specinfra-backend-salt 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b84186c9096ae3b7226205cef3e4a83f6add4956c78081fd8d9f8b1488717c3c
+  data.tar.gz: 384b1c47508bde15b4d6ea4a56e4658fe8e6b6a64768e556158eef357c04200f
+SHA512:
+  metadata.gz: 57945e96d70f85fd894d237bbdb6f8772a20c4f3990d21b1b8bcfce3a46a08877e30c558d2ccfcb40529b5fefa3845e5274935d767d2c65620cc596c3af28501
+  data.tar.gz: ffcdccc719c226ca3460f40bef2d8f6cd665aed477a102e97bdc00891010154771e9bf8f910a208db40c662ec8230cae97918da2b5cd01016c6041d3818d37c6

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at 127820811+nyuyuyu@users.noreply.github.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 nyuyuyu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+# Specinfra::Backend::Salt
+
+This backend execute command on salt-minion from salt-master using `salt cmd.run` command.
+
+So, this backend work on ***only salt-master*** .
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'specinfra-backend-salt'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install specinfra-backend-salt
+
+## Usage
+
+An example for using [Serverspec](https://serverspec.org/).
+
+```ruby:spec_helper.rb
+require 'serverspec'
+require 'specinfra/backend/salt'
+
+set :backend, :salt
+
+if ENV['ASK_SALT_SUDO_PASSWORD']
+  begin
+    require 'highline/import'
+  rescue LoadError
+    fail "highline is not available. Try installing it."
+  end
+  set :salt_sudo_password, ask("Enter sudo password: ") { |q| q.echo = false }
+else
+  set :salt_sudo_password, ENV['SALT_SUDO_PASSWORD']
+end
+
+# :host should be a minion ID.
+set :host, ENV['TARGET_HOST']
+```
+
+## Optional options
+
+- `:salt_user` Specify the username to execute command on salt-minion. (default: `root`)
+- `:salt_become_method` Specify the privilege escalation method to execute `salt run.cmd` on salt-master. (default: `:sudo`, `:su` or `:none`)
+- `:salt_sudo_user` Specify the username to execute `salt run.cmd` with `sudo` on salt-master. (default: `root`)
+- `:salt_sudo_password` Specify the password of `:salt_sudo_user` user.
+- `:salt_sudo_path` Specify the path of the directory where the `sudo` is placed on salt-master.
+- `:salt_su_user` Specify the username to execute `salt run.cmd` with `su` on salt-master. (default: `root`)
+- `:salt_su_password` Specify the password of `:salt_su_user` user.
+- `:salt_su_path` Specify the path of the directory where the `su` is placed on salt-master.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/nyuyuyu/specinfra-backend-salt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Specinfra::Backend::Salt project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/nyuyuyu/specinfra-backend-salt/blob/main/CODE_OF_CONDUCT.md).

data/lib/specinfra/backend/salt.rb

@@ -0,0 +1,172 @@
+# coding: utf-8
+# frozen_string_literal: true
+
+require 'specinfra/backend/base'
+require 'specinfra/backend/exec'
+require 'pty'
+require 'expect'
+require 'open3'
+require 'json'
+
+module Specinfra
+  module Backend
+    class Salt < Exec # rubocop:disable Metrics/ClassLength
+      def run_command(cmd, _opts = {})
+        raise 'DO NOT INCLUDE COMMA IN HOSTNAME!' if get_config(:host) =~ /,/
+
+        cmd = build_command(cmd)
+        ret = salt_exec!(cmd)
+
+        if @example
+          @example.metadata[:command] = cmd
+          @example.metadata[:stdout]  = ret[:stdout]
+        end
+
+        CommandResult.new ret
+      end
+
+      def send_file(_from, _to)
+        raise 'not implemented'
+      end
+
+      def send_directory(_from, _to)
+        raise 'not implemented'
+      end
+
+      def build_command(cmd)
+        cmd = build_salt_command(cmd)
+
+        case get_config(:salt_become_method)
+        when :none
+          cmd
+        when :su
+          cmd = "/bin/sh -c #{cmd.shellescape} 2> /dev/null"
+          "#{su} #{cmd.shellescape}"
+        else
+          "#{sudo} /bin/sh -c #{cmd.shellescape}"
+        end
+      end
+
+      private
+
+      def build_salt_command(cmd)
+        options = "env='#{load_env}'"
+
+        user = get_config(:salt_user)
+        options = "#{options} runas='#{user}'" if user
+        shell = get_config(:shell) || '/bin/sh'
+        options = "#{options} shell='#{shell}'"
+
+        # avoid failing commands by removing trailing whitespace by salt command.
+        cmd += ';'
+
+        pre_cmd = get_config(:pre_command)
+        cmd = "#{pre_cmd} && #{cmd}" if pre_cmd
+
+        "salt -L #{get_config(:host)} --out=json cmd.run #{options} #{cmd.shellescape}"
+      end
+
+      def load_env
+        env = get_config(:env) || {}
+        env[:LANG] ||= 'C'
+        env.to_json
+      end
+
+      def salt_error_message_regexp
+        /^Minion\ did\ not\ return\.\ \[.*\]$/
+      end
+
+      def sudo_fail_message_regexp
+        /(Sorry,\ try\ again\.|sudo:\ [0-9]+\ incorrect\ password\ attempts)\R/
+      end
+
+      def su_prompt_regexp
+        /^Password:\s*/
+      end
+
+      def su_fail_message_regexp
+        /^su:\ (Authentication\ failure|Sorry)\R/
+      end
+
+      def parse_salt_response(response)
+        stdout_data = JSON.parse(response[:stdout])[get_config(:host)]
+        raise "salt command failed. #{response}" if stdout_data =~ salt_error_message_regexp
+
+        stderr_data = response[:stderr]
+        exit_status = response[:exit_status]
+
+        { stdout: stdout_data, stderr: stderr_data, exit_status: exit_status }
+      rescue JSON::ParserError
+        raise "salt command failed. #{response}"
+      end
+
+      def salt_exec!(cmd)
+        r = if get_config(:salt_become_method) == :su
+              exec_with_pty!(cmd)
+            else
+              exec_with_open3!(cmd)
+            end
+        parse_salt_response(r)
+      end
+
+      def exec_with_open3!(cmd)
+        sudo_password = nil
+        if get_config(:salt_become_method) != :none && get_config(:salt_sudo_password)
+          sudo_password = "#{get_config(:salt_sudo_password)}\n"
+        end
+
+        stdout_data, stderr_data, status = Open3.capture3(cmd, stdin_data: sudo_password)
+        raise 'Wrong sudo password! Please confirm your password.' if stderr_data =~ sudo_fail_message_regexp
+
+        { stdout: stdout_data, stderr: stderr_data, exit_status: status.exitstatus }
+      end
+
+      def exec_with_pty!(cmd) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        stdout_data = ''
+        stderr_data = ''
+        exit_status = nil
+
+        PTY.spawn({ 'LANG' => 'C' }, cmd) do |r, w, pid|
+          w.sync = true
+
+          unless Process.uid.zero?
+            r.expect(su_prompt_regexp) do
+              w.puts get_config(:salt_su_password)
+            end
+          end
+
+          begin
+            r.each do |line|
+              raise 'Wrong su password! Please confirm your password.' if line =~ su_fail_message_regexp
+
+              stdout_data << line
+            end
+          rescue Errno::EIO
+            # NOP
+          ensure
+            p = Process.wait2 pid
+            exit_status = p[1].exitstatus
+          end
+        end
+
+        { stdout: stdout_data, stderr: stderr_data, exit_status: exit_status }
+      end
+
+      def sudo
+        sudo_path = 'sudo'
+        sudo_path = "#{get_config(:salt_sudo_path)}/#{sudo_path}" if get_config(:salt_sudo_path)
+        sudo_user = get_config(:salt_sudo_user) || 'root'
+
+        "#{sudo_path} -S -u #{sudo_user}"
+      end
+
+      def su
+        su_path = 'su'
+        su_path = "#{get_config(:salt_su_path)}/#{su_path}" if get_config(:salt_su_path)
+        su_user = get_config(:salt_su_user) || 'root'
+
+        "#{su_path} #{su_user} -c"
+      end
+    end
+  end
+end

data/lib/specinfra/salt_backend/version.rb

@@ -0,0 +1,8 @@
+# coding: utf-8
+# frozen_string_literal: true
+
+module Specinfra
+  module SaltBackend
+    VERSION = '1.0.0'
+  end
+end

metadata

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: specinfra-backend-salt
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- nyuyuyu
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-04-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: specinfra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Specinfra backend for SaltStack
+email:
+- 127820811+nyuyuyu@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CODE_OF_CONDUCT.md
+- LICENSE
+- README.md
+- lib/specinfra/backend/salt.rb
+- lib/specinfra/salt_backend/version.rb
+homepage: https://github.com/nyuyuyu/specinfra-backend-salt
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key: 
+specification_version: 4
+summary: Specinfra backend for SaltStack
+test_files: []