chef-dk 0.7.0 → 0.8.0

data/lib/chef-dk/policyfile_lock.rb

@@ -255,6 +255,7 @@ module ChefDK
     def build_from_lock_data(lock_data)
       set_name_from_lock_data(lock_data)
       set_run_list_from_lock_data(lock_data)
+      set_named_run_lists_from_lock_data(lock_data)
       set_cookbook_locks_from_lock_data(lock_data)
       set_attributes_from_lock_data(lock_data)
       set_solution_dependencies_from_lock_data(lock_data)
@@ -264,6 +265,7 @@ module ChefDK
     def build_from_archive(lock_data)
       set_name_from_lock_data(lock_data)
       set_run_list_from_lock_data(lock_data)
+      set_named_run_lists_from_lock_data(lock_data)
       set_cookbook_locks_as_archives_from_lock_data(lock_data)
       set_attributes_from_lock_data(lock_data)
       set_solution_dependencies_from_lock_data(lock_data)
@@ -416,6 +418,34 @@ module ChefDK
       @run_list = run_list_attribute
     end
 
+    def set_named_run_lists_from_lock_data(lock_data)
+      return unless lock_data.key?("named_run_lists")
+
+      lock_data_named_run_lists = lock_data["named_run_lists"]
+
+      unless lock_data_named_run_lists.kind_of?(Hash)
+        msg = "lockfile's named_run_lists must be a Hash (JSON object). (got: #{lock_data_named_run_lists.inspect})"
+        raise InvalidLockfile, msg
+      end
+
+      lock_data_named_run_lists.each do |name, run_list|
+        unless name.kind_of?(String)
+          msg = "Keys in lockfile's named_run_lists must be Strings. (got: #{name.inspect})"
+          raise InvalidLockfile, msg
+        end
+        unless run_list.kind_of?(Array)
+          msg = "Values in lockfile's named_run_lists must be Arrays. (got: #{run_list.inspect})"
+          raise InvalidLockfile, msg
+        end
+        bad_run_list_items = run_list.select { |e| e !~ RUN_LIST_ITEM_FORMAT }
+        unless bad_run_list_items.empty?
+          msg = "lockfile's run_list items must be formatted like `recipe[$COOKBOOK_NAME::$RECIPE_NAME]'. Invalid items: `#{bad_run_list_items.join("' `")}'"
+          raise InvalidLockfile, msg
+        end
+      end
+      @named_run_lists = lock_data_named_run_lists
+    end
+
     def set_cookbook_locks_from_lock_data(lock_data)
       cookbook_lock_data = lock_data["cookbook_locks"]
 

data/lib/chef-dk/policyfile_services/clean_policies.rb

@@ -15,6 +15,7 @@
 # limitations under the License.
 #
 
+require 'chef-dk/exceptions'
 require 'chef-dk/service_exceptions'
 require 'chef-dk/policyfile/lister'
 
@@ -53,7 +54,7 @@ module ChefDK
 
           message = "Failed to delete some policy revisions:\n" + details.join("\n") + "\n"
 
-          raise PolicyfileCleanError.new(message, nil)
+          raise PolicyfileCleanError.new(message, MultipleErrors.new("multiple errors"))
         end
 
         true
@@ -74,9 +75,9 @@ module ChefDK
       end
 
       def http_client
-        @http_client ||= ChefDK::AuthenticatedHTTP.new(config.chef_server_url,
-                                                       signing_key_filename: config.client_key,
-                                                       client_name: config.node_name)
+        @http_client ||= ChefDK::AuthenticatedHTTP.new(chef_config.chef_server_url,
+                                                       signing_key_filename: chef_config.client_key,
+                                                       client_name: chef_config.node_name)
       end
 
       private

data/lib/chef-dk/policyfile_services/clean_policy_cookbooks.rb

@@ -0,0 +1,125 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'set'
+
+require 'chef-dk/authenticated_http'
+require 'chef-dk/service_exceptions'
+
+module ChefDK
+  module PolicyfileServices
+
+    class CleanPolicyCookbooks
+
+      attr_reader :chef_config
+
+      attr_reader :ui
+
+      def initialize(config: nil, ui: nil)
+        @chef_config = config
+        @ui = ui
+
+        @all_cookbooks = nil
+        @active_cookbooks = nil
+        @all_policies = nil
+      end
+
+      def run
+        gc_cookbooks
+      rescue => e
+        raise PolicyCookbookCleanError.new("Failed to cleanup policy cookbooks", e)
+      end
+
+      def gc_cookbooks
+        cookbooks = cookbooks_to_clean
+
+        if cookbooks.empty?
+          ui.msg("No cookbooks deleted.")
+        end
+
+        cookbooks.each do |name, identifiers|
+          identifiers.each do |identifier|
+            http_client.delete("/cookbook_artifacts/#{name}/#{identifier}")
+            ui.msg("DELETE #{name} #{identifier}")
+          end
+        end
+      end
+
+
+      def all_cookbooks
+        cookbook_list = http_client.get("/cookbook_artifacts")
+        cookbook_list.inject({}) do |cb_map, (name, cb_info)|
+          cb_map[name] = cb_info["versions"].map { |v| v["identifier"] }
+          cb_map
+        end
+      end
+
+      def active_cookbooks
+        policy_revisions_by_name.inject({}) do |cb_map, (policy_name, revision_ids)|
+          revision_ids.each do |revision_id|
+            cookbook_revisions_in_policy(policy_name, revision_id).each do |cb_name, identifier|
+              cb_map[cb_name] ||= Set.new
+              cb_map[cb_name] << identifier
+            end
+          end
+          cb_map
+        end
+      end
+
+      def cookbooks_to_clean
+        active_cbs = active_cookbooks
+
+        all_cookbooks.inject({}) do |cb_map, (cb_name, revisions)|
+          active_revs = active_cbs[cb_name] || Set.new
+          inactive_revs = Set.new(revisions) - active_revs
+          cb_map[cb_name] = inactive_revs unless inactive_revs.empty?
+
+          cb_map
+        end
+      end
+
+      # @api private
+      def policy_revisions_by_name
+        policies_list = http_client.get("/policies")
+        policies_list.inject({}) do |policies_map, (name, policy_info)|
+          policies_map[name] = policy_info["revisions"].keys
+          policies_map
+        end
+      end
+
+      # @api private
+      def cookbook_revisions_in_policy(name, revision_id)
+        policy_revision_data = http_client.get("/policies/#{name}/revisions/#{revision_id}")
+
+        policy_revision_data["cookbook_locks"].inject({}) do |cb_map, (cb_name, lock_info)|
+          cb_map[cb_name] = lock_info["identifier"]
+          cb_map
+        end
+      end
+
+      # @api private
+      # An instance of ChefDK::AuthenticatedHTTP configured with the user's
+      # server URL and credentials.
+      def http_client
+        @http_client ||= ChefDK::AuthenticatedHTTP.new(chef_config.chef_server_url,
+                                                       signing_key_filename: chef_config.client_key,
+                                                       client_name: chef_config.node_name)
+      end
+    end
+  end
+end
+

data/lib/chef-dk/policyfile_services/rm_policy.rb

@@ -0,0 +1,142 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef-dk/service_exceptions'
+require 'chef-dk/authenticated_http'
+require 'chef-dk/policyfile/undo_stack'
+require 'chef-dk/policyfile/undo_record'
+
+module ChefDK
+  module PolicyfileServices
+
+    class RmPolicy
+
+      attr_reader :policy_name
+
+      # @api private
+      attr_reader :chef_config
+
+      # @api private
+      attr_reader :ui
+
+      # @api private
+      attr_reader :undo_record
+
+      # @api private
+      attr_reader :undo_stack
+
+      def initialize(config: nil, ui: nil, policy_name: nil)
+        @chef_config = config
+        @ui = ui
+        @policy_name = policy_name
+
+        @policy_revision_data = nil
+        @policy_exists = false
+        @policy_group_data = nil
+
+        @undo_record = Policyfile::UndoRecord.new
+        @undo_stack = Policyfile::UndoStack.new
+      end
+
+      def run
+        unless policy_exists?
+          ui.err("Policy '#{policy_name}' does not exist on the server")
+          return false
+        end
+
+        undo_record.description = "delete-policy #{policy_name}"
+
+        unless policy_has_no_revisions?
+          gather_policy_data_for_undo
+        end
+
+        http_client.delete("/policies/#{policy_name}")
+        undo_stack.push(undo_record)
+        ui.err("Removed policy '#{policy_name}'.")
+      rescue => e
+        raise DeletePolicyError.new("Failed to delete policy '#{policy_name}'", e)
+      end
+
+      # @api private
+      # An instance of ChefDK::AuthenticatedHTTP configured with the user's
+      # server URL and credentials.
+      def http_client
+        @http_client ||= ChefDK::AuthenticatedHTTP.new(chef_config.chef_server_url,
+                                                       signing_key_filename: chef_config.client_key,
+                                                       client_name: chef_config.node_name)
+      end
+
+      private
+
+      def policy_has_no_revisions?
+        policy_revision_data.empty? || policy_revision_data["revisions"].empty?
+      end
+
+      def gather_policy_data_for_undo
+        revisions = policy_revision_data["revisions"].keys
+
+        revisions.each do |revision_id|
+          policy_revision_data = http_client.get("/policies/#{policy_name}/revisions/#{revision_id}")
+          policy_groups = policy_groups_using_revision(revision_id)
+          if policy_groups.empty?
+            undo_record.add_policy_revision(policy_name, nil, policy_revision_data)
+          else
+            policy_groups.each do |policy_group|
+              undo_record.add_policy_revision(policy_name, policy_group, policy_revision_data)
+            end
+          end
+        end
+      end
+
+      def policy_groups_using_revision(revision_id)
+        groups = []
+        policy_group_data.each do |group_name, group_info|
+          next unless group_info.key?("policies") && !group_info["policies"].empty?
+          next unless group_info["policies"].key?(policy_name)
+          next unless group_info["policies"][policy_name]["revision_id"] == revision_id
+          groups << group_name if group_info
+        end
+        groups
+      end
+
+      def policy_group_data
+        @policy_group_data ||= http_client.get("/policy_groups")
+      end
+
+      def policy_exists?
+        return true if @policy_exists
+        fetch_policy_revision_data
+        @policy_exists
+      end
+
+      def policy_revision_data
+        return @policy_revision_data if @policy_exists
+        fetch_policy_revision_data
+      end
+
+      def fetch_policy_revision_data
+        @policy_revision_data = http_client.get("/policies/#{policy_name}")
+        @policy_exists = true
+      rescue Net::HTTPServerException => e
+        raise unless e.response.code == "404"
+        @policy_exists = false
+      end
+
+    end
+  end
+end
+

data/lib/chef-dk/policyfile_services/rm_policy_group.rb

@@ -0,0 +1,86 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef-dk/service_exceptions'
+require 'chef-dk/authenticated_http'
+require 'chef-dk/policyfile/undo_stack'
+require 'chef-dk/policyfile/undo_record'
+
+module ChefDK
+  module PolicyfileServices
+
+    class RmPolicyGroup
+
+      attr_reader :policy_group
+
+      # @api private
+      attr_reader :chef_config
+
+      # @api private
+      attr_reader :ui
+
+      # @api private
+      attr_reader :undo_record
+
+      # @api private
+      attr_reader :undo_stack
+
+      def initialize(config: nil, ui: nil, policy_group: nil)
+        @chef_config = config
+        @ui = ui
+        @policy_group = policy_group
+
+        @undo_record = Policyfile::UndoRecord.new
+        @undo_stack = Policyfile::UndoStack.new
+      end
+
+      def run
+        undo_record.description = "delete-policy-group #{policy_group}"
+        policy_group_list = http_client.get("/policy_groups")
+
+        unless policy_group_list.has_key?(policy_group)
+          ui.err("Policy group '#{policy_group}' does not exist on the server")
+          return false
+        end
+        policy_group_info = policy_group_list[policy_group]
+
+        policies_in_group = policy_group_info["policies"] || []
+        policies_in_group.each do |name, revision_info|
+          rev_id = revision_info["revision_id"]
+          policy_revision_data = http_client.get("/policies/#{name}/revisions/#{rev_id}")
+          undo_record.add_policy_revision(name, policy_group, policy_revision_data)
+        end
+        http_client.delete("/policy_groups/#{policy_group}")
+        undo_record.add_policy_group(policy_group)
+        ui.err("Removed policy group '#{policy_group}'.")
+        undo_stack.push(undo_record)
+      rescue => e
+        raise DeletePolicyGroupError.new("Failed to delete policy group '#{policy_group}'", e)
+      end
+
+      # @api private
+      # An instance of ChefDK::AuthenticatedHTTP configured with the user's
+      # server URL and credentials.
+      def http_client
+        @http_client ||= ChefDK::AuthenticatedHTTP.new(chef_config.chef_server_url,
+                                                       signing_key_filename: chef_config.client_key,
+                                                       client_name: chef_config.node_name)
+      end
+    end
+  end
+end
+

data/lib/chef-dk/policyfile_services/show_policy.rb

@@ -163,7 +163,7 @@ module ChefDK
         report.h1(policy_name)
         rev_id_by_group = policy_lister.revision_ids_by_group_for(policy_name)
 
-        if rev_id_by_group.empty?
+        if rev_id_by_group.empty? || rev_id_by_group.all? { |_k, rev| rev.nil? }
           ui.err("No policies named '#{policy_name}' are associated with a policy group")
           ui.err("")
         elsif show_summary_diff?

data/lib/chef-dk/policyfile_services/undelete.rb

@@ -0,0 +1,108 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef-dk/authenticated_http'
+require 'chef-dk/service_exceptions'
+require 'chef-dk/policyfile/undo_stack'
+
+module ChefDK
+  module PolicyfileServices
+    class Undelete
+
+      attr_reader :ui
+
+      attr_reader :chef_config
+
+      attr_reader :undo_record_id
+
+      def initialize(undo_record_id: nil, config: nil, ui: nil)
+        @chef_config = config
+        @ui = ui
+        @undo_record_id = undo_record_id
+
+        @http_client = nil
+        @undo_stack = nil
+      end
+
+      # In addition to the #run method, this class also has #list as a public
+      # entry point. This prints the list of undoable items, with descriptions.
+      def list
+        if undo_stack.empty?
+          ui.err("Nothing to undo.")
+        else
+          messages = []
+          undo_stack.each_with_id do |timestamp, undo_record|
+            messages.unshift("#{timestamp}: #{undo_record.description}")
+          end
+          messages.each { |m| ui.msg(m) }
+        end
+      end
+
+      def run
+        if undo_record_id
+          if undo_stack.has_id?(undo_record_id)
+            undo_stack.delete(undo_record_id) { |undo_record| restore(undo_record) }
+          else
+            ui.err("No undo record with id '#{undo_record_id}' exists")
+          end
+        else
+          undo_stack.pop { |undo_record| restore(undo_record) }
+        end
+      rescue => e
+        raise UndeleteError.new("Failed to undelete.", e)
+      end
+
+      def undo_stack
+        @undo_stack ||= Policyfile::UndoStack.new
+      end
+
+      def http_client
+        @http_client ||= ChefDK::AuthenticatedHTTP.new(chef_config.chef_server_url,
+                                                       signing_key_filename: chef_config.client_key,
+                                                       client_name: chef_config.node_name)
+      end
+
+      private
+
+      def restore(undo_record)
+        undo_record.policy_revisions.each do |policy_info|
+          if policy_info.policy_group.nil?
+            recreate_as_orphan(policy_info)
+          else
+            recreate_and_associate_to_group(policy_info)
+          end
+        end
+        if ( restored_policy_group = undo_record.policy_groups.first )
+          ui.msg("Restored policy group '#{restored_policy_group}'")
+        end
+      end
+
+      def recreate_as_orphan(policy_info)
+        rel_uri = "/policies/#{policy_info.policy_name}/revisions"
+        http_client.post(rel_uri, policy_info.data)
+        ui.msg("Restored policy '#{policy_info.policy_name}'")
+      end
+
+      def recreate_and_associate_to_group(policy_info)
+        rel_uri = "/policy_groups/#{policy_info.policy_group}/policies/#{policy_info.policy_name}"
+        http_client.put(rel_uri, policy_info.data)
+        ui.msg("Restored policy '#{policy_info.policy_name}'")
+      end
+
+    end
+  end
+end