knife-ec-backup 2.4.7 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4801984205d4df0174d61e67d8b4ebe4a6199778a5bc3b4048fb1f4f25d0c027
-  data.tar.gz: ed391c6e19f1f091aa0993d887d6ece7f76c04475f26ac7499a360e91d032a0e
+  metadata.gz: 29f71b880bfbb21dba4529c4a03f9966d208a7f39c478613d3e38d1130ca5c06
+  data.tar.gz: 6196ae8cc2a56309310c5c25d7392dd3a1dfd7367a9d0994639998aa42f48422
 SHA512:
-  metadata.gz: f80e17213b08ffec758bdca995b78acd55d439d9ea777d33ccbc75bd185ca604a5749a44a241c098f9da52033fb5d746b994cf5388c82b953036486e6df7c5fd
-  data.tar.gz: 75cedd7e96b53bdb7be8eb95195940fd955edbb3c7b59c20af41b6af858aa737ace3f66f2ad65ff7fb5f9da93f9aede80fc8d1395e2400b43b2a66f30422f008
+  metadata.gz: edb3a2500bb5c15b5a9c2b786152e2677f495e1996492411584a7fd3d91bf4d60b89e834a0fccf58388f7013f94a73c8ebf8c52df52c884530a2f62782aa9a6e
+  data.tar.gz: 43b2cb7433041e8f1d7654147205c5d769f582de6e40b3f5f482cda0a7b3b4b712c19ed7f05e1bcf55f6de184297e150f833f9621cd0f82d050a3b1bea049687

data/README.md

@@ -1,5 +1,5 @@
 # Knife EC Backup
-[![Build Status Master](https://travis-ci.org/chef/knife-ec-backup.svg?branch=master)](https://travis-ci.org/chef/knife-ec-backup)
+[![Build status](https://badge.buildkite.com/4bc85427aab66accafbd7abb2932b9dd7f9208162c5be33488.svg?branch=master)](https://buildkite.com/chef-oss/chef-knife-ec-backup-master-verify)
 [![Gem Version](https://badge.fury.io/rb/knife-ec-backup.svg)](https://badge.fury.io/rb/knife-ec-backup)
 
 **Umbrella Project**: [Knife](https://github.com/chef/chef-oss-practices/blob/master/projects/knife.md)
@@ -10,57 +10,59 @@
 
 **Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days
 
-# Description
+## Description
 
-knife-ec-backup can backup and restore the data in an Enterprise Chef
+knife-ec-backup can backup and restore the data in a Chef Infra
 Server installation, preserving the data in an intermediate, editable
 text format.  It is similar to the `knife download` and `knife upload`
 commands and uses the same underlying libraries, but also includes
 workarounds for objects not yet supported by those tools and various
-Server API deficiencies.  The long-run goal is to improve `knife
-download`, `knife upload` and the Chef Server API and deprecate this
+Infra Server API deficiencies.  The long-run goal is to improve `knife
+download`, `knife upload` and the Chef Infra Server API and deprecate this
 tool.
 
-# Requirements
+## Requirements
 
-This knife plugin requires Chef Client 11.8+.
+This knife plugin requires Chef Infra Client 11.8+.
 
-## Chef 10
+### Server Support
 
-Users who are still using Chef 10 can use the most recent 1.x version
-of this gem.  Version 1.x additionally depends on knife-essentials.
-
-## Server Support
-
-This plugin currently supports Enterprise Chef 11 and Chef Server 12.
+This plugin currently supports Chef Infra Server 12+.
 Support for the beta key rotation features is provided via the
 `--with-keys-sql` flag, but users of this feature should note that
-this may change once the Chef Server supports an API-based export of
+this may change once the Chef Infra Server supports an API-based export of
 the key data.
 
-# Installation
+## Installation
 
-## Chef Server Install (Recommended)
+### Chef Infra Server Install (Recommended)
 
-This gem is installed with chef-server-core 12.0.0 and newer.
+This gem is installed with Chef Infra Server 12 and later and the sub-commands are available with embedded copy of `knife`, e.g.:
 
-For Private Chef 11 (or Enterprise Chef 11) you'll need to download and build
-locally to get the correct dependencies, either with `git clone` or by
-downloading the .zip file. Once unpacked, run:
+```
+sudo /opt/opscode/bin/knife ec backup ~/chef-server-backup-directory
+```
+
+If you need a newer version of `knife-ec-backup` than is on the server you wish to back up, you can install it using the embedded `gem` command.
 
 ```
-/opt/opscode/embedded/bin/gem build knife-ec-backup.gemspec
-/opt/opscode/embedded/bin/gem install knife-ec-backup*gem --no-ri --no-rdoc -V
+/opt/opscode/embedded/bin/gem install knife-ec-backup --no-doc
 ```
 
-### Note on installing with existing development tools:
+### Chef Workstation Install (Unsupported)
 
-The latest versions of knife-ec-backup require gems with native
-extensions, thus you must install a standard build toolchain.  To
-install knife-ec-backup without installing libpq development headers
-on your system, try the following:
+On systems other than the Chef Infra Server, installation of this gem is not
+tested or supported. However, if you attempt to do so you will need the
+postgresql libraries installed.
 
-   /opt/opscode/embedded/bin/gem install knife-ec-backup -- --with-pg-config=/opt/opscode/embedded/postgresql/9.2/bin/pg_config
+For example, on macOS:
+
+```
+brew install libpq
+gem install knife-ec-backup -- --with-pg-config=/usr/local/Cellar/libpq/9.2/bin/pg_config
+```
+
+The current location of pg_config can be determined with `brew info libpq`.
 
 ## Running tests
 
@@ -84,29 +86,29 @@ Clone the git repository and run the following from inside:
     gem build knife-ec-backup.gemspec
     gem install knife-ec-backup*gem
 
-# Configuration
+## Configuration
 
-## Permissions
+### Permissions
 
-Note that most users in an EC installation lack the permissions to pull all of the data from all organizations and other users.
-This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Server.
-It is recommended that you run this from a frontend Enterprise Chef Server, you can use --user and --key to pass the pivotal information along.
+Note that most users in a Chef Infra Server installation lack the permissions to pull all of the data from all organizations and other users.
+This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Infra Server.
+It is recommended that you run this from a frontend Chef Infra Server. You can use `--user pivotal --key /path/to/pivotal.pem` to provide a path to the `pivotal` key.
 
-# Subcommands
+## Subcommands
 
-## Common Options
+### Common Options
 
 The following options are supported across all subcommands:
 
   * `--sql-host`:
-    The hostname of the Chef Server's postgresql server. (default: localhost)
+    The hostname of the Chef Infra Server's postgresql server. (default: localhost)
 
   * `--sql-port`:
-    The postgresql listening port on the Chef Server. (default: 5432)
+    The postgresql listening port on the Chef Infra Server. (default: 5432)
 
   * `--sql-db`:
-    The postgresql Chef Server database name. (default: opscode_chef)
-    Specify 'automate-cs-oc-erchef' when using Automate Chef Server API
+    The postgresql Chef Infra Server database name. (default: opscode_chef)
+    Specify 'automate-cs-oc-erchef' when using Automate Chef Infra Server API
 
   * `--sql-user`:
     The username of postgresql user with access to the opscode_chef
@@ -122,9 +124,9 @@ The following options are supported across all subcommands:
   * `--dry-run`:
     Report what actions would be taken without performing any. (default: false)
 
-## knife ec backup DEST_DIR (options)
+### knife ec backup DEST_DIR (options)
 
-*Path*: If you have chef-client installed as well, you may need to invoke this as `/opt/opscode/embedded/bin/knife ec backup backup`
+*Path*: If you have Chef Infra Client installed on this server, you may need to invoke this as `/opt/opscode/bin/knife ec backup BACKUP_DIRECTORY`
 
 *Options*
 
@@ -144,8 +146,8 @@ The following options are supported across all subcommands:
 
   * `--with-key-sql`: Whether to backup/restore key data directly
     from the database.  This requires access to the listening
-    postgresql port on the Chef Server.  This is required to correctly
-    handle keys in Chef Servers with multikey support. This option
+    postgresql port on the Chef Infra Server.  This is required to correctly
+    handle keys in Chef Infra Servers with multikey support. This option
     will only work on `restore` if it was also used during the
     `backup`.
 
@@ -156,13 +158,13 @@ The following options are supported across all subcommands:
     Chef objects.
 
   * `--skip-version-check`:
-    Skip Chef Server version check. This will also skip any auto-configured options (default: false)
+    Skip Chef Infra Server version check. This will also skip any auto-configured options (default: false)
 
   * `--only-org ORG`:
     Only donwload/restore objects in the named organization. Global
     objects such as users will still be downloaded/restored.
 
-Creates a repository of an entire Enterprise Chef / Private Chef server.
+Creates a repository of an entire Chef Infra Server
 
 The format of the repository is based on the `knife-essentials` (`knife download`) format and looks like this:
 
@@ -214,10 +216,9 @@ This compares very closely with the "knife download /" from an OSC server:
     users
       <name>.json>
 
-## knife ec restore DEST_DIR (options)
+### knife ec restore DEST_DIR (options)
 
-Restores all data from the specified DEST_DIR to an Enterprise Chef /
-Private Chef server. DEST_DIR should be a backup directory created by
+Restores all data from the specified DEST_DIR to a Chef Infra Server. DEST_DIR should be a backup directory created by
 `knife ec backup`
 
 *Options*
@@ -239,11 +240,11 @@ Private Chef server. DEST_DIR should be a backup directory created by
     Server. (default: 10)
 
   * `--skip-version-check`:
-    Skip Chef Server version check. This will
+    Skip Chef Infra Server version check. This will
     also skip any auto-configured options (default: false)
 
   * `--[no-]skip-user-ids`:
-    Reuses user ids from the restore destination when updating existing 
+    Reuses user ids from the restore destination when updating existing
     users to avoid database conflicts (default: true)
 
   * `--with-user-sql`:
@@ -256,8 +257,8 @@ Private Chef server. DEST_DIR should be a backup directory created by
 
   * `--with-key-sql`: Whether to backup/restore key data directly
     from the database.  This requires access to the listening
-    postgresql port on the Chef Server.  This is required to correctly
-    handle keys in Chef Servers with multikey support. This option
+    postgresql port on the Chef Infra Server.  This is required to correctly
+    handle keys in Chef Infra Servers with multikey support. This option
     will only work on `restore` if it was also used during the
     `backup`.
 
@@ -268,44 +269,31 @@ Private Chef server. DEST_DIR should be a backup directory created by
     Chef objects.
 
   * `--only-org ORG`:
-    Only donwload/restore objects in the named organization. Global
+    Only download/restore objects in the named organization. Global
     objects such as users will still be downloaded/restored.
 
-## knife ec key export [FILENAME]
+### knife ec key export [FILENAME]
 
-Create a json representation of the users table from the Chef Server
+Create a json representation of the users table from the Chef Infra Server
 database.  If no argument is given, the name of the backup is
 `key_dump.json`.
 
 Please note, most users should use `knife ec backup` with the
 `--with-user-sql` option rather than this command.
 
-## knife ec key import [FILENAME]
+### knife ec key import [FILENAME]
 
 Import a json representation of the users table from FILENAME to the
-the Chef Server database.  If no argument is given, the filename is
+the Chef Infra Server database.  If no argument is given, the filename is
 assumed to be `key_dump.json`.
 
-Please note, most user should use `knife ec restore` with the
+Please note, most users should use `knife ec restore` with the
 `--with-user-sql` option rather than this command.
 
-# Known Bugs
-
-- knife-ec-backup cannot be installed in the embedded gemset of Chef
-  Server 12.  This will be resolved in a future Chef Server release.
+## Known Bugs
 
 - `knife ec restore` can fail to restore cookbooks, failing with an
   internal server error. A common cause of this problem is a
-  concurrency bug in Chef Server. Setting `--concurrency 1` can often
+  concurrency bug in Chef Infra Server. Setting `--concurrency 1` can often
   work around the issue.
 
-- `knife ec restore` can fail if the pool of pre-created organizations
-  can not keep up with the newly created organizations.  This can
-  typically be resolved simply be restarting the restore.  To avoid
-  this error for backups with large number of organizations, try
-  setting (in /etc/opscode/private-chef.rb):
-
-        opscode_org_creator['ready_org_depth']
-
-  to the number of organizations in your backup and waiting for the
-  pool to fill before running `knife ec restore`

data/Rakefile

@@ -1,5 +1,5 @@
 require 'bundler'
-require 'rubygems'
+require 'rubygems' unless defined?(Gem)
 require 'rubygems/package_task'
 require 'rdoc/task'
 require 'rspec/core/rake_task'

data/lib/chef/automate.rb

@@ -0,0 +1,18 @@
+class Chef
+  class Automate
+    def self.is_installed?
+      File.exists?('/hab/svc/automate-cs-oc-erchef/')
+    end
+
+    def self.config
+      {
+        sql_user: 'automate-cs-oc-erchef',
+        sql_cert: '/hab/svc/automate-cs-oc-erchef/config/service.crt',
+        sql_key: '/hab/svc/automate-cs-oc-erchef/config/service.key',
+        sql_rootcert: '/hab/svc/automate-cs-oc-erchef/config/root_ca.crt',
+        sql_db: 'automate-cs-oc-erchef',
+        webui_key: '/hab/svc/automate-cs-oc-erchef/data/webui_priv.pem'
+      }
+    end
+  end
+end

data/lib/chef/knife/ec_backup.rb

@@ -13,9 +13,13 @@ class Chef
         require 'chef/chef_fs/config'
         require 'chef/chef_fs/file_system'
         require 'chef/chef_fs/file_pattern'
-        require 'chef/chef_fs/parallelizer'
+        begin
+          require 'chef/chef_fs/parallelizer'
+        rescue LoadError
+          require 'chef-utils/parallel_map' unless defined?(ChefUtils::ParallelMap)
+        end
         require_relative '../server'
-        require 'fileutils'
+        require 'fileutils' unless defined?(FileUtils)
       end
 
       def run
@@ -30,7 +34,7 @@ class Chef
         for_each_user do |username, url|
           download_user(username, url)
           if config[:skip_useracl]
-            ui.warn("Skipping user ACL download for #{username}. To download this ACL, remove --skip-useracl or upgrade your Enterprise Chef Server.")
+            ui.warn("Skipping user ACL download for #{username}. To download this ACL, remove --skip-useracl.")
           else
             download_user_acl(username)
           end
@@ -96,10 +100,10 @@ class Chef
             knife_ec_error_handler.add(ex)
             next
           end
-          # Enterprise Chef 11 and below uses a pool of precreated
+          # Enterprise Chef 11 and below uses a pool of pre-created
           # organizations to account for slow organization creation
           # using CouchDB. Thus, on server versions < 12 we want to
-          # skip any of these precreated organizations by checking if
+          # skip any of these pre-created organizations by checking if
           # they have been assigned or not.  The Chef 12 API does not
           # return an assigned_at field.
           if org['assigned_at'] || server.version >= Gem::Version.new("12")
@@ -192,13 +196,6 @@ class Chef
           # Download the billing-admins, public_key_read_access ACL and group as pivotal
           chef_fs_config = Chef::ChefFS::Config.new
 
-          paths = ['/acls/groups/billing-admins.json', '/groups/billing-admins.json', '/groups/admins.json']
-          paths.push('/acls/groups/public_key_read_access.json', '/groups/public_key_read_access.json') if server.supports_public_key_read_access?
-
-          paths.each do |path|
-            chef_fs_copy_pattern(path, chef_fs_config)
-          end
-
           Chef::Config.node_name = if config[:skip_version]
                                      org_admin
                                    else
@@ -206,7 +203,7 @@ class Chef
                                    end
 
           chef_fs_config = Chef::ChefFS::Config.new
-          top_level_paths = chef_fs_config.chef_fs.children.select { |entry| entry.name != 'acls' && entry.name != 'groups' }.map { |entry| entry.path }
+          top_level_paths = chef_fs_config.chef_fs.children.map { |entry| entry.path }
 
           # The top level acl object names end with .json extension
           # Therefore we can use Chef::ChefFS::FilePattern matching for items
@@ -216,13 +213,7 @@ class Chef
           # therefore we use normalize_path_name to add the .json extension
           # for example: /acls/environments/_default
 
-           # Skip the billing-admins, public_key_read_access group ACLs and the groups since they've already been copied
-          exclude_list = ['billing-admins', 'public_key_read_access']
-
-          top_level_acls  = chef_fs_paths('/acls/*.json', chef_fs_config, [])
-          acl_paths       = chef_fs_paths('/acls/*/*', chef_fs_config, exclude_list)
-          group_paths     = chef_fs_paths('/groups/*', chef_fs_config, exclude_list)
-          (top_level_paths + top_level_acls + acl_paths + group_paths).each do |path|
+          top_level_paths.each do |path|
             chef_fs_copy_pattern(path, chef_fs_config)
           end
         ensure

data/lib/chef/knife/ec_base.rb

@@ -18,9 +18,10 @@
 
 require 'chef/knife'
 require 'chef/server_api'
-require 'veil'
+require 'veil' unless defined?(Veil)
 require_relative 'ec_error_handler'
-require 'ffi_yajl'
+require 'ffi_yajl' unless defined?(FFI_Yajl)
+require_relative '../automate'
 
 class Chef
   class Knife
@@ -41,7 +42,7 @@ class Chef
 
           option :webui_key,
             :long => '--webui-key KEYPATH',
-            :description => 'Path to the WebUI Key (default: Read from secrets store or /etc/opscode/webui_priv.pem)'
+            :description => 'Path to the WebUI Key (default: Read from secrets store or /etc/opscode/webui_priv.pem or /hab/svc/automate-cs-oc-erchef/data/webui_priv.pem)'
 
           option :secrets_file_path,
             :long => '--secrets-file PATH',
@@ -58,7 +59,7 @@ class Chef
             :long => '--skip-version-check',
             :boolean => true,
             :default => false,
-            :description => "Skip Chef Server version check.  This will also skip any auto-configured options"
+            :description => "Skip Chef Infra Server version check.  This will also skip any auto-configured options"
 
           option :org,
             :long => "--only-org ORG",
@@ -66,18 +67,17 @@ class Chef
 
           option :sql_host,
             :long => '--sql-host HOSTNAME',
-            :description => 'Postgresql database hostname (default: localhost)',
+            :description => 'PostgreSQL database hostname (default: localhost)',
             :default => "localhost"
 
           option :sql_port,
             :long => '--sql-port PORT',
-            :description => 'Postgresql database port (default: 5432)',
+            :description => 'PostgreSQL database port (default: 5432)',
             :default => 5432
 
           option :sql_db,
             :long => '--sql-db DBNAME',
-            :description => 'Postgresql Chef Server database name (default: opscode_chef)',
-            :default => "opscode_chef"
+            :description => 'PostgreSQL Chef Infra Server database name (default: opscode_chef or automate-cs-oc-erchef)'
 
           option :sql_user,
             :long => "--sql-user USERNAME",
@@ -87,6 +87,18 @@ class Chef
             :long => "--sql-password PASSWORD",
             :description => 'Password used to connect to the postgresql database'
 
+          option :sql_cert,
+            :long => "--sql-cert ",
+            :description => 'Path to client ssl cert'
+
+          option :sql_key,
+            :long => "--sql-key PATH",
+            :description => 'Path to client ssl key'
+
+          option :sql_rootcert,
+          :long => "--sql-rootcert ",
+          :description => 'Path to root ssl cert'
+
           option :with_user_sql,
             :long => '--with-user-sql',
             :description => 'Try direct data base access for user export/import.  Required to properly handle passwords, keys, and USAGs'
@@ -113,7 +125,11 @@ class Chef
         def configure_chef
           super
           Chef::Config[:concurrency] = config[:concurrency].to_i if config[:concurrency]
-          Chef::ChefFS::Parallelizer.threads = (Chef::Config[:concurrency] || 10) - 1
+          if defined?(Chef::ChefFS::Parallelizer)
+            Chef::ChefFS::Parallelizer.threads = (Chef::Config[:concurrency] || 10) - 1
+          elsif defined?(ChefUtils::DefaultThreadPool)
+            ChefUtils::DefaultThreadPool.instance.threads = (Chef::Config[:concurrency] || 10) - 1
+          end
         end
 
         def org_admin
@@ -200,6 +216,8 @@ class Chef
       def webui_key
         if config[:webui_key]
           config[:webui_key]
+        elsif Chef::Automate.is_installed?
+          config[:webui_key] = Chef::Automate.config[:webui_key]
         elsif veil.exist?("chef-server", "webui_key")
           temporary_webui_key
         else

data/lib/chef/knife/ec_key_base.rb

@@ -17,6 +17,7 @@
 #
 
 require 'chef/knife'
+require 'veil'
 
 class Chef
   class Knife
@@ -27,23 +28,23 @@ class Chef
 
           deps do
             require 'sequel'
-            require 'json'
+            require 'json' unless defined?(JSON)
+            require_relative '../automate'
           end
 
           option :sql_host,
           :long => '--sql-host HOSTNAME',
-          :description => 'Postgresql database hostname (default: localhost)',
+          :description => 'PostgreSQL database hostname (default: localhost)',
           :default => "localhost"
 
           option :sql_port,
           :long => '--sql-port PORT',
-          :description => 'Postgresql database port (default: 5432)',
+          :description => 'PostgreSQL database port (default: 5432)',
           :default => 5432
 
           option :sql_db,
           :long => '--sql-db DBNAME',
-          :description => 'Postgresql Chef Server database name (default: opscode_chef)',
-          :default => "opscode_chef"
+          :description => 'PostgreSQL Chef Infra Server database name (default: opscode_chef or automate-cs-oc-erchef)'
 
           option :sql_user,
           :long => "--sql-user USERNAME",
@@ -53,6 +54,18 @@ class Chef
           :long => "--sql-password PASSWORD",
           :description => 'Password used to connect to the postgresql database'
 
+          option :sql_cert,
+          :long => "--sql-cert ",
+          :description => 'Path to client ssl cert'
+
+          option :sql_key,
+          :long => "--sql-key PATH",
+          :description => 'Path to client ssl key'
+
+          option :sql_rootcert,
+          :long => "--sql-rootcert ",
+          :description => 'Path to root ssl cert'
+
           option :secrets_file_path,
           :long => '--secrets-file PATH',
           :description => 'Path to a valid private-chef-secrets.json file (default: /etc/opscode/private-chef-secrets.json)',
@@ -73,27 +86,44 @@ class Chef
       def db
         @db ||= begin
                   require 'sequel'
-                  server_string = "#{config[:sql_user]}:#{config[:sql_password]}@#{config[:sql_host]}:#{config[:sql_port]}/#{config[:sql_db]}"
-                  ::Sequel.connect("postgres://#{server_string}", :convert_infinite_timestamps => :string)
+                  require 'uri'
+                  server_uri = URI('postgres://')
+                  server_uri.host = config[:sql_host]
+                  server_uri.port = config[:sql_port]
+                  server_uri.user = URI.encode_www_form_component(config[:sql_user]) if config[:sql_user]
+                  server_uri.password = URI.encode_www_form_component(config[:sql_password]) if config[:sql_password]
+                  query_params = []
+                  query_params.push("sslcert=#{config[:sql_cert]}") if config[:sql_cert]
+                  query_params.push("sslkey=#{config[:sql_key]}") if config[:sql_key]
+                  query_params.push("sslrootcert=#{config[:sql_rootcert]}") if config[:sql_rootcert]
+                  server_uri.query = query_params.join("&") if query_params.length > 0
+
+                  ::Sequel.connect(server_uri.to_s, :convert_infinite_timestamps => :string)
                 end
       end
 
       # Loads SQL user and password from running config if not passed
       # as a command line option
       def load_config_from_file!
-        if ! File.exists?("/etc/opscode/chef-server-running.json")
-          ui.fatal "SQL User or Password not provided as option and running config cannot be found!"
-          exit 1
+        if Chef::Automate.is_installed?
+          ui.msg "Automate detected"
+          config.merge! Chef::Automate.config {|key, v1, v2| v1}
         else
-          running_config ||= JSON.parse(File.read("/etc/opscode/chef-server-running.json"))
-          # Latest versions of chef server put the database info under opscode-erchef.sql_user
-          hash_key = if running_config['private_chef']['opscode-erchef'].has_key? 'sql_user'
-                       'opscode-erchef'
-                     else
-                       'postgresql'
-                     end
-          config[:sql_user] ||= running_config['private_chef'][hash_key]['sql_user']
-          config[:sql_password] ||= sql_password
+          if ! File.exists?("/etc/opscode/chef-server-running.json")
+            ui.fatal "SQL User or Password not provided as option and running config cannot be found!"
+            exit 1
+          else
+            running_config ||= JSON.parse(File.read("/etc/opscode/chef-server-running.json"))
+            # Latest versions of Chef Infra Server put the database info under opscode-erchef.sql_user
+            hash_key = if running_config['private_chef']['opscode-erchef'].has_key? 'sql_user'
+                        'opscode-erchef'
+                      else
+                        'postgresql'
+                      end
+            config[:sql_user] ||= running_config['private_chef'][hash_key]['sql_user']
+            config[:sql_password] ||= (running_config['private_chef'][hash_key]['sql_password'] || sql_password)
+            config[:sql_db] ||= 'opscode_chef'
+          end
         end
       end
 

data/lib/chef/knife/ec_key_export.rb

@@ -43,8 +43,8 @@ class Chef
           export_keys(key_data_path) unless config[:skip_keys_table]
         rescue Sequel::DatabaseError => e
           if e.message =~ /^PG::UndefinedTable/
-            ui.error "Keys table not found. The keys table only exists on Chef Server 12."
-            ui.error "Chef Server 11 users should use the --skip-keys-table option to avoid this error."
+            ui.error "Keys table not found. The keys table only exists on Chef Infra Server 12."
+            ui.error "Chef Infra Server 11 users should use the --skip-keys-table option to avoid this error."
             exit 1
           else
             raise

data/lib/chef/knife/ec_key_import.rb

@@ -184,7 +184,7 @@ class Chef
             d.delete('id') if config[:skip_ids]
             # If the hash_type in the export,
             # we are dealing with a record where the password is still in the
-            # serialized_obejct.  Explictly setting these to nil ensures that the
+            # serialized_object. Explicitly setting these to nil ensures that the
             # password set in the restore is wiped out.
             unless d.has_key?('hash_type')
               d['hash_type'] = nil

data/lib/chef/knife/ec_restore.rb

@@ -33,8 +33,12 @@ class Chef
         # Work around bug in chef_fs
         require 'chef/chef_fs/command_line'
         require 'chef/chef_fs/data_handler/acl_data_handler'
-        require 'securerandom'
-        require 'chef/chef_fs/parallelizer'
+        require 'securerandom' unless defined?(SecureRandom)
+        begin
+          require 'chef/chef_fs/parallelizer'
+        rescue LoadError
+          require 'chef-utils/parallel_map' unless defined?(ChefUtils::ParallelMap)
+        end
         require_relative '../tsorter'
         require_relative '../server'
       end
@@ -61,7 +65,7 @@ class Chef
         restore_key_sql if config[:with_key_sql]
 
         if config[:skip_useracl]
-          ui.warn("Skipping user ACL update. To update user ACLs, remove --skip-useracl or upgrade your Enterprise Chef Server.")
+          ui.warn("Skipping user ACL update. To update user ACLs, remove --skip-useracl.")
         else
           restore_user_acls
         end
@@ -229,7 +233,7 @@ class Chef
           ui.msg "Restoring org admin data"
           chef_fs_config = Chef::ChefFS::Config.new
 
-          # Handle Admins, Billing Admins and Public Key Read Access seperately
+          # Handle Admins, Billing Admins and Public Key Read Access separately
           #
           # admins: We need to upload admins first so that we
           # can upload all of the other objects as a user in the org
@@ -288,7 +292,7 @@ class Chef
           # Store organization data in a particular order:
           # - clients must be uploaded before groups (in top_level_paths)
           # - groups must be uploaded before any acl's
-          # - groups must be uploaded twice to account for Chef Server versions that don't
+          # - groups must be uploaded twice to account for Chef Infra Server versions that don't
           #   accept group members on POST
           (top_level_paths + group_paths*2 + group_acl_paths + acl_paths).each do |path|
             chef_fs_copy_pattern(path, chef_fs_config)
@@ -305,7 +309,7 @@ class Chef
       end
 
       # ChefFS copy pattern inside the EcRestore class will
-      # copy from the local_fs to the Chef Server.
+      # copy from the local_fs to the Chef Infra Server.
       #
       # NOTE: Do not get confused, this is the other way around
       # from how we implemented in EcBackup. Therefor we can't

data/lib/chef/server.rb

@@ -1,5 +1,5 @@
-require 'uri'
-require 'openssl'
+require 'uri' unless defined?(URI)
+require 'openssl' unless defined?(OpenSSL)
 require 'chef/server_api'
 
 class Chef

data/lib/knife_ec_backup/version.rb

@@ -1,4 +1,4 @@
 # when you change this to double quotes, also update .expeditor/update_version.sh
 module KnifeECBackup
-  VERSION = '2.4.7'
+  VERSION = '3.0.0'
 end

data/spec/chef/knife/ec_backup_spec.rb

@@ -38,6 +38,8 @@ describe Chef::Knife::EcBackup do
     allow(@knife).to receive(:rest).and_return(@rest)
     allow(@knife).to receive(:user_acl_rest).and_return(@rest)
     allow_any_instance_of(Chef::Knife::EcBase).to receive(:dest_dir).and_return(dest_dir)
+    allow(@knife.ui).to receive(:msg)
+    allow(@knife.ui).to receive(:error)
   end
 
   describe "#for_each_user" do
@@ -70,7 +72,7 @@ describe Chef::Knife::EcBackup do
       expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"), org_response("foo"))
     end
 
-    it "skips unassigned (precreated) organizations on Chef Server 11" do
+    it "skips unassigned (precreated) organizations on Chef Infra Server 11" do
       server = double('Chef::Server')
       allow(Chef::Server).to receive(:new).and_return(server)
       allow(server).to receive(:version).and_return(Gem::Version.new("11.12.3"))
@@ -79,7 +81,7 @@ describe Chef::Knife::EcBackup do
       expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"))
     end
 
-    it "includes *all* organizations on Chef Server 12" do
+    it "includes *all* organizations on Chef Infra Server 12" do
       server = double('Chef::Server')
       allow(Chef::Server).to receive(:new).and_return(server)
       allow(server).to receive(:version).and_return(Gem::Version.new("12.0.0"))

data/spec/chef/knife/ec_base_spec.rb

@@ -2,7 +2,7 @@ require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_hel
 require 'chef/knife/ec_base'
 require 'chef/knife'
 require 'chef/config'
-require 'stringio'
+require 'stringio' unless defined?(StringIO)
 
 class Tester < Chef::Knife
   include Chef::Knife::EcBase

data/spec/chef/knife/ec_key_base_spec.rb

@@ -1,5 +1,6 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
 require 'chef/knife/ec_key_base'
+require 'chef/automate'
 
 class KeyBaseTester < Chef::Knife
   include Chef::Knife::EcKeyBase
@@ -9,15 +10,16 @@ describe Chef::Knife::EcKeyBase do
   let (:knife) { KeyBaseTester.new }
 
   let(:running_server_postgresql_sql_config_json) {
-    '{"private_chef": { "opscode-erchef":{}, "postgresql": { "sql_user": "jiminy", "sql_password": "secret"} }, "postgresql": { "sql_user": "jiminy", "sql_password": "secret"} }'
+    '{"private_chef": { "opscode-erchef":{}, "postgresql": { "sql_user": "jiminy", "sql_password": "secret"} } }'
   }
 
 
   let(:running_server_erchef_config_json) {
-    '{"private_chef": { "opscode-erchef": { "sql_user": "cricket", "sql_password": "secrete"}}, "opscode_erchef": { "sql_user": "cricket", "sql_password": "secrete"}}'
+    '{"private_chef": { "opscode-erchef": { "sql_user": "cricket", "sql_password": "secrete"} } }'
   }
   describe "#load_config_from_file!" do
     before(:each) do
+      allow(Chef::Automate).to receive(:is_installed?).and_return(false)
       allow(File).to receive(:exists?).and_return(true)
       allow(File).to receive(:size).and_return(1)
     end

data/spec/chef/knife/ec_key_export_spec.rb

@@ -1,8 +1,8 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
 require 'chef/knife/ec_key_export'
 require 'sequel'
-require 'json'
-require 'securerandom'
+require 'json' unless defined?(JSON)
+require 'securerandom' unless defined?(SecureRandom)
 require 'fakefs/spec_helpers'
 
 def user_record(name)

data/spec/chef/knife/ec_restore_spec.rb

@@ -3,6 +3,7 @@ require 'chef/knife/ec_restore'
 require 'fakefs/spec_helpers'
 require_relative './ec_error_handler_spec'
 require "chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir"
+require 'net/http'
 
 def make_user(username)
   FileUtils.mkdir_p("/users")
@@ -58,7 +59,7 @@ describe Chef::Knife::EcRestore do
       @knife.restore_open_invitations("foo")
     end
 
-    it "does NOT fail if an inivitation already exists" do
+    it "does NOT fail if an invitation already exists" do
       make_org "foo"
       allow(@rest).to receive(:post).with("organizations/foo/association_requests", {"user" => "bob"}).and_return(net_exception(409))
       allow(@rest).to receive(:post).with("organizations/foo/association_requests", {"user" => "jane"}).and_return(net_exception(409))

data/spec/chef/server_spec.rb

@@ -1,7 +1,7 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
 require 'chef/server'
 require 'chef/server_api'
-require 'stringio'
+require 'stringio' unless defined?(StringIO)
 
 describe Chef::Server do
   before(:each) do
@@ -9,7 +9,7 @@ describe Chef::Server do
     allow(Chef::ServerAPI).to receive(:new).and_return(@rest)
   end
 
-  it "infers root url from a Chef Server url" do
+  it "infers root url from a Chef Infra Server url" do
     s = Chef::Server.from_chef_server_url("http://api.example.com/organizations/foobar")
     expect(s.root_url).to eq("http://api.example.com")
   end
@@ -28,22 +28,22 @@ describe Chef::Server do
 
   it "determines the running omnibus server version" do
     s = Chef::Server.new('http://api.example.com')
-    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 1.8.1\nother stuff\nother stuff"))
+    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 1.8.1\nother stuff\nother stuff"))
     expect(s.version.to_s).to eq('1.8.1')
   end
 
   it "ignores git tags when determining the version" do
     s = Chef::Server.new("http://api.example.com")
-    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 1.8.1+20141024080718.git.16.08098a5\nother stuff\nother stuff"))
+    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 1.8.1+20141024080718.git.16.08098a5\nother stuff\nother stuff"))
     expect(s.version.to_s).to eq("1.8.1")
   end
 
   it "knows whether the server supports user ACLs via nginx" do
     s1 = Chef::Server.new("http://api.example.com")
-    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 11.0.0\nother stuff\nother stuff"))
+    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 11.0.0\nother stuff\nother stuff"))
     expect(s1.supports_user_acls?).to eq(false)
     s2 = Chef::Server.new("http://api.example.com")
-    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 11.0.2\nother stuff\nother stuff"))
+    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 11.0.2\nother stuff\nother stuff"))
     expect(s2.supports_user_acls?).to eq(true)
   end
 
@@ -61,10 +61,10 @@ describe Chef::Server do
 
   it "knows that public_key_read_access was implemented in 12.5.0" do
     before = Chef::Server.new("http://api.example.com")
-    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 12.4.1\nother stuff\nother stuff"))
+    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 12.4.1\nother stuff\nother stuff"))
     expect(before.supports_public_key_read_access?).to eq(false)
     after = Chef::Server.new("http://api.example.com")
-    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 12.6.0\nother stuff\nother stuff"))
+    allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 12.6.0\nother stuff\nother stuff"))
     expect(after.supports_public_key_read_access?).to eq(true)
   end
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: knife-ec-backup
 version: !ruby/object:Gem::Version
-  version: 2.4.7
+  version: 3.0.0
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-19 00:00:00.000000000 Z
+date: 2022-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.9'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -91,6 +91,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- lib/chef/automate.rb
 - lib/chef/knife/ec_backup.rb
 - lib/chef/knife/ec_base.rb
 - lib/chef/knife/ec_error_handler.rb
@@ -114,7 +115,7 @@ files:
 - spec/spec_helper.rb
 homepage: https://www.chef.io
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -124,14 +125,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Backup and Restore of Enterprise Chef