chef-zero 2.2.1 → 3.0.0.rc.1

data/lib/chef_zero/endpoints/user_association_requests_endpoint.rb

@@ -0,0 +1,19 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /users/USER/association_requests
+    class UserAssociationRequestsEndpoint < RestBase
+      def get(request)
+        get_data(request, request.rest_path[0..-2])
+        username = request.rest_path[1]
+        result = list_data(request, [ 'organizations' ]).select do |org|
+          exists_data?(request, [ 'organizations', org, 'association_requests', username ])
+        end
+        result = result.map { |org| { "id" => "#{username}-#{org}", "orgname" => org } }
+        json_response(200, result)
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/user_organizations_endpoint.rb

@@ -0,0 +1,22 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /users/USER/organizations
+    class UserOrganizationsEndpoint < RestBase
+      def get(request)
+        username = request.rest_path[1]
+        result = list_data(request, [ 'organizations' ]).select do |orgname|
+          exists_data?(request, [ 'organizations', orgname, 'users', username ])
+        end
+        result = result.map do |orgname|
+          org = get_data(request, [ 'organizations', orgname, 'org' ])
+          org = JSON.parse(org, :create_additions => false)
+          ChefData::DataNormalizer.normalize_organization(org, orgname)
+        end
+        json_response(200, result)
+      end
+    end
+  end
+end

data/lib/chef_zero/rest_base.rb

@@ -1,6 +1,7 @@
 require 'chef_zero/rest_request'
 require 'chef_zero/rest_error_response'
 require 'chef_zero/data_store/data_not_found_error'
+require 'chef_zero/chef_data/acl_path'
 
 module ChefZero
   class RestBase
@@ -21,7 +22,7 @@ module ChefZero
         accept_methods_str = accept_methods.map { |m| m.to_s.upcase }.join(', ')
         return [405, {"Content-Type" => "text/plain", "Allow" => accept_methods_str}, "Bad request method for '#{request.env['REQUEST_PATH']}': #{request.env['REQUEST_METHOD']}"]
       end
-      if json_only && request.env['HTTP_ACCEPT'] && !request.env['HTTP_ACCEPT'].split(';').include?('application/json')
+      if json_only && !accepts?(request, 'application', 'json')
         return [406, {"Content-Type" => "text/plain"}, "Must accept application/json"]
       end
       # Dispatch to get()/post()/put()/delete()
@@ -37,6 +38,14 @@ module ChefZero
       true
     end
 
+    def accepts?(request, category, type)
+      # If HTTP_ACCEPT is not sent at all, assume it accepts anything
+      # This parses as per http://tools.ietf.org/html/rfc7231#section-5.3
+      return true if !request.env['HTTP_ACCEPT']
+      accepts = request.env['HTTP_ACCEPT'].split(/,\s*/).map { |x| x.split(';',2)[0].strip }
+      return accepts.include?("#{category}/#{type}") || accepts.include?("#{category}/*") || accepts.include?('*/*')
+    end
+
     def get_data(request, rest_path=nil, *options)
       rest_path ||= request.rest_path
       begin
@@ -44,27 +53,43 @@ module ChefZero
       rescue DataStore::DataNotFoundError
         if options.include?(:nil)
           nil
+        elsif options.include?(:data_store_exceptions)
+          raise
         else
           raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, rest_path)}")
         end
       end
     end
 
-    def list_data(request, rest_path=nil)
+    def list_data(request, rest_path=nil, *options)
       rest_path ||= request.rest_path
       begin
         data_store.list(rest_path)
       rescue DataStore::DataNotFoundError
-        raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, rest_path)}")
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, rest_path)}")
+        end
       end
     end
 
-    def delete_data(request, rest_path=nil)
+    def delete_data(request, rest_path=nil, *options)
       rest_path ||= request.rest_path
       begin
-        data_store.delete(rest_path)
+        data_store.delete(rest_path, *options)
+      rescue DataStore::DataNotFoundError
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+      end
+
+      begin
+        acl_path = ChefData::AclPath.get_acl_data_path(rest_path)
+        data_store.delete(acl_path) if acl_path
       rescue DataStore::DataNotFoundError
-        raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
       end
     end
 
@@ -73,27 +98,68 @@ module ChefZero
       begin
         data_store.delete_dir(rest_path, *options)
       rescue DataStore::DataNotFoundError
-        raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+      end
+
+      begin
+        acl_path = ChefData::AclPath.get_acl_data_path(rest_path)
+        data_store.delete(acl_path) if acl_path
+      rescue DataStore::DataNotFoundError
       end
     end
 
     def set_data(request, rest_path, data, *options)
       rest_path ||= request.rest_path
       begin
-        data_store.set(rest_path, request.body, *options)
+        data_store.set(rest_path, data, *options, :requestor => request.requestor)
       rescue DataStore::DataNotFoundError
-        raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+      end
+    end
+
+    def create_data_dir(request, rest_path, name, *options)
+      rest_path ||= request.rest_path
+      begin
+        data_store.create_dir(rest_path, name, *options, :requestor => request.requestor)
+      rescue DataStore::DataNotFoundError
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(404, "Parent not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+      rescue DataStore::DataAlreadyExistsError
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(409, "Object already exists: #{build_uri(request.base_uri, request.rest_path + [name])}")
+        end
       end
     end
 
     def create_data(request, rest_path, name, data, *options)
       rest_path ||= request.rest_path
       begin
-        data_store.create(rest_path, name, data, *options)
+        data_store.create(rest_path, name, data, *options, :requestor => request.requestor)
       rescue DataStore::DataNotFoundError
-        raise RestErrorResponse.new(404, "Parent not found: #{build_uri(request.base_uri, request.rest_path)}")
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(404, "Parent not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
       rescue DataStore::DataAlreadyExistsError
-        raise RestErrorResponse.new(409, "Object already exists: #{build_uri(request.base_uri, request.rest_path + [name])}")
+        if options.include?(:data_store_exceptions)
+          raise
+        else
+          raise RestErrorResponse.new(409, "Object already exists: #{build_uri(request.base_uri, request.rest_path + [name])}")
+        end
       end
     end
 
@@ -112,7 +178,7 @@ module ChefZero
     end
 
     def json_response(response_code, json)
-      already_json_response(response_code, FFI_Yajl::Encoder.encode(json, :pretty => true))
+      already_json_response(response_code, JSON.pretty_generate(json))
     end
 
     def already_json_response(response_code, json_text)

data/lib/chef_zero/rest_error_response.rb

@@ -1,5 +1,5 @@
 module ChefZero
-  class RestErrorResponse < Exception
+  class RestErrorResponse < StandardError
     def initialize(response_code, error)
       @response_code = response_code
       @error = error

data/lib/chef_zero/rest_request.rb

@@ -14,6 +14,10 @@ module ChefZero
       @base_uri ||= "#{env['rack.url_scheme']}://#{env['HTTP_HOST']}#{env['SCRIPT_NAME']}"
     end
 
+    def requestor
+      @env['HTTP_X_OPS_USERID']
+    end
+
     def method
       @env['REQUEST_METHOD']
     end

data/lib/chef_zero/rest_router.rb

@@ -17,6 +17,7 @@ module ChefZero
     def call(request)
       begin
         ChefZero::Log.debug(request)
+        ChefZero::Log.debug(request.body) if request.body
 
         clean_path = "/" + request.rest_path.join("/")
 

data/lib/chef_zero/rspec.rb

@@ -34,7 +34,7 @@ module ChefZero
             default_opts
           end
 
-          if ChefZero::RSpec.server && server_opts.any? { |opt, value| ChefZero::RSpec.server.options[opt] != value }
+          if ChefZero::RSpec.server && server_opts != ChefZero::RSpec.server.options
             ChefZero::RSpec.server.stop
             ChefZero::RSpec.server = nil
           end
@@ -77,32 +77,79 @@ module ChefZero
           end
         end
 
+        def self.organization(name, org = '{}')
+          before(:each) do
+            ChefZero::RSpec.server.data_store.set([ 'organizations', name, 'org' ], dejsonize(org), :create_dir, :create)
+            @current_org = name
+          end
+        end
+
+        def self.acl(path, acl)
+          before(:each) do
+            path = [ 'organizations', @current_org || 'chef' ] + path.split('/')
+            ChefZero::RSpec.server.data_store.set(ChefData::AclPath.get_acl_data_path(path), acl)
+          end
+        end
+
+        def self.group(name, group)
+          before(:each) do
+            path = [ 'organizations', @current_org || 'chef' ] + path.split('/')
+            ChefZero::RSpec.server.data_store.set([ 'organizations', @current_org || 'chef', 'groups', name ], dejsonize(group), :create)
+          end
+        end
+
+        def self.org_invite(username)
+          before(:each) do
+            ChefZero::RSpec.server.data_store.set([ 'organizations', @current_org || 'chef', 'users', username ], '{}', :create)
+          end
+        end
+
+        def self.org_members(name, *members)
+          before(:each) do
+            members.each do |member|
+              ChefZero::RSpec.server.set([ 'organizations', @current_org || 'chef', 'users', member], '{}')
+            end
+          end
+        end
+
         def self.client(name, client)
-          before(:each) { ChefZero::RSpec.server.load_data({ 'clients' => { name => client }}) }
+          before(:each) { ChefZero::RSpec.server.load_data({ 'clients' => { name => client }}, @current_org) }
         end
 
         def self.cookbook(name, version, cookbook, options = {})
-          before(:each) { ChefZero::RSpec.server.load_data({ 'cookbooks' => { "#{name}-#{version}" => cookbook.merge(options) }}) }
+          before(:each) { ChefZero::RSpec.server.load_data({ 'cookbooks' => { "#{name}-#{version}" => cookbook.merge(options) }}, @current_org) }
         end
 
         def self.data_bag(name, data_bag)
-          before(:each) { ChefZero::RSpec.server.load_data({ 'data' => { name => data_bag }}) }
+          before(:each) { ChefZero::RSpec.server.load_data({ 'data' => { name => data_bag }}, @current_org) }
         end
 
         def self.environment(name, environment)
-          before(:each) { ChefZero::RSpec.server.load_data({ 'environments' => { name => environment }}) }
+          before(:each) { ChefZero::RSpec.server.load_data({ 'environments' => { name => environment }}, @current_org) }
         end
 
         def self.node(name, node)
-          before(:each) { ChefZero::RSpec.server.load_data({ 'nodes' => { name => node }}) }
+          before(:each) { ChefZero::RSpec.server.load_data({ 'nodes' => { name => node }}, @current_org) }
         end
 
         def self.role(name, role)
-          before(:each) { ChefZero::RSpec.server.load_data({ 'roles' => { name => role }}) }
+          before(:each) { ChefZero::RSpec.server.load_data({ 'roles' => { name => role }}, @current_org) }
         end
 
         def self.user(name, user)
-          before(:each) { ChefZero::RSpec.server.load_data({ 'users' => { name => user }}) }
+          if ChefZero::RSpec.server.options[:osc_compat]
+            before(:each) { ChefZero::RSpec.server.load_data({ 'users' => { name => user }}, @current_org) }
+          else
+            before(:each) { ChefZero::RSpec.server.set([ 'users', name ], dejsonize(user)) }
+          end
+        end
+
+        def self.dejsonize(data)
+          if data.is_a?(String)
+            data
+          else
+            JSON.pretty_generate(value)
+          end
         end
 
 #        after :each do

data/lib/chef_zero/server.rb

@@ -24,24 +24,32 @@ require 'stringio'
 
 require 'rack'
 require 'webrick'
+require 'webrick/https'
 
 require 'chef_zero'
-require 'chef_zero/cookbook_data'
+require 'chef_zero/chef_data/cookbook_data'
 require 'chef_zero/rest_router'
 require 'chef_zero/data_store/memory_store_v2'
 require 'chef_zero/data_store/v1_to_v2_adapter'
+require 'chef_zero/data_store/default_facade'
 require 'chef_zero/version'
 
+require 'chef_zero/endpoints/rest_list_endpoint'
 require 'chef_zero/endpoints/authenticate_user_endpoint'
+require 'chef_zero/endpoints/acls_endpoint'
+require 'chef_zero/endpoints/acl_endpoint'
 require 'chef_zero/endpoints/actors_endpoint'
 require 'chef_zero/endpoints/actor_endpoint'
 require 'chef_zero/endpoints/cookbooks_endpoint'
 require 'chef_zero/endpoints/cookbook_endpoint'
 require 'chef_zero/endpoints/cookbook_version_endpoint'
+require 'chef_zero/endpoints/containers_endpoint'
+require 'chef_zero/endpoints/container_endpoint'
 require 'chef_zero/endpoints/data_bags_endpoint'
 require 'chef_zero/endpoints/data_bag_endpoint'
 require 'chef_zero/endpoints/data_bag_item_endpoint'
-require 'chef_zero/endpoints/rest_list_endpoint'
+require 'chef_zero/endpoints/groups_endpoint'
+require 'chef_zero/endpoints/group_endpoint'
 require 'chef_zero/endpoints/environment_endpoint'
 require 'chef_zero/endpoints/environment_cookbooks_endpoint'
 require 'chef_zero/endpoints/environment_cookbook_endpoint'
@@ -49,7 +57,16 @@ require 'chef_zero/endpoints/environment_cookbook_versions_endpoint'
 require 'chef_zero/endpoints/environment_nodes_endpoint'
 require 'chef_zero/endpoints/environment_recipes_endpoint'
 require 'chef_zero/endpoints/environment_role_endpoint'
+require 'chef_zero/endpoints/license_endpoint'
 require 'chef_zero/endpoints/node_endpoint'
+require 'chef_zero/endpoints/organizations_endpoint'
+require 'chef_zero/endpoints/organization_endpoint'
+require 'chef_zero/endpoints/organization_association_requests_endpoint'
+require 'chef_zero/endpoints/organization_association_request_endpoint'
+require 'chef_zero/endpoints/organization_authenticate_user_endpoint'
+require 'chef_zero/endpoints/organization_users_endpoint'
+require 'chef_zero/endpoints/organization_user_endpoint'
+require 'chef_zero/endpoints/organization_validator_key_endpoint'
 require 'chef_zero/endpoints/principal_endpoint'
 require 'chef_zero/endpoints/role_endpoint'
 require 'chef_zero/endpoints/role_environments_endpoint'
@@ -57,6 +74,11 @@ require 'chef_zero/endpoints/sandboxes_endpoint'
 require 'chef_zero/endpoints/sandbox_endpoint'
 require 'chef_zero/endpoints/searches_endpoint'
 require 'chef_zero/endpoints/search_endpoint'
+require 'chef_zero/endpoints/system_recovery_endpoint'
+require 'chef_zero/endpoints/user_association_requests_endpoint'
+require 'chef_zero/endpoints/user_association_requests_count_endpoint'
+require 'chef_zero/endpoints/user_association_request_endpoint'
+require 'chef_zero/endpoints/user_organizations_endpoint'
 require 'chef_zero/endpoints/file_store_file_endpoint'
 require 'chef_zero/endpoints/not_found_endpoint'
 
@@ -67,11 +89,15 @@ module ChefZero
       :port => 8889,
       :log_level => :info,
       :generate_real_keys => true,
-      :single_org => 'chef'
+      :single_org => 'chef',
+      :ssl => false
     }.freeze
 
     def initialize(options = {})
       @options = DEFAULT_OPTIONS.merge(options)
+      if @options[:single_org] && !@options.has_key?(:osc_compat)
+        @options[:osc_compat] = true
+      end
       @options.freeze
 
       ChefZero::Log.level = @options[:log_level].to_sym
@@ -105,10 +131,11 @@ module ChefZero
     # @return [String]
     #
     def url
+      sch = @options[:ssl] ? 'https' : 'http'
       @url ||= if @options[:host].include?(':')
-                 URI("http://[#{@options[:host]}]:#{port}").to_s
+                 URI("#{sch}://[#{@options[:host]}]:#{port}").to_s
                else
-                 URI("http://#{@options[:host]}:#{port}").to_s
+                 URI("#{sch}://#{@options[:host]}:#{port}").to_s
                end
     end
 
@@ -119,15 +146,16 @@ module ChefZero
     #
     def data_store
       @data_store ||= begin
-        result = @options[:data_store] || DataStore::MemoryStoreV2.new
+        result = @options[:data_store] || DataStore::DefaultFacade.new(DataStore::MemoryStoreV2.new, options[:single_org], options[:osc_compat])
         if options[:single_org]
-          if result.respond_to?(:interface_version) && result.interface_version >= 2 && result.interface_version < 3
-            result.create_dir([ 'organizations' ], options[:single_org])
-          else
+
+          if !result.respond_to?(:interface_version) || result.interface_version == 1
             result = ChefZero::DataStore::V1ToV2Adapter.new(result, options[:single_org])
+            result = ChefZero::DataStore::DefaultFacade.new(result, options[:single_org], options[:osc_compat])
           end
+
         else
-          if !(result.respond_to?(:interface_version) && result.interface_version >= 2 && result.interface_version < 3)
+          if !result.respond_to?(:interface_version) || result.interface_version == 1
             raise "Multi-org not supported by data store #{result}!"
           end
         end
@@ -205,6 +233,8 @@ module ChefZero
         :DoNotListen => true,
         :AccessLog   => [],
         :Logger      => WEBrick::Log.new(StringIO.new, 7),
+        :SSLEnable  => options[:ssl],
+        :SSLCertName  => [ [ 'CN', WEBrick::Utils::getservername ] ],
         :StartCallback => proc {
           @running = true
         }
@@ -345,13 +375,13 @@ module ChefZero
       if contents['cookbooks']
         contents['cookbooks'].each_pair do |name_version, cookbook|
           if name_version =~ /(.+)-(\d+\.\d+\.\d+)$/
-            cookbook_data = CookbookData.to_hash(cookbook, $1, $2)
+            cookbook_data = ChefData::CookbookData.to_hash(cookbook, $1, $2)
           else
-            cookbook_data = CookbookData.to_hash(cookbook, name_version)
+            cookbook_data = ChefData::CookbookData.to_hash(cookbook, name_version)
           end
           raise "No version specified" if !cookbook_data[:version]
           data_store.create_dir(['organizations', org_name, 'cookbooks'], cookbook_data[:cookbook_name], :recursive)
-          data_store.set(['organizations', org_name, 'cookbooks', cookbook_data[:cookbook_name], cookbook_data[:version]], FFI_Yajl::Encoder.encode(cookbook_data, :pretty => true), :create)
+          data_store.set(['organizations', org_name, 'cookbooks', cookbook_data[:cookbook_name], cookbook_data[:version]], JSON.pretty_generate(cookbook_data), :create)
           cookbook_data.values.each do |files|
             next unless files.is_a? Array
             files.each do |file|
@@ -364,9 +394,6 @@ module ChefZero
 
     def clear_data
       data_store.clear
-      if options[:single_org]
-        data_store.create_dir([ 'organizations' ], options[:single_org])
-      end
     end
 
     def request_handler(&block)
@@ -384,8 +411,48 @@ module ChefZero
     private
 
     def open_source_endpoints
+      result = if options[:osc_compat]
+        # OSC-only
+        [
+          [ "/organizations/*/users", ActorsEndpoint.new(self) ],
+          [ "/organizations/*/users/*", ActorEndpoint.new(self) ],
+          [ "/organizations/*/authenticate_user", OrganizationAuthenticateUserEndpoint.new(self) ],
+        ]
+      else
+        # EC-only
+        [
+          [ "/organizations/*/users", OrganizationUsersEndpoint.new(self) ],
+          [ "/organizations/*/users/*", OrganizationUserEndpoint.new(self) ],
+          [ "/users", ActorsEndpoint.new(self, 'username') ],
+          [ "/users/*", ActorEndpoint.new(self, 'username') ],
+          [ "/users/_acl", AclsEndpoint.new(self) ],
+          [ "/users/_acl/*", AclEndpoint.new(self) ],
+          [ "/users/*/association_requests", UserAssociationRequestsEndpoint.new(self) ],
+          [ "/users/*/association_requests/count", UserAssociationRequestsCountEndpoint.new(self) ],
+          [ "/users/*/association_requests/*", UserAssociationRequestEndpoint.new(self) ],
+          [ "/users/*/organizations", UserOrganizationsEndpoint.new(self) ],
+          [ "/authenticate_user", AuthenticateUserEndpoint.new(self) ],
+          [ "/system_recovery", SystemRecoveryEndpoint.new(self) ],
+          [ "/license", LicenseEndpoint.new(self) ],
+
+          [ "/organizations", OrganizationsEndpoint.new(self) ],
+          [ "/organizations/*", OrganizationEndpoint.new(self) ],
+          [ "/organizations/*/_validator_key", OrganizationValidatorKeyEndpoint.new(self) ],
+          [ "/organizations/*/association_requests", OrganizationAssociationRequestsEndpoint.new(self) ],
+          [ "/organizations/*/association_requests/*", OrganizationAssociationRequestEndpoint.new(self) ],
+          [ "/organizations/*/containers", ContainersEndpoint.new(self) ],
+          [ "/organizations/*/containers/*", ContainerEndpoint.new(self) ],
+          [ "/organizations/*/groups", GroupsEndpoint.new(self) ],
+          [ "/organizations/*/groups/*", GroupEndpoint.new(self) ],
+          [ "/organizations/*/organizations/_acl", AclsEndpoint.new(self) ],
+          [ "/organizations/*/*/*/_acl", AclsEndpoint.new(self) ],
+          [ "/organizations/*/organizations/_acl/*", AclEndpoint.new(self) ],
+          [ "/organizations/*/*/*/_acl/*", AclEndpoint.new(self) ]
+        ]
+      end
+      result +
       [
-        [ "/organizations/*/authenticate_user", AuthenticateUserEndpoint.new(self) ],
+        # Both
         [ "/organizations/*/clients", ActorsEndpoint.new(self) ],
         [ "/organizations/*/clients/*", ActorEndpoint.new(self) ],
         [ "/organizations/*/cookbooks", CookbooksEndpoint.new(self) ],
@@ -413,10 +480,9 @@ module ChefZero
         [ "/organizations/*/sandboxes/*", SandboxEndpoint.new(self) ],
         [ "/organizations/*/search", SearchesEndpoint.new(self) ],
         [ "/organizations/*/search/*", SearchEndpoint.new(self) ],
-        [ "/organizations/*/users", ActorsEndpoint.new(self) ],
-        [ "/organizations/*/users/*", ActorEndpoint.new(self) ],
 
-        [ "/organizations/*/file_store/**", FileStoreFileEndpoint.new(self) ],
+        # Internal
+        [ "/organizations/*/file_store/**", FileStoreFileEndpoint.new(self) ]
       ]
     end
 
@@ -467,7 +533,7 @@ module ChefZero
     def dejsonize_children(hash)
       result = {}
       hash.each_pair do |key, value|
-        result[key] = value.is_a?(Hash) ? FFI_Yajl::Encoder.encode(value, :pretty => true) : value
+        result[key] = value.is_a?(Hash) ? JSON.pretty_generate(value) : value
       end
       result
     end