chef 0.10.10.beta.1 → 0.10.10.rc.1

data/lib/chef/certificate.rb

@@ -26,16 +26,16 @@ require 'fileutils'
 class Chef
   class Certificate
     class << self
-  
+
       # Generates a new CA Certificate and Key, and writes them out to
       # Chef::Config[:signing_ca_cert] and Chef::Config[:signing_ca_key].
       def generate_signing_ca
         ca_cert_file = Chef::Config[:signing_ca_cert]
-        ca_keypair_file = Chef::Config[:signing_ca_key] 
+        ca_keypair_file = Chef::Config[:signing_ca_key]
 
         unless File.exists?(ca_cert_file) && File.exists?(ca_keypair_file)
           Chef::Log.info("Creating new signing certificate")
-        
+
           [ ca_cert_file, ca_keypair_file ].each do |f|
             ca_basedir = File.dirname(f)
             FileUtils.mkdir_p ca_basedir
@@ -47,11 +47,11 @@ class Chef
           ca_cert.version = 3
           ca_cert.serial = 1
           info = [
-            ["C", Chef::Config[:signing_ca_country]], 
-            ["ST", Chef::Config[:signing_ca_state]], 
-            ["L", Chef::Config[:signing_ca_location]], 
+            ["C", Chef::Config[:signing_ca_country]],
+            ["ST", Chef::Config[:signing_ca_state]],
+            ["L", Chef::Config[:signing_ca_location]],
             ["O", Chef::Config[:signing_ca_org]],
-            ["OU", "Certificate Service"], 
+            ["OU", "Certificate Service"],
             ["CN", "#{Chef::Config[:signing_ca_domain]}/emailAddress=#{Chef::Config[:signing_ca_email]}"]
           ]
           ca_cert.subject = ca_cert.issuer = OpenSSL::X509::Name.new(info)
@@ -80,52 +80,19 @@ class Chef
       end
 
       # Creates a new key pair, and signs them with the signing certificate
-      # and key generated from generate_signing_ca above.  
+      # and key generated from generate_signing_ca above.
       #
-      # @param [String] The common name for the key pair.
-      # @param [Optional String] The subject alternative name.
-      # @return [Object, Object] The public and private key objects.
-      def gen_keypair(common_name, subject_alternative_name = nil)
+      # All arguments are unused, though two arguments are accepted for compatibility.
+      #
+      # returns an array of [public_key, private_key]
+      def gen_keypair(common_name=nil, subject_alternative_name = nil)
 
         Chef::Log.info("Creating new key pair for #{common_name}")
 
         # generate client keypair
         client_keypair = OpenSSL::PKey::RSA.generate(2048)
 
-        client_cert = OpenSSL::X509::Certificate.new
-
-        ca_cert = OpenSSL::X509::Certificate.new(File.read(Chef::Config[:signing_ca_cert]))
-
-        info = [
-          ["C", Chef::Config[:signing_ca_country]], 
-          ["ST", Chef::Config[:signing_ca_state]], 
-          ["L", Chef::Config[:signing_ca_location]], 
-          ["O", Chef::Config[:signing_ca_org]],
-          ["OU", "Certificate Service"], 
-          ["CN", common_name ]
-        ]
-
-        client_cert.subject = OpenSSL::X509::Name.new(info)
-        client_cert.issuer = ca_cert.subject
-        client_cert.not_before = Time.now
-        client_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
-        client_cert.public_key = client_keypair.public_key
-        client_cert.serial = 1
-        client_cert.version = 3
-
-        ef = OpenSSL::X509::ExtensionFactory.new
-        ef.subject_certificate = client_cert
-        ef.issuer_certificate = ca_cert
-
-        client_cert.extensions = [
-                ef.create_extension("basicConstraints", "CA:FALSE", true),
-                ef.create_extension("subjectKeyIdentifier", "hash")
-        ]
-        client_cert.add_extension ef.create_extension("subjectAltName", subject_alternative_name) if subject_alternative_name
-
-        client_cert.sign(OpenSSL::PKey::RSA.new(File.read(Chef::Config[:signing_ca_key])), OpenSSL::Digest::SHA1.new)
-
-        return client_cert.public_key, client_keypair
+        return client_keypair.public_key, client_keypair
       end
 
       def gen_validation_key(name=Chef::Config[:validation_client_name], key_file=Chef::Config[:validation_key], admin=false)
@@ -133,12 +100,12 @@ class Chef
         api_client = Chef::ApiClient.new
         api_client.name(name)
         api_client.admin(admin)
-        
+
         begin
           # If both the couch record and file exist, don't do anything. Otherwise,
           # re-generate the validation key.
           Chef::ApiClient.cdb_load(name)
-          
+
           # The couch document was loaded successfully if we got to here; if we
           # can't also load the file on the filesystem, we'll regenerate it all.
           File.open(key_file, "r") do |file|
@@ -155,14 +122,14 @@ class Chef
               Chef::Log.fatal("Could not de-index (to rabbitmq) previous validation key - rabbitmq is down! Start rabbitmq then restart chef-server to re-generate it")
               raise
             end
-            
+
             create_validation_key(api_client, key_file)
           else
             raise
           end
         end
       end
-      
+
       private
       def create_validation_key(api_client, key_file)
         Chef::Log.info("Creating validation key...")
@@ -178,7 +145,7 @@ class Chef
           # re-raise so the error bubbles out and nukes chef-server
           raise e
         end
-        
+
         key_dir = File.dirname(key_file)
         FileUtils.mkdir_p(key_dir) unless File.directory?(key_dir)
         File.open(key_file, File::WRONLY|File::CREAT, 0600) do |f|

data/lib/chef/client.rb

@@ -124,12 +124,14 @@ class Chef
     attr_reader :run_status
 
     # Creates a new Chef::Client.
-    def initialize(json_attribs=nil)
+    def initialize(json_attribs=nil, args={})
       @json_attribs = json_attribs
       @node = nil
       @run_status = nil
       @runner = nil
       @ohai = Ohai::System.new
+      @override_runlist = args.delete(:override_runlist)
+      runlist_override_sanity_check!
     end
 
     # Do a full run for this Chef::Client.  Calls:
@@ -193,6 +195,7 @@ class Chef
         run_context = Chef::RunContext.new(node, Chef::CookbookCollection.new(cookbook_hash))
       end
       run_status.run_context = run_context
+
       run_context.load(@run_list_expansion)
       assert_cookbook_path_not_empty(run_context)
       run_context
@@ -201,6 +204,10 @@ class Chef
     def save_updated_node
       unless Chef::Config[:solo]
         Chef::Log.debug("Saving the current state of node #{node_name}")
+        if(@original_runlist)
+          @node.run_list(*@original_original)
+          @node[:runlist_override_history] = {Time.now.to_i => @override_runlist.inspect}
+        end
         @node.save
       end
     end
@@ -246,6 +253,16 @@ class Chef
       # determine which versions of cookbooks to use.
       @node.reset_defaults_and_overrides
       @node.consume_external_attrs(ohai.data, @json_attribs)
+
+      unless(@override_runlist.empty?)
+        @original_runlist = @node.run_list.run_list_items.dup
+        runlist_override_sanity_check!
+        @node.run_list(*@override_runlist)
+        Chef::Log.warn "Run List override has been provided."
+        Chef::Log.warn "Original Run List: [#{@original_runlist.join(', ')}]"
+        Chef::Log.warn "Overridden Run List: [#{@node.run_list}]"
+      end
+
       if Chef::Config[:solo]
         @run_list_expansion = @node.expand!('disk')
       else
@@ -316,6 +333,19 @@ class Chef
 
     private
 
+    # Ensures runlist override contains RunListItem instances
+    def runlist_override_sanity_check!
+      @override_runlist = @override_runlist.split(',') if @override_runlist.is_a?(String)
+      @override_runlist = [@override_runlist].flatten.compact
+      @override_runlist.map! do |item|
+        if(item.is_a?(Chef::RunList::RunListItem))
+          item
+        else
+          Chef::RunList::RunListItem.new(item)
+        end
+      end
+    end
+
     def directory_not_empty?(path)
       File.exists?(path) && (Dir.entries(path).size > 2)
     end

data/lib/chef/json_compat.rb

@@ -17,7 +17,7 @@
 
 # Wrapper class for interacting with JSON.
 
-require 'json'
+require 'yajl/json_gem'
 
 class Chef
   class JSONCompat

data/lib/chef/knife.rb

@@ -281,14 +281,31 @@ class Chef
 
     def configure_chef
       unless config[:config_file]
+        candidate_configs = []
+
+        # Look for $KNIFE_HOME/knife.rb (allow multiple knives config on same machine)
+        if ENV['KNIFE_HOME']
+          candidate_configs << File.join(ENV['KNIFE_HOME'], 'knife.rb')
+        end
+        # Look for $PWD/knife.rb
+        if Dir.pwd
+          candidate_configs << File.join(Dir.pwd, 'knife.rb')
+        end
+        # Look for $UPWARD/.chef/knife.rb
         if self.class.chef_config_dir
-          candidate_config = File.expand_path('knife.rb',self.class.chef_config_dir)
-          config[:config_file] = candidate_config if File.exist?(candidate_config)
+          candidate_configs << File.join(self.class.chef_config_dir, 'knife.rb')
+        end
+        # Look for $HOME/.chef/knife.rb
+        if ENV['HOME']
+          candidate_configs << File.join(ENV['HOME'], '.chef', 'knife.rb')
         end
-        # If we haven't set a config yet and $HOME is set, and the home
-        # knife.rb exists, use it:
-        if (!config[:config_file]) && ENV['HOME'] && File.exist?(File.join(ENV['HOME'], '.chef', 'knife.rb'))
-          config[:config_file] = File.join(ENV['HOME'], '.chef', 'knife.rb')
+
+        candidate_configs.each do | candidate_config |
+          candidate_config = File.expand_path(candidate_config)
+          if File.exist?(candidate_config)
+            config[:config_file] = candidate_config
+            break
+          end
         end
       end
 

data/lib/chef/knife/bootstrap.rb

@@ -105,6 +105,13 @@ class Chef
         :description => "Comma separated list of roles/recipes to apply",
         :proc => lambda { |o| o.split(/[\s,]+/) },
         :default => []
+      
+      option :first_boot_attributes,
+        :short => "-j JSON_ATTRIBS",
+        :long => "--json-attributes",
+        :description => "A JSON string to be added to the first run of chef-client",
+        :proc => lambda { |o| JSON.parse(o) },
+        :default => {}
 
       option :host_key_verify,
         :long => "--[no-]host-key-verify",

data/lib/chef/knife/bootstrap/archlinux-gems.erb

@@ -53,7 +53,7 @@ EOP
 
 (
 cat <<'EOP'
-<%= { "run_list" => @run_list }.to_json %>
+<%= first_boot.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 

data/lib/chef/knife/bootstrap/centos5-gems.erb

@@ -49,7 +49,7 @@ EOP
 
 (
 cat <<'EOP'
-<%= { "run_list" => @run_list }.to_json %>
+<%= first_boot.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 

data/lib/chef/knife/bootstrap/chef-full.erb

@@ -52,7 +52,7 @@ EOP
 
 (
 cat <<'EOP'
-<%= { "run_list" => @run_list }.to_json %>
+<%= first_boot.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 

data/lib/chef/knife/bootstrap/fedora13-gems.erb

@@ -36,7 +36,7 @@ EOP
 
 (
 cat <<'EOP'
-<%= { "run_list" => @run_list }.to_json %>
+<%= first_boot.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 

data/lib/chef/knife/bootstrap/ubuntu10.04-apt.erb

@@ -43,7 +43,7 @@ echo 'https_proxy "knife_config[:bootstrap_proxy]"' >> /etc/chef/client.rb
 
 (
 cat <<'EOP'
-<%= { "run_list" => @run_list }.to_json %>
+<%= first_boot.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 

data/lib/chef/knife/bootstrap/ubuntu10.04-gems.erb

@@ -43,7 +43,7 @@ EOP
 
 (
 cat <<'EOP'
-<%= { "run_list" => @run_list }.to_json %>
+<%= first_boot.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 

data/lib/chef/knife/core/bootstrap_context.rb

@@ -94,6 +94,10 @@ CONFIG
         def chef_version
           knife_config[:bootstrap_version] || Chef::VERSION
         end
+        
+        def first_boot
+          (@config[:first_boot_attributes] || {}).merge(:run_list => @run_list)
+        end
 
       end
     end

data/lib/chef/knife/core/generic_presenter.rb

@@ -70,7 +70,7 @@ class Chef
             require 'stringio'
             # If you were looking for some attribute and there is only one match
             # just dump the attribute value
-            if data.length == 1 and config[:attribute]
+            if config[:attribute] and data.length == 1
               data.values[0]
             else
               out = StringIO.new

data/lib/chef/knife/core/object_loader.rb

@@ -24,6 +24,11 @@ class Chef
         attr_reader :ui
         attr_reader :klass
 
+        class ObjectType
+          FILE = 1
+          FOLDER = 2
+        end
+
         def initialize(klass, ui)
           @klass = klass
           @ui = ui
@@ -31,12 +36,13 @@ class Chef
 
         def load_from(repo_location, *components)
           unless object_file = find_file(repo_location, *components)
-            ui.error "Could not find or open file for #{components.join(' ')}"
+            ui.error "Could not find or open file '#{components.last}' in current directory or in '#{repo_location}/#{components.join('/')}'"
             exit 1
           end
           object_from_file(object_file)
         end
 
+        # When someone makes this awesome, please update the above error message.
         def find_file(repo_location, *components)
           if file_exists_and_is_readable?(File.expand_path( components.last ))
             File.expand_path( components.last )
@@ -50,10 +56,41 @@ class Chef
           end
         end
 
+        # Find all objects in the given location
+        # If the object type is File it will look for all *.{json,rb}
+        # files, otherwise it will lookup for folders only (useful for
+        # data_bags)
+        #
+        # @param [String] path - base look up location
+        #
+        # @return [Array<String>] basenames of the found objects
+        #
+        # @api public
+        def find_all_objects(path)
+          path = File.join(path, '*')
+          path << '.{json,rb}'
+          objects = Dir.glob(File.expand_path(path))
+          objects.map { |o| File.basename(o) }
+        end
+
+        def find_all_object_dirs(path)
+          path = File.join(path, '*')
+          objects = Dir.glob(File.expand_path(path))
+          objects.delete_if { |o| !File.directory?(o) }
+          objects.map { |o| File.basename(o) }
+        end
+
         def object_from_file(filename)
           case filename
           when /\.(js|json)$/
-            Chef::JSONCompat.from_json(IO.read(filename))
+            r = Yajl::Parser.parse(IO.read(filename))
+
+            # Chef::DataBagItem doesn't work well with the json_create method
+            if @klass == Chef::DataBagItem
+              r
+            else
+              @klass.json_create(r)
+            end
           when /\.rb$/
             r = klass.new
             r.from_file(filename)

data/lib/chef/knife/data_bag_from_file.rb

@@ -7,9 +7,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -31,7 +31,7 @@ class Chef
         require 'chef/encrypted_data_bag_item'
       end
 
-      banner "knife data bag from file BAG FILE (options)"
+      banner "knife data bag from file BAG FILE|FOLDER [FILE|FOLDER..] (options)"
       category "data bag"
 
       option :secret,
@@ -43,6 +43,11 @@ class Chef
       :long => "--secret-file SECRET_FILE",
       :description => "A file containing the secret key to use to encrypt data bag item values"
 
+      option :all,
+      :short => "-a",
+      :long  => "--all",
+      :description => "Upload all data bags"
+
       def read_secret
         if config[:secret]
           config[:secret]
@@ -64,23 +69,67 @@ class Chef
       end
 
       def run
-        if @name_args.size != 2
-          ui.msg(opt_parser)
-          exit(1)
+        if config[:all] == true
+          load_all_data_bags(@name_args)
+        else
+          if @name_args.size < 2
+            ui.msg(opt_parser)
+            exit(1)
+          end
+          @data_bag = @name_args.shift
+          load_data_bag_items(@data_bag, @name_args)
+        end
+      end
+
+      private
+      def data_bags_path
+        @data_bag_path ||= "data_bags"
+      end
+
+      def find_all_data_bags
+        loader.find_all_object_dirs("./#{data_bags_path}")
+      end
+
+      def find_all_data_bag_items(data_bag)
+        loader.find_all_objects("./#{data_bags_path}/#{data_bag}")
+      end
+
+      def load_all_data_bags(args)
+        data_bags = args.empty? ? find_all_data_bags : [args.shift]
+        data_bags.each do |data_bag|
+          load_data_bag_items(data_bag)
+        end
+      end
+
+      def load_data_bag_items(data_bag, items = nil)
+        items ||= find_all_data_bag_items(data_bag)
+        item_paths = normalize_item_paths(items)
+        item_paths.each do |item_path|
+          item = loader.load_from("#{data_bags_path}", data_bag, item_path)
+          item = if use_encryption
+                   secret = read_secret
+                   Chef::EncryptedDataBagItem.encrypt_data_bag_item(item, secret)
+                 else
+                   item
+                 end
+          dbag = Chef::DataBagItem.new
+          dbag.data_bag(data_bag)
+          dbag.raw_data = item
+          dbag.save
+          ui.info("Updated data_bag_item[#{dbag.data_bag}::#{dbag.id}]")
+        end
+      end
+
+      def normalize_item_paths(args)
+        paths = Array.new
+        args.each do |path|
+          if File.directory?(path)
+            paths.concat(Dir.glob(File.join(path, "*.json")))
+          else
+            paths << path
+          end
         end
-        @data_bag, @item_path = @name_args[0], @name_args[1]
-        item = loader.load_from("data_bags", @data_bag, @item_path)
-        item = if use_encryption
-                 secret = read_secret
-                 Chef::EncryptedDataBagItem.encrypt_data_bag_item(item, secret)
-               else
-                 item
-               end
-        dbag = Chef::DataBagItem.new
-        dbag.data_bag(@name_args[0])
-        dbag.raw_data = item
-        dbag.save
-        ui.info("Updated data_bag_item[#{dbag.data_bag}::#{dbag.id}]")
+        paths
       end
     end
   end