diff options
| author | Thom May <thom@chef.io> | 2016-07-29 17:00:49 +0100 |
|---|---|---|
| committer | Thom May <thom@may.lt> | 2016-07-29 17:00:49 +0100 |
| commit | e257f450c044616fefbd15e9a180387aaaa572a1 (patch) | |
| tree | 6a148967013485078af6601546bdb7b61c623f3c /lib/chef_zero/chef_data | |
| parent | 4c86d798010b73c76c916e601ff48c24ffb65dd6 (diff) | |
| download | chef-zero-e257f450c044616fefbd15e9a180387aaaa572a1.tar.gz | |
ChefStyletm/style
Signed-off-by: Thom May <thom@may.lt>
Diffstat (limited to 'lib/chef_zero/chef_data')
| -rw-r--r-- | lib/chef_zero/chef_data/acl_path.rb | 32 | ||||
| -rw-r--r-- | lib/chef_zero/chef_data/cookbook_data.rb | 48 | ||||
| -rw-r--r-- | lib/chef_zero/chef_data/data_normalizer.rb | 240 | ||||
| -rw-r--r-- | lib/chef_zero/chef_data/default_creator.rb | 290 |
4 files changed, 305 insertions, 305 deletions
diff --git a/lib/chef_zero/chef_data/acl_path.rb b/lib/chef_zero/chef_data/acl_path.rb index 52b43d4..dd162bd 100644 --- a/lib/chef_zero/chef_data/acl_path.rb +++ b/lib/chef_zero/chef_data/acl_path.rb @@ -13,9 +13,9 @@ module ChefZero # specified on X, they are not inherited from X's parent # - stop adding pivotal to acls (he already has access to what he needs) module AclPath - ORG_DATA_TYPES = %w(clients cookbook_artifacts cookbooks containers data environments groups - nodes policies policy_groups roles sandboxes) - TOP_DATA_TYPES = %w(containers organizations users) + ORG_DATA_TYPES = %w{clients cookbook_artifacts cookbooks containers data environments groups + nodes policies policy_groups roles sandboxes} + TOP_DATA_TYPES = %w{containers organizations users} # ACL data paths for a partition are: # / -> /acls/root @@ -42,7 +42,7 @@ module ChefZero # return nil, because it is the parent path (data/bag) that has an ACL. def self.get_acl_data_path(path) # Things under organizations have their own acls hierarchy - if path[0] == 'organizations' && path.size >= 2 + if path[0] == "organizations" && path.size >= 2 under_org = partition_acl_data_path(path[2..-1], ORG_DATA_TYPES) if under_org path[0..1] + under_org @@ -63,14 +63,14 @@ module ChefZero # /containers/nodes, not /nodes. # def self.get_object_path(acl_data_path) - if acl_data_path[0] == 'acls' - if acl_data_path[1] == 'root' + if acl_data_path[0] == "acls" + if acl_data_path[1] == "root" [] else acl_data_path[1..-1] end - elsif acl_data_path[0] == 'organizations' && acl_data_path[2] == 'acls' - if acl_data_path[3] == 'root' + elsif acl_data_path[0] == "organizations" && acl_data_path[2] == "acls" + if acl_data_path[3] == "root" acl_data_path[0..1] else acl_data_path[0..1] + acl_data_path[3..-1] @@ -91,13 +91,13 @@ module ChefZero # /acls/root -> # nil def self.parent_acl_data_path(acl_data_path) - if acl_data_path[0] == 'organizations' + if acl_data_path[0] == "organizations" under_org = partition_parent_acl_data_path(acl_data_path[2..-1]) if under_org acl_data_path[0..1] + under_org else # ACL data path is /organizations/X/acls/root; therefore parent is "/organizations" - [ 'acls', 'containers', 'organizations' ] + %w{acls containers organizations} end else partition_parent_acl_data_path(acl_data_path) @@ -114,10 +114,10 @@ module ChefZero # Returns nil if the path is /acls/root def self.partition_parent_acl_data_path(acl_data_path) if acl_data_path.size == 3 - if acl_data_path == %w(acls containers containers) - [ 'acls', 'root' ] + if acl_data_path == %w{acls containers containers} + %w{acls root} else - [ 'acls', 'containers', acl_data_path[1]] + [ "acls", "containers", acl_data_path[1]] end else nil @@ -126,12 +126,12 @@ module ChefZero def self.partition_acl_data_path(path, data_types) if path.size == 0 - [ 'acls', 'root'] + %w{acls root} elsif data_types.include?(path[0]) if path.size == 0 - [ 'acls', 'containers', path[0] ] + [ "acls", "containers", path[0] ] elsif path.size == 2 - [ 'acls', path[0], path[1] ] + [ "acls", path[0], path[1] ] end end end diff --git a/lib/chef_zero/chef_data/cookbook_data.rb b/lib/chef_zero/chef_data/cookbook_data.rb index 83bdd46..1a0f473 100644 --- a/lib/chef_zero/chef_data/cookbook_data.rb +++ b/lib/chef_zero/chef_data/cookbook_data.rb @@ -1,10 +1,10 @@ -require 'digest/md5' -require 'hashie/mash' +require "digest/md5" +require "hashie/mash" module ChefZero module ChefData module CookbookData - def self.to_hash(cookbook, name, version=nil) + def self.to_hash(cookbook, name, version = nil) frozen = false if cookbook.has_key?(:frozen) frozen = cookbook[:frozen] @@ -15,14 +15,14 @@ module ChefZero result = files_from(cookbook) recipe_names = result[:recipes].map do |recipe| recipe_name = recipe[:name][0..-2] - recipe_name == 'default' ? name : "#{name}::#{recipe_name}" + recipe_name == "default" ? name : "#{name}::#{recipe_name}" end result[:metadata] = metadata_from(cookbook, name, version, recipe_names) result[:name] = "#{name}-#{result[:metadata][:version]}" - result[:json_class] = 'Chef::CookbookVersion' + result[:json_class] = "Chef::CookbookVersion" result[:cookbook_name] = name result[:version] = result[:metadata][:version] - result[:chef_type] = 'cookbook_version' + result[:chef_type] = "cookbook_version" result[:frozen?] = true if frozen result end @@ -32,18 +32,18 @@ module ChefZero # If both .rb and .json exist, read .rb # TODO if recipes has 3 recipes in it, and the Ruby/JSON has only one, should # the resulting recipe list have 1, or 3-4 recipes in it? - if has_child(directory, 'metadata.rb') + if has_child(directory, "metadata.rb") begin - file = filename(directory, 'metadata.rb') || "(#{name}/metadata.rb)" - metadata.instance_eval(read_file(directory, 'metadata.rb'), file) + file = filename(directory, "metadata.rb") || "(#{name}/metadata.rb)" + metadata.instance_eval(read_file(directory, "metadata.rb"), file) rescue ChefZero::Log.error("Error loading cookbook #{name}: #{$!}\n #{$!.backtrace.join("\n ")}") end - elsif has_child(directory, 'metadata.json') - metadata.from_json(read_file(directory, 'metadata.json')) + elsif has_child(directory, "metadata.json") + metadata.from_json(read_file(directory, "metadata.json")) end result = {} - metadata.to_hash.each_pair do |key,value| + metadata.to_hash.each_pair do |key, value| result[key.to_sym] = value end result[:version] = version if version @@ -69,7 +69,7 @@ module ChefZero def initialize(cookbook) self.name(cookbook.name) self.recipes(cookbook.fully_qualified_recipe_names) - %w(attributes grouping dependencies supports recommendations suggestions conflicting providing replacing recipes).each do |hash_arg| + %w{attributes grouping dependencies supports recommendations suggestions conflicting providing replacing recipes}.each do |hash_arg| self[hash_arg.to_sym] = Hashie::Mash.new end end @@ -145,15 +145,15 @@ module ChefZero def self.files_from(directory) # TODO some support .rb only result = { - :attributes => load_child_files(directory, 'attributes', false), - :definitions => load_child_files(directory, 'definitions', false), - :recipes => load_child_files(directory, 'recipes', false), - :libraries => load_child_files(directory, 'libraries', true), - :templates => load_child_files(directory, 'templates', true), - :files => load_child_files(directory, 'files', true), - :resources => load_child_files(directory, 'resources', true), - :providers => load_child_files(directory, 'providers', true), - :root_files => load_files(directory, false) + :attributes => load_child_files(directory, "attributes", false), + :definitions => load_child_files(directory, "definitions", false), + :recipes => load_child_files(directory, "recipes", false), + :libraries => load_child_files(directory, "libraries", true), + :templates => load_child_files(directory, "templates", true), + :files => load_child_files(directory, "files", true), + :resources => load_child_files(directory, "resources", true), + :providers => load_child_files(directory, "providers", true), + :root_files => load_files(directory, false), } set_specificity(result[:templates]) set_specificity(result[:files]) @@ -231,13 +231,13 @@ module ChefZero :name => name, :path => name, :checksum => Digest::MD5.hexdigest(value), - :specificity => 'default' + :specificity => "default", }] end def self.set_specificity(files) files.each do |file| - parts = file[:path].split('/') + parts = file[:path].split("/") raise "Only directories are allowed directly under templates or files: #{file[:path]}" if parts.size == 2 file[:specificity] = parts[1] end diff --git a/lib/chef_zero/chef_data/data_normalizer.rb b/lib/chef_zero/chef_data/data_normalizer.rb index e819f1d..a762581 100644 --- a/lib/chef_zero/chef_data/data_normalizer.rb +++ b/lib/chef_zero/chef_data/data_normalizer.rb @@ -1,6 +1,6 @@ -require 'chef_zero' -require 'chef_zero/rest_base' -require 'chef_zero/chef_data/default_creator' +require "chef_zero" +require "chef_zero/rest_base" +require "chef_zero/chef_data/default_creator" module ChefZero module ChefData @@ -8,210 +8,210 @@ module ChefZero def self.normalize_acls(acls) ChefData::DefaultCreator::PERMISSIONS.each do |perm| acls[perm] ||= {} - (acls[perm]['actors'] ||= []).uniq! # this gets doubled sometimes, for reasons. - acls[perm]['groups'] ||= [] + (acls[perm]["actors"] ||= []).uniq! # this gets doubled sometimes, for reasons. + acls[perm]["groups"] ||= [] end acls end def self.normalize_client(client, name, orgname = nil) - client['name'] ||= name - client['clientname'] ||= name - client['admin'] = !!client['admin'] if client.key?('admin') - client['public_key'] = PUBLIC_KEY unless client.key?('public_key') - client['orgname'] ||= orgname - client['validator'] ||= false - client['validator'] = !!client['validator'] - client['json_class'] ||= "Chef::ApiClient" - client['chef_type'] ||= "client" + client["name"] ||= name + client["clientname"] ||= name + client["admin"] = !!client["admin"] if client.key?("admin") + client["public_key"] = PUBLIC_KEY unless client.key?("public_key") + client["orgname"] ||= orgname + client["validator"] ||= false + client["validator"] = !!client["validator"] + client["json_class"] ||= "Chef::ApiClient" + client["chef_type"] ||= "client" client end def self.normalize_container(container, name) - container.delete('id') - container['containername'] = name - container['containerpath'] = name + container.delete("id") + container["containername"] = name + container["containerpath"] = name container end - def self.normalize_user(user, name, identity_keys, osc_compat, method=nil) + def self.normalize_user(user, name, identity_keys, osc_compat, method = nil) user[identity_keys.first] ||= name - user['public_key'] = PUBLIC_KEY unless user.key?('public_key') - user['admin'] ||= false - user['admin'] = !!user['admin'] - user['openid'] ||= nil + user["public_key"] = PUBLIC_KEY unless user.key?("public_key") + user["admin"] ||= false + user["admin"] = !!user["admin"] + user["openid"] ||= nil if !osc_compat - if method == 'GET' - user.delete('admin') - user.delete('password') - user.delete('openid') + if method == "GET" + user.delete("admin") + user.delete("password") + user.delete("openid") end - user['email'] ||= nil - user['first_name'] ||= nil - user['last_name'] ||= nil + user["email"] ||= nil + user["first_name"] ||= nil + user["last_name"] ||= nil end user end def self.normalize_data_bag_item(data_bag_item, data_bag_name, id, method) - if method == 'DELETE' + if method == "DELETE" # TODO SERIOUSLY, WHO DOES THIS MANY EXCEPTIONS IN THEIR INTERFACE - if !(data_bag_item['json_class'] == 'Chef::DataBagItem' && data_bag_item['raw_data']) - data_bag_item['id'] ||= id - data_bag_item = { 'raw_data' => data_bag_item } - data_bag_item['chef_type'] ||= 'data_bag_item' - data_bag_item['json_class'] ||= 'Chef::DataBagItem' - data_bag_item['data_bag'] ||= data_bag_name - data_bag_item['name'] ||= "data_bag_item_#{data_bag_name}_#{id}" + if !(data_bag_item["json_class"] == "Chef::DataBagItem" && data_bag_item["raw_data"]) + data_bag_item["id"] ||= id + data_bag_item = { "raw_data" => data_bag_item } + data_bag_item["chef_type"] ||= "data_bag_item" + data_bag_item["json_class"] ||= "Chef::DataBagItem" + data_bag_item["data_bag"] ||= data_bag_name + data_bag_item["name"] ||= "data_bag_item_#{data_bag_name}_#{id}" end else # If it's not already wrapped with raw_data, wrap it. - if data_bag_item['json_class'] == 'Chef::DataBagItem' && data_bag_item['raw_data'] - data_bag_item = data_bag_item['raw_data'] + if data_bag_item["json_class"] == "Chef::DataBagItem" && data_bag_item["raw_data"] + data_bag_item = data_bag_item["raw_data"] end # Argh. We don't do this on GET, but we do on PUT and POST???? - if %w(PUT POST).include?(method) - data_bag_item['chef_type'] ||= 'data_bag_item' - data_bag_item['data_bag'] ||= data_bag_name + if %w{PUT POST}.include?(method) + data_bag_item["chef_type"] ||= "data_bag_item" + data_bag_item["data_bag"] ||= data_bag_name end - data_bag_item['id'] ||= id + data_bag_item["id"] ||= id end data_bag_item end def self.normalize_cookbook(endpoint, org_prefix, cookbook, name, version, base_uri, method, - is_cookbook_artifact=false) + is_cookbook_artifact = false) # TODO I feel dirty - if method != 'PUT' + if method != "PUT" cookbook.each_pair do |key, value| if value.is_a?(Array) value.each do |file| - if file.is_a?(Hash) && file.has_key?('checksum') - file['url'] ||= endpoint.build_uri(base_uri, org_prefix + ['file_store', 'checksums', file['checksum']]) + if file.is_a?(Hash) && file.has_key?("checksum") + file["url"] ||= endpoint.build_uri(base_uri, org_prefix + ["file_store", "checksums", file["checksum"]]) end end end end - cookbook['name'] ||= "#{name}-#{version}" + cookbook["name"] ||= "#{name}-#{version}" # TODO it feels wrong, but the real chef server doesn't expand 'version', so we don't either. - cookbook['frozen?'] ||= false - cookbook['metadata'] ||= {} - cookbook['metadata']['version'] ||= version + cookbook["frozen?"] ||= false + cookbook["metadata"] ||= {} + cookbook["metadata"]["version"] ||= version # defaults set by the client and not the Server: # metadata[name, description, maintainer, maintainer_email, license] - cookbook['metadata']['long_description'] ||= "" - cookbook['metadata']['dependencies'] ||= {} - cookbook['metadata']['attributes'] ||= {} - cookbook['metadata']['recipes'] ||= {} + cookbook["metadata"]["long_description"] ||= "" + cookbook["metadata"]["dependencies"] ||= {} + cookbook["metadata"]["attributes"] ||= {} + cookbook["metadata"]["recipes"] ||= {} end if is_cookbook_artifact - cookbook.delete('json_class') + cookbook.delete("json_class") else - cookbook['cookbook_name'] ||= name - cookbook['json_class'] ||= 'Chef::CookbookVersion' + cookbook["cookbook_name"] ||= name + cookbook["json_class"] ||= "Chef::CookbookVersion" end - cookbook['chef_type'] ||= 'cookbook_version' - if method == 'MIN' - cookbook['metadata'].delete('attributes') - cookbook['metadata'].delete('long_description') + cookbook["chef_type"] ||= "cookbook_version" + if method == "MIN" + cookbook["metadata"].delete("attributes") + cookbook["metadata"].delete("long_description") end cookbook end def self.normalize_environment(environment, name) - environment['name'] ||= name - environment['description'] ||= '' - environment['cookbook_versions'] ||= {} - environment['json_class'] ||= "Chef::Environment" - environment['chef_type'] ||= "environment" - environment['default_attributes'] ||= {} - environment['override_attributes'] ||= {} + environment["name"] ||= name + environment["description"] ||= "" + environment["cookbook_versions"] ||= {} + environment["json_class"] ||= "Chef::Environment" + environment["chef_type"] ||= "environment" + environment["default_attributes"] ||= {} + environment["override_attributes"] ||= {} environment end def self.normalize_group(group, name, orgname) - group.delete('id') - if group['actors'].is_a?(Hash) - group['users'] ||= group['actors']['users'] - group['clients'] ||= group['actors']['clients'] - group['groups'] ||= group['actors']['groups'] - group['actors'] = nil + group.delete("id") + if group["actors"].is_a?(Hash) + group["users"] ||= group["actors"]["users"] + group["clients"] ||= group["actors"]["clients"] + group["groups"] ||= group["actors"]["groups"] + group["actors"] = nil end - group['users'] ||= [] - group['clients'] ||= [] - group['actors'] ||= (group['clients'] + group['users']) - group['groups'] ||= [] - group['orgname'] ||= orgname if orgname - group['name'] ||= name - group['groupname'] ||= name - - group['users'].uniq! - group['clients'].uniq! - group['actors'].uniq! - group['groups'].uniq! + group["users"] ||= [] + group["clients"] ||= [] + group["actors"] ||= (group["clients"] + group["users"]) + group["groups"] ||= [] + group["orgname"] ||= orgname if orgname + group["name"] ||= name + group["groupname"] ||= name + + group["users"].uniq! + group["clients"].uniq! + group["actors"].uniq! + group["groups"].uniq! group end def self.normalize_node(node, name) - node['name'] ||= name - node['json_class'] ||= 'Chef::Node' - node['chef_type'] ||= 'node' - node['chef_environment'] ||= '_default' - node['override'] ||= {} - node['normal'] ||= {"tags" => []} - node['default'] ||= {} - node['automatic'] ||= {} - node['run_list'] ||= [] - node['run_list'] = normalize_run_list(node['run_list']) + node["name"] ||= name + node["json_class"] ||= "Chef::Node" + node["chef_type"] ||= "node" + node["chef_environment"] ||= "_default" + node["override"] ||= {} + node["normal"] ||= { "tags" => [] } + node["default"] ||= {} + node["automatic"] ||= {} + node["run_list"] ||= [] + node["run_list"] = normalize_run_list(node["run_list"]) node end def self.normalize_policy(policy, name, revision) - policy['name'] ||= name - policy['revision_id'] ||= revision - policy['run_list'] ||= [] - policy['cookbook_locks'] ||= {} + policy["name"] ||= name + policy["revision_id"] ||= revision + policy["run_list"] ||= [] + policy["cookbook_locks"] ||= {} policy end def self.normalize_policy_group(policy_group, name) - policy_group[name] ||= 'name' - policy_group['policies'] ||= {} + policy_group[name] ||= "name" + policy_group["policies"] ||= {} policy_group end def self.normalize_organization(org, name) - org['name'] ||= name - org['full_name'] ||= name - org['org_type'] ||= 'Business' - org['clientname'] ||= "#{name}-validator" - org['billing_plan'] ||= 'platform-free' + org["name"] ||= name + org["full_name"] ||= name + org["org_type"] ||= "Business" + org["clientname"] ||= "#{name}-validator" + org["billing_plan"] ||= "platform-free" org end def self.normalize_role(role, name) - role['name'] ||= name - role['description'] ||= '' - role['json_class'] ||= 'Chef::Role' - role['chef_type'] ||= 'role' - role['default_attributes'] ||= {} - role['override_attributes'] ||= {} - role['run_list'] ||= [] - role['run_list'] = normalize_run_list(role['run_list']) - role['env_run_lists'] ||= {} - role['env_run_lists'].each_pair do |env, run_list| - role['env_run_lists'][env] = normalize_run_list(run_list) + role["name"] ||= name + role["description"] ||= "" + role["json_class"] ||= "Chef::Role" + role["chef_type"] ||= "role" + role["default_attributes"] ||= {} + role["override_attributes"] ||= {} + role["run_list"] ||= [] + role["run_list"] = normalize_run_list(role["run_list"]) + role["env_run_lists"] ||= {} + role["env_run_lists"].each_pair do |env, run_list| + role["env_run_lists"][env] = normalize_run_list(run_list) end role end def self.normalize_run_list(run_list) - run_list.map{|item| + run_list.map {|item| case item when /^recipe\[.*\]$/ item # explicit recipe diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb index 957018c..1ce6253 100644 --- a/lib/chef_zero/chef_data/default_creator.rb +++ b/lib/chef_zero/chef_data/default_creator.rb @@ -1,4 +1,4 @@ -require 'chef_zero/chef_data/acl_path' +require "chef_zero/chef_data/acl_path" module ChefZero module ChefData @@ -24,8 +24,8 @@ module ChefZero attr_reader :creators attr_reader :deleted - PERMISSIONS = %w(create read update delete grant) - DEFAULT_SUPERUSERS = %w(pivotal) + PERMISSIONS = %w{create read update delete grant} + DEFAULT_SUPERUSERS = %w{pivotal} def clear @creators = { [] => @superusers } @@ -35,7 +35,7 @@ module ChefZero def deleted(path) # acl deletes mean nothing, they are entirely subservient to their # parent object - if path[0] == 'acls' || (path[0] == 'organizations' && path[2] == 'acls') + if path[0] == "acls" || (path[0] == "organizations" && path[2] == "acls") return false end @@ -54,7 +54,7 @@ module ChefZero def created(path, creator, create_parents) # If a parent has been deleted, we will need to clear that. deleted_index = nil - 0.upto(path.size-1) do |index| + 0.upto(path.size - 1) do |index| deleted_index = index if @deleted[path[0..index]] end @@ -78,32 +78,32 @@ module ChefZero return nil if deleted?(path) result = case path[0] - when 'acls' - # /acls/* - object_path = AclPath.get_object_path(path) - if data_exists?(object_path) - default_acl(path) - end - - when 'containers' - if path.size == 2 && exists?(path) - {} - end - - when 'users' - if path.size == 2 && data.exists?(path) - # User is empty user - {} - end - - when 'organizations' - if path.size >= 2 - # /organizations/*/** - if data.exists_dir?(path[0..1]) - get_org_default(path) - end - end - end + when "acls" + # /acls/* + object_path = AclPath.get_object_path(path) + if data_exists?(object_path) + default_acl(path) + end + + when "containers" + if path.size == 2 && exists?(path) + {} + end + + when "users" + if path.size == 2 && data.exists?(path) + # User is empty user + {} + end + + when "organizations" + if path.size >= 2 + # /organizations/*/** + if data.exists_dir?(path[0..1]) + get_org_default(path) + end + end + end result end @@ -112,24 +112,24 @@ module ChefZero return nil if deleted?(path) if path.size == 0 - return %w(containers users organizations acls) + return %w{containers users organizations acls} end case path[0] - when 'acls' + when "acls" if path.size == 1 - [ 'root' ] + (data.list(path + [ 'containers' ]) - [ 'organizations' ]) + [ "root" ] + (data.list(path + [ "containers" ]) - [ "organizations" ]) else data.list(AclPath.get_object_path(path)) end - when 'containers' - [ 'containers', 'users', 'organizations' ] + when "containers" + %w{containers users organizations} - when 'users' + when "users" superusers - when 'organizations' + when "organizations" if path.size == 1 single_org ? [ single_org ] : [] elsif path.size >= 2 && data.exists_dir?(path[0..1]) @@ -147,32 +147,32 @@ module ChefZero protected DEFAULT_ORG_SPINE = { - 'clients' => {}, - 'cookbook_artifacts' => {}, - 'cookbooks' => {}, - 'data' => {}, - 'environments' => %w(_default), - 'file_store' => { - 'checksums' => {} + "clients" => {}, + "cookbook_artifacts" => {}, + "cookbooks" => {}, + "data" => {}, + "environments" => %w{_default}, + "file_store" => { + "checksums" => {}, }, - 'nodes' => {}, - 'policies' => {}, - 'policy_groups' => {}, - 'roles' => {}, - 'sandboxes' => {}, - 'users' => {}, - - 'org' => {}, - 'containers' => %w(clients containers cookbook_artifacts cookbooks data environments groups nodes policies policy_groups roles sandboxes), - 'groups' => %w(admins billing-admins clients users), - 'association_requests' => {} + "nodes" => {}, + "policies" => {}, + "policy_groups" => {}, + "roles" => {}, + "sandboxes" => {}, + "users" => {}, + + "org" => {}, + "containers" => %w{clients containers cookbook_artifacts cookbooks data environments groups nodes policies policy_groups roles sandboxes}, + "groups" => %w{admins billing-admins clients users}, + "association_requests" => {}, } def list_org_default(path) - if path.size >= 3 && path[2] == 'acls' + if path.size >= 3 && path[2] == "acls" if path.size == 3 # /organizations/ORG/acls - return [ 'root' ] + data.list(path[0..1] + [ 'containers' ]) + return [ "root" ] + data.list(path[0..1] + [ "containers" ]) elsif path.size == 4 # /organizations/ORG/acls/TYPE return data.list(path[0..1] + [ path[3] ]) @@ -182,27 +182,27 @@ module ChefZero end value = DEFAULT_ORG_SPINE - 2.upto(path.size-1) do |index| + 2.upto(path.size - 1) do |index| value = nil if @deleted[path[0..index]] break if !value value = value[path[index]] end result = if value.is_a?(Hash) - value.keys - elsif value - value - end + value.keys + elsif value + value + end if path.size == 3 - if path[2] == 'clients' + if path[2] == "clients" result << "#{path[1]}-validator" if osc_compat result << "#{path[1]}-webui" end - elsif path[2] == 'users' + elsif path[2] == "users" if osc_compat - result << 'admin' + result << "admin" end end end @@ -211,11 +211,11 @@ module ChefZero end def get_org_default(path) - if path[2] == 'acls' + if path[2] == "acls" get_org_acl_default(path) elsif path.size >= 4 - if path[2] == 'containers' && path.size == 4 + if path[2] == "containers" && path.size == 4 if exists?(path) return {} else @@ -226,40 +226,40 @@ module ChefZero # /organizations/(*)/clients/\1-validator # /organizations/*/environments/_default # /organizations/*/groups/{admins,billing-admins,clients,users} - case path[2..-1].join('/') + case path[2..-1].join("/") when "clients/#{path[1]}-validator" - { 'validator' => 'true' } + { "validator" => "true" } when "clients/#{path[1]}-webui", "users/admin" if osc_compat - { 'admin' => 'true' } + { "admin" => "true" } end when "environments/_default" { "description" => "The default Chef environment" } when "groups/admins" - admins = data.list(path[0..1] + [ 'users' ]).select do |name| - user = FFI_Yajl::Parser.parse(data.get(path[0..1] + [ 'users', name ]), :create_additions => false) - user['admin'] + admins = data.list(path[0..1] + [ "users" ]).select do |name| + user = FFI_Yajl::Parser.parse(data.get(path[0..1] + [ "users", name ]), :create_additions => false) + user["admin"] end - admins += data.list(path[0..1] + [ 'clients' ]).select do |name| - client = FFI_Yajl::Parser.parse(data.get(path[0..1] + [ 'clients', name ]), :create_additions => false) - client['admin'] + admins += data.list(path[0..1] + [ "clients" ]).select do |name| + client = FFI_Yajl::Parser.parse(data.get(path[0..1] + [ "clients", name ]), :create_additions => false) + client["admin"] end admins += @creators[path[0..1]] if @creators[path[0..1]] - { 'actors' => admins.uniq } + { "actors" => admins.uniq } when "groups/billing-admins" {} when "groups/clients" - { 'clients' => data.list(path[0..1] + [ 'clients' ]) } + { "clients" => data.list(path[0..1] + [ "clients" ]) } when "groups/users" - users = data.list(path[0..1] + [ 'users' ]) + users = data.list(path[0..1] + [ "users" ]) users |= @creators[path[0..1]] if @creators[path[0..1]] - { 'users' => users } + { "users" => users } when "org" {} @@ -273,70 +273,70 @@ module ChefZero # The actual things containers correspond to don't have to exist, as long as the container does return nil if !data_exists?(object_path) basic_acl = - case path[3..-1].join('/') - when 'root', 'containers/containers', 'containers/groups' + case path[3..-1].join("/") + when "root", "containers/containers", "containers/groups" { - 'create' => { 'groups' => %w(admins) }, - 'read' => { 'groups' => %w(admins users) }, - 'update' => { 'groups' => %w(admins) }, - 'delete' => { 'groups' => %w(admins) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins} }, + "read" => { "groups" => %w{admins users} }, + "update" => { "groups" => %w{admins} }, + "delete" => { "groups" => %w{admins} }, + "grant" => { "groups" => %w{admins} }, } - when 'containers/environments', 'containers/roles', 'containers/policy_groups', 'containers/policies' + when "containers/environments", "containers/roles", "containers/policy_groups", "containers/policies" { - 'create' => { 'groups' => %w(admins users) }, - 'read' => { 'groups' => %w(admins users clients) }, - 'update' => { 'groups' => %w(admins users) }, - 'delete' => { 'groups' => %w(admins users) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins users} }, + "read" => { "groups" => %w{admins users clients} }, + "update" => { "groups" => %w{admins users} }, + "delete" => { "groups" => %w{admins users} }, + "grant" => { "groups" => %w{admins} }, } - when 'containers/cookbooks', 'containers/cookbook_artifacts', 'containers/data' + when "containers/cookbooks", "containers/cookbook_artifacts", "containers/data" { - 'create' => { 'groups' => %w(admins users clients) }, - 'read' => { 'groups' => %w(admins users clients) }, - 'update' => { 'groups' => %w(admins users clients) }, - 'delete' => { 'groups' => %w(admins users clients) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins users clients} }, + "read" => { "groups" => %w{admins users clients} }, + "update" => { "groups" => %w{admins users clients} }, + "delete" => { "groups" => %w{admins users clients} }, + "grant" => { "groups" => %w{admins} }, } - when 'containers/nodes' + when "containers/nodes" { - 'create' => { 'groups' => %w(admins users clients) }, - 'read' => { 'groups' => %w(admins users clients) }, - 'update' => { 'groups' => %w(admins users) }, - 'delete' => { 'groups' => %w(admins users) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins users clients} }, + "read" => { "groups" => %w{admins users clients} }, + "update" => { "groups" => %w{admins users} }, + "delete" => { "groups" => %w{admins users} }, + "grant" => { "groups" => %w{admins} }, } - when 'containers/clients' + when "containers/clients" { - 'create' => { 'groups' => %w(admins) }, - 'read' => { 'groups' => %w(admins users) }, - 'update' => { 'groups' => %w(admins) }, - 'delete' => { 'groups' => %w(admins users) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins} }, + "read" => { "groups" => %w{admins users} }, + "update" => { "groups" => %w{admins} }, + "delete" => { "groups" => %w{admins users} }, + "grant" => { "groups" => %w{admins} }, } - when 'containers/sandboxes' + when "containers/sandboxes" { - 'create' => { 'groups' => %w(admins users) }, - 'read' => { 'groups' => %w(admins) }, - 'update' => { 'groups' => %w(admins) }, - 'delete' => { 'groups' => %w(admins) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins users} }, + "read" => { "groups" => %w{admins} }, + "update" => { "groups" => %w{admins} }, + "delete" => { "groups" => %w{admins} }, + "grant" => { "groups" => %w{admins} }, } - when 'groups/admins', 'groups/clients', 'groups/users' + when "groups/admins", "groups/clients", "groups/users" { - 'create' => { 'groups' => %w(admins) }, - 'read' => { 'groups' => %w(admins) }, - 'update' => { 'groups' => %w(admins) }, - 'delete' => { 'groups' => %w(admins) }, - 'grant' => { 'groups' => %w(admins) }, + "create" => { "groups" => %w{admins} }, + "read" => { "groups" => %w{admins} }, + "update" => { "groups" => %w{admins} }, + "delete" => { "groups" => %w{admins} }, + "grant" => { "groups" => %w{admins} }, } - when 'groups/billing-admins' + when "groups/billing-admins" { - 'create' => { 'groups' => %w() }, - 'read' => { 'groups' => %w(billing-admins) }, - 'update' => { 'groups' => %w(billing-admins) }, - 'delete' => { 'groups' => %w() }, - 'grant' => { 'groups' => %w() }, + "create" => { "groups" => %w{} }, + "read" => { "groups" => %w{billing-admins} }, + "update" => { "groups" => %w{billing-admins} }, + "delete" => { "groups" => %w{} }, + "grant" => { "groups" => %w{} }, } else {} @@ -352,10 +352,10 @@ module ChefZero if path # Non-validator clients own themselves. - if path.size == 4 && path[0] == 'organizations' && path[2] == 'clients' + if path.size == 4 && path[0] == "organizations" && path[2] == "clients" begin client = FFI_Yajl::Parser.parse(data.get(path), :create_additions => false) - if !client['validator'] + if !client["validator"] owners |= [ path[3] ] end rescue @@ -367,7 +367,7 @@ module ChefZero @creators[path].each do |creator| begin client = FFI_Yajl::Parser.parse(data.get(path[0..2] + [ creator ]), :create_additions => false) - next if client['validator'] + next if client["validator"] rescue end owners |= [ creator ] @@ -380,7 +380,7 @@ module ChefZero #ANGRY # Non-default containers do not get superusers added to them, # because reasons. - unless path.size == 4 && path[0] == 'organizations' && path[2] == 'containers' && !exists?(path) + unless path.size == 4 && path[0] == "organizations" && path[2] == "containers" && !exists?(path) owners += superusers end end @@ -389,21 +389,21 @@ module ChefZero owners end - def default_acl(acl_path, acl={}) + def default_acl(acl_path, acl = {}) owners = nil container_acl = nil PERMISSIONS.each do |perm| acl[perm] ||= {} - acl[perm]['actors'] ||= begin + acl[perm]["actors"] ||= begin owners ||= get_owners(acl_path) end - acl[perm]['groups'] ||= begin + acl[perm]["groups"] ||= begin # When we create containers, we don't merge groups (not sure why). - if acl_path[0] == 'organizations' && acl_path[3] == 'containers' + if acl_path[0] == "organizations" && acl_path[3] == "containers" [] else container_acl ||= get_container_acl(acl_path) || {} - (container_acl[perm] ? container_acl[perm]['groups'] : []) || [] + (container_acl[perm] ? container_acl[perm]["groups"] : []) || [] end end end @@ -432,15 +432,15 @@ module ChefZero when 0, 1 return true when 2 - return path[0] == 'organizations' || (path[0] == 'acls' && path[1] != 'root') + return path[0] == "organizations" || (path[0] == "acls" && path[1] != "root") when 3 # If it has a container, it is a directory. - return path[0] == 'organizations' && - (path[2] == 'acls' || data.exists?(path[0..1] + [ 'containers', path[2] ])) + return path[0] == "organizations" && + (path[2] == "acls" || data.exists?(path[0..1] + [ "containers", path[2] ])) when 4 - return path[0] == 'organizations' && ( - (path[2] == 'acls' && path[1] != 'root') || - %w(cookbooks cookbook_artifacts data policies policy_groups).include?(path[2])) + return path[0] == "organizations" && ( + (path[2] == "acls" && path[1] != "root") || + %w{cookbooks cookbook_artifacts data policies policy_groups}.include?(path[2])) else return false end |