Allow custom lookup functions (#165)

* Upgrade dependencies.

Latest security fixes for rails plus a bunch of
minor updates.

* Allow custom lookup functions #162

We do not (and cannot support) custom lookup functions per se,
but in case they map cleanly to an existing backing, e.g. eyaml,
this allows to specify this mapping, so everything should then
work as expected.

---------

Co-authored-by: Martin Alfke <[email protected]>

.rubocop_todo.yml

@@ -292,7 +292,6 @@ Rails/FilePath:
 # Include: **/test/**/*
 Rails/RefuteMethods:
   Exclude:
-    - 'test/models/hiera_data/hierarchy_test.rb'
     - 'test/models/hiera_data/yaml_file_test.rb'
     - 'test/models/hierarchy_test.rb'
     - 'test/models/user_test.rb'
@@ -336,7 +335,6 @@ Style/ClassAndModuleChildren:
     - 'test/models/hiera_data/config_test.rb'
     - 'test/models/hiera_data/data_file_test.rb'
     - 'test/models/hiera_data/git_repo_test.rb'
-    - 'test/models/hiera_data/hierarchy_test.rb'
     - 'test/models/hiera_data/interpolation_test.rb'
     - 'test/models/hiera_data/yaml_file_test.rb'
     - 'test/test_helper.rb'
@@ -375,7 +373,6 @@ Style/GuardClause:
     - 'app/controllers/page_controller.rb'
     - 'app/controllers/sessions_controller.rb'
     - 'app/models/hiera_data/data_file.rb'
-    - 'app/models/hiera_data/hierarchy.rb'
 
 # Offense count: 1
 # Configuration parameters: MinBranchesCount.
@@ -399,7 +396,6 @@ Style/IfUnlessModifier:
     - 'app/controllers/sessions_controller.rb'
     - 'app/controllers/users_controller.rb'
     - 'app/models/hiera_data/config.rb'
-    - 'app/models/hiera_data/hierarchy.rb'
 
 # Offense count: 1
 # This cop supports safe auto-correction (--auto-correct).
@@ -416,7 +412,6 @@ Style/MutableConstant:
 Style/NumericLiteralPrefix:
   Exclude:
     - 'app/models/hiera_data/yaml_file.rb'
-    - 'test/models/hiera_data/hierarchy_test.rb'
     - 'test/models/hiera_data/yaml_file_test.rb'
 
 # Offense count: 1
@@ -431,10 +426,8 @@ Style/NumericLiterals:
 # Configuration parameters: PreferredDelimiters.
 Style/PercentLiteralDelimiters:
   Exclude:
-    - 'app/models/hiera_data/hierarchy.rb'
     - 'config/initializers/friendly_id.rb'
     - 'test/models/environment_test.rb'
-    - 'test/models/hiera_data/hierarchy_test.rb'
     - 'test/models/key_test.rb'
 
 # Offense count: 5
@@ -444,7 +437,6 @@ Style/PercentLiteralDelimiters:
 Style/PreferredHashMethods:
   Exclude:
     - 'app/models/hiera_data/data_file.rb'
-    - 'app/models/hiera_data/hierarchy.rb'
     - 'app/models/hiera_data/yaml_file.rb'
 
 # Offense count: 3

app/models/hiera_data/data_file.rb

@@ -61,7 +61,7 @@ def create_file(type)
       when :yaml
         YamlFile.new(path: @path)
       else
-        raise HDM::Error, "unsupported data file type #{type}"
+        raise Hdm::Error, "unsupported data file type #{type}"
       end
     end
   end

app/models/hiera_data/hierarchy.rb

@@ -1,6 +1,16 @@
 class HieraData
   class Hierarchy
-    LOOKUP_FUNCTIONS = %w(lookup_key data_hash data_dig hiera3_backend).freeze
+    LOOKUP_FUNCTIONS = %w[lookup_key data_hash data_dig hiera3_backend].freeze
+    BACKENDS = {
+      "data_hash" => {
+        "json_data" => :json,
+        "yaml_data" => :yaml
+      },
+      "lookup_key" => {
+        "eyaml_lookup_key" => :eyaml
+      }
+    }.freeze
+
     attr_reader :raw_hash
 
     def initialize(raw_hash:, base_path:)
@@ -17,17 +27,7 @@ def lookup_function
     end
 
     def backend
-      @backend ||=
-        case [lookup_function, raw_hash[lookup_function]]
-        when ["data_hash", "yaml_data"]
-          :yaml
-        when ["data_hash", "json_data"]
-          :json
-        when ["lookup_key", "eyaml_lookup_key"]
-          :eyaml
-        else
-          raise HDM::Error, "unknown backend #{raw_hash[lookup_function]}"
-        end
+      @backend ||= determine_backend
     end
 
     def datadir(facts: nil)
@@ -44,15 +44,15 @@ def datadir(facts: nil)
     end
 
     def private_key
-      if backend == :eyaml
-        @base_path.join(raw_hash.dig("options", "pkcs7_private_key"))
-      end
+      return unless backend == :eyaml
+
+      @base_path.join(raw_hash.dig("options", "pkcs7_private_key"))
     end
 
     def public_key
-      if backend == :eyaml
-        @base_path.join(raw_hash.dig("options", "pkcs7_public_key"))
-      end
+      return unless backend == :eyaml
+
+      @base_path.join(raw_hash.dig("options", "pkcs7_public_key"))
     end
 
     def encryptable?
@@ -62,7 +62,7 @@ def encryptable?
     end
 
     def uses_globs?
-      raw_hash.has_key?("glob") || raw_hash.has_key?("globs")
+      raw_hash.key?("glob") || raw_hash.key?("globs")
     end
 
     def paths
@@ -93,5 +93,16 @@ def setup_paths
       base_key = uses_globs? ? "glob" : "path"
       Array(raw_hash[base_key] || raw_hash.fetch("#{base_key}s", []))
     end
+
+    def determine_backend
+      key = lookup_function
+      value = raw_hash[lookup_function]
+      backends = BACKENDS
+      custom_mappings = Rails.configuration.hdm[:custom_lookup_function_mapping]
+      backends = backends.deep_merge({ "lookup_key" => custom_mappings }) if custom_mappings.present?
+      backends.fetch(key).fetch(value).to_sym
+    rescue KeyError
+      raise Hdm::Error, "unknown backend #{value}"
+    end
   end
 end

config/hdm.yml.template

@@ -79,3 +79,12 @@ production:
 #     idp_cert_fingerprint: "aaa"
 #     idp_cert: "cert" # use either fingerprint _or_ cert but not both
 
+# Example for a custom lookup function, called `my_custom_function`,
+# mapped to an existing backend, `eyaml`
+# production:
+#   read_only: false
+#   allow_encryption: true
+#   puppet_db:
+#     server: "https://localhost:8081"
+#   custom_lookup_function_mapping:
+#     my_custom_function: eyaml