Skip to content

Commit

Permalink
[IMP] cetmix_tower_server: Access to server fields
Browse files Browse the repository at this point in the history
Limit access to the following fields of the cx.tower.server ​odel to Manager and Root:

- OS
- IP v4 Address
- IP v6 Address
- SSH username
- SSH Port
- SSS auth mode
- SSH key
- Use sudo

Task: 4116
  • Loading branch information
GabbasovDinar committed Jan 14, 2025
1 parent b1e01f1 commit d04cce2
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 30 deletions.
3 changes: 3 additions & 0 deletions cetmix_tower_server/models/cetmix_tower.py
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ def server_check_ssh_connection(self, server_reference, attempts=5, timeout=15):
if not server:
raise ValidationError(_("No server found for the provided reference."))

# set access to read sensitive fields to connection
server = server.sudo()

# Prepare SSH connection parameters
ssh_params = {
"host": server.ip_v4_address or server.ip_v6_address,
Expand Down
42 changes: 31 additions & 11 deletions cetmix_tower_server/models/cx_tower_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -279,15 +279,29 @@ class CxTowerServer(models.Model):
)

# ---- Connection
ip_v4_address = fields.Char(string="IPv4 Address")
ip_v6_address = fields.Char(string="IPv6 Address")
ssh_port = fields.Char(string="SSH port", required=True, default="22")
ssh_username = fields.Char(string="SSH Username", required=True)
ssh_password = fields.Char(string="SSH Password")
ip_v4_address = fields.Char(
string="IPv4 Address", groups="cetmix_tower_server.group_manager"
)
ip_v6_address = fields.Char(
string="IPv6 Address", groups="cetmix_tower_server.group_manager"
)
ssh_port = fields.Char(
string="SSH port",
required=True,
default="22",
groups="cetmix_tower_server.group_manager",
)
ssh_username = fields.Char(
string="SSH Username", required=True, groups="cetmix_tower_server.group_manager"
)
ssh_password = fields.Char(
string="SSH Password", groups="cetmix_tower_server.group_manager"
)
ssh_key_id = fields.Many2one(
comodel_name="cx.tower.key",
string="SSH Private Key",
domain=[("key_type", "=", "k")],
groups="cetmix_tower_server.group_manager",
)
ssh_auth_mode = fields.Selection(
string="SSH Auth Mode",
Expand All @@ -297,11 +311,13 @@ class CxTowerServer(models.Model):
],
default="p",
required=True,
groups="cetmix_tower_server.group_manager",
)
use_sudo = fields.Selection(
string="Use sudo",
selection=[("n", "Without password"), ("p", "With password")],
help="Run commands using 'sudo'",
groups="cetmix_tower_server.group_manager",
)
# ---- Variables
variable_value_ids = fields.One2many(
Expand All @@ -317,7 +333,11 @@ class CxTowerServer(models.Model):
)

# ---- Attributes
os_id = fields.Many2one(string="Operating System", comodel_name="cx.tower.os")
os_id = fields.Many2one(
string="Operating System",
comodel_name="cx.tower.os",
groups="cetmix_tower_server.group_manager",
)
tag_ids = fields.Many2many(
comodel_name="cx.tower.tag",
relation="cx_tower_server_tag_rel",
Expand Down Expand Up @@ -540,6 +560,7 @@ def _connect(self, raise_on_error=True):
Defaults to True.
"""
self.ensure_one()
self = self.sudo()
try:
client = SSH(
host=self.ip_v4_address or self.ip_v6_address,
Expand Down Expand Up @@ -653,7 +674,7 @@ def _render_command(self, command, path=None):

# Get variable values for current server
variable_values_dict = (
self.get_variable_values(variables) # pylint: disable=no-member
self.sudo().get_variable_values(variables) # pylint: disable=no-member
if variables
else False
)
Expand Down Expand Up @@ -717,14 +738,13 @@ def execute_command(
dict(): command execution result if `no_log` context value == True else None
"""
self.ensure_one()

# Populate `sudo` value from the server settings if not provided explicitly
if sudo is None:
if self.ssh_username != "root" and self.use_sudo:
sudo = self.use_sudo
if self.sudo().ssh_username != "root" and self.sudo().use_sudo:
sudo = self.sudo().use_sudo

# Disable `sudo` if user is root
elif sudo and self.ssh_username == "root":
elif sudo and self.sudo().ssh_username == "root":
sudo = None

# Check if no log record should be created
Expand Down
2 changes: 2 additions & 0 deletions cetmix_tower_server/readme/CONFIGURE.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ Fill the values it the tabs below:
- **SSH Private Key**: Used for authentication is SSH Auth Mode is set to "Key"
- **Note**: Comments or user notes

Note: Some fields are visible based on the current user access level.

There is a special **Status** field which indicates current Server status. It is meant to be updated automatically using external API with further customizations.
Following pre-defined statuses are available:

Expand Down
51 changes: 32 additions & 19 deletions cetmix_tower_server/views/cx_tower_server_view.xml
Original file line number Diff line number Diff line change
Expand Up @@ -81,24 +81,6 @@
<strong>Partner:</strong>
<field name="partner_id" />
</div>
<div
attrs="{'invisible': [('os_id', '=', False)]}"
>
<strong>Operating System:</strong>
<field name="os_id" />
</div>
<div
attrs="{'invisible': [('ip_v4_address', '=', False)]}"
>
<strong>IPv4 Address:</strong>
<field name="ip_v4_address" />
</div>
<div
attrs="{'invisible': [('ip_v6_address', '=', False)]}"
>
<strong>IPv6 Address:</strong>
<field name="ip_v6_address" />
</div>
</div>
</div>
<div class="o_kanban_record_bottom">
Expand All @@ -123,6 +105,36 @@
</field>
</record>

<record id="cx_tower_server_view_kanban_manager" model="ir.ui.view">
<field name="name">cx.tower.server.view.kanban</field>
<field name="model">cx.tower.server</field>
<field
name="inherit_id"
ref="cetmix_tower_server.cx_tower_server_view_kanban"
/>
<field
name="groups_id"
eval="[(4, ref('cetmix_tower_server.group_manager'))]"
/>
<field name="arch" type="xml">
<xpath expr="//div[hasclass('o_kanban_primary_right')]" position="inside">
<div attrs="{'invisible': [('os_id', '=', False)]}">
<strong>Operating System:</strong>
<field name="os_id" />
</div>
<div attrs="{'invisible': [('ip_v4_address', '=', False)]}">
<strong>IPv4 Address:</strong>
<field name="ip_v4_address" />
</div>
<div attrs="{'invisible': [('ip_v6_address', '=', False)]}">
<strong>IPv6 Address:</strong>
<field name="ip_v6_address" />
</div>
</xpath>
</field>
</record>


<record id="cx_tower_server_view_tree" model="ir.ui.view">
<field name="name">cx.tower.server.view.tree</field>
<field name="model">cx.tower.server</field>
Expand Down Expand Up @@ -360,7 +372,7 @@
<field name="name" />
<field name="reference" />
<field name="status" />
<field name="os_id" />
<field name="os_id" groups="cetmix_tower_server.group_manager" />
<field name="tag_ids" />
<filter
string="Archived"
Expand All @@ -384,6 +396,7 @@
name="group_by_os"
domain="[]"
context="{'group_by': 'os_id'}"
groups="cetmix_tower_server.group_manager"
/>
<filter
string="Partner"
Expand Down

0 comments on commit d04cce2

Please sign in to comment.