cheffish 0.5 → 0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1ddab480a3b4a6de49b00633583e17cc04d6c90a
-  data.tar.gz: 249421b4118a974b9ae6d100394d9af3c1d45628
+  metadata.gz: 5f9cd98545fd8f6719d7e8ffbfbae5f13cf45126
+  data.tar.gz: 5e9c9755839e5f8af8e5c1c7c194d660928739fd
 SHA512:
-  metadata.gz: c3c48ef29afb2df5f61ceb44efc65011cfe037426948d80a2e80e2061713fbac97cb6ffe3a60cdb9ea41d12fee792faa13a24d81407a9c35462eb6d5940161ad
-  data.tar.gz: 79723d6d54d41ab88ec8a6ec71a7539536910c59a26b2d753ea0aa6f4c365709183d3198d85aaf210a5c40005fc8783c3c16a65df0e67eb8e09ae2ba54a3c2a4
+  metadata.gz: c38963743b1c66de812d573e8d814959fb393c817d0ce8c2a085129c2ae9608daa3cb2333a1ffa835a4c9b167f4407dba1f7097e357ef70827e89a3dc1a20e66
+  data.tar.gz: ec28e151c2ca132970c3674e25fb02cc270eece3731531dedf17676a0611d9b6521e7108d939e3cb35f86dcb22f931706ad08ad47581abf4f07a8392ecfed80e

data/lib/chef/provider/chef_resolved_cookbooks.rb

@@ -0,0 +1,41 @@
+require 'chef/provider/lwrp_base'
+require 'chef_zero'
+
+class Chef::Provider::ChefResolvedCookbooks < Chef::Provider::LWRPBase
+
+  action :resolve do
+    new_resource.cookbooks_from.each do |path|
+      ::Dir.entries(path).each do |name|
+        if ::File.directory?(::File.join(path, name)) && name != '.' && name != '..'
+          new_resource.berksfile.cookbook name, :path => ::File.join(path, name)
+        end
+      end
+    end
+
+    new_resource.berksfile.install
+
+    # Ridley really really wants a key :/
+    if new_resource.chef_server[:options][:signing_key_filename]
+      new_resource.berksfile.upload(
+        :server_url => new_resource.chef_server[:chef_server_url],
+        :client_name => new_resource.chef_server[:options][:client_name],
+        :client_key => new_resource.chef_server[:options][:signing_key_filename])
+    else
+      file = Tempfile.new('privatekey')
+      begin
+        file.write(ChefZero::PRIVATE_KEY)
+        file.close
+
+        new_resource.berksfile.upload(
+          :server_url => new_resource.chef_server[:chef_server_url],
+          :client_name => new_resource.chef_server[:options][:client_name] || 'me',
+          :client_key => file.path)
+
+      ensure
+        file.close
+        file.unlink
+      end
+    end
+  end
+
+end

data/lib/chef/provider/private_key.rb

@@ -13,7 +13,7 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
   end
 
   action :delete do
-    if Array(current_resource.action) == [ :create ]
+    if current_resource.path
       converge_by "delete private key #{new_path}" do
         ::File.unlink(new_path)
       end
@@ -39,7 +39,7 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
       # Create private key from source
       #
       desired_output = encode_private_key(new_source_key)
-      if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_path)
+      if current_resource.path == :none || desired_output != IO.read(new_path)
         converge_by "reformat key at #{new_resource.source_key_path} to #{new_resource.format} private key #{new_path} (#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do
           IO.write(new_path, desired_output)
         end
@@ -49,28 +49,41 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
 
     else
       #
-      # Create private key file
+      # Generate a new key
       #
-      if Array(current_resource.action) == [ :delete ] || regenerate ||
+      if !current_private_key || regenerate ||
         (new_resource.regenerate_if_different &&
           (current_resource.size != new_resource.size ||
            current_resource.type != new_resource.type))
-        action = (Array(current_resource.action) == [ :delete ]) ? "create" : "overwrite"
-        converge_by "#{action} #{new_resource.type} private key #{new_path} (#{new_resource.size} bits#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do
-          case new_resource.type
-          when :rsa
-            if new_resource.exponent
-              final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size, new_resource.exponent)
-            else
-              final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size)
-            end
-          when :dsa
-            final_private_key = OpenSSL::PKey::DSA.generate(new_resource.size)
+
+        case new_resource.type
+        when :rsa
+          if new_resource.exponent
+            final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size, new_resource.exponent)
+          else
+            final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size)
           end
+        when :dsa
+          final_private_key = OpenSSL::PKey::DSA.generate(new_resource.size)
+        end
+
+        generated_key = true
+      else
+        final_private_key = current_private_key
+        generated_key = false
+      end
 
-          if new_path != :none
+      if generated_key
+        generated_description = " (#{new_resource.size} bits#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})"
+
+        if new_path != :none
+          action = current_resource.path == :none ? 'create' : 'overwrite'
+          converge_by "#{action} #{new_resource.type} private key #{new_path}#{generated_description}" do
             write_private_key(final_private_key)
           end
+        else
+          converge_by "generate private key#{generated_description}" do
+          end
         end
       else
         # Warn if existing key has different characteristics than expected
@@ -80,8 +93,6 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
           Chef::Log.warn("Mismatched key type!  #{current_resource.path} is #{current_resource.type}, desired is #{new_resource.type} bytes.  Use action :regenerate to force key regeneration.")
         end
 
-        final_private_key = current_private_key
-
         if current_resource.format != new_resource.format
           converge_by "change format of #{new_resource.type} private key #{new_path} from #{current_resource.format} to #{new_resource.format}" do
             write_private_key(current_private_key)
@@ -145,25 +156,45 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
   attr_reader :current_private_key
 
   def new_path
+    new_key_with_path[1]
+  end
+
+  def new_key_with_path
     path = new_resource.path
     if path.is_a?(Symbol)
-      path
-    elsif Pathname.new(path).relative? && run_context.config[:private_key_write_path]
-      @should_create_directory = true
-      ::File.join(run_context.config[:private_key_write_path], path)
+      return [ nil, path ]
+    elsif Pathname.new(path).relative?
+      private_key, private_key_path = Cheffish.get_private_key_with_path(path, run_context.config)
+      if private_key
+        return [ private_key, (private_key_path || :none) ]
+      elsif run_context.config[:private_key_write_path]
+        @should_create_directory = true
+        path = ::File.join(run_context.config[:private_key_write_path], path)
+        return [ nil, path ]
+      else
+        raise "Could not find key #{path} and Chef::Config.private_key_write_path is not set."
+      end
+    elsif ::File.exist?(path)
+      return [ IO.read(path), path ]
     else
-      path
+      return [ nil, path ]
     end
   end
 
   def load_current_resource
     resource = Chef::Resource::PrivateKey.new(new_resource.name, run_context)
 
+    new_key, new_path = new_key_with_path
     if new_path != :none && ::File.exist?(new_path)
       resource.path new_path
+      @current_file_mode = ::File.stat(new_path).mode
+    else
+      resource.path :none
+    end
 
+    if new_key
       begin
-        key, key_format = Cheffish::KeyFormatter.decode(IO.read(new_path), new_resource.pass_phrase, new_path)
+        key, key_format = Cheffish::KeyFormatter.decode(new_key, new_resource.pass_phrase, new_path)
         if key
           @current_private_key = key
           resource.format key_format[:format]
@@ -173,7 +204,6 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
           resource.pass_phrase key_format[:pass_phrase]
           resource.cipher key_format[:cipher]
         end
-        @current_file_mode = ::File.stat(new_path).mode
       rescue
         # If there's an error reading, we assume format and type are wrong and don't futz with them
       end

data/lib/chef/resource/chef_resolved_cookbooks.rb

@@ -0,0 +1,31 @@
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefResolvedCookbooks < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_resolved_cookbooks'
+
+  actions :resolve, :nothing
+  default_action :resolve
+
+  def initialize(*args)
+    super
+    require 'berkshelf'
+    berksfile Berkshelf::Berksfile.new('/tmp/Berksfile')
+    chef_server run_context.cheffish.current_chef_server
+    @cookbooks_from = []
+  end
+
+  extend Forwardable
+
+  def_delegators :@berksfile, :cookbook, :extension, :group, :metadata, :source
+
+  def cookbooks_from(path = nil)
+    if path
+      @cookbooks_from << path
+    else
+      @cookbooks_from
+    end
+  end
+
+  attribute :berksfile
+  attribute :chef_server
+end

data/lib/cheffish/actor_provider_base.rb

@@ -81,7 +81,13 @@ class Cheffish::ActorProviderBase < Cheffish::ChefProviderBase
           new_resource.source_key
         end
       elsif new_resource.source_key_path
-        source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
+        source_key_path = new_resource.source_key_path
+        if Pathname.new(source_key_path).relative?
+          source_key_str, source_key_path = Cheffish.get_private_key_with_path(source_key_path, run_context.config)
+        else
+          source_key_str = IO.read(source_key_path)
+        end
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(source_key_str, new_resource.source_key_pass_phrase, source_key_path)
         if source_key.private?
           source_key.public_key
         else
@@ -117,4 +123,4 @@ class Cheffish::ActorProviderBase < Cheffish::ChefProviderBase
     end
   end
 
-end
+end

data/lib/cheffish/key_formatter.rb

@@ -4,7 +4,6 @@ require 'etc'
 require 'socket'
 require 'digest/md5'
 require 'base64'
-require 'openssl_pkcs8'
 
 module Cheffish
   class KeyFormatter
@@ -59,6 +58,7 @@ module Cheffish
         if RUBY_VERSION.to_f >= 2.0
           raise "PKCS8 SHA1 not supported in Ruby #{RUBY_VERSION}"
         end
+        require 'openssl_pkcs8'
         pkcs8_pem = key.to_pem_pkcs8
         pkcs8_base64 = pkcs8_pem.split("\n").reject { |l| l =~ /^-----/ }
         pkcs8_data = Base64.decode64(pkcs8_base64.join)

data/lib/cheffish/recipe_dsl.rb

@@ -8,6 +8,26 @@ require 'cheffish/chef_run_listener'
 require 'chef/client'
 require 'chef/config'
 require 'cheffish/merged_config'
+require 'chef/resource/chef_client'
+require 'chef/resource/chef_data_bag'
+require 'chef/resource/chef_data_bag_item'
+require 'chef/resource/chef_environment'
+require 'chef/resource/chef_node'
+require 'chef/resource/chef_resolved_cookbooks'
+require 'chef/resource/chef_role'
+require 'chef/resource/chef_user'
+require 'chef/resource/private_key'
+require 'chef/resource/public_key'
+require 'chef/provider/chef_client'
+require 'chef/provider/chef_data_bag'
+require 'chef/provider/chef_data_bag_item'
+require 'chef/provider/chef_environment'
+require 'chef/provider/chef_node'
+require 'chef/provider/chef_resolved_cookbooks'
+require 'chef/provider/chef_role'
+require 'chef/provider/chef_user'
+require 'chef/provider/private_key'
+require 'chef/provider/public_key'
 
 class Chef
   module DSL
@@ -67,6 +87,10 @@ class Chef
 
         with_chef_server(chef_zero_server.url, &block)
       end
+
+      def get_private_key(name)
+        Cheffish.get_private_key(name, run_context.config)
+      end
     end
   end
 

data/lib/cheffish/version.rb

@@ -1,3 +1,3 @@
 module Cheffish
-  VERSION = '0.5'
+  VERSION = '0.6'
 end

data/lib/cheffish.rb

@@ -74,12 +74,16 @@ module Cheffish
     end
   end
 
-  def self.get_private_key(name, config = profiled_chef_config)
+  def self.get_private_key(name, config = profiled_config)
+    get_private_key_with_path(name, config)[0]
+  end
+
+  def self.get_private_key_with_path(name, config = profiled_config)
     if config[:private_keys] && config[:private_keys][name]
       if config[:private_keys][name].is_a?(String)
-        IO.read(config[:private_keys][name])
+        return [ IO.read(config[:private_keys][name]), config[:private_keys][name] ]
       else
-        config[:private_keys][name].to_pem
+        return [ config[:private_keys][name].to_pem, nil ]
       end
     elsif config[:private_key_paths]
       config[:private_key_paths].each do |private_key_path|
@@ -88,12 +92,13 @@ module Cheffish
           if ext == '' || ext == '.pem'
             key_name = key[0..-(ext.length+1)]
             if key_name == name
-              return IO.read("#{private_key_path}/#{key}")
+              return [ IO.read("#{private_key_path}/#{key}"), "#{private_key_path}/#{key}" ]
             end
           end
         end
       end
     end
+    nil
   end
 
   NOT_PASSED=Object.new
@@ -207,21 +212,3 @@ end
 # Include all recipe objects so require 'cheffish' brings in the whole recipe DSL
 
 require 'cheffish/recipe_dsl'
-require 'chef/resource/chef_client'
-require 'chef/resource/chef_data_bag'
-require 'chef/resource/chef_data_bag_item'
-require 'chef/resource/chef_environment'
-require 'chef/resource/chef_node'
-require 'chef/resource/chef_role'
-require 'chef/resource/chef_user'
-require 'chef/resource/private_key'
-require 'chef/resource/public_key'
-require 'chef/provider/chef_client'
-require 'chef/provider/chef_data_bag'
-require 'chef/provider/chef_data_bag_item'
-require 'chef/provider/chef_environment'
-require 'chef/provider/chef_node'
-require 'chef/provider/chef_role'
-require 'chef/provider/chef_user'
-require 'chef/provider/private_key'
-require 'chef/provider/public_key'

data/spec/integration/chef_client_spec.rb

@@ -9,7 +9,7 @@ describe Chef::Resource::ChefClient do
   extend SpecSupport
 
   when_the_chef_server 'is empty' do
-    context 'and we have a private key' do
+    context 'and we have a private key with a path' do
       with_recipe do
         private_key "#{repo_path}/blah.pem"
       end
@@ -44,5 +44,33 @@ describe Chef::Resource::ChefClient do
         end
       end
     end
+
+    context "and a private_key 'blah' resource" do
+      before :each do
+        Chef::Config.private_key_paths = [ repo_path ]
+      end
+
+      with_recipe do
+        private_key 'blah'
+      end
+
+      context "and a chef_client 'foobar' resource with source_key_path 'blah'" do
+        with_converge do
+          chef_client 'foobar' do
+            source_key_path 'blah'
+          end
+        end
+
+        it 'the client is accessible via the given private key' do
+          chef_run.should have_updated 'chef_client[foobar]', :create
+          client = get('/clients/foobar')
+          key, format = Cheffish::KeyFormatter.decode(client['public_key'])
+          key.should be_public_key_for("#{repo_path}/blah.pem")
+
+          private_key = Cheffish::KeyFormatter.decode(Cheffish.get_private_key('blah'))
+          key.should be_public_key_for(private_key)
+        end
+      end
+    end
   end
 end

data/spec/integration/private_key_spec.rb

@@ -27,6 +27,41 @@ describe Chef::Resource::PrivateKey do
     end
   end
 
+  context 'with a private_key "blah" resource' do
+    before :each do
+      Dir.mkdir("#{repo_path}/other_keys")
+      Chef::Config.private_key_paths = [ repo_path, "#{repo_path}/other_keys" ]
+    end
+
+    with_recipe do
+      private_key 'blah'
+    end
+
+    it 'the private key is created in the private_key_write_path' do
+      chef_run.should have_updated "private_key[blah]", :create
+      Chef::Config.private_key_write_path.should == repo_path
+      File.exist?("#{repo_path}/blah").should be_true
+      File.exist?("#{repo_path}/other_keys/blah").should be_false
+      OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).kind_of?(OpenSSL::PKey::RSA).should be_true
+      OpenSSL::PKey.read(Cheffish.get_private_key('blah')).kind_of?(OpenSSL::PKey::RSA).should be_true
+    end
+
+    context 'and the private key already exists somewhere not in the write path' do
+      before :each do
+        Cheffish::BasicChefClient.converge_block do
+          private_key "#{repo_path}/other_keys/blah"
+        end
+      end
+
+      it 'the private key should not update' do
+        chef_run.should_not have_updated "private_key[blah]", :create
+
+        File.exist?("#{repo_path}/blah").should be_false
+        File.exist?("#{repo_path}/other_keys/blah").should be_true
+      end
+    end
+  end
+
   context 'with a private key' do
     before :each do
       Cheffish::BasicChefClient.converge_block do

data/spec/support/spec_support.rb

@@ -99,6 +99,16 @@ RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
     end
     result
   end
+  failure_message_for_should_not do |actual|
+    updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
+    result = "expected that the chef_run would not #{expected_actions.join(',')} #{resource_name}."
+    if updates.size > 0
+      result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
+    else
+      result << " Nothing was updated."
+    end
+    result
+  end
 end
 
 RSpec.configure do |config|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cheffish
 version: !ruby/object:Gem::Version
-  version: '0.5'
+  version: '0.6'
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-04 00:00:00.000000000 Z
+date: 2014-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -24,20 +24,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: openssl_pkcs8
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -82,6 +68,7 @@ files:
 - lib/chef/provider/chef_data_bag_item.rb
 - lib/chef/provider/chef_environment.rb
 - lib/chef/provider/chef_node.rb
+- lib/chef/provider/chef_resolved_cookbooks.rb
 - lib/chef/provider/chef_role.rb
 - lib/chef/provider/chef_user.rb
 - lib/chef/provider/private_key.rb
@@ -91,6 +78,7 @@ files:
 - lib/chef/resource/chef_data_bag_item.rb
 - lib/chef/resource/chef_environment.rb
 - lib/chef/resource/chef_node.rb
+- lib/chef/resource/chef_resolved_cookbooks.rb
 - lib/chef/resource/chef_role.rb
 - lib/chef/resource/chef_user.rb
 - lib/chef/resource/in_parallel.rb