berkshelf 5.2.0 → 8.0.15

data/lib/berkshelf/logger.rb

@@ -1,5 +1,68 @@
 module Berkshelf
-  class Logger < Ridley::Logging::Logger
+  class Logger < Logger
+    def initialize(device = STDOUT)
+      super
+      self.level = Logger::WARN
+      @filter_params = []
+    end
+
+    # Reimplements Logger#add adding message filtering. The info,
+    # warn, debug, error, and fatal methods all call add.
+    #
+    # @param [Fixnum] severity
+    #   an integer measuing the severity - Logger::INFO, etc.
+    # @param [String] message = nil
+    #   the message to log
+    # @param [String] progname = nil
+    #   the program name performing the logging
+    # @param  &block
+    #  a block that will be evaluated (for complicated logging)
+    #
+    # @example
+    #   log.filter_param("hello")
+    #   log.info("hello world!") => "FILTERED world!"
+    #
+    # @return [Boolean]
+    def add(severity, message = nil, progname = nil, &block)
+      severity ||= Logger::UNKNOWN
+      if @logdev.nil? || severity < (@level)
+        return true
+      end
+
+      progname ||= @progname
+      if message.nil?
+        if block_given?
+          message = yield
+        else
+          message = progname
+          progname = @progname
+        end
+      end
+      @logdev.write(
+        format_message(format_severity(severity), Time.now, progname, filter(message))
+      )
+      true
+    end
+
+    def filter_params
+      @filter_params.dup
+    end
+
+    def filter_param(param)
+      @filter_params << param unless filter_params.include?(param)
+    end
+
+    def clear_filter_params
+      @filter_params.clear
+    end
+
+    def filter(message)
+      filter_params.each do |param|
+        message.gsub!(param.to_s, "FILTERED")
+      end
+      message
+    end
+
     alias_method :fatal, :error
 
     def deprecate(message)

data/lib/berkshelf/mixin/git.rb

@@ -1,8 +1,9 @@
-require 'buff/shell_out'
+require_relative "../shell_out"
 
 module Berkshelf
   module Mixin
     module Git
+      include Berkshelf::ShellOut
       # Perform a git command.
       #
       # @param [String] command
@@ -12,14 +13,14 @@ module Berkshelf
       #
       # @raise [String]
       #   the +$stdout+ from the command
-      def git(command, error = true)
-        unless Berkshelf.which('git') || Berkshelf.which('git.exe') || Berkshelf.which('git.bat')
+      def git(command, error = true, **kwargs)
+        unless Berkshelf.which("git") || Berkshelf.which("git.exe") || Berkshelf.which("git.bat")
           raise GitNotInstalled.new
         end
 
-        response = Buff::ShellOut.shell_out(%|git #{command}|)
+        response = shell_out(%{git #{command}}, **kwargs)
 
-        if error && !response.success?
+        if response.error?
           raise GitCommandError.new(command, cache_path, response.stderr)
         end
 

data/lib/berkshelf/packager.rb

@@ -1,5 +1,6 @@
-require 'archive/tar/minitar'
-require 'zlib'
+require "minitar"
+require "find" unless defined?(Find)
+require "zlib" unless defined?(Zlib)
 
 module Berkshelf
   # A class for archiving and compressing directory containing one or more cookbooks.
@@ -15,7 +16,7 @@ module Berkshelf
   class Packager
     class << self
       def validate_destination(path)
-        path = path.to_s
+        path.to_s
       end
     end
 
@@ -40,9 +41,17 @@ module Berkshelf
     # @return [String]
     #   path to the generated archive
     def run(source)
-      Dir.chdir(source.to_s) do |dir|
-        tgz = Zlib::GzipWriter.new(File.open(out_file, "wb"))
-        Archive::Tar::Minitar.pack(".", tgz)
+      begin
+        dest = Zlib::GzipWriter.open(out_file)
+        tar = RelativeTarWriter.new(dest, source)
+        Find.find(source) do |entry|
+          next if source == entry
+
+          Minitar.pack_file(entry, tar)
+        end
+      ensure
+        tar.close
+        dest.close
       end
 
       out_file
@@ -64,10 +73,35 @@ module Berkshelf
 
     private
 
-      # @return [String]
-      attr_reader :out_dir
+    # @return [String]
+    attr_reader :out_dir
+
+    # @return [String]
+    attr_reader :filename
+
+    # A private decorator for Minitar::Writer that
+    # turns absolute paths into relative ones.
+    class RelativeTarWriter < SimpleDelegator # :nodoc:
+      def initialize(io, base_path)
+        @base_path = Pathname.new(base_path)
+        super(Minitar::Writer.new(io))
+      end
+
+      %w{add_file add_file_simple mkdir}.each do |method|
+        class_eval <<~RUBY
+          def #{method}(name, *opts, &block)
+            super(relative_path(name), *opts, &block)
+          end
+        RUBY
+      end
+
+      private
 
-      # @return [String]
-      attr_reader :filename
+      attr_reader :base_path
+
+      def relative_path(path)
+        Pathname.new(path).relative_path_from(base_path).to_s
+      end
+    end
   end
 end

data/lib/berkshelf/resolver/graph.rb

@@ -50,7 +50,7 @@ module Berkshelf
       # @return [Array<Berkshelf::RemoteCookbook>]
       def universe(sources)
         cookbooks = []
-        Array(sources).each { |source| cookbooks = cookbooks | source.universe }
+        Array(sources).each { |source| cookbooks |= source.universe }
         cookbooks
       end
     end

data/lib/berkshelf/resolver.rb

@@ -1,7 +1,7 @@
 module Berkshelf
   class Resolver
 
-    require_relative 'resolver/graph'
+    require_relative "resolver/graph"
 
     extend Forwardable
 
@@ -21,7 +21,7 @@ module Berkshelf
     def initialize(berksfile, demands = [])
       @berksfile = berksfile
       @graph     = Graph.new
-      @demands   = Array.new
+      @demands   = []
 
       Array(demands).each { |demand| add_demand(demand) }
       compute_solver_engine(berksfile)
@@ -75,7 +75,7 @@ module Berkshelf
       graph.populate_store
       graph.populate(berksfile.sources)
 
-      Solve.it!(graph, demand_array, ENV['DEBUG_RESOLVER'] ? { ui: Berkshelf.ui } : {}).collect do |name, version|
+      Solve.it!(graph, demand_array, ENV["DEBUG_RESOLVER"] ? { ui: Berkshelf.ui } : {}).collect do |name, version|
         dependency = get_demand(name) || Dependency.new(berksfile, name)
         dependency.locked_version = version
 
@@ -93,7 +93,7 @@ module Berkshelf
     # @return [Dependency]
     def [](demand)
       name = demand.respond_to?(:name) ? demand.name : demand.to_s
-      demands.find { |demand| demand.name == name }
+      demands.find { |d| d.name == name }
     end
     alias_method :get_demand, :[]
 

data/lib/berkshelf/ridley_compat.rb

@@ -0,0 +1,109 @@
+require "chef/server_api"
+require "chef/http/simple_json"
+require "chef/http/simple"
+require_relative "api_client/errors"
+require "chef/config"
+require "chef/cookbook_manifest"
+
+module Berkshelf
+  module RidleyCompatAPI
+    def initialize(**opts)
+      opts = opts.dup
+      opts[:ssl] ||= {}
+      chef_opts = {}
+      chef_opts[:rest_timeout]         = opts[:timeout] if opts[:timeout] # opts[:open_timeout] is ignored on purpose
+      chef_opts[:headers]              = opts[:headers] if opts[:headers]
+      chef_opts[:client_name]          = opts[:client_name] if opts[:client_name]
+      chef_opts[:signing_key_filename] = opts[:client_key] if opts[:client_key]
+      chef_opts[:verify_api_cert]      = opts[:ssl][:verify] || opts[:ssl][:verify].nil?
+      chef_opts[:ssl_verify_mode]      = chef_opts[:verify_api_cert] ? :verify_peer : :verify_none
+      chef_opts[:ssl_ca_path]          = opts[:ssl][:ca_path] if opts[:ssl][:ca_path]
+      chef_opts[:ssl_ca_file]          = opts[:ssl][:ca_file] if opts[:ssl][:ca_file]
+      chef_opts[:ssl_client_cert]      = opts[:ssl][:client_cert] if opts[:ssl][:client_cert]
+      chef_opts[:ssl_client_key]       = opts[:ssl][:client_key] if opts[:ssl][:client_key]
+      chef_opts[:version_class]        = opts[:version_class] if opts[:version_class]
+      # chef/http/ssl_policies.rb reads only from Chef::Config and not from the opts in the constructor
+      Chef::Config[:verify_api_cert] = chef_opts[:verify_api_cert]
+      Chef::Config[:ssl_verify_mode] = chef_opts[:ssl_verify_mode]
+      super(opts[:server_url].to_s, **chef_opts)
+    end
+
+    # for compat with Ridley::Connection
+    def server_url
+      url
+    end
+
+    def get(url)
+      super(url)
+    rescue Net::HTTPExceptions => e
+      case e.response.code
+      when "404"
+        raise Berkshelf::APIClient::ServiceNotFound, "service not found at: #{url}"
+      when /^5/
+        raise Berkshelf::APIClient::ServiceUnavailable, "service unavailable at: #{url}"
+      else
+        raise Berkshelf::APIClient::BadResponse, "bad response #{e.response}"
+      end
+    rescue Errno::ETIMEDOUT, Timeout::Error
+      raise Berkshelf::APIClient::TimeoutError, "Unable to connect to: #{url}"
+    rescue Errno::EHOSTUNREACH, Errno::ECONNREFUSED => e
+      raise Berkshelf::APIClient::ServiceUnavailable, e
+    end
+
+    module ClassMethods
+      def new_client(**opts, &block)
+        client = new(**opts)
+        yield client
+        # ensure
+        # FIXME: does Chef::HTTP support close anywhere?  this will just leak open fds
+      end
+    end
+
+    def self.included(klass)
+      klass.extend ClassMethods
+    end
+
+  end
+
+  # This is for simple HTTP
+  class RidleyCompatSimple < ::Chef::ServerAPI
+    use Chef::HTTP::Decompressor
+    use Chef::HTTP::CookieManager
+    use Chef::HTTP::ValidateContentLength
+
+    include RidleyCompatAPI
+  end
+
+  # This is for JSON-REST
+  class RidleyCompatJSON < ::Chef::HTTP::SimpleJSON
+    use Chef::HTTP::JSONInput
+    use Chef::HTTP::JSONOutput
+    use Chef::HTTP::CookieManager
+    use Chef::HTTP::Decompressor
+    use Chef::HTTP::RemoteRequestID
+    use Chef::HTTP::ValidateContentLength
+
+    include RidleyCompatAPI
+  end
+
+  # RidleyCompat is the ServerAPI, but we inherit from Chef::HTTP::Simple and then include all our middlewares
+  # and then need to include our own CompatAPI.  The end result is a ridley-esque way of talking to a chef server.
+  class RidleyCompat < ::Chef::HTTP::Simple
+    use Chef::HTTP::JSONInput
+    use Chef::HTTP::JSONOutput
+    use Chef::HTTP::CookieManager
+    use Chef::HTTP::Decompressor
+    use Chef::HTTP::Authenticator
+    use Chef::HTTP::RemoteRequestID
+    use Chef::HTTP::APIVersions if defined?(Chef::HTTP::APIVersions)
+    use Chef::HTTP::ValidateContentLength
+
+    include RidleyCompatAPI
+
+    def initialize(**opts)
+      opts[:version_class] = Chef::CookbookManifestVersions
+      super(**opts)
+    end
+
+  end
+end

data/lib/berkshelf/shell.rb

@@ -1,4 +1,4 @@
-require 'thor'
+require "thor" unless defined?(Thor)
 
 module Berkshelf
   # Subclass the current shell (which is different based on the OS)
@@ -15,6 +15,7 @@ module Berkshelf
 
     def say(*args)
       return if quiet?
+
       super(*args)
     end
     alias_method :info, :say

data/lib/berkshelf/shell_out.rb

@@ -0,0 +1,18 @@
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
+
+module Berkshelf
+  module ShellOut
+    def shell_out(*args, **options)
+      cmd = Mixlib::ShellOut.new(*args, **options)
+      cmd.run_command
+      cmd
+    end
+
+    def shell_out!(*args, **options)
+      cmd = Mixlib::ShellOut.new(*args, **options)
+      cmd.run_command
+      cmd.error!
+      cmd
+    end
+  end
+end

data/lib/berkshelf/source.rb

@@ -1,44 +1,80 @@
-require 'berkshelf/api-client'
+require_relative "api-client"
+require_relative "chef_repo_universe"
+require_relative "ssl_policies"
+require "openssl" unless defined?(OpenSSL)
 
 module Berkshelf
   class Source
     include Comparable
 
-    attr_accessor :source
+    attr_accessor :type
+    attr_accessor :uri_string
+    attr_accessor :options
 
+    # @param [Berkshelf::Berksfile] berksfile
     # @param [String, Berkshelf::SourceURI] source
-    def initialize(source)
-      @source = source
-      @universe   = nil
+    def initialize(berksfile, source, **options)
+      @options = { timeout: api_timeout, open_timeout: [(api_timeout / 10), 3].max, ssl: {} }
+      @options.update(options)
+      case source
+      when String
+        # source "https://supermarket.chef.io/"
+        @type = :supermarket
+        @uri_string = source
+      when :chef_server
+        # source :chef_server
+        @type = :chef_server
+        @uri_string = options[:url] || Berkshelf::Config.instance.chef.chef_server_url
+      when Hash
+        # source type: uri, option: value, option: value
+        source = source.dup
+        @type, @uri_string = source.shift
+        @options.update(source)
+      end
+      # Default options for some source types.
+      case @type
+      when :chef_server
+        @options[:client_name] ||= Berkshelf::Config.instance.chef.node_name
+        @options[:client_key] ||= Berkshelf::Config.instance.chef.client_key
+      when :artifactory
+        @options[:api_key] ||= Berkshelf::Config.instance.chef.artifactory_api_key || ENV["ARTIFACTORY_API_KEY"]
+      when :chef_repo
+        @options[:path] = uri_string
+        # If given a relative path, expand it against the Berksfile's folder.
+        @options[:path] = File.expand_path(@options[:path], File.dirname(berksfile ? berksfile.filepath : Dir.pwd))
+        # Lie because this won't actually parse as a URI.
+        @uri_string = "file://#{@options[:path]}"
+      end
+      # Set some default SSL options.
+      Berkshelf::Config.instance.ssl.each do |key, value|
+        @options[:ssl][key.to_sym] = value unless @options[:ssl].include?(key.to_sym)
+      end
+      @options[:ssl][:cert_store] = ssl_policy.store if ssl_policy.store
+      @universe = nil
+    end
+
+    def ssl_policy
+      @ssl_policy ||= SSLPolicy.new
     end
 
     def api_client
-      @api_client ||= begin
-                        if source == :chef_server
-                          APIClient.chef_server(
-                            ssl: Berkshelf::Config.instance.ssl,
-                            timeout: api_timeout,
-                            open_timeout: [(api_timeout / 10), 3].max,
-                            client_name: Berkshelf::Config.instance.chef.node_name,
-                            server_url: Berkshelf::Config.instance.chef.chef_server_url,
-                            client_key: Berkshelf::Config.instance.chef.client_key,
-                          )
-                        else
-                          APIClient.new(uri,
-                            timeout: api_timeout,
-                            open_timeout: [(api_timeout / 10), 3].max,
-                            ssl: Berkshelf::Config.instance.ssl
-                                       )
-                        end
+      @api_client ||= case type
+                      when :chef_server
+                        APIClient.chef_server(server_url: uri.to_s, **options)
+                      when :artifactory
+                        # Don't accidentally mutate the options.
+                        client_options = options.dup
+                        api_key = client_options.delete(:api_key)
+                        APIClient.new(uri, headers: { "X-Jfrog-Art-Api" => api_key }, **client_options)
+                      when :chef_repo
+                        ChefRepoUniverse.new(uri_string, **options)
+                      else
+                        APIClient.new(uri, **options)
                       end
     end
 
     def uri
-      @uri ||= if source == :chef_server
-                 SourceURI.parse(Berkshelf::Config.instance.chef.chef_server_url)
-               else
-                 SourceURI.parse(source)
-               end
+      @uri ||= SourceURI.parse(uri_string)
     end
 
     # Forcefully obtain the universe from the API endpoint and assign it to {#universe}. This
@@ -48,7 +84,7 @@ module Berkshelf
     def build_universe
       @universe = api_client.universe
     rescue => ex
-      @universe = Array.new
+      @universe = []
       raise ex
     end
 
@@ -96,7 +132,7 @@ module Berkshelf
     #
     # @return [APIClient::RemoteCookbook]
     def latest(name)
-      versions(name).sort.last
+      versions(name).max
     end
 
     # @param [String] name
@@ -107,20 +143,28 @@ module Berkshelf
     end
 
     def to_s
-      "#{uri}"
+      case type
+      when :supermarket
+        uri.to_s
+      when :chef_repo
+        options[:path]
+      else
+        "#{type}: #{uri}"
+      end
     end
 
     def inspect
-      "#<#{self.class.name} uri: #{@uri.to_s.inspect}>"
+      "#<#{self.class.name} #{type}: #{uri.to_s.inspect}, #{options.map { |k, v| "#{k}: #{v.inspect}" }.join(", ")}>"
     end
 
     def hash
-      @uri.host.hash
+      [type, uri_string, options].hash
     end
 
     def ==(other)
       return false unless other.is_a?(self.class)
-      uri == other.uri
+
+      type == other.type && uri == other.uri
     end
 
     private

data/lib/berkshelf/source_uri.rb

@@ -1,4 +1,4 @@
-require 'addressable/uri'
+require "addressable/uri" unless defined?(Addressable::URI)
 
 module Berkshelf
   class SourceURI < Addressable::URI
@@ -22,14 +22,14 @@ module Berkshelf
       end
     end
 
-    VALID_SCHEMES = [ "http", "https" ].freeze
+    VALID_SCHEMES = %w{http https file}.freeze
 
     # @raise [Berkshelf::InvalidSourceURI]
     def validate
       super
 
-      unless VALID_SCHEMES.include?(self.scheme)
-        raise InvalidSourceURI.new(self, "invalid URI scheme '#{self.scheme}'. Valid schemes: #{VALID_SCHEMES}")
+      unless VALID_SCHEMES.include?(scheme)
+        raise InvalidSourceURI.new(self, "invalid URI scheme '#{scheme}'. Valid schemes: #{VALID_SCHEMES}")
       end
     rescue Addressable::URI::InvalidURIError => ex
       raise InvalidSourceURI.new(self, ex)

data/lib/berkshelf/ssl_policies.rb

@@ -0,0 +1,38 @@
+require "openssl" unless defined?(OpenSSL)
+
+module Berkshelf
+  class SSLPolicy
+
+    # @return [Store]
+    #   Holds trusted CA certificates used to verify peer certificates
+    attr_reader :store
+
+    def initialize
+      @store = OpenSSL::X509::Store.new.tap(&:set_default_paths)
+
+      set_custom_certs if ::File.exist?(trusted_certs_dir)
+    end
+
+    def add_trusted_cert(cert)
+      @store.add_cert(cert)
+    rescue OpenSSL::X509::StoreError => e
+      raise e unless e.message.match(/cert already in hash table/)
+    end
+
+    def trusted_certs_dir
+      config_dir = Berkshelf.config.chef.trusted_certs_dir.to_s.tr("\\", "/")
+      if config_dir.empty? || !::File.exist?(config_dir)
+        File.join(ENV["HOME"], ".chef", "trusted_certs")
+      else
+        config_dir
+      end
+    end
+
+    def set_custom_certs
+      ::Dir.glob("#{trusted_certs_dir}/{*.crt,*.pem}").each do |cert|
+        cert = OpenSSL::X509::Certificate.new(IO.read(cert))
+        add_trusted_cert(cert)
+      end
+    end
+  end
+end

data/lib/berkshelf/thor.rb

@@ -1 +1 @@
-require 'berkshelf/cli'
+require_relative "cli"

data/lib/berkshelf/thor_ext/hash_with_indifferent_access.rb

@@ -1,5 +1,5 @@
 class Thor
-  module CoreExt #:nodoc:
+  module CoreExt # :nodoc:
     class HashWithIndifferentAccess < ::Hash
       def has_key?(key)
         super(convert_key(key))

data/lib/berkshelf/thor_ext.rb

@@ -1,3 +1,3 @@
 Dir["#{File.dirname(__FILE__)}/thor_ext/*.rb"].sort.each do |path|
-  require_relative "thor_ext/#{File.basename(path, '.rb')}"
+  require_relative "thor_ext/#{File.basename(path, ".rb")}"
 end