Class: Puppet::Resource::Catalog::DiffCompiler

Inherits:

Indirector::Code

• Object
• Indirector::Code
• Puppet::Resource::Catalog::DiffCompiler

Includes:

Util

Defined in:

lib/puppet/indirector/catalog/diff_compiler.rb

Overview

This is almost the same as the Compiler indirection but it compiles two catalogs, one in a baseline environment (the one specified) by the regular way puppet determines the environment for a node, and once in a preview environment given as a request option.

Ideally, this would derive from the Compiler implementation, but it is too private and would require changes.

Instance Attribute Summary

• #code ⇒ Object

  Returns the value of attribute code.

Instance Method Summary

• #extract_facts_from_request(request) ⇒ Object
• #filter(catalog) ⇒ Object

  filter-out a catalog to remove exported resources.

• #find(request) ⇒ Object

  The find request should - change logging to json output (as directed by baseline-log option) - compile in the baseline (reqular) environment given by the node/infrastructure - write baseline catalog to file as directed by option - change logging to json output (as directed by preview-log option) - compile in the preview environment as directed by options - write preview catalog to file as directed by option - produce a diff (passing options to it from the request - write diff to file as directed by options.

• #initialize ⇒ DiffCompiler constructor

  A new instance of DiffCompiler.

• #networked? ⇒ Boolean

  Is our compiler part of a network, or are we just local?.

Constructor Details

#initialize ⇒ DiffCompiler

Returns a new instance of DiffCompiler.

# File 'lib/puppet/indirector/catalog/diff_compiler.rb', line 126

def initialize
  Puppet::Util::Profiler.profile('Setup server facts for compiling', [:diff_compiler, :init_server_facts]) do
    set_server_facts
  end
end

Instance Attribute Details

#code ⇒ Object

Returns the value of attribute code.

# File 'lib/puppet/indirector/catalog/diff_compiler.rb', line 20

def code
  @code
end

Instance Method Details

#extract_facts_from_request(request) ⇒ Object

# File 'lib/puppet/indirector/catalog/diff_compiler.rb', line 22

def extract_facts_from_request(request)
  return unless text_facts = request.options[:facts]
  unless format = request.options[:facts_format]
    raise ArgumentError, "Facts but no fact format provided for #{request.key}"
  end

  Puppet::Util::Profiler.profile('Found facts', [:compiler, :find_facts]) do
    # If the facts were encoded as yaml, then the param reconstitution system
    # in Network::HTTP::Handler will automagically deserialize the value.
    if text_facts.is_a?(Puppet::Node::Facts)
      facts = text_facts
    else
      # We unescape here because the corresponding code in Puppet::Configurer::FactHandler escapes
      facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts))
    end

    unless facts.name == request.key
      raise Puppet::Error, "Catalog for #{request.key.inspect} was requested with fact definition for the wrong node (#{facts.name.inspect})."
    end

    options = {
      :environment => request.environment,
      :transaction_uuid => request.options[:transaction_uuid],
    }

    Puppet::Node::Facts.indirection.save(facts, nil, options)
  end
end

#filter(catalog) ⇒ Object

filter-out a catalog to remove exported resources

# File 'lib/puppet/indirector/catalog/diff_compiler.rb', line 121

def filter(catalog)
  return catalog.filter { |r| r.virtual? } if catalog.respond_to?(:filter)
  catalog
end

#find(request) ⇒ Object

The find request should

• change logging to json output (as directed by baseline-log option)

• compile in the baseline (reqular) environment given by the node/infrastructure

• write baseline catalog to file as directed by option

• change logging to json output (as directed by preview-log option)

• compile in the preview environment as directed by options

• write preview catalog to file as directed by option

• produce a diff (passing options to it from the request

• write diff to file as directed by options

• return a hash of information

Compile a node’s catalog.

# File 'lib/puppet/indirector/catalog/diff_compiler.rb', line 64

def find(request)
  extract_facts_from_request(request)

  node = node_from_request(request)

  # Resurrect "trusted information" that comes from node/fact terminus.
  # The current way this is done in puppet db (currently the only one)
  # is to store the node parameter 'trusted' as a hash of the trusted information.
  #
  # Thus here there are two main cases:
  # 1. This terminus was used in a real agent call (only meaningful if someone curls the request as it would
  #  fail since the result is a hash of two catalogs).
  # 2  It is a command line call with a given node that use a terminus that:
  # 2.1 does not include a 'trusted' fact - use local from node trusted information
  # 2.2 has a 'trusted' fact - this in turn could be
  # 2.2.1 puppet db having stored trusted node data as a fact (not a great design)
  # 2.2.2 some other terminus having stored a fact called "trusted" (most likely that would have failed earlier, but could
  #       be spoofed).
  #
  # For the reasons above, the resurection of trusted node data with authenticated => true is only performed
  # if user is running as root, else it is resurrected as unauthenticated.
  #
  trusted_param = node.parameters['trusted']
  if trusted_param
    # Blows up if it is a parameter as it will be set as $trusted by the compiler as if it was a variable
    node.parameters.delete('trusted')
    if trusted_param.is_a?(Hash) && %w{authenticated certname extensions}.all? {|key| trusted_param.has_key?(key) }
      # looks like a hash of trusted data - resurrect it
      # Allow root to trust the authenticated information if option --trusted is given
      if ! (Puppet.features.root? && request.options[:trusted])
        # Set as not trusted - but keep the information
        trusted_param['authenticated'] = false
      end
    else
      # trusted is some kind of garbage, do not resurrect
      trusted_param = nil
    end
  else
    # trusted may be boolean false if set as a fact by someone
    trusted_param = nil
  end

  node.trusted_data = Puppet.lookup(:trusted_information) do
    # resurrect trusted param if set, else use a local node
    trusted_param || Puppet::Context::TrustedInformation.local(node).to_h
  end

  if catalog = compile(node, request.options)
    return catalog
  else
    # This shouldn't actually happen; we should either return
    # a config or raise an exception.
    return nil
  end
end

#networked? ⇒ Boolean

Is our compiler part of a network, or are we just local?

Returns:

• (Boolean)

# File 'lib/puppet/indirector/catalog/diff_compiler.rb', line 133

def networked?
  Puppet.run_mode.master?
end