chef_fixie 0.1.0

data/lib/chef_fixie/context.rb

@@ -0,0 +1,72 @@
+#
+# Copyright (c) 2015 Chef Software Inc. 
+# License :: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Author: Mark Anderson <mark@chef.io>
+#
+# Much of this code was orginally derived from the orgmapper tool, which had many varied authors.
+
+
+module ChefFixie
+    module Context
+
+    def describe_orgs
+      OrgMetrics.org_stats(orgs)
+    end
+
+    def orgs
+      ChefFixie::Organizations.new
+    end
+
+    def jobs
+      ChefFixie::Jobs.new
+    end
+
+    def users
+      ChefFixie::Users.new
+    end
+
+    def global_groups
+      ChefFixie::GlobalGroups.new
+    end
+
+    def sql
+      ChefFixie::Sql.default_connection
+    end
+
+    def associate_user(username, orgname)
+      unless user = users.find(username)
+        raise ArgumentError, "No users matched '#{username}'"
+      end
+      unless org = ORGS[orgname]
+        raise ArgumentError, "No orgs matched '#{orgname}'"
+      end
+
+      ChefFixie::Associator.associate_user(org, user)
+    end
+
+    def dissociate_user(username, orgname)
+      unless user = users.find(username)
+        raise ArgumentError, "No users matched '#{username}'"
+      end
+      unless org = ORGS[orgname]
+        raise ArgumentError, "No orgs matched '#{orgname}'"
+      end
+
+      ChefFixie::Dissociator.dissociate_user(org, user)
+    end
+
+  end
+end

data/lib/chef_fixie/sql.rb

@@ -0,0 +1,74 @@
+#
+# Copyright (c) 2014-2015 Chef Software Inc. 
+# License :: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Author: Mark Anderson <mark@chef.io>
+
+require 'ffi_yajl'
+require 'uuidtools'
+require 'sequel'
+
+require 'chef_fixie/config'
+
+Sequel.default_timezone = :utc
+
+module ChefFixie
+  module Sql
+    
+    class InvalidConfig < StandardError
+    end
+    
+    # A connection string passed to Sequel.connect()
+    #
+    # Examples:
+    # * "mysql2://root@localhost/opscode_chef"
+    # * "mysql2://user:password@host/opscode_chef"
+    # * "jdbc:mysql://localhost/test?user=root&password=root"
+    #
+    # See also: http://sequel.rubyforge.org/rdoc/files/doc/opening_databases_rdoc.html
+    def self.connection_string=(sequel_connection_string)
+      @database.disconnect if @database.respond_to?(:disconnect)
+      @database = nil
+      @connection_string = sequel_connection_string
+    end
+
+    # Returns the connection string or raises an error if you didn't set one.
+    def self.connection_string
+      @connection_string ||= ChefFixie.configure {|x| x.sql_database }
+    end
+    
+    # Returns a Sequel::Data baseobject, which wraps access to the database.
+    def self.default_connection
+      @database ||= Sequel.connect(connection_string, :max_connections => 2)
+      #      @database.loggers << Logger.new($stdout)
+    end
+    
+    # Generate a new UUID. Currently uses the v1 UUID scheme.
+    def new_uuid
+      UUIDTools::UUID.timestamp_create.hexdigest
+    end
+    
+    # Parse the portion of the object that's stored as a blob o' JSON
+    def from_json(serialized_data)
+      FFI_Yajl::Parser.parse(serialized_data, :symbolize_keys => true)
+    end
+    
+    # Encode the portion of the object that's stored as a blob o' JSON
+    def as_json(data)
+      FFI_Yajl::Encoder.encode(data)
+    end
+
+  end
+end

data/lib/chef_fixie/sql_objects.rb

@@ -0,0 +1,497 @@
+#
+# Copyright (c) 2014-2015 Chef Software Inc.
+# License :: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Author: Mark Anderson <mark@chef.io>
+#
+
+require 'pp'
+require 'sequel'
+
+require 'chef_fixie/config'
+require 'chef_fixie/authz_objects'
+require 'chef_fixie/authz_mapper'
+
+Sequel.extension :inflector
+
+module ChefFixie
+  module Sql
+
+    # Maps entity names like 'org' to the table class (Orgs) and the entity class (Org), as well as the cannonical
+    # each table has a name, a class to wrap the table, an row, and a class to map the row.
+    # Wrapping this in a class to handle things if we have to not be consisitent with our naming.
+    # table :orgs, class wrapper Orgs, row :org, class for row Org
+    module Relationships
+
+      def self.base
+        "ChefFixie::Sql" + "::" # this should be autogenerated not hardcoded
+      end
+
+      # The class for the table, e.g. Orgs
+      def self.table_class(name)
+        (base + name.to_s.pluralize.camelize).constantize
+      end
+      # The class for one instance of the object, e.g. Org
+      def self.object_class(name)
+        (base + name.to_s.singularize.camelize).constantize
+      end
+      def self.singular(name)
+        name.to_s.singularize
+      end
+      def self.plural(name)
+        name.to_s.pluralize
+      end
+    end
+
+    # we declare these first so that the 'element' metaprogramming in SqlTable works
+    class SqlObject
+      def initialize(data)
+        @data = data
+      end
+      def data
+        @data
+      end
+
+      # TODO rework this to use better style
+      def self.ro_access(*args)
+        args.each do |field|
+          fundef = "def #{field}; @data.#{field}; end"
+          self.class_eval(fundef)
+        end
+      end
+      # TODO figure out model for write access
+
+      def self.name_field(field)
+        fundef = "def name; @data.#{field}; end"
+        self.class_eval(fundef)
+      end
+
+      def self.std_timestamp
+        [:created_at, :updated_at].each do |i|
+          self.ro_access(i)
+        end
+      end
+      # Pretty much any object with an authz id has these fields
+      def self.std_authz
+        self.std_timestamp
+        [:authz_id, :last_updated_by].each do |i|
+          self.ro_access(i)
+        end
+      end
+
+
+    end
+
+    class Org < SqlObject
+      include AuthzObjectMixin
+
+      def self.scoped_type(*args)
+        args.each do |object|
+          funname = Relationships.plural(object)
+          # defer evaluation of mapper to make sure we have a chance for everyone to initialize
+          fundef = "def #{funname}; Relationships.table_class(:#{object}).new.by_org_id(org_id); end"
+          self.class_eval(fundef)
+        end
+      end
+
+      def initialize(data)
+        super(data)
+      end
+      def org_id
+        data[:id]
+      end
+
+      def global_admins
+        name = self.name
+        global_admins_name = "#{name}_global_admins"
+        ChefFixie::Sql::Groups.new["#{name}_global_admins"]
+      end
+
+      scoped_type :container, :group, :client,
+                  :cookbook_artifact, :cookbook, :data_bag, :environment, :node, :policy, :policy_group , :role
+
+      # Maybe autogenerate this from data.columns?
+      ro_access :id, :authz_id, :assigned_at, :last_updated_by, :created_at, :updated_at, :name, :full_name
+    end
+
+    #
+    # Some types have an org_id field and may be scoped to an org (some, like groups are able to be global as well)
+    # This sets up a filtered accessor that limits
+    #
+#    module ScopedType
+#      def self.included(base)
+#        pp :base=>base
+#        Org.scoped_type(base)
+#      end
+#    end
+
+    class Container < SqlObject
+      include AuthzContainerMixin
+
+      def initialize(data)
+        super(data)
+      end
+
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name
+    end
+    class Group < SqlObject
+      include AuthzGroupMixin
+
+      def initialize(data)
+        super(data)
+      end
+
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name
+    end
+
+    class User < SqlObject
+      include AuthzActorMixin
+      def initialize(data)
+        super(data)
+      end
+      name_field :username
+      ro_access :id, :authz_id, :last_updated_by, :created_at, :updated_at, :username, :email, :public_key, :pubkey_version, :serialized_object, :external_authentication_uid, :recovery_authentication_enabled, :admin, :hashed_password, :salt, :hash_type
+    end
+    class Client < SqlObject
+      include AuthzActorMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name
+    end
+
+    # Objects
+
+    # At the time of writing there are more objects in sql than we
+    # support here; we should add them. We have only covered the
+    # objects that have their own authz info
+    # Missing objects include:
+    # checksums cookbook_artifact_version_checksums
+    # cookbook_artifact_versions cookbook_artifact_versions_id_seq
+    # cookbook_artifacts_id_seq cookbook_version_checksums
+    # cookbook_version_dependencies cookbook_versions
+    # cookbook_versions_by_rank cookbooks_id_seq data_bag_items
+    # joined_cookbook_version keys keys_by_name node_policy opc_customers
+    # opc_customers_id_seq opc_users org_migration_state
+    # org_migration_state_id_seq policy_revisions
+    # policy_revisions_policy_groups_association sandboxed_checksums
+
+
+    class CookbookArtifact < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :name
+    end
+
+    class Cookbook < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :name
+    end
+
+    class DataBag < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name
+    end
+
+    # data bag item needs some prep work to do since it doesn't have authz stuff.
+
+    class Environment < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name, :serialized_object
+      # serialized_object requires work since most of the time it isn't wanted
+    end
+
+    class Node < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name, :serialized_object
+      # serialized_object requires work since most of the time it isn't wanted
+    end
+
+    class Policy < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :name
+      # serialized_object requires work since most of the time it isn't wanted
+    end
+
+    class PolicyGroup < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :name, :serialized_object
+      # serialized_object requires work since most of the time it isn't wanted
+    end
+
+    class Role < SqlObject
+      include AuthzObjectMixin
+      def initialize(data)
+        super(data)
+      end
+      ro_access :id, :org_id, :authz_id, :last_updated_by, :created_at, :updated_at, :name, :serialized_object
+      # serialized_object requires work since most of the time it isn't wanted
+    end
+
+    #
+    #
+    #
+    class SqlTable
+      include AuthzMapper
+
+      def self.max_count_default
+        50
+      end
+      
+      def get_table
+        :unknown_table
+      end
+      def mk_element(x)
+        x
+      end
+
+      def initialize(tablespec = nil)
+        ChefFixie::Sql.default_connection
+        @inner = tablespec || Sequel::Model(self.get_table)
+      end
+      def inner
+        # Make sure we have init
+        @inner
+      end
+
+      def filter_core(field, exp)
+        self.class.new(inner.filter(field=>exp))
+      end
+
+      def all(max_count=:default)
+        if max_count == :default
+          max_count = ChefFixie::Sql::SqlTable.max_count_default
+        end
+        if max_count != :all
+          return :too_many_results if (inner.count > max_count)
+        end
+        elements = inner.all.map {|org| mk_element(org) }
+      end
+
+      #
+      # TODO Improve these via define_method
+      # See http://blog.jayfields.com/2007/10/ruby-defining-class-methods.html
+      #     https://stackoverflow.com/questions/9658724/ruby-metaprogramming-class-eval/9658775#9658775
+      def self.primary(arg)
+        name = :"by_#{arg}"
+        self.class_eval("def [](arg); #{name}(arg).all(1).first; end")
+
+        listfun = <<EOLF
+def list(max_count=:default)
+  elements = all(max_count)
+  if elements == :too_many_results
+     elements
+  else
+     elements.map {|e| e.#{arg} }.sort
+  end
+end
+EOLF
+        self.class_eval(listfun)
+      end
+
+      def self.filter_by(*args)
+        args.each do |field|
+          name = "by_#{field}"
+          fundef = "def #{name}(exp); filter_core(:#{field},exp); end"
+          self.class_eval(fundef)
+        end
+      end
+
+      def self.table(name)
+        fundef = "def get_table; :#{name}; end"
+        self.class_eval(fundef)
+      end
+      # doesn't work yet
+      # element Org in class Orgs will fail because it can't find Org (undefined)
+      def self.element(name)
+        fundef = "ElementType = name; def mk_element(x); #{name}.new(x); end"
+        self.class_eval(fundef)
+      end
+    end
+
+    class Orgs < SqlTable
+      table :orgs
+      element Sql::Org
+      register_authz :org, :object
+
+      primary :name
+      filter_by :name, :id, :full_name, :authz_id
+
+      GlobalOrg = "0"*32
+
+      def self.org_guid_to_name(guid)
+        "global" if guid == GlobalOrg
+        # Cache the class
+        @orgs ||= Orgs.new
+        names = @orgs.by_id(guid).all(1)
+        if names.count == 1
+          names.first.name
+        else
+          "unknown-#{guid}"
+        end
+      end
+    end
+
+    class Associations < SqlTable
+      table :org_user_associations
+      filter_by :org_id, :user_id, :last_updated_by
+
+      def by_org_id_user_id(org_id, user_id)
+        # db table constraint guarantees that this is unique
+        inner.filter(:org_id=>org_id, :user_id=>user_id).all.first
+      end
+
+    end
+    class Invites < SqlTable
+      table :org_user_invites
+      filter_by :org_id, :user_id, :last_updated_by
+
+      def by_org_id_user_id(org_id, user_id)
+        # db table constraint guarantees that this is unique
+        inner.filter(:org_id=>org_id, :user_id=>user_id).all.first
+      end
+    end
+    class Users < SqlTable
+      table :users
+      element Sql::User
+      register_authz :user, :actor
+
+      primary :username
+      filter_by :id, :authz_id, :username, :email
+    end
+    class Clients < SqlTable
+      table :clients
+      element Sql::Client
+      register_authz :client, :actor
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+
+    class Containers < SqlTable
+      table :containers
+      element Sql::Container
+      register_authz :container, :container
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+    class Groups < SqlTable
+      table :groups
+      element Sql::Group
+      register_authz :group, :group
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+
+    # Objects
+    # todo check
+    class CookbookArtifacts < SqlTable
+      table :cookbook_artifacts
+      element Sql::CookbookArtifact
+      register_authz :cookbook_artifact, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id
+    end
+
+    class Cookbooks < SqlTable
+      table :cookbooks
+      element Sql::Cookbook
+      register_authz :cookbook, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id
+    end
+
+    class DataBags < SqlTable
+      table :data_bags
+      element Sql::DataBag
+      register_authz :data_bag, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+
+    class Environments < SqlTable
+      table :environments
+      element Sql::Environment
+      register_authz :environment, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+
+    class Nodes < SqlTable
+      table :nodes
+      element Sql::Node
+      register_authz :node, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+
+    class Policies < SqlTable
+      table :policies
+      element Sql::Policy
+      register_authz :policy, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id
+    end
+
+    class PolicyGroups < SqlTable
+      table :policy_groups
+      element Sql::PolicyGroup
+      register_authz :policygroup, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id
+    end
+
+    class Roles  < SqlTable
+      table :roles
+      element Sql::Role
+      register_authz :role, :object
+
+      primary :name
+      filter_by :name, :id, :org_id, :authz_id, :last_updated_by
+    end
+
+
+
+  end
+end