puppetdb_foreman 2.0.0 → 3.0.0

data/app/services/puppetdb.rb

@@ -0,0 +1,31 @@
+module Puppetdb
+  def self.client
+    options = {
+      :uri => uri,
+      :ssl_ca_file => Setting[:puppetdb_ssl_ca_file],
+      :ssl_certificate_file => Setting[:puppetdb_ssl_certificate],
+      :ssl_private_key_file => Setting[:puppetdb_ssl_private_key]
+    }
+    if uri.path.start_with?('/pdb')
+      PuppetdbClient::V3.new(options)
+    else
+      PuppetdbClient::V1.new(options)
+    end
+  end
+
+  def self.uri
+    URI.parse(Setting[:puppetdb_address])
+  end
+
+  def self.enabled?
+    [true, 'true'].include? Setting[:puppetdb_enabled]
+  end
+
+  def self.configured?
+    Setting[:puppetdb_address].present?
+  end
+
+  def self.ready?
+    enabled? && configured?
+  end
+end

data/app/services/puppetdb_client/base.rb

@@ -0,0 +1,109 @@
+module PuppetdbClient
+  class Base
+    delegate :logger, :to => :Rails
+    attr_reader :uri, :ssl_ca_file, :ssl_certificate_file, :ssl_private_key_file
+
+    def initialize(opts)
+      @uri = opts.fetch(:uri)
+      @ssl_ca_file = opts.fetch(:ssl_ca_file)
+      @ssl_certificate_file = opts.fetch(:ssl_certificate_file)
+      @ssl_private_key_file = opts.fetch(:ssl_private_key_file)
+    end
+
+    def deactivate_node(nodename)
+      body = parse(post(command_url, deactivate_node_payload(nodename)))
+      uuid = body['uuid']
+      logger.info "Submitted deactivate_node job to PuppetDB with UUID: #{uuid}"
+      uuid
+    end
+
+    def query_nodes
+      nodes = parse(get(nodes_url))
+      nodes.map { |node| node['name'] }
+    end
+
+    def facts(nodename)
+      parse(get("#{facts_url}?#{URI.escape("query=[\"=\", \"certname\", \"#{nodename}\"]")}"))
+    end
+
+    private
+
+    def connection(url)
+      RestClient::Resource.new(
+        request_url(url),
+        request_options
+      )
+    end
+
+    def request_url(url)
+      URI.join(baseurl, url).to_s
+    end
+
+    def baseurl
+      "#{uri.scheme}://#{uri.host}:#{uri.port}"
+    end
+
+    def get(endpoint)
+      logger.debug "PuppetdbClient: GET request to #{endpoint}"
+      connection(endpoint).get.body
+    end
+
+    def post(endpoint, payload)
+      logger.debug "PuppetdbClient: POST request to #{endpoint} with payload: #{payload}"
+      connection(endpoint).post(payload, post_options).body
+    end
+
+    def parse(body)
+      JSON.parse(body)
+    end
+
+    def post_options
+      {}
+    end
+
+    def request_options
+      {
+        headers: request_headers
+      }.merge(auth_options).merge(ssl_options)
+    end
+
+    def request_headers
+      {
+        'Accept' => 'application/json'
+      }
+    end
+
+    def ssl_options
+      if ssl_ca_file
+        {
+          ssl_ca_file: ssl_ca_file,
+          verify_ssl: true
+        }
+      else
+        {
+          verify_ssl: false
+        }
+      end
+    end
+
+    def auth_options
+      return {} unless certificate_request?
+      {
+        ssl_client_cert: ssl_certificate,
+        ssl_client_key: ssl_private_key
+      }
+    end
+
+    def certificate_request?
+      ssl_certificate_file.present? && ssl_private_key_file.present?
+    end
+
+    def ssl_certificate
+      OpenSSL::X509::Certificate.new(File.read(ssl_certificate_file))
+    end
+
+    def ssl_private_key
+      OpenSSL::PKey::RSA.new(File.read(ssl_private_key_file), nil)
+    end
+  end
+end

data/app/services/puppetdb_client/v1.rb

@@ -0,0 +1,25 @@
+module PuppetdbClient
+  class V1 < Base
+    # The payload is expected to be the certname of a node as a serialized JSON string.
+    def deactivate_node_payload(nodename)
+      payload = {
+        'command' => 'deactivate node',
+        'version' => 1,
+        'payload' => nodename.to_json
+      }.to_json
+      'payload=' + payload
+    end
+
+    def command_url
+      '/v3/commands'
+    end
+
+    def nodes_url
+      '/v3/nodes'
+    end
+
+    def facts_url
+      '/v3/facts'
+    end
+  end
+end

data/app/services/puppetdb_client/v3.rb

@@ -0,0 +1,41 @@
+module PuppetdbClient
+  class V3 < Base
+    # The payload is formatted as a JSON map.
+    # certname: The name of the node for which the catalog was compiled.
+    # producer_timestamp: The time of command submission.
+    def deactivate_node_payload(nodename)
+      {
+        'command' => 'deactivate node',
+        'version' => 3,
+        'payload' => {
+          'certname' => nodename,
+          'producer_timestamp' => producer_timestamp
+        }
+      }.to_json
+    end
+
+    def command_url
+      '/pdb/cmd/v1'
+    end
+
+    def nodes_url
+      '/pdb/query/v4/nodes'
+    end
+
+    def facts_url
+      '/pdb/query/v4/facts'
+    end
+
+    private
+
+    def post_options
+      {
+        content_type: :json
+      }
+    end
+
+    def producer_timestamp
+      Time.now.iso8601.to_s
+    end
+  end
+end

data/app/services/puppetdb_host.rb

@@ -0,0 +1,47 @@
+class PuppetdbHost
+  attr_accessor :certname, :environment, :facts
+
+  def initialize(opts = {})
+    self.facts = HashWithIndifferentAccess.new
+    parse_facts(opts.fetch(:facts))
+  end
+
+  def to_host
+    host = Host::Managed.import_host(facts[:fqdn], 'puppet', certname)
+    host.import_facts(facts)
+    host.update_attribute(:environment => environment) if environment
+    host
+  end
+
+  private
+
+  def parse_facts(pdb_facts)
+    pdb_facts.each do |fact|
+      name = fact['name']
+      value = parse_fact_value(fact['value'])
+      facts[name] = value
+      self.certname = fact['certname']
+      self.environment = fact['environment']
+    end
+  end
+
+  def parse_fact_value(value)
+    result = JSON.parse(value)
+    return result.to_s unless result.is_a?(Hash)
+    deep_stringify_values(result)
+  rescue JSON::ParserError
+    value.to_s
+  end
+
+  def deep_stringify_values(obj)
+    result = {}
+    obj.each do |key, value|
+      result[key] = if value.is_a?(Hash)
+                      deep_stringify_values(value)
+                    else
+                      value.to_s
+                    end
+    end
+    result
+  end
+end

data/app/views/api/v2/puppetdb_nodes/import.json.rabl

@@ -0,0 +1,3 @@
+object @host
+
+extends "api/v2/hosts/show"

data/app/views/api/v2/puppetdb_nodes/index.json.rabl

@@ -0,0 +1,5 @@
+collection @nodes
+
+node :name do |node|
+  node
+end

data/app/views/api/v2/puppetdb_nodes/unknown.json.rabl

@@ -0,0 +1,3 @@
+collection @nodes
+
+extends "api/v2/puppetdb_nodes/index"

data/app/views/puppetdb_foreman/nodes/index.html.erb

@@ -0,0 +1,82 @@
+<% title _('PuppetDB Nodes') %>
+
+<div class="col-md-12">
+  <div class="row">
+    <div class="container-fluid container-cards-pf">
+      <div class="row row-cards-pf">
+        <div class="col-xs-6 col-sm-4 col-md-4">
+          <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+              <span class="fa fa-database"></span><span class="card-pf-aggregate-status-count"><%= @puppetdb_hosts.count %></span> <%= _('Hosts in PuppetDB') %>
+            </h2>
+            <div class="card-pf-body">
+              <p class="card-pf-aggregate-status-notifications">
+              <span class="card-pf-aggregate-status-notification"><span class="pficon pficon-ok"></span></span>
+              </p>
+            </div>
+          </div>
+        </div>
+        <div class="col-xs-6 col-sm-4 col-md-4">
+          <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+              <span class="pficon pficon-server"></span><span class="card-pf-aggregate-status-count"><%= @foreman_hosts.count %></span> <%= _('Hosts in Foreman') %>
+            </h2>
+            <div class="card-pf-body">
+              <p class="card-pf-aggregate-status-notifications">
+              <span class="card-pf-aggregate-status-notification"><span class="pficon pficon-ok"></span></span>
+              </p>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-7">
+        <div class="panel panel-default">
+          <div class="panel-heading">
+            <h3 class="panel-title"><%= _('PuppetDB Nodes without Host in Foreman') %></h3>
+          </div>
+          <div class="panel-body">
+            <table class="<%= table_css_classes 'table-fixed' %>">
+              <% if @unknown_hosts.any? %>
+                <thead>
+                  <tr>
+                    <th class="col-md-5"><%= _('Name') %></th>
+                    <th class="col-md-2"><%= _('Actions') %></th>
+                  </tr>
+                </thead>
+                <tbody>
+                  <% @unknown_hosts.each do |node| %>
+                    <tr>
+                      <td class="ellipsis"><%= node %></td>
+                      <td>
+                        <%= action_buttons(
+                          (display_link_if_authorized(_("Import"), hash_for_import_puppetdb_foreman_node_path(:id => node), :method => :put)),
+                          (display_delete_if_authorized(hash_for_puppetdb_foreman_node_path(:id => node), :class => 'delete', :text => _('Deactivate')))
+                        ) %>
+                    </td>
+                    </tr>
+                  <% end %>
+                </tbody>
+              <% else %>
+                <tbody>
+                  <tr>
+                    <td class="blank-slate-pf" style="width: auto;">
+                      <div class="blank-slate-pf-icon">
+                        <%= icon_text("ok", "", :kind => "pficon") %>
+                      </div>
+                      <h1><%= _('PuppetDB in Sync') %></h1>
+                      <p>
+                        <%= _("For every node in PuppetDB a host in Foreman could be found. Both systems are in sync.") %>
+                      </p>
+                    </td>
+                  </tr>
+                </tbody>
+              <% end %>
+            </table>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>

data/config/routes.rb

@@ -1,3 +1,31 @@
 Rails.application.routes.draw do
-  get ':puppetdb(/*puppetdb_url)', :to => 'puppetdb_foreman/puppetdb#index', :puppetdb => /d3\.v2|charts|v3|puppetdb|metrics|\/pdb\/meta\/v1\/version\/latest|pdb\/meta\/v1\/version/, :as => "puppetdb"
+  get ':puppetdb(/*puppetdb_url)', :to => 'puppetdb_foreman/puppetdb#index', :puppetdb => /d3\.v2|charts|v3|puppetdb|metrics|\/pdb\/meta\/v1\/version\/latest|pdb\/meta\/v1\/version|pdb\/dashboard\/data/, :as => 'puppetdb'
+
+  namespace :puppetdb_foreman do
+    constraints(:id => %r{[^\/]+}) do
+      resources :nodes, :only => [:index, :destroy] do
+        member do
+          put 'import'
+        end
+      end
+    end
+  end
+
+  namespace :api, :defaults => { :format => 'json' } do
+    scope '(:apiv)', :module => :v2,
+                     :defaults => { :apiv => 'v2' },
+                     :apiv => /v1|v2/,
+                     :constraints => ApiConstraints.new(:version => 2) do
+      constraints(:id => /[^\/]+/) do
+        resources :puppetdb_nodes, :only => [:index, :destroy] do
+          collection do
+            get 'unknown'
+          end
+          member do
+            put 'import'
+          end
+        end
+      end
+    end
+  end
 end

data/lib/puppetdb_foreman/engine.rb

@@ -1,26 +1,52 @@
 module PuppetdbForeman
   class Engine < ::Rails::Engine
+    engine_name 'puppetdb_foreman'
 
-    initializer 'puppetdb_foreman.load_default_settings', :before => :load_config_initializers do |app|
-      require_dependency File.expand_path("../../../app/models/setting/puppetdb.rb", __FILE__) if (Setting.table_exists? rescue(false))
+    initializer 'puppetdb_foreman.load_default_settings', :before => :load_config_initializers do |_app|
+      require_dependency File.expand_path('../../../app/models/setting/puppetdb.rb', __FILE__) if begin
+                                                                                                     Setting.table_exists?
+                                                                                                   rescue
+                                                                                                     (false)
+                                                                                                   end
     end
 
-    initializer 'puppetdb_foreman.register_plugin', :before => :finisher_hook do |app|
+    initializer 'puppetdb_foreman.register_plugin', :before => :finisher_hook do |_app|
       Foreman::Plugin.register :puppetdb_foreman do
         requires_foreman '>= 1.11'
+
+        apipie_documented_controllers ["#{PuppetdbForeman::Engine.root}/app/controllers/api/v2/*.rb"]
+
         security_block :puppetdb_foreman do
-          permission :view_puppetdb_dashboard, {:'puppetdb_foreman/puppetdb' => [:index]}
+          permission :view_puppetdb_dashboard, :'puppetdb_foreman/puppetdb' => [:index]
+          permission :view_puppetdb_nodes, :'puppetdb_foreman/nodes' => [:index],
+                                           :'api/v2/puppetdb_nodes' => [:index, :unknown]
+          permission :destroy_puppetdb_nodes, :'puppetdb_foreman/nodes' => [:destroy],
+                                              :'api/v2/puppetdb_nodes' => [:destroy]
+          permission :import_puppetdb_nodes, :'puppetdb_foreman/nodes' => [:import],
+                                             :'api/v2/puppetdb_nodes' => [:import]
         end
+
         role 'PuppetDB Dashboard', [:view_puppetdb_dashboard]
+        role 'PuppetDB Node Viewer', [:view_puppetdb_nodes]
+        role 'PuppetDB Node Manager', [:view_puppetdb_nodes, :destroy_puppetdb_nodes, :import_puppetdb_nodes]
+
         menu :top_menu, :puppetdb, :caption => N_('PuppetDB Dashboard'),
-                                   :url_hash => {:controller => 'puppetdb_foreman/puppetdb', :action => 'index', :puppetdb => 'puppetdb'},
+                                   :url_hash => { :controller => 'puppetdb_foreman/puppetdb', :action => 'index', :puppetdb => 'puppetdb' },
                                    :parent => :monitor_menu,
-                                   :last => true
+                                   :last => :true
+        menu :top_menu, :nodes, :caption => N_('PuppetDB Nodes'),
+                                :url_hash => { :controller => 'puppetdb_foreman/nodes', :action => 'index' },
+                                :parent => :monitor_menu,
+                                :after => :puppetdb
       end
     end
 
     config.to_prepare do
-      Host::Managed.send :include, PuppetdbForeman::HostExtensions
+      begin
+        Host::Managed.send :include, PuppetdbForeman::HostExtensions
+      rescue => e
+        Rails.logger.warn "PuppetdbForeman: skipping engine hook (#{e})"
+      end
     end
   end
 end