Class: Conjur::Conjurize::Script
- Inherits:
-
Object
- Object
- Conjur::Conjurize::Script
- Defined in:
- lib/conjur/conjurize/script.rb
Overview
generates a shell script to conjurize a host
Constant Summary collapse
- COOKBOOK_RELEASES_URL =
"https://api.github.com/repos/conjur-cookbooks/conjur/releases".freeze
- HEADER =
<<-HEADER.freeze #!/bin/sh set -e # Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. HEADER
Instance Attribute Summary collapse
-
#options ⇒ Object
readonly
Returns the value of attribute options.
Class Method Summary collapse
- .generate(configuration, options) ⇒ Object
- .identity(configuration) ⇒ Object
- .latest_conjur_cookbook_release ⇒ Object
- .rc(configuration) ⇒ Object
- .tarballs_of_releases(releases) ⇒ Object
Instance Method Summary collapse
- #chef_executable ⇒ Object
- #chef_script ⇒ Object
- #configure_conjur(configuration) ⇒ Object
- #conjur_cookbook_url ⇒ Object
- #conjur_run_list ⇒ Object
- #generate(configuration) ⇒ Object
-
#initialize(options) ⇒ Script
constructor
A new instance of Script.
- #install_chef? ⇒ Boolean
- #run_chef? ⇒ Boolean
- #set_mode(path, mode) ⇒ Object
- #sudo ⇒ Object
-
#write_file(path, content, options = {}) ⇒ Object
Generate a piece of shell to write to a file.
Constructor Details
#initialize(options) ⇒ Script
Returns a new instance of Script.
42 43 44 |
# File 'lib/conjur/conjurize/script.rb', line 42 def initialize @options = end |
Instance Attribute Details
#options ⇒ Object (readonly)
Returns the value of attribute options.
46 47 48 |
# File 'lib/conjur/conjurize/script.rb', line 46 def @options end |
Class Method Details
.generate(configuration, options) ⇒ Object
73 74 75 |
# File 'lib/conjur/conjurize/script.rb', line 73 def self.generate configuration, new().generate configuration end |
.identity(configuration) ⇒ Object
116 117 118 119 120 121 122 |
# File 'lib/conjur/conjurize/script.rb', line 116 def self.identity configuration """ machine #{configuration['appliance_url']}/authn login host/#{configuration['id']} password #{configuration['api_key']} """ end |
.latest_conjur_cookbook_release ⇒ Object
20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/conjur/conjurize/script.rb', line 20 def self.latest_conjur_cookbook_release json = JSON.parse open(COOKBOOK_RELEASES_URL).read tarballs = tarballs_of_releases json latest = tarballs.first selected = tarballs.find { |release| !release[1].empty? } if selected != latest warn "WARNING: Latest cookbook release (#{latest.first}) does not "\ "contain a valid package. Falling back to #{selected.first}." end selected[1].first end |
.rc(configuration) ⇒ Object
106 107 108 109 110 111 112 113 114 |
# File 'lib/conjur/conjurize/script.rb', line 106 def self.rc configuration [ "account: #{configuration['account']}", "appliance_url: #{configuration['appliance_url']}", "cert_file: /etc/conjur-#{configuration['account']}.pem", "netrc_path: /etc/conjur.identity", "plugins: []" ].join "\n" end |
.tarballs_of_releases(releases) ⇒ Object
10 11 12 13 14 15 16 17 18 |
# File 'lib/conjur/conjurize/script.rb', line 10 def self.tarballs_of_releases releases releases.map do |release| assets = release["assets"].select do |asset| asset["name"] =~ /conjur-v\d.\d.\d.tar.gz/ end [release["name"], assets.map { |asset| asset["browser_download_url"] }] end end |
Instance Method Details
#chef_executable ⇒ Object
85 86 87 |
# File 'lib/conjur/conjurize/script.rb', line 85 def chef_executable [:"chef-executable"] || "chef-solo" end |
#chef_script ⇒ Object
97 98 99 100 101 102 103 104 |
# File 'lib/conjur/conjurize/script.rb', line 97 def chef_script @chef_script ||= [ ("curl -L https://www.opscode.com/chef/install.sh | " + sudo["bash"] \ if install_chef?), (sudo["#{chef_executable} --recipe-url #{conjur_cookbook_url} " \ "-o #{conjur_run_list}"] if run_chef?) ].join "\n" end |
#configure_conjur(configuration) ⇒ Object
124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/conjur/conjurize/script.rb', line 124 def configure_conjur configuration [ write_file("/etc/conjur.conf", Script.rc(configuration)), write_file( "/etc/conjur-#{configuration['account']}.pem", configuration["certificate"] ), write_file( "/etc/conjur.identity", Script.identity(configuration), mode: 0600 ) ].join "\n" end |
#conjur_cookbook_url ⇒ Object
89 90 91 |
# File 'lib/conjur/conjurize/script.rb', line 89 def conjur_cookbook_url [:"conjur-cookbook-url"] || Script.latest_conjur_cookbook_release end |
#conjur_run_list ⇒ Object
93 94 95 |
# File 'lib/conjur/conjurize/script.rb', line 93 def conjur_run_list [:"conjur-run-list"] || "conjur" end |
#generate(configuration) ⇒ Object
139 140 141 142 143 144 145 146 147 148 |
# File 'lib/conjur/conjurize/script.rb', line 139 def generate configuration fail "No 'id' field in host JSON" unless configuration["id"] fail "No 'api_key' field in host JSON" unless configuration["api_key"] [ HEADER, configure_conjur(configuration), chef_script ].join("\n") end |
#install_chef? ⇒ Boolean
77 78 79 |
# File 'lib/conjur/conjurize/script.rb', line 77 def install_chef? run_chef? && ![:"chef-executable"] end |
#run_chef? ⇒ Boolean
81 82 83 |
# File 'lib/conjur/conjurize/script.rb', line 81 def run_chef? .values_at(:ssh, :"conjur-run-list").any? end |
#set_mode(path, mode) ⇒ Object
65 66 67 68 69 70 71 |
# File 'lib/conjur/conjurize/script.rb', line 65 def set_mode path, mode mode = mode.to_s(8) if mode.respond_to? :to_int [ [sudo["touch"], path].join(" "), [sudo["chmod"], mode, path].join(" ") ].join("\n") end |
#sudo ⇒ Object
48 49 50 |
# File 'lib/conjur/conjurize/script.rb', line 48 def sudo @sudo ||= ["sudo"] ? ->(x) { "sudo -n #{x}" } : ->(x) { x } end |
#write_file(path, content, options = {}) ⇒ Object
Generate a piece of shell to write to a file
56 57 58 59 60 61 62 63 |
# File 'lib/conjur/conjurize/script.rb', line 56 def write_file path, content, = {} [ ((mode = [:mode]) && set_mode(path, mode)), [sudo["tee"], path, "> /dev/null << EOF"].join(" "), content.strip, "EOF\n" ].compact.join("\n") end |