octocatalog-diff 0.5.1

data/lib/octocatalog-diff/catalog-util/facts.rb

@@ -0,0 +1,89 @@
+require_relative '../facts'
+
+module OctocatalogDiff
+  module CatalogUtil
+    # Helper class to construct a fact object based on options provided by
+    # cli/options. Supports a direct fact file, looking up a YAML file based on
+    # node name within Puppet fact directories, or retrieving from PuppetDB.
+    class Facts
+      # Constructor
+      # @param options [Hash] Options from cli/options
+      # @param logger [Logger] Logger object for debug messages (optional)
+      def initialize(options, logger = nil)
+        raise ArgumentError, "Argument to constructor must be Hash not #{options.class}" unless options.is_a?(Hash)
+        @options = options.dup
+        @logger = logger
+
+        # Environment variable recognition
+        @options[:puppetdb_url] ||= ENV['PUPPETDB_URL'] if ENV['PUPPETDB_URL']
+        @options[:puppet_fact_dir] ||= ENV['PUPPET_FACT_DIR'] if ENV['PUPPET_FACT_DIR']
+      end
+
+      # Compute facts if needed and then return them
+      # @return [Hash] Facts
+      def facts
+        @facts ||= compute_facts
+      end
+
+      private
+
+      # Retrieve facts from a YAML file in the puppet facts directory
+      # @param filename [String] Full path to file to read in
+      # @return [OctocatalogDiff::Facts] Facts object
+      def facts_from_file(filename)
+        @logger.debug("Retrieving facts from #{filename}") unless @logger.nil?
+        opts = {
+          node: @options[:node],
+          backend: :yaml,
+          fact_file_string: File.read(filename)
+        }
+        OctocatalogDiff::Facts.new(opts)
+      end
+
+      # Retrieve facts from PuppetDB. Either options[:puppetdb_url] or ENV['PUPPETDB_URL']
+      # needs to be set for this to work. Node name must also be set in options.
+      # @return [OctocatalogDiff::Facts] Facts object
+      def facts_from_puppetdb
+        @logger.debug('Retrieving facts from PuppetDB') unless @logger.nil?
+        OctocatalogDiff::Facts.new(@options.merge(backend: :puppetdb, retry: 2))
+      end
+
+      # Error message when the node is needed but not defined
+      # :nocov:
+      def error_node_not_provided
+        message = 'Unable to determine facts. You must either supply "--fact-file FILENAME"' \
+                  ' or a node name "-n NODENAME" to look up a set of node facts in a fact' \
+                  ' directory or in PuppetDB.'
+        raise ArgumentError, message
+      end
+      # :nocov:
+
+      # Does the actual computation/lookup of facts. Seeks to return a OctocatalogDiff::Facts
+      # object. Raises error if no fact sources are found.
+      # @return [OctocatalogDiff::Facts] Facts object
+      def compute_facts
+        if @options.key?(:facts) && @options[:facts].is_a?(OctocatalogDiff::Facts)
+          return @options[:facts]
+        end
+
+        if @options.key?(:fact_file)
+          raise Errno::ENOENT, 'Specified fact file does not exist' unless File.file?(@options[:fact_file])
+          return facts_from_file(@options[:fact_file])
+        end
+
+        error_node_not_provided if @options[:node].nil?
+
+        if @options[:puppet_fact_dir] && File.directory?(@options[:puppet_fact_dir])
+          filename = File.join(@options[:puppet_fact_dir], @options[:node] + '.yaml')
+          return facts_from_file(filename) if File.file?(filename)
+        end
+
+        return facts_from_puppetdb if @options[:puppetdb_url]
+
+        message = 'Unable to compute facts for node. Please use "--fact-file FILENAME" option' \
+                  ' or set one of these environment variables: PUPPET_FACT_DIR or PUPPETDB_URL.'
+        raise ArgumentError, message
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/catalog-util/fileresources.rb

@@ -0,0 +1,83 @@
+require 'digest'
+
+module OctocatalogDiff
+  module CatalogUtil
+    # Used to convert file resources such as:
+    #   file { 'something': source => 'puppet:///modules/xxx/yyy'}
+    # to:
+    #   file { 'something': content => $( cat modules/xxx/files/yyy )}
+    # This allows the displayed diff to show differences in static files.
+    class FileResources
+      # Public method: Convert file resources to text. See the description of the class
+      # just above for details.
+      # @param obj [OctocatalogDiff::Catalog] Catalog object (will be modified)
+      def self.convert_file_resources(obj)
+        return unless obj.valid? && obj.compilation_dir.is_a?(String) && !obj.compilation_dir.empty?
+        _convert_file_resources(obj.resources, obj.compilation_dir)
+        begin
+          obj.catalog_json = ::JSON.generate(obj.catalog)
+        rescue ::JSON::GeneratorError => exc
+          obj.error_message = "Failed to generate JSON: #{exc.message}"
+        end
+      end
+
+      # Internal method: Static method to convert file resources. The compilation directory is
+      # required, or else this is a no-op. The passed-in array of resources is modified by this method.
+      # @param resources [Array<Hash>] Array of catalog resources
+      # @param compilation_dir [String] Compilation directory (so files can be looked up)
+      def self._convert_file_resources(resources, compilation_dir)
+        # Calculate compilation directory. There is not explicit error checking here because
+        # there is on-demand, explicit error checking for each file within the modification loop.
+        return unless compilation_dir.is_a?(String) && compilation_dir != ''
+
+        # Making sure that compilation_dir/environments/production/modules exists (and by inference,
+        # that compilation_dir/environments/production is pointing at the right place). Otherwise, try to find
+        # compilation_dir/modules. If neither of those exist, this code can't run.
+        env_dir = File.join(compilation_dir, 'environments', 'production')
+        unless File.directory?(File.join(env_dir, 'modules'))
+          return unless File.directory?(File.join(compilation_dir, 'modules'))
+          env_dir = compilation_dir
+        end
+
+        # Modify the resources
+        resources.map! do |resource|
+          if resource_convertible?(resource)
+            # Parse the 'source' parameter into a file on disk
+            src = resource['parameters']['source']
+            raise "Bad parameter source #{src}" unless src =~ %r{^puppet:///modules/([^/]+)/(.+)}
+            path = File.join(env_dir, 'modules', Regexp.last_match(1), 'files', Regexp.last_match(2))
+
+            if File.file?(path)
+              # If the file is found, read its content. If the content is all ASCII, substitute it into
+              # the 'content' parameter for easier comparison. If not, instead populate the md5sum.
+              # Delete the 'source' attribute as well.
+              content = File.read(path)
+              is_ascii = content.force_encoding('UTF-8').ascii_only?
+              resource['parameters']['content'] = is_ascii ? content : '{md5}' + Digest::MD5.hexdigest(content)
+              resource['parameters'].delete('source')
+            elsif File.exist?(path)
+              # We are not handling recursive file installs from a directory or anything else.
+              # However, the fact that we found *something* at this location indicates that the catalog
+              # is probably correct. Hence, the very general .exist? check.
+            else
+              raise Errno::ENOENT, "Unable to find '#{src}' at #{path}!"
+            end
+          end
+          resource
+        end
+      end
+
+      # Internal method: Determine if a resource is convertible. It is convertible if it
+      # is a file resource with no declared 'content' and with a declared and parseable 'source'.
+      # @param resource [Hash] Resource to check
+      # @return [Boolean] True of resource is convertible, false if not
+      def self.resource_convertible?(resource)
+        return true if resource['type'] == 'File' && \
+                       resource['parameters'].key?('source') && \
+                       !resource['parameters'].key?('content') && \
+                       resource['parameters']['source'] =~ %r{^puppet:///modules/([^/]+)/(.+)}
+        false
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/catalog-util/git.rb

@@ -0,0 +1,65 @@
+require 'fileutils'
+require 'open3'
+require 'rugged'
+require 'shellwords'
+require 'tempfile'
+
+module OctocatalogDiff
+  module CatalogUtil
+    # Class to perform a git checkout (via 'git archive') of a branch from the base git
+    # directory into another targeted directory.
+    class Git
+      # Trapped errors
+      class GitCheckoutError < RuntimeError
+      end
+
+      # Check out a branch via 'git archive' from one directory into another.
+      # @param options [Hash] Options hash:
+      #          - :branch => Branch name to check out
+      #          - :path => Where to check out to (must exist as a directory)
+      #          - :basedir => Where to check out from (must exist as a directory)
+      #          - :logger => Logger object
+      def self.check_out_git_archive(options = {})
+        branch = options.fetch(:branch)
+        path = options.fetch(:path)
+        dir = options.fetch(:basedir)
+        logger = options.fetch(:logger)
+
+        # Validate parameters
+        raise GitCheckoutError, "Source directory #{dir.inspect} does not exist" if dir.nil? || !File.directory?(dir)
+        raise GitCheckoutError, "Target directory #{path.inspect} does not exist" if dir.nil? || !File.directory?(path)
+
+        # To get the options working correctly (-o pipefail in particular) this needs to run under
+        # bash. It's just creating a script, rather than figuring out all the shell escapes...
+        begin
+          tmp_script = Tempfile.new(['git-checkout', '.sh'])
+          tmp_script.write "#!/bin/bash\n"
+          tmp_script.write "set -euf -o pipefail\n"
+          tmp_script.write "git archive --format=tar #{Shellwords.escape(branch)} | \\\n"
+          tmp_script.write "  ( cd #{Shellwords.escape(path)} && tar -xf - )\n"
+          tmp_script.close
+          FileUtils.chmod 0o755, tmp_script.path
+
+          logger.debug("Begin git archive #{dir}:#{branch} -> #{path}")
+          output, status = Open3.capture2e(tmp_script.path, chdir: dir)
+          raise GitCheckoutError, "Git archive #{branch}->#{path} failed: #{output}" unless status.exitstatus.zero?
+          logger.debug("Success git archive #{dir}:#{branch}")
+        ensure
+          FileUtils.rm_f tmp_script.path if File.exist?(tmp_script.path)
+        end
+      end
+
+      # Determine the SHA of origin/master (or any other branch really) in the git repo
+      # @param options [Hash] Options hash:
+      #          - :branch => Branch name to determine SHA of
+      #          - :basedir => Where to check out from (must exist as a directory)
+      def self.branch_sha(options = {})
+        branch = options.fetch(:branch)
+        dir = options.fetch(:basedir)
+        raise GitCheckoutError, "Git directory #{dir.inspect} does not exist" if dir.nil? || !File.directory?(dir)
+        repo = Rugged::Repository.new(dir)
+        repo.branches[branch].target_id
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/catalog.rb

@@ -0,0 +1,209 @@
+require 'json'
+require 'stringio'
+
+require_relative 'catalog/computed'
+require_relative 'catalog/json'
+require_relative 'catalog/noop'
+require_relative 'catalog/puppetdb'
+require_relative 'catalog/puppetmaster'
+require_relative 'catalog-util/fileresources'
+
+module OctocatalogDiff
+  # This class represents a catalog. Generation of the catalog is handled via one of the
+  # supported backends listed above as 'require_relative'. Usually, the 'computed' backend
+  # will build the catalog from the Puppet command.
+  class Catalog
+    # Readable
+    attr_reader :built, :catalog, :catalog_json
+
+    # Error classes that we can throw
+    class PuppetVersionError < RuntimeError; end
+    class CatalogError < RuntimeError; end
+
+    # Constructor
+    # @param :backend [Symbol] If set, this will force a backend
+    # @param :json [String] JSON catalog content (will avoid running Puppet to compile catalog)
+    # @param :puppetdb [Object] If set, pull the catalog from PuppetDB rather than building
+    # @param :node [String] Name of node whose catalog is being built
+    # @param :fact_file [String] OPTIONAL: Path to fact file (if not provided, look up in PuppetDB)
+    # @param :hiera_config [String] OPTIONAL: Path to hiera config file (munge temp. copy if not provided)
+    # @param :basedir [String] OPTIONAL: Base directory for catalog (default base directory of this checkout)
+    # @param :pass_env_vars [Array<String>] OPTIONAL: Additional environment vars to pass
+    # @param :convert_file_resources [Boolean] OPTIONAL: Convert file resource source to content
+    # @param :storeconfigs [Boolean] OPTIONAL: Pass the '-s' flag, for puppetdb (storeconfigs) integration
+    def initialize(options = {})
+      @options = options
+
+      # Call appropriate backend for catalog generation
+      @catalog_obj = backend(options)
+
+      # The catalog is not built yet, except if the backend has no build method
+      @built = false
+      build unless @catalog_obj.respond_to?(:build)
+
+      # The compilation directory can be overridden, e.g. when testing
+      @override_compilation_dir = nil
+    end
+
+    # Build catalog - this method needs to be called to build the catalog. It is separate due to
+    # the serialization of the logger object -- the parallel gem cannot serialize/deserialize a logger
+    # object so it cannot be part of any object that is passed around.
+    # @param logger [Logger] Logger object, initialized to a default throwaway value
+    def build(logger = Logger.new(StringIO.new))
+      # Only build once
+      return if @built
+      @built = true
+
+      # Call catalog's build method.
+      if @catalog_obj.respond_to?(:build)
+        logger.debug "Calling build for object #{@catalog_obj.class}"
+        @catalog_obj.build(logger)
+      end
+
+      # These methods must exist in all backends
+      @catalog = @catalog_obj.catalog
+      @catalog_json = @catalog_obj.catalog_json
+      @error_message = @catalog_obj.error_message
+
+      # The resource hash is computed the first time it's needed. For now initialize it as nil.
+      @resource_hash = nil
+
+      # Perform post-generation processing of the catalog
+      return unless valid?
+      unless @catalog_obj.respond_to?(:convert_file_resources) && @catalog_obj.convert_file_resources == false
+        OctocatalogDiff::CatalogUtil::FileResources.convert_file_resources(self) if @options.fetch(:compare_file_text, false)
+      end
+    end
+
+    # For logging we may wish to know the backend being used
+    # @return [String] Class of backend used
+    def builder
+      @catalog_obj.class.to_s
+    end
+
+    # Set the catalog JSON
+    # @param str [String] Catalog JSON
+    def catalog_json=(str)
+      @catalog_json = str
+      @resource_hash = nil
+    end
+
+    # This retrieves the compilation directory from the catalog, or otherwise the passed-in directory.
+    # @return [String] Compilation directory
+    def compilation_dir
+      return @override_compilation_dir if @override_compilation_dir
+      @catalog_obj.respond_to?(:compilation_dir) ? @catalog_obj.compilation_dir : @options[:basedir]
+    end
+
+    # The compilation directory can be overridden, e.g. during testing.
+    # @param dir [String] Compilation directory
+    def compilation_dir=(dir)
+      @override_compilation_dir = dir
+    end
+
+    # Determine whether the underlying catalog object supports :compare_file_text
+    # @return [Boolean] Whether underlying catalog object supports :compare_file_text
+    def convert_file_resources
+      return true unless @catalog_obj.respond_to?(:convert_file_resources)
+      @catalog_obj.convert_file_resources
+    end
+
+    # Retrieve the error message.
+    # @return [String] Error message (maximum 20,000 characters) - nil if no error.
+    def error_message
+      return nil if @error_message.nil? || !@error_message.is_a?(String)
+      @error_message[0, 20_000]
+    end
+
+    # Allow setting the error message. If the error message is set to a string, the catalog
+    # and catalog JSON are set to nil.
+    # @param error [String] Error message
+    def error_message=(error)
+      raise ArgumentError, 'Error message must be a string' unless error.is_a?(String)
+      @error_message = error
+      @catalog = nil
+      @catalog_json = nil
+      @resource_hash = nil
+    end
+
+    # This retrieves the version of Puppet used to compile a catalog. If the underlying catalog was not
+    # compiled by running Puppet (e.g., it was read in from JSON or puppetdb), then this returns the
+    # puppet version optionally passed in to the constructor. This can also be nil.
+    # @return [String] Puppet version
+    def puppet_version
+      @catalog_obj.respond_to?(:puppet_version) ? @catalog_obj.puppet_version : @options[:puppet_version]
+    end
+
+    # This allows retrieving a resource by type and title. This is intended for use when a O(1) lookup is required.
+    # @param :type [String] Type of resource
+    # @param :title [String] Title of resource
+    # @return [Hash] Resource item
+    def resource(opts = {})
+      raise ArgumentError, ':type and :title are required' unless opts[:type] && opts[:title]
+      build_resource_hash if @resource_hash.nil?
+      return nil unless @resource_hash[opts[:type]].is_a?(Hash)
+      @resource_hash[opts[:type]][opts[:title]]
+    end
+
+    # This is a compatibility layer for the resources, which are in a different place in Puppet 3.x and Puppet 4.x
+    # @return [Array] Resource array
+    def resources
+      raise CatalogError, 'Catalog does not appear to have been built' if !valid? && error_message.nil?
+      raise CatalogError, error_message unless valid?
+      return @catalog['data']['resources'] if @catalog['data'].is_a?(Hash) && @catalog['data']['resources'].is_a?(Array)
+      return @catalog['resources'] if @catalog['resources'].is_a?(Array)
+      # This is a bug condition
+      # :nocov:
+      raise "BUG: catalog has no data::resources or ::resources array. Please report this. #{@catalog.inspect}"
+      # :nocov
+    end
+
+    # This retrieves the number of retries necessary to compile the catalog. If the underlying catalog
+    # generation backend does not support retries, nil is returned.
+    # @return [Integer] Retry count
+    def retries
+      @retries = @catalog_obj.respond_to?(:retries) ? @catalog_obj.retries : nil
+    end
+
+    # Determine if the catalog build was successful.
+    # @return [Boolean] Whether the catalog is valid
+    def valid?
+      !@catalog.nil?
+    end
+
+    private
+
+    # Private method: Choose backend based on passed-in options
+    # @param options [Hash] Options passed into constructor
+    # @return [Object] OctocatalogDiff::Catalog::<whatever> object
+    def backend(options)
+      # Hard-coded backend
+      if options[:backend]
+        return OctocatalogDiff::Catalog::JSON.new(options) if options[:backend] == :json
+        return OctocatalogDiff::Catalog::PuppetDB.new(options) if options[:backend] == :puppetdb
+        return OctocatalogDiff::Catalog::PuppetMaster.new(options) if options[:backend] == :puppetmaster
+        return OctocatalogDiff::Catalog::Computed.new(options) if options[:backend] == :computed
+        return OctocatalogDiff::Catalog::Noop.new(options) if options[:backend] == :noop
+        raise ArgumentError, "Unknown backend :#{options[:backend]}"
+      end
+
+      # Determine backend based on arguments
+      return OctocatalogDiff::Catalog::JSON.new(options) if options[:json]
+      return OctocatalogDiff::Catalog::PuppetDB.new(options) if options[:puppetdb]
+      return OctocatalogDiff::Catalog::PuppetMaster.new(options) if options[:puppet_master]
+
+      # Default is to build catalog ourselves
+      OctocatalogDiff::Catalog::Computed.new(options)
+    end
+
+    # Private method: Build the resource hash to be used used for O(1) lookups by type and title.
+    # This method is called the first time the resource hash is accessed.
+    def build_resource_hash
+      @resource_hash = {}
+      resources.each do |resource|
+        @resource_hash[resource['type']] ||= {}
+        @resource_hash[resource['type']][resource['title']] = resource
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/catalog/computed.rb

@@ -0,0 +1,205 @@
+require 'fileutils'
+require 'json'
+require 'open3'
+require 'stringio'
+
+require_relative '../catalog-util/bootstrap'
+require_relative '../catalog-util/builddir'
+require_relative '../catalog-util/command'
+require_relative '../util/puppetversion'
+require_relative '../catalog-util/facts'
+
+module OctocatalogDiff
+  class Catalog
+    # Represents a Puppet catalog that is computed (via `puppet master --compile ...`)
+    # By instantiating this class, the catalog is computed.
+    class Computed
+      attr_reader :node, :error_message, :catalog, :catalog_json, :retries
+
+      # Constructor
+      # @param :node [String] REQUIRED: Node name
+      # @param :basedir [String] Directory in which to compile the catalog
+      # @param :pass_env_vars [Array<String>] Environment variables to pass when compiling catalog
+      # @param :retry_failed_catalog [Fixnum] Number of retries if a catalog compilation fails
+      # @param :tag [String] For display purposes, the catalog being compiled
+      # @param :puppet_binary [String] Full path to Puppet
+      # @param :puppet_version [String] Puppet version (optional; if not supplied, it is calculated)
+      # @param :puppet_command [String] Full command to run Puppet (optional; if not supplied, it is calculated)
+      def initialize(options)
+        raise ArgumentError, 'Usage: OctocatalogDiff::Catalog::Computed.initialize(options_hash)' unless options.is_a?(Hash)
+        raise ArgumentError, 'Node name must be passed to OctocatalogDiff::Catalog::Computed' unless options[:node].is_a?(String)
+
+        # Standard readable variables
+        @node = options[:node]
+        @error_message = nil
+        @catalog = nil
+        @catalog_json = nil
+
+        # Additional class variables
+        @pass_env_vars = options.fetch(:pass_env_vars, [])
+        @retry_failed_catalog = options.fetch(:retry_failed_catalog, 0)
+        @tag = options.fetch(:tag, 'catalog')
+        @puppet_binary = options[:puppet_binary]
+        @puppet_version = options[:puppet_version]
+        @puppet_command = options[:puppet_command]
+        @retries = nil
+        @builddir = nil
+
+        # Pass through the input for other access
+        @opts = options
+        raise ArgumentError, 'Branch is undefined' unless @opts[:branch]
+      end
+
+      # Actually build the catalog (populate @error_message, @catalog, @catalog_json)
+      def build(logger = Logger.new(StringIO.new))
+        facts_obj = OctocatalogDiff::CatalogUtil::Facts.new(@opts, logger)
+        logger.debug "Start retrieving facts for #{@node} from #{self.class}"
+        @opts[:facts] = facts_obj.facts
+        logger.debug "Success retrieving facts for #{@node} from #{self.class}"
+        build_catalog(logger)
+      end
+
+      # Get the Puppet version
+      # @return [String] Puppet version
+      def puppet_version
+        raise ArgumentError, '"puppet_binary" was not passed to OctocatalogDiff::Catalog::Computed' unless @puppet_binary
+        @puppet_version ||= OctocatalogDiff::Util::PuppetVersion.puppet_version(@puppet_binary)
+      end
+
+      # Compilation directory
+      # @return [String] Compilation directory
+      def compilation_dir
+        raise 'Catalog was not built' if @builddir.nil?
+        @builddir.tempdir
+      end
+
+      private
+
+      # Private method: Clean up a checkout directory, if it exists
+      def cleanup_checkout_dir(checkout_dir, logger)
+        return unless File.directory?(checkout_dir)
+        logger.debug("Cleaning up temporary directory #{checkout_dir}")
+        FileUtils.remove_entry_secure checkout_dir
+      end
+
+      # Private method: Bootstrap a directory
+      def bootstrap(logger)
+        return if @builddir
+
+        # Fill options for creating and populating the temporary directory
+        tmphash = @opts.dup
+
+        # Bootstrap directory if needed
+        if !@opts[:bootstrapped_dir].nil?
+          raise Errno::ENOENT, "Invalid dir #{@opts[:bootstrapped_dir]}" unless File.directory?(@opts[:bootstrapped_dir])
+          tmphash[:basedir] = @opts[:bootstrapped_dir]
+        elsif @opts[:branch] == '.'
+          tmphash[:basedir] = @opts[:basedir]
+        else
+          checkout_dir = Dir.mktmpdir
+          at_exit { cleanup_checkout_dir(checkout_dir, logger) }
+          tmphash[:basedir] = checkout_dir
+          OctocatalogDiff::CatalogUtil::Bootstrap.bootstrap_directory(@opts.merge(path: checkout_dir), logger)
+        end
+
+        # Create and populate the temporary directory
+        @builddir ||= OctocatalogDiff::CatalogUtil::BuildDir.new(tmphash, logger)
+      end
+
+      # Private method: Build catalog by running Puppet
+      # @param logger [Logger] Logger object
+      def build_catalog(logger = nil)
+        return nil unless @catalog.nil? && @error_message.nil?
+        bootstrap(logger)
+        result = run_puppet(logger)
+        @retries = result[:retries]
+        if (result[:exitcode]).zero?
+          begin
+            @catalog = ::JSON.parse(result[:stdout])
+            @catalog_json = result[:stdout]
+            @error_message = nil
+          rescue ::JSON::ParserError => exc
+            @catalog = nil
+            @catalog_json = nil
+            @error_message = "Catalog has invalid JSON: #{exc.message}"
+          end
+        else
+          @error_message = result[:stderr]
+          @catalog = nil
+          @catalog_json = nil
+        end
+      end
+
+      # Get the command to compile the catalog
+      # @return [String] Puppet command line
+      def puppet_command(options = @opts)
+        return @puppet_command if @puppet_command
+        raise ArgumentError, '"puppet_binary" was not passed to OctocatalogDiff::Catalog::Computed' unless @puppet_binary
+        command_opts = options.merge(
+          node: @node,
+          compilation_dir: @builddir.tempdir,
+          parser: options.fetch(:parser, :default),
+          puppet_binary: @puppet_binary,
+          fact_file: @builddir.fact_file,
+          dir: @builddir.tempdir,
+          enc: @builddir.enc
+        )
+        command = OctocatalogDiff::CatalogUtil::Command.new(command_opts)
+        @puppet_command = command.puppet_command
+      end
+
+      # Private method: Actually execute puppet
+      # @return [Hash] { stdout, stderr, exitcode }
+      def exec_puppet
+        # This is the environment provided to the puppet command.
+        env = {
+          'HOME' => ENV['HOME'],
+          'PATH' => ENV['PATH'],
+          'PWD' => @builddir.tempdir
+        }
+        @pass_env_vars.each { |var| env[var] ||= ENV[var] }
+        out, err, status = Open3.capture3(env, puppet_command, unsetenv_others: true, chdir: @builddir.tempdir)
+        {
+          stdout: out,
+          stderr: err,
+          exitcode: status.exitstatus
+        }
+      end
+
+      # Private method: Runs puppet on the command line to compile the catalog
+      # Exit code is 0 if catalog generation was successful, non-zero otherwise.
+      # @param logger [Logger] Logger object
+      # @return [Hash] { stdout: <catalog as JSON>, stderr: <error messages>, exitcode: <hopefully 0> }
+      def run_puppet(logger)
+        # Run 'cmd' with environment 'env' from directory 'dir'
+        # First line of a successful result needs to be stripped off. It will look like:
+        # Notice: Compiled catalog for xxx in environment production in 27.88 seconds
+        retval = {}
+        0.upto(@retry_failed_catalog) do |retry_num|
+          @retries = retry_num
+          time_begin = Time.now
+          logger.debug("(#{@tag}) Try #{1 + retry_num} executing Puppet #{puppet_version}: #{puppet_command}")
+          result = exec_puppet
+
+          # Success
+          if (result[:exitcode]).zero?
+            logger.debug("(#{@tag}) Catalog succeeded on try #{1 + retry_num} in #{Time.now - time_begin} seconds")
+            first_brace = result[:stdout].index('{') || 0
+            retval = {
+              stdout: result[:stdout][first_brace..-1],
+              stderr: nil,
+              exitcode: 0,
+              retries: retry_num
+            }
+            break
+          end
+
+          # Failure
+          logger.debug("(#{@tag}) Catalog failed on try #{1 + retry_num} in #{Time.now - time_begin} seconds")
+          retval = result.merge(retries: retry_num)
+        end
+        retval
+      end
+    end
+  end
+end