knife-briefcase 0.0.1

data/lib/knife-briefcase.rb

@@ -0,0 +1,5 @@
+require "knife-briefcase/version"
+
+module KnifeBriefcase
+  # Your code goes here...
+end

data/lib/knife-briefcase/knife.rb

@@ -0,0 +1,69 @@
+require 'chef/knife'
+
+module KnifeBriefcase
+  module Knife
+    def self.deps
+      super do
+        yield if block_given?
+      end
+    end
+
+    def self.inherited(c)
+      super
+
+      c.class_eval do
+        deps do
+          require 'chef/data_bag'
+          require 'chef/data_bag_item'
+          require 'gpgme'
+          require 'highline'
+        end
+
+        category 'briefcase'
+        option :data_bag,
+               :long => '--data-bag DATA_BAG_NAME',
+               :description => 'Name of the data bag'
+      end
+    end
+
+    def data_bag_name
+      config[:data_bag] || Chef::Config[:briefcase_data_bag] || 'briefcase'
+    end
+
+    def signers
+      Chef::Config[:briefcase_signers]
+    end
+
+    def recipients
+      Chef::Config[:briefcase_holders]
+    end
+
+    def item_name
+      @name_args.first
+    end
+
+    def highline
+      super
+    rescue NameError
+      @highline ||= HighLine.new
+    end
+
+    def file
+      rv = @name_args[1]
+      rv == '-' ? nil : rv
+    end
+
+    private
+
+    def crypto
+      @crypto ||= GPGME::Crypto.new :armor => true, :passphrase_callback => method(:gpgme_passfunc)
+    end
+
+    def gpgme_passfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)
+      pass = highline.ask("GPG passphrase for #{uid_hint}: ") { |q| q.echo = '.' }
+      io = IO.for_fd(fd, 'w')
+      io.write "#{pass}\n"
+      io.flush
+    end
+  end
+end

data/lib/knife-briefcase/version.rb

@@ -0,0 +1,3 @@
+module KnifeBriefcase
+  VERSION = "0.0.1"
+end

data/spec/chef/knife/briefcase_delete_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+require 'tempfile'
+
+require 'chef/knife/briefcase_delete'
+
+describe Chef::Knife::BriefcaseDelete do
+  before do
+    knife_config do
+      briefcase_signers 'test+knife-briefcase-1@3ofcoins.net'
+      briefcase_holders [
+        'test+knife-briefcase-2@3ofcoins.net',
+        'test+knife-briefcase-1@3ofcoins.net' ]
+    end
+  end
+
+  it 'deletes a previously uploaded item' do
+    expect { knife('briefcase', 'put', 'an-item-id', __FILE__).zero? }
+    expect { ridley.data_bag.find('briefcase').item.find('an-item-id') }
+    expect { knife('briefcase', 'delete', '--yes', 'an-item-id').zero? }
+    deny { ridley.data_bag.find('briefcase').item.find('an-item-id') }
+  end
+
+  it 'fails when item does not exist' do
+    expect { rescuing { knife('briefcase', 'delete', '--yes', 'an-item-id') } }
+  end
+
+  it 'deletes multiple items' do
+    items = %w[item-1 item-2 item-3]
+    items.each do |item|
+      expect { knife('briefcase', 'put', item, __FILE__).zero? }
+    end
+
+    items.each do |item|
+      expect { ridley.data_bag.find('briefcase').item.find(item) }
+    end
+
+    expect { knife('briefcase', 'delete', '--yes', *items).zero? }
+
+    items.each do |item|
+      deny { ridley.data_bag.find('briefcase').item.find(item) }
+    end
+  end
+end

data/spec/chef/knife/briefcase_get_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+require 'tempfile'
+
+require 'chef/knife/briefcase_get'
+
+describe Chef::Knife::BriefcaseGet do
+  let(:file_path) { __FILE__ }
+
+  before do
+    knife_config do
+      briefcase_signers 'test+knife-briefcase-1@3ofcoins.net'
+      briefcase_holders [
+        'test+knife-briefcase-2@3ofcoins.net',
+        'test+knife-briefcase-1@3ofcoins.net' ]
+    end
+    expect { knife('briefcase', 'put', 'an-item-id', file_path).zero? }
+  end
+
+  it 'retrieves the stored encrypted file from the data bag' do
+    expect { knife('briefcase', 'get', 'an-item-id').zero? }
+    expect { knife_stdout == File.read(file_path) }
+  end
+
+  it 'writes to a provided file' do
+    Tempfile.open('output') do |outf|
+      expect { knife('briefcase', 'get', 'an-item-id', outf.path).zero? }
+      expect { outf.read == File.read(file_path) }
+    end
+  end
+
+  it 'writes to stdout for file named "-"' do
+    expect { knife('briefcase', 'get', 'an-item-id', '-').zero? }
+    expect { knife_stdout == File.read(file_path) }
+  end
+
+  it 'fails when it cannot verify signature' do
+    with_gnupg_home('without-1') do
+      deny { knife('briefcase', 'get', 'an-item-id').zero? }
+      expect { knife_stderr =~ /Cannot verify signature/ }
+    end
+  end
+end

data/spec/chef/knife/briefcase_list_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+require 'chef/knife/briefcase_list'
+
+describe Chef::Knife::BriefcaseList do
+  it "shows names of briefcase data bag's items" do
+    knife_config do
+      briefcase_signers 'test+knife-briefcase-1@3ofcoins.net'
+      briefcase_holders [
+        'test+knife-briefcase-2@3ofcoins.net',
+        'test+knife-briefcase-1@3ofcoins.net' ]
+    end
+    expect { knife('briefcase', 'put', 'an-item-id', __FILE__).zero? }
+    expect { knife('briefcase', 'list').zero? }
+    expect { knife_stdout =~ /an-item-id/ }
+  end
+end

data/spec/chef/knife/briefcase_put_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+require 'chef/knife/briefcase_put'
+
+describe Chef::Knife::BriefcasePut do
+  before do
+    knife_config do
+      briefcase_signers 'test+knife-briefcase-1@3ofcoins.net'
+      briefcase_holders [
+        'test+knife-briefcase-2@3ofcoins.net',
+        'test+knife-briefcase-1@3ofcoins.net' ]
+    end
+  end
+
+  it 'stores encrypted file to a data bag' do
+    expect { knife('briefcase', 'put', 'an-item-id', __FILE__).zero? }
+
+    briefcase = ridley.data_bag.find('briefcase')
+    expect { briefcase }
+
+    item = briefcase.item.find('an-item-id')
+    expect { item }
+    expect { item['id'] == 'an-item-id' }
+    expect { item['content'] =~ /^-----BEGIN PGP MESSAGE-----/ }
+
+    executed_block = false
+    expect { crypto.decrypt(GPGME::Data.from_str(item['content'])).to_s == File.read(__FILE__) }
+
+    _verify_yields = false
+    expect { crypto.verify(GPGME::Data.from_str(item['content'])) { |sig| _verify_yields = true ; sig.valid? } }
+    expect { _verify_yields }
+  end
+
+  it 'reads from stdin when no file given' do
+    @knife_stdin = 'whatever'
+    expect { knife('briefcase', 'put', 'an-item-id').zero? }
+
+    encrypted = ridley.data_bag.find('briefcase').item.find('an-item-id')['content']
+    expect { crypto.decrypt(GPGME::Data.from_str(encrypted)).to_s == 'whatever' }
+  end
+
+  it 'reads from stdin for file named "-"' do
+    @knife_stdin = 'whatever'
+    expect { knife('briefcase', 'put', 'an-item-id', '-').zero? }
+
+    encrypted = ridley.data_bag.find('briefcase').item.find('an-item-id')['content']
+    expect { crypto.decrypt(GPGME::Data.from_str(encrypted)).to_s == 'whatever' }
+  end
+
+  it 'overwrites previously stored value' do
+    spec_helper = Pathname.new(__FILE__).dirname.dirname.dirname.join('spec_helper.rb')
+
+    expect { knife('briefcase', 'put', 'an-item-id', __FILE__).zero? }
+    expect { knife('briefcase', 'put', 'an-item-id', spec_helper.to_s).zero? }
+
+    encrypted = ridley.data_bag.find('briefcase').item.find('an-item-id')['content']
+    deny { crypto.decrypt(GPGME::Data.from_str(encrypted)).to_s == File.read(__FILE__) }
+    expect { crypto.decrypt(GPGME::Data.from_str(encrypted)).to_s == spec_helper.read }
+  end
+end

data/spec/chef/knife/briefcase_reload_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+require 'chef/knife/briefcase_reload'
+
+describe Chef::Knife::BriefcaseReload do
+  let(:file_path) { __FILE__ }
+
+  it "re-encrypts data bag's items" do
+    knife_config do
+      briefcase_signers 'test+knife-briefcase-2@3ofcoins.net'
+      briefcase_holders [ 'test+knife-briefcase-1@3ofcoins.net' ]
+    end
+    expect { knife('briefcase', 'put', 'an-item-id', file_path).zero? }
+
+    with_gnupg_home('without-1') do
+      deny { knife('briefcase', 'get', 'an-item-id').zero? }
+    end
+
+    knife_config do
+      briefcase_holders [
+        'test+knife-briefcase-2@3ofcoins.net',
+        'test+knife-briefcase-1@3ofcoins.net' ]
+    end
+
+    expect { knife('briefcase', 'reload', 'an-item-id').zero? }
+
+    with_gnupg_home('without-1') do
+      expect { knife('briefcase', 'get', 'an-item-id').zero? }
+      expect { knife_stdout == File.read(file_path) }
+    end
+  end
+end

data/spec/fixtures/.gitignore

@@ -0,0 +1 @@
+/gnupg*/random_seed

data/spec/fixtures/briefcase.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAoNxmevJz7m3Qe8+aWjamx2pLzr8MM3gNakOo6yd7ap3416uF
+S2eTfNSn7Hbr8JEztFqzgBho/UiU7Dg4rKQezKgzRM/SGWtLVJgJPfHNKPllfOLp
+nxWzv+TlZXNX0C64ebK9t4PFaDEiEMKL/XGyd7zCk9eA8A2AEXkpKkMv3xCRQgHu
+9bhgFxTWZa1EvPsXihx7JSN2gjBfnfYobnLjeIHj2B+Mj5c2L93zB6m4C4qIE5hj
+ipgRkr0o8BS9RqJ88cmZtEMqm/ZsxyTFi10LTPqIhdAnq67Trr0ORfeIyR9H/AnY
+MuLUTwME0PikPdmyrt9uTZ/a1R2EHrJDI10HzwIDAQABAoIBAHegD/IEleRM9Aru
+80l9dP+9c8y3VLp93/QThu4BeY1rFyBD5KeTyiG9/3chZQqM4NeR0AVFoeYh8OXO
+VY9FqcXmm+HjbsoKeYXaXp0bUcfT1/5MvRHaUMc20MVmRnqCFBwkqWNs8gQu7bdr
+BjIfOGpFDKpnS/K5B3F3Gf7c4h/Og2szNOgASUdS4rOvOvSkI0VDz8TQ7FLZN0rp
+EQUs/+X5kehqdFVGLZ05Z9AOLb77+Qq4i8JUuS3eZHtjFf8byQYs3fOkIN2WBuYB
+U/oNH4y4hu5RBTdciRExByHGWRylgvpbI/su7Xmxz6g+HnGbfHk8y1kTisCsh8eS
+xi4DzhECgYEAzhqFkyHi74rTGCHjmjOAT1a/T59r4r6rPp6rYds3J3S8CX8hSX91
+0+VjUQzQAaEpDRuhivCMFoph4a+BkOcpIpVxr/4TBhevHmMiDE5930MvwH6wiULM
+Fa3/DObo8T2VIZL7RJhyBtsqfuzGQUPqrZzBBsKGaknOPwFuTzV4oecCgYEAx83r
+Q2bCwncr8x/y9ZqSRGn5xJ/NtL3FUOFJcR4yvc+wp1lywzV5a2RHtTEYTfho2C8w
+F7KXDZ5oLVTXjlWfA5Yrt1il2kQrjGoHbhn2P8it8NIr5ZIwWSyAdpYCD0ZWaGfh
+NRcORkbW3H9R+lgkEkxpYNC6wXM62Fy7DwjCfdkCgYEAxrdjmpzNhVBAf8ANBpwp
+VlW5VzfKeXCFA3dQnqUR5IT01+MvYQH3xToiK/9Cfo+4WN8PPjr3lrQN89+X+PIo
+AyQ73QgHp5QmUBIcvejgC+dnnx2HcJBq3WxJwVLRvec2Zoykn1qsdlfR/ValQEAP
+gRzmL3JWzxwiMzVZ+h0AFnkCgYBf7NTOfz9x7ZUEHIqgr50Zi2eGptIzvAhHVGHW
+FRF3X4cIUUFvxvSMQpDKxM9OX7y2TbFhLzSmLS8G1HzIsQKuziIe3EiECcZ+m0kF
+6yD2bnpT7BN3HEBqD5t9U3eZrcM+TOEqg+8ufkQZiGbrMfXfcyAEgzGmPpQ53AtS
+pHn7wQKBgH9HraJ2VQQBSt146Ui0M2ZQTe1xs5FZG8bK6zLRQRa1JhZiMRcykONL
+mp4YJxm5GKDIL2M8NC97R5W5P1D6lCDyBWDhnCgwkRFn7Hbe7Styam8K0G2naZC4
+psJp5QUEswOerf94tIZ0FGVM6yBX0eydEsOPeVRaE/EYyJvwYRZS
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/gnupg.1/.gitignore

@@ -0,0 +1 @@
+S.gpg-agent

data/spec/fixtures/gnupg.2/.gitignore

@@ -0,0 +1 @@
+S.gpg-agent

data/spec/fixtures/gnupg.without-1/.gitignore

@@ -0,0 +1 @@
+S.gpg-agent

data/spec/fixtures/gnupg/.gitignore

@@ -0,0 +1 @@
+S.gpg-agent

data/spec/fixtures/knife.rb

@@ -0,0 +1,4 @@
+$__KNIFE_INTEGRATION_FAILSAFE_CHECK << " ole"
+
+node_name         'briefcase'
+client_key        File.join(File.dirname(__FILE__), 'briefcase.pem')

data/spec/knife-briefcase/version_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+# A smoke test spec to make sure tests actually work
+
+module KnifeBriefcase
+  describe VERSION do
+    it 'is equal to itself' do
+      expect { VERSION == KnifeBriefcase::VERSION }
+    end
+  end
+end

data/spec/knife_helper.rb

@@ -0,0 +1,140 @@
+# Modified from: https://github.com/jkeiser/knife-essentials/blob/master/spec/support/knife_support.rb
+
+require 'logger'
+require 'pathname'
+require 'shellwords'
+
+require 'chef_zero/server'
+require 'chef/application/knife'
+require 'chef/config'
+require 'chef/knife'
+require 'chef/log'
+
+module KnifeBriefcase
+  module Spec
+    module KnifeHelper
+      extend MiniTest::Spec::DSL
+
+      class << self
+        def chef_zero_server?
+          !!@chef_zero_server
+        end
+
+        def chef_zero_server
+          @chef_zero_server ||= start_chef_zero_server!
+        end
+
+        def chef_zero_port
+          @chef_zero_port ||= chef_zero_server.
+            server.
+            instance_variable_get(:@ios).
+            find { |io| io.class == TCPServer }.
+            addr[1]
+        end
+
+        private
+
+        def start_chef_zero_server!
+          @chef_zero_server = @chef_zero_port = nil
+          server = ChefZero::Server.new(:port => 0)
+          server.start_background
+          server
+        end
+      end
+
+      DEBUG = !!ENV['DEBUG']
+
+      before do
+        if ::KnifeBriefcase::Spec::KnifeHelper.chef_zero_server?
+          ::KnifeBriefcase::Spec::KnifeHelper.chef_zero_server.clear_data
+        end
+        @chef_configuration = Chef::Config.configuration.dup
+      end
+
+      after do
+        Chef::Config.configuration = @chef_configuration
+      end
+
+      def knife_config(&block)
+        Chef::Config.instance_eval(&block)
+      end
+
+      def chef_server_url
+        "http://127.0.0.1:#{KnifeHelper::chef_zero_port}/"
+      end
+
+      attr_reader :knife_stdout, :knife_stderr
+      attr_accessor :knife_stdin
+
+      def knife(*args, &block)
+        args = Shellwords.split(args.first) if args.length == 1
+        Dir.mktmpdir('checksums') do |checksums_cache_dir|
+          Chef::Config[:cache_options] = {
+            :path => checksums_cache_dir,
+            :skip_expires => true
+          }
+
+          # This is Chef::Knife.run without load_commands--we'll load stuff
+          # ourselves, thank you very much
+          stdout = StringIO.new
+          stderr = StringIO.new
+          stdin = knife_stdin ? StringIO.new(knife_stdin) : STDIN
+          old_loggers = Chef::Log.loggers
+          old_log_level = Chef::Log.level
+          begin
+            puts "knife: #{args.join(' ')}" if DEBUG
+            subcommand_class = Chef::Knife.subcommand_class_from(args)
+            subcommand_class.options = Chef::Application::Knife.options.merge(subcommand_class.options)
+            subcommand_class.load_deps
+            instance = subcommand_class.new(args)
+
+            # Capture stdout/stderr
+            instance.ui = Chef::Knife::UI.new(stdout, stderr, stdin, instance.config)
+
+            # Don't print stuff
+            Chef::Config[:verbosity] = ( DEBUG ? 2 : 0 )
+            instance.config[:config_file] = Pathname.new(__FILE__).dirname.join('fixtures', 'knife.rb').to_s
+            instance.config[:chef_server_url] = chef_server_url
+
+
+            # Configure chef with a (mostly) blank knife.rb
+            # We set a global and then mutate it in our stub knife.rb so we can be
+            # extra sure that we're not loading someone's real knife.rb and then
+            # running test scenarios against a real chef server. If things don't
+            # smell right, abort.
+
+            $__KNIFE_INTEGRATION_FAILSAFE_CHECK = "ole"
+            instance.configure_chef
+
+            unless $__KNIFE_INTEGRATION_FAILSAFE_CHECK == "ole ole"
+              raise Exception, "Potential misconfiguration of integration tests detected. Aborting test."
+            end
+            logger = Logger.new(stderr)
+            logger.formatter = proc { |severity, datetime, progname, msg| "#{severity}: #{msg}\n" }
+            Chef::Log.use_log_devices([logger])
+            Chef::Log.level = ( DEBUG ? :debug : :warn )
+            Chef::Log::Formatter.show_time = false
+
+            instance.run
+
+            exit_code = 0
+
+            # This is how rspec catches exit()
+          rescue SystemExit => e
+            exit_code = e.status
+          ensure
+            Chef::Log.use_log_devices(old_loggers)
+            Chef::Log.level = old_log_level
+          end
+
+
+          @knife_stdout = stdout.string
+          @knife_stderr = stderr.string
+
+          puts "STDOUT:\n#{knife_stdout}\n\nSTDERR:\n#{knife_stderr}" if DEBUG
+          exit_code
+        end
+      end
+    end
+  end
+end