foreman_rh_cloud 12.1.2 → 12.1.4

data/lib/tasks/hybrid_cloud.rake

@@ -1,64 +1,132 @@
 require 'io/console'
+require 'uri'
 
-namespace :rh_cloud do |args|
-  desc 'Register Satellite Organization with Hybrid Cloud API. \
-        Specify org_id=x replace your organization ID with x. \
-        Specify SATELLITE_RH_CLOUD_URL=https://x with the Hybrid Cloud endpoint you are connecting to.'
+def logger
+  @logger ||= Logger.new(STDOUT)
+end
+
+namespace :rh_cloud do
+  desc 'Register Satellite Organization with Hybrid Cloud API.'
+  # This task registers the Satellite Organization with the Hybrid Cloud API.
+  # It requires the user to input their organization ID, Insights URL, and token.
+  # The task will then send a POST request to the Hybrid Cloud API to register the organization.
+  # The response will be logged, and any errors will be caught and logged as well.
+  # The task will exit with an error message if the organization does not have a manifest imported or if the token is not entered.
+  # The task will also log a warning if the custom URL is not set and the default one is used.
   task hybridcloud_register: [:environment] do
     include ::ForemanRhCloud::CertAuth
     include ::InsightsCloud::CandlepinCache
 
-    def logger
-      @logger ||= Logger.new(STDOUT)
+    def default_registrations_url
+      URI.join(ForemanRhCloud.base_url, '/api/identity/certificate/registrations').to_s
     end
 
-    def registrations_url
-      logger.warn("Custom url is not set, using the default one: #{ForemanRhCloud.base_url}") if ENV['SATELLITE_RH_CLOUD_URL'].empty?
-      ForemanRhCloud.base_url + '/api/identity/certificate/registrations'
+    # Helper method to get the registrations URL, with a warning for default usage
+    def registrations_url(custom_url)
+      if custom_url.empty?
+        logger.warn("Custom url is not set, using the default one: #{default_registrations_url}")
+        default_registrations_url
+      else
+        if URI(custom_url).scheme.nil?
+          logger.warn("Custom URL lacks a scheme; prepending https:// prefix.")
+          custom_url = "https://" + custom_url
+        end
+        custom_url
+      end
     end
 
-    if ENV['org_id'].nil?
-      logger.error('ERROR: org_id needs to be specified.')
-      exit(1)
+    def get_organization(user_org_id)
+      maybe_organization = Organization.find_by(id: user_org_id)
+      if maybe_organization.nil?
+        logger.error("Organization with ID '#{user_org_id}' not found.")
+        exit(1)
+      end
+      maybe_organization
     end
 
-    @organization = Organization.find_by(id: ENV['org_id'].to_i) # saw this coming in as a string, so making sure it gets passed as an integer.
-    @uid = cp_owner_id(@organization)
-    @hostname = ForemanRhCloud.foreman_host_name
-    logger.error('Organization provided does not have a manifest imported.') + exit(1) if @uid.nil?
-
-    puts 'Paste your token, output will be hidden.'
-    @token = STDIN.noecho(&:gets).chomp
-    logger.error('Token was not entered.') + exit(1) if @token.empty?
-
-    def headers
-      {
-        Authorization: "Bearer #{@token}",
-      }
+    def get_uid(organization)
+      maybe_uid = cp_owner_id(organization)
+      if maybe_uid.nil?
+        logger.error("Organization '#{organization}' does not have a manifest imported.")
+        exit(1)
+      end
+      maybe_uid
     end
 
-    def payload
-      {
-        "uid": @uid,
-        "display_name": "#{@hostname}+#{@organization.label}",
-      }
+    # --- Input Collection ---
+    puts "Paste in your organization ID, this can be retrieved with the command: hammer organization list"
+    loop do
+      input = STDIN.gets.chomp
+      if input.match?(/^\d+$/) # Checks if input consists only of digits
+        @user_org_id = input.to_i
+        break
+      else
+        puts "Invalid input. Please enter a numeric organization ID."
+      end
     end
 
-    def method
-      :post
+    puts "\n" + "-" * 50 + "\n\n"
+    puts "Paste in your custom Insights URL. If nothing is entered, the default will be used (#{default_registrations_url})."
+    insights_user_input = STDIN.gets.chomp
+
+    puts "\n" + "-" * 50 + "\n\n"
+    puts 'Paste in your Hybrid Cloud API token, output will be hidden.'
+    puts 'This token can be retrieved from the Hybrid Cloud console.'
+    token = STDIN.noecho(&:gets).chomp
+    if token.empty?
+      logger.error('Token was not entered.')
+      exit(1)
     end
 
+    # --- Data Preparation ---
+
+    organization = get_organization(@user_org_id)
+    uid = get_uid(organization)
+    hostname = ForemanRhCloud.foreman_host_name
+    insights_url = registrations_url(insights_user_input)
+
+    # --- API Request ---
+
+    headers = {
+      Authorization: "Bearer #{token}",
+    }
+
+    payload = {
+      'uid': uid,
+      "display_name": "#{hostname}+#{organization.label}",
+    }
+
     begin
       response = execute_cloud_request(
-        organization: @organization,
-        method: method,
-        url: registrations_url,
+        organization: organization,
+        method: :post,
+        url: insights_url,
         headers: headers,
         payload: payload.to_json
       )
-      logger.debug(response)
+      logger.debug("Cloud request completed: status=#{response.code}, body_preview=#{response.body&.slice(0, 200)}")
+    rescue RestClient::Unauthorized => _ex
+      # Add a more specific rescue for 401 Unauthorized errors
+      logger.error('Registration failed: Your token is invalid or unauthorized. Please check your token and try again.')
+      # Optionally, you can still log the full debug info if helpful for advanced troubleshooting
+      # logger.debug(ex.backtrace.join("\n"))
+      exit(1)
+    rescue RestClient::ExceptionWithResponse => ex
+      # This catches any RestClient exception that has a response (like 400, 403, 404, 500, etc.)
+      status_code = begin
+        ex.response.code
+      rescue StandardError
+        "unknown"
+      end
+      logger.error("Registration failed with HTTP status #{status_code}: #{ex.message}")
+      logger.debug("Response body (if available): #{ex.response.body}")
+      exit(1)
     rescue StandardError => ex
-      logger.error(ex)
+      # This is the catch-all for any other unexpected errors
+      logger.error("An unexpected error occurred during registration: #{ex.message}")
+      exit(1)
     end
+
+    logger.info("Satellite Organization '#{organization.label}' (ID: #{@user_org_id}) successfully registered.")
   end
 end

data/lib/tasks/rh_cloud_inventory.rake

@@ -26,6 +26,7 @@ namespace :rh_cloud_inventory do
     task generate: :environment do
       organizations = [ENV['organization_id']]
       base_folder = ENV['target'] || Dir.pwd
+      filter = ENV['hosts_filter']
 
       unless File.writable?(base_folder)
         puts "#{base_folder} is not writable by the current process"
@@ -40,9 +41,9 @@ namespace :rh_cloud_inventory do
 
       User.as_anonymous_admin do
         organizations.each do |organization|
-          target = File.join(base_folder, ForemanInventoryUpload.facts_archive_name(organization))
+          target = File.join(base_folder, ForemanInventoryUpload.facts_archive_name(organization, filter))
           archived_report_generator = ForemanInventoryUpload::Generators::ArchivedReport.new(target, Logger.new(STDOUT))
-          archived_report_generator.render(organization: organization)
+          archived_report_generator.render(organization: organization, filter: filter)
           puts "Successfully generated #{target} for organization id #{organization}"
         end
       end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_rh_cloud",
-  "version": "12.1.2",
+  "version": "12.1.4",
   "description": "Inventory Upload =============",
   "main": "index.js",
   "scripts": {

data/test/controllers/insights_cloud/api/cloud_request_controller_test.rb

@@ -51,8 +51,7 @@ module InsightsCloud::Api
       mock_composer = mock('composer')
       ::JobInvocationComposer.expects(:for_feature).with do |feature, host_ids, params|
         feature == :rh_cloud_connector_run_playbook &&
-        host_ids.first == host1.id &&
-        host_ids.last == host2.id
+        host_ids.sort == [host1.id, host2.id].sort
       end.returns(mock_composer)
       mock_composer.expects(:trigger!)
       mock_composer.expects(:job_invocation)

data/test/unit/archived_report_generator_test.rb

@@ -50,7 +50,7 @@ class ArchivedReportGeneratorTest < ActiveSupport::TestCase
     batches = Host.where(id: @host.id).in_batches
     test_org = FactoryBot.create(:organization)
 
-    ForemanInventoryUpload::Generators::Queries.expects(:for_org).with(test_org.id).returns(batches)
+    ForemanInventoryUpload::Generators::Queries.expects(:for_org).with(test_org.id, hosts_query: '').returns(batches)
     ForemanInventoryUpload::Generators::Slice.any_instance.stubs(:golden_ticket?).returns(false)
     Dir.mktmpdir do |tmpdir|
       target = File.join(tmpdir, 'test.tar.gz')

data/test/unit/fact_helpers_test.rb

@@ -1,4 +1,5 @@
 require 'test_plugin_helper'
+require 'digest'
 
 class FactHelpersTest < ActiveSupport::TestCase
   class FactsHelpersTestStub
@@ -29,7 +30,7 @@ class FactHelpersTest < ActiveSupport::TestCase
 
   test 'obfuscates ips with insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
       '[{"obfuscated": "10.230.230.1", "original": "224.0.0.1"}, {"obfuscated": "10.230.230.255", "original": "224.0.0.251"}]'
     )
 
@@ -41,11 +42,275 @@ class FactHelpersTest < ActiveSupport::TestCase
 
   test 'obfuscates ips without insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(nil)
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
 
     actual = @instance.obfuscated_ips(host)
 
     assert_equal '10.230.230.1', actual['224.0.0.1']
     assert_equal '10.230.230.2', actual['224.0.0.2']
   end
+
+  describe 'obfuscate_hostname?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(true)
+      host = mock('host')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      assert result
+    end
+
+    test 'returns false when global setting is disabled and no host-specific setting' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns(nil)
+
+      result = @instance.obfuscate_hostname?(host)
+
+      refute result
+    end
+
+    test 'returns true when host-specific setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('true')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      assert result
+    end
+
+    test 'returns false when host-specific setting is disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('false')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      refute result
+    end
+  end
+
+  describe 'fqdn' do
+    test 'returns original fqdn when obfuscation is disabled' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(false)
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'test.example.com', result
+    end
+
+    test 'returns obfuscated hostname from insights_client fact when available' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').once
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "test.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'abc123.example.com', result
+    end
+
+    test 'returns dynamically obfuscated hostname when insights_client fact is not available' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(nil)
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+
+    test 'returns dynamically obfuscated hostname when insights_client fact does not contain matching host' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').twice
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "other.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+      @instance.expects(:obfuscate_fqdn).with('test.example.com').returns('dynamically_obfuscated.example.com')
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'dynamically_obfuscated.example.com', result
+    end
+
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('invalid json')
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('[]')
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+  end
+
+  describe 'obfuscate_ips?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(true)
+      host = mock('host')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns false when global setting is disabled and no host-specific settings' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+
+      result = @instance.obfuscate_ips?(host)
+
+      refute result
+    end
+
+    test 'returns true when host-specific IPv4 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns true when host-specific IPv6 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns true when both IPv4 and IPv6 settings are enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns false when both IPv4 and IPv6 settings are disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('false')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('false')
+
+      result = @instance.obfuscate_ips?(host)
+
+      refute result
+    end
+  end
+
+  describe 'obfuscate_ip' do
+    test 'generates first IP when no existing obfuscated IPs' do
+      ips_dict = {}
+
+      result = @instance.obfuscate_ip('192.168.1.1', ips_dict)
+
+      assert_equal '10.230.230.1', result
+    end
+
+    test 'generates next sequential IP when existing obfuscated IPs present' do
+      ips_dict = { '192.168.1.1' => '10.230.230.5', '192.168.1.2' => '10.230.230.10' }
+
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+
+      assert_equal '10.230.230.11', result
+    end
+
+    test 'handles mixed IP ranges correctly' do
+      ips_dict = { '192.168.1.1' => '10.230.230.255', '192.168.1.2' => '10.230.230.1' }
+
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+
+      assert_equal '10.230.231.0', result
+    end
+
+    test 'generates valid IP addresses' do
+      ips_dict = {}
+
+      result = @instance.obfuscate_ip('any.ip.address', ips_dict)
+
+      assert_match(/\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/, result)
+      assert_nothing_raised { IPAddr.new(result) }
+    end
+  end
+
+  describe 'obfuscated_ips' do
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('invalid json')
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('[]')
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+
+    test 'preserves existing obfuscated IPs and generates new ones' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
+        '[{"original": "192.168.1.1", "obfuscated": "10.230.230.5"}]'
+      )
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.5', result['192.168.1.1']
+      assert_equal '10.230.230.6', result['192.168.1.2']
+    end
+
+    test 'default_proc generates unique sequential IPs' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
+
+      result = @instance.obfuscated_ips(host)
+
+      ip1 = result['192.168.1.1']
+      ip2 = result['192.168.1.2']
+      ip3 = result['192.168.1.3']
+
+      assert_equal '10.230.230.1', ip1
+      assert_equal '10.230.230.2', ip2
+      assert_equal '10.230.230.3', ip3
+    end
+  end
 end

data/test/unit/rh_cloud_http_proxy_test.rb

@@ -4,6 +4,7 @@ class RhCloudHttpProxyTest < ActiveSupport::TestCase
   setup do
     @global_content_proxy_mock = 'http://global:content@localhost:80'
     @global_foreman_proxy_mock = 'http://global:foreman@localhost:80'
+    ForemanRhCloud.stubs(:with_local_advisor_engine?).returns(false)
   end
 
   test 'selects global content proxy' do
@@ -18,6 +19,13 @@ class RhCloudHttpProxyTest < ActiveSupport::TestCase
     assert_equal @global_foreman_proxy_mock, ForemanRhCloud.proxy_setting
   end
 
+  test 'returns empty string in on-prem setup' do
+    ForemanRhCloud.unstub(:with_local_advisor_engine?)
+    ForemanRhCloud.stubs(:with_local_advisor_engine?).returns(true)
+
+    assert_empty ForemanRhCloud.proxy_setting
+  end
+
   def setup_global_content_proxy
     http_proxy = FactoryBot.create(:http_proxy, url: @global_content_proxy_mock)
     HttpProxy.stubs(:default_global_content_proxy).returns(http_proxy)

data/test/unit/services/foreman_rh_cloud/cloud_request_forwarder_test.rb

@@ -3,6 +3,7 @@ require 'puma/null_io'
 
 class CloudRequestForwarderTest < ActiveSupport::TestCase
   include MockCerts
+  include KatelloCVEHelper
 
   setup do
     @forwarder = ::ForemanRhCloud::CloudRequestForwarder.new
@@ -10,6 +11,22 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
     ForemanRhCloud.stubs(:base_url).returns('https://cloud.example.com')
     ForemanRhCloud.stubs(:cert_base_url).returns('https://cert.cloud.example.com')
     ForemanRhCloud.stubs(:legacy_insights_url).returns('https://cert-api.access.example.com')
+
+    UpstreamOnlySettingsTestHelper.set_if_available('allow_multiple_content_views')
+    env = FactoryBot.create(:katello_k_t_environment)
+    env2 = FactoryBot.create(:katello_k_t_environment, organization: env.organization)
+
+    @host = FactoryBot.create(
+      :host,
+      :with_subscription,
+      :with_content,
+      :with_hostgroup,
+      :with_parameter,
+      content_view_environments: [make_cve(lifecycle_environment: env), make_cve(lifecycle_environment: env2)],
+      organization: env.organization
+    )
+
+    @host.subscription_facet.pools << FactoryBot.create(:katello_pool, account_number: '5678', cp_id: 1)
   end
 
   test 'should prepare correct cloud url' do
@@ -150,7 +167,7 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
       'action_dispatch.request.query_parameters' => params
     )
 
-    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, generate_certs_hash)
+    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, generate_certs_hash, @host)
 
     assert_match /foo/, actual[:headers][:user_agent]
     assert_match /bar/, actual[:headers][:user_agent]
@@ -175,7 +192,7 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
       'action_dispatch.request.query_parameters' => params
     )
 
-    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, generate_certs_hash)
+    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, generate_certs_hash, @host)
 
     assert_match /text\/html/, actual[:headers][:content_type]
   end