chef_fixie 0.4.0 → 0.5.0

data/lib/chef_fixie/check_org_associations.rb

@@ -18,40 +18,44 @@
 # Author: Mark Anderson <mark@chef.io>
 #
 
-require_relative 'config'
-require_relative 'authz_objects'
-require_relative 'authz_mapper'
-require_relative 'utility_helpers'
+require_relative "config"
+require_relative "authz_objects"
+require_relative "authz_mapper"
+require_relative "utility_helpers"
 
 module ChefFixie
   module CheckOrgAssociations
     def self.orgs
       @orgs ||= ChefFixie::Sql::Orgs.new
     end
+
     def self.users
       @users ||= ChefFixie::Sql::Users.new
     end
+
     def self.assocs
       @assocs ||= ChefFixie::Sql::Associations.new
     end
+
     def self.invites
       invites ||= ChefFixie::Sql::Invites.new
     end
 
     def self.make_user(user)
       if user.is_a?(String)
-        return users[user]
+        users[user]
       elsif user.is_a?(ChefFixie::Sql::User)
-        return user
+        user
       else
         raise "Expected a user, got a #{user.class}"
       end
     end
+
     def self.make_org(org)
       if org.is_a?(String)
-        return orgs[org]
+        orgs[org]
       elsif org.is_a?(ChefFixie::Sql::Org)
-        return org
+        org
       else
         raise "Expected an org, got a #{org.class}"
       end
@@ -61,7 +65,6 @@ module ChefFixie
       user = make_user(user)
       org = make_org(org)
       org.groups[user.id]
-
     end
 
     def self.check_association(org, user, global_admins = nil)
@@ -85,7 +88,7 @@ module ChefFixie
         return :user_not_in_usag
       end
 
-      if !org.groups['users'].member?(usag)
+      if !org.groups["users"].member?(usag)
         return :usag_not_in_users
       end
 
@@ -96,7 +99,7 @@ module ChefFixie
       if invites.by_org_id_user_id(org.id, user.id)
         return :zombie_invite
       end
-      return true
+      true
     end
 
     def self.fix_association(org, user, global_admins = nil)
@@ -105,7 +108,7 @@ module ChefFixie
       user = users[user] if user.is_a?(String)
       global_admins ||= org.global_admins
 
-      failure = check_association(org,user,global_admins)
+      failure = check_association(org, user, global_admins)
 
       case failure
       when true
@@ -115,14 +118,14 @@ module ChefFixie
         usag.group_add(user)
       when :usag_not_in_users
         usag = org.groups[user.id]
-        org.groups['users'].group_add(usag)
+        org.groups["users"].group_add(usag)
       when :global_admins_lacks_read
         user.ace_add(:read, global_admins)
       else
         puts "#{org.name} #{user.name} can't fix problem #{failure} yet"
         return false
       end
-      return true
+      true
     end
 
     def self.check_associations(org)
@@ -140,56 +143,54 @@ module ChefFixie
       users_assoc = assocs.by_org_id(org.id).all(:all)
       users_invite = invites.by_org_id(org.id).all(:all)
 
-      user_ids = users_assoc.map {|a| a.user_id }
-      users_in_org = user_ids.map {|i| users.by_id(i).all.first }
-      usernames = users_in_org.map {|u| u.name }
-
+      user_ids = users_assoc.map { |a| a.user_id }
+      users_in_org = user_ids.map { |i| users.by_id(i).all.first }
+      usernames = users_in_org.map { |u| u.name }
 
       # check that users aren't both invited and associated
-      invited_ids = users_invite.map {|a| a.user_id }
+      invited_ids = users_invite.map { |a| a.user_id }
       overlap_ids = user_ids & invited_ids
 
       if !overlap_ids.empty?
-        overlap_names = overlap_ids.map {|i| users.by_id(i).all.first.name rescue "#{i}" }
-        puts "#{orgname} users both associated and invited: #{overlap_names.join(', ') }"
+        overlap_names = overlap_ids.map { |i| users.by_id(i).all.first.name rescue "#{i}" }
+        puts "#{orgname} users both associated and invited: #{overlap_names.join(', ')}"
         success = false
       end
 
       # Check that we don't have zombie USAGs left around (not 100% reliable)
       # because someone could create a group that looks like a USAG
       possible_usags = org.groups.list(:all) - user_ids
-      usags = possible_usags.select {|n| n =~ /^\h+{20}$/ }
+      usags = possible_usags.select { |n| n =~ /^\h+{20}$/ }
       if !usags.empty?
-        puts "#{orgname} Suspicious USAGS without associated user #{usags.join(', ') }"
+        puts "#{orgname} Suspicious USAGS without associated user #{usags.join(', ')}"
       end
 
       # Check group membership for sanity
-      success &= check_group(org, 'billing-admins', usernames)
-      success &= check_group(org, 'admins', usernames)
+      success &= check_group(org, "billing-admins", usernames)
+      success &= check_group(org, "admins", usernames)
 
       # TODO check for non-usags in users!
-      users_members = org.groups['users'].group
-      users_actors = users_members['actors'] - [[:global, "pivotal"]]
+      users_members = org.groups["users"].group
+      users_actors = users_members["actors"] - [[:global, "pivotal"]]
       if !users_actors.empty?
         puts "#{orgname} has actors in it's users group #{users_actors}"
       end
-      non_usags = users_members['groups'].map {|g| g[1] } - user_ids
+      non_usags = users_members["groups"].map { |g| g[1] } - user_ids
       if !non_usags.empty?
         puts "#{orgname} warning: has non usags in it's users group #{non_usags.join(', ')}"
       end
 
-
       # Check individual associations
       users_in_org.each do |user|
-        result = self.check_association(org,user,global_admins)
-        if (result != true)
+        result = check_association(org, user, global_admins)
+        if result != true
           puts "Org #{orgname} Association check failed for #{user.name} #{result}"
           success = false
         end
       end
 
       puts "Org #{orgname} is #{success ? 'ok' : 'bad'} (#{users_in_org.count} users)"
-      return success
+      success
     end
 
     # expect at least one current user to be in admins and billing admins
@@ -199,21 +200,21 @@ module ChefFixie
         puts "#{orgname} Missing group #{groupname}"
         return :no_such_group
       end
-      actors = g.group['actors'].map {|x| x[1] }
+      actors = g.group["actors"].map { |x| x[1] }
       live = actors & users
 
       if live.count == 0
         puts "Org #{org.name} has no active users in #{groupname}"
         return false
       end
-      return true
+      true
     end
-    
+
     def self.remove_association(org, user)
       # magic to make usage easier
       org = make_org(org)
       user = make_user(user)
-      
+
       # remove USAG
       usag = org.groups[user.id]
       usag.delete if usag
@@ -222,16 +223,16 @@ module ChefFixie
       org.groups.all(:all).each do |g|
         g.group_delete(user) if g.member?(user)
       end
-      
+
       # remove read ACE
       user.ace_delete(:read, org.global_admins)
 
       # remove association record
-      assoc = assocs.by_org_id_user_id(org.id,user.id)
+      assoc = assocs.by_org_id_user_id(org.id, user.id)
       assoc.delete if assoc
 
       # remove any invites
-      invite = invites.by_org_id_user_id(org.id,user.id)
+      invite = invites.by_org_id_user_id(org.id, user.id)
       invite.delete if invite
     end
   end

data/lib/chef_fixie/config.rb

@@ -18,10 +18,10 @@
 #
 # Much of this code was orginally derived from the orgmapper tool, which had many varied authors.
 
-require 'singleton'
-require 'ffi_yajl'
-require 'pathname'
-require 'veil'
+require "singleton"
+require "ffi_yajl"
+require "pathname"
+require "veil"
 
 module ChefFixie
   def self.configure
@@ -66,7 +66,7 @@ module ChefFixie
     KEYS = [:authz_uri, :sql_database, :superuser_id, :pivotal_key]
     KEYS.each { |k| attr_accessor k }
 
-    def merge_opts(opts={})
+    def merge_opts(opts = {})
       opts.each do |key, value|
         send("#{key}=".to_sym, value)
       end
@@ -84,7 +84,7 @@ module ChefFixie
         key_len > max ? key_len : max
       end
       KEYS.each do |key|
-        value = send(key) || 'default'
+        value = send(key) || "default"
         txt << "# %#{max_key_len}s: %s" % [key.to_s, value]
       end
       txt.join("\n")
@@ -102,25 +102,25 @@ module ChefFixie
     def load_from_pc(dir = "/etc/opscode")
       configdir = Pathname.new(dir)
 
-      config_files = %w(chef-server-running.json)
+      config_files = %w{chef-server-running.json}
       config = load_json_from_path([configdir], config_files)
 
-      secrets = load_secrets_from_path([configdir], %w(private-chef-secrets.json) )
+      secrets = load_secrets_from_path([configdir], %w{private-chef-secrets.json} )
 
-      authz_config = config['private_chef']['oc_bifrost']
-      authz_vip = authz_config['vip']
-      authz_port = authz_config['port']
+      authz_config = config["private_chef"]["oc_bifrost"]
+      authz_vip = authz_config["vip"]
+      authz_port = authz_config["port"]
       @authz_uri = "http://#{authz_vip}:#{authz_port}"
 
-      @superuser_id = dig(secrets,['oc_bifrost','superuser_id']) || authz_config['superuser_id']
+      @superuser_id = dig(secrets, %w{oc_bifrost superuser_id}) || authz_config["superuser_id"]
 
-      sql_config = config['private_chef']['postgresql']
-      erchef_config = config['private_chef']['opscode-erchef']
+      sql_config = config["private_chef"]["postgresql"]
+      erchef_config = config["private_chef"]["opscode-erchef"]
 
-      sql_user = sql_config['sql_user'] || erchef_config['sql_user']
-      sql_pw = dig(secrets, ['opscode_erchef', 'sql_password']) || sql_config['sql_password'] || erchef_config['sql_password']
-      sql_vip = sql_config['vip']
-      sql_port = sql_config['port']
+      sql_user = sql_config["sql_user"] || erchef_config["sql_user"]
+      sql_pw = dig(secrets, %w{opscode_erchef sql_password}) || sql_config["sql_password"] || erchef_config["sql_password"]
+      sql_vip = sql_config["vip"]
+      sql_port = sql_config["port"]
 
       @sql_database = "postgres://#{sql_user}:#{sql_pw}@#{sql_vip}/opscode_chef"
 
@@ -139,6 +139,7 @@ module ChefFixie
         end
       end
     end
+
     def load_secrets_from_path(pathlist, filelist)
       pathlist.each do |path|
         filelist.each do |file|
@@ -156,7 +157,7 @@ module ChefFixie
       if hash.respond_to?(:get)
         hash.get(*list)
       elsif hash.nil?
-        nil?
+        nil
       elsif list.empty?
         hash
       else

data/lib/chef_fixie/console.rb

@@ -18,12 +18,12 @@
 #
 # Much of this code was orginally derived from the orgmapper tool, which had many varied authors.
 
-require 'optparse'
-require 'pp'
-require 'pry'
+require "optparse"
+require "pp"
+require "pry"
 
-require_relative '../chef_fixie'
-require_relative 'context'
+require_relative "../chef_fixie"
+require_relative "context"
 
 module ChefFixie
   module Console
@@ -47,9 +47,9 @@ module ChefFixie
       options = {}
       OptionParser.new do |opt|
         opt.banner = "Usage: fixie [config] [options]"
-        opt.on('--authz_uri AUTH_URI', "The URI of the opscode authz service") { |v| options[:authz_uri] =v }
-        opt.on("--sql_database DATABASE", 'The URI of the opscode_chef database') { |v| options[:sql_database] = v }
-        opt.on_tail('-h', '--help', 'Show this message') do
+        opt.on("--authz_uri AUTH_URI", "The URI of the opscode authz service") { |v| options[:authz_uri] = v }
+        opt.on("--sql_database DATABASE", "The URI of the opscode_chef database") { |v| options[:sql_database] = v }
+        opt.on_tail("-h", "--help", "Show this message") do
           puts opt
           puts "\nExample configuration file:\n\n"
           puts ChefFixie::Config.instance.example_config
@@ -68,7 +68,7 @@ module ChefFixie
       Pry.config.history.file = "~/.fixie_history"
       Pry.config.prompt_name = "fixie"
       Pry::Commands.block_command("fixie-help", "Show fixie's help") do
-      output.puts(<<-HALP)
+        output.puts(<<-HALP)
 ** ORGS **
 * access with ORGS or ORGS
 * access a specific org: ORGS['orgname']

data/lib/chef_fixie/context.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015 Chef Software Inc. 
+# Copyright (c) 2015 Chef Software Inc.
 # License :: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,9 +18,8 @@
 #
 # Much of this code was orginally derived from the orgmapper tool, which had many varied authors.
 
-
 module ChefFixie
-    module Context
+  module Context
 
     def describe_orgs
       OrgMetrics.org_stats(orgs)
@@ -67,6 +66,5 @@ module ChefFixie
 
       ChefFixie::Dissociator.dissociate_user(org, user)
     end
-
   end
 end

data/lib/chef_fixie/sql.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014-2015 Chef Software Inc. 
+# Copyright (c) 2014-2015 Chef Software Inc.
 # License :: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,20 +16,20 @@
 #
 # Author: Mark Anderson <mark@chef.io>
 
-require 'ffi_yajl'
-require 'uuidtools'
-require 'sequel'
+require "ffi_yajl"
+require "uuidtools"
+require "sequel"
 
-require_relative 'config'
+require_relative "config"
 
 Sequel.default_timezone = :utc
 
 module ChefFixie
   module Sql
-    
+
     class InvalidConfig < StandardError
     end
-    
+
     # A connection string passed to Sequel.connect()
     #
     # Examples:
@@ -46,25 +46,25 @@ module ChefFixie
 
     # Returns the connection string or raises an error if you didn't set one.
     def self.connection_string
-      @connection_string ||= ChefFixie.configure {|x| x.sql_database }
+      @connection_string ||= ChefFixie.configure { |x| x.sql_database }
     end
-    
+
     # Returns a Sequel::Data baseobject, which wraps access to the database.
     def self.default_connection
       @database ||= Sequel.connect(connection_string, :max_connections => 2)
       #      @database.loggers << Logger.new($stdout)
     end
-    
+
     # Generate a new UUID. Currently uses the v1 UUID scheme.
     def new_uuid
       UUIDTools::UUID.timestamp_create.hexdigest
     end
-    
+
     # Parse the portion of the object that's stored as a blob o' JSON
     def from_json(serialized_data)
       FFI_Yajl::Parser.parse(serialized_data, :symbolize_keys => true)
     end
-    
+
     # Encode the portion of the object that's stored as a blob o' JSON
     def as_json(data)
       FFI_Yajl::Encoder.encode(data)

data/lib/chef_fixie/sql_objects.rb

@@ -17,12 +17,12 @@
 # Author: Mark Anderson <mark@chef.io>
 #
 
-require 'pp'
-require 'sequel'
+require "pp"
+require "sequel"
 
-require_relative 'config'
-require_relative 'authz_objects'
-require_relative 'authz_mapper'
+require_relative "config"
+require_relative "authz_objects"
+require_relative "authz_mapper"
 
 Sequel.extension :inflector
 
@@ -51,25 +51,28 @@ module ChefFixie
           else
             class_or_name.class.to_s
           end
-        name.split('::')[-1]
+        name.split("::")[-1]
       end
 
       # The class for the table, e.g. Orgs
       def self.table_class(name)
-        name = self.to_name(name)
+        name = to_name(name)
         (base + name.to_s.pluralize.camelize).constantize
       end
+
       # The class for one instance of the object, e.g. Org
       def self.object_class(name)
-        name = self.to_name(name)
+        name = to_name(name)
         (base + name.to_s.singularize.camelize).constantize
       end
+
       def self.singular(name)
-        name = self.to_name(name)
+        name = to_name(name)
         name.to_s.singularize
       end
+
       def self.plural(name)
-        name = self.to_name(name)
+        name = to_name(name)
         name.to_s.pluralize
       end
     end
@@ -79,9 +82,11 @@ module ChefFixie
       def initialize(data)
         @data = data
       end
+
       def data
         @data
       end
+
       def table
         Relationships.table_class(self).new
       end
@@ -90,26 +95,27 @@ module ChefFixie
       def self.ro_access(*args)
         args.each do |field|
           fundef = "def #{field}; @data.#{field}; end"
-          self.class_eval(fundef)
+          class_eval(fundef)
         end
       end
       # TODO figure out model for write access
 
       def self.name_field(field)
         fundef = "def name; @data.#{field}; end"
-        self.class_eval(fundef)
+        class_eval(fundef)
       end
 
       def self.std_timestamp
         [:created_at, :updated_at].each do |i|
-          self.ro_access(i)
+          ro_access(i)
         end
       end
+
       # Pretty much any object with an authz id has these fields
       def self.std_authz
-        self.std_timestamp
+        std_timestamp
         [:authz_id, :last_updated_by].each do |i|
-          self.ro_access(i)
+          ro_access(i)
         end
       end
 
@@ -117,7 +123,7 @@ module ChefFixie
         rows = table.by_id(id)
         raise "id #{id} matches more than one object" if rows.all.count != 1
         rows.inner.delete
-        if self.respond_to?(:authz_delete)
+        if respond_to?(:authz_delete)
           authz_delete
         end
       end
@@ -131,13 +137,14 @@ module ChefFixie
           funname = Relationships.plural(object)
           # defer evaluation of mapper to make sure we have a chance for everyone to initialize
           fundef = "def #{funname}; Relationships.table_class(:#{object}).new.by_org_id(org_id); end"
-          self.class_eval(fundef)
+          class_eval(fundef)
         end
       end
 
       def initialize(data)
         super(data)
       end
+
       def org_id
         data[:id]
       end
@@ -158,7 +165,7 @@ module ChefFixie
       # TODO Write some tests to validate that this stuff
       # works, since it depends on a lot of name magic...
 
-      NAME_FIXUP = {"data" => "data_bags", "sandboxes" => nil}
+      NAME_FIXUP = { "data" => "data_bags", "sandboxes" => nil }
       def objects_by_container_type(container)
         name = NAME_FIXUP.has_key?(container) ? NAME_FIXUP[container] : container
         return [] if name.nil?
@@ -176,7 +183,7 @@ module ChefFixie
             yield objects
           end
         end
-        return
+        nil
       end
 
       def each_authz_object
@@ -185,7 +192,7 @@ module ChefFixie
             yield object
           end
         end
-        return
+        nil
       end
 
       scoped_type :container, :group, :client,
@@ -257,7 +264,6 @@ module ChefFixie
     # org_migration_state_id_seq policy_revisions
     # policy_revisions_policy_groups_association sandboxed_checksums
 
-
     class CookbookArtifact < SqlObject
       include AuthzObjectMixin
       def initialize(data)
@@ -342,31 +348,33 @@ module ChefFixie
       def get_table
         :unknown_table
       end
+
       def mk_element(x)
         x
       end
 
       def initialize(tablespec = nil)
         ChefFixie::Sql.default_connection
-        @inner = tablespec || Sequel::Model(self.get_table)
+        @inner = tablespec || Sequel::Model(get_table)
       end
+
       def inner
         # Make sure we have init
         @inner
       end
 
       def filter_core(field, exp)
-        self.class.new(inner.filter(field=>exp))
+        self.class.new(inner.filter(field => exp))
       end
 
-      def all(max_count=:default)
+      def all(max_count = :default)
         if max_count == :default
           max_count = ChefFixie::Sql::SqlTable.max_count_default
         end
         if max_count != :all
-          return :too_many_results if (inner.count > max_count)
+          return :too_many_results if inner.count > max_count
         end
-        elements = inner.all.map {|org| mk_element(org) }
+        elements = inner.all.map { |org| mk_element(org) }
       end
 
       #
@@ -375,7 +383,7 @@ module ChefFixie
       #     https://stackoverflow.com/questions/9658724/ruby-metaprogramming-class-eval/9658775#9658775
       def self.primary(arg)
         name = :"by_#{arg}"
-        self.class_eval("def [](arg); #{name}(arg).all(1).first; end")
+        class_eval("def [](arg); #{name}(arg).all(1).first; end")
 
         listfun = <<EOLF
 def list(max_count=:default)
@@ -387,26 +395,27 @@ def list(max_count=:default)
   end
 end
 EOLF
-        self.class_eval(listfun)
+        class_eval(listfun)
       end
 
       def self.filter_by(*args)
         args.each do |field|
           name = "by_#{field}"
           fundef = "def #{name}(exp); filter_core(:#{field},exp); end"
-          self.class_eval(fundef)
+          class_eval(fundef)
         end
       end
 
       def self.table(name)
         fundef = "def get_table; :#{name}; end"
-        self.class_eval(fundef)
+        class_eval(fundef)
       end
+
       # doesn't work yet
       # element Org in class Orgs will fail because it can't find Org (undefined)
       def self.element(name)
         fundef = "ElementType = name; def mk_element(x); #{name}.new(x); end"
-        self.class_eval(fundef)
+        class_eval(fundef)
       end
     end
 
@@ -418,7 +427,7 @@ EOLF
       primary :name
       filter_by :name, :id, :full_name, :authz_id
 
-      GlobalOrg = "0"*32
+      GlobalOrg = "0" * 32
 
       def self.org_guid_to_name(guid)
         "global" if guid == GlobalOrg
@@ -439,7 +448,7 @@ EOLF
 
       def by_org_id_user_id(org_id, user_id)
         # db table constraint guarantees that this is unique
-        inner.filter(:org_id=>org_id, :user_id=>user_id).all.first
+        inner.filter(:org_id => org_id, :user_id => user_id).all.first
       end
 
     end
@@ -449,7 +458,7 @@ EOLF
 
       def by_org_id_user_id(org_id, user_id)
         # db table constraint guarantees that this is unique
-        inner.filter(:org_id=>org_id, :user_id=>user_id).all.first
+        inner.filter(:org_id => org_id, :user_id => user_id).all.first
       end
     end
     class Users < SqlTable
@@ -551,7 +560,7 @@ EOLF
       filter_by :name, :id, :org_id, :authz_id
     end
 
-    class Roles  < SqlTable
+    class Roles < SqlTable
       table :roles
       element Sql::Role
       register_authz :role, :object
@@ -560,7 +569,5 @@ EOLF
       filter_by :name, :id, :org_id, :authz_id, :last_updated_by
     end
 
-
-
   end
 end