From 9b6f1129364ab39dd272ccffd14bbc82f4c32ace Mon Sep 17 00:00:00 2001
From: Steven Danna <steve@opscode.com>
Date: Tue, 9 Dec 2014 13:27:21 +0000
Subject: Implement RFC 027 File Verification

This implements usable-suppliable file content verification per RFC
027. Users can supplie a block, string, or symbol to the `verify`
resource attribute.  Blocks will be called, string will be executed as
shell commands (respecing the same options as not_if and only_if), and
symbols can be used to access built-in registered validations.
---
 lib/chef/resource/file/verification.rb | 118 +++++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 lib/chef/resource/file/verification.rb

(limited to 'lib/chef/resource/file/verification.rb')

diff --git a/lib/chef/resource/file/verification.rb b/lib/chef/resource/file/verification.rb
new file mode 100644
index 0000000000..5e75cbf6a7
--- /dev/null
+++ b/lib/chef/resource/file/verification.rb
@@ -0,0 +1,118 @@
+#
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright (c) 2014 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/exceptions'
+
+class Chef
+  class Resource
+    class File < Chef::Resource
+
+      #
+      # See RFC 027 for a full specification
+      #
+      # File verifications allow user-supplied commands a means of
+      # preventing file reosurce content deploys.  Their intended use
+      # is to verify the contents of a temporary file before it is
+      # deployed onto the system.
+      #
+      # Similar to not_if and only_if, file verifications can take a
+      # ruby block, which will be called, or a string, which will be
+      # executed as a Shell command.
+      #
+      # Additonally, Chef or third-party verifications can ship
+      # "registered verifications" that the user can use by specifying
+      # a :symbol as the command name.
+      #
+      # To create a registered verification, create a class that
+      # inherits from Chef::Resource::File::Verification and use the
+      # register class method to give it name.  Registered
+      # verifications are expected to supply a verify instance method
+      # that takes 2 arguments.
+      #
+      # Example:
+      # class Chef
+      #  class Resource
+      #    class File::Verification::Foo < Chef::Resource::File::Verification
+      #      register :noop
+      #      def verify(path, opts)
+      #        #yolo
+      #        true
+      #      end
+      #    end
+      #  end
+      # end
+      #
+      #
+
+      class Verification
+        @@registered_verifications = {}
+
+        def self.register(name)
+          @@registered_verifications[name] = self.name
+        end
+
+        def self.lookup(name)
+          c = @@registered_verifications[name]
+          if c.nil?
+            raise Chef::Exceptions::VerificationNotFound.new "No file verification for #{name} found."
+          end
+          Object.const_get(c)
+        end
+
+        def initialize(parent_resource, command, opts, &block)
+          @command, @command_opts = command, opts
+          @block = block
+          @parent_resource = parent_resource
+        end
+
+        def verify(path, opts={})
+          Chef::Log.debug("Running verification[#{self}] on #{path}")
+          if @block
+            verify_block(path, opts)
+          elsif @command.is_a?(Symbol)
+            verify_registered_verification(path, opts)
+          elsif @command.is_a?(String)
+            verify_command(path, opts)
+          end
+        end
+
+        def verify_block(path, opts)
+          @block.call(path)
+        end
+
+        # We reuse Chef::GuardInterpreter in order to support
+        # the same set of options that the not_if/only_if blocks do
+        def verify_command(path, opts)
+          command = @command % {:file => path}
+          interpreter = if @parent_resource.guard_interpreter == :default
+                          Chef::GuardInterpreter::DefaultGuardInterpreter.new(command, @command_opts)
+                        else
+                          Chef::GuardInterpreter::ResourceGuardInterpreter.new(@parent_resource, command, @command_opts)
+                        end
+          interpreter.evaluate
+        end
+
+        def verify_registered_verification(path, opts)
+          verification_class = Chef::Resource::File::Verification.lookup(@command)
+          v = verification_class.new(@parent_resource, @command, @command_opts, &@block)
+          v.verify(path, opts)
+        end
+      end
+    end
+  end
+end
-- 
cgit v1.2.1