poise-hoist 1.1.0 → 1.2.0

data/README.md

@@ -24,10 +24,25 @@ name 'myapp'
 
 run_list 'poise-hoist', 'myapp'
 
-default['staging']['myapp']['debug_mode'] = true
+# Default value for all groups.
+default['myapp']['debug_mode'] = true
+
+# Per-group values, will be hoisted on top of the default above.
+default['staging']['myapp']['debug_mode'] = 'extra_verbose'
 default['prod']['myapp']['debug_mode'] = false
 ```
 
+and then in your recipe code:
+
+```ruby
+some_resource 'name' do
+  debug_mode node['myapp']['debug_mode']
+end
+```
+
+This automatically hoists up policy attributes set under a top-level key
+matching the name of the policy group of the current node.
+
 ## Requirements
 
 Chef 12.2 or newer is required.
@@ -47,6 +62,15 @@ For older cookbooks still expecting to use `node.chef_environment`, by default
 that method will be patched to return the policy group label instead. This can
 be disabled by setting `node['poise-hoist']['hoist_chef_environment'] = false`.
 
+## Data Bag Attributes
+
+To pull in data from a data bag, set `node['poise-hoist']['data_bag']`, in your
+Policyfile or in a wrapper cookbook. It will look for an item in the specified
+data bag using the name of the node and then the name of policy group.
+
+This can be useful in combination with attributes from the Policyfile to provide
+immediate overrides outside of the "compile and push" cycle of the policy system.
+
 ## Sponsors
 
 Development sponsored by [Bloomberg](http://www.bloomberg.com/company/technology/).
@@ -55,7 +79,7 @@ The Poise test server infrastructure is generously sponsored by [Rackspace](http
 
 ## License
 
-Copyright 2016, Noah Kantrowitz
+Copyright 2016-2017, Noah Kantrowitz
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/chef/attributes/default.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,9 @@
 # limitations under the License.
 #
 
+# Name for attribute data bag. Defaults to nil, meaning the feature is disabled.
+default['poise-hoist']['data_bag'] = nil
+
 # Enable node.chef_environment by default.
 default['poise-hoist']['hoist_chef_environment'] = true
 

data/chef/recipes/default.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/poise_hoist.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@
 # limitations under the License.
 #
 
+require 'chef/encrypted_data_bag_item/check_encrypted'
 require 'chef/mixin/deep_merge'
 
 
@@ -21,6 +22,8 @@ require 'chef/mixin/deep_merge'
 #
 # @since 1.0.0
 module PoiseHoist
+  extend Chef::EncryptedDataBagItem::CheckEncrypted
+
   autoload :VERSION, 'poise_hoist/version'
 
   # Run the attribute hoist process.
@@ -37,10 +40,58 @@ module PoiseHoist
     # Hoist away, mateys!
     Chef::Mixin::DeepMerge.hash_only_merge!(node.role_default, node.role_default[policy_group]) if node.role_default.include?(policy_group)
     Chef::Mixin::DeepMerge.hash_only_merge!(node.role_override, node.role_override[policy_group]) if node.role_override.include?(policy_group)
+    # Grab from a data bag if one is configured.
+    hoist_from_data_bag!(node, policy_group, node['poise-hoist']['data_bag']) if node['poise-hoist']['data_bag']
     # Install the patch for chef_environment.
     patch_chef_environment!(node, policy_group)
   end
 
+  # Pull attribute data in from a data bag. Checks for an item matching the
+  # node node, and then the policy group.
+  #
+  # @api private
+  # @param node [Chef::Node] Node object to modify.
+  # @param policy_group [String] Policy group name.
+  # @param data_bag [String] Data bag name to load from.
+  # @return [void]
+  def self.hoist_from_data_bag!(node, policy_group, data_bag)
+    item = begin
+      data_bag_item(data_bag, node.name)
+    rescue Exception
+      data_bag_item(data_bag, policy_group)
+    end
+    Chef::Mixin::DeepMerge.hash_only_merge!(node.role_override, item)
+  end
+
+  # A copy of Chef's data_bag_item method, modified to remove some spurious
+  # error logging and returns a plain hash without the `id` field instead of
+  # one of the data bag item objects.
+  #
+  # @api private
+  # @param bag [String] Data bag name.
+  # @param item [String] Data bag item name.
+  # @param secret [String, nil] Data bag secret.
+  # @return [Hash]
+  def self.data_bag_item(bag, item, secret = nil)
+    Chef::DataBag.validate_name!(bag.to_s)
+    Chef::DataBagItem.validate_id!(item)
+
+    item = Chef::DataBagItem.load(bag, item)
+    data = if encrypted?(item.raw_data)
+      Chef::Log.debug("Data bag item looks encrypted: #{bag.inspect} #{item.inspect}")
+
+      # Try to load the data bag item secret, if secret is not provided.
+      # Chef::EncryptedDataBagItem.load_secret may throw a variety of errors.
+      secret ||= Chef::EncryptedDataBagItem.load_secret
+      Chef::EncryptedDataBagItem.new(item.raw_data, secret).to_hash
+    else
+      item.raw_data
+    end
+    data.delete('id')
+
+    data
+  end
+
   # Patch `node.chef_environment` to return the policy group name if enabled
   # via `node['poise-hoist']['hoist_chef_environment']`.
   #

data/lib/poise_hoist/cheftie.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/poise_hoist/version.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,5 +17,5 @@
 
 module PoiseHoist
   # Version for the poise-hoist gem.
-  VERSION = '1.1.0'
+  VERSION = '1.2.0'
 end

data/poise-hoist.gemspec

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,16 +26,18 @@ Gem::Specification.new do |spec|
   spec.description = 'Automatically hoist environment level-attributes from Policyfiles.'
   spec.summary = spec.description
   spec.homepage = 'https://github.com/poise/poise-hoist'
-  spec.license = 'Apache 2.0'
+  spec.license = 'Apache-2.0'
+  spec.metadata['platforms'] = 'any'
 
   spec.files = `git ls-files`.split($/)
   spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w{lib}
 
+  spec.add_dependency 'chef', '>= 12.2', '< 14'
   spec.add_dependency 'halite', '~> 1.0'
 
-  spec.add_development_dependency 'chef-dk', '~> 0.1'
+  spec.add_development_dependency 'chef-dk', '>= 0.10', '< 3'
   spec.add_development_dependency 'kitchen-inspec', '~> 0.12'
   spec.add_development_dependency 'poise-boiler', '~> 1.8'
 end

data/test/cookbook/attributes/default.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,3 +17,4 @@
 default['hoist_test']['one'] = 1
 default['hoist_test']['two'] = 2
 default['hoist_test']['three'] = 3
+default['hoist_test']['four'] = 4

data/test/cookbook/metadata.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/test/cookbook/recipes/default.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2016, Noah Kantrowitz
+# Copyright 2016-2017, Noah Kantrowitz
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/test/gemfiles/chef-12.10.gemfile

@@ -0,0 +1,26 @@
+#
+# Copyright 2016-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.10.24'
+gem 'rack', '< 2'
+gem 'foodcritic', '< 8'
+gem 'chef-dk', '~> 0.14.0'
+gem 'mixlib-install', '>= 2'
+gem 'fauxhai', '<= 3.9.0'
+gem 'cheffish', '< 13'
+gem 'chefspec', '< 6'

data/test/gemfiles/chef-12.11.gemfile

@@ -0,0 +1,26 @@
+#
+# Copyright 2016-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.11.18'
+gem 'rack', '< 2'
+gem 'foodcritic', '< 8'
+gem 'chef-dk', '~> 0.15.0'
+gem 'mixlib-install', '>= 2'
+gem 'fauxhai', '<= 3.9.0'
+gem 'cheffish', '< 13'
+gem 'chefspec', '< 6'

data/test/gemfiles/chef-12.12.gemfile

@@ -0,0 +1,25 @@
+#
+# Copyright 2016-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.12.15'
+gem 'foodcritic', '< 8'
+gem 'chef-dk', '~> 0.16.0'
+gem 'mixlib-install', '>= 2'
+gem 'fauxhai', '<= 3.9.0'
+gem 'cheffish', '< 13'
+gem 'chefspec', '< 6'

data/test/gemfiles/chef-12.13.gemfile

@@ -0,0 +1,25 @@
+#
+# Copyright 2016-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.13.37'
+gem 'foodcritic', '< 8'
+gem 'chef-dk', '~> 0.17.0'
+gem 'mixlib-install', '>= 2'
+gem 'fauxhai', '<= 3.9.0'
+gem 'cheffish', '< 13'
+gem 'chefspec', '< 6'

data/test/gemfiles/chef-12.14.gemfile

@@ -0,0 +1,21 @@
+#
+# Copyright 2016-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.14.89'
+gem 'chef-dk', '~> 0.18.0'
+gem 'cheffish', '< 13'

data/test/gemfiles/chef-12.15.gemfile

@@ -0,0 +1,21 @@
+#
+# Copyright 2016-2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.15.19'
+gem 'chef-dk', '~> 0.19.0'
+gem 'cheffish', '< 13'

data/test/gemfiles/chef-12.16.gemfile

@@ -0,0 +1,21 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.16.42'
+gem 'chef-dk', '~> 1.0.0'
+gem 'cheffish', '< 13'

data/test/gemfiles/chef-12.17.gemfile

@@ -0,0 +1,21 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'chef', '~> 12.17.44'
+gem 'chef-dk', '~> 1.1.0'
+gem 'cheffish', '< 13'