foreman_remote_execution 1.8.4 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d463927fc0e280ab5b2cc94d4ce6222e3d6f802cb14c47823b467c555a4d725b
-  data.tar.gz: ae0540c25b3f25feba35363e8685200d92722cd19c4ec3a79ec52151185f4177
+  metadata.gz: 766047d4727a67b60506ac42744f41cf0f70782e5b0a7d6bc2d0f44d2529fd44
+  data.tar.gz: bb9469b1b90526a88b596b5fb4b7f6e96210bd33d4050123bfca218b691527f0
 SHA512:
-  metadata.gz: b67d6d69a3ea5464695b7f5b4bce3059dc91b36c9612c69ef5b773e7cfc288b4a0ab8f066c5a61d98b6c70bff75164a53ae6b324a85d11767e408c8b0e990a0a
-  data.tar.gz: 491f93734cd5b2c8dbab24f02f00619a747720e2aebc96c783feba8f6909a167816d3d7872f4cac418be23ca28a635d9ad64adf8a529c4b053ed03f7ebab4534
+  metadata.gz: cecd364c6bc6147a10dd6c9d5414e6d7e069caad3eab0b5fdec6633ced750c30cbf5787797ee84397fda682665d4dad964302fc1adfce9deb871504f10638b3f
+  data.tar.gz: 95bd2381ac1b1e4ecb1854536474939d4c21724a9db7859d4efe223386510fbda7704450b7e3c3c8e90a1ee77bdf54022c57b3e7dd56307c5969178ec5f54636

data/.rubocop.yml

@@ -7,6 +7,8 @@ AllCops:
 
 Rails:
   Enabled: true
+  Exclude:
+    - 'lib/foreman_remote_execution_core/**'
 
 Rails/Date:
   Enabled: false

data/app/assets/stylesheets/foreman_remote_execution/job_invocations.css.scss

@@ -6,3 +6,26 @@ div.infoblock {
     margin-top: 5px;
   }
 }
+
+#title_action {
+  .button_to {
+    display: inline-block;
+  }
+
+  .btn-toolbar {
+    .button_to {
+      float: left;
+    }
+  }
+
+  .btn-group {
+    .btn + .button_to,
+    .button_to + .button_to {
+      margin-left: -1px;
+    }
+
+    .button_to:not(:first-child):not(:last-child) .btn {
+      border-radius: 0;
+    }
+  }
+}

data/app/controllers/api/v2/job_templates_controller.rb

@@ -47,6 +47,7 @@ module Api
       def_param_group :job_template do
         param :job_template, Hash, :required => true, :action_aware => true do
           param :name, String, :required => true, :desc => N_('Template name')
+          param :description, String
           param :job_category, String, :required => true, :desc => N_('Job category')
           param :description_format, String, :required => false, :desc => N_('This template is used to generate the description. ' +
                                                                              'Input values can be used using the syntax %{package}. ' +

data/app/helpers/remote_execution_helper.rb

@@ -83,16 +83,16 @@ module RemoteExecutionHelper
                          :title => _('See the last task details'))
     end
     if authorized_for(:permission => :cancel_job_invocations, :auth_object => job_invocation)
-      buttons << link_to(_('Cancel Job'), cancel_job_invocation_path(job_invocation),
-                         :class => 'btn btn-danger',
-                         :title => _('Try to cancel the job'),
-                         :disabled => !task.cancellable?,
-                         :method => :post)
-      buttons << link_to(_('Abort Job'), cancel_job_invocation_path(job_invocation, :force => true),
-                         :class => 'btn btn-danger',
-                         :title => _('Try to abort the job without waiting for the results from the remote hosts'),
-                         :disabled => !task.cancellable?,
-                         :method => :post)
+      buttons << button_to(_('Cancel Job'), cancel_job_invocation_path(job_invocation),
+                           :class => 'btn btn-danger',
+                           :title => _('Try to cancel the job'),
+                           :disabled => !task.cancellable?,
+                           :method => :post)
+      buttons << button_to(_('Abort Job'), cancel_job_invocation_path(job_invocation, :force => true),
+                           :class => 'btn btn-danger',
+                           :title => _('Try to abort the job without waiting for the results from the remote hosts'),
+                           :disabled => !task.cancellable?,
+                           :method => :post)
     end
     return buttons
   end

data/app/lib/actions/remote_execution/run_host_job.rb

@@ -38,14 +38,10 @@ module Actions
 
         provider = template_invocation.template.provider
 
-        secrets = { :ssh_password => job_invocation.password || provider.ssh_password(host),
-                    :key_passphrase => job_invocation.key_passphrase || provider.ssh_key_passphrase(host),
-                    :sudo_password => job_invocation.sudo_password || provider.sudo_password(host) }
-
         additional_options = { :hostname => provider.find_ip_or_hostname(host),
                                :script => script,
                                :execution_timeout_interval => job_invocation.execution_timeout_interval,
-                               :secrets => secrets,
+                               :secrets => secrets(host, job_invocation, provider),
                                :use_batch_triggering => true}
         action_options = provider.proxy_command_options(template_invocation, host)
                                  .merge(additional_options)
@@ -59,6 +55,14 @@ module Actions
         check_exit_status
       end
 
+      def secrets(host, job_invocation, provider)
+        job_secrets = { :ssh_password => job_invocation.password,
+                        :key_passphrase => job_invocation.key_passphrase,
+                        :sudo_password => job_invocation.sudo_password }
+
+        job_secrets.merge(provider.secrets(host)) { |_key, job_secret, provider_secret| job_secret || provider_secret }
+      end
+
       def check_exit_status
         error! ForemanTasks::Task::TaskCancelledException.new(_('Task cancelled')) if delegated_action && delegated_action.output[:cancel_sent]
         error! _('Job execution failed') if exit_status.to_s != '0'

data/app/models/concerns/foreman_remote_execution/host_extensions.rb

@@ -71,7 +71,7 @@ module ForemanRemoteExecution
       proxies[:fallback] = smart_proxies.with_features(provider) if Setting[:remote_execution_fallback_proxy]
 
       if Setting[:remote_execution_global_proxy]
-        proxy_scope = if Taxonomy.enabled_taxonomies.any? && User.current.present?
+        proxy_scope = if User.current.present?
                         ::SmartProxy.with_taxonomy_scope_override(location, organization)
                       else
                         ::SmartProxy.unscoped

data/app/models/job_template.rb

@@ -119,8 +119,8 @@ class JobTemplate < ::Template
 
   def assign_taxonomies
     if default
-      organizations << Organization.all if SETTINGS[:organizations_enabled]
-      locations << Location.all if SETTINGS[:locations_enabled]
+      organizations << Organization.all
+      locations << Location.all
     end
   end
 

data/app/models/remote_execution_provider.rb

@@ -23,6 +23,10 @@ class RemoteExecutionProvider
       {:proxy_operation_name => proxy_operation_name}
     end
 
+    def secrets(_host)
+      {}
+    end
+
     def proxy_operation_name
       'ssh'
     end

data/app/models/setting/remote_execution.rb

@@ -3,80 +3,71 @@ class Setting::RemoteExecution < Setting
   ::Setting::BLANK_ATTRS.concat %w{remote_execution_ssh_password remote_execution_ssh_key_passphrase remote_execution_sudo_password remote_execution_cockpit_url}
 
   # rubocop:disable Metrics/MethodLength,Metrics/AbcSize
-  def self.load_defaults
-    # Check the table exists
-    return unless super
-
-    # rubocop:disable Metrics/BlockLength
-    self.transaction do
-      [
-        self.set('remote_execution_fallback_proxy',
-                 N_('Search the host for any proxy with Remote Execution, useful when the host has no subnet or the subnet does not have an execution proxy'),
-                 false,
-                 N_('Fallback to Any Proxy')),
-        self.set('remote_execution_global_proxy',
-                 N_('Search for remote execution proxy outside of the proxies assigned to the host. ' +
-                 "If locations or organizations are enabled, the search will be limited to the host's " +
-                 'organization or location.'),
-                 true,
-                 N_('Enable Global Proxy')),
-        self.set('remote_execution_ssh_user',
-                 N_('Default user to use for SSH.  You may override per host by setting a parameter called remote_execution_ssh_user.'),
-                 'root',
-                 N_('SSH User')),
-        self.set('remote_execution_effective_user',
-                 N_('Default user to use for executing the script. If the user differs from the SSH user, su or sudo is used to switch the user.'),
-                 'root',
-                 N_('Effective User')),
-        self.set('remote_execution_effective_user_method',
-                 N_('What command should be used to switch to the effective user. One of %s') % SSHExecutionProvider::EFFECTIVE_USER_METHODS.inspect,
-                 'sudo',
-                 N_('Effective User Method'),
-                 nil,
-                 { :collection => proc { Hash[SSHExecutionProvider::EFFECTIVE_USER_METHODS.map { |method| [method, method] }] } }),
-        self.set('remote_execution_sudo_password', N_("Sudo password"), '', N_("Sudo password"), nil, {:encrypted => true}),
-        self.set('remote_execution_sync_templates',
-                 N_('Whether we should sync templates from disk when running db:seed.'),
-                 true,
-                 N_('Sync Job Templates')),
-        self.set('remote_execution_ssh_port',
-                 N_('Port to use for SSH communication. Default port 22. You may override per host by setting a parameter called remote_execution_ssh_port.'),
-                 '22',
-                 N_('SSH Port')),
-        self.set('remote_execution_connect_by_ip',
-                 N_('Should the ip addresses on host interfaces be preferred over the fqdn? '\
-                 'It is useful, when DNS not resolving the fqdns properly. You may override this per host by setting a parameter called remote_execution_connect_by_ip.'),
-                 false,
-                 N_('Connect by IP')),
-        self.set('remote_execution_ssh_password',
-                 N_('Default password to use for SSH. You may override per host by setting a parameter called remote_execution_ssh_password'),
-                 nil,
-                 N_('Default SSH password'),
-                 nil,
-                 { :encrypted => true }),
-        self.set('remote_execution_ssh_key_passphrase',
-                 N_('Default key passphrase to use for SSH. You may override per host by setting a parameter called remote_execution_ssh_key_passphrase'),
-                 nil,
-                 N_('Default SSH key passphrase'),
-                 nil,
-                 { :encrypted => true }),
-        self.set('remote_execution_workers_pool_size',
-                 N_('Amount of workers in the pool to handle the execution of the remote execution jobs. Restart of the dynflowd/foreman-tasks service is required.'),
-                 5,
-                 N_('Workers pool size')),
-        self.set('remote_execution_cleanup_working_dirs',
-                 N_('When enabled, working directories will be removed after task completion. You may override this per host by setting a parameter called remote_execution_cleanup_working_dirs.'),
-                 true,
-                 N_('Cleanup working directories')),
-        self.set('remote_execution_cockpit_url',
-                 N_('Where to find the Cockpit instance for the Web Console button.  By default, no button is shown.'),
-                 nil,
-                 N_('Cockpit URL'),
-                 nil)
-      ].each { |s| self.create! s.update(:category => 'Setting::RemoteExecution') }
-    end
-
-    true
+  def self.default_settings
+    [
+      self.set('remote_execution_fallback_proxy',
+               N_('Search the host for any proxy with Remote Execution, useful when the host has no subnet or the subnet does not have an execution proxy'),
+               false,
+               N_('Fallback to Any Proxy')),
+      self.set('remote_execution_global_proxy',
+               N_('Search for remote execution proxy outside of the proxies assigned to the host. ' +
+               "The search will be limited to the host's organization and location."),
+               true,
+               N_('Enable Global Proxy')),
+      self.set('remote_execution_ssh_user',
+               N_('Default user to use for SSH.  You may override per host by setting a parameter called remote_execution_ssh_user.'),
+               'root',
+               N_('SSH User')),
+      self.set('remote_execution_effective_user',
+               N_('Default user to use for executing the script. If the user differs from the SSH user, su or sudo is used to switch the user.'),
+               'root',
+               N_('Effective User')),
+      self.set('remote_execution_effective_user_method',
+               N_('What command should be used to switch to the effective user. One of %s') % SSHExecutionProvider::EFFECTIVE_USER_METHODS.inspect,
+               'sudo',
+               N_('Effective User Method'),
+               nil,
+               { :collection => proc { Hash[SSHExecutionProvider::EFFECTIVE_USER_METHODS.map { |method| [method, method] }] } }),
+      self.set('remote_execution_sudo_password', N_("Sudo password"), '', N_("Sudo password"), nil, {:encrypted => true}),
+      self.set('remote_execution_sync_templates',
+               N_('Whether we should sync templates from disk when running db:seed.'),
+               true,
+               N_('Sync Job Templates')),
+      self.set('remote_execution_ssh_port',
+               N_('Port to use for SSH communication. Default port 22. You may override per host by setting a parameter called remote_execution_ssh_port.'),
+               '22',
+               N_('SSH Port')),
+      self.set('remote_execution_connect_by_ip',
+               N_('Should the ip addresses on host interfaces be preferred over the fqdn? '\
+               'It is useful, when DNS not resolving the fqdns properly. You may override this per host by setting a parameter called remote_execution_connect_by_ip.'),
+               false,
+               N_('Connect by IP')),
+      self.set('remote_execution_ssh_password',
+               N_('Default password to use for SSH. You may override per host by setting a parameter called remote_execution_ssh_password'),
+               nil,
+               N_('Default SSH password'),
+               nil,
+               { :encrypted => true }),
+      self.set('remote_execution_ssh_key_passphrase',
+               N_('Default key passphrase to use for SSH. You may override per host by setting a parameter called remote_execution_ssh_key_passphrase'),
+               nil,
+               N_('Default SSH key passphrase'),
+               nil,
+               { :encrypted => true }),
+      self.set('remote_execution_workers_pool_size',
+               N_('Amount of workers in the pool to handle the execution of the remote execution jobs. Restart of the dynflowd/foreman-tasks service is required.'),
+               5,
+               N_('Workers pool size')),
+      self.set('remote_execution_cleanup_working_dirs',
+               N_('When enabled, working directories will be removed after task completion. You may override this per host by setting a parameter called remote_execution_cleanup_working_dirs.'),
+               true,
+               N_('Cleanup working directories')),
+      self.set('remote_execution_cockpit_url',
+               N_('Where to find the Cockpit instance for the Web Console button.  By default, no button is shown.'),
+               nil,
+               N_('Cockpit URL'),
+               nil)
+    ]
   end
   # rubocop:enable AbcSize
   # rubocop:enable Metrics/MethodLength,Metrics/AbcSize

data/app/models/ssh_execution_provider.rb

@@ -5,7 +5,6 @@ class SSHExecutionProvider < RemoteExecutionProvider
                   :effective_user => effective_user(template_invocation),
                   :effective_user_method => effective_user_method(host),
                   :cleanup_working_dirs => cleanup_working_dirs?(host),
-                  :sudo_password => sudo_password(host),
                   :ssh_port => ssh_port(host))
     end
 
@@ -29,6 +28,14 @@ class SSHExecutionProvider < RemoteExecutionProvider
       'ssh'
     end
 
+    def secrets(host)
+      {
+        :ssh_password => ssh_password(host),
+        :key_passphrase => ssh_key_passphrase(host),
+        :sudo_password => sudo_password(host)
+      }
+    end
+
     def ssh_params(host)
       proxy_selector = ::RemoteExecutionProxySelector.new
       proxy = proxy_selector.determine_proxy(host, 'SSH')

data/app/views/api/v2/job_templates/main.json.rabl

@@ -2,7 +2,7 @@ object @job_template
 
 extends 'api/v2/job_templates/base'
 
-attributes :audit_comment, :description_format, :created_at, :updated_at, :template, :locked
+attributes :description, :audit_comment, :description_format, :created_at, :updated_at, :template, :locked
 
 child :template_inputs do
   extends 'api/v2/template_inputs/base'

data/config/routes.rb

@@ -58,8 +58,8 @@ Rails.application.routes.draw do
       end
 
       resources :job_templates, :except => [:new, :edit] do
-        (resources :locations, :only => [:index, :show]) if SETTINGS[:locations_enabled]
-        (resources :organizations, :only => [:index, :show]) if SETTINGS[:organizations_enabled]
+        resources :locations, :only => [:index, :show]
+        resources :organizations, :only => [:index, :show]
         get :export, :on => :member
         post :clone, :on => :member
         collection do
@@ -68,16 +68,12 @@ Rails.application.routes.draw do
         end
       end
 
-      if SETTINGS[:organizations_enabled]
-        resources :organizations, :only => [:index] do
-          resources :job_templates, :only => [:index, :show]
-        end
+      resources :organizations, :only => [:index] do
+        resources :job_templates, :only => [:index, :show]
       end
 
-      if SETTINGS[:locations_enabled]
-        resources :locations, :only => [:index] do
-          resources :job_templates, :only => [:index, :show]
-        end
+      resources :locations, :only => [:index] do
+        resources :job_templates, :only => [:index, :show]
       end
 
       resources :templates, :only => :none do

data/db/seeds.d/70-job_templates.rb

@@ -5,8 +5,8 @@ User.as_anonymous_admin do
     Dir[File.join("#{ForemanRemoteExecution::Engine.root}/app/views/templates/**/*.erb")].each do |template|
       sync = !Rails.env.test? && Setting[:remote_execution_sync_templates]
       template = JobTemplate.import_raw!(File.read(template), :default => true, :locked => true, :update => sync)
-      template.organizations = organizations if SETTINGS[:organizations_enabled] && template.present?
-      template.locations = locations if SETTINGS[:locations_enabled] && template.present?
+      template.organizations = organizations if template.present?
+      template.locations = locations if template.present?
     end
   end
 end

data/lib/foreman_remote_execution/engine.rb

@@ -34,7 +34,7 @@ module ForemanRemoteExecution
 
     initializer 'foreman_remote_execution.register_plugin', before: :finisher_hook do |_app|
       Foreman::Plugin.register :foreman_remote_execution do
-        requires_foreman '>= 1.20'
+        requires_foreman '>= 1.24'
 
         apipie_documented_controllers ["#{ForemanRemoteExecution::Engine.root}/app/controllers/api/v2/*.rb"]
 

data/lib/foreman_remote_execution/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecution
-  VERSION = '1.8.4'.freeze
+  VERSION = '2.0.0'.freeze
 end

data/package.json

@@ -31,7 +31,7 @@
     "url": "http://projects.theforeman.org/projects/foreman_remote_execution/issues"
   },
   "devDependencies": {
-    "@theforeman/vendor-dev": "^0.1.1",
+    "@theforeman/vendor-dev": "^1.4.0",
     "babel-eslint": "^8.2.1",
     "babel-plugin-lodash": "^3.3.2",
     "babel-plugin-transform-class-properties": "^6.24.1",
@@ -51,6 +51,6 @@
     "jest": "^21.2.1"
   },
   "dependencies": {
-    "@theforeman/vendor": "^0.1.1"
+    "@theforeman/vendor": "^1.4.0"
   }
 }

data/test/factories/foreman_remote_execution_factories.rb

@@ -4,8 +4,8 @@ FactoryBot.define do
     sequence(:job_category) { |n| "Job name #{n}" }
     template { 'id' }
     provider_type { 'SSH' }
-    organizations { [Organization.find_by(name: 'Organization 1')] } if SETTINGS[:organizations_enabled]
-    locations { [Location.find_by(name: 'Location 1')] } if SETTINGS[:locations_enabled]
+    organizations { [Organization.find_by(name: 'Organization 1')] }
+    locations { [Location.find_by(name: 'Location 1')] }
 
     trait :with_input do
       after(:build) do |template, evaluator|

data/test/unit/actions/run_host_job_test.rb

@@ -5,14 +5,45 @@ module ForemanRemoteExecution
     include Dynflow::Testing
 
     subject { create_action(Actions::RemoteExecution::RunHostJob) }
-    let(:host) { FactoryBot.create(:host, :with_execution) }
 
-    before do
-      subject.stubs(:input).returns({ host: { id: host.id } })
-      Host.expects(:find).with(host.id).returns(host)
+    describe '#secrets' do
+      let(:job_invocation) { FactoryBot.create(:job_invocation, :with_task) }
+      let(:host) { job_invocation.template_invocations.first.host }
+      let(:provider) do
+        provider = ::SSHExecutionProvider
+        provider.expects(:ssh_password).with(host).returns('sshpass')
+        provider.expects(:sudo_password).with(host).returns('sudopass')
+        provider.expects(:ssh_key_passphrase).with(host).returns('keypass')
+        provider
+      end
+
+      it 'uses provider secrets' do
+        secrets = subject.secrets(host, job_invocation, provider)
+
+        assert_equal 'sshpass', secrets[:ssh_password]
+        assert_equal 'sudopass', secrets[:sudo_password]
+        assert_equal 'keypass', secrets[:key_passphrase]
+      end
+
+      it 'prefers job secrets over provider secrets' do
+        job_invocation.password = 'jobsshpass'
+        job_invocation.key_passphrase = 'jobkeypass'
+        secrets = subject.secrets(host, job_invocation, provider)
+
+        assert_equal 'jobsshpass', secrets[:ssh_password]
+        assert_equal 'sudopass', secrets[:sudo_password]
+        assert_equal 'jobkeypass', secrets[:key_passphrase]
+      end
     end
 
     describe '#finalize' do
+      let(:host) { FactoryBot.create(:host, :with_execution) }
+
+      before do
+        subject.stubs(:input).returns({ host: { id: host.id } })
+        Host.expects(:find).with(host.id).returns(host)
+      end
+
       describe 'updates the host status' do
         before do
           subject.expects(:check_exit_status).returns(nil)

data/test/unit/concerns/host_extensions_test.rb

@@ -158,12 +158,6 @@ class ForemanRemoteExecutionHostExtensionsTest < ActiveSupport::TestCase
           host.remote_execution_proxies(provider)[:global].must_include proxy_in_taxonomies
           host.remote_execution_proxies(provider)[:global].wont_include proxy_no_taxonomies
         end
-
-        it 'returns all proxies when there\'s no taxonomies' do
-          Taxonomy.stubs(:enabled_taxonomies).returns([])
-          host.remote_execution_proxies(provider)[:global].must_include proxy_in_taxonomies
-          host.remote_execution_proxies(provider)[:global].must_include proxy_no_taxonomies
-        end
       end
 
       context 'disabled' do

data/test/unit/remote_execution_provider_test.rb

@@ -62,6 +62,7 @@ class RemoteExecutionProviderTest < ActiveSupport::TestCase
     let(:template_invocation) { job_invocation.pattern_template_invocations.first }
     let(:host) { FactoryBot.create(:host) }
     let(:proxy_options) { SSHExecutionProvider.proxy_command_options(template_invocation, host) }
+    let(:secrets) { SSHExecutionProvider.secrets(host) }
 
     describe 'effective user' do
       it 'takes the effective user from value from the template invocation' do
@@ -81,7 +82,8 @@ class RemoteExecutionProviderTest < ActiveSupport::TestCase
       it 'uses the remote_execution_sudo_password on the host param' do
         host.params['remote_execution_sudo_password'] = 'mypassword'
         host.host_parameters << FactoryBot.create(:host_parameter, :host => host, :name => 'remote_execution_sudo_password', :value => 'mypassword')
-        proxy_options[:sudo_password].must_equal 'mypassword'
+        assert_not proxy_options.key?(:sudo_password)
+        secrets[:sudo_password].must_equal 'mypassword'
       end
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_remote_execution
 version: !ruby/object:Gem::Version
-  version: 1.8.4
+  version: 2.0.0
 platform: ruby
 authors:
 - Foreman Remote Execution team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-20 00:00:00.000000000 Z
+date: 2019-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface