onddo/ssl_certificate-cookbook

View on GitHub
libraries/resource_ssl_certificate_readers.rb

Summary

Maintainability
A
35 mins
Test Coverage
# encoding: UTF-8
#
# Cookbook Name:: ssl_certificate
# Library:: resource_ssl_certificate_readers
# Author:: Raul Rodriguez (<raul@raulr.net>)
# Author:: Xabier de Zuazo (<xabier@zuazo.org>)
# Copyright:: Copyright (c) 2016 Xabier de Zuazo
# Copyright:: Copyright (c) 2014-2015 Onddo Labs, SL.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require 'chef/resource'
require 'openssl'

# Chef configuration management tool main class.
class Chef
  # Chef Resource describes the desired state of an element of your
  # infrastructure.
  class Resource
    # ssl_certificate Chef Resource.
    class SslCertificate < Chef::Resource
      # ssl_certificate Chef Resource methods to read from differente sources.
      module Readers
        protected

        def unsafe_no_exceptions_block(&block)
          instance_eval(&block)
        rescue StandardError => e
          Chef::Log.error(e.message)
          Chef::Log.error("Backtrace:\n#{e.backtrace.join("\n")}\n")
          nil
        end

        def read_namespace_from_object(obj, ary)
          ary = [ary].flatten
          # TODO: Check ary parameter value.
          ary.inject(obj) do |n, k|
            n.respond_to?(:key?) && n.key?(k) ? n[k] : nil
          end
        end

        def read_namespace(ary)
          read_namespace_from_object(namespace, ary)
        end

        def read_node_namespace(ary)
          read_namespace_from_object(node, ary)
        end

        # Read some values from node namespace avoiding exceptions.
        def safe_read_namespace(desc, ary)
          data = read_namespace(ary)
          unless data.is_a?(String)
            raise "Cannot read #{desc} from node attributes"
          end
          data
        end

        def read_from_path(path)
          return nil unless ::File.exist?(path)
          ::File.open(path, 'rb', &:read)
        end

        def safe_read_from_path(desc, path)
          data = read_from_path(path)
          unless data.is_a?(String)
            raise "Cannot read #{desc} from path: #{path}"
          end
          data
        end

        def data_bag_read_fail(desc, db, type = 'data bag')
          raise "Cannot read #{desc} from #{type}: "\
            "#{db[:bag]}.#{db[:item]}[#{db[:key]}]"
        end

        def read_secret(secret)
          Chef::EncryptedDataBagItem.load_secret(secret) unless secret.nil?
        end

        def read_from_data_bag(bag, item, key, encrypt = false, secret = nil)
          unsafe_no_exceptions_block do
            data =
              if encrypt
                Chef::EncryptedDataBagItem.load(bag, item, read_secret(secret))
              else
                Chef::DataBagItem.load(bag, item)
              end
            data[key.to_s]
          end
        end

        def safe_read_from_data_bag(desc, db)
          data = read_from_data_bag(
            db[:bag], db[:item], db[:key], db[:encrypt], db[:secret_file]
          )
          data_bag_read_fail(desc, db) unless data.is_a?(String)
          data
        end

        def read_from_chef_vault_with_fallback(bag, item)
          if ChefVault::Item.vault?(bag, item)
            ChefVault::Item.load(bag, item)
          elsif node['chef-vault']['databag_fallback']
            Chef::DataBagItem.load(bag, item)
          else
            raise "Trying to load a regular data bag item #{item}"\
              " from #{bag}, and databag_fallback is disabled"
          end
        end

        def read_from_chef_vault(bag, item, key)
          require 'chef-vault'
          unsafe_no_exceptions_block do
            data = read_from_chef_vault_with_fallback(bag, item)
            data[key.to_s]
          end
        end

        def safe_read_from_chef_vault(desc, db)
          data = read_from_chef_vault(db[:bag], db[:item], db[:key])
          data_bag_read_fail(desc, db, 'chef-vault') unless data.is_a?(String)
          data
        end
      end
    end
  end
end