chef-apply 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 11e436ae814ec9510c2a984a971cbe7854314eb79c0ab08aeac72fcba2858e18
-  data.tar.gz: f3ecae1562b74d61990aba202af58a8e3a39061308e40539ade9d4b1c8e71aaf
+  metadata.gz: 47763f0152ecf082b519b5e8f19aee5616d37bbf96693b0751e74f51632be7f8
+  data.tar.gz: 55feba8903fa01cab32672129689d34ead1e005750db15505cd5fbae9ab54366
 SHA512:
-  metadata.gz: eb0ce1d7c7657f99623d1f3e088f6d0ea7985b90df3fe3893a483e81cbcb8507b66d21db333d65c23a16571809e24fd669a8f45347296917d97cce54000de2d8
-  data.tar.gz: 60ebda06d54c11d8cd70f1e2d062fdc2276cd56d4f9ee4633eaada392981c03163fe96541ed14888c789fd0690f566b2016241319f89248534f78c17c86849af
+  metadata.gz: 16ce92eeadd92a96cf00a56d4c2faaa551fef3b442eee4ba54cda7f81671f8af876090611e59f2ece3b7ded1ec04f29bb56baa1f6e183c5db2bfc919915703c5
+  data.tar.gz: de6f1bd15e8e62c54332089364cfe1a3c9989e903403913667fa77ebd15af96479654ed279c6c4ce04d345864a50a2ad9c844481f8f7771b4a59d3b26d266f6a

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    chef-apply (0.2.1)
+    chef-apply (0.2.2)
       chef (>= 14.0)
       chef-dk (>= 3.0)
       chef-telemetry
@@ -21,16 +21,18 @@ GEM
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
     ast (2.4.0)
-    aws-sdk (2.11.151)
-      aws-sdk-resources (= 2.11.151)
-    aws-sdk-core (2.11.151)
+    aws-sdk (2.11.153)
+      aws-sdk-resources (= 2.11.153)
+    aws-sdk-core (2.11.153)
       aws-sigv4 (~> 1.0)
       jmespath (~> 1.0)
-    aws-sdk-resources (2.11.151)
-      aws-sdk-core (= 2.11.151)
+    aws-sdk-resources (2.11.153)
+      aws-sdk-core (= 2.11.153)
     aws-sigv4 (1.0.3)
     azure_graph_rbac (0.17.0)
       ms_rest_azure (~> 0.11.0)
+    azure_mgmt_key_vault (0.17.2)
+      ms_rest_azure (~> 0.11.0)
     azure_mgmt_resources (0.17.2)
       ms_rest_azure (~> 0.11.0)
     binding_of_caller (0.8.0)
@@ -147,10 +149,10 @@ GEM
       representable (~> 3.0)
       retriable (>= 2.0, < 4.0)
       signet (~> 0.9)
-    googleauth (0.6.6)
+    googleauth (0.6.7)
       faraday (~> 0.12)
       jwt (>= 1.4, < 3.0)
-      memoist (~> 0.12)
+      memoist (~> 0.16)
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (~> 0.7)
@@ -330,9 +332,10 @@ GEM
     toml-rb (1.1.2)
       citrus (~> 3.0, > 3.0)
     tomlrb (1.2.7)
-    train (1.5.0)
+    train (1.5.4)
       aws-sdk (~> 2)
       azure_graph_rbac (~> 0.16)
+      azure_mgmt_key_vault (~> 0.17)
       azure_mgmt_resources (~> 0.15)
       docker-api (~> 1.26)
       google-api-client (~> 0.23.9)
@@ -389,4 +392,4 @@ DEPENDENCIES
   simplecov
 
 BUNDLED WITH
-   1.16.5
+   1.16.6

data/lib/chef_apply/action/base.rb

@@ -60,23 +60,18 @@ module ChefApply
           windows: "%TEMP%",
           other: "$TMPDIR",
         },
-        mkdir: {
-          windows: "New-Item -ItemType Directory -Force -Path ",
-          other: "mkdir -p ",
-        },
-        # TODO this is duplicating some stuff in the install_chef folder
-        # TODO maybe we start to break these out into actual functions, so
-        # we don't have to try and make really long one-liners
-        mktemp: {
-          windows: "$parent = [System.IO.Path]::GetTempPath(); [string] $name = [System.Guid]::NewGuid(); $tmp = New-Item -ItemType Directory -Path (Join-Path $parent $name); $tmp.FullName",
-          other: "bash -c 'd=$(mktemp -d -p${TMPDIR:-/tmp} chef_XXXXXX); chmod 777 $d; echo $d'"
-        },
         delete_folder: {
           windows: "Remove-Item -Recurse -Force –Path",
           other: "rm -rf",
         }
       }
 
+      # TODO - I'd like to consider PATH_MAPPING in action::base
+      #        to platform subclasses/mixins for target_host.  This way our 'target host'
+      #        which reprsents a node, the data and actions we can perform on it
+      #        knows how to `read_chef_report`, `mkdir`, etc.
+      #        -mp 2018-10-17
+
       PATH_MAPPING.keys.each do |m|
         define_method(m) { PATH_MAPPING[m][family] }
       end

data/lib/chef_apply/action/converge_target.rb

@@ -26,8 +26,10 @@ module ChefApply::Action
 
     def perform_action
       local_policy_path = config.delete :local_policy_path
-      remote_tmp = target_host.run_command!(mktemp, true)
-      remote_dir_path = escape_windows_path(remote_tmp.stdout.strip)
+      remote_tmp = target_host.mktemp()
+      remote_dir_path = escape_windows_path(remote_tmp)
+      # Ensure the directory is owned by the connecting user,
+      # otherwise we won't be able to put things into it over scp as that user.
       remote_policy_path = create_remote_policy(local_policy_path, remote_dir_path)
       remote_config_path = create_remote_config(remote_dir_path)
       create_remote_handler(remote_dir_path)
@@ -134,11 +136,7 @@ module ChefApply::Action
       return if certs.empty?
       notify(:uploading_trusted_certs)
       remote_tcd = "#{dir}/trusted_certs"
-      # We create the trusted_certs dir with the connection user (instead of the root
-      # user it would get as default since we run in sudo mode) because the `upload_file`
-      # uploads as the connection user. Without this upload_file would fail because
-      # it tries to write to a root-owned folder.
-      target_host.run_command("#{mkdir} #{remote_tcd}", true)
+      target_host.mkdir(remote_tcd)
       certs.each do |cert_file|
         target_host.upload_file(cert_file, "#{remote_tcd}/#{File.basename(cert_file)}")
       end

data/lib/chef_apply/action/install_chef/linux.rb

@@ -30,8 +30,7 @@ module ChefApply::Action::InstallChef
 
     def setup_remote_temp_path
       installer_dir = "/tmp/chef-installer"
-      target_host.run_command!("mkdir -p #{installer_dir}")
-      target_host.run_command!("chmod 777 #{installer_dir}")
+      target_host.mkdir(installer_dir)
       installer_dir
     end
   end

data/lib/chef_apply/target_host.rb

@@ -127,18 +127,15 @@ module ChefApply
       backend.platform
     end
 
-    def run_command!(command, sudo_as_user = false)
-      result = run_command(command, sudo_as_user)
+    def run_command!(command)
+      result = run_command(command)
       if result.exit_status != 0
         raise RemoteExecutionFailed.new(@config[:host], command, result)
       end
       result
     end
 
-    def run_command(command, sudo_as_user = false)
-      if config[:sudo] && sudo_as_user && base_os == :linux
-        command = "-u #{config[:user]} #{command}"
-      end
+    def run_command(command)
       backend.run_command command
     end
 
@@ -179,6 +176,56 @@ module ChefApply
       JSON.parse(manifest.content)
     end
 
+    # create a dir.  set owner to the connecting user if host isn't windows
+    # so that scp -- which uses the connecting user -- can upload into it.
+    def mkdir(path)
+      if base_os == :windows
+        run_command!("New-Item -ItemType Directory -Force -Path #{path}")
+      else
+        # This will also set ownership to the connecting user instead of default of
+        # root when sudo'd, so that the dir can be used to upload files using scp -
+        # which is done as the connecting user.
+        run_command!("mkdir -p #{path}")
+        chown(path, user)
+      end
+      nil
+    end
+
+    # TODO make these platform-specific classes instead of conditionals
+
+    # Simplified chown - just sets user , defaults to connection user. Does not touch
+    # group.  Only has effect on non-windows targets
+    def chown(path, owner = nil)
+      return if base_os == :windows
+      owner ||= user
+      run_command!("chown #{owner} '#{path}'")
+    end
+
+    MKTMP_WIN_CMD = "$parent = [System.IO.Path]::GetTempPath();" +
+      "[string] $name = [System.Guid]::NewGuid();" +
+      "$tmp = New-Item -ItemType Directory -Path " +
+      "(Join-Path $parent $name);" +
+      "$tmp.FullName"
+
+    MKTMP_LINUX_CMD = "d=$(mktemp -d -p${TMPDIR:-/tmp} chef_XXXXXX); echo $d"
+
+    # Create temporary dir and return the path.
+    # This will also set ownership to the connecting user instead of default of
+    # root when sudo'd, so that the dir can be used to upload files using scp -
+    # which is done as the connecting user.
+    def mktemp
+      if base_os == :windows
+        res = run_command!(MKTMP_WIN_CMD)
+        res.stdout.chomp.strip
+      else
+        # # TODO should we keep chmod 777?
+        res = run_command!("bash -c '#{MKTMP_LINUX_CMD}'")
+        path = res.stdout.chomp.strip
+        chown(path)
+        path
+      end
+    end
+
     private
 
     def train_connection

data/lib/chef_apply/version.rb

@@ -16,5 +16,5 @@
 #
 
 module ChefApply
-  VERSION = "0.2.1"
+  VERSION = "0.2.2"
 end

data/spec/unit/action/base_spec.rb

@@ -57,7 +57,7 @@ RSpec.describe ChefApply::Action::Base do
   end
 
   shared_examples "check path fetching" do
-    [:chef_client, :cache_path, :read_chef_report, :delete_chef_report, :tempdir, :mktemp, :delete_folder].each do |path|
+    [:chef_client, :cache_path, :read_chef_report, :delete_chef_report, :tempdir, :delete_folder].each do |path|
       it "correctly returns path #{path}" do
         expect(action.send(path)).to be_a(String)
       end

data/spec/unit/action/converge_target_spec.rb

@@ -232,7 +232,7 @@ RSpec.describe ChefApply::Action::ConvergeTarget do
       let!(:cert2) { FileUtils.touch(File.join(certs_dir, "2.pem"))[0] }
 
       it "uploads the local certs" do
-        expect(target_host).to receive(:run_command).with("#{subject.mkdir} #{remote_tcd}", true)
+        expect(target_host).to receive(:mkdir).with(remote_tcd)
         expect(target_host).to receive(:upload_file).with(cert1, File.join(remote_tcd, File.basename(cert1)))
         expect(target_host).to receive(:upload_file).with(cert2, File.join(remote_tcd, File.basename(cert2)))
         subject.upload_trusted_certs(remote_folder)
@@ -254,9 +254,9 @@ RSpec.describe ChefApply::Action::ConvergeTarget do
     let(:remote_archive) { File.join(remote_folder, File.basename(archive)) }
     let(:remote_config) { "#{remote_folder}/workstation.rb" }
     let(:remote_handler) { "#{remote_folder}/reporter.rb" }
-    let(:tmpdir) { double("tmpdir", exit_status: 0, stdout: remote_folder) }
+    let(:tmpdir) { remote_folder }
     before do
-      expect(target_host).to receive(:run_command!).with(subject.mktemp, true).and_return(tmpdir)
+      expect(target_host).to receive(:mktemp).and_return(tmpdir)
     end
     let(:result) { double("command result", exit_status: 0, stdout: "") }
 

data/spec/unit/target_host_spec.rb

@@ -129,15 +129,6 @@ RSpec.describe ChefApply::TargetHost do
       it "returns the result" do
         expect(subject.run_command!(command)).to eq result
       end
-
-      context "when sudo_as_user is true" do
-        let(:family) { "debian" }
-        let(:is_linux) { true }
-        it "returns the result" do
-          expect(backend).to receive(:run_command).with("-u user #{command}").and_return(result)
-          expect(subject.run_command!(command, true)).to eq result
-        end
-      end
     end
 
     context "when an error occurs" do
@@ -228,4 +219,83 @@ RSpec.describe ChefApply::TargetHost do
     end
   end
 
+  context "target host operations" do
+    let(:base_os) { :unknown }
+    let(:user) { "testuser" }
+    before do
+      allow(subject).to receive(:base_os).and_return base_os
+      allow(subject).to receive(:user).and_return user
+    end
+    context "#mkdir" do
+      context "when the target is Windows" do
+        let(:base_os) { :windows }
+        it "creates the directory using the correct command PowerShell command" do
+          # TODO - testing command strings always feels a bit like an antipattern. Do we have alternatives?
+          expect(subject).to receive(:run_command!).with("New-Item -ItemType Directory -Force -Path C:\\temp\\dir")
+          subject.mkdir("C:\\temp\\dir")
+        end
+
+      end
+      context "when the target is Linux" do
+        let(:base_os) { :linux }
+        it "uses a properly formed mkdir to create the directory and changes ownership to connected user" do
+          expect(subject).to receive(:run_command!).with("mkdir -p /tmp/dir")
+          expect(subject).to receive(:run_command!).with("chown testuser '/tmp/dir'")
+          subject.mkdir("/tmp/dir")
+
+        end
+      end
+    end
+
+    context "#chown" do
+      context "when the target is Windows" do
+        let(:base_os) { :windows }
+        xit "does nothing - this is not implemented until we need it"
+      end
+
+      context "when the target is Linux" do
+        let(:base_os) { :linux }
+        let(:path) { "/tmp/blah" }
+
+        context "and an owner is provided" do
+          it "uses a properly formed chown to change owning user to the connected user" do
+            expect(subject).to receive(:run_command!).with("chown newowner '/tmp/dir'")
+            subject.chown("/tmp/dir", "newowner")
+          end
+        end
+
+        context "and an owner is not provided" do
+          it "uses a properly formed chown to change owning user to the connected user" do
+            expect(subject).to receive(:run_command!).with("chown #{user} '/tmp/dir'")
+            subject.chown("/tmp/dir")
+          end
+        end
+      end
+    end
+
+    context "#mktemp" do
+      context "when the target is Windows" do
+        let(:base_os) { :windows }
+        let(:path) { "C:\\temp\\blah" }
+        it "creates the temporary directory using the correct PowerShell command and returns the path" do
+          expect(subject).to receive(:run_command!).
+            with(ChefApply::TargetHost::MKTMP_WIN_CMD).
+            and_return(instance_double("result", stdout: path))
+          expect(subject.mktemp()).to eq(path)
+        end
+      end
+
+      context "when the target is Linux" do
+        let(:base_os) { :linux }
+        let(:path) { "/tmp/blah" }
+        it "creates the directory using a properly formed mktemp, changes ownership to connecting user, and returns the path" do
+          expect(subject).to receive(:run_command!).
+            with("bash -c '#{ChefApply::TargetHost::MKTMP_LINUX_CMD}'").
+            and_return(instance_double("result", stdout: "/tmp/blah"))
+          expect(subject).to receive(:chown).with(path)
+          expect(subject.mktemp()).to eq path
+        end
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-apply
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Chef Software, Inc
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-17 00:00:00.000000000 Z
+date: 2018-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mixlib-cli