Bug 2127134

Summary: The default "Katello Sync" webhook template has @object.task.action_output defined which is not a valid safemode method in Satellite 6.12
Product: Red Hat Satellite Reporter: Sayan Das <saydas>
Component: Hooks and WebhooksAssignee: Adam Ruzicka <aruzicka>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.12.0CC: ahumbe, aruzicka, egolov, lhellebr, lzap, mhulan, ofedoren, pcreech, rlavi
Target Milestone: 6.14.0Keywords: Triaged
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: rubygem-foreman_webhooks-3.1.1, rubygem-foreman_webhooks-3.2.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-08 14:18:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sayan Das 2022-09-15 12:33:35 UTC 
Description of problem:

The <%= @object.task.action_output %> option cannot be used as mentioned in "Katello Sync" webhook template.


Version-Release number of selected component (if applicable):

Satellite 6.12
Satellite 6.11


How reproducible:

Always


Steps to Reproduce:

1. Have a Satellite 6.12 built.

2. Import a manifest and enable any small repo

3. Enable shellhooks feature.

4. Create the following shellhook script inside /var/lib/foreman-proxy/shellhooks and make it executable

# cat print_objects 
#!/bin/bash

cat > /tmp/results.txt


5. Satellite UI --> Administer --> Webhook templates --> Clone the "Katello Sync" template with "Katello Sync clone" name, uncomment all lines that have @object mentioned, and save it

6. Satellite UI --> Administer --> Webhook and create a new hook.

# hammer webhook info --id 2
Id:                2
Name:              Test
Target URL:        https://satellite.example.com:9090/shellhook/print_objects
Enabled:           yes
Event:             actions.katello.repository.sync_succeeded.event.foreman
HTTP Method:       POST
HTTP Content Type: application/json
Webhook Template:  Katello Sync clone
Created at:        2022/09/15 11:57:35
Updated at:        2022/09/15 12:12:49


7. Sync the repo while monitoring the production.log .


Actual results:

The sync will complete but the webhook execution will fail:

~~
2022-09-15T17:32:01 [E|dyn|67665294] Failed to run hook 'emit_event' for action 'Actions::Katello::Repository::Sync'
2022-09-15T17:32:01 [E|dyn|67665294] undefined method '#action_output' for ForemanTasks::Task::Jail (ForemanTasks::Task::DynflowTask) (Safemode::NoMethodError)
 67665294 | /usr/share/gems/gems/safemode-1.3.6/lib/safemode/jail.rb:22:in `method_missing'
 67665294 | Katello Sync clone:85:in `bind'
 67665294 | /usr/share/gems/gems/safemode-1.3.6/lib/safemode.rb:51:in `eval'
 67665294 | /usr/share/foreman/app/services/foreman/renderer/safe_mode_renderer.rb:7:in 
~~

This happens as "task.action_output" is not a valid object for the repo sync tasks inside safe mode.

So removing the last line will allow the hook execution i.e.

~~
Task action output <%= @object.task.action_output %>
~~

and the results will be printed inside /tmp/results.txt file as expected. 



Expected results:

Either remove the offending object entry from the default example template or else make it available to use.


Additional info:

If i use a different webhook template with following content:

<%= payload({
    object: @object.task
}) %>

Followng task data gets printed:

{
  "object": {
    "id": "579d917b-6bc5-46ed-b1b8-4323f016394c",
    "label": "Actions::Katello::Repository::Sync",
    "started_at": "2022-09-15T17:50:59.053+05:30",
    "ended_at": "2022-09-15T17:51:03.221+05:30",
    "state": "stopped",
    "result": "success",
    "external_id": "ce3343c9-d0c6-47d1-9a9a-6fead6a081fc",
    "parent_task_id": null,
    "start_at": "2022-09-15T17:50:59.044+05:30",
    "start_before": null,
    "action": "Synchronize repository 'Satellite_Client_RHEL8_x86_64'; product 'Sat_Client_612'; organization 'RedHat'",
    "user_id": 4,
    "state_updated_at": "2022-09-15T17:51:03.281+05:30"
  },

and action_output is not one of them.
Comment 1 Sayan Das 2022-09-15 12:44:35 UTC 
The exact same problem is there for "Katello Publish" and "Katello Promote".

Need to fix this there or else remove it:

Task action output <%= @object.task.action_output %>
Comment 2 Bryan Kearney 2023-03-22 12:02:54 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35867 has been resolved.
Comment 3 Bryan Kearney 2023-03-22 12:03:08 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35867 has been resolved.
Comment 4 Adam Ruzicka 2023-05-05 09:47:02 UTC 
Already present in stream from snap 8.
Comment 6 Lukáš Hellebrandt 2023-07-19 14:22:50 UTC 
@object.task.action_output got changed in the templates to @object.task.action_continuous_output in Sat 6.14. What is it supposed to contain? Currently, template [0] renders to [1], i.e. that variable is empty.

[0]
```
<%#
name: Katello Sync
description: Example payload for actions.katello.repository.sync_succeeded
snippet: false
model: WebhookTemplate
-%>

# Example webhook template, @object carries Action instance.
# For more information about available helpers visit /templates_doc

 Repository id <%= @object.repository_id %>
 Repository label <%= @object.repository_label %>
 Repository contents_changed <%= @object.contents_changed %>
 Repository sync_result <%= @object.sync_result %>
 Product id <%= @object.product_id %>
 Product name <%= @object.product_name %>
 Product label <%= @object.product_label %>
 Organization id <%= @object.organization_id %>
 Organization name <%= @object.organization_name %>
 Organization label <%= @object.organization_label %>
 Task label <%= @object.task.label %>
 Task started at <%= @object.task.started_at %>
 Task ended at <%= @object.task.ended_at %>
 Task resulted with <%= @object.task.result %>
 Task state <%= @object.task.state %>
 Task action output START:<%= @object.task.action_continuous_output %>:END

Debug:
Task object START:<%= @object.task %>:END
Object object START:<%= @object %>:END
```

[1]
```

# Example webhook template, @object carries Action instance.
# For more information about available helpers visit /templates_doc

 Repository id 1
 Repository label Red_Hat_Satellite_Client_6_for_RHEL_8_x86_64_RPMs
 Repository contents_changed false
 Repository sync_result {"publication_provided"=>false, "contents_changed"=>false}
 Product id 6
 Product name Red Hat Enterprise Linux for x86_64
 Product label Red_Hat_Enterprise_Linux_for_x86_64
 Organization id 1
 Organization name Default Organization
 Organization label Default_Organization
 Task label Actions::Katello::Repository::Sync
 Task started at 2023-07-19 16:17:50 +0200
 Task ended at 2023-07-19 16:17:54 +0200
 Task resulted with success
 Task state stopped
 Task action output START::END

Debug:
Task object START:Synchronize repository 'Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs'; product 'Red Hat Enterprise Linux for x86_64'; organization 'Default Organization':END
Object object START:#<Actions::Katello::Repository::Sync:0x000056306925f0b8>:END
```
Comment 7 Adam Ruzicka 2023-07-20 08:18:26 UTC 
@object.task.action_continuous_output is only relevant for tasks backing remote execution. It is expected that it is empty in the context of repository actions. It is included as an option in the template because it is in attribute exposed on the generic task jail, even though it doesn't really add any value in here.
Comment 8 Lukáš Hellebrandt 2023-07-20 08:42:30 UTC 
In that case, it shouldn't be in an EXAMPLE of a webhook template. That's a very bad, misleading example and I consider it a bug.
Comment 9 Lukas Zapletal 2023-07-28 14:21:45 UTC 
Sure, the example needs to be updated.
Comment 16 Peter Ondrejka 2023-08-14 16:07:15 UTC 
Verified on Satellite 6.14 snap 11, @object.task.action_output was replaced with  @object.task.action_continuous_output, and now appears as an example only in remote_execution_-_host_job.erb
Comment 19 errata-xmlrpc 2023-11-08 14:18:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.14 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6818