knife-google 1.2.0 → 1.3.1

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NDBmNTIyNjhmNzNlYzBkNjQxMGEwYzQzOWMzM2E4MGE5MmYzZjU4YQ==
+    ZTFlMWVhYzJkYjU0NmRhNGFmNThmZmQwZjc2Y2JlYmZkMzMxMDc5Yw==
   data.tar.gz: !binary |-
-    M2EzNGQ1NWE2NzJiYjUwMzgwMjliYWM2MjQ3Njg1YjY1ZGY1OWQ4NQ==
+    ODk4M2I4ODEwYjkwNzg3ODI4ZTIzNmM1NDllMWNhNmU2MmE0OTI0Nw==
 SHA512:
   metadata.gz: !binary |-
-    YmUyZmFlMGIyM2EwYzFkM2ZiODFmYTYzMjA5NDNjZDM5NTA2M2MxYWI0N2Rh
-    YmY5YmM4MjQzM2E1MDZlMzM0NDkzYTdmNzc5MTAyNGU4NjgyOWVjZWZhMzZm
-    NjliMTVmOTRhMTlkMmM0OGMzYjYxMzIxZTY5NTcxNzcxNjdjNmU=
+    NDBiZDgyMGU4NmIzNTAzNmFiYmVjODg2ZGJlNzZiNTBmNzJhODlhOTk3NWE3
+    NTA0ZTI4NzZmOTIzMTFhZGMzNzIwY2RlYTIzMmUxNTA2ZjViZDAxZjUwZDM5
+    NTg0MjQ2YzIxZGVhMzY5N2YzZDNmYTExNThlZDM4YmMyOTI2NjM=
   data.tar.gz: !binary |-
-    NmYxODc2MjRkNDM2NGNlMmRlYTU3MzZlZTQ5YjY1ZmZhMGYwZTI5ZDhkNTRk
-    NzczODgwMTI4M2Q5ZGE4MWY3ZmZlOWY0YzcxZTdkYjhmZTA4ZWE0MmM0NDgy
-    ZDg0YzhlOThiMzBkMjlkODQyZDAyMjg4ZTZjYTNjMzIxYmIxZjU=
+    MjQ0MDU5YmUyYjFlYWVlNTJkYzQyOTcxZjY0M2M2N2MxZDJkNzJjYzBkMDc4
+    MGZjODIyYjA4M2M4NDBiNTQ2OGI0YWZkYjE3NTQwNTA4MGI3ZTk0YTZhMjky
+    ODkzY2Q0YzhjNWI4NDQwNDRmMGQzNjY1MzY3NDE1NjFmOWJmNTc=

data/CHANGELOG.md

@@ -0,0 +1,14 @@
+# knife-google Change Log
+
+## Unreleased: 
+
+None
+
+## Last Release 1.3.1 (04/24/2014)
+
+* Refresh access token (KNIFE-473)
+
+
+## Release: 1.2.0 (02/17/2014)
+
+See source control commit history for earlier changes.

data/README.md

@@ -99,11 +99,11 @@ with root/Administrator privileges.
 
 For initial setup, you must first have created your Google Cloud Platform
 project, enabled Google Compute Engine, and set up the Client ID described
-above.  Run the 'setup' sub-command and supply the Project ID (not your
-project name or number), the Client ID, client secret, and authorization
-tokens when prompted.  It will also prompt you to open a URL in a browser.
-Make sure sure the you are logged in with the Google account associated
-with the project and client id/secrete in order to authorize the plugin.
+above.  Run the 'setup' sub-command and supply the Project ID, the Client
+ID, Client secret, and authorization tokens when prompted. It will also
+prompt you to open a URL in a browser. Make sure sure the you are logged
+in with the Google account associated with the project and client
+id/secrete in order to authorize the plugin.
 
   ```sh
   knife google setup
@@ -148,7 +148,7 @@ Some usage examples follow:
   $ knife google zone list
 
   # List all servers (including those that may not be managed by Chef)
-  $ knife google server list -Z us-central2-a
+  $ knife google server list -Z us-central1-a
 
   # Create a server
   $ knife google server create www1 -m n1-standard-1 -I debian-7-wheezy-v20131120 -Z us-central1-a -i ~/.ssh/id_rsa -x jdoe
@@ -157,7 +157,7 @@ Some usage examples follow:
   $ knife google server create www1 -m n1-standard-1 -I debian-7-wheezy-v20131120 -Z us-central1-a -i ~/.ssh/id_rsa -x jdoe --gce-service-account-scopes https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/devstorage.full_control
 
   # Delete a server (along with Chef node and API client via --purge)
-  $ knife google server delete www1 --purge -Z us-central2-a
+  $ knife google server delete www1 --purge -Z us-central1-a
   ```
 
 For a full list of commands, run `knife google` without additional arguments:
@@ -243,7 +243,6 @@ The output for `knife google zone list` should look similar to:
   europe-west1-b  up      -            2014-03-15 12:00:00 -0700 to 2014-03-30 12:00:00 -0700
   us-central1-a   up      -            -
   us-central1-b   up      -            -
-  us-central2-a   up      -            2013-12-31 12:00:00 -0800 to 2014-07-01 12:00:00 -0700
   ```
 
 ### knife google region list
@@ -396,6 +395,18 @@ Standard rake commands for building, installing, testing, and uninstalling the m
   $ rake uninstall
   ```
 
+## Versioning and Release Protocol
+
+Knife-google is released by the maintainer of this source repository to the gem
+repository at [RubyGems](https://rubygems.org). Releases are versioned
+according to [SemVer](http://semver.org) as much as possible, with a specific
+provision for GCE API changes:
+
+* When the implementation of knife-google switches to a new GCE API revision,
+  the minor version **MUST** be incremented.
+
+The version number of the release is simply the gem version. All releases to RubyGems **MUST** be tagged in git with the version number of the release.
+
 ## Contributing
   * See [CONTRIB.md](https://github.com/opscode/knife-google/blob/master/CONTRIB.md)
 

data/RELEASE_NOTES.md

@@ -0,0 +1,27 @@
+<!---
+This file is reset every time a new release is done. The contents of this file are for the currently unreleased version.
+
+Example Note:
+
+## Example Heading
+Details about the thing that changed that needs to get included in the Release Notes in markdown.
+-->
+# knife-google 1.3.1 Release Notes :
+This release of knife-google contains a fix for an issue where access tokens
+could expire during long-running operations such as `knife google server
+create`. If you've experienced intermittent failures with your usage of the
+knife-google plug-in, you should consider upgrading to this version.
+
+Thanks go to Eric Johnson at Google for the fix.
+
+## knife-google on RubyGems and Github
+https://rubygems.org/gems/knife-google
+https://github.com/opscode/knife-google
+
+## Issues fixed in knife-google 1.3.1
+
+* KNIFE-473: knife-google should refresh access token
+
+## knife-google Breaking Changes:
+
+None.

data/lib/chef/knife/google_base.rb

@@ -67,6 +67,10 @@ class Chef
         }.flatten.compact
       end
 
+      def locate_config_value(key)
+        key = key.to_sym
+        config[key] || Chef::Config[:knife][key]
+      end
     end
   end
 end

data/lib/chef/knife/google_server_create.rb

@@ -201,6 +201,17 @@ class Chef
            Chef::Config[:knife][:hints][name] = path ? JSON.parse(::File.read(path)) : Hash.new
         }
 
+      option :secret,
+        :short => "-s SECRET",
+        :long => "--secret ",
+        :description => "The secret key to use to encrypt data bag item values",
+        :proc => lambda { |s| Chef::Config[:knife][:secret] = s }
+
+      option :secret_file,
+        :long => "--secret-file SECRET_FILE",
+        :description => "A file containing the secret key to use to encrypt data bag item values",
+        :proc => lambda { |sf| Chef::Config[:knife][:secret_file] = sf }
+
       def tcp_test_ssh(hostname, ssh_port)
         tcp_socket = TCPSocket.new(hostname, ssh_port)
         readable = IO.select([tcp_socket], nil, nil, 5)
@@ -307,6 +318,11 @@ class Chef
         bootstrap.config[:use_sudo] = true unless config[:ssh_user] == 'root'
         bootstrap.config[:template_file] = config[:template_file]
         bootstrap.config[:environment] = config[:environment]
+        bootstrap.config[:encrypted_data_bag_secret] = locate_config_value(:encrypted_data_bag_secret)
+        bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:encrypted_data_bag_secret_file)
+        bootstrap.config[:secret] = locate_config_value(:secret)
+        bootstrap.config[:secret_file] = locate_config_value(:secret_file)
+
         # may be needed for vpc_mode
         bootstrap.config[:host_key_verify] = config[:host_key_verify]
         # Modify global configuration state to ensure hint gets set by

data/lib/google/compute/client.rb

@@ -32,14 +32,18 @@ module Google
         api_client.authorization = authorization
         api_client.auto_refresh_token = true
         @project = project
-        @credential_file = credential_file
-        @dispatcher = APIDispatcher.new(:project=>project,:api_client=>api_client)
+        if !credential_file
+          @credential_file = File.expand_path(DEFAULT_FILE)
+        else
+          @credential_file = File.expand_path(credential_file)
+        end
+        @dispatcher = APIDispatcher.new(:project=>project, :api_client=>api_client, :credential_file=>@credential_file)
       end
 
       def self.from_json(filename = nil)
         filename ||= File.expand_path(DEFAULT_FILE)
         begin
-		credential_data = MultiJson.load(File.read(filename))
+          credential_data = MultiJson.load(File.read(filename))
         rescue
           $stdout.print "Error reading CREDENTIAL_FILE, please run 'knife google setup'\n"
           exit 1
@@ -49,11 +53,12 @@ module Google
       end
 
       def self.setup
-        $stdout.print "Enter project ID (not name or number): "
+        credential_file ||= File.expand_path(DEFAULT_FILE)
+        $stdout.print "Enter Project ID (ex: my-gce-project): "
         project = $stdin.gets.chomp
-        $stdout.print "Enter client id: "
+        $stdout.print "Enter Client ID (ex: 123abc4.apps.googleusercontent.com): "
         client_id = $stdin.gets.chomp
-        $stdout.print "Enter client secret: "
+        $stdout.print "Enter Client secret: "
         client_secret = $stdin.gets.chomp
         authorization_uri = "https://accounts.google.com/o/oauth2/auth"
         token_credential_uri ="https://accounts.google.com/o/oauth2/token"
@@ -82,27 +87,30 @@ module Google
           api_client.authorization.fetch_access_token!
         rescue Faraday::Error::ConnectionFailed => e
           raise ConnectionFail,
-            "The SSL certificates validation may not configured for this system. Please refer README to configured SSL certificates validation"\
-              if e.message.include? "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"
-        else
-          access_token = api_client.authorization.access_token
-          refresh_token = api_client.authorization.refresh_token
-          id_token = api_client.authorization.id_token
-          expires_in = api_client.authorization.expires_in
-          issued_at = api_client.authorization.issued_at.to_s
-          if !@credential_file
-              filepath = File.expand_path(DEFAULT_FILE)
-          else
-              filepath = File.expand_path(@credential_file)
-          end
-          File.open(filepath,'w+') do |f|
-            f.write(MultiJson.dump({"authorization_uri" => authorization_uri,
-              "token_credential_uri"=>"https://accounts.google.com/o/oauth2/token",
-              "scope"=>scope,"redirect_uri"=>redirect_uri, "client_id"=>client_id,
-              "client_secret"=>client_secret, "access_token"=>access_token,
-              "expires_in"=>expires_in,"refresh_token"=> refresh_token, "id_token"=>id_token,
-              "issued_at"=>issued_at,"project"=>project }, :pretty=>true))
-          end
+            "The SSL certificates validation may not configured for this system. Please refer README to configured SSL certificates validation"
+        end
+        save_credentials(project, api_client, credential_file)
+      end
+
+      def self.save_credentials(project, api_client, credential_file)
+        scope = api_client.authorization.scope
+        client_id = api_client.authorization.client_id
+        client_secret = api_client.authorization.client_secret
+        redirect_uri = api_client.authorization.redirect_uri
+        authorization_uri = "https://accounts.google.com/o/oauth2/auth"
+        access_token = api_client.authorization.access_token
+        refresh_token = api_client.authorization.refresh_token
+        id_token = api_client.authorization.id_token
+        expires_in = api_client.authorization.expires_in
+        issued_at = api_client.authorization.issued_at.to_s
+
+        File.open(credential_file,'w+') do |f|
+          f.write(MultiJson.dump({"authorization_uri" => authorization_uri,
+            "token_credential_uri"=>"https://accounts.google.com/o/oauth2/token",
+            "scope"=>scope,"redirect_uri"=>redirect_uri, "client_id"=>client_id,
+            "client_secret"=>client_secret, "access_token"=>access_token,
+            "expires_in"=>expires_in,"refresh_token"=> refresh_token, "id_token"=>id_token,
+            "issued_at"=>issued_at,"project"=>project }, :pretty=>true))
         end
       end
 
@@ -159,11 +167,12 @@ module Google
       end
 
       class APIDispatcher
-        attr_reader :project, :api_client
+        attr_reader :project, :api_client, :credential_file
 
         def initialize(opts)
           @project= opts[:project]
           @api_client = opts[:api_client]
+          @credential_file = opts[:credential_file]
         end
 
         def compute
@@ -186,6 +195,12 @@ module Google
                 raise ResourceNotFound, result.response.body 
               elsif error_code == 400
                 raise BadRequest, result.response.body 
+              elsif error_code == 401
+                # ok, our credentials aren't working, we need
+                # to get a new refresh token and retry
+                @api_client.authorization.fetch_access_token!
+                Client.save_credentials(@project, @api_client, @credential_file)
+                return dispatch(opts)
               else 
                 raise BadRequest, result.response.body 
               end

data/lib/knife-google/version.rb

@@ -14,6 +14,6 @@
 #
 module Knife
   module Google
-    VERSION = "1.2.0"
+    VERSION = "1.3.1"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: knife-google
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Chiraq Jog
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-17 00:00:00.000000000 Z
+date: 2014-04-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -123,10 +123,12 @@ extra_rdoc_files:
 files:
 - .gitignore
 - .travis.yml
+- CHANGELOG.md
 - CONTRIB.md
 - Gemfile
 - LICENSE
 - README.md
+- RELEASE_NOTES.md
 - Rakefile
 - knife-google.gemspec
 - lib/chef/knife/google_base.rb