diff options
55 files changed, 1513 insertions, 309 deletions
diff --git a/acceptance/Gemfile b/acceptance/Gemfile index 70d99492dd..f9a0b5497e 100644 --- a/acceptance/Gemfile +++ b/acceptance/Gemfile @@ -1,10 +1,12 @@ source "https://rubygems.org" gem "mixlib-install", github: "chef/mixlib-install" +gem "chef", path: ".." gem "chef-acceptance", github: "chef/chef-acceptance" -gem "test-kitchen", github: "sersut/test-kitchen", - branch: "sersut/mixlib-install-update" +gem "test-kitchen", github: "sersut/test-kitchen", branch: "sersut/mixlib-install-update" +gem "kitchen-ec2" gem "kitchen-inspec" gem "kitchen-vagrant" gem "windows_chef_zero" gem "winrm-transport" +gem "berkshelf" diff --git a/acceptance/README.md b/acceptance/README.md index 5f6bfc45ba..8f957debb2 100644 --- a/acceptance/README.md +++ b/acceptance/README.md @@ -16,15 +16,22 @@ export APPBUNDLER_ALLOW_RVM=true ### Setting up and running a test suite To get started, do a bundle install from the acceptance directory: ```shell -chef/acceptance$ bundle install +chef/acceptance$ bundle install --binstubs ``` To get some basic info and ensure chef-acceptance can be run, do: ```shell -chef/acceptance$ bundle exec chef-acceptance info +chef/acceptance$ bin/chef-acceptance info ``` To run a particular test suite, do the following: ```shell -chef/acceptance$ bundle exec chef-acceptance test TEST_SUITE +chef/acceptance$ bin/chef-acceptance test TEST_SUITE +``` + +To restrict which OS's will run, use the KITCHEN_INSTANCES environment variable: + +```shell +chef/acceptance$ export KITCHEN_INSTANCES=*-ubuntu-1404 +chef/acceptance$ bin/chef-acceptance test cookbook-git ``` diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/.gitignore b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/.gitignore new file mode 100644 index 0000000000..041413b040 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/.gitignore @@ -0,0 +1,2 @@ +nodes/ +tmp/ diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/libraries/init.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/libraries/init.rb new file mode 100644 index 0000000000..d40d6672e7 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/libraries/init.rb @@ -0,0 +1,19 @@ +module CookbookGit + def self.test_cookbook_name + "git" + end + + def self.test_run_path + File.join(Chef.node["chef-acceptance"]["suite-dir"], "test_run") + end + + def self.acceptance_path + File.expand_path("..", Chef.node["chef-acceptance"]["suite-dir"]) + end + + def self.acceptance_gemfile + File.join(acceptance_path, "Gemfile") + end +end + +ENV["KITCHEN_LOCAL_YAML"] ||= File.join(Chef.node["chef-acceptance"]["suite-dir"], ".kitchen.#{ENV["KITCHEN_DRIVER"] || "vagrant"}.yml") diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/metadata.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/metadata.rb new file mode 100644 index 0000000000..4c7c42d9bd --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/metadata.rb @@ -0,0 +1 @@ +name 'acceptance-cookbook' diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/destroy.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/destroy.rb new file mode 100644 index 0000000000..faf9a87a86 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/destroy.rb @@ -0,0 +1,5 @@ +# Run the test on the current platform +execute "bundle exec kitchen destroy #{ENV['KITCHEN_INSTANCES']}" do + cwd "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" + env "BUNDLE_GEMFILE" => CookbookGit.acceptance_gemfile +end diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/provision.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/provision.rb new file mode 100644 index 0000000000..878de27f54 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/provision.rb @@ -0,0 +1,15 @@ +# Grab the cookbook +directory CookbookGit.test_run_path + +# TODO Grab the source URL from supermarket +# TODO get git to include its kitchen tests in the cookbook. +git "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" do + repository "https://github.com/jkeiser/#{CookbookGit.test_cookbook_name}.git" + branch "jk/windows-fix" +end + +# Run the test on the current platform +execute "bundle exec kitchen converge #{ENV['KITCHEN_INSTANCES']} -c" do + cwd "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" + env "BUNDLE_GEMFILE" => CookbookGit.acceptance_gemfile +end diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/verify.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/verify.rb new file mode 100644 index 0000000000..55b362d131 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/verify.rb @@ -0,0 +1,5 @@ +# Run tests on the current platform +execute "bundle exec kitchen verify #{ENV['KITCHEN_INSTANCES']} -c" do + cwd "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" + env "BUNDLE_GEMFILE" => CookbookGit.acceptance_gemfile +end diff --git a/acceptance/cookbook-git/.gitignore b/acceptance/cookbook-git/.gitignore new file mode 100644 index 0000000000..306f0cce57 --- /dev/null +++ b/acceptance/cookbook-git/.gitignore @@ -0,0 +1 @@ +test_run/ diff --git a/acceptance/cookbook-git/.kitchen.digitalocean.yml b/acceptance/cookbook-git/.kitchen.digitalocean.yml new file mode 100644 index 0000000000..29733210c7 --- /dev/null +++ b/acceptance/cookbook-git/.kitchen.digitalocean.yml @@ -0,0 +1,21 @@ +# Not quite ready yet + +driver: + name: digitalocean + digitalocean_access_token: <%= ENV['DIGITALOCEAN_API_TOKEN'] %> + region: <%= ENV['DIGITALOCEAN_REGION'] %> + size: 2gb + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + transport: + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + +platforms: +<% %w(centos-6.5 centos-7.0 + fedora-21 + debian-8.1 + ubuntu-12.04 ubuntu-14.04 ubuntu-15.10 +).each do |platform| %> + - name: #{platform} + driver_config: + image: <%= "#{platform.gsub('.', '-')}-x64" %> +<% end %> diff --git a/acceptance/cookbook-git/.kitchen.ec2.yml b/acceptance/cookbook-git/.kitchen.ec2.yml new file mode 100644 index 0000000000..61413ea5ff --- /dev/null +++ b/acceptance/cookbook-git/.kitchen.ec2.yml @@ -0,0 +1,288 @@ +# Not quite ready yet + +<% +def file_if_exists(path) + path = File.expand_path(path) + File.exist?(path) ? path : nil +end +%> + +driver: + name: ec2 + tags: + X-Project: Kitchen Tests + aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] || ENV['USER'] %> + transport: + ssh_key: <%= file_if_exists("~/.ssh/#{ENV['AWS_SSH_KEY_ID'] || ENV['USERNAME']}.pem") || + file_if_exists("~/.ssh/#{ENV['AWS_SSH_KEY_ID'] || ENV['USERNAME']}") + file_if_exists("~/.ssh/id_rsa") %> + # test-specific stuff + region: us-west-2 + availability_zone: a + subnet_id: subnet-19ac017c + security_group_ids: ["sg-e401eb83", "sg-96274af3"] + instance_type: m3.large + associate_public_ip: true + +platforms: + # + # AIX + # + # - name: aix-6.1 + # - name: aix-7.1 + # + # Debian + # + - name: debian-8 + driver: + image_search: + name: debian-jessie-* + owner-id: 379101102735 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: admin + - name: debian-7 + driver: + image_search: + name: debian-wheezy-* + owner-id: 379101102735 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: standard + image-type: machine + instance_type: t2.micro + transport: + username: admin + # + # Ubuntu + # + - name: ubuntu-15.10 + driver: + image_search: + name: ubuntu/images/*/ubuntu-*-15.10-amd64-server-* + owner-id: 099720109477 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ubuntu + - name: ubuntu-14.04 + driver: + image_search: + name: ubuntu/images/*/ubuntu-*-14.04-*-server-* + owner-id: 099720109477 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ubuntu + # - name: ubuntu-12.04 + # driver: + # image_search: + # name: ubuntu/images/*/ubuntu-*-12.04-*-server-* + # owner-id: 099720109477 + # architecture: x86_64 + # virtualization-type: hvm + # block-device-mapping.volume-type: gp2 + # image-type: machine + # instance_type: t2.micro + # transport: + # username: ubuntu + # + # Red Hat Enterprise Linux + # + - name: el-7 + driver: + image_search: + name: RHEL-7.* + owner-id: 309956199498 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + - name: el-6 + driver: + image_search: + name: RHEL-6.* + owner-id: 309956199498 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + - name: el-5 + driver: + image_search: + name: RHEL-5.* + owner-id: 309956199498 + architecture: x86_64 + virtualization-type: paravirtual + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t1.micro + transport: + username: ec2-user + # + # FreeBSD + # + - name: freebsd-10 + driver: + image_search: + name: FreeBSD/EC2 10.*-RELEASE* + owner-id: 118940168514 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + - name: freebsd-9 + driver: + image_search: + name: FreeBSD/EC2 9.*-RELEASE* + owner-id: 118940168514 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + # - name: freebsd-8 + # driver: + # image_search: + # name: FreeBSD/EC2 8.*-RELEASE* + # owner-id: 118940168514 + # architecture: x86_64 + # virtualization-type: hvm + # block-device-mapping.volume-type: standard + # image-type: machine + # instance_type: t2.micro + # transport: + # username: ec2-user + # + # OS/X + # + # - name: mac_os_x-10.11 + # - name: mac_os_x-10.10 + # - name: mac_os_x-10.9 + # - name: mac_os_x-10.8 + # + # Nexus??? + # + # - name: nexus-7 + # + # Solaris + # + # - name: solaris-11 + # - name: solaris-10 + # + # Windows + # + - name: windows-2012r2 + driver: + image_search: + name: Windows_Server-2012-R2*-English-*-Base-* + owner-alias: amazon + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: administrator + # user_data: | + # <powershell> + # $logfile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log" + # #PS Remoting and & winrm.cmd basic config + # Enable-PSRemoting -Force -SkipNetworkProfileCheck + # & winrm.cmd set winrm/config '@{MaxTimeoutms="1800000"}' >> $logfile + # & winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile + # & winrm.cmd set winrm/config/winrs '@{MaxShellsPerUser="50"}' >> $logfile + # #Server settings - support username/password login + # & winrm.cmd set winrm/config/service/auth '@{Basic="true"}' >> $logfile + # & winrm.cmd set winrm/config/service '@{AllowUnencrypted="true"}' >> $logfile + # & winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile + # #Firewall Config + # & netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any >> $logfile + # #Set script execution to unrestricted + # & Set-ExecutionPolicy Unrestricted -Force + # </powershell> + - name: windows-2012 + driver: + image_search: + name: Windows_Server-2012-RTM*-English-*-Base-* + owner-alias: amazon + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: administrator + - name: windows-2008r2 + driver: + image_search: + name: Windows_Server-2008-R2*-English-*-Base-* + owner-alias: amazon + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: administrator + # + # Centos + # + # - name: centos-7 + # driver: + # image_search: + # name: CentOS Linux 7 * + # owner-alias: aws-marketplace + # architecture: x86_64 + # virtualization-type: hvm + # block-device-mapping.volume-type: standard + # image-type: machine + # instance_type: t2.micro + # transport: + # username: root + # - name: centos-6 + # driver: + # image_search: + # name: CentOS-6.5-GA-* + # owner-alias: aws-marketplace + # architecture: x86_64 + # virtualization-type: paravirtual + # block-device-mapping.volume-type: standard + # image-type: machine + # instance_type: t1.micro + # transport: + # username: root + # + # Fedora + # + - name: fedora-21 + driver: + image_search: + name: Fedora-Cloud-Base-21-* + owner-id: 125523088429 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro diff --git a/acceptance/cookbook-git/.kitchen.vagrant.yml b/acceptance/cookbook-git/.kitchen.vagrant.yml new file mode 100644 index 0000000000..0dc8b11dc1 --- /dev/null +++ b/acceptance/cookbook-git/.kitchen.vagrant.yml @@ -0,0 +1,72 @@ +driver: + name: vagrant + forward_agent: yes + customize: + cpus: 2 + memory: 1024 + +platforms: +<% %w( +debian-8 +debian-7 +debian-6 +ubuntu-15.10 +ubuntu-14.04 +el-7 +el-6 +el-5 +freebsd-10 +freebsd-9 +fedora-21 +).each do |platform| %> + - name: <%= platform %> + driver: + box: opscode-<%= platform %> + box_url: http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_<%= platform %>_chef-provisionerless.box +<% end %> +# freebsd-8 +# ubuntu-12.04 +# centos-7 +# centos-6 + +<% %w( +2012r2 +2012 +2008r2 +).each do |version| %> + - name: windows-<%= version %> + driver: + box: chef/windows-server-<%= version %>-standard +# URL is atlas +<% end %> + +suites: + - name: default + run_list: + - recipe[git] + attributes: {} + includes: ["ubuntu-14.04"] + excludes: ["windows-2012r2", "windows-2012", "windows-2008r2"] + - name: source + includes: ["nonexistent"] + excludes: ["ubuntu-12.04", "ubuntu-10.04", "windows-2012r2", "windows-2012", "windows-2008r2"] + run_list: + - recipe[git::source] + attributes: {} + - name: default-windows + includes: [ + # 'windows-8.1-professional', + # 'windows-2008r2-standard', + "windows-2012r2", + # "windows-2012", + # "windows-2008r2" + ] + run_list: + - recipe[git] + attributes: {} + +provisioner: + name: chef_zero + product_name: chef + product_version: latest + channel: current diff --git a/acceptance/trivial/.kitchen.yml b/acceptance/trivial/.kitchen.yml index a7d0a25f93..c0f1d782d2 100644 --- a/acceptance/trivial/.kitchen.yml +++ b/acceptance/trivial/.kitchen.yml @@ -23,5 +23,5 @@ suites: provisioner: product_name: chef product_version: latest - channel: current + channel: unstable run_list: diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 5705ffbf56..68cece43da 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -27,6 +27,7 @@ require "chef-config/windows" require "chef-config/path_helper" require "mixlib/shellout" require "uri" +require "openssl" module ChefConfig @@ -113,6 +114,8 @@ module ChefConfig File.expand_path("..", path) end end + elsif configuration[:cookbook_artifact_path] + File.expand_path("..", self.configuration[:cookbook_artifact_path]) else cache_path end @@ -122,7 +125,7 @@ module ChefConfig # In local mode, we auto-discover the repo root by looking for a path with "cookbooks" under it. # This allows us to run config-free. path = cwd - until File.directory?(PathHelper.join(path, "cookbooks")) + until File.directory?(PathHelper.join(path, "cookbooks")) || File.directory?(PathHelper.join(path, "cookbook_artifacts")) new_path = File.expand_path("..", path) if new_path == path ChefConfig.logger.warn("No cookbooks directory found at or above current directory. Assuming #{Dir.pwd}.") @@ -305,6 +308,28 @@ module ChefConfig default :diff_output_threshold, 1000000 default :local_mode, false + # Configures the mode of operation for ChefFS, which is applied to the + # ChefFS-based knife commands and chef-client's local mode. (ChefFS-based + # knife commands include: knife delete, knife deps, knife diff, knife down, + # knife edit, knife list, knife show, knife upload, and knife xargs.) + # + # Valid values are: + # * "static": ChefFS only manages objects that exist in a traditional Chef + # Repo as of Chef 11. + # * "everything": ChefFS manages all object types that existed on the OSS + # Chef 11 server. + # * "hosted_everything": ChefFS manages all object types as of the Chef 12 + # Server, including RBAC objects and Policyfile objects (new to Chef 12). + default :repo_mode do + if local_mode && !chef_zero.osc_compat + "hosted_everything" + elsif chef_server_url =~ /\/+organizations\/.+/ + "hosted_everything" + else + "everything" + end + end + default :pid_file, nil # Whether Chef Zero local mode should bind to a port. All internal requests @@ -320,6 +345,21 @@ module ChefConfig default(:enabled) { ChefConfig::Config.local_mode } default :host, "localhost" default :port, 8889.upto(9999) # Will try ports from 8889-9999 until one works + + # When set to a String, Chef Zero disables multitenant support. This is + # what you want when using Chef Zero to serve a single Chef Repo. Setting + # this to `false` enables multi-tenant. + default :single_org, "chef" + + # Whether Chef Zero should operate in a mode analogous to OSS Chef Server + # 11 (true) or Chef Server 12 (false). Chef Zero can still serve + # policyfile objects in Chef 11 mode, as long as `repo_mode` is set to + # "hosted_everything". The primary differences are: + # * Chef 11 mode doesn't support multi-tennant, so there is no + # distinction between global and org-specific objects (since there are + # no orgs). + # * Chef 11 mode doesn't expose RBAC objects + default :osc_compat, false end default :chef_server_url, "https://localhost:443" @@ -450,10 +490,32 @@ module ChefConfig # Where should chef-solo download recipes from? default :recipe_url, nil + # Set to true if Chef is to set OpenSSL to run in FIPS mode + default(:fips) { ENV["CHEF_FIPS"] == "1" } + + # Initialize openssl + def self.init_openssl + if fips + ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete." + OpenSSL.fips_mode = true + require "digest" + require "digest/sha1" + require "digest/md5" + Digest.const_set("SHA1", OpenSSL::Digest::SHA1) + OpenSSL::Digest.const_set("MD5", Digest::MD5) + end + end + # Sets the version of the signed header authentication protocol to use (see # the 'mixlib-authorization' project for more detail). Currently, versions - # 1.0 and 1.1 are available. - default :authentication_protocol_version, "1.1" + # 1.0, 1.1, and 1.3 are available. + default :authentication_protocol_version do + if fips + "1.3" + else + "1.1" + end + end # This key will be used to sign requests to the Chef server. This location # must be writable by Chef during initial setup when generating a client diff --git a/chef-config/spec/unit/config_spec.rb b/chef-config/spec/unit/config_spec.rb index 5983981ddd..ec14ad065a 100644 --- a/chef-config/spec/unit/config_spec.rb +++ b/chef-config/spec/unit/config_spec.rb @@ -288,6 +288,104 @@ RSpec.describe ChefConfig::Config do expect(ChefConfig::Config[:ssl_ca_path]).to be_nil end + describe "ChefConfig::Config[:repo_mode]" do + + context "when local mode is enabled" do + + before { ChefConfig::Config[:local_mode] = true } + + it "defaults to 'hosted_everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("hosted_everything") + end + + context "and osc_compat is enabled" do + + before { ChefConfig::Config.chef_zero.osc_compat = true } + + it "defaults to 'everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("everything") + end + end + end + + context "when local mode is not enabled" do + + context "and the chef_server_url is multi-tenant" do + + before { ChefConfig::Config[:chef_server_url] = "https://chef.example/organizations/example" } + + it "defaults to 'hosted_everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("hosted_everything") + end + + end + + context "and the chef_server_url is not multi-tenant" do + + before { ChefConfig::Config[:chef_server_url] = "https://chef.example/" } + + it "defaults to 'everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("everything") + end + end + end + end + + describe "ChefConfig::Config[:chef_repo_path]" do + + context "when cookbook_path is set to a single path" do + + before { ChefConfig::Config[:cookbook_path] = "/home/anne/repo/cookbooks" } + + it "is set to a path one directory up from the cookbook_path" do + expected = File.expand_path("/home/anne/repo") + expect(ChefConfig::Config[:chef_repo_path]).to eq(expected) + end + + end + + context "when cookbook_path is set to multiple paths" do + + before do + ChefConfig::Config[:cookbook_path] = [ + "/home/anne/repo/cookbooks", + "/home/anne/other_repo/cookbooks", + ] + end + + it "is set to an Array of paths one directory up from the cookbook_paths" do + expected = [ "/home/anne/repo", "/home/anne/other_repo"].map { |p| File.expand_path(p) } + expect(ChefConfig::Config[:chef_repo_path]).to eq(expected) + end + + end + + context "when cookbook_path is not set but cookbook_artifact_path is set" do + + before do + ChefConfig::Config[:cookbook_path] = nil + ChefConfig::Config[:cookbook_artifact_path] = "/home/roxie/repo/cookbook_artifacts" + end + + it "is set to a path one directory up from the cookbook_artifact_path" do + expected = File.expand_path("/home/roxie/repo") + expect(ChefConfig::Config[:chef_repo_path]).to eq(expected) + end + + end + + context "when cookbook_path is not set" do + + before { ChefConfig::Config[:cookbook_path] = nil } + + it "is set to the cache_path" do + expect(ChefConfig::Config[:chef_repo_path]).to eq(ChefConfig::Config[:cache_path]) + end + + end + + end + # On Windows, we'll detect an omnibus build and set this to the # cacert.pem included in the package, but it's nil if you're on Windows # w/o omnibus (e.g., doing development on Windows, custom build, etc.) @@ -309,6 +407,12 @@ RSpec.describe ChefConfig::Config do expect(ChefConfig::Config[:environment_path]).to eq(environment_path) end + it "ChefConfig::Config[:cookbook_artifact_path] defaults to /var/chef/cookbook_artifacts" do + allow(ChefConfig::Config).to receive(:cache_path).and_return(primary_cache_path) + environment_path = is_windows ? "#{primary_cache_path}\\cookbook_artifacts" : "#{primary_cache_path}/cookbook_artifacts" + expect(ChefConfig::Config[:cookbook_artifact_path]).to eq(environment_path) + end + describe "setting the config dir" do context "when the config file is given with a relative path" do diff --git a/chef.gemspec b/chef.gemspec index 818e654a4b..e50ef6c744 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -19,7 +19,7 @@ Gem::Specification.new do |s| s.add_dependency "mixlib-cli", "~> 1.4" s.add_dependency "mixlib-log", "~> 1.3" - s.add_dependency "mixlib-authentication", "~> 1.3" + s.add_dependency "mixlib-authentication", "~> 1.4" s.add_dependency "mixlib-shellout", "~> 2.0" s.add_dependency "ohai", ">= 8.6.0.alpha.1", "< 9" diff --git a/ci/verify-chef.bat b/ci/verify-chef.bat index 1c159f0668..2c16eb83f6 100755 --- a/ci/verify-chef.bat +++ b/ci/verify-chef.bat @@ -52,5 +52,8 @@ IF "%PIPELINE_NAME%" == "chef-13" ( call bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o %WORKSPACE%\test.xml -f documentation spec/unit spec/functional ) ELSE ( REM ; Running unit tests + IF "%PIPELINE_NAME%" == "chef-fips" ( + set CHEF_FIPS=1 + ) call bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o %WORKSPACE%\test.xml -f documentation spec/unit spec/functional ) diff --git a/ci/verify-chef.sh b/ci/verify-chef.sh index 4e60b1fd9f..f0d174084a 100755 --- a/ci/verify-chef.sh +++ b/ci/verify-chef.sh @@ -86,4 +86,10 @@ if [ ! -f "Gemfile.lock" ]; then exit 1 fi -sudo env PATH=$PATH TERM=xterm bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o $WORKSPACE/test.xml -f documentation spec/functional spec/unit +unset CHEF_FIPS +if [ "$PIPELINE_NAME" = "chef-fips" ]; then + echo "Setting fips mode" + CHEF_FIPS=1 + export CHEF_FIPS +fi +sudo env PATH=$PATH TERM=xterm CHEF_FIPS=$CHEF_FIPS bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o $WORKSPACE/test.xml -f documentation spec/functional spec/unit diff --git a/lib/chef/application.rb b/lib/chef/application.rb index 4562d84a5d..a4d4fc209d 100644 --- a/lib/chef/application.rb +++ b/lib/chef/application.rb @@ -84,6 +84,7 @@ class Chef parse_options load_config_file Chef::Config.export_proxies + Chef::Config.init_openssl end # Parse the config file diff --git a/lib/chef/application/apply.rb b/lib/chef/application/apply.rb index f6348a951b..42b2d5fc9a 100644 --- a/lib/chef/application/apply.rb +++ b/lib/chef/application/apply.rb @@ -125,6 +125,7 @@ class Chef::Application::Apply < Chef::Application Chef::Config.merge!(config) configure_logging Chef::Config.export_proxies + Chef::Config.init_openssl parse_json end diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb index ba357b420d..5b124b60a7 100644 --- a/lib/chef/application/client.rb +++ b/lib/chef/application/client.rb @@ -274,6 +274,11 @@ class Chef::Application::Client < Chef::Application :description => "Whether a local mode (-z) server binds to a port", :boolean => true + option :fips, + :long => "--fips", + :description => "Enable fips mode", + :boolean => true + IMMEDIATE_RUN_SIGNAL = "1".freeze attr_reader :chef_client_json @@ -287,6 +292,8 @@ class Chef::Application::Client < Chef::Application set_specific_recipes + Chef::Config[:fips] = config[:fips] if config.has_key? :fips + Chef::Config[:chef_server_url] = config[:chef_server_url] if config.has_key? :chef_server_url Chef::Config.local_mode = config[:local_mode] if config.has_key?(:local_mode) diff --git a/lib/chef/chef_fs/chef_fs_data_store.rb b/lib/chef/chef_fs/chef_fs_data_store.rb index 634faaec7e..59c2699cca 100644 --- a/lib/chef/chef_fs/chef_fs_data_store.rb +++ b/lib/chef/chef_fs/chef_fs_data_store.rb @@ -126,6 +126,24 @@ class Chef # - `delete(association_requests/NAME)` -> `get(/invitations.json)`, remove name, `set(/invitations.json)` # class ChefFSDataStore + + # The base directories in a Chef Repo; even when these don't exist, a + # matching GET for these objects will return an empty list instead of a + # 404. + BASE_DIRNAMES = %w{ + clients + cookbooks + data + environments + nodes + roles + users + containers + groups + policy_groups + policies + }.freeze + # # Create a new ChefFSDataStore # @@ -469,7 +487,11 @@ class Chef # LIST /policies elsif path == [ "policies" ] with_entry([ path[0] ]) do |policies| - policies.children.map { |policy| policy.name[0..-6].rpartition("-")[0] }.uniq + begin + policies.children.map { |policy| policy.name[0..-6].rpartition("-")[0] }.uniq + rescue Chef::ChefFS::FileSystem::NotFoundError + [] + end end # LIST /policies/POLICY/revisions @@ -741,7 +763,7 @@ class Chef end def path_always_exists?(path) - return path.length == 1 && %w{clients cookbooks data environments nodes roles users}.include?(path[0]) + return path.length == 1 && BASE_DIRNAMES.include?(path[0]) end def with_entry(path) diff --git a/lib/chef/chef_fs/config.rb b/lib/chef/chef_fs/config.rb index 07c014e2ab..a376c42cc5 100644 --- a/lib/chef/chef_fs/config.rb +++ b/lib/chef/chef_fs/config.rb @@ -47,6 +47,34 @@ class Chef INFLECTIONS.each { |k,v| k.freeze; v.freeze } INFLECTIONS.freeze + # ChefFS supports three modes of operation: "static", "everything", and + # "hosted_everything". These names are antiquated since Chef 12 moved + # multi-tenant and RBAC to the open source product. In practice, they + # mean: + # + # * static: just static objects that are included in a traditional + # chef-repo, with no support for anything introduced in Chef 12 or + # later. + # * everything: all of the objects supported by the open source Chef + # Server 11.x + # * hosted_everything: (the name comes from Hosted Chef) supports + # everything in Chef Server 12 and later, including RBAC objects and + # Policyfile objects. + # + # The "static" and "everything" modes are used for backup and + # upgrade/migration of older Chef Servers, so they should be considered + # frozen in time. + + CHEF_11_OSS_STATIC_OBJECTS = %w{cookbooks cookbook_artifacts data_bags environments roles}.freeze + CHEF_11_OSS_DYNAMIC_OBJECTS = %w{clients nodes users}.freeze + RBAC_OBJECT_NAMES = %w{acls containers groups }.freeze + CHEF_12_OBJECTS = %w{ cookbook_artifacts policies policy_groups }.freeze + + STATIC_MODE_OBJECT_NAMES = CHEF_11_OSS_STATIC_OBJECTS + EVERYTHING_MODE_OBJECT_NAMES = (CHEF_11_OSS_STATIC_OBJECTS + CHEF_11_OSS_DYNAMIC_OBJECTS).freeze + HOSTED_EVERYTHING_MODE_OBJECT_NAMES = (EVERYTHING_MODE_OBJECT_NAMES + RBAC_OBJECT_NAMES + CHEF_12_OBJECTS).freeze + + # # Create a new Config object which can produce a chef_fs and local_fs. # @@ -234,11 +262,11 @@ class Chef result = {} case @chef_config[:repo_mode] when "static" - object_names = %w{cookbooks data_bags environments roles} + object_names = STATIC_MODE_OBJECT_NAMES when "hosted_everything" - object_names = %w{acls clients cookbooks cookbook_artifacts containers data_bags environments groups nodes roles policies policy_groups} + object_names = HOSTED_EVERYTHING_MODE_OBJECT_NAMES else - object_names = %w{clients cookbooks data_bags environments nodes roles users} + object_names = EVERYTHING_MODE_OBJECT_NAMES end object_names.each do |object_name| # cookbooks -> cookbook_path diff --git a/lib/chef/formatters/doc.rb b/lib/chef/formatters/doc.rb index 5510956754..ab450cdeac 100644 --- a/lib/chef/formatters/doc.rb +++ b/lib/chef/formatters/doc.rb @@ -43,6 +43,7 @@ class Chef def run_start(version) puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end def total_resources diff --git a/lib/chef/formatters/error_inspectors/api_error_formatting.rb b/lib/chef/formatters/error_inspectors/api_error_formatting.rb index 5f2a912a01..a327089121 100644 --- a/lib/chef/formatters/error_inspectors/api_error_formatting.rb +++ b/lib/chef/formatters/error_inspectors/api_error_formatting.rb @@ -1,6 +1,6 @@ #-- # Author:: Daniel DeLeo (<dan@opscode.com>) -# Copyright:: Copyright (c) 2012 Opscode, Inc. +# Copyright:: Copyright (c) 2012-2016 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,6 +36,42 @@ chef_server_url "#{server_url}" E end + def describe_eof_error(error_description) + error_description.section("Authentication Error:",<<-E) +Received an EOF on transport socket. This almost always indicates a network +error external to chef-client. Some causes include: + + - Blocking ICMP Dest Unreachable (breaking Path MTU Discovery) + - IPsec or VPN tunnelling / TCP Encapsulation MTU issues + - Jumbo frames configured only on one side (breaking Path MTU) + - Jumbo frames configured on a LAN that does not support them + - Proxies or Load Balancers breaking large POSTs + - Broken TCP offload in network drivers/hardware + +Try sending large pings to the destination: + + windows: ping server.example.com -f -l 9999 + unix: ping server.example.com -s 9999 + +Try sending large POSTs to the destination (any HTTP code returned is success): + + e.g.: curl http://server.example.com/`printf '%*s' 9999 '' | tr ' ' 'a'` + +Try disabling TCP Offload Engines (TOE) in your ethernet drivers. + + windows: + Disable-NetAdapterChecksumOffload * -TcpIPv4 -UdpIPv4 -IpIPv4 -NoRestart + Disable-NetAdapterLso * -IPv4 -NoRestart + Set-NetAdapterAdvancedProperty * -DisplayName "Large Receive Offload (IPv4)" -DisplayValue Disabled –NoRestart + Restart-NetAdapter * + unix(bash): + for i in rx tx sg tso ufo gso gro lro rxvlan txvlan rxhash; do /sbin/ethtool -K eth0 $i off; done + +In some cases the underlying virtualization layer (Xen, VMware, KVM, Hyper-V, etc) may have +broken virtual networking code. + E + end + def describe_401_error(error_description) if clock_skew? error_description.section("Authentication Error:",<<-E) diff --git a/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb b/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb index a1f2c8ce37..b5b31454be 100644 --- a/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb +++ b/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb @@ -1,6 +1,6 @@ #-- # Author:: Daniel DeLeo (<dan@opscode.com>) -# Copyright:: Copyright (c) 2012 Opscode, Inc. +# Copyright:: Copyright (c) 2012-2016 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -39,6 +39,8 @@ class Chef humanize_http_exception(error_description) when *NETWORK_ERROR_CLASSES describe_network_errors(error_description) + when EOFError + describe_eof_error(error_description) else error_description.section("Unexpected Error:","#{exception.class.name}: #{exception.message}") end @@ -165,4 +167,3 @@ EOM end end end - diff --git a/lib/chef/formatters/error_inspectors/cookbook_sync_error_inspector.rb b/lib/chef/formatters/error_inspectors/cookbook_sync_error_inspector.rb index 30811a6d24..5e4fc0fff1 100644 --- a/lib/chef/formatters/error_inspectors/cookbook_sync_error_inspector.rb +++ b/lib/chef/formatters/error_inspectors/cookbook_sync_error_inspector.rb @@ -1,6 +1,6 @@ #-- # Author:: Daniel DeLeo (<dan@opscode.com>) -# Copyright:: Copyright (c) 2012 Opscode, Inc. +# Copyright:: Copyright (c) 2012-2016 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -45,6 +45,8 @@ class Chef describe_network_errors(error_description) when Net::HTTPServerException, Net::HTTPFatalError humanize_http_exception(error_description) + when EOFError + describe_eof_error(error_description) else error_description.section("Unexpected Error:","#{exception.class.name}: #{exception.message}") end diff --git a/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb b/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb index 6371243624..0212217d01 100644 --- a/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +++ b/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb @@ -1,6 +1,6 @@ #-- # Author:: Daniel DeLeo (<dan@opscode.com>) -# Copyright:: Copyright (c) 2012 Opscode, Inc. +# Copyright:: Copyright (c) 2012-2016 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -53,6 +53,8 @@ E error_description.section("Relevant Config Settings:",<<-E) client_key "#{api_key}" E + when EOFError + describe_eof_error(error_description) else error_description.section("Unexpected Error:","#{exception.class.name}: #{exception.message}") end diff --git a/lib/chef/formatters/error_inspectors/registration_error_inspector.rb b/lib/chef/formatters/error_inspectors/registration_error_inspector.rb index 312e35adb6..8c070742f7 100644 --- a/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +++ b/lib/chef/formatters/error_inspectors/registration_error_inspector.rb @@ -47,6 +47,8 @@ E error_description.section("Invalid Redirect:",<<-E) Change your server location in client.rb to the server's FQDN to avoid unwanted redirections. E + when EOFError + describe_eof_error(error_description) else "#{exception.class.name}: #{exception.message}" end diff --git a/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb b/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb index 7ba5448227..263c6cddc7 100644 --- a/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +++ b/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb @@ -1,7 +1,7 @@ #-- # Author:: Daniel DeLeo (<dan@opscode.com>) # Author:: Tyler Cloke (<tyler@opscode.com>) -# Copyright:: Copyright (c) 2012 Opscode, Inc. +# Copyright:: Copyright (c) 2012-2016 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -45,6 +45,8 @@ E humanize_http_exception(error_description) when Chef::Exceptions::MissingRole describe_missing_role(error_description) + when EOFError + describe_eof_error(error_description) else error_description.section("Unexpected Error:","#{exception.class.name}: #{exception.message}") end @@ -117,4 +119,3 @@ E end end end - diff --git a/lib/chef/formatters/minimal.rb b/lib/chef/formatters/minimal.rb index 2e32968b4b..94fbfd3818 100644 --- a/lib/chef/formatters/minimal.rb +++ b/lib/chef/formatters/minimal.rb @@ -29,7 +29,8 @@ class Chef # Called at the very start of a Chef Run def run_start(version) - puts "Starting Chef Client, version #{version}" + puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end # Called at the end of the Chef run. diff --git a/lib/chef/http/authenticator.rb b/lib/chef/http/authenticator.rb index 02074171f8..ab4804c964 100644 --- a/lib/chef/http/authenticator.rb +++ b/lib/chef/http/authenticator.rb @@ -47,8 +47,8 @@ class Chef end def handle_request(method, url, headers={}, data=false) - headers.merge!(authentication_headers(method, url, data)) if sign_requests? headers.merge!({"X-Ops-Server-API-Version" => @api_version}) + headers.merge!(authentication_headers(method, url, data, headers)) if sign_requests? [method, url, headers, data] end @@ -90,12 +90,17 @@ class Chef raise Chef::Exceptions::InvalidPrivateKey, msg end - def authentication_headers(method, url, json_body=nil) - request_params = {:http_method => method, :path => url.path, :body => json_body, :host => "#{url.host}:#{url.port}"} + def authentication_headers(method, url, json_body=nil, headers=nil) + request_params = { + :http_method => method, + :path => url.path, + :body => json_body, + :host => "#{url.host}:#{url.port}", + :headers => headers, + } request_params[:body] ||= "" auth_credentials.signature_headers(request_params) end - end end end diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index a070c6c858..5cfcc7182a 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -398,6 +398,7 @@ class Chef merge_configs apply_computed_config Chef::Config.export_proxies + Chef::Config.init_openssl # This has to be after apply_computed_config so that Mixlib::Log is configured Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file] end diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 23ec98e563..4db6c22f2e 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -250,6 +250,11 @@ class Chef Chef::Config[:knife][:bootstrap_vault_item] } + option :fips, + :long => "--fips", + :description => "Set openssl to run in fips mode", + :boolean => true + def initialize(argv=[]) super @client_builder = Chef::Knife::Bootstrap::ClientBuilder.new( diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index b0a759dd05..46ade9f00f 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -120,6 +120,10 @@ validation_client_name "#{@chef_config[:validation_client_name]}" client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end + if @config[:fips] + client_rb << %Q{fips true\n} + end + client_rb end diff --git a/lib/chef/local_mode.rb b/lib/chef/local_mode.rb index 53234ec7d5..82d9cdee32 100644 --- a/lib/chef/local_mode.rb +++ b/lib/chef/local_mode.rb @@ -65,6 +65,8 @@ class Chef server_options = {} server_options[:data_store] = data_store server_options[:log_level] = Chef::Log.level + server_options[:osc_compat] = Chef::Config.chef_zero.osc_compat + server_options[:single_org] = Chef::Config.chef_zero.single_org server_options[:host] = Chef::Config.chef_zero.host server_options[:port] = parse_port(Chef::Config.chef_zero.port) diff --git a/lib/chef/provider/apt_update.rb b/lib/chef/provider/apt_update.rb new file mode 100644 index 0000000000..00c3ad16bb --- /dev/null +++ b/lib/chef/provider/apt_update.rb @@ -0,0 +1,78 @@ +# +# Author:: Thom May (<thom@chef.io>) +# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" +require "chef/dsl/declare_resource" + +class Chef + class Provider + class AptUpdate < Chef::Provider + include Chef::DSL::DeclareResource + + provides :apt_update, os: "linux" + + APT_CONF_DIR = "/etc/apt/apt.conf.d" + STAMP_DIR = "/var/lib/apt/periodic" + + def whyrun_supported? + true + end + + def load_current_resource + end + + def action_periodic + if !apt_up_to_date? + converge_by "update new lists of packages" do + do_update + end + end + end + + def action_update + converge_by "force update new lists of packages" do + do_update + end + end + + private + # Determines whether we need to run `apt-get update` + # + # @return [Boolean] + def apt_up_to_date? + ::File.exist?("#{STAMP_DIR}/update-success-stamp") && + ::File.mtime("#{STAMP_DIR}/update-success-stamp") > Time.now - new_resource.frequency + end + + def do_update + [STAMP_DIR, APT_CONF_DIR].each do |d| + build_resource(:directory, d, caller[0]) do + recursive true + end.run_action(:create) + end + + build_resource(:file, "#{APT_CONF_DIR}/15update-stamp", caller[0]) do + content "APT::Update::Post-Invoke-Success {\"touch #{STAMP_DIR}/update-success-stamp 2>/dev/null || true\";};" + end.run_action(:create_if_missing) + + shell_out!("apt-get -q update") + end + + end + end +end diff --git a/lib/chef/providers.rb b/lib/chef/providers.rb index b024be5b62..935933d326 100644 --- a/lib/chef/providers.rb +++ b/lib/chef/providers.rb @@ -16,6 +16,7 @@ # limitations under the License. # +require "chef/provider/apt_update" require "chef/provider/batch" require "chef/provider/breakpoint" require "chef/provider/cookbook_file" diff --git a/lib/chef/resource/apt_update.rb b/lib/chef/resource/apt_update.rb new file mode 100644 index 0000000000..df2033b063 --- /dev/null +++ b/lib/chef/resource/apt_update.rb @@ -0,0 +1,33 @@ +# +# Author:: Thom May (<thom@chef.io>) +# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" + +class Chef + class Resource + class AptUpdate < Chef::Resource + resource_name :apt_update + provides :apt_update, os: "linux" + + property :frequency, Integer, default: 86_400 + + default_action :periodic + allowed_actions :update, :periodic + end + end +end diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index dc1b195d25..647db5fc00 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -17,6 +17,7 @@ # require "chef/resource/apt_package" +require "chef/resource/apt_update" require "chef/resource/bash" require "chef/resource/batch" require "chef/resource/breakpoint" diff --git a/omnibus/config/projects/chef-fips.rb b/omnibus/config/projects/chef-fips.rb index fbb28fa5cc..37410b0e49 100644 --- a/omnibus/config/projects/chef-fips.rb +++ b/omnibus/config/projects/chef-fips.rb @@ -38,7 +38,7 @@ end override :fips, enabled: true override :'ruby-windows', version: "2.0.0-p647" -override :chef, version: "jdm/1.3-fips" +override :chef, version: "local_source" override :ohai, version: "master" msi_upgrade_code = "819F5DB3-B818-4358-BB2B-54B8171D0A26" diff --git a/spec/integration/knife/chef_fs_data_store_spec.rb b/spec/integration/knife/chef_fs_data_store_spec.rb index b4f2d4ca71..145adc3e4c 100644 --- a/spec/integration/knife/chef_fs_data_store_spec.rb +++ b/spec/integration/knife/chef_fs_data_store_spec.rb @@ -29,22 +29,54 @@ describe "ChefFSDataStore tests", :workstation do let(:cookbook_x_100_metadata_rb) { cb_metadata("x", "1.0.0") } let(:cookbook_z_100_metadata_rb) { cb_metadata("z", "1.0.0") } - when_the_repository "has one of each thing" do + describe "with repo mode 'hosted_everything' (default)" do before do - file "clients/x.json", {} - file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb - file "data_bags/x/y.json", {} - file "environments/x.json", {} - file "nodes/x.json", {} - file "roles/x.json", {} - file "users/x.json", {} + Chef::Config.chef_zero.osc_compat = false end - context "GET /TYPE" do - it "knife list -z -R returns everything" do - knife("list -z -Rfp /").should_succeed <<EOM + when_the_repository "has one of each thing" do + before do + file "clients/x.json", {} + file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb + file "data_bags/x/y.json", {} + file "environments/x.json", {} + file "nodes/x.json", {} + file "roles/x.json", {} + # file "users/x.json", {} + file "containers/x.json", {} + file "groups/x.json", {} + file "containers/x.json", {} + file "groups/x.json", {} + file "policies/x.json", {} + file "policy_groups/x.json", {} + end + + context "GET /TYPE" do + it "knife list -z -R returns everything" do + knife("list -z -Rfp /").should_succeed <<EOM +/acls/ +/acls/clients/ +/acls/clients/x.json +/acls/containers/ +/acls/containers/x.json +/acls/cookbooks/ +/acls/cookbooks/x.json +/acls/data_bags/ +/acls/data_bags/x.json +/acls/environments/ +/acls/environments/x.json +/acls/groups/ +/acls/groups/x.json +/acls/nodes/ +/acls/nodes/x.json +/acls/organization.json +/acls/roles/ +/acls/roles/x.json /clients/ /clients/x.json +/containers/ +/containers/x.json +/cookbook_artifacts/ /cookbooks/ /cookbooks/x/ /cookbooks/x/metadata.rb @@ -53,317 +85,458 @@ describe "ChefFSDataStore tests", :workstation do /data_bags/x/y.json /environments/ /environments/x.json +/groups/ +/groups/x.json +/invitations.json +/members.json /nodes/ /nodes/x.json +/org.json +/policies/ +/policy_groups/ +/policy_groups/x.json /roles/ /roles/x.json -/users/ -/users/x.json EOM + end end - end - context "DELETE /TYPE/NAME" do - it "knife delete -z /clients/x.json works" do - knife("delete -z /clients/x.json").should_succeed "Deleted /clients/x.json\n" - knife("list -z -Rfp /clients").should_succeed "" - end + context "DELETE /TYPE/NAME" do + it "knife delete -z /clients/x.json works" do + knife("delete -z /clients/x.json").should_succeed "Deleted /clients/x.json\n" + knife("list -z -Rfp /clients").should_succeed "" + end - it "knife delete -z -r /cookbooks/x works" do - knife("delete -z -r /cookbooks/x").should_succeed "Deleted /cookbooks/x\n" - knife("list -z -Rfp /cookbooks").should_succeed "" - end + it "knife delete -z -r /cookbooks/x works" do + knife("delete -z -r /cookbooks/x").should_succeed "Deleted /cookbooks/x\n" + knife("list -z -Rfp /cookbooks").should_succeed "" + end - it "knife delete -z -r /data_bags/x works" do - knife("delete -z -r /data_bags/x").should_succeed "Deleted /data_bags/x\n" - knife("list -z -Rfp /data_bags").should_succeed "" - end + it "knife delete -z -r /data_bags/x works" do + knife("delete -z -r /data_bags/x").should_succeed "Deleted /data_bags/x\n" + knife("list -z -Rfp /data_bags").should_succeed "" + end - it "knife delete -z /data_bags/x/y.json works" do - knife("delete -z /data_bags/x/y.json").should_succeed "Deleted /data_bags/x/y.json\n" - knife("list -z -Rfp /data_bags").should_succeed "/data_bags/x/\n" - end + it "knife delete -z /data_bags/x/y.json works" do + knife("delete -z /data_bags/x/y.json").should_succeed "Deleted /data_bags/x/y.json\n" + knife("list -z -Rfp /data_bags").should_succeed "/data_bags/x/\n" + end - it "knife delete -z /environments/x.json works" do - knife("delete -z /environments/x.json").should_succeed "Deleted /environments/x.json\n" - knife("list -z -Rfp /environments").should_succeed "" - end + it "knife delete -z /environments/x.json works" do + knife("delete -z /environments/x.json").should_succeed "Deleted /environments/x.json\n" + knife("list -z -Rfp /environments").should_succeed "" + end - it "knife delete -z /nodes/x.json works" do - knife("delete -z /nodes/x.json").should_succeed "Deleted /nodes/x.json\n" - knife("list -z -Rfp /nodes").should_succeed "" - end + it "knife delete -z /nodes/x.json works" do + knife("delete -z /nodes/x.json").should_succeed "Deleted /nodes/x.json\n" + knife("list -z -Rfp /nodes").should_succeed "" + end - it "knife delete -z /roles/x.json works" do - knife("delete -z /roles/x.json").should_succeed "Deleted /roles/x.json\n" - knife("list -z -Rfp /roles").should_succeed "" - end + it "knife delete -z /roles/x.json works" do + knife("delete -z /roles/x.json").should_succeed "Deleted /roles/x.json\n" + knife("list -z -Rfp /roles").should_succeed "" + end - it "knife delete -z /users/x.json works" do - knife("delete -z /users/x.json").should_succeed "Deleted /users/x.json\n" - knife("list -z -Rfp /users").should_succeed "" end - end - context "GET /TYPE/NAME" do - it "knife show -z /clients/x.json works" do - knife("show -z /clients/x.json").should_succeed( /"x"/ ) - end + context "GET /TYPE/NAME" do + it "knife show -z /clients/x.json works" do + knife("show -z /clients/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /cookbooks/x/metadata.rb works" do - knife("show -z /cookbooks/x/metadata.rb").should_succeed "/cookbooks/x/metadata.rb:\n#{cookbook_x_100_metadata_rb}\n" - end + it "knife show -z /cookbooks/x/metadata.rb works" do + knife("show -z /cookbooks/x/metadata.rb").should_succeed "/cookbooks/x/metadata.rb:\n#{cookbook_x_100_metadata_rb}\n" + end - it "knife show -z /data_bags/x/y.json works" do - knife("show -z /data_bags/x/y.json").should_succeed( /"y"/ ) - end + it "knife show -z /data_bags/x/y.json works" do + knife("show -z /data_bags/x/y.json").should_succeed( /"y"/ ) + end - it "knife show -z /environments/x.json works" do - knife("show -z /environments/x.json").should_succeed( /"x"/ ) - end + it "knife show -z /environments/x.json works" do + knife("show -z /environments/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /nodes/x.json works" do - knife("show -z /nodes/x.json").should_succeed( /"x"/ ) - end + it "knife show -z /nodes/x.json works" do + knife("show -z /nodes/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /roles/x.json works" do - knife("show -z /roles/x.json").should_succeed( /"x"/ ) - end + it "knife show -z /roles/x.json works" do + knife("show -z /roles/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /users/x.json works" do - knife("show -z /users/x.json").should_succeed( /"x"/ ) end - end - context "PUT /TYPE/NAME" do - before do - file "empty.json", {} - file "dummynode.json", { "name" => "x", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} - file "rolestuff.json", '{"description":"hi there","name":"x"}' - file "cookbooks_to_upload/x/metadata.rb", cookbook_x_100_metadata_rb - end + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + file "dummynode.json", { "name" => "x", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/x/metadata.rb", cookbook_x_100_metadata_rb + end - it "knife raw -z -i empty.json -m PUT /clients/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_succeed( /"x"/ ) - knife("list --local /clients").should_succeed "/clients/x.json\n" - end + it "knife raw -z -i empty.json -m PUT /clients/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_succeed( /"x"/ ) + knife("list --local /clients").should_succeed "/clients/x.json\n" + end - it "knife cookbook upload works" do - knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} x").should_succeed :stderr => <<EOM + it "knife cookbook upload works" do + knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} x").should_succeed :stderr => <<EOM Uploading x [1.0.0] Uploaded 1 cookbook. EOM - knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/x/\n/cookbooks/x/metadata.rb\n" - end - - it "knife raw -z -i empty.json -m PUT /data/x/y" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_succeed( /"y"/ ) - knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/y.json\n" - end - - it "knife raw -z -i empty.json -m PUT /environments/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_succeed( /"x"/ ) - knife("list --local /environments").should_succeed "/environments/x.json\n" - end - - it "knife raw -z -i dummynode.json -m PUT /nodes/x" do - knife("raw -z -i #{path_to('dummynode.json')} -m PUT /nodes/x").should_succeed( /"x"/ ) - knife("list --local /nodes").should_succeed "/nodes/x.json\n" - knife("show -z /nodes/x.json --verbose").should_succeed /"bar"/ - end - - it "knife raw -z -i empty.json -m PUT /roles/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_succeed( /"x"/ ) - knife("list --local /roles").should_succeed "/roles/x.json\n" - end - - it "knife raw -z -i empty.json -m PUT /users/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_succeed( /"x"/ ) - knife("list --local /users").should_succeed "/users/x.json\n" - end - - it "After knife raw -z -i rolestuff.json -m PUT /roles/x, the output is pretty", :skip => (RUBY_VERSION < "1.9") do - knife("raw -z -i #{path_to('rolestuff.json')} -m PUT /roles/x").should_succeed( /"x"/ ) - expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip + knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/x/\n/cookbooks/x/metadata.rb\n" + end + + it "knife raw -z -i empty.json -m PUT /data/x/y" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_succeed( /"y"/ ) + knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/y.json\n" + end + + it "knife raw -z -i empty.json -m PUT /environments/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_succeed( /"x"/ ) + knife("list --local /environments").should_succeed "/environments/x.json\n" + end + + it "knife raw -z -i dummynode.json -m PUT /nodes/x" do + knife("raw -z -i #{path_to('dummynode.json')} -m PUT /nodes/x").should_succeed( /"x"/ ) + knife("list --local /nodes").should_succeed "/nodes/x.json\n" + knife("show -z /nodes/x.json --verbose").should_succeed(/"bar"/) + end + + it "knife raw -z -i empty.json -m PUT /roles/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_succeed( /"x"/ ) + knife("list --local /roles").should_succeed "/roles/x.json\n" + end + + it "After knife raw -z -i rolestuff.json -m PUT /roles/x, the output is pretty", :skip => (RUBY_VERSION < "1.9") do + knife("raw -z -i #{path_to('rolestuff.json')} -m PUT /roles/x").should_succeed( /"x"/ ) + expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip { "name": "x", "description": "hi there" } EOM + end end end - end - when_the_repository "is empty" do - context "POST /TYPE/NAME" do - before do - file "empty.json", { "name" => "z" } - file "dummynode.json", { "name" => "z", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} - file "empty_x.json", { "name" => "x" } - file "empty_id.json", { "id" => "z" } - file "rolestuff.json", '{"description":"hi there","name":"x"}' - file "cookbooks_to_upload/z/metadata.rb", cookbook_z_100_metadata_rb - end - - it "knife raw -z -i empty.json -m POST /clients" do - knife("raw -z -i #{path_to('empty.json')} -m POST /clients").should_succeed( /uri/ ) - knife("list --local /clients").should_succeed "/clients/z.json\n" - end - - it "knife cookbook upload works" do - knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} z").should_succeed :stderr => <<EOM + when_the_repository "is empty" do + context "POST /TYPE/NAME" do + before do + file "empty.json", { "name" => "z" } + file "dummynode.json", { "name" => "z", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "empty_x.json", { "name" => "x" } + file "empty_id.json", { "id" => "z" } + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/z/metadata.rb", cookbook_z_100_metadata_rb + end + + it "knife raw -z -i empty.json -m POST /clients" do + knife("raw -z -i #{path_to('empty.json')} -m POST /clients").should_succeed( /uri/ ) + knife("list --local /clients").should_succeed "/clients/z.json\n" + end + + it "knife cookbook upload works" do + knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} z").should_succeed :stderr => <<EOM Uploading z [1.0.0] Uploaded 1 cookbook. EOM - knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/z/\n/cookbooks/z/metadata.rb\n" - end - - it "knife raw -z -i empty.json -m POST /data" do - knife("raw -z -i #{path_to('empty.json')} -m POST /data").should_succeed( /uri/ ) - knife("list --local -Rfp /data_bags").should_succeed "/data_bags/z/\n" - end - - it "knife raw -z -i empty.json -m POST /data/x" do - knife("raw -z -i #{path_to('empty_x.json')} -m POST /data").should_succeed( /uri/ ) - knife("raw -z -i #{path_to('empty_id.json')} -m POST /data/x").should_succeed( /"z"/ ) - knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/z.json\n" - end - - it "knife raw -z -i empty.json -m POST /environments" do - knife("raw -z -i #{path_to('empty.json')} -m POST /environments").should_succeed( /uri/ ) - knife("list --local /environments").should_succeed "/environments/z.json\n" - end - - it "knife raw -z -i dummynode.json -m POST /nodes" do - knife("raw -z -i #{path_to('dummynode.json')} -m POST /nodes").should_succeed( /uri/ ) - knife("list --local /nodes").should_succeed "/nodes/z.json\n" - knife("show -z /nodes/z.json").should_succeed /"bar"/ - end - - it "knife raw -z -i empty.json -m POST /roles" do - knife("raw -z -i #{path_to('empty.json')} -m POST /roles").should_succeed( /uri/ ) - knife("list --local /roles").should_succeed "/roles/z.json\n" - end - - it "knife raw -z -i empty.json -m POST /users" do - knife("raw -z -i #{path_to('empty.json')} -m POST /users").should_succeed( /uri/ ) - knife("list --local /users").should_succeed "/users/z.json\n" - end - - it "After knife raw -z -i rolestuff.json -m POST /roles, the output is pretty", :skip => (RUBY_VERSION < "1.9") do - knife("raw -z -i #{path_to('rolestuff.json')} -m POST /roles").should_succeed( /uri/ ) - expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip + knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/z/\n/cookbooks/z/metadata.rb\n" + end + + it "knife raw -z -i empty.json -m POST /data" do + knife("raw -z -i #{path_to('empty.json')} -m POST /data").should_succeed( /uri/ ) + knife("list --local -Rfp /data_bags").should_succeed "/data_bags/z/\n" + end + + it "knife raw -z -i empty.json -m POST /data/x" do + knife("raw -z -i #{path_to('empty_x.json')} -m POST /data").should_succeed( /uri/ ) + knife("raw -z -i #{path_to('empty_id.json')} -m POST /data/x").should_succeed( /"z"/ ) + knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/z.json\n" + end + + it "knife raw -z -i empty.json -m POST /environments" do + knife("raw -z -i #{path_to('empty.json')} -m POST /environments").should_succeed( /uri/ ) + knife("list --local /environments").should_succeed "/environments/z.json\n" + end + + it "knife raw -z -i dummynode.json -m POST /nodes" do + knife("raw -z -i #{path_to('dummynode.json')} -m POST /nodes").should_succeed( /uri/ ) + knife("list --local /nodes").should_succeed "/nodes/z.json\n" + knife("show -z /nodes/z.json").should_succeed(/"bar"/) + end + + it "knife raw -z -i empty.json -m POST /roles" do + knife("raw -z -i #{path_to('empty.json')} -m POST /roles").should_succeed( /uri/ ) + knife("list --local /roles").should_succeed "/roles/z.json\n" + end + + it "After knife raw -z -i rolestuff.json -m POST /roles, the output is pretty", :skip => (RUBY_VERSION < "1.9") do + knife("raw -z -i #{path_to('rolestuff.json')} -m POST /roles").should_succeed( /uri/ ) + expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip { "name": "x", "description": "hi there" } EOM + end end - end - it "knife list -z -R returns nothing" do - knife("list -z -Rfp /").should_succeed <<EOM + it "knife list -z -R returns nothing" do + knife("list -z -Rfp /").should_succeed <<EOM +/acls/ +/acls/clients/ +/acls/containers/ +/acls/cookbooks/ +/acls/data_bags/ +/acls/environments/ +/acls/groups/ +/acls/nodes/ +/acls/organization.json +/acls/roles/ /clients/ +/containers/ +/cookbook_artifacts/ /cookbooks/ /data_bags/ /environments/ +/groups/ +/invitations.json +/members.json /nodes/ +/org.json +/policies/ +/policy_groups/ /roles/ -/users/ EOM - end - - context "DELETE /TYPE/NAME" do - it "knife delete -z /clients/x.json fails with an error" do - knife("delete -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" end - it "knife delete -z -r /cookbooks/x fails with an error" do - knife("delete -z -r /cookbooks/x").should_fail "ERROR: /cookbooks/x: No such file or directory\n" - end + context "DELETE /TYPE/NAME" do + it "knife delete -z /clients/x.json fails with an error" do + knife("delete -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" + end - it "knife delete -z -r /data_bags/x fails with an error" do - knife("delete -z -r /data_bags/x").should_fail "ERROR: /data_bags/x: No such file or directory\n" - end + it "knife delete -z -r /cookbooks/x fails with an error" do + knife("delete -z -r /cookbooks/x").should_fail "ERROR: /cookbooks/x: No such file or directory\n" + end - it "knife delete -z /data_bags/x/y.json fails with an error" do - knife("delete -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" - end + it "knife delete -z -r /data_bags/x fails with an error" do + knife("delete -z -r /data_bags/x").should_fail "ERROR: /data_bags/x: No such file or directory\n" + end - it "knife delete -z /environments/x.json fails with an error" do - knife("delete -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" - end + it "knife delete -z /data_bags/x/y.json fails with an error" do + knife("delete -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" + end + + it "knife delete -z /environments/x.json fails with an error" do + knife("delete -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" + end + + it "knife delete -z /nodes/x.json fails with an error" do + knife("delete -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" + end + + it "knife delete -z /roles/x.json fails with an error" do + knife("delete -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" + end - it "knife delete -z /nodes/x.json fails with an error" do - knife("delete -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" end - it "knife delete -z /roles/x.json fails with an error" do - knife("delete -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" + context "GET /TYPE/NAME" do + it "knife show -z /clients/x.json fails with an error" do + knife("show -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" + end + + it "knife show -z /cookbooks/x/metadata.rb fails with an error" do + knife("show -z /cookbooks/x/metadata.rb").should_fail "ERROR: /cookbooks/x/metadata.rb: No such file or directory\n" + end + + it "knife show -z /data_bags/x/y.json fails with an error" do + knife("show -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" + end + + it "knife show -z /environments/x.json fails with an error" do + knife("show -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" + end + + it "knife show -z /nodes/x.json fails with an error" do + knife("show -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" + end + + it "knife show -z /roles/x.json fails with an error" do + knife("show -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" + end + end - it "knife delete -z /users/x.json fails with an error" do - knife("delete -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + end + + it "knife raw -z -i empty.json -m PUT /clients/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /data/x/y fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /environments/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /nodes/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /nodes/x").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /roles/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_fail( /404/ ) + end + end end + end - context "GET /TYPE/NAME" do - it "knife show -z /clients/x.json fails with an error" do - knife("show -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" - end + # We have to configure Zero for Chef 11 mode in order to test users because: + # 1. local mode overrides your `chef_server_url` to something like "http://localhost:PORT" + # 2. single org mode maps requests like "https://localhost:PORT/users" so + # they're functionally equivalent to "https://localhost:PORT/organizations/DEFAULT/users" + # 3. Users are global objects in Chef 12, and should be accessed at URLs like + # "https://localhost:PORT/users" (there is an org-specific users endpoint, + # but it's for listing users in an org, not for managing users). + # 4. Therefore you can't hit the _real_ users endpoint in local mode when + # configured for Chef Server 12 mode. + # + # Because of this, we have to configure Zero for Chef 11 OSC mode in order to + # test the users part of the data store with local mode. + describe "with repo mode 'everything'" do + before do + Chef::Config.repo_mode = "everything" + Chef::Config.chef_zero.osc_compat = true + end - it "knife show -z /cookbooks/x/metadata.rb fails with an error" do - knife("show -z /cookbooks/x/metadata.rb").should_fail "ERROR: /cookbooks/x/metadata.rb: No such file or directory\n" + when_the_repository "has one of each thing" do + before do + file "clients/x.json", {} + file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb + file "data_bags/x/y.json", {} + file "environments/x.json", {} + file "nodes/x.json", {} + file "roles/x.json", {} + file "users/x.json", {} + end + + context "GET /TYPE" do + it "knife list -z -R returns everything" do + knife("list -z -Rfp /").should_succeed <<EOM +/clients/ +/clients/x.json +/cookbooks/ +/cookbooks/x/ +/cookbooks/x/metadata.rb +/data_bags/ +/data_bags/x/ +/data_bags/x/y.json +/environments/ +/environments/x.json +/nodes/ +/nodes/x.json +/roles/ +/roles/x.json +/users/ +/users/x.json +EOM + end end - it "knife show -z /data_bags/x/y.json fails with an error" do - knife("show -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" + context "DELETE /TYPE/NAME" do + it "knife delete -z /users/x.json works" do + knife("delete -z /users/x.json").should_succeed "Deleted /users/x.json\n" + knife("list -z -Rfp /users").should_succeed "" + end end - it "knife show -z /environments/x.json fails with an error" do - knife("show -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" + context "GET /TYPE/NAME" do + it "knife show -z /users/x.json works" do + knife("show -z /users/x.json").should_succeed( /"x"/ ) + end end - it "knife show -z /nodes/x.json fails with an error" do - knife("show -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" - end + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + file "dummynode.json", { "name" => "x", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/x/metadata.rb", cookbook_x_100_metadata_rb + end - it "knife show -z /roles/x.json fails with an error" do - knife("show -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" - end + it "knife raw -z -i empty.json -m PUT /users/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_succeed( /"x"/ ) + knife("list --local /users").should_succeed "/users/x.json\n" + end - it "knife show -z /users/x.json fails with an error" do - knife("show -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + it "After knife raw -z -i rolestuff.json -m PUT /roles/x, the output is pretty", :skip => (RUBY_VERSION < "1.9") do + knife("raw -z -i #{path_to('rolestuff.json')} -m PUT /roles/x").should_succeed( /"x"/ ) + expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip +{ + "name": "x", + "description": "hi there" +} +EOM + end end end - context "PUT /TYPE/NAME" do - before do - file "empty.json", {} - end + when_the_repository "is empty" do + context "POST /TYPE/NAME" do + before do + file "empty.json", { "name" => "z" } + file "dummynode.json", { "name" => "z", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "empty_x.json", { "name" => "x" } + file "empty_id.json", { "id" => "z" } + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/z/metadata.rb", cookbook_z_100_metadata_rb + end - it "knife raw -z -i empty.json -m PUT /clients/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_fail( /404/ ) + it "knife raw -z -i empty.json -m POST /users" do + knife("raw -z -i #{path_to('empty.json')} -m POST /users").should_succeed( /uri/ ) + knife("list --local /users").should_succeed "/users/z.json\n" + end end - it "knife raw -z -i empty.json -m PUT /data/x/y fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_fail( /404/ ) + it "knife list -z -R returns nothing" do + knife("list -z -Rfp /").should_succeed <<EOM +/clients/ +/cookbooks/ +/data_bags/ +/environments/ +/nodes/ +/roles/ +/users/ +EOM end - it "knife raw -z -i empty.json -m PUT /environments/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_fail( /404/ ) + context "DELETE /TYPE/NAME" do + it "knife delete -z /users/x.json fails with an error" do + knife("delete -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + end end - it "knife raw -z -i empty.json -m PUT /nodes/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /nodes/x").should_fail( /404/ ) + context "GET /TYPE/NAME" do + it "knife show -z /users/x.json fails with an error" do + knife("show -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + end end - it "knife raw -z -i empty.json -m PUT /roles/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_fail( /404/ ) - end + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + end - it "knife raw -z -i empty.json -m PUT /users/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_fail( /404/ ) + it "knife raw -z -i empty.json -m PUT /users/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_fail( /404/ ) + end end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e69d61a7b3..34716e5fd8 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -67,6 +67,10 @@ require "chef/util/file_edit" require "chef/config" +if ENV["CHEF_FIPS"] == "1" + Chef::Config.init_openssl +end + # If you want to load anything into the testing environment # without versioning it, add it to spec/support/local_gems.rb require "spec/support/local_gems.rb" if File.exists?(File.join(File.dirname(__FILE__), "support", "local_gems.rb")) @@ -165,6 +169,7 @@ RSpec.configure do |config| config.filter_run_excluding :aes_256_gcm_only => true unless aes_256_gcm? config.filter_run_excluding :broken => true config.filter_run_excluding :not_wpar => true unless wpar? + config.filter_run_excluding :not_fips => true unless fips? running_platform_arch = `uname -m`.strip unless windows? diff --git a/spec/support/chef_helpers.rb b/spec/support/chef_helpers.rb index a792cd3c5f..cfc876ffd3 100644 --- a/spec/support/chef_helpers.rb +++ b/spec/support/chef_helpers.rb @@ -27,7 +27,7 @@ Chef::Config.solo(false) def sha256_checksum(path) - Digest::SHA256.hexdigest(File.read(path)) + OpenSSL::Digest::SHA256.hexdigest(File.read(path)) end # From Ruby 1.9.2+ diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 0259dc6dfb..a29cb61d00 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -204,6 +204,10 @@ def aes_256_gcm? OpenSSL::Cipher.ciphers.include?("aes-256-gcm") end +def fips? + ENV["CHEF_FIPS"] == "1" +end + class GCEDetector extend Ohai::Mixin::GCEMetadata end diff --git a/spec/unit/api_client/registration_spec.rb b/spec/unit/api_client/registration_spec.rb index bddb33fa0d..97ed1c719c 100644 --- a/spec/unit/api_client/registration_spec.rb +++ b/spec/unit/api_client/registration_spec.rb @@ -113,7 +113,7 @@ describe Chef::ApiClient::Registration do with("clients", expected_post_data). and_return(create_with_pkey_response) expect(registration.run.public_key).to eq(create_with_pkey_response["chef_key"]["public_key"]) - expect(registration.private_key).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(registration.private_key).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "puts a locally generated public key to the server to update a client" do @@ -124,7 +124,7 @@ describe Chef::ApiClient::Registration do with("clients/#{client_name}", expected_put_data). and_return(update_with_pkey_response) expect(registration.run.public_key).to eq(update_with_pkey_response["public_key"].to_pem) - expect(registration.private_key).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(registration.private_key).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "writes the generated private key to disk" do @@ -132,7 +132,7 @@ describe Chef::ApiClient::Registration do with("clients", expected_post_data). and_return(create_with_pkey_response) registration.run - expect(IO.read(key_location)).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(IO.read(key_location)).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end context "and the client already exists on a Chef 11 server" do @@ -142,7 +142,7 @@ describe Chef::ApiClient::Registration do with("clients/#{client_name}", expected_put_data). and_return(update_with_pkey_response) expect(registration.run.public_key).to eq(update_with_pkey_response["public_key"].to_pem) - expect(registration.private_key).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(registration.private_key).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end end @@ -247,7 +247,7 @@ describe Chef::ApiClient::Registration do it "creates the client on the server and writes the key" do expect(http_mock).to receive(:post).ordered.and_return(server_v10_response) registration.run - expect(IO.read(key_location)).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(IO.read(key_location)).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "retries up to 5 times" do @@ -262,7 +262,7 @@ describe Chef::ApiClient::Registration do expect(http_mock).to receive(:post).ordered.and_return(server_v10_response) registration.run - expect(IO.read(key_location)).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(IO.read(key_location)).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "gives up retrying after the max attempts" do diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index 6a78e5c827..d66cc26927 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -136,6 +136,16 @@ describe Chef::Application do expect(Chef::Config.rspec_ran).to eq("true") end + context "when openssl fips" do + before do + allow(Chef::Config).to receive(:fips).and_return(true) + end + + it "sets openssl in fips mode" do + expect(OpenSSL).to receive(:'fips_mode=').with(true) + @app.configure_chef + end + end end describe "when there is no config_file defined" do diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb index c4af8c1ad9..4c15145527 100644 --- a/spec/unit/client_spec.rb +++ b/spec/unit/client_spec.rb @@ -45,8 +45,27 @@ describe Chef::Client do end describe "authentication protocol selection" do - it "defaults to 1.1" do - expect(Chef::Config[:authentication_protocol_version]).to eq("1.1") + context "when FIPS is disabled" do + before do + Chef::Config[:fips] = false + end + + it "defaults to 1.1" do + expect(Chef::Config[:authentication_protocol_version]).to eq("1.1") + end + end + context "when FIPS is enabled" do + before do + Chef::Config[:fips] = true + end + + it "defaults to 1.3" do + expect(Chef::Config[:authentication_protocol_version]).to eq("1.3") + end + + after do + Chef::Config[:fips] = false + end end end diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 796ad8ff5b..ee69ecfddc 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -290,7 +290,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end - context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value" do + context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value", :not_fips do let(:encrypted_value) do Version0Encryptor.encrypt_value(plaintext_data, encryption_key) end diff --git a/spec/unit/formatters/base_spec.rb b/spec/unit/formatters/base_spec.rb index 9fe8109e98..ba11edaf18 100644 --- a/spec/unit/formatters/base_spec.rb +++ b/spec/unit/formatters/base_spec.rb @@ -20,8 +20,8 @@ require "spec_helper" describe Chef::Formatters::Base do - let(:out) { double("out") } - let(:err) { double("err") } + let(:out) { StringIO.new } + let(:err) { StringIO.new } let(:formatter) { Chef::Formatters::Base.new(out, err) } it "starts with an indentation of zero" do @@ -43,6 +43,29 @@ describe Chef::Formatters::Base do formatter.indent_by(-2) expect(formatter.output.indent).to eql(0) end -end + it "humanizes EOFError exceptions for #registration_failed" do + formatter.registration_failed("foo.example.com", EOFError.new, double("Chef::Config")) + expect(out.string).to match(/Received an EOF on transport socket/) + end + + it "humanizes EOFError exceptions for #node_load_failed" do + formatter.node_load_failed("foo.example.com", EOFError.new, double("Chef::Config")) + expect(out.string).to match(/Received an EOF on transport socket/) + end + + it "humanizes EOFError exceptions for #run_list_expand_failed" do + formatter.run_list_expand_failed(double("Chef::Node"), EOFError.new) + expect(out.string).to match(/Received an EOF on transport socket/) + end + + it "humanizes EOFError exceptions for #cookbook_resolution_failed" do + formatter.run_list_expand_failed(double("Expanded Run List"), EOFError.new) + expect(out.string).to match(/Received an EOF on transport socket/) + end + it "humanizes EOFError exceptions for #cookbook_sync_failed" do + formatter.cookbook_sync_failed("foo.example.com", EOFError.new) + expect(out.string).to match(/Received an EOF on transport socket/) + end +end diff --git a/spec/unit/http/authenticator_spec.rb b/spec/unit/http/authenticator_spec.rb index 1289ebb61e..031a483fe9 100644 --- a/spec/unit/http/authenticator_spec.rb +++ b/spec/unit/http/authenticator_spec.rb @@ -70,7 +70,9 @@ describe Chef::HTTP::Authenticator do it_behaves_like "merging the server API version into the headers" it "calls authentication_headers with the proper input" do - expect(class_instance).to receive(:authentication_headers).with(method, url, data).and_return({}) + expect(class_instance).to receive(:authentication_headers).with( + method, url, data, + {"X-Ops-Server-API-Version" => Chef::HTTP::Authenticator::DEFAULT_SERVER_API_VERSION}).and_return({}) class_instance.handle_request(method, url, headers, data) end end diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb index 98f1fa9c37..510a1a66bc 100644 --- a/spec/unit/http/ssl_policies_spec.rb +++ b/spec/unit/http/ssl_policies_spec.rb @@ -109,7 +109,7 @@ describe "HTTP SSL Policy" do Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert" Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key" expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s) - expect(http_client.key.to_s).to eq(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")) + expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s) end end diff --git a/spec/unit/provider/apt_update_spec.rb b/spec/unit/provider/apt_update_spec.rb new file mode 100644 index 0000000000..b72f7d9a76 --- /dev/null +++ b/spec/unit/provider/apt_update_spec.rb @@ -0,0 +1,113 @@ +# +# Author:: Thom May (<thom@chef.io>) +# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Provider::AptUpdate do + let(:new_resource) { Chef::Resource::AptUpdate.new("update") } + + let(:config_dir) { Dir.mktmpdir("apt_update_apt_conf_d") } + let(:config_file) { File.join(config_dir, "15update-stamp") } + let(:stamp_dir) { Dir.mktmpdir("apt_update_periodic") } + + before do + stub_const("Chef::Provider::AptUpdate::APT_CONF_DIR", config_dir) + stub_const("Chef::Provider::AptUpdate::STAMP_DIR", stamp_dir) + end + + let(:provider) do + node = Chef::Node.new + events = Chef::EventDispatch::Dispatcher.new + run_context = Chef::RunContext.new(node, {}, events) + Chef::Provider::AptUpdate.new(new_resource, run_context) + end + + it "responds to load_current_resource" do + expect(provider).to respond_to(:load_current_resource) + end + + context "when the apt config directory does not exist" do + before do + FileUtils.rmdir config_dir + expect(File.exist?(config_dir)).to be_falsey + allow(provider).to receive(:shell_out!).with("apt-get -q update") + end + + it "should create the directory" do + provider.run_action(:update) + expect(File.exist?(config_dir)).to be_truthy + expect(File.directory?(config_dir)).to be_truthy + end + + it "should create the config file" do + provider.run_action(:update) + expect(File.exist?(config_file)).to be_truthy + expect(File.read(config_file)).to match(/^APT::Update.*#{stamp_dir}/) + end + end + + describe "#action_update" do + it "should update the apt cache" do + provider.load_current_resource + expect(provider).to receive(:shell_out!).with("apt-get -q update").and_return(double) + provider.run_action(:update) + expect(new_resource).to be_updated_by_last_action + end + end + + describe "#action_periodic" do + before do + allow(File).to receive(:exist?) + expect(File).to receive(:exist?).with("#{stamp_dir}/update-success-stamp").and_return(true) + end + + it "should run if the time stamp is old" do + expect(File).to receive(:mtime).with("#{stamp_dir}/update-success-stamp").and_return(Time.now - 86_500) + expect(provider).to receive(:shell_out!).with("apt-get -q update") + provider.run_action(:periodic) + expect(new_resource).to be_updated_by_last_action + end + + it "should not run if the time stamp is new" do + expect(File).to receive(:mtime).with("#{stamp_dir}/update-success-stamp").and_return(Time.now) + expect(provider).to_not receive(:shell_out!).with("apt-get -q update") + provider.run_action(:periodic) + expect(new_resource).to_not be_updated_by_last_action + end + + context "with a different frequency" do + before do + new_resource.frequency(400) + end + + it "should run if the time stamp is old" do + expect(File).to receive(:mtime).with("#{stamp_dir}/update-success-stamp").and_return(Time.now - 500) + expect(provider).to receive(:shell_out!).with("apt-get -q update") + provider.run_action(:periodic) + expect(new_resource).to be_updated_by_last_action + end + + it "should not run if the time stamp is new" do + expect(File).to receive(:mtime).with("#{stamp_dir}/update-success-stamp").and_return(Time.now - 300) + expect(provider).to_not receive(:shell_out!).with("apt-get -q update") + provider.run_action(:periodic) + expect(new_resource).to_not be_updated_by_last_action + end + end + end +end diff --git a/spec/unit/resource/apt_update_spec.rb b/spec/unit/resource/apt_update_spec.rb new file mode 100644 index 0000000000..8015cb03b3 --- /dev/null +++ b/spec/unit/resource/apt_update_spec.rb @@ -0,0 +1,38 @@ +# +# Author:: Thom May (<thom@chef.io>) +# Copyright:: Copyright (c) 2016 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::AptUpdate do + + let(:resource) { Chef::Resource::AptUpdate.new("update") } + + it "should create a new Chef::Resource::AptUpdate" do + expect(resource).to be_a_kind_of(Chef::Resource) + expect(resource).to be_a_kind_of(Chef::Resource::AptUpdate) + end + + it "the default frequency should be 1 day" do + expect(resource.frequency).to eql(86_400) + end + + it "the frequency should accept integers" do + resource.frequency(400) + expect(resource.frequency).to eql(400) + end +end diff --git a/spec/unit/rest/auth_credentials_spec.rb b/spec/unit/rest/auth_credentials_spec.rb index 88da44319b..c3ce695387 100644 --- a/spec/unit/rest/auth_credentials_spec.rb +++ b/spec/unit/rest/auth_credentials_spec.rb @@ -23,37 +23,6 @@ require "spec_helper" require "uri" require "net/https" -KEY_DOT_PEM=<<-END_RSA_KEY ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA49TA0y81ps0zxkOpmf5V4/c4IeR5yVyQFpX3JpxO4TquwnRh -8VSUhrw8kkTLmB3cS39Db+3HadvhoqCEbqPE6915kXSuk/cWIcNozujLK7tkuPEy -YVsyTioQAddSdfe+8EhQVf3oHxaKmUd6waXrWqYCnhxgOjxocenREYNhZ/OETIei -PbOku47vB4nJK/0GhKBytL2XnsRgfKgDxf42BqAi1jglIdeq8lAWZNF9TbNBU21A -O1iuT7Pm6LyQujhggPznR5FJhXKRUARXBJZawxpGV4dGtdcahwXNE4601aXPra+x -PcRd2puCNoEDBzgVuTSsLYeKBDMSfs173W1QYwIDAQABAoIBAGF05q7vqOGbMaSD -2Q7YbuE/JTHKTBZIlBI1QC2x+0P5GDxyEFttNMOVzcs7xmNhkpRw8eX1LrInrpMk -WsIBKAFFEfWYlf0RWtRChJjNl+szE9jQxB5FJnWtJH/FHa78tR6PsF24aQyzVcJP -g0FGujBihwgfV0JSCNOBkz8MliQihjQA2i8PGGmo4R4RVzGfxYKTIq9vvRq/+QEa -Q4lpVLoBqnENpnY/9PTl6JMMjW2b0spbLjOPVwDaIzXJ0dChjNXo15K5SHI5mALJ -I5gN7ODGb8PKUf4619ez194FXq+eob5YJdilTFKensIUvt3YhP1ilGMM+Chi5Vi/ -/RCTw3ECgYEA9jTw4wv9pCswZ9wbzTaBj9yZS3YXspGg26y6Ohq3ZmvHz4jlT6uR -xK+DDcUiK4072gci8S4Np0fIVS7q6ivqcOdzXPrTF5/j+MufS32UrBbUTPiM1yoO -ECcy+1szl/KoLEV09bghPbvC58PFSXV71evkaTETYnA/F6RK12lEepcCgYEA7OSy -bsMrGDVU/MKJtwqyGP9ubA53BorM4Pp9VVVSCrGGVhb9G/XNsjO5wJC8J30QAo4A -s59ZzCpyNRy046AB8jwRQuSwEQbejSdeNgQGXhZ7aIVUtuDeFFdaIz/zjVgxsfj4 -DPOuzieMmJ2MLR4F71ocboxNoDI7xruPSE8dDhUCgYA3vx732cQxgtHwAkeNPJUz -dLiE/JU7CnxIoSB9fYUfPLI+THnXgzp7NV5QJN2qzMzLfigsQcg3oyo6F2h7Yzwv -GkjlualIRRzCPaCw4Btkp7qkPvbs1QngIHALt8fD1N69P3DPHkTwjG4COjKWgnJq -qoHKS6Fe/ZlbigikI6KsuwKBgQCTlSLoyGRHr6oj0hqz01EDK9ciMJzMkZp0Kvn8 -OKxlBxYW+jlzut4MQBdgNYtS2qInxUoAnaz2+hauqhSzntK3k955GznpUatCqx0R -b857vWviwPX2/P6+E3GPdl8IVsKXCvGWOBZWTuNTjQtwbDzsUepWoMgXnlQJSn5I -YSlLxQKBgQD16Gw9kajpKlzsPa6XoQeGmZALT6aKWJQlrKtUQIrsIWM0Z6eFtX12 -2jjHZ0awuCQ4ldqwl8IfRogWMBkHOXjTPVK0YKWWlxMpD/5+bGPARa5fir8O1Zpo -Y6S6MeZ69Rp89ma4ttMZ+kwi1+XyHqC/dlcVRW42Zl5Dc7BALRlJjQ== ------END RSA PRIVATE KEY----- - END_RSA_KEY - - describe Chef::REST::AuthCredentials do before do @key_file_fixture = CHEF_SPEC_DATA + "/ssl/private_key.pem" @@ -67,7 +36,7 @@ describe Chef::REST::AuthCredentials do it "loads the private key when initialized with the path to the key" do expect(@auth_credentials.key).to respond_to(:private_encrypt) - expect(@auth_credentials.key.to_s).to eq(KEY_DOT_PEM) + expect(@auth_credentials.key).to eq(@key) end describe "when loading the private key" do |