chef-infra-api 0.9.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2f1a019204906d755e2df904227b405895b18997286a0e01391c38e860c8f8eb
+  data.tar.gz: 8da7a860ead9c3a62ae286829b08e0edc9f039daa2664dd67864142efa929101
+SHA512:
+  metadata.gz: 0ed650663f51d8abc528c664aa62b947612e068924fa6a734f571a4a9ab48052a27b993d855ae627d6e1ace68a2debcd87b2eef8f41d84a23b2551212982da48
+  data.tar.gz: 7f955aecd324dd67821d5c82d8753cfb6eb010300b8dfd6565ee631def443a627aef218998a1e730c1a744fa9832889d8c4d323da26b4c115de102ebfd58f6a1

data/LICENSE

@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright 2013 Seth Vargo <sethvargo@gmail.com>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/lib/chef-api.rb

@@ -0,0 +1,96 @@
+require 'json'
+require 'logify'
+require 'pathname'
+require 'chef-api/version'
+
+module ChefAPI
+  autoload :Authentication,  'chef-api/authentication'
+  autoload :Boolean,         'chef-api/boolean'
+  autoload :Configurable,    'chef-api/configurable'
+  autoload :Connection,      'chef-api/connection'
+  autoload :Defaults,        'chef-api/defaults'
+  autoload :Error,           'chef-api/errors'
+  autoload :ErrorCollection, 'chef-api/error_collection'
+  autoload :Multipart,       'chef-api/multipart'
+  autoload :Resource,        'chef-api/resource'
+  autoload :Schema,          'chef-api/schema'
+  autoload :Util,            'chef-api/util'
+  autoload :Validator,       'chef-api/validator'
+
+  #
+  # @todo Document this and why it's important
+  #
+  UNSET = Object.new
+
+  class << self
+    include ChefAPI::Configurable
+
+    #
+    # Set the log level.
+    #
+    # @example Set the log level to :info
+    #   ChefAPI.log_level = :info
+    #
+    # @param [Symbol] level
+    #   the log level to set
+    #
+    def log_level=(level)
+      Logify.level = level
+    end
+
+    #
+    # Get the current log level.
+    #
+    # @return [Symbol]
+    #
+    def log_level
+      Logify.level
+    end
+
+    #
+    # The source root of the ChefAPI gem. This is useful when requiring files
+    # that are relative to the root of the project.
+    #
+    # @return [Pathname]
+    #
+    def root
+      @root ||= Pathname.new(File.expand_path('../../', __FILE__))
+    end
+
+    #
+    # API connection object based off the configured options in {Configurable}.
+    #
+    # @return [ChefAPI::Connection]
+    #
+    def connection
+      unless @connection && @connection.same_options?(options)
+        @connection = ChefAPI::Connection.new(options)
+      end
+
+      @connection
+    end
+
+    #
+    # Delegate all methods to the connection object, essentially making the
+    # module object behave like a {Connection}.
+    #
+    def method_missing(m, *args, &block)
+      if connection.respond_to?(m)
+        connection.send(m, *args, &block)
+      else
+        super
+      end
+    end
+
+    #
+    # Delegating +respond_to+ to the {Connection}.
+    #
+    def respond_to_missing?(m, include_private = false)
+      connection.respond_to?(m) || super
+    end
+  end
+end
+
+# Load the initial default values
+ChefAPI.setup
+

data/lib/chef-api/aclable.rb

@@ -0,0 +1,35 @@
+module ChefAPI
+  module AclAble
+    def acl_path
+      self.resource_path + '/_acl'
+    end
+
+    def load_acl
+      data = self.class.connection.get(acl_path)
+      # make deep copy
+      @orig_acl_data = Marshal.load(Marshal.dump(data))
+      data.freeze
+      @acl = data
+    end
+
+    def acl
+      unless @acl
+        self.load_acl
+      end
+      @acl
+    end
+
+    def save!
+      super
+      if @acl != @orig_acl_data
+        %w(create update grant read delete).each{|action|
+          if @acl[action] != @orig_acl_data[action]
+            url = "#{self.acl_path}/#{action}"
+            self.class.connection.put(url, {action => @acl[action]}.to_json)
+          end
+        }
+      end
+    end
+  end
+    
+end

data/lib/chef-api/authentication.rb

@@ -0,0 +1,300 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+require 'time'
+
+#
+# DEBUG steps:
+#
+# check .chomp
+#
+
+module ChefAPI
+  class Authentication
+    include Logify
+
+    # @todo: Enable this in the future when Mixlib::Authentication supports
+    # signing the full request body instead of just the uploaded file parameter.
+    SIGN_FULL_BODY = false
+
+    SIGNATURE = 'algorithm=sha1;version=1.0;'.freeze
+
+    # Headers
+    X_OPS_SIGN          = 'X-Ops-Sign'.freeze
+    X_OPS_USERID        = 'X-Ops-Userid'.freeze
+    X_OPS_TIMESTAMP     = 'X-Ops-Timestamp'.freeze
+    X_OPS_CONTENT_HASH  = 'X-Ops-Content-Hash'.freeze
+    X_OPS_AUTHORIZATION = 'X-Ops-Authorization'.freeze
+
+    class << self
+      #
+      # Create a new signing object from the given options. All options are
+      # required.
+      #
+      # @see (#initialize)
+      #
+      # @option options [String] :user
+      # @option options [String, OpenSSL::PKey::RSA] :key
+      # @option options [String, Symbol] verb
+      # @option options [String] :path
+      # @option options [String, IO] :body
+      #
+      def from_options(options = {})
+        user = options.fetch(:user)
+        key  = options.fetch(:key)
+        verb = options.fetch(:verb)
+        path = options.fetch(:path)
+        body = options.fetch(:body)
+
+        new(user, key, verb, path, body)
+      end
+    end
+
+    #
+    # Create a new Authentication object for signing. Creating an instance will
+    # not run any validations or perform any operations (this is on purpose).
+    #
+    # @param [String] user
+    #   the username/client/user of the user to sign the request. In Hosted
+    #   Chef land, this is your "client". In Supermarket land, this is your
+    #   "username".
+    # @param [String, OpenSSL::PKey::RSA] key
+    #   the path to a private key on disk, the raw private key (as a String),
+    #   or the raw private key (as an OpenSSL::PKey::RSA instance)
+    # @param [Symbol, String] verb
+    #   the verb for the request (e.g. +:get+)
+    # @param [String] path
+    #   the "path" part of the URI (e.g. +/path/to/resource+)
+    # @param [String, IO] body
+    #   the body to sign for the request, as a raw string or an IO object to be
+    #   read in chunks
+    #
+    def initialize(user, key, verb, path, body)
+      @user = user
+      @key  = key
+      @verb = verb
+      @path = path
+      @body = body
+    end
+
+    #
+    # The fully-qualified headers for this authentication object of the form:
+    #
+    #   {
+    #     'X-Ops-Sign'            => 'algorithm=sha1;version=1.1',
+    #     'X-Ops-Userid'          => 'sethvargo',
+    #     'X-Ops-Timestamp'       => '2014-07-07T02:17:15Z',
+    #     'X-Ops-Content-Hash'    => '...',
+    #     'x-Ops-Authorization-1' => '...'
+    #     'x-Ops-Authorization-2' => '...'
+    #     'x-Ops-Authorization-3' => '...'
+    #     # ...
+    #   }
+    #
+    # @return [Hash]
+    #   the signing headers
+    #
+    def headers
+      {
+        X_OPS_SIGN         => SIGNATURE,
+        X_OPS_USERID       => @user,
+        X_OPS_TIMESTAMP    => canonical_timestamp,
+        X_OPS_CONTENT_HASH => content_hash,
+      }.merge(signature_lines)
+    end
+
+    #
+    # The canonical body. This could be an IO object (such as +#body_stream+),
+    # an actual string (such as +#body+), or just the empty string if the
+    # request's body and stream was nil.
+    #
+    # @return [String, IO]
+    #
+    def content_hash
+      return @content_hash if @content_hash
+
+      if SIGN_FULL_BODY
+        @content_hash = hash(@body || '').chomp
+      else
+        if @body.is_a?(Multipart::MultiIO)
+          filepart = @body.ios.find { |io| io.is_a?(Multipart::MultiIO) }
+          file     = filepart.ios.find { |io| !io.is_a?(StringIO) }
+
+          @content_hash = hash(file).chomp
+        else
+          @content_hash = hash(@body || '').chomp
+        end
+      end
+
+      @content_hash
+    end
+
+    #
+    # Parse the given private key. Users can specify the private key as:
+    #
+    #   - the path to the key on disk
+    #   - the raw string key
+    #   - an +OpenSSL::PKey::RSA object+
+    #
+    # Any other implementations are not supported and will likely explode.
+    #
+    # @todo
+    #   Handle errors when the file cannot be read due to insufficient
+    #   permissions
+    #
+    # @return [OpenSSL::PKey::RSA]
+    #   the RSA private key as an OpenSSL object
+    #
+    def canonical_key
+      return @canonical_key if @canonical_key
+
+      log.info "Parsing private key..."
+
+      if @key.nil?
+        log.warn "No private key given!"
+        raise 'No private key given!'
+      end
+
+      if @key.is_a?(OpenSSL::PKey::RSA)
+        log.debug "Detected private key is an OpenSSL Ruby object"
+        @canonical_key = @key
+      elsif @key =~ /(.+)\.pem$/ || File.exists?(File.expand_path(@key))
+        log.debug "Detected private key is the path to a file"
+        contents = File.read(File.expand_path(@key))
+        @canonical_key = OpenSSL::PKey::RSA.new(contents)
+      else
+        log.debug "Detected private key was the literal string key"
+        @canonical_key = OpenSSL::PKey::RSA.new(@key)
+      end
+
+      @canonical_key
+    end
+
+
+    #
+    # The canonical path, with duplicate and trailing slashes removed. This
+    # value is then hashed.
+    #
+    # @example
+    #   "/zip//zap/foo" #=> "/zip/zap/foo"
+    #
+    # @return [String]
+    #
+    def canonical_path
+      @canonical_path ||= hash(@path.squeeze('/').gsub(/(\/)+$/,'')).chomp
+    end
+
+    #
+    # The iso8601 timestamp for this request. This value must be cached so it
+    # is persisted throughout this entire request.
+    #
+    # @return [String]
+    #
+    def canonical_timestamp
+      @canonical_timestamp ||= Time.now.utc.iso8601
+    end
+
+    #
+    # The uppercase verb.
+    #
+    # @example
+    #   :get #=> "GET"
+    #
+    # @return [String]
+    #
+    def canonical_method
+      @canonical_method ||= @verb.to_s.upcase
+    end
+
+    #
+    # The canonical request, from the path, body, user, and current timestamp.
+    #
+    # @return [String]
+    #
+    def canonical_request
+      [
+        "Method:#{canonical_method}",
+        "Hashed Path:#{canonical_path}",
+        "X-Ops-Content-Hash:#{content_hash}",
+        "X-Ops-Timestamp:#{canonical_timestamp}",
+        "X-Ops-UserId:#{@user}",
+      ].join("\n")
+    end
+
+    #
+    # The canonical request, encrypted by the given private key.
+    #
+    # @return [String]
+    #
+    def encrypted_request
+      canonical_key.private_encrypt(canonical_request)
+    end
+
+    #
+    # The +X-Ops-Authorization-N+ headers. This method takes the encrypted
+    # request, splits on a newline, and creates a signed header authentication
+    # request. N begins at 1, not 0 because the original author of
+    # Mixlib::Authentication did not believe in computer science.
+    #
+    # @return [Hash]
+    #
+    def signature_lines
+      signature = Base64.encode64(encrypted_request)
+      signature.split(/\n/).each_with_index.inject({}) do |hash, (line, index)|
+        hash["#{X_OPS_AUTHORIZATION}-#{index + 1}"] = line
+        hash
+      end
+    end
+
+    private
+
+    #
+    # Hash the given object.
+    #
+    # @param [String, IO] object
+    #   a string or IO object to hash
+    #
+    # @return [String]
+    #   the hashed value
+    #
+    def hash(object)
+      if object.respond_to?(:read)
+        digest_io(object)
+      else
+        digest_string(object)
+      end
+    end
+
+    #
+    # Digest the given IO, reading in 1024 bytes at one time.
+    #
+    # @param [IO] io
+    #   the IO (or File object)
+    #
+    # @return [String]
+    #
+    def digest_io(io)
+      digester = Digest::SHA1.new
+
+      while buffer = io.read(1024)
+        digester.update(buffer)
+      end
+
+      io.rewind
+
+      Base64.encode64(digester.digest)
+    end
+
+    #
+    # Digest a string.
+    #
+    # @param [String] string
+    #   the string to digest
+    #
+    # @return [String]
+    #
+    def digest_string(string)
+      Base64.encode64(Digest::SHA1.digest(string))
+    end
+  end
+end