delta/ruby-gems/chef.git/chef.gemspec, branch Style_MapToHash github.com: opscode/chef.git add corefoundation gem dependency 2021-09-24T20:56:34+00:00 rishichawda rishichawda@users.noreply.github.com 2021-09-24T20:19:03+00:00 2633eea9dc6c39127eb46fbec92e493476e57913 Signed-off-by: rishichawda <rishichawda@users.noreply.github.com> 
Signed-off-by: rishichawda <rishichawda@users.noreply.github.com>
Add hint on aws-sdk-s3 requirement 2021-09-06T09:11:53+00:00 Thomas Heinen theinen@tecracer.de 2021-09-06T09:11:53+00:00 02064ae146fe868c3acc5b9c2664c62c00871021 Signed-off-by: Thomas Heinen <theinen@tecracer.de> 
Signed-off-by: Thomas Heinen <theinen@tecracer.de>
Lowered SDK dependency to check pipeline failures 2021-09-06T09:10:09+00:00 Thomas Heinen theinen@tecracer.de 2021-08-26T14:26:13+00:00 370e83e917f2caeec7d3c246278688b4f7dacaab Signed-off-by: Thomas Heinen <theinen@tecracer.de> 
Signed-off-by: Thomas Heinen <theinen@tecracer.de>
Enable directly using AWS S3 with --recipe-url parameter of Chef Client 2021-09-06T09:10:03+00:00 Thomas Heinen theinen@tecracer.de 2021-08-26T14:03:43+00:00 d1d4f1b065c11242eaf9f16a66b3405d86b7d35a Signed-off-by: Thomas Heinen <theinen@tecracer.de> 
Signed-off-by: Thomas Heinen <theinen@tecracer.de>
Add support for secrets stored in HashiCorp Vault 2021-08-27T20:09:23+00:00 Marc A. Paradise marc.paradise@gmail.com 2021-08-26T17:06:09+00:00 377ba8443e42dcb002158bb489cb504dc67efc18 Vault secrets are stored as key-value pairs, so the return value from a secret lookup is always a Hash. Example: ``` file "/home/user/test1" do content secret(name: "secret/example", service: :hashi_vault, config: { vault_addr: "vault.example.com", role_name: "example-role" })[:answer] end ``` As shown above, we are expecting a hash from Vault, and are populating the file content based on the value of `:answer` in that hash. Limitations: * This iteration only supports instance authentication via a Vault role connected to an IAM profile. * This iteration does not support versioned secrets Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com> 
Vault secrets are stored as key-value pairs, so the return value
from a secret lookup is always a Hash.

Example:

```
file "/home/user/test1" do
  content secret(name: "secret/example",
                 service: :hashi_vault,
                 config: {
                   vault_addr: "vault.example.com",
                   role_name: "example-role"
                 })[:answer]
end
```
As shown above, we are expecting a hash from Vault, and are populating the file
content based on the value of `:answer` in that hash.

Limitations:

* This iteration only supports instance authentication via a Vault
role connected to an IAM profile.
* This iteration does not support versioned secrets

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
Experimental support for an AWS Secrets Fetcher 2021-07-14T15:07:35+00:00 Marc A. Paradise marc.paradise@gmail.com 2021-07-07T21:42:05+00:00 60e6849aa65aece9ff896a765a92095337298d36 In a recipe, usage will look like the following: value = secret(name: "test1", service: :aws_secrets_manager, config: { region: "us-west-1" }) log "My secret is #{value.secret_string}" Note the use of `secret_string` to determine the secret value. The returned object here is Aws::Types::GetSecretValueResponse from the AWS SDK. This beta implementation supports ec2/imds instance profile authentication but also checks standard locations for credentials configuration -- see documentation [1] for a description of default credentials search behavior. [1] https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager/Client.html#initialize-instance_method Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com> 
In a recipe, usage will look like the following:
  value = secret(name: "test1", service: :aws_secrets_manager, config: { region: "us-west-1" })
  log "My secret is #{value.secret_string}"

Note the use of `secret_string` to determine the secret value. The
returned object here is Aws::Types::GetSecretValueResponse from the AWS SDK.

This beta implementation supports ec2/imds instance profile
authentication but also checks standard locations for credentials
configuration -- see documentation [1] for a description of default credentials search behavior.

[1] https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager/Client.html#initialize-instance_method

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
Remove knife deps from the chef gemspec 2021-05-03T17:53:34+00:00 Tim Smith tsmith@chef.io 2021-05-03T17:53:34+00:00 655e052f8dadb8be65fc94152bcc2c866c74b602 This should help us slim the size of the install down and it should also greatly speed up testing anything that deps directly on chef. Signed-off-by: Tim Smith <tsmith@chef.io> 
This should help us slim the size of the install down and it should also greatly speed up testing anything that deps directly on chef.

Signed-off-by: Tim Smith <tsmith@chef.io>
Remove knife exclusions from chef gem 2021-04-30T17:28:19+00:00 Marc A. Paradise marc.paradise@gmail.com 2021-04-30T17:28:19+00:00 c9a750c9195dacac819de37f9e2526485fb577f5 These are no longer required because knife files will no longer be matched by the given pattern. Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com> 
These are no longer required because knife files
will no longer be matched by the given pattern.

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
Move knife to its own gem 2021-03-31T17:52:49+00:00 Chef Expeditor chef-ci@chef.io 2021-03-11T17:45:48+00:00 01c6a9e1753bd4b2166efe747151ba8700ebc0f5 This moves knife into /knife, in the same way that chef-utils and chef-config are separated. NOTES: == File History == If you see this message as the first message in the history of an knife file, you can see the complete history by using 'git log --follow', 'git config log.follow true' to make it the default behavior in this repository, or 'git config --globa log.follow true' to make it the global default. == API Changes == At the API level, there is one breaking change: CookbookSiteStreamingUploader has been moved out of chef and into knife/core. There were a combination of reasons we chose this path: - CookbookSiteStreamingUploader (CSSU) is only used within Knife. - CookbookSiteStreamingUploader (CSSU) references the command Chef::Knife::CookbookMetadata in order to generate a metadata file for the cookbook to upload - Chef::Knife::CookbookMetadata is no longer available to Chef:: because Knife has been moved to its own gem. Knife gem depends on the Chef gem, so Chef can't depend on something in Knife. A search for usage in related projects (berks, chef-cli) and the Internet at large shows that there are no known external consumers of CSSU. For now, we'll move this class into Knife::Core, as it's going to be faster than splitting off the metadata generation and time is a concern. If we find that we need the metadata generation in chef/ proper, we should evaluate decoupling that functionality from Knife::CookbookMetadata and exposing it via something like `Chef::Cookbook::Metadata#from_cookbook_files` == spec changes == The specs are kept in their existing locations, though we have separated out a `knife_spec_helper` so that we can ensure knife is not directly accessing chef requires; and chef is relying on knife's at all. We also now clear gem paths with each test, to force gem state to reset. This works around a problem where a combination of tests is corrupting the internal Gem state, causing failures in rubygems_spec. See branch `mp/broken-gems` for many more details around findings so far. Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com> 
This moves knife into /knife, in the same way that chef-utils and
chef-config are separated.

NOTES:

== File History ==

If you see this message as the first message in the history of
an knife file, you can see the complete history by using
'git log --follow',  'git config log.follow true'  to make it the default
behavior in this repository, or 'git config --globa log.follow true' to
make it the global default.

== API Changes ==

At the API level, there is one breaking change:
CookbookSiteStreamingUploader has been moved out of chef and into
knife/core.

There were a combination of reasons we chose this path:
- CookbookSiteStreamingUploader (CSSU) is only used within Knife.
- CookbookSiteStreamingUploader (CSSU) references the
  command Chef::Knife::CookbookMetadata in order to generate
  a metadata file for the cookbook to upload
- Chef::Knife::CookbookMetadata is no longer available to Chef:: because
  Knife has been moved to its own gem.  Knife gem depends on the Chef gem,
  so Chef can't depend on something in Knife.

A search for usage in related projects (berks, chef-cli) and the
Internet at large shows that there are no known external consumers of CSSU.

For now, we'll move this class into Knife::Core, as it's going to be
faster than splitting off the metadata generation and time is a concern. If we
find that we need the metadata generation in chef/ proper, we should evaluate
decoupling that functionality from Knife::CookbookMetadata and exposing
it via something like `Chef::Cookbook::Metadata#from_cookbook_files`

== spec changes ==

The specs are kept in their existing locations, though we have
separated out a `knife_spec_helper` so that we can ensure knife is not
directly accessing chef requires; and chef is relying on knife's at all.

We also now clear gem paths with each test, to force gem state to reset.
This works around a problem where a combination of tests
is corrupting the internal Gem state, causing failures in
rubygems_spec.  See branch `mp/broken-gems` for many more details around
findings so far.

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
ruby 3.0 fixes and post-bundle-install hook 2021-03-18T17:35:51+00:00 Lamont Granquist lamont@scriptkiddie.org 2021-03-18T17:26:11+00:00 2d88d96b2cfeabd9eaa5350a1f8b90e54632923c Mostly this is all fixes necessary for ruby 3.0 There's the addition of the appbundle hook which lets us better pull git gems into appbundler Note carefully how after adding the post-bundle-install.rb that trying to pre appbundle-update ohai pulls in chef/chef as bundle installed git gem which fails to install so we go back to only using one appbundle-update on chef/chef and removing the chef/ohai one (which may fix other bugs). Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org> 
Mostly this is all fixes necessary for ruby 3.0

There's the addition of the appbundle hook which lets us better pull
git gems into appbundler

Note carefully how after adding the post-bundle-install.rb that
trying to pre appbundle-update ohai pulls in chef/chef as bundle
installed git gem which fails to install so we go back to only
using one appbundle-update on chef/chef and removing the chef/ohai
one (which may fix other bugs).

Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>