puppet-runner 0.0.18 → 0.0.26

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5bbb45769852b12c6bf2b83d523e33df37ae11e9
-  data.tar.gz: 047aad5ff68eb41b049047c1650f8777acfacc3c
+SHA256:
+  metadata.gz: 9608033a0b9eb159ab03971282ba58f6f66048dca66b7dd010d6ba8eeb19a8c1
+  data.tar.gz: 10fa57c840b21b088c9e36c6d4415de4c90f260da7aacf4a9afb50bde6c8d420
 SHA512:
-  metadata.gz: bcceeb628caf19858c9c8486edad72001f9695d9b8ddafc3da10c9b407e54ce5a4c52812c88af876dee24d416aff200971d6f2851c4fe3b18ce46f0081ecd9ee
-  data.tar.gz: d03770227658b51eebe1e89ab9d8225185e07bb19448b25d1f102f50f3e9c650b83ed1f4ad777b7d7dcd4b0465a256ffd01d48f71e7764db4d228f6ac109654f
+  metadata.gz: 0b5a94a383db7ed9236316a79ec462af20e4de9d71d023342d44ec4dedb52bfb99d5a3f5fd7c78f9e41a488cfbfe1652c7a8809bc9ab59affe57fe90c619e9d8
+  data.tar.gz: 87767da63ef9b57dd99de76bf5946e258be53c8f62d3d5502b4c14b0007de762625f401f7bfe2afede26346ef5c1c53f461fb73411ecf4814dcf8c9442bd9f14

data/.travis.yml

@@ -1,4 +1,8 @@
 language: ruby
+before_install:
+  # https://github.com/travis-ci/travis-rubies/issues/57#issuecomment-458981237
+  - "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
+  - gem install bundler --version 2.2.10
 notifications:
   email: false
   hipchat:
@@ -7,7 +11,7 @@ notifications:
     template:
     - 'Gem - %{repository} #%{build_number} (%{build_url}) by %{author}: %{message}'
 rvm:
-- 2.0.0
+- 2.4.0
 deploy:
   provider: rubygems
   api_key:

data/README.md

@@ -8,7 +8,7 @@ Executable gem that composes hiera configuration and facts and execute puppet ap
 
 ## Usage
 
-*  puppet-runner (prepare|all) [-c CONFIG_DIR] [-t TEMPLATES] [-d DESTINATION_DIR] [-f FACTS_DEST] [-s SERVERNAME] [-r PUPPETFILE_CONFIG] [-o PUPPETFILE_OUTPUT_PATH] [-e EYAML_KEY_PATH]
+*  puppet-runner (prepare|all) [-c CONFIG_DIR] [-t TEMPLATES] [-d DESTINATION_DIR] [-f FACTS_DEST] [-s SERVERNAME] [-r PUPPETFILE_CONFIG] [-o PUPPETFILE_OUTPUT_PATH] [-e EYAML_KEY_PATH] [-x CUSTOM_FACTS_DIR]
 *  puppet-runner start [-p PUPPET_APPLY]
 *  puppet-runner -h | --help
 
@@ -101,6 +101,271 @@ With this setup we define prefix -> substitution_string pair for each prefix in
 
 "hostname"_facts.yaml - must contain all prefixed custom facts to customize the setup 
 
+### Fact Metadata
+
+The defaults file contains all the facts (variables) that are needed to run the tempalte, the basic format of this is:
+```
+fact_name: 'fact_value'
+```
+
+So in this instance fact_name will have a default value of fact_value, which can be overiden by the user in their own facts file.
+
+However it is also possible to add metadata to the facts by changing the format, the current metadata is `comment` and `type`, this extened format looks like:
+
+```
+fact_name:
+    value: 'fact_value'
+    comment: 'this is an important fact'
+    type: 'string'
+```
+
+The two metadata values are:
+`comment` - This is a description for the fact to help identify what it is for, it is added above the fact in the reultant facts files written by puppet-runner
+`type` - This identifies the data type of the fact, by default if this meatadata is not set the value defaults to `string`, current valid types are:
+**string**
+**boolean**
+**nilable**
+
+### Fact Types
+
+As mentioned above it is possible to assign a "type" metadata element to each fact, the reasons is that facter delivers all its data as a string, this can cause issues so the "type" metadata allows puppet-runner to do something special for other data typs:
+
+#### string
+
+All data is passed by default as a string, setting the type to string does not do anythign special
+
+#### boolean
+
+If the type is set to boolean this tells puppet-runner that we want to pass in true boolean values, a conversion from the string value into true boolean is attempted.  If the conversions is successfull the fact reference in the final compiled hiera document (/etc/puppet/hiera/<HOSTNAME>.eyaml) would be replaced with the actual boolean value so that puppet does not recive its string representation.
+
+Example:
+
+Template
+```
+---
+  
+prefixes:
+    - yum_
+
+classes:
+    - yum
+
+dependencies:
+  - yum
+  - puppi
+
+yum::defaultrepo: "%{::yum_defaultrepo}"
+```
+
+If the defaults does not use metadata (or uses a type of string) and the facts are set as below
+```
+---
+  
+yum_defaultrepo: "true"
+```
+
+Then the value writen into /etc/puppet/hiera/<HOSTNAME>.eyaml would be 
+
+```
+yum::defaultrepo: "%{::yum_defaultrepo}"
+```
+
+Whereas if the default was set to boolean as below:
+```
+---
+  
+yum_defaultrepo: 
+  value: "true"
+  type: "boolean"
+```
+
+Then the value writen into /etc/puppet/hiera/<HOSTNAME>.eyaml would be 
+
+```
+yum::defaultrepo: true
+```
+
+#### nilable
+
+If the type is set to nilable this tells puppet-runner that we want to pass in a nil/undef (null) value instead of an empty string, if the fact value is blank '' it will be converted into a tilda (~) as this is the nil representation  in hiera.  If the conversions is successfull the fact reference in the final compiled hiera document (/etc/puppet/hiera/<HOSTNAME>.eyaml) would be replaced with a tilda.  Please note this only works for puppet variables that are defaulted in the code to undef, if they have a value passing nil to them will result in the code default still being set
+
+Example:
+
+Template
+```
+---
+classes:
+  - artifactory
+
+
+artifactory::conf:
+    tarball_location_file: "%{::artifactory_file_location}"
+    tarball_location_url:  "%{::artifactory_url_location}"
+    .........
+```
+
+If the defaults does not use metadata (or uses a type of string) and the facts are set as below
+```
+---
+  
+artifactory_file_location: '/tmp/file.zip'
+artifactory_url_location: 
+```
+
+They are therefore both mandatory fileds and puppet-runner will ask for you to give a value for both, however in reality these are mutually exclusive, one will take precident over the other so passing them both could have unforseen consequences.
+
+The other otpion is to set the facts to be empty string, however this still passed an empty string into puppet which, unless the code has been written to discount that, could still cause issues:
+```
+artifactory_file_location: '/tmp/file.zip'
+artifactory_url_location: ''
+```
+
+Then the value writen into /etc/puppet/hiera/<HOSTNAME>.eyaml would be 
+
+```
+artifactory::conf:
+    tarball_location_file: "%{::artifactory_file_location}"
+    tarball_location_url:  "%{::artifactory_url_location}"
+```
+
+Whereas if the metadata type was set to nilable and a value of '' (empty string is supplied)  in the defaults
+```
+---
+  
+artifactory_file_location:
+  value: ''
+  comment: 'blah'
+  type: 'nilable'
+artifactory_url_location: 
+  value: ''
+  comment: 'other blah'
+  type: 'nilable'
+```
+
+And the facts were set with a value for one and empty string for the other as below:
+```
+artifactory_file_location: '/tmp/file.zip'
+artifactory_url_location: ''
+```
+
+Then the value writen into /etc/puppet/hiera/<HOSTNAME>.eyaml would be 
+
+```
+artifactory::conf:
+    tarball_location_file: "%{::artifactory_file_location}"
+    tarball_location_url:  ~
+```
+
+### Inter fact references
+
+There are a number of occasions where you may want one fact to point to the value of another, either because you want it to be exactly the same or you want your fact to be a superset of the other, puppet-runner will evaluate facts that reference another fact and present the last fact reference to puppet, the resolution will recursivly resolve facts down to their base fact to a max depth of 5, after which it will stop in order to prevent infinite loops, this will cause a failure of the fact lookup.
+
+#### Example 1: Fact directly referneces another fact
+
+In this example we want our fact to reference another, in this example we will point a custom fact at a system fact (although you can point it at any fact, system or custom)
+
+**template:**
+````
+---
+  
+prefixes:
+  - vpn_snat_
+
+classes:
+  - fw
+
+dependencies:
+  - fw
+  - firewall
+  - stdlib
+
+fw::rules: &fw_rules
+  "%{::vpn_snat_description}":
+      chain: "%{::vpn_snat_chain}"
+      tosource: "%{::vpn_snat_tosource}"
+      jump: "%{::vpn_snat_jump}"
+      source: "%{::vpn_snat_source}"
+      table: "%{::vpn_snat_table}"
+      proto: "%{::vpn_snat_proto}"
+````
+
+We want the `tosource` value to be set with the IP address for the servers eth0 adapter, there is already a system fact for this `ipaddress_eth0` 
+
+We set the facts as below:
+
+````
+vpn_snat_description: '000 VPN SNAT Configuration'
+vpn_snat_chain: 'POSTROUTING'
+vpn_snat_tosource: "%{::ipaddress_eth0}"
+vpn_snat_jump: 'SNAT'
+vpn_snat_source: '172.28.254.0/23'
+vpn_snat_table: 'nat'
+vpn_snat_proto: 'all'
+````
+
+Pupet-runner will resolve the `vpn_snat_tosource` faqt down to the first fact it references, which is `ipaddress_eth0`, as a result the value writen into /etc/puppet/hiera/<HOSTNAME>.eyaml would be 
+
+````
+fw::rules: &fw_rules
+  "%{::vpn_snat_description}":
+      chain: "%{::vpn_snat_chain}"
+      tosource: "%{::ipaddress_eth0}"
+      jump: "%{::vpn_snat_jump}"
+      source: "%{::vpn_snat_source}"
+      table: "%{::vpn_snat_table}"
+      proto: "%{::vpn_snat_proto}"
+````
+
+#### Example 2: Fact includes another fact as part of its value
+
+In this example we want our fact to be a superset of another fact.
+
+**template:**
+````
+---
+
+prefixes:
+  - tripwire_
+
+classes:
+  - tripwire
+
+dependencies:
+  - tripwire
+  - stdlib
+  - concat
+
+tripwire::local_passphrase: '%{::tripwire_local_passphrase}'
+tripwire::site_passphrase: '%{::tripwire_site_passphrase}'
+tripwire::tripwire_email: '%{::tripwire_tripwire_email}'
+tripwire::tripwire_policy_file: '%{::tripwire_tripwire_policy_file}'
+````
+
+We want the `site_passphrase` value to be the same as `local_passphrase` but with _LOCAL at the end
+
+We set the facts as below:
+
+````
+tripwire_global_passphrase: 'super_secret'
+tripwire_local_passphrase: "%{::tripwire_site_passphrase}_LOCAL"
+tripwire_site_passphrase: "%{::tripwire_global_passphrase}
+tripwire_tripwire_email: 'blackhole'
+tripwire_tripwire_policy_file: 'false'
+````
+ 
+Note here we have added a custom fact that is not references in any template or default, this will still be avaliable via facter in the normal way.
+
+The fact `tripwire_site_passphrase` will resolve down to `tripwire_global_passphrase` as in the previous example, however the fact `tripwire_local_passphrase` will be resolved twice (once to `tripwire_site_passphrase` and then again down to `tripwire_global_passphrase`)
+
+As a result the value writen into /etc/puppet/hiera/<HOSTNAME>.eyaml would be 
+
+````
+tripwire::local_passphrase: '%{::tripwire_global_passphrase}_LOCAL'
+tripwire::site_passphrase: '%{::tripwire_global_passphrase}'
+tripwire::tripwire_email: '%{::tripwire_tripwire_email}'
+tripwire::tripwire_policy_file: '%{::tripwire_tripwire_policy_file}'
+````
+
 #### TEMPLATES
 Must contain 2 subdirectories.
 - templates - template yaml files
@@ -151,10 +416,16 @@ Path to output Puppetfile.
 *  -d DESTINATION_DIR --dest_dir DESTINATION_DIR   Directory for result hiera config.
 *  -t TEMPLATES --templates TEMPLATES              Directory containing templates and defaults folder with functionality templates and default facts
 *  -f FACTS_DEST --facts_dest_dir FACTS_DEST       Destination directory to store result facts
+*  -x CUSTOM_FACTS_DIR --custom_facts_dir CUSTOM_FACTS_DIR                   Directory containing yaml files with custom facts that will be merged with ones from <hostname>_facts.yaml, custom facts can overwrite them 
 *  -r PUPPETFILE_CONFIG --puppetfile_config puppetfile_config                Puppetfile composition config file
 *  -o PUPPETFILE_OUTPUT_PATH --puppetfile_output_path PUPPETFILE_OUTPUT_PATH Result Puppetfile path
 *  -e EYAML_KEY_PATH --eyaml_key_pair EYAML_KEY_PATH                         Path to eyaml encryption key pair
 *  -p PUPPET_APPLY --puppet_apply PUPPET_APPLY                               Custom puppet apply command to run
+*    -k --keep-facts                                                        Flag to keep the encrypted facts file in /tmp for analysis
+*  -n --dry-run                                                              Flag to indicate puppet should run in dry run mode (--noop), this also sets the verbose flag to true
+*  -v --verbose                                                              Flag to indicate that all output from puppet apply should be displayed instead of just stdout
+Commands:
+
 
 Commands:
 

data/bin/puppet-runner

@@ -21,13 +21,14 @@ require 'deep_merge'
 require 'docopt'
 require 'colorize'
 require 'facter'
+require 'avst/string_ext'
 
 doc = <<DOCOPT
 Adaptavist puppet runner
 
 Usage:
-  puppet-runner (prepare|all) [-c CONFIG_DIR] [-t TEMPLATES] [-d DESTINATION_DIR] [-f FACTS_DEST] [-s SERVERNAME] [-p PUPPET_APPLY] [-r PUPPETFILE_CONFIG] [-o PUPPETFILE_OUTPUT_PATH] [-e EYAML_KEY_PATH]
-  puppet-runner start [-p PUPPET_APPLY]
+  puppet-runner (prepare|all) [-c CONFIG_DIR] [-t TEMPLATES] [-d DESTINATION_DIR] [-f FACTS_DEST] [-s SERVERNAME] [-p PUPPET_APPLY] [-r PUPPETFILE_CONFIG] [-o PUPPETFILE_OUTPUT_PATH] [-e EYAML_KEY_PATH] [-m MODULE_PATH] [-x CUSTOM_FACTS_DIR] [-k] [-n] [-v]
+  puppet-runner start [-p PUPPET_APPLY] [-m MODULE_PATH] [-n] [-v]
   puppet-runner -h | --help
 
 Options:
@@ -37,10 +38,15 @@ Options:
   -d DESTINATION_DIR --dest_dir DESTINATION_DIR                             Directory for result hiera config.
   -t TEMPLATES --templates TEMPLATES                                        Directory containing templates and defaults folder with functionality templates and default facts
   -f FACTS_DEST --facts_dest_dir FACTS_DEST                                 Destination directory to store result facts
+  -x CUSTOM_FACTS_DIR --custom_facts_dir CUSTOM_FACTS_DIR                   Directory containing yaml files with custom facts that will be merged with ones from <hostname>_facts.yaml, custom facts can overwrite them 
+  -m MODULE_PATH --module_path MODULE_PATH                                  Path to find puppet modules, can be colon (:) delimited
   -p PUPPET_APPLY --puppet_apply PUPPET_APPLY                               Custom puppet apply command to run
   -r PUPPETFILE_CONFIG --puppetfile_config puppetfile_config                Puppetfile composition config file
   -o PUPPETFILE_OUTPUT_PATH --puppetfile_output_path PUPPETFILE_OUTPUT_PATH Result Puppetfile path
   -e EYAML_KEY_PATH --eyaml_key_path EYAML_KEY_PATH                         Path to eyaml encryption key pair
+  -k --keep-facts                                                           Flag to keep the encrypted facts file in /tmp for analysis
+  -n --dry-run                                                              Flag to indicate puppet should run in dry run mode (--noop), this also sets the verbose flag to true
+  -v --verbose                                                              Flag to indicate that all output from puppet apply should be displayed instead of just stdout
 Commands:
   all           Runs the following commands prepare, start 
   start         Runs puppet apply 
@@ -95,6 +101,45 @@ def extract_comment_from_hash(input)
   res
 end
 
+def extract_type_from_hash(input)
+  res = {}
+  if input
+    res = input.map{|key, val|
+      if val != nil
+        type = 'string'
+        if val.is_a?(Hash) and  val["type"] != nil
+           type = val["type"]
+        end
+      end
+      {type => key }
+    }
+  end
+  res
+end
+
+# function to resolve inter fact references, it should return the last fact name (not value)
+def resolve_fact(fact_name, max_depth=5, current_depth=0)
+  final_val = nil
+  fact_name = fact_name.sub(/%{::/,'').sub(/}/,'')
+  if max_depth == current_depth
+    warning "Fact resolution has reached a depth of 5 facts, aborting lookup"
+  else
+    # attempt to get value
+    val = $all_facts[fact_name] || Facter.value(fact_name) || nil
+
+    if val == "%{::#{fact_name}}"
+      warning "Fact resolves to itself, skipping"
+    elsif val.instance_of?(String) and val.match(/%{::.*.}/)
+      val = resolve_fact(val,max_depth, current_depth + 1)
+    else
+      val = "%{::#{fact_name}}"
+    end
+    final_val = val
+  end
+  final_val
+end
+
+
 begin
     options = Docopt::docopt(doc)
 rescue Docopt::Exit => e
@@ -102,17 +147,21 @@ rescue Docopt::Exit => e
 end
 
 stop_apply = false
+keep_facts = false
 
 if options['all'] || options['prepare']
     input_dir = options["--config_dir"] || options["-c"] 
     dest_dir = options["--dest_dir"] || options["-d"]
     facts_dest_dir = options["--facts_dest_dir"] || options["-f"]
+    custom_facts_dir = options["--custom_facts_dir"] || options["-x"] || nil
     templates = options["--templates"] || options["-t"]
     puppetfile_config_path = options["--puppetfile_config"] || options["-r"]
     puppetfile_output_path = options["--puppetfile_output_path"] || options["-o"]
     eyaml_key_path = options["--eyaml_key_path"] || options["-e"] || "/etc/puppet/config"
     hostname = options["--servername"] || options["-s"] || Facter.value("hostname")
     puts "Hostname #{hostname}"
+    keep_facts = true if options["-k"] or options["--keep-facts"]
+    
 
     config_file_path = path_join_glob(input_dir, hostname+".yaml")
     templates_dir = path_join_glob(templates, "templates")
@@ -150,6 +199,8 @@ if options['all'] || options['prepare']
     prefixed_facts_comments = {}
     puppetfile_config = YAML.load_file(puppetfile_config_path) || {}
     puppetfile_dependencies = []
+    global_data_types = []
+    nil_transform_present = false
       # functionalities:
       # # In honor of Henry... 
       #   1_app:
@@ -189,6 +240,9 @@ if options['all'] || options['prepare']
 
             fact_comments_as_string = extract_comment_from_hash(default_facts).to_s
             
+            # get a list of each fields type if set (if not they will report as strings)
+            data_types = extract_type_from_hash(default_facts)
+            
             if to_add.is_a?(Hash)
               # if prefixes are not defined skip replacing
               if prefixes
@@ -205,6 +259,13 @@ if options['all'] || options['prepare']
                         facts_as_string = facts_as_string.gsub(/#{prefix}/, "#{replace_prefixes_with}")
                         fact_comments_as_string = fact_comments_as_string.gsub(/#{prefix}/, "#{replace_prefixes_with}")
                         prefixed_required_facts = prefixed_required_facts.merge(required_facts.map! { |item| item.gsub(/#{prefix}/, "#{replace_prefixes_with}") })
+                        if !data_types.empty?
+                          data_types.each do | transform |
+                            transform.each do|key, value|
+                              transform[key] = value.gsub(/#{prefix}/, "#{replace_prefixes_with}")
+                            end
+                          end
+                        end
                       end
                     end
                   end
@@ -217,6 +278,13 @@ if options['all'] || options['prepare']
                     facts_as_string = facts_as_string.gsub(/#{prefix}/, "#{replace_prefixes_with}")
                     fact_comments_as_string = fact_comments_as_string.gsub(/#{prefix}/, "#{replace_prefixes_with}")
                     prefixed_required_facts = prefixed_required_facts.merge(required_facts.map! { |item| item.gsub(/#{prefix}/, "#{replace_prefixes_with}") })
+                    if !data_types.empty?
+                      data_types.each do | transform |
+                        transform.each do|key, value|
+                          transform[key] = value.gsub(/#{prefix}/, "#{replace_prefixes_with}")
+                        end
+                      end
+                    end
                   end
                 end
               end
@@ -231,6 +299,9 @@ if options['all'] || options['prepare']
               default_fact_comments = extract_comment_from_hash(plain_facts)  
               prefixed_required_facts = prefixed_required_facts.merge(required_facts)
             end
+            # add the "local" data type list to the global one
+            global_data_types.push(*data_types)
+
             result_template.deep_merge!(template)
             # default_facts_prefixed is Array of hashes as the result of map, this will create hash from it
             result_default_facts.merge!(default_facts_prefixed.reduce Hash.new, :merge)
@@ -240,20 +311,107 @@ if options['all'] || options['prepare']
           end
         end
       end
-      # Write results
-      File.open(output_file_path, 'w+') do |output_file|
-        YAML.dump(result_template, output_file)
-      end
       custom_facts_path = path_join_glob(input_dir, "#{hostname}_facts.yaml")
       custom_facts = YAML.load_file(custom_facts_path) || {}
+
+      # add a fact for the localtion of facter
+      custom_facts['facter_file_location'] = output_facts_file_path
+
       File.open(output_encrypted_facts_file_path, 'w+') do |output_file|
         output_result_default_facts = result_default_facts.deep_merge!(custom_facts, {:merge_hash_arrays => true}).to_yaml
+      
+        # convert final facts to hash for inter fact resolution and also for potential transformations later
+        $all_facts = YAML.load(output_result_default_facts)
+
+        #convert result templat to string
+        result_template = result_template.to_s
+
+        # loop through facts looking for any that reference other facts
+        $all_facts.each do | fact_key, fact_val |
+          if fact_val.instance_of?(String) and fact_val.match(/%{::.*.}/)
+            debug "Fact #{fact_key} references another fact or facts"
+            # find each instance of a fact within the value (it may contain multiple facts
+            # i.e "TEST%{::fact1}TEST%{::fact2}"
+            fact_val.gsub(/}/,"}\n").scan(/%{::.*.}/).each do | fact |
+              # resolve the fact down to its last reference to another fact (not the end value)
+              resolved_fact = resolve_fact(fact)
+              # if the resolved fact name is not the same as the original fact we found referenced
+              # then replace the value in fact_val
+              if !resolved_fact.nil? and resolved_fact != fact
+                fact_val = fact_val.gsub(/#{fact}/,"#{resolved_fact}")
+              end
+            end
+            debug "Attempting to replace fact '#{fact_key}' with value '#{fact_val}' in compiled template"
+            # replace the original fact reference in the template with the resovled value
+            # this is done before global teansformation as they may change the final value again
+            result_template = result_template.gsub(/\"\%{::#{fact_key}}\"/, "\"#{fact_val}\"")
+          end
+        end
+
+        # add comments above any fact lines
         prefixed_facts_comments.each do |pattern, replacement|
           if replacement != nil
             output_result_default_facts.gsub!(/^#{pattern}/, "\##{replacement}\n#{pattern}")
           end
         end
-        output_file.write(output_result_default_facts)
+
+        # merge custom facts if parameter provided
+        custom_facts_all = {}
+        if (custom_facts_dir)
+          Dir.glob("#{custom_facts_dir}/*.yaml").sort.each do |custom_facts_file|
+            custom_facts_from_file = YAML.load_file(custom_facts_file) || {}
+            custom_facts_all.merge!(custom_facts_from_file)
+          end
+        end
+        # merge, prefer custom facts
+        merged_all_facts = YAML.load(output_result_default_facts).merge!(custom_facts_all)
+
+        # write the temp encrypted facts file
+        output_file.write(merged_all_facts.to_yaml)
+
+        # now that the merged final facts are present look for any global transformations to apply 
+        # global transformations are currently either booleans that need to be expressed directly in 
+        # the output file or nilable values that need to be expressed as unquoted tildas (~)
+        if !global_data_types.empty?
+          global_data_types.each do | transform |
+            transform.each do|transform_type, transform_value|
+              begin
+                if transform_type == 'boolean'
+                  debug "Attempting to replace boolean value for fact #{transform_value}"
+                  # convert the fact to boolean and then back to string during the replace, this allows validation that the fact is actually a boolean
+                  result_template = result_template.gsub(/\"\%{::#{transform_value}}\"/, $all_facts[transform_value].to_bool.to_s)
+                elsif transform_type == 'nilable'
+                  # replace fact reference with tilda if the value is nil, empty or already a tilda
+                  # due to issues with ruby hash values being unquoted we will quote it now and remove the quotes later
+                  if $all_facts[transform_value].nil? or $all_facts[transform_value].empty? or $all_facts[transform_value] == "~"
+                    debug "Attempting to replace nilable value for fact #{transform_value}"
+                    # replace value with tilda
+                    result_template = result_template.gsub(/\"\%{::#{transform_value}}\"/, '"~"')
+                    # identify that we have made at least one nil transformation 
+                    nil_transform_present = true
+                  end
+                end
+              rescue
+                warning "Unable to convert fact #{transform_value} with value #{all_facts[transform_value]} into #{transform_type}, conversion will be skipped"
+              end
+            end
+          end
+        end
+      end
+
+      # convert result_template back to hash
+      result_template = eval(result_template)
+
+      # Write results
+      File.open(output_file_path, 'w+') do |output_file|
+        YAML.dump(result_template, output_file)
+      end
+
+      # hack to get around the fact we have to pass tilda as quoted earlier
+      if nil_transform_present
+        compiled_hiera = File.read(output_file_path)
+        replaced_hiera = compiled_hiera.gsub('"~"', '~')
+        File.open(output_file_path, "w") {|new_hiera| new_hiera.puts replaced_hiera}
       end
       
       # decrypt facts file because Puppet doesn't appear to be able to read encrypted facts
@@ -298,7 +456,20 @@ if options['all'] || options['prepare']
         end
         output_file.write(decrypted.join)
       end
+
+      # unless asked not to, attempt to remove the encrypted facts file
+      if keep_facts
+        debug "Removal of tmp encrypted facts file #{output_encrypted_facts_file_path} skipped at users request"
+      else
+        debug "Attempting to remove tmp encrypted facts file #{output_encrypted_facts_file_path}"
+        begin
+          FileUtils.rm output_encrypted_facts_file_path
+        rescue
+          warning "Unable to remove tmp encrypted facts file #{output_encrypted_facts_file_path}"
+        end
+      end
       
+      # create puppetfile from the dictionary
       File.open(puppetfile_output_path, 'w+') do |output_file|
         header = "#!/usr/bin/env ruby\n\n"
         output_file.write(header)
@@ -334,16 +505,58 @@ if options['all'] || options['prepare']
 end
 
 
-# start puppet 
+# start puppet
 if (options['start'] || options['all']) && !stop_apply
     require 'puppet'
-    modulefile_definition = Gem::Version.new(Puppet.version) > Gem::Version.new('4.0.0') ? '--modulepath /etc/puppet/modules' : ''
-    puppet_command = "sudo su -c 'source /usr/local/rvm/scripts/rvm; puppet apply /etc/puppet/manifests/site.pp --confdir=/etc/puppet  --verbose --detailed-exitcodes #{modulefile_definition}'"
+
+    #  set dry run option if the flag has been set
+    if options["-n"] or options["--dry-run"]
+      dry_run = '--noop'
+      verbose_output = true
+    else
+      dry_run = ''
+    end
+
+    # if the user has specified a module path pass it to puppet
+    if options["--module_path"]
+      modulefile_definition = "--modulepath #{options['--module_path']}"
+    elsif options["-m"]
+      modulefile_definition = "--modulepath #{options['-m']}"
+    # if no modulepath has been set default to /etc/puppet/modules for puppet 4 and above and blank for older versions 
+    else
+      modulefile_definition = Gem::Version.new(Puppet.version) > Gem::Version.new('4.0.0') ? '--modulepath /etc/puppet/modules' : ''
+    end
+
+    # construct defaut puppet apply command
+    puppet_command = "sudo su -c 'source /usr/local/rvm/scripts/rvm; puppet apply #{dry_run} /etc/puppet/manifests/site.pp --confdir=/etc/puppet  --verbose --detailed-exitcodes #{modulefile_definition}'"
+    
+    # if a custom puppet apply command has been set use if, otherwise use the default generated above
     to_execute = options["--puppet_apply"] || options["-p"] || puppet_command
     debug "Running #{to_execute}"
+    
+    # execute puppet apply and capture return code
     `#{to_execute}`
     exit_code = $?.exitstatus
-    if exit_code != 2
+
+    # attempt to remove the fact file as its unencrypted (we do not care about exit status)
+    fact_file_location = Facter.value("facter_file_location")
+    if fact_file_location 
+      if File.file?(fact_file_location)
+        debug "Attempting to remove fact file #{fact_file_location}"
+        begin
+          FileUtils.rm fact_file_location
+        rescue
+          warning "Unable to remove facts file #{fact_file_location}.\nPlease urgently remove this as it holds unencrypted values"
+        end
+      end
+    else
+      warning "Unable to locate Facts file, please urgently locate and remove this as it holds unencrypted values"
+    end
+
+    # if we see a bad exit code report it, for refrerence good codes are:
+    # 0: The run succeeded with no changes or failures; the system was already in the desired state.
+    # 2: The run succeeded, and some resources were changed.
+    if exit_code != 2 and exit_code != 0
       raise "execute_puppet exit status: #{exit_code}"
     end
 end

data/lib/avst/string_ext.rb

@@ -0,0 +1,7 @@
+class String
+    def to_bool
+        return true if self == true || self =~ (/(true|t|yes|y|1)$/i)
+        return false if self == false || self.empty? || self.nil? || self =~ (/(false|f|no|n|0)$/i)
+        raise ArgumentError.new("invalid value for Boolean: \"#{self}\"")
+    end
+end 

data/puppet-runner.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "puppet-runner"
-  spec.version       = "0.0.18"
+  spec.version       = "0.0.26"
   spec.authors       = ["Martin Brehovsky", "Matthew Hope"]
   spec.email         = ["mbrehovsky@adaptavist.com"]
   spec.summary       = %q{Preprocessor for hiera config}
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "bundler", "2.2.10"
   spec.add_development_dependency "rake"
   spec.add_dependency "docopt", ">= 0.5.0"
   spec.add_dependency "colorize", ">= 0.7.3"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppet-runner
 version: !ruby/object:Gem::Version
-  version: 0.0.18
+  version: 0.0.26
 platform: ruby
 authors:
 - Martin Brehovsky
@@ -9,22 +9,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-15 00:00:00.000000000 Z
+date: 2021-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.10
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -140,6 +140,7 @@ files:
 - README.md
 - Rakefile
 - bin/puppet-runner
+- lib/avst/string_ext.rb
 - puppet-runner.gemspec
 - test/configs/defaults/confluence.yaml
 - test/configs/defaults/connector_proxy.yaml
@@ -171,8 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Preprocessor for hiera config