Implement support for ad hoc commands.

awx/main/models/__init__.py

@@ -12,6 +12,7 @@ from awx.main.models.credential import * # noqa
 from awx.main.models.projects import * # noqa
 from awx.main.models.inventory import * # noqa
 from awx.main.models.jobs import * # noqa
+from awx.main.models.ad_hoc_commands import * # noqa
 from awx.main.models.schedules import * # noqa
 from awx.main.models.activity_stream import * # noqa
 from awx.main.models.ha import * # noqa
@@ -51,6 +52,7 @@ activity_stream_registrar.connect(Project)
 activity_stream_registrar.connect(Permission)
 activity_stream_registrar.connect(JobTemplate)
 activity_stream_registrar.connect(Job)
+activity_stream_registrar.connect(AdHocCommand)
 # activity_stream_registrar.connect(JobHostSummary)
 # activity_stream_registrar.connect(JobEvent)
 #activity_stream_registrar.connect(Profile)

awx/main/models/activity_stream.py

@@ -50,6 +50,7 @@ class ActivityStream(models.Model):
     job = models.ManyToManyField("Job", blank=True)
     unified_job_template = models.ManyToManyField("UnifiedJobTemplate", blank=True, related_name='activity_stream_as_unified_job_template+')
     unified_job = models.ManyToManyField("UnifiedJob", blank=True, related_name='activity_stream_as_unified_job+')
+    ad_hoc_command = models.ManyToManyField("AdHocCommand", blank=True)
     schedule = models.ManyToManyField("Schedule", blank=True)
     custom_inventory_script = models.ManyToManyField("CustomInventoryScript", blank=True)
 

awx/main/models/ad_hoc_commands.py

@@ -0,0 +1,311 @@
+# Copyright (c) 2015 Ansible, Inc.
+# All Rights Reserved.
+
+# Python
+import hmac
+import json
+import logging
+
+# Django
+from django.conf import settings
+from django.db import models
+from django.db.models import Q
+from django.utils.translation import ugettext_lazy as _
+from django.core.exceptions import ValidationError
+from django.core.urlresolvers import reverse
+
+# Django-JSONField
+from jsonfield import JSONField
+
+# AWX
+from awx.main.constants import CLOUD_PROVIDERS
+from awx.main.models.base import * # noqa
+from awx.main.models.unified_jobs import * # noqa
+from awx.main.utils import decrypt_field, ignore_inventory_computed_fields
+from awx.main.utils import emit_websocket_notification
+
+logger = logging.getLogger('awx.main.models.ad_hoc_commands')
+
+__all__ = ['AdHocCommand', 'AdHocCommandEvent']
+
+
+class AdHocCommand(UnifiedJob):
+
+    MODULE_NAME_CHOICES = [(x,x) for x in settings.AD_HOC_COMMANDS]
+
+    PRIVILEGE_ESCALATION_CHOICES = [
+        ('', _('None')),
+        ('su', _('su')),
+        ('sudo', _('sudo')),
+    ]
+
+    class Meta(object):
+        app_label = 'main'
+
+    job_type = models.CharField(
+        max_length=64,
+        choices=JOB_TYPE_CHOICES,
+        default='run',
+    )
+    inventory = models.ForeignKey(
+        'Inventory',
+        related_name='ad_hoc_commands',
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    limit = models.CharField(
+        max_length=1024,
+        blank=True,
+        default='',
+    )
+    credential = models.ForeignKey(
+        'Credential',
+        related_name='ad_hoc_commands',
+        null=True,
+        default=None,
+        on_delete=models.SET_NULL,
+    )
+    module_name = models.CharField(
+        max_length=1024,
+        default='command',
+        choices=MODULE_NAME_CHOICES,
+        blank=True, # If blank, defaults to 'command'.
+    )
+    module_args = models.TextField(
+        blank=True,
+        default='',
+    )
+    forks = models.PositiveIntegerField(
+        blank=True,
+        default=0,
+    )
+    verbosity = models.PositiveIntegerField(
+        blank=True,
+        default=0,
+    )
+    privilege_escalation = models.CharField(
+        max_length=64,
+        choices=PRIVILEGE_ESCALATION_CHOICES,
+        default='',
+        blank=True,
+    )
+    hosts = models.ManyToManyField(
+        'Host',
+        related_name='ad_hoc_commands',
+        editable=False,
+        through='AdHocCommandEvent',
+    )
+
+    def clean_credential(self):
+        cred = self.credential
+        if cred and cred.kind != 'ssh':
+            raise ValidationError(
+                'You must provide a machine / SSH credential.',
+            )
+        return cred
+
+    def clean_limit(self):
+        # FIXME: Future feature - check if no hosts would match and reject the
+        # command, instead of having to run it to find out.
+        return self.limit
+
+    def clean_module_name(self):
+        module_name = self.module_name.strip() or 'command'
+        if module_name not in settings.AD_HOC_COMMANDS:
+            raise ValidationError('Unsupported module for ad hoc commands.')
+        return module_name
+
+    def clean_module_args(self):
+        module_args = self.module_args
+        if self.module_name in ('command', 'shell') and not module_args:
+            raise ValidationError('No argument passed to %s module.' % self.module_name)
+        return module_args
+
+    @property
+    def passwords_needed_to_start(self):
+        '''Return list of password field names needed to start the job.'''
+        needed = []
+        if self.credential:
+            for pw in self.credential.passwords_needed:
+                if pw == 'password':
+                    needed.append('ssh_password')
+                else:
+                    needed.append(pw)
+        return needed
+
+    @classmethod
+    def _get_parent_field_name(cls):
+        return ''
+
+    @classmethod
+    def _get_task_class(cls):
+        from awx.main.tasks import RunAdHocCommand
+        return RunAdHocCommand
+
+    def get_absolute_url(self):
+        return reverse('api:ad_hoc_command_detail', args=(self.pk,))
+
+    @property
+    def task_auth_token(self):
+        '''Return temporary auth token used for task requests via API.'''
+        if self.status == 'running':
+            h = hmac.new(settings.SECRET_KEY, self.created.isoformat())
+            return '%d-%s' % (self.pk, h.hexdigest())
+
+    def get_passwords_needed_to_start(self):
+        return self.passwords_needed_to_start
+
+    def is_blocked_by(self, obj):
+        from awx.main.models import InventoryUpdate
+        if type(obj) == InventoryUpdate:
+            if self.inventory == obj.inventory_source.inventory:
+                return True
+        return False
+
+    @property
+    def task_impact(self):
+        # NOTE: We sorta have to assume the host count matches and that forks default to 5
+        from awx.main.models.inventory import Host
+        count_hosts = Host.objects.filter(active=True, enabled=True, inventory__ad_hoc_commands__pk=self.pk).count()
+        return min(count_hosts, 5 if self.forks == 0 else self.forks) * 10
+
+    def generate_dependencies(self, active_tasks):
+        from awx.main.models import InventoryUpdate
+        if not self.inventory:
+            return []
+        inventory_sources = self.inventory.inventory_sources.filter(active=True, update_on_launch=True)
+        inventory_sources_found = []
+        dependencies = []
+        for obj in active_tasks:
+            if type(obj) == InventoryUpdate:
+                if obj.inventory_source in inventory_sources:
+                    inventory_sources_found.append(obj.inventory_source)
+        # Skip updating any inventory sources that were already updated before
+        # running this job (via callback inventory refresh).
+        try:
+            start_args = json.loads(decrypt_field(self, 'start_args'))
+        except Exception:
+            start_args = None
+        start_args = start_args or {}
+        inventory_sources_already_updated = start_args.get('inventory_sources_already_updated', [])
+        if inventory_sources_already_updated:
+            for source in inventory_sources.filter(pk__in=inventory_sources_already_updated):
+                if source not in inventory_sources_found:
+                    inventory_sources_found.append(source)
+        if inventory_sources.count(): # and not has_setup_failures?  Probably handled as an error scenario in the task runner
+            for source in inventory_sources:
+                if source not in inventory_sources_found and source.needs_update_on_launch:
+                    dependencies.append(source.create_inventory_update(launch_type='dependency'))
+        return dependencies
+
+    def copy(self):
+        raise NotImplementedError
+        presets = {}
+        for kw in self.job_template._get_unified_job_field_names():
+            presets[kw] = getattr(self, kw)
+        return self.job_template.create_unified_job(**presets)
+
+
+class AdHocCommandEvent(CreatedModifiedModel):
+    '''
+    An event/message logged from the ad hoc event callback for each host.
+    '''
+
+    EVENT_TYPES = [
+        # (event, verbose name, failed)
+        ('runner_on_failed', _('Host Failed'), True),
+        ('runner_on_ok', _('Host OK'), False),
+        ('runner_on_unreachable', _('Host Unreachable'), True),
+        # Tower won't see no_hosts (check is done earlier without callback).
+        #('runner_on_no_hosts', _('No Hosts Matched'), False),
+        # Tower should probably never see skipped (no conditionals).
+        #('runner_on_skipped', _('Host Skipped'), False),
+        # Tower does not support async for ad hoc commands.
+        #('runner_on_async_poll', _('Host Polling'), False),
+        #('runner_on_async_ok', _('Host Async OK'), False),
+        #('runner_on_async_failed', _('Host Async Failure'), True),
+        # Tower does not yet support --diff mode
+        #('runner_on_file_diff', _('File Difference'), False),
+    ]
+    FAILED_EVENTS = [x[0] for x in EVENT_TYPES if x[2]]
+    EVENT_CHOICES = [(x[0], x[1]) for x in EVENT_TYPES]
+
+    class Meta:
+        app_label = 'main'
+        unique_together = [('ad_hoc_command', 'host_name')]
+        ordering = ('-pk',)
+
+    ad_hoc_command = models.ForeignKey(
+        'AdHocCommand',
+        related_name='ad_hoc_command_events',
+        on_delete=models.CASCADE,
+        editable=False,
+    )
+    host = models.ForeignKey(
+        'Host',
+        related_name='ad_hoc_command_events',
+        null=True,
+        default=None,
+        on_delete=models.SET_NULL,
+        editable=False,
+    )
+    host_name = models.CharField(
+        max_length=1024,
+        default='',
+        editable=False,
+    )
+    event = models.CharField(
+        max_length=100,
+        choices=EVENT_CHOICES,
+    )
+    event_data = JSONField(
+        blank=True,
+        default={},
+    )
+    failed = models.BooleanField(
+        default=False,
+        editable=False,
+    )
+    changed = models.BooleanField(
+        default=False,
+        editable=False,
+    )
+    counter = models.PositiveIntegerField(
+        default=0,
+    )
+
+    def get_absolute_url(self):
+        return reverse('api:ad_hoc_command_event_detail', args=(self.pk,))
+
+    def __unicode__(self):
+        return u'%s @ %s' % (self.get_event_display(), self.created.isoformat())
+
+    def save(self, *args, **kwargs):
+        from awx.main.models.inventory import Host
+        # If update_fields has been specified, add our field names to it,
+        # if it hasn't been specified, then we're just doing a normal save.
+        update_fields = kwargs.get('update_fields', [])
+        res = self.event_data.get('res', None)
+        if self.event in self.FAILED_EVENTS:
+            if not self.event_data.get('ignore_errors', False):
+                self.failed = True
+                if 'failed' not in update_fields:
+                    update_fields.append('failed')
+        if isinstance(res, dict) and res.get('changed', False):
+            self.changed = True
+            if 'changed' not in update_fields:
+                update_fields.append('changed')
+        self.host_name = self.event_data.get('host', '').strip()
+        if 'host_name' not in update_fields:
+            update_fields.append('host_name')
+        try:
+            if not self.host_id and self.host_name:
+                host_qs = Host.objects.filter(inventory__ad_hoc_commands__id=self.ad_hoc_command_id, name=self.host_name)
+                host_id = host_qs.only('id').values_list('id', flat=True)
+                if host_id.exists():
+                    self.host_id = host_id[0]
+                    if 'host_id' not in update_fields:
+                        update_fields.append('host_id')
+        except (IndexError, AttributeError):
+            pass
+        super(AdHocCommandEvent, self).save(*args, **kwargs)

awx/main/models/inventory.py

@@ -722,6 +722,11 @@ class Group(CommonModelNameNotUnique):
         from awx.main.models.jobs import JobEvent
         return JobEvent.objects.filter(host__in=self.all_hosts)
 
+    @property
+    def ad_hoc_commands(self):
+        from awx.main.models.ad_hoc_commands import AdHocCommand
+        return AdHocCommand.objects.filter(hosts__in=self.all_hosts)
+
 
 class InventorySourceOptions(BaseModel):
     '''

awx/main/models/jobs.py

@@ -935,6 +935,7 @@ class JobEvent(CreatedModifiedModel):
             job.inventory.update_computed_fields()
             emit_websocket_notification('/socket.io/jobs', 'summary_complete', dict(unified_job_id=job.id))
 
+
 class SystemJobOptions(BaseModel):
     '''
     Common fields for SystemJobTemplate and SystemJob.

awx/main/models/organization.py

@@ -128,15 +128,17 @@ class Permission(CommonModelNameNotUnique):
     # the project parameter is not used when dealing with READ, WRITE, or ADMIN permissions.
 
     permission_type = models.CharField(max_length=64, choices=PERMISSION_TYPE_CHOICES)
+    run_ad_hoc_commands = models.BooleanField(default=False)
 
     def __unicode__(self):
-        return unicode("Permission(name=%s,ON(user=%s,team=%s),FOR(project=%s,inventory=%s,type=%s))" % (
+        return unicode("Permission(name=%s,ON(user=%s,team=%s),FOR(project=%s,inventory=%s,type=%s%s))" % (
             self.name,
             self.user,
             self.team,
             self.project,
             self.inventory,
-            self.permission_type
+            self.permission_type,
+            '+adhoc' if self.run_ad_hoc_commands else '',
         ))
 
     def get_absolute_url(self):

awx/main/models/unified_jobs.py

@@ -481,7 +481,7 @@ class UnifiedJob(PolymorphicModel, PasswordFieldsModel, CommonModelNameNotUnique
         return u'%s-%s-%s' % (self.created, self.id, self.status)
 
     def _get_parent_instance(self):
-        return getattr(self, self._get_parent_field_name())
+        return getattr(self, self._get_parent_field_name(), None)
 
     def _update_parent_instance_no_save(self, parent_instance, update_fields=[]):
         def parent_instance_set(key, val):