cheffish 1.6.0 → 2.0.0

data/lib/chef/provider/chef_data_bag_item.rb

@@ -1,278 +0,0 @@
-require 'cheffish/chef_provider_base'
-require 'chef/resource/chef_data_bag_item'
-require 'chef/chef_fs/data_handler/data_bag_item_data_handler'
-require 'chef/encrypted_data_bag_item'
-
-class Chef
-  class Provider
-    class ChefDataBagItem < Cheffish::ChefProviderBase
-      provides :chef_data_bag_item
-
-      def whyrun_supported?
-        true
-      end
-
-      action :create do
-        differences = calculate_differences
-
-        if current_resource_exists?
-          if differences.size > 0
-            description = [ "update data bag item #{new_resource.id} at #{rest.url}" ] + differences
-            converge_by description do
-              rest.put("data/#{new_resource.data_bag}/#{new_resource.id}", normalize_for_put(new_json))
-            end
-          end
-        else
-          description = [ "create data bag item #{new_resource.id} at #{rest.url}" ] + differences
-          converge_by description do
-            rest.post("data/#{new_resource.data_bag}", normalize_for_post(new_json))
-          end
-        end
-      end
-
-      action :delete do
-        if current_resource_exists?
-          converge_by "delete data bag item #{new_resource.id} at #{rest.url}" do
-            rest.delete("data/#{new_resource.data_bag}/#{new_resource.id}")
-          end
-        end
-      end
-
-      def load_current_resource
-        begin
-          json = rest.get("data/#{new_resource.data_bag}/#{new_resource.id}")
-          resource = Chef::Resource::ChefDataBagItem.new(new_resource.name, run_context)
-          resource.raw_data json
-          @current_resource = resource
-        rescue Net::HTTPServerException => e
-          if e.response.code == "404"
-            @current_resource = not_found_resource
-          else
-            raise
-          end
-        end
-
-        # Determine if data bag is encrypted and if so, what its version is
-        first_real_key, first_real_value = (current_resource.raw_data || {}).select { |key, value| key != 'id' && !value.nil? }.first
-        if first_real_value
-          if first_real_value.is_a?(Hash) &&
-             first_real_value['version'].is_a?(Integer) &&
-             first_real_value['version'] > 0 &&
-             first_real_value.has_key?('encrypted_data')
-
-            current_resource.encrypt true
-            current_resource.encryption_version first_real_value['version']
-
-            decrypt_error = nil
-
-            # Check if the desired secret is the one (which it generally should be)
-
-            if new_resource.secret || new_resource.secret_path
-              begin
-                Chef::EncryptedDataBagItem::Decryptor.for(first_real_value, new_secret).for_decrypted_item
-                current_resource.secret new_secret
-              rescue Chef::EncryptedDataBagItem::DecryptionFailure
-                decrypt_error = $!
-              end
-            end
-
-            # If the current secret doesn't work, look through the specified old secrets
-
-            if !current_resource.secret
-              old_secrets = []
-              if new_resource.old_secret
-                old_secrets += Array(new_resource.old_secret)
-              end
-              if new_resource.old_secret_path
-                old_secrets += Array(new_resource.old_secret_path).map do |secret_path|
-                  Chef::EncryptedDataBagItem.load_secret(new_resource.old_secret_file)
-                end
-              end
-              old_secrets.each do |secret|
-                begin
-                  Chef::EncryptedDataBagItem::Decryptor.for(first_real_value, secret).for_decrypted_item
-                  current_resource.secret secret
-                rescue Chef::EncryptedDataBagItem::DecryptionFailure
-                  decrypt_error = $!
-                end
-              end
-
-              # If we couldn't figure out the secret, emit a warning (this isn't a fatal flaw unless we
-              # need to reuse one of the values from the data bag)
-              if !current_resource.secret
-                if decrypt_error
-                  Chef::Log.warn "Existing data bag is encrypted, but could not decrypt: #{decrypt_error.message}."
-                else
-                  Chef::Log.warn "Existing data bag is encrypted, but no secret was specified."
-                end
-              end
-            end
-          end
-        else
-
-          # There are no encryptable values, so pretend encryption is the same as desired
-
-          current_resource.encrypt new_resource.encrypt
-          current_resource.encryption_version new_resource.encryption_version
-          if new_resource.secret || new_resource.secret_path
-            current_resource.secret new_secret
-          end
-        end
-      end
-
-      def new_json
-        @new_json ||= begin
-          if new_encrypt
-            # Encrypt new stuff
-            result = encrypt(new_decrypted, new_secret, new_resource.encryption_version)
-          else
-            result = new_decrypted
-          end
-          result
-        end
-      end
-
-      def new_encrypt
-        new_resource.encrypt.nil? ? current_resource.encrypt : new_resource.encrypt
-      end
-
-      def new_secret
-        @new_secret ||= begin
-          if new_resource.secret
-            new_resource.secret
-          elsif new_resource.secret_path
-            Chef::EncryptedDataBagItem.load_secret(new_resource.secret_path)
-          elsif new_resource.encrypt.nil?
-            current_resource.secret
-          else
-            raise "Data bag item #{new_resource.name} has encryption on but no secret or secret_path is specified"
-          end
-        end
-      end
-
-      def decrypt(json, secret)
-        Chef::EncryptedDataBagItem.new(json, secret).to_hash
-      end
-
-      def encrypt(json, secret, version)
-        old_version = run_context.config[:data_bag_encrypt_version]
-        run_context.config[:data_bag_encrypt_version] = version
-        begin
-          Chef::EncryptedDataBagItem.encrypt_data_bag_item(json, secret)
-        ensure
-          run_context.config[:data_bag_encrypt_version] = old_version
-        end
-      end
-
-      # Get the desired (new) json pre-encryption, for comparison purposes
-      def new_decrypted
-        @new_decrypted ||= begin
-          if new_resource.complete
-            result = new_resource.raw_data || {}
-          else
-            result = current_decrypted.merge(new_resource.raw_data || {})
-          end
-          result['id'] = new_resource.id
-          result = apply_modifiers(new_resource.raw_data_modifiers, result)
-        end
-      end
-
-      # Get the current json decrypted, for comparison purposes
-      def current_decrypted
-        @current_decrypted ||= begin
-          if current_resource.secret
-            decrypt(current_resource.raw_data || { 'id' => new_resource.id }, current_resource.secret)
-          elsif current_resource.encrypt
-            raise "Could not decrypt current data bag item #{current_resource.name}"
-          else
-            current_resource.raw_data || { 'id' => new_resource.id }
-          end
-        end
-      end
-
-      # Figure out the differences between new and current
-      def calculate_differences
-        if new_encrypt
-          if current_resource.encrypt
-            # Both are encrypted, check if the encryption type is the same
-            description = ''
-            if new_secret != current_resource.secret
-              description << ' with new secret'
-            end
-            if new_resource.encryption_version != current_resource.encryption_version
-              description << " from v#{current_resource.encryption_version} to v#{new_resource.encryption_version} encryption"
-            end
-
-            if description != ''
-              # Encryption is different, we're reencrypting
-              differences = [ "re-encrypt#{description}"]
-            else
-              # Encryption is the same, we're just updating
-              differences = []
-            end
-          else
-            # New stuff should be encrypted, old is not.  Encrypting.
-            differences = [ "encrypt with v#{new_resource.encryption_version} encryption" ]
-          end
-
-          # Get differences in the actual json
-          if current_resource.secret
-            json_differences(current_decrypted, new_decrypted, false, '', differences)
-          elsif current_resource.encrypt
-            # Encryption is different and we can't read the old values.  Only allow the change
-            # if we're overwriting the data bag item
-            if !new_resource.complete
-              raise "Cannot encrypt #{new_resource.name} due to failure to decrypt existing resource.  Set 'complete true' to overwrite or add the old secret as old_secret / old_secret_path."
-            end
-            differences = [ "overwrite data bag item (cannot decrypt old data bag item)"]
-            differences = (new_resource.raw_data.keys & current_resource.raw_data.keys).map { |key| "overwrite #{key}"}
-            differences += (new_resource.raw_data.keys - current_resource.raw_data.keys).map { |key| "add #{key}"}
-            differences += (current_resource.raw_data.keys - new_resource.raw_data.keys).map { |key| "remove #{key}" }
-          else
-            json_differences(current_decrypted, new_decrypted, false, '', differences)
-          end
-        else
-          if current_resource.encrypt
-            # New stuff should not be encrypted, old is.  Decrypting.
-            differences = [ "decrypt data bag item to plaintext" ]
-          else
-            differences = []
-          end
-          json_differences(current_decrypted, new_decrypted, true, '', differences)
-        end
-        differences
-      end
-
-      #
-      # Helpers
-      #
-
-      def resource_class
-        Chef::Resource::ChefDataBagItem
-      end
-
-      def data_handler
-        Chef::ChefFS::DataHandler::DataBagItemDataHandler.new
-      end
-
-      def keys
-        {
-          'id' => :id,
-          'data_bag' => :data_bag,
-          'raw_data' => :raw_data
-        }
-      end
-
-      def not_found_resource
-        resource = super
-        resource.data_bag new_resource.data_bag
-        resource
-      end
-
-      def fake_entry
-        FakeEntry.new("#{new_resource.id}.json", FakeEntry.new(new_resource.data_bag))
-      end
-
-    end
-  end
-end

data/lib/chef/provider/chef_environment.rb

@@ -1,83 +0,0 @@
-require 'cheffish/chef_provider_base'
-require 'chef/resource/chef_environment'
-require 'chef/chef_fs/data_handler/environment_data_handler'
-
-class Chef
-  class Provider
-    class ChefEnvironment < Cheffish::ChefProviderBase
-      provides :chef_environment
-
-      def whyrun_supported?
-        true
-      end
-
-      action :create do
-        differences = json_differences(current_json, new_json)
-
-        if current_resource_exists?
-          if differences.size > 0
-            description = [ "update environment #{new_resource.name} at #{rest.url}" ] + differences
-            converge_by description do
-              rest.put("environments/#{new_resource.name}", normalize_for_put(new_json))
-            end
-          end
-        else
-          description = [ "create environment #{new_resource.name} at #{rest.url}" ] + differences
-          converge_by description do
-            rest.post("environments", normalize_for_post(new_json))
-          end
-        end
-      end
-
-      action :delete do
-        if current_resource_exists?
-          converge_by "delete environment #{new_resource.name} at #{rest.url}" do
-            rest.delete("environments/#{new_resource.name}")
-          end
-        end
-      end
-
-      def load_current_resource
-        begin
-          @current_resource = json_to_resource(rest.get("environments/#{new_resource.name}"))
-        rescue Net::HTTPServerException => e
-          if e.response.code == "404"
-            @current_resource = not_found_resource
-          else
-            raise
-          end
-        end
-      end
-
-      def augment_new_json(json)
-        # Apply modifiers
-        json['default_attributes'] = apply_modifiers(new_resource.default_attribute_modifiers, json['default_attributes'])
-        json['override_attributes'] = apply_modifiers(new_resource.override_attribute_modifiers, json['override_attributes'])
-        json
-      end
-
-      #
-      # Helpers
-      #
-
-      def resource_class
-        Chef::Resource::ChefEnvironment
-      end
-
-      def data_handler
-        Chef::ChefFS::DataHandler::EnvironmentDataHandler.new
-      end
-
-      def keys
-        {
-          'name' => :name,
-          'description' => :description,
-          'cookbook_versions' => :cookbook_versions,
-          'default_attributes' => :default_attributes,
-          'override_attributes' => :override_attributes
-        }
-      end
-
-    end
-  end
-end

data/lib/chef/provider/chef_group.rb

@@ -1,83 +0,0 @@
-require 'cheffish/chef_provider_base'
-require 'chef/resource/chef_group'
-require 'chef/chef_fs/data_handler/group_data_handler'
-
-class Chef
-  class Provider
-    class ChefGroup < Cheffish::ChefProviderBase
-      provides :chef_group
-
-      def whyrun_supported?
-        true
-      end
-
-      action :create do
-        differences = json_differences(current_json, new_json)
-
-        if current_resource_exists?
-          if differences.size > 0
-            description = [ "update group #{new_resource.name} at #{rest.url}" ] + differences
-            converge_by description do
-              rest.put("groups/#{new_resource.name}", normalize_for_put(new_json))
-            end
-          end
-        else
-          description = [ "create group #{new_resource.name} at #{rest.url}" ] + differences
-          converge_by description do
-            rest.post("groups", normalize_for_post(new_json))
-          end
-        end
-      end
-
-      action :delete do
-        if current_resource_exists?
-          converge_by "delete group #{new_resource.name} at #{rest.url}" do
-            rest.delete("groups/#{new_resource.name}")
-          end
-        end
-      end
-
-      def load_current_resource
-        begin
-          @current_resource = json_to_resource(rest.get("groups/#{new_resource.name}"))
-        rescue Net::HTTPServerException => e
-          if e.response.code == "404"
-            @current_resource = not_found_resource
-          else
-            raise
-          end
-        end
-      end
-
-      def augment_new_json(json)
-        # Apply modifiers
-        json['users']   |= new_resource.users
-        json['clients'] |= new_resource.clients
-        json['groups']  |= new_resource.groups
-        json['users']   -= new_resource.remove_users
-        json['clients'] -= new_resource.remove_clients
-        json['groups']  -= new_resource.remove_groups
-        json
-      end
-
-      #
-      # Helpers
-      #
-
-      def resource_class
-        Chef::Resource::ChefGroup
-      end
-
-      def data_handler
-        Chef::ChefFS::DataHandler::GroupDataHandler.new
-      end
-
-      def keys
-        {
-          'name' => :name,
-          'groupname' => :name
-        }
-      end
-    end
-  end
-end

data/lib/chef/provider/chef_mirror.rb

@@ -1,169 +0,0 @@
-require 'chef/provider/lwrp_base'
-require 'chef/chef_fs/file_pattern'
-require 'chef/chef_fs/file_system'
-require 'chef/chef_fs/parallelizer'
-require 'chef/chef_fs/file_system/chef_server_root_dir'
-require 'chef/chef_fs/file_system/chef_repository_file_system_root_dir'
-
-class Chef
-  class Provider
-    class ChefMirror < Chef::Provider::LWRPBase
-      provides :chef_mirror
-
-      def whyrun_supported?
-        true
-      end
-
-      action :upload do
-        with_modified_config do
-          copy_to(local_fs, remote_fs)
-        end
-      end
-
-      action :download do
-        with_modified_config do
-          copy_to(remote_fs, local_fs)
-        end
-      end
-
-      def with_modified_config
-        # pre-Chef-12 ChefFS reads versioned_cookbooks out of Chef::Config instead of
-        # taking it as an input, so we need to modify it for the duration of copy_to
-        @old_versioned_cookbooks = Chef::Config.versioned_cookbooks
-        # If versioned_cookbooks is explicitly set, set it.
-        if !new_resource.versioned_cookbooks.nil?
-          Chef::Config.versioned_cookbooks = new_resource.versioned_cookbooks
-
-        # If new_resource.chef_repo_path is set, versioned_cookbooks defaults to true.
-        # Otherwise, it stays at its current Chef::Config value.
-        elsif new_resource.chef_repo_path
-          Chef::Config.versioned_cookbooks = true
-        end
-
-        begin
-          yield
-        ensure
-          Chef::Config.versioned_cookbooks = @old_versioned_cookbooks
-        end
-      end
-
-      def copy_to(src_root, dest_root)
-        if new_resource.concurrency && new_resource.concurrency <= 0
-          raise "chef_mirror.concurrency must be above 0!  Was set to #{new_resource.concurrency}"
-        end
-        # Honor concurrency
-        Chef::ChefFS::Parallelizer.threads = (new_resource.concurrency || 10) - 1
-
-        # We don't let the user pass absolute paths; we want to reserve those for
-        # multi-org support (/organizations/foo).
-        if new_resource.path[0] == '/'
-          raise "Absolute paths in chef_mirror not yet supported."
-        end
-        # Copy!
-        path = Chef::ChefFS::FilePattern.new("/#{new_resource.path}")
-        ui = CopyListener.new(self)
-        error = Chef::ChefFS::FileSystem.copy_to(path, src_root, dest_root, nil, options, ui, proc { |p| p.path })
-
-        if error
-          raise "Errors while copying:#{ui.errors.map { |e| "#{e}\n" }.join('')}"
-        end
-      end
-
-      def local_fs
-        # If chef_repo_path is set to a string, put it in the form it usually is in
-        # chef config (:chef_repo_path, :node_path, etc.)
-        path_config = new_resource.chef_repo_path
-        if path_config.is_a?(Hash)
-          chef_repo_path = path_config.delete(:chef_repo_path)
-        elsif path_config
-          chef_repo_path = path_config
-          path_config = {}
-        else
-          chef_repo_path = Chef::Config.chef_repo_path
-          path_config = Chef::Config
-        end
-        chef_repo_path = Array(chef_repo_path).flatten
-
-        # Go through the expected object paths and figure out the local paths for each.
-        case repo_mode
-        when 'hosted_everything'
-          object_names = %w(acls clients cookbooks containers data_bags environments groups nodes roles)
-        else
-          object_names = %w(clients cookbooks data_bags environments nodes roles users)
-        end
-
-        object_paths = {}
-        object_names.each do |object_name|
-          variable_name = "#{object_name[0..-2]}_path" # cookbooks -> cookbook_path
-          if path_config[variable_name.to_sym]
-            paths = Array(path_config[variable_name.to_sym]).flatten
-          else
-            paths = chef_repo_path.map { |path| ::File.join(path, object_name) }
-          end
-          object_paths[object_name] = paths.map { |path| ::File.expand_path(path) }
-        end
-
-        # Set up the root dir
-        Chef::ChefFS::FileSystem::ChefRepositoryFileSystemRootDir.new(object_paths)
-      end
-
-      def remote_fs
-        config = {
-          :chef_server_url => new_resource.chef_server[:chef_server_url],
-          :node_name => new_resource.chef_server[:options][:client_name],
-          :client_key => new_resource.chef_server[:options][:signing_key_filename],
-          :repo_mode => repo_mode,
-          :versioned_cookbooks => Chef::Config.versioned_cookbooks
-        }
-        Chef::ChefFS::FileSystem::ChefServerRootDir.new("remote", config)
-      end
-
-      def repo_mode
-        new_resource.chef_server[:chef_server_url] =~ /\/organizations\// ? 'hosted_everything' : 'everything'
-      end
-
-      def options
-        result = {
-          :purge => new_resource.purge,
-          :freeze => new_resource.freeze,
-          :diff => new_resource.no_diff,
-          :dry_run => whyrun_mode?
-        }
-        result[:diff] = !result[:diff]
-        result[:repo_mode] = repo_mode
-        result[:concurrency] = new_resource.concurrency if new_resource.concurrency
-        result
-      end
-
-      def load_current_resource
-      end
-
-      class CopyListener
-        def initialize(mirror)
-          @mirror = mirror
-          @errors = []
-        end
-
-        attr_reader :mirror
-        attr_reader :errors
-
-        # TODO output is not *always* indicative of a change.  We may want to give
-        # ChefFS the ability to tell us that info.  For now though, assuming any output
-        # means change is pretty damn close to the truth.
-        def output(str)
-          mirror.converge_by str do
-          end
-        end
-        def warn(str)
-          mirror.converge_by "WARNING: #{str}" do
-          end
-        end
-        def error(str)
-          mirror.converge_by "ERROR: #{str}" do
-          end
-          @errors << str
-        end
-      end
-    end
-  end
-end

data/lib/chef/provider/chef_node.rb

@@ -1,87 +0,0 @@
-require 'cheffish/chef_provider_base'
-require 'chef/resource/chef_node'
-require 'chef/chef_fs/data_handler/node_data_handler'
-
-class Chef
-  class Provider
-    class ChefNode < Cheffish::ChefProviderBase
-      provides :chef_node
-
-      def whyrun_supported?
-        true
-      end
-
-      action :create do
-        differences = json_differences(current_json, new_json)
-
-        if current_resource_exists?
-          if differences.size > 0
-            description = [ "update node #{new_resource.name} at #{rest.url}" ] + differences
-            converge_by description do
-              rest.put("nodes/#{new_resource.name}", normalize_for_put(new_json))
-            end
-          end
-        else
-          description = [ "create node #{new_resource.name} at #{rest.url}" ] + differences
-          converge_by description do
-            rest.post("nodes", normalize_for_post(new_json))
-          end
-        end
-      end
-
-      action :delete do
-        if current_resource_exists?
-          converge_by "delete node #{new_resource.name} at #{rest.url}" do
-            rest.delete("nodes/#{new_resource.name}")
-          end
-        end
-      end
-
-      def load_current_resource
-        begin
-          @current_resource = json_to_resource(rest.get("nodes/#{new_resource.name}"))
-        rescue Net::HTTPServerException => e
-          if e.response.code == "404"
-            @current_resource = not_found_resource
-          else
-            raise
-          end
-        end
-      end
-
-      def augment_new_json(json)
-        # Preserve tags even if "attributes" was overwritten directly
-        json['normal']['tags'] = current_json['normal']['tags'] unless json['normal']['tags']
-        # Apply modifiers
-        json['run_list'] = apply_run_list_modifiers(new_resource.run_list_modifiers, new_resource.run_list_removers, json['run_list'])
-        json['normal'] = apply_modifiers(new_resource.attribute_modifiers, json['normal'])
-        # Preserve default/override/automatic even when "complete true"
-        json['default'] = current_json['default']
-        json['override'] = current_json['override']
-        json['automatic'] = current_json['automatic']
-        json
-      end
-
-      #
-      # Helpers
-      #
-
-      def resource_class
-        Chef::Resource::ChefNode
-      end
-
-      def data_handler
-        Chef::ChefFS::DataHandler::NodeDataHandler.new
-      end
-
-      def keys
-        {
-          'name' => :name,
-          'chef_environment' => :chef_environment,
-          'run_list' => :run_list,
-          'normal' => :attributes
-        }
-      end
-    end
-  end
-end