clc-cheffish 0.8.clc

data/lib/cheffish/chef_run_data.rb

@@ -0,0 +1,19 @@
+require 'chef/config'
+require 'cheffish/with_pattern'
+
+module Cheffish
+  class ChefRunData
+    def initialize(config)
+      @local_servers = []
+      @current_chef_server = Cheffish.default_chef_server(config)
+    end
+
+    extend Cheffish::WithPattern
+    with :data_bag
+    with :environment
+    with :data_bag_item_encryption
+    with :chef_server
+
+    attr_reader :local_servers
+  end
+end

data/lib/cheffish/chef_run_listener.rb

@@ -0,0 +1,28 @@
+require 'chef/event_dispatch/base'
+
+module Cheffish
+  class ChefRunListener < Chef::EventDispatch::Base
+    def initialize(run_context)
+      @run_context = run_context
+    end
+
+    attr_reader :run_context
+
+    def run_complete(node)
+      disconnect
+    end
+
+    def run_failed(exception)
+      disconnect
+    end
+
+    private
+
+    def disconnect
+      # Stop the servers
+      run_context.cheffish.local_servers.each do |server|
+        server.stop
+      end
+    end
+  end
+end

data/lib/cheffish/key_formatter.rb

@@ -0,0 +1,109 @@
+require 'openssl'
+require 'net/ssh'
+require 'etc'
+require 'socket'
+require 'digest/md5'
+require 'base64'
+
+module Cheffish
+  class KeyFormatter
+    # Returns nil or key, format
+    def self.decode(str, pass_phrase=nil, filename='')
+      key_format = {}
+      key_format[:format] = format_of(str)
+
+      case key_format[:format]
+      when :openssh
+        key = decode_openssh_key(str, filename)
+      else
+        begin
+          key = OpenSSL::PKey.read(str) { pass_phrase }
+        rescue
+          return nil
+        end
+      end
+
+      key_format[:type] = type_of(key)
+      key_format[:size] = size_of(key)
+      key_format[:pass_phrase] = pass_phrase if pass_phrase
+      # TODO cipher, exponent
+
+      [key, key_format]
+    end
+
+    def self.encode(key, key_format)
+      format = key_format[:format] || :pem
+      case format
+      when :openssh
+        encode_openssh_key(key)
+      when :pem
+        if key_format[:pass_phrase]
+          cipher = key_format[:cipher] || 'DES-EDE3-CBC'
+          key.to_pem(OpenSSL::Cipher.new(cipher), key_format[:pass_phrase])
+        else
+          key.to_pem
+        end
+      when :der
+        key.to_der
+      when :fingerprint, :pkcs1md5fingerprint
+        hexes = Digest::MD5.hexdigest(key.to_der)
+        # Put : between every pair of hexes
+        hexes.scan(/../).join(':')
+      when :rfc4716md5fingerprint
+        type, base64_data, etc = encode_openssh_key(key).split
+        data = Base64.decode64(base64_data)
+        hexes = Digest::MD5.hexdigest(data)
+        hexes.scan(/../).join(':')
+      when :pkcs8sha1fingerprint
+        if RUBY_VERSION.to_f >= 2.0
+          raise "PKCS8 SHA1 not supported in Ruby #{RUBY_VERSION}"
+        end
+        require 'openssl_pkcs8'
+        pkcs8_pem = key.to_pem_pkcs8
+        pkcs8_base64 = pkcs8_pem.split("\n").reject { |l| l =~ /^-----/ }
+        pkcs8_data = Base64.decode64(pkcs8_base64.join)
+        hexes = Digest::SHA1.hexdigest(pkcs8_data)
+        hexes.scan(/../).join(':')
+      else
+        raise "Unrecognized key format #{format}"
+      end
+    end
+
+    private
+
+    def self.encode_openssh_key(key)
+      # TODO there really isn't a method somewhere in net/ssh or openssl that does this??
+      type = key.ssh_type
+      data = [ key.to_blob ].pack('m0')
+      "#{type} #{data} #{Etc.getlogin}@#{Socket.gethostname}"
+    end
+
+    def self.decode_openssh_key(str, filename='')
+      Net::SSH::KeyFactory.load_data_public_key(str, filename)
+    end
+
+    def self.format_of(key_contents)
+      if key_contents.start_with?('-----BEGIN ')
+        :pem
+      elsif key_contents.start_with?('ssh-rsa ') || key_contents.start_with?('ssh-dss ')
+        :openssh
+      else
+        :der
+      end
+    end
+
+    def self.type_of(key)
+      case key.class
+      when OpenSSL::PKey::RSA
+        :rsa
+      when OpenSSL::PKey::DSA
+        :dsa
+      end
+    end
+
+    def self.size_of(key)
+      # TODO DSA -- this is RSA only
+      key.n.num_bytes * 8
+    end
+  end
+end

data/lib/cheffish/merged_config.rb

@@ -0,0 +1,94 @@
+module Cheffish
+  class MergedConfig
+    def initialize(*configs)
+      @configs = configs
+      @merge_arrays = {}
+    end
+
+    include Enumerable
+
+    attr_reader :configs
+    def merge_arrays(*symbols)
+      if symbols.size > 0
+        symbols.each do |symbol|
+          @merge_arrays[symbol] = true
+        end
+      else
+        @merge_arrays
+      end
+    end
+
+    def [](name)
+      if @merge_arrays[name]
+        configs.select { |c| !c[name].nil? }.collect_concat { |c| c[name] }
+      else
+        result_configs = []
+        configs.each do |config|
+          value = config[name]
+          if !value.nil?
+            if value.respond_to?(:keys)
+              result_configs << value
+            elsif result_configs.size > 0
+              return result_configs[0]
+            else
+              return value
+            end
+          end
+        end
+        if result_configs.size > 1
+          MergedConfig.new(*result_configs)
+        elsif result_configs.size == 1
+          result_configs[0]
+        else
+          nil
+        end
+      end
+    end
+
+    def method_missing(name, *args)
+      if args.count > 0
+        raise NoMethodError, "Unexpected method #{name} for MergedConfig with arguments #{args}"
+      else
+        self[name]
+      end
+    end
+
+    def key?(name)
+      configs.any? { |config| config.has_key?(name) }
+    end
+
+    alias_method :has_key?, :key?
+
+    def keys
+      configs.map { |c| c.keys }.flatten(1).uniq
+    end
+
+    def values
+      keys.map { |key| self[key] }
+    end
+
+    def each_pair(&block)
+      each(&block)
+    end
+
+    def each
+      keys.each do |key|
+        if block_given?
+          yield key, self[key]
+        end
+      end
+    end
+
+    def to_hash
+      result = {}
+      each_pair do |key, value|
+        result[key] = value
+      end
+      result
+    end
+
+    def to_s
+      to_hash.to_s
+    end
+  end
+end

data/lib/cheffish/recipe_dsl.rb

@@ -0,0 +1,147 @@
+require 'cheffish'
+
+require 'chef/version'
+require 'chef_zero/server'
+require 'chef/chef_fs/chef_fs_data_store'
+require 'chef/chef_fs/config'
+require 'cheffish/chef_run_data'
+require 'cheffish/chef_run_listener'
+require 'chef/client'
+require 'chef/config'
+require 'chef_zero/version'
+require 'cheffish/merged_config'
+require 'chef/resource/chef_acl'
+require 'chef/resource/chef_client'
+require 'chef/resource/chef_container'
+require 'chef/resource/chef_data_bag'
+require 'chef/resource/chef_data_bag_item'
+require 'chef/resource/chef_environment'
+require 'chef/resource/chef_group'
+require 'chef/resource/chef_mirror'
+require 'chef/resource/chef_node'
+require 'chef/resource/chef_organization'
+require 'chef/resource/chef_role'
+require 'chef/resource/chef_user'
+require 'chef/resource/private_key'
+require 'chef/resource/public_key'
+require 'chef/provider/chef_acl'
+require 'chef/provider/chef_client'
+require 'chef/provider/chef_container'
+require 'chef/provider/chef_data_bag'
+require 'chef/provider/chef_data_bag_item'
+require 'chef/provider/chef_environment'
+require 'chef/provider/chef_group'
+require 'chef/provider/chef_mirror'
+require 'chef/provider/chef_node'
+require 'chef/provider/chef_organization'
+require 'chef/provider/chef_role'
+require 'chef/provider/chef_user'
+require 'chef/provider/private_key'
+require 'chef/provider/public_key'
+
+
+class Chef
+  module DSL
+    module Recipe
+      def with_chef_data_bag(name)
+        run_context.cheffish.with_data_bag(name, &block)
+      end
+
+      def with_chef_environment(name, &block)
+        run_context.cheffish.with_environment(name, &block)
+      end
+
+      def with_chef_data_bag_item_encryption(encryption_options, &block)
+        run_context.cheffish.with_data_bag_item_encryption(encryption_options, &block)
+      end
+
+      def with_chef_server(server_url, options = {}, &block)
+        run_context.cheffish.with_chef_server({ :chef_server_url => server_url, :options => options }, &block)
+      end
+
+      def with_chef_local_server(options, &block)
+        options[:host] ||= '127.0.0.1'
+        options[:log_level] ||= Chef::Log.level
+        options[:port] ||= ChefZero::VERSION.to_f >= 2.2 ? 8901.upto(9900) : 8901
+
+        # Create the data store chef-zero will use
+        options[:data_store] ||= begin
+          if !options[:chef_repo_path]
+            raise "chef_repo_path must be specified to with_chef_local_server"
+          end
+
+          # Ensure all paths are given
+          %w(acl client cookbook container data_bag environment group node role).each do |type|
+            options["#{type}_path"] ||= begin
+              if options[:chef_repo_path].kind_of?(String)
+                Chef::Util::PathHelper.join(options[:chef_repo_path], "#{type}s")
+              else
+                options[:chef_repo_path].map { |path| Chef::Util::PathHelper.join(path, "#{type}s")}
+              end
+            end
+          end
+
+          chef_fs = Chef::ChefFS::Config.new(options).local_fs
+          chef_fs.write_pretty_json = true
+          Chef::ChefFS::ChefFSDataStore.new(chef_fs)
+        end
+
+        # Start the chef-zero server
+        Chef::Log.info("Starting chef-zero on port #{options[:port]} with repository at #{options[:data_store].chef_fs.fs_description}")
+        chef_zero_server = ChefZero::Server.new(options)
+        chef_zero_server.start_background
+
+        run_context.cheffish.local_servers << chef_zero_server
+
+        with_chef_server(chef_zero_server.url, &block)
+      end
+
+      def get_private_key(name)
+        Cheffish.get_private_key(name, run_context.config)
+      end
+    end
+  end
+
+  class Config
+    default(:profile) { ENV['CHEF_PROFILE'] || 'default' }
+    configurable(:private_keys)
+    default(:private_key_paths) { [ Chef::Util::PathHelper.join(config_dir, 'keys'), Chef::Util::PathHelper.join(user_home, '.ssh') ] }
+    default(:private_key_write_path) { private_key_paths.first }
+  end
+
+  class RunContext
+    def cheffish
+      @cheffish ||= begin
+        run_data = Cheffish::ChefRunData.new(config)
+        events.register(Cheffish::ChefRunListener.new(self))
+        run_data
+      end
+    end
+
+    def config
+      @config ||= Cheffish.profiled_config(Chef::Config)
+    end
+  end
+
+  Chef::Client.when_run_starts do |run_status|
+    # Pulling on cheffish_run_data makes it initialize right now
+    run_status.run_context.cheffish
+  end
+
+end
+
+# Chef 12 moved Chef::Config.path_join to PathHelper.join
+if Chef::VERSION.to_i >= 12
+  require 'chef/util/path_helper'
+else
+  require 'chef/config'
+  class Chef
+    class Util
+      class PathHelper
+        def join(*args)
+          Chef::Config.path_join(*args)
+        end
+      end
+    end
+  end
+end

data/lib/cheffish/server_api.rb

@@ -0,0 +1,52 @@
+#
+# Author:: John Keiser (<jkeiser@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/version'
+require 'chef/http'
+require 'chef/http/authenticator'
+require 'chef/http/cookie_manager'
+require 'chef/http/decompressor'
+require 'chef/http/json_input'
+require 'chef/http/json_output'
+if Gem::Version.new(Chef::VERSION) >= Gem::Version.new('11.12')
+  require 'chef/http/remote_request_id'
+end
+
+module Cheffish
+  # Exactly like Chef::ServerAPI, but requires you to pass in what keys you want (no defaults)
+  class ServerAPI < Chef::HTTP
+
+    def initialize(url, options = {})
+      super(url, options)
+      root_url = URI.parse(url)
+      root_url.path = ''
+      @root_url = root_url.to_s
+    end
+
+    attr_reader :root_url
+
+    use Chef::HTTP::JSONInput
+    use Chef::HTTP::JSONOutput
+    use Chef::HTTP::CookieManager
+    use Chef::HTTP::Decompressor
+    use Chef::HTTP::Authenticator
+    if Gem::Version.new(Chef::VERSION) >= Gem::Version.new('11.12')
+      use Chef::HTTP::RemoteRequestID
+    end
+  end
+end