chef-zero 2.2.1 → 3.0.0.rc.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 34e265dc59ee4777d6ba4efdebaaf76a64c578f4
-  data.tar.gz: 35725b7a8b56e88b423602d8f437b610f0e9ea7c
+  metadata.gz: 8c3b229916ca80eb41cf861bc986a0bbc8198b7f
+  data.tar.gz: b4579df1962991a5f8377528e8e296ac2b25a22c
 SHA512:
-  metadata.gz: 052d0eefadf4f57e5cdc6de67f66707f8417af32bda63dee6287616ff0e940e67b491eb8b50b2903a3bbaf98b2a85cc4f2df303218f80d5d1e03a083ab287514
-  data.tar.gz: 1654216d04708f136e8d84b2ead621cd1eb061f039b8d9499eac3b4c29bcf10e834790ed6c7622c37528a66f5187994b08099e1416ea591bd2f00ededc271fa6
+  metadata.gz: 96d614e76573211f42078149a7db53d41e455c211f9278166b8a2c4318dd68ef9d13eb00349a23fe980f54ee5dd5761fa12098ffdea89eee0cce1249d96f8ae9
+  data.tar.gz: e0ae0d2811a84bb800f2f46135f6279cb2eddef045491ed7764c42f137b208fc9d4b02bf10f8a9940e202aad81b87e7095435d49d8c37029d4659dbc502f5b9c

data/README.md

@@ -1,3 +1,5 @@
+[![Stories in Ready](https://badge.waffle.io/opscode/chef-zero.png?label=ready&title=Ready)](https://waffle.io/opscode/chef-zero)[![Stories in Progress](https://badge.waffle.io/opscode/chef-zero.png?label=in+progress&title=In+Progress)](https://waffle.io/opscode/chef-zero)
+
 Chef Zero
 =========
 

data/Rakefile

@@ -10,7 +10,11 @@ task :spec do
 end
 
 task :pedant do
-  require File.expand_path('spec/run')
+  require File.expand_path('spec/run_pedant')
+end
+
+task :oc_pedant do
+  require File.expand_path('spec/run_oc_pedant')
 end
 
 task :chef_spec do

data/bin/chef-zero

@@ -8,6 +8,7 @@ $:.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")))
 
 require 'chef_zero/version'
 require 'chef_zero/server'
+require 'chef_zero/data_store/raw_file_store'
 require 'optparse'
 
 def parse_port(port)
@@ -49,6 +50,18 @@ OptionParser.new do |opts|
     options[:log_level] = value
   end
 
+  opts.on("--multi-org", "Whether to run in multi-org mode") do |value|
+    options[:single_org] = nil
+  end
+
+  opts.on("--file-store PATH", "Persist data to files at the given path") do |value|
+    options[:data_store] = ChefZero::DataStore::RawFileStore.new(value)
+  end
+
+  opts.on("--[no-]ssl", "Use SSL with self-signed certificate(Auto generate before every run).  Default: false.") do |value|
+    options[:ssl] = value
+  end
+
   opts.on_tail("-h", "--help", "Show this message") do
     puts opts
     exit
@@ -60,6 +73,10 @@ OptionParser.new do |opts|
   end
 end.parse!
 
+if options[:data_store]
+  options[:data_store] = ChefZero::DataStore::DefaultFacade.new(options[:data_store], options[:single_org], false)
+end
+
 server = ChefZero::Server.new(options)
 
 if options[:daemon]

data/lib/chef_zero/chef_data/acl_path.rb

@@ -0,0 +1,139 @@
+module ChefZero
+  module ChefData
+    # Manages translations between REST and ACL data paths
+    # and parent paths.
+    #
+    # Suggestions
+    # - make /organizations/ORG/_acl and deprecate organization/_acl and organizations/_acl
+    # - add endpoints for /containers/(users|organizations|containers)(/_acl)
+    # - add PUT for */_acl
+    # - add endpoints for /organizations/ORG/data/containers and /organizations/ORG/cookbooks/containers
+    # - sane, fully documented ACL model
+    # - sane inheritance / override model: if actors or groups are explicitly
+    #   specified on X, they are not inherited from X's parent
+    # - stop adding pivotal to acls (he already has access to what he needs)
+    module AclPath
+      ORG_DATA_TYPES = %w(clients cookbooks containers data environments groups nodes roles sandboxes)
+      TOP_DATA_TYPES = %w(containers organizations users)
+
+      # ACL data paths for a partition are:
+      # /          -> /acls/root
+      # /TYPE      -> /acls/containers/TYPE
+      # /TYPE/NAME -> /acls/TYPE/NAME
+      #
+      # The root partition "/" has its own acls, so it looks like this:
+      #
+      # / -> /acls/root
+      # /users -> /acls/containers/users
+      # /organizations -> /acls/containers/organizations
+      # /users/schlansky -> /acls/users/schlansky
+      #
+      # Each organization is its own partition, so it looks like this:
+      #
+      # /organizations/blah           -> /organizations/blah/acls/root
+      # /organizations/blah/roles     -> /organizations/blah/acls/containers/roles
+      # /organizations/blah/roles/web -> /organizations/blah/acls/roles/web
+      # /organizations/ORG is its own partition.  ACLs for anything under it follow
+
+      # This method takes a Chef REST path and returns the chef-zero path
+      # used to look up the ACL.  If an object does not have an ACL directly,
+      # it will return nil.  Paths like /organizations/ORG/data/bag/item will
+      # return nil, because it is the parent path (data/bag) that has an ACL.
+      def self.get_acl_data_path(path)
+        # Things under organizations have their own acls hierarchy
+        if path[0] == 'organizations' && path.size >= 2
+          under_org = partition_acl_data_path(path[2..-1], ORG_DATA_TYPES)
+          if under_org
+            path[0..1] + under_org
+          end
+        else
+          partition_acl_data_path(path, TOP_DATA_TYPES)
+        end
+      end
+
+      #
+      # Reverse transform from acl_data_path to path.
+      # /acls/root -> /
+      # /acls/** -> /**
+      # /organizations/ORG/acls/root -> /organizations/ORG
+      # /organizations/ORG/acls/** -> /organizations/ORG/**
+      #
+      # This means that /acls/containers/nodes maps to
+      # /containers/nodes, not /nodes.
+      #
+      def self.get_object_path(acl_data_path)
+        if acl_data_path[0] == 'acls'
+          if acl_data_path[1] == 'root'
+            []
+          else
+            acl_data_path[1..-1]
+          end
+        elsif acl_data_path[0] == 'organizations' && acl_data_path[2] == 'acls'
+          if acl_data_path[3] == 'root'
+            acl_data_path[0..1]
+          else
+            acl_data_path[0..1] + acl_data_path[3..-1]
+          end
+        end
+      end
+
+      # Method *assumes* acl_data_path is valid.
+      # /organizations/BLAH's parent is /organizations
+      #
+      # An example traversal up the whole tree:
+      # /organizations/foo/acls/nodes/mario ->
+      # /organizations/foo/acls/containers/nodes ->
+      # /organizations/foo/acls/containers/containers ->
+      # /organizations/foo/acls/root ->
+      # /acls/containers/organizations ->
+      # /acls/containers/containers ->
+      # /acls/root ->
+      # nil
+      def self.parent_acl_data_path(acl_data_path)
+        if acl_data_path[0] == 'organizations'
+          under_org = partition_parent_acl_data_path(acl_data_path[2..-1])
+          if under_org
+            acl_data_path[0..1] + under_org
+          else
+            # ACL data path is /organizations/X/acls/root; therefore parent is "/organizations"
+            [ 'acls', 'containers', 'organizations' ]
+          end
+        else
+          partition_parent_acl_data_path(acl_data_path)
+        end
+      end
+
+      private
+
+      # /acls/root -> nil
+      # /acls/containers/containers -> /acls/root
+      # /acls/TYPE/X -> /acls/containers/TYPE
+      #
+      # Method *assumes* acl_data_path is valid.
+      # Returns nil if the path is /acls/root
+      def self.partition_parent_acl_data_path(acl_data_path)
+        if acl_data_path.size == 3
+          if acl_data_path == %w(acls containers containers)
+            [ 'acls', 'root' ]
+          else
+            [ 'acls', 'containers', acl_data_path[1]]
+          end
+        else
+          nil
+        end
+      end
+
+      def self.partition_acl_data_path(path, data_types)
+        if path.size == 0
+          [ 'acls', 'root']
+        elsif data_types.include?(path[0])
+          if path.size == 0
+            [ 'acls', 'containers', path[0] ]
+          elsif path.size == 2
+            [ 'acls', path[0], path[1] ]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef_zero/chef_data/cookbook_data.rb

@@ -0,0 +1,240 @@
+require 'digest/md5'
+require 'hashie/mash'
+
+module ChefZero
+  module ChefData
+    module CookbookData
+      def self.to_hash(cookbook, name, version=nil)
+        frozen = false
+        if cookbook.has_key?(:frozen)
+          frozen = cookbook[:frozen]
+          cookbook = cookbook.dup
+          cookbook.delete(:frozen)
+        end
+
+        result = files_from(cookbook)
+        recipe_names = result[:recipes].map do |recipe|
+          recipe_name = recipe[:name][0..-2]
+          recipe_name == 'default' ? name : "#{name}::#{recipe_name}"
+        end
+        result[:metadata] = metadata_from(cookbook, name, version, recipe_names)
+        result[:name] = "#{name}-#{result[:metadata][:version]}"
+        result[:json_class] = 'Chef::CookbookVersion'
+        result[:cookbook_name] = name
+        result[:version] = result[:metadata][:version]
+        result[:chef_type] = 'cookbook_version'
+        result[:frozen?] = true if frozen
+        result
+      end
+
+      def self.metadata_from(directory, name, version, recipe_names)
+        metadata = PretendCookbookMetadata.new(PretendCookbook.new(name, recipe_names))
+        # If both .rb and .json exist, read .rb
+        # TODO if recipes has 3 recipes in it, and the Ruby/JSON has only one, should
+        # the resulting recipe list have 1, or 3-4 recipes in it?
+        if has_child(directory, 'metadata.rb')
+          begin
+            file = filename(directory, 'metadata.rb') || "(#{name}/metadata.rb)"
+            metadata.instance_eval(read_file(directory, 'metadata.rb'), file)
+          rescue
+            ChefZero::Log.error("Error loading cookbook #{name}: #{$!}\n  #{$!.backtrace.join("\n  ")}")
+          end
+        elsif has_child(directory, 'metadata.json')
+          metadata.from_json(read_file(directory, 'metadata.json'))
+        end
+        result = {}
+        metadata.to_hash.each_pair do |key,value|
+          result[key.to_sym] = value
+        end
+        result[:version] = version if version
+        result
+      end
+
+      private
+
+      # Just enough cookbook to make a Metadata object
+      class PretendCookbook
+        def initialize(name, fully_qualified_recipe_names)
+          @name = name
+          @fully_qualified_recipe_names = fully_qualified_recipe_names
+        end
+        attr_reader :name, :fully_qualified_recipe_names
+      end
+
+      # Handles loading configuration values from a Chef config file
+      #
+      # @author Justin Campbell <justin.campbell@riotgames.com>
+      class PretendCookbookMetadata < Hash
+        # @param [String] path
+        def initialize(cookbook)
+          self.name(cookbook.name)
+          self.recipes(cookbook.fully_qualified_recipe_names)
+          %w(attributes grouping dependencies supports recommendations suggestions conflicting providing replacing recipes).each do |hash_arg|
+            self[hash_arg.to_sym] = Hashie::Mash.new
+          end
+        end
+
+        def from_json(json)
+          self.merge!(JSON.parse(json))
+        end
+
+        private
+
+        def depends(cookbook, *version_constraints)
+          cookbook_arg(:dependencies, cookbook, version_constraints)
+        end
+
+        def supports(cookbook, *version_constraints)
+          cookbook_arg(:supports, cookbook, version_constraints)
+        end
+
+        def recommends(cookbook, *version_constraints)
+          cookbook_arg(:recommendations, cookbook, version_constraints)
+        end
+
+        def suggests(cookbook, *version_constraints)
+          cookbook_arg(:suggestions, cookbook, version_constraints)
+        end
+
+        def conflicts(cookbook, *version_constraints)
+          cookbook_arg(:conflicting, cookbook, version_constraints)
+        end
+
+        def provides(cookbook, *version_constraints)
+          cookbook_arg(:providing, cookbook, version_constraints)
+        end
+
+        def replaces(cookbook, *version_constraints)
+          cookbook_arg(:replacing, cookbook, version_constraints)
+        end
+
+        def recipe(recipe, description)
+          self[:recipes][recipe] = description
+        end
+
+        def attribute(name, options)
+          self[:attributes][name] = options
+        end
+
+        def grouping(name, options)
+          self[:grouping][name] = options
+        end
+
+        def cookbook_arg(key, cookbook, version_constraints)
+          self[key][cookbook] = version_constraints.first || ">= 0.0.0"
+        end
+
+        def method_missing(key, value = nil)
+          if value.nil?
+            self[key.to_sym]
+          else
+            store key.to_sym, value
+          end
+        end
+      end
+
+      def self.files_from(directory)
+        # TODO some support .rb only
+        result = {
+          :attributes => load_child_files(directory, 'attributes', false),
+          :definitions => load_child_files(directory, 'definitions', false),
+          :recipes => load_child_files(directory, 'recipes', false),
+          :libraries => load_child_files(directory, 'libraries', false),
+          :templates => load_child_files(directory, 'templates', true),
+          :files => load_child_files(directory, 'files', true),
+          :resources => load_child_files(directory, 'resources', true),
+          :providers => load_child_files(directory, 'providers', true),
+          :root_files => load_files(directory, false)
+        }
+        set_specificity(result[:templates])
+        set_specificity(result[:files])
+        result
+      end
+
+      def self.has_child(directory, name)
+        if directory.is_a?(Hash)
+          directory.has_key?(name)
+        else
+          directory.child(name).exists?
+        end
+      end
+
+      def self.read_file(directory, name)
+        if directory.is_a?(Hash)
+          directory[name]
+        else
+          directory.child(name).read
+        end
+      end
+
+      def self.filename(directory, name)
+        if directory.respond_to?(:file_path)
+          File.join(directory.file_path, name)
+        else
+          nil
+        end
+      end
+
+      def self.get_directory(directory, name)
+        if directory.is_a?(Hash)
+          directory[name].is_a?(Hash) ? directory[name] : nil
+        else
+          result = directory.child(name)
+          result.dir? ? result : nil
+        end
+      end
+
+      def self.list(directory)
+        if directory.is_a?(Hash)
+          directory.keys
+        else
+          directory.children.map { |c| c.name }
+        end
+      end
+
+      def self.load_child_files(parent, key, recursive)
+        result = load_files(get_directory(parent, key), recursive)
+        result.each do |file|
+          file[:path] = "#{key}/#{file[:path]}"
+        end
+        result
+      end
+
+      def self.load_files(directory, recursive)
+        result = []
+        if directory
+          list(directory).each do |child_name|
+            dir = get_directory(directory, child_name)
+            if dir
+              if recursive
+                result += load_child_files(directory, child_name, recursive)
+              end
+            else
+              result += load_file(read_file(directory, child_name), child_name)
+            end
+          end
+        end
+        result
+      end
+
+      def self.load_file(value, name)
+        [{
+          :name => name,
+          :path => name,
+          :checksum => Digest::MD5.hexdigest(value),
+          :specificity => 'default'
+        }]
+      end
+
+      def self.set_specificity(files)
+        files.each do |file|
+          parts = file[:path].split('/')
+          raise "Only directories are allowed directly under templates or files: #{file[:path]}" if parts.size == 2
+          file[:specificity] = parts[1]
+        end
+      end
+    end
+  end
+
+  CookbookData = ChefData::CookbookData
+end