hammer_cli_foreman 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0062a1642130c282db9079a28b7cf5a72edf88d4
-  data.tar.gz: 3e9aad851851ace099b2b14fbc546dfb7d82b5d3
+  metadata.gz: c8dbe72d7f0cdd60461bcb2ceedbdb241791e9ba
+  data.tar.gz: 7a93863b4b5dfa7e2318e8842df64ee23de005a1
 SHA512:
-  metadata.gz: 5d382cb35adc5868503186f201644a7dede5b4ebd58831a65e5e89f616a5c4b6fb948826ebd5e8c0658bdbfe7a00c9061bff8094e50e85cacf2a83c3f91bc229
-  data.tar.gz: 009d972e9d43f82be69c944e7da8555e58abd0a2bc40fdd5ccd962dc321b61dc7b8d2153266796603277fb2b3053e41753951bfcad81f5a752eb87b99015da86
+  metadata.gz: 645d647eec03ddee3afd4c4f61677fd1ecfa98b9981cf72d150ac8cb9d68f0adc7b5b1e88c30ad4da52d7fe3463a889a4ad6622b51716cb6ad315f3d3e61b1d3
+  data.tar.gz: f2c39dccfb3949685b4a77703274aa7bcf683953a25ee271fcff63d9152f285ed833dcc00ec4cc3c61064ac92d21145d45ac9d7eb667e38945370b0eb8430533

data/config/foreman.yml

@@ -8,6 +8,7 @@
   # Credentials. You'll be asked for them interactively if you leave them blank here
   :username: 'admin'
   #:password: 'example'
+  :use_sessions: false
 
   # Check API documentation cache status on each request
   #:refresh_cache: false

data/doc/host_create.md

@@ -164,7 +164,7 @@ Available keys for `--compute-attributes`:
 ```
 cpus          # number of CPUs
 memory        # string, amount of memory, value in bytes
-start         # boolean, whether to start the machine or not
+start         # Must be a 1 or 0, whether to start the machine or not
 ```
 
 Available keys for `--interface`:
@@ -198,7 +198,7 @@ cluster
 template   # hardware profile to use
 cores      # int value, number of cores
 memory     # amount of memory, int value in bytes
-start      # boolean, whether to start the machine or not
+start      # Must be a 1 or 0, whether to start the machine or not
 ```
 
 Available keys for `--interface`:
@@ -233,7 +233,7 @@ path                 # path to folder
 guest_id             # guest OS id form VMware
 scsi_controller_type # id of the controller from VMware
 hardware_version     # hardware version id from VMware
-start                # Must be a 1 or 0, whether to start the machine or not
+start                # Boolean, expressed as 0 or 1, whether to start the machine or not
 ```
 
 Available keys for `--interface`:

data/doc/release_notes.md

@@ -1,5 +1,19 @@
 Release notes
 =============
+### 0.9.0 (2016-12-15)
+* Auth overrides only unauthorized exception ([PR #271](https://github.com/theforeman/hammer-cli-foreman/pull/271)) ([#17650](http://projects.theforeman.org/issues/17650))
+* Session auth in hammer ([PR #269](https://github.com/theforeman/hammer-cli-foreman/pull/269)) ([#8016](http://projects.theforeman.org/issues/8016))
+* Display override value order as long text ([#17355](http://projects.theforeman.org/issues/17355))
+* Showing roles inherited from usergroups ([#16016](http://projects.theforeman.org/issues/16016))
+* The 'start' key always needs a 1 or 0 ([#17393](http://projects.theforeman.org/issues/17393))
+* Compute resource specific details in host help ([PR #263](https://github.com/theforeman/hammer-cli-foreman/pull/263)) ([#12472](http://projects.theforeman.org/issues/12472))
+* Fix compute-resource info ([#17077](http://projects.theforeman.org/issues/17077))
+* List override in filter output ([#17109](http://projects.theforeman.org/issues/17109))
+* Added description field to User in hammer ([#16772](http://projects.theforeman.org/issues/16772))
+* Added description field to Roles in hammer ([#16771](http://projects.theforeman.org/issues/16771))
+* add taxonomies to role info ([#16799](http://projects.theforeman.org/issues/16799))
+* Adds 'builtin' attribute to Role list ([#16406](http://projects.theforeman.org/issues/16406))
+
 ### 0.8.0 (2016-09-01)
 * add realm commands to hammer ([PR #240](https://github.com/theforeman/hammer-cli-foreman/pull/240)) ([#4918](http://projects.theforeman.org/issues/4918))
 * Renamed name to variable for smart_variables ([#16119](http://projects.theforeman.org/issues/16119))

data/lib/hammer_cli_foreman.rb

@@ -13,7 +13,6 @@ module HammerCLIForeman
   require 'hammer_cli_foreman/version'
   require 'hammer_cli_foreman/output'
   require 'hammer_cli_foreman/output/fields'
-  require 'hammer_cli_foreman/credentials'
   require 'hammer_cli_foreman/exception_handler'
   require 'hammer_cli_foreman/option_builders'
   require 'hammer_cli_foreman/param_filters'

data/lib/hammer_cli_foreman/api.rb

@@ -0,0 +1,3 @@
+require 'hammer_cli_foreman/api/connection'
+
+HammerCLIForeman.init_api_connection

data/lib/hammer_cli_foreman/api/connection.rb

@@ -0,0 +1,75 @@
+require 'hammer_cli_foreman/api/session_authenticator_wrapper'
+require 'hammer_cli_foreman/api/interactive_basic_auth'
+
+module HammerCLIForeman
+  module Api
+    class Connection < HammerCLI::Apipie::ApiConnection
+      attr_reader :authenticator
+
+      def initialize(settings, logger = nil, locale = nil)
+        default_params = build_default_params(settings, logger, locale)
+        super(default_params,
+          :logger => logger,
+          :reload_cache => settings.get(:_params, :reload_cache) || settings.get(:reload_cache)
+        )
+      end
+
+      def login
+        # Call some api entry point to trigger the
+        @api.resource(:home).action(:status).call
+      end
+
+      def logout
+        @authenticator.clear if @authenticator.respond_to?(:clear)
+      end
+
+      def login_status
+        @authenticator.status
+      end
+
+      protected
+
+      def create_authenticator(uri, settings)
+        return @authenticator unless @authenticator.nil?
+
+        @authenticator = InteractiveBasicAuth.new(
+          settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'] || settings.get(:foreman, :username),
+          settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD'] || settings.get(:foreman, :password)
+        )
+        @authenticator = SessionAuthenticatorWrapper.new(@authenticator, uri) if settings.get(:foreman, :use_sessions)
+        @authenticator
+      end
+
+      def build_default_params(settings, logger, locale)
+        config = {}
+        config[:uri] = settings.get(:_params, :host) || settings.get(:foreman, :host)
+        config[:logger] = logger unless logger.nil?
+        config[:api_version] = 2
+        config[:follow_redirects] = settings.get(:foreman, :follow_redirects) || :never
+        config[:aggressive_cache_checking] = settings.get(:foreman, :refresh_cache) || false
+        unless locale.nil?
+          config[:headers] = { "Accept-Language" => locale }
+          config[:language] = locale
+        end
+        config[:timeout] = settings.get(:foreman, :request_timeout)
+        config[:timeout] = -1 if (config[:timeout] && config[:timeout].to_i < 0)
+        config[:apidoc_authenticated] = false
+        config[:authenticator] = create_authenticator(config[:uri], settings)
+        config
+      end
+    end
+  end
+
+  CONNECTION_NAME = 'foreman'
+
+  def self.foreman_api_connection
+    HammerCLI.context[:api_connection].create(CONNECTION_NAME) do
+      HammerCLIForeman::Api::Connection.new(HammerCLI::Settings, Logging.logger['API'], HammerCLI::I18n.locale)
+    end
+  end
+
+  def self.init_api_connection
+    foreman_api_connection
+  end
+end
+

data/lib/hammer_cli_foreman/api/interactive_basic_auth.rb

@@ -0,0 +1,49 @@
+require 'highline/import'
+
+module HammerCLIForeman
+  module Api
+    class InteractiveBasicAuth < ApipieBindings::Authenticators::BasicAuth
+      def authenticate(request, args)
+        if HammerCLI.interactive?
+          get_user
+          get_password
+        end
+        super
+      end
+
+      def error(ex)
+        ex.message = _("Invalid username or password") if ex.is_a?(RestClient::Unauthorized)
+      end
+
+      def status
+        unless @user.nil? || @password.nil?
+          _("You are logged in as '%s'") % @user
+        else
+          _("You are currently not logged in")
+        end
+      end
+
+      def user
+        get_user
+      end
+
+      private
+
+      def get_user
+        @user ||= ask_user(_("[Foreman] Username: "))
+      end
+
+      def get_password
+        @password ||= ask_user(_("[Foreman] Password for %s: ") % @user, true)
+      end
+
+      def ask_user(prompt, silent=false)
+        if silent
+          ask(prompt) {|q| q.echo = false}
+        else
+          ask(prompt)
+        end
+      end
+    end
+  end
+end

data/lib/hammer_cli_foreman/api/session_authenticator_wrapper.rb

@@ -0,0 +1,120 @@
+require 'uri'
+
+module HammerCLIForeman
+  module Api
+    class SessionAuthenticatorWrapper < ApipieBindings::Authenticators::Base
+      SESSION_STORAGE = '~/.hammer/sessions/'
+
+      def initialize(authenticator, url, storage_dir = nil)
+        @authenticator = authenticator
+        @url = url
+
+        uri = URI.parse(url)
+        @session_file = "#{uri.scheme}_#{uri.host}"
+        @storage_dir = storage_dir || File.expand_path(SESSION_STORAGE)
+
+        @permissions_ok = check_storage_permissions
+        warn _("Can't use session auth due to invalid permissions on session files.") unless @permissions_ok
+      end
+
+      def clear
+        destroy_session
+      end
+
+      def status
+        if load_session
+          _("Session exist, currently logged in as '%s'") % @user
+        else
+          _("You are currently not logged in")
+        end
+      end
+
+      def authenticate(request, args)
+        load_session
+
+        destroy_session if (@authenticator.user != @user)
+
+        if @permissions_ok && @session_id
+          jar = HTTP::CookieJar.new
+          jar.add(HTTP::Cookie.new('_session_id', @session_id, domain: request.uri.hostname.downcase, path: '/', for_domain: true))
+          request['Cookie'] = HTTP::Cookie.cookie_value(jar.cookies)
+          request
+        else
+          @authenticator.authenticate(request, args)
+        end
+      end
+
+      def error(ex)
+        load_session
+        if ex.is_a?(RestClient::Unauthorized) && !@session_id.nil?
+          destroy_session
+          ex.message = _("Session has expired")
+        else
+          @authenticator.error(ex)
+        end
+      end
+
+      def response(r)
+        @session_id = r.cookies['_session_id']
+        if (@session_id && r.code != 401)
+          save_session(@session_id, @authenticator.user)
+        end
+        @authenticator.response(r)
+      end
+
+      protected
+
+      def session_storage
+        "#{@storage_dir}/#{@session_file}"
+      end
+
+      def load_session
+        if File.exist?(session_storage)
+          session_data = JSON.parse(File.read(session_storage))
+          @user = session_data['user_name']
+          @session_id = session_data['session_id']
+        end
+      rescue JSON::ParserError
+        warn _('Invalid session file format')
+        nil
+      end
+
+      def save_session(session_id, user_name)
+        File.open(session_storage, 'w', 0600) do |f|
+          session = JSON.generate({
+            :session_id => session_id,
+            :user_name => user_name
+          })
+          f.write(session)
+        end
+      end
+
+      def destroy_session
+        @user = @session_id = nil
+        File.delete(session_storage) if File.exist?(session_storage)
+      end
+
+      def check_storage_permissions
+        Dir.mkdir(@storage_dir, 0700) unless File.exist?(@storage_dir)
+        ensure_mode(@storage_dir, '40700') && ensure_mode(session_storage, '100600')
+      end
+
+      def ensure_mode(file, expected_mode)
+        return true unless File.exist?(file)
+        mode = File.stat(file).mode.to_s(8)
+        if mode != expected_mode
+          warn _("Invalid permissions for %{file}: %{mode}, expected %{expected_mode}") % {
+            :mode => mode,
+            :expected_mode => expected_mode,
+            :file => file
+          }
+          false
+        else
+          true
+        end
+      end
+
+    end
+  end
+end
+

data/lib/hammer_cli_foreman/auth.rb

@@ -6,11 +6,20 @@ module HammerCLIForeman
       command_name "login"
       desc _("Set credentials")
 
+      option ["-u", "--username"], "USERNAME", _("username to access the remote system")
+      option ["-p", "--password"], "PASSWORD", _("password to access the remote system")
+
       def execute
-        HammerCLIForeman.credentials.clear
-        HammerCLI::Connection.drop_all
-        HammerCLIForeman.credentials.username
-        HammerCLIForeman.credentials.password
+        HammerCLIForeman.foreman_api_connection.logout
+        context[:api_connection].drop_all
+        HammerCLI::Settings.load({
+          :_params => {
+            :username => option_username,
+            :password => option_password
+          }
+        })
+        HammerCLIForeman.foreman_api_connection.login
+        print_message(_("Successfully logged in."))
         HammerCLI::EX_OK
       end
     end
@@ -20,9 +29,8 @@ module HammerCLIForeman
       desc _("Wipe your credentials")
 
       def execute
-        #NOTE: we will change that to drop(:foreman) once dynamic bindings are implemented
-        HammerCLIForeman.credentials.clear
-        HammerCLI::Connection.drop_all
+        HammerCLIForeman.foreman_api_connection.logout
+        context[:api_connection].drop_all
         print_message(_("Credentials deleted."))
         HammerCLI::EX_OK
       end
@@ -33,11 +41,7 @@ module HammerCLIForeman
       desc _("Information about current connections")
 
       def execute
-        unless HammerCLIForeman.credentials.empty?
-          print_message(_("You are logged in as '%s'") % HammerCLIForeman.credentials.username)
-        else
-          print_message(_("You are currently not logged in to any service.\nUse the service to set credentials."))
-        end
+        print_message(HammerCLIForeman.foreman_api_connection.login_status)
         HammerCLI::EX_OK
       end
     end

data/lib/hammer_cli_foreman/commands.rb

@@ -1,6 +1,6 @@
-module HammerCLIForeman
+require 'hammer_cli_foreman/api'
 
-  CONNECTION_NAME = 'foreman'
+module HammerCLIForeman
 
   RESOURCE_NAME_MAPPING = {
     :usergroup => :user_group,
@@ -11,40 +11,8 @@ module HammerCLIForeman
     :puppetclasses => :puppet_classes
   }
 
-  def self.credentials
-    @credentials ||= BasicCredentials.new(
-      :username => (HammerCLI::Settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'] || HammerCLI::Settings.get(:foreman, :username)),
-      :password => (HammerCLI::Settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD'] || HammerCLI::Settings.get(:foreman, :password))
-    )
-    @credentials
-  end
-
-  def self.resource_config
-    config = {}
-    config[:uri] = HammerCLI::Settings.get(:_params, :host) || HammerCLI::Settings.get(:foreman, :host)
-    config[:credentials] = credentials
-    config[:logger] = Logging.logger['API']
-    config[:api_version] = 2
-    config[:follow_redirects] = HammerCLI::Settings.get(:foreman, :follow_redirects) || :never
-    config[:aggressive_cache_checking] = HammerCLI::Settings.get(:foreman, :refresh_cache) || false
-    config[:headers] = { "Accept-Language" => HammerCLI::I18n.locale }
-    config[:language] = HammerCLI::I18n.locale
-    config[:timeout] = HammerCLI::Settings.get(:foreman, :request_timeout)
-    config[:timeout] = -1 if (config[:timeout] && config[:timeout].to_i < 0)
-    config[:apidoc_authenticated] = false
-    config
-  end
-
-  def self.foreman_api_connection
-    HammerCLI::Connection.create(
-      CONNECTION_NAME,
-      HammerCLI::Apipie::Command.resource_config.merge(resource_config),
-      HammerCLI::Apipie::Command.connection_options
-    )
-  end
-
   def self.foreman_api
-    foreman_api_connection.api
+    foreman_api_connection
   end
 
   def self.foreman_resource!(resource_name, options={})
@@ -173,7 +141,7 @@ module HammerCLIForeman
     end
 
     def self.resolver
-      api = HammerCLI::Connection.get("foreman").api
+      api = HammerCLI.context[:api_connection].get("foreman")
       HammerCLIForeman::IdResolver.new(api, HammerCLIForeman::Searchables.new)
     end
 

data/lib/hammer_cli_foreman/compute_resource.rb

@@ -31,20 +31,20 @@ module HammerCLIForeman
 
       PROVIDER_SPECIFIC_FIELDS = {
         'ovirt' => [
-          Fields::Field.new(:label => _('UUID'), :path => ["compute_resource", "uuid"])
+          Fields::Field.new(:label => _('Datacenter'), :path => [:datacenter])
         ],
         'ec2' => [
-          Fields::Field.new(:label => _('Region'), :path => ["compute_resource", "region"])
+          Fields::Field.new(:label => _('Region'), :path => [:region])
         ],
         'vmware' => [
-          Fields::Field.new(:label => _('UUID'), :path => ["compute_resource", "uuid"]),
-          Fields::Field.new(:label => _('Server'), :path => ["compute_resource", "server"])
+          Fields::Field.new(:label => _('Datacenter'), :path => [:datacenter]),
+          Fields::Field.new(:label => _('Server'), :path => [:server])
         ],
         'openstack' => [
-          Fields::Field.new(:label => _('Tenant'), :path => ["compute_resource", "tenant"])
+          Fields::Field.new(:label => _('Tenant'), :path => [:tenant])
         ],
         'rackspace' => [
-          Fields::Field.new(:label => _('Region'), :path => ["compute_resource", "region"])
+          Fields::Field.new(:label => _('Region'), :path => [:region])
         ],
         'libvirt' => [
         ]