puppetdb-ruby 1.1.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0efa1ff7283edd4cd51d062cd7f0b3a146a011dd
-  data.tar.gz: 92542f3c6fa618fad69c67755a567d0d1f04a4eb
+SHA256:
+  metadata.gz: 352d2c2bcc6b198f6c37d529472db8a5272eef594d82612880110424dbb2d341
+  data.tar.gz: c36524430b66a3e1ffdd74006ecdd195ba187ee9dd8deea356037c4900a9cc43
 SHA512:
-  metadata.gz: 6d72e69d42b39d1e9bd1c2d773e4c8358e7d430b3f7461420e484c90bbe5987e1343e02e7ec1d163820eea76dd40dec6c4df7faaacbe01e0cbf3fce80041df27
-  data.tar.gz: 674afb129c0e9890da67bcf9b6ea831bfb749c88b438805f8f45dbd2037f77df13a44f86942bf922da407e238b0fc727c5a51fab4ac42110aa7aa0e8c3cf8bb3
+  metadata.gz: 1bc2a9a1f385d1eb4eb203f422ca8d97a70440eb48f1b06baaab698b9b16984db818e507a50d2c6ea9ab8f25f764c15eb36b9d28d868dad4cfa6fd4b617ea745
+  data.tar.gz: c0af4327590e03ef0cf73c1abfb0c577d8d108bcd25aebed201fb68dcc5fe65764b3295dcf3ae954d5471512578f59982dd7ea8918e90f1fe0511799acd483a8

data/CHANGELOG.md

@@ -4,8 +4,21 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not impact the functionality of the module.
 
-## [v1.1.1](https://github.com/voxpupuli/puppetdb-ruby/tree/v1.1.1) (2017-08-17)
-[Full Changelog](https://github.com/voxpupuli/puppetdb-ruby/compare/1.1.0...v1.1.1)
+## [1.2.0](https://github.com/voxpupuli/puppetdb-ruby/tree/1.2.0) (2019-08-06)
+[Full Changelog](https://github.com/voxpupuli/puppetdb-ruby/compare/1.1.1...1.2.0)
+
+**Implemented enhancements:**
+
+- Add PE RBAC token support [\#34](https://github.com/voxpupuli/puppetdb-ruby/pull/34) ([seanmil](https://github.com/seanmil))
+
+**Closed issues:**
+
+- cannot load such file -- puppetdb [\#33](https://github.com/voxpupuli/puppetdb-ruby/issues/33)
+- Attempting to use puppetdb-ruby in a custom function [\#11](https://github.com/voxpupuli/puppetdb-ruby/issues/11)
+- No way to retrieve all facts/nodes [\#8](https://github.com/voxpupuli/puppetdb-ruby/issues/8)
+
+## [1.1.1](https://github.com/voxpupuli/puppetdb-ruby/tree/1.1.1) (2017-08-17)
+[Full Changelog](https://github.com/voxpupuli/puppetdb-ruby/compare/1.1.0...1.1.1)
 
 **Fixed bugs:**
 

data/README.md

@@ -40,7 +40,7 @@ Non-SSL:
 client = PuppetDB::Client.new({:server => 'http://localhost:8080'})
 ```
 
-SSL:
+SSL with cert-based authentication:
 ``` ruby
 client = PuppetDB::Client.new({
     :server => 'https://localhost:8081',
@@ -51,6 +51,24 @@ client = PuppetDB::Client.new({
     }})
 ```
 
+SSL with PE RBAC token based authentication:
+``` ruby
+client = PuppetDB::Client.new({
+    :server => "https://localhost:8081",
+    :token  => "my_pe_rbac_token",
+    :cacert => "/path/to/cacert.pem",
+    })
+```
+
+SSL with PE RBAC token based authentication, using all settings from PE Client Tools configurations:
+``` ruby
+client = PuppetDB::Client.new()
+```
+
+Note: When using cert-based authentication you must specify the full pem structure. When using token based authentication
+you must NOT provide the pem structure and instead pass ':token' and ':cacert' (or allow them to be read from the
+PE Client Tools configuration).
+
 #### Query API usage
 
 The Query Feature allows the user to request data from PuppetDB using the Query endpoints. It defaults to the latest version of the Query Endpoint.

data/lib/puppetdb.rb

@@ -2,5 +2,7 @@ require 'puppetdb/version'
 require 'puppetdb/client'
 require 'puppetdb/query'
 require 'puppetdb/response'
+require 'puppetdb/error'
+require 'puppetdb/config'
 
 module PuppetDB; end

data/lib/puppetdb/client.rb

@@ -1,19 +1,18 @@
 require 'httparty'
 require 'logger'
 
-module PuppetDB
-  class APIError < RuntimeError
-    attr_reader :code, :response
-    def initialize(response)
-      @response = response
-    end
-  end
+require 'puppetdb/error'
 
+module PuppetDB
   class FixSSLConnectionAdapter < HTTParty::ConnectionAdapter
     def attach_ssl_certificates(http, options)
-      http.cert    = OpenSSL::X509::Certificate.new(File.read(options[:pem]['cert']))
-      http.key     = OpenSSL::PKey::RSA.new(File.read(options[:pem]['key']))
-      http.ca_file = options[:pem]['ca_file']
+      if options[:pem].empty?
+        http.ca_file = options[:cacert]
+      else
+        http.cert    = OpenSSL::X509::Certificate.new(File.read(options[:pem]['cert']))
+        http.key     = OpenSSL::PKey::RSA.new(File.read(options[:pem]['key']))
+        http.ca_file = options[:pem]['ca_file']
+      end
       http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     end
   end
@@ -23,19 +22,6 @@ module PuppetDB
     attr_reader :use_ssl
     attr_writer :logger
 
-    def hash_get(hash, key)
-      untouched = hash[key]
-      return untouched if untouched
-
-      sym = hash[key.to_sym]
-      return sym if sym
-
-      str = hash[key.to_s]
-      return str if str
-
-      nil
-    end
-
     def hash_includes?(hash, *sought_keys)
       sought_keys.each { |x| return false unless hash.include?(x) }
       true
@@ -45,12 +31,14 @@ module PuppetDB
       @logger.debug(msg) if @logger
     end
 
-    def initialize(settings, query_api_version = 4, command_api_version = 1)
+    def initialize(settings = {}, query_api_version = 4, command_api_version = 1)
+      config = Config.new(settings, load_files: true)
       @query_api_version = query_api_version
       @command_api_version = command_api_version
 
-      server = hash_get(settings, 'server')
-      pem    = hash_get(settings, 'pem')
+      server = config.server
+      pem    = config['pem'] || {}
+      token  = config.token
 
       scheme = URI.parse(server).scheme
 
@@ -60,13 +48,14 @@ module PuppetDB
       end
 
       @use_ssl = scheme == 'https'
-      if @use_ssl && pem
-        unless hash_includes?(pem, 'key', 'cert', 'ca_file')
-          error_msg = 'Configuration error: https:// specified but pem is missing or incomplete. It requires cert, key, and ca_file.'
+      if @use_ssl
+        unless pem.empty? || hash_includes?(pem, 'key', 'cert', 'ca_file')
+          error_msg = 'Configuration error: https:// specified with pem, but pem is incomplete. It requires cert, key, and ca_file.'
           raise error_msg
         end
 
-        self.class.default_options = { pem: pem }
+        self.class.default_options = { pem: pem, cacert: config['cacert'] }
+        self.class.headers('X-Authentication' => token) if token
         self.class.connection_adapter(FixSSLConnectionAdapter)
       end
 
@@ -74,6 +63,8 @@ module PuppetDB
     end
 
     def raise_if_error(response)
+      raise UnauthorizedError, response if response.code == 401
+      raise ForbiddenError, response if response.code == 403
       raise APIError, response if response.code.to_s =~ %r{^[4|5]}
     end
 

data/lib/puppetdb/config.rb

@@ -0,0 +1,87 @@
+require 'json'
+
+class PuppetDB::Config
+  def initialize(overrides = nil, load_files = false)
+    @overrides = {}
+    overrides.each { |k, v| @overrides[k.to_s] = v } unless overrides.nil?
+
+    @load_files = load_files
+  end
+
+  def load_file(path)
+    File.open(path) { |f| JSON.parse(f.read)['puppetdb'] }
+  end
+
+  def puppetlabs_root
+    '/etc/puppetlabs'
+  end
+
+  def global_conf
+    File.join(puppetlabs_root, 'client-tools', 'puppetdb.conf')
+  end
+
+  def user_root
+    File.join(Dir.home, '.puppetlabs')
+  end
+
+  def user_conf
+    File.join(user_root, 'client-tools', 'puppetdb.conf')
+  end
+
+  def default_cacert
+    "#{puppetlabs_root}/puppet/ssl/certs/ca.pem"
+  end
+
+  def defaults
+    {
+      'cacert' => default_cacert,
+      'token-file' => File.join(user_root, 'token')
+    }
+  end
+
+  def load_config
+    config = defaults
+    if @load_files
+      if File.exist?(global_conf) && File.readable?(global_conf)
+        config = config.merge(load_file(global_conf))
+      end
+
+      if @overrides['config-file']
+        config = config.merge(load_file(@overrides['config-file']))
+      elsif File.exist?(user_conf) && File.readable?(user_conf)
+        config = config.merge(load_file(user_conf))
+      end
+    end
+
+    config.merge(@overrides)
+  end
+
+  def config
+    @config ||= load_config
+  end
+
+  def load_token
+    if @config.include?('token')
+      @config['token']
+    elsif File.readable?(config['token-file'])
+      File.read(config['token-file']).strip
+    end
+  end
+
+  def token
+    @token ||= load_token
+  end
+
+  def server_urls
+    return [config['server']] unless config['server'].nil?
+    config['server_urls'] || []
+  end
+
+  def server
+    server_urls.first || {}
+  end
+
+  def [](key)
+    @config[key]
+  end
+end

data/lib/puppetdb/error.rb

@@ -0,0 +1,17 @@
+module PuppetDB
+  class APIError < RuntimeError
+    attr_reader :code, :response
+    def initialize(response)
+      @response = response
+    end
+  end
+
+  class AccessDeniedError < APIError
+  end
+
+  class ForbiddenError < AccessDeniedError
+  end
+
+  class UnauthorizedError < AccessDeniedError
+  end
+end

data/lib/puppetdb/version.rb

@@ -1,3 +1,3 @@
 module PuppetDB
-  VERSION = '1.1.1'.freeze
+  VERSION = '1.2.0'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppetdb-ruby
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Vox Pupuli
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-17 00:00:00.000000000 Z
+date: 2019-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -121,12 +121,14 @@ files:
 - README.md
 - lib/puppetdb.rb
 - lib/puppetdb/client.rb
+- lib/puppetdb/config.rb
+- lib/puppetdb/error.rb
 - lib/puppetdb/query.rb
 - lib/puppetdb/response.rb
 - lib/puppetdb/version.rb
 homepage: https://github.com/voxpupuli/puppetdb-ruby
 licenses:
-- apache
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -144,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Simple Ruby client library for PuppetDB API