foreman_rh_cloud 12.1.2 → 12.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca9c35b5c31e2f8d00889ae5c4f57a3245e038f2ff106e708c9f45909e1340d2
-  data.tar.gz: 7b151bcccb350ff1cb748aeca126656d8e7e2712e7878ea0522b7db719c6594f
+  metadata.gz: 7ed52afd2a65d3cc87c3ae660716ca1044af88b359f84f108cbe005c01a37a42
+  data.tar.gz: b00def287ae973805693edaf6b9eb13e72846992bcb7e5432073ff722458d565
 SHA512:
-  metadata.gz: ec35e323ea4ff1e5af20ee9a6185c83f5cf43e011a1f4879d696050381265c474cbf2b1435f72f53e43c785c797f5de013513f7efbf49e19fd87b9d2c58fe279
-  data.tar.gz: 109928813b8f2e70ee7107d44470e04fff2fad1e9fd356f2b15f7f57092bb06c003277de931c5d5dfa84a4a379de36e4e14fd7ea2898b3070d310c4c7311e5c0
+  metadata.gz: 3ba0a99ac74b2b311f3569cc6dee79a5043be05abdfe41ca25e36f9c4a6e1d903732e8e38ae580c01634842ec493e8ab350f0b3d04b680e032aba9e730bd1935
+  data.tar.gz: 147d7da2c6352b9333bf1a5c8537c1468d2246d7bd656846ff515170b7c3841c55c73ae4e7fef690c39f56d893721efa994e271b4214d154f9542e03da43c808

data/README.md

@@ -1,18 +1,16 @@
 [![Ruby tests](https://github.com/theforeman/foreman_rh_cloud/actions/workflows/ruby_tests.yml/badge.svg)](https://github.com/theforeman/foreman_rh_cloud/actions/workflows/ruby_tests.yml)
 [![JS](https://github.com/theforeman/foreman_rh_cloud/actions/workflows/js_tests.yml/badge.svg)](https://github.com/theforeman/foreman_rh_cloud/actions/workflows/js_tests.yml)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/theforeman/foreman_rh_cloud)
 
 # ForemanRhCloud
 
-*Introduction here*
-
 ## Installation
 
 See [How_to_Install_a_Plugin](http://projects.theforeman.org/projects/foreman/wiki/How_to_Install_a_Plugin)
 for how to install Foreman plugins
 
-## Usage
-
-*Usage here*
+## Project overview
+See our [wiki](https://deepwiki.com/theforeman/foreman_rh_cloud)
 
 ### In Satellite
 

data/app/controllers/concerns/insights_cloud/package_profile_upload_extensions.rb

@@ -0,0 +1,33 @@
+module InsightsCloud
+  module PackageProfileUploadExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      # This method explicitly listens on Katello actions
+      # rubocop:disable Rails/LexicallyScopedActionFilter
+      after_action :generate_host_report, only: [:upload_package_profile, :upload_profiles]
+      # rubocop:enable Rails/LexicallyScopedActionFilter
+    end
+
+    def generate_host_report
+      return unless ForemanRhCloud.with_local_advisor_engine?
+
+      logger.debug("Generating host-specific report for host #{@host.name}")
+
+      ForemanTasks.async_task(
+        ForemanInventoryUpload::Async::GenerateReportJob,
+        ForemanInventoryUpload.generated_reports_folder,
+        @host.organization_id,
+        false,
+        "id=#{@host.id}"
+      )
+
+      # in IoP case, the hosts are identified by the sub-man ID, and we can assume they already
+      # exist in the local inventory. This will also handle facet creation for new hosts.
+      return if @host.insights
+
+      insights_facet = @host.build_insights(uuid: @host.subscription_facet.uuid)
+      insights_facet.save
+    end
+  end
+end

data/app/controllers/insights_cloud/api/machine_telemetries_controller.rb

@@ -17,7 +17,7 @@ module InsightsCloud::Api
     def forward_request
       certs = candlepin_id_cert @organization
       begin
-        @cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, certs)
+        @cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, certs, @host)
       rescue RestClient::Exceptions::Timeout => e
         response_obj = e.response.presence || e.exception
         return render json: { message: response_obj.to_s, error: response_obj.to_s }, status: :gateway_timeout

data/app/services/foreman_rh_cloud/cert_auth.rb

@@ -10,7 +10,8 @@ module ForemanRhCloud
     end
 
     def execute_cloud_request(params)
-      certs = candlepin_id_cert(params.delete(:organization))
+      organization = params.delete(:organization)
+      certs = ForemanRhCloud.with_local_advisor_engine? ? foreman_certificate : candlepin_id_cert(organization)
       final_params = {
         ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
         ssl_client_key: OpenSSL::PKey.read(certs[:key]),
@@ -18,5 +19,12 @@ module ForemanRhCloud
 
       super(final_params)
     end
+
+    def foreman_certificate
+      @foreman_certificate ||= {
+        cert: File.read(Setting[:ssl_certificate]),
+        key: File.read(Setting[:ssl_priv_key]),
+      }
+    end
   end
 end

data/app/services/foreman_rh_cloud/cloud_request_forwarder.rb

@@ -4,7 +4,7 @@ module ForemanRhCloud
   class CloudRequestForwarder
     include ForemanRhCloud::CloudRequest
 
-    def forward_request(original_request, controller_name, branch_id, certs)
+    def forward_request(original_request, controller_name, branch_id, certs, host)
       forward_params = prepare_forward_params(original_request, branch_id)
       logger.debug("Request parameters for telemetry request: #{forward_params}")
 
@@ -12,14 +12,14 @@ module ForemanRhCloud
 
       logger.debug("User agent for telemetry is: #{http_user_agent original_request}")
 
-      request_opts = prepare_request_opts(original_request, forward_payload, forward_params, certs)
+      request_opts = prepare_request_opts(original_request, forward_payload, forward_params, certs, host)
 
       logger.debug("Sending request to: #{request_opts[:url]}")
 
       execute_cloud_request(request_opts)
     end
 
-    def prepare_request_opts(original_request, forward_payload, forward_params, certs)
+    def prepare_request_opts(original_request, forward_payload, forward_params, certs, host)
       base_params = {
         method: original_request.method,
         payload: forward_payload,
@@ -28,6 +28,7 @@ module ForemanRhCloud
             params: forward_params,
             user_agent: http_user_agent(original_request),
             content_type: original_request.media_type.presence || original_request.format.to_s,
+            Forwarded: prepare_forwarded_header(host),
           }
         ),
       }
@@ -105,6 +106,10 @@ module ForemanRhCloud
       headers
     end
 
+    def prepare_forwarded_header(host)
+      "for=\"_#{host.subscription_facet.uuid}\""
+    end
+
     def lightspeed?
       ->(request_path) { request_path.include? '/lightspeed' }
     end

data/app/views/api/v2/hosts/insights/base.rabl

@@ -3,3 +3,9 @@ attributes :uuid
 node :insights_hit_details do |facet|
   facet&.host&.facts('insights::hit_details')&.values&.first
 end
+node :insights_hits_count do |facet|
+  facet.hits&.count
+end
+node :use_local_advisor_engine do |_facet|
+  ForemanRhCloud.with_local_advisor_engine?
+end

data/db/seeds.d/200_features.rb

@@ -0,0 +1,4 @@
+ForemanRhCloud.on_prem_smart_proxy_features.each do |feature_name|
+  f = Feature.where(:name => feature_name).first_or_create
+  raise "Unable to create proxy feature: #{SeedHelper.format_errors f}" if f.nil? || f.errors.any?
+end

data/lib/foreman_inventory_upload/async/generate_report_job.rb

@@ -5,18 +5,19 @@ module ForemanInventoryUpload
         "report_for_#{label}"
       end
 
-      def plan(base_folder, organization_id, disconnected)
+      def plan(base_folder, organization_id, disconnected, hosts_filter = nil)
         sequence do
           super(
-            GenerateReportJob.output_label(organization_id),
+            GenerateReportJob.output_label("#{organization_id}#{hosts_filter.empty? ? nil : "[#{hosts_filter.to_s.parameterize}]"}"),
             organization_id: organization_id,
-            base_folder: base_folder
+            base_folder: base_folder,
+            hosts_filter: hosts_filter
           )
 
           plan_action(
             QueueForUploadJob,
             base_folder,
-            ForemanInventoryUpload.facts_archive_name(organization_id),
+            ForemanInventoryUpload.facts_archive_name(organization_id, hosts_filter),
             organization_id,
             disconnected
           )
@@ -34,7 +35,8 @@ module ForemanInventoryUpload
       def env
         super.merge(
           'target' => base_folder,
-          'organization_id' => organization_id
+          'organization_id' => organization_id,
+          'hosts_filter' => hosts_filter
         )
       end
 
@@ -45,6 +47,10 @@ module ForemanInventoryUpload
       def organization_id
         input[:organization_id]
       end
+
+      def hosts_filter
+        input[:hosts_filter]
+      end
     end
   end
 end

data/lib/foreman_inventory_upload/async/upload_report_job.rb

@@ -33,8 +33,8 @@ module ForemanInventoryUpload
         end
 
         Tempfile.create([organization.name, '.pem']) do |cer_file|
-          cer_file.write(rh_credentials[:cert])
-          cer_file.write(rh_credentials[:key])
+          cer_file.write(certificate[:cert])
+          cer_file.write(certificate[:key])
           cer_file.flush
           @cer_path = cer_file.path
           super
@@ -59,8 +59,12 @@ module ForemanInventoryUpload
         env_vars
       end
 
-      def rh_credentials
-        @rh_credentials ||= begin
+      def certificate
+        ForemanRhCloud.with_local_advisor_engine? ? foreman_certificate : manifest_certificate
+      end
+
+      def manifest_certificate
+        @manifest_certificate ||= begin
           candlepin_id_certificate = organization.owner_details['upstreamConsumer']['idCert']
           {
             cert: candlepin_id_certificate['cert'],
@@ -69,6 +73,13 @@ module ForemanInventoryUpload
         end
       end
 
+      def foreman_certificate
+        @foreman_certificate ||= {
+          cert: File.read(Setting[:ssl_certificate]),
+          key: File.read(Setting[:ssl_priv_key]),
+        }
+      end
+
       def filename
         input[:filename]
       end

data/lib/foreman_inventory_upload/generators/archived_report.rb

@@ -6,10 +6,10 @@ module ForemanInventoryUpload
         @logger = logger
       end
 
-      def render(organization:)
+      def render(organization:, filter: nil)
         Dir.mktmpdir do |tmpdir|
           @logger.info "Started generating hosts report in #{tmpdir}"
-          host_batches = ForemanInventoryUpload::Generators::Queries.for_org(organization)
+          host_batches = ForemanInventoryUpload::Generators::Queries.for_org(organization, hosts_query: filter || '')
           File.open(File.join(tmpdir, 'metadata.json'), 'w') do |metadata_out|
             metadata_generator = ForemanInventoryUpload::Generators::Metadata.new(metadata_out)
             metadata_generator.render do |inner_generator|

data/lib/foreman_inventory_upload/generators/fact_helpers.rb

@@ -57,17 +57,39 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_hostname?(host)
+        # Returns true if hostname obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for hostname obfuscation.
+        return true if Setting[:obfuscate_inventory_hostnames]
+
         insights_client_setting = fact_value(host, 'insights_client::obfuscate_hostname_enabled')
         insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
 
-        Setting[:obfuscate_inventory_hostnames]
+        # 2. host fact reported by insights_client
+        # 3. if neither of the above, don't obfuscate.
+        insights_client_setting.nil? ? false : insights_client_setting
       end
 
       def fqdn(host)
-        return host.fqdn unless obfuscate_hostname?(host)
-
-        fact_value(host, 'insights_client::hostname') || obfuscate_fqdn(host.fqdn)
+        if obfuscate_hostname?(host)
+          # If obfuscation is enabled, attempt to retrieve an already obfuscated hostname
+          # from the 'insights_client::obfuscated_hostname' fact.
+          # Example format of `parsed_insights_array`:
+          # [{"original"=>"host.example.com", "obfuscated"=>"0dd449d0a027.example.com"},
+          #  {"original"=>"satellite.example.com", "obfuscated"=>"host2.example.com"}]
+          begin
+            parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_hostname') || '[]')
+          rescue JSON::ParserError
+            parsed_insights_array = []
+          end
+          # Obfuscate using the following hierarchy:
+          # 1. the obfuscated_hostname fact sent by insights_client
+          parsed_insights_item = parsed_insights_array.find { |item| item['original'] == host.fqdn }
+          # 2. our own helper method
+          parsed_insights_item&.[]('obfuscated') || obfuscate_fqdn(host.fqdn)
+        else
+          # If hostname obfuscation is not enabled for this host, return the host's original FQDN.
+          host.fqdn
+        end
       end
 
       def obfuscate_fqdn(fqdn)
@@ -75,35 +97,65 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_ips?(host)
-        insights_client_setting = fact_value(host, 'insights_client::obfuscate_ip_enabled')
-        insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
+        # Returns true if IP obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for IP obfuscation.
+        return true if Setting[:obfuscate_inventory_ips]
 
-        Setting[:obfuscate_inventory_ips]
+        insights_client_ipv4_setting = fact_value(host, 'insights_client::obfuscate_ipv4_enabled')
+        insights_client_ipv6_setting = fact_value(host, 'insights_client::obfuscate_ipv6_enabled')
+
+        cast_ipv4_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv4_setting)
+        cast_ipv6_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv6_setting)
+
+        # 2. The host's IPv4 or IPv6 obfuscation fact value is true
+        # 3. If neither of the above, don't obfuscate.
+        cast_ipv4_setting || cast_ipv6_setting || false
       end
 
       def host_ips(host)
+        # Determines and returns the IP addresses associated with a host, applying obfuscation if enabled.
+
+        # If IP obfuscation is enabled for the host return a representation of obfuscated IP addresses.
         return obfuscated_ips(host) if obfuscate_ips?(host)
 
-        # return a pass through proxy hash in case no obfuscation needed
+        # If IP obfuscation is NOT needed, return a special kind of Hash.
+        # where when you try to access a key in it
+        # if the key doesn't exist, it simply returns the key itself.
+        # This is useful because it means if you try to get an IP from this hash,
+        # you'll just get the original IP back. It allows the calling code to
+        # use the same interface whether obfuscation is applied or not.
         Hash.new { |h, k| k }
       end
 
       def obfuscated_ips(host)
-        insights_client_ips = JSON.parse(fact_value(host, 'insights_client::ips') || '[]')
+        # Example format of `parsed_insights_array`:
+        # [{"original": "192.168.1.10", "obfuscated": "10.230.230.1"},
+        #  {"original": "192.168.1.11", "obfuscated": "10.230.230.2"}]
+        begin
+          parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_ipv4') || '[]')
+        rescue JSON::ParserError
+          parsed_insights_array = []
+        end
 
+        # Create a new Hash to store the mapping from original IP addresses to their obfuscated versions.
+        # where the 'original' IP is the key and the 'obfuscated' IP is the value.
         obfuscated_ips = Hash[
-          insights_client_ips.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
+          parsed_insights_array.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
         ]
 
+        # Sets a default proc for the obfuscated_ips hash.
+        # When a key is accessed that does not exist in the hash, this proc is called.
+        # It assigns the result of obfuscate_ip(key, hash) to the missing key in the hash.
+        # This ensures that any missing IP address key will be obfuscated and stored automatically.
         obfuscated_ips.default_proc = proc do |hash, key|
           hash[key] = obfuscate_ip(key, hash)
         end
-
         obfuscated_ips
       end
 
       def obfuscate_ip(ip, ips_dict)
+        # Produce a new, unique obfuscated IP that is
+        # numerically one greater than the highest existing obfuscated IP
         max_obfuscated = ips_dict.values.map { |v| IPAddr.new(v).to_i }.max || IPAddr.new('10.230.230.0').to_i
 
         IPAddr.new(max_obfuscated + 1, Socket::AF_INET).to_s

data/lib/foreman_inventory_upload/generators/queries.rb

@@ -26,9 +26,11 @@ module ForemanInventoryUpload
               'dmi::system::product_name',
               'dmi::chassis::asset_tag',
               'insights_client::obfuscate_hostname_enabled',
-              'insights_client::obfuscate_ip_enabled',
-              'insights_client::hostname',
-              'insights_client::ips',
+              'insights_client::obfuscate_ipv4_enabled',
+              'insights_client::obfuscate_ipv6_enabled',
+              'insights_client::obfuscated_ipv4',
+              'insights_client::obfuscated_ipv6',
+              'insights_client::obfuscated_hostname',
               'insights_id',
               'conversions::activity',
               'conversions::packages::0::nevra',
@@ -58,8 +60,8 @@ module ForemanInventoryUpload
           )
       end
 
-      def self.for_org(organization_id, use_batches: true)
-        base_query = for_slice(Host.unscoped.where(organization_id: organization_id))
+      def self.for_org(organization_id, use_batches: true, hosts_query: '')
+        base_query = for_slice(Host.unscoped.where(organization_id: organization_id).search_for(hosts_query))
         use_batches ? base_query.in_batches(of: ForemanInventoryUpload.slice_size) : base_query
       end
     end

data/lib/foreman_inventory_upload/generators/slice.rb

@@ -190,7 +190,6 @@ module ForemanInventoryUpload
         ) { |v| os_release_value(*v) }
         @stream.simple_field('os_kernel_version', fact_value(host, 'uname::release'))
         @stream.simple_field('arch', host.architecture&.name)
-        @stream.simple_field('katello_agent_running', false)
         @stream.simple_field(
           'infrastructure_type',
           ActiveModel::Type::Boolean.new.cast(fact_value(host, 'virt::is_guest')) ? 'virtual' : 'physical'

data/lib/foreman_inventory_upload/generators/tags.rb

@@ -41,7 +41,10 @@ module ForemanInventoryUpload
       end
 
       def organizations
-        [['organization', @host.organization.name]]
+        [
+          ['organization', @host.organization.name],
+          ['organization_label', @host.organization.label],
+        ]
       end
 
       def content_data

data/lib/foreman_inventory_upload.rb

@@ -52,8 +52,8 @@ module ForemanInventoryUpload
     'uploader.sh'
   end
 
-  def self.facts_archive_name(organization)
-    "report_for_#{organization}.tar.xz"
+  def self.facts_archive_name(organization, filter = nil)
+    "report_for_#{organization}#{filter.empty? ? nil : "[#{filter.to_s.parameterize}]"}.tar.xz"
   end
 
   def self.upload_url

data/lib/foreman_rh_cloud/engine.rb

@@ -114,8 +114,7 @@ module ForemanRhCloud
               caption: N_('Inventory Upload'),
               url: '/foreman_rh_cloud/inventory_upload',
               url_hash: { controller: :react, action: :index },
-              parent: :insights_menu,
-              if: -> { !ForemanRhCloud.with_local_advisor_engine? }
+              parent: :insights_menu
             menu :top_menu, :insights_hits, caption: N_('Recommendations'), url: '/foreman_rh_cloud/insights_cloud', url_hash: { controller: :react, action: :index }, parent: :insights_menu
             menu :top_menu,
               :insights_vulnerability,
@@ -165,6 +164,8 @@ module ForemanRhCloud
         ::Katello::UINotifications::Subscriptions::ManifestImportSuccess.include ForemanInventoryUpload::Notifications::ManifestImportSuccessNotificationOverride if defined?(Katello)
 
         ::Host::Managed.include RhCloudHost
+
+        ::Katello::Api::Rhsm::CandlepinDynflowProxyController.include InsightsCloud::PackageProfileUploadExtensions
       end
     end
 
@@ -210,6 +211,30 @@ module ForemanRhCloud
       )
     end
 
+    # Ideally this code belongs to an initializer. The problem is that Katello controllers are not initialized completely until after the end of the to_prepare blocks
+    # This means I can patch the controller only in the after_initialize block that is promised to run after the to_prepare
+    # initializer 'foreman_rh_cloud.allow_smart_proxy_actions', :before => :finisher_hook, :after => 'katello.register_plugin'  do |_app|
+    # end
+    config.after_initialize do
+      # skip overrides in migrations, since the controller initialization depends on tables existense
+      if defined?(Katello) && !Foreman.in_setup_db_rake?
+        Katello::Api::V2::OrganizationsController.include Foreman::Controller::SmartProxyAuth
+        # patch the callbacks order for :download_debug_certificate, since local_find_taxonomy has to run after the user is already initialized
+        Katello::Api::V2::OrganizationsController.skip_before_action(:local_find_taxonomy, only: :download_debug_certificate)
+        Katello::Api::V2::OrganizationsController.add_smart_proxy_filters(
+          [:index, :download_debug_certificate],
+          features: ForemanRhCloud.on_prem_smart_proxy_features
+        )
+        Katello::Api::V2::OrganizationsController.before_action(:local_find_taxonomy, only: :download_debug_certificate)
+
+        Katello::Api::V2::RepositoriesController.include Foreman::Controller::SmartProxyAuth
+        Katello::Api::V2::RepositoriesController.add_smart_proxy_filters(
+          :index,
+          features: ForemanRhCloud.on_prem_smart_proxy_features
+        )
+      end
+    end
+
     rake_tasks do
       Rake::Task['db:seed'].enhance do
         ForemanRhCloud::Engine.load_seed
@@ -231,4 +256,8 @@ module ForemanRhCloud
       ::SETTINGS[:ssl_ca_file]
     end
   end
+
+  def self.on_prem_smart_proxy_features
+    ['Insights']
+  end
 end

data/lib/foreman_rh_cloud/version.rb

@@ -1,3 +1,3 @@
 module ForemanRhCloud
-  VERSION = '12.1.2'.freeze
+  VERSION = '12.1.4'.freeze
 end

data/lib/inventory_sync/async/inventory_hosts_sync.rb

@@ -8,6 +8,8 @@ module InventorySync
       set_callback :step, :around, :create_missing_hosts
 
       def plan(organizations)
+        # Do not run for local advisor, since we use sub-man id to identify hosts.
+        return if ForemanRhCloud.with_local_advisor_engine?
         # by default the tasks will be executed concurrently
         super(organizations)
         plan_self_host_sync