app/models/template.rb
class Template < ApplicationRecord
include Exportable
attr_accessor :modify_locked, :modify_default
has_many :template_inputs, :dependent => :destroy, :foreign_key => 'template_id', :autosave => true
accepts_nested_attributes_for :template_inputs, :allow_destroy => true
validates_lengths_from_database
validates :name, :presence => true
validates :template, :presence => true
validates :audit_comment, :length => {:maximum => 255}
validate :template_changes, :if => :run_template_changes_validation?
validate :inputs_unchanged_when_locked, :if => :run_template_changes_validation?
validate do
validate_unique_inputs!
rescue Foreman::Exception => e
errors.add :base, e.message
end
before_destroy :check_if_template_is_locked
before_save :remove_trailing_chars
attr_exportable :name, :description, :snippet, :template_inputs, :model => ->(template) { template.class.to_s }
apipie :class do
sections only: %w[all additional]
prop_group :basic_model_props, ApplicationRecord
end
class Jail < Safemode::Jail
allow :id, :name
end
def skip_strip_attrs
['template']
end
def locked?
locked && !Foreman.in_rake?
end
# if some child class needs to eager load some associations it can be added to this array
def self.template_includes
[]
end
# May be extended or overwritten by plugins
def self.preview_host_collection
Host.authorized(:view_hosts).order(:name)
end
def metadata
"<%#\n#{to_export(false).to_yaml.sub(/\A---$/, '').strip}\n-%>\n"
end
def to_erb
metadata + template_without_metadata
end
def template_without_metadata
# Regexp like /.../m includes \n in .
template.sub(/^<%#\n.*?name.*?%>$\n?/m, '')
end
def filename
name.downcase.delete('-').gsub(/\s+/, '_') + '.erb'
end
def ignore_locking
self.modify_locked = true
yield
self.modify_locked = false
self
end
def ignore_default
self.modify_default = true
yield
self.modify_default = false
self
end
# Set attributes based on template +text and metadata found in this +text
# the metadata parsing can be adjusted using +options
def import_without_save(text, options = {})
self.template = text
@importing_metadata = self.class.parse_metadata(text)
Foreman::Logging.logger('app').debug "setting attributes for #{name} with id: #{id || 'N/A'}"
self.snippet = !!@importing_metadata[:snippet]
self.default = options[:default] unless options[:default].nil?
self.description = @importing_metadata[:description]
handle_lock_on_import(options)
import_taxonomies(options)
import_custom_data(options)
self
end
# Set template attributes
#
# based on +name it either finds existing template or builds a new one
# then it applies changes to it and return this object, note no changes were saved at this point
def self.import_without_save(name, text, options = {})
template = find_without_collision :name, name
Foreman::Logging.logger('app').debug "#{template.new_record? ? 'building new' : 'updating existing'} template"
template.import_without_save(text, options)
end
# Pull out the first erb comment only - /m is for a multiline regex
def self.parse_metadata(text)
extracted = text.match(/<%\#[\t a-z0-9=:]*(.+?).-?%>/m)
extracted.nil? ? {} : YAML.safe_load(extracted[1]).with_indifferent_access
rescue RuntimeError => e
Foreman::Logging.exception('invalid metadata', e)
{}
end
# Updates template metadata and save! it
#
# options can contain following keys
# :force - set to true if you want to bypass locked templates
# :associate - either 'new', 'always' or 'never', determines when the template should associate objects based on metadata
# :lock - lock imported templates (false by default), can be either boolean or lambda
# :default - default flag value (false by default)
def self.import!(name, text, options = {})
template = import_without_save(name, text, options)
return template unless template.valid?
if options[:force]
template.ignore_locking { template.save! }
else
template.save!
end
template
end
def self.acceptable_template_input_types
Foreman.input_types_registry.input_types.keys
end
# override in subclass to handle taxonomy scope, see TaxonomyCollisionFinder
def self.find_without_collision(attribute, name)
find_or_initialize_by :name => name
end
def self.default_render_scope_class
nil
end
def available_input_types
Foreman.input_types_registry.types_for_template_class(self.class).map(&:input_type_name)
end
def default_render_scope_class
self.class.default_render_scope_class
end
def self.log_render_results?
true
end
def log_render_results?
self.class.log_render_results?
end
def render(renderer: Foreman::Renderer, host: nil, params: {}, variables: {}, mode: Foreman::Renderer::REAL_MODE, template_input_values: {}, source_klass: nil)
source = Foreman::Renderer.get_source(template: self, host: host, klass: source_klass)
scope = Foreman::Renderer.get_scope(host: host, params: params, variables: variables, mode: mode, template: self, source: source, template_input_values: template_input_values)
renderer.render(source, scope)
end
def dup
dup = super
template_inputs.each do |input|
dup.template_inputs.build input.attributes.except('template_id', 'id', 'created_at', 'updated_at')
end
dup
end
def validate_unique_inputs!
duplicated_inputs = template_inputs.group_by(&:name).values.select { |values| values.size > 1 }.map(&:first)
unless duplicated_inputs.empty?
raise Foreman::Exception.new(N_('Duplicated inputs detected: %{duplicated_inputs}'), :duplicated_inputs => duplicated_inputs.map(&:name))
end
end
def sync_inputs(inputs)
inputs ||= []
# Build a hash where keys are input names
inputs = inputs.inject({}) { |h, input| h.update(input['name'] => input) }
# Sync existing inputs
template_inputs.each do |existing_input|
if inputs.include?(existing_input.name)
existing_input.assign_attributes(inputs.delete(existing_input.name))
else
existing_input.mark_for_destruction
end
end
# Create new inputs
inputs.each_value { |new_input| template_inputs.build(new_input) }
end
def support_single_host_render?
true
end
def support_preview?
true
end
def registration_template?
false
end
def host_init_config_template?
false
end
private
# This method can be overridden in Template children classes to import additional attributes
# specific to their type
#
# it can rely on self.template being updated and @importing_metadata to be populated with parsed
# metadata
def import_custom_data(_options)
sync_inputs(@importing_metadata['template_inputs'])
end
# Sets operatingsystem_ids of a template, it's used by provisioning template and ptable, which
# is why it lives here. Note that it's still considered as custom since other template types
# don't have relation to operating systems.
def import_oses(options)
if @importing_metadata.key?('oses') && associate_metadata_on_import?(options)
oses = Operatingsystem.authorized(:view_operatingsystems).all.select do |existing_os|
@importing_metadata['oses'].any? { |imported_os| existing_os.to_label =~ /\A#{imported_os}/ }
end
self.operatingsystem_ids = oses.map(&:id)
end
end
def import_taxonomies(options)
process_taxonomies options, :organization
process_taxonomies options, :location
end
def process_taxonomies(options, taxonomy)
tax_options = options["#{taxonomy}_params".to_sym]
if tax_options.empty?
send("import_#{taxonomy.to_s.pluralize}", options)
else
self.attributes = tax_options
end
end
def import_organizations(options)
if @importing_metadata.key?('organizations') && associate_metadata_on_import?(options)
organizations = User.current.my_organizations.where(:title => @importing_metadata['organizations'])
self.organization_ids = organizations.map(&:id)
else
organization_ids << Organization.current.id if Organization.current && !organization_ids.include?(Organization.current.id)
end
end
def import_locations(options)
if @importing_metadata.key?('locations') && associate_metadata_on_import?(options)
locations = User.current.my_locations.where(:title => @importing_metadata['locations'])
self.location_ids = locations.map(&:id)
else
location_ids << Location.current.id if Location.current && !location_ids.include?(Location.current.id)
end
end
def handle_lock_on_import(options)
(self.locked = options[:lock].respond_to?(:call) ? options[:lock].call(self) : options[:lock]) unless options[:lock].nil?
end
def associate_metadata_on_import?(options)
(options[:associate] == 'new' && new_record?) || (options[:associate] == 'always')
end
def allowed_changes
@allowed_changes ||= %w(locked default)
end
def check_if_template_is_locked
if locked?
errors.add(:base, _("This template is locked and may not be removed."))
throw(:abort)
end
end
def template_changes
actual_changes = changes
# Locked & Default are Special
if actual_changes.include?('locked') && !modify_locked
if User.current.nil? || !User.current.can?("lock_#{self.class.to_s.underscore.pluralize}", self)
errors.add(:base, _("You are not authorized to lock templates."))
end
end
if actual_changes.include?('default') && !modify_default
if User.current.nil? || !(User.current.can?(:create_organizations) || User.current.can?(:create_locations))
errors.add(:base, _("You are not authorized to make a template default."))
end
end
# API request can be changing the locked content (not allowed_changes) but the locked attribute at the same
# time, so if changes include locked attribute (template is being locked or unlocked), we skip the lock error
if !modify_locked && !actual_changes.delete_if { |k, v| allowed_changes.include? k }.empty? &&
!changes.include?('locked')
errors.add(:base, _("This template is locked. Please clone it to a new template to customize."))
end
if !modify_locked && locked? && !audit_comment.empty?
errors.add(:base, _("Cannot add audit comment to a locked template."))
end
end
def remove_trailing_chars
self.template = template.tr("\r", '') if template.present?
end
def run_template_changes_validation?
(locked? || locked_changed?) && persisted? && !ForemanSeeder.is_seeding
end
def inputs_unchanged_when_locked
inputs_changed = template_inputs.any? { |input| input.changed? || input.new_record? }
if inputs_changed
errors.add(:base, _('This template is locked. Please clone it to a new template to customize.'))
end
end
end
require_dependency 'provisioning_template'
require_dependency 'ptable'