Fixed #21204 - introduced global_setting helper function

[lzap]

Locked templates made very difficult to change to discovery in global default templates, user needs to unlock 2+2+2 (PXELinux, Grub, Grub2 template + discovery snippet) and make necessary changes just to change the default menu entry. This can be done via global setting.

This patch adds such a helper function, I am doing changes in community templates to leverage this new function.

Security standpoint - I can't think of any setting that should not be rendered. We do have a root password, but that is already available using the existing helper. Please review with that in mind.

[theforeman-bot]

There were the following issues with the commit message:

• c949fc1 must be in the format fixes #redmine_number - brief description

If you don't have a ticket number, please create an issue in Redmine.

More guidelines are available in Coding Standards or on the Foreman wiki.

---

This message was auto-generated by Foreman's prprocessor

[lzap]

Also added "default_pxe_item_local" so both global and local menu items can be now configured.

[ares]

I believe this was rejected in past because setting contain sensitive information, such as root password for newly provisioned hosts. I suppose we'd need to add a whitelist here. Also the || won't work for settings that has value false, it would always return default value. If you're going to fix this, I'd also suggest renaming global_setting to setting, there's no other setting...

[ares]

Also note that settings page is only available for admins, there's no permission for this. Making it available through template give ability to everyone who can render (preview) template, to see values.

[lzap]

So how about renaming it to "setting", creating whitelist, fixing default value and allowing override via host params, so people can still override this per host/hostgroup.

[lzap]

Or maybe is cleaner just to use host/hostgroup parameter for this. That would drop this complexity. But to be honest I really like using settings in templates.

[lzap]

The reason for that is this enables users (or admins specifically) to make discovery the default options. This can't be done with host/hostgroup variables.

[ares]

If that is for admins only, then I think we can drop the host/hg params. Whitelist, default value and renaming is still required I think. I think the whitelist should contain nearly all settings and (sorry to say that), there should be a plugin DSL for extending it. I suppose discovery plugin would require it.

[lzap]

Added whitelist, covered everything with tests, added default list of allowed global options which I think are useful and safe. I did not add those which I thought are not much useful. No host/hostgroup override available, I think this is cleaner.

[lzap]

@ares this is ready for review and merge

[iNecas]

Note for me: don't approve PRs without testing, even when there are unit tests that seem to prove it works.

See comments inline.

[iNecas]

You should use Setting, not SETTINGS, the SETTINGS are just for things that come from settings file

[iNecas]

Also, you should check on blank?, instead of false value. Otherwise, boolean values, such as safemode_render, would not work.

[lzap]

Done, rebased.

[dLobatog]

Needs to be rebased, please @lzap

[lzap]

Rebased.

[ares]

how custom is supposed to work? looking at here I'm unable to specify any other value that local/discovery or is that the limitation for grub1?

if custom values are desired, I guess my comment above about limiting the option does not make sense...

[lzap]

Grub1 only supports numbers for that option, so there is a small helper array that is then converted to number. I assume that users will sync the array in cloned templates, or simply delete whole thing which does not make much sense in read/write (cloned) template.

I wanted consistent naming in settings across all loaders.

[ares]

what's the point of having default if setting already provide default? when 2 defaults are useful?

[lzap]

The default of default (the option :-) ) is used in templates to have sane default if users does not opt-in and leaves it blank (that's what we ship Foreman with). What do you recommend instead?

[ares]

I still don't get it, if I use global_settings(:some, 'value'), I'll get value back if there's no Setting[:some]. But in that case, why would I call the global_settings in first place? I'd just use value. Or I'd do global_settigs(:root_pass) || 'change_me' instead of global_settigns(:root_pass, 'change_me')

[lzap]

Rebased, one line changed.

[iNecas]

No other comments from me

[lzap]

Thanks @ares @dLobatog are we good to go?

[ares]

@lzap I'd still like to understand the value of default parameter of global_setting but then it's good from my side

[lzap]

While I don't insist on the default option for the helper, I think it might be useful - it's a generic helper after all which can be used for more things. The helper-default will be used when setting is blank meaning that template writers can still provide some default option when user decided to delete the value from settings for some reason. This enables you to add "third state", you can't set nil Ruby value for example via settings, this allows you to create an option "and set to blank for XYZ" and then you can use this mechanism appropriately to set it to nil or any other value - for example an empty array or hash. This can make template code easier to read for example.

So it makes sense, not in this context, but for the future.

[ares]

this does not work well with false (valid value) which is considered blank, I guess the behavior should differ if settings_type is boolean

[ares]

Thanks @lzap, I'm fine with default value now. During testing I found it does not work well with boolean though. After fixing that, thumbs up.

[lzap]

Amended the boolean thing, rebased.

[ares]

Thanks @lzap, works fine now.

Daniel asked for rebase which was done already

[lzap]

Thanks, @ares or @dLobatog mind merging theforeman/theforeman.org#1013 discovery docs, so I can carry on with PR that documents this new feature? Thanks.