diff --git a/app/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source.rb b/app/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source.rb index c71ed47a102..94263c701f5 100644 --- a/app/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source.rb +++ b/app/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source.rb @@ -50,8 +50,32 @@ def git_repository (super || (ensure_git_repository && super)).tap { |r| sync_git_repository(r) } end + def verify_ssl=(val) + @verify_ssl = case val + when 0, false then OpenSSL::SSL::VERIFY_NONE + when 1, true then OpenSSL::SSL::VERIFY_PEER + else + OpenSSL::SSL::VERIFY_NONE + end + + if git_repository_id && git_repository.verify_ssl != @verify_ssl + @verify_ssl_changed = true + end + end + + def verify_ssl + if @verify_ssl + @verify_ssl + elsif git_repository_id + git_repository.verify_ssl + else + @verify_ssl ||= OpenSSL::SSL::VERIFY_NONE + end + end + private def ensure_git_repository transaction do + # puts attrs_for_sync_git_repository.inspect repo = GitRepository.create!(attrs_for_sync_git_repository) if new_record? self.git_repository_id = repo.id @@ -63,7 +87,7 @@ def git_repository end private def sync_git_repository(git_repository = nil) - return unless name_changed? || scm_url_changed? || authentication_id_changed? + return unless name_changed? || scm_url_changed? || authentication_id_changed? || @verify_ssl_changed git_repository ||= self.git_repository git_repository.attributes = attrs_for_sync_git_repository @@ -74,7 +98,7 @@ def git_repository :name => name, :url => scm_url, :authentication_id => authentication_id, - :verify_ssl => OpenSSL::SSL::VERIFY_NONE + :verify_ssl => verify_ssl } end diff --git a/spec/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source_spec.rb b/spec/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source_spec.rb index 55ce7b0b35e..b315da81f90 100644 --- a/spec/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source_spec.rb +++ b/spec/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source_spec.rb @@ -157,6 +157,51 @@ def files_in_repository(git_repo_dir) end end + describe "#verify_ssl" do + it "defaults to OpenSSL::SSL::VERIFY_NONE" do + expect(subject.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE) + end + + it "can be updated to OpenSSL::SSL::VERIFY_PEER" do + subject.verify_ssl = OpenSSL::SSL::VERIFY_PEER + expect(subject.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER) + end + + context "with a created record" do + subject { described_class.last } + let(:create_params) { params.merge(:verify_ssl => OpenSSL::SSL::VERIFY_PEER) } + + before do + allow(Notification).to receive(:create!) + + described_class.create_in_provider(manager.id, create_params) + end + + it "pulls from the created record" do + expect(subject.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER) + end + + it "pushes updates from the ConfigurationScriptSource to the GitRepository" do + subject.update(:verify_ssl => OpenSSL::SSL::VERIFY_NONE) + + expect(described_class.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE) + expect(GitRepository.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE) + end + + it "converts true/false values instead of integers" do + subject.update(:verify_ssl => false) + + expect(described_class.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE) + expect(GitRepository.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE) + + subject.update(:verify_ssl => true) + + expect(described_class.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER) + expect(GitRepository.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER) + end + end + end + describe "#playbooks_in_git_repository" do def playbooks_for(repo) repo.configuration_script_payloads.pluck(:name)