foreman_remote_execution 5.0.1 → 5.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd91f2539393453fe888022502baba8ad7597da50682a4d87a8cf78dcaaebbfa
-  data.tar.gz: 2c97670fa1b3555f9660ea8adee03e48ae83779aff3324d977eae65a70b86956
+  metadata.gz: 59eae566c2961d0c2d5cca855d76ece120748f1c1f6303a5b2fca5928f1b4840
+  data.tar.gz: 1cbb8e8f418e8b8c5823b9b875eed46873735da31b5214601acc60f236d650b1
 SHA512:
-  metadata.gz: 7fbc26b3be07128f7dd015db03b8e46d34faee8f13f8b7e7f3d6ff54f360afd70cdd6f4143862695342591be55cfed9a74f315ae77ef5231cd20bee5f9bf8565
-  data.tar.gz: 851d5fd53efb928e8a6ce15468af83bc992b98265bc289f23fed310834e1c83753113e981a673f89e3183efaa7d6f76ec270f06f1f41072f79c045947a78b6c8
+  metadata.gz: 77c04207ff68fc2cf97061b77b2d06c40b51f197d2cceb4fa803dc29e2e3512eb4b048131964414f2e29dbc23e2a460b1ff46566718b79e804f7632b375f12ea
+  data.tar.gz: d9bf1681d7e5834c3cc16941a90c4c4c73db3d1b4e812c91b88ffe866bcb27f52eae3841a49740f77c50d0f8fd570203ea7f4f5100cc855ea140403cd0bda49e

data/app/helpers/concerns/foreman_remote_execution/hosts_helper_extensions.rb

@@ -8,7 +8,7 @@ module ForemanRemoteExecution
 
     def multiple_actions
       res = super
-      res += [ [_('Schedule Remote Job'), new_job_invocation_path, false] ] if authorized_for(controller: :job_invocations, action: :new)
+      res += [ [_('Schedule Remote Job'), new_job_invocation_path, false] ] if can_schedule_jobs?
       res
     end
 
@@ -22,20 +22,20 @@ module ForemanRemoteExecution
       end
     end
 
-    def rex_host_features(*args)
-      return unless authorized_for(controller: :job_invocations, action: :create)
+    def rex_host_features(host, *_rest)
+      return [] unless can_execute_on_host?(host)
       RemoteExecutionFeature.with_host_action_button.order(:label).map do |feature|
-        link_to(_('%s') % feature.name, job_invocations_path(:host_ids => [args.first.id], :feature => feature.label), :method => :post)
+        link_to(_('%s') % feature.name, job_invocations_path(:host_ids => [host.id], :feature => feature.label), :method => :post)
       end
     end
 
-    def schedule_job_button(*args)
-      return unless authorized_for(controller: :job_invocations, action: :new)
-      link_to(_('Schedule Remote Job'), new_job_invocation_path(:host_ids => [args.first.id]), :id => :run_button, :class => 'btn btn-default')
+    def schedule_job_button(host, *_rest)
+      return unless can_execute_on_host?(host)
+      link_to(_('Schedule Remote Job'), new_job_invocation_path(:host_ids => [host.id]), :id => :run_button, :class => 'btn btn-default')
     end
 
     def web_console_button(host, *args)
-      return unless authorized_for(permission: 'cockpit_hosts', auth_object: host)
+      return if !authorized_for(permission: 'cockpit_hosts', auth_object: host) || !can_execute_on_infrastructure_host?(host)
 
       url = SSHExecutionProvider.cockpit_url_for_host(host.name)
       url ? link_to(_('Web Console'), url, :class => 'btn btn-default', :id => :'web-console-button', :target => '_new') : nil
@@ -46,6 +46,17 @@ module ForemanRemoteExecution
         button_group(web_console_button(*args)))
       super(*args)
     end
-  end
 
+    def can_schedule_jobs?
+      authorized_for(controller: :job_invocations, action: :create)
+    end
+
+    def can_execute_on_host?(host)
+      can_schedule_jobs? && can_execute_on_infrastructure_host?(host)
+    end
+
+    def can_execute_on_infrastructure_host?(host)
+      !host.infrastructure_host? || User.current.can?(:execute_jobs_on_infrastructure_hosts)
+    end
+  end
 end

data/app/helpers/remote_execution_helper.rb

@@ -31,7 +31,7 @@ module RemoteExecutionHelper
 
     if authorized_for(hash_for_host_path(host).merge(auth_object: host, permission: :view_hosts, authorizer: job_hosts_authorizer))
       links << { title: _('Host detail'),
-        action: { href: host_path(host), 'data-method': 'get', id: "#{host.name}-actions-detail" } }
+        action: { href: current_host_details_path(host), 'data-method': 'get', id: "#{host.name}-actions-detail" } }
     end
 
     if authorized_for(hash_for_rerun_job_invocation_path(id: job_invocation, host_ids: [ host.id ], authorizer: job_hosts_authorizer))
@@ -147,9 +147,10 @@ module RemoteExecutionHelper
     end
   end
 
-  def invocation_description(invocation)
+  def invocation_description(invocation, keep_tooltip: true)
     description = invocation.description.try(:capitalize) || invocation.job_category
-    trunc_with_tooltip(description, 80)
+    description = trunc_with_tooltip(description, 80) if keep_tooltip
+    description
   end
 
   def invocation_result(invocation, key)

data/app/models/concerns/foreman_remote_execution/host_extensions.rb

@@ -121,6 +121,10 @@ module ForemanRemoteExecution
       @cached_rex_host_params_hash = nil
     end
 
+    def infrastructure_host?
+      infrastructure_facet&.foreman_instance || infrastructure_facet&.smart_proxy_id
+    end
+
     private
 
     def extend_host_params_hash(params)

data/app/models/concerns/foreman_remote_execution/nic_extensions.rb

@@ -3,16 +3,18 @@ module ForemanRemoteExecution
     extend ActiveSupport::Concern
 
     included do
-      before_validation :set_execution_flag
       validate :exclusive_execution_interface
+      before_validation :move_execution_flag
     end
 
     private
 
-    def set_execution_flag
-      return unless primary? && host.present?
+    def move_execution_flag
+      return unless host && self.execution?
 
-      self.execution = true if host.interfaces.detect(&:execution).nil?
+      host.interfaces
+          .select { |i| i.execution? && i != self }
+          .each { |i| i.execution = false }
     end
 
     def exclusive_execution_interface

data/app/models/targeting.rb

@@ -67,7 +67,7 @@ class Targeting < ApplicationRecord
     return '' if ids.empty?
 
     hosts = Host.execution_scope.where(:id => ids).distinct.pluck(:name)
-    "name ^ (#{hosts.join(', ')})"
+    hosts.any? ? "name ^ (#{hosts.join(', ')})" : ''
   end
 
   def resolved?

data/app/views/dashboard/_latest-jobs.html.erb

@@ -10,7 +10,7 @@
     </tr>
     <% JobInvocation.latest_jobs.each do |invocation| %>
       <tr>
-        <td class="ellipsis"><%= link_to_if_authorized invocation_description(invocation), hash_for_job_invocation_path(invocation).merge(:auth_object => invocation, :permission => :view_job_invocations, :authorizer => authorizer) %></td>
+        <td class="ellipsis"><%= link_to_if_authorized invocation_description(invocation, keep_tooltip: false), hash_for_job_invocation_path(invocation).merge(:auth_object => invocation, :permission => :view_job_invocations, :authorizer => authorizer) %></td>
         <td><%= link_to_invocation_task_if_authorized(invocation) %></td>
         <td><%= time_in_words_span(invocation.start_at) %></td>
       </tr>

data/app/views/job_invocations/_preview_hosts_list.html.erb

@@ -7,7 +7,7 @@
 <% if @hosts.any? -%>
   <ul>
     <% @hosts.each do |host| -%>
-        <li><%= link_to h(host.name), host_path(host), :target => '_blank' %></li>
+        <li><%= link_to h(host.name), current_host_details_path(host), :target => '_blank' %></li>
     <% end -%>
 
     <% if @additional > 0 -%>

data/app/views/template_invocations/show.html.erb

@@ -28,7 +28,7 @@ end
   </div>
 </div>
 <% if @host %>
-  <h3><%= _('Target: ') %><%= link_to(@host.name, host_path(@host)) %></h3>
+  <h3><%= _('Target: ') %><%= link_to(@host.name, current_host_details_path(@host)) %></h3>
 
   <div class="preview hidden">
     <%= preview_box(@template_invocation, @host) %>

data/app/views/templates/ssh/package_action.erb

@@ -69,8 +69,11 @@ handle_zypp_res_codes () {
 
   if [ "${ZYPP_RES_CODES[$RETVAL]}" != "" ]; then
     echo ${ZYPP_RES_CODES[$RETVAL]}
+  fi
+  if [[ $RETVAL -ge 100 && $RETVAL -le 103 ]]; then
     RETVAL=0
   fi
+
   return $RETVAL
 }
 <% end -%>

data/lib/foreman_remote_execution/engine.rb

@@ -214,7 +214,11 @@ module ForemanRemoteExecution
         role 'Remote Execution User', USER_PERMISSIONS, 'Role with permissions to run remote execution jobs against hosts'
         role 'Remote Execution Manager', MANAGER_PERMISSIONS, 'Role with permissions to manage job templates, remote execution features, cancel jobs and view audit logs'
 
-        add_all_permissions_to_default_roles
+        add_all_permissions_to_default_roles(except: [:execute_jobs_on_infrastructure_hosts])
+        add_permissions_to_default_roles({
+          Role::MANAGER => [:execute_jobs_on_infrastructure_hosts],
+          Role::SITE_MANAGER => USER_PERMISSIONS + [:execute_jobs_on_infrastructure_hosts],
+        })
 
         # add menu entry
         menu :top_menu, :job_templates,

data/lib/foreman_remote_execution/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecution
-  VERSION = '5.0.1'.freeze
+  VERSION = '5.0.4'.freeze
 end

data/test/unit/concerns/host_extensions_test.rb

@@ -67,7 +67,8 @@ class ForemanRemoteExecutionHostExtensionsTest < ActiveSupport::TestCase
     it 'should only have one execution interface' do
       host.interfaces << FactoryBot.build(:nic_managed)
       host.interfaces.each { |interface| interface.execution = true }
-      _(host).wont_be :valid?
+      _(host).must_be :valid?
+      _(host.interfaces.count(&:execution?)).must_equal 1
     end
 
     it 'returns the execution interface' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_remote_execution
 version: !ruby/object:Gem::Version
-  version: 5.0.1
+  version: 5.0.4
 platform: ruby
 authors:
 - Foreman Remote Execution team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-03 00:00:00.000000000 Z
+date: 2022-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface