Class: Puppet::Application::Lookup

Inherits:
Puppet::Application show all
Defined in:
lib/puppet/application/lookup.rb

Constant Summary collapse

RUN_HELP =
_("Run 'puppet lookup --help' for more details").freeze
DEEP_MERGE_OPTIONS =
'--knock-out-prefix, --sort-merged-arrays, and --merge-hash-arrays'.freeze
TRUSTED_INFORMATION_FACTS =
["hostname", "domain", "fqdn", "clientcert"].freeze

Constants inherited from Puppet::Application

DOCPATTERN

Constants included from Util

Util::ALNUM, Util::ALPHA, Util::AbsolutePathPosix, Util::AbsolutePathWindows, Util::DEFAULT_POSIX_MODE, Util::DEFAULT_WINDOWS_MODE, Util::ESCAPED, Util::HEX, Util::HttpProxy, Util::PUPPET_STACK_INSERTION_FRAME, Util::RESERVED, Util::RFC_3986_URI_REGEX, Util::UNRESERVED, Util::UNSAFE

Constants included from Util::POSIX

Util::POSIX::LOCALE_ENV_VARS, Util::POSIX::USER_ENV_VARS

Constants included from Util::SymbolicFileMode

Util::SymbolicFileMode::SetGIDBit, Util::SymbolicFileMode::SetUIDBit, Util::SymbolicFileMode::StickyBit, Util::SymbolicFileMode::SymbolicMode, Util::SymbolicFileMode::SymbolicSpecialToBit

Instance Attribute Summary

Attributes inherited from Puppet::Application

#command_line, #options

Instance Method Summary collapse

Methods inherited from Puppet::Application

[], available_application_names, banner, clear!, clear?, clear_everything_for_tests, #configure_indirector_routes, controlled_run, #deprecate, #deprecated?, environment_mode, exit, find, get_environment_mode, #handle_logdest_arg, #handlearg, #initialize, #initialize_app_defaults, interrupted?, #log_runtime_environment, #name, option, option_parser_commands, #parse_options, #preinit, restart!, restart_requested?, #run, #run_command, run_mode, #set_log_level, stop!, stop_requested?, try_load_class

Methods included from Util

absolute_path?, benchmark, chuser, clear_environment, default_env, deterministic_rand, deterministic_rand_int, exit_on_fail, format_backtrace_array, format_puppetstack_frame, get_env, get_environment, logmethods, merge_environment, path_to_uri, pretty_backtrace, replace_file, resolve_stackframe, rfc2396_escape, safe_posix_fork, set_env, skip_external_facts, symbolizehash, thinmark, uri_encode, uri_query_encode, uri_to_path, uri_unescape, which, withenv, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, groups_of, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::SymbolicFileMode

#display_mode, #normalize_symbolic_mode, #symbolic_mode_to_int, #valid_symbolic_mode?

Constructor Details

This class inherits a constructor from Puppet::Application

Instance Method Details

#app_defaultsObject


61
62
63
64
65
# File 'lib/puppet/application/lookup.rb', line 61

def app_defaults
  super.merge({
    :facts_terminus => 'yaml'
  })
end

#generate_scopeObject


340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
# File 'lib/puppet/application/lookup.rb', line 340

def generate_scope
  if options[:node]
    node = options[:node]
  else
    node = Puppet[:node_name_value]

    # If we want to lookup the node we are currently on
    # we must returning these settings to their default values
    Puppet.settings[:facts_terminus] = 'facter'
  end

  fact_file = options[:fact_file]

  if fact_file
    if fact_file.end_with?('.json')
      given_facts = Puppet::Util::Json.load_file(fact_file)
    elsif fact_file.end_with?('.yml', '.yaml')
      given_facts = Puppet::Util::Yaml.safe_load_file(fact_file)
    else
      given_facts = Puppet::Util::Json.load_file_if_valid(fact_file)
      given_facts = Puppet::Util::Yaml.safe_load_file_if_valid(fact_file) unless given_facts
    end

    unless given_facts.instance_of?(Hash)
      raise _("Incorrectly formatted data in %{fact_file} given via the --facts flag (only accepts yaml and json files)") % { fact_file: fact_file }
    end

    if TRUSTED_INFORMATION_FACTS.any? { |key| given_facts.key? key }
      unless TRUSTED_INFORMATION_FACTS.all? { |key| given_facts.key? key }
        raise _("When overriding any of the %{trusted_facts_list} facts with %{fact_file} "\
          "given via the --facts flag, they must all be overridden.") % { fact_file: fact_file ,trusted_facts_list: TRUSTED_INFORMATION_FACTS.join(',')}
      end
    end
  end

  unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
    facts = retrieve_node_facts(node, given_facts) 
    if Puppet.settings.set_by_cli?('environment')
      node = Puppet::Node.new(node, :classes => nil, :parameters => nil, :facts => facts, :environment => Puppet.settings.value('environment'))
    else
      ni = Puppet::Node.indirection
      tc = ni.terminus_class
      if options[:compile]
        if tc == :plain
          node = ni.find(node, facts: facts)
        else
          begin
            service = Puppet.runtime[:http]
            session = service.create_session
            cert = session.route_to(:ca)

            _, x509 = cert.get_certificate(node)
            cert = OpenSSL::X509::Certificate.new(x509)
            Puppet::SSL::Oids.register_puppet_oids
            trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
            Puppet.override(trusted_information: trusted) do
              node = ni.find(node, facts: facts)
            end
          rescue
            Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
            node = ni.find(node, facts: facts)
          end
        end
      else
        ni.terminus_class = :plain
        node = ni.find(node, facts: facts)
        ni.terminus_class = tc
      end
    end
  else
    node.add_extra_facts(given_facts) if given_facts
  end

  Puppet[:code] = 'undef' unless options[:compile]
  compiler = Puppet::Parser::Compiler.new(node)
  if options[:node]
    Puppet::Util.skip_external_facts do
      compiler.compile { |catalog| yield(compiler.topscope); catalog }
    end
  else
    compiler.compile { |catalog| yield(compiler.topscope); catalog }
  end
end

#helpObject


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
# File 'lib/puppet/application/lookup.rb', line 105

def help
  <<-HELP

puppet-lookup(8) -- #{summary}
========

SYNOPSIS
--------
Does Hiera lookups from the command line.

Since this command needs access to your Hiera data, make sure to run it on a
node that has a copy of that data. This usually means logging into a Puppet
Server node and running 'puppet lookup' with sudo.

The most common version of this command is:

'puppet lookup <KEY> --node <NAME> --environment <ENV> --explain'

USAGE
-----
puppet lookup [--help] [--type <TYPESTRING>] [--merge first|unique|hash|deep]
[--knock-out-prefix <PREFIX-STRING>] [--sort-merged-arrays]
[--merge-hash-arrays] [--explain] [--environment <ENV>]
[--default <VALUE>] [--node <NODE-NAME>] [--facts <FILE>]
[--compile]
[--render-as s|json|yaml|binary|msgpack] <keys>

DESCRIPTION
-----------
The lookup command is a CLI for Puppet's 'lookup()' function. It searches your
Hiera data and returns a value for the requested lookup key, so you can test and
explore your data. It is a modern replacement for the 'hiera' command.
Lookup uses the setting for global hiera.yaml from puppet's config,
and the environment to find the environment level hiera.yaml as well as the
resulting modulepath for the environment (for hiera.yaml files in modules).
Hiera usually relies on a node's facts to locate the relevant data sources. By
default, 'puppet lookup' uses facts from the node you run the command on, but
you can get data for any other node with the '--node <NAME>' option. If
possible, the lookup command will use the requested node's real stored facts
from PuppetDB; if PuppetDB isn't configured or you want to provide arbitrary
fact values, you can pass alternate facts as a JSON or YAML file with '--facts
<FILE>'.

If you're debugging your Hiera data and want to see where values are coming
from, use the '--explain' option.

If '--explain' isn't specified, lookup exits with 0 if a value was found and 1
otherwise. With '--explain', lookup always exits with 0 unless there is a major
error.

You can provide multiple lookup keys to this command, but it only returns a
value for the first found key, omitting the rest.

For more details about how Hiera works, see the Hiera documentation:
https://puppet.com/docs/puppet/latest/hiera_intro.html

OPTIONS
-------

* --help:
Print this help message.

* --explain
Explain the details of how the lookup was performed and where the final value
came from (or the reason no value was found).

* --node <NODE-NAME>
Specify which node to look up data for; defaults to the node where the command
is run. Since Hiera's purpose is to provide different values for different
nodes (usually based on their facts), you'll usually want to use some specific
node's facts to explore your data. If the node where you're running this
command is configured to talk to PuppetDB, the command will use the requested
node's most recent facts. Otherwise, you can override facts with the '--facts'
option.

* --facts <FILE>
Specify a .json or .yaml file of key => value mappings to override the facts
for this lookup. Any facts not specified in this file maintain their
original value.

* --environment <ENV>
Like with most Puppet commands, you can specify an environment on the command
line. This is important for lookup because different environments can have
different Hiera data. This environment will be always be the one used regardless
of any other factors.

* --merge first|unique|hash|deep:
Specify the merge behavior, overriding any merge behavior from the data's
lookup_options. 'first' returns the first value found. 'unique' appends
everything to a merged, deduplicated array. 'hash' performs a simple hash
merge by overwriting keys of lower lookup priority. 'deep' performs a deep
merge on values of Array and Hash type. There are additional options that can
be used with 'deep'.

* --knock-out-prefix <PREFIX-STRING>
Can be used with the 'deep' merge strategy. Specifies a prefix to indicate a
value should be removed from the final result.

* --sort-merged-arrays
Can be used with the 'deep' merge strategy. When this flag is used, all
merged arrays are sorted.

* --merge-hash-arrays
Can be used with the 'deep' merge strategy. When this flag is used, hashes
WITHIN arrays are deep-merged with their counterparts by position.

* --explain-options
Explain whether a lookup_options hash affects this lookup, and how that hash
was assembled. (lookup_options is how Hiera configures merge behavior in data.)

* --default <VALUE>
A value to return if Hiera can't find a value in data. For emulating calls to
the 'lookup()' function that include a default.

* --type <TYPESTRING>:
Assert that the value has the specified type. For emulating calls to the
'lookup()' function that include a data type.

* --compile
Perform a full catalog compilation prior to the lookup. If your hierarchy and
data only use the $facts, $trusted, and $server_facts variables, you don't
need this option; however, if your Hiera configuration uses arbitrary
variables set by a Puppet manifest, you might need this option to get accurate
data. No catalog compilation takes place unless this flag is given.

* --render-as s|json|yaml|binary|msgpack
Specify the output format of the results; "s" means plain text. The default
when producing a value is yaml and the default when producing an explanation
is s.

EXAMPLE
-------
To look up 'key_name' using the Puppet Server node's facts:
$ puppet lookup key_name

To look up 'key_name' using the Puppet Server node's arbitrary variables from a manifest, and 
classify the node if applicable:
$ puppet lookup key_name --compile

To look up 'key_name' using the Puppet Server node's facts, overridden by facts given in a file:
$ puppet lookup key_name --facts fact_file.yaml

To look up 'key_name' with agent.local's facts:
$ puppet lookup --node agent.local key_name

To get the first value found for 'key_name_one' and 'key_name_two'
with agent.local's facts while merging values and knocking out
the prefix 'foo' while merging:
$ puppet lookup --node agent.local --merge deep --knock-out-prefix foo key_name_one key_name_two

To lookup 'key_name' with agent.local's facts, and return a default value of
'bar' if nothing was found:
$ puppet lookup --node agent.local --default bar key_name

To see an explanation of how the value for 'key_name' would be found, using
agent.local's facts:
$ puppet lookup --node agent.local --explain key_name

COPYRIGHT
---------
Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License


  HELP
end

#mainObject


271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
# File 'lib/puppet/application/lookup.rb', line 271

def main
  keys = command_line.args

  #unless options[:node]
  #  raise "No node was given via the '--node' flag for the scope of the lookup.\n#{RUN_HELP}"
  #end

  if (options[:sort_merged_arrays] || options[:merge_hash_arrays] || options[:prefix]) && options[:merge] != 'deep'
    raise _("The options %{deep_merge_opts} are only available with '--merge deep'\n%{run_help}") % { deep_merge_opts: DEEP_MERGE_OPTIONS, run_help: RUN_HELP }
  end

  use_default_value = !options[:default_value].nil?
  merge_options = nil

  merge = options[:merge]
  unless merge.nil?
    strategies = Puppet::Pops::MergeStrategy.strategy_keys
    unless strategies.include?(merge.to_sym)
      strategies = strategies.map {|k| "'#{k}'"}
      raise _("The --merge option only accepts %{strategies}, or %{last_strategy}\n%{run_help}") % { strategies: strategies[0...-1].join(', '), last_strategy: strategies.last, run_help: RUN_HELP }
    end

    if merge == 'deep'
      merge_options = {'strategy' => 'deep',
        'sort_merged_arrays' => !options[:sort_merged_arrays].nil?,
        'merge_hash_arrays' => !options[:merge_hash_arrays].nil?}

      if options[:prefix]
        merge_options['knockout_prefix'] = options[:prefix]
      end

    else
      merge_options = {'strategy' => merge}
    end
  end

  explain_data = !!options[:explain]
  explain_options = !!options[:explain_options]
  only_explain_options = explain_options && !explain_data
  if keys.empty?
    if only_explain_options
      # Explain lookup_options for lookup of an unqualified value.
      keys = Puppet::Pops::Lookup::GLOBAL
    else
      raise _('No keys were given to lookup.')
    end
  end
  explain = explain_data || explain_options

  # Format defaults to text (:s) when producing an explanation and :yaml when producing the value
  format = options[:render_as] || (explain ? :s : :yaml)
  renderer = Puppet::Network::FormatHandler.format(format)
  raise _("Unknown rendering format '%{format}'") % { format: format } if renderer.nil?

  generate_scope do |scope|
    lookup_invocation = Puppet::Pops::Lookup::Invocation.new(scope, {}, {}, explain ? Puppet::Pops::Lookup::Explainer.new(explain_options, only_explain_options) : nil)
    begin
      type = options.include?(:type) ? Puppet::Pops::Types::TypeParser.singleton.parse(options[:type], scope) : nil
      result = Puppet::Pops::Lookup.lookup(keys, type, options[:default_value], use_default_value, merge_options, lookup_invocation)
      puts renderer.render(result) unless explain
    rescue Puppet::DataBinding::LookupError => e
      lookup_invocation.report_text { e.message }
      exit(1) unless explain
    end
    puts format == :s ? lookup_invocation.explainer.explain : renderer.render(lookup_invocation.explainer.to_hash) if explain
  end
  exit(0)
end

#retrieve_node_facts(node, given_facts) ⇒ Object


424
425
426
427
428
429
430
431
432
433
434
# File 'lib/puppet/application/lookup.rb', line 424

def retrieve_node_facts(node, given_facts)
  facts = Puppet::Node::Facts.indirection.find(node, :environment => Puppet.lookup(:current_environment))

  facts = Puppet::Node::Facts.new(node, {}) if facts.nil?
  facts.add_extra_values(given_facts) if given_facts

  if facts.values.empty?
    raise _("No facts available for target node: %{node}") % { node: node}
  end
  facts
end

#setupObject


85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# File 'lib/puppet/application/lookup.rb', line 85

def setup
  setup_logs

  exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?

  if options[:node]
    Puppet::Util.skip_external_facts do
      Puppet.settings.use :main, :server, :ssl, :metrics
    end
  else
    Puppet.settings.use :main, :server, :ssl, :metrics
  end

  setup_terminuses
end

#setup_logsObject


67
68
69
70
71
72
73
# File 'lib/puppet/application/lookup.rb', line 67

def setup_logs
  # This sets up logging based on --debug or --verbose if they are set in `options`
  set_log_level

  # This uses console for everything that is not a compilation
  Puppet::Util::Log.newdestination(:console)
end

#setup_terminusesObject


75
76
77
78
79
80
81
82
83
# File 'lib/puppet/application/lookup.rb', line 75

def setup_terminuses
  require_relative '../../puppet/file_serving/content'
  require_relative '../../puppet/file_serving/metadata'

  Puppet::FileServing::Content.indirection.terminus_class = :file_server
  Puppet::FileServing::Metadata.indirection.terminus_class = :file_server

  Puppet::FileBucket::File.indirection.terminus_class = :file
end

#summaryObject


101
102
103
# File 'lib/puppet/application/lookup.rb', line 101

def summary
  _("Interactive Hiera lookup")
end