diff options
author | Salim Afiune <afiune@chef.io> | 2017-03-09 10:14:50 -0500 |
---|---|---|
committer | Salim Afiune <afiune@chef.io> | 2017-03-09 13:38:05 -0500 |
commit | 3432692a73bb0546a08fe7f16a1b9b5b12af15a6 (patch) | |
tree | d88461c8292a1983dbb5886d9ce3eaeba43b864a | |
parent | 65ebf5f0b704a1b2215da6eb0e1b52788eaef5ca (diff) | |
download | chef-afiune/COOL-617/fix-here-strings-in-bash.tar.gz |
Changed EOP to 'EOP' to avoid content expansionafiune/COOL-617/fix-here-strings-in-bash
[ZD-12489] This change fixes the content expansion of the
bootstrap command in the option `--json-attributes`.
Reference:
https://www.gnu.org/software/bash/manual/html_node/Redirections.html
It might be possible that some users are counting on this expansion
to occur.
Signed-off-by: Salim Afiune <afiune@chef.io>
-rw-r--r-- | lib/chef/knife/bootstrap/templates/chef-full.erb | 12 | ||||
-rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 29 |
2 files changed, 35 insertions, 6 deletions
diff --git a/lib/chef/knife/bootstrap/templates/chef-full.erb b/lib/chef/knife/bootstrap/templates/chef-full.erb index 6007ff9859..145761a39e 100644 --- a/lib/chef/knife/bootstrap/templates/chef-full.erb +++ b/lib/chef/knife/bootstrap/templates/chef-full.erb @@ -182,21 +182,21 @@ fi mkdir -p /etc/chef <% if client_pem -%> -cat > /etc/chef/client.pem <<EOP +cat > /etc/chef/client.pem <<'EOP' <%= ::File.read(::File.expand_path(client_pem)) %> EOP chmod 0600 /etc/chef/client.pem <% end -%> <% if validation_key -%> -cat > /etc/chef/validation.pem <<EOP +cat > /etc/chef/validation.pem <<'EOP' <%= validation_key %> EOP chmod 0600 /etc/chef/validation.pem <% end -%> <% if encrypted_data_bag_secret -%> -cat > /etc/chef/encrypted_data_bag_secret <<EOP +cat > /etc/chef/encrypted_data_bag_secret <<'EOP' <%= encrypted_data_bag_secret %> EOP chmod 0600 /etc/chef/encrypted_data_bag_secret @@ -212,17 +212,17 @@ mkdir -p /etc/chef/trusted_certs mkdir -p /etc/chef/ohai/hints <% @chef_config[:knife][:hints].each do |name, hash| -%> -cat > /etc/chef/ohai/hints/<%= name %>.json <<EOP +cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP' <%= Chef::JSONCompat.to_json(hash) %> EOP <% end -%> <% end -%> -cat > /etc/chef/client.rb <<EOP +cat > /etc/chef/client.rb <<'EOP' <%= config_content %> EOP -cat > /etc/chef/first-boot.json <<EOP +cat > /etc/chef/first-boot.json <<'EOP' <%= Chef::JSONCompat.to_json(first_boot) %> EOP diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index c2f68277c5..4201963b7d 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -48,6 +48,35 @@ describe Chef::Knife::Bootstrap do expect(File.basename(knife.bootstrap_template)).to eq("chef-full") end + context "when using the chef-full default template" do + let(:rendered_template) do + knife.merge_configs + knife.render_template + end + + it "should render client.rb" do + expect(rendered_template).to match("cat > /etc/chef/client.rb <<'EOP'") + expect(rendered_template).to match("chef_server_url \"https://localhost:443\"") + expect(rendered_template).to match("validation_client_name \"chef-validator\"") + expect(rendered_template).to match("log_location STDOUT") + end + + it "should render first-boot.json" do + expect(rendered_template).to match("cat > /etc/chef/first-boot.json <<'EOP'") + expect(rendered_template).to match('{"run_list":\[\]}') + end + + context "and encrypted_data_bag_secret was provided" do + it "should render encrypted_data_bag_secret file" do + expect(knife).to receive(:encryption_secret_provided_ignore_encrypt_flag?).and_return(true) + expect(knife).to receive(:read_secret).and_return("secrets") + expect(rendered_template).to match("cat > /etc/chef/encrypted_data_bag_secret <<'EOP'") + expect(rendered_template).to match('{"run_list":\[\]}') + expect(rendered_template).to match(%r{secrets}) + end + end + end + context "with --bootstrap-vault-item" do let(:bootstrap_cli_options) { [ "--bootstrap-vault-item", "vault1:item1", "--bootstrap-vault-item", "vault1:item2", "--bootstrap-vault-item", "vault2:item1" ] } it "sets the knife config cli option correctly" do |