cheffish 1.6.0 → 2.0.0

data/lib/chef/resource/public_key.rb

@@ -1,25 +1,104 @@
 require 'openssl/cipher'
-require 'chef/resource/lwrp_base'
+require 'cheffish/base_resource'
+require 'openssl'
+require 'cheffish/key_formatter'
 
 class Chef
   class Resource
-    class PublicKey < Chef::Resource::LWRPBase
-      self.resource_name = 'public_key'
+    class PublicKey < Cheffish::BaseResource
+      resource_name :public_key
 
-      actions :create, :delete, :nothing
+      allowed_actions :create, :delete, :nothing
       default_action :create
 
-      attribute :path, :kind_of => String, :name_attribute => true
-      attribute :format, :kind_of => Symbol, :default => :openssh, :equal_to => [ :pem, :der, :openssh ]
+      property :path, String, name_property: true
+      property :format, [ :pem, :der, :openssh ], default: :openssh
 
-      attribute :source_key
-      attribute :source_key_path, :kind_of => String
-      attribute :source_key_pass_phrase
+      property :source_key
+      property :source_key_path, String
+      property :source_key_pass_phrase
 
       # We are not interested in Chef's cloning behavior here.
       def load_prior_resource(*args)
         Chef::Log.debug("Overloading #{resource_name}.load_prior_resource with NOOP")
       end
+
+
+      action :create do
+        if !new_source_key
+          raise "No source key specified"
+        end
+        desired_output = encode_public_key(new_source_key)
+        if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path)
+          converge_by "write #{new_resource.format} public key #{new_resource.path} from #{new_source_key_publicity} key #{new_resource.source_key_path}" do
+            IO.write(new_resource.path, desired_output)
+            # TODO permissions on file?
+          end
+        end
+      end
+
+      action :delete do
+        if Array(current_resource.action) == [ :create ]
+          converge_by "delete public key #{new_resource.path}" do
+            ::File.unlink(new_resource.path)
+          end
+        end
+      end
+
+      action_class.class_eval do
+        def encode_public_key(key)
+          key_format = {}
+          key_format[:format] = new_resource.format if new_resource.format
+          Cheffish::KeyFormatter.encode(key, key_format)
+        end
+
+        attr_reader :current_public_key
+        attr_reader :new_source_key_publicity
+
+        def new_source_key
+          @new_source_key ||= begin
+            if new_resource.source_key.is_a?(String)
+              source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
+            elsif new_resource.source_key
+              source_key = new_resource.source_key
+            elsif new_resource.source_key_path
+              source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
+            else
+              return nil
+            end
+
+            if source_key.private?
+              @new_source_key_publicity = 'private'
+              source_key.public_key
+            else
+              @new_source_key_publicity = 'public'
+              source_key
+            end
+          end
+        end
+
+        def load_current_resource
+          if ::File.exist?(new_resource.path)
+            resource = Chef::Resource::PublicKey.new(new_resource.path, run_context)
+            begin
+              key, key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.path), nil, new_resource.path)
+              if key
+                @current_public_key = key
+                resource.format key_format[:format]
+              end
+            rescue
+              # If there is an error reading we assume format and such is broken
+            end
+
+            @current_resource = resource
+          else
+            not_found_resource = Chef::Resource::PublicKey.new(new_resource.path, run_context)
+            not_found_resource.action :delete
+            @current_resource = not_found_resource
+          end
+        end
+      end
+
     end
   end
 end

data/lib/cheffish/array_property.rb

@@ -0,0 +1,29 @@
+require 'chef_compat/property'
+
+module Cheffish
+  # A typical array property. Defaults to [], accepts multiple args to setter, accumulates values.
+  class ArrayProperty < ChefCompat::Property
+    def initialize(**options)
+      options[:is] ||= Array
+      options[:default] ||= []
+      options[:coerce] ||= proc { |v| v.is_a?(Array) ? v : [ v ] }
+      super
+    end
+
+    # Support my_property 'a', 'b', 'c'; my_property 'a'; and my_property ['a', 'b']
+    def emit_dsl
+      declared_in.class_eval(<<-EOM, __FILE__, __LINE__+1)
+        def #{name}(*values)
+          property = self.class.properties[#{name.inspect}]
+          if values.empty?
+            property.get(self)
+          elsif property.is_set?(self)
+            property.set(self, property.get(self) + values.flatten)
+          else
+            property.set(self, values.flatten)
+          end
+        end
+      EOM
+    end
+  end
+end

data/lib/cheffish/base_resource.rb

@@ -0,0 +1,254 @@
+require 'chef_compat/resource'
+require 'cheffish/array_property'
+
+module Cheffish
+  class BaseResource < ChefCompat::Resource
+    def initialize(*args)
+      super
+      chef_server run_context.cheffish.current_chef_server
+    end
+
+    Boolean = property_type(is: [ true, false ])
+    ArrayType = ArrayProperty.new
+
+    property :chef_server, Hash
+    property :raw_json, Hash
+    property :complete, Boolean
+
+    declare_action_class.class_eval do
+      def rest
+        @rest ||= Cheffish.chef_server_api(new_resource.chef_server)
+      end
+
+      def current_resource_exists?
+        Array(current_resource.action) != [ :delete ]
+      end
+
+      def not_found_resource
+        resource = resource_class.new(new_resource.name, run_context)
+        resource.action :delete
+        resource
+      end
+
+      def normalize_for_put(json)
+        data_handler.normalize_for_put(json, fake_entry)
+      end
+
+      def normalize_for_post(json)
+        data_handler.normalize_for_post(json, fake_entry)
+      end
+
+      def new_json
+        @new_json ||= begin
+          if new_resource.complete
+            result = normalize(resource_to_json(new_resource))
+          else
+            # If the resource is incomplete, we use the current json to fill any holes
+            result = current_json.merge(resource_to_json(new_resource))
+          end
+          augment_new_json(result)
+        end
+      end
+
+      # Meant to be overridden
+      def augment_new_json(json)
+        json
+      end
+
+      def current_json
+        @current_json ||= begin
+          result = normalize(resource_to_json(current_resource))
+          result = augment_current_json(result)
+          result
+        end
+      end
+
+      # Meant to be overridden
+      def augment_current_json(json)
+        json
+      end
+
+      def resource_to_json(resource)
+        json = resource.raw_json || {}
+        keys.each do |json_key, resource_key|
+          value = resource.send(resource_key)
+          # This takes care of Chef ImmutableMash and ImmutableArray
+          value = value.to_hash if value.is_a?(Hash)
+          value = value.to_a if value.is_a?(Array)
+          json[json_key] = value if value
+        end
+        json
+      end
+
+      def json_to_resource(json)
+        resource = resource_class.new(new_resource.name, run_context)
+        keys.each do |json_key, resource_key|
+          resource.send(resource_key, json.delete(json_key))
+        end
+        # Set the leftover to raw_json
+        resource.raw_json json
+        resource
+      end
+
+      def normalize(json)
+        data_handler.normalize(json, fake_entry)
+      end
+
+      def json_differences(old_json, new_json, print_values=true, name = '', result = nil)
+        result ||= []
+        json_differences_internal(old_json, new_json, print_values, name, result)
+        result
+      end
+
+      def json_differences_internal(old_json, new_json, print_values, name, result)
+        if old_json.kind_of?(Hash) && new_json.kind_of?(Hash)
+          removed_keys = old_json.keys.inject({}) { |hash, key| hash[key] = true; hash }
+          new_json.each_pair do |new_key, new_value|
+            if old_json.has_key?(new_key)
+              removed_keys.delete(new_key)
+              if new_value != old_json[new_key]
+                json_differences_internal(old_json[new_key], new_value, print_values, name == '' ? new_key : "#{name}.#{new_key}", result)
+              end
+            else
+              if print_values
+                result << "  add #{name == '' ? new_key : "#{name}.#{new_key}"} = #{new_value.inspect}"
+              else
+                result << "  add #{name == '' ? new_key : "#{name}.#{new_key}"}"
+              end
+            end
+          end
+          removed_keys.keys.each do |removed_key|
+            result << "  remove #{name == '' ? removed_key : "#{name}.#{removed_key}"}"
+          end
+        else
+          old_json = old_json.to_s if old_json.kind_of?(Symbol)
+          new_json = new_json.to_s if new_json.kind_of?(Symbol)
+          if old_json != new_json
+            if print_values
+              result << "  update #{name} from #{old_json.inspect} to #{new_json.inspect}"
+            else
+              result << "  update #{name}"
+            end
+          end
+        end
+      end
+
+      def apply_modifiers(modifiers, json)
+        return json if !modifiers || modifiers.size == 0
+
+        # If the attributes have nothing, set them to {} so we have something to add to
+        if json
+          json = Marshal.load(Marshal.dump(json)) # Deep copy
+        else
+          json = {}
+        end
+
+        modifiers.each do |path, value|
+          path = [path] if !path.kind_of?(Array)
+          path = path.map { |path_part| path_part.to_s }
+          parent = 0.upto(path.size-2).inject(json) do |hash, index|
+            if hash.nil?
+              nil
+            elsif !hash.is_a?(Hash)
+              raise "Attempt to set #{path} to #{value} when #{path[0..index-1]} is not a hash"
+            else
+              hash[path[index]]
+            end
+          end
+          if !parent.nil? && !parent.is_a?(Hash)
+            raise "Attempt to set #{path} to #{value} when #{path[0..-2]} is not a hash"
+          end
+          existing_value = parent ? parent[path[-1]] : nil
+
+          if value.is_a?(Proc)
+            value = value.call(existing_value)
+          end
+          if value == :delete
+            parent.delete(path[-1]) if parent
+          else
+            # Create parent if necessary, overwriting values
+            parent = path[0..-2].inject(json) do |hash, path_part|
+              hash[path_part] = {} if !hash[path_part]
+              hash[path_part]
+            end
+            if path.size > 0
+              parent[path[-1]] = value
+            else
+              json = value
+            end
+          end
+        end
+        json
+      end
+
+      def apply_run_list_modifiers(add_to_run_list, delete_from_run_list, run_list)
+        return run_list if (!add_to_run_list || add_to_run_list.size == 0) && (!delete_from_run_list || !delete_from_run_list.size)
+        delete_from_run_list ||= []
+        add_to_run_list ||= []
+
+        run_list = Chef::RunList.new(*run_list)
+
+        result = []
+        add_to_run_list_index = 0
+        run_list_index = 0
+        while run_list_index < run_list.run_list_items.size do
+          # See if the desired run list has this item
+          found_desired = add_to_run_list.index { |item| same_run_list_item(item, run_list[run_list_index]) }
+          if found_desired
+            # If so, copy all items up to that desired run list (to preserve order).
+            # If a run list item is out of order (run_list = X, B, Y, A, Z and desired = A, B)
+            # then this will give us X, A, B.  When A is found later, nothing will be copied
+            # because found_desired will be less than add_to_run_list_index.  The result will
+            # be X, A, B, Y, Z.
+            if found_desired >= add_to_run_list_index
+              result += add_to_run_list[add_to_run_list_index..found_desired].map { |item| item.to_s }
+              add_to_run_list_index = found_desired+1
+            end
+          else
+            # If not, just copy it in
+            unless delete_from_run_list.index { |item| same_run_list_item(item, run_list[run_list_index]) }
+              result << run_list[run_list_index].to_s
+            end
+          end
+          run_list_index += 1
+        end
+
+        # Copy any remaining desired items at the end
+        result += add_to_run_list[add_to_run_list_index..-1].map { |item| item.to_s }
+        result
+      end
+
+      def same_run_list_item(a, b)
+        a_name = a.name
+        b_name = b.name
+        # Handle "a::default" being the same as "a"
+        if a.type == :recipe && a_name =~ /(.+)::default$/
+          a_name = $1
+        elsif b.type == :recipe && b_name =~ /(.+)::default$/
+          b_name = $1
+        end
+
+        a_name == b_name && a.type == b.type # We want to replace things with same name and different version
+      end
+
+      private
+
+      # Needed to be able to use DataHandler classes
+      def fake_entry
+        FakeEntry.new("#{new_resource.send(keys.values.first)}.json")
+      end
+
+      class FakeEntry
+        def initialize(name, parent = nil)
+          @name = name
+          @parent = parent
+          @org = nil
+        end
+
+        attr_reader :name
+        attr_reader :parent
+        attr_reader :org
+      end
+    end
+  end
+end

data/lib/cheffish/chef_actor_base.rb

@@ -0,0 +1,135 @@
+require 'cheffish/key_formatter'
+require 'cheffish/base_resource'
+
+module Cheffish
+  class ChefActorBase < Cheffish::BaseResource
+
+    action_class.class_eval do
+      def create_actor
+        if new_resource.before
+          new_resource.before.call(new_resource)
+        end
+
+        # Create or update the client/user
+        current_public_key = new_json['public_key']
+        differences = json_differences(current_json, new_json)
+        if current_resource_exists?
+          # Update the actor if it's different
+          if differences.size > 0
+            description = [ "update #{actor_type} #{new_resource.name} at #{actor_path}" ] + differences
+            converge_by description do
+              result = rest.put("#{actor_path}/#{new_resource.name}", normalize_for_put(new_json))
+              current_public_key, current_public_key_format = Cheffish::KeyFormatter.decode(result['public_key']) if result['public_key']
+            end
+          end
+        else
+          # Create the actor if it's missing
+          if !new_public_key
+            raise "You must specify a public key to create a #{actor_type}!  Use the private_key resource to create a key, and pass it in with source_key_path."
+          end
+          description = [ "create #{actor_type} #{new_resource.name} at #{actor_path}" ] + differences
+          converge_by description do
+            result = rest.post("#{actor_path}", normalize_for_post(new_json))
+            current_public_key, current_public_key_format = Cheffish::KeyFormatter.decode(result['public_key']) if result['public_key']
+          end
+        end
+
+        # Write out the public key
+        if new_resource.output_key_path
+          # TODO use inline_resource
+          key_content = Cheffish::KeyFormatter.encode(current_public_key, { :format => new_resource.output_key_format })
+          if !current_resource.output_key_path
+            action = 'create'
+          elsif key_content != IO.read(current_resource.output_key_path)
+            action = 'overwrite'
+          else
+            action = nil
+          end
+          if action
+            converge_by "#{action} public key #{new_resource.output_key_path}" do
+              IO.write(new_resource.output_key_path, key_content)
+            end
+          end
+          # TODO permissions?
+        end
+
+        if new_resource.after
+          new_resource.after.call(self, new_json, server_private_key, server_public_key)
+        end
+      end
+
+      def delete_actor
+        if current_resource_exists?
+          converge_by "delete #{actor_type} #{new_resource.name} at #{actor_path}" do
+            rest.delete("#{actor_path}/#{new_resource.name}")
+            Chef::Log.info("#{new_resource} deleted #{actor_type} #{new_resource.name} at #{rest.url}")
+          end
+        end
+        if current_resource.output_key_path
+          converge_by "delete public key #{current_resource.output_key_path}" do
+            ::File.unlink(current_resource.output_key_path)
+          end
+        end
+      end
+
+      def new_public_key
+        @new_public_key ||= begin
+          if new_resource.source_key
+            if new_resource.source_key.is_a?(String)
+              key, key_format = Cheffish::KeyFormatter.decode(new_resource.source_key)
+
+              if key.private?
+                key.public_key
+              else
+                key
+              end
+            elsif new_resource.source_key.private?
+              new_resource.source_key.public_key
+            else
+              new_resource.source_key
+            end
+          elsif new_resource.source_key_path
+            source_key_path = new_resource.source_key_path
+            if Pathname.new(source_key_path).relative?
+              source_key_str, source_key_path = Cheffish.get_private_key_with_path(source_key_path, run_context.config)
+            else
+              source_key_str = IO.read(source_key_path)
+            end
+            source_key, source_key_format = Cheffish::KeyFormatter.decode(source_key_str, new_resource.source_key_pass_phrase, source_key_path)
+            if source_key.private?
+              source_key.public_key
+            else
+              source_key
+            end
+          else
+            nil
+          end
+        end
+      end
+
+      def augment_new_json(json)
+        if new_public_key
+          json['public_key'] = new_public_key.to_pem
+        end
+        json
+      end
+
+      def load_current_resource
+        begin
+          json = rest.get("#{actor_path}/#{new_resource.name}")
+          @current_resource = json_to_resource(json)
+        rescue Net::HTTPServerException => e
+          if e.response.code == "404"
+            @current_resource = not_found_resource
+          else
+            raise
+          end
+        end
+
+        if new_resource.output_key_path && ::File.exist?(new_resource.output_key_path)
+          current_resource.output_key_path = new_resource.output_key_path
+        end
+      end
+    end
+  end
+end

data/lib/cheffish/node_properties.rb

@@ -0,0 +1,107 @@
+require 'chef_compat/mixin/properties'
+
+module Cheffish
+  module NodeProperties
+    include ChefCompat::Mixin::Properties
+
+    # Grab environment from with_environment
+    def initialize(*args)
+      super
+      chef_environment run_context.cheffish.current_environment
+    end
+
+    property :name, Cheffish::NAME_REGEX, name_property: true
+    property :chef_environment, Cheffish::NAME_REGEX
+    property :run_list, Array # We should let them specify it as a series of parameters too
+    property :attributes, Hash
+
+    # attribute 'ip_address', '127.0.0.1'
+    # attribute [ 'pushy', 'port' ], '9000'
+    # attribute 'ip_addresses' do |existing_value|
+    #   (existing_value || []) + [ '127.0.0.1' ]
+    # end
+    # attribute 'ip_address', :delete
+    attr_accessor :attribute_modifiers
+    def attribute(attribute_path, value=Chef::NOT_PASSED, &block)
+      @attribute_modifiers ||= []
+      if value != Chef::NOT_PASSED
+        @attribute_modifiers << [ attribute_path, value ]
+      elsif block
+        @attribute_modifiers << [ attribute_path, block ]
+      else
+        raise "attribute requires either a value or a block"
+      end
+    end
+
+    # Patchy tags
+    # tag 'webserver', 'apache', 'myenvironment'
+    def tag(*tags)
+      attribute 'tags' do |existing_tags|
+        existing_tags ||= []
+        tags.each do |tag|
+          if !existing_tags.include?(tag.to_s)
+            existing_tags << tag.to_s
+          end
+        end
+        existing_tags
+      end
+    end
+    def remove_tag(*tags)
+      attribute 'tags' do |existing_tags|
+        if existing_tags
+          tags.each do |tag|
+            existing_tags.delete(tag.to_s)
+          end
+        end
+        existing_tags
+      end
+    end
+
+    # NON-patchy tags
+    # tags :a, :b, :c # removes all other tags
+    def tags(*tags)
+      if tags.size == 0
+        attribute('tags')
+      else
+        tags = tags[0] if tags.size == 1 && tags[0].kind_of?(Array)
+        attribute 'tags', tags.map { |tag| tag.to_s }
+      end
+    end
+
+    # Order matters--if two things here are in the wrong order, they will be flipped in the run list
+    # recipe 'apache', 'mysql'
+    # recipe 'recipe@version'
+    # recipe 'recipe'
+    # role ''
+    attr_accessor :run_list_modifiers
+    attr_accessor :run_list_removers
+    def recipe(*recipes)
+      if recipes.size == 0
+        raise ArgumentError, "At least one recipe must be specified"
+      end
+      @run_list_modifiers ||= []
+      @run_list_modifiers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+    end
+    def role(*roles)
+      if roles.size == 0
+        raise ArgumentError, "At least one role must be specified"
+      end
+      @run_list_modifiers ||= []
+      @run_list_modifiers += roles.map { |role| Chef::RunList::RunListItem.new("role[#{role}]") }
+    end
+    def remove_recipe(*recipes)
+      if recipes.size == 0
+        raise ArgumentError, "At least one recipe must be specified"
+      end
+      @run_list_removers ||= []
+      @run_list_removers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+    end
+    def remove_role(*roles)
+      if roles.size == 0
+        raise ArgumentError, "At least one role must be specified"
+      end
+      @run_list_removers ||= []
+      @run_list_removers += roles.map { |role| Chef::RunList::RunListItem.new("role[#{role}]") }
+    end
+  end
+end

data/lib/cheffish/recipe_dsl.rb

@@ -24,20 +24,6 @@ require 'chef/resource/chef_role'
 require 'chef/resource/chef_user'
 require 'chef/resource/private_key'
 require 'chef/resource/public_key'
-require 'chef/provider/chef_acl'
-require 'chef/provider/chef_client'
-require 'chef/provider/chef_container'
-require 'chef/provider/chef_data_bag'
-require 'chef/provider/chef_data_bag_item'
-require 'chef/provider/chef_environment'
-require 'chef/provider/chef_group'
-require 'chef/provider/chef_mirror'
-require 'chef/provider/chef_node'
-require 'chef/provider/chef_organization'
-require 'chef/provider/chef_role'
-require 'chef/provider/chef_user'
-require 'chef/provider/private_key'
-require 'chef/provider/public_key'
 
 
 class Chef

data/lib/cheffish/version.rb

@@ -1,3 +1,3 @@
 module Cheffish
-  VERSION = '1.6.0'
+  VERSION = '2.0.0'
 end