knife-google 1.2.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG.md +14 -0
- data/README.md +19 -8
- data/RELEASE_NOTES.md +27 -0
- data/lib/chef/knife/google_base.rb +4 -0
- data/lib/chef/knife/google_server_create.rb +16 -0
- data/lib/google/compute/client.rb +43 -28
- data/lib/knife-google/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZTFlMWVhYzJkYjU0NmRhNGFmNThmZmQwZjc2Y2JlYmZkMzMxMDc5Yw==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
ODk4M2I4ODEwYjkwNzg3ODI4ZTIzNmM1NDllMWNhNmU2MmE0OTI0Nw==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
NDBiZDgyMGU4NmIzNTAzNmFiYmVjODg2ZGJlNzZiNTBmNzJhODlhOTk3NWE3
|
10
|
+
NTA0ZTI4NzZmOTIzMTFhZGMzNzIwY2RlYTIzMmUxNTA2ZjViZDAxZjUwZDM5
|
11
|
+
NTg0MjQ2YzIxZGVhMzY5N2YzZDNmYTExNThlZDM4YmMyOTI2NjM=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
MjQ0MDU5YmUyYjFlYWVlNTJkYzQyOTcxZjY0M2M2N2MxZDJkNzJjYzBkMDc4
|
14
|
+
MGZjODIyYjA4M2M4NDBiNTQ2OGI0YWZkYjE3NTQwNTA4MGI3ZTk0YTZhMjky
|
15
|
+
ODkzY2Q0YzhjNWI4NDQwNDRmMGQzNjY1MzY3NDE1NjFmOWJmNTc=
|
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
@@ -99,11 +99,11 @@ with root/Administrator privileges.
|
|
99
99
|
|
100
100
|
For initial setup, you must first have created your Google Cloud Platform
|
101
101
|
project, enabled Google Compute Engine, and set up the Client ID described
|
102
|
-
above. Run the 'setup' sub-command and supply the Project ID
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
102
|
+
above. Run the 'setup' sub-command and supply the Project ID, the Client
|
103
|
+
ID, Client secret, and authorization tokens when prompted. It will also
|
104
|
+
prompt you to open a URL in a browser. Make sure sure the you are logged
|
105
|
+
in with the Google account associated with the project and client
|
106
|
+
id/secrete in order to authorize the plugin.
|
107
107
|
|
108
108
|
```sh
|
109
109
|
knife google setup
|
@@ -148,7 +148,7 @@ Some usage examples follow:
|
|
148
148
|
$ knife google zone list
|
149
149
|
|
150
150
|
# List all servers (including those that may not be managed by Chef)
|
151
|
-
$ knife google server list -Z us-
|
151
|
+
$ knife google server list -Z us-central1-a
|
152
152
|
|
153
153
|
# Create a server
|
154
154
|
$ knife google server create www1 -m n1-standard-1 -I debian-7-wheezy-v20131120 -Z us-central1-a -i ~/.ssh/id_rsa -x jdoe
|
@@ -157,7 +157,7 @@ Some usage examples follow:
|
|
157
157
|
$ knife google server create www1 -m n1-standard-1 -I debian-7-wheezy-v20131120 -Z us-central1-a -i ~/.ssh/id_rsa -x jdoe --gce-service-account-scopes https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/devstorage.full_control
|
158
158
|
|
159
159
|
# Delete a server (along with Chef node and API client via --purge)
|
160
|
-
$ knife google server delete www1 --purge -Z us-
|
160
|
+
$ knife google server delete www1 --purge -Z us-central1-a
|
161
161
|
```
|
162
162
|
|
163
163
|
For a full list of commands, run `knife google` without additional arguments:
|
@@ -243,7 +243,6 @@ The output for `knife google zone list` should look similar to:
|
|
243
243
|
europe-west1-b up - 2014-03-15 12:00:00 -0700 to 2014-03-30 12:00:00 -0700
|
244
244
|
us-central1-a up - -
|
245
245
|
us-central1-b up - -
|
246
|
-
us-central2-a up - 2013-12-31 12:00:00 -0800 to 2014-07-01 12:00:00 -0700
|
247
246
|
```
|
248
247
|
|
249
248
|
### knife google region list
|
@@ -396,6 +395,18 @@ Standard rake commands for building, installing, testing, and uninstalling the m
|
|
396
395
|
$ rake uninstall
|
397
396
|
```
|
398
397
|
|
398
|
+
## Versioning and Release Protocol
|
399
|
+
|
400
|
+
Knife-google is released by the maintainer of this source repository to the gem
|
401
|
+
repository at [RubyGems](https://rubygems.org). Releases are versioned
|
402
|
+
according to [SemVer](http://semver.org) as much as possible, with a specific
|
403
|
+
provision for GCE API changes:
|
404
|
+
|
405
|
+
* When the implementation of knife-google switches to a new GCE API revision,
|
406
|
+
the minor version **MUST** be incremented.
|
407
|
+
|
408
|
+
The version number of the release is simply the gem version. All releases to RubyGems **MUST** be tagged in git with the version number of the release.
|
409
|
+
|
399
410
|
## Contributing
|
400
411
|
* See [CONTRIB.md](https://github.com/opscode/knife-google/blob/master/CONTRIB.md)
|
401
412
|
|
data/RELEASE_NOTES.md
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
<!---
|
2
|
+
This file is reset every time a new release is done. The contents of this file are for the currently unreleased version.
|
3
|
+
|
4
|
+
Example Note:
|
5
|
+
|
6
|
+
## Example Heading
|
7
|
+
Details about the thing that changed that needs to get included in the Release Notes in markdown.
|
8
|
+
-->
|
9
|
+
# knife-google 1.3.1 Release Notes :
|
10
|
+
This release of knife-google contains a fix for an issue where access tokens
|
11
|
+
could expire during long-running operations such as `knife google server
|
12
|
+
create`. If you've experienced intermittent failures with your usage of the
|
13
|
+
knife-google plug-in, you should consider upgrading to this version.
|
14
|
+
|
15
|
+
Thanks go to Eric Johnson at Google for the fix.
|
16
|
+
|
17
|
+
## knife-google on RubyGems and Github
|
18
|
+
https://rubygems.org/gems/knife-google
|
19
|
+
https://github.com/opscode/knife-google
|
20
|
+
|
21
|
+
## Issues fixed in knife-google 1.3.1
|
22
|
+
|
23
|
+
* KNIFE-473: knife-google should refresh access token
|
24
|
+
|
25
|
+
## knife-google Breaking Changes:
|
26
|
+
|
27
|
+
None.
|
@@ -201,6 +201,17 @@ class Chef
|
|
201
201
|
Chef::Config[:knife][:hints][name] = path ? JSON.parse(::File.read(path)) : Hash.new
|
202
202
|
}
|
203
203
|
|
204
|
+
option :secret,
|
205
|
+
:short => "-s SECRET",
|
206
|
+
:long => "--secret ",
|
207
|
+
:description => "The secret key to use to encrypt data bag item values",
|
208
|
+
:proc => lambda { |s| Chef::Config[:knife][:secret] = s }
|
209
|
+
|
210
|
+
option :secret_file,
|
211
|
+
:long => "--secret-file SECRET_FILE",
|
212
|
+
:description => "A file containing the secret key to use to encrypt data bag item values",
|
213
|
+
:proc => lambda { |sf| Chef::Config[:knife][:secret_file] = sf }
|
214
|
+
|
204
215
|
def tcp_test_ssh(hostname, ssh_port)
|
205
216
|
tcp_socket = TCPSocket.new(hostname, ssh_port)
|
206
217
|
readable = IO.select([tcp_socket], nil, nil, 5)
|
@@ -307,6 +318,11 @@ class Chef
|
|
307
318
|
bootstrap.config[:use_sudo] = true unless config[:ssh_user] == 'root'
|
308
319
|
bootstrap.config[:template_file] = config[:template_file]
|
309
320
|
bootstrap.config[:environment] = config[:environment]
|
321
|
+
bootstrap.config[:encrypted_data_bag_secret] = locate_config_value(:encrypted_data_bag_secret)
|
322
|
+
bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:encrypted_data_bag_secret_file)
|
323
|
+
bootstrap.config[:secret] = locate_config_value(:secret)
|
324
|
+
bootstrap.config[:secret_file] = locate_config_value(:secret_file)
|
325
|
+
|
310
326
|
# may be needed for vpc_mode
|
311
327
|
bootstrap.config[:host_key_verify] = config[:host_key_verify]
|
312
328
|
# Modify global configuration state to ensure hint gets set by
|
@@ -32,14 +32,18 @@ module Google
|
|
32
32
|
api_client.authorization = authorization
|
33
33
|
api_client.auto_refresh_token = true
|
34
34
|
@project = project
|
35
|
-
|
36
|
-
|
35
|
+
if !credential_file
|
36
|
+
@credential_file = File.expand_path(DEFAULT_FILE)
|
37
|
+
else
|
38
|
+
@credential_file = File.expand_path(credential_file)
|
39
|
+
end
|
40
|
+
@dispatcher = APIDispatcher.new(:project=>project, :api_client=>api_client, :credential_file=>@credential_file)
|
37
41
|
end
|
38
42
|
|
39
43
|
def self.from_json(filename = nil)
|
40
44
|
filename ||= File.expand_path(DEFAULT_FILE)
|
41
45
|
begin
|
42
|
-
|
46
|
+
credential_data = MultiJson.load(File.read(filename))
|
43
47
|
rescue
|
44
48
|
$stdout.print "Error reading CREDENTIAL_FILE, please run 'knife google setup'\n"
|
45
49
|
exit 1
|
@@ -49,11 +53,12 @@ module Google
|
|
49
53
|
end
|
50
54
|
|
51
55
|
def self.setup
|
52
|
-
|
56
|
+
credential_file ||= File.expand_path(DEFAULT_FILE)
|
57
|
+
$stdout.print "Enter Project ID (ex: my-gce-project): "
|
53
58
|
project = $stdin.gets.chomp
|
54
|
-
$stdout.print "Enter
|
59
|
+
$stdout.print "Enter Client ID (ex: 123abc4.apps.googleusercontent.com): "
|
55
60
|
client_id = $stdin.gets.chomp
|
56
|
-
$stdout.print "Enter
|
61
|
+
$stdout.print "Enter Client secret: "
|
57
62
|
client_secret = $stdin.gets.chomp
|
58
63
|
authorization_uri = "https://accounts.google.com/o/oauth2/auth"
|
59
64
|
token_credential_uri ="https://accounts.google.com/o/oauth2/token"
|
@@ -82,27 +87,30 @@ module Google
|
|
82
87
|
api_client.authorization.fetch_access_token!
|
83
88
|
rescue Faraday::Error::ConnectionFailed => e
|
84
89
|
raise ConnectionFail,
|
85
|
-
"The SSL certificates validation may not configured for this system. Please refer README to configured SSL certificates validation"
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
90
|
+
"The SSL certificates validation may not configured for this system. Please refer README to configured SSL certificates validation"
|
91
|
+
end
|
92
|
+
save_credentials(project, api_client, credential_file)
|
93
|
+
end
|
94
|
+
|
95
|
+
def self.save_credentials(project, api_client, credential_file)
|
96
|
+
scope = api_client.authorization.scope
|
97
|
+
client_id = api_client.authorization.client_id
|
98
|
+
client_secret = api_client.authorization.client_secret
|
99
|
+
redirect_uri = api_client.authorization.redirect_uri
|
100
|
+
authorization_uri = "https://accounts.google.com/o/oauth2/auth"
|
101
|
+
access_token = api_client.authorization.access_token
|
102
|
+
refresh_token = api_client.authorization.refresh_token
|
103
|
+
id_token = api_client.authorization.id_token
|
104
|
+
expires_in = api_client.authorization.expires_in
|
105
|
+
issued_at = api_client.authorization.issued_at.to_s
|
106
|
+
|
107
|
+
File.open(credential_file,'w+') do |f|
|
108
|
+
f.write(MultiJson.dump({"authorization_uri" => authorization_uri,
|
109
|
+
"token_credential_uri"=>"https://accounts.google.com/o/oauth2/token",
|
110
|
+
"scope"=>scope,"redirect_uri"=>redirect_uri, "client_id"=>client_id,
|
111
|
+
"client_secret"=>client_secret, "access_token"=>access_token,
|
112
|
+
"expires_in"=>expires_in,"refresh_token"=> refresh_token, "id_token"=>id_token,
|
113
|
+
"issued_at"=>issued_at,"project"=>project }, :pretty=>true))
|
106
114
|
end
|
107
115
|
end
|
108
116
|
|
@@ -159,11 +167,12 @@ module Google
|
|
159
167
|
end
|
160
168
|
|
161
169
|
class APIDispatcher
|
162
|
-
attr_reader :project, :api_client
|
170
|
+
attr_reader :project, :api_client, :credential_file
|
163
171
|
|
164
172
|
def initialize(opts)
|
165
173
|
@project= opts[:project]
|
166
174
|
@api_client = opts[:api_client]
|
175
|
+
@credential_file = opts[:credential_file]
|
167
176
|
end
|
168
177
|
|
169
178
|
def compute
|
@@ -186,6 +195,12 @@ module Google
|
|
186
195
|
raise ResourceNotFound, result.response.body
|
187
196
|
elsif error_code == 400
|
188
197
|
raise BadRequest, result.response.body
|
198
|
+
elsif error_code == 401
|
199
|
+
# ok, our credentials aren't working, we need
|
200
|
+
# to get a new refresh token and retry
|
201
|
+
@api_client.authorization.fetch_access_token!
|
202
|
+
Client.save_credentials(@project, @api_client, @credential_file)
|
203
|
+
return dispatch(opts)
|
189
204
|
else
|
190
205
|
raise BadRequest, result.response.body
|
191
206
|
end
|
data/lib/knife-google/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knife-google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chiraq Jog
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2014-
|
15
|
+
date: 2014-04-28 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: chef
|
@@ -123,10 +123,12 @@ extra_rdoc_files:
|
|
123
123
|
files:
|
124
124
|
- .gitignore
|
125
125
|
- .travis.yml
|
126
|
+
- CHANGELOG.md
|
126
127
|
- CONTRIB.md
|
127
128
|
- Gemfile
|
128
129
|
- LICENSE
|
129
130
|
- README.md
|
131
|
+
- RELEASE_NOTES.md
|
130
132
|
- Rakefile
|
131
133
|
- knife-google.gemspec
|
132
134
|
- lib/chef/knife/google_base.rb
|