knife-ec-backup 2.0.0.beta.2 → 2.0.0.beta.3

data/lib/chef/server.rb

@@ -0,0 +1,38 @@
+require 'uri'
+require 'openssl'
+
+class Chef
+  class Server
+
+    attr_accessor :root_url
+    def initialize(root_url)
+      @root_url = root_url
+    end
+
+    def self.from_chef_server_url(url)
+      url = url.gsub(/\/organizations\/+[^\/]+\/*$/, '')
+      Chef::Server.new(url)
+    end
+
+    def version
+      @version ||= begin
+                     uri = URI.parse("#{root_url}/version")
+                     ver_line = open(uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}).each_line.first
+                     ver_string = ver_line.split(' ').last
+                     ver_string = ver_string.gsub(/\+.*$/, '')
+                     Gem::Version.new(ver_string)
+                   end
+    end
+
+    def supports_user_acls?
+      version >= Gem::Version.new("11.0.1")
+    end
+
+    def direct_account_access?
+      Chef::REST.new("http://127.0.0.1:9465").get("users")
+      true
+    rescue
+      false
+    end
+  end
+end

data/lib/knife_ec_backup/version.rb

@@ -1,3 +1,3 @@
 module KnifeECBackup
-  VERSION = '2.0.0.beta.2'
+  VERSION = '2.0.0.beta.3'
 end

data/spec/chef/knife/ec_backup_spec.rb

@@ -0,0 +1,158 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
+require 'chef/knife/ec_backup'
+require 'fakefs/spec_helpers'
+
+describe Chef::Knife::EcBackup do
+  USER_RESPONSE = {
+    "foo" => "organizations/bar/users/foo",
+    "bar" => "organizations/bar/users/bar"
+  }
+
+  ORG_RESPONSE = {
+    "foo" => "organizations/bar",
+    "bar" => "organizations/foo"
+  }
+
+  def org_response(name, unassigned=false)
+    r = { "name" => name,
+      "full_name" => name,
+      "org_type" => "Business",
+      "clientname" => "#{name}-validator",
+      "guid" => "994191e436b740c9b229e64dc9a57517",
+      "chargify_subscription_id" => nil,
+      "chargify_customer_id" => nil,
+      "billing_plan" => "platform-free"
+    }
+    r['assigned_at'] = "2014/11/21 11:23:57 +0000" unless unassigned
+    r
+  end
+
+  before(:each) do
+    Chef::Knife::EcBackup.load_deps
+    @knife = Chef::Knife::EcBackup.new
+    @rest = double('Chef::Rest')
+    allow(@knife).to receive(:rest).and_return(@rest)
+    allow(@knife).to receive(:user_acl_rest).and_return(@rest)
+  end
+
+  describe "#for_each_user" do
+    it "iterates over remote users" do
+      allow(@rest).to receive(:get_rest).with("/users").and_return(USER_RESPONSE)
+      expect{ |b| @knife.for_each_user(&b) }.to yield_successive_args(["foo", USER_RESPONSE["foo"]], ["bar", USER_RESPONSE["bar"]])
+    end
+  end
+
+  describe "#for_each_organization" do
+    before(:each) do
+      allow(@rest).to receive(:get_rest).with("/organizations").and_return(ORG_RESPONSE)
+    end
+
+    it "iterates over remote organizations" do
+      allow(@rest).to receive(:get_rest).with("organizations/bar").and_return(org_response("bar"))
+      allow(@rest).to receive(:get_rest).with("organizations/foo").and_return(org_response("foo"))
+      expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"), org_response("foo"))
+    end
+
+    it "skips unassigned (precreated) organizations on Chef Server 11" do
+      server = double('Chef::Server')
+      allow(Chef::Server).to receive(:new).and_return(server)
+      allow(server).to receive(:version).and_return(Gem::Version.new("11.12.3"))
+      allow(@rest).to receive(:get_rest).with("organizations/bar").and_return(org_response("bar"))
+      allow(@rest).to receive(:get_rest).with("organizations/foo").and_return(org_response("foo", true))
+      expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"))
+    end
+
+    it "includes *all* organizations on Chef Server 12" do
+      server = double('Chef::Server')
+      allow(Chef::Server).to receive(:new).and_return(server)
+      allow(server).to receive(:version).and_return(Gem::Version.new("12.0.0"))
+      allow(@rest).to receive(:get_rest).with("organizations/bar").and_return(org_response("bar"))
+      allow(@rest).to receive(:get_rest).with("organizations/foo").and_return(org_response("foo", true))
+      expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"),
+                                                                              org_response("foo", true))
+    end
+  end
+
+  describe "#download_user" do
+    include FakeFS::SpecHelpers
+    let (:username) { "foo" }
+    let (:url) { "users/foo" }
+
+    it "downloads a named user from the api" do
+      expect(@rest).to receive(:get_rest).with(url)
+      @knife.download_user(username, url)
+    end
+
+    it "writes it to a json file in the destination directory" do
+      user_response = {"username" => "foo"}
+      allow(@rest).to receive(:get_rest).with(url).and_return(user_response)
+      @knife.download_user(username, url)
+      expect(JSON.parse(File.read("/users/foo.json"))).to eq(user_response)
+    end
+  end
+
+  describe "#download_user_acl" do
+    include FakeFS::SpecHelpers
+    let (:username) {"foo"}
+
+    it "downloads a user acl from the API" do
+      expect(@rest).to receive(:get_rest).with("users/#{username}/_acl")
+      @knife.download_user_acl(username)
+    end
+
+    it "writes it to a json file in the destination directory" do
+      user_acl_response = {"create" => {}}
+      allow(@rest).to receive(:get_rest).with("users/#{username}/_acl").and_return(user_acl_response)
+      @knife.download_user_acl(username)
+      expect(JSON.parse(File.read("/user_acls/foo.json"))).to eq(user_acl_response)
+    end
+  end
+
+  describe "#write_org_object_to_disk" do
+    include FakeFS::SpecHelpers
+    it "writes the given object to disk" do
+      org_object = { "name" => "bob" }
+      @knife.write_org_object_to_disk(org_object)
+      expect(JSON.parse(File.read("/organizations/bob/org.json"))).to eq(org_object)
+    end
+  end
+
+  describe "#download_org_members" do
+    include FakeFS::SpecHelpers
+    let (:users) {
+      [  {
+           "user" => { "username" => "john" }
+         },
+         {
+           "user" => { "username" => "mary" }
+         }
+      ]
+    }
+
+    it "downloads org members for a given org" do
+      expect(@rest).to receive(:get_rest).with("/organizations/bob/users").and_return(users)
+      @knife.download_org_members("bob")
+    end
+
+    it "writes the org members to a JSON file" do
+      expect(@rest).to receive(:get_rest).with("/organizations/bob/users").and_return(users)
+      @knife.download_org_members("bob")
+      expect(JSON.parse(File.read("/organizations/bob/members.json"))).to eq(users)
+    end
+  end
+
+  describe "#download_org_inivitations" do
+    include FakeFS::SpecHelpers
+    let(:invites) { {"a json" => "maybe"} }
+    it "downloads invitations for a given org" do
+      expect(@rest).to receive(:get_rest).with("/organizations/bob/association_requests").and_return(invites)
+      @knife.download_org_invitations("bob")
+    end
+
+    it "writes the invitations to a JSON file" do
+      expect(@rest).to receive(:get_rest).with("/organizations/bob/association_requests").and_return(invites)
+      @knife.download_org_invitations("bob")
+      expect(JSON.parse(File.read("/organizations/bob/invitations.json"))).to eq(invites)
+    end
+  end
+end

data/spec/chef/knife/ec_base_spec.rb

@@ -0,0 +1,73 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
+require 'chef/knife/ec_base'
+require 'chef/knife'
+require 'chef/config'
+require 'stringio'
+
+class Tester < Chef::Knife
+  include Chef::Knife::EcBase
+end
+
+describe Chef::Knife::EcBase do
+  let(:o) { Tester.new }
+  before(:each) do
+    @rest = double('rest')
+    @stderr = StringIO.new
+    allow(o.ui).to receive(:stderr).and_return(@stderr)
+    allow(Chef::REST).to receive(:new).and_return(@rest)
+  end
+
+  context "org_admin" do
+    it "selects an admin from an org" do
+      allow(@rest).to receive(:get_rest).with("groups/admins").and_return({"users" => ["bob"]})
+      allow(@rest).to receive(:get_rest).with("users").and_return([{"user" => { "username" => "bob"}}])
+      expect(o.org_admin).to eq("bob")
+    end
+
+    it "refuses to return pivotal" do
+      allow(@rest).to receive(:get_rest).with("groups/admins").and_return({"users" => ["pivotal"]})
+      allow(@rest).to receive(:get_rest).with("users").and_return([{"user" => { "username" => "pivotal"}}])
+      expect{o.org_admin}.to raise_error(Chef::Knife::EcBase::NoAdminFound)
+    end
+
+    it "refuses to return users not in the org" do
+      allow(@rest).to receive(:get_rest).with("groups/admins").and_return({"users" => ["bob"]})
+      allow(@rest).to receive(:get_rest).with("users").and_return([{"user" => { "username" => "sally"}}])
+      expect{o.org_admin}.to raise_error(Chef::Knife::EcBase::NoAdminFound)
+    end
+  end
+
+  context "set_dest_dir_from_args!" do
+    it "sets dest_dir from its arguments" do
+      o.name_args = ["foo"]
+      o.set_dest_dir_from_args!
+      expect(o.dest_dir).to eq("foo")
+    end
+
+    it "exits with an error message if no argument is given" do
+      expect {o.set_dest_dir_from_args!}.to raise_error(SystemExit)
+    end
+  end
+
+  context "set_client_config!" do
+    it "sets the node_name to pivotal" do
+      Chef::Config.node_name = "foobar"
+      o.set_client_config!
+      expect(Chef::Config.node_name).to eq("pivotal")
+    end
+
+    it "sets the client key to config[:webui_key]" do
+      Chef::Config.client_key = "blargblarg"
+      o.config[:webui_key] = "foobar"
+      o.set_client_config!
+      expect(Chef::Config.client_key).to eq("foobar")
+    end
+  end
+
+  context "ensure_webui_key_exists!" do
+    it "exits when the webui_key doesn't exist" do
+      o.config[:webui_key] = "dne"
+      expect{o.ensure_webui_key_exists!}.to raise_error(SystemExit)
+    end
+  end
+end

data/spec/chef/knife/ec_key_base_spec.rb

@@ -0,0 +1,2 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
+require 'chef/knife/ec_key_base'

data/spec/chef/knife/ec_key_export_spec.rb

@@ -0,0 +1,2 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
+require 'chef/knife/ec_key_export'

data/spec/chef/knife/ec_key_import_spec.rb

@@ -0,0 +1,2 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
+require 'chef/knife/ec_key_import'

data/spec/chef/knife/ec_restore_spec.rb

@@ -0,0 +1,138 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
+require 'chef/knife/ec_restore'
+require 'fakefs/spec_helpers'
+
+def make_user(username)
+  FileUtils.mkdir_p("/users")
+  File.write("/users/#{username}.json", "{\"username\": \"#{username}\"}")
+end
+
+def make_org(orgname)
+  FileUtils.mkdir_p("/organizations/#{orgname}")
+  File.write("/organizations/#{orgname}/org.json", "{\"name\": \"#{orgname}\"}")
+  File.write("/organizations/#{orgname}/invitations.json", "[{\"username\": \"bob\"}, {\"username\": \"jane\"}]")
+end
+
+def net_exception(code)
+  s = double("status", :code => code.to_s)
+  Net::HTTPServerException.new("I'm not real!", s)
+end
+
+describe Chef::Knife::EcRestore do
+
+  before(:each) do
+    Chef::Knife::EcRestore.load_deps
+    @knife = Chef::Knife::EcRestore.new
+    @rest = double('Chef::Rest')
+    allow(@knife).to receive(:rest).and_return(@rest)
+    allow(@knife).to receive(:user_acl_rest).and_return(@rest)
+  end
+
+  describe "#create_organization" do
+    include FakeFS::SpecHelpers
+    it "posts a given org to the API from data on disk" do
+      make_org "foo"
+      org = JSON.parse(File.read("/organizations/foo/org.json"))
+      expect(@rest).to receive(:post_rest).with("organizations", org)
+      @knife.create_organization("foo")
+    end
+
+    it "updates a given org if it already exists" do
+      make_org "foo"
+      org = JSON.parse(File.read("/organizations/foo/org.json"))
+      allow(@rest).to receive(:post_rest).with("organizations", org).and_raise(net_exception(409))
+      expect(@rest).to receive(:put_rest).with("organizations/foo", org)
+      @knife.create_organization("foo")
+    end
+  end
+
+  describe "#restore_open_invitations" do
+    include FakeFS::SpecHelpers
+
+    it "reads the invitations from disk and posts them to the API" do
+      make_org "foo"
+      expect(@rest).to receive(:post_rest).with("organizations/foo/association_requests", {"user" => "bob"})
+      expect(@rest).to receive(:post_rest).with("organizations/foo/association_requests", {"user" => "jane"})
+      @knife.restore_open_invitations("foo")
+    end
+
+    it "does NOT fail if an inivitation already exists" do
+      make_org "foo"
+      allow(@rest).to receive(:post_rest).with("organizations/foo/association_requests", {"user" => "bob"}).and_return(net_exception(409))
+      allow(@rest).to receive(:post_rest).with("organizations/foo/association_requests", {"user" => "jane"}).and_return(net_exception(409))
+      expect {@knife.restore_open_invitations("foo")}.to_not raise_error
+    end
+  end
+
+  describe "#for_each_user" do
+    include FakeFS::SpecHelpers
+    it "iterates over all users with files on disk" do
+      make_user("bob")
+      make_user("jane")
+      expect{|b| @knife.for_each_user &b }.to yield_successive_args("bob", "jane")
+    end
+
+    it "skips pivotal when config[:overwrite_pivotal] is false" do
+      @knife.config[:overwrite_pivotal] = false
+      make_user("bob")
+      make_user("pivotal")
+      make_user("jane")
+      expect{|b| @knife.for_each_user &b }.to yield_successive_args("bob", "jane")
+    end
+
+    it "does not skip pivotal when config[:overwrite_pivotal] is true" do
+      @knife.config[:overwrite_pivotal] = true
+      make_user("bob")
+      make_user("pivotal")
+      make_user("jane")
+      expect{|b| @knife.for_each_user &b }.to yield_successive_args("bob", "pivotal", "jane")
+    end
+
+    it "does not return non-json files in the directory" do
+      make_user("bob")
+      make_user("jane")
+      File.write("/users/nonono", "")
+      expect{|b| @knife.for_each_user &b }.to yield_successive_args("bob", "jane")
+    end
+  end
+
+  describe "#for_each_organization" do
+    include FakeFS::SpecHelpers
+    it "iterates over all organizations with a folder on disk" do
+      make_org "acme"
+      make_org "wombats"
+      expect{|b| @knife.for_each_organization &b }.to yield_successive_args("acme", "wombats")
+    end
+
+    it "only return config[:org] when the option is specified" do
+      make_org "acme"
+      make_org "wombats"
+      @knife.config[:org] = "wombats"
+      expect{|b| @knife.for_each_organization &b }.to yield_with_args("wombats")
+    end
+  end
+
+  describe "#restore_users" do
+    include FakeFS::SpecHelpers
+
+    it "reads the user from disk and posts it to the API" do
+      make_user "jane"
+      expect(@rest).to receive(:post_rest).with("users", anything)
+      @knife.restore_users
+    end
+
+    it "sets a random password for users" do
+      make_user "jane"
+      # FIX ME: How can we test this better?
+      expect(@rest).to receive(:post_rest).with("users", {"username" => "jane", "password" => anything})
+      @knife.restore_users
+    end
+
+    it "updates the user if it already exists" do
+      make_user "jane"
+      allow(@rest).to receive(:post_rest).with("users", anything).and_raise(net_exception(409))
+      expect(@rest).to receive(:put_rest).with("users/jane", {"username" => "jane"})
+      @knife.restore_users
+    end
+  end
+end

data/spec/chef/server_spec.rb

@@ -0,0 +1,50 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+require 'chef/server'
+require 'chef/rest'
+require 'stringio'
+
+describe Chef::Server do
+
+  it "infers root url from a Chef Server url" do
+    s = Chef::Server.from_chef_server_url("http://api.example.com/organizations/foobar")
+    expect(s.root_url).to eq("http://api.example.com")
+  end
+
+  it "determines the server version" do
+    s = Chef::Server.new("http://api.example.com")
+    allow(s).to receive(:open).and_return(StringIO.new("Chef Server 1.8.1\nother stuff\nother stuff"))
+    expect(s.version.to_s).to eq("1.8.1")
+  end
+
+  it "ignores git tags when determining the version" do
+    s = Chef::Server.new("http://api.example.com")
+    allow(s).to receive(:open).and_return(StringIO.new("Chef Server 1.8.1+20141024080718.git.16.08098a5\nother stuff\nother stuff"))
+    expect(s.version.to_s).to eq("1.8.1")
+  end
+
+  it "knows whether the server supports user ACLs via ngingx" do
+    s1 = Chef::Server.new("http://api.example.com")
+    s2 = Chef::Server.new("http://api.example.com")
+    allow(s1).to receive(:open).and_return(StringIO.new("Chef Server 11.0.0\nother stuff\nother stuff"))
+    allow(s2).to receive(:open).and_return(StringIO.new("Chef Server 11.0.2\nother stuff\nother stuff"))
+
+    expect(s1.supports_user_acls?).to eq(false)
+    expect(s2.supports_user_acls?).to eq(true)
+  end
+
+  it "knows when account is directly accessible" do
+    s = Chef::Server.new("http://api.example.com")
+    rest = double('rest')
+    allow(Chef::REST).to receive(:new).and_return(rest)
+    allow(rest).to receive(:get).and_return("")
+    expect(s.direct_account_access?).to eq(true)
+  end
+
+  it "knows when account is not directly accessible" do
+    s = Chef::Server.new("http://api.example.com")
+    rest = double('rest')
+    allow(Chef::REST).to receive(:new).and_return(rest)
+    allow(rest).to receive(:get).and_raise(Errno::ECONNREFUSED)
+    expect(s.direct_account_access?).to eq(false)
+  end
+end