_remote_execution'" > bundler.d/foreman_remote_execution.local.rb
+          gem install bundler
+          bundle config set without journald development console libvirt
+          bundle config set path vendor/bundle
+      - name: Prepare test env
+        run: |
+          bundle install --jobs=3 --retry=3
+          bundle exec rake db:create
+          bundle exec rake db:migrate
+      - name: Run plugin tests
+        run: |
+          bundle exec rake test:foreman_remote_execution
+          bundle exec rake test TEST="test/unit/foreman/access_permissions_test.rb"
+  test_js:
+    runs-on: ubuntu-latest
+    needs: rubocop
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: [2.6]
+        node-version: [10, 12]
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Setup Node
+        uses: actions/setup-node@v1
+        with:
+          node-version:  ${{ matrix.node-version }}
+      - name: Nmp install
+        run: |
+          npm install
+      - name: Run plugin linter
+        run: |
+          npm run lint
+      - name: Run plugin tests
+        run: |
+          npm run test

data/.gitignore

@@ -14,3 +14,4 @@ locale/*/*.po.time_stamp
 Gemfile.lock
 node_modules/
 package-lock.json
+coverage/

data/.rubocop_todo.yml

@@ -6,6 +6,9 @@
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+Minitest/GlobalExpectations:
+  Enabled: false
+
 # Offense count: 2
 # Cop supports --auto-correct.
 # Configuration parameters: TreatCommentsAsGroupSeparators, Include.

data/Gemfile

@@ -2,6 +2,7 @@ source 'http://rubygems.org'
 
 gemspec :name => 'foreman_remote_execution'
 
+gem 'rubocop', '~> 0.80.0'
 gem 'rubocop-minitest'
 gem 'rubocop-performance'
 gem 'rubocop-rails'

data/app/controllers/api/v2/job_invocations_controller.rb

@@ -18,7 +18,17 @@ module Api
 
       api :GET, '/job_invocations/:id', N_('Show job invocation')
       param :id, :identifier, :required => true
+      param :host_status, String, required: false, allow_blank: true, desc: N_('Show Job status for the hosts.')
       def show
+        @hosts = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
+        @template_invocations = @job_invocation.template_invocations
+                                               .where(host: @hosts)
+                                               .includes(:input_values)
+
+        if params[:host_status]
+          template_invocations = @template_invocations.includes(:run_host_job_task).to_a
+          @host_statuses = Hash[template_invocations.map { |ti| [ti.host_id, template_invocation_status(ti)] }]
+        end
       end
 
       def_param_group :job_invocation do
@@ -146,7 +156,7 @@ module Api
       end
 
       def find_host
-        @host = Host.authorized(:view_hosts).find(params['host_id'])
+        @host = @nested_obj.targeting.hosts.authorized(:view_hosts, Host).find(params['host_id'])
       rescue ActiveRecord::RecordNotFound
         not_found({ :error => { :message => (_("Host with id '%{id}' was not found") % { :id => params['host_id'] }) } })
       end
@@ -204,6 +214,17 @@ module Api
       def parent_scope
         resource_class.where(nil)
       end
+
+      def template_invocation_status(template_invocation)
+        task = template_invocation.try(:run_host_job_task)
+        parent_task = @job_invocation.task
+
+        return(parent_task.result == 'cancelled' ? 'cancelled' : 'N/A') if task.nil?
+        return task.state if task.state == 'running' || task.state == 'planned'
+        return 'error' if task.result == 'warning'
+
+        task.result
+      end
     end
   end
 end

data/app/controllers/api/v2/template_invocations_controller.rb

@@ -26,7 +26,10 @@ module Api
       private
 
       def resource_scope_for_template_invocations
-        @job_invocation.template_invocations.search_for(*search_options)
+        @job_invocation.template_invocations
+                       .includes(:host)
+                       .where(host: Host.authorized(:view_hosts, Host))
+                       .search_for(*search_options)
       end
 
       def find_job_invocation

data/app/helpers/job_invocations_chart_helper.rb

@@ -37,6 +37,8 @@ module JobInvocationsChartHelper
       _('running %{percent}%%') % {:percent => percent}
     when HostStatus::ExecutionStatus::OK
       _('succeeded')
+    when HostStatus::ExecutionStatus::CANCELLED
+      _('cancelled')
     when HostStatus::ExecutionStatus::ERROR
       _('failed')
     else

data/app/helpers/job_invocations_helper.rb

@@ -29,7 +29,7 @@ module JobInvocationsHelper
   end
 
   def preview_hosts(template_invocation)
-    hosts = template_invocation.targeting.hosts.take(20)
+    hosts = template_invocation.targeting.hosts.authorized(:view_hosts, Host).take(20)
     hosts.map do |host|
       collapsed_preview(host) +
         render(:partial => 'job_invocations/user_input',
@@ -55,4 +55,9 @@ module JobInvocationsHelper
   def show_job_location(location)
     location.presence || _('Any Location')
   end
+
+  def input_safe_value(input)
+    template_input = input.template_input
+    template_input.respond_to?(:hidden_value) && template_input.hidden_value ? '*' * 5 : input.value
+  end
 end

data/app/helpers/remote_execution_helper.rb

@@ -13,40 +13,36 @@ module RemoteExecutionHelper
     end
   end
 
-  def template_invocation_status(task)
-    if task.nil?
-      icon_text('question', 'N/A', :kind => 'fa')
-    elsif task.state == 'running'
-      icon_text('running', _('running'), :kind => 'pficon')
-    elsif task.state == 'planned'
-      icon_text('build', _('planned'), :kind => 'pficon')
-    else
-      case task.result
-        when 'warning', 'error'
-          icon_text('error-circle-o', _('failed'), :kind => 'pficon')
-        when 'cancelled'
-          icon_text('warning-triangle-o', _('cancelled'), :kind => 'pficon')
-        when 'success'
-          icon_text('ok', _('success'), :kind => 'pficon')
-        else
-          task.result
-      end
-    end
+  def template_invocation_status(task, parent_task)
+    return(parent_task.result == 'cancelled' ? _('cancelled') : 'N/A') if task.nil?
+    return task.state if task.state == 'running' || task.state == 'planned'
+    return _('error') if task.result == 'warning'
+
+    task.result
   end
 
   def template_invocation_actions(task, host, job_invocation, template_invocation)
+    links = []
     host_task = template_invocation.try(:run_host_job_task)
-    [
-      display_link_if_authorized(_('Host detail'), hash_for_host_path(host).merge(:auth_object => host, :permission => :view_hosts, :authorizer => job_hosts_authorizer)),
-      display_link_if_authorized(_('Rerun on %s') % host.name, hash_for_rerun_job_invocation_path(:id => job_invocation, :host_ids => [ host.id ], :authorizer => job_hosts_authorizer)),
-      if host_task.present?
-        display_link_if_authorized(
-          _('Host task'),
-          hash_for_foreman_tasks_task_path(host_task)
-          .merge(:auth_object => host_task, :permission => :view_foreman_tasks)
-        )
-      end,
-    ]
+
+    if authorized_for(hash_for_host_path(host).merge(auth_object: host, permission: :view_hosts, authorizer: job_hosts_authorizer))
+      links << { title: _('Host detail'),
+                 action: { href: host_path(host), 'data-method': 'get', id: "#{host.name}-actions-detail" } }
+    end
+
+    if authorized_for(hash_for_rerun_job_invocation_path(id: job_invocation, host_ids: [ host.id ], authorizer: job_hosts_authorizer))
+      links << { title: (_('Rerun on %s') % host.name),
+                 action: { href: rerun_job_invocation_path(job_invocation, host_ids: [ host.id ]),
+                           'data-method': 'get', id: "#{host.name}-actions-rerun" } }
+    end
+
+    if host_task.present? && authorized_for(hash_for_foreman_tasks_task_path(host_task).merge(auth_object: host_task, permission: :view_foreman_tasks))
+      links << { title: _('Host task'),
+                 action: { href: foreman_tasks_task_path(host_task),
+                           'data-method': 'get', id: "#{host.name}-actions-task" } }
+    end
+
+    links
   end
 
   def remote_execution_provider_for(template_invocation)
@@ -233,4 +229,17 @@ module RemoteExecutionHelper
 
     task.execution_plan.actions[1].try(:input).try(:[], 'script')
   end
+
+  def targeting_hosts(job_invocation, hosts)
+    hosts.map do |host|
+      template_invocation = job_invocation.template_invocations.find { |template_inv| template_inv.host_id == host.id }
+      task = template_invocation.try(:run_host_job_task)
+      link_authorized = !task.nil? && authorized_for(hash_for_template_invocation_path(:id => template_invocation).merge(:auth_object => host, :permission => :view_hosts, :authorizer => job_hosts_authorizer))
+
+      { name: host.name,
+        link: link_authorized ? template_invocation_path(:id => template_invocation) : '',
+        status: template_invocation_status(task, job_invocation.task),
+        actions: template_invocation_actions(task, host, job_invocation, template_invocation) }
+    end
+  end
 end

data/app/lib/actions/remote_execution/run_host_job.rb

@@ -29,6 +29,9 @@ module Actions
 
         raise _('Could not use any template used in the job invocation') if template_invocation.blank?
 
+        provider = template_invocation.template.provider
+        proxy_selector = provider.required_proxy_selector_for(template_invocation.template) || proxy_selector
+
         provider_type = template_invocation.template.provider_type.to_s
         proxy = determine_proxy!(proxy_selector, provider_type, host)
 
@@ -36,8 +39,6 @@ module Actions
         script = renderer.render
         raise _('Failed rendering template: %s') % renderer.error_message unless script
 
-        provider = template_invocation.template.provider
-
         additional_options = { :hostname => provider.find_ip_or_hostname(host),
                                :script => script,
                                :execution_timeout_interval => job_invocation.execution_timeout_interval,

data/app/lib/proxy_api/remote_execution_ssh.rb

@@ -10,5 +10,11 @@ module ::ProxyAPI
     rescue => e
       raise ProxyException.new(url, e, N_('Unable to fetch public key'))
     end
+
+    def drop_from_known_hosts(hostname)
+      delete('known_hosts/' + hostname)
+    rescue => e
+      raise ProxyException.new(url, e, N_('Unable to remove host from known hosts'))
+    end
   end
 end

data/app/models/concerns/foreman_remote_execution/host_extensions.rb

@@ -49,7 +49,7 @@ module ForemanRemoteExecution
       keys = remote_execution_ssh_keys
       source = 'global'
       if keys.present?
-        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| v || [] }
+        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| [v].flatten.compact }
         params['remote_execution_ssh_keys'] = {:value => value + keys, :safe_value => safe_value + keys, :source => source}
       end
       [:remote_execution_ssh_user, :remote_execution_effective_user_method,

data/app/models/concerns/foreman_remote_execution/orchestration/ssh.rb

@@ -0,0 +1,63 @@
+module ForemanRemoteExecution
+  module Orchestration::SSH
+    extend ActiveSupport::Concern
+
+    included do
+      before_destroy :ssh_destroy
+      after_validation :queue_ssh_destroy
+      register_rebuild(:queue_ssh_destroy, N_("SSH_#{self.to_s.split('::').first}"))
+    end
+
+    def drop_from_known_hosts(proxy_id)
+      _, _, target = host_kind_target
+      return true if target.nil?
+
+      proxy = ::SmartProxy.find(proxy_id)
+      begin
+        proxy.drop_host_from_known_hosts(target)
+      rescue RestClient::ResourceNotFound => e
+        # ignore 404 when known_hosts entry is missing or the module was not enabled
+        Foreman::Logging.exception "Proxy failed to delete SSH known_hosts for #{name}, #{ip}", e, :level => :error
+      rescue => e
+        Rails.logger.warn e.message
+        return false
+      end
+      true
+    end
+
+    def ssh_destroy
+      logger.debug "Scheduling SSH known_hosts cleanup"
+
+      host, _kind, _target = host_kind_target
+      proxies = host.remote_execution_proxies('SSH').values
+      proxies.flatten.uniq.each do |proxy|
+        queue.create(id: queue_id(proxy.id), name: _("Remove SSH known hosts for %s") % self,
+          priority: 200, action: [self, :drop_from_known_hosts, proxy.id])
+      end
+    end
+
+    def queue_ssh_destroy
+      should_drop_from_known_hosts? && ssh_destroy
+    end
+
+    def should_drop_from_known_hosts?
+      host, = host_kind_target
+      host && !host.new_record? && host.build && host.changes.key?('build')
+    end
+
+    private
+
+    def host_kind_target
+      if self.is_a?(::Host::Base)
+        [self, 'host', name]
+      else
+        [self.host, 'interface', ip]
+      end
+    end
+
+    def queue_id(proxy_id)
+      _, kind, id = host_kind_target
+      "ssh_remove_known_hosts_#{kind}_#{id}_#{proxy_id}"
+    end
+  end
+end