diff options
| author | Patrick Schaumburg <pschaumburg@tecracer.de> | 2020-03-18 15:16:45 +0100 |
|---|---|---|
| committer | Patrick Schaumburg <pschaumburg@tecracer.de> | 2020-03-18 15:16:45 +0100 |
| commit | 9a5b00b7090d71744d02a18c74421bc9df2c7ed1 (patch) | |
| tree | dbad1b7b31a4ec13598ffeae9380380b2978085e | |
| parent | 11a4a3ba67e4bb3eaf0b83669920836cebc5806a (diff) | |
| parent | da6c80ea71906aa73c605c03bfd8d0b0092490e3 (diff) | |
| download | chef-9a5b00b7090d71744d02a18c74421bc9df2c7ed1.tar.gz | |
Merge branch 'master' into ps/windows_firewall_rule-group
610 files changed, 9110 insertions, 4380 deletions
diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command new file mode 100644 index 0000000000..ea4b9f8b23 --- /dev/null +++ b/.buildkite/hooks/pre-command @@ -0,0 +1,35 @@ +#!/bin/bash + +set -eu + +docker ps || true +free -m || true + +# We've now seen cases where origin/master on the build hosts can get +# out of date. This causes us to build components unnecessarily. +# Fetching it here hopefully will prevent this situation. +echo "Fetching origin/master" +git fetch origin master + +# DEBUGGING FOR RELENG +# Fetch the git tags to see if that addresses the weird smart build behavior for Habitat +git fetch --tags --force + +# Rebase onto current master to ensure this PR is closer to what happens when it's merged. +# Only do this if it's actually a branch (i.e. a PR or a manually created build), not a +# post-merge CI run of master. +if [[ "$BUILDKITE_BRANCH" != "master" ]]; then + git config user.email "you@example.com" # these are needed for the rebase attempt + git config user.name "Your Name" + master=$(git show-ref -s --abbrev origin/master) + pr_head=$(git show-ref -s --abbrev HEAD) + github="https://github.com/chef/chef/commit/" + if git rebase origin/master >/dev/null; then + buildkite-agent annotate --style success --context "rebase-pr-branch-${master}" \ + "Rebased onto master ([${master}](${github}${master}))." + else + git rebase --abort + buildkite-agent annotate --style warning --context "rebase-pr-branch-${master}" \ + "Couldn't rebase onto master ([${master}](${github}${master})), building PR HEAD ([${pr_head}](${github}${pr_head}))." + fi +fi diff --git a/.expeditor/config.yml b/.expeditor/config.yml index d484a18177..c5b5c83e06 100644 --- a/.expeditor/config.yml +++ b/.expeditor/config.yml @@ -2,7 +2,7 @@ --- # the name we use for this project when interacting with expeditor chatbot project: - alias: chef-15 + alias: chef-16 # The name of the product keys for this product (from mixlib-install) product_key: @@ -60,6 +60,8 @@ github: # for building. release_branch: - master: + version_constraint: 16* + - chef-15: version_constraint: 15* - chef-14: version_constraint: 14* diff --git a/.expeditor/release.omnibus.yml b/.expeditor/release.omnibus.yml index 700ecb108c..4e365a5c7b 100644 --- a/.expeditor/release.omnibus.yml +++ b/.expeditor/release.omnibus.yml @@ -13,10 +13,9 @@ builder-to-testers-map: debian-8-x86_64: - debian-8-x86_64 - debian-9-x86_64 + - debian-10-x86_64 el-6-i686: - el-6-i686 - el-6-s390x: - - el-6-s390x el-6-x86_64: - el-6-x86_64 el-7-aarch64: @@ -42,17 +41,16 @@ builder-to-testers-map: sles-12-x86_64: - sles-12-x86_64 - sles-15-x86_64 - solaris2-5.11-i386: - - solaris2-5.11-i386 - solaris2-5.11-sparc: - - solaris2-5.11-sparc +# solaris2-5.11-i386: +# - solaris2-5.11-i386 +# solaris2-5.11-sparc: +# - solaris2-5.11-sparc ubuntu-16.04-x86_64: - ubuntu-16.04-x86_64 - ubuntu-18.04-x86_64 windows-2012r2-i386: - windows-2012r2-i386 windows-2012r2-x86_64: - - windows-2008r2-x86_64 - windows-2012-x86_64 - windows-2012r2-x86_64 - windows-2016-x86_64 diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml index 75e660ace7..52bf06f8e5 100644 --- a/.expeditor/verify.pipeline.yml +++ b/.expeditor/verify.pipeline.yml @@ -26,14 +26,11 @@ steps: docker: image: rubydistros/ubuntu-18.04 privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - BUNDLE_GEMFILE=/workdir/Gemfile - label: "Functional Specs Ubuntu :ruby: 2.6" commands: - /workdir/scripts/bk_tests/bk_container_prep.sh + - apt-get update -y - apt-get install -y cron locales # needed for functional tests to pass - cd /workdir; bundle install --jobs=3 --retry=3 --without omnibus_package docgen ruby_prof - bundle exec rake spec:functional @@ -42,9 +39,6 @@ steps: docker: image: rubydistros/ubuntu-18.04 privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Unit Specs Ubuntu :ruby: 2.6" commands: @@ -56,9 +50,6 @@ steps: executor: docker: image: rubydistros/ubuntu-18.04 - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Integration Specs CentOS :ruby: 2.6" commands: @@ -70,10 +61,6 @@ steps: docker: image: rubydistros/centos-7 privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - BUNDLE_GEMFILE=/workdir/Gemfile - label: "Functional Specs CentOS :ruby: 2.6" commands: @@ -86,9 +73,6 @@ steps: docker: image: rubydistros/centos-7 privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Unit Specs CentOS :ruby: 2.6" commands: @@ -100,9 +84,6 @@ steps: executor: docker: image: rubydistros/centos-7 - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Integration Specs openSUSE :ruby: 2.6" commands: @@ -114,10 +95,6 @@ steps: docker: image: rubydistros/opensuse-15 privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - BUNDLE_GEMFILE=/workdir/Gemfile - label: "Functional Specs openSUSE :ruby: 2.6" commands: @@ -130,9 +107,6 @@ steps: docker: image: rubydistros/opensuse-15 privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Unit Specs openSUSE :ruby: 2.6" commands: @@ -144,9 +118,6 @@ steps: executor: docker: image: rubydistros/opensuse-15 - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Integration Specs Fedora :ruby: 2.6" commands: @@ -158,10 +129,6 @@ steps: docker: image: rubydistros/fedora-latest privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - BUNDLE_GEMFILE=/workdir/Gemfile - label: "Functional Specs Fedora :ruby: 2.6" commands: @@ -188,9 +155,6 @@ steps: executor: docker: image: rubydistros/fedora-latest - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - label: "Integration Specs Windows :ruby: 2.6" commands: @@ -245,10 +209,10 @@ steps: image: rubydistros/ubuntu-18.04 ######################################################################### - # Tests Ruby 2.5 +# Tests Ruby 2.7 ######################################################################### -- label: "Integration Specs :ruby: 2.5" +- label: "Integration Specs :ruby: 2.7" commands: - /workdir/scripts/bk_tests/bk_container_prep.sh - bundle install --jobs=3 --retry=3 --without omnibus_package docgen @@ -256,30 +220,23 @@ steps: expeditor: executor: docker: - image: ruby:2.5-stretch + image: ruby:2.7-buster privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - INTEGRATION_SPECS_25=1 -# -- label: "Functional Specs :ruby: 2.5" + +- label: "Functional Specs :ruby: 2.7" commands: - /workdir/scripts/bk_tests/bk_container_prep.sh - - apt-get install -y cron locales # needed for functional tests to pass + - apt-get update -y + - apt-get install -y cron locales net-tools # needed for functional tests to pass - bundle install --jobs=3 --retry=3 --without omnibus_package docgen - bundle exec rake spec:functional expeditor: executor: docker: - image: ruby:2.5-stretch + image: ruby:2.7-buster privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - FUNCTIONAL_SPECS_25=1 -- label: "Unit Specs :ruby: 2.5" +- label: "Unit Specs :ruby: 2.7" commands: - /workdir/scripts/bk_tests/bk_container_prep.sh - bundle install --jobs=3 --retry=3 --without omnibus_package docgen @@ -288,11 +245,7 @@ steps: expeditor: executor: docker: - image: ruby:2.5-stretch - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - - UNIT_SPECS_25=1 + image: ruby:2.7-buster ######################################################################### # EXTERNAL GEM TESTING @@ -345,7 +298,20 @@ steps: commands: - /workdir/scripts/bk_tests/bk_container_prep.sh - bundle install --jobs=3 --retry=3 --without omnibus_package docgen - - bundle exec tasks/bin/run_external_test chef/knife-windows master rake unit_spec + - bundle exec tasks/bin/run_external_test chef/knife-windows master rake spec + expeditor: + executor: + docker: + image: rubydistros/ubuntu-18.04 + +- label: "Test berkshelf gem :ruby: 2.6" + commands: + - /workdir/scripts/bk_tests/bk_container_prep.sh + - apt-get update -y + - apt-get install -y graphviz + - gem install bundler -v 1.17.3 # necessary for berks Gemfile.lock for now + - bundle install --jobs=3 --retry=3 --without omnibus_package docgen + - bundle exec tasks/bin/run_external_test berkshelf/berkshelf master rake expeditor: executor: docker: @@ -416,6 +382,21 @@ steps: privileged: true single-use: true +- label: "Kitchen Tests Ubuntu: 20.04" + commands: + - scripts/bk_tests/bk_linux_exec.sh + - cd kitchen-tests + - ~/.asdf/shims/bundle exec kitchen test end-to-end-ubuntu-2004 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.yml + expeditor: + executor: + linux: + privileged: true + single-use: true + - label: "Kitchen Tests Debian: 8" commands: - scripts/bk_tests/bk_linux_exec.sh diff --git a/.gitignore b/.gitignore index 7435401e97..52705a76ef 100644 --- a/.gitignore +++ b/.gitignore @@ -80,6 +80,10 @@ docs_site # Rendered Templates ext/win32-eventlog/chef-log.man +distro/powershell/chef/chef.psm1 # tool logs ext/win32-eventlog/mkmf.log + +# ignore byebug command history file. +.byebug_history diff --git a/.rspec b/.rspec deleted file mode 100644 index eb3ef03653..0000000000 --- a/.rspec +++ /dev/null @@ -1,2 +0,0 @@ ---color --fd diff --git a/.rubocop.yml b/.rubocop.yml index 9730861155..9780173555 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -19,7 +19,7 @@ Lint/AssignmentInCondition: Enabled: false Lint/AmbiguousBlockAssociation: Enabled: false -Lint/UnneededSplatExpansion: +Lint/RedundantSplatExpansion: Enabled: false Lint/ShadowingOuterLocalVariable: Enabled: false diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d5e27409f..979d5a0b9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,232 @@ <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ --> -<!-- latest_release --> +<!-- latest_release 16.0.143 --> +## [v16.0.143](https://github.com/chef/chef/tree/v16.0.143) (2020-03-18) + +#### Merged Pull Requests +- Use the correct constant in the resource support files [#9506](https://github.com/chef/chef/pull/9506) ([tas50](https://github.com/tas50)) <!-- latest_release --> +<!-- release_rollup since=15.6.10 --> +### Changes not yet released to stable + +#### Merged Pull Requests +- Use the correct constant in the resource support files [#9506](https://github.com/chef/chef/pull/9506) ([tas50](https://github.com/tas50)) <!-- 16.0.143 --> +- Pull in many of Zenspider's rspec improvements [#9493](https://github.com/chef/chef/pull/9493) ([tas50](https://github.com/tas50)) <!-- 16.0.142 --> +- Turn off notifications from log resource by default [#9484](https://github.com/chef/chef/pull/9484) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.141 --> +- Add user_ulimit resource from the ulimit cookbook [#9487](https://github.com/chef/chef/pull/9487) ([tas50](https://github.com/tas50)) <!-- 16.0.140 --> +- Cleanup a bunch more files and pull in the smaller license-acceptance [#9490](https://github.com/chef/chef/pull/9490) ([tas50](https://github.com/tas50)) <!-- 16.0.139 --> +- Use Dist constants in resource erb templates [#9491](https://github.com/chef/chef/pull/9491) ([bobchaos](https://github.com/bobchaos)) <!-- 16.0.138 --> +- Remove additional files from the gems in our builds [#9489](https://github.com/chef/chef/pull/9489) ([tas50](https://github.com/tas50)) <!-- 16.0.137 --> +- Update Ohai to 16.0.12 [#9488](https://github.com/chef/chef/pull/9488) ([tas50](https://github.com/tas50)) <!-- 16.0.136 --> +- Fix typo in the cron_access docs [#9485](https://github.com/chef/chef/pull/9485) ([tas50](https://github.com/tas50)) <!-- 16.0.135 --> +- Remove some of the ruby cleanup to fix builds [#9486](https://github.com/chef/chef/pull/9486) ([tas50](https://github.com/tas50)) <!-- 16.0.134 --> +- Add alternatives resource for Linux [#9481](https://github.com/chef/chef/pull/9481) ([tas50](https://github.com/tas50)) <!-- 16.0.133 --> +- Update all deps to current [#9483](https://github.com/chef/chef/pull/9483) ([tas50](https://github.com/tas50)) <!-- 16.0.132 --> +- Add always_dump_stacktrace config option & workaround to fix the encoding bugs [#9474](https://github.com/chef/chef/pull/9474) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.131 --> +- Fix load path in test runs. [#9479](https://github.com/chef/chef/pull/9479) ([phiggins](https://github.com/phiggins)) <!-- 16.0.130 --> +- Bring in the extended Ruby cleanup used in chef-workstation [#9478](https://github.com/chef/chef/pull/9478) ([tas50](https://github.com/tas50)) <!-- 16.0.130 --> +- Add the chef-vault helpers from the chef-vault cookbook [#9477](https://github.com/chef/chef/pull/9477) ([tas50](https://github.com/tas50)) <!-- 16.0.129 --> +- Expose equal_to values in property / chef-resource-inspector [#9444](https://github.com/chef/chef/pull/9444) ([tas50](https://github.com/tas50)) <!-- 16.0.128 --> +- Fix require breaking windows functional tests in BK [#9472](https://github.com/chef/chef/pull/9472) ([phiggins](https://github.com/phiggins)) <!-- 16.0.127 --> +- Update Fauxhai to 8.0 [#9471](https://github.com/chef/chef/pull/9471) ([tas50](https://github.com/tas50)) <!-- 16.0.126 --> +- Remove support in debian service init for old update-rc [#9453](https://github.com/chef/chef/pull/9453) ([tas50](https://github.com/tas50)) <!-- 16.0.125 --> +- Use the aws cli to download ruby in the windows tests [#9468](https://github.com/chef/chef/pull/9468) ([tas50](https://github.com/tas50)) <!-- 16.0.124 --> +- Pin to Rake 13.0.1 to prevent double rake [#9464](https://github.com/chef/chef/pull/9464) ([tas50](https://github.com/tas50)) <!-- 16.0.124 --> +- Fix windows_certificate functional tests under buildkite [#9467](https://github.com/chef/chef/pull/9467) ([kapilchouhan99](https://github.com/kapilchouhan99)) <!-- 16.0.123 --> +- Stop installing packages on our constainers that are already there [#9465](https://github.com/chef/chef/pull/9465) ([tas50](https://github.com/tas50)) <!-- 16.0.122 --> +- Use Ohai's cloud attributes in knife node / status presenters [#9460](https://github.com/chef/chef/pull/9460) ([tas50](https://github.com/tas50)) <!-- 16.0.121 --> +- Update Ohai to 16.0.9 [#9461](https://github.com/chef/chef/pull/9461) ([tas50](https://github.com/tas50)) <!-- 16.0.120 --> +- Disable failing windows tests while we troubleshoot [#9459](https://github.com/chef/chef/pull/9459) ([tas50](https://github.com/tas50)) <!-- 16.0.119 --> +- Test on Ubuntu 20.04 in Buildkite [#9458](https://github.com/chef/chef/pull/9458) ([tas50](https://github.com/tas50)) <!-- 16.0.118 --> +- link resource: Remove checks for symoblic link support on Windows [#9455](https://github.com/chef/chef/pull/9455) ([tas50](https://github.com/tas50)) <!-- 16.0.117 --> +- Remove the canonical DSL [#9441](https://github.com/chef/chef/pull/9441) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.116 --> +- timezone: Remove support for ubuntu < 16.04 / Debian < 8 [#9452](https://github.com/chef/chef/pull/9452) ([tas50](https://github.com/tas50)) <!-- 16.0.115 --> +- Update all our links to use the new docs site format / cleanup descriptions [#9445](https://github.com/chef/chef/pull/9445) ([tas50](https://github.com/tas50)) <!-- 16.0.114 --> +- Add windows_security_policy resource [#9280](https://github.com/chef/chef/pull/9280) ([NAshwini](https://github.com/NAshwini)) <!-- 16.0.113 --> +- Ruby 2.7 omnibus builds [#9454](https://github.com/chef/chef/pull/9454) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.112 --> +- Fix file descriptor leak in our tests [#9449](https://github.com/chef/chef/pull/9449) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.111 --> +- Use the action DSL consistently [#9433](https://github.com/chef/chef/pull/9433) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.109 --> +- Replace highline.color with pastel.decorate [#9434](https://github.com/chef/chef/pull/9434) ([btm](https://github.com/btm)) <!-- 16.0.108 --> +- Bump train-core to 3.2.23 [#9432](https://github.com/chef/chef/pull/9432) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 16.0.107 --> +- Deprecate Chef::Platform.supports_msi? [#9422](https://github.com/chef/chef/pull/9422) ([tas50](https://github.com/tas50)) <!-- 16.0.106 --> +- Remove the mixin powershell includes from resources [#9425](https://github.com/chef/chef/pull/9425) ([tas50](https://github.com/tas50)) <!-- 16.0.105 --> +- More removal of Windows 2008 R2 support from windows_feature_powershell [#9426](https://github.com/chef/chef/pull/9426) ([tas50](https://github.com/tas50)) <!-- 16.0.104 --> +- Remove the last bits of Appveyor from the specs [#9427](https://github.com/chef/chef/pull/9427) ([tas50](https://github.com/tas50)) <!-- 16.0.103 --> +- Remove constraints on specs [#9428](https://github.com/chef/chef/pull/9428) ([tas50](https://github.com/tas50)) <!-- 16.0.102 --> +- Fix gsub so only file endings of .rb and .json are removed. [#9429](https://github.com/chef/chef/pull/9429) ([joerg](https://github.com/joerg)) <!-- 16.0.101 --> +- Update gcc pinning for solaris to 5.4.0 [#9430](https://github.com/chef/chef/pull/9430) ([jaymalasinha](https://github.com/jaymalasinha)) <!-- 16.0.100 --> +- Deprecate the older_than_win_2012_or_8? helper [#9424](https://github.com/chef/chef/pull/9424) ([tas50](https://github.com/tas50)) <!-- 16.0.99 --> +- Don't require/include Mixin Shellout in freebsd_package and openbsd_package [#9423](https://github.com/chef/chef/pull/9423) ([tas50](https://github.com/tas50)) <!-- 16.0.98 --> +- directory resource: Remove support for macOS < 10.11 [#9421](https://github.com/chef/chef/pull/9421) ([tas50](https://github.com/tas50)) <!-- 16.0.97 --> +- Deprecate supports_powershell_execution_bypass? check [#9418](https://github.com/chef/chef/pull/9418) ([tas50](https://github.com/tas50)) <!-- 16.0.96 --> +- Remove support for macOS < 10.12 in the service resource [#9420](https://github.com/chef/chef/pull/9420) ([tas50](https://github.com/tas50)) <!-- 16.0.95 --> +- Remove all the code that checks for Windows Nano [#9417](https://github.com/chef/chef/pull/9417) ([tas50](https://github.com/tas50)) <!-- 16.0.94 --> +- Update Ohai to 16.0.7 [#9415](https://github.com/chef/chef/pull/9415) ([tas50](https://github.com/tas50)) <!-- 16.0.93 --> +- Update the rhsm_erata* and rhsm_register resources for RHEL 8 [#9409](https://github.com/chef/chef/pull/9409) ([tas50](https://github.com/tas50)) <!-- 16.0.92 --> +- Remove the "Core" DSL for Chef-16 [#9411](https://github.com/chef/chef/pull/9411) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.91 --> +- Accept exit code 3010 as valid in windows_package [#9396](https://github.com/chef/chef/pull/9396) ([tas50](https://github.com/tas50)) <!-- 16.0.90 --> +- Cookstyle fixes for our resources [#9395](https://github.com/chef/chef/pull/9395) ([tas50](https://github.com/tas50)) <!-- 16.0.89 --> +- Update license_scout to 1.1.7 to resolve build failures [#9402](https://github.com/chef/chef/pull/9402) ([tas50](https://github.com/tas50)) <!-- 16.0.88 --> +- Bump all deps to current [#9401](https://github.com/chef/chef/pull/9401) ([tas50](https://github.com/tas50)) <!-- 16.0.87 --> +- Migrating windows_user_privilege resource from windows cookbook [#9279](https://github.com/chef/chef/pull/9279) ([Vasu1105](https://github.com/Vasu1105)) <!-- 16.0.86 --> +- Convert the node[:platform_version] to a Chef::VersionString [#9400](https://github.com/chef/chef/pull/9400) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.85 --> +- Use the chef-utils helpers in our resources [#9397](https://github.com/chef/chef/pull/9397) ([tas50](https://github.com/tas50)) <!-- 16.0.84 --> +- More unified mode conversion and resource cleanup [#9393](https://github.com/chef/chef/pull/9393) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.83 --> +- Dist windows powershell wrapper [#9065](https://github.com/chef/chef/pull/9065) ([bobchaos](https://github.com/bobchaos)) <!-- 16.0.81 --> +- Bump inspec-core to 4.18.97 [#9388](https://github.com/chef/chef/pull/9388) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 16.0.80 --> +- ChefFS & knife environment matching the output [#8986](https://github.com/chef/chef/pull/8986) ([vsingh-msys](https://github.com/vsingh-msys)) <!-- 16.0.79 --> +- When bootstrapping don't send an empty run_list if we are using policyfiles instead [#9156](https://github.com/chef/chef/pull/9156) ([NAshwini](https://github.com/NAshwini)) <!-- 16.0.78 --> +- Add distro constants to the bootstrap templates to support non-Chef distros [#9371](https://github.com/chef/chef/pull/9371) ([bobchaos](https://github.com/bobchaos)) <!-- 16.0.77 --> +- Parse YAML recipes [#8653](https://github.com/chef/chef/pull/8653) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.76 --> +- Update HTTPServerException to be HTTPClientException [#9381](https://github.com/chef/chef/pull/9381) ([tas50](https://github.com/tas50)) <!-- 16.0.75 --> +- Convert more resources to unified_mode [#9386](https://github.com/chef/chef/pull/9386) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.74 --> +- fix ruby 2.7 URI.unescape deprecation [#9387](https://github.com/chef/chef/pull/9387) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.73 --> +- Chefstyle fixes identified with Rubocop 0.80 [#9374](https://github.com/chef/chef/pull/9374) ([tas50](https://github.com/tas50)) <!-- 16.0.72 --> +- Fix our verbosity help [#9385](https://github.com/chef/chef/pull/9385) ([tas50](https://github.com/tas50)) <!-- 16.0.71 --> +- Relax the cheffish constraint [#9379](https://github.com/chef/chef/pull/9379) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.69 --> +- Update libarchive to 3.4.2 and nokogiri to 1.10.8 [#9377](https://github.com/chef/chef/pull/9377) ([tas50](https://github.com/tas50)) <!-- 16.0.68 --> +- Use require_relative within the specs [#9375](https://github.com/chef/chef/pull/9375) ([tas50](https://github.com/tas50)) <!-- 16.0.67 --> +- windows_ad_join: Fix joining specific domains when domain trusts are involved [#9370](https://github.com/chef/chef/pull/9370) ([srb3](https://github.com/srb3)) <!-- 16.0.66 --> +- Add examples to various resources [#9366](https://github.com/chef/chef/pull/9366) ([tas50](https://github.com/tas50)) <!-- 16.0.65 --> +- Add chef_vault_secret resource from chef-vault cookbook [#9364](https://github.com/chef/chef/pull/9364) ([tas50](https://github.com/tas50)) <!-- 16.0.64 --> +- Bump all deps to the latest [#9365](https://github.com/chef/chef/pull/9365) ([tas50](https://github.com/tas50)) <!-- 16.0.63 --> +- Add missing require_relative in chef-utils [#9363](https://github.com/chef/chef/pull/9363) ([tas50](https://github.com/tas50)) <!-- 16.0.62 --> +- Allow setting file_cache_path and file_backup_path value in client.rb during bootstrap [#9361](https://github.com/chef/chef/pull/9361) ([kapilchouhan99](https://github.com/kapilchouhan99)) <!-- 16.0.61 --> +- Add compile_time property to all resources [#9360](https://github.com/chef/chef/pull/9360) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.60 --> +- update syntax of `update-rc.d` commands in enable & disable actions [#8884](https://github.com/chef/chef/pull/8884) ([robuye](https://github.com/robuye)) <!-- 16.0.59 --> +- Add notify_group resource [#9349](https://github.com/chef/chef/pull/9349) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.58 --> +- Update docker? help comment to show it's since 12.11 [#9348](https://github.com/chef/chef/pull/9348) ([tas50](https://github.com/tas50)) <!-- 16.0.57 --> +- Bump inspec-core to 4.18.85 [#9346](https://github.com/chef/chef/pull/9346) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 16.0.56 --> +- Expand the path in knife cookbook upload errors [#9344](https://github.com/chef/chef/pull/9344) ([tas50](https://github.com/tas50)) <!-- 16.0.55 --> +- Lazy load as many knife deps as possible [#9343](https://github.com/chef/chef/pull/9343) ([tas50](https://github.com/tas50)) <!-- 16.0.54 --> +- Improve welcome text in chef-shell [#9342](https://github.com/chef/chef/pull/9342) ([tas50](https://github.com/tas50)) <!-- 16.0.53 --> +- Add Debian 10 (Buster) Tester [#9341](https://github.com/chef/chef/pull/9341) ([christopher-snapp](https://github.com/christopher-snapp)) <!-- 16.0.52 --> +- Update FFI and pin win32-service to 2.1.5+ [#9337](https://github.com/chef/chef/pull/9337) ([tas50](https://github.com/tas50)) <!-- 16.0.51 --> +- Pull the windows Ruby installer from S3 for tests [#9332](https://github.com/chef/chef/pull/9332) ([tas50](https://github.com/tas50)) <!-- 16.0.50 --> +- Swap the methods and the aliases in the chef-utils platforms [#9327](https://github.com/chef/chef/pull/9327) ([tas50](https://github.com/tas50)) <!-- 16.0.49 --> +- Add a default_description in windows_task [#9329](https://github.com/chef/chef/pull/9329) ([tas50](https://github.com/tas50)) <!-- 16.0.48 --> +- Add some version string backcompat APIs [#9330](https://github.com/chef/chef/pull/9330) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.47 --> +- Add chef-sugar virtualization helpers [#9315](https://github.com/chef/chef/pull/9315) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.46 --> +- Expand the chef-utils yard for better vscode plugin generation [#9326](https://github.com/chef/chef/pull/9326) ([tas50](https://github.com/tas50)) <!-- 16.0.45 --> +- Document the new hidden field in mac_user ships in 15.8 [#9322](https://github.com/chef/chef/pull/9322) ([tas50](https://github.com/tas50)) <!-- 16.0.44 --> +- Add an introduced field to sysctl and expand testing [#9321](https://github.com/chef/chef/pull/9321) ([tas50](https://github.com/tas50)) <!-- 16.0.43 --> +- Add comment block to sysctl resource [#8409](https://github.com/chef/chef/pull/8409) ([lanky](https://github.com/lanky)) <!-- 16.0.42 --> +- mac_user: fixing gid and system properties, and adding hidden property [#9275](https://github.com/chef/chef/pull/9275) ([chilcote](https://github.com/chilcote)) <!-- 16.0.41 --> +- Adding entitlement for unsigned memory execution [#9317](https://github.com/chef/chef/pull/9317) ([jonsmorrow](https://github.com/jonsmorrow)) <!-- 16.0.40 --> +- Fix wrong windows_firewall_rule specs which is passing :enable action which does not existurce does not have enable action so passing… [#9298](https://github.com/chef/chef/pull/9298) ([Vasu1105](https://github.com/Vasu1105)) <!-- 16.0.39 --> +- Bump win32-service to 2.1.5 [#9301](https://github.com/chef/chef/pull/9301) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 16.0.38 --> +- Add chef-sugar include_recipe? helper [#9304](https://github.com/chef/chef/pull/9304) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.37 --> +- chef-utils: add which/train_helpers/path_sanity to the DSL [#9303](https://github.com/chef/chef/pull/9303) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.36 --> +- Add cloud helpers from chef-sugar [#9302](https://github.com/chef/chef/pull/9302) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.35 --> +- Move knife-acl gem commands into chef in their own namespaces [#9292](https://github.com/chef/chef/pull/9292) ([tas50](https://github.com/tas50)) <!-- 16.0.34 --> +- revert to "chef" [#9300](https://github.com/chef/chef/pull/9300) ([bobchaos](https://github.com/bobchaos)) <!-- 16.0.33 --> +- declare_resource.rb: consistently use `/x/y.txt` [#9273](https://github.com/chef/chef/pull/9273) ([michel-slm](https://github.com/michel-slm)) <!-- 16.0.32 --> +- Add windows_nt_version and powershell_version helpers to chef-utils [#9297](https://github.com/chef/chef/pull/9297) ([tas50](https://github.com/tas50)) <!-- 16.0.31 --> +- add bk testing against merge commit [#9296](https://github.com/chef/chef/pull/9296) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.30 --> +- Fix fuzzy node search to work when the search type is a string rather than a symbol [#9287](https://github.com/chef/chef/pull/9287) ([mimato](https://github.com/mimato)) <!-- 16.0.29 --> +- Add ruby 2.7 expeditor testing [#9271](https://github.com/chef/chef/pull/9271) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.28 --> +- debian 10 ifconfig fix [#9294](https://github.com/chef/chef/pull/9294) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.27 --> +- Remove DK wording from knife warning [#9293](https://github.com/chef/chef/pull/9293) ([tas50](https://github.com/tas50)) <!-- 16.0.26 --> +- Update knife status --long to use cloud attributes not ec2 specific attributes [#7882](https://github.com/chef/chef/pull/7882) ([tas50](https://github.com/tas50)) <!-- 16.0.25 --> +- apt_repository: add a description for components when using a PPA [#9289](https://github.com/chef/chef/pull/9289) ([tas50](https://github.com/tas50)) <!-- 16.0.24 --> +- Merge pull request #9291 from chef/lcg/chef-utils-doc-touchup [#9291](https://github.com/chef/chef/pull/9291) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.23 --> +- Remove the sites-cookbooks dir from the cookbook_path default config [#9290](https://github.com/chef/chef/pull/9290) ([tas50](https://github.com/tas50)) <!-- 16.0.22 --> +- Remove the deprecated knife cookbook site commands [#9288](https://github.com/chef/chef/pull/9288) ([tas50](https://github.com/tas50)) <!-- 16.0.21 --> +- Remove more support for Windows 2008 R2 / RHEL 5 [#9261](https://github.com/chef/chef/pull/9261) ([tas50](https://github.com/tas50)) <!-- 16.0.20 --> +- [chef-16] Remove the data bag secret short option [#9263](https://github.com/chef/chef/pull/9263) ([vsingh-msys](https://github.com/vsingh-msys)) <!-- 16.0.19 --> +- add berkshelf as an external test [#9284](https://github.com/chef/chef/pull/9284) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.18 --> +- berks upload skip syntax check fixes [#9281](https://github.com/chef/chef/pull/9281) ([vsingh-msys](https://github.com/vsingh-msys)) <!-- 16.0.17 --> +- switch the load method back to not raising + deprecation [#9274](https://github.com/chef/chef/pull/9274) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.16 --> +- Cleanup the specs for the load_cookbooks warnings [#9269](https://github.com/chef/chef/pull/9269) ([tas50](https://github.com/tas50)) <!-- 16.0.15 --> +- Ruby 2.7 IRB and remaining fixes [#9267](https://github.com/chef/chef/pull/9267) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.14 --> +- Use .load! in the Cookbook loader not .load_cookbooks [#9266](https://github.com/chef/chef/pull/9266) ([tas50](https://github.com/tas50)) <!-- 16.0.13 --> +- Provider a better error message in Chef::Cookbook::CookbookVersionLoader [#9264](https://github.com/chef/chef/pull/9264) ([tas50](https://github.com/tas50)) <!-- 16.0.12 --> +- Fixes all notarization issues [#9219](https://github.com/chef/chef/pull/9219) ([jonsmorrow](https://github.com/jonsmorrow)) <!-- 16.0.11 --> +- Bump train-core to 3.2.14 [#9258](https://github.com/chef/chef/pull/9258) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 16.0.10 --> +- fix a few more ruby 2.7 specs [#9253](https://github.com/chef/chef/pull/9253) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.9 --> +- launchd: Fix capitalization of HardResourceLimits [#9239](https://github.com/chef/chef/pull/9239) ([rb2k](https://github.com/rb2k)) <!-- 16.0.8 --> +- Fix most Ruby 2.7 test failures / systemd service provider splat args conversion [#9251](https://github.com/chef/chef/pull/9251) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.7 --> +- Raises error if there is empty cookbook directory at the time o… [#9011](https://github.com/chef/chef/pull/9011) ([Vasu1105](https://github.com/Vasu1105)) <!-- 16.0.6 --> +- move Chef::VersionString to Chef::Utils [#9234](https://github.com/chef/chef/pull/9234) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.5 --> +- Add windows helpers for install type [#9235](https://github.com/chef/chef/pull/9235) ([tas50](https://github.com/tas50)) <!-- 16.0.4 --> +- WIP: Chef-16 resource cleanup + unified_mode [#9174](https://github.com/chef/chef/pull/9174) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 16.0.3 --> +- Require Ruby 2.6+ [#9247](https://github.com/chef/chef/pull/9247) ([tas50](https://github.com/tas50)) <!-- 16.0.2 --> +- Update to Ohai 16.0.2 [#9246](https://github.com/chef/chef/pull/9246) ([tas50](https://github.com/tas50)) <!-- 16.0.1 --> +- Remove RHEL 6 s390x (zLinux) support [#9233](https://github.com/chef/chef/pull/9233) ([jaymalasinha](https://github.com/jaymalasinha)) <!-- 15.7.23 --> +- Add time_out property in cron resource [#9153](https://github.com/chef/chef/pull/9153) ([Nimesh-Msys](https://github.com/Nimesh-Msys)) <!-- 15.7.22 --> +- Generate metadata.json from metadata.rb if not exist before knife cookbook upload or knife upload or berkshelf upload [#9073](https://github.com/chef/chef/pull/9073) ([Vasu1105](https://github.com/Vasu1105)) <!-- 15.7.21 --> +- Update openssl to 1.0.2u [#9229](https://github.com/chef/chef/pull/9229) ([tas50](https://github.com/tas50)) <!-- 15.7.20 --> +- Windows Path on Bootstrap [#8669](https://github.com/chef/chef/pull/8669) ([Xorima](https://github.com/Xorima)) <!-- 15.7.19 --> +- Use /etc/chef for bootstrapping instead of CONF_DIR [#9226](https://github.com/chef/chef/pull/9226) ([marcparadise](https://github.com/marcparadise)) <!-- 15.7.18 --> +- Use the right class in knife supermarket install [#9217](https://github.com/chef/chef/pull/9217) ([tas50](https://github.com/tas50)) <!-- 15.7.17 --> +- Fix for windows task not idempotent on the windows19 and window… [#9223](https://github.com/chef/chef/pull/9223) ([Vasu1105](https://github.com/Vasu1105)) <!-- 15.7.16 --> +- x509_certificate : Add the capability to automatically renew a certificate [#9187](https://github.com/chef/chef/pull/9187) ([julienhuon](https://github.com/julienhuon)) <!-- 15.7.15 --> +- Update to license_scout 1.1.2 [#9212](https://github.com/chef/chef/pull/9212) ([tas50](https://github.com/tas50)) <!-- 15.7.12 --> +- Do not build Chef Infra Client on Windows 2008 R2 [#9203](https://github.com/chef/chef/pull/9203) ([tas50](https://github.com/tas50)) <!-- 15.7.11 --> +- Clear password flags when setting the password on aix [#9209](https://github.com/chef/chef/pull/9209) ([Triodes](https://github.com/Triodes)) <!-- 15.7.10 --> +- Fixes for sudo resource fails on 2nd converge when Cmnd_Alias is used [#9186](https://github.com/chef/chef/pull/9186) ([samshinde](https://github.com/samshinde)) <!-- 15.7.9 --> +- Update all deps to current [#9210](https://github.com/chef/chef/pull/9210) ([tas50](https://github.com/tas50)) <!-- 15.7.8 --> +- Expand chef-utils yard comments and make consistent [#9188](https://github.com/chef/chef/pull/9188) ([tas50](https://github.com/tas50)) <!-- 15.7.7 --> +- Remove legacy Net::HTTP not needed in Ruby 2.2+ [#9200](https://github.com/chef/chef/pull/9200) ([tas50](https://github.com/tas50)) <!-- 15.7.6 --> +- Last batch of wordmarks removal for chef-config [#9176](https://github.com/chef/chef/pull/9176) ([bobchaos](https://github.com/bobchaos)) <!-- 15.7.5 --> +- Bump chef-vault to 4.0.1, chef-zero to 14.0.17, mixlib-shellout to 3.0.9, and mixlib-authentication to 3.0.6 [#9198](https://github.com/chef/chef/pull/9198) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 15.7.4 --> +- Bump mixlib-archive to 1.0.5 [#9196](https://github.com/chef/chef/pull/9196) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 15.7.3 --> +- Bump ffi-yajl to 2.3.3 [#9195](https://github.com/chef/chef/pull/9195) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 15.7.2 --> +- Update libarchive to 1.0 [#9194](https://github.com/chef/chef/pull/9194) ([tas50](https://github.com/tas50)) <!-- 15.7.1 --> +- Update all omnibus deps to the latest [#9192](https://github.com/chef/chef/pull/9192) ([tas50](https://github.com/tas50)) <!-- 15.7.0 --> +- Bump mixlib-cli to 2.1.5 as well as Ohai, cheffish, and telemetry [#9191](https://github.com/chef/chef/pull/9191) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 15.6.21 --> +- Fix event log message description format [#9190](https://github.com/chef/chef/pull/9190) ([dheerajd-msys](https://github.com/dheerajd-msys)) <!-- 15.6.20 --> +- resource archive_file: apply ownership to extracted files only [#9173](https://github.com/chef/chef/pull/9173) ([bobchaos](https://github.com/bobchaos)) <!-- 15.6.19 --> +- add new option bootstrap_product for install cinc via bootstrap [#9112](https://github.com/chef/chef/pull/9112) ([sawanoboly](https://github.com/sawanoboly)) <!-- 15.6.18 --> +- Bump inspec-core to 4.18.51 [#9168](https://github.com/chef/chef/pull/9168) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 15.6.17 --> +- try unit + functional tests [#9163](https://github.com/chef/chef/pull/9163) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 15.6.14 --> +- Bump train-core to 3.2.5 [#9159](https://github.com/chef/chef/pull/9159) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 15.6.12 --> +- Fix mac_user breakage and logging [#9158](https://github.com/chef/chef/pull/9158) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 15.6.11 --> <!-- release_rollup --> -<!-- release_rollup --> <!-- latest_stable_release --> +## [v15.6.10](https://github.com/chef/chef/tree/v15.6.10) (2019-12-12) + +#### Merged Pull Requests +- Spelling, punctuation, grammar [#9122](https://github.com/chef/chef/pull/9122) ([ehershey](https://github.com/ehershey)) +- restoring correct value to windows event source [#9117](https://github.com/chef/chef/pull/9117) ([bobchaos](https://github.com/bobchaos)) +- [yum_repository] Add indentation for multiple baseurls [#9134](https://github.com/chef/chef/pull/9134) ([bugok](https://github.com/bugok)) +- Tiny spelling typo and grammar [#9135](https://github.com/chef/chef/pull/9135) ([ehershey](https://github.com/ehershey)) +- Resolve non-zero "success" error code issues with linux_user re… [#9105](https://github.com/chef/chef/pull/9105) ([skippyj](https://github.com/skippyj)) +- Bump omnibus-software to remove libtool+pkg-config [#9136](https://github.com/chef/chef/pull/9136) ([lamont-granquist](https://github.com/lamont-granquist)) +- Update Ohai and pull in Ruby perf improvements [#9137](https://github.com/chef/chef/pull/9137) ([tas50](https://github.com/tas50)) +- Bump Omnibus to the latest [#9138](https://github.com/chef/chef/pull/9138) ([tas50](https://github.com/tas50)) +- Update omnnibus-software to add further ruby cleanup [#9141](https://github.com/chef/chef/pull/9141) ([tas50](https://github.com/tas50)) +- Update ruby_prof to 1.0 [#9130](https://github.com/chef/chef/pull/9130) ([tas50](https://github.com/tas50)) +- bump omnibus-software + rhel6 fix [#9145](https://github.com/chef/chef/pull/9145) ([lamont-granquist](https://github.com/lamont-granquist)) +- Specify item path in Node.read! error message [#9147](https://github.com/chef/chef/pull/9147) ([zeusttu](https://github.com/zeusttu)) +- Symbolize config for ssl_verify_mode in credentials [#9064](https://github.com/chef/chef/pull/9064) ([teknofire](https://github.com/teknofire)) +- Replace hardcoded /etc/chef with Chef::Dist::CONF_DIR [#9060](https://github.com/chef/chef/pull/9060) ([bobchaos](https://github.com/bobchaos)) +- Fix for ChefConfig should expand relative paths [#9042](https://github.com/chef/chef/pull/9042) ([kapilchouhan99](https://github.com/kapilchouhan99)) +- Fix apt_repository uri single/double quotes and spaces [#9036](https://github.com/chef/chef/pull/9036) ([vsingh-msys](https://github.com/vsingh-msys)) +- Add output for the file provider verification [#9039](https://github.com/chef/chef/pull/9039) ([lamont-granquist](https://github.com/lamont-granquist)) +- Add a new distro constant for chef-apply [#9149](https://github.com/chef/chef/pull/9149) ([bobchaos](https://github.com/bobchaos)) +- Remove duplicate constant for Chef::Dist::SHORT [#9150](https://github.com/chef/chef/pull/9150) ([bobchaos](https://github.com/bobchaos)) +- Bump ohai to 15.6.3 [#9152](https://github.com/chef/chef/pull/9152) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) +<!-- latest_stable_release --> + +## [v15.5.17](https://github.com/chef/chef/tree/v15.5.17) (2019-11-21) + +## [v15.5.16](https://github.com/chef/chef/tree/v15.5.16) (2019-11-21) + +#### Merged Pull Requests +- Require relative in the win32-eventlog rakefile [#9116](https://github.com/chef/chef/pull/9116) ([tas50](https://github.com/tas50)) + +## [v15.5.15](https://github.com/chef/chef/tree/v15.5.15) (2019-11-19) + +#### Merged Pull Requests +- Improve input validation on windows_package [#9102](https://github.com/chef/chef/pull/9102) ([tas50](https://github.com/tas50)) +- Don't ship the extra rake tasks in the gem [#9104](https://github.com/chef/chef/pull/9104) ([tas50](https://github.com/tas50)) +- Convert reboot resource to a custom resource with descriptions [#7239](https://github.com/chef/chef/pull/7239) ([tas50](https://github.com/tas50)) +- Remove bonus `.md` to fix link [#9110](https://github.com/chef/chef/pull/9110) ([btm](https://github.com/btm)) +- Fix failures in build_essential on rhel platforms [#9111](https://github.com/chef/chef/pull/9111) ([lamont-granquist](https://github.com/lamont-granquist)) +- fix enforce_path_sanity being set to true [#9114](https://github.com/chef/chef/pull/9114) ([lamont-granquist](https://github.com/lamont-granquist)) + ## [v15.5.9](https://github.com/chef/chef/tree/v15.5.9) (2019-11-15) #### Merged Pull Requests @@ -52,7 +273,6 @@ - Bump inspec-core-bin to 4.18.39 [#9098](https://github.com/chef/chef/pull/9098) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) - Improve resource descriptions and the rake task for docs generation [#9097](https://github.com/chef/chef/pull/9097) ([tas50](https://github.com/tas50)) - Add Chef Infra Client 15.5. release notes [#9089](https://github.com/chef/chef/pull/9089) ([tas50](https://github.com/tas50)) -<!-- latest_stable_release --> ## [v15.4.45](https://github.com/chef/chef/tree/v15.4.45) (2019-10-15) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c0e82f5c18..51a2d34c36 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -33,9 +33,9 @@ Code review takes place in GitHub pull requests. See [this article](https://help Once you open a pull request, project maintainers will review your code and respond to your pull request with any feedback they might have. The process at this point is as follows: -1. Two thumbs-up (:+1:) are required from project maintainers. See the master maintainers document for Chef projects at <https://github.com/chef/chef-oss-practices/blob/master/projects/chef-infra.md>. +1. Two or more members of the owners, approvers, or reviewers groups must approve your PR. See the [Chef Infra OSS Project](https://github.com/chef/chef-oss-practices/blob/master/projects/chef-infra.md) for a list of all members. 2. Your change will be merged into the project's `master` branch -3. Our Expeditor bot will automatically update the project's changelog with your contribution. For projects such as Chef and Chef-DK the version will be automatically incremented and a build kicked off to the project's `current` channel. +3. Our Expeditor bot will automatically increment the version and update the project's changelog with your contribution. For projects that ship as a package, Expeditor will kick off a build which will publish the package to the project's `current` channel. If you would like to learn about when your code will be available in a release of Chef, read more about [Chef Release Cycles](#release-cycles). @@ -90,7 +90,7 @@ The DCO requires a sign-off message in the following format appear on each commi Signed-off-by: Julia Child <juliachild@chef.io> ``` -The DCO text can either be manually added to your commit body, or you can add either **-s** or **--signoff** to your usual git commit commands. If you forget to add the sign-off you can also amend a previous commit with the sign-off by running **git commit --amend -s**. If you've pushed your changes to GitHub already you'll need to force push your branch after this with **git push -f**. +The DCO text can either be manually added to your commit body, or you can add either **-s** or **--signoff** to your usual git commit commands. If you are using the GitHub UI to make a change you can add the sign-off message directly to the commit message when creating the pull request. If you forget to add the sign-off you can also amend a previous commit with the sign-off by running **git commit --amend -s**. If you've pushed your changes to GitHub already you'll need to force push your branch after this with **git push -f**. ### Chef Obvious Fix Policy diff --git a/Dockerfile b/Dockerfile index 238686f033..8b91aae4af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ LABEL maintainer="Chef Software, Inc. <docker@chef.io>" ARG EXPEDITOR_CHANNEL ARG CHANNEL=stable ARG EXPEDITOR_VERSION -ARG VERSION=15.5.9 +ARG VERSION=15.6.10 # Allow the build arg below to be controlled by either build arguments ENV VERSION ${EXPEDITOR_VERSION:-${VERSION}} @@ -7,7 +7,6 @@ source "https://rubygems.org" # of bundler versions prior to 1.12.0 (https://github.com/bundler/bundler/commit/193a14fe5e0d56294c7b370a0e59f93b2c216eed) gem "chef", path: "." -# necessary until we release ohai 15 gem "ohai", git: "https://github.com/chef/ohai.git", branch: "master" gem "chef-utils", path: File.expand_path("../chef-utils", __FILE__) if File.exist?(File.expand_path("../chef-utils", __FILE__)) @@ -21,7 +20,7 @@ else gem "chef-bin" # rubocop:disable Bundler/DuplicatedGem end -gem "cheffish", "~> 14" +gem "cheffish", ">= 14" group(:omnibus_package) do gem "appbundler" @@ -46,7 +45,8 @@ end # Everything except AIX group(:ruby_prof) do - gem "ruby-prof", "< 0.18" # 0.18 includes a x64-mingw32 gem, which doesn't load correctly. See https://github.com/ruby-prof/ruby-prof/issues/255 + # ruby-prof 1.3.0 does not compile on our centos6 builders/kitchen testers + gem "ruby-prof", "< 1.3.0" end # Everything except AIX and Windows @@ -58,7 +58,7 @@ group(:development, :test) do # we pin rake as a copy of rake is installed from the ruby source # if you bump the ruby version you should confirm we don't end up with # two rake gems installed again - gem "rake", "<= 12.3.2" + gem "rake", "<= 13.0.1" gem "rspec-core", "~> 3.5" gem "rspec-mocks", "~> 3.5" diff --git a/Gemfile.lock b/Gemfile.lock index 9fe948f39a..16ff168712 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,18 +1,18 @@ GIT remote: https://github.com/chef/chefstyle.git - revision: c12114af6196c4bc843bb39b930f6141a3239ff5 + revision: ebbcec68f08a048406764ceae8d2ac33a33507af branch: master specs: - chefstyle (0.14.0) - rubocop (= 0.75.1) + chefstyle (0.15.1) + rubocop (= 0.80.1) GIT remote: https://github.com/chef/ohai.git - revision: 12d0d485b09a003500feb8c5f4078f9ba8f119a9 + revision: 10615b80e8abd2a8a3263a3514822a90158c14d1 branch: master specs: - ohai (15.3.1) - chef-config (>= 12.8, < 16) + ohai (16.0.12) + chef-config (>= 12.8, < 17) ffi (~> 1.9) ffi-yajl (~> 2.2) ipaddress @@ -27,12 +27,13 @@ GIT PATH remote: . specs: - chef (15.5.9) + chef (16.0.143) addressable bcrypt_pbkdf (~> 1.0) bundler (>= 1.10) - chef-config (= 15.5.9) - chef-utils (= 15.5.9) + chef-config (= 16.0.143) + chef-utils (= 16.0.143) + chef-vault chef-zero (>= 14.0.11) diff-lcs (~> 1.2, >= 1.2.4) ed25519 (~> 1.2) @@ -51,7 +52,8 @@ PATH net-sftp (~> 2.1, >= 2.1.2) net-ssh (>= 4.2, < 6) net-ssh-multi (~> 1.2, >= 1.2.1) - ohai (~> 15.0) + ohai (~> 16.0) + pastel plist (~> 3.2) proxifier (~> 1.0) syslog-logger (~> 1.6) @@ -59,12 +61,13 @@ PATH train-winrm (>= 0.2.5) tty-screen (~> 0.6) uuidtools (~> 2.1.5) - chef (15.5.9-universal-mingw32) + chef (16.0.143-universal-mingw32) addressable bcrypt_pbkdf (~> 1.0) bundler (>= 1.10) - chef-config (= 15.5.9) - chef-utils (= 15.5.9) + chef-config (= 16.0.143) + chef-utils (= 16.0.143) + chef-vault chef-zero (>= 14.0.11) diff-lcs (~> 1.2, >= 1.2.4) ed25519 (~> 1.2) @@ -84,7 +87,8 @@ PATH net-sftp (~> 2.1, >= 2.1.2) net-ssh (>= 4.2, < 6) net-ssh-multi (~> 1.2, >= 1.2.1) - ohai (~> 15.0) + ohai (~> 16.0) + pastel plist (~> 3.2) proxifier (~> 1.0) syslog-logger (~> 1.6) @@ -100,22 +104,22 @@ PATH win32-mmap (~> 0.4.1) win32-mutex (~> 0.4.2) win32-process (~> 0.8.2) - win32-service (>= 2.1.2, < 3.0) + win32-service (>= 2.1.5, < 3.0) win32-taskscheduler (~> 2.0) wmi-lite (~> 1.0) PATH remote: chef-bin specs: - chef-bin (15.5.9) - chef (= 15.5.9) + chef-bin (16.0.143) + chef (= 16.0.143) PATH remote: chef-config specs: - chef-config (15.5.9) + chef-config (16.0.143) addressable - chef-utils (= 15.5.9) + chef-utils (= 16.0.143) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -124,14 +128,14 @@ PATH PATH remote: chef-utils specs: - chef-utils (15.5.9) + chef-utils (16.0.143) GEM remote: https://rubygems.org/ specs: addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) - appbundler (0.13.1) + appbundler (0.13.2) mixlib-cli (>= 1.4, < 3.0) mixlib-shellout (>= 2.0, < 4.0) ast (2.4.0) @@ -140,89 +144,111 @@ GEM bcrypt_pbkdf (1.0.1-x86-mingw32) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) - builder (3.2.3) - byebug (11.0.1) - chef-vault (3.4.3) - chef-zero (14.0.13) + builder (3.2.4) + byebug (11.1.1) + chef-telemetry (1.0.3) + chef-config + concurrent-ruby (~> 1.0) ffi-yajl (~> 2.2) - hashie (>= 2.0, < 4.0) + http (~> 2.2) + chef-vault (4.0.1) + chef-zero (15.0.0) + ffi-yajl (~> 2.2) + hashie (>= 2.0, < 5.0) mixlib-log (>= 2.0, < 4.0) rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) - cheffish (14.0.4) - chef-zero (~> 14.0) + cheffish (15.0.0) + chef-zero (>= 14.0) net-ssh coderay (1.1.2) + concurrent-ruby (1.1.6) crack (0.4.3) safe_yaml (~> 1.0.0) debug_inspector (0.0.3) diff-lcs (1.3) docile (1.3.2) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + ecma-re-validator (0.2.0) + regexp_parser (~> 1.2) ed25519 (1.2.4) equatable (0.6.1) erubi (1.9.0) erubis (2.7.0) - faraday (0.17.0) + faraday (1.0.0) multipart-post (>= 1.2, < 3) - faraday_middleware (0.12.2) - faraday (>= 0.7.4, < 1.0) - fauxhai-ng (7.5.1) + fauxhai-ng (8.0.0) net-ssh - ffi (1.11.2) - ffi (1.11.2-x64-mingw32) - ffi (1.11.2-x86-mingw32) - ffi-libarchive (0.4.10) + ffi (1.12.2) + ffi (1.12.2-x64-mingw32) + ffi (1.12.2-x86-mingw32) + ffi-libarchive (1.0.0) ffi (~> 1.0) ffi-win32-extensions (1.0.3) ffi - ffi-yajl (2.3.1) + ffi-yajl (2.3.3) libyajl2 (~> 1.2) fuzzyurl (0.9.0) gssapi (1.3.0) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hashdiff (1.0.0) + hana (1.3.5) + hashdiff (1.0.1) hashie (3.6.0) highline (1.7.10) htmlentities (4.3.4) + http (2.2.2) + addressable (~> 2.3) + http-cookie (~> 1.0) + http-form_data (~> 1.0.1) + http_parser.rb (~> 0.6.0) + http-cookie (1.0.3) + domain_name (~> 0.5) + http-form_data (1.0.3) + http_parser.rb (0.6.0) httpclient (2.8.3) - iniparse (1.4.4) - inspec-core (4.18.39) + inifile (3.0.0) + iniparse (1.5.0) + inspec-core (4.18.100) addressable (~> 2.4) + chef-telemetry (~> 1.0) faraday (>= 0.9.0) - faraday_middleware (~> 0.12.2) hashie (~> 3.4) - htmlentities - json-schema (~> 2.8) + htmlentities (~> 4.3) + json_schemer (~> 0.2.1) license-acceptance (>= 0.2.13, < 2.0) method_source (~> 0.8) - mixlib-log - multipart-post + mixlib-log (~> 3.0) + multipart-post (~> 2.0) parallel (~> 1.9) parslet (~> 1.5) pry (~> 0) - rspec (~> 3.0, < 3.9) + rspec (~> 3.9) rspec-its (~> 1.2) - rubyzip (~> 1.1) - semverse + rubyzip (~> 1.2, >= 1.2.2) + semverse (~> 3.0) sslshake (~> 1.2) - term-ansicolor - thor (~> 0.20) + term-ansicolor (~> 1.7) + thor (>= 0.20, < 2.0) tomlrb (~> 1.2) train-core (~> 3.0) tty-prompt (~> 0.17) tty-table (~> 0.10) - inspec-core-bin (4.18.39) - inspec-core (= 4.18.39) + inspec-core-bin (4.18.100) + inspec-core (= 4.18.100) ipaddress (0.8.3) iso8601 (0.12.1) jaro_winkler (1.5.4) - json (2.2.0) - json-schema (2.8.1) - addressable (>= 2.4) + json (2.3.0) + json_schemer (0.2.10) + ecma-re-validator (~> 0.2) + hana (~> 1.3) + regexp_parser (~> 1.5) + uri_template (~> 0.7) libyajl2 (1.2.0) - license-acceptance (1.0.13) + license-acceptance (1.0.18) pastel (~> 0.7) tomlrb (~> 1.2) tty-box (~> 0.3) @@ -232,22 +258,22 @@ GEM little-plugger (~> 1.1) multi_json (~> 1.10) method_source (0.9.2) - mixlib-archive (1.0.1) + mixlib-archive (1.0.5) mixlib-log - mixlib-archive (1.0.1-universal-mingw32) + mixlib-archive (1.0.5-universal-mingw32) mixlib-log - mixlib-authentication (3.0.4) - mixlib-cli (2.1.1) - mixlib-config (3.0.5) + mixlib-authentication (3.0.6) + mixlib-cli (2.1.5) + mixlib-config (3.0.6) tomlrb - mixlib-log (3.0.1) - mixlib-shellout (3.0.7) - mixlib-shellout (3.0.7-universal-mingw32) + mixlib-log (3.0.8) + mixlib-shellout (3.0.9) + mixlib-shellout (3.0.9-universal-mingw32) win32-process (~> 0.8.2) wmi-lite (~> 1.0) multi_json (1.14.1) multipart-post (2.1.1) - necromancer (0.5.0) + necromancer (0.5.1) net-scp (2.0.0) net-ssh (>= 2.6.5, < 6.0.0) net-sftp (2.1.2) @@ -259,8 +285,8 @@ GEM net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) nori (2.6.0) - parallel (1.19.0) - parser (2.6.5.0) + parallel (1.19.1) + parser (2.7.0.4) ast (~> 2.4.0) parslet (1.8.2) pastel (0.7.3) @@ -271,7 +297,7 @@ GEM pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) - pry-byebug (3.7.0) + pry-byebug (3.8.0) byebug (~> 11.0) pry (~> 0.10) pry-remote (0.1.8) @@ -280,102 +306,112 @@ GEM pry-stack_explorer (0.4.9.3) binding_of_caller (>= 0.7) pry (>= 0.9.11) - public_suffix (4.0.1) - rack (2.0.7) + public_suffix (4.0.3) + rack (2.2.2) rainbow (3.0.0) - rake (12.3.2) + rake (13.0.1) rb-readline (0.5.5) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.2) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.6) + regexp_parser (1.7.0) + rexml (3.2.4) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.1) + rspec-support (~> 3.9.1) + rspec-expectations (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) + rspec-support (~> 3.9.0) rspec-its (1.3.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.8.2) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.3) + rspec-support (~> 3.9.0) + rspec-support (3.9.2) rspec_junit_formatter (0.2.3) builder (< 4) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (0.75.1) + rubocop (0.80.1) jaro_winkler (~> 1.5.1) parallel (~> 1.10) - parser (>= 2.6) + parser (>= 2.7.0.1) rainbow (>= 2.2.2, < 4.0) + rexml ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 1.7) - ruby-prof (0.17.0) + ruby-prof (1.2.0) ruby-progressbar (1.10.1) ruby-shadow (2.5.0) rubyntlm (0.6.2) rubyzip (1.3.0) safe_yaml (1.0.5) semverse (3.0.0) - simplecov (0.17.1) + simplecov (0.18.5) docile (~> 1.1) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) + simplecov-html (~> 0.11) + simplecov-html (0.12.2) slop (3.6.0) sslshake (1.3.0) - strings (0.1.7) + strings (0.1.8) strings-ansi (~> 0.1) unicode-display_width (~> 1.5) unicode_utils (~> 1.4) strings-ansi (0.2.0) structured_warnings (0.4.0) + sync (0.5.0) syslog-logger (1.6.8) systemu (2.6.5) term-ansicolor (1.7.1) tins (~> 1.0) - thor (0.20.3) - tins (1.22.2) - tomlrb (1.2.8) - train-core (3.1.4) + thor (1.0.1) + tins (1.24.1) + sync + tomlrb (1.2.9) + train-core (3.2.23) + addressable (~> 2.5) + inifile (~> 3.0) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) net-scp (>= 1.2, < 3.0) net-ssh (>= 2.9, < 6.0) - train-winrm (0.2.5) + train-winrm (0.2.6) winrm (~> 2.0) winrm-fs (~> 1.0) tty-box (0.5.0) pastel (~> 0.7.2) strings (~> 0.1.6) tty-cursor (~> 0.7) - tty-color (0.5.0) - tty-cursor (0.7.0) - tty-prompt (0.19.0) + tty-color (0.5.1) + tty-cursor (0.7.1) + tty-prompt (0.21.0) necromancer (~> 0.5.0) pastel (~> 0.7.0) - tty-reader (~> 0.6.0) - tty-reader (0.6.0) + tty-reader (~> 0.7.0) + tty-reader (0.7.0) tty-cursor (~> 0.7) tty-screen (~> 0.7) wisper (~> 2.0.0) - tty-screen (0.7.0) + tty-screen (0.7.1) tty-table (0.11.0) equatable (~> 0.6) necromancer (~> 0.5) pastel (~> 0.7.2) strings (~> 0.1.5) tty-screen (~> 0.7) - unicode-display_width (1.6.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.6) + unicode-display_width (1.6.1) unicode_utils (1.4.0) + uri_template (0.7.0) uuidtools (2.1.5) - webmock (3.7.6) + webmock (3.8.3) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) win32-api (1.5.3-universal-mingw32) - win32-certstore (0.3.0) + win32-certstore (0.4.0) ffi mixlib-shellout win32-dir (0.5.1) @@ -392,13 +428,13 @@ GEM win32-ipc (>= 0.6.0) win32-process (0.8.3) ffi (>= 1.0.0) - win32-service (2.1.4) + win32-service (2.1.5) ffi ffi-win32-extensions win32-taskscheduler (2.0.4) ffi structured_warnings - winrm (2.3.3) + winrm (2.3.4) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -413,8 +449,8 @@ GEM rubyzip (~> 1.1) winrm (~> 2.0) wisper (2.0.1) - wmi-lite (1.0.2) - yard (0.9.20) + wmi-lite (1.0.5) + yard (0.9.24) PLATFORMS ruby @@ -429,7 +465,7 @@ DEPENDENCIES chef-config! chef-utils! chef-vault - cheffish (~> 14) + cheffish (>= 14) chefstyle! ed25519 fauxhai-ng @@ -440,17 +476,17 @@ DEPENDENCIES pry-byebug pry-remote pry-stack_explorer - rake (<= 12.3.2) + rake (<= 13.0.1) rb-readline rspec-core (~> 3.5) rspec-expectations (~> 3.5) rspec-mocks (~> 3.5) rspec_junit_formatter (~> 0.2.0) - ruby-prof (< 0.18) + ruby-prof (< 1.3.0) ruby-shadow simplecov webmock yard BUNDLED WITH - 1.17.3 + 2.1.4 @@ -22,7 +22,7 @@ For Chef Infra usage, please refer to our [Learn Chef Rally](https://learn.chef. Other useful resources for Chef Infra users: -- Documentation: <https://docs.chef.io> +- Documentation: <https://docs.chef.io/> - Source: <https://github.com/chef/chef/tree/master> - Tickets/Issues: <https://github.com/chef/chef/issues> - Slack: [Chef Community Slack](https://community-slack.chef.io/) @@ -32,7 +32,7 @@ Other useful resources for Chef Infra users: Issues can be reported by using [GitHub Issues](https://github.com/chef/chef/issues). -Note that this repository is primarily for reporting issues in the chef-client itself. For reporting issues against other Chef projects, please look up the appropriate repository. If you're unsure where to submit an issue, please ask in the #chef-dev channel in [Chef Community Slack](https://community-slack.chef.io/). +Note that this repository is primarily for reporting issues in the chef-client itself. For reporting issues against other Chef projects, please look up the appropriate repository. If you're unsure where to submit an issue, please ask in the #chef-dev channel in [Chef Community Slack](https://community-slack.chef.io/). ## How We Build & Release Chef diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 47cbf783a4..3914efa8bc 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,6 +1,281 @@ -This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes.html> for the official Chef release notes. +This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes/> for the official Chef release notes. -# Chef Infra Client 15.5 +# Chef Infra Client 15.8 + +## New notify_group functionality + +Chef Infra Client now includes a new `notify_group` feature that can be used to extract multiple common notifies out of individual resources to reduce duplicate code in your cookbooks and custom resources. Previously cookbook authors would often use a `log` resource to achieve a similar outcome, but using the log resource results in unnecessary Chef Infra Client log output. The `notify_group` method produces no additional logging, but fires all defined notifications when the `:run` action is set. + +Example notify_group that stops, sleeps, and then starts service when a service config is updated: + +```ruby + service "crude" do + action [ :enable, :start ] + end + + chef_sleep "60" do + action :nothing + end + + notify_group "crude_stop_and_start" do + notifies :stop, "service[crude]", :immediately + notifies :sleep, "chef_sleep[60]", :immediately + notifies :start, "service[crude]", :immediately + end + + template "/etc/crude/crude.conf" do + source "crude.conf.erb" + variables node["crude"] + notifies :run, "notify_group[crude_stop_and_start]", :immediately + end +``` + +## Chef InSpec 4.18.85 + +Chef InSpec has been updated from 4.18.39 to 4.18.85. This release includes a large number of bug fixes in addition to some great resource enhancements: + +* The service resource features new support for yocto-based linux distributions. Thank you to [@michaellihs](https://github.com/michaellihs) for this addition! +* The package resource now includes support for FreeBSD. Thank you to [@fzipi](https://github.com/fzipi) for this work! +* We standardized the platform for the etc_hosts, virtualization, ini, and xml resources. +* The oracledb_session resource works again due to a missing quote fix. +* The groups resource on macOS no longer reports duplicates anymore. +command.exist? now conforms to POSIX standards. Thanks to [@PiQuer](https://github.com/PiQuer)! +* Changed the postfix_conf resource's supported platform to the broader unix. Thank you to [@fzipi](https://github.com/fzipi) for this fix! + +## New Cookbook Helpers + +New helpers have been added to make writing cookbooks easier. + +### Platform Version Helpers + +New helpers for checking platform versions have been added. These helpers return parsed version strings so there's no need to convert the returned values to Integers or Floats before comparing them. Additionally, comparisons with version objects properly understand the order of versions so `5.11` will compare as larger than `5.9`, whereas converting those values to Floats would result in `5.9` being larger than `5.11`. + +* `windows_nt_version` returns the NT kernel version which often differs from Microsoft's marketing versions. This helper offers a good way to find desktop and server releases that are based on the same codebase. For example, NT 6.3 is both Windows 8.1 and Windows 2012 R2. +* `powershell_version` returns the version of PowerShell installed on the system. +* `platform_version` returns the value of node['platform_version']. + +Example comparison using windows_nt_version: + +```ruby +if windows_nt_version >= 10 + some_modern_windows_things +end +``` + +### Cloud Helpers + +The cloud helpers from chef-sugar have been ported to Chef Infra Client: + +* `cloud?` - if the node is running in any cloud, including internal clouds +* `ec2?` - if the node is running in ec2 +* `gce?` - if the node is running in gce +* `rackspace?` - if the node is running in rackspace +* `eucalyptus?` - if the node is running under eucalyptus +* `linode?` - if the node is running in linode +* `openstack?` - if the node is running under openstack +* `azure?` - if the node is running in azure +* `digital_ocean?` - if the node is running in digital ocean +* `softlayer?` - if the node is running in softlayer + +### Virtualization Helpers + +The virtualization helpers from chef-sugar have been ported to Chef Infra Client and extended with helpers to detect hypervisor hosts, physical, and guest systems. + +* `kvm?` - if the node is a kvm guest +* `kvm_host?` - if the node is a kvm host +* `lxc?` - if the node is an lxc guest +* `lxc_host?` - if the node is an lxc host +* `parallels?`- if the node is a parallels guest +* `parallels_host?`- if the node is a parallels host +* `vbox?` - if the node is a virtualbox guest +* `vbox_host?` - if the node is a virtualbox host +* `vmware?` - if the node is a vmware guest +* `vmware_host?` - if the node is a vmware host +* `openvz?` - if the node is an openvz guest +* `openvz_host?` - if the node is an openvz host +* `guest?` - if the node is detected as any kind of guest +* `hypervisor?` - if the node is detected as being any kind of hypervisor +* `physical?` - the node is not running as a guest (may be a hypervisor or may be bare-metal) +* `vagrant?` - attempts to identify the node as a vagrant guest (this check may be error-prone) + +### include_recipe? helper + +chef-sugar's `include_recipe?` has been added to Chef Infra Client providing a simple way to see if a recipe has been included on a node already. + +Example usage in a not_if conditional: + +```ruby +execute 'install my_app' + command '/tmp/my_app_install.sh' + not_if { include_recipe?('my_app::install') } +end +``` + +## Updated Resources + +### ifconfig + +The `ifconfig` resource now supports the newer `ifconfig` release that ships in Debian 10. + +### mac_user + +The `mac_user` resource, used when creating a user on Mac systems, has been improved to work better with macOS Catalina (10.15). The resource now properly looks up the numeric GID when creating a user, once again supports the `system` property, and includes a new `hidden` property which prevents the user from showing on the login screen. Thanks [@chilcote](https://github.com/chilcote) for these fixes and improvements. + +### sysctl + +The `sysctl` resource has been updated to allow the inclusion of descriptive comments. Comments may be passed as an array or as a string. Any comments provided are prefixed with '#' signs and precede the `sysctl` setting in generated files. + +An example: + +```ruby +sysctl 'vm.swappiness' do + value 10 + comment [ + "define how aggressively the kernel will swap memory pages.", + "Higher values will increase aggressiveness", + "lower values decrease the amount of swap.", + "A value of 0 instructs the kernel not to initiate swap", + "until the amount of free and file-backed pages is less", + "than the high water mark in a zone.", + "The default value is 60." + ] +end +``` + +which results in `/etc/sysctl.d/99-chef-vm.swappiness.conf` as follows: + +``` +# define how aggressively the kernel will swap memory pages. +# Higher values will increase aggressiveness +# lower values decrease the amount of swap. +# A value of 0 instructs the kernel not to initiate swap +# until the amount of free and file-backed pages is less +# than the high water mark in a zone. +# The default value is 60. +vm.swappiness = 10 +``` + +## Platform Support + +* Chef Infra Clients packages are now validated for Debian 10. + +## macOS Binary Signing + +Each binary in the macOS Chef Infra Client installation is now signed to improve the integrity of the installation and ensure compatibility with macOS Catalina security requirements. + +# Chef Infra Client 15.7 + +## Updated Resources + +### archive_file + +The `archive_file` resource will now only change ownership on files and directories that were part of the archive itself. This prevents changing permissions on important high level directories such as /etc or /bin when you extract a file into those directories. Thanks for this fix, [@bobchaos](https://github.com/bobchaos/). + +### cron and cron_d + +The `cron` and `cron_d` resources now include a `timeout` property, which allows you to configure actions to perform when a job times out. This property accepts a hash of timeout configuration options: + +- `preserve-status`: `true`/`false` with a default of `false` +- `foreground`: `true`/`false` with a default of `false` +- `kill-after`: `Integer` for the timeout in seconds +- `signal`: `String` or `Integer` to send to the process such as `HUP` + +### launchd + +The `launchd` resource has been updated to properly capitalize `HardResourceLimits`. Thanks for this fix, [@rb2k](https://github.com/rb2k/). + +### sudo + +The `sudo` resource no longer fails on the second Chef Infra Client run when using a `Cmnd_Alias`. Thanks for reporting this issue, [@Rudikza](https://github.com/Rudikza). + +### user + +The `user` resource on AIX no longer forces the user to change the password after Chef Infra Client modifies the password. Thanks for this fix, [@Triodes](https://github.com/Triodes). + +The `user` resource on macOS 10.15 has received several important fixes to improve logging and prevent failures. + +### windows_task + +The `windows_task` resource is now idempotent when a system is joined to a domain and the job runs under a local user account. + +### x509_certificate + +The `x509_certificate` resource now includes a new `renew_before_expiry` property that allows you to auto renew certicates a specified number of days before they expire. Thanks [@julienhuon](https://github.com/julienhuon/) for this improvement. + +## Additional Recipe Helpers + +We have added new helpers for identifying Windows releases that can be used in any part of your cookbooks. + +### windows_workstation? + +Returns `true` if the system is a Windows Workstation edition. + +### windows_server? + +Returns `true` if the system is a Windows Server edition. + +### windows_server_core? + +Returns `true` if the system is a Windows Server Core edition. + +## Notable Changes and Fixes + +- `knife upload` and `knife cookbook upload` will now generate a metadata.json file from metadata.rb when uploading a cookbook to the Chef Infra Server. +- A bug in `knife bootstrap` behavior that caused failures when bootstrapping Windows hosts from non-Windows hosts and vice versa has been resolved. +- The existing system path is now preserved when bootstrapping Windows nodes. Thanks for this fix, [@Xorima](https://github.com/Xorima/). +- Ohai now properly returns the drive name on Windows and includes new drive_type fields to allow you to determine the type of attached disk. Thanks for this improvement [@sshock](https://github.com/sshock/). +- Ohai has been updated to properly return DMI data to Chef Infra Client. Thanks for troubleshooting this, [@zmscwx](https://github.com/zmscwx) and [@Sliim](https://github.com/Sliim). + +## Platform Support + +- Chef Infra Clients packages are no longer produced for Windows 2008 R2 as this release reached its end of life on Jan 14th, 2020. +- Chef Infra Client packages are no longer produced for RHEL 6 on the s390x platform. Builds will continue to be published for RHEL 7 on the s390x platform. + +## Security Updates + +### OpenSSL + +OpenSSL has been updated to 1.0.2u to resolve [CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551) + +# Chef Infra Client 15.6 + +## Updated Resources + +## apt_repository + +The `apt_repository` resource now properly escapes repository URIs instead of quoting them. This prevents failures when using the `apt-file` command, which was unable to parse the quoted URIs. Thanks for reporting this [@Seb-Solon](https://github.com/Seb-Solon) + +## file + +The `file` resource now shows the output of any failures when running commands specified in the `verify` property. This means you can more easily validate config files before potentially writing an incorrect file to disk. Chef Infra Client will shellout to any specified command and will show the results of failures for further troubleshooting. + +## user + +The `user` resource on Linux systems now continues successfully when `usermod` returns an exit code of 12. Exit code 12 occurs when a user's home directory is changed and the underlying directory already exists. Thanks [@skippyj](https://github.com/skippyj) for this fix. + +## yum_repository + +The `yum_repository` now properly formats the repository configuration when multiple `baseurl` values are present. Thanks [@bugok](https://github.com/bugok) for this fix. + +## Performance Improvements + +This release of Chef Infra Client ships with several optimizations to our Ruby installation to improve the performance of loading the chef-client and knife commands. These improvements are particularly noticeable on non-SSD hosts and on Windows. + +## Smaller Install Footprint + +We've further optimized our install footprint and reduced the size of `/opt/chef` by ~7% by removing unnecessary test files and libraries that shipped in previous releases. + +## filesystem2 Ohai Data on Windows + +Ohai 15.6 includes new `node['filesystem2']` data on Windows hosts. Fileystem2 presents filesystem data by both mountpoint and by device name. This data structure matches that of the filesystem plugin on Linux and other *nix operating systems. Thanks [@jaymzh](https://github.com/jaymzh) for this new data structure. + +# Chef Infra Client 15.5.15 + +The Chef Infra Client 15.5.15 release includes fixes for two regressions. A regression in the `build_essential` resource caused failures on `rhel` platforms and a second regression caused Chef Infra Client to fail when starting with `enforce_path_sanity` enabled. As part of this fix we've added a new property, `raise_if_unsupported`, to the `build-essential` resource. Instead of silently continuing, this property will fail a Chef Infra Client run if an unknown platform is encountered. + +We've also updated the `windows_package` resource. The resource will now provide better error messages if invalid options are passed to the `installer_type` property and the `checksum` property will now accept uppercase SHA256 checksums. + +# Chef Infra Client 15.5.9 ## New Cookbook Helpers @@ -10,7 +285,7 @@ For more information all all of the new helpers available, see the [chef-utils r ## Chefignore Improvements -We've reworked how chefignore files are handled in `knife`, which has allowed us to close out a large number of long outstanding bugs. `knife` will now traverse all the way up the directory structure looking for a chefignore file. This means you can place a chefignore file in each cookkbook or any parent directory in your repository structure. Additionally, we have made fixes that ensure that commmands like `knife diff` and `knife cookbook upload` always honor your chefignore files. +We've reworked how chefignore files are handled in `knife`, which has allowed us to close out a large number of long outstanding bugs. `knife` will now traverse all the way up the directory structure looking for a chefignore file. This means you can place a chefignore file in each cookbook or any parent directory in your repository structure. Additionally, we have made fixes that ensure that commands like `knife diff` and `knife cookbook upload` always honor your chefignore files. ## Windows Habitat Plan @@ -22,7 +297,7 @@ This release of Chef Infra Client ships with several optimizations to our Ruby i ## Chef InSpec 4.18.39 -Chef InSpec has been updated from 4.17.17 to 4.18.38. This release includes a large number of bug fixes in additition to some great resource enhancements: +Chef InSpec has been updated from 4.17.17 to 4.18.38. This release includes a large number of bug fixes in addition to some great resource enhancements: - Inputs can now be used within a `describe.one` block - The `service` resource now includes a `startname` property for Windows and systemd services @@ -229,11 +504,11 @@ end ### macOS 10.15 Support -Chef Infra Client is now validated against macOS 10.15 (Catalina) with packages now available at [downloads.chef.io](https://downloads.chef.io/) and via the [Omnitruck API](https://docs.chef.io/api_omnitruck.html). Additionally, Chef Infra Client will no longer be validated against macOS 10.12. +Chef Infra Client is now validated against macOS 10.15 (Catalina) with packages now available at [downloads.chef.io](https://downloads.chef.io/) and via the [Omnitruck API](https://docs.chef.io/api_omnitruck/). Additionally, Chef Infra Client will no longer be validated against macOS 10.12. ### AIX 7.2 -Chef Infra Client is now validated against AIX 7.2 with packages now available at [downloads.chef.io](https://downloads.chef.io/) and via the [Omnitruck API](https://docs.chef.io/api_omnitruck.html). +Chef Infra Client is now validated against AIX 7.2 with packages now available at [downloads.chef.io](https://downloads.chef.io/) and via the [Omnitruck API](https://docs.chef.io/api_omnitruck/). ## Chef InSpec 4.16 @@ -280,7 +555,7 @@ The `windows_task` resource has been updated to allow the `day` property to acce ### zypper_package -The `zypper_package` package has been updated to properly upgrade packages if necessary based on the versin specified in the resource block. Thanks [@foobarbam](https://github.com/foobarbam) for this fix. +The `zypper_package` package has been updated to properly upgrade packages if necessary based on the version specified in the resource block. Thanks [@foobarbam](https://github.com/foobarbam) for this fix. ## Platform Support Updates @@ -290,11 +565,11 @@ Chef Infra Client 15.2 now includes native packages for RHEL 8 with all builds n ### SLES 11 EOL -Packages will no longer be built for SUSE Linux Enterprise Server (SLES) 11 as SLES 11 exited the 'General Support' phase on March 31, 2019. See Chef's [Platform End-of-Life Policy](https://docs.chef.io/platforms.html#platform-end-of-life-policy) for more information on when Chef ends support for an OS release. +Packages will no longer be built for SUSE Linux Enterprise Server (SLES) 11 as SLES 11 exited the 'General Support' phase on March 31, 2019. See Chef's [Platform End-of-Life Policy](https://docs.chef.io/platforms/#platform-end-of-life-policy) for more information on when Chef ends support for an OS release. ### Ubuntu 14.04 EOL -Packages will no longer be built for Ubuntu 14.04 as Canonical ended maintenance updates on April 30, 2019. See Chef's [Platform End-of-Life Policy](https://docs.chef.io/platforms.html#platform-end-of-life-policy) for more information on when Chef ends support for an OS release. +Packages will no longer be built for Ubuntu 14.04 as Canonical ended maintenance updates on April 30, 2019. See Chef's [Platform End-of-Life Policy](https://docs.chef.io/platforms/#platform-end-of-life-policy) for more information on when Chef ends support for an OS release. ## Ohai 15.2 @@ -326,7 +601,7 @@ bzip2 has been updated from 1.0.6 to 1.0.8 to resolve [CVE-2016-3189](https://cv ### chocolatey_feature -The `chocolatey_feature` resource allows you to enable and disable Chocolatey features. See the [chocolatey_feature documentation](https://docs.chef.io/resource_chocolatey_feauture.html) for full usage information. Thanks [@gep13](https://github.com/gep13) for this new resource. +The `chocolatey_feature` resource allows you to enable and disable Chocolatey features. See the [chocolatey_feature documentation](https://docs.chef.io/resources/chocolatey_feature/) for full usage information. Thanks [@gep13](https://github.com/gep13) for this new resource. ## Updated Resources @@ -462,49 +737,49 @@ Chef Solo's `--delete-entire-chef-repo` option has been extended to work in Loca Use the `archive_file` resource to decompress multiple archive formats without the need for compression tools on the host. -See the [archive_file](https://docs.chef.io/resource_archive_file.html) documentation for more information. +See the [archive_file](https://docs.chef.io/resources/archive_file/) documentation for more information. ### windows_uac resource Use the `windows_uac` resource to configure UAC settings on Windows hosts. -See the [windows_uac](https://docs.chef.io/resource_windows_uac.html) documentation for more information. +See the [windows_uac](https://docs.chef.io/resources/windows_uac) documentation for more information. ### windows_dfs_folder resource Use the `windows_dfs_folder` resource to create and delete Windows DFS folders. -See the [windows_dfs_folder](https://docs.chef.io/resource_windows_dfs_folder.html) documentation for more information. +See the [windows_dfs_folder](https://docs.chef.io/resources/windows_dfs_folder) documentation for more information. ### windows_dfs_namespace resources Use the `windows_dfs_namespace` resource to create and delete Windows DFS namespaces. -See the [windows_dfs_namespace](https://docs.chef.io/resource_windows_dfs_namespace.html) documentation for more information. +See the [windows_dfs_namespace](https://docs.chef.io/resources/windows_dfs_namespace) documentation for more information. ### windows_dfs_server resources Use the `windows_dfs_server` resource to configure Windows DFS server settings. -See the [windows_dfs_server](https://docs.chef.io/resource_windows_dfs_server.html) documentation for more information. +See the [windows_dfs_server](https://docs.chef.io/resources/windows_dfs_server) documentation for more information. ### windows_dns_record resource Use the `windows_dns_record` resource to create or delete DNS records. -See the [windows_dns_record](https://docs.chef.io/resource_windows_dns_record.html) documentation for more information. +See the [windows_dns_record](https://docs.chef.io/resources/windows_dns_record) documentation for more information. ### windows_dns_zone resource Use the `windows_dns_zone` resource to create or delete DNS zones. -See the [windows_dns_zone](https://docs.chef.io/resource_windows_dns_zone.html) documentation for more information. +See the [windows_dns_zone](https://docs.chef.io/resources/windows_dns_zone) documentation for more information. ### snap_package resource Use the `snap_package` resource to install snap packages on Ubuntu hosts. -See the [snap_package](https://docs.chef.io/resource_snap_package.html) documentation for more information. +See the [snap_package](https://docs.chef.io/resources/snap_package) documentation for more information. ## Resource Improvements @@ -1094,7 +1369,7 @@ OpenSSL has been updated to 1.0.2q in order to resolve: Use the `windows_firewall_rule` resource create or delete Windows Firewall rules. -See the [windows_firewall_rule](https://docs.chef.io/resource_windows_firewall_rule.html) documentation for more information. +See the [windows_firewall_rule](https://docs.chef.io/resources/windows_firewall_rule) documentation for more information. Thank you [Schuberg Philis](https://schubergphilis.com/) for transferring us the [windows_firewall cookbook](https://supermarket.chef.io/cookbooks/windows_firewall) and to [@Happycoil](https://github.com/Happycoil) for porting it to chef-client with a significant refactoring. @@ -1102,13 +1377,13 @@ Thank you [Schuberg Philis](https://schubergphilis.com/) for transferring us the Use the `windows_share` resource create or delete Windows file shares. -See the [windows_share](https://docs.chef.io/resource_windows_share.html) documentation for more information. +See the [windows_share](https://docs.chef.io/resources/windows_share) documentation for more information. ### windows_certificate Use the `windows_certificate` resource add, remove, or verify certificates in the system or user certificate stores. -See the [windows_certificate](https://docs.chef.io/resource_windows_certificate.html) documentation for more information. +See the [windows_certificate](https://docs.chef.io/resources/windows_certificate) documentation for more information. ## Updated Resources @@ -1244,7 +1519,7 @@ We've added new resources to Chef 14.5. Cookbooks using these resources will con Use the `windows_workgroup` resource to join or change a Windows host workgroup. -See the [windows_workgroup](https://docs.chef.io/resource_windows_workgroup.html) documentation for more information. +See the [windows_workgroup](https://docs.chef.io/resources/windows_workgroup) documentation for more information. Thanks [@derekgroh](https://github.com/derekgroh) for contributing this new resource. @@ -1252,7 +1527,7 @@ Thanks [@derekgroh](https://github.com/derekgroh) for contributing this new reso Use the `locale` resource to set the system's locale. -See the [locale](https://docs.chef.io/resource_locale.html) documentation for more information. +See the [locale](https://docs.chef.io/resources/locale) documentation for more information. Thanks [@vincentaubert](https://github.com/vincentaubert) for contributing this new resource. @@ -1329,39 +1604,39 @@ The following new previous resources were added to Chef 14.4. Cookbooks with the ### Cron_d -Use the [cron_d](https://docs.chef.io/resource_cron_d.html) resource to manage cron definitions in /etc/cron.d. This is similar to the `cron` resource, but it does not use the monolithic `/etc/crontab`. file. +Use the [cron_d](https://docs.chef.io/resources/cron_d) resource to manage cron definitions in /etc/cron.d. This is similar to the `cron` resource, but it does not use the monolithic `/etc/crontab`. file. ### Cron_access -Use the [cron_access](https://docs.chef.io/resource_cron_access.html) resource to manage the `/etc/cron.allow` and `/etc/cron.deny` files. This resource previously shipped in the `cron` community cookbook and has fully backwards compatibility with the previous `cron_manage` definition in that cookbook. +Use the [cron_access](https://docs.chef.io/resources/cron_access) resource to manage the `/etc/cron.allow` and `/etc/cron.deny` files. This resource previously shipped in the `cron` community cookbook and has fully backwards compatibility with the previous `cron_manage` definition in that cookbook. ### openssl_x509_certificate -Use the [openssl_x509_certificate](https://docs.chef.io/resource_openssl_x509_certificate.html) resource to generate signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource automatically generates a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. This resource previously shipped in the `openssl` cookbook as `openssl_x509` and is fully backwards compatible with the legacy resource name. +Use the [openssl_x509_certificate](https://docs.chef.io/resources/openssl_x509_certificate) resource to generate signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource automatically generates a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. This resource previously shipped in the `openssl` cookbook as `openssl_x509` and is fully backwards compatible with the legacy resource name. Thank you [@juju482](https://github.com/juju482) for updating this resource! ### openssl_x509_request -Use the [openssl_x509_request](https://docs.chef.io/resource_openssl_x509_request.html) resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource automatically generates a passwordless key with the certificate. +Use the [openssl_x509_request](https://docs.chef.io/resources/openssl_x509_request) resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource automatically generates a passwordless key with the certificate. Thank you [@juju482](https://github.com/juju482) for contributing this resource. ### openssl_x509_crl -Use the [openssl_x509_crl](https://docs.chef.io/resource_openssl_x509_crl.html)l resource to generate PEM-formatted x509 certificate revocation list (CRL) files. +Use the [openssl_x509_crl](https://docs.chef.io/resources/openssl_x509_crl)l resource to generate PEM-formatted x509 certificate revocation list (CRL) files. Thank you [@juju482](https://github.com/juju482) for contributing this resource. ### openssl_ec_private_key -Use the [openssl_ec_private_key](https://docs.chef.io/resource_openssl_ec_private_key.html) resource to generate ec private key files. If a valid ec key file can be opened at the specified location, no new file will be created. +Use the [openssl_ec_private_key](https://docs.chef.io/resources/openssl_ec_private_key) resource to generate ec private key files. If a valid ec key file can be opened at the specified location, no new file will be created. Thank you [@juju482](https://github.com/juju482) for contributing this resource. ### openssl_ec_public_key -Use the [openssl_ec_public_key](https://docs.chef.io/resource_openssl_ec_public_key.html) resource to generate ec public key files given a private key. +Use the [openssl_ec_public_key](https://docs.chef.io/resources/openssl_ec_public_key) resource to generate ec public key files given a private key. Thank you [@juju482](https://github.com/juju482) for contributing this resource. @@ -1391,7 +1666,7 @@ The route resource now supports additional RHEL platform_family systems as well ### systemd_unit -The [systemd_unit](https://docs.chef.io/resource_systemd_unit.html) resource now supports specifying options multiple times in the content hash. Instead of setting the value to a string you can now set it to an array of strings. +The [systemd_unit](https://docs.chef.io/resources/systemd_unit) resource now supports specifying options multiple times in the content hash. Instead of setting the value to a string you can now set it to an array of strings. Thank you [@dbresson](https://github.com/dbresson) for this contribution. @@ -1593,7 +1868,7 @@ We advise caution in the use of this feature, as excessive or prolonged silencin As noted above, this release of Chef unifies our shell_out helpers into just shell_out and shell_out!. Previous helpers are now deprecated and will be removed in Chef Infra Client 15. -See [CHEF-26 Deprecation Page](https://docs.chef.io/deprecations_shell_out.html) for details. +See [CHEF-26 Deprecation Page](https://docs.chef.io/deprecations_shell_out) for details. ### Legacy FreeBSD pkg provider @@ -2074,7 +2349,7 @@ The Chef Solor `-r` flag has been removed as it was deprecated and replaced with ### node.set and node.set_unless attribute levels removal -`node.set` and `node.set_unless` were deprecated in Chef 12 and have been removed in Chef 14\. To replicate this same functionality users should use `node.normal` and `node.normal_unless`, although we highly recommend reading our [attribute documentation](https://docs.chef.io/attributes.html) to make sure `normal` is in fact the your desired attribute level. +`node.set` and `node.set_unless` were deprecated in Chef 12 and have been removed in Chef 14\. To replicate this same functionality users should use `node.normal` and `node.normal_unless`, although we highly recommend reading our [attribute documentation](https://docs.chef.io/attributes) to make sure `normal` is in fact the your desired attribute level. ### chocolatey_package :uninstall Action @@ -2466,7 +2741,7 @@ The mdadm plugin has been updated to properly handle arrays with more than 10 di ## `deploy` Resource Is Deprecated -The `deploy` resource (and its alter ego `deploy_revision`) have been deprecated, to be removed in Chef 14\. This is being done because this resource is considered overcomplicated and error-prone in the modern Chef ecosystem. A compatibility cookbook will be available to help users migrate during the Chef 14 release cycle. See [the deprecation documentation](https://docs.chef.io/deprecations_deploy_resource.html) for more information. +The `deploy` resource (and its alter ego `deploy_revision`) have been deprecated, to be removed in Chef 14\. This is being done because this resource is considered overcomplicated and error-prone in the modern Chef ecosystem. A compatibility cookbook will be available to help users migrate during the Chef 14 release cycle. See [the deprecation documentation](https://docs.chef.io/deprecations_deploy_resource) for more information. ## zypper_package supports package downgrades @@ -2885,7 +3160,7 @@ Additionally, Chef now always performs a reconfigure after every run when daemon ### Explicit property methods -<https://docs.chef.io/deprecations_namespace_collisions.html> +<https://docs.chef.io/deprecations_namespace_collisions> In Chef 14, custom resources will no longer assume property methods are being called on `new_resource`, and instead require the resource author to be explicit. @@ -2929,7 +3204,7 @@ Ohai now properly detects the [Clear](https://clearlinux.org/) and [ClearOS](htt ### Removal of IpScopes plugin. (OHAI-13) -<https://docs.chef.io/deprecations_ohai_ipscopes.html> +<https://docs.chef.io/deprecations_ohai_ipscopes> In Chef/Ohai 14 (April 2018) we will remove the IpScopes plugin. The data returned by this plugin is nearly identical to information already returned by individual network plugins and this plugin required the installation of an additional gem into the Chef installation. We believe that few users were installing the gem and users would be better served by the data returned from the network plugins. @@ -2945,7 +3220,7 @@ If you use Chef Provisioning with Local Mode, you may need to pass `--listen` to ### Removal of support for Ohai version 6 plugins (OHAI-10) -<https://docs.chef.io/deprecations_ohai_v6_plugins.html> +<https://docs.chef.io/deprecations_ohai_v6_plugins> In Chef/Ohai 14 (April 2018) we will remove support for loading Ohai v6 plugins, which we deprecated in Ohai 7/Chef 11.12. @@ -3021,7 +3296,7 @@ Chef now properly supports managing sys-v services on hosts running systemd. Pre ### Resource Cloning has been removed -When Chef compiles resources, it will no longer attempt to merge the properties of previously compiled resources with the same name and type in to the new resource. See [the deprecation page](https://docs.chef.io/deprecations_resource_cloning.html) for further information. +When Chef compiles resources, it will no longer attempt to merge the properties of previously compiled resources with the same name and type in to the new resource. See [the deprecation page](https://docs.chef.io/deprecations_resource_cloning) for further information. ### It is an error to specify both `default` and `name_property` on a property @@ -3448,35 +3723,35 @@ GCC detection has been improved to collect additional information, and to not pr ### Ohai::Config removed - **Deprecation ID**: OHAI-1 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_legacy_config.html> +- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_legacy_config> - **Expected Removal**: Ohai 13 (April 2017) ### sigar gem based plugins removed - **Deprecation ID**: OHAI-2 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_sigar_plugins.html> +- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_sigar_plugins> - **Expected Removal**: Ohai 13 (April 2017) ### run_command and popen4 helper methods removed - **Deprecation ID**: OHAI-3 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_run_command_helpers.html> +- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_run_command_helpers> - **Expected Removal**: Ohai 13 (April 2017) ### libvirt plugin attributes moved - **Deprecation ID**: OHAI-4 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_libvirt_plugin.html> +- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_libvirt_plugin> - **Expected Removal**: Ohai 13 (April 2017) ### Windows CPU plugin attribute changes - **Deprecation ID**: OHAI-5 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_windows_cpu.html> +- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_windows_cpu> - **Expected Removal**: Ohai 13 (April 2017) ### DigitalOcean plugin attribute changes - **Deprecation ID**: OHAI-6 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_digitalocean.html> +- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_digitalocean/> - **Expected Removal**: Ohai 13 (April 2017) @@ -17,10 +17,15 @@ # limitations under the License. # -require_relative "tasks/rspec" -require_relative "tasks/dependencies" -require_relative "tasks/announce" -require_relative "tasks/docs" +begin + require_relative "tasks/rspec" + require_relative "tasks/dependencies" + require_relative "tasks/announce" + require_relative "tasks/docs" + require_relative "lib/chef/dist" +rescue LoadError => e + puts "Skipping missing rake dep: #{e}" +end ENV["CHEF_LICENSE"] = "accept-no-persist" @@ -31,6 +36,14 @@ task :super_install do Dir.chdir(path) sh("rake install") end + +# Templating the powershell extensions so we can inject distro constants + template_file = ::File.join(::File.dirname(__FILE__), "distro", "templates", "powershell", "chef", "chef.psm1.erb") + psm1_path = ::File.join(::File.dirname(__FILE__), "distro", "powershell", "chef") + FileUtils.mkdir_p psm1_path + template = ERB.new(IO.read(template_file)) + chef_psm1 = template.result + File.open(::File.join(psm1_path, "chef.psm1"), "w") { |f| f.write(chef_psm1) } end task install: :super_install @@ -1 +1 @@ -15.5.9
\ No newline at end of file +16.0.143
\ No newline at end of file diff --git a/chef-bin/bin/chef-service-manager b/chef-bin/bin/chef-service-manager index 9021824fed..64cc043a54 100755 --- a/chef-bin/bin/chef-service-manager +++ b/chef-bin/bin/chef-service-manager @@ -21,12 +21,13 @@ $:.unshift(File.join(File.dirname(__FILE__), "..", "lib")) require "chef" require "chef/application/windows_service_manager" +require "chef/dist" if Chef::Platform.windows? chef_client_service = { - service_name: "chef-client", - service_display_name: "Chef Client Service", - service_description: "Runs Chef Client on regular, configurable intervals.", + service_name: Chef::Dist::CLIENT, + service_display_name: "#{Chef::Dist::PRODUCT} Service", + service_description: "Runs #{Chef::Dist::PRODUCT} on regular, configurable intervals.", service_file_path: File.expand_path("../chef-windows-service", $PROGRAM_NAME), delayed_start: true, dependencies: ["Winmgmt"], diff --git a/chef-bin/lib/chef-bin/version.rb b/chef-bin/lib/chef-bin/version.rb index 834b18459f..e319f449da 100644 --- a/chef-bin/lib/chef-bin/version.rb +++ b/chef-bin/lib/chef-bin/version.rb @@ -21,7 +21,7 @@ module ChefBin CHEFBIN_ROOT = File.expand_path("../..", __FILE__) - VERSION = "15.5.9".freeze + VERSION = "16.0.143".freeze end # diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index d1c4001739..1ee27949bc 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -4,7 +4,7 @@ # Author:: AJ Christensen (<aj@chef.io>) # Author:: Mark Mzyk (<mmzyk@chef.io>) # Author:: Kyle Goodwin (<kgoodwin@primerevenue.com>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,6 +34,7 @@ require "uri" unless defined?(URI) require "addressable/uri" unless defined?(Addressable::URI) require "openssl" unless defined?(OpenSSL) require "yaml" +require_relative "dist" module ChefConfig @@ -73,6 +74,37 @@ module ChefConfig path end + # On *nix, /etc/chef + def self.etc_chef_dir(is_windows = ChefUtils.windows?) + path = is_windows ? c_chef_dir : PathHelper.join("/etc", ChefConfig::Dist::DIR_SUFFIX) + PathHelper.cleanpath(path) + end + + # On *nix, /var/chef + def self.var_chef_dir(is_windows = ChefUtils.windows?) + path = is_windows ? c_chef_dir : PathHelper.join("/var", ChefConfig::Dist::DIR_SUFFIX) + PathHelper.cleanpath(path) + end + + # On *nix, the root of /var/, used to test if we can create and write in /var/chef + def self.var_root_dir(is_windows = ChefUtils.windows?) + path = is_windows ? c_chef_dir : "/var" + PathHelper.cleanpath(path) + end + + # On windows, C:/chef/ + def self.c_chef_dir + drive = windows_installation_drive || "C:" + path = PathHelper.join(drive, ChefConfig::Dist::DIR_SUFFIX) + PathHelper.cleanpath(path) + end + + def self.c_opscode_dir + drive = windows_installation_drive || "C:" + path = PathHelper.join(drive, ChefConfig::Dist::LEGACY_CONF_DIR, ChefConfig::Dist::DIR_SUFFIX) + PathHelper.cleanpath(path) + end + # the drive where Chef is installed on a windows host. This is determined # either by the drive containing the current file or by the SYSTEMDRIVE ENV # variable @@ -108,12 +140,20 @@ module ChefConfig # Split including whitespace if someone does truly odd like # --config-option "foo = bar" key, value = option.split(/\s*=\s*/, 2) + # Call to_sym because Chef::Config expects only symbol keys. Also # runs a simple parse on the string for some common types. memo[key.to_sym] = YAML.safe_load(value) memo end - merge!(extra_parsed_options) + set_extra_config_options(extra_parsed_options) + end + end + + # We use :[]= assignment here to not bypass any coercions that happen via mixlib-config writes_value callbacks + def self.set_extra_config_options(extra_parsed_options) + extra_parsed_options.each do |key, value| + self[key.to_sym] = value end end @@ -124,7 +164,7 @@ module ChefConfig if config_file PathHelper.dirname(PathHelper.canonical_path(config_file, false)) else - PathHelper.join(PathHelper.cleanpath(user_home), ".chef", "") + PathHelper.join(PathHelper.cleanpath(user_home), ChefConfig::Dist::USER_CONF_DIR, "") end end @@ -156,6 +196,20 @@ module ChefConfig # properly. configurable(:daemonize).writes_value { |v| v } + def self.expand_relative_paths(path) + unless path.nil? + if path.is_a?(String) + File.expand_path(path) + else + Array(path).map { |path| File.expand_path(path) } + end + end + end + + configurable(:cookbook_path).writes_value { |path| expand_relative_paths(path) } + + configurable(:chef_repo_path).writes_value { |path| expand_relative_paths(path) } + # The root where all local chef object data is stored. cookbooks, data bags, # environments are all assumed to be in separate directories under this. # chef-solo uses these directories for input data. knife commands @@ -189,7 +243,7 @@ module ChefConfig end path = new_path end - ChefConfig.logger.info("Auto-discovered chef repository at #{path}") + ChefConfig.logger.info("Auto-discovered #{ChefConfig::Dist::SHORT} repository at #{path}") path end @@ -204,67 +258,60 @@ module ChefConfig # Location of acls on disk. String or array of strings. # Defaults to <chef_repo_path>/acls. - default(:acl_path) { derive_path_from_chef_repo_path("acls") } + default(:acl_path) { derive_path_from_chef_repo_path("acls") }.writes_value { |path| expand_relative_paths(path) } # Location of clients on disk. String or array of strings. # Defaults to <chef_repo_path>/clients. - default(:client_path) { derive_path_from_chef_repo_path("clients") } + default(:client_path) { derive_path_from_chef_repo_path("clients") }.writes_value { |path| expand_relative_paths(path) } # Location of client keys on disk. String or array of strings. # Defaults to <chef_repo_path>/client_keys. - default(:client_key_path) { derive_path_from_chef_repo_path("client_keys") } + default(:client_key_path) { derive_path_from_chef_repo_path("client_keys") }.writes_value { |path| expand_relative_paths(path) } # Location of containers on disk. String or array of strings. # Defaults to <chef_repo_path>/containers. - default(:container_path) { derive_path_from_chef_repo_path("containers") } + default(:container_path) { derive_path_from_chef_repo_path("containers") }.writes_value { |path| expand_relative_paths(path) } # Location of cookbook_artifacts on disk. String or array of strings. # Defaults to <chef_repo_path>/cookbook_artifacts. - default(:cookbook_artifact_path) { derive_path_from_chef_repo_path("cookbook_artifacts") } + default(:cookbook_artifact_path) { derive_path_from_chef_repo_path("cookbook_artifacts") }.writes_value { |path| expand_relative_paths(path) } # Location of cookbooks on disk. String or array of strings. # Defaults to <chef_repo_path>/cookbooks. If chef_repo_path - # is not specified, this is set to [/var/chef/cookbooks, /var/chef/site-cookbooks]). - default(:cookbook_path) do - if configuration[:chef_repo_path] - derive_path_from_chef_repo_path("cookbooks") - else - Array(derive_path_from_chef_repo_path("cookbooks")).flatten + - Array(derive_path_from_chef_repo_path("site-cookbooks")).flatten - end - end + # is not specified, this is set to /var/chef/cookbooks. + default(:cookbook_path) { derive_path_from_chef_repo_path("cookbooks") } # Location of data bags on disk. String or array of strings. # Defaults to <chef_repo_path>/data_bags. - default(:data_bag_path) { derive_path_from_chef_repo_path("data_bags") } + default(:data_bag_path) { derive_path_from_chef_repo_path("data_bags") }.writes_value { |path| expand_relative_paths(path) } # Location of environments on disk. String or array of strings. # Defaults to <chef_repo_path>/environments. - default(:environment_path) { derive_path_from_chef_repo_path("environments") } + default(:environment_path) { derive_path_from_chef_repo_path("environments") }.writes_value { |path| expand_relative_paths(path) } # Location of groups on disk. String or array of strings. # Defaults to <chef_repo_path>/groups. - default(:group_path) { derive_path_from_chef_repo_path("groups") } + default(:group_path) { derive_path_from_chef_repo_path("groups") }.writes_value { |path| expand_relative_paths(path) } # Location of nodes on disk. String or array of strings. # Defaults to <chef_repo_path>/nodes. - default(:node_path) { derive_path_from_chef_repo_path("nodes") } + default(:node_path) { derive_path_from_chef_repo_path("nodes") }.writes_value { |path| expand_relative_paths(path) } # Location of policies on disk. String or array of strings. # Defaults to <chef_repo_path>/policies. - default(:policy_path) { derive_path_from_chef_repo_path("policies") } + default(:policy_path) { derive_path_from_chef_repo_path("policies") }.writes_value { |path| expand_relative_paths(path) } # Location of policy_groups on disk. String or array of strings. # Defaults to <chef_repo_path>/policy_groups. - default(:policy_group_path) { derive_path_from_chef_repo_path("policy_groups") } + default(:policy_group_path) { derive_path_from_chef_repo_path("policy_groups") }.writes_value { |path| expand_relative_paths(path) } # Location of roles on disk. String or array of strings. # Defaults to <chef_repo_path>/roles. - default(:role_path) { derive_path_from_chef_repo_path("roles") } + default(:role_path) { derive_path_from_chef_repo_path("roles") }.writes_value { |path| expand_relative_paths(path) } # Location of users on disk. String or array of strings. # Defaults to <chef_repo_path>/users. - default(:user_path) { derive_path_from_chef_repo_path("users") } + default(:user_path) { derive_path_from_chef_repo_path("users") }.writes_value { |path| expand_relative_paths(path) } # Turn on "path sanity" by default. default :enforce_path_sanity, false @@ -284,14 +331,14 @@ module ChefConfig if local_mode PathHelper.join(config_dir, "local-mode-cache") else - primary_cache_root = platform_specific_path("/var") - primary_cache_path = platform_specific_path("/var/chef") + primary_cache_root = var_root_dir + primary_cache_path = var_chef_dir # Use /var/chef as the cache path only if that folder exists and we can read and write # into it, or /var exists and we can read and write into it (we'll create /var/chef later). # Otherwise, we'll create .chef under the user's home directory and use that as # the cache path. unless path_accessible?(primary_cache_path) || path_accessible?(primary_cache_root) - secondary_cache_path = PathHelper.join(user_home, ".chef") + secondary_cache_path = PathHelper.join(user_home, ChefConfig::Dist::USER_CONF_DIR) secondary_cache_path = target_mode? ? "#{secondary_cache_path}/#{target_mode.host}" : secondary_cache_path ChefConfig.logger.trace("Unable to access cache at #{primary_cache_path}. Switching cache to #{secondary_cache_path}") secondary_cache_path @@ -312,7 +359,7 @@ module ChefConfig default(:checksum_path) { PathHelper.join(cache_path, "checksums") } # Where chef's cache files should be stored - default(:file_cache_path) { PathHelper.join(cache_path, "cache") } + default(:file_cache_path) { PathHelper.join(cache_path, "cache") }.writes_value { |path| expand_relative_paths(path) } # Where backups of chef-managed files should go default(:file_backup_path) { PathHelper.join(cache_path, "backup") } @@ -322,7 +369,7 @@ module ChefConfig # If your `file_cache_path` resides on a NFS (or non-flock()-supporting # fs), it's recommended to set this to something like # '/tmp/chef-client-running.pid' - default(:lockfile) { PathHelper.join(file_cache_path, "chef-client-running.pid") } + default(:lockfile) { PathHelper.join(file_cache_path, "#{ChefConfig::Dist::CLIENT}-running.pid") } ## Daemonization Settings ## # What user should Chef run as? @@ -353,6 +400,9 @@ module ChefConfig # Using `force_logger` causes chef to default to logger output when STDOUT is a tty default :force_logger, false + # When set to true always print the stacktrace even if we haven't done -l debug + default :always_dump_stacktrace, false + # Using 'stream_execute_output' will have Chef always stream the execute output default :stream_execute_output, false @@ -564,6 +614,16 @@ module ChefConfig # be validated. default :ssl_verify_mode, :verify_peer + # Needed to coerce string value to a symbol when loading settings from the + # credentials toml files which doesn't allow ruby symbol values + configurable(:ssl_verify_mode).writes_value do |value| + if value.is_a?(String) && value[0] == ":" + value[1..-1].to_sym + else + value.to_sym + end + end + # Whether or not to verify the SSL cert for HTTPS requests to the Chef # server API. If set to `true`, the server's cert will be validated # regardless of the :ssl_verify_mode setting. This is set to `true` when @@ -645,9 +705,9 @@ module ChefConfig if chef_zero.enabled nil elsif target_mode? - platform_specific_path("/etc/chef/#{target_mode.host}/client.pem") + PathHelper.cleanpath("#{etc_chef_dir}/#{target_mode.host}/client.pem") else - platform_specific_path("/etc/chef/client.pem") + PathHelper.cleanpath("#{etc_chef_dir}/client.pem") end end @@ -669,10 +729,10 @@ module ChefConfig # This secret is used to decrypt encrypted data bag items. default(:encrypted_data_bag_secret) do - if target_mode? && File.exist?(platform_specific_path("/etc/chef/#{target_mode.host}/encrypted_data_bag_secret")) - platform_specific_path("/etc/chef/#{target_mode.host}/encrypted_data_bag_secret") - elsif File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret")) - platform_specific_path("/etc/chef/encrypted_data_bag_secret") + if target_mode? && File.exist?(PathHelper.cleanpath("#{etc_chef_dir}/#{target_mode.host}/encrypted_data_bag_secret")) + PathHelper.cleanpath("#{etc_chef_dir}/#{target_mode.host}/encrypted_data_bag_secret") + elsif File.exist?(PathHelper.cleanpath("#{etc_chef_dir}/encrypted_data_bag_secret")) + PathHelper.cleanpath("#{etc_chef_dir}/encrypted_data_bag_secret") else nil end @@ -699,14 +759,14 @@ module ChefConfig # The `validation_key` is never used if the `client_key` exists. # # If chef-zero is enabled, this defaults to nil (no authentication). - default(:validation_key) { chef_zero.enabled ? nil : platform_specific_path("/etc/chef/validation.pem") } + default(:validation_key) { chef_zero.enabled ? nil : PathHelper.cleanpath("#{etc_chef_dir}/validation.pem") } default :validation_client_name do # If the URL is set and looks like a normal Chef Server URL, extract the # org name and use that as part of the default. if chef_server_url.to_s =~ %r{/organizations/(.*)$} "#{$1}-validator" else - "chef-validator" + "#{ChefConfig::Dist::SHORT}-validator" end end @@ -746,7 +806,7 @@ module ChefConfig # the new (and preferred) configuration setting. If not set, knife will # fall back to using cache_options[:path], which is deprecated but exists in # many client configs generated by pre-Chef-11 bootstrappers. - default(:syntax_check_cache_path) { cache_options[:path] } + default(:syntax_check_cache_path) { cache_options[:path] }.writes_value { |path| expand_relative_paths(path) } # Deprecated: # Move this to the default value of syntax_cache_path when this is removed. @@ -774,13 +834,13 @@ module ChefConfig # Whether the resource count should be updated for log resource # on running chef-client - default :count_log_resource_updates, true + default :count_log_resource_updates, false # The selected profile when using credentials. default :profile, nil default :chef_guid_path do - PathHelper.join(config_dir, "chef_guid") + PathHelper.join(config_dir, "#{ChefConfig::Dist::SHORT}_guid") end default :chef_guid, nil @@ -1007,7 +1067,7 @@ module ChefConfig # generated by the DataCollector when Chef is run in Solo mode. This # allows users to associate their Solo nodes with faux organizations # without the nodes being connected to an actual Chef Server. - default :organization, "chef_solo" + default :organization, "#{ChefConfig::Dist::SHORT}_solo" end configurable(:http_proxy) diff --git a/chef-config/lib/chef-config/dist.rb b/chef-config/lib/chef-config/dist.rb new file mode 100644 index 0000000000..e75b26730f --- /dev/null +++ b/chef-config/lib/chef-config/dist.rb @@ -0,0 +1,23 @@ +module ChefConfig + class Dist + # The chef executable name. + EXEC = "chef".freeze + + # The client's alias (chef-client) + CLIENT = "chef-client".freeze + + # A short name for the product + SHORT = "chef".freeze + + # The suffix for Chef's /etc/chef, /var/chef and C:\\Chef directories + # "cinc" => /etc/cinc, /var/cinc, C:\\cinc + DIR_SUFFIX = "chef".freeze + + # The user's configuration directory + USER_CONF_DIR = ".chef".freeze + + # The legacy conf folder: C:/opscode/chef. Specifically the "opscode" part + # DIR_SUFFIX is appended to it in code where relevant + LEGACY_CONF_DIR = "opscode".freeze + end +end diff --git a/chef-config/lib/chef-config/mixin/credentials.rb b/chef-config/lib/chef-config/mixin/credentials.rb index bb4d55f4bc..ec137cb221 100644 --- a/chef-config/lib/chef-config/mixin/credentials.rb +++ b/chef-config/lib/chef-config/mixin/credentials.rb @@ -36,7 +36,7 @@ module ChefConfig # normally set via a command-line option. # @return [String] def credentials_profile(profile = nil) - context_file = PathHelper.home(".chef", "context").freeze + context_file = PathHelper.home(ChefConfig::Dist::USER_CONF_DIR, "context").freeze if !profile.nil? profile elsif ENV.include?("CHEF_PROFILE") @@ -53,7 +53,7 @@ module ChefConfig # @since 14.4 # @return [String] def credentials_file_path - PathHelper.home(".chef", "credentials").freeze + PathHelper.home(ChefConfig::Dist::USER_CONF_DIR, "credentials").freeze end # Load and parse the credentials file. diff --git a/chef-config/lib/chef-config/path_helper.rb b/chef-config/lib/chef-config/path_helper.rb index 9ffdd0be56..23b70f30b3 100644 --- a/chef-config/lib/chef-config/path_helper.rb +++ b/chef-config/lib/chef-config/path_helper.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2014-2019, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -265,15 +265,15 @@ module ChefConfig end end - # Determine if the given path is protected by OS X System Integrity Protection. + # Determine if the given path is protected by macOS System Integrity Protection. def self.is_sip_path?(path, node) - if node["platform"] == "mac_os_x" && Gem::Version.new(node["platform_version"]) >= Gem::Version.new("10.11") + if ChefUtils.macos? # @todo: parse rootless.conf for this? sip_paths = [ "/System", "/bin", "/sbin", "/usr" ] sip_paths.each do |sip_path| - ChefConfig.logger.info("This is a SIP path, checking if it in exceptions list.") + ChefConfig.logger.info("#{sip_path} is a SIP path, checking if it is in the exceptions list.") return true if path.start_with?(sip_path) end false @@ -293,7 +293,7 @@ module ChefConfig sip_exceptions.each do |exception_path| return true if path.start_with?(exception_path) end - ChefConfig.logger.error("Cannot write to a SIP Path on OS X 10.11+") + ChefConfig.logger.error("Cannot write to a SIP path #{path} on macOS!") false end diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index d31525d0f6..4cd57c8921 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -15,5 +15,5 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("../..", __FILE__) - VERSION = "15.5.9".freeze + VERSION = "16.0.143".freeze end diff --git a/chef-config/lib/chef-config/workstation_config_loader.rb b/chef-config/lib/chef-config/workstation_config_loader.rb index c5eb8b5678..1f50cd3323 100644 --- a/chef-config/lib/chef-config/workstation_config_loader.rb +++ b/chef-config/lib/chef-config/workstation_config_loader.rb @@ -59,7 +59,7 @@ module ChefConfig @chef_config_dir = false full_path = working_directory.split(File::SEPARATOR) (full_path.length - 1).downto(0) do |i| - candidate_directory = File.join(full_path[0..i] + [".chef"]) + candidate_directory = File.join(full_path[0..i] + [ChefConfig::Dist::USER_CONF_DIR]) if File.exist?(candidate_directory) && File.directory?(candidate_directory) @chef_config_dir = candidate_directory break @@ -129,7 +129,7 @@ module ChefConfig candidate_configs << File.join(chef_config_dir, "knife.rb") end # Look for $HOME/.chef/knife.rb - PathHelper.home(".chef") do |dot_chef_dir| + PathHelper.home(ChefConfig::Dist::USER_CONF_DIR) do |dot_chef_dir| candidate_configs << File.join(dot_chef_dir, "config.rb") candidate_configs << File.join(dot_chef_dir, "knife.rb") end @@ -186,7 +186,7 @@ module ChefConfig end def home_chef_dir - @home_chef_dir ||= PathHelper.home(".chef") + @home_chef_dir ||= PathHelper.home(ChefConfig::Dist::USER_CONF_DIR) end def apply_config(config_content, config_file_path) diff --git a/chef-config/spec/unit/config_spec.rb b/chef-config/spec/unit/config_spec.rb index 674246dfd1..b7f070c0fa 100644 --- a/chef-config/spec/unit/config_spec.rb +++ b/chef-config/spec/unit/config_spec.rb @@ -151,6 +151,38 @@ RSpec.describe ChefConfig::Config do end + describe "expand relative paths" do + let(:current_directory) { Dir.pwd } + + context "when given cookbook_path" do + let(:extra_config_options) { [ "cookbook_path=cookbooks/" ] } + + it "expanded cookbook_path" do + apply_config + expect(described_class[:cookbook_path]).to eq("#{current_directory}/cookbooks") + end + end + + context "when passes multiple config options" do + let(:extra_config_options) { ["data_bag_path=data_bags/", "cookbook_path=cookbooks", "chef_repo_path=."] } + + it "expanded paths" do + apply_config + expect(described_class[:data_bag_path]).to eq("#{current_directory}/data_bags") + expect(described_class[:cookbook_path]).to eq("#{current_directory}/cookbooks") + expect(described_class[:chef_repo_path]).to eq("#{current_directory}") + end + end + + context "when passes multiple cookbook_paths in config options" do + let(:extra_config_options) { ["cookbook_path=[first_cookbook, secound_cookbooks]"] } + + it "expanded paths" do + apply_config + expect(described_class[:cookbook_path]).to eq(["#{current_directory}/first_cookbook", "#{current_directory}/secound_cookbooks"]) + end + end + end end describe "when configuring formatters" do @@ -196,9 +228,6 @@ RSpec.describe ChefConfig::Config do [ false, true ].each do |is_windows| context "On #{is_windows ? "Windows" : "Unix"}" do - def to_platform(*args) - ChefConfig::Config.platform_specific_path(*args) - end before :each do allow(ChefUtils).to receive(:windows?).and_return(is_windows) @@ -277,7 +306,7 @@ RSpec.describe ChefConfig::Config do end describe "ChefConfig::Config[:client_key]" do - let(:path_to_client_key) { to_platform("/etc/chef") + ChefConfig::PathHelper.path_separator } + let(:path_to_client_key) { ChefConfig::Config.etc_chef_dir + ChefConfig::PathHelper.path_separator } it "sets the default path to the client key" do expect(ChefConfig::Config.client_key).to eq(path_to_client_key + "client.pem") @@ -412,7 +441,7 @@ RSpec.describe ChefConfig::Config do context "when /var/chef exists and is accessible" do before do - allow(ChefConfig::Config).to receive(:path_accessible?).with(to_platform("/var/chef")).and_return(true) + allow(ChefConfig::Config).to receive(:path_accessible?).with(ChefConfig::Config.var_chef_dir).and_return(true) end it "defaults to /var/chef" do @@ -430,25 +459,25 @@ RSpec.describe ChefConfig::Config do context "when /var/chef does not exist and /var is accessible" do it "defaults to /var/chef" do - allow(File).to receive(:exists?).with(to_platform("/var/chef")).and_return(false) - allow(ChefConfig::Config).to receive(:path_accessible?).with(to_platform("/var")).and_return(true) + allow(File).to receive(:exists?).with(ChefConfig::Config.var_chef_dir).and_return(false) + allow(ChefConfig::Config).to receive(:path_accessible?).with(ChefConfig::Config.var_root_dir).and_return(true) expect(ChefConfig::Config[:cache_path]).to eq(primary_cache_path) end end context "when /var/chef does not exist and /var is not accessible" do it "defaults to $HOME/.chef" do - allow(File).to receive(:exists?).with(to_platform("/var/chef")).and_return(false) - allow(ChefConfig::Config).to receive(:path_accessible?).with(to_platform("/var")).and_return(false) + allow(File).to receive(:exists?).with(ChefConfig::Config.var_chef_dir).and_return(false) + allow(ChefConfig::Config).to receive(:path_accessible?).with(ChefConfig::Config.var_root_dir).and_return(false) expect(ChefConfig::Config[:cache_path]).to eq(secondary_cache_path) end end context "when /var/chef exists and is not accessible" do before do - allow(File).to receive(:exists?).with(to_platform("/var/chef")).and_return(true) - allow(File).to receive(:readable?).with(to_platform("/var/chef")).and_return(true) - allow(File).to receive(:writable?).with(to_platform("/var/chef")).and_return(false) + allow(File).to receive(:exists?).with(ChefConfig::Config.var_chef_dir).and_return(true) + allow(File).to receive(:readable?).with(ChefConfig::Config.var_chef_dir).and_return(true) + allow(File).to receive(:writable?).with(ChefConfig::Config.var_chef_dir).and_return(false) end it "defaults to $HOME/.chef" do @@ -471,21 +500,21 @@ RSpec.describe ChefConfig::Config do context "and config_dir is /a/b/c" do before do - ChefConfig::Config.config_dir to_platform("/a/b/c") + ChefConfig::Config.config_dir ChefConfig::PathHelper.cleanpath("/a/b/c") end it "cache_path is /a/b/c/local-mode-cache" do - expect(ChefConfig::Config.cache_path).to eq(to_platform("/a/b/c/local-mode-cache")) + expect(ChefConfig::Config.cache_path).to eq(ChefConfig::PathHelper.cleanpath("/a/b/c/local-mode-cache")) end end context "and config_dir is /a/b/c/" do before do - ChefConfig::Config.config_dir to_platform("/a/b/c/") + ChefConfig::Config.config_dir ChefConfig::PathHelper.cleanpath("/a/b/c/") end it "cache_path is /a/b/c/local-mode-cache" do - expect(ChefConfig::Config.cache_path).to eq(to_platform("/a/b/c/local-mode-cache")) + expect(ChefConfig::Config.cache_path).to eq(ChefConfig::PathHelper.cleanpath("/a/b/c/local-mode-cache")) end end end @@ -651,15 +680,15 @@ RSpec.describe ChefConfig::Config do end it "expands the path when determining config_dir" do - # config_dir goes through PathHelper.canonical_path, which + # config_dir goes through ChefConfig::PathHelper.canonical_path, which # downcases on windows because the FS is case insensitive, so we # have to downcase expected and actual to make the tests work. - expect(ChefConfig::Config.config_dir.downcase).to eq(to_platform(Dir.pwd).downcase) + expect(ChefConfig::Config.config_dir.downcase).to eq(ChefConfig::PathHelper.cleanpath(Dir.pwd).downcase) end it "does not set derived paths at FS root" do ChefConfig::Config.local_mode = true - expect(ChefConfig::Config.cache_path.downcase).to eq(to_platform(File.join(Dir.pwd, "local-mode-cache")).downcase) + expect(ChefConfig::Config.cache_path.downcase).to eq(ChefConfig::PathHelper.cleanpath(File.join(Dir.pwd, "local-mode-cache")).downcase) end end @@ -667,13 +696,13 @@ RSpec.describe ChefConfig::Config do context "when the config file is /etc/chef/client.rb" do before do - config_location = to_platform("/etc/chef/client.rb").downcase + config_location = ChefConfig::PathHelper.cleanpath(ChefConfig::PathHelper.join(ChefConfig::Config.etc_chef_dir, "client.rb")).downcase allow(File).to receive(:absolute_path).with(config_location).and_return(config_location) ChefConfig::Config.config_file = config_location end it "config_dir is /etc/chef" do - expect(ChefConfig::Config.config_dir).to eq(to_platform("/etc/chef").downcase) + expect(ChefConfig::Config.config_dir).to eq(ChefConfig::Config.etc_chef_dir.downcase) end context "and chef is running in local mode" do @@ -682,17 +711,17 @@ RSpec.describe ChefConfig::Config do end it "config_dir is /etc/chef" do - expect(ChefConfig::Config.config_dir).to eq(to_platform("/etc/chef").downcase) + expect(ChefConfig::Config.config_dir).to eq(ChefConfig::Config.etc_chef_dir.downcase) end end context "when config_dir is set to /other/config/dir/" do before do - ChefConfig::Config.config_dir = to_platform("/other/config/dir/") + ChefConfig::Config.config_dir = ChefConfig::PathHelper.cleanpath("/other/config/dir/") end it "yields the explicit value" do - expect(ChefConfig::Config.config_dir).to eq(to_platform("/other/config/dir/")) + expect(ChefConfig::Config.config_dir).to eq(ChefConfig::PathHelper.cleanpath("/other/config/dir/")) end end @@ -721,7 +750,7 @@ RSpec.describe ChefConfig::Config do if is_windows context "when the user's home dir is windows specific" do before do - ChefConfig::Config.user_home = to_platform("/home/charlie/") + ChefConfig::Config.user_home = ChefConfig::PathHelper.cleanpath("/home/charlie/") end it "config_dir is with backslashes" do @@ -777,7 +806,7 @@ RSpec.describe ChefConfig::Config do describe "ChefConfig::Config[:user_home]" do it "should set when HOME is provided" do - expected = to_platform("/home/kitten") + expected = ChefConfig::PathHelper.cleanpath("/home/kitten") allow(ChefConfig::PathHelper).to receive(:home).and_return(expected) expect(ChefConfig::Config[:user_home]).to eq(expected) end @@ -789,7 +818,7 @@ RSpec.describe ChefConfig::Config do end describe "ChefConfig::Config[:encrypted_data_bag_secret]" do - let(:db_secret_default_path) { to_platform("/etc/chef/encrypted_data_bag_secret") } + let(:db_secret_default_path) { ChefConfig::PathHelper.cleanpath("#{ChefConfig::Config.etc_chef_dir}/encrypted_data_bag_secret") } before do allow(File).to receive(:exist?).with(db_secret_default_path).and_return(secret_exists) diff --git a/chef-config/spec/unit/workstation_config_loader_spec.rb b/chef-config/spec/unit/workstation_config_loader_spec.rb index 704c3ac2dc..3248184d77 100644 --- a/chef-config/spec/unit/workstation_config_loader_spec.rb +++ b/chef-config/spec/unit/workstation_config_loader_spec.rb @@ -583,6 +583,36 @@ RSpec.describe ChefConfig::WorkstationConfigLoader do end end + context "and ssl_verify_mode is a symbol string" do + let(:content) do + content = <<~EOH + [default] + ssl_verify_mode = ":verify_none" + EOH + content + end + + it "raises a ConfigurationError" do + expect { config_loader.load_credentials }.not_to raise_error + expect(ChefConfig::Config.ssl_verify_mode).to eq(:verify_none) + end + end + + context "and ssl_verify_mode is a string" do + let(:content) do + content = <<~EOH + [default] + ssl_verify_mode = "verify_none" + EOH + content + end + + it "raises a ConfigurationError" do + expect { config_loader.load_credentials }.not_to raise_error + expect(ChefConfig::Config.ssl_verify_mode).to eq(:verify_none) + end + end + context "and has a syntax error" do let(:content) { "<<<<<" } diff --git a/chef-universal-mingw32.gemspec b/chef-universal-mingw32.gemspec index 58ce54642d..9d77b2526e 100644 --- a/chef-universal-mingw32.gemspec +++ b/chef-universal-mingw32.gemspec @@ -11,7 +11,7 @@ gemspec.add_dependency "win32-eventlog", "0.6.3" gemspec.add_dependency "win32-mmap", "~> 0.4.1" gemspec.add_dependency "win32-mutex", "~> 0.4.2" gemspec.add_dependency "win32-process", "~> 0.8.2" -gemspec.add_dependency "win32-service", ">= 2.1.2", "< 3.0" +gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0" gemspec.add_dependency "wmi-lite", "~> 1.0" gemspec.add_dependency "win32-taskscheduler", "~> 2.0" gemspec.add_dependency "iso8601", "~> 0.12.1" diff --git a/chef-utils/README.md b/chef-utils/README.md index c94dc29312..e44d4d6937 100644 --- a/chef-utils/README.md +++ b/chef-utils/README.md @@ -120,6 +120,38 @@ Architecture Helpers allow you to determine the processor architecture of your n * `s390x?` * `s390?` +### Cloud Helpers + +* `cloud?` - if the node is running in any cloud, including internal ones +* `ec2?` - if the node is running in ec2 +* `gce?` - if the node is running in gce +* `rackspace?` - if the node is running in rackspace +* `eucalyptus?` - if the node is running under eucalyptus +* `linode?` - if the node is running in linode +* `openstack?` - if the node is running under openstack +* `azure?` - if the node is running in azure +* `digital_ocean?` - if the node is running in digital ocean +* `softlayer?` - if the node is running in softlayer + +### Virtualization Helpers + +* `kvm?` - if the node is a kvm guest +* `kvm_host?` - if the node is a kvm host +* `lxc?` - if the node is an lxc guest +* `lxc_host?` - if the node is an lxc host +* `parallels?`- if the node is a parallels guest +* `parallels_host?`- if the node is a parallels host +* `vbox?` - if the node is a virtualbox guest +* `vbox_host?` - if the node is a virtualbox host +* `vmware?` - if the node is a vmware guest +* `vmware_host?` - if the node is a vmware host +* `openvz?` - if the node is an openvz guest +* `openvz_host?` - if the node is an openvz host +* `guest?` - if the node is detected as any kind of guest +* `hypervisor?` - if the node is detected as being any kind of hypervisor +* `physical?` - the node is not running as a guest (may be a hypervisor or may be bare-metal) +* `vagrant?` - attempts to identify the node as a vagrant guest (this check may be error prone) + ### Train Helpers **EXPERIMENTAL**: APIs may have breaking changes any time without warning @@ -133,6 +165,7 @@ Architecture Helpers allow you to determine the processor architecture of your n * `systemd?` - if the init system is systemd * `kitchen?` - if ENV['TEST_KITCHEN'] is set * `ci?` - if ENV['CI'] is set +* `include_recipe?(recipe_name)` - if the `recipe_name` is in the run list, the expanded run list, or has been `include_recipe`'d. ### Service Helpers @@ -153,16 +186,34 @@ Architecture Helpers allow you to determine the processor architecture of your n * `sanitized_path` +## Documentation for Cookbook library authors + +To use the helpers in a class or module in a cookbook library file you can include the ChefUtils DSL: + +```ruby +module MyHelper + include ChefUtils # or any individual module with DSL methods in it + + def do_something + puts "RHEL" if rhel? + end + + extend self +end +``` + +Now you can include MyHelper in another class/module, or you can call MyHelper.do_something directly. + ## Documentation for Software Developers The design of the DSL helper libraries in this gem are designed around the Chef Infra Client use cases. Most of the helpers are -accessible through the Chef DSL directly via the `ChefUtils::DSL` module. They are also available via class method calls on +accessible through the Chef DSL directly via the `ChefUtils` module. They are also available via class method calls on the ChefUtils module directly (e.g. `ChefUtils.debian?`). For that to be possible there is Chef Infra Client specific wiring in the `ChefUtils::Internal` class allowing the helpers to access the `Chef.run_context` global values. This allows them to be used from library helpers in cookbooks inside Chef Infra Client. For external use in other gems, this automatic wiring will not work correctly, and so it will not generally be possible to -call helpers off of the `ChefUtils` class (somee exceptions that do not require a node-like object or a train connection will +call helpers off of the `ChefUtils` class (some exceptions that do not require a node-like object or a train connection will may still work). For use in other gems you should create your own module and mixin the helper class. If you have a node method in your class/module then that method will be used. @@ -170,7 +221,7 @@ You can wire up a module which implements the Chef DSL with your own wiring usin ```ruby module MyDSL - include ChefUtils::DSL # or any individual module with DSL methods in it + include ChefUtils # or any individual module with DSL methods in it private diff --git a/chef-utils/lib/chef-utils.rb b/chef-utils/lib/chef-utils.rb index fe25ea5ff5..cb1ce839a1 100644 --- a/chef-utils/lib/chef-utils.rb +++ b/chef-utils/lib/chef-utils.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2015-2019, Chef Software Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,26 +16,34 @@ # require_relative "chef-utils/dsl/architecture" +require_relative "chef-utils/dsl/cloud" require_relative "chef-utils/dsl/introspection" require_relative "chef-utils/dsl/os" require_relative "chef-utils/dsl/path_sanity" require_relative "chef-utils/dsl/platform" require_relative "chef-utils/dsl/platform_family" +require_relative "chef-utils/dsl/platform_version" require_relative "chef-utils/dsl/service" require_relative "chef-utils/dsl/train_helpers" +require_relative "chef-utils/dsl/virtualization" require_relative "chef-utils/dsl/which" +require_relative "chef-utils/dsl/windows" require_relative "chef-utils/mash" -# This is the Chef Infra Client DSL, not everytihng needs to go in here +# This is the Chef Infra Client DSL, not everything needs to go in here module ChefUtils include ChefUtils::DSL::Architecture + include ChefUtils::DSL::Cloud + include ChefUtils::DSL::Introspection include ChefUtils::DSL::OS - include ChefUtils::DSL::PlatformFamily + include ChefUtils::DSL::PathSanity include ChefUtils::DSL::Platform - include ChefUtils::DSL::Introspection - # FIXME: include ChefUtils::DSL::Which in Chef 16.0 - # FIXME: include ChefUtils::DSL::PathSanity in Chef 16.0 - # FIXME: include ChefUtils::DSL::TrainHelpers in Chef 16.0 + include ChefUtils::DSL::PlatformFamily + include ChefUtils::DSL::PlatformVersion + include ChefUtils::DSL::TrainHelpers + include ChefUtils::DSL::Virtualization + include ChefUtils::DSL::Which + include ChefUtils::DSL::Windows # ChefUtils::DSL::Service is deliberately excluded CANARY = 1 # used as a guard for requires diff --git a/chef-utils/lib/chef-utils/dsl/architecture.rb b/chef-utils/lib/chef-utils/dsl/architecture.rb index b3e9235b16..d20c6c5a76 100644 --- a/chef-utils/lib/chef-utils/dsl/architecture.rb +++ b/chef-utils/lib/chef-utils/dsl/architecture.rb @@ -22,7 +22,9 @@ module ChefUtils module Architecture include Internal - # Determine if the current architecture is 64-bit + # Determine if the current architecture is 64-bit. + # + # @since 15.5 # # @return [Boolean] # @@ -31,7 +33,9 @@ module ChefUtils .include?(node["kernel"]["machine"]) end - # Determine if the current architecture is 32-bit + # Determine if the current architecture is 32-bit. + # + # @since 15.5 # # @return [Boolean] # @@ -39,7 +43,9 @@ module ChefUtils !_64_bit?(node) end - # Determine if the current architecture is i386 + # Determine if the current architecture is i386. + # + # @since 15.5 # # @return [Boolean] # @@ -49,6 +55,8 @@ module ChefUtils # Determine if the current architecture is Intel. # + # @since 15.5 + # # @return [Boolean] # def intel?(node = __getnode) @@ -57,13 +65,17 @@ module ChefUtils # Determine if the current architecture is SPARC. # + # @since 15.5 + # # @return [Boolean] # def sparc?(node = __getnode) %w{sun4u sun4v}.include?(node["kernel"]["machine"]) end - # Determine if the current architecture is Powerpc64 Big Endian + # Determine if the current architecture is PowerPC 64bit Big Endian. + # + # @since 15.5 # # @return [Boolean] # @@ -71,7 +83,9 @@ module ChefUtils %w{ppc64}.include?(node["kernel"]["machine"]) end - # Determine if the current architecture is Powerpc64 Little Endian + # Determine if the current architecture is PowerPC 64bit Little Endian. + # + # @since 15.5 # # @return [Boolean] # @@ -81,13 +95,17 @@ module ChefUtils # Determine if the current architecture is PowerPC. # + # @since 15.5 + # # @return [Boolean] # def powerpc?(node = __getnode) %w{powerpc}.include?(node["kernel"]["machine"]) end - # Determine if the current architecture is 32-bit ARM + # Determine if the current architecture is 32-bit ARM. + # + # @since 15.5 # # @return [Boolean] # @@ -95,7 +113,9 @@ module ChefUtils %w{armhf}.include?(node["kernel"]["machine"]) end - # Determine if the current architecture is s390x + # Determine if the current architecture is s390x. + # + # @since 15.5 # # @return [Boolean] # @@ -103,7 +123,9 @@ module ChefUtils %w{s390x}.include?(node["kernel"]["machine"]) end - # Determine if the current architecture is s390 + # Determine if the current architecture is s390. + # + # @since 15.5 # # @return [Boolean] # diff --git a/chef-utils/lib/chef-utils/dsl/cloud.rb b/chef-utils/lib/chef-utils/dsl/cloud.rb new file mode 100644 index 0000000000..734c7412aa --- /dev/null +++ b/chef-utils/lib/chef-utils/dsl/cloud.rb @@ -0,0 +1,142 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../internal" + +module ChefUtils + module DSL + module Cloud + include Internal + + # Determine if the current node is "in the cloud". + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def cloud?(node = __getnode) + node.key?("cloud") + end + + # Return true if the current current node is in EC2. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def ec2?(node = __getnode) + node.key?("ec2") + end + + # Return true if the current current node is in GCE. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def gce?(node = __getnode) + node.key?("gce") + end + + # Return true if the current current node is in Rackspace. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def rackspace?(node = __getnode) + node.key?("rackspace") + end + + # Return true if the current current node is in Eucalyptus. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def eucalyptus?(node = __getnode) + node.key?("eucalyptus") + end + # chef-sugar backcompat method + alias_method :euca?, :eucalyptus? + + # Return true if the current current node is in Linode. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def linode?(node = __getnode) + node.key?("linode") + end + + # Return true if the current current node is in OpenStack. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def openstack?(node = __getnode) + node.key?("openstack") + end + + # Return true if the current current node is in Azure. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def azure?(node = __getnode) + node.key?("azure") + end + + # Return true if the current current node is in DigitalOcean. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def digital_ocean?(node = __getnode) + node.key?("digital_ocean") + end + # chef-sugar backcompat method + alias_method :digitalocean?, :digital_ocean? + + # Return true if the current current node is in SoftLayer. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [Boolean] + # + def softlayer?(node = __getnode) + node.key?("softlayer") + end + + extend self + end + end +end diff --git a/chef-utils/lib/chef-utils/dsl/introspection.rb b/chef-utils/lib/chef-utils/dsl/introspection.rb index f4025d5773..028221f95f 100644 --- a/chef-utils/lib/chef-utils/dsl/introspection.rb +++ b/chef-utils/lib/chef-utils/dsl/introspection.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018-2019, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -28,9 +28,10 @@ module ChefUtils module Introspection include TrainHelpers - # Returns whether the node is a docker container. + # Determine if the node is a docker container. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 12.11 # # @return [Boolean] # @@ -40,7 +41,10 @@ module ChefUtils !!(node && node.read("virtualization", "systems", "docker") == "guest") end - # @param [Chef::Node] node + # Determine if the node uses the systemd init system. + # + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -48,7 +52,10 @@ module ChefUtils file_exist?("/proc/1/comm") && file_open("/proc/1/comm").gets.chomp == "systemd" end - # @param [Chef::Node] node + # Determine if the node is running in Test Kitchen. + # + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -56,7 +63,10 @@ module ChefUtils ENV.key?("TEST_KITCHEN") end - # @param [Chef::Node] node + # Determine if the node is running in a CI system that sets the CI env var. + # + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -64,7 +74,10 @@ module ChefUtils ENV.key?("CI") end + # Determine if the a systemd service unit is present on the system. + # # @param [String] svc_name + # @since 15.5 # # @return [Boolean] # @@ -76,7 +89,10 @@ module ChefUtils end end + # Determine if the a systemd unit of any type is present on the system. + # # @param [String] svc_name + # @since 15.5 # # @return [Boolean] # @@ -87,6 +103,19 @@ module ChefUtils end end + # Determine if the current node includes the given recipe name. + # + # @param [String] recipe_name + # @since 15.8 + # + # @return [Boolean] + # + def includes_recipe?(recipe_name, node = __getnode) + node.recipe?(recipe_name) + end + # chef-sugar backcompat method + alias_method :include_recipe?, :includes_recipe? + extend self end end diff --git a/chef-utils/lib/chef-utils/dsl/os.rb b/chef-utils/lib/chef-utils/dsl/os.rb index 6d1d749957..800753c054 100644 --- a/chef-utils/lib/chef-utils/dsl/os.rb +++ b/chef-utils/lib/chef-utils/dsl/os.rb @@ -29,9 +29,10 @@ module ChefUtils # only the platform helper should be added. # - # Determine if the current node is linux. + # Determine if the current node is Linux. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -39,9 +40,10 @@ module ChefUtils node["os"] == "linux" end - # Determine if the current node is darwin. + # Determine if the current node is Darwin. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # diff --git a/chef-utils/lib/chef-utils/dsl/path_sanity.rb b/chef-utils/lib/chef-utils/dsl/path_sanity.rb index ec8d84922e..8eb4c90068 100644 --- a/chef-utils/lib/chef-utils/dsl/path_sanity.rb +++ b/chef-utils/lib/chef-utils/dsl/path_sanity.rb @@ -23,6 +23,7 @@ module ChefUtils module PathSanity include Internal + # @since 15.5 def sanitized_path(env = nil) env_path = env ? env["PATH"] : __env_path env_path = "" if env_path.nil? diff --git a/chef-utils/lib/chef-utils/dsl/platform.rb b/chef-utils/lib/chef-utils/dsl/platform.rb index 29f6b1563c..8af405d51c 100644 --- a/chef-utils/lib/chef-utils/dsl/platform.rb +++ b/chef-utils/lib/chef-utils/dsl/platform.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018-2019, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,43 +29,51 @@ module ChefUtils # Determine if the current node is linux mint. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def linuxmint?(node = __getnode) + def linuxmint_platform?(node = __getnode) node["platform"] == "linuxmint" end - # chef-sugar backcompat methods - alias_method :mint?, :linuxmint? - alias_method :linux_mint?, :linuxmint? - alias_method :linuxmint_platform?, :linuxmint? + # chef-sugar backcompat method + alias_method :mint?, :linuxmint_platform? + # chef-sugar backcompat method + alias_method :linux_mint?, :linuxmint_platform? + # chef-sugar backcompat method + alias_method :linuxmint?, :linuxmint_platform? - # Determine if the current node is ubuntu. + # Determine if the current node is Ubuntu. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def ubuntu?(node = __getnode) + def ubuntu_platform?(node = __getnode) node["platform"] == "ubuntu" end - alias_method :ubuntu_platform?, :ubuntu? + # chef-sugar backcompat method + alias_method :ubuntu?, :ubuntu_platform? - # Determine if the current node is raspbian. + # Determine if the current node is Raspbian. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def raspbian?(node = __getnode) + def raspbian_platform?(node = __getnode) node["platform"] == "raspbian" end - alias_method :raspbian_platform?, :raspbian? + # chef-sugar backcompat method + alias_method :raspbian?, :raspbian_platform? - # Determine if the current node is debian. + # Determine if the current node is Debian. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -73,9 +81,10 @@ module ChefUtils node["platform"] == "debian" end - # Determine if the current node is amazon linux. + # Determine if the current node is Amazon Linux. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -83,71 +92,83 @@ module ChefUtils node["platform"] == "amazon" end - # Determine if the current node is redhat enterprise. + # Determine if the current node is Red Hat Enterprise Linux. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def redhat?(node = __getnode) + def redhat_platform?(node = __getnode) node["platform"] == "redhat" end - # chef-sugar backcompat methods - alias_method :redhat_enterprise?, :redhat? - alias_method :redhat_enterprise_linux?, :redhat? - alias_method :redhat_platform?, :redhat? + # chef-sugar backcompat method + alias_method :redhat_enterprise?, :redhat_platform? + # chef-sugar backcompat method + alias_method :redhat_enterprise_linux?, :redhat_platform? + # chef-sugar backcompat method + alias_method :redhat?, :redhat_platform? - # Determine if the current node is centos. + # Determine if the current node is CentOS. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def centos?(node = __getnode) + def centos_platform?(node = __getnode) node["platform"] == "centos" end - alias_method :centos_platform?, :centos? + # chef-sugar backcompat method + alias_method :centos?, :centos_platform? - # Determine if the current node is oracle linux. + # Determine if the current node is Oracle Linux. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def oracle?(node = __getnode) + def oracle_platform?(node = __getnode) node["platform"] == "oracle" end - # chef-sugar backcompat methods - alias_method :oracle_linux?, :oracle? - alias_method :oracle_platform?, :oracle? + # chef-sugar backcompat method + alias_method :oracle_linux?, :oracle_platform? + # chef-sugar backcompat method + alias_method :oracle?, :oracle_platform? - # Determine if the current node is scientific linux. + # Determine if the current node is Scientific Linux. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def scientific?(node = __getnode) + def scientific_platform?(node = __getnode) node["platform"] == "scientific" end - # chef-sugar backcompat methods - alias_method :scientific_linux?, :scientific? - alias_method :scientific_platform?, :scientific? + # chef-sugar backcompat method + alias_method :scientific_linux?, :scientific_platform? + # chef-sugar backcompat method + alias_method :scientific?, :scientific_platform? - # Determine if the current node is clearos. + # Determine if the current node is ClearOS. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def clearos?(node = __getnode) + def clearos_platform?(node = __getnode) node["platform"] == "clearos" end - alias_method :clearos_platform?, :clearos? + # chef-sugar backcompat method + alias_method :clearos?, :clearos_platform? - # Determine if the current node is fedora. + # Determine if the current node is Fedora. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -155,9 +176,10 @@ module ChefUtils node["platform"] == "fedora" end - # Determine if the current node is arch + # Determine if the current node is Arch Linux # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -165,9 +187,10 @@ module ChefUtils node["platform"] == "arch" end - # Determine if the current node is solaris2 + # Determine if the current node is Solaris2. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -175,9 +198,10 @@ module ChefUtils node["platform"] == "solaris2" end - # Determine if the current node is smartos + # Determine if the current node is SmartOS. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -185,42 +209,49 @@ module ChefUtils node["platform"] == "smartos" end - # Determine if the current node is omnios + # Determine if the current node is OmniOS. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def omnios?(node = __getnode) + def omnios_platform?(node = __getnode) node["platform"] == "omnios" end - alias_method :omnios_platform?, :omnios? + # chef-sugar backcompat method + alias_method :omnios?, :omnios_platform? - # Determine if the current node is openindiana + # Determine if the current node is OpenIndiana. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def openindiana?(node = __getnode) + def openindiana_platform?(node = __getnode) node["platform"] == "openindiana" end - alias_method :openindiana_platform?, :openindiana? + # chef-sugar backcompat method + alias_method :openindiana?, :openindiana_platform? - # Determine if the current node is nexentacore + # Determine if the current node is Nexenta Core Platform aka Nexenta OS. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def nexentacore?(node = __getnode) + def nexentacore_platform?(node = __getnode) node["platform"] == "nexentacore" end - alias_method :nexentacore_platform?, :nexentacore? + # chef-sugar backcompat method + alias_method :nexentacore?, :nexentacore_platform? - # Determine if the current node is aix + # Determine if the current node is AIX. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -228,9 +259,10 @@ module ChefUtils node["platform"] == "aix" end - # Determine if the current node is freebsd + # Determine if the current node is FreeBSD. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -238,9 +270,10 @@ module ChefUtils node["platform"] == "freebsd" end - # Determine if the current node is openbsd + # Determine if the current node is OpenBSD. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -248,9 +281,10 @@ module ChefUtils node["platform"] == "openbsd" end - # Determine if the current node is netbsd + # Determine if the current node is NetBSD. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -258,9 +292,10 @@ module ChefUtils node["platform"] == "netbsd" end - # Determine if the current node is dragonflybsd + # Determine if the current node is DragonFly BSD. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -268,20 +303,23 @@ module ChefUtils node["platform"] == "dragonfly" end - # Determine if the current node is MacOS. + # Determine if the current node is macOS. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # def macos_platform?(node = __getnode) node["platform"] == "mac_os_x" end + # chef-sugar backcompat method alias_method :mac_os_x_platform?, :macos_platform? - # Determine if the current node is gentoo + # Determine if the current node is Gentoo. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -289,9 +327,10 @@ module ChefUtils node["platform"] == "gentoo" end - # Determine if the current node is slackware. + # Determine if the current node is Slackware. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -301,7 +340,8 @@ module ChefUtils # Determine if the current node is SuSE. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -309,23 +349,28 @@ module ChefUtils node["platform"] == "suse" end - # Determine if the current node is OpenSuSE. + # Determine if the current node is OpenSUSE. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # - def opensuse?(node = __getnode) + def opensuse_platform?(node = __getnode) node["platform"] == "opensuse" || node["platform"] == "opensuseleap" end - alias_method :opensuse_platform?, :opensuse? - alias_method :opensuseleap_platform?, :opensuse? - alias_method :leap_platform?, :opensuse? + # chef-sugar backcompat method + alias_method :opensuse?, :opensuse_platform? + # chef-sugar backcompat method + alias_method :opensuseleap_platform?, :opensuse_platform? + # chef-sugar backcompat method + alias_method :leap_platform?, :opensuse_platform? # NOTE: to anyone adding :tumbleweed_platform? - :[opensuse]leap_platform? should be false on tumbleweed, :opensuse[_platform]? should be true # Determine if the current node is Windows. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # diff --git a/chef-utils/lib/chef-utils/dsl/platform_family.rb b/chef-utils/lib/chef-utils/dsl/platform_family.rb index 55ca6196c9..9d0c878cb7 100644 --- a/chef-utils/lib/chef-utils/dsl/platform_family.rb +++ b/chef-utils/lib/chef-utils/dsl/platform_family.rb @@ -22,21 +22,23 @@ module ChefUtils module PlatformFamily include Internal - # Determine if the current node is arch linux. + # Determine if the current node is a member of the 'arch' family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # def arch?(node = __getnode) node["platform_family"] == "arch" end - # chef-sugar backcompat methods + # chef-sugar backcompat method alias_method :arch_linux?, :arch? - # Determine if the current node is aix + # Determine if the current node is a member of the 'aix' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -44,9 +46,10 @@ module ChefUtils node["platform_family"] == "aix" end - # Determine if the current node is a member of the debian family. + # Determine if the current node is a member of the 'debian' platform family (Debian, Ubuntu and derivatives). # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -54,9 +57,10 @@ module ChefUtils node["platform_family"] == "debian" end - # Determine if the current node is a member of the fedora family. + # Determine if the current node is a member of the 'fedora' platform family (Fedora and Arista). # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -64,35 +68,40 @@ module ChefUtils node["platform_family"] == "fedora" end - # Determine if the current node is a member of the OSX family. + # Determine if the current node is a member of the 'mac_os_x' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # def macos?(node = __getnode) node["platform_family"] == "mac_os_x" end + # chef-sugar backcompat method alias_method :osx?, :macos? + # chef-sugar backcompat method alias_method :mac?, :macos? + # chef-sugar backcompat method alias_method :mac_os_x?, :macos? - # Determine if the current node is a member of the rhel family (RHEL, CentOS, Oracle or Scientific Linux, no Amazon or Fedora). + # Determine if the current node is a member of the 'rhel' platform family (Red Hat, CentOS, Oracle or Scientific Linux, but NOT Amazon Linux or Fedora). # - # The platform_versions for these operating systems must match (rhel7 == centos7 == oracle7 == scientfic7), modulo additional packages - # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # def rhel?(node = __getnode) node["platform_family"] == "rhel" end + # chef-sugar backcompat method alias_method :el?, :rhel? - # Determine if the current node is a rhel6 compatible build (RHEL, CentOS, Oracle or Scientific Linux) + # Determine if the current node is a rhel6 compatible build (Red Hat, CentOS, Oracle or Scientific Linux). # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -100,9 +109,10 @@ module ChefUtils node["platform_family"] == "rhel" && node["platform_version"].to_f >= 6.0 && node["platform_version"].to_f < 7.0 end - # Determine if the current node is a rhel7 compatible build (RHEL, CentOS, Oracle or Scientific Linux) + # Determine if the current node is a rhel7 compatible build (Red Hat, CentOS, Oracle or Scientific Linux). # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -110,9 +120,10 @@ module ChefUtils node["platform_family"] == "rhel" && node["platform_version"].to_f >= 7.0 && node["platform_version"].to_f < 8.0 end - # Determine if the current node is a rhel8 compatible build (RHEL, CentOS, Oracle or Scientific Linux) + # Determine if the current node is a rhel8 compatible build (Red Hat, CentOS, Oracle or Scientific Linux). # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -120,32 +131,36 @@ module ChefUtils node["platform_family"] == "rhel" && node["platform_version"].to_f >= 8.0 && node["platform_version"].to_f < 9.0 end - # Determine if the current node is a member of the amazon family. + # Determine if the current node is a member of the 'amazon' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # def amazon?(node = __getnode) node["platform_family"] == "amazon" end + # chef-sugar backcompat method alias_method :amazon_linux?, :amazon? - # Determine if the current node is solaris2 + # Determine if the current node is a member of the 'solaris2' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # def solaris2?(node = __getnode) node["platform_family"] == "solaris2" end - # chef-sugar backcompat methods + # chef-sugar backcompat method alias_method :solaris?, :solaris2? - # Determine if the current node is smartos + # Determine if the current node is a member of the 'smartos' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -153,9 +168,10 @@ module ChefUtils node["platform_family"] == "smartos" end - # Determine if the current node is a member of the suse family. + # Determine if the current node is a member of the 'suse' platform family (openSUSE, SLES, and SLED). # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -163,9 +179,10 @@ module ChefUtils node["platform_family"] == "suse" end - # Determine if the current node is a member of the gentoo family. + # Determine if the current node is a member of the 'gentoo' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -173,9 +190,10 @@ module ChefUtils node["platform_family"] == "gentoo" end - # Determine if the current node is freebsd + # Determine if the current node is a member of the 'freebsd' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -183,9 +201,10 @@ module ChefUtils node["platform_family"] == "freebsd" end - # Determine if the current node is openbsd + # Determine if the current node is a member of the 'openbsd' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -193,9 +212,10 @@ module ChefUtils node["platform_family"] == "openbsd" end - # Determine if the current node is netbsd + # Determine if the current node is a member of the 'netbsd' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -203,9 +223,10 @@ module ChefUtils node["platform_family"] == "netbsd" end - # Determine if the current node is dragonflybsd + # Determine if the current node is a member of the 'dragonflybsd' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -213,9 +234,10 @@ module ChefUtils node["platform_family"] == "dragonflybsd" end - # Determine if the current node is a member of the windows family. + # Determine if the current node is a member of the 'windows' platform family. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -233,8 +255,10 @@ module ChefUtils node ? node["platform_family"] == "windows" : windows_ruby? end - # Determine if the ruby VM is currently running on a windows node (chefspec can never stub - # this behavior, so this is useful for code which can never be parsed on a non-windows box). + # Determine if the Ruby VM is currently running on a Windows node (ChefSpec can never stub + # this behavior, so this is useful for code which can never be parsed on a non-Windows box). + # + # @since 15.5 # # @return [Boolean] # @@ -254,7 +278,8 @@ module ChefUtils # less useful since in no way can AIX trace its lineage back to old redhat distros. This is most useful for # "smells like redhat, including SuSE". # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -262,11 +287,12 @@ module ChefUtils fedora_derived?(node) || node["platform_family"] == "suse" end - # RPM-based distros which are not SuSE and are very loosely similar to fedora, using yum or dnf. The historical - # lineage of the distro should have forked off from old redhat fedora distros at some point. Currently rhel, - # fedora and amazon. This is most useful for "smells like redhat, but isn't SuSE". + # RPM-based distros which are not SuSE and are very loosely similar to fedora, using yum or dnf. The historical + # lineage of the distro should have forked off from old redhat fedora distros at some point. Currently rhel, + # fedora and amazon. This is most useful for "smells like redhat, but isn't SuSE". # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -274,10 +300,11 @@ module ChefUtils redhat_based?(node) || node["platform_family"] == "amazon" end - # RedHat distros -- fedora and rhel platform_families, nothing else. This is most likely not as useful as the + # RedHat distros -- fedora and rhel platform_families, nothing else. This is most likely not as useful as the # "fedora_dervied?" helper. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -287,7 +314,8 @@ module ChefUtils # All of the Solaris-lineage. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # @@ -297,9 +325,10 @@ module ChefUtils # All of the BSD-lineage. # - # Note that MacOSX is not included since Mac deviates so significantly from BSD that including it would not be useful. + # Note that macOS is not included since macOS deviates so significantly from BSD that including it would not be useful. # - # @param [Chef::Node] node + # @param [Chef::Node] node the node to check + # @since 15.5 # # @return [Boolean] # diff --git a/chef-utils/lib/chef-utils/dsl/platform_version.rb b/chef-utils/lib/chef-utils/dsl/platform_version.rb new file mode 100644 index 0000000000..3d6269dc42 --- /dev/null +++ b/chef-utils/lib/chef-utils/dsl/platform_version.rb @@ -0,0 +1,40 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../internal" + +module ChefUtils + module DSL + module PlatformVersion + include Internal + + # Return the platform_version for the node. Acts like a String + # but also provides a mechanism for checking version constraints. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [ChefUtils::VersionString] + # + def platform_version(node = __getnode) + ChefUtils::VersionString.new(node["platform_version"]) + end + + extend self + end + end +end diff --git a/chef-utils/lib/chef-utils/dsl/service.rb b/chef-utils/lib/chef-utils/dsl/service.rb index da4ea6c8a1..2ab44383da 100644 --- a/chef-utils/lib/chef-utils/dsl/service.rb +++ b/chef-utils/lib/chef-utils/dsl/service.rb @@ -28,6 +28,8 @@ module ChefUtils # Returns if debian's old rc.d manager is installed (not necessarily the primary init system). # + # @since 15.5 + # # @return [Boolean] # def debianrcd? @@ -36,6 +38,8 @@ module ChefUtils # Returns if debian's old invoke rc.d manager is installed (not necessarily the primary init system). # + # @since 15.5 + # # @return [Boolean] # def invokercd? @@ -44,6 +48,8 @@ module ChefUtils # Returns if upstart is installed (not necessarily the primary init system). # + # @since 15.5 + # # @return [Boolean] # def upstart? @@ -52,6 +58,8 @@ module ChefUtils # Returns if insserv is installed (not necessarily the primary init system). # + # @since 15.5 + # # @return [Boolean] # def insserv? @@ -60,12 +68,23 @@ module ChefUtils # Returns if redhat's init system is installed (not necessarily the primary init system). # + # @since 15.5 + # # @return [Boolean] # def redhatrcd? file_exist?("/sbin/chkconfig") end + # + # Returns if a particular service exists for a particular service init system. Init systems may be :initd, :upstart, :etc_rcd, :xinetd, and :systemd. Example: service_script_exist?(:systemd, 'ntpd') + # + # @param [Symbol] type The type of init system. :initd, :upstart, :xinetd, :etc_rcd, or :systemd + # @param [String] script The name of the service + # @since 15.5 + # + # @return [Boolean] + # def service_script_exist?(type, script) case type when :initd diff --git a/chef-utils/lib/chef-utils/dsl/train_helpers.rb b/chef-utils/lib/chef-utils/dsl/train_helpers.rb index a36db803f3..9c9dd3402a 100644 --- a/chef-utils/lib/chef-utils/dsl/train_helpers.rb +++ b/chef-utils/lib/chef-utils/dsl/train_helpers.rb @@ -1,5 +1,5 @@ -#-- -# Copyright:: Copyright 2019-2019, Chef Software Inc. +# +# Copyright:: Copyright 2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/chef-utils/lib/chef-utils/dsl/virtualization.rb b/chef-utils/lib/chef-utils/dsl/virtualization.rb new file mode 100644 index 0000000000..c699b7e5c0 --- /dev/null +++ b/chef-utils/lib/chef-utils/dsl/virtualization.rb @@ -0,0 +1,249 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../internal" + +module ChefUtils + module DSL + module Virtualization + include Internal + + # Determine if the current node is a KVM guest. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def kvm?(node = __getnode) + node.dig("virtualization", "system") == "kvm" && node.dig("virtualization", "role") == "guest" + end + + # Determine if the current node is a KVM host. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def kvm_host?(node = __getnode) + node.dig("virtualization", "system") == "kvm" && node.dig("virtualization", "role") == "host" + end + + # Determine if the current node is running in a linux container. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def lxc?(node = __getnode) + node.dig("virtualization", "system") == "lxc" && node.dig("virtualization", "role") == "guest" + end + + # Determine if the current node is a linux container host. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def lxc_host?(node = __getnode) + node.dig("virtualization", "system") == "lxc" && node.dig("virtualization", "role") == "host" + end + + # Determine if the current node is running under Parallels Desktop. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # true if the machine is currently running under Parallels Desktop, false + # otherwise + # + def parallels?(node = __getnode) + node.dig("virtualization", "system") == "parallels" && node.dig("virtualization", "role") == "guest" + end + + # Determine if the current node is a Parallels Desktop host. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # true if the machine is currently running under Parallels Desktop, false + # otherwise + # + def parallels_host?(node = __getnode) + node.dig("virtualization", "system") == "parallels" && node.dig("virtualization", "role") == "host" + end + + # Determine if the current node is a VirtualBox guest. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def vbox?(node = __getnode) + node.dig("virtualization", "system") == "vbox" && node.dig("virtualization", "role") == "guest" + end + + # Determine if the current node is a VirtualBox host. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def vbox_host?(node = __getnode) + node.dig("virtualization", "system") == "vbox" && node.dig("virtualization", "role") == "host" + end + + # chef-sugar backcompat method + alias_method :virtualbox?, :vbox? + + # Determine if the current node is a VMWare guest. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def vmware?(node = __getnode) + node.dig("virtualization", "system") == "vmware" && node.dig("virtualization", "role") == "guest" + end + + # Determine if the current node is VMware host. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def vmware_host?(node = __getnode) + node.dig("virtualization", "system") == "vmware" && node.dig("virtualization", "role") == "host" + end + + # Determine if the current node is an openvz guest. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def openvz?(node = __getnode) + node.dig("virtualization", "system") == "openvz" && node.dig("virtualization", "role") == "guest" + end + + # Determine if the current node is an openvz host. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def openvz_host?(node = __getnode) + node.dig("virtualization", "system") == "openvz" && node.dig("virtualization", "role") == "host" + end + + # Determine if the current node is running under any virutalization environment + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def guest?(node = __getnode) + node.dig("virtualization", "role") == "guest" + end + + # chef-sugar backcompat method + alias_method :virtual?, :guest? + + # Determine if the current node supports running guests under any virtualization environment + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def hypervisor?(node = __getnode) + node.dig("virtualization", "role") == "host" + end + + # Determine if the current node is NOT running under any virtualization environment (bare-metal or hypervisor on metal) + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # + def physical?(node = __getnode) + !virtual?(node) + end + + # Determine if the current node is running as a vagrant guest. + # + # Note that this API is equivalent to just looking for the vagrant user or the + # vagrantup.com domain in the hostname, which is the best API we have. + # + # @param [Chef::Node] node + # @since 15.8 + # + # @return [Boolean] + # true if the machine is currently running vagrant, false + # otherwise + # + def vagrant?(node = __getnode) + vagrant_key?(node) || vagrant_domain?(node) || vagrant_user?(node) + end + + private + + # Check if the +vagrant+ key exists on the +node+ object. This key is no + # longer populated by vagrant, but it is kept around for legacy purposes. + # + # @param (see vagrant?) + # @return (see vagrant?) + # + def vagrant_key?(node = __getnode) + node.key?("vagrant") + end + + # Check if "vagrantup.com" is included in the node's domain. + # + # @param (see vagrant?) + # @return (see vagrant?) + # + def vagrant_domain?(node = __getnode) + node.key?("domain") && !node["domain"].nil? && node["domain"].include?("vagrantup.com") + end + + # Check if the system contains a +vagrant+ user. + # + # @param (see vagrant?) + # @return (see vagrant?) + # + def vagrant_user?(node = __getnode) + !!(Etc.getpwnam("vagrant") rescue nil) + end + + extend self + end + end +end diff --git a/chef-utils/lib/chef-utils/dsl/windows.rb b/chef-utils/lib/chef-utils/dsl/windows.rb new file mode 100644 index 0000000000..e32b0457cf --- /dev/null +++ b/chef-utils/lib/chef-utils/dsl/windows.rb @@ -0,0 +1,85 @@ +# +# Copyright:: Copyright 2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../internal" + +module ChefUtils + module DSL + module Windows + require_relative "../version_string" + + include Internal + + # Determine if the current node is Windows Server Core. + # + # @param [Chef::Node] node the node to check + # @since 15.7 + # + # @return [Boolean] + # + def windows_server_core?(node = __getnode) + node["kernel"]["server_core"] == true + end + + # Determine if the current node is Windows Workstation. + # + # @param [Chef::Node] node the node to check + # @since 15.7 + # + # @return [Boolean] + # + def windows_workstation?(node = __getnode) + node["kernel"]["product_type"] == "Workstation" + end + + # Determine if the current node is Windows Server. + # + # @param [Chef::Node] node the node to check + # @since 15.7 + # + # @return [Boolean] + # + def windows_server?(node = __getnode) + node["kernel"]["product_type"] == "Server" + end + + # Determine the current Windows NT version. The NT version often differs from the marketing version, but offers a good way to find desktop and server releases that are based on the same codebase. IE: NT 6.3 is Windows 8.1 and Windows 2012 R2. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [ChefUtils::VersionString] + # + def windows_nt_version(node = __getnode) + ChefUtils::VersionString.new(node["os_version"]) + end + + # Determine the installed version of PowerShell. + # + # @param [Chef::Node] node the node to check + # @since 15.8 + # + # @return [ChefUtils::VersionString] + # + def powershell_version(node = __getnode) + ChefUtils::VersionString.new(node["languages"]["powershell"]["version"]) + end + + extend self + end + end +end diff --git a/chef-utils/lib/chef-utils/version.rb b/chef-utils/lib/chef-utils/version.rb index b1ca797703..bd55bb3ef9 100644 --- a/chef-utils/lib/chef-utils/version.rb +++ b/chef-utils/lib/chef-utils/version.rb @@ -15,5 +15,5 @@ module ChefUtils CHEFUTILS_ROOT = File.expand_path("../..", __FILE__) - VERSION = "15.5.9".freeze + VERSION = "16.0.143".freeze end diff --git a/chef-utils/lib/chef-utils/version_string.rb b/chef-utils/lib/chef-utils/version_string.rb new file mode 100644 index 0000000000..e0888b346e --- /dev/null +++ b/chef-utils/lib/chef-utils/version_string.rb @@ -0,0 +1,159 @@ +# Copyright:: Copyright 2017, Noah Kantrowitz +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +module ChefUtils + # String-like object for version strings. + # + # @since 13.2 + # @api internal + class VersionString < String + # Parsed version object for the string. + # @return [Gem::Version] + attr_reader :parsed_version + + # Create a new VersionString from an input String. + # + # @param val [String] Version string to parse. + def initialize(val) + val = "" unless val + super(val) + begin + @parsed_version = ::Gem::Version.create(self) + rescue ArgumentError + @parsed_version = nil + end + end + + # @!group Compat wrappers for String + + # Compat wrapper for + to behave like a normal String. + # + # @param other [String] + # @return [String] + def +(other) + to_s + other + end + + # Compat wrapper for * to behave like a normal String. + # + # @param other [Integer] + # @return [String] + def *(other) + to_s * other + end + + # @!group Comparison operators + + # Compare a VersionString to an object. If compared to another VersionString + # then sort like `Gem::Version`, otherwise try to treat the other object as + # a version but fall back to normal string comparison. + # + # @param other [Object] + # @return [Integer] + def <=>(other) + other_ver = case other + when VersionString + other.parsed_version + else + begin + Gem::Version.create(other.to_s) + rescue ArgumentError + # Comparing to a string that isn't a version. + return super + end + end + parsed_version <=> other_ver + end + + # Compat wrapper for == based on <=>. + # + # @param other [Object] + # @return [Boolean] + def ==(other) + (self <=> other) == 0 + end + + # Compat wrapper for != based on <=>. + # + # @param other [Object] + # @return [Boolean] + def !=(other) + (self <=> other) != 0 + end + + # Compat wrapper for < based on <=>. + # + # @param other [Object] + # @return [Boolean] + def <(other) + (self <=> other) < 0 + end + + # Compat wrapper for <= based on <=>. + # + # @param other [Object] + # @return [Boolean] + def <=(other) + (self <=> other) < 1 + end + + # Compat wrapper for > based on <=>. + # + # @param other [Object] + # @return [Boolean] + def >(other) + (self <=> other) > 0 + end + + # Compat wrapper for >= based on <=>. + # + # @param other [Object] + # @return [Boolean] + def >=(other) + (self <=> other) > -1 + end + + # @!group Matching operators + + # Matching operator to support checking against a requirement string. + # + # @param other [Regexp, String] + # @return [Boolean] + # @example Match against a Regexp + # ChefUtils::VersionString.new('1.0.0') =~ /^1/ + # @example Match against a requirement + # ChefUtils::VersionString.new('1.0.0') =~ '~> 1.0' + def =~(other) + case other + when Regexp + super + else + begin + Gem::Requirement.create(other) =~ parsed_version + rescue ArgumentError + # one side of the comparison wasn't parseable + super + end + end + end + + # Back-compat API for chef-sugar. The other APIs are preferable. + # + # @api private + def satisfies?(*constraints) + Gem::Requirement.new(*constraints).satisfied_by?(@parsed_version) + end + end +end diff --git a/chef-utils/spec/spec_helper.rb b/chef-utils/spec/spec_helper.rb index 20d49fd766..a44377336e 100644 --- a/chef-utils/spec/spec_helper.rb +++ b/chef-utils/spec/spec_helper.rb @@ -3,20 +3,26 @@ require "chef-utils" # FIXME: dynamically generate this for accuracy HELPER_MODULES = [ ChefUtils::DSL::Architecture, + ChefUtils::DSL::Cloud, ChefUtils::DSL::Introspection, ChefUtils::DSL::OS, ChefUtils::DSL::PathSanity, ChefUtils::DSL::Platform, ChefUtils::DSL::PlatformFamily, ChefUtils::DSL::Service, + ChefUtils::DSL::Virtualization, ChefUtils::DSL::Which, + ChefUtils::DSL::Windows, ].freeze ARCH_HELPERS = (ChefUtils::DSL::Architecture.methods - Module.methods).freeze +CLOUD_HELPERS = (ChefUtils::DSL::Cloud.methods - Module.methods).freeze +INTROSPECTION_HELPERS = (ChefUtils::DSL::Introspection.methods - Module.methods).freeze OS_HELPERS = (ChefUtils::DSL::OS.methods - Module.methods).freeze -PLATFORM_HELPERS = (ChefUtils::DSL::Platform.methods - Module.methods).freeze PLATFORM_FAMILY_HELPERS = (ChefUtils::DSL::PlatformFamily.methods - Module.methods).freeze -INTROSPECTION_HELPERS = (ChefUtils::DSL::Introspection.methods - Module.methods).freeze +PLATFORM_HELPERS = (ChefUtils::DSL::Platform.methods - Module.methods).freeze +VIRTUALIZATION_HELPERS = (ChefUtils::DSL::Virtualization.methods - Module.methods).freeze +WINDOWS_HELPERS = (ChefUtils::DSL::Windows.methods - Module.methods).freeze # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration RSpec.configure do |config| diff --git a/chef-utils/spec/unit/dsl/cloud_spec.rb b/chef-utils/spec/unit/dsl/cloud_spec.rb new file mode 100644 index 0000000000..ebf24c7818 --- /dev/null +++ b/chef-utils/spec/unit/dsl/cloud_spec.rb @@ -0,0 +1,82 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" +require "fauxhai" + +def cloud_reports_true_for(*args, node:) + args.each do |method| + it "reports true for #{method}" do + expect(described_class.send(method, node)).to be true + end + end + (CLOUD_HELPERS - args).each do |method| + it "reports false for #{method}" do + expect(described_class.send(method, node)).to be false + end + end +end + +RSpec.describe ChefUtils::DSL::Cloud do + ( HELPER_MODULES - [ described_class ] ).each do |klass| + it "does not have methods that collide with #{klass}" do + expect((klass.methods - Module.methods) & CLOUD_HELPERS).to be_empty + end + end + + CLOUD_HELPERS.each do |helper| + it "has the #{helper} in the ChefUtils module" do + expect(ChefUtils).to respond_to(helper) + end + end + + context "on ec2" do + cloud_reports_true_for(:cloud?, :ec2?, node: { "ec2" => {}, "cloud" => {} }) + end + + context "on gce" do + cloud_reports_true_for(:cloud?, :gce?, node: { "gce" => {}, "cloud" => {} }) + end + + context "on rackspace" do + cloud_reports_true_for(:cloud?, :rackspace?, node: { "rackspace" => {}, "cloud" => {} }) + end + + context "on eucalyptus" do + cloud_reports_true_for(:cloud?, :eucalyptus?, :euca?, node: { "eucalyptus" => {}, "cloud" => {} }) + end + + context "on linode" do + cloud_reports_true_for(:cloud?, :linode?, node: { "linode" => {}, "cloud" => {} }) + end + + context "on openstack" do + cloud_reports_true_for(:cloud?, :openstack?, node: { "openstack" => {}, "cloud" => {} }) + end + + context "on azure" do + cloud_reports_true_for(:cloud?, :azure?, node: { "azure" => {}, "cloud" => {} }) + end + + context "on digital_ocean" do + cloud_reports_true_for(:cloud?, :digital_ocean?, :digitalocean?, node: { "digital_ocean" => {}, "cloud" => {} }) + end + + context "on softlayer" do + cloud_reports_true_for(:cloud?, :softlayer?, node: { "softlayer" => {}, "cloud" => {} }) + end +end diff --git a/chef-utils/spec/unit/dsl/introspection_spec.rb b/chef-utils/spec/unit/dsl/introspection_spec.rb index d45a3c6000..8457f06630 100644 --- a/chef-utils/spec/unit/dsl/introspection_spec.rb +++ b/chef-utils/spec/unit/dsl/introspection_spec.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018-2019, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -165,4 +165,23 @@ RSpec.describe ChefUtils::DSL::Introspection do end end end + + context "#include_recipe?" do + it "is true when the recipe has been seen by the node" do + expect(node).to receive(:recipe?).with("myrecipe").and_return(true) + expect(ChefUtils.include_recipe?("myrecipe", node)).to be true + end + it "is false when the recipe has not been seen by the node" do + expect(node).to receive(:recipe?).with("myrecipe").and_return(false) + expect(ChefUtils.include_recipe?("myrecipe", node)).to be false + end + it "the alias is true when the recipe has been seen by the node" do + expect(node).to receive(:recipe?).with("myrecipe").and_return(true) + expect(ChefUtils.includes_recipe?("myrecipe", node)).to be true + end + it "the alias is false when the recipe has not been seen by the node" do + expect(node).to receive(:recipe?).with("myrecipe").and_return(false) + expect(ChefUtils.includes_recipe?("myrecipe", node)).to be false + end + end end diff --git a/chef-utils/spec/unit/dsl/virtualization_spec.rb b/chef-utils/spec/unit/dsl/virtualization_spec.rb new file mode 100644 index 0000000000..84daa9e162 --- /dev/null +++ b/chef-utils/spec/unit/dsl/virtualization_spec.rb @@ -0,0 +1,74 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" +require "fauxhai" + +def virtualization_reports_true_for(*args, node:) + args.each do |method| + it "reports true for #{method}" do + expect(described_class.send(method, node)).to be true + end + end + (VIRTUALIZATION_HELPERS - args).each do |method| + it "reports false for #{method}" do + expect(described_class.send(method, node)).to be false + end + end +end + +RSpec.describe ChefUtils::DSL::Virtualization do + ( HELPER_MODULES - [ described_class ] ).each do |klass| + it "does not have methods that collide with #{klass}" do + expect((klass.methods - Module.methods) & VIRTUALIZATION_HELPERS).to be_empty + end + end + + VIRTUALIZATION_HELPERS.each do |helper| + it "has the #{helper} in the ChefUtils module" do + expect(ChefUtils).to respond_to(helper) + end + end + + context "on kvm" do + virtualization_reports_true_for(:guest?, :virtual?, :kvm?, node: { "virtualization" => { "system" => "kvm", "role" => "guest" } }) + virtualization_reports_true_for(:hypervisor?, :physical?, :kvm_host?, node: { "virtualization" => { "system" => "kvm", "role" => "host" } }) + end + context "on lxc" do + virtualization_reports_true_for(:guest?, :virtual?, :lxc?, node: { "virtualization" => { "system" => "lxc", "role" => "guest" } }) + virtualization_reports_true_for(:hypervisor?, :physical?, :lxc_host?, node: { "virtualization" => { "system" => "lxc", "role" => "host" } }) + end + context "on parallels" do + virtualization_reports_true_for(:guest?, :virtual?, :parallels?, node: { "virtualization" => { "system" => "parallels", "role" => "guest" } }) + virtualization_reports_true_for(:hypervisor?, :physical?, :parallels_host?, node: { "virtualization" => { "system" => "parallels", "role" => "host" } }) + end + context "on virtualbox" do + virtualization_reports_true_for(:guest?, :virtual?, :virtualbox?, :vbox?, node: { "virtualization" => { "system" => "vbox", "role" => "guest" } }) + virtualization_reports_true_for(:hypervisor?, :physical?, :vbox_host?, node: { "virtualization" => { "system" => "vbox", "role" => "host" } }) + end + context "on vmware" do + virtualization_reports_true_for(:guest?, :virtual?, :vmware?, node: { "virtualization" => { "system" => "vmware", "role" => "guest" } }) + virtualization_reports_true_for(:hypervisor?, :physical?, :vmware_host?, node: { "virtualization" => { "system" => "vmware", "role" => "host" } }) + end + context "on openvz" do + virtualization_reports_true_for(:guest?, :virtual?, :openvz?, node: { "virtualization" => { "system" => "openvz", "role" => "guest" } }) + virtualization_reports_true_for(:hypervisor?, :physical?, :openvz_host?, node: { "virtualization" => { "system" => "openvz", "role" => "host" } }) + end + context "on metal which is not a virt host" do + virtualization_reports_true_for(:physical?, node: {} ) + end +end diff --git a/chef-utils/spec/unit/dsl/windows_spec.rb b/chef-utils/spec/unit/dsl/windows_spec.rb new file mode 100644 index 0000000000..08ddb9c118 --- /dev/null +++ b/chef-utils/spec/unit/dsl/windows_spec.rb @@ -0,0 +1,83 @@ +# +# Copyright:: Copyright 2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +WINDOWS_BOOL_HELPERS = %i{windows_server_core? windows_server? windows_workstation?}.freeze + +def windows_reports_true_for(*args) + args.each do |method| + it "reports true for #{method}" do + expect(described_class.send(method, node)).to be true + end + end + (WINDOWS_BOOL_HELPERS - args).each do |method| + it "reports false for #{method}" do + expect(described_class.send(method, node)).to be false + end + end +end + +RSpec.describe ChefUtils::DSL::Windows do + ( HELPER_MODULES - [ described_class ] ).each do |klass| + it "does not have methods that collide with #{klass}" do + expect((klass.methods - Module.methods) & WINDOWS_HELPERS).to be_empty + end + end + + WINDOWS_HELPERS.each do |helper| + it "has the #{helper} in the ChefUtils module" do + expect(ChefUtils).to respond_to(helper) + end + end + + context "windows boolean helpers" do + context "on Windows Server Core" do + let(:node) { { "kernel" => { "server_core" => true } } } + + windows_reports_true_for(:windows_server_core?) + end + + context "on Windows Workstation" do + let(:node) { { "kernel" => { "product_type" => "Workstation" } } } + + windows_reports_true_for(:windows_workstation?) + end + + context "on Windows Server" do + let(:node) { { "kernel" => { "product_type" => "Server" } } } + + windows_reports_true_for(:windows_server?) + end + end + + context "#windows_nt_version on Windows Server 2012 R2" do + let(:node) { { "os_version" => "6.3.9600" } } + it "it returns a ChefUtils::VersionString object with 6.3.9600" do + expect(described_class.send(:windows_nt_version, node)).to eq "6.3.9600" + expect(described_class.send(:windows_nt_version, node)).to be_a_kind_of ChefUtils::VersionString + end + end + + context "#powershell_version on Windows Server 2012 R2" do + let(:node) { { "languages" => { "powershell" => { "version" => "4.0" } } } } + it "it returns a ChefUtils::VersionString object with 4.0" do + expect(described_class.send(:powershell_version, node)).to eq "4.0" + expect(described_class.send(:powershell_version, node)).to be_a_kind_of ChefUtils::VersionString + end + end +end diff --git a/chef.gemspec b/chef.gemspec index b5c9d2e71c..427a2cfece 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -13,7 +13,7 @@ Gem::Specification.new do |s| s.email = "adam@chef.io" s.homepage = "https://www.chef.io" - s.required_ruby_version = ">= 2.5.0" + s.required_ruby_version = ">= 2.6.0" s.add_dependency "chef-config", "= #{Chef::VERSION}" s.add_dependency "chef-utils", "= #{Chef::VERSION}" @@ -26,7 +26,7 @@ Gem::Specification.new do |s| s.add_dependency "mixlib-authentication", ">= 2.1", "< 4" s.add_dependency "mixlib-shellout", ">= 3.0.3", "< 4.0" s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0" - s.add_dependency "ohai", "~> 15.0" + s.add_dependency "ohai", "~> 16.0" s.add_dependency "ffi", "~> 1.9", ">= 1.9.25" s.add_dependency "ffi-yajl", "~> 2.2" @@ -37,10 +37,12 @@ Gem::Specification.new do |s| s.add_dependency "bcrypt_pbkdf", "~> 1.0" # ed25519 ssh key support s.add_dependency "highline", ">= 1.6.9", "< 2" s.add_dependency "tty-screen", "~> 0.6" # knife list + s.add_dependency "pastel" # knife ui.color s.add_dependency "erubis", "~> 2.7" s.add_dependency "diff-lcs", "~> 1.2", ">= 1.2.4" s.add_dependency "ffi-libarchive" s.add_dependency "chef-zero", ">= 14.0.11" + s.add_dependency "chef-vault" s.add_dependency "plist", "~> 3.2" s.add_dependency "iniparse", "~> 1.4" @@ -58,5 +60,8 @@ Gem::Specification.new do |s| s.executables = %w{ knife } s.require_paths = %w{ lib } - s.files = %w{Gemfile Rakefile LICENSE README.md} + Dir.glob("{lib,tasks,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) } + Dir.glob("*.gemspec") + s.files = %w{Gemfile Rakefile LICENSE README.md} + + Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) } + + Dir.glob("*.gemspec") + + Dir.glob("tasks/rspec.rb") end diff --git a/distro/powershell/chef/chef.psm1 b/distro/templates/powershell/chef/chef.psm1.erb index 05fee05e5e..652dec04f6 100644 --- a/distro/powershell/chef/chef.psm1 +++ b/distro/templates/powershell/chef/chef.psm1.erb @@ -412,40 +412,40 @@ function Run-RubyCommand($command, $argList) { } -function chef-apply { - Run-RubyCommand 'chef-apply' $args +function <%= Chef::Dist::APPLY %> { + Run-RubyCommand '<%= Chef::Dist::APPLY %>' $args } -function chef-client { - Run-RubyCommand 'chef-client' $args +function <%= Chef::Dist::CLIENT %> { + Run-RubyCommand '<%= Chef::Dist::CLIENT %>' $args } -function chef-service-manager { - Run-RubyCommand 'chef-service-manager' $args +function <%= Chef::Dist::EXEC %>-service-manager { + Run-RubyCommand '<%= Chef::Dist::EXEC %>-service-manager' $args } -function chef-shell { - Run-RubyCommand 'chef-shell' $args +function <%= Chef::Dist::SHELL %> { + Run-RubyCommand '<%= Chef::Dist::SHELL %>' $args } -function chef-solo { - Run-RubyCommand 'chef-solo' $args +function <%= Chef::Dist::SOLOEXEC %> { + Run-RubyCommand '<%= Chef::Dist::SOLOEXEC %>' $args } -function chef-windows-service { - Run-RubyCommand 'chef-windows-service' $args +function <%= Chef::Dist::EXEC %>-windows-service { + Run-RubyCommand '<%= Chef::Dist::EXEC %>-windows-service' $args } function knife { Run-RubyCommand 'knife' $args } -Export-ModuleMember -function chef-apply -Export-ModuleMember -function chef-client -Export-ModuleMember -function chef-service-manager -Export-ModuleMember -function chef-shell -Export-ModuleMember -function chef-solo -Export-ModuleMember -function chef-windows-service +Export-ModuleMember -function <%= Chef::Dist::APPLY %> +Export-ModuleMember -function <%= Chef::Dist::CLIENT %> +Export-ModuleMember -function <%= Chef::Dist::EXEC %>-service-manager +Export-ModuleMember -function <%= Chef::Dist::SHELL %> +Export-ModuleMember -function <%= Chef::Dist::SOLOEXEC %> +Export-ModuleMember -function <%= Chef::Dist::EXEC %>-windows-service Export-ModuleMember -function knife # To debug this module, uncomment the line below diff --git a/docs/dev/README.md b/docs/dev/README.md index c3cbd6176d..20a756b1f4 100644 --- a/docs/dev/README.md +++ b/docs/dev/README.md @@ -2,7 +2,7 @@ This directory contains a collection of useful how-to guides for both new and seasoned Chef contributors. There are many guides explaining how to build, test, and contribute to Chef Infra, as well as documents describing how the many subsystems function. -A good first start is our [How Chef Infra Is Built](./design_documents/how_chef_is_tested_and_built.md) and [Chef Infra Release and Support Schedule](./policy/release_and_support_schedule.md.md) +A good first start is our [How Chef Infra Is Built](./design_documents/how_chef_is_tested_and_built.md) and [Chef Infra Release and Support Schedule](./policy/release_and_support_schedule.md) ## How-To Guides diff --git a/docs/dev/design_documents/how_chef_is_tested_and_built.md b/docs/dev/design_documents/how_chef_is_tested_and_built.md index 06307ee366..fda2ac6156 100644 --- a/docs/dev/design_documents/how_chef_is_tested_and_built.md +++ b/docs/dev/design_documents/how_chef_is_tested_and_built.md @@ -12,15 +12,15 @@ We can't just merge any old change, so we run various checks against your submit - **Expeditor Config**: At Chef, we use an internal tool named Expeditor to manage our overall release process, including bumping chef versions, adding changelog entries, kicking off CI/CD jobs, and promoting artifacts. It's important that we don't break this critical component of our release process, so each PR will be checked by Expeditor to make sure the config is valid. If anything doesn't pass, Expeditor will link you to remediation steps in the Expeditor docs. - **DCO sign-off**: Our Expeditor tool will check to make sure that every commit in your pull request has been signed off for the Developer Certificate of Origin (DCO). This gives us added legal protection above the Apache-2.0 license that we need to accept your contribution. Without this sign-off, we are unable to merge a PR. - **Buildkite**: Buildkite is where we run the majority of our publicly available tests. Buildkite allows us to run tests in our own infrastructure while exposing the results to community members. We run 18 separate tests against each submitted PR. This includes the following tests: - - Unit, functional, and integration tests on all supported Ruby releases. These run on Ubuntu, CentOS and openSUSE so we can make sure our functional / integration tests run on the platforms where user's consume Chef Infra. + - Unit, functional, and integration tests on all supported Ruby releases. These run on Ubuntu, CentOS and openSUSE so we can make sure our functional / integration tests run on the platforms where users consume Chef Infra. - Chefstyle Ruby linting - Unit tests from chef-sugar, chef-zero, cheffish, chefspec, and knife-windows against the chef code in your PR - - Full Test Kitchen integration tests that covers common Chef usage on various different Linux Distros. Those integration tests run using the kitchen-dokken plugin and the dokken-images Docker containers, which do their best to replicate a real Linux system. You can see the exactly what we test here: https://github.com/chef/chef/blob/master/kitchen-tests/cookbooks/end_to_end/recipes/default.rb + - Full Test Kitchen integration tests that covers common Chef usage on various different Linux Distros. Those integration tests run using the kitchen-dokken plugin and the dokken-images Docker containers, which do their best to replicate a real Linux system. You can see exactly what we test here: https://github.com/chef/chef/blob/master/kitchen-tests/cookbooks/end_to_end/recipes/default.rb - **Appveyor**: Buildkite does a great job of testing PRs against Linux hosts, but many rspec tests require a Windows system to run, and for this, we test in Appveyor. In Appveyor, we run our unit, integration, and functional specs against our supported Ruby releases, but this time, we do it on Windows. ## PR is Reviewed and Merged -Once your pull request passes the above tests, it will need to be reviewed by at least two members of the Chef Infra project owners, approvers, or reviewers groups. For a list of owners, approvers, and reviewers, see https://github.com/chef/chef-oss-practices/blob/master/projects/chef-infra.md. GitHub will automatically assign these groups as reviewers. Reviews will happen adhoc as members in those groups have time, or during our weekly issue triage. Check the above team doc link for information on when that review takes place. +Once your pull request passes the above tests, it will need to be reviewed by at least two members of the Chef Infra project owners, approvers, or reviewers groups. For a list of owners, approvers, and reviewers, see https://github.com/chef/chef-oss-practices/blob/master/projects/chef-infra.md. GitHub will automatically assign these groups as reviewers. Reviews will happen ad hoc as members in those groups have time, or during our weekly issue triage. Check the above team doc link for information on when that review takes place. Your PR will be reviewed for Chef and Ruby correctness, overall design, and likelihood of impact on the community. We do our best to make sure all the changes made to Chef are high quality and easy to maintain going forward, while also having the lowest chance of negatively impacting our end users. If your PR meets that criteria, we'll merge the change into our master branch. @@ -30,10 +30,10 @@ Every commit that we merge into Chef Infra should be ready to release. In order ## Buildkite Build / Test Pipeline -Once the version has been incremented, Expeditor will begin a build matrix in our internal Buildkite pipeline. In Buiildkitie, we build omnibus-based system packages of Chef Infra for multiple platforms, distros, and architectures. Each of the platforms we build are those which will eventually be available on our downloads site if this build is successful and later promoted. Upon completion, builds are promoted to the `unstable` channel and are available to any system supporting our Omnitruck API (Test Kitchen, mixlib-install, etc). +Once the version has been incremented, Expeditor will begin a build matrix in our internal Buildkite pipeline. In Buildkite, we build omnibus-based system packages of Chef Infra for multiple platforms, distros, and architectures. Each of the platforms we build are those which will eventually be available on our downloads site if this build is successful and later promoted. Upon completion, builds are promoted to the `unstable` channel and are available to any system supporting our Omnitruck API (Test Kitchen, mixlib-install, etc). -Once the builds complete, Buildkite will move to the test phase where each of these builds will be verified on all the platforms that Chef officially supports. For many build artifacts, this means the artifact tests on multiple versions of the same platform. For example, Chef is built on Windows 2012 R2, yet tests are run on 2008, 2012, 2012 R2, and 2016 to ensure full compatibility. In total, this phase includes nearly three dozen test nodes. Assuming all tests pass, the build will be promoted to the `current` channel, which is available on the downloads site, in addition to being available via the Omnitruck API. +Once the builds complete, Buildkite will move to the test phase where each of these builds will be verified on all the platforms that Chef officially supports. For many build artifacts, this means the artifact tests on multiple versions of the same platform. For example, Chef is built on Windows 2012 R2, yet tests are run on 2012, 2012 R2, and 2016 to ensure full compatibility. In total, this phase includes nearly three dozen test nodes. Assuming all tests pass, the build will be promoted to the `current` channel, which is available on the downloads site, in addition to being available via the Omnitruck API. ## Releasing Chef -Once a build has been blessed by our Buildkite gauntlet and everyone has agreed that we are ready to release, an artifact can be promoted from current to stable channels. For the complete release process see [Releasing Chef Infra Client](../how_to/releasing_chef_infra.md) +Once a build has been blessed by our Buildkite gauntlet and everyone has agreed that we are ready to release, an artifact can be promoted from current to stable channels. For the complete release process see [Releasing Chef Infra Client](../how_to/releasing_chef_infra.md). diff --git a/docs/dev/design_documents/resource_guard_interpreters.md b/docs/dev/design_documents/resource_guard_interpreters.md index d7cf9f244a..7f4c2fb9b6 100755 --- a/docs/dev/design_documents/resource_guard_interpreters.md +++ b/docs/dev/design_documents/resource_guard_interpreters.md @@ -45,8 +45,9 @@ the following use cases: processes ## Definitions + This document assumes familiarity with the Chef resource DSL, which is -documented at <http://docs.chef.io/chef/resources.html>. +documented at <https://docs.chef.io/dsl_recipe/>. These definitions are used throughout the discussion: @@ -217,7 +218,7 @@ end ## Guard interpreter formal specification The documented behavior for guards can be found at -<http://docs.chef.io/resource_common.html>. Guards are expressed via the optional +<https://docs.chef.io/resource_common/>. Guards are expressed via the optional `not_if` and `only_if` attributes. The expression following the attribute may be either a block or a string. diff --git a/docs/dev/how_to/building_and_installing.md b/docs/dev/how_to/building_and_installing.md index e613de459a..2a40bb0e54 100644 --- a/docs/dev/how_to/building_and_installing.md +++ b/docs/dev/how_to/building_and_installing.md @@ -1,8 +1,9 @@ # Building and Installing Chef Infra can be built and installed in two distinct ways: - - A gem built from this repository and installed into your own Ruby installation - - A system native package containing its own Ruby built using our Omnibus packaging system + +- A gem built from this repository and installed into your own Ruby installation +- A system native package containing its own Ruby built using our Omnibus packaging system **NOTE:** As an end user, please download the [Chef Infra package](https://downloads.chef.io/chef) for managing systems, or the [Chef Workstation package](https://downloads.chef.io/chef-workstation) for authoring Chef cookbooks and administering your Chef infrastructure. @@ -14,7 +15,7 @@ We do not recommend for end users to install Chef from gems or build from source - git - C compiler, header files, etc. -- Ruby 2.5 or later +- Ruby 2.6 or later - Bundler gem **NOTE:** Chef supports a large number of platforms, and there are many different ways to manage Ruby installs on each of those platforms. We assume you will install Ruby in a way appropriate for your development platform, but do not provide instructions for setting up Ruby. diff --git a/docs/dev/how_to/bumping_minor_or_major_versions.md b/docs/dev/how_to/bumping_minor_or_major_versions.md index ebcf4e4695..79cfa9075e 100644 --- a/docs/dev/how_to/bumping_minor_or_major_versions.md +++ b/docs/dev/how_to/bumping_minor_or_major_versions.md @@ -2,14 +2,15 @@ ## When to Bump Versions - After performing the monthly minor release of Chef, we should wait several days, and then bump the version for the next month's release. Why wait? We don't want to bump the version until we are sure we do not need to perform an emergency release for a regression. Once we're fairly confident we won't be performing a regression release, we want all new builds for the current channel to have the next month's version. This makes it very clear what version of Chef users are testing within the current channel. Bumping for the yearly major release is a bit different. We can bump for the new major release once we create a stable branch for the current major version number. Once this branch and version bump occurs, all development on master will be for the upcoming major release, and anything going into the stable release will need to be backported. See [Branching and Backporting](branching_and_backporting.md) for more information on how we branch and backport to stable. +See [Bumping The Major Version](bumping_the_major_version.md) for the major version bump process. + ### How to Bump Chef's Expeditor tool includes functionality to bump the minor or major version of the product. By using Expeditor to bump versions, we can perform a bump without directly editing the version files. A version bump is performed when a PR is merged with either of these two labels applied: - - Expeditor: Bump Version Minor - - Expeditor: Bump Version Major +- Expeditor: Bump Version Minor +- Expeditor: Bump Version Major diff --git a/docs/dev/how_to/bumping_the_major_version.md b/docs/dev/how_to/bumping_the_major_version.md new file mode 100644 index 0000000000..f9db9e525e --- /dev/null +++ b/docs/dev/how_to/bumping_the_major_version.md @@ -0,0 +1,51 @@ +# Bumping Major Version Number + +This document outlines the process for bumping the major version of Chef Infra Client for the yearly release. + +## Preparing Ohai + +Chef consumes Ohai from GitHub as both a runtime dependency and a testing dependency for Test Kitchen validations in Buildkite. Ohai's version is tightly coupled to that of Chef Infra Client so the first step in bumping the major release in the chef/chef repo is to bump the major version of Ohai. + +### Create a new stable branch of Ohai + +On your local machine fork the current master branch to a new stable branch. For example: `git checkout -b 15-stable`. You’ll then want to edit the Expeditor config.yml file to update the branch configs like this: + +https://github.com/chef/ohai/commit/ad208165619425dd7886b2de3f168b49ded25146 + +With the expeditor config complete push the branch `git push --set-upstream origin 15-stable` + +### Bump Ohai master to the new major version + +Create a PR which: + +- Edits the `VERSION` file in the root of the repository to the new major release +- Updates the `chef-config` dependency to allow for the new major release of Chef Infra in `ohai.gemspec` + +## Fork Chef master to a stable branch + +Before bumping the major version of Chef Infra we want to fork off the current master to a new stable branch, which will be used to build hotfix releases. We support the N-1 version of Chef Infra Client for a year after the release of a new major version. For example Chef Infra Client 16 was released in April 2020, at which point Chef Infra Client 15 became the N-1 release. Chef Infra Client 15 will then be maintained with critical bug and security fixes until April 2021. + +On your local machine fork the current master branch to a new stable branch. For example: `git checkout -b chef-15` and `git push --set-upstream origin chef-15`, which can then be pushed up to GitHub. + +### Create a branch to fixup your new stable branch for release + +Once you’ve forked to a new stable branch such as `chef-15` you’ll want to create a new branch so you can build a PR, which will get this branch ready for release: + +- In ./expeditor/config.yml add the version_constraint for the new branch, update the version_constrant for master to match the new major version, and remove all the update_dep.sh subscriptions which don’t work against stable branches. +- In readme.md update the buildkite badge to point to the new stable branch image and link instead of pointing to master. +- In kitchen-tests/Gemfile update the Ohai branch to point to the new Ohai stable +- In kitchen-tests/kitchen.yml update chef_version to be your new stable version and not current. Ex: 15 +- In tasks/bin/run_external_test update the ohai branch to point to your new stable ohai branch +- In Gemfile set ohai to pull from the ohai stable branch +- Run `rake dependencies:update` + +Example PR for Chef 15: https://github.com/chef/chef/pull/9236 + +## Bump master for the new major release + +Create a PR that performs the following: + +- Update the version in the VERSION file +- Update chef.gemspec to point to the new ohai major release +- Update .expeditor/config.yml to include the new version_constraints you setup on your stable branch and an updated project alias +- run `rake dependencies:update` diff --git a/docs/dev/how_to/releasing_chef_infra.md b/docs/dev/how_to/releasing_chef_infra.md index 8ff2165351..68070c420b 100644 --- a/docs/dev/how_to/releasing_chef_infra.md +++ b/docs/dev/how_to/releasing_chef_infra.md @@ -58,6 +58,7 @@ Many of our users consume Chef via Homebrew using our casks. Expeditor will crea Many Windows users consume our packages via Chocolatey. Make sure to update the various version strings and sha checksums here: https://github.com/chef/chocolatey-packages Once this is updated, you'll need to build / push the artifact to the Chocolatey site from a Windows host: + 1. `choco pack .\chef-client\chef-client.nuspec` 2. `choco push .\chef-client.15.1.9.nupkg --key API_KEY_HERE` diff --git a/docs/dev/how_to/updating_chef12.md b/docs/dev/how_to/upgrading_from_chef_12.md index d71255efe4..50dccaad2d 100644 --- a/docs/dev/how_to/updating_chef12.md +++ b/docs/dev/how_to/upgrading_from_chef_12.md @@ -6,9 +6,9 @@ title: Upgrading From Chef 12 This is not a general guide on how to upgrade from Chef Infra 12. There already exists documentation on: -* [How to upgrade from the command line](https://docs.chef.io/upgrade_client.html) +* [How to upgrade from the command line](https://docs.chef.io/upgrade_client/) * [How to use the `chef_client_updater` cookbook](https://supermarket.chef.io/cookbooks/chef_client_updater) -* [All of the possible Deprecations and remediation steps](https://docs.chef.io/chef_deprecations_client.html) +* [All of the possible Deprecations and remediation steps](https://docs.chef.io/chef_deprecations_client/) This is strictly expert-level documentation on what the large scale focus should be and what kind of otherwise undocumented gotchas can occur. @@ -237,4 +237,3 @@ to retroactively change behavior or add any warnings. It is not a common issue. preferable since it asserts that the once the configuration for the service is updated that the service is restarted by the delayed action which occurs at the end of the custom resource's action and then future recipes can rely on the service being in a correctly running state. - diff --git a/ext/win32-eventlog/Rakefile b/ext/win32-eventlog/Rakefile index 6f59f096a3..2cf1a40896 100644 --- a/ext/win32-eventlog/Rakefile +++ b/ext/win32-eventlog/Rakefile @@ -2,7 +2,7 @@ require "rubygems" require "rake" require "mkmf" require "erb" -require "chef/dist" +require_relative "../../lib/chef/dist" desc "Building event log dll" @@ -51,7 +51,7 @@ task register: EVT_SHARED_OBJECT do begin Win32::EventLog.add_event_source( source: "Application", - key_name: Chef::Dist::PRODUCT, + key_name: Chef::Dist::SHORT, event_message_file: dll_file, category_message_file: dll_file ) diff --git a/habitat/default.toml b/habitat/default.toml index 2bea08934b..3b002f1499 100644 --- a/habitat/default.toml +++ b/habitat/default.toml @@ -3,7 +3,7 @@ run_list = "" local_mode = true -# Positive License Acceptance. See https://docs.chef.io/chef_license_accept.html +# Positive License Acceptance. See https://docs.chef.io/chef_license_accept/ chef_license = "donotaccept" # Path to the chef client config on disk. If blank, will default to the one built by habitat. @@ -27,7 +27,7 @@ minimal_ohai = false # The name of the node. Determines which configuration should be applied and sets the client_name, # which is the name used when authenticating to a Chef server. The default value is the FQDN of the chef-client, # as detected by Ohai. In general, Chef recommends that you leave this setting blank and let Ohai -# assign the FQDN of the node as the node_name during each chef-clientrun. +# assign the FQDN of the node as the node_name during each chef-client run. node_name = "" # The name of the environment diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/alternatives.rb b/kitchen-tests/cookbooks/end_to_end/recipes/alternatives.rb new file mode 100644 index 0000000000..8e0a0bb178 --- /dev/null +++ b/kitchen-tests/cookbooks/end_to_end/recipes/alternatives.rb @@ -0,0 +1,51 @@ +# +# Cookbook:: end_to_end +# Recipe:: alternatives +# + +file "/usr/local/sample-binary-1" do + content '#!/bin/bash + echo sample-binary-v1 + ' + mode "500" +end + +file "/usr/local/sample-binary-2" do + content '#!/bin/bash + echo sample-binary-v2 + ' + mode "550" +end + +alternatives "sample-binary v1" do + link_name "sample-binary" + path "/usr/local/sample-binary-1" + priority 100 + action :install +end + +alternatives "sample-binary v2" do + link_name "sample-binary" + path "/usr/local/sample-binary-2" + priority 101 + action :install +end + +alternatives "set sample-binary v1" do + link_name "sample-binary" + path "/usr/local/sample-binary-1" + action :set +end + +alternatives "sample-binary-test v1" do + link_name "sample-binary-test" + path "/usr/local/sample-binary-1" + priority 100 + action :install +end + +alternatives "sample-binary-test v1" do + link_name "sample-binary-test" + path "/usr/local/sample-binary-1" + action :remove +end diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/chef-vault.rb b/kitchen-tests/cookbooks/end_to_end/recipes/chef-vault.rb new file mode 100644 index 0000000000..4af3c64697 --- /dev/null +++ b/kitchen-tests/cookbooks/end_to_end/recipes/chef-vault.rb @@ -0,0 +1,43 @@ +# +# Cookbook:: end_to_end +# Recipe:: chef-vault +# +# Copyright:: 2020, Chef Software, Inc. +# + +chef_data_bag "creds" + +openssl_rsa_private_key "/root/bob_bobberson.pem" do + key_length 2048 + action :create +end + +chef_client "bob_bobberson" do + source_key_path "/root/bob_bobberson.pem" +end + +chef_node "bob_bobberson" + +chef_vault_secret "super_secret_1" do + data_bag "creds" + raw_data("auth" => "1234") + admins "bob_bobberson" + search "*:*" +end + +chef_vault_secret "super_secret_2" do + data_bag "creds" + raw_data("auth" => "4321") + admins "bob_bobberson" +end + +ruby_block "load vault item" do + block do + begin + chef_vault_item("creds", "super_secret_1") + rescue ChefVault::Exceptions::SecretDecryption + puts "Not authorized for this key!" + end + end + action :run +end diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/default.rb b/kitchen-tests/cookbooks/end_to_end/recipes/default.rb index f49cccd9a5..eeccb9ffd7 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/default.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook:: end_to_end # Recipe:: default # -# Copyright:: 2014-2019, Chef Software, Inc. +# Copyright:: 2014-2020, Chef Software Inc. # hostname "chef-bk-ci.chef.io" @@ -33,10 +33,12 @@ yum_repository "epel" do gpgkey "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node["platform_version"].to_i}" gpgcheck true mirrorlist "https://mirrors.fedoraproject.org/metalink?repo=epel-#{node["platform_version"].to_i}&arch=$basearch" - only_if { platform_family?("rhel") } + only_if { rhel? } end -build_essential +build_essential do + raise_if_unsupported true +end include_recipe "::packages" @@ -50,7 +52,6 @@ users_manage "sysadmin" do end ssh_known_hosts_entry "github.com" -ssh_known_hosts_entry "travis.org" sudo "sysadmins" do group ["sysadmin", "%superadmin"] @@ -116,4 +117,6 @@ end end end +include_recipe "::chef-vault" unless includes_recipe?("end_to_end::chef-vault") +include_recipe "::alternatives" include_recipe "::tests" diff --git a/kitchen-tests/kitchen.yml b/kitchen-tests/kitchen.yml index e5c6869467..8a8e749b84 100644 --- a/kitchen-tests/kitchen.yml +++ b/kitchen-tests/kitchen.yml @@ -12,21 +12,22 @@ provisioner: name: dokken client_rb: diff_disabled: true + always_dump_stacktrace: true chef_license: "accept-no-persist" lifecycle: pre_converge: - remote: echo "Chef container's Chef / Ohai release:" - - remote: /opt/chef/embedded/bin/chef-client -v - - remote: /opt/chef/embedded/bin/ohai -v + - remote: /opt/chef/bin/chef-client -v + - remote: /opt/chef/bin/ohai -v - remote: /opt/chef/embedded/bin/rake --version - remote: /opt/chef/embedded/bin/bundle -v - remote: /opt/chef/embedded/bin/gem install appbundler appbundle-updater --no-doc - remote: /opt/chef/embedded/bin/appbundle-updater chef ohai <%= File.readlines('../Gemfile.lock', File.expand_path(File.dirname(__FILE__))).find { |l| l =~ /^\s+ohai \((\d+\.\d+\.\d+)\)/ }; 'v' + $1 %> --tarball --github chef/ohai - remote: /opt/chef/embedded/bin/appbundle-updater chef chef <%= ENV['BUILDKITE_COMMIT'] || %x(git rev-parse HEAD).chomp %> --tarball --github chef/chef - remote: echo "Installed Chef / Ohai release:" - - remote: /opt/chef/embedded/bin/chef-client -v - - remote: /opt/chef/embedded/bin/ohai -v + - remote: /opt/chef/bin/chef-client -v + - remote: /opt/chef/bin/ohai -v verifier: name: inspec @@ -136,6 +137,13 @@ platforms: intermediate_instructions: - RUN /usr/bin/apt-get update +- name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + - name: opensuse-leap-15 driver: image: dokken/opensuse-leap-15 diff --git a/lib/chef/application.rb b/lib/chef/application.rb index a793a91909..9e92c4e8c6 100644 --- a/lib/chef/application.rb +++ b/lib/chef/application.rb @@ -1,7 +1,7 @@ # # Author:: AJ Christensen (<aj@chef.io>) # Author:: Mark Mzyk (mmzyk@chef.io) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,7 +19,6 @@ require "pp" unless defined?(PP) require "socket" unless defined?(Socket) require_relative "config" -require_relative "config_fetcher" require_relative "exceptions" require_relative "local_mode" require_relative "log" @@ -119,6 +118,7 @@ class Chef # @api private (test injection) def chef_configfetcher + require_relative "config_fetcher" Chef::ConfigFetcher end @@ -343,7 +343,7 @@ class Chef exit 0 end end - logger.trace "Fork successful. Waiting for new chef pid: #{pid}" + logger.trace "Fork successful. Waiting for new #{Chef::Dist::CLIENT} pid: #{pid}" result = Process.waitpid2(pid) handle_child_exit(result) logger.trace "Forked instance successfully reaped (pid: #{pid})" @@ -355,9 +355,9 @@ class Chef return true if status.success? message = if status.signaled? - "Chef run process terminated by signal #{status.termsig} (#{Signal.list.invert[status.termsig]})" + "#{Chef::Dist::PRODUCT} run process terminated by signal #{status.termsig} (#{Signal.list.invert[status.termsig]})" else - "Chef run process exited unsuccessfully (exit code #{status.exitstatus})" + "#{Chef::Dist::PRODUCT} run process exited unsuccessfully (exit code #{status.exitstatus})" end raise Exceptions::ChildConvergeError, message end @@ -389,10 +389,14 @@ class Chef chef_stacktrace_out = "Generated at #{Time.now}\n" chef_stacktrace_out += message - Chef::FileCache.store("chef-stacktrace.out", chef_stacktrace_out) - logger.fatal("Stacktrace dumped to #{Chef::FileCache.load("chef-stacktrace.out", false)}") + Chef::FileCache.store("#{Chef::Dist::SHORT}-stacktrace.out", chef_stacktrace_out) + logger.fatal("Stacktrace dumped to #{Chef::FileCache.load("#{Chef::Dist::SHORT}-stacktrace.out", false)}") logger.fatal("Please provide the contents of the stacktrace.out file if you file a bug report") - logger.debug(message) + if Chef::Config[:always_dump_stacktrace] + logger.fatal(message) + else + logger.debug(message) + end true end diff --git a/lib/chef/application/apply.rb b/lib/chef/application/apply.rb index a5fe2260db..4718e8750b 100644 --- a/lib/chef/application/apply.rb +++ b/lib/chef/application/apply.rb @@ -32,7 +32,7 @@ require "license_acceptance/cli_flags/mixlib_cli" class Chef::Application::Apply < Chef::Application include LicenseAcceptance::CLIFlags::MixlibCLI - banner "Usage: chef-apply [RECIPE_FILE | -e RECIPE_TEXT | -s] [OPTIONS]" + banner "Usage: #{Chef::Dist::APPLY} [RECIPE_FILE | -e RECIPE_TEXT | -s] [OPTIONS]" option :execute, short: "-e RECIPE_TEXT", @@ -76,6 +76,12 @@ class Chef::Application::Apply < Chef::Application description: "Set the log level (trace, debug, info, warn, error, fatal).", proc: lambda { |l| l.to_sym } + option :always_dump_stacktrace, + long: "--[no-]always-dump-stacktrace", + boolean: true, + default: false, + description: "Always dump the stacktrace regardless of the log_level setting." + option :help, short: "-h", long: "--help", @@ -163,7 +169,7 @@ class Chef::Application::Apply < Chef::Application else Chef::RunContext.new(@chef_client.node, {}, @chef_client.events) end - recipe = Chef::Recipe.new("(chef-apply cookbook)", "(chef-apply recipe)", run_context) + recipe = Chef::Recipe.new("(#{Chef::Dist::APPLY} cookbook)", "(#{Chef::Dist::APPLY} recipe)", run_context) [recipe, run_context] end diff --git a/lib/chef/application/base.rb b/lib/chef/application/base.rb index c5bff9874e..bdc6055c31 100644 --- a/lib/chef/application/base.rb +++ b/lib/chef/application/base.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -100,6 +100,12 @@ class Chef::Application::Base < Chef::Application description: "Set the log file location, defaults to STDOUT - recommended for daemonizing.", proc: nil + option :always_dump_stacktrace, + long: "--[no-]always-dump-stacktrace", + boolean: true, + default: false, + description: "Always dump the stacktrace regardless of the log_level setting." + option :help, short: "-h", long: "--help", diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb index 10634176c4..bfb301957e 100644 --- a/lib/chef/application/knife.rb +++ b/lib/chef/application/knife.rb @@ -46,7 +46,7 @@ class Chef::Application::Knife < Chef::Application option :verbosity, short: "-V", long: "--verbose", - description: "More verbose output. Use twice for max verbosity.", + description: "More verbose output. Use twice (-VV) for additional verbosity and three times (-VVV) for maximum verbosity.", proc: Proc.new { verbosity_level += 1 }, default: 0 diff --git a/lib/chef/application/windows_service.rb b/lib/chef/application/windows_service.rb index 04a8812efc..ee6d0b1616 100644 --- a/lib/chef/application/windows_service.rb +++ b/lib/chef/application/windows_service.rb @@ -40,7 +40,7 @@ class Chef option :config_file, short: "-c CONFIG", long: "--config CONFIG", - default: "#{ENV["SYSTEMDRIVE"]}/chef/client.rb", + default: "#{Chef::Config.etc_chef_dir}/client.rb", description: "The configuration file to use for #{Chef::Dist::PRODUCT} runs." option :log_location, @@ -60,7 +60,7 @@ class Chef description: "Set the number of seconds to wait between #{Chef::Dist::PRODUCT} runs.", proc: lambda { |s| s.to_i } - DEFAULT_LOG_LOCATION ||= "#{ENV["SYSTEMDRIVE"]}/chef/client.log".freeze + DEFAULT_LOG_LOCATION ||= "#{Chef::Config.c_chef_dir}/client.log".freeze def service_init @service_action_mutex = Mutex.new diff --git a/lib/chef/application/windows_service_manager.rb b/lib/chef/application/windows_service_manager.rb index a43c29d072..cab5111352 100644 --- a/lib/chef/application/windows_service_manager.rb +++ b/lib/chef/application/windows_service_manager.rb @@ -41,18 +41,18 @@ class Chef short: "-a ACTION", long: "--action ACTION", default: "status", - description: "Action to carry out on chef-service (install, uninstall, status, start, stop, pause, or resume)." + description: "Action to carry out on #{Chef::Dist::SHORT}-service (install, uninstall, status, start, stop, pause, or resume)." option :config_file, short: "-c CONFIG", long: "--config CONFIG", - default: "#{ENV["SYSTEMDRIVE"]}/chef/client.rb", + default: "#{ChefConfig::Config.c_chef_dir}/client.rb", description: "The configuration file to use for #{Chef::Dist::PRODUCT} runs." option :log_location, short: "-L LOGLOCATION", long: "--logfile LOGLOCATION", - description: "Set the log file location for chef-service." + description: "Set the log file location for #{Chef::Dist::SHORT}-service." option :help, short: "-h", diff --git a/lib/chef/chef_class.rb b/lib/chef/chef_class.rb index dc87ebd271..edc229f203 100644 --- a/lib/chef/chef_class.rb +++ b/lib/chef/chef_class.rb @@ -1,6 +1,6 @@ # # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2015-2018, Chef Software Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -97,8 +97,8 @@ class Chef # # @return [Array<Class>] Modified Priority Array of Provider Classes to use for the resource_name on the node # - def set_provider_priority_array(resource_name, priority_array, *filter, &block) - result = provider_priority_map.set_priority_array(resource_name.to_sym, priority_array, *filter, &block) + def set_provider_priority_array(resource_name, priority_array, **filter, &block) + result = provider_priority_map.set_priority_array(resource_name.to_sym, priority_array, **filter, &block) result = result.dup if result result end @@ -112,8 +112,8 @@ class Chef # # @return [Array<Class>] Modified Priority Array of Resource Classes to use for the resource_name on the node # - def set_resource_priority_array(resource_name, priority_array, *filter, &block) - result = resource_priority_map.set_priority_array(resource_name.to_sym, priority_array, *filter, &block) + def set_resource_priority_array(resource_name, priority_array, **filter, &block) + result = resource_priority_map.set_priority_array(resource_name.to_sym, priority_array, **filter, &block) result = result.dup if result result end diff --git a/lib/chef/chef_fs/chef_fs_data_store.rb b/lib/chef/chef_fs/chef_fs_data_store.rb index 807d5e0155..a8f130f308 100644 --- a/lib/chef/chef_fs/chef_fs_data_store.rb +++ b/lib/chef/chef_fs/chef_fs_data_store.rb @@ -775,7 +775,7 @@ class Chef end elsif path.length == 2 && path[0] != "cookbooks" - path[1] = path[1].gsub(/\.(rb|json)/, "") + path[1] = path[1].gsub(/\.(rb|json)$/, "") end path diff --git a/lib/chef/chef_fs/command_line.rb b/lib/chef/chef_fs/command_line.rb index 265b95e22d..b95a0821bd 100644 --- a/lib/chef/chef_fs/command_line.rb +++ b/lib/chef/chef_fs/command_line.rb @@ -190,9 +190,9 @@ class Chef are_same, old_value, new_value = Chef::ChefFS::FileSystem.compare(old_entry, new_entry) if are_same if old_value == :none - return [ [ :both_nonexistent, old_entry, new_entry ] ] + [ [ :both_nonexistent, old_entry, new_entry ] ] else - return [ [ :same, old_entry, new_entry ] ] + [ [ :same, old_entry, new_entry ] ] end else if old_value == :none @@ -235,11 +235,11 @@ class Chef end if old_value == :none || (old_value.nil? && !old_entry.exists?) - return [ [ :added, old_entry, new_entry, old_value, new_value ] ] + [ [ :added, old_entry, new_entry, old_value, new_value ] ] elsif new_value == :none - return [ [ :deleted, old_entry, new_entry, old_value, new_value ] ] + [ [ :deleted, old_entry, new_entry, old_value, new_value ] ] else - return [ [ :modified, old_entry, new_entry, old_value, new_value ] ] + [ [ :modified, old_entry, new_entry, old_value, new_value ] ] end end end diff --git a/lib/chef/chef_fs/file_system/chef_server/cookbook_artifacts_dir.rb b/lib/chef/chef_fs/file_system/chef_server/cookbook_artifacts_dir.rb index 974bbc91fd..96f281253f 100644 --- a/lib/chef/chef_fs/file_system/chef_server/cookbook_artifacts_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/cookbook_artifacts_dir.rb @@ -66,7 +66,7 @@ class Chef # Instantiate a proxy loader using the temporary symlink proxy_loader = Chef::Cookbook::CookbookVersionLoader.new(proxy_cookbook_path, other.chefignore) - proxy_loader.load_cookbooks + proxy_loader.load! cookbook_to_upload = proxy_loader.cookbook_version cookbook_to_upload.identifier = identifier diff --git a/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb b/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb index 21b7cdaff8..52fc708552 100644 --- a/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb @@ -72,12 +72,29 @@ class Chef end def upload_cookbook(other, options) - cookbook_to_upload = other.chef_object - cookbook_to_upload.freeze_version if options[:freeze] - uploader = Chef::CookbookUploader.new(cookbook_to_upload, force: options[:force], rest: chef_rest) + cookbook = other.chef_object if other.chef_object + raise Chef::Exceptions::MetadataNotFound.new(cookbook.root_paths[0], cookbook.name) unless cookbook.has_metadata_file? - with_actual_cookbooks_dir(other.parent.file_path) do - uploader.upload_cookbooks + if cookbook + begin + tmp_cl = Chef::CookbookLoader.copy_to_tmp_dir_from_array([cookbook]) + tmp_cl.load_cookbooks + tmp_cl.compile_metadata + tmp_cl.freeze_versions if options[:freeze] + cookbook_for_upload = [] + tmp_cl.each do |cookbook_name, cookbook| + cookbook_for_upload << cookbook + end + + uploader = Chef::CookbookUploader.new(cookbook_for_upload, force: options[:force], rest: chef_rest) + + with_actual_cookbooks_dir(other.parent.file_path) do + uploader.upload_cookbooks + end + + ensure + tmp_cl.unlink! + end end end diff --git a/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb b/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb index 94c6ee0656..8b70b8fdd9 100644 --- a/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +++ b/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb @@ -101,7 +101,7 @@ class Chef def read # Minimize the value (get rid of defaults) so the results don't look terrible - Chef::JSONCompat.to_json_pretty(minimize_value(_read_json)) + Chef::JSONCompat.to_json_pretty(normalize_value(_read_json)) end def _read_json @@ -122,7 +122,11 @@ class Chef end def minimize_value(value) - data_handler.minimize(data_handler.normalize(value, self), self) + data_handler.minimize(normalize_value(value), self) + end + + def normalize_value(value) + data_handler.normalize(value, self) end def compare_to(other) diff --git a/lib/chef/chef_fs/file_system/chef_server/versioned_cookbooks_dir.rb b/lib/chef/chef_fs/file_system/chef_server/versioned_cookbooks_dir.rb index 9a65f70f33..a5d76d10c7 100644 --- a/lib/chef/chef_fs/file_system/chef_server/versioned_cookbooks_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/versioned_cookbooks_dir.rb @@ -72,7 +72,7 @@ class Chef # Instantiate a proxy loader using the temporary symlink proxy_loader = Chef::Cookbook::CookbookVersionLoader.new(proxy_cookbook_path, other.chefignore) - proxy_loader.load_cookbooks + proxy_loader.load! cookbook_to_upload = proxy_loader.cookbook_version cookbook_to_upload.freeze_version if options[:freeze] diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_artifact_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_artifact_dir.rb index a15b47ca73..5c893952ee 100644 --- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_artifact_dir.rb +++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_artifact_dir.rb @@ -29,7 +29,7 @@ class Chef cookbook_name, _dash, identifier = name.rpartition("-") # KLUDGE: We shouldn't have to use instance_variable_set loader.instance_variable_set(:@cookbook_name, cookbook_name) - loader.load_cookbooks + loader.load! cookbook_version = loader.cookbook_version cookbook_version.identifier = identifier cookbook_version diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb index 4f8368b025..3aba5ba51b 100644 --- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb @@ -143,7 +143,7 @@ class Chef def cookbook_version loader = Chef::Cookbook::CookbookVersionLoader.new(file_path, chefignore) - loader.load_cookbooks + loader.load! loader.cookbook_version end end diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_versioned_cookbook_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_versioned_cookbook_dir.rb index 4d76be579a..976e0f38f3 100644 --- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_versioned_cookbook_dir.rb +++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_versioned_cookbook_dir.rb @@ -33,7 +33,7 @@ class Chef # KLUDGE: We shouldn't have to use instance_variable_set loader.instance_variable_set(:@cookbook_name, canonical_name) - loader.load_cookbooks + loader.load! loader.cookbook_version end end diff --git a/lib/chef/client.rb b/lib/chef/client.rb index 9e1859eba8..ff5dd485dc 100644 --- a/lib/chef/client.rb +++ b/lib/chef/client.rb @@ -250,7 +250,7 @@ class Chef logger.info "#{Chef::Dist::CLIENT.capitalize} pid: #{Process.pid}" logger.info "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode? logger.debug("#{Chef::Dist::CLIENT.capitalize} request_id: #{request_id}") - ENV["PATH"] = ChefUtils::PathSanity.sanitized_path if Chef::Config[:enforce_path_sanity] + ENV["PATH"] = ChefUtils::DSL::PathSanity.sanitized_path if Chef::Config[:enforce_path_sanity] if Chef::Config.target_mode? get_ohai_data_remotely diff --git a/lib/chef/config.rb b/lib/chef/config.rb index 6964d37abe..f204711384 100644 --- a/lib/chef/config.rb +++ b/lib/chef/config.rb @@ -56,7 +56,7 @@ class Chef default :event_loggers do evt_loggers = [] - if ChefUtils.windows? && !Chef::Platform.windows_nano_server? + if ChefUtils.windows? evt_loggers << :win_evt end evt_loggers diff --git a/lib/chef/cookbook/cookbook_version_loader.rb b/lib/chef/cookbook/cookbook_version_loader.rb index f9ec765e47..2c4fe6db41 100644 --- a/lib/chef/cookbook/cookbook_version_loader.rb +++ b/lib/chef/cookbook/cookbook_version_loader.rb @@ -65,19 +65,24 @@ class Chef # Load the cookbook. Raises an error if the cookbook_path given to the # constructor doesn't point to a valid cookbook. def load! - file_paths_map = load + metadata # force lazy evaluation to occur + + # re-raise any exception that occurred when reading the metadata + raise_metadata_error! + + load_all_files + + remove_ignored_files if empty? raise Exceptions::CookbookNotFoundInRepo, "The directory #{cookbook_path} does not contain a cookbook" end - file_paths_map + cookbook_settings end - # Load the cookbook. Does not raise an error if given a non-cookbook - # directory as the cookbook_path. This behavior is provided for - # compatibility, it is recommended to use #load! instead. def load + Chef.deprecated(:internal_api, "Chef::Cookbook::CookbookVersionLoader's load method is deprecated. Please use load! instead.") metadata # force lazy evaluation to occur # re-raise any exception that occurred when reading the metadata @@ -90,6 +95,7 @@ class Chef if empty? Chef::Log.warn "Found a directory #{cookbook_name} in the cookbook path, but it contains no cookbook files. skipping." end + cookbook_settings end diff --git a/lib/chef/cookbook/metadata.rb b/lib/chef/cookbook/metadata.rb index d5821a799e..ad7acb0e7b 100644 --- a/lib/chef/cookbook/metadata.rb +++ b/lib/chef/cookbook/metadata.rb @@ -604,7 +604,7 @@ class Chef msg = <<~OBSOLETED The dependency specification syntax you are using is no longer valid. You may not specify more than one version constraint for a particular cookbook. - Consult https://docs.chef.io/config_rb_metadata.html for the updated syntax. + Consult https://docs.chef.io/config_rb_metadata/ for the updated syntax. Called by: #{caller_name} '#{dep_name}', #{version_constraints.map(&:inspect).join(", ")} Called from: @@ -621,9 +621,10 @@ class Chef msg = <<~INVALID The version constraint syntax you are using is not valid. If you recently - upgraded to Chef 0.10.0, be aware that you no may longer use "<<" and ">>" for - 'less than' and 'greater than'; use '<' and '>' instead. - Consult https://docs.chef.io/config_rb_metadata.html for more information. + upgraded from Chef Infra releases before 0.10, be aware that you no may + longer use "<<" and ">>" for 'less than' and 'greater than'; use '<' and + '>' instead. Consult https://docs.chef.io/config_rb_metadata/ for more + information. Called by: #{caller_name} '#{dep_name}', '#{constraint_str}' Called from: diff --git a/lib/chef/cookbook/synchronizer.rb b/lib/chef/cookbook/synchronizer.rb index b6bcd2c150..4a2940fb1f 100644 --- a/lib/chef/cookbook/synchronizer.rb +++ b/lib/chef/cookbook/synchronizer.rb @@ -47,6 +47,7 @@ class Chef end def reset! + @skip_removal = nil @valid_cache_entries = {} end diff --git a/lib/chef/cookbook_loader.rb b/lib/chef/cookbook_loader.rb index 2bafed410d..68e678c928 100644 --- a/lib/chef/cookbook_loader.rb +++ b/lib/chef/cookbook_loader.rb @@ -44,11 +44,14 @@ class Chef # @return [Array<String>] the array of repo paths containing cookbook dirs attr_reader :repo_paths + attr_accessor :tmp_working_dir_path + # XXX: this is highly questionable combined with the Hash-style each method include Enumerable # @param repo_paths [Array<String>] the array of repo paths containing cookbook dirs def initialize(*repo_paths) + @tmp_working_dir_path = nil @repo_paths = repo_paths.flatten.compact.map { |p| File.expand_path(p) } raise ArgumentError, "You must specify at least one cookbook repo path" if @repo_paths.empty? end @@ -85,18 +88,18 @@ class Chef # @return [Chef::CookbookVersion] def load_cookbook(cookbook_name) unless cookbook_version_loaders.key?(cookbook_name) - raise Exceptions::CookbookNotFoundInRepo, "Cannot find a cookbook named #{cookbook_name}; did you forget to add metadata to a cookbook? (https://docs.chef.io/config_rb_metadata.html)" + raise Exceptions::CookbookNotFoundInRepo, "Cannot find a cookbook named #{cookbook_name}; did you forget to add metadata to a cookbook? (https://docs.chef.io/config_rb_metadata/)" end return cookbooks_by_name[cookbook_name] if cookbooks_by_name.key?(cookbook_name) loader = cookbook_version_loaders[cookbook_name] - loader.load + loader.load! cookbook_version = loader.cookbook_version cookbooks_by_name[cookbook_name] = cookbook_version - metadata[cookbook_name] = cookbook_version.metadata + metadata[cookbook_name] = cookbook_version.metadata unless cookbook_version.nil? cookbook_version end @@ -135,6 +138,56 @@ class Chef cookbooks_by_name.values end + # This method creates tmp directory and copies all cookbooks into it and creates cookbook loder object which points to tmp directory + def self.copy_to_tmp_dir_from_array(cookbooks) + tmp_cookbook_file = Tempfile.new("tmp_working_dir_path") + tmp_cookbook_file.close + @tmp_working_dir_path = tmp_cookbook_file.path + File.unlink(@tmp_working_dir_path) + FileUtils.mkdir_p(@tmp_working_dir_path) + cookbooks.each do |cookbook| + checksums_to_on_disk_paths = cookbook.checksums + cookbook.each_file do |manifest_record| + path_in_cookbook = manifest_record[:path] + on_disk_path = checksums_to_on_disk_paths[manifest_record[:checksum]] + dest = File.join(@tmp_working_dir_path, cookbook.name.to_s, path_in_cookbook) + FileUtils.mkdir_p(File.dirname(dest)) + FileUtils.cp_r(on_disk_path, dest) + end + end + tmp_cookbook_loader ||= begin + Chef::Cookbook::FileVendor.fetch_from_disk(@tmp_working_dir_path) + CookbookLoader.new(@tmp_working_dir_path) + end + tmp_cookbook_loader.tmp_working_dir_path = @tmp_working_dir_path + tmp_cookbook_loader + end + + # generates metadata.json adds it in the manifest + def compile_metadata + each do |cookbook_name, cookbook| + compiled_metadata = cookbook.compile_metadata + if compiled_metadata + cookbook.all_files << compiled_metadata + cookbook.cookbook_manifest.send(:generate_manifest) + end + end + end + + # freeze versions of all the cookbooks + def freeze_versions + each do |cookbook_name, cookbook| + cookbook.freeze_version + end + end + + # removes the tmp_dir_path + def unlink! + raise "Invalid directory path." if @tmp_working_dir_path.nil? + + FileUtils.rm_rf(@tmp_working_dir_path) + end + alias :cookbooks :values private diff --git a/lib/chef/cookbook_site_streaming_uploader.rb b/lib/chef/cookbook_site_streaming_uploader.rb index dd9cf8fa39..6719ad370b 100644 --- a/lib/chef/cookbook_site_streaming_uploader.rb +++ b/lib/chef/cookbook_site_streaming_uploader.rb @@ -22,6 +22,7 @@ require "uri" unless defined?(URI) require "net/http" unless defined?(Net::HTTP) require "mixlib/authentication/signedheaderauth" require "openssl" unless defined?(OpenSSL) +require_relative "dist" class Chef # == Chef::CookbookSiteStreamingUploader @@ -36,7 +37,7 @@ class Chef class << self def create_build_dir(cookbook) - tmp_cookbook_path = Tempfile.new("chef-#{cookbook.name}-build") + tmp_cookbook_path = Tempfile.new("#{Chef::Dist::SHORT}-#{cookbook.name}-build") tmp_cookbook_path.close tmp_cookbook_dir = tmp_cookbook_path.path File.unlink(tmp_cookbook_dir) diff --git a/lib/chef/cookbook_uploader.rb b/lib/chef/cookbook_uploader.rb index ffc4040194..816cbf95fe 100644 --- a/lib/chef/cookbook_uploader.rb +++ b/lib/chef/cookbook_uploader.rb @@ -47,7 +47,7 @@ class Chef def upload_cookbooks # Syntax Check - validate_cookbooks + validate_cookbooks unless opts[:skip_syntax_check] # generate checksums of cookbook files and create a sandbox checksum_files = {} cookbooks.each do |cb| @@ -139,6 +139,8 @@ class Chef def validate_cookbooks cookbooks.each do |cb| + next if cb.nil? + syntax_checker = Chef::Cookbook::SyntaxCheck.new(cb.root_dir) Chef::Log.info("Validating ruby files") exit(1) unless syntax_checker.validate_ruby_files diff --git a/lib/chef/cookbook_version.rb b/lib/chef/cookbook_version.rb index d546724fa0..ed0c199728 100644 --- a/lib/chef/cookbook_version.rb +++ b/lib/chef/cookbook_version.rb @@ -4,7 +4,7 @@ # Author:: Tim Hinderliter (<tim@chef.io>) # Author:: Seth Falcon (<seth@chef.io>) # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -137,6 +137,18 @@ class Chef end end + def recipe_yml_filenames_by_name + @recipe_ym_filenames_by_name ||= begin + name_map = yml_filenames_by_name(files_for("recipes")) + root_alias = cookbook_manifest.root_files.find { |record| record[:name] == "root_files/recipe.yml" } + if root_alias + Chef::Log.error("Cookbook #{name} contains both recipe.yml and and recipes/default.yml, ignoring recipes/default.yml") if name_map["default"] + name_map["default"] = root_alias[:full_path] + end + name_map + end + end + def recipe_filenames_by_name @recipe_filenames_by_name ||= begin name_map = filenames_by_name(files_for("recipes")) @@ -184,10 +196,29 @@ class Chef # called from DSL def load_recipe(recipe_name, run_context) - unless recipe_filenames_by_name.key?(recipe_name) + if recipe_filenames_by_name.key?(recipe_name) + load_ruby_recipe(recipe_name, run_context) + elsif recipe_yml_filenames_by_name.key?(recipe_name) + load_yml_recipe(recipe_name, run_context) + else raise Chef::Exceptions::RecipeNotFound, "could not find recipe #{recipe_name} for cookbook #{name}" end + end + + def load_yml_recipe(recipe_name, run_context) + Chef::Log.trace("Found recipe #{recipe_name} in cookbook #{name}") + recipe = Chef::Recipe.new(name, recipe_name, run_context) + recipe_filename = recipe_yml_filenames_by_name[recipe_name] + + unless recipe_filename + raise Chef::Exceptions::RecipeNotFound, "could not find #{recipe_name} files for cookbook #{name}" + end + recipe.from_yaml_file(recipe_filename) + recipe + end + + def load_ruby_recipe(recipe_name, run_context) Chef::Log.trace("Found recipe #{recipe_name} in cookbook #{name}") recipe = Chef::Recipe.new(name, recipe_name, run_context) recipe_filename = recipe_filenames_by_name[recipe_name] @@ -445,6 +476,10 @@ class Chef end end + def has_metadata_file? + all_files.include?(metadata_json_file) || all_files.include?(metadata_rb_file) + end + ## # REST API ## @@ -513,6 +548,19 @@ class Chef @cookbook_manifest ||= CookbookManifest.new(self) end + def compile_metadata(path = root_dir) + json_file = "#{path}/metadata.json" + rb_file = "#{path}/metadata.rb" + return nil if File.exist?(json_file) + + md = Chef::Cookbook::Metadata.new + md.from_file(rb_file) + f = File.open(json_file, "w") + f.write(Chef::JSONCompat.to_json_pretty(md)) + f.close + f.path + end + private def find_preferred_manifest_record(node, segment, filename) @@ -534,6 +582,10 @@ class Chef records.select { |record| record[:name] =~ /\.rb$/ }.inject({}) { |memo, record| memo[File.basename(record[:name], ".rb")] = record[:full_path]; memo } end + def yml_filenames_by_name(records) + records.select { |record| record[:name] =~ /\.yml$/ }.inject({}) { |memo, record| memo[File.basename(record[:name], ".yml")] = record[:full_path]; memo } + end + def file_vendor unless @file_vendor @file_vendor = Chef::Cookbook::FileVendor.create_from_manifest(cookbook_manifest) diff --git a/lib/chef/data_collector/config_validation.rb b/lib/chef/data_collector/config_validation.rb index 8bc409f03c..d3a347c57c 100644 --- a/lib/chef/data_collector/config_validation.rb +++ b/lib/chef/data_collector/config_validation.rb @@ -77,27 +77,27 @@ class Chef case when Chef::Config[:why_run] Chef::Log.trace("data collector is disabled for why run mode") - return false + false when (want_mode != :both) && running_mode != want_mode Chef::Log.trace("data collector is configured to only run in #{Chef::Config[:data_collector][:mode]} modes, disabling it") - return false + false when !(Chef::Config[:data_collector][:server_url] || Chef::Config[:data_collector][:output_locations]) Chef::Log.trace("Neither data collector URL or output locations have been configured, disabling data collector") - return false + false when running_mode == :client && Chef::Config[:data_collector][:token] Chef::Log.warn("Data collector token authentication is not recommended for client-server mode. " \ "Please upgrade #{Chef::Dist::SERVER_PRODUCT} to 12.11 or later and remove the token from your config file " \ "to use key based authentication instead") - return true + true when Chef::Config[:data_collector][:output_locations] && Chef::Config[:data_collector][:output_locations][:files] && !Chef::Config[:data_collector][:output_locations][:files].empty? # we can run fine to a file without a token, even in solo mode. - return true + true when running_mode == :solo && !Chef::Config[:data_collector][:token] # we are in solo mode and are not logging to a file, so must have a token Chef::Log.trace("Data collector token must be configured to use #{Chef::Dist::AUTOMATE} data collector with #{Chef::Dist::SOLO}") - return false + false else - return true + true end end diff --git a/lib/chef/deprecated.rb b/lib/chef/deprecated.rb index 4817c1e8ec..3d6ced6526 100644 --- a/lib/chef/deprecated.rb +++ b/lib/chef/deprecated.rb @@ -47,7 +47,7 @@ class Chef # # @return [String] def url - "#{BASE_URL}#{self.class.doc_page}" + "#{BASE_URL}#{self.class.doc_page}/" end # Render the user-visible message for this deprecation. @@ -104,7 +104,7 @@ class Chef # # @example # class MyDeprecation < Base - # target 123, "my_deprecation.html" + # target 123, "my_deprecation" # end # @param id [Integer] Deprecation ID number. This must be unique among # all deprecations. @@ -113,7 +113,7 @@ class Chef # @return [void] def target(id, page = nil) @deprecation_id = id - @doc_page = page || "#{deprecation_key}.html" + @doc_page = page || "#{deprecation_key}" end end end @@ -137,7 +137,7 @@ class Chef end class CustomResource < Base - target 5, "custom_resource_cleanups.html" + target 5, "custom_resource_cleanups" end class EasyInstall < Base @@ -235,7 +235,7 @@ class Chef class Generic < Base def url - "https://docs.chef.io/chef_deprecations_client.html" + "https://docs.chef.io/chef_deprecations_client/" end def to_s diff --git a/lib/chef/deprecation/warnings.rb b/lib/chef/deprecation/warnings.rb index 7120b87f43..ae521ac48e 100644 --- a/lib/chef/deprecation/warnings.rb +++ b/lib/chef/deprecation/warnings.rb @@ -21,11 +21,12 @@ class Chef module Warnings require_relative "../version" + require_relative "../dist" def add_deprecation_warnings_for(method_names) method_names.each do |name| define_method(name) do |*args| - message = "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in Chef #{Chef::VERSION.to_i.next}." + message = "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in #{Chef::Dist::PRODUCT} #{Chef::VERSION.to_i.next}." message << " Please update your cookbooks accordingly." Chef.deprecated(:internal_api, message) super(*args) diff --git a/lib/chef/dist.rb b/lib/chef/dist.rb index baf43c9127..f5f63103fa 100644 --- a/lib/chef/dist.rb +++ b/lib/chef/dist.rb @@ -1,20 +1,27 @@ class Chef class Dist + require "chef-config/dist" + require "chef-config/config" + # This class is not fully implemented, depending on it is not recommended! # When referencing a product directly, like Chef (Now Chef Infra) PRODUCT = "Chef Infra Client".freeze + # A short designation for the product, used in Windows event logs + # and some nomenclature. + SHORT = ChefConfig::Dist::SHORT.freeze + # The name of the server product SERVER_PRODUCT = "Chef Infra Server".freeze # The client's alias (chef-client) - CLIENT = "chef-client".freeze + CLIENT = ChefConfig::Dist::CLIENT.freeze # name of the automate product AUTOMATE = "Chef Automate".freeze # The chef executable, as in `chef gem install` or `chef generate cookbook` - EXEC = "chef".freeze + EXEC = ChefConfig::Dist::EXEC.freeze # product website address WEBSITE = "https://chef.io".freeze @@ -34,15 +41,18 @@ class Chef # The chef-shell executable SHELL = "chef-shell".freeze + # The chef-apply executable + APPLY = "chef-apply".freeze + # Configuration related constants # The chef-shell configuration file SHELL_CONF = "chef_shell.rb".freeze # The configuration directory - CONF_DIR = "/etc/#{Chef::Dist::EXEC}".freeze + CONF_DIR = ChefConfig::Config.etc_chef_dir.freeze # The user's configuration directory - USER_CONF_DIR = ".chef".freeze + USER_CONF_DIR = ChefConfig::Dist::USER_CONF_DIR.freeze # The server's configuration directory SERVER_CONF_DIR = "/etc/chef-server".freeze diff --git a/lib/chef/dsl/chef_vault.rb b/lib/chef/dsl/chef_vault.rb new file mode 100644 index 0000000000..69694d0d8f --- /dev/null +++ b/lib/chef/dsl/chef_vault.rb @@ -0,0 +1,84 @@ +# +# Author: Joshua Timberman <joshua@chef.io> +# +# Copyright:: 2013-2020, Chef Software, Inc. +# Copyright:: 2014-2015 Bloomberg Finance L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef-vault" +require_relative "data_query" + +class Chef + module DSL + module ChefVault + include Chef::DSL::DataQuery + + # Helper method which provides a Recipe/Resource DSL for wrapping + # creation of {ChefVault::Item}. + # @note + # Falls back to normal data bag item loading if the item is not + # actually a Chef Vault item. This is controlled via + # +node['chef-vault']['databag_fallback']+. + # @example + # item = chef_vault_item('secrets', 'bacon') + # log 'Yeah buddy!' if item['_default']['type'] + # @param [String] bag Name of the data bag to load from. + # @param [String] id Identifier of the data bag item to load. + def chef_vault_item(bag, id) + if ::ChefVault::Item.vault?(bag, id) + ::ChefVault::Item.load(bag, id) + elsif node["chef-vault"]["databag_fallback"] + data_bag_item(bag, id) + else + raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled" + end + end + + # Helper method that allows for listing the ids of a vault in a recipe. + # This method is needed because data_bag() returns the keys along with + # the items, so this method strips out the keys for users so that they + # don't have to do it in their recipes. + # @example + # ids = chef_vault('secrets') + # log 'Yeah buddy!' if ids[0] == 'bacon' + # @param [String] bag Name of the data bag to load from. + # @return [Array] + def chef_vault(bag) + raise "'#{bag}' is not a vault" unless Chef::DataBag.list.include? bag + + pattern = Regexp.new(/_keys$/).freeze + data_bag(bag).each_with_object([]) do |id, acc| + acc << id unless pattern.match?(id) + end + end + + # Helper method which provides an environment wrapper for a data bag. + # This allows for easy access to current environment secrets inside + # of an item. + # @example + # item = chef_vault_item_for_environment('secrets', 'bacon') + # log 'Yeah buddy!' if item['type'] == 'applewood_smoked' + # @param [String] bag Name of the data bag to load from. + # @param [String] id Identifier of the data bag item to load. + # @return [Hash] + def chef_vault_item_for_environment(bag, id) + item = chef_vault_item(bag, id) + return {} unless item[node.chef_environment] + + item[node.chef_environment] + end + end + end +end
\ No newline at end of file diff --git a/lib/chef/dsl/core.rb b/lib/chef/dsl/core.rb deleted file mode 100644 index f564dd0418..0000000000 --- a/lib/chef/dsl/core.rb +++ /dev/null @@ -1,52 +0,0 @@ -#-- -# Author:: Adam Jacob (<adam@chef.io>) -# Author:: Christopher Walters (<cw@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "declare_resource" -require_relative "universal" -require_relative "../mixin/notifying_block" -require_relative "../mixin/lazy_module_include" - -class Chef - module DSL - # Part of a family of DSL mixins. - # - # Chef::DSL::Recipe mixes into Recipes and LWRP Providers. - # - this does not target core chef resources and providers. - # - this is restricted to recipe/resource/provider context where a resource collection exists. - # - cookbook authors should typically include modules into here. - # - # Chef::DSL::Core mixes into Recipes, LWRP Providers and Core Providers - # - this adds cores providers on top of the Recipe DSL. - # - this is restricted to recipe/resource/provider context where a resource collection exists. - # - core chef authors should typically include modules into here. - # - # Chef::DSL::Universal mixes into Recipes, LWRP Resources+Providers, Core Resources+Providers, and Attributes files. - # - this adds resources and attributes files. - # - do not add helpers which manipulate the resource collection. - # - this is for general-purpose stuff that is useful nearly everywhere. - # - it also pollutes the namespace of nearly every context, watch out. - # - module Core - include Chef::DSL::Universal - include Chef::DSL::DeclareResource - include Chef::Mixin::NotifyingBlock - extend Chef::Mixin::LazyModuleInclude - end - end -end diff --git a/lib/chef/dsl/declare_resource.rb b/lib/chef/dsl/declare_resource.rb index 7ae1551c04..a4272a5f28 100644 --- a/lib/chef/dsl/declare_resource.rb +++ b/lib/chef/dsl/declare_resource.rb @@ -69,7 +69,7 @@ class Chef # @return [Chef::Resource] The resource # # @example - # delete_resource!(:template, '/x/y.txy') + # delete_resource!(:template, '/x/y.txt') # def delete_resource!(type, name, run_context: self.run_context) run_context.resource_collection.delete("#{type}[#{name}]").tap do |resource| @@ -93,7 +93,7 @@ class Chef # @return [Chef::Resource] The resource # # @example - # delete_resource(:template, '/x/y.txy') + # delete_resource(:template, '/x/y.txt') # def delete_resource(type, name, run_context: self.run_context) delete_resource!(type, name, run_context: run_context) @@ -114,7 +114,7 @@ class Chef # @return [Chef::Resource] The updated resource # # @example - # edit_resource!(:template, '/x/y.txy') do + # edit_resource!(:template, '/x/y.txt') do # cookbook_name: cookbook_name # end # @@ -147,8 +147,8 @@ class Chef # @return [Chef::Resource] The updated or created resource # # @example - # resource = edit_resource(:template, '/x/y.txy') do - # source "y.txy.erb" + # resource = edit_resource(:template, '/x/y.txt') do + # source "y.txt.erb" # variables {} # end # resource.variables.merge!({ home: "/home/klowns" }) @@ -199,7 +199,7 @@ class Chef # @return [Chef::Resource] The updated resource # # @example - # resource = find_resource!(:template, '/x/y.txy') + # resource = find_resource!(:template, '/x/y.txt') # def find_resource!(type, name, run_context: self.run_context) raise ArgumentError, "find_resource! does not take a block" if block_given? @@ -219,7 +219,7 @@ class Chef # @return [Chef::Resource] The updated resource # # @example - # if ( find_resource(:template, '/x/y.txy') ) + # if ( find_resource(:template, '/x/y.txt') ) # # do something # else # # don't worry about the error @@ -259,7 +259,7 @@ class Chef # @return [Chef::Resource] The new resource. # # @example - # declare_resource(:file, '/x/y.txy', caller[0]) do + # declare_resource(:file, '/x/y.txt', caller[0]) do # action :delete # end # # Equivalent to @@ -293,7 +293,7 @@ class Chef # @return [Chef::Resource] The new resource. # # @example - # build_resource(:file, '/x/y.txy', caller[0]) do + # build_resource(:file, '/x/y.txt', caller[0]) do # action :delete # end # diff --git a/lib/chef/dsl/platform_introspection.rb b/lib/chef/dsl/platform_introspection.rb index c0856c15cc..521eea76b6 100644 --- a/lib/chef/dsl/platform_introspection.rb +++ b/lib/chef/dsl/platform_introspection.rb @@ -90,9 +90,9 @@ class Chef case key_matches.length when 0 - return nil + nil when 1 - return @values[platform][key_matches.first] + @values[platform][key_matches.first] else raise "Multiple matches detected for #{platform} with values #{@values}. The matches are: #{key_matches}" end @@ -248,15 +248,16 @@ class Chef end # a simple helper to determine if we're on a windows release pre-2012 / 8 + # + # @deprecated Windows releases before Windows 2012 and 8 are no longer supported # @return [Boolean] Is the system older than Windows 8 / 2012 def older_than_win_2012_or_8?(node = run_context.nil? ? nil : run_context.node) - node["platform_version"].to_f < 6.2 + false # we don't support platforms that would be true end # ^^^^^^ NOTE: PLEASE DO NOT CONTINUE TO ADD THESE KINDS OF PLATFORM_VERSION APIS WITHOUT ^^^^^^^ # ^^^^^^ GOING THROUGH THE DESIGN REVIEW PROCESS AND ADDRESS THE EXISTING CHEF-SUGAR ONES ^^^^^^^ # ^^^^^^ DO "THE HARD RIGHT THING" AND ADDRESS THE BROADER PROBLEM AND FIX IT ALL. ^^^^^^^ - end end end diff --git a/lib/chef/dsl/reboot_pending.rb b/lib/chef/dsl/reboot_pending.rb index e554ca83ad..e19faad881 100644 --- a/lib/chef/dsl/reboot_pending.rb +++ b/lib/chef/dsl/reboot_pending.rb @@ -39,11 +39,11 @@ class Chef # http://technet.microsoft.com/en-us/library/cc960241.aspx registry_value_exists?('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager', { name: "PendingFileRenameOperations" }) || - # RebootRequired key contains Update IDs with a value of 1 if they require a reboot. - # The existence of RebootRequired alone is sufficient on my Windows 8.1 workstation in Windows Update + # RebootRequired key contains Update IDs with a value of 1 if they require a reboot. + # The existence of RebootRequired alone is sufficient on my Windows 8.1 workstation in Windows Update registry_key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') || - # Vista + Server 2008 and newer may have reboots pending from CBS + # Vista + Server 2008 and newer may have reboots pending from CBS registry_key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending') elsif platform?("ubuntu") # This should work for Debian as well if update-notifier-common happens to be installed. We need an API for that. diff --git a/lib/chef/dsl/recipe.rb b/lib/chef/dsl/recipe.rb index 1d02d9c03e..647ae4feb9 100644 --- a/lib/chef/dsl/recipe.rb +++ b/lib/chef/dsl/recipe.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Christopher Walters (<cw@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,23 +22,19 @@ require_relative "resources" require_relative "definitions" require_relative "include_recipe" require_relative "reboot_pending" -require_relative "core" +require_relative "universal" +require_relative "declare_resource" +require_relative "../mixin/notifying_block" require_relative "../mixin/lazy_module_include" class Chef module DSL # Part of a family of DSL mixins. # - # Chef::DSL::Recipe mixes into Recipes and LWRP Providers. - # - this does not target core chef resources and providers. + # Chef::DSL::Recipe mixes into Recipes and Providers. # - this is restricted to recipe/resource/provider context where a resource collection exists. # - cookbook authors should typically include modules into here. # - # Chef::DSL::Core mixes into Recipes, LWRP Providers and Core Providers - # - this adds cores providers on top of the Recipe DSL. - # - this is restricted to recipe/resource/provider context where a resource collection exists. - # - core chef authors should typically include modules into here. - # # Chef::DSL::Universal mixes into Recipes, LWRP Resources+Providers, Core Resources+Providers, and Attributes files. # - this adds resources and attributes files. # - do not add helpers which manipulate the resource collection. @@ -46,7 +42,9 @@ class Chef # - it also pollutes the namespace of nearly every context, watch out. # module Recipe - include Chef::DSL::Core + include Chef::DSL::Universal + include Chef::DSL::DeclareResource + include Chef::Mixin::NotifyingBlock include Chef::DSL::IncludeRecipe include Chef::DSL::RebootPending include Chef::DSL::Resources @@ -69,6 +67,3 @@ class Chef end end end - -# Avoid circular references for things that are only used in instance methods -require_relative "../resource" diff --git a/lib/chef/dsl/universal.rb b/lib/chef/dsl/universal.rb index c9afa38f98..7d56a1896b 100644 --- a/lib/chef/dsl/universal.rb +++ b/lib/chef/dsl/universal.rb @@ -1,7 +1,7 @@ #-- # Author:: Adam Jacob (<adam@chef.io>) # Author:: Christopher Walters (<cw@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,6 +19,7 @@ require_relative "platform_introspection" require_relative "data_query" +require_relative "chef_vault" require_relative "registry_helper" require_relative "powershell" require_relative "../mixin/powershell_exec" @@ -30,16 +31,10 @@ class Chef module DSL # Part of a family of DSL mixins. # - # Chef::DSL::Recipe mixes into Recipes and LWRP Providers. - # - this does not target core chef resources and providers. + # Chef::DSL::Recipe mixes into Recipes and Providers. # - this is restricted to recipe/resource/provider context where a resource collection exists. # - cookbook authors should typically include modules into here. # - # Chef::DSL::Core mixes into Recipes, LWRP Providers and Core Providers - # - this adds cores providers on top of the Recipe DSL. - # - this is restricted to recipe/resource/provider context where a resource collection exists. - # - core chef authors should typically include modules into here. - # # Chef::DSL::Universal mixes into Recipes, LWRP Resources+Providers, Core Resources+Providers, and Attributes files. # - this adds resources and attributes files. # - do not add helpers which manipulate the resource collection. @@ -49,6 +44,7 @@ class Chef module Universal include Chef::DSL::PlatformIntrospection include Chef::DSL::DataQuery + include Chef::DSL::ChefVault include Chef::DSL::RegistryHelper include Chef::DSL::Powershell include Chef::Mixin::PowershellExec diff --git a/lib/chef/event_loggers/windows_eventlog.rb b/lib/chef/event_loggers/windows_eventlog.rb index 3ace9e6f44..eecf0f033b 100644 --- a/lib/chef/event_loggers/windows_eventlog.rb +++ b/lib/chef/event_loggers/windows_eventlog.rb @@ -36,7 +36,7 @@ class Chef LOG_CATEGORY_ID = 11001 # Since we must install the event logger, this is not really configurable - SOURCE = "#{Chef::Dist::PRODUCT}".freeze + SOURCE = Chef::Dist::SHORT.freeze def self.available? ChefUtils.windows? diff --git a/lib/chef/exceptions.rb b/lib/chef/exceptions.rb index 40d20cc3ac..d1317cec69 100644 --- a/lib/chef/exceptions.rb +++ b/lib/chef/exceptions.rb @@ -475,7 +475,7 @@ class Chef class CookbookChefVersionMismatch < RuntimeError def initialize(chef_version, cookbook_name, cookbook_version, *constraints) constraint_str = constraints.map { |c| c.requirement.as_list.to_s }.join(", ") - super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on chef version #{constraint_str}, but the running chef version is #{chef_version}" + super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on #{Chef::Dist::PRODUCT} version #{constraint_str}, but the running #{Chef::Dist::PRODUCT} version is #{chef_version}" end end diff --git a/lib/chef/formatters/doc.rb b/lib/chef/formatters/doc.rb index 0a4edd2f8b..88f332626c 100644 --- a/lib/chef/formatters/doc.rb +++ b/lib/chef/formatters/doc.rb @@ -273,7 +273,7 @@ class Chef # Called when a resource has no converge actions, e.g., it was already correct. def resource_up_to_date(resource, action) @up_to_date_resources += 1 - puts " (up to date)", stream: resource + puts " (up to date)", stream: resource unless resource.suppress_up_to_date_messages? unindent end diff --git a/lib/chef/formatters/indentable_output_stream.rb b/lib/chef/formatters/indentable_output_stream.rb index 5d58df6f11..d508a32eb0 100644 --- a/lib/chef/formatters/indentable_output_stream.rb +++ b/lib/chef/formatters/indentable_output_stream.rb @@ -17,23 +17,14 @@ class Chef @semaphore = Mutex.new end - def highline - @highline ||= begin - require "highline" - HighLine.new + # pastel.decorate is a lightweight replacement for highline.color + def pastel + @pastel ||= begin + require "pastel" + Pastel.new end end - # Print text. This will start a new line and indent if necessary - # but will not terminate the line (future print and puts statements - # will start off where this print left off). - # - # @param string [String] - # @param args [Array<Hash,Symbol>] - def color(string, *args) - print(string, from_args(args)) - end - # Print the start of a new line. This will terminate any existing lines and # cause indentation but will not move to the next line yet (future 'print' # and 'puts' statements will stay on this line). @@ -83,7 +74,7 @@ class Chef # # == Alternative # - # You may also call print('string', :red) (a list of colors a la Highline.color) + # You may also call print('string', :red) (https://github.com/piotrmurach/pastel#3-supported-colors) def print(string, *args) options = from_args(args) @@ -140,7 +131,7 @@ class Chef end if Chef::Config[:color] && options[:colors] - @out.print highline.color(line, *options[:colors]) + @out.print pastel.decorate(line, *options[:colors]) else @out.print line end diff --git a/lib/chef/guard_interpreter/default_guard_interpreter.rb b/lib/chef/guard_interpreter/default_guard_interpreter.rb index 7ed0570291..b14b714c7d 100644 --- a/lib/chef/guard_interpreter/default_guard_interpreter.rb +++ b/lib/chef/guard_interpreter/default_guard_interpreter.rb @@ -23,6 +23,7 @@ class Chef class GuardInterpreter class DefaultGuardInterpreter include Chef::Mixin::ShellOut + attr_reader :output def initialize(command, opts) @command = command @@ -31,6 +32,7 @@ class Chef def evaluate result = shell_out(@command, default_env: false, **@command_opts) + @output = "STDOUT: #{result.stdout}\nSTDERR: #{result.stderr}\n" Chef::Log.debug "Command failed: #{result.stderr}" unless result.status.success? result.status.success? # Timeout fails command rather than chef-client run, see: diff --git a/lib/chef/http/http_request.rb b/lib/chef/http/http_request.rb index 566d05fa84..8ce6bee583 100644 --- a/lib/chef/http/http_request.rb +++ b/lib/chef/http/http_request.rb @@ -5,7 +5,7 @@ # Author:: Christopher Brown (<cb@chef.io>) # Author:: Christopher Walters (<cw@chef.io>) # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2009-2016, 2010-2018, Chef Software Inc. +# Copyright:: Copyright 2009-2016, 2010-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,6 +21,7 @@ # limitations under the License. # require "uri" unless defined?(URI) +require "cgi" unless defined?(CGI) require "net/http" unless defined?(Net::HTTP) require_relative "../dist" @@ -176,8 +177,8 @@ class Chef @http_request.body = request_body if request_body && @http_request.request_body_permitted? # Optionally handle HTTP Basic Authentication if url.user - user = URI.unescape(url.user) - password = URI.unescape(url.password) if url.password + user = CGI.unescape(url.user) + password = CGI.unescape(url.password) if url.password @http_request.basic_auth(user, password) end diff --git a/lib/chef/http/json_output.rb b/lib/chef/http/json_output.rb index 62fa379096..ca738c8981 100644 --- a/lib/chef/http/json_output.rb +++ b/lib/chef/http/json_output.rb @@ -65,7 +65,7 @@ class Chef if http_response.body Chef::Log.trace("Response body contains:\n#{http_response.body.length < 256 ? http_response.body : http_response.body[0..256] + " [...truncated...]"}") end - return [http_response, rest_request, http_response.body.to_s] + [http_response, rest_request, http_response.body.to_s] end end diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index e040de9d57..0debcbc429 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -191,7 +191,7 @@ class Chef config_loader.profile = profile config_loader.load - ui.warn("No knife configuration file found. See https://docs.chef.io/config_rb_knife.html for details.") if config_loader.no_config_found? + ui.warn("No knife configuration file found. See https://docs.chef.io/config_rb/ for details.") if config_loader.no_config_found? config_loader rescue Exceptions::ConfigurationError => e @@ -279,12 +279,10 @@ class Chef if CHEF_ORGANIZATION_MANAGEMENT.include?(args[0]) list_commands("CHEF ORGANIZATION MANAGEMENT") - elsif OPSCODE_HOSTED_CHEF_ACCESS_CONTROL.include?(args[0]) - list_commands("OPSCODE HOSTED CHEF ACCESS CONTROL") elsif category_commands = guess_category(args) list_commands(category_commands) elsif OFFICIAL_PLUGINS.include?(args[0]) # command was an uninstalled official chef knife plugin - ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into ChefDK / Chef Workstation") + ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into Chef Workstation") else list_commands end diff --git a/lib/chef/knife/acl_add.rb b/lib/chef/knife/acl_add.rb new file mode 100644 index 0000000000..df9bc86e70 --- /dev/null +++ b/lib/chef/knife/acl_add.rb @@ -0,0 +1,57 @@ +# +# Author:: Steven Danna (steve@chef.io) +# Author:: Jeremiah Snapp (jeremiah@chef.io) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class AclAdd < Chef::Knife + category "acl" + banner "knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + member_type, member_name, object_type, object_name, perms = name_args + + if name_args.length != 5 + show_usage + ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms" + exit 1 + end + + unless %w{client group}.include?(member_type) + ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL." + ui.fatal " See the knife-acl README for more information." + exit 1 + end + validate_perm_type!(perms) + validate_member_name!(member_name) + validate_object_name!(object_name) + validate_object_type!(object_type) + validate_member_exists!(member_type, member_name) + + add_to_acl!(member_type, member_name, object_type, object_name, perms) + end + end + end +end diff --git a/lib/chef/knife/acl_base.rb b/lib/chef/knife/acl_base.rb new file mode 100644 index 0000000000..14d80948b1 --- /dev/null +++ b/lib/chef/knife/acl_base.rb @@ -0,0 +1,183 @@ +# +# Author:: Steven Danna (steve@chef.io) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + module AclBase + + PERM_TYPES = %w{create read update delete grant}.freeze unless defined? PERM_TYPES + MEMBER_TYPES = %w{client group user}.freeze unless defined? MEMBER_TYPES + OBJECT_TYPES = %w{clients containers cookbooks data environments groups nodes roles policies policy_groups}.freeze unless defined? OBJECT_TYPES + OBJECT_NAME_SPEC = /^[\-[:alnum:]_\.]+$/.freeze unless defined? OBJECT_NAME_SPEC + + def validate_object_type!(type) + unless OBJECT_TYPES.include?(type) + ui.fatal "Unknown object type \"#{type}\". The following types are permitted: #{OBJECT_TYPES.join(", ")}" + exit 1 + end + end + + def validate_object_name!(name) + unless OBJECT_NAME_SPEC.match(name) + ui.fatal "Invalid name: #{name}" + exit 1 + end + end + + def validate_member_type!(type) + unless MEMBER_TYPES.include?(type) + ui.fatal "Unknown member type \"#{type}\". The following types are permitted: #{MEMBER_TYPES.join(", ")}" + exit 1 + end + end + + def validate_member_name!(name) + # Same rules apply to objects and members + validate_object_name!(name) + end + + def validate_perm_type!(perms) + perms.split(",").each do |perm| + unless PERM_TYPES.include?(perm) + ui.fatal "Invalid permission \"#{perm}\". The following permissions are permitted: #{PERM_TYPES.join(",")}" + exit 1 + end + end + end + + def validate_member_exists!(member_type, member_name) + true if rest.get_rest("#{member_type}s/#{member_name}") + rescue NameError + # ignore "NameError: uninitialized constant Chef::ApiClient" when finding a client + true + rescue + ui.fatal "#{member_type} '#{member_name}' does not exist" + exit 1 + end + + def is_usag?(gname) + gname.length == 32 && gname =~ /^[0-9a-f]+$/ + end + + def get_acl(object_type, object_name) + rest.get_rest("#{object_type}/#{object_name}/_acl?detail=granular") + end + + def get_ace(object_type, object_name, perm) + get_acl(object_type, object_name)[perm] + end + + def add_to_acl!(member_type, member_name, object_type, object_name, perms) + acl = get_acl(object_type, object_name) + perms.split(",").each do |perm| + ui.msg "Adding '#{member_name}' to '#{perm}' ACE of '#{object_name}'" + ace = acl[perm] + + case member_type + when "client", "user" + # Our PUT body depends on the type of reply we get from _acl?detail=granular + # When the server replies with json attributes 'users' and 'clients', + # we'll want to modify entries under the same keys they arrived.- their presence + # in the body tells us that CS will accept them in a PUT. + # Older version of chef-server will continue to use 'actors' for a combined list + # and expect the same in the body. + key = "#{member_type}s" + key = "actors" unless ace.key? key + next if ace[key].include?(member_name) + + ace[key] << member_name + when "group" + next if ace["groups"].include?(member_name) + + ace["groups"] << member_name + end + + update_ace!(object_type, object_name, perm, ace) + end + end + + def remove_from_acl!(member_type, member_name, object_type, object_name, perms) + acl = get_acl(object_type, object_name) + perms.split(",").each do |perm| + ui.msg "Removing '#{member_name}' from '#{perm}' ACE of '#{object_name}'" + ace = acl[perm] + + case member_type + when "client", "user" + key = "#{member_type}s" + key = "actors" unless ace.key? key + next unless ace[key].include?(member_name) + + ace[key].delete(member_name) + when "group" + next unless ace["groups"].include?(member_name) + + ace["groups"].delete(member_name) + end + + update_ace!(object_type, object_name, perm, ace) + end + end + + def update_ace!(object_type, object_name, ace_type, ace) + rest.put_rest("#{object_type}/#{object_name}/_acl/#{ace_type}", ace_type => ace) + end + + def add_to_group!(member_type, member_name, group_name) + validate_member_exists!(member_type, member_name) + existing_group = rest.get_rest("groups/#{group_name}") + ui.msg "Adding '#{member_name}' to '#{group_name}' group" + unless existing_group["#{member_type}s"].include?(member_name) + existing_group["#{member_type}s"] << member_name + new_group = { + "groupname" => existing_group["groupname"], + "orgname" => existing_group["orgname"], + "actors" => { + "users" => existing_group["users"], + "clients" => existing_group["clients"], + "groups" => existing_group["groups"], + }, + } + rest.put_rest("groups/#{group_name}", new_group) + end + end + + def remove_from_group!(member_type, member_name, group_name) + validate_member_exists!(member_type, member_name) + existing_group = rest.get_rest("groups/#{group_name}") + ui.msg "Removing '#{member_name}' from '#{group_name}' group" + if existing_group["#{member_type}s"].include?(member_name) + existing_group["#{member_type}s"].delete(member_name) + new_group = { + "groupname" => existing_group["groupname"], + "orgname" => existing_group["orgname"], + "actors" => { + "users" => existing_group["users"], + "clients" => existing_group["clients"], + "groups" => existing_group["groups"], + }, + } + rest.put_rest("groups/#{group_name}", new_group) + end + end + end + end +end diff --git a/lib/chef/knife/acl_bulk_add.rb b/lib/chef/knife/acl_bulk_add.rb new file mode 100644 index 0000000000..ab99a2884b --- /dev/null +++ b/lib/chef/knife/acl_bulk_add.rb @@ -0,0 +1,78 @@ +# +# Author:: Jeremiah Snapp (jeremiah@chef.io) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class AclBulkAdd < Chef::Knife + category "acl" + banner "knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + member_type, member_name, object_type, regex, perms = name_args + object_name_matcher = /#{regex}/ + + if name_args.length != 5 + show_usage + ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms" + exit 1 + end + + unless %w{client group}.include?(member_type) + ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL." + ui.fatal " See the knife-acl README for more information." + exit 1 + end + validate_perm_type!(perms) + validate_member_name!(member_name) + validate_object_type!(object_type) + validate_member_exists!(member_type, member_name) + + if %w{containers groups}.include?(object_type) + ui.fatal "bulk modifying the ACL of #{object_type} is not permitted" + exit 1 + end + + objects_to_modify = [] + all_objects = rest.get_rest(object_type) + objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher } + + if objects_to_modify.empty? + ui.info "No #{object_type} match the expression /#{regex}/" + exit 0 + end + + ui.msg("The ACL of the following #{object_type} will be modified:") + ui.msg("") + ui.msg(ui.list(objects_to_modify.sort, :columns_down)) + ui.msg("") + ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?") + + objects_to_modify.each do |object_name| + add_to_acl!(member_type, member_name, object_type, object_name, perms) + end + end + end + end +end diff --git a/lib/chef/knife/acl_bulk_remove.rb b/lib/chef/knife/acl_bulk_remove.rb new file mode 100644 index 0000000000..a87f6464ed --- /dev/null +++ b/lib/chef/knife/acl_bulk_remove.rb @@ -0,0 +1,83 @@ +# +# Author:: Jeremiah Snapp (jeremiah@chef.io) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class AclBulkRemove < Chef::Knife + category "acl" + banner "knife acl bulk remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + member_type, member_name, object_type, regex, perms = name_args + object_name_matcher = /#{regex}/ + + if name_args.length != 5 + show_usage + ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms" + exit 1 + end + + if member_name == "pivotal" && %w{client user}.include?(member_type) + ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL." + exit 1 + end + if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant") + ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE." + ui.fatal " Removal could prevent future attempts to modify permissions." + exit 1 + end + validate_perm_type!(perms) + validate_member_type!(member_type) + validate_member_name!(member_name) + validate_object_type!(object_type) + validate_member_exists!(member_type, member_name) + + if %w{containers groups}.include?(object_type) + ui.fatal "bulk modifying the ACL of #{object_type} is not permitted" + exit 1 + end + + objects_to_modify = [] + all_objects = rest.get_rest(object_type) + objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher } + + if objects_to_modify.empty? + ui.info "No #{object_type} match the expression /#{regex}/" + exit 0 + end + + ui.msg("The ACL of the following #{object_type} will be modified:") + ui.msg("") + ui.msg(ui.list(objects_to_modify.sort, :columns_down)) + ui.msg("") + ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?") + + objects_to_modify.each do |object_name| + remove_from_acl!(member_type, member_name, object_type, object_name, perms) + end + end + end + end +end diff --git a/lib/chef/knife/acl_remove.rb b/lib/chef/knife/acl_remove.rb new file mode 100644 index 0000000000..0f5dceeaff --- /dev/null +++ b/lib/chef/knife/acl_remove.rb @@ -0,0 +1,62 @@ +# +# Author:: Steven Danna (steve@chef.io) +# Author:: Jeremiah Snapp (jeremiah@chef.io) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class AclRemove < Chef::Knife + category "acl" + banner "knife acl remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + member_type, member_name, object_type, object_name, perms = name_args + + if name_args.length != 5 + show_usage + ui.fatal "You must specify the member type [client|group|user], member name, object type, object name and perms" + exit 1 + end + + if member_name == "pivotal" && %w{client user}.include?(member_type) + ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL." + exit 1 + end + if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant") + ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE." + ui.fatal " Removal could prevent future attempts to modify permissions." + exit 1 + end + validate_perm_type!(perms) + validate_member_type!(member_type) + validate_member_name!(member_name) + validate_object_name!(object_name) + validate_object_type!(object_type) + validate_member_exists!(member_type, member_name) + + remove_from_acl!(member_type, member_name, object_type, object_name, perms) + end + end + end +end diff --git a/lib/chef/knife/acl_show.rb b/lib/chef/knife/acl_show.rb new file mode 100644 index 0000000000..1955b54969 --- /dev/null +++ b/lib/chef/knife/acl_show.rb @@ -0,0 +1,56 @@ +# +# Author:: Steven Danna (steve@chef.io) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class AclShow < Chef::Knife + category "acl" + banner "knife acl show OBJECT_TYPE OBJECT_NAME" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + object_type, object_name = name_args + + if name_args.length != 2 + show_usage + ui.fatal "You must specify an object type and object name" + exit 1 + end + + validate_object_type!(object_type) + validate_object_name!(object_name) + acl = get_acl(object_type, object_name) + PERM_TYPES.each do |perm| + # Filter out the actors field if we have + # users and clients. Note that if one is present, + # both will be - but we're checking both for completeness. + if acl[perm].key?("users") && acl[perm].key?("clients") + acl[perm].delete "actors" + end + end + ui.output acl + end + end + end +end diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index d4e98e3dec..3279f7970a 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -296,6 +296,11 @@ class Chef description: "URL to a custom installation script.", proc: Proc.new { |u| Chef::Config[:knife][:bootstrap_url] = u } + option :bootstrap_product, + long: "--bootstrap-product PRODUCT", + description: "Product to install.", + default: "chef" + option :msi_url, # Windows target only short: "-m URL", long: "--msi-url URL", diff --git a/lib/chef/knife/bootstrap/templates/README.md b/lib/chef/knife/bootstrap/templates/README.md index b5bca25d8e..7f28f8f40f 100644 --- a/lib/chef/knife/bootstrap/templates/README.md +++ b/lib/chef/knife/bootstrap/templates/README.md @@ -5,7 +5,7 @@ standardized on the [Omnibus](https://github.com/chef/omnibus) built installatio packages. The 'chef-full' template downloads a script which is used to determine the correct -Omnibus package for this system from the [Omnitruck](https://docs.chef.io/api_omnitruck.html) API. +Omnibus package for this system from the [Omnitruck](https://docs.chef.io/api_omnitruck/) API. You can still utilize custom bootstrap templates on your system if your installation -needs are unique. Additional information can be found on the [docs site](https://docs.chef.io/knife_bootstrap.html#custom-templates). +needs are unique. Additional information can be found on the [docs site](https://docs.chef.io/knife_bootstrap/#custom-templates). diff --git a/lib/chef/knife/bootstrap/templates/chef-full.erb b/lib/chef/knife/bootstrap/templates/chef-full.erb index b0476c8d57..263203ca76 100644 --- a/lib/chef/knife/bootstrap/templates/chef-full.erb +++ b/lib/chef/knife/bootstrap/templates/chef-full.erb @@ -177,7 +177,7 @@ do_download() { else echo "-----> Installing Chef Omnibus (<%= @config[:channel] %>/<%= version_to_install %>)" do_download ${install_sh} $tmp_dir/install.sh - sh $tmp_dir/install.sh -P chef -c <%= @config[:channel] %> -v <%= version_to_install %> + sh $tmp_dir/install.sh -P <%= @config[:bootstrap_product] %> -c <%= @config[:channel] %> -v <%= version_to_install %> fi <% end %> @@ -185,55 +185,55 @@ if test "x$tmp_dir" != "x"; then rm -r "$tmp_dir" fi -mkdir -p <%= Chef::Dist::CONF_DIR %> +mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %> <% if client_pem -%> -(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/client.pem <<'EOP' +(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/client.pem <<'EOP' <%= ::File.read(::File.expand_path(client_pem)) %> EOP )) || exit 1 <% end -%> <% if validation_key -%> -(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/validation.pem <<'EOP' +(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/validation.pem <<'EOP' <%= validation_key %> EOP )) || exit 1 <% end -%> <% if encrypted_data_bag_secret -%> -(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret <<'EOP' +(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/encrypted_data_bag_secret <<'EOP' <%= encrypted_data_bag_secret %> EOP )) || exit 1 <% end -%> <% unless trusted_certs.empty? -%> -mkdir -p <%= Chef::Dist::CONF_DIR %>/trusted_certs +mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>/trusted_certs <%= trusted_certs %> <% end -%> <%# Generate Ohai Hints -%> <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> -mkdir -p <%= Chef::Dist::CONF_DIR %>/ohai/hints +mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>/ohai/hints <% @chef_config[:knife][:hints].each do |name, hash| -%> -cat > <%= Chef::Dist::CONF_DIR %>/ohai/hints/<%= name %>.json <<'EOP' +cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/ohai/hints/<%= name %>.json <<'EOP' <%= Chef::JSONCompat.to_json(hash) %> EOP <% end -%> <% end -%> -cat > <%= Chef::Dist::CONF_DIR %>/client.rb <<'EOP' +cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/client.rb <<'EOP' <%= config_content %> EOP -cat > <%= Chef::Dist::CONF_DIR %>/first-boot.json <<'EOP' +cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/first-boot.json <<'EOP' <%= Chef::JSONCompat.to_json(first_boot) %> EOP <% unless client_d.empty? -%> -mkdir -p <%= Chef::Dist::CONF_DIR %>/client.d +mkdir -p /etc/chef/client.d <%= client_d %> <% end -%> diff --git a/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb b/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb index 1ac0b23755..3fe397ed9e 100644 --- a/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +++ b/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb @@ -120,11 +120,11 @@ If !ERRORLEVEL!==0 ( ) :install -@rem If user has provided the custom installation command for <%= Chef::Dist::CLIENT %> then execute it +@rem If user has provided the custom installation command, execute it <% if @chef_config[:knife][:bootstrap_install_command] %> <%= @chef_config[:knife][:bootstrap_install_command] %> <% else %> - @rem Install Chef using <%= Chef::Dist::CLIENT %> MSI installer + @rem Install Chef using the MSI installer @set "LOCAL_DESTINATION_MSI_PATH=<%= local_download_path %>" @set "CHEF_CLIENT_MSI_LOG_PATH=%TEMP%\<%= Chef::Dist::CLIENT %>-msi%RANDOM%.log" diff --git a/lib/chef/knife/client_key_create.rb b/lib/chef/knife/client_key_create.rb index 564bbf1caa..9d71e2d344 100644 --- a/lib/chef/knife/client_key_create.rb +++ b/lib/chef/knife/client_key_create.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_create" require_relative "key_create_base" class Chef @@ -33,6 +32,10 @@ class Chef banner "knife client key create CLIENT (options)" + deps do + require_relative "key_create" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/client_key_delete.rb b/lib/chef/knife/client_key_delete.rb index 63351e2a6b..9518af37af 100644 --- a/lib/chef/knife/client_key_delete.rb +++ b/lib/chef/knife/client_key_delete.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_delete" class Chef class Knife @@ -30,6 +29,10 @@ class Chef class ClientKeyDelete < Knife banner "knife client key delete CLIENT KEYNAME (options)" + deps do + require_relative "key_delete" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/client_key_edit.rb b/lib/chef/knife/client_key_edit.rb index db7784a423..d0f22be780 100644 --- a/lib/chef/knife/client_key_edit.rb +++ b/lib/chef/knife/client_key_edit.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_edit" require_relative "key_edit_base" class Chef @@ -33,6 +32,10 @@ class Chef banner "knife client key edit CLIENT KEYNAME (options)" + deps do + require_relative "key_edit" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/client_key_list.rb b/lib/chef/knife/client_key_list.rb index 0eae1c9505..0150e9d67d 100644 --- a/lib/chef/knife/client_key_list.rb +++ b/lib/chef/knife/client_key_list.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_list" require_relative "key_list_base" class Chef @@ -33,6 +32,10 @@ class Chef banner "knife client key list CLIENT (options)" + deps do + require_relative "key_list" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/client_key_show.rb b/lib/chef/knife/client_key_show.rb index 3ef0028413..6bc614f2f4 100644 --- a/lib/chef/knife/client_key_show.rb +++ b/lib/chef/knife/client_key_show.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_show" class Chef class Knife @@ -30,6 +29,10 @@ class Chef class ClientKeyShow < Knife banner "knife client key show CLIENT KEYNAME (options)" + deps do + require_relative "key_show" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/config_list_profiles.rb b/lib/chef/knife/config_list_profiles.rb index fb40b30b0a..b69ebf4e69 100644 --- a/lib/chef/knife/config_list_profiles.rb +++ b/lib/chef/knife/config_list_profiles.rb @@ -16,13 +16,16 @@ # require_relative "../knife" -require_relative "../workstation_config_loader" class Chef class Knife class ConfigListProfiles < Knife banner "knife config list-profiles (options)" + deps do + require_relative "../workstation_config_loader" + end + option :ignore_knife_rb, short: "-i", long: "--ignore-knife-rb", diff --git a/lib/chef/knife/config_use_profile.rb b/lib/chef/knife/config_use_profile.rb index 89d75b3369..134ae5e8b6 100644 --- a/lib/chef/knife/config_use_profile.rb +++ b/lib/chef/knife/config_use_profile.rb @@ -15,8 +15,6 @@ # limitations under the License. # -require "fileutils" unless defined?(FileUtils) - require_relative "../knife" class Chef @@ -24,6 +22,10 @@ class Chef class ConfigUseProfile < Knife banner "knife config use-profile PROFILE" + deps do + require "fileutils" unless defined?(FileUtils) + end + # Disable normal config loading since this shouldn't fail if the profile # doesn't exist of the config is otherwise corrupted. def configure_chef diff --git a/lib/chef/knife/configure.rb b/lib/chef/knife/configure.rb index 888b4290dd..1efbea3d67 100644 --- a/lib/chef/knife/configure.rb +++ b/lib/chef/knife/configure.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "../util/path_helper" require_relative "../dist" class Chef @@ -27,6 +26,7 @@ class Chef attr_reader :chef_repo, :new_client_key, :validation_client_name, :validation_key deps do + require_relative "../util/path_helper" require "ohai" unless defined?(Ohai::System) Chef::Knife::ClientCreate.load_deps Chef::Knife::UserCreate.load_deps diff --git a/lib/chef/knife/cookbook_site_share.rb b/lib/chef/knife/cookbook_site_share.rb deleted file mode 100644 index 9569d9ab53..0000000000 --- a/lib/chef/knife/cookbook_site_share.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Author:: Nuo Yan (<nuo@chef.io>) -# Author:: Tim Hinderliter (<tim@chef.io>) -# Copyright:: Copyright 2010-2019, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../knife" -require_relative "supermarket_share" -require_relative "../dist" - -class Chef - class Knife - class CookbookSiteShare < Knife::SupermarketShare - - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site share COOKBOOK [CATEGORY] (options)" - category "deprecated" - - def run - Chef::Log.warn("knife cookbook site share has been deprecated in favor of knife supermarket share. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super - end - - end - end -end diff --git a/lib/chef/knife/cookbook_site_unshare.rb b/lib/chef/knife/cookbook_site_unshare.rb deleted file mode 100644 index 53d32aa85b..0000000000 --- a/lib/chef/knife/cookbook_site_unshare.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Author:: Stephen Delano (<stephen@chef.io>) -# Author:: Tim Hinderliter (<tim@chef.io>) -# Copyright:: Copyright 2010-2019, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../knife" -require_relative "supermarket_unshare" -require_relative "../dist" - -class Chef - class Knife - class CookbookSiteUnshare < Knife::SupermarketUnshare - - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site unshare COOKBOOK (options)" - category "deprecated" - - def run - Chef::Log.warn("knife cookbook site unshare has been deprecated in favor of knife supermarket unshare. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super - end - - end - end -end diff --git a/lib/chef/knife/cookbook_upload.rb b/lib/chef/knife/cookbook_upload.rb index d73fa9ae68..aa226a1fc1 100644 --- a/lib/chef/knife/cookbook_upload.rb +++ b/lib/chef/knife/cookbook_upload.rb @@ -19,16 +19,16 @@ # require_relative "../knife" -require_relative "../cookbook_uploader" class Chef class Knife class CookbookUpload < Knife - CHECKSUM = "checksum".freeze MATCH_CHECKSUM = /[0-9a-f]{32,}/.freeze deps do + require_relative "../mixin/file_class" + include Chef::Mixin::FileClass require_relative "../exceptions" require_relative "../cookbook_loader" require_relative "../cookbook_uploader" @@ -93,57 +93,84 @@ class Chef # to check for the existence of a cookbook's dependencies. @server_side_cookbooks = Chef::CookbookVersion.list_all_versions justify_width = @server_side_cookbooks.map(&:size).max.to_i + 2 - if config[:all] - cookbook_repo.load_cookbooks - cookbooks_for_upload = [] - cookbook_repo.each do |cookbook_name, cookbook| - cookbooks_for_upload << cookbook - cookbook.freeze_version if config[:freeze] - version_constraints_to_update[cookbook_name] = cookbook.version - end - if cookbooks_for_upload.any? - begin - upload(cookbooks_for_upload, justify_width) - rescue Exceptions::CookbookFrozen - ui.warn("Not updating version constraints for some cookbooks in the environment as the cookbook is frozen.") - end - ui.info("Uploaded all cookbooks.") - else - cookbook_path = config[:cookbook_path].respond_to?(:join) ? config[:cookbook_path].join(", ") : config[:cookbook_path] - ui.warn("Could not find any cookbooks in your cookbook path: #{cookbook_path}. Use --cookbook-path to specify the desired path.") + + cookbooks = [] + cookbooks_to_upload.each do |cookbook_name, cookbook| + raise Chef::Exceptions::MetadataNotFound.new(cookbook.root_paths[0], cookbook_name) unless cookbook.has_metadata_file? + + if cookbook.metadata.name.nil? + message = "Cookbook loaded at path [#{cookbook.root_paths[0]}] has invalid metadata: #{cookbook.metadata.errors.join("; ")}" + raise Chef::Exceptions::MetadataNotValid, message end + + cookbooks << cookbook + end + + if cookbooks.empty? + cookbook_path = config[:cookbook_path].respond_to?(:join) ? config[:cookbook_path].join(", ") : config[:cookbook_path] + ui.warn("Could not find any cookbooks in your cookbook path: '#{File.expand_path(cookbook_path)}'. Use --cookbook-path to specify the desired path.") else - cookbooks_to_upload.each do |cookbook_name, cookbook| - cookbook.freeze_version if config[:freeze] - begin - upload([cookbook], justify_width) - upload_ok += 1 + begin + tmp_cl = Chef::CookbookLoader.copy_to_tmp_dir_from_array(cookbooks) + tmp_cl.load_cookbooks + tmp_cl.compile_metadata + tmp_cl.freeze_versions if config[:freeze] + + cookbooks_for_upload = [] + tmp_cl.each do |cookbook_name, cookbook| + cookbooks_for_upload << cookbook version_constraints_to_update[cookbook_name] = cookbook.version - rescue Exceptions::CookbookNotFoundInRepo => e - upload_failures += 1 - ui.error("Could not find cookbook #{cookbook_name} in your cookbook path, skipping it") - Log.debug(e) - upload_failures += 1 - rescue Exceptions::CookbookFrozen - ui.warn("Not updating version constraints for #{cookbook_name} in the environment as the cookbook is frozen.") - upload_failures += 1 end - end + if config[:all] + if cookbooks_for_upload.any? + begin + upload(cookbooks_for_upload, justify_width) + rescue Chef::Exceptions::CookbookFrozen + ui.warn("Not updating version constraints for some cookbooks in the environment as the cookbook is frozen.") + ui.error("Uploading of some of the cookbooks must be failed. Remove cookbook whose version is frozen from your cookbooks repo OR use --force option.") + upload_failures += 1 + rescue SystemExit => e + tmp_cl.unlink! + raise exit e.status + end + ui.info("Uploaded all cookbooks.") if upload_failures == 0 + end + else + tmp_cl.each do |cookbook_name, cookbook| + begin + upload([cookbook], justify_width) + upload_ok += 1 + rescue Exceptions::CookbookNotFoundInRepo => e + upload_failures += 1 + ui.error("Could not find cookbook #{cookbook_name} in your cookbook path, skipping it") + Log.debug(e) + upload_failures += 1 + rescue Exceptions::CookbookFrozen + ui.warn("Not updating version constraints for #{cookbook_name} in the environment as the cookbook is frozen.") + upload_failures += 1 + rescue SystemExit => e + tmp_cl.unlink! + raise exit e.status + end + end - if upload_failures == 0 - ui.info "Uploaded #{upload_ok} cookbook#{upload_ok == 1 ? "" : "s"}." - elsif upload_failures > 0 && upload_ok > 0 - ui.warn "Uploaded #{upload_ok} cookbook#{upload_ok == 1 ? "" : "s"} ok but #{upload_failures} " + - "cookbook#{upload_failures == 1 ? "" : "s"} upload failed." - elsif upload_failures > 0 && upload_ok == 0 - ui.error "Failed to upload #{upload_failures} cookbook#{upload_failures == 1 ? "" : "s"}." - exit 1 + if upload_failures == 0 + ui.info "Uploaded #{upload_ok} cookbook#{upload_ok == 1 ? "" : "s"}." + elsif upload_failures > 0 && upload_ok > 0 + ui.warn "Uploaded #{upload_ok} cookbook#{upload_ok == 1 ? "" : "s"} ok but #{upload_failures} " + + "cookbook#{upload_failures == 1 ? "" : "s"} upload failed." + elsif upload_failures > 0 && upload_ok == 0 + ui.error "Failed to upload #{upload_failures} cookbook#{upload_failures == 1 ? "" : "s"}." + exit 1 + end + end + unless version_constraints_to_update.empty? + update_version_constraints(version_constraints_to_update) if config[:environment] + end + ensure + tmp_cl.unlink! end end - - unless version_constraints_to_update.empty? - update_version_constraints(version_constraints_to_update) if config[:environment] - end end def cookbooks_to_upload @@ -161,7 +188,7 @@ class Chef end end rescue Exceptions::CookbookNotFoundInRepo => e - ui.error("Could not find cookbook #{cookbook_name} in your cookbook path, skipping it") + ui.error(e.message) Log.debug(e) end end diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index 49f0069ba6..8f07149ebe 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -158,24 +158,32 @@ class Chef end if encrypted_data_bag_secret - client_rb << %Q{encrypted_data_bag_secret "#{Chef::Dist::CONF_DIR}/encrypted_data_bag_secret"\n} + client_rb << %Q{encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"\n} end unless trusted_certs.empty? - client_rb << %Q{trusted_certs_dir "#{Chef::Dist::CONF_DIR}/trusted_certs"\n} + client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end if Chef::Config[:fips] client_rb << "fips true\n" end + unless @chef_config[:file_cache_path].nil? + client_rb << "file_cache_path \"#{@chef_config[:file_cache_path]}\"\n" + end + + unless @chef_config[:file_backup_path].nil? + client_rb << "file_backup_path \"#{@chef_config[:file_backup_path]}\"\n" + end + client_rb end def start_chef # If the user doesn't have a client path configure, let bash use the PATH for what it was designed for client_path = @chef_config[:chef_client_path] || "#{Chef::Dist::CLIENT}" - s = "#{client_path} -j #{Chef::Dist::CONF_DIR}/first-boot.json" + s = "#{client_path} -j /etc/chef/first-boot.json" if @config[:verbosity] && @config[:verbosity] >= 3 s << " -l trace" elsif @config[:verbosity] && @config[:verbosity] >= 2 @@ -205,14 +213,13 @@ class Chef end def first_boot - (@config[:first_boot_attributes] || {}).tap do |attributes| + (@config[:first_boot_attributes] = Mash.new(@config[:first_boot_attributes]) || Mash.new).tap do |attributes| if @config[:policy_name] && @config[:policy_group] attributes[:policy_name] = @config[:policy_name] attributes[:policy_group] = @config[:policy_group] else attributes[:run_list] = @run_list end - attributes.delete(:run_list) if attributes[:policy_name] && !attributes[:policy_name].empty? attributes.merge!(tags: @config[:tags]) if @config[:tags] && !@config[:tags].empty? end @@ -226,7 +233,7 @@ class Chef content = "" if @chef_config[:trusted_certs_dir] Dir.glob(File.join(Chef::Util::PathHelper.escape_glob_dir(@chef_config[:trusted_certs_dir]), "*.{crt,pem}")).each do |cert| - content << "cat > #{Chef::Dist::CONF_DIR}/trusted_certs/#{File.basename(cert)} <<'EOP'\n" + + content << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" + IO.read(File.expand_path(cert)) + "\nEOP\n" end end @@ -240,7 +247,7 @@ class Chef root.find do |f| relative = f.relative_path_from(root) if f != root - file_on_node = "#{Chef::Dist::CONF_DIR}/client.d/#{relative}" + file_on_node = "/etc/chef/client.d/#{relative}" if f.directory? content << "mkdir #{file_on_node}\n" else diff --git a/lib/chef/knife/core/node_presenter.rb b/lib/chef/knife/core/node_presenter.rb index 258a4822fd..be01b39728 100644 --- a/lib/chef/knife/core/node_presenter.rb +++ b/lib/chef/knife/core/node_presenter.rb @@ -94,8 +94,8 @@ class Chef def summarize(data) if data.is_a?(Chef::Node) node = data - # special case ec2 with their split horizon whatsis. - ip = (node[:ec2] && node[:ec2][:public_ipv4]) || node[:ipaddress] + # special case clouds with their split horizon whatsis. + ip = (node[:cloud] && node[:cloud][:public_ipv4_addrs] && node[:cloud][:public_ipv4_addrs].first) || node[:ipaddress] summarized = <<~SUMMARY #{ui.color("Node Name:", :bold)} #{ui.color(node.name, :bold)} diff --git a/lib/chef/knife/core/status_presenter.rb b/lib/chef/knife/core/status_presenter.rb index 9042350295..32ea605e70 100644 --- a/lib/chef/knife/core/status_presenter.rb +++ b/lib/chef/knife/core/status_presenter.rb @@ -1,6 +1,6 @@ # # Author:: Nicolas DUPEUX (<nicolas.dupeux@arkea.com>) -# Copyright:: Copyright 2011-2016, Chef Software Inc. +# Copyright:: Copyright 2011-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -67,8 +67,8 @@ class Chef result["name"] = node["name"] || node.name result["chef_environment"] = node["chef_environment"] - ip = (node["ec2"] && node["ec2"]["public_ipv4"]) || node["ipaddress"] - fqdn = (node["ec2"] && node["ec2"]["public_hostname"]) || node["fqdn"] + ip = (node["cloud"] && node["cloud"]["public_ipv4_addrs"].first) || node["ipaddress"] + fqdn = (node["cloud"] && node["cloud"]["public_hostname"]) || node["fqdn"] result["ip"] = ip if ip result["fqdn"] = fqdn if fqdn result["run_list"] = node.run_list if config["run_list"] @@ -95,9 +95,9 @@ class Chef summarized = "" list.each do |data| node = data - # special case ec2 with their split horizon whatsis. - ip = (node[:ec2] && node[:ec2][:public_ipv4]) || node[:ipaddress] - fqdn = (node[:ec2] && node[:ec2][:public_hostname]) || node[:fqdn] + # special case clouds with their split horizon whatsis. + ip = (node[:cloud] && node[:cloud][:public_ipv4_addrs] && node[:cloud][:public_ipv4_addrs].first) || node[:ipaddress] + fqdn = (node[:cloud] && node[:cloud][:public_hostname]) || node[:fqdn] name = node["name"] || node.name if config[:run_list] diff --git a/lib/chef/knife/core/ui.rb b/lib/chef/knife/core/ui.rb index 41fb37c220..03b11a1b4d 100644 --- a/lib/chef/knife/core/ui.rb +++ b/lib/chef/knife/core/ui.rb @@ -61,6 +61,14 @@ class Chef end end + # pastel.decorate is a lightweight replacement for highline.color + def pastel + @pastel ||= begin + require "pastel" + Pastel.new + end + end + # Prints a message to stdout. Aliased as +info+ for compatibility with # the logger API. # @@ -134,7 +142,7 @@ class Chef def color(string, *colors) if color? - highline.color(string, *colors) + pastel.decorate(string, *colors) else string end @@ -208,7 +216,7 @@ class Chef tf.sync = true tf.puts output tf.close - raise "Please set EDITOR environment variable. See https://docs.chef.io/knife_setup.html for details." unless system("#{config[:editor]} #{tf.path}") + raise "Please set EDITOR environment variable. See https://docs.chef.io/knife_setup/ for details." unless system("#{config[:editor]} #{tf.path}") output = IO.read(tf.path) end diff --git a/lib/chef/knife/core/windows_bootstrap_context.rb b/lib/chef/knife/core/windows_bootstrap_context.rb index b06ddd9fcc..d3f55ce94c 100644 --- a/lib/chef/knife/core/windows_bootstrap_context.rb +++ b/lib/chef/knife/core/windows_bootstrap_context.rb @@ -59,9 +59,9 @@ class Chef client_rb = <<~CONFIG chef_server_url "#{@chef_config[:chef_server_url]}" validation_client_name "#{@chef_config[:validation_client_name]}" - file_cache_path "c:/chef/cache" - file_backup_path "c:/chef/backup" - cache_options ({:path => "c:/chef/cache/checksums", :skip_expires => true}) + file_cache_path "#{ChefConfig::Config.var_chef_dir(true)}/cache" + file_backup_path "#{ChefConfig::Config.var_chef_dir(true)}/backup" + cache_options ({:path => "#{ChefConfig::Config.etc_chef_dir(true)}/cache/checksums", :skip_expires => true}) CONFIG unless @chef_config[:chef_license].nil? @@ -124,11 +124,11 @@ class Chef end if @config[:secret] - client_rb << %Q{encrypted_data_bag_secret "c:/chef/encrypted_data_bag_secret"\n} + client_rb << %Q{encrypted_data_bag_secret "#{ChefConfig::Config.etc_chef_dir(true)}/encrypted_data_bag_secret"\n} end unless trusted_certs_script.empty? - client_rb << %Q{trusted_certs_dir "c:/chef/trusted_certs"\n} + client_rb << %Q{trusted_certs_dir "#{ChefConfig::Config.etc_chef_dir(true)}/trusted_certs"\n} end if Chef::Config[:fips] @@ -158,8 +158,8 @@ class Chef def start_chef bootstrap_environment_option = bootstrap_environment.nil? ? "" : " -E #{bootstrap_environment}" - start_chef = "SET \"PATH=%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem;%SYSTEMROOT%\\System32\\WindowsPowerShell\\v1.0\\;C:\\ruby\\bin;C:\\opscode\\chef\\bin;C:\\opscode\\chef\\embedded\\bin\"\n" - start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json#{bootstrap_environment_option}\n" + start_chef = "SET \"PATH=%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem;%SYSTEMROOT%\\System32\\WindowsPowerShell\\v1.0\\;C:\\ruby\\bin;#{ChefConfig::Config.c_opscode_dir}\\#{ChefConfig::Dist::DIR_SUFFIX}\\bin;#{ChefConfig::Config.c_opscode_dir}\\#{ChefConfig::Dist::DIR_SUFFIX}\\embedded\\bin\;%PATH%\"\n" + start_chef << "chef-client -c #{ChefConfig::Config.etc_chef_dir(true)}/client.rb -j #{ChefConfig::Config.etc_chef_dir(true)}/first-boot.json#{bootstrap_environment_option}\n" end def win_wget @@ -260,7 +260,7 @@ class Chef end def bootstrap_directory - "C:\\chef" + ChefConfig::Config.etc_chef_dir(true) end def local_download_path diff --git a/lib/chef/knife/data_bag_edit.rb b/lib/chef/knife/data_bag_edit.rb index eb70e06864..80e92b0040 100644 --- a/lib/chef/knife/data_bag_edit.rb +++ b/lib/chef/knife/data_bag_edit.rb @@ -37,13 +37,13 @@ class Chef item = Chef::DataBagItem.load(bag, item_name) if encrypted?(item.raw_data) if encryption_secret_provided_ignore_encrypt_flag? - return Chef::EncryptedDataBagItem.new(item, read_secret).to_hash, true + [Chef::EncryptedDataBagItem.new(item, read_secret).to_hash, true] else ui.fatal("You cannot edit an encrypted data bag without providing the secret.") exit(1) end else - return item.raw_data, false + [item.raw_data, false] end end diff --git a/lib/chef/knife/data_bag_from_file.rb b/lib/chef/knife/data_bag_from_file.rb index 78cf2df3a5..9a666a6fe1 100644 --- a/lib/chef/knife/data_bag_from_file.rb +++ b/lib/chef/knife/data_bag_from_file.rb @@ -18,7 +18,6 @@ # require_relative "../knife" -require_relative "../util/path_helper" require_relative "data_bag_secret_options" class Chef @@ -27,6 +26,7 @@ class Chef include DataBagSecretOptions deps do + require_relative "../util/path_helper" require_relative "../data_bag" require_relative "../data_bag_item" require_relative "core/object_loader" diff --git a/lib/chef/knife/data_bag_secret_options.rb b/lib/chef/knife/data_bag_secret_options.rb index d94aa4aa50..43f60494ba 100644 --- a/lib/chef/knife/data_bag_secret_options.rb +++ b/lib/chef/knife/data_bag_secret_options.rb @@ -35,7 +35,6 @@ class Chef def self.included(base) base.option :secret, - short: "-s SECRET", long: "--secret SECRET", description: "The secret key to use to encrypt data bag item values. Can also be defaulted in your config with the key 'secret'.", # Need to store value from command line in separate variable - knife#merge_configs populates same keys @@ -80,16 +79,9 @@ class Chef end def validate_secrets - if has_cl_secret? - if opt_parser.default_argv.include?("-s") - ui.warn("Secret short option -s is deprecated and will remove in the future. Please use --secret instead. -") - end - - if has_cl_secret_file? - ui.fatal("Please specify only one of --secret, --secret-file") - exit(1) - end + if has_cl_secret? && has_cl_secret_file? + ui.fatal("Please specify only one of --secret, --secret-file") + exit(1) end if knife_config[:secret] && knife_config[:secret_file] diff --git a/lib/chef/knife/edit.rb b/lib/chef/knife/edit.rb index e1e9ee1b0d..caca201566 100644 --- a/lib/chef/knife/edit.rb +++ b/lib/chef/knife/edit.rb @@ -74,7 +74,7 @@ class Chef # Let the user edit the temporary file unless system("#{config[:editor]} #{file.path}") - raise "Please set EDITOR environment variable. See https://docs.chef.io/knife_setup.html for details." + raise "Please set EDITOR environment variable. See https://docs.chef.io/knife_setup/ for details." end result_text = IO.read(file.path) diff --git a/lib/chef/knife/exec.rb b/lib/chef/knife/exec.rb index 6fb1d00c45..49b5f4c59e 100644 --- a/lib/chef/knife/exec.rb +++ b/lib/chef/knife/exec.rb @@ -17,13 +17,16 @@ # require_relative "../knife" -require_relative "../util/path_helper" require_relative "../dist" class Chef::Knife::Exec < Chef::Knife banner "knife exec [SCRIPT] (options)" + deps do + require_relative "../util/path_helper" + end + option :exec, short: "-E CODE", long: "--exec CODE", diff --git a/lib/chef/knife/group_add.rb b/lib/chef/knife/group_add.rb new file mode 100644 index 0000000000..3ed46060db --- /dev/null +++ b/lib/chef/knife/group_add.rb @@ -0,0 +1,55 @@ +# +# Author:: Seth Falcon (<seth@chef.io>) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class GroupAdd < Chef::Knife + category "group" + banner "knife group add MEMBER_TYPE MEMBER_NAME GROUP_NAME" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + member_type, member_name, group_name = name_args + + if name_args.length != 3 + show_usage + ui.fatal "You must specify member type [client|group|user], member name and group name" + exit 1 + end + + validate_member_name!(group_name) + validate_member_type!(member_type) + validate_member_name!(member_name) + + if group_name.downcase == "users" + ui.fatal "knife group can not manage members of Chef Infra Server's 'users' group, which contains all users." + exit 1 + end + + add_to_group!(member_type, member_name, group_name) + end + end + end +end diff --git a/lib/chef/knife/cookbook_site_download.rb b/lib/chef/knife/group_create.rb index cbe4a92604..e714192872 100644 --- a/lib/chef/knife/cookbook_site_download.rb +++ b/lib/chef/knife/group_create.rb @@ -1,6 +1,7 @@ # -# Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2009-2019, Chef Software, Inc. +# Author:: Seth Falcon (<seth@chef.io>) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,24 +18,32 @@ # require_relative "../knife" -require_relative "supermarket_download" -require_relative "../dist" class Chef class Knife - class CookbookSiteDownload < Knife::SupermarketDownload + class GroupCreate < Chef::Knife + category "group" + banner "knife group create GROUP_NAME" - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site download COOKBOOK [VERSION] (options)" - category "deprecated" + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end def run - Chef::Log.warn("knife cookbook site download has been deprecated in favor of knife supermarket download. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super - end + group_name = name_args[0] + if name_args.length != 1 + show_usage + ui.fatal "You must specify group name" + exit 1 + end + + validate_member_name!(group_name) + + ui.msg "Creating '#{group_name}' group" + rest.post_rest("groups", { groupname: group_name }) + end end end end diff --git a/lib/chef/knife/group_destroy.rb b/lib/chef/knife/group_destroy.rb new file mode 100644 index 0000000000..e890882af0 --- /dev/null +++ b/lib/chef/knife/group_destroy.rb @@ -0,0 +1,53 @@ +# +# Author:: Christopher Maier (<cm@chef.io>) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2015-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class GroupDestroy < Chef::Knife + category "group" + banner "knife group destroy GROUP_NAME" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + group_name = name_args[0] + + if name_args.length != 1 + show_usage + ui.fatal "You must specify group name" + exit 1 + end + + validate_member_name!(group_name) + + if %w{admins billing-admins clients users}.include?(group_name.downcase) + ui.fatal "The '#{group_name}' group is a special group that cannot not be destroyed" + exit 1 + end + ui.msg "Destroying '#{group_name}' group" + rest.delete_rest("groups/#{group_name}") + end + end + end +end diff --git a/lib/chef/knife/cookbook_site_list.rb b/lib/chef/knife/group_list.rb index 10b3c6b589..7e6e18f12d 100644 --- a/lib/chef/knife/cookbook_site_list.rb +++ b/lib/chef/knife/group_list.rb @@ -1,6 +1,7 @@ # -# Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2009-2019, Chef Software Inc. +# Author:: Seth Falcon (<seth@chef.io>) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,24 +18,26 @@ # require_relative "../knife" -require_relative "supermarket_list" -require_relative "../dist" class Chef class Knife - class CookbookSiteList < Knife::SupermarketList + class GroupList < Chef::Knife + category "group" + banner "knife group list" - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site list (options)" - category "deprecated" + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end def run - Chef::Log.warn("knife cookbook site list has been deprecated in favor of knife supermarket list. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super + groups = rest.get_rest("groups").keys.sort + ui.output(remove_usags(groups)) end + def remove_usags(groups) + groups.select { |gname| !is_usag?(gname) } + end end end end diff --git a/lib/chef/knife/group_remove.rb b/lib/chef/knife/group_remove.rb new file mode 100644 index 0000000000..5707c82f8b --- /dev/null +++ b/lib/chef/knife/group_remove.rb @@ -0,0 +1,56 @@ +# +# Author:: Seth Falcon (<seth@chef.io>) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class GroupRemove < Chef::Knife + category "group" + banner "knife group remove MEMBER_TYPE MEMBER_NAME GROUP_NAME" + + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end + + def run + member_type, member_name, group_name = name_args + + if name_args.length != 3 + show_usage + ui.fatal "You must specify member type [client|group|user], member name and group name" + exit 1 + end + + validate_member_name!(group_name) + validate_member_type!(member_type) + validate_member_name!(member_name) + + if group_name.downcase == "users" + ui.fatal "knife-acl can not manage members of the Users group" + ui.fatal "please read knife-acl's README.md for more information" + exit 1 + end + + remove_from_group!(member_type, member_name, group_name) + end + end + end +end diff --git a/lib/chef/knife/cookbook_site_install.rb b/lib/chef/knife/group_show.rb index 785eb91e38..3fd1708bfa 100644 --- a/lib/chef/knife/cookbook_site_install.rb +++ b/lib/chef/knife/group_show.rb @@ -1,6 +1,7 @@ # -# Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2010-2019, Chef Software Inc. +# Author:: Seth Falcon (<seth@chef.io>) +# Author:: Jeremiah Snapp (<jeremiah@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,24 +18,32 @@ # require_relative "../knife" -require_relative "supermarket_install" -require_relative "../dist" class Chef class Knife - class CookbookSiteInstall < Knife::SupermarketInstall + class GroupShow < Chef::Knife + category "group" + banner "knife group show GROUP_NAME" - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site install COOKBOOK [VERSION] (options)" - category "deprecated" + deps do + require_relative "acl_base" + include Chef::Knife::AclBase + end def run - Chef::Log.warn("knife cookbook site install has been deprecated in favor of knife supermarket install. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super - end + group_name = name_args[0] + if name_args.length != 1 + show_usage + ui.fatal "You must specify group name" + exit 1 + end + + validate_member_name!(group_name) + + group = rest.get_rest("groups/#{group_name}") + ui.output group + end end end end diff --git a/lib/chef/knife/raw.rb b/lib/chef/knife/raw.rb index 5f81c13175..5adb36ea70 100644 --- a/lib/chef/knife/raw.rb +++ b/lib/chef/knife/raw.rb @@ -15,7 +15,6 @@ # require_relative "../knife" -require_relative "../http" class Chef class Knife diff --git a/lib/chef/knife/rehash.rb b/lib/chef/knife/rehash.rb index f4294e8e3b..ed70aa9f24 100644 --- a/lib/chef/knife/rehash.rb +++ b/lib/chef/knife/rehash.rb @@ -17,13 +17,16 @@ # require_relative "../knife" -require_relative "core/subcommand_loader" class Chef class Knife class Rehash < Chef::Knife banner "knife rehash" + deps do + require_relative "core/subcommand_loader" + end + def run if ! Chef::Knife::SubcommandLoader.autogenerated_manifest? ui.msg "Using knife-rehash will speed up knife's load time by caching the location of subcommands on disk." diff --git a/lib/chef/knife/search.rb b/lib/chef/knife/search.rb index a089ee8f1b..5b5d26cb5f 100644 --- a/lib/chef/knife/search.rb +++ b/lib/chef/knife/search.rb @@ -18,7 +18,6 @@ require_relative "../knife" require_relative "core/node_presenter" -require "addressable/uri" unless defined?(Addressable::URI) class Chef class Knife @@ -27,6 +26,7 @@ class Chef include Knife::Core::MultiAttributeReturnOption deps do + require "addressable/uri" unless defined?(Addressable::URI) require_relative "../node" require_relative "../environment" require_relative "../api_client" diff --git a/lib/chef/knife/ssh.rb b/lib/chef/knife/ssh.rb index c270de6514..ae7b44d934 100644 --- a/lib/chef/knife/ssh.rb +++ b/lib/chef/knife/ssh.rb @@ -16,7 +16,6 @@ # limitations under the License. # -require_relative "../mixin/shell_out" require_relative "../knife" class Chef @@ -24,15 +23,16 @@ class Chef class Ssh < Knife deps do + require_relative "../mixin/shell_out" require "net/ssh" unless defined?(Net::SSH) require "net/ssh/multi" require "readline" require_relative "../exceptions" require_relative "../search/query" require_relative "../util/path_helper" - end - include Chef::Mixin::ShellOut + include Chef::Mixin::ShellOut + end attr_writer :password diff --git a/lib/chef/knife/ssl_check.rb b/lib/chef/knife/ssl_check.rb index f6e68ebe45..c4c26b9ef4 100644 --- a/lib/chef/knife/ssl_check.rb +++ b/lib/chef/knife/ssl_check.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "../config" require_relative "../dist" class Chef @@ -25,6 +24,7 @@ class Chef class SslCheck < Chef::Knife deps do + require_relative "../config" require "pp" unless defined?(PP) require "socket" unless defined?(Socket) require "uri" unless defined?(URI) diff --git a/lib/chef/knife/ssl_fetch.rb b/lib/chef/knife/ssl_fetch.rb index 3f6a466881..8c00aab7f7 100644 --- a/lib/chef/knife/ssl_fetch.rb +++ b/lib/chef/knife/ssl_fetch.rb @@ -17,13 +17,13 @@ # require_relative "../knife" -require_relative "../config" class Chef class Knife class SslFetch < Chef::Knife deps do + require_relative "../config" require "pp" unless defined?(PP) require "socket" unless defined?(Socket) require "uri" unless defined?(URI) diff --git a/lib/chef/knife/status.rb b/lib/chef/knife/status.rb index 074488e003..f157c60b41 100644 --- a/lib/chef/knife/status.rb +++ b/lib/chef/knife/status.rb @@ -1,6 +1,6 @@ # # Author:: Ian Meyer (<ianmmeyer@gmail.com>) -# Copyright:: Copyright 2010-2016, Ian Meyer +# Copyright:: Copyright 2010-2020, Ian Meyer # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -59,7 +59,7 @@ class Chef else opts = { filter_result: { name: ["name"], ipaddress: ["ipaddress"], ohai_time: ["ohai_time"], - ec2: ["ec2"], run_list: ["run_list"], platform: ["platform"], + cloud: ["cloud"], run_list: ["run_list"], platform: ["platform"], platform_version: ["platform_version"], chef_environment: ["chef_environment"] } } end diff --git a/lib/chef/knife/supermarket_install.rb b/lib/chef/knife/supermarket_install.rb index b0b8fbe1aa..5330db655b 100644 --- a/lib/chef/knife/supermarket_install.rb +++ b/lib/chef/knife/supermarket_install.rb @@ -17,13 +17,13 @@ # require_relative "../knife" -require_relative "../exceptions" class Chef class Knife class SupermarketInstall < Knife deps do + require_relative "../exceptions" require "shellwords" unless defined?(Shellwords) require "mixlib/archive" unless defined?(Mixlib::Archive) require_relative "core/cookbook_scm_repo" @@ -137,7 +137,7 @@ class Chef end def download_cookbook_to(download_path) - downloader = Chef::Knife::CookbookSiteDownload.new + downloader = Chef::Knife::SupermarketDownload.new downloader.config[:file] = download_path downloader.config[:supermarket_site] = config[:supermarket_site] downloader.name_args = name_args diff --git a/lib/chef/knife/cookbook_site_show.rb b/lib/chef/knife/user_dissociate.rb index 3fa390508f..640b9543d1 100644 --- a/lib/chef/knife/cookbook_site_show.rb +++ b/lib/chef/knife/user_dissociate.rb @@ -1,6 +1,6 @@ # -# Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2009-2019, Chef Software Inc. +# Author:: Steven Danna (<steve@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,24 +17,26 @@ # require_relative "../knife" -require_relative "supermarket_show" -require_relative "../dist" class Chef class Knife - class CookbookSiteShow < Knife::SupermarketShow - - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site show COOKBOOK [VERSION] (options)" - category "deprecated" + class UserDissociate < Chef::Knife + category "user" + banner "knife user dissociate USERNAMES" def run - Chef::Log.warn("knife cookbook site show has been deprecated in favor of knife supermarket show. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super + if name_args.length < 1 + show_usage + ui.fatal("You must specify a username.") + exit 1 + end + users = name_args + ui.confirm("Are you sure you want to dissociate the following users: #{users.join(", ")}") + users.each do |u| + api_endpoint = "users/#{u}" + rest.delete_rest(api_endpoint) + end end - end end end diff --git a/lib/chef/knife/cookbook_site_search.rb b/lib/chef/knife/user_invite_add.rb index 6557528c8a..8907b363c0 100644 --- a/lib/chef/knife/cookbook_site_search.rb +++ b/lib/chef/knife/user_invite_add.rb @@ -1,6 +1,6 @@ # -# Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2009-2019, Chef Software Inc. +# Author:: Steven Danna (<steve@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,24 +17,27 @@ # require_relative "../knife" -require_relative "supermarket_search" -require_relative "../dist" class Chef class Knife - class CookbookSiteSearch < Knife::SupermarketSearch - - # Handle the subclassing (knife doesn't do this :() - dependency_loaders.concat(superclass.dependency_loaders) - - banner "knife cookbook site search QUERY (options)" - category "deprecated" + class UserInviteAdd < Chef::Knife + category "user" + banner "knife user invite add USERNAMES" def run - Chef::Log.warn("knife cookbook site search has been deprecated in favor of knife supermarket search. In #{Chef::Dist::PRODUCT} 16 (April 2020) this will result in an error!") - super - end + if name_args.length < 1 + show_usage + ui.fatal("You must specify a username.") + exit 1 + end + users = name_args + api_endpoint = "association_requests/" + users.each do |u| + body = { user: u } + rest.post_rest(api_endpoint, body) + end + end end end end diff --git a/lib/chef/knife/user_invite_list.rb b/lib/chef/knife/user_invite_list.rb new file mode 100644 index 0000000000..22ca4212f1 --- /dev/null +++ b/lib/chef/knife/user_invite_list.rb @@ -0,0 +1,34 @@ +# +# Author:: Steven Danna (<steve@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class UserInviteList < Chef::Knife + category "user" + banner "knife user invite list" + + def run + api_endpoint = "association_requests/" + invited_users = rest.get_rest(api_endpoint).map { |i| i["username"] } + ui.output(invited_users) + end + end + end +end diff --git a/lib/chef/knife/user_invite_recind.rb b/lib/chef/knife/user_invite_recind.rb new file mode 100644 index 0000000000..288913650d --- /dev/null +++ b/lib/chef/knife/user_invite_recind.rb @@ -0,0 +1,63 @@ +# +# Author:: Steven Danna (<steve@chef.io>) +# Copyright:: Copyright 2011-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../knife" + +class Chef + class Knife + class UserInviteRecind < Chef::Knife + category "user" + banner "knife user invite recind [USERNAMES] (options)" + + option :all, + short: "-a", + long: "--all", + description: "Recind all invites!" + + def run + if (name_args.length < 1) && ! config.key?(:all) + show_usage + ui.fatal("You must specify a username.") + exit 1 + end + + # To recind we need to send a DELETE to association_requests/INVITE_ID + # For user friendliness we look up the invite ID based on username. + @invites = {} + usernames = name_args + rest.get_rest("association_requests").each { |i| @invites[i["username"]] = i["id"] } + if config[:all] + ui.confirm("Are you sure you want to recind all association requests") + @invites.each do |u, i| + rest.delete_rest("association_requests/#{i}") + end + else + ui.confirm("Are you sure you want to recind the association requests for: #{usernames.join(", ")}") + usernames.each do |u| + if @invites.key?(u) + rest.delete_rest("association_requests/#{@invites[u]}") + else + ui.fatal("No association request for #{u}.") + exit 1 + end + end + end + end + end + end +end diff --git a/lib/chef/knife/user_key_create.rb b/lib/chef/knife/user_key_create.rb index feacc46d48..cfcd8255ed 100644 --- a/lib/chef/knife/user_key_create.rb +++ b/lib/chef/knife/user_key_create.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_create" require_relative "key_create_base" class Chef @@ -33,6 +32,10 @@ class Chef banner "knife user key create USER (options)" + deps do + require_relative "key_create" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/user_key_delete.rb b/lib/chef/knife/user_key_delete.rb index 4de225cbd5..5cd31a953b 100644 --- a/lib/chef/knife/user_key_delete.rb +++ b/lib/chef/knife/user_key_delete.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_delete" class Chef class Knife @@ -30,6 +29,10 @@ class Chef class UserKeyDelete < Knife banner "knife user key delete USER KEYNAME (options)" + deps do + require_relative "key_delete" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/user_key_edit.rb b/lib/chef/knife/user_key_edit.rb index 27f45f5f80..253d378b2d 100644 --- a/lib/chef/knife/user_key_edit.rb +++ b/lib/chef/knife/user_key_edit.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_edit" require_relative "key_edit_base" class Chef @@ -33,6 +32,10 @@ class Chef banner "knife user key edit USER KEYNAME (options)" + deps do + require_relative "key_edit" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/user_key_list.rb b/lib/chef/knife/user_key_list.rb index de03182a09..2051a4440f 100644 --- a/lib/chef/knife/user_key_list.rb +++ b/lib/chef/knife/user_key_list.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_list" require_relative "key_list_base" class Chef @@ -33,6 +32,10 @@ class Chef banner "knife user key list USER (options)" + deps do + require_relative "key_list" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/knife/user_key_show.rb b/lib/chef/knife/user_key_show.rb index 3f09d8b047..8a47950f0c 100644 --- a/lib/chef/knife/user_key_show.rb +++ b/lib/chef/knife/user_key_show.rb @@ -17,7 +17,6 @@ # require_relative "../knife" -require_relative "key_show" class Chef class Knife @@ -30,6 +29,10 @@ class Chef class UserKeyShow < Knife banner "knife user key show USER KEYNAME (options)" + deps do + require_relative "key_show" + end + attr_reader :actor def initialize(argv = []) diff --git a/lib/chef/log/winevt.rb b/lib/chef/log/winevt.rb index dcc13a77e4..be72f94dba 100644 --- a/lib/chef/log/winevt.rb +++ b/lib/chef/log/winevt.rb @@ -37,7 +37,7 @@ class Chef FATAL_EVENT_ID = 10104 # Since we must install the event logger, this is not really configurable - SOURCE = Chef::Dist::PRODUCT.freeze + SOURCE = Chef::Dist::SHORT.freeze include Chef::Mixin::Unformatter diff --git a/lib/chef/mixin/api_version_request_handling.rb b/lib/chef/mixin/api_version_request_handling.rb index c2f7a3203f..776190f3a4 100644 --- a/lib/chef/mixin/api_version_request_handling.rb +++ b/lib/chef/mixin/api_version_request_handling.rb @@ -55,7 +55,7 @@ class Chef The server that received the request supports a min version of #{min_version} and a max version of #{max_version}. User keys are now managed via the key rotation commmands. Please refer to the documentation on how to manage your keys via the key rotation commands: - https://docs.chef.io/server_security.html#key-rotation + https://docs.chef.io/ctl_chef_server/#key-rotation EOH end diff --git a/lib/chef/mixin/openssl_helper.rb b/lib/chef/mixin/openssl_helper.rb index 5a4bd6077a..a9201d8637 100644 --- a/lib/chef/mixin/openssl_helper.rb +++ b/lib/chef/mixin/openssl_helper.rb @@ -401,6 +401,27 @@ class Chef crl.sign(ca_private_key, ::OpenSSL::Digest::SHA256.new) crl end + + # Return true if a certificate need to be renewed (or doesn't exist) according to the number + # of days before expiration given + # @param [string] cert_file path of the cert file or cert content + # @param [integer] renew_before_expiry number of days before expiration + # @return [true, false] + def cert_need_renewall?(cert_file, renew_before_expiry) + resp = true + cert_content = ::File.exist?(cert_file) ? File.read(cert_file) : cert_file + begin + cert = OpenSSL::X509::Certificate.new cert_content + rescue ::OpenSSL::X509::CertificateError + return resp + end + + unless cert.not_after <= Time.now + 3600 * 24 * renew_before_expiry + resp = false + end + + resp + end end end end diff --git a/lib/chef/monkey_patches/net_http.rb b/lib/chef/monkey_patches/net_http.rb index a50b7fd74c..42007d23a7 100644 --- a/lib/chef/monkey_patches/net_http.rb +++ b/lib/chef/monkey_patches/net_http.rb @@ -5,10 +5,6 @@ module ChefNetHTTPExceptionExtensions attr_accessor :chef_rest_request end -unless defined?(Net::HTTPClientException) - Net::HTTPClientException = Net::HTTPServerException -end - require "net/http" unless defined?(Net::HTTP) module Net class HTTPError @@ -24,41 +20,3 @@ module Net include ChefNetHTTPExceptionExtensions end end - -if Net::HTTP.instance_methods.map(&:to_s).include?("proxy_uri") - begin - # Ruby 2.0 changes the way proxy support is implemented in Net::HTTP. - # The implementation does not work correctly with IPv6 literals because it - # concatenates the address into a URI without adding square brackets for - # IPv6 addresses. - # - # If the bug is present, a call to Net::HTTP#proxy_uri when the host is an - # IPv6 address will fail by creating an invalid URI, like so: - # - # ruby -r'net/http' -e 'Net::HTTP.new("::1", 80).proxy_uri' - # /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/generic.rb:214:in `initialize': the scheme http does not accept registry part: ::1:80 (or bad hostname?) (URI::InvalidURIError) - # from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/http.rb:84:in `initialize' - # from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:214:in `new' - # from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:214:in `parse' - # from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:747:in `parse' - # from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:994:in `URI' - # from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:1027:in `proxy_uri' - # from -e:1:in `<main>' - # - # https://bugs.ruby-lang.org/issues/9129 - # - # NOTE: This should be fixed in Ruby 2.2.0, and backported to Ruby 2.0 and - # 2.1 (not yet released so the version/patchlevel required isn't known - # yet). - Net::HTTP.new("::1", 80).proxy_uri - rescue URI::InvalidURIError - class Net::HTTP - - def proxy_uri # :nodoc: - ipv6_safe_addr = address.to_s.include?(":") ? "[#{address}]" : address - @proxy_uri ||= URI("http://#{ipv6_safe_addr}:#{port}").find_proxy - end - - end - end -end diff --git a/lib/chef/node.rb b/lib/chef/node.rb index 1e5d3a8d59..a5bf1d9b8a 100644 --- a/lib/chef/node.rb +++ b/lib/chef/node.rb @@ -2,7 +2,7 @@ # Author:: Christopher Brown (<cb@chef.io>) # Author:: Christopher Walters (<cw@chef.io>) # Author:: Tim Hinderliter (<tim@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -363,7 +363,7 @@ class Chef # FIXME(log): should be trace logger.debug("Platform is #{platform} version #{version}") automatic[:platform] = platform - automatic[:platform_version] = version + automatic[:platform_version] = Chef::VersionString.new(version) automatic[:chef_guid] = Chef::Config[:chef_guid] || ( Chef::Config[:chef_guid] = node_uuid ) automatic[:name] = name automatic[:chef_environment] = chef_environment diff --git a/lib/chef/node/attribute.rb b/lib/chef/node/attribute.rb index d872e53d9b..4ccf04af6a 100644 --- a/lib/chef/node/attribute.rb +++ b/lib/chef/node/attribute.rb @@ -1,7 +1,7 @@ #-- # Author:: Adam Jacob (<adam@chef.io>) # Author:: AJ Christensen (<aj@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -453,6 +453,8 @@ class Chef merged_attributes.read(*path) end + alias :dig :read + def read!(*path) merged_attributes.read!(*path) end diff --git a/lib/chef/node/common_api.rb b/lib/chef/node/common_api.rb index 1ea1067113..829552d80c 100644 --- a/lib/chef/node/common_api.rb +++ b/lib/chef/node/common_api.rb @@ -1,5 +1,5 @@ #-- -# Copyright:: Copyright 2016, Chef Software, Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -98,9 +98,11 @@ class Chef nil end + alias :dig :read + # non-autovivifying reader that throws an exception if the attribute does not exist def read!(*path) - raise Chef::Exceptions::NoSuchAttribute unless exist?(*path) + raise Chef::Exceptions::NoSuchAttribute.new(path.join ".") unless exist?(*path) path.inject(self) do |memo, key| memo[key] diff --git a/lib/chef/node/mixin/immutablize_array.rb b/lib/chef/node/mixin/immutablize_array.rb index 36b8c33528..4401c91067 100644 --- a/lib/chef/node/mixin/immutablize_array.rb +++ b/lib/chef/node/mixin/immutablize_array.rb @@ -1,5 +1,5 @@ #-- -# Copyright:: Copyright 2016-2019, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -43,6 +43,7 @@ class Chef compact count cycle + deconstruct detect difference dig @@ -59,6 +60,7 @@ class Chef entries fetch filter + filter_map find find_all find_index @@ -71,6 +73,7 @@ class Chef include? index inject + intersection join last lazy @@ -113,6 +116,7 @@ class Chef sum take take_while + tally to_a to_ary to_csv diff --git a/lib/chef/node/mixin/immutablize_hash.rb b/lib/chef/node/mixin/immutablize_hash.rb index 6ffa42a4f3..5e12f88d8e 100644 --- a/lib/chef/node/mixin/immutablize_hash.rb +++ b/lib/chef/node/mixin/immutablize_hash.rb @@ -1,5 +1,5 @@ #-- -# Copyright:: Copyright 2016-2019, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -40,6 +40,7 @@ class Chef compare_by_identity? count cycle + deconstruct_keys default default_proc detect @@ -60,6 +61,7 @@ class Chef fetch fetch_values filter + filter_map find find_all find_index @@ -109,6 +111,7 @@ class Chef sum take take_while + tally to_a to_h to_hash diff --git a/lib/chef/node_map.rb b/lib/chef/node_map.rb index 3c78d6cb9b..8a858315b9 100644 --- a/lib/chef/node_map.rb +++ b/lib/chef/node_map.rb @@ -1,6 +1,6 @@ # # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2014-2019, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -55,14 +55,13 @@ class Chef # # @return [NodeMap] Returns self for possible chaining # - def set(key, klass, platform: nil, platform_version: nil, platform_family: nil, os: nil, canonical: nil, override: nil, chef_version: nil, target_mode: nil, &block) + def set(key, klass, platform: nil, platform_version: nil, platform_family: nil, os: nil, override: nil, chef_version: nil, target_mode: nil, &block) new_matcher = { klass: klass } new_matcher[:platform] = platform if platform new_matcher[:platform_version] = platform_version if platform_version new_matcher[:platform_family] = platform_family if platform_family new_matcher[:os] = os if os new_matcher[:block] = block if block - new_matcher[:canonical] = canonical if canonical new_matcher[:override] = override if override new_matcher[:target_mode] = target_mode @@ -113,16 +112,14 @@ class Chef # @param node [Chef::Node] The Chef::Node object for the run, or `nil` to # ignore all filters. # @param key [Object] Key to look up - # @param canonical [Boolean] `true` or `false` to match canonical or - # non-canonical values only. `nil` to ignore canonicality. Default: `nil` # # @return [Object] Class # - def get(node, key, canonical: nil) + def get(node, key) return nil unless map.key?(key) map[key].map do |matcher| - return matcher[:klass] if node_matches?(node, matcher) && canonical_matches?(canonical, matcher) + return matcher[:klass] if node_matches?(node, matcher) end nil end @@ -134,16 +131,14 @@ class Chef # @param node [Chef::Node] The Chef::Node object for the run, or `nil` to # ignore all filters. # @param key [Object] Key to look up - # @param canonical [Boolean] `true` or `false` to match canonical or - # non-canonical values only. `nil` to ignore canonicality. Default: `nil` # # @return [Object] Class # - def list(node, key, canonical: nil) + def list(node, key) return [] unless map.key?(key) map[key].select do |matcher| - node_matches?(node, matcher) && canonical_matches?(canonical, matcher) + node_matches?(node, matcher) end.map { |matcher| matcher[:klass] } end @@ -174,21 +169,6 @@ class Chef deleted end - # Seriously, don't use this, it's nearly certain to change on you - # @return remaining - # @api private - def delete_canonical(key, klass) - remaining = map[key] - if remaining - remaining.delete_if { |matcher| matcher[:canonical] && Array(matcher[:klass]) == Array(klass) } - if remaining.empty? - map.delete(key) - remaining = nil - end - end - remaining - end - # Check if this map has been locked. # # @api internal @@ -299,12 +279,6 @@ class Chef filters_match?(node, matcher) && block_matches?(node, matcher[:block]) end - def canonical_matches?(canonical, matcher) - return true if canonical.nil? - - !!canonical == !!matcher[:canonical] - end - # # "provides" lines with identical filters sort by class name (ascending). # diff --git a/lib/chef/platform/priority_map.rb b/lib/chef/platform/priority_map.rb index 08b1a2a9fc..45d67731e2 100644 --- a/lib/chef/platform/priority_map.rb +++ b/lib/chef/platform/priority_map.rb @@ -1,6 +1,6 @@ # # Author:: John Keiser (<jkeiser@chef.io>) -# Copyright:: Copyright 2015-2016, Chef Software Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,8 +21,8 @@ require_relative "../node_map" class Chef class Platform class PriorityMap < Chef::NodeMap - def priority(resource_name, priority_array, *filter) - set_priority_array(resource_name.to_sym, priority_array, *filter) + def priority(resource_name, priority_array, **filter) + set_priority_array(resource_name.to_sym, priority_array, **filter) end # @api private @@ -31,9 +31,9 @@ class Chef end # @api private - def set_priority_array(key, priority_array, *filter, &block) + def set_priority_array(key, priority_array, **filter, &block) priority_array = Array(priority_array) - set(key, priority_array, *filter, &block) + set(key, priority_array, **filter, &block) priority_array end end diff --git a/lib/chef/platform/query_helpers.rb b/lib/chef/platform/query_helpers.rb index 3cce4b5d2c..477efd1f22 100644 --- a/lib/chef/platform/query_helpers.rb +++ b/lib/chef/platform/query_helpers.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,49 +26,21 @@ class Chef ChefUtils.windows? end + # @deprecated Windows Nano is not a thing anymore so this check shouldn't be used def windows_nano_server? - return false unless windows? - - require "win32/registry" unless defined?(Win32::Registry) - - # This method may be called before ohai runs (e.g., it may be used to - # determine settings in config.rb). Chef::Win32::Registry.new uses - # node attributes to verify the machine architecture which aren't - # accessible before ohai runs. - nano = nil - key = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Server\\ServerLevels" - access = ::Win32::Registry::KEY_QUERY_VALUE | 0x0100 # nano is 64-bit only - begin - ::Win32::Registry::HKEY_LOCAL_MACHINE.open(key, access) do |reg| - nano = reg["NanoServer"] - end - rescue ::Win32::Registry::Error - # If accessing the registry key failed, then we're probably not on - # nano. Fail through. - end - nano == 1 + false end + # @deprecated we added this method due to Windows Server Nano, which is no longer a platform def supports_msi? return false unless windows? - require "win32/registry" unless defined?(Win32::Registry) - - key = "System\\CurrentControlSet\\Services\\msiserver" - access = ::Win32::Registry::KEY_QUERY_VALUE - - begin - ::Win32::Registry::HKEY_LOCAL_MACHINE.open(key, access) do |reg| - true - end - rescue ::Win32::Registry::Error - false - end + true end + # @deprecated we don't support any release of Windows that isn't PS 3+ def supports_powershell_execution_bypass?(node) - node[:languages] && node[:languages][:powershell] && - node[:languages][:powershell][:version].to_i >= 3 + true end def supports_dsc?(node) diff --git a/lib/chef/property.rb b/lib/chef/property.rb index 7fa62442a0..336331b59f 100644 --- a/lib/chef/property.rb +++ b/lib/chef/property.rb @@ -1,6 +1,7 @@ # # Author:: John Keiser <jkeiser@chef.io> -# Copyright:: Copyright 2015-2016, John Keiser. +# Copyright:: Copyright 2015-2016, John Keiser +# Copyright:: Copyright 2015-2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -245,6 +246,15 @@ class Chef end # + # The equal_to field of this property. + # + # @return [Array, NilClass] + # + def equal_to + options[:equal_to] + end + + # # Whether this is part of the resource's natural identity or not. # # @return [Boolean] @@ -543,7 +553,7 @@ class Chef modified_options.key?(:default) options = options.reject { |k, v| k == :name_attribute || k == :name_property || k == :default } end - self.class.new(options.merge(modified_options)) + self.class.new(**options.merge(modified_options)) end # diff --git a/lib/chef/provider.rb b/lib/chef/provider.rb index 93d2578414..07cdea6dfc 100644 --- a/lib/chef/provider.rb +++ b/lib/chef/provider.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Christopher Walters (<cw@chef.io>) -# Copyright:: Copyright 2008-2016, 2009-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2016, 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,7 +23,7 @@ require_relative "mixin/enforce_ownership_and_permissions" require_relative "mixin/why_run" require_relative "mixin/shell_out" require_relative "mixin/provides" -require_relative "dsl/core" +require_relative "dsl/recipe" require_relative "platform/service_helpers" require_relative "node_map" require "forwardable" unless defined?(Forwardable) @@ -44,8 +44,7 @@ class Chef extend Chef::Mixin::Provides extend Forwardable - # includes the "core" DSL and not the "recipe" DSL by design - include Chef::DSL::Core + include Chef::DSL::Recipe # the class only gets the Universal DSL (no resource_collection at class parsing time) extend Chef::DSL::Universal @@ -64,7 +63,7 @@ class Chef # # @return [void] def self.action(name, &block) - # We need the block directly in a method so that `super` works. + # We need the block directly in a method so that `return` works. define_method("compile_action_#{name}", &block) class_eval <<-EOM def action_#{name} @@ -334,7 +333,7 @@ class Chef end def self.provides(short_name, opts = {}, &block) - Chef.provider_handler_map.set(short_name, self, opts, &block) + Chef.provider_handler_map.set(short_name, self, **opts, &block) end def self.provides?(node, resource) diff --git a/lib/chef/provider/apt_preference.rb b/lib/chef/provider/apt_preference.rb deleted file mode 100644 index 0e655cf0c0..0000000000 --- a/lib/chef/provider/apt_preference.rb +++ /dev/null @@ -1,93 +0,0 @@ -# -# Author:: Tim Smith (<tsmith@chef.io>) -# Copyright:: 2016-2017, Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../provider" -require_relative "../dsl/declare_resource" -require_relative "noop" -require_relative "../log" - -class Chef - class Provider - class AptPreference < Chef::Provider - provides :apt_preference, platform_family: "debian" - - APT_PREFERENCE_DIR = "/etc/apt/preferences.d".freeze - - def load_current_resource; end - - action :add do - preference = build_pref( - new_resource.glob || new_resource.package_name, - new_resource.pin, - new_resource.pin_priority - ) - - declare_resource(:directory, APT_PREFERENCE_DIR) do - mode "0755" - action :create - end - - sanitized_prefname = safe_name(new_resource.package_name) - - # cleanup any existing pref files w/o the sanitized name (created by old apt cookbook) - if (sanitized_prefname != new_resource.package_name) && ::File.exist?("#{APT_PREFERENCE_DIR}/#{new_resource.package_name}.pref") - logger.warn "Replacing legacy #{new_resource.package_name}.pref with #{sanitized_prefname}.pref in #{APT_PREFERENCE_DIR}" - declare_resource(:file, "#{APT_PREFERENCE_DIR}/#{new_resource.package_name}.pref") do - action :delete - end - end - - # cleanup any existing pref files without the .pref extension (created by old apt cookbook) - if ::File.exist?("#{APT_PREFERENCE_DIR}/#{new_resource.package_name}") - logger.warn "Replacing legacy #{new_resource.package_name} with #{sanitized_prefname}.pref in #{APT_PREFERENCE_DIR}" - declare_resource(:file, "#{APT_PREFERENCE_DIR}/#{new_resource.package_name}") do - action :delete - end - end - - declare_resource(:file, "#{APT_PREFERENCE_DIR}/#{sanitized_prefname}.pref") do - mode "0644" - content preference - action :create - end - end - - action :remove do - sanitized_prefname = safe_name(new_resource.package_name) - - if ::File.exist?("#{APT_PREFERENCE_DIR}/#{sanitized_prefname}.pref") - logger.info "Un-pinning #{sanitized_prefname} from #{APT_PREFERENCE_DIR}" - declare_resource(:file, "#{APT_PREFERENCE_DIR}/#{sanitized_prefname}.pref") do - action :delete - end - end - end - - # Build preferences.d file contents - def build_pref(package_name, pin, pin_priority) - "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n" - end - - def safe_name(name) - name.tr(".", "_").gsub("*", "wildcard") - end - end - end -end - -Chef::Provider::Noop.provides :apt_preference diff --git a/lib/chef/provider/apt_repository.rb b/lib/chef/provider/apt_repository.rb deleted file mode 100644 index 85fac1d2da..0000000000 --- a/lib/chef/provider/apt_repository.rb +++ /dev/null @@ -1,359 +0,0 @@ -# -# Author:: Thom May (<thom@chef.io>) -# Copyright:: Copyright (c) 2016-2018, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../resource" -require_relative "../dsl/declare_resource" -require_relative "../mixin/shell_out" -require_relative "../http/simple" -require_relative "noop" -require "tmpdir" unless defined?(Dir.mktmpdir) - -class Chef - class Provider - class AptRepository < Chef::Provider - include Chef::Mixin::ShellOut - - provides :apt_repository, platform_family: "debian" - - LIST_APT_KEY_FINGERPRINTS = %w{apt-key adv --list-public-keys --with-fingerprint --with-colons}.freeze - - def load_current_resource; end - - action :add do - if new_resource.key.nil? - logger.debug "No 'key' property specified skipping key import" - else - new_resource.key.each do |k| - if is_key_id?(k) && !has_cookbook_file?(k) - install_key_from_keyserver(k) - else - install_key_from_uri(k) - end - end - end - - declare_resource(:execute, "apt-cache gencaches") do - command %w{apt-cache gencaches} - default_env true - ignore_failure true - action :nothing - end - - declare_resource(:apt_update, new_resource.name) do - ignore_failure true - action :nothing - end - - cleanup_legacy_file! - - repo = build_repo( - new_resource.uri, - new_resource.distribution, - repo_components, - new_resource.trusted, - new_resource.arch, - new_resource.deb_src - ) - - declare_resource(:file, "/etc/apt/sources.list.d/#{new_resource.repo_name}.list") do - owner "root" - group "root" - mode "0644" - content repo - sensitive new_resource.sensitive - action :create - notifies :run, "execute[apt-cache gencaches]", :immediately - notifies :update, "apt_update[#{new_resource.name}]", :immediately if new_resource.cache_rebuild - end - end - - action :remove do - cleanup_legacy_file! - if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.repo_name}.list") - converge_by "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/" do - declare_resource(:file, "/etc/apt/sources.list.d/#{new_resource.repo_name}.list") do - sensitive new_resource.sensitive - action :delete - notifies :update, "apt_update[#{new_resource.name}]", :immediately if new_resource.cache_rebuild - end - - declare_resource(:apt_update, new_resource.name) do - ignore_failure true - action :nothing - end - end - else - logger.trace("/etc/apt/sources.list.d/#{new_resource.repo_name}.list does not exist. Nothing to do") - end - end - - # is the provided ID a key ID from a keyserver. Looks at length and HEX only values - # @param [String] id the key value passed by the user that *may* be an ID - def is_key_id?(id) - id = id[2..-1] if id.start_with?("0x") - id =~ /^\h+$/ && [8, 16, 40].include?(id.length) - end - - # run the specified command and extract the fingerprints from the output - # accepts a command so it can be used to extract both the current key's fingerprints - # and the fingerprint of the new key - # @param [Array<String>] cmd the command to run - # - # @return [Array] an array of fingerprints - def extract_fingerprints_from_cmd(*cmd) - so = shell_out(*cmd) - so.stdout.split(/\n/).map do |t| - if z = t.match(/^fpr:+([0-9A-F]+):/) - z[1].split.join - end - end.compact - end - - # validate the key against the apt keystore to see if that version is expired - # @param [String] key - # - # @return [Boolean] is the key valid or not - def key_is_valid?(key) - valid = true - - so = shell_out("apt-key", "list") - so.stdout.split(/\n/).map do |t| - if t =~ %r{^\/#{key}.*\[expired: .*\]$} - logger.debug "Found expired key: #{t}" - valid = false - break - end - end - - logger.debug "key #{key} #{valid ? "is valid" : "is not valid"}" - valid - end - - # return the specified cookbook name or the cookbook containing the - # resource. - # - # @return [String] name of the cookbook - def cookbook_name - new_resource.cookbook || new_resource.cookbook_name - end - - # determine if a cookbook file is available in the run - # @param [String] fn the path to the cookbook file - # - # @return [Boolean] cookbook file exists or doesn't - def has_cookbook_file?(fn) - run_context.has_cookbook_file_in_cookbook?(cookbook_name, fn) - end - - # determine if there are any new keys by comparing the fingerprints of installed - # keys to those of the passed file - # @param [String] file the keyfile of the new repository - # - # @return [Boolean] true: no new keys in the file. false: there are new keys - def no_new_keys?(file) - # Now we are using the option --with-colons that works across old os versions - # as well as the latest (16.10). This for both `apt-key` and `gpg` commands - installed_keys = extract_fingerprints_from_cmd(*LIST_APT_KEY_FINGERPRINTS) - proposed_keys = extract_fingerprints_from_cmd("gpg", "--with-fingerprint", "--with-colons", file) - (installed_keys & proposed_keys).sort == proposed_keys.sort - end - - # Given the provided key URI determine what kind of chef resource we need - # to fetch the key - # @param [String] uri the uri of the gpg key (local path or http URL) - # - # @raise [Chef::Exceptions::FileNotFound] Key isn't remote or found in the current run - # - # @return [Symbol] :remote_file or :cookbook_file - def key_type(uri) - if uri.start_with?("http") - :remote_file - elsif has_cookbook_file?(uri) - :cookbook_file - else - raise Chef::Exceptions::FileNotFound, "Cannot locate key file: #{uri}" - end - end - - # Fetch the key using either cookbook_file or remote_file, validate it, - # and install it with apt-key add - # @param [String] key the key to install - # - # @raise [RuntimeError] Invalid key which can't verify the apt repository - # - # @return [void] - def install_key_from_uri(key) - key_name = key.gsub(/[^0-9A-Za-z\-]/, "_") - cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name) - tmp_dir = Dir.mktmpdir(".gpg") - at_exit { FileUtils.remove_entry(tmp_dir) } - - declare_resource(key_type(key), cached_keyfile) do - source key - mode "0644" - sensitive new_resource.sensitive - action :create - verify "gpg --homedir #{tmp_dir} %{path}" - end - - declare_resource(:execute, "apt-key add #{cached_keyfile}") do - command [ "apt-key", "add", cached_keyfile ] - default_env true - sensitive new_resource.sensitive - action :run - not_if { no_new_keys?(cached_keyfile) } - notifies :run, "execute[apt-cache gencaches]", :immediately - end - end - - # build the apt-key command to install the keyserver - # @param [String] key the key to install - # @param [String] keyserver the key server to use - # - # @return [String] the full apt-key command to run - def keyserver_install_cmd(key, keyserver) - cmd = "apt-key adv --no-tty --recv" - cmd << " --keyserver-options http-proxy=#{new_resource.key_proxy}" if new_resource.key_proxy - cmd << " --keyserver " - cmd << if keyserver.start_with?("hkp://") - keyserver - else - "hkp://#{keyserver}:80" - end - - cmd << " #{key}" - cmd - end - - # @param [String] key - # @param [String] keyserver - # - # @raise [RuntimeError] Invalid key which can't verify the apt repository - # - # @return [void] - def install_key_from_keyserver(key, keyserver = new_resource.keyserver) - declare_resource(:execute, "install-key #{key}") do - command keyserver_install_cmd(key, keyserver) - default_env true - sensitive new_resource.sensitive - not_if do - present = extract_fingerprints_from_cmd(*LIST_APT_KEY_FINGERPRINTS).any? do |fp| - fp.end_with? key.upcase - end - present && key_is_valid?(key.upcase) - end - notifies :run, "execute[apt-cache gencaches]", :immediately - end - - raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless key_is_valid?(key.upcase) - end - - # @param [String] owner - # @param [String] repo - # - # @raise [RuntimeError] Could not access the Launchpad PPA API - # - # @return [void] - def install_ppa_key(owner, repo) - url = "https://launchpad.net/api/1.0/~#{owner}/+archive/#{repo}" - key_id = Chef::HTTP::Simple.new(url).get("signing_key_fingerprint").delete('"') - install_key_from_keyserver(key_id, "keyserver.ubuntu.com") - rescue Net::HTTPClientException => e - raise "Could not access Launchpad ppa API: #{e.message}" - end - - # determine if the repository URL is a PPA - # @param [String] url the url of the repository - # - # @return [Boolean] is the repo URL a PPA - def is_ppa_url?(url) - url.start_with?("ppa:") - end - - # determine the repository's components: - # - "components" property if defined - # - "main" if "components" not defined and the repo is a PPA URL - # - otherwise nothing - # - # @return [String] the repository component - def repo_components - if is_ppa_url?(new_resource.uri) && new_resource.components.empty? - "main" - else - new_resource.components - end - end - - # given a PPA return a PPA URL in http://ppa.launchpad.net format - # @param [String] ppa the ppa URL - # - # @return [String] full PPA URL - def make_ppa_url(ppa) - owner, repo = ppa[4..-1].split("/") - repo ||= "ppa" - - install_ppa_key(owner, repo) - "http://ppa.launchpad.net/#{owner}/#{repo}/ubuntu" - end - - # build complete repo text that will be written to the config - # @param [String] uri - # @param [Array] components - # @param [Boolean] trusted - # @param [String] arch - # @param [Boolean] add_src - # - # @return [String] complete repo config text - def build_repo(uri, distribution, components, trusted, arch, add_src = false) - uri = make_ppa_url(uri) if is_ppa_url?(uri) - - uri = '"' + uri + '"' unless uri.start_with?("'", '"') - components = Array(components).join(" ") - options = [] - options << "arch=#{arch}" if arch - options << "trusted=yes" if trusted - optstr = unless options.empty? - "[" + options.join(" ") + "]" - end - info = [ optstr, uri, distribution, components ].compact.join(" ") - repo = "deb #{info}\n" - repo << "deb-src #{info}\n" if add_src - repo - end - - # clean up a potentially legacy file from before we fixed the usage of - # new_resource.name vs. new_resource.repo_name. We might have the - # name.list file hanging around and need to clean it up. - # - # @return [void] - def cleanup_legacy_file! - legacy_path = "/etc/apt/sources.list.d/#{new_resource.name}.list" - if new_resource.name != new_resource.repo_name && ::File.exist?(legacy_path) - converge_by "Cleaning up legacy #{legacy_path} repo file" do - declare_resource(:file, legacy_path) do - action :delete - # Not triggering an update since it isn't super likely to be needed. - end - end - end - end - end - end -end - -Chef::Provider::Noop.provides :apt_repository diff --git a/lib/chef/provider/apt_update.rb b/lib/chef/provider/apt_update.rb deleted file mode 100644 index 8914d5412b..0000000000 --- a/lib/chef/provider/apt_update.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Author:: Thom May (<thom@chef.io>) -# Copyright:: Copyright (c) 2016-2018, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../provider" -require_relative "noop" -require_relative "../dsl/declare_resource" - -class Chef - class Provider - class AptUpdate < Chef::Provider - provides :apt_update, platform_family: "debian" - - APT_CONF_DIR = "/etc/apt/apt.conf.d".freeze - STAMP_DIR = "/var/lib/apt/periodic".freeze - - def load_current_resource; end - - action :periodic do - unless apt_up_to_date? - converge_by "update new lists of packages" do - do_update - end - end - end - - action :update do - converge_by "force update new lists of packages" do - do_update - end - end - - private - - # Determines whether we need to run `apt-get update` - # - # @return [Boolean] - def apt_up_to_date? - ::File.exist?("#{STAMP_DIR}/update-success-stamp") && - ::File.mtime("#{STAMP_DIR}/update-success-stamp") > Time.now - new_resource.frequency - end - - def do_update - [STAMP_DIR, APT_CONF_DIR].each do |d| - declare_resource(:directory, d) do - recursive true - end - end - - declare_resource(:file, "#{APT_CONF_DIR}/15update-stamp") do - content "APT::Update::Post-Invoke-Success {\"touch #{STAMP_DIR}/update-success-stamp 2>/dev/null || true\";};\n" - action :create_if_missing - end - - declare_resource(:execute, "apt-get -q update") do - command [ "apt-get", "-q", "update" ] - default_env true - end - end - - end - end -end - -Chef::Provider::Noop.provides :apt_update diff --git a/lib/chef/provider/batch.rb b/lib/chef/provider/batch.rb index 21dc8f84dd..00593707e7 100644 --- a/lib/chef/provider/batch.rb +++ b/lib/chef/provider/batch.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/provider/cookbook_file.rb b/lib/chef/provider/cookbook_file.rb index 3d09d291a3..e964b6279f 100644 --- a/lib/chef/provider/cookbook_file.rb +++ b/lib/chef/provider/cookbook_file.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2010-2016, Chef Software Inc. +# Copyright:: Copyright 2010-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/provider/cookbook_file/content.rb b/lib/chef/provider/cookbook_file/content.rb index 873f3bb394..8307fc1934 100644 --- a/lib/chef/provider/cookbook_file/content.rb +++ b/lib/chef/provider/cookbook_file/content.rb @@ -1,6 +1,6 @@ # # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/provider/cron.rb b/lib/chef/provider/cron.rb index aad59d1eba..a5669b0a4a 100644 --- a/lib/chef/provider/cron.rb +++ b/lib/chef/provider/cron.rb @@ -95,7 +95,7 @@ class Chef end end - def action_create + action :create do crontab = "" newcron = "" cron_found = false @@ -155,7 +155,7 @@ class Chef end end - def action_delete + action :delete do if @cron_exists crontab = "" cron_found = false @@ -216,11 +216,13 @@ class Chef raise Chef::Exceptions::Cron, "Error updating state of #{new_resource.name}, error: #{e}" end - def get_crontab_entry - newcron = "" - newcron << "# Chef Name: #{new_resource.name}\n" + # + # @return [String] The string of Env Variables containing line breaks. + # + def env_var_str + str = [] %i{mailto path shell home}.each do |v| - newcron << "#{v.to_s.upcase}=\"#{new_resource.send(v)}\"\n" if new_resource.send(v) + str << "#{v.to_s.upcase}=\"#{new_resource.send(v)}\"" if new_resource.send(v) end new_resource.environment.each do |name, value| if ENVIRONMENT_PROPERTIES.include?(name) @@ -228,20 +230,63 @@ class Chef logger.warn("#{new_resource.name}: the environment property contains the '#{name}' variable, which should be set separately as a property.") new_resource.send(name.downcase.to_sym, value.gsub(/^"|"$/, "")) new_resource.environment.delete(name) - newcron << "#{name.to_s.upcase}=\"#{value}\"\n" + str << "#{name.to_s.upcase}=\"#{value}\"" else raise Chef::Exceptions::Cron, "#{new_resource.name}: the '#{name}' property is set and environment property also contains the '#{name}' variable. Remove the variable from the environment property." end else - newcron << "#{name}=#{value}\n" + str << "#{name}=#{value}" end end + str.join("\n") + end + + # + # @return [String] The Cron time string consisting five fields that Cron converts into a time interval. + # + def duration_str if new_resource.time - newcron << "@#{new_resource.time} #{new_resource.command}\n" + "@#{new_resource.time}" else - newcron << "#{new_resource.minute} #{new_resource.hour} #{new_resource.day} #{new_resource.month} #{new_resource.weekday} #{new_resource.command}\n" + "#{new_resource.minute} #{new_resource.hour} #{new_resource.day} #{new_resource.month} #{new_resource.weekday}" end - newcron + end + + # + # @return [String] The timeout command string formed as per time_out property. + # + def time_out_str + return "" if new_resource.time_out.empty? + + str = " timeout" + str << " --preserve-status" if new_resource.time_out["preserve-status"].to_s.downcase == "true" + str << " --foreground" if new_resource.time_out["foreground"].to_s.downcase == "true" + str << " --kill-after #{new_resource.time_out["kill-after"]}" if new_resource.time_out["kill-after"] + str << " --signal #{new_resource.time_out["signal"]}" if new_resource.time_out["signal"] + str << " #{new_resource.time_out["duration"]};" + str + end + + # + # @return [String] The command to be executed. The new line at the end has been added purposefully. + # + def cmd_str + " #{new_resource.command}\n" + end + + # Concatenates various information and formulates a complete string that + # could be written in the crontab + # + # @return [String] A crontab string formed as per the user inputs. + # + def get_crontab_entry + # Initialize + newcron = [] + newcron << "# Chef Name: #{new_resource.name}" + newcron << env_var_str unless env_var_str.empty? + newcron << duration_str + time_out_str + cmd_str + + newcron.join("\n") end def weekday_in_crontab diff --git a/lib/chef/provider/cron/aix.rb b/lib/chef/provider/cron/aix.rb index 5d58e21bca..4b41e5e240 100644 --- a/lib/chef/provider/cron/aix.rb +++ b/lib/chef/provider/cron/aix.rb @@ -33,8 +33,11 @@ class Chef raise Chef::Exceptions::Cron, "Aix cron entry does not support environment variables. Please set them in script and use script in cron." end - newcron = "" - newcron << "# Chef Name: #{new_resource.name}\n" + if time_out_set? + raise Chef::Exceptions::Cron, "Aix cron entry does not support timeout." + end + + newcron = "# Chef Name: #{new_resource.name}\n" newcron << "#{@new_resource.minute} #{@new_resource.hour} #{@new_resource.day} #{@new_resource.month} #{@new_resource.weekday}" newcron << " #{@new_resource.command}\n" @@ -44,6 +47,10 @@ class Chef def env_vars_are_set? @new_resource.environment.length > 0 || !@new_resource.mailto.nil? || !@new_resource.path.nil? || !@new_resource.shell.nil? || !@new_resource.home.nil? end + + def time_out_set? + !@new_resource.time_out.empty? + end end end end diff --git a/lib/chef/provider/directory.rb b/lib/chef/provider/directory.rb index ad627757f8..28ddb202be 100644 --- a/lib/chef/provider/directory.rb +++ b/lib/chef/provider/directory.rb @@ -121,7 +121,7 @@ class Chef end end - def action_create + action :create do unless ::File.exists?(new_resource.path) converge_by("create new directory #{new_resource.path}") do if new_resource.recursive == true @@ -137,7 +137,7 @@ class Chef load_resource_attributes_from_file(new_resource) unless Chef::Config[:why_run] end - def action_delete + action :delete do if ::File.exists?(new_resource.path) converge_by("delete existing directory #{new_resource.path}") do if new_resource.recursive == true diff --git a/lib/chef/provider/dsc_resource.rb b/lib/chef/provider/dsc_resource.rb index da8b17ed04..7a211c8c9f 100644 --- a/lib/chef/provider/dsc_resource.rb +++ b/lib/chef/provider/dsc_resource.rb @@ -33,7 +33,7 @@ class Chef @reboot_resource = nil end - def action_run + action :run do unless test_resource converge_by(generate_description) do result = set_resource diff --git a/lib/chef/provider/dsc_script.rb b/lib/chef/provider/dsc_script.rb index 999ea9f33e..b927e00558 100644 --- a/lib/chef/provider/dsc_script.rb +++ b/lib/chef/provider/dsc_script.rb @@ -40,7 +40,7 @@ class Chef end } end - def action_run + action :run do unless @resource_converged converge_by(generate_description) do run_configuration(:set) diff --git a/lib/chef/provider/execute.rb b/lib/chef/provider/execute.rb index 61107a84ba..e358f925ec 100644 --- a/lib/chef/provider/execute.rb +++ b/lib/chef/provider/execute.rb @@ -47,7 +47,7 @@ class Chef new_resource.timeout || 3600 end - def action_run + action :run do if creates && sentinel_file.exist? logger.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do") return false diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb index a2b956c282..449ab49c90 100644 --- a/lib/chef/provider/file.rb +++ b/lib/chef/provider/file.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -137,7 +137,7 @@ class Chef end end - def action_create + action :create do do_generate_content do_validate_content do_unlink @@ -148,7 +148,7 @@ class Chef load_resource_attributes_from_file(new_resource) unless Chef::Config[:why_run] end - def action_create_if_missing + action :create_if_missing do unless ::File.exist?(new_resource.path) action_create else @@ -156,7 +156,7 @@ class Chef end end - def action_delete + action :delete do if ::File.exists?(new_resource.path) converge_by("delete file #{new_resource.path}") do do_backup unless file_class.symlink?(new_resource.path) @@ -166,7 +166,7 @@ class Chef end end - def action_touch + action :touch do action_create converge_by("update utime on file #{new_resource.path}") do time = Time.now @@ -341,7 +341,10 @@ class Chef if tempfile new_resource.verify.each do |v| unless v.verify(tempfile.path) - raise Chef::Exceptions::ValidationFailed.new "Proposed content for #{new_resource.path} failed verification #{new_resource.sensitive ? "[sensitive]" : v}" + backupfile = "#{Chef::Config[:file_cache_path]}/failed_validations/#{::File.basename(tempfile.path)}" + FileUtils.mkdir_p ::File.dirname(backupfile) + FileUtils.cp tempfile.path, backupfile + raise Chef::Exceptions::ValidationFailed.new "Proposed content for #{new_resource.path} failed verification #{new_resource.sensitive ? "[sensitive]" : "#{v}\n#{v.output}"}\nTemporary file moved to #{backupfile}" end end end @@ -378,7 +381,7 @@ class Chef def update_file_contents do_backup unless needs_creating? - deployment_strategy.deploy(tempfile.path, ::File.realpath(new_resource.path)) + deployment_strategy.deploy(tempfile.path, ::File.realpath(new_resource.path).force_encoding(Chef::Config[:ruby_encoding])) logger.info("#{new_resource} updated file contents #{new_resource.path}") if managing_content? # save final checksum for reporting. diff --git a/lib/chef/provider/git.rb b/lib/chef/provider/git.rb index b7ca81b3f8..1ef1481c9e 100644 --- a/lib/chef/provider/git.rb +++ b/lib/chef/provider/git.rb @@ -71,7 +71,7 @@ class Chef end end - def action_checkout + action :checkout do if target_dir_non_existent_or_empty? clone if new_resource.enable_checkout @@ -84,14 +84,14 @@ class Chef end end - def action_export + action :export do action_checkout converge_by("complete the export by removing #{cwd}.git after checkout") do FileUtils.rm_rf(::File.join(cwd, ".git")) end end - def action_sync + action :sync do if existing_git_clone? logger.trace "#{new_resource} current revision: #{current_resource.revision} target revision: #{target_revision}" unless current_revision_matches_target_revision? diff --git a/lib/chef/provider/group.rb b/lib/chef/provider/group.rb index 1c8a18c037..7673a6fc91 100644 --- a/lib/chef/provider/group.rb +++ b/lib/chef/provider/group.rb @@ -122,7 +122,7 @@ class Chef true end - def action_create + action :create do case @group_exists when false converge_by("create group #{new_resource.group_name}") do @@ -139,7 +139,7 @@ class Chef end end - def action_remove + action :remove do return unless @group_exists converge_by("remove group #{new_resource.group_name}") do @@ -148,7 +148,7 @@ class Chef end end - def action_manage + action :manage do return unless @group_exists && compare_group converge_by(["manage group #{new_resource.group_name}"] + change_desc) do @@ -157,7 +157,7 @@ class Chef end end - def action_modify + action :modify do return unless compare_group converge_by(["modify group #{new_resource.group_name}"] + change_desc) do diff --git a/lib/chef/provider/group/usermod.rb b/lib/chef/provider/group/usermod.rb index b4e93580ff..90386b1659 100644 --- a/lib/chef/provider/group/usermod.rb +++ b/lib/chef/provider/group/usermod.rb @@ -1,6 +1,6 @@ # # Author:: AJ Christensen (<aj@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -76,10 +76,7 @@ class Chef end def append_flags - case node[:platform] - when "openbsd", "netbsd", "aix", "smartos", "omnios" - "-G" - end + "-G" if platform?("openbsd", "netbsd", "aix", "smartos", "omnios") end end diff --git a/lib/chef/provider/http_request.rb b/lib/chef/provider/http_request.rb index 3f475f005f..9a0ebd3dfe 100644 --- a/lib/chef/provider/http_request.rb +++ b/lib/chef/provider/http_request.rb @@ -32,7 +32,7 @@ class Chef end # Send a HEAD request to new_resource.url - def action_head + action :head do message = check_message(new_resource.message) # CHEF-4762: we expect a nil return value from Chef::HTTP for a "200 Success" response # and false for a "304 Not Modified" response @@ -49,7 +49,7 @@ class Chef end # Send a GET request to new_resource.url - def action_get + action :get do converge_by("#{new_resource} GET to #{new_resource.url}") do message = check_message(new_resource.message) @@ -63,7 +63,7 @@ class Chef end # Send a PATCH request to new_resource.url, with the message as the payload - def action_patch + action :patch do converge_by("#{new_resource} PATCH to #{new_resource.url}") do message = check_message(new_resource.message) body = @http.patch( @@ -77,7 +77,7 @@ class Chef end # Send a PUT request to new_resource.url, with the message as the payload - def action_put + action :put do converge_by("#{new_resource} PUT to #{new_resource.url}") do message = check_message(new_resource.message) body = @http.put( @@ -91,7 +91,7 @@ class Chef end # Send a POST request to new_resource.url, with the message as the payload - def action_post + action :post do converge_by("#{new_resource} POST to #{new_resource.url}") do message = check_message(new_resource.message) body = @http.post( @@ -105,7 +105,7 @@ class Chef end # Send a DELETE request to new_resource.url - def action_delete + action :delete do converge_by("#{new_resource} DELETE to #{new_resource.url}") do body = @http.delete( (new_resource.url).to_s, diff --git a/lib/chef/provider/ifconfig.rb b/lib/chef/provider/ifconfig.rb index 71b64169c2..79f5bb78fe 100644 --- a/lib/chef/provider/ifconfig.rb +++ b/lib/chef/provider/ifconfig.rb @@ -39,6 +39,10 @@ class Chef attr_accessor :config_template attr_accessor :config_path + # @api private + # @return [String] the major.minor of the net-tools version as a string + attr_accessor :ifconfig_version + def initialize(new_resource, run_context) super(new_resource, run_context) @config_template = nil @@ -54,15 +58,20 @@ class Chef @ifconfig_version = nil @net_tools_version = shell_out("ifconfig", "--version") + @net_tools_version.stdout.each_line do |line| + if line =~ /^net-tools (\d+\.\d+)/ + @ifconfig_version = line.match(/^net-tools (\d+\.\d+)/)[1] + end + end @net_tools_version.stderr.each_line do |line| - if line =~ /^net-tools (\d+.\d+)/ - @ifconfig_version = line.match(/^net-tools (\d+.\d+)/)[1] + if line =~ /^net-tools (\d+\.\d+)/ + @ifconfig_version = line.match(/^net-tools (\d+\.\d+)/)[1] end end if @ifconfig_version.nil? raise "net-tools not found - this is required for ifconfig" - elsif @ifconfig_version.to_f < 2.0 + elsif @ifconfig_version.to_i < 2 # Example output for 1.60 is as follows: (sanitized but format intact) # eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 # inet addr:192.168.1.1 Bcast:192.168.0.1 Mask:255.255.248.0 @@ -99,7 +108,7 @@ class Chef current_resource.mtu(@interface["mtu"]) current_resource.metric(@interface["metric"]) end - elsif @ifconfig_version.to_f >= 2.0 + elsif @ifconfig_version.to_i >= 2 # Example output for 2.10-alpha is as follows: (sanitized but format intact) # eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 # inet 192.168.1.1 netmask 255.255.240.0 broadcast 192.168.0.1 @@ -162,7 +171,7 @@ class Chef end end - def action_add + action :add do # check to see if load_current_resource found interface in ifconfig unless current_resource.inet_addr unless new_resource.device == loopback_device @@ -177,7 +186,7 @@ class Chef generate_config end - def action_enable + action :enable do # check to see if load_current_resource found ifconfig # enables, but does not manage config files return if current_resource.inet_addr @@ -190,7 +199,7 @@ class Chef end end - def action_delete + action :delete do # check to see if load_current_resource found the interface if current_resource.device command = delete_command @@ -204,7 +213,7 @@ class Chef delete_config end - def action_disable + action :disable do # check to see if load_current_resource found the interface # disables, but leaves config files in place. if current_resource.device diff --git a/lib/chef/provider/launchd.rb b/lib/chef/provider/launchd.rb index 4f20a417a6..b33ba097bb 100644 --- a/lib/chef/provider/launchd.rb +++ b/lib/chef/provider/launchd.rb @@ -55,15 +55,15 @@ class Chef types[type] end - def action_create + action :create do manage_plist(:create) end - def action_create_if_missing + action :create_if_missing do manage_plist(:create_if_missing) end - def action_delete + action :delete do # If you delete a service you want to make sure its not loaded or # the service will be in memory and you wont be able to stop it. if ::File.exists?(@path) @@ -72,7 +72,7 @@ class Chef manage_plist(:delete) end - def action_enable + action :enable do if manage_plist(:create) manage_service(:restart) else @@ -80,11 +80,11 @@ class Chef end end - def action_disable + action :disable do manage_service(:disable) end - def action_restart + action :restart do manage_service(:restart) end @@ -194,7 +194,7 @@ class Chef "environment_variables" => "EnvironmentVariables", "exit_timeout" => "ExitTimeout", "ld_group" => "GroupName", - "hard_resource_limits" => "HardreSourceLimits", + "hard_resource_limits" => "HardResourceLimits", "inetd_compatibility" => "inetdCompatibility", "init_groups" => "InitGroups", "keep_alive" => "KeepAlive", diff --git a/lib/chef/provider/link.rb b/lib/chef/provider/link.rb index f69d5cb01e..636e2c0472 100644 --- a/lib/chef/provider/link.rb +++ b/lib/chef/provider/link.rb @@ -85,7 +85,7 @@ class Chef ChefUtils.windows? ? path.tr("/", '\\') : path end - def action_create + action :create do # current_resource is the symlink that currently exists # new_resource is the symlink we need to create # to - the location to link to @@ -141,7 +141,7 @@ class Chef end end - def action_delete + action :delete do if current_resource.to # Exists if ChefUtils.windows? && ::File.directory?(current_resource.target_file) converge_by("delete link to dir at #{new_resource.target_file}") do diff --git a/lib/chef/provider/log.rb b/lib/chef/provider/log.rb deleted file mode 100644 index f0943f9795..0000000000 --- a/lib/chef/provider/log.rb +++ /dev/null @@ -1,43 +0,0 @@ -# -# Author:: Cary Penniman (<cary@rightscale.com>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class Chef - class Provider - class Log - # Chef log provider, allows logging to chef's logs - class ChefLog < Chef::Provider - provides :log, target_mode: true - - # No concept of a 'current' resource for logs, this is a no-op - # - # @return [true] Always returns true - def load_current_resource - true - end - - # Write the log to Chef's log - # - # @return [true] Always returns true - def action_write - logger.send(new_resource.level, new_resource.message) - new_resource.updated_by_last_action(true) if Chef::Config[:count_log_resource_updates] - end - end - end - end -end diff --git a/lib/chef/provider/mdadm.rb b/lib/chef/provider/mdadm.rb deleted file mode 100644 index c5df1d0724..0000000000 --- a/lib/chef/provider/mdadm.rb +++ /dev/null @@ -1,85 +0,0 @@ -# -# Author:: Joe Williams (<joe@joetify.com>) -# Copyright:: Copyright 2009-2016, Joe Williams -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../log" -require_relative "../provider" - -class Chef - class Provider - class Mdadm < Chef::Provider - - provides :mdadm - - def load_current_resource - @current_resource = Chef::Resource::Mdadm.new(new_resource.name) - current_resource.raid_device(new_resource.raid_device) - logger.trace("#{new_resource} checking for software raid device #{current_resource.raid_device}") - - device_not_found = 4 - mdadm = shell_out!("mdadm", "--detail", "--test", new_resource.raid_device, returns: [0, device_not_found]) - exists = (mdadm.status == 0) - current_resource.exists(exists) - end - - def action_create - unless current_resource.exists - converge_by("create RAID device #{new_resource.raid_device}") do - command = "yes | mdadm --create #{new_resource.raid_device} --level #{new_resource.level}" - command << " --chunk=#{new_resource.chunk}" unless new_resource.level == 1 - command << " --metadata=#{new_resource.metadata}" - command << " --bitmap=#{new_resource.bitmap}" if new_resource.bitmap - command << " --layout=#{new_resource.layout}" if new_resource.layout - command << " --raid-devices #{new_resource.devices.length} #{new_resource.devices.join(" ")}" - logger.trace("#{new_resource} mdadm command: #{command}") - shell_out!(command) - logger.info("#{new_resource} created raid device (#{new_resource.raid_device})") - end - else - logger.trace("#{new_resource} raid device already exists, skipping create (#{new_resource.raid_device})") - end - end - - def action_assemble - unless current_resource.exists - converge_by("assemble RAID device #{new_resource.raid_device}") do - command = "yes | mdadm --assemble #{new_resource.raid_device} #{new_resource.devices.join(" ")}" - logger.trace("#{new_resource} mdadm command: #{command}") - shell_out!(command) - logger.info("#{new_resource} assembled raid device (#{new_resource.raid_device})") - end - else - logger.trace("#{new_resource} raid device already exists, skipping assemble (#{new_resource.raid_device})") - end - end - - def action_stop - if current_resource.exists - converge_by("stop RAID device #{new_resource.raid_device}") do - command = "yes | mdadm --stop #{new_resource.raid_device}" - logger.trace("#{new_resource} mdadm command: #{command}") - shell_out!(command) - logger.info("#{new_resource} stopped raid device (#{new_resource.raid_device})") - end - else - logger.trace("#{new_resource} raid device doesn't exist (#{new_resource.raid_device}) - not stopping") - end - end - - end - end -end diff --git a/lib/chef/provider/mount.rb b/lib/chef/provider/mount.rb index f7843319f0..76c0bd155f 100644 --- a/lib/chef/provider/mount.rb +++ b/lib/chef/provider/mount.rb @@ -37,7 +37,7 @@ class Chef self.unmount_retries = 20 end - def action_mount + action :mount do unless current_resource.mounted converge_by("mount #{current_resource.device} to #{current_resource.mount_point}") do mount_fs @@ -48,7 +48,7 @@ class Chef end end - def action_umount + action :umount do if current_resource.mounted converge_by("unmount #{current_resource.device}") do umount_fs @@ -59,7 +59,7 @@ class Chef end end - def action_remount + action :remount do if current_resource.mounted if new_resource.supports[:remount] converge_by("remount #{current_resource.device}") do @@ -82,7 +82,7 @@ class Chef end end - def action_enable + action :enable do unless current_resource.enabled && mount_options_unchanged? && device_unchanged? converge_by("enable #{current_resource.device}") do enable_fs @@ -93,7 +93,7 @@ class Chef end end - def action_disable + action :disable do if current_resource.enabled converge_by("disable #{current_resource.device}") do disable_fs diff --git a/lib/chef/provider/mount/mount.rb b/lib/chef/provider/mount/mount.rb index 17b357ec70..00acb556b0 100644 --- a/lib/chef/provider/mount/mount.rb +++ b/lib/chef/provider/mount/mount.rb @@ -157,7 +157,7 @@ class Chef # Return appropriate default mount options according to the given os. def default_mount_options - node[:os] == "linux" ? "defaults" : "rw" + linux? ? "defaults" : "rw" end def enable_fs diff --git a/lib/chef/provider/osx_profile.rb b/lib/chef/provider/osx_profile.rb index f05cd198e3..1a5484ccbf 100644 --- a/lib/chef/provider/osx_profile.rb +++ b/lib/chef/provider/osx_profile.rb @@ -95,7 +95,7 @@ class Chef end end - def action_install + action :install do unless profile_installed? converge_by("install profile #{@new_profile_identifier}") do profile_path = write_profile_to_disk @@ -105,7 +105,7 @@ class Chef end end - def action_remove + action :remove do # Clean up profile after removing it if profile_installed? converge_by("remove profile #{@new_profile_identifier}") do diff --git a/lib/chef/provider/package.rb b/lib/chef/provider/package.rb index 5ccb264adf..bf3e179937 100644 --- a/lib/chef/provider/package.rb +++ b/lib/chef/provider/package.rb @@ -189,7 +189,7 @@ class Chef end end - def action_lock + action :lock do packages_locked = if respond_to?(:packages_all_locked?, true) packages_all_locked?(Array(new_resource.package_name), Array(new_resource.version)) else @@ -208,7 +208,7 @@ class Chef end end - def action_unlock + action :unlock do packages_unlocked = if respond_to?(:packages_all_unlocked?, true) packages_all_unlocked?(Array(new_resource.package_name), Array(new_resource.version)) else diff --git a/lib/chef/provider/package/cab.rb b/lib/chef/provider/package/cab.rb index fd099811e0..cce267879d 100644 --- a/lib/chef/provider/package/cab.rb +++ b/lib/chef/provider/package/cab.rb @@ -1,6 +1,6 @@ # # Author:: Vasundhara Jagdale (<vasundhara.jagdale@msystechnologies.com>) -# Copyright:: Copyright 2015-2016, Chef Software, Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,6 +21,7 @@ require_relative "../../resource/cab_package" require_relative "../../mixin/shell_out" require_relative "../../mixin/uris" require_relative "../../mixin/checksum" +require "cgi" unless defined?(CGI) class Chef class Provider @@ -45,13 +46,11 @@ class Chef end def download_source_file - source_resource.run_action(:create) - logger.trace("#{new_resource} fetched source file to #{source_resource.path}") source_resource.path end def source_resource - @source_resource ||= declare_resource(:remote_file, new_resource.name) do + declare_resource(:remote_file, new_resource.name) do path default_download_cache_path source new_resource.source backup false @@ -60,7 +59,7 @@ class Chef def default_download_cache_path uri = ::URI.parse(new_resource.source) - filename = ::File.basename(::URI.unescape(uri.path)) + filename = ::File.basename(::CGI.unescape(uri.path)) file_cache_dir = Chef::FileCache.create_cache_path("package/") Chef::Util::PathHelper.cleanpath("#{file_cache_dir}/#{filename}") end diff --git a/lib/chef/provider/package/chocolatey.rb b/lib/chef/provider/package/chocolatey.rb index fe90650846..32b1c9e256 100644 --- a/lib/chef/provider/package/chocolatey.rb +++ b/lib/chef/provider/package/chocolatey.rb @@ -17,13 +17,11 @@ require_relative "../package" require_relative "../../resource/chocolatey_package" -require_relative "../../mixin/powershell_out" class Chef class Provider class Package class Chocolatey < Chef::Provider::Package - include Chef::Mixin::PowershellOut provides :chocolatey_package diff --git a/lib/chef/provider/package/dnf/dnf_helper.py b/lib/chef/provider/package/dnf/dnf_helper.py index 0859348212..4ec343efac 100644 --- a/lib/chef/provider/package/dnf/dnf_helper.py +++ b/lib/chef/provider/package/dnf/dnf_helper.py @@ -17,6 +17,7 @@ def get_sack(): conf = base.conf conf.read() conf.installroot = '/' + conf.assumeyes = True subst = conf.substitutions subst.update_from_etc(conf.installroot) try: diff --git a/lib/chef/provider/package/homebrew.rb b/lib/chef/provider/package/homebrew.rb index 3d60ee4380..700fc8f721 100644 --- a/lib/chef/provider/package/homebrew.rb +++ b/lib/chef/provider/package/homebrew.rb @@ -2,8 +2,7 @@ # Author:: Joshua Timberman (<joshua@chef.io>) # Author:: Graeme Mathieson (<mathie@woss.name>) # -# Copyright 2011-2016, Chef Software Inc. -# Copyright 2014-2016, Chef Software, Inc <legal@chef.io> +# Copyright:: 2011-2016, Chef Software, Inc <legal@chef.io> # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/lib/chef/provider/package/msu.rb b/lib/chef/provider/package/msu.rb index a00b3f3471..76ea89060d 100644 --- a/lib/chef/provider/package/msu.rb +++ b/lib/chef/provider/package/msu.rb @@ -1,6 +1,6 @@ # # Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>) -# Copyright:: Copyright 2015-2016, Chef Software, Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,6 +27,7 @@ require_relative "cab" require_relative "../../util/path_helper" require_relative "../../mixin/uris" require_relative "../../mixin/checksum" +require "cgi" unless defined?(CGI) class Chef class Provider @@ -99,7 +100,7 @@ class Chef def default_download_cache_path uri = ::URI.parse(new_resource.source) - filename = ::File.basename(::URI.unescape(uri.path)) + filename = ::File.basename(::CGI.unescape(uri.path)) file_cache_dir = Chef::FileCache.create_cache_path("package/") Chef::Util::PathHelper.cleanpath("#{file_cache_dir}/#{filename}") end diff --git a/lib/chef/provider/package/rubygems.rb b/lib/chef/provider/package/rubygems.rb index 876a90392c..60df50ddd3 100644 --- a/lib/chef/provider/package/rubygems.rb +++ b/lib/chef/provider/package/rubygems.rb @@ -403,7 +403,7 @@ class Chef "Gem options must be passed to gem_package as a string instead of a hash when", "using this installation of #{Chef::Dist::PRODUCT} because it runs with its own packaged Ruby. A hash", "may only be used when installing a gem to the same Ruby installation that #{Chef::Dist::PRODUCT} is", - "running under. See https://docs.chef.io/resource_gem_package.html for more information.", + "running under. See https://docs.chef.io/resources/gem_package/ for more information.", "Error raised at #{new_resource} from #{new_resource.source_line}", ].join("\n") raise ArgumentError, msg diff --git a/lib/chef/provider/package/windows.rb b/lib/chef/provider/package/windows.rb index d21c6576b6..52616f0702 100644 --- a/lib/chef/provider/package/windows.rb +++ b/lib/chef/provider/package/windows.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2014-2018, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,6 +21,7 @@ require_relative "../../resource/windows_package" require_relative "../package" require_relative "../../util/path_helper" require_relative "../../mixin/checksum" +require "cgi" unless defined?(CGI) class Chef class Provider @@ -138,7 +139,7 @@ class Chef end end - def action_install + action :install do if uri_scheme?(new_resource.source) download_source_file load_current_resource @@ -277,7 +278,7 @@ class Chef def default_download_cache_path uri = ::URI.parse(new_resource.source) - filename = ::File.basename(::URI.unescape(uri.path)) + filename = ::File.basename(::CGI.unescape(uri.path)) file_cache_dir = Chef::FileCache.create_cache_path("package/") Chef::Util::PathHelper.cleanpath("#{file_cache_dir}/#{filename}") end diff --git a/lib/chef/provider/package/windows/msi.rb b/lib/chef/provider/package/windows/msi.rb index 9efb8fde66..0bf5f64482 100644 --- a/lib/chef/provider/package/windows/msi.rb +++ b/lib/chef/provider/package/windows/msi.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2014-2017, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,7 +18,7 @@ # TODO: Allow new_resource.source to be a Product Code as a GUID for uninstall / network install -require_relative "../../../win32/api/installer" if (RUBY_PLATFORM =~ /mswin|mingw32|windows/) && Chef::Platform.supports_msi? +require_relative "../../../win32/api/installer" if RUBY_PLATFORM =~ /mswin|mingw32|windows/ require_relative "../../../mixin/shell_out" class Chef @@ -26,7 +26,7 @@ class Chef class Package class Windows class MSI - include Chef::ReservedNames::Win32::API::Installer if (RUBY_PLATFORM =~ /mswin|mingw32|windows/) && Chef::Platform.supports_msi? + include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM =~ /mswin|mingw32|windows/ include Chef::Mixin::ShellOut def initialize(resource, uninstall_entries) diff --git a/lib/chef/provider/package/yum/python_helper.rb b/lib/chef/provider/package/yum/python_helper.rb index c893827a60..19c0b0a474 100644 --- a/lib/chef/provider/package/yum/python_helper.rb +++ b/lib/chef/provider/package/yum/python_helper.rb @@ -88,9 +88,9 @@ class Chef def install_only_packages(name) query_output = query("installonlypkgs", { "package" => name }) if query_output == "False" - return false + false elsif query_output == "True" - return true + true end end diff --git a/lib/chef/provider/package/yum/rpm_utils.rb b/lib/chef/provider/package/yum/rpm_utils.rb index 29a1c2a480..4810295a61 100644 --- a/lib/chef/provider/package/yum/rpm_utils.rb +++ b/lib/chef/provider/package/yum/rpm_utils.rb @@ -209,9 +209,9 @@ class Chef # the most unprocessed characters left wins if (x_pos_max - x_pos) > (y_pos_max - y_pos) - return 1 + 1 else - return -1 + -1 end end @@ -522,9 +522,9 @@ class Chef def lookup(package_name) pkgs = @rpms[package_name] if pkgs - return pkgs.sort.reverse + pkgs.sort.reverse else - return nil + nil end end diff --git a/lib/chef/provider/package/zypper.rb b/lib/chef/provider/package/zypper.rb index 6d464a1930..47fe7514ee 100644 --- a/lib/chef/provider/package/zypper.rb +++ b/lib/chef/provider/package/zypper.rb @@ -3,7 +3,7 @@ # Authors:: Adam Jacob (<adam@chef.io>) # Ionuț Arțăriși (<iartarisi@suse.cz>) # Copyright:: Copyright 2008-2017, Chef Software Inc. -# Copyright 2013-2016, SUSE Linux GmbH +# Copyright:: 2013-2016, SUSE Linux GmbH # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/provider/powershell_script.rb b/lib/chef/provider/powershell_script.rb index 418948e614..00cc450253 100644 --- a/lib/chef/provider/powershell_script.rb +++ b/lib/chef/provider/powershell_script.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,9 +30,9 @@ class Chef add_exit_status_wrapper end - def action_run + action :run do validate_script_syntax! - super + super() end def command @@ -47,14 +47,7 @@ class Chef # error status of a failed Windows process that ran at the # end of the script, it gets changed to '1'. # - # Nano only supports -Command - cmd = "\"#{interpreter_path}\" #{new_resource.flags}" - if Chef::Platform.windows_nano_server? - cmd << " -Command \". '#{script_file.path}'\"" - else - cmd << " -File \"#{script_file.path}\"" - end - cmd + "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file.path}\"" end protected diff --git a/lib/chef/provider/reboot.rb b/lib/chef/provider/reboot.rb deleted file mode 100644 index 7fd3c32d53..0000000000 --- a/lib/chef/provider/reboot.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Author:: Chris Doherty <cdoherty@chef.io>) -# Copyright:: Copyright 2014-2016, Chef, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative "../log" -require_relative "../provider" - -class Chef - class Provider - # Use the reboot resource to reboot a node, a necessary step with some - # installations on certain platforms. This resource is supported for use on - # the Microsoft Windows, macOS, and Linux platforms. - # - # In using this resource via notifications, it's important to *only* use - # immediate notifications. Delayed notifications produce unintuitive and - # probably undesired results. - # - # @since 12.0.0 - class Reboot < Chef::Provider - provides :reboot - - # @return [void] - def load_current_resource - @current_resource ||= Chef::Resource::Reboot.new(new_resource.name) - current_resource.reason(new_resource.reason) - current_resource.delay_mins(new_resource.delay_mins) - current_resource - end - - # add a reboot to the node run_context - # @return [void] - def request_reboot - node.run_context.request_reboot( - delay_mins: new_resource.delay_mins, - reason: new_resource.reason, - timestamp: Time.now, - requested_by: new_resource.name - ) - end - - def action_request_reboot - converge_by("request a system reboot to occur if the run succeeds") do - logger.warn "Reboot requested:'#{new_resource.name}'" - request_reboot - end - end - - def action_reboot_now - converge_by("rebooting the system immediately") do - logger.warn "Rebooting system immediately, requested by '#{new_resource.name}'" - request_reboot - throw :end_client_run_early - end - end - - def action_cancel - converge_by("cancel any existing end-of-run reboot request") do - logger.warn "Reboot canceled: '#{new_resource.name}'" - node.run_context.cancel_reboot - end - end - end - end -end diff --git a/lib/chef/provider/registry_key.rb b/lib/chef/provider/registry_key.rb index c7489caea8..385dc326e4 100644 --- a/lib/chef/provider/registry_key.rb +++ b/lib/chef/provider/registry_key.rb @@ -113,7 +113,7 @@ class Chef end end - def action_create + action :create do unless registry.key_exists?(current_resource.key) converge_by("create key #{new_resource.key}") do registry.create_key(new_resource.key, new_resource.recursive) @@ -150,7 +150,7 @@ class Chef end end - def action_create_if_missing + action :create_if_missing do unless registry.key_exists?(new_resource.key) converge_by("create key #{new_resource.key}") do registry.create_key(new_resource.key, new_resource.recursive) @@ -171,7 +171,7 @@ class Chef end end - def action_delete + action :delete do if registry.key_exists?(new_resource.key) new_resource.unscrubbed_values.each do |value| if @name_hash.key?(value[:name].downcase) @@ -186,7 +186,7 @@ class Chef end end - def action_delete_key + action :delete_key do if registry.key_exists?(new_resource.key) converge_by("delete key #{new_resource.key}") do registry.delete_key(new_resource.key, new_resource.recursive) diff --git a/lib/chef/provider/remote_directory.rb b/lib/chef/provider/remote_directory.rb index 4d6039751d..724f7401e8 100644 --- a/lib/chef/provider/remote_directory.rb +++ b/lib/chef/provider/remote_directory.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -58,8 +58,8 @@ class Chef # Handle action :create. # - def action_create - super + action :create do + super() # Transfer files files_to_transfer.each do |cookbook_file_relative_path| @@ -73,7 +73,7 @@ class Chef # Handle action :create_if_missing. # - def action_create_if_missing + action :create_if_missing do # if this action is called, ignore the existing overwrite flag @overwrite = false action_create diff --git a/lib/chef/provider/remote_file.rb b/lib/chef/provider/remote_file.rb index a2506d6a15..e0a7dfb4d4 100644 --- a/lib/chef/provider/remote_file.rb +++ b/lib/chef/provider/remote_file.rb @@ -1,7 +1,7 @@ # # Author:: Jesse Campbell (<hikeit@gmail.com>) # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,7 +35,7 @@ class Chef requirements.assert(:all_actions) do |a| a.assertion do if prop - node[:platform_family] == "windows" + windows? else true end diff --git a/lib/chef/provider/remote_file/ftp.rb b/lib/chef/provider/remote_file/ftp.rb index eafebc9693..e2b32ddaf6 100644 --- a/lib/chef/provider/remote_file/ftp.rb +++ b/lib/chef/provider/remote_file/ftp.rb @@ -17,6 +17,7 @@ # require "uri" unless defined?(URI) +require "cgi" unless defined?(CGI) require "tempfile" unless defined?(Tempfile) require "net/ftp" require_relative "../remote_file" @@ -57,7 +58,7 @@ class Chef def user if uri.userinfo - URI.unescape(uri.user) + CGI.unescape(uri.user) else "anonymous" end @@ -65,7 +66,7 @@ class Chef def pass if uri.userinfo - URI.unescape(uri.password) + CGI.unescape(uri.password) else nil end diff --git a/lib/chef/provider/remote_file/local_file.rb b/lib/chef/provider/remote_file/local_file.rb index f76c475b1e..c68c4eecd5 100644 --- a/lib/chef/provider/remote_file/local_file.rb +++ b/lib/chef/provider/remote_file/local_file.rb @@ -17,6 +17,7 @@ # require "uri" unless defined?(URI) +require "cgi" unless defined?(CGI) require "tempfile" unless defined?(Tempfile) require_relative "../remote_file" @@ -40,7 +41,7 @@ class Chef def source_path @source_path ||= begin - path = URI.unescape(uri.path) + path = CGI.unescape(uri.path) ChefUtils.windows? ? fix_windows_path(path) : path end end diff --git a/lib/chef/provider/remote_file/sftp.rb b/lib/chef/provider/remote_file/sftp.rb index 3da49ebedd..43654bd67c 100644 --- a/lib/chef/provider/remote_file/sftp.rb +++ b/lib/chef/provider/remote_file/sftp.rb @@ -17,6 +17,7 @@ # require "uri" unless defined?(URI) +require "cgi" unless defined?(CGI) require "tempfile" unless defined?(Tempfile) require "net/sftp" require_relative "../remote_file" @@ -47,7 +48,7 @@ class Chef end def user - URI.unescape(uri.user) + CGI.unescape(uri.user) end def fetch @@ -62,7 +63,7 @@ class Chef end def pass - URI.unescape(uri.password) + CGI.unescape(uri.password) end def validate_path! diff --git a/lib/chef/provider/route.rb b/lib/chef/provider/route.rb index 009c57e546..cd0dd682ae 100644 --- a/lib/chef/provider/route.rb +++ b/lib/chef/provider/route.rb @@ -1,6 +1,7 @@ # # Author:: Bryan McLellan (btm@loftninjas.org), Jesse Nelson (spheromak@gmail.com) # Copyright:: Copyright 2009-2016, Bryan McLellan +# Copyright:: Copyright 2020-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -78,7 +79,7 @@ class Chef IPAddr.new(ip, Socket::AF_INET).to_s rescue ArgumentError logger.trace("Invalid IP address data: hex=#{hex_ip}, ip=#{ip}") - return nil + nil end end @@ -95,7 +96,7 @@ class Chef end # For linux, we use /proc/net/route file to read proc table info - return if node[:os] != "linux" + return unless linux? route_file = ::File.open("/proc/net/route", "r") @@ -127,7 +128,7 @@ class Chef route_file.close end - def action_add + action :add do # check to see if load_current_resource found the route if is_running logger.trace("#{new_resource} route already active - nothing to do") @@ -143,7 +144,7 @@ class Chef generate_config end - def action_delete + action :delete do if is_running command = generate_command(:delete) converge_by("run #{command.join(" ")} to delete route ") do @@ -159,11 +160,12 @@ class Chef end def generate_config - case node[:platform_family] - when "rhel", "amazon", "fedora" + if platform_family?("rhel", "amazon", "fedora") conf = {} + # FIXME FIXME FIXME FIXME: whatever this walking-the-run-context API is, it needs to be removed. # walk the collection - run_context.resource_collection.each do |resource| + rc = run_context.parent_run_context || run_context + rc.resource_collection.each do |resource| next unless resource.is_a? Chef::Resource::Route # default to eth0 diff --git a/lib/chef/provider/ruby_block.rb b/lib/chef/provider/ruby_block.rb index f5efc42054..f965445d9f 100644 --- a/lib/chef/provider/ruby_block.rb +++ b/lib/chef/provider/ruby_block.rb @@ -26,7 +26,7 @@ class Chef true end - def action_run + action :run do converge_by("execute the ruby block #{new_resource.name}") do new_resource.block.call logger.info("#{new_resource} called") diff --git a/lib/chef/provider/script.rb b/lib/chef/provider/script.rb index 6124615eaa..ee689ad615 100644 --- a/lib/chef/provider/script.rb +++ b/lib/chef/provider/script.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -51,13 +51,13 @@ class Chef super end - def action_run + action :run do script_file.puts(code) script_file.close set_owner_and_group - super + super() unlink_script_file end diff --git a/lib/chef/provider/service.rb b/lib/chef/provider/service.rb index c9662b7ba4..90f80045aa 100644 --- a/lib/chef/provider/service.rb +++ b/lib/chef/provider/service.rb @@ -80,7 +80,7 @@ class Chef end end - def action_enable + action :enable do if current_resource.enabled logger.trace("#{new_resource} already enabled - nothing to do") else @@ -93,7 +93,7 @@ class Chef new_resource.enabled(true) end - def action_disable + action :disable do if current_resource.enabled converge_by("disable service #{new_resource}") do disable_service @@ -106,7 +106,7 @@ class Chef new_resource.enabled(false) end - def action_mask + action :mask do if current_resource.masked logger.trace("#{new_resource} already masked - nothing to do") else @@ -119,7 +119,7 @@ class Chef new_resource.masked(true) end - def action_unmask + action :unmask do if current_resource.masked converge_by("unmask service #{new_resource}") do unmask_service @@ -132,7 +132,7 @@ class Chef new_resource.masked(false) end - def action_start + action :start do unless current_resource.running converge_by("start service #{new_resource}") do start_service @@ -145,7 +145,7 @@ class Chef new_resource.running(true) end - def action_stop + action :stop do if current_resource.running converge_by("stop service #{new_resource}") do stop_service @@ -158,7 +158,7 @@ class Chef new_resource.running(false) end - def action_restart + action :restart do converge_by("restart service #{new_resource}") do restart_service logger.info("#{new_resource} restarted") @@ -167,7 +167,7 @@ class Chef new_resource.running(true) end - def action_reload + action :reload do if current_resource.running converge_by("reload service #{new_resource}") do reload_service diff --git a/lib/chef/provider/service/aixinit.rb b/lib/chef/provider/service/aixinit.rb index 05cdc2befe..ab84f6daa6 100644 --- a/lib/chef/provider/service/aixinit.rb +++ b/lib/chef/provider/service/aixinit.rb @@ -38,7 +38,7 @@ class Chef @current_resource end - def action_enable + action :enable do if @new_resource.priority.nil? priority_ok = true else diff --git a/lib/chef/provider/service/debian.rb b/lib/chef/provider/service/debian.rb index 19e8823fb6..e6987db305 100644 --- a/lib/chef/provider/service/debian.rb +++ b/lib/chef/provider/service/debian.rb @@ -1,6 +1,6 @@ # # Author:: AJ Christensen (<aj@hjksolutions.com>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -130,7 +130,7 @@ class Chef end # Override method from parent to ensure priority is up-to-date - def action_enable + action :enable do if new_resource.priority.nil? priority_ok = true else @@ -149,44 +149,46 @@ class Chef end def enable_service - if new_resource.priority.is_a? Integer - shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") - shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} defaults #{new_resource.priority} #{100 - new_resource.priority}") - elsif new_resource.priority.is_a? Hash - # we call the same command regardless of we're enabling or disabling - # users passing a Hash are responsible for setting their own start priorities + # We call the same command regardless if we're enabling or disabling + # Users passing a Hash are responsible for setting their own stop priorities + if new_resource.priority.is_a? Hash set_priority - else # No priority, go with update-rc.d defaults - shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") - shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} defaults") + return end + + start_priority = new_resource.priority.is_a?(Integer) ? new_resource.priority : 20 + # Stop processes in reverse order of start using '100 - start_priority'. + stop_priority = 100 - start_priority + + shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") + shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} defaults #{start_priority} #{stop_priority}") end def disable_service - if new_resource.priority.is_a? Integer - # Stop processes in reverse order of start using '100 - start_priority' - shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") - shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} stop #{100 - new_resource.priority} 2 3 4 5 .") - elsif new_resource.priority.is_a? Hash - # we call the same command regardless of we're enabling or disabling - # users passing a Hash are responsible for setting their own stop priorities + if new_resource.priority.is_a? Hash + # We call the same command regardless if we're enabling or disabling + # Users passing a Hash are responsible for setting their own stop priorities set_priority - else - # no priority, using '100 - 20 (update-rc.d default)' to stop in reverse order of start - shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") - shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} stop 80 2 3 4 5 .") + return end + + shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") + shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} defaults") + shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} disable") end def set_priority - args = "" - new_resource.priority.each do |level, o| - action = o[0] - priority = o[1] - args += "#{action} #{priority} #{level} . " - end shell_out!("/usr/sbin/update-rc.d -f #{new_resource.service_name} remove") - shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} #{args}") + + # Reset priorities to default values before applying customizations. This way + # the final state will always be consistent, regardless if all runlevels were + # provided. + shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} defaults") + new_resource.priority.each do |level, (action, _priority)| + disable_or_enable = (action == :start ? "enable" : "disable") + + shell_out!("/usr/sbin/update-rc.d #{new_resource.service_name} #{disable_or_enable} #{level}") + end end end end diff --git a/lib/chef/provider/service/macosx.rb b/lib/chef/provider/service/macosx.rb index 746581df73..2c74cb2629 100644 --- a/lib/chef/provider/service/macosx.rb +++ b/lib/chef/provider/service/macosx.rb @@ -1,6 +1,7 @@ # # Author:: Igor Afonov <afonov@gmail.com> # Copyright:: Copyright 2011-2016, Igor Afonov +# Copyright:: Copyright 2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -42,10 +43,6 @@ class Chef PLIST_DIRS = gather_plist_dirs - def this_version_or_newer?(this_version) - Gem::Version.new(node["platform_version"]) >= Gem::Version.new(this_version) - end - def load_current_resource @current_resource = Chef::Resource::MacosxService.new(@new_resource.name) @current_resource.service_name(@new_resource.service_name) @@ -59,10 +56,8 @@ class Chef if @console_user @console_user = Etc.getpwuid(::File.stat("/dev/console").uid).name logger.trace("#{new_resource} console_user: '#{@console_user}'") - cmd = "su " - param = this_version_or_newer?("10.10") ? "" : "-l " - param = "-l " if this_version_or_newer?("10.12") - @base_user_cmd = cmd + param + "#{@console_user} -c" + cmd = "su -l" + @base_user_cmd = cmd + "#{@console_user} -c" # Default LaunchAgent session should be Aqua @session_type = "Aqua" if @session_type.nil? end @@ -140,10 +135,10 @@ class Chef end end - # On OS/X, enabling a service has the side-effect of starting it, + # On macOS, enabling a service has the side-effect of starting it, # and disabling a service has the side-effect of stopping it. # - # This makes some sense on OS/X since launchctl is an "init"-style + # This makes some sense on macOS since launchctl is an "init"-style # supervisor that will restart daemons that are crashing, etc. def enable_service if @current_resource.enabled diff --git a/lib/chef/provider/service/systemd.rb b/lib/chef/provider/service/systemd.rb index c19a3166a4..f7591c06c3 100644 --- a/lib/chef/provider/service/systemd.rb +++ b/lib/chef/provider/service/systemd.rb @@ -1,7 +1,7 @@ # # Author:: Stephen Haynes (<sh@nomitor.com>) # Author:: Davide Cavalca (<dcavalca@fb.com>) -# Copyright:: Copyright 2011-2019, Chef Software Inc. +# Copyright:: Copyright 2011-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -104,7 +104,7 @@ class Chef::Provider::Service::Systemd < Chef::Provider::Service::Simple super else options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} start #{Shellwords.escape(new_resource.service_name)}", default_env: false, **options) + shell_out!(systemctl_path, args, "start", new_resource.service_name, default_env: false, **options) end end end @@ -117,7 +117,7 @@ class Chef::Provider::Service::Systemd < Chef::Provider::Service::Simple super else options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} stop #{Shellwords.escape(new_resource.service_name)}", default_env: false, **options) + shell_out!(systemctl_path, args, "stop", new_resource.service_name, default_env: false, **options) end end end @@ -127,7 +127,7 @@ class Chef::Provider::Service::Systemd < Chef::Provider::Service::Simple super else options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} restart #{Shellwords.escape(new_resource.service_name)}", default_env: false, **options) + shell_out!(systemctl_path, args, "restart", new_resource.service_name, default_env: false, **options) end end @@ -137,7 +137,7 @@ class Chef::Provider::Service::Systemd < Chef::Provider::Service::Simple else if current_resource.running options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} reload #{Shellwords.escape(new_resource.service_name)}", default_env: false, **options) + shell_out!(systemctl_path, args, "reload", new_resource.service_name, default_env: false, **options) else start_service end @@ -150,7 +150,7 @@ class Chef::Provider::Service::Systemd < Chef::Provider::Service::Simple return end options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} enable #{Shellwords.escape(new_resource.service_name)}", **options) + shell_out!(systemctl_path, args, "enable", new_resource.service_name, **options) end def disable_service @@ -159,38 +159,38 @@ class Chef::Provider::Service::Systemd < Chef::Provider::Service::Simple return end options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} disable #{Shellwords.escape(new_resource.service_name)}", **options) + shell_out!(systemctl_path, args, "disable", new_resource.service_name, **options) end def mask_service options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} mask #{Shellwords.escape(new_resource.service_name)}", **options) + shell_out!(systemctl_path, args, "mask", new_resource.service_name, **options) end def unmask_service options, args = get_systemctl_options_args - shell_out!("#{systemctl_path} #{args} unmask #{Shellwords.escape(new_resource.service_name)}", **options) + shell_out!(systemctl_path, args, "unmask", new_resource.service_name, **options) end def is_active? options, args = get_systemctl_options_args - shell_out("#{systemctl_path} #{args} is-active #{Shellwords.escape(new_resource.service_name)} --quiet", **options).exitstatus == 0 + shell_out(systemctl_path, args, "is-active", new_resource.service_name, "--quiet", **options).exitstatus == 0 end def is_enabled? options, args = get_systemctl_options_args - shell_out("#{systemctl_path} #{args} is-enabled #{Shellwords.escape(new_resource.service_name)} --quiet", **options).exitstatus == 0 + shell_out(systemctl_path, args, "is-enabled", new_resource.service_name, "--quiet", **options).exitstatus == 0 end def is_indirect? options, args = get_systemctl_options_args - s = shell_out("#{systemctl_path} #{args} is-enabled #{Shellwords.escape(new_resource.service_name)}", **options) + s = shell_out(systemctl_path, args, "is-enabled", new_resource.service_name, **options) s.stdout.include?("indirect") end def is_masked? options, args = get_systemctl_options_args - s = shell_out("#{systemctl_path} #{args} is-enabled #{Shellwords.escape(new_resource.service_name)}", **options) + s = shell_out(systemctl_path, args, "is-enabled", new_resource.service_name, **options) s.exitstatus != 0 && s.stdout.include?("masked") end diff --git a/lib/chef/provider/service/windows.rb b/lib/chef/provider/service/windows.rb index 5074261e01..059c907039 100644 --- a/lib/chef/provider/service/windows.rb +++ b/lib/chef/provider/service/windows.rb @@ -217,7 +217,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service converge_delayed_start end - def action_enable + action :enable do if current_startup_type != :automatic converge_by("enable service #{@new_resource}") do enable_service @@ -230,7 +230,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service @new_resource.enabled(true) end - def action_disable + action :disable do if current_startup_type != :disabled converge_by("disable service #{@new_resource}") do disable_service @@ -243,7 +243,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service @new_resource.enabled(false) end - def action_configure_startup + action :configure_startup do startup_type = @new_resource.startup_type if current_startup_type != startup_type converge_by("set service #{@new_resource} startup type to #{startup_type}") do diff --git a/lib/chef/provider/subversion.rb b/lib/chef/provider/subversion.rb index 2f25ed5fc7..a215ac59fc 100644 --- a/lib/chef/provider/subversion.rb +++ b/lib/chef/provider/subversion.rb @@ -55,7 +55,7 @@ class Chef end end - def action_checkout + action :checkout do if target_dir_non_existent_or_empty? converge_by("perform checkout of #{new_resource.repository} into #{new_resource.destination}") do shell_out!(checkout_command, run_options) @@ -65,7 +65,7 @@ class Chef end end - def action_export + action :export do if target_dir_non_existent_or_empty? action_force_export else @@ -73,13 +73,13 @@ class Chef end end - def action_force_export + action :force_export do converge_by("export #{new_resource.repository} into #{new_resource.destination}") do shell_out!(export_command, run_options) end end - def action_sync + action :sync do assert_target_directory_valid! if ::File.exist?(::File.join(new_resource.destination, ".svn")) current_rev = find_current_revision diff --git a/lib/chef/provider/support/yum_repo.erb b/lib/chef/provider/support/yum_repo.erb index f60d8688da..7a55c1b7d2 100644 --- a/lib/chef/provider/support/yum_repo.erb +++ b/lib/chef/provider/support/yum_repo.erb @@ -6,7 +6,7 @@ name=<%= @config.description %> <% if @config.baseurl %> baseurl=<%= case @config.baseurl when Array - @config.baseurl.join("\n") + @config.baseurl.join("\n ") else @config.baseurl end %> diff --git a/lib/chef/provider/systemd_unit.rb b/lib/chef/provider/systemd_unit.rb index b7bd2b4e2d..c5cd9a1960 100644 --- a/lib/chef/provider/systemd_unit.rb +++ b/lib/chef/provider/systemd_unit.rb @@ -57,7 +57,7 @@ class Chef end end - def action_create + action :create do if current_resource.content != new_resource.to_ini converge_by("creating unit: #{new_resource.unit_name}") do manage_unit_file(:create) @@ -66,7 +66,7 @@ class Chef end end - def action_delete + action :delete do if ::File.exist?(unit_path) converge_by("deleting unit: #{new_resource.unit_name}") do manage_unit_file(:delete) @@ -75,19 +75,19 @@ class Chef end end - def action_preset + action :preset do converge_by("restoring enable/disable preset configuration for unit: #{new_resource.unit_name}") do systemctl_execute!(:preset, new_resource.unit_name) end end - def action_revert + action :revert do converge_by("reverting to vendor version of unit: #{new_resource.unit_name}") do systemctl_execute!(:revert, new_resource.unit_name) end end - def action_enable + action :enable do if current_resource.static logger.trace("#{new_resource.unit_name} is a static unit, enabling is a NOP.") end @@ -103,7 +103,7 @@ class Chef end end - def action_disable + action :disable do if current_resource.static logger.trace("#{new_resource.unit_name} is a static unit, disabling is a NOP.") end @@ -120,14 +120,14 @@ class Chef end end - def action_reenable + action :reenable do converge_by("reenabling unit: #{new_resource.unit_name}") do systemctl_execute!(:reenable, new_resource.unit_name) logger.info("#{new_resource} reenabled") end end - def action_mask + action :mask do unless current_resource.masked converge_by("masking unit: #{new_resource.unit_name}") do systemctl_execute!(:mask, new_resource.unit_name) @@ -136,7 +136,7 @@ class Chef end end - def action_unmask + action :unmask do if current_resource.masked converge_by("unmasking unit: #{new_resource.unit_name}") do systemctl_execute!(:unmask, new_resource.unit_name) @@ -145,7 +145,7 @@ class Chef end end - def action_start + action :start do unless current_resource.active converge_by("starting unit: #{new_resource.unit_name}") do systemctl_execute!(:start, new_resource.unit_name, default_env: false) @@ -154,7 +154,7 @@ class Chef end end - def action_stop + action :stop do if current_resource.active converge_by("stopping unit: #{new_resource.unit_name}") do systemctl_execute!(:stop, new_resource.unit_name, default_env: false) @@ -163,14 +163,14 @@ class Chef end end - def action_restart + action :restart do converge_by("restarting unit: #{new_resource.unit_name}") do systemctl_execute!(:restart, new_resource.unit_name, default_env: false) logger.info("#{new_resource} restarted") end end - def action_reload + action :reload do if current_resource.active converge_by("reloading unit: #{new_resource.unit_name}") do systemctl_execute!(:reload, new_resource.unit_name, default_env: false) @@ -181,21 +181,21 @@ class Chef end end - def action_try_restart + action :try_restart do converge_by("try-restarting unit: #{new_resource.unit_name}") do systemctl_execute!("try-restart", new_resource.unit_name, default_env: false) logger.info("#{new_resource} try-restarted") end end - def action_reload_or_restart + action :reload_or_restart do converge_by("reload-or-restarting unit: #{new_resource.unit_name}") do systemctl_execute!("reload-or-restart", new_resource.unit_name, default_env: false) logger.info("#{new_resource} reload-or-restarted") end end - def action_reload_or_try_restart + action :reload_or_try_restart do converge_by("reload-or-try-restarting unit: #{new_resource.unit_name}") do systemctl_execute!("reload-or-try-restart", new_resource.unit_name, default_env: false) logger.info("#{new_resource} reload-or-try-restarted") diff --git a/lib/chef/provider/user.rb b/lib/chef/provider/user.rb index 8c99e36dfc..481de6e4cb 100644 --- a/lib/chef/provider/user.rb +++ b/lib/chef/provider/user.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -116,7 +116,7 @@ class Chef false end - def action_create + action :create do if !@user_exists converge_by("create user #{new_resource.username}") do create_user @@ -130,7 +130,7 @@ class Chef end end - def action_remove + action :remove do return unless @user_exists converge_by("remove user #{new_resource.username}") do @@ -139,7 +139,7 @@ class Chef end end - def action_manage + action :manage do return unless @user_exists && compare_user converge_by("manage user #{new_resource.username}") do @@ -148,7 +148,7 @@ class Chef end end - def action_modify + action :modify do return unless compare_user converge_by("modify user #{new_resource.username}") do @@ -157,7 +157,7 @@ class Chef end end - def action_lock + action :lock do if check_lock == false converge_by("lock the user #{new_resource.username}") do lock_user @@ -168,7 +168,7 @@ class Chef end end - def action_unlock + action :unlock do if check_lock == true converge_by("unlock user #{new_resource.username}") do unlock_user diff --git a/lib/chef/provider/user/aix.rb b/lib/chef/provider/user/aix.rb index 8a170d276a..1e740909bc 100644 --- a/lib/chef/provider/user/aix.rb +++ b/lib/chef/provider/user/aix.rb @@ -110,7 +110,7 @@ class Chef return unless current_resource.password != new_resource.password && new_resource.password logger.trace("#{new_resource.username} setting password to #{new_resource.password}") - command = "echo '#{new_resource.username}:#{new_resource.password}' | chpasswd -e" + command = "echo '#{new_resource.username}:#{new_resource.password}' | chpasswd -c -e" shell_out!(command) end diff --git a/lib/chef/provider/user/dscl.rb b/lib/chef/provider/user/dscl.rb index 027f9eba38..687fc021da 100644 --- a/lib/chef/provider/user/dscl.rb +++ b/lib/chef/provider/user/dscl.rb @@ -1,6 +1,6 @@ # # Author:: Dreamcat4 (<dreamcat4@gmail.com>) -# Copyright:: Copyright 2009-2019, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/provider/user/linux.rb b/lib/chef/provider/user/linux.rb index d27dbcabd4..224c9f9803 100644 --- a/lib/chef/provider/user/linux.rb +++ b/lib/chef/provider/user/linux.rb @@ -28,7 +28,12 @@ class Chef end def manage_user - shell_out!("usermod", universal_options, usermod_options, new_resource.username) + manage_u = shell_out("usermod", universal_options, usermod_options, new_resource.username, returns: [0, 12]) + if manage_u.exitstatus == 12 && manage_u.stderr !~ /exists/ + raise Chef::Exceptions::User, "Unable to modify home directory for #{new_resource.username}" + end + + manage_u.error! end def remove_user diff --git a/lib/chef/provider/user/mac.rb b/lib/chef/provider/user/mac.rb index 7b12eaec3c..fb220b2128 100644 --- a/lib/chef/provider/user/mac.rb +++ b/lib/chef/provider/user/mac.rb @@ -1,6 +1,6 @@ # # Author:: Ryan Cragun (<ryan@chef.io>) -# Copyright:: Copyright (c) 2019, Chef Software Inc. +# Copyright:: Copyright (c) 2019-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -52,6 +52,10 @@ class Chef current_resource.shell(user_plist[:shell][0]) current_resource.comment(user_plist[:comment][0]) + if user_plist[:is_hidden] + current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false) + end + shadow_hash = user_plist[:shadow_hash] if shadow_hash current_resource.password(shadow_hash[0]["SALTED-SHA512-PBKDF2"]["entropy"].string.unpack("H*")[0]) @@ -92,6 +96,8 @@ class Chef @user_plist = Plist.new(::Plist.parse_xml(user_xml)) + return unless user_plist[:shadow_hash] + shadow_hash_hex = user_plist[:shadow_hash][0] return unless shadow_hash_hex && shadow_hash_hex != "" @@ -135,7 +141,7 @@ class Chef def create_user cmd = [-"-addUser", new_resource.username] cmd += ["-fullName", new_resource.comment] if prop_is_set?(:comment) - cmd += ["-UID", new_resource.uid] if prop_is_set?(:uid) + cmd += ["-UID", prop_is_set?(:uid) ? new_resource.uid : get_free_uid] cmd += ["-shell", new_resource.shell] cmd += ["-home", new_resource.home] cmd += ["-admin"] if new_resource.admin @@ -148,14 +154,12 @@ class Chef cmd += ["-adminPassword", new_resource.admin_password] end - converge_by "create user" do - # sysadminctl doesn't exit with a non-zero exit code if it encounters - # a problem. We'll check stderr and make sure we see that it finished - # correctly. - res = run_sysadminctl(cmd) - unless res.downcase =~ /creating user/ - raise Chef::Exceptions::User, "error when creating user: #{res}" - end + # sysadminctl doesn't exit with a non-zero exit code if it encounters + # a problem. We'll check stderr and make sure we see that it finished + # correctly. + res = run_sysadminctl(cmd) + unless res.downcase =~ /creating user/ + raise Chef::Exceptions::User, "error when creating user: #{res}" end # Wait for the user to show up in the ds cache @@ -165,6 +169,10 @@ class Chef reload_user_plist reload_admin_group_plist + if prop_is_set?(:hidden) + set_hidden + end + if prop_is_set?(:password) converge_by("set password") { set_password } end @@ -188,15 +196,15 @@ class Chef # group magement should be done outside of the core resource. group_name, group_id, group_action = user_group_info - declare_resource(:group, group_name) do + group group_name do members new_resource.username gid group_id if group_id - action :nothing + action group_action append true - end.run_action(group_action) + end converge_by("create primary group ID") do - run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", new_resource.gid) + run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", group_id) end end @@ -208,7 +216,7 @@ class Chef end def compare_user - %i{comment shell uid gid salt password admin secure_token}.any? { |m| diverged?(m) } + %i{comment shell uid gid salt password admin secure_token hidden}.any? { |m| diverged?(m) } end def manage_user @@ -238,16 +246,16 @@ class Chef if diverged?(:admin) converge_by("alter admin group membership") do - declare_resource(:group, "admin") do + group "admin" do if new_resource.admin members new_resource.username else excluded_members new_resource.username end - action :nothing + action :create append true - end.run_action(:create) + end admins = admin_group_plist[:group_members] if new_resource.admin @@ -263,16 +271,22 @@ class Chef end group_name, group_id, group_action = user_group_info - declare_resource(:group, group_name) do + group group_name do gid group_id if group_id members new_resource.username - action :nothing + action group_action append true - end.run_action(group_action) + end if diverged?(:gid) converge_by("alter group membership") do - run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", new_resource.gid) + run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", group_id) + end + end + + if diverged?(:hidden) + converge_by("alter hidden") do + set_hidden end end @@ -289,11 +303,9 @@ class Chef # sysadminctl doesn't exit with a non-zero exit code if it encounters # a problem. We'll check stderr and make sure we see that it finished - converge_by "remove user" do - res = run_sysadminctl(cmd) - unless res.downcase =~ /deleting record|not found/ - raise Chef::Exceptions::User, "error deleting user: #{res}" - end + res = run_sysadminctl(cmd) + unless res.downcase =~ /deleting record|not found/ + raise Chef::Exceptions::User, "error deleting user: #{res}" end reload_user_plist @@ -301,18 +313,15 @@ class Chef end def lock_user - converge_by "lock user" do - run_dscl("append", "/Users/#{new_resource.username}", "AuthenticationAuthority", ";DisabledUser;") - end + run_dscl("append", "/Users/#{new_resource.username}", "AuthenticationAuthority", ";DisabledUser;") reload_user_plist end def unlock_user auth_string = user_plist[:auth_authority].reject! { |tag| tag == ";DisabledUser;" }.join.strip - converge_by "unlock user" do - run_dscl("create", "/Users/#{new_resource.username}", "AuthenticationAuthority", auth_string) - end + + run_dscl("create", "/Users/#{new_resource.username}", "AuthenticationAuthority", auth_string) reload_user_plist end @@ -341,6 +350,8 @@ class Chef user_group_diverged? when :secure_token secure_token_diverged? + when :hidden + hidden_diverged? else # Other fields are have been set on current resource so just compare # them. @@ -348,6 +359,24 @@ class Chef end end + # Find the next available uid on the system. + # Starting with 200 if `system` is set, 501 otherwise. + def get_free_uid(search_limit = 1000) + uid = nil + base_uid = new_resource.system ? 200 : 501 + next_uid_guess = base_uid + users_uids = run_dscl("list", "/Users", "uid") + while next_uid_guess < search_limit + base_uid + if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n") + next_uid_guess += 1 + else + uid = next_uid_guess + break + end + end + uid || raise("uid not found. Exhausted. Searched #{search_limit} times") + end + # Attempt to resolve the group name, gid, and the action required for # associated group resource. If a group exists we'll modify it, otherwise # create it. @@ -415,12 +444,21 @@ class Chef return false unless prop_is_set?(:gid) group_name, group_id = user_group_info + current_resource.gid != group_id.to_i + end - if current_resource.gid.is_a?(String) - current_resource.gid != group_name - else - current_resource.gid != group_id.to_i - end + def hidden_diverged? + return false unless prop_is_set?(:hidden) + + (current_resource.hidden ? 1 : 0) != hidden_value.to_i + end + + def set_hidden + run_dscl("create", "/Users/#{new_resource.username}", "IsHidden", hidden_value.to_i) + end + + def hidden_value + new_resource.hidden ? 1 : 0 end def password_diverged? @@ -483,7 +521,7 @@ class Chef ) end - shadow_hash = user_plist[:shadow_hash][0] + shadow_hash = user_plist[:shadow_hash] ? user_plist[:shadow_hash][0] : {} shadow_hash["SALTED-SHA512-PBKDF2"] = { "entropy" => entropy, "salt" => salt, @@ -533,7 +571,7 @@ class Chef run_dsimport(import_file, "/Local/Default", "M") run_dscl("create", "/Users/#{new_resource.username}", "Password", "********") ensure - ::File.delete(import_file) if defined?(import_file) && ::File.exist?(import_file) + ::File.delete(import_file) if import_file && ::File.exist?(import_file) end def wait_for_user @@ -598,6 +636,7 @@ class Chef auth_authority: "dsAttrTypeStandard:AuthenticationAuthority", shadow_hash: "dsAttrTypeNative:ShadowHashData", group_members: "dsAttrTypeStandard:GroupMembers", + is_hidden: "dsAttrTypeNative:IsHidden", }.freeze attr_accessor :plist_hash, :property_map diff --git a/lib/chef/provider/whyrun_safe_ruby_block.rb b/lib/chef/provider/whyrun_safe_ruby_block.rb index ee4a659b00..e261cb4386 100644 --- a/lib/chef/provider/whyrun_safe_ruby_block.rb +++ b/lib/chef/provider/whyrun_safe_ruby_block.rb @@ -21,7 +21,7 @@ class Chef class WhyrunSafeRubyBlock < Chef::Provider::RubyBlock provides :whyrun_safe_ruby_block - def action_run + action :run do new_resource.block.call new_resource.updated_by_last_action(true) @run_context.events.resource_update_applied(new_resource, :create, "execute the whyrun_safe_ruby_block #{new_resource.name}") diff --git a/lib/chef/provider/windows_env.rb b/lib/chef/provider/windows_env.rb index 3fd4b18cfa..f60dc79c5b 100644 --- a/lib/chef/provider/windows_env.rb +++ b/lib/chef/provider/windows_env.rb @@ -78,7 +78,7 @@ class Chef alias_method :compare_value, :requires_modify_or_create? - def action_create + action :create do if @key_exists if requires_modify_or_create? modify_env @@ -104,7 +104,7 @@ class Chef needs_delete = new_values.any? { |v| current_values.include?(v) } if !needs_delete logger.trace("#{new_resource} element '#{new_resource.value}' does not exist") - return true # do not delete the key + true # do not delete the key else new_value = current_values.select do |item| @@ -112,18 +112,18 @@ class Chef end.join(new_resource.delim) if new_value.empty? - return false # nothing left here, delete the key + false # nothing left here, delete the key else old_value = new_resource.value(new_value) create_env logger.trace("#{new_resource} deleted #{old_value} element") new_resource.updated_by_last_action(true) - return true # we removed the element and updated; do not delete the key + true # we removed the element and updated; do not delete the key end end end - def action_delete + action :delete do if ( ENV[new_resource.key_name] || @key_exists ) && !delete_element delete_env logger.info("#{new_resource} deleted") @@ -131,7 +131,7 @@ class Chef end end - def action_modify + action :modify do if @key_exists if requires_modify_or_create? modify_env diff --git a/lib/chef/provider/windows_script.rb b/lib/chef/provider/windows_script.rb index 172b07d712..4325236607 100644 --- a/lib/chef/provider/windows_script.rb +++ b/lib/chef/provider/windows_script.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -46,7 +46,7 @@ class Chef public - def action_run + action :run do wow64_redirection_state = nil if @is_wow64 @@ -54,7 +54,7 @@ class Chef end begin - super + super() rescue raise ensure diff --git a/lib/chef/provider/windows_task.rb b/lib/chef/provider/windows_task.rb index 93347027a5..bf53a45233 100644 --- a/lib/chef/provider/windows_task.rb +++ b/lib/chef/provider/windows_task.rb @@ -19,7 +19,6 @@ require_relative "../mixin/shell_out" require "rexml/document" unless defined?(REXML::Document) require "iso8601" if ChefUtils.windows? -require_relative "../mixin/powershell_out" require_relative "../provider" require_relative "../util/path_helper" require "win32/taskscheduler" if ChefUtils.windows? @@ -28,7 +27,6 @@ class Chef class Provider class WindowsTask < Chef::Provider include Chef::Mixin::ShellOut - include Chef::Mixin::PowershellOut if ChefUtils.windows? include Win32 @@ -115,7 +113,7 @@ class Chef @current_resource end - def action_create + action :create do set_command_and_arguments if new_resource.command if current_resource.exists @@ -152,7 +150,7 @@ class Chef end end - def action_run + action :run do if current_resource.exists logger.trace "#{new_resource} task exists" if current_resource.task.status == "running" @@ -167,7 +165,7 @@ class Chef end end - def action_delete + action :delete do if current_resource.exists logger.trace "#{new_resource} task exists" converge_by("delete scheduled task #{new_resource}") do @@ -179,7 +177,7 @@ class Chef end end - def action_end + action :end do if current_resource.exists logger.trace "#{new_resource} task exists" if current_resource.task.status != "running" @@ -194,7 +192,7 @@ class Chef end end - def action_enable + action :enable do if current_resource.exists logger.trace "#{new_resource} task exists" if current_resource.task.status == "not scheduled" @@ -211,7 +209,7 @@ class Chef end end - def action_disable + action :disable do if current_resource.exists logger.info "#{new_resource} task exists" if %w{ready running}.include?(current_resource.task.status) @@ -328,7 +326,7 @@ class Chef def task_needs_update?(task) flag = false if new_resource.frequency == :none - flag = (task.account_information != new_resource.user || + flag = (task.author != new_resource.user || task.application_name != new_resource.command || description_needs_update?(task) || task.parameters != new_resource.command_arguments.to_s || @@ -352,7 +350,7 @@ class Chef current_task_trigger[:type] != new_task_trigger[:type] || current_task_trigger[:random_minutes_interval].to_i != new_task_trigger[:random_minutes_interval].to_i || current_task_trigger[:minutes_interval].to_i != new_task_trigger[:minutes_interval].to_i || - task.account_information.to_s.casecmp(new_resource.user.to_s) != 0 || + task.author.to_s.casecmp(new_resource.user.to_s) != 0 || task.application_name != new_resource.command || description_needs_update?(task) || task.parameters != new_resource.command_arguments.to_s || diff --git a/lib/chef/providers.rb b/lib/chef/providers.rb index 1e45ca13ed..9209ff4ca1 100644 --- a/lib/chef/providers.rb +++ b/lib/chef/providers.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2010-2018, Chef Software Inc. +# Copyright:: Copyright 2010-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,9 +16,6 @@ # limitations under the License. # -require_relative "provider/apt_update" -require_relative "provider/apt_preference" -require_relative "provider/apt_repository" require_relative "provider/batch" require_relative "provider/cookbook_file" require_relative "provider/cron" @@ -35,15 +32,12 @@ require_relative "provider/http_request" require_relative "provider/ifconfig" require_relative "provider/launchd" require_relative "provider/link" -require_relative "provider/log" require_relative "provider/ohai" -require_relative "provider/mdadm" require_relative "provider/mount" require_relative "provider/noop" require_relative "provider/package" require_relative "provider/powershell_script" require_relative "provider/osx_profile" -require_relative "provider/reboot" require_relative "provider/remote_directory" require_relative "provider/remote_file" require_relative "provider/route" diff --git a/lib/chef/recipe.rb b/lib/chef/recipe.rb index 154072827e..ddb45de8e3 100644 --- a/lib/chef/recipe.rb +++ b/lib/chef/recipe.rb @@ -85,6 +85,43 @@ class Chef end end + def from_yaml_file(filename) + self.source_file = filename + if File.file?(filename) && File.readable?(filename) + from_yaml(IO.read(filename)) + else + raise IOError, "Cannot open or read #{filename}!" + end + end + + def from_yaml(string) + res = ::YAML.safe_load(string) + if res.is_a?(Hash) + from_hash(res) + elsif res.is_a?(Array) + from_array(res) + else + raise "boom" + end + end + + def from_array(array) + Chef::Log.warn "array yaml files are super duper experimental behavior" + array.each { |e| from_hash(e) } + end + + def from_hash(hash) + hash["resources"].each do |rhash| + type = rhash.delete("type").to_sym + name = rhash.delete("name") + res = declare_resource(type, name) + rhash.each do |key, value| + # FIXME?: we probably need a way to instance_exec a string that contains block code against the property? + res.send(key, value) + end + end + end + def to_s "cookbook: #{cookbook_name ? cookbook_name : "(none)"}, recipe: #{recipe_name ? recipe_name : "(none)"} " end diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb index 6c7214fdd9..5153dd4910 100644 --- a/lib/chef/resource.rb +++ b/lib/chef/resource.rb @@ -415,7 +415,6 @@ class Chef @not_if end - # # The number of times to retry this resource if it fails by throwing an # exception while running an action. Default: 0 # @@ -427,7 +426,6 @@ class Chef # property :retries, Integer, default: 0, desired_state: false - # # The number of seconds to wait between retries. Default: 2. # # @param arg [Integer] The number of seconds to wait between retries. @@ -435,7 +433,6 @@ class Chef # property :retry_delay, Integer, default: 2, desired_state: false - # # Whether to treat this resource's data as sensitive. If set, no resource # data will be displayed in log output. # @@ -444,7 +441,16 @@ class Chef # property :sensitive, [ TrueClass, FalseClass ], default: false, desired_state: false + # If this is set the resource will be set to run at compile time and the converge time + # action will be set to :nothing. + # + # @param arg [Boolean] Whether or not to force this resource to run at compile time. + # @return [Boolean] Whether or not to force this resource to run at compile time. # + property :compile_time, [TrueClass, FalseClass], + description: "Determines whether or not the resource is executed during the compile time phase.", + default: false, desired_state: false + # The time it took (in seconds) to run the most recently-run action. Not # cumulative across actions. This is set to 0 as soon as a new action starts # running, and set to the elapsed time at the end of the action. @@ -458,7 +464,6 @@ class Chef # attr_accessor :executed_by_runner - # # The guard interpreter that will be used to process `only_if` and `not_if` # statements. If left unset, the #default_guard_interpreter will be used. # @@ -935,13 +940,7 @@ class Chef # # The display name of this resource type, for printing purposes. # - # This also automatically calls "provides" to provide DSL with the given - # name. - # - # resource_name defaults to your class name. - # - # Call `resource_name nil` to remove the resource name (and any - # corresponding DSL). + # Call `resource_name nil` to remove the resource name # # @param value [Symbol] The desired name of this resource type (e.g. # `execute`), or `nil` if this class is abstract and has no resource_name. @@ -951,20 +950,19 @@ class Chef def self.resource_name(name = NOT_PASSED) # Setter if name != NOT_PASSED - remove_canonical_dsl - - # Set the resource_name and call provides if name + @resource_name = name.to_sym name = name.to_sym - # If our class is not already providing this name, provide it. + # FIXME: determine a way to deprecate this magic behavior unless Chef::ResourceResolver.includes_handler?(name, self) - provides name, canonical: true + provides name end - @resource_name = name else @resource_name = nil end end + + @resource_name = nil unless defined?(@resource_name) @resource_name end @@ -972,25 +970,12 @@ class Chef resource_name(name) end - # - # Use the class name as the resource name. - # - # Munges the last part of the class name from camel case to snake case, - # and sets the resource_name to that: - # - # A::B::BlahDBlah -> blah_d_blah - # - def self.use_automatic_resource_name - automatic_name = convert_to_snake_case(name.split("::")[-1]) - resource_name automatic_name - end - # If the resource's action should run in separated compile/converge mode. # # @param flag [Boolean] value to set unified_mode to # @return [Boolean] unified_mode value def self.unified_mode(flag = nil) - @unified_mode = Chef::Config[:resource_unified_mode_default] if @unified_mode.nil? + @unified_mode = Chef::Config[:resource_unified_mode_default] if !defined?(@unified_mode) || @unified_mode.nil? @unified_mode = flag unless flag.nil? !!@unified_mode end @@ -1035,7 +1020,7 @@ class Chef self.allowed_actions |= @default_action end - if @default_action + if defined?(@default_action) && @default_action @default_action elsif superclass.respond_to?(:default_action) superclass.default_action @@ -1316,12 +1301,6 @@ class Chef def self.inherited(child) super @@sorted_descendants = nil - # set resource_name automatically if it's not set - if child.name && !child.resource_name - if child.name =~ /^Chef::Resource::(\w+)$/ - child.resource_name(convert_to_snake_case($1)) - end - end end # If an unknown method is invoked, determine whether the enclosing Provider's @@ -1343,9 +1322,7 @@ class Chef # # Since resource_name calls provides the generally correct way of doing this is # to do `chef_version_for_provides` first, then `resource_name` and then - # any additional options `provides` lines. Calling `resource_name` is somewhat - # important to have the canonical_dsl removed or else that'll stick around - # and chef_version won't get applied to it. + # any additional options `provides` lines. # # Once we no longer care about supporting chef < 14.4 then we can deprecate # this API. @@ -1366,17 +1343,17 @@ class Chef def self.provides(name, **options, &block) name = name.to_sym - # `provides :resource_name, os: 'linux'`) needs to remove the old - # canonical DSL before adding the new one. - if @resource_name && name == @resource_name - remove_canonical_dsl - end + # quell warnings + @chef_version_for_provides = nil unless defined?(@chef_version_for_provides) + + # deliberately do not go through the accessor here + @resource_name = name if resource_name.nil? if @chef_version_for_provides && !options.include?(:chef_version) options[:chef_version] = @chef_version_for_provides end - result = Chef.resource_handler_map.set(name, self, options, &block) + result = Chef.resource_handler_map.set(name, self, **options, &block) Chef::DSL::Resources.add_resource_dsl(name) result end @@ -1580,7 +1557,7 @@ class Chef # <Chef::Resource>:: returns the proper Chef::Resource class # def self.resource_matching_short_name(short_name) - Chef::ResourceResolver.resolve(short_name, canonical: true) + Chef::ResourceResolver.resolve(short_name) end # @api private @@ -1595,13 +1572,14 @@ class Chef self.class.resource_for_node(name, node).new("name", run_context).provider_for_action(action).class end - def self.remove_canonical_dsl - if @resource_name - remaining = Chef.resource_handler_map.delete_canonical(@resource_name, self) - unless remaining - Chef::DSL::Resources.remove_resource_dsl(@resource_name) - end - end + # This is used to suppress the "(up to date)" message in the doc formatter + # for the log resource (where it is nonsensical). + # + # This is not exactly a private API, but its doubtful there exist many other sane + # use cases for this. + # + def suppress_up_to_date_messages? + false end end end diff --git a/lib/chef/resource/action_class.rb b/lib/chef/resource/action_class.rb index 03756062ef..1b4ddd453b 100644 --- a/lib/chef/resource/action_class.rb +++ b/lib/chef/resource/action_class.rb @@ -1,6 +1,6 @@ # # Author:: John Keiser (<jkeiser@chef.io) -# Copyright:: Copyright 2015-2018, Chef Software Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/resource/alternatives.rb b/lib/chef/resource/alternatives.rb new file mode 100644 index 0000000000..a2f08ad864 --- /dev/null +++ b/lib/chef/resource/alternatives.rb @@ -0,0 +1,149 @@ +# +# Copyright:: 2020, Chef Software Inc. +# Copyright:: 2016-2020, Virender Khatri +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" + +class Chef + class Resource + class Alternatives < Chef::Resource + unified_mode true + + provides(:alternatives) { true } + + description "The alternatives resource allows for configuration of command alternatives in Linux using the alternatives or update-alternatives packages." + introduced "16.0" + + property :link_name, String, name_property: true + property :link, String, default: lazy { |n| "/usr/bin/#{n.link_name}" } + property :path, String + property :priority, [String, Integer], coerce: proc { |n| n.to_i } + + def define_resource_requirements + requirements.assert(:install) do |a| + a.assertion do + !new_resource.priority.nil? + end + + a.failure_message("Could not set alternatives for #{new_resource.link_name}, you must provide the :priority property") + end + + requirements.assert(:install, :set, :remove) do |a| + a.assertion do + !new_resource.path.nil? + end + + a.failure_message("Could not set alternatives for #{new_resource.link_name}, you must provide the :path property") + end + + requirements.assert(:install, :set, :remove) do |a| + a.assertion do + ::File.exist?(new_resource.path) + end + + a.whyrun("Assuming file #{new_resource.path} already exists or was created already") + a.failure_message("Could not set alternatives for #{new_resource.link_name}, missing #{new_resource.path}") + end + end + + action :install do + if path_priority != new_resource.priority + converge_by("adding alternative #{new_resource.link} #{new_resource.link_name} #{new_resource.path} #{new_resource.priority}") do + output = shell_out(alternatives_cmd, "--install", new_resource.link, new_resource.link_name, new_resource.path, new_resource.priority) + unless output.exitstatus == 0 + raise "failed to add alternative #{new_resource.link} #{new_resource.link_name} #{new_resource.path} #{new_resource.priority}" + end + end + end + end + + action :set do + if current_path != new_resource.path + converge_by("setting alternative #{new_resource.link_name} #{new_resource.path}") do + output = shell_out(alternatives_cmd, "--set", new_resource.link_name, new_resource.path) + unless output.exitstatus == 0 + raise "failed to set alternative #{new_resource.link_name} #{new_resource.path} \n #{output.stdout.strip}" + end + end + end + end + + action :remove do + if path_exists? + converge_by("removing alternative #{new_resource.link_name} #{new_resource.path}") do + shell_out(alternatives_cmd, "--remove", new_resource.link_name, new_resource.path) + end + end + end + + action :auto do + converge_by("setting auto alternative #{new_resource.link_name}") do + shell_out(alternatives_cmd, "--auto", new_resource.link_name) + end + end + + action :refresh do + converge_by("refreshing alternative #{new_resource.link_name}") do + shell_out(alternatives_cmd, "--refresh", new_resource.link_name) + end + end + + action_class do + # + # @return [String] The appropriate alternatives command based on the platform + # + def alternatives_cmd + if debian? + "update-alternatives" + else + "alternatives" + end + end + + # + # @return [Integer] The current path priority for the link_name alternative + # + def path_priority + # https://rubular.com/r/IcUlEU0mSNaMm3 + escaped_path = Regexp.new(Regexp.escape("#{new_resource.path} - priority ") + "(.*)") + match = shell_out(alternatives_cmd, "--display", new_resource.link_name).stdout.match(escaped_path) + + match.nil? ? nil : match[1].to_i + end + + # + # @return [String] The current path for the link_name alternative + # + def current_path + # https://rubular.com/r/ylsuvzUtquRPqc + match = shell_out(alternatives_cmd, "--display", new_resource.link_name).stdout.match(/link currently points to (.*)/) + match[1] + end + + # + # @return [Boolean] does the path exist for the link_name alternative + # + def path_exists? + # https://rubular.com/r/ogvDdq8h2IKRff + escaped_path = Regexp.new(Regexp.escape("#{new_resource.path} - priority")) + shell_out(alternatives_cmd, "--display", new_resource.link_name).stdout.match?(escaped_path) + end + end + end + end +end diff --git a/lib/chef/resource/apt_package.rb b/lib/chef/resource/apt_package.rb index 020905d86a..2aa4fef704 100644 --- a/lib/chef/resource/apt_package.rb +++ b/lib/chef/resource/apt_package.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class AptPackage < Chef::Resource::Package - resource_name :apt_package + unified_mode true + provides :apt_package, target_mode: true provides :package, platform_family: "debian", target_mode: true diff --git a/lib/chef/resource/apt_preference.rb b/lib/chef/resource/apt_preference.rb index 810a8dcad8..cef5c73bc8 100644 --- a/lib/chef/resource/apt_preference.rb +++ b/lib/chef/resource/apt_preference.rb @@ -1,6 +1,6 @@ # # Author:: Tim Smith (<tsmith@chef.io>) -# Copyright:: 2016-2017, Chef Software, Inc. +# Copyright:: 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,8 @@ class Chef class Resource # @since 13.3 class AptPreference < Chef::Resource - resource_name :apt_preference + unified_mode true + provides(:apt_preference) { true } description "The apt_preference resource allows for the creation of APT preference files. Preference files are used to control which package versions and sources are prioritized during installation." @@ -47,6 +48,72 @@ class Chef default_action :add allowed_actions :add, :remove + + APT_PREFERENCE_DIR = "/etc/apt/preferences.d".freeze + + action_class do + # Build preferences.d file contents + def build_pref(package_name, pin, pin_priority) + "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n" + end + + def safe_name(name) + name.tr(".", "_").gsub("*", "wildcard") + end + end + + action :add do + return unless debian? + + preference = build_pref( + new_resource.glob || new_resource.package_name, + new_resource.pin, + new_resource.pin_priority + ) + + directory APT_PREFERENCE_DIR do + mode "0755" + action :create + end + + sanitized_prefname = safe_name(new_resource.package_name) + + # cleanup any existing pref files w/o the sanitized name (created by old apt cookbook) + if (sanitized_prefname != new_resource.package_name) && ::File.exist?("#{APT_PREFERENCE_DIR}/#{new_resource.package_name}.pref") + logger.warn "Replacing legacy #{new_resource.package_name}.pref with #{sanitized_prefname}.pref in #{APT_PREFERENCE_DIR}" + file "#{APT_PREFERENCE_DIR}/#{new_resource.package_name}.pref" do + action :delete + end + end + + # cleanup any existing pref files without the .pref extension (created by old apt cookbook) + if ::File.exist?("#{APT_PREFERENCE_DIR}/#{new_resource.package_name}") + logger.warn "Replacing legacy #{new_resource.package_name} with #{sanitized_prefname}.pref in #{APT_PREFERENCE_DIR}" + file "#{APT_PREFERENCE_DIR}/#{new_resource.package_name}" do + action :delete + end + end + + file "#{APT_PREFERENCE_DIR}/#{sanitized_prefname}.pref" do + mode "0644" + content preference + action :create + end + end + + action :remove do + return unless debian? + + sanitized_prefname = safe_name(new_resource.package_name) + + if ::File.exist?("#{APT_PREFERENCE_DIR}/#{sanitized_prefname}.pref") + logger.info "Un-pinning #{sanitized_prefname} from #{APT_PREFERENCE_DIR}" + file "#{APT_PREFERENCE_DIR}/#{sanitized_prefname}.pref" do + action :delete + end + end + end + end end end diff --git a/lib/chef/resource/apt_repository.rb b/lib/chef/resource/apt_repository.rb index 213acc166b..cef8f7495e 100644 --- a/lib/chef/resource/apt_repository.rb +++ b/lib/chef/resource/apt_repository.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: 2016-2019, Chef Software, Inc. +# Copyright:: 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,11 +17,15 @@ # require_relative "../resource" +require_relative "../http/simple" +require "tmpdir" unless defined?(Dir.mktmpdir) +require "addressable" unless defined?(Addressable) class Chef class Resource class AptRepository < Chef::Resource - resource_name :apt_repository + unified_mode true + provides(:apt_repository) { true } description "Use the apt_repository resource to specify additional APT repositories. Adding a new repository will update the APT package cache immediately." @@ -116,7 +120,7 @@ class Chef property :components, Array, description: "Package groupings, such as 'main' and 'stable'.", - default: lazy { [] } + default: lazy { [] }, default_description: "'main' if using a PPA repository." property :arch, [String, nil, FalseClass], description: "Constrain packages to a particular CPU architecture such as 'i386' or 'amd64'." @@ -150,6 +154,334 @@ class Chef default_action :add allowed_actions :add, :remove + + action_class do + LIST_APT_KEY_FINGERPRINTS = %w{apt-key adv --list-public-keys --with-fingerprint --with-colons}.freeze + + # is the provided ID a key ID from a keyserver. Looks at length and HEX only values + # @param [String] id the key value passed by the user that *may* be an ID + def is_key_id?(id) + id = id[2..-1] if id.start_with?("0x") + id =~ /^\h+$/ && [8, 16, 40].include?(id.length) + end + + # run the specified command and extract the fingerprints from the output + # accepts a command so it can be used to extract both the current key's fingerprints + # and the fingerprint of the new key + # @param [Array<String>] cmd the command to run + # + # @return [Array] an array of fingerprints + def extract_fingerprints_from_cmd(*cmd) + so = shell_out(*cmd) + so.stdout.split(/\n/).map do |t| + if z = t.match(/^fpr:+([0-9A-F]+):/) + z[1].split.join + end + end.compact + end + + # validate the key against the apt keystore to see if that version is expired + # @param [String] key + # + # @return [Boolean] is the key valid or not + def key_is_valid?(key) + valid = true + + so = shell_out("apt-key", "list") + so.stdout.split(/\n/).map do |t| + if t =~ %r{^\/#{key}.*\[expired: .*\]$} + logger.debug "Found expired key: #{t}" + valid = false + break + end + end + + logger.debug "key #{key} #{valid ? "is valid" : "is not valid"}" + valid + end + + # return the specified cookbook name or the cookbook containing the + # resource. + # + # @return [String] name of the cookbook + def cookbook_name + new_resource.cookbook || new_resource.cookbook_name + end + + # determine if a cookbook file is available in the run + # @param [String] fn the path to the cookbook file + # + # @return [Boolean] cookbook file exists or doesn't + def has_cookbook_file?(fn) + run_context.has_cookbook_file_in_cookbook?(cookbook_name, fn) + end + + # determine if there are any new keys by comparing the fingerprints of installed + # keys to those of the passed file + # @param [String] file the keyfile of the new repository + # + # @return [Boolean] true: no new keys in the file. false: there are new keys + def no_new_keys?(file) + # Now we are using the option --with-colons that works across old os versions + # as well as the latest (16.10). This for both `apt-key` and `gpg` commands + installed_keys = extract_fingerprints_from_cmd(*LIST_APT_KEY_FINGERPRINTS) + proposed_keys = extract_fingerprints_from_cmd("gpg", "--with-fingerprint", "--with-colons", file) + (installed_keys & proposed_keys).sort == proposed_keys.sort + end + + # Given the provided key URI determine what kind of chef resource we need + # to fetch the key + # @param [String] uri the uri of the gpg key (local path or http URL) + # + # @raise [Chef::Exceptions::FileNotFound] Key isn't remote or found in the current run + # + # @return [Symbol] :remote_file or :cookbook_file + def key_type(uri) + if uri.start_with?("http") + :remote_file + elsif has_cookbook_file?(uri) + :cookbook_file + else + raise Chef::Exceptions::FileNotFound, "Cannot locate key file: #{uri}" + end + end + + # Fetch the key using either cookbook_file or remote_file, validate it, + # and install it with apt-key add + # @param [String] key the key to install + # + # @raise [RuntimeError] Invalid key which can't verify the apt repository + # + # @return [void] + def install_key_from_uri(key) + key_name = key.gsub(/[^0-9A-Za-z\-]/, "_") + cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name) + tmp_dir = Dir.mktmpdir(".gpg") + at_exit { FileUtils.remove_entry(tmp_dir) } + + declare_resource(key_type(key), cached_keyfile) do + source key + mode "0644" + sensitive new_resource.sensitive + action :create + verify "gpg --homedir #{tmp_dir} %{path}" + end + + execute "apt-key add #{cached_keyfile}" do + command [ "apt-key", "add", cached_keyfile ] + default_env true + sensitive new_resource.sensitive + action :run + not_if { no_new_keys?(cached_keyfile) } + notifies :run, "execute[apt-cache gencaches]", :immediately + end + end + + # build the apt-key command to install the keyserver + # @param [String] key the key to install + # @param [String] keyserver the key server to use + # + # @return [String] the full apt-key command to run + def keyserver_install_cmd(key, keyserver) + cmd = "apt-key adv --no-tty --recv" + cmd << " --keyserver-options http-proxy=#{new_resource.key_proxy}" if new_resource.key_proxy + cmd << " --keyserver " + cmd << if keyserver.start_with?("hkp://") + keyserver + else + "hkp://#{keyserver}:80" + end + + cmd << " #{key}" + cmd + end + + # @param [String] key + # @param [String] keyserver + # + # @raise [RuntimeError] Invalid key which can't verify the apt repository + # + # @return [void] + def install_key_from_keyserver(key, keyserver = new_resource.keyserver) + execute "install-key #{key}" do + command keyserver_install_cmd(key, keyserver) + default_env true + sensitive new_resource.sensitive + not_if do + present = extract_fingerprints_from_cmd(*LIST_APT_KEY_FINGERPRINTS).any? do |fp| + fp.end_with? key.upcase + end + present && key_is_valid?(key.upcase) + end + notifies :run, "execute[apt-cache gencaches]", :immediately + end + + raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless key_is_valid?(key.upcase) + end + + # @param [String] owner + # @param [String] repo + # + # @raise [RuntimeError] Could not access the Launchpad PPA API + # + # @return [void] + def install_ppa_key(owner, repo) + url = "https://launchpad.net/api/1.0/~#{owner}/+archive/#{repo}" + key_id = Chef::HTTP::Simple.new(url).get("signing_key_fingerprint").delete('"') + install_key_from_keyserver(key_id, "keyserver.ubuntu.com") + rescue Net::HTTPClientException => e + raise "Could not access Launchpad ppa API: #{e.message}" + end + + # determine if the repository URL is a PPA + # @param [String] url the url of the repository + # + # @return [Boolean] is the repo URL a PPA + def is_ppa_url?(url) + url.start_with?("ppa:") + end + + # determine the repository's components: + # - "components" property if defined + # - "main" if "components" not defined and the repo is a PPA URL + # - otherwise nothing + # + # @return [String] the repository component + def repo_components + if is_ppa_url?(new_resource.uri) && new_resource.components.empty? + "main" + else + new_resource.components + end + end + + # given a PPA return a PPA URL in http://ppa.launchpad.net format + # @param [String] ppa the ppa URL + # + # @return [String] full PPA URL + def make_ppa_url(ppa) + owner, repo = ppa[4..-1].split("/") + repo ||= "ppa" + + install_ppa_key(owner, repo) + "http://ppa.launchpad.net/#{owner}/#{repo}/ubuntu" + end + + # build complete repo text that will be written to the config + # @param [String] uri + # @param [Array] components + # @param [Boolean] trusted + # @param [String] arch + # @param [Boolean] add_src + # + # @return [String] complete repo config text + def build_repo(uri, distribution, components, trusted, arch, add_src = false) + uri = make_ppa_url(uri) if is_ppa_url?(uri) + + uri = Addressable::URI.parse(uri) + components = Array(components).join(" ") + options = [] + options << "arch=#{arch}" if arch + options << "trusted=yes" if trusted + optstr = unless options.empty? + "[" + options.join(" ") + "]" + end + info = [ optstr, uri.normalize.to_s, distribution, components ].compact.join(" ") + repo = "deb #{info}\n" + repo << "deb-src #{info}\n" if add_src + repo + end + + # clean up a potentially legacy file from before we fixed the usage of + # new_resource.name vs. new_resource.repo_name. We might have the + # name.list file hanging around and need to clean it up. + # + # @return [void] + def cleanup_legacy_file! + legacy_path = "/etc/apt/sources.list.d/#{new_resource.name}.list" + if new_resource.name != new_resource.repo_name && ::File.exist?(legacy_path) + converge_by "Cleaning up legacy #{legacy_path} repo file" do + file legacy_path do + action :delete + # Not triggering an update since it isn't super likely to be needed. + end + end + end + end + end + + action :add do + return unless debian? + + execute "apt-cache gencaches" do + command %w{apt-cache gencaches} + default_env true + ignore_failure true + action :nothing + end + + apt_update new_resource.name do + ignore_failure true + action :nothing + end + + if new_resource.key.nil? + logger.debug "No 'key' property specified skipping key import" + else + new_resource.key.each do |k| + if is_key_id?(k) && !has_cookbook_file?(k) + install_key_from_keyserver(k) + else + install_key_from_uri(k) + end + end + end + + cleanup_legacy_file! + + repo = build_repo( + new_resource.uri, + new_resource.distribution, + repo_components, + new_resource.trusted, + new_resource.arch, + new_resource.deb_src + ) + + file "/etc/apt/sources.list.d/#{new_resource.repo_name}.list" do + owner "root" + group "root" + mode "0644" + content repo + sensitive new_resource.sensitive + action :create + notifies :run, "execute[apt-cache gencaches]", :immediately + notifies :update, "apt_update[#{new_resource.name}]", :immediately if new_resource.cache_rebuild + end + end + + action :remove do + return unless debian? + + cleanup_legacy_file! + if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.repo_name}.list") + converge_by "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/" do + apt_update new_resource.name do + ignore_failure true + action :nothing + end + + file "/etc/apt/sources.list.d/#{new_resource.repo_name}.list" do + sensitive new_resource.sensitive + action :delete + notifies :update, "apt_update[#{new_resource.name}]", :immediately if new_resource.cache_rebuild + end + end + else + logger.trace("/etc/apt/sources.list.d/#{new_resource.repo_name}.list does not exist. Nothing to do") + end + end + end end end diff --git a/lib/chef/resource/apt_update.rb b/lib/chef/resource/apt_update.rb index 330f5b6071..f6916ac681 100644 --- a/lib/chef/resource/apt_update.rb +++ b/lib/chef/resource/apt_update.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: Copyright (c) 2016-2019, Chef Software Inc. +# Copyright:: Copyright (c) 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "../resource" class Chef class Resource class AptUpdate < Chef::Resource - resource_name :apt_update + unified_mode true + provides(:apt_update) { true } description "Use the apt_update resource to manage APT repository updates on Debian and Ubuntu platforms." @@ -50,6 +51,56 @@ class Chef default_action :periodic allowed_actions :update, :periodic + + action_class do + APT_CONF_DIR = "/etc/apt/apt.conf.d".freeze + STAMP_DIR = "/var/lib/apt/periodic".freeze + + # Determines whether we need to run `apt-get update` + # + # @return [Boolean] + def apt_up_to_date? + ::File.exist?("#{STAMP_DIR}/update-success-stamp") && + ::File.mtime("#{STAMP_DIR}/update-success-stamp") > Time.now - new_resource.frequency + end + + def do_update + [STAMP_DIR, APT_CONF_DIR].each do |d| + directory d do + recursive true + end + end + + file "#{APT_CONF_DIR}/15update-stamp" do + content "APT::Update::Post-Invoke-Success {\"touch #{STAMP_DIR}/update-success-stamp 2>/dev/null || true\";};\n" + action :create_if_missing + end + + execute "apt-get -q update" do + command [ "apt-get", "-q", "update" ] + default_env true + end + end + end + + action :periodic do + return unless debian? + + unless apt_up_to_date? + converge_by "update new lists of packages" do + do_update + end + end + end + + action :update do + return unless debian? + + converge_by "force update new lists of packages" do + do_update + end + end + end end end diff --git a/lib/chef/resource/archive_file.rb b/lib/chef/resource/archive_file.rb index dd208fb60f..006a9c5599 100644 --- a/lib/chef/resource/archive_file.rb +++ b/lib/chef/resource/archive_file.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2017-2019, Chef Software Inc. +# Copyright:: Copyright 2017-2020, Chef Software Inc. # Author:: Jamie Winsor (<jamie@vialstudios.com>) # Author:: Tim Smith (<tsmith@chef.io>) # @@ -23,8 +23,8 @@ require_relative "../resource" class Chef class Resource class ArchiveFile < Chef::Resource + unified_mode true - resource_name :archive_file provides :archive_file provides :libarchive_file # legacy cookbook name @@ -102,8 +102,11 @@ class Chef end if new_resource.owner || new_resource.group - converge_by("set owner of #{new_resource.destination} to #{new_resource.owner}:#{new_resource.group}") do - FileUtils.chown_R(new_resource.owner, new_resource.group, new_resource.destination) + converge_by("set owner of files extracted in #{new_resource.destination} to #{new_resource.owner}:#{new_resource.group}") do + archive = Archive::Reader.open_filename(new_resource.path) + archive.each_entry do |e| + FileUtils.chown(new_resource.owner, new_resource.group, "#{new_resource.destination}/#{e.pathname}") + end end end end diff --git a/lib/chef/resource/bash.rb b/lib/chef/resource/bash.rb index 0399ff715b..b06c1c1d36 100644 --- a/lib/chef/resource/bash.rb +++ b/lib/chef/resource/bash.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,8 @@ class Chef class Bash < Chef::Resource::Script unified_mode true + provides :bash + description "Use the bash resource to execute scripts using the Bash interpreter. This resource may also use any of the actions and properties that are available to the execute resource. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence." def initialize(name, run_context = nil) diff --git a/lib/chef/resource/batch.rb b/lib/chef/resource/batch.rb index f36a70cd0c..6d7f87c3d6 100644 --- a/lib/chef/resource/batch.rb +++ b/lib/chef/resource/batch.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/lib/chef/resource/bff_package.rb b/lib/chef/resource/bff_package.rb index 819d0a8eb8..2ab0ce77be 100644 --- a/lib/chef/resource/bff_package.rb +++ b/lib/chef/resource/bff_package.rb @@ -1,6 +1,6 @@ # # Author:: Deepali Jagtap (<deepali.jagtap@clogeny.com>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class BffPackage < Chef::Resource::Package - resource_name :bff_package + unified_mode true + provides :bff_package description "Use the bff_package resource to manage packages for the AIX platform using the installp utility. When a package is installed from a local file, it must be added to the node using the remote_file or cookbook_file resources." diff --git a/lib/chef/resource/breakpoint.rb b/lib/chef/resource/breakpoint.rb index 0beb7152a0..d55f35cda4 100644 --- a/lib/chef/resource/breakpoint.rb +++ b/lib/chef/resource/breakpoint.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@kallistec.com>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,7 +25,6 @@ class Chef unified_mode true provides :breakpoint, target_mode: true - resource_name :breakpoint description "Use the breakpoint resource to add breakpoints to recipes. Run the #{Chef::Dist::SHELL} in #{Chef::Dist::PRODUCT} mode, and then use those breakpoints to debug recipes. Breakpoints are ignored by the #{Chef::Dist::CLIENT} during an actual #{Chef::Dist::CLIENT} run. That said, breakpoints are typically used to debug recipes only when running them in a non-production environment, after which they are removed from those recipes before the parent cookbook is uploaded to the Chef server." introduced "12.0" diff --git a/lib/chef/resource/build_essential.rb b/lib/chef/resource/build_essential.rb index 8d93e57aab..a01449792d 100644 --- a/lib/chef/resource/build_essential.rb +++ b/lib/chef/resource/build_essential.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2008-2019, Chef Software Inc. +# Copyright:: 2008-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,8 @@ require_relative "../resource" class Chef class Resource class BuildEssential < Chef::Resource - resource_name :build_essential + unified_mode true + provides(:build_essential) { true } description "Use the build_essential resource to install the packages required for compiling C software from source." @@ -41,28 +42,25 @@ class Chef # this allows us to use build_essential without setting a name property :name, String, default: "" - property :compile_time, [TrueClass, FalseClass], - description: "Install the build essential packages at compile time.", - default: false, desired_state: false + property :raise_if_unsupported, [TrueClass, FalseClass], + description: "Raise a hard error on platforms where this resource is unsupported.", + default: false, desired_state: false # FIXME: make this default to true action :install do description "Install build essential packages" - case node["platform_family"] - when "debian" + case + when debian? package %w{ autoconf binutils-doc bison build-essential flex gettext ncurses-dev } when fedora_derived? package %w{ autoconf bison flex gcc gcc-c++ gettext kernel-devel make m4 ncurses-devel patch } - - # Ensure GCC 4 is available on older pre-6 EL - package %w{ gcc44 gcc44-c++ } if platform_family?("rhel") && node["platform_version"].to_i < 6 - when "freebsd" + when freebsd? package "devel/gmake" package "devel/autoconf" package "devel/m4" package "devel/gettext" - when "mac_os_x" + when macos? unless xcode_cli_installed? # This script was graciously borrowed and modified from Tim Sutton's # osx-vm-templates at https://github.com/timsutton/osx-vm-templates/blob/b001475df54a9808d3d56d06e71b8fa3001fff42/scripts/xcode-cli-tools.sh @@ -80,7 +78,7 @@ class Chef EOH end end - when "omnios" + when omnios? package "developer/gcc48" package "developer/object-file" package "developer/linker" @@ -93,17 +91,13 @@ class Chef # $PATH, so add it to the running process environment # http://omnios.omniti.com/wiki.php/DevEnv ENV["PATH"] = "#{ENV["PATH"]}:/opt/gcc-4.7.2/bin" - when "solaris2" + when solaris2? package "autoconf" package "automake" package "bison" package "gnu-coreutils" package "flex" - package "gcc" do - # lock because we don't use 5 yet - version "4.8.2" - end - package "gcc-3" + package "gcc" package "gnu-grep" package "gnu-make" package "gnu-patch" @@ -111,21 +105,26 @@ class Chef package "make" package "pkg-config" package "ucb" - when "smartos" + when smartos? package "autoconf" package "binutils" package "build-essential" package "gcc47" package "gmake" package "pkg-config" - when "suse" + when suse? package %w{ autoconf bison flex gcc gcc-c++ kernel-default-devel make m4 } package %w{ gcc48 gcc48-c++ } if node["platform_version"].to_i < 12 else - Chef::Log.warn <<-EOH + msg = <<-EOH The build_essential resource does not currently support the '#{node["platform_family"]}' platform family. Skipping... EOH + if new_resource.raise_if_unsupported + raise msg + else + Chef::Log.warn msg + end end end @@ -141,17 +140,6 @@ class Chef cmd.error? ? false : true end end - - # this resource forces itself to run at compile_time - # - # @return [void] - def after_created - return unless compile_time - - Array(action).each do |action| - run_action(action) - end - end end end end diff --git a/lib/chef/resource/cab_package.rb b/lib/chef/resource/cab_package.rb index 376a384bd7..16f8bf64c4 100644 --- a/lib/chef/resource/cab_package.rb +++ b/lib/chef/resource/cab_package.rb @@ -1,6 +1,6 @@ # # Author:: Vasundhara Jagdale (<vasundhara.jagdale@msystechnologies.com>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,8 @@ class Chef class Resource class CabPackage < Chef::Resource::Package include Chef::Mixin::Uris + unified_mode true - resource_name :cab_package provides :cab_package description "Use the cab_package resource to install or remove Microsoft Windows cabinet (.cab) packages." diff --git a/lib/chef/resource/chef_gem.rb b/lib/chef/resource/chef_gem.rb index 04492e2a26..af8d63bc60 100644 --- a/lib/chef/resource/chef_gem.rb +++ b/lib/chef/resource/chef_gem.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2012-2017, Chef Software Inc. +# Copyright:: Copyright 2012-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,28 +35,14 @@ class Chef # - Runs Gem.clear_paths after the action, ensuring that gem is aware of changes so that it can be required # immediately after it is installed class ChefGem < Chef::Resource::Package::GemPackage - resource_name :chef_gem + unified_mode true + provides :chef_gem property :gem_binary, default: "#{RbConfig::CONFIG["bindir"]}/gem", default_description: "Chef's built-in gem binary.", description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by the #{Chef::Dist::CLIENT} will be installed.", callbacks: { "The chef_gem resource is restricted to the current gem environment, use gem_package to install to other environments." => proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" }, } - property :compile_time, [TrueClass, FalseClass], - description: "Controls the phase during which a gem is installed on a node. Set to 'true' to install a gem while the resource collection is being built (the 'compile phase'). Set to 'false' to install a gem while the #{Chef::Dist::CLIENT} is configuring the node (the 'converge phase').", - default: false, desired_state: false - - # force the resource to compile time if the compile time property has been set - # - # @return [void] - def after_created - if compile_time - Array(action).each do |action| - run_action(action) - end - Gem.clear_paths - end - end end end end diff --git a/lib/chef/resource/chef_handler.rb b/lib/chef/resource/chef_handler.rb index 2fa5173401..aa4eac7a37 100644 --- a/lib/chef/resource/chef_handler.rb +++ b/lib/chef/resource/chef_handler.rb @@ -1,6 +1,6 @@ # # Author:: Seth Chisamore <schisamo@chef.io> -# Copyright:: 2011-2018, Chef Software, Inc <legal@chef.io> +# Copyright:: 2011-2020, Chef Software Inc.<legal@chef.io> # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,8 @@ require_relative "../dist" class Chef class Resource class ChefHandler < Chef::Resource - resource_name :chef_handler + unified_mode true + provides(:chef_handler) { true } description "Use the chef_handler resource to install or uninstall reporting/exception handlers." diff --git a/lib/chef/resource/chef_sleep.rb b/lib/chef/resource/chef_sleep.rb index 8bd7d2421d..9e31b53d03 100644 --- a/lib/chef/resource/chef_sleep.rb +++ b/lib/chef/resource/chef_sleep.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2019, Chef Software Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ require_relative "../dist" class Chef class Resource class ChefSleep < Chef::Resource - resource_name :chef_sleep provides :chef_sleep unified_mode true diff --git a/lib/chef/resource/chef_vault_secret.rb b/lib/chef/resource/chef_vault_secret.rb new file mode 100644 index 0000000000..b1272df6f2 --- /dev/null +++ b/lib/chef/resource/chef_vault_secret.rb @@ -0,0 +1,133 @@ +# +# Author:: Joshua Timberman <joshua@chef.io> +# Copyright:: 2014-2020, Chef Software Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" +require "chef-vault" + +class Chef + class Resource + class ChefVaultSecret < Chef::Resource + provides :chef_vault_secret + + introduced "16.0" + description "Use the chef_vault_secret resource to store secrets in Chef Vault items. Where possible and relevant, this resource attempts to map behavior and functionality to the knife vault sub-commands." + examples <<~DOC + To create a 'foo' item in an existing 'bar' data bag: + + ```ruby + chef_vault_secret 'foo' do + data_bag 'bar' + raw_data({'auth' => 'baz'}) + admins 'jtimberman' + search '*:*' + end + ``` + + To allow multiple admins access to an item: + + ```ruby + chef_vault_secret 'root-password' do + admins 'jtimberman,paulmooring' + data_bag 'secrets' + raw_data({'auth' => 'DontUseThisPasswordForRoot'}) + search '*:*' + end + ``` + DOC + + property :id, String, name_property: true, + description: "The name of the data bag item if it differs from the name of the resource block" + + property :data_bag, String, required: true, desired_state: false, + description: "The data bag that contains the item." + + property :admins, [String, Array], required: true, desired_state: false, + description: "A list of admin users who should have access to the item. Corresponds to the 'admin' option when using the chef-vault knife plugin. Can be specified as a comma separated string or an array." + + property :clients, [String, Array], desired_state: false, + description: "A search query for the nodes' API clients that should have access to the item." + + property :search, String, default: "*:*", desired_state: false, + description: "Search query that would match the same used for the clients, gets stored as a field in the item." + + property :raw_data, [Hash, Mash], default: {}, + description: "The raw data, as a Ruby Hash, that will be stored in the item." + + property :environment, [String, NilClass], desired_state: false, + description: "The Chef environment of the data if storing per environment values." + + load_current_value do + begin + item = ChefVault::Item.load(data_bag, id) + raw_data item.raw_data + clients item.get_clients + admins item.get_admins + search item.search + rescue ChefVault::Exceptions::KeysNotFound + current_value_does_not_exist! + rescue Net::HTTPClientException => e + current_value_does_not_exist! if e.response_code == "404" + end + end + + action :create do + description "Creates the item, or updates it if it already exists." + + converge_if_changed do + item = ChefVault::Item.new(new_resource.data_bag, new_resource.id) + + Chef::Log.debug("#{new_resource.id} environment: '#{new_resource.environment}'") + item.raw_data = if new_resource.environment.nil? + new_resource.raw_data.merge("id" => new_resource.id) + else + { "id" => new_resource.id, new_resource.environment => new_resource.raw_data } + end + + Chef::Log.debug("#{new_resource.id} search query: '#{new_resource.search}'") + item.search(new_resource.search) + Chef::Log.debug("#{new_resource.id} clients: '#{new_resource.clients}'") + item.clients([new_resource.clients].flatten.join(",")) unless new_resource.clients.nil? + Chef::Log.debug("#{new_resource.id} admins (users): '#{new_resource.admins}'") + item.admins([new_resource.admins].flatten.join(",")) + item.save + end + end + + action :create_if_missing do + description "Calls the create action unless it exists." + + action_create if current_resource.nil? + end + + action :delete do + description "Deletes the item and the item's keys ('id'_keys)." + + converge_by("remove #{new_resource.id} and #{new_resource.id}_keys from #{new_resource.data_bag}") do + chef_data_bag_item new_resource.id do + data_bag new_resource.data_bag + action :delete + end + + chef_data_bag_item [new_resource.id, "keys"].join("_") do + data_bag new_resource.data_bag + action :delete + end + end + end + end + end +end diff --git a/lib/chef/resource/chocolatey_config.rb b/lib/chef/resource/chocolatey_config.rb index 216dc85fc9..788479caca 100644 --- a/lib/chef/resource/chocolatey_config.rb +++ b/lib/chef/resource/chocolatey_config.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2018-2019, Chef Software, Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +17,9 @@ class Chef class Resource class ChocolateyConfig < Chef::Resource - resource_name :chocolatey_config + unified_mode true + + provides :chocolatey_config description "Use the chocolatey_config resource to add or remove Chocolatey configuration keys." introduced "14.3" diff --git a/lib/chef/resource/chocolatey_feature.rb b/lib/chef/resource/chocolatey_feature.rb index 37ca9c0228..9a79d1cffe 100644 --- a/lib/chef/resource/chocolatey_feature.rb +++ b/lib/chef/resource/chocolatey_feature.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +17,8 @@ class Chef class Resource class ChocolateyFeature < Chef::Resource - resource_name :chocolatey_feature + unified_mode true + provides :chocolatey_feature description "Use the chocolatey_feature resource to enable and disable Chocolatey features." introduced "15.1" diff --git a/lib/chef/resource/chocolatey_package.rb b/lib/chef/resource/chocolatey_package.rb index d42a247c95..dd62aab8bb 100644 --- a/lib/chef/resource/chocolatey_package.rb +++ b/lib/chef/resource/chocolatey_package.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class ChocolateyPackage < Chef::Resource::Package - resource_name :chocolatey_package + unified_mode true + provides :chocolatey_package description "Use the chocolatey_package resource to manage packages using Chocolatey on the Microsoft Windows platform." diff --git a/lib/chef/resource/chocolatey_source.rb b/lib/chef/resource/chocolatey_source.rb index f002d7d28b..5c52ec5b64 100644 --- a/lib/chef/resource/chocolatey_source.rb +++ b/lib/chef/resource/chocolatey_source.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2018-2019, Chef Software, Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +17,8 @@ class Chef class Resource class ChocolateySource < Chef::Resource - resource_name :chocolatey_source + unified_mode true + provides :chocolatey_source description "Use the chocolatey_source resource to add, remove, enable, or disable Chocolatey sources." introduced "14.3" diff --git a/lib/chef/resource/cookbook_file.rb b/lib/chef/resource/cookbook_file.rb index d2c38d92dc..aa81e5a4fa 100644 --- a/lib/chef/resource/cookbook_file.rb +++ b/lib/chef/resource/cookbook_file.rb @@ -2,7 +2,7 @@ # Author:: Adam Jacob (<adam@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,7 +29,7 @@ class Chef include Chef::Mixin::Securable unified_mode true - resource_name :cookbook_file + provides :cookbook_file description "Use the cookbook_file resource to transfer files from a sub-directory of COOKBOOK_NAME/files/ to a specified path located on a host that is running the #{Chef::Dist::PRODUCT}. The file is selected according to file specificity, which allows different source files to be used based on the hostname, host platform (operating system, distro, or as appropriate), or platform version. Files that are located in the COOKBOOK_NAME/files/default sub-directory may be used on any platform.\n\nDuring a #{Chef::Dist::PRODUCT} run, the checksum for each local file is calculated and then compared against the checksum for the same file as it currently exists in the cookbook on the #{Chef::Dist::SERVER_PRODUCT}. A file is not transferred when the checksums match. Only files that require an update are transferred from the #{Chef::Dist::SERVER_PRODUCT} to a node." diff --git a/lib/chef/resource/cron.rb b/lib/chef/resource/cron.rb index dbc6a998cc..ff28550001 100644 --- a/lib/chef/resource/cron.rb +++ b/lib/chef/resource/cron.rb @@ -23,7 +23,7 @@ require_relative "../provider/cron" # do not remove. we actually need this below class Chef class Resource class Cron < Chef::Resource - resource_name :cron + unified_mode true provides :cron description "Use the cron resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron." @@ -135,7 +135,7 @@ class Chef end property :time, Symbol, - description: "A time interval. Possible values: :annually, :daily, :hourly, :midnight, :monthly, :reboot, :weekly, or :yearly.", + description: "A time interval.", equal_to: Chef::Provider::Cron::SPECIAL_TIME_VALUES property :mailto, String, @@ -162,6 +162,35 @@ class Chef description: "A Hash of environment variables in the form of ({'ENV_VARIABLE' => 'VALUE'}).", default: lazy { {} } + TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze + TIMEOUT_REGEX = /\A\S+/.freeze + + property :time_out, Hash, + description: "A Hash of timeouts in the form of ({'OPTION' => 'VALUE'}). + Accepted valid options are: + preserve-status (BOOL, default: 'false'), + foreground (BOOL, default: 'false'), + kill-after (in seconds), + signal (a name like 'HUP' or a number)", + default: lazy { {} }, + introduced: "15.7", + coerce: proc { |h| + if h.is_a?(Hash) + invalid_keys = h.keys - TIMEOUT_OPTS + unless invalid_keys.empty? + error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"! You passed \"#{invalid_keys.join(", ")}\"." + raise Chef::Exceptions::ValidationFailed, error_msg + end + unless h.values.all? { |x| x =~ TIMEOUT_REGEX } + error_msg = "Values of option time_out should be non-empty string without any leading whitespaces." + raise Chef::Exceptions::ValidationFailed, error_msg + end + h + elsif h.is_a?(Integer) || h.is_a?(String) + { "duration" => h } + end + } + private def integerize(integerish) diff --git a/lib/chef/resource/cron_access.rb b/lib/chef/resource/cron_access.rb index 3ee371e9fa..0addc1ce98 100644 --- a/lib/chef/resource/cron_access.rb +++ b/lib/chef/resource/cron_access.rb @@ -3,7 +3,7 @@ # Author:: Tim Smith <tsmith@chef.io> # # Copyright:: 2014-2018, Sander Botman -# Copyright:: 2018-2019, Chef Software, Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,8 @@ require_relative "../resource" class Chef class Resource class CronAccess < Chef::Resource - resource_name :cron_access + unified_mode true + provides :cron_access provides(:cron_manage) # legacy name @todo in Chef 15 we should { true } this so it wins over the cookbook introduced "14.4" @@ -43,7 +44,7 @@ class Chef Specify the username with the user property ```ruby - cron_access 'Deny the tomcat access to cron for security purposes' do + cron_access 'Deny the jenkins user access to cron for security purposes' do user 'jenkins' action :deny end diff --git a/lib/chef/resource/cron_d.rb b/lib/chef/resource/cron_d.rb index ca3b91a4b2..befe951a35 100644 --- a/lib/chef/resource/cron_d.rb +++ b/lib/chef/resource/cron_d.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2008-2019, Chef Software, Inc. +# Copyright:: 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,8 @@ require_relative "../dist" class Chef class Resource class CronD < Chef::Resource - resource_name :cron_d + unified_mode true + provides :cron_d introduced "14.4" description "Use the cron_d resource to manage cron definitions in /etc/cron.d. This is similar to the 'cron' resource, but it does not use the monolithic /etc/crontab file." @@ -146,7 +147,7 @@ class Chef property :cookbook, String, desired_state: false property :predefined_value, String, - description: 'Schedule your cron job with one of the special predefined value instead of ** * pattern. This correspond to "@reboot", "@yearly", "@annually", "@monthly", "@weekly", "@daily", "@midnight" or "@hourly".', + description: "Schedule your cron job with one of the special predefined value instead of ** * pattern.", equal_to: %w{ @reboot @yearly @annually @monthly @weekly @daily @midnight @hourly } property :minute, [Integer, String], @@ -206,6 +207,35 @@ class Chef description: "A Hash containing additional arbitrary environment variables under which the cron job will be run in the form of ``({'ENV_VARIABLE' => 'VALUE'})``.", default: lazy { {} } + TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze + TIMEOUT_REGEX = /\A\S+/.freeze + + property :time_out, Hash, + description: "A Hash of timeouts in the form of ({'OPTION' => 'VALUE'}). + Accepted valid options are: + preserve-status (BOOL, default: 'false'), + foreground (BOOL, default: 'false'), + kill-after (in seconds), + signal (a name like 'HUP' or a number)", + default: lazy { {} }, + introduced: "15.7", + coerce: proc { |h| + if h.is_a?(Hash) + invalid_keys = h.keys - TIMEOUT_OPTS + unless invalid_keys.empty? + error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"! You passed \"#{invalid_keys.join(", ")}\"." + raise Chef::Exceptions::ValidationFailed, error_msg + end + unless h.values.all? { |x| x =~ TIMEOUT_REGEX } + error_msg = "Values of option time_out should be non-empty string without any leading whitespaces." + raise Chef::Exceptions::ValidationFailed, error_msg + end + h + elsif h.is_a?(Integer) || h.is_a?(String) + { "duration" => h } + end + } + property :mode, [String, Integer], description: "The octal mode of the generated crontab file.", default: "0600" diff --git a/lib/chef/resource/csh.rb b/lib/chef/resource/csh.rb index ea8e44c175..4e4d7d9bda 100644 --- a/lib/chef/resource/csh.rb +++ b/lib/chef/resource/csh.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,8 @@ class Chef class Csh < Chef::Resource::Script unified_mode true + provides :csh + description "Use the csh resource to execute scripts using the csh interpreter."\ " This resource may also use any of the actions and properties that are"\ " available to the execute resource. Commands that are executed with this"\ diff --git a/lib/chef/resource/directory.rb b/lib/chef/resource/directory.rb index b817a3ff08..c8356f64ac 100644 --- a/lib/chef/resource/directory.rb +++ b/lib/chef/resource/directory.rb @@ -2,7 +2,7 @@ # Author:: Adam Jacob (<adam@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,7 +26,7 @@ class Chef class Directory < Chef::Resource unified_mode true - resource_name :directory + provides :directory description "Use the directory resource to manage a directory, which is a hierarchy"\ " of folders that comprises all of the information stored on a computer."\ diff --git a/lib/chef/resource/dmg_package.rb b/lib/chef/resource/dmg_package.rb index cb115a235f..63895a1b9b 100644 --- a/lib/chef/resource/dmg_package.rb +++ b/lib/chef/resource/dmg_package.rb @@ -1,6 +1,6 @@ # # Author:: Joshua Timberman (<jtimberman@chef.io>) -# Copyright:: 2011-2019, Chef Software Inc. +# Copyright:: 2011-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,8 @@ require_relative "../resource" class Chef class Resource class DmgPackage < Chef::Resource - resource_name :dmg_package + unified_mode true + provides(:dmg_package) { true } description "Use the dmg_package resource to install a package from a .dmg file. The resource will retrieve the dmg file from a remote URL, mount it using OS X's hdidutil, copy the application (.app directory) to the specified destination (/Applications), and detach the image using hdiutil. The dmg file will be stored in the Chef::Config[:file_cache_path]." @@ -129,8 +130,8 @@ class Chef end end - ruby_block "attach #{dmg_file}" do - block do + unless dmg_attached? + converge_by "attach #{dmg_file}" do raise "This DMG package requires EULA acceptance. Add 'accept_eula true' to dmg_package resource to accept the EULA during installation." if software_license_agreement? && !new_resource.accept_eula attach_cmd = new_resource.accept_eula ? "yes | " : "" @@ -138,7 +139,6 @@ class Chef shell_out!(attach_cmd, env: { "PAGER" => "true" }) end - not_if { dmg_attached? } end case new_resource.type diff --git a/lib/chef/resource/dnf_package.rb b/lib/chef/resource/dnf_package.rb index b4eabbc3c7..987ca8b89c 100644 --- a/lib/chef/resource/dnf_package.rb +++ b/lib/chef/resource/dnf_package.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2019, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,7 +26,8 @@ class Chef extend Chef::Mixin::Which extend Chef::Mixin::ShellOut - resource_name :dnf_package + unified_mode true + provides :dnf_package # all rhel variants >= 8 will use DNF provides :package, platform_family: "rhel", platform_version: ">= 8" @@ -39,8 +40,6 @@ class Chef which("dnf") end - provides :dnf_package - description "Use the dnf_package resource to install, upgrade, and remove packages with DNF for Fedora and RHEL 8+. The dnf_package resource is able to resolve provides data for packages much like DNF can do when it is run from the command line. This allows a variety of options for installing packages, like minimum versions, virtual provides and library names." introduced "12.18" diff --git a/lib/chef/resource/dpkg_package.rb b/lib/chef/resource/dpkg_package.rb index 116e17d6a6..87739aaf48 100644 --- a/lib/chef/resource/dpkg_package.rb +++ b/lib/chef/resource/dpkg_package.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software, Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class DpkgPackage < Chef::Resource::Package - resource_name :dpkg_package + unified_mode true + provides :dpkg_package description "Use the dpkg_package resource to manage packages for the dpkg platform. When a package is installed from a local file, it must be added to the node using the remote_file or cookbook_file resources." diff --git a/lib/chef/resource/dsc_resource.rb b/lib/chef/resource/dsc_resource.rb index fe47d7fd1a..686f09a157 100644 --- a/lib/chef/resource/dsc_resource.rb +++ b/lib/chef/resource/dsc_resource.rb @@ -1,7 +1,7 @@ # # Author:: Adam Edwards (<adamed@chef.io>) # -# Copyright:: Copyright 2014-2016, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,8 @@ require_relative "../dist" class Chef class Resource class DscResource < Chef::Resource - resource_name :dsc_resource + unified_mode true + provides :dsc_resource description "The dsc_resource resource allows any DSC resource to be used in a recipe, as well as any custom resources that have been added to your Windows PowerShell environment. Microsoft frequently adds new resources to the DSC resource collection." diff --git a/lib/chef/resource/dsc_script.rb b/lib/chef/resource/dsc_script.rb index 2ebb224b5b..9229c3c541 100644 --- a/lib/chef/resource/dsc_script.rb +++ b/lib/chef/resource/dsc_script.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2014-2016, Chef Software, Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,7 +26,7 @@ class Chef class DscScript < Chef::Resource include Chef::DSL::Powershell - resource_name :dsc_script + unified_mode true provides :dsc_script description "Many DSC resources are comparable to built-in #{Chef::Dist::PRODUCT} resources. For example, both DSC and #{Chef::Dist::PRODUCT} have file, package, and service resources. The dsc_script resource is most useful for those DSC resources that do not have a direct comparison to a resource in #{Chef::Dist::PRODUCT}, such as the Archive resource, a custom DSC resource, an existing DSC script that performs an important task, and so on. Use the dsc_script resource to embed the code that defines a DSC configuration directly within a #{Chef::Dist::PRODUCT} recipe." diff --git a/lib/chef/resource/execute.rb b/lib/chef/resource/execute.rb index ecb1944742..7073ddc604 100644 --- a/lib/chef/resource/execute.rb +++ b/lib/chef/resource/execute.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,7 +25,6 @@ class Chef class Execute < Chef::Resource unified_mode true - resource_name :execute provides :execute, target_mode: true description "Use the execute resource to execute a single command. Commands that"\ @@ -131,7 +130,7 @@ class Chef end def validate_identity_platform(specified_user, password = nil, specified_domain = nil, elevated = false) - if node[:platform_family] == "windows" + if windows? if specified_user && password.nil? raise ArgumentError, "A value for `password` must be specified when a value for `user` is specified on the Windows platform" end diff --git a/lib/chef/resource/file.rb b/lib/chef/resource/file.rb index a8e3bd3a88..73d6f2de27 100644 --- a/lib/chef/resource/file.rb +++ b/lib/chef/resource/file.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,6 +30,8 @@ class Chef include Chef::Mixin::Securable unified_mode true + provides :file + description "Use the file resource to manage files directly on a node." if ChefUtils.windows? diff --git a/lib/chef/resource/file/verification.rb b/lib/chef/resource/file/verification.rb index 7cd3144509..59d0981ddc 100644 --- a/lib/chef/resource/file/verification.rb +++ b/lib/chef/resource/file/verification.rb @@ -63,6 +63,7 @@ class Chef class Verification extend Chef::Mixin::DescendantsTracker + attr_reader :output def self.provides(name) @provides = name @@ -117,7 +118,9 @@ class Chef command = @command % { path: path } interpreter = Chef::GuardInterpreter.for_resource(@parent_resource, command, @command_opts) - interpreter.evaluate + ret = interpreter.evaluate + @output = interpreter.output + ret end def verify_registered_verification(path, opts) diff --git a/lib/chef/resource/freebsd_package.rb b/lib/chef/resource/freebsd_package.rb index dccb1e1a4f..ae7c9ebb21 100644 --- a/lib/chef/resource/freebsd_package.rb +++ b/lib/chef/resource/freebsd_package.rb @@ -1,7 +1,7 @@ # # Authors:: AJ Christensen (<aj@chef.io>) # Richard Manyanza (<liseki@nyikacraftsmen.com>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # Copyright:: Copyright 2014-2016, Richard Manyanza. # License:: Apache License, Version 2.0 # @@ -21,14 +21,12 @@ require_relative "package" require_relative "../provider/package/freebsd/port" require_relative "../provider/package/freebsd/pkgng" -require_relative "../mixin/shell_out" class Chef class Resource class FreebsdPackage < Chef::Resource::Package - include Chef::Mixin::ShellOut - - resource_name :freebsd_package + unified_mode true + provides :freebsd_package provides :package, platform: "freebsd" description "Use the freebsd_package resource to manage packages for the FreeBSD platform." diff --git a/lib/chef/resource/gem_package.rb b/lib/chef/resource/gem_package.rb index 30e9edf0b4..a8e16841dc 100644 --- a/lib/chef/resource/gem_package.rb +++ b/lib/chef/resource/gem_package.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,8 @@ require_relative "../dist" class Chef class Resource class GemPackage < Chef::Resource::Package - resource_name :gem_package + unified_mode true + provides :gem_package description "Use the gem_package resource to manage gem packages that are only included in recipes. When a package is installed from a local file, it must be added to the node using the remote_file or cookbook_file resources." diff --git a/lib/chef/resource/git.rb b/lib/chef/resource/git.rb index a59febbacc..b6d914b8f5 100644 --- a/lib/chef/resource/git.rb +++ b/lib/chef/resource/git.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@kallistec.com>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,6 +23,8 @@ class Chef class Git < Chef::Resource::Scm unified_mode true + provides :git + description "Use the git resource to manage source control resources that exist in a git repository. git version 1.6.5 (or higher) is required to use all of the functionality in the git resource." property :additional_remotes, Hash, diff --git a/lib/chef/resource/group.rb b/lib/chef/resource/group.rb index b7f44cd239..d2948b36c7 100644 --- a/lib/chef/resource/group.rb +++ b/lib/chef/resource/group.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,8 @@ class Chef description "Use the group resource to manage a local group." + provides :group + allowed_actions :create, :remove, :modify, :manage default_action :create diff --git a/lib/chef/resource/homebrew_cask.rb b/lib/chef/resource/homebrew_cask.rb index 70e1d7c6bb..347e1ca435 100644 --- a/lib/chef/resource/homebrew_cask.rb +++ b/lib/chef/resource/homebrew_cask.rb @@ -2,7 +2,7 @@ # Author:: Joshua Timberman (<jtimberman@chef.io>) # Author:: Graeme Mathieson (<mathie@woss.name>) # -# Copyright:: 2011-2018, Chef Software, Inc. +# Copyright:: 2011-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,8 @@ require_relative "../mixin/homebrew_user" class Chef class Resource class HomebrewCask < Chef::Resource - resource_name :homebrew_cask + unified_mode true + provides(:homebrew_cask) { true } description "Use the homebrew_cask resource to install binaries distributed via the Homebrew package manager." diff --git a/lib/chef/resource/homebrew_package.rb b/lib/chef/resource/homebrew_package.rb index 55c61478ec..3a091241db 100644 --- a/lib/chef/resource/homebrew_package.rb +++ b/lib/chef/resource/homebrew_package.rb @@ -2,8 +2,7 @@ # Author:: Joshua Timberman (<joshua@chef.io>) # Author:: Graeme Mathieson (<mathie@woss.name>) # -# Copyright 2011-2016, Chef Software Inc. -# Copyright 2014-2016, Chef Software, Inc <legal@chef.io> +# Copyright:: 2011-2020, Chef Software Inc.<legal@chef.io> # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +24,9 @@ require_relative "../dist" class Chef class Resource class HomebrewPackage < Chef::Resource::Package - resource_name :homebrew_package + unified_mode true + + provides :homebrew_package provides :package, os: "darwin" description "Use the homebrew_package resource to manage packages for the macOS platform." diff --git a/lib/chef/resource/homebrew_tap.rb b/lib/chef/resource/homebrew_tap.rb index 23738d6e51..3990d90179 100644 --- a/lib/chef/resource/homebrew_tap.rb +++ b/lib/chef/resource/homebrew_tap.rb @@ -2,7 +2,7 @@ # Author:: Joshua Timberman (<jtimberman@chef.io>) # Author:: Graeme Mathieson (<mathie@woss.name>) # -# Copyright:: 2011-2018, Chef Software, Inc. +# Copyright:: 2011-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,8 @@ require_relative "../mixin/homebrew_user" class Chef class Resource class HomebrewTap < Chef::Resource - resource_name :homebrew_tap + unified_mode true + provides(:homebrew_tap) { true } description "Use the homebrew_tap resource to add additional formula repositories to the Homebrew package manager." diff --git a/lib/chef/resource/hostname.rb b/lib/chef/resource/hostname.rb index dab599c272..e2d3465d96 100644 --- a/lib/chef/resource/hostname.rb +++ b/lib/chef/resource/hostname.rb @@ -19,21 +19,33 @@ class Chef # Sets the hostname and updates /etc/hosts on *nix systems # @since 14.0.0 class Hostname < Chef::Resource - resource_name :hostname + unified_mode true + provides :hostname - description "Use the hostname resource to set the system's hostname, configure hostname and hosts config"\ - " file, and re-run the Ohai hostname plugin so the hostname will be available in subsequent cookbooks." + description "Use the hostname resource to set the system's hostname, configure hostname and hosts config file, and re-run the Ohai hostname plugin so the hostname will be available in subsequent cookbooks." introduced "14.0" + examples <<~DOC + Set the hostname using the IP address, as detected by Ohai + + ```ruby + hostname 'example' + ``` + + Manually specify the hostname and IP address + + ```ruby + hostname 'statically_configured_host' do + hostname 'example' + ipaddress '198.51.100.2' + end + ``` + DOC property :hostname, String, description: "An optional property to set the hostname if it differs from the resource block's name.", name_property: true - property :compile_time, [ TrueClass, FalseClass ], - description: "Determines whether or not the resource should be run at compile time.", - default: true, desired_state: false - property :ipaddress, String, description: "The IP address to use when configuring the hosts file.", default: lazy { node["ipaddress"] }, default_description: "The node's IP address as determined by Ohai." @@ -42,6 +54,11 @@ class Chef description: "An array of hostname aliases to use when configuring the hosts file.", default: nil + # override compile_time property to be true by default + property :compile_time, [ TrueClass, FalseClass ], + description: "Determines whether or not the resource should be run at compile time.", + default: true, desired_state: false + property :windows_reboot, [ TrueClass, FalseClass ], description: "Determines whether or not Windows should be reboot after changing the hostname, as this is required for the change to take effect.", default: true @@ -82,7 +99,7 @@ class Chef action :set do description "Sets the node's hostname." - if node["platform_family"] != "windows" + if !windows? ohai "reload hostname" do plugin "hostname" action :nothing @@ -125,7 +142,7 @@ class Chef not_if { shell_out!("/usr/sbin/scutil --get LocalHostName").stdout.chomp == shortname } notifies :reload, "ohai[reload hostname]" end - when node["os"] == "linux" + when linux? case when ::File.exist?("/usr/bin/hostnamectl") && !docker? # use hostnamectl whenever we find it on linux (as systemd takes over the world) @@ -251,17 +268,6 @@ class Chef end end end - - # this resource forces itself to run at compile_time - # - # @return [void] - def after_created - if compile_time - Array(action).each do |action| - run_action(action) - end - end - end end end end diff --git a/lib/chef/resource/http_request.rb b/lib/chef/resource/http_request.rb index bf03d6b917..8042db4c9e 100644 --- a/lib/chef/resource/http_request.rb +++ b/lib/chef/resource/http_request.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,6 @@ class Chef class HttpRequest < Chef::Resource unified_mode true - resource_name :http_request provides :http_request description "Use the http_request resource to send an HTTP request (GET, PUT, POST, DELETE, HEAD, or OPTIONS) with an arbitrary message. This resource is often useful when custom callbacks are necessary." diff --git a/lib/chef/resource/ifconfig.rb b/lib/chef/resource/ifconfig.rb index 6b64ed0fa1..72e918b1e9 100644 --- a/lib/chef/resource/ifconfig.rb +++ b/lib/chef/resource/ifconfig.rb @@ -28,7 +28,7 @@ class Chef class Ifconfig < Chef::Resource unified_mode true - resource_name :ifconfig + provides :ifconfig description "Use the ifconfig resource to manage interfaces on Unix and Linux systems." diff --git a/lib/chef/resource/ips_package.rb b/lib/chef/resource/ips_package.rb index 66cee48aee..0504a430ef 100644 --- a/lib/chef/resource/ips_package.rb +++ b/lib/chef/resource/ips_package.rb @@ -1,6 +1,6 @@ # # Author:: Jason Williams (<williamsjj@digitar.com>) -# Copyright:: Copyright 2011-2016, Chef Software Inc. +# Copyright:: Copyright 2011-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,9 +22,10 @@ require_relative "../provider/package/ips" class Chef class Resource class IpsPackage < ::Chef::Resource::Package - resource_name :ips_package - provides :package, os: "solaris2" + unified_mode true + provides :ips_package + provides :package, os: "solaris2" description "Use the ips_package resource to manage packages (using Image Packaging System (IPS)) on the Solaris 11 platform." diff --git a/lib/chef/resource/kernel_module.rb b/lib/chef/resource/kernel_module.rb index 2f9b7748f6..be8b007035 100644 --- a/lib/chef/resource/kernel_module.rb +++ b/lib/chef/resource/kernel_module.rb @@ -3,15 +3,17 @@ # # The MIT License (MIT) # -# Copyright 2016-2018, Shopify Inc. -# Copyright 2018, Chef Software, Inc. +# Copyright:: 2016-2018, Shopify Inc. +# Copyright:: 2018-2020, Chef Software Inc. require_relative "../resource" class Chef class Resource class KernelModule < Chef::Resource - resource_name :kernel_module + unified_mode true + + provides :kernel_module description "Use the kernel_module resource to manage kernel modules on Linux systems. This resource can load, unload, blacklist, disable, install, and uninstall modules." introduced "14.3" @@ -81,15 +83,22 @@ class Chef action :install do description "Load kernel module, and ensure it loads on reboot." + with_run_context :root do + find_resource(:execute, "update initramfs") do + command initramfs_command + action :nothing + end + end + # create options file before loading the module unless new_resource.options.nil? file "#{new_resource.unload_dir}/options_#{new_resource.modname}.conf" do content "options #{new_resource.modname} #{new_resource.options.join(" ")}\n" - end.run_action(:create) + end end # load the module first before installing - new_resource.run_action(:load) + action_load directory new_resource.load_dir do recursive true @@ -99,17 +108,16 @@ class Chef content "#{new_resource.modname}\n" notifies :run, "execute[update initramfs]", :delayed end + end + action :uninstall do + description "Unload a kernel module and remove module config, so it doesn't load on reboot." with_run_context :root do find_resource(:execute, "update initramfs") do command initramfs_command action :nothing end end - end - - action :uninstall do - description "Unload a kernel module and remove module config, so it doesn't load on reboot." file "#{new_resource.load_dir}/#{new_resource.modname}.conf" do action :delete @@ -125,24 +133,12 @@ class Chef action :delete end - with_run_context :root do - find_resource(:execute, "update initramfs") do - command initramfs_command - action :nothing - end - end - - new_resource.run_action(:unload) + action_unload end action :blacklist do description "Blacklist a kernel module." - file "#{new_resource.unload_dir}/blacklist_#{new_resource.modname}.conf" do - content "blacklist #{new_resource.modname}" - notifies :run, "execute[update initramfs]", :delayed - end - with_run_context :root do find_resource(:execute, "update initramfs") do command initramfs_command @@ -150,17 +146,17 @@ class Chef end end - new_resource.run_action(:unload) + file "#{new_resource.unload_dir}/blacklist_#{new_resource.modname}.conf" do + content "blacklist #{new_resource.modname}" + notifies :run, "execute[update initramfs]", :delayed + end + + action_unload end action :disable do description "Disable a kernel module." - file "#{new_resource.unload_dir}/disable_#{new_resource.modname}.conf" do - content "install #{new_resource.modname} /bin/false" - notifies :run, "execute[update initramfs]", :delayed - end - with_run_context :root do find_resource(:execute, "update initramfs") do command initramfs_command @@ -168,7 +164,12 @@ class Chef end end - new_resource.run_action(:unload) + file "#{new_resource.unload_dir}/disable_#{new_resource.modname}.conf" do + content "install #{new_resource.modname} /bin/false" + notifies :run, "execute[update initramfs]", :delayed + end + + action_unload end action :load do diff --git a/lib/chef/resource/ksh.rb b/lib/chef/resource/ksh.rb index 0ebcfaaba6..c80a373b17 100644 --- a/lib/chef/resource/ksh.rb +++ b/lib/chef/resource/ksh.rb @@ -1,6 +1,6 @@ # # Author:: Nolan Davidson (<nolan.davidson@gmail.com>) -# Copyright:: Copyright 2015-2016, Chef Software, Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,6 +23,8 @@ class Chef class Ksh < Chef::Resource::Script unified_mode true + provides :ksh + description "Use the ksh resource to execute scripts using the Korn shell (ksh)"\ " interpreter. This resource may also use any of the actions and properties"\ " that are available to the execute resource. Commands that are executed"\ diff --git a/lib/chef/resource/launchd.rb b/lib/chef/resource/launchd.rb index 39d95bbf69..87addde5d7 100644 --- a/lib/chef/resource/launchd.rb +++ b/lib/chef/resource/launchd.rb @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class Launchd < Chef::Resource - resource_name :launchd provides :launchd description "Use the launchd resource to manage system-wide services (daemons) and per-user services (agents) on the macOS platform." diff --git a/lib/chef/resource/link.rb b/lib/chef/resource/link.rb index df4ab81dd1..7758e27433 100644 --- a/lib/chef/resource/link.rb +++ b/lib/chef/resource/link.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,7 +26,6 @@ class Chef include Chef::Mixin::Securable unified_mode true - resource_name :link provides :link description "Use the link resource to create symbolic or hard links.\n\n"\ @@ -44,11 +43,6 @@ class Chef default_action :create allowed_actions :create, :delete - def initialize(name, run_context = nil) - verify_links_supported! - super - end - property :target_file, String, description: "An optional property to set the target file if it differs from the resource block's name.", name_property: true, identity: true @@ -73,22 +67,6 @@ class Chef def path target_file end - - private - - # On certain versions of windows links are not supported. Make - # sure we are not on such a platform. - def verify_links_supported! - if ChefUtils.windows? - require_relative "../win32/file" - begin - Chef::ReservedNames::Win32::File.verify_links_supported! - rescue Chef::Exceptions::Win32APIFunctionNotImplemented => e - Chef::Log.fatal("Link resource is not supported on this version of Windows") - raise e - end - end - end end end end diff --git a/lib/chef/resource/locale.rb b/lib/chef/resource/locale.rb index 2aba948b5d..4e8cfaf96a 100644 --- a/lib/chef/resource/locale.rb +++ b/lib/chef/resource/locale.rb @@ -1,6 +1,6 @@ # # Copyright:: 2011-2016, Heavy Water Software Inc. -# Copyright:: 2016-2018, Chef Software Inc. +# Copyright:: 2016-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,8 @@ require_relative "../dist" class Chef class Resource class Locale < Chef::Resource - resource_name :locale + unified_mode true + provides :locale description "Use the locale resource to set the system's locale." introduced "14.5" @@ -66,12 +67,10 @@ class Chef action :update do description "Update the system's locale." - begin - unless up_to_date? - converge_by "Updating System Locale" do - generate_locales unless unavailable_locales.empty? - update_locale - end + unless up_to_date? + converge_by "Updating System Locale" do + generate_locales unless unavailable_locales.empty? + update_locale end end end diff --git a/lib/chef/resource/log.rb b/lib/chef/resource/log.rb index 969b448b17..b32ad7fdef 100644 --- a/lib/chef/resource/log.rb +++ b/lib/chef/resource/log.rb @@ -1,7 +1,7 @@ # # Author:: Cary Penniman (<cary@rightscale.com>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -31,7 +31,6 @@ class Chef class Log < Chef::Resource unified_mode true - resource_name :log provides :log, target_mode: true description "Use the log resource to create log entries. The log resource behaves"\ @@ -50,6 +49,18 @@ class Chef allowed_actions :write default_action :write + + def suppress_up_to_date_messages? + true + end + + # Write the log to Chef's log + # + # @return [true] Always returns true + action :write do + logger.send(new_resource.level, new_resource.message) + new_resource.updated_by_last_action(true) if Chef::Config[:count_log_resource_updates] + end end end end diff --git a/lib/chef/resource/lwrp_base.rb b/lib/chef/resource/lwrp_base.rb index 0e19e59d6f..152482434f 100644 --- a/lib/chef/resource/lwrp_base.rb +++ b/lib/chef/resource/lwrp_base.rb @@ -2,7 +2,7 @@ # Author:: Adam Jacob (<adam@chef.io>) # Author:: Christopher Walters (<cw@chef.io>) # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -51,6 +51,7 @@ class Chef resource_class = Class.new(self) resource_class.run_context = run_context + resource_class.provides resource_name.to_sym resource_class.class_from_file(filename) # Make a useful string for the class (rather than <Class:312894723894>) @@ -65,10 +66,6 @@ class Chef LWRPBase.loaded_lwrps[filename] = true - # wire up the default resource name after the class is parsed only if we haven't declared one. - # (this ordering is important for MapCollision deprecation warnings) - resource_class.resource_name resource_name.to_sym if resource_class.resource_name.nil? - resource_class end diff --git a/lib/chef/resource/macos_userdefaults.rb b/lib/chef/resource/macos_userdefaults.rb index 02d65baee4..659dd1dde8 100644 --- a/lib/chef/resource/macos_userdefaults.rb +++ b/lib/chef/resource/macos_userdefaults.rb @@ -1,6 +1,6 @@ # # Copyright:: 2011-2018, Joshua Timberman -# Copyright:: 2018, Chef Software, Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,10 +20,11 @@ require_relative "../resource" class Chef class Resource class MacosUserDefaults < Chef::Resource + unified_mode true + # align with apple's marketing department - resource_name :macos_userdefaults - provides(:mac_os_x_userdefaults) { true } provides(:macos_userdefaults) { true } + provides(:mac_os_x_userdefaults) { true } description "Use the macos_userdefaults resource to manage the macOS user defaults system. The properties of this resource are passed to the defaults command, and the parameters follow the convention of that command. See the defaults(1) man page for details on how the tool works." introduced "14.0" @@ -106,7 +107,9 @@ class Chef cmd << "-#{type}" if type cmd << value - declare_resource(:execute, cmd.join(" ")) do + # FIXME: this should use cmd directly as an array argument, but then the quoting + # of indiviual args above needs to be removed as well. + execute cmd.join(" ") do user new_resource.user unless new_resource.user.nil? end end diff --git a/lib/chef/resource/macosx_service.rb b/lib/chef/resource/macosx_service.rb index 6c055a1ee9..c3a4588b5b 100644 --- a/lib/chef/resource/macosx_service.rb +++ b/lib/chef/resource/macosx_service.rb @@ -21,7 +21,8 @@ require_relative "service" class Chef class Resource class MacosxService < Chef::Resource::Service - resource_name :macosx_service + unified_mode true + provides :macosx_service provides :service, os: "darwin" diff --git a/lib/chef/resource/macports_package.rb b/lib/chef/resource/macports_package.rb index a1eff28051..256048928a 100644 --- a/lib/chef/resource/macports_package.rb +++ b/lib/chef/resource/macports_package.rb @@ -1,6 +1,6 @@ # # Author:: David Balatero (<dbalatero@gmail.com>) -# Copyright:: Copyright 2009-2016, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,7 @@ require_relative "package" class Chef class Resource class MacportsPackage < Chef::Resource::Package - resource_name :macports_package + provides :macports_package description "Use the macports_package resource to manage packages for the macOS platform." end diff --git a/lib/chef/resource/mdadm.rb b/lib/chef/resource/mdadm.rb index aff90059a7..6ec547d133 100644 --- a/lib/chef/resource/mdadm.rb +++ b/lib/chef/resource/mdadm.rb @@ -22,7 +22,9 @@ require_relative "../resource" class Chef class Resource class Mdadm < Chef::Resource - resource_name :mdadm + unified_mode true + + provides :mdadm description "Use the mdadm resource to manage RAID devices in a Linux environment using the mdadm utility. The mdadm resource"\ " will create and assemble an array, but it will not create the config file that is used to persist the array upon"\ @@ -62,6 +64,64 @@ class Chef property :layout, String, description: "The RAID5 parity algorithm. Possible values: left-asymmetric (or la), left-symmetric (or ls), right-asymmetric (or ra), or right-symmetric (or rs)." + + action_class do + def load_current_resource + @current_resource = Chef::Resource::Mdadm.new(new_resource.name) + current_resource.raid_device(new_resource.raid_device) + logger.trace("#{new_resource} checking for software raid device #{current_resource.raid_device}") + + device_not_found = 4 + mdadm = shell_out!("mdadm", "--detail", "--test", new_resource.raid_device, returns: [0, device_not_found]) + exists = (mdadm.status == 0) + current_resource.exists(exists) + end + end + + action :create do + unless current_resource.exists + converge_by("create RAID device #{new_resource.raid_device}") do + command = "yes | mdadm --create #{new_resource.raid_device} --level #{new_resource.level}" + command << " --chunk=#{new_resource.chunk}" unless new_resource.level == 1 + command << " --metadata=#{new_resource.metadata}" + command << " --bitmap=#{new_resource.bitmap}" if new_resource.bitmap + command << " --layout=#{new_resource.layout}" if new_resource.layout + command << " --raid-devices #{new_resource.devices.length} #{new_resource.devices.join(" ")}" + logger.trace("#{new_resource} mdadm command: #{command}") + shell_out!(command) + logger.info("#{new_resource} created raid device (#{new_resource.raid_device})") + end + else + logger.trace("#{new_resource} raid device already exists, skipping create (#{new_resource.raid_device})") + end + end + + action :assemble do + unless current_resource.exists + converge_by("assemble RAID device #{new_resource.raid_device}") do + command = "yes | mdadm --assemble #{new_resource.raid_device} #{new_resource.devices.join(" ")}" + logger.trace("#{new_resource} mdadm command: #{command}") + shell_out!(command) + logger.info("#{new_resource} assembled raid device (#{new_resource.raid_device})") + end + else + logger.trace("#{new_resource} raid device already exists, skipping assemble (#{new_resource.raid_device})") + end + end + + action :stop do + if current_resource.exists + converge_by("stop RAID device #{new_resource.raid_device}") do + command = "yes | mdadm --stop #{new_resource.raid_device}" + logger.trace("#{new_resource} mdadm command: #{command}") + shell_out!(command) + logger.info("#{new_resource} stopped raid device (#{new_resource.raid_device})") + end + else + logger.trace("#{new_resource} raid device doesn't exist (#{new_resource.raid_device}) - not stopping") + end + end + end end end diff --git a/lib/chef/resource/mount.rb b/lib/chef/resource/mount.rb index a9e6b3374b..15fabf2982 100644 --- a/lib/chef/resource/mount.rb +++ b/lib/chef/resource/mount.rb @@ -1,7 +1,7 @@ # # Author:: Joshua Timberman (<joshua@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2009-2018, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,8 @@ class Chef class Mount < Chef::Resource description "Use the mount resource to manage a mounted file system." + provides :mount + default_action :mount allowed_actions :mount, :umount, :unmount, :remount, :enable, :disable diff --git a/lib/chef/resource/msu_package.rb b/lib/chef/resource/msu_package.rb index a69f72001f..7ccd28ba95 100644 --- a/lib/chef/resource/msu_package.rb +++ b/lib/chef/resource/msu_package.rb @@ -1,6 +1,6 @@ # # Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,6 @@ class Chef class MsuPackage < Chef::Resource::Package include Chef::Mixin::Uris - resource_name :msu_package provides :msu_package description "Use the msu_package resource to install Microsoft Update(MSU) packages on Microsoft Windows machines." diff --git a/lib/chef/resource/notify_group.rb b/lib/chef/resource/notify_group.rb new file mode 100644 index 0000000000..cbbe917540 --- /dev/null +++ b/lib/chef/resource/notify_group.rb @@ -0,0 +1,75 @@ +# +# Copyright:: 2019-2020, Chef Software Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" +require_relative "../dist" + +class Chef + class Resource + class NotifyGroup < Chef::Resource + provides :notify_group + + unified_mode true + + description "The notify_group resource does nothing, and always fires notifications which are set on it. Use it to DRY blocks of notifications that are common to multiple resources, and provide a single target for other resources to notify. Unlike most resources, its default action is :nothing." + introduced "15.8" + examples <<~DOC + Wire up a notification from a service resource to stop and start the service with a 60 second delay. + + ```ruby + service "crude" do + action [ :enable, :start ] + end + + chef_sleep "60" do + action :nothing + end + + # Example code for a hypothetical badly behaved service that requires + # 60 seconds between a stop and start in order to restart the service + # (due to race conditions, bleeding connections down, resources that only + # slowly unlock in the background, or other poor software behaviors that + # are sometimes encountered). + # + notify_group "crude_stop_and_start" do + notifies :stop, "service[crude]", :immediately + notifies :sleep, "chef_sleep[60]", :immediately + notifies :start, "service[crude]", :immediately + end + + template "/etc/crude/crude.conf" do + source "crude.conf.erb" + variables node["crude"] + notifies :run, "notify_group[crude_stop_and_start]", :immediately + end + ``` + DOC + + action :run do + new_resource.updated_by_last_action(true) + end + + # This is deliberate. Users should be sending a single notification to a notify_group resource which then + # distributes multiple notifications. Having a notify_group run by default is unnecessary indirection and + # should be replaced by just running the resources in order. If resources need to be batch run multiple times + # per invocation then the resources themselves are not properly declarative idempotent resources, and the user + # is attempting to turn Chef into an imperative language using this construct and/or the batch of resources + # need to be turned into a custom resource. + # + default_action :nothing + end + end +end diff --git a/lib/chef/resource/ohai.rb b/lib/chef/resource/ohai.rb index b0559c84d4..d48743b9ac 100644 --- a/lib/chef/resource/ohai.rb +++ b/lib/chef/resource/ohai.rb @@ -25,7 +25,6 @@ class Chef class Ohai < Chef::Resource unified_mode true - resource_name :ohai provides :ohai description "Use the ohai resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{Chef::Dist::CLIENT} run." diff --git a/lib/chef/resource/ohai_hint.rb b/lib/chef/resource/ohai_hint.rb index 30d7a3bd0c..f96d79da3e 100644 --- a/lib/chef/resource/ohai_hint.rb +++ b/lib/chef/resource/ohai_hint.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2011-2018, Chef Software, Inc. +# Copyright:: Copyright 2011-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,8 @@ require_relative "../resource" class Chef class Resource class OhaiHint < Chef::Resource - resource_name :ohai_hint + unified_mode true + provides(:ohai_hint) { true } description "Use the ohai_hint resource to aid in configuration detection by passing hint data to Ohai." @@ -33,6 +34,7 @@ class Chef property :content, Hash, description: "Values to include in the hint file." + # override compile_time property to default to true property :compile_time, [TrueClass, FalseClass], description: "Determines whether or not the resource is executed during the compile time phase.", default: true, desired_state: false @@ -83,17 +85,6 @@ class Chef JSON.pretty_generate(content) end end - - # this resource forces itself to run at compile_time - # - # @return [void] - def after_created - return unless compile_time - - Array(action).each do |action| - run_action(action) - end - end end end end diff --git a/lib/chef/resource/openbsd_package.rb b/lib/chef/resource/openbsd_package.rb index b1321970b9..05d77b44dc 100644 --- a/lib/chef/resource/openbsd_package.rb +++ b/lib/chef/resource/openbsd_package.rb @@ -2,7 +2,7 @@ # Authors:: AJ Christensen (<aj@chef.io>) # Richard Manyanza (<liseki@nyikacraftsmen.com>) # Scott Bonds (<scott@ggr.com>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # Copyright:: Copyright 2014-2016, Richard Manyanza, Scott Bonds # License:: Apache License, Version 2.0 # @@ -21,14 +21,11 @@ require_relative "package" require_relative "../provider/package/openbsd" -require_relative "../mixin/shell_out" class Chef class Resource class OpenbsdPackage < Chef::Resource::Package - include Chef::Mixin::ShellOut - - resource_name :openbsd_package + provides :openbsd_package provides :package, os: "openbsd" description "Use the openbsd_package resource to manage packages for the OpenBSD platform." diff --git a/lib/chef/resource/openssl_dhparam.rb b/lib/chef/resource/openssl_dhparam.rb index 254a840a48..b4a8581595 100644 --- a/lib/chef/resource/openssl_dhparam.rb +++ b/lib/chef/resource/openssl_dhparam.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2009-2018, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,11 +23,20 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_dhparam provides(:openssl_dhparam) { true } description "Use the openssl_dhparam resource to generate dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten." introduced "14.0" + examples <<~DOC + Create a 1024bit dhparam file + + ```ruby + openssl_dhparam '/etc/ssl_files/dhparam.pem' do + key_length 1024 + action :create + end + ``` + DOC property :path, String, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.", diff --git a/lib/chef/resource/openssl_ec_private_key.rb b/lib/chef/resource/openssl_ec_private_key.rb index 746322dfc5..de6953f336 100644 --- a/lib/chef/resource/openssl_ec_private_key.rb +++ b/lib/chef/resource/openssl_ec_private_key.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # Author:: Julien Huon # License:: Apache License, Version 2.0 # @@ -24,10 +24,32 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_ec_private_key + provides :openssl_ec_private_key description "Use the openssl_ec_private_key resource to generate an elliptic curve (EC) private key file. If a valid EC key file can be opened at the specified location, no new file will be created. If the EC key file cannot be opened, either because it does not exist or because the password to the EC key file does not match the password in the recipe, then it will be overwritten." introduced "14.4" + examples <<~DOC + Generate a new ec privatekey with prime256v1 key curve and default des3 cipher + + ```ruby + openssl_ec_private_key '/etc/ssl_files/eckey_prime256v1_des3.pem' do + key_curve 'prime256v1' + key_pass 'something' + action :create + end + ``` + + Generate a new ec private key with prime256v1 key curve and aes-128-cbc cipher + + ```ruby + openssl_ec_private_key '/etc/ssl_files/eckey_prime256v1_des3.pem' do + key_curve 'prime256v1' + key_cipher 'aes-128-cbc' + key_pass 'something' + action :create + end + ``` + DOC property :path, String, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.", diff --git a/lib/chef/resource/openssl_ec_public_key.rb b/lib/chef/resource/openssl_ec_public_key.rb index 0be9885df6..080e6976ce 100644 --- a/lib/chef/resource/openssl_ec_public_key.rb +++ b/lib/chef/resource/openssl_ec_public_key.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # Author:: Julien Huon # License:: Apache License, Version 2.0 # @@ -24,10 +24,30 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_ec_public_key + provides :openssl_ec_public_key description "Use the openssl_ec_public_key resource to generate elliptic curve (EC) public key files from a given EC private key." introduced "14.4" + examples <<~DOC + Generate new ec public key from a private key on disk + + ```ruby + openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3.pub' do + private_key_path '/etc/ssl_files/eckey_prime256v1_des3.pem' + private_key_pass 'something' + action :create + end + ``` + + Generate new ec public key by passing in a private key + + ```ruby + openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3_2.pub' do + private_key_content "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEII2VAU9re44mAUzYPWCg+qqwdmP8CplsEg0b/DYPXLg2oAoGCCqGSM49\nAwEHoUQDQgAEKkpMCbIQ2C6Qlp/B+Odp1a9Y06Sm8yqPvCVIkWYP7M8PX5+RmoIv\njGBVf/+mVBx77ji3NpTilMUt2KPZ87lZ3w==\n-----END EC PRIVATE KEY-----\n" + action :create + end + ``` + DOC property :path, String, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.", diff --git a/lib/chef/resource/openssl_rsa_private_key.rb b/lib/chef/resource/openssl_rsa_private_key.rb index 38ffa2c394..805db33a39 100644 --- a/lib/chef/resource/openssl_rsa_private_key.rb +++ b/lib/chef/resource/openssl_rsa_private_key.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2009-2018, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,12 +23,31 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_rsa_private_key provides(:openssl_rsa_private_key) { true } provides(:openssl_rsa_key) { true } # legacy cookbook resource name description "Use the openssl_rsa_private_key resource to generate RSA private key files. If a valid RSA key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten." introduced "14.0" + examples <<~DOC + Generate new 2048bit key with the default des3 cipher + + ```ruby + openssl_rsa_private_key '/etc/ssl_files/rsakey_des3.pem' do + key_length 2048 + action :create + end + ``` + + Generate new 1024bit key with the aes-128-cbc cipher + + ```ruby + openssl_rsa_key '/etc/ssl_files/rsakey_aes128cbc.pem' do + key_length 1024 + key_cipher 'aes-128-cbc' + action :create + end + ``` + DOC property :path, String, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.", diff --git a/lib/chef/resource/openssl_rsa_public_key.rb b/lib/chef/resource/openssl_rsa_public_key.rb index c7c125fb9e..145703aee2 100644 --- a/lib/chef/resource/openssl_rsa_public_key.rb +++ b/lib/chef/resource/openssl_rsa_public_key.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2009-2018, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,9 +23,30 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_rsa_public_key provides(:openssl_rsa_public_key) { true } + examples <<~DOC + Generate new public key from a private key on disk + + ```ruby + openssl_rsa_public_key '/etc/ssl_files/rsakey_des3.pub' do + private_key_path '/etc/ssl_files/rsakey_des3.pem' + private_key_pass 'something' + action :create + end + ``` + + Generate new public key by passing in a private key + + ```ruby + openssl_rsa_public_key '/etc/ssl_files/rsakey_2.pub' do + private_key_pass 'something' + private_key_content "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,5EE0AE9A5FE3342E\n\nyb930kj5/4/nd738dPx6XdbDrMCvqkldaz0rHNw8xsWvwARrl/QSPwROG3WY7ROl\nEUttVlLaeVaqRPfQbmTUfzGI8kTMmDWKjw52gJUx2YJTYRgMHAB0dzYIRjeZAaeS\nypXnEfouVav+jKTmmehr1WuVKbzRhQDBSalzeUwsPi2+fb3Bfuo1dRW6xt8yFuc4\nAkv1hCglymPzPHE2L0nSGjcgA2DZu+/S8/wZ4E63442NHPzO4VlLvpNvJrYpEWq9\nB5mJzcdXPeOTjqd13olNTlOZMaKxu9QShu50GreCTVsl8VRkK8NtwbWuPGBZlIFa\njzlS/RaLuzNzfajaKMkcIYco9t7gN2DwnsACHKqEYT8248Ii3NQ+9/M5YcmpywQj\nWGr0UFCSAdCky1lRjwT+zGQKohr+dVR1GaLem+rSZH94df4YBxDYw4rjsKoEhvXB\nv2Vlx+G7Vl2NFiZzxUKh3MvQLr/NDElpG1pYWDiE0DIG13UqEG++cS870mcEyfFh\nSF2SXYHLWyAhDK0viRDChJyFMduC4E7a2P9DJhL3ZvM0KZ1SLMwROc1XuZ704GwO\nYUqtCX5OOIsTti1Z74jQm9uWFikhgWByhVtu6sYL1YTqtiPJDMFhA560zp/k/qLO\nFKiM4eUWV8AI8AVwT6A4o45N2Ru8S48NQyvh/ADFNrgJbVSeDoYE23+DYKpzbaW9\n00BD/EmUQqaQMc670vmI+CIdcdE7L1zqD6MZN7wtPaRIjx4FJBGsFoeDShr+LoTD\nrwbadwrbc2Rf4DWlvFwLJ4pvNvdtY3wtBu79UCOol0+t8DVVSPVASsh+tp8XncDE\nKRljj88WwBjX7/YlRWvQpe5y2UrsHI0pNy8TA1Xkf6GPr6aS2TvQD5gOrAVReSse\n/kktCzZQotjmY1odvo90Zi6A9NCzkI4ZLgAuhiKDPhxZg61IeLppnfFw0v3H4331\nV9SMYgr1Ftov0++x7q9hFPIHwZp6NHHOhdHNI80XkHqtY/hEvsh7MhFMYCgSY1pa\nK/gMcZ/5Wdg9LwOK6nYRmtPtg6fuqj+jB3Rue5/p9dt4kfom4etCSeJPdvP1Mx2I\neNmyQ/7JN9N87FsfZsIj5OK9OB0fPdj0N0m1mlHM/mFt5UM5x39u13QkCt7skEF+\nyOptXcL629/xwm8eg4EXnKFk330WcYSw+sYmAQ9ZTsBxpCMkz0K4PBTPWWXx63XS\nc4J0r88kbCkMCNv41of8ceeGzFrC74dG7i3IUqZzMzRP8cFeps8auhweUHD2hULs\nXwwtII0YQ6/Fw4hgGQ5//0ASdvAicvH0l1jOQScHzXC2QWNg3GttueB/kmhMeGGm\nsHOJ1rXQ4oEckFvBHOvzjP3kuRHSWFYDx35RjWLAwLCG9odQUApHjLBgFNg9yOR0\njW9a2SGxRvBAfdjTa9ZBBrbjlaF57hq7mXws90P88RpAL+xxCAZUElqeW2Rb2rQ6\nCbz4/AtPekV1CYVodGkPutOsew2zjNqlNH+M8XzfonA60UAH20TEqAgLKwgfgr+a\nc+rXp1AupBxat4EHYJiwXBB9XcVwyp5Z+/dXsYmLXzoMOnp8OFyQ9H8R7y9Y0PEu\n-----END RSA PRIVATE KEY-----\n" + action :create + end + ``` + DOC + description "Use the openssl_rsa_public_key resource to generate RSA public key files for a given RSA private key." introduced "14.0" diff --git a/lib/chef/resource/openssl_x509_certificate.rb b/lib/chef/resource/openssl_x509_certificate.rb index 20cf998239..4f89986ad3 100644 --- a/lib/chef/resource/openssl_x509_certificate.rb +++ b/lib/chef/resource/openssl_x509_certificate.rb @@ -1,7 +1,7 @@ # # License:: Apache License, Version 2.0 # Author:: Julien Huon -# Copyright:: Copyright 2018, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,11 +24,47 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_x509_certificate + provides :openssl_x509_certificate provides(:openssl_x509) { true } # legacy cookbook name. description "Use the openssl_x509_certificate resource to generate signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. Note: This resource was renamed from openssl_x509 to openssl_x509_certificate. The legacy name will continue to function, but cookbook code should be updated for the new resource name." introduced "14.4" + examples <<~DOC + Create a simple self-signed certificate file + + ```ruby + openssl_x509_certificate '/etc/httpd/ssl/mycert.pem' do + common_name 'www.f00bar.com' + org 'Foo Bar' + org_unit 'Lab' + country 'US' + end + ``` + + Create a certificate using additional options + + ```ruby + openssl_x509_certificate '/etc/ssl_files/my_signed_cert.crt' do + common_name 'www.f00bar.com' + ca_key_file '/etc/ssl_files/my_ca.key' + ca_cert_file '/etc/ssl_files/my_ca.crt' + expire 365 + extensions( + 'keyUsage' => { + 'values' => %w( + keyEncipherment + digitalSignature), + 'critical' => true, + }, + 'extendedKeyUsage' => { + 'values' => %w(serverAuth), + 'critical' => false, + } + ) + subject_alt_name ['IP:127.0.0.1', 'DNS:localhost.localdomain'] + end + ``` + DOC property :path, String, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.", @@ -109,30 +145,41 @@ class Chef property :ca_key_pass, String, description: "The passphrase for CA private key's passphrase." + property :renew_before_expiry, Integer, + description: "The number of days before the expiry. The certificate will be automaticaly renewed when the value is reached.", + introduced: "15.7" + action :create do description "Generate a certificate" - unless ::File.exist? new_resource.path - converge_by("Create #{@new_resource}") do - file new_resource.path do - action :create_if_missing - owner new_resource.owner unless new_resource.owner.nil? - group new_resource.group unless new_resource.group.nil? - mode new_resource.mode unless new_resource.mode.nil? - sensitive true - content cert.to_pem - end - - if new_resource.csr_file.nil? - file new_resource.key_file do - action :create_if_missing - owner new_resource.owner unless new_resource.owner.nil? - group new_resource.group unless new_resource.group.nil? - mode new_resource.mode unless new_resource.mode.nil? - sensitive true - content key.to_pem - end - end + file new_resource.path do + action :create_if_missing + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + sensitive true + content cert.to_pem + end + + if !new_resource.renew_before_expiry.nil? && cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry) + file new_resource.path do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + sensitive true + content cert.to_pem + end + end + + if new_resource.csr_file.nil? + file new_resource.key_file do + action :create_if_missing + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + sensitive true + content key.to_pem end end end diff --git a/lib/chef/resource/openssl_x509_crl.rb b/lib/chef/resource/openssl_x509_crl.rb index 650db6863e..3fdbe0e180 100644 --- a/lib/chef/resource/openssl_x509_crl.rb +++ b/lib/chef/resource/openssl_x509_crl.rb @@ -1,7 +1,7 @@ # # License:: Apache License, Version 2.0 # Author:: Julien Huon -# Copyright:: Copyright 2018, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,10 +24,21 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_x509_crl + provides :openssl_x509_crl description "Use the openssl_x509_crl resource to generate PEM-formatted x509 certificate revocation list (CRL) files." introduced "14.4" + examples <<~DOC + Generate a CRL file given a cert file and key file + + ```ruby + openssl_x509_crl '/etc/ssl_files/my_ca2.crl' do + ca_cert_file '/etc/ssl_files/my_ca2.crt' + ca_key_file '/etc/ssl_files/my_ca2.key' + expire 1 + end + ``` + DOC property :path, String, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.", diff --git a/lib/chef/resource/openssl_x509_request.rb b/lib/chef/resource/openssl_x509_request.rb index 982f29dd75..5c2193bd43 100644 --- a/lib/chef/resource/openssl_x509_request.rb +++ b/lib/chef/resource/openssl_x509_request.rb @@ -1,7 +1,7 @@ # # License:: Apache License, Version 2.0 # Author:: Julien Huon -# Copyright:: Copyright 2018, Chef Software Inc. +# Copyright:: Copyright 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,10 +24,46 @@ class Chef require_relative "../mixin/openssl_helper" include Chef::Mixin::OpenSSLHelper - resource_name :openssl_x509_request + provides :openssl_x509_request description "Use the openssl_x509_request resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate." introduced "14.4" + examples <<~DOC + Generate new ec key and csr file + + ```ruby + openssl_x509_request '/etc/ssl_files/my_ec_request.csr' do + common_name 'myecrequest.example.com' + org 'Test Kitchen Example' + org_unit 'Kitchens' + country 'UK' + end + ``` + + Generate a new csr file from an existing ec key + + ```ruby + openssl_x509_request '/etc/ssl_files/my_ec_request2.csr' do + common_name 'myecrequest2.example.com' + org 'Test Kitchen Example' + org_unit 'Kitchens' + country 'UK' + key_file '/etc/ssl_files/my_ec_request.key' + end + ``` + + Generate new rsa key and csr file + + ```ruby + openssl_x509_request '/etc/ssl_files/my_rsa_request.csr' do + common_name 'myrsarequest.example.com' + org 'Test Kitchen Example' + org_unit 'Kitchens' + country 'UK' + key_type 'rsa' + end + ``` + DOC property :path, String, name_property: true, description: "An optional property for specifying the path to write the file to if it differs from the resource block's name." diff --git a/lib/chef/resource/osx_profile.rb b/lib/chef/resource/osx_profile.rb index eb5ba07f83..2a350124f7 100644 --- a/lib/chef/resource/osx_profile.rb +++ b/lib/chef/resource/osx_profile.rb @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class OsxProfile < Chef::Resource - resource_name :osx_profile provides :osx_profile provides :osx_config_profile diff --git a/lib/chef/resource/package.rb b/lib/chef/resource/package.rb index 6f198c2b1f..9a7134aad9 100644 --- a/lib/chef/resource/package.rb +++ b/lib/chef/resource/package.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,7 @@ require_relative "../resource" class Chef class Resource class Package < Chef::Resource - resource_name :package + provides :package description "Use the package resource to manage packages. When the package is"\ " installed from a local file (such as with RubyGems, dpkg, or RPM"\ diff --git a/lib/chef/resource/pacman_package.rb b/lib/chef/resource/pacman_package.rb index 71177a42aa..9600201905 100644 --- a/lib/chef/resource/pacman_package.rb +++ b/lib/chef/resource/pacman_package.rb @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class PacmanPackage < Chef::Resource::Package - resource_name :pacman_package + unified_mode true + provides :pacman_package description "Use the pacman_package resource to manage packages (using pacman) on the Arch Linux platform." diff --git a/lib/chef/resource/paludis_package.rb b/lib/chef/resource/paludis_package.rb index 94b73ab570..8ee3c4d3db 100644 --- a/lib/chef/resource/paludis_package.rb +++ b/lib/chef/resource/paludis_package.rb @@ -1,6 +1,6 @@ # # Author:: Vasiliy Tolstov (<v.tolstov@selfip.ru>) -# Copyright:: Copyright 2014-2018, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,8 @@ require_relative "../provider/package/paludis" class Chef class Resource class PaludisPackage < Chef::Resource::Package - resource_name :paludis_package + unified_mode true + provides :paludis_package description "Use the paludis_package resource to manage packages for the Paludis platform." diff --git a/lib/chef/resource/perl.rb b/lib/chef/resource/perl.rb index 42f17a602a..b13d34affa 100644 --- a/lib/chef/resource/perl.rb +++ b/lib/chef/resource/perl.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,8 @@ class Chef class Perl < Chef::Resource::Script unified_mode true + provides :perl + def initialize(name, run_context = nil) super @interpreter = "perl" diff --git a/lib/chef/resource/portage_package.rb b/lib/chef/resource/portage_package.rb index b7b434804b..fa8e83497f 100644 --- a/lib/chef/resource/portage_package.rb +++ b/lib/chef/resource/portage_package.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class PortagePackage < Chef::Resource::Package - resource_name :portage_package + unified_mode true + provides :portage_package description "Use the portage_package resource to manage packages for the Gentoo platform." diff --git a/lib/chef/resource/powershell_package.rb b/lib/chef/resource/powershell_package.rb index ea8355d6f8..7fb926db7c 100644 --- a/lib/chef/resource/powershell_package.rb +++ b/lib/chef/resource/powershell_package.rb @@ -1,5 +1,5 @@ # Author:: Dheeraj Dubey(dheeraj.dubey@msystechnologies.com) -# Copyright:: Copyright 2008-2016, Chef Software, Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,7 +23,6 @@ class Chef class PowershellPackage < Chef::Resource::Package include Chef::Mixin::Uris - resource_name :powershell_package provides :powershell_package description "Use the powershell_package resource to install and manage packages via the PowerShell Package Manager for the Microsoft Windows platform. The powershell_package resource requires administrative access, and a source must be configured in the PowerShell Package Manager via the powershell_package_source resource." diff --git a/lib/chef/resource/powershell_package_source.rb b/lib/chef/resource/powershell_package_source.rb index 5b3a6be049..2710974a73 100644 --- a/lib/chef/resource/powershell_package_source.rb +++ b/lib/chef/resource/powershell_package_source.rb @@ -21,7 +21,7 @@ require_relative "../json_compat" class Chef class Resource class PowershellPackageSource < Chef::Resource - resource_name "powershell_package_source" + provides :powershell_package_source description "Use the powershell_package_source resource to register a PowerShell package repository." introduced "14.3" diff --git a/lib/chef/resource/powershell_script.rb b/lib/chef/resource/powershell_script.rb index 6cb1453376..727ff6609a 100644 --- a/lib/chef/resource/powershell_script.rb +++ b/lib/chef/resource/powershell_script.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2016, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -71,24 +71,12 @@ class Chef end # Options that will be passed to Windows PowerShell command + # + # @returns [String] def default_flags - return "" if Chef::Platform.windows_nano_server? - - # Execution policy 'Bypass' is preferable since it doesn't require - # user input confirmation for files such as PowerShell modules - # downloaded from the Internet. However, 'Bypass' is not supported - # prior to PowerShell 3.0, so the fallback is 'Unrestricted' - execution_policy = Chef::Platform.supports_powershell_execution_bypass?(run_context.node) ? "Bypass" : "Unrestricted" - - [ - "-NoLogo", - "-NonInteractive", - "-NoProfile", - "-ExecutionPolicy #{execution_policy}", - # PowerShell will hang if STDIN is redirected - # http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected - "-InputFormat None", - ].join(" ") + # Set InputFormat to None as PowerShell will hang if STDIN is redirected + # http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected + "-NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None" end end end diff --git a/lib/chef/resource/python.rb b/lib/chef/resource/python.rb index 3cee3d3432..37300a7757 100644 --- a/lib/chef/resource/python.rb +++ b/lib/chef/resource/python.rb @@ -1,5 +1,5 @@ # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,6 +23,8 @@ class Chef class Python < Chef::Resource::Script unified_mode true + provides :python + def initialize(name, run_context = nil) super @interpreter = "python" diff --git a/lib/chef/resource/reboot.rb b/lib/chef/resource/reboot.rb index 21a7246678..337b627914 100644 --- a/lib/chef/resource/reboot.rb +++ b/lib/chef/resource/reboot.rb @@ -1,6 +1,6 @@ # # Author:: Chris Doherty <cdoherty@chef.io>) -# Copyright:: Copyright 2014-2016, Chef, Inc. +# Copyright:: Copyright 2014-2019, Chef, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,7 @@ class Chef class Reboot < Chef::Resource unified_mode true - resource_name :reboot + provides :reboot description "Use the reboot resource to reboot a node, a necessary step with some"\ " installations on certain platforms. This resource is supported for use on"\ @@ -34,9 +34,6 @@ class Chef " probably undesired results." introduced "12.0" - allowed_actions :request_reboot, :reboot_now, :cancel - default_action :nothing # make sure people are quite clear what they want - property :reason, String, description: "A string that describes the reboot action.", default: "Reboot by #{Chef::Dist::PRODUCT}" @@ -44,6 +41,52 @@ class Chef property :delay_mins, Integer, description: "The amount of time (in minutes) to delay a reboot request.", default: 0 + + action :request_reboot do + description "Reboot a node at the end of a chef-client run." + + converge_by("request a system reboot to occur if the run succeeds") do + logger.warn "Reboot requested:'#{new_resource.name}'" + request_reboot + end + end + + action :reboot_now do + description "Reboot a node so that the chef-client may continue the installation process." + + converge_by("rebooting the system immediately") do + logger.warn "Rebooting system immediately, requested by '#{new_resource.name}'" + request_reboot + throw :end_client_run_early + end + end + + action :cancel do + description "Cancel a pending reboot request." + + converge_by("cancel any existing end-of-run reboot request") do + logger.warn "Reboot canceled: '#{new_resource.name}'" + node.run_context.cancel_reboot + end + end + + # make sure people are quite clear what they want + # we have to define this below the actions since setting default_action to :nothing is a no-op + # and doesn't actually override the first action in the resource + default_action :nothing + + action_class do + # add a reboot to the node run_context + # @return [void] + def request_reboot + node.run_context.request_reboot( + delay_mins: new_resource.delay_mins, + reason: new_resource.reason, + timestamp: Time.now, + requested_by: new_resource.name + ) + end + end end end end diff --git a/lib/chef/resource/registry_key.rb b/lib/chef/resource/registry_key.rb index 688fe016cc..1ecd631096 100644 --- a/lib/chef/resource/registry_key.rb +++ b/lib/chef/resource/registry_key.rb @@ -1,7 +1,7 @@ # Author:: Prajakta Purohit (<prajakta@chef.io>) # Author:: Lamont Granquist (<lamont@chef.io>) # -# Copyright:: Copyright 2011-2016, Chef Software Inc. +# Copyright:: Copyright 2011-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,7 +24,6 @@ class Chef class RegistryKey < Chef::Resource unified_mode true - resource_name :registry_key provides(:registry_key) { true } description "Use the registry_key resource to create and delete registry keys in Microsoft Windows." diff --git a/lib/chef/resource/remote_directory.rb b/lib/chef/resource/remote_directory.rb index d05c719ac1..32b3b3dfb2 100644 --- a/lib/chef/resource/remote_directory.rb +++ b/lib/chef/resource/remote_directory.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,6 +27,8 @@ class Chef include Chef::Mixin::Securable unified_mode true + provides :remote_directory + description "Use the remote_directory resource to incrementally transfer a directory from a cookbook to a node. The director that is copied from the cookbook should be located under COOKBOOK_NAME/files/default/REMOTE_DIRECTORY. The remote_directory resource will obey file specificity." default_action :create diff --git a/lib/chef/resource/remote_file.rb b/lib/chef/resource/remote_file.rb index 04c582d50d..2dbda21106 100644 --- a/lib/chef/resource/remote_file.rb +++ b/lib/chef/resource/remote_file.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,6 +29,8 @@ class Chef include Chef::Mixin::Securable unified_mode true + provides :remote_file + description "Use the remote_file resource to transfer a file from a remote location"\ " using file specificity. This resource is similar to the file resource." @@ -109,7 +111,7 @@ class Chef end def validate_identity_platform(specified_user, password = nil, specified_domain = nil) - if node[:platform_family] == "windows" + if windows? if specified_user && password.nil? raise ArgumentError, "A value for `remote_password` must be specified when a value for `user` is specified on the Windows platform" end diff --git a/lib/chef/resource/rhsm_errata.rb b/lib/chef/resource/rhsm_errata.rb index 7442bf99f2..2dd4e1ba77 100644 --- a/lib/chef/resource/rhsm_errata.rb +++ b/lib/chef/resource/rhsm_errata.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2015-2018 Chef Software, Inc. +# Copyright:: 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ require_relative "../resource" class Chef class Resource class RhsmErrata < Chef::Resource - resource_name :rhsm_errata + unified_mode true provides(:rhsm_errata) { true } description "Use the rhsm_errata resource to install packages associated with a given Red"\ @@ -36,11 +36,17 @@ class Chef description "Installs a package for a specific errata ID." execute "Install errata packages for #{new_resource.errata_id}" do - command "yum update --advisory #{new_resource.errata_id} -y" + command "#{package_manager_command} update --advisory #{new_resource.errata_id} -y" default_env true action :run end end + + action_class do + def package_manager_command + node["platform_version"].to_i >= 8 ? "dnf" : "yum" + end + end end end end diff --git a/lib/chef/resource/rhsm_errata_level.rb b/lib/chef/resource/rhsm_errata_level.rb index 2bb0006a38..d49d9cd1ee 100644 --- a/lib/chef/resource/rhsm_errata_level.rb +++ b/lib/chef/resource/rhsm_errata_level.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2015-2018 Chef Software, Inc. +# Copyright:: 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ require_relative "../resource" class Chef class Resource class RhsmErrataLevel < Chef::Resource - resource_name :rhsm_errata_level + unified_mode true provides(:rhsm_errata_level) { true } description "Use the rhsm_errata_level resource to install all packages of a specified errata level from the Red Hat Subscription Manager. For example, you can ensure that all packages associated with errata marked at a 'Critical' security level are installed." @@ -35,17 +35,22 @@ class Chef action :install do description "Install all packages of the specified errata level." - yum_package "yum-plugin-security" do - action :install - only_if { node["platform_version"].to_i == 6 } + if rhel6? + yum_package "yum-plugin-security" end execute "Install any #{new_resource.errata_level} errata" do - command "yum update --sec-severity=#{new_resource.errata_level.capitalize} -y" + command "#{package_manager_command} update --sec-severity=#{new_resource.errata_level.capitalize} -y" default_env true action :run end end + + action_class do + def package_manager_command + node["platform_version"].to_i >= 8 ? "dnf" : "yum" + end + end end end end diff --git a/lib/chef/resource/rhsm_register.rb b/lib/chef/resource/rhsm_register.rb index cfaa55124c..2f522303ad 100644 --- a/lib/chef/resource/rhsm_register.rb +++ b/lib/chef/resource/rhsm_register.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2015-2018 Chef Software, Inc. +# Copyright:: 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,7 @@ require "shellwords" unless defined?(Shellwords) class Chef class Resource class RhsmRegister < Chef::Resource - resource_name :rhsm_register + unified_mode true provides(:rhsm_register) { true } description "Use the rhsm_register resource to register a node with the Red Hat Subscription Manager"\ @@ -66,19 +66,19 @@ class Chef package "subscription-manager" unless new_resource.satellite_host.nil? || registered_with_rhsm? + declare_resource(package_resource, "katello-ca-consumer-latest") do + options "--nogpgcheck" + source "#{Chef::Config[:file_cache_path]}/katello-package.rpm" + action :nothing + end + remote_file "#{Chef::Config[:file_cache_path]}/katello-package.rpm" do source "http://#{new_resource.satellite_host}/pub/katello-ca-consumer-latest.noarch.rpm" action :create - notifies :install, "yum_package[katello-ca-consumer-latest]", :immediately + notifies :install, "#{package_resource}[katello-ca-consumer-latest]", :immediately not_if { katello_cert_rpm_installed? } end - yum_package "katello-ca-consumer-latest" do - options "--nogpgcheck" - source "#{Chef::Config[:file_cache_path]}/katello-package.rpm" - action :nothing - end - file "#{Chef::Config[:file_cache_path]}/katello-package.rpm" do action :delete end @@ -92,9 +92,8 @@ class Chef not_if { registered_with_rhsm? } unless new_resource.force end - yum_package "katello-agent" do - action :install - only_if { new_resource.install_katello_agent && !new_resource.satellite_host.nil? } + if new_resource.install_katello_agent && !new_resource.satellite_host.nil? + package "katello-agent" end end @@ -117,6 +116,10 @@ class Chef end action_class do + def package_resource + node["platform_version"].to_i >= 8 ? :dnf_package : :yum_package + end + def registered_with_rhsm? cmd = Mixlib::ShellOut.new("subscription-manager status", env: { LANG: "en_US" }) cmd.run_command diff --git a/lib/chef/resource/rhsm_repo.rb b/lib/chef/resource/rhsm_repo.rb index c593bd900f..b1a8d06d6f 100644 --- a/lib/chef/resource/rhsm_repo.rb +++ b/lib/chef/resource/rhsm_repo.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2015-2018 Chef Software, Inc. +# Copyright:: 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,6 @@ require_relative "../resource" class Chef class Resource class RhsmRepo < Chef::Resource - resource_name :rhsm_repo provides(:rhsm_repo) { true } description "Use the rhsm_repo resource to enable or disable Red Hat Subscription Manager"\ diff --git a/lib/chef/resource/rhsm_subscription.rb b/lib/chef/resource/rhsm_subscription.rb index 7bbf53f07d..b7c84e95b4 100644 --- a/lib/chef/resource/rhsm_subscription.rb +++ b/lib/chef/resource/rhsm_subscription.rb @@ -1,5 +1,5 @@ # -# Copyright:: 2015-2018 Chef Software, Inc. +# Copyright:: 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,6 @@ require_relative "../resource" class Chef class Resource class RhsmSubscription < Chef::Resource - resource_name :rhsm_subscription provides(:rhsm_subscription) { true } description "Use the rhsm_subscription resource to add or remove Red Hat Subscription Manager"\ diff --git a/lib/chef/resource/route.rb b/lib/chef/resource/route.rb index ecd63966cf..979dc12342 100644 --- a/lib/chef/resource/route.rb +++ b/lib/chef/resource/route.rb @@ -22,6 +22,10 @@ require_relative "../resource" class Chef class Resource class Route < Chef::Resource + unified_mode true + + provides :route + default_action :add allowed_actions :add, :delete diff --git a/lib/chef/resource/rpm_package.rb b/lib/chef/resource/rpm_package.rb index 3a171057e5..3661ca1daa 100644 --- a/lib/chef/resource/rpm_package.rb +++ b/lib/chef/resource/rpm_package.rb @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class RpmPackage < Chef::Resource::Package - resource_name :rpm_package + unified_mode true + provides :rpm_package description "Use the rpm_package resource to manage packages for the RPM Package Manager platform." diff --git a/lib/chef/resource/ruby.rb b/lib/chef/resource/ruby.rb index ab193c659b..b1bd86c73f 100644 --- a/lib/chef/resource/ruby.rb +++ b/lib/chef/resource/ruby.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,8 @@ class Chef class Ruby < Chef::Resource::Script unified_mode true + provides :ruby + description "Use the ruby resource to execute scripts using the Ruby interpreter. This"\ " resource may also use any of the actions and properties that are available"\ " to the execute resource. Commands that are executed with this resource are (by"\ diff --git a/lib/chef/resource/script.rb b/lib/chef/resource/script.rb index 056d2743cc..755fcdea63 100644 --- a/lib/chef/resource/script.rb +++ b/lib/chef/resource/script.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,7 @@ class Chef class Script < Chef::Resource::Execute unified_mode true - resource_name :script + provides :script identity_attr :name diff --git a/lib/chef/resource/smartos_package.rb b/lib/chef/resource/smartos_package.rb index 510e1ccc7b..8e9b83985a 100644 --- a/lib/chef/resource/smartos_package.rb +++ b/lib/chef/resource/smartos_package.rb @@ -1,6 +1,6 @@ # # Author:: Toomas Pelberg (<toomasp@gmx.net>) -# Copyright:: Copyright 2010-2016, Chef Software Inc. +# Copyright:: Copyright 2010-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,8 @@ require_relative "package" class Chef class Resource class SmartosPackage < Chef::Resource::Package - resource_name :smartos_package + unified_mode true + provides :smartos_package provides :package, platform_family: "smartos" diff --git a/lib/chef/resource/snap_package.rb b/lib/chef/resource/snap_package.rb index 8fb6b61c2c..57708b5a02 100644 --- a/lib/chef/resource/snap_package.rb +++ b/lib/chef/resource/snap_package.rb @@ -1,6 +1,6 @@ # # Author:: S.Cavallo (<smcavallo@hotmail.com>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,9 @@ require_relative "package" class Chef class Resource class SnapPackage < Chef::Resource::Package - resource_name :snap_package + unified_mode true + + provides :snap_package description "Use the snap_package resource to manage snap packages on Debian and Ubuntu platforms." introduced "15.0" diff --git a/lib/chef/resource/solaris_package.rb b/lib/chef/resource/solaris_package.rb index c6cda0ef36..30de484eb1 100644 --- a/lib/chef/resource/solaris_package.rb +++ b/lib/chef/resource/solaris_package.rb @@ -1,7 +1,7 @@ # # Author:: Toomas Pelberg (<toomasp@gmx.net>) # Author:: Prabhu Das (<prabhu.das@clogeny.com>) -# Copyright:: Copyright 2013-2018, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,8 @@ require_relative "package" class Chef class Resource class SolarisPackage < Chef::Resource::Package - resource_name :solaris_package + unified_mode true + provides :solaris_package provides :package, os: "solaris2", platform_family: "nexentacore" provides :package, os: "solaris2", platform_family: "solaris2", platform_version: "<= 5.10" diff --git a/lib/chef/resource/ssh_known_hosts_entry.rb b/lib/chef/resource/ssh_known_hosts_entry.rb index b0fb926550..e652f82def 100644 --- a/lib/chef/resource/ssh_known_hosts_entry.rb +++ b/lib/chef/resource/ssh_known_hosts_entry.rb @@ -2,7 +2,7 @@ # Author:: Seth Vargo (<sethvargo@gmail.com>) # # Copyright:: 2013-2018, Seth Vargo -# Copyright:: 2017-2018, Chef Software, Inc. +# Copyright:: 2017-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,7 +23,7 @@ require_relative "../dist" class Chef class Resource class SshKnownHostsEntry < Chef::Resource - resource_name :ssh_known_hosts_entry + provides :ssh_known_hosts_entry description "Use the ssh_known_hosts_entry resource to add an entry for the specified host in /etc/ssh/ssh_known_hosts or a user's known hosts file if specified." introduced "14.3" diff --git a/lib/chef/resource/subversion.rb b/lib/chef/resource/subversion.rb index 26d887331e..61101362e6 100644 --- a/lib/chef/resource/subversion.rb +++ b/lib/chef/resource/subversion.rb @@ -1,7 +1,7 @@ # # Author:: Daniel DeLeo (<dan@kallistec.com>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,6 +25,8 @@ class Chef class Subversion < Chef::Resource::Scm unified_mode true + provides :subversion + description "Use the subversion resource to manage source control resources that exist in a Subversion repository." allowed_actions :force_export diff --git a/lib/chef/resource/sudo.rb b/lib/chef/resource/sudo.rb index c045b1266b..c340478349 100644 --- a/lib/chef/resource/sudo.rb +++ b/lib/chef/resource/sudo.rb @@ -4,7 +4,7 @@ # # Copyright:: 2011-2018, Bryan w. Berry # Copyright:: 2012-2018, Seth Vargo -# Copyright:: 2015-2018, Chef Software, Inc. +# Copyright:: 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,8 @@ require_relative "../resource" class Chef class Resource class Sudo < Chef::Resource - resource_name :sudo + unified_mode true + provides(:sudo) { true } description "Use the sudo resource to add or remove individual sudo entries using sudoers.d files."\ @@ -148,29 +149,29 @@ class Chef validate_properties if docker? # don't even put this into resource collection unless we're in docker - declare_resource(:package, "sudo") do - action :nothing + package "sudo" do not_if "which sudo" - end.run_action(:install) + end end target = "#{new_resource.config_prefix}/sudoers.d/" - declare_resource(:directory, target) unless ::File.exist?(target) + directory(target) Chef::Log.warn("#{new_resource.filename} will be rendered, but will not take effect because the #{new_resource.config_prefix}/sudoers config lacks the includedir directive that loads configs from #{new_resource.config_prefix}/sudoers.d/!") if ::File.readlines("#{new_resource.config_prefix}/sudoers").grep(/includedir/).empty? + file_path = "#{target}#{new_resource.filename}" if new_resource.template logger.trace("Template property provided, all other properties ignored.") - declare_resource(:template, "#{target}#{new_resource.filename}") do + template file_path do source new_resource.template mode "0440" variables new_resource.variables - verify "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -" if visudo_present? + verify visudo_content(file_path) if visudo_present? action :create end else - declare_resource(:template, "#{target}#{new_resource.filename}") do + template file_path do source ::File.expand_path("../support/sudoer.erb", __FILE__) local true mode "0440" @@ -185,7 +186,7 @@ class Chef setenv: new_resource.setenv, env_keep_add: new_resource.env_keep_add, env_keep_subtract: new_resource.env_keep_subtract - verify "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -" if visudo_present? + verify visudo_content(file_path) if visudo_present? action :create end end @@ -225,6 +226,14 @@ class Chef Chef::Log.warn("The visudo binary cannot be found at '#{new_resource.visudo_binary}'. Skipping sudoer file validation. If visudo is on this system you can specify the path using the 'visudo_binary' property.") end + + def visudo_content(path) + if ::File.exists?(path) + "cat #{new_resource.config_prefix}/sudoers | #{new_resource.visudo_binary} -cf - && #{new_resource.visudo_binary} -cf %{path}" + else + "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -" + end + end end end end diff --git a/lib/chef/resource/support/cron.d.erb b/lib/chef/resource/support/cron.d.erb index 2f27ecb36b..a00b541cd1 100644 --- a/lib/chef/resource/support/cron.d.erb +++ b/lib/chef/resource/support/cron.d.erb @@ -1,4 +1,4 @@ -# Generated by Chef. Changes will be overwritten. +# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten. <% if @mailto -%> MAILTO=<%= @mailto %> <% end -%> diff --git a/lib/chef/resource/support/cron_access.erb b/lib/chef/resource/support/cron_access.erb index fdf61172ab..5e5813457c 100644 --- a/lib/chef/resource/support/cron_access.erb +++ b/lib/chef/resource/support/cron_access.erb @@ -1,4 +1,4 @@ -# Generated by Chef. Changes will be overwritten. +# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten. <% @users.sort.uniq.each do |user| -%> <%= user %> <% end -%> diff --git a/lib/chef/resource/support/sudoer.erb b/lib/chef/resource/support/sudoer.erb index d19540bd33..8c570affdc 100644 --- a/lib/chef/resource/support/sudoer.erb +++ b/lib/chef/resource/support/sudoer.erb @@ -1,5 +1,4 @@ -# This file is managed by Chef. -# Do NOT modify this file directly. +# This file is managed by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten. <% @command_aliases.each do |a| -%> Cmnd_Alias <%= a[:name].upcase %> = <%= a[:command_list].join(', ') %> diff --git a/lib/chef/resource/support/ulimit.erb b/lib/chef/resource/support/ulimit.erb new file mode 100644 index 0000000000..6abfc14e07 --- /dev/null +++ b/lib/chef/resource/support/ulimit.erb @@ -0,0 +1,41 @@ +# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten. + +# Limits settings for <%= @ulimit_user %> + +<% unless @filehandle_limit.nil? -%> +<%= @ulimit_user -%> - nofile <%= @filehandle_limit %> +<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%> +<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%> +<% end -%> + +<% unless @process_limit.nil? -%> +<%= @ulimit_user -%> - nproc <%= @process_limit %> +<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%> +<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%> +<% end -%> + +<% unless @memory_limit.nil? -%> +<%= @ulimit_user -%> - memlock <%= @memory_limit %> +<% end -%> + +<% unless @core_limit.nil? -%> +<%= @ulimit_user -%> - core <%= @core_limit %> +<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%> +<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%> +<% end -%> + +<% unless @stack_limit.nil? -%> +<%= @ulimit_user -%> - stack <%= @stack_limit %> +<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%> +<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%> +<% end -%> + +<% unless @rtprio_limit.nil? -%> +<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %> +<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%> +<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%> +<% end -%> + +<% unless @virt_limit.nil? -%> + <%= @ulimit_user -%> - as <%= @virt_limit %> +<% end -%> diff --git a/lib/chef/resource/swap_file.rb b/lib/chef/resource/swap_file.rb index 2efe040c47..305727084c 100644 --- a/lib/chef/resource/swap_file.rb +++ b/lib/chef/resource/swap_file.rb @@ -1,6 +1,6 @@ # -# Copyright 2012-2018, Seth Vargo -# Copyright 2017-2018, Chef Software, Inc. +# Copyright:: 2012-2018, Seth Vargo +# Copyright:: 2017-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,8 @@ require_relative "../resource" class Chef class Resource class SwapFile < Chef::Resource - resource_name :swap_file + unified_mode true + provides(:swap_file) { true } description "Use the swap_file resource to create or delete swap files on Linux systems, and optionally to manage the swappiness configuration for a host." @@ -60,7 +61,7 @@ class Chef end end if new_resource.swappiness - declare_resource(:sysctl, "vm.swappiness") do + sysctl "vm.swappiness" do value new_resource.swappiness end end diff --git a/lib/chef/resource/sysctl.rb b/lib/chef/resource/sysctl.rb index a6c316c5bc..240f45e60f 100644 --- a/lib/chef/resource/sysctl.rb +++ b/lib/chef/resource/sysctl.rb @@ -1,6 +1,6 @@ # # Copyright:: 2018, Webb Agile Solutions Ltd. -# Copyright:: 2018-2018, Chef Software Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,8 @@ require_relative "../resource" class Chef class Resource class Sysctl < Chef::Resource - resource_name :sysctl + unified_mode true + provides(:sysctl) { true } provides(:sysctl_param) { true } @@ -45,6 +46,11 @@ class Chef coerce: proc { |v| coerce_value(v) }, required: true + property :comment, [Array, String], + description: "Comments, placed above the resource setting in the generated file. For multi-line comments, use an array of strings, one per line.", + default: [], + introduced: "15.8" + property :conf_dir, String, description: "The configuration directory to write the config to.", default: "/etc/sysctl.d" @@ -81,7 +87,7 @@ class Chef directory new_resource.conf_dir file "#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf" do - content "#{new_resource.key} = #{new_resource.value}" + content contruct_sysctl_content end execute "Load sysctl values" do @@ -112,9 +118,28 @@ class Chef end action_class do + # + # Shell out to set the sysctl value + # + # @param [String] key The sysctl key + # @param [String] value The value of the sysctl key + # def set_sysctl_param(key, value) shell_out!("sysctl #{"-e " if new_resource.ignore_error}-w \"#{key}=#{value}\"") end + + # + # construct a string, joining members of new_resource.comment and new_resource.value + # + # @return [String] The text file content + # + def contruct_sysctl_content + sysctl_lines = Array(new_resource.comment).map { |c| "# #{c.strip}" } + + sysctl_lines << "#{new_resource.key} = #{new_resource.value}" + + sysctl_lines.join("\n") + end end private diff --git a/lib/chef/resource/systemd_unit.rb b/lib/chef/resource/systemd_unit.rb index a4f087b220..1c318ded5c 100644 --- a/lib/chef/resource/systemd_unit.rb +++ b/lib/chef/resource/systemd_unit.rb @@ -23,7 +23,7 @@ require "iniparse" class Chef class Resource class SystemdUnit < Chef::Resource - resource_name(:systemd_unit) { true } + provides(:systemd_unit) { true } description "Use the systemd_unit resource to create, manage, and run systemd units." introduced "12.11" diff --git a/lib/chef/resource/template.rb b/lib/chef/resource/template.rb index 876816cc81..c1115fb5b7 100644 --- a/lib/chef/resource/template.rb +++ b/lib/chef/resource/template.rb @@ -2,7 +2,7 @@ # Author:: Adam Jacob (<adam@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,7 +36,6 @@ class Chef class Template < Chef::Resource::File unified_mode true - resource_name :template provides :template include Chef::Mixin::Securable diff --git a/lib/chef/resource/timezone.rb b/lib/chef/resource/timezone.rb index 16a7f1031e..32727c1a75 100644 --- a/lib/chef/resource/timezone.rb +++ b/lib/chef/resource/timezone.rb @@ -1,8 +1,8 @@ # # Author:: Kirill Kouznetsov <agon.smith@gmail.com> # -# Copyright 2018, Kirill Kouznetsov. -# Copyright 2018, Chef Software, Inc. +# Copyright:: 2018, Kirill Kouznetsov. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,9 @@ require_relative "../resource" class Chef class Resource class Timezone < Chef::Resource - resource_name :timezone + unified_mode true + + provides :timezone description "Use the timezone resource to change the system timezone on Windows, Linux, and macOS hosts. Timezones are specified in tz database format, with a complete list of available TZ values for Linux and macOS here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones and for Windows here: https://ss64.com/nt/timezones.html." introduced "14.6" @@ -35,14 +37,14 @@ class Chef description "Set the timezone." # some linux systems may be missing the timezone data - if node["os"] == "linux" + if linux? package "tzdata" do - package_name platform_family?("suse") ? "timezone" : "tzdata" + package_name suse? ? "timezone" : "tzdata" end end - # Modern Amazon, Fedora, RHEL, Ubuntu & Debian - if node["init_package"] == "systemd" + # Modern SUSE, Amazon, Fedora, RHEL, Ubuntu & Debian + if systemd? cmd_set_tz = "/usr/bin/timedatectl --no-ask-password set-timezone #{new_resource.timezone}" cmd_check_if_set = "/usr/bin/timedatectl status" @@ -76,19 +78,6 @@ class Chef to "/usr/share/zoneinfo/#{new_resource.timezone}" not_if { ::File.executable?("/usr/sbin/tzdata-update") } end - # debian < 8 and Ubuntu < 16.04 - when "debian" - file "/etc/timezone" do - action :create - content "#{new_resource.timezone}\n" - end - - bash "dpkg-reconfigure tzdata" do - user "root" - code "/usr/sbin/dpkg-reconfigure -f noninteractive tzdata" - action :nothing - subscribes :run, "file[/etc/timezone]", :immediately - end when "mac_os_x" unless current_darwin_tz == new_resource.timezone converge_by("set timezone to #{new_resource.timezone}") do diff --git a/lib/chef/resource/user.rb b/lib/chef/resource/user.rb index 05129ce97e..b72cc22b2d 100644 --- a/lib/chef/resource/user.rb +++ b/lib/chef/resource/user.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ class Chef class User < Chef::Resource unified_mode true - resource_name :user_resource_abstract_base_class # this prevents magickal class name DSL wiring - description "Use the user resource to add users, update existing users, remove users, and to lock/unlock user passwords." default_action :create diff --git a/lib/chef/resource/user/aix_user.rb b/lib/chef/resource/user/aix_user.rb index d64dd02f32..2c4da7a695 100644 --- a/lib/chef/resource/user/aix_user.rb +++ b/lib/chef/resource/user/aix_user.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ class Chef class AixUser < Chef::Resource::User unified_mode true - resource_name :aix_user - provides :aix_user provides :user, os: "aix" end diff --git a/lib/chef/resource/user/dscl_user.rb b/lib/chef/resource/user/dscl_user.rb index 5ba9d3d099..089d82acc6 100644 --- a/lib/chef/resource/user/dscl_user.rb +++ b/lib/chef/resource/user/dscl_user.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,7 @@ class Chef class Resource class User class DsclUser < Chef::Resource::User - resource_name :dscl_user + unified_mode true provides :dscl_user provides :user, platform: "mac_os_x", platform_version: "< 10.14" diff --git a/lib/chef/resource/user/linux_user.rb b/lib/chef/resource/user/linux_user.rb index 9ec6480035..ea4778bbc6 100644 --- a/lib/chef/resource/user/linux_user.rb +++ b/lib/chef/resource/user/linux_user.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ class Chef class LinuxUser < Chef::Resource::User unified_mode true - resource_name :linux_user - provides :linux_user provides :user, os: "linux" diff --git a/lib/chef/resource/user/mac_user.rb b/lib/chef/resource/user/mac_user.rb index 0892dea077..6eebb3ec74 100644 --- a/lib/chef/resource/user/mac_user.rb +++ b/lib/chef/resource/user/mac_user.rb @@ -1,6 +1,6 @@ # # Author:: Ryan Cragun (<ryan@chef.io>) -# Copyright:: Copyright 2019, Chef Software Inc. +# Copyright:: Copyright 2019-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -58,7 +58,7 @@ class Chef # the 'password' property corresponds to a plaintext password and will # attempt to use it in place of secure_token_password if it not set. class MacUser < Chef::Resource::User - resource_name :mac_user + unified_mode true provides :mac_user provides :user, platform: "mac_os_x", platform_version: ">= 10.14" @@ -100,6 +100,9 @@ class Chef property :admin, [TrueClass, FalseClass], description: "Create the user as an admin", default: false + # Hide a user account in the macOS login window + property :hidden, [TrueClass, FalseClass, nil], description: "Hide account from loginwindow and system preferences", default: nil, introduced: "15.8" + # TCC on macOS >= 10.14 requires admin credentials of an Admin user that # has SecureToken enabled in order to toggle SecureToken. property :admin_username, String, description: "Admin username for superuser actions" diff --git a/lib/chef/resource/user/pw_user.rb b/lib/chef/resource/user/pw_user.rb index a14fe7fd8b..ac5f8fe01d 100644 --- a/lib/chef/resource/user/pw_user.rb +++ b/lib/chef/resource/user/pw_user.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ class Chef class PwUser < Chef::Resource::User unified_mode true - resource_name :pw_user - provides :pw_user provides :user, os: "freebsd" end diff --git a/lib/chef/resource/user/solaris_user.rb b/lib/chef/resource/user/solaris_user.rb index 7a50da5ab1..2266f1537d 100644 --- a/lib/chef/resource/user/solaris_user.rb +++ b/lib/chef/resource/user/solaris_user.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ class Chef class SolarisUser < Chef::Resource::User unified_mode true - resource_name :solaris_user - provides :solaris_user provides :user, os: %w{omnios solaris2} end diff --git a/lib/chef/resource/user/windows_user.rb b/lib/chef/resource/user/windows_user.rb index 23b7b985f3..4c16b9dcc9 100644 --- a/lib/chef/resource/user/windows_user.rb +++ b/lib/chef/resource/user/windows_user.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ class Chef class WindowsUser < Chef::Resource::User unified_mode true - resource_name :windows_user - provides :windows_user provides :user, os: "windows" diff --git a/lib/chef/resource/user_ulimit.rb b/lib/chef/resource/user_ulimit.rb new file mode 100644 index 0000000000..82be09cf74 --- /dev/null +++ b/lib/chef/resource/user_ulimit.rb @@ -0,0 +1,113 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# Copyright:: 2012, Brightcove, Inc +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" + +class Chef + class Resource + class UserUlimit < Chef::Resource + unified_mode true + + provides :user_ulimit + + introduced "16.0" + description "Use the user_ulimit resource to create individual ulimit files that are installed into the `/etc/security/limits.d/` directory." + examples <<~DOC + set filehandle limit for the tomcat user + ```ruby + user_ulimit 'tomcat' do + filehandle_limit 8192 + end + ``` + + specify a username that differs from the name given to the resource block + ```ruby + user_ulimit 'Bump filehandle limits for tomcat user' do + username 'tomcat' + filehandle_limit 8192 + end + ``` + + specify a non-default filename + set filehandle limit for the tomcat user + ```ruby + user_ulimit 'tomcat' do + filehandle_limit 8192 + filename 'tomcat_filehandle_limits.conf' + end + ``` + DOC + + property :username, String, name_property: true + property :filehandle_limit, [String, Integer] + property :filehandle_soft_limit, [String, Integer] + property :filehandle_hard_limit, [String, Integer] + property :process_limit, [String, Integer] + property :process_soft_limit, [String, Integer] + property :process_hard_limit, [String, Integer] + property :memory_limit, [String, Integer] + property :core_limit, [String, Integer] + property :core_soft_limit, [String, Integer] + property :core_hard_limit, [String, Integer] + property :stack_limit, [String, Integer] + property :stack_soft_limit, [String, Integer] + property :stack_hard_limit, [String, Integer] + property :rtprio_limit, [String, Integer] + property :rtprio_soft_limit, [String, Integer] + property :rtprio_hard_limit, [String, Integer] + property :virt_limit, [String, Integer] + property :filename, String, + coerce: proc { |m| m.end_with?(".conf") ? m : m + ".conf" }, + default: lazy { |r| r.username == "*" ? "00_all_limits.conf" : "#{r.username}_limits.conf" } + + action :create do + template "/etc/security/limits.d/#{new_resource.filename}" do + source ::File.expand_path("../support/ulimit.erb", __FILE__) + mode "0644" + variables( + ulimit_user: new_resource.username, + filehandle_limit: new_resource.filehandle_limit, + filehandle_soft_limit: new_resource.filehandle_soft_limit, + filehandle_hard_limit: new_resource.filehandle_hard_limit, + process_limit: new_resource.process_limit, + process_soft_limit: new_resource.process_soft_limit, + process_hard_limit: new_resource.process_hard_limit, + memory_limit: new_resource.memory_limit, + core_limit: new_resource.core_limit, + core_soft_limit: new_resource.core_soft_limit, + core_hard_limit: new_resource.core_hard_limit, + stack_limit: new_resource.stack_limit, + stack_soft_limit: new_resource.stack_soft_limit, + stack_hard_limit: new_resource.stack_hard_limit, + rtprio_limit: new_resource.rtprio_limit, + rtprio_soft_limit: new_resource.rtprio_soft_limit, + rtprio_hard_limit: new_resource.rtprio_hard_limit, + virt_limit: new_resource.virt_limit + ) + end + end + + action :delete do + file "/etc/security/limits.d/#{new_resource.filename}" do + action :delete + end + end + end + end +end diff --git a/lib/chef/resource/whyrun_safe_ruby_block.rb b/lib/chef/resource/whyrun_safe_ruby_block.rb index 7d66147149..6dde0539a7 100644 --- a/lib/chef/resource/whyrun_safe_ruby_block.rb +++ b/lib/chef/resource/whyrun_safe_ruby_block.rb @@ -19,6 +19,7 @@ class Chef class Resource class WhyrunSafeRubyBlock < Chef::Resource::RubyBlock + provides :whyrun_safe_ruby_block unified_mode true end end diff --git a/lib/chef/resource/windows_ad_join.rb b/lib/chef/resource/windows_ad_join.rb index 4a72ab13cf..690cc914dc 100644 --- a/lib/chef/resource/windows_ad_join.rb +++ b/lib/chef/resource/windows_ad_join.rb @@ -16,17 +16,13 @@ # require_relative "../resource" -require_relative "../mixin/powershell_out" require_relative "../dist" class Chef class Resource class WindowsAdJoin < Chef::Resource - resource_name :windows_ad_join provides :windows_ad_join - include Chef::Mixin::PowershellOut - description "Use the windows_ad_join resource to join a Windows Active Directory domain." introduced "14.0" @@ -70,7 +66,7 @@ class Chef unless on_desired_domain? cmd = "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;" - cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{new_resource.domain_user}@#{new_resource.domain_name}\",$pswd);" + cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{sanitize_usename}\",$pswd);" cmd << "Add-Computer -DomainName #{new_resource.domain_name} -Credential $credential" cmd << " -OUPath \"#{new_resource.ou_path}\"" if new_resource.ou_path cmd << " -NewName \"#{new_resource.new_hostname}\"" if new_resource.new_hostname @@ -102,7 +98,7 @@ class Chef if joined_to_domain? cmd = "" cmd << "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;" - cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{new_resource.domain_user}@#{new_resource.domain_name}\",$pswd);" + cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{sanitize_usename}\",$pswd);" cmd << "Remove-Computer" cmd << " -UnjoinDomainCredential $credential" cmd << " -NewName \"#{new_resource.new_hostname}\"" if new_resource.new_hostname @@ -169,6 +165,23 @@ class Chef node_domain == new_resource.domain_name.downcase end + # + # @return [String] the correct user and domain to use. + # if the domain_user property contains an @ symbol followed by any number of non white space characheters + # then we assume it is a user from another domain than the one specifed in the resource domain_name property. + # if this is the case we do not append the domain_name property to the domain_user property + # the domain_user and domain_name form the UPN (userPrincipalName) + # The specification for the UPN format is RFC 822 + # links: https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname https://tools.ietf.org/html/rfc822 + # regex: https://rubular.com/r/isAWojpTMKzlnp + def sanitize_usename + if new_resource.domain_user =~ /@/ + new_resource.domain_user + else + "#{new_resource.domain_user}@#{new_resource.domain_name}" + end + end + # This resource historically took `:immediate` and `:delayed` as arguments to the reboot property but then # tried to shove that straight to the `reboot` resource which objected strenuously def clarify_reboot(reboot_action) diff --git a/lib/chef/resource/windows_auto_run.rb b/lib/chef/resource/windows_auto_run.rb index c0d0910e5f..e086bfc2ce 100644 --- a/lib/chef/resource/windows_auto_run.rb +++ b/lib/chef/resource/windows_auto_run.rb @@ -1,7 +1,7 @@ # # Author:: Paul Morton (<pmorton@biaprotect.com>) # Copyright:: 2011-2018, Business Intelligence Associates, Inc. -# Copyright:: 2017-2018, Chef Software, Inc. +# Copyright:: 2017-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsAutorun < Chef::Resource - resource_name :windows_auto_run provides(:windows_auto_run) { true } description "Use the windows_auto_run resource to set applications to run at login." diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index cdd7ed1ef1..64e566f6af 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -2,7 +2,7 @@ # Author:: Richard Lavey (richard.lavey@calastone.com) # # Copyright:: 2015-2017, Calastone Ltd. -# Copyright:: 2018-2019, Chef Software Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ require_relative "../dist" class Chef class Resource class WindowsCertificate < Chef::Resource - resource_name :windows_certificate + provides :windows_certificate description "Use the windows_certificate resource to install a certificate into the Windows certificate store from a file. The resource grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificates remotely may not work if the operation requires a user profile. Operations on the local machine store should still work." introduced "14.7" @@ -85,7 +85,6 @@ class Chef guard_script << cert_exists_script(hash) powershell_script "setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}" do - guard_interpreter :powershell_script convert_boolean_return true code code_script only_if guard_script @@ -310,7 +309,6 @@ class Chef def import_certificates(cert_objs, is_pfx) [cert_objs].flatten.each do |cert_obj| thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint - # Need to check if return value is Boolean:true # If not then the given certificate should be added in certstore if verify_cert(thumbprint) == true diff --git a/lib/chef/resource/windows_dfs_folder.rb b/lib/chef/resource/windows_dfs_folder.rb index 8078f965fb..e66e6d7eb8 100644 --- a/lib/chef/resource/windows_dfs_folder.rb +++ b/lib/chef/resource/windows_dfs_folder.rb @@ -2,7 +2,7 @@ # Author:: Jason Field # # Copyright:: 2018, Calastone Ltd. -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsDfsFolder < Chef::Resource - resource_name :windows_dfs_folder provides :windows_dfs_folder description "The windows_dfs_folder resources creates a folder within dfs as many levels deep as required." diff --git a/lib/chef/resource/windows_dfs_namespace.rb b/lib/chef/resource/windows_dfs_namespace.rb index 3b201d1028..b88dcc5683 100644 --- a/lib/chef/resource/windows_dfs_namespace.rb +++ b/lib/chef/resource/windows_dfs_namespace.rb @@ -2,7 +2,7 @@ # Author:: Jason Field # # Copyright:: 2018, Calastone Ltd. -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsDfsNamespace < Chef::Resource - resource_name :windows_dfs_namespace provides :windows_dfs_namespace description "Creates a share and DFS namespace on the local server." diff --git a/lib/chef/resource/windows_dfs_server.rb b/lib/chef/resource/windows_dfs_server.rb index 89376a0877..ae613d931b 100644 --- a/lib/chef/resource/windows_dfs_server.rb +++ b/lib/chef/resource/windows_dfs_server.rb @@ -2,7 +2,7 @@ # Author:: Jason Field # # Copyright:: 2018, Calastone Ltd. -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsDfsServer < Chef::Resource - resource_name :windows_dfs_server provides :windows_dfs_server description "The windows_dfs_server resource sets system-wide DFS settings." diff --git a/lib/chef/resource/windows_dns_record.rb b/lib/chef/resource/windows_dns_record.rb index 701656b34a..c6edc9129b 100644 --- a/lib/chef/resource/windows_dns_record.rb +++ b/lib/chef/resource/windows_dns_record.rb @@ -2,7 +2,7 @@ # Author:: Jason Field # # Copyright:: 2018, Calastone Ltd. -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsDnsRecord < Chef::Resource - resource_name :windows_dns_record provides :windows_dns_record description "The windows_dns_record resource creates a DNS record for the given domain." diff --git a/lib/chef/resource/windows_dns_zone.rb b/lib/chef/resource/windows_dns_zone.rb index 9ac208fddc..f303deabb2 100644 --- a/lib/chef/resource/windows_dns_zone.rb +++ b/lib/chef/resource/windows_dns_zone.rb @@ -2,7 +2,7 @@ # Author:: Jason Field # # Copyright:: 2018, Calastone Ltd. -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsDnsZone < Chef::Resource - resource_name :windows_dns_zone provides :windows_dns_zone description "The windows_dns_zone resource creates an Active Directory Integrated DNS Zone on the local server." diff --git a/lib/chef/resource/windows_env.rb b/lib/chef/resource/windows_env.rb index d1e14b1d04..4eda6e22b9 100644 --- a/lib/chef/resource/windows_env.rb +++ b/lib/chef/resource/windows_env.rb @@ -22,7 +22,6 @@ require_relative "../resource" class Chef class Resource class WindowsEnv < Chef::Resource - resource_name :windows_env provides :windows_env provides :env # backwards compat with the pre-Chef 14 resource name diff --git a/lib/chef/resource/windows_feature.rb b/lib/chef/resource/windows_feature.rb index c1edcc002b..7e5ad67dd2 100644 --- a/lib/chef/resource/windows_feature.rb +++ b/lib/chef/resource/windows_feature.rb @@ -1,7 +1,7 @@ # # Author:: Seth Chisamore (<schisamo@chef.io>) # -# Copyright:: 2011-2018, Chef Software, Inc. +# Copyright:: 2011-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsFeature < Chef::Resource - resource_name :windows_feature provides(:windows_feature) { true } description "Use the windows_feature resource to add, remove or entirely delete Windows features and roles. This resource calls the 'windows_feature_dism' or 'windows_feature_powershell' resources depending on the specified installation method, and defaults to DISM, which is available on both Workstation and Server editions of Windows." diff --git a/lib/chef/resource/windows_feature_dism.rb b/lib/chef/resource/windows_feature_dism.rb index faeb0b0762..1ffffee886 100644 --- a/lib/chef/resource/windows_feature_dism.rb +++ b/lib/chef/resource/windows_feature_dism.rb @@ -1,7 +1,7 @@ # # Author:: Seth Chisamore (<schisamo@chef.io>) # -# Copyright:: 2011-2018, Chef Software, Inc. +# Copyright:: 2011-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ require_relative "../platform/query_helpers" class Chef class Resource class WindowsFeatureDism < Chef::Resource - resource_name :windows_feature_dism provides(:windows_feature_dism) { true } description "Use the windows_feature_dism resource to add, remove, or entirely delete Windows features and roles using DISM." @@ -44,12 +43,10 @@ class Chef description: "Specifies a timeout (in seconds) for the feature installation.", default: 600 - # @return [Array] lowercase the array unless we're on < Windows 2012 + # @return [Array] lowercase the array def to_formatted_array(x) x = x.split(/\s*,\s*/) if x.is_a?(String) # split multiple forms of a comma separated list - - # feature installs on windows < 2012 are case sensitive so only downcase when on 2012+ - older_than_win_2012_or_8? ? x : x.map(&:downcase) + x.map(&:downcase) end action :install do @@ -98,8 +95,6 @@ class Chef action :delete do description "Remove a Windows role/feature from the image using DISM" - raise_if_delete_unsupported - reload_cached_dism_data unless node["dism_features_cache"] fail_if_unavailable # fail if the features don't exist @@ -193,27 +188,18 @@ class Chef logger.trace("The cache contains\n#{node["dism_features_cache"]}") end - # parse the feature string and add the values to the appropriate array - # in the - # strips trailing whitespace characters then split on n number of spaces - # + | + n number of spaces + # parse the feature string and add the values to the appropriate array in the strips + # trailing whitespace characters then split on n number of spaces + | + n number of spaces # @return [void] def add_to_feature_mash(feature_type, feature_string) feature_details = feature_string.strip.split(/\s+[|]\s+/).first - # dism on windows 2012+ isn't case sensitive so it's best to compare - # lowercase lists so the user input doesn't need to be case sensitive - # @todo when we're ready to remove windows 2008R2 the gating here can go away - feature_details.downcase! unless older_than_win_2012_or_8? + # dism isn't case sensitive so it's best to compare lowercase lists so the + # user input doesn't need to be case sensitive + feature_details.downcase! node.override["dism_features_cache"][feature_type] << feature_details end - # Fail unless we're on windows 8+ / 2012+ where deleting a feature is supported - # @return [void] - def raise_if_delete_unsupported - raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not supported on Windows releases before Windows 8/2012. Cannot continue!" if older_than_win_2012_or_8? - end - def required_parent_feature?(error_message) error_message.include?("Error: 50") && error_message.include?("required parent feature") end diff --git a/lib/chef/resource/windows_feature_powershell.rb b/lib/chef/resource/windows_feature_powershell.rb index 7d454a23bb..dd41cb7c57 100644 --- a/lib/chef/resource/windows_feature_powershell.rb +++ b/lib/chef/resource/windows_feature_powershell.rb @@ -1,7 +1,7 @@ # # Author:: Greg Zapp (<greg.zapp@gmail.com>) # -# Copyright:: 2015-2018, Chef Software, Inc +# Copyright:: 2015-2020, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,7 +16,6 @@ # limitations under the License. # -require_relative "../mixin/powershell_out" require_relative "../json_compat" require_relative "../resource" require_relative "../platform/query_helpers" @@ -24,7 +23,6 @@ require_relative "../platform/query_helpers" class Chef class Resource class WindowsFeaturePowershell < Chef::Resource - resource_name :windows_feature_powershell provides(:windows_feature_powershell) { true } description "Use the windows_feature_powershell resource to add, remove, or entirely delete Windows features and roles using PowerShell. This resource offers significant speed benefits over the windows_feature_dism resource, but requires installation of the Remote Server Administration Tools on non-server releases of Windows." @@ -50,20 +48,16 @@ class Chef description: "Install all applicable management tools for the roles, role services, or features.", default: false - # Converts strings of features into an Array. Array objects are lowercased unless we're on < 8/2k12+. + # Converts strings of features into an Array. Array objects are lowercased # @return [Array] array of features def to_formatted_array(x) x = x.split(/\s*,\s*/) if x.is_a?(String) # split multiple forms of a comma separated list - # feature installs on windows < 8/2012 are case sensitive so only downcase when on 2012+ - older_than_win_2012_or_8? ? x : x.map(&:downcase) + # features aren't case sensitive so let's compare in lowercase + x.map(&:downcase) end - include Chef::Mixin::PowershellOut - action :install do - raise_on_old_powershell - reload_cached_powershell_data unless node["powershell_features_cache"] fail_if_unavailable # fail if the features don't exist fail_if_removed # fail if the features are in removed state @@ -71,14 +65,10 @@ class Chef Chef::Log.debug("Windows features needing installation: #{features_to_install.empty? ? "none" : features_to_install.join(",")}") unless features_to_install.empty? converge_by("install Windows feature#{"s" if features_to_install.count > 1} #{features_to_install.join(",")}") do - install_command = "#{install_feature_cmdlet} #{features_to_install.join(",")}" - install_command << " -IncludeAllSubFeature" if new_resource.all - if older_than_win_2012_or_8? && (new_resource.source || new_resource.management_tools) - Chef::Log.warn("The 'source' and 'management_tools' properties are only available on Windows 8/2012 or greater. Skipping these properties!") - else - install_command << " -Source \"#{new_resource.source}\"" if new_resource.source - install_command << " -IncludeManagementTools" if new_resource.management_tools - end + install_command = "Install-WindowsFeature #{features_to_install.join(",")}" + install_command << " -IncludeAllSubFeature" if new_resource.all + install_command << " -Source \"#{new_resource.source}\"" if new_resource.source + install_command << " -IncludeManagementTools" if new_resource.management_tools cmd = powershell_out!(install_command, timeout: new_resource.timeout) Chef::Log.info(cmd.stdout) @@ -89,15 +79,13 @@ class Chef end action :remove do - raise_on_old_powershell - reload_cached_powershell_data unless node["powershell_features_cache"] Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}") unless features_to_remove.empty? converge_by("remove Windows feature#{"s" if features_to_remove.count > 1} #{features_to_remove.join(",")}") do - cmd = powershell_out!("#{remove_feature_cmdlet} #{features_to_remove.join(",")}", timeout: new_resource.timeout) + cmd = powershell_out!("Uninstall-WindowsFeature #{features_to_remove.join(",")}", timeout: new_resource.timeout) Chef::Log.info(cmd.stdout) reload_cached_powershell_data # Reload cached powershell feature state @@ -106,9 +94,6 @@ class Chef end action :delete do - raise_on_old_powershell - raise_if_delete_unsupported - reload_cached_powershell_data unless node["powershell_features_cache"] fail_if_unavailable # fail if the features don't exist @@ -126,41 +111,6 @@ class Chef end action_class do - # shellout to determine the actively installed version of powershell - # we have this same data in ohai, but it doesn't get updated if powershell is installed mid run - # @return [Integer] the powershell version or 0 for nothing - def powershell_version - cmd = powershell_out("$PSVersionTable.psversion.major") - return 1 if cmd.stdout.empty? # PowerShell 1.0 doesn't have a $PSVersionTable - - Regexp.last_match(1).to_i if cmd.stdout =~ /^(\d+)/ - rescue Errno::ENOENT - 0 # zero as in nothing is installed - end - - # raise if we're running powershell less than 3.0 since we need convertto-json - # check the powershell version via ohai data and if we're < 3.0 also shellout to make sure as - # a newer version could be installed post ohai run. Yes we're double checking. It's fine. - # @todo this can go away when we fully remove support for Windows 2008 R2 - # @raise [RuntimeError] Raise if powershell is < 3.0 - def raise_on_old_powershell - # be super defensive about the powershell lang plugin not being there - return if node["languages"] && node["languages"]["powershell"] && node["languages"]["powershell"]["version"].to_i >= 3 - raise "The windows_feature_powershell resource requires PowerShell 3.0 or later. Please install PowerShell 3.0+ before running this resource." if powershell_version < 3 - end - - # The appropriate cmdlet to install a windows feature based on windows release - # @return [String] - def install_feature_cmdlet - older_than_win_2012_or_8? ? "Add-WindowsFeature" : "Install-WindowsFeature" - end - - # The appropriate cmdlet to remove a windows feature based on windows release - # @return [String] - def remove_feature_cmdlet - older_than_win_2012_or_8? ? "Remove-WindowsFeature" : "Uninstall-WindowsFeature" - end - # @return [Array] features the user has requested to install which need installation def features_to_install # the intersection of the features to install & disabled features are what needs installing @@ -224,13 +174,8 @@ class Chef # fetch the list of available feature names and state in JSON and parse the JSON def parsed_feature_list - # Grab raw feature information from dism command line - # Windows < 2012 doesn't present a state value so we have to check if the feature is installed or not - raw_list_of_features = if older_than_win_2012_or_8? # make the older format look like the new format, warts and all - powershell_out!('Get-WindowsFeature | Select-Object -Property Name, @{Name="InstallState"; Expression = {If ($_.Installed) { 1 } Else { 0 }}} | ConvertTo-Json -Compress', timeout: new_resource.timeout).stdout - else - powershell_out!("Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress", timeout: new_resource.timeout).stdout - end + # Grab raw feature information from WindowsFeature + raw_list_of_features = powershell_out!("Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress", timeout: new_resource.timeout).stdout Chef::JSONCompat.from_json(raw_list_of_features) end @@ -238,26 +183,19 @@ class Chef # add the features values to the appropriate array # @return [void] def add_to_feature_mash(feature_type, feature_details) - # add the lowercase feature name to the mash unless we're on < 2012 where they're case sensitive - node.override["powershell_features_cache"][feature_type] << (older_than_win_2012_or_8? ? feature_details : feature_details.downcase) + # add the lowercase feature name to the mash so we can compare it lowercase later + node.override["powershell_features_cache"][feature_type] << feature_details.downcase end # Fail if any of the packages are in a removed state # @return [void] def fail_if_removed return if new_resource.source # if someone provides a source then all is well + return if registry_key_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing') && registry_value_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing', name: "LocalSourcePath") # if source is defined in the registry, still fine - if node["platform_version"].to_f > 6.2 # 2012R2 or later - return if registry_key_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing') && registry_value_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing', name: "LocalSourcePath") # if source is defined in the registry, still fine - end removed = new_resource.feature_name & node["powershell_features_cache"]["removed"] raise "The Windows feature#{"s" if removed.count > 1} #{removed.join(",")} #{removed.count > 1 ? "are" : "is"} removed from the host and cannot be installed." unless removed.empty? end - - # Fail unless we're on windows 8+ / 2012+ where deleting a feature is supported - def raise_if_delete_unsupported - raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not supported on Windows releases before Windows 8/2012. Cannot continue!" if older_than_win_2012_or_8? - end end end end diff --git a/lib/chef/resource/windows_firewall_rule.rb b/lib/chef/resource/windows_firewall_rule.rb index c3185d7c37..4a051db2bf 100644 --- a/lib/chef/resource/windows_firewall_rule.rb +++ b/lib/chef/resource/windows_firewall_rule.rb @@ -3,7 +3,7 @@ # Author:: Tor Magnus Rakvåg (tor.magnus@outlook.com) # Author:: Tim Smith (tsmith@chef.io) # Copyright:: 2013-2015 Matt Clifton -# Copyright:: 2018, Chef Software, Inc. +# Copyright:: 2018-2020, Chef Software Inc. # Copyright:: 2018, Intility AS # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,7 @@ require_relative "../json_compat" class Chef class Resource class WindowsFirewallRule < Chef::Resource - resource_name :windows_firewall_rule + provides :windows_firewall_rule description "Use the windows_firewall_rule resource to create, change or remove windows firewall rules." introduced "14.7" diff --git a/lib/chef/resource/windows_font.rb b/lib/chef/resource/windows_font.rb index 64644a815f..a1bccebfec 100644 --- a/lib/chef/resource/windows_font.rb +++ b/lib/chef/resource/windows_font.rb @@ -1,6 +1,6 @@ # # Copyright:: 2014-2018, Schuberg Philis BV. -# Copyright:: 2017-2018, Chef Software, Inc. +# Copyright:: 2017-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ class Chef class WindowsFont < Chef::Resource require_relative "../util/path_helper" - resource_name :windows_font provides(:windows_font) { true } description "Use the windows_font resource to install font files on Windows. By default, the font is sourced from the cookbook using the resource, but a URI source can be specified as well." diff --git a/lib/chef/resource/windows_package.rb b/lib/chef/resource/windows_package.rb index 5592e537b4..5bfc9554df 100644 --- a/lib/chef/resource/windows_package.rb +++ b/lib/chef/resource/windows_package.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2014-2017, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,17 +20,17 @@ require_relative "../mixin/uris" require_relative "package" require_relative "../provider/package/windows" require_relative "../win32/error" if RUBY_PLATFORM =~ /mswin|mingw|windows/ +require_relative "../dist" class Chef class Resource class WindowsPackage < Chef::Resource::Package include Chef::Mixin::Uris - resource_name :windows_package provides(:windows_package) { true } provides :package, os: "windows" - description "Use the windows_package resource to manage Microsoft Installer Package (MSI) packages for the Microsoft Windows platform." + description "Use the windows_package resource to manage packages on the Microsoft Windows platform. The windows_package resource supports these installer formats:\n\n Microsoft Installer Package (MSI)\n Nullsoft Scriptable Install System (NSIS)\n Inno Setup (inno)\n Wise\n InstallShield\n Custom installers such as installing a non-.msi file that embeds an .msi-based installer\n" introduced "11.12" allowed_actions :install, :remove @@ -41,21 +41,41 @@ class Chef end # windows can't take array options yet - property :options, String + property :options, String, + description: "One (or more) additional options that are passed to the command." # Unique to this resource - property :installer_type, Symbol - property :timeout, [ String, Integer ], default: 600 + property :installer_type, Symbol, + equal_to: %i{custom inno installshield msi nsis wise}, + description: "A symbol that specifies the type of package. Possible values: :custom (such as installing a non-.msi file that embeds an .msi-based installer), :inno (Inno Setup), :installshield (InstallShield), :msi (Microsoft Installer Package (MSI)), :nsis (Nullsoft Scriptable Install System (NSIS)), :wise (Wise)." + + property :timeout, [ String, Integer ], default: 600, + default_description: "600 (seconds)", + description: "The amount of time (in seconds) to wait before timing out." + # In the past we accepted return code 127 for an unknown reason and 42 because of a bug - property :returns, [ String, Integer, Array ], default: [ 0 ], desired_state: false + # we accept 3010 which means success, but a reboot is necessary + property :returns, [ String, Integer, Array ], default: [ 0, 3010 ], + desired_state: false, + description: "A comma-delimited list of return codes that indicate the success or failure of the package command that was run.", + default_description: "0 (success) and 3010 (success where a reboot is necessary)" + property :source, String, coerce: (proc do |s| unless s.nil? uri_scheme?(s) ? s : Chef::Util::PathHelper.canonical_path(s, false) end - end) - property :checksum, String, desired_state: false - property :remote_file_attributes, Hash, desired_state: false + end), + default_description: "The resource block's name", # this property is basically a name_property but not really so we need to spell it out + description: "The path to a package in the local file system. The location of the package may be at a URL. \n" + + property :checksum, String, + desired_state: false, coerce: (proc { |c| c.downcase }), + description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{Chef::Dist::PRODUCT} does not download it. Use when a URL is specified by the source property." + + property :remote_file_attributes, Hash, + desired_state: false, + description: "If the source package to install is at a remote location this property allows you to define a hash of properties and their value which will be used by the underlying remote_file resource, which fetches the source." end end end diff --git a/lib/chef/resource/windows_pagefile.rb b/lib/chef/resource/windows_pagefile.rb index 03a7511f47..3a4ccb6fe0 100644 --- a/lib/chef/resource/windows_pagefile.rb +++ b/lib/chef/resource/windows_pagefile.rb @@ -1,6 +1,6 @@ # # Copyright:: 2012-2018, Nordstrom, Inc. -# Copyright:: 2017-2018, Chef Software, Inc. +# Copyright:: 2017-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ require_relative "../resource" class Chef class Resource class WindowsPagefile < Chef::Resource - resource_name :windows_pagefile provides(:windows_pagefile) { true } description "Use the windows_pagefile resource to configure pagefile settings on Windows." diff --git a/lib/chef/resource/windows_path.rb b/lib/chef/resource/windows_path.rb index 0067de5baf..49199f460b 100644 --- a/lib/chef/resource/windows_path.rb +++ b/lib/chef/resource/windows_path.rb @@ -1,6 +1,6 @@ # # Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsPath < Chef::Resource - resource_name :windows_path provides(:windows_path) { true } description "Use the windows_path resource to manage the path environment variable on Microsoft Windows." diff --git a/lib/chef/resource/windows_printer.rb b/lib/chef/resource/windows_printer.rb index d782c1b360..d1b1538f6e 100644 --- a/lib/chef/resource/windows_printer.rb +++ b/lib/chef/resource/windows_printer.rb @@ -24,7 +24,6 @@ class Chef class WindowsPrinter < Chef::Resource require "resolv" - resource_name :windows_printer provides(:windows_printer) { true } description "Use the windows_printer resource to setup Windows printers. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system." diff --git a/lib/chef/resource/windows_printer_port.rb b/lib/chef/resource/windows_printer_port.rb index cd1a5f55c2..e51969edfb 100644 --- a/lib/chef/resource/windows_printer_port.rb +++ b/lib/chef/resource/windows_printer_port.rb @@ -24,7 +24,6 @@ class Chef class WindowsPrinterPort < Chef::Resource require "resolv" - resource_name :windows_printer_port provides(:windows_printer_port) { true } description "Use the windows_printer_port resource to create and delete TCP/IPv4 printer ports on Windows." diff --git a/lib/chef/resource/windows_script.rb b/lib/chef/resource/windows_script.rb index f17b3e31c9..94c041eb26 100644 --- a/lib/chef/resource/windows_script.rb +++ b/lib/chef/resource/windows_script.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2019, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,6 +25,8 @@ class Chef class WindowsScript < Chef::Resource::Script unified_mode true + provides :windows_script + # This is an abstract resource meant to be subclasses; thus no 'provides' set_guard_inherited_attributes(:architecture) @@ -54,10 +56,7 @@ class Chef protected def assert_architecture_compatible!(desired_architecture) - if desired_architecture == :i386 && Chef::Platform.windows_nano_server? - raise Chef::Exceptions::Win32ArchitectureIncorrect, - "cannot execute script with requested architecture 'i386' on Windows Nano Server" - elsif ! node_supports_windows_architecture?(node, desired_architecture) + unless node_supports_windows_architecture?(node, desired_architecture) raise Chef::Exceptions::Win32ArchitectureIncorrect, "cannot execute script with requested architecture '#{desired_architecture}' on a system with architecture '#{node_windows_architecture(node)}'" end diff --git a/lib/chef/resource/windows_security_policy.rb b/lib/chef/resource/windows_security_policy.rb new file mode 100644 index 0000000000..65d52acca8 --- /dev/null +++ b/lib/chef/resource/windows_security_policy.rb @@ -0,0 +1,90 @@ +# +# Author:: Ashwini Nehate (<anehate@chef.io>) +# Author:: Davin Taddeo (<davin@chef.io>) +# Author:: Jeff Brimager (<jbrimager@chef.io>) +# Copyright:: 2019-2020, Chef Software Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require_relative "../resource" + +class Chef + class Resource + class WindowsSecurityPolicy < Chef::Resource + resource_name :windows_security_policy + + # The valid policy_names options found here + # https://github.com/ChrisAWalker/cSecurityOptions under 'AccountSettings' + policy_names = %w{MinimumPasswordAge + MaximumPasswordAge + MinimumPasswordLength + PasswordComplexity + PasswordHistorySize + LockoutBadCount + RequireLogonToChangePassword + ForceLogoffWhenHourExpire + NewAdministratorName + NewGuestName + ClearTextPassword + LSAAnonymousNameLookup + EnableAdminAccount + EnableGuestAccount + } + description "Use the windows_security_policy resource to set a security policy on the Microsoft Windows platform." + introduced "16.0" + + property :secoption, String, name_property: true, required: true, equal_to: policy_names, + description: "The name of the policy to be set on windows platform to maintain its security." + + property :secvalue, String, required: true, + description: "Policy value to be set for policy name." + + action :set do + security_option = new_resource.secoption + security_value = new_resource.secvalue + powershell_script "#{security_option} set to #{security_value}" do + convert_boolean_return true + code <<-EOH + $security_option = "#{security_option}" + if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") ) + { + $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf + C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY + } + else + { + $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace "#{security_option}\\s*=\\s*\\d*", "#{security_option} = #{security_value}" } | Set-Content $env:TEMP\\#{security_option}_Export.inf + C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY + } + Remove-Item $env:TEMP\\#{security_option}_Export.inf -force + EOH + not_if <<-EOH + $#{security_option}_Export = C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf + $ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option}) + $check_digit = $ExportAudit -match '#{security_option} = #{security_value}' + $check_string = $ExportAudit -match '#{security_option} = "#{security_value}"' + if ( $check_string -Or $check_digit ) + { + Remove-Item $env:TEMP\\#{security_option}_Export.inf -force + $true + } + else + { + $false + } + EOH + end + end + end + end +end diff --git a/lib/chef/resource/windows_share.rb b/lib/chef/resource/windows_share.rb index b4f344eb96..1b81eaf55f 100644 --- a/lib/chef/resource/windows_share.rb +++ b/lib/chef/resource/windows_share.rb @@ -4,7 +4,7 @@ # Author:: Tim Smith (tsmith@chef.io) # # Copyright:: 2014-2017, Sölvi Páll Ásgeirsson. -# Copyright:: 2018, Chef Software, Inc. +# Copyright:: 2018-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ require_relative "../util/path_helper" class Chef class Resource class WindowsShare < Chef::Resource - resource_name :windows_share + provides :windows_share description "Use the windows_share resource to create, modify and remove Windows shares." introduced "14.7" diff --git a/lib/chef/resource/windows_shortcut.rb b/lib/chef/resource/windows_shortcut.rb index 0c6dc63e6e..71e0f6be9b 100644 --- a/lib/chef/resource/windows_shortcut.rb +++ b/lib/chef/resource/windows_shortcut.rb @@ -1,7 +1,7 @@ # # Author:: Doug MacEachern <dougm@vmware.com> # Copyright:: 2010-2018, VMware, Inc. -# Copyright:: 2017-2018, Chef Software, Inc. +# Copyright:: 2017-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class WindowsShortcut < Chef::Resource - resource_name :windows_shortcut provides(:windows_shortcut) { true } description "Use the windows_shortcut resource to create shortcut files on Windows." diff --git a/lib/chef/resource/windows_task.rb b/lib/chef/resource/windows_task.rb index 95de6b37c2..2b866026ec 100644 --- a/lib/chef/resource/windows_task.rb +++ b/lib/chef/resource/windows_task.rb @@ -1,6 +1,6 @@ # # Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,6 @@ require_relative "../win32/security" if Chef::Platform.windows? class Chef class Resource class WindowsTask < Chef::Resource - resource_name :windows_task provides(:windows_task) { true } description "Use the windows_task resource to create, delete or run a Windows scheduled task. Requires Windows Server 2008 or later due to API usage." @@ -77,7 +76,8 @@ class Chef description: "The frequency with which to run the task." property :start_day, String, - description: "Specifies the first date on which the task runs in MM/DD/YYYY format." + description: "Specifies the first date on which the task runs in MM/DD/YYYY format.", + default_description: "The current date." property :start_time, String, description: "Specifies the start time to run the task, in HH:mm format." diff --git a/lib/chef/resource/windows_uac.rb b/lib/chef/resource/windows_uac.rb index c4d5b53c14..4e9b18ce43 100644 --- a/lib/chef/resource/windows_uac.rb +++ b/lib/chef/resource/windows_uac.rb @@ -1,6 +1,6 @@ # # Author:: Tim Smith (<tsmith@chef.io>) -# Copyright:: 2019, Chef Software, Inc. +# Copyright:: 2019-2020, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ require_relative "../resource" class Chef class Resource class WindowsUac < Chef::Resource - resource_name :windows_uac provides :windows_uac description 'The windows_uac resource configures UAC on Windows hosts by setting registry keys at \'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'' diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb new file mode 100644 index 0000000000..43dd3546a6 --- /dev/null +++ b/lib/chef/resource/windows_user_privilege.rb @@ -0,0 +1,157 @@ +# +# Author:: Jared Kauppila (<jared@kauppi.la>) +# Author:: Vasundhara Jagdale(<vasundhara.jagdale@chef.io>) +# Copyright 2008-2020, Chef Software Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" + +class Chef + class Resource + class WindowsUserPrivilege < Chef::Resource + privilege_opts = %w{SeTrustedCredManAccessPrivilege + SeNetworkLogonRight + SeTcbPrivilege + SeMachineAccountPrivilege + SeIncreaseQuotaPrivilege + SeInteractiveLogonRight + SeRemoteInteractiveLogonRight + SeBackupPrivilege + SeChangeNotifyPrivilege + SeSystemtimePrivilege + SeTimeZonePrivilege + SeCreatePagefilePrivilege + SeCreateTokenPrivilege + SeCreateGlobalPrivilege + SeCreatePermanentPrivilege + SeCreateSymbolicLinkPrivilege + SeDebugPrivilege + SeDenyNetworkLogonRight + SeDenyBatchLogonRight + SeDenyServiceLogonRight + SeDenyInteractiveLogonRight + SeDenyRemoteInteractiveLogonRight + SeEnableDelegationPrivilege + SeRemoteShutdownPrivilege + SeAuditPrivilege + SeImpersonatePrivilege + SeIncreaseWorkingSetPrivilege + SeIncreaseBasePriorityPrivilege + SeLoadDriverPrivilege + SeLockMemoryPrivilege + SeBatchLogonRight + SeServiceLogonRight + SeSecurityPrivilege + SeRelabelPrivilege + SeSystemEnvironmentPrivilege + SeManageVolumePrivilege + SeProfileSingleProcessPrivilege + SeSystemProfilePrivilege + SeUndockPrivilege + SeAssignPrimaryTokenPrivilege + SeRestorePrivilege + SeShutdownPrivilege + SeSyncAgentPrivilege + SeTakeOwnershipPrivilege + } + + provides :windows_user_privilege + description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege. \n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment" + + introduced "16.0" + + property :principal, String, + description: "An optional property to add the user to the given privilege. Use only with add and remove action.", + name_property: true + + property :users, Array, + description: "An optional property to set the privilege for given users. Use only with set action." + + property :privilege, [Array, String], + description: "Privilege to set for users.", + required: true, + coerce: proc { |v| v.is_a?(String) ? Array[v] : v }, + callbacks: { + "Option privilege must include any of the: #{privilege_opts}" => lambda { + |v| (privilege_opts & v).size == v.size + }, + } + + load_current_value do |new_resource| + unless new_resource.principal.nil? + privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal) unless new_resource.action.include?(:set) + end + end + + action :add do + ([*new_resource.privilege] - [*current_resource.privilege]).each do |user_right| + converge_by("adding user '#{new_resource.principal}' privilege #{user_right}") do + Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal, user_right) + end + end + end + + action :set do + if new_resource.users.nil? || new_resource.users.empty? + raise Chef::Exceptions::ValidationFailed, "Users are required property with set action." + end + + users = [] + + # Getting users with its domain for comparison + new_resource.users.each do |user| + user = Chef::ReservedNames::Win32::Security.lookup_account_name(user) + users << user[1].account_name if user + end + + new_resource.privilege.each do |privilege| + accounts = Chef::ReservedNames::Win32::Security.get_account_with_user_rights(privilege) + + # comparing the existing accounts for privilege with users + unless users == accounts + # Removing only accounts which is not matching with users in new_resource + (accounts - users).each do |account| + converge_by("removing user '#{account}' from privilege #{privilege}") do + Chef::ReservedNames::Win32::Security.remove_account_right(account, privilege) + end + end + + # Adding only users which is not already exist + (users - accounts).each do |user| + converge_by("adding user '#{user}' to privilege #{privilege}") do + Chef::ReservedNames::Win32::Security.add_account_right(user, privilege) + end + end + end + end + end + + action :remove do + curr_res_privilege = current_resource.privilege + missing_res_privileges = (new_resource.privilege - curr_res_privilege) + + if missing_res_privileges + Chef::Log.info("User \'#{new_resource.principal}\' for Privilege: #{missing_res_privileges.join(", ")} not found. Nothing to remove.") + end + + (new_resource.privilege - missing_res_privileges).each do |user_right| + converge_by("removing user #{new_resource.principal} from privilege #{user_right}") do + Chef::ReservedNames::Win32::Security.remove_account_right(new_resource.principal, user_right) + end + end + end + end + end +end diff --git a/lib/chef/resource/windows_workgroup.rb b/lib/chef/resource/windows_workgroup.rb index b1ae5c2b95..bcb791af77 100644 --- a/lib/chef/resource/windows_workgroup.rb +++ b/lib/chef/resource/windows_workgroup.rb @@ -22,7 +22,6 @@ require_relative "../dist" class Chef class Resource class WindowsWorkgroup < Chef::Resource - resource_name :windows_workgroup provides :windows_workgroup include Chef::Mixin::PowershellOut diff --git a/lib/chef/resource/yum_package.rb b/lib/chef/resource/yum_package.rb index d1d63e64c8..0a0f4b3e71 100644 --- a/lib/chef/resource/yum_package.rb +++ b/lib/chef/resource/yum_package.rb @@ -1,6 +1,6 @@ # # Author:: AJ Christensen (<aj@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,9 @@ require_relative "../dist" class Chef class Resource class YumPackage < Chef::Resource::Package - resource_name :yum_package + unified_mode true + + provides :yum_package provides :package, platform_family: "fedora_derived" description "Use the yum_package resource to install, upgrade, and remove packages with Yum"\ diff --git a/lib/chef/resource/yum_repository.rb b/lib/chef/resource/yum_repository.rb index 05639842af..28e5c809c5 100644 --- a/lib/chef/resource/yum_repository.rb +++ b/lib/chef/resource/yum_repository.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: Copyright (c) 2016-2017 Chef Software, Inc. +# Copyright:: Copyright (c) 2016-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class YumRepository < Chef::Resource - resource_name :yum_repository provides(:yum_repository) { true } description "Use the yum_repository resource to manage a Yum repository configuration"\ diff --git a/lib/chef/resource/zypper_package.rb b/lib/chef/resource/zypper_package.rb index 3e4bff4cd7..4a56191a2a 100644 --- a/lib/chef/resource/zypper_package.rb +++ b/lib/chef/resource/zypper_package.rb @@ -20,9 +20,10 @@ require_relative "package" class Chef class Resource - class ZypperPackage < Chef::Resource::Package - resource_name :zypper_package + unified_mode true + + provides :zypper_package provides :package, platform_family: "suse" description "Use the zypper_package resource to install, upgrade, and remove packages with Zypper for the SUSE Enterprise and OpenSUSE platforms." diff --git a/lib/chef/resource/zypper_repository.rb b/lib/chef/resource/zypper_repository.rb index 447660e9ac..6cc0929fad 100644 --- a/lib/chef/resource/zypper_repository.rb +++ b/lib/chef/resource/zypper_repository.rb @@ -1,6 +1,6 @@ # # Author:: Tim Smith (<tsmith@chef.io>) -# Copyright:: Copyright (c) 2017 Chef Software, Inc. +# Copyright:: Copyright (c) 2017-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,6 @@ require_relative "../resource" class Chef class Resource class ZypperRepository < Chef::Resource - resource_name :zypper_repository provides(:zypper_repository) { true } provides(:zypper_repo) { true } diff --git a/lib/chef/resource_builder.rb b/lib/chef/resource_builder.rb index 7d2184c06a..1469514ac3 100644 --- a/lib/chef/resource_builder.rb +++ b/lib/chef/resource_builder.rb @@ -1,6 +1,6 @@ # # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2015-2017, Chef Software Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -73,6 +73,14 @@ class Chef # Run optional resource hook resource.after_created + # Force to compile_time execution if the flag is set + if resource.compile_time + Array(resource.action).each do |action| + resource.run_action(action) + end + resource.action :nothing + end + resource end diff --git a/lib/chef/resource_inspector.rb b/lib/chef/resource_inspector.rb index 8d92db04b6..b3c2f4d1e0 100644 --- a/lib/chef/resource_inspector.rb +++ b/lib/chef/resource_inspector.rb @@ -1,4 +1,4 @@ -# Copyright:: Copyright 2018, Chef Software, Inc +# Copyright:: Copyright 2018-2020, Chef Software, Inc # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -58,7 +58,8 @@ module ResourceInspector deprecated: opts[:deprecated] || false, required: opts[:required] || false, default: opts[:default_description] || get_default(opts[:default]), - name_property: opts[:name_property] || false } + name_property: opts[:name_property] || false, + equal_to: opts[:equal_to] || [] } end data end @@ -92,7 +93,7 @@ module ResourceInspector if File.directory?(arg) extract_cookbook(arg, complete).each { |k, v| acc[k] = v } else - r = Chef::ResourceResolver.resolve(arg.to_sym, canonical: nil) + r = Chef::ResourceResolver.resolve(arg.to_sym) acc[r.resource_name] = extract_resource(r, complete) end end diff --git a/lib/chef/resource_resolver.rb b/lib/chef/resource_resolver.rb index 410f7f0076..d6635559f0 100644 --- a/lib/chef/resource_resolver.rb +++ b/lib/chef/resource_resolver.rb @@ -1,6 +1,6 @@ # # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2015-2017, Chef Software Inc. +# Copyright:: Copyright 2015-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,8 +29,8 @@ class Chef # @param node [Chef::Node] The node against which to resolve. `nil` causes # platform filters to be ignored. # - def self.resolve(resource_name, node: nil, canonical: nil) - new(node, resource_name, canonical: canonical).resolve + def self.resolve(resource_name, node: nil) + new(node, resource_name).resolve end # @@ -40,11 +40,9 @@ class Chef # @param resource_name [Symbol] The resource DSL name (e.g. `:file`). # @param node [Chef::Node] The node against which to resolve. `nil` causes # platform filters to be ignored. - # @param canonical [Boolean] `true` or `false` to match canonical or - # non-canonical values only. `nil` to ignore canonicality. # - def self.list(resource_name, node: nil, canonical: nil) - new(node, resource_name, canonical: canonical).list + def self.list(resource_name, node: nil) + new(node, resource_name).list end include Chef::Mixin::ConvertToClassName @@ -55,8 +53,6 @@ class Chef attr_reader :resource_name # @api private attr_reader :action - # @api private - attr_reader :canonical # # Create a resolver. @@ -64,14 +60,11 @@ class Chef # @param node [Chef::Node] The node against which to resolve. `nil` causes # platform filters to be ignored. # @param resource_name [Symbol] The resource DSL name (e.g. `:file`). - # @param canonical [Boolean] `true` or `false` to match canonical or - # non-canonical values only. `nil` to ignore canonicality. Default: `nil` # # @api private use Chef::ResourceResolver.resolve or .list instead. - def initialize(node, resource_name, canonical: nil) + def initialize(node, resource_name) @node = node @resource_name = resource_name.to_sym - @canonical = canonical end # @api private use Chef::ResourceResolver.resolve instead. @@ -135,7 +128,7 @@ class Chef # @api private def potential_handlers - handler_map.list(node, resource_name, canonical: canonical).uniq + handler_map.list(node, resource_name).uniq end def enabled_handlers @@ -146,7 +139,7 @@ class Chef @prioritized_handlers ||= begin enabled_handlers = self.enabled_handlers - prioritized = priority_map.list(node, resource_name, canonical: canonical).flatten(1) + prioritized = priority_map.list(node, resource_name).flatten(1) prioritized &= enabled_handlers # Filter the priority map by the actual enabled handlers prioritized |= enabled_handlers # Bring back any handlers that aren't in the priority map, at the *end* (ordered set) prioritized diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index d0344ceb9c..1fc707f642 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2010-2019, Chef Software, Inc. +# Copyright:: Copyright 2010-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,7 @@ # limitations under the License. # +require_relative "resource/alternatives" require_relative "resource/apt_package" require_relative "resource/apt_preference" require_relative "resource/apt_repository" @@ -29,6 +30,7 @@ require_relative "resource/cookbook_file" require_relative "resource/chef_gem" require_relative "resource/chef_handler" require_relative "resource/chef_sleep" +require_relative "resource/chef_vault_secret" require_relative "resource/chocolatey_config" require_relative "resource/chocolatey_feature" require_relative "resource/chocolatey_package" @@ -66,6 +68,7 @@ require_relative "resource/macports_package" require_relative "resource/macos_userdefaults" require_relative "resource/mdadm" require_relative "resource/mount" +require_relative "resource/notify_group" require_relative "resource/ohai" require_relative "resource/ohai_hint" require_relative "resource/openbsd_package" @@ -121,6 +124,7 @@ require_relative "resource/user/mac_user" require_relative "resource/user/pw_user" require_relative "resource/user/solaris_user" require_relative "resource/user/windows_user" +require_relative "resource/user_ulimit" require_relative "resource/whyrun_safe_ruby_block" require_relative "resource/windows_env" require_relative "resource/windows_package" @@ -156,3 +160,5 @@ require_relative "resource/windows_task" require_relative "resource/windows_uac" require_relative "resource/windows_workgroup" require_relative "resource/timezone" +require_relative "resource/windows_user_privilege" +require_relative "resource/windows_security_policy" diff --git a/lib/chef/search/query.rb b/lib/chef/search/query.rb index 46dedd33f8..fa758fc274 100644 --- a/lib/chef/search/query.rb +++ b/lib/chef/search/query.rb @@ -63,7 +63,7 @@ class Chef args_h = hashify_args(*args) if args_h[:fuzz] - if type == :node + if type.to_sym == :node query = fuzzify_node_query(query) end # FIXME: can i haz proper ruby-2.x named parameters someday plz? diff --git a/lib/chef/shell.rb b/lib/chef/shell.rb index 68c286abb1..d22400176c 100644 --- a/lib/chef/shell.rb +++ b/lib/chef/shell.rb @@ -61,6 +61,11 @@ module Shell # to get access to the main object before irb starts. ::IRB.setup(nil) + irb_conf[:USE_COLORIZE] = options.config[:use_colorize] + irb_conf[:USE_SINGLELINE] = options.config[:use_singleline] + irb_conf[:USE_MULTILINE] = options.config[:use_multiline] + pp irb_conf[:USE_MULTILINE] + irb = IRB::Irb.new if solo_mode? @@ -127,6 +132,8 @@ module Shell conf.prompt_n = "#{Chef::Dist::EXEC}#{leader(m)} ?> " conf.prompt_s = "#{Chef::Dist::EXEC}#{leader(m)}%l> " conf.use_tracer = false + conf.instance_variable_set(:@use_multiline, false) + conf.instance_variable_set(:@use_singleline, false) end end @@ -159,11 +166,10 @@ module Shell puts "run `help' for help, `exit' or ^D to quit." puts - puts "Ohai2u#{greeting}!" end def self.greeting - " #{Etc.getlogin}@#{Shell.session.node["fqdn"]}" + "#{Etc.getlogin}@#{Shell.session.node["fqdn"]}" rescue NameError, ArgumentError "" end @@ -219,6 +225,21 @@ module Shell #{Chef::Dist::USER_CONF_DIR}/knife.rb if -s option is given. FOOTER + option :use_multiline, + long: "--[no-]multiline", + default: true, + description: "[Do not] use multiline editor module" + + option :use_singleline, + long: "--[no-]singleline", + default: true, + description: "[Do not] use singleline editor module" + + option :use_colorize, + long: "--[no-]colorize", + default: true, + description: "[Do not] use colorization" + option :config_file, short: "-c CONFIG", long: "--config CONFIG", @@ -241,7 +262,7 @@ module Shell option :standalone, short: "-a", long: "--standalone", - description: "standalone session", + description: "Standalone session", default: true, boolean: true @@ -255,7 +276,7 @@ module Shell option :client, short: "-z", long: "--client", - description: "#{Chef::Dist::CLIENT} session", + description: "#{Chef::Dist::PRODUCT} session", boolean: true option :solo_legacy_shell, @@ -273,7 +294,7 @@ module Shell option :chef_server_url, short: "-S CHEFSERVERURL", long: "--server CHEFSERVERURL", - description: "The #{Chef::Dist::PRODUCT} server URL", + description: "The #{Chef::Dist::SERVER_PRODUCT} URL", proc: nil option :version, diff --git a/lib/chef/shell/ext.rb b/lib/chef/shell/ext.rb index b62b87ac6d..01a7407de5 100644 --- a/lib/chef/shell/ext.rb +++ b/lib/chef/shell/ext.rb @@ -204,16 +204,14 @@ module Shell else puts help_banner end - :ucanhaz_halp + :help end alias :halp :help - desc "prints information about chef" + desc "prints information about #{Chef::Dist::PRODUCT}" def version - puts "This is the #{Chef::Dist::SHELL}.\n" + - " #{Chef::Dist::PRODUCT} Version: #{::Chef::VERSION}\n" + - " #{Chef::Dist::WEBSITE}\n" + - " https://docs.chef.io/" + puts "Welcome to the #{Chef::Dist::SHELL} #{::Chef::VERSION}\n" + + "For usage see https://docs.chef.io/chef_shell/" :ucanhaz_automation end alias :shell :version diff --git a/lib/chef/util/diff.rb b/lib/chef/util/diff.rb index 326f67a38e..a8b670ca9c 100644 --- a/lib/chef/util/diff.rb +++ b/lib/chef/util/diff.rb @@ -152,14 +152,14 @@ class Chef if !diff_str.empty? && diff_str != "No differences encountered\n" if diff_str.length > diff_output_threshold - return "(long diff of over #{diff_output_threshold} characters, diff output suppressed)" + "(long diff of over #{diff_output_threshold} characters, diff output suppressed)" else diff_str = encode_diff_for_json(diff_str) @diff = diff_str.split("\n") - return "(diff available)" + "(diff available)" end else - return "(no diff)" + "(no diff)" end end diff --git a/lib/chef/util/selinux.rb b/lib/chef/util/selinux.rb index 7e477b016c..6840971536 100644 --- a/lib/chef/util/selinux.rb +++ b/lib/chef/util/selinux.rb @@ -75,9 +75,9 @@ class Chef cmd = shell_out!(selinuxenabled_path, returns: [0, 1]) case cmd.exitstatus when 1 - return false + false when 0 - return true + true else raise "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}" end diff --git a/lib/chef/version.rb b/lib/chef/version.rb index f46bb5554a..813ad3ee81 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -1,4 +1,4 @@ -# Copyright:: Copyright 2010-2018, Chef Software, Inc. +# Copyright:: Copyright 2010-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,7 +23,7 @@ require_relative "version_string" class Chef CHEF_ROOT = File.expand_path("../..", __FILE__) - VERSION = Chef::VersionString.new("15.5.9") + VERSION = Chef::VersionString.new("16.0.143") end # diff --git a/lib/chef/version_string.rb b/lib/chef/version_string.rb index c307509425..8da5df570a 100644 --- a/lib/chef/version_string.rb +++ b/lib/chef/version_string.rb @@ -13,131 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -class Chef - # String-like object for version strings. - # - # @since 13.2 - # @api internal - class VersionString < String - # Parsed version object for the string. - # @return [Gem::Version] - attr_reader :parsed_version - - # Create a new VersionString from an input String. - # - # @param val [String] Version string to parse. - def initialize(val) - super - @parsed_version = ::Gem::Version.create(self) - end - - # @!group Compat wrappers for String - - # Compat wrapper for + to behave like a normal String. - # - # @param other [String] - # @return [String] - def +(other) - to_s + other - end - - # Compat wrapper for * to behave like a normal String. - # - # @param other [Integer] - # @return [String] - def *(other) - to_s * other - end - - # @!group Comparison operators - - # Compare a VersionString to an object. If compared to another VersionString - # then sort like `Gem::Version`, otherwise try to treat the other object as - # a version but fall back to normal string comparison. - # - # @param other [Object] - # @return [Integer] - def <=>(other) - other_ver = case other - when VersionString - other.parsed_version - else - begin - Gem::Version.create(other.to_s) - rescue ArgumentError - # Comparing to a string that isn't a version. - return super - end - end - parsed_version <=> other_ver - end - - # Compat wrapper for == based on <=>. - # - # @param other [Object] - # @return [Boolean] - def ==(other) - (self <=> other) == 0 - end +require "chef-utils/version_string" - # Compat wrapper for != based on <=>. - # - # @param other [Object] - # @return [Boolean] - def !=(other) - (self <=> other) != 0 - end - - # Compat wrapper for < based on <=>. - # - # @param other [Object] - # @return [Boolean] - def <(other) - (self <=> other) < 0 - end - - # Compat wrapper for <= based on <=>. - # - # @param other [Object] - # @return [Boolean] - def <=(other) - (self <=> other) < 1 - end - - # Compat wrapper for > based on <=>. - # - # @param other [Object] - # @return [Boolean] - def >(other) - (self <=> other) > 0 - end - - # Compat wrapper for >= based on <=>. - # - # @param other [Object] - # @return [Boolean] - def >=(other) - (self <=> other) > -1 - end - - # @!group Matching operators - - # Matching operator to support checking against a requirement string. - # - # @param other [Regexp, String] - # @return [Boolean] - # @example Match against a Regexp - # Chef::VersionString.new('1.0.0') =~ /^1/ - # @example Match against a requirement - # Chef::VersionString.new('1.0.0') =~ '~> 1.0' - def =~(other) - case other - when Regexp - super - else - Gem::Requirement.create(other) =~ parsed_version - end - end - - end +class Chef + VersionString = ChefUtils::VersionString end diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb index b651283758..16671a9f6d 100644 --- a/lib/chef/win32/api/security.rb +++ b/lib/chef/win32/api/security.rb @@ -413,6 +413,11 @@ class Chef :Buffer, :PWSTR end + # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-lsa_enumeration_information + class LSA_ENUMERATION_INFORMATION < FFI::Struct + layout :Sid, :PSID + end + ffi_lib "advapi32" safe_attach_function :AccessCheck, %i{pointer HANDLE DWORD pointer pointer pointer pointer pointer}, :BOOL @@ -448,6 +453,7 @@ class Chef safe_attach_function :LookupPrivilegeDisplayNameW, %i{LPCWSTR LPCWSTR LPWSTR LPDWORD LPDWORD}, :BOOL safe_attach_function :LookupPrivilegeValueW, %i{LPCWSTR LPCWSTR PLUID}, :BOOL safe_attach_function :LsaAddAccountRights, %i{pointer pointer pointer ULONG}, :NTSTATUS + safe_attach_function :LsaEnumerateAccountsWithUserRight, %i{LSA_HANDLE PLSA_UNICODE_STRING PVOID PULONG}, :NTSTATUS safe_attach_function :LsaRemoveAccountRights, %i{pointer pointer BOOL pointer ULONG}, :NTSTATUS safe_attach_function :LsaClose, [ :LSA_HANDLE ], :NTSTATUS safe_attach_function :LsaEnumerateAccountRights, %i{LSA_HANDLE PSID PLSA_UNICODE_STRING PULONG}, :NTSTATUS diff --git a/lib/chef/win32/error.rb b/lib/chef/win32/error.rb index aa2ae94273..89cdb11a70 100644 --- a/lib/chef/win32/error.rb +++ b/lib/chef/win32/error.rb @@ -50,7 +50,7 @@ class Chef # Extract the string begin - return buffer.read_pointer.read_wstring(num_chars) + buffer.read_pointer.read_wstring(num_chars) ensure Chef::ReservedNames::Win32::Memory.local_free(buffer.read_pointer) end diff --git a/lib/chef/win32/file.rb b/lib/chef/win32/file.rb index 4fac3fe797..ccbff43f01 100644 --- a/lib/chef/win32/file.rb +++ b/lib/chef/win32/file.rb @@ -1,7 +1,7 @@ # # Author:: Seth Chisamore (<schisamo@chef.io>) -# Author:: Mark Mzyk (<mmzyk@ospcode.com>) -# Copyright:: Copyright 2011-2016, Chef Software Inc. +# Author:: Mark Mzyk (<mmzyk@chef.io>) +# Copyright:: Copyright 2011-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -166,14 +166,6 @@ class Chef VersionInfo.new(file_name) end - def self.verify_links_supported! - CreateSymbolicLinkW(nil) - rescue Chef::Exceptions::Win32APIFunctionNotImplemented => e - raise e - rescue Exception - # things are ok. - end - def self.file_access_check(path, desired_access) security_descriptor = Chef::ReservedNames::Win32::Security.get_file_security(path) token_rights = Chef::ReservedNames::Win32::Security::TOKEN_IMPERSONATE | diff --git a/lib/chef/win32/registry.rb b/lib/chef/win32/registry.rb index 90bc35143a..72be3c8a8d 100644 --- a/lib/chef/win32/registry.rb +++ b/lib/chef/win32/registry.rb @@ -154,7 +154,7 @@ class Chef return true end rescue ::Win32::Registry::Error => e - return false + false end end diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index 5b78b652eb..2c0f63684a 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -214,6 +214,41 @@ class Chef privileges end + def self.get_account_with_user_rights(privilege) + privilege_pointer = FFI::MemoryPointer.new LSA_UNICODE_STRING, 1 + privilege_lsa_string = LSA_UNICODE_STRING.new(privilege_pointer) + privilege_lsa_string[:Buffer] = FFI::MemoryPointer.from_string(privilege.to_wstring) + privilege_lsa_string[:Length] = privilege.length * 2 + privilege_lsa_string[:MaximumLength] = (privilege.length + 1) * 2 + + buffer = FFI::MemoryPointer.new(:pointer) + count = FFI::MemoryPointer.new(:ulong) + + accounts = [] + with_lsa_policy(nil) do |policy_handle, sid| + result = LsaEnumerateAccountsWithUserRight(policy_handle.read_pointer, privilege_pointer, buffer, count) + if result == 0 + win32_error = LsaNtStatusToWinError(result) + return [] if win32_error == 1313 # NO_SUCH_PRIVILEGE - https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--1300-1699- + + test_and_raise_lsa_nt_status(result) + + count.read_ulong.times do |i| + sid = LSA_ENUMERATION_INFORMATION.new(buffer.read_pointer + i * LSA_ENUMERATION_INFORMATION.size) + sid_name = lookup_account_sid(sid[:Sid]) + domain, name, use = sid_name + account_name = (!domain.nil? && domain.length > 0) ? "#{domain}\\#{name}" : name + accounts << account_name + end + end + + result = LsaFreeMemory(buffer.read_pointer) + test_and_raise_lsa_nt_status(result) + end + + accounts + end + def self.get_ace(acl, index) acl = acl.pointer if acl.respond_to?(:pointer) ace = FFI::Buffer.new :pointer @@ -616,18 +651,21 @@ class Chef end def self.with_lsa_policy(username) - sid = lookup_account_name(username)[1] + sid = lookup_account_name(username)[1] if username access = 0 access |= POLICY_CREATE_ACCOUNT access |= POLICY_LOOKUP_NAMES + access |= POLICY_VIEW_LOCAL_INFORMATION if username.nil? policy_handle = FFI::MemoryPointer.new(:pointer) result = LsaOpenPolicy(nil, LSA_OBJECT_ATTRIBUTES.new, access, policy_handle) test_and_raise_lsa_nt_status(result) + sid_pointer = username.nil? ? nil : sid.pointer + begin - yield policy_handle, sid.pointer + yield policy_handle, sid_pointer ensure result = LsaClose(policy_handle.read_pointer) test_and_raise_lsa_nt_status(result) diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index 13c8086a8e..fc2a5edad1 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/chef/omnibus - revision: 97490bb29fc5203d32d9475b044807ecad3ef7ef + revision: f389917504c20839ff9607df63fb2e59e2c31b52 branch: master specs: - omnibus (6.1.14) + omnibus (7.0.7) aws-sdk-s3 (~> 1) chef-cleanroom (~> 1.0) chef-sugar (>= 3.3) @@ -14,11 +14,11 @@ GIT ohai (>= 13, < 16) pedump ruby-progressbar (~> 1.7) - thor (~> 0.18) + thor (>= 0.18, < 2.0) GIT remote: https://github.com/chef/omnibus-software - revision: 53ab4169b691367dc16a317fca4426fb6563a65a + revision: c086d8057ac9a15486fe2010009db0dee1cea682 branch: master specs: omnibus-software (4.0.0) @@ -29,28 +29,28 @@ GEM specs: addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) - artifactory (3.0.5) + artifactory (3.0.12) awesome_print (1.8.0) aws-eventstream (1.0.3) - aws-partitions (1.240.0) - aws-sdk-core (3.77.0) + aws-partitions (1.281.0) + aws-sdk-core (3.91.0) aws-eventstream (~> 1.0, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.25.0) + aws-sdk-kms (1.30.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.54.0) - aws-sdk-core (~> 3, >= 3.77.0) + aws-sdk-s3 (1.61.0) + aws-sdk-core (~> 3, >= 3.83.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sigv4 (1.1.0) + aws-sigv4 (1.1.1) aws-eventstream (~> 1.0, >= 1.0.2) bcrypt_pbkdf (1.0.1) bcrypt_pbkdf (1.0.1-x64-mingw32) bcrypt_pbkdf (1.0.1-x86-mingw32) - berkshelf (7.0.8) + berkshelf (7.0.9) chef (>= 13.6.52) chef-config cleanroom (~> 1.0) @@ -63,12 +63,13 @@ GEM retryable (>= 2.0, < 4.0) solve (~> 4.0) thor (>= 0.20) - builder (3.2.3) - chef (15.2.20) + builder (3.2.4) + chef (15.8.23) addressable bcrypt_pbkdf (~> 1.0) bundler (>= 1.10) - chef-config (= 15.2.20) + chef-config (= 15.8.23) + chef-utils (= 15.8.23) chef-zero (>= 14.0.11) diff-lcs (~> 1.2, >= 1.2.4) ed25519 (~> 1.2) @@ -80,10 +81,10 @@ GEM iniparse (~> 1.4) license-acceptance (~> 1.0, >= 1.0.5) mixlib-archive (>= 0.4, < 2.0) - mixlib-authentication (~> 2.1) + mixlib-authentication (>= 2.1, < 4) mixlib-cli (>= 2.1.1, < 3.0) mixlib-log (>= 2.0.3, < 4.0) - mixlib-shellout (>= 2.4, < 4.0) + mixlib-shellout (>= 3.0.3, < 4.0) net-sftp (~> 2.1, >= 2.1.2) net-ssh (>= 4.2, < 6) net-ssh-multi (~> 1.2, >= 1.2.1) @@ -91,14 +92,16 @@ GEM plist (~> 3.2) proxifier (~> 1.0) syslog-logger (~> 1.6) - train-core (~> 2.0, >= 2.0.12) + train-core (~> 3.1) + train-winrm (>= 0.2.5) tty-screen (~> 0.6) uuidtools (~> 2.1.5) - chef (15.2.20-universal-mingw32) + chef (15.8.23-universal-mingw32) addressable bcrypt_pbkdf (~> 1.0) bundler (>= 1.10) - chef-config (= 15.2.20) + chef-config (= 15.8.23) + chef-utils (= 15.8.23) chef-zero (>= 14.0.11) diff-lcs (~> 1.2, >= 1.2.4) ed25519 (~> 1.2) @@ -111,10 +114,10 @@ GEM iso8601 (~> 0.12.1) license-acceptance (~> 1.0, >= 1.0.5) mixlib-archive (>= 0.4, < 2.0) - mixlib-authentication (~> 2.1) + mixlib-authentication (>= 2.1, < 4) mixlib-cli (>= 2.1.1, < 3.0) mixlib-log (>= 2.0.3, < 4.0) - mixlib-shellout (>= 2.4, < 4.0) + mixlib-shellout (>= 3.0.3, < 4.0) net-sftp (~> 2.1, >= 2.1.2) net-ssh (>= 4.2, < 6) net-ssh-multi (~> 1.2, >= 1.2.1) @@ -122,7 +125,8 @@ GEM plist (~> 3.2) proxifier (~> 1.0) syslog-logger (~> 1.6) - train-core (~> 2.0, >= 2.0.12) + train-core (~> 3.1) + train-winrm (>= 0.2.5) tty-screen (~> 0.6) uuidtools (~> 2.1.5) win32-api (~> 1.5.3) @@ -133,95 +137,98 @@ GEM win32-mmap (~> 0.4.1) win32-mutex (~> 0.4.2) win32-process (~> 0.8.2) - win32-service (>= 2.1.2, < 3.0) + win32-service (>= 2.1.5, < 3.0) win32-taskscheduler (~> 2.0) wmi-lite (~> 1.0) chef-cleanroom (1.0.2) - chef-config (15.2.20) + chef-config (15.8.23) addressable + chef-utils (= 15.8.23) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) tomlrb (~> 1.2) chef-sugar (5.1.9) - chef-zero (14.0.13) + chef-utils (15.8.23) + chef-zero (15.0.0) ffi-yajl (~> 2.2) - hashie (>= 2.0, < 4.0) + hashie (>= 2.0, < 5.0) mixlib-log (>= 2.0, < 4.0) rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) citrus (3.0.2) cleanroom (1.0.0) - concurrent-ruby (1.1.5) + concurrent-ruby (1.1.6) diff-lcs (1.3) ed25519 (1.2.4) equatable (0.6.1) erubi (1.9.0) erubis (2.7.0) - faraday (0.17.0) + faraday (1.0.0) multipart-post (>= 1.2, < 3) - ffi (1.11.2) - ffi (1.11.2-x64-mingw32) - ffi (1.11.2-x86-mingw32) - ffi-libarchive (0.4.10) + ffi (1.12.2) + ffi (1.12.2-x64-mingw32) + ffi (1.12.2-x86-mingw32) + ffi-libarchive (1.0.0) ffi (~> 1.0) ffi-win32-extensions (1.0.3) ffi - ffi-yajl (2.3.1) + ffi-yajl (2.3.3) libyajl2 (~> 1.2) fuzzyurl (0.9.0) gssapi (1.3.0) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hashie (3.6.0) + hashie (4.1.0) highline (1.7.10) httpclient (2.8.3) - iniparse (1.4.4) + inifile (3.0.0) + iniparse (1.5.0) iostruct (0.0.4) ipaddress (0.8.3) iso8601 (0.12.1) jmespath (1.4.0) - json (2.2.0) - kitchen-vagrant (1.6.0) + json (2.3.0) + kitchen-vagrant (1.6.1) test-kitchen (>= 1.4, < 3) libyajl2 (1.2.0) - license-acceptance (1.0.13) + license-acceptance (1.0.18) pastel (~> 0.7) tomlrb (~> 1.2) tty-box (~> 0.3) tty-prompt (~> 0.18) - license_scout (1.0.28) + license_scout (1.1.7) ffi-yajl (~> 2.2) - mixlib-shellout (~> 2.2) - toml-rb (~> 1.0) + mixlib-shellout (>= 2.2, < 4.0) + toml-rb (>= 1, < 3) little-plugger (1.1.4) logging (2.2.2) little-plugger (~> 1.1) multi_json (~> 1.10) minitar (0.9) - mixlib-archive (1.0.1) + mixlib-archive (1.0.5) mixlib-log - mixlib-archive (1.0.1-universal-mingw32) + mixlib-archive (1.0.5-universal-mingw32) mixlib-log - mixlib-authentication (2.1.1) - mixlib-cli (2.1.1) - mixlib-config (3.0.5) + mixlib-authentication (3.0.6) + mixlib-cli (2.1.5) + mixlib-config (3.0.6) tomlrb - mixlib-install (3.11.21) + mixlib-install (3.12.1) mixlib-shellout mixlib-versioning thor - mixlib-log (3.0.1) - mixlib-shellout (2.4.4) - mixlib-shellout (2.4.4-universal-mingw32) + mixlib-log (3.0.8) + mixlib-shellout (3.0.9) + mixlib-shellout (3.0.9-universal-mingw32) win32-process (~> 0.8.2) wmi-lite (~> 1.0) - mixlib-versioning (1.2.7) + mixlib-versioning (1.2.12) molinillo (0.6.6) multi_json (1.14.1) - multipart-post (2.0.0) - necromancer (0.5.0) + multipart-post (2.1.1) + necromancer (0.5.1) net-scp (2.0.0) net-ssh (>= 2.6.5, < 6.0.0) net-sftp (2.1.2) @@ -233,9 +240,10 @@ GEM net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) nori (2.6.0) - octokit (4.14.0) + octokit (4.17.0) + faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) - ohai (15.3.1) + ohai (15.7.4) chef-config (>= 12.8, < 16) ffi (~> 1.9) ffi-yajl (~> 2.2) @@ -250,29 +258,31 @@ GEM pastel (0.7.3) equatable (~> 0.6) tty-color (~> 0.5) - pedump (0.5.2) + pedump (0.5.4) awesome_print iostruct (>= 0.0.4) - multipart-post (~> 2.0.0) + multipart-post (>= 2.0.0) progressbar + rainbow zhexdump (>= 0.0.2) plist (3.5.0) progressbar (1.10.1) proxifier (1.0.3) - public_suffix (4.0.1) - rack (2.0.7) + public_suffix (4.0.3) + rack (2.2.2) + rainbow (3.0.0) retryable (3.0.5) ruby-progressbar (1.10.1) rubyntlm (0.6.2) - rubyzip (2.0.0) + rubyzip (2.2.0) sawyer (0.8.2) addressable (>= 2.3.5) faraday (> 0.8, < 2.0) semverse (3.0.0) - solve (4.0.2) + solve (4.0.3) molinillo (~> 0.6) semverse (>= 1.1, < 4.0) - strings (0.1.6) + strings (0.1.8) strings-ansi (~> 0.1) unicode-display_width (~> 1.5) unicode_utils (~> 1.4) @@ -280,7 +290,7 @@ GEM structured_warnings (0.4.0) syslog-logger (1.6.8) systemu (2.6.5) - test-kitchen (2.3.4) + test-kitchen (2.4.0) bcrypt_pbkdf (~> 1.0) ed25519 (~> 1.2) license-acceptance (~> 1.0, >= 1.0.11) @@ -294,36 +304,39 @@ GEM winrm-elevated (~> 1.0) winrm-fs (~> 1.1) thor (0.20.3) - toml-rb (1.1.2) + toml-rb (2.0.1) citrus (~> 3.0, > 3.0) - tomlrb (1.2.8) - train-core (2.1.19) + tomlrb (1.2.9) + train-core (3.2.23) + addressable (~> 2.5) + inifile (~> 3.0) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) net-scp (>= 1.2, < 3.0) net-ssh (>= 2.9, < 6.0) + train-winrm (0.2.6) winrm (~> 2.0) winrm-fs (~> 1.0) tty-box (0.5.0) pastel (~> 0.7.2) strings (~> 0.1.6) tty-cursor (~> 0.7) - tty-color (0.5.0) - tty-cursor (0.7.0) - tty-prompt (0.19.0) + tty-color (0.5.1) + tty-cursor (0.7.1) + tty-prompt (0.21.0) necromancer (~> 0.5.0) pastel (~> 0.7.0) - tty-reader (~> 0.6.0) - tty-reader (0.6.0) + tty-reader (~> 0.7.0) + tty-reader (0.7.0) tty-cursor (~> 0.7) tty-screen (~> 0.7) wisper (~> 2.0.0) - tty-screen (0.7.0) - unicode-display_width (1.6.0) + tty-screen (0.7.1) + unicode-display_width (1.7.0) unicode_utils (1.4.0) uuidtools (2.1.5) win32-api (1.5.3-universal-mingw32) - win32-certstore (0.3.0) + win32-certstore (0.4.0) ffi mixlib-shellout win32-dir (0.5.1) @@ -340,13 +353,13 @@ GEM win32-ipc (>= 0.6.0) win32-process (0.8.3) ffi (>= 1.0.0) - win32-service (2.1.4) + win32-service (2.1.5) ffi ffi-win32-extensions win32-taskscheduler (2.0.4) ffi structured_warnings - winrm (2.3.3) + winrm (2.3.4) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -355,7 +368,7 @@ GEM logging (>= 1.6.1, < 3.0) nori (~> 2.0) rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.1.2) + winrm-elevated (1.2.1) erubi (~> 1.8) winrm (~> 2.0) winrm-fs (~> 1.0) @@ -365,7 +378,7 @@ GEM rubyzip (~> 2.0) winrm (~> 2.0) wisper (2.0.1) - wmi-lite (1.0.2) + wmi-lite (1.0.5) zhexdump (0.0.2) PLATFORMS @@ -385,4 +398,4 @@ DEPENDENCIES winrm-fs (~> 1.0) BUNDLED WITH - 1.17.3 + 2.1.4 diff --git a/omnibus/README.md b/omnibus/README.md index 34e503519f..66bdb55448 100644 --- a/omnibus/README.md +++ b/omnibus/README.md @@ -58,7 +58,7 @@ $ bundle exec omnibus help ## Kitchen-based Build Environment -Every Omnibus project ships will a project-specific [Berksfile](https://docs.chef.io/berkshelf.html) that will allow you to build your omnibus projects on all of the projects listed in the `kitchen.yml`. You can add/remove additional platforms as needed by changing the list found in the `kitchen.yml` `platforms` YAML stanza. +Every Omnibus project ships will a project-specific [Berksfile](https://docs.chef.io/berkshelf/) that will allow you to build your omnibus projects on all of the projects listed in the `kitchen.yml`. You can add/remove additional platforms as needed by changing the list found in the `kitchen.yml` `platforms` YAML stanza. This build environment is designed to get you up-and-running quickly. However, there is nothing that restricts you to building on other platforms. Simply use the [omnibus cookbook](https://github.com/chef-cookbooks/omnibus) to setup your desired platform and execute the build steps listed above. diff --git a/omnibus/config/projects/chef.rb b/omnibus/config/projects/chef.rb index b3768a58a5..150dccb60e 100644 --- a/omnibus/config/projects/chef.rb +++ b/omnibus/config/projects/chef.rb @@ -70,6 +70,9 @@ end dependency "ruby-cleanup" +# further gem cleanup other projects might not yet want to use +dependency "more-ruby-cleanup" + package :rpm do signing_passphrase ENV["OMNIBUS_RPM_SIGNING_PASSPHRASE"] compression_level 1 @@ -84,7 +87,7 @@ end proj_to_work_around_cleanroom = self # wat voodoo hackery is this? package :pkg do identifier "com.getchef.pkg.#{proj_to_work_around_cleanroom.name}" - signing_identity "Developer ID Installer: Chef Software, Inc. (EU3VF8YLX2)" + signing_identity "Chef Software, Inc. (EU3VF8YLX2)" end compress :dmg diff --git a/omnibus/config/software/more-ruby-cleanup.rb b/omnibus/config/software/more-ruby-cleanup.rb new file mode 100644 index 0000000000..46bf36624b --- /dev/null +++ b/omnibus/config/software/more-ruby-cleanup.rb @@ -0,0 +1,113 @@ +# +# Copyright:: 2019-2020 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "fileutils" + +name "more-ruby-cleanup" + +skip_transitive_dependency_licensing true +license :project_license + +source path: "#{project.files_path}/#{name}" + +build do + block "Removing additional non-code files from installed gems" do + # find the embedded ruby gems dir and clean it up for globbing + target_dir = "#{install_dir}/embedded/lib/ruby/gems/*/gems".tr('\\', "/") + files = %w{ + .appveyor.yml + .autotest + .github + .kokoro + Appraisals + autotest/* + bench + benchmark + benchmarks + doc + doc-api + docs + donate.png + ed25519.png + example + examples + ext + frozen_old_spec + Gemfile.devtools + Gemfile.lock + Gemfile.travis + logo.png + man + rakelib + release-script.txt + sample + samples + site + test + tests + travis_build_script.sh + warning.txt + website + yard-template + minitest + INSTALL.txt + features + *Upgrade.md + vendor + *.blurb + autotest + VERSION + } + + Dir.glob(Dir.glob("#{target_dir}/*/{#{files.join(",")}}")).each do |f| + # chef stores the powershell dlls in the ext dir + next if File.basename(File.expand_path("..", f)).start_with?("chef-") + + puts "Deleting #{f}" + FileUtils.rm_rf(f) + end + end + + block "Removing Gemspec / Rakefile / Gemfile unless there's a bin dir / not a chef gem" do + # find the embedded ruby gems dir and clean it up for globbing + target_dir = "#{install_dir}/embedded/lib/ruby/gems/*/gems".tr('\\', "/") + files = %w{ + *.gemspec + Gemfile + Rakefile + tasks + } + + Dir.glob(Dir.glob("#{target_dir}/*/{#{files.join(",")}}")).each do |f| + # don't delete these files if there's a bin dir in the same dir or we're in a chef owned gem + next if Dir.exist?(File.join(File.dirname(f), "bin")) || File.basename(File.expand_path("..", f)).start_with?("chef-") + + puts "Deleting #{f}" + FileUtils.rm_rf(f) + end + end + + block "Removing spec dirs from non-Chef gems" do + Dir.glob(Dir.glob("#{install_dir}/embedded/lib/ruby/gems/*/gems/*/spec".tr('\\', "/"))).each do |f| + # if we're in a chef- gem then don't remove the specs + next if File.basename(File.expand_path("..", f)).start_with?("chef-") + + puts "Deleting #{f}" + FileUtils.rm_rf(f) + end + end +end diff --git a/omnibus/omnibus-test.ps1 b/omnibus/omnibus-test.ps1 index 4871ff0ec7..5585a97638 100644 --- a/omnibus/omnibus-test.ps1 +++ b/omnibus/omnibus-test.ps1 @@ -82,12 +82,17 @@ Get-Location # ffi-yajl must run in c-extension mode for perf, so force it so we don't accidentally fall back to ffi $Env:FORCE_FFI_YAJL = "ext" +# accept license +$Env:CHEF_LICENSE = "accept-no-persist" + # some tests need winrm configured winrm quickconfig -quiet bundle If ($lastexitcode -ne 0) { Exit $lastexitcode } -# chocolatey functional tests fail so disable that tag directly +# FIXME: we need to add back unit and integration tests here. we have no converage of those on e.g. AIX +# +# chocolatey functional tests fail so disable that tag directly <-- and this is a bug that needs fixing. bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o test.xml -f documentation --tag ~choco_installed spec/functional If ($lastexitcode -ne 0) { Exit $lastexitcode } diff --git a/omnibus/omnibus-test.sh b/omnibus/omnibus-test.sh index 69a4f0a5ef..0499d03b0b 100644 --- a/omnibus/omnibus-test.sh +++ b/omnibus/omnibus-test.sh @@ -152,6 +152,10 @@ elif [[ -d /usr/local/etc/sudoers.d ]]; then sudo chmod 440 "/usr/local/etc/sudoers.d/$(id -un)-preserve_path" fi +# accept license +CHEF_LICENSE=accept-no-persist + cd "$chef_gem" sudo -E bundle install +# FIXME: we need to add back unit and integration tests here. we have no converage of those on e.g. AIX sudo -E bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o test.xml -f documentation spec/functional diff --git a/omnibus/resources/chef/msi/localization-en-us.wxl.erb b/omnibus/resources/chef/msi/localization-en-us.wxl.erb index 254a3722ab..e6b055984f 100644 --- a/omnibus/resources/chef/msi/localization-en-us.wxl.erb +++ b/omnibus/resources/chef/msi/localization-en-us.wxl.erb @@ -38,5 +38,5 @@ <String Id="CustomizeDlgSecondRadioButtonText">Chef Infra Client Service</String> <String Id="CustomizeDlgThirdRadioButtonText">None</String> - <String Id="CustomizeDlgOptionsMsg">The installer can configure the Chef Infra Client to run periodically as either a scheduled task or a service. Using a scheduled task is recommended. For more information, see https://docs.chef.io/windows.html.</String> + <String Id="CustomizeDlgOptionsMsg">The installer can configure the Chef Infra Client to run periodically as either a scheduled task or a service. Using a scheduled task is recommended. For more information, see https://docs.chef.io/windows/.</String> </WixLocalization> diff --git a/omnibus/resources/chef/pkg/entitlements.plist b/omnibus/resources/chef/pkg/entitlements.plist new file mode 100644 index 0000000000..bb87459e76 --- /dev/null +++ b/omnibus/resources/chef/pkg/entitlements.plist @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> + <true/> + </dict> +</plist>
\ No newline at end of file diff --git a/omnibus_overrides.rb b/omnibus_overrides.rb index 81737b43e6..1243714975 100644 --- a/omnibus_overrides.rb +++ b/omnibus_overrides.rb @@ -3,9 +3,9 @@ # # NOTE: You MUST update omnibus-software when adding new versions of # software here: bundle exec rake dependencies:update_omnibus_gemfile_lock -override :rubygems, version: "3.0.3" # rubygems ships its own bundler which may differ from bundler defined below and then we get double bundler which results in performance issues / CLI warnings. Make sure these versions match before bumping either. -override :bundler, version: "1.17.2" # currently pinned to what ships in Ruby to prevent double bundler -override "libarchive", version: "3.4.0" +override :rubygems, version: "3.1.2" # pin to what ships in the ruby version +override :bundler, version: "2.1.2" # pin to what ships in the ruby version +override "libarchive", version: "3.4.2" override "libffi", version: "3.2.1" override "libiconv", version: "1.15" override "liblzma", version: "5.2.4" @@ -15,16 +15,16 @@ override "libxslt", version: "1.1.34" override "libyaml", version: "0.1.7" override "makedepend", version: "1.0.5" override "ncurses", version: "5.9" -override "nokogiri", version: "1.10.5" -override "openssl", version: "1.0.2t" +override "nokogiri", version: "1.11.0.rc1" +override "openssl", version: "1.0.2u" override "pkg-config-lite", version: "0.28-1" -override "ruby", version: "2.6.5" +override "ruby", version: "2.7.0" override "ruby-windows-devkit-bash", version: "3.1.23-4-msys-1.0.18" override "util-macros", version: "1.19.0" override "xproto", version: "7.0.28" override "zlib", version: "1.2.11" -# we build both a chef and ohai omnibus-software defintion which create the +# We build both chef and ohai omnibus-software definitions which creates the # chef-client and ohai binstubs. Out of the box the ohai definition uses whatever # is in master, which won't match what's in the Gemfile.lock and used by the chef # definition. This pin will ensure that ohai and chef-client commands use the diff --git a/scripts/bk_tests/bk_container_prep.sh b/scripts/bk_tests/bk_container_prep.sh index bf4711ec39..8c3bda15e0 100755 --- a/scripts/bk_tests/bk_container_prep.sh +++ b/scripts/bk_tests/bk_container_prep.sh @@ -1,14 +1,18 @@ # This script gets a container ready to run our various tests in BuildKite +echo "--- preparing..." + +export FORCE_FFI_YAJL="ext" +export CHEF_LICENSE="accept-no-persist" +export BUNDLE_GEMFILE="/workdir/Gemfile" + # make sure we have the network tools in place for various network specs if [ -f /etc/debian_version ]; then - apt-get update -y && apt-get install -y net-tools iproute2 touch /etc/network/interfaces -elif [ -f /etc/redhat-release ]; then - yum install -y net-tools fi # make sure we have the omnibus_overrides specified version of rubygems / bundler +echo "--- Install proper rubygems / bundler" gem update --system $(grep rubygems omnibus_overrides.rb | cut -d'"' -f2) gem --version gem uninstall bundler -a -x || true @@ -16,6 +20,4 @@ gem install bundler -v $(grep :bundler omnibus_overrides.rb | cut -d'"' -f2) bundle --version rm -f .bundle/config -# force all .rspec tests into progress display to reduce line count -echo --color > .rspec -echo -fp >> .rspec +echo +++ testing diff --git a/scripts/bk_tests/bk_linux_exec.sh b/scripts/bk_tests/bk_linux_exec.sh index d08bcf38c6..e74f598d40 100755 --- a/scripts/bk_tests/bk_linux_exec.sh +++ b/scripts/bk_tests/bk_linux_exec.sh @@ -1,6 +1,7 @@ #!/bin/bash # Enable IPv6 in docker +echo "--- Enabling ipv6 on docker" sudo systemctl stop docker echo "Enabling IPv6 in Docker config" dockerd_config="/etc/docker/daemon.json" @@ -12,9 +13,11 @@ docker version sudo service docker status # Install C and C++ +echo "--- Installing package deps" sudo yum install -y gcc gcc-c++ openssl-devel readline-devel zlib-devel # Install omnibus-toolchain for git bundler and gem +echo "--- Installing omnibus toolchain" curl -fsSL https://chef.io/chef/install.sh | sudo bash -s -- -P omnibus-toolchain # Set Environment Variables diff --git a/scripts/bk_tests/bk_run_choco.ps1 b/scripts/bk_tests/bk_run_choco.ps1 index 1d4b87a73a..5360cc4914 100644 --- a/scripts/bk_tests/bk_run_choco.ps1 +++ b/scripts/bk_tests/bk_run_choco.ps1 @@ -3,7 +3,23 @@ $Properties = 'Caption', 'CSName', 'Version', 'BuildType', 'OSArchitecture' Get-CimInstance Win32_OperatingSystem | Select-Object $Properties | Format-Table -AutoSize choco --version + +echo "--- update bundler and rubygems" + ruby -v + +$env:RUBYGEMS_VERSION=$(findstr rubygems omnibus_overrides.rb | %{ $_.split(" ")[3] }) +$env:BUNDLER_VERSION=$(findstr bundler omnibus_overrides.rb | %{ $_.split(" ")[3] }) + +$env:RUBYGEMS_VERSION=($env:RUBYGEMS_VERSION -replace '"', "") +$env:BUNDLER_VERSION=($env:BUNDLER_VERSION -replace '"', "") + +echo $env:RUBYGEMS_VERSION +echo $env:BUNDLER_VERSION + +gem update --system $env:RUBYGEMS_VERSION +gem --version +gem install bundler -v $env:BUNDLER_VERSION --force --no-document --quiet bundle --version echo "--- bundle install" @@ -12,4 +28,4 @@ bundle install --jobs=3 --retry=3 --without omnibus_package docgen chefstyle echo "+++ bundle exec rspec chocolatey_package_spec" bundle exec rspec spec/functional/resource/chocolatey_package_spec.rb -exit $LASTEXITCODE
\ No newline at end of file +exit $LASTEXITCODE diff --git a/scripts/bk_tests/bk_win_functional.ps1 b/scripts/bk_tests/bk_win_functional.ps1 index 3cca7a7fff..6bf33650ab 100644 --- a/scripts/bk_tests/bk_win_functional.ps1 +++ b/scripts/bk_tests/bk_win_functional.ps1 @@ -5,16 +5,11 @@ Get-CimInstance Win32_OperatingSystem | Select-Object $Properties | Format-Table # chocolatey functional tests fail so delete the chocolatey binary to avoid triggering them Remove-Item -Path C:\ProgramData\chocolatey\bin\choco.exe -ErrorAction SilentlyContinue -# -# Software Languages -# - -# Install Ruby + Devkit +echo "--- install ruby + devkit" $ErrorActionPreference = 'Stop' echo "Downloading Ruby + DevKit" -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -(New-Object System.Net.WebClient).DownloadFile('https://github.com/oneclick/rubyinstaller2/releases/download/RubyInstaller-2.6.5-1/rubyinstaller-devkit-2.6.5-1-x64.exe', 'c:\\rubyinstaller-devkit-2.6.5-1-x64.exe') +aws s3 cp s3://public-cd-buildkite-cache/rubyinstaller-devkit-2.6.5-1-x64.exe c:/rubyinstaller-devkit-2.6.5-1-x64.exe echo "Installing Ruby + DevKit" Start-Process c:\rubyinstaller-devkit-2.6.5-1-x64.exe -ArgumentList '/verysilent /dir=C:\\ruby26' -Wait @@ -26,8 +21,26 @@ echo "Closing out the layer (this can take awhile)" # Set-Item -Path Env:Path -Value to include ruby26 $Env:Path+=";C:\ruby26\bin" +echo "--- configure winrm" + winrm quickconfig -q + +echo "--- update bundler and rubygems" + ruby -v + +$env:RUBYGEMS_VERSION=$(findstr rubygems omnibus_overrides.rb | %{ $_.split(" ")[3] }) +$env:BUNDLER_VERSION=$(findstr bundler omnibus_overrides.rb | %{ $_.split(" ")[3] }) + +$env:RUBYGEMS_VERSION=($env:RUBYGEMS_VERSION -replace '"', "") +$env:BUNDLER_VERSION=($env:BUNDLER_VERSION -replace '"', "") + +echo $env:RUBYGEMS_VERSION +echo $env:BUNDLER_VERSION + +gem update --system $env:RUBYGEMS_VERSION +gem --version +gem install bundler -v $env:BUNDLER_VERSION --force --no-document --quiet bundle --version echo "--- bundle install" @@ -36,4 +49,4 @@ bundle install --jobs=3 --retry=3 --without omnibus_package docgen chefstyle echo "+++ bundle exec rake spec:functional" bundle exec rake spec:functional -exit $LASTEXITCODE
\ No newline at end of file +exit $LASTEXITCODE diff --git a/scripts/bk_tests/bk_win_integration.ps1 b/scripts/bk_tests/bk_win_integration.ps1 index 546a9fbb91..36a6ea2ea9 100644 --- a/scripts/bk_tests/bk_win_integration.ps1 +++ b/scripts/bk_tests/bk_win_integration.ps1 @@ -7,7 +7,22 @@ $Env:Path="C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;C:\ruby winrm quickconfig -q +echo "--- update bundler and rubygems" + ruby -v + +$env:RUBYGEMS_VERSION=$(findstr rubygems omnibus_overrides.rb | %{ $_.split(" ")[3] }) +$env:BUNDLER_VERSION=$(findstr bundler omnibus_overrides.rb | %{ $_.split(" ")[3] }) + +$env:RUBYGEMS_VERSION=($env:RUBYGEMS_VERSION -replace '"', "") +$env:BUNDLER_VERSION=($env:BUNDLER_VERSION -replace '"', "") + +echo $env:RUBYGEMS_VERSION +echo $env:BUNDLER_VERSION + +gem update --system $env:RUBYGEMS_VERSION +gem --version +gem install bundler -v $env:BUNDLER_VERSION --force --no-document --quiet bundle --version echo "--- bundle install" @@ -16,4 +31,4 @@ bundle install --jobs=3 --retry=3 --without omnibus_package docgen chefstyle echo "+++ bundle exec rake spec:integration" bundle exec rake spec:integration -exit $LASTEXITCODE
\ No newline at end of file +exit $LASTEXITCODE diff --git a/scripts/bk_tests/bk_win_unit.ps1 b/scripts/bk_tests/bk_win_unit.ps1 index 48ad3fe283..4e07179a35 100644 --- a/scripts/bk_tests/bk_win_unit.ps1 +++ b/scripts/bk_tests/bk_win_unit.ps1 @@ -1,7 +1,23 @@ echo "--- system details" $Properties = 'Caption', 'CSName', 'Version', 'BuildType', 'OSArchitecture' Get-CimInstance Win32_OperatingSystem | Select-Object $Properties | Format-Table -AutoSize + +echo "--- update bundler and rubygems" + ruby -v + +$env:RUBYGEMS_VERSION=$(findstr rubygems omnibus_overrides.rb | %{ $_.split(" ")[3] }) +$env:BUNDLER_VERSION=$(findstr bundler omnibus_overrides.rb | %{ $_.split(" ")[3] }) + +$env:RUBYGEMS_VERSION=($env:RUBYGEMS_VERSION -replace '"', "") +$env:BUNDLER_VERSION=($env:BUNDLER_VERSION -replace '"', "") + +echo $env:RUBYGEMS_VERSION +echo $env:BUNDLER_VERSION + +gem update --system $env:RUBYGEMS_VERSION +gem --version +gem install bundler -v $env:BUNDLER_VERSION --force --no-document --quiet bundle --version echo "--- bundle install" @@ -11,4 +27,4 @@ echo "+++ bundle exec rake" bundle exec rake spec:unit bundle exec rake component_specs -exit $LASTEXITCODE
\ No newline at end of file +exit $LASTEXITCODE diff --git a/spec/data/cookbooks/apache2/metadata.json b/spec/data/cookbooks/apache2/metadata.json new file mode 100644 index 0000000000..18f5e50bb3 --- /dev/null +++ b/spec/data/cookbooks/apache2/metadata.json @@ -0,0 +1,33 @@ +{ + "name": "apache2", + "description": "", + "long_description": "", + "maintainer": "", + "maintainer_email": "", + "license": "All rights reserved", + "platforms": { + + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "0.0.1", + "source_url": "", + "issues_url": "", + "privacy": false, + "chef_versions": [ + + ], + "ohai_versions": [ + + ], + "gems": [ + + ] +} diff --git a/spec/data/cookbooks/java/metadata.json b/spec/data/cookbooks/java/metadata.json new file mode 100644 index 0000000000..9d46842f3c --- /dev/null +++ b/spec/data/cookbooks/java/metadata.json @@ -0,0 +1,33 @@ +{ + "name": "java", + "description": "", + "long_description": "", + "maintainer": "", + "maintainer_email": "", + "license": "All rights reserved", + "platforms": { + + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "0.0.1", + "source_url": "", + "issues_url": "", + "privacy": false, + "chef_versions": [ + + ], + "ohai_versions": [ + + ], + "gems": [ + + ] +} diff --git a/spec/data/cookbooks/starter/recipes/default.rb b/spec/data/cookbooks/starter/recipes/default.rb index c48b9a4fca..4b5f712879 100644 --- a/spec/data/cookbooks/starter/recipes/default.rb +++ b/spec/data/cookbooks/starter/recipes/default.rb @@ -1,4 +1,4 @@ # This is a Chef recipe file. It can be used to specify resources which will # apply configuration to a server. -# For more information, see the documentation: https://docs.chef.io/essentials_cookbook_recipes.html +# For more information, see the documentation: https://docs.chef.io/recipes/ diff --git a/spec/data/windows_certificates/base64_test.cer b/spec/data/windows_certificates/base64_test.cer index 0d90bf81e3..763216f86a 100644 --- a/spec/data/windows_certificates/base64_test.cer +++ b/spec/data/windows_certificates/base64_test.cer @@ -1,22 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQNH6iXZnEKbFOEQ7D9f9iCTANBgkqhkiG9w0BAQsFADBK -MSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0ZTEjMCEGCSqGSIb3 -DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wHhcNMTkwMjEyMDk1ODM2WhcNMjAw -MjEyMTAxODM2WjBKMSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0 -ZTEjMCEGCSqGSIb3DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSy2Qlf2k1X3y/YgEjnvD0K8NeKgXKKi62 -RHRMTJ2+6KSg+I1MqHZC+BVrfzehuJVby5kM7tGLF8FvM3q7X/5oSPg8pvLZzIV0 -pBrpVPCTYw8fnlmFKBt/+m2XOqsWyL59yP+p66SHAKmoLYTGu8dkGvgJn3dwKNen -VFmwadteVfKs2wFW/ZwUxH4aLloCa8KSyqstIXrYQmdqqFOSuEgkynalD19dozSv -QtkQ9FZPuFGDwNpdO7OrcjE1lTUlzuth7CqV/pj4GYJhK/PPtO8Ing/BtwZm5XB8 -2yvvLVnL7Y/hikg2ENKA9fOYk52zR/kkd7d8qoJva7WlYEXTZvpdAgMBAAGjcDBu -MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw -HgYDVR0RBBcwFYITd3d3LnRlc3RieXJzcGVjLmNvbTAdBgNVHQ4EFgQUuL1l247K -h+cVH9LehmQgXuV8F6MwDQYJKoZIhvcNAQELBQADggEBAMTJW5tSZ/g2AP45EUwj -PLDnDLY4YnsJDQ7Jo58EAY6givUc+ZnKRWxYAYNBOKcqDM5E4pXi3Fa1lKYR1vMu -5AThPaDXhv18ljGAs21MYt9hl7PqdzbfX4ejF+jCD4UrE8bGtxuDc1WQ2HbeJtdj -0j7BPPNXfcvPAIyX3BEOQFUPgvVAqzWMQLpdUKg+sNUJZijqKQv11xVALGHtxqGB -1MFrdl6D/idODfhcdo2n1tBMyOGhHwEOBLqB1PTH72g5J4BVx4iwH/gh8PRmMy0P -eJkNspgOBGPOhNpe7bhmK45MBuJpmjyl/CYCqtQvaEdpbuRQIgc2e+YRMfR71qYp -Em8= +MIIDQTCCAimgAwIBAgIQPAc5ZRAOLL1PCvdo8CoWDTANBgkqhkiG9w0BAQsFADAh +MR8wHQYDVQQDDBZ3d3cuZHVtbXljaGVmdGVzdHMuY29tMCAXDTIwMDMwNjEyMDUz +MVoYDzI4OTkxMjMxMTgzMDAwWjAhMR8wHQYDVQQDDBZ3d3cuZHVtbXljaGVmdGVz +dHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uZ0V5zobMQm +JPtZxt4vYtL/As7U6sUBVe9oR9OCYvyIDmpuPcNnrJ26L+iu2W5Kd+840Dv6tHS4 +yOV07bYBU+nVHiCdEn/K7Q5ITv/8uXv39dvlSuSrIn4P+I2vhSQjIy/B94QPD/xE +dD0WDym1ySY2zQsL4T+yKoaXc5tiBoWBwAdl6/RiXeOm2kBXhIDcW4MLlB0BXtDJ +l7syB30mOvNsQT6UlymI1q7fpsaPBTo8V3lUWooVVmQciiYquoD34gq7XpdGQOLJ +V7aSIch1BoQyeQJfWsKzv/R5yzAzw+2zeRf301USunBXwhoac/Sx4xrJxjRknGTs +7tsCNQUmRQIDAQABo3MwcTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB +BQUHAwIGCCsGAQUFBwMBMCEGA1UdEQQaMBiCFnd3dy5kdW1teWNoZWZ0ZXN0cy5j +b20wHQYDVR0OBBYEFGQa7l1ZPNbhj0s64g1/nyY+xULdMA0GCSqGSIb3DQEBCwUA +A4IBAQCS3chRs1LUvlq7Hj1kx3CtAhjTE75eEWz8wzWZ+DGppGnMUQg0vwrw7JPd +s3ODAFor62J97Fmb1sQ9/lSGan0CwBtCMqzHr3hoKbpVR9aFKu/Kt21zE4pEvFgZ +NVrxOFofmZ072VRdRpRK3RcnV58I02Xyb+5VR8lTbHpIsUOj+i9+y5ZuuOXoRDpI +G+AdIAfvcBbshPkI62gSFvBUdic0fcMVPZ5rFWaDjW2XFXZ6s/e5mPHNjpGpSZy7 +2y9ku9kB6ywBQXx9U21DBoIDxfprSylQGxtUuXaeCwnRvpT0Ifto5/KaeH4IzJQq +ZYGdPzBO7WBpk/AsO6buw3kQ9M5h -----END CERTIFICATE----- diff --git a/spec/data/windows_certificates/othertest.cer b/spec/data/windows_certificates/othertest.cer Binary files differindex 353f792252..f4ff69eb08 100644 --- a/spec/data/windows_certificates/othertest.cer +++ b/spec/data/windows_certificates/othertest.cer diff --git a/spec/data/windows_certificates/test.cer b/spec/data/windows_certificates/test.cer Binary files differindex 0f32d742c1..1c358b5035 100644 --- a/spec/data/windows_certificates/test.cer +++ b/spec/data/windows_certificates/test.cer diff --git a/spec/data/windows_certificates/test.p7b b/spec/data/windows_certificates/test.p7b Binary files differindex cf8cfae58c..bd46d5eccd 100644 --- a/spec/data/windows_certificates/test.p7b +++ b/spec/data/windows_certificates/test.p7b diff --git a/spec/data/windows_certificates/test.pem b/spec/data/windows_certificates/test.pem index cfbec5d188..1c358b5035 100644 --- a/spec/data/windows_certificates/test.pem +++ b/spec/data/windows_certificates/test.pem @@ -1,21 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDgDCCAmigAwIBAgIQEyXvJXC8z6lBIxwnT7/d5jANBgkqhkiG9w0BAQsFADBD -MRwwGgYDVQQDDBNBIER1bW15IENlcnRpZmljYXRlMSMwIQYJKoZIhvcNAQkBFhR0 -ZXN0Ynlyc3BlY0BjaGVmLmNvbTAeFw0xOTAxMjMxODEzNTBaFw0yMDAxMjMxODMz -NTBaMEMxHDAaBgNVBAMME0EgRHVtbXkgQ2VydGlmaWNhdGUxIzAhBgkqhkiG9w0B -CQEWFHRlc3RieXJzcGVjQGNoZWYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA1IPsH+S+HKVsJJDuHsqgSQnWAWp7SsBqwnx/t/NZAM6g41mbwafP -EZixFB5G6VAIiUosHcLhFwz00uPwVZIDND1Ez4TxACraF0iJQpy2kmriDq449ccu -fn/d8k417Vj0Hm7mcNpv6uaQrjYhIYFHXKV5aQS/OROQGvwFuWe56uJI25ua9lWR -8yBR621bgn6oW7elBZ8YDQAH88Y0LNo15FBeL2IDUXHBajEfkIRDE3BH+8zcuK4g -RnRJYBBkzFCXvTXLcRyr1zXaow31TeECrUdPGgBO+nTpLqWYWTylAv36C1nMYBn2 -5ItKAsswVEpQMIeQ5ysfaab0Ei3DRZIEjQIDAQABo3AwbjAOBgNVHQ8BAf8EBAMC -BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB4GA1UdEQQXMBWCE3d3 -dy50ZXN0Ynlyc3BlYy5jb20wHQYDVR0OBBYEFMeiyQLCtZBHbmVnvCkoDnRkR+tB -MA0GCSqGSIb3DQEBCwUAA4IBAQA1hy2yADJ9ULaQMduBt0PiVKP+UKD87OQj0pJK -vFE7WVSxWaphA4XS15hityJt4eHmGF8R6tNxip7eS2mloGGMguijslqvQLICeeCN -/7Ov9CsJJG3R8xVrbEZkPExUbV8swJX68GoVxPi4nSj2TFhizBScaOKLedzIXtv5 -hGSXpl3RfETckTq1wmIVEQE9CUoWkea74zvGc5wXTi3r2ZZxof6olGELqT8W/jyT -vSzUDIC0iwuSVS0AyonBlAnA34ak3Q6a0RCZGK3l1IYz6Cb1JbHHpuCDZPPHooBi -Hbd+SuvfCH9DLgDFJCAOg+X7WCMQAoy9gCY8Ne5oBTYyjmCz +MIIDQTCCAimgAwIBAgIQX3zqNCJbsKlEvzCz3Z9aNDANBgkqhkiG9w0BAQsFADAh +MR8wHQYDVQQDDBZ3d3cuZHVtbXljaGVmdGVzdHMuY29tMCAXDTIwMDMwNTEwMjcw +NVoYDzIxMjAwMzA1MTAzNzA2WjAhMR8wHQYDVQQDDBZ3d3cuZHVtbXljaGVmdGVz +dHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuYKDb6woWIH +HPPOrcVpgJFVxbkjgk+tsYwbIiqR9jtRaKE6nM/awOgn9/dFF4k8KB8Em0sUx7Vq +J3YhK2N2cAacgP2Frqqf5znpNBBOg968RoZzGx0EiXFvLsqC4y8ggApWTbMXPRk4 +1a7GlpUpSqI3y5cLeEbzwGQKu8I1I+v7P2fTlnJPHarM7sBbL8bieukkFHYu78iV +u1wpKOCCfs5DTmJu8WN+z1Mar9vyrWMBlt2wBBgNHPz5mcXUzJHTzaI/D9RGgBgF +V0IkNqISx/IzR62jjj2g6MgTH4G/0mM6O5sxduM4yGmWZNZpVzh0yMLgH619MZlj +SMQIN3U/SQIDAQABo3MwcTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB +BQUHAwIGCCsGAQUFBwMBMCEGA1UdEQQaMBiCFnd3dy5kdW1teWNoZWZ0ZXN0cy5j +b20wHQYDVR0OBBYEFHwS3gs03m6RcpR+66u4OqGiZdYnMA0GCSqGSIb3DQEBCwUA +A4IBAQCFHqMjHUfBZahIsKHQIcFCbC1NFh1ZHlJKZzrRBRwRzX19OttHGMyLpDd6 +tM9Ac6LLR8S4QIWg+HF3IrkN+vfTRDZAccj+tIwBRstmdsEz/rAJ79Vb/00mXZQx +0FPiBDR3hE7On2oo24DU8kJP3v6TrunwtIomVGqrrkwZzvxqyW+WJMB2shGNFw5J +mKYBiiXsHl4Bi7V4zhXssrLp877sqpNLeXloXBmAlT39SwQTP9ImZaV5R6udqlvo +Gfgm5PH/WeK6MV3n5ik0v1rS0LwR2o82WlIB6a4iSEbzY3qSLsWOwt8o5QjAVzCR +tNdbdS3U8nrG73iA2clmF57ARQWC -----END CERTIFICATE----- diff --git a/spec/data/windows_certificates/test.pfx b/spec/data/windows_certificates/test.pfx Binary files differindex c774e12efd..2c208bf7c6 100644 --- a/spec/data/windows_certificates/test.pfx +++ b/spec/data/windows_certificates/test.pfx diff --git a/spec/functional/event_loggers/windows_eventlog_spec.rb b/spec/functional/event_loggers/windows_eventlog_spec.rb index d6c4c481f3..5d66386b36 100644 --- a/spec/functional/event_loggers/windows_eventlog_spec.rb +++ b/spec/functional/event_loggers/windows_eventlog_spec.rb @@ -49,7 +49,7 @@ describe Chef::EventLoggers::WindowsEventLogger, :windows_only do logger.run_start(version, run_status) expect(event_log.read(flags, offset).any? do |e| - e.source == Chef::Dist::PRODUCT && e.event_id == 10000 && + e.source == Chef::Dist::SHORT && e.event_id == 10000 && e.string_inserts[0].include?(version) end ).to be_truthy end @@ -58,7 +58,7 @@ describe Chef::EventLoggers::WindowsEventLogger, :windows_only do logger.run_started(run_status) expect(event_log.read(flags, offset).any? do |e| - e.source == Chef::Dist::PRODUCT && e.event_id == 10001 && + e.source == Chef::Dist::SHORT && e.event_id == 10001 && e.string_inserts[0].include?(run_id) end ).to be_truthy end @@ -68,7 +68,7 @@ describe Chef::EventLoggers::WindowsEventLogger, :windows_only do logger.run_completed(node) expect(event_log.read(flags, offset).any? do |e| - e.source == Chef::Dist::PRODUCT && e.event_id == 10002 && + e.source == Chef::Dist::SHORT && e.event_id == 10002 && e.string_inserts[0].include?(run_id) && e.string_inserts[1].include?(elapsed_time.to_s) end).to be_truthy @@ -79,7 +79,7 @@ describe Chef::EventLoggers::WindowsEventLogger, :windows_only do logger.run_failed(mock_exception) expect(event_log.read(flags, offset).any? do |e| - e.source == Chef::Dist::PRODUCT && e.event_id == 10003 && + e.source == Chef::Dist::SHORT && e.event_id == 10003 && e.string_inserts[0].include?(run_id) && e.string_inserts[1].include?(elapsed_time.to_s) && e.string_inserts[2].include?(mock_exception.class.name) && @@ -93,7 +93,7 @@ describe Chef::EventLoggers::WindowsEventLogger, :windows_only do logger.run_failed(mock_exception) expect(event_log.read(flags, offset).any? do |e| - e.source == Chef::Dist::PRODUCT && e.event_id == 10003 && + e.source == Chef::Dist::SHORT && e.event_id == 10003 && e.string_inserts[0].include?("UNKNOWN") && e.string_inserts[1].include?("UNKNOWN") && e.string_inserts[2].include?(mock_exception.class.name) && diff --git a/spec/functional/resource/powershell_script_spec.rb b/spec/functional/resource/powershell_script_spec.rb index 74ece0d33c..32a128ac72 100644 --- a/spec/functional/resource/powershell_script_spec.rb +++ b/spec/functional/resource/powershell_script_spec.rb @@ -55,8 +55,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "returns the exit status 27 for a powershell script that exits with 27" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - file = Tempfile.new(["foo", ".ps1"]) begin file.write "exit 27" @@ -73,7 +71,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do let (:negative_exit_status) { -27 } let (:unsigned_exit_status) { (-negative_exit_status ^ 65535) + 1 } it "returns the exit status -27 as a signed integer or an unsigned 16-bit 2's complement value of 65509 for a powershell script that exits with -27" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? # Versions of PowerShell prior to 4.0 return a 16-bit unsigned value -- # PowerShell 4.0 and later versions return a 32-bit signed value. @@ -98,8 +95,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "returns the process exit code" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code(arbitrary_nonzero_process_exit_code_content) resource.returns(arbitrary_nonzero_process_exit_code) resource.run_action(:run) @@ -118,34 +113,24 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "returns 1 if the last command was a cmdlet that failed" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code(cmdlet_exit_code_not_found_content) resource.returns(1) resource.run_action(:run) end it "returns 1 if the last command was a cmdlet that failed and was preceded by a successfully executed non-cmdlet Windows binary" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code([windows_process_exit_code_success_content, cmdlet_exit_code_not_found_content].join(";")) resource.returns(1) expect { resource.run_action(:run) }.not_to raise_error end it "raises a Mixlib::ShellOut::ShellCommandFailed error if the script is not syntactically correct" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code("if({)") resource.returns(0) expect { resource.run_action(:run) }.to raise_error(Mixlib::ShellOut::ShellCommandFailed) end it "raises an error if the script is not syntactically correct even if returns is set to 1 which is what powershell.exe returns for syntactically invalid scripts" do - # This test fails because shell_out expects the exit status to be 1, but it is actually 0 - # The error is a false-positive. - skip "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code("if({)") resource.returns(1) expect { resource.run_action(:run) }.to raise_error(Mixlib::ShellOut::ShellCommandFailed) @@ -160,32 +145,24 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do # errors than 0 or 1, we return that instead, which is acceptable # since callers can test for nonzero rather than testing for 1. it "returns 1 if the last command was a cmdlet that failed and was preceded by an unsuccessfully executed non-cmdlet Windows binary" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code([arbitrary_nonzero_process_exit_code_content, cmdlet_exit_code_not_found_content].join(";")) resource.returns(arbitrary_nonzero_process_exit_code) resource.run_action(:run) end it "returns 0 if the last command was a non-cmdlet Windows binary that succeeded and was preceded by a failed cmdlet" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code([cmdlet_exit_code_success_content, arbitrary_nonzero_process_exit_code_content].join(";")) resource.returns(arbitrary_nonzero_process_exit_code) resource.run_action(:run) end it "returns a specific error code if the last command was a non-cmdlet Windows binary that failed and was preceded by cmdlet that succeeded" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code([cmdlet_exit_code_success_content, arbitrary_nonzero_process_exit_code_content].join(";")) resource.returns(arbitrary_nonzero_process_exit_code) resource.run_action(:run) end it "returns a specific error code if the last command was a non-cmdlet Windows binary that failed and was preceded by cmdlet that failed" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code([cmdlet_exit_code_not_found_content, arbitrary_nonzero_process_exit_code_content].join(";")) resource.returns(arbitrary_nonzero_process_exit_code) resource.run_action(:run) @@ -204,8 +181,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "returns 1 for $false as the last line of the script when convert_boolean_return is true" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.convert_boolean_return true resource.code "$false" resource.returns(1) @@ -245,8 +220,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "returns 1 if an invalid flag is passed to the interpreter" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.code(cmdlet_exit_code_success_content) resource.flags(invalid_powershell_interpreter_flag) resource.returns(1) @@ -318,7 +291,7 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do expect(source_contains_case_insensitive_content?( get_script_output, "AMD64" )).to eq(true) end - it "executes a script with a 32-bit process if :i386 arch is specified", :not_supported_on_nano do + it "executes a script with a 32-bit process if :i386 arch is specified" do resource.code(processor_architecture_script_content + " | out-file -encoding ASCII #{script_output_path}") resource.architecture(:i386) resource.returns(0) @@ -326,12 +299,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do expect(source_contains_case_insensitive_content?( get_script_output, "x86" )).to eq(true) end - - it "raises an error when executing a script with a 32-bit process on Windows Nano Server", :windows_nano_only do - resource.code(processor_architecture_script_content + " | out-file -encoding ASCII #{script_output_path}") - expect { resource.architecture(:i386) }.to raise_error(Chef::Exceptions::Win32ArchitectureIncorrect, - "cannot execute script with requested architecture 'i386' on Windows Nano Server") - end end describe "when executing guards" do @@ -385,8 +352,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a powershell $false for a not_if block as true" do - pending "powershell.exe always exits with $true on nano" if Chef::Platform.windows_nano_server? - resource.not_if "$false" expect(resource.should_skip?(:run)).to be_falsey end @@ -397,8 +362,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a powershell $false for an only_if block as false" do - pending "powershell.exe always exits with $true on nano" if Chef::Platform.windows_nano_server? - resource.only_if "$false" expect(resource.should_skip?(:run)).to be_truthy end @@ -419,8 +382,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a non-zero powershell exit status for not_if as true" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.not_if "exit 37" expect(resource.should_skip?(:run)).to be_falsey end @@ -431,8 +392,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a failed executable exit status for not_if as false" do - pending "powershell.exe always exits with success on nano" if Chef::Platform.windows_nano_server? - resource.not_if windows_process_exit_code_not_found_content expect(resource.should_skip?(:run)).to be_falsey end @@ -443,8 +402,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a failed executable exit status for only_if as false" do - pending "powershell.exe always exits with success on nano" if Chef::Platform.windows_nano_server? - resource.only_if windows_process_exit_code_not_found_content expect(resource.should_skip?(:run)).to be_truthy end @@ -455,8 +412,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a failed cmdlet exit status for not_if as true" do - pending "powershell.exe always exits with success on nano" if Chef::Platform.windows_nano_server? - resource.not_if "throw 'up'" expect(resource.should_skip?(:run)).to be_falsey end @@ -467,8 +422,6 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a failed cmdlet exit status for only_if as false" do - pending "powershell.exe always exits with success on nano" if Chef::Platform.windows_nano_server? - resource.only_if "throw 'up'" expect(resource.should_skip?(:run)).to be_truthy end @@ -511,36 +464,30 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do end it "evaluates a 64-bit resource with a 64-bit guard and interprets boolean true as nonzero status code", :windows64_only do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.architecture :x86_64 resource.only_if "exit [int32]($env:PROCESSOR_ARCHITECTURE -eq 'AMD64')" expect(resource.should_skip?(:run)).to be_truthy end - it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean false as zero status code", :not_supported_on_nano do + it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean false as zero status code" do resource.architecture :i386 resource.only_if "exit [int32]($env:PROCESSOR_ARCHITECTURE -ne 'X86')" expect(resource.should_skip?(:run)).to be_falsey end - it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean true as nonzero status code", :not_supported_on_nano do + it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean true as nonzero status code" do resource.architecture :i386 resource.only_if "exit [int32]($env:PROCESSOR_ARCHITECTURE -eq 'X86')" expect(resource.should_skip?(:run)).to be_truthy end it "evaluates a simple boolean false as nonzero status code when convert_boolean_return is true for only_if" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.convert_boolean_return true resource.only_if "$false" expect(resource.should_skip?(:run)).to be_truthy end it "evaluates a simple boolean false as nonzero status code when convert_boolean_return is true for not_if" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - resource.convert_boolean_return true resource.not_if "$false" expect(resource.should_skip?(:run)).to be_falsey @@ -558,41 +505,33 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do expect(resource.should_skip?(:run)).to be_truthy end - it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean false as zero status code using convert_boolean_return for only_if", :not_supported_on_nano do + it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean false as zero status code using convert_boolean_return for only_if" do resource.convert_boolean_return true resource.architecture :i386 resource.only_if "$env:PROCESSOR_ARCHITECTURE -eq 'X86'" expect(resource.should_skip?(:run)).to be_falsey end - it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean false as zero status code using convert_boolean_return for not_if", :not_supported_on_nano do + it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean false as zero status code using convert_boolean_return for not_if" do resource.convert_boolean_return true resource.architecture :i386 resource.not_if "$env:PROCESSOR_ARCHITECTURE -ne 'X86'" expect(resource.should_skip?(:run)).to be_falsey end - it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean true as nonzero status code using convert_boolean_return for only_if", :not_supported_on_nano do + it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean true as nonzero status code using convert_boolean_return for only_if" do resource.convert_boolean_return true resource.architecture :i386 resource.only_if "$env:PROCESSOR_ARCHITECTURE -ne 'X86'" expect(resource.should_skip?(:run)).to be_truthy end - it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean true as nonzero status code using convert_boolean_return for not_if", :not_supported_on_nano do + it "evaluates a 32-bit resource with a 32-bit guard and interprets boolean true as nonzero status code using convert_boolean_return for not_if" do resource.convert_boolean_return true resource.architecture :i386 resource.not_if "$env:PROCESSOR_ARCHITECTURE -eq 'X86'" expect(resource.should_skip?(:run)).to be_truthy end - - it "raises an error when a 32-bit guard is used on Windows Nano Server", :windows_nano_only do - resource.only_if "$true", architecture: :i386 - expect { resource.run_action(:run) }.to raise_error( - Chef::Exceptions::Win32ArchitectureIncorrect, - /cannot execute script with requested architecture 'i386' on Windows Nano Server/ - ) - end end end diff --git a/spec/functional/resource/windows_certificate_spec.rb b/spec/functional/resource/windows_certificate_spec.rb index 9b79de6a77..99b7840f9c 100644 --- a/spec/functional/resource/windows_certificate_spec.rb +++ b/spec/functional/resource/windows_certificate_spec.rb @@ -47,7 +47,7 @@ module WindowsCertificateHelper end end -describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do +describe Chef::Resource::WindowsCertificate, :windows_only do include WindowsCertificateHelper let(:stdout) { StringIO.new } @@ -65,11 +65,11 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do let(:p7b_path) { File.join(certificate_path, "test.p7b") } let(:pfx_path) { File.join(certificate_path, "test.pfx") } let(:out_path) { File.join(certificate_path, "testout.pem") } - let(:tests_thumbprint) { "3180B3E3217862600BD7B2D28067B03D41576A4F" } + let(:tests_thumbprint) { "e45a4a7ff731e143cf20b8bfb9c7c4edd5238bb3" } let(:other_cer_path) { File.join(certificate_path, "othertest.cer") } - let(:others_thumbprint) { "AD393859B2D2D4161D224F16CBD3D16555753A20" } - let(:p7b_thumbprint) { "50954A52DDFA2043F36EA9026FDD95EC252048D0" } - let(:p7b_nested_thumbprint) { "4A3333FC4E1274995AF5A95810881C86F2DF7FBD" } + let(:others_thumbprint) { "6eae1deefaf59daf1a97c9ceeff39c98b3da38cb" } + let(:p7b_thumbprint) { "f867e25b928061318ed2c36ca517681774b06260" } + let(:p7b_nested_thumbprint) { "dc395eae6be5b69951b8b6e1090cfc33df30d2cd" } before do opts = { store_name: store } @@ -221,7 +221,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do expect(win_certificate).not_to be_updated_by_last_action end it "Nested certificates are also imported" do - expect(no_of_certificates).to eq(2) + expect(no_of_certificates).to eq(3) end end @@ -322,7 +322,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do win_certificate.run_action(:verify) end it "Initial check if certificate is present" do - expect(no_of_certificates).to eq(2) + expect(no_of_certificates).to eq(3) end it "Displays correct message" do expect(stdout.string.strip).to eq("Certificate is valid") @@ -338,7 +338,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do win_certificate.run_action(:verify) end it "Initial check if certificate is present" do - expect(no_of_certificates).to eq(2) + expect(no_of_certificates).to eq(3) end it "Displays correct message" do expect(stdout.string.strip).to eq("Certificate is valid") @@ -354,7 +354,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do win_certificate.run_action(:verify) end it "Initial check if certificate is present" do - expect(no_of_certificates).to eq(2) + expect(no_of_certificates).to eq(3) end it "Displays correct message" do expect(stdout.string.strip).to eq("Certificate not found") diff --git a/spec/functional/resource/windows_security_policy_spec.rb b/spec/functional/resource/windows_security_policy_spec.rb new file mode 100644 index 0000000000..db100f5bd2 --- /dev/null +++ b/spec/functional/resource/windows_security_policy_spec.rb @@ -0,0 +1,90 @@ +# +# Author:: Ashwini Nehate (<anehate@chef.io>) +# Copyright:: Copyright 2019-2020, Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" +require "functional/resource/base" +require "chef/mixin/powershell_out" + +describe Chef::Resource::WindowsSecurityPolicy, :windows_only do + include Chef::Mixin::PowershellExec + + let(:secoption) { "MaximumPasswordAge" } + let(:secvalue) { "30" } + let(:windows_test_run_context) do + node = Chef::Node.new + node.consume_external_attrs(OHAI_SYSTEM.data, {}) # node[:languages][:powershell][:version] + node.automatic["os"] = "windows" + node.automatic["platform"] = "windows" + node.automatic["platform_version"] = "6.1" + node.automatic["kernel"][:machine] = :x86_64 # Only 64-bit architecture is supported + empty_events = Chef::EventDispatch::Dispatcher.new + Chef::RunContext.new(node, {}, empty_events) + end + + subject do + new_resource = Chef::Resource::WindowsSecurityPolicy.new(secoption, windows_test_run_context) + new_resource.secoption = secoption + new_resource.secvalue = secvalue + new_resource + end + + describe "Set MaximumPasswordAge Policy" do + after { + subject.secvalue("60") + subject.run_action(:set) + } + + it "should set MaximumPasswordAge to 30" do + subject.secvalue("30") + subject.run_action(:set) + expect(subject).to be_updated_by_last_action + end + + it "should be idempotent" do + subject.secvalue("30") + subject.run_action(:set) + guardscript_and_script_time = subject.elapsed_time + subject.run_action(:set) + only_guardscript_time = subject.elapsed_time + expect(only_guardscript_time).to be < guardscript_and_script_time + end + end + + describe "secoption and id: " do + it "accepts 'MinimumPasswordAge', 'MinimumPasswordAge', 'MaximumPasswordAge', 'MinimumPasswordLength', 'PasswordComplexity', 'PasswordHistorySize', 'LockoutBadCount', 'RequireLogonToChangePassword', 'ForceLogoffWhenHourExpire', 'NewAdministratorName', 'NewGuestName', 'ClearTextPassword', 'LSAAnonymousNameLookup', 'EnableAdminAccount', 'EnableGuestAccount' " do + expect { subject.secoption("MinimumPasswordAge") }.not_to raise_error + expect { subject.secoption("MaximumPasswordAge") }.not_to raise_error + expect { subject.secoption("MinimumPasswordLength") }.not_to raise_error + expect { subject.secoption("PasswordComplexity") }.not_to raise_error + expect { subject.secoption("PasswordHistorySize") }.not_to raise_error + expect { subject.secoption("LockoutBadCount") }.not_to raise_error + expect { subject.secoption("RequireLogonToChangePassword") }.not_to raise_error + expect { subject.secoption("ForceLogoffWhenHourExpire") }.not_to raise_error + expect { subject.secoption("NewAdministratorName") }.not_to raise_error + expect { subject.secoption("NewGuestName") }.not_to raise_error + expect { subject.secoption("ClearTextPassword") }.not_to raise_error + expect { subject.secoption("LSAAnonymousNameLookup") }.not_to raise_error + expect { subject.secoption("EnableAdminAccount") }.not_to raise_error + expect { subject.secoption("EnableGuestAccount") }.not_to raise_error + end + + it "rejects any other option" do + expect { subject.secoption "XYZ" }.to raise_error(ArgumentError) + end + end +end diff --git a/spec/functional/resource/windows_service_spec.rb b/spec/functional/resource/windows_service_spec.rb index 999b235df1..1ebffd1833 100644 --- a/spec/functional/resource/windows_service_spec.rb +++ b/spec/functional/resource/windows_service_spec.rb @@ -18,8 +18,7 @@ require "spec_helper" -describe Chef::Resource::WindowsService, :windows_only, :system_windows_service_gem_only, :appveyor_only, broken: true do - # Marking as broken. This test is causing appveyor tests to exit with 116. +describe Chef::Resource::WindowsService, :windows_only, :system_windows_service_gem_only do include_context "using Win32::Service" diff --git a/spec/functional/resource/windows_user_privilege_spec.rb b/spec/functional/resource/windows_user_privilege_spec.rb new file mode 100644 index 0000000000..6dca54016a --- /dev/null +++ b/spec/functional/resource/windows_user_privilege_spec.rb @@ -0,0 +1,193 @@ +# +# Author:: Vasundhara Jagdale (<vasundhara.jagdale@chef.io>) +# Copyright 2008-2020, Chef Software, Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../../spec_helper" +require_relative "../../functional/resource/base" + +describe Chef::Resource::WindowsUserPrivilege, :windows_only do + let(:principal) { nil } + let(:privilege) { nil } + let(:users) { nil } + let(:sensitive) { true } + + let(:windows_test_run_context) do + node = Chef::Node.new + node.consume_external_attrs(OHAI_SYSTEM.data, {}) # node[:languages][:powershell][:version] + node.automatic["os"] = "windows" + node.automatic["platform"] = "windows" + node.automatic["platform_version"] = "6.1" + node.automatic["kernel"][:machine] = :x86_64 # Only 64-bit architecture is supported + empty_events = Chef::EventDispatch::Dispatcher.new + Chef::RunContext.new(node, {}, empty_events) + end + + subject do + new_resource = Chef::Resource::WindowsUserPrivilege.new(principal, windows_test_run_context) + new_resource.privilege = privilege + new_resource.principal = principal + new_resource.users = users + new_resource + end + + describe "#add privilege" do + after { subject.run_action(:remove) } + + context "when privilege is passed as string" do + let(:principal) { "Administrator" } + let(:privilege) { "SeCreateSymbolicLinkPrivilege" } + + it "adds user to privilege" do + # Removing so that add update happens + subject.run_action(:remove) + subject.run_action(:add) + expect(subject).to be_updated_by_last_action + end + + it "is idempotent" do + subject.run_action(:add) + subject.run_action(:add) + expect(subject).not_to be_updated_by_last_action + end + end + + context "when privilege is passed as array" do + let(:principal) { "Administrator" } + let(:privilege) { %w{SeCreateSymbolicLinkPrivilege SeCreatePagefilePrivilege} } + + it "adds user to privilege" do + subject.run_action(:add) + expect(subject).to be_updated_by_last_action + end + + it "is idempotent" do + subject.run_action(:add) + subject.run_action(:add) + expect(subject).not_to be_updated_by_last_action + end + end + end + + describe "#set privilege" do + after { remove_user_privilege("Administrator", subject.privilege) } + + let(:principal) { "user_privilege" } + let(:users) { %w{Administrators Administrator} } + let(:privilege) { %w{SeCreateSymbolicLinkPrivilege} } + + it "sets user to privilege" do + subject.action(:set) + subject.run_action(:set) + expect(subject).to be_updated_by_last_action + end + + it "is idempotent" do + subject.action(:set) + subject.run_action(:set) + subject.run_action(:set) + expect(subject).not_to be_updated_by_last_action + end + + it "raise error if users not provided" do + subject.users = nil + subject.action(:set) + expect { subject.run_action(:set) }.to raise_error(Chef::Exceptions::ValidationFailed) + end + end + + describe "#remove privilege" do + let(:principal) { "Administrator" } + context "when privilege is passed as array" do + let(:privilege) { "SeCreateSymbolicLinkPrivilege" } + it "remove user from privilege" do + subject.run_action(:add) + subject.run_action(:remove) + expect(subject).to be_updated_by_last_action + end + + it "is idempotent" do + subject.run_action(:add) + subject.run_action(:remove) + subject.run_action(:remove) + expect(subject).not_to be_updated_by_last_action + end + end + + context "when privilege is passed as array" do + let(:privilege) { %w{SeCreateSymbolicLinkPrivilege SeCreatePagefilePrivilege} } + it "remove user from privilege" do + subject.run_action(:add) + subject.run_action(:remove) + expect(subject).to be_updated_by_last_action + end + + it "is idempotent" do + subject.run_action(:add) + subject.run_action(:remove) + subject.run_action(:remove) + expect(subject).not_to be_updated_by_last_action + end + end + end + + describe "running with non admin user" do + include Chef::Mixin::UserContext + + let(:user) { "security_user" } + let(:password) { "Security@123" } + let(:principal) { "user_privilege" } + let(:users) { ["Administrators", "#{domain}\\security_user"] } + let(:privilege) { %w{SeCreateSymbolicLinkPrivilege} } + + let(:domain) do + ENV["COMPUTERNAME"] + end + + before do + allow_any_instance_of(Chef::Mixin::UserContext).to receive(:node).and_return({ "platform_family" => "windows" }) + add_user = Mixlib::ShellOut.new("net user #{user} #{password} /ADD") + add_user.run_command + add_user.error! + end + + after do + remove_user_privilege("#{domain}\\#{user}", subject.privilege) + delete_user = Mixlib::ShellOut.new("net user #{user} /delete") + delete_user.run_command + delete_user.error! + end + + it "sets user to privilege" do + subject.action(:set) + subject.run_action(:set) + expect(subject).to be_updated_by_last_action + end + + it "is idempotent" do + subject.action(:set) + subject.run_action(:set) + subject.run_action(:set) + expect(subject).not_to be_updated_by_last_action + end + end + + def remove_user_privilege(user, privilege) + subject.action(:remove) + subject.principal = user + subject.privilege = privilege + subject.run_action(:remove) + end +end diff --git a/spec/functional/run_lock_spec.rb b/spec/functional/run_lock_spec.rb index d9a8bd2d0e..eecdbbe6c8 100644 --- a/spec/functional/run_lock_spec.rb +++ b/spec/functional/run_lock_spec.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2012-2016, Chef Software, Inc. +# Copyright:: Copyright 2012-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,7 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/client" describe Chef::RunLock do @@ -404,6 +404,12 @@ describe Chef::RunLock do example.log_event("#{name}.stop finished (pid #{pid} wasn't running)") end end + + # close the IO.pipes so we don't leak them as open filehandles + @read_from_process.close rescue nil + @write_to_tests.close rescue nil + @read_from_tests.close rescue nil + @write_to_process.close rescue nil end def fire_event(event) diff --git a/spec/functional/shell_spec.rb b/spec/functional/shell_spec.rb index dd0455fc9e..cb4fd92681 100644 --- a/spec/functional/shell_spec.rb +++ b/spec/functional/shell_spec.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2012-2019, Chef Software Inc. +# Copyright:: Copyright 2012-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -82,7 +82,7 @@ describe Shell do require "pty" config = File.expand_path("shef-config.rb", CHEF_SPEC_DATA) - reader, writer, pid = PTY.spawn("bundle exec chef-shell -c #{config} #{options}") + reader, writer, pid = PTY.spawn("bundle exec chef-shell --no-multiline --no-singleline --no-colorize -c #{config} #{options}") read_until(reader, "chef (#{Chef::VERSION})>") yield reader, writer if block_given? writer.puts('"done"') diff --git a/spec/functional/util/powershell/cmdlet_spec.rb b/spec/functional/util/powershell/cmdlet_spec.rb index 1c8fef2180..0bc6f4914c 100644 --- a/spec/functional/util/powershell/cmdlet_spec.rb +++ b/spec/functional/util/powershell/cmdlet_spec.rb @@ -17,7 +17,7 @@ # require "chef/json_compat" -require File.expand_path("../../../../spec_helper", __FILE__) +require_relative "../../../spec_helper" describe Chef::Util::Powershell::Cmdlet, :windows_powershell_dsc_only do before(:all) do diff --git a/spec/functional/version_spec.rb b/spec/functional/version_spec.rb index 25e3f4dba7..5501d0cfe3 100644 --- a/spec/functional/version_spec.rb +++ b/spec/functional/version_spec.rb @@ -15,7 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/mixin/shell_out" require "chef/version" require "ohai/version" diff --git a/spec/functional/win32/registry_spec.rb b/spec/functional/win32/registry_spec.rb index 923b952161..734562f848 100644 --- a/spec/functional/win32/registry_spec.rb +++ b/spec/functional/win32/registry_spec.rb @@ -56,12 +56,6 @@ describe "Chef::Win32::Registry", :windows_only do end end - # Server Versions - # it "succeeds if server versiion is 2003R2, 2008, 2008R2, 2012" do - # end - # it "falis if the server versions are anything else" do - # end - describe "hive_exists?" do it "returns true if the hive exists" do expect(@registry.hive_exists?("HKCU\\Software\\Root")).to eq(true) diff --git a/spec/functional/win32/security_spec.rb b/spec/functional/win32/security_spec.rb index 3eb7bedd48..c01e9be9a3 100644 --- a/spec/functional/win32/security_spec.rb +++ b/spec/functional/win32/security_spec.rb @@ -199,6 +199,28 @@ describe "Chef::Win32::Security", :windows_only do end end + describe ".get_account_with_user_rights" do + let(:domain) { ENV["COMPUTERNAME"] } + let(:username) { ENV["USERNAME"] } + + context "when given a valid user right" do + it "gets all accounts associated with given user right" do + Chef::ReservedNames::Win32::Security.add_account_right(username, "SeBatchLogonRight") + expect(Chef::ReservedNames::Win32::Security.get_account_with_user_rights("SeBatchLogonRight").flatten).to include("#{domain}\\#{username}") + Chef::ReservedNames::Win32::Security.remove_account_right(username, "SeBatchLogonRight") + expect(Chef::ReservedNames::Win32::Security.get_account_with_user_rights("SeBatchLogonRight").flatten).not_to include("#{domain}\\#{username}") + end + end + + context "when given an invalid user right" do + let(:user_right) { "SeTest" } + + it "returns empty array" do + expect(Chef::ReservedNames::Win32::Security.get_account_with_user_rights(user_right)).to be_empty + end + end + end + describe ".test_and_raise_lsa_nt_status" do # NTSTATUS code: 0xC0000001 / STATUS_UNSUCCESSFUL # Windows Error: ERROR_GEN_FAILURE / 31 / 0x1F / A device attached to the system is not functioning. diff --git a/spec/functional/win32/service_manager_spec.rb b/spec/functional/win32/service_manager_spec.rb index bb8ed54c0e..220cc3c183 100644 --- a/spec/functional/win32/service_manager_spec.rb +++ b/spec/functional/win32/service_manager_spec.rb @@ -33,7 +33,7 @@ end # directories. # -describe "Chef::Application::WindowsServiceManager", :windows_only, :system_windows_service_gem_only, :appveyor_only do +describe "Chef::Application::WindowsServiceManager", :windows_only, :system_windows_service_gem_only do include_context "using Win32::Service" diff --git a/spec/integration/client/client_spec.rb b/spec/integration/client/client_spec.rb index b1763da1f0..24ec35d5e0 100644 --- a/spec/integration/client/client_spec.rb +++ b/spec/integration/client/client_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" require "tiny_server" @@ -540,8 +541,7 @@ describe "chef-client" do end end - # Fails on appveyor, but works locally on windows and on windows hosts in Ci. - context "when using recipe-url", :skip_appveyor do + context "when using recipe-url" do before(:each) do start_tiny_server end diff --git a/spec/integration/client/exit_code_spec.rb b/spec/integration/client/exit_code_spec.rb index 37999ab431..a2f7e87b7e 100644 --- a/spec/integration/client/exit_code_spec.rb +++ b/spec/integration/client/exit_code_spec.rb @@ -1,4 +1,5 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" require "tiny_server" diff --git a/spec/integration/client/ipv6_spec.rb b/spec/integration/client/ipv6_spec.rb index 2d16786334..3d2c8d83d9 100644 --- a/spec/integration/client/ipv6_spec.rb +++ b/spec/integration/client/ipv6_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" diff --git a/spec/integration/knife/chef_fs_data_store_spec.rb b/spec/integration/knife/chef_fs_data_store_spec.rb index 58ca5121c5..d79b1922ac 100644 --- a/spec/integration/knife/chef_fs_data_store_spec.rb +++ b/spec/integration/knife/chef_fs_data_store_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/list" require "chef/knife/delete" @@ -194,7 +195,7 @@ describe "ChefFSDataStore tests", :workstation do Uploading x [1.0.0] Uploaded 1 cookbook. EOM - knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/x/\n/cookbooks/x/metadata.rb\n" + knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/x/\n/cookbooks/x/metadata.json\n/cookbooks/x/metadata.rb\n" end it "knife raw -z -i empty.json -m PUT /data/x/y" do @@ -251,7 +252,7 @@ describe "ChefFSDataStore tests", :workstation do Uploading z [1.0.0] Uploaded 1 cookbook. EOM - knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/z/\n/cookbooks/z/metadata.rb\n" + knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/z/\n/cookbooks/z/metadata.json\n/cookbooks/z/metadata.rb\n" end it "knife raw -z -i empty.json -m POST /data" do diff --git a/spec/integration/knife/chef_repo_path_spec.rb b/spec/integration/knife/chef_repo_path_spec.rb index 7d98b7ad4e..0393d27706 100644 --- a/spec/integration/knife/chef_repo_path_spec.rb +++ b/spec/integration/knife/chef_repo_path_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/list" diff --git a/spec/integration/knife/chef_repository_file_system_spec.rb b/spec/integration/knife/chef_repository_file_system_spec.rb index 6e9c4611e2..efdde6265b 100644 --- a/spec/integration/knife/chef_repository_file_system_spec.rb +++ b/spec/integration/knife/chef_repository_file_system_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/list" require "chef/knife/show" diff --git a/spec/integration/knife/chefignore_spec.rb b/spec/integration/knife/chefignore_spec.rb index b92fb1f485..6dac18f8fa 100644 --- a/spec/integration/knife/chefignore_spec.rb +++ b/spec/integration/knife/chefignore_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/list" require "chef/knife/show" diff --git a/spec/integration/knife/client_bulk_delete_spec.rb b/spec/integration/knife/client_bulk_delete_spec.rb index 73dd1680b2..3d3e8f630c 100644 --- a/spec/integration/knife/client_bulk_delete_spec.rb +++ b/spec/integration/knife/client_bulk_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/client_create_spec.rb b/spec/integration/knife/client_create_spec.rb index 505358923b..14ac17b810 100644 --- a/spec/integration/knife/client_create_spec.rb +++ b/spec/integration/knife/client_create_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "openssl" diff --git a/spec/integration/knife/client_delete_spec.rb b/spec/integration/knife/client_delete_spec.rb index 3ba51fca96..c7b9bbca35 100644 --- a/spec/integration/knife/client_delete_spec.rb +++ b/spec/integration/knife/client_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/client_key_create_spec.rb b/spec/integration/knife/client_key_create_spec.rb index 7ccec8bffd..cc958a85f6 100644 --- a/spec/integration/knife/client_key_create_spec.rb +++ b/spec/integration/knife/client_key_create_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "openssl" diff --git a/spec/integration/knife/client_key_delete_spec.rb b/spec/integration/knife/client_key_delete_spec.rb index 04826bb0b8..259996a3f2 100644 --- a/spec/integration/knife/client_key_delete_spec.rb +++ b/spec/integration/knife/client_key_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/client_key_list_spec.rb b/spec/integration/knife/client_key_list_spec.rb index 4fd18a6cd5..37f9a84347 100644 --- a/spec/integration/knife/client_key_list_spec.rb +++ b/spec/integration/knife/client_key_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "date" diff --git a/spec/integration/knife/client_key_show_spec.rb b/spec/integration/knife/client_key_show_spec.rb index e96ff3b6fe..0b1561d64f 100644 --- a/spec/integration/knife/client_key_show_spec.rb +++ b/spec/integration/knife/client_key_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "date" diff --git a/spec/integration/knife/client_list_spec.rb b/spec/integration/knife/client_list_spec.rb index 27ceecf7de..bf7ba74f2f 100644 --- a/spec/integration/knife/client_list_spec.rb +++ b/spec/integration/knife/client_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/client_show_spec.rb b/spec/integration/knife/client_show_spec.rb index 23ac204d77..36bb0bebd0 100644 --- a/spec/integration/knife/client_show_spec.rb +++ b/spec/integration/knife/client_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/common_options_spec.rb b/spec/integration/knife/common_options_spec.rb index 5eac571a85..d7b14aa93c 100644 --- a/spec/integration/knife/common_options_spec.rb +++ b/spec/integration/knife/common_options_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/raw" diff --git a/spec/integration/knife/config_get_profile_spec.rb b/spec/integration/knife/config_get_profile_spec.rb index d17d572f13..4991532f14 100644 --- a/spec/integration/knife/config_get_profile_spec.rb +++ b/spec/integration/knife/config_get_profile_spec.rb @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/config_get_spec.rb b/spec/integration/knife/config_get_spec.rb index 7719ee2bd0..e6b97aa9a3 100644 --- a/spec/integration/knife/config_get_spec.rb +++ b/spec/integration/knife/config_get_spec.rb @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/config_list_profiles_spec.rb b/spec/integration/knife/config_list_profiles_spec.rb index 7ac4ef755e..95a06ffaee 100644 --- a/spec/integration/knife/config_list_profiles_spec.rb +++ b/spec/integration/knife/config_list_profiles_spec.rb @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/config_use_profile_spec.rb b/spec/integration/knife/config_use_profile_spec.rb index 4ea9012212..213fe19f88 100644 --- a/spec/integration/knife/config_use_profile_spec.rb +++ b/spec/integration/knife/config_use_profile_spec.rb @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/cookbook_api_ipv6_spec.rb b/spec/integration/knife/cookbook_api_ipv6_spec.rb index c615d8de7a..f2c4539bf8 100644 --- a/spec/integration/knife/cookbook_api_ipv6_spec.rb +++ b/spec/integration/knife/cookbook_api_ipv6_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" diff --git a/spec/integration/knife/cookbook_bulk_delete_spec.rb b/spec/integration/knife/cookbook_bulk_delete_spec.rb index 5b8dc3a952..2e8e96de12 100644 --- a/spec/integration/knife/cookbook_bulk_delete_spec.rb +++ b/spec/integration/knife/cookbook_bulk_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/cookbook_bulk_delete" diff --git a/spec/integration/knife/cookbook_download_spec.rb b/spec/integration/knife/cookbook_download_spec.rb index 538c06802b..0e92430aaf 100644 --- a/spec/integration/knife/cookbook_download_spec.rb +++ b/spec/integration/knife/cookbook_download_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/cookbook_download" diff --git a/spec/integration/knife/cookbook_list_spec.rb b/spec/integration/knife/cookbook_list_spec.rb index c9e4069a44..92412038a1 100644 --- a/spec/integration/knife/cookbook_list_spec.rb +++ b/spec/integration/knife/cookbook_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/cookbook_list" diff --git a/spec/integration/knife/cookbook_show_spec.rb b/spec/integration/knife/cookbook_show_spec.rb index 8ebd5403ae..32b1324a0a 100644 --- a/spec/integration/knife/cookbook_show_spec.rb +++ b/spec/integration/knife/cookbook_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/cookbook_show" diff --git a/spec/integration/knife/cookbook_upload_spec.rb b/spec/integration/knife/cookbook_upload_spec.rb index 7e98b6ea64..7253b4c350 100644 --- a/spec/integration/knife/cookbook_upload_spec.rb +++ b/spec/integration/knife/cookbook_upload_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/cookbook_upload" @@ -86,5 +87,15 @@ describe "knife cookbook upload", :workstation do EOM end end + + when_the_repository "has cookbook metadata without name attribute in metadata file" do + before do + file "cookbooks/x/metadata.rb", cb_metadata(nil, "1.0.0") + end + + it "knife cookbook upload x " do + expect { knife("cookbook upload x -o #{cb_dir}") }.to raise_error(Chef::Exceptions::MetadataNotValid) + end + end end end diff --git a/spec/integration/knife/data_bag_create_spec.rb b/spec/integration/knife/data_bag_create_spec.rb index e60f3c06fd..13007cc35d 100644 --- a/spec/integration/knife/data_bag_create_spec.rb +++ b/spec/integration/knife/data_bag_create_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/data_bag_create" diff --git a/spec/integration/knife/data_bag_delete_spec.rb b/spec/integration/knife/data_bag_delete_spec.rb index b5ee1b0422..3ccc718678 100644 --- a/spec/integration/knife/data_bag_delete_spec.rb +++ b/spec/integration/knife/data_bag_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/data_bag_delete" diff --git a/spec/integration/knife/data_bag_edit_spec.rb b/spec/integration/knife/data_bag_edit_spec.rb index cb3e84b9c6..8e3f580630 100644 --- a/spec/integration/knife/data_bag_edit_spec.rb +++ b/spec/integration/knife/data_bag_edit_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/data_bag_edit" diff --git a/spec/integration/knife/data_bag_from_file_spec.rb b/spec/integration/knife/data_bag_from_file_spec.rb index 5083153e91..f2d0247caf 100644 --- a/spec/integration/knife/data_bag_from_file_spec.rb +++ b/spec/integration/knife/data_bag_from_file_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/data_bag_list_spec.rb b/spec/integration/knife/data_bag_list_spec.rb index 2e57cc7cca..690b257810 100644 --- a/spec/integration/knife/data_bag_list_spec.rb +++ b/spec/integration/knife/data_bag_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/data_bag_list" diff --git a/spec/integration/knife/data_bag_show_spec.rb b/spec/integration/knife/data_bag_show_spec.rb index 42553dc478..be1a9bd0e8 100644 --- a/spec/integration/knife/data_bag_show_spec.rb +++ b/spec/integration/knife/data_bag_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/data_bag_show" @@ -26,7 +27,7 @@ describe "knife data bag show", :workstation do when_the_chef_server "is empty" do it "raises error if try to retrieve it" do - expect { knife("data bag show bag") }.to raise_error(Net::HTTPServerException) + expect { knife("data bag show bag") }.to raise_error(Net::HTTPClientException) end end diff --git a/spec/integration/knife/delete_spec.rb b/spec/integration/knife/delete_spec.rb index fd5853dfef..c046834104 100644 --- a/spec/integration/knife/delete_spec.rb +++ b/spec/integration/knife/delete_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/delete" require "chef/knife/list" diff --git a/spec/integration/knife/deps_spec.rb b/spec/integration/knife/deps_spec.rb index 4dfccf38de..eca7cbd0ac 100644 --- a/spec/integration/knife/deps_spec.rb +++ b/spec/integration/knife/deps_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/deps" @@ -242,7 +243,7 @@ depends "foo"' it "knife deps --tree prints each once" do knife("deps --tree /roles/foo.json /roles/self.json") do expect(stdout).to eq("/roles/foo.json\n /roles/bar.json\n /roles/baz.json\n /roles/foo.json\n/roles/self.json\n /roles/self.json\n") - expect(stderr).to eq("WARNING: No knife configuration file found. See https://docs.chef.io/config_rb_knife.html for details.\n") + expect(stderr).to eq("WARNING: No knife configuration file found. See https://docs.chef.io/config_rb/ for details.\n") end end end @@ -580,7 +581,7 @@ depends "self"' } it "knife deps --tree prints each once" do knife("deps --remote --tree /roles/foo.json /roles/self.json") do expect(stdout).to eq("/roles/foo.json\n /roles/bar.json\n /roles/baz.json\n /roles/foo.json\n/roles/self.json\n /roles/self.json\n") - expect(stderr).to eq("WARNING: No knife configuration file found. See https://docs.chef.io/config_rb_knife.html for details.\n") + expect(stderr).to eq("WARNING: No knife configuration file found. See https://docs.chef.io/config_rb/ for details.\n") end end end diff --git a/spec/integration/knife/diff_spec.rb b/spec/integration/knife/diff_spec.rb index 87cbd1559d..dccab65679 100644 --- a/spec/integration/knife/diff_spec.rb +++ b/spec/integration/knife/diff_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/diff" diff --git a/spec/integration/knife/download_spec.rb b/spec/integration/knife/download_spec.rb index 77f6d3890e..ab6ff8d9e3 100644 --- a/spec/integration/knife/download_spec.rb +++ b/spec/integration/knife/download_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/download" require "chef/knife/diff" diff --git a/spec/integration/knife/environment_compare_spec.rb b/spec/integration/knife/environment_compare_spec.rb index 713c1efe12..39baf5c6b7 100644 --- a/spec/integration/knife/environment_compare_spec.rb +++ b/spec/integration/knife/environment_compare_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/environment_create_spec.rb b/spec/integration/knife/environment_create_spec.rb index 2647a08f8b..cf4b8b38eb 100644 --- a/spec/integration/knife/environment_create_spec.rb +++ b/spec/integration/knife/environment_create_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/environment_delete_spec.rb b/spec/integration/knife/environment_delete_spec.rb index 0f1fe5c4a8..579b3a67d9 100644 --- a/spec/integration/knife/environment_delete_spec.rb +++ b/spec/integration/knife/environment_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/environment_from_file_spec.rb b/spec/integration/knife/environment_from_file_spec.rb index 8b33e254d8..472ae4d511 100644 --- a/spec/integration/knife/environment_from_file_spec.rb +++ b/spec/integration/knife/environment_from_file_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/environment_list_spec.rb b/spec/integration/knife/environment_list_spec.rb index b6b25e8661..19fde490ef 100644 --- a/spec/integration/knife/environment_list_spec.rb +++ b/spec/integration/knife/environment_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/environment_show_spec.rb b/spec/integration/knife/environment_show_spec.rb index c0334ecbf3..157c108c46 100644 --- a/spec/integration/knife/environment_show_spec.rb +++ b/spec/integration/knife/environment_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/list_spec.rb b/spec/integration/knife/list_spec.rb index 9689c9e6c8..b1d77d3b01 100644 --- a/spec/integration/knife/list_spec.rb +++ b/spec/integration/knife/list_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/list" diff --git a/spec/integration/knife/node_bulk_delete_spec.rb b/spec/integration/knife/node_bulk_delete_spec.rb index 4dce471150..957d6375dc 100644 --- a/spec/integration/knife/node_bulk_delete_spec.rb +++ b/spec/integration/knife/node_bulk_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_create_spec.rb b/spec/integration/knife/node_create_spec.rb index 36778b3dfa..8b18663193 100644 --- a/spec/integration/knife/node_create_spec.rb +++ b/spec/integration/knife/node_create_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "openssl" diff --git a/spec/integration/knife/node_delete_spec.rb b/spec/integration/knife/node_delete_spec.rb index a578ae912e..e782bdd549 100644 --- a/spec/integration/knife/node_delete_spec.rb +++ b/spec/integration/knife/node_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_environment_set_spec.rb b/spec/integration/knife/node_environment_set_spec.rb index 96251f6351..b2316a3590 100644 --- a/spec/integration/knife/node_environment_set_spec.rb +++ b/spec/integration/knife/node_environment_set_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_from_file_spec.rb b/spec/integration/knife/node_from_file_spec.rb index 8a2dddb76e..c563fa328e 100644 --- a/spec/integration/knife/node_from_file_spec.rb +++ b/spec/integration/knife/node_from_file_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_list_spec.rb b/spec/integration/knife/node_list_spec.rb index 9e5378f121..b6079d72ba 100644 --- a/spec/integration/knife/node_list_spec.rb +++ b/spec/integration/knife/node_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_run_list_add_spec.rb b/spec/integration/knife/node_run_list_add_spec.rb index 87d08e1975..542746a51e 100644 --- a/spec/integration/knife/node_run_list_add_spec.rb +++ b/spec/integration/knife/node_run_list_add_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_run_list_remove_spec.rb b/spec/integration/knife/node_run_list_remove_spec.rb index e85e3ed8e8..0fcb80300c 100644 --- a/spec/integration/knife/node_run_list_remove_spec.rb +++ b/spec/integration/knife/node_run_list_remove_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_run_list_set_spec.rb b/spec/integration/knife/node_run_list_set_spec.rb index ec6b08fb97..d80920d299 100644 --- a/spec/integration/knife/node_run_list_set_spec.rb +++ b/spec/integration/knife/node_run_list_set_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/node_show_spec.rb b/spec/integration/knife/node_show_spec.rb index dd890aed59..ac32ab165d 100644 --- a/spec/integration/knife/node_show_spec.rb +++ b/spec/integration/knife/node_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/raw_spec.rb b/spec/integration/knife/raw_spec.rb index 99fb7b5787..51d7759063 100644 --- a/spec/integration/knife/raw_spec.rb +++ b/spec/integration/knife/raw_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/raw" @@ -142,7 +143,21 @@ describe "knife raw", :workstation do /roles/x.json: { "name": "x", - "description": "eek" + "description": "eek", + "json_class": "Chef::Role", + "chef_type": "role", + "default_attributes": { + + }, + "override_attributes": { + + }, + "run_list": [ + + ], + "env_run_lists": { + + } } EOM end @@ -178,7 +193,21 @@ describe "knife raw", :workstation do /roles/y.json: { "name": "y", - "description": "eek" + "description": "eek", + "json_class": "Chef::Role", + "chef_type": "role", + "default_attributes": { + + }, + "override_attributes": { + + }, + "run_list": [ + + ], + "env_run_lists": { + + } } EOM end diff --git a/spec/integration/knife/redirection_spec.rb b/spec/integration/knife/redirection_spec.rb index fe39315fe4..a1c8d4d9ab 100644 --- a/spec/integration/knife/redirection_spec.rb +++ b/spec/integration/knife/redirection_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "tiny_server" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/role_bulk_delete_spec.rb b/spec/integration/knife/role_bulk_delete_spec.rb index 36d1cb2041..9f73c3c65d 100644 --- a/spec/integration/knife/role_bulk_delete_spec.rb +++ b/spec/integration/knife/role_bulk_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/role_create_spec.rb b/spec/integration/knife/role_create_spec.rb index 54ade9de09..723ca5bf48 100644 --- a/spec/integration/knife/role_create_spec.rb +++ b/spec/integration/knife/role_create_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/role_delete_spec.rb b/spec/integration/knife/role_delete_spec.rb index aa12de57e8..7642159451 100644 --- a/spec/integration/knife/role_delete_spec.rb +++ b/spec/integration/knife/role_delete_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/role_from_file_spec.rb b/spec/integration/knife/role_from_file_spec.rb index 69f58e8c36..e395f7a0ef 100644 --- a/spec/integration/knife/role_from_file_spec.rb +++ b/spec/integration/knife/role_from_file_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/role_list_spec.rb b/spec/integration/knife/role_list_spec.rb index e718425cee..709f533e44 100644 --- a/spec/integration/knife/role_list_spec.rb +++ b/spec/integration/knife/role_list_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/role_show_spec.rb b/spec/integration/knife/role_show_spec.rb index 07afd19440..2af1696c04 100644 --- a/spec/integration/knife/role_show_spec.rb +++ b/spec/integration/knife/role_show_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/search_node_spec.rb b/spec/integration/knife/search_node_spec.rb index e3cda1a138..6bce1a85d7 100644 --- a/spec/integration/knife/search_node_spec.rb +++ b/spec/integration/knife/search_node_spec.rb @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" diff --git a/spec/integration/knife/show_spec.rb b/spec/integration/knife/show_spec.rb index dd83475b8c..68096a1c2d 100644 --- a/spec/integration/knife/show_spec.rb +++ b/spec/integration/knife/show_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "support/shared/context/config" require "chef/knife/show" @@ -80,7 +81,19 @@ describe "knife show", :workstation do knife("show /environments/x.json").should_succeed <<~EOM /environments/x.json: { - "name": "x" + "name": "x", + "description": "", + "cookbook_versions": { + + }, + "default_attributes": { + + }, + "override_attributes": { + + }, + "json_class": "Chef::Environment", + "chef_type": "environment" } EOM end @@ -96,7 +109,22 @@ describe "knife show", :workstation do knife("show /roles/x.json").should_succeed <<~EOM /roles/x.json: { - "name": "x" + "name": "x", + "description": "", + "json_class": "Chef::Role", + "chef_type": "role", + "default_attributes": { + + }, + "override_attributes": { + + }, + "run_list": [ + + ], + "env_run_lists": { + + } } EOM end @@ -149,7 +177,9 @@ describe "knife show", :workstation do }, "override_attributes": { "x": "y" - } + }, + "json_class": "Chef::Environment", + "chef_type": "environment" } EOM end diff --git a/spec/integration/knife/upload_spec.rb b/spec/integration/knife/upload_spec.rb index 1a6ddceb17..9ca6da9db1 100644 --- a/spec/integration/knife/upload_spec.rb +++ b/spec/integration/knife/upload_spec.rb @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/knife/upload" require "chef/knife/diff" @@ -178,7 +179,7 @@ describe "knife upload", :workstation do file "cookbooks/x/metadata.rb", "name 'x'; version '1.0.0'; depends 'x'" end - it "should fail in Chef 13" do + it "fails with RuntimeError" do expect { knife("upload /cookbooks") }.to raise_error RuntimeError, /Cookbook depends on itself/ end end @@ -209,7 +210,10 @@ describe "knife upload", :workstation do Created /roles/y.json Created /users/y.json EOM - knife("diff /").should_succeed "" + knife("diff --name-status /").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + D\t/cookbooks/y/metadata.json + EOM end it "knife upload --no-diff adds the new files" do @@ -225,7 +229,10 @@ describe "knife upload", :workstation do Created /roles/y.json Created /users/y.json EOM - knife("diff --name-status /").should_succeed "" + knife("diff --name-status /").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + D\t/cookbooks/y/metadata.json + EOM end end end @@ -289,8 +296,8 @@ describe "knife upload", :workstation do Created /data_bags/x Created /data_bags/x/y.json EOM - knife("diff --name-status /data_bags").should_succeed <<EOM -EOM + knife("diff --name-status /data_bags").should_succeed <<~EOM + EOM expect(Chef::JSONCompat.parse(knife("raw /data/x/y").stdout, create_additions: false).keys.sort).to eq(%w{foo id}) end @@ -446,11 +453,30 @@ EOM # upload of a file is designed not to work at present. Make sure that is the # case. when_the_chef_server "has a cookbook" do - before do cookbook "x", "1.0.0", { "z.rb" => "" } end + when_the_repository "does not have metadata file" do + before do + file "cookbooks/x/y.rb", "hi" + end + + it "raises MetadataNotFound exception" do + expect { knife("upload /cookbooks/x") }.to raise_error(Chef::Exceptions::MetadataNotFound) + end + end + + when_the_repository "does not have valid metadata" do + before do + file "cookbooks/x/metadata.rb", cb_metadata(nil, "1.0.0") + end + + it "raises exception for invalid metadata" do + expect { knife("upload /cookbooks/x") }.to raise_error(Chef::Exceptions::MetadataNotValid) + end + end + when_the_repository "has a modified, extra and missing file for the cookbook" do before do file "cookbooks/x/metadata.rb", cb_metadata("x", "1.0.0", "#modified") @@ -462,6 +488,7 @@ EOM knife("upload /cookbooks/x/y.rb").should_fail "ERROR: /cookbooks/x cannot have a child created under it.\n" knife("upload --purge /cookbooks/x/z.rb").should_fail "ERROR: /cookbooks/x/z.rb cannot be deleted.\n" end + # TODO this is a bit of an inconsistency: if we didn't specify --purge, # technically we shouldn't have deleted missing files. But ... cookbooks # are a special case. @@ -469,13 +496,18 @@ EOM knife("upload /cookbooks/x").should_succeed <<~EOM Updated /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end + it "knife upload --purge of the cookbook itself succeeds" do knife("upload /cookbooks/x").should_succeed <<~EOM Updated /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end end when_the_repository "has a missing file for the cookbook" do @@ -488,7 +520,9 @@ EOM knife("upload /cookbooks/x").should_succeed <<~EOM Updated /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end end when_the_repository "has an extra file for the cookbook" do @@ -503,7 +537,9 @@ EOM knife("upload /cookbooks/x").should_succeed <<~EOM Updated /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end end @@ -548,6 +584,7 @@ EOM when_the_repository "has a cookbook" do before do file "cookbooks/x/metadata.rb", cb_metadata("x", "1.0.0") + file "cookbooks/x/metadata.json", { name: "x", version: "1.0.0" } file "cookbooks/x/onlyin1.0.0.rb", "old_text" end @@ -561,6 +598,38 @@ EOM knife("diff --name-status /cookbooks").should_succeed <<~EOM M\t/cookbooks/x/metadata.rb D\t/cookbooks/x/onlyin1.0.1.rb + A\t/cookbooks/x/metadata.json + A\t/cookbooks/x/onlyin1.0.0.rb + EOM + knife("upload --purge /cookbooks/x").should_succeed <<~EOM + Updated /cookbooks/x + EOM + knife("diff --name-status /cookbooks").should_succeed <<~EOM + M\t/cookbooks/x/metadata.rb + D\t/cookbooks/x/onlyin1.0.1.rb + A\t/cookbooks/x/metadata.json + A\t/cookbooks/x/onlyin1.0.0.rb + EOM + end + end + end + + when_the_repository "has a cookbook" do + before do + file "cookbooks/x/metadata.rb", cb_metadata("x", "1.0.0") + file "cookbooks/x/onlyin1.0.0.rb", "old_text" + end + + when_the_chef_server "has a later version for the cookbook" do + before do + cookbook "x", "1.0.0", { "onlyin1.0.0.rb" => "" } + cookbook "x", "1.0.1", { "onlyin1.0.1.rb" => "hi" } + end + + it "knife upload /cookbooks/x uploads the local version and generates metadata.json from metadata.rb and uploads it." do + knife("diff --name-status /cookbooks").should_succeed <<~EOM + M\t/cookbooks/x/metadata.rb + D\t/cookbooks/x/onlyin1.0.1.rb A\t/cookbooks/x/onlyin1.0.0.rb EOM knife("upload --purge /cookbooks/x").should_succeed <<~EOM @@ -580,11 +649,13 @@ EOM cookbook "x", "0.9.9", { "onlyin0.9.9.rb" => "hi" } end - it "knife upload /cookbooks/x uploads the local version" do + it "knife upload /cookbooks/x uploads the local version generates metadata.json and uploads it." do knife("upload --purge /cookbooks/x").should_succeed <<~EOM Updated /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end end @@ -593,7 +664,7 @@ EOM cookbook "x", "1.0.1", { "onlyin1.0.1.rb" => "hi" } end - it "knife upload /cookbooks/x uploads the local version" do + it "knife upload /cookbooks/x uploads the local version and generates metadata.json before upload and uploads it." do knife("diff --name-status /cookbooks").should_succeed <<~EOM M\t/cookbooks/x/metadata.rb D\t/cookbooks/x/onlyin1.0.1.rb @@ -619,7 +690,9 @@ EOM knife("upload --purge /cookbooks/x").should_succeed <<~EOM Updated /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end end end @@ -719,7 +792,9 @@ EOM knife("upload /cookbooks/x").should_succeed <<~EOM Created /cookbooks/x EOM - knife("diff --name-status /cookbooks").should_succeed "" + knife("diff --name-status /cookbooks").should_succeed <<~EOM + D\t/cookbooks/x/metadata.json + EOM end end end diff --git a/spec/integration/recipes/accumulator_spec.rb b/spec/integration/recipes/accumulator_spec.rb index 98e3581071..e0ecfd340a 100644 --- a/spec/integration/recipes/accumulator_spec.rb +++ b/spec/integration/recipes/accumulator_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" diff --git a/spec/integration/recipes/lwrp_inline_resources_spec.rb b/spec/integration/recipes/lwrp_inline_resources_spec.rb index b96fa1d67d..833f866db4 100644 --- a/spec/integration/recipes/lwrp_inline_resources_spec.rb +++ b/spec/integration/recipes/lwrp_inline_resources_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" @@ -20,7 +21,7 @@ describe "LWRPs with inline resources" do context "with a use_inline_resources provider with 'def action_a' instead of action :a" do class LwrpInlineResourcesTest < Chef::Resource - resource_name :lwrp_inline_resources_test + provides :lwrp_inline_resources_test allowed_actions :a, :nothing default_action :a property :ran_a @@ -46,8 +47,8 @@ describe "LWRPs with inline resources" do context "with an inline resource with a property that shadows the enclosing provider's property" do class LwrpShadowedPropertyTest < Chef::Resource + provides :lwrp_shadowed_property_test PATH = ::File.join(Dir.tmpdir, "shadow-property.txt") - use_automatic_resource_name allowed_actions :fiddle property :content action :fiddle do @@ -73,7 +74,7 @@ describe "LWRPs with inline resources" do context "with an inline_resources provider with two actions, one calling the other" do class LwrpInlineResourcesTest2 < Chef::Resource - resource_name :lwrp_inline_resources_test2 + provides :lwrp_inline_resources_test2 allowed_actions :a, :b, :nothing default_action :b property :ran_a diff --git a/spec/integration/recipes/lwrp_spec.rb b/spec/integration/recipes/lwrp_spec.rb index 957c1ea66f..1c772a378f 100644 --- a/spec/integration/recipes/lwrp_spec.rb +++ b/spec/integration/recipes/lwrp_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" diff --git a/spec/integration/recipes/noop_resource_spec.rb b/spec/integration/recipes/noop_resource_spec.rb index db6b668553..8e15050704 100644 --- a/spec/integration/recipes/noop_resource_spec.rb +++ b/spec/integration/recipes/noop_resource_spec.rb @@ -6,7 +6,7 @@ describe "Resources with a no-op provider" do context "with noop provider providing foo" do before(:each) do class NoOpFoo < Chef::Resource - resource_name "hi_there" + provides "hi_there" default_action :update end Chef::Provider::Noop.provides :hi_there diff --git a/spec/integration/recipes/notifies_spec.rb b/spec/integration/recipes/notifies_spec.rb index ae534dcad4..6d781922f5 100644 --- a/spec/integration/recipes/notifies_spec.rb +++ b/spec/integration/recipes/notifies_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" @@ -15,11 +16,13 @@ describe "notifications" do apt_update do action :nothing end - log "foo" do + notify_group "foo" do notifies :nothing, 'apt_update', :delayed + action :run end - log "bar" do + notify_group "bar" do notifies :nothing, 'apt_update[]', :delayed + action :run end EOM end @@ -34,7 +37,7 @@ describe "notifications" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) # our delayed notification should run at the end of the parent run_context after the baz resource - expect(result.stdout).to match(/\* apt_update\[\] action nothing \(skipped due to action :nothing\)\s+\* log\[foo\] action write\s+\* log\[bar\] action write\s+\* apt_update\[\] action nothing \(skipped due to action :nothing\)/) + expect(result.stdout).to match(/\* apt_update\[\] action nothing \(skipped due to action :nothing\)\s+\* notify_group\[foo\] action run\s+\* notify_group\[bar\] action run\s+\* apt_update\[\] action nothing \(skipped due to action :nothing\)/) result.error! end end @@ -49,8 +52,9 @@ describe "notifications" do resource_name :notifying_test action :run do - log "bar" do + notify_group "bar" do notifies :write, 'log[foo]', :delayed + action :run end end EOM @@ -75,7 +79,7 @@ describe "notifications" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) # our delayed notification should run at the end of the parent run_context after the baz resource - expect(result.stdout).to match(/\* log\[bar\] action write\s+\* log\[baz\] action write\s+\* log\[foo\] action write/) + expect(result.stdout).to match(/\* notify_group\[bar\] action run\s+\* log\[baz\] action write\s+\* log\[foo\] action write/) result.error! end end @@ -90,8 +94,9 @@ describe "notifications" do resource_name :notifying_test action :run do - log "bar" do + notify_group "bar" do notifies :write, 'log[foo]', :delayed + action :run end end EOM @@ -101,8 +106,9 @@ describe "notifications" do action :nothing end notifying_test "whatever" - log "baz" do + notify_group "baz" do notifies :write, 'log[foo]', :delayed + action :run end EOM @@ -118,7 +124,7 @@ describe "notifications" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) # our delayed notification should run at the end of the parent run_context after the baz resource - expect(result.stdout).to match(/\* log\[bar\] action write\s+\* log\[baz\] action write\s+\* log\[foo\] action write/) + expect(result.stdout).to match(/\* notify_group\[bar\] action run\s+\* notify_group\[baz\] action run\s+\* log\[foo\] action write/) # and only run once expect(result.stdout).not_to match(/\* log\[foo\] action write.*\* log\[foo\] action write/) result.error! @@ -135,8 +141,9 @@ describe "notifications" do resource_name :notifying_test action :run do - log "bar" do + notify_group "bar" do notifies :write, 'log[foo]', :delayed + action :run end end EOM @@ -145,9 +152,10 @@ describe "notifications" do log "foo" do action :nothing end - log "quux" do + notify_group "quux" do notifies :write, 'log[foo]', :delayed notifies :write, 'log[baz]', :delayed + action :run end notifying_test "whatever" log "baz" @@ -165,7 +173,7 @@ describe "notifications" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) # the delayed notification from the sub-resource is de-duplicated by the notification already in the parent run_context - expect(result.stdout).to match(/\* log\[quux\] action write\s+\* notifying_test\[whatever\] action run\s+\* log\[bar\] action write\s+\* log\[baz\] action write\s+\* log\[foo\] action write\s+\* log\[baz\] action write/) + expect(result.stdout).to match(/\* notify_group\[quux\] action run\s+\* notifying_test\[whatever\] action run\s+\* notify_group\[bar\] action run\s+\* log\[baz\] action write\s+\* log\[foo\] action write\s+\* log\[baz\] action write/) # and only run once expect(result.stdout).not_to match(/\* log\[foo\] action write.*\* log\[foo\] action write/) result.error! @@ -179,11 +187,13 @@ describe "notifications" do log "foo" do action :nothing end - log "bar" do + notify_group "bar" do notifies :write, 'log[foo]', :delayed + action :run end - log "baz" do + notify_group "baz" do notifies :write, 'log[foo]', :delayed + action :run end EOM @@ -199,7 +209,7 @@ describe "notifications" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) # the delayed notification from the sub-resource is de-duplicated by the notification already in the parent run_context - expect(result.stdout).to match(/\* log\[bar\] action write\s+\* log\[baz\] action write\s+\* log\[foo\] action write/) + expect(result.stdout).to match(/\* notify_group\[bar\] action run\s+\* notify_group\[baz\] action run\s+\* log\[foo\] action write/) # and only run once expect(result.stdout).not_to match(/\* log\[foo\] action write.*\* log\[foo\] action write/) result.error! @@ -216,8 +226,9 @@ describe "notifications" do resource_name :notifying_test action :run do - log "bar" do + notify_group "bar" do notifies :write, 'log[foo]', :immediately + action :run end end EOM @@ -241,7 +252,7 @@ describe "notifications" do EOM result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) - expect(result.stdout).to match(/\* log\[bar\] action write\s+\* log\[foo\] action write\s+\* log\[baz\] action write/) + expect(result.stdout).to match(/\* notify_group\[bar\] action run\s+\* log\[foo\] action write\s+\* log\[baz\] action write/) result.error! end end @@ -256,8 +267,9 @@ describe "notifications" do resource_name :notifying_test action :run do - log "bar" do + notify_group "bar" do notifies :write, resources(log: "foo"), :immediately + action :run end end EOM @@ -281,7 +293,7 @@ describe "notifications" do EOM result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) - expect(result.stdout).to match(/\* log\[bar\] action write\s+\* log\[foo\] action write\s+\* log\[baz\] action write/) + expect(result.stdout).to match(/\* notify_group\[bar\] action run\s+\* log\[foo\] action write\s+\* log\[baz\] action write/) result.error! end end @@ -296,8 +308,9 @@ describe "notifications" do resource_name :notifying_test action :run do - log "bar" do + notify_group "bar" do notifies :write, "log[foo]" + action :run end end EOM @@ -371,8 +384,9 @@ describe "notifications" do action :nothing end - log "doit" do + notify_group "doit" do notifies :write, "log[a, b]" + action :run end EOM end diff --git a/spec/integration/recipes/notifying_block_spec.rb b/spec/integration/recipes/notifying_block_spec.rb index 465eca97ed..1bacddc3f4 100644 --- a/spec/integration/recipes/notifying_block_spec.rb +++ b/spec/integration/recipes/notifying_block_spec.rb @@ -1,6 +1,6 @@ # # Author:: John Keiser (<jkeiser@chef.io>) -# Copyright:: Copyright 2013-2019, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" @@ -33,11 +34,13 @@ describe "notifying_block" do log "gamma" do action :nothing end - log "alpha" do + notify_group "alpha" do notifies :write, "log[gamma]", :delayed + action :run end - log "beta" do + notify_group "beta" do notifies :write, "log[gamma]", :delayed + action :run end end log "delta" @@ -56,7 +59,7 @@ describe "notifying_block" do # 3. delayed notifications (to resources inside the subcontext) are run at the end of the subcontext it "should run alpha, beta, gamma, and delta in that order" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) - expect(result.stdout).to match(/\* log\[alpha\] action write\s+\* log\[beta\] action write\s+\* log\[gamma\] action write\s+Converging 1 resources\s+\* log\[delta\] action write/) + expect(result.stdout).to match(/\* notify_group\[alpha\] action run\s+\* notify_group\[beta\] action run\s+\* log\[gamma\] action write\s+Converging 1 resources\s+\* log\[delta\] action write/) result.error! end end @@ -71,8 +74,9 @@ describe "notifying_block" do action :run do notifying_block do - log "foo" do + notify_group "foo" do notifies :write, 'log[bar]', :delayed + action :run end end end @@ -104,7 +108,7 @@ describe "notifying_block" do # 2. delayed notifications from a subcontext inside a resource will notify resources in their outer run_context it "should run foo, quux, bar, and baz in that order" do result = shell_out("#{chef_client} -c \"#{path_to("config/client.rb")}\" --no-color -F doc -o 'x::default'", cwd: chef_dir) - expect(result.stdout).to match(/\* log\[foo\] action write\s+\* log\[quux\] action write\s+\* log\[bar\] action write\s+\* log\[baz\] action write/) + expect(result.stdout).to match(/\* notify_group\[foo\] action run\s+\* log\[quux\] action write\s+\* log\[bar\] action write\s+\* log\[baz\] action write/) result.error! end end diff --git a/spec/integration/recipes/provider_choice.rb b/spec/integration/recipes/provider_choice.rb index dea58230db..66aa58a432 100644 --- a/spec/integration/recipes/provider_choice.rb +++ b/spec/integration/recipes/provider_choice.rb @@ -16,6 +16,8 @@ describe "Recipe DSL methods" do context "And class Chef::Provider::ProviderThingy with no provides" do before :context do class Chef::Provider::ProviderThingy < Chef::Provider + provides :provider_thingy + def load_current_resource; end def action_create diff --git a/spec/integration/recipes/recipe_dsl_spec.rb b/spec/integration/recipes/recipe_dsl_spec.rb index 766752ac13..b939317c62 100644 --- a/spec/integration/recipes/recipe_dsl_spec.rb +++ b/spec/integration/recipes/recipe_dsl_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" describe "Recipe DSL methods" do @@ -15,7 +16,7 @@ describe "Recipe DSL methods" do before(:each) do class BaseThingy < Chef::Resource - resource_name "base_thingy" + provides :base_thingy default_action :create class<<self @@ -67,7 +68,6 @@ describe "Recipe DSL methods" do context "nameless resources" do before(:each) do class NamelessThingy < BaseThingy - resource_name :nameless_thingy provides :nameless_thingy property :name, String, default: "" @@ -124,7 +124,7 @@ describe "Recipe DSL methods" do before(:each) do class AnotherNoNameThingy < BaseThingy - resource_name :another_thingy_name + provides :another_thingy_name end end @@ -148,8 +148,8 @@ describe "Recipe DSL methods" do before(:each) do class AnotherNoNameThingy2 < BaseThingy - resource_name :another_thingy_name2 - resource_name :another_thingy_name3 + provides :another_thingy_name2 + provides :another_thingy_name3 end end @@ -160,10 +160,12 @@ describe "Recipe DSL methods" do end.to raise_error(NoMethodError) end - it "another_thingy_name2 does not work" do - expect_converge do + it "another_thingy_name2 works" do + recipe = converge do another_thingy_name2("blah") {} - end.to raise_error(NoMethodError) + end + expect(recipe.logged_warnings).to eq "" + expect(BaseThingy.created_resource).to eq(AnotherNoNameThingy2) end it "yet_another_thingy_name3 works" do @@ -180,7 +182,7 @@ describe "Recipe DSL methods" do before(:each) do class AnotherNoNameThingy3 < BaseThingy - resource_name :another_no_name_thingy_3 + provides :another_no_name_thingy_3 provides :another_no_name_thingy3, os: "blarghle" end @@ -209,7 +211,7 @@ describe "Recipe DSL methods" do before(:each) do class AnotherNoNameThingy4 < BaseThingy - resource_name :another_no_name_thingy_4 + provides :another_no_name_thingy_4 provides :another_no_name_thingy4, os: "blarghle" provides :another_no_name_thingy4, platform_family: "foo" end @@ -249,7 +251,7 @@ describe "Recipe DSL methods" do before(:each) do class AnotherNoNameThingy5 < BaseThingy - resource_name :another_thingy_name_for_another_no_name_thingy5 + provides :another_thingy_name_for_another_no_name_thingy5 provides :another_no_name_thingy5, os: "blarghle" end @@ -287,7 +289,7 @@ describe "Recipe DSL methods" do class AnotherNoNameThingy6 < BaseThingy provides :another_no_name_thingy6, os: "blarghle" - resource_name :another_thingy_name_for_another_no_name_thingy6 + provides :another_thingy_name_for_another_no_name_thingy6 end end @@ -323,18 +325,20 @@ describe "Recipe DSL methods" do before(:each) do class AnotherNoNameThingy7 < BaseThingy - resource_name :another_thingy_name_for_another_no_name_thingy7 + provides :another_thingy_name_for_another_no_name_thingy7 provides :another_thingy_name_for_another_no_name_thingy7, os: "blarghle" end end - it "and os = linux, another_thingy_name_for_another_no_name_thingy7 does not work" do - expect_converge do + it "and os = linux, another_thingy_name_for_another_no_name_thingy7 works" do + recipe = converge do # this is an ugly way to test, make Cheffish expose node attrs run_context.node.automatic[:os] = "linux" another_thingy_name_for_another_no_name_thingy7("blah") {} - end.to raise_error(Chef::Exceptions::NoSuchResourceType) + end + expect(recipe.logged_warnings).to eq "" + expect(BaseThingy.created_resource).to eq (AnotherNoNameThingy7) end it "and os = blarghle, another_thingy_name_for_another_no_name_thingy7 works" do @@ -356,43 +360,6 @@ describe "Recipe DSL methods" do end end - # opposite order from the previous test (provides, then resource_name) - context "with a resource named AnotherNoNameThingy8, a provides with a new resource name, and resource_name with that new resource name" do - before(:each) do - - class AnotherNoNameThingy8 < BaseThingy - provides :another_thingy_name_for_another_no_name_thingy8, os: "blarghle" - resource_name :another_thingy_name_for_another_no_name_thingy8 - end - - end - - it "and os = linux, another_thingy_name_for_another_no_name_thingy8 does not work" do - expect_converge do - # this is an ugly way to test, make Cheffish expose node attrs - run_context.node.automatic[:os] = "linux" - another_thingy_name_for_another_no_name_thingy8("blah") {} - end.to raise_error(Chef::Exceptions::NoSuchResourceType) - end - - it "and os = blarghle, another_thingy_name_for_another_no_name_thingy8 works" do - recipe = converge do - # this is an ugly way to test, make Cheffish expose node attrs - run_context.node.automatic[:os] = "blarghle" - another_thingy_name_for_another_no_name_thingy8("blah") {} - end - expect(recipe.logged_warnings).to eq "" - expect(BaseThingy.created_resource).to eq (AnotherNoNameThingy8) - end - - it "the old resource name does not work" do - expect_converge do - # this is an ugly way to test, make Cheffish expose node attrs - run_context.node.automatic[:os] = "linux" - another_thingy_name8("blah") {} - end.to raise_error(NoMethodError) - end - end end end @@ -401,7 +368,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::MySupplier < BaseThingy - resource_name :hemlock + provides :hemlock end end @@ -424,7 +391,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy3 < BaseThingy - resource_name :thingy3 + provides :thingy3 end end @@ -440,7 +407,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy4 < BaseThingy - resource_name :thingy3 + provides :thingy3 end end @@ -468,7 +435,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy5 < BaseThingy - resource_name :thingy5 + provides :thingy5 provides :thingy5reverse provides :thingy5_2 provides :thingy5_2reverse @@ -487,7 +454,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy6 < BaseThingy - resource_name :thingy6 + provides :thingy6 provides :thingy5 end @@ -508,14 +475,14 @@ describe "Recipe DSL methods" do end it "resource_matching_short_name returns Thingy6" do - expect(Chef::Resource.resource_matching_short_name(:thingy5)).to eq RecipeDSLSpecNamespace::Thingy5 + expect(Chef::Resource.resource_matching_short_name(:thingy5)).to eq RecipeDSLSpecNamespace::Thingy6 end context "and AThingy5 provides :thingy5reverse" do before(:each) do class RecipeDSLSpecNamespace::AThingy5 < BaseThingy - resource_name :thingy5reverse + provides :thingy5reverse end end @@ -533,7 +500,7 @@ describe "Recipe DSL methods" do module ZRecipeDSLSpecNamespace class Thingy5 < BaseThingy - resource_name :thingy5_2 + provides :thingy5_2 end end @@ -552,7 +519,7 @@ describe "Recipe DSL methods" do module ARecipeDSLSpecNamespace class Thingy5 < BaseThingy - resource_name :thingy5_2reverse + provides :thingy5_2reverse end end @@ -571,7 +538,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy3 < BaseThingy - resource_name :thingy3 + provides :thingy3 end end @@ -587,7 +554,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy4 < BaseThingy - resource_name :thingy3 + provides :thingy3 end end @@ -614,7 +581,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy4 < BaseThingy - resource_name :thingy3 + provides :thingy3 end end @@ -644,7 +611,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy7 < BaseThingy - resource_name :thingy7 + provides :thingy7 provides :thingy8 end @@ -654,7 +621,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy8 < BaseThingy - resource_name :thingy8 + provides :thingy8 end end @@ -683,7 +650,7 @@ describe "Recipe DSL methods" do before(:each) do class RecipeDSLSpecNamespace::Thingy12 < BaseThingy - resource_name :thingy12 + provides :thingy12 provides :twizzle provides :twizzle2 end @@ -715,12 +682,12 @@ describe "Recipe DSL methods" do context "with platform-specific resources 'my_super_thingy_foo' and 'my_super_thingy_bar'" do before(:each) do class MySuperThingyFoo < BaseThingy - resource_name :my_super_thingy_foo + provides :my_super_thingy_foo provides :my_super_thingy, platform: "foo" end class MySuperThingyBar < BaseThingy - resource_name :my_super_thingy_bar + provides :my_super_thingy_bar provides :my_super_thingy, platform: "bar" end end @@ -761,7 +728,7 @@ describe "Recipe DSL methods" do context "when Thingy10 provides :thingy10" do before(:each) do class RecipeDSLSpecNamespace::Thingy10 < BaseThingy - resource_name :thingy10 + provides :thingy10 end end @@ -776,7 +743,7 @@ describe "Recipe DSL methods" do context "when Thingy11 provides :thingy11" do before(:each) do class RecipeDSLSpecNamespace::Thingy11 < BaseThingy - resource_name :thingy10 + provides :thingy10 end end @@ -801,7 +768,7 @@ describe "Recipe DSL methods" do def self.inspect; name.inspect; end end - result.resource_name two_classes_one_dsl + result.provides two_classes_one_dsl result end before { resource_class } # pull on it so it gets defined before the recipe runs @@ -817,7 +784,7 @@ describe "Recipe DSL methods" do def self.inspect; name.inspect; end end - result.resource_name two_classes_one_dsl + result.provides two_classes_one_dsl result end before { resource_class_a } # pull on it so it gets defined before the recipe runs @@ -847,7 +814,7 @@ describe "Recipe DSL methods" do def self.inspect; name.inspect; end end - result.resource_name two_classes_one_dsl + result.provides two_classes_one_dsl result end before { resource_class_z } # pull on it so it gets defined before the recipe runs @@ -882,25 +849,6 @@ describe "Recipe DSL methods" do it "resource_matching_short_name returns Z" do expect(Chef::Resource.resource_matching_short_name(two_classes_one_dsl)).to eq resource_class_z end - - context "when Z provides(:two_classes_one_dsl) { false }" do - before do - resource_class_z.provides(two_classes_one_dsl) { false } - end - - it "two_classes_one_dsl resolves to B (picks the next thing in the priority array)" do - temp_two_classes_one_dsl = two_classes_one_dsl - recipe = converge do - instance_eval("#{temp_two_classes_one_dsl} 'blah'") - end - expect(recipe.logged_warnings).to eq "" - expect(BaseThingy.created_resource).to eq resource_class - end - - it "resource_matching_short_name returns B" do - expect(Chef::Resource.resource_matching_short_name(two_classes_one_dsl)).to eq resource_class - end - end end context "and priority arrays [ B ] and [ Z ]" do @@ -921,52 +869,7 @@ describe "Recipe DSL methods" do it "resource_matching_short_name returns Z" do expect(Chef::Resource.resource_matching_short_name(two_classes_one_dsl)).to eq resource_class_z end - - context "when Z provides(:two_classes_one_dsl) { false }" do - before do - resource_class_z.provides(two_classes_one_dsl) { false } - end - - it "two_classes_one_dsl resolves to B (picks the first match from the other priority array)" do - temp_two_classes_one_dsl = two_classes_one_dsl - recipe = converge do - instance_eval("#{temp_two_classes_one_dsl} 'blah'") - end - expect(recipe.logged_warnings).to eq "" - expect(BaseThingy.created_resource).to eq resource_class - end - - it "resource_matching_short_name returns B" do - expect(Chef::Resource.resource_matching_short_name(two_classes_one_dsl)).to eq resource_class - end - end end - - context "and a priority array [ Z ]" do - before do - Chef.set_resource_priority_array(two_classes_one_dsl, [ resource_class_z ]) - end - - context "when Z provides(:two_classes_one_dsl) { false }" do - before do - resource_class_z.provides(two_classes_one_dsl) { false } - end - - it "two_classes_one_dsl resolves to B (picks the first match outside the priority array)" do - temp_two_classes_one_dsl = two_classes_one_dsl - recipe = converge do - instance_eval("#{temp_two_classes_one_dsl} 'blah'") - end - expect(recipe.logged_warnings).to eq "" - expect(BaseThingy.created_resource).to eq resource_class - end - - it "resource_matching_short_name returns B" do - expect(Chef::Resource.resource_matching_short_name(two_classes_one_dsl)).to eq resource_class - end - end - end - end context "and a provider named 'B' which provides :two_classes_one_dsl" do @@ -1113,7 +1016,7 @@ describe "Recipe DSL methods" do def self.inspect; name.inspect; end end - result.resource_name two_classes_one_dsl + result.provides two_classes_one_dsl result.provides two_classes_one_dsl, os: "blarghle" result end @@ -1138,7 +1041,7 @@ describe "Recipe DSL methods" do instance_eval("#{temp_two_classes_one_dsl} 'blah' do; end") end expect(recipe.logged_warnings).to eq "" - expect(BaseThingy.created_resource).to eq resource_class + expect(BaseThingy.created_resource).to eq resource_class_blarghle end end end @@ -1160,7 +1063,7 @@ describe "Recipe DSL methods" do context "with resource_name :my_resource" do before do - resource_class.resource_name my_resource + resource_class.provides my_resource end context "with provides? returning true to my_resource" do @@ -1311,7 +1214,7 @@ describe "Recipe DSL methods" do context "with UTF-8 provides" do before(:each) do class UTF8Thingy < BaseThingy - resource_name :Straße + provides :Straße provides :Straße end end diff --git a/spec/integration/recipes/resource_action_spec.rb b/spec/integration/recipes/resource_action_spec.rb index c8da9196ca..9bfe86c74e 100644 --- a/spec/integration/recipes/resource_action_spec.rb +++ b/spec/integration/recipes/resource_action_spec.rb @@ -1,7 +1,8 @@ +require "spec_helper" require "support/shared/integration/integration_helper" class NoActionJackson < Chef::Resource - use_automatic_resource_name + provides :no_action_jackson def foo(value = nil) @foo = value if value @@ -14,7 +15,7 @@ class NoActionJackson < Chef::Resource end class WeirdActionJackson < Chef::Resource - use_automatic_resource_name + provides :weird_action_jackson class <<self attr_accessor :action_was @@ -163,7 +164,8 @@ module ResourceActionSpec context "With resource 'action_jackson'" do class ActionJackson < Chef::Resource - use_automatic_resource_name + provides :action_jackson + def foo(value = nil) @foo = value if value @foo @@ -256,7 +258,7 @@ module ResourceActionSpec context "And 'action_jackgrandson' inheriting from ActionJackson and changing nothing" do before(:each) do class ActionJackgrandson < ActionJackson - use_automatic_resource_name + provides :action_jackgrandson end end @@ -267,7 +269,7 @@ module ResourceActionSpec context "And 'action_jackalope' inheriting from ActionJackson with an extra attribute, action and custom method" do class ActionJackalope < ActionJackson - use_automatic_resource_name + provides :action_jackalope def foo(value = nil) @foo = "#{value}alope" if value @@ -380,7 +382,7 @@ module ResourceActionSpec context "With a resource with a set_or_return property named group (same name as a resource)" do class ResourceActionSpecWithGroupAction < Chef::Resource - resource_name :resource_action_spec_set_group_to_nil + provides :resource_action_spec_set_group_to_nil action :set_group_to_nil do # Access x during converge to ensure that we emit no warnings there resource_action_spec_with_group "hi" do @@ -391,7 +393,7 @@ module ResourceActionSpec end class ResourceActionSpecWithGroup < Chef::Resource - resource_name :resource_action_spec_with_group + provides :resource_action_spec_with_group def group(value = nil) set_or_return(:group, value, {}) end @@ -408,7 +410,8 @@ module ResourceActionSpec context "When a resource has a property with the same name as another resource" do class HasPropertyNamedTemplate < Chef::Resource - use_automatic_resource_name + provides :has_property_named_template + property :template action :create do template "x" do @@ -420,7 +423,8 @@ module ResourceActionSpec context "When a resource declares methods in action_class" do class DeclaresActionClassMethods < Chef::Resource - use_automatic_resource_name + provides :declares_action_class_methods + property :x action_class do def a @@ -452,7 +456,8 @@ module ResourceActionSpec context "And a subclass overrides a method with an action_class block" do class DeclaresActionClassMethodsToo < DeclaresActionClassMethods - use_automatic_resource_name + provides :declares_action_class_methods_too + action_class do def a 5 @@ -477,7 +482,8 @@ module ResourceActionSpec context "And a subclass overrides a method with class_eval" do # this tests inheritance with *only* an action_class accessor that does not declare a block class DeclaresActionClassMethodsToo < DeclaresActionClassMethods - use_automatic_resource_name + provides :declares_action_class_methods_too + action_class.class_eval <<-EOM def a 5 diff --git a/spec/integration/recipes/resource_converge_if_changed_spec.rb b/spec/integration/recipes/resource_converge_if_changed_spec.rb index 97314646d9..24bd1f14ad 100644 --- a/spec/integration/recipes/resource_converge_if_changed_spec.rb +++ b/spec/integration/recipes/resource_converge_if_changed_spec.rb @@ -35,7 +35,7 @@ describe "Resource::ActionClass#converge_if_changed" do @converged = 0 end end - result.resource_name resource_name + result.provides resource_name result end let(:converged_recipe) { converge(converge_recipe) } diff --git a/spec/integration/recipes/resource_load_spec.rb b/spec/integration/recipes/resource_load_spec.rb index 79df1d6478..3ca71c3a03 100644 --- a/spec/integration/recipes/resource_load_spec.rb +++ b/spec/integration/recipes/resource_load_spec.rb @@ -35,7 +35,7 @@ describe "Resource.load_current_value" do new_resource.class.created_x = new_resource.x end end - result.resource_name resource_name + result.provides resource_name result end @@ -126,7 +126,7 @@ describe "Resource.load_current_value" do r = Class.new(resource_class) do property :y, default: lazy { "default_y #{Namer.incrementing_value}" } end - r.resource_name subresource_name + r.provides subresource_name r end diff --git a/spec/integration/recipes/unified_mode_spec.rb b/spec/integration/recipes/unified_mode_spec.rb index 944319f7bf..bb8cffae3f 100644 --- a/spec/integration/recipes/unified_mode_spec.rb +++ b/spec/integration/recipes/unified_mode_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" diff --git a/spec/integration/solo/solo_spec.rb b/spec/integration/solo/solo_spec.rb index c62b2ec6b0..c21bc7d597 100644 --- a/spec/integration/solo/solo_spec.rb +++ b/spec/integration/solo/solo_spec.rb @@ -1,3 +1,4 @@ +require "spec_helper" require "support/shared/integration/integration_helper" require "chef/mixin/shell_out" require "chef/run_lock" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 27cf301d67..54e0ef41b1 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -24,18 +24,16 @@ module Shell IRB = nil unless defined? IRB end -# Ruby 1.9 Compat -$:.unshift File.expand_path("../..", __FILE__) +$LOAD_PATH.unshift File.expand_path("../..", __FILE__) + +$LOAD_PATH.unshift File.expand_path("../../chef-config/lib", __FILE__) +$LOAD_PATH.unshift File.expand_path("../../chef-utils/lib", __FILE__) require "rubygems" require "rspec/mocks" require "webmock/rspec" -$:.unshift(File.join(File.dirname(__FILE__), "..", "lib")) -$:.unshift(File.expand_path("../lib", __FILE__)) -$:.unshift(File.dirname(__FILE__)) - if ENV["COVERAGE"] require "simplecov" SimpleCov.start do @@ -123,8 +121,10 @@ RSpec.configure do |config| config.filter_run_excluding external: true # Explicitly disable :should syntax + # And set max_formatted_output_length to nil to prevent RSpec from doing truncation. config.expect_with :rspec do |c| c.syntax = :expect + c.max_formatted_output_length = nil end config.mock_with :rspec do |c| c.syntax = :expect @@ -138,9 +138,6 @@ RSpec.configure do |config| config.filter_run_excluding volatile_on_solaris: true if solaris? config.filter_run_excluding volatile_from_verify: false - config.filter_run_excluding skip_appveyor: true if ENV["APPVEYOR"] - config.filter_run_excluding appveyor_only: true unless ENV["APPVEYOR"] - config.filter_run_excluding skip_buildkite: true if ENV["BUILDKITE"] config.filter_run_excluding windows_only: true unless windows? @@ -151,11 +148,9 @@ RSpec.configure do |config| config.filter_run_excluding not_supported_on_aix: true if aix? config.filter_run_excluding not_supported_on_solaris: true if solaris? config.filter_run_excluding not_supported_on_gce: true if gce? - config.filter_run_excluding not_supported_on_nano: true if windows_nano_server? config.filter_run_excluding win2012r2_only: true unless windows_2012r2? config.filter_run_excluding windows64_only: true unless windows64? config.filter_run_excluding windows32_only: true unless windows32? - config.filter_run_excluding windows_nano_only: true unless windows_nano_server? config.filter_run_excluding windows_gte_10: true unless windows_gte_10? config.filter_run_excluding windows_lt_10: true if windows_gte_10? config.filter_run_excluding ruby64_only: true unless ruby_64bit? diff --git a/spec/support/chef_helpers.rb b/spec/support/chef_helpers.rb index 4ac6102887..e5371e60a9 100644 --- a/spec/support/chef_helpers.rb +++ b/spec/support/chef_helpers.rb @@ -63,9 +63,9 @@ end # win32/service gem. windows_service_manager tests create a windows # service that starts with the system ruby and requires this gem. def system_windows_service_gem? - windows_service_gem_check_command = %q{ruby -r "win32/daemon" -e ":noop"} + windows_service_gem_check_command = %{ruby -r "win32/daemon" -e ":noop" > #{DEV_NULL} 2>&1} if defined?(Bundler) - Bundler.with_clean_env do + Bundler.with_unbundled_env do # This returns true if the gem can be loaded system(windows_service_gem_check_command) end diff --git a/spec/support/key_helpers.rb b/spec/support/key_helpers.rb index 33b8b32de9..6a3a35fcb2 100644 --- a/spec/support/key_helpers.rb +++ b/spec/support/key_helpers.rb @@ -16,8 +16,6 @@ # limitations under the License. # -require "spec_helper" - shared_examples_for "a knife key command" do let(:stderr) { StringIO.new } let(:command) do diff --git a/spec/support/lib/chef/resource/zen_follower.rb b/spec/support/lib/chef/resource/zen_follower.rb index 72dd67ca97..e4ee31917e 100644 --- a/spec/support/lib/chef/resource/zen_follower.rb +++ b/spec/support/lib/chef/resource/zen_follower.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2014-2016, Chef Software, Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,6 +22,8 @@ class Chef class Resource class ZenFollower < Chef::Resource + provides :zen_follower + provides :follower, platform: "zen" def master(arg = nil) diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 7c2edc426d..f9d8955f1e 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -88,11 +88,6 @@ def windows_powershell_dsc? supports_dsc end -def windows_nano_server? - require "chef/platform/query_helpers" - Chef::Platform.windows_nano_server? -end - def windows_user_right?(right) return false unless windows? @@ -222,16 +217,16 @@ def selinux_enabled? cmd_result = cmd.run_command case cmd_result.exitstatus when 1 - return false + false when 0 - return true + true else raise "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}" end else # We assume selinux is not enabled if selinux utils are not # installed. - return false + false end end diff --git a/spec/support/platforms/win32/spec_service.rb b/spec/support/platforms/win32/spec_service.rb index 2cc4e40298..f43e4a15fb 100644 --- a/spec/support/platforms/win32/spec_service.rb +++ b/spec/support/platforms/win32/spec_service.rb @@ -16,40 +16,42 @@ # limitations under the License. # -require "win32/daemon" +if ChefUtils.windows? + require "win32/daemon" -class SpecService < ::Win32::Daemon - def service_init - @test_service_file = "#{ENV["TMP"]}/spec_service_file" - end + class SpecService < ::Win32::Daemon + def service_init + @test_service_file = "#{ENV["TMP"]}/spec_service_file" + end - def service_main(*startup_parameters) - while running? - unless File.exists?(@test_service_file) - File.open(@test_service_file, "wb") do |f| - f.write("This file is created by SpecService") + def service_main(*startup_parameters) + while running? + unless File.exists?(@test_service_file) + File.open(@test_service_file, "wb") do |f| + f.write("This file is created by SpecService") + end end - end - sleep 1 + sleep 1 + end end - end - ################################################################################ - # Control Signal Callback Methods - ################################################################################ + ################################################################################ + # Control Signal Callback Methods + ################################################################################ - def service_stop; end + def service_stop; end - def service_pause; end + def service_pause; end - def service_resume; end + def service_resume; end - def service_shutdown; end -end + def service_shutdown; end + end -# To run this file as a service, it must be called as a script from within -# the Windows Service framework. In that case, kick off the main loop! -if __FILE__ == $0 - SpecService.mainloop + # To run this file as a service, it must be called as a script from within + # the Windows Service framework. In that case, kick off the main loop! + if __FILE__ == $0 + SpecService.mainloop + end end diff --git a/spec/support/shared/context/config.rb b/spec/support/shared/context/config.rb index bb4ff7e0d1..7c4ae8dca6 100644 --- a/spec/support/shared/context/config.rb +++ b/spec/support/shared/context/config.rb @@ -7,9 +7,6 @@ # Required chef files here: require "chef/config" -# Required spec files here: -require "spec_helper" - # Basic config. Nothing fancy. shared_context "default config options" do before do diff --git a/spec/support/shared/functional/windows_script.rb b/spec/support/shared/functional/windows_script.rb index 49fd727055..eca63a6af3 100644 --- a/spec/support/shared/functional/windows_script.rb +++ b/spec/support/shared/functional/windows_script.rb @@ -99,7 +99,7 @@ shared_context Chef::Resource::WindowsScript do end end - context "when the guard's architecture is specified as 32-bit", :not_supported_on_nano do + context "when the guard's architecture is specified as 32-bit" do let (:guard_architecture) { :i386 } it "executes a 32-bit guard" do resource.only_if resource_guard_command, architecture: guard_architecture @@ -107,17 +107,6 @@ shared_context Chef::Resource::WindowsScript do expect(get_guard_process_architecture).to eq("x86") end end - - context "when the guard's architecture is specified as 32-bit", :windows_nano_only do - let (:guard_architecture) { :i386 } - it "raises an error" do - resource.only_if resource_guard_command, architecture: guard_architecture - expect { resource.run_action(:run) }.to raise_error( - Chef::Exceptions::Win32ArchitectureIncorrect, - /cannot execute script with requested architecture 'i386' on Windows Nano Server/ - ) - end - end end end @@ -218,8 +207,6 @@ shared_context Chef::Resource::WindowsScript do context "when evaluating guards" do it "has a guard_interpreter attribute set to the short name of the resource" do - pending "powershell.exe always exits with 0 on nano" if Chef::Platform.windows_nano_server? - expect(resource.guard_interpreter).to eq(resource.resource_name) resource.not_if "findstr.exe /thiscommandhasnonzeroexitstatus" expect(Chef::Resource).to receive(:resource_for_node).and_call_original @@ -238,7 +225,7 @@ shared_context Chef::Resource::WindowsScript do it_behaves_like "a script resource with architecture attribute" end - context "when the architecture attribute is :i386", :not_supported_on_nano do + context "when the architecture attribute is :i386" do let(:resource_architecture) { :i386 } it_behaves_like "a script resource with architecture attribute" end diff --git a/spec/support/shared/integration/integration_helper.rb b/spec/support/shared/integration/integration_helper.rb index af57e21c73..7e52f6a9f8 100644 --- a/spec/support/shared/integration/integration_helper.rb +++ b/spec/support/shared/integration/integration_helper.rb @@ -24,7 +24,6 @@ require "chef/json_compat" require "chef/server_api" require "support/shared/integration/knife_support" require "cheffish/rspec/chef_run_support" -require "spec_helper" module Cheffish class BasicChefClient diff --git a/spec/support/shared/unit/execute_resource.rb b/spec/support/shared/unit/execute_resource.rb index 05c2fc4a9a..2d6e8de0fd 100644 --- a/spec/support/shared/unit/execute_resource.rb +++ b/spec/support/shared/unit/execute_resource.rb @@ -17,8 +17,6 @@ # limitations under the License. # -require "spec_helper" - shared_examples_for "an execute resource" do before(:each) do diff --git a/spec/support/shared/unit/provider/file.rb b/spec/support/shared/unit/provider/file.rb index 36b19675c2..d78eff0c90 100644 --- a/spec/support/shared/unit/provider/file.rb +++ b/spec/support/shared/unit/provider/file.rb @@ -16,7 +16,6 @@ # limitations under the License. # -require "spec_helper" require "tmpdir" if windows? require "chef/win32/file" @@ -458,14 +457,24 @@ shared_examples_for Chef::Provider::File do end context "do_validate_content" do - before { setup_normal_file } + let(:tempfile_name) { "foo-bar-baz" } + let(:backupfile) { "/tmp/failed_validations/#{tempfile_name}" } let(:tempfile) do - t = double("Tempfile", path: "/tmp/foo-bar-baz", closed?: true) + t = double("Tempfile", path: "/tmp/#{tempfile_name}", closed?: true) allow(content).to receive(:tempfile).and_return(t) t end + before do + Chef::Config[:file_cache_path] = "/tmp" + allow(File).to receive(:dirname).and_return(tempfile) + allow(File).to receive(:basename).and_return(tempfile_name) + allow(FileUtils).to receive(:mkdir_p).and_return(true) + allow(FileUtils).to receive(:cp).and_return(true) + setup_normal_file + end + context "with user-supplied verifications" do it "calls #verify on each verification with tempfile path" do provider.new_resource.verify windows? ? "REM" : "true" @@ -477,7 +486,8 @@ shared_examples_for Chef::Provider::File do allow(File).to receive(:directory?).with("C:\\Windows\\system32/cmd.exe").and_return(false) provider.new_resource.verify windows? ? "REM" : "true" provider.new_resource.verify windows? ? "cmd.exe /c exit 1" : "false" - expect { provider.send(:do_validate_content) }.to raise_error(Chef::Exceptions::ValidationFailed, "Proposed content for #{provider.new_resource.path} failed verification #{windows? ? "cmd.exe /c exit 1" : "false"}") + msg = "Proposed content for #{provider.new_resource.path} failed verification #{windows? ? "cmd.exe /c exit 1" : "false"}" + expect { provider.send(:do_validate_content) }.to raise_error(Chef::Exceptions::ValidationFailed, /#{msg}/) end it "does not show verification for sensitive resources" do @@ -485,7 +495,8 @@ shared_examples_for Chef::Provider::File do provider.new_resource.verify windows? ? "REM" : "true" provider.new_resource.verify windows? ? "cmd.exe /c exit 1" : "false" provider.new_resource.sensitive true - expect { provider.send(:do_validate_content) }.to raise_error(Chef::Exceptions::ValidationFailed, "Proposed content for #{provider.new_resource.path} failed verification [sensitive]") + msg = "Proposed content for #{provider.new_resource.path} failed verification [sensitive]\nTemporary file moved to #{backupfile}" + expect { provider.send(:do_validate_content) }.to raise_error(Chef::Exceptions::ValidationFailed, msg) end end end diff --git a/spec/support/shared/unit/provider/useradd_based_user_provider.rb b/spec/support/shared/unit/provider/useradd_based_user_provider.rb index a30f543e72..99933991a9 100644 --- a/spec/support/shared/unit/provider/useradd_based_user_provider.rb +++ b/spec/support/shared/unit/provider/useradd_based_user_provider.rb @@ -159,7 +159,7 @@ shared_examples_for "a useradd-based user provider" do |supported_useradd_option "-u", "1000", "-d", "/Users/mud", "-m", - "adam" ]) + "adam"]) expect(provider).to receive(:shell_out_compacted!).with(*command).and_return(true) provider.create_user end @@ -180,7 +180,7 @@ shared_examples_for "a useradd-based user provider" do |supported_useradd_option command.concat([ "-s", "/usr/bin/zsh", "-u", "1000", "-r", "-m", - "adam" ]) + "adam"]) expect(provider).to receive(:shell_out_compacted!).with(*command).and_return(true) provider.create_user end @@ -190,10 +190,15 @@ shared_examples_for "a useradd-based user provider" do |supported_useradd_option end describe "when managing a user" do + let(:manage_u_status) do + double("Mixlib::ShellOut command", exitstatus: 0, stdout: @stdout, stderr: @stderr, error!: nil) + end + before(:each) do provider.new_resource.manage_home true provider.new_resource.home "/Users/mud" provider.new_resource.gid "23" + @stderr = "" end # CHEF-3423, -m must come before the username @@ -203,8 +208,9 @@ shared_examples_for "a useradd-based user provider" do |supported_useradd_option "-g", "23", "-d", "/Users/mud", "-m", - "adam" ] - expect(provider).to receive(:shell_out_compacted!).with(*command).and_return(true) + "adam"] + command.concat([ { returns: [0, 12] } ]) + expect(provider).to receive(:shell_out_compacted).with(*command).and_return(manage_u_status) provider.manage_user end @@ -214,8 +220,9 @@ shared_examples_for "a useradd-based user provider" do |supported_useradd_option "-g", "23", "-d", "/Users/mud", "-m", - "adam" ] - expect(provider).to receive(:shell_out_compacted!).with(*command).and_return(true) + "adam"] + command.concat([ { returns: [0, 12] } ]) + expect(provider).to receive(:shell_out_compacted).with(*command).and_return(manage_u_status) provider.manage_user end @@ -223,8 +230,9 @@ shared_examples_for "a useradd-based user provider" do |supported_useradd_option expect(provider).to receive(:updating_home?).at_least(:once).and_return(false) command = ["usermod", "-g", "23", - "adam" ] - expect(provider).to receive(:shell_out_compacted!).with(*command).and_return(true) + "adam"] + command.concat([ { returns: [0, 12] } ]) + expect(provider).to receive(:shell_out_compacted).with(*command).and_return(manage_u_status) provider.manage_user end end diff --git a/spec/support/shared/unit/script_resource.rb b/spec/support/shared/unit/script_resource.rb index 83d7d9dfe6..018a568e58 100644 --- a/spec/support/shared/unit/script_resource.rb +++ b/spec/support/shared/unit/script_resource.rb @@ -17,8 +17,6 @@ # limitations under the License. # -require "spec_helper" - shared_examples_for "a script resource" do it "should create a new Chef::Resource::Script" do @@ -30,7 +28,7 @@ shared_examples_for "a script resource" do expect(script_resource.resource_name).to eql(resource_name) end - it "should set command to nil on the resource", chef: ">= 13" do + it "should set command to nil on the resource" do expect(script_resource.command).to be nil end @@ -44,7 +42,7 @@ shared_examples_for "a script resource" do expect(script_resource.flags.strip).to eql("-f") end - it "should raise an exception if users set command on the resource", chef: ">= 13" do + it "should raise an exception if users set command on the resource" do expect { script_resource.command("foo") }.to raise_error(Chef::Exceptions::Script) end diff --git a/spec/support/shared/unit/windows_script_resource.rb b/spec/support/shared/unit/windows_script_resource.rb index 29238a3917..9e4d646ff8 100644 --- a/spec/support/shared/unit/windows_script_resource.rb +++ b/spec/support/shared/unit/windows_script_resource.rb @@ -16,8 +16,6 @@ # limitations under the License. # -require "spec_helper" - require "support/shared/unit/execute_resource" require "support/shared/unit/script_resource" diff --git a/spec/unit/cookbook/cookbook_version_loader_spec.rb b/spec/unit/cookbook/cookbook_version_loader_spec.rb index 2cd86877cb..b1c2a46827 100644 --- a/spec/unit/cookbook/cookbook_version_loader_spec.rb +++ b/spec/unit/cookbook/cookbook_version_loader_spec.rb @@ -1,6 +1,6 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) -# Copyright:: Copyright 2014-2018, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -124,8 +124,9 @@ describe Chef::Cookbook::CookbookVersionLoader do expect { cookbook_loader.load! }.to raise_error(Chef::Exceptions::CookbookNotFoundInRepo) end - it "skips the cookbook when called with #load" do - expect { cookbook_loader.load }.to_not raise_error + it "gives deprecation warning called with #load" do + Chef::Config[:treat_deprecation_warnings_as_errors] = false + cookbook_loader.load end end @@ -148,7 +149,8 @@ describe Chef::Cookbook::CookbookVersionLoader do expect { cookbook_loader.load! }.to raise_error("THIS METADATA HAS A BUG") end - it "raises an error when called with #load" do + it "gives deprecation warning to us load! when called with #load and raises error" do + Chef::Config[:treat_deprecation_warnings_as_errors] = false expect { cookbook_loader.load }.to raise_error("THIS METADATA HAS A BUG") end @@ -180,7 +182,8 @@ describe Chef::Cookbook::CookbookVersionLoader do expect { cookbook_loader.load! }.to raise_error(Chef::Exceptions::MetadataNotValid, error_message) end - it "raises an error when called with #load" do + it "gives deprecation warning to use load! method when called with #load and raises error for invalid metadata" do + Chef::Config[:treat_deprecation_warnings_as_errors] = false expect { cookbook_loader.load }.to raise_error(Chef::Exceptions::MetadataNotValid, error_message) end diff --git a/spec/unit/cookbook/gem_installer_spec.rb b/spec/unit/cookbook/gem_installer_spec.rb index 807e801aaf..5cb995e33b 100644 --- a/spec/unit/cookbook/gem_installer_spec.rb +++ b/spec/unit/cookbook/gem_installer_spec.rb @@ -1,5 +1,5 @@ require "spec_helper" -require "bundler/dsl" +require "bundler" describe Chef::Cookbook::GemInstaller do let(:cookbook_collection) do diff --git a/spec/unit/cookbook/metadata_spec.rb b/spec/unit/cookbook/metadata_spec.rb index 7f66fe0c32..3c52198310 100644 --- a/spec/unit/cookbook/metadata_spec.rb +++ b/spec/unit/cookbook/metadata_spec.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Seth Falcon (<seth@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -267,16 +267,7 @@ describe Chef::Cookbook::Metadata do end end - it "strips out self-dependencies", chef: "< 13" do - metadata.name("foo") - expect(Chef::Log).to receive(:warn).with( - "Ignoring self-dependency in cookbook foo, please remove it (in the future this will be fatal)." - ) - metadata.depends("foo") - expect(metadata.dependencies).to eql({}) - end - - it "errors on self-dependencies", chef: ">= 13" do + it "errors on self-dependencies" do metadata.name("foo") expect { metadata.depends("foo") }.to raise_error # FIXME: add the error type @@ -457,10 +448,10 @@ describe Chef::Cookbook::Metadata do metadata.version "1.2.3" metadata.gem "foo", "~> 1.2" metadata.gem "bar", ">= 2.2", "< 4.0" - metadata.chef_version ">= 11.14.2", "< 11.18.10" - metadata.chef_version ">= 12.2.1", "< 12.5.1" - metadata.ohai_version ">= 7.1.0", "< 7.5.0" - metadata.ohai_version ">= 8.0.1", "< 8.6.0" + metadata.chef_version "< 11.18.10", ">= 11.14.2" + metadata.chef_version "< 12.5.1", ">= 12.2.1" + metadata.ohai_version "< 7.5.0", ">= 7.1.0" + metadata.ohai_version "< 8.6.0", ">= 8.0.1" end it "should produce the same output from to_json and Chef::JSONCompat" do diff --git a/spec/unit/cookbook_uploader_spec.rb b/spec/unit/cookbook_uploader_spec.rb index 07ff303274..7c027866a5 100644 --- a/spec/unit/cookbook_uploader_spec.rb +++ b/spec/unit/cookbook_uploader_spec.rb @@ -17,6 +17,7 @@ # require "spec_helper" +require_relative "../../lib/chef/cookbook_uploader" describe Chef::CookbookUploader do diff --git a/spec/unit/data_collector_spec.rb b/spec/unit/data_collector_spec.rb index 5eeeec1498..3a1eb5b521 100644 --- a/spec/unit/data_collector_spec.rb +++ b/spec/unit/data_collector_spec.rb @@ -15,7 +15,7 @@ # limitations under the License. # -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/data_collector" require "socket" @@ -626,7 +626,7 @@ describe Chef::DataCollector do it "collects deprecation messages" do location = Chef::Log.caller_location events.deprecation(Chef::Deprecated.create(:internal_api, "deprecation warning", location)) - expect_converge_message("deprecations" => [{ location: location, message: "deprecation warning", url: "https://docs.chef.io/deprecations_internal_api.html" }]) + expect_converge_message("deprecations" => [{ location: location, message: "deprecation warning", url: "https://docs.chef.io/deprecations_internal_api/" }]) send_run_failed_or_completed_event end end diff --git a/spec/unit/deprecated_spec.rb b/spec/unit/deprecated_spec.rb index 7564c042c4..993a4dd564 100644 --- a/spec/unit/deprecated_spec.rb +++ b/spec/unit/deprecated_spec.rb @@ -20,7 +20,7 @@ require "chef/deprecated" describe Chef::Deprecated do class TestDeprecation < Chef::Deprecated::Base - target 999, "test.html" + target 999, "test" end context "loading a deprecation class" do @@ -44,11 +44,11 @@ describe Chef::Deprecated do let(:location) { "the location" } it "displays the full URL" do - expect(TestDeprecation.new.url).to eql("https://docs.chef.io/deprecations_test.html") + expect(TestDeprecation.new.url).to eql("https://docs.chef.io/deprecations_test/") end it "formats a complete deprecation message" do - expect(TestDeprecation.new(message, location).to_s).to eql("Deprecation CHEF-999 from the location\n\n A test message\n\nPlease see https://docs.chef.io/deprecations_test.html for further details and information on how to correct this problem.") + expect(TestDeprecation.new(message, location).to_s).to eql("Deprecation CHEF-999 from the location\n\n A test message\n\nPlease see https://docs.chef.io/deprecations_test/ for further details and information on how to correct this problem.") end end diff --git a/spec/unit/encrypted_data_bag_item/check_encrypted_spec.rb b/spec/unit/encrypted_data_bag_item/check_encrypted_spec.rb index f8fcb654d9..f7968dd3fb 100644 --- a/spec/unit/encrypted_data_bag_item/check_encrypted_spec.rb +++ b/spec/unit/encrypted_data_bag_item/check_encrypted_spec.rb @@ -85,7 +85,7 @@ describe Chef::EncryptedDataBagItem::CheckEncrypted do end end - context "when encryption version is 3", :aes_256_gcm_only, ruby: "~> 2.0.0" do + context "when encryption version is 3", :aes_256_gcm_only do include_examples "encryption detected" do let(:version) { 3 } let(:encryptor) { Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor } diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index f406aa2ad0..64f62c6d21 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -97,7 +97,7 @@ describe Chef::EncryptedDataBagItem::Encryptor do Chef::Config[:data_bag_encrypt_version] = 3 end - context "on supported platforms", :aes_256_gcm_only, ruby: "~> 2.0.0" do + context "on supported platforms", :aes_256_gcm_only do it "creates a version 3 encryptor" do expect(encryptor).to be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor) @@ -166,7 +166,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value" do - context "on supported platforms", :aes_256_gcm_only, ruby: "~> 2.0.0" do + context "on supported platforms", :aes_256_gcm_only do let(:encrypted_value) do Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.new(plaintext_data, encryption_key).for_encrypted_item diff --git a/spec/unit/json_compat_spec.rb b/spec/unit/json_compat_spec.rb index 38c2c60b2e..c3c017dabb 100644 --- a/spec/unit/json_compat_spec.rb +++ b/spec/unit/json_compat_spec.rb @@ -16,7 +16,7 @@ # limitations under the License. # -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/json_compat" describe Chef::JSONCompat do diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 46415085bc..5a3d6a1475 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -382,7 +382,7 @@ describe Chef::Knife::Bootstrap do k end - let(:options) { ["--bootstrap-no-proxy", setting, "-s", "foo"] } + let(:options) { ["--bootstrap-no-proxy", setting] } let(:template_file) { File.expand_path(File.join(CHEF_SPEC_DATA, "bootstrap", "no_proxy.erb")) } diff --git a/spec/unit/knife/cookbook_upload_spec.rb b/spec/unit/knife/cookbook_upload_spec.rb index 9c371c4140..ae8fbb4135 100644 --- a/spec/unit/knife/cookbook_upload_spec.rb +++ b/spec/unit/knife/cookbook_upload_spec.rb @@ -23,7 +23,12 @@ require "chef/cookbook_uploader" require "timeout" describe Chef::Knife::CookbookUpload do - let(:cookbook) { Chef::CookbookVersion.new("test_cookbook", "/tmp/blah.txt") } + let(:cookbook) do + cookbook = Chef::CookbookVersion.new("test_cookbook", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(true) + allow(cookbook.metadata).to receive(:name).and_return(cookbook.name) + cookbook + end let(:cookbooks_by_name) do { cookbook.name => cookbook } @@ -33,6 +38,9 @@ describe Chef::Knife::CookbookUpload do cookbook_loader = cookbooks_by_name.dup allow(cookbook_loader).to receive(:merged_cookbooks).and_return([]) allow(cookbook_loader).to receive(:load_cookbooks).and_return(cookbook_loader) + allow(cookbook_loader).to receive(:compile_metadata).and_return(nil) + allow(cookbook_loader).to receive(:freeze_versions).and_return(nil) + allow(cookbook_loader).to receive(:unlink!).and_return(nil) cookbook_loader end @@ -52,6 +60,7 @@ describe Chef::Knife::CookbookUpload do before(:each) do allow(Chef::CookbookLoader).to receive(:new).and_return(cookbook_loader) + allow(Chef::CookbookLoader).to receive(:copy_to_tmp_dir_from_array).and_return(cookbook_loader) end describe "with --concurrency" do @@ -61,6 +70,7 @@ describe Chef::Knife::CookbookUpload do test_cookbook = Chef::CookbookVersion.new("test_cookbook", "/tmp/blah") allow(cookbook_loader).to receive(:each).and_yield("test_cookbook", test_cookbook) allow(cookbook_loader).to receive(:cookbook_names).and_return(["test_cookbook"]) + allow(cookbook_loader).to receive(:tmp_working_dir_path).and_return("/tmp/blah") expect(Chef::CookbookUploader).to receive(:new) .with( kind_of(Array), { force: nil, concurrency: 3 }) .and_return(double("Chef::CookbookUploader", upload_cookbooks: true)) @@ -81,6 +91,34 @@ describe Chef::Knife::CookbookUpload do expect { knife.run }.to raise_error(SystemExit) end + describe "when specifying cookbook without metadata.rb or metadata.json" do + let(:name_args) { ["test_cookbook1"] } + let(:cookbook) do + cookbook = Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(false) + cookbook + end + + it "should upload the cookbook" do + expect { knife.run }.to raise_error(Chef::Exceptions::MetadataNotFound) + end + end + + describe "when name attribute in metadata not set" do + let(:name_args) { ["test_cookbook1"] } + + let(:cookbook) do + cookbook = Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(true) + allow(cookbook.metadata).to receive(:name).and_return(nil) + cookbook + end + + it "should upload the cookbook" do + expect { knife.run }.to raise_error(Chef::Exceptions::MetadataNotValid) + end + end + describe "when specifying a cookbook name" do it "should upload the cookbook" do expect(knife).to receive(:upload).once @@ -105,12 +143,15 @@ describe Chef::Knife::CookbookUpload do describe "when specifying a cookbook name among many" do let(:name_args) { ["test_cookbook1"] } + let(:cookbook) do + cookbook = Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(true) + allow(cookbook.metadata).to receive(:name).and_return(cookbook.name) + cookbook + end + let(:cookbooks_by_name) do - { - "test_cookbook1" => Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah"), - "test_cookbook2" => Chef::CookbookVersion.new("test_cookbook2", "/tmp/blah"), - "test_cookbook3" => Chef::CookbookVersion.new("test_cookbook3", "/tmp/blah"), - } + { cookbook.name => cookbook } end it "should read only one cookbook" do @@ -119,7 +160,7 @@ describe Chef::Knife::CookbookUpload do end it "should not read all cookbooks" do - expect(cookbook_loader).not_to receive(:load_cookbooks) + expect(cookbook_loader).to receive(:load_cookbooks) knife.run end @@ -133,17 +174,18 @@ describe Chef::Knife::CookbookUpload do describe "when specifying a cookbook name with dependencies" do let(:name_args) { ["test_cookbook2"] } - let(:cookbooks_by_name) do - { "test_cookbook1" => test_cookbook1, - "test_cookbook2" => test_cookbook2, - "test_cookbook3" => test_cookbook3 } + let(:test_cookbook1) do + cookbook = Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(true) + allow(cookbook.metadata).to receive(:name).and_return(cookbook.name) + cookbook end - let(:test_cookbook1) { Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") } - let(:test_cookbook2) do c = Chef::CookbookVersion.new("test_cookbook2") c.metadata.depends("test_cookbook3") + allow(c).to receive(:has_metadata_file?).and_return(true) + allow(c.metadata).to receive(:name).and_return(c.name) c end @@ -151,9 +193,17 @@ describe Chef::Knife::CookbookUpload do c = Chef::CookbookVersion.new("test_cookbook3") c.metadata.depends("test_cookbook1") c.metadata.depends("test_cookbook2") + allow(c).to receive(:has_metadata_file?).and_return(true) + allow(c.metadata).to receive(:name).and_return(c.name) c end + let(:cookbooks_by_name) do + { "test_cookbook1" => test_cookbook1, + "test_cookbook2" => test_cookbook2, + "test_cookbook3" => test_cookbook3 } + end + it "should upload all dependencies once" do knife.config[:depends] = true allow(knife).to receive(:cookbook_names).and_return(%w{test_cookbook1 test_cookbook2 test_cookbook3}) @@ -182,7 +232,6 @@ describe Chef::Knife::CookbookUpload do it "should exit and not upload the cookbook" do expect(cookbook_loader).to receive(:[]).once.with("test_cookbook") - expect(cookbook_loader).not_to receive(:load_cookbooks) expect(cookbook_uploader).not_to receive(:upload_cookbooks) expect { knife.run }.to raise_error(SystemExit) end @@ -214,7 +263,7 @@ describe Chef::Knife::CookbookUpload do it "should freeze the version of the cookbooks if --freeze is specified" do knife.config[:freeze] = true - expect(cookbook).to receive(:freeze_version).once + expect(cookbook_loader).to receive(:freeze_versions).once knife.run end @@ -224,10 +273,22 @@ describe Chef::Knife::CookbookUpload do end context "when cookbooks exist in the cookbook path" do + let(:test_cookbook1) do + cookbook = Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(true) + allow(cookbook.metadata).to receive(:name).and_return(cookbook.name) + cookbook + end + + let(:test_cookbook2) do + cookbook = Chef::CookbookVersion.new("test_cookbook2", "/tmp/blah") + allow(cookbook).to receive(:has_metadata_file?).and_return(true) + allow(cookbook.metadata).to receive(:name).and_return(cookbook.name) + cookbook + end + before(:each) do - @test_cookbook1 = Chef::CookbookVersion.new("test_cookbook1", "/tmp/blah") - @test_cookbook2 = Chef::CookbookVersion.new("test_cookbook2", "/tmp/blah") - allow(cookbook_loader).to receive(:each).and_yield("test_cookbook1", @test_cookbook1).and_yield("test_cookbook2", @test_cookbook2) + allow(cookbook_loader).to receive(:each).and_yield("test_cookbook1", test_cookbook1).and_yield("test_cookbook2", test_cookbook2) allow(cookbook_loader).to receive(:cookbook_names).and_return(%w{test_cookbook1 test_cookbook2}) end @@ -264,7 +325,7 @@ describe Chef::Knife::CookbookUpload do it "should warn users that no cookbooks exist" do knife.config[:cookbook_path] = ["/chef-repo/cookbooks", "/home/user/cookbooks"] expect(knife.ui).to receive(:warn).with( - /Could not find any cookbooks in your cookbook path: #{knife.config[:cookbook_path].join(', ')}\. Use --cookbook-path to specify the desired path\./ + /Could not find any cookbooks in your cookbook path: '#{knife.config[:cookbook_path].join(', ')}'\. Use --cookbook-path to specify the desired path\./ ) knife.run end @@ -274,7 +335,7 @@ describe Chef::Knife::CookbookUpload do it "should warn users that no cookbooks exist" do knife.config[:cookbook_path] = "/chef-repo/cookbooks" expect(knife.ui).to receive(:warn).with( - /Could not find any cookbooks in your cookbook path: #{knife.config[:cookbook_path]}\. Use --cookbook-path to specify the desired path\./ + /Could not find any cookbooks in your cookbook path: '#{knife.config[:cookbook_path]}'\. Use --cookbook-path to specify the desired path\./ ) knife.run end diff --git a/spec/unit/knife/core/bootstrap_context_spec.rb b/spec/unit/knife/core/bootstrap_context_spec.rb index 029dd90875..99035eff4e 100644 --- a/spec/unit/knife/core/bootstrap_context_spec.rb +++ b/spec/unit/knife/core/bootstrap_context_spec.rb @@ -86,6 +86,20 @@ describe Chef::Knife::Core::BootstrapContext do end end + describe "when file_cache_path is set" do + let(:chef_config) { { file_cache_path: "/home/opscode/cache" } } + it "sets file_cache_path in the generated config file" do + expect(bootstrap_context.config_content).to include("file_cache_path \"/home/opscode/cache\"") + end + end + + describe "when file_backup_path is set" do + let(:chef_config) { { file_backup_path: "/home/opscode/backup" } } + it "sets file_backup_path in the generated config file" do + expect(bootstrap_context.config_content).to include("file_backup_path \"/home/opscode/backup\"") + end + end + describe "alternate chef-client path" do let(:chef_config) { { chef_client_path: "/usr/local/bin/chef-client" } } it "runs chef-client from another path when specified" do @@ -141,7 +155,7 @@ describe Chef::Knife::Core::BootstrapContext do let(:config) { { policy_name: "my_app_server", policy_group: "staging" } } it "includes them in the first_boot data and excludes run_list" do - expect(Chef::JSONCompat.to_json(bootstrap_context.first_boot)).to eq(Chef::JSONCompat.to_json(config)) + expect(Chef::JSONCompat.to_json(bootstrap_context.first_boot)).to eq(Chef::JSONCompat.to_json({ policy_name: "my_app_server", policy_group: "staging" })) end end diff --git a/spec/unit/knife/core/ui_spec.rb b/spec/unit/knife/core/ui_spec.rb index dfe906fdc1..e870926b3f 100644 --- a/spec/unit/knife/core/ui_spec.rb +++ b/spec/unit/knife/core/ui_spec.rb @@ -507,6 +507,22 @@ describe Chef::Knife::UI do end end + describe "color" do + context "when ui.color? => true" do + it "returns colored output" do + expect(@ui).to receive(:color?).and_return(true) + expect(@ui.color("a_bus_is", :yellow)).to eql("\e[33ma_bus_is\e[0m") + end + end + + context "when ui.color? => false" do + it "returns plain output" do + expect(@ui).to receive(:color?).and_return(false) + expect(@ui.color("a_bus_is", :yellow)).to eql("a_bus_is") + end + end + end + describe "confirm" do let(:stdout) { StringIO.new } let(:output) { stdout.string } diff --git a/spec/unit/knife/core/windows_bootstrap_context_spec.rb b/spec/unit/knife/core/windows_bootstrap_context_spec.rb index e5a4e955e8..2c538975e8 100644 --- a/spec/unit/knife/core/windows_bootstrap_context_spec.rb +++ b/spec/unit/knife/core/windows_bootstrap_context_spec.rb @@ -164,9 +164,9 @@ describe Chef::Knife::Core::WindowsBootstrapContext do expected = <<~EXPECTED echo.chef_server_url "http://chef.example.com:4444" echo.validation_client_name "chef-validator-testing" - echo.file_cache_path "c:/chef/cache" - echo.file_backup_path "c:/chef/backup" - echo.cache_options ^({:path =^> "c:/chef/cache/checksums", :skip_expires =^> true}^) + echo.file_cache_path "C:/chef/cache" + echo.file_backup_path "C:/chef/backup" + echo.cache_options ^({:path =^> "C:/chef/cache/checksums", :skip_expires =^> true}^) echo.# Using default node name ^(fqdn^) echo.log_level :info echo.log_location STDOUT diff --git a/spec/unit/knife/status_spec.rb b/spec/unit/knife/status_spec.rb index 8af3b3e871..63b3a62e75 100644 --- a/spec/unit/knife/status_spec.rb +++ b/spec/unit/knife/status_spec.rb @@ -1,6 +1,6 @@ # # Author:: Sahil Muthoo (<sahil.muthoo@gmail.com>) -# Copyright:: Copyright 2012-2016, Chef Software Inc. +# Copyright:: Copyright 2012-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -39,7 +39,7 @@ describe Chef::Knife::Status do let(:opts) do { filter_result: { name: ["name"], ipaddress: ["ipaddress"], ohai_time: ["ohai_time"], - ec2: ["ec2"], run_list: ["run_list"], platform: ["platform"], + cloud: ["cloud"], run_list: ["run_list"], platform: ["platform"], platform_version: ["platform_version"], chef_environment: ["chef_environment"] } } end diff --git a/spec/unit/knife_spec.rb b/spec/unit/knife_spec.rb index 6ed7ddd70e..47d4a6bf66 100644 --- a/spec/unit/knife_spec.rb +++ b/spec/unit/knife_spec.rb @@ -418,13 +418,10 @@ describe Chef::Knife do describe "when first created" do - let(:knife) { KnifeSpecs::TestYourself.new(%w{with some args -s scrogramming}) } - - before do - unless KnifeSpecs.const_defined?(:TestYourself) - Kernel.load(File.join(CHEF_SPEC_DATA, "knife_subcommand", "test_yourself.rb")) - end - end + let(:knife) { + Kernel.load "spec/data/knife_subcommand/test_yourself.rb" + KnifeSpecs::TestYourself.new(%w{with some args -s scrogramming}) + } it "it parses the options passed to it" do expect(knife.config[:scro]).to eq("scrogramming") @@ -435,6 +432,8 @@ describe Chef::Knife do end it "does not have lazy dependencies loaded" do + skip "unstable with randomization... prolly needs more isolation" + expect(knife.class.test_deps_loaded).not_to be_truthy end end diff --git a/spec/unit/lwrp_spec.rb b/spec/unit/lwrp_spec.rb index def981801e..cb7ebde029 100644 --- a/spec/unit/lwrp_spec.rb +++ b/spec/unit/lwrp_spec.rb @@ -1,6 +1,6 @@ # # Author:: Christopher Walters (<cw@chef.io>) -# Copyright:: Copyright 2009-2018, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/spec/unit/mixin/openssl_helper_spec.rb b/spec/unit/mixin/openssl_helper_spec.rb index a6a6fb0e71..5155d66a22 100644 --- a/spec/unit/mixin/openssl_helper_spec.rb +++ b/spec/unit/mixin/openssl_helper_spec.rb @@ -854,4 +854,46 @@ describe Chef::Mixin::OpenSSLHelper do end end end + + describe "#cert_need_renewall?" do + require "tempfile" + + before(:each) do + @certfile = Tempfile.new("certfile") + end + + context "When the cert file doesnt not exist" do + it "returns true" do + expect(instance.cert_need_renewall?("/tmp/bad_filename", 3650)).to be_truthy + end + end + + context "When the cert file does exist, but does not contain a valid Certificate" do + it "returns true" do + @certfile.write("I_am_not_a_cert_I_am_a_free_man") + @certfile.close + expect(instance.cert_need_renewall?(@certfile.path, 3650)).to be_truthy + end + end + + context "When the cert file does exist, and does not contain a soon to expire certficitate" do + it "returns false" do + @certfile.write("-----BEGIN CERTIFICATE-----\nMIIDODCCAiCgAwIBAgIVAPCkjE+wlZ1PgXwgvFgXKzhSpUkvMA0GCSqGSIb3DQEB\nCwUAMA0xCzAJBgNVBAMMAkNBMB4XDTE5MTIyNTEyNTY1NVoXDTI5MTIyMjEyNTY1\nNVowDTELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC9bDWs5akf85UEMj8kry4DYNuAnaL4GnMs6XukQtp3dso+FgbKprgVogyepnet\nE+GlQq32u/n4y8K228kB6NoCn+c/yP+4QlKUBt0xSzQbSUuAE/5xZoKi/kH1ZsQ/\nuKXN/tIHagApEUGn5zqc8WBvWPliRAqiklwj8WtSw1WRa5eCdaVtln3wKuvPnYR5\n/V4YBHyHNhtlfXJBMtEaXm1rRzJGun+FdcrsCfcIFXp8lWobF+EVP8fRwqFTEtT6\nRXv6RT8sHy53a0KNTm8qnbacfr1MofgUuhzLjOrbIVvXpnRLeOkv8XW5rSH+zgsC\nZFK3bJ3j6UVbFQV4jXwlAWVrAgMBAAGjgY4wgYswDgYDVR0PAQH/BAQDAgGmMA8G\nA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK4S2PNu6bpjxkJxedNaxfCrwtD4MEkG\nA1UdIwRCMECAFK4S2PNu6bpjxkJxedNaxfCrwtD4oRGkDzANMQswCQYDVQQDDAJD\nQYIVAPCkjE+wlZ1PgXwgvFgXKzhSpUkvMA0GCSqGSIb3DQEBCwUAA4IBAQBGk+u3\n9N3PLWNOwYrqK7fD4yceWnz4UsV9uN1IU5PQTgYBaGyAZvU+VJluZZeDj7QjwbUW\ngISclvW/pSWpUVW3O0sfAM97u+5UMYHz4W5Bgq8CtdOKHgdZHKhzBePhmou11zO0\nZ6uQ7bkh0/REqKO7TFKaMMnakEhFXoDrS1EiB4W69KVXyrBVzVm5LK7uvOAQAeMp\nnEk3Oz+5pmKjSCf1cEd2jzAgDbaVrIvxICPgXAlNrKukmRW/0UHqDDVBfF7PioD2\nptlQFxWIkih6s/clwhsBFBwV1yyCirYfjhzmKPPLZUmx10okudLzaKrRbkPxrzbC\nmKEZoV+Nz2CNrGm5\n-----END CERTIFICATE-----\n") + @certfile.close + expect(instance.cert_need_renewall?(@certfile.path, 5)).to be_falsey + end + end + + context "When the cert file does exist, and does contain a soon to expire certficitate" do + it "returns true" do + @certfile.write("-----BEGIN CERTIFICATE-----\nMIIDODCCAiCgAwIBAgIVAPCkjE+wlZ1PgXwgvFgXKzhSpUkvMA0GCSqGSIb3DQEB\nCwUAMA0xCzAJBgNVBAMMAkNBMB4XDTE5MTIyNTEyNTY1NVoXDTI5MTIyMjEyNTY1\nNVowDTELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC9bDWs5akf85UEMj8kry4DYNuAnaL4GnMs6XukQtp3dso+FgbKprgVogyepnet\nE+GlQq32u/n4y8K228kB6NoCn+c/yP+4QlKUBt0xSzQbSUuAE/5xZoKi/kH1ZsQ/\nuKXN/tIHagApEUGn5zqc8WBvWPliRAqiklwj8WtSw1WRa5eCdaVtln3wKuvPnYR5\n/V4YBHyHNhtlfXJBMtEaXm1rRzJGun+FdcrsCfcIFXp8lWobF+EVP8fRwqFTEtT6\nRXv6RT8sHy53a0KNTm8qnbacfr1MofgUuhzLjOrbIVvXpnRLeOkv8XW5rSH+zgsC\nZFK3bJ3j6UVbFQV4jXwlAWVrAgMBAAGjgY4wgYswDgYDVR0PAQH/BAQDAgGmMA8G\nA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK4S2PNu6bpjxkJxedNaxfCrwtD4MEkG\nA1UdIwRCMECAFK4S2PNu6bpjxkJxedNaxfCrwtD4oRGkDzANMQswCQYDVQQDDAJD\nQYIVAPCkjE+wlZ1PgXwgvFgXKzhSpUkvMA0GCSqGSIb3DQEBCwUAA4IBAQBGk+u3\n9N3PLWNOwYrqK7fD4yceWnz4UsV9uN1IU5PQTgYBaGyAZvU+VJluZZeDj7QjwbUW\ngISclvW/pSWpUVW3O0sfAM97u+5UMYHz4W5Bgq8CtdOKHgdZHKhzBePhmou11zO0\nZ6uQ7bkh0/REqKO7TFKaMMnakEhFXoDrS1EiB4W69KVXyrBVzVm5LK7uvOAQAeMp\nnEk3Oz+5pmKjSCf1cEd2jzAgDbaVrIvxICPgXAlNrKukmRW/0UHqDDVBfF7PioD2\nptlQFxWIkih6s/clwhsBFBwV1yyCirYfjhzmKPPLZUmx10okudLzaKrRbkPxrzbC\nmKEZoV+Nz2CNrGm5\n-----END CERTIFICATE-----\n") + @certfile.close + expect(instance.cert_need_renewall?(@certfile.path, 3650)).to be_truthy + end + end + + after(:each) do + @certfile.unlink + end + end end diff --git a/spec/unit/mixin/shell_out_spec.rb b/spec/unit/mixin/shell_out_spec.rb index afa3687a15..f2b0295bf6 100644 --- a/spec/unit/mixin/shell_out_spec.rb +++ b/spec/unit/mixin/shell_out_spec.rb @@ -246,35 +246,33 @@ describe Chef::Mixin::ShellOut do let(:new_resource) { CustomResource.new("foo") } let(:provider) { new_resource.provider_for_action(:install) } - describe "on Chef-15", chef: ">= 15" do - %i{shell_out shell_out!}.each do |method| - stubbed_method = (method == :shell_out) ? :shell_out_compacted : :shell_out_compacted! - it "#{method} defaults to 900 seconds" do - expect(provider).to receive(stubbed_method).with("foo", timeout: 900) - provider.send(method, "foo") - end - it "#{method} overrides the default timeout with its options" do - expect(provider).to receive(stubbed_method).with("foo", timeout: 1) - provider.send(method, "foo", timeout: 1) - end - it "#{method} overrides the new_resource.timeout with the timeout option" do - new_resource.timeout(99) - expect(provider).to receive(stubbed_method).with("foo", timeout: 1) - provider.send(method, "foo", timeout: 1) - end - it "#{method} defaults to 900 seconds and preserves options" do - expect(provider).to receive(stubbed_method).with("foo", env: nil, timeout: 900) - provider.send(method, "foo", env: nil) - end - it "#{method} overrides the default timeout with its options and preserves options" do - expect(provider).to receive(stubbed_method).with("foo", timeout: 1, env: nil) - provider.send(method, "foo", timeout: 1, env: nil) - end - it "#{method} overrides the new_resource.timeout with the timeout option and preseves options" do - new_resource.timeout(99) - expect(provider).to receive(stubbed_method).with("foo", timeout: 1, env: nil) - provider.send(method, "foo", timeout: 1, env: nil) - end + %i{shell_out shell_out!}.each do |method| + stubbed_method = (method == :shell_out) ? :shell_out_compacted : :shell_out_compacted! + it "#{method} defaults to 900 seconds" do + expect(provider).to receive(stubbed_method).with("foo", timeout: 900) + provider.send(method, "foo") + end + it "#{method} overrides the default timeout with its options" do + expect(provider).to receive(stubbed_method).with("foo", timeout: 1) + provider.send(method, "foo", timeout: 1) + end + it "#{method} overrides the new_resource.timeout with the timeout option" do + new_resource.timeout(99) + expect(provider).to receive(stubbed_method).with("foo", timeout: 1) + provider.send(method, "foo", timeout: 1) + end + it "#{method} defaults to 900 seconds and preserves options" do + expect(provider).to receive(stubbed_method).with("foo", env: nil, timeout: 900) + provider.send(method, "foo", env: nil) + end + it "#{method} overrides the default timeout with its options and preserves options" do + expect(provider).to receive(stubbed_method).with("foo", timeout: 1, env: nil) + provider.send(method, "foo", timeout: 1, env: nil) + end + it "#{method} overrides the new_resource.timeout with the timeout option and preseves options" do + new_resource.timeout(99) + expect(provider).to receive(stubbed_method).with("foo", timeout: 1, env: nil) + provider.send(method, "foo", timeout: 1, env: nil) end end end diff --git a/spec/unit/node/attribute_spec.rb b/spec/unit/node/attribute_spec.rb index 7d6d264405..4490aca9a9 100644 --- a/spec/unit/node/attribute_spec.rb +++ b/spec/unit/node/attribute_spec.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: AJ Christensen (<aj@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1259,12 +1259,12 @@ describe Chef::Node::Attribute do describe "frozen immutable strings" do it "strings in hashes should be frozen" do @attributes.default["foo"]["bar"]["baz"] = "fizz" - expect { @attributes["foo"]["bar"]["baz"] << "buzz" }.to raise_error(RuntimeError, "can't modify frozen String") + expect { @attributes["foo"]["bar"]["baz"] << "buzz" }.to raise_error(FrozenError, /can't modify frozen String/) end it "strings in arrays should be frozen" do @attributes.default["foo"]["bar"] = [ "fizz" ] - expect { @attributes["foo"]["bar"][0] << "buzz" }.to raise_error(RuntimeError, "can't modify frozen String") + expect { @attributes["foo"]["bar"][0] << "buzz" }.to raise_error(FrozenError, /can't modify frozen String/) end end diff --git a/spec/unit/node/vivid_mash_spec.rb b/spec/unit/node/vivid_mash_spec.rb index 575d8c3321..098da46d70 100644 --- a/spec/unit/node/vivid_mash_spec.rb +++ b/spec/unit/node/vivid_mash_spec.rb @@ -163,15 +163,15 @@ describe Chef::Node::VividMash do end it "throws an exception when attributes do not exist" do - expect { vivid.read!("one", "five", "six") }.to raise_error(Chef::Exceptions::NoSuchAttribute) + expect { vivid.read!("one", "five", "six") }.to raise_error(Chef::Exceptions::NoSuchAttribute, "one.five.six") end it "throws an exception when traversing a non-container" do - expect { vivid.read!("one", "two", "three", "four") }.to raise_error(Chef::Exceptions::NoSuchAttribute) + expect { vivid.read!("one", "two", "three", "four") }.to raise_error(Chef::Exceptions::NoSuchAttribute, "one.two.three.four") end it "throws an exception when an array element does not exist" do - expect { vivid.read!("array", 3) }.to raise_error(Chef::Exceptions::NoSuchAttribute) + expect { vivid.read!("array", 3) }.to raise_error(Chef::Exceptions::NoSuchAttribute, "array.3") end end diff --git a/spec/unit/node_spec.rb b/spec/unit/node_spec.rb index 1c84278ad5..5b50f888f0 100644 --- a/spec/unit/node_spec.rb +++ b/spec/unit/node_spec.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -966,6 +966,13 @@ describe Chef::Node do expect(node.normal_attrs).to eq({ "foo" => "bar", "tags" => [] }) end + it "converts the platform_version to a Chef::VersionString" do + node.consume_external_attrs(@ohai_data, {}) + expect(node.automatic_attrs[:platform_version]).to be_a_kind_of(Chef::VersionString) + expect(node[:platform_version]).to be_a_kind_of(Chef::VersionString) + expect(node[:platform_version] =~ "~> 23.6").to be true + end + end describe "when expanding its run list and merging attributes" do diff --git a/spec/unit/platform/query_helpers_spec.rb b/spec/unit/platform/query_helpers_spec.rb index d5e4d09029..3ed86cdc4c 100644 --- a/spec/unit/platform/query_helpers_spec.rb +++ b/spec/unit/platform/query_helpers_spec.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2014-2018, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,149 +18,6 @@ require "spec_helper" -describe "Chef::Platform#windows_nano_server?" do - include_context "Win32" - - let(:key) { "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Server\\ServerLevels" } - let(:key_query_value) { 0x0001 } - let(:access) { key_query_value | 0x0100 } - let(:hive) { double("Win32::Registry::HKEY_LOCAL_MACHINE") } - let(:registry) { double("Win32::Registry") } - - before(:all) do - Win32::Registry = Class.new - Win32::Registry::Error = Class.new(RuntimeError) - end - - before do - Win32::Registry::HKEY_LOCAL_MACHINE = hive - Win32::Registry::KEY_QUERY_VALUE = key_query_value - end - - after do - Win32::Registry.send(:remove_const, "HKEY_LOCAL_MACHINE") if defined?(Win32::Registry::HKEY_LOCAL_MACHINE) - Win32::Registry.send(:remove_const, "KEY_QUERY_VALUE") if defined?(Win32::Registry::KEY_QUERY_VALUE) - end - - it "returns false early when not on windows" do - allow(ChefUtils).to receive(:windows?).and_return(false) - expect(Chef::Platform).to_not receive(:require) - expect(Chef::Platform.windows_nano_server?).to be false - end - - it "returns true when the registry value is 1" do - allow(ChefUtils).to receive(:windows?).and_return(true) - allow(Chef::Platform).to receive(:require).with("win32/registry") - expect(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open) - .with(key, access) - .and_yield(registry) - expect(registry).to receive(:[]).with("NanoServer").and_return(1) - expect(Chef::Platform.windows_nano_server?).to be true - end - - it "returns false when the registry value is not 1" do - allow(ChefUtils).to receive(:windows?).and_return(true) - allow(Chef::Platform).to receive(:require).with("win32/registry") - expect(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open) - .with(key, access) - .and_yield(registry) - expect(registry).to receive(:[]).with("NanoServer").and_return(0) - expect(Chef::Platform.windows_nano_server?).to be false - end - - it "returns false when the registry value does not exist" do - allow(ChefUtils).to receive(:windows?).and_return(true) - allow(Chef::Platform).to receive(:require).with("win32/registry") - expect(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open) - .with(key, access) - .and_yield(registry) - expect(registry).to receive(:[]).with("NanoServer") - .and_raise(Win32::Registry::Error, "The system cannot find the file specified.") - expect(Chef::Platform.windows_nano_server?).to be false - end - - it "returns false when the registry key does not exist" do - allow(ChefUtils).to receive(:windows?).and_return(true) - allow(Chef::Platform).to receive(:require).with("win32/registry") - expect(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open) - .with(key, access) - .and_raise(Win32::Registry::Error, "The system cannot find the file specified.") - expect(Chef::Platform.windows_nano_server?).to be false - end -end - -describe "Chef::Platform#supports_msi?" do - include_context "Win32" # clear and restore Win32:: namespace - - let(:key) { "System\\CurrentControlSet\\Services\\msiserver" } - let(:key_query_value) { 0x0001 } - let(:access) { key_query_value } - let(:hive) { double("Win32::Registry::HKEY_LOCAL_MACHINE") } - let(:registry) { double("Win32::Registry") } - - before(:all) do - Win32::Registry = Class.new - Win32::Registry::Error = Class.new(RuntimeError) - end - - before do - Win32::Registry::HKEY_LOCAL_MACHINE = hive - Win32::Registry::KEY_QUERY_VALUE = key_query_value - end - - after do - Win32::Registry.send(:remove_const, "HKEY_LOCAL_MACHINE") if defined?(Win32::Registry::HKEY_LOCAL_MACHINE) - Win32::Registry.send(:remove_const, "KEY_QUERY_VALUE") if defined?(Win32::Registry::KEY_QUERY_VALUE) - end - - it "returns false early when not on windows" do - allow(ChefUtils).to receive(:windows?).and_return(false) - expect(Chef::Platform).to_not receive(:require) - expect(Chef::Platform.supports_msi?).to be false - end - - it "returns true when the registry key exists" do - allow(ChefUtils).to receive(:windows?).and_return(true) - allow(Chef::Platform).to receive(:require).with("win32/registry") - expect(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open) - .with(key, access) - .and_yield(registry) - expect(Chef::Platform.supports_msi?).to be true - end - - it "returns false when the registry key does not exist" do - allow(ChefUtils).to receive(:windows?).and_return(true) - allow(Chef::Platform).to receive(:require).with("win32/registry") - expect(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open) - .with(key, access) - .and_raise(Win32::Registry::Error, "The system cannot find the file specified.") - expect(Chef::Platform.supports_msi?).to be false - end -end - -describe "Chef::Platform#supports_dsc?" do - it "returns false if PowerShell is not present" do - node = Chef::Node.new - expect(Chef::Platform.supports_dsc?(node)).to be_falsey - end - - ["1.0", "2.0", "3.0"].each do |version| - it "returns false for PowerShell #{version}" do - node = Chef::Node.new - node.automatic[:languages][:powershell][:version] = version - expect(Chef::Platform.supports_dsc?(node)).to be_falsey - end - end - - ["4.0", "5.0"].each do |version| - it "returns true for PowerShell #{version}" do - node = Chef::Node.new - node.automatic[:languages][:powershell][:version] = version - expect(Chef::Platform.supports_dsc?(node)).to be_truthy - end - end -end - describe "Chef::Platform#supports_dsc_invoke_resource?" do it "returns false if powershell is not present" do node = Chef::Node.new diff --git a/spec/unit/property_spec.rb b/spec/unit/property_spec.rb index 1fcbb77e8e..965da7313e 100644 --- a/spec/unit/property_spec.rb +++ b/spec/unit/property_spec.rb @@ -542,7 +542,7 @@ describe "Chef::Resource.property" do expect(resource.x).to eq "" end it "x is immutable" do - expect { resource.x << "foo" }.to raise_error(RuntimeError, "can't modify frozen String") + expect { resource.x << "foo" }.to raise_error(FrozenError, /can't modify frozen String/) end end @@ -562,7 +562,7 @@ describe "Chef::Resource.property" do expect(resource.x).to eq({}) end it "x is immutable" do - expect { resource.x["foo"] = "bar" }.to raise_error(RuntimeError, "can't modify frozen Hash") + expect { resource.x["foo"] = "bar" }.to raise_error(FrozenError, /can't modify frozen Hash/) end it "The same exact value is returned multiple times in a row" do value = resource.x @@ -595,13 +595,13 @@ describe "Chef::Resource.property" do expect(resource.x).to eq([{ foo: "bar" }]) end it "x is immutable" do - expect { resource.x << :other }.to raise_error(RuntimeError, "can't modify frozen Array") + expect { resource.x << :other }.to raise_error(FrozenError, /can't modify frozen Array/) end it "x.first is immutable" do - expect { resource.x.first[:foo] = "other" }.to raise_error(RuntimeError, "can't modify frozen Hash") + expect { resource.x.first[:foo] = "other" }.to raise_error(FrozenError, /can't modify frozen Hash/) end it "x.first[:foo] is immutable" do - expect { resource.x.first[:foo] << "other" }.to raise_error(RuntimeError, "can't modify frozen String") + expect { resource.x.first[:foo] << "other" }.to raise_error(FrozenError, /can't modify frozen String/) end end end @@ -1072,13 +1072,13 @@ describe "Chef::Resource.property" do it "raises an error if both name_property and name_attribute are specified" do expect { resource_class.property :x, name_property: false, name_attribute: 1 }.to raise_error ArgumentError, - /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)./ + /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)/ expect { resource_class.property :x, name_property: false, name_attribute: nil }.to raise_error ArgumentError, - /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)./ + /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)/ expect { resource_class.property :x, name_property: false, name_attribute: false }.to raise_error ArgumentError, - /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)./ + /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)/ expect { resource_class.property :x, name_property: true, name_attribute: true }.to raise_error ArgumentError, - /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)./ + /name_attribute and name_property are functionally identical and both cannot be specified on a property at once. Use just one on property x of resource chef_resource_property_spec_(\d+)/ end context "property_type" do diff --git a/spec/unit/provider/apt_preference_spec.rb b/spec/unit/provider/apt_preference_spec.rb index e37dc16ff9..91b2f58acb 100644 --- a/spec/unit/provider/apt_preference_spec.rb +++ b/spec/unit/provider/apt_preference_spec.rb @@ -1,7 +1,7 @@ # # Author:: Thom May (<thom@chef.io>) # Author:: Tim Smith (<tim@chef.io>) -# Copyright:: 2016-2017, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,24 +18,28 @@ # require "spec_helper" +require "chef/resource/apt_preference" -describe Chef::Provider::AptPreference do - let(:new_resource) { Chef::Resource::AptPreference.new("libmysqlclient16.1*") } +# FIXME: provider has been moved to a custom resource, should migrate the unit tests +# +describe "Chef::Provider::AptPreference" do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:collection) { double("resource collection") } + let(:new_resource) { Chef::Resource::AptPreference.new("libmysqlclient16.1*", run_context) } let(:pref_dir) { Dir.mktmpdir("apt_pref_d") } + let(:provider) { new_resource.provider_for_action(:add) } before do - stub_const("Chef::Provider::AptPreference::APT_PREFERENCE_DIR", pref_dir) + node.automatic["platform_family"] = "debian" + Chef::Resource::AptPreference.send(:remove_const, :APT_PREFERENCE_DIR) + Chef::Resource::AptPreference.const_set(:APT_PREFERENCE_DIR, pref_dir) + new_resource.pin = "1.0.1" new_resource.pin_priority 1001 end - let(:provider) do - node = Chef::Node.new - events = Chef::EventDispatch::Dispatcher.new - run_context = Chef::RunContext.new(node, {}, events) - Chef::Provider::AptPreference.new(new_resource, run_context) - end - it "responds to load_current_resource" do expect(provider).to respond_to(:load_current_resource) end diff --git a/spec/unit/provider/apt_repository_spec.rb b/spec/unit/provider/apt_repository_spec.rb index 11d505dad8..d8ad51e822 100644 --- a/spec/unit/provider/apt_repository_spec.rb +++ b/spec/unit/provider/apt_repository_spec.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: 2016-2018, Chef Software Inc. +# Copyright:: 2016-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -44,15 +44,13 @@ GPG_FINGER = <<~EOF.freeze sub:-:2048:16:84080586D1CA74A1:2009-04-22:::: EOF -describe Chef::Provider::AptRepository do - let(:new_resource) { Chef::Resource::AptRepository.new("multiverse") } - - let(:provider) do - node = Chef::Node.new - events = Chef::EventDispatch::Dispatcher.new - run_context = Chef::RunContext.new(node, {}, events) - Chef::Provider::AptRepository.new(new_resource, run_context) - end +describe "Chef::Provider::AptRepository" do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:collection) { double("resource collection") } + let(:new_resource) { Chef::Resource::AptRepository.new("multiverse", run_context) } + let(:provider) { new_resource.provider_for_action(:add) } let(:apt_key_finger_cmd) do %w{apt-key adv --list-public-keys --with-fingerprint --with-colons} @@ -226,27 +224,32 @@ C5986B4F1257FFA86632CBA746181433FBB75451 describe "#build_repo" do it "creates a repository string" do - target = %Q{deb "http://test/uri" unstable main\n} + target = "deb http://test/uri unstable main\n" expect(provider.build_repo("http://test/uri", "unstable", "main", false, nil)).to eql(target) end + it "creates a repository string with spaces" do + target = "deb http://test/uri%20with%20spaces unstable main\n" + expect(provider.build_repo("http://test/uri with spaces", "unstable", "main", false, nil)).to eql(target) + end + it "creates a repository string with no distribution" do - target = %Q{deb "http://test/uri" main\n} + target = "deb http://test/uri main\n" expect(provider.build_repo("http://test/uri", nil, "main", false, nil)).to eql(target) end it "creates a repository string with source" do - target = %Q{deb "http://test/uri" unstable main\ndeb-src "http://test/uri" unstable main\n} + target = "deb http://test/uri unstable main\ndeb-src http://test/uri unstable main\n" expect(provider.build_repo("http://test/uri", "unstable", "main", false, nil, true)).to eql(target) end it "creates a repository string with options" do - target = %Q{deb [trusted=yes] "http://test/uri" unstable main\n} + target = "deb [trusted=yes] http://test/uri unstable main\n" expect(provider.build_repo("http://test/uri", "unstable", "main", true, nil)).to eql(target) end it "handles a ppa repo" do - target = %Q{deb "http://ppa.launchpad.net/chef/main/ubuntu" unstable main\n} + target = "deb http://ppa.launchpad.net/chef/main/ubuntu unstable main\n" expect(provider).to receive(:make_ppa_url).with("ppa:chef/main").and_return("http://ppa.launchpad.net/chef/main/ubuntu") expect(provider.build_repo("ppa:chef/main", "unstable", "main", false, nil)).to eql(target) end diff --git a/spec/unit/provider/apt_update_spec.rb b/spec/unit/provider/apt_update_spec.rb index ed91131aff..408f8cf46a 100644 --- a/spec/unit/provider/apt_update_spec.rb +++ b/spec/unit/provider/apt_update_spec.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: Copyright (c) 2016-2018, Chef Software Inc. +# Copyright:: Copyright (c) 2016-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,23 +18,24 @@ require "spec_helper" -describe Chef::Provider::AptUpdate do - let(:new_resource) { Chef::Resource::AptUpdate.new("update") } +describe "Chef::Provider::AptUpdate" do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:collection) { double("resource collection") } + let(:new_resource) { Chef::Resource::AptUpdate.new("update", run_context) } + let(:provider) { new_resource.provider_for_action(:update) } let(:config_dir) { Dir.mktmpdir("apt_update_apt_conf_d") } let(:config_file) { File.join(config_dir, "15update-stamp") } let(:stamp_dir) { Dir.mktmpdir("apt_update_periodic") } before do - stub_const("Chef::Provider::AptUpdate::APT_CONF_DIR", config_dir) - stub_const("Chef::Provider::AptUpdate::STAMP_DIR", stamp_dir) - end - - let(:provider) do - node = Chef::Node.new - events = Chef::EventDispatch::Dispatcher.new - run_context = Chef::RunContext.new(node, {}, events) - Chef::Provider::AptUpdate.new(new_resource, run_context) + new_resource.class.send(:remove_const, :APT_CONF_DIR) + new_resource.class.send(:const_set, :APT_CONF_DIR, config_dir) + new_resource.class.send(:remove_const, :STAMP_DIR) + new_resource.class.send(:const_set, :STAMP_DIR, stamp_dir) + node.automatic["platform_family"] = "debian" end let(:apt_update_cmd) { %w{apt-get -q update} } diff --git a/spec/unit/provider/cookbook_file_spec.rb b/spec/unit/provider/cookbook_file_spec.rb index e1ef3c63d8..67df3c1f97 100644 --- a/spec/unit/provider/cookbook_file_spec.rb +++ b/spec/unit/provider/cookbook_file_spec.rb @@ -1,7 +1,7 @@ # # Author:: Daniel DeLeo (<dan@chef.io>) # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2009-2016, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,10 +23,10 @@ require "ostruct" require "support/shared/unit/provider/file" describe Chef::Provider::CookbookFile do - let(:node) { double("Chef::Node") } - let(:events) { double("Chef::Events").as_null_object } # mock all the methods - let(:logger) { double("Mixlib::Log::Child").as_null_object } - let(:run_context) { double("Chef::RunContext", node: node, events: events, logger: logger) } + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:enclosing_directory) do canonicalize_path(File.expand_path(File.join(CHEF_SPEC_DATA, "templates"))) end diff --git a/spec/unit/provider/cron_spec.rb b/spec/unit/provider/cron_spec.rb index 4cd8a140af..06628b631b 100644 --- a/spec/unit/provider/cron_spec.rb +++ b/spec/unit/provider/cron_spec.rb @@ -1081,4 +1081,131 @@ describe Chef::Provider::Cron do end end end + + describe "#env_var_str" do + context "when no env vars are set" do + it "returns an empty string" do + expect(@provider.send(:env_var_str)).to be_empty + end + end + let(:mailto) { "foo@example.com" } + context "When set directly" do + it "returns string with value" do + @new_resource.mailto mailto + expect(@provider.send(:env_var_str)).to include(mailto) + end + end + context "When set within the hash" do + context "env properties" do + it "returns string with a warning" do + @new_resource.environment "MAILTO" => mailto + expect(logger).to receive(:warn).with("cronhole some stuff: the environment property contains the 'MAILTO' variable, which should be set separately as a property.") + expect(@provider.send(:env_var_str)).to include(mailto) + end + end + context "other properties" do + it "returns string with no warning" do + @new_resource.environment "FOOMAILTO" => mailto + expect(logger).not_to receive(:warn).with("cronhole some stuff: the environment property contains the 'MAILTO' variable, which should be set separately as a property.") + expect(@provider.send(:env_var_str)).to include(mailto) + end + it "and a line break within properties" do + @new_resource.environment "FOOMAILTO" => mailto, "BARMAILTO" => mailto + expect(@provider.send(:env_var_str)).to eq("FOOMAILTO=foo@example.com\nBARMAILTO=foo@example.com") + end + end + context "both env and other properties" do + it "returns string with line break within the properties" do + @new_resource.mailto mailto + @new_resource.environment "FOOMAILTO" => mailto + expect(@provider.send(:env_var_str)).to eq("MAILTO=\"foo@example.com\"\nFOOMAILTO=foo@example.com") + end + end + end + end + + describe "#duration_str" do + context "time as a frequency" do + it "returns string" do + @new_resource.time :yearly + expect(@provider.send(:duration_str)).to eq("@yearly") + end + end + context "time as a duration" do + it "defaults to * (No Specific Value)" do + @new_resource.minute "1" + expect(@provider.send(:duration_str)).to eq("1 * * * *") + end + it "returns cron format string" do + @new_resource.minute "1" + @new_resource.hour "2" + @new_resource.day "3" + @new_resource.month "4" + @new_resource.weekday "5" + expect(@provider.send(:duration_str)).to eq("1 2 3 4 5") + end + end + end + + describe "#time_out_str" do + context "When not given" do + it "Returns an empty string" do + expect(@provider.send(:time_out_str)).to be_empty + end + end + context "When given" do + let(:time_out_str_val) { " timeout 10;" } + context "as String" do + it "returns string" do + @new_resource.time_out "10" + expect(@provider.send(:time_out_str)).to eq time_out_str_val + end + end + context "as Integer" do + it "returns string" do + @new_resource.time_out "10" + expect(@provider.send(:time_out_str)).to eq time_out_str_val + end + end + context "as Hash" do + it "returns string" do + @new_resource.time_out "duration" => "10" + expect(@provider.send(:time_out_str)).to eq time_out_str_val + end + it "also contains properties" do + @new_resource.time_out "duration" => "10", "foreground" => "true", "signal" => "FOO" + expect(@provider.send(:time_out_str)).to eq " timeout --foreground --signal FOO 10;" + end + end + end + end + + describe "#cmd_str" do + context "With command" do + let(:cmd) { "FOOBAR" } + before { + @new_resource.command cmd + } + it "returns a string with command" do + expect(@provider.send(:cmd_str)).to include(cmd) + end + it "string ends with a next line" do + expect(@provider.send(:cmd_str)[-1]).to eq("\n") + end + end + context "Without command, passed" do + context "as nil" do + it "returns an empty string with a next line" do + @new_resource.command nil + expect(@provider.send(:cmd_str)).to eq(" \n") + end + end + context "as an empty string" do + it "returns an empty string with a next line" do + @new_resource.command "" + expect(@provider.send(:cmd_str)).to eq(" \n") + end + end + end + end end diff --git a/spec/unit/provider/directory_spec.rb b/spec/unit/provider/directory_spec.rb index 4672db7d8d..995b35bfa0 100644 --- a/spec/unit/provider/directory_spec.rb +++ b/spec/unit/provider/directory_spec.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -201,33 +201,22 @@ describe Chef::Provider::Directory do end end - describe "on OS X" do + describe "on macOS" do before do - allow(node).to receive(:[]).with("platform").and_return("mac_os_x") + allow(ChefUtils).to receive(:macos?).and_return(true) new_resource.path "/usr/bin/chef_test" new_resource.recursive false allow_any_instance_of(Chef::Provider::File).to receive(:do_selinux) end - it "os x 10.10 can write to sip locations" do - allow(node).to receive(:[]).with("platform_version").and_return("10.10") - allow(Dir).to receive(:mkdir).and_return([true], []) - allow(::File).to receive(:directory?).and_return(true) - allow(Chef::FileAccessControl).to receive(:writable?).and_return(true) - directory.run_action(:create) - expect(new_resource).to be_updated - end - - it "os x 10.11 cannot write to sip locations" do - allow(node).to receive(:[]).with("platform_version").and_return("10.11") + it "macOS cannot write to sip locations" do allow(::File).to receive(:directory?).and_return(true) allow(Chef::FileAccessControl).to receive(:writable?).and_return(false) expect { directory.run_action(:create) }.to raise_error(Chef::Exceptions::InsufficientPermissions) end - it "os x 10.11 can write to sip exlcusions" do + it "macOS can write to sip exclusions" do new_resource.path "/usr/local/chef_test" - allow(node).to receive(:[]).with("platform_version").and_return("10.11") allow(::File).to receive(:directory?).and_return(true) allow(Dir).to receive(:mkdir).and_return([true], []) allow(Chef::FileAccessControl).to receive(:writable?).and_return(false) diff --git a/spec/unit/provider/file_spec.rb b/spec/unit/provider/file_spec.rb index 311ef4c55a..7dc0072fb5 100644 --- a/spec/unit/provider/file_spec.rb +++ b/spec/unit/provider/file_spec.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,6 +17,7 @@ # limitations under the License. # +require "spec_helper" require "support/shared/unit/provider/file" describe Chef::Provider::File do @@ -32,10 +33,10 @@ describe Chef::Provider::File do content = double("Chef::Provider::File::Content") end - let(:node) { double("Chef::Node") } - let(:events) { double("Chef::Events").as_null_object } # mock all the methods - let(:logger) { double("Mixlib::Log::Child").as_null_object } - let(:run_context) { double("Chef::RunContext", node: node, events: events, logger: logger) } + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:enclosing_directory) do canonicalize_path(File.expand_path(File.join(CHEF_SPEC_DATA, "templates"))) end diff --git a/spec/unit/provider/ifconfig_spec.rb b/spec/unit/provider/ifconfig_spec.rb index 38561d6e49..56d2f250a6 100644 --- a/spec/unit/provider/ifconfig_spec.rb +++ b/spec/unit/provider/ifconfig_spec.rb @@ -1,6 +1,6 @@ # # Author:: Prajakta Purohit (prajakta@chef.io) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -46,19 +46,48 @@ describe Chef::Provider::Ifconfig do ifconfig 1.42 (2001-04-13) EOS - before do - ifconfig = double(stdout: "", exitstatus: 1) - allow(@provider).to receive(:shell_out_compacted).and_return(ifconfig) - ifconfig_version = double(stdout: "", stderr: net_tools_version, exitstatus: 4) - allow(@provider).to receive(:shell_out_compacted).with("ifconfig", "--version").and_return(ifconfig_version) - @provider.load_current_resource - end - it "should track state of ifconfig failure" do - expect(@provider.instance_variable_get("@status").exitstatus).not_to eq(0) - end - it "should thrown an exception when ifconfig fails" do - @provider.define_resource_requirements - expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::Ifconfig + let(:net_tools_version2) { StringIO.new <<~EOS } + net-tools 2.10-alpha + EOS + + context "when ifconfig returns its version on stdout" do + before do + ifconfig = double(stdout: "", exitstatus: 1) + allow(@provider).to receive(:shell_out_compacted).and_return(ifconfig) + ifconfig_version = double(stdout: net_tools_version2, stderr: "", exitstatus: 4) + allow(@provider).to receive(:shell_out_compacted).with("ifconfig", "--version").and_return(ifconfig_version) + @provider.load_current_resource + end + it "should track state of ifconfig failure" do + expect(@provider.instance_variable_get("@status").exitstatus).not_to eq(0) + end + it "should thrown an exception when ifconfig fails" do + @provider.define_resource_requirements + expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::Ifconfig + end + it "should grab the correct major.minor version of net-tools" do + expect(@provider.ifconfig_version).to eql("2.10") + end + end + + context "when ifconfig returns its version on stderr" do + before do + ifconfig = double(stdout: "", exitstatus: 1) + allow(@provider).to receive(:shell_out_compacted).and_return(ifconfig) + ifconfig_version = double(stdout: "", stderr: net_tools_version, exitstatus: 4) + allow(@provider).to receive(:shell_out_compacted).with("ifconfig", "--version").and_return(ifconfig_version) + @provider.load_current_resource + end + it "should track state of ifconfig failure" do + expect(@provider.instance_variable_get("@status").exitstatus).not_to eq(0) + end + it "should thrown an exception when ifconfig fails" do + @provider.define_resource_requirements + expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::Ifconfig + end + it "should grab the correct major.minor version of net-tools" do + expect(@provider.ifconfig_version).to eql("1.60") + end end end describe Chef::Provider::Ifconfig, "action_add" do diff --git a/spec/unit/provider/link_spec.rb b/spec/unit/provider/link_spec.rb index 154197e730..30c752b5ea 100644 --- a/spec/unit/provider/link_spec.rb +++ b/spec/unit/provider/link_spec.rb @@ -1,7 +1,7 @@ # # Author:: AJ Christensen (<aj@junglist.gen.nz>) # Author:: John Keiser (<jkeiser@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -358,7 +358,6 @@ describe Chef::Resource::Link do allow(Chef::Resource::Link).to receive(:new).with( provider.new_resource.name ).and_return(resource_link) - allow(resource_link).to receive(:verify_links_supported!) allow(ChefUtils).to receive(:windows?).and_return(true) end diff --git a/spec/unit/provider/log_spec.rb b/spec/unit/provider/log_spec.rb index deb2024640..f72cf3b558 100644 --- a/spec/unit/provider/log_spec.rb +++ b/spec/unit/provider/log_spec.rb @@ -1,6 +1,6 @@ # # Author:: Cary Penniman (<cary@rightscale.com>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,7 +18,7 @@ require "spec_helper" -describe Chef::Provider::Log::ChefLog do +describe Chef::Resource::Log do let(:log_str) { "this is my test string to log" } @@ -28,9 +28,9 @@ describe Chef::Provider::Log::ChefLog do let(:run_context) { Chef::RunContext.new(node, {}, events) } - let(:new_resource) { Chef::Resource::Log.new(log_str) } + let(:new_resource) { Chef::Resource::Log.new(log_str, run_context) } - let(:provider) { Chef::Provider::Log::ChefLog.new(new_resource, run_context) } + let(:provider) { new_resource.provider_for_action(:run) } let(:logger) { double("Mixlib::Log::Child").as_null_object } before do diff --git a/spec/unit/provider/mdadm_spec.rb b/spec/unit/provider/mdadm_spec.rb index d79c1b35db..7e3546dcce 100644 --- a/spec/unit/provider/mdadm_spec.rb +++ b/spec/unit/provider/mdadm_spec.rb @@ -19,15 +19,15 @@ require "spec_helper" require "ostruct" -describe Chef::Provider::Mdadm do +describe Chef::Resource::Mdadm do before(:each) do @node = Chef::Node.new @events = Chef::EventDispatch::Dispatcher.new @run_context = Chef::RunContext.new(@node, {}, @events) - @new_resource = Chef::Resource::Mdadm.new("/dev/md1") + @new_resource = Chef::Resource::Mdadm.new("/dev/md1", run_context) @new_resource.devices ["/dev/sdz1", "/dev/sdz2", "/dev/sdz3"] - @provider = Chef::Provider::Mdadm.new(@new_resource, @run_context) + @provider = @new_resource.provider_for_action(:create) end describe "when determining the current metadevice status" do diff --git a/spec/unit/provider/package/windows/exe_spec.rb b/spec/unit/provider/package/windows/exe_spec.rb index 2ed4c03905..afceaabd55 100644 --- a/spec/unit/provider/package/windows/exe_spec.rb +++ b/spec/unit/provider/package/windows/exe_spec.rb @@ -126,7 +126,7 @@ describe Chef::Provider::Package::Windows::Exe do it "removes installed package and quotes uninstall string" do new_resource.timeout = 300 allow(::File).to receive(:exist?).with("uninst_dir/uninst_file").and_return(true) - expect(provider).to receive(:shell_out!).with(%r{start \"\" /wait \"uninst_dir/uninst_file\" /S /NCRC & exit %%%%ERRORLEVEL%%%%}, default_env: false, timeout: 300, returns: [0]) + expect(provider).to receive(:shell_out!).with(%r{start \"\" /wait \"uninst_dir/uninst_file\" /S /NCRC & exit %%%%ERRORLEVEL%%%%}, default_env: false, timeout: 300, returns: [0, 3010]) provider.remove_package end end diff --git a/spec/unit/provider/powershell_script_spec.rb b/spec/unit/provider/powershell_script_spec.rb index cca0f34067..43af9cee2c 100644 --- a/spec/unit/provider/powershell_script_spec.rb +++ b/spec/unit/provider/powershell_script_spec.rb @@ -1,6 +1,6 @@ # # Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright 2013-2017, Chef Software Inc. +# Copyright:: Copyright 2013-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -53,73 +53,33 @@ describe Chef::Provider::PowershellScript, "action_run" do end context "when setting interpreter flags" do - context "on nano" do - before(:each) do - allow(Chef::Platform).to receive(:windows_nano_server?).and_return(true) - allow(provider).to receive(:is_forced_32bit).and_return(false) - os_info_double = double("os_info") - allow(provider.run_context.node["kernel"]).to receive(:[]).with("os_info").and_return(os_info_double) - allow(os_info_double).to receive(:[]).with("system_directory").and_return("C:\\Windows\\system32") - end - - it "sets the -Command flag as the last flag" do - flags = provider.command.split(" ").keep_if { |flag| flag =~ /^-/ } - expect(flags.pop).to eq("-Command") - end + before(:each) do + allow(provider).to receive(:is_forced_32bit).and_return(false) + os_info_double = double("os_info") + allow(provider.run_context.node["kernel"]).to receive(:[]).with("os_info").and_return(os_info_double) + allow(os_info_double).to receive(:[]).with("system_directory").and_return("C:\\Windows\\system32") end - context "not on nano" do - before(:each) do - allow(Chef::Platform).to receive(:windows_nano_server?).and_return(false) - allow(provider).to receive(:is_forced_32bit).and_return(false) - os_info_double = double("os_info") - allow(provider.run_context.node["kernel"]).to receive(:[]).with("os_info").and_return(os_info_double) - allow(os_info_double).to receive(:[]).with("system_directory").and_return("C:\\Windows\\system32") - end - - it "sets the -File flag as the last flag" do - flags = provider.command.split(" ").keep_if { |flag| flag =~ /^-/ } - expect(flags.pop).to eq("-File") - end - - let(:execution_policy_flag) do - provider_flags = provider.flags.split(" ") - # Last occurance of "executionpolicy" - execution_policy_index = provider_flags.map(&:downcase).rindex("-executionpolicy") + it "sets the -File flag as the last flag" do + flags = provider.command.split(" ").keep_if { |flag| flag =~ /^-/ } + expect(flags.pop).to eq("-File") + end - execution_policy_index ? provider_flags[execution_policy_index + 1] : nil - end + let(:execution_policy_flag) do + provider_flags = provider.flags.split(" ") + # Last occurance of "executionpolicy" + execution_policy_index = provider_flags.map(&:downcase).rindex("-executionpolicy") - context "when running with an unspecified PowerShell version" do - let(:powershell_version) { nil } - it "sets default -ExecutionPolicy flag to 'Unrestricted'" do - expect(execution_policy_flag.downcase).to eq("unrestricted".downcase) - end - it "sets user defined -ExecutionPolicy flag to 'RemoteSigned'" do - set_user_defined_flag - expect(execution_policy_flag.downcase).to eq("RemoteSigned".downcase) - end - end + execution_policy_index ? provider_flags[execution_policy_index + 1] : nil + end - { "2.0" => "Unrestricted", - "2.5" => "Unrestricted", - "3.0" => "Bypass", - "3.6" => "Bypass", - "4.0" => "Bypass", - "5.0" => "Bypass" }.each do |version_policy| - let(:powershell_version) { version_policy[0].to_f } - context "when running PowerShell version #{version_policy[0]}" do - let(:powershell_version) { version_policy[0].to_f } + it "sets default -ExecutionPolicy flag to 'Bypass'" do + expect(execution_policy_flag).to eq("Bypass") + end - it "sets default -ExecutionPolicy flag to '#{version_policy[1]}'" do - expect(execution_policy_flag.downcase).to eq(version_policy[1].downcase) - end - it "sets user defined -ExecutionPolicy flag to 'RemoteSigned'" do - set_user_defined_flag - expect(execution_policy_flag.downcase).to eq("RemoteSigned".downcase) - end - end - end + it "sets user defined -ExecutionPolicy flag to 'RemoteSigned'" do + set_user_defined_flag + expect(execution_policy_flag).to eq("RemoteSigned") end end end diff --git a/spec/unit/provider/remote_file_spec.rb b/spec/unit/provider/remote_file_spec.rb index 07b854da6b..5f3caa3db4 100644 --- a/spec/unit/provider/remote_file_spec.rb +++ b/spec/unit/provider/remote_file_spec.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,10 +34,9 @@ describe Chef::Provider::RemoteFile do content = double("Chef::Provider::File::Content::RemoteFile") end - let(:node) { double("Chef::Node") } - let(:events) { double("Chef::Events").as_null_object } # mock all the methods - let(:logger) { double("Mixlib::Log::Child").as_null_object } - let(:run_context) { double("Chef::RunContext", node: node, events: events, logger: logger) } + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } let(:enclosing_directory) do canonicalize_path(File.expand_path(File.join(CHEF_SPEC_DATA, "templates"))) end diff --git a/spec/unit/provider/service/debian_service_spec.rb b/spec/unit/provider/service/debian_service_spec.rb index 5f89605b2e..60c20118bc 100644 --- a/spec/unit/provider/service/debian_service_spec.rb +++ b/spec/unit/provider/service/debian_service_spec.rb @@ -1,6 +1,6 @@ # # Author:: AJ Christensen (<aj@hjksolutions.com>) -# Copyright:: Copyright 2008-2016, HJK Solutions, LLC +# Copyright:: Copyright 2008-2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -183,21 +183,21 @@ describe Chef::Provider::Service::Debian do describe "enable_service" do let(:service_name) { @new_resource.service_name } context "when the service doesn't set a priority" do - it "calls update-rc.d 'service_name' defaults" do + it "assumes default priority 20 and calls update-rc.d remove => defaults 20 80" do expect_commands(@provider, [ "/usr/sbin/update-rc.d -f #{service_name} remove", - "/usr/sbin/update-rc.d #{service_name} defaults", + "/usr/sbin/update-rc.d #{service_name} defaults 20 80", ]) @provider.enable_service end end - context "when the service sets a simple priority" do + context "when the service sets a simple priority 75" do before do @new_resource.priority(75) end - it "calls update-rc.d 'service_name' defaults" do + it "calls update-rc.d remove => defaults 75 25" do expect_commands(@provider, [ "/usr/sbin/update-rc.d -f #{service_name} remove", "/usr/sbin/update-rc.d #{service_name} defaults 75 25", @@ -206,15 +206,17 @@ describe Chef::Provider::Service::Debian do end end - context "when the service sets complex priorities" do + context "when the service sets complex priorities using Hash" do before do @new_resource.priority(2 => [:start, 20], 3 => [:stop, 55]) end - it "calls update-rc.d 'service_name' with those priorities" do + it "calls update-rc.d remove => defaults => enable|disable <runlevel>" do expect_commands(@provider, [ "/usr/sbin/update-rc.d -f #{service_name} remove", - "/usr/sbin/update-rc.d #{service_name} start 20 2 . stop 55 3 . ", + "/usr/sbin/update-rc.d #{service_name} defaults", + "/usr/sbin/update-rc.d #{service_name} enable 2", + "/usr/sbin/update-rc.d #{service_name} disable 3", ]) @provider.enable_service end @@ -223,25 +225,44 @@ describe Chef::Provider::Service::Debian do describe "disable_service" do let(:service_name) { @new_resource.service_name } + context "when the service doesn't set a priority" do - it "calls update-rc.d -f 'service_name' remove + stop with default priority" do + it "calls update-rc.d remove => defaults => disable" do expect_commands(@provider, [ "/usr/sbin/update-rc.d -f #{service_name} remove", - "/usr/sbin/update-rc.d -f #{service_name} stop 80 2 3 4 5 .", + "/usr/sbin/update-rc.d #{service_name} defaults", + "/usr/sbin/update-rc.d #{service_name} disable", ]) @provider.disable_service end end - context "when the service sets a simple priority" do + context "when the service sets a simple priority 75" do before do @new_resource.priority(75) end - it "calls update-rc.d -f 'service_name' remove + stop with the specified priority" do + it "ignores priority and calls update-rc.d remove => defaults => disable" do expect_commands(@provider, [ "/usr/sbin/update-rc.d -f #{service_name} remove", - "/usr/sbin/update-rc.d -f #{service_name} stop #{100 - @new_resource.priority} 2 3 4 5 .", + "/usr/sbin/update-rc.d #{service_name} defaults", + "/usr/sbin/update-rc.d #{service_name} disable", + ]) + @provider.disable_service + end + end + + context "when the service sets complex priorities using Hash" do + before do + @new_resource.priority(2 => [:start, 20], 3 => [:stop, 55]) + end + + it "ignores priority and calls update-rc.d remove => defaults => enable|disable <runlevel>" do + expect_commands(@provider, [ + "/usr/sbin/update-rc.d -f #{service_name} remove", + "/usr/sbin/update-rc.d #{service_name} defaults", + "/usr/sbin/update-rc.d #{service_name} enable 2", + "/usr/sbin/update-rc.d #{service_name} disable 3", ]) @provider.disable_service end diff --git a/spec/unit/provider/service/macosx_spec.rb b/spec/unit/provider/service/macosx_spec.rb index 420fd329f6..9327d07cdd 100644 --- a/spec/unit/provider/service/macosx_spec.rb +++ b/spec/unit/provider/service/macosx_spec.rb @@ -1,6 +1,7 @@ # # Author:: Igor Afonov <afonov@gmail.com> # Copyright:: Copyright 2011-2016, Igor Afonov +# Copyright:: Copyright 2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -61,276 +62,271 @@ describe Chef::Provider::Service::Macosx do %w{Daemon Agent}.each do |service_type| ["redis-server", "io.redis.redis-server"].each do |service_name| - ["10.9", "10.10", "10.11"].each do |platform_version| - let(:plist) { "/Library/LaunchDaemons/io.redis.redis-server.plist" } - let(:session) { StringIO.new } - if service_type == "Agent" - let(:plist) { "/Library/LaunchAgents/io.redis.redis-server.plist" } - let(:session) { "-S Aqua " } - let(:su_cmd) { "su -l igor -c" } - if platform_version == "10.9" - let(:su_cmd) { "su igor -c" } - end - end - let(:service_label) { "io.redis.redis-server" } - before do - allow(run_context).to receive(:logger).and_return(logger) - allow(Dir).to receive(:glob).and_return([plist], []) - @stat = double("File::Stat", { uid: 501 }) - allow(File).to receive(:stat).and_return(@stat) - @getpwuid = double("Etc::Passwd", { name: "mikedodge04" }) - allow(Etc).to receive(:getpwuid).and_return(@getpwuid) - allow(node).to receive(:[]).with("platform_version").and_return(platform_version) - cmd = "launchctl list #{service_label}" - allow(provider).to receive(:shell_out) - .with(/(#{su_cmd} '#{cmd}'|#{cmd})/, default_env: false) - .and_return(double("Status", - stdout: launchctl_stdout, exitstatus: 0)) - allow(File).to receive(:exists?).and_return([true], []) - allow(provider).to receive(:shell_out!) - .with(/plutil -convert xml1 -o/, default_env: false) - .and_return(double("Status", stdout: plutil_stdout)) - end + let(:plist) { "/Library/LaunchDaemons/io.redis.redis-server.plist" } + let(:session) { StringIO.new } + if service_type == "Agent" + let(:plist) { "/Library/LaunchAgents/io.redis.redis-server.plist" } + let(:session) { "-S Aqua " } + let(:su_cmd) { "su -l igor -c" } + end + let(:service_label) { "io.redis.redis-server" } + before do + allow(run_context).to receive(:logger).and_return(logger) + allow(Dir).to receive(:glob).and_return([plist], []) + @stat = double("File::Stat", { uid: 501 }) + allow(File).to receive(:stat).and_return(@stat) + @getpwuid = double("Etc::Passwd", { name: "mikedodge04" }) + allow(Etc).to receive(:getpwuid).and_return(@getpwuid) + allow(node).to receive(:[]).with("platform_version").and_return("10.11.1") + cmd = "launchctl list #{service_label}" + allow(provider).to receive(:shell_out) + .with(/(#{su_cmd} '#{cmd}'|#{cmd})/, default_env: false) + .and_return(double("Status", + stdout: launchctl_stdout, exitstatus: 0)) + allow(File).to receive(:exists?).and_return([true], []) + allow(provider).to receive(:shell_out!) + .with(/plutil -convert xml1 -o/, default_env: false) + .and_return(double("Status", stdout: plutil_stdout)) + end - context "#{service_name} that is a #{service_type} running Osx #{platform_version}" do - let(:new_resource) { Chef::Resource::MacosxService.new(service_name) } - let!(:current_resource) { Chef::Resource::MacosxService.new(service_name) } + context "#{service_name} that is a #{service_type}" do + let(:new_resource) { Chef::Resource::MacosxService.new(service_name) } + let!(:current_resource) { Chef::Resource::MacosxService.new(service_name) } - describe "#load_current_resource" do + describe "#load_current_resource" do - # CHEF-5223 "you can't glob for a file that hasn't been converged - # onto the node yet." - context "when the plist doesn't exist" do + # CHEF-5223 "you can't glob for a file that hasn't been converged + # onto the node yet." + context "when the plist doesn't exist" do - def run_resource_setup_for_action(action) - new_resource.action(action) - provider.action = action - provider.load_current_resource - provider.define_resource_requirements - provider.process_resource_requirements - end + def run_resource_setup_for_action(action) + new_resource.action(action) + provider.action = action + provider.load_current_resource + provider.define_resource_requirements + provider.process_resource_requirements + end - before do - allow(Dir).to receive(:glob).and_return([]) - allow(File).to receive(:exists?).and_return([true], []) - allow(provider).to receive(:shell_out!) - .with(/plutil -convert xml1 -o/) - .and_raise(Mixlib::ShellOut::ShellCommandFailed) - end + before do + allow(Dir).to receive(:glob).and_return([]) + allow(File).to receive(:exists?).and_return([true], []) + allow(provider).to receive(:shell_out!) + .with(/plutil -convert xml1 -o/) + .and_raise(Mixlib::ShellOut::ShellCommandFailed) + end - it "works for action :nothing" do - expect { run_resource_setup_for_action(:nothing) }.not_to raise_error - end + it "works for action :nothing" do + expect { run_resource_setup_for_action(:nothing) }.not_to raise_error + end - it "works for action :start" do - expect { run_resource_setup_for_action(:start) }.not_to raise_error - end + it "works for action :start" do + expect { run_resource_setup_for_action(:start) }.not_to raise_error + end - it "errors if action is :enable" do - expect { run_resource_setup_for_action(:enable) }.to raise_error(Chef::Exceptions::Service) - end + it "errors if action is :enable" do + expect { run_resource_setup_for_action(:enable) }.to raise_error(Chef::Exceptions::Service) + end - it "errors if action is :disable" do - expect { run_resource_setup_for_action(:disable) }.to raise_error(Chef::Exceptions::Service) - end + it "errors if action is :disable" do + expect { run_resource_setup_for_action(:disable) }.to raise_error(Chef::Exceptions::Service) end + end - context "when launchctl returns pid in service list" do - let(:launchctl_stdout) { StringIO.new <<~SVC_LIST } - { - "LimitLoadToSessionType" = "System"; - "Label" = "io.redis.redis-server"; - "TimeOut" = 30; - "OnDemand" = false; - "LastExitStatus" = 0; - "PID" = 62803; - "Program" = "do_some.sh"; - "ProgramArguments" = ( - "path/to/do_something.sh"; - "-f"; - ); - }; - SVC_LIST + context "when launchctl returns pid in service list" do + let(:launchctl_stdout) { StringIO.new <<~SVC_LIST } + { + "LimitLoadToSessionType" = "System"; + "Label" = "io.redis.redis-server"; + "TimeOut" = 30; + "OnDemand" = false; + "LastExitStatus" = 0; + "PID" = 62803; + "Program" = "do_some.sh"; + "ProgramArguments" = ( + "path/to/do_something.sh"; + "-f"; + ); + }; + SVC_LIST - before do - provider.load_current_resource - end + before do + provider.load_current_resource + end - it "sets resource running state to true" do - expect(provider.current_resource.running).to be_truthy - end + it "sets resource running state to true" do + expect(provider.current_resource.running).to be_truthy + end - it "sets resouce enabled state to true" do - expect(provider.current_resource.enabled).to be_truthy - end + it "sets resouce enabled state to true" do + expect(provider.current_resource.enabled).to be_truthy end + end - describe "running unsupported actions" do - before do - allow(Dir).to receive(:glob).and_return([(plist).to_s], []) - allow(File).to receive(:exists?).and_return([true], []) - end - it "should throw an exception when reload action is attempted" do - expect { provider.run_action(:reload) }.to raise_error(Chef::Exceptions::UnsupportedAction) - end + describe "running unsupported actions" do + before do + allow(Dir).to receive(:glob).and_return([(plist).to_s], []) + allow(File).to receive(:exists?).and_return([true], []) end - context "when launchctl returns empty service pid" do - let(:launchctl_stdout) { StringIO.new <<~SVC_LIST } - { - "LimitLoadToSessionType" = "System"; - "Label" = "io.redis.redis-server"; - "TimeOut" = 30; - "OnDemand" = false; - "LastExitStatus" = 0; - "Program" = "do_some.sh"; - "ProgramArguments" = ( - "path/to/do_something.sh"; - "-f"; - ); - }; - SVC_LIST + it "should throw an exception when reload action is attempted" do + expect { provider.run_action(:reload) }.to raise_error(Chef::Exceptions::UnsupportedAction) + end + end + context "when launchctl returns empty service pid" do + let(:launchctl_stdout) { StringIO.new <<~SVC_LIST } + { + "LimitLoadToSessionType" = "System"; + "Label" = "io.redis.redis-server"; + "TimeOut" = 30; + "OnDemand" = false; + "LastExitStatus" = 0; + "Program" = "do_some.sh"; + "ProgramArguments" = ( + "path/to/do_something.sh"; + "-f"; + ); + }; + SVC_LIST - before do - provider.load_current_resource - end + before do + provider.load_current_resource + end - it "sets resource running state to false" do - expect(provider.current_resource.running).to be_falsey - end + it "sets resource running state to false" do + expect(provider.current_resource.running).to be_falsey + end - it "sets resouce enabled state to true" do - expect(provider.current_resource.enabled).to be_truthy - end + it "sets resouce enabled state to true" do + expect(provider.current_resource.enabled).to be_truthy end + end - context "when launchctl doesn't return service entry at all" do - let(:launchctl_stdout) { StringIO.new <<~SVC_LIST } - Could not find service "io.redis.redis-server" in domain for system - SVC_LIST + context "when launchctl doesn't return service entry at all" do + let(:launchctl_stdout) { StringIO.new <<~SVC_LIST } + Could not find service "io.redis.redis-server" in domain for system + SVC_LIST - it "sets service running state to false" do + it "sets service running state to false" do + provider.load_current_resource + expect(provider.current_resource.running).to be_falsey + end + + context "and plist for service is not available" do + before do + allow(Dir).to receive(:glob).and_return([]) provider.load_current_resource - expect(provider.current_resource.running).to be_falsey end - context "and plist for service is not available" do - before do - allow(Dir).to receive(:glob).and_return([]) - provider.load_current_resource - end - - it "sets resouce enabled state to false" do - expect(provider.current_resource.enabled).to be_falsey - end + it "sets resouce enabled state to false" do + expect(provider.current_resource.enabled).to be_falsey end + end - context "and plist for service is available" do - before do - allow(Dir).to receive(:glob).and_return([(plist).to_s], []) - provider.load_current_resource - end + context "and plist for service is available" do + before do + allow(Dir).to receive(:glob).and_return([(plist).to_s], []) + provider.load_current_resource + end - it "sets resouce enabled state to true" do - expect(provider.current_resource.enabled).to be_truthy - end + it "sets resouce enabled state to true" do + expect(provider.current_resource.enabled).to be_truthy end + end - describe "and several plists match service name" do - it "throws exception" do - allow(Dir).to receive(:glob).and_return([(plist).to_s, - "/Users/wtf/something.plist"]) - provider.load_current_resource - provider.define_resource_requirements - expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Service) - end + describe "and several plists match service name" do + it "throws exception" do + allow(Dir).to receive(:glob).and_return([(plist).to_s, + "/Users/wtf/something.plist"]) + provider.load_current_resource + provider.define_resource_requirements + expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Service) end end end - describe "#start_service" do - before do - allow(Chef::Resource::MacosxService).to receive(:new).and_return(current_resource) - provider.load_current_resource - allow(current_resource).to receive(:running).and_return(false) - end + end + describe "#start_service" do + before do + allow(Chef::Resource::MacosxService).to receive(:new).and_return(current_resource) + provider.load_current_resource + allow(current_resource).to receive(:running).and_return(false) + end - it "calls the start command if one is specified and service is not running" do - allow(new_resource).to receive(:start_command).and_return("cowsay dirty") + it "calls the start command if one is specified and service is not running" do + allow(new_resource).to receive(:start_command).and_return("cowsay dirty") - expect(provider).to receive(:shell_out!).with("cowsay dirty", default_env: false) - provider.start_service - end + expect(provider).to receive(:shell_out!).with("cowsay dirty", default_env: false) + provider.start_service + end - it "shows warning message if service is already running" do - allow(current_resource).to receive(:running).and_return(true) - expect(logger).to receive(:trace).with("macosx_service[#{service_name}] already running, not starting") + it "shows warning message if service is already running" do + allow(current_resource).to receive(:running).and_return(true) + expect(logger).to receive(:trace).with("macosx_service[#{service_name}] already running, not starting") - provider.start_service - end + provider.start_service + end - it "starts service via launchctl if service found" do - cmd = "launchctl load -w " + session + plist - expect(provider).to receive(:shell_out) - .with(/(#{su_cmd} .#{cmd}.|#{cmd})/, default_env: false) - .and_return(0) + it "starts service via launchctl if service found" do + cmd = "launchctl load -w " + session + plist + expect(provider).to receive(:shell_out) + .with(/(#{su_cmd} .#{cmd}.|#{cmd})/, default_env: false) + .and_return(0) - provider.start_service - end + provider.start_service end + end - describe "#stop_service" do - before do - allow(Chef::Resource::MacosxService).to receive(:new).and_return(current_resource) + describe "#stop_service" do + before do + allow(Chef::Resource::MacosxService).to receive(:new).and_return(current_resource) - provider.load_current_resource - allow(current_resource).to receive(:running).and_return(true) - end + provider.load_current_resource + allow(current_resource).to receive(:running).and_return(true) + end - it "calls the stop command if one is specified and service is running" do - allow(new_resource).to receive(:stop_command).and_return("kill -9 123") + it "calls the stop command if one is specified and service is running" do + allow(new_resource).to receive(:stop_command).and_return("kill -9 123") - expect(provider).to receive(:shell_out!).with("kill -9 123", default_env: false) - provider.stop_service - end + expect(provider).to receive(:shell_out!).with("kill -9 123", default_env: false) + provider.stop_service + end - it "shows warning message if service is not running" do - allow(current_resource).to receive(:running).and_return(false) - expect(logger).to receive(:trace).with("macosx_service[#{service_name}] not running, not stopping") + it "shows warning message if service is not running" do + allow(current_resource).to receive(:running).and_return(false) + expect(logger).to receive(:trace).with("macosx_service[#{service_name}] not running, not stopping") - provider.stop_service - end + provider.stop_service + end - it "stops the service via launchctl if service found" do - cmd = "launchctl unload -w " + plist - expect(provider).to receive(:shell_out) - .with(/(#{su_cmd} .#{cmd}.|#{cmd})/, default_env: false) - .and_return(0) + it "stops the service via launchctl if service found" do + cmd = "launchctl unload -w " + plist + expect(provider).to receive(:shell_out) + .with(/(#{su_cmd} .#{cmd}.|#{cmd})/, default_env: false) + .and_return(0) - provider.stop_service - end + provider.stop_service end + end - describe "#restart_service" do - before do - allow(Chef::Resource::Service).to receive(:new).and_return(current_resource) + describe "#restart_service" do + before do + allow(Chef::Resource::Service).to receive(:new).and_return(current_resource) - provider.load_current_resource - allow(current_resource).to receive(:running).and_return(true) - allow(provider).to receive(:sleep) - end + provider.load_current_resource + allow(current_resource).to receive(:running).and_return(true) + allow(provider).to receive(:sleep) + end - it "issues a command if given" do - allow(new_resource).to receive(:restart_command).and_return("reload that thing") + it "issues a command if given" do + allow(new_resource).to receive(:restart_command).and_return("reload that thing") - expect(provider).to receive(:shell_out!).with("reload that thing", default_env: false) - provider.restart_service - end + expect(provider).to receive(:shell_out!).with("reload that thing", default_env: false) + provider.restart_service + end - it "stops and then starts service" do - expect(provider).to receive(:unload_service) - expect(provider).to receive(:load_service) + it "stops and then starts service" do + expect(provider).to receive(:unload_service) + expect(provider).to receive(:load_service) - provider.restart_service - end + provider.restart_service end end end diff --git a/spec/unit/provider/service/systemd_service_spec.rb b/spec/unit/provider/service/systemd_service_spec.rb index 983d524d25..789ebe18c7 100644 --- a/spec/unit/provider/service/systemd_service_spec.rb +++ b/spec/unit/provider/service/systemd_service_spec.rb @@ -1,7 +1,7 @@ # # Author:: Stephen Haynes (<sh@nomitor.com>) # Author:: Davide Cavalca (<dcavalca@fb.com>) -# Copyright:: Copyright 2011-2018, Chef Software Inc. +# Copyright:: Copyright 2011-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -177,13 +177,13 @@ describe Chef::Provider::Service::Systemd do context "when a user is not specified" do it "should call '#{systemctl_path} --system start service_name' if no start command is specified" do - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system start #{service_name_escaped}", default_env: false).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "start", service_name, default_env: false, timeout: 900).and_return(shell_out_success) provider.start_service end it "should not call '#{systemctl_path} --system start service_name' if it is already running" do current_resource.running(true) - expect(provider).not_to receive(:shell_out!).with("#{systemctl_path} --system start #{service_name_escaped}", {}) + expect(provider).not_to receive(:shell_out_compacted!).with(systemctl_path, "--system", "start", service_name, timeout: 900) provider.start_service end end @@ -191,14 +191,14 @@ describe Chef::Provider::Service::Systemd do context "when a user is specified" do it "should call '#{systemctl_path} --user start service_name' if no start command is specified" do current_resource.user("joe") - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --user start #{service_name_escaped}", { environment: { "DBUS_SESSION_BUS_ADDRESS" => "unix:path=/run/user/10000/bus" }, user: "joe", default_env: false }).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--user", "start", service_name, environment: { "DBUS_SESSION_BUS_ADDRESS" => "unix:path=/run/user/10000/bus" }, user: "joe", default_env: false, timeout: 900).and_return(shell_out_success) provider.start_service end it "should not call '#{systemctl_path} --user start service_name' if it is already running" do current_resource.running(true) current_resource.user("joe") - expect(provider).not_to receive(:shell_out!).with("#{systemctl_path} --user start #{service_name_escaped}", { environment: { "DBUS_SESSION_BUS_ADDRESS" => "unix:path=/run/user/10000/bus" }, user: "joe" }) + expect(provider).not_to receive(:shell_out_compacted!).with(systemctl_path, "--user", "start", service_name, environment: { "DBUS_SESSION_BUS_ADDRESS" => "unix:path=/run/user/10000/bus" }, user: "joe", timeout: 900) provider.start_service end end @@ -212,7 +212,7 @@ describe Chef::Provider::Service::Systemd do it "should call '#{systemctl_path} --system restart service_name' if no restart command is specified" do current_resource.running(true) - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system restart #{service_name_escaped}", default_env: false).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "restart", service_name, default_env: false, timeout: 900).and_return(shell_out_success) provider.restart_service end @@ -229,7 +229,7 @@ describe Chef::Provider::Service::Systemd do context "when a reload command is not specified" do it "should call '#{systemctl_path} --system reload service_name' if the service is running" do current_resource.running(true) - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system reload #{service_name_escaped}", default_env: false).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "reload", service_name, default_env: false, timeout: 900).and_return(shell_out_success) provider.reload_service end @@ -250,13 +250,13 @@ describe Chef::Provider::Service::Systemd do it "should call '#{systemctl_path} --system stop service_name' if no stop command is specified" do current_resource.running(true) - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system stop #{service_name_escaped}", default_env: false).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "stop", service_name, timeout: 900, default_env: false).and_return(shell_out_success) provider.stop_service end it "should not call '#{systemctl_path} --system stop service_name' if it is already stopped" do current_resource.running(false) - expect(provider).not_to receive(:shell_out!).with("#{systemctl_path} --system stop #{service_name_escaped}", {}) + expect(provider).not_to receive(:shell_out_compacted!).with(systemctl_path, "--system", "stop", service_name, timeout: 900) provider.stop_service end end @@ -269,12 +269,12 @@ describe Chef::Provider::Service::Systemd do end it "should call '#{systemctl_path} --system enable service_name' to enable the service" do - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system enable #{service_name_escaped}", {}).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "enable", service_name, timeout: 900).and_return(shell_out_success) provider.enable_service end it "should call '#{systemctl_path} --system disable service_name' to disable the service" do - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system disable #{service_name_escaped}", {}).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "disable", service_name, timeout: 900).and_return(shell_out_success) provider.disable_service end end @@ -287,12 +287,12 @@ describe Chef::Provider::Service::Systemd do end it "should call '#{systemctl_path} --system mask service_name' to mask the service" do - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system mask #{service_name_escaped}", {}).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "mask", service_name, timeout: 900).and_return(shell_out_success) provider.mask_service end it "should call '#{systemctl_path} --system unmask service_name' to unmask the service" do - expect(provider).to receive(:shell_out!).with("#{systemctl_path} --system unmask #{service_name_escaped}", {}).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted!).with(systemctl_path, "--system", "unmask", service_name, timeout: 900).and_return(shell_out_success) provider.unmask_service end end @@ -305,12 +305,12 @@ describe Chef::Provider::Service::Systemd do end it "should return true if '#{systemctl_path} --system is-active service_name' returns 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-active #{service_name_escaped} --quiet", {}).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-active", service_name, "--quiet", timeout: 900).and_return(shell_out_success) expect(provider.is_active?).to be true end it "should return false if '#{systemctl_path} --system is-active service_name' returns anything except 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-active #{service_name_escaped} --quiet", {}).and_return(shell_out_failure) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-active", service_name, "--quiet", timeout: 900).and_return(shell_out_failure) expect(provider.is_active?).to be false end end @@ -323,12 +323,12 @@ describe Chef::Provider::Service::Systemd do end it "should return true if '#{systemctl_path} --system is-enabled service_name' returns 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped} --quiet", {}).and_return(shell_out_success) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, "--quiet", timeout: 900).and_return(shell_out_success) expect(provider.is_enabled?).to be true end it "should return false if '#{systemctl_path} --system is-enabled service_name' returns anything except 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped} --quiet", {}).and_return(shell_out_failure) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, "--quiet", timeout: 900).and_return(shell_out_failure) expect(provider.is_enabled?).to be false end end @@ -341,22 +341,22 @@ describe Chef::Provider::Service::Systemd do end it "should return true if '#{systemctl_path} --system is-enabled service_name' returns 'masked' and returns anything except 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "masked", exitstatus: shell_out_failure)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "masked", exitstatus: shell_out_failure)) expect(provider.is_masked?).to be true end it "should return true if '#{systemctl_path} --system is-enabled service_name' outputs 'masked-runtime' and returns anything except 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "masked-runtime", exitstatus: shell_out_failure)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "masked-runtime", exitstatus: shell_out_failure)) expect(provider.is_masked?).to be true end it "should return false if '#{systemctl_path} --system is-enabled service_name' returns 0" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "enabled", exitstatus: shell_out_success)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "enabled", exitstatus: shell_out_success)) expect(provider.is_masked?).to be false end it "should return false if '#{systemctl_path} --system is-enabled service_name' returns anything except 0 and outputs an error'" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "Failed to get unit file state for #{service_name}: No such file or directory", exitstatus: shell_out_failure)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "Failed to get unit file state for #{service_name}: No such file or directory", exitstatus: shell_out_failure)) expect(provider.is_masked?).to be false end end @@ -369,17 +369,17 @@ describe Chef::Provider::Service::Systemd do end it "should return true if '#{systemctl_path} --system is-enabled service_name' returns 'indirect'" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "indirect", exitstatus: shell_out_success)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "indirect", exitstatus: shell_out_success)) expect(provider.is_indirect?).to be true end it "should return false if '#{systemctl_path} --system is-enabled service_name' returns 0 and outputs something other than 'indirect'" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "enabled", exitstatus: shell_out_success)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "enabled", exitstatus: shell_out_success)) expect(provider.is_indirect?).to be false end it "should return false if '#{systemctl_path} --system is-enabled service_name' returns anything except 0 and outputs somethign other than 'indirect''" do - expect(provider).to receive(:shell_out).with("#{systemctl_path} --system is-enabled #{service_name_escaped}", {}).and_return(double(stdout: "enabled", exitstatus: shell_out_failure)) + expect(provider).to receive(:shell_out_compacted).with(systemctl_path, "--system", "is-enabled", service_name, timeout: 900).and_return(double(stdout: "enabled", exitstatus: shell_out_failure)) expect(provider.is_indirect?).to be false end end diff --git a/spec/unit/provider/template_spec.rb b/spec/unit/provider/template_spec.rb index a65846ecb2..80a01ac1d4 100644 --- a/spec/unit/provider/template_spec.rb +++ b/spec/unit/provider/template_spec.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2008-2016, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,10 +24,9 @@ require "ostruct" require "support/shared/unit/provider/file" describe Chef::Provider::Template do - let(:node) { double("Chef::Node") } - let(:events) { double("Chef::Events").as_null_object } # mock all the methods - let(:logger) { double("Mixlib::Log::Child").as_null_object } - let(:run_context) { double("Chef::RunContext", node: node, events: events, logger: logger) } + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } let(:enclosing_directory) do canonicalize_path(File.expand_path(File.join(CHEF_SPEC_DATA, "templates"))) end diff --git a/spec/unit/provider/user/aix_spec.rb b/spec/unit/provider/user/aix_spec.rb index f8b5b8a324..99b2c41e86 100644 --- a/spec/unit/provider/user/aix_spec.rb +++ b/spec/unit/provider/user/aix_spec.rb @@ -1,4 +1,4 @@ -# Copyright:: Copyright 2017, Chef Software Inc. +# Copyright:: Copyright 2017-2019, Chef Software Inc. # # License:: Apache License, Version 2.0 # @@ -51,7 +51,7 @@ describe Chef::Provider::User::Aix do end it "should call chpasswd correctly" do - expect(provider).to receive(:shell_out_compacted!).with("echo 'adam:Ostagazuzulum' | chpasswd -e").and_return true + expect(provider).to receive(:shell_out_compacted!).with("echo 'adam:Ostagazuzulum' | chpasswd -c -e").and_return true provider.manage_user end end diff --git a/spec/unit/provider_resolver_spec.rb b/spec/unit/provider_resolver_spec.rb index c8eb18b5b6..1fd494c500 100644 --- a/spec/unit/provider_resolver_spec.rb +++ b/spec/unit/provider_resolver_spec.rb @@ -1,6 +1,6 @@ # # Author:: Lamont Granquist (<lamont@chef.io>) -# Copyright:: Copyright 2014-2018, Chef Software Inc. +# Copyright:: Copyright 2014-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -132,6 +132,10 @@ describe Chef::ProviderResolver do expect(expected_provider).to receive(:new).with(resource, run_context).and_return(provider) expect(resolved_provider).to eql(expected_provider) end + elsif expected_resource + it "'#{name}' resolves to resource #{expected_resource}", *tags do + expect(resource.class).to eql(expected_resource) + end else it "'#{name}' fails to resolve (since #{name.inspect} is unsupported on #{platform} #{platform_version})", *tags do Chef::Config[:treat_deprecation_warnings_as_errors] = false @@ -556,9 +560,9 @@ describe Chef::ProviderResolver do ips_package: [ Chef::Resource::IpsPackage, Chef::Provider::Package::Ips ], link: [ Chef::Resource::Link, Chef::Provider::Link ], linux_user: [ Chef::Resource::User::LinuxUser, Chef::Provider::User::Linux ], - log: [ Chef::Resource::Log, Chef::Provider::Log::ChefLog ], + log: [ Chef::Resource::Log ], macports_package: [ Chef::Resource::MacportsPackage, Chef::Provider::Package::Macports ], - mdadm: [ Chef::Resource::Mdadm, Chef::Provider::Mdadm ], + mdadm: [ Chef::Resource::Mdadm ], mount: [ Chef::Resource::Mount, Chef::Provider::Mount::Mount ], pacman_package: [ Chef::Resource::PacmanPackage, Chef::Provider::Package::Pacman ], paludis_package: [ Chef::Resource::PaludisPackage, Chef::Provider::Package::Paludis ], @@ -583,6 +587,7 @@ describe Chef::ProviderResolver do windows_service: [ Chef::Resource::WindowsService, Chef::Provider::Service::Windows ], windows_user: [ Chef::Resource::User::WindowsUser, Chef::Provider::User::Windows ], yum_package: [ Chef::Resource::YumPackage, Chef::Provider::Package::Yum ], + build_essential: [ Chef::Resource::BuildEssential ], "linux" => { "debian" => { diff --git a/spec/unit/recipe_spec.rb b/spec/unit/recipe_spec.rb index f2ec175243..099e6750f6 100644 --- a/spec/unit/recipe_spec.rb +++ b/spec/unit/recipe_spec.rb @@ -3,7 +3,7 @@ # Author:: Christopher Walters (<cw@chef.io>) # Author:: Tim Hinderliter (<tim@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/spec/unit/resource/alternatives_spec.rb b/spec/unit/resource/alternatives_spec.rb new file mode 100644 index 0000000000..d8e7977125 --- /dev/null +++ b/spec/unit/resource/alternatives_spec.rb @@ -0,0 +1,120 @@ +# +# Author:: Tim Smith (<tsmith@chef.io>) +# Copyright:: 2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::Alternatives do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::Alternatives.new("fakey_fakerton", run_context) } + let(:provider) { resource.provider_for_action(:install) } + + let(:alternatives_display_exists) do + double("shellout", stdout: <<-STDOUT) + java - auto mode + link best version is /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java + link currently points to /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java + link java is /usr/bin/java + slave java.1.gz is /usr/share/man/man1/java.1.gz +/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java - priority 1081 + slave java.1.gz: /usr/lib/jvm/java-8-openjdk-amd64/jre/man/man1/java.1.gz + STDOUT + end + + let(:alternatives_display_does_not_exist) do + double("shellout", stdout: "update-alternatives: error: no alternatives for fakey_fakerton") + end + + it "the link_name property is the name_property" do + expect(resource.link_name).to eql("fakey_fakerton") + end + + it "sets the default action as :install" do + expect(resource.action).to eql([:install]) + end + + it "coerces priority value to an Integer" do + resource.priority("1") + expect(resource.priority).to eql(1) + end + + it "builds a default value for link based on link_name value" do + expect(resource.link).to eql("/usr/bin/fakey_fakerton") + end + + it "supports :install, :auto, :refresh, and :remove actions" do + expect { resource.action :install }.not_to raise_error + expect { resource.action :auto }.not_to raise_error + expect { resource.action :refresh }.not_to raise_error + expect { resource.action :remove }.not_to raise_error + end + + describe "#path_exists?" do + it "returns true if the path exists according to alternatives --display" do + allow(provider).to receive(:shell_out).with("alternatives", "--display", "fakey_fakerton").and_return(alternatives_display_exists) + expect(provider.path_exists?).to eql(true) + end + + it "returns false if alternatives --display does not find a path" do + allow(provider).to receive(:shell_out).with("alternatives", "--display", "fakey_fakerton").and_return(alternatives_display_does_not_exist) + expect(provider.path_exists?).to eql(false) + end + end + + describe "#current_path" do + it "extracts the current path by running alternatives --display" do + allow(provider).to receive(:shell_out).with("alternatives", "--display", "fakey_fakerton").and_return(alternatives_display_exists) + expect(provider.current_path).to eql("/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java") + end + end + + describe "#path_priority" do + it "extracts the path priority by running alternatives --display" do + allow(provider).to receive(:shell_out).with("alternatives", "--display", "fakey_fakerton").and_return(alternatives_display_exists) + expect(provider.path_priority).to eql(1081) + end + end + + describe "#alternatives_cmd" do + it "returns alternatives on fedora" do + node.automatic_attrs[:platform_family] = "fedora" + expect(provider.alternatives_cmd).to eql("alternatives") + end + + it "returns alternatives on amazon" do + node.automatic_attrs[:platform_family] = "amazon" + expect(provider.alternatives_cmd).to eql("alternatives") + end + + it "returns alternatives on suse" do + node.automatic_attrs[:platform_family] = "suse" + expect(provider.alternatives_cmd).to eql("alternatives") + end + + it "returns alternatives on redhat" do + node.automatic_attrs[:platform_family] = "rhel" + expect(provider.alternatives_cmd).to eql("alternatives") + end + + it "returns update-alternatives on debian" do + node.automatic_attrs[:platform_family] = "debian" + expect(provider.alternatives_cmd).to eql("update-alternatives") + end + end +end diff --git a/spec/unit/resource/apt_preference_spec.rb b/spec/unit/resource/apt_preference_spec.rb index c7ab8d2409..5742c2e1a5 100644 --- a/spec/unit/resource/apt_preference_spec.rb +++ b/spec/unit/resource/apt_preference_spec.rb @@ -1,6 +1,6 @@ # # Author:: Tim Smith (<tsmith@chef.io>) -# Copyright:: 2016-2017, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,22 +36,4 @@ describe Chef::Resource::AptPreference do expect { resource.action :add }.not_to raise_error expect { resource.action :remove }.not_to raise_error end - - it "resolves to a Noop class when on non-linux OS" do - node.automatic[:os] = "windows" - node.automatic[:platform_family] = "windows" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::Noop) - end - - it "resolves to a Noop class when on non-debian linux" do - node.automatic[:os] = "linux" - node.automatic[:platform_family] = "gentoo" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::Noop) - end - - it "resolves to a AptUpdate class when on a debian platform_family" do - node.automatic[:os] = "linux" - node.automatic[:platform_family] = "debian" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::AptPreference) - end end diff --git a/spec/unit/resource/apt_repository_spec.rb b/spec/unit/resource/apt_repository_spec.rb index 5b88d130f1..dd039c4a58 100644 --- a/spec/unit/resource/apt_repository_spec.rb +++ b/spec/unit/resource/apt_repository_spec.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: 2016-2017, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -71,22 +71,4 @@ describe Chef::Resource::AptRepository do it "fails if the user provides a repo_name with a forward slash" do expect { resource.repo_name "foo/bar" }.to raise_error(ArgumentError) end - - it "resolves to a Noop class when on non-linux OS" do - node.automatic[:os] = "windows" - node.automatic[:platform_family] = "windows" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::Noop) - end - - it "resolves to a Noop class when on non-debian linux" do - node.automatic[:os] = "linux" - node.automatic[:platform_family] = "gentoo" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::Noop) - end - - it "resolves to a AptUpdate class when on a debian platform_family" do - node.automatic[:os] = "linux" - node.automatic[:platform_family] = "debian" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::AptRepository) - end end diff --git a/spec/unit/resource/apt_update_spec.rb b/spec/unit/resource/apt_update_spec.rb index d3a3c2d456..540a4372b4 100644 --- a/spec/unit/resource/apt_update_spec.rb +++ b/spec/unit/resource/apt_update_spec.rb @@ -1,6 +1,6 @@ # # Author:: Thom May (<thom@chef.io>) -# Copyright:: 2016-2017, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -41,22 +41,4 @@ describe Chef::Resource::AptUpdate do resource.frequency(400) expect(resource.frequency).to eql(400) end - - it "resolves to a Noop class when on non-linux OS" do - node.automatic[:os] = "windows" - node.automatic[:platform_family] = "windows" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::Noop) - end - - it "resolves to a Noop class when on non-debian linux" do - node.automatic[:os] = "linux" - node.automatic[:platform_family] = "gentoo" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::Noop) - end - - it "resolves to a AptUpdate class when on a debian platform_family" do - node.automatic[:os] = "linux" - node.automatic[:platform_family] = "debian" - expect(resource.provider_for_action(:add)).to be_a(Chef::Provider::AptUpdate) - end end diff --git a/spec/unit/resource/chef_vault_secret_spec.rb b/spec/unit/resource/chef_vault_secret_spec.rb new file mode 100644 index 0000000000..79b3bf8996 --- /dev/null +++ b/spec/unit/resource/chef_vault_secret_spec.rb @@ -0,0 +1,40 @@ +# +# Copyright:: 2020, Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::ChefVaultSecret do + let(:resource) { Chef::Resource::ChefVaultSecret.new("foo") } + + it "has a resource name of :chef_vault_secret" do + expect(resource.resource_name).to eql(:chef_vault_secret) + end + + it "sets the default action as :create" do + expect(resource.action).to eql([:create]) + end + + it "id is the name property" do + expect(resource.id).to eql("foo") + end + + it "supports :create, :create_if_missing, and :delete actions" do + expect { resource.action :create }.not_to raise_error + expect { resource.action :create_if_missing }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end +end diff --git a/spec/unit/resource/execute_spec.rb b/spec/unit/resource/execute_spec.rb index 9bd434b74a..868916a0f1 100644 --- a/spec/unit/resource/execute_spec.rb +++ b/spec/unit/resource/execute_spec.rb @@ -109,7 +109,7 @@ describe Chef::Resource::Execute do shared_examples_for "a consumer of the Execute resource" do context "when running on Windows" do before do - allow(resource).to receive(:node).and_return({ platform_family: "windows" }) + allow(resource).to receive(:windows?).and_return(true) end context "when no user, domain, or password is specified" do diff --git a/spec/unit/resource/link_spec.rb b/spec/unit/resource/link_spec.rb index ae32e4aa30..792305ee55 100644 --- a/spec/unit/resource/link_spec.rb +++ b/spec/unit/resource/link_spec.rb @@ -1,7 +1,7 @@ # # Author:: Adam Jacob (<adam@chef.io>) # Author:: Tyler Cloke (<tyler@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,10 +22,6 @@ require "spec_helper" describe Chef::Resource::Link do let(:resource) { Chef::Resource::Link.new("fakey_fakerton") } - before(:each) do - expect_any_instance_of(Chef::Resource::Link).to receive(:verify_links_supported!).and_return(true) - end - it "the target_file property is the name_property" do expect(resource.target_file).to eql("fakey_fakerton") end diff --git a/spec/unit/resource/notify_group_spec.rb b/spec/unit/resource/notify_group_spec.rb new file mode 100644 index 0000000000..9f43c230ac --- /dev/null +++ b/spec/unit/resource/notify_group_spec.rb @@ -0,0 +1,34 @@ +# +# Copyright:: 2019-2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::NotifyGroup do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::NotifyGroup.new("whatever", run_context) } + + it "sets the default action as :run" do + expect(resource.action).to eql([:nothing]) + end + + it "is always updated" do + resource.run_action(:run) + expect(resource.updated_by_last_action?).to be true + end +end diff --git a/spec/unit/resource/powershell_script_spec.rb b/spec/unit/resource/powershell_script_spec.rb index 5566f32725..ce6b8ecea4 100644 --- a/spec/unit/resource/powershell_script_spec.rb +++ b/spec/unit/resource/powershell_script_spec.rb @@ -47,11 +47,6 @@ describe Chef::Resource::PowershellScript do expect(@resource.convert_boolean_return).to eq(false) end - it "raises an error when architecture is i386 on Windows Nano Server" do - allow(Chef::Platform).to receive(:windows_nano_server?).and_return(true) - expect { @resource.architecture(:i386) }.to raise_error(Chef::Exceptions::Win32ArchitectureIncorrect, "cannot execute script with requested architecture 'i386' on Windows Nano Server") - end - context "when using guards" do let(:resource) { @resource } before(:each) do diff --git a/spec/unit/resource/sysctl_spec.rb b/spec/unit/resource/sysctl_spec.rb index ba4b23f098..5d978d3b38 100644 --- a/spec/unit/resource/sysctl_spec.rb +++ b/spec/unit/resource/sysctl_spec.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018, Chef Software, Inc. +# Copyright:: Copyright 2018-2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,6 +19,7 @@ require "spec_helper" describe Chef::Resource::Sysctl do let(:resource) { Chef::Resource::Sysctl.new("fakey_fakerton") } + let(:provider) { resource.provider_for_action(:create) } it "sets resource name as :sysctl" do expect(resource.resource_name).to eql(:sysctl) @@ -51,4 +52,25 @@ describe Chef::Resource::Sysctl do resource.value 1.1 expect(resource.value).to eql("1.1") end + + context "#contruct_sysctl_content" do + before do + resource.key("foo") + resource.value("bar") + end + + context "when comment is a String" do + it "Returns content for use with a file resource" do + resource.comment("This sets foo / bar on our system") + expect(provider.contruct_sysctl_content).to eql("# This sets foo / bar on our system\nfoo = bar") + end + end + + context "when comment is an Array" do + it "Returns content for use with a file resource" do + resource.comment(["This sets foo / bar on our system", "We need for baz"]) + expect(provider.contruct_sysctl_content).to eql("# This sets foo / bar on our system\n# We need for baz\nfoo = bar") + end + end + end end diff --git a/spec/unit/resource/user_spec.rb b/spec/unit/resource/user_spec.rb index 08d1636643..138b67028a 100644 --- a/spec/unit/resource/user_spec.rb +++ b/spec/unit/resource/user_spec.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2019, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,8 +21,8 @@ require "spec_helper" describe Chef::Resource::User, "initialize" do let(:resource) { Chef::Resource::User.new("notarealuser") } - it "sets the resource_name to :user_resource_abstract_base_class" do - expect(resource.resource_name).to eql(:user_resource_abstract_base_class) + it "sets the resource_name to nil" do + expect(resource.resource_name).to eql(nil) end it "username property is the name property" do diff --git a/spec/unit/resource/user_ulimit_spec.rb b/spec/unit/resource/user_ulimit_spec.rb new file mode 100644 index 0000000000..f4f101950f --- /dev/null +++ b/spec/unit/resource/user_ulimit_spec.rb @@ -0,0 +1,53 @@ +# +# Author:: Tim Smith (<tsmith@chef.io>) +# Copyright:: 2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::UserUlimit do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::UserUlimit.new("fakey_fakerton", run_context) } + + it "the username property is the name_property" do + expect(resource.username).to eql("fakey_fakerton") + end + + it "sets the default action as :create" do + expect(resource.action).to eql([:create]) + end + + it "coerces filename value to end in .conf" do + resource.filename("foo") + expect(resource.filename).to eql("foo.conf") + end + + it "if username is * then the filename defaults to 00_all_limits.conf" do + resource.username("*") + expect(resource.filename).to eql("00_all_limits.conf") + end + + it "if username is NOT * then the filename defaults to USERNAME_limits.conf" do + expect(resource.filename).to eql("fakey_fakerton_limits.conf") + end + + it "supports :create and :delete actions" do + expect { resource.action :create }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end +end diff --git a/spec/unit/resource/windows_feature_dism_spec.rb b/spec/unit/resource/windows_feature_dism_spec.rb index 87d99ecbaf..bc6ca3adeb 100644 --- a/spec/unit/resource/windows_feature_dism_spec.rb +++ b/spec/unit/resource/windows_feature_dism_spec.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018, Chef Software, Inc. +# Copyright:: Copyright 2018-2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,6 @@ describe Chef::Resource::WindowsFeatureDism do end it "the feature_name property is the name_property" do - node.automatic[:platform_version] = "6.2.9200" expect(resource.feature_name).to eql(%w{snmp dhcp}) end @@ -46,27 +45,13 @@ describe Chef::Resource::WindowsFeatureDism do expect { resource.action :remove }.not_to raise_error end - it "coerces comma separated lists of features to a lowercase array on 2012+" do - node.automatic[:platform_version] = "6.2.9200" + it "coerces comma separated lists of features to a lowercase array" do resource.feature_name "SNMP, DHCP" expect(resource.feature_name).to eql(%w{snmp dhcp}) end - it "coerces a single feature as a String to a lowercase array on 2012+" do - node.automatic[:platform_version] = "6.2.9200" + it "coerces a single feature as a String to a lowercase array" do resource.feature_name "SNMP" expect(resource.feature_name).to eql(["snmp"]) end - - it "coerces comma separated lists of features to an array, but preserves case on < 2012" do - node.automatic[:platform_version] = "6.1.7601" - resource.feature_name "SNMP, DHCP" - expect(resource.feature_name).to eql(%w{SNMP DHCP}) - end - - it "coerces a single feature as a String to an array, but preserves case on < 2012" do - node.automatic[:platform_version] = "6.1.7601" - resource.feature_name "SNMP" - expect(resource.feature_name).to eql(["SNMP"]) - end end diff --git a/spec/unit/resource/windows_feature_powershell_spec.rb b/spec/unit/resource/windows_feature_powershell_spec.rb index 3dc1604361..2d199ea809 100644 --- a/spec/unit/resource/windows_feature_powershell_spec.rb +++ b/spec/unit/resource/windows_feature_powershell_spec.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2018, Chef Software, Inc. +# Copyright:: Copyright 2018-2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,6 @@ describe Chef::Resource::WindowsFeaturePowershell do end it "the feature_name property is the name_property" do - node.automatic[:platform_version] = "6.2.9200" expect(resource.feature_name).to eql(%w{snmp dhcp}) end @@ -46,27 +45,13 @@ describe Chef::Resource::WindowsFeaturePowershell do expect { resource.action :remove }.not_to raise_error end - it "coerces comma separated lists of features to a lowercase array on 2012+" do - node.automatic[:platform_version] = "6.2.9200" + it "coerces comma separated lists of features to a lowercase array" do resource.feature_name "SNMP, DHCP" expect(resource.feature_name).to eql(%w{snmp dhcp}) end - it "coerces a single feature as a String to a lowercase array on 2012+" do - node.automatic[:platform_version] = "6.2.9200" + it "coerces a single feature as a String to a lowercase array" do resource.feature_name "SNMP" expect(resource.feature_name).to eql(["snmp"]) end - - it "coerces comma separated lists of features to an array, but preserves case on < 2012" do - node.automatic[:platform_version] = "6.1.7601" - resource.feature_name "SNMP, DHCP" - expect(resource.feature_name).to eql(%w{SNMP DHCP}) - end - - it "coerces a single feature as a String to an array, but preserves case on < 2012" do - node.automatic[:platform_version] = "6.1.7601" - resource.feature_name "SNMP" - expect(resource.feature_name).to eql(["SNMP"]) - end end diff --git a/spec/unit/resource/windows_firewall_rule_spec.rb b/spec/unit/resource/windows_firewall_rule_spec.rb index 2e35fa18e1..71bcb260e6 100644 --- a/spec/unit/resource/windows_firewall_rule_spec.rb +++ b/spec/unit/resource/windows_firewall_rule_spec.rb @@ -19,7 +19,7 @@ require "spec_helper" describe Chef::Resource::WindowsFirewallRule do let(:resource) { Chef::Resource::WindowsFirewallRule.new("rule") } - let(:provider) { resource.provider_for_action(:enable) } + let(:provider) { resource.provider_for_action(:create) } it "has a resource name of :windows_firewall_rule" do expect(resource.resource_name).to eql(:windows_firewall_rule) diff --git a/spec/unit/resource/windows_package_spec.rb b/spec/unit/resource/windows_package_spec.rb index 7a513b020a..af38942877 100644 --- a/spec/unit/resource/windows_package_spec.rb +++ b/spec/unit/resource/windows_package_spec.rb @@ -1,6 +1,6 @@ # # Author:: Bryan McLellan <btm@loftninjas.org> -# Copyright:: Copyright 2014-2016, Chef Software, Inc. +# Copyright:: Copyright 2014-2020, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -51,9 +51,14 @@ describe Chef::Resource::WindowsPackage, "initialize" do expect { resource.action :upgrade }.not_to raise_error end - it "supports setting installer_type as a symbol" do - resource.installer_type(:msi) - expect(resource.installer_type).to eql(:msi) + it "supports setting installer_type to :custom :inno :installshield :msi :nsis or :wise only" do + expect { resource.installer_type :custom }.not_to raise_error + expect { resource.installer_type :inno }.not_to raise_error + expect { resource.installer_type :installshield }.not_to raise_error + expect { resource.installer_type :msi }.not_to raise_error + expect { resource.installer_type :nsis }.not_to raise_error + expect { resource.installer_type :wise }.not_to raise_error + expect { resource.installer_type "msi" }.to raise_error(Chef::Exceptions::ValidationFailed) end # String, Integer @@ -72,7 +77,7 @@ describe Chef::Resource::WindowsPackage, "initialize" do end end - it "coverts a source to an absolute path" do + it "converts a source to an absolute path" do allow(::File).to receive(:absolute_path).and_return("c:\\files\\frost.msi") resource.source("frost.msi") expect(resource.source).to eql "c:\\files\\frost.msi" @@ -84,13 +89,17 @@ describe Chef::Resource::WindowsPackage, "initialize" do expect(resource.source).to eql "c:\\frost.msi" end + it "defaults returns to [0, 3010]" do + expect(resource.returns).to eq([0, 3010]) + end + it "defaults source to the resource name" do # it's a little late to stub out File.absolute_path expect(resource.source).to include("solitaire.msi") end - it "supports the checksum property" do - resource.checksum("somechecksum") + it "lowercases values provided in the checksum property" do + resource.checksum("SOMECHECKSUM") expect(resource.checksum).to eq("somechecksum") end diff --git a/spec/unit/resource_reporter_spec.rb b/spec/unit/resource_reporter_spec.rb index 1d7fd7fc79..775b14ef19 100644 --- a/spec/unit/resource_reporter_spec.rb +++ b/spec/unit/resource_reporter_spec.rb @@ -19,7 +19,7 @@ # limitations under the License. # -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/resource_reporter" require "socket" diff --git a/spec/unit/resource_spec.rb b/spec/unit/resource_spec.rb index 6745dd448d..d6b67e6f2e 100644 --- a/spec/unit/resource_spec.rb +++ b/spec/unit/resource_spec.rb @@ -3,7 +3,7 @@ # Author:: Christopher Walters (<cw@chef.io>) # Author:: Tim Hinderliter (<tim@chef.io>) # Author:: Seth Chisamore (<schisamo@chef.io>) -# Copyright:: Copyright 2008-2018, Chef Software Inc. +# Copyright:: Copyright 2008-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -910,13 +910,20 @@ describe Chef::Resource do klz.provides :energy, platform: %w{autobots decepticons} end - it "adds mappings for all platforms" do + it "adds mappings for all platforms", ruby: "< 2.7" do expect(Chef.resource_handler_map).to receive(:set).with( :tape_deck, Chef::Resource::Klz, {} ) klz.provides :tape_deck end + it "adds mappings for all platforms", ruby: ">= 2.7" do + expect(Chef.resource_handler_map).to receive(:set).with( + :tape_deck, Chef::Resource::Klz + ) + klz.provides :tape_deck + end + end describe "resource_for_node" do @@ -1188,8 +1195,8 @@ describe Chef::Resource do end it "does not affect provides by default" do - expect(Chef.resource_handler_map).to receive(:set).with(:test_resource, klass, { canonical: true }) - klass.resource_name(:test_resource) + expect(Chef.resource_handler_map).to receive(:set).with(:test_resource, klass, any_args) + klass.provides(:test_resource) end end diff --git a/spec/unit/run_lock_spec.rb b/spec/unit/run_lock_spec.rb index 350a0b2c66..1c185e1603 100644 --- a/spec/unit/run_lock_spec.rb +++ b/spec/unit/run_lock_spec.rb @@ -15,7 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/client" describe Chef::RunLock do diff --git a/spec/unit/scan_access_control_spec.rb b/spec/unit/scan_access_control_spec.rb index ec3c088b48..fda3534407 100644 --- a/spec/unit/scan_access_control_spec.rb +++ b/spec/unit/scan_access_control_spec.rb @@ -15,7 +15,7 @@ # limitations under the License. # -require File.expand_path("../../spec_helper", __FILE__) +require_relative "../spec_helper" require "chef/scan_access_control" describe Chef::ScanAccessControl do diff --git a/spec/unit/search/query_spec.rb b/spec/unit/search/query_spec.rb index 83f988911c..4fbe599d32 100644 --- a/spec/unit/search/query_spec.rb +++ b/spec/unit/search/query_spec.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2009-2017, Chef Software Inc. +# Copyright:: Copyright 2009-2020, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -195,7 +195,7 @@ describe Chef::Search::Query do it "throws an exception if you pass an incorrect option" do expect { query.search(:node, "platform:rhel", total: 10) } - .to raise_error(ArgumentError, /unknown keyword: total/) + .to raise_error(ArgumentError, /unknown keyword: :?total/) end it "returns the raw rows, start, and total if no block is passed" do @@ -233,13 +233,20 @@ describe Chef::Search::Query do end end - it "fuzzifies node searches when fuzz is set" do + it "fuzzifies node searches when fuzz is set and type is a symbol" do expect(rest).to receive(:get).with( "search/node?q=tags:*free.messi*%20OR%20roles:*free.messi*%20OR%20fqdn:*free.messi*%20OR%20addresses:*free.messi*%20OR%20policy_name:*free.messi*%20OR%20policy_group:*free.messi*&start=0&rows=#{default_rows}" ).and_return(response) query.search(:node, "free.messi", fuzz: true) end + it "fuzzifies node searches when fuzz is set and type is a string" do + expect(rest).to receive(:get).with( + "search/node?q=tags:*free.messi*%20OR%20roles:*free.messi*%20OR%20fqdn:*free.messi*%20OR%20addresses:*free.messi*%20OR%20policy_name:*free.messi*%20OR%20policy_group:*free.messi*&start=0&rows=#{default_rows}" + ).and_return(response) + query.search("node", "free.messi", fuzz: true) + end + it "does not fuzzify node searches when fuzz is not set" do expect(rest).to receive(:get).with( "search/node?q=free.messi&start=0&rows=#{default_rows}" diff --git a/spec/unit/util/selinux_spec.rb b/spec/unit/util/selinux_spec.rb index 18774aee2c..55d909dae4 100644 --- a/spec/unit/util/selinux_spec.rb +++ b/spec/unit/util/selinux_spec.rb @@ -39,7 +39,7 @@ describe Chef::Util::Selinux do end it "each part of ENV['PATH'] should be checked" do - expected_paths = ENV["PATH"].split(File::PATH_SEPARATOR) + [ "/bin", "/usr/bin", "/sbin", "/usr/sbin" ] + expected_paths = ENV["PATH"].split(File::PATH_SEPARATOR) + %w{/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin} expected_paths.uniq.each do |bin_path| selinux_path = File.join(bin_path, "selinuxenabled") diff --git a/tasks/bin/run_external_test b/tasks/bin/run_external_test index 90cf9e2e0c..889c5bbb15 100755 --- a/tasks/bin/run_external_test +++ b/tasks/bin/run_external_test @@ -21,7 +21,7 @@ build_dir = Dir.pwd env = { "GEMFILE_MOD" => "gem 'chef', path: '#{build_dir}'; " \ - "gem 'ohai', git: 'https://github.com/chef/ohai.git'", + "gem 'ohai', git: 'https://github.com/chef/ohai.git', branch: 'master'", "CHEF_LICENSE" => "accept-no-persist", } diff --git a/tasks/docs.rb b/tasks/docs.rb index 643eaee7a6..c347445c2e 100755 --- a/tasks/docs.rb +++ b/tasks/docs.rb @@ -26,7 +26,7 @@ namespace :docs_site do if default.is_a?(String) # .inspect wraps the value in quotes which we want for strings, but not sentences or symbols as strings - return default.inspect unless default[0] == ":" || default.end_with?('.') + return default.inspect unless default[0] == ":" || default.end_with?(".") end default end diff --git a/tasks/rspec.rb b/tasks/rspec.rb index 3906228416..1971789836 100644 --- a/tasks/rspec.rb +++ b/tasks/rspec.rb @@ -82,6 +82,7 @@ begin %i{unit functional integration stress}.each do |sub| desc "Run the specs under spec/#{sub}" RSpec::Core::RakeTask.new(sub) do |t| + t.verbose = false t.rspec_opts = %w{--profile} t.pattern = FileList["spec/#{sub}/**/*_spec.rb"] end |