foreman_remote_execution 3.3.4 → 4.1.0

data/app/views/job_invocations/show.html.erb

@@ -2,6 +2,9 @@
 <% stylesheet 'foreman_remote_execution/foreman_remote_execution' %>
 <% javascript 'charts', 'foreman_remote_execution/template_invocation' %>
 <% javascript *webpack_asset_paths('foreman_remote_execution', :extension => 'js') %>
+<% content_for(:stylesheets) do %>
+  <%= webpacked_plugins_css_for :foreman_remote_execution %>
+<% end %>
 
 <%= breadcrumbs name_field: 'description' %>
 
@@ -41,3 +44,9 @@
   <% end %>
   <%= render_tab_content_for(:main_tabs, subject: @job_invocation) %>
 </div>
+
+<script id="job_invocation_refresh" data-refresh-url="<%= job_invocation_path(@job_invocation) %>">
+  <% if @auto_refresh %>
+    delayed_refresh($('script#job_invocation_refresh').data('refresh-url'), {});
+  <% end %>
+</script>

data/app/views/job_invocations/show.js.erb

@@ -0,0 +1,5 @@
+$('div#title_action div.btn-group').html('<%= button_group(job_invocation_task_buttons(@job_invocation.task)).html_safe %>');
+
+<% if @auto_refresh %>
+  delayed_refresh($('script#job_invocation_refresh').data('refresh-url'), job_invocation_refresh_data());
+<% end %>

data/app/views/job_invocations/show.json.erb

@@ -1,4 +1,5 @@
 {
   "autoRefresh": "<%= @auto_refresh %>",
-  "hosts": <%= targeting_hosts(@job_invocation, @hosts).to_json.html_safe %>
+  "hosts": <%= targeting_hosts(@job_invocation, @hosts).to_json.html_safe %>,
+  "total_hosts": <%= @total_hosts %>
 }

data/db/migrate/20200623073022_rename_sudo_password_to_effective_user_password.rb

@@ -0,0 +1,34 @@
+class RenameSudoPasswordToEffectiveUserPassword < ActiveRecord::Migration[6.0]
+  def up
+    rename_column :job_invocations, :sudo_password, :effective_user_password
+
+    Parameter.where(name: 'remote_execution_sudo_password').each do |parameter|
+      record = Parameter.find_by(type: parameter.type, reference_id: parameter.reference_id, name: "remote_execution_effective_user_password")
+      if record.nil?
+        parameter.update(name: "remote_execution_effective_user_password")
+      end
+    end
+
+    return unless (password = Setting.find_by(:name => 'remote_execution_sudo_password').try(:value))
+
+    Setting.find_by(:name => 'remote_execution_effective_user_password').update(value: password)
+
+    Setting.find_by(:name => 'remote_execution_sudo_password').delete
+  end
+
+  def down
+    rename_column :job_invocations, :effective_user_password, :sudo_password
+
+    Parameter.where(name: 'remote_execution_effective_user_password').each do |parameter|
+      record = Parameter.find_by(type: parameter.type, reference_id: parameter.reference_id, name: "remote_execution_sudo_password")
+      if record.nil?
+        parameter.update(name: "remote_execution_sudo_password")
+      end
+    end
+
+    return unless (password = Setting.find_by(:name => 'remote_execution_effective_user_password').try(:value))
+
+    Setting.create!(name: 'remote_execution_sudo_password', value: password, description: 'Sudo password', category: 'Setting::RemoteExecution', settings_type: 'string', full_name: 'Sudo password',encrypted: true, default: nil)
+    Setting.find_by(:name => 'remote_execution_effective_user_password').delete
+  end
+end

data/db/seeds.d/20-permissions.rb

@@ -0,0 +1,9 @@
+view_permission = Permission.find_by(name: "view_job_invocations", resource_type: 'JobInvocation')
+default_role = Role.default
+
+# the view_permissions can be nil in tests: skipping in that case
+if view_permission && !default_role.permissions.include?(view_permission)
+  default_role.filters.create(:search => 'user = current_user') do |filter|
+    filter.filterings.build { |f| f.permission = view_permission }
+  end
+end

data/lib/foreman_remote_execution/engine.rb

@@ -32,6 +32,15 @@ module ForemanRemoteExecution
       end
     end
 
+    # A workaround for https://projects.theforeman.org/issues/30685
+    initializer 'foreman_remote_execution.rails_loading_workaround' do
+      # Without this, in production environment the module gets prepended too
+      # late and the extensions do not get applied
+      # TODO: Remove this and from config.to_prepare once there is an extension
+      # point in Foreman
+      ProvisioningTemplatesHelper.prepend ForemanRemoteExecution::JobTemplatesExtensions
+    end
+
     initializer 'foreman_remote_execution.apipie' do
       Apipie.configuration.checksum_path += ['/api/']
     end
@@ -44,9 +53,12 @@ module ForemanRemoteExecution
 
     initializer 'foreman_remote_execution.register_plugin', before: :finisher_hook do |_app|
       Foreman::Plugin.register :foreman_remote_execution do
-        requires_foreman '>= 1.25'
+        requires_foreman '>= 2.2'
 
         apipie_documented_controllers ["#{ForemanRemoteExecution::Engine.root}/app/controllers/api/v2/*.rb"]
+        ApipieDSL.configuration.dsl_classes_matchers += [
+          "#{ForemanRemoteExecution::Engine.root}/app/lib/foreman_remote_execution/renderer/**/*.rb",
+        ]
 
         automatic_assets(false)
         precompile_assets(*assets_to_precompile)
@@ -135,6 +147,9 @@ module ForemanRemoteExecution
         end
 
         extend_rabl_template 'api/v2/smart_proxies/main', 'api/v2/smart_proxies/pubkey'
+        extend_rabl_template 'api/v2/interfaces/main', 'api/v2/interfaces/execution_flag'
+        extend_rabl_template 'api/v2/subnets/show', 'api/v2/subnets/remote_execution_proxies'
+        parameter_filter ::Subnet, :remote_execution_proxy_ids
         describe_host { overview_buttons_provider :host_overview_buttons }
       end
     end
@@ -181,6 +196,7 @@ module ForemanRemoteExecution
       SmartProxy.prepend ForemanRemoteExecution::SmartProxyExtensions
       Subnet.include ForemanRemoteExecution::SubnetExtensions
 
+      ::Api::V2::InterfacesController.include Api::V2::InterfacesControllerExtensions
       # We need to explicitly force to load the Task model due to Rails loader
       # having issues with resolving it to Rake::Task otherwise
       require_dependency 'foreman_tasks/task'
@@ -189,6 +205,8 @@ module ForemanRemoteExecution
       RemoteExecutionProvider.register(:SSH, SSHExecutionProvider)
 
       ForemanRemoteExecution.register_rex_feature
+
+      ::Api::V2::SubnetsController.include ::ForemanRemoteExecution::Concerns::Api::V2::SubnetsControllerExtensions
     end
 
     initializer 'foreman_remote_execution.register_gettext', after: :load_config_initializers do |_app|

data/lib/foreman_remote_execution/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecution
-  VERSION = '3.3.4'.freeze
+  VERSION = '4.1.0'.freeze
 end

data/test/functional/api/v2/job_invocations_controller_test.rb

@@ -38,13 +38,14 @@ module Api
 
         test 'should see only permitted hosts' do
           @user = FactoryBot.create(:user, admin: false)
+          @invocation.task.update(user: @user)
           setup_user('view', 'job_invocations', nil, @user)
           setup_user('view', 'hosts', 'name ~ nope.example.com', @user)
 
-          get :show, params: { :id => @invocation.id }, session: set_session_user(@user)
+          get :show, params: { :id => @invocation.id }, session: prepare_user(@user)
           assert_response :success
           response = ActiveSupport::JSON.decode(@response.body)
-          assert_empty response['targeting']['hosts']
+          assert_equal response['targeting']['hosts'], []
         end
       end
 
@@ -298,6 +299,68 @@ module Api
         post :rerun, params: { :id => @invocation.id }
         assert_response 404
       end
+
+      describe 'restricted access' do
+        setup do
+          @admin = FactoryBot.create(:user, mail: 'admin@test.foreman.com', admin: true)
+          @user = FactoryBot.create(:user, mail: 'user@test.foreman.com', admin: false)
+          @invocation = FactoryBot.create(:job_invocation, :with_template, :with_task, :with_unplanned_host)
+          @invocation2 = FactoryBot.create(:job_invocation, :with_template, :with_task, :with_unplanned_host)
+
+          @invocation.task.update(user: @admin)
+          @invocation2.task.update(user: @user)
+
+          setup_user 'view', 'hosts', nil, @user
+          setup_user 'view', 'job_invocations', 'user = current_user', @user
+          setup_user 'create', 'job_invocations', 'user = current_user', @user
+          setup_user 'cancel', 'job_invocations', 'user = current_user', @user
+        end
+
+        let(:host) { @invocation.targeting.hosts.first }
+        let(:host2) { @invocation2.targeting.hosts.first }
+
+        context 'without user filter' do
+          test '#index' do
+            get :index, session: prepare_user(@admin)
+            assert_response :success
+            assert JSON.parse(@response.body)['results'].size >= 2
+          end
+
+          test '#show' do
+            get :show, params: { id: @invocation2.id }, session: prepare_user(@admin)
+            assert_response :success
+          end
+
+          test '#output' do
+            get :output, params: { job_invocation_id: @invocation2.id, host_id: host2.id }, session: prepare_user(@admin)
+            assert_response :success
+          end
+        end
+
+        context 'with user filter' do
+          test '#index' do
+            get :index, session: prepare_user(@user)
+            assert_response :success
+            assert_equal 1, JSON.parse(@response.body)['results'].size
+          end
+
+          test '#show' do
+            get :show, params: { id: @invocation.id }, session: prepare_user(@user)
+            assert_response :not_found
+          end
+
+          test '#output' do
+            get :output, params: { job_invocation_id: @invocation.id, host_id: host.id }, session: prepare_user(@user)
+            assert_response :not_found
+            assert_includes @response.body, 'Job invocation not found'
+          end
+        end
+      end
+
+      def prepare_user(user)
+        User.current = user
+        set_session_user(user)
+      end
     end
   end
 end

data/test/functional/job_invocations_controller_test.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'test_plugin_helper'
+require_relative '../support/remote_execution_helper'
 
 class JobInvocationsControllerTest < ActionController::TestCase
   test 'should parse inputs coming from the URL params' do
@@ -58,4 +59,74 @@ class JobInvocationsControllerTest < ActionController::TestCase
     post :new, params: params, session: set_session_user
     assert_response :success
   end
+
+  context 'restricted access' do
+    setup do
+      @admin = users(:admin)
+      @user = FactoryBot.create(:user, mail: 'test23@test.foreman.com', admin: false)
+      @invocation = FactoryBot.create(:job_invocation, :with_template, :with_task)
+      @invocation2 = FactoryBot.create(:job_invocation, :with_template, :with_task)
+
+      @invocation.task.update(user: @admin)
+      @invocation2.task.update(user: @user)
+
+      setup_user 'view', 'hosts', nil, @user
+      setup_user 'view', 'job_invocations', 'user = current_user', @user
+      setup_user 'create', 'job_invocations', 'user = current_user', @user
+      setup_user 'cancel', 'job_invocations', 'user = current_user', @user
+    end
+
+    context 'without user filter' do
+      test '#index' do
+        get :index, session: prepare_user(@admin)
+        assert_response :success
+        assert 2, assigns(:job_invocations).size
+      end
+
+      test '#show' do
+        get :show, params: { id: @invocation2.id }, session: prepare_user(@admin)
+        assert_response :success
+      end
+
+      test '#rerun' do
+        get :rerun, params: { id: @invocation2.id }, session: prepare_user(@admin)
+        assert_response :success
+      end
+
+      test '#cancel' do
+        ForemanTasks::Task.any_instance.expects(:cancel).returns(true)
+        post :cancel, params: { id: @invocation2.id }, session: prepare_user(@admin)
+        assert_response :redirect
+      end
+    end
+
+    context 'with user filter' do
+      test '#index' do
+        get :index, session: prepare_user(@user)
+        assert_response :success
+        assert_equal 1, assigns(:job_invocations).size
+        assert_equal @invocation2, assigns(:job_invocations)[0]
+      end
+
+      test '#show' do
+        get :show, params: { id: @invocation.id }, session: prepare_user(@user)
+        assert_response :not_found
+      end
+
+      test '#rerun' do
+        get :rerun, params: { id: @invocation.id }, session: prepare_user(@user)
+        assert_response :not_found
+      end
+
+      test 'cancel' do
+        post :cancel, params: { id: @invocation.id }, session: prepare_user(@user)
+        assert_response :not_found
+      end
+    end
+  end
+
+  def prepare_user(user)
+    User.current = user
+    set_session_user(user)
+  end
 end

data/test/models/orchestration/ssh_test.rb

@@ -30,7 +30,7 @@ class SSHOrchestrationTest < ActiveSupport::TestCase
 
   it 'does not fail on 404 from the smart proxy' do
     host.stubs(:skip_orchestration?).returns false
-    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).raises(RestClient::ResourceNotFound).twice
+    ::ProxyAPI::RemoteExecutionSSH.any_instance.expects(:delete).raises(RestClient::ResourceNotFound).twice
     host.build = true
     host.save!
     ids = ["ssh_remove_known_hosts_interface_#{interface.ip}_#{proxy.id}",

data/test/support/remote_execution_helper.rb

@@ -0,0 +1,5 @@
+module RemoteExecutionHelper
+  def job_invocation_task_buttons(task)
+    return []
+  end
+end

data/test/unit/actions/run_host_job_test.rb

@@ -12,7 +12,7 @@ module ForemanRemoteExecution
       let(:provider) do
         provider = ::SSHExecutionProvider
         provider.expects(:ssh_password).with(host).returns('sshpass')
-        provider.expects(:sudo_password).with(host).returns('sudopass')
+        provider.expects(:effective_user_password).with(host).returns('sudopass')
         provider.expects(:ssh_key_passphrase).with(host).returns('keypass')
         provider
       end
@@ -21,7 +21,7 @@ module ForemanRemoteExecution
         secrets = subject.secrets(host, job_invocation, provider)
 
         assert_equal 'sshpass', secrets[:ssh_password]
-        assert_equal 'sudopass', secrets[:sudo_password]
+        assert_equal 'sudopass', secrets[:effective_user_password]
         assert_equal 'keypass', secrets[:key_passphrase]
       end
 
@@ -31,7 +31,7 @@ module ForemanRemoteExecution
         secrets = subject.secrets(host, job_invocation, provider)
 
         assert_equal 'jobsshpass', secrets[:ssh_password]
-        assert_equal 'sudopass', secrets[:sudo_password]
+        assert_equal 'sudopass', secrets[:effective_user_password]
         assert_equal 'jobkeypass', secrets[:key_passphrase]
       end
     end

data/test/unit/actions/run_hosts_job_test.rb

@@ -14,7 +14,7 @@ module ForemanRemoteExecution
         invocation.description = 'Some short description'
         invocation.password = 'changeme'
         invocation.key_passphrase = 'changemetoo'
-        invocation.sudo_password = 'sudopassword'
+        invocation.effective_user_password = 'sudopassword'
         invocation.save
       end
     end
@@ -73,7 +73,7 @@ module ForemanRemoteExecution
     end
 
     it 'triggers the RunHostJob actions on the resolved hosts in run phase' do
-      planned.expects(:output).returns(:planned_count => 0)
+      planned.expects(:output).at_most(5).returns(:planned_count => 0)
       planned.expects(:trigger).with { |*args| args[0] == Actions::RemoteExecution::RunHostJob }
       planned.create_sub_plans
     end

data/test/unit/job_invocation_composer_test.rb

@@ -523,15 +523,15 @@ class JobInvocationComposerTest < ActiveSupport::TestCase
         end
       end
 
-      describe '#sudo_password' do
-        let(:sudo_password) { 'password' }
+      describe '#effective_user_password' do
+        let(:effective_user_password) { 'password' }
         let(:params) do
-          { :job_invocation => { :sudo_password => sudo_password }}
+          { :job_invocation => { :effective_user_password => effective_user_password }}
         end
 
-        it 'sets the sudo password properly' do
+        it 'sets the effective_user_password password properly' do
           composer
-          _(composer.job_invocation.sudo_password).must_equal sudo_password
+          _(composer.job_invocation.effective_user_password).must_equal effective_user_password
         end
       end
 

data/test/unit/remote_execution_provider_test.rb

@@ -78,12 +78,12 @@ class RemoteExecutionProviderTest < ActiveSupport::TestCase
       end
     end
 
-    describe 'sudo password' do
-      it 'uses the remote_execution_sudo_password on the host param' do
-        host.params['remote_execution_sudo_password'] = 'mypassword'
-        host.host_parameters << FactoryBot.create(:host_parameter, :host => host, :name => 'remote_execution_sudo_password', :value => 'mypassword')
-        assert_not proxy_options.key?(:sudo_password)
-        _(secrets[:sudo_password]).must_equal 'mypassword'
+    describe 'effective user password' do
+      it 'uses the remote_execution_effective_user_password on the host param' do
+        host.params['remote_execution_effective_user_password'] = 'mypassword'
+        host.host_parameters << FactoryBot.create(:host_parameter, :host => host, :name => 'remote_execution_effective_user_password', :value => 'mypassword')
+        assert_not proxy_options.key?(:effective_user_password)
+        _(secrets[:effective_user_password]).must_equal 'mypassword'
       end
     end
 

data/webpack/__mocks__/foremanReact/components/Pagination/PaginationWrapper.js

@@ -0,0 +1,2 @@
+const PaginationWrapper = () => jest.fn();
+export default PaginationWrapper;

data/webpack/__mocks__/foremanReact/components/SearchBar.js

@@ -0,0 +1,2 @@
+const SearchBar = () => jest.fn();
+export default SearchBar;

data/webpack/__mocks__/foremanReact/constants.js

@@ -1,3 +1,24 @@
 export const STATUS = {
+  PENDING: 'PENDING',
+  RESOLVED: 'RESOLVED',
   ERROR: 'ERROR',
 };
+
+export const getControllerSearchProps = (
+  controller,
+  id = 'searchBar',
+  canCreate = true
+) => ({
+  controller,
+  autocomplete: {
+    id,
+    searchQuery: '',
+    url: `${controller}/auto_complete_search`,
+    useKeyShortcuts: true,
+  },
+  bookmarks: {
+    url: '/api/bookmarks',
+    canCreate,
+    documentationUrl: `4.1.5Searching`,
+  },
+});