ohai 7.2.0.rc.1 → 7.2.0.rc.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e696d6497786e063bbcc85830a45813a0b744847
-  data.tar.gz: f2c84d8af20573e108ba3f2401a50d87a3df4258
+  metadata.gz: 9d1436bcd73ef60c3c794bdf276c0b572e757455
+  data.tar.gz: b767aa0d9791d62f002005b904c2115585ce4139
 SHA512:
-  metadata.gz: 70175ff249bb15b9bf961fc2040cfed5da50f6f3fc28b44c519e07615d550f050d6e7f002ddb7c0a51c35feb3fb43a21fe2fde754d65be2f9cbc6a628859831a
-  data.tar.gz: deb3e278ce5af36eb12080d9bbfa836a44bad719a7af7ba91ca0b1b6a664876a8508e3b1b37902703e93715984be8f08d7a2b9b0e062c230392a9b00d5228655
+  metadata.gz: aced95949e6cb8df985e11c345dfba4a73f30a222fd06be5d250bcb36d69fa96c9566394a2bf3b4d6379ff765d307888d5765a61aaf648864af593f181ef7ef8
+  data.tar.gz: 82b6fa1453d0352261468a31e23af6a5a047ef681da5db209c4b49bbf87dcf3f5e17a352d9bf5308d67e1e207797bb60b8b3e8be386db482b2bef592e3373fd3

data/lib/ohai/mixin/ec2_metadata.rb

@@ -122,6 +122,7 @@ module Ohai
       def fetch_metadata(id='', api_version=nil)
         api_version ||= best_api_version
         return Hash.new if api_version.nil?
+
         metadata = Hash.new
         retrieved_metadata = metadata_get(id, api_version)
         if retrieved_metadata

data/lib/ohai/plugins/ec2.rb

@@ -40,7 +40,7 @@ Ohai.plugin(:EC2) do
   end
 
   def looks_like_ec2?
-    # Try non-blocking connect so we don't "block" if 
+    # Try non-blocking connect so we don't "block" if
     # the Xen environment is *not* EC2
     hint?('ec2') || has_ec2_mac? && can_metadata_connect?(Ohai::Mixin::Ec2Metadata::EC2_METADATA_ADDR,80)
   end
@@ -49,7 +49,14 @@ Ohai.plugin(:EC2) do
     if looks_like_ec2?
       Ohai::Log.debug("looks_like_ec2? == true")
       ec2 Mash.new
-      fetch_metadata.each {|k, v| ec2[k] = v }
+      fetch_metadata.each do |k, v|
+        # fetch_metadata returns IAM security credentials, including the IAM user's
+        # secret access key. We'd rather not have ohai send this information
+        # to the server.
+        # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html#instancedata-data-categories
+        next if k == 'iam' && !hint?('iam')
+        ec2[k] = v
+      end
       ec2[:userdata] = self.fetch_userdata
     else
       Ohai::Log.debug("looks_like_ec2? == false")

data/lib/ohai/plugins/eucalyptus.rb

@@ -47,7 +47,7 @@ Ohai.plugin(:Eucalyptus) do
   end
 
   def looks_like_euca?
-    # Try non-blocking connect so we don't "block" if 
+    # Try non-blocking connect so we don't "block" if
     # the Xen environment is *not* EC2
     hint?('eucalyptus') || has_euca_mac? && can_metadata_connect?(Ohai::Mixin::Ec2Metadata::EC2_METADATA_ADDR,80)
   end
@@ -56,7 +56,17 @@ Ohai.plugin(:Eucalyptus) do
     if looks_like_euca?
       Ohai::Log.debug("looks_like_euca? == true")
       eucalyptus Mash.new
-      self.fetch_metadata.each {|k, v| eucalyptus[k] = v }
+      self.fetch_metadata.each do |k, v|
+        # Eucalyptus 3.4+ supports IAM roles and Instance Profiles much like AWS
+        # https://www.eucalyptus.com/blog/2013/10/15/iam-roles-and-instance-profiles-eucalyptus-34
+        #
+        # fetch_metadata returns IAM security credentials, including the IAM user's
+        # secret access key. We'd rather not have ohai send this information
+        # to the server.
+        # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html#instancedata-data-categories
+        next if k == 'iam' && !hint?('iam')
+        eucalyptus[k] = v
+      end
       eucalyptus[:userdata] = self.fetch_userdata
     else
       Ohai::Log.debug("looks_like_euca? == false")

data/lib/ohai/version.rb

@@ -18,5 +18,5 @@
 
 module Ohai
   OHAI_ROOT = File.expand_path(File.dirname(__FILE__))
-  VERSION = '7.2.0.rc.1'
+  VERSION = '7.2.0.rc.2'
 end

data/spec/unit/plugins/ec2_spec.rb

@@ -44,6 +44,7 @@ describe Ohai::System, "plugin ec2" do
       @http_client.should_receive(:get).
         with("/").twice.
         and_return(double("Net::HTTP Response", :body => "2012-01-12", :code => "200"))
+      File.stub(:exist?).and_return(false)
     end
 
     it "should recursively fetch all the ec2 metadata" do
@@ -64,6 +65,7 @@ describe Ohai::System, "plugin ec2" do
         and_return(double("Net::HTTP Response", :body => "By the pricking of my thumb...", :code => "200"))
 
       @plugin.run
+
       @plugin[:ec2].should_not be_nil
       @plugin[:ec2]['instance_type'].should == "c1.medium"
       @plugin[:ec2]['ami_id'].should == "ami-5d2dc934"
@@ -92,33 +94,80 @@ describe Ohai::System, "plugin ec2" do
       @http_client.should_receive(:get).
         with("/2012-01-12/user-data/").
         and_return(double("Net::HTTP Response", :body => "By the pricking of my thumb...", :code => "200"))
+
       @plugin.run
 
       @plugin[:ec2].should_not be_nil
       @plugin[:ec2]['network_interfaces_macs']['12:34:56:78:9a:bc']['public_hostname'].should eql('server17.opscode.com')
     end
 
-    it "should parse ec2 iam/ directory and its JSON files properly" do
-      @http_client.should_receive(:get).
-        with("/2012-01-12/meta-data/").
-        and_return(double("Net::HTTP Response", :body => "iam/", :code => "200"))
-      @http_client.should_receive(:get).
-        with("/2012-01-12/meta-data/iam/").
-        and_return(double("Net::HTTP Response", :body => "security-credentials/", :code => "200"))
-      @http_client.should_receive(:get).
-        with("/2012-01-12/meta-data/iam/security-credentials/").
-        and_return(double("Net::HTTP Response", :body => "MyRole", :code => "200"))
-      @http_client.should_receive(:get).
-        with("/2012-01-12/meta-data/iam/security-credentials/MyRole").
-        and_return(double("Net::HTTP Response", :body => "{\n  \"Code\" : \"Success\",\n  \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n  \"Type\" : \"AWS-HMAC\",\n  \"AccessKeyId\" : \"AAAAAAAA\",\n  \"SecretAccessKey\" : \"SSSSSSSS\",\n  \"Token\" : \"12345678\",\n  \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", :code => "200"))
-      @http_client.should_receive(:get).
-        with("/2012-01-12/user-data/").
-        and_return(double("Net::HTTP Response", :body => "By the pricking of my thumb...", :code => "200"))
-      @plugin.run
+    context "with ec2_iam cloud file" do
+      before do
+        if windows?
+          File.stub(:exist?).with('C:\chef\ohai\hints/iam.json').and_return(true)
+          File.stub(:read).with('C:\chef\ohai\hints/iam.json').and_return('')
+        else
+          File.stub(:exist?).with('/etc/chef/ohai/hints/iam.json').and_return(true)
+          File.stub(:read).with('/etc/chef/ohai/hints/iam.json').and_return('')
+        end
+      end
 
-      @plugin[:ec2].should_not be_nil
-      @plugin[:ec2]['iam']['security-credentials']['MyRole']['Code'].should eql 'Success'
-      @plugin[:ec2]['iam']['security-credentials']['MyRole']['Token'].should eql '12345678'
+      it "should parse ec2 iam/ directory and collect iam/security-credentials/" do
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/").
+          and_return(double("Net::HTTP Response", :body => "iam/", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/iam/").
+          and_return(double("Net::HTTP Response", :body => "security-credentials/", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/iam/security-credentials/").
+          and_return(double("Net::HTTP Response", :body => "MyRole", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/iam/security-credentials/MyRole").
+          and_return(double("Net::HTTP Response", :body => "{\n  \"Code\" : \"Success\",\n  \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n  \"Type\" : \"AWS-HMAC\",\n  \"AccessKeyId\" : \"AAAAAAAA\",\n  \"SecretAccessKey\" : \"SSSSSSSS\",\n  \"Token\" : \"12345678\",\n  \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/user-data/").
+          and_return(double("Net::HTTP Response", :body => "By the pricking of my thumb...", :code => "200"))
+
+        @plugin.run
+
+        @plugin[:ec2].should_not be_nil
+        @plugin[:ec2]['iam']['security-credentials']['MyRole']['Code'].should eql 'Success'
+        @plugin[:ec2]['iam']['security-credentials']['MyRole']['Token'].should eql '12345678'
+      end
+    end
+
+    context "without ec2_iam cloud file" do
+      before do
+        if windows?
+          File.stub(:exist?).with('C:\chef\ohai\hints/iam.json').and_return(false)
+        else
+          File.stub(:exist?).with('/etc/chef/ohai/hints/iam.json').and_return(false)
+        end
+      end
+
+      it "should parse ec2 iam/ directory and NOT collect iam/security-credentials/" do
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/").
+          and_return(double("Net::HTTP Response", :body => "iam/", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/iam/").
+          and_return(double("Net::HTTP Response", :body => "security-credentials/", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/iam/security-credentials/").
+          and_return(double("Net::HTTP Response", :body => "MyRole", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/meta-data/iam/security-credentials/MyRole").
+          and_return(double("Net::HTTP Response", :body => "{\n  \"Code\" : \"Success\",\n  \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n  \"Type\" : \"AWS-HMAC\",\n  \"AccessKeyId\" : \"AAAAAAAA\",\n  \"SecretAccessKey\" : \"SSSSSSSS\",\n  \"Token\" : \"12345678\",\n  \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", :code => "200"))
+        @http_client.should_receive(:get).
+          with("/2012-01-12/user-data/").
+          and_return(double("Net::HTTP Response", :body => "By the pricking of my thumb...", :code => "200"))
+
+        @plugin.run
+
+        @plugin[:ec2].should_not be_nil
+        @plugin[:ec2]['iam'].should be_nil
+      end
     end
 
     it "should ignore \"./\" and \"../\" on ec2 metadata paths to avoid infinity loops" do
@@ -201,10 +250,13 @@ describe Ohai::System, "plugin ec2" do
     it_should_behave_like "ec2"
 
     before(:each) do
-      File.stub(:exist?).with('/etc/chef/ohai/hints/ec2.json').and_return(true)
-      File.stub(:read).with('/etc/chef/ohai/hints/ec2.json').and_return('')
-      File.stub(:exist?).with('C:\chef\ohai\hints/ec2.json').and_return(true)
-      File.stub(:read).with('C:\chef\ohai\hints/ec2.json').and_return('')
+      if windows?
+        File.should_receive(:exist?).with('C:\chef\ohai\hints/ec2.json').and_return(true)
+        File.stub(:read).with('C:\chef\ohai\hints/ec2.json').and_return('')
+      else
+        File.should_receive(:exist?).with('/etc/chef/ohai/hints/ec2.json').and_return(true)
+        File.stub(:read).with('/etc/chef/ohai/hints/ec2.json').and_return('')
+      end
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ohai
 version: !ruby/object:Gem::Version
-  version: 7.2.0.rc.1
+  version: 7.2.0.rc.2
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-27 00:00:00.000000000 Z
+date: 2014-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mime-types