manageiq-appliance_console 9.0.3 → 9.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2e3543b11c78c8759bbec5fce9e2ccda935b6bd40f072f72a252fb9d7ae49fa
-  data.tar.gz: 2242da455964838d4cb1c1801136a43dd3ec100986bf8d427c292729b548163f
+  metadata.gz: 2d0ec5457c80696cb57975c7b90ed74b04b6b8f9732686776524c9a19a63d6b9
+  data.tar.gz: 934f6a498b9d3916be9618d7a22ce98cc2f71800a099edbc12ac8a400e6a214a
 SHA512:
-  metadata.gz: 98ae6fea30f0a22d71df4a61dacc9a9e4f19820f0f047ebe5ef72f062ae78c46fde41513fae2a5f5be74d62ded807bdf8d67e6aa4fa2f9e21c6e8815eca11c32
-  data.tar.gz: 2cb850cb2873ce65c7ce1cfd7f0010272d6d4879576cc31c4df2bc17ed2faf1b501ff0406d010c02116eeaa91f4c0c23cb2002562bda3bb3b652868ddf8a7202
+  metadata.gz: 4a47aedb1dfe010537e0e015ad67b65e3d5a2402375d3cd667a007d52396bb7a24b18ad652f5da0f91f895740331faac6fbf0c3859fc64e419957be81419651f
+  data.tar.gz: 7e8c13d6558303e7028917ca58d3e85635088eaca14de87222f5fe9e38a9019d599203d9b94a3c8ed418038e47cc52b47c694c3d12b3c9b5120d51ec63a95be7

data/.github/workflows/ci.yaml

@@ -44,4 +44,4 @@ jobs:
     - name: Report code coverage
       if: "${{ github.ref == 'refs/heads/master' && matrix.ruby-version == '3.0' && matrix.rails-version == '6.1' }}"
       continue-on-error: true
-      uses: paambaati/codeclimate-action@v6
+      uses: paambaati/codeclimate-action@v8

data/.whitesource

@@ -1,3 +1,3 @@
 {
   "settingsInheritedFrom": "ManageIQ/whitesource-config@master"
-}
+}

data/CHANGELOG.md

@@ -4,6 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [9.1.0] - 2024-07-24
+### Added
+- Add a common method for asking for a password [[#251](https://github.com/ManageIQ/manageiq-appliance_console/pull/251)]
+- Add messaging hostname validation [[#254](https://github.com/ManageIQ/manageiq-appliance_console/pull/254)]
+- Indicate that messaging persistent disk is optional [[#256](https://github.com/ManageIQ/manageiq-appliance_console/pull/256)]
+- Add messaging password validation [[#255](https://github.com/ManageIQ/manageiq-appliance_console/pull/255)]
+
+### Changed
+- Deprecate message-server-use-ipaddr option from cli [[#257](https://github.com/ManageIQ/manageiq-appliance_console/pull/257)]
+
+### Fixed
+- Add ca-cert to messaging client installed_files [[#258](https://github.com/ManageIQ/manageiq-appliance_console/pull/258)]
+
 ## [9.0.3] - 2023-05-06
 ### Fixed
 - Fix missing kafka client ca-cert [[#250]](https://github.com/ManageIQ/manageiq-appliance_console/pull/250)
@@ -272,8 +285,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [1.0.0] - 2017-10-19
 
-[Unreleased]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.0.2...HEAD
-[9.0.1]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.0.1...v9.0.2
+[Unreleased]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.1.0...HEAD
+[9.1.0]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.0.3...v9.1.0
+[9.0.3]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.0.2...v9.0.3
+[9.0.2]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.0.1...v9.0.2
 [9.0.1]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v9.0.0...v9.0.1
 [9.0.0]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v8.1.0...v9.0.0
 [8.1.0]: https://github.com/ManageIQ/manageiq-appliance_console/compare/v8.0.0...v8.1.0

data/lib/manageiq/appliance_console/cli.rb

@@ -216,22 +216,18 @@ module ApplianceConsole
         opt :message_server_username,     "Message Server Username",                                        :type => :string
         opt :message_server_password,     "Message Server password",                                        :type => :string
         opt :message_server_port,         "Message Server Port",                                            :type => :integer
-        opt :message_server_use_ipaddr,   "Message Server Use Address",                                     :type => :boolean, :default => false
+        opt :message_server_use_ipaddr,   "Deprecated: Message Server Use Address",                         :type => :boolean, :default => false
         opt :message_server_host,         "Message Server Hostname or IP Address",                          :type => :string
         opt :message_truststore_path_src, "Message Server Truststore Path",                                 :type => :string
         opt :message_ca_cert_path_src,    "Message Server CA Cert Path",                                    :type => :string
         opt :message_persistent_disk,     "Message Persistent Disk Path",                                   :type => :string
       end
       Optimist.die :region, "needed when setting up a local database" if region_number_required? && options[:region].nil?
-      Optimist.die "Supply only one of --message-server-host or --message-server-use-ipaddr=true" if both_host_and_use_ip_addr_specified?
       Optimist.die "Supply only one of --message-server-config, --message-server-unconfig, --message-client-config or --message-client-unconfig" if multiple_message_subcommands?
+      warn("--message_server_use_ipaddr is deprecated and will be ignored") if options[:message_server_use_ipaddr]
       self
     end
 
-    def both_host_and_use_ip_addr_specified?
-      !options[:message_server_host].nil? && options[:message_server_use_ipaddr] == true
-    end
-
     def multiple_message_subcommands?
       a = [options[:message_server_config], options[:message_server_unconfig], options[:message_client_config], options[:message_client_unconfig]]
       a.each_with_object(Hash.new(0)) { |o, h| h[o] += 1 }[true] > 1

data/lib/manageiq/appliance_console/database_configuration.rb

@@ -121,32 +121,7 @@ module ApplianceConsole
       self.port     = ask_for_integer("port number", nil, port) unless local?
       self.database = just_ask("name of the database on #{host}", database) unless local?
       self.username = just_ask("username", username) unless local?
-      count = 0
-      loop do
-        password1 = ask_for_password("database password on #{host}", password)
-        # if they took the default, just bail
-        break if (password1 == password)
-
-        if password1.strip.length == 0
-          say("\nPassword can not be empty, please try again")
-          next
-        end
-        if password_twice
-          password2 = ask_for_password("database password again")
-          if password1 == password2
-            self.password = password1
-            break
-          elsif count > 0 # only reprompt password once
-            raise "passwords did not match"
-          else
-            count += 1
-            say("\nThe passwords did not match, please try again")
-          end
-        else
-          self.password = password1
-          break
-        end
-      end
+      self.password = ask_for_new_password("database password on #{host}", :default => password, :confirm_password => password_twice)
     end
 
     def friendly_inspect

data/lib/manageiq/appliance_console/database_replication.rb

@@ -6,6 +6,7 @@ module ManageIQ
 module ApplianceConsole
   class DatabaseReplication
     include ManageIQ::ApplianceConsole::Logging
+    include ManageIQ::ApplianceConsole::Prompts
 
     PGPASS_FILE       = '/var/lib/pgsql/.pgpass'.freeze
     NETWORK_INTERFACE = 'eth0'.freeze
@@ -115,25 +116,9 @@ Replication Server Configuration
     private
 
     def ask_for_cluster_database_credentials
-      self.database_name = just_ask("cluster database name", database_name)
-      self.database_user = just_ask("cluster database username", database_user)
-
-      count = 0
-      loop do
-        count += 1
-        password1 = ask_for_password("cluster database password", database_password)
-        # if they took the default, just bail
-        break if password1 == database_password
-        password2 = ask_for_password("cluster database password")
-        if password1 == password2
-          self.database_password = password1
-          break
-        elsif count > 1 # only reprompt password once
-          raise RuntimeError, "passwords did not match"
-        else
-          say("\nThe passwords did not match, please try again")
-        end
-      end
+      self.database_name     = just_ask("cluster database name", database_name)
+      self.database_user     = just_ask("cluster database username", database_user)
+      self.database_password = ask_for_new_password("cluster database password", :default => database_password)
     end
 
     def run_repmgr_command(cmd, params = {})

data/lib/manageiq/appliance_console/message_configuration.rb

@@ -7,6 +7,7 @@ module ManageIQ
   module ApplianceConsole
     class MessageConfiguration
       include ManageIQ::ApplianceConsole::ManageiqUserMixin
+      include ManageIQ::ApplianceConsole::Prompts
 
       attr_reader :message_keystore_username, :message_keystore_password,
                   :message_server_host, :message_server_port,
@@ -67,7 +68,7 @@ module ManageIQ
         show_parameters
         return false unless agree("\nProceed? (Y/N): ")
 
-        return false unless host_reachable?(message_server_host, "Message Server Host:")
+        return false unless host_resolvable?(message_server_host) && host_reachable?(message_server_host, "Message Server Host:")
 
         true
       end
@@ -189,6 +190,29 @@ module ManageIQ
         true
       end
 
+      def host_resolvable?(host)
+        require 'ipaddr'
+        require 'resolv'
+
+        say("Checking if #{host} is resolvable ... ")
+        begin
+          ip_address = Resolv.getaddress(host)
+
+          if IPAddr.new("127.0.0.1/8").include?(ip_address) || IPAddr.new("::1/128").include?(ip_address)
+            say("Failed.\nThe hostname must not resolve to a link-local address")
+
+            return false
+          end
+        rescue Resolv::ResolvError => e
+          say("Failed.\nHostname #{host} is not resolvable: #{e.message}")
+
+          return false
+        end
+
+        say("Succeeded.")
+        true
+      end
+
       def unconfigure
         remove_installed_files
       end

data/lib/manageiq/appliance_console/message_configuration_client.rb

@@ -20,7 +20,7 @@ module ManageIQ
         @message_truststore_path_src = options[:message_truststore_path_src] || truststore_path
         @message_ca_cert_path_src    = options[:message_ca_cert_path_src] || ca_cert_path
 
-        @installed_files = [client_properties_path, messaging_yaml_path, truststore_path]
+        @installed_files = [client_properties_path, messaging_yaml_path, truststore_path, ca_cert_path]
       end
 
       def configure
@@ -46,14 +46,14 @@ module ManageIQ
       def ask_for_parameters
         say("\nMessage Client Parameters:\n\n")
 
-        @message_server_host         = ask_for_string("Message Server Hostname or IP address")
+        @message_server_host         = ask_for_messaging_hostname("Message Server Hostname")
         @message_server_port         = ask_for_integer("Message Server Port number", (1..65_535), 9_093).to_i
         @message_server_username     = ask_for_string("Message Server Username", message_server_username)
         @message_server_password     = ask_for_password("Message Server Password")
         @message_truststore_path_src = ask_for_string("Message Server Truststore Path", truststore_path)
         @message_ca_cert_path_src    = ask_for_string("Message Server CA Cert Path", ca_cert_path)
         @message_keystore_username   = ask_for_string("Message Keystore Username", message_keystore_username) if secure?
-        @message_keystore_password   = ask_for_password("Message Keystore Password") if secure?
+        @message_keystore_password   = ask_for_messaging_password("Message Keystore Password") if secure?
       end
 
       def show_parameters

data/lib/manageiq/appliance_console/message_configuration_server.rb

@@ -17,7 +17,7 @@ module ManageIQ
       def initialize(options = {})
         super(options)
 
-        @message_server_host           = options[:message_server_use_ipaddr] == true ? my_ipaddr : options[:message_server_host] || my_hostname
+        @message_server_host           = options[:message_server_host] || my_hostname
         @message_persistent_disk       = LinuxAdmin::Disk.new(:path => options[:message_persistent_disk]) unless options[:message_persistent_disk].nil?
 
         @jaas_config_path              = config_dir_path.join("kafka_server_jaas.conf")
@@ -68,14 +68,10 @@ module ManageIQ
       def ask_for_parameters
         say("\nMessage Server Parameters:\n\n")
 
-        @message_server_host       = ask_for_string("Message Server Hostname or IP address", message_server_host)
-
-        # SSL Validation for Kafka does not work for hostnames containing "localhost"
-        # Therefore we replace with the equivalent IP "127.0.0.1" if a /localhost*/ hostname was entered
-        @message_server_host       = "127.0.0.1" if @message_server_host.include?("localhost")
+        @message_server_host       = ask_for_messaging_hostname("Message Server Hostname", message_server_host)
 
         @message_keystore_username = ask_for_string("Message Keystore Username", message_keystore_username)
-        @message_keystore_password = ask_for_password("Message Keystore Password")
+        @message_keystore_password = ask_for_messaging_password("Message Keystore Password")
         @message_persistent_disk   = ask_for_persistent_disk
       end
 
@@ -84,7 +80,7 @@ module ManageIQ
       end
 
       def use_new_disk
-        agree("Configure a new persistent disk volume? (Y/N): ")
+        agree("Configure a new persistent disk volume? (optional) (Y/N): ")
       end
 
       def choose_disk
@@ -301,13 +297,8 @@ module ManageIQ
                            "-genkey"   => nil,
                            "-keyalg"   => "RSA"}
 
-        if message_server_host.ipaddress?
-          keystore_params["-alias"] = "localhost"
-          keystore_params["-ext"] = "san=ip:#{message_server_host}"
-        else
-          keystore_params["-alias"] = message_server_host
-          keystore_params["-ext"] = "san=dns:#{message_server_host}"
-        end
+        keystore_params["-alias"] = message_server_host
+        keystore_params["-ext"] = "san=dns:#{message_server_host}"
 
         keystore_params["-dname"] = "cn=#{keystore_params["-alias"]}"
 

data/lib/manageiq/appliance_console/prompts.rb

@@ -14,6 +14,8 @@ module ApplianceConsole
     INT_REGEXP    = /^[0-9]+$/
     NONE_REGEXP   = /^('?NONE'?)?$/i.freeze
     HOSTNAME_REGEXP = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/.freeze
+    MESSAGING_HOSTNAME_REGEXP = /^(?!.*localhost)(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/.freeze
+    MESSAGING_PASSWORD_REGEXP = /\A[a-zA-Z0-9_\-\.\$\*]+\z/.freeze
 
     def ask_for_uri(prompt, expected_scheme, opts = {})
       require 'uri'
@@ -71,6 +73,11 @@ module ApplianceConsole
       just_ask(prompt, default, validate, error_text, &block)
     end
 
+    def ask_for_messaging_hostname(prompt, default = nil, error_text = "a valid Messaging Hostname (not an IP or localhost)", &block)
+      validation = ->(h) { h =~ MESSAGING_HOSTNAME_REGEXP && h !~ IP_REGEXP }
+      just_ask(prompt, default, validation, error_text, &block)
+    end
+
     def ask_for_ip_or_hostname(prompt, default = nil)
       validation = ->(h) { (h =~ HOSTNAME_REGEXP || h =~ IP_REGEXP) && h.length > 0 }
       ask_for_ip(prompt, default, validation, "a valid Hostname or IP Address.")
@@ -113,6 +120,36 @@ module ApplianceConsole
       pass == "********" ? (default || "") : pass
     end
 
+    def ask_for_new_password(prompt, default: nil, allow_empty: false, retry_limit: 1, confirm_password: true, validation: nil, validation_err: nil)
+      count = 0
+      loop do
+        password1 = ask_for_password(prompt, default)
+        if password1.strip.empty? && !allow_empty
+          say("\nPassword can not be empty, please try again")
+          next
+        end
+
+        if validation && password1 !~ validation
+          say("\nPassword is invalid: #{validation_err}, please try again")
+          next
+        end
+
+        return password1 if password1 == default || !confirm_password
+
+        password2 = ask_for_password(prompt)
+        return password1 if password1 == password2
+
+        raise "passwords did not match" if count >= retry_limit
+
+        count += 1
+        say("\nThe passwords did not match, please try again")
+      end
+    end
+
+    def ask_for_messaging_password(prompt)
+      ask_for_new_password(prompt, :validation => MESSAGING_PASSWORD_REGEXP, :validation_err => "allowed characters are a-z, A-Z, 0-9, -, _, ., $, and *")
+    end
+
     def ask_for_string(prompt, default = nil)
       just_ask(prompt, default)
     end

data/lib/manageiq/appliance_console/version.rb

@@ -1,5 +1,5 @@
 module ManageIQ
   module ApplianceConsole
-    VERSION = '9.0.3'.freeze
+    VERSION = '9.1.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: manageiq-appliance_console
 version: !ruby/object:Gem::Version
-  version: 9.0.3
+  version: 9.1.0
 platform: ruby
 authors:
 - ManageIQ Developers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-06 00:00:00.000000000 Z
+date: 2024-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord