chef-dk 2.3.4 → 2.4.17

data/lib/chef-dk/policyfile/lock_applier.rb

@@ -0,0 +1,80 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module ChefDK
+  module Policyfile
+
+    # A class that can apply constraints from a lock to a compiler
+    class LockApplier
+      attr_reader :unlocked_policies
+      attr_reader :policyfile_lock
+      attr_reader :policyfile_compiler
+
+      # Initialize a LockApplier. By default, all locked data this class knows
+      # about will be applied to the compiler. Currently, it applies locks only
+      # for included policies.
+      #
+      # @param policyfile_lock [PolicyfileLock] contains the locked data to use
+      # @param policyfile_compiler [PolicyfileCompiler] the compiler to apply the locked data
+      def initialize(policyfile_lock, policyfile_compiler)
+        @policyfile_lock = policyfile_lock
+        @policyfile_compiler = policyfile_compiler
+        @unlocked_policies = []
+      end
+
+      # Unlocks included policies
+      #
+      # @param policies [:all] Unconstrain all policies
+      # @param policies [Array<String>] Unconstrain a specific policy by name
+      def with_unlocked_policies(policies)
+        if policies == :all || unlocked_policies == :all
+          @unlocked_policies = :all
+        else
+          policies.each do |policy|
+            @unlocked_policies << policy
+          end
+        end
+        self
+      end
+
+      # Apply locks described in policyfile_lock allowing for the deviations asked
+      # for.
+      #
+      # @note No changes are applied until apply! is invoked
+      def apply!
+        prepare_constraints_for_policies
+      end
+
+      private
+
+      def prepare_constraints_for_policies
+        if unlocked_policies == :all
+          return
+        end
+
+        policyfile_compiler.included_policies.each do |policy|
+          if !unlocked_policies.include?(policy.name)
+            lock = policyfile_lock.included_policy_locks.find do |policy_lock|
+              policy_lock["name"] == policy.name
+            end
+            policy.apply_locked_source_options(lock["source_options"])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef-dk/policyfile/null_cookbook_source.rb

@@ -36,6 +36,10 @@ module ChefDK
         true
       end
 
+      def preferred_cookbooks
+        []
+      end
+
       def desc
         "null_cookbook_source"
       end

data/lib/chef-dk/policyfile/policyfile_location_specification.rb

@@ -0,0 +1,122 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef-dk/policyfile_lock"
+require "chef-dk/policyfile/local_lock_fetcher"
+require "chef-dk/policyfile/chef_server_lock_fetcher"
+require "chef-dk/exceptions"
+
+module ChefDK
+  module Policyfile
+    # A PolicyfileLocationSpecification specifies where a policyfile lock is to be fetched from.
+    # Using this information, it provides a fetcher that is capable loading the policyfile
+    # lock.
+    class PolicyfileLocationSpecification
+
+      # @return [String] the name of the policyfile
+      attr_reader :name
+
+      # @return [Hash] options describing how to get the policyfile lock
+      attr_reader :source_options
+
+      attr_reader :storage_config
+      attr_reader :chef_config
+      attr_reader :ui
+
+      LOCATION_TYPES = [:path, :server]
+
+      # Intialize a location spec
+      #
+      # @param name [String] the name of the policyfile
+      # @param source_options [Hash] options describing where the policyfile lock lives
+      # @param storage_config [Poilcyfile::StorageConfig]
+      # @param chef_config [Chef::Config] chef config that will be used when communication
+      #                    with a chef server is required
+      def initialize(name, source_options, storage_config, chef_config = nil)
+        @name = name
+        @source_options = source_options
+        @storage_config = storage_config
+        @ui = nil
+        @chef_config = chef_config
+      end
+
+      # @return The revision id from the fetched lock
+      def revision_id
+        fetcher.lock_data["revision_id"]
+      end
+
+      # @return A policyfile lock fetcher compatible with the given source_options
+      def fetcher
+        @fetcher ||= begin
+                       if source_options[:path]
+                         Policyfile::LocalLockFetcher.new(name, source_options, storage_config)
+                       elsif source_options[:server]
+                         Policyfile::ChefServerLockFetcher.new(name, source_options, chef_config)
+                       else
+                         raise ChefDK::InvalidPolicyfileLocation.new(
+                           "Invalid policyfile lock location type. The supported locations are: #{LOCATION_TYPES.join(", ")}")
+                       end
+                     end
+      end
+
+      # @return [True] if there were no errors with the provided source_options
+      # @return [False] if there were errors with the provided source_options
+      def valid?
+        errors.empty?
+      end
+
+      # Check the options provided when craeting this class for errors
+      #
+      # @return [Array<String>] A list of errors found
+      def errors
+        error_messages = []
+
+        if LOCATION_TYPES.all? { |l| source_options[l].nil? }
+          error_messages << "include_policy must use one of the following sources: #{LOCATION_TYPES.join(', ')}"
+        else
+          if !fetcher.nil?
+            error_messages += fetcher.errors
+          end
+        end
+
+        error_messages
+      end
+
+      # Fetches and loads the policyfile lock
+      #
+      # @return [PolicyfileLock] the loaded policyfile lock
+      def policyfile_lock
+        @policyfile_lock ||= begin
+                               PolicyfileLock.new(storage_config, ui: ui).build_from_lock_data(fetcher.lock_data)
+                             end
+      end
+
+      # @return [Hash] The source_options that describe how to fetch this exact lock again
+      def source_options_for_lock
+        fetcher.source_options_for_lock
+      end
+
+      # Applies source options from a lock file. This is used to make sure that the same
+      # policyfile lock is loaded that was locked
+      #
+      # @param options_from_lock [Hash] The source options loaded from a policyfile lock
+      def apply_locked_source_options(options_from_lock)
+        fetcher.apply_locked_source_options(options_from_lock)
+      end
+    end
+  end
+end

data/lib/chef-dk/policyfile_compiler.rb

@@ -20,8 +20,11 @@ require "forwardable"
 
 require "solve"
 require "chef/run_list"
+require "chef/mixin/deep_merge"
 
 require "chef-dk/policyfile/dsl"
+require "chef-dk/policyfile/attribute_merge_checker"
+require "chef-dk/policyfile/included_policies_cookbook_source"
 require "chef-dk/policyfile_lock"
 require "chef-dk/ui"
 require "chef-dk/policyfile/reports/install"
@@ -49,8 +52,8 @@ module ChefDK
     def_delegator :@dsl, :named_run_list
     def_delegator :@dsl, :named_run_lists
     def_delegator :@dsl, :errors
-    def_delegator :@dsl, :default_source
     def_delegator :@dsl, :cookbook_location_specs
+    def_delegator :@dsl, :included_policies
 
     attr_reader :dsl
     attr_reader :storage_config
@@ -67,6 +70,19 @@ module ChefDK
       @install_report = Policyfile::Reports::Install.new(ui: @ui, policyfile_compiler: self)
     end
 
+    def default_source(source_type = nil, source_argument = nil, &block)
+      if source_type.nil?
+        prepend_array = if included_policies.length > 0
+                          [included_policies_cookbook_source]
+                        else
+                          []
+                        end
+        prepend_array + dsl.default_source
+      else
+        dsl.default_source(source_type, source_argument, &block)
+      end
+    end
+
     def error!
       unless errors.empty?
         raise PolicyfileError, errors.join("\n")
@@ -79,7 +95,17 @@ module ChefDK
 
     def expanded_run_list
       # doesn't support roles yet...
-      Chef::RunList.new(*run_list)
+      concated_runlist = Chef::RunList.new
+      included_policies.each do |policy_spec|
+        lock = policy_spec.policyfile_lock
+        lock.run_list.each do |run_list_item|
+          concated_runlist << run_list_item
+        end
+      end
+      run_list.each do |run_list_item|
+        concated_runlist << run_list_item
+      end
+      concated_runlist
     end
 
     # copy of the expanded_run_list, properly formatted for use in a lockfile
@@ -88,8 +114,23 @@ module ChefDK
     end
 
     def expanded_named_run_lists
-      named_run_lists.inject({}) do |expanded, (name, run_list_items)|
-        expanded[name] = Chef::RunList.new(*run_list_items)
+      included_policies_named_runlists = included_policies.inject({}) do |acc, policy_spec|
+        lock = policy_spec.policyfile_lock
+        lock.named_run_lists.inject(acc) do |expanded, (name, run_list_items)|
+          expanded[name] ||= Chef::RunList.new
+          run_list_items.each do |run_list_item|
+            expanded[name] << run_list_item
+          end
+          expanded
+        end
+        acc
+      end
+
+      named_run_lists.inject(included_policies_named_runlists) do |expanded, (name, run_list_items)|
+        expanded[name] ||= Chef::RunList.new
+        run_list_items.each do |run_list_item|
+          expanded[name] << run_list_item
+        end
         expanded
       end
     end
@@ -102,11 +143,19 @@ module ChefDK
     end
 
     def default_attributes
-      dsl.node_attributes.combined_default.to_hash
+      check_for_default_attribute_conflicts!
+      included_policies.map { |p| p.policyfile_lock }.inject(
+        dsl.node_attributes.combined_default.to_hash) do |acc, lock|
+          Chef::Mixin::DeepMerge.merge(acc, lock.default_attributes)
+        end
     end
 
     def override_attributes
-      dsl.node_attributes.combined_override.to_hash
+      check_for_override_attribute_conflicts!
+      included_policies.map { |p| p.policyfile_lock }.inject(
+        dsl.node_attributes.combined_override.to_hash) do |acc, lock|
+          Chef::Mixin::DeepMerge.merge(acc, lock.override_attributes)
+        end
     end
 
     def lock
@@ -208,16 +257,9 @@ module ChefDK
     end
 
     def graph_demands
-      cookbooks_for_demands.map do |cookbook_name|
-        spec = cookbook_location_spec_for(cookbook_name)
-        if spec.nil?
-          [ cookbook_name, DEFAULT_DEMAND_CONSTRAINT ]
-        elsif spec.version_fixed?
-          [ cookbook_name, "= #{spec.version}" ]
-        else
-          [ cookbook_name, spec.version_constraint.to_s ]
-        end
-      end
+      ## TODO: By merging cookbooks from the current policyfile and included policies,
+      #        we lose the ability to know where a conflict came from
+      (cookbook_demands_from_current + cookbook_demands_from_policies)
     end
 
     def artifacts_graph
@@ -411,5 +453,76 @@ module ChefDK
       dependency_set
     end
 
+    def check_for_default_attribute_conflicts!
+      checker = Policyfile::AttributeMergeChecker.new
+      checker.with_attributes("user-specified", dsl.node_attributes.combined_default)
+      included_policies.map do |policy_spec|
+        lock = policy_spec.policyfile_lock
+        checker.with_attributes(policy_spec.name, lock.default_attributes)
+      end
+      checker.check!
+    end
+
+    def check_for_override_attribute_conflicts!
+      checker = Policyfile::AttributeMergeChecker.new
+      checker.with_attributes("user-specified", dsl.node_attributes.combined_override)
+      included_policies.map do |policy_spec|
+        lock = policy_spec.policyfile_lock
+        checker.with_attributes(policy_spec.name, lock.override_attributes)
+      end
+      checker.check!
+    end
+
+    def cookbook_demands_from_policies
+      included_policies.flat_map do |policy_spec|
+        lock = policy_spec.policyfile_lock
+        lock.solution_dependencies.to_lock["Policyfile"]
+      end
+    end
+
+    def cookbook_demands_from_current
+      cookbooks_for_demands.map do |cookbook_name|
+        spec = cookbook_location_spec_for(cookbook_name)
+        if spec.nil?
+          [ cookbook_name, DEFAULT_DEMAND_CONSTRAINT ]
+        elsif spec.version_fixed?
+          [ cookbook_name, "= #{spec.version}" ]
+        else
+          [ cookbook_name, spec.version_constraint.to_s ]
+        end
+      end
+    end
+
+    def included_policies_cookbook_source
+      @included_policies_cookbook_source ||= begin
+        source = Policyfile::IncludedPoliciesCookbookSource.new(included_policies)
+        handle_included_policies_preferred_cookbook_conflicts(source)
+        source
+      end
+    end
+
+    def handle_included_policies_preferred_cookbook_conflicts(included_policies_source)
+      # All cookbooks in the included policies are preferred.
+      conflicting_source_messages = []
+      dsl.default_source.reject { |s| s.null? }.each do |source_b|
+        conflicting_preferences = included_policies_source.preferred_cookbooks & source_b.preferred_cookbooks
+        next if conflicting_preferences.empty?
+        next if conflicting_preferences.all? do |cookbook_name|
+          version = included_policies_source.universe_graph[cookbook_name].keys.first
+          if included_policies_source.source_options_for(cookbook_name, version) == source_b.source_options_for(cookbook_name, version)
+            true
+          else
+            false
+          end
+        end
+        conflicting_source_messages << "#{source_b.desc} sets a preferred for cookbook(s) #{conflicting_preferences.join(', ')}. This conflicts with an included policy."
+      end
+      unless conflicting_source_messages.empty?
+        msg = "You may not override the cookbook sources for any cookbooks required by included policies.\n"
+        msg << conflicting_source_messages.join("\n") << "\n"
+        raise IncludePolicyCookbookSourceConflict.new(msg)
+      end
+    end
+
   end
 end

data/lib/chef-dk/policyfile_lock.rb

@@ -93,6 +93,8 @@ module ChefDK
 
     attr_reader :cookbook_locks
 
+    attr_reader :included_policy_locks
+
     attr_reader :install_report
 
     def initialize(storage_config, ui: nil)
@@ -108,6 +110,9 @@ module ChefDK
       @override_attributes = {}
 
       @solution_dependencies = Policyfile::SolutionDependencies.new
+
+      @included_policy_locks = []
+
       @install_report = InstallReport.new(ui: @ui, policyfile_lock: self)
     end
 
@@ -137,6 +142,7 @@ module ChefDK
         lock["name"] = name
         lock["run_list"] = run_list
         lock["named_run_lists"] = named_run_lists unless named_run_lists.empty?
+        lock["included_policy_locks"] = included_policy_locks
         lock["cookbook_locks"] = cookbook_locks_for_lockfile
         lock["default_attributes"] = default_attributes
         lock["override_attributes"] = override_attributes
@@ -249,6 +255,14 @@ module ChefDK
 
       @solution_dependencies = compiler.solution_dependencies
 
+      @included_policy_locks = compiler.included_policies.map do |policy|
+        {
+          "name" => policy.name,
+          "revision_id" => policy.revision_id,
+          "source_options" => policy.source_options_for_lock,
+        }
+      end
+
       self
     end
 
@@ -259,6 +273,7 @@ module ChefDK
       set_cookbook_locks_from_lock_data(lock_data)
       set_attributes_from_lock_data(lock_data)
       set_solution_dependencies_from_lock_data(lock_data)
+      set_included_policy_locks_from_lock_data(lock_data)
       self
     end
 
@@ -269,6 +284,7 @@ module ChefDK
       set_cookbook_locks_as_archives_from_lock_data(lock_data)
       set_attributes_from_lock_data(lock_data)
       set_solution_dependencies_from_lock_data(lock_data)
+      set_included_policy_locks_from_lock_data(lock_data)
       self
     end
 
@@ -517,6 +533,20 @@ module ChefDK
       @solution_dependencies = s
     end
 
+    def set_included_policy_locks_from_lock_data(lock_data)
+      locks = lock_data["included_policy_locks"]
+      if locks.nil?
+        @included_policy_locks = []
+      else
+        locks.each do |lock_info|
+          if !(%w{revision_id name source_options}.all? { |key| !lock_info[key].nil? })
+            raise InvalidLockfile, "lockfile included policy missing one of the required keys"
+          end
+        end
+        @included_policy_locks = locks
+      end
+    end
+
     def build_cookbook_lock_from_lock_data(name, lock_info)
       unless lock_info.kind_of?(Hash)
         raise InvalidLockfile, "lockfile cookbook_locks entries must be a Hash (JSON object). (got: #{lock_info.inspect})"