chef-config 17.10.26 → 18.0.169
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +201 -201
- data/Rakefile +14 -14
- data/chef-config.gemspec +39 -39
- data/lib/chef-config/config.rb +1305 -1297
- data/lib/chef-config/exceptions.rb +27 -27
- data/lib/chef-config/fips.rb +53 -53
- data/lib/chef-config/logger.rb +53 -53
- data/lib/chef-config/mixin/credentials.rb +102 -102
- data/lib/chef-config/mixin/dot_d.rb +44 -44
- data/lib/chef-config/mixin/fuzzy_hostname_matcher.rb +49 -49
- data/lib/chef-config/mixin/train_transport.rb +143 -143
- data/lib/chef-config/path_helper.rb +350 -350
- data/lib/chef-config/version.rb +19 -19
- data/lib/chef-config/windows.rb +24 -24
- data/lib/chef-config/workstation_config_loader.rb +282 -281
- data/lib/chef-config.rb +20 -20
- data/spec/spec_helper.rb +75 -75
- data/spec/unit/config_spec.rb +1399 -1390
- data/spec/unit/fips_spec.rb +128 -128
- data/spec/unit/path_helper_spec.rb +372 -372
- data/spec/unit/workstation_config_loader_spec.rb +633 -633
- metadata +4 -4
@@ -1,281 +1,282 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require "chef-utils" unless defined?(ChefUtils::CANARY)
|
20
|
-
|
21
|
-
require_relative "
|
22
|
-
require_relative "
|
23
|
-
require_relative "
|
24
|
-
require_relative "
|
25
|
-
require_relative "
|
26
|
-
require_relative "mixin/
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
include ChefConfig::Mixin::
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
@
|
43
|
-
@
|
44
|
-
@
|
45
|
-
@
|
46
|
-
@
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
#
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
Config.config_file
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
candidate_configs << File.join(env["KNIFE_HOME"], "
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
candidate_configs << File.join(Dir.pwd, "
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
candidate_configs << File.join(chef_config_dir, "
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
candidate_configs << File.join(dot_chef_dir, "
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
message
|
197
|
-
message << "
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
message
|
206
|
-
|
207
|
-
filtered_trace.
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
#
|
217
|
-
#
|
218
|
-
#
|
219
|
-
#
|
220
|
-
#
|
221
|
-
# @
|
222
|
-
# @
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
Config[:
|
230
|
-
|
231
|
-
|
232
|
-
#
|
233
|
-
|
234
|
-
|
235
|
-
Config[:
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
#
|
241
|
-
#
|
242
|
-
#
|
243
|
-
#
|
244
|
-
#
|
245
|
-
#
|
246
|
-
# @
|
247
|
-
# @
|
248
|
-
#
|
249
|
-
#
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require "chef-utils" unless defined?(ChefUtils::CANARY)
|
20
|
+
require "etc" unless defined?(Etc)
|
21
|
+
require_relative "config"
|
22
|
+
require_relative "exceptions"
|
23
|
+
require_relative "logger"
|
24
|
+
require_relative "path_helper"
|
25
|
+
require_relative "windows"
|
26
|
+
require_relative "mixin/dot_d"
|
27
|
+
require_relative "mixin/credentials"
|
28
|
+
|
29
|
+
module ChefConfig
|
30
|
+
class WorkstationConfigLoader
|
31
|
+
include ChefConfig::Mixin::DotD
|
32
|
+
include ChefConfig::Mixin::Credentials
|
33
|
+
|
34
|
+
# Path to a config file requested by user, (e.g., via command line option). Can be nil
|
35
|
+
attr_accessor :explicit_config_file
|
36
|
+
# The name of a credentials profile. Can be nil
|
37
|
+
attr_accessor :profile
|
38
|
+
attr_reader :credentials_found
|
39
|
+
|
40
|
+
# TODO: initialize this with a logger for Chef and Knife
|
41
|
+
def initialize(explicit_config_file, logger = nil, profile: nil)
|
42
|
+
@explicit_config_file = explicit_config_file
|
43
|
+
@chef_config_dir = nil
|
44
|
+
@config_location = nil
|
45
|
+
@profile = profile
|
46
|
+
@logger = logger || NullLogger.new
|
47
|
+
@credentials_found = false
|
48
|
+
end
|
49
|
+
|
50
|
+
def no_config_found?
|
51
|
+
config_location.nil? && !credentials_found
|
52
|
+
end
|
53
|
+
|
54
|
+
def config_location
|
55
|
+
@config_location ||= (explicit_config_file || locate_local_config)
|
56
|
+
end
|
57
|
+
|
58
|
+
def chef_config_dir
|
59
|
+
if @chef_config_dir.nil?
|
60
|
+
@chef_config_dir = false
|
61
|
+
full_path = working_directory.split(File::SEPARATOR)
|
62
|
+
(full_path.length - 1).downto(0) do |i|
|
63
|
+
candidate_directory = File.join(full_path[0..i] + [ChefUtils::Dist::Infra::USER_CONF_DIR])
|
64
|
+
if File.exist?(candidate_directory) && File.directory?(candidate_directory)
|
65
|
+
@chef_config_dir = candidate_directory
|
66
|
+
break
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
@chef_config_dir
|
71
|
+
end
|
72
|
+
|
73
|
+
def load
|
74
|
+
load_credentials(profile)
|
75
|
+
# Ignore it if there's no explicit_config_file and can't find one at a
|
76
|
+
# default path.
|
77
|
+
unless config_location.nil?
|
78
|
+
if explicit_config_file && !path_exists?(config_location)
|
79
|
+
raise ChefConfig::ConfigurationError, "Specified config file #{config_location} does not exist"
|
80
|
+
end
|
81
|
+
|
82
|
+
# Have to set Config.config_file b/c other config is derived from it.
|
83
|
+
Config.config_file = config_location
|
84
|
+
apply_config(IO.read(config_location), config_location)
|
85
|
+
end
|
86
|
+
|
87
|
+
load_dot_d(Config[:config_d_dir]) if Config[:config_d_dir]
|
88
|
+
|
89
|
+
apply_defaults
|
90
|
+
end
|
91
|
+
|
92
|
+
# (Private API, public for test purposes)
|
93
|
+
def env
|
94
|
+
ENV
|
95
|
+
end
|
96
|
+
|
97
|
+
# (Private API, public for test purposes)
|
98
|
+
def path_exists?(path)
|
99
|
+
Pathname.new(path).expand_path.exist?
|
100
|
+
end
|
101
|
+
|
102
|
+
private
|
103
|
+
|
104
|
+
def have_config?(path)
|
105
|
+
if path_exists?(path)
|
106
|
+
logger.info("Using config at #{path}")
|
107
|
+
true
|
108
|
+
else
|
109
|
+
logger.debug("Config not found at #{path}, trying next option")
|
110
|
+
false
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
def locate_local_config
|
115
|
+
candidate_configs = []
|
116
|
+
|
117
|
+
# Look for $KNIFE_HOME/knife.rb (allow multiple knives config on same machine)
|
118
|
+
if env["KNIFE_HOME"]
|
119
|
+
candidate_configs << File.join(env["KNIFE_HOME"], "config.rb")
|
120
|
+
candidate_configs << File.join(env["KNIFE_HOME"], "knife.rb")
|
121
|
+
end
|
122
|
+
# Look for $PWD/knife.rb
|
123
|
+
if Dir.pwd
|
124
|
+
candidate_configs << File.join(Dir.pwd, "config.rb")
|
125
|
+
candidate_configs << File.join(Dir.pwd, "knife.rb")
|
126
|
+
end
|
127
|
+
# Look for $UPWARD/.chef/knife.rb
|
128
|
+
if chef_config_dir
|
129
|
+
candidate_configs << File.join(chef_config_dir, "config.rb")
|
130
|
+
candidate_configs << File.join(chef_config_dir, "knife.rb")
|
131
|
+
end
|
132
|
+
# Look for $HOME/.chef/knife.rb
|
133
|
+
PathHelper.home(ChefUtils::Dist::Infra::USER_CONF_DIR) do |dot_chef_dir|
|
134
|
+
candidate_configs << File.join(dot_chef_dir, "config.rb")
|
135
|
+
candidate_configs << File.join(dot_chef_dir, "knife.rb")
|
136
|
+
end
|
137
|
+
|
138
|
+
candidate_configs.find do |candidate_config|
|
139
|
+
have_config?(candidate_config)
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
def working_directory
|
144
|
+
if ChefUtils.windows?
|
145
|
+
env["CD"]
|
146
|
+
else
|
147
|
+
env["PWD"]
|
148
|
+
end || Dir.pwd
|
149
|
+
end
|
150
|
+
|
151
|
+
def apply_credentials(creds, profile)
|
152
|
+
# Store the profile used in case other things want it.
|
153
|
+
Config.profile ||= profile
|
154
|
+
# Validate the credentials data.
|
155
|
+
if creds.key?("node_name") && creds.key?("client_name")
|
156
|
+
raise ChefConfig::ConfigurationError, "Do not specify both node_name and client_name. You should prefer client_name."
|
157
|
+
end
|
158
|
+
|
159
|
+
# Load credentials data into the Chef configuration.
|
160
|
+
creds.each do |key, value|
|
161
|
+
case key.to_s
|
162
|
+
when "client_name"
|
163
|
+
# Special case because it's weird to set your username via `node_name`.
|
164
|
+
Config.node_name = value
|
165
|
+
when "validation_key", "validator_key"
|
166
|
+
extract_key(value, :validation_key, :validation_key_contents)
|
167
|
+
when "client_key"
|
168
|
+
extract_key(value, :client_key, :client_key_contents)
|
169
|
+
when "knife"
|
170
|
+
Config.knife.merge!(value.transform_keys(&:to_sym))
|
171
|
+
else
|
172
|
+
Config[key.to_sym] = value
|
173
|
+
end
|
174
|
+
end
|
175
|
+
@credentials_found = true
|
176
|
+
end
|
177
|
+
|
178
|
+
def extract_key(key_value, config_path, config_contents)
|
179
|
+
if key_value.start_with?("-----BEGIN RSA PRIVATE KEY-----")
|
180
|
+
Config.send(config_contents, key_value)
|
181
|
+
else
|
182
|
+
abs_path = Pathname.new(key_value).expand_path(home_chef_dir)
|
183
|
+
Config.send(config_path, abs_path)
|
184
|
+
end
|
185
|
+
end
|
186
|
+
|
187
|
+
def home_chef_dir
|
188
|
+
@home_chef_dir ||= PathHelper.home(ChefUtils::Dist::Infra::USER_CONF_DIR)
|
189
|
+
end
|
190
|
+
|
191
|
+
def apply_config(config_content, config_file_path)
|
192
|
+
Config.from_string(config_content, config_file_path)
|
193
|
+
rescue SignalException
|
194
|
+
raise
|
195
|
+
rescue SyntaxError => e
|
196
|
+
message = ""
|
197
|
+
message << "You have invalid ruby syntax in your config file #{config_file_path}\n\n"
|
198
|
+
message << "#{e.class.name}: #{e.message}\n"
|
199
|
+
if file_line = e.message[/#{Regexp.escape(config_file_path)}:\d+/]
|
200
|
+
line = file_line[/:(\d+)$/, 1].to_i
|
201
|
+
message << highlight_config_error(config_file_path, line)
|
202
|
+
end
|
203
|
+
raise ChefConfig::ConfigurationError, message
|
204
|
+
rescue Exception => e
|
205
|
+
message = "You have an error in your config file #{config_file_path}\n\n"
|
206
|
+
message << "#{e.class.name}: #{e.message}\n"
|
207
|
+
filtered_trace = e.backtrace.grep(/#{Regexp.escape(config_file_path)}/)
|
208
|
+
filtered_trace.each { |bt_line| message << " " << bt_line << "\n" }
|
209
|
+
unless filtered_trace.empty?
|
210
|
+
line_nr = filtered_trace.first[/#{Regexp.escape(config_file_path)}:(\d+)/, 1]
|
211
|
+
message << highlight_config_error(config_file_path, line_nr.to_i)
|
212
|
+
end
|
213
|
+
raise ChefConfig::ConfigurationError, message
|
214
|
+
end
|
215
|
+
|
216
|
+
# Apply default configuration values for workstation-style tools.
|
217
|
+
#
|
218
|
+
# Global defaults should go in {ChefConfig::Config} instead, this is only
|
219
|
+
# for things like `knife` and `chef`.
|
220
|
+
#
|
221
|
+
# @api private
|
222
|
+
# @since 14.3
|
223
|
+
# @return [void]
|
224
|
+
def apply_defaults
|
225
|
+
# If we don't have a better guess use the username.
|
226
|
+
Config[:node_name] ||= Etc.getlogin
|
227
|
+
# If we don't have a key (path or inline) check user.pem and $node_name.pem.
|
228
|
+
unless Config.key?(:client_key) || Config.key?(:client_key_contents)
|
229
|
+
key_path = find_default_key(["#{Config[:node_name]}.pem", "user.pem"])
|
230
|
+
Config[:client_key] = key_path if key_path
|
231
|
+
end
|
232
|
+
# Similarly look for a validation key file, though this should be less
|
233
|
+
# common these days.
|
234
|
+
unless Config.key?(:validation_key) || Config.key?(:validation_key_contents)
|
235
|
+
key_path = find_default_key(["#{Config[:validation_client_name]}.pem", "validator.pem", "validation.pem"])
|
236
|
+
Config[:validation_key] = key_path if key_path
|
237
|
+
end
|
238
|
+
end
|
239
|
+
|
240
|
+
# Look for a default key file.
|
241
|
+
#
|
242
|
+
# This searches for any of a list of possible default keys, checking both
|
243
|
+
# the local `.chef/` folder and the home directory `~/.chef/`. Returns `nil`
|
244
|
+
# if no matching file is found.
|
245
|
+
#
|
246
|
+
# @api private
|
247
|
+
# @since 14.3
|
248
|
+
# @param key_names [Array<String>] A list of possible filenames to check for.
|
249
|
+
# The first one found will be returned.
|
250
|
+
# @return [String, nil]
|
251
|
+
def find_default_key(key_names)
|
252
|
+
key_names.each do |filename|
|
253
|
+
path = Pathname.new(filename)
|
254
|
+
# If we have a config location (like ./.chef/), look there first.
|
255
|
+
if config_location
|
256
|
+
local_path = path.expand_path(File.dirname(config_location))
|
257
|
+
return local_path.to_s if local_path.exist?
|
258
|
+
end
|
259
|
+
# Then check ~/.chef.
|
260
|
+
home_path = path.expand_path(home_chef_dir)
|
261
|
+
return home_path.to_s if home_path.exist?
|
262
|
+
end
|
263
|
+
nil
|
264
|
+
end
|
265
|
+
|
266
|
+
def highlight_config_error(file, line)
|
267
|
+
config_file_lines = []
|
268
|
+
IO.readlines(file).each_with_index { |l, i| config_file_lines << "#{(i + 1).to_s.rjust(3)}: #{l.chomp}" }
|
269
|
+
if line == 1
|
270
|
+
lines = config_file_lines[0..3]
|
271
|
+
else
|
272
|
+
lines = config_file_lines[Range.new(line - 2, line)]
|
273
|
+
end
|
274
|
+
"Relevant file content:\n" + lines.join("\n") + "\n"
|
275
|
+
end
|
276
|
+
|
277
|
+
def logger
|
278
|
+
@logger
|
279
|
+
end
|
280
|
+
|
281
|
+
end
|
282
|
+
end
|
data/lib/chef-config.rb
CHANGED
@@ -1,20 +1,20 @@
|
|
1
|
-
#
|
2
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
-
# License:: Apache License, Version 2.0
|
4
|
-
#
|
5
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
# you may not use this file except in compliance with the License.
|
7
|
-
# You may obtain a copy of the License at
|
8
|
-
#
|
9
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
#
|
11
|
-
# Unless required by applicable law or agreed to in writing, software
|
12
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
# See the License for the specific language governing permissions and
|
15
|
-
# limitations under the License.
|
16
|
-
#
|
17
|
-
|
18
|
-
module ChefConfig
|
19
|
-
|
20
|
-
end
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
module ChefConfig
|
19
|
+
|
20
|
+
end
|