From 40b17733fe2aec5c23dec647bbfe9d07dd5e4e6b Mon Sep 17 00:00:00 2001
From: Sam Lucidi <slucidi@redhat.com>
Date: Tue, 13 Dec 2016 16:10:23 -0500
Subject: [PATCH 1/4] Stop nils from appearing in list of hosts to test OSP ssh
 keys against

Solves
https://bugzilla.redhat.com/show_bug.cgi?id=1376605
---
 app/models/manageiq/providers/openstack/infra_manager.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/models/manageiq/providers/openstack/infra_manager.rb b/app/models/manageiq/providers/openstack/infra_manager.rb
index 182f4e66798..89c00a07fd1 100644
--- a/app/models/manageiq/providers/openstack/infra_manager.rb
+++ b/app/models/manageiq/providers/openstack/infra_manager.rb
@@ -115,9 +115,11 @@ def required_credential_fields(type)
   end
 
   def verify_ssh_keypair_credentials(_options)
+    # Select one powered-on host in each cluster to verify
+    # ssh credentials against
     hosts.sort_by(&:ems_cluster_id)
          .slice_when { |i, j| i.ems_cluster_id != j.ems_cluster_id }
-         .map { |c| c.find { |h| h.power_state == 'on' } }
+         .map { |c| c.find { |h| h.power_state == 'on' } }.compact
          .all? { |h| h.verify_credentials('ssh_keypair') }
   end
   private :verify_ssh_keypair_credentials

From 7f4f2b9351d0bf5b5d471094187e0a108302f8fb Mon Sep 17 00:00:00 2001
From: Sam Lucidi <slucidi@redhat.com>
Date: Tue, 10 Jan 2017 11:21:05 -0500
Subject: [PATCH 2/4] Add tests for verifying Openstack SSH keypair credentials

---
 .../providers/openstack/infra_manager_spec.rb | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/spec/models/manageiq/providers/openstack/infra_manager_spec.rb b/spec/models/manageiq/providers/openstack/infra_manager_spec.rb
index 2e8c9739e92..7efe80398a0 100644
--- a/spec/models/manageiq/providers/openstack/infra_manager_spec.rb
+++ b/spec/models/manageiq/providers/openstack/infra_manager_spec.rb
@@ -14,6 +14,29 @@
     end
   end
 
+  context "verifying SSH keypair credentials" do
+    it "verifies Openstack SSH credentials successfully when all hosts report that the credentials are valid" do
+      @ems = FactoryGirl.create(:ems_openstack_infra_with_authentication)
+      FactoryGirl.create(:host_openstack_infra, :ext_management_system => @ems, :state => "on")
+      allow_any_instance_of(ManageIQ::Providers::Openstack::InfraManager::Host).to receive(:verify_credentials).and_return(true)
+      expect(@ems.send(:verify_ssh_keypair_credentials, nil)).to be_truthy
+    end
+
+    it "fails to verify Openstack SSH credentials when any hosts report that the credentials are invalid" do
+      @ems = FactoryGirl.create(:ems_openstack_infra_with_authentication)
+      FactoryGirl.create(:host_openstack_infra, :ext_management_system => @ems, :state => "on")
+      allow_any_instance_of(ManageIQ::Providers::Openstack::InfraManager::Host).to receive(:verify_credentials).and_return(false)
+      expect(@ems.send(:verify_ssh_keypair_credentials, nil)).to be_falsey
+    end
+
+    it "disregards powered off hosts when verifying Openstack SSH credentials" do
+      @ems = FactoryGirl.create(:ems_openstack_infra_with_authentication)
+      FactoryGirl.create(:host_openstack_infra, :ext_management_system => @ems, :state => "off")
+      allow_any_instance_of(ManageIQ::Providers::Openstack::InfraManager::Host).to receive(:verify_credentials).and_return(false)
+      expect(@ems.send(:verify_ssh_keypair_credentials, nil)).to be_truthy
+    end
+  end
+
   context "validation" do
     before :each do
       @ems = FactoryGirl.create(:ems_openstack_infra_with_authentication)

From 47c753976235bba324f725bd54da64d73deacddd Mon Sep 17 00:00:00 2001
From: Petr Blaho <pblaho@redhat.com>
Date: Tue, 20 Dec 2016 16:19:00 +0100
Subject: [PATCH 3/4] Check ems_cluster_id - OS Infra SSH KEY validation

This adds ems_cluster_id checking when selecting Hosts for ssh key
validation on OpenStack Infra Provider.

Solves
https://bugzilla.redhat.com/show_bug.cgi?id=1406443
---
 app/models/manageiq/providers/openstack/infra_manager.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/models/manageiq/providers/openstack/infra_manager.rb b/app/models/manageiq/providers/openstack/infra_manager.rb
index 89c00a07fd1..7ec02de7459 100644
--- a/app/models/manageiq/providers/openstack/infra_manager.rb
+++ b/app/models/manageiq/providers/openstack/infra_manager.rb
@@ -117,7 +117,8 @@ def required_credential_fields(type)
   def verify_ssh_keypair_credentials(_options)
     # Select one powered-on host in each cluster to verify
     # ssh credentials against
-    hosts.sort_by(&:ems_cluster_id)
+    hosts.select(&:ems_cluster_id)
+         .sort_by(&:ems_cluster_id)
          .slice_when { |i, j| i.ems_cluster_id != j.ems_cluster_id }
          .map { |c| c.find { |h| h.power_state == 'on' } }.compact
          .all? { |h| h.verify_credentials('ssh_keypair') }

From 740d3b62484be325f350c4c08836383c84464ba5 Mon Sep 17 00:00:00 2001
From: Petr Blaho <pblaho@redhat.com>
Date: Wed, 11 Jan 2017 15:11:24 +0100
Subject: [PATCH 4/4] Adds test to OpenStack Infra ssh keypair validation

Adds ems_cluster association to host_openstack_infra Factory.
Adds test to make sure that we skip Hosts without EmsCluster associated.
---
 spec/factories/host.rb                                   | 1 +
 .../manageiq/providers/openstack/infra_manager_spec.rb   | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/spec/factories/host.rb b/spec/factories/host.rb
index fde8f776291..bdb87b27d30 100644
--- a/spec/factories/host.rb
+++ b/spec/factories/host.rb
@@ -60,6 +60,7 @@
     vmm_vendor  "unknown"
     ems_ref     "openstack-perf-host"
     ems_ref_obj "openstack-perf-host-nova-instance"
+    association :ems_cluster, factory: :ems_cluster_openstack
   end
 
   factory :host_openstack_infra_compute, :parent => :host_openstack_infra,
diff --git a/spec/models/manageiq/providers/openstack/infra_manager_spec.rb b/spec/models/manageiq/providers/openstack/infra_manager_spec.rb
index 7efe80398a0..51bc76fb6d8 100644
--- a/spec/models/manageiq/providers/openstack/infra_manager_spec.rb
+++ b/spec/models/manageiq/providers/openstack/infra_manager_spec.rb
@@ -24,7 +24,7 @@
 
     it "fails to verify Openstack SSH credentials when any hosts report that the credentials are invalid" do
       @ems = FactoryGirl.create(:ems_openstack_infra_with_authentication)
-      FactoryGirl.create(:host_openstack_infra, :ext_management_system => @ems, :state => "on")
+      host = FactoryGirl.create(:host_openstack_infra, :ext_management_system => @ems, :state => "on")
       allow_any_instance_of(ManageIQ::Providers::Openstack::InfraManager::Host).to receive(:verify_credentials).and_return(false)
       expect(@ems.send(:verify_ssh_keypair_credentials, nil)).to be_falsey
     end
@@ -35,6 +35,13 @@
       allow_any_instance_of(ManageIQ::Providers::Openstack::InfraManager::Host).to receive(:verify_credentials).and_return(false)
       expect(@ems.send(:verify_ssh_keypair_credentials, nil)).to be_truthy
     end
+
+    it "disregards host with no ems_cluster" do
+      @ems = FactoryGirl.create(:ems_openstack_infra_with_authentication)
+      FactoryGirl.create(:host_openstack_infra, :ext_management_system => @ems, :state => "on", :ems_cluster => nil)
+      allow_any_instance_of(ManageIQ::Providers::Openstack::InfraManager::Host).to receive(:verify_credentials).and_return(false)
+      expect(@ems.send(:verify_ssh_keypair_credentials, nil)).to be_truthy
+    end
   end
 
   context "validation" do