flow_application/

ansible_import.rs

//! Ansible-collection import (Tier-1 CLI-veneer detection).
//!
//! Ansible collections ship as `.tar.gz` archives per the Galaxy artifact
//! spec. For a large class of vendor collections, every "module" is a thin
//! action plugin that just shells out to an external CLI - the YAML is a
//! friendly veneer over a binary the controller already has on PATH.
//!
//! For these collections we don't need the `ansible-playbook` runtime to
//! convert their playbooks: we can inspect the action-plugin source at
//! import time, extract the CLI command string, and emit a corresponding
//! flow node (zowe-adapter `cli-tool` when the binary is `zowe`, shell
//! `run-command` otherwise).
//!
//! This module does the extract-and-detect half:
//!
//! 1. Open a collection `.tar.gz`, validate (entry count, total size, no
//!    path traversal), and read the on-tape entries we care about
//!    (`MANIFEST.json`, `plugins/action/*.py`).
//! 2. Run a small regex pass over each action-plugin's source looking for
//!    the two patterns that cover the realistic Tier-1 surface:
//!    - `zowe_command = "<cmd>"` (zowe-CLI-veneer collections)
//!    - `command_to_run = "<cmd>"` (generic CLI veneer)
//! 3. Return a [`CollectionPreview`] the frontend's resolver pipeline can
//!    seed itself with. Unknown modules surface as `cli_command: None` so
//!    the resolver pipeline still falls through to the builtin table /
//!    fallback for them.

use std::collections::BTreeMap;
use std::fs::File;
use std::io::Read;
use std::path::Path;

use flate2::read::GzDecoder;
use serde::{Deserialize, Serialize};
use thiserror::Error;

/// Maximum entries we tolerate in a collection tarball. Real collections
/// run from ~10 to ~500 files; 5000 leaves generous headroom for big ones
/// like `community.general` while hard-rejecting decoy archives.
const MAX_ENTRIES: usize = 5000;
/// Maximum cumulative uncompressed size we tolerate. 256 MB is well above
/// any realistic collection (single-digit MB even for large vendor
/// collections) and stops decompression-bomb attacks early.
const MAX_UNCOMPRESSED_BYTES: u64 = 256 * 1024 * 1024;

#[derive(Debug, Error)]
pub enum ImportError {
    #[error("io: {0}")]
    Io(String),
    #[error("invalid archive: {0}")]
    InvalidArchive(String),
    #[error("missing or malformed MANIFEST.json: {0}")]
    BadManifest(String),
    #[error("archive too large: {0}")]
    TooLarge(String),
}

#[derive(Debug, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct CollectionPreview {
    pub namespace: String,
    pub name: String,
    pub version: String,
    /// One entry per `plugins/modules/<name>.py` found, sorted by short name.
    pub modules: Vec<ModulePreview>,
}

#[derive(Debug, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct ModulePreview {
    /// Fully-qualified collection name: `<ns>.<name>.<short>`.
    pub fqcn: String,
    /// Short module name (`deploy_ddl`, `copy`, ...).
    pub short_name: String,
    /// Detected CLI invocation, if the action plugin matched one of the
    /// known patterns. `None` means the converter should fall through to
    /// builtin / fallback resolvers.
    pub cli_command: Option<CliCommand>,
    /// Raw YAML from the module's `EXAMPLES = r'''...'''` documentation
    /// block, if present. Used to synthesize a demo playbook when the user
    /// imports a collection without a corresponding playbook on disk.
    pub examples: Option<String>,
}

#[derive(Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct CliCommand {
    /// Top-level binary: `"zowe"`, `"pwsh"`, `"kubectl"`, etc. Used by the
    /// TS resolver to pick the right adapter (`zowe` → `zowe:cli-tool`,
    /// anything else → `shell:run-command`).
    pub binary: String,
    /// The subcommand path as a single space-joined string, ready to drop
    /// into the `command:` field of a `zowe:cli-tool` node or into the args
    /// portion of a `shell:run-command`.
    pub subcommand: String,
}

/// Top-level entry point. Reads + validates the tarball, scans every
/// `plugins/modules/*.py` to enumerate the collection's surface, then runs
/// the CLI detector against each module's matching action plugin (if any).
pub fn import_collection(tar_path: &Path) -> Result<CollectionPreview, ImportError> {
    let file = File::open(tar_path)
        .map_err(|e| ImportError::Io(format!("open {}: {e}", tar_path.display())))?;
    let decoder = GzDecoder::new(file);
    let mut archive = tar::Archive::new(decoder);

    let mut manifest: Option<RawManifest> = None;
    let mut module_names: Vec<String> = Vec::new();
    let mut module_sources: BTreeMap<String, String> = BTreeMap::new();
    let mut action_sources: BTreeMap<String, String> = BTreeMap::new();
    let mut entry_count = 0usize;
    let mut total_bytes = 0u64;

    for entry in archive
        .entries()
        .map_err(|e| ImportError::InvalidArchive(format!("read entries: {e}")))?
    {
        let mut entry =
            entry.map_err(|e| ImportError::InvalidArchive(format!("bad entry: {e}")))?;

        entry_count += 1;
        if entry_count > MAX_ENTRIES {
            return Err(ImportError::TooLarge(format!(
                "more than {MAX_ENTRIES} entries"
            )));
        }

        let size = entry.header().size().unwrap_or(0);
        total_bytes = total_bytes.saturating_add(size);
        if total_bytes > MAX_UNCOMPRESSED_BYTES {
            return Err(ImportError::TooLarge(format!(
                "uncompressed bytes exceed {MAX_UNCOMPRESSED_BYTES}"
            )));
        }

        let path = entry
            .path()
            .map_err(|e| ImportError::InvalidArchive(format!("entry path: {e}")))?
            .into_owned();
        let path_str = path.to_string_lossy();
        if path_str.contains("..") || path.is_absolute() {
            return Err(ImportError::InvalidArchive(format!(
                "unsafe path: {path_str}"
            )));
        }

        if path_str == "MANIFEST.json" {
            let mut buf = String::new();
            entry
                .read_to_string(&mut buf)
                .map_err(|e| ImportError::Io(format!("read MANIFEST.json: {e}")))?;
            manifest = Some(
                serde_json::from_str(&buf)
                    .map_err(|e| ImportError::BadManifest(e.to_string()))?,
            );
            continue;
        }

        if let Some(name) = strip_prefix_and_py(&path_str, "plugins/modules/") {
            let mut buf = String::new();
            entry
                .read_to_string(&mut buf)
                .map_err(|e| ImportError::Io(format!("read module {name}: {e}")))?;
            module_names.push(name.clone());
            module_sources.insert(name, buf);
            continue;
        }

        if let Some(name) = strip_prefix_and_py(&path_str, "plugins/action/") {
            let mut buf = String::new();
            entry
                .read_to_string(&mut buf)
                .map_err(|e| ImportError::Io(format!("read action {name}: {e}")))?;
            action_sources.insert(name, buf);
            continue;
        }
    }

    let manifest = manifest.ok_or_else(|| {
        ImportError::BadManifest("MANIFEST.json not present in archive".into())
    })?;
    let info = manifest.collection_info;

    module_names.sort();
    module_names.dedup();

    let modules = module_names
        .into_iter()
        .map(|short| {
            let cli = action_sources
                .get(&short)
                .and_then(|src| detect_cli_command(src));
            let examples = module_sources
                .get(&short)
                .and_then(|src| extract_examples_block(src));
            ModulePreview {
                fqcn: format!("{}.{}.{}", info.namespace, info.name, short),
                short_name: short,
                cli_command: cli,
                examples,
            }
        })
        .collect();

    Ok(CollectionPreview {
        namespace: info.namespace,
        name: info.name,
        version: info.version,
        modules,
    })
}

#[derive(Debug, Deserialize)]
struct RawManifest {
    collection_info: RawCollectionInfo,
}

#[derive(Debug, Deserialize)]
struct RawCollectionInfo {
    namespace: String,
    name: String,
    version: String,
}

fn strip_prefix_and_py(path: &str, prefix: &str) -> Option<String> {
    let rest = path.strip_prefix(prefix)?;
    let stem = rest.strip_suffix(".py")?;
    if stem.is_empty() || stem.contains('/') {
        return None;
    }
    if stem == "__init__" {
        return None;
    }
    Some(stem.to_string())
}

/// Regex-based CLI-veneer detector.
///
/// Looks for the three statically-extractable patterns we've seen across
/// Tier-1 collections. Anything more dynamic (commands built from f-strings,
/// branches on input flags, etc.) doesn't match - the resolver falls back
/// to the builtin table / placeholder log node, and a future iteration can
/// escalate to a real Python AST pass if those cases become common.
fn detect_cli_command(source: &str) -> Option<CliCommand> {
    use regex::Regex;
    // `zowe_command = "..."` - zowe-CLI-veneer collections.
    let zowe = Regex::new(r#"(?m)^\s*zowe_command\s*=\s*["']([^"']+)["']"#).ok()?;
    if let Some(cap) = zowe.captures(source) {
        let subcommand = cap.get(1).map(|m| m.as_str().trim().to_string())?;
        if !subcommand.is_empty() {
            return Some(CliCommand {
                binary: "zowe".into(),
                subcommand,
            });
        }
    }
    // `command_to_run = "<binary> ..."` - generic-CLI variant. The binary is
    // taken from the first whitespace-separated token; the rest is the
    // subcommand. Single string only - argv form is too easy to misparse.
    let cmd = Regex::new(r#"(?m)^\s*command_to_run\s*=\s*["']([^"']+)["']"#).ok()?;
    if let Some(cap) = cmd.captures(source) {
        let line = cap.get(1).map(|m| m.as_str().trim().to_string())?;
        if let Some((bin, rest)) = line.split_once(char::is_whitespace) {
            return Some(CliCommand {
                binary: bin.to_string(),
                subcommand: rest.trim().to_string(),
            });
        }
        return Some(CliCommand {
            binary: line,
            subcommand: String::new(),
        });
    }
    None
}

/// Extract the YAML body of an Ansible module's `EXAMPLES = r'''...'''`
/// documentation block. Handles the four quoting variants real modules use:
/// `r'''...'''`, `'''...'''`, `r"""..."""`, `"""..."""`. Returns `None`
/// when nothing parses cleanly - better to skip a module's examples than
/// surface a malformed YAML capture that breaks the demo converter.
fn extract_examples_block(source: &str) -> Option<String> {
    use regex::Regex;
    // Two patterns covering the four quoting variants: triple-single and
    // triple-double, each optionally raw-prefixed. `(?s)` lets `.` match
    // newlines; `.*?` is non-greedy so we stop at the first closing triple.
    let triples: [(&str, &str); 2] = [
        (r#"(?s)EXAMPLES\s*=\s*r?'''(.*?)'''"#, ""),
        (r#"(?s)EXAMPLES\s*=\s*r?"""(.*?)""""#, ""),
    ];
    for (pat, _) in triples {
        if let Ok(re) = Regex::new(pat) {
            if let Some(cap) = re.captures(source) {
                if let Some(body) = cap.get(1) {
                    let s = body.as_str().trim();
                    if !s.is_empty() {
                        return Some(s.to_string());
                    }
                }
            }
        }
    }
    None
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn detects_zowe_command() {
        let src = r#"
def run(self):
    zowe_command = "dbm-db2 deploy ddl"
    return zowe_command
"#;
        let got = detect_cli_command(src).expect("should detect");
        assert_eq!(got.binary, "zowe");
        assert_eq!(got.subcommand, "dbm-db2 deploy ddl");
    }

    #[test]
    fn detects_command_to_run_with_binary() {
        let src = r#"command_to_run = "pwsh -Command Get-Process""#;
        let got = detect_cli_command(src).expect("should detect");
        assert_eq!(got.binary, "pwsh");
        assert_eq!(got.subcommand, "-Command Get-Process");
    }

    #[test]
    fn no_match_for_dynamic_command() {
        let src = r#"zowe_command = f"dbm-db2 {action}""#;
        assert!(detect_cli_command(src).is_none());
    }

    #[test]
    fn extracts_raw_triple_single_examples() {
        let src = r#"
DOCUMENTATION = '''---
module: do_thing
'''

EXAMPLES = r'''
- name: Do the thing
  ns.coll.do_thing:
    target: alpha
'''

RETURN = '''
data: ...
'''
"#;
        let got = extract_examples_block(src).expect("should extract");
        assert!(got.starts_with("- name: Do the thing"));
        assert!(got.contains("target: alpha"));
        assert!(!got.contains("RETURN"));
    }

    #[test]
    fn extracts_triple_double_examples() {
        let src = r#"
EXAMPLES = """
- name: Hi
  some.mod.x:
    a: 1
"""
"#;
        let got = extract_examples_block(src).expect("should extract");
        assert!(got.contains("a: 1"));
    }

    #[test]
    fn no_examples_returns_none() {
        let src = r#"DOCUMENTATION = '''m'''"#;
        assert!(extract_examples_block(src).is_none());
    }

    #[test]
    fn strip_prefix_rejects_init_and_nested() {
        assert_eq!(
            strip_prefix_and_py("plugins/modules/copy.py", "plugins/modules/"),
            Some("copy".into())
        );
        assert_eq!(
            strip_prefix_and_py("plugins/modules/__init__.py", "plugins/modules/"),
            None
        );
        assert_eq!(
            strip_prefix_and_py("plugins/modules/sub/copy.py", "plugins/modules/"),
            None
        );
    }
}