hybrid_platforms_conductor 33.2.2 → 33.5.0

data/lib/hybrid_platforms_conductor/hpc_plugins/test_report/confluence.rb

@@ -14,6 +14,8 @@ module HybridPlatformsConductor
 
         extend_config_dsl_with CommonConfigDsl::Confluence, :init_confluence
 
+        include HybridPlatformsConductor::Confluence
+
         # Maximum errors to be reported by item
         MAX_ERROR_ITEMS_DISPLAYED = 10
 
@@ -28,7 +30,7 @@ module HybridPlatformsConductor
           confluence_info = @config.confluence_info
           if confluence_info
             if confluence_info[:tests_report_page_id]
-              HybridPlatformsConductor::Confluence.with_confluence(confluence_info[:url], @logger, @logger_stderr) do |confluence|
+              with_confluence(confluence_info[:url]) do |confluence|
                 # Get previous percentages for the evolution
                 @previous_success_percentages = confluence.page_storage_format(confluence_info[:tests_report_page_id]).
                   at('h1:contains("Evolution")').

data/lib/hybrid_platforms_conductor/logger_helpers.rb

@@ -1,6 +1,23 @@
 require 'colorize'
 require 'logger'
 require 'ruby-progressbar'
+require 'secret_string'
+
+# Add colorization methods to SecretString, but always directed to the silenced string as we NEVER want to modiy/clone a secret
+class SecretString
+
+  extend Colorize::ClassMethods
+
+  def_delegators :@silenced_str, *%i[
+    colorize
+    uncolorize
+    colorized?
+  ]
+
+  color_methods
+  modes_methods
+
+end
 
 module HybridPlatformsConductor
 
@@ -88,7 +105,13 @@ module HybridPlatformsConductor
       define_method("log_#{level}") do |message|
         (LEVELS_TO_STDERR.include?(level) ? @logger_stderr : @logger).send(
           level,
-          defined?(@log_component) ? @log_component : self.class.name.split('::').last
+          if defined?(@log_component)
+            @log_component
+          else
+            # Handle the case when the class is unnamed
+            class_name = self.class.name
+            class_name.nil? ? '<Unnamed class>' : class_name.split('::').last
+          end
         ) { message }
       end
     end

data/lib/hybrid_platforms_conductor/plugins.rb

@@ -1,3 +1,4 @@
+require 'forwardable'
 require 'hybrid_platforms_conductor/logger_helpers'
 
 module HybridPlatformsConductor

data/lib/hybrid_platforms_conductor/safe_merge.rb

@@ -0,0 +1,37 @@
+module HybridPlatformsConductor
+
+  # Provide an easy way to safe-merge hashes
+  module SafeMerge
+
+    # Safe-merge 2 hashes.
+    # Safe-merging is done by:
+    # * Merging values that are hashes.
+    # * Reporting errors when values conflict.
+    # When values are conflicting, the initial hash won't modify those conflicting values and will stop the merge.
+    #
+    # Parameters::
+    # * *hash* (Hash): Hash to be modified merging hash_to_merge
+    # * *hash_to_merge* (Hash): Hash to be merged into hash
+    # Result::
+    # * nil or Array<Object>: nil in case of success, or the keys path leading to a conflicting value in case of error
+    def safe_merge(hash, hash_to_merge)
+      conflicting_path = nil
+      hash_to_merge.each do |key, value_to_merge|
+        if hash.key?(key)
+          if hash[key].is_a?(Hash) && value_to_merge.is_a?(Hash)
+            sub_conflicting_path = safe_merge(hash[key], value_to_merge)
+            conflicting_path = [key] + sub_conflicting_path unless sub_conflicting_path.nil?
+          elsif hash[key] != value_to_merge
+            conflicting_path = [key]
+          end
+        else
+          hash[key] = value_to_merge
+        end
+        break unless conflicting_path.nil?
+      end
+      conflicting_path
+    end
+
+  end
+
+end

data/lib/hybrid_platforms_conductor/thycotic.rb

@@ -5,95 +5,100 @@ require 'hybrid_platforms_conductor/logger_helpers'
 
 module HybridPlatformsConductor
 
-  # Gives ways to query the Thycotic SOAP API at a given URL
-  class Thycotic
+  # Mixin giving ways to query the Thycotic SOAP API at a given URL
+  module Thycotic
 
-    include LoggerHelpers
+    include Credentials
 
     # Provide a Thycotic connector, and make sure the password is being cleaned when exiting.
     #
     # Parameters::
     # * *thycotic_url* (String): The Thycotic URL
-    # * *logger* (Logger): Logger to be used
-    # * *logger_stderr* (Logger): Logger to be used for stderr
     # * *domain* (String): Domain to use for authentication to Thycotic [default: ENV['hpc_domain_for_thycotic']]
     # * Proc: Code called with the Thyctotic instance.
-    #   * *thycotic* (Thyctotic): The Thyctotic instance to use.
-    def self.with_thycotic(thycotic_url, logger, logger_stderr, domain: ENV['hpc_domain_for_thycotic'])
-      Credentials.with_credentials_for(:thycotic, logger, logger_stderr, url: thycotic_url) do |thycotic_user, thycotic_password|
-        yield Thycotic.new(thycotic_url, thycotic_user, thycotic_password, domain: domain, logger: logger, logger_stderr: logger_stderr)
+    #   * *thycotic* (ThyctoticApi): The Thycotic instance to use.
+    def with_thycotic(thycotic_url, domain: ENV['hpc_domain_for_thycotic'])
+      with_credentials_for(:thycotic, resource: thycotic_url) do |thycotic_user, thycotic_password|
+        yield ThycoticApi.new(thycotic_url, thycotic_user, thycotic_password, domain: domain, logger: @logger, logger_stderr: @logger_stderr)
       end
     end
 
-    # Constructor
-    #
-    # Parameters::
-    # * *url* (String): URL of the Thycotic Secret Server
-    # * *user* (String): User name to be used to connect to Thycotic
-    # * *password* (String): Password to be used to connect to Thycotic
-    # * *domain* (String): Domain to use for authentication to Thycotic [default: ENV['hpc_domain_for_thycotic']]
-    # * *logger* (Logger): Logger to be used [default: Logger.new(STDOUT)]
-    # * *logger_stderr* (Logger): Logger to be used for stderr [default: Logger.new(STDERR)]
-    def initialize(
-      url,
-      user,
-      password,
-      domain: ENV['hpc_domain_for_thycotic'],
-      logger: Logger.new($stdout),
-      logger_stderr: Logger.new($stderr)
-    )
-      init_loggers(logger, logger_stderr)
-      # Get a token to this SOAP API
-      @client = Savon.client(
-        wsdl: "#{url}/webservices/SSWebservice.asmx?wsdl",
-        ssl_verify_mode: :none,
-        logger: @logger,
-        log: log_debug?
+    # Access to the Thycotic API
+    class ThycoticApi
+
+      include LoggerHelpers
+
+      # Constructor
+      #
+      # Parameters::
+      # * *url* (String): URL of the Thycotic Secret Server
+      # * *user* (String): User name to be used to connect to Thycotic
+      # * *password* (SecretString): Password to be used to connect to Thycotic
+      # * *domain* (String): Domain to use for authentication to Thycotic [default: ENV['hpc_domain_for_thycotic']]
+      # * *logger* (Logger): Logger to be used [default: Logger.new(STDOUT)]
+      # * *logger_stderr* (Logger): Logger to be used for stderr [default: Logger.new(STDERR)]
+      def initialize(
+        url,
+        user,
+        password,
+        domain: ENV['hpc_domain_for_thycotic'],
+        logger: Logger.new($stdout),
+        logger_stderr: Logger.new($stderr)
       )
-      @token = @client.call(
-        :authenticate,
-        message: {
-          username: user,
-          password: password,
-          domain: domain
-        }
-      ).to_hash.dig(:authenticate_response, :authenticate_result, :token)
-      raise "Unable to get token from SOAP authentication to #{url}" if @token.nil?
-    end
+        init_loggers(logger, logger_stderr)
+        # Get a token to this SOAP API
+        @client = Savon.client(
+          wsdl: "#{url}/webservices/SSWebservice.asmx?wsdl",
+          ssl_verify_mode: :none,
+          logger: @logger,
+          log: log_debug?
+        )
+        @token = @client.call(
+          :authenticate,
+          message: {
+            username: user,
+            password: password&.to_unprotected,
+            domain: domain
+          }
+        ).to_hash.dig(:authenticate_response, :authenticate_result, :token)
+        raise "Unable to get token from SOAP authentication to #{url}" if @token.nil?
+      end
 
-    # Return secret corresponding to a given secret ID
-    #
-    # Parameters::
-    # * *secret_id* (Object): The secret ID
-    # Result::
-    # * Hash: The corresponding API result
-    def get_secret(secret_id)
-      @client.call(
-        :get_secret,
-        message: {
-          token: @token,
-          secretId: secret_id
-        }
-      ).to_hash.dig(:get_secret_response, :get_secret_result)
-    end
+      # Return secret corresponding to a given secret ID
+      #
+      # Parameters::
+      # * *secret_id* (Object): The secret ID
+      # Result::
+      # * Hash: The corresponding API result
+      def get_secret(secret_id)
+        @client.call(
+          :get_secret,
+          message: {
+            token: @token,
+            secretId: secret_id
+          }
+        ).to_hash.dig(:get_secret_response, :get_secret_result)
+      end
+
+      # Get a file attached to a given secret
+      #
+      # Parameters::
+      # * *secret_id* (Object): The secret ID
+      # * *secret_item_id* (Object): The secret item id
+      # Result::
+      # * String or nil: The file content, or nil if none
+      def download_file_attachment_by_item_id(secret_id, secret_item_id)
+        encoded_file = @client.call(
+          :download_file_attachment_by_item_id,
+          message: {
+            token: @token,
+            secretId: secret_id,
+            secretItemId: secret_item_id
+          }
+        ).to_hash.dig(:download_file_attachment_by_item_id_response, :download_file_attachment_by_item_id_result, :file_attachment)
+        encoded_file.nil? ? nil : Base64.decode64(encoded_file)
+      end
 
-    # Get a file attached to a given secret
-    #
-    # Parameters::
-    # * *secret_id* (Object): The secret ID
-    # * *secret_item_id* (Object): The secret item id
-    # Result::
-    # * String or nil: The file content, or nil if none
-    def download_file_attachment_by_item_id(secret_id, secret_item_id)
-      encoded_file = @client.call(
-        :download_file_attachment_by_item_id,
-        message: {
-          token: @token,
-          secretId: secret_id,
-          secretItemId: secret_item_id
-        }
-      ).to_hash.dig(:download_file_attachment_by_item_id_response, :download_file_attachment_by_item_id_result, :file_attachment)
-      encoded_file.nil? ? nil : Base64.decode64(encoded_file)
     end
 
   end

data/lib/hybrid_platforms_conductor/topographer/plugins/graphviz.rb

@@ -17,9 +17,11 @@ module HybridPlatformsConductor
           @topographer.force_cluster_strict_hierarchy
           # Write a Graphviz file
           File.open(file_name, 'w') do |f|
-            f.puts 'digraph unix {
-              size="6,6";
-              node [style=filled];'
+            f.puts <<~EO_GRAPHVIZ
+              digraph unix {
+                size="6,6";
+                node [style=filled];
+            EO_GRAPHVIZ
             # First write the definition of all nodes
             # Find all nodes belonging to no cluster
             orphan_nodes = @topographer.nodes_graph.keys

data/lib/hybrid_platforms_conductor/version.rb

@@ -1,5 +1,5 @@
 module HybridPlatformsConductor
 
-  VERSION = '33.2.2'
+  VERSION = '33.5.0'
 
 end

data/spec/hybrid_platforms_conductor_test.rb

@@ -1,5 +1,6 @@
 require 'fileutils'
 require 'tmpdir'
+require 'webmock/rspec'
 require 'hybrid_platforms_conductor/config'
 require 'hybrid_platforms_conductor/platforms_handler'
 require 'hybrid_platforms_conductor/actions_executor'
@@ -83,6 +84,9 @@ module HybridPlatformsConductorTest
     # Make sure the tested components are being reset before each test case
     RSpec.configure do |config|
       config.before do
+        # We allow for connections by default.
+        # Tests that need to test specifically connections at a given point call WebMock.disable_net_connect!
+        WebMock.allow_net_connect!
         @actions_executor = nil
         @cmd_runner = nil
         @config = nil
@@ -95,12 +99,18 @@ module HybridPlatformsConductorTest
         ENV.delete 'hpc_platforms'
         ENV.delete 'hpc_ssh_gateways_conf'
         ENV.delete 'hpc_ssh_gateway_user'
+        ENV.delete 'hpc_user_for_github'
+        ENV.delete 'hpc_password_for_github'
         ENV.delete 'hpc_user_for_proxmox'
         ENV.delete 'hpc_password_for_proxmox'
         ENV.delete 'hpc_realm_for_proxmox'
         ENV.delete 'hpc_user_for_thycotic'
         ENV.delete 'hpc_password_for_thycotic'
         ENV.delete 'hpc_domain_for_thycotic'
+        ENV.delete 'hpc_user_for_keepass'
+        ENV.delete 'hpc_password_for_keepass'
+        ENV.delete 'hpc_password_enc_for_keepass'
+        ENV.delete 'hpc_key_file_for_keepass'
         ENV.delete 'hpc_certificates'
         ENV.delete 'hpc_interactive'
         ENV.delete 'hpc_test_cookbooks_path'

data/spec/hybrid_platforms_conductor_test/api/actions_executor/actions/bash_spec.rb

@@ -17,6 +17,21 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
     end
 
+    it 'executes local Bash code from a SecretString' do
+      with_test_platform_for_action_plugins do |repository|
+        expect(
+          test_actions_executor.execute_actions(
+            {
+              'node' => {
+                bash: SecretString.new("echo TestContent >#{repository}/test_file ; echo TestStdout ; echo TestStderr 1>&2", silenced_str: '__INVALID_BASH__')
+              }
+            }
+          )['node']
+        ).to eq [0, "TestStdout\n", "TestStderr\n"]
+        expect(File.read("#{repository}/test_file")).to eq "TestContent\n"
+      end
+    end
+
     it 'executes local Bash code with timeout' do
       with_test_platform_for_action_plugins do
         expect(test_actions_executor.execute_actions(

data/spec/hybrid_platforms_conductor_test/api/actions_executor/actions/remote_bash_spec.rb

@@ -13,6 +13,17 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
     end
 
+    it 'executes remote Bash code from a SecretString' do
+      with_test_platform_for_action_plugins do
+        test_actions_executor.execute_actions({ 'node' => { remote_bash: SecretString.new('remote_bash_cmd.bash', silenced_str: '__INVALID_BASH__') } })
+        expect(test_actions_executor.connector(:test_connector).calls).to eq [
+          [:connectable_nodes_from, ['node']],
+          [:with_connection_to, ['node'], { no_exception: true }],
+          [:remote_bash, 'remote_bash_cmd.bash']
+        ]
+      end
+    end
+
     it 'executes remote Bash code with timeout' do
       with_test_platform_for_action_plugins do
         test_actions_executor.connector(:test_connector).remote_bash_code = proc do |_stdout, _stderr, connector|
@@ -124,6 +135,27 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
     end
 
+    it 'executes remote Bash code with environment variables set using SecretStrings' do
+      with_test_platform_for_action_plugins do
+        test_actions_executor.execute_actions(
+          {
+            'node' => { remote_bash: {
+              commands: 'bash_cmd.bash',
+              env: {
+                'var1' => SecretString.new('value1', silenced_str: 'SILENCED_VALUE'),
+                'var2' => 'value2'
+              }
+            } }
+          }
+        )
+        expect(test_actions_executor.connector(:test_connector).calls).to eq [
+          [:connectable_nodes_from, ['node']],
+          [:with_connection_to, ['node'], { no_exception: true }],
+          [:remote_bash, "export var1='value1'\nexport var2='value2'\nbash_cmd.bash"]
+        ]
+      end
+    end
+
   end
 
 end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/local/remote_actions_spec.rb

@@ -54,6 +54,15 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'executes bash commands remotely from a SecretString' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [['cd /tmp/hpc_local_workspaces/node ; bash_cmd.bash', proc { [0, 'Bash commands executed on node', ''] }]],
+          expected_stdout: 'Bash commands executed on node'
+        ) do
+          test_connector.remote_bash(SecretString.new('bash_cmd.bash', silenced_str: '__INVALID_BASH__'))
+        end
+      end
+
       it 'executes bash commands remotely with timeout' do
         with_test_platform_for_remote_testing(
           expected_cmds: [

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/config_dsl_spec.rb

@@ -13,10 +13,10 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
 
       it 'returns 1 defined gateway with its content' do
-        ssh_gateway = '
+        ssh_gateway = <<~EO_CONFIG
           Host gateway
             Hostname mygateway.com
-        '
+        EO_CONFIG
         with_repository do
           with_platforms "gateway :gateway_1, '#{ssh_gateway}'" do
             expect(test_config.ssh_for_gateway(:gateway_1)).to eq ssh_gateway
@@ -34,10 +34,12 @@ describe HybridPlatformsConductor::ActionsExecutor do
 
       it 'returns several defined gateways' do
         with_repository do
-          with_platforms '
-            gateway :gateway_1, \'\'
-            gateway :gateway_2, \'\'
-          ' do
+          with_platforms(
+            <<~EO_CONFIG
+              gateway :gateway_1, ''
+              gateway :gateway_2, ''
+            EO_CONFIG
+          ) do
             expect(test_config.known_gateways.sort).to eq %i[gateway_1 gateway_2].sort
           end
         end