Class: Conjur::Conjurize::Script
- Inherits:
-
Object
- Object
- Conjur::Conjurize::Script
- Defined in:
- lib/conjur/conjurize/script.rb
Overview
generates a shell script to conjurize a host
Constant Summary collapse
- COOKBOOK_RELEASES_URL =
"https://api.github.com/repos/conjur-cookbooks/conjur/releases".freeze
- HEADER =
"#!/bin/sh\nset -e\n\n# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below.\n".freeze
Instance Attribute Summary collapse
-
#options ⇒ Object
readonly
Returns the value of attribute options.
Class Method Summary collapse
- .generate(configuration, options) ⇒ Object
- .identity(configuration) ⇒ Object
- .latest_conjur_cookbook_release ⇒ Object
- .rc(configuration) ⇒ Object
Instance Method Summary collapse
- #chef_executable ⇒ Object
- #chef_script ⇒ Object
- #configure_conjur(configuration) ⇒ Object
- #conjur_cookbook_url ⇒ Object
- #conjur_run_list ⇒ Object
- #generate(configuration) ⇒ Object
-
#initialize(options) ⇒ Script
constructor
A new instance of Script.
- #install_chef? ⇒ Boolean
- #run_chef? ⇒ Boolean
- #set_mode(path, mode) ⇒ Object
- #sudo ⇒ Object
-
#write_file(path, content, options = {}) ⇒ Object
Generate a piece of shell to write to a file.
Constructor Details
#initialize(options) ⇒ Script
Returns a new instance of Script.
25 26 27 |
# File 'lib/conjur/conjurize/script.rb', line 25 def initialize = end |
Instance Attribute Details
#options ⇒ Object (readonly)
Returns the value of attribute options.
29 30 31 |
# File 'lib/conjur/conjurize/script.rb', line 29 def end |
Class Method Details
.generate(configuration, options) ⇒ Object
56 57 58 |
# File 'lib/conjur/conjurize/script.rb', line 56 def self.generate configuration, new().generate configuration end |
.identity(configuration) ⇒ Object
99 100 101 102 103 104 105 |
# File 'lib/conjur/conjurize/script.rb', line 99 def self.identity configuration """ machine #{configuration['appliance_url']}/authn login host/#{configuration['id']} password #{configuration['api_key']} """ end |
.latest_conjur_cookbook_release ⇒ Object
10 11 12 13 14 15 16 |
# File 'lib/conjur/conjurize/script.rb', line 10 def self.latest_conjur_cookbook_release json = JSON.parse open(COOKBOOK_RELEASES_URL).read tarballs = json[0]["assets"].select do |asset| asset["name"] =~ /conjur-v\d.\d.\d.tar.gz/ end tarballs.first["browser_download_url"] end |
.rc(configuration) ⇒ Object
89 90 91 92 93 94 95 96 97 |
# File 'lib/conjur/conjurize/script.rb', line 89 def self.rc configuration [ "account: #{configuration['account']}", "appliance_url: #{configuration['appliance_url']}", "cert_file: /etc/conjur-#{configuration['account']}.pem", "netrc_path: /etc/conjur.identity", "plugins: []" ].join "\n" end |
Instance Method Details
#chef_executable ⇒ Object
68 69 70 |
# File 'lib/conjur/conjurize/script.rb', line 68 def chef_executable [:"chef-executable"] || "chef-solo" end |
#chef_script ⇒ Object
80 81 82 83 84 85 86 87 |
# File 'lib/conjur/conjurize/script.rb', line 80 def chef_script @chef_script ||= [ ("curl -L https://www.opscode.com/chef/install.sh | " + sudo["bash"] \ if install_chef?), (sudo["#{chef_executable} -r #{conjur_cookbook_url} " \ "-o #{conjur_run_list}"] if run_chef?) ].join "\n" end |
#configure_conjur(configuration) ⇒ Object
107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/conjur/conjurize/script.rb', line 107 def configure_conjur configuration [ write_file("/etc/conjur.conf", Script.rc(configuration)), write_file( "/etc/conjur-#{configuration['account']}.pem", configuration["certificate"] ), write_file( "/etc/conjur.identity", Script.identity(configuration), mode: 0600 ) ].join "\n" end |
#conjur_cookbook_url ⇒ Object
72 73 74 |
# File 'lib/conjur/conjurize/script.rb', line 72 def conjur_cookbook_url [:"conjur-cookbook-url"] || Script.latest_conjur_cookbook_release end |
#conjur_run_list ⇒ Object
76 77 78 |
# File 'lib/conjur/conjurize/script.rb', line 76 def conjur_run_list [:"conjur-run-list"] || "conjur" end |
#generate(configuration) ⇒ Object
122 123 124 125 126 127 128 129 130 131 |
# File 'lib/conjur/conjurize/script.rb', line 122 def generate configuration fail "No 'id' field in host JSON" unless configuration["id"] fail "No 'api_key' field in host JSON" unless configuration["api_key"] [ HEADER, configure_conjur(configuration), chef_script ].join("\n") end |
#install_chef? ⇒ Boolean
60 61 62 |
# File 'lib/conjur/conjurize/script.rb', line 60 def install_chef? run_chef? && ![:"chef-executable"] end |
#run_chef? ⇒ Boolean
64 65 66 |
# File 'lib/conjur/conjurize/script.rb', line 64 def run_chef? .values_at(:ssh, :"conjur-run-list").any? end |
#set_mode(path, mode) ⇒ Object
48 49 50 51 52 53 54 |
# File 'lib/conjur/conjurize/script.rb', line 48 def set_mode path, mode mode = mode.to_s(8) if mode.respond_to? :to_int [ [sudo["touch"], path].join(" "), [sudo["chmod"], mode, path].join(" ") ].join("\n") end |
#sudo ⇒ Object
31 32 33 |
# File 'lib/conjur/conjurize/script.rb', line 31 def sudo @sudo ||= ["sudo"] ? ->(x) { "sudo -n #{x}" } : ->(x) { x } end |
#write_file(path, content, options = {}) ⇒ Object
Generate a piece of shell to write to a file
39 40 41 42 43 44 45 46 |
# File 'lib/conjur/conjurize/script.rb', line 39 def write_file path, content, = {} [ ((mode = [:mode]) && set_mode(path, mode)), [sudo["tee"], path, "> /dev/null << EOF"].join(" "), content.strip, "EOF\n" ].compact.join("\n") end |