Hello community, here is the log from the commit of package velum for openSUSE:Factory checked in at 2018-05-29 10:44:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/velum (Old) and /work/SRC/openSUSE:Factory/.velum.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "velum" Tue May 29 10:44:23 2018 rev:29 rq:612255 version:4.0.0+dev+git_r797_7e1a29814f26359f9f065d99f101f1ba80ec93ab Changes: -------- --- /work/SRC/openSUSE:Factory/velum/velum.changes 2018-05-22 17:02:51.790257953 +0200 +++ /work/SRC/openSUSE:Factory/.velum.new/velum.changes 2018-05-29 10:44:23.453663869 +0200 @@ -1,0 +2,105 @@ +Fri May 25 11:48:35 UTC 2018 - [email protected] + +- Commit a93be89 by David Cassany [email protected] + Make use of %license macro + + +------------------------------------------------------------------- +Fri May 25 10:36:42 UTC 2018 - [email protected] + +- Commit 7e6fdf1 by Vítor Avelino [email protected] + ux: toggle domain/project id/name inputs + + Whenever the user wants to configure openstack domain/project id/name, they + cannot fill both cases. To prevent that we are disabling the respective + opposite fields when one of the fields is filled. + + bsc#1091809 ui improvement + + Signed-off-by: Vítor Avelino <[email protected]> + + +------------------------------------------------------------------- +Thu May 24 18:16:04 UTC 2018 - [email protected] + +- Commit b04fc47 by David Cassany [email protected] + Spec cleaning + + - Removing systemd dependency + - Removing duplicated Provides + + +------------------------------------------------------------------- +Thu May 24 15:08:28 UTC 2018 - [email protected] + +- Commit f7d227d by Maximilian Meister [email protected] + show apply button after each setting creation + + it makes sense to offer the apply button directly after a user has created a + new setting + + otherwise you have to navigate back to the setting index which is not a good + UX because it's hidden + + in many cases a user just wants to create one setting and then immediately + apply + + settings#apply-on-create + + Signed-off-by: Maximilian Meister <[email protected]> + + +------------------------------------------------------------------- +Wed May 23 23:54:20 UTC 2018 - [email protected] + +- Commit 456c04d by tdaines42 [email protected] + made changes so project id and domain id can be used for openstack + + +------------------------------------------------------------------- +Wed May 23 17:48:51 UTC 2018 - [email protected] + +- Commit 7ef3502 by Vítor Avelino [email protected] + ui: fixed unwanted acceptance failure alert + + Also replaced deprecated ajax callback method. + + bsc#1093869 follow-up + + Signed-off-by: Vítor Avelino <[email protected]> + + +------------------------------------------------------------------- +Tue May 22 11:46:56 UTC 2018 - [email protected] + +- Commit 16ee911 by Florian Bergmann [email protected] + Extract more logic into the base controller. + + The base controller for certificates now also handles the `new`, `edit`, + `update` and `destroy` actions. + + Only the registry_mirror keeps handling its own `create` as it accesses the + `registry` object as well. + + Commit 471f9ed by Florian Bergmann [email protected] + Move the migration to the end of the migration list by renaming. + + The tables for system_certificates were not part of the + /var/lib/velum/schema.rb file and were not migrated. + + Commit 61b72b5 by Florian Bergmann [email protected] + Add ui for self-signed certificates to welcome page. + + Rendering of the system form in the welcome page uses a partial. + + Commit 5e85427 by Florian Bergmann [email protected] + Extract common logic of certificate handling controllers. + + Commit 66fdc28 by Florian Bergmann [email protected] + Initial basic implementation of a system wide certificates. + + The implementation follows the registry & registry mirror style and adds a + simple (name, certificate) model. + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ velum.spec ++++++ --- /var/tmp/diff_new_pack.OkLzjG/_old 2018-05-29 10:44:23.925646450 +0200 +++ /var/tmp/diff_new_pack.OkLzjG/_new 2018-05-29 10:44:23.925646450 +0200 @@ -23,7 +23,7 @@ # Version: 1.0.0 # %%define branch 1.0.0 -Version: 4.0.0+dev+git_r779_59c041df8d903e1d017edbdd1063c3f76492b733 +Version: 4.0.0+dev+git_r797_7e1a29814f26359f9f065d99f101f1ba80ec93ab Release: 0 %define branch master Summary: Dashboard for CaasP @@ -40,14 +40,9 @@ %define velumdir /srv/velum Requires: ruby >= 2.1 -%if 0%{?suse_version} >= 1210 -BuildRequires: systemd-rpm-macros -%endif BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: ruby-macros >= 5 -%{?systemd_requires} -Provides: velum = %{version} Obsoletes: velum < %{version} # javascript engine to build assets BuildRequires: nodejs @@ -96,7 +91,7 @@ %description velum is the dashboard for CaasP to manage and deploy kubernetes clusters on top of MicroOS -This package has been built with commit 59c041df8d903e1d017edbdd1063c3f76492b733 from branch master on date Tue, 22 May 2018 07:45:26 +0000 +This package has been built with commit 7e1a29814f26359f9f065d99f101f1ba80ec93ab from branch master on date Fri, 25 May 2018 11:47:50 +0000 %prep %setup -q -n velum-%{branch} @@ -145,6 +140,10 @@ mkdir %{buildroot}%{velumdir}/$folder done +%if 0%{?suse_version} >= 1500 + rm %{buildroot}%{velumdir}/LICENSE +%endif + %fdupes -s %{buildroot}/%{velumdir} %files @@ -152,6 +151,11 @@ %{velumdir} %exclude %{velumdir}/spec %doc %{velumdir}/README.md + +%if 0%{?suse_version} < 1500 %doc %{velumdir}/LICENSE +%else +%license LICENSE +%endif %changelog ++++++ 0_set_default_salt_events_alter_time_column_value.rpm.patch ++++++ --- /var/tmp/diff_new_pack.OkLzjG/_old 2018-05-29 10:44:23.941645860 +0200 +++ /var/tmp/diff_new_pack.OkLzjG/_new 2018-05-29 10:44:23.941645860 +0200 @@ -2,7 +2,7 @@ index 1275187..9eb6291 100644 --- a/db/schema.rb +++ b/db/schema.rb -@@ -106,7 +106,7 @@ ActiveRecord::Schema.define(version: 20180508070232) do +@@ -106,7 +106,7 @@ ActiveRecord::Schema.define(version: 20181708070232) do create_table "salt_events", force: :cascade do |t| t.string "tag", limit: 255, null: false t.text "data", limit: 16777215, null: false @@ -11,7 +11,7 @@ t.string "master_id", limit: 255, null: false t.datetime "taken_at" t.datetime "processed_at" -@@ -135,7 +135,7 @@ ActiveRecord::Schema.define(version: 20180508070232) do +@@ -135,7 +135,7 @@ ActiveRecord::Schema.define(version: 20181708070232) do t.string "id", limit: 255, null: false t.string "success", limit: 10, null: false t.text "full_ret", limit: 16777215, null: false ++++++ master.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/javascripts/dashboard/dashboard.js new/velum-master/app/assets/javascripts/dashboard/dashboard.js --- old/velum-master/app/assets/javascripts/dashboard/dashboard.js 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/assets/javascripts/dashboard/dashboard.js 2018-05-25 13:48:43.000000000 +0200 @@ -501,8 +501,9 @@ $.ajax({ url: '/accept-minion.json', method: 'POST', - data: { minion_id: selector } - }).error(function () { + data: { minion_id: selector }, + dataType: 'text' + }).fail(function () { $alert.remove(); showAlert(error, 'alert', 'failed-acceptance-alert'); $.each(minionIds, function (_, id) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/javascripts/settings/index.js new/velum-master/app/assets/javascripts/settings/index.js --- old/velum-master/app/assets/javascripts/settings/index.js 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/assets/javascripts/settings/index.js 2018-05-25 13:48:43.000000000 +0200 @@ -1,6 +1,7 @@ $(function() { var $mirrorForm = $('.mirror-form'); var $registryForm = $('.registry-form'); + var $systemCertificateForm = $('.system-certificate-form'); if ($mirrorForm.length) { new RegistryForm($mirrorForm); @@ -9,4 +10,8 @@ if ($registryForm.length) { new RegistryForm($registryForm); } -}); \ No newline at end of file + + if ($systemCertificateForm.length) { + new SystemCertificateForm($systemCertificateForm); + } +}); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/javascripts/setup/openstack.js new/velum-master/app/assets/javascripts/setup/openstack.js --- old/velum-master/app/assets/javascripts/setup/openstack.js 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/assets/javascripts/setup/openstack.js 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,36 @@ +(function (window) { + var dom = { + NAME_INPUTS: '#settings_cloud_openstack_domain, #settings_cloud_openstack_project', + ID_INPUTS: '#settings_cloud_openstack_domain_id, #settings_cloud_openstack_project_id', + }; + + function OpenStackSettings(el) { + this.$el = $(el); + + this.$idInputs = this.$el.find(dom.ID_INPUTS); + this.$nameInputs = this.$el.find(dom.NAME_INPUTS); + + this.events(); + } + + OpenStackSettings.prototype.events = function () { + this.$el.on('input', dom.ID_INPUTS, this.onIdInputs.bind(this)); + this.$el.on('input', dom.NAME_INPUTS, this.onNameInputs.bind(this)); + } + + OpenStackSettings.prototype.onIdInputs = function (e) { + this.$nameInputs.prop('disabled', !this.isEmpty(this.$idInputs)); + } + + OpenStackSettings.prototype.onNameInputs = function (e) { + this.$idInputs.prop('disabled', !this.isEmpty(this.$nameInputs)); + } + + OpenStackSettings.prototype.isEmpty = function (els) { + var value = $.map(els, function (el) { return el.value }).join(''); + + return value.length === 0; + } + + window.OpenStackSettings = OpenStackSettings; +}(window)); \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/javascripts/setup/setup.js new/velum-master/app/assets/javascripts/setup/setup.js --- old/velum-master/app/assets/javascripts/setup/setup.js 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/assets/javascripts/setup/setup.js 2018-05-25 13:48:43.000000000 +0200 @@ -27,4 +27,5 @@ }); new SUSERegistryMirrorPanel('.suse-mirror-panel-body'); + new OpenStackSettings('.openstack-settings'); }); \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/stylesheets/pages/registries.scss new/velum-master/app/assets/stylesheets/pages/registries.scss --- old/velum-master/app/assets/stylesheets/pages/registries.scss 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/assets/stylesheets/pages/registries.scss 2018-05-25 13:48:43.000000000 +0200 @@ -1,4 +1,4 @@ -.registry-details { +.settings-details { margin-bottom: 30px; .field { @@ -20,4 +20,4 @@ .add-entry-btn { margin-bottom: 0; } -} \ No newline at end of file +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/internal_api/v1/pillars_controller.rb new/velum-master/app/controllers/internal_api/v1/pillars_controller.rb --- old/velum-master/app/controllers/internal_api/v1/pillars_controller.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/controllers/internal_api/v1/pillars_controller.rb 2018-05-25 13:48:43.000000000 +0200 @@ -10,6 +10,8 @@ cloud_provider_contents ).merge( kubelet_contents + ).merge( + system_certificate_contents ) end @@ -45,6 +47,17 @@ { registries: registries } end + def system_certificate_contents + { + system_certificates: SystemCertificate.all.map do |cert| + { + name: cert.name, + cert: cert.certificate.try(:certificate) + } + end + } + end + def cloud_framework_contents case Pillar.value(pillar: :cloud_framework) when "ec2" @@ -121,7 +134,9 @@ username: Pillar.value(pillar: :cloud_openstack_username), password: Pillar.value(pillar: :cloud_openstack_password), domain: Pillar.value(pillar: :cloud_openstack_domain), + domain_id: Pillar.value(pillar: :cloud_openstack_domain_id), project: Pillar.value(pillar: :cloud_openstack_project), + project_id: Pillar.value(pillar: :cloud_openstack_project_id), region: Pillar.value(pillar: :cloud_openstack_region), floating: Pillar.value(pillar: :cloud_openstack_floating), subnet: Pillar.value(pillar: :cloud_openstack_subnet), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/settings/base_certificate_controller.rb new/velum-master/app/controllers/settings/base_certificate_controller.rb --- old/velum-master/app/controllers/settings/base_certificate_controller.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/controllers/settings/base_certificate_controller.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,110 @@ +# Settings::BaseCertificateController extract common methods for certificate +# handling in controllers. +# +# It expects the instance to be assigned to @certificate_holder and will +# set this variable before the `update` & `delete` routes. +# +# Subclasses are expected to overwrite the following methods: +# +# - @certificate_holder: the instance that holds the reference to the +# certificate +# +# - certificate_holder_type: return the class that will hold a reference to a +# certificate +# +# - certificate_holder_params: parameters that can be used to create a new +# certificate_holder model +# +# - certificate_holder_update_params: parameters that can be used to update the +# certificate_holder model +class Settings::BaseCertificateController < SettingsController + before_action :set_certificate_holder, except: [:index, :new, :create] + + attr_accessor :certificate_holder + + def new + @certificate_holder = certificate_holder_type.new + @cert = Certificate.new + end + + def create + @certificate_holder = certificate_holder_type.new( + certificate_holder_params.except(:certificate) + ) + @cert = Certificate.find_or_initialize_by(certificate: certificate_param) + + ActiveRecord::Base.transaction do + @certificate_holder.save! + create_or_update_certificate! if certificate_param.present? + end + + redirect_to [:settings, @certificate_holder], + notice: "#{@certificate_holder.class} was successfully created." + rescue ActiveRecord::RecordInvalid + render action: :new, status: :unprocessable_entity + end + + def edit + @cert = @certificate_holder.certificate || Certificate.new + end + + def update + @cert = @certificate_holder.certificate || Certificate.new(certificate: certificate_param) + + ActiveRecord::Base.transaction do + @certificate_holder.update_attributes!(certificate_holder_update_params) + + if certificate_param.present? + create_or_update_certificate! + elsif @certificate_holder.certificate.present? + @certificate_holder.certificate.destroy! + end + end + + redirect_to [:settings, @certificate_holder], + notice: "#{@certificate_holder.class} was successfully updated." + rescue ActiveRecord::RecordInvalid + render action: :edit, status: :unprocessable_entity + end + + protected + + # Class of ActiveRecord model that will hold the certificate + # + # @return [Class] Class of the object that will hold the certificate + def certificate_holder_type + raise NotImplementedError, + "#{self.class.name}#certificate_holder_type is an abstract method." + end + + # Form parameters that can be used to create instantiate the + # certificate_holder_type + # + # @return [ActiveController::StrongParameters] + def certificate_holder_params + raise NotImplementedError, + "#{self.class.name}#certificate_holder_update_params is an abstract method." + end + + # Form parameters that can be used to update the + # certificate_holder instance + # + # @return [ActiveController::StrongParameters] + def certificate_holder_update_params + raise NotImplementedError, + "#{self.class.name}#certificate_holder_update_params is an abstract method." + end + + def create_or_update_certificate! + if @cert.new_record? + @cert.save! + CertificateService.create!(service: certificate_holder, certificate: @cert) + else + @cert.update_attributes!(certificate: certificate_param) + end + end + + def set_certificate_holder + @certificate_holder = certificate_holder_type.find(params[:id]) + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/settings/registries_controller.rb new/velum-master/app/controllers/settings/registries_controller.rb --- old/velum-master/app/controllers/settings/registries_controller.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/controllers/settings/registries_controller.rb 2018-05-25 13:48:43.000000000 +0200 @@ -1,68 +1,35 @@ # Settings::RegistriesController is responsibe to manage all the requests # related to the registries feature -class Settings::RegistriesController < SettingsController - before_action :set_registry, except: [:index, :new, :create] - +class Settings::RegistriesController < Settings::BaseCertificateController def index @registries = Registry.displayable end - def new - @registry = Registry.new - @cert = Certificate.new - end - - def create - @registry = Registry.new(registry_params.except(:certificate)) - @cert = Certificate.find_or_initialize_by(certificate: certificate_param) - - ActiveRecord::Base.transaction do - @registry.save! - create_or_update_certificate! if certificate_param.present? - end - - redirect_to [:settings, @registry], notice: "Registry was successfully created." - rescue ActiveRecord::RecordInvalid - render action: :new, status: :unprocessable_entity - end - def show - not_found if suse_registry?(@registry) + not_found if suse_registry?(@certificate_holder) end - def edit - @cert = @registry.certificate || Certificate.new + def destroy + @certificate_holder.destroy + redirect_to settings_registries_path, notice: "Registry was successfully removed." end - def update - @cert = @registry.certificate || Certificate.new(certificate: certificate_param) - - ActiveRecord::Base.transaction do - @registry.update_attributes!(registry_params.except(:certificate)) + protected - if certificate_param.present? - create_or_update_certificate! - elsif @registry.certificate.present? - @registry.certificate.destroy! - end - end + def certificate_holder_type + Registry + end - redirect_to [:settings, @registry], notice: "Registry was successfully updated." - rescue ActiveRecord::RecordInvalid - render action: :edit, status: :unprocessable_entity + def certificate_holder_params + registry_params end - def destroy - @registry.destroy - redirect_to settings_registries_path, notice: "Registry was successfully removed." + def certificate_holder_update_params + registry_params.except(:certificate) end private - def set_registry - @registry = Registry.find(params[:id]) - end - def certificate_param registry_params[:certificate].strip if registry_params[:certificate].present? end @@ -74,13 +41,4 @@ def suse_registry?(registry) registry.name == Registry::SUSE_REGISTRY_NAME end - - def create_or_update_certificate! - if @cert.new_record? - @cert.save! - CertificateService.create!(service: @registry, certificate: @cert) - else - @cert.update_attributes!(certificate: certificate_param) - end - end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/settings/registry_mirrors_controller.rb new/velum-master/app/controllers/settings/registry_mirrors_controller.rb --- old/velum-master/app/controllers/settings/registry_mirrors_controller.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/controllers/settings/registry_mirrors_controller.rb 2018-05-25 13:48:43.000000000 +0200 @@ -1,70 +1,46 @@ # Settings::RegistryMirrorsController is responsibe to manage all the requests # related to the registry mirrors feature -class Settings::RegistryMirrorsController < SettingsController - before_action :set_registry_mirror, except: [:index, :new, :create] - +class Settings::RegistryMirrorsController < Settings::BaseCertificateController def index @grouped_mirrors = Registry.grouped_mirrors end - def new - @registry_mirror = RegistryMirror.new - @cert = Certificate.new - end - def create @registry = Registry.find(registry_mirror_params[:registry_id]) registry_mirror_create_params = registry_mirror_params.except(:certificate, :registry_id) - @registry_mirror = @registry.registry_mirrors.build(registry_mirror_create_params) + @certificate_holder = @registry.registry_mirrors.build(registry_mirror_create_params) @cert = Certificate.find_or_initialize_by(certificate: certificate_param) ActiveRecord::Base.transaction do - @registry_mirror.save! + @certificate_holder.save! create_or_update_certificate! if certificate_param.present? @created = true end - redirect_to [:settings, @registry_mirror], notice: "Mirror was successfully created." + redirect_to [:settings, @certificate_holder], notice: "Mirror was successfully created." rescue ActiveRecord::RecordInvalid render action: :new, status: :unprocessable_entity end - def edit - @cert = @registry_mirror.certificate || Certificate.new + def destroy + @certificate_holder.destroy + redirect_to settings_registry_mirrors_path, notice: "Mirror was successfully removed." end - def update - @cert = @registry_mirror.certificate || Certificate.new(certificate: certificate_param) - - ActiveRecord::Base.transaction do - registry_mirror_update_params = registry_mirror_params.except(:certificate, :registry_id) - @registry_mirror.update_attributes!(registry_mirror_update_params) - - if certificate_param.present? - create_or_update_certificate! - elsif @registry_mirror.certificate.present? - @registry_mirror.certificate.destroy! - end - end + protected - redirect_to [:settings, @registry_mirror], notice: "Mirror was successfully updated." - rescue ActiveRecord::RecordInvalid - render action: :edit, status: :unprocessable_entity + def certificate_holder_type + RegistryMirror end - def destroy - @registry_mirror.destroy - redirect_to settings_registry_mirrors_path, notice: "Mirror was successfully removed." + def certificate_holder_update_params + registry_mirror_params.except(:certificate, :registry_id) end private - def set_registry_mirror - @registry_mirror = RegistryMirror.find(params[:id]) - end - def certificate_param registry_mirror_params[:certificate].strip if registry_mirror_params[:certificate].present? end @@ -72,13 +48,4 @@ def registry_mirror_params params.require(:registry_mirror).permit(:name, :url, :certificate, :registry_id) end - - def create_or_update_certificate! - if @cert.new_record? - @cert.save! - CertificateService.create!(service: @registry_mirror, certificate: @cert) - else - @cert.update_attributes!(certificate: certificate_param) - end - end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/settings/system_certificates_controller.rb new/velum-master/app/controllers/settings/system_certificates_controller.rb --- old/velum-master/app/controllers/settings/system_certificates_controller.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/controllers/settings/system_certificates_controller.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,43 @@ +# Settings::SystemCertificatesController is responsible to manage requests +# related to system wide certificates. +class Settings::SystemCertificatesController < Settings::BaseCertificateController + def index + @system_certificates = SystemCertificate.all + end + + def new + @certificate_holder = certificate_holder_type.new + @cert = Certificate.new + end + + def destroy + @certificate_holder.destroy + redirect_to settings_system_certificates_path, + notice: "System certificate was successfully removed." + end + + protected + + def certificate_holder_type + SystemCertificate + end + + def certificate_holder_params + system_certificate_params + end + + def certificate_holder_update_params + system_certificate_params.except(:certificate) + end + + private + + def certificate_param + system_certificate_params[:certificate].strip if + system_certificate_params[:certificate].present? + end + + def system_certificate_params + params.require(:system_certificate).permit(:name, :certificate) + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/setup_controller.rb new/velum-master/app/controllers/setup_controller.rb --- old/velum-master/app/controllers/setup_controller.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/controllers/setup_controller.rb 2018-05-25 13:48:43.000000000 +0200 @@ -40,7 +40,9 @@ @cloud_provider = Pillar.value(pillar: :cloud_provider) @cloud_openstack_auth_url = Pillar.value(pillar: :cloud_openstack_auth_url) @cloud_openstack_domain = Pillar.value(pillar: :cloud_openstack_domain) + @cloud_openstack_domain_id = Pillar.value(pillar: :cloud_openstack_domain_id) @cloud_openstack_project = Pillar.value(pillar: :cloud_openstack_project) + @cloud_openstack_project_id = Pillar.value(pillar: :cloud_openstack_project_id) @cloud_openstack_region = Pillar.value(pillar: :cloud_openstack_region) @cloud_openstack_username = Pillar.value(pillar: :cloud_openstack_username) @cloud_openstack_password = Pillar.value(pillar: :cloud_openstack_password) @@ -55,6 +57,19 @@ # container runtime setting @cri = Pillar.value(pillar: :container_runtime) || "docker" + + # allow adding system certificate: required if a user uses CPI with a + # self-signed certificate + @system_certificate = if session[:system_certificate_name].present? + SystemCertificate.find_by(name: session[:system_certificate_name]) + else + SystemCertificate.new + end + @cert = if @system_certificate.certificate.present? + @system_certificate.certificate + else + Certificate.new + end end # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize @@ -64,10 +79,12 @@ unprotected_pillars: unprotected_pillars) registry_errors = Registry.configure_suse_registry(suse_registry_mirror_params) - if res.empty? && registry_errors.empty? + certificate_errors = create_system_certificate + + if [res, registry_errors, certificate_errors].all?(&:empty?) redirect_to setup_worker_bootstrap_path else - redirect_to setup_path, alert: res + registry_errors + redirect_to setup_path, alert: res + registry_errors + certificate_errors end end @@ -155,7 +172,9 @@ # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize def settings_params - settings = params.require(:settings).permit(*Pillar.all_pillars.keys) + settings = params.require(:settings) + .permit(*Pillar.all_pillars.keys, + system_certificate: [:name, :certificate]) if params["settings"]["enable_proxy"] == "disable" settings["proxy_systemwide"] = "false" @@ -219,6 +238,10 @@ params.require(:roles) end + def system_certificate_params + settings_params[:system_certificate] + end + def proxy_enabled (@http_proxy.present? && @https_proxy.present? && @no_proxy.present?) || @proxy_systemwide == "true" @@ -269,5 +292,20 @@ [] end end + + # Create a new SystemCertificate and remember the name. + # + # @return [String] A list of errors while attempting to create the + # certificate and related objects + def create_system_certificate + return [] if system_certificate_params.blank? || + system_certificate_params.values.all?(&:blank?) + errors = SystemCertificate.create_system_certificate(system_certificate_params) + if errors.empty? && + SystemCertificate.exists?(name: system_certificate_params[:name]) + session[:system_certificate_name] = system_certificate_params[:name] + end + errors + end end # rubocop:enable Metrics/ClassLength diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/helpers/settings_helper.rb new/velum-master/app/helpers/settings_helper.rb --- old/velum-master/app/helpers/settings_helper.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/helpers/settings_helper.rb 2018-05-25 13:48:43.000000000 +0200 @@ -20,6 +20,10 @@ request.fullpath.starts_with?(settings_auditing_index_path) end + def settings_system_certificates_path? + request.fullpath.starts_with?(settings_system_certificates_path) + end + def registries_options_for_select registries = Registry.suse + Registry.displayable registries_for_options = registries.collect { |r| [r.name, r.id] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/models/pillar.rb new/velum-master/app/models/pillar.rb --- old/velum-master/app/models/pillar.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/models/pillar.rb 2018-05-25 13:48:43.000000000 +0200 @@ -96,8 +96,12 @@ "cloud:openstack:auth_url", cloud_openstack_domain: "cloud:openstack:domain", + cloud_openstack_domain_id: + "cloud:openstack:domain_id", cloud_openstack_project: "cloud:openstack:project", + cloud_openstack_project_id: + "cloud:openstack:project_id", cloud_openstack_region: "cloud:openstack:region", cloud_openstack_username: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/models/system_certificate.rb new/velum-master/app/models/system_certificate.rb --- old/velum-master/app/models/system_certificate.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/models/system_certificate.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,33 @@ +# System certificates represents CA certificates that should be +# installed in a system-wide used location: e.g. /etc/pki/trust/anchors +class SystemCertificate < ActiveRecord::Base + has_one :certificate_service, as: :service, dependent: :destroy + has_one :certificate, through: :certificate_service + + validates :name, presence: true, uniqueness: true + + class << self + # Create a new SystemCertificate from parameters + # + # @param system_certificate_params [ActionController::Parameters] + # @return [String] A list of errors while attempting to create the + # certificate and related objects + def create_system_certificate(system_certificate_params) + return [] if system_certificate_params.blank? + cert_name = system_certificate_params[:name] + cert = system_certificate_params[:certificate] + ActiveRecord::Base.transaction do + system_certificate = SystemCertificate.find_or_initialize_by(name: cert_name) + system_certificate.save! if system_certificate.new_record? + certificate = Certificate.find_or_initialize_by(certificate: cert) + certificate.save! if certificate.new_record? + service = CertificateService.find_or_initialize_by(service: system_certificate, + certificate: certificate) + service.save! if service.new_record? + [] + end + rescue ActiveRecord::RecordInvalid + ["A certificate needs a valid name."] + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/_sidebar.html.slim new/velum-master/app/views/settings/_sidebar.html.slim --- old/velum-master/app/views/settings/_sidebar.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/settings/_sidebar.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -5,6 +5,8 @@ = link_to "Remote Registries", settings_registries_path li class="#{active_class?(settings_registry_mirrors_path?)}" = link_to "Mirrors", settings_registry_mirrors_path + li class="#{active_class?(settings_system_certificates_path?)}" + = link_to "System wide certificates", settings_system_certificates_path h5.title Kubernetes ul.list li class="#{active_class?(settings_kubelet_compute_resources_reservations_path?)}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/registries/_form.html.slim new/velum-master/app/views/settings/registries/_form.html.slim --- old/velum-master/app/views/settings/registries/_form.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/settings/registries/_form.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -1,15 +1,15 @@ -= form_for [:settings, @registry], html: { class: 'registry-form' } do |f| - .form-group class="#{error_class_for(@registry, :name)}" += form_for [:settings, @certificate_holder], html: { class: 'registry-form' } do |f| + .form-group class="#{error_class_for(@certificate_holder, :name)}" = f.label :name = f.text_field :name, class: "form-control", required: true - = error_messages_for(@registry, :name) - .form-group.form-group-url class="#{error_class_for(@registry, :url)}" + = error_messages_for(@certificate_holder, :name) + .form-group.form-group-url class="#{error_class_for(@certificate_holder, :url)}" = f.label :url, "URL" = f.text_field :url, class: "form-control url", required: true - = error_messages_for(@registry, :url) + = error_messages_for(@certificate_holder, :url) span.help-block.invalid-format.hide This is not a valid URL. Please try something like https://registry.local span.help-block.invalid-insecure.hide Security warning: You are using an insecure mirror address for a secure remote registry - .form-group.form-group-certificate class="#{'hide' unless url_secure?(@registry.url)}" + .form-group.form-group-certificate class="#{'hide' unless url_secure?(@certificate_holder.url)}" = f.label :certificate p Use this option to provide the self-signed certificate used by the registry. = f.text_area :certificate, class: "form-control", value: @cert.certificate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/registries/show.html.slim new/velum-master/app/views/settings/registries/show.html.slim --- old/velum-master/app/views/settings/registries/show.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/settings/registries/show.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -1,29 +1,31 @@ += render 'settings/apply' + header.settings-content-header.clearfix .title.pull-left - h2 #{@registry.name} registry details + h2 #{@certificate_holder.name} registry details .actions.pull-right - = link_to settings_registry_path(@registry), method: "delete", class: "btn btn-danger", data: { confirm: "Are you sure?" } do + = link_to settings_registry_path(@certificate_holder), method: "delete", class: "btn btn-danger", data: { confirm: "Are you sure?" } do | Delete - = link_to edit_settings_registry_path(@registry), class: "btn btn-primary" do + = link_to edit_settings_registry_path(@certificate_holder), class: "btn btn-primary" do | Edit -section.registry-details +section.settings-details .field .details-label URL .details-value - = display_registry_url(@registry.url) + = display_registry_url(@certificate_holder.url) - - if @registry.certificate.present? + - if @certificate_holder.certificate.present? .field .details-label Certificate .details-value - = @registry.certificate.certificate + = @certificate_holder.certificate.certificate h3 Mirrors -= link_to "Add Mirror", new_settings_registry_mirror_path(registry_id: @registry.id), class: "btn btn-primary add-entry-btn" += link_to "Add Mirror", new_settings_registry_mirror_path(registry_id: @certificate_holder.id), class: "btn btn-primary add-entry-btn" -- if @registry.registry_mirrors.any? +- if @certificate_holder.registry_mirrors.any? table.table thead tr @@ -31,7 +33,7 @@ th URL th width="110" tbody - - @registry.registry_mirrors.each do |mirror| + - @certificate_holder.registry_mirrors.each do |mirror| tr class="mirror_#{mirror.id}" td = link_to mirror.name, settings_registry_mirror_path(mirror) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/registry_mirrors/_form.html.slim new/velum-master/app/views/settings/registry_mirrors/_form.html.slim --- old/velum-master/app/views/settings/registry_mirrors/_form.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/settings/registry_mirrors/_form.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -1,27 +1,27 @@ -= form_for [:settings, @registry_mirror], html: { class: "mirror-form" } do |f| += form_for [:settings, @certificate_holder], html: { class: "mirror-form" } do |f| .form-group = f.label :registry_id, "Mirror of" .row .col-xs-4 - = f.select :registry_id, registries_options_for_select, { include_blank: true }, class: "form-control registry-select", required: true, disabled: !@registry_mirror.new_record? - - if @registry_mirror.new_record? + = f.select :registry_id, registries_options_for_select, { include_blank: true }, class: "form-control registry-select", required: true, disabled: !@certificate_holder.new_record? + - if @certificate_holder.new_record? .col-xs-8 = link_to "Create new registry", new_settings_registry_path, class: "btn btn-primary add-entry-btn hide" - .form-group class="#{error_class_for(@registry_mirror, :name)}" + .form-group class="#{error_class_for(@certificate_holder, :name)}" = f.label :name = f.text_field :name, class: "form-control", required: true - = error_messages_for(@registry_mirror, :name) - .form-group.form-group-url class="#{error_class_for(@registry_mirror, :url)}" + = error_messages_for(@certificate_holder, :name) + .form-group.form-group-url class="#{error_class_for(@certificate_holder, :url)}" = f.label :url, "URL" = f.text_field :url, class: "form-control url", required: true - = error_messages_for(@registry_mirror, :url) + = error_messages_for(@certificate_holder, :url) span.help-block.invalid-format.hide This is not a valid URL. Please try something like https://registry.local span.help-block.invalid-insecure.hide Security warning: You are using an insecure mirror address for a secure remote registry - .form-group.form-group-certificate class="#{'hide' unless url_secure?(@registry_mirror.url)}" + .form-group.form-group-certificate class="#{'hide' unless url_secure?(@certificate_holder.url)}" = f.label :certificate p Use this option to provide the self-signed certificate used by the mirror. = f.text_area :certificate, class: "form-control", value: @cert.certificate .form-actions.clearfix = f.submit "Save", class: "btn btn-primary action" - = link_to "Cancel", settings_registry_mirrors_path, class: "btn btn-default action" \ No newline at end of file + = link_to "Cancel", settings_registry_mirrors_path, class: "btn btn-default action" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/registry_mirrors/show.html.slim new/velum-master/app/views/settings/registry_mirrors/show.html.slim --- old/velum-master/app/views/settings/registry_mirrors/show.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/settings/registry_mirrors/show.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -1,28 +1,30 @@ += render 'settings/apply' + header.settings-content-header.clearfix .title.pull-left - h2 #{@registry_mirror.name} mirror details + h2 #{@certificate_holder.name} mirror details .actions.pull-right - = link_to settings_registry_mirror_path(@registry_mirror), method: "delete", class: "btn btn-danger", data: { confirm: "Are you sure?" } do + = link_to settings_registry_mirror_path(@certificate_holder), method: "delete", class: "btn btn-danger", data: { confirm: "Are you sure?" } do | Delete - = link_to edit_settings_registry_mirror_path(@registry_mirror), class: "btn btn-primary" do + = link_to edit_settings_registry_mirror_path(@certificate_holder), class: "btn btn-primary" do | Edit -section.registry-details +section.settings-details .field .details-label Registry .details-value - - if suse_registry?(@registry_mirror.registry) - = @registry_mirror.registry.name + - if suse_registry?(@certificate_holder.registry) + = @certificate_holder.registry.name - else - = link_to @registry_mirror.registry.name, settings_registry_path(@registry_mirror.registry), class: "registry-link" + = link_to @certificate_holder.registry.name, settings_registry_path(@certificate_holder.registry), class: "registry-link" .field .details-label URL .details-value - = display_registry_url(@registry_mirror.url) + = display_registry_url(@certificate_holder.url) - - if @registry_mirror.certificate.present? + - if @certificate_holder.certificate.present? .field .details-label Certificate .details-value - = @registry_mirror.certificate.certificate \ No newline at end of file + = @certificate_holder.certificate.certificate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/system_certificates/_fields.html.slim new/velum-master/app/views/settings/system_certificates/_fields.html.slim --- old/velum-master/app/views/settings/system_certificates/_fields.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/settings/system_certificates/_fields.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,12 @@ +/ This partial is for usage in other forms that should allow the user to create +/ system certificates, while not using the default system-certificate resource += f.fields_for :system_certificate do |certificate_fields| + .form-group class="#{error_class_for(@system_certificate, :name)}" + = certificate_fields.label :name + = certificate_fields.text_field :name, class: "form-control", value: @system_certificate.name, required: required + = error_messages_for(@system_certificate, :name) + + .form-group.form-group-certificate + = certificate_fields.label :certificate + p Paste the self-signed certificate to be added to the system certificate store here. + = certificate_fields.text_area :certificate, class: "form-control", value: @cert.certificate, required: required diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/system_certificates/_form.html.slim new/velum-master/app/views/settings/system_certificates/_form.html.slim --- old/velum-master/app/views/settings/system_certificates/_form.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/settings/system_certificates/_form.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,13 @@ += form_for [:settings, @certificate_holder], html: { class: "system-certificate-form"} do |f| + .form-group class="#{error_class_for(@certificate_holder, :name)}" + = f.label :name + = f.text_field :name, class: "form-control", value: @certificate_holder.name, required: true + = error_messages_for(@certificate_holder, :name) + .form-group.form-group-certificate + = f.label :certificate + p Paste the self-signed certificate to be added to the system certificate store here. + = f.text_area :certificate, class: "form-control", value: @cert.certificate, required: true + + .form-actions.clearfix + = f.submit "Save", class: "btn btn-primary action" + = link_to "Cancel", settings_system_certificates_path, class: "btn btn-default action" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/system_certificates/edit.html.slim new/velum-master/app/views/settings/system_certificates/edit.html.slim --- old/velum-master/app/views/settings/system_certificates/edit.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/settings/system_certificates/edit.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,3 @@ +h2 Edit + += render 'form' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/system_certificates/index.html.slim new/velum-master/app/views/settings/system_certificates/index.html.slim --- old/velum-master/app/views/settings/system_certificates/index.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/settings/system_certificates/index.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,23 @@ += render 'settings/apply' + +h2 System wide certificates + += link_to "Add system wide certificate", new_settings_system_certificate_path, class: "btn btn-primary add-entry-btn" + +- if @system_certificates.present? + section + table.table + thead + tr + th Name + th width="110" + tbody + - @system_certificates.each do |cert| + tr class="system-certificate_#{cert.id}" + td + = link_to cert.name, settings_system_certificate_path(cert) + td.actions + = link_to edit_settings_system_certificate_path(cert), class: "btn btn-default icon-only edit-btn" do + i.fa.fa-pencil + = link_to settings_system_certificate_path(cert), method: "delete", class: "btn btn-danger icon-only delete-btn", data: { confirm: "Are you sure?" } do + i.fa.fa-trash-o diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/system_certificates/new.html.slim new/velum-master/app/views/settings/system_certificates/new.html.slim --- old/velum-master/app/views/settings/system_certificates/new.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/settings/system_certificates/new.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,3 @@ +h2 New system wide certificate + += render 'form' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/settings/system_certificates/show.html.slim new/velum-master/app/views/settings/system_certificates/show.html.slim --- old/velum-master/app/views/settings/system_certificates/show.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/settings/system_certificates/show.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,22 @@ += render 'settings/apply' + +header.settings-content-header.clearfix + .title.pull-left + h2 #{@certificate_holder.name} certificate details + .actions.pull-right + = link_to settings_system_certificate_path(@certificate_holder), method: "delete", class: "btn btn-danger", data: { confirm: "Are you sure?" } do + | Delete + = link_to edit_settings_system_certificate_path(@certificate_holder), class: "btn btn-primary" do + | Edit + +section.settings-details + .field + .details-label Name + .details-value + = @certificate_holder.name + + - if @certificate_holder.certificate.present? + .field + .details-label Certificate + .details-value + = @certificate_holder.certificate.certificate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/setup/cloud/_openstack_configuration.html.slim new/velum-master/app/views/setup/cloud/_openstack_configuration.html.slim --- old/velum-master/app/views/setup/cloud/_openstack_configuration.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/setup/cloud/_openstack_configuration.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -8,9 +8,15 @@ = f.label :cloud_openstack_domain, "Domain name" = f.text_field :cloud_openstack_domain, value: @cloud_openstack_domain, class: "form-control" .form-group + = f.label :cloud_openstack_domain_id, "Domain ID" + = f.text_field :cloud_openstack_domain_id, value: @cloud_openstack_domain_id, class: "form-control" + .form-group = f.label :cloud_openstack_project, "Project name" = f.text_field :cloud_openstack_project, value: @cloud_openstack_project, class: "form-control" .form-group + = f.label :cloud_openstack_project_id, "Project ID" + = f.text_field :cloud_openstack_project_id, value: @cloud_openstack_project_id, class: "form-control" + .form-group = f.label :cloud_openstack_region, "Region name" = f.text_field :cloud_openstack_region, value: @cloud_openstack_region, class: "form-control" .form-group @@ -30,4 +36,4 @@ = f.text_field :cloud_openstack_lb_mon_retries, value: @cloud_openstack_lb_mon_retries, class: "form-control" .form-group = f.label :cloud_openstack_bs_version, "Cinder Block Storage API version" - = f.text_field :cloud_openstack_bs_version, value: @cloud_openstack_bs_version, class: "form-control" \ No newline at end of file + = f.text_field :cloud_openstack_bs_version, value: @cloud_openstack_bs_version, class: "form-control" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/setup/cloud/_settings.html.slim new/velum-master/app/views/setup/cloud/_settings.html.slim --- old/velum-master/app/views/setup/cloud/_settings.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/setup/cloud/_settings.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -16,4 +16,4 @@ .cloud-settings-panel-body.panel-collapse.collapse class="#{'in' if @cloud_provider.present?} #{'hidden' unless cloud_provider_options?}" .panel-body - = render partial: 'setup/cloud/openstack_configuration', locals: { f: f } \ No newline at end of file + = render partial: 'setup/cloud/openstack_configuration', locals: { f: f } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/setup/settings/_system_certificate.html.slim new/velum-master/app/views/setup/settings/_system_certificate.html.slim --- old/velum-master/app/views/setup/settings/_system_certificate.html.slim 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/views/setup/settings/_system_certificate.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,14 @@ +.panel.panel-default + .panel-heading.clearfix + h3.panel-title + | System wide certificate + .pull-right + = label_tag :certificate_settings_toggle, nil, class: "btn btn-default btn-sm js-toggle-overlay-settings-btn", data: {toggle: "collapse", target: "#certificate-settings-panel"} + | Show + + #certificate-settings-panel.panel-collapse.collapse + .panel-body + + p When you require a self-signed certificate, you can add it here, so it will be distributed to your cluster. + + = render partial: 'settings/system_certificates/fields', locals: { f: f, required: false } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/setup/welcome.html.slim new/velum-master/app/views/setup/welcome.html.slim --- old/velum-master/app/views/setup/welcome.html.slim 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/app/views/setup/welcome.html.slim 2018-05-25 13:48:43.000000000 +0200 @@ -155,6 +155,8 @@ = render partial: 'setup/settings/mirror', locals: { form: f } = render partial: 'setup/cloud/settings', locals: { f: f } = render partial: 'setup/settings/container_runtime', locals: { f: f } + = render partial: 'setup/settings/system_certificate', locals: { f: f } + .clearfix.steps-container = submit_tag "Next", class: "btn btn-primary pull-right" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/config/routes.rb new/velum-master/config/routes.rb --- old/velum-master/config/routes.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/config/routes.rb 2018-05-25 13:48:43.000000000 +0200 @@ -63,6 +63,7 @@ resources :registry_mirrors, path: :mirrors resources :kubelet_compute_resources_reservations, only: [:index, :create] resources :auditing, only: [:index, :create] + resources :system_certificates end end # rubocop:enable Metrics/BlockLength diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/db/migrate/20180517070232_create_system_certificates.rb new/velum-master/db/migrate/20180517070232_create_system_certificates.rb --- old/velum-master/db/migrate/20180517070232_create_system_certificates.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/db/migrate/20180517070232_create_system_certificates.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,9 @@ +class CreateSystemCertificates < ActiveRecord::Migration + def change + create_table :system_certificates do |t| + t.string :name + + t.timestamps null: false + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/db/schema.rb new/velum-master/db/schema.rb --- old/velum-master/db/schema.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/db/schema.rb 2018-05-25 13:48:43.000000000 +0200 @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180508070232) do +ActiveRecord::Schema.define(version: 20181708070232) do create_table "certificate_services", force: :cascade do |t| t.integer "certificate_id", limit: 4 @@ -142,6 +142,12 @@ add_index "salt_returns", ["id"], name: "id", using: :btree add_index "salt_returns", ["jid"], name: "jid", using: :btree + create_table "system_certificates", force: :cascade do |t| + t.string "name", limit: 255 + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + create_table "users", force: :cascade do |t| t.datetime "created_at" t.datetime "updated_at" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/lib/tasks/cpi.rake new/velum-master/lib/tasks/cpi.rake --- old/velum-master/lib/tasks/cpi.rake 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/lib/tasks/cpi.rake 2018-05-25 13:48:43.000000000 +0200 @@ -17,7 +17,9 @@ when /^[\[#]/ then puts "Skipping the line" when "auth-url" then cfg["cloud:openstack:auth_url"] = value when "domain-name" then cfg["cloud:openstack:domain_name"] = value + when "domain-id" then cfg["cloud:openstack:domain_id"] = value when "tenant-name" then cfg["cloud:openstack:tenant_name"] = value + when "tenant-id" then cfg["cloud:openstack:tenant_id"] = value when "region" then cfg["cloud:openstack:region"] = value when "username" then cfg["cloud:openstack:username"] = value when "password" then cfg["cloud:openstack:password"] = value diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch new/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch --- old/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch 2018-05-25 13:48:43.000000000 +0200 @@ -2,7 +2,7 @@ index 1275187..9eb6291 100644 --- a/db/schema.rb +++ b/db/schema.rb -@@ -106,7 +106,7 @@ ActiveRecord::Schema.define(version: 20180508070232) do +@@ -106,7 +106,7 @@ ActiveRecord::Schema.define(version: 20181708070232) do create_table "salt_events", force: :cascade do |t| t.string "tag", limit: 255, null: false t.text "data", limit: 16777215, null: false @@ -11,7 +11,7 @@ t.string "master_id", limit: 255, null: false t.datetime "taken_at" t.datetime "processed_at" -@@ -135,7 +135,7 @@ ActiveRecord::Schema.define(version: 20180508070232) do +@@ -135,7 +135,7 @@ ActiveRecord::Schema.define(version: 20181708070232) do t.string "id", limit: 255, null: false t.string "success", limit: 10, null: false t.text "full_ret", limit: 16777215, null: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/packaging/suse/velum.spec.in new/velum-master/packaging/suse/velum.spec.in --- old/velum-master/packaging/suse/velum.spec.in 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/packaging/suse/velum.spec.in 2018-05-25 13:48:43.000000000 +0200 @@ -36,14 +36,9 @@ %define velumdir /srv/velum Requires: ruby >= 2.1 -%if 0%{?suse_version} >= 1210 -BuildRequires: systemd-rpm-macros -%endif BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: ruby-macros >= 5 -%{?systemd_requires} -Provides: velum = %{version} Obsoletes: velum < %{version} # javascript engine to build assets BuildRequires: nodejs @@ -120,6 +115,10 @@ mkdir %{buildroot}%{velumdir}/$folder done +%if 0%{?suse_version} >= 1500 + rm %{buildroot}%{velumdir}/LICENSE +%endif + %fdupes -s %{buildroot}/%{velumdir} %files @@ -127,6 +126,11 @@ %{velumdir} %exclude %{velumdir}/spec %doc %{velumdir}/README.md + +%if 0%{?suse_version} < 1500 %doc %{velumdir}/LICENSE +%else +%license LICENSE +%endif %changelog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb new/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb --- old/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -9,12 +9,13 @@ let(:certificate) { create(:certificate) } let(:expected_flat_pillars_response) do { - dashboard: "dashboard.example.com", - registries: [ + system_certificates: [], + dashboard: "dashboard.example.com", + registries: [ url: Registry::SUSE_REGISTRY_URL, cert: nil ], - kubelet: { + kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" } @@ -46,7 +47,8 @@ context "when contains registries" do let(:expected_registries_response) do { - registries: [ + system_certificates: [], + registries: [ { url: Registry::SUSE_REGISTRY_URL, cert: nil @@ -70,7 +72,7 @@ ] } ], - kubelet: { + kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" } @@ -104,9 +106,9 @@ let(:expected_response) do { - registries: [ - ], - kubelet: { + system_certificates: [], + registries: [], + kubelet: { :"compute-resources" => { kube: { cpu: kube_reservation.cpu, @@ -132,12 +134,13 @@ let(:expected_response) do { - registries: [], - kubelet: { + registries: [], + system_certificates: [], + kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" }, - cloud: { + cloud: { framework: "ec2", profiles: { cluster_node: { @@ -196,12 +199,13 @@ let(:expected_response) do { - registries: [], - kubelet: { + system_certificates: [], + registries: [], + kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" }, - cloud: { + cloud: { framework: "azure", providers: { azure: { @@ -285,19 +289,22 @@ context "with Openstack provider" do let(:expected_response) do { - registries: [], - kubelet: { + system_certificates: [], + registries: [], + kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" }, - cloud: { + cloud: { provider: "openstack", openstack: { auth_url: "http://keystone-test-host:5000/v3";, username: "testuser", password: "pass", domain: "test", + domain_id: "9bc3e819a6ca648bb5e3c26c9e6c5e57", project: "prj", + project_id: "4b64b38d0b3840d0a69fade7299ef4ab", region: "rspec", floating: "9bc3e819-a6ca-648b-b5e3-c26c9e6c5e57", subnet: "4b64b38d-0b38-40d0-a69f-ade7299ef4ab", @@ -323,5 +330,32 @@ get :show expect(json).to eq(expected_response) end + end + + context "with system certificates" do + let(:expected_response) do + { + registries: [], + system_certificates: [ + name: "sca1", + cert: "cert" + ], + kubelet: { + :"compute-resources" => {}, + :"eviction-hard" => "" + } + } + end + + before do + certificate = Certificate.create(certificate: "cert") + system_certificate = SystemCertificate.create(name: "sca1") + CertificateService.create(service: system_certificate, certificate: certificate) + end + + it "has system certificates" do + get :show + expect(json).to eq(expected_response) + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/base_certificate_controller_spec.rb new/velum-master/spec/controllers/settings/base_certificate_controller_spec.rb --- old/velum-master/spec/controllers/settings/base_certificate_controller_spec.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/spec/controllers/settings/base_certificate_controller_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,40 @@ +require "rails_helper" + +# Required subclass to gain access to the protected methods. +class TestCertificate < Settings::BaseCertificateController + def certificate_holder_type + super + end + + def certificate_holder_params + super + end + + def certificate_holder_update_params + super + end +end + +RSpec.describe Settings::BaseCertificateController, type: :controller do + let(:base_certificate_controller) { TestCertificate.new } + + describe "Acquire certificate holder" do + it "Can not call certificate holder type in the super class" do + expect do + base_certificate_controller.certificate_holder_type + end.to raise_error(NotImplementedError) + end + + it "Can not call certificate holder params in the super class" do + expect do + base_certificate_controller.certificate_holder_params + end.to raise_error(NotImplementedError) + end + + it "Can not call certificate holder update params in the super class" do + expect do + base_certificate_controller.certificate_holder_update_params + end.to raise_error(NotImplementedError) + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/registries_controller_spec.rb new/velum-master/spec/controllers/settings/registries_controller_spec.rb --- old/velum-master/spec/controllers/settings/registries_controller_spec.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/spec/controllers/settings/registries_controller_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -43,8 +43,8 @@ get :new end - it "assigns a new Registry to @registry" do - expect(assigns(:registry)).to be_a_new(Registry) + it "assigns a new Registry to @certificate_holder" do + expect(assigns(:certificate_holder)).to be_a_new(Registry) end it "assigns a new Certificate to @cert" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb new/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb --- old/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -20,9 +20,9 @@ end describe "GET #new" do - it "assigns a new RegistryMirror to @registry_mirror" do + it "assigns a new RegistryMirror to @certificate_holder" do get :new - expect(assigns(:registry_mirror)).to be_a(RegistryMirror) + expect(assigns(:certificate_holder)).to be_a(RegistryMirror) expect(assigns(:cert)).to be_a(Certificate) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb new/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb --- old/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,118 @@ +require "rails_helper" + +RSpec.describe Settings::SystemCertificatesController, type: :controller do + let(:user) { create(:user) } + + before do + setup_done + sign_in user + end + + describe "GET #index" do + let!(:certificate) { create(:system_certificate) } + + before do + get :index + end + + it "populates an array of system certificates" do + expect(assigns(:system_certificates)).to match_array([certificate]) + end + end + + describe "GET #new" do + before do + get :new + end + + it "assigns a new system certificate to @certificate_holder" do + expect(assigns(:certificate_holder)).to be_a_new(SystemCertificate) + end + + it "assigns a new certificate to @cert" do + expect(assigns(:cert)).to be_a_new(Certificate) + end + end + + describe "GET #edit" do + let!(:certificate) { create(:certificate, certificate: "Cert") } + let!(:system_certificate) { create(:system_certificate) } + let!(:system_certificate_with_cert) { create(:system_certificate) } + + context "without certificate" do + before do + get :edit, id: system_certificate.id + end + + it "assigns system_certificate to @system_certificate" do + expect(assigns(:system_certificate)).not_to be_a_new(SystemCertificate) + end + + it "assigns a new Certificate to @cert" do + expect(assigns(:cert)).to be_a_new(Certificate) + end + end + + context "with certificate" do + before do + CertificateService.create!(service: system_certificate_with_cert, + certificate: certificate) + get :edit, id: system_certificate_with_cert.id + end + + it "assigns system_certificate to @certificate_holder" do + expect(assigns(:certificate_holder)).not_to be_a_new(SystemCertificate) + end + + it "assigns the existing certificate to @cert" do + expect(assigns(:cert)).not_to be_a_new(Certificate) + end + end + + it "return 404 if system certificate does not exist" do + get :edit, id: SystemCertificate.last.id + 1 + expect(response).to have_http_status(:not_found) + end + end + + describe "POST #create" do + it "can not save system certificate without name" do + expect do + post :create, system_certificate: { name: "", certificate: "cert" } + end.not_to change(SystemCertificate, :count) + expect(response).to have_http_status(:unprocessable_entity) + end + + it "saves the system certificate in the database" do + post :create, system_certificate: { name: "sca1", certificate: "cert" } + system_certificate = SystemCertificate.find_by(name: "sca1") + expect(system_certificate.name).to eq("sca1") + expect(system_certificate.certificate.certificate).to eq("cert") + end + end + + describe "PATCH #update" do + let!(:certificate) { create(:certificate, certificate: "C1") } + let!(:system_certificate) { create(:system_certificate) } + + before do + CertificateService.create!(service: system_certificate, certificate: certificate) + end + + it "updates a system certificate" do + system_certificate_params = { name: "new name" } + put :update, id: system_certificate.id, system_certificate: system_certificate_params + expect(SystemCertificate.find(system_certificate.id).name).to eq("new name") + end + end + + describe "DELETE #destroy" do + let!(:system_certificate) { create(:system_certificate) } + + it "deletes a system certificate" do + expect do + delete :destroy, id: system_certificate.id + end.to change(SystemCertificate, :count).by(-1) + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/setup_controller_spec.rb new/velum-master/spec/controllers/setup_controller_spec.rb --- old/velum-master/spec/controllers/setup_controller_spec.rb 2018-05-22 09:45:37.000000000 +0200 +++ new/velum-master/spec/controllers/setup_controller_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -65,6 +65,25 @@ end end + context "when a certificate was previously configured" do + let(:certificate_settings) do + settings_params.dup.tap do |s| + s["system_certificate"] = { name: "sca1", + certificate: "cert" } + end + end + + before do + sign_in user + put :configure, settings: certificate_settings + get :welcome + end + + it "remembers the created certificate" do + expect(assigns(:system_certificate)).to eq(SystemCertificate.find_by(name: "sca1")) + end + end + context "with HTML rendering" do before do sign_in user @@ -661,6 +680,44 @@ expect(Pillar.value(pillar: :cloud_openstack_domain)).to be_nil end end + + context "when user enters a certificate" do + let(:certificate_settings) do + settings_params.dup.tap do |s| + s["system_certificate"] = { name: "sca1", + certificate: "cert" } + end + end + + before do + sign_in user + end + + it "creates a new system certificate" do + put :configure, settings: certificate_settings + system_certificate = SystemCertificate.find_by(name: "sca1") + expect(system_certificate.name).to eq("sca1") + expect(system_certificate.certificate.certificate).to eq("cert") + end + end + + context "when user enters an invalid certificate" do + let(:certificate_settings) do + settings_params.dup.tap do |s| + s["system_certificate"] = { name: "", + certificate: "cert" } + end + end + + before do + sign_in user + end + + it "redirects to the setup page" do + response = put :configure, settings: certificate_settings + expect(response).to redirect_to(setup_path) + end + end end describe "GET /setup/discovery" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/factories/system_certificate_factory.rb new/velum-master/spec/factories/system_certificate_factory.rb --- old/velum-master/spec/factories/system_certificate_factory.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/spec/factories/system_certificate_factory.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,5 @@ +FactoryGirl.define do + factory :system_certificate do + sequence(:name) { |n| "system_certificate#{n}" } + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/models/system_certificate_spec.rb new/velum-master/spec/models/system_certificate_spec.rb --- old/velum-master/spec/models/system_certificate_spec.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/spec/models/system_certificate_spec.rb 2018-05-25 13:48:43.000000000 +0200 @@ -0,0 +1,5 @@ +require "rails_helper" + +RSpec.describe SystemCertificate, type: :model do + it { is_expected.to validate_presence_of(:name) } +end
