chef-config 13.6.4 → 13.7.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f0968dc4c615d0642e82e8462d97c17d78c158ef
-  data.tar.gz: 13d09213de2fcaeb6098f2c5522a2d95445a5dfe
+  metadata.gz: c1d509df602bb95a13b5ac06864f420dd0ae1fcf
+  data.tar.gz: 4924ec21b6dc5c39efd835550d022df3555e0625
 SHA512:
-  metadata.gz: 5e0bcd3c9823245148fe74fbeefe0cd3014727243f2faec5e22fec2a727434fc19c67fc171520488d09ea4e44a1df2dc328b110ddff3bd43f6fad651b0e3d15f
-  data.tar.gz: cc4d1bcc23f499b3acbbde229b46bccc6fa1997435967918d62af16a315da4b64d15ed12e318fd55d15fb9040dbd7824b9251963f757ac2bcd3ac6edc965ef0b
+  metadata.gz: c2fbec33c4d7f638e18f55021bb13f9accfe0e5dfedd1c25b0c0cf7f9d04518949ba1ea39ac48422eb00fd8cbfad91661e7704b457aba4c2ebaf0988cc76e58e
+  data.tar.gz: 279f3af2f42c46c910215a5580032e7c90edde23ee9af3bc017ae58b66596fe3c160e3f222d29c27d16b133f4d38d36da5bdbe73762672a19f4e8e0c1ba70f18

data/chef-config.gemspec

@@ -19,6 +19,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "mixlib-config", "~> 2.0"
   spec.add_dependency "fuzzyurl"
   spec.add_dependency "addressable"
+  spec.add_dependency "tomlrb", "~> 1.2"
 
   spec.add_development_dependency "rake", "~> 10.0"
 

data/lib/chef-config/config.rb

@@ -592,6 +592,12 @@ module ChefConfig
     # If chef-zero is enabled, this defaults to nil (no authentication).
     default(:client_key) { chef_zero.enabled ? nil : platform_specific_path("/etc/chef/client.pem") }
 
+    # A credentials file may contain a complete client key, rather than the path
+    # to one.
+    #
+    # We'll use this preferentially.
+    default :client_key_contents, nil
+
     # When registering the client, should we allow the client key location to
     # be a symlink?  eg: /etc/chef/client.pem -> /etc/chef/prod-client.pem
     # If the path of the key goes through a directory like /tmp this should
@@ -631,6 +637,7 @@ module ChefConfig
     default(:validation_key) { chef_zero.enabled ? nil : platform_specific_path("/etc/chef/validation.pem") }
     default :validation_client_name, "chef-validator"
 
+    default :validation_key_contents, nil
     # When creating a new client via the validation_client account, Chef 11
     # servers allow the client to generate a key pair locally and send the
     # public key to the server. This is more secure and helps offload work from
@@ -691,6 +698,9 @@ module ChefConfig
     # on running chef-client
     default :count_log_resource_updates, true
 
+    # The selected profile when using credentials.
+    default :profile, nil
+
     # knife configuration data
     config_context :knife do
       # XXX: none of these default values are applied to knife (and would create a backcompat

data/lib/chef-config/mixin/credentials.rb

@@ -0,0 +1,57 @@
+#
+# Copyright:: Copyright 2017, Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "tomlrb"
+require "chef-config/path_helper"
+
+module ChefConfig
+  module Mixin
+    module Credentials
+
+      def load_credentials(profile = nil)
+        credentials_file = PathHelper.home(".chef", "credentials").freeze
+        context_file = PathHelper.home(".chef", "context").freeze
+
+        return unless File.file?(credentials_file)
+
+        context = File.read(context_file) if File.file?(context_file)
+
+        environment = ENV.fetch("CHEF_PROFILE", nil)
+
+        profile = if !profile.nil?
+                    profile
+                  elsif !environment.nil?
+                    environment
+                  elsif !context.nil?
+                    context
+                  else
+                    "default"
+                  end
+
+        config = Tomlrb.load_file(credentials_file)
+        apply_credentials(config[profile], profile)
+      rescue ChefConfig::ConfigurationError
+        raise
+      rescue => e
+        # TOML's error messages are mostly rubbish, so we'll just give a generic one
+        message = "Unable to parse Credentials file: #{credentials_file}\n"
+        message << e.message
+        raise ChefConfig::ConfigurationError, message
+      end
+    end
+  end
+end

data/lib/chef-config/path_helper.rb

@@ -235,7 +235,7 @@ module ChefConfig
       paths = paths.map { |home_path| home_path.gsub(path_separator, ::File::SEPARATOR) if home_path }
 
       # Filter out duplicate paths and paths that don't exist.
-      valid_paths = paths.select { |home_path| home_path && Dir.exists?(home_path.force_encoding("utf-8")) }
+      valid_paths = paths.select { |home_path| home_path && Dir.exist?(home_path.force_encoding("utf-8")) }
       valid_paths = valid_paths.uniq
 
       # Join all optional path elements at the end.

data/lib/chef-config/version.rb

@@ -21,7 +21,7 @@
 
 module ChefConfig
   CHEFCONFIG_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = "13.6.4"
+  VERSION = "13.7.16"
 end
 
 #

data/lib/chef-config/workstation_config_loader.rb

@@ -22,24 +22,31 @@ require "chef-config/logger"
 require "chef-config/path_helper"
 require "chef-config/windows"
 require "chef-config/mixin/dot_d"
+require "chef-config/mixin/credentials"
 
 module ChefConfig
   class WorkstationConfigLoader
     include ChefConfig::Mixin::DotD
+    include ChefConfig::Mixin::Credentials
 
     # Path to a config file requested by user, (e.g., via command line option). Can be nil
     attr_accessor :explicit_config_file
+    # The name of a credentials profile. Can be nil
+    attr_accessor :profile
+    attr_reader :credentials_found
 
     # TODO: initialize this with a logger for Chef and Knife
-    def initialize(explicit_config_file, logger = nil)
+    def initialize(explicit_config_file, logger = nil, profile: nil)
       @explicit_config_file = explicit_config_file
       @chef_config_dir = nil
       @config_location = nil
+      @profile = profile
       @logger = logger || NullLogger.new
+      @credentials_found = false
     end
 
     def no_config_found?
-      config_location.nil?
+      config_location.nil? && !credentials_found
     end
 
     def config_location
@@ -62,6 +69,7 @@ module ChefConfig
     end
 
     def load
+      load_credentials(profile)
       # Ignore it if there's no explicit_config_file and can't find one at a
       # default path.
       if !config_location.nil?
@@ -138,6 +146,38 @@ module ChefConfig
       a
     end
 
+    def apply_credentials(creds, profile)
+      Config.profile ||= profile
+      if creds.key?("node_name") && creds.key?("client_name")
+        raise ChefConfig::ConfigurationError, "Do not specify both node_name and client_name. You should prefer client_name."
+      end
+      Config.node_name = creds.fetch("node_name") if creds.key?("node_name")
+      Config.node_name = creds.fetch("client_name") if creds.key?("client_name")
+      Config.chef_server_url = creds.fetch("chef_server_url") if creds.key?("chef_server_url")
+      Config.validation_client_name = creds.fetch("validation_client_name") if creds.key?("validation_client_name")
+
+      extract_key(creds, "validation_key", :validation_key, :validation_key_contents)
+      extract_key(creds, "validator_key", :validation_key, :validation_key_contents)
+      extract_key(creds, "client_key", :client_key, :client_key_contents)
+      @credentials_found = true
+    end
+
+    def extract_key(creds, name, config_path, config_contents)
+      return unless creds.has_key?(name)
+
+      val = creds.fetch(name)
+      if val.start_with?("-----BEGIN RSA PRIVATE KEY-----")
+        Config.send(config_contents, val)
+      else
+        abs_path = Pathname.new(val).expand_path(home_chef_dir)
+        Config.send(config_path, abs_path)
+      end
+    end
+
+    def home_chef_dir
+      @home_chef_dir ||= PathHelper.home(".chef")
+    end
+
     def apply_config(config_content, config_file_path)
       Config.from_string(config_content, config_file_path)
     rescue SignalException

data/spec/unit/workstation_config_loader_spec.rb

@@ -38,6 +38,7 @@ RSpec.describe ChefConfig::WorkstationConfigLoader do
   before do
     # We set this to nil so that a dev workstation will
     # not interfere with the tests.
+    ChefConfig::Config.reset
     ChefConfig::Config[:config_d_dir] = nil
   end
 
@@ -363,4 +364,147 @@ RSpec.describe ChefConfig::WorkstationConfigLoader do
       end
     end
   end
+
+  describe "when loading a credentials file" do
+    if ChefConfig.windows?
+      let(:home) { "C:/Users/example.user" }
+    else
+      let(:home) { "/Users/example.user" }
+    end
+    let(:credentials_file) { "#{home}/.chef/credentials" }
+    let(:context_file) { "#{home}/.chef/context" }
+
+    before do
+      allow(ChefConfig::PathHelper).to receive(:home).with(".chef").and_return(File.join(home, ".chef"))
+      allow(ChefConfig::PathHelper).to receive(:home).with(".chef", "credentials").and_return(credentials_file)
+      allow(ChefConfig::PathHelper).to receive(:home).with(".chef", "context").and_return(context_file)
+      allow(File).to receive(:file?).with(context_file).and_return false
+    end
+
+    context "when the file exists" do
+      before do
+        expect(File).to receive(:read).with(credentials_file, { encoding: "utf-8" }).and_return(content)
+        allow(File).to receive(:file?).with(credentials_file).and_return true
+      end
+
+      context "and has a default profile" do
+        let(:content) do
+          content = <<EOH
+[default]
+node_name = 'barney'
+client_key = "barney_rubble.pem"
+chef_server_url = "https://api.chef.io/organizations/bedrock"
+EOH
+          content
+        end
+
+        it "applies the expected config" do
+          expect { config_loader.load_credentials }.not_to raise_error
+          expect(ChefConfig::Config.chef_server_url).to eq("https://api.chef.io/organizations/bedrock")
+          expect(ChefConfig::Config.client_key.to_s).to eq("#{home}/.chef/barney_rubble.pem")
+          expect(ChefConfig::Config.profile.to_s).to eq("default")
+        end
+      end
+
+      context "and has a profile containing a full key" do
+        let(:content) do
+          content = <<EOH
+[default]
+client_key = """
+-----BEGIN RSA PRIVATE KEY-----
+foo
+"""
+EOH
+          content
+        end
+
+        it "applies the expected config" do
+          expect { config_loader.load_credentials }.not_to raise_error
+          expect(ChefConfig::Config.client_key_contents).to eq(<<EOH
+-----BEGIN RSA PRIVATE KEY-----
+foo
+EOH
+)
+        end
+      end
+
+      context "and has several profiles" do
+        let(:content) do
+          content = <<EOH
+[default]
+client_name = "default"
+[environment]
+client_name = "environment"
+[explicit]
+client_name = "explicit"
+[context]
+client_name = "context"
+EOH
+          content
+        end
+
+        let(:env) { {} }
+        before do
+          stub_const("ENV", env)
+        end
+
+        it "selects the correct profile explicitly" do
+          expect { config_loader.load_credentials("explicit") }.not_to raise_error
+          expect(ChefConfig::Config.node_name).to eq("explicit")
+        end
+
+        context "with an environment variable" do
+          let(:env) { { "CHEF_PROFILE" => "environment" } }
+
+          it "selects the correct profile" do
+            expect { config_loader.load_credentials }.not_to raise_error
+            expect(ChefConfig::Config.node_name).to eq("environment")
+          end
+        end
+
+        it "selects the correct profile with a context file" do
+          allow(File).to receive(:file?).with(context_file).and_return true
+          expect(File).to receive(:read).with(context_file).and_return "context"
+          expect { config_loader.load_credentials }.not_to raise_error
+          expect(ChefConfig::Config.node_name).to eq("context")
+        end
+
+        it "falls back to the default" do
+          expect { config_loader.load_credentials }.not_to raise_error
+          expect(ChefConfig::Config.node_name).to eq("default")
+        end
+      end
+
+      context "and contains both node_name and client_name" do
+        let(:content) do
+          content = <<EOH
+[default]
+node_name = 'barney'
+client_name = 'barney'
+EOH
+          content
+        end
+
+        it "raises a ConfigurationError" do
+          expect { config_loader.load_credentials }.to raise_error(ChefConfig::ConfigurationError)
+        end
+      end
+
+      context "and has a syntax error" do
+        let(:content) { "<<<<<" }
+
+        it "raises a ConfigurationError" do
+          expect { config_loader.load_credentials }.to raise_error(ChefConfig::ConfigurationError)
+        end
+      end
+    end
+
+    context "when the file does not exist" do
+      it "does not load anything" do
+        allow(File).to receive(:file?).with(credentials_file).and_return false
+        expect(Tomlrb).not_to receive(:load_file)
+        config_loader.load_credentials
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-config
 version: !ruby/object:Gem::Version
-  version: 13.6.4
+  version: 13.7.16
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-06 00:00:00.000000000 Z
+date: 2018-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mixlib-shellout
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: tomlrb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -138,6 +152,7 @@ files:
 - lib/chef-config/exceptions.rb
 - lib/chef-config/fips.rb
 - lib/chef-config/logger.rb
+- lib/chef-config/mixin/credentials.rb
 - lib/chef-config/mixin/dot_d.rb
 - lib/chef-config/mixin/fuzzy_hostname_matcher.rb
 - lib/chef-config/package_task.rb