diff options
author | Milan Stastny <milan@stastnej.ch> | 2021-01-29 10:37:09 +0100 |
---|---|---|
committer | Milan Stastny <milan@stastnej.ch> | 2021-01-29 10:37:09 +0100 |
commit | 56e34ada7002f4956af6a0136e975f8972328567 (patch) | |
tree | 34def1132e7cb1ac24b4e8ef60d68e2ef754fe39 | |
parent | 92fe2761ced132ae59e4bd05131765f0ba891d37 (diff) | |
parent | 9defd339d60615fa5555f412581bd97e5bc3a070 (diff) | |
download | chef-56e34ada7002f4956af6a0136e975f8972328567.tar.gz |
Merge branch 'master' of github.com:chef/chef into compliance_cli_report
-rw-r--r-- | .rubocop.yml | 14 | ||||
-rw-r--r-- | CHANGELOG.md | 14 | ||||
-rw-r--r-- | Gemfile.lock | 55 | ||||
-rw-r--r-- | RELEASE_NOTES.md | 25 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | chef-bin/lib/chef-bin/version.rb | 2 | ||||
-rw-r--r-- | chef-config/lib/chef-config/version.rb | 2 | ||||
-rw-r--r-- | chef-utils/lib/chef-utils/version.rb | 2 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 58 | ||||
-rw-r--r-- | lib/chef/resource/systemd_unit.rb | 4 | ||||
-rw-r--r-- | lib/chef/version.rb | 2 | ||||
-rw-r--r-- | omnibus/Gemfile.lock | 8 | ||||
-rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 45 |
13 files changed, 186 insertions, 47 deletions
diff --git a/.rubocop.yml b/.rubocop.yml index a02da9fa32..9bc06a66be 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -27,6 +27,20 @@ Lint/InterpolationCheck: Exclude: - 'spec/unit/property_spec.rb' - 'spec/functional/shell_spec.rb' +Lint/DeprecatedConstants: + Enabled: true + Exclude: + - lib/chef/node/attribute.rb # false alarms + + +# This cop shouldn't alert on the helper / specs itself +Chef/Ruby/LegacyPowershellOutMethods: + Exclude: + - 'lib/chef/mixin/powershell_out.rb' + - 'spec/functional/mixin/powershell_out_spec.rb' + - 'spec/unit/mixin/powershell_out_spec.rb' + - 'lib/chef/resource/windows_feature_powershell.rb' # https://github.com/chef/chef/issues/10927 + - 'lib/chef/provider/package/powershell.rb' # https://github.com/chef/chef/issues/10926 # set additional paths Chef/Ruby/UnlessDefinedRequire: diff --git a/CHANGELOG.md b/CHANGELOG.md index ddc262a2f3..e9ef54fc9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,17 +1,25 @@ <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ --> This changelog lists individual merged pull requests to Chef Infra Client and geared towards developers. For a list of significant changes per release see the [Chef Infra Client Release Notes](https://docs.chef.io/release_notes_client/). -<!-- latest_release 17.0.58 --> -## [v17.0.58](https://github.com/chef/chef/tree/v17.0.58) (2021-01-26) +<!-- latest_release 17.0.66 --> +## [v17.0.66](https://github.com/chef/chef/tree/v17.0.66) (2021-01-27) #### Merged Pull Requests -- Fix an interpolation mistake in an error message + turn on the cop [#10935](https://github.com/chef/chef/pull/10935) ([tas50](https://github.com/tas50)) +- Add 16.9.32 release notes [#10949](https://github.com/chef/chef/pull/10949) ([tas50](https://github.com/tas50)) <!-- latest_release --> <!-- release_rollup since=16.8.14 --> ### Changes not yet released to stable #### Merged Pull Requests +- Add 16.9.32 release notes [#10949](https://github.com/chef/chef/pull/10949) ([tas50](https://github.com/tas50)) <!-- 17.0.66 --> +- Bump inspec-core-bin to 4.26.4 [#10946](https://github.com/chef/chef/pull/10946) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 17.0.65 --> +- Update systemd_unit.rb to make Cookstyle compliant [#10937](https://github.com/chef/chef/pull/10937) ([cpressland](https://github.com/cpressland)) <!-- 17.0.64 --> +- Bump train-core to 3.4.9 [#10945](https://github.com/chef/chef/pull/10945) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 17.0.63 --> +- Bump omnibus from `44f1303` to `65c5931` in /omnibus [#10944](https://github.com/chef/chef/pull/10944) ([dependabot-preview[bot]](https://github.com/dependabot-preview[bot])) <!-- 17.0.62 --> +- handles su - USER session to perform bootstrap [#10410](https://github.com/chef/chef/pull/10410) ([vsingh-msys](https://github.com/vsingh-msys)) <!-- 17.0.61 --> +- Bump train-core to 3.4.8 [#10940](https://github.com/chef/chef/pull/10940) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 17.0.60 --> +- Enable Deprecated Constants Cop [#10936](https://github.com/chef/chef/pull/10936) ([tas50](https://github.com/tas50)) <!-- 17.0.59 --> - Fix an interpolation mistake in an error message + turn on the cop [#10935](https://github.com/chef/chef/pull/10935) ([tas50](https://github.com/tas50)) <!-- 17.0.58 --> - Replace deprecated File.exists? with File.exist? in more places [#10934](https://github.com/chef/chef/pull/10934) ([tas50](https://github.com/tas50)) <!-- 17.0.57 --> - Update Ohai to 17.0.10 [#10931](https://github.com/chef/chef/pull/10931) ([tas50](https://github.com/tas50)) <!-- 17.0.56 --> diff --git a/Gemfile.lock b/Gemfile.lock index 28c441c990..35081ffdd7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,10 @@ GIT remote: https://github.com/chef/chefstyle.git - revision: a226b7d33c2119003dc47839e8c5559a22bf5ab9 + revision: b5cb2d3e4bbcb77fb5c6ed3357e89c670d64682f branch: master specs: - chefstyle (1.5.9) - rubocop (= 1.7.0) + chefstyle (1.6.0) + rubocop (= 1.8.1) GIT remote: https://github.com/chef/ohai.git @@ -28,11 +28,11 @@ GIT PATH remote: . specs: - chef (17.0.58) + chef (17.0.66) addressable bcrypt_pbkdf (= 1.1.0.rc2) - chef-config (= 17.0.58) - chef-utils (= 17.0.58) + chef-config (= 17.0.66) + chef-utils (= 17.0.66) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -64,11 +64,11 @@ PATH tty-screen (~> 0.6) tty-table (~> 0.11) uuidtools (>= 2.1.5, < 3.0) - chef (17.0.58-universal-mingw32) + chef (17.0.66-universal-mingw32) addressable bcrypt_pbkdf (= 1.1.0.rc2) - chef-config (= 17.0.58) - chef-utils (= 17.0.58) + chef-config (= 17.0.66) + chef-utils (= 17.0.66) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -115,15 +115,15 @@ PATH PATH remote: chef-bin specs: - chef-bin (17.0.58) - chef (= 17.0.58) + chef-bin (17.0.66) + chef (= 17.0.66) PATH remote: chef-config specs: - chef-config (17.0.58) + chef-config (17.0.66) addressable - chef-utils (= 17.0.58) + chef-utils (= 17.0.66) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -132,7 +132,7 @@ PATH PATH remote: chef-utils specs: - chef-utils (17.0.58) + chef-utils (17.0.66) GEM remote: https://rubygems.org/ @@ -179,6 +179,8 @@ GEM multipart-post (>= 1.2, < 3) ruby2_keywords faraday-net_http (1.0.1) + faraday_middleware (1.0.0) + faraday (~> 1.0) fauxhai-ng (8.7.0) net-ssh ffi (1.13.1) @@ -200,17 +202,18 @@ GEM highline (2.0.3) httpclient (2.8.3) iniparse (1.5.0) - inspec-core (4.25.1) + inspec-core (4.26.4) addressable (~> 2.4) chef-telemetry (~> 1.0) faraday (>= 0.9.0, < 1.4) + faraday_middleware (~> 1.0) hashie (>= 3.4, < 5.0) license-acceptance (>= 0.2.13, < 3.0) method_source (>= 0.8, < 2.0) mixlib-log (~> 3.0) multipart-post (~> 2.0) parallel (~> 1.9) - parslet (>= 1.5, < 3.0) + parslet (>= 1.5, < 2.0) pry (~> 0.13) rspec (>= 3.9, < 3.11) rspec-its (~> 1.2) @@ -222,8 +225,8 @@ GEM train-core (~> 3.0) tty-prompt (~> 0.17) tty-table (~> 0.10) - inspec-core-bin (4.25.1) - inspec-core (= 4.25.1) + inspec-core-bin (4.26.4) + inspec-core (= 4.26.4) ipaddress (0.8.3) iso8601 (0.13.0) json (2.5.1) @@ -270,7 +273,7 @@ GEM parallel (1.20.1) parser (3.0.0.0) ast (~> 2.4.1) - parslet (2.0.0) + parslet (1.8.2) pastel (0.8.0) tty-color (~> 0.5) plist (3.6.0) @@ -307,22 +310,22 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) rspec-support (3.9.4) - rubocop (1.7.0) + rubocop (1.8.1) parallel (~> 1.10) - parser (>= 2.7.1.5) + parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml rubocop-ast (>= 1.2.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 2.0) + unicode-display_width (>= 1.4.0, < 3.0) rubocop-ast (1.4.1) parser (>= 2.7.1.5) ruby-prof (1.2.0) ruby-progressbar (1.11.0) ruby-shadow (2.5.0) ruby2_keywords (0.0.4) - rubyntlm (0.6.2) + rubyntlm (0.6.3) rubyzip (2.3.0) semverse (3.0.0) sslshake (1.3.1) @@ -335,7 +338,7 @@ GEM syslog-logger (1.6.8) thor (1.1.0) tomlrb (1.3.0) - train-core (3.4.7) + train-core (3.4.9) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) @@ -394,7 +397,7 @@ GEM win32-taskscheduler (2.0.4) ffi structured_warnings - winrm (2.3.5) + winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -402,7 +405,7 @@ GEM httpclient (~> 2.2, >= 2.2.0.2) logging (>= 1.6.1, < 3.0) nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) + rubyntlm (~> 0.6.0, >= 0.6.3) winrm-elevated (1.2.3) erubi (~> 1.8) winrm (~> 2.0) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index bfdca43078..2ed911ebff 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -10,6 +10,31 @@ This section serves to track things we should later document here for 17.0 - gem resource: assume rubygems 1.8+ now: https://github.com/chef/chef/pull/10379 - remove support for RHEL 6 i386 / Ubuntu 16.04 - don't write out node['filesystem2'] data on AIX/Solaris/FreeBSD: https://github.com/chef/ohai/pull/1592 +- Improved performance in systemd_unit resource - https://github.com/chef/chef/pull/10925 + +## What's New in 16.9.32 + +### Improvements + +- Resolved orphaned PowerShell processes when using Compliance Remediation content. +- Reduced Chef Infra Client install size by up to 5%. + +### Chef InSpec 4.26.4 + +Chef InSpec has been updated from 4.25.1 to 4.26.4. + +#### New Features + +- You can now directly refer to settings in the `nginx_conf` resource using the `its` syntax. Thanks [@rgeissert](https://github.com/rgeissert)! +- You can now specify the shell type for WinRM connections using the `--winrm-shell-type` option. Thanks [@catriona1](https://github.com/catriona1)! +- Plugin settings can now be set programmatically. Thanks [@tecracer-theinen](https:/github.com/tecracer-theinen)! + +#### Bug Fixes + +- Updated the `oracledb_session` to use more general invocation options. Thanks [@pacopal](https://github.com/pacopal)! +- Fixed an error with the `http` resource in Chef Infra Client by including `faraday_middleware` in the gemspec. +- Fixed an incompatibility between `parslet` and `toml` in Chef Infra Client. +- Improved programmatic plugin configuration. ## What's New in 16.9.29 @@ -1 +1 @@ -17.0.58
\ No newline at end of file +17.0.66
\ No newline at end of file diff --git a/chef-bin/lib/chef-bin/version.rb b/chef-bin/lib/chef-bin/version.rb index 381b99efbb..2ad1acaf2f 100644 --- a/chef-bin/lib/chef-bin/version.rb +++ b/chef-bin/lib/chef-bin/version.rb @@ -21,7 +21,7 @@ module ChefBin CHEFBIN_ROOT = File.expand_path("..", __dir__) - VERSION = "17.0.58".freeze + VERSION = "17.0.66".freeze end # diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index 383f8833b5..fb08061263 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -15,5 +15,5 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("..", __dir__) - VERSION = "17.0.58".freeze + VERSION = "17.0.66".freeze end diff --git a/chef-utils/lib/chef-utils/version.rb b/chef-utils/lib/chef-utils/version.rb index a3b6af3a9a..fe4ab547de 100644 --- a/chef-utils/lib/chef-utils/version.rb +++ b/chef-utils/lib/chef-utils/version.rb @@ -16,5 +16,5 @@ module ChefUtils CHEFUTILS_ROOT = File.expand_path("..", __dir__) - VERSION = "17.0.58" + VERSION = "17.0.66" end diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 1550c62dc1..340ffaecfd 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -217,6 +217,16 @@ class Chef description: "Execute the bootstrap via sudo with password.", boolean: false + # runtime - su user + option :su_user, + long: "--su-user NAME", + description: "The su - USER name to perform bootstrap command using a non-root user." + + # runtime - su user password + option :su_password, + long: "--su-password PASSWORD", + description: "The su USER password for authentication." + # runtime - client_builder option :chef_node_name, short: "-N NAME", @@ -591,13 +601,31 @@ class Chef def perform_bootstrap(remote_bootstrap_script_path) ui.info("Bootstrapping #{ui.color(server_name, :bold)}") cmd = bootstrap_command(remote_bootstrap_script_path) - r = connection.run_command(cmd) do |data| + bootstrap_run_command(cmd) + end + + # Actual bootstrap command to be run on the node. + # Handles recursive calls if su USER failed to authenticate. + def bootstrap_run_command(cmd) + r = connection.run_command(cmd) do |data, channel| ui.msg("#{ui.color(" [#{connection.hostname}]", :cyan)} #{data}") + channel.send_data("#{config[:su_password] || config[:connection_password]}\n") if data.match?("Password:") end + if r.exit_status != 0 ui.error("The following error occurred on #{server_name}:") - ui.error(r.stderr) - exit 1 + ui.error("#{r.stdout} #{r.stderr}".strip) + exit(r.exit_status) + end + rescue Train::UserError => e + limit ||= 0 + if e.reason == :bad_su_user_password && limit < 3 + limit += 1 + ui.warn("Failed to authenticate su - #{config[:su_user]} to #{server_name}") + config[:su_password] = ui.ask("Enter password for su - #{config[:su_user]}@#{server_name}:", echo: false) + retry + else + raise end end @@ -1082,7 +1110,17 @@ class Chef if connection.windows? "cmd.exe /C #{remote_path}" else - "sh #{remote_path}" + cmd = "sh #{remote_path}" + + if config[:su_user] + # su - USER is subject to required an interactive console + # Otherwise, it will raise: su: must be run from a terminal + set_transport_options(pty: true) + cmd = "su - #{config[:su_user]} -c '#{cmd}'" + cmd = "sudo " << cmd if config[:use_sudo] + end + + cmd end end @@ -1137,6 +1175,18 @@ class Chef timeout.to_i end + + # Train::Transports::SSH::Connection#transport_options + # Append the options to connection transport_options + # + # @param opts [Hash] the opts to be added to connection transport_options. + # @return [Hash] transport_options if the opts contains any option to be set. + # + def set_transport_options(opts) + return unless opts.is_a?(Hash) || !opts.empty? + + connection&.connection&.transport_options&.merge! opts + end end end end diff --git a/lib/chef/resource/systemd_unit.rb b/lib/chef/resource/systemd_unit.rb index b028214441..f6384ac947 100644 --- a/lib/chef/resource/systemd_unit.rb +++ b/lib/chef/resource/systemd_unit.rb @@ -34,7 +34,7 @@ class Chef ```ruby systemd_unit 'etcd.service' do - content({Unit: { + content(Unit: { Description: 'Etcd', Documentation: ['https://coreos.com/etcd', 'man:etcd(1)'], After: 'network.target', @@ -46,7 +46,7 @@ class Chef }, Install: { WantedBy: 'multi-user.target', - }}) + }) action [:create, :enable] end ``` diff --git a/lib/chef/version.rb b/lib/chef/version.rb index 3eb69e8fff..20fff3dcfa 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -23,7 +23,7 @@ require_relative "version_string" class Chef CHEF_ROOT = File.expand_path("..", __dir__) - VERSION = Chef::VersionString.new("17.0.58") + VERSION = Chef::VersionString.new("17.0.66") end # diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index 6636a2a38c..1c4757770d 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/chef/omnibus - revision: 44f13035ff8aa40ea15e4483dfcfde09b8c82e5c + revision: 65c593140db931e91a25ce6624d99a3248c7288e branch: master specs: - omnibus (8.0.11) + omnibus (8.0.13) aws-sdk-s3 (~> 1) chef-cleanroom (~> 1.0) chef-utils (>= 15.4) @@ -32,7 +32,7 @@ GEM artifactory (3.0.15) awesome_print (1.8.0) aws-eventstream (1.1.0) - aws-partitions (1.418.0) + aws-partitions (1.419.0) aws-sdk-core (3.111.2) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -368,7 +368,7 @@ GEM toml-rb (2.0.1) citrus (~> 3.0, > 3.0) tomlrb (1.3.0) - train-core (3.4.7) + train-core (3.4.8) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 64a59f2ddb..a3dd714094 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -1726,7 +1726,8 @@ describe Chef::Knife::Bootstrap do describe "#perform_bootstrap" do let(:exit_status) { 0 } - let(:result_mock) { double("result", exit_status: exit_status, stderr: "A message") } + let(:stdout) { "" } + let(:result_mock) { double("result", exit_status: exit_status, stderr: "A message", stdout: stdout) } before do allow(connection).to receive(:hostname).and_return "testhost" @@ -1739,12 +1740,13 @@ describe Chef::Knife::Bootstrap do expect(connection) .to receive(:run_command) .with("sh /path.sh") - .and_yield("output here") + .and_yield("output here", nil) .and_return result_mock expect(knife.ui).to receive(:msg).with(/testhost/) knife.perform_bootstrap("/path.sh") end + context "when the remote command fails" do let(:exit_status) { 1 } it "shows an error and exits" do @@ -1756,6 +1758,25 @@ describe Chef::Knife::Bootstrap do expect { knife.perform_bootstrap("/path.sh") }.to raise_error(SystemExit) end end + + context "when the remote command failed due to su auth error" do + let(:exit_status) { 1 } + let(:stdout) { "su: Authentication failure" } + let(:connection_obj) { double("connection", transport_options: {}) } + it "shows an error and exits" do + allow(connection).to receive(:connection).and_return(connection_obj) + expect(knife.ui).to receive(:info).with(/Bootstrapping.*/) + expect(knife).to receive(:bootstrap_command) + .with("/path.sh") + .and_return("su - USER -c 'sh /path.sh'") + expect(connection) + .to receive(:run_command) + .with("su - USER -c 'sh /path.sh'") + .and_yield("output here", nil) + .and_raise(Train::UserError) + expect { knife.perform_bootstrap("/path.sh") }.to raise_error(Train::UserError) + end + end end describe "#connect!" do @@ -1964,7 +1985,25 @@ describe Chef::Knife::Bootstrap do context "under Linux" do let(:linux_test) { true } it "prefixes the command to run under sh" do - expect(knife.bootstrap_command("bootstrap")).to eq "sh bootstrap" + expect(knife.bootstrap_command("bootstrap.sh")).to eq "sh bootstrap.sh" + end + + context "with --su-user option" do + let(:connection_obj) { double("connection", transport_options: {}) } + before do + knife.config[:su_user] = "root" + allow(connection).to receive(:connection).and_return(connection_obj) + end + it "prefixes the command to run using su -USER -c" do + expect(knife.bootstrap_command("bootstrap.sh")).to eq "su - #{knife.config[:su_user]} -c 'sh bootstrap.sh'" + expect(connection_obj.transport_options.key?(:pty)).to eq true + end + + it "sudo appended if --sudo option enabled" do + knife.config[:use_sudo] = true + expect(knife.bootstrap_command("bootstrap.sh")).to eq "sudo su - #{knife.config[:su_user]} -c 'sh bootstrap.sh'" + expect(connection_obj.transport_options.key?(:pty)).to eq true + end end end end |