chef-api 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 80b62ceb2d3f3e1b7046d2115d6b741bc983499b
-  data.tar.gz: ade937778aea1f66776c212918e73565ed5f1bd1
+  metadata.gz: f0f63c17b624c48909ad16a57e3aa8c104e5d8ca
+  data.tar.gz: 609d4327031d33d9816b1dc071e7df6ab70884f6
 SHA512:
-  metadata.gz: ebb178741c859052b3762e52ec0d9da19b6b9bb9df52099319e028813e03b776e1ca8401dc9506bcd65a3be8a683e631c0acc89da3d1090a98a0e549e9d16b87
-  data.tar.gz: bd0cb8413f6add6ddac6c2f60d38a68b87d63e905a20eb2e92b36a77b7afd61d204de15242be4287e8e3d9717c38034b63fc664eae086f7823c9444281552422
+  metadata.gz: fa907ef2a5761997afc8a0c6b0a07f68d287f775b6c6ae3946be2ee52797cbfe26c023640d87662d9309457dc772db43e3d4cf1c1793e3111c679b67247e8bff
+  data.tar.gz: df493cd920ea8a6ab12b8d73e15c8fe4eceb8f1c4a7c339dbf1dc4c2be9c521b8f3e023ddfe80668120257c707e95995f6a9ca31e506d3c7f2a6f41ed4edd247

data/.travis.yml

@@ -11,4 +11,4 @@ branches:
   only:
     - master
 
-script: bundle exec rspec --color --format progress
+script: bundle exec rake

data/CHANGELOG.md

@@ -1,6 +1,13 @@
 ChefAPI Changelog
 =================
 
+v0.4.1 (2014-07-07)
+-------------------
+- Remove dependency on mixlib-authentication
+- Fix a bug where Content-Type headers were not sent properly
+- Switch to rake for test running
+- Improve test coverage with fixtures
+
 v0.4.0 (2014-07-05)
 -------------------
 - Support multipart POST

data/Rakefile

@@ -1 +1,11 @@
 require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new do |t|
+  t.rspec_opts = [
+    '--color',
+    '--format progress',
+  ].join(' ')
+end
+
+task default: :spec

data/chef-api.gemspec

@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'logify',                '~> 0.1'
-  spec.add_dependency 'mixlib-authentication', '~> 1.3'
-  spec.add_dependency 'mime-types',            '~> 2.3'
+  spec.add_dependency 'logify',     '~> 0.1'
+  spec.add_dependency 'mime-types', '~> 2.3'
 end

data/lib/chef-api.rb

@@ -7,12 +7,14 @@ require 'chef-api/version'
 JSON.create_id = nil
 
 module ChefAPI
+  autoload :Authentication,  'chef-api/authentication'
   autoload :Boolean,         'chef-api/boolean'
   autoload :Configurable,    'chef-api/configurable'
   autoload :Connection,      'chef-api/connection'
   autoload :Defaults,        'chef-api/defaults'
   autoload :Error,           'chef-api/errors'
   autoload :ErrorCollection, 'chef-api/error_collection'
+  autoload :Multipart,       'chef-api/multipart'
   autoload :Resource,        'chef-api/resource'
   autoload :Schema,          'chef-api/schema'
   autoload :Util,            'chef-api/util'

data/lib/chef-api/authentication.rb

@@ -0,0 +1,298 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+require 'time'
+
+#
+# DEBUG steps:
+#
+# check .chomp
+#
+
+module ChefAPI
+  class Authentication
+    include Logify
+
+    # @todo: Enable this in the future when Mixlib::Authentication supports
+    # signing the full request body instead of just the uploaded file parameter.
+    SIGN_FULL_BODY = false
+
+    SIGNATURE = 'algorithm=sha1;version=1.0;'.freeze
+
+    # Headers
+    X_OPS_SIGN          = 'X-Ops-Sign'.freeze
+    X_OPS_USERID        = 'X-Ops-Userid'.freeze
+    X_OPS_TIMESTAMP     = 'X-Ops-Timestamp'.freeze
+    X_OPS_CONTENT_HASH  = 'X-Ops-Content-Hash'.freeze
+    X_OPS_AUTHORIZATION = 'X-Ops-Authorization'.freeze
+
+    class << self
+      #
+      # Create a new signing object from the given options. All options are
+      # required.
+      #
+      # @see (#initialize)
+      #
+      # @option options [String] :user
+      # @option options [String, OpenSSL::PKey::RSA] :key
+      # @option options [String, Symbol] verb
+      # @option options [String] :path
+      # @option options [String, IO] :body
+      #
+      def from_options(options = {})
+        user = options.fetch(:user)
+        key  = options.fetch(:key)
+        verb = options.fetch(:verb)
+        path = options.fetch(:path)
+        body = options.fetch(:body)
+
+        new(user, key, verb, path, body)
+      end
+    end
+
+    #
+    # Create a new Authentication object for signing. Creating an instance will
+    # not run any validations or perform any operations (this is on purpose).
+    #
+    # @param [String] user
+    #   the username/client/user of the user to sign the request. In Hosted
+    #   Chef land, this is your "client". In Supermarket land, this is your
+    #   "username".
+    # @param [String, OpenSSL::PKey::RSA] key
+    #   the path to a private key on disk, the raw private key (as a String),
+    #   or the raw private key (as an OpenSSL::PKey::RSA instance)
+    # @param [Symbol, String] verb
+    #   the verb for the request (e.g. +:get+)
+    # @param [String] path
+    #   the "path" part of the URI (e.g. +/path/to/resource+)
+    # @param [String, IO] body
+    #   the body to sign for the request, as a raw string or an IO object to be
+    #   read in chunks
+    #
+    def initialize(user, key, verb, path, body)
+      @user = user
+      @key  = key
+      @verb = verb
+      @path = path
+      @body = body
+    end
+
+    #
+    # The fully-qualified headers for this authentication object of the form:
+    #
+    #   {
+    #     'X-Ops-Sign'            => 'algorithm=sha1;version=1.1',
+    #     'X-Ops-Userid'          => 'sethvargo',
+    #     'X-Ops-Timestamp'       => '2014-07-07T02:17:15Z',
+    #     'X-Ops-Content-Hash'    => '...',
+    #     'x-Ops-Authorization-1' => '...'
+    #     'x-Ops-Authorization-2' => '...'
+    #     'x-Ops-Authorization-3' => '...'
+    #     # ...
+    #   }
+    #
+    # @return [Hash]
+    #   the signing headers
+    #
+    def headers
+      {
+        X_OPS_SIGN         => SIGNATURE,
+        X_OPS_USERID       => @user,
+        X_OPS_TIMESTAMP    => canonical_timestamp,
+        X_OPS_CONTENT_HASH => content_hash,
+      }.merge(signature_lines)
+    end
+
+    #
+    # The canonical body. This could be an IO object (such as +#body_stream+),
+    # an actual string (such as +#body+), or just the empty string if the
+    # request's body and stream was nil.
+    #
+    # @return [String, IO]
+    #
+    def content_hash
+      return @content_hash if @content_hash
+
+      if SIGN_FULL_BODY
+        @content_hash = hash(@body || '').chomp
+      else
+        if @body.is_a?(Multipart::MultiIO)
+          filepart = @body.ios.find { |io| io.is_a?(Multipart::MultiIO) }
+          file     = filepart.ios.find { |io| io.is_a?(File) }
+
+          @content_hash = hash(file).chomp
+        else
+          @content_hash = hash(@body || '').chomp
+        end
+      end
+
+      @content_hash
+    end
+
+    #
+    # Parse the given private key. Users can specify the private key as:
+    #
+    #   - the path to the key on disk
+    #   - the raw string key
+    #   - an +OpenSSL::PKey::RSA object+
+    #
+    # Any other implementations are not supported and will likely explode.
+    #
+    # @todo
+    #   Handle errors when the file cannot be read due to insufficient
+    #   permissions
+    #
+    # @return [OpenSSL::PKey::RSA]
+    #   the RSA private key as an OpenSSL object
+    #
+    def canonical_key
+      return @canonical_key if @canonical_key
+
+      log.info "Parsing private key..."
+
+      if @key.nil?
+        log.warn "No private key given!"
+        raise 'No private key given!'
+      end
+
+      if @key.is_a?(OpenSSL::PKey::RSA)
+        log.debug "Detected private key is an OpenSSL Ruby object"
+        @canonical_key = @key
+      elsif @key =~ /(.+)\.pem$/ || File.exists?(File.expand_path(@key))
+        log.debug "Detected private key is the path to a file"
+        contents = File.read(File.expand_path(@key))
+        @canonical_key = OpenSSL::PKey::RSA.new(contents)
+      else
+        log.debug "Detected private key was the literal string key"
+        @canonical_key = OpenSSL::PKey::RSA.new(@key)
+      end
+
+      @canonical_key
+    end
+
+
+    #
+    # The canonical path, with duplicate and trailing slashes removed. This
+    # value is then hashed.
+    #
+    # @example
+    #   "/zip//zap/foo" #=> "/zip/zap/foo"
+    #
+    # @return [String]
+    #
+    def canonical_path
+      @canonical_path ||= hash(@path.squeeze('/').gsub(/(\/)+$/,'')).chomp
+    end
+
+    #
+    # The iso8601 timestamp for this request. This value must be cached so it
+    # is persisted throughout this entire request.
+    #
+    # @return [String]
+    #
+    def canonical_timestamp
+      @canonical_timestamp ||= Time.now.utc.iso8601
+    end
+
+    #
+    # The uppercase verb.
+    #
+    # @example
+    #   :get #=> "GET"
+    #
+    # @return [String]
+    #
+    def canonical_method
+      @canonical_method ||= @verb.to_s.upcase
+    end
+
+    #
+    # The canonical request, from the path, body, user, and current timestamp.
+    #
+    # @return [String]
+    #
+    def canonical_request
+      [
+        "Method:#{canonical_method}",
+        "Hashed Path:#{canonical_path}",
+        "X-Ops-Content-Hash:#{content_hash}",
+        "X-Ops-Timestamp:#{canonical_timestamp}",
+        "X-Ops-UserId:#{@user}",
+      ].join("\n")
+    end
+
+    #
+    # The canonical request, encrypted by the given private key.
+    #
+    # @return [String]
+    #
+    def encrypted_request
+      canonical_key.private_encrypt(canonical_request).chomp
+    end
+
+    #
+    # The +X-Ops-Authorization-N+ headers. This method takes the encrypted
+    # request, splits on a newline, and creates a signed header authentication
+    # request. N begins at 1, not 0 because the original author of
+    # Mixlib::Authentication did not believe in computer science.
+    #
+    # @return [Hash]
+    #
+    def signature_lines
+      signature = Base64.encode64(encrypted_request)
+      signature.split(/\n/).each_with_index.inject({}) do |hash, (line, index)|
+        hash["#{X_OPS_AUTHORIZATION}-#{index + 1}"] = line
+        hash
+      end
+    end
+
+    private
+
+    #
+    # Hash the given object.
+    #
+    # @param [String, IO] object
+    #   a string or IO object to hash
+    #
+    # @return [String]
+    #   the hashed value
+    #
+    def hash(object)
+      if object.respond_to?(:read)
+        digest_io(object)
+      else
+        digest_string(object)
+      end
+    end
+
+    #
+    # Digest the given IO, reading in 1024 bytes at one time.
+    #
+    # @param [IO] io
+    #   the IO (or File object)
+    #
+    # @return [String]
+    #
+    def digest_io(io)
+      digester = Digest::SHA1.new
+
+      while buffer = io.read(1024)
+        digester.update(buffer)
+      end
+
+      Base64.encode64(digester.digest)
+    end
+
+    #
+    # Digest a string.
+    #
+    # @param [String] string
+    #   the string to digest
+    #
+    # @return [String]
+    #
+    def digest_string(string)
+      Base64.encode64(Digest::SHA1.digest(string))
+    end
+  end
+end

data/lib/chef-api/connection.rb

@@ -202,25 +202,35 @@ module ChefAPI
       # Setup PATCH/POST/PUT
       if [:patch, :post, :put].include?(verb)
         if data.respond_to?(:read)
+          log.info "Detected file/io presence"
           request.body_stream = data
         elsif data.is_a?(Hash)
           # If any of the values in the hash are File-like, assume this is a
           # multi-part post
           if data.values.any? { |value| value.respond_to?(:read) }
+            log.info "Detected multipart body"
+
             multipart = Multipart::Body.new(data)
+
+            log.debug "Content-Type: #{multipart.content_type}"
+            log.debug "Content-Length: #{multipart.content_length}"
+
             request.content_length = multipart.content_length
             request.content_type   = multipart.content_type
+
             request.body_stream    = multipart.stream
           else
+            log.info "Detected form data"
             request.form_data = data
           end
         else
+          log.info "Detected regular body"
           request.body = data
         end
       end
 
       # Sign the request
-      add_signing_headers(verb, uri, request, parsed_key)
+      add_signing_headers(verb, uri.path, request)
 
       # Create the HTTP connection object - since the proxy information defaults
       # to +nil+, we can just pass it to the initializer method instead of doing
@@ -351,49 +361,6 @@ module ChefAPI
 
     private
 
-    #
-    # Parse the given private key. Users can specify the private key as:
-    #
-    #   - the path to the key on disk
-    #   - the raw string key
-    #   - an +OpenSSL::PKey::RSA object+
-    #
-    # Any other implementations are not supported and will likely explode.
-    #
-    # @todo
-    #   Handle errors when the file cannot be read due to insufficient
-    #   permissions
-    #
-    # @return [OpenSSL::PKey::RSA]
-    #   the RSA private key as an OpenSSL object
-    #
-    def parsed_key
-      return @parsed_key if @parsed_key
-
-      log.info "Parsing private key..."
-
-      if key.nil?
-        log.warn "No private key given!"
-        raise 'No private key given!'
-      end
-
-      if key.is_a?(OpenSSL::PKey::RSA)
-        log.debug "Detected private key is an OpenSSL Ruby object"
-        @parsed_key = key
-      end
-
-      if key =~ /(.+)\.pem$/ || File.exists?(File.expand_path(key))
-        log.debug "Detected private key is the path to a file"
-        contents = File.read(File.expand_path(key))
-        @parsed_key = OpenSSL::PKey::RSA.new(contents)
-      else
-        log.debug "Detected private key was the literal string key"
-        @parsed_key = OpenSSL::PKey::RSA.new(key)
-      end
-
-      @parsed_key
-    end
-
     #
     # Parse the response object and manipulate the result based on the given
     # +Content-Type+ header. For now, this method only parses JSON, but it
@@ -433,7 +400,7 @@ module ChefAPI
       when /json/
         log.debug "Detected error response as JSON"
         log.debug "Parsing error response as JSON"
-        message = Array(JSON.parse(response.body)['error']).join(', ')
+        message = JSON.parse(response.body)
       else
         log.debug "Detected response as text/plain"
         message = response.body
@@ -485,191 +452,33 @@ module ChefAPI
     end
 
     #
-    # Use mixlib-auth to create a signed header auth.
+    # Create a signed header authentication that can be consumed by
+    # +Mixlib::Authentication+.
     #
+    # @param [Symbol] verb
+    #   the HTTP verb (e.g. +:get+)
+    # @param [String] path
+    #   the requested URI path (e.g. +/resources/foo+)
     # @param [Net::HTTP::Request] request
     #
-    def add_signing_headers(verb, uri, request, key)
+    def add_signing_headers(verb, path, request)
       log.info "Adding signed header authentication..."
 
-      unless defined?(Mixlib::Authentication::SignedHeaderAuth)
-        require 'mixlib/authentication/signedheaderauth'
-      end
-
-      headers = Mixlib::Authentication::SignedHeaderAuth.signing_object(
-        :http_method => verb,
-        :body        => request.body || '',
-        :host        => "#{uri.host}:#{uri.port}",
-        :path        => uri.path,
-        :timestamp   => Time.now.utc.iso8601,
-        :user_id     => client,
-        :file        => '',
-      ).sign(key)
+      authentication = Authentication.from_options(
+        user: client,
+        key:  key,
+        verb: verb,
+        path: path,
+        body: request.body || request.body_stream,
+      )
 
-      headers.each do |key, value|
+      authentication.headers.each do |key, value|
         log.debug "#{key}: #{value}"
         request[key] = value
       end
-    end
-  end
-
-  require 'cgi'
-  require 'mime/types'
-
-  module Multipart
-    BOUNDARY = '------ChefAPIMultipartBoundary'.freeze
-
-    class Body
-      def initialize(params = {})
-        params.each do |key, value|
-          if value.respond_to?(:read)
-            parts << FilePart.new(key, value)
-          else
-            parts << ParamPart.new(key, value)
-          end
-        end
-
-        parts << EndingPart.new
-      end
-
-      def stream
-        MultiIO.new(*parts.map(&:io))
-      end
-
-      def content_type
-        "multipart/form-data; boundary=#{BOUNDARY}"
-      end
-
-      def content_length
-        parts.map(&:size).inject(:+)
-      end
-
-      private
-
-      def parts
-        @parts ||= []
-      end
-    end
-
-    class MultiIO
-      def initialize(*ios)
-        @ios = ios
-        @index = 0
-      end
-
-      # Read from IOs in order until `length` bytes have been received.
-      def read(length = nil, outbuf = nil)
-        got_result = false
-        outbuf = outbuf ? outbuf.replace('') : ''
-
-        while io = current_io
-          if result = io.read(length)
-            got_result ||= !result.nil?
-            result.force_encoding('BINARY') if result.respond_to?(:force_encoding)
-            outbuf << result
-            length -= result.length if length
-            break if length == 0
-          end
-          advance_io
-        end
-
-        (!got_result && length) ? nil : outbuf
-      end
-
-      def rewind
-        @ios.each { |io| io.rewind }
-        @index = 0
-      end
-
-      private
-
-      def current_io
-        @ios[@index]
-      end
-
-      def advance_io
-        @index += 1
-      end
-    end
-
-    #
-    # A generic key => value part.
-    #
-    class ParamPart
-      def initialize(name, value)
-        @part = build(name, value)
-      end
-
-      def io
-        @io ||= StringIO.new(@part)
-      end
-
-      def size
-        @part.bytesize
-      end
-
-      private
-
-      def build(name, value)
-        part =  %|--#{BOUNDARY}\r\n|
-        part << %|Content-Disposition: form-data; name="#{CGI.escape(name)}"\r\n\r\n|
-        part << %|#{value}\r\n|
-        part
-      end
-    end
-
-    #
-    # A File part
-    #
-    class FilePart
-      def initialize(name, file)
-        @file = file
-        @head = build(name, file)
-        @foot = "\r\n"
-      end
-
-      def io
-        @io ||= MultiIO.new(
-          StringIO.new(@head),
-          @file,
-          StringIO.new(@foot)
-        )
-      end
-
-      def size
-        @head.bytesize + @file.size + @foot.bytesize
-      end
-
-      private
-
-      def build(name, file)
-        filename  = File.basename(file.path)
-        mime_type = MIME::Types.type_for(filename)[0] || MIME::Types['application/octet-stream'][0]
-
-        part =  %|--#{BOUNDARY}\r\n|
-        part << %|Content-Disposition: form-data; name="#{CGI.escape(name)}"; filename="#{filename}"\r\n|
-        part << %|Content-Length: #{file.size}\r\n|
-        part << %|Content-Type: #{mime_type.simplified}|
-        part << %|Content-Transfer-Encoding: binary\r\n|
-        part << %|\r\n|
-        part
-      end
-    end
-
-    #
-    # The end of the entire request
-    #
-    class EndingPart
-      def initialize
-        @part = "--#{BOUNDARY}--\r\n\r\n"
-      end
-
-      def io
-        @io ||= StringIO.new(@part)
-      end
 
-      def size
-        @part.bytesize
+      if request.body_stream
+        request.body_stream.rewind
       end
     end
   end

data/lib/chef-api/multipart.rb

@@ -0,0 +1,164 @@
+require 'cgi'
+require 'mime/types'
+
+module ChefAPI
+  module Multipart
+    BOUNDARY = '------ChefAPIMultipartBoundary'.freeze
+
+    class Body
+      def initialize(params = {})
+        params.each do |key, value|
+          if value.respond_to?(:read)
+            parts << FilePart.new(key, value)
+          else
+            parts << ParamPart.new(key, value)
+          end
+        end
+
+        parts << EndingPart.new
+      end
+
+      def stream
+        MultiIO.new(*parts.map(&:io))
+      end
+
+      def content_type
+        "multipart/form-data; boundary=#{BOUNDARY}"
+      end
+
+      def content_length
+        parts.map(&:size).inject(:+)
+      end
+
+      private
+
+      def parts
+        @parts ||= []
+      end
+    end
+
+    class MultiIO
+      attr_reader :ios
+
+      def initialize(*ios)
+        @ios = ios
+        @index = 0
+      end
+
+      # Read from IOs in order until `length` bytes have been received.
+      def read(length = nil, outbuf = nil)
+        got_result = false
+        outbuf = outbuf ? outbuf.replace('') : ''
+
+        while io = current_io
+          if result = io.read(length)
+            got_result ||= !result.nil?
+            result.force_encoding('BINARY') if result.respond_to?(:force_encoding)
+            outbuf << result
+            length -= result.length if length
+            break if length == 0
+          end
+          advance_io
+        end
+
+        (!got_result && length) ? nil : outbuf
+      end
+
+      def rewind
+        @ios.each { |io| io.rewind }
+        @index = 0
+      end
+
+      private
+
+      def current_io
+        @ios[@index]
+      end
+
+      def advance_io
+        @index += 1
+      end
+    end
+
+    #
+    # A generic key => value part.
+    #
+    class ParamPart
+      def initialize(name, value)
+        @part = build(name, value)
+      end
+
+      def io
+        @io ||= StringIO.new(@part)
+      end
+
+      def size
+        @part.bytesize
+      end
+
+      private
+
+      def build(name, value)
+        part =  %|--#{BOUNDARY}\r\n|
+        part << %|Content-Disposition: form-data; name="#{CGI.escape(name)}"\r\n\r\n|
+        part << %|#{value}\r\n|
+        part
+      end
+    end
+
+    #
+    # A File part
+    #
+    class FilePart
+      def initialize(name, file)
+        @file = file
+        @head = build(name, file)
+        @foot = "\r\n"
+      end
+
+      def io
+        @io ||= MultiIO.new(
+          StringIO.new(@head),
+          @file,
+          StringIO.new(@foot)
+        )
+      end
+
+      def size
+        @head.bytesize + @file.size + @foot.bytesize
+      end
+
+      private
+
+      def build(name, file)
+        filename  = File.basename(file.path)
+        mime_type = MIME::Types.type_for(filename)[0] || MIME::Types['application/octet-stream'][0]
+
+        part =  %|--#{BOUNDARY}\r\n|
+        part << %|Content-Disposition: form-data; name="#{CGI.escape(name)}"; filename="#{filename}"\r\n|
+        part << %|Content-Length: #{file.size}\r\n|
+        part << %|Content-Type: #{mime_type.simplified}\r\n|
+        part << %|Content-Transfer-Encoding: binary\r\n|
+        part << %|\r\n|
+        part
+      end
+    end
+
+    #
+    # The end of the entire request
+    #
+    class EndingPart
+      def initialize
+        @part = "--#{BOUNDARY}--\r\n\r\n"
+      end
+
+      def io
+        @io ||= StringIO.new(@part)
+      end
+
+      def size
+        @part.bytesize
+      end
+    end
+  end
+end

data/lib/chef-api/version.rb

@@ -1,3 +1,3 @@
 module ChefAPI
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end

data/spec/spec_helper.rb

@@ -23,3 +23,10 @@ RSpec.configure do |config|
   #     --seed 1234
   config.order = 'random'
 end
+
+#
+# @return [String]
+#
+def rspec_support_file(*joins)
+  File.join(File.expand_path('../support', __FILE__), *joins)
+end

data/spec/support/user.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1xzQLQxDANx/Yu73NbqATU898uvHcVaMglg4FjMMOhqLTE3g
+MIDMUeBH05c167kRmF+6a3l3dNlDyt8cBtWo277Yfd3FPOzeaf/g7umKY0Ids9S4
+fZBP+wcG8mpk2ReNiAcIwJlTZHWSdUSoHIZeDXd8eE5tU1WfdWeXfd+yQFVTv5fj
+U0VwU/c4+UzMjySbHiv94mKIfels/M7hnlRoJyepJFLThTi5bE4bmyizhvBp6j8V
+HbaLdSfBis1FgDuaajSjTu6m41X7HshSuWkRp1w+2PWQnXwoCIBIogHcTlE+UGt6
+LNa23/jiMCzRGYQiS/gl5+6gTByhCcV7f2aXXwIDAQABAoIBADYZVvmdVdSHn7nf
+42gtyUqoHSpUxcnpPFkjmqdqmy6ZsmK0SyennLsSrr22D6eC2bv6h0W0PKi0Y2pI
+BiJp5ZeuPYAaIBqcb6s04Pr03Qrte87YNrXNb2/wanzY6Rf35m5JZpgZd3GSaAz6
+AVV7LXgxjqoq/y+wHvRF40GS2p924BePIzSgwWld2X7s39YdgSrxk2vytuqU2B8m
+iH5fhJDghO7MQCX5aa+6YgLAvP28mKTPBOz8kCbiWPgDPxu9NpI4WGgzGgZqofjZ
+GIyqZcDQ15oILdi0awWaVAK6Ob/24QQm33QaHzKZTKaRzWUeIJpnqPcGndjRC4Yt
+FN/yVKECgYEA7ahqlovJN1AeZ1tDqP9UiGHSKyJmo3psnv3+u5DV+/cUUwDvbLF5
+atCaGWZbdd0oSejeNeNX+JKZZE5xxSrKmuFnQe9lljylrWEOZ0TBngi4MABVJvst
+vUG21vYVEZGiQzWZqZ92zxJQB3V0hOPNsyyAKVnyKctwhSlO3slbYhcCgYEA57bz
+ueFcwQsQuJFLK2fX6ZmMJD0bwMXMOZIb+1s/URAIEClFqJYnYJuT7GGthz8099FL
+2HyrGScrTYL+ekrAFTHmx/hBLdPwYhCunyptUvPPQwU8+mEhKSsqVtjHKnFfyHRB
+T2c8AZNQNXhMMeJYANY3Gm1/4catWJ6RF/U1qfkCgYEApDqFrZLbcYXD/NhsYRRQ
+bg5rFbOoCcBH33bV2Pe1Z3DOcq1qxkm+BboxQuwgt8okVS6+n66C1Bs6NL6gkAeK
+Co1ItZ+hK7itJKq1MVeqFHMiFMmmDlH0wZvvpYxX8tQYtSkNDtJLX7zf4MehxVNG
+ilJuHiUx2v/iuaJaBkpPA/ECgYAxNXthOGkYXh848zJBj5Yc+Az5DTk9oUQT3eGv
+adtyfbMYq4stmGXYcHHju4K8vEGld39iBGfZuaXKmk0s738HgUd/pEtDTkU4rk5H
+Yx1AhqK3mv8uNT5zncUqGHODofwzd+z+ze/CbeSU1m1oEqeZ1eRx6ltEOYtKzLIH
+on25EQKBgEpxoKGGbp6EpY/wGCONeapjB/27gRAdLB5Nh/9HCAfVfoM/K31ECmL9
+ZWWiwM6U2Qlmh8jGrhN4su8hpsNGbjvZ+kpA0MqJnJQGr6Y7iiSKDtd+Xc1cLh1g
+YtL+yxlvdE9ue8oZut4Mfn0xQg2sns+OYi7mWQpssKeR/faPcGkK
+-----END RSA PRIVATE KEY-----

data/spec/unit/authentication_spec.rb

@@ -0,0 +1,70 @@
+require 'spec_helper'
+
+module ChefAPI
+  describe Authentication do
+    let(:user)      { 'sethvargo' }
+    let(:key)       { rspec_support_file('user.pem') }
+    let(:body)      { nil }
+    let(:verb)      { :get }
+    let(:path)      { '/foo/bar' }
+    let(:timestamp) { '1991-07-23T03:00:54Z' }
+
+    let(:headers)   { described_class.new(user, key, verb, path, body).headers }
+
+    before do
+      allow(Time).to receive_message_chain(:now, :utc, :iso8601)
+        .and_return(timestamp)
+    end
+
+    context 'when given a request with no body' do
+      let(:body) { nil }
+
+      it 'returns the signed headers' do
+        expect(headers['X-Ops-Sign']).to eq('algorithm=sha1;version=1.0;')
+        expect(headers['X-Ops-Userid']).to eq('sethvargo')
+        expect(headers['X-Ops-Timestamp']).to eq('1991-07-23T03:00:54Z')
+        expect(headers['X-Ops-Content-Hash']).to eq('2jmj7l5rSw0yVb/vlWAYkK/YBwk=')
+        expect(headers['X-Ops-Authorization-1']).to eq('UuadIvkZTeZDcFW6oNilet0QzTcP/9JsRhSjIKCiZiqUeBG9jz4mU9w+TWsm')
+        expect(headers['X-Ops-Authorization-2']).to eq('2R3IiEKOW0S+UZpN19tPZ3nTdUluEvguidnsjuM/UpHymgY7M560pN4idXt5')
+        expect(headers['X-Ops-Authorization-3']).to eq('MQYAEHhFHTOfBX8ihOPkA5gkbLw6ehftjL10W/7H3bTrl1tiHHkv2Lmz4e+e')
+        expect(headers['X-Ops-Authorization-4']).to eq('9dJNeNDYVEaR1Efj7B7rnKjSD6SvRdqq0gbwiTfE7P2B88yjnq+a9eEoYgG3')
+        expect(headers['X-Ops-Authorization-5']).to eq('lmNnVT5pqJPHiE1YFj1OITywAi/5pMzJCzYzVyWxQT+4r+SIRtRESrRFi1Re')
+        expect(headers['X-Ops-Authorization-6']).to eq('OfHqhynKfmxMHAxVLJbfdjH3yX8Z8bq3tGPbdXxYAw==')
+      end
+    end
+
+    context 'when given a request with a string body' do
+      let(:body) { '{ "some": { "json": true } }' }
+
+      it 'returns the signed headers' do
+        expect(headers['X-Ops-Sign']).to eq('algorithm=sha1;version=1.0;')
+        expect(headers['X-Ops-Userid']).to eq('sethvargo')
+        expect(headers['X-Ops-Timestamp']).to eq('1991-07-23T03:00:54Z')
+        expect(headers['X-Ops-Content-Hash']).to eq('D3+ox1HKmuzp3SLWiSU/5RdnbdY=')
+        expect(headers['X-Ops-Authorization-1']).to eq('fbV8dt51y832DJS0bfR1LJ+EF/HHiDEgqJawNZyKMkgMHZ0Bv78kQVtH73fS')
+        expect(headers['X-Ops-Authorization-2']).to eq('s3JQkMpZOwsNO8n2iduexmTthJe/JXG4sUgBKkS2qtKxpBy5snFSb6wD5ZuC')
+        expect(headers['X-Ops-Authorization-3']).to eq('VJuC1YpOF6bGM8CyUG0O0SZBZRFZVgyC5TFACJn8ymMIx0FznWSPLyvoSjsZ')
+        expect(headers['X-Ops-Authorization-4']).to eq('pdVOjhPV2+EQaj3c01dBFx5FSXgnBhWSmu2DCel/74TDt5RBraPcB4wczwpz')
+        expect(headers['X-Ops-Authorization-5']).to eq('VIeVqGMuQ71OE0tabej4OKyf1+BopOedxVH1+KF5ETisxqrNhmEtUY5WrmSS')
+        expect(headers['X-Ops-Authorization-6']).to eq('hjhiBXFdieV24Sojq6PKBhEEwpJqrPVP1lZNkRXdoA==')
+      end
+    end
+
+    context 'when given an IO object' do
+      let(:body) { File.open(rspec_support_file('cookbook.tar.gz')) }
+
+      it 'returns the signed headers' do
+        expect(headers['X-Ops-Sign']).to eq('algorithm=sha1;version=1.0;')
+        expect(headers['X-Ops-Userid']).to eq('sethvargo')
+        expect(headers['X-Ops-Timestamp']).to eq('1991-07-23T03:00:54Z')
+        expect(headers['X-Ops-Content-Hash']).to eq('AWFSGfxiL2XltqdgSKCpdm84H9o=')
+        expect(headers['X-Ops-Authorization-1']).to eq('oRvANxtLQanzqdC28l0szONjTni9zLRBiybYNyxyxos7M1X3kSs5LknmMA/E')
+        expect(headers['X-Ops-Authorization-2']).to eq('i6Izk87dCcG3LLiGqRh0x/BoayS9SyoctdfMRR5ivrKRUzuQU9elHRpXnmjw')
+        expect(headers['X-Ops-Authorization-3']).to eq('7i/tlbLPrJQ/0+di9BU4m+BBD/vbh80KajmsaszxHx1wwNEBkNAymSLSDqXX')
+        expect(headers['X-Ops-Authorization-4']).to eq('gVAjNiaEzV9/EPQyGAYaU40SOdDwKzBthxgCpM9sfpfQsXj4Oj4SvSmO+4sy')
+        expect(headers['X-Ops-Authorization-5']).to eq('eJ0l7vpR0MyQqnhqbJHkQAGsG/HUhuhG0E9T7dClk08EB+sdsnDxr+5laei3')
+        expect(headers['X-Ops-Authorization-6']).to eq('YtCw2spOnumfdqx2hWvLmxR3y2eOuLBv77tZXUQ4Ug==')
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-api
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Seth Vargo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-06 00:00:00.000000000 Z
+date: 2014-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logify
@@ -24,20 +24,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
-- !ruby/object:Gem::Dependency
-  name: mixlib-authentication
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: mime-types
   requirement: !ruby/object:Gem::Requirement
@@ -68,12 +54,14 @@ files:
 - Rakefile
 - chef-api.gemspec
 - lib/chef-api.rb
+- lib/chef-api/authentication.rb
 - lib/chef-api/boolean.rb
 - lib/chef-api/configurable.rb
 - lib/chef-api/connection.rb
 - lib/chef-api/defaults.rb
 - lib/chef-api/error_collection.rb
 - lib/chef-api/errors.rb
+- lib/chef-api/multipart.rb
 - lib/chef-api/resource.rb
 - lib/chef-api/resources/base.rb
 - lib/chef-api/resources/client.rb
@@ -106,7 +94,10 @@ files:
 - spec/integration/resources/user_spec.rb
 - spec/spec_helper.rb
 - spec/support/chef_server.rb
+- spec/support/cookbook.tar.gz
 - spec/support/shared/chef_api_resource.rb
+- spec/support/user.pem
+- spec/unit/authentication_spec.rb
 - spec/unit/errors_spec.rb
 - spec/unit/resources/base_spec.rb
 - spec/unit/resources/client_spec.rb
@@ -166,7 +157,10 @@ test_files:
 - spec/integration/resources/user_spec.rb
 - spec/spec_helper.rb
 - spec/support/chef_server.rb
+- spec/support/cookbook.tar.gz
 - spec/support/shared/chef_api_resource.rb
+- spec/support/user.pem
+- spec/unit/authentication_spec.rb
 - spec/unit/errors_spec.rb
 - spec/unit/resources/base_spec.rb
 - spec/unit/resources/client_spec.rb