chef 11.6.2-x86-mingw32 → 11.8.0.rc.1-x86-mingw32

data/lib/chef/{rest → http}/auth_credentials.rb

@@ -24,7 +24,7 @@ require 'chef/log'
 require 'mixlib/authentication/signedheaderauth'
 
 class Chef
-  class REST
+  class HTTP
     class AuthCredentials
       attr_reader :client_name, :key
 

data/lib/chef/http/authenticator.rb

@@ -0,0 +1,89 @@
+#--
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/http/auth_credentials'
+require 'chef/exceptions'
+require 'openssl'
+
+class Chef
+  class HTTP
+    class Authenticator
+
+      attr_reader :signing_key_filename
+      attr_reader :raw_key
+      attr_reader :attr_names
+      attr_reader :auth_credentials
+
+      attr_accessor :sign_request
+
+      def initialize(opts={})
+        @raw_key = nil
+        @sign_request = true
+        @signing_key_filename = opts[:signing_key_filename]
+        @key = load_signing_key(opts[:signing_key_filename], opts[:raw_key])
+        @auth_credentials = AuthCredentials.new(opts[:client_name], @key)
+      end
+
+      def handle_request(method, url, headers={}, data=false)
+        headers.merge!(authentication_headers(method, url, data)) if sign_requests?
+        [method, url, headers, data]
+      end
+
+      def handle_response(http_response, rest_request, return_value)
+        [http_response, rest_request, return_value]
+      end
+
+      def stream_response_handler(response)
+        nil
+      end
+
+      def sign_requests?
+        auth_credentials.sign_requests? && @sign_request
+      end
+
+      def client_name
+        @auth_credentials.client_name
+      end
+
+      def load_signing_key(key_file, raw_key = nil)
+        if (!!key_file)
+          @raw_key = IO.read(key_file).strip
+        elsif (!!raw_key)
+          @raw_key = raw_key.strip
+        else
+          return nil
+        end
+        @key = OpenSSL::PKey::RSA.new(@raw_key)
+      rescue SystemCallError, IOError => e
+        Chef::Log.warn "Failed to read the private key #{key_file}: #{e.inspect}"
+        raise Chef::Exceptions::PrivateKeyMissing, "I cannot read #{key_file}, which you told me to use to sign requests!"
+      rescue OpenSSL::PKey::RSAError
+        msg = "The file #{key_file} or :raw_key option does not contain a correctly formatted private key.\n"
+        msg << "The key file should begin with '-----BEGIN RSA PRIVATE KEY-----' and end with '-----END RSA PRIVATE KEY-----'"
+        raise Chef::Exceptions::InvalidPrivateKey, msg
+      end
+
+      def authentication_headers(method, url, json_body=nil)
+        request_params = {:http_method => method, :path => url.path, :body => json_body, :host => "#{url.host}:#{url.port}"}
+        request_params[:body] ||= ""
+        auth_credentials.signature_headers(request_params)
+      end
+
+    end
+  end
+end

data/lib/chef/http/basic_client.rb

@@ -0,0 +1,114 @@
+#--
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'uri'
+require 'net/http'
+require 'chef/http/ssl_policies'
+require 'chef/http/http_request'
+
+class Chef
+  class HTTP
+    class BasicClient
+
+      HTTPS = "https".freeze
+
+      attr_reader :url
+      attr_reader :http_client
+      attr_reader :ssl_policy
+
+      # Instantiate a BasicClient.
+      # === Arguments:
+      # url:: An URI for the remote server.
+      # === Options:
+      # ssl_policy:: The SSL Policy to use, defaults to DefaultSSLPolicy
+      def initialize(url, opts={})
+        @url = url
+        @ssl_policy = opts[:ssl_policy] || DefaultSSLPolicy
+        @http_client = build_http_client
+      end
+
+      def host
+        @url.host
+      end
+
+      def port
+        @url.port
+      end
+
+      def request(method, url, req_body, base_headers={})
+        http_request = HTTPRequest.new(method, url, req_body, base_headers).http_request
+        Chef::Log.debug("Initiating #{method} to #{url}")
+        http_client.request(http_request) do |response|
+          yield response if block_given?
+          # http_client.request may not have the return signature we want, so
+          # force the issue:
+          return [http_request, response]
+        end
+      rescue OpenSSL::SSL::SSLError => e
+        Chef::Log.error("SSL Validation failure connecting to host: #{host} - #{e.message}")
+        raise
+      end
+
+      #adapted from buildr/lib/buildr/core/transports.rb
+      def proxy_uri
+        proxy = Chef::Config["#{url.scheme}_proxy"]
+        proxy = URI.parse(proxy) if String === proxy
+        excludes = Chef::Config[:no_proxy].to_s.split(/\s*,\s*/).compact
+        excludes = excludes.map { |exclude| exclude =~ /:\d+$/ ? exclude : "#{exclude}:*" }
+        return proxy unless excludes.any? { |exclude| File.fnmatch(exclude, "#{host}:#{port}") }
+      end
+
+      def build_http_client
+        http_client = http_client_builder.new(host, port)
+
+        if url.scheme == HTTPS
+          configure_ssl(http_client)
+        end
+
+        http_client.read_timeout = config[:rest_timeout]
+        http_client
+      end
+
+      def config
+        Chef::Config
+      end
+
+      def http_client_builder
+        http_proxy = proxy_uri
+        if http_proxy.nil?
+          Net::HTTP
+        else
+          Chef::Log.debug("Using #{http_proxy.host}:#{http_proxy.port} for proxy")
+          user = Chef::Config["#{url.scheme}_proxy_user"]
+          pass = Chef::Config["#{url.scheme}_proxy_pass"]
+          Net::HTTP.Proxy(http_proxy.host, http_proxy.port, user, pass)
+        end
+      end
+
+      def configure_ssl(http_client)
+        http_client.use_ssl = true
+        ssl_policy.apply_to(http_client)
+      end
+
+    end
+  end
+end

data/lib/chef/{rest → http}/cookie_jar.rb

@@ -23,7 +23,7 @@
 require 'singleton'
 
 class Chef
-  class REST
+  class HTTP
     class CookieJar < Hash
       include Singleton
     end

data/lib/chef/http/cookie_manager.rb

@@ -0,0 +1,56 @@
+#--
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/http/cookie_jar'
+
+class Chef
+  class HTTP
+
+    # An HTTP middleware to manage storing/sending cookies in HTTP requests.
+    # Most HTTP communication in Chef does not need cookies, it was originally
+    # implemented to support OpenID, but it's not known who might be relying on
+    # it, so it's included with Chef::REST
+    class CookieManager
+
+      def initialize(options={})
+        @cookies = CookieJar.instance
+      end
+
+      def handle_request(method, url, headers={}, data=false)
+        @host, @port = url.host, url.port
+        if @cookies.has_key?("#{@host}:#{@port}")
+          headers['Cookie'] = @cookies["#{@host}:#{@port}"]
+        end
+        [method, url, headers, data]
+      end
+
+      def handle_response(http_response, rest_request, return_value)
+        if http_response['set-cookie']
+          @cookies["#{@host}:#{@port}"] = http_response['set-cookie']
+        end
+        [http_response, rest_request, return_value]
+      end
+
+      def stream_response_handler(response)
+        nil
+      end
+
+
+    end
+  end
+end

data/lib/chef/http/decompressor.rb

@@ -0,0 +1,137 @@
+#--
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'zlib'
+require 'chef/http/http_request'
+
+class Chef
+  class HTTP
+
+    # Middleware-esque class for handling compression in HTTP responses.
+    class Decompressor
+      class NoopInflater
+        def inflate(chunk)
+          chunk
+        end
+        alias :handle_chunk :inflate
+      end
+
+      class GzipInflater < Zlib::Inflate
+        def initialize
+          super(Zlib::MAX_WBITS + 16)
+        end
+        alias :handle_chunk :inflate
+      end
+
+      class DeflateInflater < Zlib::Inflate
+        def initialize
+          super
+        end
+        alias :handle_chunk :inflate
+      end
+
+      CONTENT_ENCODING  = "content-encoding".freeze
+      GZIP              = "gzip".freeze
+      DEFLATE           = "deflate".freeze
+      IDENTITY          = "identity".freeze
+
+      def initialize(opts={})
+        @disable_gzip = false
+        handle_options(opts)
+      end
+
+      def handle_request(method, url, headers={}, data=false)
+        headers[HTTPRequest::ACCEPT_ENCODING] = HTTPRequest::ENCODING_GZIP_DEFLATE unless gzip_disabled?
+        [method, url, headers, data]
+      end
+
+      def handle_response(http_response, rest_request, return_value)
+        # temporary hack, skip processing if return_value is false
+        # needed to keep conditional get stuff working correctly.
+        return [http_response, rest_request, return_value] if return_value == false
+        response_body = decompress_body(http_response)
+        http_response.body.replace(response_body) if http_response.body.respond_to?(:replace)
+        [http_response, rest_request, return_value]
+      end
+
+      def decompress_body(response)
+        if gzip_disabled? || response.body.nil?
+          response.body
+        else
+          case response[CONTENT_ENCODING]
+          when GZIP
+            Chef::Log.debug "decompressing gzip response"
+            Zlib::Inflate.new(Zlib::MAX_WBITS + 16).inflate(response.body)
+          when DEFLATE
+            Chef::Log.debug "decompressing deflate response"
+            Zlib::Inflate.inflate(response.body)
+          else
+            response.body
+          end
+        end
+      end
+
+      # This isn't used when this class is used as middleware; it returns an
+      # object you can use to unzip/inflate a streaming response.
+      def stream_response_handler(response)
+        if gzip_disabled?
+          NoopInflater.new
+        else
+          case response[CONTENT_ENCODING]
+          when GZIP
+            Chef::Log.debug "decompressing gzip stream"
+            GzipInflater.new
+          when DEFLATE
+            Chef::Log.debug "decompressing inflate stream"
+            DeflateInflater.new
+          else
+            NoopInflater.new
+          end
+        end
+      end
+
+
+      # gzip is disabled using the disable_gzip => true option in the
+      # constructor. When gzip is disabled, no 'Accept-Encoding' header will be
+      # set, and the response will not be decompressed, no matter what the
+      # Content-Encoding header of the response is. The intended use case for
+      # this is to work around situations where you request +file.tar.gz+, but
+      # the server responds with a content type of tar and a content encoding of
+      # gzip, tricking the client into decompressing the response so you end up
+      # with a tar archive (no gzip) named file.tar.gz
+      def gzip_disabled?
+        @disable_gzip
+      end
+
+      private
+
+      def handle_options(opts)
+        opts.each do |name, value|
+          case name.to_s
+          when 'disable_gzip'
+            @disable_gzip = value
+          end
+        end
+      end
+
+
+    end
+  end
+end
+
+

data/lib/chef/{rest/rest_request.rb → http/http_request.rb}

@@ -22,7 +22,6 @@
 #
 require 'uri'
 require 'net/http'
-require 'chef/rest/cookie_jar'
 
 # To load faster, we only want ohai's version string.
 # However, in ohai before 0.6.0, the version is defined
@@ -36,8 +35,8 @@ end
 require 'chef/version'
 
 class Chef
-  class REST
-    class RESTRequest
+  class HTTP
+    class HTTPRequest
 
       engine = defined?(RUBY_ENGINE) ? RUBY_ENGINE : "ruby"
 
@@ -72,8 +71,6 @@ class Chef
       def initialize(method, url, req_body, base_headers={})
         @method, @url = method, url
         @request_body = nil
-        @cookies = CookieJar.instance
-        configure_http_client
         build_headers(base_headers)
         configure_http_request(req_body)
       end
@@ -94,10 +91,10 @@ class Chef
         @url.path.empty? ? SLASH : @url.path
       end
 
+      # DEPRECATED. Call request on an HTTP client object instead.
       def call
         hide_net_http_bug do
           http_client.request(http_request) do |response|
-            store_cookie(response)
             yield response if block_given?
             response
           end
@@ -108,6 +105,11 @@ class Chef
         Chef::Config
       end
 
+      # DEPRECATED. Call request on an HTTP client object instead.
+      def http_client
+        @http_client ||= BasicClient.new(url).http_client
+      end
+
       private
 
       def hide_net_http_bug
@@ -125,77 +127,12 @@ class Chef
         end
       end
 
-      def store_cookie(response)
-        if response['set-cookie']
-          @cookies["#{host}:#{port}"] = response['set-cookie']
-        end
-      end
-
       def build_headers(headers)
         @headers = headers.dup
-        # TODO: need to set accept somewhere else
-        # headers.merge!('Accept' => "application/json") unless raw
+        # No response compression unless we asked for it explicitly:
+        @headers[HTTPRequest::ACCEPT_ENCODING] ||= "identity"
         @headers['X-Chef-Version'] = ::Chef::VERSION
-        @headers[ACCEPT_ENCODING] = ENCODING_GZIP_DEFLATE
-
-        if @cookies.has_key?("#{host}:#{port}")
-          @headers['Cookie'] = @cookies["#{host}:#{port}"]
-        end
-      end
-
-      #adapted from buildr/lib/buildr/core/transports.rb
-      def proxy_uri
-        proxy = Chef::Config["#{url.scheme}_proxy"]
-        proxy = URI.parse(proxy) if String === proxy
-        excludes = Chef::Config[:no_proxy].to_s.split(/\s*,\s*/).compact
-        excludes = excludes.map { |exclude| exclude =~ /:\d+$/ ? exclude : "#{exclude}:*" }
-        return proxy unless excludes.any? { |exclude| File.fnmatch(exclude, "#{host}:#{port}") }
-      end
-
-      def configure_http_client
-        http_proxy = proxy_uri
-        if http_proxy.nil?
-          @http_client = Net::HTTP.new(host, port)
-        else
-          Chef::Log.debug("Using #{http_proxy.host}:#{http_proxy.port} for proxy")
-          user = Chef::Config["#{url.scheme}_proxy_user"]
-          pass = Chef::Config["#{url.scheme}_proxy_pass"]
-          @http_client = Net::HTTP.Proxy(http_proxy.host, http_proxy.port, user, pass).new(host, port)
-        end
-        if url.scheme == HTTPS
-          @http_client.use_ssl = true
-          if config[:ssl_verify_mode] == :verify_none
-            @http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
-          elsif config[:ssl_verify_mode] == :verify_peer
-            @http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
-          end
-          if config[:ssl_ca_path]
-            unless ::File.exist?(config[:ssl_ca_path])
-              raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist"
-            end
-            @http_client.ca_path = config[:ssl_ca_path]
-          elsif config[:ssl_ca_file]
-            unless ::File.exist?(config[:ssl_ca_file])
-              raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist"
-            end
-            @http_client.ca_file = config[:ssl_ca_file]
-          end
-          if (config[:ssl_client_cert] || config[:ssl_client_key])
-            unless (config[:ssl_client_cert] && config[:ssl_client_key])
-              raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
-            end
-            unless ::File.exists?(config[:ssl_client_cert])
-              raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
-            end
-            unless ::File.exists?(config[:ssl_client_key])
-              raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
-            end
-            @http_client.cert = OpenSSL::X509::Certificate.new(::File.read(config[:ssl_client_cert]))
-            @http_client.key = OpenSSL::PKey::RSA.new(::File.read(config[:ssl_client_key]))
-          end
-        end
-
-        @http_client.read_timeout = config[:rest_timeout]
+        @headers
       end
 
 
@@ -225,6 +162,8 @@ class Chef
           password = URI.unescape(url.password) if url.password
           @http_request.basic_auth(user, password)
         end
+
+        # Overwrite default UA
         @http_request[USER_AGENT] = self.class.user_agent
       end