chef-cli 1.0.3

data/lib/chef-cli/policyfile_services/install.rb

@@ -0,0 +1,167 @@
+#
+# Copyright:: Copyright (c) 2014-2018 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "ffi_yajl" unless defined?(FFI_Yajl)
+
+require_relative "../helpers"
+require_relative "../service_exceptions"
+require_relative "../policyfile_compiler"
+require_relative "../policyfile/storage_config"
+require_relative "../policyfile_lock"
+require_relative "../policyfile/lock_applier"
+
+module ChefCLI
+  module PolicyfileServices
+
+    class Install
+
+      include Policyfile::StorageConfigDelegation
+      include ChefCLI::Helpers
+
+      attr_reader :ui
+      attr_reader :storage_config
+      attr_reader :overwrite
+      attr_reader :chef_config
+
+      def initialize(policyfile: nil, ui: nil, root_dir: nil, overwrite: false, config: nil)
+        @ui = ui
+        @overwrite = overwrite
+        @chef_config = config
+
+        policyfile_rel_path = policyfile || "Policyfile.rb"
+        policyfile_full_path = File.expand_path(policyfile_rel_path, root_dir)
+        @storage_config = Policyfile::StorageConfig.new.use_policyfile(policyfile_full_path)
+
+        @policyfile_content = nil
+        @policyfile_compiler = nil
+      end
+
+      def run(cookbooks_to_update = [], exclude_deps = false)
+        unless File.exist?(policyfile_expanded_path)
+          # TODO: suggest next step. Add a generator/init command? Specify path to Policyfile.rb?
+          # See card CC-232
+          raise PolicyfileNotFound, "Policyfile not found at path #{policyfile_expanded_path}"
+        end
+
+        if installing_from_lock?
+          install_from_lock
+        elsif cookbooks_to_update.empty? # means update everything
+          generate_lock_and_install
+        else
+          update_lock_and_install(cookbooks_to_update, exclude_deps)
+        end
+      end
+
+      def policyfile_content
+        @policyfile_content ||= IO.read(policyfile_expanded_path)
+      end
+
+      def policyfile_compiler
+        @policyfile_compiler ||= ChefCLI::PolicyfileCompiler.evaluate(policyfile_content, policyfile_expanded_path, ui: ui, chef_config: chef_config)
+      end
+
+      def expanded_run_list
+        policyfile_compiler.expanded_run_list.to_s
+      end
+
+      def policyfile_lock_content
+        @policyfile_lock_content ||= IO.read(policyfile_lock_expanded_path) if File.exist?(policyfile_lock_expanded_path)
+      end
+
+      def policyfile_lock
+        return nil if policyfile_lock_content.nil?
+        @policyfile_lock ||= begin
+          lock_data = FFI_Yajl::Parser.new.parse(policyfile_lock_content)
+          PolicyfileLock.new(storage_config, ui: ui).build_from_lock_data(lock_data)
+        end
+      end
+
+      def generate_lock_and_install
+        policyfile_compiler.error!
+
+        ui.msg "Building policy #{policyfile_compiler.name}"
+        ui.msg "Expanded run list: " + expanded_run_list + "\n"
+
+        ui.msg "Caching Cookbooks..."
+
+        policyfile_compiler.install
+
+        lock_data = policyfile_compiler.lock.to_lock
+
+        with_file(policyfile_lock_expanded_path) do |f|
+          f.print(FFI_Yajl::Encoder.encode(lock_data, pretty: true ))
+        end
+
+        ui.msg ""
+
+        ui.msg "Lockfile written to #{policyfile_lock_expanded_path}"
+        ui.msg "Policy revision id: #{policyfile_lock.revision_id}"
+      rescue => error
+        raise PolicyfileInstallError.new("Failed to generate Policyfile.lock", error)
+      end
+
+      def update_lock_and_install(cookbooks_to_update, exclude_deps)
+        ui.msg "Updating #{cookbooks_to_update.join(',')} cookbooks #{exclude_deps ? '(excluding dependencies)' : ''}"
+        to_update = if exclude_deps
+                      cookbooks_to_update
+                    else
+                      policyfile_lock.solution_dependencies.transitive_deps(cookbooks_to_update)
+                    end
+        prepare_constraints_for_update(to_update)
+        prepare_constraints_for_policies
+        generate_lock_and_install
+      end
+
+      def prepare_constraints_for_update(to_update)
+        ui.msg "Will relax constraints on:"
+        to_update.each do |ck|
+          ui.msg " - #{ck}"
+        end
+
+        policyfile_lock.cookbook_locks.each do |ck_name, location_spec|
+          next if to_update.include?(ck_name)
+          # we need to feed policyfile_compiler.cookbook_location_spec_for with a CookbookLocationSpecification
+          policyfile_compiler.dsl.cookbook_location_specs[ck_name] = Policyfile::CookbookLocationSpecification.new(
+            ck_name,
+            Semverse::Constraint.new("=#{location_spec.version}"),
+            location_spec.source_options,
+            location_spec.storage_config
+          )
+        end
+      end
+
+      def prepare_constraints_for_policies
+        Policyfile::LockApplier
+          .new(policyfile_lock, policyfile_compiler)
+          .apply!
+      end
+
+      def install_from_lock
+        ui.msg "Installing cookbooks from lock"
+
+        policyfile_lock.install_cookbooks
+      rescue => error
+        raise PolicyfileInstallError.new("Failed to install cookbooks from lockfile", error)
+      end
+
+      def installing_from_lock?
+        !@overwrite && File.exist?(policyfile_lock_expanded_path)
+      end
+
+    end
+  end
+end

data/lib/chef-cli/policyfile_services/push.rb

@@ -0,0 +1,112 @@
+#
+# Copyright:: Copyright (c) 2014-2018 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "ffi_yajl" unless defined?(FFI_Yajl)
+
+require_relative "../service_exceptions"
+require "chef/server_api"
+require_relative "../policyfile_compiler"
+require_relative "../policyfile/uploader"
+require_relative "../policyfile/storage_config"
+
+module ChefCLI
+  module PolicyfileServices
+    class Push
+
+      include Policyfile::StorageConfigDelegation
+      include ChefCLI::Helpers
+
+      attr_reader :root_dir
+      attr_reader :config
+      attr_reader :policy_group
+      attr_reader :ui
+      attr_reader :storage_config
+
+      def initialize(policyfile: nil, ui: nil, policy_group: nil, config: nil, root_dir: nil)
+        @root_dir = root_dir
+        @ui = ui
+        @config = config
+        @policy_group = policy_group
+
+        policyfile_rel_path = policyfile || "Policyfile.rb"
+        policyfile_full_path = File.expand_path(policyfile_rel_path, root_dir)
+        @storage_config = Policyfile::StorageConfig.new.use_policyfile(policyfile_full_path)
+
+        @http_client = nil
+        @policy_data = nil
+      end
+
+      def http_client
+        @http_client ||= Chef::ServerAPI.new(config.chef_server_url,
+                                                       signing_key_filename: config.client_key,
+                                                       client_name: config.node_name)
+      end
+
+      def policy_data
+        @policy_data ||= FFI_Yajl::Parser.parse(IO.read(policyfile_lock_expanded_path))
+      rescue => error
+        raise PolicyfilePushError.new("Error reading lockfile #{policyfile_lock_expanded_path}", error)
+      end
+
+      def uploader
+        ChefCLI::Policyfile::Uploader.new(policyfile_lock, policy_group,
+                                         ui: ui,
+                                         http_client: http_client,
+                                         policy_document_native_api: config.policy_document_native_api)
+      end
+
+      def run
+        unless File.exist?(policyfile_lock_expanded_path)
+          raise LockfileNotFound, "No lockfile at #{policyfile_lock_expanded_path} - you need to run `install` before `push`"
+        end
+
+        validate_lockfile
+        write_updated_lockfile
+        upload_policy
+      end
+
+      def policyfile_lock
+        @policyfile_lock || validate_lockfile
+      end
+
+      private
+
+      def upload_policy
+        uploader.upload
+      rescue => error
+        raise PolicyfilePushError.new("Failed to upload policy to policy group #{policy_group}", error)
+      end
+
+      def write_updated_lockfile
+        with_file(policyfile_lock_expanded_path) do |f|
+          f.print(FFI_Yajl::Encoder.encode(policyfile_lock.to_lock, pretty: true ))
+        end
+      end
+
+      def validate_lockfile
+        return @policyfile_lock if @policyfile_lock
+        @policyfile_lock = ChefCLI::PolicyfileLock.new(storage_config).build_from_lock_data(policy_data)
+        # TODO: enumerate any cookbook that have been updated
+        @policyfile_lock.validate_cookbooks!
+        @policyfile_lock
+      rescue => error
+        raise PolicyfilePushError.new("Invalid lockfile data", error)
+      end
+
+    end
+  end
+end

data/lib/chef-cli/policyfile_services/push_archive.rb

@@ -0,0 +1,164 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "zlib"
+require "archive/tar/minitar"
+
+require_relative "../service_exceptions"
+require_relative "../policyfile_lock"
+require "chef/server_api"
+require_relative "../policyfile/uploader"
+
+module ChefCLI
+  module PolicyfileServices
+    class PushArchive
+
+      USTAR_INDICATOR = "ustar\0".force_encoding(Encoding::ASCII_8BIT).freeze
+
+      attr_reader :archive_file
+      attr_reader :policy_group
+      attr_reader :root_dir
+      attr_reader :ui
+      attr_reader :config
+
+      attr_reader :policyfile_lock
+
+      def initialize(archive_file: nil, policy_group: nil, root_dir: nil, ui: nil, config: nil)
+        @archive_file = archive_file
+        @policy_group = policy_group
+        @root_dir = root_dir || Dir.pwd
+        @ui = ui
+        @config = config
+
+        @policyfile_lock = nil
+      end
+
+      def archive_file_path
+        File.expand_path(archive_file, root_dir)
+      end
+
+      def run
+        unless File.exist?(archive_file_path)
+          raise InvalidPolicyArchive, "Archive file #{archive_file_path} not found"
+        end
+        stage_unpacked_archive do |staging_dir|
+          read_policyfile_lock(staging_dir)
+
+          uploader.upload
+        end
+
+      rescue => e
+        raise PolicyfilePushArchiveError.new("Failed to publish archived policy", e)
+      end
+
+      # @api private
+      def uploader
+        ChefCLI::Policyfile::Uploader.new(policyfile_lock, policy_group,
+                                         ui: ui,
+                                         http_client: http_client,
+                                         policy_document_native_api: config.policy_document_native_api)
+      end
+
+      # @api private
+      def http_client
+        @http_client ||= Chef::ServerAPI.new(config.chef_server_url,
+                                             signing_key_filename: config.client_key,
+                                             client_name: config.node_name)
+      end
+
+      private
+
+      def read_policyfile_lock(staging_dir)
+        policyfile_lock_path = File.join(staging_dir, "Policyfile.lock.json")
+
+        if looks_like_old_format_archive?(staging_dir)
+          raise InvalidPolicyArchive, <<~MESSAGE
+            This archive is in an unsupported format.
+
+            This archive was created with an older version of ChefCLI. This version of
+            ChefCLI does not support archives in the older format. Please Re-create the
+            archive with a newer version of ChefCLI or Workstation.
+          MESSAGE
+        end
+
+        unless File.exist?(policyfile_lock_path)
+          raise InvalidPolicyArchive, "Archive does not contain a Policyfile.lock.json"
+        end
+
+        unless File.directory?(File.join(staging_dir, "cookbook_artifacts"))
+          raise InvalidPolicyArchive, "Archive does not contain a cookbook_artifacts directory"
+        end
+
+        policy_data = load_policy_data(policyfile_lock_path)
+        storage_config = Policyfile::StorageConfig.new.use_policyfile_lock(policyfile_lock_path)
+        @policyfile_lock = ChefCLI::PolicyfileLock.new(storage_config).build_from_archive(policy_data)
+
+        missing_cookbooks = policyfile_lock.cookbook_locks.select do |name, lock|
+          !lock.installed?
+        end
+
+        unless missing_cookbooks.empty?
+          message = "Archive does not have all cookbooks required by the Policyfile.lock. " +
+            "Missing cookbooks: '#{missing_cookbooks.keys.join('", "')}'."
+          raise InvalidPolicyArchive, message
+        end
+      end
+
+      def load_policy_data(policyfile_lock_path)
+        FFI_Yajl::Parser.parse(IO.read(policyfile_lock_path))
+      end
+
+      def stage_unpacked_archive
+        p = Process.pid
+        t = Time.new.utc.strftime("%Y%m%d%H%M%S")
+        Dir.mktmpdir("chefcli-push-archive-#{p}-#{t}") do |staging_dir|
+          unpack_to(staging_dir)
+          yield staging_dir
+        end
+      end
+
+      def unpack_to(staging_dir)
+        Mixlib::Archive.new(archive_file_path).extract(staging_dir)
+      rescue => e
+        raise InvalidPolicyArchive, "Archive file #{archive_file_path} could not be unpacked. #{e}"
+      end
+
+      def looks_like_old_format_archive?(staging_dir)
+        cookbooks_dir = File.join(staging_dir, "cookbooks")
+        data_bags_dir = File.join(staging_dir, "data_bags")
+
+        cookbook_artifacts_dir = File.join(staging_dir, "cookbook_artifacts")
+        policies_dir = File.join(staging_dir, "policies")
+        policy_groups_dir = File.join(staging_dir, "policy_groups")
+
+        # Old archives just had these two dirs
+        have_old_dirs = File.exist?(cookbooks_dir) && File.exist?(data_bags_dir)
+
+        # New archives created by `chef export` will have all of these; it's
+        # also possible we'll encounter an "artisanal" archive, which might
+        # only be missing one of these by accident. In that case we want to
+        # trigger a different error than we're detecting here.
+        have_any_new_dirs = File.exist?(cookbook_artifacts_dir) ||
+          File.exist?(policies_dir) ||
+          File.exist?(policy_groups_dir)
+
+        have_old_dirs && !have_any_new_dirs
+      end
+
+    end
+  end
+end

data/lib/chef-cli/policyfile_services/rm_policy.rb

@@ -0,0 +1,141 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../service_exceptions"
+require "chef/server_api"
+require_relative "../policyfile/undo_stack"
+require_relative "../policyfile/undo_record"
+
+module ChefCLI
+  module PolicyfileServices
+
+    class RmPolicy
+
+      attr_reader :policy_name
+
+      # @api private
+      attr_reader :chef_config
+
+      # @api private
+      attr_reader :ui
+
+      # @api private
+      attr_reader :undo_record
+
+      # @api private
+      attr_reader :undo_stack
+
+      def initialize(config: nil, ui: nil, policy_name: nil)
+        @chef_config = config
+        @ui = ui
+        @policy_name = policy_name
+
+        @policy_revision_data = nil
+        @policy_exists = false
+        @policy_group_data = nil
+
+        @undo_record = Policyfile::UndoRecord.new
+        @undo_stack = Policyfile::UndoStack.new
+      end
+
+      def run
+        unless policy_exists?
+          ui.err("Policy '#{policy_name}' does not exist on the server")
+          return false
+        end
+
+        undo_record.description = "delete-policy #{policy_name}"
+
+        unless policy_has_no_revisions?
+          gather_policy_data_for_undo
+        end
+
+        http_client.delete("/policies/#{policy_name}")
+        undo_stack.push(undo_record)
+        ui.err("Removed policy '#{policy_name}'.")
+      rescue => e
+        raise DeletePolicyError.new("Failed to delete policy '#{policy_name}'", e)
+      end
+
+      # @api private
+      # An instance of Chef::ServerAPI configured with the user's
+      # server URL and credentials.
+      def http_client
+        @http_client ||= Chef::ServerAPI.new(chef_config.chef_server_url,
+                                             signing_key_filename: chef_config.client_key,
+                                             client_name: chef_config.node_name)
+      end
+
+      private
+
+      def policy_has_no_revisions?
+        policy_revision_data.empty? || policy_revision_data["revisions"].empty?
+      end
+
+      def gather_policy_data_for_undo
+        revisions = policy_revision_data["revisions"].keys
+
+        revisions.each do |revision_id|
+          policy_revision_data = http_client.get("/policies/#{policy_name}/revisions/#{revision_id}")
+          policy_groups = policy_groups_using_revision(revision_id)
+          if policy_groups.empty?
+            undo_record.add_policy_revision(policy_name, nil, policy_revision_data)
+          else
+            policy_groups.each do |policy_group|
+              undo_record.add_policy_revision(policy_name, policy_group, policy_revision_data)
+            end
+          end
+        end
+      end
+
+      def policy_groups_using_revision(revision_id)
+        groups = []
+        policy_group_data.each do |group_name, group_info|
+          next unless group_info.key?("policies") && !group_info["policies"].empty?
+          next unless group_info["policies"].key?(policy_name)
+          next unless group_info["policies"][policy_name]["revision_id"] == revision_id
+          groups << group_name if group_info
+        end
+        groups
+      end
+
+      def policy_group_data
+        @policy_group_data ||= http_client.get("/policy_groups")
+      end
+
+      def policy_exists?
+        return true if @policy_exists
+        fetch_policy_revision_data
+        @policy_exists
+      end
+
+      def policy_revision_data
+        return @policy_revision_data if @policy_exists
+        fetch_policy_revision_data
+      end
+
+      def fetch_policy_revision_data
+        @policy_revision_data = http_client.get("/policies/#{policy_name}")
+        @policy_exists = true
+      rescue Net::HTTPServerException => e
+        raise unless e.response.code == "404"
+        @policy_exists = false
+      end
+
+    end
+  end
+end