knife-art 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c19783dc7672ed6332889e731bc7381e4cbb63d6
+  data.tar.gz: '0903aec7e346817090c7021a3ef5334f5d29f99f'
+SHA512:
+  metadata.gz: d37ef408132931d8bafeb96921e6ab7a742b34df5e55c74e4dc8017713897fb5a7688705b92b06ec9bc1e9769d5d917c0ec63b48d565a48dd3bf073492ddd68c
+  data.tar.gz: 7db7629d2ddfd2e75be70130d49f96b7a71e9d60645759543bc3eaa2f57e36a9643e4ea0ce32fcaa89eb8d5048be579b505fe6f2a4a79c0dcd97aff66f0b2740

data/lib/chef/knife/artifactory_show.rb

@@ -0,0 +1,16 @@
+
+require 'chef/knife'
+require 'chef/knife/cookbook_site_show'
+
+class Chef
+  class Knife
+    class ArtifactoryShow < Knife::CookbookSiteShow
+
+      dependency_loaders.concat(superclass.dependency_loaders)
+      options.merge!(superclass.options)
+
+      banner "knife artifactory show COOKBOOK [VERSION] (options)"
+      category "artifactory"
+    end
+  end
+end

data/lib/chef/knife/knife_art_download.rb

@@ -0,0 +1,79 @@
+# Overrides the default Chef::Knife::CookbookSiteShare to allow basic authentication against an Artifactory backend.
+# Ideally we would like to use a mechanism that allows injecting pluggable authentication middleware into the Chef::Http
+# REST clients, but in the interest of allowing not-only-newest knife client versions to work with Artifactory we chose
+# this solution for now.
+
+require 'chef/knife'
+require 'chef/knife/cookbook_site_download'
+require 'knife-art/knife_art_utils'
+
+class Chef
+  class Knife
+    class ArtifactoryDownload < Knife::CookbookSiteDownload
+
+      dependency_loaders.concat(superclass.dependency_loaders)
+      options.merge!(superclass.options)
+
+      banner "knife artifactory download COOKBOOK [VERSION] (options)"
+      category "artifactory"
+
+      alias_method :orig_run, :run
+      alias_method :orig_download_cookbook, :download_cookbook
+      alias_method :orig_current_cookbook_data, :current_cookbook_data
+      alias_method :orig_desired_cookbook_data, :desired_cookbook_data
+
+      def run
+        config[:artifactory_download] = true
+        Chef::Log.debug("[KNIFE-ART] running site download with config: #{config}")
+        orig_run
+      end
+
+      private
+
+      def current_cookbook_data
+        unless config[:artifactory_download]
+          Chef::Log.debug('[KNIFE-ART] ArtifactoryDownload::current_cookbook_data called without artifactory flag, delegating to super')
+          return orig_current_cookbook_data
+        end
+        @current_cookbook_data ||= begin
+          noauth_rest.get("#{cookbooks_api_url}/#{@name_args[0]}", auth_header)
+        end
+      end
+
+      def desired_cookbook_data
+        unless config[:artifactory_download]
+          Chef::Log.debug('[KNIFE-ART] ArtifactoryDownload::desired_cookbook_data called without artifactory flag, delegating to super')
+          return orig_desired_cookbook_data
+        end
+        @desired_cookbook_data ||= begin
+                                     uri = if @name_args.length == 1
+                                              current_cookbook_data["latest_version"]
+                                           else
+                                              specific_cookbook_version_url
+                                           end
+
+          noauth_rest.get(uri, auth_header)
+        end
+      end
+
+      def download_cookbook
+        unless config[:artifactory_download]
+          Chef::Log.debug('[KNIFE-ART] ArtifactoryDownload::download_cookbook called without artifactory flag, delegating to super')
+          return orig_download_cookbook
+        end
+        ui.info "Downloading #{@name_args[0]} from Supermarket at version #{version} to #{download_location}"
+        tf = noauth_rest.streaming_request(desired_cookbook_data["file"], auth_header)
+
+        ::FileUtils.cp tf.path, download_location
+        ui.info "Cookbook saved: #{download_location}"
+      end
+
+      def auth_header
+        @auth_header ||= begin
+                            ::Knife::KnifeArt::KnifeArtUtils.auth_header_from(cookbooks_api_url)
+                         end
+      end
+
+    end
+  end
+end

data/lib/chef/knife/knife_art_install.rb

@@ -0,0 +1,46 @@
+# Overrides the default Chef::Knife::CookbookSiteInstall to allow basic authentication against an Artifactory backend.
+# Ideally we would like to use a mechanism that allows injecting pluggable authentication middleware into the Chef::Http
+# REST clients, but in the interest of allowing not-only-newest knife client versions to work with Artifactory we chose
+# this solution for now.
+
+
+require 'chef/knife'
+require 'chef/knife/cookbook_site_install'
+
+class Chef
+  class Knife
+    class ArtifactoryInstall < Knife::CookbookSiteInstall
+
+      dependency_loaders.concat(superclass.dependency_loaders)
+      options.merge!(superclass.options)
+
+      banner "knife artifactory install COOKBOOK [VERSION] (options)"
+      category "artifactory"
+
+      alias_method :orig_run, :run
+      alias_method :orig_download_cookbook_to, :download_cookbook_to
+
+      def run
+        config[:artifactory_install] = true
+        Chef::Log.debug("[KNIFE-ART] running site install with config: #{config}")
+        orig_run
+      end
+
+      private
+
+      def download_cookbook_to(download_path)
+        unless config[:artifactory_install]
+          Chef::Log.debug('[KNIFE-ART] ArtifactoryInstall::download_cookbook_to called without artifactory flag, delegating to super')
+          return orig_download_cookbook_to(download_path)
+        end
+        downloader = Chef::Knife::ArtifactoryDownload.new
+        downloader.config[:file] = download_path
+        downloader.config[:supermarket_site] = config[:supermarket_site]
+        downloader.name_args = name_args
+        downloader.run
+        downloader
+      end
+
+    end
+  end
+end

data/lib/chef/knife/knife_art_list.rb

@@ -0,0 +1,16 @@
+
+require 'chef/knife'
+require 'chef/knife/cookbook_site_list'
+
+class Chef
+  class Knife
+    class ArtifactoryList < Knife::CookbookSiteList
+
+      dependency_loaders.concat(superclass.dependency_loaders)
+      options.merge!(superclass.options)
+
+      banner "knife artifactory list (options)"
+      category "artifactory"
+    end
+  end
+end

data/lib/chef/knife/knife_art_search.rb

@@ -0,0 +1,16 @@
+
+require 'chef/knife'
+require 'chef/knife/cookbook_site_search'
+
+class Chef
+  class Knife
+    class ArtifactorySearch < Knife::CookbookSiteSearch
+
+      dependency_loaders.concat(superclass.dependency_loaders)
+      options.merge!(superclass.options)
+
+      banner "knife artifactory search QUERY (options)"
+      category "artifactory"
+    end
+  end
+end

data/lib/chef/knife/knife_art_share.rb

@@ -0,0 +1,117 @@
+# The purpose of this class is double:
+# 1. allow passing flags to the super class so that the do_upload method of this
+#    class is called and that signing key verification is skipped by the underlying Chef::HTTP::Authenticator that's
+#    used with the rest client (see comment below).
+# 2. Override (monkey patch) the required methods in Chef::HTTP::Authenticator and Knife::CookbookSiteShare
+#    to allow inserting our own logic that deploys a cookbook to Artifactory.
+#
+# The Supermarket API is kept (post /api/v1/cookbooks/cookbook_name) by Artifactory although it does not currently
+# return a correct response (it simply returns 200) due to performance considerations.
+
+
+require 'chef/knife'
+require 'chef/knife/cookbook_site_share'
+
+class Chef
+  class Knife
+    class ArtifactoryShare < Knife::CookbookSiteShare
+
+      dependency_loaders.concat(superclass.dependency_loaders)
+      options.merge!(superclass.options)
+
+      banner "knife artifactory share COOKBOOK [CATEGORY] (options)"
+      category "artifactory"
+
+      alias_method :orig_run, :run
+      alias_method :orig_get_category, :get_category
+      alias_method :orig_do_upload, :do_upload
+
+      def run
+        begin
+        # I'm forced to use threadlocal until we find a better solution... can't really find a way to pass configuration
+        # down to the Chef::CookbookUploader, Chef::ServerAPI, Chef::HTTP or Chef::HTTP::Authenticator
+        # (which are created one after another starting) with CookbookUploader to make it skip the signing key verification.
+        # Can make the authenticator skip by passing load_signing_key(nil, nil) and opts[:sign_request] => false
+        Thread.current[:artifactory_deploy] = 'yes'
+        # Send artifactory deploy flag to super
+        config[:artifactory_deploy] = true
+        Chef::Log.debug("[KNIFE-ART] running site share with config: #{config}")
+        orig_run
+        ensure
+          # always cleanup threadlocal
+          Thread.current[:artifactory_deploy] = nil
+        end
+      end
+
+      private
+
+      # Pretty much copy paste of the original, just with authentication on the rest client...
+      def get_category(cookbook_name)
+        # Use Artifactory deployment logic only if flag sent by Artifactory plugin
+        unless config[:artifactory_deploy]
+          Chef::Log.debug('[KNIFE-ART] ArtifactoryShare::get_category called without artifactory flag, delegating to super')
+          return orig_get_category(cookbook_name)
+        end
+        begin
+          data = noauth_rest.get("#{config[:supermarket_site]}/api/v1/cookbooks/#{@name_args[0]}")
+          if data.nil?
+            return data["category"]
+          else
+            return 'Other'
+          end
+        rescue => e
+          return "Other" if e.kind_of?(Net::HTTPServerException) && e.response.code == "404"
+          ui.fatal("Unable to reach Supermarket: #{e.message}. Increase log verbosity (-VV) for more information.")
+          Chef::Log.debug("\n#{e.backtrace.join("\n")}")
+          exit(1)
+        end
+
+      end
+
+      def do_upload(cookbook_filename, cookbook_category, user_id, user_secret_filename)
+        # Use Artifactory deployment logic only if flag sent by Artifactory plugin
+        unless config[:artifactory_deploy]
+          Chef::Log.debug('[KNIFE-ART] ArtifactoryShare::do_upload called without artifactory flag, delegating to super')
+          orig_do_upload(cookbook_filename, cookbook_category, user_id, user_secret_filename)
+          return
+        end
+        # cookbook_filename is set as tempDir/cookbook_name in parent
+        cookbook_name = cookbook_filename.split('/')[-1]
+        uri = "#{config[:supermarket_site]}/api/v1/cookbooks/#{cookbook_name}"
+        uri += "?category=#{cookbook_category}" if cookbook_category
+        Chef::Log.debug("[KNIFE-ART] Deploying cookbook #{cookbook_name} to Artifactory url at #{uri}")
+        # This guy throws an exception and consumes the request body upon non-ok http code, and deprives us of the
+        # ability to do anything with the response itself... i'm letting the parent catch it and terminate.
+        # debug log will be able to show the response Artifactory returned in case of errors.
+        file_contents = File.open(cookbook_filename, "rb") { |f| f.read }
+        # no need to send auth header here, 'normal' HTTP client uses url with credentials from config
+        rest.post(uri, file_contents, {"content-type" => "application/x-binary"})
+      end
+
+    end
+  end
+end
+
+# Chef::Http::Authenticator monkeypatch to allow skipping signing key verification when deploying to Artifactory
+class Chef
+  class HTTP
+    class Authenticator
+
+      alias_method :orig_load_signing_key, :load_signing_key
+
+      def load_signing_key(key_file, raw_key = nil)
+        Chef::Log.debug("[KNIFE-ART] global var: #{Thread.current[:artifactory_deploy]}")
+        if Thread.current.key?(:artifactory_deploy) and Thread.current[:artifactory_deploy].eql? 'yes'
+          Chef::Log.debug('[KNIFE-ART] Artifactory plugin substituting for Chef::Http::Authenticator --> omitting signing key usage')
+          @sign_request = false
+          @raw_key = ''
+          @key = ''
+        else
+          # Artifactory flag not present, call original implementation
+          orig_load_signing_key(key_file, raw_key)
+        end
+      end
+
+    end
+  end
+end

data/lib/chef/knife/knife_art_unshare.rb

@@ -0,0 +1,66 @@
+# More or less copy-pasted from cookbook_site_unshare because the http call happens inside the run method, not much
+# sense in extending it
+
+require 'chef/knife'
+
+class Chef
+  class Knife
+    class ArtifactoryUnshare < Knife
+
+      deps do
+        require "chef/json_compat"
+      end
+
+      banner "knife artifactory unshare COOKBOOK VERSION"
+      category "artifactory"
+
+      option :supermarket_site,
+             :short => "-m SUPERMARKET_SITE",
+             :long => "--supermarket-site SUPERMARKET_SITE",
+             :description => "Supermarket Site",
+             :default => "https://supermarket.chef.io",
+             :proc => Proc.new { |supermarket| Chef::Config[:knife][:supermarket_site] = supermarket }
+
+      def run
+        @cookbook_name = @name_args[0]
+        if @cookbook_name.nil?
+          show_usage
+          ui.fatal "You must provide the name of the cookbook to unshare"
+          exit 1
+        end
+        @cookbook_version = @name_args[1]
+        if @cookbook_version.nil?
+          show_usage
+          ui.fatal "You must provide a version to unshare"
+          exit 1
+        end
+
+        confirm "Are you sure you want to delete version #{@cookbook_version} of the cookbook #{@cookbook_name} from Artifactory"
+
+        begin
+          url = "#{cookbooks_api_url}/#{@cookbook_name}/#{@cookbook_version}"
+          noauth_rest.delete(url, auth_header)
+        rescue Net::HTTPServerException => e
+          raise e unless (e.message =~ /Forbidden/ || e.message =~ /Unauthorized/)
+          ui.error "Forbidden: You must have delete permissions on the target repo to delete #{@cookbook_name}."
+          exit 1
+        end
+
+        ui.info "Deleted version #{@cookbook_version} of the cookbook #{@cookbook_name}"
+      end
+
+      private
+
+      def cookbooks_api_url
+        "#{config[:supermarket_site]}/api/v1/cookbooks"
+      end
+
+      def auth_header
+        @auth_header ||= begin
+          ::Knife::KnifeArt::KnifeArtUtils.auth_header_from(cookbooks_api_url)
+        end
+      end
+
+    end
+  end
+end

data/lib/knife-art/knife_art_utils.rb

@@ -0,0 +1,26 @@
+require 'base64'
+
+module Knife
+  module KnifeArt
+    class KnifeArtUtils
+
+      def self.auth_header_from(uri)
+        Chef::Log.debug("[KNIFE-ART] in util, got url: #{uri}")
+        begin
+        url = URI.parse(uri.gsub(%r{/+$}, ""))
+        Chef::Log.debug("[KNIFE-ART] in util, parsed url: #{uri}")
+        if url.user and url.password
+          user = URI.unescape(url.user)
+          password = URI.unescape(url.password)
+          return {"Authorization" => "Basic " + Base64.strict_encode64("#{user}:#{password}")}
+        end
+        {}
+        end
+      rescue Exception => e
+        Chef::Log.warn("[KNIFE-ART] Unable to parse url: #{uri} --> #{e.message}")
+        {}
+      end
+
+    end
+  end
+end

data/lib/knife-art/version.rb

@@ -0,0 +1,3 @@
+module KnifeArt
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,54 @@
+--- !ruby/object:Gem::Specification
+name: knife-art
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Dan Feldman
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-02-21 00:00:00.000000000 Z
+dependencies: []
+description: Enables basic authentication support for share and upload operations
+  to Artifactory when it serves as a Supermarket.
+email:
+- art-dev@jfrog.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/chef/knife/artifactory_show.rb
+- lib/chef/knife/knife_art_download.rb
+- lib/chef/knife/knife_art_install.rb
+- lib/chef/knife/knife_art_list.rb
+- lib/chef/knife/knife_art_search.rb
+- lib/chef/knife/knife_art_share.rb
+- lib/chef/knife/knife_art_unshare.rb
+- lib/knife-art/knife_art_utils.rb
+- lib/knife-art/version.rb
+homepage: https://github.com/JFrogDev/knife-art
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: Artifactory integration for Knife
+test_files: []