bolt 0.17.1 → 0.17.2

data/lib/bolt/transport/winrm.rb

@@ -7,7 +7,24 @@ module Bolt
         -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass
       ].freeze
 
-      def initialize(_config)
+      def self.options
+        %w[port user password connect-timeout ssl tmpdir cacert extensions]
+      end
+
+      def self.validate(options)
+        ssl_flag = options['ssl']
+        unless !!ssl_flag == ssl_flag
+          raise Bolt::CLIError, 'ssl option must be a Boolean true or false'
+        end
+
+        timeout_value = options['connect-timeout']
+        unless timeout_value.is_a?(Integer) || timeout_value.nil?
+          error_msg = "connect-timeout value must be an Integer, received #{timeout_value}:#{timeout_value.class}"
+          raise Bolt::CLIError, error_msg
+        end
+      end
+
+      def initialize
         super
         require 'winrm'
         require 'winrm-fs'

data/lib/bolt/transport/winrm/connection.rb

@@ -7,13 +7,18 @@ module Bolt
       class Connection
         attr_reader :logger, :target
 
+        DEFAULT_EXTENSIONS = ['.ps1', '.rb', '.pp'].freeze
+
         def initialize(target)
           @target = target
 
-          default_port = target.options[:ssl] ? HTTPS_PORT : HTTP_PORT
+          default_port = target.options['ssl'] ? HTTPS_PORT : HTTP_PORT
           @port = @target.port || default_port
           @user = @target.user
-          @extensions = DEFAULT_EXTENSIONS.to_set.merge(target.options[:extensions] || [])
+
+          # Accept a single entry or a list, ensure each is prefixed with '.'
+          extensions = [target.options['extensions'] || []].flatten.map { |ext| ext[0] != '.' ? '.' + ext : ext }
+          @extensions = DEFAULT_EXTENSIONS.to_set.merge(extensions)
 
           @logger = Logging.logger[@target.host]
         end
@@ -22,7 +27,7 @@ module Bolt
         HTTPS_PORT = 5986
 
         def connect
-          if target.options[:ssl]
+          if target.options['ssl']
             scheme = 'https'
             transport = :ssl
           else
@@ -35,9 +40,9 @@ module Bolt
                       password: target.password,
                       retry_limit: 1,
                       transport: transport,
-                      ca_trust_path: target.options[:cacert] }
+                      ca_trust_path: target.options['cacert'] }
 
-          Timeout.timeout(target.options[:connect_timeout]) do
+          Timeout.timeout(target.options['connect-timeout']) do
             @connection = ::WinRM::Connection.new(options)
             transport_logger = Logging.logger[::WinRM]
             transport_logger.level = :warn
@@ -50,11 +55,11 @@ module Bolt
         rescue Timeout::Error
           # If we're using the default port with SSL, a timeout probably means the
           # host doesn't support SSL.
-          if target.options[:ssl] && @port == HTTPS_PORT
-            theres_your_problem = "\nUse --no-ssl if this host isn't configured to use SSL for WinRM"
+          if target.options['ssl'] && @port == HTTPS_PORT
+            the_problem = "\nUse --no-ssl if this host isn't configured to use SSL for WinRM"
           end
           raise Bolt::Node::ConnectError.new(
-            "Timeout after #{target.options[:connect_timeout]} seconds connecting to #{endpoint}#{theres_your_problem}",
+            "Timeout after #{target.options['connect-timeout']} seconds connecting to #{endpoint}#{the_problem}",
             'CONNECT_ERROR'
           )
         rescue ::WinRM::WinRMAuthorizationError
@@ -64,7 +69,7 @@ module Bolt
           )
         rescue OpenSSL::SSL::SSLError => e
           # If we're using SSL with the default non-SSL port, mention that as a likely problem
-          if target.options[:ssl] && @port == HTTP_PORT
+          if target.options['ssl'] && @port == HTTP_PORT
             theres_your_problem = "\nAre you using SSL to connect to a non-SSL port?"
           end
           raise Bolt::Node::ConnectError.new(
@@ -419,12 +424,6 @@ exit $(Invoke-Interpreter @invokeArgs)
 PS
         end
 
-        DEFAULT_EXTENSIONS = ['.ps1', '.rb', '.pp'].freeze
-
-        PS_ARGS = %w[
-          -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass
-        ].freeze
-
         def write_remote_file(source, destination)
           fs = ::WinRM::FS::FileManager.new(@connection)
           # TODO: raise FileError here if this fails
@@ -432,7 +431,7 @@ PS
         end
 
         def make_tempdir
-          find_parent = target.options[:tmpdir] ? "\"#{target.options[:tmpdir]}\"" : '[System.IO.Path]::GetTempPath()'
+          find_parent = target.options['tmpdir'] ? "\"#{target.options['tmpdir']}\"" : '[System.IO.Path]::GetTempPath()'
           result = execute(<<-PS)
 $parent = #{find_parent}
 $name = [System.IO.Path]::GetRandomFileName()

data/lib/bolt/util.rb

@@ -43,6 +43,21 @@ module Bolt
         hash1.merge(hash2, &recursive_merge)
       end
 
+      # Accepts a Data object and returns a copy with all hash keys
+      # modifed by block. use &:to_s to stringify keys or :to_sym to symbolize them
+      def walk_keys(data, &block)
+        if data.is_a? Hash
+          data.each_with_object({}) do |(k, v), acc|
+            v = walk_keys(v, &block)
+            acc[yield(k)] = v
+          end
+        elsif data.is_a? Array
+          data.map { |v| walk_keys(v, &block) }
+        else
+          data
+        end
+      end
+
       # Performs a deep_clone, using an identical copy if the cloned structure contains multiple
       # references to the same object and prevents endless recursion.
       # Credit to Jan Molic via https://github.com/rubyworks/facets/blob/master/LICENSE.txt

data/lib/bolt/version.rb

@@ -1,3 +1,3 @@
 module Bolt
-  VERSION = '0.17.1'.freeze
+  VERSION = '0.17.2'.freeze
 end

data/lib/bolt_ext/puppetdb_inventory.rb

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
 
+require 'bolt/puppetdb/config'
 require 'json'
 require 'httpclient'
 require 'optparse'
@@ -7,137 +8,6 @@ require 'yaml'
 
 module Bolt
   class PuppetDBInventory
-    class Client
-      def self.from_config(config)
-        uri = if config['server_urls'].is_a? String
-                config['server_urls']
-              else
-                config['server_urls'].first
-              end
-        uri = URI.parse(uri)
-        uri.port ||= 8081
-
-        cacert = File.expand_path(config['cacert'])
-        token = config.token
-
-        cert = config['cert']
-        key = config['key']
-
-        new(uri, cacert, token: token, cert: cert, key: key)
-      end
-
-      def initialize(uri, cacert, token: nil, cert: nil, key: nil)
-        @uri = uri
-        @cacert = cacert
-        @token = token
-        @cert = cert
-        @key = key
-      end
-
-      def query_certnames(query)
-        return [] unless query
-
-        body = JSON.generate(query: query)
-
-        response = http_client.post("#{@uri}/pdb/query/v4", body: body, header: headers)
-        if response.code != 200
-          raise "Failed to query PuppetDB: #{response.body}"
-        else
-          results = JSON.parse(response.body)
-          if results.first && !results.first.key?('certname')
-            raise "Query results did not contain a 'certname' field: got #{results.first.keys.join(', ')}"
-          end
-          results.map { |result| result['certname'] }.uniq
-        end
-      end
-
-      def http_client
-        return @http if @http
-        @http = HTTPClient.new
-        @http.ssl_config.set_client_cert_file(@cert, @key)
-        @http.ssl_config.add_trust_ca(@cacert)
-
-        @http
-      end
-
-      def headers
-        headers = { 'Content-Type' => 'application/json' }
-        headers['X-Authentication'] = @token if @token
-        headers
-      end
-    end
-
-    class Config
-      DEFAULT_TOKEN = File.expand_path('~/.puppetlabs/token')
-      DEFAULT_CONFIG = File.expand_path('~/.puppetlabs/client-tools/puppetdb.conf')
-
-      def initialize(config_file, options)
-        @settings = load_config(config_file)
-        @settings.merge!(options)
-
-        expand_paths
-        validate
-      end
-
-      def load_config(filename)
-        if filename
-          if File.exist?(filename)
-            config = JSON.parse(File.read(filename))
-          else
-            raise "config file #{filename} does not exist"
-          end
-        elsif File.exist?(DEFAULT_CONFIG)
-          config = JSON.parse(File.read(DEFAULT_CONFIG))
-        else
-          config = {}
-        end
-        config.fetch('puppetdb', {})
-      end
-
-      def token
-        return @token if @token
-        if @settings['token']
-          File.read(@settings['token'])
-        elsif File.exist?(DEFAULT_TOKEN)
-          File.read(DEFAULT_TOKEN)
-        end
-      end
-
-      def [](key)
-        @settings[key]
-      end
-
-      def expand_paths
-        %w[cacert cert key token].each do |file|
-          @settings[file] = File.expand_path(@settings[file]) if @settings[file]
-        end
-      end
-
-      def validate_file_exists(file)
-        if @settings[file] && !File.exist?(@settings[file])
-          raise "#{file} file #{@settings[file]} does not exist"
-        end
-      end
-
-      def validate
-        unless @settings['server_urls']
-          raise "server_urls must be specified in the config file or with --url"
-        end
-        unless @settings['cacert']
-          raise "cacert must be specified in the config file or with --cacert"
-        end
-
-        if (@settings['cert'] && !@settings['key']) ||
-           (!@settings['cert'] && @settings['key'])
-          raise "cert and key must be specified together"
-        end
-
-        validate_file_exists('cacert')
-        validate_file_exists('cert')
-        validate_file_exists('key')
-      end
-    end
-
     class CLI
       def initialize(args)
         @args = args
@@ -158,7 +28,7 @@ module Bolt
           end
           opts.on('--token-file TOKEN',
                   "Path to the token file",
-                  "Default: #{Config::DEFAULT_TOKEN} if present") do |token|
+                  "Default: #{Bolt::PuppetDB::Config::DEFAULT_TOKEN} if present") do |token|
             @cli_opts['token'] = token
           end
           opts.on('--url URL', "The URL of the PuppetDB server to connect to") do |url|
@@ -166,7 +36,7 @@ module Bolt
           end
           opts.on('--config CONFIG',
                   "The puppetdb.conf file to read configuration from",
-                  "Default: #{Config::DEFAULT_CONFIG} if present") do |file|
+                  "Default: #{Bolt::PuppetDB::Config::DEFAULT_CONFIG} if present") do |file|
             @config_file = File.expand_path(file)
           end
           opts.on('--output FILE', '-o FILE',
@@ -211,8 +81,8 @@ query results.
           raise "Unknown argument(s) #{positional_args.join(', ')}"
         end
 
-        config = Config.new(@config_file, @cli_opts)
-        @puppetdb_client = Client.from_config(config)
+        config = Bolt::PuppetDB::Config.new(@config_file, @cli_opts)
+        @puppetdb_client = Bolt::PuppetDB::Client.from_config(config)
 
         unless File.readable?(inventory_file)
           raise "Can't read the inventory file #{inventory_file}"

data/vendored/facter/lib/facter/ec2/rest.rb

@@ -25,7 +25,7 @@ module Facter
         attempts = 0
 
         begin
-          open(@baseurl, :proxy => nil, :read_timeout => timeout).read
+          open(@baseurl, :proxy => nil, :read_timeout => timeout, :open_timeout => timeout).read
           able_to_connect = true
         rescue OpenURI::HTTPError => e
           if e.message.match /404 Not Found/i

data/vendored/hiera/lib/hiera/version.rb

@@ -7,7 +7,7 @@
 
 
 class Hiera
-  VERSION = "3.4.2"
+  VERSION = "3.4.3"
 
   ##
   # version is a public API method intended to always provide a fast and

data/vendored/puppet/lib/puppet/application/agent.rb

@@ -422,9 +422,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
     # we want the last report to be persisted locally
     Puppet::Transaction::Report.indirection.cache_class = :yaml
 
-    if Puppet[:noop]
-      Puppet::Resource::Catalog.indirection.cache_class = nil
-    elsif Puppet[:catalog_cache_terminus]
+    if Puppet[:catalog_cache_terminus]
       Puppet::Resource::Catalog.indirection.cache_class = Puppet[:catalog_cache_terminus]
     end
 

data/vendored/puppet/lib/puppet/application/apply.rb

@@ -245,7 +245,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
             $stderr.puts _("%{file} is not readable") % { file: file }
             exit(63)
           end
-          node.classes = Puppet::FileSystem.read(file, :encoding => 'utf-8').split(/[\s\n]+/)
+          node.classes = Puppet::FileSystem.read(file, :encoding => 'utf-8').split(/[\s]+/)
         end
       end
 
@@ -322,9 +322,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
     Puppet.settings.use :main, :agent, :ssl
 
 
-    if Puppet[:noop]
-      Puppet::Resource::Catalog.indirection.cache_class = nil
-    elsif Puppet[:catalog_cache_terminus]
+    if Puppet[:catalog_cache_terminus]
       Puppet::Resource::Catalog.indirection.cache_class = Puppet[:catalog_cache_terminus]
     end
 

data/vendored/puppet/lib/puppet/application/cert.rb

@@ -268,7 +268,12 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
       hosts = command_line.args.collect { |h| h.downcase }
     end
     begin
-      apply(@ca, :revoke, options.merge(:to => hosts)) if subcommand == :destroy
+      if subcommand == :destroy
+        raise _("Refusing to destroy all certs, provide an explicit list of certs to destroy") if hosts == :all
+
+        signed_hosts = hosts - @ca.waiting?
+        apply(@ca, :revoke, options.merge(:to => signed_hosts)) unless signed_hosts.empty?
+      end
       apply(@ca, subcommand, options.merge(:to => hosts, :digest => @digest))
     rescue => detail
       Puppet.log_exception(detail)

data/vendored/puppet/lib/puppet/application/device.rb

@@ -24,13 +24,16 @@ class Puppet::Application::Device < Puppet::Application
     end
 
     {
+      :apply => nil,
       :waitforcert => nil,
       :detailed_exitcodes => false,
       :verbose => false,
       :debug => false,
       :centrallogs => false,
       :setdest => false,
+      :resource => false,
       :target => nil,
+      :to_yaml => false,
     }.each do |opt,val|
       options[opt] = val
     end
@@ -40,12 +43,18 @@ class Puppet::Application::Device < Puppet::Application
 
   option("--centrallogging")
   option("--debug","-d")
+  option("--resource","-r")
+  option("--to_yaml","-y")
   option("--verbose","-v")
 
   option("--detailed-exitcodes") do |arg|
     options[:detailed_exitcodes] = true
   end
 
+  option("--apply MANIFEST") do |arg|
+    options[:apply] = arg.to_s
+  end
+
   option("--logdest DEST", "-l DEST") do |arg|
     handle_logdest_arg(arg)
   end
@@ -85,6 +94,7 @@ USAGE
   puppet device [-d|--debug] [--detailed-exitcodes] [--deviceconfig <file>]
                 [-h|--help] [-l|--logdest syslog|<file>|console]
                 [-v|--verbose] [-w|--waitforcert <seconds>]
+                [-a|--apply <file>] [-r|--resource <type> [name]]
                 [-t|--target <device>] [--user=<user>] [-V|--version]
 
 
@@ -150,10 +160,21 @@ you can specify '--server <servername>' as an argument.
   appending nature of logging. It must be appended manually to make the content
   valid JSON.
 
+* --apply:
+  Apply a manifest against a remote target. Target must be specified.
+
+* --resource:
+  Displays a resource state as Puppet code, roughly equivalent to
+  `puppet resource`.  Can be filterd by title. Requires --target be specified.
+
 * --target:
   Target a specific device/certificate in the device.conf. Doing so will perform a
   device run against only that device/certificate.
 
+* --to_yaml:
+  Output found resources in yaml format, suitable to use with Hiera and
+  create_resources.
+
 * --user:
   The user to run as.
 
@@ -170,7 +191,7 @@ you can specify '--server <servername>' as an argument.
 
 EXAMPLE
 -------
-      $ puppet device --server puppet.domain.com
+      $ puppet device --target remotehost --verbose
 
 AUTHOR
 ------
@@ -182,10 +203,24 @@ COPYRIGHT
 Copyright (c) 2011 Puppet Inc., LLC
 Licensed under the Apache 2.0 License
       HELP
-    end
+  end
 
 
   def main
+    if options[:resource] and !options[:target]
+      Puppet.err _("resource command requires target")
+      exit(1)
+    end
+    unless options[:apply].nil?
+      if options[:target].nil?
+        Puppet.err _("missing argument: --target is required when using --apply")
+        exit(1)
+      end
+      unless File.file?(options[:apply])
+        Puppet.err _("%{file} does not exist, cannot apply") % { file: options[:apply] }
+        exit(1)
+      end
+    end
     vardir = Puppet[:vardir]
     confdir = Puppet[:confdir]
     certname = Puppet[:certname]
@@ -212,27 +247,61 @@ Licensed under the Apache 2.0 License
           # Handle nil scheme & port
           scheme = "#{device_url.scheme}://" if device_url.scheme
           port = ":#{device_url.port}" if device_url.port
-          Puppet.info _("starting applying configuration to %{target} at %{scheme}%{url_host}%{port}%{url_path}") % { target: device.name, scheme: scheme, url_host: device_url.host, port: port, url_path: device_url.path }
 
           # override local $vardir and $certname
           Puppet[:confdir] = ::File.join(Puppet[:devicedir], device.name)
           Puppet[:vardir] = ::File.join(Puppet[:devicedir], device.name)
           Puppet[:certname] = device.name
 
-          # this will reload and recompute default settings and create the devices sub vardir, or we hope so :-)
-          Puppet.settings.use :main, :agent, :ssl
-
           # this init the device singleton, so that the facts terminus
           # and the various network_device provider can use it
           Puppet::Util::NetworkDevice.init(device)
 
-          # ask for a ssl cert if needed, but at least
-          # setup the ssl system for this device.
-          setup_host
-
-          require 'puppet/configurer'
-          configurer = Puppet::Configurer.new
-          configurer.run(:network_device => true, :pluginsync => Puppet::Configurer.should_pluginsync?)
+          if options[:resource]
+            type, name = parse_args(command_line.args)
+            Puppet.info _("retrieving resource: %{resource} from %{target} at %{scheme}%{url_host}%{port}%{url_path}") % { resource: type, target: device.name, scheme: scheme, url_host: device_url.host, port: port, url_path: device_url.path }
+
+            resources = find_resources(type, name)
+
+            if options[:to_yaml]
+              text = resources.map do |resource|
+                resource.prune_parameters(:parameters_to_include => @extra_params).to_hierayaml.force_encoding(Encoding.default_external)
+              end.join("\n")
+              text.prepend("#{type.downcase}:\n")
+            else
+              text = resources.map do |resource|
+                resource.prune_parameters(:parameters_to_include => @extra_params).to_manifest.force_encoding(Encoding.default_external)
+              end.join("\n")
+            end
+            (puts text)
+          elsif options[:apply]
+            # avoid reporting to server
+            Puppet::Transaction::Report.indirection.terminus_class = :yaml
+            Puppet::Resource::Catalog.indirection.cache_class = nil
+
+            require 'puppet/application/apply'
+            begin
+
+              Puppet[:node_terminus] = :plain
+              Puppet[:catalog_terminus] = :compiler
+              Puppet[:catalog_cache_terminus] = nil
+              Puppet[:facts_terminus] = :network_device
+              Puppet.override(:network_device => true) do
+                Puppet::Application::Apply.new(Puppet::Util::CommandLine.new('puppet', ["apply", options[:apply]])).run_command
+              end
+            end
+          else
+            Puppet.info _("starting applying configuration to %{target} at %{scheme}%{url_host}%{port}%{url_path}") % { target: device.name, scheme: scheme, url_host: device_url.host, port: port, url_path: device_url.path }
+            # this will reload and recompute default settings and create the devices sub vardir
+            Puppet.settings.use :main, :agent, :ssl
+            # ask for a ssl cert if needed, but at least
+            # setup the ssl system for this device.
+            setup_host
+
+            require 'puppet/configurer'
+            configurer = Puppet::Configurer.new
+            configurer.run(:network_device => true, :pluginsync => Puppet::Configurer.should_pluginsync?)
+          end
         rescue => detail
           Puppet.log_exception(detail)
           # If we rescued an error, then we return 1 as the exit code
@@ -258,6 +327,24 @@ Licensed under the Apache 2.0 License
     end
   end
 
+  def parse_args(args)
+    type = args.shift or raise _("You must specify the type to display")
+    Puppet::Type.type(type) or raise _("Could not find type %{type}") % { type: type }
+    name = args.shift
+
+    [type, name]
+  end
+
+  def find_resources(type, name)
+    key = [type, name].join('/')
+
+    if name
+      [ Puppet::Resource.indirection.find( key ) ]
+    else
+      Puppet::Resource.indirection.search( key, {} )
+    end
+  end
+
   def setup_host
     @host = Puppet::SSL::Host.new
     waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])