foreman_rh_cloud 12.1.4 → 12.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ed52afd2a65d3cc87c3ae660716ca1044af88b359f84f108cbe005c01a37a42
-  data.tar.gz: b00def287ae973805693edaf6b9eb13e72846992bcb7e5432073ff722458d565
+  metadata.gz: 32fdc4ecba1d5949bce50e394de7cdd097697902c8ba47f47b14e26c96e44881
+  data.tar.gz: 0de08119aa42cce06a73dd7bce46d730e023d40b7f54b621cb6a3cef50fb0b63
 SHA512:
-  metadata.gz: 3ba0a99ac74b2b311f3569cc6dee79a5043be05abdfe41ca25e36f9c4a6e1d903732e8e38ae580c01634842ec493e8ab350f0b3d04b680e032aba9e730bd1935
-  data.tar.gz: 147d7da2c6352b9333bf1a5c8537c1468d2246d7bd656846ff515170b7c3841c55c73ae4e7fef690c39f56d893721efa994e271b4214d154f9542e03da43c808
+  metadata.gz: 03ad7ffd1b43db38bdd6762d01b1bd88e7404702a43cd7be626a72892e73f498c990eab3a4cc1037fe63393cdc87d460cd1b87fa7770749e87b9e9a2bf949418
+  data.tar.gz: 403935258065a6cc0755b0d71ed9c3fa6a8652c59264c85da213aa21471d93af5efcde6a829f0e1606d949474b41ab6eaa7b9c573b0ecc74393dce786795f01f

data/app/controllers/insights_cloud/api/machine_telemetries_controller.rb

@@ -15,9 +15,8 @@ module InsightsCloud::Api
 
     # The method that "proxies" requests over to Cloud
     def forward_request
-      certs = candlepin_id_cert @organization
       begin
-        @cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, certs, @host)
+        @cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, @host)
       rescue RestClient::Exceptions::Timeout => e
         response_obj = e.response.presence || e.exception
         return render json: { message: response_obj.to_s, error: response_obj.to_s }, status: :gateway_timeout

data/app/controllers/insights_cloud/ui_requests_controller.rb

@@ -0,0 +1,99 @@
+module InsightsCloud
+  class UIRequestsController < ::ApplicationController
+    layout false
+
+    before_action :ensure_org, :ensure_loc, :only => [:forward_request]
+
+    # The method that "proxies" requests over to Cloud
+    def forward_request
+      begin
+        path_match = request.original_fullpath.match(%r{^/insights_cloud/(?<path>[^?]*)})&.[](:path)
+        path_to_forward = path_match || params.require(:path)
+
+        @cloud_response = ::ForemanRhCloud::InsightsApiForwarder.new.forward_request(
+          request,
+          path_to_forward,
+          controller_name,
+          User.current,
+          @organization,
+          @location
+        )
+      rescue RestClient::Exceptions::Timeout => e
+        response_obj = e.response.presence || e.exception
+        return render json: { message: response_obj.to_s, error: response_obj.to_s }, status: :gateway_timeout
+      rescue RestClient::Unauthorized => e
+        logger.warn("Forwarding request auth error: #{e}")
+        message = 'Authentication to the Insights Service failed.'
+        return render json: { message: message, error: message }, status: :unauthorized
+      rescue RestClient::NotModified => e
+        logger.info("Forwarding request not modified: #{e}")
+        message = 'Cloud request not modified'
+        return render json: { message: message, error: message }, status: :not_modified
+      rescue RestClient::ExceptionWithResponse => e
+        response_obj = e.response.presence || e.exception
+        code = response_obj.try(:code) || response_obj.try(:http_code) || 500
+        message = 'Cloud request failed'
+
+        return render json: {
+          :message => message,
+          :error => response_obj.to_s,
+          :headers => {},
+          :response => response_obj,
+        }, status: code
+      rescue StandardError => e
+        # Catch any other exceptions here, such as Errno::ECONNREFUSED
+        logger.warn("Cloud request failed with exception: #{e}")
+        return render json: { error: e.to_s }, status: :bad_gateway
+      end
+
+      # Append redhat-specific headers
+      @cloud_response.headers.each do |key, _value|
+        assign_header(response, @cloud_response, key, false) if key.to_s.start_with?('x_rh_')
+      end
+
+      # Append general headers
+      assign_header(response, @cloud_response, :x_resource_count, true)
+      headers[Rack::ETAG] = @cloud_response.headers[:etag]
+
+      if @cloud_response.headers[:content_disposition]
+        # If there is a Content-Disposition header, it means we are forwarding binary data, send the raw data with proper
+        # content type
+        send_data @cloud_response, disposition: @cloud_response.headers[:content_disposition], type: @cloud_response.headers[:content_type]
+      elsif @cloud_response.headers[:content_type] =~ /zip/
+        # If there is no Content-Disposition, but the content type is binary according to Content-Type, send the raw data
+        # with proper content type
+        send_data @cloud_response, type: @cloud_response.headers[:content_type]
+      else
+        render json: @cloud_response, status: @cloud_response.code
+      end
+    end
+
+    def assign_header(res, cloud_res, header, transform)
+      header_content = cloud_res.headers[header]
+      return unless header_content
+      new_header = transform ? header.to_s.tr('_', '-') : header.to_s
+      res.headers[new_header] = header_content
+    end
+
+    private
+
+    def ensure_org
+      @organization = Organization.current
+      return render_message 'Organization not found or invalid', :status => 400 unless @organization
+    end
+
+    def ensure_loc
+      @location = Location.current
+      return render_message 'Location not found or invalid', :status => 400 unless @location
+    end
+
+    def base_url
+      InsightsCloud.ui_base_url
+    end
+
+    def render_message(msg, render_options = {})
+      render_options[:json] = { :message => msg }
+      render render_options
+    end
+  end
+end

data/app/services/foreman_rh_cloud/cloud_request_forwarder.rb

@@ -3,8 +3,9 @@ require 'rest-client'
 module ForemanRhCloud
   class CloudRequestForwarder
     include ForemanRhCloud::CloudRequest
+    include ForemanRhCloud::CertAuth
 
-    def forward_request(original_request, controller_name, branch_id, certs, host)
+    def forward_request(original_request, controller_name, branch_id, host)
       forward_params = prepare_forward_params(original_request, branch_id)
       logger.debug("Request parameters for telemetry request: #{forward_params}")
 
@@ -12,14 +13,15 @@ module ForemanRhCloud
 
       logger.debug("User agent for telemetry is: #{http_user_agent original_request}")
 
-      request_opts = prepare_request_opts(original_request, forward_payload, forward_params, certs, host)
+      request_opts = prepare_request_opts(original_request, forward_payload, forward_params, host)
+      request_opts[:organization] = host.organization
 
       logger.debug("Sending request to: #{request_opts[:url]}")
 
       execute_cloud_request(request_opts)
     end
 
-    def prepare_request_opts(original_request, forward_payload, forward_params, certs, host)
+    def prepare_request_opts(original_request, forward_payload, forward_params, host)
       base_params = {
         method: original_request.method,
         payload: forward_payload,
@@ -33,7 +35,7 @@ module ForemanRhCloud
         ),
       }
       requested_url = original_request.original_fullpath.end_with?('/') ? original_request.path + '/' : original_request.path
-      params = path_params(requested_url, certs)
+      params = path_params(requested_url)
 
       if ForemanRhCloud.with_local_advisor_engine?
         params[:ssl_ca_file] = ForemanRhCloud.ca_cert
@@ -66,31 +68,23 @@ module ForemanRhCloud
       forward_params
     end
 
-    def path_params(request_path, certs)
+    def path_params(request_path)
       case request_path
       when lightspeed?
         {
           url: ForemanRhCloud.cert_base_url + request_path,
-          ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
-          ssl_client_key: OpenSSL::PKey.read(certs[:key]),
         }
       when platform_request?
         {
           url: ForemanRhCloud.cert_base_url + request_path.sub('/redhat_access/r/insights/platform', '/api'),
-          ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
-          ssl_client_key: OpenSSL::PKey.read(certs[:key]),
         }
       when connection_test_request?
         {
           url: ForemanRhCloud.cert_base_url + '/api/apicast-tests/ping',
-          ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
-          ssl_client_key: OpenSSL::PKey.read(certs[:key]),
         }
       else # Legacy insights API
         {
           url: ForemanRhCloud.legacy_insights_url + request_path.sub('/redhat_access/r/insights', '/r/insights'),
-          ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
-          ssl_client_key: OpenSSL::PKey.read(certs[:key]),
           ssl_ca_file: ForemanRhCloud.legacy_insights_ca,
         }
       end

data/app/services/foreman_rh_cloud/gateway_request.rb

@@ -0,0 +1,26 @@
+module ForemanRhCloud
+  module GatewayRequest
+    extend ActiveSupport::Concern
+
+    include CloudRequest
+
+    def execute_cloud_request(params)
+      certs = params.delete(:certs) || foreman_certificates
+      final_params = {
+        ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
+        ssl_client_key: OpenSSL::PKey.read(certs[:key]),
+        ssl_ca_file: Setting[:ssl_ca_file],
+        verify_ssl: OpenSSL::SSL::VERIFY_PEER,
+      }.deep_merge(params)
+
+      super(final_params)
+    end
+
+    def foreman_certificates
+      {
+        cert: File.read(Setting[:ssl_certificate]),
+        key: File.read(Setting[:ssl_priv_key]),
+      }
+    end
+  end
+end

data/app/services/foreman_rh_cloud/insights_api_forwarder.rb

@@ -0,0 +1,116 @@
+require 'rest-client'
+
+module ForemanRhCloud
+  class InsightsApiForwarder
+    include ForemanRhCloud::GatewayRequest
+
+    SCOPED_REQUESTS = [
+      %r{/api/vulnerability/v1/vulnerabilities/cves},
+      %r{/api/vulnerability/v1/dashbar},
+      %r{/api/vulnerability/v1/cves/[^/]+/affected_systems},
+      %r{/api/vulnerability/v1/systems/[^/]+/cves},
+      %r{/api/insights/.*},
+      %r{/api/inventory/.*},
+      %r{/api/tasks/.*},
+    ].freeze
+
+    def forward_request(original_request, path, controller_name, user, organization, location)
+      TagsAuth.new(user, organization, location, logger).update_tag if scope_request?(original_request, path)
+
+      forward_params = prepare_forward_params(original_request, path, user: user, organization: organization, location: location).to_a
+      logger.debug("Request parameters for UI request: #{forward_params}")
+
+      forward_payload = prepare_forward_payload(original_request, controller_name)
+
+      logger.debug("User agent for UI is: #{http_user_agent(original_request)}")
+
+      request_opts = prepare_request_opts(original_request, path, forward_payload, forward_params)
+
+      logger.debug("Sending request to: #{request_opts[:url]}")
+
+      execute_cloud_request(request_opts)
+    end
+
+    def prepare_tags(user, organization, location)
+      [
+        TagsAuth.auth_tag_for(user, organization, location),
+      ].map { |tag_value| [:tag, tag_value] }
+    end
+
+    def prepare_request_opts(original_request, path, forward_payload, forward_params)
+      base_params = {
+        method: original_request.method,
+        payload: forward_payload,
+        headers: original_headers(original_request).merge(
+          {
+            params: RestClient::ParamsArray.new(forward_params),
+            user_agent: http_user_agent(original_request),
+            content_type: original_request.media_type.presence || original_request.format.to_s,
+          }
+        ),
+      }
+      params = path_params(path)
+
+      base_params.merge(params)
+    end
+
+    def prepare_forward_payload(original_request, controller_name)
+      forward_payload = original_request.request_parameters[controller_name]
+
+      forward_payload = original_request.raw_post.clone if (original_request.post? || original_request.patch?) && original_request.raw_post
+      forward_payload = original_request.body.read if original_request.put?
+
+      forward_payload = original_request.params.slice(:file, :metadata) if original_request.params[:file]
+
+      # fix rails behaviour for http PATCH:
+      forward_payload = forward_payload.to_json if original_request.format.json? && original_request.patch? && forward_payload && !forward_payload.is_a?(String)
+      forward_payload
+    end
+
+    def prepare_forward_params(original_request, path, user:, organization:, location:)
+      forward_params = original_request.query_parameters.to_a
+
+      forward_params += prepare_tags(user, organization, location) if scope_request?(original_request, path)
+
+      forward_params
+    end
+
+    def path_params(path)
+      {
+        url: "#{InsightsCloud.ui_base_url}/#{path}",
+      }
+    end
+
+    def original_headers(original_request)
+      headers = {
+        if_none_match: original_request.if_none_match,
+        if_modified_since: original_request.if_modified_since,
+      }.compact
+
+      logger.debug("Sending headers: #{headers}")
+      headers
+    end
+
+    def scope_request?(original_request, path)
+      return false unless original_request.get?
+
+      SCOPED_REQUESTS.any? { |request_pattern| request_pattern.match?(path) }
+    end
+
+    def core_app_name
+      BranchInfo.new.core_app_name
+    end
+
+    def core_app_version
+      BranchInfo.new.core_app_version
+    end
+
+    def http_user_agent(original_request)
+      "#{core_app_name}/#{core_app_version};#{ForemanRhCloud::Engine.engine_name}/#{ForemanRhCloud::VERSION};#{original_request.env['HTTP_USER_AGENT']}"
+    end
+
+    def logger
+      Foreman::Logging.logger('app')
+    end
+  end
+end

data/app/services/foreman_rh_cloud/tags_auth.rb

@@ -0,0 +1,55 @@
+module ForemanRhCloud
+  class TagsAuth
+    include GatewayRequest
+
+    TAG_NAMESPACE = 'sat_iam'.freeze
+    TAG_SHORT_NAME = 'scope'.freeze
+    TAG_NAME = "#{TAG_NAMESPACE}/#{TAG_SHORT_NAME}".freeze
+
+    def self.auth_tag_for(user, org, loc)
+      new(user, org, loc, nil).auth_tag
+    end
+
+    attr_reader :logger
+
+    def initialize(user, org, loc, logger)
+      @user = user
+      @org = org
+      @loc = loc
+      @logger = logger
+    end
+
+    def update_tag
+      logger.debug("Updating tags for user: #{@user}, org: #{@org.name}, loc: #{@loc.name}")
+
+      params = {
+        method: :post,
+        url: "#{InsightsCloud.gateway_url}/tags",
+        headers: {
+          content_type: :json,
+        },
+        payload: tags_query_payload.to_json,
+      }
+      execute_cloud_request(params)
+    end
+
+    def allowed_hosts
+      Host.authorized_as(@user, nil, nil).where(organization: @org, location: @loc).joins(:subscription_facet).pluck('katello_subscription_facets.uuid')
+    end
+
+    def tags_query_payload
+      {
+        tags: [{ "namespace": TAG_NAMESPACE, "key": TAG_SHORT_NAME, "value": tag_value }],
+        host_id_list: allowed_hosts,
+      }
+    end
+
+    def tag_value
+      "U:\"#{@user.login}\"O:\"#{@org.name}\"L:\"#{@loc.name}\""
+    end
+
+    def auth_tag
+      "#{TAG_NAME}=#{tag_value}"
+    end
+  end
+end

data/config/routes.rb

@@ -30,14 +30,21 @@ Rails.application.routes.draw do
     match 'hits/:host_id', to: 'hits#show', via: :get
 
     post ':organization_id/parameter', to: 'settings#set_org_parameter', constraints: { organization_id: %r{[^\/]+} }
+
+    match '/*path', constraints: { path: %r{api/[^\?]+} }, to: 'ui_requests#forward_request', via: :all
   end
 
   namespace :foreman_rh_cloud do
     unless ForemanRhCloud.with_local_advisor_engine?
       get 'inventory_upload', to: '/react#index'
     end
+    if ForemanRhCloud.with_local_advisor_engine?
+      get 'recommendations', to: '/react#index'
+      get 'recommendations/:rule_id', to: '/react#index'
+    end
     get 'insights_cloud', to: '/react#index' # Uses foreman's react controller
     get 'insights_vulnerability', to: '/react#index'
+    get 'insights_vulnerability/:cve_id', to: '/react#index'
   end
 
   scope :module => :'insights_cloud/api', :path => :redhat_access do

data/lib/foreman_rh_cloud/engine.rb

@@ -84,6 +84,7 @@ module ForemanRhCloud
                 '/foreman_rh_cloud/insights_cloud': [:index], # for bookmarks and later for showing the page
                 'insights_cloud/hits': [:index, :show, :auto_complete_search, :resolutions],
                 'insights_cloud/settings': [:index, :show],
+                'insights_cloud/ui_requests': [:forward_request],
                 'react': [:index],
               },
               :resource_type => ::InsightsHit.name
@@ -199,7 +200,7 @@ module ForemanRhCloud
       RemoteExecutionFeature.register(
         :rh_cloud_connector_run_playbook,
         N_('Run RH Cloud playbook'),
-        description: N_('Run playbook genrated by Red Hat remediations app'),
+        description: N_('Run playbook generated by Red Hat remediations app'),
         host_action_button: false,
         provided_inputs: ['playbook_url', 'report_url', 'correlation_id', 'report_interval']
       )
@@ -228,10 +229,15 @@ module ForemanRhCloud
         Katello::Api::V2::OrganizationsController.before_action(:local_find_taxonomy, only: :download_debug_certificate)
 
         Katello::Api::V2::RepositoriesController.include Foreman::Controller::SmartProxyAuth
+        # patch the callbacks order for :index, since find_product has to run after the user is already initialized
+        Katello::Api::V2::RepositoriesController.skip_before_action(:find_product, only: :index)
+        Katello::Api::V2::RepositoriesController.skip_before_action(:find_optional_organization, only: :index)
         Katello::Api::V2::RepositoriesController.add_smart_proxy_filters(
           :index,
           features: ForemanRhCloud.on_prem_smart_proxy_features
         )
+        Katello::Api::V2::RepositoriesController.before_action(:find_product, only: :index)
+        Katello::Api::V2::RepositoriesController.before_action(:find_optional_organization, only: :index)
       end
     end
 

data/lib/foreman_rh_cloud/version.rb

@@ -1,3 +1,3 @@
 module ForemanRhCloud
-  VERSION = '12.1.4'.freeze
+  VERSION = '12.2.0'.freeze
 end

data/lib/insights_cloud.rb

@@ -21,6 +21,14 @@ module InsightsCloud
     ForemanRhCloud.cert_base_url + '/api/remediations/v1/playbook'
   end
 
+  def self.gateway_url
+    ForemanRhCloud.cert_base_url
+  end
+
+  def self.ui_base_url
+    InsightsCloud.gateway_url
+  end
+
   def self.remediation_rule_id(rule_id)
     "advisor:#{rule_id}"
   end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_rh_cloud",
-  "version": "12.1.4",
+  "version": "12.2.0",
   "description": "Inventory Upload =============",
   "main": "index.js",
   "scripts": {
@@ -21,6 +21,10 @@
   "peerDependencies": {
     "@theforeman/vendor": ">= 15.0.1"
   },
+  "dependencies": {
+    "@scalprum/react-core": "^0.9.3",
+    "@scalprum/core": "^0.8.1"
+  },
   "devDependencies": {
     "@babel/core": "^7.7.0",
     "@theforeman/builder": ">= 15.0.1",

data/test/controllers/insights_cloud/ui_requests_controller_test.rb

@@ -0,0 +1,169 @@
+require 'test_plugin_helper'
+require 'rest-client'
+
+module InsightsCloud
+  class UIRequestsControllerTest < ActionController::TestCase
+    include KatelloCVEHelper
+
+    setup do
+      FactoryBot.create(:common_parameter, name: InsightsCloud.enable_client_param, key_type: 'boolean', value: true)
+    end
+
+    context '#forward_request' do
+      include MockCerts
+
+      setup do
+        @body = 'Cloud response body'
+        @http_req = RestClient::Request.new(:method => 'GET', :url => 'http://test.theforeman.org')
+
+        @org = FactoryBot.create(:organization)
+        @loc = FactoryBot.create(:location)
+        host = FactoryBot.create(:host, :with_subscription, :organization => @org)
+        User.current = ::Katello::CpConsumerUser.new(:uuid => host.subscription_facet.uuid, :login => host.subscription_facet.uuid)
+        InsightsCloud::UIRequestsController.any_instance.stubs(:upstream_owner).returns({ 'uuid' => 'abcdefg' })
+        ForemanRhCloud::TagsAuth.any_instance.stubs(:execute_cloud_request)
+
+        setup_certs_expectation do
+          ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:foreman_certificates)
+        end
+      end
+
+      test "should respond with response from cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp.add_field 'Set-Cookie', 'Monster'
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal @body, @response.body
+      end
+
+      test "should handle timeout from cloud" do
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.
+          stubs(:forward_request).
+          raises(RestClient::Exceptions::OpenTimeout.new("Timed out connecting to server"))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        request_response = JSON.parse(@response.body)
+        # I can't get @response.status to take a nil value so I'm not asserting for that
+
+        assert_equal 'Timed out connecting to server', request_response['error']
+      end
+
+      test "should add headers to response from cloud" do
+        x_resource_count = '101'
+        x_rh_insights_request_id = '202'
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp['x_resource_count'] = x_resource_count
+        net_http_resp['x_rh_insights_request_id'] = x_rh_insights_request_id
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal x_resource_count, @response.headers['x-resource-count']
+        assert_equal x_rh_insights_request_id, @response.headers['x_rh_insights_request_id']
+      end
+
+      test "should extract path from original_fullpath when URL starts with insights_cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        # Simulate a request with insights_cloud in the path
+        @request.stubs(:original_fullpath).returns('/insights_cloud/api/vulnerability/v1/cves?search=test')
+
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder
+          .any_instance
+          .expects(:forward_request)
+          .returns(res)
+          .with { |_, path_to_forward| _(path_to_forward).must_equal('api/vulnerability/v1/cves') }
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+
+        assert_equal @body, @response.body
+      end
+
+      test "should set etag header to response from cloud" do
+        etag = '12345'
+        req = RestClient::Request.new(:method => 'GET', :url => 'http://test.theforeman.org', :headers => { "If-None-Match": etag })
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp[Rack::ETAG] = etag
+        res = RestClient::Response.create(@body, net_http_resp, req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal etag, @response.headers[Rack::ETAG]
+      end
+
+      test "should set content type header to response from cloud" do
+        req = RestClient::Request.new(:method => 'GET', :url => 'http://test.theforeman.org')
+        net_http_resp = Net::HTTPResponse.new(1.0, 200, "OK")
+        net_http_resp[:content_type] = 'application/zip'
+        res = RestClient::Response.create(@body, net_http_resp, req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal net_http_resp[:content_type], @response.headers['Content-Type']
+      end
+
+      test "should handle StandardError" do
+        error_message = "Connection refused"
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(Errno::ECONNREFUSED.new)
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 502, @response.status
+        body = JSON.parse(@response.body)
+        assert_equal error_message, body['error']
+      end
+
+      test "should handle 304 cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 304, "Not Modified")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::NotModified.new(res))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 304, @response.status
+        assert_equal 'Cloud request not modified', JSON.parse(@response.body)['message']
+      end
+
+      test "should handle RestClient::Exceptions::Timeout" do
+        timeout_message = "execution expired"
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::Exceptions::Timeout.new(timeout_message))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 504, @response.status
+        body = JSON.parse(@response.body)
+        assert_equal timeout_message, body['message']
+        assert_equal timeout_message, body['error']
+      end
+
+      test "should handle failed authentication to cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 401, "Unauthorized")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::Unauthorized.new(res))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 401, @response.status
+        assert_equal 'Authentication to the Insights Service failed.', JSON.parse(@response.body)['message']
+      end
+
+      test "should forward errors to the client" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 500, "TEST_RESPONSE")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+        ::ForemanRhCloud::InsightsApiForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::InternalServerError.new(res))
+
+        get :forward_request, params: { "controller" => "vulnerabilities", "path" => "api/vulnerability/v1/cves" }, session: set_session
+        assert_equal 500, @response.status
+        assert_equal 'Cloud request failed', JSON.parse(@response.body)['message']
+        assert_match(/#{@body}/, JSON.parse(@response.body)['response'])
+      end
+    end
+
+    def set_session
+      set_session_user.merge(
+        organization_id: @org.id,
+        location_id: @loc.id
+      )
+    end
+  end
+end