From 6e21ca50a08b1d59aaf22b596224ba4a42f7d335 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Wed, 8 Jul 2015 14:43:37 -0400 Subject: [PATCH 1/8] add chef secret key --- .../provisioners/chef/resource_provisioner.go | 17 +++++++++++++++++ .../chef/resource_provisioner_test.go | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go index 3e3cb8abce..2708ee0421 100644 --- a/builtin/provisioners/chef/resource_provisioner.go +++ b/builtin/provisioners/chef/resource_provisioner.go @@ -28,6 +28,7 @@ const ( firstBoot = "first-boot.json" logfileDir = "logfiles" linuxConfDir = "/etc/chef" + secretKey = "encrypted_data_bag_secret" validationKey = "validation.pem" windowsConfDir = "C:/chef" ) @@ -67,6 +68,7 @@ type Provisioner struct { OSType string `mapstructure:"os_type"` PreventSudo bool `mapstructure:"prevent_sudo"` RunList []string `mapstructure:"run_list"` + SecretKeyPath string `mapstructure:"secret_key_path"` ServerURL string `mapstructure:"server_url"` SkipInstall bool `mapstructure:"skip_install"` SSLVerifyMode string `mapstructure:"ssl_verify_mode"` @@ -346,6 +348,21 @@ func (p *Provisioner) deployConfigFiles( return fmt.Errorf("Uploading %s failed: %v", validationKey, err) } + if p.SecretKeyPath != nil + { + // Open the secret key file + f, err := os.Open(p.SecretKeyPath) + if err != nil { + return err + } + defer f.Close() + + // Copy the secret key to the new instance + if err := comm.Upload(path.Join(confDir, secretKey), f); err != nil { + return fmt.Errorf("Uploading %s failed: %v", secretKey, err) + } + } + // Make strings.Join available for use within the template funcMap := template.FuncMap{ "join": strings.Join, diff --git a/builtin/provisioners/chef/resource_provisioner_test.go b/builtin/provisioners/chef/resource_provisioner_test.go index 45fc8a2119..baadc46b78 100644 --- a/builtin/provisioners/chef/resource_provisioner_test.go +++ b/builtin/provisioners/chef/resource_provisioner_test.go @@ -21,6 +21,7 @@ func TestResourceProvider_Validate_good(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }) r := new(ResourceProvisioner) warn, errs := r.Validate(c) @@ -68,6 +69,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: linuxConfDir, @@ -85,6 +87,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: linuxConfDir, @@ -103,6 +106,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: windowsConfDir, From 7f4a5ac413f1a35b2249e74ffcfa4434599af1a3 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Wed, 8 Jul 2015 15:09:17 -0400 Subject: [PATCH 2/8] fix if statement and condition --- builtin/provisioners/chef/resource_provisioner.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go index 2708ee0421..769c0e3378 100644 --- a/builtin/provisioners/chef/resource_provisioner.go +++ b/builtin/provisioners/chef/resource_provisioner.go @@ -348,7 +348,7 @@ func (p *Provisioner) deployConfigFiles( return fmt.Errorf("Uploading %s failed: %v", validationKey, err) } - if p.SecretKeyPath != nil + if p.SecretKeyPath != "" { // Open the secret key file f, err := os.Open(p.SecretKeyPath) @@ -361,6 +361,7 @@ func (p *Provisioner) deployConfigFiles( if err := comm.Upload(path.Join(confDir, secretKey), f); err != nil { return fmt.Errorf("Uploading %s failed: %v", secretKey, err) } + return } // Make strings.Join available for use within the template From cd58da773ca5d7a9a530cd175d9adda12672b196 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Wed, 8 Jul 2015 15:15:50 -0400 Subject: [PATCH 3/8] remove unused if --- builtin/provisioners/chef/resource_provisioner.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go index 769c0e3378..f8f75ab310 100644 --- a/builtin/provisioners/chef/resource_provisioner.go +++ b/builtin/provisioners/chef/resource_provisioner.go @@ -348,20 +348,16 @@ func (p *Provisioner) deployConfigFiles( return fmt.Errorf("Uploading %s failed: %v", validationKey, err) } - if p.SecretKeyPath != "" - { // Open the secret key file - f, err := os.Open(p.SecretKeyPath) + s, err := os.Open(p.SecretKeyPath) if err != nil { return err } - defer f.Close() + defer s.Close() // Copy the secret key to the new instance - if err := comm.Upload(path.Join(confDir, secretKey), f); err != nil { + if err := comm.Upload(path.Join(confDir, secretKey), s); err != nil { return fmt.Errorf("Uploading %s failed: %v", secretKey, err) - } - return } // Make strings.Join available for use within the template From 090248fab12049618d2aaeee88bef2a527e3319a Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Wed, 8 Jul 2015 19:41:38 -0400 Subject: [PATCH 4/8] fix errors --- .../provisioners/chef/linux_provisioner_test.go | 14 ++++++++++++++ .../provisioners/chef/resource_provisioner_test.go | 6 +++--- .../chef/test-fixtures/encrypted_data_bag_secret | 1 + .../provisioners/chef/windows_provisioner_test.go | 9 +++++++++ 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 builtin/provisioners/chef/test-fixtures/encrypted_data_bag_secret diff --git a/builtin/provisioners/chef/linux_provisioner_test.go b/builtin/provisioners/chef/linux_provisioner_test.go index d55b4c31a4..14e81ad4f2 100644 --- a/builtin/provisioners/chef/linux_provisioner_test.go +++ b/builtin/provisioners/chef/linux_provisioner_test.go @@ -20,6 +20,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -37,6 +38,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -55,6 +57,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -73,6 +76,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -92,6 +96,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -112,6 +117,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", "version": "11.18.6", }), @@ -158,6 +164,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -170,6 +177,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", linuxConfDir + "/ohai/hints/ohaihint.json": "OHAI-HINT-FILE", linuxConfDir + "/client.rb": defaultLinuxClientConf, linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, @@ -184,6 +192,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -192,6 +201,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", linuxConfDir + "/client.rb": defaultLinuxClientConf, linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, @@ -208,6 +218,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -216,6 +227,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", linuxConfDir + "/client.rb": proxyLinuxClientConf, linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, @@ -250,6 +262,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -258,6 +271,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", linuxConfDir + "/client.rb": defaultLinuxClientConf, linuxConfDir + "/first-boot.json": `{"key1":{"subkey1":{"subkey2a":["val1","val2","val3"],` + `"subkey2b":{"subkey3":"value3"}}},"key2":"value2","run_list":["cookbook::recipe"]}`, diff --git a/builtin/provisioners/chef/resource_provisioner_test.go b/builtin/provisioners/chef/resource_provisioner_test.go index baadc46b78..9b0221595c 100644 --- a/builtin/provisioners/chef/resource_provisioner_test.go +++ b/builtin/provisioners/chef/resource_provisioner_test.go @@ -69,7 +69,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: linuxConfDir, @@ -87,7 +87,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: linuxConfDir, @@ -106,7 +106,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: windowsConfDir, diff --git a/builtin/provisioners/chef/test-fixtures/encrypted_data_bag_secret b/builtin/provisioners/chef/test-fixtures/encrypted_data_bag_secret new file mode 100644 index 0000000000..97249fae54 --- /dev/null +++ b/builtin/provisioners/chef/test-fixtures/encrypted_data_bag_secret @@ -0,0 +1 @@ +SECRET-KEY-FILE diff --git a/builtin/provisioners/chef/windows_provisioner_test.go b/builtin/provisioners/chef/windows_provisioner_test.go index 159e7be55e..44ac12a7b4 100644 --- a/builtin/provisioners/chef/windows_provisioner_test.go +++ b/builtin/provisioners/chef/windows_provisioner_test.go @@ -22,6 +22,7 @@ func TestResourceProvider_windowsInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -42,6 +43,7 @@ func TestResourceProvider_windowsInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -60,6 +62,7 @@ func TestResourceProvider_windowsInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", + "secret_key_path": "encrypted_data_bag_secret", "version": "11.18.6", }), @@ -109,6 +112,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -120,6 +124,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + windowsConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", windowsConfDir + "/ohai/hints/ohaihint.json": "OHAI-HINT-FILE", windowsConfDir + "/client.rb": defaultWindowsClientConf, windowsConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, @@ -136,6 +141,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -144,6 +150,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + windowsConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", windowsConfDir + "/client.rb": proxyWindowsClientConf, windowsConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, @@ -177,6 +184,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -185,6 +193,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { Uploads: map[string]string{ windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + windowsConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", windowsConfDir + "/client.rb": defaultWindowsClientConf, windowsConfDir + "/first-boot.json": `{"key1":{"subkey1":{"subkey2a":["val1","val2","val3"],` + `"subkey2b":{"subkey3":"value3"}}},"key2":"value2","run_list":["cookbook::recipe"]}`, From 61f47d440dafdc05ca960de70e2bc322606f4719 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Wed, 8 Jul 2015 20:06:37 -0400 Subject: [PATCH 5/8] correct space, fix reading of file --- .../provisioners/chef/resource_provisioner.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go index f8f75ab310..2b955d7340 100644 --- a/builtin/provisioners/chef/resource_provisioner.go +++ b/builtin/provisioners/chef/resource_provisioner.go @@ -175,6 +175,9 @@ func (r *ResourceProvisioner) Validate(c *terraform.ResourceConfig) (ws []string if p.ServerURL == "" { es = append(es, fmt.Errorf("Key not found: server_url")) } + if p.SecretKeyPath == "" { + es = append(es, fmt.Errorf("Key not found: secret_key_path")) + } if p.ValidationClientName == "" { es = append(es, fmt.Errorf("Key not found: validation_client_name")) } @@ -224,13 +227,19 @@ func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provis } if p.ValidationKeyPath != "" { - keyPath, err := homedir.Expand(p.ValidationKeyPath) + vkeyPath, err := homedir.Expand(p.ValidationKeyPath) if err != nil { return nil, fmt.Errorf("Error expanding the validation key path: %v", err) } - p.ValidationKeyPath = keyPath - } - + p.ValidationKeyPath = vkeyPath + } + if p.SecretKeyPath != "" { + skeyPath, err := homedir.Expand(p.SecretKeyPath) + if err != nil { + return nil, fmt.Errorf("Error expanding the secret key path: %v", err) + } + p.SecretKeyPath = skeyPath + } if attrs, ok := c.Config["attributes"]; ok { p.Attributes, err = rawToJSON(attrs) if err != nil { @@ -336,7 +345,7 @@ func (p *Provisioner) deployConfigFiles( o terraform.UIOutput, comm communicator.Communicator, confDir string) error { - // Open the validation key file + // Open the validation key file f, err := os.Open(p.ValidationKeyPath) if err != nil { return err From 4070805fcda8515436b0e694454b26afac8063e9 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Thu, 9 Jul 2015 09:05:12 -0400 Subject: [PATCH 6/8] ran gofmt removed required, added IF --- .../chef/linux_provisioner_test.go | 50 +++++++++---------- .../provisioners/chef/resource_provisioner.go | 39 +++++++-------- .../chef/resource_provisioner_test.go | 8 +-- .../chef/windows_provisioner_test.go | 36 ++++++------- 4 files changed, 66 insertions(+), 67 deletions(-) diff --git a/builtin/provisioners/chef/linux_provisioner_test.go b/builtin/provisioners/chef/linux_provisioner_test.go index 14e81ad4f2..b793ace469 100644 --- a/builtin/provisioners/chef/linux_provisioner_test.go +++ b/builtin/provisioners/chef/linux_provisioner_test.go @@ -20,7 +20,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -38,7 +38,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -57,7 +57,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -76,7 +76,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -96,7 +96,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -117,7 +117,7 @@ func TestResourceProvider_linuxInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", "version": "11.18.6", }), @@ -164,7 +164,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -176,11 +176,11 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", - linuxConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", - linuxConfDir + "/ohai/hints/ohaihint.json": "OHAI-HINT-FILE", - linuxConfDir + "/client.rb": defaultLinuxClientConf, - linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, + linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", + linuxConfDir + "/ohai/hints/ohaihint.json": "OHAI-HINT-FILE", + linuxConfDir + "/client.rb": defaultLinuxClientConf, + linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, }, @@ -192,7 +192,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -200,10 +200,10 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", - linuxConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", - linuxConfDir + "/client.rb": defaultLinuxClientConf, - linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, + linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", + linuxConfDir + "/client.rb": defaultLinuxClientConf, + linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, }, @@ -218,7 +218,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -226,10 +226,10 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", - linuxConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", - linuxConfDir + "/client.rb": proxyLinuxClientConf, - linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, + linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", + linuxConfDir + "/client.rb": proxyLinuxClientConf, + linuxConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, }, @@ -262,7 +262,7 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -270,9 +270,9 @@ func TestResourceProvider_linuxCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + linuxConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", linuxConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", - linuxConfDir + "/client.rb": defaultLinuxClientConf, + linuxConfDir + "/client.rb": defaultLinuxClientConf, linuxConfDir + "/first-boot.json": `{"key1":{"subkey1":{"subkey2a":["val1","val2","val3"],` + `"subkey2b":{"subkey3":"value3"}}},"key2":"value2","run_list":["cookbook::recipe"]}`, }, diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go index 2b955d7340..7c16cb4bb0 100644 --- a/builtin/provisioners/chef/resource_provisioner.go +++ b/builtin/provisioners/chef/resource_provisioner.go @@ -68,7 +68,7 @@ type Provisioner struct { OSType string `mapstructure:"os_type"` PreventSudo bool `mapstructure:"prevent_sudo"` RunList []string `mapstructure:"run_list"` - SecretKeyPath string `mapstructure:"secret_key_path"` + SecretKeyPath string `mapstructure:"secret_key_path"` ServerURL string `mapstructure:"server_url"` SkipInstall bool `mapstructure:"skip_install"` SSLVerifyMode string `mapstructure:"ssl_verify_mode"` @@ -175,9 +175,6 @@ func (r *ResourceProvisioner) Validate(c *terraform.ResourceConfig) (ws []string if p.ServerURL == "" { es = append(es, fmt.Errorf("Key not found: server_url")) } - if p.SecretKeyPath == "" { - es = append(es, fmt.Errorf("Key not found: secret_key_path")) - } if p.ValidationClientName == "" { es = append(es, fmt.Errorf("Key not found: validation_client_name")) } @@ -233,13 +230,13 @@ func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provis } p.ValidationKeyPath = vkeyPath } - if p.SecretKeyPath != "" { - skeyPath, err := homedir.Expand(p.SecretKeyPath) - if err != nil { - return nil, fmt.Errorf("Error expanding the secret key path: %v", err) - } - p.SecretKeyPath = skeyPath - } + if p.SecretKeyPath != "" { + skeyPath, err := homedir.Expand(p.SecretKeyPath) + if err != nil { + return nil, fmt.Errorf("Error expanding the secret key path: %v", err) + } + p.SecretKeyPath = skeyPath + } if attrs, ok := c.Config["attributes"]; ok { p.Attributes, err = rawToJSON(attrs) if err != nil { @@ -357,16 +354,18 @@ func (p *Provisioner) deployConfigFiles( return fmt.Errorf("Uploading %s failed: %v", validationKey, err) } - // Open the secret key file - s, err := os.Open(p.SecretKeyPath) - if err != nil { - return err - } - defer s.Close() + if p.SecretKeyPath != "" { + // Open the secret key file + s, err := os.Open(p.SecretKeyPath) + if err != nil { + return err + } + defer s.Close() - // Copy the secret key to the new instance - if err := comm.Upload(path.Join(confDir, secretKey), s); err != nil { - return fmt.Errorf("Uploading %s failed: %v", secretKey, err) + // Copy the secret key to the new instance + if err := comm.Upload(path.Join(confDir, secretKey), s); err != nil { + return fmt.Errorf("Uploading %s failed: %v", secretKey, err) + } } // Make strings.Join available for use within the template diff --git a/builtin/provisioners/chef/resource_provisioner_test.go b/builtin/provisioners/chef/resource_provisioner_test.go index 9b0221595c..b02c0c286d 100644 --- a/builtin/provisioners/chef/resource_provisioner_test.go +++ b/builtin/provisioners/chef/resource_provisioner_test.go @@ -21,7 +21,7 @@ func TestResourceProvider_Validate_good(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }) r := new(ResourceProvisioner) warn, errs := r.Validate(c) @@ -69,7 +69,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: linuxConfDir, @@ -87,7 +87,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: linuxConfDir, @@ -106,7 +106,7 @@ func TestResourceProvider_runChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), ConfDir: windowsConfDir, diff --git a/builtin/provisioners/chef/windows_provisioner_test.go b/builtin/provisioners/chef/windows_provisioner_test.go index 44ac12a7b4..443451e684 100644 --- a/builtin/provisioners/chef/windows_provisioner_test.go +++ b/builtin/provisioners/chef/windows_provisioner_test.go @@ -22,7 +22,7 @@ func TestResourceProvider_windowsInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -43,7 +43,7 @@ func TestResourceProvider_windowsInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -62,7 +62,7 @@ func TestResourceProvider_windowsInstallChefClient(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "validator.pem", - "secret_key_path": "encrypted_data_bag_secret", + "secret_key_path": "encrypted_data_bag_secret", "version": "11.18.6", }), @@ -112,7 +112,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -123,11 +123,11 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", - windowsConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", - windowsConfDir + "/ohai/hints/ohaihint.json": "OHAI-HINT-FILE", - windowsConfDir + "/client.rb": defaultWindowsClientConf, - windowsConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, + windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + windowsConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", + windowsConfDir + "/ohai/hints/ohaihint.json": "OHAI-HINT-FILE", + windowsConfDir + "/client.rb": defaultWindowsClientConf, + windowsConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, }, @@ -141,7 +141,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -149,10 +149,10 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", - windowsConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", - windowsConfDir + "/client.rb": proxyWindowsClientConf, - windowsConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, + windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + windowsConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", + windowsConfDir + "/client.rb": proxyWindowsClientConf, + windowsConfDir + "/first-boot.json": `{"run_list":["cookbook::recipe"]}`, }, }, @@ -184,7 +184,7 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { "server_url": "https://chef.local", "validation_client_name": "validator", "validation_key_path": "test-fixtures/validator.pem", - "secret_key_path": "test-fixtures/encrypted_data_bag_secret", + "secret_key_path": "test-fixtures/encrypted_data_bag_secret", }), Commands: map[string]bool{ @@ -192,9 +192,9 @@ func TestResourceProvider_windowsCreateConfigFiles(t *testing.T) { }, Uploads: map[string]string{ - windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", - windowsConfDir + "/encrypted_data_bag_secret":"SECRET-KEY-FILE", - windowsConfDir + "/client.rb": defaultWindowsClientConf, + windowsConfDir + "/validation.pem": "VALIDATOR-PEM-FILE", + windowsConfDir + "/encrypted_data_bag_secret": "SECRET-KEY-FILE", + windowsConfDir + "/client.rb": defaultWindowsClientConf, windowsConfDir + "/first-boot.json": `{"key1":{"subkey1":{"subkey2a":["val1","val2","val3"],` + `"subkey2b":{"subkey3":"value3"}}},"key2":"value2","run_list":["cookbook::recipe"]}`, }, From cda814d8b3d1b73b49b864f23775858bc3899ec2 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Thu, 9 Jul 2015 09:31:31 -0400 Subject: [PATCH 7/8] No need to do this as they both are in their own scope --- builtin/provisioners/chef/resource_provisioner.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go index 7c16cb4bb0..94b8be67f3 100644 --- a/builtin/provisioners/chef/resource_provisioner.go +++ b/builtin/provisioners/chef/resource_provisioner.go @@ -224,18 +224,18 @@ func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provis } if p.ValidationKeyPath != "" { - vkeyPath, err := homedir.Expand(p.ValidationKeyPath) + keyPath, err := homedir.Expand(p.ValidationKeyPath) if err != nil { return nil, fmt.Errorf("Error expanding the validation key path: %v", err) } - p.ValidationKeyPath = vkeyPath + p.ValidationKeyPath = keyPath } if p.SecretKeyPath != "" { - skeyPath, err := homedir.Expand(p.SecretKeyPath) + keyPath, err := homedir.Expand(p.SecretKeyPath) if err != nil { return nil, fmt.Errorf("Error expanding the secret key path: %v", err) } - p.SecretKeyPath = skeyPath + p.SecretKeyPath = keyPath } if attrs, ok := c.Config["attributes"]; ok { p.Attributes, err = rawToJSON(attrs) From 147efbc52c31470dbd89d14ba95c228b2f57b490 Mon Sep 17 00:00:00 2001 From: Joshua Seidel Date: Thu, 9 Jul 2015 10:12:56 -0400 Subject: [PATCH 8/8] update markdown --- website/source/docs/provisioners/chef.html.markdown | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/website/source/docs/provisioners/chef.html.markdown b/website/source/docs/provisioners/chef.html.markdown index 24a682b55e..d1b47db25d 100644 --- a/website/source/docs/provisioners/chef.html.markdown +++ b/website/source/docs/provisioners/chef.html.markdown @@ -36,10 +36,11 @@ resource "aws_instance" "web" { environment = "_default" run_list = ["cookbook::recipe"] node_name = "webserver1" + secret_key_path = "../encrypted_data_bag_secret" server_url = "https://chef.company.com/organizations/org1" validation_client_name = "chef-validator" validation_key_path = "../chef-validator.pem" - version = "11.18.6" + version = "12.4.1" } } ``` @@ -82,6 +83,10 @@ The following arguments are supported: Chef Client run. The run-list will also be saved to the Chef Server after a successful initial run. +* `secret_key_path (string)` - (Optional) The path to the secret key that is used + by the client to decrypt data bags on the Chef Server. The key will be uploaded to the remote + machine. + * `server_url (string)` - (Required) The URL to the Chef server. This includes the path to the organization. See the example.