cheffish 0.7.1 → 0.8

data/lib/chef/provider/chef_mirror.rb

@@ -0,0 +1,138 @@
+require 'chef/provider/lwrp_base'
+require 'chef/chef_fs/file_pattern'
+require 'chef/chef_fs/file_system'
+require 'chef/chef_fs/parallelizer'
+require 'chef/chef_fs/file_system/chef_server_root_dir'
+require 'chef/chef_fs/file_system/chef_repository_file_system_root_dir'
+
+class Chef::Provider::ChefMirror < Chef::Provider::LWRPBase
+
+  def whyrun_supported?
+    true
+  end
+
+  action :upload do
+    copy_to(local_fs, remote_fs)
+  end
+
+  action :download do
+    copy_to(remote_fs, local_fs)
+  end
+
+  def copy_to(src_root, dest_root)
+    if new_resource.concurrency && new_resource.concurrency <= 0
+      raise "chef_mirror.concurrency must be above 0!  Was set to #{new_resource.concurrency}"
+    end
+    # Honor concurrency
+    Chef::ChefFS::Parallelizer.threads = (new_resource.concurrency || 10) - 1
+
+    # We don't let the user pass absolute paths; we want to reserve those for
+    # multi-org support (/organizations/foo).
+    if new_resource.path[0] == '/'
+      raise "Absolute paths in chef_mirror not yet supported."
+    end
+    # Copy!
+    path = Chef::ChefFS::FilePattern.new("/#{new_resource.path}")
+    ui = CopyListener.new(self)
+    error = Chef::ChefFS::FileSystem.copy_to(path, src_root, dest_root, nil, options, ui, proc { |p| p.path })
+
+    if error
+      raise "Errors while copying:#{ui.errors.map { |e| "#{e}\n" }.join('')}"
+    end
+  end
+
+  def local_fs
+    # If chef_repo_path is set to a string, put it in the form it usually is in
+    # chef config (:chef_repo_path, :node_path, etc.)
+    path_config = new_resource.chef_repo_path
+    if path_config.is_a?(Hash)
+      chef_repo_path = path_config.delete(:chef_repo_path)
+    elsif path_config
+      chef_repo_path = path_config
+      path_config = {}
+    else
+      chef_repo_path = Chef::Config.chef_repo_path
+      path_config = Chef::Config
+    end
+    chef_repo_path = Array(chef_repo_path).flatten
+
+    # Go through the expected object paths and figure out the local paths for each.
+    case repo_mode
+    when 'hosted_everything'
+      object_names = %w(acls clients cookbooks containers data_bags environments groups nodes roles)
+    else
+      object_names = %w(clients cookbooks data_bags environments nodes roles users)
+    end
+
+    object_paths = {}
+    object_names.each do |object_name|
+      variable_name = "#{object_name[0..-2]}_path" # cookbooks -> cookbook_path
+      if path_config[variable_name.to_sym]
+        paths = Array(path_config[variable_name.to_sym]).flatten
+      else
+        paths = chef_repo_path.map { |path| ::File.join(path, object_name) }
+      end
+      object_paths[object_name] = paths.map { |path| ::File.expand_path(path) }
+    end
+
+    # Set up the root dir
+    Chef::ChefFS::FileSystem::ChefRepositoryFileSystemRootDir.new(object_paths)
+  end
+
+  def remote_fs
+    config = {
+      :chef_server_url => new_resource.chef_server[:chef_server_url],
+      :node_name => new_resource.chef_server[:options][:client_name],
+      :client_key => new_resource.chef_server[:options][:client_key],
+      :repo_mode => repo_mode
+    }
+    Chef::ChefFS::FileSystem::ChefServerRootDir.new("remote", config)
+  end
+
+  def repo_mode
+    new_resource.chef_server[:chef_server_url] =~ /\/organizations\// ? 'hosted_everything' : 'everything'
+  end
+
+  def options
+    result = {
+      :purge => new_resource.purge,
+      :freeze => new_resource.freeze,
+      :diff => new_resource.no_diff,
+      :dry_run => whyrun_mode?
+    }
+    result[:diff] = !result[:diff]
+    result[:repo_mode] = repo_mode
+    result[:concurrency] = new_resource.concurrency if new_resource.concurrency
+    result
+  end
+
+  def load_current_resource
+  end
+
+  class CopyListener
+    def initialize(mirror)
+      @mirror = mirror
+      @errors = []
+    end
+
+    attr_reader :mirror
+    attr_reader :errors
+
+    # TODO output is not *always* indicative of a change.  We may want to give
+    # ChefFS the ability to tell us that info.  For now though, assuming any output
+    # means change is pretty damn close to the truth.
+    def output(str)
+      mirror.converge_by str do
+      end
+    end
+    def warn(str)
+      mirror.converge_by "WARNING: #{str}" do
+      end
+    end
+    def error(str)
+      mirror.converge_by "ERROR: #{str}" do
+      end
+      @errors << str
+    end
+  end
+end

data/lib/chef/provider/chef_organization.rb

@@ -0,0 +1,150 @@
+require 'cheffish/chef_provider_base'
+require 'chef/resource/chef_organization'
+require 'chef/chef_fs/data_handler/data_handler_base'
+
+class Chef::Provider::ChefOrganization < Cheffish::ChefProviderBase
+
+  def whyrun_supported?
+    true
+  end
+
+  action :create do
+    differences = json_differences(current_json, new_json)
+
+    if current_resource_exists?
+      if differences.size > 0
+        description = [ "update organization #{new_resource.name} at #{rest.url}" ] + differences
+        converge_by description do
+          rest.put("#{rest.root_url}/organizations/#{new_resource.name}", normalize_for_put(new_json))
+        end
+      end
+    else
+      description = [ "create organization #{new_resource.name} at #{rest.url}" ] + differences
+      converge_by description do
+        rest.post("#{rest.root_url}/organizations", normalize_for_post(new_json))
+      end
+    end
+
+    # Revoke invites and memberships when asked
+    invites_to_remove.each do |user|
+      if outstanding_invites.has_key?(user)
+        converge_by "revoke #{user}'s invitation to organization #{new_resource.name}" do
+          rest.delete("#{rest.root_url}/organizations/#{new_resource.name}/association_requests/#{outstanding_invites[user]}")
+        end
+      end
+    end
+    members_to_remove.each do |user|
+      if existing_members.include?(user)
+        converge_by "remove #{user} from organization #{new_resource.name}" do
+          rest.delete("#{rest.root_url}/organizations/#{new_resource.name}/users/#{user}")
+        end
+      end
+    end
+
+    # Invite and add members when asked
+    new_resource.invites.each do |user|
+      if !existing_members.include?(user) && !outstanding_invites.has_key?(user)
+        converge_by "invite #{user} to organization #{new_resource.name}" do
+          rest.post("#{rest.root_url}/organizations/#{new_resource.name}/association_requests", { 'user' => user })
+        end
+      end
+    end
+    new_resource.members.each do |user|
+      if !existing_members.include?(user)
+        converge_by "Add #{user} to organization #{new_resource.name}" do
+          rest.post("#{rest.root_url}/organizations/#{new_resource.name}/users/#{user}", {})
+        end
+      end
+    end
+  end
+
+  def existing_members
+    @existing_members ||= rest.get("#{rest.root_url}/organizations/#{new_resource.name}/users").map { |u| u['user']['username'] }
+  end
+
+  def outstanding_invites
+    @outstanding_invites ||= begin
+      invites = {}
+      rest.get("#{rest.root_url}/organizations/#{new_resource.name}/association_requests").each do |r|
+        invites[r['username']] = r['id']
+      end
+      invites
+    end
+  end
+
+  def invites_to_remove
+    if new_resource.complete
+      if new_resource.invites_specified? || new_resource.members_specified?
+        outstanding_invites.keys - (new_resource.invites | new_resource.members)
+      else
+        []
+      end
+    else
+      new_resource.remove_members
+    end
+  end
+
+  def members_to_remove
+    if new_resource.complete
+      if new_resource.members_specified?
+        existing_members - (new_resource.invites | new_resource.members)
+      else
+        []
+      end
+    else
+      new_resource.remove_members
+    end
+  end
+
+  action :delete do
+    if current_resource_exists?
+      converge_by "delete organization #{new_resource.name} at #{rest.url}" do
+        rest.delete("#{rest.root_url}/organizations/#{new_resource.name}")
+      end
+    end
+  end
+
+  def load_current_resource
+    begin
+      @current_resource = json_to_resource(rest.get("#{rest.root_url}/organizations/#{new_resource.name}"))
+    rescue Net::HTTPServerException => e
+      if e.response.code == "404"
+        @current_resource = not_found_resource
+      else
+        raise
+      end
+    end
+  end
+
+  #
+  # Helpers
+  #
+
+  def resource_class
+    Chef::Resource::ChefOrganization
+  end
+
+  def data_handler
+    OrganizationDataHandler.new
+  end
+
+  def keys
+    {
+      'name' => :name,
+      'full_name' => :full_name
+    }
+  end
+
+  class OrganizationDataHandler < Chef::ChefFS::DataHandler::DataHandlerBase
+    def normalize(organization, entry)
+      # Normalize the order of the keys for easier reading
+      normalize_hash(organization, {
+        'name' => remove_dot_json(entry.name),
+        'full_name' => remove_dot_json(entry.name),
+        'org_type' => 'Business',
+        'clientname' => "#{remove_dot_json(entry.name)}-validator",
+        'billing_plan' => 'platform-free'
+      })
+    end
+  end
+end

data/lib/chef/provider/chef_user.rb

@@ -25,6 +25,10 @@ class Chef::Provider::ChefUser < Cheffish::ActorProviderBase
     'user'
   end
 
+  def actor_path
+    "#{rest.root_url}/users"
+  end
+
   def resource_class
     Chef::Resource::ChefUser
   end
@@ -36,6 +40,7 @@ class Chef::Provider::ChefUser < Cheffish::ActorProviderBase
   def keys
     {
       'name' => :name,
+      'username' => :name,
       'admin' => :admin,
       'email' => :email,
       'password' => :password,
@@ -45,4 +50,4 @@ class Chef::Provider::ChefUser < Cheffish::ActorProviderBase
     }
   end
 
-end
+end

data/lib/chef/provider/public_key.rb

@@ -3,7 +3,6 @@ require 'openssl'
 require 'cheffish/key_formatter'
 
 class Chef::Provider::PublicKey < Chef::Provider::LWRPBase
-
   action :create do
     if !new_source_key
       raise "No source key specified"

data/lib/chef/resource/chef_acl.rb

@@ -1,11 +1,10 @@
 require 'cheffish'
 require 'chef/resource/lwrp_base'
-require 'chef/environment'
 
 class Chef::Resource::ChefAcl < Chef::Resource::LWRPBase
   self.resource_name = 'chef_acl'
 
-  actions :create, :delete, :nothing
+  actions :create, :nothing
   default_action :create
 
   def initialize(*args)
@@ -13,59 +12,54 @@ class Chef::Resource::ChefAcl < Chef::Resource::LWRPBase
     chef_server run_context.cheffish.current_chef_server
   end
 
-  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
-  attribute :description, :kind_of => String
-  attribute :cookbook_versions, :kind_of => Hash, :callbacks => {
-    "should have valid cookbook versions" => lambda { |value| Chef::Environment.validate_cookbook_versions(value) }
-  }
-  attribute :default_attributes, :kind_of => Hash
-  attribute :override_attributes, :kind_of => Hash
+  # Path of the thing being secured, e.g. nodes, nodes/*, nodes/mynode,
+  # */*, **, roles/base, data/secrets, cookbooks/apache2, /users/*,
+  # /organizations/foo/nodes/x
+  attribute :path, :kind_of => String, :name_attribute => true
 
-  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
-  # reset to their defaults)
+  # Whether to change things recursively.  true means it will descend all children
+  # and make the same modifications to them.  :on_change will only descend if
+  # the parent has changed.  :on_change is the default.
+  attribute :recursive, :equal_to => [ true, false, :on_change ], :default => :on_change
+
+  # Specifies that this is a complete specification for the acl (i.e. rights
+  # you don't specify will be reset to their defaults)
   attribute :complete, :kind_of => [TrueClass, FalseClass]
 
   attribute :raw_json, :kind_of => Hash
   attribute :chef_server, :kind_of => Hash
 
-  NOT_PASSED=Object.new
-
-  # default 'ip_address', '127.0.0.1'
-  # default [ 'pushy', 'port' ], '9000'
-  # default 'ip_addresses' do |existing_value|
-  #   (existing_value || []) + [ '127.0.0.1' ]
-  # end
-  # default 'ip_address', :delete
-  attr_reader :default_attribute_modifiers
-  def default(attribute_path, value=NOT_PASSED, &block)
-    @default_attribute_modifiers ||= []
-    if value != NOT_PASSED
-      @default_attribute_modifiers << [ attribute_path, value ]
-    elsif block
-      @default_attribute_modifiers << [ attribute_path, block ]
+  # rights :read, :users => 'jkeiser', :groups => [ 'admins', 'users' ]
+  # rights [ :create, :read ], :users => [ 'jkeiser', 'adam' ]
+  # rights :all, :users => 'jkeiser'
+  def rights(*values)
+    if values.size == 0
+      @rights
     else
-      raise "default requires either a value or a block"
+      args = values.pop
+      args[:permissions] ||= []
+      values.each do |value|
+        args[:permissions] |= Array(value)
+      end
+      @rights ||= []
+      @rights << args
     end
   end
 
-  # override 'ip_address', '127.0.0.1'
-  # override [ 'pushy', 'port' ], '9000'
-  # override 'ip_addresses' do |existing_value|
-  #   (existing_value || []) + [ '127.0.0.1' ]
-  # end
-  # override 'ip_address', :delete
-  attr_reader :override_attribute_modifiers
-  def override(attribute_path, value=NOT_PASSED, &block)
-    @override_attribute_modifiers ||= []
-    if value != NOT_PASSED
-      @override_attribute_modifiers << [ attribute_path, value ]
-    elsif block
-      @override_attribute_modifiers << [ attribute_path, block ]
+  # remove_rights :read, :users => 'jkeiser', :groups => [ 'admins', 'users' ]
+  # remove_rights [ :create, :read ], :users => [ 'jkeiser', 'adam' ]
+  # remove_rights :all, :users => [ 'jkeiser', 'adam' ]
+  def remove_rights(*values)
+    if values.size == 0
+      @remove_rights
     else
-      raise "override requires either a value or a block"
+      args = values.pop
+      args[:permissions] ||= []
+      values.each do |value|
+        args[:permissions] |= Array(value)
+      end
+      @remove_rights ||= []
+      @remove_rights << args
     end
   end
-
-  alias :attributes :default_attributes
-  alias :attribute :default
 end

data/lib/chef/resource/chef_container.rb

@@ -0,0 +1,18 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefContainer < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_container'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_group.rb

@@ -0,0 +1,49 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/run_list/run_list_item'
+
+class Chef::Resource::ChefGroup < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_group'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+    @users = []
+    @clients = []
+    @groups = []
+    @remove_users = []
+    @remove_clients = []
+    @remove_groups = []
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  def users(*users)
+    users.size == 0 ? @users : (@users |= users.flatten)
+  end
+  def clients(*clients)
+    clients.size == 0 ? @clients : (@clients |= clients.flatten)
+  end
+  def groups(*groups)
+    groups.size == 0 ? @groups : (@groups |= groups.flatten)
+  end
+  def remove_users(*remove_users)
+    remove_users.size == 0 ? @remove_users : (@remove_users |= remove_users.flatten)
+  end
+  def remove_clients(*remove_clients)
+    remove_clients.size == 0 ? @remove_clients : (@remove_clients |= remove_clients.flatten)
+  end
+  def remove_groups(*remove_groups)
+    remove_groups.size == 0 ? @remove_groups : (@remove_groups |= remove_groups.flatten)
+  end
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_mirror.rb

@@ -0,0 +1,47 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefMirror < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_mirror'
+
+  actions :upload, :download, :nothing
+  default_action :nothing
+
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  # Path of the data to mirror, e.g. nodes, nodes/*, nodes/mynode,
+  # */*, **, roles/base, data/secrets, cookbooks/apache2, etc.
+  attribute :path, :kind_of => String, :name_attribute => true
+
+  # Local path.  Can be a string (top level of repository) or hash
+  # (:chef_repo_path, :node_path, etc.)
+  # If neither chef_repo_path nor versioned_cookbooks are set, they default to their
+  # Chef::Config values.  If chef_repo_path is set but versioned_cookbooks is not,
+  # versioned_cookbooks defaults to true.
+  attribute :chef_repo_path, :kind_of => [ String, Hash ]
+
+  # Whether the repo path contains / should contain cookbooks with versioned names,
+  # i.e. cookbooks/mysql-1.0.0, cookbooks/mysql-1.2.0, etc.
+  attribute :versioned_cookbooks, :kind_of => [ TrueClass, FalseClass ]
+
+  # Chef server
+  attribute :chef_server, :kind_of => Hash
+
+  # Whether to purge deleted things: if we do not have cookbooks/x locally and we
+  # *do* have cookbooks/x remotely, then :upload with purge will delete it.
+  # Defaults to false.
+  attribute :purge, :kind_of => [ TrueClass, FalseClass ]
+
+  # Whether to freeze cookbooks on upload
+  attribute :freeze, :kind_of => [ TrueClass, FalseClass ]
+
+  # If this is true, only new files will be copied.  File contents will not be
+  # diffed, so changed files will never be uploaded.
+  attribute :no_diff, :kind_of => [ TrueClass, FalseClass ]
+
+  # Number of parallel threads to list/upload/download with.  Defaults to 10.
+  attribute :concurrency, :kind_of => Integer
+end

data/lib/chef/resource/chef_organization.rb

@@ -0,0 +1,64 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/run_list/run_list_item'
+
+class Chef::Resource::ChefOrganization < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_organization'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+    @invites = nil
+    @members = nil
+    @remove_members = []
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :full_name, :kind_of => String
+
+  # A list of users who must at least be invited to the org (but may already be
+  # members).  Invites will be sent to users who are not already invited/in the org.
+  def invites(*users)
+    if users.size == 0
+      @invites || []
+    else
+      @invites ||= []
+      @invites |= users.flatten
+    end
+  end
+
+  def invites_specified?
+    !!@invites
+  end
+
+  # A list of users who must be members of the org.  This will use the new Chef 12
+  # POST /organizations/ORG/users/NAME endpoint to add them directly to the org.
+  # If you do not have permission to perform this operation, and the users are not
+  # a part of the org, the resource update will fail.
+  def members(*users)
+    if users.size == 0
+      @members || []
+    else
+      @members ||= []
+      @members |= users.flatten
+    end
+  end
+
+  def members_specified?
+    !!@members
+  end
+
+  # A list of users who must not be members of the org.  These users will be removed
+  # from the org and invites will be revoked (if any).
+  def remove_members(*users)
+    users.size == 0 ? @remove_members : (@remove_members |= users.flatten)
+  end
+
+  attribute :complete, :kind_of => [ TrueClass, FalseClass ]
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/private_key.rb

@@ -36,4 +36,9 @@ class Chef::Resource::PrivateKey < Chef::Resource::LWRPBase
   def after(&block)
     block ? @after = block : @after
   end
-end
+
+  # We are not interested in Chef's cloning behavior here.
+  def load_prior_resource
+    Chef::Log.debug("Overloading #{resource_name}.load_prior_resource with NOOP")
+  end
+end

data/lib/chef/resource/public_key.rb

@@ -13,4 +13,9 @@ class Chef::Resource::PublicKey < Chef::Resource::LWRPBase
   attribute :source_key
   attribute :source_key_path, :kind_of => String
   attribute :source_key_pass_phrase
+
+  # We are not interested in Chef's cloning behavior here.
+  def load_prior_resource
+    Chef::Log.debug("Overloading #{resource_name}.load_prior_resource with NOOP")
+  end
 end