clc-cheffish 0.8.clc

data/lib/chef/resource/chef_organization.rb

@@ -0,0 +1,64 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/run_list/run_list_item'
+
+class Chef::Resource::ChefOrganization < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_organization'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+    @invites = nil
+    @members = nil
+    @remove_members = []
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :full_name, :kind_of => String
+
+  # A list of users who must at least be invited to the org (but may already be
+  # members).  Invites will be sent to users who are not already invited/in the org.
+  def invites(*users)
+    if users.size == 0
+      @invites || []
+    else
+      @invites ||= []
+      @invites |= users.flatten
+    end
+  end
+
+  def invites_specified?
+    !!@invites
+  end
+
+  # A list of users who must be members of the org.  This will use the new Chef 12
+  # POST /organizations/ORG/users/NAME endpoint to add them directly to the org.
+  # If you do not have permission to perform this operation, and the users are not
+  # a part of the org, the resource update will fail.
+  def members(*users)
+    if users.size == 0
+      @members || []
+    else
+      @members ||= []
+      @members |= users.flatten
+    end
+  end
+
+  def members_specified?
+    !!@members
+  end
+
+  # A list of users who must not be members of the org.  These users will be removed
+  # from the org and invites will be revoked (if any).
+  def remove_members(*users)
+    users.size == 0 ? @remove_members : (@remove_members |= users.flatten)
+  end
+
+  attribute :complete, :kind_of => [ TrueClass, FalseClass ]
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+end

data/lib/chef/resource/chef_resolved_cookbooks.rb

@@ -0,0 +1,31 @@
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefResolvedCookbooks < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_resolved_cookbooks'
+
+  actions :resolve, :nothing
+  default_action :resolve
+
+  def initialize(*args)
+    super
+    require 'berkshelf'
+    berksfile Berkshelf::Berksfile.new('/tmp/Berksfile')
+    chef_server run_context.cheffish.current_chef_server
+    @cookbooks_from = []
+  end
+
+  extend Forwardable
+
+  def_delegators :@berksfile, :cookbook, :extension, :group, :metadata, :source
+
+  def cookbooks_from(path = nil)
+    if path
+      @cookbooks_from << path
+    else
+      @cookbooks_from
+    end
+  end
+
+  attribute :berksfile
+  attribute :chef_server
+end

data/lib/chef/resource/chef_role.rb

@@ -0,0 +1,104 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+require 'chef/run_list/run_list_item'
+
+class Chef::Resource::ChefRole < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_role'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :description, :kind_of => String
+  attribute :run_list, :kind_of => Array # We should let them specify it as a series of parameters too
+  attribute :env_run_lists, :kind_of => Hash
+  attribute :default_attributes, :kind_of => Hash
+  attribute :override_attributes, :kind_of => Hash
+
+  # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+  # reset to their defaults)
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  NOT_PASSED=Object.new
+
+  # default_attribute 'ip_address', '127.0.0.1'
+  # default_attribute [ 'pushy', 'port' ], '9000'
+  # default_attribute 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # default_attribute 'ip_address', :delete
+  attr_reader :default_attribute_modifiers
+  def default_attribute(attribute_path, value=NOT_PASSED, &block)
+    @default_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @default_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @default_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "default_attribute requires either a value or a block"
+    end
+  end
+
+  # override_attribute 'ip_address', '127.0.0.1'
+  # override_attribute [ 'pushy', 'port' ], '9000'
+  # override_attribute 'ip_addresses' do |existing_value|
+  #   (existing_value || []) + [ '127.0.0.1' ]
+  # end
+  # override_attribute 'ip_address', :delete
+  attr_reader :override_attribute_modifiers
+  def override_attribute(attribute_path, value=NOT_PASSED, &block)
+    @override_attribute_modifiers ||= []
+    if value != NOT_PASSED
+      @override_attribute_modifiers << [ attribute_path, value ]
+    elsif block
+      @override_attribute_modifiers << [ attribute_path, block ]
+    else
+      raise "override_attribute requires either a value or a block"
+    end
+  end
+
+  # Order matters--if two things here are in the wrong order, they will be flipped in the run list
+  # recipe 'apache', 'mysql'
+  # recipe 'recipe@version'
+  # recipe 'recipe'
+  # role ''
+  attr_reader :run_list_modifiers
+  attr_reader :run_list_removers
+  def recipe(*recipes)
+    if recipes.size == 0
+      raise ArgumentError, "At least one recipe must be specified"
+    end
+    @run_list_modifiers ||= []
+    @run_list_modifiers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+  end
+  def role(*roles)
+    if roles.size == 0
+      raise ArgumentError, "At least one role must be specified"
+    end
+    @run_list_modifiers ||= []
+    @run_list_modifiers += roles.map { |role| Chef::RunList::RunListItem.new("role[#{role}]") }
+  end
+  def remove_recipe(*recipes)
+    if recipes.size == 0
+      raise ArgumentError, "At least one recipe must be specified"
+    end
+    @run_list_removers ||= []
+    @run_list_removers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+  end
+  def remove_role(*roles)
+    if roles.size == 0
+      raise ArgumentError, "At least one role must be specified"
+    end
+    @run_list_removers ||= []
+    @run_list_removers += roles.map { |recipe| Chef::RunList::RunListItem.new("role[#{role}]") }
+  end
+end

data/lib/chef/resource/chef_user.rb

@@ -0,0 +1,51 @@
+require 'cheffish'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::ChefUser < Chef::Resource::LWRPBase
+  self.resource_name = 'chef_user'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  # Grab environment from with_environment
+  def initialize(*args)
+    super
+    chef_server run_context.cheffish.current_chef_server
+  end
+
+  # Client attributes
+  attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+  attribute :admin, :kind_of => [TrueClass, FalseClass]
+  attribute :email, :kind_of => String
+  attribute :external_authentication_uid
+  attribute :recovery_authentication_enabled, :kind_of => [TrueClass, FalseClass]
+  attribute :password, :kind_of => String # Hmm.  There is no way to idempotentize this.
+  #attribute :salt  # TODO server doesn't support sending or receiving these, but it's the only way to backup / restore a user
+  #attribute :hashed_password
+  #attribute :hash_type
+
+  # Input key
+  attribute :source_key # String or OpenSSL::PKey::*
+  attribute :source_key_path, :kind_of => String
+  attribute :source_key_pass_phrase
+
+  # Output public key (if so desired)
+  attribute :output_key_path, :kind_of => String
+  attribute :output_key_format, :kind_of => Symbol, :default => :openssh, :equal_to => [ :pem, :der, :openssh ]
+
+  # If this is set, client is not patchy
+  attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+  attribute :raw_json, :kind_of => Hash
+  attribute :chef_server, :kind_of => Hash
+
+  # Proc that runs just before the resource executes.  Called with (resource)
+  def before(&block)
+    block ? @before = block : @before
+  end
+
+  # Proc that runs after the resource completes.  Called with (resource, json, private_key, public_key)
+  def after(&block)
+    block ? @after = block : @after
+  end
+end

data/lib/chef/resource/private_key.rb

@@ -0,0 +1,44 @@
+require 'openssl/cipher'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::PrivateKey < Chef::Resource::LWRPBase
+  self.resource_name = 'private_key'
+
+  actions :create, :delete, :regenerate, :nothing
+  default_action :create
+
+  # Path to private key.  Set to :none to create the key in memory and not on disk.
+  attribute :path, :kind_of => [ String, Symbol ], :name_attribute => true
+  attribute :format, :kind_of => Symbol, :default => :pem, :equal_to => [ :pem, :der ]
+  attribute :type, :kind_of => Symbol, :default => :rsa, :equal_to => [ :rsa, :dsa ] # TODO support :ec
+  # These specify an optional public_key you can spit out if you want.
+  attribute :public_key_path, :kind_of => String
+  attribute :public_key_format, :kind_of => Symbol, :default => :openssh, :equal_to => [ :openssh, :pem, :der ]
+  # Specify this if you want to copy another private key but give it a different format / password
+  attribute :source_key
+  attribute :source_key_path, :kind_of => String
+  attribute :source_key_pass_phrase
+
+  # RSA and DSA
+  attribute :size, :kind_of => Integer, :default => 2048
+
+  # RSA-only
+  attribute :exponent, :kind_of => Integer # For RSA
+
+  # PEM-only
+  attribute :pass_phrase, :kind_of => String
+  attribute :cipher, :kind_of => String, :default => 'DES-EDE3-CBC', :equal_to => OpenSSL::Cipher.ciphers
+
+  # Set this to regenerate the key if it does not have the desired characteristics (like size, type, etc.)
+  attribute :regenerate_if_different, :kind_of => [TrueClass, FalseClass]
+
+  # Proc that runs after the resource completes.  Called with (resource, private_key)
+  def after(&block)
+    block ? @after = block : @after
+  end
+
+  # We are not interested in Chef's cloning behavior here.
+  def load_prior_resource
+    Chef::Log.debug("Overloading #{resource_name}.load_prior_resource with NOOP")
+  end
+end

data/lib/chef/resource/public_key.rb

@@ -0,0 +1,21 @@
+require 'openssl/cipher'
+require 'chef/resource/lwrp_base'
+
+class Chef::Resource::PublicKey < Chef::Resource::LWRPBase
+  self.resource_name = 'public_key'
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  attribute :path, :kind_of => String, :name_attribute => true
+  attribute :format, :kind_of => Symbol, :default => :openssh, :equal_to => [ :pem, :der, :openssh ]
+
+  attribute :source_key
+  attribute :source_key_path, :kind_of => String
+  attribute :source_key_pass_phrase
+
+  # We are not interested in Chef's cloning behavior here.
+  def load_prior_resource
+    Chef::Log.debug("Overloading #{resource_name}.load_prior_resource with NOOP")
+  end
+end

data/lib/cheffish.rb

@@ -0,0 +1,222 @@
+require 'chef/run_list/run_list_item'
+require 'cheffish/basic_chef_client'
+require 'cheffish/server_api'
+require 'chef/knife'
+require 'chef/config_fetcher'
+require 'chef/log'
+require 'chef/application'
+
+module Cheffish
+  NAME_REGEX = /^[.\-[:alnum:]_]+$/
+
+  def self.inline_resource(provider, provider_action, *resources, &block)
+    BasicChefClient.inline_resource(provider, provider_action, *resources, &block)
+  end
+
+  def self.default_chef_server(config = profiled_config)
+    {
+      :chef_server_url => config[:chef_server_url],
+      :options => {
+        :client_name => config[:node_name],
+        :signing_key_filename => config[:client_key]
+      }
+    }
+  end
+
+  def self.chef_server_api(chef_server = default_chef_server)
+    Cheffish::ServerAPI.new(chef_server[:chef_server_url], chef_server[:options] || {})
+  end
+
+  def self.profiled_config(config = Chef::Config)
+    if config.profile && config.profiles && config.profiles[config.profile]
+      MergedConfig.new(config.profiles[config.profile], config)
+    else
+      config
+    end
+  end
+
+  def self.load_chef_config(chef_config = Chef::Config)
+    chef_config.config_file = Chef::Knife.locate_config_file
+    config_fetcher = Chef::ConfigFetcher.new(chef_config.config_file, chef_config.config_file_jail)
+    if chef_config.config_file.nil?
+      Chef::Log.warn("No config file found or specified on command line, using command line options.")
+    elsif config_fetcher.config_missing?
+      Chef::Log.warn("Did not find config file: #{chef_config.config_file}, using command line options.")
+    else
+      config_content = config_fetcher.read_config
+      config_file_path = chef_config.config_file
+      begin
+        chef_config.from_string(config_content, config_file_path)
+      rescue Exception => error
+        Chef::Log.fatal("Configuration error #{error.class}: #{error.message}")
+        filtered_trace = error.backtrace.grep(/#{Regexp.escape(config_file_path)}/)
+        filtered_trace.each {|line| Chef::Log.fatal("  " + line )}
+        Chef::Application.fatal!("Aborting due to error in '#{config_file_path}'", 2)
+      end
+    end
+    Cheffish.profiled_config(chef_config)
+  end
+
+  def self.honor_local_mode(local_mode_default = true)
+    if !Chef::Config.has_key?(:local_mode) && !local_mode_default.nil?
+      Chef::Config.local_mode = local_mode_default
+    end
+    if Chef::Config.local_mode && !Chef::Config.has_key?(:cookbook_path) && !Chef::Config.has_key?(:chef_repo_path)
+      Chef::Config.chef_repo_path = Chef::Config.find_chef_repo_path(Dir.pwd)
+    end
+    begin
+      require 'chef/local_mode'
+      Chef::LocalMode.with_server_connectivity(&block)
+
+    rescue LoadError
+      Chef::Application.setup_server_connectivity
+      if block_given?
+        begin
+          yield
+        ensure
+          Chef::Application.destroy_server_connectivity
+        end
+      end
+    end
+  end
+
+  def self.get_private_key(name, config = profiled_config)
+    key, key_path = get_private_key_with_path(name, config)
+    key
+  end
+
+  def self.get_private_key_with_path(name, config = profiled_config)
+    if config[:private_keys] && config[:private_keys][name]
+      if config[:private_keys][name].is_a?(String)
+        return [ IO.read(config[:private_keys][name]), config[:private_keys][name] ]
+      else
+        return [ config[:private_keys][name].to_pem, nil ]
+      end
+    elsif config[:private_key_paths]
+      config[:private_key_paths].each do |private_key_path|
+        next unless File.exist?(private_key_path)
+        Dir.entries(private_key_path).sort.each do |key|
+          ext = File.extname(key)
+          if ext == '' || ext == '.pem'
+            key_name = key[0..-(ext.length+1)]
+            if key_name == name
+              return [ IO.read("#{private_key_path}/#{key}"), "#{private_key_path}/#{key}" ]
+            end
+          end
+        end
+      end
+    end
+    nil
+  end
+
+  NOT_PASSED=Object.new
+
+  def self.node_attributes(klass)
+    klass.class_eval do
+      attribute :name, :kind_of => String, :regex => Cheffish::NAME_REGEX, :name_attribute => true
+      attribute :chef_environment, :kind_of => String, :regex => Cheffish::NAME_REGEX
+      attribute :run_list, :kind_of => Array # We should let them specify it as a series of parameters too
+      attribute :attributes, :kind_of => Hash
+
+      # Specifies that this is a complete specification for the environment (i.e. attributes you don't specify will be
+      # reset to their defaults)
+      attribute :complete, :kind_of => [TrueClass, FalseClass]
+
+      attribute :raw_json, :kind_of => Hash
+      attribute :chef_server, :kind_of => Hash
+
+      # attribute 'ip_address', '127.0.0.1'
+      # attribute [ 'pushy', 'port' ], '9000'
+      # attribute 'ip_addresses' do |existing_value|
+      #   (existing_value || []) + [ '127.0.0.1' ]
+      # end
+      # attribute 'ip_address', :delete
+      attr_accessor :attribute_modifiers
+      def attribute(attribute_path, value=NOT_PASSED, &block)
+        @attribute_modifiers ||= []
+        if value != NOT_PASSED
+          @attribute_modifiers << [ attribute_path, value ]
+        elsif block
+          @attribute_modifiers << [ attribute_path, block ]
+        else
+          raise "attribute requires either a value or a block"
+        end
+      end
+
+      # Patchy tags
+      # tag 'webserver', 'apache', 'myenvironment'
+      def tag(*tags)
+        attribute 'tags' do |existing_tags|
+          existing_tags ||= []
+          tags.each do |tag|
+            if !existing_tags.include?(tag.to_s)
+              existing_tags << tag.to_s
+            end
+          end
+          existing_tags
+        end
+      end
+      def remove_tag(*tags)
+        attribute 'tags' do |existing_tags|
+          if existing_tags
+            tags.each do |tag|
+              existing_tags.delete(tag.to_s)
+            end
+          end
+          existing_tags
+        end
+      end
+
+      # NON-patchy tags
+      # tags :a, :b, :c # removes all other tags
+      def tags(*tags)
+        if tags.size == 0
+          attribute('tags')
+        else
+          tags = tags[0] if tags.size == 1 && tags[0].kind_of?(Array)
+          attribute 'tags', tags.map { |tag| tag.to_s }
+        end
+      end
+
+      # Order matters--if two things here are in the wrong order, they will be flipped in the run list
+      # recipe 'apache', 'mysql'
+      # recipe 'recipe@version'
+      # recipe 'recipe'
+      # role ''
+      attr_accessor :run_list_modifiers
+      attr_accessor :run_list_removers
+      def recipe(*recipes)
+        if recipes.size == 0
+          raise ArgumentError, "At least one recipe must be specified"
+        end
+        @run_list_modifiers ||= []
+        @run_list_modifiers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+      end
+      def role(*roles)
+        if roles.size == 0
+          raise ArgumentError, "At least one role must be specified"
+        end
+        @run_list_modifiers ||= []
+        @run_list_modifiers += roles.map { |role| Chef::RunList::RunListItem.new("role[#{role}]") }
+      end
+      def remove_recipe(*recipes)
+        if recipes.size == 0
+          raise ArgumentError, "At least one recipe must be specified"
+        end
+        @run_list_removers ||= []
+        @run_list_removers += recipes.map { |recipe| Chef::RunList::RunListItem.new("recipe[#{recipe}]") }
+      end
+      def remove_role(*roles)
+        if roles.size == 0
+          raise ArgumentError, "At least one role must be specified"
+        end
+        @run_list_removers ||= []
+        @run_list_removers += roles.map { |recipe| Chef::RunList::RunListItem.new("role[#{role}]") }
+      end
+    end
+  end
+end
+
+# Include all recipe objects so require 'cheffish' brings in the whole recipe DSL
+
+require 'cheffish/recipe_dsl'