agentless-catalog-executor 0.10.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92395f0079ad1725aee845a780da2c613c02b6709053288e60ff374bf9f1260c
-  data.tar.gz: a8e35c7eaca53dc0e294779122a50f85b325b312c51bcdca192bcfd4b00d3b18
+  metadata.gz: 603248d8cb9b344650b57553ed3f415e94964b5c49fb1adcfa38b3e14adbfc8a
+  data.tar.gz: dedfb986987cb291c4a5277b269a25da626f875854ba44b5a7935aabc3851f67
 SHA512:
-  metadata.gz: 4eeeacc1233b2541287c3965409f9b8e155de490e430ee0eb927af210484fa42d81f4bc475bc88f5475464639489d41bac550943751f38a3e493af64e8caa8a5
-  data.tar.gz: a8e6988f55d193eb286e1139aa5b7f8dbc37849ff77d8664a27140878de2ad1715d0ca3438f787ceaf842107d01890bb287d53c1e3a2e782ea1f5a11b8ea6d09
+  metadata.gz: e408493f6327f58cc447a38e7de50cc39bee52d99dd98bbfa4ae66c24744e0c27a5d384bd2d04448c0004915367028f927d4c7587fdcfcfa03b326f0bb5d281d
+  data.tar.gz: cd98abcf1b810d881dddcf1c0207f8ec0a3c3cf62e7da76fa9cd87bd1416e379da5a9ffbb094a0d27dea4ba5ae3477b40006ab909a6391179e949a24e741c6de

data/.rspec

@@ -1,3 +1,4 @@
 --format documentation
 --color
 --require spec_helper
+--exclude-pattern 'spec/volumes/**/*'

data/.rubocop.yml

@@ -98,3 +98,8 @@ RSpec/ExampleLength:
 Lint/AmbiguousBlockAssociation:
   Exclude:
     - "spec/**/*"
+
+# complex code is complex :-(
+RSpec/NestedGroups:
+  Enabled: true
+  Max: 5

data/.travis.yml

@@ -1,5 +1,6 @@
 dist: xenial
 language: ruby
+cache: bundler
 rvm:
   - 2.5.1
 env:

data/CHANGELOG.md

@@ -3,6 +3,32 @@
 All significant changes to this repo will be summarized in this file.
 
 
+## [v1.0.0](https://github.com/puppetlabs/ace/tree/v1.0.0) (2019-10-08)
+[Full Changelog](https://github.com/puppetlabs/ace/compare/v0.10.0...v1.0.0)
+
+**Implemented enhancements:**
+
+- \(FM-8503\) implement transport loading if there is no device.rb shim [\#55](https://github.com/puppetlabs/ace/pull/55) ([Lavinia-Dan](https://github.com/Lavinia-Dan))
+- \(FM-8485\) - Addition of CODEOWNERS file [\#53](https://github.com/puppetlabs/ace/pull/53) ([david22swan](https://github.com/david22swan))
+- \(FM-8446\) remove remote-transport requirement [\#50](https://github.com/puppetlabs/ace/pull/50) ([DavidS](https://github.com/DavidS))
+- \(PE-27029\) introduce enforce\_environment to support strict mode [\#49](https://github.com/puppetlabs/ace/pull/49) ([DavidS](https://github.com/DavidS))
+- \(PE-27024\) return detailed results from `/execute\_catalog` [\#48](https://github.com/puppetlabs/ace/pull/48) ([DavidS](https://github.com/DavidS))
+
+**Fixed bugs:**
+
+- \(FM-8566\) Add additional error handling for /run\_task [\#60](https://github.com/puppetlabs/ace/pull/60) ([da-ar](https://github.com/da-ar))
+- \(FM-8497\) Ensure cross-process mutexing [\#59](https://github.com/puppetlabs/ace/pull/59) ([da-ar](https://github.com/da-ar))
+- \(FM-8481\) Add missing headers for native extensions [\#51](https://github.com/puppetlabs/ace/pull/51) ([da-ar](https://github.com/da-ar))
+- \\(PE-27024\\) return detailed results from `/execute\\_catalog` [\#48](https://github.com/puppetlabs/ace/pull/48) ([DavidS](https://github.com/DavidS))
+
+**Merged pull requests:**
+
+- \(maint\) rubocop fixes for RSpec/EmptyLineAfterExample [\#61](https://github.com/puppetlabs/ace/pull/61) ([da-ar](https://github.com/da-ar))
+- \(FM-8496\) Add support for Puppet debug flags during /execute\_catalog [\#58](https://github.com/puppetlabs/ace/pull/58) ([david22swan](https://github.com/david22swan))
+- \(maint\) Do not follow spec test found in `Volumes` [\#56](https://github.com/puppetlabs/ace/pull/56) ([da-ar](https://github.com/da-ar))
+- \(maint\) various cleanups [\#52](https://github.com/puppetlabs/ace/pull/52) ([DavidS](https://github.com/DavidS))
+- \(maint\) using the CA\_ALLOW\_SUBJECT\_ALT\_NAMES env variable for new doc… [\#47](https://github.com/puppetlabs/ace/pull/47) ([Thomas-Franklin](https://github.com/Thomas-Franklin))
+
 ## [v0.10.0](https://github.com/puppetlabs/ace/tree/v0.10.0) (2019-07-25)
 [Full Changelog](https://github.com/puppetlabs/ace/compare/v0.9.1...v0.10.0)
 
@@ -31,6 +57,8 @@ All significant changes to this repo will be summarized in this file.
 - \(FM-7927\) Docs review [\#35](https://github.com/puppetlabs/ace/pull/35) ([clairecadman](https://github.com/clairecadman))
 
 ## [v0.9.0](https://github.com/puppetlabs/ace/tree/v0.9.0) (2019-04-16)
+[Full Changelog](https://github.com/puppetlabs/ace/compare/0.1.0...v0.9.0)
+
 **Implemented enhancements:**
 
 - \(FM-7922\) running the configuration to apply catalog to transport  [\#30](https://github.com/puppetlabs/ace/pull/30) ([Thomas-Franklin](https://github.com/Thomas-Franklin))
@@ -39,8 +67,6 @@ All significant changes to this repo will be summarized in this file.
 - \(FM-7883\) execute plugin sync from a puppetserver [\#20](https://github.com/puppetlabs/ace/pull/20) ([Thomas-Franklin](https://github.com/Thomas-Franklin))
 - \(FM-7826\) first pass of execute catalog docs and mock API endpoint [\#16](https://github.com/puppetlabs/ace/pull/16) ([DavidS](https://github.com/DavidS))
 - Utilities for environment isolation per request [\#12](https://github.com/puppetlabs/ace/pull/12) ([willmeek](https://github.com/willmeek))
-- \(PE-25514\) Add docker support for ACE [\#3](https://github.com/puppetlabs/ace/pull/3) ([da-ar](https://github.com/da-ar))
-- \(PE-25508\) Add JSON Schema and validation example [\#2](https://github.com/puppetlabs/ace/pull/2) ([da-ar](https://github.com/da-ar))
 
 **Fixed bugs:**
 
@@ -64,6 +90,15 @@ All significant changes to this repo will be summarized in this file.
 - Update README.md [\#10](https://github.com/puppetlabs/ace/pull/10) ([willmeek](https://github.com/willmeek))
 - \(maint\) reworking of the configuration [\#5](https://github.com/puppetlabs/ace/pull/5) ([Thomas-Franklin](https://github.com/Thomas-Franklin))
 - Update JSONSchema, and mock endpoint [\#4](https://github.com/puppetlabs/ace/pull/4) ([da-ar](https://github.com/da-ar))
+
+## [0.1.0](https://github.com/puppetlabs/ace/tree/0.1.0) (2018-11-30)
+**Implemented enhancements:**
+
+- \(PE-25514\) Add docker support for ACE [\#3](https://github.com/puppetlabs/ace/pull/3) ([da-ar](https://github.com/da-ar))
+- \(PE-25508\) Add JSON Schema and validation example [\#2](https://github.com/puppetlabs/ace/pull/2) ([da-ar](https://github.com/da-ar))
+
+**Merged pull requests:**
+
 - \(PE-25509\) first fake endpoint; rubocop [\#1](https://github.com/puppetlabs/ace/pull/1) ([DavidS](https://github.com/DavidS))
 
 

data/CODEOWNERS

@@ -0,0 +1,2 @@
+# Set the networking team as the main owners of the module
+*       @puppetlabs/networking

data/Dockerfile

@@ -2,7 +2,7 @@
 FROM puppet/puppet-agent-alpine:6.4.2 as build
 
 RUN \
-apk --no-cache add build-base ruby-dev ruby-bundler ruby-json ruby-bigdecimal git openssl-dev && \
+apk --no-cache add build-base ruby-dev ruby-bundler ruby-json ruby-bigdecimal git openssl-dev linux-headers && \
 echo 'gem: --no-document' > /etc/gemrc && \
 bundle config --global silence_root_warning 1
 

data/README.md

@@ -18,7 +18,7 @@ ACE is built-in to PE as pe-ace-server.
 
 ## Development
 
-As ACE is dependent on Puppet Server, there is a docker-compose file in the `spec/` directory which we advise you run before  the ACE service to ensure that the certs and keys are valid. For more information, see the [docker documentation](developer-docs/docker.md).
+As ACE is dependent on Puppet Server, there is a docker-compose file in the `spec/` directory which we advise you run before the ACE service to ensure that the certs and keys are valid. For more information, see the [docker documentation](developer-docs/docker.md).
 
 To release a new version, update the version number in `version.rb`, generate a new changelog with `bundle exec rake changelog`, commit the results and run `bundle exec rake release`, which creates a git tag for the version, pushes git commits and tags, and pushes the `.gem` file to [rubygems.org](https://rubygems.org). Released gems are eventually consumed by [ace-vanagon](https://github.com/puppetlabs/ace-vanagon) and promoted into PE.
 

data/agentless-catalog-executor.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "bolt", "~> 1.15"
+  spec.add_dependency "bolt", "~> 1.31"
 
   # server-side dependencies cargo culted from https://github.com/puppetlabs/bolt/blob/4418da408643aa7eb5ed64f4c9704b941ea878dc/Gemfile#L10-L16
   spec.add_dependency "hocon", ">= 1.2.5"

data/developer-docs/api.md

@@ -106,6 +106,13 @@ The `compiler` is a JSON object which contains parameters regarding the compilat
 * `transaction_uuid`
 * `job_id`
 
+The compiler also contains several parameters that can be used in order to help to debug your request, these being:
+
+* `noop`
+* `debug`
+* `trace`
+* `evaltrace`
+
 ### Task Object
 This is a copy of [bolt's task object](https://github.com/puppetlabs/bolt/blob/master/developer-docs/bolt-api-servers.md#task-object)
 

data/developer-docs/docker.md

@@ -31,7 +31,9 @@ sudo chmod a+rx -R volumes/
 
 At this point it is required to generate certs for the `aceserver`, this can be achieved though:
 
-`docker exec spec_puppet_1 puppetserver ca generate --certname aceserver --subject-alt-names localhost,aceserver,ace_aceserver_1,spec_puppetserver_1,ace_server,puppet_server,spec_aceserver_1,puppetdb,spec_puppetdb_1,0.0.0.0,puppet,spec_puppet_1,ace_aceserver_1`
+```
+docker exec spec_puppet_1 puppetserver ca generate --certname aceserver --subject-alt-names localhost,aceserver,ace_aceserver_1,spec_puppetserver_1,ace_server,puppet_server,spec_aceserver_1,puppetdb,spec_puppetdb_1,0.0.0.0,puppet,spec_puppet_1,ace_aceserver_1
+```
 
 On Linux, ensure that you have access to the newly created files:
 

data/lib/ace/file_mutex.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'timeout'
+
+module ACE
+  class FileMutex
+    def initialize(lock_file)
+      @lock_file = lock_file
+    end
+
+    def with_read_lock
+      fh = File.open(@lock_file, File::CREAT)
+      fh.flock(File::LOCK_SH)
+      yield
+    ensure
+      fh.flock(File::LOCK_UN)
+      fh.close
+    end
+
+    def with_write_lock
+      fh = File.open(@lock_file, File::CREAT)
+      fh.flock(File::LOCK_EX)
+      yield
+    ensure
+      fh.flock(File::LOCK_UN)
+      fh.close
+    end
+  end
+end

data/lib/ace/fork_util.rb

@@ -28,7 +28,7 @@ module ACE
             }
           }.to_json)
           success = false
-        rescue StandardError => e
+        rescue Exception => e # rubocop:disable Lint/RescueException
           writer.puts({
             msg: e.message,
             kind: e.class,
@@ -39,6 +39,7 @@ module ACE
           }.to_json)
           success = false
         ensure
+          writer.flush
           Process.exit! success
         end
         # :nocov:
@@ -48,11 +49,13 @@ module ACE
         exit 1
       end
       writer.close
-      output = reader.read
+      output = reader.readlines('')[0]
       Process.wait(pid)
       if $CHILD_STATUS != 0
         error = JSON.parse(output)
         raise ACE::Error.new(error['msg'], error['kind'], error['details'])
+      elsif output.nil?
+        raise ACE::Error.new('spawned process returned no result', 'puppetlabs/ace/fork_util', 'no details')
       else
         JSON.parse(output)
       end

data/lib/ace/plugin_cache.rb

@@ -14,14 +14,21 @@ module ACE
     PURGE_INTERVAL = 24 * PURGE_TIMEOUT
     PURGE_TTL = 7 * PURGE_INTERVAL
 
-    def initialize(environments_cache_dir)
+    def initialize(environments_cache_dir,
+                   purge_interval: PURGE_INTERVAL,
+                   purge_timeout: PURGE_TIMEOUT,
+                   purge_ttl: PURGE_TTL,
+                   cache_dir_mutex: Concurrent::ReadWriteLock.new,
+                   do_purge: true)
       @cache_dir = environments_cache_dir
-      @cache_dir_mutex = Concurrent::ReadWriteLock.new
+      @cache_dir_mutex = cache_dir_mutex
 
-      @purge = Concurrent::TimerTask.new(execution_interval: PURGE_INTERVAL,
-                                         timeout_interval: PURGE_TIMEOUT,
-                                         run_now: true) { expire(PURGE_TTL) }
-      @purge.execute
+      if do_purge
+        @purge = Concurrent::TimerTask.new(execution_interval: purge_interval,
+                                           timeout_interval: purge_timeout,
+                                           run_now: true) { expire(purge_ttl) }
+        @purge.execute
+      end
     end
 
     def setup
@@ -29,9 +36,14 @@ module ACE
       self
     end
 
-    def with_synced_libdir(environment, certname, &block)
+    def with_synced_libdir(environment, enforce_environment, certname, &block)
       ForkUtil.isolate do
-        ACE::PuppetUtil.isolated_puppet_settings(certname, environment)
+        ACE::PuppetUtil.isolated_puppet_settings(
+          certname,
+          environment,
+          enforce_environment,
+          environment_dir(environment)
+        )
         with_synced_libdir_core(environment, &block)
       end
     end
@@ -65,7 +77,7 @@ module ACE
     def environment_dir(environment)
       environment_dir = File.join(cache_dir, environment)
       cache_dir_mutex.with_write_lock do
-        FileUtils.mkdir_p(environment_dir)
+        FileUtils.mkdir_p(File.join(environment_dir, 'code', 'environments', environment))
         FileUtils.touch(environment_dir)
       end
       environment_dir
@@ -76,12 +88,6 @@ module ACE
     def sync_core(environment)
       env = Puppet::Node::Environment.remote(environment)
       environments_dir = environment_dir(environment)
-      Puppet[:vardir] = File.join(environments_dir)
-      Puppet[:confdir] = File.join(environments_dir, 'conf')
-      Puppet[:rundir] = File.join(environments_dir, 'run')
-      Puppet[:logdir] = File.join(environments_dir, 'log')
-      Puppet[:codedir] = File.join(environments_dir, 'code')
-      Puppet[:plugindest] = File.join(environments_dir, 'plugins')
       Puppet::Configurer::PluginHandler.new.download_plugins(env)
       libdir(File.join(environments_dir, 'plugins'))
     end

data/lib/ace/puppet_util.rb

@@ -18,12 +18,12 @@ module ACE
       # as per request settings will be set later on
       # to satisfy multi-environments
       Puppet.settings[:vardir] = cachedir
-      Puppet.settings[:confdir] = File.join(cachedir, 'conf')
-      Puppet.settings[:rundir] = File.join(cachedir, 'run')
-      Puppet.settings[:logdir] = File.join(cachedir, 'log')
-      Puppet.settings[:codedir] = File.join(cachedir, 'code')
-      Puppet.settings[:plugindest] = File.join(cachedir, 'plugins')
-      Puppet.push_context(Puppet.base_context(Puppet.settings), "Puppet Initialization")
+      Puppet.settings[:confdir] = File.join(cachedir, 'conf_x')
+      Puppet.settings[:rundir] = File.join(cachedir, 'run_x')
+      Puppet.settings[:logdir] = File.join(cachedir, 'log_x')
+      Puppet.settings[:codedir] = File.join(cachedir, 'code_x')
+      Puppet.settings[:plugindest] = File.join(cachedir, 'plugin_x')
+
       # ssl_context will be a persistent context
       cert_provider = Puppet::X509::CertProvider.new(
         capath: ca_cert_path,
@@ -35,18 +35,39 @@ module ACE
         private_key: OpenSSL::PKey::RSA.new(File.read(private_key_path, encoding: 'utf-8')),
         client_cert: OpenSSL::X509::Certificate.new(File.read(client_cert_path, encoding: 'utf-8'))
       )
-      Puppet.push_context({
-                            ssl_context: ssl_context,
-                            server: uri.host,
-                            serverport: uri.port
-                          }, "PuppetServer connection information to be used")
-      Puppet.settings.use :main, :agent, :ssl
-      Puppet::Transaction::Report.indirection.terminus_class = :rest
+      # Store SSL settings for reuse in isolated process
+      @ssl_settings = {
+        ssl_context: ssl_context,
+        server: uri.host,
+        serverport: uri.port
+      }
     end
 
-    def self.isolated_puppet_settings(certname, environment)
+    def self.isolated_puppet_settings(certname, environment, enforce_environment, environment_dir)
       Puppet.settings[:certname] = certname
       Puppet.settings[:environment] = environment
+      Puppet.settings[:strict_environment_mode] = enforce_environment
+
+      Puppet.settings[:vardir] = File.join(environment_dir)
+      Puppet.settings[:confdir] = File.join(environment_dir, 'conf')
+      Puppet.settings[:rundir] = File.join(environment_dir, 'run')
+      Puppet.settings[:logdir] = File.join(environment_dir, 'log')
+      Puppet.settings[:codedir] = File.join(environment_dir, 'code')
+      Puppet.settings[:plugindest] = File.join(environment_dir, 'plugins')
+
+      # establish a base_context. This needs to be the first context on the stack, but must not be created
+      # before all settings have been set. For example, this will create a Puppet::Environments::Directories
+      # instance copying the :environmentpath setting and never updating this.
+      Puppet.push_context(Puppet.base_context(Puppet.settings), "Puppet Initialization")
+      Puppet.push_context(@ssl_settings, "PuppetServer connection information to be used")
+
+      # finalise settings initialisation
+      Puppet.settings.use :main, :agent, :ssl
+
+      # special override
+      Puppet::Transaction::Report.indirection.terminus_class = :rest
+
+      # configure the requested environment, and deploy new loaders
       env = Puppet::Node::Environment.remote(environment)
       Puppet.push_context({
                             configured_environment: environment,

data/lib/ace/schemas/ace-execute_catalog.json

@@ -28,6 +28,10 @@
           "type": "string",
           "description": "The name of the environment for which to compile the catalog."
         },
+        "enforce_environment": {
+          "type": "boolean",
+          "description": "Whether to force agents to run in the same environment in which their assigned applications are defined. (This key is required to be false if `environment` is an empty string)."
+        },
         "transaction_uuid": {
           "type": "string",
           "description": "The id for tracking the catalog compilation and report submission."
@@ -35,12 +39,33 @@
         "job_id": {
           "type": "string",
           "description": "The id of the orchestrator job that triggered this run."
+        },
+        "noop": {
+          "type": "boolean",
+          "description": "The operation should not be applied",
+          "default": false
+        },
+        "debug": {
+          "type": "boolean",
+          "description": "Show up to debug level messages",
+          "default": false
+        },
+        "trace": {
+          "type": "boolean",
+          "description": "Allows for a backtrace to be returned in the event of an exception",
+          "default": false
+        },
+        "evaltrace": {
+          "type": "boolean",
+          "description": "Reports on each step of the Puppet process",
+          "default": false
         }
       },
       "additionalProperties": true,
       "required": [
         "certname",
-        "environment"
+        "environment",
+        "enforce_environment"
       ]
     }
   },

data/lib/ace/schemas/ace-run_task.json

@@ -17,8 +17,7 @@
           "description": ""
         }
       },
-      "additionalProperties": true,
-      "required": ["remote-transport"]
+      "additionalProperties": true
     },
     "task": { "$ref": "file:task"},
     "parameters": {

data/lib/ace/transport_app.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'ace/file_mutex'
 require 'ace/error'
 require 'ace/fork_util'
 require 'ace/puppet_util'
@@ -18,12 +19,17 @@ require 'puppet/util/network_device/base'
 module ACE
   class TransportApp < Sinatra::Base
     def initialize(config = nil)
+      @logger = Logging.logger[self]
       @config = config
       @executor = Bolt::Executor.new(0)
       tasks_cache_dir = File.join(@config['cache-dir'], 'tasks')
-      @file_cache = BoltServer::FileCache.new(@config.data.merge('cache-dir' => tasks_cache_dir)).setup
-      environments_cache_dir = File.join(@config['cache-dir'], 'environments')
-      @plugins = ACE::PluginCache.new(environments_cache_dir).setup
+      @mutex = ACE::FileMutex.new(Tempfile.new('ace.lock'))
+      @file_cache = BoltServer::FileCache.new(@config.data.merge('cache-dir' => tasks_cache_dir),
+                                              cache_dir_mutex: @mutex, do_purge: false).setup
+      environments_cache_dir = File.join(@config['cache-dir'], 'environment_cache')
+      @plugins_mutex = ACE::FileMutex.new(Tempfile.new('ace.plugins.lock'))
+      @plugins = ACE::PluginCache.new(environments_cache_dir,
+                                      cache_dir_mutex: @plugins_mutex, do_purge: false).setup
 
       @schemas = {
         "run_task" => JSON.parse(File.read(File.join(__dir__, 'schemas', 'ace-run_task.json'))),
@@ -40,6 +46,36 @@ module ACE
                                            config['cache-dir'],
                                            URI.parse(config['puppet-server-uri']))
 
+      ace_pid = Process.pid
+      @logger.info "ACE started: #{ace_pid}"
+      fork do
+        # :nocov:
+        # FileCache and PluginCache cleanup timer started in a seperate fork
+        # so that there is only a single timer responsible for purging old files
+        @logger.info "FileCache process started: #{Process.pid}"
+        @fc_purge = BoltServer::FileCache.new(@config.data.merge('cache-dir' => tasks_cache_dir),
+                                              cache_dir_mutex: @mutex,
+                                              do_purge: true)
+
+        @pc_purge = ACE::PluginCache.new(environments_cache_dir,
+                                         cache_dir_mutex: @plugins_mutex, do_purge: true)
+        loop do
+          begin
+            # is the parent process alibve
+            Process.getpgid(ace_pid)
+            sleep 10 # how often to check if parent process is alive
+          rescue Interrupt
+            # handle ctrl-c event
+            break
+          rescue StandardError
+            # parent is no longer alive
+            break
+          end
+        end
+        @logger.info "FileCache process ended"
+        # :nocov:
+      end
+
       super(nil)
     end
 
@@ -84,11 +120,20 @@ module ACE
       end
 
       device_struct = Struct.new(:provider, :url, :name, :options)
+      type = target['remote-transport']
       # Return device
-      Puppet::Util::NetworkDevice.init(device_struct.new(transport,
-                                                         url,
-                                                         certname,
-                                                         {}))
+      begin
+        require 'puppet/resource_api/transport'
+        transport = Puppet::ResourceApi::Transport.connect(type, url)
+        Puppet::ResourceApi::Transport.inject_device(type, transport)
+      rescue Puppet::DevError, LoadError => e
+        raise e unless e.message.include?("Transport for `#{type}` not registered with") || e.class == LoadError
+        # fallback to puppet device if there's no transport
+        Puppet::Util::NetworkDevice.init(device_struct.new(transport,
+                                                           url,
+                                                           certname,
+                                                           {}))
+      end
     end
 
     def scrub_stack_trace(result)
@@ -110,6 +155,12 @@ module ACE
       end
     end
 
+    def nest_metrics(metrics)
+      Hash[metrics.fetch('resources', {}).values.map do |name, _human_name, value|
+        [name, value]
+      end]
+    end
+
     # returns a hash of trusted facts that will be used
     # to request a catalog for the target
     def self.trusted_facts(certname)
@@ -156,39 +207,85 @@ module ACE
       begin
         body = JSON.parse(request.body.read)
         validate_schema(@schemas["run_task"], body)
+        opts = body['target'].merge('protocol' => 'remote')
+
+        # This is a workaround for Bolt due to the way it expects to receive the target info
+        # see: https://github.com/puppetlabs/bolt/pull/915#discussion_r268280535
+        # Systems calling into ACE will need to determine the nodename/certname and pass this as `name`
+        target = [Bolt::Target.new(body['target']['host'] || body['target']['name'], opts)]
       rescue ACE::Error => e
-        request_error = { _error: e.to_h }
+        request_error = {
+          "node": target,
+          "target": target,
+          "action": nil,
+          "object": nil,
+          "status": "failure",
+          "result": {
+            "_error": e.to_h
+          }
+        }
         return [400, request_error.to_json]
-      rescue StandardError => e
+      rescue JSON::ParserError => e
         request_error = {
-          _error: ACE::Error.to_h(e.message,
-                                  'puppetlabs/ace/request_exception',
-                                  class: e.class, backtrace: e.backtrace)
+          "node": target,
+          "target": target,
+          "action": nil,
+          "object": nil,
+          "status": "failure",
+          "result": {
+            "_error": ACE::Error.to_h(e.message,
+                                      'puppetlabs/ace/request_exception',
+                                      class: e.class, backtrace: e.backtrace).to_h
+          }
         }
         return [400, request_error.to_json]
+      rescue StandardError => e
+        request_error = {
+          "node": target,
+          "target": target,
+          "action": nil,
+          "object": nil,
+          "status": "failure",
+          "result": {
+            "_error": ACE::Error.to_h(e.message,
+                                      'puppetlabs/ace/execution_exception',
+                                      class: e.class, backtrace: e.backtrace).to_h
+          }
+        }
+        return [500, request_error.to_json]
       end
 
-      opts = body['target'].merge('protocol' => 'remote')
-
-      # This is a workaround for Bolt due to the way it expects to receive the target info
-      # see: https://github.com/puppetlabs/bolt/pull/915#discussion_r268280535
-      # Systems calling into ACE will need to determine the nodename/certname and pass this as `name`
-      target = [Bolt::Target.new(body['target']['host'] || body['target']['name'], opts)]
-
-      inventory = Bolt::Inventory.new(nil)
+      begin
+        inventory = Bolt::Inventory.new(nil)
 
-      target.first.inventory = inventory
+        target.first.inventory = inventory
 
-      task = Bolt::Task::PuppetServer.new(body['task'], @file_cache)
+        task = Bolt::Task::PuppetServer.new(body['task'], @file_cache)
 
-      parameters = body['parameters'] || {}
+        parameters = body['parameters'] || {}
 
-      result = ForkUtil.isolate do
-        # Since this will only be on one node we can just return the first result
-        results = @executor.run_task(target, task, parameters)
-        scrub_stack_trace(results.first.status_hash)
+        result = ForkUtil.isolate do
+          # Since this will only be on one node we can just return the first result
+          results = @executor.run_task(target, task, parameters)
+          scrub_stack_trace(results.first.status_hash)
+        end
+        [200, result.to_json]
+      rescue Exception => e # rubocop:disable Lint/RescueException
+        # handle all the things and make it obvious what happened
+        process_error = {
+          "node": target,
+          "target": target,
+          "action": nil,
+          "object": nil,
+          "status": "failure",
+          "result": {
+            "_error": ACE::Error.to_h(e.message,
+                                      'puppetlabs/ace/processing_exception',
+                                      class: e.class, backtrace: e.backtrace).to_h
+          }
+        }
+        return [500, process_error.to_json]
       end
-      [200, result.to_json]
     end
 
     post '/execute_catalog' do
@@ -199,6 +296,13 @@ module ACE
         validate_schema(@schemas["execute_catalog"], body)
 
         environment = body['compiler']['environment']
+        enforce_environment = body['compiler']['enforce_environment']
+        if environment == '' && !enforce_environment
+          environment = 'production'
+        elsif environment == '' && enforce_environment
+          raise ACE::Error.new('You MUST provide an `environment` when `enforce_environment` is set to true',
+                               'puppetlabs/ace/execute_catalog')
+        end
         certname = body['compiler']['certname']
         trans_id = body['compiler']['transaction_uuid']
         job_id = body['compiler']['job_id']
@@ -223,14 +327,40 @@ module ACE
       end
 
       begin
-        @plugins.with_synced_libdir(environment, certname) do
+        run_result = @plugins.with_synced_libdir(environment, enforce_environment, certname) do
           ACE::TransportApp.init_puppet_target(certname, body['target']['remote-transport'], body['target'])
+
+          # Apply compiler flags for Configurer
+          Puppet.settings[:noop] = body['compiler']['noop'] || false
+          # grab the current debug level
+          current_log_level = Puppet.settings[:log_level] if body['compiler']['debug']
+          # apply debug level if its specified
+          Puppet.settings[:log_level] = :debug if body['compiler']['debug']
+          Puppet.settings[:trace] = body['compiler']['trace'] || false
+          Puppet.settings[:evaltrace] = body['compiler']['evaltrace'] || false
+
           configurer = ACE::Configurer.new(body['compiler']['transaction_uuid'], body['compiler']['job_id'])
-          configurer.run(transport_name: certname,
-                         environment: environment,
-                         network_device: true,
-                         pluginsync: false,
-                         trusted_facts: ACE::TransportApp.trusted_facts(certname))
+          options = { transport_name: certname,
+                      environment: environment,
+                      network_device: true,
+                      pluginsync: false,
+                      trusted_facts: ACE::TransportApp.trusted_facts(certname) }
+          configurer.run(options)
+          # return logging level back to original
+          Puppet.settings[:log_level] = current_log_level if body['compiler']['debug']
+          # `options[:report]` gets populated by configurer.run with the report of the run with a
+          # Puppet::Transaction::Report instance
+          # see https://github.com/puppetlabs/puppet/blob/c956ad95fcdd9aabb28e196b55d1f112b5944777/lib/puppet/configurer.rb#L211
+          report = options[:report]
+          # remember that this hash gets munged by fork's json serialising
+          {
+            'time' => report.time,
+            'transaction_uuid' => trans_id,
+            'environment' => report.environment,
+            'status' => report.status,
+            'metrics' => nest_metrics(report.metrics),
+            'job_id' => job_id
+          }
         end
       rescue ACE::Error => e
         process_error = {
@@ -255,11 +385,8 @@ module ACE
       else
         result = {
           certname: certname,
-          status: 'report_generated',
-          result: {
-            transaction_uuid: trans_id,
-            job_id: job_id
-          }
+          status: run_result.delete('status'),
+          result: run_result
         }
         [200, result.to_json]
       end

data/lib/ace/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ACE
-  VERSION = "0.10.0"
+  VERSION = "1.0.0"
 end

data/lib/puppet/indirector/catalog/certless.rb

@@ -41,7 +41,7 @@ module Puppet
             "transaction_uuid": request.options[:transaction_uuid],
             "job_id": request.options[:job_id],
             "options": {
-              "prefer_requested_environment": true,
+              "prefer_requested_environment": false,
               "capture_logs": false
             }
           }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: agentless-catalog-executor
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 1.0.0
 platform: ruby
 authors:
 - David Schmitt
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-07-25 00:00:00.000000000 Z
+date: 2019-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bolt
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '1.31'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '1.31'
 - !ruby/object:Gem::Dependency
   name: hocon
   requirement: !ruby/object:Gem::Requirement
@@ -211,6 +211,7 @@ files:
 - ".rubocop.yml"
 - ".travis.yml"
 - CHANGELOG.md
+- CODEOWNERS
 - Dockerfile
 - Gemfile
 - LICENSE
@@ -239,6 +240,7 @@ files:
 - lib/ace/config.rb
 - lib/ace/configurer.rb
 - lib/ace/error.rb
+- lib/ace/file_mutex.rb
 - lib/ace/fork_util.rb
 - lib/ace/plugin_cache.rb
 - lib/ace/puppet_util.rb
@@ -266,8 +268,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: ACE lets you run remote tasks and catalogs using puppet and bolt.