foreman_remote_execution 3.2.1 → 3.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9caedc0baf4a767d6b0149fd1b349b97081460193cdccad1cb9a3208d278b67f
-  data.tar.gz: 709c83b4582ffd65cab576e84d1b502ce31a70c57f0ce9af76e3ffd9978de031
+  metadata.gz: 9caa7b15e9d581680796ce9780382a7b81a62366923aa97949b5dc4c8615696a
+  data.tar.gz: 9c27c825131b46779740cceb8aa78f8dcad774ead3b22068b41ff07586387dbf
 SHA512:
-  metadata.gz: 9ca7d43729ca2e9b8d2012c8f1e9055832ba52a7c7abe8b14c37ad92b73af1a689dd92ec6415e2f4f1532b18a10310caee45c2370579e389914237acb2496cbb
-  data.tar.gz: 687feaca288aec140529e59948290a4e99aae6261567953768340b0b36aa6a8920f9e2640fd0b7a8a02cb22f727b417302569fba4bfda736c0a2a0b6c04b41a1
+  metadata.gz: 6712bf834fa6adffa3289fdcc77cce424d035460c5dc6c7a2259c894c3b957e55624190ef86fe94786347c685c0d5249eebdc9ff3d38b4cf2721d1bcefa65fd4
+  data.tar.gz: 144182693223e9379d60ba6415506e1ccd30633da0a9303ae4e89565166c7ae0e300c72e17681c3092d495fc6b496b87ffa1e700c3041d4369077ecca2faa236

data/.eslintrc

@@ -1,32 +1,7 @@
 {
-  "root": true,
-  "extends": ["airbnb-base", "./node_modules/@theforeman/vendor-dev/eslint.extends.js"],
-  "plugins": [
-    "react"
-  ],
-  "env": {
-    "browser": true,
-    "es6": true,
-    "node": true,
-    "jasmine": true,
-    "jest": true
-  },
-  "parser": "babel-eslint",
-  "rules": {
-    "react/jsx-uses-vars": "error",
-    "react/jsx-uses-react": "error",
-    "no-unused-vars": [
-      "error",
-      {
-        "vars": "all",
-        "args": "none"
-      }
-    ],
-    "no-underscore-dangle": "off",
-    "no-use-before-define": "off",
-    "import/prefer-default-export": "off",
-    // Import rules off for now due to HoundCI issue
-    "import/no-unresolved": "off",
-    "import/extensions": "off"
-  }
+  "plugins": ["@theforeman/foreman"],
+  "extends": [
+    "plugin:@theforeman/foreman/core",
+    "plugin:@theforeman/foreman/plugins"
+  ]
 }

data/.github/workflows/ci.yml

@@ -0,0 +1,101 @@
+name: CI
+on: [pull_request]
+env:
+  RAILS_ENV: test
+  DATABASE_URL: postgresql://postgres:@localhost/test
+  DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL: true
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+      - name: Setup
+        run: |
+          gem install bundler
+          bundle install --jobs=3 --retry=3
+      - name: Run rubocop
+        run: bundle exec rubocop
+  test_ruby:
+    runs-on: ubuntu-latest
+    needs: rubocop
+    services:
+      postgres:
+        image: postgres:12.1
+        ports: ['5432:5432']
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+    strategy:
+      fail-fast: false
+      matrix:
+        foreman-core-branch: [2.1-stable, develop]
+        ruby-version: [2.5, 2.6]
+        node-version: [12]
+    steps:
+      - run: sudo apt-get update
+      - run: sudo apt-get install build-essential libcurl4-openssl-dev zlib1g-dev libpq-dev
+      - uses: actions/checkout@v2
+        with:
+          repository: theforeman/foreman
+          ref: ${{ matrix.foreman-core-branch }}
+      - uses: actions/checkout@v2
+        with:
+          path: foreman_remote_execution
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Setup Node
+        uses: actions/setup-node@v1
+        with:
+          node-version:  ${{ matrix.node-version }}
+      - uses: actions/cache@v1
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-fgems-${{ matrix.ruby-version }}-${{ hashFiles('Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-fgems-${{ matrix.ruby-version }}-
+      - name: Setup Bundler
+        run: |
+          echo "gem 'foreman_remote_execution', path: './foreman_remote_execution'" > bundler.d/foreman_remote_execution.local.rb
+          gem install bundler
+          bundle config set without journald development console libvirt
+          bundle config set path vendor/bundle
+      - name: Prepare test env
+        run: |
+          bundle install --jobs=3 --retry=3
+          bundle exec rake db:create
+          bundle exec rake db:migrate
+      - name: Run plugin tests
+        run: |
+          bundle exec rake test:foreman_remote_execution
+          bundle exec rake test TEST="test/unit/foreman/access_permissions_test.rb"
+  test_js:
+    runs-on: ubuntu-latest
+    needs: rubocop
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: [2.6]
+        node-version: [10, 12]
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Setup Node
+        uses: actions/setup-node@v1
+        with:
+          node-version:  ${{ matrix.node-version }}
+      - name: Nmp install
+        run: |
+          npm install
+      - name: Run plugin linter
+        run: |
+          npm run lint
+      - name: Run plugin tests
+        run: |
+          npm run test

data/.gitignore

@@ -14,3 +14,4 @@ locale/*/*.po.time_stamp
 Gemfile.lock
 node_modules/
 package-lock.json
+coverage/

data/.rubocop_todo.yml

@@ -6,6 +6,9 @@
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+Minitest/GlobalExpectations:
+  Enabled: false
+
 # Offense count: 2
 # Cop supports --auto-correct.
 # Configuration parameters: TreatCommentsAsGroupSeparators, Include.

data/Gemfile

@@ -2,6 +2,7 @@ source 'http://rubygems.org'
 
 gemspec :name => 'foreman_remote_execution'
 
+gem 'rubocop', '~> 0.80.0'
 gem 'rubocop-minitest'
 gem 'rubocop-performance'
 gem 'rubocop-rails'

data/app/assets/stylesheets/foreman_remote_execution/job_invocations.scss

@@ -1,9 +1,6 @@
-div.infoblock {
-  margin-bottom: 20px;
-  line-height: 2;
-
+.target-hosts-card {
   pre {
-    margin-top: 5px;
+    white-space:pre-line;
   }
 }
 
@@ -29,3 +26,7 @@ div.infoblock {
     }
   }
 }
+
+.text_warp{
+  word-wrap: break-word;
+}

data/app/controllers/api/v2/job_invocations_controller.rb

@@ -18,7 +18,17 @@ module Api
 
       api :GET, '/job_invocations/:id', N_('Show job invocation')
       param :id, :identifier, :required => true
+      param :host_status, :bool, required: false, desc: N_('Show Job status for the hosts')
       def show
+        @hosts = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
+        @template_invocations = @job_invocation.template_invocations
+                                               .where(host: @hosts)
+                                               .includes(:input_values)
+
+        if params[:host_status] == 'true'
+          template_invocations = @template_invocations.includes(:run_host_job_task).to_a
+          @host_statuses = Hash[template_invocations.map { |ti| [ti.host_id, template_invocation_status(ti)] }]
+        end
       end
 
       def_param_group :job_invocation do
@@ -146,7 +156,7 @@ module Api
       end
 
       def find_host
-        @host = Host.authorized(:view_hosts).find(params['host_id'])
+        @host = @nested_obj.targeting.hosts.authorized(:view_hosts, Host).find(params['host_id'])
       rescue ActiveRecord::RecordNotFound
         not_found({ :error => { :message => (_("Host with id '%{id}' was not found") % { :id => params['host_id'] }) } })
       end
@@ -204,6 +214,17 @@ module Api
       def parent_scope
         resource_class.where(nil)
       end
+
+      def template_invocation_status(template_invocation)
+        task = template_invocation.try(:run_host_job_task)
+        parent_task = @job_invocation.task
+
+        return(parent_task.result == 'cancelled' ? 'cancelled' : 'N/A') if task.nil?
+        return task.state if task.state == 'running' || task.state == 'planned'
+        return 'error' if task.result == 'warning'
+
+        task.result
+      end
     end
   end
 end

data/app/controllers/api/v2/template_invocations_controller.rb

@@ -26,7 +26,10 @@ module Api
       private
 
       def resource_scope_for_template_invocations
-        @job_invocation.template_invocations.search_for(*search_options)
+        @job_invocation.template_invocations
+                       .includes(:host)
+                       .where(host: Host.authorized(:view_hosts, Host))
+                       .search_for(*search_options)
       end
 
       def find_job_invocation

data/app/helpers/job_invocations_helper.rb

@@ -29,7 +29,7 @@ module JobInvocationsHelper
   end
 
   def preview_hosts(template_invocation)
-    hosts = template_invocation.targeting.hosts.take(20)
+    hosts = template_invocation.targeting.hosts.authorized(:view_hosts, Host).take(20)
     hosts.map do |host|
       collapsed_preview(host) +
         render(:partial => 'job_invocations/user_input',

data/app/helpers/remote_execution_helper.rb

@@ -14,43 +14,35 @@ module RemoteExecutionHelper
   end
 
   def template_invocation_status(task, parent_task)
-    if task.nil?
-      if parent_task.result == 'cancelled'
-        icon_text('warning-triangle-o', _('cancelled'), :kind => 'pficon')
-      else
-        icon_text('question', 'N/A', :kind => 'fa')
-      end
-    elsif task.state == 'running'
-      icon_text('running', _('running'), :kind => 'pficon')
-    elsif task.state == 'planned'
-      icon_text('build', _('planned'), :kind => 'pficon')
-    else
-      case task.result
-        when 'warning', 'error'
-          icon_text('error-circle-o', _('failed'), :kind => 'pficon')
-        when 'cancelled'
-          icon_text('warning-triangle-o', _('cancelled'), :kind => 'pficon')
-        when 'success'
-          icon_text('ok', _('success'), :kind => 'pficon')
-        else
-          task.result
-      end
-    end
+    return(parent_task.result == 'cancelled' ? _('cancelled') : 'N/A') if task.nil?
+    return task.state if task.state == 'running' || task.state == 'planned'
+    return _('error') if task.result == 'warning'
+
+    task.result
   end
 
   def template_invocation_actions(task, host, job_invocation, template_invocation)
+    links = []
     host_task = template_invocation.try(:run_host_job_task)
-    [
-      display_link_if_authorized(_('Host detail'), hash_for_host_path(host).merge(:auth_object => host, :permission => :view_hosts, :authorizer => job_hosts_authorizer)),
-      display_link_if_authorized(_('Rerun on %s') % host.name, hash_for_rerun_job_invocation_path(:id => job_invocation, :host_ids => [ host.id ], :authorizer => job_hosts_authorizer)),
-      if host_task.present?
-        display_link_if_authorized(
-          _('Host task'),
-          hash_for_foreman_tasks_task_path(host_task)
-          .merge(:auth_object => host_task, :permission => :view_foreman_tasks)
-        )
-      end,
-    ]
+
+    if authorized_for(hash_for_host_path(host).merge(auth_object: host, permission: :view_hosts, authorizer: job_hosts_authorizer))
+      links << { title: _('Host detail'),
+                 action: { href: host_path(host), 'data-method': 'get', id: "#{host.name}-actions-detail" } }
+    end
+
+    if authorized_for(hash_for_rerun_job_invocation_path(id: job_invocation, host_ids: [ host.id ], authorizer: job_hosts_authorizer))
+      links << { title: (_('Rerun on %s') % host.name),
+                 action: { href: rerun_job_invocation_path(job_invocation, host_ids: [ host.id ]),
+                           'data-method': 'get', id: "#{host.name}-actions-rerun" } }
+    end
+
+    if host_task.present? && authorized_for(hash_for_foreman_tasks_task_path(host_task).merge(auth_object: host_task, permission: :view_foreman_tasks))
+      links << { title: _('Host task'),
+                 action: { href: foreman_tasks_task_path(host_task),
+                           'data-method': 'get', id: "#{host.name}-actions-task" } }
+    end
+
+    links
   end
 
   def remote_execution_provider_for(template_invocation)
@@ -237,4 +229,17 @@ module RemoteExecutionHelper
 
     task.execution_plan.actions[1].try(:input).try(:[], 'script')
   end
+
+  def targeting_hosts(job_invocation, hosts)
+    hosts.map do |host|
+      template_invocation = job_invocation.template_invocations.find { |template_inv| template_inv.host_id == host.id }
+      task = template_invocation.try(:run_host_job_task)
+      link_authorized = !task.nil? && authorized_for(hash_for_template_invocation_path(:id => template_invocation).merge(:auth_object => host, :permission => :view_hosts, :authorizer => job_hosts_authorizer))
+
+      { name: host.name,
+        link: link_authorized ? template_invocation_path(:id => template_invocation) : '',
+        status: template_invocation_status(task, job_invocation.task),
+        actions: template_invocation_actions(task, host, job_invocation, template_invocation) }
+    end
+  end
 end

data/app/lib/actions/remote_execution/run_host_job.rb

@@ -29,6 +29,9 @@ module Actions
 
         raise _('Could not use any template used in the job invocation') if template_invocation.blank?
 
+        provider = template_invocation.template.provider
+        proxy_selector = provider.required_proxy_selector_for(template_invocation.template) || proxy_selector
+
         provider_type = template_invocation.template.provider_type.to_s
         proxy = determine_proxy!(proxy_selector, provider_type, host)
 
@@ -36,8 +39,6 @@ module Actions
         script = renderer.render
         raise _('Failed rendering template: %s') % renderer.error_message unless script
 
-        provider = template_invocation.template.provider
-
         additional_options = { :hostname => provider.find_ip_or_hostname(host),
                                :script => script,
                                :execution_timeout_interval => job_invocation.execution_timeout_interval,

data/app/models/concerns/foreman_remote_execution/host_extensions.rb

@@ -49,7 +49,7 @@ module ForemanRemoteExecution
       keys = remote_execution_ssh_keys
       source = 'global'
       if keys.present?
-        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| v || [] }
+        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| [v].flatten.compact }
         params['remote_execution_ssh_keys'] = {:value => value + keys, :safe_value => safe_value + keys, :source => source}
       end
       [:remote_execution_ssh_user, :remote_execution_effective_user_method,

data/app/models/concerns/foreman_remote_execution/orchestration/ssh.rb

@@ -8,11 +8,16 @@ module ForemanRemoteExecution
       register_rebuild(:queue_ssh_destroy, N_("SSH_#{self.to_s.split('::').first}"))
     end
 
-    def drop_from_known_hosts(args)
-      proxy_id, target = args
+    def drop_from_known_hosts(proxy_id)
+      _, _, target = host_kind_target
+      return true if target.nil?
+
       proxy = ::SmartProxy.find(proxy_id)
       begin
         proxy.drop_host_from_known_hosts(target)
+      rescue RestClient::ResourceNotFound => e
+        # ignore 404 when known_hosts entry is missing or the module was not enabled
+        Foreman::Logging.exception "Proxy failed to delete SSH known_hosts for #{name}, #{ip}", e, :level => :error
       rescue => e
         Rails.logger.warn e.message
         return false
@@ -23,11 +28,11 @@ module ForemanRemoteExecution
     def ssh_destroy
       logger.debug "Scheduling SSH known_hosts cleanup"
 
-      host, _kind, target = host_kind_target
+      host, _kind, _target = host_kind_target
       proxies = host.remote_execution_proxies('SSH').values
       proxies.flatten.uniq.each do |proxy|
         queue.create(id: queue_id(proxy.id), name: _("Remove SSH known hosts for %s") % self,
-          priority: 200, action: [self, :drop_from_known_hosts, [proxy.id, target]])
+          priority: 200, action: [self, :drop_from_known_hosts, proxy.id])
       end
     end
 
@@ -37,7 +42,7 @@ module ForemanRemoteExecution
 
     def should_drop_from_known_hosts?
       host, = host_kind_target
-      host&.build && host&.changes&.key?('build')
+      host && !host.new_record? && host.build && host.changes.key?('build')
     end
 
     private

data/app/models/remote_execution_provider.rb

@@ -98,5 +98,10 @@ class RemoteExecutionProvider
     def proxy_action_class
       ForemanRemoteExecutionCore::Actions::RunScript
     end
+
+    # Return a specific proxy selector to use for running a given template
+    # Returns either nil to use the default selector or an instance of a (sub)class of ::ForemanTasks::ProxySelector
+    def required_proxy_selector_for(_template)
+    end
   end
 end

data/app/services/default_proxy_proxy_selector.rb

@@ -0,0 +1,18 @@
+class DefaultProxyProxySelector < ::RemoteExecutionProxySelector
+  def initialize
+    # TODO: Remove this once we have a reliable way of determining the internal proxy without katello
+    # Tracked as https://projects.theforeman.org/issues/29840
+    raise _('Internal proxy selector can only be used if Katello is enabled') unless defined?(::Katello)
+
+    super
+  end
+
+  def available_proxies(host, provider)
+    # TODO: Once we have a internal proxy marker/feature on the proxy, we can
+    # swap the implementation
+    internal_proxy = ::Katello.default_capsule
+    super.reduce({}) do |acc, (key, proxies)|
+      acc.merge(key => proxies.select { |proxy| proxy == internal_proxy })
+    end
+  end
+end