fixes #2121, #2069 - restrict importers and ENC to puppetmasters and users
CVE-2013-0171: report and fact importers parse YAML directly from the remotehost without authentication. Untrusted YAML can instantiate objects and beused to exploit Foreman.
CVE-2013-0174: external nodes (ENC) output is available to any source and...
v2 api for configuration_templates and template_combinations
fixes #1944 - Listing VMWare virtual machines under Computer resources is slow.
fixes #1814 - converts sp_* attributes into a BMC interface class
this patch also includes the following
fixes #1890 api host status
fixes #1834 to get foreman running under ruby 1.9.3
added compute resource actions and tests
host routes api changes squashed
Clear the thread values outside of handling request
Adding an around filter to clear the thread values. Without this thereis a risk that the thread value from previous request will be used inother request, which can lead to security issues.
We clear the current user at the beginning of the request (except the...
Fix inter-test dependencies
After the thread clean-up, some tests were failing because theyimplicitly expected User.current to be set. Stating the dependenciesexplicitly.
added template_kinds controller to api
Add organization and location to foreman.
This feature allows foreman to provide multi location, multi tenant andmulti organizations capablities.
the idea is that resources within foreman (e.g. hosts, subnets, users,environments etc) can belong to one or more locations and organization,...
set apiadmin user in headers before api controller tests
smart proxies api - filtering by proxy type
This commit adds most of the functionality required for API v1
The overall goal was to extract the existing JSON responseoverall controllers, and to move them to a seperate name space.
fixes #1957 - remove old libvirt hypervisors code
Since foreman 1.0 libvirt hypervisors are now part of compute resourcesthis patch removes the old code and migrate any existing hypervisors tobe libvirt based compute resources.
Fixed array structure in API v1 user controller test
Refs #1920 : Fix failing tests for Setting[:foreman_url] Ensure plain 'http' protocol is used in templates Add a test to ensure http is used when https is in @request
used media/show partial and added to tests
added dns_id, dhcp_id, tft_ip attributes even though they are nested as children to be consistent with current api
typo on index.json.rabl for environments.
added missing s char
auto create admin-user when missing in API requests
add getter for admin user User.admin which auto creates admin when missing
Use tokens for discovery of host identity during installation
- fixes #1069- fixes #1720- refs #969
fixes #832 - adds parameterized class support
Credits:This patch is based on the original work of Olivier Favre<olivier@yakaz.com> many many thanks!
trying to fix/figure out travis complains
fixes #1843 - Accepts a plain hash as facts source
Subnets API
a bunch of fixes to get functional tests running under 1.9.2
added environment API
fix failing 'show nested fact json' test in fact_values_controller_test
api v1 - domains controller
api v1 - added media and dashboard controllers
api v1 - config templates
fixes #1820 - Authenticate API calls via REMOTE_USER
This patch allows API requests authentication via REMOTE_USERonly if authorize_login_delegation and authorize_login_delegation_apiare enabled.
fixes #1799 moved REMOTE_ADDR verification to settings
api v1 - Users controller and tests
- split api routes to separate routes file- better detection of permission failure in model- fix ApiConstraints- catch bad routes in api and return json- render home#index links from restapi- fixed resource params recognition
api v1 - fisrt version of bookmarks controller
Fixed bookmark tests (API v1)
api v1 - Authorization
api v1 - architectures controler and tests
api v1 - tests for operating systems controller
api v1 - fixing permissions
cleanups in base controller
api v1 - render errors with rabl
better detection of permission failure in modelfix ApiConstraintscatch bad routes in api and return json
couple of test fixes after upgrading to a newer mocha/shoulda
minor fix and added a few tests to ensure config templates works correctly
fixes #1649 Puppet class and environment import works only on the first smart-proxy
fixes #1115 Host parameters are not available via the API
add a test to ensure that assoicated template oss are failing to delete the template
fixes #1619 - X-Forwarded-For multiple IPs
fixes #1597 - Restrict compute resources access by user
And add some rights to give non admin users so they can perform some normal actions on the hosts they own.
unit/domain_parameter_test.rb self-broke... added a tiny fix.Removing compute_resources/vms nesting, it is such a nightmare for functional tests....
adds ec2 provisioning support fixes #1223
- added progress bar for instance creation- minor fixes for certname based deployments- added ssh provisioning support to orchestartion, which utilize finish scripts by default- added images support (part of the vm compute tab)...
fixes #137 - Better support for non-hostname certnames
This patch introduce a new setting :use_uuid_for_certificates whichdefaults to false.
users who wish to deploy their hosts using a random unique id, shouldenable that setting, and use the certname directive in their puppet.conf...
fixes #1540 added suport for provisioning on ovirt/rhvem using fog.
This patch addes a compute resource concept within foreman
Signed-off-by: Ohad Levy <ohadlevy@gmail.com>
code smell
fixes #1503 - When creating a host, it should be possible to define a Puppet CA and a Puppet Master to use
fixes #1509 - Foreman should use the proxy to import puppet classes
fixes #1324 - Separate permssions on hosts from permissions for objects within hosts.
This allows a user to be granted permission to edit the host (and so change the group or proxy) but not, for example, edit the parametersThis could probably be extended further if necessary.
fixes #1175 - PXELinux does not render with spoof
fixes a couple of broken tests + show full error trace in development mode.
fixes #1446 - expire idle web sessions
fixes #402 - Add noops/pending to metric handling, and provide pending hosts for dashboard views.
This change adds the ability to see noops in metric reports insideforeman graphs, charts and lists. The business reason for this is to allowusers to run their puppet agents in noop mode, and see where nodes have...
WIP rails3 migration
fixes #1174 - some error messages may show up twice
fixes #1208 - Unauthenticated IP spoofing should not be allowed
fixed broken test - refs #1211
clean up unused views and tests, refs #1184
refactor - various facts cleanups
fixes #1148 - CRUD on lookup values via the API
fixes #1125 - tftp proxy might not always be initialized
fixes #1120 - Replaced DHCP functionaitlity by the new net dhcp record classes
fixes #1077 - Ensure that host OS attributes are related to the OS itself
FEATURE #982 API call to get fact keys
Signed-off-by: Corey Osman <corey@logicminds.biz>
Fixes #1047 - settings controller tests fail to set_session_user
Signed-off-by: Paul Kelly <paul.ian.kelly@googlemail.com>
fixes #322 Ability to add custom variables and multiple values resovledin a dynamic Hierarchally order
This commits introduces the ability to define variables per puppetclass.
additionally, each class can have multiple values, depends on the hostwhich is requesting that variable....
fixes #100 - Setting is now a ActiveRecord object
This allows users to manage foreman settings via the UI.
the UI is a bit ugly, but works :)
fixes #35 - Allow hostgroup nesting for puppet classes and parameters
Fixes #820 - Intel Solaris support
fixes #967 - bookmark fails if its name includes a "."
fixes #948 - better support for API config_templates api
Fixes 867 - Allow update_multiple to clear hostgroup
Also added the facility for clearing the environment to update_multiple_environments
fixed broken test - refs #836
Fixes #883 - Enable Authorization checking during rake tests
Feature #882 - add api call to reports page to get the index section
Signed-off-by: Corey Osman <corey@logicminds.biz>Signed-off-by: Ohad Levy <ohadlevy@gmail.com>
Feature #896 add json response for statistics page
a few test fixtures had to be changed, in order to ensure thatstatistics are returned correctly.
added search bookmarks, fixes #836
app/controllers/bookmarks_controller.rb | 74 ++++++++ app/helpers/application_helper.rb | 2 +-...
refs #815 - converted mulity host selections to a dialog box
Fixes #865 - adds support for api to select multiple hosts via name and id
fixes #815 - Redirect to login page when editing multiple hosts
this patch converts the mulitple selections to be pure javascript,removing the buggy AJAX implementation.
fixes #400 - Puppetca Monitor
fixes #847 - Retrieve last report information per host via the api
this adds two URLS to the API:
/hosts/fqdn/reports/last/reports/last
both supports JSON output which provides all of the report information.
fixes #827 add support for retrieving classes per host via the api
This allows queries like/hosts/fqdn/puppetclasses/puppetclasses/klass/hosts
it also changes the puppetclasses urls to include the class name instead of its ID.
fixes #723 - Hypervisor details page
This also include basic functionality to power on/off guests
Fixes #789 - External node interpolation of puppetmaster
Fixes #565 - rake puppet:import:puppet_classes misses some changes
Fixes #609 - Orchestrate puppetca operations
This also includes adding support for a puppet smart-proxy target typeand providing migration supportUpdated to provide backward compatability for host and hostgroup objectsNow terminates the build and incorporates other fixes...
Fixes #641 - Allow editing of the host's managed atribute
Fixes #691 - Implement simple status service
Signed-off-by: Lukas Zapletal <lzap+git@redhat.com>
Fixes #695 - Unattended being false should skip some tests
Fixes #670 - Adds proper json support for most CRUD operations
Fixes #632 - Adds the ability to generate a PXE menu containigprovisioning template and hostgroup combinations on smart proxies