diff --git a/app/controllers/hosts_controller.rb b/app/controllers/hosts_controller.rb index b21329f..ce84ca5 100644 --- a/app/controllers/hosts_controller.rb +++ b/app/controllers/hosts_controller.rb @@ -1,198 +1,210 @@ class HostsController < ApplicationController before_action :require_logged_in, except: :fd_config before_action :fetch_host, only: [:show, :edit, :update, :destroy, :submit_config, - :revoke, :disable] + :revoke, :disable, :regenerate_token] before_action :fetch_hosts_of_user, only: [:new, :create] # GET /hosts/new def new @host = Host.new @host.port = 9102 @host.email_recipients = [current_user.email] end # POST /hosts def create @host = Host.new(fetch_params) set_host_type @host.verified = !@host.institutional? if user_can_add_this_host? && @host.save flash[:success] = 'Host created successfully' current_user.hosts << @host UserMailer.notify_admin(current_user, @host.fqdn).deliver redirect_to host_path @host else flash[:error] = 'Host was not created' render :new end end # GET /hosts/1 def show @schedules = @host.job_templates.map(&:schedule) @filesets = @host.job_templates.map(&:fileset) end # GET /hosts/1/edit def edit if current_user.needs_host_list? @hosts_of_user = current_user.hosts.pluck(:fqdn) end end # PATCH /hosts/1 def update - updates = fetch_params.slice(:port, :password, :email_recipients) + updates = fetch_params.slice(:port, :email_recipients) if updates.present? && @host.update_attributes(updates) @host.recalculate if @host.bacula_ready? flash[:success] = 'Host updated successfully. You must update your file daemon accordingly.' redirect_to host_path @host else render :edit end end # DELETE /hosts/1 def destroy if (@host.client.nil? || @host.remove_from_bacula(true)) && @host.destroy flash[:success] = 'Host destroyed successfully' else flash[:error] = 'Host not destroyed' end redirect_to root_path end # POST /hosts/1/disable def disable if @host.disable_jobs_and_update flash[:success] = 'Client disabled' else flash[:error] = 'Something went wrong, try again later' end redirect_to host_path(@host) end # POST /hosts/1/submit_config def submit_config if @host.dispatch_to_bacula flash[:success] = 'Host configuration sent to Bacula successfully' else flash[:error] = 'Something went wrong, try again later' end redirect_to host_path(@host) end # DELETE /hosts/1/revoke def revoke if @host.remove_from_bacula flash[:success] = 'Host configuration removed from Bacula successfully' else flash[:error] = 'Something went wrong, try again later' end redirect_to root_path end + # POST /hosts/1/regenerate_token + def regenerate_token + if @host.recalculate_token + @host.recalculate if @host.bacula_ready? + flash[:success] = 'Host updated successfully. You must update your file daemon accordingly.' + else + flash[:error] = 'Something went wrong, try again later' + end + + redirect_to host_path(@host) + end + # GET /hosts/fetch_vima_hosts def fetch_vima_hosts if params[:code].blank? return redirect_to client.auth_code.authorize_url(:redirect_uri => redirect_uri, scope: 'read') end access_token = client.auth_code.get_token( params['code'], { :redirect_uri => redirect_uri }, { :mode => :query, :param_name => "access_token", :header_format => "" } ) vms = access_token.get( 'https://vima.grnet.gr/instances/list?tag=vima:service:archiving', { mode: :query, param_name: 'access_token' } ).parsed.deep_symbolize_keys[:response][:instances] session[:vms] = vms.first(50) current_user.temp_hosts = vms current_user.hosts_updated_at = Time.now current_user.save Host.where(fqdn: vms).each do |host| host.users << current_user unless host.users.include?(current_user) end redirect_to new_host_path end # GET /hosts/:id/fd_config?token=A_TOKEN def fd_config user = User.find_by(token: params[:token]) if params[:token] return redirect_to clients_path if user.nil? @host = user.hosts.find_by(id: params[:id]) return redirect_to clients_path unless @host render text: [ @host.bacula_fd_filedaemon_config, @host.bacula_fd_director_config(false), @host.bacula_fd_messages_config ].join("\n\n") end private def client OAuth2::Client.new( Rails.application.secrets.oauth2_vima_client_id, Rails.application.secrets.oauth2_vima_secret, site: 'https://vima.grnet.gr', token_url: "/o/token", authorize_url: "/o/authorize", :ssl => {:ca_path => "/etc/ssl/certs"} ) end def redirect_uri uri = URI.parse(request.url) uri.scheme = 'https' unless Rails.env.development? uri.path = '/hosts/fetch_vima_hosts' uri.query = nil uri.to_s end def fetch_hosts_of_user return if not current_user.needs_host_list? @hosts_of_user = session[:vms] - current_user.hosts.pluck(:fqdn) end def fetch_host @host = current_user.hosts.includes(job_templates: [:fileset, :schedule]).find(params[:id]) end def fetch_params - params.require(:host).permit(:fqdn, :port, :password, email_recipients: []) + params.require(:host).permit(:fqdn, :port, email_recipients: []) end def user_can_add_this_host? !current_user.needs_host_list? || @hosts_of_user.include?(@host.fqdn) end def set_host_type @host.origin = if current_user.vima? :vima elsif current_user.okeanos? :okeanos else :institutional end end end diff --git a/app/models/host.rb b/app/models/host.rb index 6add30f..d7dab57 100644 --- a/app/models/host.rb +++ b/app/models/host.rb @@ -1,363 +1,375 @@ # The bacula database must be independent from all of our application logic. # For this reason we have Host which is the application equivalent of a Bacula Client. # # A host is being created from our application. When it receives all the configuration # which is required it gets dispatched to bacula through some configuration files. After # that, a client with the exact same config is generated by bacula. class Host < ActiveRecord::Base establish_connection ARCHIVING_CONF include Configuration::Host STATUSES = { pending: 0, configured: 1, dispatched: 2, deployed: 3, updated: 4, redispatched: 5, for_removal: 6, inactive: 7, blocked: 8 } # The default file daemon port DEFAULT_PORT = 9102 enum origin: { institutional: 0, vima: 1, okeanos: 2 } serialize :email_recipients, JSON has_many :ownerships has_many :users, through: :ownerships, inverse_of: :hosts has_many :invitations belongs_to :client, class_name: :Client, foreign_key: :name, primary_key: :name belongs_to :verifier, class_name: :User, foreign_key: :verifier_id, primary_key: :id has_many :filesets, dependent: :destroy has_many :job_templates, dependent: :destroy has_many :schedules, dependent: :destroy validates :file_retention, :job_retention, :port, :password, presence: true validates :port, :quota, numericality: { greater_than: 0 } validates :fqdn, presence: true, uniqueness: true validate :fqdn_format validate :valid_recipients scope :not_baculized, -> { joins("left join #{Client.table_name} on #{Client.table_name}.Name = hosts.name"). where(Client.table_name => { Name: nil }) } scope :in_bacula, -> { where( status: STATUSES.select { |k,_| [:deployed, :updated, :redispatched, :for_removal].include? k }.values ) } scope :unverified, -> { where(verified: false) } before_validation :set_retention, :unset_baculized, :sanitize_name, :sanitize_email_recipients, :set_password, :set_port state_machine :status, initial: :pending do STATUSES.each do |status_name, value| state status_name, value: value end after_transition [:dispatched, :redispatched, :configured, :updated] => :deployed do |host| host.job_templates.enabled. update_all(baculized: true, baculized_at: Time.now, updated_at: Time.now) end event :add_configuration do transition [:pending, :dispatched, :inactive] => :configured end event :dispatch do transition :configured => :dispatched end event :redispatch do transition :updated => :redispatched end event :set_deployed do transition [:dispatched, :redispatched, :configured, :updated] => :deployed end event :change_deployed_config do transition [:deployed, :redispatched, :for_removal] => :updated end event :mark_for_removal do transition [:dispatched, :deployed, :updated, :redispatched] => :for_removal end event :set_inactive do transition [:deployed, :dispatched, :updated, :redispatched] => :inactive end event :disable do transition all => :pending end event :block do transition all - [:blocked] => :blocked end event :unblock do transition :blocked => :pending end end # API serializer # Override `as_json` method to personalize for API use. def as_json(opts={}) if for_api = opts.delete(:for_api) api_json else super(opts) end end # Determines if a host has enabled jobs in order to be dispatched to Bacula # # @return [Boolean] def bacula_ready? job_templates.enabled.any? end # Shows the host's auto_prune setting def auto_prune_human client_settings[:autoprune] end # Uploads the host's config to bacula # Reloads bacula server # # It updates the host's status accordingly def dispatch_to_bacula return false if not needs_dispatch? bacula_handler.deploy_config end # Removes a Host from bacula configuration. # Reloads bacula server # # If all go well it changes the host's status and returns true # # @param force[Boolean] forces removal def remove_from_bacula(force=false) return false if not (force || needs_revoke?) bacula_handler.undeploy_config end # Restores a host's backup to a preselected location # # @param fileset_id[Integer] the desired fileset # @param location[String] the desired restore location # @param restore_point[Datetime] the desired restore_point datetime def restore(file_set_id, location, restore_point=nil) return false if not restorable? job_ids = client.get_job_ids(file_set_id, restore_point) file_set_name = FileSet.find(file_set_id).file_set bacula_handler.restore(job_ids, file_set_name, restore_point, location) end # Runs the given backup job ASAP def backup_now(job_name) bacula_handler.backup_now(job_name) end # Disables all jobs and sends the configuration to Bacula def disable_jobs_and_update job_templates.update_all(enabled: false) bacula_handler.deploy_config end # Disables all jobs if needed and then locks the host def disable_jobs_and_lock return false if can_set_inactive? && !disable_jobs_and_update block end # Determinex weather a host: # # * has all it takes to be deployed but # * the config is not yet sent to bacula # # @return [Boolean] def needs_dispatch? verified? && (can_dispatch? || can_redispatch?) end # Determines weather a host is marked for removal # # @return [Boolean] def needs_revoke? for_removal? end # Handles the host's job changes by updating the host's status def recalculate add_configuration || change_deployed_config end # Fetches an info message concerning the host's deploy status def display_message if !verified? { message: 'Your host needs to be verified by an admin', severity: :alert } elsif pending? { message: 'client not configured yet', severity: :alert } elsif configured? || dispatched? { message: 'client not deployed to Bacula', severity: :alert } elsif updated? || redispatched? { message: 'client configuration changed, deploy needed', severity: :alert } elsif for_removal? { message: 'pending client configuration withdraw', severity: :error } elsif inactive? { message: 'client disabled', severity: :alert } elsif blocked? { message: 'client disabled by admin.', severity: :error } end end # Determines if a host can issue a restore job. # # @return [Boolean] true if the host's client can issue a restore job def restorable? client.present? && client.is_backed_up? end # @return [User] the first of the host's users def first_user users.order('ownerships.created_at asc').first end # Marks the host as verified and sets the relevant metadata # # @param admin_verifier[Integer] the verifier's id def verify(admin_verifier) self.verified = true self.verifier_id = admin_verifier self.verified_at = Time.now recipients = users.pluck(:email) if save UserMailer.notify_for_verification(recipients, name).deliver if recipients.any? return true end false end # Determines if a host can be disabled or not. # Equivalent to is_deployed # # @return [Boolean] def can_be_disabled? dispatched? || deployed? || updated? || redispatched? end # Determines if a host is inserted manually from the user or # provided as an option from a list by the system via a third party # like ViMa or Okeanos # # @return [Boolean] def manually_inserted? institutional? end + # Resets the hosts token + # + # @return [Boolean] + def recalculate_token + self.password = token + save + end + private # automatic setters def sanitize_name self.name = fqdn end # Sets the file and job retention according to the global settings def set_retention self.file_retention = client_settings[:file_retention] self.file_retention_period_type = client_settings[:file_retention_period_type] self.job_retention = client_settings[:job_retention] self.job_retention_period_type = client_settings[:job_retention_period_type] end def unset_baculized self.baculized = false if new_record? true end def sanitize_email_recipients self.email_recipients.reject!(&:blank?) end def set_password return true if persisted? - self.password = Digest::SHA256.hexdigest( + self.password = token + end + + def token + Digest::SHA256.hexdigest( Time.now.to_s + Rails.application.secrets.salt + fqdn.to_s ) end def set_port return true if persisted? self.port = DEFAULT_PORT end # validation def fqdn_format regex = /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(? <% if current_user.needs_host_list? %> <%= f.select :fqdn, options_for_select(@hosts_of_user, @host.fqdn), {}, disabled: @host.persisted? %> <% else %> <%= f.text_field :fqdn, disabled: @host.persisted? %> <% end %> <% if @host.persisted? %> - <%= f.password_field :password, label: 'Token', value: @host.password %> <%= f.number_field :port, min: 1 %> <% end %> + <% emails = (@host.users.pluck(:email) + @host.email_recipients).uniq.select(&:present?) %> <%= f.select :email_recipients, options_for_select(emails, @host.email_recipients), {}, multiple: true %>
-
-
- <%= link_to 'Cancel', @host.persisted? ? host_path(@host) : clients_path, - class: 'btn btn-danger' %> +
+ <%= link_to @host.persisted? ? host_path(@host) : clients_path, + class: 'btn btn-default' do %> + + Cancel + <% end %>
-
- <%= f.submit 'Submit', class: 'btn btn-success' %> + +
+ <% if @host.persisted? %> + <%= link_to regenerate_token_host_path(@host), method: :post, + class: 'btn btn-default', + data: { confirm: 'Are you sure you want to regenrate the server token' } do %> + + Regenerate Token + <% end %> + <% end %>
+ +
+ <%= f.submit 'Submit', class: 'btn btn-success' %>
- <% end %> diff --git a/app/views/hosts/edit.html.erb b/app/views/hosts/edit.html.erb index 947894e..8cfeca0 100644 --- a/app/views/hosts/edit.html.erb +++ b/app/views/hosts/edit.html.erb @@ -1,11 +1,13 @@
-
+

Edit Client <%= @host.name %>

-
- <%= render 'form' %> + +
+ <%= render 'form' %> +
diff --git a/app/views/hosts/new.html.erb b/app/views/hosts/new.html.erb index 2abcc6a..84d66c2 100644 --- a/app/views/hosts/new.html.erb +++ b/app/views/hosts/new.html.erb @@ -1,18 +1,20 @@
-
+

New Client <% if current_user.vima? %> <%= link_to fetch_vima_hosts_path, role: :button, class: 'btn btn-default right' do %> Fetch Clients <% end %> <% end %>

-
- <%= render 'form' %> + +
+ <%= render 'form' %> +
diff --git a/config/routes.rb b/config/routes.rb index 2ad7f1c..4748a64 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,127 +1,128 @@ Rails.application.routes.draw do root 'application#index' get 'faq' => 'application#faq' post 'grnet' => 'application#grnet' get 'institutional' => 'application#institutional' match 'vima', to: 'application#vima', :via => [:get, :post] get 'logout' => 'application#logout' resources :clients, only: [:index, :show] do member do get :jobs get :logs get :stats post :stats get :users get :restore post :run_restore post :restore_selected delete :remove_user end collection do post :index end end resources :clients, only: [], param: :client_id do member do get :tree end end resources :invitations, only: [:create] get '/invitations/:host_id/:verification_code/accept' => 'invitations#accept', as: :accept_invitation resources :hosts, only: [:new, :create, :show, :edit, :update, :destroy] do member do post :submit_config post :disable + post :regenerate_token delete :revoke get :fd_config end collection do get :fetch_vima_hosts, to: 'hosts#fetch_vima_hosts', as: :fetch_vima end resources :jobs, only: [:new, :create, :show, :edit, :update, :destroy] do member do patch :toggle_enable post :backup_now end end resources :filesets, only: [:show, :new, :create, :edit, :update, :destroy] resources :schedules, only: [:show, :new, :edit, :create, :update, :destroy] end resources :users, only: :show do member do patch :generate_token end end namespace :admin do match '/', to: 'base#index', via: [:get, :post] get '/login' => 'base#login', as: :login resources :settings, only: [:index, :new, :create, :edit, :update] do member do delete :reset end end resources :clients, only: [:index, :show] do member do get :jobs get :logs get :stats post :stats get :configuration post :disable post :block post :unblock delete :revoke end end resources :hosts, only: [] do collection do get :unverified end member do post :verify put :set_quota end end resources :users, only: [:index, :new, :create, :show, :edit, :update] do member do patch :ban patch :unban patch :revoke_admin patch :grant_admin end end resources :pools, only: [:index, :new, :create] resources :faqs end namespace :api, defaults: { format: :json } do scope module: :v1, constraints: ApiVersion.new(version: 1, default: true) do resources :clients, only: [:index, :show] do member do post :backup post :restore end end end end end diff --git a/spec/controllers/hosts_controller_spec.rb b/spec/controllers/hosts_controller_spec.rb index 2c81461..bcf7ce5 100644 --- a/spec/controllers/hosts_controller_spec.rb +++ b/spec/controllers/hosts_controller_spec.rb @@ -1,142 +1,142 @@ require 'spec_helper' describe HostsController do let(:user) { FactoryGirl.create(:user) } before { controller.stub(:current_user) { user } } describe 'GET #new' do before { get :new } it 'initializes a host' do expect(assigns(:host)).to be end it 'renders' do expect(response).to render_template(:new) end end describe 'PATCH #update' do let!(:host) { FactoryGirl.create(:host) } before { host.users << user } context 'with valid params' do let(:params) do { id: host.id, - host: { port: 9999, password: 'wrong_pass' } + host: { port: 9999 } } end it 'updates the host' do expect { patch :update, params }. - to change { [host.reload.port, host.reload.password] }. - to([9999, 'wrong_pass']) + to change { host.reload.port }. + to(9999) end it 'redirects to host_show' do patch :update, params expect(response).to redirect_to(host_path(host)) end end context 'with fqdn in params' do let(:params) do { id: host.id, host: { fqdn: 'another.host.gr' } } end it 'does not update the host' do expect { patch :update, params }. to_not change { host.reload.fqdn } end it 'renders the edit page' do patch :update, params expect(response).to render_template(:edit) end end end describe 'POST #create' do context 'with valid params' do let(:params) do { host: FactoryGirl.build(:host).attributes.symbolize_keys. - slice(:password, :fqdn, :port) + slice(:fqdn, :port) } end it 'creates the host' do expect { post :create, params }. to change { Host.count }.by(1) end it 'redirects to root' do post :create, params expect(response).to redirect_to(host_path(Host.last)) end it 'assigns the host to the user' do expect { post :create, params }. to change { user.hosts(true).count }.from(0).to(1) end end context 'with invalid params' do let(:params) do { host: FactoryGirl.build(:host).attributes.symbolize_keys. slice(:port) } end before { post :create, params } it 'initializes a host with errors' do expect(assigns(:host)).to be end it 'renders :new' do expect(response).to render_template(:new) end end end describe 'POST #submit_config' do let(:host) { FactoryGirl.create(:host, :configured) } let(:params) { { id: host.id } } before { host.users << user } it 'redirects to root' do post :submit_config, params expect(response).to redirect_to(host_path(host)) end it 'calls submit_config_to_bacula on host' do Host.any_instance.should_receive(:dispatch_to_bacula) post :submit_config, params end end describe 'DELETE #revoke' do let(:host) { FactoryGirl.create(:host, status: Host::STATUSES[:for_removal]) } let(:params) { { id: host.id } } before { host.users << user } it 'redirects to root' do delete :revoke, params expect(response).to redirect_to(root_path) end it 'calls remove_from_bacula on host' do Host.any_instance.should_receive(:remove_from_bacula) delete :revoke, params end end end