smart_proxy_salt 2.1.8 → 3.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3617d7030f84c637b456820c2ed126a46a0891f8
-  data.tar.gz: e38b6cbe39839ac23e9b734fd1b72ee5baeb10fb
+SHA256:
+  metadata.gz: 5c5e6d0a2348b06d27789269578966ec1b2ae1413341ca1dc5bb318630653c44
+  data.tar.gz: 8238c8469d73c893ead9a9cba3692652b9227a5aa6bdc400cc53e1c83e28e7db
 SHA512:
-  metadata.gz: 5b4b844c9a4463aa77ca9769028fd5d32d9efa933c4ecc6cf90391ab437f78936a7882583f548bfa338c33dfd4731e27fba5f1d233e650521aaf3411888cf824
-  data.tar.gz: 657c0199e6aea9a2fefdcc4847f2a7107ba4dd1fbf28c2e7413a4119a09c79680e69a5ed569e13f2e854a07096ba82bc8e8e69752ea5e3b1b9fbf26f47f57c45
+  metadata.gz: 2873b74a8f42b9e979c38da137674d92e3d0cccdfea62924d27b89ca3c76f4ffc3a5ed961c3e9935311ca1ca51868e44f4315d3cd4d86752d315de0434955b62
+  data.tar.gz: '091bdeb081d90458404ad84baba32db5830b170a28678f554174030722563935186e7fd9abcb52fa743edf5148aae76b65177e7e13e5b2113f48fb0f8f1c8b75'

data/bin/foreman-node

@@ -1,12 +1,14 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 # This is the external nodes script to allow Salt to retrieve info about a host
 # from Foreman.  It also uploads a node's grains to Foreman, if the setting is
 # enabled.
 
 require 'yaml'
 
-$settings_file = '/etc/salt/foreman.yaml'
-SETTINGS = YAML.load_file($settings_file)
+settings_file = '/etc/salt/foreman.yaml'
+SETTINGS = YAML.load_file(settings_file)
 
 require 'net/http'
 require 'net/https'
@@ -19,9 +21,13 @@ rescue LoadError
   # Debian packaging guidelines state to avoid needing rubygems, so
   # we only try to load it if the first require fails (for RPMs)
   begin
-    require 'rubygems' rescue nil
+    begin
+      require 'rubygems'
+    rescue Exception
+      nil
+    end
     require 'json'
-  rescue LoadError => e
+  rescue LoadError
     puts 'You need the `json` gem to use the Foreman ENC script'
     # code 1 is already used below
     exit 2
@@ -37,66 +43,33 @@ def valid_hostname?(hostname)
 end
 
 def get_grains(minion)
-  begin
-    grains = {
-      :name  => minion,
-      :facts => plain_grains(minion).merge({:_timestamp => Time.now, :_type => 'foreman_salt'})
-    }
-
-    grains[:facts][:operatingsystem] = grains[:facts]['os']
-    grains[:facts][:operatingsystemrelease] = grains[:facts]['osrelease']
-
-    JSON.pretty_generate(grains)
-  rescue => e
-    puts "Could not get grains: #{e}"
-    exit 1
-  end
+  grains = {
+    :name  => minion,
+    :facts => plain_grains(minion).merge(:_timestamp => Time.now, :_type => 'foreman_salt')
+  }
+
+  grains[:facts][:operatingsystem] = grains[:facts]['os']
+  grains[:facts][:operatingsystemrelease] = grains[:facts]['osrelease']
+
+  JSON.pretty_generate(grains)
+rescue Exception => e
+  puts "Could not get grains: #{e}"
+  exit 1
 end
 
 def plain_grains(minion)
   # We have to get the grains from the cache, because the client
   # is probably running 'state.highstate' right now.
-  #
-  # salt-run doesn't support directly outputting to json,
-  # so we have resort to python to extract the grains.
-  # Based on https://github.com/saltstack/salt/issues/9444
-
-script = <<-EOF
-#!/usr/bin/env python
-import json
-import os
-import sys
-
-import salt.config
-import salt.runner
-
-if __name__ == '__main__':
-    __opts__ = salt.config.master_config(
-            os.environ.get('SALT_MASTER_CONFIG', '/etc/salt/minion'))
-    runner = salt.runner.Runner(__opts__)  
-   
-    stdout_bak = sys.stdout
-    with open(os.devnull, 'wb') as f:
-        sys.stdout = f  
-        ret = runner.cmd('cache.grains', ['#{minion}'])
-    sys.stdout = stdout_bak
-
-    print json.dumps(ret)
-EOF
-
-  result = IO.popen('python 2>/dev/null', mode='r+') do |python|
-    python.write script
-    python.close_write
-    result = python.read
+
+  result = IO.popen(['salt-run', '-l', 'quiet', '--output=json', 'cache.grains', minion]) do |io|
+    io.read
   end
 
-  grains = JSON.load(result)
+  grains = JSON.parse(result)
 
-  if grains
-    plainify(grains[minion]).flatten.inject(&:merge)
-  else
-    raise 'No grains received from Salt master'
-  end
+  raise 'No grains received from Salt master' unless grains
+
+  plainify(grains[minion]).flatten.inject(&:merge)
 end
 
 def plainify(hash, prefix = nil)
@@ -126,33 +99,31 @@ def get_key(key, prefix)
 end
 
 def upload_grains(minion)
-  begin
-    grains = get_grains(minion)
-    uri = URI.parse("#{foreman_url}/api/hosts/facts")
-    req = Net::HTTP::Post.new(uri.request_uri)
-    req.add_field('Accept', 'application/json,version=2' )
-    req.content_type = 'application/json'
-    req.body         = grains 
-    res              = Net::HTTP.new(uri.host, uri.port)
-    res.use_ssl      = uri.scheme == 'https'
-    if res.use_ssl?
-      if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
-        res.ca_file = SETTINGS[:ssl_ca]
-        res.verify_mode = OpenSSL::SSL::VERIFY_PEER
-      else
-        res.verify_mode = OpenSSL::SSL::VERIFY_NONE
-      end
-      if SETTINGS[:ssl_cert] && !SETTINGS[:ssl_cert].empty? && SETTINGS[:ssl_key] && !SETTINGS[:ssl_key].empty?
-        res.cert = OpenSSL::X509::Certificate.new(File.read(SETTINGS[:ssl_cert]))
-        res.key  = OpenSSL::PKey::RSA.new(File.read(SETTINGS[:ssl_key]), nil)
-      end
-    elsif SETTINGS[:username] && SETTINGS[:password]
-      req.basic_auth(SETTINGS[:username], SETTINGS[:password])
+  grains = get_grains(minion)
+  uri = URI.parse("#{foreman_url}/api/hosts/facts")
+  req = Net::HTTP::Post.new(uri.request_uri)
+  req.add_field('Accept', 'application/json,version=2')
+  req.content_type = 'application/json'
+  req.body         = grains
+  res              = Net::HTTP.new(uri.host, uri.port)
+  res.use_ssl      = uri.scheme == 'https'
+  if res.use_ssl?
+    if SETTINGS[:ssl_ca] && !SETTINGS[:ssl_ca].empty?
+      res.ca_file = SETTINGS[:ssl_ca]
+      res.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    else
+      res.verify_mode = OpenSSL::SSL::VERIFY_NONE
     end
-    res.start { |http| http.request(req) }
-  rescue => e
-    raise "Could not send facts to Foreman: #{e}"
+    if SETTINGS[:ssl_cert] && !SETTINGS[:ssl_cert].empty? && SETTINGS[:ssl_key] && !SETTINGS[:ssl_key].empty?
+      res.cert = OpenSSL::X509::Certificate.new(File.read(SETTINGS[:ssl_cert]))
+      res.key  = OpenSSL::PKey::RSA.new(File.read(SETTINGS[:ssl_key]), nil)
+    end
+  elsif SETTINGS[:username] && SETTINGS[:password]
+    req.basic_auth(SETTINGS[:username], SETTINGS[:password])
   end
+  res.start { |http| http.request(req) }
+rescue Exception => e
+  raise "Could not send facts to Foreman: #{e}"
 end
 
 def enc(minion)
@@ -176,7 +147,7 @@ def enc(minion)
     req.basic_auth(SETTINGS[:username], SETTINGS[:password])
   end
 
-  res = http.start { |http| http.request(req) }
+  res = http.start { |conn| conn.request(req) }
 
   raise "Error retrieving node #{minion}: #{res.class}\nCheck Foreman's /var/log/foreman/production.log for more information." unless res.code == '200'
   res.body
@@ -198,7 +169,7 @@ begin
     result = enc(minion)
   end
   puts result
-rescue => e
+rescue Exception => e
   puts "Couldn't retrieve ENC data: #{e}"
   exit 1
 end

data/bundler.d/salt.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 gem 'smart_proxy_salt'

data/lib/smart_proxy_salt.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'smart_proxy_salt/version'
 require 'smart_proxy_salt/salt'

data/lib/smart_proxy_salt/api_request.rb

@@ -1,44 +1,49 @@
+# frozen_string_literal: true
+
 require 'json'
 require 'net/http'
 require 'net/https'
 require 'uri'
 
-module Proxy::Salt
-  class ApiError < RuntimeError; end
-
-  class ApiRequest
-    attr_reader :url, :username, :password, :auth
-
-    def initialize
-      @url = Proxy::Salt::Plugin.settings.api_url
-      @auth = Proxy::Salt::Plugin.settings.api_auth
-      @username = Proxy::Salt::Plugin.settings.api_username
-      @password = Proxy::Salt::Plugin.settings.api_password
-
-      begin
-        URI.parse(url)
-      rescue URI::InvalidURIError => e
-        raise ConfigurationError.new("Invalid Salt api_url setting: #{e}")
+module Proxy
+  module Salt
+    class ApiError < RuntimeError; end
+    class ConfigurationError < RuntimeError; end
+
+    # SaltStack's Rest API
+    class ApiRequest
+      attr_reader :url, :username, :password, :auth
+
+      def initialize
+        @url = Proxy::Salt::Plugin.settings.api_url
+        @auth = Proxy::Salt::Plugin.settings.api_auth
+        @username = Proxy::Salt::Plugin.settings.api_username
+        @password = Proxy::Salt::Plugin.settings.api_password
+
+        begin
+          URI.parse(url)
+        rescue URI::InvalidURIError => e
+          raise ConfigurationError.new("Invalid Salt api_url setting: #{e}")
+        end
       end
-    end
 
-    def post(path, options = {})
-      uri              = URI.parse(url)
-      http             = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl     = uri.scheme == 'https'
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-      path = [uri.path, path].join('/') unless uri.path.empty?
+      def post(path, options = {})
+        uri              = URI.parse(url)
+        http             = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl     = uri.scheme == 'https'
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        path = [uri.path, path].join unless uri.path.empty?
+
+        request = Net::HTTP::Post.new(URI.join(uri.to_s, path).path)
+        request.add_field('Accept', 'application/json')
+        request.set_form_data(options.merge(:username => username, :password => password, :eauth => auth))
 
-      request = Net::HTTP::Post.new(URI.join(uri.to_s, path).path)
-      request.add_field('Accept', 'application/json')
-      request.set_form_data(options.merge(:username => username, :password => password, :eauth => auth))
+        response = http.request(request)
 
-      response = http.request(request)
+        raise NotFound.new("Received 404 from Salt API: #{response.body}") if response.is_a?(Net::HTTPNotFound)
+        raise ApiError.new("Failed to query Salt API (#{response.code}): #{response.body}") unless response.is_a?(Net::HTTPOK)
 
-      if response.is_a? Net::HTTPOK
-        JSON.load(response.body)
-      else
-        raise ApiError.new("Failed to query Salt API (#{response.code}): #{response.body}")
+        JSON.parse(response.body)
       end
     end
   end

data/lib/smart_proxy_salt/cli.rb

@@ -1,163 +1,168 @@
-module Proxy::Salt::CLI
-  extend ::Proxy::Log
-  extend ::Proxy::Util
+# frozen_string_literal: true
 
-  class << self
-    def autosign_file
-      Proxy::Salt::Plugin.settings.autosign_file
-    end
+require 'English'
 
-    def autosign_create(host)
-      FileUtils.touch(autosign_file) unless File.exist?(autosign_file)
+module Proxy
+  module Salt
+    # CLI methods
+    module CLI
+      extend ::Proxy::Log
+      extend ::Proxy::Util
 
-      autosign = open(autosign_file, File::RDWR)
+      class << self
+        def autosign_file
+          Proxy::Salt::Plugin.settings.autosign_file
+        end
 
-      found = false
-      autosign.each_line { |line| found = true if line.chomp == host }
-      autosign.puts host unless found
-      autosign.close
+        def autosign_create(host)
+          FileUtils.touch(autosign_file) unless File.exist?(autosign_file)
 
-      result = {:message => "Added #{host} to autosign"}
-      logger.info result[:message]
-      result
-    end
+          autosign = open(autosign_file, File::RDWR)
 
-    def autosign_remove(host)
-      raise "No such file #{autosign_file}" unless File.exists?(autosign_file)
+          found = false
+          autosign.each_line { |line| found = true if line.chomp == host }
+          autosign.puts host unless found
+          autosign.close
 
-      found = false
-      entries = open(autosign_file, File::RDONLY).readlines.collect do |l|
-        if l.chomp != host
-          l
-        else
-          found = true
-          nil
+          result = { :message => "Added #{host} to autosign" }
+          logger.info result[:message]
+          result
         end
-      end.uniq.compact
-      if found
-        autosign = open(autosign_file, File::TRUNC|File::RDWR)
-        autosign.write entries.join("\n")
-        autosign.write "\n"
-        autosign.close
-        result = {:message => "Removed #{host} from autosign"}
-        logger.info result[:message]
-        result
-      else
-        logger.info "Attempt to remove nonexistant client autosign for #{host}"
-        raise Proxy::Salt::NotFound, "Attempt to remove nonexistant client autosign for #{host}"
-      end
-    end
-
-    def autosign_list
-      return [] unless File.exist?(autosign_file)
-      File.read(autosign_file).split("\n").reject { |v|
-        v =~ /^\s*#.*|^$/ ## Remove comments and empty lines
-      }.map { |v|
-        v.chomp ## Strip trailing spaces
-      }
-    end
 
-    def highstate(host)
-      find_salt_binaries
-      cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt, '--async', escape_for_shell(host), 'state.highstate']
-      logger.info "Will run state.highstate for #{host}. Full command: #{cmd.join(' ')}"
-      shell_command(cmd)
-    end
-
-    def key_delete(host)
-      find_salt_binaries
-      cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt_key, '--yes', '-d', escape_for_shell(host)]
-      shell_command(cmd)
-    end
-
-    def key_reject(host)
-      find_salt_binaries
-      cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt_key, '--yes', '-r', escape_for_shell(host)]
-      shell_command(cmd)
-    end
+        def autosign_remove(host)
+          raise "No such file #{autosign_file}" unless File.exist?(autosign_file)
+
+          found = false
+          entries = open(autosign_file, File::RDONLY).readlines.collect do |l|
+            if l.chomp != host
+              l
+            else
+              found = true
+              nil
+            end
+          end.uniq.compact
+          if found
+            autosign = open(autosign_file, File::TRUNC | File::RDWR)
+            autosign.write entries.join("\n")
+            autosign.write "\n"
+            autosign.close
+            result = { :message => "Removed #{host} from autosign" }
+            logger.info result[:message]
+            result
+          else
+            logger.info "Attempt to remove nonexistant client autosign for #{host}"
+            raise Proxy::Salt::NotFound.new("Attempt to remove nonexistant client autosign for #{host}")
+          end
+        end
 
-    def key_accept(host)
-      find_salt_binaries
-      cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt_key, '--yes', '-a', escape_for_shell(host)]
-      shell_command(cmd)
-    end
+        def autosign_list
+          return [] unless File.exist?(autosign_file)
+          File.read(autosign_file).split("\n").reject do |v|
+            v =~ /^\s*#.*|^$/ ## Remove comments and empty lines
+          end.map(&:chomp)
+        end
 
-    def key_list
+        def highstate(host)
+          find_salt_binaries
+          cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt, '--async', escape_for_shell(host), 'state.highstate']
+          logger.info "Will run state.highstate for #{host}. Full command: #{cmd.join(' ')}"
+          shell_command(cmd)
+        end
 
-      find_salt_binaries
-      command = "#{@sudo} -u #{Proxy::Salt::Plugin.settings.salt_command_user} #{@salt_key} --finger-all --output=json"
-      logger.debug "Executing #{command}"
-      response = `#{command}`
-      unless $? == 0
-        logger.warn "Failed to run salt-key: #{response}"
-        raise 'Execution of salt-key failed, check log files'
-      end
+        def key_delete(host)
+          find_salt_binaries
+          cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt_key, '--yes', '-d', escape_for_shell(host)]
+          shell_command(cmd)
+        end
 
-      keys_hash = {}
+        def key_reject(host)
+          find_salt_binaries
+          cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt_key, '--include-accepted', '--yes', '-r', escape_for_shell(host)]
+          shell_command(cmd)
+        end
 
-      sk_hash = JSON.parse(response)
+        def key_accept(host)
+          find_salt_binaries
+          cmd = [@sudo, '-u', Proxy::Salt::Plugin.settings.salt_command_user, @salt_key, '--include-rejected', '--yes', '-a', escape_for_shell(host)]
+          shell_command(cmd)
+        end
 
-      accepted_minions = sk_hash['minions']
-      accepted_minions.keys.each { | accepted_minion | keys_hash[accepted_minion] = { 'state' => 'accepted', 'fingerprint' => accepted_minions[accepted_minion]} } if sk_hash.key? 'minions'
+        def key_list
+          find_salt_binaries
+          command = "#{@sudo} -u #{Proxy::Salt::Plugin.settings.salt_command_user} #{@salt_key} --finger-all --output=json"
+          logger.debug "Executing #{command}"
+          response = `#{command}`
+          unless $CHILD_STATUS == 0
+            logger.warn "Failed to run salt-key: #{response}"
+            raise 'Execution of salt-key failed, check log files'
+          end
 
-      rejected_minions = sk_hash['minions_rejected']
-      rejected_minions.keys.each { | rejected_minion | keys_hash[rejected_minion] = { 'state' => 'rejected', 'fingerprint' => rejected_minions[rejected_minion] } } if sk_hash.key? 'minions_rejected'
+          keys_hash = {}
 
-      unaccepted_minions = sk_hash['minions_pre']
-      unaccepted_minions.keys.each { | unaccepted_minion | keys_hash[unaccepted_minion] = { 'state' => 'unaccepted', 'fingerprint' => unaccepted_minions[unaccepted_minion] } } if sk_hash.key? 'minions_pre'
+          sk_hash = JSON.parse(response)
 
-      keys_hash
+          accepted_minions = sk_hash['minions']
+          accepted_minions.each_key { |accepted_minion| keys_hash[accepted_minion] = { 'state' => 'accepted', 'fingerprint' => accepted_minions[accepted_minion] } } if sk_hash.key? 'minions'
 
-    end
+          rejected_minions = sk_hash['minions_rejected']
+          rejected_minions.each_key { |rejected_minion| keys_hash[rejected_minion] = { 'state' => 'rejected', 'fingerprint' => rejected_minions[rejected_minion] } } if sk_hash.key? 'minions_rejected'
 
-    private
+          unaccepted_minions = sk_hash['minions_pre']
+          unaccepted_minions.each_key { |unaccepted_minion| keys_hash[unaccepted_minion] = { 'state' => 'unaccepted', 'fingerprint' => unaccepted_minions[unaccepted_minion] } } if sk_hash.key? 'minions_pre'
 
-    def shell_command(cmd, wait = true)
-      begin
-        c = popen(cmd)
-        unless wait
-          Process.detach(c.pid)
-          return 0
+          keys_hash
         end
-        Process.wait(c.pid)
-        logger.info("Result: #{c.read}")
-      rescue Exception => e
-        logger.error("Exception '#{e}' when executing '#{cmd}'")
-        return false
-      end
-      logger.warn("Non-null exit code when executing '#{cmd}'") if $?.exitstatus != 0
-      $?.exitstatus == 0
-    end
 
-    def popen(cmd)
-      # 1.8.7 note: this assumes that cli options are space-separated
-      cmd = cmd.join(' ') unless RUBY_VERSION > '1.8.7'
-      logger.debug("about to execute: #{cmd}")
-      IO.popen(cmd)
-    end
-
-    def find_salt_binaries
-      @salt_key = which('salt-key')
-      unless File.exists?("#{@salt_key}")
-        logger.warn 'unable to find salt-key binary'
-        raise 'unable to find salt-key'
-      end
-      logger.debug "Found salt-key at #{@salt_key}"
+        private
+
+        def shell_command(cmd, wait = true)
+          begin
+            c = popen(cmd)
+            unless wait
+              Process.detach(c.pid)
+              return 0
+            end
+            Process.wait(c.pid)
+            logger.info("Result: #{c.read}")
+          rescue Exception => e
+            logger.error("Exception '#{e}' when executing '#{cmd}'")
+            return false
+          end
+          logger.warn("Non-null exit code when executing '#{cmd}'") unless $CHILD_STATUS.success?
+          $CHILD_STATUS.success?
+        end
 
-      @salt = which('salt')
-      unless File.exists?("#{@salt}")
-        logger.warn 'unable to find salt binary'
-        raise 'unable to find salt'
-      end
-      logger.debug "Found salt at #{@salt}"
+        def popen(cmd)
+          # 1.8.7 note: this assumes that cli options are space-separated
+          cmd = cmd.join(' ') unless RUBY_VERSION > '1.8.7'
+          logger.debug("about to execute: #{cmd}")
+          IO.popen(cmd)
+        end
 
-      @sudo = which('sudo')
-      unless File.exists?(@sudo)
-        logger.warn 'unable to find sudo binary'
-        raise 'Unable to find sudo'
+        def find_salt_binaries
+          @salt_key = which('salt-key')
+          unless File.exist?(@salt_key.to_s)
+            logger.warn 'unable to find salt-key binary'
+            raise 'unable to find salt-key'
+          end
+          logger.debug "Found salt-key at #{@salt_key}"
+
+          @salt = which('salt')
+          unless File.exist?(@salt.to_s)
+            logger.warn 'unable to find salt binary'
+            raise 'unable to find salt'
+          end
+          logger.debug "Found salt at #{@salt}"
+
+          @sudo = which('sudo')
+          unless File.exist?(@sudo)
+            logger.warn 'unable to find sudo binary'
+            raise 'Unable to find sudo'
+          end
+          logger.debug "Found sudo at #{@sudo}"
+          @sudo = @sudo.to_s
+        end
       end
-      logger.debug "Found sudo at #{@sudo}"
-      @sudo = "#{@sudo}"
     end
   end
 end