puppetdb_cli 2.0.0

data/acceptance/config/vcloud-ubuntu1604-64mda.cfg

@@ -0,0 +1,18 @@
+HOSTS:
+  ubuntu-16.04-amd64.vm:
+    roles:
+      - master
+      - agent
+      - dashboard
+      - database
+    platform: ubuntu-16.04-amd64
+    template: ubuntu-1604-x86_64
+    hypervisor: vcloud
+
+CONFIG:
+  nfs_server: none
+  consoleport: 443
+  datastore: instance0
+  resourcepool: Delivery/Quality Assurance/FOSS/Dynamic
+  folder: delivery/Quality Assurance/FOSS/Dynamic
+  pooling_api: http://vmpooler.delivery.puppetlabs.net/

data/acceptance/foss/setup/pre_suite/00_setup_env.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'beaker'
+require 'beaker-puppet'
+
+step 'Install puppet-agent.' do
+  install_puppet_agent_on(hosts, puppet_collection: 'puppet6')
+end
+
+step 'Install puppetserver.' do
+  host = master
+  install_package(host, 'puppetserver')
+  on(host, 'export PATH=/opt/puppetlabs/bin:$PATH && \
+puppet config set certname $(facter fqdn) --section master && \
+puppet config set server $(facter fqdn) --section main &&\
+puppet config set autosign true --section main &&\
+puppetserver ca setup')
+  on(host, 'service puppetserver start')
+  on(host, '/opt/puppetlabs/bin/puppet agent -t')
+end
+
+step 'Install puppetdb.' do
+  host = database
+  on(host, '/opt/puppetlabs/bin/puppet module install puppetlabs/puppetdb')
+  manifest_content = <<~MANIFEST
+    class { 'puppetdb': }
+    class { 'puppetdb::master::config': }
+  MANIFEST
+
+  manifest_path = host.tmpfile('puppetdb_manifest.pp')
+  create_remote_file(host, manifest_path, manifest_content)
+  on(host, puppet_apply("--detailed-exitcodes #{manifest_path}"), acceptable_exit_codes: [0, 2])
+  on(host, '/opt/puppetlabs/bin/puppet agent -t')
+end
+
+step 'Run an agent to create the SSL certs' do
+  host = master
+  on(host, "puppet config set server #{master}")
+  on(host, '/opt/puppetlabs/bin/puppet agent -t')
+end
+
+def git_ref_to_test
+  ENV['SHA'] || 'master'
+end
+
+step 'Install the puppetdb cli gem from source' do
+  host = master
+  git_dir = '/opt/pdb-cli-git'
+  pr_remote = <<~PR_REMOTE_CONFIG
+    [remote "pr"]
+    url = https://github.com/puppetlabs/puppetdb-cli.git
+    fetch = +refs/pull/*/head:refs/remotes/pr/*
+  PR_REMOTE_CONFIG
+  install_package(host, 'ruby')
+  install_package(host, 'git-core')
+  on(host, 'gem install bundler')
+  on(host, "git clone https://github.com/puppetlabs/puppetdb-cli.git #{git_dir}")
+  on(host, "echo '#{pr_remote}' >> #{git_dir}/.git/config; cat #{git_dir}/.git/config;")
+  on(host, "cd #{git_dir}; git fetch pr; git checkout #{git_ref_to_test}")
+  on(host, "cd #{git_dir}; bundle install --path vendor; bundle exec rake build")
+  on(host, "cd #{git_dir}; gem install --bindir /opt/puppetlabs/bin pkg/puppetdb_cli-*.gem")
+end
+
+step 'Write a config file' do
+  host = master
+  conf = <<~CONF
+    {
+      "puppetdb": {
+        "server_urls": "https://#{database}:8081",
+        "cacert": "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
+        "cert": "/etc/puppetlabs/puppet/ssl/certs/#{host}.pem",
+        "key": "/etc/puppetlabs/puppet/ssl/private_keys/#{host}.pem"
+      }
+    }
+  CONF
+  puts conf
+  client_tools_dir = '/etc/puppetlabs/client-tools'
+  on(host, "mkdir -p #{client_tools_dir}")
+  on(host, "echo '#{conf}' > #{client_tools_dir}/puppetdb.conf")
+end

data/acceptance/foss/tests/basic.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+test_name 'basic validation of puppetdb-cli subcommands' do
+  host = master
+  on(host, '/opt/puppetlabs/bin/puppet-query --help')
+  on(host, '/opt/puppetlabs/bin/puppet-db --help')
+
+  on(host, "/opt/puppetlabs/bin/puppet-query 'nodes{}'")
+  on(host, '/opt/puppetlabs/bin/puppet-db status')
+
+  dir = create_tmpdir_on(host)
+  on(host, "/opt/puppetlabs/bin/puppet-db export #{dir}/pdb_archive.tgz")
+  on(host, "/opt/puppetlabs/bin/puppet-db import #{dir}/pdb_archive.tgz")
+end

data/acceptance/pe/setup/pre_suite/00_setup_env.rb

@@ -0,0 +1,65 @@
+require 'json'
+require 'beaker-pe'
+
+# Copies puppet ca from master to host
+#
+# === Returns
+#
+# +string+ - path of ca file or nil on fail
+def copy_ca_from_master_to(host)
+  ca_pem_contents = on(master, 'cat /etc/puppetlabs/puppet/ssl/certs/ca.pem').stdout.chomp
+  path_seperator = (host.platform =~ /win/) ? '\\' : '/'
+  ca_pem_location = host.system_temp_path << path_seperator << 'ca.pem'
+  create_remote_file(host, ca_pem_location, ca_pem_contents)
+  ca_pem_location
+end
+
+step "Install Puppet Enterprise." do
+  install_pe
+end
+
+step 'copy ca.pem from master to client node' do
+  client = find_only_one('client')
+  $ca_pem_location = copy_ca_from_master_to(client)
+end
+
+step 'create puppet-db/query config file on client node' do
+  client = find_only_one('client')
+
+  conf = {
+    'puppetdb' => {
+      'server_urls' => ["https://#{master.hostname}:8081"],
+      'cacert'      => $ca_pem_location
+    }
+  }
+  write_client_tool_config_on(client, 'global', 'db', conf.to_json)
+end
+
+step 'create puppet-access config file on client node' do
+  client = find_only_one('client')
+
+  conf = {
+    'service-url'      => "https://#{master.hostname}:4433/rbac-api",
+    'certificate-file' => $ca_pem_location
+  }
+
+  write_client_tool_config_on(client, 'global', 'access', conf.to_json)
+end
+
+step "Install PE Client Tools" do
+  # Remove this hack once made in beaker-pe.
+  variant, version, arch, codename = client['platform'].to_array
+  if variant == 'ubuntu' && version.split('.').first.to_i >= 18
+    on client, "echo 'Acquire::AllowInsecureRepositories \"true\";' > /etc/apt/apt.conf.d/90insecure"
+  end
+
+  opts = {
+    :puppet_collection       => 'PC1',
+    :pe_client_tools_sha     => ENV['SHA'],
+    :pe_client_tools_version => ENV['SUITE_VERSION'] || ENV['SHA']
+  }
+
+  client = find_only_one('client')
+
+  install_pe_client_tools_on(client, opts)
+end

data/acceptance/pe/tests/basic.rb

@@ -0,0 +1,20 @@
+require 'scooter'
+
+test_name "basic validation of puppetdb-cli subcommands" do
+  puppet_query_on(client, "--help")
+  puppet_db_on(client, "--help")
+
+  step 'setup user and get token with puppet-access' do
+    console_dispatcher = Scooter::HttpDispatchers::ConsoleDispatcher.new(master)
+    administrator_role = console_dispatcher.get_role_by_name('Administrators')
+    user = console_dispatcher.generate_local_user
+    console_dispatcher.add_user_to_role(user, administrator_role)
+    login_with_puppet_access_on(client, user)
+  end
+
+  puppet_query_on(client, "nodes{}")
+  puppet_db_on(client, "status")
+  dir = client.tmpdir('pdb-cli-basic')
+  puppet_db_on(client, "export #{dir}/pdb_archive.tgz")
+  puppet_db_on(client, "import #{dir}/pdb_archive.tgz")
+end

data/appveyor.yml

@@ -0,0 +1,57 @@
+---
+# version: 1.0.{build}-{branch}
+
+environment:
+  LOG_SPEC_ORDER: true
+  matrix:
+    # FIXME: enable ruby 2.5 on windows once puppet and puppet-module gems have unpinned ffi
+    # - RUBY_VERSION: 25-x64
+    #   USE_MSYS: true
+    #   SUITES: "spec"
+    #   BUNDLE_JOBS: 4
+    - RUBY_VERSION: 25-x64
+      USE_MSYS: true
+      SUITES: "spec"
+      BUNDLE_JOBS: 1
+    - RUBY_VERSION: 25-x64
+      USE_CYGWIN: true
+      SUITES: "spec"
+      BUNDLE_JOBS: 1
+    - RUBY_VERSION: 23-x64
+      USE_CYGWIN: true
+      SUITES: "spec"
+      BUNDLE_JOBS: 1
+
+install:
+  - ps: |
+      if ($ENV:USE_MSYS -ne $Null) {
+        Push-Location "C:\Ruby${ENV:RUBY_VERSION}\bin"
+        .\ridk.ps1 install 2 3
+        .\ridk.ps1 enable
+        Pop-Location
+      }
+      ElseIf ($ENV:USE_CYGWIN) {
+        $ENV:PATH = "C:\Ruby${ENV:RUBY_VERSION}\bin;C:\mingw-w64\x86_64-6.3.0-posix-seh-rt_v5-rev1\mingw64\bin;" + $ENV:PATH
+      }
+  - ps: |
+      $CACertFile = Join-Path -Path $ENV:AppData -ChildPath "RubyCACert.pem"
+      If (-Not (Test-Path -Path $CACertFile)) {
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+        Invoke-WebRequest -Uri "https://curl.haxx.se/ca/cacert.pem" -UseBasicParsing -OutFile $CACertFile | Out-Null
+      }
+      $ENV:SSL_CERT_FILE = $CACertFile
+  - echo %PATH%
+  - bundle install --retry 2
+
+build: off
+
+branches:
+  only:
+    - master
+
+before_test:
+  - bundle env
+  - type Gemfile.lock
+
+test_script:
+- bundle exec rake %SUITES%

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'cli'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/puppet-db

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'puppetdb_cli'
+
+begin
+  PuppetDBCLI.run(ARGV.unshift('db'))
+rescue Interrupt
+  warn "\nAborted!"
+  exit 1
+end

data/exe/puppet-query

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'puppetdb_cli'
+
+begin
+  PuppetDBCLI.run(ARGV.unshift('query'))
+rescue Interrupt
+  warn "\nAborted!"
+  exit 1
+end

data/lib/puppetdb_cli.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'cri'
+require 'puppetdb'
+
+require 'puppetdb_cli/logger'
+require 'puppetdb_cli/utils'
+require 'puppetdb_cli/version'
+
+# The top level command for the PuppetDB CLI
+module PuppetDBCLI
+  def self.run(args)
+    @base_cmd.run(args)
+  end
+
+  @base_cmd = Cri::Command.define do
+    name 'puppet'
+    usage 'puppet command [options]'
+    summary 'PuppetDB CLI'
+    description 'A command line tool for interacting with PuppetDB'
+    default_subcommand 'help'
+
+    flag :v, :version, 'Show version of puppetdb cli tool.' do |_, _|
+      puts PuppetDBCLI::VERSION
+      exit 0
+    end
+
+    flag :h, :help, 'Show help for this command.' do |_, c|
+      puts c.help
+      exit 0
+    end
+
+    flag :d, :debug, 'Enable debug output.' do |_, _|
+      PuppetDBCLI.logger.enable_debug_mode
+    end
+
+    option :c, :config, 'The path to the PuppetDB CLI config', argument: :required
+
+    option nil, :urls, 'The urls of your PuppetDB instances (overrides SERVER_URLS).', argument: :required
+
+    option nil, :cacert, 'Overrides the path for the Puppet CA cert', argument: :required
+
+    option nil, :cert, 'Overrides the path for the Puppet client cert.', argument: :required
+
+    option nil, :key, 'Overrides the path for the Puppet client private key.', argument: :required
+
+    option nil, :token, 'Overrides the path for the RBAC token (PE only).', argument: :required
+  end
+
+  require 'puppetdb_cli/query'
+  require 'puppetdb_cli/db'
+
+  @base_cmd.add_command Cri::Command.new_basic_help
+end

data/lib/puppetdb_cli/db.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# Add the db command
+#
+# This subcommand has no functionalty other than --help. It's purpose is to contain
+# subcommands for compatibility with usage as 'puppet db'.
+module PuppetDBCLI
+  @db_cmd = @base_cmd.define_command do
+    name 'db'
+    usage 'db [options] <subcommand>'
+    summary 'manage PuppetDB administrative tasks'
+    default_subcommand 'help'
+
+    flag :h, :help, 'Show help for this command.' do |_, c|
+      puts c.help
+      exit 0
+    end
+  end
+
+  @db_cmd.add_command Cri::Command.new_basic_help
+
+  require 'puppetdb_cli/db/import'
+  require 'puppetdb_cli/db/export'
+  require 'puppetdb_cli/db/status'
+end

data/lib/puppetdb_cli/db/export.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Adds the export command to the PuppetDB CLI
+#
+# The export command can be used to create an archive of your PuppetDB database
+module PuppetDBCLI
+  # Transform and validate a String into a
+  # keyword anonymization profile
+  class AnonymizationTransformer
+    def call(str)
+      raise ArgumentError unless str.is_a? String
+
+      str.to_sym.tap do |symbol|
+        raise unless %i[none low moderate full].include?(symbol)
+      end
+    end
+  end
+
+  @export_cmd = @db_cmd.define_command do
+    name 'export'
+    usage 'export [options] <path>'
+    summary 'export an archive from PuppetDB'
+
+    option :a, :anonymization, 'Archive anonymization profile (low, moderate, high)',
+           default: :none,
+           argument: :required,
+           transform: AnonymizationTransformer.new
+
+    run do |opts, args, cmd|
+      PuppetDBCLI::Utils.log_command_start cmd.name, opts, args
+
+      if args.count.zero?
+        PuppetDBCLI.logger.fatal 'No file path provided'
+        exit 1
+      elsif args.count > 1
+        PuppetDBCLI.logger.fatal 'Only one argument, the path where the export file will be written, is allowed.'
+        exit 1
+      end
+
+      filename = File.expand_path args.first
+      PuppetDBCLI.logger.info "Starting export to '#{filename}'"
+
+      client = PuppetDBCLI::Utils.open_client_connection opts
+      response = client.export(filename, anonymization_profile: opts[:anonymization])
+
+      exit 1 unless response.success?
+    end
+  end
+end