Migrate from puppetdbquery to puppetdb::query_facts

paladox · paladox · commit 6cc5006162ca · 2024-12-21T20:48:55.000Z
Bug: T13025
diff --git a/modules/puppetdb/functions/query_facts.pp b/modules/puppetdb/functions/query_facts.pp
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: Apache-2.0
+# @summery query for custome facts for a host and return a hash of facts values keyed to the certname
+# @param filter a hash of fact name to fetch
+# @param a pql subquery to apply to the query
+function puppetdb::query_facts(
+    Array[String[1]]    $filter,
+    Optional[String[1]] $subquery = undef,
+) >> Hash[Stdlib::Fqdn, Hash] {
+    $_subquery = $subquery ? {
+        undef   => '',
+        default => " and ${subquery}"
+    }
+    $filter_str = $filter.map |$filter| { "\"${filter}\"" }.join(',')
+    $pql = "facts[certname, name, value] { name in [${filter_str}] ${_subquery} }"
+    puppetdb::munge_facts(puppetdb_query($pql))
+}
diff --git a/modules/puppetdb/lib/puppet/functions/puppetdb/munge_facts.rb b/modules/puppetdb/lib/puppet/functions/puppetdb/munge_facts.rb
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: Apache-2.0
+Puppet::Functions.create_function(:'puppetdb::munge_facts') do
+  dispatch :munge_facts do
+    param 'Array[Hash]', :facts
+  end
+
+  def munge_facts(facts)
+    facts_out = Hash.new {|h, k| h[k] = {}}
+    facts.each do |f|
+      facts_out[f['certname']][f['name']] = f['value']
+    end
+    facts_out
+  end
+end
diff --git a/modules/role/manifests/cloud.pp b/modules/role/manifests/cloud.pp
@@ -4,20 +4,13 @@
 
     class { '::cpufrequtils': }
 
-    $firewall_rules_str = join(
-        query_facts('Class[Role::Cloud]', ['networking'])
-        .map |$key, $value| {
-            if ( $value['networking']['interfaces']['vmbr1'] ) {
-                "${value['networking']['interfaces']['vmbr1']['ip']} ${value['networking']['ip']} ${value['networking']['ip6']}"
-            } else {
-                "${value['networking']['ip']} ${value['networking']['ip6']}"
-            }
-        }
-        .flatten()
-        .unique()
-        .sort(),
-        ' '
-    )
+    $pql = @(PQL)
+    facts[certname, value] {
+        name = 'networking' and
+        resources { type = 'Class' and title = 'Role::Cloud' }
+    }
+    | PQL
+    $firewall_rules_str = vmlib::generate_firewall_ip($pql)
 
     ferm::service { 'proxmox port 5900:5999':
         proto  => 'tcp',
diff --git a/modules/role/manifests/irc.pp b/modules/role/manifests/irc.pp
@@ -32,44 +32,21 @@
         udp_port     => '5071',
     }
 
-    $firewall_irc_rules_str = join(
-        query_facts('Class[Role::Mediawiki] or Class[Role::Mediawiki_task] or Class[Role::Mediawiki_beta]', ['networking'])
-        .map |$key, $value| {
-            if ( $value['networking']['interfaces']['ens19'] and $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens19']['ip']} ${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } elsif ( $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } else {
-                "${value['networking']['ip']} ${value['networking']['ip6']}"
-            }
-        }
-        .flatten()
-        .unique()
-        .sort(),
-        ' '
-    )
+    $subquery = @("PQL")
+    (resources { type = 'Class' and title = 'Role::Mediawik' } or
+    resources { type = 'Class' and title = 'Role::Mediawiki_task' } or
+    resources { type = 'Class' and title = 'Role::Mediawiki_beta' })
+    | PQL
+    $firewall_irc_rules_str = vmlib::generate_firewall_ip($subquery)
+
     ferm::service { 'ircrcbot':
         proto  => 'udp',
         port   => '5070',
         srange => "(${firewall_irc_rules_str})",
     }
 
-    $firewall_all_rules_str = join(
-        query_facts('Class[Base]', ['networking'])
-        .map |$key, $value| {
-            if ( $value['networking']['interfaces']['ens19'] and $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens19']['ip']} ${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } elsif ( $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } else {
-                "${value['networking']['ip']} ${value['networking']['ip6']}"
-            }
-        }
-        .flatten()
-        .unique()
-        .sort(),
-        ' '
-    )
+    $firewall_all_rules_str = vmlib::generate_firewall_ip()
+
     ferm::service { 'irclogserverbot':
         proto  => 'udp',
         port   => '5071',
diff --git a/modules/role/manifests/redis.pp b/modules/role/manifests/redis.pp
@@ -9,27 +9,20 @@
         maxmemory => $redis_heap,
     }
 
-    $firewall = $facts['networking']['hostname'] =~ /^test1.+$/ ? {
-        true    => 'Class[Role::Mediawiki_beta] or Class[Role::Icinga2]',
-        default => 'Class[Role::Mediawiki] or Class[Role::Mediawiki_task] or Class[Role::Icinga2]',
+    if ( $facts['networking']['hostname'] =~ /^test1.+$/  ) {
+        $subquery = @("PQL")
+        (resources { type = 'Class' and title = 'Role::Mediawiki_beta' } or
+        resources { type = 'Class' and title = 'Role::Icinga2' })
+        | PQL
+    } else {
+        $subquery = @("PQL")
+        (resources { type = 'Class' and title = 'Role::Mediawik' } or
+        resources { type = 'Class' and title = 'Role::Mediawiki_task' } or
+        resources { type = 'Class' and title = 'Role::Icinga2' })
+        | PQL
     }
+    $firewall_rules_str = vmlib::generate_firewall_ip($subquery)
 
-    $firewall_rules_str = join(
-        query_facts($firewall, ['networking'])
-        .map |$key, $value| {
-            if ( $value['networking']['interfaces']['ens19'] and $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens19']['ip']} ${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } elsif ( $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } else {
-                "${value['networking']['ip']} ${value['networking']['ip6']}"
-            }
-        }
-        .flatten()
-        .unique()
-        .sort(),
-        ' '
-    )
     ferm::service { 'redis':
         proto   => 'tcp',
         port    => '6379',
diff --git a/modules/role/manifests/ssl.pp b/modules/role/manifests/ssl.pp
@@ -2,22 +2,11 @@
 class role::ssl {
     include ::ssl
 
-    $firewall_srange = join(
-        query_facts('Class[Role::Varnish] or Class[Role::Icinga2]', ['networking'])
-        .map |$key, $value| {
-            if ( $value['networking']['interfaces']['ens19'] and $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens19']['ip']} ${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } elsif ( $value['networking']['interfaces']['ens18'] ) {
-                "${value['networking']['interfaces']['ens18']['ip']} ${value['networking']['interfaces']['ens18']['ip6']}"
-            } else {
-                "${value['networking']['ip']} ${value['networking']['ip6']}"
-            }
-        }
-        .flatten()
-        .unique()
-        .sort(),
-        ' '
-    )
+    $subquery = @("PQL")
+    (resources { type = 'Class' and title = 'Role::Varnish' } or
+    resources { type = 'Class' and title = 'Role::Icinga2' })
+    | PQL
+    $firewall_rules_str = vmlib::generate_firewall_ip($subquery)
 
     if !defined(Ferm::Service['http']) {
         ferm::service { 'http':
diff --git a/modules/vmlib/functions/generate_firewall_ip.pp b/modules/vmlib/functions/generate_firewall_ip.pp
@@ -0,0 +1,18 @@
+function vmlib::generate_firewall_ip (
+    Optional[String[1]] $subquery = undef
+) >> String {
+   join(
+        puppetdb::query_facts(['networking'], $subquery).values.map |$_facts| {
+            if ( $_facts['networking']['interfaces']['vmbr1'] ) {
+                "${value['value']['interfaces']['vmbr1']['ip']} ${value['value']['ip']} ${value['value']['ip6']}"
+            } elsif ( $_facts['networking']['interfaces']['ens19'] and $_facts['networking']['interfaces']['ens18'] ) {
+                "${value['value']['interfaces']['ens19']['ip']} ${value['value']['interfaces']['ens18']['ip']} ${value['value']['interfaces']['ens18']['ip6']}"
+            } elsif ( $value['value']['interfaces']['ens18'] ) {
+                "${value['value']['interfaces']['ens18']['ip']} ${value['value']['interfaces']['ens18']['ip6']}"
+            } else {
+                "${value['value']['ip']} ${value['value']['ip6']}"
+            }
+        }.flatten.sort.unique,
+        ' '
+   )
+}
