chef_fixie 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a42c53078d0d4728a6a2efa5e157d8aefee5d0672c530d61b2b50bc0694def17
4
- data.tar.gz: cefac5cee97b8813b48237c4711a0aeab6f2975bd01e359d8c8151a54b5206c3
3
+ metadata.gz: 2b7aaa7e7efbd722314241465a721c57ed73c0abdfab5f13dcd7a1ddd3058157
4
+ data.tar.gz: 1b5c3d001760bb3e2cee276bee33b8a49521af5e91604910c3d1d49f07c20d0d
5
5
  SHA512:
6
- metadata.gz: e6153d4cb98e6f62ac9148d6ba373edd770fa4e19253f41d4da25777f53a68a5f8b2424d0d3a531bf7cef0d1f568bbfca24ea7560af4fb8588c295bb1b63f342
7
- data.tar.gz: 2d14e3079d2142adfdf6b61c414ca195f3a05c7fa9fd847995bce4962c78f37f32d6c28a2eff17a54abdb0f8e670e5982a85cf81df81f913dff85e3f98aa6305
6
+ metadata.gz: c12b81f65474fd9691018a4e0aeea14e247ea108aee4cd71563412949c76047c0568b9e4aebb65eadc2bfba15ad33b4e15984718e3473cdd70d9f5cb6baea131
7
+ data.tar.gz: 259ed111d9a4ca24437f2eb2c6091a86d97b07bfee10ce4085ee08a0b289eea58ff95128c60b58c4f2af14980debc118f2f58b03d582ea67d3a0714af2450acd
data/bin/chef_fixie CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
2
 
3
- require_relative '../lib/chef_fixie/console'
3
+ require_relative "../lib/chef_fixie/console"
4
4
 
5
5
  ChefFixie::Console.start
data/doc/BulkFixup.md CHANGED
@@ -15,7 +15,7 @@ If a key group is deleted (such as users)
15
15
  ```ruby
16
16
  users_group.ace_add([:create,:read,:update,:delete], org.groups['admins'])
17
17
  users_group.ace_add([:create,:read,:update,:delete], USERS['pivotal'])
18
- ``
18
+ ```
19
19
 
20
20
  * Restore users to the appropriate container ACLs
21
21
  ```ruby
data/lib/chef_fixie.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  #
2
- # Copyright (c) 2014-2015 Chef Software Inc.
2
+ # Copyright (c) 2014-2015 Chef Software Inc.
3
3
  # License :: Apache License, Version 2.0
4
4
  #
5
5
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,13 +16,13 @@
16
16
  #
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
 
19
- require 'sequel'
20
- require_relative 'chef_fixie/config'
21
- require_relative 'chef_fixie/sql'
22
- require_relative 'chef_fixie/sql_objects'
19
+ require "sequel"
20
+ require_relative "chef_fixie/config"
21
+ require_relative "chef_fixie/sql"
22
+ require_relative "chef_fixie/sql_objects"
23
23
 
24
24
  # This doesn't work because of initialization order, figure it out.
25
- require_relative 'chef_fixie/check_org_associations'
26
- require_relative 'chef_fixie/bulk_edit_permissions'
25
+ require_relative "chef_fixie/check_org_associations"
26
+ require_relative "chef_fixie/bulk_edit_permissions"
27
27
 
28
28
  Sequel.extension :inflector
@@ -1,5 +1,5 @@
1
1
  #
2
- # Copyright (c) 2014-2015 Chef Software Inc.
2
+ # Copyright (c) 2014-2015 Chef Software Inc.
3
3
  # License :: Apache License, Version 2.0
4
4
  #
5
5
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,9 +17,9 @@
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
  #
19
19
 
20
- require 'pp'
21
- require_relative 'config'
22
- require_relative 'authz_objects'
20
+ require "pp"
21
+ require_relative "config"
22
+ require_relative "authz_objects"
23
23
 
24
24
  module ChefFixie
25
25
  module AuthzMapper
@@ -32,7 +32,7 @@ module ChefFixie
32
32
  #
33
33
  # Much of this might be better folded up into a sql stored procedure
34
34
  #
35
-
35
+
36
36
  def self.included(base)
37
37
  base.extend(ClassMethods)
38
38
  end
@@ -44,9 +44,9 @@ module ChefFixie
44
44
  if objects.count == 1
45
45
  object = objects.first
46
46
  name = object.name
47
- scope =
48
- if object.respond_to?(:org_id)
49
- ChefFixie::Sql::Orgs.org_guid_to_name(object.org_id)
47
+ scope =
48
+ if object.respond_to?(:org_id)
49
+ ChefFixie::Sql::Orgs.org_guid_to_name(object.org_id)
50
50
  else
51
51
  :global
52
52
  end
@@ -57,12 +57,12 @@ module ChefFixie
57
57
  end
58
58
 
59
59
  class ReverseMapper
60
- attr_reader :names,:by_type, :instance
61
-
60
+ attr_reader :names, :by_type, :instance
61
+
62
62
  def initialize
63
63
  # name of object map
64
64
  @names ||= {}
65
- @by_type ||= {:actor=>{}, :container=>{}, :group=>{}, :object=>{}}
65
+ @by_type ||= { :actor => {}, :container => {}, :group => {}, :object => {} }
66
66
  # maps class to a pre-created instance for efficiency
67
67
  @instance ||= {}
68
68
  end
@@ -75,14 +75,14 @@ module ChefFixie
75
75
  names[name] = klass
76
76
  by_type[type][name] = klass
77
77
  end
78
-
78
+
79
79
  def dump
80
80
  pp names
81
81
  end
82
82
 
83
- def authz_to_name(authz_id, ctype=nil)
83
+ def authz_to_name(authz_id, ctype = nil)
84
84
  types = if ctype.nil?
85
- AuthzUtils::Types
85
+ AuthzUtils::TYPES
86
86
  else
87
87
  [ctype]
88
88
  end
@@ -92,52 +92,50 @@ module ChefFixie
92
92
  return result if result != :unknown
93
93
  end
94
94
  end
95
- return :unknown
95
+ :unknown
96
96
  end
97
97
  end
98
98
 
99
99
  def self.mapper
100
100
  @mapper ||= ReverseMapper.new
101
101
  end
102
-
102
+
103
103
  def self.register(klass, name, type)
104
- self.mapper.register(klass,name,type)
104
+ mapper.register(klass, name, type)
105
105
  end
106
106
 
107
107
  # Translates the json from authz for group membership and acls into a human readable form
108
108
  # This makes some assumptions about the shape of the data structure, but works well enough to
109
109
  # be quite useful
110
110
  def self.struct_to_name(s)
111
- mapper = AuthzMapper::mapper
111
+ mapper = AuthzMapper.mapper
112
112
  if s.kind_of?(Hash)
113
113
  s.keys.inject({}) do |h, k|
114
114
  v = s[k]
115
115
  if v.kind_of?(Array)
116
116
  case k
117
- when 'actors'
118
- h[k] = v.map {|a| mapper.authz_to_name(a,:actor) } #.sort We should sort these, but the way we're returning unknown causes sort
119
- when 'groups'
120
- h[k] = v.map {|a| mapper.authz_to_name(a,:group) } #.sort to fail
117
+ when "actors"
118
+ h[k] = v.map { |a| mapper.authz_to_name(a, :actor) } #.sort We should sort these, but the way we're returning unknown causes sort
119
+ when "groups"
120
+ h[k] = v.map { |a| mapper.authz_to_name(a, :group) } #.sort to fail
121
121
  else
122
122
  h[k] = v
123
123
  end
124
124
  else
125
- h[k] = self.struct_to_name(v)
125
+ h[k] = struct_to_name(v)
126
126
  end
127
127
  h
128
128
  end
129
129
  end
130
130
  end
131
-
131
+
132
132
  module ClassMethods
133
133
  # TODO: We should be able to automatically figure out the type somehow.
134
134
  # At minimum should figure out a self check
135
135
  def register_authz(name, type)
136
- AuthzMapper::register(self,name,type)
136
+ AuthzMapper.register(self, name, type)
137
137
  end
138
138
  end
139
-
139
+
140
140
  end
141
141
  end
142
-
143
-
@@ -17,16 +17,16 @@
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
  #
19
19
 
20
- require 'pp'
21
- require 'ffi_yajl'
22
- require 'chef/http'
20
+ require "pp"
21
+ require "ffi_yajl"
22
+ require "chef/http"
23
23
 
24
- require_relative 'config'
24
+ require_relative "config"
25
25
 
26
26
  module ChefFixie
27
27
 
28
28
  class AuthzApi
29
- def initialize(user=nil)
29
+ def initialize(user = nil)
30
30
  @requestor_authz = user ? user : ChefFixie.configure { |x| x.superuser_id }
31
31
  @auth_uri ||= ChefFixie.configure { |x| x.authz_uri }
32
32
  @rest = Chef::HTTP.new(@auth_uri)
@@ -42,38 +42,41 @@ module ChefFixie
42
42
 
43
43
  def get(resource)
44
44
  result = @rest.get(resource,
45
- 'Content-Type'=>'application/json',
46
- 'Accept'=>'application/json',
47
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
45
+ "Content-Type" => "application/json",
46
+ "Accept" => "application/json",
47
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
48
48
  FFI_Yajl::Parser.parse(result)
49
49
  end
50
+
50
51
  def put(resource, data)
51
- result = @rest.put(resource, self.json_helper(data),
52
- 'Content-Type'=>'application/json',
53
- 'Accept'=>'application/json',
54
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
52
+ result = @rest.put(resource, json_helper(data),
53
+ "Content-Type" => "application/json",
54
+ "Accept" => "application/json",
55
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
55
56
  FFI_Yajl::Parser.parse(result)
56
57
  end
58
+
57
59
  def post(resource, data)
58
- result = @rest.post(resource, self.json_helper(data),
59
- 'Content-Type'=>'application/json',
60
- 'Accept'=>'application/json',
61
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
60
+ result = @rest.post(resource, json_helper(data),
61
+ "Content-Type" => "application/json",
62
+ "Accept" => "application/json",
63
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
62
64
  FFI_Yajl::Parser.parse(result)
63
65
  end
66
+
64
67
  def delete(resource)
65
68
  result = @rest.delete(resource,
66
- 'Content-Type'=>'application/json',
67
- 'Accept'=>'application/json',
68
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
69
+ "Content-Type" => "application/json",
70
+ "Accept" => "application/json",
71
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
69
72
  FFI_Yajl::Parser.parse(result)
70
73
  end
71
74
 
72
75
  end
73
76
 
74
77
  module AuthzUtils
75
- Types = [:object,:actor,:group,:container] # order is an attempt to optimize by most probable.
76
- Actions = [:create, :read, :update, :delete, :grant]
78
+ TYPES = [:object, :actor, :group, :container] # order is an attempt to optimize by most probable.
79
+ ACTIONS = [:create, :read, :update, :delete, :grant]
77
80
 
78
81
  def to_resource(t)
79
82
  # This is a rails thing... t.to_s.pluralize
@@ -81,20 +84,20 @@ module ChefFixie
81
84
  end
82
85
 
83
86
  def get_type(id)
84
- Types.each do |t|
87
+ TYPES.each do |t|
85
88
  begin
86
- r = AuthzApi.get("#{self.to_resource(t)}/#{id}")
89
+ r = AuthzApi.get("#{to_resource(t)}/#{id}")
87
90
  return t
88
- rescue RestClient::ResourceNotFound=>e
91
+ rescue RestClient::ResourceNotFound => e
89
92
  # expected if not found
90
93
  end
91
94
  end
92
- return :none
95
+ :none
93
96
  end
94
97
 
95
98
  def check_action(action)
96
99
  # TODO Improve; stack trace isn't the best way to communicate with the user
97
- raise "#{action} not one of #{Actions.join(', ')} " if !Actions.member?(action)
100
+ raise "#{action} not one of #{ACTIONS.join(', ')} " if !ACTIONS.member?(action)
98
101
  end
99
102
 
100
103
  def check_actor_or_group(a_or_g)
@@ -102,7 +105,7 @@ module ChefFixie
102
105
  end
103
106
 
104
107
  def resourcify_actor_or_group(a_or_g)
105
- return a_or_g if ["actors", "groups"].member?(a_or_g)
108
+ return a_or_g if %w{actors groups}.member?(a_or_g)
106
109
  check_actor_or_group(a_or_g)
107
110
  to_resource(a_or_g)
108
111
  end
@@ -131,10 +134,9 @@ module ChefFixie
131
134
  end
132
135
 
133
136
  def authz_api
134
- @@authz_apiAsSuperUser ||= AuthzApi.new
137
+ @@authz_api_as_superuser ||= AuthzApi.new
135
138
  end
136
139
 
137
-
138
140
  # we expect to be mixed in with a class that has the authz_id method
139
141
  def prefix
140
142
  "#{to_resource(type)}/#{authz_id}"
@@ -152,6 +154,7 @@ module ChefFixie
152
154
  def acl_raw
153
155
  authz_api.get("#{prefix}/acl")
154
156
  end
157
+
155
158
  # Todo: filter this by scope and type
156
159
  def acl
157
160
  ChefFixie::AuthzMapper.struct_to_name(acl_raw)
@@ -165,11 +168,11 @@ module ChefFixie
165
168
  [resource, ace]
166
169
  end
167
170
 
168
-
169
171
  def ace_raw(action)
170
- resource,ace = ace_get_util(action)
172
+ resource, ace = ace_get_util(action)
171
173
  ace
172
174
  end
175
+
173
176
  # Todo: filter this by scope and type
174
177
  def ace(action)
175
178
  ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
@@ -177,14 +180,11 @@ module ChefFixie
177
180
 
178
181
  def expand_actions(action)
179
182
  if action == :all
180
- action = AuthzUtils::Actions
183
+ action = AuthzUtils::ACTIONS
181
184
  end
182
185
  action.is_a?(Array) ? action : [action]
183
- end
184
-
186
+ end # add actor or group to acl
185
187
 
186
-
187
- # add actor or group to acl
188
188
  def ace_add_raw(action, actor_or_group, entity)
189
189
  # groups or actors
190
190
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
@@ -194,9 +194,10 @@ module ChefFixie
194
194
  ace[a_or_g_resource].uniq!
195
195
  authz_api.put("#{resource}", ace)
196
196
  end
197
+
197
198
  def ace_add(action, entity)
198
199
  actions = expand_actions(action)
199
- actions.each {|a| ace_add_raw(a, entity.type, entity) }
200
+ actions.each { |a| ace_add_raw(a, entity.type, entity) }
200
201
  end
201
202
 
202
203
  def ace_delete_raw(action, actor_or_group, entity)
@@ -211,7 +212,7 @@ module ChefFixie
211
212
 
212
213
  def ace_delete(action, entity)
213
214
  actions = expand_actions(action)
214
- actions.each {|a| ace_delete_raw(a, entity.type, entity) }
215
+ actions.each { |a| ace_delete_raw(a, entity.type, entity) }
215
216
  end
216
217
 
217
218
  def ace_member?(action, entity)
@@ -220,7 +221,6 @@ module ChefFixie
220
221
  ace[a_or_g_resource].member?(entity.authz_id)
221
222
  end
222
223
 
223
-
224
224
  def acl_add_from_object(object)
225
225
  src = object.acl_raw
226
226
 
@@ -258,18 +258,21 @@ module ChefFixie
258
258
  def group_raw
259
259
  authz_api.get("#{prefix}")
260
260
  end
261
+
261
262
  # Todo: filter this by scope and type
262
263
  def group
263
264
  ChefFixie::AuthzMapper.struct_to_name(group_raw)
264
265
  end
266
+
265
267
  def list
266
268
  group
267
269
  end
268
270
 
269
271
  def group_add_raw(actor_or_group, entity)
270
272
  entity_resource = to_resource(actor_or_group)
271
- authz_api.put("#{prefix}/#{entity_resource}/#{entity.authz_id}",{})
273
+ authz_api.put("#{prefix}/#{entity_resource}/#{entity.authz_id}", {})
272
274
  end
275
+
273
276
  def group_add(entity)
274
277
  group_add_raw(entity.type, entity)
275
278
  end
@@ -285,7 +288,7 @@ module ChefFixie
285
288
 
286
289
  def member?(entity)
287
290
  members = group_raw
288
- return members[resourcify_actor_or_group(entity.type)].member?(entity.authz_id)
291
+ members[resourcify_actor_or_group(entity.type)].member?(entity.authz_id)
289
292
  end
290
293
  end
291
294
 
@@ -16,50 +16,53 @@
16
16
  #
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
  #
19
- require 'sequel'
19
+ require "sequel"
20
20
 
21
- require_relative 'config.rb'
22
- require_relative 'authz_objects.rb'
23
- require_relative 'authz_mapper.rb'
21
+ require_relative "config.rb"
22
+ require_relative "authz_objects.rb"
23
+ require_relative "authz_mapper.rb"
24
24
 
25
- require 'pp'
25
+ require "pp"
26
26
 
27
27
  module ChefFixie
28
28
  module BulkEditPermissions
29
29
  def self.orgs
30
30
  @orgs ||= ChefFixie::Sql::Orgs.new
31
31
  end
32
+
32
33
  def self.users
33
34
  @users ||= ChefFixie::Sql::Users.new
34
35
  end
36
+
35
37
  def self.assocs
36
38
  @assocs ||= ChefFixie::Sql::Associations.new
37
39
  end
40
+
38
41
  def self.invites
39
42
  invites ||= ChefFixie::Sql::Invites.new
40
43
  end
41
44
 
42
45
  def self.check_permissions(org)
43
46
  org = orgs[org] if org.is_a?(String)
44
- admins = org.groups['admins'].authz_id
45
- pivotal = users['pivotal'].authz_id
47
+ admins = org.groups["admins"].authz_id
48
+ pivotal = users["pivotal"].authz_id
46
49
  errors = Hash.new({})
47
50
  org.each_authz_object do |object|
48
- begin
51
+ begin
49
52
  acl = object.acl_raw
50
- rescue RestClient::ResourceNotFound=>e
53
+ rescue RestClient::ResourceNotFound => e
51
54
  puts "#{object.class} '#{object.name}' id '#{object.id}' missing authz info"
52
55
  # pp :object=>object, :e=>e
53
56
  next
54
57
  end
55
58
  broken_acl = {}
56
59
  # the one special case
57
- acl.each do |k,v|
60
+ acl.each do |k, v|
58
61
  list = []
59
- list << "pivotal" if !v['actors'].member?(pivotal)
62
+ list << "pivotal" if !v["actors"].member?(pivotal)
60
63
  # admins doesn't belong to the billing admins group
61
- if object.class != ChefFixie::Sql::Group || object.name != 'billing-admins'
62
- list << "admins" if !v['groups'].member?(admins)
64
+ if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
65
+ list << "admins" if !v["groups"].member?(admins)
63
66
  end
64
67
  broken_acl[k] = list if !list.empty?
65
68
  end
@@ -69,7 +72,7 @@ module ChefFixie
69
72
  errors[classname][object.name] = broken_acl
70
73
  end
71
74
  end
72
- return errors
75
+ errors
73
76
  end
74
77
 
75
78
  def self.ace_add(list, ace_type, entity)
@@ -78,17 +81,18 @@ module ChefFixie
78
81
  item.ace_add(ace_type, entity)
79
82
  else
80
83
  puts "item.class is not a native authz type"
81
- return
84
+ return nil
82
85
  end
83
86
  end
84
87
  end
88
+
85
89
  def self.ace_delete(list, ace_type, entity)
86
90
  list.each do |item|
87
91
  if item.respond_to?(:ace_delete)
88
92
  item.ace_delete(ace_type, entity)
89
93
  else
90
94
  puts "item.class is not a native authz type"
91
- return
95
+ return nil
92
96
  end
93
97
  end
94
98
  end
@@ -128,11 +132,11 @@ module ChefFixie
128
132
  def self.add_admin_permissions(org)
129
133
  org = orgs[org] if org.is_a?(String)
130
134
  # rework when ace add takes multiple items...
131
- admins = org.groups['admins']
132
- pivotal = users['pivotal']
135
+ admins = org.groups["admins"]
136
+ pivotal = users["pivotal"]
133
137
  org.each_authz_object do |object|
134
138
  object.ace_add(:all, pivotal)
135
- if object.class != ChefFixie::Sql::Group || object.name != 'billing-admins'
139
+ if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
136
140
  object.ace_add(:all, admins)
137
141
  end
138
142
  end
@@ -150,7 +154,7 @@ module ChefFixie
150
154
  puts "#{obj.name} from #{c.name}"
151
155
  end
152
156
  end
153
- return
157
+ nil
154
158
  end
155
159
 
156
160
  end