lib/puppet-check/data_parser.rb in puppet-check-1.4.1 vs lib/puppet-check/data_parser.rb in puppet-check-1.5.0
- old
+ new
@@ -2,10 +2,12 @@
# executes diagnostics on data files
class DataParser
# checks yaml (.yaml/.yml)
def self.yaml(files)
+ return if files.empty?
+
require 'yaml'
files.each do |file|
# check yaml syntax
begin
@@ -14,23 +16,63 @@
PuppetCheck.settings[:error_files].push("#{file}:\n#{err.to_s.gsub("(#{file}): ", '')}")
else
warnings = []
# perform some rudimentary hiera checks if data exists and is hieradata
- warnings = hiera(parsed) unless (parsed.class.to_s == 'NilClass') || (File.basename(file) == 'hiera.yaml')
+ warnings = hiera(parsed, file) unless (parsed.class.to_s == 'NilClass') || (File.basename(file) == 'hiera.yaml')
- # check that '---' does not show up more than once in the hieradata
- warnings.push('The string --- appears more than once in this data and Hiera will fail to parse it correctly.') if File.read(file).scan(/---/).count >= 2
+ next PuppetCheck.settings[:warning_files].push("#{file}:\n#{warnings.join("\n")}") unless warnings.empty?
+ PuppetCheck.settings[:clean_files].push(file.to_s)
+ end
+ end
+ end
+ # checks eyaml (.eyaml/.eyml)
+ def self.eyaml(files, public, private)
+ return if files.empty?
+
+ require 'openssl'
+
+ # keys specified?
+ return warn 'Public X509 and/or Private RSA PKCS7 certs were not specified. EYAML checks will not be executed.' if public.nil? || private.nil?
+
+ # keys exist?
+ return warn 'Specified Public X509 and/or Private RSA PKCS7 certs do not exist. EYAML checks will not be executed.' unless File.file?(public) && File.file?(private)
+
+ # setup decryption
+ rsa = OpenSSL::PKey::RSA.new(File.read(private))
+ x509 = OpenSSL::X509::Certificate.new(File.read(public))
+
+ files.each do |file|
+ # grab all encoded portions of the eyaml
+
+ # decrypt the encoded portions
+ decrypted = OpenSSL::PKCS7.new(File.read(file)).decrypt(rsa, x509)
+
+ # insert decrypted portions back into eyaml (pass into loader below)
+
+ # check yaml syntax
+ begin
+ parsed = YAML.safe_load(decrypted)
+ rescue StandardError => err
+ PuppetCheck.settings[:error_files].push("#{file}:\n#{err.to_s.gsub("(#{file}): ", '')}")
+ else
+ warnings = []
+
+ # perform some rudimentary hiera checks if data exists and is hieradata
+ warnings = hiera(parsed, file) unless (parsed.class.to_s == 'NilClass') || (File.basename(file) == 'hiera.yaml')
+
next PuppetCheck.settings[:warning_files].push("#{file}:\n#{warnings.join("\n")}") unless warnings.empty?
PuppetCheck.settings[:clean_files].push(file.to_s)
end
end
end
# checks json (.json)
def self.json(files)
+ return if files.empty?
+
require 'json'
files.each do |file|
# check json syntax
begin
@@ -124,27 +166,31 @@
warnings.push("License identifier '#{parsed['license']}' is not in the SPDX list: http://spdx.org/licenses/")
end
# assume this is hieradata
else
# perform some rudimentary hiera checks if data exists
- warnings = hiera(parsed) unless parsed.class.to_s == 'NilClass'
+ warnings = hiera(parsed, file) unless parsed.class.to_s == 'NilClass'
end
next PuppetCheck.settings[:warning_files].push("#{file}:\n#{warnings.join("\n")}") unless warnings.empty?
PuppetCheck.settings[:clean_files].push(file.to_s)
end
end
end
# checks hieradata
- def self.hiera(data)
+ def self.hiera(data, file)
+ private_class_method :method
warnings = []
data.each do |key, value|
# check for nil values in the data (nil keys are fine)
if (value.is_a?(Hash) && value.values.any?(&:nil?)) || (value.class.to_s == 'NilClass')
warnings.push("Value(s) missing in key '#{key}'.")
end
end
+
+ # check that '---' does not show up more than once in the hieradata
+ warnings.push('The string --- appears more than once in this data and Hiera will fail to parse it correctly.') if File.read(file).scan(/---/).count >= 2
warnings
end
end