Dev: wizards: don't use root password

The root password that the user submits in the Wizards passwd-textbox eventually comes into the CrmScript.run, but it's simply ignored there. Here we delete the whole flow of the root password.
ClusterLabs · Sep 24, 2024 · c02f089 · c02f089
1 parent 8945dc8
commit c02f089
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 40 deletions.
diff --git a/hawk/app/controllers/wizards_controller.rb b/hawk/app/controllers/wizards_controller.rb
@@ -50,10 +50,10 @@ def submit
       @wizard.verify(pa)
       if @wizard.errors.length > 0
         render json: @wizard.errors.to_json, status: :unprocessable_entity
-      elsif current_cib.sim? && @wizard.need_rootpw
+      elsif current_cib.sim?
         render json: [_("Wizard cannot be applied when the simulator is active")], status: :unprocessable_entity
       else
-        @wizard.run(pa, params[:rootpw])
+        @wizard.run(pa)
         if @wizard.errors.length > 0
           render json: @wizard.errors.to_json, status: :unprocessable_entity
         else

diff --git a/hawk/app/lib/crm_script.rb b/hawk/app/lib/crm_script.rb
@@ -39,7 +39,7 @@ def cleanerr(err)
   end
   module_function :cleanerr
 
-  def run(jsondata, rootpw)
+  def run(jsondata)
     user = current_user
     cmd = crmsh_escape(JSON.dump(jsondata))
     tmpf = Tempfile.new 'crmscript'

diff --git a/hawk/app/models/wizard.rb b/hawk/app/models/wizard.rb
@@ -20,7 +20,6 @@ class Wizard
   attr_reader :actions
   attr_reader :output
   attr_reader :errors
-  attr_reader :need_rootpw
 
   def persisted?
     true
@@ -39,7 +38,6 @@ def initialize(name, category, shortdesc, longdesc)
     @actions = nil
     @output = nil
     @errors = nil
-    @need_rootpw = false
   end
 
   def id
@@ -63,26 +61,14 @@ def verify(params)
     @params = params
     @actions = []
     @errors = []
-    CrmScript.run ["verify", @name, params], nil do |action, err|
+    CrmScript.run ["verify", @name, params] do |action, err|
       @errors << err if err
       unless action.nil?
         @errors << action["error"] if action.key? "error"
         action['text'].gsub!(/\t/, "    ") if action.key? "text"
         @actions << action unless action.key? "error"
       end
     end
-
-    @need_rootpw = @errors.empty? && @actions.any? do |action|
-      return false if action['name'] == 'cib'
-      if action['name'] == 'crm'
-        t = (action['text'] || '').split.first || ''
-        return false if ['configure', 'resource', 'cib'].any? { |c| c == t }
-      end
-      if action['name'] == 'call' && action['sudo'].nil? && action['nodes'] == 'local'
-        return false
-      end
-      true
-    end
   end
 
   def command_string
@@ -99,14 +85,14 @@ def command_string
     base.join(" ")
   end
 
-  def run(params, rootpw=nil)
+  def run(params)
     # TODO: live-update frontend
     @params = params
     @actions = []
     @errors = []
     @output = nil
     CrmEvents.instance.push command_string
-    CrmScript.run ["run", @name, @params], rootpw do |result, err|
+    CrmScript.run ["run", @name, @params] do |result, err|
       @errors << err if err
       unless result.nil?
         Rails.logger.debug "result: #{result}"
@@ -152,7 +138,7 @@ def parse_full(data)
 
     def find(name)
       w = nil
-      CrmScript.run ["show", name], nil do |item, err|
+      CrmScript.run ["show", name] do |item, err|
         Rails.logger.error "Wizard.find: #{err}" unless err.nil?
         raise Cib::RecordNotFound, _("Requested wizard does not exist") unless err.nil?
         w = Wizard.parse_full(item) unless item.nil?
@@ -178,7 +164,7 @@ def wizard_ok(item)
     def all
       Rails.cache.fetch(:all_wizards, expires_in: 2.hours) do
         [].tap do |wizards|
-          CrmScript.run ["list"], nil do |item, err|
+          CrmScript.run ["list"] do |item, err|
             Rails.logger.debug "Error listing scripts: #{err}" unless err.blank?
             wizards.push Wizard.parse_brief(item) if wizard_ok(item)
           end

diff --git a/hawk/app/views/wizards/update.html.erb b/hawk/app/views/wizards/update.html.erb
@@ -61,22 +61,6 @@
                 <% end %>
               </ul>
             </div>
-            <% if @wizard.need_rootpw %>
-              <div class="alert alert-warning">
-                <p>
-                  <%= _("To apply the changes, Hawk requires root access, and password-less SSH access must be configured. See the Hawk documentation for more information.") %>
-                </p>
-              </div>
-              <div class="form-group">
-                <div class="col-sm-5 text-right">
-                  <%= label_tag(:rootpw, _("Root password")) %>
-                </div>
-                <div class="col-sm-7">
-                  <%= password_field_tag :rootpw, nil, class: "form-control", required: true %>
-                </div>
-                <div class="col-sm-5 help-block"></div>
-              </div>
-            <% end %>
           </fieldset>
           <%= main_form.button_group class: "wizard" do %>
             <%= link_to _("Cancel"), cib_wizards_path(cib_id: current_cib.id), class: "btn btn-default", data: { confirm: _("Do you really want to cancel the wizard setup?") } %>

diff --git a/hawk/config/initializers/filter.rb b/hawk/config/initializers/filter.rb
@@ -3,7 +3,6 @@
 
 Rails.application.config.tap do |config|
   config.filter_parameters += [
-    :password,
-    :rootpw
+    :password
   ]
 end