foreman_rh_cloud 3.0.16 → 3.0.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40911c61287fcace17eb79713f616515ca463a0c671f2a663b5dca8c4587c0ca
-  data.tar.gz: 5db731e3f022086fc55b9f6dded6917ff4d459c0565aa48fb4742cdcb2adbb0a
+  metadata.gz: de4c573e51011ac6fd99707859fa86d659454b7f30183494ab5e240e773bec0a
+  data.tar.gz: f0510f09adf430834e01b9732a9cf6faedff0b18471e7b90fbca8a47fe867a13
 SHA512:
-  metadata.gz: 06c1ac8778b2c119f3594cfec3afec6662b4ab6925a7b591d88cfa3fb80b76f390d38e5e152249f253095a71ca7484e8fe715906294729d71045bcc5d35022d0
-  data.tar.gz: c629a9b8b860600b1c0a180ebf2d057cc3201a3596fa32bbcf650661e4612fdd5612dba787b32ba70cf8b546662af68d49e98e4edd4e77f49deb22b9d681a408
+  metadata.gz: a5ef31993d25982136027082f9fb3d382133378627afd0f5da6eeb5eb24a971aa36cdb7f8995347b017ab438124219113e6b326a52f1821e0ccbdb0a6e402f52
+  data.tar.gz: e5da37635a059fadc6e6c62464aec98f75e803fddb1f8b1ca9b23ad27e42cffdb006bdd4ae5e59d10317d8599f6629ff8f4e08065a15947aff7f93133ec49e8a

data/app/controllers/concerns/insights_cloud/candlepin_cache.rb

@@ -0,0 +1,28 @@
+module InsightsCloud
+  module CandlepinCache
+    extend ActiveSupport::Concern
+
+    def upstream_owner(org)
+      # We use a cache because owner_details is a call to Candlepin
+      Rails.cache.fetch("rh_cloud_upstream_owner_#{org.id}", expires_in: 1.minute) do
+        org.owner_details['upstreamConsumer']
+      end
+    end
+
+    def cp_owner_id(org)
+      owner = upstream_owner(org)
+      owner['uuid'] if owner
+    end
+
+    def candlepin_id_cert(org)
+      owner = upstream_owner(org)
+      return unless owner
+      id_cert = {
+        cert: owner.dig('idCert', 'cert'),
+        key: owner.dig('idCert', 'key'),
+      }
+      return unless id_cert.values.all?
+      id_cert
+    end
+  end
+end

data/app/controllers/concerns/insights_cloud/client_authentication.rb

@@ -0,0 +1,23 @@
+module InsightsCloud
+  module ClientAuthentication
+    extend ActiveSupport::Concern
+
+    include ::Katello::Authentication::ClientAuthentication
+
+    def authorize
+      client_authorized? || super
+    end
+
+    def client_authorized?
+      authenticate_client && valid_machine_user?
+    end
+
+    def valid_machine_user?
+      subscribed_host_by_uuid(User.current.uuid).present?
+    end
+
+    def subscribed_host_by_uuid(uuid)
+      @host = Host.unscoped.joins(:subscription_facet).where(:katello_subscription_facets => {:uuid => uuid }).first
+    end
+  end
+end

data/app/controllers/foreman_inventory_upload/accounts_controller.rb

@@ -24,7 +24,7 @@ module ForemanInventoryUpload
         autoUploadEnabled: Setting[:allow_auto_inventory_upload],
         hostObfuscationEnabled: Setting[:obfuscate_inventory_hostnames],
         ipsObfuscationEnabled: Setting[:obfuscate_inventory_ips],
-        cloudToken: Setting[:rh_cloud_token],
+        cloudToken: !Setting[:rh_cloud_token].empty?,
         excludePackages: Setting[:exclude_installed_packages],
         accounts: accounts,
         CloudConnectorStatus: cloud_connector_status,

data/app/controllers/foreman_inventory_upload/uploads_controller.rb

@@ -14,14 +14,7 @@ module ForemanInventoryUpload
       files = Dir["{#{ForemanInventoryUpload.uploads_file_path(filename)},#{ForemanInventoryUpload.done_file_path(filename)}}"]
 
       return send_file files.first, disposition: 'attachment', filename: filename unless files.empty?
-      throw_flash_error "File doesn't exist"
-    end
-
-    def throw_flash_error(message)
-      process_error(
-        :redirect => foreman_inventory_upload_index_path,
-        :error_msg => message
-      )
+      raise ::Foreman::Exception.new("The report file doesn't exist")
     end
 
     def enable_cloud_connector

data/app/controllers/insights_cloud/api/machine_telemetries_controller.rb

@@ -0,0 +1,73 @@
+module InsightsCloud::Api
+  class MachineTelemetriesController < ::Api::V2::BaseController
+    layout false
+
+    include ::InsightsCloud::ClientAuthentication
+    include ::InsightsCloud::CandlepinCache
+
+    before_action :cert_uuid, :ensure_org, :ensure_branch_id, :only => [:forward_request, :branch_info]
+    before_action :ensure_telemetry_enabled_for_consumer, :only => [:forward_request]
+
+    skip_after_action :log_response_body, :only => [:forward_request]
+    skip_before_action :check_media_type, :only => [:forward_request]
+
+    # The method that "proxies" requests over to Cloud
+    def forward_request
+      certs = candlepin_id_cert @organization
+      cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, certs)
+
+      if cloud_response.code == 401
+        return render json: {
+          :message => 'Authentication to the Insights Service failed.',
+          :headers => {},
+        }, status: :bad_gateway
+      end
+
+      if cloud_response.headers[:content_disposition]
+        return send_data cloud_response, disposition: cloud_response.headers[:content_disposition], type: cloud_response.headers[:content_type]
+      end
+
+      assign_header(response, cloud_response, :x_resource_count, true)
+      assign_header(response, cloud_response, :x_rh_insights_request_id, false)
+
+      render json: cloud_response, status: cloud_response.code
+    end
+
+    def branch_info
+      render :json => ForemanRhCloud::BranchInfo.new.generate(@uuid, @host, @branch_id, request.host).to_json
+    end
+
+    def assign_header(res, cloud_res, header, transform)
+      header_content = cloud_res.headers[header]
+      return unless header_content
+      new_header = transform ? header.to_s.tr('_', '-') : header.to_s
+      res.headers[new_header] = header_content
+    end
+
+    private
+
+    def ensure_telemetry_enabled_for_consumer
+      render_message 'Telemetry is not enabled for your organization', :status => 403 unless telemetry_config
+    end
+
+    def telemetry_config
+      ::RedhatAccess::TelemetryConfiguration.find_or_create_by(:organization_id => @organization.id) do |conf|
+        conf.enable_telemetry = true
+      end
+    end
+
+    def cert_uuid
+      @uuid ||= User.current.login
+    end
+
+    def ensure_org
+      @organization = @host.organization
+      return render_message 'Organization not found or invalid', :status => 400 unless @organization
+    end
+
+    def ensure_branch_id
+      @branch_id = cp_owner_id(@organization)
+      return render_message "Branch ID not found for organization #{@organization.title}", :status => 400 unless @branch_id
+    end
+  end
+end

data/app/controllers/insights_cloud/hits_controller.rb

@@ -3,11 +3,11 @@ module InsightsCloud
     include Foreman::Controller::AutoCompleteSearch
 
     def index
-      hits = resource_base_search_and_page.preload(:host)
+      hits = resource_base_search_and_page.preload(:host, :rule)
 
       render json: {
-        hasToken: Setting[:rh_cloud_token].length > 1,
-        hits: hits.map { |hit| hit.attributes.merge(hostname: hit.host&.name) },
+        hasToken: !Setting[:rh_cloud_token].empty?,
+        hits: hits.map { |hit| hit.attributes.merge(hostname: hit.host&.name, has_playbook: hit.has_playbook?) },
         itemCount: hits.count,
       }, status: :ok
     end

data/app/controllers/insights_cloud/tasks_controller.rb

@@ -1,7 +1,12 @@
 module InsightsCloud
   class TasksController < ::ApplicationController
     def create
-      InsightsCloud::Async::InsightsFullSync.perform_now
+      job = InsightsCloud::Async::InsightsFullSync.perform_later
+      task = ForemanTasks::Task.find_by(external_id: job.provider_job_id)
+
+      render json: {
+        task: task,
+      }, status: :ok
     end
   end
 end

data/app/models/insights_hit.rb

@@ -4,7 +4,22 @@ class InsightsHit < ApplicationRecord
   # since the facet is one-to-one association with a host, we can connect
   # through host_id column on both this model and facet.
   belongs_to :insights_facet, foreign_key: 'host_id', primary_key: 'host_id', counter_cache: :hits_count
+
+  has_one :rule, class_name: 'InsightsRule', foreign_key: 'rule_id', primary_key: 'rule_id'
+
+  scope :with_playbook, -> { joins(:rule) }
+
   scoped_search on: :title, complete_value: true
-  scoped_search on: :total_risk, complete_value: :true
+  scoped_search on: :total_risk, complete_value: true
+  scoped_search on: :rule_id, complete_value: true, only_explicit: true
   scoped_search relation: :host, on: :name, rename: :hostname, complete_value: true
+  scoped_search on: :rule_id, rename: :with_playbook, only_explicit: true, complete_value: false, ext_method: :find_with_playbook
+
+  def self.find_with_playbook(key, operator, value)
+    { joins: :rule }
+  end
+
+  def has_playbook?
+    !rule.nil?
+  end
 end

data/app/models/insights_resolution.rb

@@ -0,0 +1,3 @@
+class InsightsResolution < ApplicationRecord
+  belongs_to :rule, class_name: 'InsightsRule', foreign_key: 'rule_id', primary_key: 'rule_id', inverse_of: :resolutions
+end

data/app/models/insights_rule.rb

@@ -0,0 +1,3 @@
+class InsightsRule < ApplicationRecord
+  has_many :resolutions, class_name: 'InsightsResolution', dependent: :destroy, foreign_key: 'rule_id', primary_key: 'rule_id', inverse_of: :rule
+end

data/app/models/setting/rh_cloud.rb

@@ -1,16 +1,26 @@
 class Setting::RhCloud < Setting
   ::Setting::BLANK_ATTRS.concat %w{rh_cloud_token}
 
+  def self.load_defaults
+    return false unless table_exists?
+    transaction do
+      # If the user had auto_upload default setting, we will not surprise him, and force the value to false
+      # for new users, the default will be set to true and the value will remain nil
+      Setting.where(name: 'allow_auto_inventory_upload', value: nil).where("settings.default LIKE '%false%'").update_all(value: "--- false\n...")
+      super
+    end
+  end
+
   def self.default_settings
     return unless ActiveRecord::Base.connection.table_exists?('settings')
-    return unless super
     [
-      set('allow_auto_inventory_upload', N_('Allow automatic upload of the host inventory to the Red Hat cloud'), false, N_('Allow automatic inventory uploads')),
+      set('allow_auto_inventory_upload', N_('Allow automatic upload of the host inventory to the Red Hat cloud'), true, N_('Allow automatic inventory uploads')),
       set('allow_auto_insights_sync', N_('Allow recommendations synchronization from Red Hat cloud'), false, N_('Allow recommendations synchronization')),
       set('obfuscate_inventory_hostnames', N_('Obfuscate host names sent to Red Hat cloud'), false, N_('Obfuscate host names')),
       set('obfuscate_inventory_ips', N_('Obfuscate ip addresses sent to Red Hat cloud'), false, N_('Obfuscate IPs')),
       set('rh_cloud_token', N_('Authentication token to Red Hat cloud services. Used to authenticate requests to cloud APIs'), nil, N_('Red Hat Cloud token'), nil, encrypted: true),
       set('exclude_installed_packages', N_('Exclude installed packages from Red Hat cloud inventory report'), false, N_("Don't upload installed packages")),
+      set('include_parameter_tags', N_('Should import include parameter tags from Foreman?'), false, N_('Include parameters in insights-client reports')),
     ]
   end
 

data/app/services/foreman_rh_cloud/branch_info.rb

@@ -0,0 +1,57 @@
+module ForemanRhCloud
+  class BranchInfo
+    def generate(uuid, host, branch_id, request_hostname)
+      {
+        :remote_leaf => uuid,
+        :remote_branch => branch_id,
+        :display_name => host.organization.name,
+        :hostname => request_hostname,
+        :product => {
+          :type => core_app_name,
+          :major_version => core_app_version.major,
+          :minor_version => core_app_version.minor,
+        },
+        :organization_id => host.organization.id,
+        :satellite_instance_id => Foreman.instance_id,
+        :labels => host_labels(host),
+      }
+    end
+
+    def core_app_name
+      'Foreman'
+    end
+
+    def core_app_version
+      Foreman::Version.new
+    end
+
+    def new_label(key, value, namespace)
+      {
+        :namespace => namespace,
+        :key => key,
+        :value => value,
+      }
+    end
+
+    def labels_from_items(items, label_namespace, label_lamb, label_value_method = :to_s)
+      items.map { |item| new_label(label_lamb.call(item), item.public_send(label_value_method), label_namespace) }
+    end
+
+    def host_labels(host)
+      labels = [new_label('Organization', host.organization.name, 'Satellite')]
+      labels += labels_from_items(host.location.title.split('/'), 'Satellite', ->(item) { 'Location' }) if host.location
+      labels += labels_from_items(host.hostgroup.title.split('/'), 'Satellite', ->(item) { 'Host Group' }) if host.hostgroup
+      labels += labels_from_items(host.host_collections, 'Satellite', ->(item) { 'Host Collection' }, :name)
+
+      if Setting[:include_parameter_tags]
+        labels += labels_from_items(
+          host.host_inherited_params_objects,
+          'SatelliteParameter',
+          ->(item) { item.name },
+          :value)
+      end
+
+      labels
+    end
+  end
+end

data/app/services/foreman_rh_cloud/cloud_request_forwarder.rb

@@ -0,0 +1,102 @@
+require 'rest-client'
+
+module ForemanRhCloud
+  class CloudRequestForwarder
+    include ::ForemanRhCloud::CloudAuth
+
+    def forward_request(original_request, controller_name, branch_id, certs)
+      forward_params = prepare_forward_params(original_request, branch_id)
+      logger.debug("Request parameters for telemetry request: #{forward_params}")
+
+      forward_payload = prepare_forward_payload(original_request, controller_name)
+
+      logger.debug("User agent for telemetry is: #{http_user_agent original_request}")
+
+      request_opts = prepare_request_opts(original_request, forward_payload, forward_params, certs)
+
+      logger.debug("Sending request to: #{request_opts[:url]}")
+
+      execute_cloud_request(request_opts)
+    end
+
+    def prepare_request_opts(original_request, forward_payload, forward_params, certs)
+      base_params = {
+        method: original_request.method,
+        verify_ssl: ForemanRhCloud.verify_ssl_method,
+        payload: forward_payload,
+        headers: {
+          params: forward_params,
+          user_agent: http_user_agent(original_request),
+        },
+      }
+
+      if no_cert_paths.any? { |path| path.match original_request.path }
+        base_params.merge(url: prepare_forward_cloud_url(ForemanRhCloud.base_url, original_request.path))
+      else
+        base_params.merge(
+          url: prepare_forward_cloud_url(ForemanRhCloud.cert_base_url, original_request.path),
+          ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
+          ssl_client_key: OpenSSL::PKey::RSA.new(certs[:key])
+        )
+      end
+    end
+
+    def no_cert_paths
+      [
+        "/redhat_access/r/insights/v1/static/release/insights-core.egg",
+        "/redhat_access/r/insights/v1/static/uploader.v2.json",
+        "/redhat_access/r/insights/v1/static/uploader.v2.json.asc",
+        "/redhat_access/r/insights/v1/static/core/insights-core.egg",
+      ]
+    end
+
+    def execute_cloud_request(request_opts)
+      RestClient::Request.execute request_opts
+    end
+
+    def prepare_forward_payload(original_request, controller_name)
+      forward_payload = original_request.request_parameters[controller_name]
+
+      forward_payload = original_request.raw_post.clone if original_request.post? && original_request.raw_post
+      forward_payload = original_request.body.read if original_request.put?
+
+      forward_payload = original_request.params.slice(:file, :metadata) if original_request.params[:file]
+
+      # fix rails behaviour for http PATCH:
+      forward_payload = forward_payload.to_json if original_request.format.json? && original_request.patch? && forward_payload && !forward_payload.is_a?(String)
+      forward_payload
+    end
+
+    def prepare_forward_params(original_request, branch_id)
+      forward_params = original_request.query_parameters
+      if original_request.user_agent && !original_request.user_agent.include?('redhat_access_cfme')
+        forward_params = forward_params.merge(:branch_id => branch_id)
+      end
+
+      forward_params
+    end
+
+    def prepare_forward_cloud_url(base_url, request_path)
+      cloud_path = request_path.sub('/redhat_access/r/insights/platform/', '')
+                               .sub('/redhat_access/r/insights/', '')
+
+      "#{base_url}/api/#{cloud_path}"
+    end
+
+    def core_app_name
+      'Foreman'
+    end
+
+    def core_app_version
+      Foreman::Version.new
+    end
+
+    def http_user_agent(original_request)
+      "#{core_app_name}/#{core_app_version};#{ForemanRhCloud::Engine.engine_name}/#{ForemanRhCloud::VERSION};#{original_request.env['HTTP_USER_AGENT']}"
+    end
+
+    def logger
+      Foreman::Logging.logger('app')
+    end
+  end
+end

data/config/routes.rb

@@ -32,4 +32,14 @@ Rails.application.routes.draw do
     get 'inventory_upload', to: '/react#index'
     get 'insights_cloud', to: '/react#index' # Uses foreman's react controller
   end
+
+  scope :module => :'insights_cloud/api', :path => :redhat_access do
+    scope 'r/insights/v1' do
+      get 'branch_info', to: 'machine_telemetries#branch_info'
+    end
+
+    scope '/r/insights' do
+      match '/*path', :constraints => lambda { |req| !req.path.include?('view/api') }, to: 'machine_telemetries#forward_request', via: [:get, :post, :delete,:put, :patch]
+    end
+  end
 end

data/db/migrate/20210214000001_create_rules_and_resolutions.foreman_rh_cloud.rb

@@ -0,0 +1,24 @@
+class CreateRulesAndResolutions < ActiveRecord::Migration[5.2]
+  def change
+    create_table :insights_rules do |t|
+      t.string :rule_id
+      t.string :description
+      t.string :category_name
+      t.string :impact_name
+      t.string :summary
+      t.string :generic
+      t.string :reason
+      t.integer :total_risk
+      t.boolean :reboot_required
+      t.string :more_info
+      t.integer :rating
+    end
+
+    create_table :insights_resolutions do |t|
+      t.string :rule_id
+      t.integer :system_type
+      t.string :resolution
+      t.boolean :has_playbook
+    end
+  end
+end