Class: Puppet::Application::Lookup

Inherits:
Puppet::Application show all
Defined in:
lib/puppet/application/lookup.rb

Constant Summary collapse

RUN_HELP = 
_("Run 'puppet lookup --help' for more details").freeze
DEEP_MERGE_OPTIONS = 
'--knock-out-prefix, --sort-merged-arrays, and --merge-hash-arrays'
TRUSTED_INFORMATION_FACTS = 
%w[hostname domain fqdn clientcert].freeze

Constants inherited from Puppet::Application

DOCPATTERN

Constants included from Util

Util::ALNUM, Util::ALPHA, Util::AbsolutePathPosix, Util::AbsolutePathWindows, Util::DEFAULT_POSIX_MODE, Util::DEFAULT_WINDOWS_MODE, Util::ESCAPED, Util::HEX, Util::HttpProxy, Util::PUPPET_STACK_INSERTION_FRAME, Util::RESERVED, Util::RFC_3986_URI_REGEX, Util::UNRESERVED, Util::UNSAFE

Constants included from Util::POSIX

Util::POSIX::LOCALE_ENV_VARS, Util::POSIX::USER_ENV_VARS

Constants included from Util::SymbolicFileMode

Util::SymbolicFileMode::SetGIDBit, Util::SymbolicFileMode::SetUIDBit, Util::SymbolicFileMode::StickyBit, Util::SymbolicFileMode::SymbolicMode, Util::SymbolicFileMode::SymbolicSpecialToBit

Instance Attribute Summary

Attributes inherited from Puppet::Application

#command_line, #options

Instance Method Summary collapse

Methods inherited from Puppet::Application

[], available_application_names, banner, clear!, clear?, clear_everything_for_tests, #configure_indirector_routes, controlled_run, #deprecate, #deprecated?, environment_mode, exit, find, get_environment_mode, #handle_logdest_arg, #handlearg, #initialize, #initialize_app_defaults, interrupted?, #log_runtime_environment, #name, option, option_parser_commands, #parse_options, #preinit, restart!, restart_requested?, #run, #run_command, run_mode, #set_log_level, stop!, stop_requested?, try_load_class

Methods included from Util

absolute_path?, benchmark, chuser, clear_environment, create_erb, default_env, deterministic_rand, deterministic_rand_int, exit_on_fail, format_backtrace_array, format_puppetstack_frame, get_env, get_environment, logmethods, merge_environment, path_to_uri, pretty_backtrace, replace_file, resolve_stackframe, rfc2396_escape, safe_posix_fork, set_env, skip_external_facts, symbolizehash, thinmark, uri_encode, uri_query_encode, uri_to_path, uri_unescape, which, withenv, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, groups_of, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::SymbolicFileMode

#display_mode, #normalize_symbolic_mode, #symbolic_mode_to_int, #valid_symbolic_mode?

Constructor Details

This class inherits a constructor from Puppet::Application

Instance Method Details

#app_defaultsObject 



63
64
65
66
67
 
# File 'lib/puppet/application/lookup.rb', line 63

def app_defaults
  super.merge({
                :facts_terminus => 'yaml'
              })
end

#generate_scopeObject 



338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
 
# File 'lib/puppet/application/lookup.rb', line 338

def generate_scope
  if options[:node]
    node = options[:node]
  else
    node = Puppet[:node_name_value]

    # If we want to lookup the node we are currently on
    # we must returning these settings to their default values
    Puppet.settings[:facts_terminus] = 'facter'
  end

  fact_file = options[:fact_file]

  if fact_file
    if fact_file.end_with?('.json')
      given_facts = Puppet::Util::Json.load_file(fact_file)
    elsif fact_file.end_with?('.yml', '.yaml')
      given_facts = Puppet::Util::Yaml.safe_load_file(fact_file)
    else
      given_facts = Puppet::Util::Json.load_file_if_valid(fact_file)
      given_facts ||= Puppet::Util::Yaml.safe_load_file_if_valid(fact_file)
    end

    unless given_facts.instance_of?(Hash)
      raise _("Incorrectly formatted data in %{fact_file} given via the --facts flag (only accepts yaml and json files)") % { fact_file: fact_file }
    end

    if TRUSTED_INFORMATION_FACTS.any? { |key| given_facts.key? key }
      unless TRUSTED_INFORMATION_FACTS.all? { |key| given_facts.key? key }
        raise _("When overriding any of the %{trusted_facts_list} facts with %{fact_file} "\
                "given via the --facts flag, they must all be overridden.") % { fact_file: fact_file, trusted_facts_list: TRUSTED_INFORMATION_FACTS.join(',') }
      end
    end
  end

  if node.is_a?(Puppet::Node)
    node.add_extra_facts(given_facts) if given_facts
  else # to allow unit tests to pass a node instance
    facts = retrieve_node_facts(node, given_facts)
    ni = Puppet::Node.indirection
    tc = ni.terminus_class
    if options[:compile]
      if tc == :plain
        node = ni.find(node, facts: facts, environment: Puppet[:environment])
      else
        begin
          service = Puppet.runtime[:http]
          session = service.create_session
          cert = session.route_to(:ca)

          _, x509 = cert.get_certificate(node)
          cert = OpenSSL::X509::Certificate.new(x509)
          Puppet::SSL::Oids.register_puppet_oids
          trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
          Puppet.override(trusted_information: trusted) do
            node = ni.find(node, facts: facts, environment: Puppet[:environment])
          end
        rescue
          Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
          node = ni.find(node, facts: facts, environment: Puppet[:environment])
        end
      end
    else
      ni.terminus_class = :plain
      node = ni.find(node, facts: facts, environment: Puppet[:environment])
      ni.terminus_class = tc
    end
  end
  node.environment = Puppet[:environment] if Puppet.settings.set_by_cli?(:environment)
  node.add_server_facts(Puppet::Node::ServerFacts.load)
  Puppet[:code] = 'undef' unless options[:compile]
  compiler = Puppet::Parser::Compiler.new(node)
  if options[:node]
    Puppet::Util.skip_external_facts do
      compiler.compile { |catalog| yield(compiler.topscope); catalog }
    end
  else
    compiler.compile { |catalog| yield(compiler.topscope); catalog }
  end
end

#helpObject 



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
 
# File 'lib/puppet/application/lookup.rb', line 107

def help
  <<~HELP

    puppet-lookup(8) -- #{summary}
    ========

    SYNOPSIS
    --------
    Does Hiera lookups from the command line.

    Since this command needs access to your Hiera data, make sure to run it on a
    node that has a copy of that data. This usually means logging into a Puppet
    Server node and running 'puppet lookup' with sudo.

    The most common version of this command is:

    'puppet lookup <KEY> --node <NAME> --environment <ENV> --explain'

    USAGE
    -----
    puppet lookup [--help] [--type <TYPESTRING>] [--merge first|unique|hash|deep]
      [--knock-out-prefix <PREFIX-STRING>] [--sort-merged-arrays]
      [--merge-hash-arrays] [--explain] [--environment <ENV>]
      [--default <VALUE>] [--node <NODE-NAME>] [--facts <FILE>]
      [--compile]
      [--render-as s|json|yaml|binary|msgpack] <keys>

    DESCRIPTION
    -----------
    The lookup command is a CLI for Puppet's 'lookup()' function. It searches your
    Hiera data and returns a value for the requested lookup key, so you can test and
    explore your data. It is a modern replacement for the 'hiera' command.
    Lookup uses the setting for global hiera.yaml from puppet's config,
    and the environment to find the environment level hiera.yaml as well as the
    resulting modulepath for the environment (for hiera.yaml files in modules).
    Hiera usually relies on a node's facts to locate the relevant data sources. By
    default, 'puppet lookup' uses facts from the node you run the command on, but
    you can get data for any other node with the '--node <NAME>' option. If
    possible, the lookup command will use the requested node's real stored facts
    from PuppetDB; if PuppetDB isn't configured or you want to provide arbitrary
    fact values, you can pass alternate facts as a JSON or YAML file with '--facts
    <FILE>'.

    If you're debugging your Hiera data and want to see where values are coming
    from, use the '--explain' option.

    If '--explain' isn't specified, lookup exits with 0 if a value was found and 1
    otherwise. With '--explain', lookup always exits with 0 unless there is a major
    error.

    You can provide multiple lookup keys to this command, but it only returns a
    value for the first found key, omitting the rest.

    For more details about how Hiera works, see the Hiera documentation:
    https://puppet.com/docs/puppet/latest/hiera_intro.html

    OPTIONS
    -------

    * --help:
      Print this help message.

    * --explain
      Explain the details of how the lookup was performed and where the final value
      came from (or the reason no value was found).

    * --node <NODE-NAME>
      Specify which node to look up data for; defaults to the node where the command
      is run. Since Hiera's purpose is to provide different values for different
      nodes (usually based on their facts), you'll usually want to use some specific
      node's facts to explore your data. If the node where you're running this
      command is configured to talk to PuppetDB, the command will use the requested
      node's most recent facts. Otherwise, you can override facts with the '--facts'
      option.

    * --facts <FILE>
      Specify a .json or .yaml file of key => value mappings to override the facts
      for this lookup. Any facts not specified in this file maintain their
      original value.

    * --environment <ENV>
      Like with most Puppet commands, you can specify an environment on the command
      line. This is important for lookup because different environments can have
      different Hiera data. This environment will be always be the one used regardless
      of any other factors.

    * --merge first|unique|hash|deep:
      Specify the merge behavior, overriding any merge behavior from the data's
      lookup_options. 'first' returns the first value found. 'unique' appends
      everything to a merged, deduplicated array. 'hash' performs a simple hash
      merge by overwriting keys of lower lookup priority. 'deep' performs a deep
      merge on values of Array and Hash type. There are additional options that can
      be used with 'deep'.

    * --knock-out-prefix <PREFIX-STRING>
      Can be used with the 'deep' merge strategy. Specifies a prefix to indicate a
      value should be removed from the final result.

    * --sort-merged-arrays
      Can be used with the 'deep' merge strategy. When this flag is used, all
      merged arrays are sorted.

    * --merge-hash-arrays
      Can be used with the 'deep' merge strategy. When this flag is used, hashes
      WITHIN arrays are deep-merged with their counterparts by position.

    * --explain-options
      Explain whether a lookup_options hash affects this lookup, and how that hash
      was assembled. (lookup_options is how Hiera configures merge behavior in data.)

    * --default <VALUE>
      A value to return if Hiera can't find a value in data. For emulating calls to
      the 'lookup()' function that include a default.

    * --type <TYPESTRING>:
      Assert that the value has the specified type. For emulating calls to the
      'lookup()' function that include a data type.

    * --compile
      Perform a full catalog compilation prior to the lookup. If your hierarchy and
      data only use the $facts, $trusted, and $server_facts variables, you don't
      need this option; however, if your Hiera configuration uses arbitrary
      variables set by a Puppet manifest, you might need this option to get accurate
      data. No catalog compilation takes place unless this flag is given.

    * --render-as s|json|yaml|binary|msgpack
      Specify the output format of the results; "s" means plain text. The default
      when producing a value is yaml and the default when producing an explanation
      is s.

    EXAMPLE
    -------
      To look up 'key_name' using the Puppet Server node's facts:
      $ puppet lookup key_name

      To look up 'key_name' using the Puppet Server node's arbitrary variables from a manifest, and
      classify the node if applicable:
      $ puppet lookup key_name --compile

      To look up 'key_name' using the Puppet Server node's facts, overridden by facts given in a file:
      $ puppet lookup key_name --facts fact_file.yaml

      To look up 'key_name' with agent.local's facts:
      $ puppet lookup --node agent.local key_name

      To get the first value found for 'key_name_one' and 'key_name_two'
      with agent.local's facts while merging values and knocking out
      the prefix 'foo' while merging:
      $ puppet lookup --node agent.local --merge deep --knock-out-prefix foo key_name_one key_name_two

      To lookup 'key_name' with agent.local's facts, and return a default value of
      'bar' if nothing was found:
      $ puppet lookup --node agent.local --default bar key_name

      To see an explanation of how the value for 'key_name' would be found, using
      agent.local's facts:
      $ puppet lookup --node agent.local --explain key_name

    COPYRIGHT
    ---------
    Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License


  HELP
end

#mainObject 



273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
 
# File 'lib/puppet/application/lookup.rb', line 273

def main
  keys = command_line.args

  if (options[:sort_merged_arrays] || options[:merge_hash_arrays] || options[:prefix]) && options[:merge] != 'deep'
    raise _("The options %{deep_merge_opts} are only available with '--merge deep'\n%{run_help}") % { deep_merge_opts: DEEP_MERGE_OPTIONS, run_help: RUN_HELP }
  end

  use_default_value = !options[:default_value].nil?
  merge_options = nil

  merge = options[:merge]
  unless merge.nil?
    strategies = Puppet::Pops::MergeStrategy.strategy_keys
    unless strategies.include?(merge.to_sym)
      strategies = strategies.map { |k| "'#{k}'" }
      raise _("The --merge option only accepts %{strategies}, or %{last_strategy}\n%{run_help}") % { strategies: strategies[0...-1].join(', '), last_strategy: strategies.last, run_help: RUN_HELP }
    end

    if merge == 'deep'
      merge_options = { 'strategy' => 'deep',
                        'sort_merged_arrays' => !options[:sort_merged_arrays].nil?,
                        'merge_hash_arrays' => !options[:merge_hash_arrays].nil? }

      if options[:prefix]
        merge_options['knockout_prefix'] = options[:prefix]
      end

    else
      merge_options = { 'strategy' => merge }
    end
  end

  explain_data = !!options[:explain]
  explain_options = !!options[:explain_options]
  only_explain_options = explain_options && !explain_data
  if keys.empty?
    if only_explain_options
      # Explain lookup_options for lookup of an unqualified value.
      keys = Puppet::Pops::Lookup::GLOBAL
    else
      raise _('No keys were given to lookup.')
    end
  end
  explain = explain_data || explain_options

  # Format defaults to text (:s) when producing an explanation and :yaml when producing the value
  format = options[:render_as] || (explain ? :s : :yaml)
  renderer = Puppet::Network::FormatHandler.format(format)
  raise _("Unknown rendering format '%{format}'") % { format: format } if renderer.nil?

  generate_scope do |scope|
    lookup_invocation = Puppet::Pops::Lookup::Invocation.new(scope, {}, {}, explain ? Puppet::Pops::Lookup::Explainer.new(explain_options, only_explain_options) : nil)
    begin
      type = options.include?(:type) ? Puppet::Pops::Types::TypeParser.singleton.parse(options[:type], scope) : nil
      result = Puppet::Pops::Lookup.lookup(keys, type, options[:default_value], use_default_value, merge_options, lookup_invocation)
      puts renderer.render(result) unless explain
    rescue Puppet::DataBinding::LookupError => e
      lookup_invocation.report_text { e.message }
      exit(1) unless explain
    end
    puts format == :s ? lookup_invocation.explainer.explain : renderer.render(lookup_invocation.explainer.to_hash) if explain
  end
  exit(0)
end

#retrieve_node_facts(node, given_facts) ⇒ Object 



419
420
421
422
423
424
425
426
427
428
429
430
 
# File 'lib/puppet/application/lookup.rb', line 419

def retrieve_node_facts(node, given_facts)
  facts = Puppet::Node::Facts.indirection.find(node, :environment => Puppet.lookup(:current_environment))

  facts = Puppet::Node::Facts.new(node, {}) if facts.nil?
  facts.add_extra_values(given_facts) if given_facts

  if facts.values.empty?
    raise _("No facts available for target node: %{node}") % { node: node }
  end

  facts
end

#setupObject 



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/puppet/application/lookup.rb', line 87

def setup
  setup_logs

  exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?

  if options[:node]
    Puppet::Util.skip_external_facts do
      Puppet.settings.use :main, :server, :ssl, :metrics
    end
  else
    Puppet.settings.use :main, :server, :ssl, :metrics
  end

  setup_terminuses
end

#setup_logsObject 



69
70
71
72
73
74
75
 
# File 'lib/puppet/application/lookup.rb', line 69

def setup_logs
  # This sets up logging based on --debug or --verbose if they are set in `options`
  set_log_level

  # This uses console for everything that is not a compilation
  Puppet::Util::Log.newdestination(:console)
end

#setup_terminusesObject 



77
78
79
80
81
82
83
84
85
 
# File 'lib/puppet/application/lookup.rb', line 77

def setup_terminuses
  require_relative '../../puppet/file_serving/content'
  require_relative '../../puppet/file_serving/metadata'

  Puppet::FileServing::Content.indirection.terminus_class = :file_server
  Puppet::FileServing::Metadata.indirection.terminus_class = :file_server

  Puppet::FileBucket::File.indirection.terminus_class = :file
end

#summaryObject 



103
104
105
 
# File 'lib/puppet/application/lookup.rb', line 103

def summary
  _("Interactive Hiera lookup")
end