NETWAYS · tbauriedel · Jul 24, 2023 · Jul 24, 2023
diff --git a/README.md b/README.md
@@ -19,21 +19,21 @@ The `--hide` flag can be used multiple times to hide sensitive data, it supports
 
 `# support-collector --hide "Secret:.*" --hide "Password:.*"`
 
-By default, we collect all we can find. You can control this by only enabling certain modules, or disabling some.  
+By default, we collect all we can find. You can control this by only enabling certain modules, or disabling some.
 > Logs are also not collected by default. To collect them, add `--detailed`
 
-If you want to see what is collected, add `--verbose`  
+If you want to see what is collected, add `--verbose`
 
-| Short | Long              | Description                                                                                                           |
-|:-----:|:------------------|-----------------------------------------------------------------------------------------------------------------------|
+| Short | Long              | Description                                                                                                            |
+|:-----:|:------------------|------------------------------------------------------------------------------------------------------------------------|
 |  -o   | --output          | Output file for the zip content (default: current directory and named like '$HOSTNAME'-netways-support-$TIMESTAMP.zip) |
-|       | --nodetails       | Disable detailed collection including logs and more                                                   |
-|       | --enable          | List of enabled modules (default: all)                                                                                |
-|       | --disable         | List of disabled modules (default: none)                                                                              |
-|       | --hide            | List of keywords to obfuscate. Can be used multiple times                                                             |
-|       | --command-timeout | Timeout for command execution in modules (default: 1m0s)                                                              |
-|  -v   | --verbose         | Enable verbose logging                                                                                                |
-|  -V   | --version         | Print version and exit                                                                                                |
+|       | --nodetails       | Disable detailed collection including logs and more                                                                    |
+|       | --enable          | List of enabled modules (default: all)                                                                                 |
+|       | --disable         | List of disabled modules (default: none)                                                                               |
+|       | --hide            | List of keywords to obfuscate. Can be used multiple times                                                              |
+|       | --command-timeout | Timeout for command execution in modules (default: 1m0s)                                                               |
+|  -v   | --verbose         | Enable verbose logging                                                                                                 |
+|  -V   | --version         | Print version and exit                                                                                                 |
 
 ## Modules
 
@@ -64,6 +64,7 @@ not be collected.
 | prometheus     | Configuration, packages and service status                                                                             |
 | puppet         | Configuration, logs, module list, packages and service status                                                          |
 | webservers     | Includes apache2, httpd and nginx. Collects configuration, logs, packages and service status                           |
+| foreman        | Configuration, logs, packages and service status                                                                       |
 
 ## Supported systems
 

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/NETWAYS/support-collector
 
-go 1.16
+go 1.20
 
 require (
 	github.com/Showmax/go-fqdn v1.0.0
@@ -11,3 +11,10 @@ require (
 	github.com/stretchr/testify v1.8.4
 	gopkg.in/yaml.v3 v3.0.1
 )
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab // indirect
+)
diff --git a/go.sum b/go.sum
@@ -16,11 +16,7 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

diff --git a/main.go b/main.go
@@ -6,6 +6,7 @@ import (
 	"github.com/NETWAYS/support-collector/modules/base"
 	"github.com/NETWAYS/support-collector/modules/corosync"
 	"github.com/NETWAYS/support-collector/modules/elastic"
+	"github.com/NETWAYS/support-collector/modules/foreman"
 	"github.com/NETWAYS/support-collector/modules/grafana"
 	"github.com/NETWAYS/support-collector/modules/graphite"
 	"github.com/NETWAYS/support-collector/modules/graylog"
@@ -75,6 +76,7 @@ var modules = map[string]func(*collection.Collection){
 	"graphite":        graphite.Collect,
 	"graylog":         graylog.Collect,
 	"icingadb":        icingadb.Collect,
+	"foreman":         foreman.Collect,
 }
 
 var (
@@ -98,6 +100,7 @@ var (
 		"grafana",
 		"graphite",
 		"graylog",
+		"foreman",
 	}
 )
 

diff --git a/modules/foreman/collector.go b/modules/foreman/collector.go
@@ -0,0 +1,65 @@
+package foreman
+
+import (
+	"github.com/NETWAYS/support-collector/pkg/collection"
+	"github.com/NETWAYS/support-collector/pkg/obfuscate"
+	"os"
+	"path/filepath"
+)
+
+const ModuleName = "foreman"
+
+var files = []string{
+	"/etc/foreman",
+	"/etc/foreman-installer",
+	"/etc/foreman-proxy",
+}
+
+var detailedFiles = []string{
+	"/var/log/foreman",
+	"/var/log/foreman-installer",
+	"/var/log/foreman-proxy",
+}
+
+func detect() bool {
+	_, err := os.Stat("/etc/foreman")
+	return err == nil
+}
+
+var obfuscaters = []*obfuscate.Obfuscator{
+	obfuscate.NewFile(`(?i)(?:password)\s*:\s*(.*)`, "yml"),
+	obfuscate.NewFile(`(?i)(?:ENCRYPTION_KEY)\s*=\s*(.*)`, "rb"),
+}
+
+func Collect(c *collection.Collection) {
+	if !detect() {
+		c.Log.Info("Could not find Foreman")
+		return
+	}
+
+	c.Log.Info("Collection Foreman information")
+
+	c.RegisterObfuscators(obfuscaters...)
+
+	c.AddInstalledPackagesRaw(filepath.Join(ModuleName, "packages.txt"),
+		"foreman",
+		"foreman-installer",
+		"foreman-proxy",
+	)
+
+	c.AddServiceStatusRaw(filepath.Join(ModuleName, "service.txt"), "foreman")
+
+	if collection.DetectServiceManager() == "systemd" {
+		c.AddCommandOutput(filepath.Join(ModuleName, "systemd-foreman.service"), "systemctl", "cat", "foreman.service")
+	}
+
+	for _, file := range files {
+		c.AddFiles(ModuleName, file)
+	}
+
+	if c.Detailed {
+		for _, file := range detailedFiles {
+			c.AddFiles(ModuleName, file)
+		}
+	}
+}
diff --git a/modules/foreman/collector_test.go b/modules/foreman/collector_test.go
@@ -0,0 +1,27 @@
+package foreman
+
+import (
+	"bytes"
+	"github.com/NETWAYS/support-collector/pkg/collection"
+	"github.com/NETWAYS/support-collector/pkg/obfuscate"
+	"github.com/NETWAYS/support-collector/pkg/util"
+	"testing"
+)
+
+func TestCollect(t *testing.T) {
+	c := collection.New(&bytes.Buffer{})
+
+	if !detect() {
+		t.Skip("could not find foreman in the test environment")
+		return
+	}
+
+	Collect(c)
+}
+
+func TestObfuscators(t *testing.T) {
+	util.AssertObfuscationExample(t, obfuscaters, obfuscate.KindFile, "/etc/foreman/database.yml")
+	util.AssertObfuscationExample(t, obfuscaters, obfuscate.KindFile, "/etc/foreman/encryption_key.rb")
+
+	util.AssertAllObfuscatorsTested(t, obfuscaters)
+}
diff --git a/modules/foreman/testdata/etc/foreman/database.yml b/modules/foreman/testdata/etc/foreman/database.yml
@@ -0,0 +1,26 @@
+### File managed with puppet ###
+## Module:           'foreman'
+
+# SQLite version 3.x
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Database is managed by foreman::database::postgresql
+production:
+  adapter: postgresql
+  database: foreman
+  username: foreman
+  password: "zxdXCQ2KoJuBuE8jkb467UA6kpRvP9Ez"
+  pool: 5
diff --git a/modules/foreman/testdata/etc/foreman/database.yml.obfuscated b/modules/foreman/testdata/etc/foreman/database.yml.obfuscated
@@ -0,0 +1,26 @@
+### File managed with puppet ###
+## Module:           'foreman'
+
+# SQLite version 3.x
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Database is managed by foreman::database::postgresql
+production:
+  adapter: postgresql
+  database: foreman
+  username: foreman
+  password: <HIDDEN>
+  pool: 5
diff --git a/modules/foreman/testdata/etc/foreman/encryption_key.rb b/modules/foreman/testdata/etc/foreman/encryption_key.rb
@@ -0,0 +1,11 @@
+# Be sure to restart your server when you modify this file.
+
+# Your encryption key for encrypting and decrypting database fields.
+# If you change this key, all encrypted data will NOT be able to be decrypted by Foreman!
+# Make sure the key is at least 32 bytes such as SecureRandom.hex(20)
+
+# You can use `rake security:generate_encryption_key` to regenerate this file.
+
+module EncryptionKey
+  ENCRYPTION_KEY = '7ee82cb4cb031bc3415be013d8bfc28c'
+end
diff --git a/modules/foreman/testdata/etc/foreman/encryption_key.rb.obfuscated b/modules/foreman/testdata/etc/foreman/encryption_key.rb.obfuscated
@@ -0,0 +1,11 @@
+# Be sure to restart your server when you modify this file.
+
+# Your encryption key for encrypting and decrypting database fields.
+# If you change this key, all encrypted data will NOT be able to be decrypted by Foreman!
+# Make sure the key is at least 32 bytes such as SecureRandom.hex(20)
+
+# You can use `rake security:generate_encryption_key` to regenerate this file.
+
+module EncryptionKey
+  ENCRYPTION_KEY = <HIDDEN>
+end