knife-google 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 99ff46ae852794142abaae910482f89dd799b057
-  data.tar.gz: 2e76ef1b04265a9271a7664a2cd9488eb74c357b
+  metadata.gz: c84f9e43200cfc6b1555609603026d09b38810a0
+  data.tar.gz: 9f6abcc11414666ce8a37b8fa2ffc5c1dcd177c5
 SHA512:
-  metadata.gz: 98d48fa470acd31b44a668c15ea2a35026bf87a047ee3ac6faf415556fc379a3d22ca687c1ca317727d0df9d45c48688b38c8ef66cfabdcf10fab4e5c19cfd2e
-  data.tar.gz: 3731acd0adf71b71771a36568d452e8bf817cb9b69d30fbcfd7fb16487f3ead978bff21f627e7a594fd20086c1f999fe0de4fd20fb54103fcd99cb56ec8115e2
+  metadata.gz: e72acb4b9f20c123a7da556700216f9c21d4469623585c9a5d9f9266160c5c21e1f9aaf3a57777a3c715973d156dd65ad675a3b355edd99424314221ac673afa
+  data.tar.gz: 817ef80036e1a6dce5a2a8400a54d54b2caa2f3c102cc60665427c0509dacaf2186f493c503681c3c0a50d7aeffc1e22a12e6a4f3208fe14a0573e10f14f2b65

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # knife-google Change Log
 
+## v2.1.0 (2016-03-04
+ * [pr#99](https://github.com/chef/knife-google/pull/99) Support service account scope aliases, similar to the gcloud SDK
+ * [pr#101](https://github.com/chef/knife-google/pull/101) Set the application name and version on the API object for proper user-agent formatting
+
 ## v2.0.0 (2016-03-01)
  * [pr#94](https://github.com/chef/knife-google/pull/94) Full rewrite using knife-cloud, newer Google API client library, Windows instance support, and better user feedback.
 

data/README.md

@@ -4,9 +4,16 @@
 [![Build Status](https://travis-ci.org/chef/knife-google.svg?branch=master)](https://travis-ci.org/chef/knife-google)
 [![Dependency Status](https://gemnasium.com/chef/knife-google.svg)](https://gemnasium.com/chef/knife-google)
 
-A plugin for Chef's [knife](https://docs.chef.io/knife.html) tool to create and manage
-[Google Compute Engine](https://cloud.google.com/products/compute-engine)
-resources.
+## Overview
+
+This is the official Chef [Knife](http://docs.chef.io/knife.html) plugin for
+[Google Compute Engine](https://cloud.google.com/products/compute-engine).
+This plugin gives knife the ability to create, bootstrap, and manage
+Google Compute Engine (GCE) instances.
+
+## Compatibility
+
+This plugin has been tested with Chef 12.x and uses the [Google API Ruby Client](https://github.com/google/google-api-ruby-client).
 
 # Getting Started
 
@@ -37,7 +44,7 @@ gem "knife-google", "~> 2.0"
 Before getting started with this plugin, you must first create a
 [Google Cloud Platform](https://cloud.google.com/) (GCP) "project" and add the
 Google Compute Engine service to your project.  While GCP has many other services,
-such as App Enging and Cloud Storage, this plugin only provides an integration with
+such as App Engine and Cloud Storage, this plugin only provides an integration with
 Google Compute Engine (GCE). 
 
 ## Authentication and Authorization
@@ -51,11 +58,13 @@ Google Cloud API. The auth library expects that there is a JSON credentials file
 The easiest way to create this is to download and install the [Google Cloud SDK](https://cloud.google.com/sdk/) and run the
 `gcloud auth login` command which will create the credentials file for you.
 
-If you already have a file you'd like to use that is in a different location, set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable with the full path to that file
+If you already have a file you'd like to use that is in a different location, set the
+`GOOGLE_APPLICATION_CREDENTIALS` environment variable with the full path to that file.
 
 ##  Configuration
 
-All knife-google commands require a project name and zone name to be supplied. You can supply these on the command line:
+All knife-google commands require a project name, and most commands require zone name to be supplied.
+You can supply these on the command line:
 
 ```sh
 knife google server list --gce-project my-test-project --gce-zone us-east1-b
@@ -72,7 +81,18 @@ knife[:gce_zone]    = 'us-east1-b'
 
 In order to Linux bootstrap nodes, you will first need to ensure your SSH
 keys are set up correctly. Ensure your SSH public key is properly entered 
-into your project's Metadata tab in the GCP Console. 
+into your project's Metadata tab in the GCP Console. GCE will add your key
+to the appropriate user's `~/.ssh/authorized_keys` file when Chef first
+connects to perform the bootstrap process.
+
+ * If you don't have one, create a key using `ssh-keygen`
+ * Log in to the GCP console, select your project, go to Compute Engine, and go to the Metadata tab.
+ * Select the "SSH Keys" tab.
+ * Add a new item, and paste in your public key.
+    * Note: to change the username automatically detected for the key, prefix your key with the username
+      you plan to use as the `--ssh-user` when creating a server. For example, if you plan to connect
+      as "chefuser", your key should look like: `chefuser:ssh-rsa AAAAB3N...`
+ * Click "Save".
 
 You can find [more information on configuring SSH keys](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys) in
 the Google Compute Engine documentation.
@@ -136,6 +156,9 @@ None.
 
 Display all regions available to the currently-configured project, what each region's status is, and what zones exist in each region.
 
+Regions are collections of zones. For additional information on regions, please
+refer to the [GCE documentation](https://cloud.google.com/compute/docs/zones).
+
 ### Parameters
 
 None.
@@ -150,7 +173,12 @@ None.
 
 ## knife google server create INSTANCE_NAME
 
-Create a GCE server instance and bootstrap it with Chef.
+Create a GCE server instance and bootstrap it with Chef. You must supply an instance name,
+a machine type, and an image to use.
+
+For a Linux instance, Chef will connect to the instance over SSH based on the `--ssh-user`
+parameter. This user must have SSH keys configured properly in the project's metadata.
+See the [SSH Keys](#ssh-keys) section for more information.
 
 ### Parameters
 
@@ -171,7 +199,7 @@ Create a GCE server instance and bootstrap it with Chef.
  * **--[no-]gce-can-ip-forward**: If true, the instance will be allowed to perform network forwarding. Defaults to false.
  * **--gce-tags**: A comma-separated list of tag values to add to the instance.
  * **--gce-metadata**: A comma-separated list of key=value pairs to be added to the instance metadata. Example: `--gce-metadata mykey=myvalue,yourkey=yourvalue`
- * **--gce-service-account-scopes**: A comma-separated list of account scopes for this instance. View a list of scoped by running `gcloud compute instances create --help` and searching for the documentation for the `--scopes` parameter. You must supply the full URI (i.e. "https://www.googleapis.com/auth/devstorage.full_control") or the final part of the URI (i.e. "devstorage.full_control"). Alias names (i.e. "storage-rw") are not permitted.
+ * **--gce-service-account-scopes**: A comma-separated list of account scopes for this instance. View a list of scoped by running `gcloud compute instances create --help` and searching for the documentation for the `--scopes` parameter. You must supply the full URI (i.e. "https://www.googleapis.com/auth/devstorage.full_control"), the final part of the URI (i.e. "devstorage.full_control"), or the gcloud alias name (i.e. "storage-rw"). See the output of `gcloud compute instances create --help` for a full list of scopes.
  * **--gce-service-account-name**: the service account name to use when adding service account scopes. This usually looks like an email address and can be created in the Permissions tab of the Google Cloud Console. Defaults to "default"
  * **--gce-use-private-ip**: If true, Chef will attempt to bootstrap the device using the private IP rather than the public IP. Defaulst to false.
  * **--gce-public-ip**: The type of public IP to associate with this instance. If "ephemeral", an ephemeral IP will be assigned. If "none", no public IP will be assigned. If a specific IP address is provided, knife-google will attempt to attach that specific IP address to the instance. Default is "ephemeral".
@@ -187,7 +215,11 @@ knife google server create test-instance-1 --gce-image centos-7-v20160219 --gce-
 
 ## knife google server delete INSTANCE_NAME [INSTANCE_NAME]
 
-Deletes one or more GCE server instance. Additionally, if requested, the client and node object for the given instance will be deleted off of the Chef Server as well.
+Deletes one or more GCE server instance. Additionally, if requested, the client and node object
+for the given instance will be deleted off of the Chef Server as well.
+
+The boot disk will be deleted as well unless `--no-gce-boot-disk-autodelete` was specified during
+the server creation.
 
 ### Parameters
 
@@ -204,6 +236,8 @@ knife google server delete my-instance-1 my-instance-2 --purge
 
 Display the instances in the currently-configured project and zone, their statuses, machine types, IP addresses, and network.
 
+This command will display all instances in the project/zone, even if they weren't created with knife-google.
+
 ### Parameters
 
 None.
@@ -219,6 +253,9 @@ Display information about a single GCE instance, including its status, machine t
 ## knife google zone list
 
 List all available zones in the currently-configured project and what each zone's status is.
+A zone is an isolated location within a region that is independent of other
+zones in the same region. For additional information on zones, please refer
+to the [GCE documentation](https://cloud.google.com/compute/docs/zones).
 
 ### Parameters
 

data/lib/chef/knife/cloud/google_service.rb

@@ -22,6 +22,7 @@ require "chef/knife/cloud/helpers"
 require "chef/knife/cloud/google_service_helpers"
 require "google/apis/compute_v1"
 require "ipaddr"
+require "knife-google/version"
 
 class Chef::Knife::Cloud
   class GoogleService < Service
@@ -29,6 +30,28 @@ class Chef::Knife::Cloud
 
     attr_reader :project, :zone, :wait_time, :refresh_rate, :max_pages, :max_page_size
 
+    SCOPE_ALIAS_MAP = {
+      "bigquery"           => "bigquery",
+      "cloud-platform"     => "cloud-platform",
+      "compute-ro"         => "compute.readonly",
+      "compute-rw"         => "compute",
+      "datastore"          => "datastore",
+      "logging-write"      => "logging.write",
+      "monitoring"         => "monitoring",
+      "monitoring-write"   => "monitoring.write",
+      "service-control"    => "servicecontrol",
+      "service-management" => "service.management",
+      "sql"                => "sqlservice",
+      "sql-admin"          => "sqlservice.admin",
+      "storage-full"       => "devstorage.full_control",
+      "storage-ro"         => "devstorage.read_only",
+      "storage-rw"         => "devstorage.read_write",
+      "taskqueue"          => "taskqueue",
+      "useraccounts-ro"    => "cloud.useraccounts.readonly",
+      "useraccounts-rw"    => "cloud.useraccounts",
+      "userinfo-email"     => "userinfo.email",
+    }
+
     def initialize(options = {})
       @project       = options[:project]
       @zone          = options[:zone]
@@ -43,6 +66,10 @@ class Chef::Knife::Cloud
 
       @connection = Google::Apis::ComputeV1::ComputeService.new
       @connection.authorization = authorization
+      @connection.client_options = Google::Apis::ClientOptions.new.tap do |opts|
+        opts.application_name    = "knife-google"
+        opts.application_version = Knife::Google::VERSION
+      end
 
       @connection
     end
@@ -341,11 +368,20 @@ class Chef::Knife::Cloud
 
       service_account = Google::Apis::ComputeV1::ServiceAccount.new
       service_account.email  = options[:service_account_name]
-      service_account.scopes = options[:service_account_scopes].map { |scope| "https://www.googleapis.com/auth/#{scope}" unless scope.start_with?("https://www.googleapis.com/auth/") }
+      service_account.scopes = options[:service_account_scopes].map { |scope| service_account_scope_url(scope) }
 
       Array(service_account)
     end
 
+    def service_account_scope_url(scope)
+      return scope if scope.start_with?("https://www.googleapis.com/auth/")
+      "https://www.googleapis.com/auth/#{translate_scope_alias(scope)}"
+    end
+
+    def translate_scope_alias(scope_alias)
+      SCOPE_ALIAS_MAP.fetch(scope_alias, scope_alias)
+    end
+
     def instance_tags_for(tags)
       return if tags.nil? || tags.empty?
 

data/lib/knife-google/version.rb

@@ -14,7 +14,7 @@
 #
 module Knife
   module Google
-    VERSION = "2.0.0".freeze
+    VERSION = "2.1.0".freeze
     MAJOR, MINOR, TINY = VERSION.split(".")
   end
 end

data/spec/cloud/google_service_spec.rb

@@ -67,10 +67,19 @@ describe Chef::Knife::Cloud::GoogleService do
   describe '#connection' do
     it "returns a properly configured ComputeService" do
       compute_service = double("compute_service")
+      client_options  = double("client_options")
+
       allow(service).to receive(:connection).and_call_original
+
+      expect(Google::Apis::ClientOptions).to receive(:new).and_return(client_options)
+      expect(client_options).to receive(:application_name=).with("knife-google")
+      expect(client_options).to receive(:application_version=).with(Knife::Google::VERSION)
+
       expect(Google::Apis::ComputeV1::ComputeService).to receive(:new).and_return(compute_service)
       expect(service).to receive(:authorization).and_return("authorization_object")
       expect(compute_service).to receive(:authorization=).with("authorization_object")
+      expect(compute_service).to receive(:client_options=).with(client_options)
+
       expect(service.connection).to eq(compute_service)
     end
   end
@@ -594,6 +603,8 @@ describe Chef::Knife::Cloud::GoogleService do
 
       expect(Google::Apis::ComputeV1::ServiceAccount).to receive(:new).and_return(service_account)
       expect(service_account).to receive(:email=).with("account_name")
+      expect(service).to receive(:service_account_scope_url).with("scope1").and_return("https://www.googleapis.com/auth/scope1")
+      expect(service).to receive(:service_account_scope_url).with("scope2").and_return("https://www.googleapis.com/auth/scope2")
       expect(service_account).to receive(:scopes=).with([
         "https://www.googleapis.com/auth/scope1",
         "https://www.googleapis.com/auth/scope2",
@@ -603,6 +614,28 @@ describe Chef::Knife::Cloud::GoogleService do
     end
   end
 
+  describe '#service_account_scope_url' do
+    it "returns the passed-in scope if it already looks like a scope URL" do
+      scope = "https://www.googleapis.com/auth/fake_scope"
+      expect(service.service_account_scope_url(scope)).to eq(scope)
+    end
+
+    it "returns a properly-formatted scope URL if a short-name or alias is provided" do
+      expect(service).to receive(:translate_scope_alias).with("scope_alias").and_return("real_scope")
+      expect(service.service_account_scope_url("scope_alias")).to eq("https://www.googleapis.com/auth/real_scope")
+    end
+  end
+
+  describe '#translate_scope_alias' do
+    it "returns a scope for a given alias" do
+      expect(service.translate_scope_alias("storage-rw")).to eq("devstorage.read_write")
+    end
+
+    it "returns the passed-in scope alias if nothing matches in the alias map" do
+      expect(service.translate_scope_alias("fake_scope")).to eq("fake_scope")
+    end
+  end
+
   describe '#instance_tags_for' do
     it "returns nil if tags is nil" do
       expect(service.instance_tags_for(nil)).to eq(nil)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: knife-google
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Chiraq Jog
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-01 00:00:00.000000000 Z
+date: 2016-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef