-
Notifications
You must be signed in to change notification settings - Fork 982
/
application.rb
416 lines (351 loc) · 17 KB
/
application.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
if defined?(Rake.application) && Rake.application.top_level_tasks.grep(/jenkins/).any?
ENV['RAILS_ENV'] ||= 'test'
end
require File.expand_path('boot', __dir__)
require 'apipie/middleware/checksum_in_headers'
# Only import the frameworks we need - this list is taken from rails/all
require "rails"
[
'active_record/railtie',
# 'active_storage/engine',
'action_controller/railtie',
'action_view/railtie',
'action_mailer/railtie',
'active_job/railtie',
# 'action_cable/engine',
# 'action_mailbox/engine',
# 'action_text/engine',
'rails/test_unit/railtie',
'sprockets/railtie',
].each do |railtie|
require railtie
end
require File.expand_path('../config/settings', __dir__)
require File.expand_path('../lib/foreman/dynflow', __dir__)
if File.exist?(File.expand_path('../Gemfile.in', __dir__))
# If there is a Gemfile.in file, we will not use Bundler but BundlerExt
# gem which parses this file and loads all dependencies from the system
# rathern then trying to download them from rubygems.org. It always
# loads all gemfile groups.
require 'bundler_ext'
Bundler.ui = Bundler::UI::Silent.new if Rails.env.production?
BundlerExt.system_require(File.expand_path('../Gemfile.in', __dir__), :all)
class Foreman::Consoletie < Rails::Railtie
console { Foreman.setup_console }
end
else
# If you have a Gemfile, require the gems listed there
# Note that :default, :test, :development and :production groups
# will be included by default (and dependending on the current environment)
if defined?(Bundler)
Bundler.ui = Bundler::UI::Silent.new if Rails.env.production?
class Foreman::Consoletie < Rails::Railtie
console do
begin
Bundler.require(:console)
rescue LoadError
# no action, logs a warning in setup_console only
end
Foreman.setup_console
end
end
Bundler.require(*Rails.groups)
optional_bundler_groups = %w[assets ec2 fog libvirt openstack ovirt vmware redis]
optional_bundler_groups.each do |group|
Bundler.require(group)
rescue LoadError
# ignoring intentionally
end
end
end
# CRs in fog core with extra dependencies will have those deps loaded, so then
# load the corresponding bit of fog
require 'fog/ovirt' if defined?(::OVIRT)
require File.expand_path('../lib/foreman', __dir__)
require File.expand_path('../lib/foreman/exception', __dir__)
require File.expand_path('../lib/core_extensions', __dir__)
require File.expand_path('../lib/foreman/force_ssl', __dir__)
require File.expand_path('../lib/foreman/logging', __dir__)
require File.expand_path('../lib/foreman/http_proxy', __dir__)
require File.expand_path('../lib/foreman/middleware/logging_context_request', __dir__)
require File.expand_path('../lib/foreman/middleware/logging_context_session', __dir__)
require File.expand_path('../lib/foreman/middleware/telemetry', __dir__)
require File.expand_path('../lib/foreman/middleware/libvirt_connection_cleaner', __dir__)
# Ensure ApplicationRecord is loaded early and can be used inside migrations.
# Can probably be removed once we migrate to Zeitwerk.
require File.expand_path('../app/models/concerns/host_mix', __dir__)
require File.expand_path('../app/models/concerns/has_many_common', __dir__)
require File.expand_path('../app/models/concerns/strip_whitespace', __dir__)
require File.expand_path('../app/models/concerns/parameterizable', __dir__)
require File.expand_path('../app/models/concerns/audit_associations', __dir__)
require File.expand_path('../app/models/application_record', __dir__)
if SETTINGS[:support_jsonp]
if File.exist?(File.expand_path('../Gemfile.in', __dir__))
BundlerExt.system_require(File.expand_path('../Gemfile.in', __dir__), :jsonp)
else
Bundler.require(:jsonp)
end
end
module Foreman
class Application < Rails::Application
config.load_defaults '6.1'
# Rails 5.0 changed this to true, but a lot of code depends on this
config.active_record.belongs_to_required_by_default = false
# Rails 5.1 changed this to false, re-enabling this due to https://github.com/theforeman/foreman/pull/9711/files#r1247901552
config.assets.unknown_asset_fallback = true
# Rails 5.2 changed this to true, but we already do this in app/controllers/application_controller.rb#7
# We don't use this default because it's applied to ActionController::Base, thus to all inherited controllers
# But for API controllers we use a modification: app/controllers/concerns/foreman/controller/api_csrf_protection.rb#7
config.action_controller.default_protect_from_forgery = false
# Rails 5.2 changed this to true, but the only thing it does currently (as of Rails 7.0) is
# changing default cipher from aes-256-cbc to aes-256-gcm.
# Leaving this disabled, since the application worked with aes-256-cbc.
# Failed tests on aes-256-gcm require revisit application to ensure we can do the switch.
config.active_support.use_authenticated_message_encryption = false
config.action_dispatch.use_authenticated_cookie_encryption = false
# Rails 6.0 changed this to :zeitwerk
config.autoloader = :classic
# Rails 6.1 changed this to true, but apparently our codebase is not ready for bidirectional associations
config.active_record.has_many_inversing = false
# Setup additional routes by loading all routes file from routes directory
Dir["#{Rails.root}/config/routes/**/*.rb"].each do |route_file|
config.paths['config/routes.rb'] << route_file
end
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.
# Autoloading
config.autoload_paths += %W(#{config.root}/app/models/auth_sources)
config.autoload_paths += %W(#{config.root}/app/models/compute_resources)
config.autoload_paths += %W(#{config.root}/app/models/fact_names)
config.autoload_paths += %W(#{config.root}/app/models/lookup_keys)
config.autoload_paths += %W(#{config.root}/app/models/host_status)
config.autoload_paths += %W(#{config.root}/app/models/operatingsystems)
config.autoload_paths += %W(#{config.root}/app/models/parameters)
config.autoload_paths += %W(#{config.root}/app/models/taxonomies)
config.autoload_paths += %W(#{config.root}/app/models/mail_notifications)
# Custom directories that will only be loaded once
# Should only contain classes with class-level data set by initializers (registries etc.)
config.autoload_once_paths += %W(#{config.root}/app/registries)
# Eager load all classes under lib directory
config.eager_load_paths += ["#{config.root}/lib"]
# Only load the plugins named here, in the order given (default is alphabetical).
# :all can be used as a placeholder for all plugins not explicitly named.
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
config.force_ssl = SETTINGS[:require_ssl]
config.ssl_options = {
redirect: {
exclude: ->(request) { Foreman::ForceSsl.new(request).allows_http? },
},
}
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
# config.time_zone = 'Central Time (US & Canada)'
config.time_zone = 'UTC'
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
# config.i18n.default_locale = :de
# Don't enforce known locales with exceptions, as fast_gettext has a fallback to default 'en'
config.i18n.enforce_available_locales = false
# Disable fieldWithErrors divs
config.action_view.field_error_proc = proc { |html_tag, instance| html_tag.to_s.html_safe }
# Configure the default encoding used in templates for Ruby 1.9.
config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password, :account_password, :facts, :root_pass, :value, :report, :password_confirmation, :secret]
# Enable escaping HTML in JSON.
config.active_support.escape_html_entities_in_json = true
# Don't raise exception for common parameters
config.action_controller.always_permitted_parameters = %w(
controller action format locale utf8 _method authenticity_token commit redirect
page per_page paginate search order sort sort_by sort_order
_ _ie_support fakepassword apiv id organization_id location_id user_id
)
# Use SQL instead of Active Record's schema dumper when creating the database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types
config.active_record.schema_format = :sql
# Starting 6.1.6.1 Rails forced users to explicitly list all the classes
# that are allowed to be loaded by Psych
# (https://github.com/rails/rails/pull/45584#issuecomment-1183255990)
config.active_record.yaml_column_permitted_classes = [
Symbol,
Time,
ActiveSupport::HashWithIndifferentAccess,
ActiveSupport::TimeZone,
ActiveSupport::TimeWithZone,
]
# enables JSONP support in the Rack middleware
config.middleware.use Rack::JSONP if SETTINGS[:support_jsonp]
# Enable Rack OpenID middleware
begin
require 'rack/openid'
require 'openid/store/filesystem'
openid_store_path = Pathname.new(Rails.root).join('db').join('openid-store')
config.middleware.use Rack::OpenID, OpenID::Store::Filesystem.new(openid_store_path)
rescue LoadError
nil
end
begin
if SETTINGS[:telemetry].try(:fetch, :prometheus).try(:fetch, :enabled)
require 'prometheus/middleware/exporter'
config.middleware.use Prometheus::Middleware::Exporter
end
rescue LoadError, KeyError
# not configured or bundler group 'telemetry' was disabled
end
# Enable the asset pipeline
config.assets.enabled = true
# Version of your assets, change this if you want to expire all your assets
config.assets.version = '1.0'
# Disable noisy logging of requests for assets
config.assets.quiet = true
# When operating behind a reverse proxy, this provides a valid remote ip in request.remote_ip
# the middleware is enabled by default however we minimize the trusted proxies list
#
# the trusted proxies are removed from remote IP candidates, since we know they are proxies and not clients
# in the default deployment, this is typically an Apache
#
# currently the requests with untrusted IPs in X_FORWARDED_FOR are taken into the consideration,
# the spoof detection based on HTTP_CLIENT_IP header performed by the middleware does not work
config.action_dispatch.trusted_proxies = SETTINGS.fetch(:trusted_proxies, %w(127.0.0.1/8 ::1)).map { |proxy| IPAddr.new(proxy) }
# Record request and session tokens in logging MDC
config.middleware.insert_before Rails::Rack::Logger, Foreman::Middleware::LoggingContextRequest
config.middleware.insert_after ActionDispatch::Session::ActiveRecordStore, Foreman::Middleware::LoggingContextSession
# Add apidoc hash in headers for smarter caching
config.middleware.use Apipie::Middleware::ChecksumInHeaders
# Add telemetry and connection cleaner
config.middleware.use Foreman::Middleware::Telemetry
config.middleware.use Foreman::Middleware::LibvirtConnectionCleaner
# New config option to opt out of params "deep munging" that was used to address security vulnerability CVE-2013-0155.
config.action_dispatch.perform_deep_munge = false
# Use Dynflow as the backend for ActiveJob
config.active_job.queue_adapter = :dynflow
config.action_dispatch.return_only_media_type_on_content_type = false
Foreman::Logging.configure(
:log_directory => "#{Rails.root}/log",
:environment => Rails.env,
:config_overrides => SETTINGS[:logging]
)
# Check that the loggers setting exist to configure the app and sql loggers
Foreman::Logging.add_loggers((SETTINGS[:loggers] || {}).reverse_merge(
:app => {:enabled => true},
:audit => {:enabled => true},
:ldap => {:enabled => false},
:permissions => {:enabled => false},
:proxy => {:enabled => false},
:sql => {:enabled => false},
:templates => {:enabled => true},
:notifications => {:enabled => true},
:background => {:enabled => true},
:dynflow => {:enabled => true},
:telemetry => {:enabled => false},
:blob => {:enabled => false},
:taxonomy => {:enabled => true},
:api_deprecations => {:enabled => true},
:sidekiq => {:enabled => true, :level => :warn}
))
config.logger = Foreman::Logging.logger('app')
# Explicitly set the log_level from our config, overriding the Rails env default
config.log_level = Foreman::Logging.logger_level('app').to_sym
config.active_record.logger = Foreman::Logging.logger('sql')
# enables in memory cache store with ttl
rails_cache_settings = SETTINGS[:rails_cache_store]
if (rails_cache_settings && rails_cache_settings[:type] == 'redis')
options = [:redis_cache_store]
redis_urls = Array.wrap(rails_cache_settings[:urls])
options << {
namespace: 'foreman',
url: redis_urls,
reconnect_attempts: ::Redis::Client::DEFAULTS[:reconnect_attempts],
}.merge(rails_cache_settings[:options] || {})
config.cache_store = options
Foreman::Logging.logger('app').info "Rails cache backend: Redis"
else
config.cache_store = :file_store, Rails.root.join('tmp', 'cache/')
Foreman::Logging.logger('app').info "Rails cache backend: File"
end
if config.public_file_server.enabled
::Rails::Engine.subclasses.map(&:instance).each do |engine|
if File.exist?("#{engine.root}/public/assets") || File.exist?("#{engine.root}/public/webpack")
config.middleware.use ::ActionDispatch::Static, "#{engine.root}/public"
end
end
end
if Array(SETTINGS[:cors_domains]).present?
config.middleware.insert_before 0, Rack::Cors do
allow do
origins Array(SETTINGS[:cors_domains])
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
end
config.to_prepare do
# AuditExtensions contain code from app/ so can only be loaded after initializing is done
# otherwise rails auto-reloader won't be able to reload Taxonomies which are linked there
Audit.include AuditExtensions
ApplicationController.descendants.each do |child|
# reinclude the helper module in case some plugin extended some in the to_prepare phase,
# after the module was already included into controllers
helpers = child._helpers.ancestors.find_all do |ancestor|
ancestor.name =~ /Helper$/
end
child.helper helpers
end
end
# Use the database for sessions instead of the cookie-based default
config.session_store :active_record_store, :secure => !!SETTINGS[:require_ssl]
# We need to mount the sprockets engine before we use the routes_reloader
initializer(:mount_sprocket_env, :before => :sooner_routes_load) do
if config.assets.compile
app = Rails.application
if Sprockets::Railtie.instance.respond_to?(:build_environment)
app.assets = Sprockets::Railtie.instance.build_environment(app, true)
end
routes.prepend do
mount app.assets => app.config.assets.prefix
end
end
end
# We use the routes_reloader before the to_prepare and eager_load callbacks
# to make the routes load sooner than the controllers. Otherwise, the definition
# of named routes helpers in the module significantly slows down the startup
# of the application. Switching the order helps a lot.
initializer(:sooner_routes_load, :before => :run_prepare_callbacks) do
routes_reloader.execute_if_updated
end
initializer(:register_gettext, :after => :load_config_initializers) do |app|
::Foreman::Plugin.all.select { |p| p.gettext_domain }.each do |plugin|
Foreman::Gettext::Support.add_text_domain plugin.gettext_domain, plugin.locale_path
end
end
config.after_initialize do
require 'fog_extensions'
init_dynflow unless Foreman.in_rake?('db:create') || Foreman.in_rake?('db:drop')
setup_auditing
end
def dynflow
return @dynflow if @dynflow.present?
@dynflow =
if defined?(ForemanTasks)
ForemanTasks.dynflow
else
::Dynflow::Rails.new(nil, ::Foreman::Dynflow::Configuration.new)
end
@dynflow.require!
@dynflow
end
def init_dynflow
dynflow.eager_load_actions!
end
def setup_auditing
Audit.include AuditSearch
Audit.include HasManyCommon
end
end
def self.setup_console
ENV['IRBRC'] = File.expand_path('irbrc', __dir__)
User.current = User.anonymous_console_admin
Rails.logger.warn "Console started with '#{User.current.login}' user, call User.current= to change it"
end
end