chef-zero 2.2.1 → 3.0.0.rc.1

data/lib/chef_zero/endpoints/organization_users_endpoint.rb

@@ -0,0 +1,14 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /organizations/ORG/users
+    class OrganizationUsersEndpoint < RestBase
+      def get(request)
+        result = list_data(request).map { |username| { "user" => { "username" => username } } }
+        json_response(200, result)
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/organization_validator_key_endpoint.rb

@@ -0,0 +1,20 @@
+require 'json'
+require 'chef_zero/rest_base'
+require 'uuidtools'
+
+module ChefZero
+  module Endpoints
+    # /organizations/NAME/_validator_key
+    class OrganizationValidatorKeyEndpoint < RestBase
+      def post(request)
+        org_name = request.rest_path[-2]
+        validator_path = [ 'organizations', org_name, 'clients', "#{org_name}-validator"]
+        validator = JSON.parse(get_data(request, validator_path), :create_additions => false)
+        private_key, public_key = server.gen_key_pair
+        validator['public_key'] = public_key
+        set_data(request, validator_path, JSON.pretty_generate(validator))
+        json_response(200, { 'private_key' => private_key })
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/organizations_endpoint.rb

@@ -0,0 +1,55 @@
+require 'json'
+require 'chef_zero/rest_base'
+require 'uuidtools'
+
+module ChefZero
+  module Endpoints
+    # /organizations
+    class OrganizationsEndpoint < RestBase
+      def get(request)
+        result = {}
+        data_store.list(request.rest_path).each do |name|
+          result[name] = build_uri(request.base_uri, request.rest_path + [name])
+        end
+        json_response(200, result)
+      end
+
+      def post(request)
+        contents = request.body
+        name = JSON.parse(contents, :create_additions => false)['name']
+        if name.nil?
+          error(400, "Must specify 'name' in JSON")
+        elsif exists_data_dir?(request, request.rest_path + [ name ])
+          error(409, "Organization already exists")
+        else
+          create_data_dir(request, request.rest_path, name, :requestor => request.requestor)
+
+          org = {
+            "guid" => UUIDTools::UUID.random_create.to_s.gsub('-', ''),
+            "assigned_at" => Time.now.to_s
+          }
+          org_path = request.rest_path + [ name ]
+          set_data(request, org_path + [ 'org' ], JSON.pretty_generate(org))
+
+          if server.generate_real_keys?
+            # Create the validator client
+            validator_name = "#{name}-validator"
+            validator_path = org_path + [ 'clients', validator_name ]
+            private_key, public_key = server.gen_key_pair
+            validator = JSON.pretty_generate({
+              'validator' => true,
+              'public_key' => public_key
+            })
+            set_data(request, validator_path, validator)
+          end
+
+          json_response(201, {
+            "uri" => "#{build_uri(request.base_uri, org_path)}",
+            "clientname" => validator_name,
+            "private_key" => private_key
+          })
+        end
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/principal_endpoint.rb

@@ -1,4 +1,4 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero'
 require 'chef_zero/rest_base'
 
@@ -11,15 +11,27 @@ module ChefZero
         json = get_data(request, request.rest_path[0..1] + [ 'users', name ], :nil)
         if json
           type = 'user'
+          org_member = true
         else
           json = get_data(request, request.rest_path[0..1] + [ 'clients', name ], :nil)
-          type = 'client'
+          if json
+            type = 'client'
+            org_member = true
+          else
+            json = get_data(request, [ 'users', name ], :nil)
+            if json
+              type = 'user'
+              org_member = false
+            end
+          end
         end
         if json
           json_response(200, {
             'name' => name,
             'type' => type,
-            'public_key' => FFI_Yajl::Parser.parse(json)['public_key'] || PUBLIC_KEY
+            'public_key' => JSON.parse(json)['public_key'] || PUBLIC_KEY,
+            'authz_id' => '0'*32,
+            'org_member' => org_member
           })
         else
           error(404, 'Principal not found')

data/lib/chef_zero/endpoints/rest_list_endpoint.rb

@@ -1,16 +1,17 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero/rest_base'
 
 module ChefZero
   module Endpoints
     # Typical REST list endpoint (/roles or /data/BAG)
     class RestListEndpoint < RestBase
-      def initialize(server, identity_key = 'name')
+      def initialize(server, identity_keys = [ 'name' ])
         super(server)
-        @identity_key = identity_key
+        identity_keys = [ identity_keys ] if identity_keys.is_a?(String)
+        @identity_keys = identity_keys
       end
 
-      attr_reader :identity_key
+      attr_reader :identity_keys
 
       def get(request)
         # Get the result
@@ -25,7 +26,7 @@ module ChefZero
         contents = request.body
         key = get_key(contents)
         if key.nil?
-          error(400, "Must specify '#{identity_key}' in JSON")
+          error(400, "Must specify #{identity_keys.map { |k| k.inspect }.join(' or ')} in JSON")
         else
           create_data(request, request.rest_path, key, contents)
           json_response(201, {'uri' => "#{build_uri(request.base_uri, request.rest_path + [key])}"})
@@ -33,7 +34,8 @@ module ChefZero
       end
 
       def get_key(contents)
-        FFI_Yajl::Parser.parse(contents, :create_additions => false)[identity_key]
+        json = JSON.parse(contents, :create_additions => false)
+        identity_keys.map { |k| json[k] }.select { |v| v }.first
       end
     end
   end

data/lib/chef_zero/endpoints/rest_object_endpoint.rb

@@ -1,4 +1,4 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero/rest_base'
 require 'chef_zero/rest_error_response'
 
@@ -6,12 +6,13 @@ module ChefZero
   module Endpoints
     # Typical REST leaf endpoint (/roles/NAME or /data/BAG/NAME)
     class RestObjectEndpoint < RestBase
-      def initialize(server, identity_key = 'name')
+      def initialize(server, identity_keys = [ 'name' ])
         super(server)
-        @identity_key = identity_key
+        identity_keys = [ identity_keys ] if identity_keys.is_a?(String)
+        @identity_keys = identity_keys
       end
 
-      attr_reader :identity_key
+      attr_reader :identity_keys
 
       def get(request)
         already_json_response(200, populate_defaults(request, get_data(request)))
@@ -20,13 +21,14 @@ module ChefZero
       def put(request)
         # We grab the old body to trigger a 404 if it doesn't exist
         old_body = get_data(request)
-        request_json = FFI_Yajl::Parser.parse(request.body, :create_additions => false)
-        key = request_json[identity_key] || request.rest_path[-1]
+        request_json = JSON.parse(request.body, :create_additions => false)
+        key = identity_keys.map { |k| request_json[k] }.select { |v| v }.first
+        key ||= request.rest_path[-1]
         # If it's a rename, check for conflict and delete the old value
         rename = key != request.rest_path[-1]
         if rename
           begin
-            data_store.create(request.rest_path[0..1] + request.rest_path[2..-2], key, request.body)
+            create_data(request, request.rest_path[0..-2], key, request.body, :data_store_exceptions)
           rescue DataStore::DataAlreadyExistsError
             return error(409, "Cannot rename '#{request.rest_path[-1]}' to '#{key}': '#{key}' already exists")
           end
@@ -47,11 +49,11 @@ module ChefZero
       def patch_request_body(request)
         existing_value = get_data(request, nil, :nil)
         if existing_value
-          request_json = FFI_Yajl::Parser.parse(request.body, :create_additions => false)
-          existing_json = FFI_Yajl::Parser.parse(existing_value, :create_additions => false)
+          request_json = JSON.parse(request.body, :create_additions => false)
+          existing_json = JSON.parse(existing_value, :create_additions => false)
           merged_json = existing_json.merge(request_json)
           if merged_json.size > request_json.size
-            return FFI_Yajl::Encoder.encode(merged_json, :pretty => true)
+            return JSON.pretty_generate(merged_json)
           end
         end
         request.body

data/lib/chef_zero/endpoints/role_endpoint.rb

@@ -1,15 +1,15 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero/endpoints/rest_object_endpoint'
-require 'chef_zero/data_normalizer'
+require 'chef_zero/chef_data/data_normalizer'
 
 module ChefZero
   module Endpoints
     # /roles/NAME
     class RoleEndpoint < RestObjectEndpoint
       def populate_defaults(request, response_json)
-        role = FFI_Yajl::Parser.parse(response_json, :create_additions => false)
-        role = DataNormalizer.normalize_role(role, request.rest_path[3])
-        FFI_Yajl::Encoder.encode(role, :pretty => true)
+        role = JSON.parse(response_json, :create_additions => false)
+        role = ChefData::DataNormalizer.normalize_role(role, request.rest_path[3])
+        JSON.pretty_generate(role)
       end
     end
   end

data/lib/chef_zero/endpoints/role_environments_endpoint.rb

@@ -1,4 +1,4 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero/rest_base'
 
 module ChefZero
@@ -6,7 +6,7 @@ module ChefZero
     # /roles/NAME/environments
     class RoleEnvironmentsEndpoint < RestBase
       def get(request)
-        role = FFI_Yajl::Parser.parse(get_data(request, request.rest_path[0..3]), :create_additions => false)
+        role = JSON.parse(get_data(request, request.rest_path[0..3]), :create_additions => false)
         json_response(200, [ '_default' ] + (role['env_run_lists'].keys || []))
       end
     end

data/lib/chef_zero/endpoints/sandbox_endpoint.rb

@@ -1,13 +1,13 @@
 require 'chef_zero/rest_base'
 require 'chef_zero/rest_error_response'
-require 'ffi_yajl'
+require 'json'
 
 module ChefZero
   module Endpoints
     # /sandboxes/ID
     class SandboxEndpoint < RestBase
       def put(request)
-        existing_sandbox = FFI_Yajl::Parser.parse(get_data(request), :create_additions => false)
+        existing_sandbox = JSON.parse(get_data(request), :create_additions => false)
         existing_sandbox['checksums'].each do |checksum|
           if !exists_data?(request, request.rest_path[0..1] + ['file_store', 'checksums', checksum])
             raise RestErrorResponse.new(503, "Checksum not uploaded: #{checksum}")

data/lib/chef_zero/endpoints/sandboxes_endpoint.rb

@@ -1,4 +1,4 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero/rest_base'
 
 module ChefZero
@@ -13,7 +13,7 @@ module ChefZero
       def post(request)
         sandbox_checksums = []
 
-        needed_checksums = FFI_Yajl::Parser.parse(request.body, :create_additions => false)['checksums']
+        needed_checksums = JSON.parse(request.body, :create_additions => false)['checksums']
         result_checksums = {}
         needed_checksums.keys.each do |needed_checksum|
           if list_data(request, request.rest_path[0..1] + ['file_store', 'checksums']).include?(needed_checksum)
@@ -34,10 +34,10 @@ module ChefZero
         time_str = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%S%z')
         time_str = "#{time_str[0..21]}:#{time_str[22..23]}"
 
-        create_data(request, request.rest_path, id, FFI_Yajl::Encoder.encode({
+        create_data(request, request.rest_path, id, JSON.pretty_generate({
           :create_time => time_str,
           :checksums => sandbox_checksums
-        }, :pretty => true))
+        }))
 
         json_response(201, {
           :uri => build_uri(request.base_uri, request.rest_path + [id]),

data/lib/chef_zero/endpoints/search_endpoint.rb

@@ -1,6 +1,6 @@
-require 'ffi_yajl'
+require 'json'
 require 'chef_zero/endpoints/rest_object_endpoint'
-require 'chef_zero/data_normalizer'
+require 'chef_zero/chef_data/data_normalizer'
 require 'chef_zero/rest_error_response'
 require 'chef_zero/solr/solr_parser'
 require 'chef_zero/solr/solr_doc'
@@ -17,7 +17,7 @@ module ChefZero
 
       def post(request)
         full_results = search(request)
-        keys = FFI_Yajl::Parser.parse(request.body, :create_additions => false)
+        keys = JSON.parse(request.body, :create_additions => false)
         partial_results = full_results['rows'].map do |name, uri, doc, search_value|
           data = {}
           keys.each_pair do |key, path|
@@ -48,15 +48,15 @@ module ChefZero
       def search_container(request, index)
         relative_parts, normalize_proc = case index
         when 'client'
-          [ ['clients'], Proc.new { |client, name| DataNormalizer.normalize_client(client, name) } ]
+          [ ['clients'], Proc.new { |client, name| ChefData::DataNormalizer.normalize_client(client, name) } ]
         when 'node'
-          [ ['nodes'], Proc.new { |node, name| DataNormalizer.normalize_node(node, name) } ]
+          [ ['nodes'], Proc.new { |node, name| ChefData::DataNormalizer.normalize_node(node, name) } ]
         when 'environment'
-          [ ['environments'], Proc.new { |environment, name| DataNormalizer.normalize_environment(environment, name) } ]
+          [ ['environments'], Proc.new { |environment, name| ChefData::DataNormalizer.normalize_environment(environment, name) } ]
         when 'role'
-          [ ['roles'], Proc.new { |role, name| DataNormalizer.normalize_role(role, name) } ]
+          [ ['roles'], Proc.new { |role, name| ChefData::DataNormalizer.normalize_role(role, name) } ]
         else
-          [ ['data', index], Proc.new { |data_bag_item, id| DataNormalizer.normalize_data_bag_item(data_bag_item, index, id, 'DELETE') } ]
+          [ ['data', index], Proc.new { |data_bag_item, id| ChefData::DataNormalizer.normalize_data_bag_item(data_bag_item, index, id, 'DELETE') } ]
         end
         [
           request.rest_path[0..1] + relative_parts,
@@ -86,7 +86,7 @@ module ChefZero
           result
 
         elsif !%w(client environment role).include?(index)
-          DataNormalizer.normalize_data_bag_item(value, index, id, 'GET')
+          ChefData::DataNormalizer.normalize_data_bag_item(value, index, id, 'GET')
         else
           value
         end
@@ -110,7 +110,7 @@ module ChefZero
         result = []
         list_data(request, container).each do |name|
           value = get_data(request, container + [name])
-          expanded = expander.call(FFI_Yajl::Parser.parse(value, :create_additions => false), name)
+          expanded = expander.call(JSON.parse(value, :create_additions => false), name)
           result << [ name, build_uri(request.base_uri, container + [name]), expanded, expand_for_indexing(expanded, index, name) ]
         end
         result = result.select do |name, uri, value, search_value|

data/lib/chef_zero/endpoints/system_recovery_endpoint.rb

@@ -0,0 +1,30 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /system_recovery
+    class SystemRecoveryEndpoint < RestBase
+      def post(request)
+        request_json = JSON.parse(request.body, :create_additions => false)
+        name = request_json['username']
+        password = request_json['password']
+        user = get_data(request, request.rest_path[0..-2] + ['users', name], :nil)
+        if !user
+          raise RestErrorResponse.new(403, "Nonexistent user")
+        end
+
+        user = JSON.parse(user, :create_additions => false)
+        user = ChefData::DataNormalizer.normalize_user(user, name, [ 'username' ], server.options[:osc_compat])
+        if !user['recovery_authentication_enabled']
+          raise RestErrorResponse.new(403, "Only users with recovery_authentication_enabled=true may use /system_recovery to log in")
+        end
+        if user['password'] != password
+          raise RestErrorResponse.new(401, "Incorrect password")
+        end
+
+        json_response(200, user)
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/user_association_request_endpoint.rb

@@ -0,0 +1,40 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /users/USER/association_requests/ID
+    class UserAssociationRequestEndpoint < RestBase
+      def put(request)
+        username = request.rest_path[1]
+        id = request.rest_path[3]
+        if id !~ /^#{username}-(.+)/
+          raise RestErrorResponse.new(400, "Association request #{id} is invalid.  Must be #{username}-orgname.")
+        end
+        orgname = $1
+
+        json = JSON.parse(request.body, :create_additions => false)
+        association_request_path = [ 'organizations', orgname, 'association_requests', username ]
+        if json['response'] == 'accept'
+          users = get_data(request, [ 'organizations', orgname, 'groups', 'users' ])
+          users = JSON.parse(users, :create_additions => false)
+
+          delete_data(request, association_request_path)
+          create_data(request, [ 'organizations', orgname, 'users' ], username, '{}')
+
+          # Add the user to the users group if it isn't already there
+          if !users['users'] || !users['users'].include?(username)
+            users['users'] ||= []
+            users['users'] |= [ username ]
+            set_data(request, [ 'organizations', orgname, 'groups', 'users' ], JSON.pretty_generate(users))
+          end
+        elsif json['response'] == 'reject'
+          delete_data(request, association_request_path)
+        else
+          raise RestErrorResponse.new(400, "response parameter was missing or set to the wrong value (must be accept or reject)")
+        end
+        json_response(200, { 'organization' => { 'name' => orgname } })
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/user_association_requests_count_endpoint.rb

@@ -0,0 +1,19 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /users/NAME/association_requests/count
+    class UserAssociationRequestsCountEndpoint < RestBase
+      def get(request)
+        get_data(request, request.rest_path[0..-3])
+
+        username = request.rest_path[1]
+        result = list_data(request, [ 'organizations' ]).select do |org|
+          exists_data?(request, [ 'organizations', org, 'association_requests', username ])
+        end
+        json_response(200, { "value" => result.size })
+      end
+    end
+  end
+end