chef 12.0.0.alpha.1 → 12.0.0.alpha.2

data/lib/chef/knife/bootstrap.rb

@@ -94,11 +94,20 @@ class Chef
         :description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
         :proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
 
+      # DEPR: Remove this option in Chef 13
       option :distro,
         :short => "-d DISTRO",
         :long => "--distro DISTRO",
-        :description => "Bootstrap a distro using a template",
-        :default => "chef-full"
+        :description => "Bootstrap a distro using a template. [DEPRECATED] Use -t / --bootstrap-template option instead.",
+        :proc        => Proc.new { |v|
+          Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use -t / --bootstrap-template option instead.")
+          v
+        }
+
+      option :bootstrap_template,
+        :short => "-t TEMPLATE",
+        :long => "--bootstrap-template TEMPLATE",
+        :description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
 
       option :use_sudo,
         :long => "--sudo",
@@ -110,10 +119,14 @@ class Chef
         :description => "Execute the bootstrap via sudo with password",
         :boolean => false
 
+      # DEPR: Remove this option in Chef 13
       option :template_file,
         :long => "--template-file TEMPLATE",
-        :description => "Full path to location of template to use",
-        :default => false
+        :description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
+        :proc        => Proc.new { |v|
+          Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use -t / --bootstrap-template option instead.")
+          v
+        }
 
       option :run_list,
         :short => "-r RUN_LIST",
@@ -141,7 +154,8 @@ class Chef
         :proc => Proc.new { |h|
           Chef::Config[:knife][:hints] ||= Hash.new
           name, path = h.split("=")
-          Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new  }
+          Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
+        }
 
       option :secret,
         :short => "-s SECRET",
@@ -174,53 +188,75 @@ class Chef
         :description => "Add options to curl when install chef-client",
         :proc        => Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co }
 
-      def find_template(template=nil)
-        # Are we bootstrapping using an already shipped template?
-        if config[:template_file]
-          bootstrap_files = config[:template_file]
-        else
-          bootstrap_files = []
-          bootstrap_files << File.join(File.dirname(__FILE__), 'bootstrap', "#{config[:distro]}.erb")
-          bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{config[:distro]}.erb") if Knife.chef_config_dir
-          bootstrap_files << File.join(ENV['HOME'], '.chef', 'bootstrap', "#{config[:distro]}.erb") if ENV['HOME']
-          bootstrap_files << Gem.find_files(File.join("chef","knife","bootstrap","#{config[:distro]}.erb"))
-          bootstrap_files.flatten!
+      option :node_ssl_verify_mode,
+        :long        => "--node-ssl-verify-mode [peer|none]",
+        :description => "Whether or not to verify the SSL cert for all HTTPS requests.",
+        :proc        => Proc.new { |v|
+          valid_values = ["none", "peer"]
+          unless valid_values.include?(v)
+            raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
+          end
+        }
+
+      option :node_verify_api_cert,
+        :long        => "--[no-]node-verify-api-cert",
+        :description => "Verify the SSL cert for HTTPS requests to the Chef server API.",
+        :boolean     => true
+
+      def bootstrap_template
+        # For some reason knife.merge_configs doesn't pick up the default values from
+        # Chef::Config[:knife][:bootstrap_template] unless Chef::Config[:knife][:bootstrap_template]
+        # is forced to pick up the values before calling merge_configs.
+        # We therefore have Chef::Config[:knife][:bootstrap_template] to pick up the defaults
+        # if no option is specified.
+        config[:bootstrap_template] || config[:distro] || config[:template_file] || Chef::Config[:knife][:bootstrap_template]
+      end
+
+      def find_template
+        template = bootstrap_template
+
+        # Use the template directly if it's a path to an actual file
+        if File.exists?(template)
+          Chef::Log.debug("Using the specified bootstrap template: #{File.dirname(template)}")
+          return template
+
         end
 
-        template = Array(bootstrap_files).find do |bootstrap_template|
+        # Otherwise search the template directories until we find the right one
+        bootstrap_files = []
+        bootstrap_files << File.join(File.dirname(__FILE__), 'bootstrap', "#{template}.erb")
+        bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
+        bootstrap_files << File.join(ENV['HOME'], '.chef', 'bootstrap', "#{template}.erb") if ENV['HOME']
+        bootstrap_files << Gem.find_files(File.join("chef","knife","bootstrap","#{template}.erb"))
+        bootstrap_files.flatten!
+
+        template_file = Array(bootstrap_files).find do |bootstrap_template|
           Chef::Log.debug("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
           File.exists?(bootstrap_template)
         end
 
-        unless template
-          ui.info("Can not find bootstrap definition for #{config[:distro]}")
+        unless template_file
+          ui.info("Can not find bootstrap definition for #{template}")
           raise Errno::ENOENT
         end
 
-        Chef::Log.debug("Found bootstrap template in #{File.dirname(template)}")
+        Chef::Log.debug("Found bootstrap template in #{File.dirname(template_file)}")
 
-        template
+        template_file
       end
 
-      def render_template(template=nil)
+      def render_template
+        template_file = find_template
+        template = IO.read(template_file).chomp
         context = Knife::Core::BootstrapContext.new(config, config[:run_list], Chef::Config)
         Erubis::Eruby.new(template).evaluate(context)
       end
 
-      def read_template
-        IO.read(@template_file).chomp
-      end
-
       def run
         validate_name_args!
-        warn_chef_config_secret_key
-        @template_file = find_template(config[:bootstrap_template])
         @node_name = Array(@name_args).first
-        # back compat--templates may use this setting:
-        config[:server_name] = @node_name
 
         $stdout.sync = true
-
         ui.info("Connecting to #{ui.color(@node_name, :bold)}")
 
         begin
@@ -272,7 +308,7 @@ class Chef
       end
 
       def ssh_command
-        command = render_template(read_template)
+        command = render_template
 
         if config[:use_sudo]
           command = config[:use_sudo_password] ? "echo '#{config[:ssh_password]}' | sudo -S #{command}" : "sudo #{command}"
@@ -281,28 +317,6 @@ class Chef
         command
       end
 
-      def warn_chef_config_secret_key
-        unless Chef::Config[:encrypted_data_bag_secret].nil?
-          ui.warn "* " * 40
-          ui.warn(<<-WARNING)
-Specifying the encrypted data bag secret key using an 'encrypted_data_bag_secret'
-entry in 'knife.rb' is deprecated. Please see CHEF-4011 for more details. You
-can supress this warning and still distribute the secret key to all bootstrapped
-machines by adding the following to your 'knife.rb' file:
-
-  knife[:secret_file] = "/path/to/your/secret"
-
-If you would like to selectively distribute a secret key during bootstrap
-please use the '--secret' or '--secret-file' options of this command instead.
-
-#{ui.color('IMPORTANT:', :red, :bold)} In a future version of Chef, this
-behavior will be removed and any 'encrypted_data_bag_secret' entries in
-'knife.rb' will be ignored completely.
-WARNING
-          ui.warn "* " * 40
-        end
-      end
-
     end
   end
 end

data/lib/chef/knife/bootstrap/archlinux-gems.erb

@@ -6,7 +6,7 @@ if [ ! -f /usr/bin/chef-client ]; then
   pacman -S --noconfirm ruby ntp base-devel
   ntpdate -u pool.ntp.org
   gem install ohai --no-user-install --no-document --verbose
-  gem install chef --no-user-install --no-document --verbose <%= bootstrap_version_string %>
+  gem install chef --no-user-install --no-document --verbose <%= Chef::VERSION %>
 fi
 
 mkdir -p /etc/chef
@@ -23,6 +23,11 @@ EOP
 chmod 0600 /etc/chef/encrypted_data_bag_secret
 <% end -%>
 
+<% unless trusted_certs.empty? -%>
+mkdir -p /etc/chef/trusted_certs
+<%= trusted_certs %>
+<% end -%>
+
 <%# Generate Ohai Hints -%>
 <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
 mkdir -p /etc/chef/ohai/hints

data/lib/chef/knife/bootstrap/chef-aix.erb

@@ -36,6 +36,11 @@ EOP
 chmod 0600 /etc/chef/encrypted_data_bag_secret
 <% end -%>
 
+<% unless trusted_certs.empty? -%>
+mkdir -p /etc/chef/trusted_certs
+<%= trusted_certs %>
+<% end -%>
+
 <%# Generate Ohai Hints -%>
 <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
 mkdir -p /etc/chef/ohai/hints

data/lib/chef/knife/bootstrap/chef-full.erb

@@ -23,7 +23,6 @@ exists() {
   <%= knife_config[:bootstrap_install_command] %>
 <% else %>
   install_sh="<%= knife_config[:bootstrap_url] ? knife_config[:bootstrap_url] : "https://www.opscode.com/chef/install.sh" %>"
-  version_string="-v <%= chef_version %>"
   if ! exists /usr/bin/chef-client; then
     echo "Installing Chef Client..."
     if exists wget; then
@@ -51,6 +50,11 @@ EOP
 chmod 0600 /etc/chef/encrypted_data_bag_secret
 <% end -%>
 
+<% unless trusted_certs.empty? -%>
+mkdir -p /etc/chef/trusted_certs
+<%= trusted_certs %>
+<% end -%>
+
 <%# Generate Ohai Hints -%>
 <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
 mkdir -p /etc/chef/ohai/hints

data/lib/chef/knife/core/bootstrap_context.rb

@@ -34,14 +34,6 @@ class Chef
           @chef_config  = chef_config
         end
 
-        def bootstrap_version_string
-          if @config[:prerelease]
-            "--prerelease"
-          else
-            "--version #{chef_version}"
-          end
-        end
-
         def bootstrap_environment
           @chef_config[:environment] || '_default'
         end
@@ -52,14 +44,20 @@ class Chef
 
         def encrypted_data_bag_secret
           knife_config[:secret] || begin
-            if knife_config[:secret_file] && File.exist?(knife_config[:secret_file])
-              IO.read(File.expand_path(knife_config[:secret_file]))
-            elsif @chef_config[:encrypted_data_bag_secret] && File.exist?(@chef_config[:encrypted_data_bag_secret])
-              IO.read(File.expand_path(@chef_config[:encrypted_data_bag_secret]))
+            secret_file_path = knife_config[:secret_file]
+            expanded_secret_file_path = File.expand_path(secret_file_path.to_s)
+            if secret_file_path && File.exist?(expanded_secret_file_path)
+              IO.read(expanded_secret_file_path)
+            else
+              nil
             end
           end
         end
 
+        def trusted_certs
+          @trusted_certs ||= trusted_certs_content
+        end
+
         def config_content
           client_rb = <<-CONFIG
 log_location     STDOUT
@@ -72,6 +70,36 @@ CONFIG
             client_rb << "# Using default node name (fqdn)\n"
           end
 
+          # We configure :verify_api_cert only when it's overridden on the CLI
+          # or when specified in the knife config.
+          if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert)
+            value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert]
+            client_rb << %Q{verify_api_cert #{value}\n}
+          end
+
+          # We configure :ssl_verify_mode only when it's overridden on the CLI
+          # or when specified in the knife config.
+          if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode)
+            value = case @config[:node_ssl_verify_mode]
+            when "peer"
+              :verify_peer
+            when "none"
+              :verify_none
+            when nil
+              knife_config[:ssl_verify_mode]
+            else
+              nil
+            end
+
+            if value
+              client_rb << %Q{ssl_verify_mode :#{value}\n}
+            end
+          end
+
+          if @config[:ssl_verify_mode]
+            client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n}
+          end
+
           if knife_config[:bootstrap_proxy]
             client_rb << %Q{http_proxy        "#{knife_config[:bootstrap_proxy]}"\n}
             client_rb << %Q{https_proxy       "#{knife_config[:bootstrap_proxy]}"\n}
@@ -85,6 +113,10 @@ CONFIG
             client_rb << %Q{encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"\n}
           end
 
+          unless trusted_certs.empty?
+            client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
+          end
+
           client_rb
         end
 
@@ -93,7 +125,7 @@ CONFIG
           client_path = @chef_config[:chef_client_path] || 'chef-client'
           s = "#{client_path} -j /etc/chef/first-boot.json"
           s << ' -l debug' if @config[:verbosity] and @config[:verbosity] >= 2
-          s << " -E #{bootstrap_environment}" if chef_version.to_f != 0.9 # only use the -E option on Chef 0.10+
+          s << " -E #{bootstrap_environment}"
           s
         end
 
@@ -101,30 +133,27 @@ CONFIG
           @chef_config.key?(:knife) ? @chef_config[:knife] : {}
         end
 
-        #
-        # This function is used by older bootstrap templates other than chef-full
-        # and potentially by custom templates as well hence it's logic needs to be
-        # preserved for backwards compatibility reasons until we hit Chef 12.
-        def chef_version
-          knife_config[:bootstrap_version] || Chef::VERSION
-        end
-
         #
         # chef version string to fetch the latest current version from omnitruck
         # If user is on X.Y.Z bootstrap will use the latest X release
         # X here can be 10 or 11
         def latest_current_chef_version_string
-          chef_version_string = if knife_config[:bootstrap_version]
-            knife_config[:bootstrap_version]
+          installer_version_string = nil
+          if @config[:prerelease]
+            installer_version_string = "-p"
           else
-            Chef::VERSION.split(".").first
-          end
+            chef_version_string = if knife_config[:bootstrap_version]
+              knife_config[:bootstrap_version]
+            else
+              Chef::VERSION.split(".").first
+            end
 
-          installer_version_string = ["-v", chef_version_string]
+            installer_version_string = ["-v", chef_version_string]
 
-          # If bootstrapping a pre-release version add -p to the installer string
-          if chef_version_string.split(".").length > 3
-            installer_version_string << "-p"
+            # If bootstrapping a pre-release version add -p to the installer string
+            if chef_version_string.split(".").length > 3
+              installer_version_string << "-p"
+            end
           end
 
           installer_version_string.join(" ")
@@ -134,6 +163,18 @@ CONFIG
           (@config[:first_boot_attributes] || {}).merge(:run_list => @run_list)
         end
 
+        private
+        def trusted_certs_content
+          content = ""
+          if @chef_config[:trusted_certs_dir]
+            Dir.glob(File.join(@chef_config[:trusted_certs_dir], "*.{crt,pem}")).each do |cert|
+              content << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" +
+                         IO.read(File.expand_path(cert)) + "\nEOP\n"
+            end
+          end
+          content
+        end
+
       end
     end
   end

data/lib/chef/knife/search.rb

@@ -71,6 +71,11 @@ class Chef
         :long => "--query QUERY",
         :description => "The search query; useful to protect queries starting with -"
 
+      option :filter_result,
+        :short => "-f FILTER",
+        :long => "--filter-result FILTER",
+        :description => "Only bring back specific attributes of the matching objects; for example: \"ServerName=name, Kernel=kernel.version\""
+
       def run
         read_cli_args
         fuzzify_query
@@ -79,7 +84,6 @@ class Chef
           ui.use_presenter Knife::Core::NodePresenter
         end
 
-
         q = Chef::Search::Query.new
         escaped_query = URI.escape(@query,
                            Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
@@ -87,14 +91,26 @@ class Chef
         result_items = []
         result_count = 0
 
-        rows = config[:rows]
-        start = config[:start]
+        search_args = Hash.new
+        search_args[:sort] = config[:sort]
+        search_args[:start] = config[:start]
+        search_args[:rows] = config[:rows]
+        if config[:filter_result]
+          search_args[:filter_result] = create_result_filter(config[:filter_result])
+        elsif (not ui.config[:attribute].nil?) && (not ui.config[:attribute].empty?)
+          search_args[:filter_result] = create_result_filter_from_attributes(ui.config[:attribute])
+        end
+
         begin
-          q.search(@type, escaped_query, config[:sort], start, rows) do |item|
-            formatted_item = format_for_display(item)
-            # if formatted_item.respond_to?(:has_key?) && !formatted_item.has_key?('id')
-            #   formatted_item['id'] = item.has_key?('id') ? item['id'] : item.name
-            # end
+          q.search(@type, escaped_query, search_args) do |item|
+            formatted_item = Hash.new
+            if item.is_a?(Hash)
+              # doing a little magic here to set the correct name
+              formatted_item[item["data"]["__display_name"]] = item["data"]
+              formatted_item[item["data"]["__display_name"]].delete("__display_name")
+            else
+              formatted_item = format_for_display(item)
+            end
             result_items << formatted_item
             result_count += 1
           end
@@ -149,10 +165,38 @@ class Chef
         end
       end
 
+      # This method turns a set of key value pairs in a string into the appropriate data structure that the
+      # chef-server search api is expecting.
+      # expected input is in the form of:
+      # -f "return_var1=path.to.attribute, return_var2=shorter.path"
+      #
+      # a more concrete example might be:
+      # -f "env=chef_environment, ruby_platform=languages.ruby.platform"
+      #
+      # The end result is a hash where the key is a symbol in the hash (the return variable)
+      # and the path is an array with the path elements as strings (in order)
+      # See lib/chef/search/query.rb for more examples of this.
+      def create_result_filter(filter_string)
+        final_filter = Hash.new
+        filter_string.gsub!(" ", "")
+        filters = filter_string.split(",")
+        filters.each do |f|
+          return_id, attr_path = f.split("=")
+          final_filter[return_id.to_sym] = attr_path.split(".")
+        end
+        return final_filter
+      end
+
+      def create_result_filter_from_attributes(filter_array)
+        final_filter = Hash.new
+        filter_array.each do |f|
+          final_filter[f] = f.split(".")
+        end
+        # adding magic filter so we can actually pull the name as before
+        final_filter["__display_name"] = [ "name" ]
+        return final_filter
+      end
+
     end
   end
 end
-
-
-
-