/usr/lib/ruby/vendor_ruby/chef/resource/chef_organization.rb is in ruby-cheffish 4.0.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 | require 'cheffish'
require 'cheffish/base_resource'
require 'chef/run_list/run_list_item'
require 'chef/chef_fs/data_handler/data_handler_base'
class Chef
class Resource
class ChefOrganization < Cheffish::BaseResource
resource_name :chef_organization
property :name, Cheffish::NAME_REGEX, name_property: true
property :full_name, String
# A list of users who must at least be invited to the org (but may already be
# members). Invites will be sent to users who are not already invited/in the org.
property :invites, ArrayType
# A list of users who must be members of the org. This will use the
# new Chef 12 POST /organizations/ORG/users endpoint to add them
# directly to the org. If you do not have permission to perform
# this operation, and the users are not a part of the org, the
# resource update will fail.
property :members, ArrayType
# A list of users who must not be members of the org. These users will be removed
# from the org and invites will be revoked (if any).
property :remove_members, ArrayType
action :create do
differences = json_differences(current_json, new_json)
if current_resource_exists?
if differences.size > 0
description = [ "update organization #{new_resource.name} at #{rest.url}" ] + differences
converge_by description do
rest.put("#{rest.root_url}/organizations/#{new_resource.name}", normalize_for_put(new_json))
end
end
else
description = [ "create organization #{new_resource.name} at #{rest.url}" ] + differences
converge_by description do
rest.post("#{rest.root_url}/organizations", normalize_for_post(new_json))
end
end
# Revoke invites and memberships when asked
invites_to_remove.each do |user|
if outstanding_invites.has_key?(user)
converge_by "revoke #{user}'s invitation to organization #{new_resource.name}" do
rest.delete("#{rest.root_url}/organizations/#{new_resource.name}/association_requests/#{outstanding_invites[user]}")
end
end
end
members_to_remove.each do |user|
if existing_members.include?(user)
converge_by "remove #{user} from organization #{new_resource.name}" do
rest.delete("#{rest.root_url}/organizations/#{new_resource.name}/users/#{user}")
end
end
end
# Invite and add members when asked
new_resource.invites.each do |user|
if !existing_members.include?(user) && !outstanding_invites.has_key?(user)
converge_by "invite #{user} to organization #{new_resource.name}" do
rest.post("#{rest.root_url}/organizations/#{new_resource.name}/association_requests", { 'user' => user })
end
end
end
new_resource.members.each do |user|
if !existing_members.include?(user)
converge_by "Add #{user} to organization #{new_resource.name}" do
rest.post("#{rest.root_url}/organizations/#{new_resource.name}/users/", { 'username' => user })
end
end
end
end
action_class.class_eval do
def existing_members
@existing_members ||= rest.get("#{rest.root_url}/organizations/#{new_resource.name}/users").map { |u| u['user']['username'] }
end
def outstanding_invites
@outstanding_invites ||= begin
invites = {}
rest.get("#{rest.root_url}/organizations/#{new_resource.name}/association_requests").each do |r|
invites[r['username']] = r['id']
end
invites
end
end
def invites_to_remove
if new_resource.complete
if new_resource.property_is_set?(:invites) || new_resource.property_is_set?(:members)
result = outstanding_invites.keys
result -= new_resource.invites if new_resource.property_is_set?(:invites)
result -= new_resource.members if new_resource.property_is_set?(:members)
result
else
[]
end
else
new_resource.remove_members
end
end
def members_to_remove
if new_resource.complete
if new_resource.property_is_set?(:members)
existing_members - (new_resource.invites | new_resource.members)
else
[]
end
else
new_resource.remove_members
end
end
end
action :delete do
if current_resource_exists?
converge_by "delete organization #{new_resource.name} at #{rest.url}" do
rest.delete("#{rest.root_url}/organizations/#{new_resource.name}")
end
end
end
action_class.class_eval do
def load_current_resource
begin
@current_resource = json_to_resource(rest.get("#{rest.root_url}/organizations/#{new_resource.name}"))
rescue Net::HTTPServerException => e
if e.response.code == "404"
@current_resource = not_found_resource
else
raise
end
end
end
#
# Helpers
#
def resource_class
Chef::Resource::ChefOrganization
end
def data_handler
OrganizationDataHandler.new
end
def keys
{
'name' => :name,
'full_name' => :full_name
}
end
class OrganizationDataHandler < Chef::ChefFS::DataHandler::DataHandlerBase
def normalize(organization, entry)
# Normalize the order of the keys for easier reading
normalize_hash(organization, {
'name' => remove_dot_json(entry.name),
'full_name' => remove_dot_json(entry.name),
'org_type' => 'Business',
'clientname' => "#{remove_dot_json(entry.name)}-validator",
'billing_plan' => 'platform-free'
})
end
end
end
end
end
end
|