Hawkular/add ssl support

[josejulio]

Adds support for tls endpoints on Hawkular MW provider

ToDo:

• Rename container_security_options to endpoint_security_options

This PR depends on PR #450 and supports ManageIQ/manageiq#14054

@miq-bot add-label providers/hawkular

[miq-bot]

@josejulio Cannot apply the following label because they are not recognized: providers/hawkular

[josejulio]

@cben I modified some of your work, could you please take a look and let me know if I should duplicate the code or is OK what i did?

[josejulio]

@cben
Added non-ssl to the options that shouldn't be verified by ssl.

[cben]

Nice. Not all providers will use same logic, but good to share.
Let's rename the function to something more generic, say endpoint_security_options?

[josejulio]

Sure. Will do once your PR is merged. (adding it as a todo).

[josejulio]

Also using this Trusted CA Certificates textarea.

[josejulio]

@miq-bot add-label WIP

[cben]

This is perhaps too nested, hard to read.
One option that might be more readable if you put the custom condition first (untested):

                         "(emsCommonModel.#{prefix}_security_protocol == 'ssl-with-validation-custom-ca' &&" |
                         " (emsCommonModel.ems_controller == 'ems_container' || " +                          |
                         "  emsCommonModel.emstype == 'hawkular'))"}                                         |

However the meaning of security_protocol is provider-dependent and this file already does a lot of copy-pasting to keep different providers independent.
What do you think of doing separate (container && custom) || (hawkular && custom)?

[josejulio]

Grouping them different seems a good option that would give more flexibility to modify them as needed for each provider without having to copy/paste the whole block.

[josejulio]

@miq-bot add_label middleware, wip, pending core

[miq-bot]

This pull request is not mergeable. Please rebase and repush.

[josejulio]

@miq-bot rm_label wip

[josejulio]

#450 is merged already.
@cben I made the changes you suggested. As i modified some of your code, could you please review again? Thanks!

[abonas]

Wouldn't it be better to first put the protocol field, and then after the user selects it, to fill automatically the default port? (which user can of course change)

[josejulio]

@abonas I'm reusing UI from #450

What you propose is possible but would end being inconsistent with other providers as they define the port before the security protocol.

https://github.com/josejulio/manageiq-ui-classic/blob/b8d8736225787281808e52b8c7a9688d8f07e1d8/app/views/layouts/angular-bootstrap/_endpoints_angular.html.haml#L27-L59

I could move our security_protocol field and fill the port field if that's not a concern..

[cben]

I think some providers do reset port based on security protocol:

manageiq-ui-classic/app/assets/javascripts/controllers/ems_common/ems_common_form_controller.js

Lines 360 to 368 in d304589

	$scope.openstackSecurityProtocolChanged = function() {
	if ($scope.emsCommonModel.emstype === 'openstack' || $scope.emsCommonModel.emstype === 'openstack_infra') {
	if ($scope.emsCommonModel.default_security_protocol === 'non-ssl') {
	$scope.emsCommonModel.default_api_port = $scope.getDefaultApiPort($scope.emsCommonModel.emstype);
	} else {
	$scope.emsCommonModel.default_api_port = "13000";
	}
	}
	};

in which case yes, having protocol above port makes sense.

Don't assume #450 is perfect. I missed several spots there, and still chasing a bug there. Will cc you as soon I have a fix.

[josejulio]

If that makes sense for both of you, I'll move the port below the security protocol and fill default values.

[abonas]

@serenamarie125 and @Loicavenel , please have a look at the UX issue in regards of fields order for protocol, port, etc. Current way of things don't make a lot of sense (and causes a bit more work for the user). Please decide how it should look in all the providers.

[Loicavenel]

We should at minimum reverse Port and Protocol where it does exist. Some providers does not have Port but use URL as input. If protocols has different port, then default port should be presented and updated baed on the protocol selection

[josejulio]

@abonas @Loicavenel
Should i do that on this PR?
Please see #460 (comment)
There might be other fields between Port and Security Protocol.

If protocols has different port, then default port should be presented and updated baed on the protocol selection

Currently (on this provider) the Port is only updated (when selecting a protocol) IF port is empty OR port is any of the default ports OR port is invalid (e.g. NaN).

[cben]

Since order is shared to all providers, I think separate PR is natural. P.S. another order you haven't listed is put protocol even before hostname. (Kinda like proto://host:port URL structure.)

[josejulio]

That would be the third option! I'll edit #460 (comment)

[josejulio]

@AparnaKarve Updated code so Trusted CA Certificates now affects required validation.

Next steps would be:
Pass down a default value of default_security_protocol to the angular controller using this after is merged and preferably on a separate PR.
Change port / security protocol order (IMO (and @cben opinion) belongs in a separate PR)

Is there anything else you want me to address on this PR?

[AparnaKarve]

Updated code so Trusted CA Certificates now affects required validation.

@josejulio Good call on that.

Agree about addressing the other issues you mentioned in separate PRs.
And with that, this is GTG.

[josejulio]

@AparnaKarve wait a bit. I think i missed something.

[josejulio]

@AparnaKarve Ok, done, I had an extra ´}´ on the last commit. Just removed it.

[miq-bot]

Checked commits josejulio/manageiq-ui-classic@03a478a~...1a2d639 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
3 files checked, 0 offenses detected
Everything looks good. 🏆

[josejulio]

Ummh, @AparnaKarve, #670 also address the Trusted CA certificates, so I'm removing it from this PR because is the same code.

[abonas]

@josejulio @cben please see @Loicavenel guideline regarding the protocol/port order, it could be applied in this PR or in a separate one, although I don't see much point doing it here in the incorrect way and then redoing it again in another PR.

[AparnaKarve]

@josejulio #670 has some code that you would need to fix this completely, so how about we wait for #670 to get merged first? (which I'm currently reviewing)

Once it's merged, it will be easy for you to identify what else needs to be fixed from your end.

[josejulio]

@AparnaKarve Sure: I can wait for it.

@abonas We are sharing the security_protocol with others providers. I just want to make sure I don't break anything from their end. By doing a separate PR i could at least try to have them look at only that fix.
It shouldn't break anything though.

[josejulio]

@AparnaKarve

Rebased and added the security_protocol_default for ems_middleware
Now when editing a previously added provider it shows Non SSL selected

[AparnaKarve]

@josejulio The screenshot looks good. So looks like you're all set now.

[cben]

LGTM 👍

[abonas]

@miq-bot assign @martinpovolny please review & merge

[miq-bot]

@abonas 'martinpovolny please review & merge' is an invalid assignee, ignoring...

[abonas]

@miq-bot assign @martinpovolny
@martinpovolny please review and merge