choria-mcorpc-support 2.23.0 → 2.23.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 240757ac597e3d2cfe78d338c925b62b7e9ae384
-  data.tar.gz: d67ed99f4a98219aa82f9b193c3eafc6a7ed0668
+  metadata.gz: 88cacd67cd1dd9b6289e5b896b920d3467e3a220
+  data.tar.gz: a7cf2dccf0ae9133abd81866296784fb6791b0e0
 SHA512:
-  metadata.gz: d513a4149861bd15a98250139e282b0681465d58f6a1e6503dd8b7e0323f22f7c9c5c80a4f502a52dca8322d9349946ccef538c219bf899144f988a731262144
-  data.tar.gz: eb5b2c1a2127999d93b49ae248e2f19ae95e30163c5b209eeb70c74ba2c5b6f10d6851172eb7656922e536c83f164d707526914bde8f5cc1303dfd2b62be1656
+  metadata.gz: 368859ec015b8605af21238d7c6d93aa4472c728948d61dcf07095a7728509f4fcdafb2d5867aef0b941a09572ce7ad43ec4ce54a91cde8e6de26fc48a888b9c
+  data.tar.gz: d1ce8dbd24f8f1a24163e4e5c69d9514d98372885bf14b6f3efd59b824c842d5ed2efee50df7551eec577e0dd15cfc7da36f66f732b6fd35ab74ca7f30f8d9cc

data/lib/mcollective.rb

@@ -40,7 +40,6 @@ module MCollective
   require "mcollective/facts"
   require "mcollective/logger"
   require "mcollective/log"
-  require "mcollective/matcher"
   require "mcollective/message"
   require "mcollective/optionparser"
   require "mcollective/generators"
@@ -54,7 +53,7 @@ module MCollective
   require "mcollective/util"
   require "mcollective/validator"
 
-  VERSION = "2.23.0".freeze
+  VERSION = "2.23.1".freeze
 
   def self.version
     VERSION

data/lib/mcollective/agent/bolt_tasks.ddl

@@ -77,6 +77,15 @@ action "run_and_wait", :description => "Runs a Puppet Task that was previously d
         :default     => "{}",
         :maxlength   => 102400
 
+  input :run_as,
+        :prompt      => "Run As",
+        :description => "User to run the task as",
+        :type        => :string,
+        :validation  => ".+",
+        :optional    => true,
+        :default     => nil,
+        :maxlength   => 32
+
   output :task_id,
          :description => "The ID the task was created with",
          :display_as  => "Task ID",
@@ -165,6 +174,15 @@ action "run_no_wait", :description => "Runs a Puppet Task that was previously do
         :default     => "{}",
         :maxlength   => 102400
 
+  input :run_as,
+        :prompt      => "Run As",
+        :description => "User to run the task as",
+        :type        => :string,
+        :validation  => ".+",
+        :optional    => true,
+        :default     => nil,
+        :maxlength   => 32
+
   output :task_id,
          :description => "The ID the task was created with",
          :display_as  => "Task ID",

data/lib/mcollective/agent/bolt_tasks.json

@@ -101,6 +101,15 @@
           "optional": false,
           "validation": "^.+$",
           "maxlength": 102400
+        },
+        "run_as": {
+          "prompt": "Run As",
+          "description": "User to run the task as",
+          "type": "string",
+          "default": null,
+          "optional": true,
+          "validation": ".+",
+          "maxlength": 32
         }
       },
       "output": {
@@ -233,6 +242,15 @@
           "optional": true,
           "validation": "^.+$",
           "maxlength": 102400
+        },
+        "run_as": {
+          "prompt": "Run As",
+          "description": "User to run the task as",
+          "type": "string",
+          "default": null,
+          "optional": true,
+          "validation": ".+",
+          "maxlength": 32
         }
       },
       "output": {

data/lib/mcollective/agent/bolt_tasks.rb

@@ -37,7 +37,8 @@ module MCollective
           "task" => request[:task],
           "input_method" => request[:input_method],
           "input" => request[:input],
-          "files" => JSON.parse(request[:files])
+          "files" => JSON.parse(request[:files]),
+          "run_as" => request[:run_as]
         }
 
         unless tasks.cached?(task["files"])
@@ -77,7 +78,8 @@ module MCollective
           "task" => request[:task],
           "input_method" => request[:input_method],
           "input" => request[:input],
-          "files" => JSON.parse(request[:files])
+          "files" => JSON.parse(request[:files]),
+          "run_as" => request[:run_as]
         }
 
         status = tasks.run_task_command(reply[:task_id], task, false, request.caller)

data/lib/mcollective/agent/rpcutil.ddl

@@ -65,9 +65,9 @@ action "get_fact", :description => "Retrieve a single fact from the fact store"
            :prompt      => "The name of the fact",
            :description => "The fact to retrieve",
            :type        => :string,
-           :validation  => '^[\w\-\.]+$',
+           :validation  => '.+',
            :optional    => false,
-           :maxlength   => 256
+           :maxlength   => 512
 
      output :fact,
             :description => "The name of the fact being returned",

data/lib/mcollective/agent/rpcutil.json

@@ -216,8 +216,8 @@
           "type": "string",
           "default": null,
           "optional": false,
-          "validation": "^[\\w\\-\\.]+$",
-          "maxlength": 256
+          "validation": ".+",
+          "maxlength": 512
         }
       },
       "output": {

data/lib/mcollective/application/choria.rb

@@ -8,37 +8,18 @@ module MCollective
 
   The ACTION can be one of the following:
 
-     request_cert - requests a certificate from the Puppet CA
      show_config  - shows the active configuration parameters
 
-  The environment is chosen using --environment and the concurrent
-  runs may be limited using --batch.
-
-  The batching works a bit different than typical, it will only batch
-  based on a sorted list of certificate names, this means the batches
-  will always run in predictable order.
       USAGE
 
       exclude_argument_sections "common", "filter", "rpc"
 
-      option :ca,
-             :arguments => ["--ca SERVER"],
-             :description => "Address of your Puppet CA",
-             :type => String
-
-      option :certname,
-             :arguments => ["--certname CERTNAME"],
-             :description => "Override the default certificate name",
-             :type => String
-
       def post_option_parser(configuration)
         if ARGV.length >= 1
           configuration[:command] = ARGV.shift
         else
           abort("Please specify a command, valid commands are: %s" % valid_commands.join(", "))
         end
-
-        ENV["MCOLLECTIVE_CERTNAME"] = configuration[:certname] if configuration[:certname]
       end
 
       # Validates the configuration
@@ -48,10 +29,6 @@ module MCollective
         Util.loadclass("MCollective::Util::Choria")
 
         abort("Unknown command %s, valid commands are: %s" % [configuration[:command], valid_commands.join(", ")]) unless valid_commands.include?(configuration[:command])
-
-        if !choria.has_client_public_cert? && !["request_cert", "show_config"].include?(configuration[:command])
-          abort("A certificate is needed from the Puppet CA for `%s`, please use the `request_cert` command" % choria.certname)
-        end
       end
 
       def main
@@ -66,45 +43,8 @@ module MCollective
       #
       # @return [void]
       def request_cert_command
-        disconnect
-
-        raise(Util::Choria::UserError, "Cannot only request certificates in Puppet security mode") unless choria.puppet_security?
-
-        raise(Util::Choria::UserError, "Already have a certificate '%s', cannot request a new one" % choria.client_public_cert) if choria.has_client_public_cert?
-
-        choria.ca = configuration[:ca] if configuration[:ca]
-
-        certname = choria.client_public_cert
-
-        choria.make_ssl_dirs
-        choria.fetch_ca
-
-        if choria.waiting_for_cert?
-          puts("Certificate %s has already been requested, attempting to retrieve it" % certname)
-        else
-          puts("Requesting certificate for '%s'" % certname)
-          choria.request_cert
-        end
-
-        puts("Waiting up to 240 seconds for it to be signed")
-        puts
-
-        puts("Key fingerprint: %s" % choria.csr_fingerprint)
-        puts
-
-        24.times do |time|
-          print "Attempting to download certificate %s: %d / 24\r" % [certname, time]
-
-          break if choria.attempt_fetch_cert
-
-          sleep 10
-        end
-
-        unless choria.has_client_public_cert?
-          raise(Util::Choria::UserError, "Could not fetch the certificate after 240 seconds, please ensure it gets signed and rerun this command")
-        end
-
-        puts("Certificate %s has been stored in %s" % [certname, choria.ssl_dir])
+        puts("Please use 'choria enroll' to enroll in the security subsystem")
+        raise(Util::Choria::Abort, "1")
       end
 
       def show_config_command # rubocop:disable Metrics/MethodLength
@@ -174,7 +114,7 @@ module MCollective
         if valid_ssl
           puts "     Valid SSL Setup: %s" % [Util.colorize(:green, "yes")]
         else
-          puts "     Valid SSL Setup: %s try running 'mco choria request_cert'" % [Util.colorize(:red, "no")]
+          puts "     Valid SSL Setup: %s try running 'choria enroll'" % [Util.colorize(:red, "no")]
         end
 
         puts "   Security Provider: %s" % [choria.security_provider]

data/lib/mcollective/application/federation.rb

@@ -217,9 +217,7 @@ The ACTION can be one of the following:
 
         abort("Unknown command %s, valid commands are: %s" % [configuration[:command], valid_commands.join(", ")]) unless valid_commands.include?(configuration[:command])
 
-        if !choria.has_client_public_cert? && !["request_cert", "show_config"].include?(configuration[:command])
-          abort("A certificate is needed from the Puppet CA for `%s`, please use the `request_cert` command" % choria.certname)
-        end
+        abort("A certificate is needed from the Puppet CA for `%s`, please use the `choria enroll` command" % choria.certname) unless choria.has_client_public_cert?
       end
 
       def main

data/lib/mcollective/application/ping.rb

@@ -1,8 +1,36 @@
 module MCollective
   class Application::Ping < Application # rubocop:disable Style/ClassAndModuleChildren
-    description "Ping all nodes"
+    description "Low level network connectivity test"
 
-    external(:command => "choria", :args => ["ping"])
-    external_help(:command => "choria", :args => ["ping", "--help"])
+    def main
+      # If the user did not override the default timeout include the discovery timeout
+      if options[:timeout] == 5
+        discovery_timeout = options[:disctimeout] || Config.instance.discovery_timeout || 0
+        options[:timeout] = options[:timeout] + discovery_timeout
+      end
+      client = MCollective::Client.new(options)
+
+      start = Time.now.to_f
+      times = []
+
+      client.req("ping", "discovery") do |resp|
+        times << (Time.now.to_f - start) * 1000
+
+        puts "%-40s time=%.2f ms" % [resp[:senderid], times.last]
+      end
+
+      puts("\n\n---- ping statistics ----")
+
+      if !times.empty?
+        sum = times.inject(0) {|acc, i| acc + i}
+        avg = sum / times.length.to_f
+
+        puts "%d replies max: %.2f min: %.2f avg: %.2f" % [times.size, times.max, times.min, avg]
+      else
+        puts("No responses received")
+      end
+
+      halt client.stats
+    end
   end
 end

data/lib/mcollective/application/tasks.rb

@@ -148,6 +148,13 @@ Examples:
                           :required => false,
                           :default => 1,
                           :type => Integer
+
+        self.class.option :__run_as,
+                          :arguments => ["--run-as USERNAME"],
+                          :description => "Run task as user USERNAME",
+                          :required => false,
+                          :default => nil,
+                          :type => String
       end
 
       def say(msg="")
@@ -180,6 +187,8 @@ Examples:
           :files => meta["files"].to_json
         }
 
+        request[:run_as] = configuration[:__run_as] if configuration[:__run_as]
+
         request[:input] = input.to_json if input
 
         if configuration[:__background]

data/lib/mcollective/discovery.rb

@@ -85,19 +85,18 @@ module MCollective
     def timeout_for_compound_filter(compound_filter)
       return 0 if compound_filter.nil? || compound_filter.empty?
 
-      timeout = 0
-
-      compound_filter.each do |filter|
-        filter.each do |statement|
-          next unless statement["fstatement"]
-
-          pluginname = Data.pluginname(statement["fstatement"]["name"])
-          ddl = DDL.new(pluginname, :data)
-          timeout += ddl.meta[:timeout]
-        end
-      end
-
-      timeout
+      # disabled while bringing in new compound filters
+      # compound_filter.each do |filter|
+      #   filter.each do |statement|
+      #     next unless statement["fstatement"]
+      #
+      #     pluginname = Data.pluginname(statement["fstatement"]["name"])
+      #     ddl = DDL.new(pluginname, :data)
+      #     timeout += ddl.meta[:timeout]
+      #   end
+      # end
+
+      0
     end
 
     def discovery_timeout(timeout, filter)

data/lib/mcollective/message.rb

@@ -148,8 +148,6 @@ module MCollective
         @requestid = request.payload[:requestid]
         @payload = PluginManager["security_plugin"].encodereply(agent, payload, requestid, request.payload[:callerid])
       when :request, :direct_request
-        validate_compound_filter(@filter["compound"]) unless @filter["compound"].empty?
-
         @requestid ||= create_reqid
         @payload = PluginManager["security_plugin"].encoderequest(Config.instance.identity, payload, requestid, filter, agent, collective, ttl)
       else
@@ -157,28 +155,6 @@ module MCollective
       end
     end
 
-    def validate_compound_filter(compound_filter)
-      compound_filter.each do |filter|
-        filter.each do |statement|
-          next unless statement["fstatement"]
-
-          functionname = statement["fstatement"]["name"]
-          pluginname = Data.pluginname(functionname)
-          value = statement["fstatement"]["value"]
-
-          ddl = DDL.new(pluginname, :data)
-
-          # parses numbers and booleans entered as strings into proper
-          # types of data so that DDL validation will pass
-          statement["fstatement"]["params"] = Data.ddl_transform_input(ddl, statement["fstatement"]["params"])
-
-          Data.ddl_validate(ddl, statement["fstatement"]["params"])
-
-          raise(DDLValidationError, "Data plugin '%s()' does not return a '%s' value" % [functionname, value]) unless value && Data.ddl_has_output?(ddl, value)
-        end
-      end
-    end
-
     def decode!
       raise "Cannot decode message type #{type}" unless [:request, :reply].include?(type)
 

data/lib/mcollective/optionparser.rb

@@ -86,7 +86,7 @@ module MCollective
       end
 
       @parser.on("-S", "--select FILTER", "Compound filter combining facts and classes") do |f|
-        @options[:filter]["compound"] << Matcher.create_compound_callstack(f)
+        @options[:filter]["compound"] << [{"expr" => f}]
       end
 
       @parser.on("-F", "--wf", "--with-fact fact=val", "Match hosts with a certain fact") do |f|

data/lib/mcollective/rpc/client.rb

@@ -442,7 +442,7 @@ module MCollective
 
       # Set a compound filter
       def compound_filter(filter)
-        @filter["compound"] = @filter["compound"] | [Matcher.create_compound_callstack(filter)]
+        @filter["compound"] = @filter["compound"] | [[{"expr" => filter}]]
         reset
       end
 
@@ -822,7 +822,7 @@ module MCollective
             @stdout.print twirl.twirl(respcount, discovered.size)
           end
 
-          if batch_size =~ /^(\d+)%$/
+          if batch_size.is_a?(String) && batch_size =~ /^(\d+)%$/
             # determine batch_size as a percentage of the discovered array's size
             batch_size = (discovered.size / 100.0 * Integer($1)).ceil
           else

data/lib/mcollective/security/base.rb

@@ -72,43 +72,7 @@ module MCollective
             end
 
           when "compound"
-            filter[key].each do |compound|
-              result = false
-              truth_values = []
-
-              begin
-                compound.each do |expression|
-                  case expression.keys.first
-                  when "statement"
-                    truth_values << Matcher.eval_compound_statement(expression).to_s
-                  when "fstatement"
-                    truth_values << Matcher.eval_compound_fstatement(expression.values.first)
-                  when "and"
-                    truth_values << "&&"
-                  when "or"
-                    truth_values << "||"
-                  when "("
-                    truth_values << "("
-                  when ")"
-                    truth_values << ")"
-                  when "not"
-                    truth_values << "!"
-                  end
-                end
-
-                result = eval(truth_values.join(" ")) # rubocop:disable Security/Eval
-              rescue DDLValidationError
-                result = false
-              end
-
-              if result
-                Log.debug("Passing based on class and fact composition")
-                passed += 1
-              else
-                Log.debug("Failing based on class and fact composition")
-                failed += 1
-              end
-            end
+            # removed while rebuilding compound filters, this whole method is probably unused now
 
           when "agent"
             filter[key].each do |f|