chef_fixie 0.4.0 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a42c53078d0d4728a6a2efa5e157d8aefee5d0672c530d61b2b50bc0694def17
-  data.tar.gz: cefac5cee97b8813b48237c4711a0aeab6f2975bd01e359d8c8151a54b5206c3
+  metadata.gz: 6f9f3e121b4bc8d0c056b65261ddabbffcd8abb8708a9e54b487c019980e9591
+  data.tar.gz: f697ae6863e27ab2617f75c0fad75f7f30badaa4600a15c92083b3050cd6f1e5
 SHA512:
-  metadata.gz: e6153d4cb98e6f62ac9148d6ba373edd770fa4e19253f41d4da25777f53a68a5f8b2424d0d3a531bf7cef0d1f568bbfca24ea7560af4fb8588c295bb1b63f342
-  data.tar.gz: 2d14e3079d2142adfdf6b61c414ca195f3a05c7fa9fd847995bce4962c78f37f32d6c28a2eff17a54abdb0f8e670e5982a85cf81df81f913dff85e3f98aa6305
+  metadata.gz: 12959f3b117d62fbf9022fd9c66d627af90d57ac6167c2845ed953b98faf01c9848926ba73a9b4dc7ffbbefb95f6917686f405fd7f7b3044a15235b9b0cfe018
+  data.tar.gz: e53841821e7ed30824bd9727e7feba59debeeeaddb0b25fe6ec0209c270c874f45c72e0f99a1b9c03acf9a0c525d302b777c76dd75538185bdf4ce954c94e7b8

data/README.md

@@ -1,7 +1,6 @@
-fixie
-=====
+# fixie
 
-Low level manipulation tool for Chef Server 12 and later.
+Low level manipulation tool for Chef Infra Server.
 
 This tool is in its very early stages, and should be used with great care.
 
@@ -47,14 +46,14 @@ github.
 
 |                      |                                          |
 |:---------------------|:-----------------------------------------|
-| **Copyright:**       | Copyright (c) 2014-2015 Chef Software, Inc.
+| **Copyright:**       | Copyright:: Chef Software, Inc.
 | **License:**         | Apache License, Version 2.0
 
 
 All files in the repository are licensed under the Apache 2.0 license. If any file is missing the License
 header it should assume the following is attached;
 
-Copyright 2014 Chef Software Inc.
+Copyright:: Chef Software Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/bin/chef_fixie

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
 
-require_relative '../lib/chef_fixie/console'
+require_relative "../lib/chef_fixie/console"
 
 ChefFixie::Console.start

data/doc/BulkFixup.md

@@ -15,7 +15,7 @@ If a key group is deleted (such as users)
 ```ruby
 users_group.ace_add([:create,:read,:update,:delete], org.groups['admins'])
 users_group.ace_add([:create,:read,:update,:delete], USERS['pivotal'])
-``
+```
 
 * Restore users to the appropriate container ACLs
 ```ruby

data/lib/chef_fixie/authz_mapper.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014-2015 Chef Software Inc. 
+# Copyright (c) 2014-2015 Chef Software Inc.
 # License :: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,9 +17,9 @@
 # Author: Mark Anderson <mark@chef.io>
 #
 
-require 'pp'
-require_relative 'config'
-require_relative 'authz_objects'
+require "pp"
+require_relative "config"
+require_relative "authz_objects"
 
 module ChefFixie
   module AuthzMapper
@@ -32,7 +32,7 @@ module ChefFixie
     #
     # Much of this might be better folded up into a sql stored procedure
     #
-   
+
     def self.included(base)
       base.extend(ClassMethods)
     end
@@ -44,9 +44,9 @@ module ChefFixie
       if objects.count == 1
         object = objects.first
         name = object.name
-        scope = 
-          if object.respond_to?(:org_id) 
-              ChefFixie::Sql::Orgs.org_guid_to_name(object.org_id)
+        scope =
+          if object.respond_to?(:org_id)
+            ChefFixie::Sql::Orgs.org_guid_to_name(object.org_id)
           else
             :global
           end
@@ -57,12 +57,12 @@ module ChefFixie
     end
 
     class ReverseMapper
-      attr_reader :names,:by_type, :instance
-                     
+      attr_reader :names, :by_type, :instance
+
       def initialize
         # name of object map
         @names ||= {}
-        @by_type ||= {:actor=>{}, :container=>{}, :group=>{}, :object=>{}}
+        @by_type ||= { :actor => {}, :container => {}, :group => {}, :object => {} }
         # maps class to a pre-created instance for efficiency
         @instance ||= {}
       end
@@ -75,14 +75,14 @@ module ChefFixie
         names[name] = klass
         by_type[type][name] = klass
       end
-      
+
       def dump
         pp names
       end
 
-      def authz_to_name(authz_id, ctype=nil)
+      def authz_to_name(authz_id, ctype = nil)
         types = if ctype.nil?
-                  AuthzUtils::Types
+                  AuthzUtils::TYPES
                 else
                   [ctype]
                 end
@@ -92,52 +92,50 @@ module ChefFixie
             return result if result != :unknown
           end
         end
-        return :unknown
+        :unknown
       end
     end
 
     def self.mapper
       @mapper ||= ReverseMapper.new
     end
-    
+
     def self.register(klass, name, type)
-      self.mapper.register(klass,name,type)
+      mapper.register(klass, name, type)
     end
 
     # Translates the json from authz for group membership and acls into a human readable form
     # This makes some assumptions about the shape of the data structure, but works well enough to
     # be quite useful
     def self.struct_to_name(s)
-      mapper = AuthzMapper::mapper      
+      mapper = AuthzMapper.mapper
       if s.kind_of?(Hash)
         s.keys.inject({}) do |h, k|
           v = s[k]
           if v.kind_of?(Array)
             case k
-            when 'actors'
-              h[k] = v.map {|a| mapper.authz_to_name(a,:actor) } #.sort We should sort these, but the way we're returning unknown causes sort 
-            when 'groups'
-              h[k] = v.map {|a| mapper.authz_to_name(a,:group) } #.sort to fail
+            when "actors"
+              h[k] = v.map { |a| mapper.authz_to_name(a, :actor) } #.sort We should sort these, but the way we're returning unknown causes sort
+            when "groups"
+              h[k] = v.map { |a| mapper.authz_to_name(a, :group) } #.sort to fail
             else
               h[k] = v
             end
           else
-            h[k] = self.struct_to_name(v)
+            h[k] = struct_to_name(v)
           end
           h
         end
       end
     end
-    
+
     module ClassMethods
       # TODO: We should be able to automatically figure out the type somehow.
       # At minimum should figure out a self check
       def register_authz(name, type)
-        AuthzMapper::register(self,name,type)
+        AuthzMapper.register(self, name, type)
       end
     end
-    
+
   end
 end
-
-  

data/lib/chef_fixie/authz_objects.rb

@@ -17,16 +17,16 @@
 # Author: Mark Anderson <mark@chef.io>
 #
 
-require 'pp'
-require 'ffi_yajl'
-require 'chef/http'
+require "pp"
+require "ffi_yajl"
+require "chef/http"
 
-require_relative 'config'
+require_relative "config"
 
 module ChefFixie
 
   class AuthzApi
-    def initialize(user=nil)
+    def initialize(user = nil)
       @requestor_authz = user ? user : ChefFixie.configure { |x| x.superuser_id }
       @auth_uri ||= ChefFixie.configure { |x| x.authz_uri }
       @rest = Chef::HTTP.new(@auth_uri)
@@ -42,38 +42,41 @@ module ChefFixie
 
     def get(resource)
       result = @rest.get(resource,
-                         'Content-Type'=>'application/json',
-                         'Accept'=>'application/json',
-                         'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
+                         "Content-Type" => "application/json",
+                         "Accept" => "application/json",
+                         "X-Ops-Requesting-Actor-Id" => @requestor_authz)
       FFI_Yajl::Parser.parse(result)
     end
+
     def put(resource, data)
-      result = @rest.put(resource, self.json_helper(data),
-                         'Content-Type'=>'application/json',
-                         'Accept'=>'application/json',
-                         'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
+      result = @rest.put(resource, json_helper(data),
+                         "Content-Type" => "application/json",
+                         "Accept" => "application/json",
+                         "X-Ops-Requesting-Actor-Id" => @requestor_authz)
       FFI_Yajl::Parser.parse(result)
     end
+
     def post(resource, data)
-      result = @rest.post(resource, self.json_helper(data),
-                          'Content-Type'=>'application/json',
-                          'Accept'=>'application/json',
-                          'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
+      result = @rest.post(resource, json_helper(data),
+                          "Content-Type" => "application/json",
+                          "Accept" => "application/json",
+                          "X-Ops-Requesting-Actor-Id" => @requestor_authz)
       FFI_Yajl::Parser.parse(result)
     end
+
     def delete(resource)
       result = @rest.delete(resource,
-                            'Content-Type'=>'application/json',
-                            'Accept'=>'application/json',
-                            'X-Ops-Requesting-Actor-Id'=>@requestor_authz)
+                            "Content-Type" => "application/json",
+                            "Accept" => "application/json",
+                            "X-Ops-Requesting-Actor-Id" => @requestor_authz)
       FFI_Yajl::Parser.parse(result)
     end
 
   end
 
   module AuthzUtils
-    Types = [:object,:actor,:group,:container] # order is an attempt to optimize by most probable.
-    Actions = [:create, :read, :update, :delete, :grant]
+    TYPES = [:object, :actor, :group, :container] # order is an attempt to optimize by most probable.
+    ACTIONS = [:create, :read, :update, :delete, :grant]
 
     def to_resource(t)
       # This is a rails thing... t.to_s.pluralize
@@ -81,20 +84,20 @@ module ChefFixie
     end
 
     def get_type(id)
-      Types.each do |t|
+      TYPES.each do |t|
         begin
-          r = AuthzApi.get("#{self.to_resource(t)}/#{id}")
+          r = AuthzApi.get("#{to_resource(t)}/#{id}")
           return t
-        rescue RestClient::ResourceNotFound=>e
+        rescue RestClient::ResourceNotFound => e
           # expected if not found
         end
       end
-      return :none
+      :none
     end
 
     def check_action(action)
       # TODO Improve; stack trace isn't the best way to communicate with the user
-      raise "#{action} not one of #{Actions.join(', ')} " if !Actions.member?(action)
+      raise "#{action} not one of #{ACTIONS.join(', ')} " if !ACTIONS.member?(action)
     end
 
     def check_actor_or_group(a_or_g)
@@ -102,7 +105,7 @@ module ChefFixie
     end
 
     def resourcify_actor_or_group(a_or_g)
-      return a_or_g if ["actors", "groups"].member?(a_or_g)
+      return a_or_g if %w{actors groups}.member?(a_or_g)
       check_actor_or_group(a_or_g)
       to_resource(a_or_g)
     end
@@ -131,10 +134,9 @@ module ChefFixie
     end
 
     def authz_api
-       @@authz_apiAsSuperUser ||= AuthzApi.new
+      @@authz_api_as_superuser ||= AuthzApi.new
     end
 
-
     # we expect to be mixed in with a class that has the authz_id method
     def prefix
       "#{to_resource(type)}/#{authz_id}"
@@ -152,6 +154,7 @@ module ChefFixie
     def acl_raw
       authz_api.get("#{prefix}/acl")
     end
+
     # Todo: filter this by scope and type
     def acl
       ChefFixie::AuthzMapper.struct_to_name(acl_raw)
@@ -165,11 +168,11 @@ module ChefFixie
       [resource, ace]
     end
 
-
     def ace_raw(action)
-      resource,ace = ace_get_util(action)
+      resource, ace = ace_get_util(action)
       ace
     end
+
     # Todo: filter this by scope and type
     def ace(action)
       ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
@@ -177,14 +180,11 @@ module ChefFixie
 
     def expand_actions(action)
       if action == :all
-        action = AuthzUtils::Actions
+        action = AuthzUtils::ACTIONS
       end
       action.is_a?(Array) ? action : [action]
-    end
-
+    end # add actor or group to acl
 
-
-    # add actor or group to acl
     def ace_add_raw(action, actor_or_group, entity)
       # groups or actors
       a_or_g_resource = resourcify_actor_or_group(actor_or_group)
@@ -194,9 +194,10 @@ module ChefFixie
       ace[a_or_g_resource].uniq!
       authz_api.put("#{resource}", ace)
     end
+
     def ace_add(action, entity)
       actions = expand_actions(action)
-      actions.each {|a| ace_add_raw(a, entity.type, entity) }
+      actions.each { |a| ace_add_raw(a, entity.type, entity) }
     end
 
     def ace_delete_raw(action, actor_or_group, entity)
@@ -211,7 +212,7 @@ module ChefFixie
 
     def ace_delete(action, entity)
       actions = expand_actions(action)
-      actions.each {|a| ace_delete_raw(a, entity.type, entity) }
+      actions.each { |a| ace_delete_raw(a, entity.type, entity) }
     end
 
     def ace_member?(action, entity)
@@ -220,7 +221,6 @@ module ChefFixie
       ace[a_or_g_resource].member?(entity.authz_id)
     end
 
-
     def acl_add_from_object(object)
       src = object.acl_raw
 
@@ -258,18 +258,21 @@ module ChefFixie
     def group_raw
       authz_api.get("#{prefix}")
     end
+
     # Todo: filter this by scope and type
     def group
       ChefFixie::AuthzMapper.struct_to_name(group_raw)
     end
+
     def list
       group
     end
 
     def group_add_raw(actor_or_group, entity)
       entity_resource = to_resource(actor_or_group)
-      authz_api.put("#{prefix}/#{entity_resource}/#{entity.authz_id}",{})
+      authz_api.put("#{prefix}/#{entity_resource}/#{entity.authz_id}", {})
     end
+
     def group_add(entity)
       group_add_raw(entity.type, entity)
     end
@@ -285,7 +288,7 @@ module ChefFixie
 
     def member?(entity)
       members = group_raw
-      return members[resourcify_actor_or_group(entity.type)].member?(entity.authz_id)
+      members[resourcify_actor_or_group(entity.type)].member?(entity.authz_id)
     end
   end
 

data/lib/chef_fixie/bulk_edit_permissions.rb

@@ -16,50 +16,53 @@
 #
 # Author: Mark Anderson <mark@chef.io>
 #
-require 'sequel'
+require "sequel"
 
-require_relative 'config.rb'
-require_relative 'authz_objects.rb'
-require_relative 'authz_mapper.rb'
+require_relative "config.rb"
+require_relative "authz_objects.rb"
+require_relative "authz_mapper.rb"
 
-require 'pp'
+require "pp"
 
 module ChefFixie
   module BulkEditPermissions
     def self.orgs
       @orgs ||= ChefFixie::Sql::Orgs.new
     end
+
     def self.users
       @users ||= ChefFixie::Sql::Users.new
     end
+
     def self.assocs
       @assocs ||= ChefFixie::Sql::Associations.new
     end
+
     def self.invites
       invites ||= ChefFixie::Sql::Invites.new
     end
 
     def self.check_permissions(org)
       org = orgs[org] if org.is_a?(String)
-      admins = org.groups['admins'].authz_id
-      pivotal = users['pivotal'].authz_id
+      admins = org.groups["admins"].authz_id
+      pivotal = users["pivotal"].authz_id
       errors = Hash.new({})
       org.each_authz_object do |object|
-        begin 
+        begin
           acl = object.acl_raw
-        rescue RestClient::ResourceNotFound=>e
+        rescue RestClient::ResourceNotFound => e
           puts "#{object.class} '#{object.name}' id '#{object.id}' missing authz info"
           # pp :object=>object, :e=>e
           next
         end
         broken_acl = {}
         # the one special case
-        acl.each do |k,v|
+        acl.each do |k, v|
           list = []
-          list << "pivotal" if !v['actors'].member?(pivotal)
+          list << "pivotal" if !v["actors"].member?(pivotal)
           # admins doesn't belong to the billing admins group
-          if object.class != ChefFixie::Sql::Group || object.name != 'billing-admins'
-            list << "admins" if !v['groups'].member?(admins)
+          if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
+            list << "admins" if !v["groups"].member?(admins)
           end
           broken_acl[k] = list if !list.empty?
         end
@@ -69,7 +72,7 @@ module ChefFixie
           errors[classname][object.name] = broken_acl
         end
       end
-      return errors
+      errors
     end
 
     def self.ace_add(list, ace_type, entity)
@@ -78,17 +81,18 @@ module ChefFixie
           item.ace_add(ace_type, entity)
         else
           puts "item.class is not a native authz type"
-          return
+          return nil
         end
       end
     end
+
     def self.ace_delete(list, ace_type, entity)
       list.each do |item|
         if item.respond_to?(:ace_delete)
           item.ace_delete(ace_type, entity)
         else
           puts "item.class is not a native authz type"
-          return
+          return nil
         end
       end
     end
@@ -128,11 +132,11 @@ module ChefFixie
     def self.add_admin_permissions(org)
       org = orgs[org] if org.is_a?(String)
       # rework when ace add takes multiple items...
-      admins = org.groups['admins']
-      pivotal = users['pivotal']
+      admins = org.groups["admins"]
+      pivotal = users["pivotal"]
       org.each_authz_object do |object|
         object.ace_add(:all, pivotal)
-        if object.class != ChefFixie::Sql::Group || object.name != 'billing-admins'
+        if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
           object.ace_add(:all, admins)
         end
       end
@@ -150,7 +154,7 @@ module ChefFixie
           puts "#{obj.name} from #{c.name}"
         end
       end
-      return
+      nil
     end
 
   end