diff --git a/app/models/ext_management_system.rb b/app/models/ext_management_system.rb index 265d497ae4d..b02d19acf15 100644 --- a/app/models/ext_management_system.rb +++ b/app/models/ext_management_system.rb @@ -2,6 +2,7 @@ class ExtManagementSystem < ApplicationRecord include CustomActionsMixin include SupportsFeatureMixin include ExternalUrlMixin + include VerifyCredentialsMixin def self.with_tenant(tenant_id) tenant = Tenant.find(tenant_id) diff --git a/app/models/mixins/authentication_mixin.rb b/app/models/mixins/authentication_mixin.rb index 37000b41d43..140d2aa0f81 100644 --- a/app/models/mixins/authentication_mixin.rb +++ b/app/models/mixins/authentication_mixin.rb @@ -22,33 +22,6 @@ def self.authentication_check_schedule assocs = zone.respond_to?(assoc) ? zone.send(assoc) : [] assocs.each { |a| a.authentication_check_types_queue(:attempt => 1) } end - - def self.validate_credentials_task(args, user_id, zone) - task_opts = { - :action => "Validate EMS Provider Credentials", - :userid => user_id - } - - queue_opts = { - :args => [*args], - :class_name => name, - :method_name => "raw_connect?", - :queue_name => "generic", - :role => "ems_operations", - :zone => zone - } - - task_id = MiqTask.generic_action_with_callback(task_opts, queue_opts) - task = MiqTask.wait_for_taskid(task_id, :timeout => 30) - - if task.nil? - error_message = "Task Error" - elsif MiqTask.status_error?(task.status) || MiqTask.status_timeout?(task.status) - error_message = task.message - end - - [error_message.blank?, error_message] - end end def supported_auth_attributes diff --git a/app/models/mixins/verify_credentials_mixin.rb b/app/models/mixins/verify_credentials_mixin.rb new file mode 100644 index 00000000000..6e5a3a7856f --- /dev/null +++ b/app/models/mixins/verify_credentials_mixin.rb @@ -0,0 +1,77 @@ +module VerifyCredentialsMixin + extend ActiveSupport::Concern + + included do + class << self + Vmdb::Deprecation.deprecate_methods self, :validate_credentials_task => :verify_credentials_task + end + end + + module ClassMethods + def validate_credentials_task(args, user_id, zone) + task_opts = { + :action => "Validate EMS Provider Credentials", + :userid => user_id + } + + queue_opts = { + :args => [*args], + :class_name => name, + :method_name => "raw_connect?", + :queue_name => "generic", + :role => "ems_operations", + :zone => zone + } + + task_id = MiqTask.generic_action_with_callback(task_opts, queue_opts) + task = MiqTask.wait_for_taskid(task_id, :timeout => 30) + + if task.nil? + error_message = "Task Error" + elsif MiqTask.status_error?(task.status) || MiqTask.status_timeout?(task.status) + error_message = task.message + end + + [error_message.blank?, error_message] + end + + def verify_credentials_task(userid, zone, options) + task_opts = { + :action => "Verify EMS Provider Credentials", + :userid => userid + } + + encrypt_verify_credential_params!(options) + + queue_opts = { + :args => [options], + :class_name => name, + :method_name => "verify_credentials?", + :queue_name => "generic", + :role => "ems_operations", + :zone => zone + } + + MiqTask.generic_action_with_callback(task_opts, queue_opts) + end + + def verify_credentials?(args) + # Prevent the connection details, including the password, from being leaked into the logs + # and MiqQueue by only returning true/false + !!verify_credentials(args) + end + + private + + # Ensure that any passwords are encrypted before putting them onto the queue for any + # DDF fields which are a password type + def encrypt_verify_credential_params!(options) + params_for_create[:fields].each do |field| + key_path = field[:name].split(".") + if options.key_path?(key_path) + options.store_path(key_path, MiqPassword.try_encrypt(options.fetch_path(key_path))) if field[:type] == "password" + end + end + end + end +end