smart_proxy_openbolt 0.1.1 → 1.2.0

data/lib/smart_proxy_openbolt/main.rb

@@ -1,14 +1,14 @@
 require 'json'
 require 'open3'
+require 'openssl'
 require 'smart_proxy_openbolt/executor'
 require 'smart_proxy_openbolt/error'
-require 'thread'
 
 module Proxy::OpenBolt
   extend ::Proxy::Util
   extend ::Proxy::Log
 
-  TRANSPORTS = ['ssh', 'winrm']
+  TRANSPORTS = ['ssh', 'winrm', 'choria'].freeze
   # The key should be exactly the flag name passed to OpenBolt
   # Type must be :boolean, :string, or an array of acceptable string values
   # Transport must be an array of transport types it applies to. This is
@@ -26,25 +26,25 @@ module Proxy::OpenBolt
     },
     'log-level' => {
       :type => ['error', 'warning', 'info', 'debug', 'trace'],
-      :transport => ['ssh', 'winrm'],
+      :transport => ['ssh', 'winrm', 'choria'],
       :sensitive => false,
       :description => 'Set the log level during OpenBolt execution.',
     },
     'verbose' => {
       :type => :boolean,
-      :transport => ['ssh', 'winrm'],
+      :transport => ['ssh', 'winrm', 'choria'],
       :sensitive => false,
       :description => 'Run the OpenBolt command with the --verbose flag. This prints additional information during OpenBolt execution and will print any out::verbose plan statements.',
     },
     'noop' => {
       :type => :boolean,
-      :transport => ['ssh', 'winrm'],
+      :transport => ['ssh', 'winrm', 'choria'],
       :sensitive => false,
       :description => 'Run the OpenBolt command with the --noop flag, which will make no changes to the target host.',
     },
     'tmpdir' => {
       :type => :string,
-      :transport => ['ssh', 'winrm'],
+      :transport => ['ssh', 'winrm', 'choria'],
       :sensitive => false,
       :description => 'Directory to use for temporary files on target hosts during OpenBolt execution.',
     },
@@ -96,16 +96,105 @@ module Proxy::OpenBolt
       :sensitive => false,
       :description => 'Verify remote host SSL certificate when connecting to hosts via WinRM.',
     },
-  }
-  class << self
-    @@mutex = Mutex.new
+    'choria-task-agent' => {
+      :type => ['bolt_tasks', 'shell'],
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Choria agent used to execute tasks on target nodes. "bolt_tasks" runs tasks via the Choria bolt_tasks agent and "shell" runs them via the shell agent. Defaults to "bolt_tasks" when not specified.',
+    },
+    'choria-config-file' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Path on the smart proxy host to the Choria client configuration file. This file must be readable by the foreman-proxy user. When blank, the proxy uses a built-in default.',
+    },
+    'choria-mcollective-certname' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Override the MCollective certname for Choria client identity. When blank, the proxy derives this automatically from the SSL certificate.',
+    },
+    'choria-ssl-ca' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Path on the smart proxy host to the CA certificate used to verify Choria brokers and peers. This file must be readable by the foreman-proxy user. Must be provided together with choria-ssl-cert and choria-ssl-key.',
+    },
+    'choria-ssl-cert' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Path on the smart proxy host to the client SSL certificate used to authenticate with Choria. This file must be readable by the foreman-proxy user. Must be provided together with choria-ssl-ca and choria-ssl-key.',
+    },
+    'choria-ssl-key' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Path on the smart proxy host to the client SSL private key used to authenticate with Choria. This key must be readable by the foreman-proxy user. Must be provided together with choria-ssl-ca and choria-ssl-cert.',
+    },
+    'choria-collective' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Choria collective to route messages through.',
+    },
+    'choria-puppet-environment' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Puppet environment reported to the Choria agent when executing tasks. Defaults to "production" when not specified. Typically matches the proxy\'s environment_path setting.',
+    },
+    'choria-rpc-timeout' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Timeout in seconds for individual Choria RPC calls. Defaults to 30 when not specified.',
+    },
+    'choria-task-timeout' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Timeout in seconds for a Choria task to complete on a target node. Defaults to 300 when not specified.',
+    },
+    'choria-command-timeout' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Timeout in seconds for a Choria shell command to complete on a target node. Defaults to 60 when not specified.',
+    },
+    'choria-brokers' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Comma-separated list of Choria broker addresses in host or host:port format (e.g. broker1:4222,broker2:4222). Port defaults to 4222 if omitted.',
+    },
+    'choria-broker-timeout' => {
+      :type => :string,
+      :transport => ['choria'],
+      :sensitive => false,
+      :description => 'Timeout in seconds for establishing a connection to a Choria broker.',
+    },
+  }.freeze
+  SORTED_OPTIONS = OPENBOLT_OPTIONS.sort.to_h.freeze
+
+  @mutex = Mutex.new
 
+  class << self
     def openbolt_options
-      OPENBOLT_OPTIONS.sort.to_h
+      SORTED_OPTIONS
     end
 
     def executor
-      @executor ||= Proxy::OpenBolt::Executor.instance
+      @executor ||= Executor.instance
+    end
+
+    def validate_job_id!(id)
+      return if /\A[a-f0-9-]+\z/i.match?(id)
+      raise Error.new(message: 'Invalid job ID format')
+    end
+
+    def result_file_path(id)
+      File.join(Plugin.settings.log_dir, "#{id}.json")
     end
 
     # /tasks or /tasks/reload
@@ -113,7 +202,7 @@ module Proxy::OpenBolt
       # If we need to reload, only one instance of the reload
       # should happen at once. Make others wait until it is
       # finished.
-      @@mutex.synchronize do
+      @mutex.synchronize do
         @tasks = nil if reload
         @tasks || reload_tasks
       end
@@ -123,59 +212,31 @@ module Proxy::OpenBolt
       task_data = {}
 
       # Get a list of all tasks
-      command = "bolt task show --project #{Proxy::OpenBolt::Plugin.settings.environment_path} --format json"
-      stdout, stderr, status = openbolt(command)
-      unless status.exitstatus.zero?
-        raise Proxy::OpenBolt::CliError.new(
-          message:  'Error occurred when fetching tasks names.',
-          exitcode: status.exitstatus,
-          stdout:   stdout,
-          stderr:   stderr,
-          command:  command,
-        )
-      end
-      task_names = []
-      begin
-        task_names = JSON.parse(stdout)['tasks'].map { |t| t[0] }
-      rescue JSON::ParserError => e
-        raise Proxy::OpenBolt::Error.new(
-          message:   "Error occurred when parsing 'bolt task show' output.",
-          exception: e,
+      command = ['bolt', 'task', 'show',
+                 '--project', Plugin.settings.environment_path,
+                 '--format', 'json']
+      parsed = openbolt_json(command)
+      task_list = parsed['tasks']
+      unless task_list.is_a?(Array)
+        raise Error.new(
+          message: "Unexpected output from 'bolt task show': expected 'tasks' to be an array, got #{task_list.class}."
         )
       end
 
-      # Get metadata for each task and put into @tasks
-      task_names.each do |name|
-        command = "bolt task show #{name} --project #{Proxy::OpenBolt::Plugin.settings.environment_path} --format json"
-        stdout, stderr, status = openbolt(command)
-        unless status.exitstatus.zero?
-          @tasks = nil
-          raise Proxy::OpenBolt::CliError.new(
-            message:  "Error occurred when fetching task information for #{name}",
-            exitcode: status.exitstatus,
-            stdout:   stdout,
-            stderr:   stderr,
-            command:  command,
-          )
-        end
-        metadata = {}
-        begin
-          metadata = JSON.parse(stdout)['metadata']
-        rescue Json::ParserError => e
-          @tasks = nil
-          raise Proxy::OpenBolt::Error.new(
-            message:   "Error occurred when parsing 'bolt task show #{name}' output.",
-            exception: e,
-          )
-        end
+      # Get metadata for each task
+      task_list.each do |task_entry|
+        name = task_entry[0]
+        command = ['bolt', 'task', 'show', name,
+                   '--project', Plugin.settings.environment_path,
+                   '--format', 'json']
+        result = openbolt_json(command)
+        metadata = result['metadata']
         if metadata.nil?
-          @tasks = nil
-          raise Proxy::OpenBolt::Error.new(
-            message: "Invalid metadata found for task #{name}",
-            output: output,
-            command: command,
+          raise Error.new(
+            message: "Invalid metadata found for task #{name}"
           )
         end
+
         task_data[name] = {
           'description' => metadata['description'] || '',
           'parameters'  => metadata['parameters'] || {},
@@ -203,102 +264,216 @@ module Proxy::OpenBolt
     def launch_task(data)
       ### Validation ###
       unless data.is_a?(Hash)
-        raise Proxy::OpenBolt::Error.new(message: 'Data passed in to launch_task function is not a hash. This is most likely a bug in the smart_proxy_openbolt plugin. Please file an issue with the maintainers.').to_json
+        raise Error.new(message: 'Data passed in to launch_task function is not a hash. This is most likely a bug in the smart_proxy_openbolt plugin. Please file an issue with the maintainers.')
       end
       fields = ['name', 'parameters', 'targets', 'options']
-      unless fields.all? { |k| data.keys.include?(k) }
-        raise Proxy::OpenBolt::Error.new(message: "You must provide values for 'name', 'parameters', 'targets', and 'transport'.")
+      unless fields.all? { |k| data.key?(k) }
+        raise Error.new(message: "You must provide values for 'name', 'parameters', 'targets', and 'options'.")
       end
       name = data['name']
       params = data['parameters'] || {}
       targets = data['targets']
-      options = data['options']
+      options = data['options'] || {}
 
       logger.info("Task: #{name}")
       logger.info("Parameters: #{params.inspect}")
       logger.info("Targets: #{targets.inspect}")
-      logger.info("Options: #{scrub(options, options.inspect.to_s)}")
+      logger.info("Options: #{scrub(options, options.inspect)}")
 
       # Validate name
-      raise Proxy::OpenBolt::Error.new(message: "You must provide a value for 'name'.") unless name.is_a?(String) && !name.empty?
-      raise Proxy::OpenBolt::Error.new(message: "Task #{name} not found.") unless tasks.keys.include?(name)
+      raise Error.new(message: "You must provide a value for 'name'.") unless name.is_a?(String) && !name.empty?
+      raise Error.new(message: "Task #{name} not found.") unless tasks.key?(name)
 
       # Validate parameters
-      raise Proxy::OpenBolt::Error.new(message: "The 'parameters' value should be a hash.") unless params.is_a?(Hash)
-      missing = []
-      tasks[name]['parameters'].each do |k, v|
-        next if v['type'].start_with?('Optional[')
-        missing << k unless params.keys.include?(k)
-      end
-      raise Proxy::OpenBolt::Error.new(message: "Missing required parameters: #{missing}") unless missing.empty?
+      raise Error.new(message: "The 'parameters' value should be a hash.") unless params.is_a?(Hash)
       extra = params.keys - tasks[name]['parameters'].keys
-      raise Proxy::OpenBolt::Error.new(message: "Unknown parameters: #{extra}") unless extra.empty?
+      raise Error.new(message: "Unknown parameters: #{extra}") unless extra.empty?
 
       # Normalize parameters, ensuring blank values are not passed
       params = normalize_values(params)
       logger.info("Normalized parameters: #{params.inspect}")
 
+      # Check required parameters after normalization so blank values are caught
+      missing = []
+      tasks[name]['parameters'].each do |k, v|
+        next if v['type']&.start_with?('Optional[')
+        next if v.key?('default')
+        missing << k unless params.key?(k)
+      end
+      raise Error.new(message: "Missing required parameters: #{missing}") unless missing.empty?
+
       # Validate targets
-      raise Proxy::OpenBolt::Error.new(message: "The 'targets' value should be a string or an array.'") unless targets.is_a?(String) || targets.is_a?(Array)
-      targets = targets.split(',').map { |t| t.strip }
-      raise Proxy::OpenBolt::Error.new(message: "The 'targets' value should not be empty.") if targets.empty?
+      raise Error.new(message: "The 'targets' value should be a string or an array.") unless targets.is_a?(String) || targets.is_a?(Array)
+      if targets.is_a?(Array)
+        raise Error.new(message: "All target values must be strings.") unless targets.all?(String)
+        targets = targets.map(&:strip).reject(&:empty?)
+      else
+        targets = targets.split(',').map(&:strip).reject(&:empty?)
+      end
+      raise Error.new(message: "The 'targets' value should not be empty.") if targets.empty?
 
-      options ||= {}
       # Validate options
-      raise Proxy::OpenBolt::Error.new(message: "The 'options' value should be a hash.") unless options.is_a?(Hash)
-      extra = options.keys - OPENBOLT_OPTIONS.keys
-      raise Proxy::OpenBolt::Error.new(message: "Invalid options specified: #{extra}") unless extra.empty?
+      raise Error.new(message: "The 'options' value should be a hash.") unless options.is_a?(Hash)
       unknown = options.keys - OPENBOLT_OPTIONS.keys
-      raise Proxy::OpenBolt::Error.new(message: "Invalid options specified: #{unknown}") unless unknown.empty?
+      raise Error.new(message: "Invalid options specified: #{unknown}") unless unknown.empty?
 
       # Normalize options, removing blank values
       options = normalize_values(options)
-      logger.info("Normalized options: #{scrub(options, options.inspect.to_s)}")
-      OPENBOLT_OPTIONS.each { |key, value| options[key] ||= value[:default] if value.key?(:default) }
-      logger.info("Options with required defaults: #{scrub(options, options.inspect.to_s)}")
+      logger.info("Normalized options: #{scrub(options, options.inspect)}")
+      OPENBOLT_OPTIONS.each { |key, meta| options[key] ||= meta[:default] if meta.key?(:default) }
+      logger.info("Options with required defaults: #{scrub(options, options.inspect)}")
+
+      # Choria transport defaults: fill in config file, SSL certs, and
+      # certname when the user has not provided them.
+      if options['transport'] == 'choria'
+        user_provided_config = options.key?('choria-config-file')
+
+        unless user_provided_config
+          shipped_config = File.join(File.dirname(__FILE__), 'config', 'choria-client.conf')
+          if File.readable?(shipped_config)
+            options['choria-config-file'] = shipped_config
+          else
+            logger.warn("Choria: shipped config at #{shipped_config} is not readable " \
+                        "(exists=#{File.exist?(shipped_config)}). Check package installation " \
+                        "and foreman-proxy user permissions.")
+          end
+        end
+
+        if !user_provided_config
+          missing_ssl = []
+          missing_ssl << 'ssl_certificate' if Proxy::SETTINGS.ssl_certificate.to_s.strip.empty?
+          missing_ssl << 'ssl_private_key' if Proxy::SETTINGS.ssl_private_key.to_s.strip.empty?
+          missing_ssl << 'ssl_ca_file' if Proxy::SETTINGS.ssl_ca_file.to_s.strip.empty?
+
+          if missing_ssl.empty?
+            options['choria-ssl-cert'] ||= Proxy::SETTINGS.ssl_certificate
+            options['choria-ssl-key']  ||= Proxy::SETTINGS.ssl_private_key
+            options['choria-ssl-ca']   ||= Proxy::SETTINGS.ssl_ca_file
+          else
+            logger.warn("Choria: cannot default SSL from proxy settings, missing: #{missing_ssl.join(', ')}. " \
+                        "Set choria-ssl-cert, choria-ssl-key, and choria-ssl-ca explicitly.")
+          end
+        elsif !options.key?('choria-ssl-cert')
+          logger.info('Choria: custom config file provided without SSL options. ' \
+                      'SSL settings will be read from the config file.')
+        end
+
+        unless options.key?('choria-mcollective-certname')
+          cert_path = options['choria-ssl-cert']
+          if cert_path.nil? && user_provided_config
+            logger.info('Choria: custom config file provided, certname will come from the config file or ' \
+                        "default to '<user>.mcollective'. Set 'choria-mcollective-certname' if needed.")
+          elsif cert_path.nil?
+            logger.warn('Choria: no choria-ssl-cert available, cannot derive mcollective-certname.')
+          elsif !File.readable?(cert_path)
+            logger.warn("Choria: cannot derive mcollective-certname, cert at #{cert_path} is not readable. " \
+                        "Set 'choria-mcollective-certname' explicitly or fix file permissions.")
+          else
+            begin
+              cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+              cn = cert.subject.to_a.find { |name, _, _| name == 'CN' }
+              if cn
+                options['choria-mcollective-certname'] = cn[1]
+              else
+                logger.warn("Choria: certificate at #{cert_path} has no CN. " \
+                            "Set 'choria-mcollective-certname' explicitly.")
+              end
+            rescue OpenSSL::X509::CertificateError => e
+              raise Error.new(
+                message: "Cannot read Choria certificate at #{cert_path}: #{e.message}. " \
+                         "Set 'choria-mcollective-certname' explicitly or fix the certificate file."
+              )
+            end
+          end
+        end
+
+        logger.info("Choria options after defaults: #{scrub(options, options.inspect)}")
+      end
 
       # Validate option types
-      options = options.map do |key, value|
+      options = options.to_h do |key, value|
         type = OPENBOLT_OPTIONS[key][:type]
-        value = value.nil? ? '' : value # Just in case
         case type
         when :boolean
           if value.is_a?(String)
             value = value.downcase.strip
-            raise Proxy::OpenBolt::Error.new(message: "Option #{key} must be a boolean 'true' or 'false'. Current value: #{value}") unless ['true', 'false'].include?(value)
+            raise Error.new(message: "Option #{key} must be a boolean 'true' or 'false'. Current value: #{value}") unless ['true', 'false'].include?(value)
             value = value == 'true'
           end
-          raise Proxy::OpenBolt::Error.new(message: "Option #{key} must be a boolean true for false. It appears to be #{value.class}.") unless [TrueClass, FalseClass].include?(value.class)
+          raise Error.new(message: "Option #{key} must be a boolean true or false. It appears to be #{value.class}.") unless [TrueClass, FalseClass].include?(value.class)
         when :string
-          value = value.strip
-          raise Proxy::OpenBolt::Error.new(message: "Option #{key} must have a value when the option is specified.") if value.empty?
+          raise Error.new(message: "Option #{key} must have a value when the option is specified.") if value.to_s.empty?
         when Array
-          value = value.strip
-          raise Proxy::OpenBolt::Error.new(message: "Option #{key} must have one of the following values: #{OPENBOLT_OPTIONS[key][:type]}") unless OPENBOLT_OPTIONS[key][:type].include?(value)
+          raise Error.new(message: "Option #{key} must have one of the following values: #{OPENBOLT_OPTIONS[key][:type]}") unless OPENBOLT_OPTIONS[key][:type].include?(value.to_s)
         end
         [key, value]
-      end.to_h
-      logger.info("Final options: #{scrub(options, options.inspect.to_s)}")
+      end
+      logger.info("Final options: #{scrub(options, options.inspect)}")
 
       ### Run the task ###
       task = TaskJob.new(name, params, options, targets)
       id = executor.add_job(task)
 
-      return {
-        id: id
-      }.to_json
+      { id: id }.to_json
     end
 
     # /job/:id/status
     def get_status(id)
-      return {
-        status: executor.status(id),
-      }.to_json
+      validate_job_id!(id)
+      { status: executor.status(id) }.to_json
     end
 
     # /job/:id/result
     def get_result(id)
-      executor.result(id).to_json
+      validate_job_id!(id)
+      result = executor.result(id)
+      return result if result.is_a?(String)
+      raise Error.new(message: "Job not found: #{id}") if result == :invalid
+      result.to_json
+    rescue Errno::ENOENT
+      raise Error.new(message: "Result file not found for job: #{id}")
+    end
+
+    # DELETE /job/:id/artifacts
+    def delete_artifacts(id)
+      validate_job_id!(id)
+
+      file_path = result_file_path(id)
+      real_path = File.realpath(file_path)
+      expected_dir = File.realpath(Plugin.settings.log_dir)
+      raise Error.new(message: 'Invalid file path') unless real_path.start_with?(expected_dir)
+
+      File.delete(file_path)
+      executor.remove_job(id)
+      logger.info("Deleted artifacts for job #{id}")
+      { status: 'deleted', job_id: id }.to_json
+    rescue Errno::ENOENT
+      logger.warning("Artifacts not found for job #{id}")
+      { status: 'not_found', job_id: id }.to_json
+    end
+
+    # Runs an openbolt command that is expected to produce JSON on stdout.
+    # Returns the parsed JSON hash. Raises CliError on non-zero exit or
+    # Error on JSON parse failure.
+    def openbolt_json(command)
+      stdout, stderr, exitcode = openbolt(command)
+      unless exitcode.zero?
+        raise CliError.new(
+          message:  "Error running '#{command.first(4).join(' ')}'.",
+          exitcode: exitcode,
+          stdout:   stdout,
+          stderr:   stderr,
+          command:  command.join(' ')
+        )
+      end
+      begin
+        JSON.parse(stdout)
+      rescue JSON::ParserError => e
+        raise Error.new(
+          message:   "Error parsing JSON output from '#{command.first(4).join(' ')}'.",
+          exception: e
+        )
+      end
     end
 
     # Anything that needs to run an OpenBolt CLI command should use this.
@@ -309,17 +484,29 @@ module Proxy::OpenBolt
     # --format json is specified. At some point, figure out how to make
     # OpenBolt's logger log to a file instead without having to have a special
     # project config file.
+    # Returns [stdout, stderr, exitcode]. Handles the case where the
+    # process is killed by a signal (exitstatus is nil).
     def openbolt(command)
       env = { 'BOLT_GEM' => 'true', 'BOLT_DISABLE_ANALYTICS' => 'true' }
-      Open3.capture3(env, *command.split)
+      stdout, stderr, status = Open3.capture3(env, *command)
+      exitcode = status.exitstatus
+      if exitcode.nil?
+        # 128 + signal follows the Unix/shell convention for signal exit codes.
+        exitcode = 128 + (status.termsig || 0)
+        stderr = "Process was killed by signal #{status.termsig}.\n#{stderr}"
+      end
+      [stdout, stderr, exitcode]
     end
 
-    # Probably needs to go in a utils class somewhere
     # Used only for display text that may contain sensitive OpenBolt
-    # options values. Should to be used to pass anything to the CLI.
+    # options values. Should not be used to pass anything to the CLI.
     def scrub(options, text)
       sensitive = options.select { |key, _| OPENBOLT_OPTIONS[key] && OPENBOLT_OPTIONS[key][:sensitive] }
-      sensitive.each { |_, value| text = text.gsub(value, '*****') }
+      sensitive.each_value do |value|
+        redact = value.to_s
+        next if redact.empty?
+        text = text.gsub(redact, '*****')
+      end
       text
     end
   end

data/lib/smart_proxy_openbolt/plugin.rb

@@ -1,24 +1,22 @@
 require 'fileutils'
 
 module Proxy::OpenBolt
-  class NotFound < RuntimeError; end
-
   class LogPathValidator < ::Proxy::PluginValidators::Base
     def validate!(settings)
       logdir = settings[:log_dir]
       unless Dir.exist?(logdir)
         FileUtils.mkdir_p(logdir)
-        FileUtils.chown('foreman-proxy','foreman-proxy',logdir)
+        if Process.uid == 0
+          FileUtils.chown('foreman-proxy', 'foreman-proxy', logdir)
+        end
         FileUtils.chmod(0750, logdir)
       end
-      raise ::Proxy::Error::ConfigurationError("Could not create log dir at #{logdir}") unless Dir.exist?(logdir)
+      raise ::Proxy::Error::ConfigurationError, "Could not create log dir at #{logdir}" unless Dir.exist?(logdir)
     end
   end
 
   class Plugin < ::Proxy::Plugin
-    plugin :openbolt, Proxy::OpenBolt::VERSION
-
-    expose_setting :enabled
+    plugin :openbolt, VERSION
 
     capability :tasks
 
@@ -31,10 +29,10 @@ module Proxy::OpenBolt
       log_dir: '/var/log/foreman-proxy/openbolt'
     )
 
-    load_validators :log_path_validator => Proxy::OpenBolt::LogPathValidator
+    load_validators :log_path_validator => LogPathValidator
     validate_readable :environment_path
     validate :log_dir, :log_path_validator => true
 
-    https_rackup_path File.expand_path('http_config.ru', File.expand_path('../', __FILE__))
+    https_rackup_path File.expand_path('http_config.ru', File.expand_path(__dir__))
   end
 end

data/lib/smart_proxy_openbolt/result.rb

@@ -2,7 +2,6 @@ require 'json'
 
 module Proxy::OpenBolt
   class Result
-
     attr_reader :command, :status, :value, :log, :message, :schema
 
     # Result from the OpenBolt CLI with --format json looks like:
@@ -38,35 +37,33 @@ module Proxy::OpenBolt
         @message = "Command unexpectedly exited with code #{exitcode}"
         @status = :exception
         @value = "stderr:\n#{stderr}\nstdout:\n#{stdout}"
+      elsif exitcode == 1 && !stdout.start_with?('{')
+        @value = stdout
+        @status = :failure
+        @log = stderr
       else
-        if exitcode == 1 && !stdout.start_with?('{')
-          @value = stdout
-          @status = :failure
+        begin
+          @value = JSON.parse(stdout)
+          @status = exitcode == 0 ? :success : :failure
+          @log = stderr
+        rescue JSON::ParserError => e
+          @status = :exception
+          @message = e.message
+          @value = e.inspect
           @log = stderr
-        else
-          begin
-            @value = JSON.parse(stdout)
-            @status = exitcode == 0 ? :success : :failure
-            @log = stderr
-          rescue JSON::ParserError => e
-            @status = :exception
-            @message = e.message
-            @value = e.inspect
-            @log = stderr
-          end
         end
       end
     end
 
-    def to_json
+    def to_json(*args)
       {
-        'command': @command,
-        'status': @status,
-        'value': @value,
-        'log': @log,
-        'message': @message,
-        'schema': @schema,
-      }.to_json
+        'command' => @command,
+        'status'  => @status,
+        'value'   => @value,
+        'log'     => @log,
+        'message' => @message,
+        'schema'  => @schema,
+      }.to_json(*args)
     end
   end
 end