ogre 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a4a6d483c682f21f5060bdbd3e0c1de49b3c6fff
+  data.tar.gz: 2a244953732b78a5bc112629328f8e78271f8399
+SHA512:
+  metadata.gz: 6b7bea37adf94bc417f3285e201e1f15b92efe273a7fd8734b5678ea16ae8a632bf6239f1ddb48ddf181a9240706a790f9cae2a6771bc7be84e0765c1a6c15a9
+  data.tar.gz: 1e47e713424344b4647106da1d541271465ec545a54850674f7f46b737f44ee5e97d859f58c192cab810a47404c6c0b1a5e916960427a91020c3542877481898

data/.coveralls.yml

@@ -0,0 +1 @@
+service_name: travis-ci

data/.gitignore

@@ -0,0 +1,20 @@
+/.idea/
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/vendor/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+
+*.sw?
+
+.ruby-version

data/.rubocop.yml

@@ -0,0 +1,16 @@
+AllCops:
+  Exclude:
+    - Guardfile
+    - vendor/**/*
+    - lib/ogre/skeletons/**/*
+    - tmp/**/*
+Metrics/AbcSize:
+  Enabled: false
+Metrics/LineLength:
+  Max: 120
+Metrics/MethodLength:
+  Max: 50
+Style/SpecialGlobalVars:
+  Enabled: false
+Style/FileName:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - "2.1.4"

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# gem dependencies in ogre.gemspec
+gemspec

data/README.md

@@ -0,0 +1,102 @@
+[![Build Status](https://travis-ci.org/activenetwork-automation/ogre.svg)](https://travis-ci.org/activenetwork-automation/ogre)
+[![Coverage Status](https://coveralls.io/repos/activenetwork-automation/ogre/badge.svg)](https://coveralls.io/r/activenetwork-automation/ogre)
+[![Dependency Status](https://gemnasium.com/activenetwork-automation/ogre.svg)](https://gemnasium.com/activenetwork-automation/ogre)
+[![Inline docs](http://inch-ci.org/github/activenetwork-automation/ogre.png?branch=master)](http://inch-ci.org/github/activenetwork-automation/ogre)
+
+# Ogre
+
+This gem supports organization and user management for Enterprise Chef.
+
+While this functionality already exists in [knife-opc](https://github.com/chef/knife-opc), we wanted to be able to create the chef policy repository as well and set the private key into vCenter Orchestrator all in one tool.
+
+## Installation
+
+`gem install ogre`
+
+## Configuration
+
+### ~/.ogre/config.json
+
+All of the parameters here are optional and can be passed in and/or overriden at the CLI.  As of today, the `pivotal` user is the only user able to execute certain methods via the [Chef API](https://docs.chef.io/api_chef_server.html).  The key can be found in `/etc/opscode/pivotal.pem` on the Enterprise Chef box.
+
+``` json
+{
+   "run_as":"chef_username",
+   "key_path":"/path/to/key.pem",
+   "server_url":"https://chef.url",
+   "vco_url":"https://vco.url:8281/",
+   "vco_user": "domain\\user",
+   "vco_password":"password",
+   "vco_wf_name":"vco_workflow_name",
+   "vco_verify_ssl":"false"
+}
+
+```
+
+## Usage
+ogre org-create ORG DESCRIPTION (options)
+---
+- `-p`, `--create-repo` Create Chef policy repository
+- `-P`, `--repo-path` Chef policy repo path
+- `-I`, `--license=LICENSE` Chef policy repository license
+- `-m`, `--email=EMAIL` Chef policy repository e-mail
+- `-C`, `--authors=AUTHORS` Chef policy repository authors
+
+When using `-p`, Ogre will save the Chef policy repository as ~/.ogre/ORG-chef, otherwise it will output the validator key for the new organization.
+
+ogre org-delete ORG (options)
+---
+- `-f`, `--force` Delete without confirmation
+
+ogre user-create USERNAME FIRST_NAME LAST_NAME EMAIL PASSWORD (options)
+---
+
+ogre user-delete USERNAME (options)
+---
+- `-f`, `--force` Delete without confirmation
+
+ogre associate ORG USER (options)
+---
+- `-a`, `--admin` Add user to admin group within organization
+
+ogre set-private-key CHEF_HOSTNAME CHEF_VALIDATOR_NAME KEY_PATH (options)
+---
+
+`set-private-key` is very opinionated to our needs.  We have a vco workflow called `Set Private Key` which takes in `CHEF_HOSTNAME`, `CHEF_VALIDATOR_NAME`, and `KEY_PATH`.  This is stored in Orchestrator so that our organzation has the correct permissions to bootstrap nodes.
+
+- `--vco-url` vCenter Orchestrator URL
+- `--vco-user` vCenter Orchestrator user
+- `--vco-password` vCenter Orchestrator password
+- `--vco-wf-name` vCenter Orchestrator workflow name
+- `--vco-verify-ssl` vCenter Orchestrator verify ssl
+
+## Contributing
+
+1. Fork it ( https://github.com/activenetwork-automation/ogre/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+### License and Authors
+
+- [Joe Nguyen](https://github.com/joenguyen)
+
+## License ##
+
+|                      |                                          |
+|:---------------------|:-----------------------------------------|
+| **Copyright:**       | Copyright 2015 ACTIVE Network, LLC
+| **License:**         | Apache License, Version 2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/Rakefile

@@ -0,0 +1,18 @@
+require 'bundler'
+require 'rspec/core/rake_task'
+require 'coveralls/rake/task'
+require 'yard'
+
+Bundler::GemHelper.install_tasks
+RSpec::Core::RakeTask.new(:spec)
+Coveralls::RakeTask.new
+
+task :style do
+  sh 'rubocop'
+end
+
+task :doc do
+  sh 'yard'
+end
+
+task default: [:spec, :style, :doc, 'coveralls:push']

data/bin/ogre

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'ogre/runner'
+
+Ogre::Runner.new(ARGV.dup).execute!

data/lib/ogre.rb

@@ -0,0 +1,44 @@
+require 'thor'
+require 'highline/import'
+require 'ogre/messages'
+require 'ogre/config'
+require 'ogre/base'
+require 'ogre/associate'
+require 'ogre/org-create'
+require 'ogre/org-delete'
+require 'ogre/set-private-key'
+require 'ogre/user-create'
+require 'ogre/user-delete'
+
+module Ogre
+  # Start of main CLI
+  class CLI < Thor
+    package_name 'ogre'
+    map '--version' => :version
+    map '-v' => :version
+
+    desc 'version, -v', DESC_VERSION
+    # Display the version of `ogre`
+    def version
+      puts VERSION
+    end
+
+    # rubocop:disable LineLength
+    # subcommand in Thor called as registered class
+    register(OrgCreate, 'org_create', 'org-create ' << OrgCreate.arguments.map(&:name).join(' ').upcase, DESC_CREATE)
+    register(OrgDelete, 'org_delete', 'org-delete ' << OrgDelete.arguments.map(&:name).join(' ').upcase, DESC_DELETE)
+    register(UserCreate, 'user_create', 'user-create ' << UserCreate.arguments.map(&:name).join(' ').upcase, DESC_CREATE_USER)
+    register(UserDelete, 'user_delete', 'user-delete ' << UserDelete.arguments.map(&:name).join(' ').upcase, DESC_DELETE_USER)
+    register(Associate, 'associate', 'associate ' << Associate.arguments.map(&:name).join(' ').upcase, DESC_ASSOCIATE_USERS)
+    register(SetPrivateKey, 'set_private_key', 'set-private-key ' << SetPrivateKey.arguments.map(&:name).join(' ').upcase, DESC_SET_PRIVATE_KEY)
+    # rubocop:enable LineLength
+
+    # Workarounds to include options in 'ogre help command'
+    tasks['user_create'].options = UserCreate.class_options
+    tasks['user_delete'].options = UserDelete.class_options
+    tasks['org_create'].options = OrgCreate.class_options
+    tasks['org_delete'].options = OrgDelete.class_options
+    tasks['associate'].options = Associate.class_options
+    tasks['set_private_key'].options = SetPrivateKey.class_options
+  end
+end

data/lib/ogre/associate.rb

@@ -0,0 +1,57 @@
+module Ogre
+  # Associate user to org while bypassing the association request
+  class Associate < Ogre::Base
+    include Thor::Actions
+
+    # required
+    argument :org, type: :string, desc: DESC_ORG
+    argument :user, type: :string, desc: DESC_USER
+
+    # optional
+    class_option :admin, aliases: '-a', type: :boolean, desc: DESC_ASSOCIATE_ADMIN
+
+    # Associate user to org while bypassing the association request
+    def associate
+      begin
+        # associate (invite) user
+        request_body = { user: user }
+        response = chef_rest.post_rest "organizations/#{org}/association_requests", request_body
+
+        # add (force) user to org
+        association_id = response['uri'].split('/').last
+        chef_rest.put_rest "users/#{user}/association_requests/#{association_id}", response: 'accept'
+      rescue Net::HTTPServerException => e
+        # already exists -- i will allow it
+        if e.response.code == '409'
+          puts "User '#{user}' already associated with organization '#{org}'"
+        else
+          raise e
+        end
+      end
+
+      # add to admin?
+      groups = ['users']
+      groups << 'admins' if options[:admin]
+
+      # add user to group(s)
+      groups.each do |groupname|
+        group = chef_rest.get_rest "organizations/#{org}/groups/#{groupname}"
+        # check if user is in group
+        unless group['actors'].include?(user)
+          body_hash = {
+            groupname: "#{groupname}",
+            actors: {
+              users: group['actors'].concat([user]),
+              groups: group['groups']
+            }
+          }
+
+          # associate user
+          chef_rest.put_rest "organizations/#{org}/groups/#{groupname}", body_hash
+          puts "Successfully added '#{user}' to '#{groupname}' in the #{org} org"
+        end
+        next
+      end
+    end
+  end
+end

data/lib/ogre/base.rb

@@ -0,0 +1,21 @@
+require 'chef/rest'
+
+# Refer to README.md for use instructions
+module Ogre
+  # Base ogre class includes common parameters used to authenticate with Chef::REST
+  class Base < Thor::Group
+    include Thor::Actions
+
+    # Chef Rest parameters
+    class_option :server_url, type: :string, desc: DESC_CHEF_SERVER_URL
+    class_option :run_as, type: :string, desc: DESC_RUN_AS
+    class_option :key_path, type: :string, desc: DESC_PRIVATE_KEY
+
+    # Parameters passed in from cli will take precedence
+    def chef_rest
+      Chef::REST.new(options[:server_url] || Config.options[:server_url],
+                     options[:run_as] || Config.options[:run_as],
+                     options[:key_path] || Config.options[:key_path])
+    end
+  end
+end

data/lib/ogre/config.rb

@@ -0,0 +1,18 @@
+require 'fileutils'
+
+# This is a simple class that puts options from a config file
+# into an accessible object
+module Ogre
+  # ogre home
+  OGRE_HOME = "#{ENV['HOME']}/.ogre"
+  # config path
+  CONFIG_PATH = "#{OGRE_HOME}/config.json"
+
+  # Static method to make config parameters available
+  class Config
+    # Read in defaults from config file
+    def self.options
+      (JSON.parse(File.read(CONFIG_PATH), symbolize_names: true) if File.exist?(CONFIG_PATH)) || {}
+    end
+  end
+end

data/lib/ogre/messages.rb

@@ -0,0 +1,84 @@
+
+# string constants for interactive messages
+module Ogre
+  # version
+  DESC_VERSION              = 'Display gem version'
+
+  # org create description
+  DESC_CREATE               = 'Create an organization in Chef'
+
+  # org delete description
+  DESC_DELETE               = 'Delete an organization in Chef'
+
+  # org short name
+  DESC_ORG                  = 'Organization short name'
+
+  # org description
+  DESC_ORG_DESC             = 'Organization long name'
+
+  # private key path
+  DESC_PRIVATE_KEY          = 'Path to private key file'
+
+  # chef server url
+  DESC_CHEF_SERVER_URL      = 'Chef Server URL i.e. https://chef.server.domain'
+
+  # associate description
+  DESC_ASSOCIATE_USERS      = 'Associate users to an organization'
+
+  # user description
+  DESC_USER                 = 'User name'
+
+  # associate to admin group description
+  DESC_ASSOCIATE_ADMIN      = 'Add user to admin group within organization'
+
+  # chef policy repository license
+  DESC_REPO_LICENSE         = 'Chef policy repository license'
+
+  # chef policy repository authors
+  DESC_REPO_AUTHORS         = 'Chef policy repository authors'
+
+  # chef policy repository path
+  DESC_REPO_PATH            = 'Chef policy repository path'
+
+  # chef policy repository e-mail
+  DESC_REPO_EMAIL           = 'Chef policy repository e-mail'
+
+  # create Chef policy repository
+  DESC_CREATE_REPO          = 'Create Chef policy repository'
+
+  # delete without confirmation
+  DESC_FORCE                = 'Delete without confirmation'
+
+  # create new chef user
+  DESC_CREATE_USER          = 'Create new chef user'
+
+  # Delete and disassociate chef user
+  DESC_DELETE_USER          = 'Delete and disassociate chef user'
+
+  # chef run as user
+  DESC_RUN_AS               = 'Chef user'
+
+  # vCenter Orchestrator URL
+  DESC_VCO_URL              = 'vCenter Orchestrator URL'
+
+  # vCenter Orchestrator user
+  DESC_VCO_USER             = 'vCenter Orchestrator user'
+
+  # vCenter Orchestrator password
+  DESC_VCO_PASSWORD         = 'vCenter Orchestrator password'
+
+  # vCenter Orchestrator workflow name
+  DESC_VCO_WF_NAME          = 'vCenter Orchestrator workflow name'
+
+  # Set chef validation key for VCO
+  DESC_SET_PRIVATE_KEY      = 'Set chef validation key for VCO'
+
+  # Chef hostname
+  DESC_CHEF_HOSTNAME        = 'Chef hostname'
+
+  # Chef validator username
+  DESC_CHEF_VALIDATOR       = 'Chef validator user name'
+
+  # vCenter verify ssl param
+  DESC_VCO_VERIFY_SSL       = 'vCenter Orchestrator verify ssl'
+end

data/lib/ogre/org-create.rb

@@ -0,0 +1,96 @@
+require 'chef-dk/command/generator_commands/repo'
+
+module Ogre
+  # Create organization through Chef::REST with the option to create the
+  # Chef policy repository
+  class OrgCreate < Ogre::Base
+    # rubocop:disable CyclomaticComplexity, PerceivedComplexity
+    # required parameters
+    argument :org, type: :string, desc: DESC_ORG
+    argument :org_desc, type: :string, desc: DESC_ORG_DESC
+
+    # optional chef policy repo parameters
+    class_option :create_repo, aliases: '-p', type: :boolean, default: false, desc: DESC_CREATE_REPO
+    class_option :repo_path, aliases: '-P', type: :string, desc: DESC_REPO_PATH
+    class_option :license, aliases: '-I', default: 'apache2', type: :string, desc: DESC_REPO_LICENSE
+    class_option :email, aliases: '-m', type: :string, desc: DESC_REPO_EMAIL
+    class_option :authors, aliases: '-C', type: :string, desc: DESC_REPO_AUTHORS
+
+    # organization create method
+    def org_create
+      org_json = { name: "#{org}", full_name: "#{org_desc}" }
+      response = chef_rest.post_rest('/organizations', org_json)
+      puts "'#{org}' org has been created."
+
+      # use chef repo generate to create a chef policy repo
+      if options[:create_repo]
+
+        # create parent dir for chef policy repo
+        repo_path = options[:repo_path] ? options[:repo_path] : OGRE_HOME
+        Dir.mkdir repo_path unless File.exist?(repo_path)
+
+        # run cookbook generate
+        generate_cmd = ChefDK::Command::GeneratorCommands::Repo.new(generate_params(repo_path))
+        generate_cmd.run
+
+        File.open("#{repo_path}/#{org}-chef/.chef/#{response['clientname']}.pem", 'w') do |f|
+          f.print(response['private_key'])
+        end
+
+      else
+        puts response['private_key']
+      end
+
+    rescue Net::HTTPServerException => e
+
+      # already exists -- i will allow it
+      if e.response.code == '409'
+        puts "#{org} org already exists"
+      else
+        raise e
+      end
+    end
+
+    private
+
+    # concatenate parameters into a format ChefDK::Command::GeneratorCommands::Repo will accept
+    def generate_params(parent_path)
+      # chef policy repository parameters
+      generate_str = ["#{parent_path}/#{org}-chef"]
+
+      # org name
+      generate_str << '-a'
+      generate_str << "org=#{org}"
+
+      # chef server url
+      generate_str << '-a'
+      generate_str << "chef_server_url=#{options[:server_url] || Config.options[:server_url]}"
+
+      # generator skeleton
+      generate_str << '-g'
+      generate_str << 'lib/ogre/skeletons/code_generator'
+
+      # optional license
+      if options[:license]
+        generate_str << '-I'
+        generate_str << "#{options[:license]}"
+      end
+
+      # optional email
+      if options[:email]
+        generate_str << '-m'
+        generate_str << "#{options[:email]}"
+      end
+
+      # optional authors
+      if options[:authors]
+        generate_str << '-C'
+        generate_str << "\"#{options[:authors]}\""
+      end
+
+      generate_str
+    end
+  end
+end
+
+# rubocop:enable CyclomaticComplexity, PerceivedComplexity