octocatalog-diff 1.5.1 → 1.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.version +1 -1
- data/doc/CHANGELOG.md +10 -0
- data/doc/advanced-filter.md +23 -0
- data/doc/configuration-puppetdb.md +3 -0
- data/doc/optionsref.md +32 -0
- data/lib/octocatalog-diff/catalog-diff/filter.rb +2 -1
- data/lib/octocatalog-diff/catalog-diff/filter/single_item_array.rb +44 -0
- data/lib/octocatalog-diff/catalog-util/builddir.rb +3 -3
- data/lib/octocatalog-diff/cli/options.rb +3 -2
- data/lib/octocatalog-diff/cli/options/pe_enc_token_file.rb +1 -1
- data/lib/octocatalog-diff/cli/options/puppetdb_token.rb +17 -0
- data/lib/octocatalog-diff/cli/options/puppetdb_token_file.rb +21 -0
- data/lib/octocatalog-diff/puppetdb.rb +5 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 154a03508f5cbae0bafaedf90773e5dc82624a4e
|
4
|
+
data.tar.gz: 3dca1d51a606a0f31ee935eef370a7347a72af39
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 961a4c0cf1677d9262010e17e88f7ca8387d548886c83ac7f34a86540d09fc864519d906a3172edaef8140f9505539a65437259f13d72257dfe1bd3f161561e2
|
7
|
+
data.tar.gz: 2f822d309b8ebbd39f923c15b6849b02dd836b3bf8cb6d5354cea0fe873828196fac73af1ed801c6f96460339ca9032a27341e1eda2d090d8fa7f2f71a373654
|
data/.version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.5.
|
1
|
+
1.5.2
|
data/doc/CHANGELOG.md
CHANGED
@@ -8,6 +8,16 @@
|
|
8
8
|
</tr>
|
9
9
|
</thead><tbody>
|
10
10
|
|
11
|
+
<tr valign=top>
|
12
|
+
<td>1.5.2</td>
|
13
|
+
<td>2017-12-19</td>
|
14
|
+
<td>
|
15
|
+
<li><a href="https://github.com/github/octocatalog-diff/pull/169">#169</a>: (Enhancement) Puppet Enterprise RBAC token to authenticate to PuppetDB</li>
|
16
|
+
<li><a href="https://github.com/github/octocatalog-diff/pull/170">#170</a>: (Enhancement) Filter to treat an object the same as a single array containing that object</li>
|
17
|
+
<li><a href="https://github.com/github/octocatalog-diff/pull/165">#165</a>: (Bug Fix) Override of fact file via CLI now has precedence over value set in configuration file</li>
|
18
|
+
</td>
|
19
|
+
</tr>
|
20
|
+
|
11
21
|
<tr valign=top>
|
12
22
|
<td>1.5.1</td>
|
13
23
|
<td>2017-11-16</td>
|
data/doc/advanced-filter.md
CHANGED
@@ -11,6 +11,7 @@ Here is the list of available filters and an explanation of each:
|
|
11
11
|
|
12
12
|
- [Absent File](/doc/advanced-filter.md#absent-file) - Ignore parameter changes of a file that is declared to be absent
|
13
13
|
- [JSON](/doc/advanced-filter.md#json) - Ignore whitespace differences if JSON parses to the same object
|
14
|
+
- [SingleItemArray](/doc/advanced-filter.md#SingleItemArray) - Ignore differences between object and array containing only that object
|
14
15
|
- [YAML](/doc/advanced-filter.md#yaml) - Ignore whitespace/comment differences if YAML parses to the same object
|
15
16
|
|
16
17
|
## Absent File
|
@@ -84,6 +85,28 @@ If a file resource has extension `.json` and a difference in its content is obse
|
|
84
85
|
|
85
86
|
This allows you to ignore changes in whitespace, comments, etc., that are not meaningful to a machine parsing the file. Note that changes to files may still trigger Puppet to restart services even though these changes are not displayed in the octocatalog-diff output.
|
86
87
|
|
88
|
+
## Single Item Array
|
89
|
+
|
90
|
+
#### Usage
|
91
|
+
|
92
|
+
```
|
93
|
+
--filters SingleItemArray
|
94
|
+
```
|
95
|
+
|
96
|
+
#### Description
|
97
|
+
|
98
|
+
When enabling the future parser or upgrading between certain versions of Puppet, the internal structure of the catalog for certain parameters can change as shown in the following example:
|
99
|
+
|
100
|
+
```
|
101
|
+
Old: { "notify": "Service[foo]" }
|
102
|
+
New: { "notify": [ "Service[foo]" ] }
|
103
|
+
```
|
104
|
+
|
105
|
+
This filter will suppress differences for the value of a parameter when:
|
106
|
+
|
107
|
+
- The value in one catalog is an object, AND
|
108
|
+
- The value in the other catalog is an array containing *only* that same object
|
109
|
+
|
87
110
|
## YAML
|
88
111
|
|
89
112
|
#### Usage
|
@@ -36,6 +36,7 @@ The following settings can be used in a [configuration file](/doc/configuration.
|
|
36
36
|
| `settings[:puppetdb_ssl_client_key]` | TEXT of the private key of the client SSL keypair used to authenticate to PuppetDB. Note: This variable is not set to a file path, which means you will likely want to use means you will likely want to use `File.read(...)` if you are configuring this to be read from a file. |
|
37
37
|
| `settings[:puppetdb_ssl_client_pem]` | Concatenation of the text of `puppetdb_ssl_client_key` and `puppetdb_ssl_client_cert` as previously described. This is a good alternative if your certificate chain is complex and it's easier just to put everything in a single place. Note: this option is second in precedence; if `settings[:puppetdb_ssl_client_cert]` and `settings[:puppetdb_ssl_client_key]` are both set, this will be ignored. |
|
38
38
|
| `settings[:puppetdb_ssl_client_password]` | Plain text string containing the password to unlock the private key. For keys generated by the Puppet Master CA, this is not required and should be left undefined. |
|
39
|
+
| `settings[:puppetdb_token]` | TEXT containing the PE RBAC token used to authenticate to PuppetDB. Note: This variable is not set to a file path, which means you will likely want to use `File.read(...)` if you are configuring this to be read from a file. |
|
39
40
|
|
40
41
|
## Supplying necessary information via the command line
|
41
42
|
|
@@ -48,6 +49,8 @@ The following arguments can be used on the command line.
|
|
48
49
|
| --puppetdb-ssl-client-cert FILENAME | Path to the certificate of the client SSL keypair. |
|
49
50
|
| --puppetdb-ssl-client-key FILENAME | Path to the private key of the client SSL keypair. |
|
50
51
|
| --puppetdb-ssl-client-password PASSWORD_STRING | Plain text string containing the password to unlock the private key. For keys generated by the Puppet Master CA, this is not required. |
|
52
|
+
| --puppetdb-token STRING | String containing the PE RBAC token used to authenticate to PuppetDB. |
|
53
|
+
| --puppetdb-token-file FILENAME | Path to the PE RBAC token file used to authenticate to PuppetDB. |
|
51
54
|
|
52
55
|
## Supplying necessary information via the environment
|
53
56
|
|
data/doc/optionsref.md
CHANGED
@@ -87,6 +87,8 @@ Usage: octocatalog-diff [command line options]
|
|
87
87
|
--to-puppet-binary STRING Full path to puppet binary for the to branch
|
88
88
|
--from-puppet-binary STRING Full path to puppet binary for the from branch
|
89
89
|
--facts-terminus STRING Facts terminus: one of yaml, facter
|
90
|
+
--puppetdb-token TOKEN Token to access the PuppetDB API
|
91
|
+
--puppetdb-token-file PATH Path containing token for PuppetDB API, relative or absolute
|
90
92
|
--puppetdb-url URL PuppetDB base URL
|
91
93
|
--puppetdb-ssl-ca FILENAME CA certificate that signed the PuppetDB certificate
|
92
94
|
--puppetdb-ssl-client-cert FILENAME
|
@@ -1374,6 +1376,36 @@ the text of the password won't appear in the process list. (<a href="../lib/octo
|
|
1374
1376
|
</td>
|
1375
1377
|
</tr>
|
1376
1378
|
|
1379
|
+
<tr>
|
1380
|
+
<td valign=top>
|
1381
|
+
<pre><code>--puppetdb-token TOKEN</code></pre>
|
1382
|
+
</td>
|
1383
|
+
<td valign=top>
|
1384
|
+
Token to access the PuppetDB API
|
1385
|
+
</td>
|
1386
|
+
<td valign=top>
|
1387
|
+
Specify the PE RBAC token to access the PuppetDB API. Refer to
|
1388
|
+
https://puppet.com/docs/pe/latest/rbac/rbac_token_auth_intro.html#generate-a-token-using-puppet-access
|
1389
|
+
for details on generating and obtaining a token. Use this option to specify the text
|
1390
|
+
of the token. (Use --puppetdb-token-file to read the content of the token from a file.) (<a href="../lib/octocatalog-diff/cli/options/puppetdb_token.rb">puppetdb_token.rb</a>)
|
1391
|
+
</td>
|
1392
|
+
</tr>
|
1393
|
+
|
1394
|
+
<tr>
|
1395
|
+
<td valign=top>
|
1396
|
+
<pre><code>--puppetdb-token-file PATH</code></pre>
|
1397
|
+
</td>
|
1398
|
+
<td valign=top>
|
1399
|
+
Path containing token for PuppetDB API, relative or absolute
|
1400
|
+
</td>
|
1401
|
+
<td valign=top>
|
1402
|
+
Specify the PE RBAC token to access the PuppetDB API. Refer to
|
1403
|
+
https://puppet.com/docs/pe/latest/rbac/rbac_token_auth_intro.html#generate-a-token-using-puppet-access
|
1404
|
+
for details on generating and obtaining a token. Use this option to specify the text
|
1405
|
+
in a file, to read the content of the token from the file. (<a href="../lib/octocatalog-diff/cli/options/puppetdb_token_file.rb">puppetdb_token_file.rb</a>)
|
1406
|
+
</td>
|
1407
|
+
</tr>
|
1408
|
+
|
1377
1409
|
<tr>
|
1378
1410
|
<td valign=top>
|
1379
1411
|
<pre><code>--puppetdb-url URL</code></pre>
|
@@ -2,6 +2,7 @@ require_relative '../api/v1/diff'
|
|
2
2
|
require_relative 'filter/absent_file'
|
3
3
|
require_relative 'filter/compilation_dir'
|
4
4
|
require_relative 'filter/json'
|
5
|
+
require_relative 'filter/single_item_array'
|
5
6
|
require_relative 'filter/yaml'
|
6
7
|
|
7
8
|
require 'stringio'
|
@@ -13,7 +14,7 @@ module OctocatalogDiff
|
|
13
14
|
attr_accessor :logger
|
14
15
|
|
15
16
|
# List the available filters here (by class name) for use in the validator method.
|
16
|
-
AVAILABLE_FILTERS = %w(AbsentFile CompilationDir JSON YAML).freeze
|
17
|
+
AVAILABLE_FILTERS = %w(AbsentFile CompilationDir JSON SingleItemArray YAML).freeze
|
17
18
|
|
18
19
|
# Public: Determine whether a particular filter exists. This can be used to validate
|
19
20
|
# a user-submitted filter.
|
@@ -0,0 +1,44 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative '../filter'
|
4
|
+
|
5
|
+
module OctocatalogDiff
|
6
|
+
module CatalogDiff
|
7
|
+
class Filter
|
8
|
+
# Filter out changes in parameters when one catalog has a parameter that's an object and
|
9
|
+
# the other catalog has that same parameter as an array containing the same object.
|
10
|
+
# For example, under this filter, the following is not a change:
|
11
|
+
# catalog1: notify => "Service[foo]"
|
12
|
+
# catalog2: notify => ["Service[foo]"]
|
13
|
+
class SingleItemArray < OctocatalogDiff::CatalogDiff::Filter
|
14
|
+
# Public: Implement the filter for single-item arrays whose item exactly matches the
|
15
|
+
# item that's not in an array in the other catalog.
|
16
|
+
#
|
17
|
+
# @param diff [OctocatalogDiff::API::V1::Diff] Difference
|
18
|
+
# @param _options [Hash] Additional options (there are none for this filter)
|
19
|
+
# @return [Boolean] true if this should be filtered out, false otherwise
|
20
|
+
def filtered?(diff, _options = {})
|
21
|
+
# Skip additions or removals - focus only on changes
|
22
|
+
return false unless diff.change?
|
23
|
+
old_value = diff.old_value
|
24
|
+
new_value = diff.new_value
|
25
|
+
|
26
|
+
# Skip unless there is a single-item array under consideration
|
27
|
+
return false unless
|
28
|
+
(old_value.is_a?(Array) && old_value.size == 1) ||
|
29
|
+
(new_value.is_a?(Array) && new_value.size == 1)
|
30
|
+
|
31
|
+
# Skip if both the old value and new value are arrays
|
32
|
+
return false if old_value.is_a?(Array) && new_value.is_a?(Array)
|
33
|
+
|
34
|
+
# Do comparison
|
35
|
+
if old_value.is_a?(Array)
|
36
|
+
old_value.first == new_value
|
37
|
+
else
|
38
|
+
new_value.first == old_value
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -149,13 +149,13 @@ module OctocatalogDiff
|
|
149
149
|
raise ArgumentError, 'Called install_fact_file without node, or with an empty node'
|
150
150
|
end
|
151
151
|
|
152
|
-
facts = if options[:
|
152
|
+
facts = if options[:facts].is_a?(OctocatalogDiff::Facts)
|
153
|
+
options[:facts].dup
|
154
|
+
elsif options[:fact_file]
|
153
155
|
raise Errno::ENOENT, "Fact file #{options[:fact_file]} does not exist" unless File.file?(options[:fact_file])
|
154
156
|
fact_file_opts = { fact_file_string: File.read(options[:fact_file]) }
|
155
157
|
fact_file_opts[:backend] = Regexp.last_match(1).to_sym if options[:fact_file] =~ /.*\.(\w+)$/
|
156
158
|
OctocatalogDiff::Facts.new(fact_file_opts)
|
157
|
-
elsif options[:facts].is_a?(OctocatalogDiff::Facts)
|
158
|
-
options[:facts].dup
|
159
159
|
else
|
160
160
|
raise ArgumentError, 'No facts passed to "install_fact_file" method'
|
161
161
|
end
|
@@ -23,7 +23,6 @@ module OctocatalogDiff
|
|
23
23
|
|
24
24
|
# Define the Option class and newoption() method for use by cli/options/*.rb files
|
25
25
|
class Option
|
26
|
-
DEFAULT_WEIGHT = 999
|
27
26
|
def self.has_weight(w) # rubocop:disable Style/PredicateName
|
28
27
|
@weight = w
|
29
28
|
end
|
@@ -38,7 +37,9 @@ module OctocatalogDiff
|
|
38
37
|
elsif @weight
|
39
38
|
@weight
|
40
39
|
else
|
41
|
-
|
40
|
+
# :nocov:
|
41
|
+
raise ArgumentError, "Option #{name} does not have a weight specified. Add 'has_weight NNN' to control ordering."
|
42
|
+
# :nocov:
|
42
43
|
end
|
43
44
|
end
|
44
45
|
|
@@ -12,7 +12,7 @@ OctocatalogDiff::Cli::Options::Option.newoption(:pe_enc_token_file) do
|
|
12
12
|
def parse(parser, options)
|
13
13
|
parser.on('--pe-enc-token-file PATH', 'Path containing token for PE node classifier, relative or absolute') do |x|
|
14
14
|
proposed_token_path = x.start_with?('/') ? x : File.join(options[:basedir], x)
|
15
|
-
raise Errno::ENOENT, "Provided token (#{proposed_token_path}) does not exist" unless File.file?(proposed_token_path)
|
15
|
+
raise Errno::ENOENT, "Provided PE ENC token (#{proposed_token_path}) does not exist" unless File.file?(proposed_token_path)
|
16
16
|
options[:pe_enc_token] = File.read(proposed_token_path)
|
17
17
|
end
|
18
18
|
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Specify the PE RBAC token to access the PuppetDB API. Refer to
|
4
|
+
# https://puppet.com/docs/pe/latest/rbac/rbac_token_auth_intro.html#generate-a-token-using-puppet-access
|
5
|
+
# for details on generating and obtaining a token. Use this option to specify the text
|
6
|
+
# of the token. (Use --puppetdb-token-file to read the content of the token from a file.)
|
7
|
+
# @param parser [OptionParser object] The OptionParser argument
|
8
|
+
# @param options [Hash] Options hash being constructed; this is modified in this method.
|
9
|
+
OctocatalogDiff::Cli::Options::Option.newoption(:puppetdb_token) do
|
10
|
+
has_weight 310
|
11
|
+
|
12
|
+
def parse(parser, options)
|
13
|
+
parser.on('--puppetdb-token TOKEN', 'Token to access the PuppetDB API') do |token|
|
14
|
+
options[:puppetdb_token] = token
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Specify the PE RBAC token to access the PuppetDB API. Refer to
|
4
|
+
# https://puppet.com/docs/pe/latest/rbac/rbac_token_auth_intro.html#generate-a-token-using-puppet-access
|
5
|
+
# for details on generating and obtaining a token. Use this option to specify the text
|
6
|
+
# in a file, to read the content of the token from the file.
|
7
|
+
# @param parser [OptionParser object] The OptionParser argument
|
8
|
+
# @param options [Hash] Options hash being constructed; this is modified in this method.
|
9
|
+
OctocatalogDiff::Cli::Options::Option.newoption(:puppetdb_token_file) do
|
10
|
+
has_weight 310
|
11
|
+
|
12
|
+
def parse(parser, options)
|
13
|
+
parser.on('--puppetdb-token-file PATH', 'Path containing token for PuppetDB API, relative or absolute') do |x|
|
14
|
+
proposed_token_path = x.start_with?('/') ? x : File.join(options[:basedir], x)
|
15
|
+
unless File.file?(proposed_token_path)
|
16
|
+
raise Errno::ENOENT, "Provided PuppetDB API token (#{proposed_token_path}) does not exist"
|
17
|
+
end
|
18
|
+
options[:puppetdb_token] = File.read(proposed_token_path)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -42,6 +42,7 @@ module OctocatalogDiff
|
|
42
42
|
# @param :puppetdb_ssl_client_p12 [String] pkcs12-encoded client key and certificate
|
43
43
|
# @param :puppetdb_ssl_client_password [String] Path to file containing password for SSL client key (any format)
|
44
44
|
# @param :puppetdb_ssl_client_auth [Boolean] Override the client-auth that is guessed from parameters
|
45
|
+
# @param :puppetdb_token [String] PE RBAC token to authenticate to PuppetDB API
|
45
46
|
# @param :timeout [Integer] Connection timeout for PuppetDB (default=10)
|
46
47
|
def initialize(options = {})
|
47
48
|
@connections =
|
@@ -107,7 +108,10 @@ module OctocatalogDiff
|
|
107
108
|
].join('')
|
108
109
|
|
109
110
|
begin
|
110
|
-
|
111
|
+
headers = { 'Accept' => 'application/json' }
|
112
|
+
headers['X-Authentication'] = @options[:puppetdb_token] if @options[:puppetdb_token]
|
113
|
+
more_options = { headers: headers, timeout: @timeout }
|
114
|
+
|
111
115
|
if connection[:username] || connection[:password]
|
112
116
|
more_options[:basic_auth] = { username: connection[:username], password: connection[:password] }
|
113
117
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: octocatalog-diff
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.5.
|
4
|
+
version: 1.5.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GitHub, Inc.
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-12-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: diffy
|
@@ -279,6 +279,7 @@ files:
|
|
279
279
|
- lib/octocatalog-diff/catalog-diff/filter/absent_file.rb
|
280
280
|
- lib/octocatalog-diff/catalog-diff/filter/compilation_dir.rb
|
281
281
|
- lib/octocatalog-diff/catalog-diff/filter/json.rb
|
282
|
+
- lib/octocatalog-diff/catalog-diff/filter/single_item_array.rb
|
282
283
|
- lib/octocatalog-diff/catalog-diff/filter/yaml.rb
|
283
284
|
- lib/octocatalog-diff/catalog-util/bootstrap.rb
|
284
285
|
- lib/octocatalog-diff/catalog-util/builddir.rb
|
@@ -363,6 +364,8 @@ files:
|
|
363
364
|
- lib/octocatalog-diff/cli/options/puppetdb_ssl_client_key.rb
|
364
365
|
- lib/octocatalog-diff/cli/options/puppetdb_ssl_client_password.rb
|
365
366
|
- lib/octocatalog-diff/cli/options/puppetdb_ssl_client_password_file.rb
|
367
|
+
- lib/octocatalog-diff/cli/options/puppetdb_token.rb
|
368
|
+
- lib/octocatalog-diff/cli/options/puppetdb_token_file.rb
|
366
369
|
- lib/octocatalog-diff/cli/options/puppetdb_url.rb
|
367
370
|
- lib/octocatalog-diff/cli/options/quiet.rb
|
368
371
|
- lib/octocatalog-diff/cli/options/retry_failed_catalog.rb
|