chef-apply 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +13 -10
- data/lib/chef_apply/action/base.rb +6 -11
- data/lib/chef_apply/action/converge_target.rb +5 -7
- data/lib/chef_apply/action/install_chef/linux.rb +1 -2
- data/lib/chef_apply/target_host.rb +53 -6
- data/lib/chef_apply/version.rb +1 -1
- data/spec/unit/action/base_spec.rb +1 -1
- data/spec/unit/action/converge_target_spec.rb +3 -3
- data/spec/unit/target_host_spec.rb +79 -9
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 47763f0152ecf082b519b5e8f19aee5616d37bbf96693b0751e74f51632be7f8
|
|
4
|
+
data.tar.gz: 55feba8903fa01cab32672129689d34ead1e005750db15505cd5fbae9ab54366
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 16ce92eeadd92a96cf00a56d4c2faaa551fef3b442eee4ba54cda7f81671f8af876090611e59f2ece3b7ded1ec04f29bb56baa1f6e183c5db2bfc919915703c5
|
|
7
|
+
data.tar.gz: de6f1bd15e8e62c54332089364cfe1a3c9989e903403913667fa77ebd15af96479654ed279c6c4ce04d345864a50a2ad9c844481f8f7771b4a59d3b26d266f6a
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
chef-apply (0.2.
|
|
4
|
+
chef-apply (0.2.2)
|
|
5
5
|
chef (>= 14.0)
|
|
6
6
|
chef-dk (>= 3.0)
|
|
7
7
|
chef-telemetry
|
|
@@ -21,16 +21,18 @@ GEM
|
|
|
21
21
|
addressable (2.5.2)
|
|
22
22
|
public_suffix (>= 2.0.2, < 4.0)
|
|
23
23
|
ast (2.4.0)
|
|
24
|
-
aws-sdk (2.11.
|
|
25
|
-
aws-sdk-resources (= 2.11.
|
|
26
|
-
aws-sdk-core (2.11.
|
|
24
|
+
aws-sdk (2.11.153)
|
|
25
|
+
aws-sdk-resources (= 2.11.153)
|
|
26
|
+
aws-sdk-core (2.11.153)
|
|
27
27
|
aws-sigv4 (~> 1.0)
|
|
28
28
|
jmespath (~> 1.0)
|
|
29
|
-
aws-sdk-resources (2.11.
|
|
30
|
-
aws-sdk-core (= 2.11.
|
|
29
|
+
aws-sdk-resources (2.11.153)
|
|
30
|
+
aws-sdk-core (= 2.11.153)
|
|
31
31
|
aws-sigv4 (1.0.3)
|
|
32
32
|
azure_graph_rbac (0.17.0)
|
|
33
33
|
ms_rest_azure (~> 0.11.0)
|
|
34
|
+
azure_mgmt_key_vault (0.17.2)
|
|
35
|
+
ms_rest_azure (~> 0.11.0)
|
|
34
36
|
azure_mgmt_resources (0.17.2)
|
|
35
37
|
ms_rest_azure (~> 0.11.0)
|
|
36
38
|
binding_of_caller (0.8.0)
|
|
@@ -147,10 +149,10 @@ GEM
|
|
|
147
149
|
representable (~> 3.0)
|
|
148
150
|
retriable (>= 2.0, < 4.0)
|
|
149
151
|
signet (~> 0.9)
|
|
150
|
-
googleauth (0.6.
|
|
152
|
+
googleauth (0.6.7)
|
|
151
153
|
faraday (~> 0.12)
|
|
152
154
|
jwt (>= 1.4, < 3.0)
|
|
153
|
-
memoist (~> 0.
|
|
155
|
+
memoist (~> 0.16)
|
|
154
156
|
multi_json (~> 1.11)
|
|
155
157
|
os (>= 0.9, < 2.0)
|
|
156
158
|
signet (~> 0.7)
|
|
@@ -330,9 +332,10 @@ GEM
|
|
|
330
332
|
toml-rb (1.1.2)
|
|
331
333
|
citrus (~> 3.0, > 3.0)
|
|
332
334
|
tomlrb (1.2.7)
|
|
333
|
-
train (1.5.
|
|
335
|
+
train (1.5.4)
|
|
334
336
|
aws-sdk (~> 2)
|
|
335
337
|
azure_graph_rbac (~> 0.16)
|
|
338
|
+
azure_mgmt_key_vault (~> 0.17)
|
|
336
339
|
azure_mgmt_resources (~> 0.15)
|
|
337
340
|
docker-api (~> 1.26)
|
|
338
341
|
google-api-client (~> 0.23.9)
|
|
@@ -389,4 +392,4 @@ DEPENDENCIES
|
|
|
389
392
|
simplecov
|
|
390
393
|
|
|
391
394
|
BUNDLED WITH
|
|
392
|
-
1.16.
|
|
395
|
+
1.16.6
|
|
@@ -60,23 +60,18 @@ module ChefApply
|
|
|
60
60
|
windows: "%TEMP%",
|
|
61
61
|
other: "$TMPDIR",
|
|
62
62
|
},
|
|
63
|
-
mkdir: {
|
|
64
|
-
windows: "New-Item -ItemType Directory -Force -Path ",
|
|
65
|
-
other: "mkdir -p ",
|
|
66
|
-
},
|
|
67
|
-
# TODO this is duplicating some stuff in the install_chef folder
|
|
68
|
-
# TODO maybe we start to break these out into actual functions, so
|
|
69
|
-
# we don't have to try and make really long one-liners
|
|
70
|
-
mktemp: {
|
|
71
|
-
windows: "$parent = [System.IO.Path]::GetTempPath(); [string] $name = [System.Guid]::NewGuid(); $tmp = New-Item -ItemType Directory -Path (Join-Path $parent $name); $tmp.FullName",
|
|
72
|
-
other: "bash -c 'd=$(mktemp -d -p${TMPDIR:-/tmp} chef_XXXXXX); chmod 777 $d; echo $d'"
|
|
73
|
-
},
|
|
74
63
|
delete_folder: {
|
|
75
64
|
windows: "Remove-Item -Recurse -Force –Path",
|
|
76
65
|
other: "rm -rf",
|
|
77
66
|
}
|
|
78
67
|
}
|
|
79
68
|
|
|
69
|
+
# TODO - I'd like to consider PATH_MAPPING in action::base
|
|
70
|
+
# to platform subclasses/mixins for target_host. This way our 'target host'
|
|
71
|
+
# which reprsents a node, the data and actions we can perform on it
|
|
72
|
+
# knows how to `read_chef_report`, `mkdir`, etc.
|
|
73
|
+
# -mp 2018-10-17
|
|
74
|
+
|
|
80
75
|
PATH_MAPPING.keys.each do |m|
|
|
81
76
|
define_method(m) { PATH_MAPPING[m][family] }
|
|
82
77
|
end
|
|
@@ -26,8 +26,10 @@ module ChefApply::Action
|
|
|
26
26
|
|
|
27
27
|
def perform_action
|
|
28
28
|
local_policy_path = config.delete :local_policy_path
|
|
29
|
-
remote_tmp = target_host.
|
|
30
|
-
remote_dir_path = escape_windows_path(remote_tmp
|
|
29
|
+
remote_tmp = target_host.mktemp()
|
|
30
|
+
remote_dir_path = escape_windows_path(remote_tmp)
|
|
31
|
+
# Ensure the directory is owned by the connecting user,
|
|
32
|
+
# otherwise we won't be able to put things into it over scp as that user.
|
|
31
33
|
remote_policy_path = create_remote_policy(local_policy_path, remote_dir_path)
|
|
32
34
|
remote_config_path = create_remote_config(remote_dir_path)
|
|
33
35
|
create_remote_handler(remote_dir_path)
|
|
@@ -134,11 +136,7 @@ module ChefApply::Action
|
|
|
134
136
|
return if certs.empty?
|
|
135
137
|
notify(:uploading_trusted_certs)
|
|
136
138
|
remote_tcd = "#{dir}/trusted_certs"
|
|
137
|
-
|
|
138
|
-
# user it would get as default since we run in sudo mode) because the `upload_file`
|
|
139
|
-
# uploads as the connection user. Without this upload_file would fail because
|
|
140
|
-
# it tries to write to a root-owned folder.
|
|
141
|
-
target_host.run_command("#{mkdir} #{remote_tcd}", true)
|
|
139
|
+
target_host.mkdir(remote_tcd)
|
|
142
140
|
certs.each do |cert_file|
|
|
143
141
|
target_host.upload_file(cert_file, "#{remote_tcd}/#{File.basename(cert_file)}")
|
|
144
142
|
end
|
|
@@ -30,8 +30,7 @@ module ChefApply::Action::InstallChef
|
|
|
30
30
|
|
|
31
31
|
def setup_remote_temp_path
|
|
32
32
|
installer_dir = "/tmp/chef-installer"
|
|
33
|
-
target_host.
|
|
34
|
-
target_host.run_command!("chmod 777 #{installer_dir}")
|
|
33
|
+
target_host.mkdir(installer_dir)
|
|
35
34
|
installer_dir
|
|
36
35
|
end
|
|
37
36
|
end
|
|
@@ -127,18 +127,15 @@ module ChefApply
|
|
|
127
127
|
backend.platform
|
|
128
128
|
end
|
|
129
129
|
|
|
130
|
-
def run_command!(command
|
|
131
|
-
result = run_command(command
|
|
130
|
+
def run_command!(command)
|
|
131
|
+
result = run_command(command)
|
|
132
132
|
if result.exit_status != 0
|
|
133
133
|
raise RemoteExecutionFailed.new(@config[:host], command, result)
|
|
134
134
|
end
|
|
135
135
|
result
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
-
def run_command(command
|
|
139
|
-
if config[:sudo] && sudo_as_user && base_os == :linux
|
|
140
|
-
command = "-u #{config[:user]} #{command}"
|
|
141
|
-
end
|
|
138
|
+
def run_command(command)
|
|
142
139
|
backend.run_command command
|
|
143
140
|
end
|
|
144
141
|
|
|
@@ -179,6 +176,56 @@ module ChefApply
|
|
|
179
176
|
JSON.parse(manifest.content)
|
|
180
177
|
end
|
|
181
178
|
|
|
179
|
+
# create a dir. set owner to the connecting user if host isn't windows
|
|
180
|
+
# so that scp -- which uses the connecting user -- can upload into it.
|
|
181
|
+
def mkdir(path)
|
|
182
|
+
if base_os == :windows
|
|
183
|
+
run_command!("New-Item -ItemType Directory -Force -Path #{path}")
|
|
184
|
+
else
|
|
185
|
+
# This will also set ownership to the connecting user instead of default of
|
|
186
|
+
# root when sudo'd, so that the dir can be used to upload files using scp -
|
|
187
|
+
# which is done as the connecting user.
|
|
188
|
+
run_command!("mkdir -p #{path}")
|
|
189
|
+
chown(path, user)
|
|
190
|
+
end
|
|
191
|
+
nil
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
# TODO make these platform-specific classes instead of conditionals
|
|
195
|
+
|
|
196
|
+
# Simplified chown - just sets user , defaults to connection user. Does not touch
|
|
197
|
+
# group. Only has effect on non-windows targets
|
|
198
|
+
def chown(path, owner = nil)
|
|
199
|
+
return if base_os == :windows
|
|
200
|
+
owner ||= user
|
|
201
|
+
run_command!("chown #{owner} '#{path}'")
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
MKTMP_WIN_CMD = "$parent = [System.IO.Path]::GetTempPath();" +
|
|
205
|
+
"[string] $name = [System.Guid]::NewGuid();" +
|
|
206
|
+
"$tmp = New-Item -ItemType Directory -Path " +
|
|
207
|
+
"(Join-Path $parent $name);" +
|
|
208
|
+
"$tmp.FullName"
|
|
209
|
+
|
|
210
|
+
MKTMP_LINUX_CMD = "d=$(mktemp -d -p${TMPDIR:-/tmp} chef_XXXXXX); echo $d"
|
|
211
|
+
|
|
212
|
+
# Create temporary dir and return the path.
|
|
213
|
+
# This will also set ownership to the connecting user instead of default of
|
|
214
|
+
# root when sudo'd, so that the dir can be used to upload files using scp -
|
|
215
|
+
# which is done as the connecting user.
|
|
216
|
+
def mktemp
|
|
217
|
+
if base_os == :windows
|
|
218
|
+
res = run_command!(MKTMP_WIN_CMD)
|
|
219
|
+
res.stdout.chomp.strip
|
|
220
|
+
else
|
|
221
|
+
# # TODO should we keep chmod 777?
|
|
222
|
+
res = run_command!("bash -c '#{MKTMP_LINUX_CMD}'")
|
|
223
|
+
path = res.stdout.chomp.strip
|
|
224
|
+
chown(path)
|
|
225
|
+
path
|
|
226
|
+
end
|
|
227
|
+
end
|
|
228
|
+
|
|
182
229
|
private
|
|
183
230
|
|
|
184
231
|
def train_connection
|
data/lib/chef_apply/version.rb
CHANGED
|
@@ -57,7 +57,7 @@ RSpec.describe ChefApply::Action::Base do
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
shared_examples "check path fetching" do
|
|
60
|
-
[:chef_client, :cache_path, :read_chef_report, :delete_chef_report, :tempdir, :
|
|
60
|
+
[:chef_client, :cache_path, :read_chef_report, :delete_chef_report, :tempdir, :delete_folder].each do |path|
|
|
61
61
|
it "correctly returns path #{path}" do
|
|
62
62
|
expect(action.send(path)).to be_a(String)
|
|
63
63
|
end
|
|
@@ -232,7 +232,7 @@ RSpec.describe ChefApply::Action::ConvergeTarget do
|
|
|
232
232
|
let!(:cert2) { FileUtils.touch(File.join(certs_dir, "2.pem"))[0] }
|
|
233
233
|
|
|
234
234
|
it "uploads the local certs" do
|
|
235
|
-
expect(target_host).to receive(:
|
|
235
|
+
expect(target_host).to receive(:mkdir).with(remote_tcd)
|
|
236
236
|
expect(target_host).to receive(:upload_file).with(cert1, File.join(remote_tcd, File.basename(cert1)))
|
|
237
237
|
expect(target_host).to receive(:upload_file).with(cert2, File.join(remote_tcd, File.basename(cert2)))
|
|
238
238
|
subject.upload_trusted_certs(remote_folder)
|
|
@@ -254,9 +254,9 @@ RSpec.describe ChefApply::Action::ConvergeTarget do
|
|
|
254
254
|
let(:remote_archive) { File.join(remote_folder, File.basename(archive)) }
|
|
255
255
|
let(:remote_config) { "#{remote_folder}/workstation.rb" }
|
|
256
256
|
let(:remote_handler) { "#{remote_folder}/reporter.rb" }
|
|
257
|
-
let(:tmpdir) {
|
|
257
|
+
let(:tmpdir) { remote_folder }
|
|
258
258
|
before do
|
|
259
|
-
expect(target_host).to receive(:
|
|
259
|
+
expect(target_host).to receive(:mktemp).and_return(tmpdir)
|
|
260
260
|
end
|
|
261
261
|
let(:result) { double("command result", exit_status: 0, stdout: "") }
|
|
262
262
|
|
|
@@ -129,15 +129,6 @@ RSpec.describe ChefApply::TargetHost do
|
|
|
129
129
|
it "returns the result" do
|
|
130
130
|
expect(subject.run_command!(command)).to eq result
|
|
131
131
|
end
|
|
132
|
-
|
|
133
|
-
context "when sudo_as_user is true" do
|
|
134
|
-
let(:family) { "debian" }
|
|
135
|
-
let(:is_linux) { true }
|
|
136
|
-
it "returns the result" do
|
|
137
|
-
expect(backend).to receive(:run_command).with("-u user #{command}").and_return(result)
|
|
138
|
-
expect(subject.run_command!(command, true)).to eq result
|
|
139
|
-
end
|
|
140
|
-
end
|
|
141
132
|
end
|
|
142
133
|
|
|
143
134
|
context "when an error occurs" do
|
|
@@ -228,4 +219,83 @@ RSpec.describe ChefApply::TargetHost do
|
|
|
228
219
|
end
|
|
229
220
|
end
|
|
230
221
|
|
|
222
|
+
context "target host operations" do
|
|
223
|
+
let(:base_os) { :unknown }
|
|
224
|
+
let(:user) { "testuser" }
|
|
225
|
+
before do
|
|
226
|
+
allow(subject).to receive(:base_os).and_return base_os
|
|
227
|
+
allow(subject).to receive(:user).and_return user
|
|
228
|
+
end
|
|
229
|
+
context "#mkdir" do
|
|
230
|
+
context "when the target is Windows" do
|
|
231
|
+
let(:base_os) { :windows }
|
|
232
|
+
it "creates the directory using the correct command PowerShell command" do
|
|
233
|
+
# TODO - testing command strings always feels a bit like an antipattern. Do we have alternatives?
|
|
234
|
+
expect(subject).to receive(:run_command!).with("New-Item -ItemType Directory -Force -Path C:\\temp\\dir")
|
|
235
|
+
subject.mkdir("C:\\temp\\dir")
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
end
|
|
239
|
+
context "when the target is Linux" do
|
|
240
|
+
let(:base_os) { :linux }
|
|
241
|
+
it "uses a properly formed mkdir to create the directory and changes ownership to connected user" do
|
|
242
|
+
expect(subject).to receive(:run_command!).with("mkdir -p /tmp/dir")
|
|
243
|
+
expect(subject).to receive(:run_command!).with("chown testuser '/tmp/dir'")
|
|
244
|
+
subject.mkdir("/tmp/dir")
|
|
245
|
+
|
|
246
|
+
end
|
|
247
|
+
end
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
context "#chown" do
|
|
251
|
+
context "when the target is Windows" do
|
|
252
|
+
let(:base_os) { :windows }
|
|
253
|
+
xit "does nothing - this is not implemented until we need it"
|
|
254
|
+
end
|
|
255
|
+
|
|
256
|
+
context "when the target is Linux" do
|
|
257
|
+
let(:base_os) { :linux }
|
|
258
|
+
let(:path) { "/tmp/blah" }
|
|
259
|
+
|
|
260
|
+
context "and an owner is provided" do
|
|
261
|
+
it "uses a properly formed chown to change owning user to the connected user" do
|
|
262
|
+
expect(subject).to receive(:run_command!).with("chown newowner '/tmp/dir'")
|
|
263
|
+
subject.chown("/tmp/dir", "newowner")
|
|
264
|
+
end
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
context "and an owner is not provided" do
|
|
268
|
+
it "uses a properly formed chown to change owning user to the connected user" do
|
|
269
|
+
expect(subject).to receive(:run_command!).with("chown #{user} '/tmp/dir'")
|
|
270
|
+
subject.chown("/tmp/dir")
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
end
|
|
274
|
+
end
|
|
275
|
+
|
|
276
|
+
context "#mktemp" do
|
|
277
|
+
context "when the target is Windows" do
|
|
278
|
+
let(:base_os) { :windows }
|
|
279
|
+
let(:path) { "C:\\temp\\blah" }
|
|
280
|
+
it "creates the temporary directory using the correct PowerShell command and returns the path" do
|
|
281
|
+
expect(subject).to receive(:run_command!).
|
|
282
|
+
with(ChefApply::TargetHost::MKTMP_WIN_CMD).
|
|
283
|
+
and_return(instance_double("result", stdout: path))
|
|
284
|
+
expect(subject.mktemp()).to eq(path)
|
|
285
|
+
end
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
context "when the target is Linux" do
|
|
289
|
+
let(:base_os) { :linux }
|
|
290
|
+
let(:path) { "/tmp/blah" }
|
|
291
|
+
it "creates the directory using a properly formed mktemp, changes ownership to connecting user, and returns the path" do
|
|
292
|
+
expect(subject).to receive(:run_command!).
|
|
293
|
+
with("bash -c '#{ChefApply::TargetHost::MKTMP_LINUX_CMD}'").
|
|
294
|
+
and_return(instance_double("result", stdout: "/tmp/blah"))
|
|
295
|
+
expect(subject).to receive(:chown).with(path)
|
|
296
|
+
expect(subject.mktemp()).to eq path
|
|
297
|
+
end
|
|
298
|
+
end
|
|
299
|
+
end
|
|
300
|
+
end
|
|
231
301
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef-apply
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef Software, Inc
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-10-
|
|
11
|
+
date: 2018-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: mixlib-cli
|