From 06f03116e19ee34538fbf1bf2c36187cb7693db2 Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Wed, 15 Oct 2014 18:09:41 +0200 Subject: [PATCH 1/4] Small leftover from changes to the filename logic --- cookbook.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbook.go b/cookbook.go index 459833f..5d61647 100644 --- a/cookbook.go +++ b/cookbook.go @@ -227,7 +227,7 @@ func (cg *ChefGuard) tagAndPublishCookbook() (int, error) { func (cg *ChefGuard) getCookbookChangeDetails(r *http.Request) []byte { v := mux.Vars(r) - cg.ChangeDetails = &changeDetails{Item: fmt.Sprintf("%s-%s", v["name"], v["version"]), Type: v["type"]} + cg.ChangeDetails = &changeDetails{Item: fmt.Sprintf("%s-%s.json", v["name"], v["version"]), Type: v["type"]} frozen := false if cg.Cookbook != nil { frozen = cg.Cookbook.Frozen From cea6da0a097746f66e8188d9bfd3add4c541665a Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Wed, 15 Oct 2014 18:13:37 +0200 Subject: [PATCH 2/4] Added change info to docs --- CHANGELOG.md | 6 +++++- VERSION | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 33e508b..5d20e2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,13 @@ Chef-Guard CHANGELOG ==================== +0.4.5 (UNRELEASED) +----- +- Added the '.json' extention to cookbook auditing files saved in Github to have uniform names + 0.4.4 ----- -- When you try to overwrite a frozen cookbook return a HTTP 409 error instead of a HTTP 412 so Berkshelf doesn't crash on it but just reports it. +- When you try to overwrite a frozen cookbook return a HTTP 409 error instead of a HTTP 412 so Berkshelf doesn't crash on it but just reports it 0.4.3 ----- diff --git a/VERSION b/VERSION index 6f2743d..0bfccb0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.4.4 +0.4.5 From 5e3686e2b0819b12e0a1d56f2b3cef117c657ed1 Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Wed, 15 Oct 2014 22:42:44 +0200 Subject: [PATCH 3/4] Fixing issue #53 --- CHANGELOG.md | 1 + cookbook.go | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d20e2d..d0ee1fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Chef-Guard CHANGELOG 0.4.5 (UNRELEASED) ----- - Added the '.json' extention to cookbook auditing files saved in Github to have uniform names +- Fixing issue #53 by making sure the config is checked and used to determine if we want to verify SSL 0.4.4 ----- diff --git a/cookbook.go b/cookbook.go index 5d61647..19dd9f6 100644 --- a/cookbook.go +++ b/cookbook.go @@ -23,6 +23,7 @@ import ( "crypto/hmac" "crypto/md5" "crypto/sha1" + "crypto/tls" "encoding/base64" "encoding/json" "fmt" @@ -245,7 +246,11 @@ func downloadCookbookFile(orgID, checksum string) ([]byte, error) { if err != nil { return nil, err } - resp, err := http.Get(u.String()) + t := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: cfg.Chef.SSLNoVerify}, + } + c := &http.Client{Transport: t} + resp, err := c.Get(u.String()) if err != nil { return nil, err } From a10ee4a753d1008d508a5dba25b1f33197a1690a Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Thu, 16 Oct 2014 16:27:48 +0200 Subject: [PATCH 4/4] Fixed several issues and improved config checks See change log for more details --- CHANGELOG.md | 6 ++-- config.go | 98 ++++++++++++++++++++++++++++++++++++++++++-------- validations.go | 36 ++++++++++--------- 3 files changed, 106 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0ee1fa..e4e2252 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,12 @@ Chef-Guard CHANGELOG ==================== -0.4.5 (UNRELEASED) +0.4.5 ----- - Added the '.json' extention to cookbook auditing files saved in Github to have uniform names -- Fixing issue #53 by making sure the config is checked and used to determine if we want to verify SSL +- Fixed issue #53 by making sure the config is checked and used to determine if we want to verify SSL +- Fixed issue #54 by adding a check if a value is actually configued before using it +- Added code to check if the config file contains values for all required fields 0.4.4 ----- diff --git a/config.go b/config.go index f7e152d..d6fb283 100644 --- a/config.go +++ b/config.go @@ -125,21 +125,89 @@ func loadConfig() error { if err := gcfg.ReadFileInto(&tmpConfig, exe+".conf"); err != nil { return fmt.Errorf("Failed to parse config file '%s': %s", exe+".conf", err) } - if err := verifyGithubTokens(); err != nil { + if err := verifyRequiredFields(&tmpConfig); err != nil { return err } - if err := verifyBlackLists(); err != nil { + if err := verifyGithubTokens(&tmpConfig); err != nil { return err } - if err := parsePaths(path.Dir(exe)); err != nil { + if err := verifyBlackLists(&tmpConfig); err != nil { + return err + } + if err := parsePaths(&tmpConfig, path.Dir(exe)); err != nil { return err } cfg = tmpConfig return nil } -func verifyGithubTokens() error { - for k, v := range cfg.Github { +func verifyRequiredFields(c *Config) error { + r := map[string]interface{}{ + "Default->Listen": c.Default.Listen, + "Default->Logfile": c.Default.Logfile, + "Default->Tempdir": c.Default.Tempdir, + "Default->Mode": c.Default.Mode, + "Default->ValidateChanges": c.Default.ValidateChanges, + "Chef->Server": c.Chef.Server, + "Chef->Port": c.Chef.Port, + "Chef->ErchefIP": c.Chef.ErchefIP, + "Chef->ErchefPort": c.Chef.ErchefPort, + "Chef->S3Key": c.Chef.S3Key, + "Chef->S3Secret": c.Chef.S3Secret, + "Chef->Version": c.Chef.Version, + "Chef->User": c.Chef.User, + "Chef->Key": c.Chef.Key, + "Community->Supermarket": c.Community.Supermarket, + } + + if c.Default.MailChanges { + r["Default->MailServer"] = c.Default.MailServer + r["Default->MailPort"] = c.Default.MailPort + r["Default->MailRecipient"] = c.Default.MailRecipient + } + + if c.Default.CommitChanges { + r["Default->GitOrganization"] = c.Default.GitOrganization + } + + if c.Default.SearchGithub { + r["Default->GitCookbookOrgs"] = c.Default.GitCookbookOrgs + } + + if c.Default.SaveChefMetrics { + r["MongoDB->Server"] = c.MongoDB.Server + r["MongoDB->Database"] = c.MongoDB.Database + r["MongoDB->Collection"] = c.MongoDB.Collection + r["MongoDB->User"] = c.MongoDB.User + r["MongoDB->Password"] = c.MongoDB.Password + } + + if c.Default.PublishCookbook { + r["Supermarket->Server"] = c.Supermarket.Server + r["Supermarket->Port"] = c.Supermarket.Port + r["Supermarket->Version"] = c.Supermarket.Version + r["Supermarket->User"] = c.Supermarket.User + r["Supermarket->Key"] = c.Supermarket.Key + } + + for k, v := range r { + switch v := v.(type) { + case int: + if v == 0 { + return fmt.Errorf("Required configuration value missing for Section->Key: %s", k) + } + case string: + if v == "" { + return fmt.Errorf("Required configuration value missing for Section->Key: %s", k) + } + } + } + + return nil +} + +func verifyGithubTokens(c *Config) error { + for k, v := range c.Github { if v.Token == "" { return fmt.Errorf("No token found for Github organization %s! All configured organizations need to have a valid token.", k) } @@ -147,14 +215,14 @@ func verifyGithubTokens() error { return nil } -func verifyBlackLists() error { - rgx := strings.Split(cfg.Default.Blacklist, "|") +func verifyBlackLists(c *Config) error { + rgx := strings.Split(c.Default.Blacklist, "|") for _, r := range rgx { if _, err := regexp.Compile(r); err != nil { return fmt.Errorf("The Default blacklist contains a bad regex: %s", err) } } - for k, v := range cfg.Customer { + for k, v := range c.Customer { if v.Blacklist != nil { rgx := strings.Split(*v.Blacklist, "|") for _, r := range rgx { @@ -167,15 +235,15 @@ func verifyBlackLists() error { return nil } -func parsePaths(ep string) error { - if !path.IsAbs(cfg.Default.Logfile) { - cfg.Default.Logfile = path.Join(ep, cfg.Default.Logfile) +func parsePaths(c *Config, ep string) error { + if !path.IsAbs(c.Default.Logfile) { + c.Default.Logfile = path.Join(ep, c.Default.Logfile) } - if cfg.Tests.Foodcritic != "" && !path.IsAbs(cfg.Tests.Foodcritic) { - cfg.Tests.Foodcritic = path.Join(ep, cfg.Tests.Foodcritic) + if c.Tests.Foodcritic != "" && !path.IsAbs(c.Tests.Foodcritic) { + c.Tests.Foodcritic = path.Join(ep, c.Tests.Foodcritic) } - if cfg.Tests.Rubocop != "" && !path.IsAbs(cfg.Tests.Rubocop) { - cfg.Tests.Rubocop = path.Join(ep, cfg.Tests.Rubocop) + if c.Tests.Rubocop != "" && !path.IsAbs(c.Tests.Rubocop) { + c.Tests.Rubocop = path.Join(ep, c.Tests.Rubocop) } return nil } diff --git a/validations.go b/validations.go index 332ba3e..806eae8 100644 --- a/validations.go +++ b/validations.go @@ -369,22 +369,24 @@ func searchCommunityCookbooks(name, version string) (*SourceCookbook, int, error } func searchPrivateCookbooks(org, name, version string) (*SourceCookbook, int, error) { - var u string - switch cfg.Supermarket.Port { - case "80": - u = fmt.Sprintf("http://%s", cfg.Supermarket.Server) - case "443": - u = fmt.Sprintf("https://%s", cfg.Supermarket.Server) - default: - u = fmt.Sprintf("http://%s:%s", cfg.Supermarket.Server, cfg.Supermarket.Port) - } - sc, errCode, err := searchSupermarket(u, name, version) - if err != nil { - return nil, errCode, err - } - if sc != nil { - sc.private = true - return sc, 0, nil + if cfg.Supermarket.Server != "" { + var u string + switch cfg.Supermarket.Port { + case "80": + u = fmt.Sprintf("http://%s", cfg.Supermarket.Server) + case "443": + u = fmt.Sprintf("https://%s", cfg.Supermarket.Server) + default: + u = fmt.Sprintf("http://%s:%s", cfg.Supermarket.Server, cfg.Supermarket.Port) + } + sc, errCode, err := searchSupermarket(u, name, version) + if err != nil { + return nil, errCode, err + } + if sc != nil { + sc.private = true + return sc, 0, nil + } } if getEffectiveConfig("SearchGithub", org).(bool) { orgList := cfg.Default.GitCookbookOrgs @@ -392,7 +394,7 @@ func searchPrivateCookbooks(org, name, version string) (*SourceCookbook, int, er if orgList != custOrgList { orgList = fmt.Sprintf("%s,%s", orgList, custOrgList) } - sc, err = searchGithub(strings.Split(orgList, ","), name, version, false) + sc, err := searchGithub(strings.Split(orgList, ","), name, version, false) if err != nil { return nil, http.StatusBadGateway, err }