chef-zero 4.5.0 → 4.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6cc5716f0bde147efc79fb02be61275ea01aa654
-  data.tar.gz: d1a2c69275d9a2bc901f5024f47be5b821320e98
+  metadata.gz: ca7530fffb7dc24422a41d298d2411f8661d5e7d
+  data.tar.gz: a18a46c9da1936c3d89ec33e83d7e97ed0b82bb6
 SHA512:
-  metadata.gz: e0c7757da8314dad7ff5f58fe4423c7ee816b32138f59b16fcf9073e8b8fffc045b819781e81e119f85c553d44b6336e678c37d8aed0d729aae3f54ebbc48f3f
-  data.tar.gz: a606ffcd42a0001e1f1a43854d9f373e15f6000a29eb52129a0b5a0298eeff28675bb6d8d4e6991c179fd4b24e0a241623f9388b0d1e733f1e1a254cb9c13272
+  metadata.gz: 9e5a78f306534fc4849f8f40c1ba435d3efa9c8cebbd182e26b68e34c92a08aed491c5259780847c0cf05ab19480cc485b61b12b01992b27ddad4a776be81897
+  data.tar.gz: 4add88aed368a2044f817a5f7caa2429a27c2d6f23e81c3054ba4a68270250c404f926abaf571c354069fcbe61dcbc4163ec9dc31e7255e77d0dd75e5302d553

data/Gemfile

@@ -3,7 +3,11 @@ gemspec
 
 # gem 'rest-client', :github => 'chef/rest-client'
 
-gem 'oc-chef-pedant', :github => 'chef/chef-server', :branch => "jk/authorization-tags"
+gem 'oc-chef-pedant', :github => 'chef/chef-server'
+
+group :changelog do
+  gem "github_changelog_generator"
+end
 
 # bundler resolve failure on "rspec_junit_formatter"
 # gem 'chef-pedant', :github => 'opscode/chef-pedant', :ref => "server-cli-option"

data/Rakefile

@@ -3,33 +3,43 @@ require 'bundler/gem_tasks'
 
 require 'chef_zero/version'
 
+def run_oc_pedant(env={})
+  ENV.update(env)
+  require File.expand_path('spec/run_oc_pedant')
+end
+
+ENV_DOCS = <<END
+Environment:
+ - RSPEC_OPTS   Options to pass to RSpec
+                e.g. RSPEC_OPTS="--fail-fast --profile 5"
+ - PEDANT_OPTS  Options to pass to oc-chef-pedant
+                e.g. PEDANT_OPTS="--focus-keys --skip-users"
+ - LOG_LEVEL    Set the log level (default: warn)
+                e.g. LOG_LEVEL=debug
+END
+
 task :default => :pedant
 
-desc "run specs"
+desc "Run specs"
 task :spec do
   system('rspec spec/*_spec.rb')
 end
 
-desc "run oc pedant"
-task :pedant do
-  require File.expand_path('spec/run_oc_pedant')
-end
+desc "Run oc-chef-pedant\n\n#{ENV_DOCS}"
+task :pedant => :oc_pedant
 
-desc "run pedant with CHEF_FS set"
+desc "Run oc-chef-pedant with CHEF_FS set\n\n#{ENV_DOCS}"
 task :cheffs do
-  ENV['CHEF_FS'] = "yes"
-  require File.expand_path('spec/run_oc_pedant')
+  run_oc_pedant('CHEF_FS' => 'yes')
 end
 
-desc "run pedant with FILE_STORE set"
+desc "Run oc-chef-pedant with FILE_STORE set\n\n#{ENV_DOCS}"
 task :filestore do
-  ENV['FILE_STORE'] = "yes"
-  require File.expand_path('spec/run_oc_pedant')
+  run_oc_pedant('FILE_STORE' => 'yes')
 end
 
-desc "run oc pedant"
 task :oc_pedant do
-  require File.expand_path('spec/run_oc_pedant')
+  run_oc_pedant
 end
 
 task :chef_spec do
@@ -42,11 +52,15 @@ task :berkshelf_spec do
   system("cd #{gem_path} && thor spec:ci")
 end
 
-require 'github_changelog_generator/task'
+begin
+  require "github_changelog_generator/task"
 
-GitHubChangelogGenerator::RakeTask.new :changelog do |config|
-  # config.future_release = ChefZero::VERSION
-  config.enhancement_labels = "enhancement,Enhancement,New Feature".split(',')
-  config.bug_labels = "bug,Bug,Improvement,Upstream Bug".split(',')
-  config.exclude_labels = "duplicate,question,invalid,wontfix,no_changelog".split(',')
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.future_release = ChefZero::VERSION
+    config.enhancement_labels = "enhancement,Enhancement,New Feature,Feature".split(",")
+    config.bug_labels = "bug,Bug,Improvement,Upstream Bug".split(",")
+    config.exclude_labels = "duplicate,question,invalid,wontfix,no_changelog,Exclude From Changelog,Question,Discussion".split(",")
+  end
+rescue LoadError
+  puts "github_changelog_generator is not available. gem install github_changelog_generator to generate changelogs"
 end

data/bin/chef-zero

@@ -31,7 +31,8 @@ OptionParser.new do |opts|
   opts.banner = "Usage: chef-zero [ARGS]"
 
   opts.on("-H", "--host HOST", "Host to bind to (default: 127.0.0.1)") do |value|
-    options[:host] = value
+    options[:host] ||= []
+    options[:host] << value
   end
 
   opts.on("-p", "--port PORT", "Port to listen on (e.g. 8889, or 8500-8600 or 8885,8888)") do |value|

data/chef-zero.gemspec

@@ -12,6 +12,8 @@ Gem::Specification.new do |s|
   s.homepage = 'http://www.opscode.com'
   s.license = 'Apache 2.0'
 
+  s.required_ruby_version = ">= 2.1.0"
+
   s.add_dependency 'mixlib-log',    '~> 1.3'
   s.add_dependency 'hashie',        '>= 2.0', '< 4.0'
   s.add_dependency 'uuidtools', '~> 2.1'
@@ -23,7 +25,6 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'pry-stack_explorer'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'github_changelog_generator'
   s.add_development_dependency 'chef'
 
   s.bindir       = 'bin'

data/lib/chef_zero/chef_data/cookbook_data.rb

@@ -108,6 +108,11 @@ module ChefZero
           cookbook_arg(:replacing, cookbook, version_constraints)
         end
 
+        def gem(*opts)
+          self[:gems] ||= []
+          self[:gems] << opts
+        end
+
         def recipe(recipe, description)
           self[:recipes][recipe] = description
         end

data/lib/chef_zero/chef_data/data_normalizer.rb

@@ -17,8 +17,8 @@ module ChefZero
       def self.normalize_client(client, name, orgname = nil)
         client['name'] ||= name
         client['clientname'] ||= name
-        client['admin'] = !!client['admin'] if client.has_key?('admin')
-        client['public_key'] ||= PUBLIC_KEY
+        client['admin'] = !!client['admin'] if client.key?('admin')
+        client['public_key'] = PUBLIC_KEY unless client.key?('public_key')
         client['orgname'] ||= orgname
         client['validator'] ||= false
         client['validator'] = !!client['validator']
@@ -36,7 +36,7 @@ module ChefZero
 
       def self.normalize_user(user, name, identity_keys, osc_compat, method=nil)
         user[identity_keys.first] ||= name
-        user['public_key'] ||= PUBLIC_KEY
+        user['public_key'] = PUBLIC_KEY unless user.key?('public_key')
         user['admin'] ||= false
         user['admin'] = !!user['admin']
         user['openid'] ||= nil

data/lib/chef_zero/data_store/data_error.rb

@@ -19,13 +19,14 @@
 module ChefZero
   module DataStore
     class DataError < StandardError
+      attr_reader :path, :cause
+
       def initialize(path, cause = nil)
         @path = path
         @cause = cause
+        path_for_msg = path.nil? ? "nil" : "/#{path.join('/')}"
+        super "Data path: #{path_for_msg}"
       end
-
-      attr_reader :path
-      attr_reader :cause
     end
   end
 end

data/lib/chef_zero/endpoints/actor_default_key_endpoint.rb

@@ -0,0 +1,77 @@
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # ActorDefaultKeyEndpoint
+    #
+    # This class handles DELETE/GET/PUT requests for client/user default public
+    # keys, i.e. requests with identity key "default". All others are handled
+    # by ActorKeyEndpoint.
+    #
+    # Default public keys are stored with the actor (client or user) instead of
+    # under user/client_keys. Handling those in a separate endpoint offloads
+    # the branching logic onto the router rather than branching in every
+    # endpoint method (`if request.rest_path[-1] == "default" ...`).
+    #
+    # /users/USER/keys/default
+    # /organizations/ORG/clients/CLIENT/keys/default
+    class ActorDefaultKeyEndpoint < RestBase
+      DEFAULT_PUBLIC_KEY_NAME = "default".freeze
+
+      def get(request)
+        # 404 if actor doesn't exist
+        actor_data = get_actor_data(request)
+        key_data = default_public_key_from_actor(actor_data)
+
+        # 404 if the actor doesn't have a default key
+        if key_data["public_key"].nil?
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+
+        json_response(200, default_public_key_from_actor(actor_data))
+      end
+
+      def delete(request)
+        path = actor_path(request)
+        actor_data = get_actor_data(request) # 404 if actor doesn't exist
+
+        default_public_key = delete_actor_default_public_key!(request, path, actor_data)
+        json_response(200, default_public_key)
+      end
+
+      def put(request)
+        # 404 if actor doesn't exist
+        actor_data = get_actor_data(request)
+
+        new_public_key = parse_json(request.body)["public_key"]
+        actor_data["public_key"] = new_public_key
+
+        set_data(request, actor_path(request), to_json(actor_data))
+      end
+
+      private
+
+      def actor_path(request)
+        return request.rest_path[0..3] if request.rest_path[2] == "clients"
+        request.rest_path[0..1]
+      end
+
+      def get_actor_data(request)
+        path = actor_path(request)
+        parse_json(get_data(request, path))
+      end
+
+      def default_public_key_from_actor(actor_data)
+        { "name" => DEFAULT_PUBLIC_KEY_NAME,
+          "public_key" => actor_data["public_key"],
+          "expiration_date" => "infinity" }
+      end
+
+      def delete_actor_default_public_key!(request, path, actor_data)
+        new_actor_data = actor_data.merge("public_key" => nil)
+        set_data(request, path, to_json(new_actor_data))
+        default_public_key_from_actor(actor_data)
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/actor_endpoint.rb

@@ -8,8 +8,19 @@ module ChefZero
     # /organizations/ORG/users/NAME
     # /users/NAME
     class ActorEndpoint < RestObjectEndpoint
+
+      def get(request)
+        result = super
+        user_data = parse_json(result[2])
+
+        user_data.delete("public_key") unless request.api_v0?
+
+        json_response(200, user_data)
+      end
+
       def delete(request)
         result = super
+
         if request.rest_path[0] == 'users'
           list_data(request, [ 'organizations' ]).each do |org|
             begin
@@ -18,12 +29,15 @@ module ChefZero
             end
           end
         end
+
+        delete_actor_keys!(request)
         result
       end
 
       def put(request)
         # Find out if we're updating the public key.
         request_body = FFI_Yajl::Parser.parse(request.body, :create_additions => false)
+
         if request_body['public_key'].nil?
           # If public_key is null, then don't overwrite it.  Weird patchiness.
           body_modified = true
@@ -33,18 +47,18 @@ module ChefZero
         end
 
         # Generate private_key if requested.
-        if request_body.has_key?('private_key')
+        if request_body.key?('private_key')
           body_modified = true
-          if request_body['private_key']
+
+          if request_body.delete('private_key')
             private_key, public_key = server.gen_key_pair
             updating_public_key = true
             request_body['public_key'] = public_key
           end
-          request_body.delete('private_key')
         end
 
-        # Save request
-        request.body = FFI_Yajl::Encoder.encode(request_body, :pretty => true) if body_modified
+        # Put modified body back in `request.body`
+        request.body = to_json(request_body) if body_modified
 
         # PUT /clients is patchy
         request.body = patch_request_body(request)
@@ -53,27 +67,29 @@ module ChefZero
 
         # Inject private_key into response, delete public_key/password if applicable
         if result[0] == 200 || result[0] == 201
+          client_or_user_name = identity_key_value(request) || request.rest_path[-1]
+
+          if is_rename?(request)
+            rename_keys!(request, client_or_user_name)
+          end
+
           if request.rest_path[0] == 'users'
-            key = nil
-            identity_keys.each do |identity_key|
-              key ||= request_body[identity_key]
-            end
-            key ||= request.rest_path[-1]
             response = {
-              'uri' => build_uri(request.base_uri, [ 'users', key ])
+              'uri' => build_uri(request.base_uri, [ 'users', client_or_user_name ])
             }
           else
-            response = FFI_Yajl::Parser.parse(result[2], :create_additions => false)
+            response = parse_json(result[2])
           end
 
-          if request.rest_path[2] == 'clients'
+          if client?(request)
             response['private_key'] = private_key ? private_key : false
           else
             response['private_key'] = private_key if private_key
+            response.delete('public_key') unless updating_public_key
           end
 
-          response.delete('public_key') if !updating_public_key && request.rest_path[2] == 'users'
           response.delete('password')
+
           json_response(result[0], response)
         else
           result
@@ -81,13 +97,86 @@ module ChefZero
       end
 
       def populate_defaults(request, response_json)
-        response = FFI_Yajl::Parser.parse(response_json, :create_additions => false)
-        if request.rest_path[2] == 'clients'
-          response = ChefData::DataNormalizer.normalize_client(response,request.rest_path[3], request.rest_path[1])
+        response = parse_json(response_json)
+
+        populated_response =
+          if client?(request)
+            ChefData::DataNormalizer.normalize_client(
+              response,
+              response["name"] || request.rest_path[-1],
+              request.rest_path[1]
+            )
+          else
+            ChefData::DataNormalizer.normalize_user(
+              response,
+              response["username"] || request.rest_path[-1],
+              identity_keys,
+              server.options[:osc_compat],
+              request.method
+            )
+          end
+
+        to_json(populated_response)
+      end
+
+      private
+
+      # Move key data to new path
+      def rename_keys!(request, new_client_or_user_name)
+        orig_keys_path = keys_path_base(request)
+        new_keys_path = orig_keys_path.dup
+                          .tap {|path| path[-2] = new_client_or_user_name }
+
+        key_names = list_data_or_else(request, orig_keys_path, nil)
+        return unless key_names # No keys to move
+
+        key_names.each do |key_name|
+          # Get old data
+          orig_path = [ *orig_keys_path, key_name ]
+          data = get_data(request, orig_path, :data_store_exceptions)
+
+          # Copy data to new path
+          create_data(
+            request,
+            new_keys_path, key_name,
+            data,
+            :create_dir
+          )
+        end
+
+        # Delete original data
+        delete_data_dir(request, orig_keys_path, :recursive, :data_store_exceptions)
+      end
+
+      def delete_actor_keys!(request)
+        path = keys_path_base(request)[0..-2]
+        delete_data_dir(request, path, :recursive, :data_store_exceptions)
+      rescue DataStore::DataNotFoundError
+      end
+
+      def client?(request, rest_path=nil)
+        rest_path ||= request.rest_path
+        request.rest_path[2] == "clients"
+      end
+
+      # Return the data store keys path for the request client or user, e.g.
+      #
+      #     [ "organizations", <org>, "client_keys", <client>, "keys" ]
+      #
+      # Or:
+      #
+      #     [ "user_keys", <user>, "keys" ]
+      #
+      def keys_path_base(request, client_or_user_name=nil)
+        rest_path = (rest_path || request.rest_path).dup
+        rest_path[-1] = client_or_user_name if client_or_user_name
+
+        if client?(request, rest_path)
+          [ *rest_path[0..1], "client_keys" ]
         else
-          response = ChefData::DataNormalizer.normalize_user(response, request.rest_path[3], identity_keys, server.options[:osc_compat], request.method)
+          [ "user_keys" ]
         end
-        FFI_Yajl::Encoder.encode(response, :pretty => true)
+        .push(rest_path.last, "keys")
       end
     end
   end