aboutsummaryrefslogtreecommitdiff
path: root/lib/leap_cli/config
diff options
context:
space:
mode:
Diffstat (limited to 'lib/leap_cli/config')
-rw-r--r--lib/leap_cli/config/filter.rb151
-rw-r--r--lib/leap_cli/config/macros.rb514
-rw-r--r--lib/leap_cli/config/manager.rb149
-rw-r--r--lib/leap_cli/config/object.rb113
-rw-r--r--lib/leap_cli/config/object_list.rb90
-rw-r--r--lib/leap_cli/config/tag.rb7
6 files changed, 350 insertions, 674 deletions
diff --git a/lib/leap_cli/config/filter.rb b/lib/leap_cli/config/filter.rb
new file mode 100644
index 0000000..123533f
--- /dev/null
+++ b/lib/leap_cli/config/filter.rb
@@ -0,0 +1,151 @@
+#
+# Many leap_cli commands accept a list of filters to select a subset of nodes for the command to
+# be applied to. This class is a helper for manager to run these filters.
+#
+# Classes other than Manager should not use this class.
+#
+
+module LeapCli
+ module Config
+ class Filter
+
+ #
+ # filter -- array of strings, each one a filter
+ # options -- hash, possible keys include
+ # :nopin -- disregard environment pinning
+ # :local -- if false, disallow local nodes
+ #
+ def initialize(filters, options, manager)
+ @filters = filters.nil? ? [] : filters.dup
+ @environments = []
+ @options = options
+ @manager = manager
+
+ # split filters by pulling out items that happen
+ # to be environment names.
+ if LeapCli.leapfile.environment.nil? || @options[:nopin]
+ @environments = []
+ else
+ @environments = [LeapCli.leapfile.environment]
+ end
+ @filters.select! do |filter|
+ filter_text = filter.sub(/^\+/,'')
+ if is_environment?(filter_text)
+ if filter_text == LeapCli.leapfile.environment
+ # silently ignore already pinned environments
+ elsif (filter =~ /^\+/ || @filters.first == filter) && !@environments.empty?
+ LeapCli::Util.bail! do
+ LeapCli::Util.log "Environments are exclusive: no node is in two environments." do
+ LeapCli::Util.log "Tried to filter on '#{@environments.join('\' AND \'')}' AND '#{filter_text}'"
+ end
+ end
+ else
+ @environments << filter_text
+ end
+ false
+ else
+ true
+ end
+ end
+
+ # don't let the first filter have a + prefix
+ if @filters[0] =~ /^\+/
+ @filters[0] = @filters[0][1..-1]
+ end
+ end
+
+ # actually run the filter, returns a filtered list of nodes
+ def nodes()
+ if @filters.empty?
+ return nodes_for_empty_filter
+ else
+ return nodes_for_filter
+ end
+ end
+
+ private
+
+ def nodes_for_empty_filter
+ node_list = @manager.nodes
+ if @environments.any?
+ node_list = node_list[ @environments.collect{|e|[:environment, env_to_filter(e)]} ]
+ end
+ if @options[:local] === false
+ node_list = node_list[:environment => '!local']
+ end
+ node_list
+ end
+
+ def nodes_for_filter
+ node_list = Config::ObjectList.new
+ @filters.each do |filter|
+ if filter =~ /^\+/
+ keep_list = nodes_for_name(filter[1..-1])
+ node_list.delete_if do |name, node|
+ if keep_list[name]
+ false
+ else
+ true
+ end
+ end
+ else
+ node_list.merge!(nodes_for_name(filter))
+ end
+ end
+ node_list
+ end
+
+ private
+
+ #
+ # returns a set of nodes corresponding to a single name,
+ # where name could be a node name, service name, or tag name.
+ #
+ # For services and tags, we only include nodes for the
+ # environments that are active
+ #
+ def nodes_for_name(name)
+ if node = @manager.nodes[name]
+ return Config::ObjectList.new(node)
+ elsif @environments.empty?
+ if @manager.services[name]
+ return @manager.env('_all_').services[name].node_list
+ elsif @manager.tags[name]
+ return @manager.env('_all_').tags[name].node_list
+ else
+ LeapCli::Util.log :warning, "filter '#{name}' does not match any node names, tags, services, or environments."
+ return Config::ObjectList.new
+ end
+ else
+ node_list = Config::ObjectList.new
+ if @manager.services[name]
+ @environments.each do |env|
+ node_list.merge!(@manager.env(env).services[name].node_list)
+ end
+ elsif @manager.tags[name]
+ @environments.each do |env|
+ node_list.merge!(@manager.env(env).tags[name].node_list)
+ end
+ else
+ LeapCli::Util.log :warning, "filter '#{name}' does not match any node names, tags, services, or environments."
+ end
+ return node_list
+ end
+ end
+
+ #
+ # when pinning, we use the name 'default' to specify nodes
+ # without an environment set, but when filtering, we need to filter
+ # on :environment => nil.
+ #
+ def env_to_filter(environment)
+ environment == 'default' ? nil : environment
+ end
+
+ def is_environment?(text)
+ text == 'default' || @manager.environment_names.include?(text)
+ end
+
+ end
+ end
+end
diff --git a/lib/leap_cli/config/macros.rb b/lib/leap_cli/config/macros.rb
deleted file mode 100644
index 59453b0..0000000
--- a/lib/leap_cli/config/macros.rb
+++ /dev/null
@@ -1,514 +0,0 @@
-# encoding: utf-8
-#
-# MACROS
-# these are methods available when eval'ing a value in the .json configuration
-#
-# This module is included in Config::Object
-#
-
-require 'base32'
-
-module LeapCli; module Config
- module Macros
- ##
- ## NODES
- ##
-
- #
- # the list of all the nodes
- #
- def nodes
- global.nodes
- end
-
- #
- # grab an environment appropriate provider
- #
- def provider
- global.env(@node.environment).provider
- end
-
- #
- # returns a list of nodes that match the same environment
- #
- # if @node.environment is not set, we return other nodes
- # where environment is not set.
- #
- def nodes_like_me
- nodes[:environment => @node.environment]
- end
-
- #
- # returns a list of nodes that match the location name
- # and environment of @node.
- #
- def nodes_near_me
- if @node['location'] && @node['location']['name']
- nodes_like_me['location.name' => @node.location.name]
- else
- nodes_like_me['location' => nil]
- end
- end
-
- #
- #
- # picks a node out from the node list in such a way that:
- #
- # (1) which nodes picked which nodes is saved in secrets.json
- # (2) when other nodes call this macro with the same node list, they are guaranteed to get a different node
- # (3) if all the nodes in the pick_node list have been picked, remaining nodes are distributed randomly.
- #
- # if the node_list is empty, an exception is raised.
- # if node_list size is 1, then that node is returned and nothing is
- # memorized via the secrets.json file.
- #
- # `label` is needed to distinguish between pools of nodes for different purposes.
- #
- # TODO: more evenly balance after all the nodes have been picked.
- #
- def pick_node(label, node_list)
- if node_list.any?
- if node_list.size == 1
- return node_list.values.first
- else
- secrets_key = "pick_node(:#{label},#{node_list.keys.sort.join(',')})"
- secrets_value = @manager.secrets.retrieve(secrets_key, @node.environment) || {}
- secrets_value[@node.name] ||= begin
- node_to_pick = nil
- node_list.each_node do |node|
- next if secrets_value.values.include?(node.name)
- node_to_pick = node.name
- end
- node_to_pick ||= secrets_value.values.shuffle.first # all picked already, so pick a random one.
- node_to_pick
- end
- picked_node_name = secrets_value[@node.name]
- @manager.secrets.set(secrets_key, secrets_value, @node.environment)
- return node_list[picked_node_name]
- end
- else
- raise ArgumentError.new('pick_node(node_list): node_list cannot be empty')
- end
- end
-
- ##
- ## FILES
- ##
-
- class FileMissing < Exception
- attr_accessor :path, :options
- def initialize(path, options={})
- @path = path
- @options = options
- end
- def to_s
- @path
- end
- end
-
- #
- # inserts the contents of a file
- #
- def file(filename, options={})
- if filename.is_a? Symbol
- filename = [filename, @node.name]
- end
- filepath = Path.find_file(filename)
- if filepath
- if filepath =~ /\.erb$/
- ERB.new(File.read(filepath, :encoding => 'UTF-8'), nil, '%<>').result(binding)
- else
- File.read(filepath, :encoding => 'UTF-8')
- end
- else
- raise FileMissing.new(Path.named_path(filename), options)
- ""
- end
- end
-
- #
- # like #file, but allow missing files
- #
- def try_file(filename)
- return file(filename)
- rescue FileMissing
- return nil
- end
-
- #
- # returns what the file path will be, once the file is rsynced to the server.
- # an internal list of discovered file paths is saved, in order to rsync these files when needed.
- #
- # notes:
- #
- # * argument 'path' is relative to Path.provider/files or Path.provider_base/files
- # * the path returned by this method is absolute
- # * the path stored for use later by rsync is relative to Path.provider
- # * if the path does not exist locally, but exists in provider_base, then the default file from
- # provider_base is copied locally. this is required for rsync to work correctly.
- #
- def file_path(path)
- if path.is_a? Symbol
- path = [path, @node.name]
- end
- actual_path = Path.find_file(path)
- if actual_path.nil?
- Util::log 2, :skipping, "file_path(\"#{path}\") because there is no such file."
- nil
- else
- if actual_path =~ /^#{Regexp.escape(Path.provider_base)}/
- # if file is under Path.provider_base, we must copy the default file to
- # to Path.provider in order for rsync to be able to sync the file.
- local_provider_path = actual_path.sub(/^#{Regexp.escape(Path.provider_base)}/, Path.provider)
- FileUtils.mkdir_p File.dirname(local_provider_path), :mode => 0700
- FileUtils.install actual_path, local_provider_path, :mode => 0600
- Util.log :created, Path.relative_path(local_provider_path)
- actual_path = local_provider_path
- end
- if File.directory?(actual_path) && actual_path !~ /\/$/
- actual_path += '/' # ensure directories end with /, important for building rsync command
- end
- relative_path = Path.relative_path(actual_path)
- @node.file_paths << relative_path
- @node.manager.provider.hiera_sync_destination + '/' + relative_path
- end
- end
-
- #
- # inserts a named secret, generating it if needed.
- #
- # manager.export_secrets should be called later to capture any newly generated secrets.
- #
- # +length+ is the character length of the generated password.
- #
- def secret(name, length=32)
- @manager.secrets.set(name, Util::Secret.generate(length), @node[:environment])
- end
-
- # inserts a base32 encoded secret
- def base32_secret(name, length=20)
- @manager.secrets.set(name, Base32.encode(Util::Secret.generate(length)), @node[:environment])
- end
-
- # Picks a random obfsproxy port from given range
- def rand_range(name, range)
- @manager.secrets.set(name, rand(range), @node[:environment])
- end
-
- #
- # inserts an hexidecimal secret string, generating it if needed.
- #
- # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4)
- #
- def hex_secret(name, bit_length=128)
- @manager.secrets.set(name, Util::Secret.generate_hex(bit_length), @node[:environment])
- end
-
- #
- # return a fingerprint for a x509 certificate
- #
- def fingerprint(filename)
- "SHA256: " + X509.fingerprint("SHA256", Path.named_path(filename))
- end
-
- ##
- ## HOSTS
- ##
-
- #
- # records the list of hosts that are encountered for this node
- #
- def hostnames(nodes)
- @referenced_nodes ||= ObjectList.new
- nodes = listify(nodes)
- nodes.each_node do |node|
- @referenced_nodes[node.name] ||= node
- end
- return nodes.values.collect {|node| node.domain.name}
- end
-
- #
- # Generates entries needed for updating /etc/hosts on a node (as a hash).
- #
- # Argument `nodes` can be nil or a list of nodes. If nil, only include the
- # IPs of the other nodes this @node as has encountered (plus all mx nodes).
- #
- # Also, for virtual machines, we use the local address if this @node is in
- # the same location as the node in question.
- #
- # We include the ssh public key for each host, so that the hash can also
- # be used to generate the /etc/ssh/known_hosts
- #
- def hosts_file(nodes=nil)
- if nodes.nil?
- if @referenced_nodes && @referenced_nodes.any?
- nodes = @referenced_nodes
- nodes = nodes.merge(nodes_like_me[:services => 'mx']) # all nodes always need to communicate with mx nodes.
- end
- end
- return {} unless nodes
- hosts = {}
- my_location = @node['location'] ? @node['location']['name'] : nil
- nodes.each_node do |node|
- hosts[node.name] = {'ip_address' => node.ip_address, 'domain_internal' => node.domain.internal, 'domain_full' => node.domain.full}
- node_location = node['location'] ? node['location']['name'] : nil
- if my_location == node_location
- if facts = @node.manager.facts[node.name]
- if facts['ec2_public_ipv4']
- hosts[node.name]['ip_address'] = facts['ec2_public_ipv4']
- end
- end
- end
- host_pub_key = Util::read_file([:node_ssh_pub_key,node.name])
- if host_pub_key
- hosts[node.name]['host_pub_key'] = host_pub_key
- end
- end
- hosts
- end
-
- ##
- ## STUNNEL
- ##
-
- #
- # stunnel configuration for the client side.
- #
- # +node_list+ is a ObjectList of nodes running stunnel servers.
- #
- # +port+ is the real port of the ultimate service running on the servers
- # that the client wants to connect to.
- #
- # About ths stunnel puppet names:
- #
- # * accept_port is the port on localhost to which local clients
- # can connect. it is auto generated serially.
- # * connect_port is the port on the stunnel server to connect to.
- # it is auto generated from the +port+ argument.
- #
- # The network looks like this:
- #
- # |------ stunnel client ---------------| |--------- stunnel server -----------------------|
- # consumer app -> localhost:accept_port -> server:connect_port -> server:port -> service app
- #
- # generates an entry appropriate to be passed directly to
- # create_resources(stunnel::service, hiera('..'), defaults)
- #
- # local ports are automatically generated, starting at 4000
- # and incrementing in sorted order (by node name).
- #
- def stunnel_client(node_list, port, options={})
- @next_stunnel_port ||= 4000
- node_list = listify(node_list)
- hostnames(node_list) # record the hosts
- result = Config::ObjectList.new
- node_list.each_node do |node|
- if node.name != self.name || options[:include_self]
- result["#{node.name}_#{port}"] = Config::Object[
- 'accept_port', @next_stunnel_port,
- 'connect', node.domain.internal,
- 'connect_port', stunnel_port(port)
- ]
- @next_stunnel_port += 1
- end
- end
- result
- end
-
- #
- # generates a stunnel server entry.
- #
- # +port+ is the real port targeted service.
- #
- def stunnel_server(port)
- {"accept" => stunnel_port(port), "connect" => "127.0.0.1:#{port}"}
- end
-
- #
- # maps a real port to a stunnel port (used as the connect_port in the client config
- # and the accept_port in the server config)
- #
- def stunnel_port(port)
- port = port.to_i
- if port < 50000
- return port + 10000
- else
- return port - 10000
- end
- end
-
- ##
- ## HAPROXY
- ##
-
- #
- # creates a hash suitable for configuring haproxy. the key is the node name of the server we are proxying to.
- #
- # * node_list - a hash of nodes for the haproxy servers
- # * stunnel_client - contains the mappings to local ports for each server node.
- # * non_stunnel_port - in case self is included in node_list, the port to connect to.
- #
- # 1000 weight is used for nodes in the same location.
- # 100 otherwise.
- #
- def haproxy_servers(node_list, stunnel_clients, non_stunnel_port=nil)
- default_weight = 10
- local_weight = 100
-
- # record the hosts_file
- hostnames(node_list)
-
- # create a simple map for node name -> local stunnel accept port
- accept_ports = stunnel_clients.inject({}) do |hsh, stunnel_entry|
- name = stunnel_entry.first.sub /_[0-9]+$/, ''
- hsh[name] = stunnel_entry.last['accept_port']
- hsh
- end
-
- # if one the nodes in the node list is ourself, then there will not be a stunnel to it,
- # but we need to include it anyway in the haproxy config.
- if node_list[self.name] && non_stunnel_port
- accept_ports[self.name] = non_stunnel_port
- end
-
- # create the first pass of the servers hash
- servers = node_list.values.inject(Config::ObjectList.new) do |hsh, node|
- weight = default_weight
- if self['location'] && node['location']
- if self.location['name'] == node.location['name']
- weight = local_weight
- end
- end
- hsh[node.name] = Config::Object[
- 'backup', false,
- 'host', 'localhost',
- 'port', accept_ports[node.name] || 0,
- 'weight', weight
- ]
- hsh
- end
-
- # if there are some local servers, make the others backup
- if servers.detect{|k,v| v.weight == local_weight}
- servers.each do |k,server|
- server['backup'] = server['weight'] == default_weight
- end
- end
-
- return servers
- end
-
- ##
- ## SSH
- ##
-
- #
- # Creates a hash from the ssh key info in users directory, for use in
- # updating authorized_keys file. Additionally, the 'monitor' public key is
- # included, which is used by the monitor nodes to run particular commands
- # remotely.
- #
- def authorized_keys
- hash = {}
- keys = Dir.glob(Path.named_path([:user_ssh, '*']))
- keys.sort.each do |keyfile|
- ssh_type, ssh_key = File.read(keyfile, :encoding => 'UTF-8').strip.split(" ")
- name = File.basename(File.dirname(keyfile))
- hash[name] = {
- "type" => ssh_type,
- "key" => ssh_key
- }
- end
- ssh_type, ssh_key = File.read(Path.named_path(:monitor_pub_key), :encoding => 'UTF-8').strip.split(" ")
- hash[Leap::Platform.monitor_username] = {
- "type" => ssh_type,
- "key" => ssh_key
- }
- hash
- end
-
- #
- # this is not currently used, because we put key information in the 'hosts' hash.
- # see 'hosts_file()'
- #
- # def known_hosts_file(nodes=nil)
- # if nodes.nil?
- # if @referenced_nodes && @referenced_nodes.any?
- # nodes = @referenced_nodes
- # end
- # end
- # return nil unless nodes
- # entries = []
- # nodes.each_node do |node|
- # hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].join(',')
- # pub_key = Util::read_file([:node_ssh_pub_key,node.name])
- # if pub_key
- # entries << [hostnames, pub_key].join(' ')
- # end
- # end
- # entries.join("\n")
- # end
-
- ##
- ## UTILITY
- ##
-
- class AssertionFailed < Exception
- attr_accessor :assertion
- def initialize(assertion)
- @assertion = assertion
- end
- def to_s
- @assertion
- end
- end
-
- def assert(assertion)
- if instance_eval(assertion)
- true
- else
- raise AssertionFailed.new(assertion)
- end
- end
-
- #
- # applies a JSON partial to this node
- #
- def apply_partial(partial_path)
- manager.partials(partial_path).each do |partial_data|
- self.deep_merge!(partial_data)
- end
- end
-
- #
- # If at first you don't succeed, then it is time to give up.
- #
- # try{} returns nil if anything in the block throws an exception.
- #
- # You can wrap something that might fail in `try`, like so.
- #
- # "= try{ nodes[:services => 'tor'].first.ip_address } "
- #
- def try(&block)
- yield
- rescue NoMethodError
- nil
- end
-
- private
-
- #
- # returns a node list, if argument is not already one
- #
- def listify(node_list)
- if node_list.is_a? Config::ObjectList
- node_list
- elsif node_list.is_a? Config::Object
- Config::ObjectList.new(node_list)
- else
- raise ArgumentError, 'argument must be a node or node list, not a `%s`' % node_list.class, caller
- end
- end
-
- end
-end; end
diff --git a/lib/leap_cli/config/manager.rb b/lib/leap_cli/config/manager.rb
index 7b3fb27..be95831 100644
--- a/lib/leap_cli/config/manager.rb
+++ b/lib/leap_cli/config/manager.rb
@@ -20,6 +20,16 @@ module LeapCli
def initialize
@environments = {} # hash of `Environment` objects, keyed by name.
+
+ # load macros and other custom ruby in provider base
+ platform_ruby_files = Dir[Path.provider_base + '/lib/*.rb']
+ if platform_ruby_files.any?
+ $: << Path.provider_base + '/lib'
+ platform_ruby_files.each do |rb_file|
+ require rb_file
+ end
+ end
+ Config::Object.send(:include, LeapCli::Macro)
end
##
@@ -54,9 +64,24 @@ module LeapCli
e
end
- def services; env('default').services; end
- def tags; env('default').tags; end
- def provider; env('default').provider; end
+ #
+ # The default accessors for services, tags, and provider.
+ # For these defaults, use 'default' environment, or whatever
+ # environment is pinned.
+ #
+ def services
+ env(default_environment).services
+ end
+ def tags
+ env(default_environment).tags
+ end
+ def provider
+ env(default_environment).provider
+ end
+
+ def default_environment
+ LeapCli.leapfile.environment
+ end
##
## IMPORT EXPORT
@@ -80,8 +105,8 @@ module LeapCli
@secrets = load_json( Path.named_path(:secrets_config, @provider_dir), Config::Secrets)
@common.inherit_from! @base_common
- # load provider services, tags, and provider.json, DEFAULT environment
- log 3, :loading, 'default environment.........'
+ # For the default environment, load provider services, tags, and provider.json
+ log 3, :loading, 'default environment...'
env('default') do |e|
e.services = load_all_json(Path.named_path([:service_config, '*'], @provider_dir), Config::Tag, :no_dots => true)
e.tags = load_all_json(Path.named_path([:tag_config, '*'], @provider_dir), Config::Tag, :no_dots => true)
@@ -92,17 +117,28 @@ module LeapCli
validate_provider(e.provider)
end
- # load provider services, tags, and provider.json, OTHER environments
+ # create a special '_all_' environment, used for tracking the union
+ # of all the environments
+ env('_all_') do |e|
+ e.services = Config::ObjectList.new
+ e.tags = Config::ObjectList.new
+ e.provider = Config::Provider.new
+ e.services.inherit_from! env('default').services
+ e.tags.inherit_from! env('default').tags
+ e.provider.inherit_from! env('default').provider
+ end
+
+ # For each defined environment, load provider services, tags, and provider.json.
environment_names.each do |ename|
next unless ename
- log 3, :loading, '%s environment.........' % ename
+ log 3, :loading, '%s environment...' % ename
env(ename) do |e|
e.services = load_all_json(Path.named_path([:service_env_config, '*', ename], @provider_dir), Config::Tag)
e.tags = load_all_json(Path.named_path([:tag_env_config, '*', ename], @provider_dir), Config::Tag)
e.provider = load_json( Path.named_path([:provider_env_config, ename], @provider_dir), Config::Provider)
- e.services.inherit_from! env.services
- e.tags.inherit_from! env.tags
- e.provider.inherit_from! env.provider
+ e.services.inherit_from! env('default').services
+ e.tags.inherit_from! env('default').tags
+ e.provider.inherit_from! env('default').provider
validate_provider(e.provider)
end
end
@@ -113,15 +149,21 @@ module LeapCli
@nodes[name] = apply_inheritance(node)
end
- # remove disabled nodes
- unless options[:include_disabled]
- remove_disabled_nodes
- end
+ # do some node-list post-processing
+ cleanup_node_lists(options)
# apply control files
@nodes.each do |name, node|
control_files(node).each do |file|
- node.instance_eval File.read(file), file, 1
+ begin
+ node.eval_file file
+ rescue ConfigError => exc
+ if options[:continue_on_error]
+ exc.log
+ else
+ raise exc
+ end
+ end
end
end
end
@@ -187,42 +229,19 @@ module LeapCli
# returns a node list consisting only of nodes that satisfy the filter criteria.
#
# filter: condition [condition] [condition] [+condition]
- # condition: [node_name | service_name | tag_name]
+ # condition: [node_name | service_name | tag_name | environment_name]
#
# if conditions is prefixed with +, then it works like an AND. Otherwise, it works like an OR.
#
+ # args:
+ # filter -- array of filter terms, one per item
+ #
# options:
# :local -- if :local is false and the filter is empty, then local nodes are excluded.
+ # :nopin -- if true, ignore environment pinning
#
- def filter(filters, options={})
- if filters.empty?
- if options[:local] === false
- return nodes[:environment => '!local']
- else
- return nodes
- end
- end
- if filters[0] =~ /^\+/
- # don't let the first filter have a + prefix
- filters[0] = filters[0][1..-1]
- end
-
- node_list = Config::ObjectList.new
- filters.each do |filter|
- if filter =~ /^\+/
- keep_list = nodes_for_name(filter[1..-1])
- node_list.delete_if do |name, node|
- if keep_list[name]
- false
- else
- true
- end
- end
- else
- node_list.merge!(nodes_for_name(filter))
- end
- end
- return node_list
+ def filter(filters=nil, options={})
+ Filter.new(filters, options, self).nodes()
end
#
@@ -396,7 +415,6 @@ module LeapCli
raise LeapCli::ConfigError.new(node, "error " + msg) if throw_exceptions
else
new_node.deep_merge!(service)
- self.services[node_service].node_list.add(name, new_node)
end
end
end
@@ -414,7 +432,6 @@ module LeapCli
raise LeapCli::ConfigError.new(node, "error " + msg) if throw_exceptions
else
new_node.deep_merge!(tag)
- self.tags[node_tag].node_list.add(name, new_node)
end
end
end
@@ -428,43 +445,35 @@ module LeapCli
apply_inheritance(node, true)
end
- def remove_disabled_nodes
+ #
+ # does some final clean at the end of loading nodes.
+ # this includes removing disabled nodes, and populating
+ # the services[x].node_list and tags[x].node_list
+ #
+ def cleanup_node_lists(options)
@disabled_nodes = Config::ObjectList.new
@nodes.each do |name, node|
- unless node.enabled
- log 2, :skipping, "disabled node #{name}."
- @nodes.delete(name)
- @disabled_nodes[name] = node
+ if node.enabled || options[:include_disabled]
if node['services']
node['services'].to_a.each do |node_service|
- self.services[node_service].node_list.delete(node.name)
+ env(node.environment).services[node_service].node_list.add(node.name, node)
+ env('_all_').services[node_service].node_list.add(node.name, node)
end
end
if node['tags']
node['tags'].to_a.each do |node_tag|
- self.tags[node_tag].node_list.delete(node.name)
+ env(node.environment).tags[node_tag].node_list.add(node.name, node)
+ env('_all_').tags[node_tag].node_list.add(node.name, node)
end
end
+ elsif !options[:include_disabled]
+ log 2, :skipping, "disabled node #{name}."
+ @nodes.delete(name)
+ @disabled_nodes[name] = node
end
end
end
-
- #
- # returns a set of nodes corresponding to a single name, where name could be a node name, service name, or tag name.
- #
- def nodes_for_name(name)
- if node = self.nodes[name]
- Config::ObjectList.new(node)
- elsif service = self.services[name]
- service.node_list
- elsif tag = self.tags[name]
- tag.node_list
- else
- {}
- end
- end
-
def validate_provider(provider)
# nothing yet.
end
diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb
index 2392d1c..a0d402b 100644
--- a/lib/leap_cli/config/object.rb
+++ b/lib/leap_cli/config/object.rb
@@ -8,8 +8,6 @@ if $ruby_version < [1,9]
end
require 'ya2yaml' # pure ruby yaml
-require 'leap_cli/config/macros'
-
module LeapCli
module Config
#
@@ -20,8 +18,6 @@ module LeapCli
#
class Object < Hash
- include Config::Macros
-
attr_reader :node
attr_reader :manager
alias :global :manager
@@ -44,7 +40,7 @@ module LeapCli
#
def dump_yaml
evaluate(@node)
- ya2yaml(:syck_compatible => true)
+ sorted_ya2yaml(:syck_compatible => true)
end
#
@@ -68,6 +64,11 @@ module LeapCli
get(key)
end
+ # Overrride some default methods in Hash that are likely to
+ # be used as attributes.
+ alias_method :hkey, :key
+ def key; get('key'); end
+
#
# make hash addressable like an object (e.g. obj['name'] available as obj.name)
#
@@ -134,7 +135,18 @@ module LeapCli
#
def deep_merge!(object, prefer_self=false)
object.each do |key,new_value|
- old_value = self.fetch key, nil
+ if self.has_key?('+'+key)
+ mode = :add
+ old_value = self.fetch '+'+key, nil
+ self.delete('+'+key)
+ elsif self.has_key?('-'+key)
+ mode = :subtract
+ old_value = self.fetch '-'+key, nil
+ self.delete('-'+key)
+ else
+ mode = :normal
+ old_value = self.fetch key, nil
+ end
# clean up boolean
new_value = true if new_value == "true"
@@ -160,6 +172,18 @@ module LeapCli
elsif new_value.is_a?(Array) && !old_value.is_a?(Array)
(value = (new_value.dup << old_value).compact.uniq).delete('REQUIRED')
+ # merge two arrays
+ elsif old_value.is_a?(Array) && new_value.is_a?(Array)
+ if mode == :add
+ value = (old_value + new_value).sort.uniq
+ elsif mode == :subtract
+ value = new_value - old_value
+ elsif prefer_self
+ value = old_value
+ else
+ value = new_value
+ end
+
# catch errors
elsif type_mismatch?(old_value, new_value)
raise 'Type mismatch. Cannot merge %s (%s) with %s (%s). Key is "%s", name is "%s".' % [
@@ -168,7 +192,7 @@ module LeapCli
key, self.class
]
- # merge strings, numbers, and sometimes arrays
+ # merge simple strings & numbers
else
if prefer_self
value = old_value
@@ -206,6 +230,10 @@ module LeapCli
end
end
+ def eval_file(filename)
+ evaluate_ruby(filename, File.read(filename))
+ end
+
protected
#
@@ -246,45 +274,42 @@ module LeapCli
# (`key` is just passed for debugging purposes)
#
def evaluate_ruby(key, value)
- result = nil
- if LeapCli.log_level >= 2
- result = self.instance_eval(value)
- else
- begin
- result = self.instance_eval(value)
- rescue SystemStackError => exc
- Util::log 0, :error, "while evaluating node '#{self.name}'"
- Util::log 0, "offending key: #{key}", :indent => 1
- Util::log 0, "offending string: #{value}", :indent => 1
- Util::log 0, "STACK OVERFLOW, BAILING OUT. There must be an eval loop of death (variables with circular dependencies).", :indent => 1
- raise SystemExit.new(1)
- rescue FileMissing => exc
- Util::bail! do
- if exc.options[:missing]
- Util::log :missing, exc.options[:missing].gsub('$node', self.name).gsub('$file', exc.path)
- else
- Util::log :error, "while evaluating node '#{self.name}'"
- Util::log "offending key: #{key}", :indent => 1
- Util::log "offending string: #{value}", :indent => 1
- Util::log "error message: no file '#{exc}'", :indent => 1
- end
- end
- rescue AssertionFailed => exc
- Util.bail! do
- Util::log :failed, "assertion while evaluating node '#{self.name}'"
- Util::log 'assertion: %s' % exc.assertion, :indent => 1
- Util::log "offending key: #{key}", :indent => 1
- end
- rescue SyntaxError, StandardError => exc
- Util::bail! do
- Util::log :error, "while evaluating node '#{self.name}'"
- Util::log "offending key: #{key}", :indent => 1
- Util::log "offending string: #{value}", :indent => 1
- Util::log "error message: #{exc.inspect}", :indent => 1
- end
+ self.instance_eval(value, key, 1)
+ rescue ConfigError => exc
+ raise exc # pass through
+ rescue SystemStackError => exc
+ Util::log 0, :error, "while evaluating node '#{self.name}'"
+ Util::log 0, "offending key: #{key}", :indent => 1
+ Util::log 0, "offending string: #{value}", :indent => 1
+ Util::log 0, "STACK OVERFLOW, BAILING OUT. There must be an eval loop of death (variables with circular dependencies).", :indent => 1
+ raise SystemExit.new(1)
+ rescue FileMissing => exc
+ Util::bail! do
+ if exc.options[:missing]
+ Util::log :missing, exc.options[:missing].gsub('$node', self.name).gsub('$file', exc.path)
+ else
+ Util::log :error, "while evaluating node '#{self.name}'"
+ Util::log "offending key: #{key}", :indent => 1
+ Util::log "offending string: #{value}", :indent => 1
+ Util::log "error message: no file '#{exc}'", :indent => 1
end
+ raise exc if DEBUG
+ end
+ rescue AssertionFailed => exc
+ Util.bail! do
+ Util::log :failed, "assertion while evaluating node '#{self.name}'"
+ Util::log 'assertion: %s' % exc.assertion, :indent => 1
+ Util::log "offending key: #{key}", :indent => 1
+ raise exc if DEBUG
+ end
+ rescue SyntaxError, StandardError => exc
+ Util::bail! do
+ Util::log :error, "while evaluating node '#{self.name}'"
+ Util::log "offending key: #{key}", :indent => 1
+ Util::log "offending string: #{value}", :indent => 1
+ Util::log "error message: #{exc.inspect}", :indent => 1
+ raise exc if DEBUG
end
- return result
end
private
diff --git a/lib/leap_cli/config/object_list.rb b/lib/leap_cli/config/object_list.rb
index cd69d9b..33ca4dd 100644
--- a/lib/leap_cli/config/object_list.rb
+++ b/lib/leap_cli/config/object_list.rb
@@ -20,8 +20,6 @@ module LeapCli
# If the key is a hash, we treat it as a condition and filter all the Config::Objects using the condition.
# A new ObjectList is returned.
#
- # If the key is an array, it is treated as an array of node names
- #
# Examples:
#
# nodes['vpn1']
@@ -30,47 +28,22 @@ module LeapCli
# nodes[:public_dns => true]
# all nodes with public dns
#
- # nodes[:services => 'openvpn', :services => 'tor']
+ # nodes[:services => 'openvpn', 'location.country_code' => 'US']
+ # all nodes with services containing 'openvpn' OR country code of US
+ #
+ # Sometimes, you want to do an OR condition with multiple conditions
+ # for the same field. Since hash keys must be unique, you can use
+ # an array representation instead:
+ #
+ # nodes[[:services, 'openvpn'], [:services, 'tor']]
# nodes with openvpn OR tor service
#
# nodes[:services => 'openvpn'][:tags => 'production']
# nodes with openvpn AND are production
#
def [](key)
- if key.is_a? Hash
- results = Config::ObjectList.new
- key.each do |field, match_value|
- field = field.is_a?(Symbol) ? field.to_s : field
- match_value = match_value.is_a?(Symbol) ? match_value.to_s : match_value
- if match_value.is_a?(String) && match_value =~ /^!/
- operator = :not_equal
- match_value = match_value.sub(/^!/, '')
- else
- operator = :equal
- end
- each do |name, config|
- value = config[field]
- if value.is_a? Array
- if operator == :equal && value.include?(match_value)
- results[name] = config
- elsif operator == :not_equal && !value.include?(match_value)
- results[name] = config
- end
- else
- if operator == :equal && value == match_value
- results[name] = config
- elsif operator == :not_equal && value != match_value
- results[name] = config
- end
- end
- end
- end
- results
- elsif key.is_a? Array
- key.inject(Config::ObjectList.new) do |list, node_name|
- list[node_name] = super(node_name.to_s)
- list
- end
+ if key.is_a?(Hash) || key.is_a?(Array)
+ filter(key)
else
super key.to_s
end
@@ -88,15 +61,40 @@ module LeapCli
end
end
- # def <<(object)
- # if object.is_a? Config::ObjectList
- # self.merge!(object)
- # elsif object['name']
- # self[object['name']] = object
- # else
- # raise ArgumentError.new('argument must be a Config::Object or a Config::ObjectList')
- # end
- # end
+ #
+ # filters this object list, producing a new list.
+ # filter is an array or a hash. see []
+ #
+ def filter(filter)
+ results = Config::ObjectList.new
+ filter.each do |field, match_value|
+ field = field.is_a?(Symbol) ? field.to_s : field
+ match_value = match_value.is_a?(Symbol) ? match_value.to_s : match_value
+ if match_value.is_a?(String) && match_value =~ /^!/
+ operator = :not_equal
+ match_value = match_value.sub(/^!/, '')
+ else
+ operator = :equal
+ end
+ each do |name, config|
+ value = config[field]
+ if value.is_a? Array
+ if operator == :equal && value.include?(match_value)
+ results[name] = config
+ elsif operator == :not_equal && !value.include?(match_value)
+ results[name] = config
+ end
+ else
+ if operator == :equal && value == match_value
+ results[name] = config
+ elsif operator == :not_equal && value != match_value
+ results[name] = config
+ end
+ end
+ end
+ end
+ results
+ end
def add(name, object)
self[name] = object
diff --git a/lib/leap_cli/config/tag.rb b/lib/leap_cli/config/tag.rb
index e5e719d..31f4f76 100644
--- a/lib/leap_cli/config/tag.rb
+++ b/lib/leap_cli/config/tag.rb
@@ -13,6 +13,13 @@ module LeapCli; module Config
super(manager)
@node_list = Config::ObjectList.new
end
+
+ # don't copy the node list pointer when this object is dup'ed.
+ def initialize_copy(orig)
+ super
+ @node_list = Config::ObjectList.new
+ end
+
end
end; end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 00:13:16 +0000