TrueCar-chef 0.10.0.beta.3

data/lib/chef/provider/template.rb

@@ -0,0 +1,105 @@
+#--
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2008, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider/file'
+require 'chef/mixin/template'
+require 'chef/mixin/checksum'
+require 'chef/file_access_control'
+
+class Chef
+  class Provider
+
+    class Template < Chef::Provider::File
+
+      include Chef::Mixin::Checksum
+      include Chef::Mixin::Template
+
+      def load_current_resource
+        super
+        @current_resource.checksum(checksum(@current_resource.path)) if ::File.exist?(@current_resource.path)
+      end
+
+      def action_create
+        render_with_context(template_location) do |rendered_template|
+          rendered(rendered_template)
+          if ::File.exist?(@new_resource.path) && content_matches?
+            Chef::Log.debug("#{@new_resource} content has not changed.")
+            set_all_access_controls(@new_resource.path)
+          else
+            Chef::Log.info("Writing updated content for #{@new_resource} to #{@new_resource.path}")
+            backup
+            set_all_access_controls(rendered_template.path)
+            FileUtils.mv(rendered_template.path, @new_resource.path)
+            @new_resource.updated_by_last_action(true)
+          end
+        end
+      end
+
+      def action_create_if_missing
+        if ::File.exists?(@new_resource.path)
+          Chef::Log.debug("Template #{@new_resource} exists, taking no action.")
+        else
+          action_create
+        end
+      end
+
+      def template_location
+        Chef::Log.debug("looking for template #{@new_resource.source} in cookbook #{cookbook_name.inspect}")
+        @template_file_cache_location ||= begin
+          if @new_resource.local
+            @new_resource.source
+          else
+            cookbook = run_context.cookbook_collection[resource_cookbook]
+            cookbook.preferred_filename_on_disk_location(node, :templates, @new_resource.source)
+          end
+        end
+      end
+      
+      def resource_cookbook
+        @new_resource.cookbook || @new_resource.cookbook_name
+      end
+
+      def rendered(rendered_template)
+        @new_resource.checksum(checksum(rendered_template.path))
+        Chef::Log.debug("Current content's checksum:  #{@current_resource.checksum}")
+        Chef::Log.debug("Rendered content's checksum: #{@new_resource.checksum}")
+      end
+
+      def content_matches?
+        @current_resource.checksum == @new_resource.checksum
+      end
+
+      def set_all_access_controls(file)
+        access_controls = Chef::FileAccessControl.new(@new_resource, file)
+        access_controls.set_all
+        @new_resource.updated_by_last_action(access_controls.modified?)
+      end
+
+      private
+
+      def render_with_context(template_location, &block)
+        context = {}
+        context.merge!(@new_resource.variables)
+        context[:node] = node
+        render_template(IO.read(template_location), context, &block)
+      end
+
+    end
+  end
+end

data/lib/chef/provider/user.rb

@@ -0,0 +1,187 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider'
+require 'chef/mixin/command'
+require 'chef/resource/user'
+require 'etc'
+
+class Chef
+  class Provider
+    class User < Chef::Provider
+      
+      include Chef::Mixin::Command
+      
+      attr_accessor :user_exists, :locked
+      
+      def initialize(new_resource, run_context)
+        super
+        @user_exists = true
+        @locked = nil
+      end
+  
+      def convert_group_name
+        if @new_resource.gid.is_a? String
+          @new_resource.gid(Etc.getgrnam(@new_resource.gid).gid)
+        end
+      rescue ArgumentError => e
+        raise Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{@new_resource.gid}"
+      end
+      
+      def load_current_resource
+        @current_resource = Chef::Resource::User.new(@new_resource.name)
+        @current_resource.username(@new_resource.username)
+      
+        begin
+          user_info = Etc.getpwnam(@new_resource.username)
+        rescue ArgumentError => e
+          @user_exists = false
+          Chef::Log.debug("User #{@new_resource.username} does not exist")
+          user_info = nil
+        end
+        
+        if user_info
+          @current_resource.uid(user_info.uid)
+          @current_resource.gid(user_info.gid)
+          @current_resource.comment(user_info.gecos)
+          @current_resource.home(user_info.dir)
+          @current_resource.shell(user_info.shell)
+          @current_resource.password(user_info.passwd)
+        
+          if @new_resource.password && @current_resource.password == 'x'
+            begin
+              require 'shadow'
+            rescue LoadError
+              Chef::Log.error("You must have ruby-shadow installed for password support!")
+              raise Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
+            else
+              shadow_info = Shadow::Passwd.getspnam(@new_resource.username)
+              @current_resource.password(shadow_info.sp_pwdp)
+            end
+          end
+          
+          if @new_resource.gid
+            convert_group_name
+          end
+        end
+        
+        @current_resource
+      end
+
+      # Check to see if the user needs any changes
+      #
+      # === Returns
+      # <true>:: If a change is required
+      # <false>:: If the users are identical
+      def compare_user
+        [ :uid, :gid, :comment, :home, :shell, :password ].any? do |user_attrib|
+          !@new_resource.send(user_attrib).nil? && @new_resource.send(user_attrib) != @current_resource.send(user_attrib)
+        end
+      end
+      
+      def action_create
+        if !@user_exists
+          create_user
+          Chef::Log.info("Created #{@new_resource}")
+          @new_resource.updated_by_last_action(true)
+        elsif compare_user
+          manage_user
+          Chef::Log.info("Altered #{@new_resource}")
+          @new_resource.updated_by_last_action(true)
+        end
+      end
+      
+      def action_remove
+        if @user_exists
+          remove_user
+          @new_resource.updated_by_last_action(true)
+          Chef::Log.info("Removed #{@new_resource}")
+        end
+      end
+
+      def remove_user
+        raise NotImplementedError
+      end
+
+      def action_manage
+        if @user_exists && compare_user
+          manage_user
+          @new_resource.updated_by_last_action(true)
+          Chef::Log.info("Managed #{@new_resource}")
+        end
+      end
+
+      def manage_user
+        raise NotImplementedError
+      end
+
+      def action_modify
+        if @user_exists
+          if compare_user
+            manage_user
+            @new_resource.updated_by_last_action(true)
+            Chef::Log.info("Modified #{@new_resource}")
+          end
+        else
+          raise Chef::Exceptions::User, "Cannot modify #{@new_resource} - user does not exist!"
+        end
+      end
+
+      def action_lock
+        if @user_exists
+          if check_lock() == false
+            lock_user
+            @new_resource.updated_by_last_action(true)
+            Chef::Log.info("Locked #{@new_resource}")
+          else
+            Chef::Log.debug("No need to lock #{@new_resource}")
+          end
+        else
+          raise Chef::Exceptions::User, "Cannot lock #{@new_resource} - user does not exist!"
+        end
+      end
+
+      def check_lock
+        raise NotImplementedError
+      end
+
+      def lock_user
+        raise NotImplementedError
+      end
+
+      def action_unlock
+        if @user_exists
+          if check_lock() == true
+            unlock_user
+            @new_resource.updated_by_last_action(true)
+            Chef::Log.info("Unlocked #{@new_resource}")
+          else
+            Chef::Log.debug("No need to unlock #{@new_resource}")
+          end
+        else
+          raise Chef::Exceptions::User, "Cannot unlock #{@new_resource} - user does not exist!"
+        end
+      end
+      
+      def unlock_user
+        raise NotImplementedError
+      end
+
+    end
+  end
+end

data/lib/chef/provider/user/dscl.rb

@@ -0,0 +1,280 @@
+#
+# Author:: Dreamcat4 (<dreamcat4@gmail.com>)
+# Copyright:: Copyright (c) 2009 OpsCode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/mixin/shell_out'
+require 'chef/provider/user'
+require 'openssl'
+
+class Chef
+  class Provider
+    class User
+      class Dscl < Chef::Provider::User
+        include Chef::Mixin::ShellOut
+        
+        NFS_HOME_DIRECTORY        = %r{^NFSHomeDirectory: (.*)$}
+        AUTHENTICATION_AUTHORITY  = %r{^AuthenticationAuthority: (.*)$}
+        
+        def dscl(*args)
+          shell_out("dscl . -#{args.join(' ')}")
+        end
+
+        def safe_dscl(*args)
+          result = dscl(*args)
+          return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
+          raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") unless result.exitstatus == 0
+          raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
+          return result.stdout
+        end
+
+        # This is handled in providers/group.rb by Etc.getgrnam()
+        # def user_exists?(user)
+        #   users = safe_dscl("list /Users")
+        #   !! ( users =~ Regexp.new("\n#{user}\n") )
+        # end
+
+        # get a free UID greater than 200
+        def get_free_uid(search_limit=1000)
+          uid = nil; next_uid_guess = 200
+          users_uids = safe_dscl("list /Users uid")
+          while(next_uid_guess < search_limit + 200)
+            if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
+              next_uid_guess += 1
+            else
+              uid = next_uid_guess
+              break
+            end
+          end
+          return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
+        end
+
+        def uid_used?(uid)
+          return false unless uid
+          users_uids = safe_dscl("list /Users uid")
+          !! ( users_uids =~ Regexp.new("#{Regexp.escape(uid.to_s)}\n") )
+        end
+
+        def set_uid
+          @new_resource.uid(get_free_uid) if (@new_resource.uid.nil? || @new_resource.uid == '')
+          if uid_used?(@new_resource.uid)
+            raise(Chef::Exceptions::RequestedUIDUnavailable, "uid #{@new_resource.uid} is already in use")
+          end
+          safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
+        end
+
+        def modify_home
+          return safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory") if (@new_resource.home.nil? || @new_resource.home.empty?)
+          if @new_resource.supports[:manage_home]
+            validate_home_dir_specification!
+            
+            if (@current_resource.home == @new_resource.home) && !new_home_exists?
+              ditto_home
+            elsif !current_home_exists? && !new_home_exists?
+              ditto_home
+            elsif current_home_exists?
+              move_home
+            end
+          end
+          safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
+        end
+
+        def osx_shadow_hash?(string)
+          return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
+        end
+
+        def osx_salted_sha1?(string)
+          return !! ( string =~ /^[[:xdigit:]]{48}$/ )
+        end
+
+        def guid
+          safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").strip
+        end
+
+        def shadow_hash_set?
+          user_data = safe_dscl("read /Users/#{@new_resource.username}") 
+          if user_data =~ /AuthenticationAuthority: / && user_data =~ /ShadowHash/
+            true
+          else
+            false
+          end
+        end
+
+        def modify_password
+          if @new_resource.password
+            shadow_hash = nil
+            
+            Chef::Log.debug("#{new_resource}: updating password")
+            if osx_shadow_hash?(@new_resource.password)
+              shadow_hash = @new_resource.password.upcase
+            else
+              if osx_salted_sha1?(@new_resource.password)
+                salted_sha1 = @new_resource.password.upcase
+              else
+                hex_salt = ""
+                OpenSSL::Random.random_bytes(10).each_byte { |b| hex_salt << b.to_i.to_s(16) }
+                hex_salt = hex_salt.slice(0...8)
+                salt = [hex_salt].pack("H*")
+                sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
+                salted_sha1 = (hex_salt+sha1).upcase
+              end
+              shadow_hash = String.new("00000000"*155)
+              shadow_hash[168] = salted_sha1
+            end
+            
+            ::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
+              output.puts shadow_hash
+            end
+            
+            unless shadow_hash_set?
+              safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
+            end
+          end
+        end
+
+        def load_current_resource
+          super
+          raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
+        end
+
+        def create_user
+          dscl_create_user
+          dscl_create_comment
+          set_uid
+          dscl_set_gid
+          modify_home
+          dscl_set_shell
+          modify_password
+        end
+        
+        def manage_user
+          dscl_create_user    if diverged?(:username)
+          dscl_create_comment if diverged?(:comment)
+          set_uid             if diverged?(:uid)
+          dscl_set_gid        if diverged?(:uid)
+          modify_home         if diverged?(:home)
+          dscl_set_shell      if diverged?(:shell)
+          modify_password     if diverged?(:password)
+        end
+        
+        def dscl_create_user
+          safe_dscl("create /Users/#{@new_resource.username}")              
+        end
+        
+        def dscl_create_comment
+          safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.comment}'")
+        end
+        
+        def dscl_set_gid
+          safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
+        end
+        
+        def dscl_set_shell
+          if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
+            safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
+          else
+            safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
+          end
+        end
+        
+        def remove_user
+          if @new_resource.supports[:manage_home]
+            user_info = safe_dscl("read /Users/#{@new_resource.username}") 
+            if nfs_home_match = user_info.match(NFS_HOME_DIRECTORY)
+              #nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
+              #nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
+              nfs_home = nfs_home_match[1]
+              FileUtils.rm_rf(nfs_home)
+            end
+          end
+          # remove the user from its groups
+          groups = []
+          Etc.group do |group|
+            groups << group.name if group.mem.include?(@new_resource.username)
+          end
+          groups.each do |group_name|
+            safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
+          end
+          # remove user account
+          safe_dscl("delete /Users/#{@new_resource.username}")
+        end
+
+        def locked?
+          user_info = safe_dscl("read /Users/#{@new_resource.username}")
+          if auth_authority_md = AUTHENTICATION_AUTHORITY.match(user_info)
+            !!(auth_authority_md[1] =~ /DisabledUser/ )
+          else
+            false
+          end
+        end
+        
+        def check_lock
+          return @locked = locked?
+        end
+
+        def lock_user
+          safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
+        end
+        
+        def unlock_user
+          auth_info = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
+          auth_string = auth_info.gsub(/AuthenticationAuthority: /,"").gsub(/;DisabledUser;/,"").strip#.gsub!(/[; ]*$/,"")
+          safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_string}'")
+        end
+        
+        def validate_home_dir_specification!
+          unless @new_resource.home =~ /^\//
+            raise(Chef::Exceptions::InvalidHomeDirectory,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'") 
+          end
+        end
+        
+        def current_home_exists?
+          ::File.exist?("#{@current_resource.home}")
+        end
+        
+        def new_home_exists?
+          ::File.exist?("#{@new_resource.home}")          
+        end
+        
+        def ditto_home
+          skel = "/System/Library/User Template/English.lproj"
+          raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
+          shell_out! "ditto '#{skel}' '#{@new_resource.home}'"
+          ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
+        end
+
+        def move_home
+          Chef::Log.debug("moving #{self} home from #{@current_resource.home} to #{@new_resource.home}")
+          
+          src = @current_resource.home
+          FileUtils.mkdir_p(@new_resource.home)
+          files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
+          ::FileUtils.mv(files,@new_resource.home, :force => true)
+          ::FileUtils.rmdir(src)
+          ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
+        end
+        
+        def diverged?(parameter)
+          parameter_updated?(parameter) && (not @new_resource.send(parameter).nil?)
+        end
+        
+        def parameter_updated?(parameter)
+          not (@new_resource.send(parameter) == @current_resource.send(parameter))
+        end
+      end
+    end
+  end
+end