diff options
83 files changed, 1110 insertions, 460 deletions
diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 6f9dcecdf6..9af5d459b5 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -8,31 +8,31 @@ set -eu docker ps || true free -m || true -# We've now seen cases where origin/master on the build hosts can get +# We've now seen cases where origin/main on the build hosts can get # out of date. This causes us to build components unnecessarily. # Fetching it here hopefully will prevent this situation. -echo "Fetching origin/master" -git fetch origin master +echo "Fetching origin/main" +git fetch origin main # DEBUGGING FOR RELENG # Fetch the git tags to see if that addresses the weird smart build behavior for Habitat git fetch --tags --force -# Rebase onto current master to ensure this PR is closer to what happens when it's merged. +# Rebase onto current main to ensure this PR is closer to what happens when it's merged. # Only do this if it's actually a branch (i.e. a PR or a manually created build), not a -# post-merge CI run of master. -if [[ "$BUILDKITE_BRANCH" != "master" ]]; then +# post-merge CI run of main. +if [[ "$BUILDKITE_BRANCH" != "main" ]]; then git config user.email "you@example.com" # these are needed for the rebase attempt git config user.name "Your Name" - master=$(git show-ref -s --abbrev origin/master) + main=$(git show-ref -s --abbrev origin/main) pr_head=$(git show-ref -s --abbrev HEAD) github="https://github.com/chef/chef/commit/" - if git rebase origin/master >/dev/null; then - buildkite-agent annotate --style success --context "rebase-pr-branch-${master}" \ - "Rebased onto master ([${master}](${github}${master}))." + if git rebase origin/main >/dev/null; then + buildkite-agent annotate --style success --context "rebase-pr-branch-${main}" \ + "Rebased onto main ([${main}](${github}${main}))." else git rebase --abort - buildkite-agent annotate --style warning --context "rebase-pr-branch-${master}" \ - "Couldn't rebase onto master ([${master}](${github}${master})), building PR HEAD ([${pr_head}](${github}${pr_head}))." + buildkite-agent annotate --style warning --context "rebase-pr-branch-${main}" \ + "Couldn't rebase onto main ([${main}](${github}${main})), building PR HEAD ([${pr_head}](${github}${pr_head}))." fi fi diff --git a/.expeditor/config.yml b/.expeditor/config.yml index 9418a0938e..f8c6e9e778 100644 --- a/.expeditor/config.yml +++ b/.expeditor/config.yml @@ -55,7 +55,7 @@ github: # (as determined by the value in the VERSION file) those branches are responsible # for building. release_branches: - - master: + - main: version_constraint: 17* - chef-16: version_constraint: 16* @@ -236,10 +236,10 @@ subscriptions: actions: - bash:.expeditor/update_dep.sh # NOTE: The branch of Ohai here needs to be updated when setting up a stable branch of chef/chef - - workload: chef/ohai:master_completed:pull_request_merged:chef/ohai:master:* + - workload: chef/ohai:main_completed:pull_request_merged:chef/ohai:main:* actions: - bash:.expeditor/update_bundler_dep.sh # NOTE: When the stable branch of chef/chef is being cut you probably want to remove this subscription - - workload: chef/chefstyle:master_completed:pull_request_merged:chef/chefstyle:master:* + - workload: chef/chefstyle:main_completed:pull_request_merged:chef/chefstyle:main:* actions: - bash:.expeditor/update_bundler_dep.sh diff --git a/.expeditor/release.omnibus.yml b/.expeditor/release.omnibus.yml index 7a34729572..c6759393a1 100644 --- a/.expeditor/release.omnibus.yml +++ b/.expeditor/release.omnibus.yml @@ -44,6 +44,7 @@ builder-to-testers-map: - mac_os_x-10.14-x86_64 - mac_os_x-10.15-x86_64 - mac_os_x-11-x86_64 + - mac_os_x-12-x86_64 mac_os_x-11-arm64: - mac_os_x-11-arm64 - mac_os_x-12-arm64 diff --git a/.expeditor/scripts/bk_win_prep.ps1 b/.expeditor/scripts/bk_win_prep.ps1 index 37796da468..69f35a1ff2 100644 --- a/.expeditor/scripts/bk_win_prep.ps1 +++ b/.expeditor/scripts/bk_win_prep.ps1 @@ -11,5 +11,6 @@ bundle --version if (-not $?) { throw "Can't run Bundler. Is it installed?" } echo "--- bundle install" -bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package +bundle config set --local without omnibus_package +bundle install --jobs=3 --retry=3 --path=vendor/bundle if (-not $?) { throw "Unable to install gem dependencies" }
\ No newline at end of file diff --git a/.expeditor/scripts/install-hab.sh b/.expeditor/scripts/install-hab.sh index 75e910bfab..aaf2dfee5f 100755 --- a/.expeditor/scripts/install-hab.sh +++ b/.expeditor/scripts/install-hab.sh @@ -20,5 +20,5 @@ error () { echo "--- :habicat: Installing latest version of Habitat" rm -rf /hab -curl https://raw.githubusercontent.com/habitat-sh/habitat/master/components/hab/install.sh | bash -s -- -t "$hab_target" +curl https://raw.githubusercontent.com/habitat-sh/habitat/main/components/hab/install.sh | bash -s -- -t "$hab_target" hab license accept diff --git a/.expeditor/update_bundler_dep.sh b/.expeditor/update_bundler_dep.sh index 71575a6c76..375fc3daf0 100755 --- a/.expeditor/update_bundler_dep.sh +++ b/.expeditor/update_bundler_dep.sh @@ -24,6 +24,6 @@ git commit --message "Bump $EXPEDITOR_REPO to $EXPEDITOR_LATEST_COMMIT" --messag open_pull_request "$EXPEDITOR_BRANCH" -# Get back to master and cleanup the leftovers - any changed files left over at the end of this script will get committed to master. +# Get back to main and cleanup the leftovers - any changed files left over at the end of this script will get committed to main. git checkout - git branch -D "$branch" diff --git a/.expeditor/update_dep.sh b/.expeditor/update_dep.sh index 55258c66f8..5e9125cd04 100755 --- a/.expeditor/update_dep.sh +++ b/.expeditor/update_dep.sh @@ -41,6 +41,6 @@ git commit --message "Bump $DEPNAME to $EXPEDITOR_VERSION" --message "This pull open_pull_request "$EXPEDITOR_BRANCH" -# Get back to master and cleanup the leftovers - any changed files left over at the end of this script will get committed to master. +# Get back to main and cleanup the leftovers - any changed files left over at the end of this script will get committed to main. git checkout - git branch -D "$branch" diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml index b1ec9b73f2..5bbfb25e9c 100644 --- a/.expeditor/verify.pipeline.yml +++ b/.expeditor/verify.pipeline.yml @@ -19,7 +19,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - cd chef-utils - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec expeditor: executor: @@ -30,7 +31,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - cd chef-config - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec expeditor: executor: @@ -44,7 +46,8 @@ steps: - label: "Integration Ubuntu 18.04 :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:integration expeditor: executor: @@ -57,7 +60,8 @@ steps: - /workdir/.expeditor/scripts/bk_container_prep.sh - apt-get update -y - apt-get install -y cron locales # needed for functional tests to pass - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:functional expeditor: executor: @@ -68,7 +72,8 @@ steps: - label: "Unit Ubuntu 18.04 :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:unit - bundle exec rake component_specs expeditor: @@ -79,7 +84,8 @@ steps: - label: "Integration Ubuntu 20.04 :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:integration expeditor: executor: @@ -92,7 +98,8 @@ steps: - /workdir/.expeditor/scripts/bk_container_prep.sh - apt-get update -y - apt-get install -y cron locales # needed for functional tests to pass - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:functional expeditor: executor: @@ -103,7 +110,8 @@ steps: - label: "Unit Ubuntu 20.04 :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:unit - bundle exec rake component_specs expeditor: @@ -114,7 +122,8 @@ steps: - label: "Integration CentOS 7 :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:integration expeditor: executor: @@ -126,7 +135,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - yum install -y crontabs e2fsprogs - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:functional expeditor: executor: @@ -137,7 +147,8 @@ steps: - label: "Unit CentOS 7 :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:unit - bundle exec rake component_specs expeditor: @@ -149,7 +160,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - zypper install -y cron insserv-compat - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:integration expeditor: executor: @@ -161,7 +173,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - zypper install -y cronie insserv-compat - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:functional expeditor: executor: @@ -173,7 +186,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - zypper install -y cron insserv-compat - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:unit - bundle exec rake component_specs expeditor: @@ -184,7 +198,8 @@ steps: - label: "Integration Fedora :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:integration expeditor: executor: @@ -196,7 +211,8 @@ steps: commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - dnf install -y crontabs e2fsprogs - - cd /workdir; bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - cd /workdir; bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:functional expeditor: executor: @@ -210,7 +226,8 @@ steps: - label: "Unit Fedora :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle - bundle exec rake spec:unit - bundle exec rake component_specs expeditor: @@ -261,8 +278,9 @@ steps: - label: "chef-zero gem :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package - - bundle exec tasks/bin/run_external_test chef/chef-zero master rake pedant + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle + - bundle exec tasks/bin/run_external_test chef/chef-zero main rake pedant expeditor: executor: docker: @@ -274,8 +292,9 @@ steps: - label: "cheffish gem :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package - - bundle exec tasks/bin/run_external_test chef/cheffish master rake spec + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle + - bundle exec tasks/bin/run_external_test chef/cheffish main rake spec expeditor: executor: docker: @@ -284,8 +303,9 @@ steps: - label: "chefspec gem :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package - - bundle exec tasks/bin/run_external_test chefspec/chefspec master rake + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle + - bundle exec tasks/bin/run_external_test chefspec/chefspec main rake expeditor: executor: docker: @@ -294,8 +314,9 @@ steps: - label: "knife-windows gem :ruby: 3.0" commands: - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package - - bundle exec tasks/bin/run_external_test chef/knife-windows master rake spec + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle + - bundle exec tasks/bin/run_external_test chef/knife-windows main rake spec expeditor: executor: docker: @@ -306,8 +327,9 @@ steps: - /workdir/.expeditor/scripts/bk_container_prep.sh - apt-get update -y - apt-get install -y graphviz - - bundle install --jobs=3 --retry=3 --path=vendor/bundle --without omnibus_package - - bundle exec tasks/bin/run_external_test berkshelf/berkshelf master rake + - bundle config set --local without omnibus_package + - bundle install --jobs=3 --retry=3 --path=vendor/bundle + - bundle exec tasks/bin/run_external_test berkshelf/berkshelf main rake expeditor: executor: docker: diff --git a/.github/workflows/func_spec.yml b/.github/workflows/func_spec.yml index 5913fc31f4..70089b4bb1 100644 --- a/.github/workflows/func_spec.yml +++ b/.github/workflows/func_spec.yml @@ -5,7 +5,7 @@ name: func_spec pull_request: push: branches: - - master + - main jobs: choco: diff --git a/.github/workflows/kitchen.yml b/.github/workflows/kitchen.yml index afce7211b3..09bd3b0cf8 100644 --- a/.github/workflows/kitchen.yml +++ b/.github/workflows/kitchen.yml @@ -5,7 +5,7 @@ name: kitchen pull_request: push: branches: - - master + - main jobs: windows: @@ -40,7 +40,7 @@ jobs: run: | cd kitchen-tests $env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH - bundle config set without 'omnibus_package' + bundle config set --local without 'omnibus_package' bundle install --jobs=3 --retry=3 --path=vendor/bundle gem install berkshelf --no-doc # berks emits a ruby warning when it loads net/http due to a previously @@ -82,7 +82,7 @@ jobs: id: run run: | cd kitchen-tests - sudo /opt/chef/embedded/bin/bundle config set without 'omnibus_package' + sudo /opt/chef/embedded/bin/bundle config set --local without 'omnibus_package' sudo /opt/chef/embedded/bin/bundle install --jobs=3 --retry=3 --path=vendor/bundle sudo /opt/chef/embedded/bin/gem install berkshelf --no-doc sudo /opt/chef/embedded/bin/berks vendor cookbooks @@ -113,7 +113,7 @@ jobs: CHEF_LICENSE: accept-no-persist steps: - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@main - name: Setup Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9ea4b32227..1b9daa6aba 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,7 +5,7 @@ name: lint pull_request: push: branches: - - master + - main jobs: chefstyle: @@ -28,7 +28,7 @@ jobs: - uses: carlosperate/download-file-action@v1.0.3 id: download-custom-dictionary with: - file-url: 'https://raw.githubusercontent.com/chef/chef_dictionary/master/chef.txt' + file-url: 'https://raw.githubusercontent.com/chef/chef_dictionary/main/chef.txt' file-name: 'chef_dictionary.txt' - uses: zwaldowski/cspell-action@v1 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 61bcf080bb..823a3b2e4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,45 +1,78 @@ <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ --> This changelog lists individual merged pull requests to Chef Infra Client and geared towards developers. For a list of significant changes per release see the [Chef Infra Client Release Notes](https://docs.chef.io/release_notes_client/). -<!-- latest_release 17.4.20 --> -## [v17.4.20](https://github.com/chef/chef/tree/v17.4.20) (2021-08-05) +<!-- latest_release 17.4.44 --> +## [v17.4.44](https://github.com/chef/chef/tree/v17.4.44) (2021-09-01) #### Merged Pull Requests -- Add x25519 dependency back to knife [#11903](https://github.com/chef/chef/pull/11903) ([tas50](https://github.com/tas50)) +- Build packages on Intel macOS 12 [#11990](https://github.com/chef/chef/pull/11990) ([tas50](https://github.com/tas50)) <!-- latest_release --> -<!-- release_rollup since=17.3.48 --> +<!-- release_rollup since=17.4.38 --> ### Changes not yet released to stable #### Merged Pull Requests -- Add x25519 dependency back to knife [#11903](https://github.com/chef/chef/pull/11903) ([tas50](https://github.com/tas50)) <!-- 17.4.20 --> -- fix mac_user create_user for running without full disk access [#11731](https://github.com/chef/chef/pull/11731) ([bunnypak](https://github.com/bunnypak)) <!-- 17.4.19 --> -- Pin users cookbook in testing [#11895](https://github.com/chef/chef/pull/11895) ([tas50](https://github.com/tas50)) <!-- 17.4.18 --> -- knife bootstrap windows: log_level should be updated as in client.rb [#11658](https://github.com/chef/chef/pull/11658) ([msys-sgarg](https://github.com/msys-sgarg)) <!-- 17.4.18 --> -- Bootstrap: Fix for performing sudo operations once sudo password ente… [#11654](https://github.com/chef/chef/pull/11654) ([msys-sgarg](https://github.com/msys-sgarg)) <!-- 17.4.17 --> -- Chef -> Chef Infra Client in error message [#11888](https://github.com/chef/chef/pull/11888) ([tas50](https://github.com/tas50)) <!-- 17.4.16 --> -- Move some words to the global dictionary [#11891](https://github.com/chef/chef/pull/11891) ([tas50](https://github.com/tas50)) <!-- 17.4.15 --> -- Bump omnibus from `6d109b6` to `9ffcd89` in /omnibus [#11885](https://github.com/chef/chef/pull/11885) ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 17.4.15 --> -- Rename inspec attributes to inputs in compliance phase [#11882](https://github.com/chef/chef/pull/11882) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 17.4.14 --> -- update dockerfile to use correct package for os/arch [#11883](https://github.com/chef/chef/pull/11883) ([nkierpiec](https://github.com/nkierpiec)) <!-- 17.4.13 --> -- clean up scripts and docker login to auth to chef docker org [#11878](https://github.com/chef/chef/pull/11878) ([nkierpiec](https://github.com/nkierpiec)) <!-- 17.4.12 --> -- Turn on chef_node_attribute_enabled for compliance phase by default [#11874](https://github.com/chef/chef/pull/11874) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 17.4.11 --> -- Update use of environment variable when artifact is promoted [#11873](https://github.com/chef/chef/pull/11873) ([nkierpiec](https://github.com/nkierpiec)) <!-- 17.4.10 --> -- make files readable by buildkite and simplify manifest script [#11872](https://github.com/chef/chef/pull/11872) ([nkierpiec](https://github.com/nkierpiec)) <!-- 17.4.9 --> -- knife client create should check file permissions [#11241](https://github.com/chef/chef/pull/11241) ([snehaldwivedi](https://github.com/snehaldwivedi)) <!-- 17.4.8 --> -- Cleanup the yum_repository resource [#11661](https://github.com/chef/chef/pull/11661) ([tas50](https://github.com/tas50)) <!-- 17.4.7 --> -- Allow az vault name to be included in secret name [#11867](https://github.com/chef/chef/pull/11867) ([marcparadise](https://github.com/marcparadise)) <!-- 17.4.6 --> -- Add custom docker pipeline for multiarch builds [#11871](https://github.com/chef/chef/pull/11871) ([nkierpiec](https://github.com/nkierpiec)) <!-- 17.4.5 --> -- Bump train-core to 3.8.1 [#11869](https://github.com/chef/chef/pull/11869) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 17.4.4 --> -- Fixed issues facing while bootstrapping the node using ssh config file. [#11531](https://github.com/chef/chef/pull/11531) ([sanga1794](https://github.com/sanga1794)) <!-- 17.4.3 --> -- Bump all deps and resolve a chefstyle warning [#11864](https://github.com/chef/chef/pull/11864) ([tas50](https://github.com/tas50)) <!-- 17.4.2 --> -- Support '-' and '@' for homebrew cask name [#11842](https://github.com/chef/chef/pull/11842) ([byplayer](https://github.com/byplayer)) <!-- 17.4.1 --> -- secrets: add support for default config from ohai data [#11853](https://github.com/chef/chef/pull/11853) ([marcparadise](https://github.com/marcparadise)) <!-- 17.4.0 --> -- systemd_unit generates invalid units when passing a hash issue fix [#11856](https://github.com/chef/chef/pull/11856) ([antima-gupta](https://github.com/antima-gupta)) <!-- 17.3.50 --> -- Bump inspec-core-bin to 4.38.9 [#11849](https://github.com/chef/chef/pull/11849) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 17.3.49 --> +- Build packages on Intel macOS 12 [#11990](https://github.com/chef/chef/pull/11990) ([tas50](https://github.com/tas50)) <!-- 17.4.44 --> +- windows_uac: fix registry settings for consent_behavior_users [#11987](https://github.com/chef/chef/pull/11987) ([rishichawda](https://github.com/rishichawda)) <!-- 17.4.43 --> +- Fix knife client create [#11986](https://github.com/chef/chef/pull/11986) ([jasonwbarnett](https://github.com/jasonwbarnett)) <!-- 17.4.42 --> +- Bump ffi to 1.15.4 [#11989](https://github.com/chef/chef/pull/11989) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) <!-- 17.4.41 --> +- bump openssl-1.0.2za [#11982](https://github.com/chef/chef/pull/11982) ([dheerajd-msys](https://github.com/dheerajd-msys)) <!-- 17.4.40 --> +- Add support for secrets stored in HashiCorp Vault [#11942](https://github.com/chef/chef/pull/11942) ([marcparadise](https://github.com/marcparadise)) <!-- 17.4.39 --> <!-- release_rollup --> <!-- latest_stable_release --> +## [v17.4.38](https://github.com/chef/chef/tree/v17.4.38) (2021-08-28) + +#### Merged Pull Requests +- testing main [#11947](https://github.com/chef/chef/pull/11947) ([lamont-granquist](https://github.com/lamont-granquist)) +- Improve phase logging [#11946](https://github.com/chef/chef/pull/11946) ([tas50](https://github.com/tas50)) +- Fix Test Kitchen tests [#11949](https://github.com/chef/chef/pull/11949) ([tas50](https://github.com/tas50)) +- Other fixes for branch renaming [#11948](https://github.com/chef/chef/pull/11948) ([lamont-granquist](https://github.com/lamont-granquist)) +- More updates to logging wording [#11951](https://github.com/chef/chef/pull/11951) ([tas50](https://github.com/tas50)) +- Remove the yanked parallel 1.20.2 gem [#11954](https://github.com/chef/chef/pull/11954) ([tas50](https://github.com/tas50)) +- Update libarchive to 3.5.2 [#11958](https://github.com/chef/chef/pull/11958) ([tas50](https://github.com/tas50)) +- Bump chef/ohai to 17.5.1 [#11959](https://github.com/chef/chef/pull/11959) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) +- Update pipeline references from master -> main [#11967](https://github.com/chef/chef/pull/11967) ([marcparadise](https://github.com/marcparadise)) +- Downgraded the Log level to warn as per AHA idea I-25 [#11945](https://github.com/chef/chef/pull/11945) ([rgjoshi24](https://github.com/rgjoshi24)) +- Bump chef/ohai to d7b28f39f6ef17ba20d2cc0ddbdb62e40b02d8bd [#11972](https://github.com/chef/chef/pull/11972) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) +- Update openssl on macOS to 1.1.1l [#11973](https://github.com/chef/chef/pull/11973) ([tas50](https://github.com/tas50)) +- Revert experimental/debug code [#11974](https://github.com/chef/chef/pull/11974) ([marcparadise](https://github.com/marcparadise)) +<!-- latest_stable_release --> + +## [v17.4.25](https://github.com/chef/chef/tree/v17.4.25) (2021-08-23) + +#### Merged Pull Requests +- Bump inspec-core-bin to 4.38.9 [#11849](https://github.com/chef/chef/pull/11849) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) +- systemd_unit generates invalid units when passing a hash issue fix [#11856](https://github.com/chef/chef/pull/11856) ([antima-gupta](https://github.com/antima-gupta)) +- secrets: add support for default config from ohai data [#11853](https://github.com/chef/chef/pull/11853) ([marcparadise](https://github.com/marcparadise)) +- Support '-' and '@' for homebrew cask name [#11842](https://github.com/chef/chef/pull/11842) ([byplayer](https://github.com/byplayer)) +- Bump all deps and resolve a chefstyle warning [#11864](https://github.com/chef/chef/pull/11864) ([tas50](https://github.com/tas50)) +- Fixed issues facing while bootstrapping the node using ssh config file. [#11531](https://github.com/chef/chef/pull/11531) ([sanga1794](https://github.com/sanga1794)) +- Bump train-core to 3.8.1 [#11869](https://github.com/chef/chef/pull/11869) ([chef-expeditor[bot]](https://github.com/chef-expeditor[bot])) +- Add custom docker pipeline for multiarch builds [#11871](https://github.com/chef/chef/pull/11871) ([nkierpiec](https://github.com/nkierpiec)) +- Allow az vault name to be included in secret name [#11867](https://github.com/chef/chef/pull/11867) ([marcparadise](https://github.com/marcparadise)) +- Cleanup the yum_repository resource [#11661](https://github.com/chef/chef/pull/11661) ([tas50](https://github.com/tas50)) +- knife client create should check file permissions [#11241](https://github.com/chef/chef/pull/11241) ([snehaldwivedi](https://github.com/snehaldwivedi)) +- make files readable by buildkite and simplify manifest script [#11872](https://github.com/chef/chef/pull/11872) ([nkierpiec](https://github.com/nkierpiec)) +- Update use of environment variable when artifact is promoted [#11873](https://github.com/chef/chef/pull/11873) ([nkierpiec](https://github.com/nkierpiec)) +- Turn on chef_node_attribute_enabled for compliance phase by default [#11874](https://github.com/chef/chef/pull/11874) ([lamont-granquist](https://github.com/lamont-granquist)) +- clean up scripts and docker login to auth to chef docker org [#11878](https://github.com/chef/chef/pull/11878) ([nkierpiec](https://github.com/nkierpiec)) +- update dockerfile to use correct package for os/arch [#11883](https://github.com/chef/chef/pull/11883) ([nkierpiec](https://github.com/nkierpiec)) +- Rename inspec attributes to inputs in compliance phase [#11882](https://github.com/chef/chef/pull/11882) ([lamont-granquist](https://github.com/lamont-granquist)) +- Bump omnibus from `6d109b6` to `9ffcd89` in /omnibus [#11885](https://github.com/chef/chef/pull/11885) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Move some words to the global dictionary [#11891](https://github.com/chef/chef/pull/11891) ([tas50](https://github.com/tas50)) +- Chef -> Chef Infra Client in error message [#11888](https://github.com/chef/chef/pull/11888) ([tas50](https://github.com/tas50)) +- Bootstrap: Fix for performing sudo operations once sudo password ente… [#11654](https://github.com/chef/chef/pull/11654) ([msys-sgarg](https://github.com/msys-sgarg)) +- knife bootstrap windows: log_level should be updated as in client.rb [#11658](https://github.com/chef/chef/pull/11658) ([msys-sgarg](https://github.com/msys-sgarg)) +- Pin users cookbook in testing [#11895](https://github.com/chef/chef/pull/11895) ([tas50](https://github.com/tas50)) +- fix mac_user create_user for running without full disk access [#11731](https://github.com/chef/chef/pull/11731) ([bunnypak](https://github.com/bunnypak)) +- Add x25519 dependency back to knife [#11903](https://github.com/chef/chef/pull/11903) ([tas50](https://github.com/tas50)) +- group: fix gid in use error on macOS [#11927](https://github.com/chef/chef/pull/11927) ([rishichawda](https://github.com/rishichawda)) +- Revert 11731 [#11935](https://github.com/chef/chef/pull/11935) ([marcparadise](https://github.com/marcparadise)) +- Fix failures in mac_user when not all user fields are present [#11925](https://github.com/chef/chef/pull/11925) ([tas50](https://github.com/tas50)) +- Update InSpec to 4.41 [#11943](https://github.com/chef/chef/pull/11943) ([tas50](https://github.com/tas50)) +- Remove the default json logger from the compliance API [#11924](https://github.com/chef/chef/pull/11924) ([lamont-granquist](https://github.com/lamont-granquist)) + ## [v17.3.48](https://github.com/chef/chef/tree/v17.3.48) (2021-07-21) #### Merged Pull Requests @@ -100,7 +133,6 @@ This changelog lists individual merged pull requests to Chef Infra Client and ge - Add windows_update_settings resource [#11839](https://github.com/chef/chef/pull/11839) ([tas50](https://github.com/tas50)) - Bump omnibus-software from `07291b0` to `a4f73e4` in /omnibus [#11845](https://github.com/chef/chef/pull/11845) ([dependabot[bot]](https://github.com/dependabot[bot])) - secrets: Ensure provided config is passed into AWS [#11847](https://github.com/chef/chef/pull/11847) ([marcparadise](https://github.com/marcparadise)) -<!-- latest_stable_release --> ## [v17.2.29](https://github.com/chef/chef/tree/v17.2.29) (2021-06-09) diff --git a/Dockerfile b/Dockerfile index f6b6b28b21..e4fa20444f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ FROM busybox LABEL maintainer="Chef Software, Inc. <docker@chef.io>" ARG CHANNEL=stable -ARG VERSION=17.3.48 +ARG VERSION=17.4.38 ARG ARCH=x86_64 ARG PKG_VERSION=6 @@ -2,7 +2,7 @@ source "https://rubygems.org" gem "chef", path: "." -gem "ohai", git: "https://github.com/chef/ohai.git", branch: "master" +gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main" gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__)) gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__)) @@ -48,7 +48,7 @@ end group(:chefstyle) do # for testing new chefstyle rules - gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "master" + gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "main" end instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"] diff --git a/Gemfile.lock b/Gemfile.lock index bc811a972a..514ce6076c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,17 +1,17 @@ GIT remote: https://github.com/chef/chefstyle.git - revision: 47dcaf9ec62abcc6086cd40062d923f614fbb3b9 - branch: master + revision: 641469ef571ac0db66e5b0a8471b09a49b929d4d + branch: main specs: - chefstyle (2.0.7) - rubocop (= 1.18.4) + chefstyle (2.0.9) + rubocop (= 1.20.0) GIT remote: https://github.com/chef/ohai.git - revision: f428cdfc4bb915741c363e6f42b23a0b3ca3989f - branch: master + revision: c31cfa6d54ff3ae94bc1b6438a5b3ac21f6627a4 + branch: main specs: - ohai (17.3.2) + ohai (17.5.2) chef-config (>= 14.12, < 18) chef-utils (>= 16.0, < 18) ffi (~> 1.9) @@ -35,11 +35,11 @@ GIT PATH remote: . specs: - chef (17.4.20) + chef (17.4.44) addressable aws-sdk-secretsmanager (~> 1.46) - chef-config (= 17.4.20) - chef-utils (= 17.4.20) + chef-config (= 17.4.44) + chef-utils (= 17.4.44) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -63,11 +63,12 @@ PATH train-core (~> 3.2, >= 3.2.28) train-winrm (>= 0.2.5) uuidtools (>= 2.1.5, < 3.0) - chef (17.4.20-universal-mingw32) + vault (~> 0.16) + chef (17.4.44-universal-mingw32) addressable aws-sdk-secretsmanager (~> 1.46) - chef-config (= 17.4.20) - chef-utils (= 17.4.20) + chef-config (= 17.4.44) + chef-utils (= 17.4.44) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -92,6 +93,7 @@ PATH train-core (~> 3.2, >= 3.2.28) train-winrm (>= 0.2.5) uuidtools (>= 2.1.5, < 3.0) + vault (~> 0.16) win32-api (~> 1.5.3) win32-certstore (~> 0.6.2) win32-event (~> 0.6.1) @@ -106,15 +108,15 @@ PATH PATH remote: chef-bin specs: - chef-bin (17.4.20) - chef (= 17.4.20) + chef-bin (17.4.44) + chef (= 17.4.44) PATH remote: chef-config specs: - chef-config (17.4.20) + chef-config (17.4.44) addressable - chef-utils (= 17.4.20) + chef-utils (= 17.4.44) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -123,7 +125,7 @@ PATH PATH remote: chef-utils specs: - chef-utils (17.4.20) + chef-utils (17.4.44) concurrent-ruby GEM @@ -135,17 +137,17 @@ GEM mixlib-cli (>= 1.4, < 3.0) mixlib-shellout (>= 2.0, < 4.0) ast (2.4.2) - aws-eventstream (1.1.1) - aws-partitions (1.483.0) - aws-sdk-core (3.119.0) + aws-eventstream (1.2.0) + aws-partitions (1.494.0) + aws-sdk-core (3.120.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-secretsmanager (1.48.0) - aws-sdk-core (~> 3, >= 3.119.0) + aws-sdk-secretsmanager (1.49.0) + aws-sdk-core (~> 3, >= 3.120.0) aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.4) + aws-sigv4 (1.3.0) aws-eventstream (~> 1, >= 1.0.2) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) @@ -187,13 +189,13 @@ GEM faraday-excon (1.1.0) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) - faraday_middleware (1.0.0) + faraday_middleware (1.1.0) faraday (~> 1.0) fauxhai-ng (9.0.0) net-ssh - ffi (1.15.3) - ffi (1.15.3-x64-mingw32) - ffi (1.15.3-x86-mingw32) + ffi (1.15.4) + ffi (1.15.4-x64-mingw32) + ffi (1.15.4-x86-mingw32) ffi-libarchive (1.0.17) ffi (~> 1.0) ffi-win32-extensions (1.0.4) @@ -209,7 +211,7 @@ GEM hashie (4.1.0) httpclient (2.8.3) iniparse (1.5.0) - inspec-core (4.38.9) + inspec-core (4.41.2) addressable (~> 2.4) chef-telemetry (~> 1.0, >= 1.0.8) faraday (>= 0.9.0, < 1.5) @@ -232,8 +234,8 @@ GEM train-core (~> 3.0) tty-prompt (~> 0.17) tty-table (~> 0.10) - inspec-core-bin (4.38.9) - inspec-core (= 4.38.9) + inspec-core-bin (4.41.2) + inspec-core (= 4.41.2) ipaddress (0.8.3) iso8601 (0.13.0) jmespath (1.4.0) @@ -313,16 +315,16 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-support (3.10.2) - rubocop (1.18.4) + rubocop (1.20.0) parallel (~> 1.10) parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.8.0, < 2.0) + rubocop-ast (>= 1.9.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.8.0) + rubocop-ast (1.11.0) parser (>= 3.0.1.1) ruby-progressbar (1.11.0) ruby2_keywords (0.0.5) @@ -371,8 +373,10 @@ GEM unicode-display_width (2.0.0) unicode_utils (1.4.0) uuidtools (2.2.0) - webmock (3.13.0) - addressable (>= 2.3.6) + vault (0.16.0) + aws-sigv4 + webmock (3.14.0) + addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) webrick (1.7.0) @@ -420,10 +424,10 @@ GEM wmi-lite (1.0.5) PLATFORMS + arm64-darwin-20 ruby x64-mingw32 x86-mingw32 - x86_64-linux DEPENDENCIES appbundler diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 34b5cf8f65..c71dca3b0b 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,128 @@ This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes/> for the official Chef release notes. +## What's New in 17.4.38 + +### Bug fixes + +- Resolved a regression introduced in Chef Infra Client 17.4 that caused HWRP-style resources inheriting from LWRPBase to fail. + +### Enhancements + +- Improved log output to clearly define where the Infra Phase ends and the Compliance Phase begins. +- Enhanced Ohai data collection of Amazon EC2 metadata to collect additional data for some configurations. +- Removed ERROR logs when retrying failed communication with the Chef Infra Server. +- Improved the `archive_file` resource by upgrading the `libarchive` library it uses, which includes the following improvements: + - Support for PWB and v7 binary CPIO formats. + - Support for the deflate algorithm in symbolic link decompression with zip files. + - Various bug fixes when working with CAB, ZIP, 7zip, and RAR files. + +### Security + +#### OpenSSL 1.1.1l + +OpenSSL has been updated from 1.1.1k to 1.1.1l on macOS systems to resolve the following CVEs: + +- [CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) +- [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712) + +#### libarchive 3.5.2 + +Updated the libarchive library that powers the `archive_file` resource from 3.5.1 to 3.5.2 to resolve security vulnerabilities in libarchive's handling of symbolic links. + +## What's New in 17.4.25 + +### Compliance Phase Improvements + +#### Chef InSpec 4.41.2 + +Chef InSpec has been updated from 4.38.3 to 4.41.2 with the following improvements for Compliance Phase + +- New Open Policy Agent resources `opa_cli` and `opa_api` +- New `mongodb_session` resource +- The `mssql_session` resource now allows named connections by no longer forcing a port. +- The PostgreSQL resources (`postgres_session`, `postgres_conf`, `postgres_hba_conf`, and `postgres_ident_conf`) now work with Windows. +- Fixed a bug where the year in an expiration date was misinterpreted in waiver files + +#### json-file Reporter Off By Default + +The InSpec `json-file` reporter is no longer enabled by default in Compliance Phase. Outputting compliance data to file by default potentially exposed sensitive data to the filesystem, without much upside. If you rely on this file for processing by external systems you can produce it by setting the reporter attribute `node['audit']['reporter']` to `%w{json-file cli}`. + +#### Chef Attribute Integration + +The `chef_node_attribute_enabled` configuration option for Compliance Phase is now enabled by default. This provides a `chef_node` object in InSpec profiles containing all attributes from the Chef Infra Client including Ohai configuration attributes. + +#### Compliance Phase Inputs Attribute + +In 2019 we renamed InSpec attributes to inputs to avoid confusion between InSpec attributes and Chef Infra attributes. Compliance Phase is now updated to use the updated inputs name. Instead of passing `node['audit']['attributes']` you can now use `node['audit']['inputs']`. Don't worry about rushing to update your code though because Compliance Phase will still work with the existing attributes, giving you time to migrate to the new name. + +### Secrets Manager Integration + +We've updated our beta secrets management integration helper to improve the experience of fetching secrets from AWS Secrets Manager and Azure Key Vault. We'd still love to hear from you if you are integrating Chef Infra with a secrets management system or you'd like to do so in the future. E-mail us at secrets_management_beta@progress.com. + +#### Simpler Azure Key Vault Names Declaration + +The `secrets` helper has been updated to allow specifying the Azure Key Vault to fetch a secret using the name instead of the config hash: + +Specifying the Vault in the Name: + +```ruby +secret(name: "test-chef-infra-secrets/test-secret-1", service: :azure_key_vault) +``` + +Specifying the Vault in the Options Hash: + +```ruby +secret(name: "test-secret-1", service: :azure_key_vault, config: {vault: "test-chef-infra-secrets" }) +``` + +#### AWS Default to Node's Region in AWS Secrets Manager + +When fetching secrets from AWS Secrets Manager, the `secrets` helper now defaults to fetching secrets from the region where the node resides. If you need to fetch secrets from another region, you can use the region config option: + +Specifying AWS Region: + +```ruby +secret(name: 'test1', service: :aws_secrets_manager, config: { region: 'us-west-2' }) +``` + +Using the Node's Region: + +```ruby +secret(name: 'test1', service: :aws_secrets_manager) +``` + +### Resource Updates + +#### group + +The `group` resource has been updated to prevent failures on macOS systems when passing the GID as an Integer. Thanks for reporting this [@rb2k](https://github.com/rb2k)! + +#### homebrew_cask + +The `homebrew_cask` resource now supports Homebrew Casks with '-' or '@' in their name. Thanks for this fix [@byplayer](https://github.com/byplayer)! + +#### rhsm_subscription + +The `rhsm_subscription` resource now flushes all DNF or YUM caches after adding a new subscription so that subsequent package installs can use packages from the subscription. Thanks for fixing this [@jasonwbarnett](https://github.com/jasonwbarnett)! + +#### systemd_unit + +The `systemd_unit` resource now generates valid unit files when passing a hash of data. Thanks for reporting this issue [@gregkare](https://github.com/gregkare) + +#### user + +The `user` resource on macOS no longer fails if the `shell` or `hidden` fields are not present for the user being updated. + +#### yum_repository + +The `yum_repository` has been refactored to better flush cache on RHEL and Fedora derivatives Linux distributions. + +### Packaging + +#### Arm64 Docker Containers + +Chef Infra Client Docker containers are now published for the `arm64` architecture on DockerHub at https://hub.docker.com/r/chef/chef. These containers can be used for testing Chef Infra Client on `arm64` architecture Linux distributions with Test Kitchen. + ## What's New in 17.3 ### Compliance Phase Improvements @@ -1060,11 +1183,11 @@ On AWS instances, we now gather data from the latest metadata API versions, expo - placement/region - spot/instance-action -#### Alma Linux Detection +#### AlmaLinux Detection -Chef Infra Client now maps [Alma Linux](https://almalinux.org/) to the `rhel` `platform_family` value. Alma Linux is a new open-source RHEL fork produced by the CloudLinux team. Alma Linux falls under Chef's [Community Support](https://docs.chef.io/platforms/#community-support) platform support policy providing community driven support without the extensive testing given to commercially supported platforms in Chef Infra Client. +Chef Infra Client now maps [AlmaLinux](https://almalinux.org/) to the `rhel` `platform_family` value. AlmaLinux is a new open-source RHEL fork produced by the CloudLinux team. AlmaLinux falls under Chef's [Community Support](https://docs.chef.io/platforms/#community-support) platform support policy providing community driven support without the extensive testing given to commercially supported platforms in Chef Infra Client. -You can test cookbooks on Alma Linux in Test Kitchen using [Alma Linux 8 Vagrant Images](https://app.vagrantup.com/bento/boxes/almalinux-8 on VirtualBox, Parallels, and VMware hypervisors as follows: +You can test cookbooks on AlmaLinux in Test Kitchen using [AlmaLinux 8 Vagrant Images](https://app.vagrantup.com/bento/boxes/almalinux-8 on VirtualBox, Parallels, and VMware hypervisors as follows: ```yaml platforms: @@ -4471,7 +4594,7 @@ end ### InSpec 3.0 -Inspec has been updated to version 3.0 with addition resources, exception handling, and a new plugin system. See <https://blog.chef.io/2018/10/16/announcing-inspec-3-0/> for details. +InSpec has been updated to version 3.0 with addition resources, exception handling, and a new plugin system. See <https://blog.chef.io/2018/10/16/announcing-inspec-3-0/> for details. ### macOS Mojave (10.14) @@ -5822,7 +5945,7 @@ In Ohai 13 we replaced the filesystem and cloud plugins with the filesystem2 and - **The mount resource's password property is now marked as **sensitive** Passwords passed to mount won't show up in logs. - **The windows_task resource now correctly handles start_day** Previously, the resource would accept any date that was formatted correctly in the local locale, unlike the Windows cookbook and Windows itself. We now support only the MM/DD/YYYY format, in keeping with the Windows cookbook. -- **InSpec updated to 1.39.1** +- **InSpec updated to 1.39.1** ### Ohai 13.5 @@ -6459,7 +6582,7 @@ The `recommends`, `suggests`, `conflicts`, `replaces` and `grouping` metadata fi ### All unignored cookbook files will now be uploaded. -We now treat every file under a cookbook directory as belonging to a cookbook, unless that file is ignored with a `chefignore` file. This is a change from the previous behavior where only files in certain directories, such as `recipes` or `templates`, were treated as special. This change allows chef to support new classes of files, such as Ohai plugins or Inspec tests, without having to make changes to the cookbook format to support them. +We now treat every file under a cookbook directory as belonging to a cookbook, unless that file is ignored with a `chefignore` file. This is a change from the previous behavior where only files in certain directories, such as `recipes` or `templates`, were treated as special. This change allows chef to support new classes of files, such as Ohai plugins or InSpec tests, without having to make changes to the cookbook format to support them. ### DSL-based custom resources and providers no longer get module constants @@ -1 +1 @@ -17.4.20
\ No newline at end of file +17.4.44
\ No newline at end of file diff --git a/chef-bin/lib/chef-bin/version.rb b/chef-bin/lib/chef-bin/version.rb index d7bbc603c2..ccc3c7daa5 100644 --- a/chef-bin/lib/chef-bin/version.rb +++ b/chef-bin/lib/chef-bin/version.rb @@ -21,7 +21,7 @@ module ChefBin CHEFBIN_ROOT = File.expand_path("..", __dir__) - VERSION = "17.4.20".freeze + VERSION = "17.4.44".freeze end # diff --git a/chef-config/chef-config.gemspec b/chef-config/chef-config.gemspec index cf83b360df..0cd5b263b8 100644 --- a/chef-config/chef-config.gemspec +++ b/chef-config/chef-config.gemspec @@ -16,10 +16,10 @@ Gem::Specification.new do |spec| spec.metadata = { "bug_tracker_uri" => "https://github.com/chef/chef/issues", - "changelog_uri" => "https://github.com/chef/chef/blob/master/CHANGELOG.md", - "documentation_uri" => "https://github.com/chef/chef/tree/master/chef-config/README.md", - "homepage_uri" => "https://github.com/chef/chef/tree/master/chef-config", - "source_code_uri" => "https://github.com/chef/chef/tree/master/chef-config", + "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md", + "documentation_uri" => "https://github.com/chef/chef/tree/main/chef-config/README.md", + "homepage_uri" => "https://github.com/chef/chef/tree/main/chef-config", + "source_code_uri" => "https://github.com/chef/chef/tree/main/chef-config", } spec.require_paths = ["lib"] diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index 03ccd69e12..4f611acd3a 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -15,5 +15,5 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("..", __dir__) - VERSION = "17.4.20".freeze + VERSION = "17.4.44".freeze end diff --git a/chef-utils/README.md b/chef-utils/README.md index 34d246e23f..75c9149865 100644 --- a/chef-utils/README.md +++ b/chef-utils/README.md @@ -1,12 +1,12 @@ # Chef Utils gem -**Umbrella Project**: [Chef Infra](https://github.com/chef/chef-oss-practices/blob/master/projects/chef-infra.md) +**Umbrella Project**: [Chef Infra](https://github.com/chef/chef-oss-practices/blob/main/projects/chef-infra.md) -**Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md#active) +**Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md#active) -**Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days +**Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md)**: 14 days -**Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days +**Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md)**: 14 days ## Getting Started diff --git a/chef-utils/chef-utils.gemspec b/chef-utils/chef-utils.gemspec index 8cbae405e3..e885aae175 100644 --- a/chef-utils/chef-utils.gemspec +++ b/chef-utils/chef-utils.gemspec @@ -10,17 +10,17 @@ Gem::Specification.new do |spec| spec.email = ["oss@chef.io"] spec.summary = %q{Basic utility functions for Core Chef Infra development} - spec.homepage = "https://github.com/chef/chef/tree/master/chef-utils" + spec.homepage = "https://github.com/chef/chef/tree/main/chef-utils" spec.license = "Apache-2.0" spec.required_ruby_version = ">= 2.6" spec.metadata = { "bug_tracker_uri" => "https://github.com/chef/chef/issues", - "changelog_uri" => "https://github.com/chef/chef/blob/master/CHANGELOG.md", - "documentation_uri" => "https://github.com/chef/chef/tree/master/chef-utils/README.md", - "homepage_uri" => "https://github.com/chef/chef/tree/master/chef-utils", - "source_code_uri" => "https://github.com/chef/chef/tree/master/chef-utils", + "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md", + "documentation_uri" => "https://github.com/chef/chef/tree/main/chef-utils/README.md", + "homepage_uri" => "https://github.com/chef/chef/tree/main/chef-utils", + "source_code_uri" => "https://github.com/chef/chef/tree/main/chef-utils", } spec.require_paths = ["lib"] diff --git a/chef-utils/lib/chef-utils/version.rb b/chef-utils/lib/chef-utils/version.rb index 89450dec1b..c48c40e83d 100644 --- a/chef-utils/lib/chef-utils/version.rb +++ b/chef-utils/lib/chef-utils/version.rb @@ -16,5 +16,5 @@ module ChefUtils CHEFUTILS_ROOT = File.expand_path("..", __dir__) - VERSION = "17.4.20" + VERSION = "17.4.44" end diff --git a/chef.gemspec b/chef.gemspec index 0f278fff8f..936a9dfd91 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -56,6 +56,7 @@ Gem::Specification.new do |s| s.add_dependency "proxifier", "~> 1.0" s.add_dependency "aws-sdk-secretsmanager", "~> 1.46" + s.add_dependency "vault", "~> 0.16" # hashi vault official client gem s.bindir = "bin" s.executables = %w{ } diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile index 19f6e7d93e..af870fb182 100644 --- a/kitchen-tests/Gemfile +++ b/kitchen-tests/Gemfile @@ -3,9 +3,9 @@ source "https://rubygems.org" gem "rake" # required to build some native extensions gem "chef", path: ".." gem "knife", path: "../knife" -gem "ohai", git: "https://github.com/chef/ohai.git", branch: "master" # avoids failures when we bump chef major -gem "berkshelf", git: "https://github.com/berkshelf/berkshelf.git", branch: "master" +gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main" # avoids failures when we bump chef major +gem "berkshelf", git: "https://github.com/berkshelf/berkshelf.git", branch: "main" gem "kitchen-dokken", ">= 2.0" -gem "kitchen-inspec", git: "https://github.com/chef/kitchen-inspec.git", branch: "master" +gem "kitchen-inspec", git: "https://github.com/chef/kitchen-inspec.git", branch: "main" gem "inspec" gem "test-kitchen", git: "https://github.com/test-kitchen/test-kitchen.git", branch: "master" diff --git a/kitchen-tests/README.md b/kitchen-tests/README.md index 99ab9b0cfe..a997dc4370 100644 --- a/kitchen-tests/README.md +++ b/kitchen-tests/README.md @@ -25,7 +25,7 @@ end-to-end-amazonlinux Dokken Dokken Inspec Dokken <Not Created ## Testing -We use Test Kitchen to build instances, test client code, and destroy instances. If you are unfamiliar with Test Kitchen, we recommend checking out the [tutorial](http://kitchen.ci/) along with the `kitchen-dokken` [driver documentation](https://github.com/someara/kitchen-dokken). Test Kitchen is configured to manipulate instances using [Docker](https://www.docker.com/) when testing locally, and when testing, pull requests on [Buildkite](https://buildkite.com/chef-oss/chef-chef-master-verify). +We use Test Kitchen to build instances, test client code, and destroy instances. If you are unfamiliar with Test Kitchen, we recommend checking out the [tutorial](http://kitchen.ci/) along with the `kitchen-dokken` [driver documentation](https://github.com/someara/kitchen-dokken). Test Kitchen is configured to manipulate instances using [Docker](https://www.docker.com/) when testing locally, and when testing, pull requests on [Buildkite](https://buildkite.com/chef-oss/chef-chef-main-verify). ### Commands @@ -60,13 +60,13 @@ The provisioner can be configured to pull client source code from a GitHub repos By default, the provisioner is configured to pull your most recent commit to `chef/chef`. You can change this by modifying the `github` and `branch` provisioner options: - `github`: Set this to `"<your_username>/<your_chef_repo>"`. The default is `"chef/chef"`. -- `branch`: This can be any valid git reference (e.g., branch name, tag, or commit SHA). If omitted, it defaults to `master`. +- `branch`: This can be any valid git reference (e.g., branch name, tag, or commit SHA). If omitted, it defaults to `main`. The branch you choose must be accessible on GitHub. You cannot use a local commit at this time. ### Testing pull requests -These end-to-end tests are also configured to run on Buildkite with Docker containers when you submit a pull request to `chef/chef`. Kitchen is configured to pull chef client source code from the branch it is testing. There is no need to modify `kitchen.yml` unless you are contributing tests. +These end-to-end tests are also configured to run on Buildkite with Docker containers when you submit a pull request to `chef/chef`. Test Kitchen is configured to pull Chef Infra Client source code from the branch it is testing. There is no need to modify `kitchen.yml` unless you are contributing tests. ## Contributing diff --git a/knife/Gemfile b/knife/Gemfile index 0eda3c8e5f..a2321726c7 100644 --- a/knife/Gemfile +++ b/knife/Gemfile @@ -17,10 +17,10 @@ group(:omnibus_package, :pry) do end group(:chefstyle) do - gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "master" + gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "main" end -gem "ohai", git: "https://github.com/chef/ohai.git", branch: "master" +gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main" gem "chef", path: ".." gem "chef-utils", path: File.expand_path("../chef-utils", __dir__) if File.exist?(File.expand_path("../chef-utils", __dir__)) gem "chef-config", path: File.expand_path("../chef-config", __dir__) if File.exist?(File.expand_path("../chef-config", __dir__)) diff --git a/knife/knife.gemspec b/knife/knife.gemspec index 3b7f62e48f..b44635e7ae 100644 --- a/knife/knife.gemspec +++ b/knife/knife.gemspec @@ -51,7 +51,7 @@ Gem::Specification.new do |s| s.metadata = { "bug_tracker_uri" => "https://github.com/chef/chef/issues", - "changelog_uri" => "https://github.com/chef/chef/blob/master/CHANGELOG.md", + "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md", "documentation_uri" => "https://docs.chef.io/", "homepage_uri" => "https://www.chef.io", "mailing_list_uri" => "https://discourse.chef.io/", diff --git a/knife/lib/chef/knife/client_create.rb b/knife/lib/chef/knife/client_create.rb index 9c17174322..12cf0eed02 100644 --- a/knife/lib/chef/knife/client_create.rb +++ b/knife/lib/chef/knife/client_create.rb @@ -54,6 +54,10 @@ class Chef @client_field ||= Chef::ApiClientV1.new end + def file + config[:file] + end + def create_client(client) # should not be using save :( bad behavior Chef::ApiClientV1.from_hash(client).save @@ -81,13 +85,7 @@ class Chef client.public_key File.read(File.expand_path(config[:public_key])) end - # Check the file before creating the client so the api is more transactional. - if config[:file] - file = config[:file] - dir_name = File.dirname(file) - check_writable_or_exists(dir_name, "Directory") - check_writable_or_exists(file, "File") - end + file_is_writable! output = edit_hash(client) final_client = create_client(output) @@ -105,15 +103,35 @@ class Chef end end - # To check if file or directory exists or writable and raise exception accordingly - def check_writable_or_exists(file, type) - if File.exist?(file) - unless File.writable?(file) - ui.fatal "#{type} #{file} is not writable. Check permissions." - exit 1 - end - else - ui.fatal "#{type} #{file} does not exist." + # + # This method is used to verify that the file and it's containing + # directory are writable. This ensures that you don't create the client + # and then lose the private key because you weren't able to write it to + # disk. + # + # @return [void] + # + def file_is_writable! + return unless file + + dir = File.dirname(File.expand_path(file)) + unless File.exist?(dir) + ui.fatal "Directory #{dir} does not exist. Please create and retry." + exit 1 + end + + unless File.directory?(dir) + ui.fatal "#{dir} exists, but is not a directory. Please update your file path (--file #{file}) or re-create #{dir} as a directory." + exit 1 + end + + unless File.writable?(dir) + ui.fatal "Directory #{dir} is not writable. Please check the permissions." + exit 1 + end + + if File.exist?(file) && !File.writable?(file) + ui.fatal "File #{file} is not writable. Please check the permissions." exit 1 end end diff --git a/knife/lib/chef/knife/cookbook_upload.rb b/knife/lib/chef/knife/cookbook_upload.rb index d9582a3ccc..357019212f 100644 --- a/knife/lib/chef/knife/cookbook_upload.rb +++ b/knife/lib/chef/knife/cookbook_upload.rb @@ -71,6 +71,11 @@ class Chef long: "--include-dependencies", description: "Also upload cookbook dependencies." + option :check_dependencies, + boolean: true, long: "--[no-]check-dependencies", + description: "Whether or not cookbook dependencies are verified before uploading cookbook(s) to #{ChefUtils::Dist::Server::PRODUCT}. You shouldn't disable this unless you really know what you're doing.", + default: true + def run # Sanity check before we load anything from the server if ! config[:all] && @name_args.empty? @@ -86,11 +91,6 @@ class Chef upload_failures = 0 upload_ok = 0 - # Get a list of cookbooks and their versions from the server - # to check for the existence of a cookbook's dependencies. - @server_side_cookbooks = Chef::CookbookVersion.list_all_versions - justify_width = @server_side_cookbooks.map(&:size).max.to_i + 2 - cookbooks = [] cookbooks_to_upload.each do |cookbook_name, cookbook| raise Chef::Exceptions::MetadataNotFound.new(cookbook.root_paths[0], cookbook_name) unless cookbook.has_metadata_file? @@ -120,7 +120,7 @@ class Chef if config[:all] if cookbooks_for_upload.any? begin - upload(cookbooks_for_upload, justify_width) + upload(cookbooks_for_upload) rescue Chef::Exceptions::CookbookFrozen ui.warn("Not updating version constraints for some cookbooks in the environment as the cookbook is frozen.") ui.error("Uploading of some of the cookbooks must be failed. Remove cookbook whose version is frozen from your cookbooks repo OR use --force option.") @@ -133,7 +133,7 @@ class Chef else tmp_cl.each do |cookbook_name, cookbook| - upload([cookbook], justify_width) + upload([cookbook]) upload_ok += 1 rescue Exceptions::CookbookNotFoundInRepo => e upload_failures += 1 @@ -165,6 +165,27 @@ class Chef end end + def server_side_cookbooks + @server_side_cookbooks ||= Chef::CookbookVersion.list_all_versions + end + + def justify_width + @justify_width ||= server_side_cookbooks.map(&:size).max.to_i + 2 + end + + # + # @param cookbook [Chef::CookbookVersion] + # + def left_justify_name(cookbook) + # We only want to lookup justify width value if we're already loading + # cookbooks to check dependencies exist in Chef Infra Server. + if config[:check_dependencies] == true + cookbook.name.to_s.ljust(justify_width + 10) + else + cookbook.name.to_s.ljust(24) + end + end + def cookbooks_to_upload @cookbooks_to_upload ||= if config[:all] @@ -220,11 +241,11 @@ class Chef end end - def upload(cookbooks, justify_width) + def upload(cookbooks) cookbooks.each do |cb| - ui.info("Uploading #{cb.name.to_s.ljust(justify_width + 10)} [#{cb.version}]") + ui.info("Uploading #{left_justify_name(cb)} [#{cb.version}]") check_for_broken_links!(cb) - check_for_dependencies!(cb) + check_for_dependencies!(cb) if config[:check_dependencies] == true end Chef::CookbookUploader.new(cookbooks, force: config[:force], concurrency: config[:concurrency]).upload_cookbooks rescue Chef::Exceptions::CookbookFrozen => e @@ -265,12 +286,12 @@ class Chef end def check_server_side_cookbooks(cookbook_name, version) - if @server_side_cookbooks[cookbook_name].nil? + if server_side_cookbooks[cookbook_name].nil? false else - versions = @server_side_cookbooks[cookbook_name]["versions"].collect { |versions| versions["version"] } + versions = server_side_cookbooks[cookbook_name]["versions"].collect { |versions| versions["version"] } Log.debug "Versions of cookbook '#{cookbook_name}' returned by the server: #{versions.join(", ")}" - @server_side_cookbooks[cookbook_name]["versions"].each do |versions_hash| + server_side_cookbooks[cookbook_name]["versions"].each do |versions_hash| if Chef::VersionConstraint.new(version).include?(versions_hash["version"]) Log.debug "Matched cookbook '#{cookbook_name}' with constraint '#{version}' to cookbook version '#{versions_hash["version"]}' on the server" return true diff --git a/knife/lib/chef/knife/version.rb b/knife/lib/chef/knife/version.rb index d9d82baf4a..f0bfa6d85f 100644 --- a/knife/lib/chef/knife/version.rb +++ b/knife/lib/chef/knife/version.rb @@ -17,7 +17,7 @@ class Chef class Knife KNIFE_ROOT = File.expand_path("../..", __dir__) - VERSION = "17.4.20".freeze + VERSION = "17.4.44".freeze end end diff --git a/knife/spec/integration/client_create_spec.rb b/knife/spec/integration/client_create_spec.rb index 337582d858..3898ff9d24 100644 --- a/knife/spec/integration/client_create_spec.rb +++ b/knife/spec/integration/client_create_spec.rb @@ -50,7 +50,6 @@ describe "knife client create", :workstation do it "saves the private key to a file" do Dir.mktmpdir do |tgt| - File.open("#{tgt}/bah.pem", "w") { |pub| pub.write("test key") } knife("client create -f #{tgt}/bah.pem bah").should_succeed stderr: out expect(File).to exist("#{tgt}/bah.pem") end diff --git a/knife/spec/unit/knife/client_create_spec.rb b/knife/spec/unit/knife/client_create_spec.rb index ada1d9d7bc..55122f8c01 100644 --- a/knife/spec/unit/knife/client_create_spec.rb +++ b/knife/spec/unit/knife/client_create_spec.rb @@ -54,6 +54,19 @@ describe Chef::Knife::ClientCreate do Chef::Config[:node_name] = "webmonkey.example.com" end + let(:tmpdir) { Dir.mktmpdir } + let(:file_path) { File.join(tmpdir, "client.pem") } + let(:dir_path) { File.dirname(file_path) } + + before do + allow(File).to receive(:exist?).and_call_original + allow(File).to receive(:exist?).with(file_path).and_return(false) + allow(File).to receive(:exist?).with(dir_path).and_return(true) + allow(File).to receive(:directory?).with(dir_path).and_return(true) + allow(File).to receive(:writable?).with(file_path).and_return(true) + allow(File).to receive(:writable?).with(dir_path).and_return(true) + end + describe "run" do context "when nothing is passed" do # from spec/support/shared/unit/knife_shared.rb @@ -118,18 +131,66 @@ describe Chef::Knife::ClientCreate do describe "with -f or --file" do before do + knife.config[:file] = file_path client.private_key "woot" end it "should write the private key to a file" do - file = Tempfile.new - file_path = file.path - knife.config[:file] = file_path filehandle = double("Filehandle") expect(filehandle).to receive(:print).with("woot") expect(File).to receive(:open).with(file_path, "w").and_yield(filehandle) knife.run end + + context "when the directory does not exist" do + before { allow(File).to receive(:exist?).with(dir_path).and_return(false) } + + it "writes a fatal message and exits 1" do + expect(knife.ui).to receive(:fatal).with("Directory #{dir_path} does not exist. Please create and retry.") + expect { knife.run }.to raise_error(SystemExit) + end + end + + context "when the directory is not writable" do + before { allow(File).to receive(:writable?).with(dir_path).and_return(false) } + + it "writes a fatal message and exits 1" do + expect(knife.ui).to receive(:fatal).with("Directory #{dir_path} is not writable. Please check the permissions.") + expect { knife.run }.to raise_error(SystemExit) + end + end + + context "when the directory is a file" do + before { allow(File).to receive(:directory?).with(dir_path).and_return(false) } + + it "writes a fatal message and exits 1" do + expect(knife.ui).to receive(:fatal).with("#{dir_path} exists, but is not a directory. Please update your file path (--file #{file_path}) or re-create #{dir_path} as a directory.") + expect { knife.run }.to raise_error(SystemExit) + end + end + + context "when the file does not exist" do + before do + allow(File).to receive(:exist?).with(file_path).and_return(false) + end + + it "does not log a fatal message and does not raise exception" do + expect(knife.ui).not_to receive(:fatal) + expect { knife.run }.not_to raise_error + end + end + + context "when the file exists and is not writable" do + before do + allow(File).to receive(:exist?).with(file_path).and_return(true) + allow(File).to receive(:writable?).with(file_path).and_return(false) + end + + it "writes a fatal message and exits 1" do + expect(knife.ui).to receive(:fatal).with("File #{file_path} is not writable. Please check the permissions.") + expect { knife.run }.to raise_error(SystemExit) + end + end end describe "with -p or --public-key" do @@ -166,39 +227,6 @@ describe Chef::Knife::ClientCreate do expect(client.validator).to be_truthy end end - - describe "with -f or --file when dir or file is not writable or does not exists" do - let(:dir_path) { File.expand_path(File.join(CHEF_SPEC_DATA, "knife", "temp_dir")) } - let(:file_path) { File.expand_path(File.join(dir_path, "tmp.pem")) } - - it "when the directory does not exists" do - knife.config[:file] = "example/client1.pem" - expect(knife.ui).to receive(:fatal).with("Directory example does not exist.") - expect { knife.run }.to raise_error(SystemExit) - end - - it "when the directory not writable" do - knife.config[:file] = file_path - File.chmod(777, dir_path) - expect(knife.ui).to receive(:fatal).with("Directory #{dir_path} is not writable. Check permissions.") - expect { knife.run }.to raise_error(SystemExit) - end - - it "when the file does not exists" do - path = "#{dir_path}/client1.pem" - knife.config[:file] = path - File.chmod(0755, dir_path) - expect(knife.ui).to receive(:fatal).with("File #{path} does not exist.") - expect { knife.run }.to raise_error(SystemExit) - end - - it "when the file is not writable" do - knife.config[:file] = file_path - File.chmod(777, file_path) - expect(knife.ui).to receive(:fatal).with("File #{file_path} is not writable. Check permissions.") - expect { knife.run }.to raise_error(SystemExit) - end - end end end end diff --git a/knife/spec/unit/knife/cookbook_upload_spec.rb b/knife/spec/unit/knife/cookbook_upload_spec.rb index 0893f6a6b3..a61eee9249 100644 --- a/knife/spec/unit/knife/cookbook_upload_spec.rb +++ b/knife/spec/unit/knife/cookbook_upload_spec.rb @@ -60,11 +60,12 @@ describe Chef::Knife::CookbookUpload do before(:each) do allow(Chef::CookbookLoader).to receive(:new).and_return(cookbook_loader) allow(Chef::CookbookLoader).to receive(:copy_to_tmp_dir_from_array).and_yield(cookbook_loader) + allow(Chef::CookbookVersion).to receive(:list).and_return({}) + allow(Chef::CookbookVersion).to receive(:list_all_versions).and_return({}) end describe "with --concurrency" do it "should upload cookbooks with predefined concurrency" do - allow(Chef::CookbookVersion).to receive(:list_all_versions).and_return({}) knife.config[:concurrency] = 3 test_cookbook = Chef::CookbookVersion.new("test_cookbook", "/tmp/blah") allow(cookbook_loader).to receive(:each).and_yield("test_cookbook", test_cookbook) @@ -79,7 +80,6 @@ describe Chef::Knife::CookbookUpload do describe "run" do before(:each) do allow(Chef::CookbookUploader).to receive_messages(new: cookbook_uploader) - allow(Chef::CookbookVersion).to receive(:list_all_versions).and_return({}) end it "should print usage and exit when a cookbook name is not provided" do @@ -214,48 +214,110 @@ describe Chef::Knife::CookbookUpload do end end - describe "when specifying a cookbook name with missing dependencies" do - let(:cookbook_dependency) { Chef::CookbookVersion.new("dependency", "/tmp/blah") } + context "when chef_dependencies config is disabled" do + before do + knife.config[:check_dependencies] = false + end - before(:each) do - cookbook.metadata.depends("dependency") - allow(cookbook_loader).to receive(:[]) do |ckbk| - { "test_cookbook" => cookbook, - "dependency" => cookbook_dependency }[ckbk] + describe "when specifying a cookbook name with missing dependencies" do + let(:cookbook_dependency) { Chef::CookbookVersion.new("dependency", "/tmp/blah") } + + before(:each) do + cookbook.metadata.depends("dependency") + allow(cookbook_loader).to receive(:[]) do |ckbk| + { "test_cookbook" => cookbook, + "dependency" => cookbook_dependency }[ckbk] + end + allow(knife).to receive(:cookbook_names).and_return(%w{cookbook_dependency test_cookbook}) + @stdout, @stderr, @stdin = StringIO.new, StringIO.new, StringIO.new + knife.ui = Chef::Knife::UI.new(@stdout, @stderr, @stdin, {}) end - allow(knife).to receive(:cookbook_names).and_return(%w{cookbook_dependency test_cookbook}) - @stdout, @stderr, @stdin = StringIO.new, StringIO.new, StringIO.new - knife.ui = Chef::Knife::UI.new(@stdout, @stderr, @stdin, {}) - end - it "should exit and not upload the cookbook" do - expect(cookbook_loader).to receive(:[]).once.with("test_cookbook") - expect(cookbook_uploader).not_to receive(:upload_cookbooks) - expect { knife.run }.to raise_error(SystemExit) + it "should not fetch all cookbooks from Chef Infra Server" do + expect(Chef::CookbookVersion).not_to receive(:list_all_versions) + knife.run + end + + it "should upload the cookbook" do + expect(cookbook_loader).to receive(:[]).once.with("test_cookbook") + expect(cookbook_uploader).to receive(:upload_cookbooks) + knife.run + end + + it "should not output a message for a single missing dependency" do + knife.run + expect(@stderr.string).not_to include("Cookbook test_cookbook depends on cookbooks which are not currently") + expect(@stderr.string).not_to include("being uploaded and cannot be found on the server.") + expect(@stderr.string).not_to include("The missing cookbook(s) are: 'dependency' version '>= 0.0.0'") + end + + it "should not output a message for a multiple missing dependencies which are concatenated" do + cookbook_dependency2 = Chef::CookbookVersion.new("dependency2") + cookbook.metadata.depends("dependency2") + allow(cookbook_loader).to receive(:[]) do |ckbk| + { "test_cookbook" => cookbook, + "dependency" => cookbook_dependency, + "dependency2" => cookbook_dependency2 }[ckbk] + end + allow(knife).to receive(:cookbook_names).and_return(%w{dependency dependency2 test_cookbook}) + knife.run + expect(@stderr.string).not_to include("Cookbook test_cookbook depends on cookbooks which are not currently") + expect(@stderr.string).not_to include("being uploaded and cannot be found on the server.") + expect(@stderr.string).not_to include("The missing cookbook(s) are:") + expect(@stderr.string).not_to include("'dependency' version '>= 0.0.0'") + expect(@stderr.string).not_to include("'dependency2' version '>= 0.0.0'") + end end + end - it "should output a message for a single missing dependency" do - expect { knife.run }.to raise_error(SystemExit) - expect(@stderr.string).to include("Cookbook test_cookbook depends on cookbooks which are not currently") - expect(@stderr.string).to include("being uploaded and cannot be found on the server.") - expect(@stderr.string).to include("The missing cookbook(s) are: 'dependency' version '>= 0.0.0'") + context "when chef_dependencies config is enabled" do + before do + knife.config[:check_dependencies] = true end - it "should output a message for a multiple missing dependencies which are concatenated" do - cookbook_dependency2 = Chef::CookbookVersion.new("dependency2") - cookbook.metadata.depends("dependency2") - allow(cookbook_loader).to receive(:[]) do |ckbk| - { "test_cookbook" => cookbook, - "dependency" => cookbook_dependency, - "dependency2" => cookbook_dependency2 }[ckbk] + describe "when specifying a cookbook name with missing dependencies" do + let(:cookbook_dependency) { Chef::CookbookVersion.new("dependency", "/tmp/blah") } + + before(:each) do + cookbook.metadata.depends("dependency") + allow(cookbook_loader).to receive(:[]) do |ckbk| + { "test_cookbook" => cookbook, + "dependency" => cookbook_dependency }[ckbk] + end + allow(knife).to receive(:cookbook_names).and_return(%w{cookbook_dependency test_cookbook}) + @stdout, @stderr, @stdin = StringIO.new, StringIO.new, StringIO.new + knife.ui = Chef::Knife::UI.new(@stdout, @stderr, @stdin, {}) + end + + it "should exit and not upload the cookbook" do + expect(cookbook_loader).to receive(:[]).once.with("test_cookbook") + expect(cookbook_uploader).not_to receive(:upload_cookbooks) + expect { knife.run }.to raise_error(SystemExit) + end + + it "should output a message for a single missing dependency" do + expect { knife.run }.to raise_error(SystemExit) + expect(@stderr.string).to include("Cookbook test_cookbook depends on cookbooks which are not currently") + expect(@stderr.string).to include("being uploaded and cannot be found on the server.") + expect(@stderr.string).to include("The missing cookbook(s) are: 'dependency' version '>= 0.0.0'") + end + + it "should output a message for a multiple missing dependencies which are concatenated" do + cookbook_dependency2 = Chef::CookbookVersion.new("dependency2") + cookbook.metadata.depends("dependency2") + allow(cookbook_loader).to receive(:[]) do |ckbk| + { "test_cookbook" => cookbook, + "dependency" => cookbook_dependency, + "dependency2" => cookbook_dependency2 }[ckbk] + end + allow(knife).to receive(:cookbook_names).and_return(%w{dependency dependency2 test_cookbook}) + expect { knife.run }.to raise_error(SystemExit) + expect(@stderr.string).to include("Cookbook test_cookbook depends on cookbooks which are not currently") + expect(@stderr.string).to include("being uploaded and cannot be found on the server.") + expect(@stderr.string).to include("The missing cookbook(s) are:") + expect(@stderr.string).to include("'dependency' version '>= 0.0.0'") + expect(@stderr.string).to include("'dependency2' version '>= 0.0.0'") end - allow(knife).to receive(:cookbook_names).and_return(%w{dependency dependency2 test_cookbook}) - expect { knife.run }.to raise_error(SystemExit) - expect(@stderr.string).to include("Cookbook test_cookbook depends on cookbooks which are not currently") - expect(@stderr.string).to include("being uploaded and cannot be found on the server.") - expect(@stderr.string).to include("The missing cookbook(s) are:") - expect(@stderr.string).to include("'dependency' version '>= 0.0.0'") - expect(@stderr.string).to include("'dependency2' version '>= 0.0.0'") end end diff --git a/lib/chef/application.rb b/lib/chef/application.rb index 356c4a4a30..69ce23518b 100644 --- a/lib/chef/application.rb +++ b/lib/chef/application.rb @@ -377,7 +377,9 @@ class Chef Chef::FileCache.store("#{ChefUtils::Dist::Infra::SHORT}-stacktrace.out", chef_stacktrace_out) logger.fatal("Stacktrace dumped to #{Chef::FileCache.load("#{ChefUtils::Dist::Infra::SHORT}-stacktrace.out", false)}") - logger.fatal("Please provide the contents of the stacktrace.out file if you file a bug report") + logger.fatal("---------------------------------------------------------------------------------------") + logger.fatal("PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT") + logger.fatal("---------------------------------------------------------------------------------------") if Chef::Config[:always_dump_stacktrace] logger.fatal(message) else diff --git a/lib/chef/compliance/default_attributes.rb b/lib/chef/compliance/default_attributes.rb index 9839cd740b..24bf72330b 100644 --- a/lib/chef/compliance/default_attributes.rb +++ b/lib/chef/compliance/default_attributes.rb @@ -28,7 +28,7 @@ class Chef # Controls what is done with the resulting report after the Chef InSpec run. # Accepts a single string value or an array of multiple values. # Accepted values: 'chef-server-automate', 'chef-automate', 'json-file', 'audit-enforcer', 'cli' - "reporter" => %w{json-file cli}, + "reporter" => "cli", # Controls if Chef InSpec profiles should be fetched from Chef Automate or Chef Infra Server # in addition to the default fetch locations provided by Chef Inspec. diff --git a/lib/chef/compliance/reporter/automate.rb b/lib/chef/compliance/reporter/automate.rb index c40631771d..4b4eb3c6e4 100644 --- a/lib/chef/compliance/reporter/automate.rb +++ b/lib/chef/compliance/reporter/automate.rb @@ -76,7 +76,7 @@ class Chef begin Chef::Log.info "Report to #{ChefUtils::Dist::Automate::PRODUCT}: #{@url}" - Chef::Log.debug "Compliance Report: #{json_report}" + Chef::Log.debug "Compliance Phase report: #{json_report}" http_client.post(nil, json_report, headers) true rescue => e diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb index 14e776a6b7..b71f200941 100644 --- a/lib/chef/compliance/runner.rb +++ b/lib/chef/compliance/runner.rb @@ -180,7 +180,7 @@ class Chef logger.info "Running profiles from: #{profiles.inspect}" runner.run runner.report.tap do |r| - logger.debug "Compliance Report #{r}" + logger.debug "Compliance Phase report #{r}" end rescue Inspec::FetcherFailure => e failed_report("Cannot fetch all profiles: #{profiles}. Please make sure you're authenticated and the server is reachable. #{e.message}") diff --git a/lib/chef/formatters/doc.rb b/lib/chef/formatters/doc.rb index 2a3f9faef3..1b752a2924 100644 --- a/lib/chef/formatters/doc.rb +++ b/lib/chef/formatters/doc.rb @@ -41,10 +41,11 @@ class Chef end def run_start(version, run_status) - puts_line "Starting #{ChefUtils::Dist::Infra::PRODUCT}, version #{version}" + puts_line "#{ChefUtils::Dist::Infra::PRODUCT}, version #{version}" puts_line "Patents: #{ChefUtils::Dist::Org::PATENTS}" - puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode? puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] + puts_line "Infra Phase starting" + puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode? end def total_resources @@ -79,18 +80,18 @@ class Chef puts_line "" end if Chef::Config[:why_run] - puts_line "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources would have been updated" + puts_line "Infra Phase complete, #{@updated_resources}/#{total_resources} resources would have been updated" else - puts_line "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources updated in #{pretty_elapsed_time}" + puts_line "Infra Phase complete, #{@updated_resources}/#{total_resources} resources updated in #{pretty_elapsed_time}" end end def run_failed(exception) @end_time = Time.now if Chef::Config[:why_run] - puts_line "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources} resources would have been updated" + puts_line "Infra Phase failed. #{@updated_resources} resources would have been updated" else - puts_line "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources} resources updated in #{pretty_elapsed_time}" + puts_line "Infra Phase failed. #{@updated_resources} resources updated in #{pretty_elapsed_time}" end end @@ -119,12 +120,12 @@ class Chef def node_load_completed(node, expanded_run_list, config); end def policyfile_loaded(policy) - puts_line "Using policy '#{policy["name"]}' at revision '#{policy["revision_id"]}'" + puts_line "Using Policyfile '#{policy["name"]}' at revision '#{policy["revision_id"]}'" end # Called before the cookbook collection is fetched from the server. def cookbook_resolution_start(expanded_run_list) - puts_line "resolving cookbooks for run list: #{expanded_run_list.inspect}" + puts_line "Resolving cookbooks for run list: #{expanded_run_list.inspect}" end # Called when there is an error getting the cookbook collection from the @@ -149,7 +150,7 @@ class Chef # Called before cookbook sync starts def cookbook_sync_start(cookbook_count) - puts_line "Synchronizing Cookbooks:" + puts_line "Synchronizing cookbooks:" indent end @@ -168,7 +169,7 @@ class Chef # Called when starting to collect gems from the cookbooks def cookbook_gem_start(gems) - puts_line "Installing Cookbook Gems:" + puts_line "Installing cookbook gem dependencies:" indent end @@ -194,7 +195,7 @@ class Chef # Called when cookbook loading starts. def library_load_start(file_count) - puts_line "Compiling Cookbooks..." + puts_line "Compiling cookbooks..." end # Called after a file in a cookbook is loaded. @@ -280,7 +281,7 @@ class Chef end def resource_bypassed(resource, action, provider) - puts " (Skipped: whyrun not supported by provider #{provider.class.name})", stream: resource + puts " (Skipped: Why-Run not supported by provider #{provider.class.name})", stream: resource unindent end @@ -317,7 +318,7 @@ class Chef # Called when resource current state load is skipped due to the provider # not supporting whyrun mode. def resource_current_state_load_bypassed(resource, action, current_resource) - puts_line("* Whyrun not supported for #{resource}, bypassing load.", :yellow) + puts_line("* Why-Run not supported for #{resource}, bypassing load.", :yellow) end def stream_output(stream, output, options = {}) diff --git a/lib/chef/formatters/minimal.rb b/lib/chef/formatters/minimal.rb index 6a067c4f86..c4f506531e 100644 --- a/lib/chef/formatters/minimal.rb +++ b/lib/chef/formatters/minimal.rb @@ -28,20 +28,21 @@ class Chef # Called at the very start of a Chef Run def run_start(version, run_status) - puts_line "Starting #{ChefUtils::Dist::Infra::PRODUCT}, version #{version}" + puts_line "#{ChefUtils::Dist::Infra::PRODUCT}, version #{version}" puts_line "Patents: #{ChefUtils::Dist::Org::PATENTS}" - puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode? puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] + puts_line "Infra Phase starting" + puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode? end # Called at the end of the Chef run. def run_completed(node) - puts "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources.size} resources updated" + puts "Infra phase complete, #{@updated_resources.size} resources updated" end # called at the end of a failed run def run_failed(exception) - puts "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources.size} resources updated" + puts "Infra phase failed. #{@updated_resources.size} resources updated" end # Called right after ohai runs. @@ -71,7 +72,7 @@ class Chef # Called before the cookbook collection is fetched from the server. def cookbook_resolution_start(expanded_run_list) - puts "resolving cookbooks for run list: #{expanded_run_list.inspect}" + puts "Resolving cookbooks for run list: #{expanded_run_list.inspect}" end # Called when there is an error getting the cookbook collection from the diff --git a/lib/chef/http.rb b/lib/chef/http.rb index 162998b7f3..00e1d2bd50 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -423,7 +423,7 @@ class Chef if response.is_a?(Net::HTTPServerError) && !Chef::Config.local_mode if http_retry_count - http_attempts >= 0 sleep_time = 1 + (2**http_attempts) + rand(2**http_attempts) - Chef::Log.error("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s") + Chef::Log.warn("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s") # Updated from error to warn sleep(sleep_time) redo end @@ -432,7 +432,7 @@ class Chef end rescue SocketError, Errno::ETIMEDOUT, Errno::ECONNRESET => e if http_retry_count - http_attempts >= 0 - Chef::Log.error("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") + Chef::Log.warn("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn sleep(http_retry_delay) retry end @@ -440,21 +440,21 @@ class Chef raise e rescue Errno::ECONNREFUSED if http_retry_count - http_attempts >= 0 - Chef::Log.error("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") + Chef::Log.warn("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn sleep(http_retry_delay) retry end raise Errno::ECONNREFUSED, "Connection refused connecting to #{url}, giving up" rescue Timeout::Error if http_retry_count - http_attempts >= 0 - Chef::Log.error("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") + Chef::Log.warn("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn sleep(http_retry_delay) retry end raise Timeout::Error, "Timeout connecting to #{url}, giving up" rescue OpenSSL::SSL::SSLError => e if (http_retry_count - http_attempts >= 0) && !e.message.include?("certificate verify failed") - Chef::Log.error("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") + Chef::Log.warn("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn sleep(http_retry_delay) retry end diff --git a/lib/chef/provider.rb b/lib/chef/provider.rb index 81ed530fc7..e7d7ca84ff 100644 --- a/lib/chef/provider.rb +++ b/lib/chef/provider.rb @@ -57,10 +57,12 @@ class Chef # # @since 13.0 # @param name [String, Symbol] Name of the action to define. + # @param description [String] description of the action # @param block [Proc] Body of the action. # # @return [void] - def self.action(name, &block) + def self.action(name, description: nil, &block) + action_descriptions[name.to_sym] = description unless description.nil? # We need the block directly in a method so that `return` works. define_method("compile_action_#{name}", &block) class_eval <<-EOM @@ -70,6 +72,29 @@ class Chef EOM end + # Return the hash of action descriptions defined for + # the provider class. + # + # @return [Hash] hash of [Symbol] => [String] containing + # any provided action descriptions. + def self.action_descriptions + @action_descriptions ||= {} + end + + # Retrieve the description for a provider's action, if + # any description has been included in the definition. + # + # @param action [Symbol,String] the action name + # @return [String] the description of the action provided, or nil if no description + # was defined + def self.action_description(action) + description = action_descriptions[action.to_sym] + if description.nil? && superclass.respond_to?(:action_description) + description = superclass.action_description(action) + end + description + end + # Deprecation stub for the old use_inline_resources mode. # # @return [void] diff --git a/lib/chef/provider/execute.rb b/lib/chef/provider/execute.rb index b4020b8620..bd199f2574 100644 --- a/lib/chef/provider/execute.rb +++ b/lib/chef/provider/execute.rb @@ -41,7 +41,7 @@ class Chef end end - action :run do + action :run, description: "Run a command." do if creates && sentinel_file.exist? logger.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do") return false diff --git a/lib/chef/provider/group/dscl.rb b/lib/chef/provider/group/dscl.rb index 824ebe0477..61930d027a 100644 --- a/lib/chef/provider/group/dscl.rb +++ b/lib/chef/provider/group/dscl.rb @@ -158,7 +158,7 @@ class Chef if new_resource.group_name && (current_resource.group_name != new_resource.group_name) dscl_create_group end - if new_resource.gid && (current_resource.gid != new_resource.gid) + if new_resource.gid && (current_resource.gid != new_resource.gid.to_s) set_gid end if new_resource.members || new_resource.excluded_members diff --git a/lib/chef/provider/launchd.rb b/lib/chef/provider/launchd.rb index b8ff9dfa4d..a737cd08de 100644 --- a/lib/chef/provider/launchd.rb +++ b/lib/chef/provider/launchd.rb @@ -43,22 +43,22 @@ class Chef types[type] end - action :create do + action :create, description: "Create a launchd property list." do manage_plist(:create) end - action :create_if_missing do + action :create_if_missing, description: "Create a launchd property list, if it does not already exist." do manage_plist(:create_if_missing) end - action :delete do + action :delete, description: "Delete a launchd property list. This will unload a daemon or agent, if loaded." do if ::File.exists?(path) manage_service(:disable) end manage_plist(:delete) end - action :enable do + action :enable, description: "Create a launchd property list, and then ensure that it is enabled. If a launchd property list already exists, but does not match, updates the property list to match, and then restarts the daemon or agent." do manage_service(:nothing) manage_plist(:create) do notifies :restart, "macosx_service[#{label}]", :immediately @@ -66,13 +66,13 @@ class Chef manage_service(:enable) end - action :disable do + action :disable, description: "Disable a launchd property list." do return unless ::File.exist?(path) manage_service(:disable) end - action :restart do + action :restart, description: "Restart a launchd managed daemon or agent." do manage_service(:restart) end diff --git a/lib/chef/provider/subversion.rb b/lib/chef/provider/subversion.rb index 7f49e2139f..e60b684bce 100644 --- a/lib/chef/provider/subversion.rb +++ b/lib/chef/provider/subversion.rb @@ -55,7 +55,7 @@ class Chef end end - action :checkout do + action :checkout, description: "Clone or check out the source. When a checkout is available, this provider does nothing." do if target_dir_non_existent_or_empty? converge_by("perform checkout of #{new_resource.repository} into #{new_resource.destination}") do shell_out!(checkout_command, run_options) @@ -65,7 +65,7 @@ class Chef end end - action :export do + action :export, description: "Export the source, excluding or removing any version control artifacts." do if target_dir_non_existent_or_empty? action_force_export else @@ -73,13 +73,13 @@ class Chef end end - action :force_export do + action :force_export, description: "Export the source, excluding or removing any version control artifacts and force an export of the source that is overwriting the existing copy (if it exists)." do converge_by("export #{new_resource.repository} into #{new_resource.destination}") do shell_out!(export_command, run_options) end end - action :sync do + action :sync, description: "Update the source to the specified version, or get a new clone or checkout. This action causes a hard reset of the index and working tree, discarding any uncommitted changes." do assert_target_directory_valid! if ::File.exist?(::File.join(new_resource.destination, ".svn")) current_rev = find_current_revision diff --git a/lib/chef/provider/systemd_unit.rb b/lib/chef/provider/systemd_unit.rb index 26a20814f5..c0e0aee93c 100644 --- a/lib/chef/provider/systemd_unit.rb +++ b/lib/chef/provider/systemd_unit.rb @@ -22,6 +22,7 @@ require_relative "../resource/file" require_relative "../resource/file/verification/systemd_unit" require "iniparse" require "shellwords" unless defined?(Shellwords) +require "chef-utils/dist" unless defined?(ChefUtils::Dist) class Chef class Provider @@ -75,7 +76,7 @@ class Chef end end - action :create do + action :create, description: "Create a systemd unit file, if it does not already exist." do if current_resource.content != new_resource.to_ini converge_by("creating unit: #{new_resource.unit_name}") do manage_unit_file(:create) @@ -84,7 +85,7 @@ class Chef end end - action :delete do + action :delete, description: "Delete a systemd unit file, if it exists." do if ::File.exist?(unit_path) converge_by("deleting unit: #{new_resource.unit_name}") do manage_unit_file(:delete) @@ -93,19 +94,19 @@ class Chef end end - action :preset do + action :preset, description: "Restore the preset '`enable`/`disable`' configuration for a systemd unit. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do converge_by("restoring enable/disable preset configuration for unit: #{new_resource.unit_name}") do systemctl_execute!(:preset, new_resource.unit_name) end end - action :revert do + action :revert, description: "Revert to a vendor's version of a systemd unit file. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do converge_by("reverting to vendor version of unit: #{new_resource.unit_name}") do systemctl_execute!(:revert, new_resource.unit_name) end end - action :enable do + action :enable, description: "Ensure the unit will be started after the next system boot." do if current_resource.static logger.debug("#{new_resource.unit_name} is a static unit, enabling is a NOP.") end @@ -121,7 +122,7 @@ class Chef end end - action :disable do + action :disable, description: "Ensure the unit will not be started after the next system boot." do if current_resource.static logger.debug("#{new_resource.unit_name} is a static unit, disabling is a NOP.") end @@ -138,14 +139,14 @@ class Chef end end - action :reenable do + action :reenable, description: "Reenable a unit file. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do converge_by("reenabling unit: #{new_resource.unit_name}") do systemctl_execute!(:reenable, new_resource.unit_name) logger.info("#{new_resource} reenabled") end end - action :mask do + action :mask, description: "Ensure the unit will not start, even to satisfy dependencies." do unless current_resource.masked converge_by("masking unit: #{new_resource.unit_name}") do systemctl_execute!(:mask, new_resource.unit_name) @@ -154,7 +155,7 @@ class Chef end end - action :unmask do + action :unmask, description: "Stop the unit from being masked and cause it to start as specified." do if current_resource.masked converge_by("unmasking unit: #{new_resource.unit_name}") do systemctl_execute!(:unmask, new_resource.unit_name) @@ -163,7 +164,7 @@ class Chef end end - action :start do + action :start, description: "Start a systemd unit." do unless current_resource.active converge_by("starting unit: #{new_resource.unit_name}") do systemctl_execute!(:start, new_resource.unit_name, default_env: false) @@ -172,7 +173,7 @@ class Chef end end - action :stop do + action :stop, description: "Stop a running systemd unit." do if current_resource.active converge_by("stopping unit: #{new_resource.unit_name}") do systemctl_execute!(:stop, new_resource.unit_name, default_env: false) @@ -181,14 +182,14 @@ class Chef end end - action :restart do + action :restart, description: "Restart a systemd unit." do converge_by("restarting unit: #{new_resource.unit_name}") do systemctl_execute!(:restart, new_resource.unit_name, default_env: false) logger.info("#{new_resource} restarted") end end - action :reload do + action :reload, description: "Reload the configuration file for a systemd unit." do if current_resource.active converge_by("reloading unit: #{new_resource.unit_name}") do systemctl_execute!(:reload, new_resource.unit_name, default_env: false) @@ -199,21 +200,21 @@ class Chef end end - action :try_restart do + action :try_restart, description: "Try to restart a systemd unit if the unit is running." do converge_by("try-restarting unit: #{new_resource.unit_name}") do systemctl_execute!("try-restart", new_resource.unit_name, default_env: false) logger.info("#{new_resource} try-restarted") end end - action :reload_or_restart do + action :reload_or_restart, description: "For systemd units that are services, this action reloads the configuration of the service without restarting, if possible; otherwise, it will restart the service so the new configuration is applied." do converge_by("reload-or-restarting unit: #{new_resource.unit_name}") do systemctl_execute!("reload-or-restart", new_resource.unit_name, default_env: false) logger.info("#{new_resource} reload-or-restarted") end end - action :reload_or_try_restart do + action :reload_or_try_restart, description: "For systemd units that are services, this action reloads the configuration of the service without restarting, if possible; otherwise, it will try to restart the service so the new configuration is applied." do converge_by("reload-or-try-restarting unit: #{new_resource.unit_name}") do systemctl_execute!("reload-or-try-restart", new_resource.unit_name, default_env: false) logger.info("#{new_resource} reload-or-try-restarted") diff --git a/lib/chef/provider/user/mac.rb b/lib/chef/provider/user/mac.rb index 980aaa4bab..e0e120aa0b 100644 --- a/lib/chef/provider/user/mac.rb +++ b/lib/chef/provider/user/mac.rb @@ -28,7 +28,7 @@ class Chef class Provider class User # A macOS user provider that is compatible with default TCC restrictions - # in macOS 10.14. See resource/user/mac_user.rb for complete description + # in macOS 10.14+. See resource/user/mac_user.rb for complete description # of the mac_user resource class MacUser < Chef::Provider::User include Chef::Mixin::Which @@ -49,11 +49,11 @@ class Chef current_resource.uid(user_plist[:uid][0]) current_resource.gid(user_plist[:gid][0]) current_resource.home(user_plist[:home][0]) - current_resource.shell(user_plist[:shell][0]) + current_resource.shell(user_plist[:shell]&.first) # use &.first since shell can be nil current_resource.comment(user_plist[:comment][0]) if user_plist[:is_hidden] - current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false) + current_resource.hidden(user_plist[:is_hidden]&.first == "1" ? true : false) # when not hidden the value seems to be nil so &.first to handle that end shadow_hash = user_plist[:shadow_hash] @@ -143,29 +143,27 @@ class Chef # def create_user - uid = prop_is_set?(:uid) ? new_resource.uid : get_free_uid - # "sysadminctl" cannot create user with specified UID - # on Mac where Chef does not have full disk access - # But "dscl" can - run_dscl("create", "/Users/#{new_resource.username}", - "UniqueID", uid) - if prop_is_set?(:comment) - run_dscl("create", "/Users/#{new_resource.username}", - "RealName", new_resource.comment) - else - # "comment" field is optional for mac_user - # but "load_current_resource" above needs it - # otherwise it will fail - run_dscl("create", "/Users/#{new_resource.username}", - "RealName", new_resource.username) + cmd = [-"-addUser", new_resource.username] + cmd += ["-fullName", new_resource.comment] if prop_is_set?(:comment) + cmd += ["-UID", prop_is_set?(:uid) ? new_resource.uid : get_free_uid] + cmd += ["-shell", new_resource.shell] + cmd += ["-home", new_resource.home] + cmd += ["-admin"] if new_resource.admin + + # We can technically create a new user without the admin credentials + # but without them the user cannot enable SecureToken, thus they cannot + # create other secure users or enable FileVault full disk encryption. + if prop_is_set?(:admin_username) && prop_is_set?(:admin_password) + cmd += ["-adminUser", new_resource.admin_username] + cmd += ["-adminPassword", new_resource.admin_password] end - run_dscl("create", "/Users/#{new_resource.username}", - "UserShell", new_resource.shell) - run_dscl("create", "/Users/#{new_resource.username}", - "NFSHomeDirectory", new_resource.home) - if new_resource.admin - run_dscl("append", "/Groups/admin", "GroupMembership", - new_resource.username) + + # sysadminctl doesn't exit with a non-zero exit code if it encounters + # a problem. We'll check stderr and make sure we see that it finished + # correctly. + res = run_sysadminctl(cmd) + unless /creating user/.match?(res.downcase) + raise Chef::Exceptions::User, "error when creating user: #{res}" end # Wait for the user to show up in the ds cache @@ -183,6 +181,18 @@ class Chef converge_by("set password") { set_password } end + if new_resource.manage_home + # "sysadminctl -addUser" will create the home directory if it's + # the default /Users/<username>, otherwise it sets it in plist + # but does not create it. Here we'll ensure that it gets created + # if we've been given a directory that is not the default. + unless ::File.directory?(new_resource.home) && ::File.exist?(new_resource.home) + converge_by("create home directory") do + shell_out!("createhomedir -c -u #{new_resource.username}") + end + end + end + if prop_is_set?(:gid) # NOTE: Here we're managing the primary group of the user which is # a departure from previous behavior. We could just set the @@ -202,16 +212,6 @@ class Chef end end - # createhomedir needs user GID set first - # otherwise createhomedir will do nothing - # Always create homedir for all users - # because "sysadminctl" does but "dscl" does not - unless ::File.directory?(new_resource.home) && ::File.exist?(new_resource.home) - converge_by("create home directory") do - shell_out!("createhomedir -c -u #{new_resource.username}") - end - end - if diverged?(:secure_token) converge_by("alter SecureToken") { toggle_secure_token } end diff --git a/lib/chef/provider/yum_repository.rb b/lib/chef/provider/yum_repository.rb index 8269487bbd..a3d19e95d3 100644 --- a/lib/chef/provider/yum_repository.rb +++ b/lib/chef/provider/yum_repository.rb @@ -31,7 +31,7 @@ class Chef def load_current_resource; end - action :create do + action :create, description: "Create a repository based on the properties." do template ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do if template_available?(new_resource.source) source new_resource.source @@ -69,7 +69,7 @@ class Chef end end - action :delete do + action :delete, description: "Remove a repository." do # clean the repo cache first execute "yum clean all #{new_resource.repositoryid}" do command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}" @@ -86,7 +86,7 @@ class Chef end end - action :makecache do + action :makecache, description: "Force the creation of the repository cache. This is also done automatically when a repository is updated." do execute "yum-makecache-#{new_resource.repositoryid}" do command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}" action :run diff --git a/lib/chef/provider/zypper_repository.rb b/lib/chef/provider/zypper_repository.rb index c1c863e20e..08e254b6b8 100644 --- a/lib/chef/provider/zypper_repository.rb +++ b/lib/chef/provider/zypper_repository.rb @@ -29,7 +29,7 @@ class Chef def load_current_resource; end - action :create do + action :create, description: "Add a new Zypper repository." do if new_resource.gpgautoimportkeys install_gpg_keys(new_resource.gpgkey) else @@ -50,13 +50,13 @@ class Chef end end - action :delete do + action :delete, description: "Remove a Zypper repository." do execute "zypper --quiet --non-interactive removerepo #{escaped_repo_name}" do only_if "zypper --quiet lr #{escaped_repo_name}" end end - action :refresh do + action :refresh, description: "Refresh Zypper repository." do execute "zypper --quiet --non-interactive refresh --force #{escaped_repo_name}" do only_if "zypper --quiet lr #{escaped_repo_name}" end diff --git a/lib/chef/provider_resolver.rb b/lib/chef/provider_resolver.rb index 94727a1043..9fafbe5f31 100644 --- a/lib/chef/provider_resolver.rb +++ b/lib/chef/provider_resolver.rb @@ -57,10 +57,16 @@ class Chef end def resolve - maybe_explicit_provider(resource) || + resolved = maybe_explicit_provider(resource) || maybe_custom_resource(resource) || - maybe_dynamic_provider_resolution(resource, action) || + maybe_dynamic_provider_resolution(resource, action) + + if resolved.nil? + raise(Chef::Exceptions::ProviderNotFound, "Cannot find a provider for #{resource}") if node.nil? + raise(Chef::Exceptions::ProviderNotFound, "Cannot find a provider for #{resource} on #{node["platform"]} version #{node["platform_version"]}") + end + resolved end # Does NOT call provides? on the resource (it is assumed this is being diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb index 2442b9a050..517c30bc19 100644 --- a/lib/chef/resource.rb +++ b/lib/chef/resource.rb @@ -1063,7 +1063,8 @@ class Chef # action for the resource. # # @param name [Symbol] The action name to define. - # @param description [String] optional description for the action + # @param description [String] optional description for the action. Used for + # documentation generation. # @param recipe_block The recipe to run when the action is taken. This block # takes no parameters, and will be evaluated in a new context containing: # @@ -1076,11 +1077,8 @@ class Chef def self.action(action, description: nil, &recipe_block) action = action.to_sym declare_action_class - action_class.action(action, &recipe_block) + action_class.action(action, description: description, &recipe_block) self.allowed_actions += [ action ] - # Accept any non-nil description, which will correctly override - # any specific inherited description. - action_descriptions[action] = description unless description.nil? default_action action if Array(default_action) == [:nothing] end @@ -1090,18 +1088,15 @@ class Chef # @param action [Symbol,String] the action name # @return the description of the action provided, or nil if no description # was defined - def self.action_description(action) - action_descriptions[action.to_sym] - end - - # @api private - # - # @return existing action description hash, or newly-initialized - # hash containing action descriptions inherited from parent Resource, - # if any. - def self.action_descriptions - @action_descriptions ||= - superclass.respond_to?(:action_descriptions) ? superclass.action_descriptions.dup : { nothing: nil } + def action_description(action) + provider_for_action(action).class.action_description(action) + rescue Chef::Exceptions::ProviderNotFound + # If a provider can't be found, there can be no description defined on the provider. + nil + rescue NameError => e + # This can happen when attempting to load a provider in a platform-specific + # environment where we have not required the necessary files yet + raise unless e.message =~ /uninitialized constant/ end # Define a method to load up this resource's properties with the current @@ -1191,6 +1186,7 @@ class Chef if superclass.custom_resource? superclass.action_class else + ActionClass end diff --git a/lib/chef/resource/execute.rb b/lib/chef/resource/execute.rb index 1f7e1b2c1b..a4c7d3844f 100644 --- a/lib/chef/resource/execute.rb +++ b/lib/chef/resource/execute.rb @@ -549,11 +549,11 @@ class Chef desired_state: false property :user, [ String, Integer ], - description: "The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e. `domainuser` or `user@my.dns.domain.com` via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified." + description: "The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e. `domain\\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified." property :domain, String, introduced: "12.21", - description: "Windows only: The domain of the user user specified by the user property. If not specified, the username and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running #{ChefUtils::Dist::Infra::PRODUCT} is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property." + description: "Windows only: The domain of the user specified by the user property. If not specified, the username and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running #{ChefUtils::Dist::Infra::PRODUCT} is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property." property :password, String, sensitive: true, introduced: "12.21", diff --git a/lib/chef/resource/inspec_waiver_file_entry.rb b/lib/chef/resource/inspec_waiver_file_entry.rb index fb433edb28..5f81be73da 100644 --- a/lib/chef/resource/inspec_waiver_file_entry.rb +++ b/lib/chef/resource/inspec_waiver_file_entry.rb @@ -84,13 +84,13 @@ class Chef } property :run_test, [true, false], - description: "If present and true, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or false, the control will not be run." + description: "If present and `true`, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or `false`, the control will not be run." property :justification, String, description: "Can be any text you want and might include a reason for the waiver as well as who signed off on the waiver." property :backup, [false, Integer], - description: "The number of backups to be kept in /var/chef/backup (for UNIX- and Linux-based platforms) or C:/chef/backup (for the Microsoft Windows platform). Set to false to prevent backups from being kept.", + description: "The number of backups to be kept in `/var/chef/backup` (for UNIX- and Linux-based platforms) or `C:/chef/backup` (for the Microsoft Windows platform). Set to `false` to prevent backups from being kept.", default: false action :add do diff --git a/lib/chef/resource/launchd.rb b/lib/chef/resource/launchd.rb index c8e3d93afc..d5be5f3a44 100644 --- a/lib/chef/resource/launchd.rb +++ b/lib/chef/resource/launchd.rb @@ -36,7 +36,7 @@ class Chef property :backup, [Integer, FalseClass], desired_state: false, - description: "The number of backups to be kept in /var/chef/backup. Set to false to prevent backups from being kept." + description: "The number of backups to be kept in `/var/chef/backup`. Set to `false` to prevent backups from being kept." property :cookbook, String, desired_state: false, @@ -197,10 +197,10 @@ class Chef description: "The intended purpose of the job: `Adaptive`, `Background`, `Interactive`, or `Standard`." property :program, String, - description: "The first argument of execvp, typically the file name associated with the file to be executed. This value must be specified if program_arguments is not specified, and vice-versa." + description: "The first argument of `execvp`, typically the file name associated with the file to be executed. This value must be specified if `program_arguments` is not specified, and vice-versa." property :program_arguments, Array, - description: "The second argument of execvp. If program is not specified, this property must be specified and will be handled as if it were the first argument." + description: "The second argument of `execvp`. If program is not specified, this property must be specified and will be handled as if it were the first argument." property :queue_directories, Array, description: "An array of non-empty directories which, if any are modified, will cause a job to be started." diff --git a/lib/chef/resource/remote_file.rb b/lib/chef/resource/remote_file.rb index 8eca1c3337..18f182f40c 100644 --- a/lib/chef/resource/remote_file.rb +++ b/lib/chef/resource/remote_file.rb @@ -85,7 +85,7 @@ class Chef end property :use_etag, [ TrueClass, FalseClass ], default: true, - description: "Enable ETag headers. Set to false to disable ETag headers. To use this setting, `use_conditional_get` must also be set to true." + description: "Enable ETag headers. Set to `false` to disable ETag headers. To use this setting, `use_conditional_get` must also be set to true." alias :use_etags :use_etag diff --git a/lib/chef/resource/rhsm_subscription.rb b/lib/chef/resource/rhsm_subscription.rb index 5ae04bbfcd..d4eb49250b 100644 --- a/lib/chef/resource/rhsm_subscription.rb +++ b/lib/chef/resource/rhsm_subscription.rb @@ -32,11 +32,11 @@ class Chef name_property: true action :attach, description: "Attach the node to a subscription pool." do - execute "Attach subscription pool #{new_resource.pool_id}" do - command "subscription-manager attach --pool=#{new_resource.pool_id}" - default_env true - action :run - not_if { subscription_attached?(new_resource.pool_id) } + unless subscription_attached?(new_resource.pool_id) + converge_by("attach subscription pool #{new_resource.pool_id}") do + shell_out!("subscription-manager attach --pool=#{new_resource.pool_id}") + build_resource(:package, "rhsm_subscription-#{new_resource.pool_id}-flush_cache").run_action(:flush_cache) + end end end diff --git a/lib/chef/resource/ruby_block.rb b/lib/chef/resource/ruby_block.rb index 2d7d2fe8b6..a7f4666d16 100644 --- a/lib/chef/resource/ruby_block.rb +++ b/lib/chef/resource/ruby_block.rb @@ -29,6 +29,106 @@ class Chef provides :ruby_block, target_mode: true description "Use the **ruby_block** resource to execute Ruby code during a #{ChefUtils::Dist::Infra::PRODUCT} run. Ruby code in the `ruby_block` resource is evaluated with other resources during convergence, whereas Ruby code outside of a `ruby_block` resource is evaluated before other resources, as the recipe is compiled." + examples <<~'DOC' + **Reload Chef Infra Client configuration data** + + ```ruby + ruby_block 'reload_client_config' do + block do + Chef::Config.from_file('/etc/chef/client.rb') + end + action :run + end + ``` + + **Run a block on a particular platform** + + The following example shows how an if statement can be used with the `windows?` method in the Chef Infra Language to run code specific to Microsoft Windows. The code is defined using the ruby_block resource: + + ```ruby + if windows? + ruby_block 'copy libmysql.dll into ruby path' do + block do + require 'fileutils' + FileUtils.cp "#{node['mysql']['client']['lib_dir']}\\libmysql.dll", + node['mysql']['client']['ruby_dir'] + end + not_if { ::File.exist?("#{node['mysql']['client']['ruby_dir']}\\libmysql.dll") } + end + end + ``` + + **Stash a file in a data bag** + + The following example shows how to use the ruby_block resource to stash a BitTorrent file in a data bag so that it can be distributed to nodes in the organization. + + ```ruby + ruby_block 'share the torrent file' do + block do + f = File.open(node['bittorrent']['torrent'],'rb') + #read the .torrent file and base64 encode it + enc = Base64.encode64(f.read) + data = { + 'id'=>bittorrent_item_id(node['bittorrent']['file']), + 'seed'=>node.ipaddress, + 'torrent'=>enc + } + item = Chef::DataBagItem.new + item.data_bag('bittorrent') + item.raw_data = data + item.save + end + action :nothing + subscribes :create, "bittorrent_torrent[#{node['bittorrent']['torrent']}]", :immediately + end + ``` + + **Update the /etc/hosts file** + + The following example shows how the ruby_block resource can be used to update the /etc/hosts file: + + ```ruby + ruby_block 'edit etc hosts' do + block do + rc = Chef::Util::FileEdit.new('/etc/hosts') + rc.search_file_replace_line(/^127\.0\.0\.1 localhost$/, + '127.0.0.1 #{new_fqdn} #{new_hostname} localhost') + rc.write_file + end + end + ``` + + **Set environment variables** + + The following example shows how to use variables within a Ruby block to set environment variables using rbenv. + + ```ruby + node.override[:rbenv][:root] = rbenv_root + node.override[:ruby_build][:bin_path] = rbenv_binary_path + + ruby_block 'initialize' do + block do + ENV['RBENV_ROOT'] = node[:rbenv][:root] + ENV['PATH'] = "#{node[:rbenv][:root]}/bin:#{node[:ruby_build][:bin_path]}:#{ENV['PATH']}" + end + end + ``` + + **Call methods in a gem** + + The following example shows how to call methods in gems not shipped in Chef Infra Client + + ```ruby + chef_gem 'mongodb' + + ruby_block 'config_replicaset' do + block do + MongoDB.configure_replicaset(node, replicaset_name, rs_nodes) + end + action :run + end + ``` + DOC default_action :run allowed_actions :create, :run diff --git a/lib/chef/resource/scm/subversion.rb b/lib/chef/resource/scm/subversion.rb index db20787aa5..7216aa53dd 100644 --- a/lib/chef/resource/scm/subversion.rb +++ b/lib/chef/resource/scm/subversion.rb @@ -28,7 +28,7 @@ class Chef provides :subversion - description "Use the **subversion** resource to manage source control resources that exist in a Subversion repository." + description "Use the **subversion** resource to manage source control resources that exist in a Subversion repository. Warning: The subversion resource has known bugs and may not work as expected. For more information see Chef GitHub issues, particularly [#4050](https://github.com/chef/chef/issues/4050) and [#4257](https://github.com/chef/chef/issues/4257)." examples <<~DOC **Get the latest version of an application** diff --git a/lib/chef/resource/sysctl.rb b/lib/chef/resource/sysctl.rb index 9c36206e14..8604590d46 100644 --- a/lib/chef/resource/sysctl.rb +++ b/lib/chef/resource/sysctl.rb @@ -131,7 +131,7 @@ class Chef end - action :apply, description: "Apply a sysctl value." do + action :apply, description: "Set the kernel parameter and update the `sysctl` settings." do converge_if_changed do # set it temporarily set_sysctl_param(new_resource.key, new_resource.value) @@ -150,7 +150,7 @@ class Chef end end - action :remove, description: "Remove a sysctl value." do + action :remove, description: "Remove the kernel parameter and update the `sysctl` settings." do # only converge the resource if the file actually exists to delete if ::File.exist?("#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf") converge_by "removing sysctl config at #{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf" do diff --git a/lib/chef/resource/systemd_unit.rb b/lib/chef/resource/systemd_unit.rb index a100f29add..61294d833d 100644 --- a/lib/chef/resource/systemd_unit.rb +++ b/lib/chef/resource/systemd_unit.rb @@ -34,7 +34,7 @@ class Chef ```ruby systemd_unit 'etcd.service' do - content(Unit: { + content({ Unit: { Description: 'Etcd', Documentation: ['https://coreos.com/etcd', 'man:etcd(1)'], After: 'network.target', @@ -46,7 +46,7 @@ class Chef }, Install: { WantedBy: 'multi-user.target', - }) + } }) action [:create, :enable] end ``` diff --git a/lib/chef/resource/windows_uac.rb b/lib/chef/resource/windows_uac.rb index 330a6432bc..4f01b542a5 100644 --- a/lib/chef/resource/windows_uac.rb +++ b/lib/chef/resource/windows_uac.rb @@ -104,7 +104,9 @@ class Chef # # @return [Integer] def consent_behavior_users_symbol_to_reg(sym) - %i{auto_deny secure_prompt_for_creds prompt_for_creds}.index(sym) + # Since 2 isn't a valid value for ConsentPromptBehaviorUser, assign the value at index as nil. + # https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings#registry-key-settings + [:auto_deny, :secure_prompt_for_creds, nil, :prompt_for_creds].index(sym) end end end diff --git a/lib/chef/resource/yum_package.rb b/lib/chef/resource/yum_package.rb index 53e02bf609..c8446bf9b0 100644 --- a/lib/chef/resource/yum_package.rb +++ b/lib/chef/resource/yum_package.rb @@ -27,11 +27,7 @@ class Chef provides :yum_package provides :package, platform_family: "fedora_derived" - description "Use the **yum_package** resource to install, upgrade, and remove packages with Yum"\ - " for the Red Hat and CentOS platforms. The yum_package resource is able to resolve"\ - " `provides` data for packages much like Yum can do when it is run from the command line."\ - " This allows a variety of options for installing packages, like minimum versions,"\ - " virtual provides, and library names." + description "Use the **yum_package** resource to install, upgrade, and remove packages with Yum for the Red Hat and CentOS platforms. The yum_package resource is able to resolve `provides` data for packages much like Yum can do when it is run from the command line. This allows a variety of options for installing packages, like minimum versions, virtual provides, and library names. Note: Support for using file names to install packages (as in `yum_package '/bin/sh'`) is not available because the volume of data required to parse for this is excessive." examples <<~DOC **Install an exact version**: diff --git a/lib/chef/resource_inspector.rb b/lib/chef/resource_inspector.rb index 95ae110170..094e355ad6 100644 --- a/lib/chef/resource_inspector.rb +++ b/lib/chef/resource_inspector.rb @@ -23,6 +23,11 @@ require_relative "node" require_relative "resources" require_relative "json_compat" +# We need to require providers so that we can resolve +# action documentation that may have been defined on the providers +# instead of the resources. +require_relative "providers" + class Chef module ResourceInspector def self.get_default(default) @@ -39,11 +44,10 @@ class Chef def self.extract_resource(resource, complete = false) data = {} data[:description] = resource.description - # data[:deprecated] = resource.deprecated || false data[:default_action] = resource.default_action data[:actions] = {} resource.allowed_actions.each do |action| - data[:actions][action] = resource.action_description(action) + data[:actions][action] = resource.new(resource.to_s, nil).action_description(action) end data[:examples] = resource.examples diff --git a/lib/chef/secret_fetcher.rb b/lib/chef/secret_fetcher.rb index c72e693290..e8e4602bb2 100644 --- a/lib/chef/secret_fetcher.rb +++ b/lib/chef/secret_fetcher.rb @@ -21,7 +21,7 @@ require_relative "exceptions" class Chef class SecretFetcher - SECRET_FETCHERS = %i{example aws_secrets_manager azure_key_vault}.freeze + SECRET_FETCHERS = %i{example aws_secrets_manager azure_key_vault hashi_vault}.freeze # Returns a configured and validated instance # of a [Chef::SecretFetcher::Base] for the given @@ -42,6 +42,9 @@ class Chef when :azure_key_vault require_relative "secret_fetcher/azure_key_vault" Chef::SecretFetcher::AzureKeyVault.new(config, run_context) + when :hashi_vault + require_relative "secret_fetcher/hashi_vault" + Chef::SecretFetcher::HashiVault.new(config, run_context) when nil, "" raise Chef::Exceptions::Secret::MissingFetcher.new(SECRET_FETCHERS) else diff --git a/lib/chef/secret_fetcher/aws_secrets_manager.rb b/lib/chef/secret_fetcher/aws_secrets_manager.rb index c7b6b52b45..4ee7af41d4 100644 --- a/lib/chef/secret_fetcher/aws_secrets_manager.rb +++ b/lib/chef/secret_fetcher/aws_secrets_manager.rb @@ -52,7 +52,7 @@ class Chef end # @param identifier [String] the secret_id - # @param version [String] the secret version. Not usd at this time + # @param version [String] the secret version. # @return Aws::SecretsManager::Types::GetSecretValueResponse def do_fetch(identifier, version) client = Aws::SecretsManager::Client.new(config) diff --git a/lib/chef/secret_fetcher/azure_key_vault.rb b/lib/chef/secret_fetcher/azure_key_vault.rb index 1d2bc2af04..a617f3bb93 100644 --- a/lib/chef/secret_fetcher/azure_key_vault.rb +++ b/lib/chef/secret_fetcher/azure_key_vault.rb @@ -2,7 +2,7 @@ require_relative "base" class Chef class SecretFetcher - # == Chef::SecretFetcher::AWSSecretsManager + # == Chef::SecretFetcher::AzureKeyVault # A fetcher that fetches a secret from Azure Key Vault. Supports fetching with version. # # In this initial iteration this authenticates via token obtained from the OAuth2 /token diff --git a/lib/chef/secret_fetcher/hashi_vault.rb b/lib/chef/secret_fetcher/hashi_vault.rb new file mode 100644 index 0000000000..be975fc34f --- /dev/null +++ b/lib/chef/secret_fetcher/hashi_vault.rb @@ -0,0 +1,70 @@ +# +# Author:: Marc Paradise (<marc@chef.io>) +# Copyright:: Copyright (c) Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "base" +require "aws-sdk-core" # Support for aws instance profile auth +require "vault" + +class Chef + class SecretFetcher + # == Chef::SecretFetcher::HashiVault + # A fetcher that fetches a secret from Hashi Vault. + # + # Does not yet support fetching with version when a versioned key store is in use. + # In this initial iteration the only supported authentication is IAM role-based + # + # Required config: + # :vault_addr - the address of a running Vault instance, eg https://vault.example.com:8200 + # If not explicitly provided, the environment variable VAULT_ADDR will be used. + # :role_name - the name of the role in Vault that was created to support authentication + # via IAM. See the Vault documentation for details[1]. A Terraform example is also available[2] + # + # [1] https://www.vaultproject.io/docs/auth/aws#recommended-vault-iam-policy + # [2] https://registry.terraform.io/modules/hashicorp/vault/aws/latest/examples/vault-iam-auth + # an IAM principal ARN bound to it. + # + # @example + # + # fetcher = SecretFetcher.for_service(:hashi_vault, { role_name: "testing-role", vault_addr: https://localhost:8200}, run_context ) + # fetcher.fetch("secretkey1") + class HashiVault < Base + def validate! + if config[:role_name].nil? + raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the authenticating Vault role name in the configuration as :role_name ") + end + if config[:vault_addr].nil? + raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the Vault address in the configuration as :vault_addr") + end + + # Note that the token here is cached internal to the Vault implementation. + Vault.auth.aws_iam(config[:role_name], + Aws::InstanceProfileCredentials.new, + config[:vault_addr] || ENV["VAULT_ADDR"]) + end + + # @param identifier [String] Identifier of the secret to be fetched, which should + # be the full path of that secret, eg 'secret/example' + # @param _version [String] not used in this implementation + # @return [Hash] containing key/value pairs stored at the location given in 'identifier' + def do_fetch(identifier, _version) + Vault.logical.read(identifier).data + end + end + end +end + diff --git a/lib/chef/version.rb b/lib/chef/version.rb index a7f5e193e6..2ab6233435 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -23,7 +23,7 @@ require_relative "version_string" class Chef CHEF_ROOT = File.expand_path("..", __dir__) - VERSION = Chef::VersionString.new("17.4.20") + VERSION = Chef::VersionString.new("17.4.44") end # diff --git a/omnibus/Gemfile b/omnibus/Gemfile index 052ac6bfd9..4cee6794f4 100644 --- a/omnibus/Gemfile +++ b/omnibus/Gemfile @@ -1,7 +1,7 @@ source "https://rubygems.org" -gem "omnibus", github: ENV.fetch("OMNIBUS_GITHUB_REPO", "chef/omnibus"), branch: ENV.fetch("OMNIBUS_GITHUB_BRANCH", "master") -gem "omnibus-software", github: ENV.fetch("OMNIBUS_SOFTWARE_GITHUB_REPO", "chef/omnibus-software"), branch: ENV.fetch("OMNIBUS_SOFTWARE_GITHUB_BRANCH", "master") +gem "omnibus", github: ENV.fetch("OMNIBUS_GITHUB_REPO", "chef/omnibus"), branch: ENV.fetch("OMNIBUS_GITHUB_BRANCH", "main") +gem "omnibus-software", github: ENV.fetch("OMNIBUS_SOFTWARE_GITHUB_REPO", "chef/omnibus-software"), branch: ENV.fetch("OMNIBUS_SOFTWARE_GITHUB_BRANCH", "main") gem "artifactory" gem "pedump" @@ -9,7 +9,7 @@ gem "pedump" # This development group is installed by default when you run `bundle install`, # but if you are using Omnibus in a CI-based infrastructure, you do not need # the Test Kitchen-based build lab. You can skip these unnecessary dependencies -# by running `bundle install --without development` to speed up build times. +# by running `bundle config set --local without development && bundle install` to speed up build times. group :development do # Use Berkshelf for resolving cookbook dependencies gem "berkshelf", ">= 7.0" diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index c1d6ea3557..4d123b6016 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -1,17 +1,17 @@ GIT remote: https://github.com/chef/omnibus-software.git - revision: a4f73e48a8d2e276fccda71dc99d217ee27a5464 - branch: master + revision: b77420348413fc621ebe150a53f3ed0596faa640 + branch: main specs: omnibus-software (4.0.0) omnibus (>= 8.0.0) GIT remote: https://github.com/chef/omnibus.git - revision: 9ffcd89d078b3467be0480b138841ee82dd2d5d4 - branch: master + revision: 7ce6173d7a7e9ee501ee2aed20f82d873926b299 + branch: main specs: - omnibus (8.1.15) + omnibus (8.2.1) aws-sdk-s3 (~> 1) chef-cleanroom (~> 1.0) chef-utils (>= 15.4) @@ -33,17 +33,17 @@ GEM artifactory (3.0.15) awesome_print (1.9.2) aws-eventstream (1.1.1) - aws-partitions (1.481.0) - aws-sdk-core (3.118.0) + aws-partitions (1.492.0) + aws-sdk-core (3.119.1) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.45.0) - aws-sdk-core (~> 3, >= 3.118.0) + aws-sdk-kms (1.47.0) + aws-sdk-core (~> 3, >= 3.119.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.97.0) - aws-sdk-core (~> 3, >= 3.118.0) + aws-sdk-s3 (1.100.0) + aws-sdk-core (~> 3, >= 3.119.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) aws-sigv4 (1.2.4) @@ -65,12 +65,12 @@ GEM solve (~> 4.0) thor (>= 0.20) builder (3.2.4) - chef (16.13.16) + chef (16.14.1) addressable bcrypt_pbkdf (~> 1.1) bundler (>= 1.10) - chef-config (= 16.13.16) - chef-utils (= 16.13.16) + chef-config (= 16.14.1) + chef-utils (= 16.14.1) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -102,12 +102,12 @@ GEM tty-screen (~> 0.6) tty-table (~> 0.11) uuidtools (>= 2.1.5, < 3.0) - chef (16.13.16-universal-mingw32) + chef (16.14.1-universal-mingw32) addressable bcrypt_pbkdf (~> 1.1) bundler (>= 1.10) - chef-config (= 16.13.16) - chef-utils (= 16.13.16) + chef-config (= 16.14.1) + chef-utils (= 16.14.1) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -151,9 +151,9 @@ GEM win32-taskscheduler (~> 2.0) wmi-lite (~> 1.0) chef-cleanroom (1.0.2) - chef-config (16.13.16) + chef-config (16.14.1) addressable - chef-utils (= 16.13.16) + chef-utils (= 16.14.1) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -161,7 +161,7 @@ GEM chef-telemetry (1.1.1) chef-config concurrent-ruby (~> 1.0) - chef-utils (16.13.16) + chef-utils (16.14.1) chef-vault (4.1.0) chef-zero (15.0.7) ffi-yajl (~> 2.2) @@ -192,7 +192,7 @@ GEM faraday-excon (1.1.0) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) - faraday_middleware (1.0.0) + faraday_middleware (1.1.0) faraday (~> 1.0) ffi (1.15.3) ffi (1.15.3-x64-mingw32) @@ -212,7 +212,7 @@ GEM highline (2.0.3) httpclient (2.8.3) iniparse (1.5.0) - inspec-core (4.38.9) + inspec-core (4.41.2) addressable (~> 2.4) chef-telemetry (~> 1.0, >= 1.0.8) faraday (>= 0.9.0, < 1.5) @@ -240,7 +240,7 @@ GEM iso8601 (0.13.0) jmespath (1.4.0) json (2.5.1) - kitchen-vagrant (1.9.0) + kitchen-vagrant (1.10.0) test-kitchen (>= 1.4, < 4) libyajl2 (2.1.0) license-acceptance (2.1.13) @@ -266,7 +266,7 @@ GEM mixlib-cli (2.1.8) mixlib-config (3.0.9) tomlrb - mixlib-install (3.12.11) + mixlib-install (3.12.16) mixlib-shellout mixlib-versioning thor @@ -279,7 +279,7 @@ GEM win32-process (~> 0.9) wmi-lite (~> 1.0) mixlib-versioning (1.2.12) - molinillo (0.7.0) + molinillo (0.8.0) multi_json (1.15.0) multipart-post (2.1.1) net-scp (3.0.0) @@ -475,4 +475,4 @@ DEPENDENCIES winrm-fs (~> 1.0) BUNDLED WITH - 2.1.4 + 2.2.22 diff --git a/omnibus/README.md b/omnibus/README.md index a10190c136..2055f6c0fd 100644 --- a/omnibus/README.md +++ b/omnibus/README.md @@ -10,7 +10,8 @@ This project creates full-stack platform-specific packages for the following pro You must have a sane Ruby environment with Bundler installed. Ensure all the required gems are installed: ```shell -bundle install --without development +bundle config set --local without development +bundle install ``` ## Usage @@ -80,7 +81,8 @@ Then login to the instance and build the project as described in the Usage secti ```shell $ bundle exec kitchen login <PROJECT>-ubuntu-1204 [vagrant@ubuntu...] $ cd chef/omnibus -[vagrant@ubuntu...] $ bundle install --without development # Don't install dev tools! +[vagrant@ubuntu...] $ bundle config set --local without development # Don't install dev tools! +[vagrant@ubuntu...] $ bundle install [vagrant@ubuntu...] $ ... [vagrant@ubuntu...] $ bundle exec omnibus build <PROJECT> -l internal ``` @@ -89,7 +91,8 @@ $ bundle exec kitchen login <PROJECT>-ubuntu-1204 $ kitchen login chef-ubuntu-1604 [vagrant@ubuntu...] $ source load-omnibus-toolchain.sh [vagrant@ubuntu...] $ cd chef/omnibus -[vagrant@ubuntu...] $ bundle install --without development # Don't install dev tools! +[vagrant@ubuntu...] $ bundle config set --local without development # Don't install dev tools! +[vagrant@ubuntu...] $ bundle install [vagrant@ubuntu...] $ ... [vagrant@ubuntu...] $ bundle exec omnibus build chef -l internal ``` @@ -106,7 +109,9 @@ C:\>C:\vagrant\load-omnibus-toolchain.ps1 C:\>cd C:\vagrant\chef\omnibus -C:\vagrant\chef\omnibus>bundle install --without development +C:\vagrant\chef\omnibus>bundle config set --local without development + +C:\vagrant\chef\omnibus>bundle install C:\vagrant\chef\omnibus>bundle exec omnibus build chef -l internal ``` diff --git a/omnibus_overrides.rb b/omnibus_overrides.rb index 127c6bf24e..d4dd1520c6 100644 --- a/omnibus_overrides.rb +++ b/omnibus_overrides.rb @@ -3,7 +3,7 @@ # # NOTE: You MUST update omnibus-software when adding new versions of # software here: bundle exec rake dependencies:update_omnibus_gemfile_lock -override "libarchive", version: "3.5.1" +override "libarchive", version: "3.5.2" override "libffi", version: "3.3" override "libiconv", version: "1.16" override "liblzma", version: "5.2.5" @@ -14,7 +14,7 @@ override "libyaml", version: "0.1.7" override "makedepend", version: "1.0.5" override "ncurses", version: "5.9" override "nokogiri", version: "1.11.0" -override "openssl", version: mac_os_x? ? "1.1.1k" : "1.0.2y" +override "openssl", version: mac_os_x? ? "1.1.1l" : "1.0.2za" override "pkg-config-lite", version: "0.28-1" override "bundler", version: "2.2.22" override "ruby", version: "3.0.2" diff --git a/spec/integration/compliance/compliance_spec.rb b/spec/integration/compliance/compliance_spec.rb index 70d048c7fc..553e947ee3 100644 --- a/spec/integration/compliance/compliance_spec.rb +++ b/spec/integration/compliance/compliance_spec.rb @@ -47,6 +47,7 @@ describe "chef-client with compliance phase" do { "audit": { "compliance_phase": true, + "reporter": "json-file", "json_file": { "location": "#{report_file}" }, diff --git a/spec/integration/recipes/resource_action_spec.rb b/spec/integration/recipes/resource_action_spec.rb index 009a78a24a..fc22a3c9d2 100644 --- a/spec/integration/recipes/resource_action_spec.rb +++ b/spec/integration/recipes/resource_action_spec.rb @@ -354,8 +354,8 @@ module ResourceActionSpec end it "allows overridden action to have a description separate from the action defined in the base resource" do - expect(ActionJackson.action_description(:test1)).to eql "Original description" - expect(ActionJackalope.action_description(:test1)).to eql "An old action with a new description" + expect(ActionJackson.new("ActionJackson", nil).action_description(:test1)).to eql "Original description" + expect(ActionJackalope.new("ActionJackalope", nil).action_description(:test1)).to eql "An old action with a new description" end it "non-overridden actions run and can access overridden and non-overridden variables (but not necessarily new ones)" do diff --git a/spec/unit/compliance/runner_spec.rb b/spec/unit/compliance/runner_spec.rb index 6040da07b7..c1a0855f78 100644 --- a/spec/unit/compliance/runner_spec.rb +++ b/spec/unit/compliance/runner_spec.rb @@ -278,7 +278,7 @@ describe Chef::Compliance::Runner do inputs = runner.inspec_opts[:inputs] expect(inputs["tacos"]).to eq("lunch") - expect(inputs["chef_node"]["audit"]["reporter"]).to eq(%w{json-file cli}) + expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli") expect(inputs["chef_node"]["chef_environment"]).to eq("_default") end end diff --git a/spec/unit/formatters/doc_spec.rb b/spec/unit/formatters/doc_spec.rb index 73e756464b..4947058a17 100644 --- a/spec/unit/formatters/doc_spec.rb +++ b/spec/unit/formatters/doc_spec.rb @@ -40,7 +40,7 @@ describe Chef::Formatters::Base do } formatter.policyfile_loaded(minimal_policyfile) - expect(out.string).to include("Using policy 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'") + expect(out.string).to include("Using Policyfile 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'") end it "prints cookbook name and version" do diff --git a/spec/unit/provider_spec.rb b/spec/unit/provider_spec.rb index 28874bc0f3..88262dd33a 100644 --- a/spec/unit/provider_spec.rb +++ b/spec/unit/provider_spec.rb @@ -32,6 +32,21 @@ class NoWhyrunDemonstrator < Chef::Provider end end +class ActionDescriptionDemonstrator < Chef::Provider + def load_current_resource; end + + action :foo, description: "foo described" do + true + end + + action :foo2 do + true + end + +end + +context "blah" do +end class ConvergeActionDemonstrator < Chef::Provider attr_reader :system_state_altered @@ -98,6 +113,14 @@ describe Chef::Provider do expect(@provider.action_nothing).to eql(true) end + it "should return an action description for action_description when one is available" do + expect(ActionDescriptionDemonstrator.action_description(:foo)).to eq "foo described" + end + + it "should return nil for action_description when no description is available" do + expect(ActionDescriptionDemonstrator.action_description(:none)).to eq nil + end + it "evals embedded recipes with a pristine resource collection" do @provider.run_context.instance_variable_set(:@resource_collection, "doesn't matter what this is") temporary_collection = nil diff --git a/spec/unit/resource/rhsm_subscription_spec.rb b/spec/unit/resource/rhsm_subscription_spec.rb index 7f81cec497..a2949dea2c 100644 --- a/spec/unit/resource/rhsm_subscription_spec.rb +++ b/spec/unit/resource/rhsm_subscription_spec.rb @@ -18,15 +18,24 @@ require "spec_helper" describe Chef::Resource::RhsmSubscription do - let(:resource) { Chef::Resource::RhsmSubscription.new("fakey_fakerton") } - let(:provider) { resource.provider_for_action(:attach) } + let(:event_dispatch) { Chef::EventDispatch::Dispatcher.new } + let(:node) { Chef::Node.new } + let(:run_context) { Chef::RunContext.new(node, {}, event_dispatch) } + + let(:pool_id) { "8a8dd78c766232550226b46e59404aba" } + let(:resource) { Chef::Resource::RhsmSubscription.new(pool_id, run_context) } + let(:provider) { resource.provider_for_action(Array(resource.action).first) } + + before do + allow(resource).to receive(:provider_for_action).with(:attach).and_return(provider) + end it "has a resource name of :rhsm_subscription" do expect(resource.resource_name).to eql(:rhsm_subscription) end it "the pool_id property is the name_property" do - expect(resource.pool_id).to eql("fakey_fakerton") + expect(resource.pool_id).to eql(pool_id) end it "sets the default action as :attach" do @@ -38,6 +47,44 @@ describe Chef::Resource::RhsmSubscription do expect { resource.action :remove }.not_to raise_error end + describe "#action_attach" do + let(:yum_package_double) { instance_double("Chef::Resource::YumPackage") } + let(:so_double) { instance_double("Mixlib::ShellOut", stdout: "Successfully attached a subscription for: My Subscription", exitstatus: 0, error?: false) } + + before do + allow(provider).to receive(:shell_out!).with("subscription-manager attach --pool=#{resource.pool_id}").and_return(so_double) + allow(provider).to receive(:build_resource).with(:package, "rhsm_subscription-#{pool_id}-flush_cache").and_return(yum_package_double) + allow(yum_package_double).to receive(:run_action).with(:flush_cache) + end + + context "when already attached to pool" do + before do + allow(provider).to receive(:subscription_attached?).with(resource.pool_id).and_return(true) + end + + it "does not attach to pool" do + expect(provider).not_to receive(:shell_out!) + resource.run_action(:attach) + end + end + + context "when not attached to pool" do + before do + allow(provider).to receive(:subscription_attached?).with(resource.pool_id).and_return(false) + end + + it "attaches to pool" do + expect(provider).to receive(:shell_out!).with("subscription-manager attach --pool=#{resource.pool_id}") + resource.run_action(:attach) + end + + it "flushes package provider cache" do + expect(yum_package_double).to receive(:run_action).with(:flush_cache) + resource.run_action(:attach) + end + end + end + describe "#subscription_attached?" do let(:cmd) { double("cmd") } let(:output) { "Pool ID: pool123" } diff --git a/spec/unit/resource_spec.rb b/spec/unit/resource_spec.rb index f7109cc680..5f662dea60 100644 --- a/spec/unit/resource_spec.rb +++ b/spec/unit/resource_spec.rb @@ -1172,21 +1172,23 @@ describe Chef::Resource do action :base_action3, description: "unmodified base action 3 desc" do; end end + let(:resource_inst) { TestResource.new("TestResource", nil) } + it "returns nil when no description was provided for the action" do - expect(TestResource.action_description(:base_action0)).to eql(nil) + expect(resource_inst.action_description(:base_action0)).to eql(nil) end context "when action definition is a string" do it "returns the description whether a symbol or string is used to look it up" do - expect(TestResource.action_description("string_action")).to eql("a string test") - expect(TestResource.action_description(:string_action)).to eql("a string test") + expect(resource_inst.action_description("string_action")).to eql("a string test") + expect(resource_inst.action_description(:string_action)).to eql("a string test") end end context "when action definition is a symbol" do it "returns the description whether a symbol or string is used to look up" do - expect(TestResource.action_description("symbol_action")).to eql("a symbol test") - expect(TestResource.action_description(:symbol_action)).to eql("a symbol test") + expect(resource_inst.action_description("symbol_action")).to eql("a symbol test") + expect(resource_inst.action_description(:symbol_action)).to eql("a symbol test") end end @@ -1196,14 +1198,23 @@ describe Chef::Resource do action :base_action3 do; end end + class TestResourceChild2 < TestResource + # We should never see this description + action :base_action2, description: "if you see this in an error, TestResourceChild was polluted with this description" do; end + end + let(:resource_inst) { TestResourceChild.new("TestResource", nil) } + it "returns original description when a described action is not overridden in child resource" do - expect(TestResourceChild.action_description(:base_action1)).to eq "unmodified base action 1 desc" + expect(resource_inst.action_description(:base_action1)).to eq "unmodified base action 1 desc" end it "returns original description when the child resource overrides an inherited action but NOT its description" do - expect(TestResourceChild.action_description(:base_action3)).to eq "unmodified base action 3 desc" + expect(resource_inst.action_description(:base_action3)).to eq "unmodified base action 3 desc" + end + it "returns new description when the child resource overrides an inherited action and its description" do + expect(resource_inst.action_description(:base_action2)).to eq "modified base action 2 desc" end it "returns new description when the child resource overrides an inherited action and its description" do - expect(TestResourceChild.action_description(:base_action2)).to eq "modified base action 2 desc" + expect(resource_inst.action_description(:base_action2)).to eq "modified base action 2 desc" end end end diff --git a/spec/unit/secret_fetcher/hashi_vault_spec.rb b/spec/unit/secret_fetcher/hashi_vault_spec.rb new file mode 100644 index 0000000000..db93a051e4 --- /dev/null +++ b/spec/unit/secret_fetcher/hashi_vault_spec.rb @@ -0,0 +1,47 @@ +# +# Author:: Marc Paradise <marc@chef.io> +# Copyright:: Copyright (c) Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +require_relative "../../spec_helper" +require "chef/secret_fetcher/hashi_vault" + +describe Chef::SecretFetcher::HashiVault do + let(:node) { {} } + let(:run_context) { double("run_context", node: node) } + + context "when validating HashiVault provided configuration" do + it "raises ConfigurationInvalid when the role_name is not provided" do + fetcher = Chef::SecretFetcher::HashiVault.new( { vault_addr: "vault.example.com" }, run_context) + expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid) + end + + it "raises ConfigurationInvalid when the vault_addr is not provided" do + fetcher = Chef::SecretFetcher::HashiVault.new( { role_name: "vault.example.com" }, run_context) + expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid) + end + + it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do + fetcher = Chef::SecretFetcher::HashiVault.new( { vault_addr: "vault.example.com", role_name: "example-role" }, run_context) + auth_stub = + allow(Aws::InstanceProfileCredentials).to receive(:new).and_return double("credentials") + allow(Vault).to receive(:auth).and_return(instance_double(Vault::Authenticate, aws_iam: nil)) + fetcher.validate! + end + end +end + diff --git a/tasks/bin/run_external_test b/tasks/bin/run_external_test index 2d191adbb4..45568f51ac 100755 --- a/tasks/bin/run_external_test +++ b/tasks/bin/run_external_test @@ -21,7 +21,7 @@ build_dir = Dir.pwd env = { "GEMFILE_MOD" => "gem 'chef', path: '#{build_dir}'; " \ - "gem 'ohai', git: 'https://github.com/chef/ohai.git', branch: 'master'", + "gem 'ohai', git: 'https://github.com/chef/ohai.git', branch: 'main'", "CHEF_LICENSE" => "accept-no-persist", } diff --git a/tasks/docs.rb b/tasks/docs.rb index d12d88130c..2fd92cc40e 100755 --- a/tasks/docs.rb +++ b/tasks/docs.rb @@ -35,8 +35,6 @@ namespace :docs_site do text = "" text << "#{resource_name} 'name' do\n" properties.each do |p| - next if p["name"] == "sensitive" # we don't need to document sensitive twice - pretty_default = pretty_default(p["default"]) text << " #{p["name"].ljust(padding_size)}" @@ -80,6 +78,7 @@ namespace :docs_site do def friendly_property_list(arr) return nil if arr.empty? # resources w/o properties + # create an array of backticked property names for use in markdown. props = arr.map { |x| "`#{x["name"]}`" } # build the text string containing all properties bolded w/ punctuation @@ -142,8 +141,6 @@ namespace :docs_site do # @todo what to do about "lazy default" for default? def properties_list(properties) properties.filter_map do |property| - next if property["name"] == "sensitive" # we don't need to document sensitive twice - default_val = friendly_default_value(property) values = {} @@ -261,7 +258,7 @@ namespace :docs_site do # the main method that builds what will become the yaml file def build_resource_data(name, data) - properties = data["properties"].reject { |v| v["name"] == "name" || v["deprecated"] }.sort_by! { |v| v["name"] } + properties = data["properties"].reject { |v| %w{name sensitive}.include?(v["name"]) || v["deprecated"] }.sort_by! { |v| v["name"] } r = {} |