foreman_remote_execution 3.3.2 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d093d837d0009e477549fba4700f3e0090045ba23f8b2c50fb05439fee53e403
-  data.tar.gz: 54dffc56caa3fa1bb72bb159b152d267d2e348b64b57322ea74cdf0ad9289cc1
+  metadata.gz: 93860edb8974a0691383b3a199a1a2d079d10401d7780b99aa6275b75125eb58
+  data.tar.gz: d333f8eb85a42b36694dee932447d4364b57ed2c095ad5a055d1e7adf69a9866
 SHA512:
-  metadata.gz: e3524503031c73f86a0f3ed0b6c8dd39499f85df47052eca941f455552665b93ff041e5d6df9870cfb95ac1219017a561a483556306905bdc005caf252a5e088
-  data.tar.gz: 537da427406ce7c794d5e589e7e82f8c6fbda33a3a4231129905b69171421f41e98563c0496d9c7cc748f675d200729ec52f4d9067a8f7879972922358a2a868
+  metadata.gz: 70c300e719d6587639719a4d95aa23da2d3f3a16d51692392c789b70cd381b31320789db0f45b57c129e4b90d36bd1a8ddadd29db4f38f2d9e40a39219b1d130
+  data.tar.gz: 1feab0c5cfd3fee6054a004eba812b7257df80a2dce50aa200d15dd20797f24f8a614d802668ac6daf043c189b7caa8e8d5f0d4a997726764c80c91173d9437b

data/.github/workflows/ci.yml

@@ -30,10 +30,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        foreman-core-branch: [2.1-stable, develop]
+        foreman-core-branch: [develop]
         ruby-version: [2.5, 2.6]
         node-version: [12]
     steps:
+      - run: sudo apt-get update
       - run: sudo apt-get install build-essential libcurl4-openssl-dev zlib1g-dev libpq-dev
       - uses: actions/checkout@v2
         with:

data/app/assets/stylesheets/foreman_remote_execution/job_invocations.scss

@@ -1,9 +1,6 @@
-div.infoblock {
-  margin-bottom: 20px;
-  line-height: 2;
-
+.target-hosts-card {
   pre {
-    margin-top: 5px;
+    white-space:pre-line;
   }
 }
 
@@ -29,3 +26,7 @@ div.infoblock {
     }
   }
 }
+
+.text_warp{
+  word-wrap: break-word;
+}

data/app/controllers/api/v2/job_invocations_controller.rb

@@ -18,14 +18,14 @@ module Api
 
       api :GET, '/job_invocations/:id', N_('Show job invocation')
       param :id, :identifier, :required => true
-      param :host_status, String, required: false, allow_blank: true, desc: N_('Show Job status for the hosts.')
+      param :host_status, :bool, required: false, desc: N_('Show Job status for the hosts')
       def show
         @hosts = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
         @template_invocations = @job_invocation.template_invocations
                                                .where(host: @hosts)
                                                .includes(:input_values)
 
-        if params[:host_status]
+        if params[:host_status] == 'true'
           template_invocations = @template_invocations.includes(:run_host_job_task).to_a
           @host_statuses = Hash[template_invocations.map { |ti| [ti.host_id, template_invocation_status(ti)] }]
         end
@@ -80,6 +80,7 @@ module Api
         end
         composer.trigger!
         @job_invocation = composer.job_invocation
+        @hosts = @job_invocation.targeting.hosts
         process_response @job_invocation
       end
 

data/app/controllers/job_invocations_controller.rb

@@ -52,16 +52,18 @@ class JobInvocationsController < ApplicationController
 
   def show
     @job_invocation = resource_base.includes(:template_invocations => :run_host_job_task).find(params[:id])
-    @auto_refresh = @job_invocation.task.try(:pending?)
-    @resource_base = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
-    # There's no need to do the joining if we're not filtering
-    unless params[:search].nil?
-      @resource_base = @resource_base.joins(:template_invocations)
-                                     .where(:template_invocations => { :job_invocation_id => @job_invocation.id})
-    end
-    @hosts = resource_base_search_and_page
     @job_organization = Taxonomy.find_by(id: @job_invocation.task.input[:current_organization_id])
     @job_location = Taxonomy.find_by(id: @job_invocation.task.input[:current_location_id])
+    @auto_refresh = @job_invocation.task.try(:pending?)
+
+    respond_to do |format|
+      format.json do
+        targeting_hosts_resources
+      end
+
+      format.html
+      format.js
+    end
   end
 
   def index
@@ -153,4 +155,16 @@ class JobInvocationsController < ApplicationController
       JobInvocationComposer.from_ui_params(with_triggering)
     end
   end
+
+  def targeting_hosts_resources
+    @auto_refresh = @job_invocation.task.try(:pending?)
+    @resource_base = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
+
+    unless params[:search].nil?
+      @resource_base = @resource_base.joins(:template_invocations)
+                                     .where(:template_invocations => { :job_invocation_id => @job_invocation.id})
+    end
+    @hosts = resource_base_search_and_page
+    @total_hosts = resource_base_with_search.size
+  end
 end

data/app/lib/actions/remote_execution/run_host_job.rb

@@ -60,7 +60,7 @@ module Actions
       def secrets(host, job_invocation, provider)
         job_secrets = { :ssh_password => job_invocation.password,
                         :key_passphrase => job_invocation.key_passphrase,
-                        :sudo_password => job_invocation.sudo_password }
+                        :effective_user_password => job_invocation.effective_user_password }
 
         job_secrets.merge(provider.secrets(host)) { |_key, job_secret, provider_secret| job_secret || provider_secret }
       end

data/app/lib/actions/remote_execution/run_hosts_job.rb

@@ -47,7 +47,7 @@ module Actions
       end
 
       def finalize
-        job_invocation.password = job_invocation.key_passphrase = job_invocation.sudo_password = nil
+        job_invocation.password = job_invocation.key_passphrase = job_invocation.effective_user_password = nil
         job_invocation.save!
 
         Rails.logger.debug "cleaning cache for keys that begin with 'job_invocation_#{job_invocation.id}'"

data/app/lib/foreman_remote_execution/renderer/scope/input.rb

@@ -3,14 +3,33 @@ module ForemanRemoteExecution
     module Scope
       class Input < ::Foreman::Renderer::Scope::Template
         include Foreman::Renderer::Scope::Macros::HostTemplate
+        extend ApipieDSL::Class
 
         attr_reader :template, :host, :invocation, :input_template_instance, :current_user
         delegate :input, to: :input_template_instance
 
+        apipie :class, 'Macros related to template rendering' do
+          name 'Template Input Render'
+          sections only: %w[all jobs]
+        end
+
+        apipie :method, 'Always raises an error with a description provided as an argument' do
+          desc 'This method is useful for aborting script execution if some of the conditions are not met'
+          required :message, String, desc: 'Description for the error'
+          raises error: ::InputTemplateRenderer::RenderError, desc: 'The error is always being raised'
+          returns nil, desc: "Doesn't return anything"
+          example "<%
+  @host.operatingsystem #=> nil
+  render_error(N_('Unsupported or no operating system found for this host.')) unless @host.operatingsystem #=> InputTemplateRenderer::RenderError is raised and the execution of the script is aborted
+%>"
+        end
         def render_error(message)
           raise ::InputTemplateRenderer::RenderError.new(message)
         end
 
+        apipie :method, 'Check whether the template in preview mode or not' do
+          returns one_of: [true, false], desc: 'Returns true if the template in preview mode, false otherwise'
+        end
         def preview?
           !!@preview
         end
@@ -23,6 +42,16 @@ module ForemanRemoteExecution
           Rails.cache.fetch(cache_key, &block)
         end
 
+        # rubocop:disable Lint/InterpolationCheck
+        apipie :method, 'Render template by given name' do
+          required :template_name, String, desc: 'name of the template to render'
+          optional :input_values, Hash, desc: 'key:value list of input values for the template'
+          optional :options, Hash, desc: 'Additional options such as :with_foreign_input_set. Set to true if a foreign input set should be considered when rendering the template'
+          raises error: StandardError, desc: 'raises an error if there is no template or template input with such name'
+          returns String, desc: 'Rendered template'
+          example '<%= render_template("Run Command - Ansible Default", command: "yum -y group install #{input("package")}") %>'
+        end
+        # rubocop:enable Lint/InterpolationCheck
         def render_template(template_name, input_values = {}, options = {})
           options.assert_valid_keys(:with_foreign_input_set)
           with_foreign_input_set = options.fetch(:with_foreign_input_set, true)
@@ -59,6 +88,12 @@ module ForemanRemoteExecution
           input_values.merge(overrides).with_indifferent_access
         end
 
+        apipie :method, 'Returns the value of template input' do
+          required :name, String, desc: 'name of the template input'
+          raises error: UndefinedInput, desc: 'when there is no input with such name defined for the current template'
+          returns Object, desc: 'The value of template input'
+          example 'input("Include Facts") #=> "yes"'
+        end
         def input(name)
           return template_input_values[name.to_s] if template_input_values.key?(name.to_s)
 

data/app/models/concerns/foreman_remote_execution/orchestration/ssh.rb

@@ -15,9 +15,13 @@ module ForemanRemoteExecution
       proxy = ::SmartProxy.find(proxy_id)
       begin
         proxy.drop_host_from_known_hosts(target)
-      rescue RestClient::ResourceNotFound => e
-        # ignore 404 when known_hosts entry is missing or the module was not enabled
-        Foreman::Logging.exception "Proxy failed to delete SSH known_hosts for #{name}, #{ip}", e, :level => :error
+      rescue ::ProxyAPI::ProxyException => e
+        if e.wrapped_exception.is_a?(RestClient::NotFound)
+          # ignore 404 when known_hosts entry is missing or the module was not enabled
+          Foreman::Logging.exception "Proxy failed to delete SSH known_hosts for #{name}, #{ip}", e, :level => :error
+        else
+          raise e
+        end
       rescue => e
         Rails.logger.warn e.message
         return false
@@ -29,7 +33,10 @@ module ForemanRemoteExecution
       logger.debug "Scheduling SSH known_hosts cleanup"
 
       host, _kind, _target = host_kind_target
-      proxies = host.remote_execution_proxies('SSH').values
+      # #remote_execution_proxies may not be defined on the host object in some case
+      # for example Host::Discovered does not have it defined, even though these hosts
+      # have Nic::Managed interfaces associated with them
+      proxies = (host.try(:remote_execution_proxies, 'SSH') || {}).values
       proxies.flatten.uniq.each do |proxy|
         queue.create(id: queue_id(proxy.id), name: _("Remove SSH known hosts for %s") % self,
           priority: 200, action: [self, :drop_from_known_hosts, proxy.id])

data/app/models/job_invocation.rb

@@ -41,7 +41,10 @@ class JobInvocation < ApplicationRecord
   has_many :template_invocation_tasks, :through => :template_invocations,
                                        :class_name => 'ForemanTasks::Task',
                                        :source => 'run_host_job_task'
-
+  has_one :user, through: :task
+  scoped_search relation: :user, on: :login, rename: 'user', complete_value: true,
+                value_translation: ->(value) { value == 'current_user' ? User.current.login : value },
+                special_values: [:current_user], aliases: ['owner'], :only_explicit => true
   scoped_search :relation => :task, :on => :started_at, :rename => 'started_at', :complete_value => true
   scoped_search :relation => :task, :on => :start_at, :rename => 'start_at', :complete_value => true
   scoped_search :relation => :task, :on => :ended_at, :rename => 'ended_at', :complete_value => true
@@ -70,7 +73,7 @@ class JobInvocation < ApplicationRecord
 
   delegate :start_at, :to => :task, :allow_nil => true
 
-  encrypts :password, :key_passphrase, :sudo_password
+  encrypts :password, :key_passphrase, :effective_user_password
 
   def self.search_by_status(key, operator, value)
     conditions = HostStatus::ExecutionStatus::ExecutionTaskStatusMapper.sql_conditions_for(value)
@@ -139,7 +142,7 @@ class JobInvocation < ApplicationRecord
       invocation.pattern_template_invocations = self.pattern_template_invocations.map(&:deep_clone)
       invocation.password = self.password
       invocation.key_passphrase = self.key_passphrase
-      invocation.sudo_password = self.sudo_password
+      invocation.effective_user_password = self.effective_user_password
     end
   end
 

data/app/models/job_invocation_composer.rb

@@ -15,7 +15,7 @@ class JobInvocationComposer
         :description_format => job_invocation_base[:description_format],
         :password => blank_to_nil(job_invocation_base[:password]),
         :key_passphrase => blank_to_nil(job_invocation_base[:key_passphrase]),
-        :sudo_password => blank_to_nil(job_invocation_base[:sudo_password]),
+        :effective_user_password => blank_to_nil(job_invocation_base[:effective_user_password]),
         :concurrency_control => concurrency_control_params,
         :execution_timeout_interval => execution_timeout_interval,
         :template_invocations => template_invocations_params }.with_indifferent_access
@@ -348,7 +348,7 @@ class JobInvocationComposer
     job_invocation.execution_timeout_interval = params[:execution_timeout_interval]
     job_invocation.password = params[:password]
     job_invocation.key_passphrase = params[:key_passphrase]
-    job_invocation.sudo_password = params[:sudo_password]
+    job_invocation.effective_user_password = params[:effective_user_password]
 
     if @reruns && job_invocation.targeting.static?
       job_invocation.targeting.host_ids = JobInvocation.find(@reruns).targeting.host_ids

data/app/models/remote_execution_provider.rb

@@ -57,8 +57,8 @@ class RemoteExecutionProvider
       [true, 'true', 'True', 'TRUE', '1'].include?(setting)
     end
 
-    def sudo_password(host)
-      host_setting(host, :remote_execution_sudo_password)
+    def effective_user_password(host)
+      host_setting(host, :remote_execution_effective_user_password)
     end
 
     def effective_interfaces(host)

data/app/models/setting/remote_execution.rb

@@ -1,6 +1,6 @@
 class Setting::RemoteExecution < Setting
 
-  ::Setting::BLANK_ATTRS.concat %w{remote_execution_ssh_password remote_execution_ssh_key_passphrase remote_execution_sudo_password remote_execution_cockpit_url remote_execution_form_job_template}
+  ::Setting::BLANK_ATTRS.concat %w{remote_execution_ssh_password remote_execution_ssh_key_passphrase remote_execution_sudo_password remote_execution_effective_user_password remote_execution_cockpit_url remote_execution_form_job_template}
 
   def self.default_settings
     [
@@ -27,7 +27,7 @@ class Setting::RemoteExecution < Setting
         N_('Effective User Method'),
         nil,
         { :collection => proc { Hash[SSHExecutionProvider::EFFECTIVE_USER_METHODS.map { |method| [method, method] }] } }),
-      self.set('remote_execution_sudo_password', N_("Sudo password"), '', N_("Sudo password"), nil, {:encrypted => true}),
+      self.set('remote_execution_effective_user_password', N_("Effective user password"), '', N_("Effective user password"), nil, {:encrypted => true}),
       self.set('remote_execution_sync_templates',
         N_('Whether we should sync templates from disk when running db:seed.'),
         true,

data/app/models/ssh_execution_provider.rb

@@ -32,7 +32,7 @@ class SSHExecutionProvider < RemoteExecutionProvider
       {
         :ssh_password => ssh_password(host),
         :key_passphrase => ssh_key_passphrase(host),
-        :sudo_password => sudo_password(host),
+        :effective_user_password => effective_user_password(host),
       }
     end
 

data/app/services/default_proxy_proxy_selector.rb

@@ -10,7 +10,9 @@ class DefaultProxyProxySelector < ::RemoteExecutionProxySelector
   def available_proxies(host, provider)
     # TODO: Once we have a internal proxy marker/feature on the proxy, we can
     # swap the implementation
-    internal_proxy = ::Katello.default_capsule
+    raise _('default_capsule method missing from SmartProxy') unless ::SmartProxy.respond_to?(:default_capsule)
+
+    internal_proxy = ::SmartProxy.default_capsule
     super.reduce({}) do |acc, (key, proxies)|
       acc.merge(key => proxies.select { |proxy| proxy == internal_proxy })
     end

data/app/views/api/v2/job_invocations/main.json.rabl

@@ -19,10 +19,10 @@ child :targeting do
   attributes :bookmark_id, :search_query, :targeting_type, :user_id, :status, :status_label,
     :randomized_ordering
 
-  child @hosts do
+  child @hosts => :hosts do
     extends 'api/v2/hosts/base'
 
-    if params[:host_status]
+    if params[:host_status] == 'true'
       node :job_status do |host|
         @host_statuses[host.id]
       end

data/app/views/job_invocations/_card_target_hosts.html.erb

@@ -1,5 +1,5 @@
 <% template_invocations = job_invocation.pattern_template_invocations %>
-<div class="card-pf card-pf-accented">
+<div class="card-pf card-pf-accented target-hosts-card">
   <div class="card-pf-title">
     <h2 style="height: 18px;" class="card-pf-title">
       <%= _('Target hosts') %>

data/app/views/job_invocations/_form.html.erb

@@ -95,7 +95,7 @@
     <div class="advanced hidden">
       <%= password_f f, :password, :placeholder => '*****', :label => _('Password'), :label_help => N_('Password is stored encrypted in DB until the job finishes. For future or recurring executions, it is removed after the last execution.') %>
       <%= password_f f, :key_passphrase, :placeholder => '*****', :label => _('Private key passphrase'), :label_help => N_('Key passhprase is only applicable for SSH provider. Other providers ignore this field. <br> Passphrase is stored encrypted in DB until the job finishes. For future or recurring executions, it is removed after the last execution.') %>
-      <%= password_f f, :sudo_password, :placeholder => '*****', :label => _('Sudo password'), :label_help => N_('Sudo password is only applicable for SSH provider. Other providers ignore this field. <br> Password is stored encrypted in DB until the job finishes. For future or recurring executions, it is removed after the last execution.') %>
+      <%= password_f f, :effective_user_password, :placeholder => '*****', :label => _('Effective user password'), :label_help => N_('Effective user password is only applicable for SSH provider. Other providers ignore this field. <br> Password is stored encrypted in DB until the job finishes. For future or recurring executions, it is removed after the last execution.') %>
     </div>
 
     <div class="advanced hidden">

data/app/views/job_invocations/_tab_hosts.html.erb

@@ -1,24 +1,5 @@
 <% if job_invocation.resolved? %>
-  <%= form_with url: job_invocation_path(job_invocation), method: "get", id: "search-form" do |f| %>
-    <div class="row">
-      <div class="title_filter col-md-6">
-        <div class="input-group">
-            <%= autocomplete_f(f, :search, value: params[:search].try(:squeeze, " "), placeholder: _("Filter") + ' ...', path: hosts_path, only_input: true) %>
-            <span class="input-group-btn">
-              <button class="btn btn-default" type="submit">
-                <%= icon_text('search', content_tag(:span, _('Search'), :class => 'hidden-xs', :kind => 'fa')) %>
-              </button>
-            </span>
-        </div>
-      </div>
-    </div>
-  <% end %>
-  <br>
-
-  <div id="targeting_hosts">
-    <%= mount_react_component('TargetingHosts', '#targeting_hosts') %>
-  </div>
-  <%= will_paginate_with_info @hosts, :container => true %>
+  <%= react_component('TargetingHosts' ) %>
 <% else %>
   <div class="alert alert-warning">
     <%=

data/app/views/job_invocations/index.html.erb

@@ -1,3 +1,4 @@
+<% stylesheet 'foreman_remote_execution/foreman_remote_execution' %>
 <% title _('Job invocations') %>
 
 <% title_actions(job_invocations_buttons) %>
@@ -19,7 +20,7 @@
   <tbody>
     <% @job_invocations.each do |invocation| %>
       <tr>
-        <td><%= link_to_if_authorized invocation_description(invocation), hash_for_job_invocation_path(invocation).merge(:auth_object => invocation, :permission => :view_job_invocations, :authorizer => authorizer) %></td>
+        <td class="text_warp"><%= link_to_if_authorized invocation_description(invocation), hash_for_job_invocation_path(invocation).merge(:auth_object => invocation, :permission => :view_job_invocations, :authorizer => authorizer) %></td>
         <td><%= trunc_with_tooltip(invocation&.targeting&.search_query, 15) %></td>
         <td><%= link_to_invocation_task_if_authorized(invocation) %></td>
         <td><%= invocation_result(invocation, :success_count) %></td>

data/app/views/job_invocations/show.html.erb

@@ -2,6 +2,9 @@
 <% stylesheet 'foreman_remote_execution/foreman_remote_execution' %>
 <% javascript 'charts', 'foreman_remote_execution/template_invocation' %>
 <% javascript *webpack_asset_paths('foreman_remote_execution', :extension => 'js') %>
+<% content_for(:stylesheets) do %>
+  <%= webpacked_plugins_css_for :foreman_remote_execution %>
+<% end %>
 
 <%= breadcrumbs name_field: 'description' %>
 
@@ -41,3 +44,9 @@
   <% end %>
   <%= render_tab_content_for(:main_tabs, subject: @job_invocation) %>
 </div>
+
+<script id="job_invocation_refresh" data-refresh-url="<%= job_invocation_path(@job_invocation) %>">
+  <% if @auto_refresh %>
+    delayed_refresh($('script#job_invocation_refresh').data('refresh-url'), {});
+  <% end %>
+</script>

data/app/views/job_invocations/show.js.erb

@@ -0,0 +1,5 @@
+$('div#title_action div.btn-group').html('<%= button_group(job_invocation_task_buttons(@job_invocation.task)).html_safe %>');
+
+<% if @auto_refresh %>
+  delayed_refresh($('script#job_invocation_refresh').data('refresh-url'), job_invocation_refresh_data());
+<% end %>

data/app/views/job_invocations/show.json.erb

@@ -1,4 +1,5 @@
 {
   "autoRefresh": "<%= @auto_refresh %>",
-  "hosts": <%= targeting_hosts(@job_invocation, @hosts).to_json.html_safe %>
+  "hosts": <%= targeting_hosts(@job_invocation, @hosts).to_json.html_safe %>,
+  "total_hosts": <%= @total_hosts %>
 }

data/app/views/templates/ssh/package_action.erb

@@ -97,6 +97,7 @@ handle_zypp_res_codes () {
       end
     end
   -%>
+  [ -x "$(command -v subscription-manager)" ] && subscription-manager refresh
   apt-get -y update
   apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y <%= action %> <%= input("package") %>
 <% elsif package_manager == 'zypper' -%>

data/app/views/templates/ssh/puppet_agent_disable.erb

@@ -13,4 +13,7 @@ template_inputs:
 provider_type: SSH
 kind: job_template
 -%>
+<% if @host.operatingsystem.family == 'Debian' -%>
+export PATH=/opt/puppetlabs/bin:$PATH
+<% end -%>
 puppet agent --disable "<%= input("comment").present? ? input("comment") : "Disabled using Foreman Remote Execution"  %> - <%= current_user %> - $(date "+%d/%m/%Y %H:%M")"