chake 0.80 → 0.81

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0276e69503885ac871f9c3b73025598fe4401dd361e78e90d5921a873395a9b
-  data.tar.gz: 5e132b6715fb2f087ecfd72a411c8ab371f1bb0da63f7bf74def69e1c028fd15
+  metadata.gz: 8b68eda0401a07074704cfd0627f29423cd659a29a048e30afb60eb14c78c7e0
+  data.tar.gz: 031031b2e5bb12c185c974960aa1dd0dd538c31323510f1cb90843c9f7981dca
 SHA512:
-  metadata.gz: '0914e13f840deaaba8a80eb7052006659e023ba8ea0c53aad08416cd56bedd2b66807f939352a7e57f53dad28cdcba5241884db461252dd909b4b09902d5d45f'
-  data.tar.gz: a0de67988cecfde1355cf0ebe21b778cb0fa51db7c6d572965ab34a2bb6eed43c88db7a8ef4eddf4f595344fc5685a2f11e67691ec82e90a81de314b15e39e90
+  metadata.gz: 51c7b6ad543209fb895f25b7f436f882731e1bc60880dd66e37a7240ec03bd3608bb99b4fcc8611caf3d9203394389e76f9c6608d8d98242b5119e0ccc87b20f
+  data.tar.gz: 7270ec17c14d6adc02230b57042a1f4585b706761facef2f8118cb1980cd61c8ea87d4899b52232bfa6a8574f31db3bd69287b7178803cd42783164f61f3e3bf

data/.ackrc

@@ -1 +1,2 @@
 --ignore-dir=coverage
+--ignore-dir=pkg

data/.gitlab-ci.yml

@@ -1,7 +1,7 @@
 image: debian:testing
 
 .install: &install
-  - apt-get update && apt-get install -qy ruby asciidoctor ruby-bundler ruby-rspec rubocop ruby-simplecov codespell
+  - apt-get update && apt-get install -qy ruby asciidoctor ruby-bundler ruby-rspec rubocop ruby-simplecov codespell ronn
 
 tests:
   before_script: *install

data/.manifest

@@ -25,7 +25,8 @@ examples/test/cookbooks/example/files/host-lemur/test.asc
 examples/test/cookbooks/example/recipes/default.rb
 lib/chake.rb
 lib/chake/bootstrap/00_set_hostname.sh
-lib/chake/bootstrap/chef/01_debian.sh
+lib/chake/bootstrap/chef/01_installed.sh
+lib/chake/bootstrap/chef/02_debian.sh
 lib/chake/bootstrap/chef/99_unsupported.sh
 lib/chake/config.rb
 lib/chake/config_manager.rb
@@ -49,6 +50,7 @@ lib/chake/node.rb
 lib/chake/readline.rb
 lib/chake/tmpdir.rb
 lib/chake/version.rb
+lib/chake/wipe.rb
 man/.gitignore
 man/Rakefile
 man/readme2man.sed

data/.rubocop.yml

@@ -2,6 +2,8 @@ inherit_from: .rubocop_todo.yml
 
 AllCops:
   NewCops: enable
+  Exclude:
+    - pkg/**/*
 
 Layout/LineLength:
   Enabled: false

data/ChangeLog.md

@@ -1,3 +1,11 @@
+# 0.81
+
+* bootstrap/chef: exit if chef-solo is available
+* Always bootstrap nodes
+* Decrypt files in place when upload is not needed
+* itamae: handle silent mode
+* manpages: drop accute accent erroneously added by ronn
+
 # 0.80
 
 This release adds support for multiple configuration managers. Chef is now only

data/README.md

@@ -11,8 +11,8 @@ chake(1) -- serverless configuration management tool
 
 chake is a tool that helps you manage multiple hosts without the need for a
 central server. Configuration is managed in a local directory, which should
-(but doesn't need to ) be under version control with **git(1)** or any other
-version control system. áéíóú
+(but doesn't need to) be under version control with **git(1)** or any other
+version control system.
 
 Configuration is deployed to managed hosts remotely, either by invoking a
 configuration management tool that will connect to them, or by first uploading
@@ -271,6 +271,14 @@ required files to be sent). You can use them to store passwords and other
 sensitive information (SSL keys, etc) in the repository together with the rest
 of the configuration.
 
+For configuration managers that don't require uploading files to the managed
+node, this decryption will happen right before converging or applying single
+recipes, and the decrypted files will be wiped right after that.
+
+If you use this feature, make sure that you have the `wipe` program installed.
+This way chake will be able to delete the decrypted files in a slightly more
+secure way, after being done with them.
+
 ### repository-local SSH configuration
 
 If you need special SSH configuration parameters, you can create a file called

data/Rakefile

@@ -107,4 +107,6 @@ end
 
 task default: [:test, :style, :codespell]
 
+task clean: 'bundler:clobber'
+
 load './man/Rakefile'

data/lib/chake.rb

@@ -5,6 +5,7 @@ require 'tmpdir'
 require 'chake/config'
 require 'chake/version'
 require 'chake/readline'
+require 'chake/wipe'
 
 desc 'Initializes current directory with sample structure'
 task init: 'init:itamae'
@@ -34,6 +35,24 @@ def encrypted_for(node)
   end
 end
 
+def maybe_decrypt(node)
+  if node.needs_upload?
+    return yield
+  end
+
+  files = encrypted_for(node.hostname)
+  files.each do |encrypted, target|
+    sh "gpg --use-agent --quiet --decrypt --output #{target} #{encrypted}"
+  end
+  begin
+    yield
+  ensure
+    files.each do |_, target|
+      Chake::Wipe.instance.wipe(target)
+    end
+  end
+end
+
 def if_files_changed(node, group_name, files)
   return if files.empty?
 
@@ -87,7 +106,7 @@ Chake.nodes.each do |node|
   desc "bootstrap #{hostname}"
   task "bootstrap:#{hostname}" => :bootstrap_common do
     mkdir_p Chake.tmpdir unless File.directory?(Chake.tmpdir)
-    if node.needs_bootstrap? && (!File.exist?(bootstrap_script) || File.read(bootstrap_script) != bootstrap_code)
+    if !File.exist?(bootstrap_script) || File.read(bootstrap_script) != bootstrap_code
 
       # create bootstrap script
       File.open(bootstrap_script, 'w') do |f|
@@ -151,12 +170,16 @@ Chake.nodes.each do |node|
 
   desc "converge #{hostname}"
   task "converge:#{hostname}" => converge_dependencies do
-    node.converge
+    maybe_decrypt(node) do
+      node.converge
+    end
   end
 
   desc 'apply <recipe> on #{hostname}'
   task "apply:#{hostname}", [:recipe] => %i[recipe_input connect_common] do |_task, _args|
-    node.apply($recipe_to_apply)
+    maybe_decrypt(node) do
+      node.apply($recipe_to_apply)
+    end
   end
   task "apply:#{hostname}" => converge_dependencies
 

data/lib/chake/bootstrap/chef/01_installed.sh

@@ -0,0 +1,4 @@
+# chef-solo already installed
+if which chef-solo >/dev/null 2>&1; then
+  exit
+fi

data/lib/chake/config_manager.rb

@@ -30,10 +30,6 @@ module Chake
       steps.sort_by { |f| File.basename(f) }
     end
 
-    def needs_bootstrap?
-      true
-    end
-
     def needs_upload?
       true
     end

data/lib/chake/config_manager/itamae.rb

@@ -13,10 +13,6 @@ module Chake
         run_itamae(config)
       end
 
-      def needs_bootstrap?
-        false
-      end
-
       def needs_upload?
         false
       end
@@ -39,6 +35,9 @@ module Chake
           raise NotImplementedError, "Connection type #{node.connection.class} not supported for itamee"
         end
         cmd << "--node-json=#{json_config}"
+        if node.silent
+          cmd << '--log-level=warn'
+        end
         cmd += recipes
         node.log("$ #{cmd.join(' ')}")
         io = IO.popen(cmd, 'r', err: %i[child out])

data/lib/chake/node.rb

@@ -43,7 +43,7 @@ module Chake
       @config_manager ||= Chake::ConfigManager.get(self)
     end
 
-    def_delegators :config_manager, :converge, :apply, :path, :bootstrap_steps, :needs_bootstrap?, :needs_upload?
+    def_delegators :config_manager, :converge, :apply, :path, :bootstrap_steps, :needs_upload?
 
     def path
       @path ||= config_manager.path

data/lib/chake/version.rb

@@ -1,3 +1,3 @@
 module Chake
-  VERSION = '0.80'.freeze
+  VERSION = '0.81'.freeze
 end

data/lib/chake/wipe.rb

@@ -0,0 +1,18 @@
+require 'singleton'
+
+module Chake
+  class Wipe
+    include Singleton
+
+    if system('which', 'wipe', out: '/dev/null', err: :out)
+      def wipe(file)
+        system('wipe', '-rfs', file)
+      end
+    else
+      warn 'W: please install "wipe" program for secure deletion, falling back to unlink(2)'
+      def wipe(file)
+        File.unlink(file)
+      end
+    end
+  end
+end

data/man/Rakefile

@@ -15,6 +15,7 @@ MANPAGES.each do |man|
     sh "sed -f man/readme2man.sed #{source} > #{man}.ronn || (rm -f #{man}.ronn; false)"
     sh "ronn --roff #{man}.ronn"
     sh "rm -f #{man}.ronn"
+    sh 'sed', '-i', '-e', 's/\\\\\'/\'/', man
   end
 end
 

data/spec/chake/config_manager/itamae_spec.rb

@@ -1,3 +1,4 @@
+require 'spec_helper'
 require 'chake/node'
 require 'chake/config_manager/itamae'
 
@@ -12,10 +13,6 @@ describe Chake::ConfigManager::Itamae do
   let(:cfg) { Chake::ConfigManager::Itamae.new(node) }
   let(:output) { StringIO.new("line1\nline2\n") }
 
-  it 'does not require bootstrapping' do
-    expect(cfg.needs_bootstrap?).to eq(false)
-  end
-
   it 'does not require uploading' do
     expect(cfg.needs_upload?).to eq(false)
   end
@@ -54,7 +51,7 @@ describe Chake::ConfigManager::Itamae do
     let(:hostname) { 'local://localhostname' }
     it 'calls itamae with local subcommand' do
       expect(IO).to receive(:popen).with(
-        ['itamae', 'local', /--node-json=.*/, 'foo.rb', 'bar.rb'],
+        array_including('itamae', 'local', /--node-json=.*/, 'foo.rb', 'bar.rb'),
         anything,
         err: anything
       ).and_return(output)
@@ -66,4 +63,25 @@ describe Chake::ConfigManager::Itamae do
     allow(node).to receive(:connection).and_return(Object.new)
     expect(-> { cfg.converge }).to raise_error(NotImplementedError)
   end
+
+  it 'handles silent mode' do
+    expect(IO).to receive(:popen).with(
+      array_including('--log-level=warn'),
+      anything,
+      err: anything
+    ).and_return(output)
+    cfg.converge
+  end
+
+  RSpec::Matchers.define_negated_matcher :array_excluding, :include
+
+  it 'handles non-silent mode' do
+    node.silent = false
+    expect(IO).to receive(:popen).with(
+      array_excluding('--log-level=warn'),
+      anything,
+      err: anything
+    ).and_return(output)
+    silence($stdout) { cfg.converge }
+  end
 end

data/spec/chake/config_manager_spec.rb

@@ -17,8 +17,7 @@ describe Chake::ConfigManager do
     end
   end
 
-  it 'requires uploading and bootstrapping by default' do
+  it 'requires uploading by default' do
     expect(subject.needs_upload?).to eq(true)
-    expect(subject.needs_bootstrap?).to eq(true)
   end
 end

data/spec/spec_helper.rb

@@ -44,3 +44,21 @@ shared_examples 'Chake::Connection' do |connection_class|
     connection.run_as_root('something')
   end
 end
+
+module Helpers
+  def silence(stream)
+    orig_stream = stream.clone
+    begin
+      File.open('/dev/null', 'w') do |f|
+        stream.reopen(f)
+        yield
+      end
+    ensure
+      stream.reopen(orig_stream)
+    end
+  end
+end
+
+RSpec.configure do |c|
+  c.include Helpers
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chake
 version: !ruby/object:Gem::Version
-  version: '0.80'
+  version: '0.81'
 platform: ruby
 authors:
 - Antonio Terceiro
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-12 00:00:00.000000000 Z
+date: 2020-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -133,7 +133,8 @@ files:
 - examples/test/cookbooks/example/recipes/default.rb
 - lib/chake.rb
 - lib/chake/bootstrap/00_set_hostname.sh
-- lib/chake/bootstrap/chef/01_debian.sh
+- lib/chake/bootstrap/chef/01_installed.sh
+- lib/chake/bootstrap/chef/02_debian.sh
 - lib/chake/bootstrap/chef/99_unsupported.sh
 - lib/chake/config.rb
 - lib/chake/config_manager.rb
@@ -157,6 +158,7 @@ files:
 - lib/chake/readline.rb
 - lib/chake/tmpdir.rb
 - lib/chake/version.rb
+- lib/chake/wipe.rb
 - man/.gitignore
 - man/Rakefile
 - man/readme2man.sed