summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn McCrae <john.mccrae@progress.com>2022-05-25 05:35:50 +0000
committerGitHub <noreply@github.com>2022-05-25 05:35:50 +0000
commit10182099e333d7df465e40541e183770da934e60 (patch)
treeae025930633b2eeb8433d4a5d217f9b44bae2080
parentf126d3d0fcc4d7ce499aebcb19a58893cf5cd09e (diff)
parent4559e3d2157160cc097b81e595a8caf5ee43ee94 (diff)
downloadchef-10182099e333d7df465e40541e183770da934e60.tar.gz
Merge pull request #12912 from chef/jfm/chef17-windows-certificate-fixes
-rw-r--r--.github/workflows/kitchen.yml14
-rw-r--r--Gemfile.lock30
-rw-r--r--chef-universal-mingw32.gemspec2
-rw-r--r--kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb16
-rw-r--r--lib/chef/resource/windows_certificate.rb97
-rw-r--r--omnibus/Gemfile.lock34
-rw-r--r--spec/functional/resource/windows_certificate_spec.rb27
7 files changed, 118 insertions, 102 deletions
diff --git a/.github/workflows/kitchen.yml b/.github/workflows/kitchen.yml
index c9b77573ad..9a88eccb06 100644
--- a/.github/workflows/kitchen.yml
+++ b/.github/workflows/kitchen.yml
@@ -30,6 +30,14 @@ jobs:
run: |
$env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH
$env:OHAI_VERSION = ( Select-String -Path .\Gemfile.lock -Pattern '(?<=ohai \()\d.*(?=\))' | ForEach-Object { $_.Matches[0].Value } )
+
+ # The chef-client installer does not put the file 'ansidecl.h' down in the correct location
+ # This leads to failures during testing. Moving that file to its correct position here.
+ # Another example of 'bad' that needs to be corrected
+ $output = gci -path C:\opscode\ -file ansidecl.h -Recurse
+ $target_path = $($output.Directory.Parent.FullName + "\x86_64-w64-mingw32\include")
+ Move-Item -Path $output.FullName -Destination $target_path
+
gem install appbundler appbundle-updater --no-doc
If ($lastexitcode -ne 0) { Exit $lastexitcode }
appbundle-updater chef chef $env:GITHUB_SHA --tarball --github $env:GITHUB_REPOSITORY
@@ -51,12 +59,6 @@ jobs:
Remove-Item -Path C:\opscode\chef\embedded\bin\htmldiff
Remove-Item -Path C:\opscode\chef\embedded\bin\ldiff
}
- # The chef-client installer does not put the file 'ansidecl.h' down in the correct location
- # This leads to failures during testing. Moving that file to its correct position here.
- # Another example of 'bad' that needs to be corrected
- $output = gci -path C:\opscode\ -file ansidecl.h -Recurse
- $target_path = $($output.Directory.Parent.FullName + "\x86_64-w64-mingw32\include")
- Move-Item -Path $output.FullName -Destination $target_path
bundle install --jobs=3 --retry=3
# If ($lastexitcode -ne 0) { Exit $lastexitcode }
diff --git a/Gemfile.lock b/Gemfile.lock
index e6344acf2b..3e23c1dda1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -100,7 +100,7 @@ PATH
uuidtools (>= 2.1.5, < 3.0)
vault (~> 0.16)
win32-api (~> 1.5.3)
- win32-certstore (~> 0.6.2)
+ win32-certstore (~> 0.6.14)
win32-event (~> 0.6.1)
win32-eventlog (= 0.6.3)
win32-mmap (~> 0.4.1)
@@ -143,13 +143,13 @@ GEM
mixlib-shellout (>= 2.0, < 4.0)
ast (2.4.2)
aws-eventstream (1.2.0)
- aws-partitions (1.587.0)
- aws-sdk-core (3.131.0)
+ aws-partitions (1.590.0)
+ aws-sdk-core (3.131.1)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
- jmespath (~> 1.0)
- aws-sdk-kms (1.56.0)
+ jmespath (~> 1, >= 1.6.1)
+ aws-sdk-kms (1.57.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.114.0)
@@ -230,7 +230,7 @@ GEM
hashie (4.1.0)
httpclient (2.8.3)
iniparse (1.5.0)
- inspec-core (4.56.19)
+ inspec-core (4.56.20)
addressable (~> 2.4)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
@@ -253,12 +253,12 @@ GEM
train-core (~> 3.0)
tty-prompt (~> 0.17)
tty-table (~> 0.10)
- inspec-core-bin (4.56.19)
- inspec-core (= 4.56.19)
+ inspec-core-bin (4.56.20)
+ inspec-core (= 4.56.20)
ipaddress (0.8.3)
iso8601 (0.13.0)
jmespath (1.6.1)
- json (2.6.1)
+ json (2.6.0)
libyajl2 (2.1.0)
license-acceptance (2.1.13)
pastel (~> 0.7)
@@ -316,7 +316,7 @@ GEM
rainbow (3.1.1)
rake (13.0.6)
rb-readline (0.5.5)
- regexp_parser (2.3.0)
+ regexp_parser (2.4.0)
rexml (3.2.5)
rspec (3.11.0)
rspec-core (~> 3.11.0)
@@ -343,13 +343,13 @@ GEM
rubocop-ast (>= 1.15.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
- rubocop-ast (1.17.0)
+ rubocop-ast (1.18.0)
parser (>= 3.1.1.0)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
rubyntlm (0.6.3)
rubyzip (2.3.2)
- semverse (3.0.0)
+ semverse (3.0.2)
sslshake (1.3.1)
strings (0.2.1)
strings-ansi (~> 0.2)
@@ -400,7 +400,7 @@ GEM
hashdiff (>= 0.4.0, < 2.0.0)
webrick (1.7.0)
win32-api (1.5.3-universal-mingw32)
- win32-certstore (0.6.13)
+ win32-certstore (0.6.15)
chef-powershell (>= 1.0.12)
ffi
win32-event (0.6.3)
@@ -413,7 +413,7 @@ GEM
ffi
win32-mutex (0.4.3)
win32-ipc (>= 0.6.0)
- win32-process (0.9.0)
+ win32-process (0.10.0)
ffi (>= 1.0.0)
win32-service (2.3.2)
ffi
@@ -471,4 +471,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
- 2.3.7
+ 2.3.5
diff --git a/chef-universal-mingw32.gemspec b/chef-universal-mingw32.gemspec
index 6d9497486c..a001bdc46c 100644
--- a/chef-universal-mingw32.gemspec
+++ b/chef-universal-mingw32.gemspec
@@ -14,7 +14,7 @@ gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
gemspec.add_dependency "wmi-lite", "~> 1.0"
gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
-gemspec.add_dependency "win32-certstore", "~> 0.6.2"
+gemspec.add_dependency "win32-certstore", "~> 0.6.14"
gemspec.add_dependency "chef-powershell", "~> 1.0.12" # 0.5+ required for specifying user vs. system store
gemspec.extensions << "ext/win32-eventlog/Rakefile"
gemspec.files += Dir.glob("{distro,ext}/**/*")
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb
index 94e6cedde8..e719a01837 100644
--- a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb
+++ b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb
@@ -1,10 +1,10 @@
chef_client_trusted_certificate "self-signed.badssl.com" do
certificate <<~CERT
-----BEGIN CERTIFICATE-----
-MIIDeTCCAmGgAwIBAgIJAMnA8BB8xT6wMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
+MIIDeTCCAmGgAwIBAgIJALvxdCPEMG1VMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0y
-MTEwMTEyMDAzNTRaFw0yMzEwMTEyMDAzNTRaMGIxCzAJBgNVBAYTAlVTMRMwEQYD
+MjA1MTcyMTE1MjVaFw0yNDA1MTYyMTE1MjVaMGIxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK
DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2
@@ -14,12 +14,12 @@ xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve
ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY
QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T
BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI
-hvcNAQELBQADggEBAC4DensZ5tCTeCNJbHABYPwwqLUFOMITKOOgF3t8EqOan0CH
-ST1NNi4jPslWrVhQ4Y3UbAhRBdqXl5N/NFfMzDosPpOjFgtifh8Z2s3w8vdlEZzf
-A4mYTC8APgdpWyNgMsp8cdXQF7QOfdnqOfdnY+pfc8a8joObR7HEaeVxhJs+XL4E
-CLByw5FR+svkYgCbQGWIgrM1cRpmXemt6Gf/XgFNP2PdubxqDEcnWlTMk8FCBVb1
-nVDSiPjYShwnWsOOshshCRCAiIBPCKPX0QwKDComQlRrgMIvddaSzFFTKPoNZjC+
-CUspSNnL7V9IIHvqKlRSmu+zIpm2VJCp1xLulk8=
+hvcNAQELBQADggEBAI8cPgdGNaXwomKxzksJPMCHQC3zkTKQBqGAk4yWp3w7/WHV
+1dTz/ezCH1UpxRUqTIZ/jS7OwrERRJCw6wr84WrKj0TKgZI00LEoRg3eK+U5QJj1
+4HZ8UTVkYL7OhPBanGgACw0eOvFtLdwizBTAw+B79Uzx0j84babX8HFq8UJR997H
+FN+Fo9w4+ObXiA6BB9+fsqhRKPcIvt4HI6eQ4S/5lBkZbhHIPSR5oy4y7AsnZeb8
+hFNhP/WPdRvk4za0cAkuhoY5/3A/U4eFrXYL4N8mhqiRWvqbSaBT2YnlbSVxEDQM
+CJWRCL+Lq4ZHGYgXSi1T0/LJHSlOa1F5qhZpk9A=
-----END CERTIFICATE-----
CERT
end
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb
index 528b0c53f6..79abfa4c19 100644
--- a/lib/chef/resource/windows_certificate.rb
+++ b/lib/chef/resource/windows_certificate.rb
@@ -29,7 +29,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
class Chef
class Resource
class WindowsCertificate < Chef::Resource
- unified_mode true
provides :windows_certificate
@@ -129,14 +128,14 @@ class Chef
end
action :delete, description: "Deletes a certificate." do
- cert_obj = fetch_cert
+ cert_is_valid = verify_cert
- if cert_obj
+ if cert_is_valid == true
converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do
delete_cert
end
else
- Chef::Log.debug("Certificate not found")
+ Chef::Log.debug("Certificate Not Found")
end
end
@@ -146,17 +145,25 @@ class Chef
end
if ::File.extname(new_resource.output_path) == ".pfx"
- powershell_exec!(pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_resource.output_path, password: new_resource.pfx_password ))
+
+ validated_thumbprint = validate_thumbprint(new_resource.source)
+ if validated_thumbprint != false # is the thumbprint valid
+ cert_obj = powershell_exec!(pfx_ps_cmd(validate_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_resource.output_path, password: new_resource.pfx_password ))
+ else
+ message = "While fetching the certificate, was passed the following invalid certificate thumbprint : #{new_resource.source}\n"
+ raise Chef::Exceptions::InvalidKeyAttribute, message
+ end
+
else
cert_obj = fetch_cert
end
- if cert_obj
+ if cert_obj != false && cert_obj != "Certificate Not Found"
converge_by("Fetching certificate #{new_resource.source} from Store \\#{ps_cert_location}\\#{new_resource.store_name}") do
export_cert(cert_obj, output_path: new_resource.output_path, store_name: new_resource.store_name , store_location: ps_cert_location, pfx_password: new_resource.pfx_password)
end
else
- Chef::Log.debug("Certificate not found")
+ Chef::Log.debug("Certificate Not Found")
end
end
@@ -187,7 +194,7 @@ class Chef
def delete_cert
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
- store.delete(resolve_thumbprint(new_resource.source))
+ store.delete(validate_thumbprint(new_resource.source))
end
def fetch_cert
@@ -196,17 +203,16 @@ class Chef
fetch_key
else
- store.get(resolve_thumbprint(new_resource.source), store_name: new_resource.store_name, store_location: native_cert_location)
+ store.get(validate_thumbprint(new_resource.source))
end
end
def fetch_key
require "openssl" unless defined?(OpenSSL)
file_name = ::File.basename(new_resource.output_path, ::File.extname(new_resource.output_path))
- directory = ::File.dirname(new_resource.output_path)
pfx_file = file_name + ".pfx"
new_pfx_output_path = ::File.join(Chef::FileCache.create_cache_path("pfx_files"), pfx_file)
- powershell_exec(pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_pfx_output_path, password: new_resource.pfx_password ))
+ powershell_exec(pfx_ps_cmd(validate_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_pfx_output_path, password: new_resource.pfx_password ))
pkcs12 = OpenSSL::PKCS12.new(::File.binread(new_pfx_output_path), new_resource.pfx_password)
f = ::File.open(new_resource.output_path, "w")
f.write(pkcs12.key.to_s)
@@ -245,10 +251,6 @@ class Chef
::File.file?(source)
end
- def is_file?(source)
- ::File.file?(source)
- end
-
# Thumbprints should be exactly 40 Hex characters
def valid_thumbprint?(string)
string.match?(/[0-9A-Fa-f]/) && string.length == 40
@@ -261,29 +263,29 @@ class Chef
GETTHUMBPRINTCODE
end
- def resolve_thumbprint(thumbprint)
- return thumbprint if valid_thumbprint?(thumbprint)
-
- powershell_exec!(get_thumbprint(new_resource.store_name, ps_cert_location, new_resource.source)).result
+ def validate_thumbprint(thumbprint)
+ # valid_thumbprint can return false under at least 2 conditions:
+ # one is that the thumbprint is in fact busted
+ # the second is that the thumbprint is valid but belongs to an expired certificate already installed
+ results = valid_thumbprint?(thumbprint)
+ results == true ? thumbprint : false
end
- # Checks whether a certificate with the given thumbprint
- # is already present and valid in certificate store
- # If the certificate is not present, verify_cert returns a String: "Certificate not found"
- # But if it is present but expired, it returns a Boolean: false
- # Otherwise, it returns a Boolean: true
- # updated this method to accept either a subject name or a thumbprint - 1/29/2021
-
+ # Checks to make sure whether the cert is found or not
+ # if it IS found, is it still valid - has it expired?
def verify_cert(thumbprint = new_resource.source)
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
- if new_resource.pfx_password.nil?
- store.valid?(resolve_thumbprint(thumbprint), store_location: native_cert_location, store_name: new_resource.store_name )
+ validated_thumbprint = validate_thumbprint(thumbprint)
+ if validated_thumbprint != false
+ result = store.valid?(thumbprint)
+ result == ( "Certificate Not Found" || "Certificate Has Expired" ) ? false : true
else
- store.valid?(resolve_thumbprint(thumbprint), store_location: native_cert_location, store_name: new_resource.store_name)
+ message = "While verifying the certificate, was passed the following invalid certificate thumbprint : #{thumbprint}\n"
+ raise Chef::Exceptions::InvalidKeyAttribute, message
end
end
- # this array structure is solving 2 problems. The first is that we need to have support for both the CurrentUser AND LocalMachine stores
+ # this structure is solving 2 problems. The first is that we need to have support for both the CurrentUser AND LocalMachine stores
# Secondly, we need to pass the proper constant name for each store to win32-certstore but also pass the short name to powershell scripts used here
def ps_cert_location
new_resource.user_store ? "CurrentUser" : "LocalMachine"
@@ -436,7 +438,7 @@ class Chef
end
def export_cert(cert_obj, output_path:, store_name:, store_location:, pfx_password:)
- # Delete the cert if it exists. This is non-destructive in that it only removes the file and not the entire path.
+ # Delete the cert if it exists on disk already.
# We want to ensure we're not randomly loading an old stinky cert.
if ::File.exists?(output_path)
::File.delete(output_path)
@@ -460,7 +462,20 @@ class Chef
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj} -outform CRT").stdout
out_file.puts(cert_out)
when ".pfx"
- pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: store_location, store_name: store_name, output_path: output_path, password: pfx_password )
+ validated_thumbprint = validate_thumbprint(new_resource.source)
+ if validated_thumbprint != false # is the thumbprint valid
+ store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
+ result = store.valid?(new_resource.source) # is there a cert in the store matching that thumbprint
+ temp = result == ( "Certificate Not Found" || "Certificate Has Expired" ) ? false : true
+ if temp == true
+ pfx_ps_cmd(validate_thumbprint(new_resource.source), store_location: store_location, store_name: store_name, output_path: output_path, password: pfx_password )
+ else
+ Chef::Log.debug("The requested certificate is not found or has expired")
+ end
+ else
+ message = "While exporting the pfx, was passed the following invalid certificate thumbprint : #{new_resource.source}\n"
+ raise Chef::Exceptions::InvalidKeyAttribute, message
+ end
when ".p7b"
cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
out_file.puts(cert_out)
@@ -481,14 +496,11 @@ class Chef
#
def import_certificates(cert_objs, is_pfx, store_name: new_resource.store_name, store_location: native_cert_location)
[cert_objs].flatten.each do |cert_obj|
- # thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
- # pkcs = OpenSSL::PKCS12.new(cert_obj, new_resource.pfx_password)
- # cert = OpenSSL::X509::Certificate.new(pkcs.certificate.to_pem)
thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
- if is_pfx
- if verify_cert(thumbprint) == true
- Chef::Log.debug("Certificate is already present")
- else
+ if verify_cert(thumbprint) == true
+ Chef::Log.debug("Certificate is already present")
+ elsif verify_cert(thumbprint) == false # Not found already in the CertStore
+ if is_pfx
if is_file?(new_resource.source)
converge_by("Creating a PFX #{new_resource.source} for Store #{new_resource.store_name}") do
add_pfx_cert(new_resource.source)
@@ -502,15 +514,14 @@ class Chef
message << exception.message
raise Chef::Exceptions::ArgumentError, message
end
- end
- else
- if verify_cert(thumbprint) == true
- Chef::Log.debug("Certificate is already present")
else
converge_by("Creating a certificate #{new_resource.source} for Store #{new_resource.store_name}") do
add_cert(cert_obj)
end
end
+ else
+ message = "Certificate could not be imported"
+ raise Chef::Exceptions::CertificateNotImportable, message
end
end
end
diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index 0420bc1329..0886df82ad 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -1,6 +1,6 @@
GIT
remote: https://github.com/chef/omnibus-software.git
- revision: 8a0e391d4232ab3fc5fb7a03b15932335a0214c4
+ revision: 36f49ec7dff16c5bf5d60e106ae709dcf1f824b1
branch: main
specs:
omnibus-software (4.0.0)
@@ -33,28 +33,28 @@ GEM
artifactory (3.0.15)
awesome_print (1.9.2)
aws-eventstream (1.2.0)
- aws-partitions (1.577.0)
- aws-sdk-core (3.130.1)
+ aws-partitions (1.590.0)
+ aws-sdk-core (3.131.1)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
- jmespath (~> 1.0)
- aws-sdk-kms (1.55.0)
+ jmespath (~> 1, >= 1.6.1)
+ aws-sdk-kms (1.57.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-s3 (1.113.0)
+ aws-sdk-s3 (1.114.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
- aws-sdk-secretsmanager (1.59.0)
+ aws-sdk-secretsmanager (1.61.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sigv4 (1.4.0)
+ aws-sigv4 (1.5.0)
aws-eventstream (~> 1, >= 1.0.2)
bcrypt_pbkdf (1.1.0)
bcrypt_pbkdf (1.1.0-x64-mingw32)
bcrypt_pbkdf (1.1.0-x86-mingw32)
- berkshelf (7.2.2)
+ berkshelf (8.0.1)
chef (>= 15.7.32)
chef-config
cleanroom (~> 1.0)
@@ -210,7 +210,7 @@ GEM
hashie (4.1.0)
httpclient (2.8.3)
iniparse (1.5.0)
- inspec-core (4.56.19)
+ inspec-core (4.56.20)
addressable (~> 2.4)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
@@ -237,7 +237,7 @@ GEM
ipaddress (0.8.3)
iso8601 (0.13.0)
jmespath (1.6.1)
- json (2.6.1)
+ json (2.6.2)
kitchen-vagrant (1.11.0)
test-kitchen (>= 1.4, < 4)
libyajl2 (2.1.0)
@@ -347,7 +347,7 @@ GEM
sawyer (0.8.2)
addressable (>= 2.3.5)
faraday (> 0.8, < 2.0)
- semverse (3.0.0)
+ semverse (3.0.2)
solve (4.0.4)
molinillo (~> 0.6)
semverse (>= 1.1, < 4.0)
@@ -409,13 +409,13 @@ GEM
unicode-display_width (2.1.0)
unicode_utils (1.4.0)
uuidtools (2.2.0)
- vault (0.16.0)
+ vault (0.17.0)
aws-sigv4
webrick (1.7.0)
win32-api (1.5.3-universal-mingw32)
- win32-certstore (0.6.2)
+ win32-certstore (0.6.15)
+ chef-powershell (>= 1.0.12)
ffi
- mixlib-shellout
win32-event (0.6.3)
win32-ipc (>= 0.6.0)
win32-eventlog (0.6.3)
@@ -426,7 +426,7 @@ GEM
ffi
win32-mutex (0.4.3)
win32-ipc (>= 0.6.0)
- win32-process (0.9.0)
+ win32-process (0.10.0)
ffi (>= 1.0.0)
win32-service (2.3.2)
ffi
@@ -472,4 +472,4 @@ DEPENDENCIES
winrm-fs (~> 1.0)
BUNDLED WITH
- 2.3.7
+ 2.3.5
diff --git a/spec/functional/resource/windows_certificate_spec.rb b/spec/functional/resource/windows_certificate_spec.rb
index df2d1cbec8..9552d559b3 100644
--- a/spec/functional/resource/windows_certificate_spec.rb
+++ b/spec/functional/resource/windows_certificate_spec.rb
@@ -89,7 +89,9 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
end
- after { delete_store }
+ after do
+ delete_store
+ end
describe "action: create" do
it "starts with no certificates" do
@@ -195,7 +197,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
create_store
end
it "fails with no certificates in the store" do
- expect(Chef::Log).to receive(:info).with("Certificate not found")
+ expect(Chef::Log).to receive(:info).with("Certificate not valid")
resource.source = tests_thumbprint
resource.run_action(:verify)
@@ -219,7 +221,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
end
it "fails with an invalid thumbprint" do
- expect(Chef::Log).to receive(:info).with("Certificate not found")
+ expect(Chef::Log).to receive(:info).with("Certificate not valid")
resource.source = others_thumbprint
resource.run_action(:verify)
@@ -253,7 +255,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
end
it "fails with an invalid thumbprint" do
- expect(Chef::Log).to receive(:info).with("Certificate not found")
+ expect(Chef::Log).to receive(:info).with("Certificate not valid")
resource.source = others_thumbprint
resource.run_action(:verify)
@@ -265,11 +267,11 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
describe "action: fetch" do
context "with no certificate in the store" do
- it "throws an error with no certificates in the store" do
- expect(Chef::Log).not_to receive(:info)
+ it "logs a debug error with no certificates in the store" do
+ expect(Chef::Log).to receive(:debug).with("Certificate Not Found")
resource.source = others_thumbprint
resource.output_path = cert_output_path
- expect { resource.run_action :fetch }.to raise_error(ArgumentError)
+ resource.run_action(:fetch)
end
end
@@ -288,7 +290,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
end
it "fails with an invalid thumbprint" do
- expect(Chef::Log).not_to receive(:info)
+ expect(Chef::Log).to receive(:debug).with("Certificate Not Found")
resource.source = others_thumbprint
@@ -296,7 +298,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
path = File.join(dir, "test.pem")
resource.output_path = path
- expect { resource.run_action :fetch }.to raise_error(ArgumentError)
+ resource.run_action(:fetch)
end
end
@@ -340,9 +342,10 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
end
describe "action: delete" do
- it "throws an argument error when attempting to delete a certificate that doesn't exist" do
+ it "logs an error when attempting to delete a certificate that doesn't exist" do
+ expect(Chef::Log).to receive(:debug).with("Certificate Not Found")
resource.source = tests_thumbprint
- expect { resource.run_action :delete }.to raise_error(ArgumentError)
+ resource.run_action(:delete)
end
it "deletes an existing certificate while leaving other certificates alone" do
@@ -360,7 +363,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only do
expect(certificate_count).to eq(1)
expect(resource).to be_updated_by_last_action
- expect { resource.run_action :delete }.to raise_error(ArgumentError)
+ expect { resource.run_action :delete }.not_to raise_error
expect(certificate_count).to eq(1)
expect(resource).not_to be_updated_by_last_action