Module: Puppet::TrustedExternal

Defined in:
lib/puppet/trusted_external.rb

Overview

A method for retrieving external trusted facts

Class Method Summary collapse

Class Method Details

.fetch_data(command, certname) ⇒ Object


33
34
35
36
37
38
39
# File 'lib/puppet/trusted_external.rb', line 33

def fetch_data(command, certname)
  result = Puppet::Util::Execution.execute([command, certname], {
    :combine => false,
    :failonfail => true,
  })
  JSON.parse(result)
end

.retrieve(certname) ⇒ Object


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/puppet/trusted_external.rb', line 3

def retrieve(certname)
  command = Puppet[:trusted_external_command]
  return nil unless command
  Puppet.debug { _("Retrieving trusted external data from %{command}") % {command: command} }
  setting_type = Puppet.settings.setting(:trusted_external_command).type
  if setting_type == :file
    return fetch_data(command, certname)
  end
  # command is a directory. Thus, data is a hash of <basename> => <data> for
  # each executable file in command. For example, if the files 'servicenow.rb',
  # 'unicorn.sh' are in command, then data is the following hash:
  #   { 'servicenow' => <servicenow.rb output>, 'unicorn' => <unicorn.sh output> }
  data = {}
  Puppet::FileSystem.children(command).each do |file|
    abs_path = Puppet::FileSystem.expand_path(file)
    executable_file = Puppet::FileSystem.file?(abs_path) && Puppet::FileSystem.executable?(abs_path)
    unless executable_file
      Puppet.debug { _("Skipping non-executable file %{file}")  % { file: abs_path } }
      next
    end
    basename = file.basename(file.extname).to_s
    unless data[basename].nil?
      raise Puppet::Error, _("There is more than one '%{basename}' script in %{dir}") % { basename: basename, dir: command }
    end
    data[basename] = fetch_data(abs_path, certname)
  end
  data
end