diff --git a/.kitchen.yml b/.kitchen.yml index 3ecc550..846b9be 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -33,4 +33,28 @@ suites: run_list: - recipe[sumologic::default] attributes: + sumologic: + email: example@example.com + password: password123 +- name: databag + run_list: + - recipe[sumologic::default] + attributes: + sumologic: + use_encrypted_data_bag: true + credentials: + bag_name: sumo-creds + item_name: api-creds + data_bags_path: test/integration/data_bags +- name: databag_encrypted + run_list: + - recipe[sumologic::default] + attributes: + sumologic: + use_encrypted_data_bag: true + credentials: + bag_name: sumo-creds + item_name: api-creds-encrypt + secret_file: '/tmp/kitchen/encrypted_data_bag_secret' data_bags_path: 'test/integration/data_bags' + encrypted_data_bag_secret_key_path: 'test/integration/default/encrypted_data_bag_secret' diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 6aa2225..a7da026 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,38 +1,38 @@ # This configuration was generated by `rubocop --auto-gen-config` -# on 2014-11-19 14:53:27 -0800 using RuboCop version 0.27.1. +# on 2015-03-06 23:02:43 -0800 using RuboCop version 0.29.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 3 +# Offense count: 5 Metrics/AbcSize: - Max: 62 + Max: 66 -# Offense count: 1 +# Offense count: 2 # Configuration parameters: CountComments. Metrics/ClassLength: - Max: 125 + Max: 126 # Offense count: 1 Metrics/CyclomaticComplexity: - Max: 9 + Max: 8 -# Offense count: 29 +# Offense count: 37 # Configuration parameters: AllowURI, URISchemes. Metrics/LineLength: Max: 148 -# Offense count: 5 +# Offense count: 8 # Configuration parameters: CountComments. Metrics/MethodLength: - Max: 43 + Max: 42 -# Offense count: 1 +# Offense count: 2 Metrics/PerceivedComplexity: - Max: 12 + Max: 9 -# Offense count: 3 +# Offense count: 4 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/BracesAroundHashParameters: @@ -50,7 +50,7 @@ Style/Documentation: Style/DoubleNegation: Enabled: false -# Offense count: 4 +# Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/SignalException: diff --git a/Gemfile b/Gemfile index ea5926d..dfea449 100644 --- a/Gemfile +++ b/Gemfile @@ -8,7 +8,7 @@ group :development do gem 'foodcritic' gem 'fuubar' gem 'pry' - gem 'rubocop', '~> 0.18' + gem 'rubocop', '~> 0.29' gem 'travis', '~> 1.6.10' gem 'webmock' end diff --git a/README.md b/README.md index 4871ef4..a87e373 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ -Description -=========== +# Description Installs the Sumo Logic collector the way we do it at PagerDuty. Allows you to configure the sources to send up; works on Linux x86 and x86-64. Sets up a @@ -8,8 +7,7 @@ manually activating or pushing any buttons. [![Build Status](https://travis-ci.org/PagerDuty/chef-sumologic.svg)](https://travis-ci.org/PagerDuty/chef-sumologic) -Requirements -============ +# Requirements Depends on the Opscode `java` cookbook which ensures you have a /usr/bin/java. Really that's all you need, so feel free to break that dependency if you @@ -19,16 +17,14 @@ The cookbook grabs a Sumo Logic tarball from an http server. Sumo Logic provides you download links if you want to use those, but they're ephemeral, so I suggest hosting it on a local asset server. -Platform --------- +## Platform * Tested on Ubuntu 10.04, 12.04, 14.04 * Tested on CentOS 5.11, 6.6, 7.0 * Will need extra work to run in Windows, Solaris. * Tested under Chef 11.0.0 and 11.16.4 in Ruby 1.9 and 2.1.3. -Attributes -========== +# Attributes See `attributes/default.rb` for default values. @@ -49,11 +45,11 @@ See `attributes/default.rb` for default values. * `node[:sumologic][:collector][:checksum]` - The md5sum of the tarball. * `node[:sumologic][:collector][:url]` - The full URL you're downloading the collector from. -* `node[:sumologic][:admin][:email]` - The email of an admin user that will +* `node[:sumologic][:email]` - The email of an admin user that will be invoked to perform unattended installs of collectors. See Sumo's article for more info: https://service.sumologic.com/ui/help/Unattended_Installation.htm -* `node[:sumologic][:admin][:pass]` - The password for the admin's email above. +* `node[:sumologic][:password]` - The password for the admin's email above. * `node[:sumologic][:log_sources][:default_category]` - You can specify a category for any of your resources through the sumo\_source definition (see below), but this allows you to provide a catch-all that's more descriptive than 'log'. @@ -64,9 +60,25 @@ See `attributes/default.rb` for default values. * `node[:sumologic][:log_sources][:force_timezone]` - Set to *true* to force any timestamps parsed out of log files to this timezone, regardless of any timezone information they may carry. +* `node[:sumologic][:credentials][:bag_name]` - Name of the data bag +* `node[:sumologic][:credentials][:item_name]` - Name of the item within the data bag +* `node[:sumologic][:credentials][:secret_file]` - Path to the local file containing the encryption secret key. Needed if the data bag is encrypted. Typically is located at `/etc/chef/encrypted_data_bag_secret`. -Usage -===== +NOTE: Having `node[:sumologic][:credentials]` set will take precidence over `node[:sumologic][:email]` and `node[:sumologic][:password]` + +# Data bag + +If you set `node[:sumologic][:credentials]`, you must have a data bag setup in the following form: + +``` +{ + "id": "api-creds", + "accessID": "example@example.com", + "accessKey": "password123" +} +``` + +# Usage Drop this cookbook with the default recipe onto your servers and you've got a collector running. Want some sources? Use the sumo\_source definition @@ -84,11 +96,9 @@ configure all of your sources before restarting sumologic. It will also correctly set the '-o' sumocollector parameter for a sumo restart to force the web interface to accept changes to your sources. -Helper Functions -============== +# Helper Functions -Sumologic.collector_exists?(node_name, email, pass) ---------------------------------------------------- +## Sumologic.collector_exists?(node_name, email, pass) This checks whether or not a collector with the given name exists. @@ -96,8 +106,7 @@ This checks whether or not a collector with the given name exists. * `email` - email to use againt the API * `pass` - password for the email above -Changes -======= +# Changes ## v0.0.2 @@ -119,8 +128,7 @@ Changes * Stop forcing a particular URL to work; users can now use whatever URL they please to store their Sumo tarballs. -License and Author -================== +# License and Author * Author:: Grant Ridder () * Author:: Ranjib Dey () diff --git a/libraries/sumo_source_provider.rb b/libraries/sumo_source_provider.rb index c2b8a68..3bac97e 100644 --- a/libraries/sumo_source_provider.rb +++ b/libraries/sumo_source_provider.rb @@ -15,10 +15,21 @@ def whyrun_supported? def load_current_resource return if node['sumologic']['disabled'] + + creds = load_creds + + if creds['accessID'] && creds['accessKey'] + api_username = creds['accessID'] + api_password = creds['accessKey'] + elsif creds['email'] && creds['password'] + api_username = creds['email'] + api_password = creds['password'] + end + @@collector ||= Sumologic::Collector.new( name: node.name, - api_username: node['sumologic']['userID'], - api_password: node['sumologic']['password'], + api_username: api_username, + api_password: api_password, api_timeout: node['sumologic']['api_timeout'] ) @@ -106,6 +117,38 @@ def convergence_description end description end + + # logic modified from https://github.com/SumoLogic/sumologic-collector-chef-cookbook/blob/master/recipes/sumoconf.rb#L34 + def load_creds + if node['sumologic']['credentials'] + creds = node['sumologic']['credentials'] + credentials = {} + + if creds[:secret_file] + secret = Chef::EncryptedDataBagItem.load_secret(creds[:secret_file]) + bag = Chef::EncryptedDataBagItem.load(creds[:bag_name], creds[:item_name], secret) + else + bag = Chef::DataBagItem.load(creds[:bag_name], creds[:item_name]) + end + + [:accessID, :accessKey, :email, :password].each do |item| + credentials[item] = bag[item] + end + + else + if node['sumologic']['userID'] + credentials['email'] = node['sumologic']['userID'] + elsif node['sumologic']['email'] + credentials['email'] = node['sumologic']['email'] + end + + %w(accessID accessKey password).each do |item| + credentials[item] = node['sumologic'][item] + end + end + + credentials + end end end end diff --git a/test/integration/data_bags/sumo-creds/api-creds-encrypt.json b/test/integration/data_bags/sumo-creds/api-creds-encrypt.json new file mode 100644 index 0000000..fbc992b --- /dev/null +++ b/test/integration/data_bags/sumo-creds/api-creds-encrypt.json @@ -0,0 +1,15 @@ +{ + "id": "api-creds-encrypt", + "accessID": { + "encrypted_data": "6WL6jKw9BDl3RjDEjSfU9k6zHr6VCJuWjJU7Tc7s0qFClIklp1ldXBFro9sA\njmtx\n", + "iv": "wgYo/+EgWY+M/34cxwlmQA==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "accessKey": { + "encrypted_data": "a7MB3m5rzOLhHuJKpZJ+l8eXJk12dJILbiWnbXs/rEg=\n", + "iv": "af+kj8cu7aajQmoKi2l89Q==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/test/integration/default/encrypted_data_bag_secret b/test/integration/default/encrypted_data_bag_secret new file mode 100644 index 0000000..6e2f749 --- /dev/null +++ b/test/integration/default/encrypted_data_bag_secret @@ -0,0 +1,11 @@ +7uYbrZii2tlh2PqcHtN/SGckJ9G6RVUPOSOMXeDHaXCq8u+y+DLWRYDvml8IBoTo +CARZ6snNkjGvUptLZBtbqBHSILNFMTpe1wgBOdOuwyTRIEpOnJg+e33J+ilQLdoh +rtytLg7bgI+AEcjJQh2QR3B5jqBK9RYOW7Dv7PTtYyxEpk4azIjGESkGuuB+ztoj +XQhudhMvoxioShkCqXDQKu5l7bV/j1QbJdu/BlAhiZCDbe4ytjZiWfDizmejH9ux +V9u/yHMJS88JyB/eiDYo+NbzSusR86p1Rl6x0RzkTs2lrvnhcEweO7MVDHuOolkV +W6ZMjRxhGdtLCoZnnzIc6GcfFOxEe1RKXIYqkk08/RqbLAKeQmpNY9T80MuaTobE +i1BvLzxS2ezWVhZXZBPkqzfAmOYCHhU7Kzk97xQvpc/ZQ5Rs28rxhtv9RlL/aCdf +wsANLU7IBJ1gMug1srgURc7cRqL7oRTkxUeBkXi+qq0zuQXecgusSGbVdGo2SRTh +U5wKtj/ERxBuxXmQf28vNN6mVNG3mJtOXZJRU1YPHCYVozrL2Fd+Da3NXKXN0VCM +rIpqx9TKNdXv7l/qEcPyCCaZnnHQ+bXEM56rbSQjBcChPhthwx5fN1G/ztNEErZh +zNAbnqrpBUwgveW2hSOkO9eU430QkMyZcSFUBSF2QmE=