chef_fixie 0.4.0 → 1.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a42c53078d0d4728a6a2efa5e157d8aefee5d0672c530d61b2b50bc0694def17
4
- data.tar.gz: cefac5cee97b8813b48237c4711a0aeab6f2975bd01e359d8c8151a54b5206c3
3
+ metadata.gz: 6f9f3e121b4bc8d0c056b65261ddabbffcd8abb8708a9e54b487c019980e9591
4
+ data.tar.gz: f697ae6863e27ab2617f75c0fad75f7f30badaa4600a15c92083b3050cd6f1e5
5
5
  SHA512:
6
- metadata.gz: e6153d4cb98e6f62ac9148d6ba373edd770fa4e19253f41d4da25777f53a68a5f8b2424d0d3a531bf7cef0d1f568bbfca24ea7560af4fb8588c295bb1b63f342
7
- data.tar.gz: 2d14e3079d2142adfdf6b61c414ca195f3a05c7fa9fd847995bce4962c78f37f32d6c28a2eff17a54abdb0f8e670e5982a85cf81df81f913dff85e3f98aa6305
6
+ metadata.gz: 12959f3b117d62fbf9022fd9c66d627af90d57ac6167c2845ed953b98faf01c9848926ba73a9b4dc7ffbbefb95f6917686f405fd7f7b3044a15235b9b0cfe018
7
+ data.tar.gz: e53841821e7ed30824bd9727e7feba59debeeeaddb0b25fe6ec0209c270c874f45c72e0f99a1b9c03acf9a0c525d302b777c76dd75538185bdf4ce954c94e7b8
data/README.md CHANGED
@@ -1,7 +1,6 @@
1
- fixie
2
- =====
1
+ # fixie
3
2
 
4
- Low level manipulation tool for Chef Server 12 and later.
3
+ Low level manipulation tool for Chef Infra Server.
5
4
 
6
5
  This tool is in its very early stages, and should be used with great care.
7
6
 
@@ -47,14 +46,14 @@ github.
47
46
 
48
47
  | | |
49
48
  |:---------------------|:-----------------------------------------|
50
- | **Copyright:** | Copyright (c) 2014-2015 Chef Software, Inc.
49
+ | **Copyright:** | Copyright:: Chef Software, Inc.
51
50
  | **License:** | Apache License, Version 2.0
52
51
 
53
52
 
54
53
  All files in the repository are licensed under the Apache 2.0 license. If any file is missing the License
55
54
  header it should assume the following is attached;
56
55
 
57
- Copyright 2014 Chef Software Inc.
56
+ Copyright:: Chef Software Inc.
58
57
 
59
58
  Licensed under the Apache License, Version 2.0 (the "License");
60
59
  you may not use this file except in compliance with the License.
data/bin/chef_fixie CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
2
 
3
- require_relative '../lib/chef_fixie/console'
3
+ require_relative "../lib/chef_fixie/console"
4
4
 
5
5
  ChefFixie::Console.start
data/doc/BulkFixup.md CHANGED
@@ -15,7 +15,7 @@ If a key group is deleted (such as users)
15
15
  ```ruby
16
16
  users_group.ace_add([:create,:read,:update,:delete], org.groups['admins'])
17
17
  users_group.ace_add([:create,:read,:update,:delete], USERS['pivotal'])
18
- ``
18
+ ```
19
19
 
20
20
  * Restore users to the appropriate container ACLs
21
21
  ```ruby
@@ -1,5 +1,5 @@
1
1
  #
2
- # Copyright (c) 2014-2015 Chef Software Inc.
2
+ # Copyright (c) 2014-2015 Chef Software Inc.
3
3
  # License :: Apache License, Version 2.0
4
4
  #
5
5
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,9 +17,9 @@
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
  #
19
19
 
20
- require 'pp'
21
- require_relative 'config'
22
- require_relative 'authz_objects'
20
+ require "pp"
21
+ require_relative "config"
22
+ require_relative "authz_objects"
23
23
 
24
24
  module ChefFixie
25
25
  module AuthzMapper
@@ -32,7 +32,7 @@ module ChefFixie
32
32
  #
33
33
  # Much of this might be better folded up into a sql stored procedure
34
34
  #
35
-
35
+
36
36
  def self.included(base)
37
37
  base.extend(ClassMethods)
38
38
  end
@@ -44,9 +44,9 @@ module ChefFixie
44
44
  if objects.count == 1
45
45
  object = objects.first
46
46
  name = object.name
47
- scope =
48
- if object.respond_to?(:org_id)
49
- ChefFixie::Sql::Orgs.org_guid_to_name(object.org_id)
47
+ scope =
48
+ if object.respond_to?(:org_id)
49
+ ChefFixie::Sql::Orgs.org_guid_to_name(object.org_id)
50
50
  else
51
51
  :global
52
52
  end
@@ -57,12 +57,12 @@ module ChefFixie
57
57
  end
58
58
 
59
59
  class ReverseMapper
60
- attr_reader :names,:by_type, :instance
61
-
60
+ attr_reader :names, :by_type, :instance
61
+
62
62
  def initialize
63
63
  # name of object map
64
64
  @names ||= {}
65
- @by_type ||= {:actor=>{}, :container=>{}, :group=>{}, :object=>{}}
65
+ @by_type ||= { :actor => {}, :container => {}, :group => {}, :object => {} }
66
66
  # maps class to a pre-created instance for efficiency
67
67
  @instance ||= {}
68
68
  end
@@ -75,14 +75,14 @@ module ChefFixie
75
75
  names[name] = klass
76
76
  by_type[type][name] = klass
77
77
  end
78
-
78
+
79
79
  def dump
80
80
  pp names
81
81
  end
82
82
 
83
- def authz_to_name(authz_id, ctype=nil)
83
+ def authz_to_name(authz_id, ctype = nil)
84
84
  types = if ctype.nil?
85
- AuthzUtils::Types
85
+ AuthzUtils::TYPES
86
86
  else
87
87
  [ctype]
88
88
  end
@@ -92,52 +92,50 @@ module ChefFixie
92
92
  return result if result != :unknown
93
93
  end
94
94
  end
95
- return :unknown
95
+ :unknown
96
96
  end
97
97
  end
98
98
 
99
99
  def self.mapper
100
100
  @mapper ||= ReverseMapper.new
101
101
  end
102
-
102
+
103
103
  def self.register(klass, name, type)
104
- self.mapper.register(klass,name,type)
104
+ mapper.register(klass, name, type)
105
105
  end
106
106
 
107
107
  # Translates the json from authz for group membership and acls into a human readable form
108
108
  # This makes some assumptions about the shape of the data structure, but works well enough to
109
109
  # be quite useful
110
110
  def self.struct_to_name(s)
111
- mapper = AuthzMapper::mapper
111
+ mapper = AuthzMapper.mapper
112
112
  if s.kind_of?(Hash)
113
113
  s.keys.inject({}) do |h, k|
114
114
  v = s[k]
115
115
  if v.kind_of?(Array)
116
116
  case k
117
- when 'actors'
118
- h[k] = v.map {|a| mapper.authz_to_name(a,:actor) } #.sort We should sort these, but the way we're returning unknown causes sort
119
- when 'groups'
120
- h[k] = v.map {|a| mapper.authz_to_name(a,:group) } #.sort to fail
117
+ when "actors"
118
+ h[k] = v.map { |a| mapper.authz_to_name(a, :actor) } #.sort We should sort these, but the way we're returning unknown causes sort
119
+ when "groups"
120
+ h[k] = v.map { |a| mapper.authz_to_name(a, :group) } #.sort to fail
121
121
  else
122
122
  h[k] = v
123
123
  end
124
124
  else
125
- h[k] = self.struct_to_name(v)
125
+ h[k] = struct_to_name(v)
126
126
  end
127
127
  h
128
128
  end
129
129
  end
130
130
  end
131
-
131
+
132
132
  module ClassMethods
133
133
  # TODO: We should be able to automatically figure out the type somehow.
134
134
  # At minimum should figure out a self check
135
135
  def register_authz(name, type)
136
- AuthzMapper::register(self,name,type)
136
+ AuthzMapper.register(self, name, type)
137
137
  end
138
138
  end
139
-
139
+
140
140
  end
141
141
  end
142
-
143
-
@@ -17,16 +17,16 @@
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
  #
19
19
 
20
- require 'pp'
21
- require 'ffi_yajl'
22
- require 'chef/http'
20
+ require "pp"
21
+ require "ffi_yajl"
22
+ require "chef/http"
23
23
 
24
- require_relative 'config'
24
+ require_relative "config"
25
25
 
26
26
  module ChefFixie
27
27
 
28
28
  class AuthzApi
29
- def initialize(user=nil)
29
+ def initialize(user = nil)
30
30
  @requestor_authz = user ? user : ChefFixie.configure { |x| x.superuser_id }
31
31
  @auth_uri ||= ChefFixie.configure { |x| x.authz_uri }
32
32
  @rest = Chef::HTTP.new(@auth_uri)
@@ -42,38 +42,41 @@ module ChefFixie
42
42
 
43
43
  def get(resource)
44
44
  result = @rest.get(resource,
45
- 'Content-Type'=>'application/json',
46
- 'Accept'=>'application/json',
47
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
45
+ "Content-Type" => "application/json",
46
+ "Accept" => "application/json",
47
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
48
48
  FFI_Yajl::Parser.parse(result)
49
49
  end
50
+
50
51
  def put(resource, data)
51
- result = @rest.put(resource, self.json_helper(data),
52
- 'Content-Type'=>'application/json',
53
- 'Accept'=>'application/json',
54
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
52
+ result = @rest.put(resource, json_helper(data),
53
+ "Content-Type" => "application/json",
54
+ "Accept" => "application/json",
55
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
55
56
  FFI_Yajl::Parser.parse(result)
56
57
  end
58
+
57
59
  def post(resource, data)
58
- result = @rest.post(resource, self.json_helper(data),
59
- 'Content-Type'=>'application/json',
60
- 'Accept'=>'application/json',
61
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
60
+ result = @rest.post(resource, json_helper(data),
61
+ "Content-Type" => "application/json",
62
+ "Accept" => "application/json",
63
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
62
64
  FFI_Yajl::Parser.parse(result)
63
65
  end
66
+
64
67
  def delete(resource)
65
68
  result = @rest.delete(resource,
66
- 'Content-Type'=>'application/json',
67
- 'Accept'=>'application/json',
68
- 'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
69
+ "Content-Type" => "application/json",
70
+ "Accept" => "application/json",
71
+ "X-Ops-Requesting-Actor-Id" => @requestor_authz)
69
72
  FFI_Yajl::Parser.parse(result)
70
73
  end
71
74
 
72
75
  end
73
76
 
74
77
  module AuthzUtils
75
- Types = [:object,:actor,:group,:container] # order is an attempt to optimize by most probable.
76
- Actions = [:create, :read, :update, :delete, :grant]
78
+ TYPES = [:object, :actor, :group, :container] # order is an attempt to optimize by most probable.
79
+ ACTIONS = [:create, :read, :update, :delete, :grant]
77
80
 
78
81
  def to_resource(t)
79
82
  # This is a rails thing... t.to_s.pluralize
@@ -81,20 +84,20 @@ module ChefFixie
81
84
  end
82
85
 
83
86
  def get_type(id)
84
- Types.each do |t|
87
+ TYPES.each do |t|
85
88
  begin
86
- r = AuthzApi.get("#{self.to_resource(t)}/#{id}")
89
+ r = AuthzApi.get("#{to_resource(t)}/#{id}")
87
90
  return t
88
- rescue RestClient::ResourceNotFound=>e
91
+ rescue RestClient::ResourceNotFound => e
89
92
  # expected if not found
90
93
  end
91
94
  end
92
- return :none
95
+ :none
93
96
  end
94
97
 
95
98
  def check_action(action)
96
99
  # TODO Improve; stack trace isn't the best way to communicate with the user
97
- raise "#{action} not one of #{Actions.join(', ')} " if !Actions.member?(action)
100
+ raise "#{action} not one of #{ACTIONS.join(', ')} " if !ACTIONS.member?(action)
98
101
  end
99
102
 
100
103
  def check_actor_or_group(a_or_g)
@@ -102,7 +105,7 @@ module ChefFixie
102
105
  end
103
106
 
104
107
  def resourcify_actor_or_group(a_or_g)
105
- return a_or_g if ["actors", "groups"].member?(a_or_g)
108
+ return a_or_g if %w{actors groups}.member?(a_or_g)
106
109
  check_actor_or_group(a_or_g)
107
110
  to_resource(a_or_g)
108
111
  end
@@ -131,10 +134,9 @@ module ChefFixie
131
134
  end
132
135
 
133
136
  def authz_api
134
- @@authz_apiAsSuperUser ||= AuthzApi.new
137
+ @@authz_api_as_superuser ||= AuthzApi.new
135
138
  end
136
139
 
137
-
138
140
  # we expect to be mixed in with a class that has the authz_id method
139
141
  def prefix
140
142
  "#{to_resource(type)}/#{authz_id}"
@@ -152,6 +154,7 @@ module ChefFixie
152
154
  def acl_raw
153
155
  authz_api.get("#{prefix}/acl")
154
156
  end
157
+
155
158
  # Todo: filter this by scope and type
156
159
  def acl
157
160
  ChefFixie::AuthzMapper.struct_to_name(acl_raw)
@@ -165,11 +168,11 @@ module ChefFixie
165
168
  [resource, ace]
166
169
  end
167
170
 
168
-
169
171
  def ace_raw(action)
170
- resource,ace = ace_get_util(action)
172
+ resource, ace = ace_get_util(action)
171
173
  ace
172
174
  end
175
+
173
176
  # Todo: filter this by scope and type
174
177
  def ace(action)
175
178
  ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
@@ -177,14 +180,11 @@ module ChefFixie
177
180
 
178
181
  def expand_actions(action)
179
182
  if action == :all
180
- action = AuthzUtils::Actions
183
+ action = AuthzUtils::ACTIONS
181
184
  end
182
185
  action.is_a?(Array) ? action : [action]
183
- end
184
-
186
+ end # add actor or group to acl
185
187
 
186
-
187
- # add actor or group to acl
188
188
  def ace_add_raw(action, actor_or_group, entity)
189
189
  # groups or actors
190
190
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
@@ -194,9 +194,10 @@ module ChefFixie
194
194
  ace[a_or_g_resource].uniq!
195
195
  authz_api.put("#{resource}", ace)
196
196
  end
197
+
197
198
  def ace_add(action, entity)
198
199
  actions = expand_actions(action)
199
- actions.each {|a| ace_add_raw(a, entity.type, entity) }
200
+ actions.each { |a| ace_add_raw(a, entity.type, entity) }
200
201
  end
201
202
 
202
203
  def ace_delete_raw(action, actor_or_group, entity)
@@ -211,7 +212,7 @@ module ChefFixie
211
212
 
212
213
  def ace_delete(action, entity)
213
214
  actions = expand_actions(action)
214
- actions.each {|a| ace_delete_raw(a, entity.type, entity) }
215
+ actions.each { |a| ace_delete_raw(a, entity.type, entity) }
215
216
  end
216
217
 
217
218
  def ace_member?(action, entity)
@@ -220,7 +221,6 @@ module ChefFixie
220
221
  ace[a_or_g_resource].member?(entity.authz_id)
221
222
  end
222
223
 
223
-
224
224
  def acl_add_from_object(object)
225
225
  src = object.acl_raw
226
226
 
@@ -258,18 +258,21 @@ module ChefFixie
258
258
  def group_raw
259
259
  authz_api.get("#{prefix}")
260
260
  end
261
+
261
262
  # Todo: filter this by scope and type
262
263
  def group
263
264
  ChefFixie::AuthzMapper.struct_to_name(group_raw)
264
265
  end
266
+
265
267
  def list
266
268
  group
267
269
  end
268
270
 
269
271
  def group_add_raw(actor_or_group, entity)
270
272
  entity_resource = to_resource(actor_or_group)
271
- authz_api.put("#{prefix}/#{entity_resource}/#{entity.authz_id}",{})
273
+ authz_api.put("#{prefix}/#{entity_resource}/#{entity.authz_id}", {})
272
274
  end
275
+
273
276
  def group_add(entity)
274
277
  group_add_raw(entity.type, entity)
275
278
  end
@@ -285,7 +288,7 @@ module ChefFixie
285
288
 
286
289
  def member?(entity)
287
290
  members = group_raw
288
- return members[resourcify_actor_or_group(entity.type)].member?(entity.authz_id)
291
+ members[resourcify_actor_or_group(entity.type)].member?(entity.authz_id)
289
292
  end
290
293
  end
291
294
 
@@ -16,50 +16,53 @@
16
16
  #
17
17
  # Author: Mark Anderson <mark@chef.io>
18
18
  #
19
- require 'sequel'
19
+ require "sequel"
20
20
 
21
- require_relative 'config.rb'
22
- require_relative 'authz_objects.rb'
23
- require_relative 'authz_mapper.rb'
21
+ require_relative "config.rb"
22
+ require_relative "authz_objects.rb"
23
+ require_relative "authz_mapper.rb"
24
24
 
25
- require 'pp'
25
+ require "pp"
26
26
 
27
27
  module ChefFixie
28
28
  module BulkEditPermissions
29
29
  def self.orgs
30
30
  @orgs ||= ChefFixie::Sql::Orgs.new
31
31
  end
32
+
32
33
  def self.users
33
34
  @users ||= ChefFixie::Sql::Users.new
34
35
  end
36
+
35
37
  def self.assocs
36
38
  @assocs ||= ChefFixie::Sql::Associations.new
37
39
  end
40
+
38
41
  def self.invites
39
42
  invites ||= ChefFixie::Sql::Invites.new
40
43
  end
41
44
 
42
45
  def self.check_permissions(org)
43
46
  org = orgs[org] if org.is_a?(String)
44
- admins = org.groups['admins'].authz_id
45
- pivotal = users['pivotal'].authz_id
47
+ admins = org.groups["admins"].authz_id
48
+ pivotal = users["pivotal"].authz_id
46
49
  errors = Hash.new({})
47
50
  org.each_authz_object do |object|
48
- begin
51
+ begin
49
52
  acl = object.acl_raw
50
- rescue RestClient::ResourceNotFound=>e
53
+ rescue RestClient::ResourceNotFound => e
51
54
  puts "#{object.class} '#{object.name}' id '#{object.id}' missing authz info"
52
55
  # pp :object=>object, :e=>e
53
56
  next
54
57
  end
55
58
  broken_acl = {}
56
59
  # the one special case
57
- acl.each do |k,v|
60
+ acl.each do |k, v|
58
61
  list = []
59
- list << "pivotal" if !v['actors'].member?(pivotal)
62
+ list << "pivotal" if !v["actors"].member?(pivotal)
60
63
  # admins doesn't belong to the billing admins group
61
- if object.class != ChefFixie::Sql::Group || object.name != 'billing-admins'
62
- list << "admins" if !v['groups'].member?(admins)
64
+ if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
65
+ list << "admins" if !v["groups"].member?(admins)
63
66
  end
64
67
  broken_acl[k] = list if !list.empty?
65
68
  end
@@ -69,7 +72,7 @@ module ChefFixie
69
72
  errors[classname][object.name] = broken_acl
70
73
  end
71
74
  end
72
- return errors
75
+ errors
73
76
  end
74
77
 
75
78
  def self.ace_add(list, ace_type, entity)
@@ -78,17 +81,18 @@ module ChefFixie
78
81
  item.ace_add(ace_type, entity)
79
82
  else
80
83
  puts "item.class is not a native authz type"
81
- return
84
+ return nil
82
85
  end
83
86
  end
84
87
  end
88
+
85
89
  def self.ace_delete(list, ace_type, entity)
86
90
  list.each do |item|
87
91
  if item.respond_to?(:ace_delete)
88
92
  item.ace_delete(ace_type, entity)
89
93
  else
90
94
  puts "item.class is not a native authz type"
91
- return
95
+ return nil
92
96
  end
93
97
  end
94
98
  end
@@ -128,11 +132,11 @@ module ChefFixie
128
132
  def self.add_admin_permissions(org)
129
133
  org = orgs[org] if org.is_a?(String)
130
134
  # rework when ace add takes multiple items...
131
- admins = org.groups['admins']
132
- pivotal = users['pivotal']
135
+ admins = org.groups["admins"]
136
+ pivotal = users["pivotal"]
133
137
  org.each_authz_object do |object|
134
138
  object.ace_add(:all, pivotal)
135
- if object.class != ChefFixie::Sql::Group || object.name != 'billing-admins'
139
+ if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
136
140
  object.ace_add(:all, admins)
137
141
  end
138
142
  end
@@ -150,7 +154,7 @@ module ChefFixie
150
154
  puts "#{obj.name} from #{c.name}"
151
155
  end
152
156
  end
153
- return
157
+ nil
154
158
  end
155
159
 
156
160
  end