Class: Conjur::Conjurize::Script

Inherits:

Object

• Object
• Conjur::Conjurize::Script

Defined in:

lib/conjur/conjurize/script.rb

Overview

generates a shell script to conjurize a host

Constant Summary

COOKBOOK_RELEASES_URL =

"https://api.github.com/repos/conjur-cookbooks/conjur/releases".freeze

HEADER =

<<-HEADER.freeze
#!/bin/sh
set -e

# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below.
HEADER

Instance Attribute Summary

• #options ⇒ Object readonly

  Returns the value of attribute options.

Class Method Summary

• .generate(configuration, options) ⇒ Object
• .identity(configuration) ⇒ Object
• .latest_conjur_cookbook_release ⇒ Object
• .rc(configuration) ⇒ Object

Instance Method Summary

• #chef_executable ⇒ Object
• #chef_script ⇒ Object
• #configure_conjur(configuration) ⇒ Object
• #conjur_cookbook_url ⇒ Object
• #conjur_run_list ⇒ Object
• #generate(configuration) ⇒ Object
• #initialize(options) ⇒ Script constructor

  A new instance of Script.

• #install_chef? ⇒ Boolean
• #run_chef? ⇒ Boolean
• #set_mode(path, mode) ⇒ Object
• #sudo ⇒ Object
• #write_file(path, content, options = {}) ⇒ Object

  Generate a piece of shell to write to a file.

Constructor Details

#initialize(options) ⇒ Script

Returns a new instance of Script.

# File 'lib/conjur/conjurize/script.rb', line 25

def initialize options
  @options = options
end

Instance Attribute Details

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/conjur/conjurize/script.rb', line 29

def options
  @options
end

Class Method Details

.generate(configuration, options) ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 56

def self.generate configuration, options
  new(options).generate configuration
end

.identity(configuration) ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 99

def self.identity configuration
  """
    machine #{configuration['appliance_url']}/authn
    login host/#{configuration['id']}
    password #{configuration['api_key']}
  """
end

.latest_conjur_cookbook_release ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 10

def self.latest_conjur_cookbook_release
  json = JSON.parse open(COOKBOOK_RELEASES_URL).read
  tarballs = json[0]["assets"].select do |asset|
    asset["name"] =~ /conjur-v\d.\d.\d.tar.gz/
  end
  tarballs.first["browser_download_url"]
end

.rc(configuration) ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 89

def self.rc configuration
  [
    "account: #{configuration['account']}",
    "appliance_url: #{configuration['appliance_url']}",
    "cert_file: /etc/conjur-#{configuration['account']}.pem",
    "netrc_path: /etc/conjur.identity",
    "plugins: []"
  ].join "\n"
end

Instance Method Details

#chef_executable ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 68

def chef_executable
  options[:"chef-executable"] || "chef-solo"
end

#chef_script ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 80

def chef_script
  @chef_script ||= [
    ("curl -L https://www.opscode.com/chef/install.sh | " + sudo["bash"] \
      if install_chef?),
    (sudo["#{chef_executable} -r #{conjur_cookbook_url} " \
        "-o #{conjur_run_list}"] if run_chef?)
  ].join "\n"
end

#configure_conjur(configuration) ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 107

def configure_conjur configuration
  [
    write_file("/etc/conjur.conf", Script.rc(configuration)),
    write_file(
      "/etc/conjur-#{configuration['account']}.pem",
      configuration["certificate"]
    ),
    write_file(
      "/etc/conjur.identity",
      Script.identity(configuration),
      mode: 0600
    )
  ].join "\n"
end

#conjur_cookbook_url ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 72

def conjur_cookbook_url
  options[:"conjur-cookbook-url"] || Script.latest_conjur_cookbook_release
end

#conjur_run_list ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 76

def conjur_run_list
  options[:"conjur-run-list"] || "conjur"
end

#generate(configuration) ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 122

def generate configuration
  fail "No 'id' field in host JSON" unless configuration["id"]
  fail "No 'api_key' field in host JSON" unless configuration["api_key"]

  [
    HEADER,
    configure_conjur(configuration),
    chef_script
  ].join("\n")
end

#install_chef? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/conjurize/script.rb', line 60

def install_chef?
  run_chef? && !options[:"chef-executable"]
end

#run_chef? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/conjurize/script.rb', line 64

def run_chef?
  options.values_at(:ssh, :"conjur-run-list").any?
end

#set_mode(path, mode) ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 48

def set_mode path, mode
  mode = mode.to_s(8) if mode.respond_to? :to_int
  [
    [sudo["touch"], path].join(" "),
    [sudo["chmod"], mode, path].join(" ")
  ].join("\n")
end

#sudo ⇒ Object

# File 'lib/conjur/conjurize/script.rb', line 31

def sudo
  @sudo ||= options["sudo"] ? ->(x) { "sudo -n #{x}" } : ->(x) { x }
end

#write_file(path, content, options = {}) ⇒ Object

Generate a piece of shell to write to a file

Parameters:

• path (String) —

  absolute path to write to

• content (String) —

  contents to write

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :mode (String, Fixnum) —

  mode to apply to the file

# File 'lib/conjur/conjurize/script.rb', line 39

def write_file path, content, options = {}
  [
    ((mode = options[:mode]) && set_mode(path, mode)),
    [sudo["tee"], path, "> /dev/null << EOF"].join(" "),
    content.strip,
    "EOF\n"
  ].compact.join("\n")
end