Merge pull request #6660 from chef/tm/credentials

implement credential management

4 files changed, 20 insertions, 38 deletions

diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb
index 6a09427ccd..c972e9313e 100644
--- a/lib/chef/application/knife.rb
+++ b/lib/chef/application/knife.rb
@@ -148,6 +148,10 @@ class Chef::Application::Knife < Chef::Application
     :boolean      => true,
     :default      => nil
 
+  option :profile,
+    :long         => "--profile PROFILE",
+    :description  => "The credentials profile to select"
+
   # Run knife
   def run
     Mixlib::Log::Formatter.show_time = false
diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb
index 65d687af70..663649f32f 100644
--- a/lib/chef/knife.rb
+++ b/lib/chef/knife.rb
@@ -177,8 +177,9 @@ class Chef
       @config_loader ||= WorkstationConfigLoader.new(nil, Chef::Log)
     end
 
-    def self.load_config(explicit_config_file)
+    def self.load_config(explicit_config_file, profile)
       config_loader.explicit_config_file = explicit_config_file
+      config_loader.profile = profile
       config_loader.load
 
       ui.warn("No knife configuration file found") if config_loader.no_config_found?
@@ -404,7 +405,7 @@ class Chef
     def configure_chef
       # knife needs to send logger output to STDERR by default
       Chef::Config[:log_location] = STDERR
-      config_loader = self.class.load_config(config[:config_file])
+      config_loader = self.class.load_config(config[:config_file], config[:profile])
       config[:config_file] = config_loader.config_location
 
       # For CLI options like `--config-option key=value`. These have to get
diff --git a/lib/chef/knife/configure.rb b/lib/chef/knife/configure.rb
index 967a18de87..10ae62b6c9 100644
--- a/lib/chef/knife/configure.rb
+++ b/lib/chef/knife/configure.rb
@@ -17,6 +17,7 @@
 #
 
 require "chef/knife"
+require "chef/util/path_helper"
 
 class Chef
   class Knife
@@ -67,24 +68,22 @@ class Chef
       end
 
       def run
-        ask_user_for_config_path
-
         FileUtils.mkdir_p(chef_config_path)
+        config_file = File.join(chef_config_path, "credentials")
 
         ask_user_for_config
 
-        ::File.open(config[:config_file], "w") do |f|
+        config_file = File.expand_path(config_file)
+        if File.exist?(config_file)
+          confirm("Overwrite #{config_file}?")
+        end
+        ::File.open(config_file, "w") do |f|
           f.puts <<-EOH
-node_name                '#{new_client_name}'
-client_key               '#{new_client_key}'
-validation_client_name   '#{validation_client_name}'
-validation_key           '#{validation_key}'
-chef_server_url          '#{chef_server}'
-syntax_check_cache_path  '#{File.join(chef_config_path, "syntax_check_cache")}'
+[default]
+client_name     = '#{new_client_name}'
+client_key      = '#{new_client_key}'
+chef_server_url = '#{chef_server}'
 EOH
-          unless chef_repo.empty?
-            f.puts "cookbook_path [ '#{chef_repo}/cookbooks' ]"
-          end
         end
 
         if config[:initial]
@@ -109,26 +108,11 @@ EOH
           ui.msg("Before running commands with Knife")
           ui.msg("")
           ui.msg("*****")
-          ui.msg("")
-          ui.msg("You must place your validation key in:")
-          ui.msg("  #{validation_key}")
-          ui.msg("Before generating instance data with Knife")
-          ui.msg("")
-          ui.msg("*****")
         end
 
         ui.msg("Configuration file written to #{config[:config_file]}")
       end
 
-      def ask_user_for_config_path
-        config[:config_file] ||= ask_question("Where should I put the config file? ", :default => "#{Chef::Config[:user_home]}/.chef/knife.rb")
-        # have to use expand path to expand the tilde character to the user's home
-        config[:config_file] = File.expand_path(config[:config_file])
-        if File.exists?(config[:config_file])
-          confirm("Overwrite #{config[:config_file]}")
-        end
-      end
-
       def ask_user_for_config
         server_name = guess_servername
         @chef_server = config[:chef_server_url] || ask_question("Please enter the chef server URL: ", :default => "https://#{server_name}/organizations/myorg")
@@ -140,10 +124,6 @@ EOH
         else
           @new_client_name        = config[:node_name] || ask_question("Please enter an existing username or clientname for the API: ", :default => Etc.getlogin)
         end
-        @validation_client_name = config[:validation_client_name] || ask_question("Please enter the validation clientname: ", :default => "chef-validator")
-        @validation_key         = config[:validation_key] || ask_question("Please enter the location of the validation key: ", :default => "/etc/chef-server/chef-validator.pem")
-        @validation_key         = File.expand_path(@validation_key)
-        @chef_repo              = config[:repository] || ask_question("Please enter the path to a chef repository (or leave blank): ")
 
         @new_client_key = config[:client_key] || File.join(chef_config_path, "#{@new_client_name}.pem")
         @new_client_key = File.expand_path(@new_client_key)
@@ -157,12 +137,8 @@ EOH
         o[:fqdn] || o[:machinename] || o[:hostname] || "localhost"
       end
 
-      def config_file
-        config[:config_file]
-      end
-
       def chef_config_path
-        File.dirname(config_file)
+        Chef::Util::PathHelper.home(".chef")
       end
     end
   end
diff --git a/lib/chef/server_api.rb b/lib/chef/server_api.rb
index 2bdc5d9fe8..c501544954 100644
--- a/lib/chef/server_api.rb
+++ b/lib/chef/server_api.rb
@@ -31,6 +31,7 @@ class Chef
 
     def initialize(url = Chef::Config[:chef_server_url], options = {})
       options[:client_name] ||= Chef::Config[:node_name]
+      options[:raw_key] ||= Chef::Config[:client_key_contents]
       options[:signing_key_filename] ||= Chef::Config[:client_key] unless options[:raw_key]
       options[:signing_key_filename] = nil if chef_zero_uri?(url)
       options[:inflate_json_class] = false