knife-hitori 0.0.2 → 0.0.3

data/lib/chef/knife/hitori/version.rb

@@ -1,7 +1,7 @@
 class Chef
   class Knife
     class Hitori
-      VERSION = '0.0.2'
+      VERSION = '0.0.3'
     end
   end
 end

data/lib/chef/knife/hitori_base.rb

@@ -6,6 +6,17 @@ require 'knife-hitori'
 class Chef
   class Knife
     module HitoriBase
+      def update_environment(env)
+        Chef::Config[:environment] = nil
+        Chef::Config[:solo_environment] = env
+        %w(data_bag_path settings_path encrypted_data_bag_secret).each do |name|
+          name = name.to_sym
+          tpl_name = "#{name}_tpl".to_sym
+          if Chef::Config[tpl_name]
+            Chef::Config[name] = sprintf(Chef::Config[tpl_name], env)
+          end
+        end
+      end
     end
   end
 end

data/lib/chef/knife/hitori_bootstrap.rb

@@ -20,6 +20,7 @@ class Chef
       end
 
       def run
+        update_environment(config[:environment]) if config[:environment]
         hitori_prepare = Chef::Knife::HitoriPrepare.new
         hitori_prepare.config = config.dup
         hitori_prepare.run

data/lib/chef/knife/hitori_cook.rb

@@ -17,10 +17,6 @@ class Chef
         require 'fog'
       end
 
-      option :local,
-             :long => '--local',
-             :description => 'run chef-solo locally'
-
       option :install_chef,
              :long => '--install-chef',
              :description => 'Install chef before run cookbook. This process usually have done by hitori-prepare.'
@@ -46,55 +42,32 @@ class Chef
              :description => 'specify a server by Public IP Address'
 
       def run
-        if config[:local]
-          run_local
-        else
-          run_remote
-        end
-      end
-
-      def run_local
-        Chef::Config[:environment] = nil
         update_environment(config[:environment]) if config[:environment]
-        Chef::Config[:solo] = true
-        @chef_solo = Chef::Client.new(json_attrs)
-        @chef_solo.run
-      end
-
-      def update_environment(env)
-        Chef::Config[:solo_environment] = env
-        %w(data_bag_path settings_path encrypted_data_bag_secret).each do |name|
-          name = name.to_sym
-          tpl_name = "#{name}_tpl".to_sym
-          if Chef::Config[tpl_name]
-            Chef::Config[name] = sprintf(Chef::Config[tpl_name], env)
-          end
-        end
+        run_remote
       end
 
-
-      # @return [Hash]
-      def json_attrs
-        attrs = load_settings || {}
-        # Chef::Mixin::DeepMerge.merge(normal_attrs,normal_attrs_to_merge)
-
-        # Update run_list
-        run_list = new_run_list
-        unless run_list.empty?
-          attrs['run_list'] = run_list
-        end
-        #
-        attrs
-      end
-
-      def load_settings
-        path = Chef::Config[:settings_path]
-        if ::File.exists?(path)
-          return JSON.parse(::File.read(path))
-        end
-        ui.warn "#{path} is not found!!" if path
-        {}
-      end
+      ## @return [Hash]
+      #def json_attrs
+      #  attrs = load_settings || {}
+      #  # Chef::Mixin::DeepMerge.merge(normal_attrs,normal_attrs_to_merge)
+      #
+      #  # Update run_list
+      #  run_list = new_run_list
+      #  unless run_list.empty?
+      #    attrs['run_list'] = run_list
+      #  end
+      #  #
+      #  attrs
+      #end
+      #
+      #def load_settings
+      #  path = Chef::Config[:settings_path]
+      #  if ::File.exists?(path)
+      #    return JSON.parse(::File.read(path))
+      #  end
+      #  ui.warn "#{path} is not found!!" if path
+      #  {}
+      #end
 
       def new_run_list
         run_list = []
@@ -103,7 +76,6 @@ class Chef
         run_list
       end
 
-
       #########################################################
       ########################################################
       def run_remote(server_list=nil)

data/lib/chef/knife/hitori_data_bag_dec.rb

@@ -13,6 +13,7 @@ class Chef
              :description => 'A file containing the secret key to use to encrypt data bag item values'
 
       def run
+        update_environment(config[:environment]) if config[:environment]
         config[:bag], config[:item] = @name_args
         exit 1 unless validate
 
@@ -20,7 +21,9 @@ class Chef
       end
 
       def decrypt_data_bag
+        ui.info ui.color("Use SECRET_FILE '#{secret_file_path}'", :green)
         secret = Chef::EncryptedDataBagItem.load_secret(secret_file_path)
+        ui.info ui.color("Decrypt DataBag #{Chef::Config[:data_bag_path]}/#{config[:bag]}/#{config[:item]}.json", :green)
         spr_creds = Chef::EncryptedDataBagItem.load(config[:bag], config[:item], secret)
         puts JSON.pretty_generate(spr_creds.to_hash)
       end

data/lib/chef/knife/hitori_data_bag_enc.rb

@@ -5,7 +5,7 @@ require 'chef/knife/hitori_base'
 class Chef
   class Knife
     class HitoriDataBagEnc < Knife
-      banner 'knife hitori data bag enc BAG ITEM (options)'
+      banner 'knife hitori data bag enc BAG ITEM -j JSON_FILE (options)'
       include HitoriBase
 
       option :json_file,
@@ -17,6 +17,7 @@ class Chef
              :description => 'A file containing the secret key to use to encrypt data bag item values'
 
       def run
+        update_environment(config[:environment]) if config[:environment]
         config[:bag], config[:item] = @name_args
         exit 1 unless validate
 
@@ -27,6 +28,7 @@ class Chef
         data_bag_path = Chef::Config[:data_bag_path]
         secret = Chef::EncryptedDataBagItem.load_secret(secret_file_path)
         data = JSON.parse(File.read(config[:json_file]))
+        exit 1 unless check_data(data)
         encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
         bag_dir = "#{data_bag_path}/#{config[:bag]}"
         FileUtils.mkpath(bag_dir)
@@ -35,6 +37,14 @@ class Chef
         ui.info ui.color("Created encrypted data bag item at #{write_path}", :green)
       end
 
+      def check_data(data)
+        unless data['id'] == config[:item]
+          ui.error ui.color(%Q|ITEM=#{config[:item]} must have {"id": "#{config[:item]}"}, but #{config[:json_file]} does not.|)
+          return false
+        end
+        return true
+      end
+
       def secret_file_path
         config[:secret_file] || Chef::Config[:encrypted_data_bag_secret]
       end

data/lib/chef/knife/hitori_file_dec.rb

@@ -0,0 +1,65 @@
+# coding: utf-8
+
+require 'chef/knife/hitori_base'
+require 'knife-hitori/lib/crypt_util'
+
+class Chef
+  class Knife
+    class HitoriFileDec < Knife
+      banner 'knife hitori file dec -i IN_FILE -o OUT_FILE (options)'
+      include HitoriBase
+      include KnifeHitori::CryptUtil
+
+      option :in_file,
+             :short => '-i IN_FILE',
+             :description => 'A file for decryption'
+
+      option :out_file,
+             :short => '-o OUT_FILE',
+             :description => 'A file for store decrypted file'
+
+      option :secret_file,
+             :long => '--secret-file SECRET_FILE',
+             :description => 'A file containing the secret key to use to encrypt data bag item values'
+
+      def run
+        update_environment(config[:environment]) if config[:environment]
+        exit 1 unless validate
+
+        secret = Chef::EncryptedDataBagItem.load_secret(secret_file_path)
+        data = File.read(config[:in_file])
+        File.write(config[:out_file], decrypt(JSON.parse(data), secret))
+        ui.info ui.color("Saved in #{config[:out_file]}", :green)
+      end
+
+      def secret_file_path
+        config[:secret_file] || Chef::Config[:encrypted_data_bag_secret]
+      end
+
+      def validate
+        unless config[:in_file]
+          ui.error '-i IN_FILE must be specified'
+          return false
+        end
+
+        unless ::File.exists?(config[:in_file])
+          ui.error "IN_FILE: #{config[:in_file]} not found"
+          return false
+        end
+
+        unless config[:out_file]
+          ui.error '-o OUT_FILE must be specified'
+          return false
+        end
+
+        unless ::File.exists?(secret_file_path)
+          ui.error 'No secret key file is found.'
+          return false
+        end
+
+        return true
+      end
+    end
+  end
+end
+

data/lib/chef/knife/hitori_file_enc.rb

@@ -0,0 +1,64 @@
+# coding: utf-8
+
+require 'chef/knife/hitori_base'
+require 'knife-hitori/lib/crypt_util'
+
+class Chef
+  class Knife
+    class HitoriFileEnc < Knife
+      banner 'knife hitori file enc -i IN_FILE -o OUT_FILE (options)'
+      include HitoriBase
+      include KnifeHitori::CryptUtil
+
+      option :in_file,
+             :short => '-i IN_FILE',
+             :description => 'A file for encryption'
+
+      option :out_file,
+             :short => '-o OUT_FILE',
+             :description => 'A file for store encrypted file'
+
+      option :secret_file,
+             :long => '--secret-file SECRET_FILE',
+             :description => 'A file containing the secret key to use to encrypt data bag item values'
+
+      def run
+        update_environment(config[:environment]) if config[:environment]
+        exit 1 unless validate
+
+        secret = Chef::EncryptedDataBagItem.load_secret(secret_file_path)
+        data = File.read(config[:in_file])
+        File.write(config[:out_file], JSON.dump(encrypt(data, secret)))
+        ui.info ui.color("Saved in #{config[:out_file]}", :green)
+      end
+
+      def secret_file_path
+        config[:secret_file] || Chef::Config[:encrypted_data_bag_secret]
+      end
+
+      def validate
+        unless config[:in_file]
+          ui.error '-i IN_FILE must be specified'
+          return false
+        end
+
+        unless ::File.exists?(config[:in_file])
+          ui.error "IN_FILE: #{config[:in_file]} not found"
+          return false
+        end
+
+        unless config[:out_file]
+          ui.error '-o OUT_FILE must be specified'
+          return false
+        end
+
+        unless ::File.exists?(secret_file_path)
+          ui.error 'No secret key file is found. Please "knife hitori key create" first.'
+          return false
+        end
+        return true
+      end
+    end
+  end
+end
+

data/lib/chef/knife/hitori_key_create.rb

@@ -0,0 +1,36 @@
+# coding: utf-8
+
+require 'chef/knife/hitori_base'
+
+class Chef
+  class Knife
+    class HitoriKeyCreate < Knife
+      banner 'knife hitori key create (options)'
+      include HitoriBase
+
+      def run
+        update_environment(config[:environment]) if config[:environment]
+        create_key
+      end
+
+      def create_key
+        secret_file_path = Chef::Config[:encrypted_data_bag_secret]
+        if ::File.exists?(secret_file_path)
+          yes = ui.confirm("#{secret_file_path} already exists.\nOVERWRITE this?")
+          return unless yes
+        end
+        do_create_key(secret_file_path)
+      end
+
+      def do_create_key(secret_file_path)
+        FileUtils.mkpath(::File.dirname(secret_file_path))
+        key = [OpenSSL::Random.random_bytes(512)].pack('m0')
+        data = (1..key.size/64).inject(key) {|x,i| x.insert(i*64+i-1, "\n")} + "\n"
+        ::File.write(secret_file_path, data)
+        ui.info ui.color("save secret key to #{secret_file_path}", :green)
+      end
+
+    end
+  end
+end
+

data/lib/chef/knife/hitori_prepare.rb

@@ -19,6 +19,7 @@ class Chef
       end
 
       def run
+        update_environment(config[:environment]) if config[:environment]
         conf = ask_ec2_config_all(Chef::Config.knife, true)
         ec2 = setup_knife_ec2(conf)
         ec2.run

data/lib/knife-hitori/lib/crypt_util.rb

@@ -0,0 +1,22 @@
+# coding: utf-8
+
+module KnifeHitori
+  module CryptUtil
+    require 'chef/encrypted_data_bag_item'
+
+    # @param [Hash] data
+    # @param [String] secret
+    # @return [String]
+    def decrypt(data, secret)
+      Chef::EncryptedDataBagItem::Decryptor.for(data, secret.strip).for_decrypted_item
+    end
+
+    # @param [String] data
+    # @param [String] secret
+    # @return [Hash]
+    def encrypt(data, secret)
+      Chef::EncryptedDataBagItem::Encryptor.new(data, secret.strip).for_encrypted_item
+    end
+  end
+end
+

data/lib/knife-hitori/resources/do_cook.sh

@@ -33,5 +33,7 @@ if [ -e $RBENV_FILE ]; then
     . $RBENV_FILE
 fi
 
+echo "CHEF_ENV=${CHEF_ENV}"
+export CHEF_ENV
 echo chef-solo -c $SOLO -j $SERVER_JSON $OPTIONS
 chef-solo -c $SOLO -j $SERVER_JSON $OPTIONS

data/lib/knife-hitori/resources/knife.erb

@@ -32,3 +32,8 @@ config_files.each do |name|
   Chef::Config.from_file(filename) if File.exists?(filename)
 end
 
+if $DEBUG
+    puts '-' * 50
+    p Chef::Config
+    puts '-' * 50
+end

data/spec/knife/hitori_base_spec.rb

@@ -0,0 +1,29 @@
+# coding: utf-8
+
+require 'fileutils'
+
+require 'spec_helper'
+
+require 'chef/knife/hitori_base'
+
+
+describe 'hitori_base' do
+  before do
+    @obj = Object.new
+    @obj.extend Chef::Knife::HitoriBase
+  end
+
+  describe :update_environment do
+    before(:each) do
+      Chef::Config[:data_bag_path_tpl] = 'databag/%s'
+      Chef::Config[:settings_path_tpl] = 'settings/%s'
+      Chef::Config[:encrypted_data_bag_secret_tpl] = 'enc/%s'
+      @obj.update_environment('my_env')
+    end
+
+    subject {Chef::Config}
+    its(:data_bag_path) {should == 'databag/my_env'}
+    its(:settings_path) {should == 'settings/my_env'}
+    its(:encrypted_data_bag_secret) {should == 'enc/my_env'}
+  end
+end

data/spec/knife/hitori_config_spec.rb

@@ -11,6 +11,7 @@ describe 'hitori_config' do
   before do
     Chef::Knife::HitoriConfig.load_deps
     @obj = Chef::Knife::HitoriConfig.new
+    @obj.ui.stub(:info, :msg)
     setup_interactive_response
   end
 

data/spec/knife/hitori_cook_spec.rb

@@ -30,30 +30,12 @@ describe 'hitori_cook' do
       }
     end
 
-    it 'should call run_local if config[:local]' do
-      @obj.should_receive(:run_local)
-      @obj.config[:local] = true
-      @obj.run
-    end
-
-    it 'should call run_remote if not config[:local]' do
+    it 'should call run_remote' do
       @obj.should_receive(:run_remote)
-      @obj.config[:local] = nil
       @obj.run
     end
   end
 
-  describe :run_local do
-    it 'should call ChefClient.run' do
-      @obj.config[:environment] = nil
-      chef_client = double('chef_client')
-      Chef::Client.should_receive(:new).with({json: 'attrs'}).and_return(chef_client)
-      @obj.stub(:json_attrs => {json: 'attrs'})
-      chef_client.should_receive(:run)
-      @obj.run_local
-    end
-  end
-
   describe :update_environment do
     before(:each) do
       Chef::Config[:data_bag_path_tpl] = 'databag/%s'
@@ -68,26 +50,26 @@ describe 'hitori_cook' do
     its(:encrypted_data_bag_secret) {should == 'enc/my_env'}
   end
 
-  describe :json_attrs do
-    before() do
-      @data = {'my' => 'data', 'run_list' => 'role[magic]'}
-      temp = Tempfile.open('hitori-')
-      Chef::Config[:settings_path] = temp.path
-      temp.write JSON.dump(@data)
-      temp.close
-    end
-
-    it 'should return json data of Config[:settings_path]' do
-      @obj.json_attrs.should == @data
-    end
-
-    it 'should update run_list if options is specified' do
-      @obj.config[:recipes] = 'cat'
-      @obj.config[:roles] = 'dog'
-      ret = @obj.json_attrs
-      ret['run_list'].sort.should == %w(recipe[cat] role[dog]).sort
-    end
-  end
+  #describe :json_attrs do
+  #  before() do
+  #    @data = {'my' => 'data', 'run_list' => 'role[magic]'}
+  #    temp = Tempfile.open('hitori-')
+  #    Chef::Config[:settings_path] = temp.path
+  #    temp.write JSON.dump(@data)
+  #    temp.close
+  #  end
+  #
+  #  it 'should return json data of Config[:settings_path]' do
+  #    @obj.json_attrs.should == @data
+  #  end
+  #
+  #  it 'should update run_list if options is specified' do
+  #    @obj.config[:recipes] = 'cat'
+  #    @obj.config[:roles] = 'dog'
+  #    ret = @obj.json_attrs
+  #    ret['run_list'].sort.should == %w(recipe[cat] role[dog]).sort
+  #  end
+  #end
 
   describe :new_run_list do
     before(:each) do
@@ -167,8 +149,4 @@ describe 'hitori_cook' do
       ret.should == nil
     end
   end
-
-
-
-
 end

data/spec/knife/hitori_data_bag_dec_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+require 'chef/knife/hitori_data_bag_dec'
+
+describe 'HitoriDataBagDec' do
+  before do
+    Chef::Knife::HitoriDataBagDec.load_deps
+    @obj = Chef::Knife::HitoriDataBagDec.new
+    @obj.name_args = %w(MY_BAG MY_ITEM)
+    Chef::Config[:encrypted_data_bag_secret] = '/tmp/enc.key'
+  end
+
+  describe :run do
+    it 'should call update_environment' do
+      @obj.config[:environment] = 'apple'
+      @obj.should_receive(:update_environment).with('apple')
+      common_run
+    end
+
+    it 'should not call update_environment' do
+      @obj.config[:environment] = nil
+      @obj.should_not_receive(:update_environment)
+      common_run
+    end
+
+    def common_run
+      @obj.should_receive(:decrypt_data_bag)
+      @obj.run
+    end
+  end
+end

data/spec/knife/hitori_data_bag_enc_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+require 'chef/knife/hitori_data_bag_enc'
+
+describe 'HitoriDataBagEnc' do
+  before do
+    Chef::Knife::HitoriDataBagEnc.load_deps
+    @obj = Chef::Knife::HitoriDataBagEnc.new
+    @obj.name_args = %w(MY_BAG MY_ITEM)
+    @obj.config[:json_file] = 'my.json'
+    Chef::Config[:encrypted_data_bag_secret] = '/tmp/enc.key'
+  end
+
+  describe :run do
+    it 'should call update_environment if config[:environment]' do
+      @obj.config[:environment] = 'apple'
+      @obj.should_receive(:update_environment).with('apple')
+      common_run
+    end
+
+    it 'should not call update_environment if not config[:environment]' do
+      @obj.config[:environment] = nil
+      @obj.should_not_receive(:update_environment)
+      common_run
+    end
+
+    def common_run
+      @obj.should_receive(:create_data_bag)
+      @obj.run
+    end
+  end
+
+  describe :create_data_bag do
+    it 'should write encrypted data to specific path' do
+      @obj.config[:bag], @obj.config[:item] = @obj.name_args
+      Chef::Config[:data_bag_path] = '/tmp/data_bag'
+      Chef::EncryptedDataBagItem.should_receive(:load_secret) {'sec'}
+      File.should_receive(:read).with(@obj.config[:json_file]) {'{"a": 9}'}
+      @obj.should_receive(:check_data).and_return(true)
+      Chef::EncryptedDataBagItem.should_receive(:encrypt_data_bag_item) {
+        enc_data = double('enc_data')
+        enc_data.should_receive(:to_json) {'enc_to_json'}
+        enc_data
+      }
+      File.should_receive(:write).with('/tmp/data_bag/MY_BAG/MY_ITEM.json', 'enc_to_json')
+      @obj.create_data_bag
+    end
+
+  end
+end

data/spec/knife/hitori_prepare_spec.rb

@@ -11,6 +11,7 @@ describe 'hitori_prepare' do
   before do
     Chef::Knife::HitoriPrepare.load_deps
     @obj = Chef::Knife::HitoriPrepare.new
+    @obj.ui.stub(:info, :msg)
   end
 
   describe :run do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: knife-hitori
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-07 00:00:00.000000000 Z
+date: 2013-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -128,9 +128,13 @@ files:
 - lib/chef/knife/hitori_cook.rb
 - lib/chef/knife/hitori_data_bag_dec.rb
 - lib/chef/knife/hitori_data_bag_enc.rb
+- lib/chef/knife/hitori_file_dec.rb
+- lib/chef/knife/hitori_file_enc.rb
 - lib/chef/knife/hitori_hello.rb
+- lib/chef/knife/hitori_key_create.rb
 - lib/chef/knife/hitori_prepare.rb
 - lib/knife-hitori.rb
+- lib/knife-hitori/lib/crypt_util.rb
 - lib/knife-hitori/lib/interactive_configure.rb
 - lib/knife-hitori/lib/run_remote_cook.rb
 - lib/knife-hitori/resources/centos_bootstrap.erb
@@ -142,9 +146,12 @@ files:
 - refs/run_chef_solo.sh
 - refs/util/create_encrypt_databag.rb
 - refs/util/crypt_file.rb
+- spec/knife/hitori_base_spec.rb
 - spec/knife/hitori_bootstrap_spec.rb
 - spec/knife/hitori_config_spec.rb
 - spec/knife/hitori_cook_spec.rb
+- spec/knife/hitori_data_bag_dec_spec.rb
+- spec/knife/hitori_data_bag_enc_spec.rb
 - spec/knife/hitori_hello_spec.rb
 - spec/knife/hitori_prepare_spec.rb
 - spec/spec_helper.rb
@@ -174,9 +181,12 @@ signing_key:
 specification_version: 3
 summary: knife subcommand
 test_files:
+- spec/knife/hitori_base_spec.rb
 - spec/knife/hitori_bootstrap_spec.rb
 - spec/knife/hitori_config_spec.rb
 - spec/knife/hitori_cook_spec.rb
+- spec/knife/hitori_data_bag_dec_spec.rb
+- spec/knife/hitori_data_bag_enc_spec.rb
 - spec/knife/hitori_hello_spec.rb
 - spec/knife/hitori_prepare_spec.rb
 - spec/spec_helper.rb