train-core 3.4.9 → 3.10.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6272024b67e2dac1df86499e4687dc44d5df58b328146d52cb864433d7c6e6a7
-  data.tar.gz: a4133877056cc7feed58ac9dab964ecfc435d28cc30a09d6dd104577a8a30374
+  metadata.gz: 6d396bbb358c284289e040d532236fa26f2f92d73aa41dde56bf0b914a087238
+  data.tar.gz: e378a5a7c8af2cc8bcadc02abc1e99c310f73a182703edac027592074dfa8eba
 SHA512:
-  metadata.gz: 53bcc25af9bade96ee63aa1f0940927cb4e4183220737269bb4882c800df94c1bf6cb924abf5cb6b354b18ae000b6fba3d7a35787a3764d9402cd63f7b90bdd2
-  data.tar.gz: 775d8a24be41a87f8427f3850b829b1acbc78d2a9ef8e299e1e4c9f9dbd352838d7bd9ef906723832171d0f822a10dac39827ab8a1b92c7ebec220bf37e337dd
+  metadata.gz: e37b9360ad1d5c206c700b770e41d552d0a864dfec0df63fde6201c7c842b3f45f9bcb0ffc2f4f6413b55d5354864eae87c1488c2c7dc31228ab9b39da5509e1
+  data.tar.gz: 699adc38633ac5c01a0de55baa35ed4bacf060efff95a7c05d6afb324fff206c4920e29151b0ed23fb1ee2b7b4b57352323654df19a1393c2f22eae6de18678e

data/lib/train/errors.rb

@@ -38,6 +38,9 @@ module Train
   # Exception for when no platform can be detected.
   class PlatformDetectionFailed < Error; end
 
+  # Exception for when no uuid for the platform can be detected.
+  class PlatformUuidDetectionFailed < Error; end
+
   # Exception for when a invalid cache type is passed.
   class UnknownCacheType < Error; end
 

data/lib/train/extras/command_wrapper.rb

@@ -81,6 +81,9 @@ module Train::Extras
       when /sudo: sorry, you must have a tty to run sudo/
         ["Sudo requires a TTY. Please see the README on how to configure "\
           "sudo to allow for non-interactive usage.", :sudo_no_tty]
+      when /sudo: a terminal is required to read the password; either use/
+        ["Sudo cannot prompt for password because there is no terminal. "\
+            "Please provide the sudo password directly", :sudo_missing_terminal]
       else
         [rawerr, nil]
       end

data/lib/train/extras/stat.rb

@@ -34,7 +34,7 @@ module Train::Extras
 
     def self.linux_stat(shell_escaped_path, backend, follow_symlink)
       lstat = follow_symlink ? " -L" : ""
-      format = (backend.os.esx? || backend.os[:name] == "alpine" || backend.os[:name] == "yocto") ? "-c" : "--printf"
+      format = (backend.os.esx? || %w{alpine yocto ubios}.include?(backend.os[:name])) ? "-c" : "--printf"
       res = backend.run_command("stat#{lstat} #{shell_escaped_path} 2>/dev/null #{format} '%s\n%f\n%U\n%u\n%G\n%g\n%X\n%Y\n%C'")
       # ignore the exit_code: it is != 0 if selinux labels are not supported
       # on the system.

data/lib/train/file/local.rb

@@ -15,6 +15,12 @@ module Train
         nil
       end
 
+      def content=(new_content)
+        ::File.open(@path, "w", encoding: "UTF-8") { |fp| fp.write(new_content) }
+
+        @content = new_content
+      end
+
       def link_path
         return nil unless symlink?
 

data/lib/train/file/remote/unix.rb

@@ -1,3 +1,4 @@
+require "base64" unless defined?(Base64)
 require "shellwords" unless defined?(Shellwords)
 
 module Train
@@ -19,6 +20,21 @@ module Train
             end
         end
 
+        def content=(new_content)
+          execute_result = @backend.run_command("base64 --help")
+          if execute_result.exit_status != 0
+            raise TransportError, "#{self.class} found no base64 binary for file writes"
+          end
+
+          unix_cmd = format("echo '%<base64>s' | base64 --decode > %<file>s",
+                            base64: Base64.strict_encode64(new_content),
+                            file: @spath)
+
+          @backend.run_command(unix_cmd)
+
+          @content = new_content
+        end
+
         def exist?
           @exist ||= begin
             f = @follow_symlink ? "" : " || test -L #{@spath}"

data/lib/train/file/remote/windows.rb

@@ -12,7 +12,7 @@ module Train
           @spath = path.gsub(/[<>"|?*]/, "")
         end
 
-        def basename(suffix = nil, sep = '\\')
+        def basename(suffix = nil, sep = "\\")
           super(suffix, sep)
         end
 
@@ -26,6 +26,16 @@ module Train
           @content
         end
 
+        def content=(new_content)
+          win_cmd = format('[IO.File]::WriteAllBytes("%<file>s", [Convert]::FromBase64String("%<base64>s"))',
+                           base64: Base64.strict_encode64(new_content),
+                           file: @spath)
+
+          @backend.run_command(win_cmd)
+
+          @content = new_content
+        end
+
         def exist?
           return @exist if defined?(@exist)
 

data/lib/train/options.rb

@@ -59,6 +59,9 @@ module Train
           default = hm[:default]
           if default.is_a? Proc
             res[field] = default.call(res)
+          elsif hm.key?(:coerce)
+            field_value = hm[:coerce].call(res)
+            res[field] = field_value.nil? ? default : field_value
           else
             res[field] = default
           end

data/lib/train/platforms/detect/helpers/os_common.rb

@@ -97,9 +97,16 @@ module Train::Platforms::Detect::Helpers
         return @cache[:cisco] = { version: m[2], model: m[1], type: "ios-xe" }
       end
 
+      # CSR 1000V (for example) does not specify model
+      m = res.match(/Cisco IOS XE Software, Version (\d+\.\d+\.\d+[A-Z]*)/)
+      unless m.nil?
+        return @cache[:cisco] = { version: m[1], type: "ios-xe" }
+      end
+
       m = res.match(/Cisco Nexus Operating System \(NX-OS\) Software/)
       unless m.nil?
         v = res[/^\s*system:\s+version (\d+\.\d+)/, 1]
+        v ||= res[/NXOS: version (\d+\.\d+)/, 1]
         return @cache[:cisco] = { version: v, type: "nexus" }
       end
 
@@ -122,7 +129,6 @@ module Train::Platforms::Detect::Helpers
     end
 
     def unix_uuid_from_machine_file
-      # require 'pry';binding.pry
       %W{
         /etc/chef/chef_guid
         #{ENV["HOME"]}/.chef/chef_guid

data/lib/train/platforms/detect/helpers/os_windows.rb

@@ -51,7 +51,7 @@ module Train::Platforms::Detect::Helpers
 
     def local_windows?
       @backend.class.to_s == "Train::Transports::Local::Connection" &&
-        ruby_host_os(/mswin|mingw32|windows/)
+        ruby_host_os(/mswin|mingw|windows/)
     end
 
     # reads os name and version from wmic

data/lib/train/platforms/detect/specifications/os.rb

@@ -74,6 +74,14 @@ module Train::Platforms::Detect::Specifications
         end
       end
 
+      declare_instance("ubios", "Ubiquiti UbiOS", "ubios") do
+        l_o_r = linux_os_release
+        if l_o_r && l_o_r["ID"] == "ubios"
+          @platform[:release] = l_o_r["VERSION_ID"]
+          true
+        end
+      end
+
       declare_instance("debian", "Debian Linux", "debian") do
         # if we get this far we have to be some type of debian
         @platform[:release] = unix_file_contents("/etc/debian_version").chomp
@@ -375,7 +383,7 @@ module Train::Platforms::Detect::Specifications
     def self.load_other
       plat.family("arista_eos").title("Arista EOS Family").in_family("os")
         .detect do
-          true
+          !@backend.run_command("show version").stdout.match(/Arista/).nil?
         end
 
       declare_instance("arista_eos", "Arista EOS", "arista_eos") do

data/lib/train/platforms/detect/uuid.rb

@@ -20,12 +20,13 @@ module Train::Platforms::Detect
       elsif @platform.windows?
         windows_uuid
       else
-        if @platform[:uuid_command]
+        # Checking "unknown" :uuid_command which is set for mock transport.
+        if @platform[:uuid_command] && !@platform[:uuid_command] == "unknown"
           result = @backend.run_command(@platform[:uuid_command])
           return uuid_from_string(result.stdout.chomp) if result.exit_status == 0 && !result.stdout.empty?
         end
 
-        raise "Could not find platform uuid! Please set a uuid_command for your platform."
+        raise Train::PlatformUuidDetectionFailed.new("Could not find platform uuid! Please set a uuid_command for your platform.")
       end
     end
   end

data/lib/train/plugins/base_connection.rb

@@ -1,6 +1,7 @@
 require_relative "../errors"
 require_relative "../extras"
 require_relative "../file"
+require "fileutils" unless defined?(FileUtils)
 require "logger"
 
 class Train::Plugins::Transport
@@ -161,6 +162,48 @@ class Train::Plugins::Transport
       @cache[:file][path] ||= file_via_connection(path, *args)
     end
 
+    # Uploads local files or directories to remote host.
+    #
+    # @param locals [Array<String>] paths to local files or directories
+    # @param remote [String] path to remote destination
+    # @raise [TransportFailed] if the files could not all be uploaded
+    #   successfully, which may vary by implementation
+    def upload(locals, remote)
+      unless file(remote).directory?
+        raise TransportError, "#{self.class} expects remote directory as second upload parameter"
+      end
+
+      Array(locals).each do |local|
+        new_content = File.read(local)
+        remote_file = File.join(remote, File.basename(local))
+
+        logger.debug("Attempting to upload '#{local}' as file #{remote_file}")
+
+        file(remote_file).content = new_content
+      end
+    end
+
+    # Download remote files or directories to local host.
+    #
+    # @param remotes [Array<String>] paths to remote files or directories
+    # @param local [String] path to local destination. If `local` is an
+    #   existing directory, `remote` will be downloaded into the directory
+    #   using its original name
+    # @raise [TransportFailed] if the files could not all be downloaded
+    #   successfully, which may vary by implementation
+    def download(remotes, local)
+      FileUtils.mkdir_p(File.dirname(local))
+
+      Array(remotes).each do |remote|
+        new_content = file(remote).content
+        local_file = File.join(local, File.basename(remote))
+
+        logger.debug("Attempting to download '#{remote}' as file #{local_file}")
+
+        File.open(local_file, "w") { |fp| fp.write(new_content) }
+      end
+    end
+
     # Builds a LoginCommand which can be used to open an interactive
     # session on the remote host.
     #

data/lib/train/transports/cisco_ios_connection.rb

@@ -29,6 +29,14 @@ class Train::Transports::SSH
       result.stdout.split(" ")[-1]
     end
 
+    def upload(locals, remote)
+      raise NotImplementedError, "#{self.class} does not implement #upload()"
+    end
+
+    def download(remotes, local)
+      raise NotImplementedError, "#{self.class} does not implement #download()"
+    end
+
     private
 
     def establish_connection

data/lib/train/transports/local.rb

@@ -39,6 +39,18 @@ module Train::Transports
         "local://"
       end
 
+      def upload(locals, remote)
+        FileUtils.mkdir_p(remote)
+
+        Array(locals).each do |local|
+          FileUtils.cp_r(local, remote)
+        end
+      end
+
+      def download(remotes, local)
+        upload(remotes, local)
+      end
+
       private
 
       def select_runner(options)
@@ -74,9 +86,9 @@ module Train::Transports
         end
       end
 
-      def run_command_via_connection(cmd, &_data_handler)
+      def run_command_via_connection(cmd, opts, &_data_handler)
         # Use the runner if it is available
-        return @runner.run_command(cmd) if defined?(@runner)
+        return @runner.run_command(cmd, opts) if defined?(@runner)
 
         # If we don't have a runner, such as at the beginning of setting up the
         # transport and performing the first few steps of OS detection, fall
@@ -103,13 +115,18 @@ module Train::Transports
           @cmd_wrapper = Local::CommandWrapper.load(connection, options)
         end
 
-        def run_command(cmd)
+        def run_command(cmd, opts = {})
           if defined?(@cmd_wrapper) && !@cmd_wrapper.nil?
             cmd = @cmd_wrapper.run(cmd)
           end
 
           res = Mixlib::ShellOut.new(cmd)
-          res.run_command
+          res.timeout = opts[:timeout]
+          begin
+            res.run_command
+          rescue Mixlib::ShellOut::CommandTimeout
+            raise Train::CommandTimeoutReached
+          end
           Local::CommandResult.new(res.stdout, res.stderr, res.exitstatus)
         end
 
@@ -126,7 +143,7 @@ module Train::Transports
           @powershell_cmd = powershell_cmd
         end
 
-        def run_command(script)
+        def run_command(script, opts)
           # Prevent progress stream from leaking into stderr
           script = "$ProgressPreference='SilentlyContinue';" + script
 
@@ -137,7 +154,12 @@ module Train::Transports
           cmd = "#{@powershell_cmd} -NoProfile -EncodedCommand #{base64_script}"
 
           res = Mixlib::ShellOut.new(cmd)
-          res.run_command
+          res.timeout = opts[:timeout]
+          begin
+            res.run_command
+          rescue Mixlib::ShellOut::CommandTimeout
+            raise Train::CommandTimeoutReached
+          end
           Local::CommandResult.new(res.stdout, res.stderr, res.exitstatus)
         end
 
@@ -164,11 +186,27 @@ module Train::Transports
         #         A command that succeeds without setting an exit code will have exitstatus 0
         #         A command that exits with an exit code will have that value as exitstatus
         #         A command that fails (e.g. throws exception) before setting an exit code will have exitstatus 1
-        def run_command(cmd)
+        def run_command(cmd, _opts)
           script = "$ProgressPreference='SilentlyContinue';" + cmd
           encoded_script = Base64.strict_encode64(script)
-          @pipe.puts(encoded_script)
-          @pipe.flush
+          # TODO: no way to safely implement timeouts here.
+          begin
+            @pipe.puts(encoded_script)
+            @pipe.flush
+          rescue Errno::EPIPE
+            # Retry once if the pipe went away
+            begin
+              # Maybe the pipe went away, but the server didn't? Reset it, to get a clean start.
+              close
+            rescue Errno::EIO
+              # Ignore - server already went away
+            end
+            @pipe = acquire_pipe
+            raise PipeError if @pipe.nil?
+
+            @pipe.puts(encoded_script)
+            @pipe.flush
+          end
           res = OpenStruct.new(JSON.parse(Base64.decode64(@pipe.readline)))
           Local::CommandResult.new(res.stdout, res.stderr, res.exitstatus)
         end
@@ -187,18 +225,16 @@ module Train::Transports
           @server_pid = start_pipe_server(pipe_name)
 
           # Ensure process is killed when the Train process exits
-          at_exit { close }
+          at_exit { close rescue Errno::EIO }
 
           pipe = nil
 
           # PowerShell needs time to create pipe.
           100.times do
-            begin
-              pipe = open("//./pipe/#{pipe_name}", "r+")
-              break
-            rescue
-              sleep 0.1
-            end
+            pipe = open("//./pipe/#{pipe_name}", "r+")
+            break
+          rescue
+            sleep 0.1
           end
 
           pipe
@@ -254,4 +290,4 @@ module Train::Transports
       end
     end
   end
-end
+end

data/lib/train/transports/ssh.rb

@@ -42,12 +42,12 @@ module Train::Transports
     include_options Train::Extras::CommandWrapper
 
     # common target configuration
-    option :host,      required: true
-    option :port,      default: 22, required: true
-    option :user,      default: "root", required: true
+    option :host, required: true
+    option :ssh_config_file, default: true
+    option :port, default: 22, coerce: proc { |v| read_options_from_ssh_config(v, :port) }, required: true
+    option :user, default: "root", coerce: proc { |v| read_options_from_ssh_config(v, :user) }, required: true
     option :key_files, default: nil
     option :password,  default: nil
-
     # additional ssh options
     option :keepalive, default: true
     option :keepalive_interval, default: 60
@@ -75,6 +75,7 @@ module Train::Transports
 
     # (see Base#connection)
     def connection(state = {}, &block)
+      apply_ssh_config_file(options[:host])
       opts = merge_options(options, state || {})
       validate_options(opts)
       conn_opts = connection_options(opts)
@@ -86,8 +87,40 @@ module Train::Transports
       end
     end
 
+    # Returns the ssh config option like user, port from config files
+    # Params options [Hash], option_type [String]
+    # Return String
+    def self.read_options_from_ssh_config(options, option_type)
+      files = options[:ssh_config_file].nil? || options[:ssh_config_file] == true ? Net::SSH::Config.default_files : options[:ssh_config_file]
+      config_options = Net::SSH::Config.for(options[:host], files)
+      config_options[option_type]
+    end
+
+    def apply_ssh_config_file(host)
+      files = options[:ssh_config_file] == true ? Net::SSH::Config.default_files : options[:ssh_config_file]
+      host_cfg = ssh_config_file_for_host(host, files)
+      host_cfg.each do |key, value|
+        # setting the key_files option to the private keys set in ssh config file
+        if key == :keys && options[:key_files].nil? && !host_cfg[:keys].nil? && options[:password].nil?
+          options[:key_files] = host_cfg[key]
+        elsif options[key].nil?
+          # Precedence is given to the option set by the user manually.
+          # And only assigning value to the option from the ssh config file when it is not set by the user
+          # in the option. When the option has a default value for e.g. option "keepalive_interval" has the "60" as the default
+          # value, then the default value will be used even though the value for "user" is present in the ssh
+          # config file. That is because the precedence is to the options set manually, and currently we don't have
+          # any way to differentiate between the value set by the user or is it the default. This has a future of improvement.
+          options[key] = host_cfg[key]
+        end
+      end
+    end
+
     private
 
+    def ssh_config_file_for_host(host, files)
+      Net::SSH::Config.for(host, files)
+    end
+
     def reusable_connection?(conn_opts)
       return false unless @connection_options
 
@@ -101,14 +134,18 @@ module Train::Transports
       key_files = Array(options[:key_files])
       options[:auth_methods] ||= ["none"]
 
-      unless key_files.empty?
-        options[:auth_methods].push("publickey")
+      # by default auth_methods has a default values [none publickey password keyboard-interactive]
+      # REF: https://github.com/net-ssh/net-ssh/blob/master/lib/net/ssh/authentication/session.rb#L48
+      if key_files.empty?
+        options[:auth_methods].delete("publickey")
+      else
         options[:keys_only] = true if options[:password].nil?
         options[:key_files] = key_files
       end
 
-      unless options[:password].nil?
-        options[:auth_methods].push("password", "keyboard-interactive")
+      if options[:password].nil?
+        options[:auth_methods].delete("password")
+        options[:auth_methods].delete("keyboard-interactive")
       end
 
       if options[:auth_methods] == ["none"]
@@ -123,6 +160,8 @@ module Train::Transports
         end
       end
 
+      options[:auth_methods] = options[:auth_methods].uniq
+
       if options[:pty]
         logger.warn("[SSH] PTY requested: stderr will be merged into stdout")
       end
@@ -178,6 +217,7 @@ module Train::Transports
         bastion_port: opts[:bastion_port],
         non_interactive: opts[:non_interactive],
         append_all_supported_algorithms: opts[:append_all_supported_algorithms],
+        config: options[:ssh_config_file],
         transport_options: opts,
       }
       # disable host key verification. The hash key and value to use
@@ -278,5 +318,6 @@ module Train::Transports
       yield @connection if block_given?
       @connection
     end
+
   end
 end

data/lib/train/transports/ssh_connection.rb

@@ -32,6 +32,10 @@ class Train::Transports::SSH
     attr_reader   :hostname
     attr_accessor :transport_options
 
+    # If we use the GNU timeout utility to timout a command server-side, it will
+    # exit with this status code if the command timed out.
+    GNU_TIMEOUT_EXIT_STATUS = 124
+
     def initialize(options)
       # Track IOS command retries to prevent infinite loop on IOError. This must
       # be done before `super()` because the parent runs detection commands.
@@ -321,9 +325,21 @@ class Train::Transports::SSH
         # wrap commands if that is configured
         cmd = @cmd_wrapper.run(cmd) if @cmd_wrapper
 
+        # Timeout the command if requested and able
+        if timeout && timeoutable?(cmd)
+          # if cmd start with sudo then we need to make sure the timeout should be prepend with sudo else actual timeout is not working.
+          if cmd.strip.split[0] == "sudo"
+            split_cmd = cmd.strip.split
+            split_cmd[0] = "sudo timeout #{timeout}s"
+            cmd = split_cmd.join(" ")
+          else
+            cmd = "timeout #{timeout}s #{cmd}"
+          end
+        end
+
         logger.debug("[SSH] #{self} cmd = #{cmd}")
 
-        if @transport_options[:pty] || timeout
+        if @transport_options[:pty]
           channel.request_pty do |_ch, success|
             raise Train::Transports::SSHPTYFailed, "Requesting PTY failed" unless success
           end
@@ -350,21 +366,30 @@ class Train::Transports::SSH
           end
         end
       end
+      session.loop
 
-      thr = Thread.new { session.loop }
-
-      if timeout
-        res = thr.join(timeout)
-        unless res
-          logger.debug("train ssh command '#{cmd}' reached requested timeout (#{timeout}s)")
-          session.channels.each_value { |c| c.eof!; c.close }
-          raise Train::CommandTimeoutReached.new "ssh command reached timeout (#{timeout}s)"
-        end
-      else
-        thr.join
+      if timeout && timeoutable?(cmd) && exit_status == GNU_TIMEOUT_EXIT_STATUS
+        logger.debug("train ssh command '#{cmd}' reached requested timeout (#{timeout}s)")
+        session.channels.each_value { |c| c.eof!; c.close }
+        raise Train::CommandTimeoutReached.new "ssh command reached timeout (#{timeout}s)"
       end
 
       [exit_status, stdout, stderr]
     end
+
+    # Returns true if we think we can attempt to timeout the command
+    def timeoutable?(cmd)
+      have_timeout_cli? && !cmd.include?("|") # Don't try to timeout a command that has pipes
+    end
+
+    # Returns true if the GNU timeout command is available
+    def have_timeout_cli?
+      return @have_timeout_cli unless @have_timeout_cli.nil?
+
+      res = session.exec!("timeout --version")
+      @have_timeout_cli = res.exitstatus == 0
+      logger.debug("train ssh have_timeout_cli status is '#{@have_timeout_cli}'")
+      @have_timeout_cli
+    end
   end
 end

data/lib/train/version.rb

@@ -2,5 +2,5 @@
 # Author:: Dominik Richter (<dominik.richter@gmail.com>)
 
 module Train
-  VERSION = "3.4.9".freeze
+  VERSION = "3.10.7".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: train-core
 version: !ruby/object:Gem::Version
-  version: 3.4.9
+  version: 3.10.7
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-27 00:00:00.000000000 Z
+date: 2022-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -87,7 +87,7 @@ dependencies:
         version: '1.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -97,7 +97,7 @@ dependencies:
         version: '1.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement
@@ -107,7 +107,7 @@ dependencies:
         version: '2.9'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -117,7 +117,7 @@ dependencies:
         version: '2.9'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '8.0'
 description: A minimal Train with a backends for ssh and winrm.
 email:
 - inspec@chef.io
@@ -181,7 +181,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="