Fixes #19314 - Notification for subscr. expiring soon

[dLobatog]

Depends on #6750 and https://github.com/theforeman/foreman/pull/4240/files (this https://github.com/theforeman/foreman/pull/4240/files#diff-2190144d88f9376ea36f321f8f5af34dR71 allows to set actions with more freedom than the current structure).

[houndci-bot]

Remove debugger entry point binding.pry.

[houndci-bot]

Remove debugger entry point binding.pry.

[ohadlevy]

file does not belongs to this pr.

[ohadlevy]

if you have the expiry date of the subscription, maybe we should use it for the notification expiry date too?

[ohadlevy]

see comments on #6750 around these lines.

[ohadlevy]

IMHO this should be the taxonomy users/admins?

[dLobatog]

I agree, but how do you set this? AUDIENCE_TAXONOMY is subject.user_ids - if subject is the subscription, it will not work. The subject can't be the taxonomy

[ohadlevy]

is there no better query than go over all? at least I would use select instead of the next statement below.

[ohadlevy]

not related to this pr.

[ohadlevy]

ditto

[ohadlevy]

wrong description titles etc.

[dLobatog]

Updated so that:

• Notifications are expired according to the subscription expiration date
• Finding expiring_soon subs is simplified by using .select
• Fixed the typos in the rake task description
• Removed the Pulp low disk space notification commit (https://github.com/Katello/katello/pull/6750/files) from here.

cc @ohadlevy thanks for taking a look before

[jlsherrill]

I'm getting an error when running the rake task, i think because Subscription is not taxable:

NoMethodError: undefined method `user_ids' for #<Katello::Subscription:0x00000003164bc8>
/home/vagrant/.rvm/gems/ruby-2.2.4/gems/activemodel-4.2.8/lib/active_model/attribute_methods.rb:433:in `method_missing'
/home/vagrant/git/foreman/app/models/notification.rb:43:in `subscriber_ids'
/home/vagrant/git/foreman/app/models/notification.rb:65:in `set_notification_recipients'
/home/vagrant/.rvm/gems/ruby-2.2.4/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:432:in `block in make_lambda'

[akofink]

@dLobatog any update here?

[houndci-bot]

1 trailing blank lines detected.

[houndci-bot]

Use if subs_expiration_notification.blank? instead of unless subs_expiration_notification.present?.

[houndci-bot]

Inconsistent indentation detected.

[houndci-bot]

Use 2 (not 3) spaces for indentation.

[houndci-bot]

Jobs should subclass ApplicationJob.

[dLobatog]

Updated, @jlsherrill @akofink , the job is scheduled every 12 hours with ActiveJob now

[ares]

it seems rubocop is failing, could someone with permissions set WoC? since we don't have the output in jenkins anymore, I'm retriggering tests [test]

[dLobatog]

Rebased, @ares I think the only failure from hound is that "Jobs should subclass ApplicationJob." - I do agree (it's a convention, not really necessary) but I introduce that class in https://github.com/theforeman/foreman/pull/4240/files in Foreman itself, so at this moment it isn't available here to inherit, and I don't think it's a good idea to have a ApplicationJob class namespaced to be exclusive to Katello.

Best course would be to use ApplicationJob in here when the core PR is merged, but it shouldn't block this one.

[ares]

this needs rebase again, ActiveJob is now in core too, but maybe it's better to wait until #6750 gets in

[dLobatog]

@ares Updated to use ApplicationJob and ::Foreman::Application.dynflow.config.on_init do |world| like #6750

[ares]

LGTM, it would be great if someone from katello could take a look

[jlsherrill]

Does this require some update to foreman? I'm getting an error that this constant isn't defined:

NameError: uninitialized constant Notification::AUDIENCE_TAXONOMY
	from /home/vagrant/git/foreman_hooks/lib/foreman_hooks/as_dependencies_hook.rb:4:in `load_missing_constant'
	from /home/vagrant/git/katello/app/services/katello/ui_notifications/subscriptions/expire_soon.rb:13:in `block in deliver!'
	from /home/vagrant/git/katello/app/services/katello/ui_notifications/subscriptions/expire_soon.rb:7:in `each'
	from /home/vagrant/git/katello/app/services/katello/ui_notifications/subscriptions/expire_soon.rb:7:in `deliver!'

[ares]

yeah, there's no such audience, I guess we need to find administrators of a given org for which there's no good option atm, @jlsherrill can we find a user who uploaded the manifest for the organization somehow?

[jlsherrill]

We don't track who has uploaded or refreshed a manifest. I would suggest notifying anyone who has access to do that for the given org via the 'import_manifest' permission

[dLobatog]

Note to self, I'll make a method notification_recipient_ids on the Subscription object, which contains all of the users with import_manifest permissions. Changing the audience to Notification::AUDIENCE_SUBJECT will also be required.

[ares]

I think it's not easy to find easily such recipients. There are no relations like this, especially if you consider filtered permissions, where the assignment might be scoped e.g. with "name ~ my". Perhaps we could only search for user who don't have such permission filtered.

[dLobatog]

@ares I've updated this to use the same permission checking as we do on the API to upload a manifest (e.g: if you can upload a manifest to this organization, you get the notification).

I do realize it's a relatively expensive operation, but I don't see any other way of dealing with it. The task ought to run only twice a day though, so I hope that is not a problem. Another advantage is that by leveraging allowed_to? vs writing complicated permissions logic here, if the permissions model change in Foreman core & that method changes, we're covered and this should work - which wouldn't if I write custom logic here.

[ares]

@dLobatog I don't think you need to write custom logic, it's fine to ignore filtering conditions, but I believe it should call user.can?(permission) instead of user.allowed_to?(controller_action), the first does not care about specific path that might change but check for permission assignment

[dLobatog]

@ares I could use can? but as you say it would mean ignoring specific permissions 'search' scope. With .allowed_to?, I'm able to pass the specific object I want to check the permission for, like:

        user.allowed_to?(
          :controller => 'katello/api/v2/subscriptions',
          :action => 'import',
          :organization_id => organization_id
        )

So it's more precise, I can know for sure the users who should be able to see the notification.

[ares]

@dLobatog the allowed_to example that you used only verified that user has permission to access "katello/api/v2/subscriptions/import" route based on mapping in lib/katello/permissions/. The fact you pass organization_id does not matter, parameters are ignored by allowed_to completely. In fact the result is equivalent to user.can?(:create_subscription) which returns true if there's any filter with the this permission assigned to the user. Even better, can? does not have to parse the list of routes and permissions. Using allowed_to? does not make sense since we are really interested in the permission, not whether user has access to specific route. Imagine there would be two routes how you can import manifest...

[houndci-bot]

Avoid comma after the last item of a hash.

[houndci-bot]

Use empty lines between method definitions.

[houndci-bot]

Extra blank line detected.

[houndci-bot]

Operator == used in void context.

[houndci-bot]

Avoid comma after the last item of a hash.

[houndci-bot]

Use empty lines between method definitions.

[houndci-bot]

Extra blank line detected.

[houndci-bot]

Operator == used in void context.

[dLobatog]

@jlsherrill @beav Updated, now it creates a notification per organization. It shows the # of subs about to expire in the notification, which links to the search page for that.

Unfortunately for admin users, this will mean that the following case may happen:

• admin is in org A, B, C
• admin chooses in the UI to be in org A. By design the /subscriptions page forces you to choose.
• admin gets notifications about all 3 organizations with subs about to expire.
• admin clicks on the link for the subs about to expire in A - it works well.
• admin clicks on the link for the subs about to expire in B - since admin is in org A in the UI, it will not show the correct subs. admin needs to change to org B in the UI, then click on the notification.

I hope it's not a dealbreaker, as it's an unlikely case, and moving the user away from the current organization by clicking on the notification seems like an anti-pattern.

[dLobatog]

[test katello]

[ares]

[test katello]

[jyejare]

@dLobatog , Does this PR helps to show an expiration notification before 120 days? Does the notification depend upon the place where the foreman is being accessed (e.g for me, its IST time) ?

[dLobatog]

@jyejare Yes, you may change the 120 to any other value in app/models/katello/pool (DAYS_EXPIRING_SOON) although it's not meant to be touched by users. But it can be useful when testing. You can also run Katello::UINotifications::Subscriptions::ExpireSoon.deliver! to ensure it runs the check - otherwise it'll only run every 12 hours.

expiring_soon is an old issue, it should be checking Date.today.utc https://github.com/Katello/katello/blob/master/app/models/katello/pool.rb#L51

[jyejare]

@dLobatog @ares , Suggested changes in the content of notification to include the days/date.

[dLobatog]

@ares @jyejare @jlsherrill @beav

I've updated the notification to include the number of days. I can't be more specific as I'm creating a notification per organization. This means there are multiple subscriptions there, which may vary in their expiring date, so I can't just say 'will expire in X days' as I did before with the 'per-subscription' notification.

To test this:

rake db:seed

Then on rake console:

class Organization
  def expiring_subscriptions
    subscriptions
  end
end
Organization.all.each { |o| Notification.where(:subject => o).destroy_all }
Katello::UINotifications::Subscriptions::ExpireSoon.deliver!

[houndci-bot]

Avoid chaining a method call on a do...end block.

[dLobatog]

[test katello]

[dLobatog]

#7234

[dLobatog]

The only tests failing are React ones, seems that the snapshot needs to be updated for ListView, can't be caused by this one, probably theforeman/foreman@e26f63d

[dLobatog]

I was missing - https://github.com/Katello/katello/pull/7228/files on my branch, rebasing & pushing again..

[jyejare]

@dLobatog , @ares , I tried accessing notifications via org-admin user and via another admin, but I cant ! Looks like there is some issue with users.

[dLobatog]

@jyejare Thanks for the feedback, it definitely did NOT work for org admins, there was a bug in the notification_recipients_ids method.

You also asked to configure the expire soon interval, so thanks for that too 😄 Can you check now? It should work 100% fine now.

[dLobatog]

@jyejare The problem I had was that previously I was calling user.can?(:import_manifest, self) here. This would not work, because import_manifest is a permission for Subscription, not for Organization. Hence, only admins would return 'true' for that.

tl;dr - It should be fine now for org admins

[jyejare]

Tests Performed:

1. Notification should be displayed for expiring subscriptions within given days in settings.
2. Notification should only be shown for expiring subscriptions within given days in settings.
3. Notification should not be shown for subscriptions not expiring within given days in settings.
4. Notification body text should be correct.
5. Notification should be shown for org-admin users as well.
6. No duplication of notifications on multiple time delivers.
7. Pulp Notification for disk storage full with the percent of disk full.

QE ACK.

[jlsherrill]

Thanks @dLobatog !