hybrid_platforms_conductor 32.4.2 → 32.7.2

data/lib/hybrid_platforms_conductor/hpc_plugins/test/file_system.rb

@@ -17,7 +17,7 @@ module HybridPlatformsConductor
           Hash[
             @config.aggregate_files_rules(@nodes_handler, @node).map do |path, rule_info|
               [
-                "if sudo /bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
+                "if #{@nodes_handler.sudo_on(@node)} /bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
                 {
                   validator: proc do |stdout, stderr|
                     case stdout.last

data/lib/hybrid_platforms_conductor/hpc_plugins/test/hostname.rb

@@ -10,7 +10,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            'sudo hostname -s' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} hostname -s" => proc do |stdout|
               assert_equal stdout.first, @node, "Expected hostname to be #{@node}, but got #{stdout.first} instead."
             end
           }

data/lib/hybrid_platforms_conductor/hpc_plugins/test/ip.rb

@@ -10,7 +10,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            'sudo hostname -I' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} hostname -I" => proc do |stdout|
               if stdout.first.nil?
                 error 'No IP returned by "hostname -I"'
               else

data/lib/hybrid_platforms_conductor/hpc_plugins/test/local_users.rb

@@ -57,7 +57,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            "sudo cat /etc/passwd" => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} cat /etc/passwd" => proc do |stdout|
               passwd_users = stdout.map { |passwd_line| passwd_line.split(':').first }
               missing_users = @nodes_handler.
                 select_confs_for_node(@node, @config.users_that_should_be_present).

data/lib/hybrid_platforms_conductor/hpc_plugins/test/mounts.rb

@@ -61,7 +61,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            'sudo mount' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} mount" => proc do |stdout|
               mounts_info = stdout.map do |line|
                 fields = line.split
                 {

data/lib/hybrid_platforms_conductor/hpc_plugins/test/orphan_files.rb

@@ -50,7 +50,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            "sudo /usr/bin/find / \\( #{@nodes_handler.
+            "#{@nodes_handler.sudo_on(@node)} /usr/bin/find / \\( #{@nodes_handler.
               select_confs_for_node(@node, @config.ignored_orphan_files_paths).
               inject(DIRECTORIES_TO_ALWAYS_IGNORE) { |merged_paths, paths_to_ignore_info| merged_paths + paths_to_ignore_info[:ignored_paths] }.
               uniq.

data/lib/hybrid_platforms_conductor/hpc_plugins/test/spectre.rb

@@ -13,16 +13,15 @@ module HybridPlatformsConductor
           'CVE-2017-5754' => 'Meltdown'
         }
 
-        SPECTRE_CMD = <<~EOS
-          sudo /bin/bash <<'EOAction'
-          #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
-          EOAction
-        EOS
-
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
+          spectre_cmd = <<~EOS
+            #{@nodes_handler.sudo_on(@node)} /bin/bash <<'EOAction'
+            #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
+            EOAction
+          EOS
           {
-            SPECTRE_CMD => {
+            spectre_cmd => {
               validator: proc do |stdout|
                 VULNERABILITIES_TO_CHECK.each do |id, name|
                   id_regexp = /#{Regexp.escape(id)}/

data/lib/hybrid_platforms_conductor/hpc_plugins/test/vulnerabilities.rb

@@ -54,6 +54,7 @@ module HybridPlatformsConductor
                   current_url
                 end
               )
+              sudo = @nodes_handler.sudo_on(@node)
               Hash[urls.map do |url|
                 # 1. Get the OVAL file on the node to be tested (uncompress it if needed)
                 # 2. Make sure oscap is installed
@@ -74,9 +75,9 @@ module HybridPlatformsConductor
                   #{
                     case image
                     when :centos_7
-                      "sudo yum install -y wget openscap-scanner #{packages_to_install.join(' ')}"
+                      "#{sudo} yum install -y wget openscap-scanner #{packages_to_install.join(' ')}"
                     when :debian_9
-                      "sudo apt install -y wget libopenscap8 #{packages_to_install.join(' ')}"
+                      "#{sudo} apt install -y wget libopenscap8 #{packages_to_install.join(' ')}"
                     when :debian_10
                       # On Debian 10 we have to compile it from sources, as the packaged official version has core dumps.
                       # cf https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1688223.html
@@ -86,13 +87,13 @@ module HybridPlatformsConductor
                           rm -rf openscap
                           git clone --recurse-submodules https://github.com/OpenSCAP/openscap.git
                           cd openscap
-                          sudo apt install -y cmake libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python-dev swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libapt-pkg-dev libyaml-dev
+                          #{sudo} apt install -y cmake libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python-dev swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libapt-pkg-dev libyaml-dev
                           cd build
                           cmake ../
                           make
-                          sudo make install
+                          #{sudo} make install
                         fi
-                        sudo apt install -y wget #{packages_to_install.join(' ')}
+                        #{sudo} apt install -y wget #{packages_to_install.join(' ')}
                       EOS2
                     else
                       raise "Non supported image: #{image}. Please adapt this test's code."
@@ -103,7 +104,7 @@ module HybridPlatformsConductor
                   cd hpc_vulnerabilities_test
                   wget -N #{url}
                   #{uncompress_cmds.join("\n")}
-                  sudo oscap oval eval --skip-valid --results "#{local_oval_file}.results.xml" "#{local_oval_file}"
+                  #{sudo} oscap oval eval --skip-valid --results "#{local_oval_file}.results.xml" "#{local_oval_file}"
                   echo "===== RESULTS ====="
                   cat "#{local_oval_file}.results.xml"
                   cd ..

data/lib/hybrid_platforms_conductor/nodes_handler.rb

@@ -18,9 +18,20 @@ module HybridPlatformsConductor
       # Array< Hash<Symbol, Object> >
       attr_reader :cmdb_masters
 
+      # List of sudo methods. Each info has the following properties:
+      # * *nodes_selectors_stack* (Array<Object>): Stack of nodes selectors impacted by this rule.
+      # * *sudo_proc* (Proc): Code giving the sudo line for a given user
+      #   Parameters::
+      #   * *user* (String): User for which we want sudo
+      #   Result::
+      #   * String: Corresponding sudo string
+      # Array< Hash<Symbol, Object> >
+      attr_reader :sudo_procs
+
       # Mixin initializer
       def init_nodes_handler_config
         @cmdb_masters = []
+        @sudo_procs = []
       end
 
       # Set CMDB masters
@@ -34,6 +45,17 @@ module HybridPlatformsConductor
         }
       end
 
+      # Set a sudo proc
+      #
+      # Parameters::
+      # * *sudo_proc* (Proc): The sudo proc (see #sudo_procs doc to know the signature)
+      def sudo_for(&sudo_proc)
+        @sudo_procs << {
+          nodes_selectors_stack: current_nodes_selectors_stack,
+          sudo_proc: sudo_proc
+        }
+      end
+
     end
 
     Config.extend_config_dsl_with ConfigDSLExtension, :init_nodes_handler_config
@@ -568,6 +590,21 @@ module HybridPlatformsConductor
       nodes_selector_stack.inject(known_nodes) { |selected_nodes, nodes_selector| selected_nodes & select_nodes(nodes_selector) }
     end
 
+    # Get the sudo command for a given user on a given node
+    #
+    # Parameters::
+    # * *node* (String): Node on which we need sudo
+    # * *user* (String): User for which we need sudo [default = 'root']
+    # Result::
+    # * String: The corresponding sudo string
+    def sudo_on(node, user = 'root')
+      sudo = nil
+      select_confs_for_node(node, @config.sudo_procs).each do |sudo_proc_info|
+        sudo = sudo_proc_info[:sudo_proc].call(user)
+      end
+      sudo.nil? ? "sudo -u #{user}" : sudo
+    end
+
     private
 
     # Get the CMDB master for a given property.

data/lib/hybrid_platforms_conductor/version.rb

@@ -1,5 +1,5 @@
 module HybridPlatformsConductor
 
-  VERSION = '32.4.2'
+  VERSION = '32.7.2'
 
 end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/config_dsl_spec.rb

@@ -43,6 +43,41 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'returns ssh transformation procs' do
+        with_test_platform(
+          {
+            nodes: {
+              'node1' => {},
+              'node2' => {},
+              'node3' => {}
+            },
+          },
+          false,
+          '
+            for_nodes(%w[node1 node3]) do
+              transform_ssh_connection do |node, connection, connection_user, gateway, gateway_user|
+                ["#{connection}_#{node}_13", "#{connection_user}_#{node}_13", "#{gateway}_#{node}_13", "#{gateway_user}_#{node}_13"]
+              end
+            end
+            for_nodes(\'node1\') do
+              transform_ssh_connection do |node, connection, connection_user, gateway, gateway_user|
+                ["#{connection}_#{node}_1", "#{connection_user}_#{node}_1", "#{gateway}_#{node}_1", "#{gateway_user}_#{node}_1"]
+              end
+            end
+          '
+        ) do
+          expect(test_config.ssh_connection_transforms.size).to eq 2
+          expect(test_config.ssh_connection_transforms[0][:nodes_selectors_stack]).to eq [%w[node1 node3]]
+          expect(test_config.ssh_connection_transforms[0][:transform].call('node1', 'test_host', 'test_user', 'test_gateway', 'test_gateway_user')).to eq [
+            'test_host_node1_13', 'test_user_node1_13', 'test_gateway_node1_13', 'test_gateway_user_node1_13'
+          ]
+          expect(test_config.ssh_connection_transforms[1][:nodes_selectors_stack]).to eq ['node1']
+          expect(test_config.ssh_connection_transforms[1][:transform].call('node1', 'test_host', 'test_user', 'test_gateway', 'test_gateway_user')).to eq [
+            'test_host_node1_1', 'test_user_node1_1', 'test_gateway_node1_1', 'test_gateway_user_node1_1'
+          ]
+        end
+      end
+
     end
 
   end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/connections_spec.rb

@@ -28,6 +28,22 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'creates an SSH master to 1 node not having Session Exec capabilities' do
+        with_test_platform(nodes: { 'node' => { meta: { host_ip: '192.168.42.42', ssh_session_exec: 'false' } } }) do
+          with_cmd_runner_mocked(
+            [
+              ['which env', proc { [0, "/usr/bin/env\n", ''] }],
+              ['ssh -V 2>&1', proc { [0, "OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019\n", ''] }]
+            ] + ssh_expected_commands_for({ 'node' => { connection: '192.168.42.42', user: 'test_user' } }, with_session_exec: false)
+          ) do
+            test_connector.ssh_user = 'test_user'
+            test_connector.with_connection_to(['node']) do |connected_nodes|
+              expect(connected_nodes).to eq ['node']
+            end
+          end
+        end
+      end
+
       it 'creates SSH master to several nodes' do
         with_test_platform(nodes: {
           'node1' => { meta: { host_ip: '192.168.42.1' } },
@@ -52,6 +68,45 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'creates SSH master to several nodes with ssh connections transformed' do
+        with_test_platform(
+          { nodes: {
+          'node1' => { meta: { host_ip: '192.168.42.1' } },
+          'node2' => { meta: { host_ip: '192.168.42.2' } },
+          'node3' => { meta: { host_ip: '192.168.42.3' } }
+          } },
+          false,
+          '
+            for_nodes(%w[node1 node3]) do
+              transform_ssh_connection do |node, connection, connection_user, gateway, gateway_user|
+                ["#{connection}_#{node}_13", "#{connection_user}_#{node}_13", "#{gateway}_#{node}_13", "#{gateway_user}_#{node}_13"]
+              end
+            end
+            for_nodes(\'node1\') do
+              transform_ssh_connection do |node, connection, connection_user, gateway, gateway_user|
+                ["#{connection}_#{node}_1", "#{connection_user}_#{node}_1", "#{gateway}_#{node}_1", "#{gateway_user}_#{node}_1"]
+              end
+            end
+          '
+        ) do
+          with_cmd_runner_mocked(
+            [
+              ['which env', proc { [0, "/usr/bin/env\n", ''] }],
+              ['ssh -V 2>&1', proc { [0, "OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019\n", ''] }]
+            ] + ssh_expected_commands_for(
+              'node1' => { ip: '192.168.42.1', connection: '192.168.42.1_node1_13_node1_1', user: 'test_user_node1_13_node1_1' },
+              'node2' => { ip: '192.168.42.2', connection: '192.168.42.2', user: 'test_user' },
+              'node3' => { ip: '192.168.42.3', connection: '192.168.42.3_node3_13', user: 'test_user_node3_13' }
+            )
+          ) do
+            test_connector.ssh_user = 'test_user'
+            test_connector.with_connection_to(%w[node1 node2 node3]) do |connected_nodes|
+              expect(connected_nodes.sort).to eq %w[node1 node2 node3].sort
+            end
+          end
+        end
+      end
+
       it 'fails when an SSH master can\'t be created' do
         with_test_platform(nodes: {
           'node1' => { meta: { host_ip: '192.168.42.1' } },
@@ -63,8 +118,12 @@ describe HybridPlatformsConductor::ActionsExecutor do
               ['which env', proc { [0, "/usr/bin/env\n", ''] }],
               ['ssh -V 2>&1', proc { [0, "OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019\n", ''] }]
             ] + ssh_expected_commands_for(
-              'node1' => { connection: '192.168.42.1', user: 'test_user' },
-              'node3' => { connection: '192.168.42.3', user: 'test_user' }
+              {
+                'node1' => { connection: '192.168.42.1', user: 'test_user' },
+                'node3' => { connection: '192.168.42.3', user: 'test_user' }
+              },
+              # Here the threads for node1's and node3's ControlMasters might not trigger before the one for node2, so they will not destroy it.
+              with_control_master_destroy_optional: true
             ) + ssh_expected_commands_for(
               {
                 'node2' => { connection: '192.168.42.2', user: 'test_user', control_master_create_error: 'Can\'t connect to 192.168.42.2' }
@@ -73,7 +132,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
             )
           ) do
             test_connector.ssh_user = 'test_user'
-            expect { test_connector.with_connection_to(%w[node1 node2 node3]) }.to raise_error(/^Error while starting SSH Control Master with .+\/ssh -o BatchMode=yes -o ControlMaster=yes -o ControlPersist=yes test_user@hpc.node2 true: Can't connect to 192.168.42.2$/)
+            expect { test_connector.with_connection_to(%w[node1 node2 node3]) }.to raise_error(/^Error while starting SSH Control Master with .+\/ssh -o BatchMode=yes -o ControlMaster=yes -o ControlPersist=yes hpc.node2 true: Can't connect to 192.168.42.2$/)
           end
         end
       end
@@ -239,7 +298,8 @@ describe HybridPlatformsConductor::ActionsExecutor do
           ) do
             test_connector.ssh_use_control_master = false
             test_connector.ssh_user = 'test_user'
-            test_connector.with_connection_to(['node']) do
+            test_connector.with_connection_to(['node']) do |connected_nodes|
+              expect(connected_nodes).to eq %w[node]
             end
           end
         end
@@ -416,7 +476,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
               ['ssh -V 2>&1', proc { [0, "OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019\n", ''] }],
             ] +
               [[
-                /^.+\/ssh -o BatchMode=yes -o ControlMaster=yes -o ControlPersist=yes test_user@hpc\.node true$/,
+                /^.+\/ssh -o BatchMode=yes -o ControlMaster=yes -o ControlPersist=yes hpc\.node true$/,
                 proc do
                   nbr_boot_messages += 1
                   [255, '', "System is booting up. See pam_nologin(8)\nAuthentication failed.\n"]

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/global_helpers_spec.rb

@@ -35,8 +35,11 @@ describe HybridPlatformsConductor::ActionsExecutor do
         begin_marker = node.nil? ? /^Host \*$/ : /^# #{Regexp.escape(node)} - .+$/
         start_idx = ssh_config_lines.index { |line| line =~ begin_marker }
         return nil if start_idx.nil?
-        end_marker = /^# \w+ - .+$/
-        end_idx = ssh_config_lines[start_idx + 1..-1].index { |line| line =~ end_marker }
+        end_markers = [
+          /^\# \w+ - .+$/,
+          /^\#+$/
+        ]
+        end_idx = ssh_config_lines[start_idx + 1..-1].index { |line| end_markers.any? { |end_marker| line =~ end_marker } }
         end_idx = end_idx.nil? ? -1 : start_idx + end_idx
         ssh_config_lines[start_idx..end_idx].select do |line|
           stripped_line = line.strip
@@ -50,7 +53,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
           expect(ssh_config_for(nil)).to eq <<~EOS
             Host *
               User test_user
-              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_actions_executor_mux_%h_%p_%r
+              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_ssh_mux_%h_%p_%r
               PubkeyAcceptedKeyTypes +ssh-dss
           EOS
         end
@@ -62,7 +65,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
           expect(ssh_config_for(nil)).to eq <<~EOS
             Host *
               User test_user
-              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_actions_executor_mux_%h_%p_%r
+              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_ssh_mux_%h_%p_%r
               PubkeyAcceptedKeyTypes +ssh-dss
           EOS
         end
@@ -74,7 +77,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
           expect(ssh_config_for(nil, known_hosts_file: '/path/to/known_hosts')).to eq <<~EOS
             Host *
               User test_user
-              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_actions_executor_mux_%h_%p_%r
+              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_ssh_mux_%h_%p_%r
               PubkeyAcceptedKeyTypes +ssh-dss
               UserKnownHostsFile /path/to/known_hosts
           EOS
@@ -88,7 +91,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
           expect(ssh_config_for(nil)).to eq <<~EOS
             Host *
               User test_user
-              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_actions_executor_mux_%h_%p_%r
+              ControlPath #{Dir.tmpdir}/hpc_ssh/hpc_ssh_mux_%h_%p_%r
               PubkeyAcceptedKeyTypes +ssh-dss
               StrictHostKeyChecking no
           EOS
@@ -274,6 +277,47 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'uses node transformed SSH connection' do
+        with_test_platform(
+          { nodes: {
+            'node1' => { meta: { host_ip: '192.168.42.1', gateway: 'test_gateway1', gateway_user: 'test_gateway1_user' } },
+            'node2' => { meta: { host_ip: '192.168.42.2', gateway: 'test_gateway2', gateway_user: 'test_gateway2_user' } },
+            'node3' => { meta: { host_ip: '192.168.42.3', gateway: 'test_gateway3', gateway_user: 'test_gateway3_user' } }
+          } },
+          false,
+          '
+            for_nodes(%w[node1 node3]) do
+              transform_ssh_connection do |node, connection, connection_user, gateway, gateway_user|
+                ["#{connection}_#{node}_13", "#{connection_user}_#{node}_13", "#{gateway}_#{node}_13", "#{gateway_user}_#{node}_13"]
+              end
+            end
+            for_nodes(\'node1\') do
+              transform_ssh_connection do |node, connection, connection_user, gateway, gateway_user|
+                ["#{connection}_#{node}_1", "#{connection_user}_#{node}_1", "#{gateway}_#{node}_1", "#{gateway_user}_#{node}_1"]
+              end
+            end
+          ') do
+          test_connector.ssh_user = 'test_user'
+          expect(ssh_config_for('node1')).to eq <<~EOS
+            Host hpc.node1
+              Hostname 192.168.42.1_node1_13_node1_1
+              User "test_user_node1_13_node1_1"
+              ProxyCommand ssh -q -W %h:%p test_gateway1_user_node1_13_node1_1@test_gateway1_node1_13_node1_1
+          EOS
+          expect(ssh_config_for('node2')).to eq <<~EOS
+            Host hpc.node2
+              Hostname 192.168.42.2
+              ProxyCommand ssh -q -W %h:%p test_gateway2_user@test_gateway2
+          EOS
+          expect(ssh_config_for('node3')).to eq <<~EOS
+            Host hpc.node3
+              Hostname 192.168.42.3_node3_13
+              User "test_user_node3_13"
+              ProxyCommand ssh -q -W %h:%p test_gateway3_user_node3_13@test_gateway3_node3_13
+          EOS
+        end
+      end
+
       it 'generates a config compatible for passwords authentication' do
         with_test_platform(nodes: { 'node' => { meta: { host_ip: '192.168.42.42' } } }) do
           test_connector.passwords['node'] = 'PaSsWoRd'