octocatalog-diff 0.5.1

data/lib/octocatalog-diff/external/pson/version.rb

@@ -0,0 +1,8 @@
+module PSON
+  # PSON version
+  VERSION         = '1.1.9'
+  VERSION_ARRAY   = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
+  VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:
+  VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:
+  VERSION_BUILD   = VERSION_ARRAY[2] # :nodoc:
+end

data/lib/octocatalog-diff/facts.rb

@@ -0,0 +1,125 @@
+require_relative 'facts/json'
+require_relative 'facts/yaml'
+require_relative 'facts/puppetdb'
+require_relative 'external/pson/pure'
+
+module OctocatalogDiff
+  # Deal with facts in all forms, including:
+  # - In existing YAML files
+  # - In existing JSON files
+  # - Retrieved dynamically from PuppetDB
+  class Facts
+    # Constructor
+    # @param options [Hash] Initialization options, varies per backend
+    def initialize(options = {}, facts = nil)
+      @node = options.fetch(:node, '')
+      @timestamp = false
+      @options = options.dup
+      if facts
+        @facts = {}
+        facts.each { |k, v| @facts[k] = v.dup }
+      else
+        case options[:backend]
+        when :json
+          @orig_facts = OctocatalogDiff::Facts::JSON.fact_retriever(options, @node)
+        when :yaml
+          @orig_facts = OctocatalogDiff::Facts::Yaml.fact_retriever(options, @node)
+        when :puppetdb
+          @orig_facts = OctocatalogDiff::Facts::PuppetDB.fact_retriever(options, @node)
+        else
+          raise ArgumentError, 'Invalid fact source backend'
+        end
+        @facts = {}
+        @orig_facts.each { |k, v| @facts[k] = v.dup }
+      end
+    end
+
+    def dup
+      self.class.new(@options, @orig_facts)
+    end
+
+    # Facts - returned the 'cleansed' facts.
+    # Clean up facts by setting 'name' to the node if given, and deleting _timestamp and expiration
+    # which may cause Puppet catalog compilation to fail if the facts are old.
+    # @param node [String] Node name to override returned facts
+    # @return [Hash] Facts hash { 'name' => '...', 'values' => { ... } }
+    def facts(node = @node, timestamp = false)
+      raise "Expected @facts to be a hash but it is a #{@facts.class}" unless @facts.is_a?(Hash)
+      raise "Expected @facts['values'] to be a hash but it is a #{@facts['values'].class}" unless @facts['values'].is_a?(Hash)
+      f = @facts.dup
+      f['name'] = node unless node.nil? || node.empty?
+      f['values'].delete('_timestamp')
+      f.delete('expiration')
+      if timestamp
+        f['timestamp'] = Time.now.to_s
+        f['values']['timestamp'] = f['timestamp']
+        f['expiration'] = (Time.now + (24 * 60 * 60)).to_s
+      end
+      f
+    end
+
+    # Facts - Fudge the timestamp to right now and add include it in the facts when returned
+    # @return self
+    def fudge_timestamp
+      @timestamp = true
+      self
+    end
+
+    # Facts - remove one or more facts from the list.
+    # @param remove [String|Array<String>] Fact(s) to remove
+    # @return self
+    def without(remove)
+      r = remove.is_a?(Array) ? remove : [remove]
+      obj = dup
+      r.each { |fact| obj.remove_fact_from_list(fact) }
+      obj
+    end
+
+    # Facts - remove a fact from the list
+    # @param remove [String] Fact to remove
+    def remove_fact_from_list(remove)
+      @facts['values'].delete(remove)
+    end
+
+    # Turn hash of facts into appropriate YAML for Puppet
+    # @param node [String] Node name to override returned facts
+    # @return [String] Puppet-compatible YAML facts
+    def facts_to_yaml(node = @node)
+      # Add the header that Puppet needs to treat this as facts. Save the results
+      # as a string in the option.
+      f = facts(node)
+      fact_file = f.to_yaml.split(/\n/)
+      fact_file[0] = '--- !ruby/object:Puppet::Node::Facts' if fact_file[0] =~ /^---/
+      fact_file.join("\n")
+    end
+
+    # Turn hash of facts into appropriate YAML for Puppet
+    # @param node [String] Node name to override returned facts
+    # @return [String] Puppet-compatible YAML facts
+    def to_pson
+      PSON.generate(facts)
+    end
+
+    # Get the current value of a particular fact
+    # @param key [String] Fact key to override
+    # @return [?] Value for fact
+    def fact(key)
+      @facts['values'][key]
+    end
+
+    # Override a particular fact
+    # @param key [String] Fact key to override
+    # @param value [?] Value for fact
+    def override(key, value)
+      if value.nil?
+        @facts['values'].delete(key)
+      else
+        @facts['values'][key] = value
+      end
+    end
+
+    # Separate classes to handle errors we throw explicitly
+    class FactSourceError < RuntimeError; end
+    class FactRetrievalError < RuntimeError; end
+  end
+end

data/lib/octocatalog-diff/facts/json.rb

@@ -0,0 +1,20 @@
+require_relative '../facts'
+
+require 'json'
+
+module OctocatalogDiff
+  class Facts
+    # Deal with facts in JSON files
+    class JSON
+      # @param options [Hash] Options hash specifically for this fact type.
+      #          - :fact_file_string [String] => Fact data as a string
+      # @param node [String] Node name (overrides node name from fact data)
+      # @return [Hash] Facts
+      def self.fact_retriever(options = {}, node = '')
+        facts = ::JSON.parse(options.fetch(:fact_file_string))
+        node = facts.fetch('fqdn', 'unknown.node') if node.empty?
+        { 'name' => node, 'values' => facts }
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/facts/puppetdb.rb

@@ -0,0 +1,59 @@
+require_relative '../facts'
+require_relative '../puppetdb'
+require 'yaml'
+
+module OctocatalogDiff
+  class Facts
+    # Deal with facts in PuppetDB
+    class PuppetDB
+      # Retrieve facts from PuppetDB for a specified node.
+      # @param :puppetdb_url [String|Array] => URL to PuppetDB
+      # @param :retry [Fixnum] => Retry after timeout (default 0 retries, can be more)
+      # @param node [String] Node name. (REQUIRED for PuppetDB fact source)
+      # @return [Hash] Facts
+      def self.fact_retriever(options = {}, node)
+        # Set up some variables from options
+        raise ArgumentError, 'puppetdb_url is required' unless options[:puppetdb_url].is_a?(String)
+        raise ArgumentError, 'node must be a non-empty string' unless node.is_a?(String) && node != ''
+        uri = "/pdb/query/v4/nodes/#{node}/facts"
+        retries = options.fetch(:retry, 0).to_i
+
+        # Construct puppetdb object and options
+        opts = options.merge(timeout: 5)
+        puppetdb = OctocatalogDiff::PuppetDB.new(opts)
+
+        # Use OctocatalogDiff::PuppetDB to pull facts
+        exception_class = nil
+        exception_message = nil
+        obj_to_return = nil
+        (retries + 1).times do
+          begin
+            result = puppetdb.get(uri)
+            facts = {}
+            result.map { |x| facts[x['name']] = x['value'] }
+            if facts.empty?
+              message = "Unable to retrieve facts for node #{node} from PuppetDB (empty or nil)!"
+              raise OctocatalogDiff::Facts::FactRetrievalError, message
+            end
+
+            # Create a structure compatible with YAML fact files.
+            obj_to_return = { 'name' => node, 'values' => {} }
+            facts.each { |k, v| obj_to_return['values'][k.sub(/^::/, '')] = v }
+            break # Not return, to avoid LocalJumpError in Ruby 2.2
+          rescue OctocatalogDiff::PuppetDB::ConnectionError => exc
+            exception_class = OctocatalogDiff::Facts::FactSourceError
+            exception_message = "Fact retrieval failed (#{exc.class}) (#{exc.message})"
+          rescue OctocatalogDiff::PuppetDB::NotFoundError => exc
+            exception_class = OctocatalogDiff::Facts::FactRetrievalError
+            exception_message = "Node #{node} not found in PuppetDB (#{exc.message})"
+          rescue OctocatalogDiff::PuppetDB::PuppetDBError => exc
+            exception_class = OctocatalogDiff::Facts::FactRetrievalError
+            exception_message = "Fact retrieval failed for node #{node} from PuppetDB (#{exc.message})"
+          end
+        end
+        return obj_to_return unless obj_to_return.nil?
+        raise exception_class, exception_message
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/facts/yaml.rb

@@ -0,0 +1,29 @@
+require_relative '../facts'
+require 'yaml'
+
+module OctocatalogDiff
+  class Facts
+    # Deal with facts in YAML files
+    class Yaml
+      # Manipulate a YAML file so it can be parsed and return the facts as a hash.
+      # If we leave it as Puppet::Node::Facts then it will require us to load puppet
+      # gems in order to parse it, and that's too heavy for simple fact retrieval.
+      # @param options [Hash] Options hash specifically for this fact type.
+      #          - :fact_file_string [String] => Fact data as a string
+      # @param node [String] Node name (overrides node name from fact data)
+      # @return [Hash] Facts
+      def self.fact_retriever(options = {}, node = '')
+        fact_file_string = options.fetch(:fact_file_string)
+
+        # Touch up the first line before parsing.
+        fact_file_data = fact_file_string.split(/\n/)
+        fact_file_data[0] = '---' if fact_file_data[0] =~ /^---/
+
+        # Load and return the parsed fact file.
+        result = YAML.load(fact_file_data.join("\n"))
+        result['name'] = node unless node == ''
+        result
+      end
+    end
+  end
+end

data/lib/octocatalog-diff/puppetdb.rb

@@ -0,0 +1,163 @@
+require_relative 'util/httparty'
+
+require 'uri'
+
+# Redefine constants to match PuppetDB defaults.
+# This code avoids warnings about redefining constants.
+URI::HTTP.send(:remove_const, :DEFAULT_PORT) if URI::HTTP.const_defined?(:DEFAULT_PORT)
+URI::HTTP.const_set(:DEFAULT_PORT, 8080)
+URI::HTTPS.send(:remove_const, :DEFAULT_PORT) if URI::HTTPS.const_defined?(:DEFAULT_PORT)
+URI::HTTPS.const_set(:DEFAULT_PORT, 8081)
+
+module OctocatalogDiff
+  # A standard way to connect to PuppetDB from the various scripts in this repository.
+  class PuppetDB
+    # This class raises errors for certain handled problems
+    class NotFoundError < RuntimeError; end
+    class PuppetDBError < RuntimeError; end
+    class ConnectionError < RuntimeError; end
+
+    # Allow connections to be read (used in tests for now)
+    attr_reader :connections
+
+    # Constructor - will construct connection parameters from a variety
+    # of sources, including arguments and environment variables. Supported
+    # environment variables:
+    #   PUPPETDB_URL
+    #   PUPPETDB_HOST [+ PUPPETDB_PORT] [+ PUPPETDB_SSL]
+    #
+    # Order of precedence:
+    #    1. :puppetdb_url argument (String or Array<String>)
+    #    2. :puppetdb_host argument [+ :puppetdb_port] [+ :puppetdb_ssl]
+    #    3. ENV['PUPPETDB_URL']
+    #    4. ENV['PUPPETDB_HOST'] [+ ENV['PUPPETDB_PORT']], [+ ENV['PUPPETDB_SSL']]
+    # When it finds one of these, it stops and does not process any others.
+    #
+    # When :puppetdb_url is an array, all given URLs are tried, in random order,
+    # until a connection succeeds. If a connection succeeds, any errors from previously
+    # failed connections are suppressed.
+    #
+    # Supported arguments:
+    # @param :puppetdb_url [String or Array<String>] PuppetDB URL(s) to try in random order
+    # @param :puppetdb_host [String] PuppetDB hostname, when constructing a URL
+    # @param :puppetdb_port [Fixnum] Port number, defaults to 8080 (non-SSL) or 8081 (SSL)
+    # @param :puppetdb_ssl [Boolean] defaults to true, because you should use SSL
+    # @param :puppetdb_ssl_ca [String] Path to file containing CA certificate
+    # @param :puppetdb_ssl_verify [Boolean] Override the CA verification setting guessed from parameters
+    # @param :puppetdb_ssl_client_pem [String] PEM-encoded client key and certificate
+    # @param :puppetdb_ssl_client_p12 [String] pkcs12-encoded client key and certificate
+    # @param :puppetdb_ssl_client_password [String] Path to file containing password for SSL client key (any format)
+    # @param :puppetdb_ssl_client_auth [Boolean] Override the client-auth that is guessed from parameters
+    # @param :timeout [Fixnum] Connection timeout for PuppetDB (default=10)
+    def initialize(options = {})
+      @connections =
+        if options.key?(:puppetdb_url)
+          urls = options[:puppetdb_url].is_a?(Array) ? options[:puppetdb_url] : [options[:puppetdb_url]]
+          urls.map { |url| parse_url(url) }
+        elsif options.key?(:puppetdb_host)
+          is_ssl = options.fetch(:puppetdb_ssl, true)
+          default_port = is_ssl ? URI::HTTPS::DEFAULT_PORT : URI::HTTP::DEFAULT_PORT
+          port = options.fetch(:puppetdb_port, default_port).to_i
+          [{ ssl: is_ssl, host: options[:puppetdb_host], port: port }]
+        elsif ENV['PUPPETDB_URL'] && !ENV['PUPPETDB_URL'].empty?
+          [parse_url(ENV['PUPPETDB_URL'])]
+        elsif ENV['PUPPETDB_HOST'] && !ENV['PUPPETDB_HOST'].empty?
+          # Because environment variables are strings...
+          # This will get the env var and see if it equals 'true'; the result
+          # of this == comparison is the true/false boolean we need.
+          is_ssl = ENV.fetch('PUPPETDB_SSL', 'true') == 'true'
+          default_port = is_ssl ? URI::HTTPS::DEFAULT_PORT : URI::HTTP::DEFAULT_PORT
+          port = ENV.fetch('PUPPETDB_PORT', default_port).to_i
+          [{ ssl: is_ssl, host: ENV['PUPPETDB_HOST'], port: port }]
+        else
+          []
+        end
+      @timeout = options.fetch(:timeout, 10)
+      @options = options
+    end
+
+    # Wrapper around the httparty call in the private _get method.
+    # Returns the parsed result of getting the provided URL and returns
+    # a friendlier error message if there are network connection problems
+    # to PuppetDB.
+    # @param path [String] Path portion of the URL
+    # @return [Object] Parsed reply from PuppetDB as an object
+    def get(path)
+      _get(path)
+    rescue Net::OpenTimeout, Errno::ECONNREFUSED => exc
+      raise ConnectionError, "#{exc.class} connecting to PuppetDB (need VPN on?): #{exc.message}"
+    end
+
+    private
+
+    # HTTP(S) Query - will attempt to retrieve URL from each connection
+    # @param path [String] Path portion of the URL
+    # @return [String] Parsed response
+    def _get(path)
+      # You need at least one connection or else this can't do anything
+      raise ArgumentError, 'No PuppetDB connections configured' if @connections.empty?
+
+      # Keep track of the latest exception seen
+      exc = nil
+
+      # Try each connection in random order. This will return the first successful
+      # response, and try the next connection if there's an error. Once it's out of
+      # connections to try it will raise the last exception encountered.
+      @connections.shuffle.each do |connection|
+        complete_url = [
+          connection[:ssl] ? 'https://' : 'http://',
+          connection[:host],
+          ':',
+          connection[:port],
+          path
+        ].join('')
+
+        begin
+          more_options = { headers: { 'Accept' => 'application/json' }, timeout: @timeout }
+          response = OctocatalogDiff::Util::HTTParty.get(complete_url, @options.merge(more_options), 'puppetdb')
+
+          # Handle all non-200's from PuppetDB
+          unless response[:code] == 200
+            raise NotFoundError, "404 - #{response[:error]}" if response[:code] == 404
+            raise PuppetDBError, "#{response[:code]} - #{response[:error]}"
+          end
+
+          # PuppetDB can return 'Not Found' as a string with a 200 response code
+          raise NotFoundError, '404 - Not Found' if response[:body] == 'Not Found'
+
+          # PuppetDB can also return an error message in a 200; we'll call this a 500
+          if response.key?(:error)
+            raise PuppetDBError, "500 - #{response[:error]}"
+          end
+
+          # If we get here without raising an error, it will fall out of the begin/rescue
+          # with 'result' non-nil, and 'result' will then get returned.
+          raise "Unparseable response from puppetdb: '#{response.inspect}'" unless response[:parsed]
+          result = response[:parsed]
+        rescue => exc
+          # Set response to nil so the loop repeats itself if there are retries left.
+          # Also sets 'exc' to the most recent exception, in case all retries are
+          # exhausted and this exception has to be raised.
+          result = nil
+        end
+
+        # If the previous query didn't error, return result
+        return result unless result.nil?
+      end
+
+      # At this point no query has succeeded, so raise the last error encountered.
+      raise exc
+    end
+
+    # Parse a URL to determine hostname, port number, and whether or not SSL is used.
+    # @param url [String] URL to parse
+    # @return [Hash] { ssl: true/false, host: <String>, port: <Fixnum> }
+    def parse_url(url)
+      uri = URI(url)
+      raise ArgumentError, "URL #{url} has invalid scheme" unless uri.scheme =~ /^https?$/
+      { ssl: uri.scheme == 'https', host: uri.host, port: uri.port }
+    rescue URI::InvalidURIError => exc
+      raise exc.class, "Invalid URL: #{url} (#{exc.message})"
+    end
+  end
+end

data/lib/octocatalog-diff/util/colored.rb

@@ -0,0 +1,20 @@
+# Create colorizing methods in the 'String' class, but only if 'colors_enabled'
+# has been set.
+class String
+  COLORS = {
+    'red'    => 31,
+    'green'  => 32,
+    'yellow' => 33,
+    'cyan'   => 36
+  }.freeze
+
+  COLORS.each do |color, _value|
+    define_method(color) do
+      @@colors_enabled ? "\e[0;#{COLORS[color]};49m#{self}\e[0m" : self
+    end
+  end
+
+  def self.colors_enabled=(value)
+    @@colors_enabled = value # rubocop:disable Style/ClassVars
+  end
+end

data/lib/octocatalog-diff/util/httparty.rb

@@ -0,0 +1,158 @@
+require 'httparty'
+require 'json'
+require_relative '../external/pson/pure'
+
+module OctocatalogDiff
+  module Util
+    # This is a wrapper around some common actions that octocatalog-diff does when preparing to talk
+    # to a web server using 'httparty'.
+    class HTTParty
+      # Wrap the 'get' method in httparty with SSL options
+      # @param url [String] URL to retrieve
+      # @param options [Hash] Options
+      # @param ssl_prefix [String] Strip "#{prefix}_" from the start of SSL options to generalize them
+      # @return [Hash] HTTParty response and codes
+      def self.get(url, options = {}, ssl_prefix = nil)
+        httparty_response_parse(::HTTParty.get(url, options.merge(wrap_ssl_options(options, ssl_prefix))))
+      end
+
+      # Wrap the 'post' method in httparty with SSL options
+      # @param url [String] URL to retrieve
+      # @param options [Hash] Options
+      # @param post_body [String] Test to POST
+      # @param ssl_prefix [String] Strip "#{prefix}_" from the start of SSL options to generalize them
+      # @return [Hash] HTTParty response and codes
+      def self.post(url, options, post_body, ssl_prefix)
+        opts = options.merge(wrap_ssl_options(options, ssl_prefix))
+        httparty_response_parse(::HTTParty.post(url, opts.merge(body: post_body)))
+      end
+
+      # Common parser for HTTParty response
+      # @param response [HTTParty response object] HTTParty response object
+      # @return [Hash] HTTParty parsed response and codes
+      def self.httparty_response_parse(response)
+        # Handle HTTP errors
+        unless response.code == 200
+          begin
+            b = JSON.parse(response.body)
+            errormessage = b['error'] if b.is_a?(Hash) && b.key?('error')
+          rescue JSON::ParserError
+            errormessage = response.body
+          ensure
+            errormessage ||= response.body
+          end
+          return { code: response.code, body: response.body, error: errormessage }
+        end
+
+        # Handle success
+        if response.headers.key?('content-type')
+          if response.headers['content-type'] =~ %r{/json}
+            begin
+              return { code: 200, body: response.body, parsed: JSON.parse(response.body) }
+            rescue JSON::ParserError => exc
+              return { code: 500, body: response.body, error: "JSON parse error: #{exc.message}" }
+            end
+          end
+          if response.headers['content-type'] =~ %r{/pson}
+            begin
+              return { code: 200, body: response.body, parsed: PSON.parse(response.body) }
+            rescue PSON::ParserError => exc
+              return { code: 500, body: response.body, error: "PSON parse error: #{exc.message}" }
+            end
+          end
+          return { code: 500, body: response.body, error: "Don't know how to parse: #{response.headers['content-type']}" }
+        end
+
+        # Return raw output
+        { code: response.code, body: response.body }
+      end
+
+      # Wrap context-specific options into generally named options for the other methods in this class
+      # @param options [Hash] Hash of all options
+      # @param prefix [String] Prefix to strip from SSL options
+      # @return [Hash] SSL options generally named
+      def self.wrap_ssl_options(options, prefix)
+        return {} unless prefix
+        result = {}
+        options.keys.each do |key|
+          next if key.to_s !~ /^#{prefix}_(ssl_.*)/
+          result[Regexp.last_match[1].to_sym] = options[key]
+        end
+        ssl_options(result)
+      end
+
+      # SSL options to add to the httparty options hash
+      # @param :ssl_ca [String] Optional: File with SSL CA certificate
+      # @param :ssl_client_key [String] Full text of SSL client private key
+      # @param :ssl_client_cert [String] Full text of SSL client public cert
+      # @param :ssl_client_pem [String] Full text of SSL client private key + client public cert
+      # @param :ssl_client_p12 [String] Full text of pkcs12-encoded keypair
+      # @param :ssl_client_password [String] Password to unlock private key
+      # @return [Hash] Hash of SSL options to pass to httparty
+      def self.ssl_options(options)
+        # Initialize the result
+        result = {}
+
+        # Verification of server against a known CA cert
+        if ssl_verify?(options)
+          result[:verify] = true
+          raise ArgumentError, ':ssl_ca must be passed' unless options[:ssl_ca].is_a?(String)
+          raise Errno::ENOENT, "'#{options[:ssl_ca]}' not a file" unless File.file?(options[:ssl_ca])
+          result[:ssl_ca_file] = options[:ssl_ca]
+        else
+          result[:verify] = false
+        end
+
+        # SSL client certificate auth. This translates our options into httparty options.
+        if client_auth?(options)
+          if options[:ssl_client_key].is_a?(String) && options[:ssl_client_cert].is_a?(String)
+            result[:pem] = options[:ssl_client_key] + options[:ssl_client_cert]
+          elsif options[:ssl_client_pem].is_a?(String)
+            result[:pem] = options[:ssl_client_pem]
+          elsif options[:ssl_client_p12].is_a?(String)
+            result[:p12] = options[:ssl_client_p12]
+            raise ArgumentError, 'pkcs12 requires a password' unless options[:ssl_client_password]
+            result[:p12_password] = options[:ssl_client_password]
+          else
+            raise ArgumentError, 'SSL client auth enabled but no client keypair specified'
+          end
+          if result[:pem]
+            result[:pem_password] = options[:ssl_client_password] if options[:ssl_client_password]
+            # Make sure there's not a password required, or that if the password is given, it is correct.
+            # We do not want to wait on STDIN.
+            # This will raise OpenSSL::PKey::RSAError if the key needs a password.
+            OpenSSL::PKey::RSA.new(result[:pem], result[:pem_password] || '')
+          end
+        end
+
+        # Return result
+        result
+      end
+
+      # Determine, based on options, whether SSL client certificates need to be used.
+      # The order of precedence is:
+      # - If options[:ssl_client_auth] is not nil, return it
+      # - If (key and cert) or PEM or PKCS12 are set, return true
+      # - Else return false
+      # @return [Boolean] see description
+      def self.client_auth?(options)
+        return options[:ssl_client_auth] unless options[:ssl_client_auth].nil?
+        return true if options[:ssl_client_cert].is_a?(String) && options[:ssl_client_key].is_a?(String)
+        return true if options[:ssl_client_pem].is_a?(String)
+        return true if options[:ssl_client_p12].is_a?(String)
+        false
+      end
+
+      # Determine, based on options, whether SSL certificates should be verified.
+      # The order of precedence is:
+      # - If options[:ssl_verify] is not nil, return it
+      # - If options[:ssl_ca] is defined, return true
+      # - Else return false
+      # @return [Boolean] see description
+      def self.ssl_verify?(options)
+        return options[:ssl_verify] unless options[:ssl_verify].nil?
+        options[:ssl_ca].is_a?(String)
+      end
+    end
+  end
+end