chef 0.8.10 → 0.8.14

data/lib/chef/rest/auth_credentials.rb

@@ -0,0 +1,78 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'chef/exceptions'
+require 'mixlib/authentication/signedheaderauth'
+
+class Chef
+  class REST
+    class AuthCredentials
+      attr_reader :key_file, :client_name, :key, :raw_key
+
+      def initialize(client_name=nil, key_file=nil)
+        @client_name, @key_file = client_name, key_file
+        load_signing_key if sign_requests?
+      end
+
+      def sign_requests?
+        !!key_file
+      end
+
+      def signature_headers(request_params={})
+        raise ArgumentError, "Cannot sign the request without a client name, check that :node_name is assigned" if client_name.nil?
+        Chef::Log.debug("Signing the request as #{client_name}")
+
+        # params_in = {:http_method => :GET, :path => "/clients", :body => "", :host => "localhost"}
+        request_params             = request_params.dup
+        request_params[:timestamp] = Time.now.utc.iso8601
+        request_params[:user_id]   = client_name
+        host = request_params.delete(:host) || "localhost"
+
+        sign_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(request_params)
+        signed =  sign_obj.sign(key).merge({:host => host})
+        signed.inject({}){|memo, kv| memo["#{kv[0].to_s.upcase}"] = kv[1];memo}
+      end
+
+      private
+
+      def load_signing_key
+        begin
+          @raw_key = IO.read(key_file)
+        rescue SystemCallError, IOError => e
+          Chef::Log.fatal "Failed to read the private key #{key_file}: #{e.inspect}, #{e.backtrace}"
+          raise Chef::Exceptions::PrivateKeyMissing, "I cannot read #{key_file}, which you told me to use to sign requests!"
+        end
+        assert_valid_key_format!(@raw_key)
+        @key = OpenSSL::PKey::RSA.new(@raw_key)
+      end
+
+      def assert_valid_key_format!(raw_key)
+        unless (raw_key =~ /\A-----BEGIN RSA PRIVATE KEY-----$/) && (raw_key =~ /^-----END RSA PRIVATE KEY-----\Z/)
+          msg = "The file #{key_file} does not contain a correctly formatted private key.\n"
+          msg << "The key file should begin with '-----BEGIN RSA PRIVATE KEY-----' and end with '-----END RSA PRIVATE KEY-----'"
+          raise Chef::Exceptions::InvalidPrivateKey, msg
+        end
+      end
+
+    end
+  end
+end

data/lib/chef/{application/server.rb → rest/cookie_jar.rb}

@@ -1,19 +1,31 @@
 #
-# Author:: AJ Christensen (<aj@opscode.com>)
-# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+#
+require 'singleton'
 
-require 'chef/application'
-
+class Chef
+  class REST
+    class CookieJar < Hash
+      include Singleton
+    end
+  end
+end

data/lib/chef/rest/rest_request.rb

@@ -0,0 +1,151 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'uri'
+require 'net/http'
+require 'chef/rest/cookie_jar'
+
+class Chef
+  class REST
+    class RESTRequest
+      attr_reader :method, :url, :headers, :http_client, :http_request
+
+      def initialize(method, url, req_body, base_headers={})
+        @method, @url = method, url
+        @request_body = nil
+        @cookies = CookieJar.instance
+        configure_http_client
+        build_headers(base_headers)
+        configure_http_request(req_body)
+      end
+
+      def host
+        @url.host
+      end
+
+      def port
+        @url.port
+      end
+
+      def query
+        @url.query
+      end
+
+      def path
+        @url.path.empty? ? "/" : @url.path
+      end
+
+      def call
+        http_client.request(http_request) do |response|
+          store_cookie(response)
+          yield response if block_given?
+          response
+        end
+      end
+
+      def config
+        Chef::Config
+      end
+
+      private
+
+      def store_cookie(response)
+        if response['set-cookie']
+          @cookies["#{host}:#{port}"] = response['set-cookie']
+        end
+      end
+
+      def build_headers(headers)
+        @headers = headers.dup
+        # TODO: need to set accept somewhere else
+        # headers.merge!('Accept' => "application/json") unless raw
+        @headers['X-Chef-Version'] = ::Chef::VERSION
+
+        if @cookies.has_key?("#{host}:#{port}")
+          @headers['Cookie'] = @cookies["#{host}:#{port}"]
+        end
+      end
+
+      def configure_http_client
+        @http_client = Net::HTTP.new(host, port)
+        if url.scheme == "https"
+          @http_client.use_ssl = true
+          if config[:ssl_verify_mode] == :verify_none
+            @http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          elsif config[:ssl_verify_mode] == :verify_peer
+            @http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          end
+          if config[:ssl_ca_path]
+            unless ::File.exist?(config[:ssl_ca_path])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist"
+            end
+            @http_client.ca_path = config[:ssl_ca_path]
+          elsif config[:ssl_ca_file]
+            unless ::File.exist?(config[:ssl_ca_file])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist"
+            end
+            @http_client.ca_file = config[:ssl_ca_file]
+          end
+          if (config[:ssl_client_cert] || config[:ssl_client_key])
+            unless (config[:ssl_client_cert] && config[:ssl_client_key])
+              raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
+            end
+            unless ::File.exists?(config[:ssl_client_cert])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
+            end
+            unless ::File.exists?(config[:ssl_client_key])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
+            end
+            @http_client.cert = OpenSSL::X509::Certificate.new(::File.read(config[:ssl_client_cert]))
+            @http_client.key = OpenSSL::PKey::RSA.new(::File.read(config[:ssl_client_key]))
+          end
+        end
+
+        @http_client.read_timeout = config[:rest_timeout]
+      end
+
+
+      def configure_http_request(request_body=nil)
+        req_path = "#{path}"
+        req_path << "?#{query}" if query
+
+        @http_request = case method.to_s.downcase
+        when "get"
+          Net::HTTP::Get.new(req_path, headers)
+        when "post"
+          Net::HTTP::Post.new(req_path, headers)
+        when "put"
+          Net::HTTP::Put.new(req_path, headers)
+        when "delete"
+          Net::HTTP::Delete.new(req_path, headers)
+        else
+          raise ArgumentError, "You must provide :GET, :PUT, :POST or :DELETE as the method"
+        end
+
+        @http_request.body = request_body if (request_body && @http_request.request_body_permitted?)
+        # Optionally handle HTTP Basic Authentication
+        @http_request.basic_auth(url.user, url.password) if url.user
+      end
+
+    end
+  end
+end

data/lib/chef/role.rb

@@ -8,9 +8,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -28,19 +28,19 @@ require 'extlib'
 require 'json'
 
 class Chef
-  class Role 
-    
+  class Role
+
     include Chef::Mixin::FromFile
     include Chef::Mixin::ParamsValidate
     include Chef::IndexQueue::Indexable
-    
+
     DESIGN_DOCUMENT = {
       "version" => 6,
       "language" => "javascript",
       "views" => {
         "all" => {
           "map" => <<-EOJS
-          function(doc) { 
+          function(doc) {
             if (doc.chef_type == "role") {
               emit(doc.name, doc);
             }
@@ -49,7 +49,7 @@ class Chef
         },
         "all_id" => {
           "map" => <<-EOJS
-          function(doc) { 
+          function(doc) {
             if (doc.chef_type == "role") {
               emit(doc.name, doc.name);
             }
@@ -61,14 +61,14 @@ class Chef
 
     attr_accessor :couchdb_rev, :couchdb
     attr_reader :couchdb_id
-    
+
     # Create a new Chef::Role object.
     def initialize(couchdb=nil)
-      @name = '' 
-      @description = '' 
+      @name = ''
+      @description = ''
       @default_attributes = Mash.new
       @override_attributes = Mash.new
-      @run_list = Chef::RunList.new 
+      @run_list = Chef::RunList.new
       @couchdb_rev = nil
       @couchdb_id = nil
       @couchdb = couchdb || Chef::CouchDB.new
@@ -87,7 +87,7 @@ class Chef
       Chef::REST.new(Chef::Config[:chef_server_url])
     end
 
-    def name(arg=nil) 
+    def name(arg=nil)
       set_or_return(
         :name,
         arg,
@@ -95,7 +95,7 @@ class Chef
       )
     end
 
-    def description(arg=nil) 
+    def description(arg=nil)
       set_or_return(
         :description,
         arg,
@@ -113,7 +113,7 @@ class Chef
 #       Chef::Log.warn "Chef::Role#recipes method is deprecated.  Please use Chef::Role#run_list"
 #       run_list(*args)
 #     end
-        
+
     def default_attributes(arg=nil)
       set_or_return(
         :default_attributes,
@@ -144,11 +144,11 @@ class Chef
       result
     end
 
-    # Serialize this object as a hash 
+    # Serialize this object as a hash
     def to_json(*a)
       to_hash.to_json(*a)
     end
-    
+
     # Create a Chef::Role from JSON
     def self.json_create(o)
       role = new
@@ -164,15 +164,15 @@ class Chef
       role.couchdb_rev = o["_rev"] if o.has_key?("_rev")
       role.index_id = role.couchdb_id
       role.couchdb_id = o["_id"] if o.has_key?("_id")
-      role 
+      role
     end
-    
+
     # List all the Chef::Role objects in the CouchDB.  If inflate is set to true, you will get
     # the full list of all Roles, fully inflated.
     def self.cdb_list(inflate=false, couchdb=nil)
       rs = (couchdb || Chef::CouchDB.new).list("roles", inflate)
       lookup = (inflate ? "value" : "key")
-      rs["rows"].collect { |r| r[lookup] }            
+      rs["rows"].collect { |r| r[lookup] }
     end
 
     # Get the list of all roles from the API.
@@ -187,12 +187,12 @@ class Chef
         chef_server_rest.get_rest("roles")
       end
     end
-    
+
     # Load a role by name from CouchDB
     def self.cdb_load(name, couchdb=nil)
       (couchdb || Chef::CouchDB.new).load("role", name)
     end
-    
+
     # Load a role by name from the API
     def self.load(name)
       chef_server_rest.get_rest("roles/#{name}")
@@ -205,44 +205,36 @@ class Chef
         nil
       end
     end
-    
+
     # Remove this role from the CouchDB
     def cdb_destroy
       couchdb.delete("role", @name, couchdb_rev)
 
-      if Chef::Config[:couchdb_version] == 0.9
-        rs = couchdb.get_view("nodes", "by_run_list", :startkey => "role[#{@name}]", :endkey => "role[#{@name}]", :include_docs => true)
-        rs["rows"].each do |row| 
-          node = row["doc"]
-          node.run_list.remove("role[#{@name}]")
-          node.cdb_save
-        end
-      else
-       Chef::Node.cdb_list.each do |node|
-         n = Chef::Node.cdb_load(node)
-         n.run_list.remove("role[#{@name}]")
-         n.cdb_save
-       end
+      rs = couchdb.get_view("nodes", "by_run_list", :startkey => "role[#{@name}]", :endkey => "role[#{@name}]", :include_docs => true)
+      rs["rows"].each do |row|
+        node = row["doc"]
+        node.run_list.remove("role[#{@name}]")
+        node.cdb_save
       end
     end
-    
+
     # Remove this role via the REST API
     def destroy
       chef_server_rest.delete_rest("roles/#{@name}")
-      
+
       Chef::Node.list.each do |node|
         n = Chef::Node.load(node[0])
         n.run_list.remove("role[#{@name}]")
         n.save
       end
-      
+
     end
-    
+
     # Save this role to the CouchDB
     def cdb_save
       self.couchdb_rev = couchdb.store("role", @name, self)["rev"]
     end
-    
+
     # Save this role via the REST API
     def save
       begin
@@ -253,18 +245,18 @@ class Chef
       end
       self
     end
-    
+
     # Create the role via the REST API
     def create
       chef_server_rest.post_rest("roles", self)
       self
-    end 
-    
+    end
+
     # Set up our CouchDB design document
     def self.create_design_document(couchdb=nil)
       (couchdb || Chef::CouchDB.new).create_design_document("roles", DESIGN_DOCUMENT)
     end
-    
+
     # As a string
     def to_s
       "role[#{@name}]"
@@ -289,14 +281,14 @@ class Chef
     # Sync all the json roles with couchdb from disk
     def self.sync_from_disk_to_couchdb
       Dir[File.join(Chef::Config[:role_path], "*.json")].each do |role_file|
-        short_name = File.basename(role_file, ".json") 
+        short_name = File.basename(role_file, ".json")
         Chef::Log.warn("Loading #{short_name}")
         r = Chef::Role.from_disk(short_name, "json")
         begin
           couch_role = Chef::Role.cdb_load(short_name)
           r.couchdb_rev = couch_role.couchdb_rev
           Chef::Log.debug("Replacing role #{short_name} with data from #{role_file}")
-        rescue Chef::Exceptions::CouchDBNotFound 
+        rescue Chef::Exceptions::CouchDBNotFound
           Chef::Log.debug("Creating role #{short_name} with data from #{role_file}")
         end
         r.cdb_save