knife-ec-backup 2.4.12 → 2.4.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 312e0c84f3b2b40b6a2824917e31da481007f65f1b82282a18ec441e398220bd
-  data.tar.gz: e2f1962db8526925402afcf73c145f04ffda47263fa8bade5064c2d50f494c3e
+  metadata.gz: ddb6a9c53f5ef60525564d583b9906c746c3af34b8fe25fe92d8e0f362d1f039
+  data.tar.gz: '04987273e967c37af6b3738bac962349f07edc5a4db1a0ec13c0004093adc8af'
 SHA512:
-  metadata.gz: 16f96728387157fad3ef2fe38c18c9597c8c2fc2b6cb295262a7c161fc52d2fddaa40b38e38ad3e4c39af22fbec8dbf4c3bce74b8b0c97da7b22994e3cc2e7c9
-  data.tar.gz: e8bb31bc8fde89b682b2ab3dd8c89c7bc9b885af3f9e21d30e1e3e3875f8beea9ccb228fb3e6c8909300cf79c6bfe24e799b83af85b83b3d0ec348f59959466b
+  metadata.gz: ab40c44efddf1418bf52ed6d329b4e8d4419c927dbdcbfc758440d53b178183747c333c9019bbaec16b59750ec0432e9bf7397bcd651e978445abfe2f4515b4d
+  data.tar.gz: b5a4137aca897ffcf811e1c96fc87b3ffeb435337ac1aaf1a2301ed9ea0683983da8c1991daa9ce5413d6551453de98e2c99c6f8cb1156420f78a5104d9919e6

data/README.md

@@ -18,24 +18,24 @@ text format.  It is similar to the `knife download` and `knife upload`
 commands and uses the same underlying libraries, but also includes
 workarounds for objects not yet supported by those tools and various
 Server API deficiencies.  The long-run goal is to improve `knife
-download`, `knife upload` and the Chef Server API and deprecate this
+download`, `knife upload` and the Chef Infra Server API and deprecate this
 tool.
 
 ## Requirements
 
-This knife plugin requires Chef Client 11.8+.
+This knife plugin requires Chef Infra Client 11.8+.
 
 ### Server Support
 
-This plugin currently supports Enterprise Chef 11 and Chef Server 12+.
+This plugin currently supports Enterprise Chef 11 and Chef Infra Server 12+.
 Support for the beta key rotation features is provided via the
 `--with-keys-sql` flag, but users of this feature should note that
-this may change once the Chef Server supports an API-based export of
+this may change once the Chef Infra Server supports an API-based export of
 the key data.
 
 ## Installation
 
-### Chef Server Install (Recommended)
+### Chef Infra Server Install (Recommended)
 
 This gem is installed with chef-server-core 12.0.0 and newer.
 
@@ -57,6 +57,24 @@ on your system, try the following:
 
    /opt/opscode/embedded/bin/gem install knife-ec-backup -- --with-pg-config=/opt/opscode/embedded/postgresql/9.2/bin/pg_config
 
+This uses the libpq headers that are included in the Chef Infra Server
+package installed in `/opt/opscode`.
+
+### Chef Workstation Install (Unsupported)
+
+On systems other than the Chef Infra Server, installation of this gem is not
+tested or supported. However, if you attempt to do so you will need the
+postgresql libraries installed.
+
+For example, on macOS:
+
+```
+brew install libpq
+gem install knife-ec-backup -- --with-pg-config=/usr/local/Cellar/libpq/9.2/bin/pg_config
+```
+
+The current location of pg_config can be determined with `brew info libpq`.
+
 ## Running tests
 
 ```
@@ -84,8 +102,8 @@ Clone the git repository and run the following from inside:
 ### Permissions
 
 Note that most users in an EC installation lack the permissions to pull all of the data from all organizations and other users.
-This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Server.
-It is recommended that you run this from a frontend Enterprise Chef Server, you can use --user and --key to pass the pivotal information along.
+This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Infra Server.
+It is recommended that you run this from a frontend Enterprise Chef Infra Server, you can use --user and --key to pass the pivotal information along.
 
 ## Subcommands
 
@@ -94,14 +112,14 @@ It is recommended that you run this from a frontend Enterprise Chef Server, you
 The following options are supported across all subcommands:
 
   * `--sql-host`:
-    The hostname of the Chef Server's postgresql server. (default: localhost)
+    The hostname of the Chef Infra Server's postgresql server. (default: localhost)
 
   * `--sql-port`:
-    The postgresql listening port on the Chef Server. (default: 5432)
+    The postgresql listening port on the Chef Infra Server. (default: 5432)
 
   * `--sql-db`:
-    The postgresql Chef Server database name. (default: opscode_chef)
-    Specify 'automate-cs-oc-erchef' when using Automate Chef Server API
+    The postgresql Chef Infra Server database name. (default: opscode_chef)
+    Specify 'automate-cs-oc-erchef' when using Automate Chef Infra Server API
 
   * `--sql-user`:
     The username of postgresql user with access to the opscode_chef
@@ -139,8 +157,8 @@ The following options are supported across all subcommands:
 
   * `--with-key-sql`: Whether to backup/restore key data directly
     from the database.  This requires access to the listening
-    postgresql port on the Chef Server.  This is required to correctly
-    handle keys in Chef Servers with multikey support. This option
+    postgresql port on the Chef Infra Server.  This is required to correctly
+    handle keys in Chef Infra Servers with multikey support. This option
     will only work on `restore` if it was also used during the
     `backup`.
 
@@ -151,7 +169,7 @@ The following options are supported across all subcommands:
     Chef objects.
 
   * `--skip-version-check`:
-    Skip Chef Server version check. This will also skip any auto-configured options (default: false)
+    Skip Chef Infra Server version check. This will also skip any auto-configured options (default: false)
 
   * `--only-org ORG`:
     Only donwload/restore objects in the named organization. Global
@@ -234,7 +252,7 @@ Private Chef server. DEST_DIR should be a backup directory created by
     Server. (default: 10)
 
   * `--skip-version-check`:
-    Skip Chef Server version check. This will
+    Skip Chef Infra Server version check. This will
     also skip any auto-configured options (default: false)
 
   * `--[no-]skip-user-ids`:
@@ -251,8 +269,8 @@ Private Chef server. DEST_DIR should be a backup directory created by
 
   * `--with-key-sql`: Whether to backup/restore key data directly
     from the database.  This requires access to the listening
-    postgresql port on the Chef Server.  This is required to correctly
-    handle keys in Chef Servers with multikey support. This option
+    postgresql port on the Chef Infra Server.  This is required to correctly
+    handle keys in Chef Infra Servers with multikey support. This option
     will only work on `restore` if it was also used during the
     `backup`.
 
@@ -268,7 +286,7 @@ Private Chef server. DEST_DIR should be a backup directory created by
 
 ### knife ec key export [FILENAME]
 
-Create a json representation of the users table from the Chef Server
+Create a json representation of the users table from the Chef Infra Server
 database.  If no argument is given, the name of the backup is
 `key_dump.json`.
 
@@ -278,7 +296,7 @@ Please note, most users should use `knife ec backup` with the
 ### knife ec key import [FILENAME]
 
 Import a json representation of the users table from FILENAME to the
-the Chef Server database.  If no argument is given, the filename is
+the Chef Infra Server database.  If no argument is given, the filename is
 assumed to be `key_dump.json`.
 
 Please note, most user should use `knife ec restore` with the
@@ -287,11 +305,11 @@ Please note, most user should use `knife ec restore` with the
 ## Known Bugs
 
 - knife-ec-backup cannot be installed in the embedded gemset of Chef
-  Server 12.  This will be resolved in a future Chef Server release.
+  Server 12.  This will be resolved in a future Chef Infra Server release.
 
 - `knife ec restore` can fail to restore cookbooks, failing with an
   internal server error. A common cause of this problem is a
-  concurrency bug in Chef Server. Setting `--concurrency 1` can often
+  concurrency bug in Chef Infra Server. Setting `--concurrency 1` can often
   work around the issue.
 
 - `knife ec restore` can fail if the pool of pre-created organizations

data/lib/chef/automate.rb

@@ -0,0 +1,18 @@
+class Chef
+  class Automate
+    def self.is_installed?
+      File.exists?('/hab/svc/automate-cs-oc-erchef/')
+    end
+
+    def self.config
+      {
+        sql_user: 'automate-cs-oc-erchef',
+        sql_cert: '/hab/svc/automate-cs-oc-erchef/config/service.crt',
+        sql_key: '/hab/svc/automate-cs-oc-erchef/config/service.key',
+        sql_rootcert: '/hab/svc/automate-cs-oc-erchef/config/root_ca.crt',
+        sql_db: 'automate-cs-oc-erchef',
+        webui_key: '/hab/svc/automate-cs-oc-erchef/data/webui_priv.pem'
+      }
+    end
+  end
+end

data/lib/chef/knife/ec_base.rb

@@ -18,9 +18,10 @@
 
 require 'chef/knife'
 require 'chef/server_api'
-require 'veil'
+require 'veil' unless defined?(Veil)
 require_relative 'ec_error_handler'
 require 'ffi_yajl' unless defined?(FFI_Yajl)
+require_relative '../automate'
 
 class Chef
   class Knife
@@ -41,7 +42,7 @@ class Chef
 
           option :webui_key,
             :long => '--webui-key KEYPATH',
-            :description => 'Path to the WebUI Key (default: Read from secrets store or /etc/opscode/webui_priv.pem)'
+            :description => 'Path to the WebUI Key (default: Read from secrets store or /etc/opscode/webui_priv.pem or /hab/svc/automate-cs-oc-erchef/data/webui_priv.pem)'
 
           option :secrets_file_path,
             :long => '--secrets-file PATH',
@@ -76,8 +77,7 @@ class Chef
 
           option :sql_db,
             :long => '--sql-db DBNAME',
-            :description => 'Postgresql Chef Server database name (default: opscode_chef)',
-            :default => "opscode_chef"
+            :description => 'Postgresql Chef Server database name (default: opscode_chef or automate-cs-oc-erchef)'
 
           option :sql_user,
             :long => "--sql-user USERNAME",
@@ -87,6 +87,18 @@ class Chef
             :long => "--sql-password PASSWORD",
             :description => 'Password used to connect to the postgresql database'
 
+          option :sql_cert,
+            :long => "--sql-cert ",
+            :description => 'Path to client ssl cert'
+
+          option :sql_key,
+            :long => "--sql-key PATH",
+            :description => 'Path to client ssl key'
+
+          option :sql_rootcert,
+          :long => "--sql-rootcert ",
+          :description => 'Path to root ssl cert'
+
           option :with_user_sql,
             :long => '--with-user-sql',
             :description => 'Try direct data base access for user export/import.  Required to properly handle passwords, keys, and USAGs'
@@ -200,6 +212,8 @@ class Chef
       def webui_key
         if config[:webui_key]
           config[:webui_key]
+        elsif Chef::Automate.is_installed?
+          config[:webui_key] = Chef::Automate.config[:webui_key]
         elsif veil.exist?("chef-server", "webui_key")
           temporary_webui_key
         else

data/lib/chef/knife/ec_key_base.rb

@@ -17,6 +17,7 @@
 #
 
 require 'chef/knife'
+require 'veil'
 
 class Chef
   class Knife
@@ -28,6 +29,7 @@ class Chef
           deps do
             require 'sequel'
             require 'json' unless defined?(JSON)
+            require_relative '../automate'
           end
 
           option :sql_host,
@@ -42,8 +44,7 @@ class Chef
 
           option :sql_db,
           :long => '--sql-db DBNAME',
-          :description => 'Postgresql Chef Server database name (default: opscode_chef)',
-          :default => "opscode_chef"
+          :description => 'Postgresql Chef Server database name (default: opscode_chef or automate-cs-oc-erchef)'
 
           option :sql_user,
           :long => "--sql-user USERNAME",
@@ -53,6 +54,18 @@ class Chef
           :long => "--sql-password PASSWORD",
           :description => 'Password used to connect to the postgresql database'
 
+          option :sql_cert,
+          :long => "--sql-cert ",
+          :description => 'Path to client ssl cert'
+
+          option :sql_key,
+          :long => "--sql-key PATH",
+          :description => 'Path to client ssl key'
+
+          option :sql_rootcert,
+          :long => "--sql-rootcert ",
+          :description => 'Path to root ssl cert'
+
           option :secrets_file_path,
           :long => '--secrets-file PATH',
           :description => 'Path to a valid private-chef-secrets.json file (default: /etc/opscode/private-chef-secrets.json)',
@@ -73,27 +86,44 @@ class Chef
       def db
         @db ||= begin
                   require 'sequel'
-                  server_string = "#{config[:sql_user]}:#{config[:sql_password]}@#{config[:sql_host]}:#{config[:sql_port]}/#{config[:sql_db]}"
-                  ::Sequel.connect("postgres://#{server_string}", :convert_infinite_timestamps => :string)
+                  require 'uri'
+                  server_uri = URI('postgres://')
+                  server_uri.host = config[:sql_host]
+                  server_uri.port = config[:sql_port]
+                  server_uri.user = URI.encode_www_form_component(config[:sql_user]) if config[:sql_user]
+                  server_uri.password = URI.encode_www_form_component(config[:sql_password]) if config[:sql_password]
+                  query_params = []
+                  query_params.push("sslcert=#{config[:sql_cert]}") if config[:sql_cert]
+                  query_params.push("sslkey=#{config[:sql_key]}") if config[:sql_key]
+                  query_params.push("sslrootcert=#{config[:sql_rootcert]}") if config[:sql_rootcert]
+                  server_uri.query = query_params.join("&") if query_params.length > 0
+
+                  ::Sequel.connect(server_uri.to_s, :convert_infinite_timestamps => :string)
                 end
       end
 
       # Loads SQL user and password from running config if not passed
       # as a command line option
       def load_config_from_file!
-        if ! File.exists?("/etc/opscode/chef-server-running.json")
-          ui.fatal "SQL User or Password not provided as option and running config cannot be found!"
-          exit 1
+        if Chef::Automate.is_installed?
+          ui.msg "Automate detected"
+          config.merge! Chef::Automate.config {|key, v1, v2| v1}
         else
-          running_config ||= JSON.parse(File.read("/etc/opscode/chef-server-running.json"))
-          # Latest versions of chef server put the database info under opscode-erchef.sql_user
-          hash_key = if running_config['private_chef']['opscode-erchef'].has_key? 'sql_user'
-                       'opscode-erchef'
-                     else
-                       'postgresql'
-                     end
-          config[:sql_user] ||= running_config['private_chef'][hash_key]['sql_user']
-          config[:sql_password] ||= sql_password
+          if ! File.exists?("/etc/opscode/chef-server-running.json")
+            ui.fatal "SQL User or Password not provided as option and running config cannot be found!"
+            exit 1
+          else
+            running_config ||= JSON.parse(File.read("/etc/opscode/chef-server-running.json"))
+            # Latest versions of chef server put the database info under opscode-erchef.sql_user
+            hash_key = if running_config['private_chef']['opscode-erchef'].has_key? 'sql_user'
+                        'opscode-erchef'
+                      else
+                        'postgresql'
+                      end
+            config[:sql_user] ||= running_config['private_chef'][hash_key]['sql_user']
+            config[:sql_password] ||= (running_config['private_chef'][hash_key]['sql_password'] || sql_password)
+            config[:sql_db] ||= 'opscode_chef'
+          end
         end
       end
 

data/lib/knife_ec_backup/version.rb

@@ -1,4 +1,4 @@
 # when you change this to double quotes, also update .expeditor/update_version.sh
 module KnifeECBackup
-  VERSION = '2.4.12'
+  VERSION = '2.4.15'
 end

data/spec/chef/knife/ec_backup_spec.rb

@@ -38,6 +38,8 @@ describe Chef::Knife::EcBackup do
     allow(@knife).to receive(:rest).and_return(@rest)
     allow(@knife).to receive(:user_acl_rest).and_return(@rest)
     allow_any_instance_of(Chef::Knife::EcBase).to receive(:dest_dir).and_return(dest_dir)
+    allow(@knife.ui).to receive(:msg)
+    allow(@knife.ui).to receive(:error)
   end
 
   describe "#for_each_user" do

data/spec/chef/knife/ec_key_base_spec.rb

@@ -1,5 +1,6 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec_helper"))
 require 'chef/knife/ec_key_base'
+require 'chef/automate'
 
 class KeyBaseTester < Chef::Knife
   include Chef::Knife::EcKeyBase
@@ -9,15 +10,16 @@ describe Chef::Knife::EcKeyBase do
   let (:knife) { KeyBaseTester.new }
 
   let(:running_server_postgresql_sql_config_json) {
-    '{"private_chef": { "opscode-erchef":{}, "postgresql": { "sql_user": "jiminy", "sql_password": "secret"} }, "postgresql": { "sql_user": "jiminy", "sql_password": "secret"} }'
+    '{"private_chef": { "opscode-erchef":{}, "postgresql": { "sql_user": "jiminy", "sql_password": "secret"} } }'
   }
 
 
   let(:running_server_erchef_config_json) {
-    '{"private_chef": { "opscode-erchef": { "sql_user": "cricket", "sql_password": "secrete"}}, "opscode_erchef": { "sql_user": "cricket", "sql_password": "secrete"}}'
+    '{"private_chef": { "opscode-erchef": { "sql_user": "cricket", "sql_password": "secrete"} } }'
   }
   describe "#load_config_from_file!" do
     before(:each) do
+      allow(Chef::Automate).to receive(:is_installed?).and_return(false)
       allow(File).to receive(:exists?).and_return(true)
       allow(File).to receive(:size).and_return(1)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: knife-ec-backup
 version: !ruby/object:Gem::Version
-  version: 2.4.12
+  version: 2.4.15
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-21 00:00:00.000000000 Z
+date: 2021-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -91,6 +91,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- lib/chef/automate.rb
 - lib/chef/knife/ec_backup.rb
 - lib/chef/knife/ec_base.rb
 - lib/chef/knife/ec_error_handler.rb
@@ -114,7 +115,7 @@ files:
 - spec/spec_helper.rb
 homepage: https://www.chef.io
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -131,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Backup and Restore of Enterprise Chef