juku / ansible-manager Goto Github PK

Currently the afterPropertiesSet() method is used in some importers.
But this was not designed for this purposes, so it also does not support transactions. The correct way is to use the ApplicationRunner interface and use a list with Importers, which are ordered by Spring itself.

See also: https://github.com/st-tu-dresden/salespoint/blob/main/src/main/java/org/salespointframework/core/DataInitializerInvoker.java

Add some functionality, so that the system can write some global or user-specific notifications to inform the users e.q. about the execution state of some tasks.

Describe the solution you'd like
The Frontend Service PermissionService should load all user groups / roles and permissions from the backend. The AppComponent with the menu should only show these menu entries, where the user has the rights to see this pages. The others should be hidden. The menu permission check is already implemented partly (but with roles, instead of permissions).

Additional context

• AppComponent
• PermissionService
• AuthService

TBD.

Describe the solution you'd like
The ansible manager should be able to store and read global settings into / from the database, which includes flags or also the JWT password.
Especially the JWT token should be generated on first startup and stored into the database (this is not part of this ticket).
So there should be Spring Service which manages these global settings and other services can use this service to get global settings values

Describe alternatives you've considered

• store settings in configuration files (not preferred)

Acceptance Criteria

• there exists a GlobalSettingsService which can add, get and set global settings
• there exists a global_settings.json in resource-path, which is loaded into the database on first-startup. On all other startups only the title and description is updatet and new settings are appended.
• NOT-goal: a REST-controller to set this global settings from the user interface (this is a extra ticket)
• global settings should be cachable (espescially the JWT secret)

Required Permissions to use this feature

• TBD

Additional context

• GlobalSettingsService
• GlobalSettingsEntry
• GlobalSettingsRepository

There is already a branch called "spring_upgrade".
But Springfox Swagger has to be fixed.

The user and the system should be able to write comments to tasks or playbooks, to add some additional information.

To improve decoupling of feature modules, we should introduce Spring ModuleTests.

Acceptance Criteria:

• Add Spring ModuleTests to maven configuration, if necessary
• Write an example ModuleTest for the Team-Module.

Generate the Third-Party-License file:
https://www.mojohaus.org/license-maven-plugin/add-third-party-mojo.html

Every customer should be able to create, edit and delete multiple projects.
Projects and teams are independent, but teams can have specific permissions for specific projects.

See also:

• https://springdoc.org/
• https://springdoc.org/#migrating-from-springfox

Introduce ArchUnit.

Currently many newspaper write about the big log4j security leak, which allows Remote Code Execution.
We have to check, if out current used log4j version is also affected.

Additional information

• https://www.heise.de/ratgeber/Schutz-vor-schwerwiegender-Log4j-Luecke-was-jetzt-hilft-und-was-nicht-6292961.html
• https://www.heise.de/news/Roter-Alarm-Log4j-Zero-Day-Luecke-bedroht-Heimanwender-und-Firmen-6292863.html
• https://www.heise.de/news/Log4j-2-16-0-verbessert-Schutz-vor-Log4Shell-Luecke-6294053.html
• https://www.heise.de/meinung/Kommentar-zu-log4j-Es-funktioniert-wie-spezifiziert-6294476.html

Describe the bug
If you start the current Docker Frontend Image and browse the url in the browser, the login screen is incomplete, because some (all?) assets are missing

To Reproduce
Steps to reproduce the behavior:

1. docker pull anman-frontend:master-latest, start the container and open the port
2. Open the page in browser
3. Go to /login page
4. See login page with wrong layout and missing images

Expected behavior
The same login page as generated from ng serve.

Screenshots

Desktop (please complete the following information):

• OS: Linux / Windows (supposition: every OS)
• Browser: Firefox (I guess every browser)
• Version: n/a

Additional context
TBD.

Describe the solution you'd like
The administrator should be able to create, edit and delete teams.
Every team has a name, a description and team members, which can be added by username.
A team member can be a team owner (super-admin of the team), team administrator (which can add and remove team members to the same team, expect the owners) or a normal team member (which cannot manage the team in any way). The team administrator should be able to edit this type every time.

Acceptance Criteria

• a list

Additional context

• module: TeamsModule

Currently we have to create every API DTO on both sides: backend and frontend.
It would be a better idea, if we can generate the DTOs on frontend side with a maven plugin.

Describe the solution you'd like
After the login the user should see a dashboard with some useful information about the last executed and current jobs, their jobs and in particularly about all failed jobs, for which the user is responsible.
The goal is to get an overview of all responsible servers / clusters, the he althy state of the servers / jobs and what others in the same team(s) do at their work.
Also logs are relevant.

Minimum their should be these widgets:

• a line graph diagram, which shows the jobs status over time. x axis: time (the interval should be computed automatically to have sense), y axis: number of all executed jobs, number of failed jobs, number of success jobs
• list with all failed jobs, which the user has executed itself --> to show that the user has to fix something
• a list with the last executed jobs of the whole team (max. 10 jobs). If the user clicks on a job, the job details should be shown (but this is NOT part of this ticket)
• user notifications (extra ticket)
• maybe a pie chart with the procent of failed and success jobs of the last 7 days (only these jobs, which the user can see with his permissions).

Additional context

• Component to create: DashboardComponent

Currently the credentials menu is part of the admin menu. This should be changed, so that the credentials menu is an own menu entry on top layer.

Additional information:
All team members, not only the administrators, should be able to add SSH credentials for new servers, if they have the permissions to manage credentials.

Every execution plan / playbook should be a field "risk to damage" with the values "no risk", "low", "middle" and "high".
The purpose is, that staff people, which are unknown about the system, should know, if there is a risk, if they execute the playbook without knowing anything of them.
E.q. a task "Restart VPN client" should not have any risk - it restarts only a service. So everyone could try this playbook. Other task can reinstall / reconfigure some systems and have a higher risk.

Add a ready-to-use example docker-compose.yml to the ReadMe.

Is your feature request related to a problem? Please describe.
Currently the user of the application does not know the used version of the software and if the software is up to date.
These improves development also.

Describe the solution you'd like
We want to introduce a version information label in the left bottom menu corner, where the current backend version is shown (major.minor.micro version and git hash).
Only users with the permission to see this version should be able to see this version information on every page.

Acceptance Criteria

• the current backend version is shown in the left bottom corner of the menu

Required Permissions to use this feature

• global.can.see.current.version

Additional context

• Create a new API backend /version on backend and return the current version information, if the user has the required permissions
• on frontend: read this version information from backend
• show this version information on every page, if the user has the required permissions to see this version information

There is already a ticket which implements the global settings #10 . With this ticket the administrator should be able to edit the global settings in the user interface (menu: administration).

Additional context:

• a GlobalSettingsController has to be added, which has methods to get a list of all available global settings including their value and a method to set the value for a specific global settings (or more of them)
• the UI Component has to be created
• an UI service for the GlobalSettings is required (GlobalSettingsService)
• one or more DTOs are required on backend site

Because this system is really critical (an attacker could do anything with the servers, if he gets the SSH keys), it is really important to have a detailed access log for every login.