Class: Puppet::Application::Lookup

Inherits:

Puppet::Application

• Object
• Puppet::Application
• Puppet::Application::Lookup

Defined in:

lib/puppet/application/lookup.rb

Constant Summary

RUN_HELP =

_("Run 'puppet lookup --help' for more details").freeze

DEEP_MERGE_OPTIONS =

'--knock-out-prefix, --sort-merged-arrays, and --merge-hash-arrays'

TRUSTED_INFORMATION_FACTS =

%w[hostname domain fqdn clientcert].freeze

Constants inherited from Puppet::Application

DOCPATTERN

Constants included from Util

Util::ALNUM, Util::ALPHA, Util::AbsolutePathPosix, Util::AbsolutePathWindows, Util::DEFAULT_POSIX_MODE, Util::DEFAULT_WINDOWS_MODE, Util::ESCAPED, Util::HEX, Util::HttpProxy, Util::PUPPET_STACK_INSERTION_FRAME, Util::RESERVED, Util::RFC_3986_URI_REGEX, Util::UNRESERVED, Util::UNSAFE

Constants included from Util::POSIX

Util::POSIX::LOCALE_ENV_VARS, Util::POSIX::USER_ENV_VARS

Constants included from Util::SymbolicFileMode

Util::SymbolicFileMode::SetGIDBit, Util::SymbolicFileMode::SetUIDBit, Util::SymbolicFileMode::StickyBit, Util::SymbolicFileMode::SymbolicMode, Util::SymbolicFileMode::SymbolicSpecialToBit

Instance Attribute Summary

Attributes inherited from Puppet::Application

#command_line, #options

Instance Method Summary

• #app_defaults ⇒ Object
• #generate_scope ⇒ Object
• #help ⇒ Object
• #main ⇒ Object
• #retrieve_node_facts(node, given_facts) ⇒ Object
• #setup ⇒ Object
• #setup_logs ⇒ Object
• #setup_terminuses ⇒ Object
• #summary ⇒ Object

Methods inherited from Puppet::Application

[], available_application_names, banner, clear!, clear?, clear_everything_for_tests, #configure_indirector_routes, controlled_run, #deprecate, #deprecated?, environment_mode, exit, find, get_environment_mode, #handle_logdest_arg, #handlearg, #initialize, #initialize_app_defaults, interrupted?, #log_runtime_environment, #name, option, option_parser_commands, #parse_options, #preinit, restart!, restart_requested?, #run, #run_command, run_mode, #set_log_level, stop!, stop_requested?, try_load_class

Methods included from Util

absolute_path?, benchmark, chuser, clear_environment, create_erb, default_env, deterministic_rand, deterministic_rand_int, exit_on_fail, format_backtrace_array, format_puppetstack_frame, get_env, get_environment, logmethods, merge_environment, path_to_uri, pretty_backtrace, replace_file, resolve_stackframe, rfc2396_escape, safe_posix_fork, set_env, skip_external_facts, symbolizehash, thinmark, uri_encode, uri_query_encode, uri_to_path, uri_unescape, which, withenv, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, groups_of, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::SymbolicFileMode

#display_mode, #normalize_symbolic_mode, #symbolic_mode_to_int, #valid_symbolic_mode?

Constructor Details

This class inherits a constructor from Puppet::Application

Instance Method Details

#app_defaults ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 62

def app_defaults
  super.merge({
                :facts_terminus => 'yaml'
              })
end

#generate_scope ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 337

def generate_scope
  if options[:node]
    node = options[:node]
  else
    node = Puppet[:node_name_value]

    # If we want to lookup the node we are currently on
    # we must returning these settings to their default values
    Puppet.settings[:facts_terminus] = 'facter'
  end

  fact_file = options[:fact_file]

  if fact_file
    if fact_file.end_with?('.json')
      given_facts = Puppet::Util::Json.load_file(fact_file)
    elsif fact_file.end_with?('.yml', '.yaml')
      given_facts = Puppet::Util::Yaml.safe_load_file(fact_file)
    else
      given_facts = Puppet::Util::Json.load_file_if_valid(fact_file)
      given_facts ||= Puppet::Util::Yaml.safe_load_file_if_valid(fact_file)
    end

    unless given_facts.instance_of?(Hash)
      raise _("Incorrectly formatted data in %{fact_file} given via the --facts flag (only accepts yaml and json files)") % { fact_file: fact_file }
    end

    if TRUSTED_INFORMATION_FACTS.any? { |key| given_facts.key? key }
      unless TRUSTED_INFORMATION_FACTS.all? { |key| given_facts.key? key }
        raise _("When overriding any of the %{trusted_facts_list} facts with %{fact_file} "\
                "given via the --facts flag, they must all be overridden.") % { fact_file: fact_file, trusted_facts_list: TRUSTED_INFORMATION_FACTS.join(',') }
      end
    end
  end

  if node.is_a?(Puppet::Node)
    node.add_extra_facts(given_facts) if given_facts
  else # to allow unit tests to pass a node instance
    facts = retrieve_node_facts(node, given_facts)
    ni = Puppet::Node.indirection
    tc = ni.terminus_class
    if options[:compile]
      if tc == :plain
        node = ni.find(node, facts: facts, environment: Puppet[:environment])
      else
        begin
          service = Puppet.runtime[:http]
          session = service.create_session
          cert = session.route_to(:ca)

          _, x509 = cert.get_certificate(node)
          cert = OpenSSL::X509::Certificate.new(x509)
          Puppet::SSL::Oids.register_puppet_oids
          trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
          Puppet.override(trusted_information: trusted) do
            node = ni.find(node, facts: facts, environment: Puppet[:environment])
          end
        rescue
          Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
          node = ni.find(node, facts: facts, environment: Puppet[:environment])
        end
      end
    else
      ni.terminus_class = :plain
      node = ni.find(node, facts: facts, environment: Puppet[:environment])
      ni.terminus_class = tc
    end
  end
  node.environment = Puppet[:environment] if Puppet.settings.set_by_cli?(:environment)
  Puppet[:code] = 'undef' unless options[:compile]
  compiler = Puppet::Parser::Compiler.new(node)
  if options[:node]
    Puppet::Util.skip_external_facts do
      compiler.compile { |catalog| yield(compiler.topscope); catalog }
    end
  else
    compiler.compile { |catalog| yield(compiler.topscope); catalog }
  end
end

#help ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 106

def help
  <<~HELP

    puppet-lookup(8) -- #{summary}
    ========

    SYNOPSIS
    --------
    Does Hiera lookups from the command line.

    Since this command needs access to your Hiera data, make sure to run it on a
    node that has a copy of that data. This usually means logging into a Puppet
    Server node and running 'puppet lookup' with sudo.

    The most common version of this command is:

    'puppet lookup <KEY> --node <NAME> --environment <ENV> --explain'

    USAGE
    -----
    puppet lookup [--help] [--type <TYPESTRING>] [--merge first|unique|hash|deep]
      [--knock-out-prefix <PREFIX-STRING>] [--sort-merged-arrays]
      [--merge-hash-arrays] [--explain] [--environment <ENV>]
      [--default <VALUE>] [--node <NODE-NAME>] [--facts <FILE>]
      [--compile]
      [--render-as s|json|yaml|binary|msgpack] <keys>

    DESCRIPTION
    -----------
    The lookup command is a CLI for Puppet's 'lookup()' function. It searches your
    Hiera data and returns a value for the requested lookup key, so you can test and
    explore your data. It is a modern replacement for the 'hiera' command.
    Lookup uses the setting for global hiera.yaml from puppet's config,
    and the environment to find the environment level hiera.yaml as well as the
    resulting modulepath for the environment (for hiera.yaml files in modules).
    Hiera usually relies on a node's facts to locate the relevant data sources. By
    default, 'puppet lookup' uses facts from the node you run the command on, but
    you can get data for any other node with the '--node <NAME>' option. If
    possible, the lookup command will use the requested node's real stored facts
    from PuppetDB; if PuppetDB isn't configured or you want to provide arbitrary
    fact values, you can pass alternate facts as a JSON or YAML file with '--facts
    <FILE>'.

    If you're debugging your Hiera data and want to see where values are coming
    from, use the '--explain' option.

    If '--explain' isn't specified, lookup exits with 0 if a value was found and 1
    otherwise. With '--explain', lookup always exits with 0 unless there is a major
    error.

    You can provide multiple lookup keys to this command, but it only returns a
    value for the first found key, omitting the rest.

    For more details about how Hiera works, see the Hiera documentation:
    https://puppet.com/docs/puppet/latest/hiera_intro.html

    OPTIONS
    -------

    * --help:
      Print this help message.

    * --explain
      Explain the details of how the lookup was performed and where the final value
      came from (or the reason no value was found).

    * --node <NODE-NAME>
      Specify which node to look up data for; defaults to the node where the command
      is run. Since Hiera's purpose is to provide different values for different
      nodes (usually based on their facts), you'll usually want to use some specific
      node's facts to explore your data. If the node where you're running this
      command is configured to talk to PuppetDB, the command will use the requested
      node's most recent facts. Otherwise, you can override facts with the '--facts'
      option.

    * --facts <FILE>
      Specify a .json or .yaml file of key => value mappings to override the facts
      for this lookup. Any facts not specified in this file maintain their
      original value.

    * --environment <ENV>
      Like with most Puppet commands, you can specify an environment on the command
      line. This is important for lookup because different environments can have
      different Hiera data. This environment will be always be the one used regardless
      of any other factors.

    * --merge first|unique|hash|deep:
      Specify the merge behavior, overriding any merge behavior from the data's
      lookup_options. 'first' returns the first value found. 'unique' appends
      everything to a merged, deduplicated array. 'hash' performs a simple hash
      merge by overwriting keys of lower lookup priority. 'deep' performs a deep
      merge on values of Array and Hash type. There are additional options that can
      be used with 'deep'.

    * --knock-out-prefix <PREFIX-STRING>
      Can be used with the 'deep' merge strategy. Specifies a prefix to indicate a
      value should be removed from the final result.

    * --sort-merged-arrays
      Can be used with the 'deep' merge strategy. When this flag is used, all
      merged arrays are sorted.

    * --merge-hash-arrays
      Can be used with the 'deep' merge strategy. When this flag is used, hashes
      WITHIN arrays are deep-merged with their counterparts by position.

    * --explain-options
      Explain whether a lookup_options hash affects this lookup, and how that hash
      was assembled. (lookup_options is how Hiera configures merge behavior in data.)

    * --default <VALUE>
      A value to return if Hiera can't find a value in data. For emulating calls to
      the 'lookup()' function that include a default.

    * --type <TYPESTRING>:
      Assert that the value has the specified type. For emulating calls to the
      'lookup()' function that include a data type.

    * --compile
      Perform a full catalog compilation prior to the lookup. If your hierarchy and
      data only use the $facts, $trusted, and $server_facts variables, you don't
      need this option; however, if your Hiera configuration uses arbitrary
      variables set by a Puppet manifest, you might need this option to get accurate
      data. No catalog compilation takes place unless this flag is given.

    * --render-as s|json|yaml|binary|msgpack
      Specify the output format of the results; "s" means plain text. The default
      when producing a value is yaml and the default when producing an explanation
      is s.

    EXAMPLE
    -------
      To look up 'key_name' using the Puppet Server node's facts:
      $ puppet lookup key_name

      To look up 'key_name' using the Puppet Server node's arbitrary variables from a manifest, and
      classify the node if applicable:
      $ puppet lookup key_name --compile

      To look up 'key_name' using the Puppet Server node's facts, overridden by facts given in a file:
      $ puppet lookup key_name --facts fact_file.yaml

      To look up 'key_name' with agent.local's facts:
      $ puppet lookup --node agent.local key_name

      To get the first value found for 'key_name_one' and 'key_name_two'
      with agent.local's facts while merging values and knocking out
      the prefix 'foo' while merging:
      $ puppet lookup --node agent.local --merge deep --knock-out-prefix foo key_name_one key_name_two

      To lookup 'key_name' with agent.local's facts, and return a default value of
      'bar' if nothing was found:
      $ puppet lookup --node agent.local --default bar key_name

      To see an explanation of how the value for 'key_name' would be found, using
      agent.local's facts:
      $ puppet lookup --node agent.local --explain key_name

    COPYRIGHT
    ---------
    Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License


  HELP
end

#main ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 272

def main
  keys = command_line.args

  if (options[:sort_merged_arrays] || options[:merge_hash_arrays] || options[:prefix]) && options[:merge] != 'deep'
    raise _("The options %{deep_merge_opts} are only available with '--merge deep'\n%{run_help}") % { deep_merge_opts: DEEP_MERGE_OPTIONS, run_help: RUN_HELP }
  end

  use_default_value = !options[:default_value].nil?
  merge_options = nil

  merge = options[:merge]
  unless merge.nil?
    strategies = Puppet::Pops::MergeStrategy.strategy_keys
    unless strategies.include?(merge.to_sym)
      strategies = strategies.map { |k| "'#{k}'" }
      raise _("The --merge option only accepts %{strategies}, or %{last_strategy}\n%{run_help}") % { strategies: strategies[0...-1].join(', '), last_strategy: strategies.last, run_help: RUN_HELP }
    end

    if merge == 'deep'
      merge_options = { 'strategy' => 'deep',
                        'sort_merged_arrays' => !options[:sort_merged_arrays].nil?,
                        'merge_hash_arrays' => !options[:merge_hash_arrays].nil? }

      if options[:prefix]
        merge_options['knockout_prefix'] = options[:prefix]
      end

    else
      merge_options = { 'strategy' => merge }
    end
  end

  explain_data = !!options[:explain]
  explain_options = !!options[:explain_options]
  only_explain_options = explain_options && !explain_data
  if keys.empty?
    if only_explain_options
      # Explain lookup_options for lookup of an unqualified value.
      keys = Puppet::Pops::Lookup::GLOBAL
    else
      raise _('No keys were given to lookup.')
    end
  end
  explain = explain_data || explain_options

  # Format defaults to text (:s) when producing an explanation and :yaml when producing the value
  format = options[:render_as] || (explain ? :s : :yaml)
  renderer = Puppet::Network::FormatHandler.format(format)
  raise _("Unknown rendering format '%{format}'") % { format: format } if renderer.nil?

  generate_scope do |scope|
    lookup_invocation = Puppet::Pops::Lookup::Invocation.new(scope, {}, {}, explain ? Puppet::Pops::Lookup::Explainer.new(explain_options, only_explain_options) : nil)
    begin
      type = options.include?(:type) ? Puppet::Pops::Types::TypeParser.singleton.parse(options[:type], scope) : nil
      result = Puppet::Pops::Lookup.lookup(keys, type, options[:default_value], use_default_value, merge_options, lookup_invocation)
      puts renderer.render(result) unless explain
    rescue Puppet::DataBinding::LookupError => e
      lookup_invocation.report_text { e.message }
      exit(1) unless explain
    end
    puts format == :s ? lookup_invocation.explainer.explain : renderer.render(lookup_invocation.explainer.to_hash) if explain
  end
  exit(0)
end

#retrieve_node_facts(node, given_facts) ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 417

def retrieve_node_facts(node, given_facts)
  facts = Puppet::Node::Facts.indirection.find(node, :environment => Puppet.lookup(:current_environment))

  facts = Puppet::Node::Facts.new(node, {}) if facts.nil?
  facts.add_extra_values(given_facts) if given_facts

  if facts.values.empty?
    raise _("No facts available for target node: %{node}") % { node: node }
  end

  facts
end

#setup ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 86

def setup
  setup_logs

  exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?

  if options[:node]
    Puppet::Util.skip_external_facts do
      Puppet.settings.use :main, :server, :ssl, :metrics
    end
  else
    Puppet.settings.use :main, :server, :ssl, :metrics
  end

  setup_terminuses
end

#setup_logs ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 68

def setup_logs
  # This sets up logging based on --debug or --verbose if they are set in `options`
  set_log_level

  # This uses console for everything that is not a compilation
  Puppet::Util::Log.newdestination(:console)
end

#setup_terminuses ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 76

def setup_terminuses
  require_relative '../../puppet/file_serving/content'
  require_relative '../../puppet/file_serving/metadata'

  Puppet::FileServing::Content.indirection.terminus_class = :file_server
  Puppet::FileServing::Metadata.indirection.terminus_class = :file_server

  Puppet::FileBucket::File.indirection.terminus_class = :file
end

#summary ⇒ Object

# File 'lib/puppet/application/lookup.rb', line 102

def summary
  _("Interactive Hiera lookup")
end