foreman_remote_execution 1.4.5 → 1.4.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: e7507b3bd9447227e181965ced4a856671c6ad7d
-  data.tar.gz: a93d632086110ccc09d8c02d77c26ce28ba1ac75
+SHA256:
+  metadata.gz: 3a0c3ef241880bf26fcf76f004b430ad451324b4d544302a423f92f61ed354c9
+  data.tar.gz: 3fd717b03faf2baa425c23150cba6aee3ecd0025d39a1233eab8b27307141d03
 SHA512:
-  metadata.gz: 882b0bc570bdcadaf26301d1be84ece8a3833ded6b9d5bba8c0da16cf8e4bb2c411e295700b0425fcfda3865baf111585e1224d16ab0c77599c4ac790440a284
-  data.tar.gz: f9b9a0eb4e2df30f472cfa0d4a9b8b48ab2e74424c24bd0247a29fe478b65c8178e015c12c023f6a5f8c18aa24dfbc00653a5e4a8a9cc4a7ac85ae6f80fcddd8
+  metadata.gz: 65801bb36a9f54ae4c01bab9b4926e28066f7b5f0e608bfeff0f858262d6d432d9c380c5c2b982ea2d5375649fdcfe8d8fce485b820af6091b01b30323120f07
+  data.tar.gz: e37a034355a6967cc5e760e37299de3ba0afed9845715ae4628e83665606b1e21f558fb677392cee93b396036a420d48fbaaee1b6f5397d75a3a645dd6a39c34

data/.hound.yml

@@ -0,0 +1,13 @@
+scss:
+  enabled: false
+
+stylelint:
+  enabled: true
+
+ruby:
+  config_file: .rubocop.yml
+
+jshint:
+  enabled: false
+
+fail_on_violations: true

data/.rubocop.yml

@@ -91,5 +91,14 @@ Naming/HeredocDelimiterNaming:
 Style/RescueStandardError:
   Enabled: false
 
+Style/SafeNavigation:
+  Enabled: false
+
 Lint/BooleanSymbol:
   Enabled: false
+
+Metrics/PerceivedComplexity:
+  Max: 8
+
+Metrics/AbcSize:
+  Max: 45

data/app/controllers/api/v2/job_invocations_controller.rb

@@ -6,8 +6,7 @@ module Api
 
       before_action :find_optional_nested_object
       before_action :find_host, :only => %w{output}
-      before_action :find_resource, :only => %w{show update destroy clone}
-      before_action :validate_template, :only => :create
+      before_action :find_resource, :only => %w{show update destroy clone cancel rerun}
 
       wrap_parameters JobInvocation, :include => (JobInvocation.attribute_names + [:ssh])
 
@@ -24,7 +23,7 @@ module Api
       # rubocop:disable Metrics/BlockLength
       def_param_group :job_invocation do
         param :job_invocation, Hash, :required => true, :action_aware => true do
-          param :job_template_id, String, :required => true, :desc => N_('The job template to use')
+          param :job_template_id, String, :required => false, :desc => N_('The job template to use, parameter is required unless feature was specified')
           param :targeting_type, String, :required => true, :desc => N_('Invocation type, one of %s') % Targeting::TYPES
           param :inputs, Hash, :required => false, :desc => N_('Inputs to use')
           param :ssh, Hash, :desc => N_('SSH provider specific options') do
@@ -50,16 +49,24 @@ module Api
           end
 
           param :bookmark_id, Integer, :required => false
-          param :search_query, Integer, :required => false
+          param :search_query, String, :required => false
           param :description_format, String, :required => false, :desc => N_('Override the description format from the template for this invocation only')
           param :execution_timeout_interval, Integer, :required => false, :desc => N_('Override the timeout interval from the template for this invocation only')
+          param :feature, String, :required => false, :desc => N_('Remote execution feature label that should be triggered, job template assigned to this feature will be used')
         end
       end
 
       api :POST, '/job_invocations/', N_('Create a job invocation')
       param_group :job_invocation, :as => :create
       def create
-        composer = JobInvocationComposer.from_api_params(job_invocation_params)
+        if job_invocation_params[:feature].present?
+          composer = composer_for_feature
+        else
+          validate_template
+          composer = JobInvocationComposer.from_api_params(
+            job_invocation_params
+          )
+        end
         composer.trigger!
         @job_invocation = composer.job_invocation
         process_response @job_invocation
@@ -88,12 +95,39 @@ module Api
         end
       end
 
+      api :POST, '/job_invocations/:id/cancel', N_('Cancel job invocation')
+      param :id, :identifier, :required => true
+      param :force, :bool
+      def cancel
+        if @job_invocation.task.cancellable?
+          result = @job_invocation.cancel(params.fetch('force', false))
+          render :json => { :cancelled => result, :id => @job_invocation.id }
+        else
+          render :json => { :message => _('The job could not be cancelled.') },
+                 :status => 422
+        end
+      end
+
+      api :POST, '/job_invocations/:id/rerun', N_('Rerun job on failed hosts')
+      param :id, :identifier, :required => true
+      param :failed_only, :bool
+      def rerun
+        composer = JobInvocationComposer.from_job_invocation(@job_invocation, params)
+        composer.trigger!
+        @job_invocation = composer.job_invocation
+        process_response @job_invocation
+      end
+
       private
 
       def action_permission
         case params[:action]
         when 'output'
           :view
+        when 'cancel'
+          :cancel
+        when 'rerun'
+          :create
         else
           super
         end
@@ -112,11 +146,20 @@ module Api
       end
 
       def job_invocation_params
+        return @job_invocation_params if @job_invocation_params.present?
         job_invocation_params = params.fetch(:job_invocation, {}).dup
         job_invocation_params.merge!(job_invocation_params.delete(:ssh)) if job_invocation_params.key?(:ssh)
         job_invocation_params[:inputs] ||= {}
         job_invocation_params[:inputs].permit!
-        job_invocation_params
+        @job_invocation_params = job_invocation_params
+      end
+
+      def composer_for_feature
+        JobInvocationComposer.for_feature(
+          job_invocation_params[:feature],
+          job_invocation_params[:host_ids],
+          job_invocation_params[:inputs].to_hash
+        )
       end
     end
   end

data/app/controllers/job_invocations_controller.rb

@@ -3,6 +3,7 @@ class JobInvocationsController < ApplicationController
   include ::ForemanTasks::Concerns::Parameters::Triggering
 
   def new
+    return @composer = prepare_composer if params[:feature].present?
     ui_params = {
       :host_ids => params[:host_ids],
       :targeting => {
@@ -72,6 +73,26 @@ class JobInvocationsController < ApplicationController
     render :partial => 'job_invocations/preview_hosts_list'
   end
 
+  def cancel
+    @job_invocation = resource_base.find(params[:id])
+    result = @job_invocation.cancel(params[:force])
+
+    if result
+      flash[:notice] = if params[:force]
+                         _('Trying to abort the job')
+                       else
+                         _('Trying to cancel the job')
+                       end
+    else
+      flash[:warning] = if params[:force]
+                          _('The job cannot be aborted at the moment.')
+                        else
+                          _('The job cannot be cancelled at the moment.')
+                        end
+    end
+    redirect_back(:fallback_location => job_invocation_path(@job_invocation))
+  end
+
   private
 
   def action_permission
@@ -80,6 +101,8 @@ class JobInvocationsController < ApplicationController
         'create'
       when 'preview_hosts'
         'create'
+      when 'cancel'
+        'cancel'
       else
         super
     end
@@ -87,7 +110,12 @@ class JobInvocationsController < ApplicationController
 
   def prepare_composer
     if params[:feature].present?
-      JobInvocationComposer.for_feature(params[:feature], params[:host_ids], {})
+      inputs = params[:inputs].permit!.to_hash if params.include?(:inputs)
+      JobInvocationComposer.for_feature(
+        params[:feature],
+        params[:host_ids],
+        inputs
+      )
     else
       # triggering_params is a Hash
       #   when a hash is merged into ActionController::Parameters,

data/app/helpers/remote_execution_helper.rb

@@ -116,13 +116,13 @@ module RemoteExecutionHelper
                          :class => 'btn btn-default',
                          :title => _('See the last task details'))
     end
-    if authorized_for(:permission => :edit_foreman_tasks, :auth_object => task, :authorizer => task_authorizer)
-      buttons << link_to(_('Cancel Job'), cancel_foreman_tasks_task_path(task),
+    if authorized_for(:permission => :cancel_job_invocations, :auth_object => job_invocation)
+      buttons << link_to(_('Cancel Job'), cancel_job_invocation_path(job_invocation),
                          :class => 'btn btn-danger',
                          :title => _('Try to cancel the job'),
                          :disabled => !task.cancellable?,
                          :method => :post)
-      buttons << link_to(_('Abort Job'), abort_foreman_tasks_task_path(task),
+      buttons << link_to(_('Abort Job'), cancel_job_invocation_path(job_invocation, :force => true),
                          :class => 'btn btn-danger',
                          :title => _('Try to abort the job without waiting for the results from the remote hosts'),
                          :disabled => !task.cancellable?,
@@ -132,14 +132,14 @@ module RemoteExecutionHelper
   end
   # rubocop:enable Metrics/AbcSize
 
-  def template_invocation_task_buttons(task)
+  def template_invocation_task_buttons(task, invocation)
     buttons = []
     if authorized_for(:permission => :view_foreman_tasks, :auth_object => task)
       buttons << link_to(_('Task Details'), foreman_tasks_task_path(task),
                          :class => 'btn btn-default',
                          :title => _('See the task details'))
     end
-    if authorized_for(:permission => :edit_foreman_tasks, :auth_object => task)
+    if authorized_for(:permission => :cancel_job_invocations, :auth_object => invocation)
       buttons << link_to(_('Cancel Job'), cancel_foreman_tasks_task_path(task),
                          :class => 'btn btn-danger',
                          :title => _('Try to cancel the job on a host'),

data/app/lib/actions/remote_execution/run_host_job.rb

@@ -5,12 +5,12 @@ module Actions
       include ::Actions::Helpers::WithDelegatedAction
 
       middleware.do_not_use Dynflow::Middleware::Common::Transaction
+      middleware.use Actions::Middleware::HideSecrets
 
       def resource_locks
         :link
       end
 
-      # rubocop:disable Metrics/AbcSize
       def plan(job_invocation, host, template_invocation, proxy_selector = ::RemoteExecutionProxySelector.new, options = {})
         action_subject(host, :job_category => job_invocation.job_category, :description => job_invocation.description)
 
@@ -25,32 +25,25 @@ module Actions
 
         raise _('Could not use any template used in the job invocation') if template_invocation.blank?
 
-        provider = template_invocation.template.provider_type.to_s
-        proxy = proxy_selector.determine_proxy(host, provider)
-        if proxy == :not_available
-          offline_proxies = proxy_selector.offline
-          settings = { :count => offline_proxies.count, :proxy_names => offline_proxies.map(&:name).join(', ') }
-          raise n_('The only applicable proxy %{proxy_names} is down',
-                   'All %{count} applicable proxies are down. Tried %{proxy_names}',
-                   offline_proxies.count) % settings
-        elsif proxy == :not_defined && !Setting['remote_execution_without_proxy']
-          settings = { :global_proxy => 'remote_execution_global_proxy',
-                       :fallback_proxy => 'remote_execution_fallback_proxy',
-                       :no_proxy => 'remote_execution_no_proxy' }
-
-          raise _('Could not use any proxy. Consider configuring %{global_proxy}, ' +
-                  '%{fallback_proxy} or %{no_proxy} in settings') % settings
-        end
+        provider_type = template_invocation.template.provider_type.to_s
+        proxy = determine_proxy!(proxy_selector, provider_type, host)
 
         renderer = InputTemplateRenderer.new(template_invocation.template, host, template_invocation)
         script = renderer.render
         raise _('Failed rendering template: %s') % renderer.error_message unless script
 
         provider = template_invocation.template.provider
-        hostname = provider.find_ip_or_hostname(host)
+
+        secrets = { :ssh_password => job_invocation.password || provider.ssh_password(host),
+                    :key_passphrase => job_invocation.key_passphrase || provider.ssh_key_passphrase(host) }
+
+        additional_options = { :hostname => provider.find_ip_or_hostname(host),
+                               :script => script,
+                               :execution_timeout_interval => job_invocation.execution_timeout_interval,
+                               :secrets => secrets }
         action_options = provider.proxy_command_options(template_invocation, host)
-                                 .merge(:hostname => hostname, :script => script,
-                                        :execution_timeout_interval => job_invocation.execution_timeout_interval)
+                                 .merge(additional_options)
+
         plan_delegated_action(proxy, ForemanRemoteExecutionCore::Actions::RunScript, action_options)
         plan_self
       end
@@ -144,6 +137,25 @@ module Actions
 
         true
       end
+
+      def determine_proxy!(proxy_selector, provider, host)
+        proxy = proxy_selector.determine_proxy(host, provider)
+        if proxy == :not_available
+          offline_proxies = proxy_selector.offline
+          settings = { :count => offline_proxies.count, :proxy_names => offline_proxies.map(&:name).join(', ') }
+          raise n_('The only applicable proxy %{proxy_names} is down',
+                   'All %{count} applicable proxies are down. Tried %{proxy_names}',
+                   offline_proxies.count) % settings
+        elsif proxy == :not_defined && !Setting['remote_execution_without_proxy']
+          settings = { :global_proxy => 'remote_execution_global_proxy',
+                       :fallback_proxy => 'remote_execution_fallback_proxy',
+                       :no_proxy => 'remote_execution_no_proxy' }
+
+          raise _('Could not use any proxy. Consider configuring %{global_proxy}, ' +
+                  '%{fallback_proxy} or %{no_proxy} in settings') % settings
+        end
+        proxy
+      end
     end
   end
 end

data/app/lib/actions/remote_execution/run_hosts_job.rb

@@ -26,7 +26,6 @@ module Actions
       end
 
       def create_sub_plans
-        job_invocation = JobInvocation.find(input[:job_invocation_id])
         proxy_selector = RemoteExecutionProxySelector.new
 
         current_batch.map do |host|
@@ -38,6 +37,18 @@ module Actions
         end
       end
 
+      def finalize
+        job_invocation.password = job_invocation.key_passphrase = nil
+        job_invocation.save!
+
+        # creating the success notification should be the very last thing this tasks do
+        job_invocation.build_notification.deliver!
+      end
+
+      def job_invocation
+        @job_invocation ||= JobInvocation.find(input[:job_invocation_id])
+      end
+
       def batch(from, size)
         hosts.offset(from).limit(size)
       end
@@ -47,7 +58,7 @@ module Actions
       end
 
       def hosts
-        JobInvocation.find(input[:job_invocation_id]).targeting.hosts.order(:name, :id)
+        job_invocation.targeting.hosts.order(:name, :id)
       end
 
       def set_up_concurrency_control(invocation)
@@ -66,12 +77,6 @@ module Actions
         super unless event == Dynflow::Action::Skip
       end
 
-      def finalize
-        # creating the success notification should be the very last thing this tasks do
-        job_invocation = JobInvocation.find(input[:job_invocation_id])
-        job_invocation.build_notification.deliver!
-      end
-
       def humanized_input
         input.fetch(:job_invocation, {}).fetch(:description, '')
       end

data/app/models/foreign_input_set.rb

@@ -1,5 +1,5 @@
 class ForeignInputSet < ApplicationRecord
-  include ForemanRemoteExecution::Exportable
+  include ::Exportable
 
   class CircularDependencyError < Foreman::Exception
   end

data/app/models/job_invocation.rb

@@ -1,5 +1,7 @@
 class JobInvocation < ApplicationRecord
   include Authorizable
+  include Encryptable
+
   audited :except => [ :task_id, :targeting_id, :task_group_id, :triggering_id ]
 
   include ForemanRemoteExecution::ErrorsFlattener
@@ -47,6 +49,8 @@ class JobInvocation < ApplicationRecord
   belongs_to :triggering, :class_name => 'ForemanTasks::Triggering'
   has_one :recurring_logic, :through => :triggering, :class_name => 'ForemanTasks::RecurringLogic'
 
+  belongs_to :remote_execution_feature
+
   scope :with_task, -> { references(:task) }
 
   scoped_search :relation => :recurring_logic, :on => 'id', :rename => 'recurring_logic.id'
@@ -64,6 +68,8 @@ class JobInvocation < ApplicationRecord
 
   delegate :start_at, :to => :task, :allow_nil => true
 
+  encrypts :password, :key_passphrase
+
   def self.search_by_status(key, operator, value)
     conditions = HostStatus::ExecutionStatus::ExecutionTaskStatusMapper.sql_conditions_for(value)
     conditions[0] = "NOT (#{conditions[0]})" if operator == '<>'
@@ -83,7 +89,16 @@ class JobInvocation < ApplicationRecord
   end
 
   def build_notification
-    UINotifications::RemoteExecutionJobs::BaseJobFinish.new(self)
+    klass = nil
+    if self.remote_execution_feature && self.remote_execution_feature.notification_builder.present?
+      begin
+        klass = remote_execution_feature.notification_builder.constantize
+      rescue NameError => e
+        logger.exception "REX feature defines unknown notification builder class", e
+      end
+    end
+    klass ||= UINotifications::RemoteExecutionJobs::BaseJobFinish
+    klass.new(self)
   end
 
   def status
@@ -120,6 +135,8 @@ class JobInvocation < ApplicationRecord
       invocation.description_format = self.description_format
       invocation.description = self.description
       invocation.pattern_template_invocations = self.pattern_template_invocations.map(&:deep_clone)
+      invocation.password = self.password
+      invocation.key_passphrase = self.key_passphrase
     end
   end
 
@@ -208,6 +225,11 @@ class JobInvocation < ApplicationRecord
     end
   end
 
+  def cancel(force = false)
+    method = force ? :abort : :cancel
+    task.send(method)
+  end
+
   private
 
   def failed_template_invocations

data/app/models/job_invocation_composer.rb

@@ -11,7 +11,10 @@ class JobInvocationComposer
         :targeting => ui_params.fetch(:targeting, {}).merge(:user_id => User.current.id),
         :triggering => triggering,
         :host_ids => ui_params[:host_ids],
+        :remote_execution_feature_id => ui_params[:remote_execution_feature_id],
         :description_format => job_invocation_base[:description_format],
+        :password => blank_to_nil(job_invocation_base[:password]),
+        :key_passphrase => blank_to_nil(job_invocation_base[:key_passphrase]),
         :concurrency_control => concurrency_control_params,
         :execution_timeout_interval => execution_timeout_interval,
         :template_invocations => template_invocations_params }.with_indifferent_access
@@ -32,6 +35,10 @@ class JobInvocationComposer
       end.first
     end
 
+    def blank_to_nil(thing)
+      thing.blank? ? nil : thing
+    end
+
     # TODO: Fix this comment
     # parses params to get job templates in form of id => attributes for selected job templates, e.g.
     # {
@@ -88,6 +95,7 @@ class JobInvocationComposer
         :targeting => targeting_params,
         :triggering => triggering_params,
         :description_format => api_params[:description_format],
+        :remote_execution_feature_id => api_params[:remote_execution_feature_id],
         :concurrency_control => concurrency_control_params,
         :execution_timeout_interval => api_params[:execution_timeout_interval] || template.execution_timeout_interval,
         :template_invocations => template_invocations_params }.with_indifferent_access
@@ -172,6 +180,7 @@ class JobInvocationComposer
         :description_format => job_invocation.description_format,
         :concurrency_control => concurrency_control_params,
         :execution_timeout_interval => job_invocation.execution_timeout_interval,
+        :remote_execution_feature_id => job_invocation.remote_execution_feature_id,
         :template_invocations => template_invocations_params }.with_indifferent_access
     end
 
@@ -185,10 +194,12 @@ class JobInvocationComposer
     end
 
     def targeting_params
+      base = { :user_id => User.current.id }
       if @host_ids
-        { :search_query => Targeting.build_query_from_hosts(@host_ids), :targeting_type => job_invocation.targeting.targeting_type }
+        search_query = @host_ids.empty? ? 'name ^ ()' : Targeting.build_query_from_hosts(@host_ids)
+        base.merge(:search_query => search_query, :targeting_type => job_invocation.targeting.targeting_type)
       else
-        job_invocation.targeting.attributes.slice('search_query', 'bookmark_id', 'user_id', 'targeting_type')
+        base.merge job_invocation.targeting.attributes.slice('search_query', 'bookmark_id', 'targeting_type')
       end
     end
 
@@ -215,6 +226,10 @@ class JobInvocationComposer
         @host_bookmark = hosts
       elsif hosts.is_a? Host::Base
         @host_objects = [hosts]
+      elsif hosts.is_a? Array
+        @host_objects = hosts.map do |id|
+          Host::Managed.authorized.friendly.find(id)
+        end
       elsif hosts.is_a? String
         @host_scoped_search = hosts
       else
@@ -227,6 +242,7 @@ class JobInvocationComposer
         :targeting => targeting_params,
         :triggering => {},
         :concurrency_control => {},
+        :remote_execution_feature_id => @feature.id,
         :template_invocations => template_invocations_params }.with_indifferent_access
     end
 
@@ -248,6 +264,7 @@ class JobInvocationComposer
     end
 
     def input_values_params
+      return {} if @provided_inputs.blank?
       @provided_inputs.map do |key, value|
         input = job_template.template_inputs_with_foreign.find { |i| i.name == key.to_s }
         unless input
@@ -275,7 +292,7 @@ class JobInvocationComposer
   end
 
   attr_accessor :params, :job_invocation, :host_ids, :search_query
-  delegate :job_category, :pattern_template_invocations, :template_invocations, :targeting, :triggering, :to => :job_invocation
+  delegate :job_category, :remote_execution_feature_id, :pattern_template_invocations, :template_invocations, :targeting, :triggering, :to => :job_invocation
 
   def initialize(params, set_defaults = false)
     @params = params
@@ -304,9 +321,11 @@ class JobInvocationComposer
     self.new(ParamsForFeature.new(feature_label, hosts, provided_inputs).params)
   end
 
+  # rubocop:disable Metrics/AbcSize
   def compose
     job_invocation.job_category = validate_job_category(params[:job_category])
     job_invocation.job_category ||= available_job_categories.first if @set_defaults
+    job_invocation.remote_execution_feature_id = params[:remote_execution_feature_id]
     job_invocation.targeting = build_targeting
     job_invocation.triggering = build_triggering
     job_invocation.pattern_template_invocations = build_template_invocations
@@ -314,9 +333,12 @@ class JobInvocationComposer
     job_invocation.time_span = params[:concurrency_control][:time_span].to_i if params[:concurrency_control][:time_span].present?
     job_invocation.concurrency_level = params[:concurrency_control][:level].to_i if params[:concurrency_control][:level].present?
     job_invocation.execution_timeout_interval = params[:execution_timeout_interval]
+    job_invocation.password = params[:password]
+    job_invocation.key_passphrase = params[:key_passphrase]
 
     self
   end
+  # rubocop:enable Metrics/AbcSize
 
   def trigger(raise_on_error = false)
     generate_description