hammer_cli_foreman 3.5.0 → 3.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 006d4b4eed7a0555a9094223fcbf0310fbf45787fa879f96426b7420a3fd8207
-  data.tar.gz: 78bb6049eae38f6793a420461c5ee8772eac699d538e33d331d01f12ab236178
+  metadata.gz: dc16859a1c7009f413c77229f58397aba4b0030da06342777e48a71175c63830
+  data.tar.gz: 595d6c7713563d97dea1cceb7d046c5f665d5e07fa2c6a133931959a4b1c0246
 SHA512:
-  metadata.gz: 1a66faf43bc97309b2e98ddbf9aeb9dc9f5bd6a768326d305692819ac4c76bcb4d9def107795823b5df9192993f691ea608a31c9af003c0fcad4cbb57e8c09a1
-  data.tar.gz: a873297a23beb5e95f8bd1a232e836a5b914af82836f90e33722ab8a7162f55396c17c93955d50929bbed95b3fe7c1b0cc48907b918c465a247d7ab22d511b90
+  metadata.gz: cb12b697b14fc4abc05c05363e16ff77d07a98b11584af354007397aeaf26c6cebdf7086e8d84828f711ef1814cb7307febe269bbb32920e8240ad0b79e714a2
+  data.tar.gz: 9e21177108564c9e0bd394fdd2603e06b4d2f3a50c9936d00ca800da2ec8ce28c1ee295f28434da5e011f12332dea7eaaf9ccd4104bf05734adbbec27027479f

data/config/foreman.yml

@@ -13,6 +13,11 @@
   :username: 'admin'
   #:password: 'example'
 
+  # Basic Auth External:
+  #:default_auth_type: 'Basic_Auth_External'
+  #:username: 'admin'
+  #:password: 'example'
+
   # Oauth using the Password Grant Flow:
   # This authentication method requires sessions to be enabled, uncomment the following
   # lines to use this authentication method.

data/doc/release_notes.md

@@ -1,5 +1,8 @@
 Release notes
 =============
+### 3.5.1 (2023-02-28)
+* Support basic auth for external sources, [#11317](http://projects.theforeman.org/issues/11317)
+
 ### 3.5.0 (2022-10-31)
 * Extract gce related info ([PR #606](https://github.com/theforeman/hammer-cli-foreman/pull/606)), [#35659](http://projects.theforeman.org/issues/35659)
 * Change auth endpoint for negotiation, [#35473](http://projects.theforeman.org/issues/35473)

data/lib/hammer_cli_foreman/api/authenticator.rb

@@ -13,6 +13,8 @@ module HammerCLIForeman
           void_auth
         elsif auth_type == AUTH_TYPES[:basic_auth]
           basic_auth
+        elsif auth_type == AUTH_TYPES[:basic_auth_external]
+          basic_auth_external
         elsif auth_type == AUTH_TYPES[:negotiate]
           negotiate_auth
         elsif auth_type == AUTH_TYPES[:oauth_password_grant]
@@ -45,6 +47,24 @@ module HammerCLIForeman
         end
       end
 
+      def basic_auth_external
+        if HammerCLIForeman::Sessions.enabled?
+          authenticator = InteractiveBasicAuthExternal.new(
+            settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'],
+            settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD'],
+            uri
+          )
+          SessionAuthenticatorWrapper.new(authenticator, uri, auth_type)
+        else
+          username = settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'] || settings.get(:foreman, :username)
+          password = settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD']
+          if password.nil? && (username == settings.get(:foreman, :username))
+            password = settings.get(:foreman, :password)
+          end
+          InteractiveBasicAuthExternal.new(username, password, uri)
+        end
+      end
+
       def negotiate_auth
         return unless HammerCLIForeman::Sessions.enabled?
 

data/lib/hammer_cli_foreman/api/basic_auth.rb

@@ -0,0 +1,71 @@
+module HammerCLIForeman
+  module Api
+    module BasicAuth
+      def authenticate(request, args)
+        if HammerCLI.interactive?
+          get_user
+          get_password
+        end
+        super
+      end
+
+      def error(ex)
+        return unless ex.is_a?(RestClient::Unauthorized)
+
+        clear
+        default_message = _('Invalid username or password.')
+        message = begin
+          response_msg = JSON.parse(ex.response.body)['error']
+          response_msg.is_a?(Hash) ? response_msg['message'] : response_msg
+        rescue
+        end
+        return UnauthorizedError.new(default_message) unless message
+
+        UnauthorizedError.new("#{message}\n#{default_message}")
+      end
+
+      def status
+        unless @user.nil? || @password.nil?
+          _("Using configured credentials for user '%s'.") % @user
+        else
+          _('Credentials are not configured.')
+        end
+      end
+
+      def user(ask = nil)
+        @user ||= ask && get_user
+      end
+
+      def password(ask = nil)
+        @password ||= ask && get_password
+      end
+
+      def set_credentials(user, password)
+        @user = user
+        @password = password
+      end
+
+      def clear
+        set_credentials(nil, nil)
+      end
+
+      private
+
+      def get_user
+        @user ||= ask_user(_('[Foreman] Username:%s') % ' ')
+      end
+
+      def get_password
+        @password ||= ask_user(_("[Foreman] Password for %{user}:%{wsp}") % { user: @user, wsp: ' ' }, true)
+      end
+
+      def ask_user(prompt, silent = false)
+        if silent
+          HammerCLI.interactive_output.ask(prompt) { |q| q.echo = false }
+        else
+          HammerCLI.interactive_output.ask(prompt)
+        end
+      end
+    end
+  end
+end

data/lib/hammer_cli_foreman/api/connection.rb

@@ -1,6 +1,7 @@
 require 'hammer_cli_foreman/api/session_authenticator_wrapper'
 require 'hammer_cli_foreman/api/authenticator'
 require 'hammer_cli_foreman/api/interactive_basic_auth'
+require 'hammer_cli_foreman/api/interactive_basic_auth_external'
 require 'hammer_cli_foreman/api/negotiate_auth'
 require 'hammer_cli_foreman/api/oauth/authentication_code_grant'
 require 'hammer_cli_foreman/api/oauth/password_grant'
@@ -11,6 +12,7 @@ module HammerCLIForeman
   CONNECTION_NAME = 'foreman'
   AUTH_TYPES = {
     basic_auth: 'Basic_Auth',
+    basic_auth_external: 'Basic_Auth_External',
     negotiate: 'Negotiate_Auth',
     oauth_authentication_code_grant: 'Oauth_Authentication_Code_Grant',
     oauth_password_grant: 'Oauth_Password_Grant'
@@ -44,8 +46,7 @@ module HammerCLIForeman
 
       protected
 
-      def default_auth_type(settings)
-        return AUTH_TYPES[:basic_auth] unless HammerCLIForeman::Sessions.enabled?
+      def default_auth_type(_settings)
         HammerCLI::Settings.get(:foreman, :default_auth_type) || AUTH_TYPES[:basic_auth]
       end
 

data/lib/hammer_cli_foreman/api/interactive_basic_auth.rb

@@ -1,68 +1,9 @@
+require 'hammer_cli_foreman/api/basic_auth'
+
 module HammerCLIForeman
   module Api
     class InteractiveBasicAuth < ApipieBindings::Authenticators::BasicAuth
-      def authenticate(request, args)
-        if HammerCLI.interactive?
-          get_user
-          get_password
-        end
-        super
-      end
-
-      def error(ex)
-        if ex.is_a?(RestClient::Unauthorized)
-          self.clear
-          message = _('Invalid username or password.')
-          begin
-            message = JSON.parse(ex.response.body)['error']['message']
-          rescue
-          end
-          UnauthorizedError.new(message)
-        end
-      end
-
-      def status
-        unless @user.nil? || @password.nil?
-          _("Using configured credentials for user '%s'.") % @user
-        else
-          _("Credentials are not configured.")
-        end
-      end
-
-      def user(ask=nil)
-        @user ||= ask && get_user
-      end
-
-      def password(ask=nil)
-        @password ||= ask && get_password
-      end
-
-      def set_credentials(user, password)
-        @user = user
-        @password = password
-      end
-
-      def clear
-        set_credentials(nil, nil)
-      end
-
-      private
-
-      def get_user
-        @user ||= ask_user(_("[Foreman] Username:%s") % " ")
-      end
-
-      def get_password
-        @password ||= ask_user(_("[Foreman] Password for %{user}:%{wsp}") % {:user => @user, :wsp => " "}, true)
-      end
-
-      def ask_user(prompt, silent=false)
-        if silent
-          HammerCLI.interactive_output.ask(prompt) { |q| q.echo = false }
-        else
-          HammerCLI.interactive_output.ask(prompt)
-        end
-      end
+      include HammerCLIForeman::Api::BasicAuth
     end
   end
 end

data/lib/hammer_cli_foreman/api/interactive_basic_auth_external.rb

@@ -0,0 +1,17 @@
+require 'hammer_cli_foreman/api/basic_auth'
+
+module HammerCLIForeman
+  module Api
+    class InteractiveBasicAuthExternal < ApipieBindings::Authenticators::BasicAuthExternal
+      include HammerCLIForeman::Api::BasicAuth
+
+      def initialize(user, password, foreman_url)
+        super(user, password, "#{foreman_url}/api/users/extlogin", HammerCLI::SSLOptions.new.get_options(foreman_url))
+      end
+
+      def session_id
+        auth_cookie&.delete_prefix('_session_id=')
+      end
+    end
+  end
+end

data/lib/hammer_cli_foreman/api/session_authenticator_wrapper.rb

@@ -80,7 +80,7 @@ module HammerCLIForeman
 
       def user(ask=nil)
         return unless @authenticator.respond_to?(:user)
-        if @auth_type == AUTH_TYPES[:basic_auth]
+        if [AUTH_TYPES[:basic_auth], AUTH_TYPES[:basic_auth_external]].include?(@auth_type)
           @authenticator.user(ask)
         elsif @auth_type == AUTH_TYPES[:oauth_authentication_code_grant] ||
               @auth_type = AUTH_TYPES[:oauth_password_grant]
@@ -93,7 +93,7 @@ module HammerCLIForeman
       end
 
       def set_auth_params(*args)
-        if @auth_type == AUTH_TYPES[:basic_auth]
+        if [AUTH_TYPES[:basic_auth], AUTH_TYPES[:basic_auth_external]].include?(@auth_type)
           @authenticator.set_credentials(*args)
         elsif @auth_type == AUTH_TYPES[:oauth_authentication_code_grant] ||
               @auth_type == AUTH_TYPES[:oauth_password_grant]

data/lib/hammer_cli_foreman/auth.rb

@@ -28,6 +28,27 @@ module HammerCLIForeman
         end
       end
 
+      class BasicExternal < HammerCLI::AbstractCommand
+        extend HammerCLIForeman::Authenticate::Login
+
+        command_name 'basic-external'
+        desc _('Authenticate against external source (IPA/PAM) with credentials')
+
+        option ['-u', '--username'], 'USERNAME', _('Username to access the remote system')
+        option ['-p', '--password'], 'PASSWORD', _('Password to access the remote system')
+
+        def execute
+          Basic.execute_with_params(
+            AUTH_TYPES[:basic_auth_external],
+            option_username || HammerCLI::Settings.get('_params', 'username'),
+            option_password || HammerCLI::Settings.get('_params', 'password')
+          )
+          logged_user = HammerCLIForeman.foreman_api_connection.authenticator.user
+          print_message(_("Successfully logged in as '%s'.") % logged_user)
+          HammerCLI::EX_OK
+        end
+      end
+
       class Negotiate < HammerCLI::AbstractCommand
         extend HammerCLIForeman::Authenticate::Login
 

data/lib/hammer_cli_foreman/version.rb

@@ -1,5 +1,5 @@
 module HammerCLIForeman
   def self.version
-    @version ||= Gem::Version.new "3.5.0"
+    @version ||= Gem::Version.new "3.5.1"
   end
 end

data/test/unit/api/interactive_basic_auth_test.rb

@@ -105,8 +105,9 @@ describe HammerCLIForeman::Api::InteractiveBasicAuth do
       response.stubs(:body).returns('{"error": {"message": "Unable to authenticate user admin"}}')
       ex.response = response
       new_ex = auth.error(ex)
+      expected = "Unable to authenticate user admin\nInvalid username or password."
 
-      assert_equal 'Unable to authenticate user admin', new_ex.message
+      assert_equal expected, new_ex.message
     end
   end
 

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: hammer_cli_foreman
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.5.1
 platform: ruby
 authors:
 - Tomáš Strachota
 - Martin Bačovský
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-31 00:00:00.000000000 Z
+date: 2023-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hammer_cli
@@ -17,14 +17,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 3.5.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 3.5.1
 - !ruby/object:Gem::Dependency
   name: apipie-bindings
   requirement: !ruby/object:Gem::Requirement
@@ -75,19 +75,19 @@ dependencies:
         version: 2.2.1
 description: 'Foreman commands for Hammer CLI
 
-  '
+'
 email: tstracho@redhat.com
 executables: []
 extensions: []
 extra_rdoc_files:
+- doc/configuration.md
+- doc/developer_docs.md
+- doc/host_create.md
 - doc/name_id_resolution.md
 - doc/option_builder.md
-- doc/using_hammer_cli_foreman_command.md
-- doc/developer_docs.md
 - doc/plugin.md
 - doc/testing.md
-- doc/configuration.md
-- doc/host_create.md
+- doc/using_hammer_cli_foreman_command.md
 - doc/release_notes.md
 - README.md
 files:
@@ -106,8 +106,10 @@ files:
 - lib/hammer_cli_foreman.rb
 - lib/hammer_cli_foreman/api.rb
 - lib/hammer_cli_foreman/api/authenticator.rb
+- lib/hammer_cli_foreman/api/basic_auth.rb
 - lib/hammer_cli_foreman/api/connection.rb
 - lib/hammer_cli_foreman/api/interactive_basic_auth.rb
+- lib/hammer_cli_foreman/api/interactive_basic_auth_external.rb
 - lib/hammer_cli_foreman/api/negotiate_auth.rb
 - lib/hammer_cli_foreman/api/oauth/authentication_code_grant.rb
 - lib/hammer_cli_foreman/api/oauth/password_grant.rb
@@ -350,7 +352,7 @@ homepage: https://github.com/theforeman/hammer-cli-foreman
 licenses:
 - GPL-3.0+
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -365,8 +367,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: Foreman commands for Hammer
 test_files:
@@ -384,106 +386,106 @@ test_files:
 - test/data/1.24/foreman_api.json
 - test/data/2.0/foreman_api.json
 - test/data/2.1/foreman_api.json
-- test/data/README.md
 - test/data/2.4/foreman_api.json
 - test/data/2.5/foreman_api.json
 - test/data/3.1/foreman_api.json
 - test/data/3.4/foreman_api.json
+- test/data/README.md
+- test/functional/architecture_test.rb
+- test/functional/associating_commands_test.rb
+- test/functional/audit_test.rb
 - test/functional/auth_source_test.rb
+- test/functional/bookmark_test.rb
 - test/functional/commands/list_test.rb
+- test/functional/compute_attribute_test.rb
+- test/functional/compute_profile_test.rb
+- test/functional/compute_resource_test.rb
+- test/functional/domain/create_test.rb
+- test/functional/domain/update_test.rb
+- test/functional/filter_test.rb
+- test/functional/host_test.rb
 - test/functional/hostgroup/create_test.rb
 - test/functional/hostgroup/update_test.rb
-- test/functional/architecture_test.rb
-- test/functional/compute_attribute_test.rb
-- test/functional/ping_test.rb
-- test/functional/user_test.rb
-- test/functional/ssh_keys_test.rb
-- test/functional/subnet/update_test.rb
-- test/functional/subnet/create_test.rb
-- test/functional/test_helper.rb
+- test/functional/http_proxy_test.rb
 - test/functional/location_test.rb
+- test/functional/mail_notification_test.rb
 - test/functional/media_test.rb
+- test/functional/model_test.rb
+- test/functional/operating_system_test.rb
+- test/functional/organization_test.rb
 - test/functional/partition_table_test.rb
 - test/functional/personal_access_token_test.rb
+- test/functional/ping_test.rb
+- test/functional/realm_test.rb
+- test/functional/registration_test.rb
 - test/functional/report_template_test.rb
+- test/functional/role_test.rb
 - test/functional/settings_test.rb
+- test/functional/ssh_keys_test.rb
 - test/functional/status_test.rb
+- test/functional/subnet/create_test.rb
+- test/functional/subnet/update_test.rb
+- test/functional/table_preference_test.rb
+- test/functional/template_test.rb
+- test/functional/test_helper.rb
 - test/functional/user_mail_notification_test.rb
-- test/functional/compute_resource_test.rb
-- test/functional/compute_profile_test.rb
-- test/functional/realm_test.rb
+- test/functional/user_test.rb
 - test/functional/usergroup_test.rb
-- test/functional/organization_test.rb
 - test/functional/virtual_machine_test.rb
-- test/functional/domain/create_test.rb
-- test/functional/domain/update_test.rb
-- test/functional/filter_test.rb
-- test/functional/host_test.rb
-- test/functional/http_proxy_test.rb
-- test/functional/mail_notification_test.rb
-- test/functional/operating_system_test.rb
-- test/functional/template_test.rb
-- test/functional/associating_commands_test.rb
-- test/functional/audit_test.rb
-- test/functional/role_test.rb
-- test/functional/bookmark_test.rb
-- test/functional/model_test.rb
-- test/functional/registration_test.rb
-- test/functional/table_preference_test.rb
-- test/unit/api/void_auth_test.rb
-- test/unit/api/interactive_basic_auth_test.rb
+- test/test_helper.rb
 - test/unit/api/oauth/oauth_authentication_code_grant_test.rb
 - test/unit/api/oauth/oauth_password_grant_test.rb
 - test/unit/api/session_authenticator_wrapper_test.rb
-- test/unit/test_output_adapter.rb
-- test/unit/host_test.rb
+- test/unit/api/void_auth_test.rb
+- test/unit/api/interactive_basic_auth_test.rb
+- test/unit/api_test.rb
+- test/unit/apipie_resource_mock.rb
+- test/unit/architecture_test.rb
+- test/unit/audit_test.rb
+- test/unit/auth_source_external.rb
 - test/unit/auth_source_ldap_test.rb
-- test/unit/config_report_test.rb
+- test/unit/bookmark_test.rb
+- test/unit/commands_test.rb
+- test/unit/common_parameter_test.rb
+- test/unit/compute_profile_test.rb
 - test/unit/compute_resource_test.rb
+- test/unit/config_report_test.rb
 - test/unit/data/test_api.json
 - test/unit/defaults_test.rb
-- test/unit/id_resolver_test.rb
+- test/unit/dependency_resolver_test.rb
+- test/unit/domain_test.rb
+- test/unit/exception_handler_test.rb
 - test/unit/external_usergroup_test.rb
 - test/unit/fact_test.rb
+- test/unit/filter_test.rb
+- test/unit/helpers/command.rb
 - test/unit/helpers/fake_searchables.rb
 - test/unit/helpers/resource_disabled.rb
-- test/unit/helpers/command.rb
+- test/unit/host_test.rb
+- test/unit/hostgroup_test.rb
+- test/unit/id_resolver_test.rb
 - test/unit/image_test.rb
 - test/unit/location_test.rb
-- test/unit/messages_test.rb
 - test/unit/mail_notification_test.rb
+- test/unit/media_test.rb
+- test/unit/messages_test.rb
+- test/unit/model_test.rb
+- test/unit/operating_system_test.rb
+- test/unit/option_builders_test.rb
 - test/unit/option_sources/id_params_test.rb
 - test/unit/option_sources/ids_params_test.rb
 - test/unit/organization_test.rb
 - test/unit/output/formatters_test.rb
-- test/unit/common_parameter_test.rb
+- test/unit/param_filters_test.rb
+- test/unit/partition_table_test.rb
 - test/unit/realm_test.rb
+- test/unit/role_test.rb
+- test/unit/sessions_test.rb
 - test/unit/settings_test.rb
-- test/unit/usergroup_test.rb
+- test/unit/smart_proxy_test.rb
 - test/unit/subnet_test.rb
+- test/unit/template_test.rb
 - test/unit/test_helper.rb
+- test/unit/test_output_adapter.rb
 - test/unit/user_test.rb
-- test/unit/param_filters_test.rb
-- test/unit/role_test.rb
-- test/unit/model_test.rb
-- test/unit/operating_system_test.rb
-- test/unit/option_builders_test.rb
-- test/unit/architecture_test.rb
-- test/unit/commands_test.rb
-- test/unit/audit_test.rb
-- test/unit/auth_source_external.rb
-- test/unit/dependency_resolver_test.rb
-- test/unit/exception_handler_test.rb
-- test/unit/filter_test.rb
-- test/unit/media_test.rb
-- test/unit/sessions_test.rb
-- test/unit/bookmark_test.rb
-- test/unit/hostgroup_test.rb
-- test/unit/api_test.rb
-- test/unit/apipie_resource_mock.rb
-- test/unit/compute_profile_test.rb
-- test/unit/partition_table_test.rb
-- test/unit/template_test.rb
-- test/unit/smart_proxy_test.rb
-- test/unit/domain_test.rb
-- test/test_helper.rb
+- test/unit/usergroup_test.rb