foreman_remote_execution 3.2.1 → 3.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9caedc0baf4a767d6b0149fd1b349b97081460193cdccad1cb9a3208d278b67f
-  data.tar.gz: 709c83b4582ffd65cab576e84d1b502ce31a70c57f0ce9af76e3ffd9978de031
+  metadata.gz: 19c80592b90b1ba20ac213bae2ff36e9608202161e29718a063d3ac52ed249b3
+  data.tar.gz: daa58fc0cfe1a9b788a49372c1d200579502331ef9e1f1424fa4a81270898a8b
 SHA512:
-  metadata.gz: 9ca7d43729ca2e9b8d2012c8f1e9055832ba52a7c7abe8b14c37ad92b73af1a689dd92ec6415e2f4f1532b18a10310caee45c2370579e389914237acb2496cbb
-  data.tar.gz: 687feaca288aec140529e59948290a4e99aae6261567953768340b0b36aa6a8920f9e2640fd0b7a8a02cb22f727b417302569fba4bfda736c0a2a0b6c04b41a1
+  metadata.gz: c3b9ee1922a5ece712f8f431eb84de7ab5793d5108fe4959ce690a0acd6edb14f21ab5135cc1b7bcf37d3fbe81af45731fe1900e1803683c131bc3dba13aa931
+  data.tar.gz: 5db356770b3017319ef2e4f0d1a16598025c9227b540661b2f3e6104f2bd522dbbfb351266eae0bc63d19667a2edc079de0136b50e648e6abddf973bbbe58ead

data/app/controllers/api/v2/job_invocations_controller.rb

@@ -19,6 +19,10 @@ module Api
       api :GET, '/job_invocations/:id', N_('Show job invocation')
       param :id, :identifier, :required => true
       def show
+        @hosts = @job_invocation.targeting.hosts.authorized(:view_hosts, Host)
+        @template_invocations = @job_invocation.template_invocations
+                                               .where(host: @hosts)
+                                               .includes(:input_values)
       end
 
       def_param_group :job_invocation do
@@ -146,7 +150,7 @@ module Api
       end
 
       def find_host
-        @host = Host.authorized(:view_hosts).find(params['host_id'])
+        @host = @nested_obj.targeting.hosts.authorized(:view_hosts, Host).find(params['host_id'])
       rescue ActiveRecord::RecordNotFound
         not_found({ :error => { :message => (_("Host with id '%{id}' was not found") % { :id => params['host_id'] }) } })
       end

data/app/controllers/api/v2/template_invocations_controller.rb

@@ -26,7 +26,10 @@ module Api
       private
 
       def resource_scope_for_template_invocations
-        @job_invocation.template_invocations.search_for(*search_options)
+        @job_invocation.template_invocations
+                       .includes(:host)
+                       .where(host: Host.authorized(:view_hosts, Host))
+                       .search_for(*search_options)
       end
 
       def find_job_invocation

data/app/helpers/job_invocations_helper.rb

@@ -29,7 +29,7 @@ module JobInvocationsHelper
   end
 
   def preview_hosts(template_invocation)
-    hosts = template_invocation.targeting.hosts.take(20)
+    hosts = template_invocation.targeting.hosts.authorized(:view_hosts, Host).take(20)
     hosts.map do |host|
       collapsed_preview(host) +
         render(:partial => 'job_invocations/user_input',

data/app/models/concerns/foreman_remote_execution/host_extensions.rb

@@ -49,7 +49,7 @@ module ForemanRemoteExecution
       keys = remote_execution_ssh_keys
       source = 'global'
       if keys.present?
-        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| v || [] }
+        value, safe_value = params.fetch('remote_execution_ssh_keys', {}).values_at(:value, :safe_value).map { |v| [v].flatten.compact }
         params['remote_execution_ssh_keys'] = {:value => value + keys, :safe_value => safe_value + keys, :source => source}
       end
       [:remote_execution_ssh_user, :remote_execution_effective_user_method,

data/app/models/concerns/foreman_remote_execution/orchestration/ssh.rb

@@ -8,11 +8,16 @@ module ForemanRemoteExecution
       register_rebuild(:queue_ssh_destroy, N_("SSH_#{self.to_s.split('::').first}"))
     end
 
-    def drop_from_known_hosts(args)
-      proxy_id, target = args
+    def drop_from_known_hosts(proxy_id)
+      _, _, target = host_kind_target
+      return true if target.nil?
+
       proxy = ::SmartProxy.find(proxy_id)
       begin
         proxy.drop_host_from_known_hosts(target)
+      rescue RestClient::ResourceNotFound => e
+        # ignore 404 when known_hosts entry is missing or the module was not enabled
+        Foreman::Logging.exception "Proxy failed to delete SSH known_hosts for #{name}, #{ip}", e, :level => :error
       rescue => e
         Rails.logger.warn e.message
         return false
@@ -23,11 +28,11 @@ module ForemanRemoteExecution
     def ssh_destroy
       logger.debug "Scheduling SSH known_hosts cleanup"
 
-      host, _kind, target = host_kind_target
+      host, _kind, _target = host_kind_target
       proxies = host.remote_execution_proxies('SSH').values
       proxies.flatten.uniq.each do |proxy|
         queue.create(id: queue_id(proxy.id), name: _("Remove SSH known hosts for %s") % self,
-          priority: 200, action: [self, :drop_from_known_hosts, [proxy.id, target]])
+          priority: 200, action: [self, :drop_from_known_hosts, proxy.id])
       end
     end
 
@@ -37,7 +42,7 @@ module ForemanRemoteExecution
 
     def should_drop_from_known_hosts?
       host, = host_kind_target
-      host&.build && host&.changes&.key?('build')
+      host && !host.new_record? && host.build && host.changes.key?('build')
     end
 
     private

data/app/views/api/v2/job_invocations/main.json.rabl

@@ -19,7 +19,7 @@ child :targeting do
   attributes :bookmark_id, :search_query, :targeting_type, :user_id, :status, :status_label,
     :randomized_ordering
 
-  child :hosts do
+  child @hosts do
     extends 'api/v2/hosts/base'
   end
 end
@@ -28,7 +28,7 @@ child :task do
   attributes :id, :state
 end
 
-child :template_invocations do
+child @template_invocations do
   attributes :template_id, :template_name
   child :input_values do
     attributes :template_input_name, :template_input_id

data/lib/foreman_remote_execution/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecution
-  VERSION = '3.2.1'.freeze
+  VERSION = '3.2.2'.freeze
 end

data/test/functional/api/v2/job_invocations_controller_test.rb

@@ -4,7 +4,7 @@ module Api
   module V2
     class JobInvocationsControllerTest < ActionController::TestCase
       setup do
-        @invocation = FactoryBot.create(:job_invocation, :with_template, :with_task)
+        @invocation = FactoryBot.create(:job_invocation, :with_template, :with_task, :with_unplanned_host)
         @template = FactoryBot.create(:job_template, :with_input)
 
         # Without this the template in template_invocations and in pattern_template_invocations
@@ -20,18 +20,32 @@ module Api
         assert_response :success
       end
 
-      test 'should get invocation detail' do
-        get :show, params: { :id => @invocation.id }
-        assert_response :success
-        template = ActiveSupport::JSON.decode(@response.body)
-        assert_not_empty template
-        assert_equal template['job_category'], @invocation.job_category
-      end
+      describe 'show' do
+        test 'should get invocation detail' do
+          get :show, params: { :id => @invocation.id }
+          assert_response :success
+          template = ActiveSupport::JSON.decode(@response.body)
+          assert_not_empty template
+          assert_equal template['job_category'], @invocation.job_category
+          assert_not_empty template['targeting']['hosts']
+        end
 
-      test 'should get invocation detail when taxonomies are set' do
-        taxonomy_params = %w(organization location).reduce({}) { |acc, cur| acc.merge("#{cur}_id" => FactoryBot.create(cur)) }
-        get :show, params: taxonomy_params.merge(:id => @invocation.id)
-        assert_response :success
+        test 'should get invocation detail when taxonomies are set' do
+          taxonomy_params = %w(organization location).reduce({}) { |acc, cur| acc.merge("#{cur}_id" => FactoryBot.create(cur)) }
+          get :show, params: taxonomy_params.merge(:id => @invocation.id)
+          assert_response :success
+        end
+
+        test 'should see only permitted hosts' do
+          @user = FactoryBot.create(:user, admin: false)
+          setup_user('view', 'job_invocations', nil, @user)
+          setup_user('view', 'hosts', 'name ~ nope.example.com', @user)
+
+          get :show, params: { :id => @invocation.id }, session: set_session_user(@user)
+          assert_response :success
+          response = ActiveSupport::JSON.decode(@response.body)
+          assert_empty response['targeting']['hosts']
+        end
       end
 
       context 'creation' do
@@ -108,7 +122,7 @@ module Api
       end
 
       describe '#output' do
-        let(:host) { @invocation.template_invocations_hosts.first }
+        let(:host) { @invocation.targeting.hosts.first }
 
         test 'should provide output for delayed task' do
           ForemanTasks::Task.any_instance.expects(:scheduled?).returns(true)
@@ -137,6 +151,12 @@ module Api
           assert_equal result['message'], "Job invocation not found by id '#{invocation_id}'"
           assert_response :missing
         end
+
+        test 'should get output only for host in job invocation' do
+          get :output, params: { job_invocation_id: @invocation.id,
+                                 host_id: FactoryBot.create(:host).id }
+          assert_response :missing
+        end
       end
 
       describe 'raw output' do
@@ -148,7 +168,7 @@ module Api
         let(:fake_task) do
           OpenStruct.new :pending? => false, :main_action => OpenStruct.new(:live_output => fake_output)
         end
-        let(:host) { @invocation.template_invocations_hosts.first }
+        let(:host) { @invocation.targeting.hosts.first }
 
         test 'should provide raw output for a host' do
           JobInvocation.any_instance.expects(:task).returns(OpenStruct.new(:scheduled? => false))
@@ -184,6 +204,12 @@ module Api
           assert_nil result['output']
           assert_response :success
         end
+
+        test 'should get raw output only for host in job invocation' do
+          get :raw_output, params: { job_invocation_id: @invocation.id,
+                                     host_id: FactoryBot.create(:host).id }
+          assert_response :missing
+        end
       end
 
       test 'should cancel a job' do
@@ -232,11 +258,13 @@ module Api
       end
 
       test 'should not raise an exception when reruning failed has no hosts' do
+        @invocation.targeting.hosts.first.destroy
         JobInvocation.any_instance.expects(:generate_description)
         JobInvocationComposer.any_instance
                              .expects(:validate_job_category)
                              .with(@invocation.job_category)
                              .returns(@invocation.job_category)
+
         post :rerun, params: { :id => @invocation.id, :failed_only => true }
         assert_response :success
         result = ActiveSupport::JSON.decode(@response.body)

data/test/models/orchestration/ssh_test.rb

@@ -15,10 +15,42 @@ class SSHOrchestrationTest < ActiveSupport::TestCase
   end
 
   it 'attempts to drop IP address and hostname from smart proxies on rebuild' do
+    host.stubs(:skip_orchestration?).returns false
+    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).with(interface.ip)
+    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).with(host.name)
+
     host.build = true
     host.save!
+
     ids = ["ssh_remove_known_hosts_interface_#{interface.ip}_#{proxy.id}",
            "ssh_remove_known_hosts_host_#{host.name}_#{proxy.id}"]
     _(host.queue.task_ids).must_equal ids
+    _(host.queue.items.map(&:status)).must_equal %w(completed completed)
+  end
+
+  it 'does not fail on 404 from the smart proxy' do
+    host.stubs(:skip_orchestration?).returns false
+    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).raises(RestClient::ResourceNotFound).twice
+    host.build = true
+    host.save!
+    ids = ["ssh_remove_known_hosts_interface_#{interface.ip}_#{proxy.id}",
+           "ssh_remove_known_hosts_host_#{host.name}_#{proxy.id}"]
+    _(host.queue.task_ids).must_equal ids
+    _(host.queue.items.map(&:status)).must_equal %w(completed completed)
+  end
+
+  it 'does not trigger the removal when creating a new host' do
+    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).never
+    host = Host::Managed.new(:name => 'test', :ip => '127.0.0.1')
+    host.stubs(:skip_orchestration?).returns false
+    _(host.queue.task_ids).must_equal []
+  end
+
+  it 'does not call to the proxy when target is nil' do
+    host.stubs(:skip_orchestration?).returns false
+    SmartProxy.any_instance.expects(:drop_host_from_known_hosts).with(host.name)
+    host.interfaces.first.stubs(:ip)
+    host.destroy
+    _(host.queue.items.map(&:status)).must_equal %w(completed completed)
   end
 end

data/test/unit/concerns/host_extensions_test.rb

@@ -48,6 +48,13 @@ class ForemanRemoteExecutionHostExtensionsTest < ActiveSupport::TestCase
       _(host.host_param('remote_execution_ssh_keys')).must_include sshkey
     end
 
+    it 'merges ssh key as a string from host parameters and proxies' do
+      key = 'ssh-rsa not-even-a-key something@somewhere.com'
+      host.host_parameters << FactoryBot.create(:host_parameter, :host => host, :name => 'remote_execution_ssh_keys', :value => key)
+      _(host.host_param('remote_execution_ssh_keys')).must_include key
+      _(host.host_param('remote_execution_ssh_keys')).must_include sshkey
+    end
+
     it 'has ssh keys in the parameters even when no user specified' do
       # this is a case, when using the helper in provisioning templates
       FactoryBot.create(:smart_proxy, :ssh)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_remote_execution
 version: !ruby/object:Gem::Version
-  version: 3.2.1
+  version: 3.2.2
 platform: ruby
 authors:
 - Foreman Remote Execution team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-14 00:00:00.000000000 Z
+date: 2020-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface