c10l / cookbook-deploy_key Goto Github PK

View Code? Open in Web Editor NEW

44.0 6.0 27.0 39 KB

Idempotent Chef LWRP for creating, adding, removing and deleting SSH Deploy Keys on Bitbucket and Github

Home Page: https://supermarket.getchef.com/cookbooks/deploy_key

License: Other

Ruby 100.00%

cookbook-deploy_key's Introduction

deploy_key cookbook

This is a Chef cookbook to manage deploy_keys on SaaS VCSs. Currently, it supports Bitbucket, Github and GitLab.

This work is heavily based on the ideas and code of ZippyKid's github-deploy-key cookbook.

Usage

Use this cookbook as a dependency of whatever cookbook will manage your deploy keys.

Declare a deploy_key resource and configure the provider:

deploy_key "app_deploy_key" do
  provider Chef::Provider::DeployKeyGithub
  ...
end

Supported providers:

Chef::Provider::DeployKeyGithub
Chef::Provider::DeployKeyBitbucket
Chef::Provider::DeployKeyGitlab

Attributes

label: Used as both the name of the key pair files on disk and the deploy key label on the provider. Defaults to name;
path: The directory where the private and public keys are stored
credentials: The credentials used to authenticate on the API - see below
repo: The repository where the deploy key will be installed. The format varies between providers:

Provider Format

GitHub / Bitbucket username/repo_slug (e.g.: cassianoleal/cookbook-deploy_key)

GitLab an Integer (e.g.: 1, 2, 999)
owner: The owner of the key files on disk. Defaults to root
group: The group of the key files on disk. Defaults to root
mode: The mode that will be passed on to chmod. Defaults to 0600

Provider	Format
GitHub / Bitbucket	`username/repo_slug` (e.g.: `cassianoleal/cookbook-deploy_key`)
GitLab	an Integer (e.g.: `1`, `2`, `999`)

The following attributes apply only to the GitLab provider:

api_url: The url of the GitLab server
client_cert: Client certificate
client_key: Client cert's key

Actions

:create - Runs ssh-keygen to create a key pair on the designed path;
:delete - Deletes the key pair from the disk;
:add - Adds the public key as a deploy key for the repository;
:remove - Removes the key from the list of deploy keys on the repository

Authentication

Authentication can be done either via username/password:

deploy_key "app_deploy_key" do
  provider Chef::Provider::DeployKeyGithub
  credentials({
    :user => '[email protected]',
    :password => 'very_secure_password'
  })
  ...
end

or OAuth token ( Github | Bitbucket ):

deploy_key "app_deploy_key" do
  provider Chef::Provider::DeployKeyGithub
  credentials({
    :token => 'awesome_and_much_more_secure_token'
  })
  ...
end

A full example

deploy_key "bitbucket_key" do
  provider Chef::Provider::DeployKeyBitbucket
  path '/home/app_user/.ssh'
  credentials({
    :token => 'my_bitbucket_oauth_token'
  })
  repo 'organization/million_dollar_app'
  owner 'deploy'
  group 'deploy'
  mode '0640'
  action :add
end

ChefSpec matchers

As of version 0.2.0, the following ChefSpec matchers are available:

create_deploy_key(resource_name)
delete_deploy_key(resource_name)
add_deploy_key(resource_name)
remove_deploy_key(resource_name)

Author

Cassiano Leal ( email | twitter | github )

cookbook-deploy_key's People

Contributors

Stargazers

Watchers

cookbook-deploy_key's Issues

deloy_key resource gives error

I've a git repository hosted in bitbucket and I'm writing a recipe to clone the recipe suing 'deploy_key' and 'git' resource as mentioned below.

deploy_key "bitbucket_key" do
provider Chef::Provider::DeployKeyBitbucket
path 'C:\Windows\Temp'
credentials({
:user => 'my_user',
:password => "my_passowrd"
})
repo 'account/repo.git'
action :add
end

git "C:\ABC" do
repository "[email protected]:account/repo.git"
user "my_user"
action :checkout
end

While deploying recipe I'm getting following error.

Recipe Compile Error in

c:/chef/cache/cookbooks/deploy_key/libraries/deploy_key.rb

Gem::LoadError

Unable to activate httparty-0.12.0, because json-1.7.7 conflicts with json (~>
1.8)

Cookbook Trace:

c:/chef/cache/cookbooks/deploy_key/libraries/deploy_key.rb:22:in `<top
(required)>'

Environment detail:
OS: Windows 2012

Mutliple keys?

Hi, currently this cookbook creates 1 pub/private key per repo. Here I'm doing:

  %w[org/project1 org/project2].each do |repo|
    deploy_key repo.split('/')[1] do
      provider Chef::Provider::DeployKeyBitbucket
      path '/home/classcraft/.ssh'
      credentials({ user: 'my_user', password: 'MY_KEY' })
      repo repo
      owner 'my_user'
      group 'my_group'
      action :add
    end
  end

It seems that git is confused about the fact that it now has two keys. Why do you create a key per repo? Should we not create just 1 key and always upload that one?

Using an LWRP provider by its name directly is no longer supported in Chef 12

I am getting an warning when using DeployKeyGithub as it is show in the documentation.

"WARN: Using an LWRP provider by its name (DeployKeyGithub) directly is no longer supported in Chef 12 and will be removed. Use Chef::ProviderResolver.new(node, resource, action) instead."

I am not certain if this is an issue in the examples in the documentation or in the cookbook code.

Unable to activate httparty-0.12.0, because json-1.7.7 conflicts with json (~> 1.8)

This was reported on the Chef mailing list.

I'm using deploy_key resource to upload ssh key and then using git resource to
clone the repository. I'm getting below mentioned compilation error.

================================================================================
Recipe Compile Error in
c:/chef/cache/cookbooks/deploy_key/libraries/deploy_key.rb
================================================================================

Gem::LoadError
--------------
Unable to activate httparty-0.12.0, because json-1.7.7 conflicts with json (~>
1.8)

Cookbook Trace:
---------------
c:/chef/cache/cookbooks/deploy_key/libraries/deploy_key.rb:22:in `<top
(required)>'

Here is how my recipe looks like.

deploy_key "bitbucket_key" do
  provider Chef::Provider::DeployKeyBitbucket
  path 'C:\Windows\Temp'
  credentials({
    :user => 'my_user',
    :password => "my_passowrd"
  })
  repo 'organization/repo/path'
  action :add
end

git "C:\\ABC" do
  repository "https://bitbucket.org/organization/repo/path"
  user "my_user"
  action :checkout
end

Empty ssh-keygen

I am experiencing a very odd issue with the deploy_key resource. When I provide the name ads_dev-chef-ads1_deploy_key my keys are generated but empty. The files appear, but nothing is in them.

I have appended a single character to the file name and it works. But remove that character and you get empty files.

-rw------- 1 kpdev kpdev 1675 May 19 00:10 aads_dev-chef-ads1_deploy_key
-rw------- 1 kpdev kpdev  382 May 19 00:10 aads_dev-chef-ads1_deploy_key.pub
-rw------- 1 kpdev kpdev    0 May 19 00:07 ads_dev-chef-ads1_deploy_key
-rw------- 1 kpdev kpdev    0 May 19 00:07 ads_dev-chef-ads1_deploy_key.pub

I have removed the cache, deleted the whole ~/.ssh/ folder and the results are always the same. I have even gone so far as to manually run the command and it works.

ssh-keygen -t rsa -q -C '' -f '/home/kpdev/.ssh/ads_dev-chef-ads1_deploy_key' -P "" produces the appropriate output, but not through cookbook-deploy_key

Token with bitbucket?

Which token are we supposed to use with Bitbucket? Currently I'm using username/password, and using the API key as the password.