pyinfra 0.11.dev3__py3-none-any.whl → 3.5.1__py3-none-any.whl

pyinfra/facts/postgres.py

@@ -0,0 +1,178 @@
+from __future__ import annotations
+
+from typing_extensions import override
+
+from pyinfra.api import FactBase, MaskString, QuoteString, StringCommand
+from pyinfra.api.util import try_int
+
+from .util.databases import parse_columns_and_rows
+
+
+def make_psql_command(
+    database: str | None = None,
+    user: str | None = None,
+    password: str | None = None,
+    host: str | None = None,
+    port: str | int | None = None,
+    executable="psql",
+) -> StringCommand:
+    target_bits: list[str] = []
+
+    if password:
+        target_bits.append(MaskString('PGPASSWORD="{0}"'.format(password)))
+
+    target_bits.append(executable)
+
+    if database:
+        target_bits.append("-d {0}".format(database))
+
+    if user:
+        target_bits.append("-U {0}".format(user))
+
+    if host:
+        target_bits.append("-h {0}".format(host))
+
+    if port:
+        target_bits.append("-p {0}".format(port))
+
+    return StringCommand(*target_bits)
+
+
+def make_execute_psql_command(command, **psql_kwargs):
+    return StringCommand(
+        make_psql_command(**psql_kwargs),
+        "-Ac",
+        QuoteString(command),  # quote this whole item as a single shell argument
+    )
+
+
+class PostgresFactBase(FactBase):
+    abstract = True
+
+    psql_command: str
+
+    @override
+    def requires_command(self, *args, **kwargs):
+        return "psql"
+
+    @override
+    def command(
+        self,
+        psql_user=None,
+        psql_password=None,
+        psql_host=None,
+        psql_port=None,
+        psql_database=None,
+    ):
+        return make_execute_psql_command(
+            self.psql_command,
+            user=psql_user,
+            password=psql_password,
+            host=psql_host,
+            port=psql_port,
+            database=psql_database,
+        )
+
+
+class PostgresRoles(PostgresFactBase):
+    """
+    Returns a dict of PostgreSQL roles and data:
+
+    .. code:: python
+
+        {
+            "pyinfra": {
+                "super": true,
+                "createrole": false,
+                "createdb": false,
+                ...
+            },
+        }
+    """
+
+    default = dict
+    psql_command = "SELECT * FROM pg_catalog.pg_roles"
+
+    @override
+    def process(self, output):
+        # Remove the last line of the output (row count)
+        output = output[:-1]
+        rows = parse_columns_and_rows(
+            output,
+            "|",
+            # Remove the "rol" prefix on column names
+            remove_column_prefix="rol",
+        )
+
+        users = {}
+
+        for details in rows:
+            for key, value in list(details.items()):
+                if key in ("oid", "connlimit"):
+                    details[key] = try_int(value)
+
+                if key in (
+                    "super",
+                    "inherit",
+                    "createrole",
+                    "createdb",
+                    "canlogin",
+                    "replication",
+                    "bypassrls",
+                ):
+                    details[key] = value == "t"
+
+            users[details.pop("name")] = details
+
+        return users
+
+
+class PostgresDatabases(PostgresFactBase):
+    """
+    Returns a dict of PostgreSQL databases and metadata:
+
+    .. code:: python
+
+        {
+            "pyinfra_stuff": {
+                "encoding": "UTF8",
+                "collate": "en_US.UTF-8",
+                "ctype": "en_US.UTF-8",
+                ...
+            },
+        }
+    """
+
+    default = dict
+    psql_command = "SELECT pg_catalog.pg_encoding_to_char(encoding), *, pg_catalog.pg_get_userbyid(datdba) AS owner FROM pg_catalog.pg_database"  # noqa: E501
+
+    @override
+    def process(self, output):
+        # Remove the last line of the output (row count)
+        output = output[:-1]
+        rows = parse_columns_and_rows(
+            output,
+            "|",
+            # Remove the "dat" prefix on column names
+            remove_column_prefix="dat",
+        )
+
+        databases = {}
+
+        for details in rows:
+            details["encoding"] = details.pop("pg_encoding_to_char")
+            details["owner"] = details.pop("owner")
+            for key, value in list(details.items()):
+                if key.endswith("id") or key in (
+                    "dba",
+                    "tablespace",
+                    "connlimit",
+                ):
+                    details[key] = try_int(value)
+
+                if key in ("istemplate", "allowconn"):
+                    details[key] = value == "t"
+
+            databases[details.pop("name")] = details
+
+        return databases

pyinfra/facts/postgresql.py

@@ -1,152 +1,11 @@
-from pyinfra.api import FactBase
-from pyinfra.api.util import try_int
+from __future__ import annotations
 
-from .util.databases import parse_columns_and_rows
+from .postgres import PostgresDatabases, PostgresRoles
 
 
-def make_psql_command(
-    database=None,
-    user=None,
-    password=None,
-    host=None,
-    port=None,
-    executable='psql',
-):
-    target_bits = []
+class PostgresqlRoles(PostgresRoles):
+    deprecated = True
 
-    if password:
-        target_bits.append('PGPASSWORD="{0}"'.format(password))
 
-    target_bits.append(executable)
-
-    if database:
-        target_bits.append('-d {0}'.format(database))
-
-    if user:
-        target_bits.append('-U {0}'.format(user))
-
-    if host:
-        target_bits.append('-h {0}'.format(host))
-
-    if port:
-        target_bits.append('-p {0}'.format(port))
-
-    return ' '.join(target_bits)
-
-
-def make_execute_psql_command(command, **postgresql_kwargs):
-    return '{0} -Ac "{1}"'.format(
-        make_psql_command(**postgresql_kwargs),
-        command.replace('"', '\\"'),
-    )
-
-
-class PostgresqlFactBase(FactBase):
-    abstract = True
-
-    def command(
-        self,
-        postgresql_user=None, postgresql_password=None,
-        postgresql_host=None, postgresql_port=None,
-    ):
-        return make_execute_psql_command(
-            self.postgresql_command,
-            user=postgresql_user,
-            password=postgresql_password,
-            host=postgresql_host,
-            port=postgresql_port,
-        )
-
-
-class PostgresqlRoles(PostgresqlFactBase):
-    '''
-    Returns a dict of PostgreSQL roles and data:
-
-    .. code:: python
-
-        'pyinfra': {
-            'super': true,
-            'createrole': false,
-            'createdb': false,
-            ...
-        },
-        ...
-    '''
-
-    default = dict
-    postgresql_command = 'SELECT * FROM pg_catalog.pg_roles'
-
-    def process(self, output):
-        # Remove the last line of the output (row count)
-        output = output[:-1]
-        rows = parse_columns_and_rows(
-            output, '|',
-            # Remove the "rol" prefix on column names
-            remove_column_prefix='rol',
-        )
-
-        users = {}
-
-        for details in rows:
-            for key, value in list(details.items()):
-                if key in ('oid', 'connlimit'):
-                    details[key] = try_int(value)
-
-                if key in (
-                    'super', 'inherit', 'createrole', 'createdb',
-                    'canlogin', 'replication', 'bypassrls',
-                ):
-                    details[key] = value == 't'
-
-            users[details.pop('name')] = details
-
-        return users
-
-
-class PostgresqlDatabases(PostgresqlFactBase):
-    '''
-    Returns a dict of PostgreSQL databases and metadata:
-
-    .. code:: python
-
-        "pyinfra_stuff": {
-            "encoding": "UTF8",
-            "collate": "en_US.UTF-8",
-            "ctype": "en_US.UTF-8",
-            ...
-        },
-        ...
-    '''
-
-    default = dict
-    postgresql_command = '''
-        SELECT pg_catalog.pg_encoding_to_char(encoding), *
-        FROM pg_catalog.pg_database
-    '''
-
-    def process(self, output):
-        # Remove the last line of the output (row count)
-        output = output[:-1]
-        rows = parse_columns_and_rows(
-            output, '|',
-            # Remove the "dat" prefix on column names
-            remove_column_prefix='dat',
-        )
-
-        databases = {}
-
-        for details in rows:
-            details['encoding'] = details.pop('pg_encoding_to_char')
-
-            for key, value in list(details.items()):
-                if key.endswith('id') or key in (
-                    'dba', 'tablespace', 'connlimit',
-                ):
-                    details[key] = try_int(value)
-
-                if key in ('istemplate', 'allowconn'):
-                    details[key] = value == 't'
-
-            databases[details.pop('name')] = details
-
-        return databases
+class PostgresqlDatabases(PostgresDatabases):
+    deprecated = True

pyinfra/facts/rpm.py

@@ -0,0 +1,105 @@
+from __future__ import annotations
+
+import re
+import shlex
+
+from typing_extensions import override
+
+from pyinfra.api import FactBase
+
+from .util.packaging import parse_packages
+
+rpm_regex = r"^(\S+)\ (\S+)$"
+rpm_query_format = "%{NAME} %{VERSION}-%{RELEASE}\\n"
+
+
+class RpmPackages(FactBase):
+    """
+    Returns a dict of installed rpm packages:
+
+    .. code:: python
+
+        {
+            "package_name": ["version"],
+        }
+    """
+
+    @override
+    def command(self) -> str:
+        return "rpm --queryformat {0} -qa".format(shlex.quote(rpm_query_format))
+
+    @override
+    def requires_command(self) -> str:
+        return "rpm"
+
+    default = dict
+
+    @override
+    def process(self, output):
+        return parse_packages(rpm_regex, output)
+
+
+class RpmPackage(FactBase):
+    """
+    Returns information on a .rpm file:
+
+    .. code:: python
+
+        {
+            "name": "my_package",
+            "version": "1.0.0",
+        }
+    """
+
+    @override
+    def requires_command(self, package) -> str:
+        return "rpm"
+
+    @override
+    def command(self, package) -> str:
+        return (
+            "rpm --queryformat {0} -q {1} || "
+            "! test -e {1} || "
+            "rpm --queryformat {0} -qp {1} 2> /dev/null"
+        ).format(shlex.quote(rpm_query_format), shlex.quote(package))
+
+    @override
+    def process(self, output):
+        for line in output:
+            matches = re.match(rpm_regex, line)
+            if matches:
+                return {
+                    "name": matches.group(1),
+                    "version": matches.group(2),
+                }
+
+
+class RpmPackageProvides(FactBase):
+    """
+    Returns a list of packages that provide the specified capability (command, file, etc).
+    """
+
+    default = list
+
+    @override
+    def requires_command(self, *args, **kwargs) -> str:
+        return "repoquery"
+
+    @override
+    def command(self, package):
+        # Accept failure here (|| true) for invalid/unknown packages
+        return "repoquery --queryformat {0} --whatprovides {1} || true".format(
+            shlex.quote(rpm_query_format),
+            shlex.quote(package),
+        )
+
+    @override
+    def process(self, output):
+        packages = []
+
+        for line in output:
+            matches = re.match(rpm_regex, line)
+            if matches:
+                packages.append(list(matches.groups()))
+
+        return packages

pyinfra/facts/runit.py

@@ -0,0 +1,77 @@
+from typing_extensions import override
+
+from pyinfra.api import FactBase
+
+
+class RunitStatus(FactBase):
+    """
+    Returns a dict of name -> status for runit services.
+
+    + service: optionally check only for a single service
+    + svdir: alternative ``SVDIR``
+
+    .. code:: python
+
+        {
+            'agetty-tty1': True,     # service is running
+            'dhcpcd': False,         # service is down
+            'wpa_supplicant': None,  # service is managed, but not running or down,
+                                     # possibly in a fail state
+        }
+    """
+
+    default = dict
+
+    @override
+    def requires_command(self, *args, **kwargs) -> str:
+        return "sv"
+
+    @override
+    def command(self, service=None, svdir="/var/service") -> str:
+        if service is None:
+            return (
+                'export SVDIR="{0}" && '
+                'cd "$SVDIR" && find * -maxdepth 0 -exec sv status {{}} + 2>/dev/null'
+            ).format(svdir)
+        else:
+            return 'SVDIR="{0}" sv status "{1}"'.format(svdir, service)
+
+    @override
+    def process(self, output):
+        services = {}
+        for line in output:
+            statusstr, service, _ = line.split(sep=": ", maxsplit=2)
+            status = None
+
+            if statusstr == "run":
+                status = True
+            elif statusstr == "down":
+                status = False
+            # another observable state is "fail"
+            # report as ``None`` for now
+
+            services[service] = status
+
+        return services
+
+
+class RunitManaged(FactBase):
+    """
+    Returns a set of all services managed by runit
+
+    + service: optionally check only for a single service
+    + svdir: alternative ``SVDIR``
+    """
+
+    default = set
+
+    @override
+    def command(self, service=None, svdir="/var/service"):
+        if service is None:
+            return 'cd "{0}" && find -mindepth 1 -maxdepth 1 -type l -printf "%f\n"'.format(svdir)
+        else:
+            return 'cd "{0}" && test -h "{1}" && echo "{1}" || true'.format(svdir, service)
+
+    @override
+    def process(self, output):
+        return set(output)

pyinfra/facts/selinux.py

@@ -0,0 +1,161 @@
+from __future__ import annotations
+
+import re
+from collections import defaultdict
+
+from typing_extensions import override
+
+from pyinfra.api import FactBase
+
+FIELDS = ["user", "role", "type", "level"]  # order is significant, do not change
+
+
+class SEBoolean(FactBase):
+    """
+    Returns the status of a SELinux Boolean as a string (``on`` or ``off``).
+    If ``boolean`` does not exist, ``SEBoolean`` returns the empty string.
+    """
+
+    @override
+    def requires_command(self, boolean) -> str:
+        return "getsebool"
+
+    default = str
+
+    @override
+    def command(self, boolean):
+        return "getsebool {0}".format(boolean)
+
+    @override
+    def process(self, output):
+        components = output[0].split(" --> ")
+        return components[1]
+
+
+class FileContext(FactBase):
+    """
+    Returns structured SELinux file context data for a specified file
+    or ``None`` if the file does not exist.
+
+    .. code:: python
+
+        {
+            "user": "system_u",
+            "role": "object_r",
+            "type": "default_t",
+            "level": "s0",
+        }
+    """
+
+    @override
+    def command(self, path):
+        return "stat -c %C {0} || exit 0".format(path)
+
+    @override
+    def process(self, output):
+        context = {}
+        components = output[0].split(":")
+        context["user"] = components[0]
+        context["role"] = components[1]
+        context["type"] = components[2]
+        context["level"] = components[3]
+        return context
+
+
+class FileContextMapping(FactBase):
+    """
+    Returns structured SELinux file context data for the specified target path prefix
+    using the same format as :ref:`facts:selinux.FileContext`.
+    If there is no mapping, it returns ``{}``
+    Note: This fact requires root privileges.
+    """
+
+    default = dict
+
+    @override
+    def requires_command(self, target) -> str:
+        return "semanage"
+
+    @override
+    def command(self, target):
+        return "set -o pipefail && semanage fcontext -n -l | (grep '^{0}' || true)".format(target)
+
+    @override
+    def process(self, output):
+        # example output: /etc       all files          system_u:object_r:etc_t:s0
+        # but lines at end that won't match: /etc/systemd/system = /usr/lib/systemd/system
+        if len(output) != 1:
+            return self.default()
+        m = re.match(r"^.*\s+(\w+):(\w+):(\w+):(\w+)", output[0])
+        return {k: m.group(i) for i, k in enumerate(FIELDS, 1)} if m is not None else self.default()
+
+
+class SEPorts(FactBase):
+    """
+    Returns the SELinux 'type' definitions for ``(tcp|udp|dccp|sctp)`` ports.
+    Note: This fact requires root privileges.
+
+    .. code:: python
+
+        {
+            "tcp": { 22: "ssh_port_t", ...},
+            "udp": { ...}
+        }
+    """
+
+    default = dict
+    # example output: amqp_port_t                    tcp      15672, 5671-5672
+    _regex = re.compile(r"^([\w_]+)\s+(\w+)\s+([\w\-,\s]+)$")
+
+    @override
+    def requires_command(self) -> str:
+        return "semanage"
+
+    @override
+    def command(self):
+        return "semanage port -ln"
+
+    @override
+    def process(self, output):
+        labels: dict[str, dict] = defaultdict(dict)
+        for line in output:
+            m = SEPorts._regex.match(line)
+            if m is None:  # something went wrong
+                continue
+            if m.group(1) == "unreserved_port_t":  # these cover the entire space
+                continue
+            for item in m.group(3).split(","):
+                item = item.strip()
+                if "-" in item:
+                    pieces = item.split("-")
+                    start, stop = int(pieces[0]), int(pieces[1])
+                else:
+                    start = stop = int(item)
+                labels[m.group(2)].update({port: m.group(1) for port in range(start, stop + 1)})
+
+        return labels
+
+
+class SEPort(FactBase):
+    """
+    Returns the SELinux 'type' for the specified protocol ``(tcp|udp|dccp|sctp)`` and port number.
+    If no type has been set, ``SEPort`` returns the empty string.
+    Note: ``policycoreutils-dev`` must be installed for this to work.
+    """
+
+    default = str
+
+    @override
+    def requires_command(self, protocol, port) -> str:
+        return "sepolicy"
+
+    @override
+    def command(self, protocol, port):
+        return "(sepolicy network -p {0} 2>/dev/null || true) | grep {1}".format(port, protocol)
+
+    @override
+    def process(self, output):
+        # if type set, first line is specific and second is generic type for port range
+        # each rows in the format "22: tcp ssh_port_t 22"
+
+        return output[0].split(" ")[2] if len(output) > 1 else self.default()