Class: Bolt::Transport::Sudoable::Connection

Inherits:

Object

• Object
• Bolt::Transport::Sudoable::Connection

Defined in:

lib/bolt/transport/sudoable/connection.rb

Direct Known Subclasses

Local::Shell, Bolt::Transport::SSH::Connection

Instance Attribute Summary

• #target ⇒ Object

  Returns the value of attribute target.

Instance Method Summary

• #build_sudoable_command_str(command_str, sudo_str, sudo_id, options) ⇒ Object

  A helper to build up a single string that contains all of the options for privilege escalation.

• #execute(*_args) ⇒ Object
• #initialize(target) ⇒ Connection constructor

  A new instance of Connection.

• #inject_interpreter(interpreter, command) ⇒ Object

  Returns string with the interpreter conditionally prepended.

• #make_executable(path) ⇒ Object
• #make_tempdir ⇒ Object
• #prepend_sudo_success(sudo_id, command_str) ⇒ Object

  In the case where a task is run with elevated privilege and needs stdin a random string is echoed to stderr indicating that the stdin is available for task input data because the sudo password has already either been provided on stdin or was not needed.

• #run_as ⇒ Object

  This method allows the @run_as variable to be used as a per-operation override for the user to run as.

• #running_as(user) ⇒ Object

  Run as the specified user for the duration of the block.

• #with_tempdir ⇒ Object

  A helper to create and delete a tempdir on the remote system.

• #write_executable(dir, file, filename = nil) ⇒ Object

Constructor Details

#initialize(target) ⇒ Connection

Returns a new instance of Connection.

# File 'lib/bolt/transport/sudoable/connection.rb', line 10

def initialize(target)
  @target = target
  @run_as = nil
  @logger = Logging.logger[@target.safe_name]
end

Instance Attribute Details

#target ⇒ Object

Returns the value of attribute target.

# File 'lib/bolt/transport/sudoable/connection.rb', line 9

def target
  @target
end

Instance Method Details

#build_sudoable_command_str(command_str, sudo_str, sudo_id, options) ⇒ Object

A helper to build up a single string that contains all of the options for privilege escalation. A wrapper script is used to direct task input to stdin when a tty is allocated and thus we do not need to prepend_sudo_success when using the wrapper or when the task does not require stdin data.

# File 'lib/bolt/transport/sudoable/connection.rb', line 86

def build_sudoable_command_str(command_str, sudo_str, sudo_id, options)
  if options[:stdin] && !options[:wrapper]
    "#{sudo_str} #{prepend_sudo_success(sudo_id, command_str)}"
  else
    "#{sudo_str} #{command_str}"
  end
end

#execute(*_args) ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/bolt/transport/sudoable/connection.rb', line 69

def execute(*_args)
  message = "#{self.class.name} must implement #{method} to execute commands"
  raise NotImplementedError, message
end

#inject_interpreter(interpreter, command) ⇒ Object

Returns string with the interpreter conditionally prepended

# File 'lib/bolt/transport/sudoable/connection.rb', line 95

def inject_interpreter(interpreter, command)
  if interpreter
    if command.is_a?(Array)
      command.unshift(interpreter)
    else
      command = [interpreter, command]
    end
  end

  command.is_a?(String) ? command : Shellwords.shelljoin(command)
end

#make_executable(path) ⇒ Object

# File 'lib/bolt/transport/sudoable/connection.rb', line 31

def make_executable(path)
  result = execute(['chmod', 'u+x', path])
  if result.exit_code != 0
    message = "Could not make file '#{path}' executable: #{result.stderr.string}"
    raise Bolt::Node::FileError.new(message, 'CHMOD_ERROR')
  end
end

#make_tempdir ⇒ Object

# File 'lib/bolt/transport/sudoable/connection.rb', line 39

def make_tempdir
  tmpdir = @target.options.fetch('tmpdir', '/tmp')
  tmppath = "#{tmpdir}/#{SecureRandom.uuid}"
  command = ['mkdir', '-m', 700, tmppath]

  result = execute(command)
  if result.exit_code != 0
    raise Bolt::Node::FileError.new("Could not make tempdir: #{result.stderr.string}", 'TEMPDIR_ERROR')
  end
  path = tmppath || result.stdout.string.chomp
  Sudoable::Tmpdir.new(self, path)
end

#prepend_sudo_success(sudo_id, command_str) ⇒ Object

In the case where a task is run with elevated privilege and needs stdin a random string is echoed to stderr indicating that the stdin is available for task input data because the sudo password has already either been provided on stdin or was not needed.

# File 'lib/bolt/transport/sudoable/connection.rb', line 78

def prepend_sudo_success(sudo_id, command_str)
  "sh -c 'echo #{sudo_id} 1>&2; #{command_str}'"
end

#run_as ⇒ Object

This method allows the @run_as variable to be used as a per-operation override for the user to run as. When @run_as is unset, the user specified on the target will be used.

# File 'lib/bolt/transport/sudoable/connection.rb', line 19

def run_as
  @run_as || target.options['run-as']
end

#running_as(user) ⇒ Object

Run as the specified user for the duration of the block.

# File 'lib/bolt/transport/sudoable/connection.rb', line 24

def running_as(user)
  @run_as = user
  yield
ensure
  @run_as = nil
end

#with_tempdir ⇒ Object

A helper to create and delete a tempdir on the remote system. Yields the directory name.

# File 'lib/bolt/transport/sudoable/connection.rb', line 62

def with_tempdir
  dir = make_tempdir
  yield dir
ensure
  dir&.delete
end

#write_executable(dir, file, filename = nil) ⇒ Object

# File 'lib/bolt/transport/sudoable/connection.rb', line 52

def write_executable(dir, file, filename = nil)
  filename ||= File.basename(file)
  remote_path = File.join(dir.to_s, filename)
  copy_file(file, remote_path)
  make_executable(remote_path)
  remote_path
end