Adding in the license-acceptance flow

This adds a new feature to chef-client where users must accept the
EULA before using the product. Users can accept the license by
passing '--chef-license accept', setting ENV[CHEF_LICENSE]=accept or by
running 'chef-client' and following the interactive prompt.

Signed-off-by: tyler-ball <tball@chef.io>

16 files changed, 65 insertions, 10 deletions

diff --git a/.travis.yml b/.travis.yml
index 18a12e654d..ed538216f7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -30,6 +30,7 @@ branches:
 env:
   global:
     - FORCE_FFI_YAJL=ext
+    - CHEF_LICENSE=accept-no-persist
 
 matrix:
   include:
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index b0913a2a2f..531a8d42de 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -6,6 +6,19 @@ Chef 15 release notes will be added here as development progresses.
 
 ## New Features / Functionality
 
+### Chef EULA
+
+Chef Client requires a EULA to be accepted by users before it can run. Users can accept the EULA in a variety of ways:
+
+`chef-client --chef-license accept`
+`chef-client --chef-license accept-no-persist`
+`CHEF_LICENSE=accept chef-client`
+`CHEF_LICENSE=accept-no-persist chef-client`
+
+Finally, if users run `chef-client` without any of these options they will receive an interactive prompt asking for
+license acceptance. If the license is accepted a marker file will be written to the filesystem (unless `no-persist` is
+specified). Once this file is persisted users no longer need to set any of these flags.
+
 ### Allow Using --delete-entire-chef-repo in Chef Local Mode
 
 ### Data Collection Ground-Up Refactor
diff --git a/appveyor.yml b/appveyor.yml
index 15ab998c80..6ab90e3c2d 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -45,6 +45,7 @@ install:
   - bundle config --local path vendor/bundle # use the cache we define above
   - bundle install || bundle install || bundle install
   - SET SPEC_OPTS=--format progress
+  - SET CHEF_LICENSE=accept-no-persist
 
 build: off
 
diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile
index d699452ebe..df9f0427e6 100644
--- a/kitchen-tests/Berksfile
+++ b/kitchen-tests/Berksfile
@@ -2,3 +2,4 @@ source "https://supermarket.chef.io"
 
 cookbook "end_to_end", path: "cookbooks/end_to_end"
 cookbook "rspec", path: "cookbooks/rspec"
+cookbook "chef-client", git: "https://github.com/tyler-ball/chef-client.git", branch: "chef_license_accept"
diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile
index c2437a307b..a8d064fb80 100644
--- a/kitchen-tests/Gemfile
+++ b/kitchen-tests/Gemfile
@@ -7,4 +7,4 @@ gem "berkshelf", git: "https://github.com/berkshelf/berkshelf.git", branch: "mas
 gem "kitchen-dokken", "~> 2.0"
 gem "kitchen-inspec", git: "https://github.com/chef/kitchen-inspec.git", branch: "master"
 gem "inspec", git: "https://github.com/inspec/inspec.git", branch: "master" # this goes away when we ship inspec 4
-gem "test-kitchen", git: "https://github.com/test-kitchen/test-kitchen.git", branch: "master"
+gem "test-kitchen", git: "https://github.com/test-kitchen/test-kitchen.git", branch: "chef_license_accept"
diff --git a/kitchen-tests/cookbooks/end_to_end/Berksfile b/kitchen-tests/cookbooks/end_to_end/Berksfile
deleted file mode 100644
index 967b9a78b6..0000000000
--- a/kitchen-tests/cookbooks/end_to_end/Berksfile
+++ /dev/null
@@ -1,3 +0,0 @@
-source "https://supermarket.chef.io"
-
-metadata
diff --git a/kitchen-tests/cookbooks/end_to_end/attributes/default.rb b/kitchen-tests/cookbooks/end_to_end/attributes/default.rb
index 5e8cee6736..b8ac7f8119 100644
--- a/kitchen-tests/cookbooks/end_to_end/attributes/default.rb
+++ b/kitchen-tests/cookbooks/end_to_end/attributes/default.rb
@@ -62,6 +62,8 @@ default["chef_client"]["splay"] = 1800
 # only log what we change
 default["chef_client"]["config"]["verbose_logging"] = false
 
+default["chef_client"]["chef_license"] = "accept-no-persist"
+
 #
 # resolver cookbook overrides
 #
diff --git a/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec b/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec
index 54c4297479..4a1eb54b48 100644
--- a/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec
+++ b/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec
@@ -8,4 +8,5 @@ export PATH=/opt/chef/embedded/bin:$PATH
 cd /opt/chef/embedded/apps/chef
 
 /opt/chef/embedded/bin/bundle install
+export CHEF_LICENSE=accept-no-persist
 /opt/chef/embedded/bin/bundle exec /opt/chef/embedded/bin/rspec --format progress
diff --git a/kitchen-tests/kitchen.yml b/kitchen-tests/kitchen.yml
index 5fe3b8540f..0b4b1964fc 100644
--- a/kitchen-tests/kitchen.yml
+++ b/kitchen-tests/kitchen.yml
@@ -12,6 +12,7 @@ provisioner:
   name: dokken
   client_rb:
     diff_disabled: true
+  chef_license: "accept-no-persist"
 
 lifecycle:
   pre_converge:
diff --git a/lib/chef/application.rb b/lib/chef/application.rb
index 549d8b4482..d5b0847f11 100644
--- a/lib/chef/application.rb
+++ b/lib/chef/application.rb
@@ -29,6 +29,7 @@ require "tmpdir"
 require "rbconfig"
 require "chef/application/exit_code"
 require "chef/dist"
+require "license_acceptance/acceptor"
 
 class Chef
   class Application
@@ -64,6 +65,7 @@ class Chef
       setup_signal_handlers
       reconfigure
       setup_application
+      check_license_acceptance
       run_application
     end
 
@@ -248,6 +250,10 @@ class Chef
       raise Chef::Exceptions::Application, "#{self}: you must override setup_application"
     end
 
+    def check_license_acceptance
+      LicenseAcceptance::Acceptor.check_and_persist!("chef-client", Chef::VERSION.to_s, logger: logger)
+    end
+
     # Actually run the application
     def run_application
       raise Chef::Exceptions::Application, "#{self}: you must override run_application"
diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb
index 390acfba04..31932b812c 100644
--- a/lib/chef/application/client.rb
+++ b/lib/chef/application/client.rb
@@ -30,10 +30,12 @@ require "chef-config/mixin/dot_d"
 require "mixlib/archive"
 require "uri"
 require "chef/dist"
+require "license_acceptance/cli_flags/mixlib_cli"
 
 class Chef::Application::Client < Chef::Application
   include Chef::Mixin::ShellOut
   include ChefConfig::Mixin::DotD
+  include LicenseAcceptance::CLIFlags::MixlibCLI
 
   # Mimic self_pipe sleep from Unicorn to capture signals safely
   SELF_PIPE = [] # rubocop:disable Style/MutableConstant
@@ -220,6 +222,7 @@ class Chef::Application::Client < Chef::Application
         Chef::RunList::RunListItem.new(item)
       end
     }
+
   option :why_run,
     short: "-W",
     long: "--why-run",
diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb
index 52d447891f..cc4e66c52f 100644
--- a/lib/chef/application/knife.rb
+++ b/lib/chef/application/knife.rb
@@ -21,8 +21,10 @@ require "mixlib/log"
 require "ohai/config"
 require "chef/monkey_patches/net_http.rb"
 require "chef/dist"
+require "license_acceptance/cli_flags/mixlib_cli"
 
 class Chef::Application::Knife < Chef::Application
+  include LicenseAcceptance::CLIFlags::MixlibCLI
 
   NO_COMMAND_GIVEN = "You need to pass a sub-command (e.g., knife SUB-COMMAND)\n".freeze
 
@@ -159,6 +161,7 @@ class Chef::Application::Knife < Chef::Application
     Mixlib::Log::Formatter.show_time = false
     validate_and_parse_options
     quiet_traps
+    check_license_acceptance
     Chef::Knife.run(ARGV, options)
     exit 0
   end
diff --git a/spec/integration/client/client_spec.rb b/spec/integration/client/client_spec.rb
index cde25662c1..23f262ad02 100644
--- a/spec/integration/client/client_spec.rb
+++ b/spec/integration/client/client_spec.rb
@@ -60,6 +60,24 @@ describe "chef-client" do
       shell_out!("#{chef_client} -c \"#{path_to('config/client.rb')}\" -o 'x::default'", cwd: chef_dir)
     end
 
+    it "should complete successfully with no other environment variables", skip: (Chef::Platform.windows?) do
+      file "config/client.rb", <<~EOM
+        local_mode true
+        cookbook_path "#{path_to('cookbooks')}"
+        # One environment variable we DO need to prevent hanging
+        ENV["CHEF_LICENSE"] = "accept-no-persist"
+      EOM
+
+      begin
+        result = shell_out("env -i #{critical_env_vars} #{chef_client} -c \"#{path_to('config/client.rb')}\" -o 'x::default'", cwd: chef_dir)
+        result.error!
+      rescue
+        Chef::Log.info "Bare invocation will have the following load-path."
+        Chef::Log.info shell_out!("env -i #{critical_env_vars} ruby -e 'puts $:'").stdout
+        raise
+      end
+    end
+
     it "should complete successfully with --no-listen" do
       file "config/client.rb", <<~EOM
         local_mode true
diff --git a/spec/unit/application/knife_spec.rb b/spec/unit/application/knife_spec.rb
index 8a574b4d0f..f5ede6318b 100644
--- a/spec/unit/application/knife_spec.rb
+++ b/spec/unit/application/knife_spec.rb
@@ -45,6 +45,7 @@ describe Chef::Application::Knife do
     @knife = Chef::Application::Knife.new
     allow(@knife).to receive(:puts)
     allow(@knife).to receive(:trap)
+    allow(@knife).to receive(:check_license_acceptance)
     allow(Chef::Knife).to receive(:list_commands)
   end
 
@@ -65,6 +66,7 @@ describe Chef::Application::Knife do
     with_argv(*%w{noop knife command with some args}) do
       knife = double(Chef::Knife)
       expect(Chef::Knife).to receive(:run).with(ARGV, @knife.options).and_return(knife)
+      expect(@knife).to receive(:check_license_acceptance)
       expect(@knife).to receive(:exit).with(0)
       @knife.run
     end
@@ -75,11 +77,7 @@ describe Chef::Application::Knife do
       expect(@knife).to receive(:exit).with(0)
       @knife.run
     end
-    if windows?
-      expect(Chef::Config[:color]).to be_truthy
-    else
-      expect(Chef::Config[:color]).to be_truthy
-    end
+    expect(Chef::Config[:color]).to be_truthy
   end
 
   context "when given fips flags" do
diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb
index e76e21bddc..ca8397f5d7 100644
--- a/spec/unit/application_spec.rb
+++ b/spec/unit/application_spec.rb
@@ -72,6 +72,7 @@ describe Chef::Application do
       describe "run" do
         before do
           allow(@app).to receive(:setup_application).and_return(true)
+          allow(@app).to receive(:check_license_acceptance)
           allow(@app).to receive(:run_application).and_return(true)
           allow(@app).to receive(:configure_chef).and_return(true)
           allow(@app).to receive(:configure_logging).and_return(true)
@@ -87,6 +88,11 @@ describe Chef::Application do
           @app.run
         end
 
+        it "should check the license acceptance" do
+          expect(@app).to receive(:check_license_acceptance)
+          @app.run
+        end
+
         it "should run the actual application" do
           expect(@app).to receive(:run_application).and_return(true)
           @app.run
diff --git a/tasks/bin/run_external_test b/tasks/bin/run_external_test
index 5f1ac8f210..04fe5343ba 100755
--- a/tasks/bin/run_external_test
+++ b/tasks/bin/run_external_test
@@ -13,7 +13,11 @@ git_thing = ARGV.shift
 
 build_dir = File.expand_path(ENV["TRAVIS_BUILD_DIR"] || Dir.pwd)
 
-env = { "GEMFILE_MOD" => "gem 'chef', path: '#{build_dir}'; gem 'ohai', git: 'https://github.com/chef/ohai.git', branch: 'master'" }
+env = {
+  "GEMFILE_MOD" => "gem 'chef', path: '#{build_dir}'; " \
+    "gem 'ohai', git: 'https://github.com/chef/ohai.git'",
+  "CHEF_LICENSE" => "accept-no-persist",
+}
 
 Dir.mktmpdir("chef-external-test") do |dir|
   git_url = "https://github.com/#{github_repo}"