hybrid_platforms_conductor 33.4.0 → 33.7.1

data/lib/hybrid_platforms_conductor/hpc_plugins/test/file_system.rb

@@ -17,7 +17,7 @@ module HybridPlatformsConductor
           # Flatten the paths rules so that we can spot inconsistencies in configuration
           @config.aggregate_files_rules(@nodes_handler, @node).map do |path, rule_info|
             [
-              "if #{@nodes_handler.sudo_on(@node)} /bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
+              "if #{@actions_executor.sudo_prefix(@node)}/bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
               {
                 validator: proc do |stdout, stderr|
                   case stdout.last

data/lib/hybrid_platforms_conductor/hpc_plugins/test/hostname.rb

@@ -12,8 +12,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}hostname -s" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}hostname -s" => proc do |stdout|
               assert_equal stdout.first, @node, "Expected hostname to be #{@node}, but got #{stdout.first} instead."
             end
           }

data/lib/hybrid_platforms_conductor/hpc_plugins/test/idempotence.rb

@@ -27,7 +27,7 @@ module HybridPlatformsConductor
               #   System is booting up. See pam_nologin(8)
               #   Authentication failed.
               instance.stop
-              instance.with_running_instance(port: 22) do
+              instance.with_running_instance(port: @nodes_handler.get_ssh_port_of(@node) || 22) do
                 # Now that the node has been deployed, use the a_testadmin user for the check-node (as root has no more access)
                 deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user = 'a_testadmin'
                 deployer.instance_variable_get(:@actions_executor).connector(:ssh).passwords.delete(@node)

data/lib/hybrid_platforms_conductor/hpc_plugins/test/ip.rb

@@ -12,8 +12,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}hostname -I" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}hostname -I" => proc do |stdout|
               if stdout.first.nil?
                 error 'No IP returned by "hostname -I"'
               else

data/lib/hybrid_platforms_conductor/hpc_plugins/test/jenkins_ci_conf.rb

@@ -26,7 +26,7 @@ module HybridPlatformsConductor
             else
               with_credentials_for(:jenkins_ci, resource: repo_info[:jenkins_ci_url]) do |jenkins_user, jenkins_password|
                 # Get its config
-                doc = Nokogiri::XML(URI.parse("#{repo_info[:jenkins_ci_url]}/config.xml").open(http_basic_authentication: [jenkins_user, jenkins_password]).read)
+                doc = Nokogiri::XML(URI.parse("#{repo_info[:jenkins_ci_url]}/config.xml").open(http_basic_authentication: [jenkins_user, jenkins_password&.to_unprotected]).read)
                 # Check that this job builds the correct Bitbucket repository
                 assert_equal(
                   doc.xpath('/org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject/sources/data/jenkins.branch.BranchSource/source/serverUrl').text,

data/lib/hybrid_platforms_conductor/hpc_plugins/test/jenkins_ci_masters_ok.rb

@@ -34,10 +34,10 @@ module HybridPlatformsConductor
               master_info_url = "#{repo_info[:jenkins_ci_url]}/job/master/api/json"
               with_credentials_for(:jenkins_ci, resource: master_info_url) do |jenkins_user, jenkins_password|
                 # Get the master branch info from the API
-                master_info = JSON.parse(URI.parse(master_info_url).open(http_basic_authentication: [jenkins_user, jenkins_password]).read)
+                master_info = JSON.parse(URI.parse(master_info_url).open(http_basic_authentication: [jenkins_user, jenkins_password&.to_unprotected]).read)
                 # Get the last build's URL
                 last_build_info_url = "#{master_info['lastBuild']['url']}/api/json"
-                last_build_info = JSON.parse(URI.parse(last_build_info_url).open(http_basic_authentication: [jenkins_user, jenkins_password]).read)
+                last_build_info = JSON.parse(URI.parse(last_build_info_url).open(http_basic_authentication: [jenkins_user, jenkins_password&.to_unprotected]).read)
                 log_debug "Build info for #{master_info_url}:\n#{JSON.pretty_generate(last_build_info)}"
                 error "Last build for job #{repo_info[:project]}/#{repo_info[:name]} is in status #{last_build_info['result']}: #{master_info['lastBuild']['url']}" unless SUCCESS_STATUSES.include?(last_build_info['result'])
               rescue

data/lib/hybrid_platforms_conductor/hpc_plugins/test/local_users.rb

@@ -59,8 +59,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}cat /etc/passwd" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}cat /etc/passwd" => proc do |stdout|
               passwd_users = stdout.map { |passwd_line| passwd_line.split(':').first }
               missing_users = @nodes_handler.
                 select_confs_for_node(@node, @config.users_that_should_be_present).

data/lib/hybrid_platforms_conductor/hpc_plugins/test/mounts.rb

@@ -63,8 +63,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}mount" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}mount" => proc do |stdout|
               mounts_info = stdout.map do |line|
                 fields = line.split
                 {

data/lib/hybrid_platforms_conductor/hpc_plugins/test/orphan_files.rb

@@ -52,8 +52,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/usr/bin/find / \\( #{
+            "#{@actions_executor.sudo_prefix(@node)}/usr/bin/find / \\( #{
               @nodes_handler.
                 select_confs_for_node(@node, @config.ignored_orphan_files_paths).
                 inject(DIRECTORIES_TO_ALWAYS_IGNORE) { |merged_paths, paths_to_ignore_info| merged_paths + paths_to_ignore_info[:ignored_paths] }.

data/lib/hybrid_platforms_conductor/hpc_plugins/test/spectre.rb

@@ -18,7 +18,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           spectre_cmd = <<~EO_BASH
-            #{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/bin/bash <<'EOAction'
+            #{@actions_executor.sudo_prefix(@node)}/bin/bash <<'EOAction'
             #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
             EOAction
           EO_BASH

data/lib/hybrid_platforms_conductor/hpc_plugins/test/vulnerabilities.rb

@@ -56,8 +56,7 @@ module HybridPlatformsConductor
                   current_url
                 end
               )
-              # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-              sudo = @deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "
+              sudo = @actions_executor.sudo_prefix(@node)
               urls.map do |url|
                 # 1. Get the OVAL file on the node to be tested (uncompress it if needed)
                 # 2. Make sure oscap is installed

data/lib/hybrid_platforms_conductor/logger_helpers.rb

@@ -1,6 +1,23 @@
 require 'colorize'
 require 'logger'
 require 'ruby-progressbar'
+require 'secret_string'
+
+# Add colorization methods to SecretString, but always directed to the silenced string as we NEVER want to modiy/clone a secret
+class SecretString
+
+  extend Colorize::ClassMethods
+
+  def_delegators :@silenced_str, *%i[
+    colorize
+    uncolorize
+    colorized?
+  ]
+
+  color_methods
+  modes_methods
+
+end
 
 module HybridPlatformsConductor
 

data/lib/hybrid_platforms_conductor/test.rb

@@ -36,20 +36,34 @@ module HybridPlatformsConductor
     # Constructor
     #
     # Parameters::
-    # * *logger* (Logger): Logger to be used
-    # * *logger_stderr* (Logger): Logger to be used for stderr
-    # * *config* (Config): Config to be used.
-    # * *cmd_runner* (CmdRunner): CmdRunner that can be used by tests
-    # * *nodes_handler* (NodesHandler): Nodes handler that can be used by tests
-    # * *deployer* (Deployer): Deployer that can be used by tests
+    # * *logger* (Logger): Logger to be used [default: Logger.new($stdout)]
+    # * *logger_stderr* (Logger): Logger to be used for stderr [default: Logger.new($stderr)]
+    # * *config* (Config): Config to be used. [default: Config.new]
+    # * *cmd_runner* (CmdRunner): Command executor to be used. [default: CmdRunner.new]
+    # * *nodes_handler* (NodesHandler): Nodes handler to be used. [default: NodesHandler.new]
+    # * *actions_executor* (ActionsExecutor): Actions Executor to be used. [default: ActionsExecutor.new]
+    # * *deployer* (Deployer): Deployer that can be used by tests [default: Deployer.new]
     # * *name* (String): Name of the test being instantiated [default: 'unknown_test']
     # * *platform* (PlatformHandler): Platform handler for which the test is instantiated, or nil if global or node specific [default: nil]
     # * *node* (String): Node name for which the test is instantiated, or nil if global or platform specific [default: nil]
     # * *expected_failure* (String or nil): Expected failure, or nil if not expected to fail [default: nil]
-    def initialize(logger, logger_stderr, config, cmd_runner, nodes_handler, deployer, name: 'unknown_test', platform: nil, node: nil, expected_failure: nil)
+    def initialize(
+      logger: Logger.new($stdout),
+      logger_stderr: Logger.new($stderr),
+      config: Config.new,
+      cmd_runner: CmdRunner.new,
+      nodes_handler: NodesHandler.new,
+      actions_executor: ActionsExecutor.new,
+      deployer: Deployer.new,
+      name: 'unknown_test',
+      platform: nil,
+      node: nil,
+      expected_failure: nil
+    )
       super(logger: logger, logger_stderr: logger_stderr, config: config)
       @cmd_runner = cmd_runner
       @nodes_handler = nodes_handler
+      @actions_executor = actions_executor
       @deployer = deployer
       @name = name
       @platform = platform

data/lib/hybrid_platforms_conductor/tests_runner.rb

@@ -274,12 +274,13 @@ module HybridPlatformsConductor
     # * Test: Corresponding test
     def new_test(test_name, platform: nil, node: nil, ignore_expected_failure: false)
       (test_name.nil? ? Test : @tests_plugins[test_name]).new(
-        @logger,
-        @logger_stderr,
-        @config,
-        @cmd_runner,
-        @nodes_handler,
-        @deployer,
+        logger: @logger,
+        logger_stderr: @logger_stderr,
+        config: @config,
+        cmd_runner: @cmd_runner,
+        nodes_handler: @nodes_handler,
+        actions_executor: @actions_executor,
+        deployer: @deployer,
         name: test_name.nil? ? :global : test_name,
         platform: platform,
         node: node,

data/lib/hybrid_platforms_conductor/thycotic.rb

@@ -33,7 +33,7 @@ module HybridPlatformsConductor
       # Parameters::
       # * *url* (String): URL of the Thycotic Secret Server
       # * *user* (String): User name to be used to connect to Thycotic
-      # * *password* (String): Password to be used to connect to Thycotic
+      # * *password* (SecretString): Password to be used to connect to Thycotic
       # * *domain* (String): Domain to use for authentication to Thycotic [default: ENV['hpc_domain_for_thycotic']]
       # * *logger* (Logger): Logger to be used [default: Logger.new(STDOUT)]
       # * *logger_stderr* (Logger): Logger to be used for stderr [default: Logger.new(STDERR)]
@@ -57,7 +57,7 @@ module HybridPlatformsConductor
           :authenticate,
           message: {
             username: user,
-            password: password,
+            password: password&.to_unprotected,
             domain: domain
           }
         ).to_hash.dig(:authenticate_response, :authenticate_result, :token)

data/lib/hybrid_platforms_conductor/version.rb

@@ -1,5 +1,5 @@
 module HybridPlatformsConductor
 
-  VERSION = '33.4.0'
+  VERSION = '33.7.1'
 
 end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/actions/bash_spec.rb

@@ -17,6 +17,21 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
     end
 
+    it 'executes local Bash code from a SecretString' do
+      with_test_platform_for_action_plugins do |repository|
+        expect(
+          test_actions_executor.execute_actions(
+            {
+              'node' => {
+                bash: SecretString.new("echo TestContent >#{repository}/test_file ; echo TestStdout ; echo TestStderr 1>&2", silenced_str: '__INVALID_BASH__')
+              }
+            }
+          )['node']
+        ).to eq [0, "TestStdout\n", "TestStderr\n"]
+        expect(File.read("#{repository}/test_file")).to eq "TestContent\n"
+      end
+    end
+
     it 'executes local Bash code with timeout' do
       with_test_platform_for_action_plugins do
         expect(test_actions_executor.execute_actions(

data/spec/hybrid_platforms_conductor_test/api/actions_executor/actions/remote_bash_spec.rb

@@ -13,6 +13,17 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
     end
 
+    it 'executes remote Bash code from a SecretString' do
+      with_test_platform_for_action_plugins do
+        test_actions_executor.execute_actions({ 'node' => { remote_bash: SecretString.new('remote_bash_cmd.bash', silenced_str: '__INVALID_BASH__') } })
+        expect(test_actions_executor.connector(:test_connector).calls).to eq [
+          [:connectable_nodes_from, ['node']],
+          [:with_connection_to, ['node'], { no_exception: true }],
+          [:remote_bash, 'remote_bash_cmd.bash']
+        ]
+      end
+    end
+
     it 'executes remote Bash code with timeout' do
       with_test_platform_for_action_plugins do
         test_actions_executor.connector(:test_connector).remote_bash_code = proc do |_stdout, _stderr, connector|
@@ -124,6 +135,27 @@ describe HybridPlatformsConductor::ActionsExecutor do
       end
     end
 
+    it 'executes remote Bash code with environment variables set using SecretStrings' do
+      with_test_platform_for_action_plugins do
+        test_actions_executor.execute_actions(
+          {
+            'node' => { remote_bash: {
+              commands: 'bash_cmd.bash',
+              env: {
+                'var1' => SecretString.new('value1', silenced_str: 'SILENCED_VALUE'),
+                'var2' => 'value2'
+              }
+            } }
+          }
+        )
+        expect(test_actions_executor.connector(:test_connector).calls).to eq [
+          [:connectable_nodes_from, ['node']],
+          [:with_connection_to, ['node'], { no_exception: true }],
+          [:remote_bash, "export var1='value1'\nexport var2='value2'\nbash_cmd.bash"]
+        ]
+      end
+    end
+
   end
 
 end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/local/remote_actions_spec.rb

@@ -54,6 +54,15 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'executes bash commands remotely from a SecretString' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [['cd /tmp/hpc_local_workspaces/node ; bash_cmd.bash', proc { [0, 'Bash commands executed on node', ''] }]],
+          expected_stdout: 'Bash commands executed on node'
+        ) do
+          test_connector.remote_bash(SecretString.new('bash_cmd.bash', silenced_str: '__INVALID_BASH__'))
+        end
+      end
+
       it 'executes bash commands remotely with timeout' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
@@ -98,6 +107,10 @@ describe HybridPlatformsConductor::ActionsExecutor do
       it 'copies files remotely with sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'sudo -u root cp -r "/path/to/src.file" "/remote_path/to/dst.dir"',
               proc { [0, '', ''] }
@@ -108,9 +121,27 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies files remotely with sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ]
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/remote_path/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', '/remote_path/to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies files remotely with a different sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'other_sudo --user root cp -r "/path/to/src.file" "/remote_path/to/dst.dir"',
               proc { [0, '', ''] }
@@ -124,6 +155,23 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies files remotely with a different sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ],
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/remote_path/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', '/remote_path/to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies files remotely with timeout' do
         with_test_platform_for_remote_testing(
           timeout: 5
@@ -143,6 +191,10 @@ describe HybridPlatformsConductor::ActionsExecutor do
       it 'copies relative files remotely with sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'sudo -u root cp -r "/path/to/src.file" "/tmp/hpc_local_workspaces/node/to/dst.dir"',
               proc { [0, '', ''] }
@@ -153,9 +205,27 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies relative files remotely with sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ]
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/tmp/hpc_local_workspaces/node/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', 'to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies relative files remotely with a different sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'other_sudo --user root cp -r "/path/to/src.file" "/tmp/hpc_local_workspaces/node/to/dst.dir"',
               proc { [0, '', ''] }
@@ -169,6 +239,23 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies relative files remotely with a different sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ],
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/tmp/hpc_local_workspaces/node/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', 'to/dst.dir', sudo: true)
+        end
+      end
+
     end
 
   end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/connections_spec.rb

@@ -132,6 +132,36 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'creates SSH master to several nodes differing only by the SSH port' do
+        with_test_platform(
+          {
+            nodes: {
+              'node1' => { meta: { host_ip: '192.168.42.1', ssh_port: 6661 } },
+              'node2' => { meta: { host_ip: '192.168.42.1', ssh_port: 6662 } },
+              'node3' => { meta: { host_ip: '192.168.42.1', ssh_port: 6663 } }
+            }
+          }
+        ) do
+          with_cmd_runner_mocked(
+            [
+              ['which env', proc { [0, "/usr/bin/env\n", ''] }],
+              ['ssh -V 2>&1', proc { [0, "OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019\n", ''] }]
+            ] + ssh_expected_commands_for(
+              {
+                'node1' => { connection: '192.168.42.1', user: 'test_user', port: 6661 },
+                'node2' => { connection: '192.168.42.1', user: 'test_user', port: 6662 },
+                'node3' => { connection: '192.168.42.1', user: 'test_user', port: 6663 }
+              }
+            )
+          ) do
+            test_connector.ssh_user = 'test_user'
+            test_connector.with_connection_to(%w[node1 node2 node3]) do |connected_nodes|
+              expect(connected_nodes.sort).to eq %w[node1 node2 node3].sort
+            end
+          end
+        end
+      end
+
       it 'creates SSH master to several nodes with ssh connections transformed' do
         with_test_platform(
           { nodes: {