openbolt 5.0.0.rc1

data/lib/bolt/puppetdb/config.rb

@@ -0,0 +1,176 @@
+# frozen_string_literal: true
+
+require 'json'
+require_relative '../../bolt/util'
+
+module Bolt
+  module PuppetDB
+    class Config
+      if ENV['HOME'].nil?
+        DEFAULT_TOKEN = Bolt::Util.windows? ? 'nul' : '/dev/null'
+        DEFAULT_CONFIG = { user: '/etc/puppetlabs/puppet/puppetdb.conf',
+                           global: '/etc/puppetlabs/puppet/puppetdb.conf' }.freeze
+      else
+        DEFAULT_TOKEN = File.expand_path('~/.puppetlabs/token')
+        DEFAULT_CONFIG = { user: File.expand_path('~/.puppetlabs/client-tools/puppetdb.conf'),
+                           global: '/etc/puppetlabs/client-tools/puppetdb.conf' }.freeze
+
+      end
+
+      def initialize(config:, project: nil, load_defaults: false)
+        @settings = if load_defaults
+                      self.class.default_config.merge(config)
+                    else
+                      config
+                    end
+
+        expand_paths(project)
+      end
+
+      # Returns the path to the puppetdb.conf file on Windows.
+      #
+      # @return [String]
+      #
+      def self.default_windows_config
+        File.expand_path(File.join(ENV['ALLUSERSPROFILE'], 'PuppetLabs/client-tools/puppetdb.conf'))
+      end
+
+      # Loads default configuration from the puppetdb.conf file on system. If
+      # the file is not present, defaults to an empty hash.
+      #
+      # @return [Hash]
+      #
+      def self.default_config
+        config = {}
+        global_path = Bolt::Util.windows? ? default_windows_config : DEFAULT_CONFIG[:global]
+
+        if File.exist?(DEFAULT_CONFIG[:user])
+          filepath = DEFAULT_CONFIG[:user]
+        elsif File.exist?(global_path)
+          filepath = global_path
+        end
+
+        begin
+          config = JSON.parse(File.read(filepath)) if filepath
+        rescue StandardError => e
+          Bolt::Logger.logger(self).error("Could not load puppetdb.conf from #{filepath}: #{e.message}")
+        end
+
+        config.fetch('puppetdb', {})
+      end
+
+      def token
+        return @token if @token_computed
+        # Allow nil in config to skip loading a token
+        if @settings.include?('token')
+          if @settings['token']
+            @token = File.read(@settings['token'])
+          end
+        elsif File.exist?(DEFAULT_TOKEN)
+          @token = File.read(DEFAULT_TOKEN)
+        end
+        # Only use cert based auth in the case token and cert are both configured
+        if @token && cert
+          Bolt::Logger.logger(self).debug("Both cert and token based auth configured, using cert only")
+          @token = nil
+        end
+        @token_computed = true
+        @token = @token.strip if @token
+      end
+
+      def expand_paths(project_path)
+        %w[cacert cert key token].each do |file|
+          next unless @settings[file]
+          @settings[file] = File.expand_path(@settings[file], project_path)
+        end
+      end
+
+      def validate_file_exists(file)
+        if @settings[file] && !File.exist?(@settings[file])
+          raise Bolt::PuppetDBError, "#{file} file #{@settings[file]} does not exist"
+        end
+        true
+      end
+
+      def server_urls
+        case @settings['server_urls']
+        when String
+          [@settings['server_urls']]
+        when Array
+          @settings['server_urls']
+        when nil
+          raise Bolt::PuppetDBError, "server_urls must be specified"
+        else
+          raise Bolt::PuppetDBError, "server_urls must be a string or array"
+        end
+      end
+
+      def uri
+        return @uri if @uri
+        require 'addressable/uri'
+
+        uri = case @settings['server_urls']
+              when String
+                @settings['server_urls']
+              when Array
+                @settings['server_urls'].first
+              when nil
+                raise Bolt::PuppetDBError, "server_urls must be specified"
+              else
+                raise Bolt::PuppetDBError, "server_urls must be a string or array"
+              end
+
+        @uri = Addressable::URI.parse(uri)
+        @uri.port ||= 8081
+        @uri
+      end
+
+      def cacert
+        if @settings['cacert'] && validate_file_exists('cacert')
+          @settings['cacert']
+        else
+          raise Bolt::PuppetDBError, "cacert must be specified"
+        end
+      end
+
+      def cert
+        validate_cert_and_key
+        validate_file_exists('cert')
+        @settings['cert']
+      end
+
+      def key
+        validate_cert_and_key
+        validate_file_exists('key')
+        @settings['key']
+      end
+
+      def validate_cert_and_key
+        if (@settings['cert'] && !@settings['key']) ||
+           (!@settings['cert'] && @settings['key'])
+          raise Bolt::PuppetDBError, "cert and key must be specified together"
+        end
+      end
+
+      def connect_timeout
+        validate_timeout('connect_timeout')
+        @settings['connect_timeout']
+      end
+
+      def read_timeout
+        validate_timeout('read_timeout')
+        @settings['read_timeout']
+      end
+
+      def validate_timeout(timeout)
+        unless @settings[timeout].nil? || (@settings[timeout].is_a?(Integer) && @settings[timeout] > 0)
+          raise Bolt::PuppetDBError, "#{timeout} must be a positive integer, received #{@settings[timeout]}"
+        end
+      end
+
+      def to_hash
+        @settings.dup
+      end
+    end
+  end
+end

data/lib/bolt/puppetdb/instance.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'logging'
+require_relative '../../bolt/puppetdb/config'
+
+module Bolt
+  module PuppetDB
+    class Instance
+      attr_reader :config
+
+      def initialize(config:, project: nil, load_defaults: false)
+        @config      = Bolt::PuppetDB::Config.new(config: config, project: project, load_defaults: load_defaults)
+        @bad_urls    = []
+        @current_url = nil
+        @logger      = Bolt::Logger.logger(self)
+      end
+
+      def make_query(query, path = nil)
+        body = JSON.generate(query: query)
+        url = "#{uri}/pdb/query/v4"
+        url += "/#{path}" if path
+
+        begin
+          @logger.debug("Sending PuppetDB query to #{url}")
+          response = http_client.post(url, body: body, header: headers)
+        rescue StandardError => e
+          raise Bolt::PuppetDBFailoverError, "Failed to query PuppetDB: #{e}"
+        end
+
+        @logger.debug("Got response code #{response.code} from PuppetDB")
+        if response.code != 200
+          msg = "Failed to query PuppetDB: #{response.body}"
+          if response.code == 400
+            raise Bolt::PuppetDBError, msg
+          else
+            raise Bolt::PuppetDBFailoverError, msg
+          end
+        end
+
+        begin
+          JSON.parse(response.body)
+        rescue JSON::ParserError
+          raise Bolt::PuppetDBError, "Unable to parse response as JSON: #{response.body}"
+        end
+      rescue Bolt::PuppetDBFailoverError => e
+        @logger.error("Request to puppetdb at #{@current_url} failed with #{e}.")
+        reject_url
+        make_query(query, path)
+      end
+
+      # Sends a command to PuppetDB using version 1 of the commands API.
+      # https://puppet.com/docs/puppetdb/latest/api/command/v1/commands.html
+      #
+      # @param command [String] The command to invoke.
+      # @param version [Integer] The version of the command to invoke.
+      # @param payload [Hash] The payload to send with the command.
+      # @return A UUID identifying the submitted command.
+      #
+      def send_command(command, version, payload)
+        command = command.dup.force_encoding('utf-8')
+        body    = JSON.generate(payload)
+
+        # PDB requires the following query parameters to the POST request.
+        # Error early if there's no certname, as PDB does not return a
+        # message indicating it's required.
+        unless payload['certname']
+          raise Bolt::Error.new(
+            "Payload must include 'certname', unable to invoke command.",
+            'bolt/pdb-command'
+          )
+        end
+
+        url = uri.tap do |u|
+          u.path         = 'pdb/cmd/v1'
+          u.query_values = { 'command'  => command,
+                             'version'  => version,
+                             'certname' => payload['certname'] }
+        end
+
+        # Send the command to PDB
+        begin
+          @logger.debug("Sending PuppetDB command '#{command}' to #{url}")
+          response = http_client.post(url.to_s, body: body, header: headers)
+        rescue StandardError => e
+          raise Bolt::PuppetDBFailoverError, "Failed to invoke PuppetDB command: #{e}"
+        end
+
+        @logger.debug("Got response code #{response.code} from PuppetDB")
+        if response.code != 200
+          raise Bolt::PuppetDBError, "Failed to invoke PuppetDB command: #{response.body}"
+        end
+
+        # Return the UUID string from the response body
+        begin
+          JSON.parse(response.body).fetch('uuid', nil)
+        rescue JSON::ParserError
+          raise Bolt::PuppetDBError, "Unable to parse response as JSON: #{response.body}"
+        end
+      rescue Bolt::PuppetDBFailoverError => e
+        @logger.error("Request to puppetdb at #{@current_url} failed with #{e}.")
+        reject_url
+        send_command(command, version, payload)
+      end
+
+      def http_client
+        return @http if @http
+        # lazy-load expensive gem code
+        require 'httpclient'
+        @logger.trace("Creating HTTP Client")
+        @http = HTTPClient.new
+        @http.ssl_config.set_client_cert_file(@config.cert, @config.key) if @config.cert
+        @http.ssl_config.add_trust_ca(@config.cacert)
+        @http.connect_timeout = @config.connect_timeout if @config.connect_timeout
+        @http.receive_timeout = @config.read_timeout if @config.read_timeout
+
+        @http
+      end
+
+      def reject_url
+        @bad_urls << @current_url if @current_url
+        @current_url = nil
+      end
+
+      def uri
+        require 'addressable/uri'
+
+        @current_url ||= (@config.server_urls - @bad_urls).first
+        unless @current_url
+          msg = "Failed to connect to all PuppetDB server_urls: #{@config.server_urls.to_a.join(', ')}."
+          raise Bolt::PuppetDBError, msg
+        end
+
+        uri = Addressable::URI.parse(@current_url)
+        uri.port ||= 8081
+        uri
+      end
+
+      def headers
+        headers = { 'Content-Type' => 'application/json' }
+        headers['X-Authentication'] = @config.token if @config.token
+        headers
+      end
+    end
+  end
+end

data/lib/bolt/puppetdb.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative '../bolt/error'
+require_relative 'puppetdb/client'
+require_relative 'puppetdb/config'
+
+module Bolt
+  class PuppetDBError < Bolt::Error
+    def initialize(msg)
+      super(msg, "bolt/puppetdb-error")
+    end
+  end
+
+  class PuppetDBFailoverError < PuppetDBError; end
+end

data/lib/bolt/r10k_log_proxy.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'log4r/outputter/outputter'
+
+module Bolt
+  class R10KLogProxy < Log4r::Outputter
+    def initialize
+      super('bolt')
+
+      @logger = Bolt::Logger.logger(self)
+    end
+
+    def canonical_log(event)
+      level = to_bolt_level(event.level)
+      @logger.send(level, event.data)
+    end
+
+    # Convert an r10k log level to a bolt log level. These correspond 1-to-1
+    # except that r10k has debug, debug1, and debug2. The log event has the log
+    # level as an integer that we need to look up.
+    def to_bolt_level(level_num)
+      level_str = Log4r::LNAMES[level_num]&.downcase || 'debug'
+      if level_str =~ /debug/
+        :debug
+      else
+        level_str.to_sym
+      end
+    end
+  end
+end

data/lib/bolt/rerun.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'logging'
+
+module Bolt
+  class Rerun
+    def initialize(path, save_failures)
+      @path = path
+      @save_failures = save_failures
+      @logger = Bolt::Logger.logger(self)
+    end
+
+    def data
+      @data ||= Bolt::Util.read_json_file(@path, 'rerun')
+      unless @data.is_a?(Array) && @data.all? { |r| r['target'] && r['status'] }
+        raise Bolt::FileError.new("Missing data in rerun file: #{@path}", @path)
+      end
+      @data
+    end
+
+    def get_targets(filter)
+      filtered = case filter
+                 when 'all'
+                   data
+                 when 'failure'
+                   data.select { |result| result['status'] == 'failure' }
+                 when 'success'
+                   data.select { |result| result['status'] == 'success' }
+                 else
+                   raise Bolt::CLIError, "Unexpected option #{filter} for '--retry'"
+                 end
+      filtered.map { |result| result['target'] }
+    end
+
+    def update(result_set)
+      unless @save_failures == false
+        if result_set.is_a?(Bolt::PlanResult)
+          result_set = result_set.value
+          result_set = result_set.result_set if result_set.is_a?(Bolt::RunFailure)
+        end
+
+        if result_set.is_a?(Bolt::ResultSet)
+          data = result_set.map { |res| { target: res.target.name, status: res.status } }
+          FileUtils.mkdir_p(File.dirname(@path))
+          File.write(@path, data.to_json)
+        elsif File.exist?(@path)
+          FileUtils.rm(@path)
+        end
+      end
+    rescue StandardError => e
+      Bolt::Logger.warn_once("unwriteable_file", "Failed to save result to #{@path}: #{e.message}")
+    end
+  end
+end

data/lib/bolt/resource_instance.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Bolt
+  class ResourceInstance
+    attr_reader :target, :type, :title, :state, :desired_state
+    attr_accessor :events
+
+    # Needed by Puppet to recognize Bolt::ResourceInstance as a Puppet object when deserializing
+    def self._pcore_type
+      ResourceInstance
+    end
+
+    # Needed by Puppet to serialize with _pcore_init_hash instead of the object's attributes
+    def self._pcore_init_from_hash(_init_hash)
+      raise "ResourceInstance shouldn't be instantiated from a pcore_init class method. "\
+            "How did this get called?"
+    end
+
+    def _pcore_init_from_hash(init_hash)
+      initialize(init_hash)
+    end
+
+    # Parameters will already be validated when calling ResourceInstance.new or
+    # set_resources() from a plan. We don't perform any validation in the class
+    # itself since Puppet will pass an empty hash to the initializer as part of
+    # the deserialization process before passing the _pcore_init_hash.
+    def initialize(resource_hash)
+      @target        = resource_hash['target']
+      @type          = resource_hash['type'].to_s.capitalize
+      @title         = resource_hash['title']
+      @state         = resource_hash['state'] || {}
+      @desired_state = resource_hash['desired_state'] || {}
+      @events        = resource_hash['events'] || []
+    end
+
+    # Creates a ResourceInstance from a data hash in a plan when calling
+    # ResourceInstance.new($resource_hash) or $target.set_resources($resource_hash)
+    def self.from_asserted_hash(resource_hash)
+      new(resource_hash)
+    end
+
+    # Creates a ResourceInstance from positional arguments in a plan when
+    # calling ResourceInstance.new(target, type, title, ...)
+    def self.from_asserted_args(target,
+                                type,
+                                title,
+                                state         = nil,
+                                desired_state = nil,
+                                events        = nil)
+      new(
+        'target'        => target,
+        'type'          => type,
+        'title'         => title,
+        'state'         => state,
+        'desired_state' => desired_state,
+        'events'        => events
+      )
+    end
+
+    def eql?(other)
+      self.class.equal?(other.class) &&
+        target == other.target &&
+        type   == other.type &&
+        title  == other.title
+    end
+    alias == eql?
+
+    def to_hash
+      {
+        'target'        => target,
+        'type'          => type,
+        'title'         => title,
+        'state'         => state,
+        'desired_state' => desired_state,
+        'events'        => events
+      }
+    end
+    alias _pcore_init_hash to_hash
+
+    def to_json(opts = nil)
+      to_hash.to_json(opts)
+    end
+
+    def self.format_reference(type, title)
+      "#{type.capitalize}[#{title}]"
+    end
+
+    def reference
+      self.class.format_reference(@type, @title)
+    end
+    alias to_s reference
+
+    def [](attribute)
+      @state[attribute]
+    end
+
+    def add_event(event)
+      @events << event
+    end
+
+    # rubocop:disable Naming/AccessorMethodName
+    def set_state(state)
+      assert_hash('state', state)
+      @state.merge!(state)
+    end
+    # rubocop:enable Naming/AccessorMethodName
+
+    def overwrite_state(state)
+      assert_hash('state', state)
+      @state = state
+    end
+
+    # rubocop:disable Naming/AccessorMethodName
+    def set_desired_state(desired_state)
+      assert_hash('desired_state', desired_state)
+      @desired_state.merge!(desired_state)
+    end
+    # rubocop:enable Naming/AccessorMethodName
+
+    def overwrite_desired_state(desired_state)
+      assert_hash('desired_state', desired_state)
+      @desired_state = desired_state
+    end
+
+    def assert_hash(loc, value)
+      unless value.is_a?(Hash)
+        raise Bolt::ValidationError, "#{loc} must be of type Hash; got #{value.class}"
+      end
+    end
+  end
+end