Merge branch 'main' into jfm/chef18_version

author: John McCrae <john.mccrae@progress.com> 2022-11-28 23:10:28 +0600
committer: GitHub <noreply@github.com> 2022-11-28 23:10:28 +0600
commit: 77d42ff9f688eb3ea56aa44451707b884f03130b (patch)
tree: bd9d822e4cb2daa762e157d2d09c729bd4c5f223
parent: 82b3a502f2f1e6bf7403da05fa63a636617b1e23 (diff)
parent: 32d94dffcf69712023d8f3922b3b9f3a3d732f3a (diff)
download: chef-77d42ff9f688eb3ea56aa44451707b884f03130b.tar.gz
15 files changed, 156 insertions, 41 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index fc57e7fb99..cfcfa29d90 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,36 +1,43 @@
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
 This changelog lists individual merged pull requests to Chef Infra Client and geared towards developers. For a list of significant changes per release see the [Chef Infra Client Release Notes](https://docs.chef.io/release_notes_client/).
 
-<!-- latest_release 18.0.185 -->
-## [v18.0.185](https://github.com/chef/chef/tree/v18.0.185) (2022-11-15)
+<!-- latest_release 18.0.187 -->
+## [v18.0.187](https://github.com/chef/chef/tree/v18.0.187) (2022-11-28)
 
 #### Merged Pull Requests
-- Add recipients of Awesome Chef Awards 2021/2022 [#13285](https://github.com/chef/chef/pull/13285) ([tnir](https://github.com/tnir))
+- Update omnibus-software for FIPS issues [#13375](https://github.com/chef/chef/pull/13375) ([tpowell-progress](https://github.com/tpowell-progress))
 <!-- latest_release -->
 
-<!-- release_rollup since=18.0.169 -->
+<!-- release_rollup since=18.0.185 -->
 ### Changes not yet released to stable
 
 #### Merged Pull Requests
-- Add recipients of Awesome Chef Awards 2021/2022 [#13285](https://github.com/chef/chef/pull/13285) ([tnir](https://github.com/tnir)) <!-- 18.0.185 -->
-- Add allowed_actions for each package type [#13166](https://github.com/chef/chef/pull/13166) ([gene1wood](https://github.com/gene1wood)) <!-- 18.0.184 -->
-- Adding TLS for Habitat-test.ps1 under Windows PowerShell [#13361](https://github.com/chef/chef/pull/13361) ([johnmccrae](https://github.com/johnmccrae)) <!-- 18.0.183 -->
-- fix bug in chef_client_config resource [#13349](https://github.com/chef/chef/pull/13349) ([Stromweld](https://github.com/Stromweld)) <!-- 18.0.182 -->
-- Updating the Hab installer and gems [#13340](https://github.com/chef/chef/pull/13340) ([johnmccrae](https://github.com/johnmccrae)) <!-- 18.0.181 -->
-- Update GitHub Actions to address deprecated actions in workflows [#13344](https://github.com/chef/chef/pull/13344) ([gene1wood](https://github.com/gene1wood)) <!-- 18.0.180 -->
-- fix knife train-core dep for latest supporting net-ssh 7.x dep [#13338](https://github.com/chef/chef/pull/13338) ([Stromweld](https://github.com/Stromweld)) <!-- 18.0.179 -->
-- Fix false updates on cron resource when using integers [#13147](https://github.com/chef/chef/pull/13147) ([kimbernator](https://github.com/kimbernator)) <!-- 18.0.178 -->
-- Remove &quot;free&quot; command from buildkite run as it&#39;s not supported [#13315](https://github.com/chef/chef/pull/13315) ([gene1wood](https://github.com/gene1wood)) <!-- 18.0.177 -->
-- adding choco function to test if it exists already [#13330](https://github.com/chef/chef/pull/13330) ([sean-simmons-progress](https://github.com/sean-simmons-progress)) <!-- 18.0.176 -->
-- Fix call to install_snaps which is missing an argument [#13025](https://github.com/chef/chef/pull/13025) ([gene1wood](https://github.com/gene1wood)) <!-- 18.0.175 -->
-- Fix windows habitat git [#13316](https://github.com/chef/chef/pull/13316) ([mwrock](https://github.com/mwrock)) <!-- 18.0.174 -->
-- Bump deps for net-ssh 7.x for RHEL 9 and Ubuntu 22.04 ssh [#13284](https://github.com/chef/chef/pull/13284) ([Stromweld](https://github.com/Stromweld)) <!-- 18.0.173 -->
-- Bugfix: checksum validation [#13210](https://github.com/chef/chef/pull/13210) ([decoyjoe](https://github.com/decoyjoe)) <!-- 18.0.172 -->
-- Docs: Fix windows package docs examples [#13211](https://github.com/chef/chef/pull/13211) ([decoyjoe](https://github.com/decoyjoe)) <!-- 18.0.171 -->
-- Update the badssl cert to fix kitchen tests [#13311](https://github.com/chef/chef/pull/13311) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) <!-- 18.0.170 -->
+- Update omnibus-software for FIPS issues [#13375](https://github.com/chef/chef/pull/13375) ([tpowell-progress](https://github.com/tpowell-progress)) <!-- 18.0.187 -->
+-     Res validation should be aware of action prop reqs. [#13069](https://github.com/chef/chef/pull/13069) ([sabat](https://github.com/sabat)) <!-- 18.0.186 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v18.0.185](https://github.com/chef/chef/tree/v18.0.185) (2022-11-17)
+
+#### Merged Pull Requests
+- Update the badssl cert to fix kitchen tests [#13311](https://github.com/chef/chef/pull/13311) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit))
+- Docs: Fix windows package docs examples [#13211](https://github.com/chef/chef/pull/13211) ([decoyjoe](https://github.com/decoyjoe))
+- Bugfix: checksum validation [#13210](https://github.com/chef/chef/pull/13210) ([decoyjoe](https://github.com/decoyjoe))
+- Bump deps for net-ssh 7.x for RHEL 9 and Ubuntu 22.04 ssh [#13284](https://github.com/chef/chef/pull/13284) ([Stromweld](https://github.com/Stromweld))
+- Fix windows habitat git [#13316](https://github.com/chef/chef/pull/13316) ([mwrock](https://github.com/mwrock))
+- Fix call to install_snaps which is missing an argument [#13025](https://github.com/chef/chef/pull/13025) ([gene1wood](https://github.com/gene1wood))
+- adding choco function to test if it exists already [#13330](https://github.com/chef/chef/pull/13330) ([sean-simmons-progress](https://github.com/sean-simmons-progress))
+- Remove &quot;free&quot; command from buildkite run as it&#39;s not supported [#13315](https://github.com/chef/chef/pull/13315) ([gene1wood](https://github.com/gene1wood))
+- Fix false updates on cron resource when using integers [#13147](https://github.com/chef/chef/pull/13147) ([kimbernator](https://github.com/kimbernator))
+- fix knife train-core dep for latest supporting net-ssh 7.x dep [#13338](https://github.com/chef/chef/pull/13338) ([Stromweld](https://github.com/Stromweld))
+- Update GitHub Actions to address deprecated actions in workflows [#13344](https://github.com/chef/chef/pull/13344) ([gene1wood](https://github.com/gene1wood))
+- Updating the Hab installer and gems [#13340](https://github.com/chef/chef/pull/13340) ([johnmccrae](https://github.com/johnmccrae))
+- fix bug in chef_client_config resource [#13349](https://github.com/chef/chef/pull/13349) ([Stromweld](https://github.com/Stromweld))
+- Adding TLS for Habitat-test.ps1 under Windows PowerShell [#13361](https://github.com/chef/chef/pull/13361) ([johnmccrae](https://github.com/johnmccrae))
+- Add allowed_actions for each package type [#13166](https://github.com/chef/chef/pull/13166) ([gene1wood](https://github.com/gene1wood))
+- Add recipients of Awesome Chef Awards 2021/2022 [#13285](https://github.com/chef/chef/pull/13285) ([tnir](https://github.com/tnir))
+<!-- latest_stable_release -->
+
 ## [v18.0.169](https://github.com/chef/chef/tree/v18.0.169) (2022-10-27)
 
 #### Merged Pull Requests
@@ -205,7 +212,6 @@ This changelog lists individual merged pull requests to Chef Infra Client and ge
 - INFC-321 Uncomment &quot;Upgrade Chef/Ohai Appbundler&quot; build stage in kitchen tests [#13286](https://github.com/chef/chef/pull/13286) ([tpowell-progress](https://github.com/tpowell-progress))
 - Fix missing require and small error in REST implementation [#13066](https://github.com/chef/chef/pull/13066) ([tecracer-theinen](https://github.com/tecracer-theinen))
 - Point berkshelf spec at chef/berkshelf [#13295](https://github.com/chef/chef/pull/13295) ([tpowell-progress](https://github.com/tpowell-progress))
-<!-- latest_stable_release -->
 
 ## [v17.9.26](https://github.com/chef/chef/tree/v17.9.26) (2022-01-05)
 
diff --git a/Dockerfile b/Dockerfile
index c37c58b2f7..5a2477a4e2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,7 @@ FROM busybox
 LABEL maintainer="Chef Software, Inc. <docker@chef.io>"
 
 ARG CHANNEL=stable
-ARG VERSION=18.0.169
+ARG VERSION=18.0.185
 ARG ARCH=x86_64
 ARG PKG_VERSION=6
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 258f408b8d..7f2d22ea8d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -45,12 +45,12 @@ GIT
 PATH
   remote: .
   specs:
-    chef (18.0.185)
+    chef (18.0.187)
       addressable
       aws-sdk-s3 (~> 1.91)
       aws-sdk-secretsmanager (~> 1.46)
-      chef-config (= 18.0.185)
-      chef-utils (= 18.0.185)
+      chef-config (= 18.0.187)
+      chef-utils (= 18.0.187)
       chef-vault
       chef-zero (>= 14.0.11)
       corefoundation (~> 0.3.4)
@@ -79,19 +79,65 @@ PATH
       unf_ext (>= 0.0.8.2)
       uuidtools (>= 2.1.5, < 3.0)
       vault (~> 0.16)
+    chef (18.0.187-x64-mingw-ucrt)
+      addressable
+      aws-sdk-s3 (~> 1.91)
+      aws-sdk-secretsmanager (~> 1.46)
+      chef-config (= 18.0.187)
+      chef-powershell (~> 1.0.12)
+      chef-utils (= 18.0.187)
+      chef-vault
+      chef-zero (>= 14.0.11)
+      corefoundation (~> 0.3.4)
+      diff-lcs (>= 1.2.4, < 1.6.0, != 1.4.0)
+      erubis (~> 2.7)
+      ffi (>= 1.15.5)
+      ffi-libarchive (~> 1.0, >= 1.0.3)
+      ffi-yajl (~> 2.2)
+      iniparse (~> 1.4)
+      inspec-core (>= 5)
+      iso8601 (>= 0.12.1, < 0.14)
+      license-acceptance (>= 1.0.5, < 3)
+      mixlib-archive (>= 0.4, < 2.0)
+      mixlib-authentication (>= 2.1, < 4)
+      mixlib-cli (>= 2.1.1, < 3.0)
+      mixlib-log (>= 2.0.3, < 4.0)
+      mixlib-shellout (>= 3.1.1, < 4.0)
+      net-ftp
+      net-sftp (>= 2.1.2, < 5.0)
+      ohai (~> 18.0)
+      plist (~> 3.2)
+      proxifier (~> 1.0)
+      syslog-logger (~> 1.6)
+      train-core (~> 3.10)
+      train-rest (>= 0.4.1)
+      train-winrm (>= 0.2.5)
+      unf_ext (>= 0.0.8.2)
+      uuidtools (>= 2.1.5, < 3.0)
+      vault (~> 0.16)
+      win32-api (~> 1.10.0)
+      win32-certstore (~> 0.6.15)
+      win32-event (~> 0.6.1)
+      win32-eventlog (= 0.6.3)
+      win32-mmap (~> 0.4.1)
+      win32-mutex (~> 0.4.2)
+      win32-process (~> 0.9)
+      win32-service (>= 2.1.5, < 3.0)
+      win32-taskscheduler (~> 2.0)
+      wmi-lite (~> 1.0)
 
 PATH
   remote: chef-bin
   specs:
-    chef-bin (18.0.185)
-      chef (= 18.0.185)
+    chef-bin (18.0.187)
+      chef (= 18.0.187)
 
 PATH
   remote: chef-config
   specs:
-    chef-config (18.0.185)
+    chef-config (18.0.187)
       addressable
-      chef-utils (= 18.0.185)
+      chef-utils (= 18.0.187)
       fuzzyurl
       mixlib-config (>= 2.2.12, < 4.0)
       mixlib-shellout (>= 2.0, < 4.0)
@@ -100,7 +146,7 @@ PATH
 PATH
   remote: chef-utils
   specs:
-    chef-utils (18.0.185)
+    chef-utils (18.0.187)
       concurrent-ruby
 
 GEM
diff --git a/VERSION b/VERSION
index c94b2147ac..1f2afde79b 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-18.0.185
-\ No newline at end of file
+18.0.187
+\ No newline at end of file
diff --git a/chef-bin/lib/chef-bin/version.rb b/chef-bin/lib/chef-bin/version.rb
index 8c73a47971..6c7f92a4c0 100644
--- a/chef-bin/lib/chef-bin/version.rb
+++ b/chef-bin/lib/chef-bin/version.rb
@@ -21,7 +21,7 @@
 
 module ChefBin
   CHEFBIN_ROOT = File.expand_path("..", __dir__)
-  VERSION = "18.0.185".freeze
+  VERSION = "18.0.187".freeze
 end
 
 #
diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb
index 7a8f8a2088..a31f2508dc 100644
--- a/chef-config/lib/chef-config/version.rb
+++ b/chef-config/lib/chef-config/version.rb
@@ -15,5 +15,5 @@
 
 module ChefConfig
   CHEFCONFIG_ROOT = File.expand_path("..", __dir__)
-  VERSION = "18.0.185".freeze
+  VERSION = "18.0.187".freeze
 end
diff --git a/chef-utils/lib/chef-utils/version.rb b/chef-utils/lib/chef-utils/version.rb
index 650636995d..7a70ccb928 100644
--- a/chef-utils/lib/chef-utils/version.rb
+++ b/chef-utils/lib/chef-utils/version.rb
@@ -16,5 +16,5 @@
 
 module ChefUtils
   CHEFUTILS_ROOT = File.expand_path("..", __dir__)
-  VERSION = "18.0.185"
+  VERSION = "18.0.187"
 end
diff --git a/knife/Gemfile.lock b/knife/Gemfile.lock
index 316c3f8c5e..b5293c93e4 100644
--- a/knife/Gemfile.lock
+++ b/knife/Gemfile.lock
@@ -1,8 +1,8 @@
 PATH
   remote: ..
   specs:
-    chef (18.0.185)
-    chef (18.0.185-x64-mingw-ucrt)
+    chef (18.0.187)
+    chef (18.0.187-x64-mingw-ucrt)
 
 PLATFORMS
   ruby
diff --git a/knife/lib/chef/knife/version.rb b/knife/lib/chef/knife/version.rb
index b64e851d33..eb7ef2936a 100644
--- a/knife/lib/chef/knife/version.rb
+++ b/knife/lib/chef/knife/version.rb
@@ -17,7 +17,7 @@
 class Chef
   class Knife
     KNIFE_ROOT = File.expand_path("../..", __dir__)
-    VERSION = "18.0.185".freeze
+    VERSION = "18.0.187".freeze
   end
 end
 
diff --git a/lib/chef/property.rb b/lib/chef/property.rb
index 1d91495397..b111a56f5c 100644
--- a/lib/chef/property.rb
+++ b/lib/chef/property.rb
@@ -307,7 +307,7 @@ class Chef
     #
     def required?(action = nil)
       if !action.nil? && options[:required].is_a?(Array)
-        options[:required].include?(action)
+        (options[:required] & Array(action)).any?
       else
         !!options[:required]
       end
@@ -426,7 +426,7 @@ class Chef
         end
       end
 
-      if value.nil? && required?
+      if value.nil? && required?(resource_action(resource))
         raise Chef::Exceptions::ValidationFailed, "#{name} is a required property"
       else
         value
@@ -455,7 +455,7 @@ class Chef
         Chef.deprecated(:property, options[:deprecated])
       end
 
-      if value.nil? && required?
+      if value.nil? && required?(resource_action(resource))
         raise Chef::Exceptions::ValidationFailed, "#{name} is a required property"
       else
         value
@@ -768,5 +768,10 @@ class Chef
       end
       visitor.call(value)
     end
+
+    # action from resource, if available
+    def resource_action(resource)
+      resource.action if resource.respond_to?(:action)
+    end
   end
 end
diff --git a/lib/chef/version.rb b/lib/chef/version.rb
index cf24f3ee91..d7bb3e9fbe 100644
--- a/lib/chef/version.rb
+++ b/lib/chef/version.rb
@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("18.0.185")
+  VERSION = Chef::VersionString.new("18.0.187")
 end
 
 #
diff --git a/spec/integration/client/fips_spec.rb b/spec/integration/client/fips_spec.rb
new file mode 100644
index 0000000000..1afb7b2874
--- /dev/null
+++ b/spec/integration/client/fips_spec.rb
@@ -0,0 +1,20 @@
+require "spec_helper"
+
+describe "chef-client fips" do
+  def enable_fips
+    OpenSSL.fips_mode = true
+  end
+
+  # All tests assume fips mode is off at present
+  after { OpenSSL.fips_mode = false }
+
+  # For non-FIPS OSes/builds of Ruby, enabling FIPS should error
+  example "Error enabling fips_mode if FIPS not linked", fips_mode: false do
+    expect { enable_fips }.to raise_error(OpenSSL::OpenSSLError)
+  end
+
+  # For FIPS OSes/builds of Ruby, enabling FIPS should not error
+  example "Do not error enabling fips_mode if FIPS linked", fips_mode: true do
+    expect { enable_fips }.not_to raise_error
+  end
+end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index bbf52b95fd..1d040b0f1f 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -138,6 +138,10 @@ RSpec.configure do |config|
 
   config.filter_run_excluding skip_buildkite: true if ENV["BUILDKITE"]
 
+  config.filter_run_excluding fips_mode: !fips_mode_build? unless opensuse?
+  # RubyDistros OpenSUSE docker images have a broken fips
+  config.filter_run_excluding :fips_mode if opensuse?
+
   config.filter_run_excluding windows_only: true unless windows?
   config.filter_run_excluding not_supported_on_windows: true if windows?
   config.filter_run_excluding not_supported_on_macos: true if macos?
diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb
index 6ed0945286..ef7af98bad 100644
--- a/spec/support/platform_helpers.rb
+++ b/spec/support/platform_helpers.rb
@@ -223,6 +223,10 @@ def aes_256_gcm?
   OpenSSL::Cipher.ciphers.include?("aes-256-gcm")
 end
 
+def fips_mode_build?
+  OpenSSL::OPENSSL_FIPS
+end
+
 def fips?
   ENV["CHEF_FIPS"] == "1"
 end
diff --git a/spec/unit/property/validation_spec.rb b/spec/unit/property/validation_spec.rb
index c8daee1580..215dd0cc7f 100644
--- a/spec/unit/property/validation_spec.rb
+++ b/spec/unit/property/validation_spec.rb
@@ -600,6 +600,36 @@ describe "Chef::Resource.property validation" do
       it "does not fail if it is not specified, on running the doit2 action" do
         expect { resource.run_action(:doit2) }.not_to raise_error
       end
+
+      context "when an action does not require it" do
+        before do
+          resource.action(:doit2)
+        end
+
+        it "retrieval succeeds if x is not set when resource uses the doit2 action" do
+          expect { resource.x }.not_to raise_error
+        end
+
+        it "succeeds with set to nil when resource uses the doit2 action" do
+          expect { resource.x nil }.not_to raise_error
+        end
+      end
+
+      context "when an action requires it" do
+        before do
+          # NOTE: this is already the default action, but it doesn't
+          # hurt to be clear about the situation.
+          resource.action(:doit)
+        end
+
+        it "if x is not specified, retrieval fails for the doit action" do
+          expect { resource.x }.to raise_error Chef::Exceptions::ValidationFailed
+        end
+
+        it "value nil is not valid for the doit action (required means 'not nil')" do
+          expect { resource.x nil }.to raise_error Chef::Exceptions::ValidationFailed
+        end
+      end
     end
 
     with_property ":x, String, required: true" do
author	John McCrae <john.mccrae@progress.com>	2022-11-28 23:10:28 +0600
committer	GitHub <noreply@github.com>	2022-11-28 23:10:28 +0600
commit	77d42ff9f688eb3ea56aa44451707b884f03130b (patch)
tree	bd9d822e4cb2daa762e157d2d09c729bd4c5f223
parent	82b3a502f2f1e6bf7403da05fa63a636617b1e23 (diff)
parent	32d94dffcf69712023d8f3922b3b9f3a3d732f3a (diff)
download	chef-77d42ff9f688eb3ea56aa44451707b884f03130b.tar.gz