foreman_remote_execution 3.3.6 → 4.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e4ef364cf00a1676f5397c066e7723de19f5ceacd2c3a154dc5c79a79736e80
-  data.tar.gz: 3fbfc638b7d1ecb65582d321f92d01abd3295316936e0a16973786d3e3848ac4
+  metadata.gz: aba1afe9644d85554a140267c452cfd3b11139beaae9f4a8a630b5727480965a
+  data.tar.gz: 5d7772b486693036b2f67fbe8ad1a5efe47cd71cdde6c181aeda855e9e86c113
 SHA512:
-  metadata.gz: 13b36238ecf725847e3b861e097b26b6b89ca54252621bd29a7b857754ecf2d7ed41f743fbadb6906f56e779784dec94593ec6b30538f265ecc1247de8722044
-  data.tar.gz: 395fab0f133956214ddd821e9bde1702ee4c0b376ee9d653e778b1a27f3918a68124063a7fa1b568343fb056fe051543b3229a1f4e11815ac7ffc995c1bb0930
+  metadata.gz: 32d88414d2e6c0aa3e2dc4395b75a241cd34f912f6083806bdee4c271fce8ace3fbeaa6ec7d7c436eb61fd553b46022576b4a4706af7460122a5cf2ccab70415
+  data.tar.gz: 2aafc6f68bd1bb2289ba5fa757a2b8d146d5488d851adc0b2edd88749232ea9b496d30dff85f9ad580c529fbc065002e962f1925802bcdce5d117461481ebfbe

data/.github/workflows/ci.yml

@@ -30,7 +30,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        foreman-core-branch: [2.1-stable, develop]
+        foreman-core-branch: [develop]
         ruby-version: [2.5, 2.6]
         node-version: [12]
     steps:

data/app/controllers/api/v2/job_invocations_controller.rb

@@ -6,7 +6,7 @@ module Api
 
       before_action :find_optional_nested_object, :only => %w{output raw_output}
       before_action :find_host, :only => %w{output raw_output}
-      before_action :find_resource, :only => %w{show update destroy clone cancel rerun}
+      before_action :find_resource, :only => %w{show update destroy clone cancel rerun outputs}
 
       wrap_parameters JobInvocation, :include => (JobInvocation.attribute_names + [:ssh])
 
@@ -137,6 +137,24 @@ module Api
         end
       end
 
+      api :GET, '/job_invocations/:id/outputs', N_('Get outputs of hosts in a job')
+      param :id, :identifier, :required => true
+      param :search_query, :identifier, :required => false
+      param :since, String, :required => false
+      param :raw, String, :required => false
+      def outputs
+        hosts = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
+        hosts = hosts.search_for(params['search_query']) if params['search_query']
+        raw = ActiveRecord::Type::Boolean.new.cast params['raw']
+        default_value = raw ? '' : []
+        outputs = hosts.map do |host|
+          host_output(@job_invocation, host, :default => default_value, :since => params['since'], :raw => raw)
+            .merge(host_id: host.id)
+        end
+
+        render :json => { :outputs => outputs }
+      end
+
       private
 
       def allowed_nested_id
@@ -145,7 +163,7 @@ module Api
 
       def action_permission
         case params[:action]
-        when 'output', 'raw_output'
+        when 'output', 'raw_output', 'outputs'
           :view
         when 'cancel'
           :cancel

data/app/controllers/foreman_remote_execution/concerns/api/v2/registration_controller_extensions.rb

@@ -0,0 +1,26 @@
+module ForemanRemoteExecution
+  module Concerns
+    module Api::V2::RegistrationControllerExtensions
+      module ApipieExtensions
+        extend Apipie::DSL::Concern
+
+        update_api(:global, :host) do
+          param :remote_execution_interface, String, desc: N_("Identifier of the Host interface for Remote execution")
+        end
+      end
+
+      extend ActiveSupport::Concern
+
+      def host_setup_extension
+        remote_execution_interface
+        super
+      end
+
+      def remote_execution_interface
+        return unless params['remote_execution_interface'].present?
+
+        @host.set_execution_interface(params['remote_execution_interface'])
+      end
+    end
+  end
+end

data/app/controllers/foreman_remote_execution/concerns/api/v2/subnets_controller_extensions.rb

@@ -0,0 +1,21 @@
+module ForemanRemoteExecution
+  module Concerns
+    module Api::V2::SubnetsControllerExtensions
+      module ApiPieExtensions
+        extend ::Apipie::DSL::Concern
+
+        update_api(:create, :update) do
+          param :subnet, Hash do
+            param :remote_execution_proxy_ids, Array, _('List of proxy IDs to be used for remote execution')
+          end
+        end
+      end
+
+      extend ActiveSupport::Concern
+
+      included do
+        include ApiPieExtensions
+      end
+    end
+  end
+end

data/app/controllers/job_invocations_controller.rb

@@ -52,16 +52,18 @@ class JobInvocationsController < ApplicationController
 
   def show
     @job_invocation = resource_base.includes(:template_invocations => :run_host_job_task).find(params[:id])
-    @auto_refresh = @job_invocation.task.try(:pending?)
-    @resource_base = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
-    # There's no need to do the joining if we're not filtering
-    unless params[:search].nil?
-      @resource_base = @resource_base.joins(:template_invocations)
-                                     .where(:template_invocations => { :job_invocation_id => @job_invocation.id})
-    end
-    @hosts = resource_base_search_and_page
     @job_organization = Taxonomy.find_by(id: @job_invocation.task.input[:current_organization_id])
     @job_location = Taxonomy.find_by(id: @job_invocation.task.input[:current_location_id])
+    @auto_refresh = @job_invocation.task.try(:pending?)
+
+    respond_to do |format|
+      format.json do
+        targeting_hosts_resources
+      end
+
+      format.html
+      format.js
+    end
   end
 
   def index
@@ -153,4 +155,16 @@ class JobInvocationsController < ApplicationController
       JobInvocationComposer.from_ui_params(with_triggering)
     end
   end
+
+  def targeting_hosts_resources
+    @auto_refresh = @job_invocation.task.try(:pending?)
+    @resource_base = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
+
+    unless params[:search].nil?
+      @resource_base = @resource_base.joins(:template_invocations)
+                                     .where(:template_invocations => { :job_invocation_id => @job_invocation.id})
+    end
+    @hosts = resource_base_search_and_page
+    @total_hosts = resource_base_with_search.size
+  end
 end

data/app/controllers/job_templates_controller.rb

@@ -36,7 +36,7 @@ class JobTemplatesController < ::TemplatesController
 
     @template = JobTemplate.import_raw(contents, :update => Foreman::Cast.to_bool(params[:imported_template][:overwrite]))
     if @template&.save
-      flash[:notice] = _('Job template imported successfully.')
+      flash[:success] = _('Job template imported successfully.')
       redirect_to job_templates_path(:search => "name = \"#{@template.name}\"")
     else
       @template ||= JobTemplate.import_raw(contents, :build_new => true)

data/app/helpers/job_invocations_helper.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal:true
 
 module JobInvocationsHelper
-  def minicard(icon, number, text)
+  def minicard(icon, number, text, tooltip: nil)
+    tooltip_options = tooltip ? { :'data-original-title' => tooltip, :rel => 'twipsy' } : {}
     content_tag(:div, :class => 'card-pf card-pf-accented
                 card-pf-aggregate-status card-pf-aggregate-status-mini') do
-      content_tag(:h2, :class => 'card-pf-title', :style => 'line-height: 1.1') do
+      content_tag(:h2, { :class => 'card-pf-title', :style => 'line-height: 1.1' }.merge(tooltip_options)) do
         icon_text(icon, '', :kind => 'pficon') +
         content_tag(:span, number, :class =>'card-pf-aggregate-status-count') +
         text

data/app/lib/actions/remote_execution/run_host_job.rb

@@ -60,7 +60,7 @@ module Actions
       def secrets(host, job_invocation, provider)
         job_secrets = { :ssh_password => job_invocation.password,
                         :key_passphrase => job_invocation.key_passphrase,
-                        :sudo_password => job_invocation.sudo_password }
+                        :effective_user_password => job_invocation.effective_user_password }
 
         job_secrets.merge(provider.secrets(host)) { |_key, job_secret, provider_secret| job_secret || provider_secret }
       end

data/app/lib/actions/remote_execution/run_hosts_job.rb

@@ -47,7 +47,7 @@ module Actions
       end
 
       def finalize
-        job_invocation.password = job_invocation.key_passphrase = job_invocation.sudo_password = nil
+        job_invocation.password = job_invocation.key_passphrase = job_invocation.effective_user_password = nil
         job_invocation.save!
 
         Rails.logger.debug "cleaning cache for keys that begin with 'job_invocation_#{job_invocation.id}'"
@@ -57,15 +57,24 @@ module Actions
       end
 
       def job_invocation
-        @job_invocation ||= JobInvocation.find(input[:job_invocation_id])
+        id = input[:job_invocation_id] || input.fetch(:job_invocation, {})[:id]
+        @job_invocation ||= JobInvocation.find(id)
       end
 
       def batch(from, size)
         hosts.offset(from).limit(size)
       end
 
+      def initiate
+        output[:host_count] = total_count
+        super
+      end
+
       def total_count
-        hosts.count
+        # For compatibility with already existing tasks
+        return output[:total_count] unless output.has_key?(:host_count) || task.pending?
+
+        output[:host_count] || hosts.count
       end
 
       def hosts

data/app/lib/foreman_remote_execution/renderer/scope/input.rb

@@ -3,14 +3,33 @@ module ForemanRemoteExecution
     module Scope
       class Input < ::Foreman::Renderer::Scope::Template
         include Foreman::Renderer::Scope::Macros::HostTemplate
+        extend ApipieDSL::Class
 
         attr_reader :template, :host, :invocation, :input_template_instance, :current_user
         delegate :input, to: :input_template_instance
 
+        apipie :class, 'Macros related to template rendering' do
+          name 'Template Input Render'
+          sections only: %w[all jobs]
+        end
+
+        apipie :method, 'Always raises an error with a description provided as an argument' do
+          desc 'This method is useful for aborting script execution if some of the conditions are not met'
+          required :message, String, desc: 'Description for the error'
+          raises error: ::InputTemplateRenderer::RenderError, desc: 'The error is always being raised'
+          returns nil, desc: "Doesn't return anything"
+          example "<%
+  @host.operatingsystem #=> nil
+  render_error(N_('Unsupported or no operating system found for this host.')) unless @host.operatingsystem #=> InputTemplateRenderer::RenderError is raised and the execution of the script is aborted
+%>"
+        end
         def render_error(message)
           raise ::InputTemplateRenderer::RenderError.new(message)
         end
 
+        apipie :method, 'Check whether the template in preview mode or not' do
+          returns one_of: [true, false], desc: 'Returns true if the template in preview mode, false otherwise'
+        end
         def preview?
           !!@preview
         end
@@ -23,6 +42,16 @@ module ForemanRemoteExecution
           Rails.cache.fetch(cache_key, &block)
         end
 
+        # rubocop:disable Lint/InterpolationCheck
+        apipie :method, 'Render template by given name' do
+          required :template_name, String, desc: 'name of the template to render'
+          optional :input_values, Hash, desc: 'key:value list of input values for the template'
+          optional :options, Hash, desc: 'Additional options such as :with_foreign_input_set. Set to true if a foreign input set should be considered when rendering the template'
+          raises error: StandardError, desc: 'raises an error if there is no template or template input with such name'
+          returns String, desc: 'Rendered template'
+          example '<%= render_template("Run Command - Ansible Default", command: "yum -y group install #{input("package")}") %>'
+        end
+        # rubocop:enable Lint/InterpolationCheck
         def render_template(template_name, input_values = {}, options = {})
           options.assert_valid_keys(:with_foreign_input_set)
           with_foreign_input_set = options.fetch(:with_foreign_input_set, true)
@@ -59,6 +88,12 @@ module ForemanRemoteExecution
           input_values.merge(overrides).with_indifferent_access
         end
 
+        apipie :method, 'Returns the value of template input' do
+          required :name, String, desc: 'name of the template input'
+          raises error: UndefinedInput, desc: 'when there is no input with such name defined for the current template'
+          returns Object, desc: 'The value of template input'
+          example 'input("Include Facts") #=> "yes"'
+        end
         def input(name)
           return template_input_values[name.to_s] if template_input_values.key?(name.to_s)
 

data/app/models/concerns/api/v2/interfaces_controller_extensions.rb

@@ -0,0 +1,13 @@
+module Api
+  module V2
+    module InterfacesControllerExtensions
+      extend Apipie::DSL::Concern
+
+      update_api(:create, :update) do
+        param :interface, Hash do
+          param :execution, :bool, :desc => N_('Should this interface be used for remote execution?')
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/foreman_remote_execution/host_extensions.rb

@@ -44,29 +44,33 @@ module ForemanRemoteExecution
       @execution_status_label ||= get_status(HostStatus::ExecutionStatus).to_label(options)
     end
 
+    # rubocop:disable Naming/MemoizedInstanceVariableName
     def host_params_hash
-      params = super
-      keys = remote_execution_ssh_keys
-      source = 'global'
-      if keys.present?
-        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| [v].flatten.compact }
-        params['remote_execution_ssh_keys'] = {:value => value + keys, :safe_value => safe_value + keys, :source => source}
-      end
-      [:remote_execution_ssh_user, :remote_execution_effective_user_method,
-       :remote_execution_connect_by_ip].each do |key|
-        value = Setting[key]
-        params[key.to_s] = {:value => value, :safe_value => value, :source => source} unless params.key?(key.to_s)
-      end
-      params
+      @cached_rex_host_params_hash ||= extend_host_params_hash(super)
     end
+    # rubocop:enable Naming/MemoizedInstanceVariableName
 
     def execution_interface
       get_interface_by_flag(:execution)
     end
 
+    def set_execution_interface(identifier)
+      if interfaces.find_by(identifier: identifier).nil?
+        msg = (N_("Interface with the '%s' identifier was specified as a remote execution interface, however the interface was not found on the host. If the interface exists, it needs to be created in Foreman during the registration.") % identifier)
+        raise ActiveRecord::RecordNotFound, msg
+      end
+
+      # Only one interface at time can be used for REX, all other must be set to false
+      interfaces.each { |int| int.execution = (int.identifier == identifier) }
+      interfaces.each(&:save!)
+    end
+
     def remote_execution_proxies(provider, authorized = true)
       proxies = {}
-      proxies[:subnet]   = execution_interface.subnet.remote_execution_proxies.with_features(provider) if execution_interface&.subnet
+      proxies[:subnet] = []
+      proxies[:subnet] += execution_interface.subnet6.remote_execution_proxies.with_features(provider) if execution_interface&.subnet6
+      proxies[:subnet] += execution_interface.subnet.remote_execution_proxies.with_features(provider) if execution_interface&.subnet
+      proxies[:subnet].uniq!
       proxies[:fallback] = smart_proxies.with_features(provider) if Setting[:remote_execution_fallback_proxy]
 
       if Setting[:remote_execution_global_proxy]
@@ -102,8 +106,28 @@ module ForemanRemoteExecution
       super(*args)
     end
 
+    def clear_host_parameters_cache!
+      super
+      @cached_rex_host_params_hash = nil
+    end
+
     private
 
+    def extend_host_params_hash(params)
+      keys = remote_execution_ssh_keys
+      source = 'global'
+      if keys.present?
+        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| [v].flatten.compact }
+        params['remote_execution_ssh_keys'] = {:value => value + keys, :safe_value => safe_value + keys, :source => source}
+      end
+      [:remote_execution_ssh_user, :remote_execution_effective_user_method,
+       :remote_execution_connect_by_ip].each do |key|
+        value = Setting[key]
+        params[key.to_s] = {:value => value, :safe_value => value, :source => source} unless params.key?(key.to_s)
+      end
+      params
+    end
+
     def build_required_interfaces(attrs = {})
       super(attrs)
       self.primary_interface.execution = true if self.execution_interface.nil?

data/app/models/job_invocation.rb

@@ -22,6 +22,7 @@ class JobInvocation < ApplicationRecord
   validates :job_category, :presence => true
   validates_associated :targeting, :all_template_invocations
 
+  scoped_search :on => :id, :complete_value => true
   scoped_search :on => :job_category, :complete_value => true
   scoped_search :on => :description, :complete_value => true
 
@@ -41,7 +42,10 @@ class JobInvocation < ApplicationRecord
   has_many :template_invocation_tasks, :through => :template_invocations,
                                        :class_name => 'ForemanTasks::Task',
                                        :source => 'run_host_job_task'
-
+  has_one :user, through: :task
+  scoped_search relation: :user, on: :login, rename: 'user', complete_value: true,
+                value_translation: ->(value) { value == 'current_user' ? User.current.login : value },
+                special_values: [:current_user], aliases: ['owner'], :only_explicit => true
   scoped_search :relation => :task, :on => :started_at, :rename => 'started_at', :complete_value => true
   scoped_search :relation => :task, :on => :start_at, :rename => 'start_at', :complete_value => true
   scoped_search :relation => :task, :on => :ended_at, :rename => 'ended_at', :complete_value => true
@@ -70,7 +74,7 @@ class JobInvocation < ApplicationRecord
 
   delegate :start_at, :to => :task, :allow_nil => true
 
-  encrypts :password, :key_passphrase, :sudo_password
+  encrypts :password, :key_passphrase, :effective_user_password
 
   def self.search_by_status(key, operator, value)
     conditions = HostStatus::ExecutionStatus::ExecutionTaskStatusMapper.sql_conditions_for(value)
@@ -139,7 +143,7 @@ class JobInvocation < ApplicationRecord
       invocation.pattern_template_invocations = self.pattern_template_invocations.map(&:deep_clone)
       invocation.password = self.password
       invocation.key_passphrase = self.key_passphrase
-      invocation.sudo_password = self.sudo_password
+      invocation.effective_user_password = self.effective_user_password
     end
   end
 
@@ -170,7 +174,7 @@ class JobInvocation < ApplicationRecord
 
   def total_hosts_count
     if targeting.resolved?
-      targeting.hosts.count
+      task&.main_action&.total_count || targeting.hosts.count
     else
       _('N/A')
     end
@@ -240,6 +244,10 @@ class JobInvocation < ApplicationRecord
     !task.pending?
   end
 
+  def missing_hosts_count
+    targeting.resolved? ? total_hosts_count - targeting.hosts.count : 0
+  end
+
   private
 
   def failed_template_invocations

data/app/models/job_invocation_composer.rb

@@ -15,7 +15,7 @@ class JobInvocationComposer
         :description_format => job_invocation_base[:description_format],
         :password => blank_to_nil(job_invocation_base[:password]),
         :key_passphrase => blank_to_nil(job_invocation_base[:key_passphrase]),
-        :sudo_password => blank_to_nil(job_invocation_base[:sudo_password]),
+        :effective_user_password => blank_to_nil(job_invocation_base[:effective_user_password]),
         :concurrency_control => concurrency_control_params,
         :execution_timeout_interval => execution_timeout_interval,
         :template_invocations => template_invocations_params }.with_indifferent_access
@@ -348,7 +348,7 @@ class JobInvocationComposer
     job_invocation.execution_timeout_interval = params[:execution_timeout_interval]
     job_invocation.password = params[:password]
     job_invocation.key_passphrase = params[:key_passphrase]
-    job_invocation.sudo_password = params[:sudo_password]
+    job_invocation.effective_user_password = params[:effective_user_password]
 
     if @reruns && job_invocation.targeting.static?
       job_invocation.targeting.host_ids = JobInvocation.find(@reruns).targeting.host_ids
@@ -482,7 +482,7 @@ class JobInvocationComposer
 
   def input_value_for(input)
     invocations = pattern_template_invocations
-    default = TemplateInvocationInputValue.new
+    default = TemplateInvocationInputValue.new(:template_input_id => input.id)
     invocations.map(&:input_values).flatten.detect { |iv| iv.template_input_id == input.id } || default
   end