bolt 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of bolt might be problematic. Click here for more details.

@@ -1,88 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'hocon'
4
- require 'bolt/error'
5
-
6
- class TransportConfig
7
- attr_accessor :host, :port, :ssl_cert, :ssl_key, :ssl_ca_cert, :ssl_cipher_suites,
8
- :loglevel, :logfile, :whitelist, :concurrency
9
-
10
- def initialize(global = nil, local = nil)
11
- @host = '127.0.0.1'
12
- @port = 62658
13
- @ssl_cert = nil
14
- @ssl_key = nil
15
- @ssl_ca_cert = nil
16
- @ssl_cipher_suites = ['ECDHE-ECDSA-AES256-GCM-SHA384',
17
- 'ECDHE-RSA-AES256-GCM-SHA384',
18
- 'ECDHE-ECDSA-CHACHA20-POLY1305',
19
- 'ECDHE-RSA-CHACHA20-POLY1305',
20
- 'ECDHE-ECDSA-AES128-GCM-SHA256',
21
- 'ECDHE-RSA-AES128-GCM-SHA256',
22
- 'ECDHE-ECDSA-AES256-SHA384',
23
- 'ECDHE-RSA-AES256-SHA384',
24
- 'ECDHE-ECDSA-AES128-SHA256',
25
- 'ECDHE-RSA-AES128-SHA256']
26
-
27
- @loglevel = 'notice'
28
- @logfile = nil
29
- @whitelist = nil
30
- @concurrency = 100
31
-
32
- global_path = global || '/etc/puppetlabs/bolt-server/conf.d/bolt-server.conf'
33
- local_path = local || File.join(ENV['HOME'].to_s, ".puppetlabs", "bolt-server.conf")
34
-
35
- load_config(global_path)
36
- load_config(local_path)
37
- validate
38
- end
39
-
40
- def load_config(path)
41
- begin
42
- parsed_hocon = Hocon.load(path)['bolt-server']
43
- rescue Hocon::ConfigError => e
44
- raise "Hocon data in '#{path}' failed to load.\n Error: '#{e.message}'"
45
- rescue Errno::EACCES
46
- raise "Your user doesn't have permission to read #{path}"
47
- end
48
-
49
- unless parsed_hocon.nil?
50
- %w[host port ssl-cert ssl-key ssl-ca-cert ssl-cipher-suites loglevel logfile whitelist concurrency].each do |key|
51
- varname = '@' + key.tr('-', '_')
52
- instance_variable_set(varname, parsed_hocon[key]) if parsed_hocon.key?(key)
53
- end
54
- end
55
- end
56
-
57
- def validate
58
- required_keys = %w[ssl_cert ssl_key ssl_ca_cert]
59
- ssl_keys = %w[ssl_cert ssl_key ssl_ca_cert]
60
- required_keys.each do |k|
61
- next unless send(k).nil?
62
- raise Bolt::ValidationError, <<-MSG
63
- You must configure #{k} in either /etc/puppetlabs/bolt-server/conf.d/bolt-server.conf or ~/.puppetlabs/bolt-server.conf
64
- MSG
65
- end
66
-
67
- unless @port.is_a?(Integer) && @port > 0
68
- raise Bolt::ValidationError, "Configured 'port' must be a valid integer greater than 0"
69
- end
70
- ssl_keys.each do |sk|
71
- unless File.file?(send(sk)) && File.readable?(send(sk))
72
- raise Bolt::ValidationError, "Configured #{sk} must be a valid filepath"
73
- end
74
- end
75
-
76
- unless @ssl_cipher_suites.is_a?(Array)
77
- raise Bolt::ValidationError, "Configured 'ssl-cipher-suites' must be an array of cipher suite names"
78
- end
79
-
80
- unless @whitelist.nil? || @whitelist.is_a?(Array)
81
- raise Bolt::ValidationError, "Configured 'whitelist' must be an array of names"
82
- end
83
-
84
- unless @concurrency.is_a?(Integer) && @concurrency.positive?
85
- raise Bolt::ValidationError, "Configured 'concurrency' must be a positive integer"
86
- end
87
- end
88
- end