diff options
author | Thom May <thom@may.lt> | 2016-04-27 18:11:12 +0100 |
---|---|---|
committer | Thom May <thom@may.lt> | 2016-04-27 18:11:12 +0100 |
commit | fae30e6a075977bfad381a22dd979601e350258d (patch) | |
tree | af8aac7006160c4782246e1ba9b5a2ea5e2a3a1e | |
parent | 68c9cbc93ed0d7dd995ae7240c1a8075c7d4387a (diff) | |
download | chef-fae30e6a075977bfad381a22dd979601e350258d.tar.gz |
Revert "Run in fips mode if node is fips enabled"
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | chef-config/Gemfile | 2 | ||||
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 29 | ||||
-rw-r--r-- | chef-config/spec/unit/config_spec.rb | 52 | ||||
-rw-r--r-- | chef.gemspec | 2 | ||||
-rw-r--r-- | lib/chef/application/client.rb | 2 | ||||
-rw-r--r-- | spec/support/shared/context/client.rb | 9 |
7 files changed, 6 insertions, 94 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index f00bf01242..9bdfcb8068 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -33,7 +33,7 @@ PATH net-sftp (~> 2.1, >= 2.1.2) net-ssh (>= 2.9, < 4.0) net-ssh-multi (~> 1.1) - ohai (~> 8.15) + ohai (>= 8.6.0.alpha.1, < 9) plist (~> 3.2) proxifier (~> 1.0) rspec-core (~> 3.4) @@ -60,7 +60,7 @@ PATH net-sftp (~> 2.1, >= 2.1.2) net-ssh (>= 2.9, < 4.0) net-ssh-multi (~> 1.1) - ohai (~> 8.15) + ohai (>= 8.6.0.alpha.1, < 9) plist (~> 3.2) proxifier (~> 1.0) rspec-core (~> 3.4) diff --git a/chef-config/Gemfile b/chef-config/Gemfile index 8f10ee91e6..96ab544690 100644 --- a/chef-config/Gemfile +++ b/chef-config/Gemfile @@ -2,5 +2,3 @@ source "https://rubygems.org" # Specify your gem's dependencies in chef-config.gemspec gemspec - -gem "ohai", "~> 8.15" diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index e5260e4633..e6192c22cb 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -38,8 +38,6 @@ module ChefConfig extend Mixlib::Config extend ChefConfig::Mixin::FuzzyHostnameMatcher - @ohai_mutex = Mutex.new - # Evaluates the given string as config. # # +filename+ is used for context in stacktraces, but doesn't need to be the name of an actual file. @@ -515,31 +513,7 @@ module ChefConfig default :recipe_url, nil # Set to true if Chef is to set OpenSSL to run in FIPS mode - default(:fips) do - !ENV["CHEF_FIPS"].nil? || check_fips_via_ohai - end - - # we want to synchronize this ohai call because ohai is not thread safe - # if this gets called in a mulithreaded context, each thread's ohai instance - # will call reset_system while other threads are loading plugins - # the destructive power of reset_system is scoped to the module and not to the instance - def self.check_fips_via_ohai - return @sync_value if defined?(@sync_value) - - @ohai_mutex.synchronize do - return @sync_value if defined?(@sync_value) - require "ohai" - o = Ohai::System.new - o.load_plugins - begin - o.require_plugin "fips" - @sync_value = o[:fips][:kernel][:enabled] - rescue Ohai::Exceptions::DependencyNotFound - @sync_value = false - end - end - @sync_value - end + default(:fips) { ENV["CHEF_FIPS"] == "1" } # Initialize openssl def self.init_openssl @@ -992,7 +966,6 @@ module ChefConfig Digest.const_set("SHA1", OpenSSL::Digest::SHA1) OpenSSL::Digest.send(:remove_const, "MD5") if OpenSSL::Digest.const_defined?("MD5") OpenSSL::Digest.const_set("MD5", Digest::MD5) - ChefConfig.logger.debug "FIPS mode is enabled." end end end diff --git a/chef-config/spec/unit/config_spec.rb b/chef-config/spec/unit/config_spec.rb index 8d0bc8f203..72c0981eca 100644 --- a/chef-config/spec/unit/config_spec.rb +++ b/chef-config/spec/unit/config_spec.rb @@ -19,7 +19,6 @@ require "spec_helper" require "chef-config/config" -require "ohai" RSpec.describe ChefConfig::Config do before(:each) do @@ -166,57 +165,6 @@ RSpec.describe ChefConfig::Config do allow(ChefConfig::Config).to receive(:path_accessible?).and_return(false) end - describe "ChefConfig::Config[:fips]" do - let(:fips_ohai) { double("Ohai::System", load_plugins: nil, require_plugin: nil) } - let(:fips_ohai_data) do - { - kernel: { - enabled: fips_ohai_value, - }, - } - end - let(:fips_ohai_value) { false } - - before(:all) do - @original_env = ENV.to_hash - end - - after(:all) do - ENV.clear - ENV.update(@original_env) - end - - before(:each) do - ENV["CHEF_FIPS"] = nil - allow(Ohai::System).to receive(:new).and_return(fips_ohai) - allow(fips_ohai).to receive(:[]).with(:fips).and_return(fips_ohai_data) - end - - it "returns false when no environment is set and ohai flag is disabled" do - expect(ChefConfig::Config[:fips]).to eq(false) - ChefConfig::Config.instance_eval { remove_instance_variable(:@sync_value) } - end - - context "when ENV['CHEF_FIPS'] is set" do - before do - ENV["CHEF_FIPS"] = "1" - end - - it "returns true" do - expect(ChefConfig::Config[:fips]).to eq(true) - end - end - - context "when fips is enabled in ohai data" do - let(:fips_ohai_value) { true } - - it "returns true" do - expect(ChefConfig::Config[:fips]).to eq(true) - ChefConfig::Config.instance_eval { remove_instance_variable(:@sync_value) } - end - end - end - describe "ChefConfig::Config[:chef_server_root]" do context "when chef_server_url isn't set manually" do it "returns the default of 'https://localhost:443'" do diff --git a/chef.gemspec b/chef.gemspec index 5dfc2aab49..59367b00f8 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.add_dependency "mixlib-log", "~> 1.3" s.add_dependency "mixlib-authentication", "~> 1.4" s.add_dependency "mixlib-shellout", "~> 2.0" - s.add_dependency "ohai", "~> 8.15" + s.add_dependency "ohai", ">= 8.6.0.alpha.1", "< 9" s.add_dependency "ffi-yajl", "~> 2.2" s.add_dependency "net-ssh", ">= 2.9", "< 4.0" diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb index d42ab20033..ac46e533dd 100644 --- a/lib/chef/application/client.rb +++ b/lib/chef/application/client.rb @@ -280,7 +280,7 @@ class Chef::Application::Client < Chef::Application :boolean => true option :fips, - :long => "--[no-]fips", + :long => "--fips", :description => "Enable fips mode", :boolean => true diff --git a/spec/support/shared/context/client.rb b/spec/support/shared/context/client.rb index 2f127c5cbd..d8676ef168 100644 --- a/spec/support/shared/context/client.rb +++ b/spec/support/shared/context/client.rb @@ -16,18 +16,11 @@ shared_context "client" do :machinename => machinename, :platform => platform, :platform_version => platform_version, - :fips => { :kernel => { :enabled => false } }, } end let(:ohai_system) do - ohai = instance_double( - "Ohai::System", - :all_plugins => true, - :data => ohai_data, - :load_plugins => nil, - :require_plugin => nil - ) + ohai = instance_double("Ohai::System", :all_plugins => true, :data => ohai_data) allow(ohai).to receive(:[]) do |k| ohai_data[k] end |