poise-git 1.0.0

data/lib/poise_git/resources/poise_git.rb

@@ -0,0 +1,252 @@
+#
+# Copyright 2015-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'shellwords'
+require 'zlib'
+
+require 'chef/provider/git'
+require 'chef/resource/git'
+require 'poise'
+
+require 'poise_git/git_command_mixin'
+require 'poise_git/safe_string'
+
+
+module PoiseGit
+  module Resources
+    # (see PoiseGit::Resource)
+    # @since 1.0.0
+    module PoiseGit
+     # A `poise_git` resource to manage Python installations using pip.
+      #
+      # @provides poise_git
+      # @action checkout
+      # @action export
+      # @action sync
+      # @example
+      #   poise_git '/srv/myapp' do
+      #     repository 'https://...'
+      #     deploy_key data_bag_item('deploy_keys', 'myapp')['key']
+      #   end
+      class Resource < Chef::Resource::Git
+        include Poise
+        include ::PoiseGit::GitCommandMixin
+        provides(:poise_git)
+        # Manually create matchers because #actions is unreliable.
+        %i{checkout export sync}.each do |action|
+          Poise::Helpers::ChefspecMatchers.create_matcher(:poise_git, action)
+        end
+
+        # @api private
+        def initialize(*args)
+          super
+          # Because the superclass declares this, we have to as well. Should be
+          # removable at some point when Chef makes everything use the provider
+          # resolver system instead.
+          @resource_name = :poise_git if defined?(@resource_name) && @resource_name
+          @provider = ::PoiseGit::Resources::PoiseGit::Provider if defined?(@provider) && @provider
+        end
+
+        # @!attribute strict_ssh
+        #   Enable strict SSH host key checking. Defaults to false.
+        #   @return [Boolean]
+        attribute(:strict_ssh, equal_to: [true, false], default: false)
+
+        # @!attribute deploy_key
+        #   SSH deploy key as either a string value or a path to a key file.
+        #   @return [String]
+        def deploy_key(val=nil)
+          # Use a SafeString for literal deploy keys so they aren't shown.
+          val = SafeString.new(val) if val && !deploy_key_is_local?(val)
+          set_or_return(:deploy_key, val, kind_of: String)
+        end
+
+        # Default SSH wrapper path.
+        #
+        # @api private
+        # @return [String]
+        def ssh_wrapper_path
+          @ssh_wrapper_path ||=  "#{Chef::Config[:file_cache_path]}/poise_git_wrapper_#{Zlib.crc32(name)}"
+        end
+
+        # Guess if the deploy key is a local path or literal value.
+        #
+        # @api private
+        # @param key [String, nil] Key value to check. Defaults to self.key.
+        # @return [Boolean]
+        def deploy_key_is_local?(key=nil)
+          key ||= deploy_key
+          # Try to be mindful of Windows-y paths here even though they almost
+          # certainly won't actually work later on with ssh.
+          key && key =~ /\A(\/|[a-zA-Z]:)/
+        end
+
+        # Path to deploy key.
+        #
+        # @api private
+        # @return [String]
+        def deploy_key_path
+          @deploy_key_path ||= if deploy_key_is_local?
+            deploy_key
+          else
+            "#{Chef::Config[:file_cache_path]}/poise_git_deploy_#{Zlib.crc32(name)}"
+          end
+        end
+
+        # Hook to force the git install via recipe if needed.
+        def after_created
+          if !parent_git && node['poise-git']['default_recipe']
+            # Use the default recipe to give us a parent the next time we ask.
+            run_context.include_recipe(node['poise-git']['default_recipe'])
+            # Force it to re-expand the cache next time.
+            @parent_git = nil
+          end
+          super
+        end
+
+      end
+
+      # The default provider for the `poise_git` resource.
+      #
+      # @see Resource
+      class Provider < Chef::Provider::Git
+        include Poise
+        include ::PoiseGit::GitCommandMixin
+        provides(:poise_git)
+
+        # @api private
+        def initialize(*args)
+          super
+          # Set the SSH wrapper path in a late-binding kind of way. This better
+          # supports situations where the user doesn't exist until Chef converges.
+          new_resource.ssh_wrapper(new_resource.ssh_wrapper_path) if new_resource.deploy_key
+        end
+
+        # Hack our special login in before load_current_resource runs because that
+        # needs access to the git remote.
+        #
+        # @api private
+        def load_current_resource
+          create_deploy_key if new_resource.deploy_key
+          super
+        end
+
+        # Like {#load_current_resource}, make sure git is installed since we might
+        # need it depending on the version of Chef.
+        #
+        # @api private
+        def define_resource_requirements
+          create_deploy_key if new_resource.deploy_key
+          super
+        end
+
+        private
+
+        # Install git and set up the deploy key if needed. Safe to call multiple
+        # times if needed.
+        #
+        # @api private
+        # @return [void]
+        def create_deploy_key
+          return if @create_deploy_key
+          Chef::Log.debug("[#{new_resource}] Creating deploy key")
+          old_why_run = Chef::Config[:why_run]
+          begin
+            # Forcibly disable why run support so these will always run, since
+            # we need to be able to talk to the git remote even just for the
+            # whyrun checks.
+            Chef::Config[:why_run] = false
+            notifying_block do
+              write_deploy_key
+              write_ssh_wrapper
+            end
+          ensure
+            Chef::Config[:why_run] = old_why_run
+          end
+          @create_deploy_key = true
+        end
+
+        # Copy the deploy key to a file if needed.
+        #
+        # @api private
+        # @return [void]
+        def write_deploy_key
+          # Check if we have a local path or some actual content
+          return if new_resource.deploy_key_is_local?
+          file new_resource.deploy_key_path do
+            owner new_resource.user
+            group new_resource.group
+            mode '600'
+            content new_resource.deploy_key
+            sensitive true
+          end
+        end
+
+        # Create the SSH wrapper script.
+        #
+        # @api private
+        # @return [void]
+        def write_ssh_wrapper
+          # Write out the GIT_SSH script, it should already be enabled above
+          file new_resource.ssh_wrapper_path do
+            owner new_resource.user
+            group new_resource.group
+            mode '700'
+            content %Q{#!/bin/sh\n/usr/bin/env ssh #{'-o "StrictHostKeyChecking=no" ' unless new_resource.strict_ssh}-i "#{new_resource.deploy_key_path}" $@\n}
+          end
+        end
+
+        # Patch back in the `#git` from the git provider. This otherwise conflicts
+        # with the `#git` defined by the DSL, which gets included in such a way
+        # that the DSL takes priority.
+        #
+        # @api private
+        def git(*args, &block)
+          self.class.superclass.instance_method(:git).bind(self).call(*args, &block)
+        end
+
+        # Trick all shell_out related things in the base class in to using
+        # my git_shell_out instead.
+        #
+        # @api private
+        def shell_out(*cmd, **options)
+          if @shell_out_hack_inner
+            # This is the real call.
+            super
+          else
+            # This ia call we want to intercept and send to our method.
+            begin
+              @shell_out_hack_inner = true
+              # Remove nils and flatten for compat with how core uses this method.
+              cmd.compact!
+              cmd.flatten!
+              # Reparse the command to get a clean array.
+              cmd = Shellwords.split(cmd.join(' '))
+              # We'll add the git command back in ourselves.
+              cmd.shift if cmd.first == 'git'
+              # Push the yak stack.
+              git_shell_out(*cmd, **options)
+            ensure
+              @shell_out_hack_inner = false
+            end
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/poise_git/resources/poise_git_client.rb

@@ -0,0 +1,82 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/resource'
+require 'poise'
+
+
+module PoiseGit
+  module Resources
+    # (see PoiseGitClient::Resource)
+    # @since 1.0.0
+    module PoiseGitClient
+      # A `poise_git_client` resource to install a C compiler and build tools.
+      #
+      # @provides poise_git_client
+      # @action install
+      # @action uninstall
+      # @example
+      #   poise_git_client 'git'
+      class Resource < Chef::Resource
+        include Poise(inversion: true, container: true)
+        provides(:poise_git_client)
+        actions(:install, :uninstall)
+
+        # @!attribute version
+        #   Version of Git to install. The version is prefix-matched so `'2'`
+        #   will install the most recent Git 2.x, and so on.
+        #   @return [String]
+        #   @example Install any version
+        #     poise_git_client 'any' do
+        #       version ''
+        #     end
+        #   @example Install Git 2
+        #     poise_git_client '2'
+        attribute(:version, kind_of: String, default: lazy { default_version })
+
+        # The path to the `git` binary for this Git installation. This is
+        # an output property.
+        #
+        # @return [String]
+        # @example
+        #   execute "#{resources('poise_git_client[git]').git_binary} init"
+        def git_binary
+          provider_for_action(:git_binary).git_binary
+        end
+
+        # The environment variables for this Git installation. This is an
+        # output property.
+        #
+        # @return [Hash<String, String>]
+        def git_environment
+          provider_for_action(:git_environment).git_environment
+        end
+
+        private
+
+        # Default value for the version property. Trims an optional `git-` from
+        # the resource name.
+        #
+        # @return [String]
+        def default_version
+          name[/^(git-?)?(.*)$/, 2] || ''
+        end
+      end
+
+      # Providers can be found under git_client_providers/.
+    end
+  end
+end

data/lib/poise_git/safe_string.rb

@@ -0,0 +1,25 @@
+#
+# Copyright 2015-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+module PoiseGit
+  # A string that won't be shown in Chef error output
+  class SafeString < String
+    def to_text
+      '"suppressed sensitive value"'
+    end
+  end
+end

data/lib/poise_git/version.rb

@@ -0,0 +1,20 @@
+#
+# Copyright 2015-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+module PoiseGit
+  VERSION = '1.0.0'
+end

data/poise-git.gemspec

@@ -0,0 +1,42 @@
+#
+# Copyright 2015-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'poise_git/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'poise-git'
+  spec.version = PoiseGit::VERSION
+  spec.authors = ['Noah Kantrowitz']
+  spec.email = %w{noah@coderanger.net}
+  spec.description = 'A Chef cookbook for installing and using Git.'
+  spec.summary = spec.description
+  spec.homepage = 'https://github.com/poise/poise-git'
+  spec.license = 'Apache 2.0'
+
+  spec.files = `git ls-files`.split($/)
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = %w{lib}
+
+  spec.add_dependency 'chef', '>= 12.1', '< 14'
+  spec.add_dependency 'halite', '~> 1.1'
+  spec.add_dependency 'poise', '~> 2.6'
+  spec.add_dependency 'poise-languages', '~> 2.1'
+
+  spec.add_development_dependency 'poise-boiler', '~> 1.6'
+end

data/test/cookbook/metadata.rb

@@ -0,0 +1,18 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'poise-git_test'
+depends 'poise-git'

data/test/cookbook/recipes/default.rb

@@ -0,0 +1,96 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Test SSH deploy key. Go ahead and scrape it, won't get you much.
+# Pubkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk2Y0Vj3oWr5oyo2ekL0V7Tj9/vNBjH6AiO/zfIc+7dR1KaCeCkx5GRhP/XxaiSn3Fxl1JSpBswd+Oue9SJ16nuQ2eUrK5zzN+GRsz4DfqvczmDLGHrlND3FpE+GbCMbmXObYoki9LuysrYVWfye4Rc5ICm+rSqtD+QB8rUguqXKu9tVVx9ug22P5s5OxcTCOZRJsz4U++64coD8X3P++6icGemXZDUUR5B2oWoMzXafbOC1Oo0aStAxEew/kfs3hFmdfmMdC9KAilqPxY1LtqHhMB0rdqynaAc4r1HKoSbAGdcwrJgd2TV8eoB25ydvzZwnOhLdO5Cm8Od63ovEUR
+DEPLOY_KEY = <<-EOH
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApNmNFY96Fq+aMqNnpC9Fe04/f7zQYx+gIjv83yHPu3UdSmgn
+gpMeRkYT/18Wokp9xcZdSUqQbMHfjrnvUidep7kNnlKyuc8zfhkbM+A36r3M5gyx
+h65TQ9xaRPhmwjG5lzm2KJIvS7srK2FVn8nuEXOSApvq0qrQ/kAfK1ILqlyrvbVV
+cfboNtj+bOTsXEwjmUSbM+FPvuuHKA/F9z/vuonBnpl2Q1FEeQdqFqDM12n2zgtT
+qNGkrQMRHsP5H7N4RZnX5jHQvSgIpaj8WNS7ah4TAdK3asp2gHOK9RyqEmwBnXMK
+yYHdk1fHqAducnb82cJzoS3TuQpvDnet6LxFEQIDAQABAoIBAHkim/fB7LcK5sZb
+KOePDQGk6ChXeNG+BY/igNj+IYXgc1uf2Zirvs1o5Xz8RMeQ8YcJUrduoV4pwLtC
+ikfWQkoBQ66ZmlfLmE0K6eBe3PgT7KMHpNTNFsaA/5w65FfC7lvfvqllcne12+0O
+ozq9ycDtKdfc9ttDRjvupnjQ212deUmpg6BG8rR9dx87Rwbk2/l+dCiSafl4HN5N
+LbrENL7K3j+XVA2DKEVsrCstJzaFgqflcsnrDX76M9TEx1MtowM3Ec3jcT9W1FX1
+/Rizmyow4ZV56QVz1+U13N7j0tW4EJl9EQnUye7UXyoSKfDOAGkZEKeztephBwZQ
+WBgnBLkCgYEA1FmUBv7gBnVRtpfDF+qefhgT9O/ANBh0W4m6mAzawle+TleZ1vsJ
+1oKG6XcSQQiRRnKdcAakxSmIw5LK54hlMczy9l5GHRQozYrbdsGUzTgYHcmThr6v
+V4b7c+OxmfeV3vae07GHeXUPttzHDKXBdQqZaTaax5y8bjAflmRYNbcCgYEAxrxj
+1SSwOlTXB+PVaHUPTe4AvrliCxjs9PV4O1f8oMbZ97avvNrtBNroYvukLfQNrnfF
+0fIdm/BDOgAnD5I9bwbOuRqvLidzHik9KM33mpmC/4fRI5lFzMv0yd4S/dpJbGql
+FQvZKGGGc8h4NXiXdSqCqr+axJdBRRL+2PJ3G3cCgYB4jZpiFlRsljIbrTDO5R2x
+jE3YIjxF1xRH23sZU0LmThX2N/lYeRBuvY+F/1lXnluLWQpUTRFB9YB1N2MF6wM4
+MJhGkeLQI1++wPQzCVdG4m+eiY+9UYgN8s3STxPGyy5EdFJa8FBu/aw8Lj66yWd4
+4NmTR7K7XBoFnEByiukhJQKBgQCb//2NrkL3RumUM++tE1Z0IcNL81FWzLYUgyth
+yetweSdYH3tLj75F9WA9crKpr82dij8qUheT9MGQodYHjw/SO1HCU4P3gtgGcPCl
+OyiFnsMJup8chpAX9nGslDnsMpE4HW6AWtCXthZIhLB3qLWbL0dqqQTgFKsTgZmy
+yoFceQKBgBcNNGTOjzW+J7lfC+AY+XUPhZQAUJi47+m0Tbrp5j/1BDuvI6WTlsIr
+7WMFJM91xqHQZK7D0zjbGa42+uwlCs+ZBolNZpW2K7dNAriBjHuD3VDhlkqZrPC2
+EwOhBYydRkzoALbgESjKP3VwfIVr9tWs4CyndY81uqRbgiRqdzR4
+-----END RSA PRIVATE KEY-----
+EOH
+
+# Base case test.
+poise_git '/test1' do
+  repository 'https://github.com/poise/test_repo.git'
+  revision 'master'
+end
+
+# Test using a branch just to make sure I didn't break that.
+poise_git '/test2' do
+  repository 'https://github.com/poise/test_repo.git'
+  revision 'release'
+end
+
+# Test using an inline string value for the deploy key.
+poise_git '/test3' do
+  repository 'git@github.com:coderanger/private_test_repo.git'
+  revision 'master'
+  deploy_key DEPLOY_KEY
+end
+
+# Test using a file path for the deploy key.
+file '/test4.key' do
+  content DEPLOY_KEY
+  mode '600'
+  sensitive true
+end
+
+poise_git '/test4' do
+  repository 'git@github.com:coderanger/private_test_repo.git'
+  revision 'release'
+  deploy_key '/test4.key'
+end
+
+# Test deploying as a non-root user.
+user 'poise' do
+  system true
+end
+
+directory '/test5' do
+  mode '777'
+  owner 'poise'
+end
+
+poise_git '/test5' do
+  repository 'git@github.com:coderanger/private_test_repo.git'
+  revision 'master'
+  deploy_key DEPLOY_KEY
+  user 'poise'
+end