diff options
author | Tyler Cloke <tylercloke@gmail.com> | 2015-04-28 15:52:15 -0700 |
---|---|---|
committer | Tyler Cloke <tylercloke@gmail.com> | 2015-04-28 15:52:15 -0700 |
commit | 28b0b58a7bb4e79c9684250199a9df1ed5e3880d (patch) | |
tree | 7c5febef7c1b63a3cd720e3562aa3000e84a8f4e | |
parent | 518abd416b05c81c168cbae081f290c6e6300b05 (diff) | |
parent | 2c07a07d816937c5228b67836782a19fb7e7a30b (diff) | |
download | chef-28b0b58a7bb4e79c9684250199a9df1ed5e3880d.tar.gz |
Merge pull request #3271 from chef/tc/create-key
Implement `knife user key create` and `knife client key create`
-rw-r--r-- | lib/chef/config.rb | 12 | ||||
-rw-r--r-- | lib/chef/exceptions.rb | 1 | ||||
-rw-r--r-- | lib/chef/key.rb | 6 | ||||
-rw-r--r-- | lib/chef/knife/client_key_create.rb | 67 | ||||
-rw-r--r-- | lib/chef/knife/key_create.rb | 108 | ||||
-rw-r--r-- | lib/chef/knife/key_create_base.rb | 50 | ||||
-rw-r--r-- | lib/chef/knife/user_key_create.rb | 69 | ||||
-rw-r--r-- | spec/unit/config_spec.rb | 45 | ||||
-rw-r--r-- | spec/unit/key_spec.rb | 34 | ||||
-rw-r--r-- | spec/unit/knife/key_create_spec.rb | 250 |
10 files changed, 634 insertions, 8 deletions
diff --git a/lib/chef/config.rb b/lib/chef/config.rb index 25557b077f..d2d3c736c2 100644 --- a/lib/chef/config.rb +++ b/lib/chef/config.rb @@ -319,7 +319,19 @@ class Chef default :host, 'localhost' default :port, 8889.upto(9999) # Will try ports from 8889-9999 until one works end + default :chef_server_url, "https://localhost:443" + default(:chef_server_root) do + # if the chef_server_url is a path to an organization, aka + # 'some_url.../organizations/*' then remove the '/organization/*' by default + if self.configuration[:chef_server_url] =~ /\/organizations\/\S*$/ + self.configuration[:chef_server_url].split('/')[0..-3].join('/') + elsif self.configuration[:chef_server_url] # default to whatever chef_server_url is + self.configuration[:chef_server_url] + else + "https://localhost:443" + end + end default :rest_timeout, 300 default :yum_timeout, 900 diff --git a/lib/chef/exceptions.rb b/lib/chef/exceptions.rb index cfedbfd0d9..da562e70f4 100644 --- a/lib/chef/exceptions.rb +++ b/lib/chef/exceptions.rb @@ -70,6 +70,7 @@ class Chef class InvalidPrivateKey < ArgumentError; end class ConfigurationError < ArgumentError; end class MissingKeyAttribute < ArgumentError; end + class KeyCommandInputError < ArgumentError; end class InvalidKeyArgument < ArgumentError; end class InvalidKeyAttribute < ArgumentError; end class RedirectLimitExceeded < RuntimeError; end diff --git a/lib/chef/key.rb b/lib/chef/key.rb index 1828713386..1ba0ab49c9 100644 --- a/lib/chef/key.rb +++ b/lib/chef/key.rb @@ -147,7 +147,11 @@ class Chef payload['public_key'] = @public_key unless @public_key.nil? payload['create_key'] = @create_key if @create_key payload['expiration_date'] = @expiration_date unless @expiration_date.nil? - new_key = chef_rest.post_rest("#{api_base}/#{@actor}/keys", payload) + result = chef_rest.post_rest("#{api_base}/#{@actor}/keys", payload) + # append the private key to the current key if the server returned one, + # since the POST endpoint just returns uri and private_key if needed. + new_key = self.to_hash + new_key["private_key"] = result["private_key"] if result["private_key"] Chef::Key.from_hash(new_key) end diff --git a/lib/chef/knife/client_key_create.rb b/lib/chef/knife/client_key_create.rb new file mode 100644 index 0000000000..3b7e97eb24 --- /dev/null +++ b/lib/chef/knife/client_key_create.rb @@ -0,0 +1,67 @@ +# +# Author:: Tyler Cloke (tyler@chef.io) +# Copyright:: Copyright (c) 2015 Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/knife' +require 'chef/knife/key_create_base' + +class Chef + class Knife + # Implements knife user key create using Chef::Knife::KeyCreate + # as a service class. + # + # @author Tyler Cloke + # + # @attr_reader [String] actor the name of the client that this key is for + class ClientKeyCreate < Knife + include Chef::Knife::KeyCreateBase + + attr_reader :actor + + def initialize(argv=[]) + super(argv) + @service_object = nil + end + + def run + apply_params!(@name_args) + service_object.run + end + + def actor_field_name + 'client' + end + + def service_object + @service_object ||= Chef::Knife::KeyCreate.new(@actor, actor_field_name, ui, config) + end + + def actor_missing_error + 'You must specify a client name' + end + + def apply_params!(params) + @actor = params[0] + if @actor.nil? + show_usage + ui.fatal(actor_missing_error) + exit 1 + end + end + end + end +end diff --git a/lib/chef/knife/key_create.rb b/lib/chef/knife/key_create.rb new file mode 100644 index 0000000000..5ee36e9793 --- /dev/null +++ b/lib/chef/knife/key_create.rb @@ -0,0 +1,108 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/key' +require 'chef/json_compat' +require 'chef/exceptions' + +class Chef + class Knife + # Service class for UserKeyCreate and ClientKeyCreate, + # Implements common functionality of knife [user | org client] key create. + # + # @author Tyler Cloke + # + # @attr_accessor [Hash] cli input, see UserKeyCreate and ClientKeyCreate for what could populate it + class KeyCreate + + attr_accessor :config + + def initialize(actor, actor_field_name, ui, config) + @actor = actor + @actor_field_name = actor_field_name + @ui = ui + @config = config + end + + def public_key_or_key_name_error_msg +<<EOS +You must pass either --public-key or --key-name, or both. +If you only pass --public-key, a key name will be generated from the fingerprint of your key. +If you only pass --key-name, a key pair will be generated by the server. +EOS + end + + def edit_data(key) + @ui.edit_data(key) + end + + def display_info(input) + @ui.info(input) + end + + def display_private_key(private_key) + @ui.msg(private_key) + end + + def output_private_key_to_file(private_key) + File.open(@config[:file], "w") do |f| + f.print(private_key) + end + end + + def create_key_from_hash(output) + Chef::Key.from_hash(output).create + end + + def run + key = Chef::Key.new(@actor, @actor_field_name) + if !@config[:public_key] && !@config[:key_name] + raise Chef::Exceptions::KeyCommandInputError, public_key_or_key_name_error_msg + elsif !@config[:public_key] + key.create_key(true) + end + + if @config[:public_key] + key.public_key(File.read(File.expand_path(@config[:public_key]))) + end + + if @config[:key_name] + key.name(@config[:key_name]) + end + + if @config[:expiration_date] + key.expiration_date(@config[:expiration_date]) + else + key.expiration_date("infinity") + end + + output = edit_data(key) + key = create_key_from_hash(output) + + display_info("Created key: #{key.name}") + if key.private_key + if @config[:file] + output_private_key_to_file(key.private_key) + else + display_private_key(key.private_key) + end + end + end + end + end +end diff --git a/lib/chef/knife/key_create_base.rb b/lib/chef/knife/key_create_base.rb new file mode 100644 index 0000000000..da31f70d1d --- /dev/null +++ b/lib/chef/knife/key_create_base.rb @@ -0,0 +1,50 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class Chef + class Knife + # Extendable module that class_eval's common options into UserKeyCreate and ClientKeyCreate + # + # @author Tyler Cloke + module KeyCreateBase + def self.included(includer) + includer.class_eval do + option :public_key, + :short => "-p FILENAME", + :long => "--public-key FILENAME", + :description => "Public key for newly created key. If not passed, the server will create a key pair for you, but you must pass --key-name NAME in that case." + + option :file, + :short => "-f FILE", + :long => "--file FILE", + :description => "Write the private key to a file, if you requested the server to create one." + + option :key_name, + :short => "-k NAME", + :long => "--key-name NAME", + :description => "The name for your key. If you do not pass a name, you must pass --public-key, and the name will default to the fingerprint of the public key passed." + + option :expiration_date, + :short => "-e DATE", + :long => "--expiration-date DATE", + :description => "Optionally pass the expiration date for the key in ISO 8601 fomatted string: YYYY-MM-DDTHH:MM:SSZ e.g. 2013-12-24T21:00:00Z. Defaults to infinity if not passed. UTC timezone assumed." + end + end + end + end +end diff --git a/lib/chef/knife/user_key_create.rb b/lib/chef/knife/user_key_create.rb new file mode 100644 index 0000000000..5ed699ff5b --- /dev/null +++ b/lib/chef/knife/user_key_create.rb @@ -0,0 +1,69 @@ +# +# Author:: Tyler Cloke (tyler@chef.io) +# Copyright:: Copyright (c) 2015 Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/knife' +require 'chef/knife/key_create_base' + +class Chef + class Knife + # Implements knife user key create using Chef::Knife::KeyCreate + # as a service class. + # + # @author Tyler Cloke + # + # @attr_reader [String] actor the name of the user that this key is for + class UserKeyCreate < Knife + include Chef::Knife::KeyCreateBase + + banner 'knife user key create USER (options)' + + attr_reader :actor + + def initialize(argv=[]) + super(argv) + @service_object = nil + end + + def run + apply_params!(@name_args) + service_object.run + end + + def actor_field_name + 'user' + end + + def service_object + @service_object ||= Chef::Knife::KeyCreate.new(@actor, actor_field_name, ui, config) + end + + def actor_missing_error + 'You must specify a user name' + end + + def apply_params!(params) + @actor = params[0] + if @actor.nil? + show_usage + ui.fatal(actor_missing_error) + exit 1 + end + end + end + end +end diff --git a/spec/unit/config_spec.rb b/spec/unit/config_spec.rb index 6ea67246b5..d5d05dcfc8 100644 --- a/spec/unit/config_spec.rb +++ b/spec/unit/config_spec.rb @@ -51,7 +51,6 @@ describe Chef::Config do expect(Chef::Config.chef_server_url).to eq("https://junglist.gen.nz") end end - end describe "when configuring formatters" do @@ -175,6 +174,50 @@ describe Chef::Config do allow(Chef::Config).to receive(:path_accessible?).and_return(false) end + describe "Chef::Config[:chef_server_root]" do + context "when chef_server_url isn't set manually" do + it "returns the default of 'https://localhost:443'" do + expect(Chef::Config[:chef_server_root]).to eq("https://localhost:443") + end + end + + context "when chef_server_url matches '../organizations/*' without a trailing slash" do + before do + Chef::Config[:chef_server_url] = "https://example.com/organizations/myorg" + end + it "returns the full URL without /organizations/*" do + expect(Chef::Config[:chef_server_root]).to eq("https://example.com") + end + end + + context "when chef_server_url matches '../organizations/*' with a trailing slash" do + before do + Chef::Config[:chef_server_url] = "https://example.com/organizations/myorg/" + end + it "returns the full URL without /organizations/*" do + expect(Chef::Config[:chef_server_root]).to eq("https://example.com") + end + end + + context "when chef_server_url matches '..organizations..' but not '../organizations/*'" do + before do + Chef::Config[:chef_server_url] = "https://organizations.com/organizations" + end + it "returns the full URL without any modifications" do + expect(Chef::Config[:chef_server_root]).to eq(Chef::Config[:chef_server_url]) + end + end + + context "when chef_server_url is a standard URL without the string organization(s)" do + before do + Chef::Config[:chef_server_url] = "https://example.com/some_other_string" + end + it "returns the full URL without any modifications" do + expect(Chef::Config[:chef_server_root]).to eq(Chef::Config[:chef_server_url]) + end + end + end + describe "Chef::Config[:cache_path]" do context "when /var/chef exists and is accessible" do it "defaults to /var/chef" do diff --git a/spec/unit/key_spec.rb b/spec/unit/key_spec.rb index 9f37b8aa12..8ef7d24f21 100644 --- a/spec/unit/key_spec.rb +++ b/spec/unit/key_spec.rb @@ -435,17 +435,37 @@ EOS end context "when create_key is true and public_key is nil" do + before do key.delete_public_key key.create_key true + $expected_output = { + actor_type => "foobar", + "name" => key.name, + "create_key" => true, + "expiration_date" => key.expiration_date + } + $expected_input = { + "name" => key.name, + "create_key" => true, + "expiration_date" => key.expiration_date + } end + it "should create a new key via the API" do - expect(rest).to receive(:post_rest).with(url, - {"name" => key.name, - "create_key" => true, - "expiration_date" => key.expiration_date}).and_return({}) + expect(rest).to receive(:post_rest).with(url, $expected_input).and_return({}) key.create end + + context "when the server returns the private_key via key.create" do + before do + allow(rest).to receive(:post_rest).with(url, $expected_input).and_return({"private_key" => "this_private_key"}) + end + + it "key.create returns the original key plus the private_key" do + expect(key.create.to_hash).to eq($expected_output.merge({"private_key" => "this_private_key"})) + end + end end context "when create_key is false and public_key is nil" do @@ -464,6 +484,7 @@ EOS it_should_behave_like "create key" do let(:url) { "users/#{key.actor}/keys" } let(:key) { user_key } + let(:actor_type) { "user" } end end @@ -471,6 +492,7 @@ EOS it_should_behave_like "create key" do let(:url) { "clients/#{client_key.actor}/keys" } let(:key) { client_key } + let(:actor_type) { "client" } end end end # create @@ -496,14 +518,14 @@ EOS end end - context "when creating a user key" do + context "when updating a user key" do it_should_behave_like "update key" do let(:url) { "users/#{key.actor}/keys/#{key.name}" } let(:key) { user_key } end end - context "when creating a client key" do + context "when updating a client key" do it_should_behave_like "update key" do let(:url) { "clients/#{client_key.actor}/keys/#{key.name}" } let(:key) { client_key } diff --git a/spec/unit/knife/key_create_spec.rb b/spec/unit/knife/key_create_spec.rb new file mode 100644 index 0000000000..1bdd0f3ba1 --- /dev/null +++ b/spec/unit/knife/key_create_spec.rb @@ -0,0 +1,250 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'spec_helper' +require 'chef/knife/user_key_create' +require 'chef/knife/client_key_create' +require 'chef/knife/key_create' +require 'chef/key' + +describe "key create commands that inherit knife" do + + let(:stderr) { StringIO.new } + let(:params) { [] } + let(:service_object) { instance_double(Chef::Knife::KeyCreate) } + + shared_examples_for "a key create command" do + let(:command) do + c = described_class.new([]) + c.ui.config[:disable_editing] = true + allow(c.ui).to receive(:stderr).and_return(stderr) + allow(c.ui).to receive(:stdout).and_return(stderr) + allow(c).to receive(:show_usage) + c + end + + context "before apply_params! is called" do + context "when apply_params! is called with invalid args" do + it "shows the usage" do + expect(command).to receive(:show_usage) + expect { command.apply_params!(params) }.to exit_with_code(1) + end + + it "outputs the proper error" do + expect { command.apply_params!(params) }.to exit_with_code(1) + expect(stderr.string).to include(command.actor_missing_error) + end + + it "exits 1" do + expect { command.apply_params!(params) }.to exit_with_code(1) + end + end + end # before apply_params! is called + + context "after apply_params! is called with valid args" do + let(:params) { ["charmander"] } + before do + command.apply_params!(params) + end + + it "properly defines the actor" do + expect(command.actor).to eq("charmander") + end + + context "when the service object is called" do + it "creates a new instance of Chef::Knife::KeyCreate with the correct args" do + expect(Chef::Knife::KeyCreate).to receive(:new). + with("charmander", command.actor_field_name, command.ui, command.config). + and_return(service_object) + command.service_object + end + end # when the service object is called + end # after apply_params! is called with valid args + context "when the command is run" do + before do + allow(command).to receive(:service_object).and_return(service_object) + allow(command).to receive(:name_args).and_return(["charmander"]) + end + + context "when the command is successful" do + before do + expect(service_object).to receive(:run) + end + end + end + end # a key create command + + describe Chef::Knife::UserKeyCreate do + it_should_behave_like "a key create command" + end + + describe Chef::Knife::ClientKeyCreate do + it_should_behave_like "a key create command" + end +end + +describe Chef::Knife::KeyCreate do + let(:public_key) { + "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPo+oNPB7uuNkws0fC02 +KxSwdyqPLu0fhI1pOweNKAZeEIiEz2PkybathHWy8snSXGNxsITkf3eyvIIKa8OZ +WrlqpI3yv/5DOP8HTMCxnFuMJQtDwMcevlqebX4bCxcByuBpNYDcAHjjfLGSfMjn +E5lZpgYWwnpic4kSjYcL9ORK9nYvlWV9P/kCYmRhIjB4AhtpWRiOfY/TKi3P2LxT +IjSmiN/ihHtlhV/VSnBJ5PzT/lRknlrJ4kACoz7Pq9jv+aAx5ft/xE9yDa2DYs0q +Tfuc9dUYsFjptWYrV6pfEQ+bgo1OGBXORBFcFL+2D7u9JYquKrMgosznHoEkQNLo +0wIDAQAB +-----END PUBLIC KEY-----" + } + let(:config) { Hash.new } + let(:actor) { "charmander" } + let(:ui) { instance_double("Chef::Knife::UI") } + + shared_examples_for "key create run command" do + let(:key_create_object) { + described_class.new(actor, actor_field_name, ui, config) + } + + context "when public_key and key_name weren't passed" do + it "raises a Chef::Exceptions::KeyCommandInputError with the proper error message" do + expect{ key_create_object.run }.to raise_error(Chef::Exceptions::KeyCommandInputError, key_create_object.public_key_or_key_name_error_msg) + end + end + + context "when the command is run" do + let(:expected_hash) { + { + actor_field_name => "charmander" + } + } + + before do + allow(File).to receive(:read).and_return(public_key) + allow(File).to receive(:expand_path) + + allow(key_create_object).to receive(:output_private_key_to_file) + allow(key_create_object).to receive(:display_private_key) + allow(key_create_object).to receive(:edit_data).and_return(expected_hash) + allow(key_create_object).to receive(:create_key_from_hash).and_return(Chef::Key.from_hash(expected_hash)) + allow(key_create_object).to receive(:display_info) + end + + context "when a valid hash is passed" do + let(:key_name) { "charmander-key" } + let(:valid_expiration_date) { "2020-12-24T21:00:00Z" } + let(:expected_hash) { + { + actor_field_name => "charmander", + "public_key" => public_key, + "expiration_date" => valid_expiration_date, + "key_name" => key_name + } + } + before do + key_create_object.config[:public_key] = "public_key_path" + key_create_object.config[:expiration_Date] = valid_expiration_date, + key_create_object.config[:key_name] = key_name + end + + it "creates the proper hash" do + expect(key_create_object).to receive(:create_key_from_hash).with(expected_hash) + key_create_object.run + end + end + + context "when public_key is passed" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "public_key" => public_key + } + } + before do + key_create_object.config[:public_key] = "public_key_path" + end + + it "calls File.expand_path with the public_key input" do + expect(File).to receive(:expand_path).with("public_key_path") + key_create_object.run + end + end # when public_key is passed + + context "when public_key isn't passed and key_name is" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "name" => "charmander-key", + "create_key" => true + } + } + before do + key_create_object.config[:key_name] = "charmander-key" + end + + it "should set create_key to true" do + expect(key_create_object).to receive(:create_key_from_hash).with(expected_hash) + key_create_object.run + end + end + + context "when the server returns a private key" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "public_key" => public_key, + "private_key" => "super_private" + } + } + + before do + key_create_object.config[:public_key] = "public_key_path" + end + + context "when file is not passed" do + it "calls display_private_key with the private_key" do + expect(key_create_object).to receive(:display_private_key).with("super_private") + key_create_object.run + end + end + + context "when file is passed" do + before do + key_create_object.config[:file] = "/fake/file" + end + + it "calls output_private_key_to_file with the private_key" do + expect(key_create_object).to receive(:output_private_key_to_file).with("super_private") + key_create_object.run + end + end + end # when the server returns a private key + end # when the command is run + end #key create run command" + + context "when actor_field_name is 'user'" do + it_should_behave_like "key create run command" do + let(:actor_field_name) { "user" } + end + end + + context "when actor_field_name is 'client'" do + it_should_behave_like "key create run command" do + let(:actor_field_name) { "client" } + end + end +end + |