clc-cheffish 0.8.clc

data/lib/chef/resource/chef_acl.rb

@@ -0,0 +1,65 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefAcl < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_acl'
+
+  actions :create, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  # Path of the thing being secured, e.g. nodes, nodes/*, nodes/mynode,
+  # */*, **, roles/base, data/secrets, cookbooks/apache2, /users/*,
+  # /organizations/foo/nodes/x
+  attribute :path, :kind_of => String, :name_attribute => true
+
+  # Whether to change things recursively.  true means it will descend all children
+  # and make the same modifications to them.  :on_change will only descend if
+  # the parent has changed.  :on_change is the default.
+  attribute :recursive, :equal_to => [ true, false, :on_change ], :default => :on_change
+
+  # Specifies that this is a complete specification for the acl (i.e. rights
+  # you don't specify will be reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  # rights :read, :users => 'jkeiser', :groups => [ 'admins', 'users' ]
+  # rights [ :create, :read ], :users => [ 'jkeiser', 'adam' ]
+  # rights :all, :users => 'jkeiser'
+  def rights(*values)
+    if values.size == 0
+      @rights
+    else
+      args = values.pop
+      args[:permissions] ||= []
+      values.each do |value|
+        args[:permissions] |= Array(value)
+      end
+      @rights ||= []
+      @rights << args
+    end
+  end
+
+  # remove_rights :read, :users => 'jkeiser', :groups => [ 'admins', 'users' ]
+  # remove_rights [ :create, :read ], :users => [ 'jkeiser', 'adam' ]
+  # remove_rights :all, :users => [ 'jkeiser', 'adam' ]
+  def remove_rights(*values)
+    if values.size == 0
+      @remove_rights
+    else
+      args = values.pop
+      args[:permissions] ||= []
+      values.each do |value|
+        args[:permissions] |= Array(value)
+      end
+      @remove_rights ||= []
+      @remove_rights << args
+    end
+  end
+end

data/lib/chef/resource/chef_client.rb

@@ -0,0 +1,44 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefClient < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_client'
+
+  actions :create, :delete, :regenerate_keys, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  # Client attributes
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :admin, :kind_of => [TrueClass, FalseClass]
+  attribute :validator, :kind_of => [TrueClass, FalseClass]
+
+  # Input key
+  attribute :source_key # String or OpenSSL::PKey::*
+  attribute :source_key_path, :kind_of => String
+  attribute :source_key_pass_phrase
+
+  # Output public key (if so desired)
+  attribute :output_key_path, :kind_of => String
+  attribute :output_key_format, :kind_of => Symbol, :default => :openssh, :equal_to => [ :pem, :der, :openssh ]
+
+  # If this is set, client is not patchy
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  # Proc that runs just before the resource executes.  Called with (resource)
+  def before(&block)
+    block ? @before = block : @before
+  end
+
+  # Proc that runs after the resource completes.  Called with (resource, json, private_key, public_key)
+  def after(&block)
+    block ? @after = block : @after
+  end
+end

data/lib/chef/resource/chef_container.rb

@@ -0,0 +1,18 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefContainer < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_container'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_data_bag.rb

@@ -0,0 +1,18 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefDataBag < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_data_bag'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_data_bag_item.rb

@@ -0,0 +1,114 @@
+require 'cheffish'
+require 'chef/config'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefDataBagItem < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_data_bag_item'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    name @name
+    if !data_bag
+      data_bag run_context.cheffish.current_data_bag
+    end
+    if run_context.cheffish.current_data_bag_item_encryption
+      @encrypt = true if run_context.cheffish.current_data_bag_item_encryption[:encrypt_all]
+      @secret = run_context.cheffish.current_data_bag_item_encryption[:secret]
+      @secret_path = run_context.cheffish.current_data_bag_item_encryption[:secret_path] || run_context.config[:encrypted_data_bag_secret]
+      @encryption_cipher = run_context.cheffish.current_data_bag_item_encryption[:encryption_cipher]
+      @encryption_version = run_context.cheffish.current_data_bag_item_encryption[:encryption_version] || run_context.config[:data_bag_encrypt_version]
+      @old_secret = run_context.cheffish.current_data_bag_item_encryption[:old_secret]
+      @old_secret_path = run_context.cheffish.current_data_bag_item_encryption[:old_secret_path]
+    end
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  def name(*args)
+    result = super(*args)
+    if args.size == 1
+      parts = name.split('/')
+      if parts.size == 1
+        @id = parts[0]
+      elsif parts.size == 2
+        @data_bag = parts[0]
+        @id = parts[1]
+      else
+        raise "Name #{args[0].inspect} must be a string with 1 or 2 parts, either 'id' or 'data_bag/id"
+      end
+    end
+    result
+  end
+
+  NOT_PASSED = Object.new
+  def id(value = NOT_PASSED)
+    if value == NOT_PASSED
+      @id
+    else
+      @id = value
+      name data_bag ? "#{data_bag}/#{id}" : id
+    end
+  end
+  def data_bag(value = NOT_PASSED)
+    if value == NOT_PASSED
+      @data_bag
+    else
+      @data_bag = value
+      name data_bag ? "#{data_bag}/#{id}" : id
+    end
+  end
+  attribute :raw_data, :kind_of => Hash
+
+  # If secret or secret_path are set, encrypt is assumed true.  encrypt exists mainly for with_secret and with_secret_path
+  attribute :encrypt, :kind_of => [TrueClass, FalseClass]
+  #attribute :secret, :kind_of => String
+  def secret(new_secret = nil)
+    if !new_secret
+      @secret
+    else
+      @secret = new_secret
+      @encrypt = true if @encrypt.nil?
+    end
+  end
+  #attribute :secret_path, :kind_of => String
+  def secret_path(new_secret_path = nil)
+    if !new_secret_path
+      @secret_path
+    else
+      @secret_path = new_secret_path
+      @encrypt = true if @encrypt.nil?
+    end
+  end
+  attribute :encryption_version, :kind_of => Integer
+
+  # Old secret (or secrets) to read the old data bag when we are changing keys and re-encrypting data
+  attribute :old_secret, :kind_of => [String, Array]
+  attribute :old_secret_path, :kind_of => [String, Array]
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  # value 'ip_address', '127.0.0.1'
+  # value [ 'pushy', 'port' ], '9000'
+  # value 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # value 'ip_address', :delete
+  attr_reader :raw_data_modifiers
+  def value(raw_data_path, value=NOT_PASSED, &block)
+    @raw_data_modifiers ||= []
+    if value != NOT_PASSED
+      @raw_data_modifiers << [ raw_data_path, value ]
+    elsif block
+      @raw_data_modifiers << [ raw_data_path, block ]
+    else
+      raise "value requires either a value or a block"
+    end
+  end
+end

data/lib/chef/resource/chef_environment.rb

@@ -0,0 +1,71 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/environment'
+
+class Chef::Resource::ChefEnvironment < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_environment'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :description, :kind_of => String
+  attribute :cookbook_versions, :kind_of => Hash, :callbacks => {
+    "should have valid cookbook versions" => lambda { |value| Chef::Environment.validate_cookbook_versions(value) }
+  }
+  attribute :default_attributes, :kind_of => Hash
+  attribute :override_attributes, :kind_of => Hash
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  NOT_PASSED=Object.new
+
+  # default 'ip_address', '127.0.0.1'
+  # default [ 'pushy', 'port' ], '9000'
+  # default 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # default 'ip_address', :delete
+  attr_reader :default_attribute_modifiers
+  def default(attribute_path, value=NOT_PASSED, &block)
+    @default_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @default_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @default_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "default requires either a value or a block"
+    end
+  end
+
+  # override 'ip_address', '127.0.0.1'
+  # override [ 'pushy', 'port' ], '9000'
+  # override 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # override 'ip_address', :delete
+  attr_reader :override_attribute_modifiers
+  def override(attribute_path, value=NOT_PASSED, &block)
+    @override_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @override_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @override_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "override requires either a value or a block"
+    end
+  end
+
+  alias :attributes :default_attributes
+  alias :attribute :default
+end

data/lib/chef/resource/chef_group.rb

@@ -0,0 +1,49 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/run_list/run_list_item'
+
+class Chef::Resource::ChefGroup < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_group'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+    @users = []
+    @clients = []
+    @groups = []
+    @remove_users = []
+    @remove_clients = []
+    @remove_groups = []
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  def users(*users)
+    users.size == 0 ? @users : (@users |= users.flatten)
+  end
+  def clients(*clients)
+    clients.size == 0 ? @clients : (@clients |= clients.flatten)
+  end
+  def groups(*groups)
+    groups.size == 0 ? @groups : (@groups |= groups.flatten)
+  end
+  def remove_users(*remove_users)
+    remove_users.size == 0 ? @remove_users : (@remove_users |= remove_users.flatten)
+  end
+  def remove_clients(*remove_clients)
+    remove_clients.size == 0 ? @remove_clients : (@remove_clients |= remove_clients.flatten)
+  end
+  def remove_groups(*remove_groups)
+    remove_groups.size == 0 ? @remove_groups : (@remove_groups |= remove_groups.flatten)
+  end
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_mirror.rb

@@ -0,0 +1,47 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefMirror < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_mirror'
+
+  actions :upload, :download, :nothing
+  default_action :nothing
+
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  # Path of the data to mirror, e.g. nodes, nodes/*, nodes/mynode,
+  # */*, **, roles/base, data/secrets, cookbooks/apache2, etc.
+  attribute :path, :kind_of => String, :name_attribute => true
+
+  # Local path.  Can be a string (top level of repository) or hash
+  # (:chef_repo_path, :node_path, etc.)
+  # If neither chef_repo_path nor versioned_cookbooks are set, they default to their
+  # Chef::Config values.  If chef_repo_path is set but versioned_cookbooks is not,
+  # versioned_cookbooks defaults to true.
+  attribute :chef_repo_path, :kind_of => [ String, Hash ]
+
+  # Whether the repo path contains / should contain cookbooks with versioned names,
+  # i.e. cookbooks/mysql-1.0.0, cookbooks/mysql-1.2.0, etc.
+  attribute :versioned_cookbooks, :kind_of => [ TrueClass, FalseClass ]
+
+  # Chef server
+  attribute :chef_server, :kind_of => Hash
+
+  # Whether to purge deleted things: if we do not have cookbooks/x locally and we
+  # *do* have cookbooks/x remotely, then :upload with purge will delete it.
+  # Defaults to false.
+  attribute :purge, :kind_of => [ TrueClass, FalseClass ]
+
+  # Whether to freeze cookbooks on upload
+  attribute :freeze, :kind_of => [ TrueClass, FalseClass ]
+
+  # If this is true, only new files will be copied.  File contents will not be
+  # diffed, so changed files will never be uploaded.
+  attribute :no_diff, :kind_of => [ TrueClass, FalseClass ]
+
+  # Number of parallel threads to list/upload/download with.  Defaults to 10.
+  attribute :concurrency, :kind_of => Integer
+end

data/lib/chef/resource/chef_node.rb

@@ -0,0 +1,18 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefNode < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_node'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_environment run_context.cheffish.current_environment
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  Cheffish.node_attributes(self)
+end