moose-inventory 2.0 → 2.1

data/lib/moose_inventory/operations/remove_associations.rb

@@ -1,21 +1,23 @@
 # frozen_string_literal: true
 
+require_relative 'operation_event_support'
+
 module Moose
   module Inventory
     module Operations
       # Removes host/group associations for existing primary entities.
       class RemoveAssociations
         AUTOMATIC_GROUP = 'ungrouped'
-        Event = Struct.new(:type, :payload, keyword_init: true)
-        Result = Struct.new(:events, :warning_count, keyword_init: true)
+        include OperationEventSupport
 
         def initialize(context:)
           @context = context
         end
 
-        def host_from_groups(host:, host_name:, group_names:)
+        def host_from_groups(host:, host_name:, group_names:, dry_run: false)
           events = []
           warning_count = 0
+          @dry_run = dry_run
 
           group_names.each do |group_name|
             next if group_name.nil? || group_name.empty?
@@ -23,14 +25,17 @@ module Moose
             warning_count += remove_group_from_host(host, host_name, group_name, events)
           end
 
-          add_automatic_group_if_needed(host, host_name, events)
+          add_automatic_group_if_needed(host, host_name, events,
+                                        planned_empty: planned_host_groups_empty?(host, group_names))
+          emit(events, :dry_run_summary) if dry_run
 
-          Result.new(events: events, warning_count: warning_count)
+          operation_result(events: events, warning_count: warning_count)
         end
 
-        def group_from_hosts(group:, group_name:, host_names:)
+        def group_from_hosts(group:, group_name:, host_names:, dry_run: false)
           events = []
           warning_count = 0
+          @dry_run = dry_run
           hosts_dataset = group.hosts_dataset
 
           host_names.each do |host_name|
@@ -39,12 +44,14 @@ module Moose
             warning_count += remove_host_from_group(group, group_name, host_name, hosts_dataset, events)
           end
 
-          Result.new(events: events, warning_count: warning_count)
+          emit(events, :dry_run_summary) if dry_run
+
+          operation_result(events: events, warning_count: warning_count)
         end
 
         private
 
-        attr_reader :context
+        attr_reader :context, :dry_run
 
         def remove_group_from_host(host, host_name, group_name, events)
           groups_dataset = host.groups_dataset
@@ -58,7 +65,7 @@ module Moose
           end
 
           group = context.find_group(group_name)
-          host.remove_group(group) unless group.nil?
+          host.remove_group(group) unless group.nil? || dry_run
           emit(events, :ok, indent: 4)
           0
         end
@@ -74,26 +81,31 @@ module Moose
           end
 
           host = context.find_host(host_name)
-          group.remove_host(host) unless host.nil?
+          group.remove_host(host) unless host.nil? || dry_run
           emit(events, :ok, indent: 4)
-          add_automatic_group_if_needed(host, host_name, events)
+          add_automatic_group_if_needed(host, host_name, events,
+                                        planned_empty: dry_run && !host.nil? && host.groups_dataset.one?)
           0
         end
 
-        def add_automatic_group_if_needed(host, host_name, events)
-          return unless host.groups_dataset.none?
+        def add_automatic_group_if_needed(host, host_name, events, planned_empty: false)
+          return if host.nil?
+          return unless planned_empty || host.groups_dataset.none?
 
           emit(events, :adding_automatic_group, host: host_name)
-          host.add_group(context.automatic_group)
+          host.add_group(context.automatic_group) unless dry_run
           emit(events, :ok, indent: 4)
         end
 
-        def association_exists?(dataset, name)
-          !dataset.nil? && !dataset[name: name].nil?
+        def planned_host_groups_empty?(host, group_names)
+          return false unless dry_run
+
+          remaining = host.groups_dataset.map(&:name) - group_names
+          remaining.empty?
         end
 
-        def emit(events, type, payload = {})
-          events << Event.new(type: type, payload: payload)
+        def association_exists?(dataset, name)
+          !dataset.nil? && !dataset[name: name].nil?
         end
       end
     end

data/lib/moose_inventory/operations/remove_groups.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'operation_event_support'
+
 require_relative 'group_cleanup'
 
 module Moose
@@ -7,8 +9,7 @@ module Moose
     module Operations
       # Removes top-level groups and their direct associations.
       class RemoveGroups
-        Event = Struct.new(:type, :payload, keyword_init: true)
-        Result = Struct.new(:events, :warning_count, keyword_init: true)
+        include OperationEventSupport
 
         def initialize(context:)
           @context = context
@@ -18,20 +19,23 @@ module Moose
           )
         end
 
-        def call(names:, recursive: false)
+        def call(names:, recursive: false, dry_run: false)
           events = []
           warning_count = 0
+          @dry_run = dry_run
+          cleanup.dry_run = dry_run
 
           names.each do |name|
             warning_count += remove_group(name, events, recursive: recursive)
           end
+          emit(events, :dry_run_summary) if dry_run
 
-          Result.new(events: events, warning_count: warning_count)
+          operation_result(events: events, warning_count: warning_count)
         end
 
         private
 
-        attr_reader :cleanup, :context
+        attr_reader :cleanup, :context, :dry_run
 
         def remove_group(name, events, recursive:)
           emit(events, :group_started, name: name)
@@ -56,7 +60,7 @@ module Moose
         def remove_parent_associations(group, name, events)
           group.parents_dataset.each do |parent|
             emit(events, :removing_parent_association, group: name, related_group: parent.name)
-            parent.remove_child(group)
+            parent.remove_child(group) unless dry_run
             emit(events, :ok, indent: 4)
           end
         end
@@ -64,15 +68,11 @@ module Moose
         def remove_child_associations(group, name, events, recursive:)
           group.children_dataset.each do |child|
             emit(events, :removing_child_association, group: name, related_group: child.name)
-            group.remove_child(child)
+            group.remove_child(child) unless dry_run
             emit(events, :ok, indent: 4)
-            cleanup.delete_orphaned_group(child, events) if recursive
+            cleanup.delete_orphaned_group(child, events, ignored_parent: group) if recursive
           end
         end
-
-        def emit(events, type, payload = {})
-          events << Event.new(type: type, payload: payload)
-        end
       end
     end
   end

data/lib/moose_inventory/operations/remove_hosts.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require_relative 'operation_event_support'
+
+module Moose
+  module Inventory
+    module Operations
+      # Removes hosts and returns structured progress/warning events.
+      class RemoveHosts
+        include OperationEventSupport
+
+        def initialize(context:)
+          @context = context
+        end
+
+        def call(names:, dry_run: false)
+          events = []
+          warning_count = 0
+          @dry_run = dry_run
+
+          if dry_run
+            names.each do |name|
+              warning_count += remove_host(name, events)
+            end
+            emit(events, :dry_run_summary)
+            return operation_result(events: events, warning_count: warning_count)
+          end
+
+          context.transaction do
+            names.each do |name|
+              warning_count += remove_host(name, events)
+            end
+          end
+
+          operation_result(events: events, warning_count: warning_count)
+        end
+
+        private
+
+        attr_reader :context, :dry_run
+
+        def remove_host(name, events)
+          emit(events, :host_started, name: name)
+          emit(events, :retrieving_host, name: name)
+          host = context.find_host(name)
+
+          if host.nil?
+            emit(events, :host_missing, name: name)
+            emit(events, :missing_skipping, indent: 4)
+            emit(events, :ok, indent: 4)
+            emit(events, :host_complete)
+            return 1
+          end
+
+          emit(events, :ok, indent: 4)
+          emit(events, :destroying_host, name: name)
+          unless dry_run
+            host.remove_all_groups
+            host.destroy
+          end
+          emit(events, :ok, indent: 4)
+          emit(events, :host_complete)
+          0
+        end
+      end
+    end
+  end
+end

data/lib/moose_inventory/operations/remove_variables.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require_relative 'entity_variable_operation_support'
+
+module Moose
+  module Inventory
+    module Operations
+      # Removes host/group variables by key.
+      class RemoveVariables
+        include EntityVariableOperationSupport
+
+        def call(name:, vars:, dry_run: false)
+          @events = []
+          @dry_run = dry_run
+
+          emit(:entity_started, name: name)
+          emit(:retrieving_entity, name: name)
+          entity = find_entity(name)
+          raise_missing_entity(name) if entity.nil?
+
+          emit(:ok, indent: 4)
+
+          dataset = entity.public_send("#{entity_type}vars_dataset")
+          vars.each do |variable|
+            remove_variable(entity, dataset, variable)
+          end
+
+          emit(:entity_complete)
+          emit(:dry_run_summary) if dry_run
+          operation_result(events: events)
+        ensure
+          @events = nil
+          @dry_run = nil
+        end
+
+        private
+
+        attr_reader :dry_run
+
+        def remove_variable(entity, dataset, variable)
+          emit(:removing_variable, variable: variable)
+          key = parse_variable_name(variable)
+
+          existing = dataset[name: key]
+          unless existing.nil? || dry_run
+            entity.public_send("remove_#{entity_type}var", existing)
+            existing.destroy
+          end
+
+          emit(:ok, indent: 4)
+        end
+
+        def parse_variable_name(variable)
+          invalid = variable.start_with?('=') || variable.count('=') > 1
+          raise_invalid_variable(variable) if invalid
+
+          variable.split('=').first
+        end
+
+        def raise_invalid_variable(variable)
+          raise context.moose_exception_class,
+                "Incorrect format in {#{variable}}. Expected 'key' or 'key=value'."
+        end
+      end
+    end
+  end
+end

data/lib/moose_inventory/runtime_options.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Moose
+  module Inventory
+    # Small value object for resolved runtime CLI options.
+    class RuntimeOptions
+      attr_reader :argv, :config, :env, :format
+
+      def initialize(argv:, config:, env:, format:, flags:)
+        @argv = argv
+        @config = config
+        @env = env
+        @format = format
+        @ansible = flags[:ansible] == true
+        @trace = flags[:trace] == true
+      end
+
+      def ansible?
+        @ansible
+      end
+
+      def trace?
+        @trace
+      end
+
+      def output_format
+        format.to_s.downcase
+      end
+    end
+  end
+end

data/lib/moose_inventory/version.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 module Moose
   ##
   # The Moose-Tools dynamic inventory management library
   module Inventory
-    VERSION = '2.0'.freeze
+    VERSION = '2.1'
   end
 end

data/lib/moose_inventory.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'thor'
-require_relative './moose_inventory/config/config.rb'
-require_relative './moose_inventory/db/db.rb'
-require_relative './moose_inventory/cli/application.rb'
+require_relative 'moose_inventory/config/config'
+require_relative 'moose_inventory/db/db'
+require_relative 'moose_inventory/cli/application'
 
 module Moose
   module Inventory
@@ -12,13 +14,14 @@ module Moose
       extend self
       # rubocop:enable Style/ModuleFunction
 
-      def start(args)
+      def start(args, config: Moose::Inventory::Config, db: Moose::Inventory::DB,
+                application: Moose::Inventory::Cli::Application)
         # initialization stuff.
-        Moose::Inventory::Config.init(args)
-        Moose::Inventory::DB.init
+        config.init(args)
+        db.init
 
         # Start the main application
-        Moose::Inventory::Cli::Application.start(Moose::Inventory::Config._argv)
+        application.start(config.application_args)
       end
     end
   end

data/moose-inventory.gemspec

@@ -1,57 +1,40 @@
+# frozen_string_literal: true
+
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'moose_inventory/version'
 
+# rubocop:disable Metrics/BlockLength
 Gem::Specification.new do |spec|
   spec.name          = 'moose-inventory'
   spec.version       = Moose::Inventory::VERSION
   spec.authors       = ['Russell Davies']
   spec.email         = ['russell@blakemere.ca']
   spec.summary       = 'Moose-tools inventory manager'
-  # rubocop:disable Metrics/LineLength
-  spec.description   = 'The Moosecastle CLI tool for Ansible-compatable dynamic inventory management.'
-  # rubocop:enable Metrics/LineLength
+  spec.description   = 'The Moosecastle CLI tool for Ansible-compatible dynamic inventory management.'
   spec.homepage      = 'https://github.com/RusDavies/moose-inventory'
   spec.license       = 'MIT'
   spec.required_ruby_version = '>= 3.2'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-#  spec.add_runtime_dependency 'indentation', '~> 0.1'
-#  spec.add_runtime_dependency 'json',        '~>1.8'
-#  #spec.add_runtime_dependency 'mysql',       '~>2.9' # This causes lots of problems.  Need to migrate to the newer mysql2.
-#  #spec.add_runtime_dependency 'mysql2',    '~>0.3'
-#  spec.add_runtime_dependency 'mysql2'
-#  spec.add_runtime_dependency 'pg',        '~>0.17'
-#  spec.add_runtime_dependency 'sequel',    '~>4.22'
-#  spec.add_runtime_dependency 'sqlite3',   '~>1.3'
-#  spec.add_runtime_dependency 'thor',      '~>0.19'
-#  # spec.add_runtime_dependency   'yaml',      '~>1.0'
-
-#  spec.add_development_dependency 'bundler',      '~> 1.7'
-#  spec.add_development_dependency 'coveralls',    '~> 0.8'
-#  spec.add_development_dependency 'guard',        '~> 2.12'
-#  spec.add_development_dependency 'guard-rspec',  '~> 4.5'
-#  spec.add_development_dependency 'guard-rubocop', '~> 1.2'
-#  spec.add_development_dependency 'rake',         '~> 10.1'
-#  spec.add_development_dependency 'rspec',        '~>3.2'
-#  spec.add_development_dependency 'rubocop',      '>= 0.19'
-#  spec.add_development_dependency 'simplecov',    '~> 0.10'
-
-  spec.add_runtime_dependency 'indentation', '~> 0'
-  spec.add_runtime_dependency 'json', '>= 2.7', '< 3'
-  spec.add_runtime_dependency 'mysql2', '>= 0.5.7', '< 0.6'
-  spec.add_runtime_dependency 'pg', '>= 1.5', '< 2'
-  spec.add_runtime_dependency 'sequel', '>= 5.80', '< 6'
-  spec.add_runtime_dependency 'sqlite3', '>= 1.7', '< 3'
-  spec.add_runtime_dependency 'thor', '>= 1.3', '< 2'
-
+  spec.add_dependency 'indentation', '~> 0'
+  spec.add_dependency 'json', '>= 2.7', '< 3'
+  spec.add_dependency 'mysql2', '>= 0.5.7', '< 0.6'
+  spec.add_dependency 'pg', '>= 1.5', '< 2'
+  spec.add_dependency 'sequel', '>= 5.80', '< 6'
+  spec.add_dependency 'sqlite3', '>= 1.7', '< 3'
+  spec.add_dependency 'thor', '>= 1.3', '< 2'
+
+  # rubocop:disable Gemspec/DevelopmentDependencies
+  # Development dependencies intentionally remain here because this project uses
+  # `gemspec` as its Gemfile dependency source.
   spec.add_development_dependency 'bundler', '>= 2.2.33', '< 3'
   spec.add_development_dependency 'bundler-audit', '>= 0.9', '< 1'
   spec.add_development_dependency 'parallel', '>= 1.10', '< 2.0'
@@ -59,5 +42,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec', '~> 3'
   spec.add_development_dependency 'rubocop', '>= 1.72', '< 2'
   spec.add_development_dependency 'simplecov', '~> 0'
-
+  # rubocop:enable Gemspec/DevelopmentDependencies
 end
+# rubocop:enable Metrics/BlockLength

data/scripts/check.sh

@@ -5,6 +5,7 @@ bundle exec rspec --format progress
 scripts/ci/check_rubocop.sh
 git diff --check
 scripts/ci/check_permissions.sh
+scripts/ci/check_generated_artifacts.sh
 scripts/ci/check_security.sh
 scripts/ci/check_secrets.sh
 scripts/ci/package_sanity.sh

data/scripts/ci/check_generated_artifacts.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+set -euo pipefail
+
+# Generated/local artifacts are useful during development but must not become
+# source inputs, package contents, or review noise. Keep this list aligned with
+# .gitignore and scanner excludes.
+generated_paths=(
+  ".openclaw-security-audit"
+  "coverage"
+  "pkg"
+  "spec/reports"
+  "tmp"
+)
+
+tracked=()
+for path in "${generated_paths[@]}"; do
+  while IFS= read -r file; do
+    tracked+=("$file")
+  done < <(git ls-files "$path" "$path/**")
+done
+
+if (( ${#tracked[@]} > 0 )); then
+  echo "Generated artifact paths are tracked and must be removed from source commits:" >&2
+  printf '  %s\n' "${tracked[@]}" >&2
+  exit 1
+fi
+
+ignored_failures=()
+for path in "${generated_paths[@]}"; do
+  if ! git check-ignore -q "$path/placeholder"; then
+    ignored_failures+=("$path/")
+  fi
+done
+
+if (( ${#ignored_failures[@]} > 0 )); then
+  echo "Generated artifact paths are not ignored:" >&2
+  printf '  %s\n' "${ignored_failures[@]}" >&2
+  exit 1
+fi
+
+echo "Generated artifact guard passed."

data/scripts/ci/check_permissions.sh

@@ -3,10 +3,12 @@ set -euo pipefail
 
 allowed_executables=(
   "bin/moose-inventory"
+  "examples/ci/scripts/validate-inventory-snapshot.sh"
   "scripts/check.sh"
   "scripts/ci/check_permissions.sh"
   "scripts/ci/check_rubocop.sh"
   "scripts/ci/check_secrets.sh"
+  "scripts/ci/check_generated_artifacts.sh"
   "scripts/ci/check_security.sh"
   "scripts/ci/install_security_tools.sh"
   "scripts/ci/package_sanity.sh"

data/scripts/ci/check_rubocop.sh

@@ -1,28 +1,33 @@
 #!/bin/bash
 set -euo pipefail
 
-bundle exec rubocop \
-  lib/moose_inventory/inventory_context.rb \
-  lib/moose_inventory/operations/add_hosts.rb \
-  lib/moose_inventory/operations/add_groups.rb \
-  lib/moose_inventory/operations/add_associations.rb \
-  lib/moose_inventory/operations/remove_associations.rb \
-  lib/moose_inventory/operations/group_cleanup.rb \
-  lib/moose_inventory/operations/group_child_relations.rb \
-  lib/moose_inventory/operations/remove_groups.rb \
-  lib/moose_inventory/cli/helpers.rb \
-  lib/moose_inventory/cli/host_add.rb \
-  lib/moose_inventory/cli/group_add.rb \
-  lib/moose_inventory/cli/host_addgroup.rb \
-  lib/moose_inventory/cli/group_addhost.rb \
-  lib/moose_inventory/cli/host_rmgroup.rb \
-  lib/moose_inventory/cli/group_rmhost.rb \
-  lib/moose_inventory/cli/group_addchild.rb \
-  lib/moose_inventory/cli/group_rmchild.rb \
-  lib/moose_inventory/cli/group_rm.rb \
-  spec/lib/moose_inventory/operations/add_hosts_spec.rb \
-  spec/lib/moose_inventory/operations/add_groups_spec.rb \
-  spec/lib/moose_inventory/operations/add_associations_spec.rb \
-  spec/lib/moose_inventory/operations/remove_associations_spec.rb \
-  spec/lib/moose_inventory/operations/group_child_relations_spec.rb \
-  spec/lib/moose_inventory/operations/remove_groups_spec.rb
+repo_root="$(git rev-parse --show-toplevel)"
+cd "$repo_root"
+
+rubocop_files=(
+  Gemfile
+  Rakefile
+)
+
+while IFS= read -r -d '' file; do
+  rubocop_files+=("$file")
+done < <(find bin -maxdepth 1 -type f -print0 | sort -z)
+
+while IFS= read -r -d '' file; do
+  rubocop_files+=("$file")
+done < <(
+  find \
+    lib \
+    scripts \
+    spec \
+    -path 'spec/reports' -prune -o \
+    -path 'spec/reports/*' -prune -o \
+    -type f \( -name '*.rb' -o -name '*.gemspec' \) \
+    -print0 | sort -z
+)
+
+while IFS= read -r -d '' file; do
+  rubocop_files+=("$file")
+done < <(find . -maxdepth 1 -type f -name '*.gemspec' -print0 | sort -z)
+
+bundle exec rubocop "${rubocop_files[@]}"

data/scripts/files.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'yaml'
 
@@ -8,8 +9,8 @@ test_files    = files.grep(%r{^(test|spec|features)/})
 require_paths = ['lib']
 
 out = {}
-out['Executables'.to_sym] = executables
-out['Test_Files'.to_sym] = test_files
-out['Require_Paths'.to_sym] = require_paths
+out[:Executables] = executables
+out[:Test_Files] = test_files
+out[:Require_Paths] = require_paths
 
-puts out.to_yaml.to_s
+puts out.to_yaml

data/spec/examples/ci_examples_spec.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'spec_helper'
+require 'tmpdir'
+require 'yaml'
+
+RSpec.describe 'CI/CD examples' do
+  it 'ships parseable inventory and GitHub Actions examples' do
+    expect(YAML.safe_load_file('examples/ci/inventory/example-snapshot.yml')).to include('version' => 1)
+    workflow = YAML.safe_load_file('examples/ci/github-actions/inventory-review.yml')
+
+    expect(workflow).to include('name' => 'Inventory review example')
+  end
+
+  it 'keeps the snapshot validation script syntax-valid' do
+    expect(system('bash', '-n', 'examples/ci/scripts/validate-inventory-snapshot.sh')).to eq(true)
+  end
+
+  it 'validates a snapshot and writes review artifacts without production credentials' do
+    Dir.mktmpdir do |dir|
+      command = 'bundle exec ruby -Ilib bin/moose-inventory'
+      result = system(
+        { 'MOOSE_INVENTORY_CMD' => command },
+        'examples/ci/scripts/validate-inventory-snapshot.sh',
+        'examples/ci/inventory/example-snapshot.yml',
+        dir
+      )
+
+      expect(result).to eq(true)
+      expect(File).to exist(File.join(dir, 'doctor.txt'))
+      expect(YAML.safe_load_file(File.join(dir, 'inventory.yml'))).to include('hosts')
+      expect(JSON.parse(File.read(File.join(dir, 'hosts.json')))).to include('web01')
+      expect(JSON.parse(File.read(File.join(dir, 'ansible-inventory.json')))).to include('web')
+    end
+  end
+end