Module: RedhatAccess::Telemetry::LookUps

Defined Under Namespace

Classes: RecordNotFound

Instance Method Summary collapse

Instance Method Details

#can_mask_rules(user) ⇒ Object



17
18
19
20
21
22
23
24
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 17

def can_mask_rules(user)
  # TODO move this to an auth class?
  return false if user.nil?
  return true if user.admin
  permissions = user.cached_roles.collect(&:permissions).flatten.map!(&:name)
  Rails.logger.debug("User can mask telemetry hosts : #{permissions.include?("rh_telemetry_configurations")}")
  permissions.include?("rh_telemetry_configurations")
end

#can_unregister_system(user) ⇒ Object



7
8
9
10
11
12
13
14
15
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 7

def can_unregister_system(user)
  # TODO: move this to an auth class?
  return false if user.nil?
  return true if user.admin
  permissions = user.cached_roles.collect(&:permissions).flatten.map!(&:name)
  # Rails.logger.debug("User can unregister telemetry hosts : #{ permissions.include?("rh_telemetry_configurations")}")
  # for now we allow all.
  true
end

#current_organization_objectObject



49
50
51
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 49

def current_organization_object
  Organization.current || Organization.find_by_id(session[:organization_id]) if session[:organization_id]
end

#disconnected_org?(org) ⇒ Boolean

Returns:

  • (Boolean)


66
67
68
69
70
71
72
73
74
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 66

def disconnected_org?(org)
  if org
    # TODO: fix hard coding
    # disable insights if disconnected orgs aren't enabled and katello doesn't point to redhat's CDN
    !REDHAT_ACCESS_CONFIG[:enable_insights_for_disconnected_orgs] && org.redhat_repository_url != 'https://cdn.redhat.com'
  else
    raise(RecordNotFound, 'Organization not found or invalid')
  end
end

#get_basic_auth_options(org, ca_file, verify_peer, ssl_version) ⇒ Object



155
156
157
158
159
160
161
162
163
164
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 155

def get_basic_auth_options(org, ca_file, verify_peer, ssl_version)
  opts = {
    :user        => org.telemetry_configuration.portal_user,
    :password    => org.telemetry_configuration.portal_password,
    :ssl_ca_file => ca_file,
    :verify_ssl  => verify_peer
  }
  opts[:ssl_version] = ssl_version if ssl_version
  opts
end

#get_branch_id_for_org(org) ⇒ Object



85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 85

def get_branch_id_for_org(org)
  if org
    owner = upstream_owner(org)
    if !owner['uuid']
      # ldebug('Org manifest not found or invalid in get_branch_id')
      raise(RecordNotFound, 'Branch ID not found for organization')
    else
      branch_id =  owner['uuid']
    end
  else
    raise(RecordNotFound, 'Organization not found or invalid')
  end
end

#get_branch_id_for_uuid(uuid) ⇒ Object



166
167
168
169
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 166

def get_branch_id_for_uuid(uuid)
  org = get_organization(uuid)
  get_branch_id_for_org org
end

#get_content_host(uuid = nil) ⇒ Object



181
182
183
184
185
186
187
188
189
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 181

def get_content_host(uuid = nil)
  uuid ||= params[:id]
  facet = Katello::Host::SubscriptionFacet.where(:uuid => uuid).first
  if facet.nil?
    User.as_anonymous_admin { Katello::Resources::Candlepin::Consumer.get(uuid) }
    return nil
  end
  ::Host::Managed.unscoped.find(facet.host_id)
end

#get_content_hosts(org) ⇒ Object



191
192
193
194
195
196
197
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 191

def get_content_hosts(org)
  if org
    ::Host::Managed.authorized('view_hosts', ::Host::Managed).joins(:subscription_facet).rewhere({:organization_id => org.id}).pluck("katello_subscription_facets.uuid")
  else
    raise(RecordNotFound, 'Organization not found or invalid')
  end
end

#get_default_ssl_ca_fileObject



126
127
128
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 126

def get_default_ssl_ca_file
  "#{RedhatAccess::Engine.root}/ca/rh_cert-api_chain.pem"
end

#get_http_options(include_user_id = false) ⇒ Object



251
252
253
254
255
256
257
258
259
260
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 251

def get_http_options(include_user_id = false)
  headers = {}
  if include_user_id && User.current
    headers = {:INSIGHTS_USER_ID => (User.current.)}
  end
  {:logger => Rails.logger,
   :http_proxy => get_portal_http_proxy,
   :user_agent => get_http_user_agent,
   :headers => headers}
end

#get_http_user_agentObject



247
248
249
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 247

def get_http_user_agent
  "#{get_plugin_parent_name}/#{get_plugin_parent_version};#{get_rha_plugin_name}/#{get_rha_plugin_version}"
end

#get_leaf_id(uuid) ⇒ Object



76
77
78
79
80
81
82
83
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 76

def get_leaf_id(uuid)
  system = get_content_host(uuid)
  if system.nil?
    Rails.logger.debug('Host not found or invalid')
    raise(RecordNotFound, 'Host not found or invalid')
  end
  uuid
end

#get_mutual_tls_auth_options(org, ca_file, verify_peer, ssl_version) ⇒ Object



130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 130

def get_mutual_tls_auth_options(org, ca_file, verify_peer, ssl_version)
  upstream = upstream_owner(org)
  if !upstream || !upstream['idCert'] || !upstream['idCert']['cert'] || !upstream['idCert']['key']
    raise(RecordNotFound, 'Unable to get portal SSL credentials. Missing org manifest?')
  else
    opts = {
      :ssl_client_cert => OpenSSL::X509::Certificate.new(upstream['idCert']['cert']),
      :ssl_client_key  => OpenSSL::PKey::RSA.new(upstream['idCert']['key']),
      :ssl_ca_file     => ca_file,
      :verify_ssl      => verify_peer
    }
    opts[:ssl_version] = ssl_version if ssl_version
    Rails.logger.debug("Telemetry ssl options => ca_file:#{opts[:ssl_ca_file]} , peer verify #{opts[:verify_ssl]}")
    opts
  end
end

#get_organization(uuid_or_host) ⇒ Object



171
172
173
174
175
176
177
178
179
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 171

def get_organization(uuid_or_host)
  # this takes either a host object or a uuid string
  if uuid_or_host.is_a?(::Host::Managed)
    return uuid_or_host.nil? ? nil : uuid_or_host.organization
  end

  system = get_content_host(uuid_or_host)
  system.nil? ? nil : system.organization
end

#get_plugin_parent_nameObject



296
297
298
299
300
301
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 296

def get_plugin_parent_name
  if defined? ForemanThemeSatellite::SATELLITE_VERSION
    return 'Satellite'
  end
  'Foreman'
end

#get_plugin_parent_versionObject



303
304
305
306
307
308
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 303

def get_plugin_parent_version
  if defined? ForemanThemeSatellite::SATELLITE_VERSION
    return ForemanThemeSatellite::SATELLITE_VERSION.gsub(/[a-zA-Z ]/, "")
  end
  Foreman::Version.new.to_s
end

#get_portal_http_proxyObject



199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 199

def get_portal_http_proxy
  begin
    @http_proxy_string ||=
        begin
          proxy_uri = URI('')

          if Setting[:content_default_http_proxy].present?
            proxy_config = HttpProxy.default_global_content_proxy
            proxy_uri = URI(proxy_config&.url)
            if proxy_config&.username.present?
              proxy_uri.user = CGI.escape(proxy_config&.username)
              if proxy_config&.password.present?
                proxy_uri.password = CGI.escape(proxy_config&.password)
              end
            end
          end

          if proxy_uri.to_s.blank?
            if SETTINGS[:katello][:cdn_proxy] && SETTINGS[:katello][:cdn_proxy][:host]
              proxy_config = SETTINGS[:katello][:cdn_proxy]
              proxy_uri.scheme = URI.parse(proxy_config[:host]).scheme
              proxy_uri.host = URI.parse(proxy_config[:host]).host
              proxy_uri.port = proxy_config[:port] if proxy_config[:port]
              if proxy_config[:user].present?
                proxy_uri.user =  CGI.escape(proxy_config[:user]) if proxy_config[:user]
                if proxy_config[:password].present?
                  proxy_uri.password = CGI.escape(proxy_config[:password])
                end
              end
            end
          end

          # Ruby's uri parser doesn't handle encoded characters so Katello added two new schemes to handle proxy
          # passwords.  See https://github.com/Katello/katello/blob/master/app/lib/katello/util/proxy_uri.rb
          proxy_uri.scheme = 'proxy' if proxy_uri.scheme == 'http'
          proxy_uri.scheme = 'proxys' if proxy_uri.scheme == 'https'

          proxy_uri.to_s
        end

    Rails.logger.debug("Insights proxy url = #{@http_proxy_string}")
    @http_proxy_string
  rescue
    Rails.logger.debug("insights plugin: Something bad happened trying to get the proxy url")
    raise
  end
end

#get_rha_plugin_nameObject

TODO: move version and name methods to generic utility



283
284
285
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 283

def get_rha_plugin_name
  'redhat_access'
end

#get_rha_plugin_rpm_nameObject



287
288
289
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 287

def get_rha_plugin_rpm_name
  'foreman-redhat_access'
end

#get_rha_plugin_versionObject



292
293
294
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 292

def get_rha_plugin_version
  RedhatAccess::VERSION
end

#get_ssl_options_for_org(org, ca_file) ⇒ Object



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 108

def get_ssl_options_for_org(org, ca_file)
  if org
    verify_peer = REDHAT_ACCESS_CONFIG[:telemetry_ssl_verify_peer] ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
    ssl_version = REDHAT_ACCESS_CONFIG[:telemetry_ssl_version] ? REDHAT_ACCESS_CONFIG[:telemetry_ssl_version] : nil
    ca_file = ca_file ? ca_file : get_default_ssl_ca_file
    Rails.logger.debug("Verify peer #{verify_peer}")
    if use_basic_auth?
      Rails.logger.debug("Using basic auth for portal communication")
      get_basic_auth_options(org, ca_file, verify_peer, ssl_version)
    else
      Rails.logger.debug("Using SSL auth for portal communication")
      get_mutual_tls_auth_options(org, ca_file, verify_peer, ssl_version)
    end
  else
    raise(RecordNotFound, 'Organization not found or invalid')
  end
end

#get_ssl_options_for_uuid(uuid, ca_file) ⇒ Object



99
100
101
102
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 99

def get_ssl_options_for_uuid(uuid, ca_file)
  org = get_organization(uuid)
  get_ssl_options_for_org(org, ca_file)
end

#get_tapi_timeoutObject

timeout for telemetry api operations



269
270
271
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 269

def get_tapi_timeout
  REDHAT_ACCESS_CONFIG[:telemetry_api_timeout_s] || 60
end

#get_telemetry_config(org) ⇒ Object



39
40
41
42
43
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 39

def get_telemetry_config(org)
  TelemetryConfiguration.find_or_create_by(:organization_id => org.id) do |conf|
    conf.enable_telemetry = true
  end
end

#get_upload_timeoutObject

timeout for telemetry uploads



274
275
276
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 274

def get_upload_timeout
  REDHAT_ACCESS_CONFIG[:telemetry_upload_timeout_s] || 120
end

#insights_api_hostObject



45
46
47
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 45

def insights_api_host
  REDHAT_ACCESS_CONFIG[:telemetry_api_host]
end

#is_org_selected?Boolean

Returns:

  • (Boolean)


34
35
36
37
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 34

def is_org_selected?
  Rails.logger.debug("Org selected ? #{current_organization_object.nil?}")
  current_organization_object.nil? ? false : true
end

#is_susbcribed_to_redhat?(org) ⇒ Boolean

Returns:

  • (Boolean)


26
27
28
29
30
31
32
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 26

def is_susbcribed_to_redhat?(org)
  if org
    upstream = upstream_owner(org)
    return upstream && upstream['idCert'] ? true : false
  end
  false
end

#telemetry_enabled?(org) ⇒ Boolean

Returns:

  • (Boolean)


53
54
55
56
57
58
59
60
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 53

def telemetry_enabled?(org)
  if org
    conf = get_telemetry_config(org)
    return conf.nil? ? false : conf.enable_telemetry
  else
    raise(RecordNotFound, 'Organization not found or invalid')
  end
end

#telemetry_enabled_for_uuid?(uuid) ⇒ Boolean

Returns:

  • (Boolean)


62
63
64
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 62

def telemetry_enabled_for_uuid?(uuid)
  telemetry_enabled?(get_organization(uuid))
end

#upstream_owner(org) ⇒ Object



147
148
149
150
151
152
153
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 147

def upstream_owner(org)
  #We use a cache because owner_details is networkcall to Candlepin
  #We make a lot of these calls each time the UI is accessed
  Rails.cache.fetch("insights_upstream_owner-#{org.id}", expires_in: 1.minute) do
    org.owner_details['upstreamConsumer']
  end
end

#use_basic_auth?Boolean

Returns:

  • (Boolean)


104
105
106
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 104

def use_basic_auth?
  REDHAT_ACCESS_CONFIG[:enable_telemetry_basic_auth]
end

#use_subsets?Boolean

global use_subsets flag - defaults to false to suppress use of subsets to address scalability problems (subset and branch_id are equivalent for satellite)

Returns:

  • (Boolean)


264
265
266
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 264

def use_subsets?
  REDHAT_ACCESS_CONFIG[:use_subsets] || false
end

#user_login_to_hash(login) ⇒ Object



278
279
280
# File 'app/services/redhat_access/telemetry/look_ups.rb', line 278

def ()
  Digest::SHA1.hexdigest()
end