kafo 6.3.0 → 6.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d246040f3b21a35b8ec0091c61333fbd5b3ecc8af9fb7d6ed666de850a101bf9
-  data.tar.gz: 9ab7731a6e46877cebfdffffbd7b06e5c11951821be90ff2743aa726c889c418
+  metadata.gz: 2224fcf87240686b6638ceffdde5ea8026baf151e784f90f1903389305996ae8
+  data.tar.gz: c6ea88ba2845dfa6d34281c78f7f4a70073c9f6a7bb971f97a0a8cdc7e2897d8
 SHA512:
-  metadata.gz: fb5d804b5c587646b9576f4ba6a67c9b0bd3702ddfad877750beb81b61710fd5b104db0fe36b7cf1cfd1f286d1548fb5b48acb9b778652df6c075600176df88d
-  data.tar.gz: 406667aac6a714122c3ec8d00a90ec630843bd6939167f23142e94bf465be51c8e098380815e869be64af9090b726a2e6a368542e18137a4fdb2493a52ed6246
+  metadata.gz: 373d68b4cc0c8ee1e43e991c4eea2bd632f3de482d797fde26156b38975ee4eef8b0a4cd0cc934ed8c3d9b341e7a429df57b2077496710ed8f187890b1186669
+  data.tar.gz: f7d9a1356a7f260fa7baa605642c6c00d6276a9064330a03f2864561427ba0eeb99947daae84d951f9647798fac8870c7517fb9b3dd7e3330e4778d5a7975ca0

data/README.md

@@ -493,6 +493,39 @@ as key:value.
 When parsing the value, the first colon divides key and value. All other
 colons are ignored.
 
+## Sensitive arguments
+
+Puppet's `Sensitive` data type can be used as long as it's configured in Hiera
+too. Given the following manifest:
+
+```puppet
+class example (
+  Sensitive[String[1]] $password,
+) {
+```
+
+Here the following Hiera configuration is needed:
+```yaml
+lookup_options:
+  example::password:
+    convert_to: "Sensitive"
+```
+
+This is based on [Puppet's documentation](https://puppet.com/docs/puppet/6/securing-sensitive-data.html).
+
+Note that to provide a default inside the manifest inheritance must be used.
+
+```puppet
+class example (
+  Sensitive[String[1]] $password = $example::params::password,
+) inherits example::params {
+}
+
+class example::params {
+  $password = Sensitive('supersecret')
+}
+```
+
 ## Default values
 
 Default values for parameters are read from the class definitions in the
@@ -816,6 +849,32 @@ if app_value(:reset_foreman_db) && !app_value(:noop)
 end
 ```
 
+Hooks can additionally be defined by combining all related stages into a single file
+known as a Multi-stage hook. Multi-stage hooks live in a special directory inside
+the hooks directory: ```$installer_dir/hooks/multi```. Taking the previous example:
+
+```ruby
+# hooks/multi/10-reset_option_feature.rb
+boot do
+  app_option '--reset-foreman-db', :flag, 'Drop foreman database first? You will lose all data!', :default => false
+end
+
+pre do
+  if app_value(:reset_foreman_db) && !app_value(:noop)
+    `which foreman-rake > /dev/null 2>&1`
+    if $?.success?
+      logger.info 'Dropping database!'
+      output = `foreman-rake db:drop 2>&1`
+      logger.debug output.to_s
+      unless $?.success?
+        logger.warn "Unable to drop DB, ignoring since it's not fatal, output was: '#{output}''"
+      end
+    else
+      logger.warn 'Foreman not installed yet, can not drop database!'
+    end
+  end
+end
+```
 
 If you want to add more directories to be search you can use the "hook_dirs" option
 in the installer configuration file.

data/lib/kafo/configuration.rb

@@ -130,7 +130,7 @@ module Kafo
     def modules
       @modules ||= begin
         register_data_types
-        @data.keys.map { |mod| PuppetModule.new(mod, PuppetModule.find_parser, self).parse }.sort
+        @data.keys.map { |mod| PuppetModule.new(mod, configuration: self).parse }.sort
       end
     end
 
@@ -159,7 +159,7 @@ module Kafo
     end
 
     def add_module(name)
-      mod = PuppetModule.new(name, PuppetModule.find_parser, self).parse
+      mod = PuppetModule.new(name, configuration: self).parse
       unless modules.map(&:name).include?(mod.name)
         mod.enable
         @modules << mod

data/lib/kafo/data_type.rb

@@ -130,4 +130,4 @@ require 'kafo/data_types/struct'
 require 'kafo/data_types/tuple'
 require 'kafo/data_types/type_reference'
 require 'kafo/data_types/undef'
-require 'kafo/data_types/variant'
+require 'kafo/data_types/wrapped_data_type'

data/lib/kafo/data_type_parser.rb

@@ -10,7 +10,7 @@ module Kafo
       @logger = KafoConfigure.logger
       @types = {}
       manifest.each_line do |line|
-        if (type = TYPE_DEFINITION.match(line))
+        if (type = TYPE_DEFINITION.match(line.force_encoding("UTF-8")))
           @types[type[1]] = type[2]
         end
       end

data/lib/kafo/data_types/scalar.rb

@@ -7,7 +7,7 @@ module Kafo
       def_delegators :@inner_type, :condition_value, :dump_default, :multivalued?, :typecast, :valid?
 
       def initialize
-        @inner_type = DataTypes::Variant.new('Integer', 'Float', 'String', 'Boolean', 'Regexp')
+        @inner_type = DataTypes::WrappedDataType.new('Integer', 'Float', 'String', 'Boolean', 'Regexp')
       end
     end
 

data/lib/kafo/data_types/{variant.rb → wrapped_data_type.rb}

@@ -1,6 +1,6 @@
 module Kafo
   module DataTypes
-    class Variant < DataType
+    class WrappedDataType < DataType
       def initialize(*inner_types)
         @inner_types = inner_types.map { |t| DataType.new_from_string(t) }
       end
@@ -16,7 +16,7 @@ module Kafo
       end
 
       def multivalued?
-        @inner_types.any? { |t| t.multivalued? }
+        @inner_types.any?(&:multivalued?)
       end
 
       def to_s
@@ -33,7 +33,7 @@ module Kafo
         if type
           type.valid?(value, errors)
         else
-          errors << "#{value} is not one of #{to_s}"
+          errors << "#{value} is not one of #{self}"
           false
         end
       end
@@ -45,6 +45,7 @@ module Kafo
       end
     end
 
-    DataType.register_type('Variant', Variant)
+    DataType.register_type('Sensitive', WrappedDataType)
+    DataType.register_type('Variant', WrappedDataType)
   end
 end

data/lib/kafo/fact_writer.rb

@@ -14,10 +14,9 @@ module Kafo
     end
 
     def self.wrapper
-      # Ruby 2.0 doesn't have <<~ heredocs
-      <<-WRAPPER
-      require 'yaml'
-      Facter.add(:kafo) { setcode { YAML.load_file(File.join(__dir__, '#{DATA_FILENAME}')) } }
+      <<~WRAPPER
+        require 'yaml'
+        Facter.add(:kafo) { setcode { YAML.load_file(File.join(__dir__, '#{DATA_FILENAME}')) } }
       WRAPPER
     end
   end

data/lib/kafo/hook_context.rb

@@ -34,8 +34,8 @@ module Kafo
     #
     # @example
     #   app_option ['-n', '--noop'], :flag, 'Run puppet in noop mode?', :default => false
-    def app_option(*args)
-      self.kafo.class.app_option(*args)
+    def app_option(*args, &block)
+      self.kafo.class.app_option(*args, &block)
     end
 
     # Returns whether the given app option exists. This is useful when there's a conditional option that is

data/lib/kafo/hooking.rb

@@ -1,4 +1,5 @@
 require 'kafo/hook_context'
+require 'kafo/multi_stage_hook'
 
 module Kafo
   class Hooking
@@ -36,6 +37,14 @@ module Kafo
             register(hook_type, file, &hook_block)
           end
         end
+
+        # Multi stage hooks are special
+        Dir.glob(File.join(base_dir, 'multi', '*.rb')).sort.each do |file|
+          logger.debug "Loading multi stage hook #{file}"
+          hook = File.read(file)
+          MultiStageHook.new(file, self, TYPES).instance_eval(hook, file, 1)
+        end
+
         @loaded = true
       end
       self

data/lib/kafo/kafo_configure.rb

@@ -525,8 +525,8 @@ module Kafo
               @progress_bar.update(line) if @progress_bar
             end
           rescue Errno::EIO # we reach end of input
-            exit_status = PTY.check(pid, true) if PTY.respond_to?(:check) # ruby >= 1.9.2
-            if exit_status.nil? # process is still running or we have old ruby so we don't know
+            exit_status = PTY.check(pid, true)
+            if exit_status.nil? # process is still running
               begin
                 Process.wait(pid)
               rescue Errno::ECHILD # process could exit meanwhile so we rescue
@@ -535,7 +535,7 @@ module Kafo
             end
           end
         end
-      rescue PTY::ChildExited => e # could be raised by Process.wait on older ruby or by PTY.check
+      rescue PTY::ChildExited => e # could be raised by PTY.check
         self.class.exit_handler.exit_code = e.status.exitstatus
       end
 
@@ -564,11 +564,7 @@ module Kafo
     end
 
     def normalize_encoding(line)
-      if line.respond_to?(:encode) && line.respond_to?(:valid_encoding?)
-        line.valid_encoding? ? line : line.encode('UTF-16be', :invalid => :replace, :replace => '?').encode('UTF-8')
-      else  # Ruby 1.8.7, doesn't worry about invalid encodings
-        line
-      end
+      line.valid_encoding? ? line : line.encode('UTF-16be', :invalid => :replace, :replace => '?').encode('UTF-8')
     end
   end
 end

data/lib/kafo/logger.rb

@@ -13,7 +13,13 @@ module Kafo
 
     def log(level, *args, &block)
       if Logging.buffering?
-        Logging.to_buffer(@name, level, args, &block)
+        if block_given?
+          data = yield
+        else
+          data = args
+        end
+
+        Logging.to_buffer(@name, ::Logging::LogEvent.new(@name, ::Logging::LEVELS[level.to_s], data, false))
       else
         Logging.dump_buffer if Logging.dump_needed?
         @logger.send(level, *args, &block)

data/lib/kafo/logging.rb

@@ -118,7 +118,7 @@ module Kafo
 
       def dump_buffer
         @buffer.each do |log|
-          ::Logging.logger[log[0]].send(log[1], *([log[2]].flatten(2)), &log[3])
+          ::Logging.logger[log[0]].send(:log_event, log[1])
         end
         @buffer.clear
       end

data/lib/kafo/multi_stage_hook.rb

@@ -0,0 +1,13 @@
+module Kafo
+  class MultiStageHook
+    def initialize(name, registry, types)
+      default_name = name
+
+      types.each do |hook_type|
+        self.class.send(:define_method, hook_type) do |name=nil, &block|
+          registry.send(:register, hook_type, name || default_name, &block)
+        end
+      end
+    end
+  end
+end

data/lib/kafo/puppet_module.rb

@@ -25,7 +25,7 @@ module Kafo
       end
     end
 
-    def initialize(identifier, parser = self.class.find_parser, configuration = KafoConfigure.config)
+    def initialize(identifier, parser: nil, configuration: KafoConfigure.config)
       @identifier        = identifier
       @configuration     = configuration
       @name              = get_name
@@ -65,6 +65,7 @@ module Kafo
     def parse(builder_klass = ParamBuilder)
       @raw_data = @parser_cache.get(identifier, manifest_path) if @parser_cache
       if @raw_data.nil?
+        @parser = self.class.find_parser if @parser.nil?
         if @parser.nil? || @parser == :none
           raise ParserError.new("No Puppet module parser is installed and no cache of the file #{manifest_path} is available. Please check debug logs and install optional dependencies for the parser.")
         else
@@ -80,7 +81,7 @@ module Kafo
 
       self
     rescue ConfigurationException => e
-      @logger.fatal "Unable to continue because of: #{e.message}"
+      @logger.fatal "Unable to parse #{manifest_path} because of: #{e.message}"
       KafoConfigure.exit(:manifest_error)
     end
 

data/lib/kafo/version.rb

@@ -1,5 +1,5 @@
 # encoding: UTF-8
 module Kafo
   PARSER_CACHE_VERSION = 1
-  VERSION = "6.3.0"
+  VERSION = "6.5.0"
 end

data/modules/kafo_configure/lib/puppet/functions/kafo_configure/dump_lookups.rb

@@ -10,6 +10,13 @@ Puppet::Functions.create_function(:'kafo_configure::dump_lookups') do
   end
 
   def dump_lookups(parameters)
-    Hash[parameters.map { |param| [param, call_function('lookup', [param], 'default_value' => nil)] }]
+    Hash[parameters.map { |param| [param, lookup(param)] }]
+  end
+
+  private
+
+  def lookup(param)
+    value = call_function('lookup', [param], 'default_value' => nil)
+    value.respond_to?(:unwrap) ? value.unwrap : value
   end
 end

data/modules/kafo_configure/lib/puppet/functions/kafo_configure/dump_variables.rb

@@ -8,6 +8,12 @@ Puppet::Functions.create_function(:'kafo_configure::dump_variables') do
 
   def dump_variables(variables)
     scope = closure_scope
-    Hash[variables.map { |var| [var, scope[var]] }]
+    Hash[variables.map { |var| [var, unwrap(scope[var])] }]
+  end
+
+  private
+
+  def unwrap(value)
+    value.respond_to?(:unwrap) ? value.unwrap : value
   end
 end

data/modules/kafo_configure/spec/fixtures/hiera/test.yaml

@@ -2,3 +2,8 @@
 classes:
   - dummy
 my_module::param: override
+my_module::password: batteryhorsestaple
+
+lookup_options:
+  my_module::password:
+    convert_to: "Sensitive"

data/modules/kafo_configure/spec/fixtures/modules/dummy/manifests/init.pp

@@ -1,5 +1,6 @@
 class dummy (
   String $first = $dummy::params::first,
   Optional[Integer] $second = undef,
+  Sensitive[String[1]] $password = $dummy::params::password,
 ) inherits dummy::params {
 }

data/modules/kafo_configure/spec/fixtures/modules/dummy/manifests/params.pp

@@ -1,3 +1,4 @@
 class dummy::params {
   $first = 'foo'
+  $password = Sensitive('supersecret')
 }

data/modules/kafo_configure/spec/functions/dump_lookups_spec.rb

@@ -4,4 +4,5 @@ describe 'kafo_configure::dump_lookups' do
   let(:hiera_config) { 'spec/fixtures/hiera/hiera.yaml' }
   it { is_expected.to run.with_params([]).and_return({}) }
   it { is_expected.to run.with_params(['my_module::param']).and_return({'my_module::param' => 'override'}) }
+  it { is_expected.to run.with_params(['my_module::password']).and_return({'my_module::password' => 'batteryhorsestaple'}) }
 end

data/modules/kafo_configure/spec/functions/dump_variables_spec.rb

@@ -6,5 +6,6 @@ describe 'kafo_configure::dump_variables' do
   context 'with values' do
     let(:pre_condition) { 'include dummy' }
     it { is_expected.to run.with_params(['dummy::first']).and_return({'dummy::first' => 'foo'}) }
+    it { is_expected.to run.with_params(['dummy::password']).and_return({'dummy::password' => 'supersecret'}) }
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kafo
 version: !ruby/object:Gem::Version
-  version: 6.3.0
+  version: 6.5.0
 platform: ruby
 authors:
 - Marek Hulan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-25 00:00:00.000000000 Z
+date: 2022-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -245,7 +245,7 @@ files:
 - lib/kafo/data_types/tuple.rb
 - lib/kafo/data_types/type_reference.rb
 - lib/kafo/data_types/undef.rb
-- lib/kafo/data_types/variant.rb
+- lib/kafo/data_types/wrapped_data_type.rb
 - lib/kafo/exceptions.rb
 - lib/kafo/execution_environment.rb
 - lib/kafo/exit_handler.rb
@@ -262,6 +262,7 @@ files:
 - lib/kafo/logging.rb
 - lib/kafo/migration_context.rb
 - lib/kafo/migrations.rb
+- lib/kafo/multi_stage_hook.rb
 - lib/kafo/param.rb
 - lib/kafo/param_builder.rb
 - lib/kafo/param_group.rb
@@ -319,7 +320,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: A gem for making installations based on puppet user friendly