chef 0.7.16 → 0.8.2

data/lib/chef/resource/pacman_package.rb

@@ -0,0 +1,33 @@
+#
+# Author:: Jan Zimmek (<jan.zimmek@web.de>)
+# Copyright:: Copyright (c) 2010 Jan Zimmek
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/resource/package'
+
+class Chef
+  class Resource
+    class PacmanPackage < Chef::Resource::Package
+        
+      def initialize(name, collection=nil, node=nil)
+        super(name, collection, node)
+        @resource_name = :pacman_package
+        @provider = Chef::Provider::Package::Pacman
+      end
+      
+    end
+  end
+end

data/lib/chef/resource/ruby_block.rb

@@ -1,15 +1,34 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: AJ Christensen (<aj@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 class Chef
   class Resource
     class RubyBlock < Chef::Resource
       def initialize(name, collection=nil, node=nil)
         super(name, collection, node)
         @resource_name = :ruby_block
-        @action = :create
+        @action = "create"
         @allowed_actions.push(:create)
       end
 
       def block(&block)
-        if block
+        if block_given? and block
           @block = block
         else
           @block

data/lib/chef/resource/scm.rb

@@ -67,6 +67,14 @@ class Chef
         )
       end
       
+      def group(arg=nil)
+        set_or_return(
+          :group,
+          arg,
+          :kind_of => [String, Integer]
+        )
+      end
+      
       def svn_username(arg=nil)
         set_or_return(
           :svn_username,

data/lib/chef/resource/subversion.rb

@@ -26,6 +26,7 @@ class Chef
         super(name, collection, node)
         @resource_name = :subversion
         @provider = Chef::Provider::Subversion
+        allowed_actions << :force_export
       end
       
     end

data/lib/chef/resource/user.rb

@@ -33,7 +33,10 @@ class Chef
         @shell = nil
         @password = nil
         @action = :create
-        @supports = { :manage_home => false }
+        @supports = { 
+          :manage_home => false,
+          :non_unique => false
+        }
         @allowed_actions.push(:create, :remove, :modify, :manage, :lock, :unlock)
       end
       
@@ -95,4 +98,4 @@ class Chef
       
     end
   end
-end
+end

data/lib/chef/resource/yum_package.rb

@@ -0,0 +1,36 @@
+#
+# Author:: AJ Christensen (<aj@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/resource/package'
+require 'chef/provider/package/yum'
+
+class Chef
+  class Resource
+    class YumPackage < Chef::Resource::Package
+        
+      def initialize(name, collection=nil, node=nil)
+        super(name, collection, node)
+        @resource_name = :yum_package
+        @provider = Chef::Provider::Package::Yum
+      end
+      
+    end
+  end
+end
+
+

data/lib/chef/resource_collection.rb

@@ -18,10 +18,13 @@
 #
 
 require 'chef/resource'
+require 'chef/resource_collection/stepable_iterator'
 
 class Chef
   class ResourceCollection
     include Enumerable
+    
+    attr_reader :iterator
 
     def initialize
       @resources = Array.new
@@ -29,6 +32,10 @@ class Chef
       @insert_after_idx = nil
     end
     
+    def all_resources
+      @resources
+    end
+    
     def [](index)
       @resources[index]
     end
@@ -67,23 +74,24 @@ class Chef
     end
     
     def push(*args)
-      args.flatten.each do |a|
-        is_chef_resource(a)
-        @resources.push(a)
-        @resources_by_name[a.to_s] = @resources.length - 1
+      args.flatten.each do |arg|
+        is_chef_resource(arg)
+        @resources.push(arg)
+        @resources_by_name[arg.to_s] = @resources.length - 1
       end
     end
   
     def each
-      @resources.each do |r|
-        yield r
+      @resources.each do |resource|
+        yield resource
       end
     end
 
-    def execute_each_resource
-      @resources.each_with_index do |r, idx|
+    def execute_each_resource(&resource_exec_block)
+      @iterator = StepableIterator.for_collection(@resources)
+      @iterator.each_with_index do |resource, idx|
         @insert_after_idx = idx
-        yield r
+        yield resource
       end
     end
     

data/lib/chef/resource_collection/stepable_iterator.rb

@@ -0,0 +1,124 @@
+# Author:: Daniel DeLeo (<dan@kallistec.com>)
+# Copyright:: Copyright (c) 2009 Daniel DeLeo
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class ResourceCollection
+    class StepableIterator
+      
+      def self.for_collection(new_collection)
+        instance = new(new_collection)
+        instance
+      end
+      
+      attr_accessor :collection
+      attr_reader :position
+      
+      def initialize(collection=[])
+        @position = 0
+        @paused = false
+        @collection = collection
+      end
+      
+      def size
+        collection.size
+      end
+      
+      def each(&block)
+        reset_iteration(block)
+        @iterator_type = :element
+        iterate
+      end
+      
+      def each_index(&block)
+        reset_iteration(block)
+        @iterator_type = :index
+        iterate
+      end
+      
+      def each_with_index(&block)
+        reset_iteration(block)
+        @iterator_type = :element_with_index
+        iterate
+      end
+      
+      def paused?
+        @paused
+      end
+      
+      def pause
+        @paused = true
+      end
+      
+      def resume
+        @paused = false
+        iterate
+      end
+      
+      def rewind
+        @position = 0
+      end
+      
+      def skip_back(skips=1)
+        @position -= skips
+      end
+      
+      def skip_forward(skips=1)
+        @position += skips
+      end
+      
+      def step
+        return nil if @position == size
+        call_iterator_block
+        @position += 1
+      end
+      
+      def iterate_on(iteration_type, &block)
+        @iterator_type = iteration_type
+        @iterator_block = block
+      end
+      
+      private
+      
+      def reset_iteration(iterator_block)
+        @iterator_block = iterator_block
+        @position = 0
+        @paused = false
+      end
+      
+      def iterate
+        while @position < size && !paused?
+          step
+        end
+        collection
+      end
+      
+      def call_iterator_block
+        case @iterator_type
+        when :element
+          @iterator_block.call(collection[@position])
+        when :index
+          @iterator_block.call(@position)
+        when :element_with_index
+          @iterator_block.call(collection[@position], @position)
+        else
+          raise "42error: someone forgot to set @iterator_type, wtf?"
+        end
+      end
+      
+    end
+  end
+end

data/lib/chef/rest.rb

@@ -1,7 +1,10 @@
 #
 # Author:: Adam Jacob (<adam@opscode.com>)
 # Author:: Thom May (<thom@clearairturbulence.org>)
-# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,12 +21,15 @@
 #
 
 require 'chef/mixin/params_validate'
-require 'chef/openid_registration'
 require 'net/https'
 require 'uri'
 require 'json'
 require 'tempfile'
 require 'singleton'
+require 'mixlib/authentication/signedheaderauth'
+require 'chef/api_client'
+
+include Mixlib::Authentication::SignedHeaderAuth
 
 class Chef
   class REST
@@ -32,47 +38,61 @@ class Chef
       include Singleton
     end
     
-    attr_accessor :url, :cookies
+    attr_accessor :url, :cookies, :client_name, :signing_key, :signing_key_filename, :sign_on_redirect, :sign_request
     
-    def initialize(url)
+    def initialize(url, client_name=Chef::Config[:node_name], signing_key_filename=Chef::Config[:client_key])
       @url = url
       @cookies = CookieJar.instance
+      @client_name = client_name
+      if signing_key_filename
+        @signing_key_filename = signing_key_filename
+        @signing_key = load_signing_key(signing_key_filename) 
+        @sign_request = true
+      else
+        @signing_key = nil
+        @sign_request = false
+      end
+      @sign_on_redirect = true
     end
-    
-    # Register for an OpenID
-    def register(user, pass, validation_token=nil)
-      Chef::Log.debug("Registering #{user} for an openid") 
-      registration = nil
+
+    def load_signing_key(key)
       begin
-        registration = get_rest("registrations/#{user}")
-      rescue Net::HTTPServerException => e
-        unless e.message =~ /^404/
-          raise e
-        end
-      end
-      unless registration
-        post_rest(
-          "registrations", 
-          { 
-            :id => user, 
-            :password => pass, 
-            :validation_token => validation_token 
-          }
-        )
+        IO.read(key)
+      rescue StandardError=>se
+        Chef::Log.error "Failed to read the private key #{key}: #{se.inspect}, #{se.backtrace}"
+        raise Chef::Exceptions::PrivateKeyMissing, "I cannot read #{key}, which you told me to use to sign requests!"
       end
     end
     
-    # Authenticate 
-    def authenticate(user, pass)
-      Chef::Log.debug("Authenticating #{user} via openid") 
-      response = post_rest('openid/consumer/start', { 
-        "openid_identifier" => "#{Chef::Config[:openid_url]}/openid/server/node/#{user}",
-        "submit" => "Verify"
-      })
-      post_rest(
-        "#{Chef::Config[:openid_url]}#{response["action"]}",
-        { "password" => pass }
-      )
+    # Register the client 
+    def register(name=Chef::Config[:node_name], destination=Chef::Config[:client_key])
+      raise Chef::Exceptions::CannotWritePrivateKey, "I cannot write your private key to #{destination} - check permissions?" if (File.exists?(destination) &&  !File.writable?(destination))
+
+      nc = Chef::ApiClient.new
+      nc.name(name)
+
+      catch(:done) do
+        retries = Chef::Config[:client_registration_retries] || 5
+        0.upto(retries) do |n|
+          begin
+            response = nc.save(true, true)
+            Chef::Log.debug("Registration response: #{response.inspect}")
+            raise Chef::Exceptions::CannotWritePrivateKey, "The response from the server did not include a private key!" unless response.has_key?("private_key")
+            # Write out the private key
+            file = File.open(destination, File::WRONLY|File::EXCL|File::CREAT, 0600) 
+            file.print(response["private_key"])
+            file.close
+            throw :done
+          rescue IOError
+            raise Chef::Exceptions::CannotWritePrivateKey, "I cannot write your private key to #{destination}"
+          rescue Net::HTTPFatalError => e
+            Chef::Log.warn("Failed attempt #{n} of #{retries+1} on client creation")
+            raise unless e.response.code == "500"
+          end
+        end
+      end
+
+      true
     end
 
     # Send an HTTP GET request to the path
@@ -81,23 +101,23 @@ class Chef
     # path:: The path to GET
     # raw:: Whether you want the raw body returned, or JSON inflated.  Defaults 
     #   to JSON inflated.
-    def get_rest(path, raw=false)
-      run_request(:GET, create_url(path), false, 10, raw)    
+    def get_rest(path, raw=false, headers={})
+      run_request(:GET, create_url(path), headers, false, 10, raw)    
     end                               
                           
     # Send an HTTP DELETE request to the path
-    def delete_rest(path)             
-      run_request(:DELETE, create_url(path))       
+    def delete_rest(path, headers={}) 
+      run_request(:DELETE, create_url(path), headers)       
     end                               
     
     # Send an HTTP POST request to the path                                  
-    def post_rest(path, json)          
-      run_request(:POST, create_url(path), json)    
+    def post_rest(path, json, headers={})
+      run_request(:POST, create_url(path), headers, json)    
     end                               
                                       
     # Send an HTTP PUT request to the path
-    def put_rest(path, json)           
-      run_request(:PUT, create_url(path), json)
+    def put_rest(path, json, headers={})
+      run_request(:PUT, create_url(path), headers, json)
     end
     
     def create_url(path)
@@ -108,6 +128,19 @@ class Chef
       end
     end
     
+    def sign_request(http_method, path, private_key, user_id, body = "", host="localhost")
+      #body = "" if body == false
+      timestamp = Time.now.utc.iso8601
+      sign_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(
+                                                         :http_method=>http_method,
+                                                         :path => path,
+                                                         :body=>body,
+                                                         :user_id=>user_id,
+                                                         :timestamp=>timestamp)
+      signed =  sign_obj.sign(private_key).merge({:host => host})
+      signed.inject({}){|memo, kv| memo["#{kv[0].to_s.upcase}"] = kv[1];memo}
+    end
+    
     # Actually run an HTTP request.  First argument is the HTTP method,
     # which should be one of :GET, :PUT, :POST or :DELETE.  Next is the
     # URL, then an object to include in the body (which will be converted with
@@ -117,7 +150,8 @@ class Chef
     # the helper methods (get_rest, post_rest, etc.)
     #
     # Will return the body of the response on success.
-    def run_request(method, url, data=false, limit=10, raw=false)
+    def run_request(method, url, headers={}, data=false, limit=10, raw=false)
+      
       http_retry_delay = Chef::Config[:http_retry_delay] 
       http_retry_count = Chef::Config[:http_retry_count]
 
@@ -128,22 +162,46 @@ class Chef
         http.use_ssl = true 
         if Chef::Config[:ssl_verify_mode] == :verify_none
           http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        elsif Chef::Config[:ssl_verify_mode] == :verify_peer
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        end
+        if Chef::Config[:ssl_ca_path] and File.exists?(Chef::Config[:ssl_ca_path])
+          http.ca_path = Chef::Config[:ssl_ca_path]
+        elsif Chef::Config[:ssl_ca_file] and File.exists?(Chef::Config[:ssl_ca_file])
+          http.ca_file = Chef::Config[:ssl_ca_file]
         end
-        if File.exists?(Chef::Config[:ssl_client_cert])
+        if Chef::Config[:ssl_client_cert] && File.exists?(Chef::Config[:ssl_client_cert])
           http.cert = OpenSSL::X509::Certificate.new(File.read(Chef::Config[:ssl_client_cert]))
           http.key = OpenSSL::PKey::RSA.new(File.read(Chef::Config[:ssl_client_key]))
         end
       end
+
       http.read_timeout = Chef::Config[:rest_timeout]
-      headers = Hash.new
+
       unless raw
-        headers = { 
+        headers = headers.merge({ 
           'Accept' => "application/json",
-        }
+        })
       end
+
+      headers['X-Chef-Version'] = ::Chef::VERSION
+      
       if @cookies.has_key?("#{url.host}:#{url.port}")
         headers['Cookie'] = @cookies["#{url.host}:#{url.port}"]
       end
+
+      json_body = data ? data.to_json : nil 
+
+      if @sign_request
+        raise ArgumentError, "Cannot sign the request without a client name, check that :node_name is assigned" if @client_name.nil?
+        Chef::Log.debug("Signing the request as #{@client_name}")
+        if json_body
+          headers.merge!(sign_request(method, url.path, OpenSSL::PKey::RSA.new(@signing_key), @client_name, json_body, "#{url.host}:#{url.port}"))
+        else
+          headers.merge!(sign_request(method, url.path, OpenSSL::PKey::RSA.new(@signing_key), @client_name, "", "#{url.host}:#{url.port}"))
+        end
+      end
+     
       req = nil
       case method
       when :GET
@@ -152,12 +210,16 @@ class Chef
         req = Net::HTTP::Get.new(req_path, headers)
       when :POST
         headers["Content-Type"] = 'application/json' if data
-        req = Net::HTTP::Post.new(url.path, headers)          
-        req.body = data.to_json if data
+        req_path = "#{url.path}"
+        req_path << "?#{url.query}" if url.query
+        req = Net::HTTP::Post.new(req_path, headers)          
+        req.body = json_body if json_body 
       when :PUT
         headers["Content-Type"] = 'application/json' if data
-        req = Net::HTTP::Put.new(url.path, headers)
-        req.body = data.to_json if data
+        req_path = "#{url.path}"
+        req_path << "?#{url.query}" if url.query
+        req = Net::HTTP::Put.new(req_path, headers)
+        req.body = json_body if json_body 
       when :DELETE
         req_path = "#{url.path}"
         req_path << "?#{url.query}" if url.query
@@ -165,16 +227,19 @@ class Chef
       else
         raise ArgumentError, "You must provide :GET, :PUT, :POST or :DELETE as the method"
       end
+
+      Chef::Log.debug("Sending HTTP Request via #{req.method} to #{url.host}:#{url.port}#{req.path}")
       
       # Optionally handle HTTP Basic Authentication
       req.basic_auth(url.user, url.password) if url.user
 
-      Chef::Log.debug("Sending HTTP Request via #{req.method} to #{req.path}")
       res = nil
       tf = nil
-      http_retries = 1
+      http_attempts = 0
 
       begin
+        http_attempts += 1
+        
         res = http.request(req) do |response|
           if raw
             tf = Tempfile.new("chef-rest") 
@@ -199,40 +264,60 @@ class Chef
           end
           response
         end
+        
+        if res.kind_of?(Net::HTTPSuccess)
+          if res['set-cookie']
+            @cookies["#{url.host}:#{url.port}"] = res['set-cookie']
+          end
+          if res['content-type'] =~ /json/
+            response_body = res.body.chomp
+            JSON.parse(response_body)
+          else
+            if raw
+              tf
+            else
+              res.body
+            end
+          end
+        elsif res.kind_of?(Net::HTTPFound) or res.kind_of?(Net::HTTPMovedPermanently)
+          if res['set-cookie']
+            @cookies["#{url.host}:#{url.port}"] = res['set-cookie']
+          end
+          @sign_request = false if @sign_on_redirect == false
+          run_request(:GET, create_url(res['location']), {}, false, limit - 1, raw)
+        else
+          if res['content-type'] =~ /json/
+            exception = JSON.parse(res.body)
+            Chef::Log.debug("HTTP Request Returned #{res.code} #{res.message}: #{exception["error"].respond_to?(:join) ? exception["error"].join(", ") : exception["error"]}")
+          end
+          res.error!
+        end
+      
       rescue Errno::ECONNREFUSED
-        Chef::Log.error("Connection refused connecting to #{url.host}:#{url.port} for #{req.path} #{http_retries}/#{http_retry_count}")
-        sleep(http_retry_delay)
-        retry if (http_retries += 1) < http_retry_count
+        if http_retry_count - http_attempts + 1 > 0
+          Chef::Log.error("Connection refused connecting to #{url.host}:#{url.port} for #{req.path}, retry #{http_attempts}/#{http_retry_count}")
+          sleep(http_retry_delay)
+          retry
+        end
         raise Errno::ECONNREFUSED, "Connection refused connecting to #{url.host}:#{url.port} for #{req.path}, giving up"
       rescue Timeout::Error
-        Chef::Log.error("Timeout connecting to #{url.host}:#{url.port} for #{req.path}, retry #{http_retries}/#{http_retry_count}")
-        sleep(http_retry_delay)
-        retry if (http_retries += 1) < http_retry_count
-        raise Timeout::Error, "Timeout connecting to #{url.host}:#{url.port} for #{req.path}, giving up"
-      end
-      
-      if res.kind_of?(Net::HTTPSuccess)
-        if res['set-cookie']
-          @cookies["#{url.host}:#{url.port}"] = res['set-cookie']
+        if http_retry_count - http_attempts + 1 > 0
+          Chef::Log.error("Timeout connecting to #{url.host}:#{url.port} for #{req.path}, retry #{http_attempts}/#{http_retry_count}")
+          sleep(http_retry_delay)
+          retry
         end
-        if res['content-type'] =~ /json/
-          JSON.parse(res.body)
-        else
-          if raw
-            tf
-          else
-            res.body
+        raise Timeout::Error, "Timeout connecting to #{url.host}:#{url.port} for #{req.path}, giving up"
+      rescue Net::HTTPServerException
+        if res.kind_of?(Net::HTTPForbidden)
+          if http_retry_count - http_attempts + 1 > 0
+            Chef::Log.error("Received 403 Forbidden against #{url.host}:#{url.port} for #{req.path}, retry #{http_attempts}/#{http_retry_count}")
+            sleep(http_retry_delay)
+            retry
           end
         end
-      elsif res.kind_of?(Net::HTTPFound) or res.kind_of?(Net::HTTPMovedPermanently)
-        if res['set-cookie']
-          @cookies["#{url.host}:#{url.port}"] = res['set-cookie']
-        end
-        run_request(:GET, create_url(res['location']), false, limit - 1, raw)
-      else
-        res.error!
+        raise
       end
     end
- 
+    
   end
 end