clc-cheffish 0.8.clc

data/lib/chef/provider/chef_resolved_cookbooks.rb

@@ -0,0 +1,41 @@
+require 'chef/provider/lwrp_base'
+require 'chef_zero'
+
+class Chef::Provider::ChefResolvedCookbooks < Chef::Provider::LWRPBase
+
+  action :resolve do
+    new_resource.cookbooks_from.each do |path|
+      ::Dir.entries(path).each do |name|
+        if ::File.directory?(::File.join(path, name)) && name != '.' && name != '..'
+          new_resource.berksfile.cookbook name, :path => ::File.join(path, name)
+        end
+      end
+    end
+
+    new_resource.berksfile.install
+
+    # Ridley really really wants a key :/
+    if new_resource.chef_server[:options][:signing_key_filename]
+      new_resource.berksfile.upload(
+        :server_url => new_resource.chef_server[:chef_server_url],
+        :client_name => new_resource.chef_server[:options][:client_name],
+        :client_key => new_resource.chef_server[:options][:signing_key_filename])
+    else
+      file = Tempfile.new('privatekey')
+      begin
+        file.write(ChefZero::PRIVATE_KEY)
+        file.close
+
+        new_resource.berksfile.upload(
+          :server_url => new_resource.chef_server[:chef_server_url],
+          :client_name => new_resource.chef_server[:options][:client_name] || 'me',
+          :client_key => file.path)
+
+      ensure
+        file.close
+        file.unlink
+      end
+    end
+  end
+
+end

data/lib/chef/provider/chef_role.rb

@@ -0,0 +1,79 @@
+require 'cheffish/chef_provider_base'
+require 'chef/resource/chef_role'
+require 'chef/chef_fs/data_handler/role_data_handler'
+
+class Chef::Provider::ChefRole < Cheffish::ChefProviderBase
+
+  def whyrun_supported?
+    true
+  end
+
+  action :create do
+    differences = json_differences(current_json, new_json)
+
+    if current_resource_exists?
+      if differences.size > 0
+        description = [ "update role #{new_resource.name} at #{rest.url}" ] + differences
+        converge_by description do
+          rest.put("roles/#{new_resource.name}", normalize_for_put(new_json))
+        end
+      end
+    else
+      description = [ "create role #{new_resource.name} at #{rest.url}" ] + differences
+      converge_by description do
+        rest.post("roles", normalize_for_post(new_json))
+      end
+    end
+  end
+
+  action :delete do
+    if current_resource_exists?
+      converge_by "delete role #{new_resource.name} at #{rest.url}" do
+        rest.delete("roles/#{new_resource.name}")
+      end
+    end
+  end
+
+  def load_current_resource
+    begin
+      @current_resource = json_to_resource(rest.get("roles/#{new_resource.name}"))
+    rescue Net::HTTPServerException => e
+      if e.response.code == "404"
+        @current_resource = not_found_resource
+      else
+        raise
+      end
+    end
+  end
+
+  def augment_new_json(json)
+    # Apply modifiers
+    json['run_list'] = apply_run_list_modifiers(new_resource.run_list_modifiers, new_resource.run_list_removers, json['run_list'])
+    json['default_attributes'] = apply_modifiers(new_resource.default_attribute_modifiers, json['default_attributes'])
+    json['override_attributes'] = apply_modifiers(new_resource.override_attribute_modifiers, json['override_attributes'])
+    json
+  end
+
+  #
+  # Helpers
+  #
+
+  def resource_class
+    Chef::Resource::ChefRole
+  end
+
+  def data_handler
+    Chef::ChefFS::DataHandler::RoleDataHandler.new
+  end
+
+  def keys
+    {
+      'name' => :name,
+      'description' => :description,
+      'run_list' => :run_list,
+      'env_run_lists' => :env_run_lists,
+      'default_attributes' => :default_attributes,
+      'override_attributes' => :override_attributes
+    }
+  end
+end

data/lib/chef/provider/chef_user.rb

@@ -0,0 +1,53 @@
+require 'cheffish/actor_provider_base'
+require 'chef/resource/chef_user'
+require 'chef/chef_fs/data_handler/user_data_handler'
+
+class Chef::Provider::ChefUser < Cheffish::ActorProviderBase
+
+  def whyrun_supported?
+    true
+  end
+
+  action :create do
+    create_actor
+  end
+
+  action :delete do
+    delete_actor
+  end
+
+  #
+  # Helpers
+  #
+  # Gives us new_json, current_json, not_found_json, etc.
+
+  def actor_type
+    'user'
+  end
+
+  def actor_path
+    "#{rest.root_url}/users"
+  end
+
+  def resource_class
+    Chef::Resource::ChefUser
+  end
+
+  def data_handler
+    Chef::ChefFS::DataHandler::UserDataHandler.new
+  end
+
+  def keys
+    {
+      'name' => :name,
+      'username' => :name,
+      'admin' => :admin,
+      'email' => :email,
+      'password' => :password,
+      'external_authentication_uid' => :external_authentication_uid,
+      'recovery_authentication_enabled' => :recovery_authentication_enabled,
+      'public_key' => :source_key
+    }
+  end
+
+end

data/lib/chef/provider/private_key.rb

@@ -0,0 +1,219 @@
+require 'chef/provider/lwrp_base'
+require 'openssl'
+require 'cheffish/key_formatter'
+
+class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
+
+  action :create do
+    create_key(false, :create)
+  end
+
+  action :regenerate do
+    create_key(true, :regenerate)
+  end
+
+  action :delete do
+    if current_resource.path
+      converge_by "delete private key #{new_path}" do
+        ::File.unlink(new_path)
+      end
+    end
+  end
+
+  use_inline_resources
+
+  def whyrun_supported?
+    true
+  end
+
+  def create_key(regenerate, action)
+    if @should_create_directory
+      Cheffish.inline_resource(self, action) do
+        directory run_context.config[:private_key_write_path]
+      end
+    end
+
+    final_private_key = nil
+    if new_source_key
+      #
+      # Create private key from source
+      #
+      desired_output = encode_private_key(new_source_key)
+      if current_resource.path == :none || desired_output != IO.read(new_path)
+        converge_by "reformat key at #{new_resource.source_key_path} to #{new_resource.format} private key #{new_path} (#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do
+          IO.write(new_path, desired_output)
+        end
+      end
+
+      final_private_key = new_source_key
+
+    else
+      #
+      # Generate a new key
+      #
+      if current_resource.action == [ :delete ] || regenerate ||
+        (new_resource.regenerate_if_different &&
+          (!current_private_key ||
+           current_resource.size != new_resource.size ||
+           current_resource.type != new_resource.type))
+
+       case new_resource.type
+        when :rsa
+          if new_resource.exponent
+            final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size, new_resource.exponent)
+          else
+            final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size)
+          end
+        when :dsa
+          final_private_key = OpenSSL::PKey::DSA.generate(new_resource.size)
+        end
+
+        generated_key = true
+      elsif !current_private_key
+        raise "Could not read private key from #{current_resource.path}: missing pass phrase?"
+      else
+        final_private_key = current_private_key
+        generated_key = false
+      end
+
+      if generated_key
+        generated_description = " (#{new_resource.size} bits#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})"
+
+        if new_path != :none
+          action = current_resource.path == :none ? 'create' : 'overwrite'
+          converge_by "#{action} #{new_resource.type} private key #{new_path}#{generated_description}" do
+            write_private_key(final_private_key)
+          end
+        else
+          converge_by "generate private key#{generated_description}" do
+          end
+        end
+      else
+        # Warn if existing key has different characteristics than expected
+        if current_resource.size != new_resource.size
+          Chef::Log.warn("Mismatched key size!  #{current_resource.path} is #{current_resource.size} bytes, desired is #{new_resource.size} bytes.  Use action :regenerate to force key regeneration.")
+        elsif current_resource.type != new_resource.type
+          Chef::Log.warn("Mismatched key type!  #{current_resource.path} is #{current_resource.type}, desired is #{new_resource.type} bytes.  Use action :regenerate to force key regeneration.")
+        end
+
+        if current_resource.format != new_resource.format
+          converge_by "change format of #{new_resource.type} private key #{new_path} from #{current_resource.format} to #{new_resource.format}" do
+            write_private_key(current_private_key)
+          end
+        elsif (@current_file_mode & 0077) != 0
+          new_mode = @current_file_mode & 07700
+          converge_by "change mode of private key #{new_path} to #{new_mode.to_s(8)}" do
+            ::File.chmod(new_mode, new_path)
+          end
+        end
+      end
+    end
+
+    if new_resource.public_key_path
+      public_key_path = new_resource.public_key_path
+      public_key_format = new_resource.public_key_format
+      Cheffish.inline_resource(self, action) do
+        public_key public_key_path do
+          source_key final_private_key
+          format public_key_format
+        end
+      end
+    end
+
+    if new_resource.after
+      new_resource.after.call(new_resource, final_private_key)
+    end
+  end
+
+  def encode_private_key(key)
+    key_format = {}
+    key_format[:format] = new_resource.format if new_resource.format
+    key_format[:pass_phrase] = new_resource.pass_phrase if new_resource.pass_phrase
+    key_format[:cipher] = new_resource.cipher if new_resource.cipher
+    Cheffish::KeyFormatter.encode(key, key_format)
+  end
+
+  def write_private_key(key)
+    ::File.open(new_path, 'w') do |file|
+      file.chmod(0600)
+      file.write(encode_private_key(key))
+    end
+  end
+
+  def new_source_key
+    @new_source_key ||= begin
+      if new_resource.source_key.is_a?(String)
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
+        source_key
+      elsif new_resource.source_key
+        new_resource.source_key
+      elsif new_resource.source_key_path
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
+        source_key
+      else
+        nil
+      end
+    end
+  end
+
+  attr_reader :current_private_key
+
+  def new_path
+    new_key_with_path[1]
+  end
+
+  def new_key_with_path
+    path = new_resource.path
+    if path.is_a?(Symbol)
+      return [ nil, path ]
+    elsif Pathname.new(path).relative?
+      private_key, private_key_path = Cheffish.get_private_key_with_path(path, run_context.config)
+      if private_key
+        return [ private_key, (private_key_path || :none) ]
+      elsif run_context.config[:private_key_write_path]
+        @should_create_directory = true
+        path = ::File.join(run_context.config[:private_key_write_path], path)
+        return [ nil, path ]
+      else
+        raise "Could not find key #{path} and Chef::Config.private_key_write_path is not set."
+      end
+    elsif ::File.exist?(path)
+      return [ IO.read(path), path ]
+    else
+      return [ nil, path ]
+    end
+  end
+
+  def load_current_resource
+    resource = Chef::Resource::PrivateKey.new(new_resource.name, run_context)
+
+    new_key, new_path = new_key_with_path
+    if new_path != :none && ::File.exist?(new_path)
+      resource.path new_path
+      @current_file_mode = ::File.stat(new_path).mode
+    else
+      resource.path :none
+    end
+
+    if new_key
+      begin
+        key, key_format = Cheffish::KeyFormatter.decode(new_key, new_resource.pass_phrase, new_path)
+        if key
+          @current_private_key = key
+          resource.format key_format[:format]
+          resource.type key_format[:type]
+          resource.size key_format[:size]
+          resource.exponent key_format[:exponent]
+          resource.pass_phrase key_format[:pass_phrase]
+          resource.cipher key_format[:cipher]
+        end
+      rescue
+        # If there's an error reading, we assume format and type are wrong and don't futz with them
+      end
+    else
+      resource.action :delete
+    end
+
+    @current_resource = resource
+  end
+end

data/lib/chef/provider/public_key.rb

@@ -0,0 +1,82 @@
+require 'chef/provider/lwrp_base'
+require 'openssl'
+require 'cheffish/key_formatter'
+
+class Chef::Provider::PublicKey < Chef::Provider::LWRPBase
+  action :create do
+    if !new_source_key
+      raise "No source key specified"
+    end
+    desired_output = encode_public_key(new_source_key)
+    if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path)
+      converge_by "write #{new_resource.format} public key #{new_resource.path} from #{new_source_key_publicity} key #{new_resource.source_key_path}" do
+        IO.write(new_resource.path, desired_output)
+        # TODO permissions on file?
+      end
+    end
+  end
+
+  action :delete do
+    if Array(current_resource.action) == [ :create ]
+      converge_by "delete public key #{new_resource.path}" do
+        ::File.unlink(new_resource.path)
+      end
+    end
+  end
+
+  def whyrun_supported?
+    true
+  end
+
+  def encode_public_key(key)
+    key_format = {}
+    key_format[:format] = new_resource.format if new_resource.format
+    Cheffish::KeyFormatter.encode(key, key_format)
+  end
+
+  attr_reader :current_public_key
+  attr_reader :new_source_key_publicity
+
+  def new_source_key
+    @new_source_key ||= begin
+      if new_resource.source_key.is_a?(String)
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
+      elsif new_resource.source_key
+        source_key = new_resource.source_key
+      elsif new_resource.source_key_path
+        source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
+      else
+        return nil
+      end
+
+      if source_key.private?
+        @new_source_key_publicity = 'private'
+        source_key.public_key
+      else
+        @new_source_key_publicity = 'public'
+        source_key
+      end
+    end
+  end
+
+  def load_current_resource
+    if ::File.exist?(new_resource.path)
+      resource = Chef::Resource::PublicKey.new(new_resource.path, run_context)
+      begin
+        key, key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.path), nil, new_resource.path)
+        if key
+          @current_public_key = key
+          resource.format key_format[:format]
+        end
+      rescue
+        # If there is an error reading we assume format and such is broken
+      end
+
+      @current_resource = resource
+    else
+      not_found_resource = Chef::Resource::PublicKey.new(new_resource.path, run_context)
+      not_found_resource.action :delete
+      @current_resource = not_found_resource
+    end
+  end
+end