foreman_rh_cloud 12.1.3 → 12.1.5

data/lib/foreman_inventory_upload/generators/fact_helpers.rb

@@ -57,17 +57,39 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_hostname?(host)
+        # Returns true if hostname obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for hostname obfuscation.
+        return true if Setting[:obfuscate_inventory_hostnames]
+
         insights_client_setting = fact_value(host, 'insights_client::obfuscate_hostname_enabled')
         insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
 
-        Setting[:obfuscate_inventory_hostnames]
+        # 2. host fact reported by insights_client
+        # 3. if neither of the above, don't obfuscate.
+        insights_client_setting.nil? ? false : insights_client_setting
       end
 
       def fqdn(host)
-        return host.fqdn unless obfuscate_hostname?(host)
-
-        fact_value(host, 'insights_client::hostname') || obfuscate_fqdn(host.fqdn)
+        if obfuscate_hostname?(host)
+          # If obfuscation is enabled, attempt to retrieve an already obfuscated hostname
+          # from the 'insights_client::obfuscated_hostname' fact.
+          # Example format of `parsed_insights_array`:
+          # [{"original"=>"host.example.com", "obfuscated"=>"0dd449d0a027.example.com"},
+          #  {"original"=>"satellite.example.com", "obfuscated"=>"host2.example.com"}]
+          begin
+            parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_hostname') || '[]')
+          rescue JSON::ParserError
+            parsed_insights_array = []
+          end
+          # Obfuscate using the following hierarchy:
+          # 1. the obfuscated_hostname fact sent by insights_client
+          parsed_insights_item = parsed_insights_array.find { |item| item['original'] == host.fqdn }
+          # 2. our own helper method
+          parsed_insights_item&.[]('obfuscated') || obfuscate_fqdn(host.fqdn)
+        else
+          # If hostname obfuscation is not enabled for this host, return the host's original FQDN.
+          host.fqdn
+        end
       end
 
       def obfuscate_fqdn(fqdn)
@@ -75,35 +97,65 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_ips?(host)
-        insights_client_setting = fact_value(host, 'insights_client::obfuscate_ip_enabled')
-        insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
+        # Returns true if IP obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for IP obfuscation.
+        return true if Setting[:obfuscate_inventory_ips]
 
-        Setting[:obfuscate_inventory_ips]
+        insights_client_ipv4_setting = fact_value(host, 'insights_client::obfuscate_ipv4_enabled')
+        insights_client_ipv6_setting = fact_value(host, 'insights_client::obfuscate_ipv6_enabled')
+
+        cast_ipv4_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv4_setting)
+        cast_ipv6_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv6_setting)
+
+        # 2. The host's IPv4 or IPv6 obfuscation fact value is true
+        # 3. If neither of the above, don't obfuscate.
+        cast_ipv4_setting || cast_ipv6_setting || false
       end
 
       def host_ips(host)
+        # Determines and returns the IP addresses associated with a host, applying obfuscation if enabled.
+
+        # If IP obfuscation is enabled for the host return a representation of obfuscated IP addresses.
         return obfuscated_ips(host) if obfuscate_ips?(host)
 
-        # return a pass through proxy hash in case no obfuscation needed
+        # If IP obfuscation is NOT needed, return a special kind of Hash.
+        # where when you try to access a key in it
+        # if the key doesn't exist, it simply returns the key itself.
+        # This is useful because it means if you try to get an IP from this hash,
+        # you'll just get the original IP back. It allows the calling code to
+        # use the same interface whether obfuscation is applied or not.
         Hash.new { |h, k| k }
       end
 
       def obfuscated_ips(host)
-        insights_client_ips = JSON.parse(fact_value(host, 'insights_client::ips') || '[]')
+        # Example format of `parsed_insights_array`:
+        # [{"original": "192.168.1.10", "obfuscated": "10.230.230.1"},
+        #  {"original": "192.168.1.11", "obfuscated": "10.230.230.2"}]
+        begin
+          parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_ipv4') || '[]')
+        rescue JSON::ParserError
+          parsed_insights_array = []
+        end
 
+        # Create a new Hash to store the mapping from original IP addresses to their obfuscated versions.
+        # where the 'original' IP is the key and the 'obfuscated' IP is the value.
         obfuscated_ips = Hash[
-          insights_client_ips.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
+          parsed_insights_array.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
         ]
 
+        # Sets a default proc for the obfuscated_ips hash.
+        # When a key is accessed that does not exist in the hash, this proc is called.
+        # It assigns the result of obfuscate_ip(key, hash) to the missing key in the hash.
+        # This ensures that any missing IP address key will be obfuscated and stored automatically.
         obfuscated_ips.default_proc = proc do |hash, key|
           hash[key] = obfuscate_ip(key, hash)
         end
-
         obfuscated_ips
       end
 
       def obfuscate_ip(ip, ips_dict)
+        # Produce a new, unique obfuscated IP that is
+        # numerically one greater than the highest existing obfuscated IP
         max_obfuscated = ips_dict.values.map { |v| IPAddr.new(v).to_i }.max || IPAddr.new('10.230.230.0').to_i
 
         IPAddr.new(max_obfuscated + 1, Socket::AF_INET).to_s

data/lib/foreman_inventory_upload/generators/queries.rb

@@ -26,9 +26,11 @@ module ForemanInventoryUpload
               'dmi::system::product_name',
               'dmi::chassis::asset_tag',
               'insights_client::obfuscate_hostname_enabled',
-              'insights_client::obfuscate_ip_enabled',
-              'insights_client::hostname',
-              'insights_client::ips',
+              'insights_client::obfuscate_ipv4_enabled',
+              'insights_client::obfuscate_ipv6_enabled',
+              'insights_client::obfuscated_ipv4',
+              'insights_client::obfuscated_ipv6',
+              'insights_client::obfuscated_hostname',
               'insights_id',
               'conversions::activity',
               'conversions::packages::0::nevra',
@@ -58,8 +60,8 @@ module ForemanInventoryUpload
           )
       end
 
-      def self.for_org(organization_id, use_batches: true)
-        base_query = for_slice(Host.unscoped.where(organization_id: organization_id))
+      def self.for_org(organization_id, use_batches: true, hosts_query: '')
+        base_query = for_slice(Host.unscoped.where(organization_id: organization_id).search_for(hosts_query))
         use_batches ? base_query.in_batches(of: ForemanInventoryUpload.slice_size) : base_query
       end
     end

data/lib/foreman_inventory_upload/generators/slice.rb

@@ -190,7 +190,6 @@ module ForemanInventoryUpload
         ) { |v| os_release_value(*v) }
         @stream.simple_field('os_kernel_version', fact_value(host, 'uname::release'))
         @stream.simple_field('arch', host.architecture&.name)
-        @stream.simple_field('katello_agent_running', false)
         @stream.simple_field(
           'infrastructure_type',
           ActiveModel::Type::Boolean.new.cast(fact_value(host, 'virt::is_guest')) ? 'virtual' : 'physical'

data/lib/foreman_inventory_upload.rb

@@ -52,8 +52,8 @@ module ForemanInventoryUpload
     'uploader.sh'
   end
 
-  def self.facts_archive_name(organization)
-    "report_for_#{organization}.tar.xz"
+  def self.facts_archive_name(organization, filter = nil)
+    "report_for_#{organization}#{filter.empty? ? nil : "[#{filter.to_s.parameterize}]"}.tar.xz"
   end
 
   def self.upload_url

data/lib/foreman_rh_cloud/engine.rb

@@ -84,6 +84,7 @@ module ForemanRhCloud
                 '/foreman_rh_cloud/insights_cloud': [:index], # for bookmarks and later for showing the page
                 'insights_cloud/hits': [:index, :show, :auto_complete_search, :resolutions],
                 'insights_cloud/settings': [:index, :show],
+                'insights_cloud/ui_requests': [:forward_request],
                 'react': [:index],
               },
               :resource_type => ::InsightsHit.name
@@ -114,8 +115,7 @@ module ForemanRhCloud
               caption: N_('Inventory Upload'),
               url: '/foreman_rh_cloud/inventory_upload',
               url_hash: { controller: :react, action: :index },
-              parent: :insights_menu,
-              if: -> { !ForemanRhCloud.with_local_advisor_engine? }
+              parent: :insights_menu
             menu :top_menu, :insights_hits, caption: N_('Recommendations'), url: '/foreman_rh_cloud/insights_cloud', url_hash: { controller: :react, action: :index }, parent: :insights_menu
             menu :top_menu,
               :insights_vulnerability,
@@ -165,6 +165,8 @@ module ForemanRhCloud
         ::Katello::UINotifications::Subscriptions::ManifestImportSuccess.include ForemanInventoryUpload::Notifications::ManifestImportSuccessNotificationOverride if defined?(Katello)
 
         ::Host::Managed.include RhCloudHost
+
+        ::Katello::Api::Rhsm::CandlepinDynflowProxyController.include InsightsCloud::PackageProfileUploadExtensions
       end
     end
 
@@ -198,7 +200,7 @@ module ForemanRhCloud
       RemoteExecutionFeature.register(
         :rh_cloud_connector_run_playbook,
         N_('Run RH Cloud playbook'),
-        description: N_('Run playbook genrated by Red Hat remediations app'),
+        description: N_('Run playbook generated by Red Hat remediations app'),
         host_action_button: false,
         provided_inputs: ['playbook_url', 'report_url', 'correlation_id', 'report_interval']
       )

data/lib/foreman_rh_cloud/version.rb

@@ -1,3 +1,3 @@
 module ForemanRhCloud
-  VERSION = '12.1.3'.freeze
+  VERSION = '12.1.5'.freeze
 end

data/lib/insights_cloud.rb

@@ -21,6 +21,14 @@ module InsightsCloud
     ForemanRhCloud.cert_base_url + '/api/remediations/v1/playbook'
   end
 
+  def self.gateway_url
+    ForemanRhCloud.cert_base_url
+  end
+
+  def self.ui_base_url
+    InsightsCloud.gateway_url
+  end
+
   def self.remediation_rule_id(rule_id)
     "advisor:#{rule_id}"
   end

data/lib/inventory_sync/async/inventory_hosts_sync.rb

@@ -8,6 +8,8 @@ module InventorySync
       set_callback :step, :around, :create_missing_hosts
 
       def plan(organizations)
+        # Do not run for local advisor, since we use sub-man id to identify hosts.
+        return if ForemanRhCloud.with_local_advisor_engine?
         # by default the tasks will be executed concurrently
         super(organizations)
         plan_self_host_sync

data/lib/tasks/rh_cloud_inventory.rake

@@ -26,6 +26,7 @@ namespace :rh_cloud_inventory do
     task generate: :environment do
       organizations = [ENV['organization_id']]
       base_folder = ENV['target'] || Dir.pwd
+      filter = ENV['hosts_filter']
 
       unless File.writable?(base_folder)
         puts "#{base_folder} is not writable by the current process"
@@ -40,9 +41,9 @@ namespace :rh_cloud_inventory do
 
       User.as_anonymous_admin do
         organizations.each do |organization|
-          target = File.join(base_folder, ForemanInventoryUpload.facts_archive_name(organization))
+          target = File.join(base_folder, ForemanInventoryUpload.facts_archive_name(organization, filter))
           archived_report_generator = ForemanInventoryUpload::Generators::ArchivedReport.new(target, Logger.new(STDOUT))
-          archived_report_generator.render(organization: organization)
+          archived_report_generator.render(organization: organization, filter: filter)
           puts "Successfully generated #{target} for organization id #{organization}"
         end
       end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_rh_cloud",
-  "version": "12.1.3",
+  "version": "12.1.5",
   "description": "Inventory Upload =============",
   "main": "index.js",
   "scripts": {
@@ -21,6 +21,10 @@
   "peerDependencies": {
     "@theforeman/vendor": ">= 15.0.1"
   },
+  "dependencies": {
+    "@scalprum/react-core": "^0.9.3",
+    "@scalprum/core": "^0.8.1"
+  },
   "devDependencies": {
     "@babel/core": "^7.7.0",
     "@theforeman/builder": ">= 15.0.1",

data/test/controllers/insights_cloud/ui_requests_controller_test.rb

@@ -0,0 +1,169 @@
+require 'test_plugin_helper'
+require 'rest-client'
+
+module InsightsCloud
+  class UIRequestsControllerTest < ActionController::TestCase
+    include KatelloCVEHelper
+
+    setup do
+      FactoryBot.create(:common_parameter, name: InsightsCloud.enable_client_param, key_type: 'boolean', value: true)
+    end
+
+    context '#forward_request' do
+      include MockCerts
+
+      setup do
+        @body = 'Cloud response body'
+        @http_req = RestClient::Request.new(:method => 'GET', :url => 'http://test.theforeman.org')
+
+        @org = FactoryBot.create(:organization)
+        @loc = FactoryBot.create(:location)
+        host = FactoryBot.create(:host, :with_subscription, :organization => @org)
+        User.current = ::Katello::CpConsumerUser.new(:uuid => host.subscription_facet.uuid, :login => host.subscription_facet.uuid)
+        InsightsCloud::UIRequestsController.any_instance.stubs(:upstream_owner).returns({ 'uuid' => 'abcdefg' })
+        ForemanRhCloud::TagsAuth.any_instance.stubs(:execute_cloud_request)
+
+        setup_certs_expectation do
+          ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:foreman_certificates)
+        end
+      end
+
+      test "should respond with response from cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp.add_field 'Set-Cookie', 'Monster'
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal @body, @response.body
+      end
+
+      test "should handle timeout from cloud" do
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.
+          stubs(:forward_request).
+          raises(RestClient::Exceptions::OpenTimeout.new("Timed out connecting to server"))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        request_response = JSON.parse(@response.body)
+        # I can't get @response.status to take a nil value so I'm not asserting for that
+
+        assert_equal 'Timed out connecting to server', request_response['error']
+      end
+
+      test "should add headers to response from cloud" do
+        x_resource_count = '101'
+        x_rh_insights_request_id = '202'
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp['x_resource_count'] = x_resource_count
+        net_http_resp['x_rh_insights_request_id'] = x_rh_insights_request_id
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal x_resource_count, @response.headers['x-resource-count']
+        assert_equal x_rh_insights_request_id, @response.headers['x_rh_insights_request_id']
+      end
+
+      test "should extract path from original_fullpath when URL starts with insights_cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        # Simulate a request with insights_cloud in the path
+        @request.stubs(:original_fullpath).returns('/insights_cloud/api/vulnerability/v1/cves?search=test')
+
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder
+          .any_instance
+          .expects(:forward_request)
+          .returns(res)
+          .with { |_, path_to_forward| _(path_to_forward).must_equal('api/vulnerability/v1/cves') }
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+
+        assert_equal @body, @response.body
+      end
+
+      test "should set etag header to response from cloud" do
+        etag = '12345'
+        req = RestClient::Request.new(:method => 'GET', :url => 'http://test.theforeman.org', :headers => { "If-None-Match": etag })
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp[Rack::ETAG] = etag
+        res = RestClient::Response.create(@body, net_http_resp, req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal etag, @response.headers[Rack::ETAG]
+      end
+
+      test "should set content type header to response from cloud" do
+        req = RestClient::Request.new(:method => 'GET', :url => 'http://test.theforeman.org')
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp[:content_type] = 'application/zip'
+        res = RestClient::Response.create(@body, net_http_resp, req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal net_http_resp[:content_type], @response.headers['Content-Type']
+      end
+
+      test "should handle StandardError" do
+        error_message = "Connection refused"
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(Errno::ECONNREFUSED.new)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 502, @response.status
+        body = JSON.parse(@response.body)
+        assert_equal error_message, body['error']
+      end
+
+      test "should handle 304 cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 304, "Not Modified")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::NotModified.new(res))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 304, @response.status
+        assert_equal 'Cloud request not modified', JSON.parse(@response.body)['message']
+      end
+
+      test "should handle RestClient::Exceptions::Timeout" do
+        timeout_message = "execution expired"
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::Exceptions::Timeout.new(timeout_message))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 504, @response.status
+        body = JSON.parse(@response.body)
+        assert_equal timeout_message, body['message']
+        assert_equal timeout_message, body['error']
+      end
+
+      test "should handle failed authentication to cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 401, "Unauthorized")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::Unauthorized.new(res))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 401, @response.status
+        assert_equal 'Authentication to the Insights Service failed.', JSON.parse(@response.body)['message']
+      end
+
+      test "should forward errors to the client" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 500, "TEST_RESPONSE")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::InternalServerError.new(res))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 500, @response.status
+        assert_equal 'Cloud request failed', JSON.parse(@response.body)['message']
+        assert_match(/#{@body}/, JSON.parse(@response.body)['response'])
+      end
+    end
+
+    def set_session
+      set_session_user.merge(
+        organization_id: @org.id,
+        location_id: @loc.id
+      )
+    end
+  end
+end

data/test/unit/archived_report_generator_test.rb

@@ -50,7 +50,7 @@ class ArchivedReportGeneratorTest < ActiveSupport::TestCase
     batches = Host.where(id: @host.id).in_batches
     test_org = FactoryBot.create(:organization)
 
-    ForemanInventoryUpload::Generators::Queries.expects(:for_org).with(test_org.id).returns(batches)
+    ForemanInventoryUpload::Generators::Queries.expects(:for_org).with(test_org.id, hosts_query: '').returns(batches)
     ForemanInventoryUpload::Generators::Slice.any_instance.stubs(:golden_ticket?).returns(false)
     Dir.mktmpdir do |tmpdir|
       target = File.join(tmpdir, 'test.tar.gz')