foreman_remote_execution 3.3.2 → 4.0.0

data/app/views/templates/ssh/puppet_agent_enable.erb

@@ -7,4 +7,7 @@ snippet: false
 provider_type: SSH
 kind: job_template
 -%>
+<% if @host.operatingsystem.family == 'Debian' -%>
+export PATH=/opt/puppetlabs/bin:$PATH
+<% end -%>
 puppet agent --enable

data/app/views/templates/ssh/puppet_install_modules_from_forge.erb

@@ -33,4 +33,7 @@ template_inputs:
 provider_type: SSH
 kind: job_template
 -%>
+<% if @host.operatingsystem.family == 'Debian' -%>
+export PATH=/opt/puppetlabs/bin:$PATH
+<% end -%>
 puppet module install <%= input('puppet_module') %> <%= "--target-dir #{input('target_dir')}" if input('target_dir').present? %> <%= "--version #{input('version')}" if input('version').present? %> <%= "--force" if input('force') == "true" %> <%= "--ignore-dependencies" if input('ignore_dependencies') == "true" %>

data/app/views/templates/ssh/puppet_run_once.erb

@@ -11,4 +11,7 @@ template_inputs:
   input_type: user
   required: false
 %>
+<% if @host.operatingsystem.family == 'Debian' -%>
+export PATH=/opt/puppetlabs/bin:$PATH
+<% end -%>
 puppet agent --onetime --no-usecacheonfailure --no-daemonize <%= input("puppet_options") %>

data/db/migrate/20200623073022_rename_sudo_password_to_effective_user_password.rb

@@ -0,0 +1,34 @@
+class RenameSudoPasswordToEffectiveUserPassword < ActiveRecord::Migration[6.0]
+  def up
+    rename_column :job_invocations, :sudo_password, :effective_user_password
+
+    Parameter.where(name: 'remote_execution_sudo_password').each do |parameter|
+      record = Parameter.find_by(type: parameter.type, reference_id: parameter.reference_id, name: "remote_execution_effective_user_password")
+      if record.nil?
+        parameter.update(name: "remote_execution_effective_user_password")
+      end
+    end
+
+    return unless (password = Setting.find_by(:name => 'remote_execution_sudo_password').try(:value))
+
+    Setting.find_by(:name => 'remote_execution_effective_user_password').update(value: password)
+
+    Setting.find_by(:name => 'remote_execution_sudo_password').delete
+  end
+
+  def down
+    rename_column :job_invocations, :effective_user_password, :sudo_password
+
+    Parameter.where(name: 'remote_execution_effective_user_password').each do |parameter|
+      record = Parameter.find_by(type: parameter.type, reference_id: parameter.reference_id, name: "remote_execution_sudo_password")
+      if record.nil?
+        parameter.update(name: "remote_execution_sudo_password")
+      end
+    end
+
+    return unless (password = Setting.find_by(:name => 'remote_execution_effective_user_password').try(:value))
+
+    Setting.create!(name: 'remote_execution_sudo_password', value: password, description: 'Sudo password', category: 'Setting::RemoteExecution', settings_type: 'string', full_name: 'Sudo password',encrypted: true, default: nil)
+    Setting.find_by(:name => 'remote_execution_effective_user_password').delete
+  end
+end

data/db/seeds.d/20-permissions.rb

@@ -0,0 +1,9 @@
+view_permission = Permission.find_by(name: "view_job_invocations", resource_type: 'JobInvocation')
+default_role = Role.default
+
+# the view_permissions can be nil in tests: skipping in that case
+if view_permission && !default_role.permissions.include?(view_permission)
+  default_role.filters.create(:search => 'user = current_user') do |filter|
+    filter.filterings.build { |f| f.permission = view_permission }
+  end
+end

data/lib/foreman_remote_execution/engine.rb

@@ -44,9 +44,12 @@ module ForemanRemoteExecution
 
     initializer 'foreman_remote_execution.register_plugin', before: :finisher_hook do |_app|
       Foreman::Plugin.register :foreman_remote_execution do
-        requires_foreman '>= 1.25'
+        requires_foreman '>= 2.2'
 
         apipie_documented_controllers ["#{ForemanRemoteExecution::Engine.root}/app/controllers/api/v2/*.rb"]
+        ApipieDSL.configuration.dsl_classes_matchers += [
+          "#{ForemanRemoteExecution::Engine.root}/app/lib/foreman_remote_execution/renderer/**/*.rb",
+        ]
 
         automatic_assets(false)
         precompile_assets(*assets_to_precompile)

data/lib/foreman_remote_execution/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecution
-  VERSION = '3.3.2'.freeze
+  VERSION = '4.0.0'.freeze
 end

data/test/functional/api/v2/job_invocations_controller_test.rb

@@ -38,13 +38,14 @@ module Api
 
         test 'should see only permitted hosts' do
           @user = FactoryBot.create(:user, admin: false)
+          @invocation.task.update(user: @user)
           setup_user('view', 'job_invocations', nil, @user)
           setup_user('view', 'hosts', 'name ~ nope.example.com', @user)
 
-          get :show, params: { :id => @invocation.id }, session: set_session_user(@user)
+          get :show, params: { :id => @invocation.id }, session: prepare_user(@user)
           assert_response :success
           response = ActiveSupport::JSON.decode(@response.body)
-          assert_empty response['targeting']['hosts']
+          assert_equal response['targeting']['hosts'], []
         end
       end
 
@@ -298,6 +299,68 @@ module Api
         post :rerun, params: { :id => @invocation.id }
         assert_response 404
       end
+
+      describe 'restricted access' do
+        setup do
+          @admin = FactoryBot.create(:user, mail: 'admin@test.foreman.com', admin: true)
+          @user = FactoryBot.create(:user, mail: 'user@test.foreman.com', admin: false)
+          @invocation = FactoryBot.create(:job_invocation, :with_template, :with_task, :with_unplanned_host)
+          @invocation2 = FactoryBot.create(:job_invocation, :with_template, :with_task, :with_unplanned_host)
+
+          @invocation.task.update(user: @admin)
+          @invocation2.task.update(user: @user)
+
+          setup_user 'view', 'hosts', nil, @user
+          setup_user 'view', 'job_invocations', 'user = current_user', @user
+          setup_user 'create', 'job_invocations', 'user = current_user', @user
+          setup_user 'cancel', 'job_invocations', 'user = current_user', @user
+        end
+
+        let(:host) { @invocation.targeting.hosts.first }
+        let(:host2) { @invocation2.targeting.hosts.first }
+
+        context 'without user filter' do
+          test '#index' do
+            get :index, session: prepare_user(@admin)
+            assert_response :success
+            assert JSON.parse(@response.body)['results'].size >= 2
+          end
+
+          test '#show' do
+            get :show, params: { id: @invocation2.id }, session: prepare_user(@admin)
+            assert_response :success
+          end
+
+          test '#output' do
+            get :output, params: { job_invocation_id: @invocation2.id, host_id: host2.id }, session: prepare_user(@admin)
+            assert_response :success
+          end
+        end
+
+        context 'with user filter' do
+          test '#index' do
+            get :index, session: prepare_user(@user)
+            assert_response :success
+            assert_equal 1, JSON.parse(@response.body)['results'].size
+          end
+
+          test '#show' do
+            get :show, params: { id: @invocation.id }, session: prepare_user(@user)
+            assert_response :not_found
+          end
+
+          test '#output' do
+            get :output, params: { job_invocation_id: @invocation.id, host_id: host.id }, session: prepare_user(@user)
+            assert_response :not_found
+            assert_includes @response.body, 'Job invocation not found'
+          end
+        end
+      end
+
+      def prepare_user(user)
+        User.current = user
+        set_session_user(user)
+      end
     end
   end
 end

data/test/functional/job_invocations_controller_test.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'test_plugin_helper'
+require_relative '../support/remote_execution_helper'
 
 class JobInvocationsControllerTest < ActionController::TestCase
   test 'should parse inputs coming from the URL params' do
@@ -58,4 +59,74 @@ class JobInvocationsControllerTest < ActionController::TestCase
     post :new, params: params, session: set_session_user
     assert_response :success
   end
+
+  context 'restricted access' do
+    setup do
+      @admin = users(:admin)
+      @user = FactoryBot.create(:user, mail: 'test23@test.foreman.com', admin: false)
+      @invocation = FactoryBot.create(:job_invocation, :with_template, :with_task)
+      @invocation2 = FactoryBot.create(:job_invocation, :with_template, :with_task)
+
+      @invocation.task.update(user: @admin)
+      @invocation2.task.update(user: @user)
+
+      setup_user 'view', 'hosts', nil, @user
+      setup_user 'view', 'job_invocations', 'user = current_user', @user
+      setup_user 'create', 'job_invocations', 'user = current_user', @user
+      setup_user 'cancel', 'job_invocations', 'user = current_user', @user
+    end
+
+    context 'without user filter' do
+      test '#index' do
+        get :index, session: prepare_user(@admin)
+        assert_response :success
+        assert 2, assigns(:job_invocations).size
+      end
+
+      test '#show' do
+        get :show, params: { id: @invocation2.id }, session: prepare_user(@admin)
+        assert_response :success
+      end
+
+      test '#rerun' do
+        get :rerun, params: { id: @invocation2.id }, session: prepare_user(@admin)
+        assert_response :success
+      end
+
+      test '#cancel' do
+        ForemanTasks::Task.any_instance.expects(:cancel).returns(true)
+        post :cancel, params: { id: @invocation2.id }, session: prepare_user(@admin)
+        assert_response :redirect
+      end
+    end
+
+    context 'with user filter' do
+      test '#index' do
+        get :index, session: prepare_user(@user)
+        assert_response :success
+        assert_equal 1, assigns(:job_invocations).size
+        assert_equal @invocation2, assigns(:job_invocations)[0]
+      end
+
+      test '#show' do
+        get :show, params: { id: @invocation.id }, session: prepare_user(@user)
+        assert_response :not_found
+      end
+
+      test '#rerun' do
+        get :rerun, params: { id: @invocation.id }, session: prepare_user(@user)
+        assert_response :not_found
+      end
+
+      test 'cancel' do
+        post :cancel, params: { id: @invocation.id }, session: prepare_user(@user)
+        assert_response :not_found
+      end
+    end
+  end
+
+  def prepare_user(user)
+    User.current = user
+    set_session_user(user)
+  end
 end

data/test/models/orchestration/ssh_test.rb

@@ -30,7 +30,7 @@ class SSHOrchestrationTest < ActiveSupport::TestCase
 
   it 'does not fail on 404 from the smart proxy' do
     host.stubs(:skip_orchestration?).returns false
-    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).raises(RestClient::ResourceNotFound).twice
+    ::ProxyAPI::RemoteExecutionSSH.any_instance.expects(:delete).raises(RestClient::ResourceNotFound).twice
     host.build = true
     host.save!
     ids = ["ssh_remove_known_hosts_interface_#{interface.ip}_#{proxy.id}",

data/test/support/remote_execution_helper.rb

@@ -0,0 +1,5 @@
+module RemoteExecutionHelper
+  def job_invocation_task_buttons(task)
+    return []
+  end
+end

data/test/unit/actions/run_host_job_test.rb

@@ -12,7 +12,7 @@ module ForemanRemoteExecution
       let(:provider) do
         provider = ::SSHExecutionProvider
         provider.expects(:ssh_password).with(host).returns('sshpass')
-        provider.expects(:sudo_password).with(host).returns('sudopass')
+        provider.expects(:effective_user_password).with(host).returns('sudopass')
         provider.expects(:ssh_key_passphrase).with(host).returns('keypass')
         provider
       end
@@ -21,7 +21,7 @@ module ForemanRemoteExecution
         secrets = subject.secrets(host, job_invocation, provider)
 
         assert_equal 'sshpass', secrets[:ssh_password]
-        assert_equal 'sudopass', secrets[:sudo_password]
+        assert_equal 'sudopass', secrets[:effective_user_password]
         assert_equal 'keypass', secrets[:key_passphrase]
       end
 
@@ -31,7 +31,7 @@ module ForemanRemoteExecution
         secrets = subject.secrets(host, job_invocation, provider)
 
         assert_equal 'jobsshpass', secrets[:ssh_password]
-        assert_equal 'sudopass', secrets[:sudo_password]
+        assert_equal 'sudopass', secrets[:effective_user_password]
         assert_equal 'jobkeypass', secrets[:key_passphrase]
       end
     end

data/test/unit/actions/run_hosts_job_test.rb

@@ -14,7 +14,7 @@ module ForemanRemoteExecution
         invocation.description = 'Some short description'
         invocation.password = 'changeme'
         invocation.key_passphrase = 'changemetoo'
-        invocation.sudo_password = 'sudopassword'
+        invocation.effective_user_password = 'sudopassword'
         invocation.save
       end
     end

data/test/unit/job_invocation_composer_test.rb

@@ -523,15 +523,15 @@ class JobInvocationComposerTest < ActiveSupport::TestCase
         end
       end
 
-      describe '#sudo_password' do
-        let(:sudo_password) { 'password' }
+      describe '#effective_user_password' do
+        let(:effective_user_password) { 'password' }
         let(:params) do
-          { :job_invocation => { :sudo_password => sudo_password }}
+          { :job_invocation => { :effective_user_password => effective_user_password }}
         end
 
-        it 'sets the sudo password properly' do
+        it 'sets the effective_user_password password properly' do
           composer
-          _(composer.job_invocation.sudo_password).must_equal sudo_password
+          _(composer.job_invocation.effective_user_password).must_equal effective_user_password
         end
       end
 

data/test/unit/remote_execution_provider_test.rb

@@ -78,12 +78,12 @@ class RemoteExecutionProviderTest < ActiveSupport::TestCase
       end
     end
 
-    describe 'sudo password' do
-      it 'uses the remote_execution_sudo_password on the host param' do
-        host.params['remote_execution_sudo_password'] = 'mypassword'
-        host.host_parameters << FactoryBot.create(:host_parameter, :host => host, :name => 'remote_execution_sudo_password', :value => 'mypassword')
-        assert_not proxy_options.key?(:sudo_password)
-        _(secrets[:sudo_password]).must_equal 'mypassword'
+    describe 'effective user password' do
+      it 'uses the remote_execution_effective_user_password on the host param' do
+        host.params['remote_execution_effective_user_password'] = 'mypassword'
+        host.host_parameters << FactoryBot.create(:host_parameter, :host => host, :name => 'remote_execution_effective_user_password', :value => 'mypassword')
+        assert_not proxy_options.key?(:effective_user_password)
+        _(secrets[:effective_user_password]).must_equal 'mypassword'
       end
     end
 

data/webpack/__mocks__/foremanReact/components/Pagination/PaginationWrapper.js

@@ -0,0 +1,2 @@
+const PaginationWrapper = () => jest.fn();
+export default PaginationWrapper;

data/webpack/__mocks__/foremanReact/components/SearchBar.js

@@ -0,0 +1,2 @@
+const SearchBar = () => jest.fn();
+export default SearchBar;

data/webpack/__mocks__/foremanReact/constants.js

@@ -1,3 +1,24 @@
 export const STATUS = {
+  PENDING: 'PENDING',
+  RESOLVED: 'RESOLVED',
   ERROR: 'ERROR',
 };
+
+export const getControllerSearchProps = (
+  controller,
+  id = 'searchBar',
+  canCreate = true
+) => ({
+  controller,
+  autocomplete: {
+    id,
+    searchQuery: '',
+    url: `${controller}/auto_complete_search`,
+    useKeyShortcuts: true,
+  },
+  bookmarks: {
+    url: '/api/bookmarks',
+    canCreate,
+    documentationUrl: `4.1.5Searching`,
+  },
+});

data/webpack/__mocks__/foremanReact/redux/API/APISelectors.js

@@ -0,0 +1,2 @@
+export const selectAPIStatus = () => 'RESOLVED';
+export const selectAPIResponse = state => state;

data/webpack/__mocks__/foremanReact/redux/middlewares/IntervalMiddleware/IntervalSelectors.js

@@ -0,0 +1 @@
+export const selectDoesIntervalExist = () => false;

data/webpack/react_app/components/TargetingHosts/TargetingHosts.js

@@ -5,8 +5,8 @@ import { LoadingState, Alert } from 'patternfly-react';
 import { STATUS } from 'foremanReact/constants';
 import HostItem from './components/HostItem';
 
-const TargetingHosts = ({ status, items }) => {
-  if (status === STATUS.ERROR) {
+const TargetingHosts = ({ apiStatus, items }) => {
+  if (apiStatus === STATUS.ERROR) {
     return (
       <Alert type="error">
         {__(
@@ -16,8 +16,24 @@ const TargetingHosts = ({ status, items }) => {
     );
   }
 
+  const tableBodyRows = items.length ? (
+    items.map(({ name, link, status, actions }) => (
+      <HostItem
+        key={name}
+        name={name}
+        link={link}
+        status={status}
+        actions={actions}
+      />
+    ))
+  ) : (
+    <tr>
+      <td colSpan="3">{__('No hosts found.')}</td>
+    </tr>
+  );
+
   return (
-    <LoadingState loading={!items.length}>
+    <LoadingState loading={!items.length && apiStatus === STATUS.PENDING}>
       <div>
         <table className="table table-bordered table-striped table-hover">
           <thead>
@@ -27,17 +43,7 @@ const TargetingHosts = ({ status, items }) => {
               <th>{__('Actions')}</th>
             </tr>
           </thead>
-          <tbody>
-            {items.map(host => (
-              <HostItem
-                key={host.name}
-                name={host.name}
-                link={host.link}
-                status={host.status}
-                actions={host.actions}
-              />
-            ))}
-          </tbody>
+          <tbody>{tableBodyRows}</tbody>
         </table>
       </div>
     </LoadingState>
@@ -45,7 +51,7 @@ const TargetingHosts = ({ status, items }) => {
 };
 
 TargetingHosts.propTypes = {
-  status: PropTypes.string.isRequired,
+  apiStatus: PropTypes.string.isRequired,
   items: PropTypes.array.isRequired,
 };