garcun 0.0.2

data/lib/garcon/chef/resource/blender.rb

@@ -0,0 +1,140 @@
+# encoding: UTF-8
+#
+# Author:    Stefano Harding <riddopic@gmail.com>
+# License:   Apache License, Version 2.0
+# Copyright: (C) 2014-2015 Stefano Harding
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider'
+
+module Garcon
+  module Resource
+    # Combine a resource and provider class for quick and easy oven baked
+    # goodness. Never has cooking been this fun since the invention of the
+    # grocery store!
+    #
+    # @example
+    #   class Chef::Resource::HouseKeeping < Chef::Resource
+    #     include Garcon(blender: true)
+    #
+    #     attribute :path,
+    #       kind_of: String,
+    #       name_attribute: true
+    #     attribute :message,
+    #       kind_of: String,
+    #       default: 'Clean the kitchen'
+    #
+    #     action :run do
+    #       file new_resource.path do
+    #         content new_resource.message
+    #       end
+    #     end
+    #   end
+    #
+    module Blender
+      # Coerce is_a? so that the DSL will consider this a Provider for the
+      # purposes of attaching enclosing_provider.
+      #
+      # @param klass [Class]
+      #
+      # @return [Boolean]
+      #
+      # @api private
+      def is_a?(klass)
+        klass == Chef::Provider ? true : super
+      end
+
+      # Coerce provider_for_action so that the resource is also the provider.
+      #
+      # @param action [Symbol]
+      #
+      # @return [Chef::Provider]
+      #
+      # @api private
+      def provider_for_action(action)
+        provider(self.class.blender_provider_class) unless provider
+        super
+      end
+
+      module ClassMethods
+        # Define a provider action. The block should contain the usual provider
+        # code.
+        #
+        # @param name [Symbol]
+        #   Name of the action.
+        #
+        # @param block [Proc]
+        #   Action implementation.
+        #
+        def action(name, &block)
+          blender_actions[name.to_sym] = block
+          actions(name.to_sym) if respond_to?(:actions)
+        end
+
+        # Storage accessor for blended action blocks. Maps action name to proc.
+        #
+        # @return [Hash<Symbol, Proc>]
+        #
+        # @api private
+        def blender_actions
+          (@blender_actions ||= {})
+        end
+
+        # Create a provider class for the blender actions in this resource.
+        # Inherits from the blender provider class of the resource's
+        # superclass if present.
+        #
+        # @return [Class]
+        #
+        # @api private
+        def blender_provider_class
+          @blender_provider_class ||= begin
+            provider_superclass = begin
+              self.superclass.blender_provider_class
+            rescue NoMethodError
+              Chef::Provider
+            end
+            actions = blender_actions
+            class_name = self.name
+            Class.new(provider_superclass) do
+              include Garcon
+              define_singleton_method(:name) { class_name + ' (blender)' }
+              actions.each do |action, block|
+                define_method(:"action_#{action}", &block)
+              end
+            end
+          end
+        end
+
+        # Hook called when module is included, extends a descendant with class
+        # and instance methods.
+        #
+        # @param [Module] descendant
+        #   The module or class including Garcon::Resource::Blender
+        #
+        # @return [self]
+        #
+        # @api private
+        def included(descendant)
+          super
+          descendant.extend ClassMethods
+        end
+      end
+
+      extend ClassMethods
+    end
+  end
+end
+

data/lib/garcon/chef/resource/lazy_eval.rb

@@ -0,0 +1,66 @@
+# encoding: UTF-8
+#
+# Author:    Stefano Harding <riddopic@gmail.com>
+# License:   Apache License, Version 2.0
+# Copyright: (C) 2014-2015 Stefano Harding
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Garcon
+  module Resource
+    # Resource mixin to allow lazyily-evaluated defaults in resource attributes.
+    #
+    module LazyEval
+      module ClassMethods
+        # Create a lazyily-evaluated block.
+        #
+        # @param [Proc] block
+        #   Callable to return the default value.
+        #
+        # @return [Chef::DelayedEvaluator]
+        #
+        def lazy(&block)
+          Chef::DelayedEvaluator.new(&block)
+        end
+
+        # Hook called when module is included, extends a descendant with class
+        # and instance methods.
+        #
+        # @param [Module] descendant
+        #   the module or class including Garcon::Resource::LazyEval
+        #
+        # @return [self]
+        #
+        def included(descendant)
+          super
+          descendant.extend ClassMethods
+        end
+      end
+
+      extend ClassMethods
+
+      # Override the default set_or_return to support lazy evaluation of the
+      # default value. This only actually matters when it is called from a class
+      # level context via #attributes.
+      #
+      def set_or_return(symbol, arg, validation)
+        if validation && validation[:default].is_a?(Chef::DelayedEvaluator)
+          validation = validation.dup
+          validation[:default] = instance_eval(&validation[:default])
+        end
+        super(symbol, arg, validation)
+      end
+    end
+  end
+end

data/lib/garcon/chef/resource/resource_name.rb

@@ -0,0 +1,109 @@
+# encoding: UTF-8
+#
+# Author:    Stefano Harding <riddopic@gmail.com>
+# License:   Apache License, Version 2.0
+# Copyright: (C) 2014-2015 Stefano Harding
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Garcon
+  module Resource
+    # Helper module to automatically set @resource_name.
+    #
+    # @example
+    #   class MyResource < Chef::Resource
+    #     include Garcon
+    #
+    #     provides :my_resource
+    #   end
+    #
+    module ResourceName
+      # Constructor for Chef::Resource::MyResource.
+      #
+      def initialize(*args)
+        super
+        if self.class.resource_name(false)
+          @resource_name = self.class.resource_name
+        else
+          @resource_name ||= self.class.resource_name
+        end
+      end
+
+      module ClassMethods
+        # Maps a resource/provider (and optionally a platform and version) to a
+        # Chef resource/provider. This allows finer grained per platform
+        # resource attributes and the end of overloaded resource definitions.
+        #
+        # @note
+        #   The provides method must be defined in both the custom resource and
+        #   custom provider files and both files must have identical provides
+        #   statement(s).
+        #
+        # @param [Symbol] name
+        #   Name of a Chef resource/provider to map to.
+        #
+        # @return [undefined]
+        #
+        def provides(name)
+          if self.name && respond_to?(:constantize)
+            old_constantize = instance_method(:constantize)
+            define_singleton_method(:constantize) do |name|
+              name == self.name ? self : old_constantize.bind(self).call(name)
+            end
+          end
+          @provides_name = name
+          super if defined?(super)
+        end
+
+        # Return the Snake case name of the current resource class. If not set
+        # explicitly it will be introspected based on the class name.
+        #
+        # @param [Boolean] auto
+        #   Try to auto-detect based on class name.
+        #
+        # @return [Symbol]
+        #
+        def resource_name(auto = true)
+          return @provides_name if @provides_name
+          @provides_name || if name && name.start_with?('Chef::Resource')
+            Garcon::Inflections.snakeify(name, 'Chef::Resource').to_sym
+          elsif name
+            Garcon::Inflections.snakeify(name.split('::').last).to_sym
+          end
+        end
+
+        # Used by Resource#to_text to find the human name for the resource.
+        #
+        def dsl_name
+          resource_name.to_s
+        end
+
+        # Hook called when module is included, extends a descendant with class
+        # and instance methods.
+        #
+        # @param [Module] descendant
+        #   the module or class including Garcon::Resource::ResourceName
+        #
+        # @return [self]
+        #
+        def included(descendant)
+          super
+          descendant.extend ClassMethods
+        end
+      end
+
+      extend ClassMethods
+    end
+  end
+end

data/lib/garcon/chef/secret_bag.rb

@@ -0,0 +1,204 @@
+# encoding: UTF-8
+#
+# Author:    Stefano Harding <riddopic@gmail.com>
+# License:   Apache License, Version 2.0
+# Copyright: (C) 2014-2015 Stefano Harding
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Garcon
+  # Library routine that returns an encrypted data bag value for a supplied
+  # string. The key used in decrypting the encrypted value should be located
+  # at node[:garcon][:secret][:key_path].
+  #
+  # Note that if node[:garcon][:devmode] is true, then the value of the index
+  # parameter is just returned as-is. This means that in developer mode, if a
+  # cookbook does this:
+  #
+  # @example
+  #   class Chef
+  #     class Recipe
+  #       include Garcon::SecretBag
+  #     end
+  #   end
+  #
+  #   admin = secret('bag_name', 'RoG+3xqKE23uc')
+  #
+  # That means admin will be 'RoG+3xqKE23uc'
+  #
+  # You also can provide a default password value in developer mode, like:
+  #
+  #   node.set[:garcon][:secret][:passwd] = 'mysql_passwd'
+  #   mysql_passwd = secret('passwords', 'eazypass')
+  #
+  #   The mysql_passwd will == 'eazypass'
+  #
+  module SecretBag
+    include Garcon::Exceptions
+
+    def secret(bag_name, index)
+      if node[:garcon][:devmode]
+        dev_secret(index)
+      else
+        case node[:garcon][:databag_type]
+        when :encrypted
+          encrypted_secret(bag_name, index)
+        when :standard
+          standard_secret(bag_name, index)
+        when :vault
+          vault_secret('vault_' + bag_name, index)
+        else
+          raise InvalidDataBagType
+        end
+      end
+    end
+
+    def encrypted_secret(bag_name, index)
+      key_path = node[:garcon][:secret][:key_path]
+      Chef::Log.info "Loading encrypted databag #{bag_name}.#{index} " \
+                     "using key at #{key_path}"
+      secret = Chef::EncryptedDataBagItem.load_secret key_path
+      Chef::EncryptedDataBagItem.load(bag_name, index, secret)[index]
+    end
+
+    def standard_secret(bag_name, index)
+      Chef::Log.info "Loading databag #{bag_name}.#{index}"
+      Chef::DataBagItem.load(bag_name, index)[index]
+    end
+
+    def vault_secret(bag_name, index)
+      begin
+        require 'chef-vault'
+      rescue LoadError
+        Chef::Log.warn "Missing gem 'chef-vault'"
+      end
+      Chef::Log.info "Loading vault secret #{index} from #{bag_name}"
+      ChefVault::Item.load(bag_name, index)[index]
+    end
+
+    # Return a password using either data bags or attributes for storage.
+    # The storage mechanism used is determined by the
+    # `node[:garcon][:use_databags]` attribute.
+    #
+    # @param [String] type
+    #   password type, can be `:user`, `:service`, `:db` or `:token`
+    #
+    # @param [String] keys
+    #   the identifier of the password
+    #
+    def get_password(type, key)
+      unless [:db, :user, :service, :token].include?(type)
+        Chef::Log.error "Unsupported type for get_password: #{type}"
+        return
+      end
+
+      if node[:garcon][:use_databags]
+        if type == :token
+          secret node[:garcon][:secret][:secrets_data_bag], key
+        else
+          secret node[:garcon][:secret]["#{type}_passwords_data_bag"], key
+        end
+      else
+        node[:garcon][:secret][key][type]
+      end
+    end
+
+    # Loads the encrypted data bag item and returns credentials for the
+    # environment or for a default key.
+    #
+    # @param [String] environment
+    #   The environment
+    #
+    # @param [String] source
+    #   The deployment source to load configuration for
+    #
+    # @return [Chef::DataBagItem]
+    #   The data bag item
+    #
+    def data_bag_config_for(environment, source)
+      data_bag_item = encrypted_data_bag_for(environment, DATA_BAG)
+
+      if data_bag_item.has_key?(source)
+        data_bag_item[source]
+      elsif DATA_BAG == source
+        data_bag_item
+      else
+        {}
+      end
+    end
+
+    # Looks for the given data bag in the cache and if not found, will load a
+    # data bag item named for the chef_environment, or '_wildcard' value.
+    #
+    # @param [String] environment
+    #   The environment.
+    #
+    # @param [String] data_bag
+    #   The data bag to load.
+    #
+    # @return [Chef::Mash]
+    #   The data bag item in Mash form.
+    #
+    def encrypted_data_bag_for(environment, data_bag)
+      @encrypted_data_bags = {} unless @encrypted_data_bags
+
+      if encrypted_data_bags[data_bag]
+        return get_from_data_bags_cache(data_bag)
+      else
+        data_bag_item = encrypted_data_bag_item(data_bag, environment)
+        data_bag_item ||= encrypted_data_bag_item(data_bag, WILDCARD)
+        data_bag_item ||= {}
+        @encrypted_data_bags[data_bag] = data_bag_item
+        return data_bag_item
+      end
+    end
+
+    # @return [Hash]
+    def encrypted_data_bags
+      @encrypted_data_bags
+    end
+
+    # Loads an entry from the encrypted_data_bags class variable.
+    #
+    # @param [String] dbag
+    #   The data bag to find.
+    #
+    # @return [type] [description]
+    #
+    def get_from_data_bags_cache(data_bag)
+      encrypted_data_bags[data_bag]
+    end
+
+    # Loads an EncryptedDataBagItem from the Chef server and
+    # turns it into a Chef::Mash, giving it indifferent access. Returns
+    # nil when a data bag item is not found.
+    #
+    # @param [String] dbag
+    # @param [String] dbag_item
+    #
+    # @raise [Chef::Garcon::DataBagEncryptionError]
+    #   When the data bag cannot be decrypted or transformed into a Mash for
+    #   some reason.
+    #
+    # @return [Chef::Mash]
+    #
+    def encrypted_data_bag_item(dbag, dbag_item)
+      Mash.from_hash(Chef::EncryptedDataBagItem.load(dbag, dbag_item).to_hash)
+    rescue Net::HTTPServerException
+      nil
+    rescue NoMethodError
+      raise DataBagEncryptionError.new
+    end
+  end
+end