diff options
author | tyler-ball <tball@chef.io> | 2018-12-19 16:17:14 -0700 |
---|---|---|
committer | Mark Anderson <mark@chef.io> | 2019-05-03 19:19:10 -0700 |
commit | b134493e65d73636d25aa569f9b77f9c0b4c3f88 (patch) | |
tree | b7969e6aea16fdedda9de9b3a344900438c00dd4 | |
parent | c83bdc4c6adefe29f15ae5bad9eb8f5a6ba30b7e (diff) | |
download | chef-b134493e65d73636d25aa569f9b77f9c0b4c3f88.tar.gz |
Adding in the license-acceptance flow
This adds a new feature to chef-client where users must accept the
EULA before using the product. Users can accept the license by
passing '--chef-license accept', setting ENV[CHEF_LICENSE]=accept or by
running 'chef-client' and following the interactive prompt.
Signed-off-by: tyler-ball <tball@chef.io>
-rw-r--r-- | .travis.yml | 1 | ||||
-rw-r--r-- | RELEASE_NOTES.md | 13 | ||||
-rw-r--r-- | appveyor.yml | 1 | ||||
-rw-r--r-- | kitchen-tests/Berksfile | 1 | ||||
-rw-r--r-- | kitchen-tests/Gemfile | 2 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/end_to_end/Berksfile | 3 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/end_to_end/attributes/default.rb | 2 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/rspec/templates/run-chef-rspec | 1 | ||||
-rw-r--r-- | kitchen-tests/kitchen.yml | 1 | ||||
-rw-r--r-- | lib/chef/application.rb | 6 | ||||
-rw-r--r-- | lib/chef/application/client.rb | 3 | ||||
-rw-r--r-- | lib/chef/application/knife.rb | 3 | ||||
-rw-r--r-- | spec/integration/client/client_spec.rb | 18 | ||||
-rw-r--r-- | spec/unit/application/knife_spec.rb | 8 | ||||
-rw-r--r-- | spec/unit/application_spec.rb | 6 | ||||
-rwxr-xr-x | tasks/bin/run_external_test | 6 |
16 files changed, 65 insertions, 10 deletions
diff --git a/.travis.yml b/.travis.yml index 18a12e654d..ed538216f7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,6 +30,7 @@ branches: env: global: - FORCE_FFI_YAJL=ext + - CHEF_LICENSE=accept-no-persist matrix: include: diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index b0913a2a2f..531a8d42de 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -6,6 +6,19 @@ Chef 15 release notes will be added here as development progresses. ## New Features / Functionality +### Chef EULA + +Chef Client requires a EULA to be accepted by users before it can run. Users can accept the EULA in a variety of ways: + +`chef-client --chef-license accept` +`chef-client --chef-license accept-no-persist` +`CHEF_LICENSE=accept chef-client` +`CHEF_LICENSE=accept-no-persist chef-client` + +Finally, if users run `chef-client` without any of these options they will receive an interactive prompt asking for +license acceptance. If the license is accepted a marker file will be written to the filesystem (unless `no-persist` is +specified). Once this file is persisted users no longer need to set any of these flags. + ### Allow Using --delete-entire-chef-repo in Chef Local Mode ### Data Collection Ground-Up Refactor diff --git a/appveyor.yml b/appveyor.yml index 15ab998c80..6ab90e3c2d 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -45,6 +45,7 @@ install: - bundle config --local path vendor/bundle # use the cache we define above - bundle install || bundle install || bundle install - SET SPEC_OPTS=--format progress + - SET CHEF_LICENSE=accept-no-persist build: off diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile index d699452ebe..df9f0427e6 100644 --- a/kitchen-tests/Berksfile +++ b/kitchen-tests/Berksfile @@ -2,3 +2,4 @@ source "https://supermarket.chef.io" cookbook "end_to_end", path: "cookbooks/end_to_end" cookbook "rspec", path: "cookbooks/rspec" +cookbook "chef-client", git: "https://github.com/tyler-ball/chef-client.git", branch: "chef_license_accept" diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile index c2437a307b..a8d064fb80 100644 --- a/kitchen-tests/Gemfile +++ b/kitchen-tests/Gemfile @@ -7,4 +7,4 @@ gem "berkshelf", git: "https://github.com/berkshelf/berkshelf.git", branch: "mas gem "kitchen-dokken", "~> 2.0" gem "kitchen-inspec", git: "https://github.com/chef/kitchen-inspec.git", branch: "master" gem "inspec", git: "https://github.com/inspec/inspec.git", branch: "master" # this goes away when we ship inspec 4 -gem "test-kitchen", git: "https://github.com/test-kitchen/test-kitchen.git", branch: "master" +gem "test-kitchen", git: "https://github.com/test-kitchen/test-kitchen.git", branch: "chef_license_accept" diff --git a/kitchen-tests/cookbooks/end_to_end/Berksfile b/kitchen-tests/cookbooks/end_to_end/Berksfile deleted file mode 100644 index 967b9a78b6..0000000000 --- a/kitchen-tests/cookbooks/end_to_end/Berksfile +++ /dev/null @@ -1,3 +0,0 @@ -source "https://supermarket.chef.io" - -metadata diff --git a/kitchen-tests/cookbooks/end_to_end/attributes/default.rb b/kitchen-tests/cookbooks/end_to_end/attributes/default.rb index 5e8cee6736..b8ac7f8119 100644 --- a/kitchen-tests/cookbooks/end_to_end/attributes/default.rb +++ b/kitchen-tests/cookbooks/end_to_end/attributes/default.rb @@ -62,6 +62,8 @@ default["chef_client"]["splay"] = 1800 # only log what we change default["chef_client"]["config"]["verbose_logging"] = false +default["chef_client"]["chef_license"] = "accept-no-persist" + # # resolver cookbook overrides # diff --git a/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec b/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec index 54c4297479..4a1eb54b48 100644 --- a/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec +++ b/kitchen-tests/cookbooks/rspec/templates/run-chef-rspec @@ -8,4 +8,5 @@ export PATH=/opt/chef/embedded/bin:$PATH cd /opt/chef/embedded/apps/chef /opt/chef/embedded/bin/bundle install +export CHEF_LICENSE=accept-no-persist /opt/chef/embedded/bin/bundle exec /opt/chef/embedded/bin/rspec --format progress diff --git a/kitchen-tests/kitchen.yml b/kitchen-tests/kitchen.yml index 5fe3b8540f..0b4b1964fc 100644 --- a/kitchen-tests/kitchen.yml +++ b/kitchen-tests/kitchen.yml @@ -12,6 +12,7 @@ provisioner: name: dokken client_rb: diff_disabled: true + chef_license: "accept-no-persist" lifecycle: pre_converge: diff --git a/lib/chef/application.rb b/lib/chef/application.rb index 549d8b4482..d5b0847f11 100644 --- a/lib/chef/application.rb +++ b/lib/chef/application.rb @@ -29,6 +29,7 @@ require "tmpdir" require "rbconfig" require "chef/application/exit_code" require "chef/dist" +require "license_acceptance/acceptor" class Chef class Application @@ -64,6 +65,7 @@ class Chef setup_signal_handlers reconfigure setup_application + check_license_acceptance run_application end @@ -248,6 +250,10 @@ class Chef raise Chef::Exceptions::Application, "#{self}: you must override setup_application" end + def check_license_acceptance + LicenseAcceptance::Acceptor.check_and_persist!("chef-client", Chef::VERSION.to_s, logger: logger) + end + # Actually run the application def run_application raise Chef::Exceptions::Application, "#{self}: you must override run_application" diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb index 390acfba04..31932b812c 100644 --- a/lib/chef/application/client.rb +++ b/lib/chef/application/client.rb @@ -30,10 +30,12 @@ require "chef-config/mixin/dot_d" require "mixlib/archive" require "uri" require "chef/dist" +require "license_acceptance/cli_flags/mixlib_cli" class Chef::Application::Client < Chef::Application include Chef::Mixin::ShellOut include ChefConfig::Mixin::DotD + include LicenseAcceptance::CLIFlags::MixlibCLI # Mimic self_pipe sleep from Unicorn to capture signals safely SELF_PIPE = [] # rubocop:disable Style/MutableConstant @@ -220,6 +222,7 @@ class Chef::Application::Client < Chef::Application Chef::RunList::RunListItem.new(item) end } + option :why_run, short: "-W", long: "--why-run", diff --git a/lib/chef/application/knife.rb b/lib/chef/application/knife.rb index 52d447891f..cc4e66c52f 100644 --- a/lib/chef/application/knife.rb +++ b/lib/chef/application/knife.rb @@ -21,8 +21,10 @@ require "mixlib/log" require "ohai/config" require "chef/monkey_patches/net_http.rb" require "chef/dist" +require "license_acceptance/cli_flags/mixlib_cli" class Chef::Application::Knife < Chef::Application + include LicenseAcceptance::CLIFlags::MixlibCLI NO_COMMAND_GIVEN = "You need to pass a sub-command (e.g., knife SUB-COMMAND)\n".freeze @@ -159,6 +161,7 @@ class Chef::Application::Knife < Chef::Application Mixlib::Log::Formatter.show_time = false validate_and_parse_options quiet_traps + check_license_acceptance Chef::Knife.run(ARGV, options) exit 0 end diff --git a/spec/integration/client/client_spec.rb b/spec/integration/client/client_spec.rb index cde25662c1..23f262ad02 100644 --- a/spec/integration/client/client_spec.rb +++ b/spec/integration/client/client_spec.rb @@ -60,6 +60,24 @@ describe "chef-client" do shell_out!("#{chef_client} -c \"#{path_to('config/client.rb')}\" -o 'x::default'", cwd: chef_dir) end + it "should complete successfully with no other environment variables", skip: (Chef::Platform.windows?) do + file "config/client.rb", <<~EOM + local_mode true + cookbook_path "#{path_to('cookbooks')}" + # One environment variable we DO need to prevent hanging + ENV["CHEF_LICENSE"] = "accept-no-persist" + EOM + + begin + result = shell_out("env -i #{critical_env_vars} #{chef_client} -c \"#{path_to('config/client.rb')}\" -o 'x::default'", cwd: chef_dir) + result.error! + rescue + Chef::Log.info "Bare invocation will have the following load-path." + Chef::Log.info shell_out!("env -i #{critical_env_vars} ruby -e 'puts $:'").stdout + raise + end + end + it "should complete successfully with --no-listen" do file "config/client.rb", <<~EOM local_mode true diff --git a/spec/unit/application/knife_spec.rb b/spec/unit/application/knife_spec.rb index 8a574b4d0f..f5ede6318b 100644 --- a/spec/unit/application/knife_spec.rb +++ b/spec/unit/application/knife_spec.rb @@ -45,6 +45,7 @@ describe Chef::Application::Knife do @knife = Chef::Application::Knife.new allow(@knife).to receive(:puts) allow(@knife).to receive(:trap) + allow(@knife).to receive(:check_license_acceptance) allow(Chef::Knife).to receive(:list_commands) end @@ -65,6 +66,7 @@ describe Chef::Application::Knife do with_argv(*%w{noop knife command with some args}) do knife = double(Chef::Knife) expect(Chef::Knife).to receive(:run).with(ARGV, @knife.options).and_return(knife) + expect(@knife).to receive(:check_license_acceptance) expect(@knife).to receive(:exit).with(0) @knife.run end @@ -75,11 +77,7 @@ describe Chef::Application::Knife do expect(@knife).to receive(:exit).with(0) @knife.run end - if windows? - expect(Chef::Config[:color]).to be_truthy - else - expect(Chef::Config[:color]).to be_truthy - end + expect(Chef::Config[:color]).to be_truthy end context "when given fips flags" do diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index e76e21bddc..ca8397f5d7 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -72,6 +72,7 @@ describe Chef::Application do describe "run" do before do allow(@app).to receive(:setup_application).and_return(true) + allow(@app).to receive(:check_license_acceptance) allow(@app).to receive(:run_application).and_return(true) allow(@app).to receive(:configure_chef).and_return(true) allow(@app).to receive(:configure_logging).and_return(true) @@ -87,6 +88,11 @@ describe Chef::Application do @app.run end + it "should check the license acceptance" do + expect(@app).to receive(:check_license_acceptance) + @app.run + end + it "should run the actual application" do expect(@app).to receive(:run_application).and_return(true) @app.run diff --git a/tasks/bin/run_external_test b/tasks/bin/run_external_test index 5f1ac8f210..04fe5343ba 100755 --- a/tasks/bin/run_external_test +++ b/tasks/bin/run_external_test @@ -13,7 +13,11 @@ git_thing = ARGV.shift build_dir = File.expand_path(ENV["TRAVIS_BUILD_DIR"] || Dir.pwd) -env = { "GEMFILE_MOD" => "gem 'chef', path: '#{build_dir}'; gem 'ohai', git: 'https://github.com/chef/ohai.git', branch: 'master'" } +env = { + "GEMFILE_MOD" => "gem 'chef', path: '#{build_dir}'; " \ + "gem 'ohai', git: 'https://github.com/chef/ohai.git'", + "CHEF_LICENSE" => "accept-no-persist", +} Dir.mktmpdir("chef-external-test") do |dir| git_url = "https://github.com/#{github_repo}" |