knife-tidy 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -1
- data/lib/chef/knife/tidy_backup_clean.rb +1 -0
- data/lib/chef/knife/tidy_notify.rb +5 -0
- data/lib/chef/knife/tidy_server_report.rb +14 -2
- data/lib/chef/tidy_acls.rb +36 -0
- data/lib/chef/tidy_common.rb +2 -0
- data/lib/knife-tidy/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea6f3ab3ae6f2d01e70092c6df3e6ef4496b70bb
|
|
4
|
+
data.tar.gz: a5b9ba72970cbf016296c590a4177e23b07a4e82
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 58fcda1b011c58c583535b929e56e7c50f37853b168544926886c71e373896dc3b985d454c85cd51e9035d41fdd472411cffc9d03876a74a1f0f3a9a972d0005
|
|
7
|
+
data.tar.gz: a87916d53272aa57ecaa8ef5a628cef0aaca192825bca03dab4a476660f2e803aec7e14f7fd486b6999ba2fb83d2cae068d453fc8828a06c949ee692dce5f23b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [0.7.0](https://github.com/chef-customers/knife-tidy/tree/0.7.0) (2017-11-29)
|
|
4
|
+
[Full Changelog](https://github.com/chef-customers/knife-tidy/compare/0.6.1...0.7.0)
|
|
5
|
+
|
|
6
|
+
**Closed issues:**
|
|
7
|
+
|
|
8
|
+
- Users/clients from backups older than CS 12.5 may be missing read acls on clients [\#63](https://github.com/chef-customers/knife-tidy/issues/63)
|
|
9
|
+
- notify subcommand ignores --orgs option [\#59](https://github.com/chef-customers/knife-tidy/issues/59)
|
|
10
|
+
|
|
11
|
+
**Merged pull requests:**
|
|
12
|
+
|
|
13
|
+
- Add admins/users groups to the read acl for clients from \< CS 12.5 [\#64](https://github.com/chef-customers/knife-tidy/pull/64) ([itmustbejj](https://github.com/itmustbejj))
|
|
14
|
+
- Restore acls for ::server-admins and org read access groups if they a… [\#61](https://github.com/chef-customers/knife-tidy/pull/61) ([itmustbejj](https://github.com/itmustbejj))
|
|
15
|
+
- Filter email notifications on org\_list config option. [\#60](https://github.com/chef-customers/knife-tidy/pull/60) ([itmustbejj](https://github.com/itmustbejj))
|
|
16
|
+
- Set default encoding to utf-8 to properly handle non-ascii in backups. [\#58](https://github.com/chef-customers/knife-tidy/pull/58) ([itmustbejj](https://github.com/itmustbejj))
|
|
17
|
+
- Add check for pre-12.3 nodes to report generation… [\#57](https://github.com/chef-customers/knife-tidy/pull/57) ([jonlives](https://github.com/jonlives))
|
|
18
|
+
- bump path to 0.6.1 [\#55](https://github.com/chef-customers/knife-tidy/pull/55) ([jeremymv2](https://github.com/jeremymv2))
|
|
19
|
+
|
|
3
20
|
## [0.6.1](https://github.com/chef-customers/knife-tidy/tree/0.6.1) (2017-10-26)
|
|
4
21
|
[Full Changelog](https://github.com/chef-customers/knife-tidy/compare/0.6.0...0.6.1)
|
|
5
22
|
|
|
@@ -177,4 +194,4 @@
|
|
|
177
194
|
|
|
178
195
|
|
|
179
196
|
|
|
180
|
-
\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
|
|
197
|
+
\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
|
|
@@ -65,6 +65,11 @@ class Chef
|
|
|
65
65
|
|
|
66
66
|
# Fetch list of organisation names from reports directory
|
|
67
67
|
org_names = reports_files.map{|r_file|r_file.split("/").last.split("_").first}.sort.uniq
|
|
68
|
+
if config[:org_list]
|
|
69
|
+
filter_orgs = config[:org_list].split(',')
|
|
70
|
+
# Take the intersection of org_names and filter_orgs
|
|
71
|
+
org_names &= filter_orgs
|
|
72
|
+
end
|
|
68
73
|
|
|
69
74
|
reports = {}
|
|
70
75
|
|
|
@@ -29,6 +29,7 @@ class Chef
|
|
|
29
29
|
all_orgs
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
pre_12_3_nodes = []
|
|
32
33
|
stale_orgs = []
|
|
33
34
|
node_threshold = config[:node_threshold].to_i
|
|
34
35
|
|
|
@@ -39,6 +40,13 @@ class Chef
|
|
|
39
40
|
used_cookbooks = {}
|
|
40
41
|
nodes = nodes_list(org)
|
|
41
42
|
|
|
43
|
+
nodes.each do |node|
|
|
44
|
+
chef_version = Chef::VersionString.new(node['chef_packages']['chef']['version'])
|
|
45
|
+
if chef_version < "12.3"
|
|
46
|
+
pre_12_3_nodes << node['name']
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
42
50
|
nodes.select{|node| !node['cookbooks'].nil?}.each do |node|
|
|
43
51
|
node['cookbooks'].each do |name, version_hash|
|
|
44
52
|
version = Gem::Version.new(version_hash['version']).to_s
|
|
@@ -65,10 +73,13 @@ class Chef
|
|
|
65
73
|
stale_nodes_hash = {'threshold_days': node_threshold, 'org_total_node_count': nodes.count, 'count': stale_nodes.count, 'list': stale_nodes}
|
|
66
74
|
stale_orgs.push(org) if stale_nodes.count == nodes.count
|
|
67
75
|
|
|
68
|
-
tidy.write_new_file(unused_cookbooks(used_cookbooks, cb_list), ::File.join(tidy.reports_dir, "#{org}_unused_cookbooks.json"))
|
|
69
76
|
tidy.write_new_file(unused_cookbooks(used_cookbooks, cb_list), ::File.join(tidy.reports_dir, "#{org}_unused_cookbooks.json"))
|
|
70
77
|
tidy.write_new_file(version_count, ::File.join(tidy.reports_dir, "#{org}_cookbook_count.json"))
|
|
71
78
|
tidy.write_new_file(stale_nodes_hash, ::File.join(tidy.reports_dir, "#{org}_stale_nodes.json"))
|
|
79
|
+
|
|
80
|
+
if pre_12_3_nodes.length > 0
|
|
81
|
+
ui.warn "#{pre_12_3_nodes.length} nodes have been detected in the organization #{org} running chef-client versions prior to 12.3 - this means that the list of stale cookbooks for these nodes may not have been correctly calculated and your report may not be complete for this organization."
|
|
82
|
+
end
|
|
72
83
|
end
|
|
73
84
|
|
|
74
85
|
completion_message
|
|
@@ -95,7 +106,8 @@ class Chef
|
|
|
95
106
|
:filter_result => {
|
|
96
107
|
'name' => ['name'],
|
|
97
108
|
'cookbooks' => ['cookbooks'],
|
|
98
|
-
'ohai_time' => ['ohai_time']
|
|
109
|
+
'ohai_time' => ['ohai_time'],
|
|
110
|
+
'chef_packages' => ['chef_packages']
|
|
99
111
|
}
|
|
100
112
|
) do |node|
|
|
101
113
|
node_results << node
|
data/lib/chef/tidy_acls.rb
CHANGED
|
@@ -142,6 +142,33 @@ class Chef
|
|
|
142
142
|
write_new_file(acl, acl_file)
|
|
143
143
|
end
|
|
144
144
|
|
|
145
|
+
# Appends the proper acls for ::server-admins and the org's read access group if they are missing.
|
|
146
|
+
def ensure_global_group_acls(acl_file)
|
|
147
|
+
acl = FFI_Yajl::Parser.parse(::File.read(acl_file), symbolize_names: false)
|
|
148
|
+
acl_ops.each do |op|
|
|
149
|
+
unless acl[op]['groups'].include? '::server-admins'
|
|
150
|
+
puts "REPAIRING: Adding #{op} acl for ::server-admins in #{acl_file}"
|
|
151
|
+
acl[op]['groups'].push('::server-admins')
|
|
152
|
+
end
|
|
153
|
+
if op == 'read' && !acl[op]['groups'].include?("::#{@org}_read_access_group")
|
|
154
|
+
puts "REPAIRING: Adding #{op} acl for ::#{@org}_read_access_group in #{acl_file}"
|
|
155
|
+
acl[op]['groups'].push("::#{@org}_read_access_group")
|
|
156
|
+
end
|
|
157
|
+
end
|
|
158
|
+
write_new_file(acl, acl_file)
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
def ensure_client_read_acls(acl_file)
|
|
162
|
+
acl = FFI_Yajl::Parser.parse(::File.read(acl_file), symbolize_names: false)
|
|
163
|
+
%w(users admins).each do | group |
|
|
164
|
+
unless acl['read']['groups'].include? group
|
|
165
|
+
puts "REPAIRING: Adding read acl for #{group} in #{acl_file}"
|
|
166
|
+
acl['read']['groups'].push(group)
|
|
167
|
+
end
|
|
168
|
+
end
|
|
169
|
+
write_new_file(acl, acl_file)
|
|
170
|
+
end
|
|
171
|
+
|
|
145
172
|
def validate_acls
|
|
146
173
|
org_acls.each do |acl_file|
|
|
147
174
|
acl = FFI_Yajl::Parser.parse(::File.read(acl_file), symbolize_names: false)
|
|
@@ -168,6 +195,7 @@ class Chef
|
|
|
168
195
|
@members.each do |member|
|
|
169
196
|
user_acl_path = ::File.join(@tidy.user_acls_path, "#{member[:user][:username]}.json")
|
|
170
197
|
user_acl = FFI_Yajl::Parser.parse(::File.read(user_acl_path), symbolize_names: false)
|
|
198
|
+
ensure_global_group_acls(user_acl_path)
|
|
171
199
|
actors_groups = acl_actors_groups(user_acl)
|
|
172
200
|
actors_groups[:groups].each do |group|
|
|
173
201
|
if invalid_group?(group)
|
|
@@ -176,5 +204,13 @@ class Chef
|
|
|
176
204
|
end
|
|
177
205
|
end
|
|
178
206
|
end
|
|
207
|
+
|
|
208
|
+
def validate_client_acls
|
|
209
|
+
@clients.each do |client|
|
|
210
|
+
client_acl_path = ::File.join(@tidy.org_acls_path(@org), 'clients', "#{client[:name]}.json")
|
|
211
|
+
client_acl = FFI_Yajl::Parser.parse(::File.read(client_acl_path), symbolize_names: false)
|
|
212
|
+
ensure_client_read_acls(client_acl_path)
|
|
213
|
+
end
|
|
214
|
+
end
|
|
179
215
|
end
|
|
180
216
|
end
|
data/lib/chef/tidy_common.rb
CHANGED
data/lib/knife-tidy/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: knife-tidy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Miller
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|