manageiq / manageiq-providers-lenovo Goto Github PK

View Code? Open in Web Editor NEW

16.0 11.0 66.0 8.85 MB

ManageIQ plugin for the Lenovo XClarity provider.

Home Page: https://www.lenovo.com/us/en/data-center/software/management/

License: Apache License 2.0

Ruby 90.56% JavaScript 8.93% CSS 0.18% Shell 0.33%

manageiq-providers-lenovo's Introduction

ManageIQ::Providers::Lenovo

ManageIQ plugin for the Lenovo XClarity provider.

Development

See the section on plugins in the ManageIQ Developer Setup

For quick local setup run bin/setup, which will clone the core ManageIQ repository under the spec directory and setup necessary config files. If you have already cloned it, you can run bin/update to bring the core ManageIQ code up to date.

License

The gem is available as open source under the terms of the Apache License 2.0.

Contributing

Fork it
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request

manageiq-providers-lenovo's People

Contributors

Stargazers

Watchers

Forkers

durandom maas-ufcg gitter-badger fryguy danielmadruga blomquisg rodneyhbrown7 abbondanzio jrafanie mzazrivec skovic chessbyte prabhosa maheshsk28 andreymenezes odravison walteraa yrudman aljesusg maysamacedo charlledaniel gabrielsvinha manasaraok nicklamuro cben jprause lucashsilva agrare douglasgabriel tumido felipedf igorrran d-m-u bdunne simaishi saulotoledo sanmoo slemrmartin esdrasvp rakeshrajwar matheuscmelo xiaoruiguo madhavanror click2cloud-admin nizaminabeel laixf2002 sahil-ajmera thearifismail carbonin xlab-si zitanemeckova mfeifer skateman lpichler mohneeshjhapuresoftware kbrock kavyanekkalapu isabella232 minal-mahor melshyrule jeffibm davidresende0 gilbertcherrie

manageiq-providers-lenovo's Issues

MIQ Fine1: physical-infrastructure-menu-not-shown-by-default

Hi
Can someone here in this group answer my question at miq forum ?
http://talk.manageiq.org/t/fine-1-physical-infrastructure-menu-not-shown-by-default/2349

I plan to try out xclarity to manage my lenovo(system X) devices.
I remember earlier version of miq has physical infra available for me to add xclarity provider.
But in recent version this sub-menu disappeared.

Please advise what I missed.

CVE-2021-3647 (Medium) detected in urijs-1.19.5.tgz - autoclosed

CVE-2021-3647 - Medium Severity Vulnerability

Vulnerable Library - urijs-1.19.5.tgz

URI.js is a Javascript library for working with URLs.

Library home page: https://registry.npmjs.org/urijs/-/urijs-1.19.5.tgz

Dependency Hierarchy:

❌ urijs-1.19.5.tgz (Vulnerable Library)

Found in HEAD commit: a1dbab5b7e16aa92eec7b573ad04e45b63357680

Found in base branch: master

Vulnerability Details

URI.js is vulnerable to URL Redirection to Untrusted Site

Publish Date: 2021-07-16

URL: CVE-2021-3647

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-89gv-h8wf-cg8r

Release Date: 2021-07-16

Fix Resolution: 1.19.7

Step up your Open Source Security Game with WhiteSource here

CVE-2022-0868 (Medium) detected in urijs-1.19.9.tgz - autoclosed

CVE-2022-0868 - Medium Severity Vulnerability

Vulnerable Library - urijs-1.19.9.tgz

URI.js is a Javascript library for working with URLs.

Library home page: https://registry.npmjs.org/urijs/-/urijs-1.19.9.tgz

Dependency Hierarchy:

❌ urijs-1.19.9.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.

Publish Date: 2022-03-06

URL: CVE-2022-0868

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0868

Release Date: 2022-03-06

Fix Resolution: 1.19.10

Step up your Open Source Security Game with WhiteSource here

Faker dependency

The gemspec currently adds faker dependency which seems to be only used for specs, so I suggest to repace it with the add_development_dependency

manageiq-providers-lenovo/manageiq-providers-lenovo.gemspec

Line 20 in c6a84c3

s.add_dependency "faker", "~>1.8.3"

Warranty expire dates

LXCA looks up the warranty expire and displays this in the LXCA webui. Would it be possible to pull the warranty info from LXCA into ManageIQ?

When asset_details are not returned, the asset_details object is nil...should be empty

In the physical_server refresher, we need to make sure that we are not returning nil for any high level attribute, this causes particular pain for the UI.

Fix Rubocop Code Climate error

https://codeclimate.com/github/ManageIQ/manageiq-providers-lenovo/builds/18

CVE-2022-0613 (Medium) detected in urijs-1.19.7.tgz - autoclosed

CVE-2022-0613 - Medium Severity Vulnerability

Vulnerable Library - urijs-1.19.7.tgz

URI.js is a Javascript library for working with URLs.

Library home page: https://registry.npmjs.org/urijs/-/urijs-1.19.7.tgz

Dependency Hierarchy:

❌ urijs-1.19.7.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Authorization Bypass Through User-Controlled Key in Bower URIjs prior to 1.19.8.

Publish Date: 2022-02-16

URL: CVE-2022-0613

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083/

Release Date: 2022-02-16

Fix Resolution: uri.js - v1.19.8

Step up your Open Source Security Game with WhiteSource here

Provision button is disabled on Physical Servers list page

yarn install stuck on s390x platfrom

When trying to run yarn on manageiq-providers-lenovo on s390x platfrom it stuck at below line

manageiq-providers-lenovo]# yarn
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed in 0s 253ms
➤ YN0000: ┌ Fetch step
➤ YN0013: │ urijs@npm:1.19.11 can't be found in the cache and will be fetched from the remote registry
➤ YN0000: ⠙ ========================================----------------------------------------

when I do simple npm install [email protected] it adds the package but yarn is stuck on this line without success or error

Add ability to create custom buttons for Physical Servers

Original BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1858171

Description of problem: Customer would like to add custom buttons for the physical servers listed under Compute -> Physical Infrastructure -> Servers

Additional info:

(https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/configuring_the_lenovo_physical_infrastructure_provider_for_red_hat_cloudforms/managing_physical_servers)

move provider specific settings

see the amazon settings for what can be moved.

CVE-2021-27516 (High) detected in urijs-1.19.5.tgz - autoclosed

CVE-2021-27516 - High Severity Vulnerability

Vulnerable Library - urijs-1.19.5.tgz

URI.js is a Javascript library for working with URLs.

Library home page: https://registry.npmjs.org/urijs/-/urijs-1.19.5.tgz

Dependency Hierarchy:

❌ urijs-1.19.5.tgz (Vulnerable Library)

Found in HEAD commit: a1dbab5b7e16aa92eec7b573ad04e45b63357680

Found in base branch: master

Vulnerability Details

URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

Publish Date: 2021-02-22

URL: CVE-2021-27516

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27516

Release Date: 2021-02-22

Fix Resolution: 1.19.6

Step up your Open Source Security Game with WhiteSource here

Increase code coverage

According to Code Climate https://codeclimate.com/github/ManageIQ/manageiq-providers-lenovo this provider's test coverage is 13%, compared with Amazon 71%, VMWare 60%, and Azure 64%.

CVE-2022-1233 (Medium) detected in urijs-1.19.9.tgz - autoclosed

CVE-2022-1233 - Medium Severity Vulnerability

Vulnerable Library - urijs-1.19.9.tgz

URI.js is a Javascript library for working with URLs.

Library home page: https://registry.npmjs.org/urijs/-/urijs-1.19.9.tgz

Dependency Hierarchy:

❌ urijs-1.19.9.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

Publish Date: 2022-04-04

URL: CVE-2022-1233

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1233

Release Date: 2022-04-04

Fix Resolution: urijs - 1.19.11

Step up your Open Source Security Game with WhiteSource here

Managed LXCA event streams fill the database to capacity.

Original BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1619374

Description of problem:
With managed LXCAs the CloudForms database fills to capacity quickly. Event streams are not purged quickly enough.

How reproducible:
Manage multiple LXCA instances. Monitor the grow in size of any database partitions

Actual results:
CloudForms becomes unusable

Expected results:
Events are purged periodically and the database remains usable.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions

.github/workflows/ci.yaml

actions/checkout v4

ruby/setup-ruby v1

paambaati/codeclimate-action v6

manageiq/postgresql 13

npm

package.json

node >= 18.0.0

npm >= 8.6.0

yarn >= 0.20.1

yarn 4.2.2

Check this box to trigger a request for Renovate to run again on this repository

manageiq / manageiq-providers-lenovo Goto Github PK

manageiq-providers-lenovo's Introduction

ManageIQ::Providers::Lenovo

Development

License

Contributing

manageiq-providers-lenovo's People

Contributors

Stargazers

Watchers

Forkers

manageiq-providers-lenovo's Issues

CVE-2021-3647 - Medium Severity Vulnerability

CVE-2022-0868 - Medium Severity Vulnerability

CVE-2022-0613 - Medium Severity Vulnerability

CVE-2021-27516 - High Severity Vulnerability

CVE-2022-1233 - Medium Severity Vulnerability

Detected dependencies

Recommend Projects

Recommend Topics

Recommend Org