puppet-validator 0.0.7 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c3dc256dd81faa824703173a618ee04e5744afa2
-  data.tar.gz: 6beb62e29d7b8b49bb2441b0e9414cdae0dd3760
+  metadata.gz: 67c8ee96635e89f10fdb0562b7c34444aaa46090
+  data.tar.gz: 832192f6b3ee57c0f418fe86d12dbc2dbdd99c4a
 SHA512:
-  metadata.gz: 9270323f2c725c7389883ca0f2c180132b4074b9fee02401b9a64a0bae35fd9e2bc2753b1700aecc3b0e3b1fcc564b6e15f06107e146c30d96683fc07fbfc646
-  data.tar.gz: 728b48f8044fe6e9703212eeb79a997543e1b49d339da39887f810598e4aba28a735bd5f107497422e1f1b5355489dd7acd05a710122ea9bceaca6a4d0c3e86c
+  metadata.gz: be779caf3b0cd291459dcb74c4b48608e6e731babfa3fbb42bbf76b054a349dc3e600d2319c9fe27c08741a84222dccc561ffbc564641871748f6088d566866d
+  data.tar.gz: b52bfc8a76c77bfd87661dbb964a85411c628f3e5c7c17d4d97b3bf05c757d67e95569b260a2f8d91d1af46aa2e21771ff84c33af08811d68dc86937f7a8c636

data/README.md

@@ -29,7 +29,11 @@ Options:
                                         /var/log/puppet-validator if no filename is passed.
     -p, --port PORT                  Port to listen on. Defaults to 9000.
     -t, --theme THEMEDIR             Path to the theme directory.
-
+    -x, --csrf                       Protect from cross site request forgery. Requires code to be
+                                        submitted for validation via the webpage.
+    -g, --graph                      Generate relationship graphs from validated code. Requires
+                                        `graphviz` to be installed.
+    
     -h, --help                       Displays this help
 
 #### Integrating with Middleware
@@ -80,8 +84,23 @@ logger.level = Logger::WARN
 PuppetValidator.set :puppet_versions, Dir.glob('*').select {|f| File.symlink? f and File.readlink(f) == '.' }
 PuppetValidator.set :root, File.dirname(__FILE__)
 PuppetValidator.set :logger, logger
+
+# List out the lint checks you want disabled. By default, this will enable
+#   all installed checks. puppet-lint --help will list known checks.
+#
 PuppetValidator.set :disabled_lint_checks, ['80chars']
 
+# Protect from cross site request forgery. With this set, code may be
+#   submitted for validation by the website only.
+#
+# Note: This will currently break multiple version validation.
+PuppetValidator.set :csrf, false
+
+# Provide the option to generate relationship graphs from validated code.
+#   This requires that the `graphviz` package be installed.
+#
+PuppetValidator.set :graph, false
+
 run PuppetValidator
 ```
 

data/bin/grapher

@@ -0,0 +1,44 @@
+#! /usr/bin/env ruby
+require 'puppet'
+require 'graphviz'
+
+Puppet.initialize_settings
+
+Puppet[:code] = <<-EOF
+
+notify { 'hello there':
+  require => File['/tmp/foo'],
+}
+file { '/tmp/foo':
+  ensure => file,
+}
+notify { 'goodbye':
+  require => File['/tmp/nope'],
+}
+
+file{'/tmp/nope':}
+
+poodles{'oogles': }
+
+define poodles {}
+  EOF
+
+
+node    = Puppet::Node.indirection.find(Puppet[:node_name_value])
+catalog = Puppet::Resource::Catalog.indirection.find(node.name, :use_node => node).to_ral
+
+#catalog.vertices.each { |v| catalog.remove_vertex! v if v.is_a? Puppet::Type::Stage }
+#catalog.vertices.each { |v| catalog.remove_vertex! v if v.is_a? Puppet::Type::Component }
+
+graph   = catalog.relationship_graph.to_dot
+
+GraphViz.parse_string(graph) do |graph|
+  graph[:label] = 'Resource Relationships'
+
+  w = graph.get_node('Whit[Admissible_class[Main]]')
+  w[:label] = 'Start'
+
+  w = graph.get_node('Whit[Completed_class[Main]]')
+  w[:label] = 'Finish'
+
+end.output(:svg => "sample.svg")

data/bin/puppet-validator

@@ -10,6 +10,8 @@ options = {
   :host           => '0.0.0.0',
   :bind           => '0.0.0.0',
   :root           => gemroot,
+  :csrf           => false,
+  :graph          => false,
 }
 logfile  = $stderr
 loglevel = Logger::WARN
@@ -45,6 +47,14 @@ optparse = OptionParser.new { |opts|
         options[:root] = arg
     end
 
+    opts.on("-x", "--csrf", "Protect from cross site request forgery. Requires code to be submitted for validation via the webpage.") do
+        options[:csrf] = true
+    end
+
+    opts.on("-g", "--graph", "Generate relationship graphs from validated code. Requires `graphviz` to be installed.") do
+        options[:graph] = true
+    end
+
     opts.separator('')
 
     opts.on("-h", "--help", "Displays this help") do

data/config.ru

@@ -7,6 +7,21 @@ logger.level = Logger::WARN
 PuppetValidator.set :puppet_versions, Dir.glob('*').select {|f| File.symlink? f and File.readlink(f) == '.' }
 PuppetValidator.set :root, File.dirname(__FILE__)
 PuppetValidator.set :logger, logger
+
+# List out the lint checks you want disabled. By default, this will enable
+#   all installed checks. puppet-lint --help will list known checks.
+#
 PuppetValidator.set :disabled_lint_checks, ['80chars']
 
+# Protect from cross site request forgery. With this set, code may be
+#   submitted for validation by the website only.
+#
+# Note: This will currently break multiple version validation.
+PuppetValidator.set :csrf, false
+
+# Provide the option to generate relationship graphs from validated code.
+#   This requires that the `graphviz` package be installed.
+#
+PuppetValidator.set :graph, false
+
 run PuppetValidator

data/lib/puppet-validator.rb

@@ -5,6 +5,7 @@ require 'puppet'
 require 'puppet/parser'
 require 'puppet-lint'
 
+require 'graphviz'
 require 'nokogiri'
 require 'cgi'
 
@@ -21,17 +22,19 @@ class PuppetValidator < Sinatra::Base
   before do
     env["rack.logger"] = settings.logger if settings.logger
 
-    session[:csrf] ||= SecureRandom.hex(32)
-    response.set_cookie 'authenticity_token', {
-      :value   => session[:csrf],
-      :expires => Time.now + (60 * 60 * 24),
-    }
+    if settings.csrf
+      session[:csrf] ||= SecureRandom.hex(32)
+      response.set_cookie 'authenticity_token', {
+        :value   => session[:csrf],
+        :expires => Time.now + (60 * 60 * 24),
+      }
+    end
   end
 
   def initialize(app=nil)
     super(app)
 
-    Puppet.initialize_settings if Puppet.version.to_i == 3 and Puppet.settings[:confdir].nil?
+    Puppet.initialize_settings rescue nil
 
     # there must be a better way
     if settings.respond_to? :disabled_lint_checks
@@ -114,6 +117,7 @@ class PuppetValidator < Sinatra::Base
         acc.merge({item[:line] => "#{item[:kind].upcase}: #{item[:message]}"})
       end.to_json
 
+      @relationships = rendered_dot(@code) if params['relationships'] == 'on'
     else
       @message = "Submitted code size is #{request.body.size}, which is larger than the maximum size of #{MAXSIZE}."
       @status  = :fail
@@ -130,6 +134,7 @@ class PuppetValidator < Sinatra::Base
   helpers do
 
     def safe?
+      return true unless settings.csrf
       if session[:csrf] == params['_csrf'] && session[:csrf] == request.cookies['authenticity_token']
         true
       else
@@ -198,5 +203,40 @@ class PuppetValidator < Sinatra::Base
       PuppetLint.configuration.checks.map {|check| check.to_s}
     end
 
+    def rendered_dot(code)
+      return unless settings.graph
+
+      begin
+        Puppet::Node::Facts.indirection.terminus_class = :memory
+        Puppet::Node.indirection.cache_class = nil
+        node    = Puppet::Node.indirection.find(Puppet[:node_name_value])
+        catalog = Puppet::Resource::Catalog.indirection.find(node.name, :use_node => node)
+
+        catalog.remove_resource(catalog.resource("Stage", :main))
+        catalog.remove_resource(catalog.resource("Class", :settings))
+
+        graph   = catalog.to_ral.relationship_graph.to_dot
+
+        svg = GraphViz.parse_string(graph) do |graph|
+          graph[:label] = 'Resource Relationships'
+
+          graph.each_node do |name, node|
+            next unless name.start_with? 'Whit'
+            newname = name.dup
+            newname.sub!('Admissible_class', 'Starting Class')
+            newname.sub!('Completed_class', 'Finishing Class')
+            node[:label] = newname[5..-2]
+          end
+        end.output(:svg => String)
+
+      rescue => detail
+        logger.warn detail.message
+        logger.debug detail.backtrace.join "\n"
+        return { :status => false, :message => detail.message }
+      end
+
+      { :status => true, :data => svg }
+    end
+
   end
 end

data/public/relationships.html

@@ -0,0 +1,59 @@
+<html>
+<head>
+  <title>Puppet Validator</title>
+  <link rel="stylesheet" href="styles.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
+</head>
+<body>
+  <a href="https://github.com/puppetlabs/puppet-validator"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://camo.githubusercontent.com/365986a132ccd6a44c23a9169022c0b5c890c387/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f7265645f6161303030302e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"></a>
+  <h1>Interpreting Relationship Graphs</h1>
+  <p>
+    This tool will compile a catalog, using <em>only the information you provide</em>.
+    This means that all facts will be empty, and custom resources types, such as the
+    <em>mysql_grant</em> type (installed via the <code>puppetlabs/mysql</code> module)
+    will cause an <code>unknown resource type</code> failure.
+  </p>
+  <p>
+    If you need to test code that depends on fact values you should define a variable
+    with the same name at the top of your code.
+  </p>
+  <div class="results">
+    <pre><code># fake fact(s)
+$osfamily = 'RedHat'
+
+case $osfamily {
+  'RedHat': { notify { 'This is a RedHat family node':      } }
+  default : { notify { "I don't know what ${osfamily} is.": } }
+}</code></pre>
+  </div>
+  <p>
+    If you are testing a class, you will need to <code>include</code> it or it won't
+    appear in the catalog.
+  </p>
+  <div class="results">
+    <pre><code>class silly {
+  file { '/tmp/foo':
+      ensure => file,
+      before => Notify['hi'],
+  }
+  notify { 'hi': }
+}
+
+#include the class in the rendered catalog.
+include silly</code></pre>
+  </div>
+  <p>
+    Any class or type you use or set a relationship on <strong>must be defined</strong>,
+    or Puppet won't be able to autoload it.
+  <p>
+  <div class="results">
+    <pre><code>include apache
+
+class apache {
+  # a stub class so the catalog will compile.
+}</code></pre>
+  </div>
+
+  <div class="links"><a href="javascript:history.back();">Try Again</a> &bull; <a href="/">Validate More Code</a></div>
+</body>
+</html>

data/public/styles.css

@@ -40,7 +40,8 @@ div.line-highlight.with-tooltip {
     display: block;
   }
 
-.results {
+.results,
+.warning {
   width: 65%;
   border: 1px solid black;
   border-radius: 0.25em;
@@ -83,6 +84,13 @@ div.line-highlight.with-tooltip {
     padding-right: 0.5em;
   }
 
+.relationships {
+  text-align: center;
+}
+.warning {
+  background-color: #ffb6b6;
+}
+
 div.links {
   margin: 1em auto;
   padding: 0.5em;
@@ -101,9 +109,13 @@ div.entry {
     width: 100%;
     font-family: monospace;
   }
+div.row {
+  text-align: center;
+}
 
 input#validate,
-select#versions {
+select#versions,
+a#customize {
   margin-right: 2em;
 }
 
@@ -135,7 +147,7 @@ fieldset.menu ul {
   column-gap: 20px;
 }
 
-p.info {
+.info {
     background: #fefefe url('info.png') no-repeat 5px 5px !important;
     border: 1px solid #efefef;
     padding: 0.5em;
@@ -147,9 +159,6 @@ p.info {
     -khtml-border-radius: 0.5em;
     border-radius: 0.5em;
 }
-p.info:first-line {
-    font-weight: bold;
-}
 
 /* jquery UI overrides */
 .ui-widget {

data/views/index.erb

@@ -10,19 +10,24 @@
   <h1>Puppet Code Validator</h1>
   <p>Paste Puppet code into the following textbox and check it for validity.</p>
   <form action="/validate" method="post">
-    <input name="_csrf", type="hidden" value="<%= session[:csrf] %>" />
+    <% if settings.csrf %><input name="_csrf", type="hidden" value="<%= session[:csrf] %>" /><% end %>
     <div class="entry">
       <textarea name="code" id="code" cols="65" rows="25"></textarea>
-      <input type="submit" value="Validate" id="validate">
-      Puppet version
-      <select id="versions">
-        <% version = @versions.shift %><option value='/'><%= version %></option>
-        <% @versions.each do |version| %>
-        <option><%= version %></option>
-        <% end %>
-      </select>
-      <label><input type="checkbox" name="lint" id="lint" onchange="toggleChecks();">Include <code>puppet-lint</code> style checks.</label>
-      <a class="button" href="javascript:toggleMenu();">customize &#9662;</a>
+      <div class="row">
+        <input type="submit" value="Validate" id="validate">
+      </div>
+      <div class="row">
+        Puppet version
+        <select id="versions">
+          <% version = @versions.shift %><option value='/'><%= version %></option>
+          <% @versions.each do |version| %>
+          <option><%= version %></option>
+          <% end %>
+        </select>
+        <label><input type="checkbox" name="lint" id="lint" onchange="toggleChecks();">Include <code>puppet-lint</code> style checks.</label>
+        <a id="customize" class="button" href="javascript:toggleMenu();">customize &#9662;</a>
+        <% if settings.graph %><label><input type="checkbox" name="relationships" id="relationships">Show relationships.</label><% end %>
+      </div>
       <fieldset id="checks-menu" class="menu">
         <legend>Enabled Lint Checks</legend>
         <ul id="checks">
@@ -35,11 +40,19 @@
       </fieldset>
     </div>
   </form>
-  <p class="info">
-    Be aware that this <em>only validates syntax</em>. It will not compile or
-    enforce a catalog, which means that there are many mistakes that it cannot
-    identify. See <a href="/testing.html">more information on testing and
-    validating Puppet code.</a>
-  </p>
+  <div class="info">
+    <p><strong>Be aware that valid syntax does not mean you have valid code.</strong></p>
+    <p>
+      The validator <em>only validates syntax</em> and doesn't actually compile or enforce
+      a catalog. This means that there are many mistakes that it will not identify. See
+      <a href="/testing.html">more information</a> on testing and validating Puppet code.
+    </p>
+    <p>
+      If you show relationships, then we'll try to compile an abbreviated catalog. This
+      won't use any facts, and won't know how to compile non-core resource types. See
+      <a href="/relationships.html">more information</a> on building a self-contained
+      catalog in order to generate a dependency graph.
+    </p>
+  </div>
 </body>
 </html>

data/views/result.erb

@@ -36,12 +36,27 @@
       <% end %>
     </fieldset>
     <pre data-line='<%= @highlights %>' class="line-numbers language-puppet"><code id="code" class="line-numbers language-puppet"><%= @code %></code></pre>
+    <% if @relationships %>
+      <% if @relationships[:status] %>
+        <div class="relationships"><%= @relationships[:data] %></div>
+      <% else %>
+        <div class="warning"><%= @relationships[:message] %></div>
+      <% end %>
+    <% end %>
     <div class="links"><a href="javascript:history.back();">Try Again</a> &bull; <a href="/">Validate More Code</a></div>
-    <p class="info">
-      Be aware that this has <em>only validated syntax</em>. It will not compile or
-      enforce a catalog, which means that there are many mistakes that it cannot
-      identify. See <a href="/testing.html">more information on testing and
-      validating Puppet code.</a>
-    </p>
+    <div class="info">
+      <p><strong>Be aware that valid syntax does not mean you have valid code.</strong></p>
+      <p>
+        The validator <em>only validates syntax</em> and doesn't actually compile or enforce
+        a catalog. This means that there are many mistakes that it will not identify. See
+        <a href="/testing.html">more information</a> on testing and validating Puppet code.
+      </p>
+      <p>
+        If you show relationships, then we'll try to compile an abbreviated catalog. This
+        won't use any facts, and won't know how to compile non-core resource types. See
+        <a href="/relationships.html">more information</a> on building a self-contained
+        catalog in order to generate a dependency graph.
+      </p>
+    </div>
   </body>
 </html>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet-validator
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - Ben Ford
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-02 00:00:00.000000000 Z
+date: 2017-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -78,6 +78,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.5
+- !ruby/object:Gem::Dependency
+  name: ruby-graphviz
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 description: |2
       Puppet Validator is a simple web service that accepts arbitrary code submissions and
       validates it the way `puppet parser validate` would. It can optionally also
@@ -88,20 +102,22 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- LICENSE
 - README.md
-- bin/puppet-validator
+- LICENSE
 - config.ru
+- bin/puppet-validator
 - lib/puppet-validator.rb
+- bin/grapher
+- views/index.erb
+- views/result.erb
 - public/gist.png
 - public/info.png
 - public/prism-default.css
 - public/prism.js
+- public/relationships.html
 - public/scripts.js
 - public/styles.css
 - public/testing.html
-- views/index.erb
-- views/result.erb
 homepage: https://github.com/puppetlabs/puppet-validator/
 licenses:
 - Apache-2.0
@@ -122,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.0.14.1
 signing_key: 
 specification_version: 4
 summary: Puppet code validator as a service