cheffish 0.1

data/lib/chef/provider/public_key.rb

@@ -0,0 +1,83 @@
+require 'chef/provider/lwrp_base'
+require 'openssl'
+require 'cheffish/key_formatter'
+
+class Chef::Provider::PublicKey < Chef::Provider::LWRPBase
+
+  action :create do
+    if !new_source_key
+      raise "No source key specified"
+    end
+    desired_output = encode_public_key(new_source_key)
+    if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path)
+      converge_by "write #{new_resource.format} public key #{new_resource.path} from #{new_source_key_publicity} key #{new_resource.source_key_path}" do
+        IO.write(new_resource.path, desired_output)
+        # TODO permissions on file?
+      end
+    end
+  end
+
+  action :delete do
+    if Array(current_resource.action) == [ :create ]
+      converge_by "delete public key #{new_resource.path}" do
+        ::File.unlink(new_resource.path)
+      end
+    end
+  end
+
+  def whyrun_supported?
+    true
+  end
+
+  def encode_public_key(key)
+    key_format = {}
+    key_format[:format] = new_resource.format if new_resource.format
+    Cheffish::KeyFormatter.encode(key, key_format)
+  end
+
+  attr_reader :current_public_key
+  attr_reader :new_source_key_publicity
+
+  def new_source_key
+    @new_source_key ||= begin
+      if new_resource.source_key.is_a?(String)
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
+      elsif new_resource.source_key
+        source_key = new_resource.source_key
+      elsif new_resource.source_key_path
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
+      else
+        return nil
+      end
+
+      if source_key.private?
+        @new_source_key_publicity = 'private'
+        source_key.public_key
+      else
+        @new_source_key_publicity = 'public'
+        source_key
+      end
+    end
+  end
+
+  def load_current_resource
+    if ::File.exist?(new_resource.path)
+      resource = Chef::Resource::PublicKey.new(new_resource.path)
+      begin
+        key, key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.path), nil, new_resource.path)
+        if key
+          @current_public_key = key
+          resource.format key_format[:format]
+        end
+      rescue
+        # If there is an error reading we assume format and such is broken
+      end
+
+      @current_resource = resource
+    else
+      not_found_resource = Chef::Resource::PublicKey.new(new_resource.path)
+      not_found_resource.action :delete
+      @current_resource = not_found_resource
+    end
+  end
+end

data/lib/chef/resource/chef_client.rb

@@ -0,0 +1,44 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefClient < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_client'
+
+  actions :create, :delete, :regenerate_keys, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server Cheffish.enclosing_chef_server
+  end
+
+  # Client attributes
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :admin, :kind_of => [TrueClass, FalseClass]
+  attribute :validator, :kind_of => [TrueClass, FalseClass]
+
+  # Input key
+  attribute :source_key # String or OpenSSL::PKey::*
+  attribute :source_key_path, :kind_of => String
+  attribute :source_key_pass_phrase
+
+  # Output public key (if so desired)
+  attribute :output_key_path, :kind_of => String
+  attribute :output_key_format, :kind_of => Symbol, :default => :openssh, :equal_to => [ :pem, :der, :openssh ]
+
+  # If this is set, client is not patchy
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  # Proc that runs just before the resource executes.  Called with (resource)
+  def before(&block)
+    block ? @before = block : @before
+  end
+
+  # Proc that runs after the resource completes.  Called with (resource, json, private_key, public_key)
+  def after(&block)
+    block ? @after = block : @after
+  end
+end

data/lib/chef/resource/chef_data_bag.rb

@@ -0,0 +1,18 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefDataBag < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_data_bag'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server Cheffish.enclosing_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_data_bag_item.rb

@@ -0,0 +1,114 @@
+require 'cheffish'
+require 'chef/config'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefDataBagItem < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_data_bag_item'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    name @name
+    if !data_bag
+      data_bag Cheffish.enclosing_data_bag
+    end
+    if Cheffish.enclosing_data_bag_item_encryption
+      @encrypt = true if Cheffish.enclosing_data_bag_item_encryption[:encrypt_all]
+      @secret = Cheffish.enclosing_data_bag_item_encryption[:secret]
+      @secret_path = Cheffish.enclosing_data_bag_item_encryption[:secret_path] || Chef::Config[:encrypted_data_bag_secret]
+      @encryption_cipher = Cheffish.enclosing_data_bag_item_encryption[:encryption_cipher]
+      @encryption_version = Cheffish.enclosing_data_bag_item_encryption[:encryption_version]
+      @old_secret = Cheffish.enclosing_data_bag_item_encryption[:old_secret]
+      @old_secret_path = Cheffish.enclosing_data_bag_item_encryption[:old_secret_path]
+    end
+    chef_server Cheffish.enclosing_chef_server
+  end
+
+  def name(*args)
+    result = super(*args)
+    if args.size == 1
+      parts = name.split('/')
+      if parts.size == 1
+        @id = parts[0]
+      elsif parts.size == 2
+        @data_bag = parts[0]
+        @id = parts[1]
+      else
+        raise "Name #{args[0].inspect} must be a string with 1 or 2 parts, either 'id' or 'data_bag/id"
+      end
+    end
+    result
+  end
+
+  NOT_PASSED = Object.new
+  def id(value = NOT_PASSED)
+    if value == NOT_PASSED
+      @id
+    else
+      @id = value
+      name data_bag ? "#{data_bag}/#{id}" : id
+    end
+  end
+  def data_bag(value = NOT_PASSED)
+    if value == NOT_PASSED
+      @data_bag
+    else
+      @data_bag = value
+      name data_bag ? "#{data_bag}/#{id}" : id
+    end
+  end
+  attribute :raw_data, :kind_of => Hash
+
+  # If secret or secret_path are set, encrypt is assumed true.  encrypt exists mainly for with_secret and with_secret_path
+  attribute :encrypt, :kind_of => [TrueClass, FalseClass]
+  #attribute :secret, :kind_of => String
+  def secret(new_secret = nil)
+    if !new_secret
+      @secret
+    else
+      @secret = new_secret
+      @encrypt = true if @encrypt.nil?
+    end
+  end
+  #attribute :secret_path, :kind_of => String
+  def secret_path(new_secret_path = nil)
+    if !new_secret_path
+      @secret_path
+    else
+      @secret_path = new_secret_path
+      @encrypt = true if @encrypt.nil?
+    end
+  end
+  attribute :encryption_version, :kind_of => Integer, :default => Chef::Config[:data_bag_encrypt_version]
+
+  # Old secret (or secrets) to read the old data bag when we are changing keys and re-encrypting data
+  attribute :old_secret, :kind_of => [String, Array]
+  attribute :old_secret_path, :kind_of => [String, Array]
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  # value 'ip_address', '127.0.0.1'
+  # value [ 'pushy', 'port' ], '9000'
+  # value 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # value 'ip_address', :delete
+  attr_reader :raw_data_modifiers
+  def value(raw_data_path, value=NOT_PASSED, &block)
+    @raw_data_modifiers ||= []
+    if value != NOT_PASSED
+      @raw_data_modifiers << [ raw_data_path, value ]
+    elsif block
+      @raw_data_modifiers << [ raw_data_path, block ]
+    else
+      raise "value requires either a value or a block"
+    end
+  end
+end

data/lib/chef/resource/chef_environment.rb

@@ -0,0 +1,71 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/environment'
+
+class Chef::Resource::ChefEnvironment < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_environment'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server Cheffish.enclosing_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :description, :kind_of => String
+  attribute :cookbook_versions, :kind_of => Hash, :callbacks => {
+    "should have valid cookbook versions" => lambda { |value| Chef::Environment.validate_cookbook_versions(value) }
+  }
+  attribute :default_attributes, :kind_of => Hash
+  attribute :override_attributes, :kind_of => Hash
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  NOT_PASSED=Object.new
+
+  # default 'ip_address', '127.0.0.1'
+  # default [ 'pushy', 'port' ], '9000'
+  # default 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # default 'ip_address', :delete
+  attr_reader :default_attribute_modifiers
+  def default(attribute_path, value=NOT_PASSED, &block)
+    @default_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @default_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @default_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "default requires either a value or a block"
+    end
+  end
+
+  # override 'ip_address', '127.0.0.1'
+  # override [ 'pushy', 'port' ], '9000'
+  # override 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # override 'ip_address', :delete
+  attr_reader :override_attribute_modifiers
+  def override(attribute_path, value=NOT_PASSED, &block)
+    @override_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @override_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @override_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "override requires either a value or a block"
+    end
+  end
+
+  alias :attributes :default_attributes
+  alias :attribute :default
+end

data/lib/chef/resource/chef_node.rb

@@ -0,0 +1,18 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefNode < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_node'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_environment Cheffish.enclosing_environment
+    chef_server Cheffish.enclosing_chef_server
+  end
+
+  Cheffish.node_attributes(self)
+end

data/lib/chef/resource/chef_role.rb

@@ -0,0 +1,104 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/run_list/run_list_item'
+
+class Chef::Resource::ChefRole < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_role'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server Cheffish.enclosing_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :description, :kind_of => String
+  attribute :run_list, :kind_of => Array # We should let them specify it as a series of parameters too
+  attribute :env_run_lists, :kind_of => Hash
+  attribute :default_attributes, :kind_of => Hash
+  attribute :override_attributes, :kind_of => Hash
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  NOT_PASSED=Object.new
+
+  # default_attribute 'ip_address', '127.0.0.1'
+  # default_attribute [ 'pushy', 'port' ], '9000'
+  # default_attribute 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # default_attribute 'ip_address', :delete
+  attr_reader :default_attribute_modifiers
+  def default_attribute(attribute_path, value=NOT_PASSED, &block)
+    @default_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @default_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @default_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "default_attribute requires either a value or a block"
+    end
+  end
+
+  # override_attribute 'ip_address', '127.0.0.1'
+  # override_attribute [ 'pushy', 'port' ], '9000'
+  # override_attribute 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # override_attribute 'ip_address', :delete
+  attr_reader :override_attribute_modifiers
+  def override_attribute(attribute_path, value=NOT_PASSED, &block)
+    @override_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @override_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @override_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "override_attribute requires either a value or a block"
+    end
+  end
+
+  # Order matters--if two things here are in the wrong order, they will be flipped in the run list
+  # recipe 'apache', 'mysql'
+  # recipe 'recipe@version'
+  # recipe 'recipe'
+  # role ''
+  attr_reader :run_list_modifiers
+  attr_reader :run_list_removers
+  def recipe(*recipes)
+    if recipes.size == 0
+      raise ArgumentError, "At least one recipe must be specified"
+    end
+    @run_list_modifiers ||= []
+    @run_list_modifiers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+  end
+  def role(*roles)
+    if roles.size == 0
+      raise ArgumentError, "At least one role must be specified"
+    end
+    @run_list_modifiers ||= []
+    @run_list_modifiers += roles.map { |role| Chef::RunList::RunListItem.new("role[#{role}]") }
+  end
+  def remove_recipe(*recipes)
+    if recipes.size == 0
+      raise ArgumentError, "At least one recipe must be specified"
+    end
+    @run_list_removers ||= []
+    @run_list_removers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+  end
+  def remove_role(*roles)
+    if roles.size == 0
+      raise ArgumentError, "At least one role must be specified"
+    end
+    @run_list_removers ||= []
+    @run_list_removers += roles.map { |recipe| Chef::RunList::RunListItem.new("role[#{role}]") }
+  end
+end