diff options
91 files changed, 1718 insertions, 442 deletions
diff --git a/.travis.yml b/.travis.yml index a4d00b79a7..976debaace 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,6 +20,7 @@ echo '--color\n-fp' > .rspec; sudo sed -i -e 's/^Defaults\tsecure_path.*$//' /etc/sudoers; sudo -E $(which bundle) exec rake spec; bundle exec rake style; +bundle exec bundle-audit check --update; " env: diff --git a/CBGB.md b/CBGB.md new file mode 100644 index 0000000000..2ce26fc3ab --- /dev/null +++ b/CBGB.md @@ -0,0 +1,40 @@ +<!-- This is a generated file. Please do not edit directly --> +<!-- Modify CBGB.toml file and run `rake cbgb:generate` to regenerate --> + +# Chef Board of Governance (CBGB) + + Chef was designed from the outset to have a very open structure, including open design, open contribution, and consistent use of tools across the project. Given the large numbers of contributors, users, and companies with a stake in the future of the project, Chef leadership has established an advisory board, as part of its long term commitment to open governance. + + The Chef Board of Governance (CBGB) shall advise the Leadership on matters related to supporting the long-term governance, structure, and roadmap of the Project. + +More information can be found in the [Chef Board of Governance RFC](Chef Board of Governance). + +# Board of Governors + +## Project Lead + +* [Adam Jacob](https://github.com/adamhjk) + +### Users/Contributors (4) + +* [Ranjib Dey](https://github.com/ranjib) +* [Doug Ireton](https://github.com/dougireton) +* [Noah Kantrowitz](https://github.com/coderanger) +* [Charity Majors](https://github.com/charity) + + +### Corporate Contributors (4) + +* Etsy - Katherine Daniels +* Facebook - Phil Dibowitz +* Nordstrom - Mark Ayers +* PagerDuty - Evan Gilman + + +### Lieutenants (3) + +* [Jon Cowie](https://github.com/jonlives) +* [Joshua Timberman](https://github.com/jtimberman) +* [Seth Vargo](https://github.com/sethvargo) + + diff --git a/CBGB.toml b/CBGB.toml new file mode 100644 index 0000000000..07e9c9a25a --- /dev/null +++ b/CBGB.toml @@ -0,0 +1,96 @@ +# +# This file is structured to be consumed by both humans and computers. +# It is a TOML document containing Markdown +# +[Preamble] + title = "Chef Board of Governance (CBGB)" + text = """ + Chef was designed from the outset to have a very open structure, including open design, open contribution, and consistent use of tools across the project. Given the large numbers of contributors, users, and companies with a stake in the future of the project, Chef leadership has established an advisory board, as part of its long term commitment to open governance. + + The Chef Board of Governance (CBGB) shall advise the Leadership on matters related to supporting the long-term governance, structure, and roadmap of the Project. + +More information can be found in the [Chef Board of Governance RFC](Chef Board of Governance). +""" + +[Org] + [Org.Lead] + title = "Project Lead" + person = "adamhjk" + + [Org.Contributors] + title = "Users/Contributors (4)" + governers = [ + "ranjibdey", + "dougireton", + "coderanger", + "charitymajors" + ] + + [Org.Corporate-Contributors] + title = "Corporate Contributors (4)" + governers = [ + "etsy", + "facebook", + "nordstrom", + "pagerduty" + ] + + [Org.Lieutenants] + title = "Lieutenants (3)" + governers = [ + "jonlives", + "jtimberman", + "sethvargo" + ] + +[people] + [people.adamhjk] + Name = "Adam Jacob" + GitHub = "adamhjk" + IRC = "holoway" + + [people.jonlives] + Name = "Jon Cowie" + GitHub = "jonlives" + IRC = "jonlives" + + [people.coderanger] + Name = "Noah Kantrowitz" + GitHub = "coderanger" + + [people.jtimberman] + Name = "Joshua Timberman" + GitHub = "jtimberman" + + [people.ranjibdey] + Name = "Ranjib Dey" + GitHub = "ranjib" + + [people.sethvargo] + Name = "Seth Vargo" + GitHub = "sethvargo" + + [people.dougireton] + Name = "Doug Ireton" + GitHub = "dougireton" + + [people.charitymajors] + Name = "Charity Majors" + GitHub = "charity" + +[corporations] + [corporations.etsy] + Name = "Etsy" + Person = "Katherine Daniels" + + [corporations.facebook] + Name = "Facebook" + Person = "Phil Dibowitz" + + [corporations.nordstrom] + Name = "Nordstrom" + Person = "Mark Ayers" + + [corporations.pagerduty] + Name = "PagerDuty" + Person = "Evan Gilman" @@ -28,7 +28,7 @@ group(:development, :test) do # for testing new chefstyle rules # gem 'chefstyle', github: 'chef/chefstyle' - gem "chefstyle", github: "chef/chefstyle", branch: "master" + gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "master" gem "ruby-shadow", platforms: :ruby unless RUBY_PLATFORM.downcase.match(/(aix|cygwin)/) @@ -46,6 +46,11 @@ group(:development, :test) do # gem 'chef-rewind' end +group(:travis) do + # See `bundler-audit` in .travis.yml + gem "bundler-audit", git: "https://github.com/rubysec/bundler-audit.git", ref: "4e32fca" +end + instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"] # If you want to load debugging tools into the bundle exec sandbox, @@ -25,6 +25,7 @@ require "rdoc/task" require_relative "tasks/rspec" require_relative "tasks/external_tests" require_relative "tasks/maintainers" +require_relative "tasks/cbgb" ChefConfig::PackageTask.new(File.expand_path("..", __FILE__), "Chef") do |package| package.component_paths = ["chef-config"] diff --git a/acceptance/Gemfile b/acceptance/Gemfile index 70d99492dd..f9a0b5497e 100644 --- a/acceptance/Gemfile +++ b/acceptance/Gemfile @@ -1,10 +1,12 @@ source "https://rubygems.org" gem "mixlib-install", github: "chef/mixlib-install" +gem "chef", path: ".." gem "chef-acceptance", github: "chef/chef-acceptance" -gem "test-kitchen", github: "sersut/test-kitchen", - branch: "sersut/mixlib-install-update" +gem "test-kitchen", github: "sersut/test-kitchen", branch: "sersut/mixlib-install-update" +gem "kitchen-ec2" gem "kitchen-inspec" gem "kitchen-vagrant" gem "windows_chef_zero" gem "winrm-transport" +gem "berkshelf" diff --git a/acceptance/README.md b/acceptance/README.md index 5f6bfc45ba..8f957debb2 100644 --- a/acceptance/README.md +++ b/acceptance/README.md @@ -16,15 +16,22 @@ export APPBUNDLER_ALLOW_RVM=true ### Setting up and running a test suite To get started, do a bundle install from the acceptance directory: ```shell -chef/acceptance$ bundle install +chef/acceptance$ bundle install --binstubs ``` To get some basic info and ensure chef-acceptance can be run, do: ```shell -chef/acceptance$ bundle exec chef-acceptance info +chef/acceptance$ bin/chef-acceptance info ``` To run a particular test suite, do the following: ```shell -chef/acceptance$ bundle exec chef-acceptance test TEST_SUITE +chef/acceptance$ bin/chef-acceptance test TEST_SUITE +``` + +To restrict which OS's will run, use the KITCHEN_INSTANCES environment variable: + +```shell +chef/acceptance$ export KITCHEN_INSTANCES=*-ubuntu-1404 +chef/acceptance$ bin/chef-acceptance test cookbook-git ``` diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/.gitignore b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/.gitignore new file mode 100644 index 0000000000..041413b040 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/.gitignore @@ -0,0 +1,2 @@ +nodes/ +tmp/ diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/libraries/init.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/libraries/init.rb new file mode 100644 index 0000000000..d40d6672e7 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/libraries/init.rb @@ -0,0 +1,19 @@ +module CookbookGit + def self.test_cookbook_name + "git" + end + + def self.test_run_path + File.join(Chef.node["chef-acceptance"]["suite-dir"], "test_run") + end + + def self.acceptance_path + File.expand_path("..", Chef.node["chef-acceptance"]["suite-dir"]) + end + + def self.acceptance_gemfile + File.join(acceptance_path, "Gemfile") + end +end + +ENV["KITCHEN_LOCAL_YAML"] ||= File.join(Chef.node["chef-acceptance"]["suite-dir"], ".kitchen.#{ENV["KITCHEN_DRIVER"] || "vagrant"}.yml") diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/metadata.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/metadata.rb new file mode 100644 index 0000000000..4c7c42d9bd --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/metadata.rb @@ -0,0 +1 @@ +name 'acceptance-cookbook' diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/destroy.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/destroy.rb new file mode 100644 index 0000000000..faf9a87a86 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/destroy.rb @@ -0,0 +1,5 @@ +# Run the test on the current platform +execute "bundle exec kitchen destroy #{ENV['KITCHEN_INSTANCES']}" do + cwd "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" + env "BUNDLE_GEMFILE" => CookbookGit.acceptance_gemfile +end diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/provision.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/provision.rb new file mode 100644 index 0000000000..878de27f54 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/provision.rb @@ -0,0 +1,15 @@ +# Grab the cookbook +directory CookbookGit.test_run_path + +# TODO Grab the source URL from supermarket +# TODO get git to include its kitchen tests in the cookbook. +git "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" do + repository "https://github.com/jkeiser/#{CookbookGit.test_cookbook_name}.git" + branch "jk/windows-fix" +end + +# Run the test on the current platform +execute "bundle exec kitchen converge #{ENV['KITCHEN_INSTANCES']} -c" do + cwd "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" + env "BUNDLE_GEMFILE" => CookbookGit.acceptance_gemfile +end diff --git a/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/verify.rb b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/verify.rb new file mode 100644 index 0000000000..55b362d131 --- /dev/null +++ b/acceptance/cookbook-git/.acceptance/acceptance-cookbook/recipes/verify.rb @@ -0,0 +1,5 @@ +# Run tests on the current platform +execute "bundle exec kitchen verify #{ENV['KITCHEN_INSTANCES']} -c" do + cwd "#{CookbookGit.test_run_path}/#{CookbookGit.test_cookbook_name}" + env "BUNDLE_GEMFILE" => CookbookGit.acceptance_gemfile +end diff --git a/acceptance/cookbook-git/.gitignore b/acceptance/cookbook-git/.gitignore new file mode 100644 index 0000000000..306f0cce57 --- /dev/null +++ b/acceptance/cookbook-git/.gitignore @@ -0,0 +1 @@ +test_run/ diff --git a/acceptance/cookbook-git/.kitchen.digitalocean.yml b/acceptance/cookbook-git/.kitchen.digitalocean.yml new file mode 100644 index 0000000000..29733210c7 --- /dev/null +++ b/acceptance/cookbook-git/.kitchen.digitalocean.yml @@ -0,0 +1,21 @@ +# Not quite ready yet + +driver: + name: digitalocean + digitalocean_access_token: <%= ENV['DIGITALOCEAN_API_TOKEN'] %> + region: <%= ENV['DIGITALOCEAN_REGION'] %> + size: 2gb + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + transport: + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + +platforms: +<% %w(centos-6.5 centos-7.0 + fedora-21 + debian-8.1 + ubuntu-12.04 ubuntu-14.04 ubuntu-15.10 +).each do |platform| %> + - name: #{platform} + driver_config: + image: <%= "#{platform.gsub('.', '-')}-x64" %> +<% end %> diff --git a/acceptance/cookbook-git/.kitchen.ec2.yml b/acceptance/cookbook-git/.kitchen.ec2.yml new file mode 100644 index 0000000000..61413ea5ff --- /dev/null +++ b/acceptance/cookbook-git/.kitchen.ec2.yml @@ -0,0 +1,288 @@ +# Not quite ready yet + +<% +def file_if_exists(path) + path = File.expand_path(path) + File.exist?(path) ? path : nil +end +%> + +driver: + name: ec2 + tags: + X-Project: Kitchen Tests + aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] || ENV['USER'] %> + transport: + ssh_key: <%= file_if_exists("~/.ssh/#{ENV['AWS_SSH_KEY_ID'] || ENV['USERNAME']}.pem") || + file_if_exists("~/.ssh/#{ENV['AWS_SSH_KEY_ID'] || ENV['USERNAME']}") + file_if_exists("~/.ssh/id_rsa") %> + # test-specific stuff + region: us-west-2 + availability_zone: a + subnet_id: subnet-19ac017c + security_group_ids: ["sg-e401eb83", "sg-96274af3"] + instance_type: m3.large + associate_public_ip: true + +platforms: + # + # AIX + # + # - name: aix-6.1 + # - name: aix-7.1 + # + # Debian + # + - name: debian-8 + driver: + image_search: + name: debian-jessie-* + owner-id: 379101102735 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: admin + - name: debian-7 + driver: + image_search: + name: debian-wheezy-* + owner-id: 379101102735 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: standard + image-type: machine + instance_type: t2.micro + transport: + username: admin + # + # Ubuntu + # + - name: ubuntu-15.10 + driver: + image_search: + name: ubuntu/images/*/ubuntu-*-15.10-amd64-server-* + owner-id: 099720109477 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ubuntu + - name: ubuntu-14.04 + driver: + image_search: + name: ubuntu/images/*/ubuntu-*-14.04-*-server-* + owner-id: 099720109477 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ubuntu + # - name: ubuntu-12.04 + # driver: + # image_search: + # name: ubuntu/images/*/ubuntu-*-12.04-*-server-* + # owner-id: 099720109477 + # architecture: x86_64 + # virtualization-type: hvm + # block-device-mapping.volume-type: gp2 + # image-type: machine + # instance_type: t2.micro + # transport: + # username: ubuntu + # + # Red Hat Enterprise Linux + # + - name: el-7 + driver: + image_search: + name: RHEL-7.* + owner-id: 309956199498 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + - name: el-6 + driver: + image_search: + name: RHEL-6.* + owner-id: 309956199498 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + - name: el-5 + driver: + image_search: + name: RHEL-5.* + owner-id: 309956199498 + architecture: x86_64 + virtualization-type: paravirtual + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t1.micro + transport: + username: ec2-user + # + # FreeBSD + # + - name: freebsd-10 + driver: + image_search: + name: FreeBSD/EC2 10.*-RELEASE* + owner-id: 118940168514 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + - name: freebsd-9 + driver: + image_search: + name: FreeBSD/EC2 9.*-RELEASE* + owner-id: 118940168514 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: ec2-user + # - name: freebsd-8 + # driver: + # image_search: + # name: FreeBSD/EC2 8.*-RELEASE* + # owner-id: 118940168514 + # architecture: x86_64 + # virtualization-type: hvm + # block-device-mapping.volume-type: standard + # image-type: machine + # instance_type: t2.micro + # transport: + # username: ec2-user + # + # OS/X + # + # - name: mac_os_x-10.11 + # - name: mac_os_x-10.10 + # - name: mac_os_x-10.9 + # - name: mac_os_x-10.8 + # + # Nexus??? + # + # - name: nexus-7 + # + # Solaris + # + # - name: solaris-11 + # - name: solaris-10 + # + # Windows + # + - name: windows-2012r2 + driver: + image_search: + name: Windows_Server-2012-R2*-English-*-Base-* + owner-alias: amazon + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: administrator + # user_data: | + # <powershell> + # $logfile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log" + # #PS Remoting and & winrm.cmd basic config + # Enable-PSRemoting -Force -SkipNetworkProfileCheck + # & winrm.cmd set winrm/config '@{MaxTimeoutms="1800000"}' >> $logfile + # & winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile + # & winrm.cmd set winrm/config/winrs '@{MaxShellsPerUser="50"}' >> $logfile + # #Server settings - support username/password login + # & winrm.cmd set winrm/config/service/auth '@{Basic="true"}' >> $logfile + # & winrm.cmd set winrm/config/service '@{AllowUnencrypted="true"}' >> $logfile + # & winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile + # #Firewall Config + # & netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any >> $logfile + # #Set script execution to unrestricted + # & Set-ExecutionPolicy Unrestricted -Force + # </powershell> + - name: windows-2012 + driver: + image_search: + name: Windows_Server-2012-RTM*-English-*-Base-* + owner-alias: amazon + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: administrator + - name: windows-2008r2 + driver: + image_search: + name: Windows_Server-2008-R2*-English-*-Base-* + owner-alias: amazon + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro + transport: + username: administrator + # + # Centos + # + # - name: centos-7 + # driver: + # image_search: + # name: CentOS Linux 7 * + # owner-alias: aws-marketplace + # architecture: x86_64 + # virtualization-type: hvm + # block-device-mapping.volume-type: standard + # image-type: machine + # instance_type: t2.micro + # transport: + # username: root + # - name: centos-6 + # driver: + # image_search: + # name: CentOS-6.5-GA-* + # owner-alias: aws-marketplace + # architecture: x86_64 + # virtualization-type: paravirtual + # block-device-mapping.volume-type: standard + # image-type: machine + # instance_type: t1.micro + # transport: + # username: root + # + # Fedora + # + - name: fedora-21 + driver: + image_search: + name: Fedora-Cloud-Base-21-* + owner-id: 125523088429 + architecture: x86_64 + virtualization-type: hvm + block-device-mapping.volume-type: gp2 + image-type: machine + instance_type: t2.micro diff --git a/acceptance/cookbook-git/.kitchen.vagrant.yml b/acceptance/cookbook-git/.kitchen.vagrant.yml new file mode 100644 index 0000000000..0dc8b11dc1 --- /dev/null +++ b/acceptance/cookbook-git/.kitchen.vagrant.yml @@ -0,0 +1,72 @@ +driver: + name: vagrant + forward_agent: yes + customize: + cpus: 2 + memory: 1024 + +platforms: +<% %w( +debian-8 +debian-7 +debian-6 +ubuntu-15.10 +ubuntu-14.04 +el-7 +el-6 +el-5 +freebsd-10 +freebsd-9 +fedora-21 +).each do |platform| %> + - name: <%= platform %> + driver: + box: opscode-<%= platform %> + box_url: http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_<%= platform %>_chef-provisionerless.box +<% end %> +# freebsd-8 +# ubuntu-12.04 +# centos-7 +# centos-6 + +<% %w( +2012r2 +2012 +2008r2 +).each do |version| %> + - name: windows-<%= version %> + driver: + box: chef/windows-server-<%= version %>-standard +# URL is atlas +<% end %> + +suites: + - name: default + run_list: + - recipe[git] + attributes: {} + includes: ["ubuntu-14.04"] + excludes: ["windows-2012r2", "windows-2012", "windows-2008r2"] + - name: source + includes: ["nonexistent"] + excludes: ["ubuntu-12.04", "ubuntu-10.04", "windows-2012r2", "windows-2012", "windows-2008r2"] + run_list: + - recipe[git::source] + attributes: {} + - name: default-windows + includes: [ + # 'windows-8.1-professional', + # 'windows-2008r2-standard', + "windows-2012r2", + # "windows-2012", + # "windows-2008r2" + ] + run_list: + - recipe[git] + attributes: {} + +provisioner: + name: chef_zero + product_name: chef + product_version: latest + channel: current diff --git a/acceptance/trivial/.kitchen.yml b/acceptance/trivial/.kitchen.yml index a7d0a25f93..c0f1d782d2 100644 --- a/acceptance/trivial/.kitchen.yml +++ b/acceptance/trivial/.kitchen.yml @@ -23,5 +23,5 @@ suites: provisioner: product_name: chef product_version: latest - channel: current + channel: unstable run_list: diff --git a/acceptance/windows-service/.acceptance/acceptance-cookbook/metadata.rb b/acceptance/windows-service/.acceptance/acceptance-cookbook/metadata.rb new file mode 100644 index 0000000000..4c7c42d9bd --- /dev/null +++ b/acceptance/windows-service/.acceptance/acceptance-cookbook/metadata.rb @@ -0,0 +1 @@ +name 'acceptance-cookbook' diff --git a/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/destroy.rb b/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/destroy.rb new file mode 100644 index 0000000000..f226ea2d10 --- /dev/null +++ b/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/destroy.rb @@ -0,0 +1,3 @@ +execute 'bundle exec kitchen destroy' do + cwd node['chef-acceptance']['suite-dir'] +end diff --git a/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/provision.rb b/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/provision.rb new file mode 100644 index 0000000000..2763aba70c --- /dev/null +++ b/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/provision.rb @@ -0,0 +1,3 @@ +execute 'bundle exec kitchen converge' do + cwd node['chef-acceptance']['suite-dir'] +end diff --git a/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/verify.rb b/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/verify.rb new file mode 100644 index 0000000000..c0b67bf500 --- /dev/null +++ b/acceptance/windows-service/.acceptance/acceptance-cookbook/recipes/verify.rb @@ -0,0 +1,3 @@ +execute 'bundle exec kitchen verify' do + cwd node['chef-acceptance']['suite-dir'] +end diff --git a/acceptance/windows-service/.kitchen.yml b/acceptance/windows-service/.kitchen.yml new file mode 100644 index 0000000000..4f269f9aa9 --- /dev/null +++ b/acceptance/windows-service/.kitchen.yml @@ -0,0 +1,26 @@ +driver: + name: vagrant + forward_agent: yes + customize: + cpus: 2 + memory: 1024 + +provisioner: + name: chef_zero + +verifier: + name: inspec + +platforms: + - name: windows-server-2012r2-standard + driver: + box: chef/windows-server-2012r2-standard # private + run_list: + +suites: + - name: chef-windows-service + provisioner: + product_name: chef + product_version: latest + channel: current + run_list: diff --git a/acceptance/windows-service/test/integration/chef-windows-service/inspec/chef_windows_service_spec.rb b/acceptance/windows-service/test/integration/chef-windows-service/inspec/chef_windows_service_spec.rb new file mode 100644 index 0000000000..ec90ac083b --- /dev/null +++ b/acceptance/windows-service/test/integration/chef-windows-service/inspec/chef_windows_service_spec.rb @@ -0,0 +1,58 @@ +only_if do + os["family"] == "windows" +end + +describe command("chef-service-manager") do + it { should exist } + its("exit_status") { should eq 0 } +end + +describe service("chef-client") do + it { should_not be_enabled } + it { should_not be_installed } + it { should_not be_running } +end + +describe command("chef-service-manager -a install") do + its("exit_status") { should eq 0 } + its(:stdout) { should match /Service 'chef-client' has successfully been installed./} +end + +describe service("chef-client") do + it { should be_enabled } + it { should be_installed } + it { should_not be_running } +end + +describe command("chef-service-manager -a start") do + its("exit_status") { should eq 0 } + its(:stdout) { should match /Service 'chef-client' is now 'running'/} +end + +describe service("chef-client") do + it { should be_enabled } + it { should be_installed } + it { should be_running } +end + +describe command("chef-service-manager -a stop") do + its("exit_status") { should eq 0 } + its(:stdout) { should match /Service 'chef-client' is now 'stopped'/} +end + +describe service("chef-client") do + it { should be_enabled } + it { should be_installed } + it { should_not be_running } +end + +describe command("chef-service-manager -a uninstall") do + its("exit_status") { should eq 0 } + its(:stdout) { should match /Service chef-client deleted/} +end + +describe service("chef-client") do + it { should_not be_enabled } + it { should_not be_installed } + it { should_not be_running } +end diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 5705ffbf56..68cece43da 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -27,6 +27,7 @@ require "chef-config/windows" require "chef-config/path_helper" require "mixlib/shellout" require "uri" +require "openssl" module ChefConfig @@ -113,6 +114,8 @@ module ChefConfig File.expand_path("..", path) end end + elsif configuration[:cookbook_artifact_path] + File.expand_path("..", self.configuration[:cookbook_artifact_path]) else cache_path end @@ -122,7 +125,7 @@ module ChefConfig # In local mode, we auto-discover the repo root by looking for a path with "cookbooks" under it. # This allows us to run config-free. path = cwd - until File.directory?(PathHelper.join(path, "cookbooks")) + until File.directory?(PathHelper.join(path, "cookbooks")) || File.directory?(PathHelper.join(path, "cookbook_artifacts")) new_path = File.expand_path("..", path) if new_path == path ChefConfig.logger.warn("No cookbooks directory found at or above current directory. Assuming #{Dir.pwd}.") @@ -305,6 +308,28 @@ module ChefConfig default :diff_output_threshold, 1000000 default :local_mode, false + # Configures the mode of operation for ChefFS, which is applied to the + # ChefFS-based knife commands and chef-client's local mode. (ChefFS-based + # knife commands include: knife delete, knife deps, knife diff, knife down, + # knife edit, knife list, knife show, knife upload, and knife xargs.) + # + # Valid values are: + # * "static": ChefFS only manages objects that exist in a traditional Chef + # Repo as of Chef 11. + # * "everything": ChefFS manages all object types that existed on the OSS + # Chef 11 server. + # * "hosted_everything": ChefFS manages all object types as of the Chef 12 + # Server, including RBAC objects and Policyfile objects (new to Chef 12). + default :repo_mode do + if local_mode && !chef_zero.osc_compat + "hosted_everything" + elsif chef_server_url =~ /\/+organizations\/.+/ + "hosted_everything" + else + "everything" + end + end + default :pid_file, nil # Whether Chef Zero local mode should bind to a port. All internal requests @@ -320,6 +345,21 @@ module ChefConfig default(:enabled) { ChefConfig::Config.local_mode } default :host, "localhost" default :port, 8889.upto(9999) # Will try ports from 8889-9999 until one works + + # When set to a String, Chef Zero disables multitenant support. This is + # what you want when using Chef Zero to serve a single Chef Repo. Setting + # this to `false` enables multi-tenant. + default :single_org, "chef" + + # Whether Chef Zero should operate in a mode analogous to OSS Chef Server + # 11 (true) or Chef Server 12 (false). Chef Zero can still serve + # policyfile objects in Chef 11 mode, as long as `repo_mode` is set to + # "hosted_everything". The primary differences are: + # * Chef 11 mode doesn't support multi-tennant, so there is no + # distinction between global and org-specific objects (since there are + # no orgs). + # * Chef 11 mode doesn't expose RBAC objects + default :osc_compat, false end default :chef_server_url, "https://localhost:443" @@ -450,10 +490,32 @@ module ChefConfig # Where should chef-solo download recipes from? default :recipe_url, nil + # Set to true if Chef is to set OpenSSL to run in FIPS mode + default(:fips) { ENV["CHEF_FIPS"] == "1" } + + # Initialize openssl + def self.init_openssl + if fips + ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete." + OpenSSL.fips_mode = true + require "digest" + require "digest/sha1" + require "digest/md5" + Digest.const_set("SHA1", OpenSSL::Digest::SHA1) + OpenSSL::Digest.const_set("MD5", Digest::MD5) + end + end + # Sets the version of the signed header authentication protocol to use (see # the 'mixlib-authorization' project for more detail). Currently, versions - # 1.0 and 1.1 are available. - default :authentication_protocol_version, "1.1" + # 1.0, 1.1, and 1.3 are available. + default :authentication_protocol_version do + if fips + "1.3" + else + "1.1" + end + end # This key will be used to sign requests to the Chef server. This location # must be writable by Chef during initial setup when generating a client diff --git a/chef-config/spec/unit/config_spec.rb b/chef-config/spec/unit/config_spec.rb index 5983981ddd..ec14ad065a 100644 --- a/chef-config/spec/unit/config_spec.rb +++ b/chef-config/spec/unit/config_spec.rb @@ -288,6 +288,104 @@ RSpec.describe ChefConfig::Config do expect(ChefConfig::Config[:ssl_ca_path]).to be_nil end + describe "ChefConfig::Config[:repo_mode]" do + + context "when local mode is enabled" do + + before { ChefConfig::Config[:local_mode] = true } + + it "defaults to 'hosted_everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("hosted_everything") + end + + context "and osc_compat is enabled" do + + before { ChefConfig::Config.chef_zero.osc_compat = true } + + it "defaults to 'everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("everything") + end + end + end + + context "when local mode is not enabled" do + + context "and the chef_server_url is multi-tenant" do + + before { ChefConfig::Config[:chef_server_url] = "https://chef.example/organizations/example" } + + it "defaults to 'hosted_everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("hosted_everything") + end + + end + + context "and the chef_server_url is not multi-tenant" do + + before { ChefConfig::Config[:chef_server_url] = "https://chef.example/" } + + it "defaults to 'everything'" do + expect(ChefConfig::Config[:repo_mode]).to eq("everything") + end + end + end + end + + describe "ChefConfig::Config[:chef_repo_path]" do + + context "when cookbook_path is set to a single path" do + + before { ChefConfig::Config[:cookbook_path] = "/home/anne/repo/cookbooks" } + + it "is set to a path one directory up from the cookbook_path" do + expected = File.expand_path("/home/anne/repo") + expect(ChefConfig::Config[:chef_repo_path]).to eq(expected) + end + + end + + context "when cookbook_path is set to multiple paths" do + + before do + ChefConfig::Config[:cookbook_path] = [ + "/home/anne/repo/cookbooks", + "/home/anne/other_repo/cookbooks", + ] + end + + it "is set to an Array of paths one directory up from the cookbook_paths" do + expected = [ "/home/anne/repo", "/home/anne/other_repo"].map { |p| File.expand_path(p) } + expect(ChefConfig::Config[:chef_repo_path]).to eq(expected) + end + + end + + context "when cookbook_path is not set but cookbook_artifact_path is set" do + + before do + ChefConfig::Config[:cookbook_path] = nil + ChefConfig::Config[:cookbook_artifact_path] = "/home/roxie/repo/cookbook_artifacts" + end + + it "is set to a path one directory up from the cookbook_artifact_path" do + expected = File.expand_path("/home/roxie/repo") + expect(ChefConfig::Config[:chef_repo_path]).to eq(expected) + end + + end + + context "when cookbook_path is not set" do + + before { ChefConfig::Config[:cookbook_path] = nil } + + it "is set to the cache_path" do + expect(ChefConfig::Config[:chef_repo_path]).to eq(ChefConfig::Config[:cache_path]) + end + + end + + end + # On Windows, we'll detect an omnibus build and set this to the # cacert.pem included in the package, but it's nil if you're on Windows # w/o omnibus (e.g., doing development on Windows, custom build, etc.) @@ -309,6 +407,12 @@ RSpec.describe ChefConfig::Config do expect(ChefConfig::Config[:environment_path]).to eq(environment_path) end + it "ChefConfig::Config[:cookbook_artifact_path] defaults to /var/chef/cookbook_artifacts" do + allow(ChefConfig::Config).to receive(:cache_path).and_return(primary_cache_path) + environment_path = is_windows ? "#{primary_cache_path}\\cookbook_artifacts" : "#{primary_cache_path}/cookbook_artifacts" + expect(ChefConfig::Config[:cookbook_artifact_path]).to eq(environment_path) + end + describe "setting the config dir" do context "when the config file is given with a relative path" do diff --git a/chef.gemspec b/chef.gemspec index 7df1571f29..e50ef6c744 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -19,7 +19,7 @@ Gem::Specification.new do |s| s.add_dependency "mixlib-cli", "~> 1.4" s.add_dependency "mixlib-log", "~> 1.3" - s.add_dependency "mixlib-authentication", "~> 1.3" + s.add_dependency "mixlib-authentication", "~> 1.4" s.add_dependency "mixlib-shellout", "~> 2.0" s.add_dependency "ohai", ">= 8.6.0.alpha.1", "< 9" @@ -54,6 +54,6 @@ Gem::Specification.new do |s| s.bindir = "bin" s.executables = %w{ chef-client chef-solo knife chef-shell chef-apply } - s.require_path = %w{ lib lib-backcompat } + s.require_paths = %w{ lib lib-backcompat } s.files = %w{Gemfile Rakefile LICENSE README.md CONTRIBUTING.md} + Dir.glob("{distro,lib,lib-backcompat,tasks,spec}/**/*", File::FNM_DOTMATCH).reject {|f| File.directory?(f) } + Dir.glob("*.gemspec") end diff --git a/ci/verify-chef.bat b/ci/verify-chef.bat index 1c159f0668..2c16eb83f6 100755 --- a/ci/verify-chef.bat +++ b/ci/verify-chef.bat @@ -52,5 +52,8 @@ IF "%PIPELINE_NAME%" == "chef-13" ( call bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o %WORKSPACE%\test.xml -f documentation spec/unit spec/functional ) ELSE ( REM ; Running unit tests + IF "%PIPELINE_NAME%" == "chef-fips" ( + set CHEF_FIPS=1 + ) call bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o %WORKSPACE%\test.xml -f documentation spec/unit spec/functional ) diff --git a/ci/verify-chef.sh b/ci/verify-chef.sh index 4e60b1fd9f..1e384c7018 100755 --- a/ci/verify-chef.sh +++ b/ci/verify-chef.sh @@ -86,4 +86,9 @@ if [ ! -f "Gemfile.lock" ]; then exit 1 fi -sudo env PATH=$PATH TERM=xterm bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o $WORKSPACE/test.xml -f documentation spec/functional spec/unit +CHEF_FIPS=0 +if [ $PIPELINE_NAME='chef-fips']; +then + CHEF_FIPS=1 +fi +sudo env PATH=$PATH TERM=xterm CHEF_FIPS=$CHEF_FIPS bundle exec rspec -r rspec_junit_formatter -f RspecJunitFormatter -o $WORKSPACE/test.xml -f documentation spec/functional spec/unit diff --git a/lib/chef/api_client.rb b/lib/chef/api_client.rb index 9def6199b7..cea9dd8176 100644 --- a/lib/chef/api_client.rb +++ b/lib/chef/api_client.rb @@ -141,6 +141,7 @@ class Chef end def self.json_create(data) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::ApiClient#from_hash") from_hash(data) end @@ -176,7 +177,7 @@ class Chef if response.kind_of?(Chef::ApiClient) response else - json_create(response) + from_hash(response) end end diff --git a/lib/chef/application.rb b/lib/chef/application.rb index 4562d84a5d..a4d4fc209d 100644 --- a/lib/chef/application.rb +++ b/lib/chef/application.rb @@ -84,6 +84,7 @@ class Chef parse_options load_config_file Chef::Config.export_proxies + Chef::Config.init_openssl end # Parse the config file diff --git a/lib/chef/application/apply.rb b/lib/chef/application/apply.rb index f6348a951b..42b2d5fc9a 100644 --- a/lib/chef/application/apply.rb +++ b/lib/chef/application/apply.rb @@ -125,6 +125,7 @@ class Chef::Application::Apply < Chef::Application Chef::Config.merge!(config) configure_logging Chef::Config.export_proxies + Chef::Config.init_openssl parse_json end diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb index ba357b420d..5b124b60a7 100644 --- a/lib/chef/application/client.rb +++ b/lib/chef/application/client.rb @@ -274,6 +274,11 @@ class Chef::Application::Client < Chef::Application :description => "Whether a local mode (-z) server binds to a port", :boolean => true + option :fips, + :long => "--fips", + :description => "Enable fips mode", + :boolean => true + IMMEDIATE_RUN_SIGNAL = "1".freeze attr_reader :chef_client_json @@ -287,6 +292,8 @@ class Chef::Application::Client < Chef::Application set_specific_recipes + Chef::Config[:fips] = config[:fips] if config.has_key? :fips + Chef::Config[:chef_server_url] = config[:chef_server_url] if config.has_key? :chef_server_url Chef::Config.local_mode = config[:local_mode] if config.has_key?(:local_mode) diff --git a/lib/chef/chef_fs/chef_fs_data_store.rb b/lib/chef/chef_fs/chef_fs_data_store.rb index 634faaec7e..59c2699cca 100644 --- a/lib/chef/chef_fs/chef_fs_data_store.rb +++ b/lib/chef/chef_fs/chef_fs_data_store.rb @@ -126,6 +126,24 @@ class Chef # - `delete(association_requests/NAME)` -> `get(/invitations.json)`, remove name, `set(/invitations.json)` # class ChefFSDataStore + + # The base directories in a Chef Repo; even when these don't exist, a + # matching GET for these objects will return an empty list instead of a + # 404. + BASE_DIRNAMES = %w{ + clients + cookbooks + data + environments + nodes + roles + users + containers + groups + policy_groups + policies + }.freeze + # # Create a new ChefFSDataStore # @@ -469,7 +487,11 @@ class Chef # LIST /policies elsif path == [ "policies" ] with_entry([ path[0] ]) do |policies| - policies.children.map { |policy| policy.name[0..-6].rpartition("-")[0] }.uniq + begin + policies.children.map { |policy| policy.name[0..-6].rpartition("-")[0] }.uniq + rescue Chef::ChefFS::FileSystem::NotFoundError + [] + end end # LIST /policies/POLICY/revisions @@ -741,7 +763,7 @@ class Chef end def path_always_exists?(path) - return path.length == 1 && %w{clients cookbooks data environments nodes roles users}.include?(path[0]) + return path.length == 1 && BASE_DIRNAMES.include?(path[0]) end def with_entry(path) diff --git a/lib/chef/chef_fs/config.rb b/lib/chef/chef_fs/config.rb index 07c014e2ab..a376c42cc5 100644 --- a/lib/chef/chef_fs/config.rb +++ b/lib/chef/chef_fs/config.rb @@ -47,6 +47,34 @@ class Chef INFLECTIONS.each { |k,v| k.freeze; v.freeze } INFLECTIONS.freeze + # ChefFS supports three modes of operation: "static", "everything", and + # "hosted_everything". These names are antiquated since Chef 12 moved + # multi-tenant and RBAC to the open source product. In practice, they + # mean: + # + # * static: just static objects that are included in a traditional + # chef-repo, with no support for anything introduced in Chef 12 or + # later. + # * everything: all of the objects supported by the open source Chef + # Server 11.x + # * hosted_everything: (the name comes from Hosted Chef) supports + # everything in Chef Server 12 and later, including RBAC objects and + # Policyfile objects. + # + # The "static" and "everything" modes are used for backup and + # upgrade/migration of older Chef Servers, so they should be considered + # frozen in time. + + CHEF_11_OSS_STATIC_OBJECTS = %w{cookbooks cookbook_artifacts data_bags environments roles}.freeze + CHEF_11_OSS_DYNAMIC_OBJECTS = %w{clients nodes users}.freeze + RBAC_OBJECT_NAMES = %w{acls containers groups }.freeze + CHEF_12_OBJECTS = %w{ cookbook_artifacts policies policy_groups }.freeze + + STATIC_MODE_OBJECT_NAMES = CHEF_11_OSS_STATIC_OBJECTS + EVERYTHING_MODE_OBJECT_NAMES = (CHEF_11_OSS_STATIC_OBJECTS + CHEF_11_OSS_DYNAMIC_OBJECTS).freeze + HOSTED_EVERYTHING_MODE_OBJECT_NAMES = (EVERYTHING_MODE_OBJECT_NAMES + RBAC_OBJECT_NAMES + CHEF_12_OBJECTS).freeze + + # # Create a new Config object which can produce a chef_fs and local_fs. # @@ -234,11 +262,11 @@ class Chef result = {} case @chef_config[:repo_mode] when "static" - object_names = %w{cookbooks data_bags environments roles} + object_names = STATIC_MODE_OBJECT_NAMES when "hosted_everything" - object_names = %w{acls clients cookbooks cookbook_artifacts containers data_bags environments groups nodes roles policies policy_groups} + object_names = HOSTED_EVERYTHING_MODE_OBJECT_NAMES else - object_names = %w{clients cookbooks data_bags environments nodes roles users} + object_names = EVERYTHING_MODE_OBJECT_NAMES end object_names.each do |object_name| # cookbooks -> cookbook_path diff --git a/lib/chef/chef_fs/data_handler/data_handler_base.rb b/lib/chef/chef_fs/data_handler/data_handler_base.rb index 53936979e3..41c5dd13e2 100644 --- a/lib/chef/chef_fs/data_handler/data_handler_base.rb +++ b/lib/chef/chef_fs/data_handler/data_handler_base.rb @@ -117,7 +117,7 @@ class Chef # Turn a JSON hash into a bona fide Chef object (like Chef::Node). # def chef_object(object) - chef_class.json_create(object) + chef_class.from_hash(object) end # diff --git a/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb b/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb index 18bf748d87..fb3c185145 100644 --- a/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb @@ -188,7 +188,7 @@ class Chef old_retry_count = Chef::Config[:http_retry_count] begin Chef::Config[:http_retry_count] = 0 - @chef_object ||= Chef::CookbookVersion.json_create(root.get_json(api_path)) + @chef_object ||= Chef::CookbookVersion.from_hash(root.get_json(api_path)) ensure Chef::Config[:http_retry_count] = old_retry_count end diff --git a/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb b/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb index 692b6cfc73..cfc9e43955 100644 --- a/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +++ b/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb @@ -102,7 +102,7 @@ class Chef def chef_object # REST will inflate the Chef object using json_class - data_handler.json_class.json_create(read) + data_handler.json_class.from_hash(read) end def minimize_value(value) diff --git a/lib/chef/cookbook/metadata.rb b/lib/chef/cookbook/metadata.rb index 530254eead..bdba94d4f0 100644 --- a/lib/chef/cookbook/metadata.rb +++ b/lib/chef/cookbook/metadata.rb @@ -25,6 +25,7 @@ require "chef/mixin/params_validate" require "chef/log" require "chef/version_class" require "chef/version_constraint" +require "chef/version_constraint/platform" require "chef/json_compat" class Chef diff --git a/lib/chef/cookbook_version.rb b/lib/chef/cookbook_version.rb index 28f817c8ba..19150464ba 100644 --- a/lib/chef/cookbook_version.rb +++ b/lib/chef/cookbook_version.rb @@ -476,6 +476,7 @@ class Chef end def self.json_create(o) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::CookbookVersion#from_hash") from_hash(o) end diff --git a/lib/chef/data_bag.rb b/lib/chef/data_bag.rb index 66771d325f..38b3d4fdf5 100644 --- a/lib/chef/data_bag.rb +++ b/lib/chef/data_bag.rb @@ -80,6 +80,7 @@ class Chef # Create a Chef::Role from JSON def self.json_create(o) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::DataBag#from_hash") from_hash(o) end diff --git a/lib/chef/data_bag_item.rb b/lib/chef/data_bag_item.rb index 8688693568..facf6c89f4 100644 --- a/lib/chef/data_bag_item.rb +++ b/lib/chef/data_bag_item.rb @@ -142,6 +142,7 @@ class Chef # Create a Chef::DataBagItem from JSON def self.json_create(o) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::DataBagItem#from_hash") from_hash(o) end diff --git a/lib/chef/environment.rb b/lib/chef/environment.rb index e41f2b66ac..042cde5bd5 100644 --- a/lib/chef/environment.rb +++ b/lib/chef/environment.rb @@ -217,6 +217,7 @@ class Chef end def self.json_create(o) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::Environment#from_hash") from_hash(o) end @@ -260,7 +261,8 @@ class Chef if File.exists?(js_file) # from_json returns object.class => json_class in the JSON. - Chef::JSONCompat.from_json(IO.read(js_file)) + hash = Chef::JSONCompat.parse(IO.read(js_file)) + from_hash(hash) elsif File.exists?(rb_file) environment = Chef::Environment.new environment.name(name) diff --git a/lib/chef/formatters/doc.rb b/lib/chef/formatters/doc.rb index 5510956754..ab450cdeac 100644 --- a/lib/chef/formatters/doc.rb +++ b/lib/chef/formatters/doc.rb @@ -43,6 +43,7 @@ class Chef def run_start(version) puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end def total_resources diff --git a/lib/chef/formatters/minimal.rb b/lib/chef/formatters/minimal.rb index 2e32968b4b..94fbfd3818 100644 --- a/lib/chef/formatters/minimal.rb +++ b/lib/chef/formatters/minimal.rb @@ -29,7 +29,8 @@ class Chef # Called at the very start of a Chef Run def run_start(version) - puts "Starting Chef Client, version #{version}" + puts_line "Starting Chef Client, version #{version}" + puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips] end # Called at the end of the Chef run. diff --git a/lib/chef/http/authenticator.rb b/lib/chef/http/authenticator.rb index 02074171f8..ab4804c964 100644 --- a/lib/chef/http/authenticator.rb +++ b/lib/chef/http/authenticator.rb @@ -47,8 +47,8 @@ class Chef end def handle_request(method, url, headers={}, data=false) - headers.merge!(authentication_headers(method, url, data)) if sign_requests? headers.merge!({"X-Ops-Server-API-Version" => @api_version}) + headers.merge!(authentication_headers(method, url, data, headers)) if sign_requests? [method, url, headers, data] end @@ -90,12 +90,17 @@ class Chef raise Chef::Exceptions::InvalidPrivateKey, msg end - def authentication_headers(method, url, json_body=nil) - request_params = {:http_method => method, :path => url.path, :body => json_body, :host => "#{url.host}:#{url.port}"} + def authentication_headers(method, url, json_body=nil, headers=nil) + request_params = { + :http_method => method, + :path => url.path, + :body => json_body, + :host => "#{url.host}:#{url.port}", + :headers => headers, + } request_params[:body] ||= "" auth_credentials.signature_headers(request_params) end - end end end diff --git a/lib/chef/key.rb b/lib/chef/key.rb index ba5613e35e..141a444d57 100644 --- a/lib/chef/key.rb +++ b/lib/chef/key.rb @@ -222,8 +222,9 @@ class Chef Chef::Key.from_hash(Chef::JSONCompat.from_json(json)) end - class << self - alias_method :json_create, :from_json + def self.json_create(json) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::Key#from_json or one of the load_by methods.") + Chef::Key.from_json(json) end def self.list_by_user(actor, inflate=false) diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index a070c6c858..5cfcc7182a 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -398,6 +398,7 @@ class Chef merge_configs apply_computed_config Chef::Config.export_proxies + Chef::Config.init_openssl # This has to be after apply_computed_config so that Mixlib::Log is configured Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file] end diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 23ec98e563..4db6c22f2e 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -250,6 +250,11 @@ class Chef Chef::Config[:knife][:bootstrap_vault_item] } + option :fips, + :long => "--fips", + :description => "Set openssl to run in fips mode", + :boolean => true + def initialize(argv=[]) super @client_builder = Chef::Knife::Bootstrap::ClientBuilder.new( diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index b0a759dd05..46ade9f00f 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -120,6 +120,10 @@ validation_client_name "#{@chef_config[:validation_client_name]}" client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end + if @config[:fips] + client_rb << %Q{fips true\n} + end + client_rb end diff --git a/lib/chef/knife/core/object_loader.rb b/lib/chef/knife/core/object_loader.rb index 69c2428bd4..063c192728 100644 --- a/lib/chef/knife/core/object_loader.rb +++ b/lib/chef/knife/core/object_loader.rb @@ -93,7 +93,7 @@ class Chef if @klass == Chef::DataBagItem r else - @klass.json_create(r) + @klass.from_hash(r) end when /\.rb$/ r = klass.new diff --git a/lib/chef/local_mode.rb b/lib/chef/local_mode.rb index 53234ec7d5..82d9cdee32 100644 --- a/lib/chef/local_mode.rb +++ b/lib/chef/local_mode.rb @@ -65,6 +65,8 @@ class Chef server_options = {} server_options[:data_store] = data_store server_options[:log_level] = Chef::Log.level + server_options[:osc_compat] = Chef::Config.chef_zero.osc_compat + server_options[:single_org] = Chef::Config.chef_zero.single_org server_options[:host] = Chef::Config.chef_zero.host server_options[:port] = parse_port(Chef::Config.chef_zero.port) diff --git a/lib/chef/node.rb b/lib/chef/node.rb index d7b0bf5948..b9ef200e91 100644 --- a/lib/chef/node.rb +++ b/lib/chef/node.rb @@ -532,6 +532,7 @@ class Chef # Create a Chef::Node from JSON def self.json_create(o) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::Node#from_hash") from_hash(o) end diff --git a/lib/chef/org.rb b/lib/chef/org.rb index 33a986dc3b..434113e315 100644 --- a/lib/chef/org.rb +++ b/lib/chef/org.rb @@ -124,8 +124,9 @@ class Chef Chef::Org.from_hash(Chef::JSONCompat.from_json(json)) end - class <<self - alias_method :json_create, :from_json + def self.json_create(json) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::Org#from_json or Chef::Org#load.") + Chef::Org.from_json(json) end def self.load(org_name) diff --git a/lib/chef/property.rb b/lib/chef/property.rb index 8ff4ecc7fc..8b5c6560a9 100644 --- a/lib/chef/property.rb +++ b/lib/chef/property.rb @@ -320,7 +320,8 @@ class Chef resource.resource_initializing && resource.respond_to?(:enclosing_provider) && resource.enclosing_provider && - resource.enclosing_provider.respond_to?(name) + resource.enclosing_provider.new_resource && + resource.enclosing_provider.new_resource.respond_to?(name) Chef::Log.warn("#{Chef::Log.caller_location}: property #{name} is declared in both #{resource} and #{resource.enclosing_provider}. Use new_resource.#{name} instead. At #{Chef::Log.caller_location}") end diff --git a/lib/chef/provider/package/zypper.rb b/lib/chef/provider/package/zypper.rb index 9b0aaf322a..fe8358c654 100644 --- a/lib/chef/provider/package/zypper.rb +++ b/lib/chef/provider/package/zypper.rb @@ -2,7 +2,7 @@ # # Authors:: Adam Jacob (<adam@opscode.com>) # Ionuț Arțăriși (<iartarisi@suse.cz>) -# Copyright:: Copyright (c) 2008 Opscode, Inc. +# Copyright:: Copyright (c) 2008-2015 Chef Software, Inc. # Copyright (c) 2013 SUSE Linux GmbH # License:: Apache License, Version 2.0 # @@ -20,70 +20,74 @@ # require "chef/provider/package" -require "chef/mixin/command" -require "chef/resource/package" -require "singleton" +require "chef/resource/zypper_package" class Chef class Provider class Package class Zypper < Chef::Provider::Package + use_multipackage_api provides :package, platform_family: "suse" provides :zypper_package, os: "linux" - def load_current_resource - @current_resource = Chef::Resource::ZypperPackage.new(new_resource.name) - current_resource.package_name(new_resource.package_name) - - is_installed=false - is_out_of_date=false - version="" - oud_version="" + def get_versions(package_name) + candidate_version = current_version = nil + is_installed = false Chef::Log.debug("#{new_resource} checking zypper") - status = shell_out_with_timeout("zypper --non-interactive info #{new_resource.package_name}") + status = shell_out_with_timeout!("zypper --non-interactive info #{package_name}") status.stdout.each_line do |line| case line when /^Version: (.+)$/ - version = $1 + candidate_version = $1 Chef::Log.debug("#{new_resource} version #{$1}") when /^Installed: Yes$/ is_installed=true Chef::Log.debug("#{new_resource} is installed") - - when /^Installed: No$/ - is_installed=false - Chef::Log.debug("#{new_resource} is not installed") when /^Status: out-of-date \(version (.+) installed\)$/ - is_out_of_date=true - oud_version=$1 + current_version=$1 Chef::Log.debug("#{new_resource} out of date version #{$1}") end end + current_version = candidate_version if is_installed + { current_version: current_version, candidate_version: candidate_version } + end - if is_installed==false - @candidate_version=version - end - - if is_installed==true - if is_out_of_date==true - current_resource.version(oud_version) - @candidate_version=version - else - current_resource.version(version) - @candidate_version=version + def versions + @versions = + begin + raw_versions = package_name_array.map do |package_name| + get_versions(package_name) + end + Hash[*package_name_array.zip(raw_versions).flatten] end + end + + def get_candidate_versions + package_name_array.map do |package_name| + versions[package_name][:candidate_version] end + end - unless status.exitstatus == 0 - raise Chef::Exceptions::Package, "zypper failed - #{status.inspect}!" + def get_current_versions + package_name_array.map do |package_name| + versions[package_name][:current_version] end + end + + def load_current_resource + @current_resource = Chef::Resource::ZypperPackage.new(new_resource.name) + current_resource.package_name(new_resource.package_name) + + @candidate_version = get_candidate_versions + current_resource.version(get_current_versions) current_resource end - def zypper_version() - `zypper -V 2>&1`.scan(/\d+/).join(".").to_f + def zypper_version + @zypper_version ||= + `zypper -V 2>&1`.scan(/\d+/).join(".").to_f end def install_package(name, version) @@ -91,6 +95,7 @@ class Chef end def upgrade_package(name, version) + # `zypper install` upgrades packages, we rely on the idempotency checks to get action :install behavior install_package(name, version) end @@ -103,13 +108,19 @@ class Chef end private - def zypper_package(command, pkgname, version) - version = "=#{version}" unless version.nil? || version.empty? + + def zip(names, versions) + names.zip(versions).map do |n, v| + (v.nil? || v.empty?) ? n : "#{n}=#{v}" + end + end + + def zypper_package(command, names, versions) + zipped_names = zip(names, versions) if zypper_version < 1.0 - shell_out_with_timeout!("zypper#{gpg_checks} #{command} -y #{pkgname}") + shell_out_with_timeout!(a_to_s("zypper", gpg_checks, command, "-y", names)) else - shell_out_with_timeout!("zypper --non-interactive#{gpg_checks} "+ - "#{command} #{pkgname}#{version}") + shell_out_with_timeout!(a_to_s("zypper --non-interactive", gpg_checks, command, zipped_names)) end end @@ -118,12 +129,12 @@ class Chef when true "" when false - " --no-gpg-checks" + "--no-gpg-checks" when nil Chef::Log.warn("Chef::Config[:zypper_check_gpg] was not set. " + "All packages will be installed without gpg signature checks. " + "This is a security hazard.") - " --no-gpg-checks" + "--no-gpg-checks" end end end diff --git a/lib/chef/rest.rb b/lib/chef/rest.rb index 96a563e034..73cd0d68a9 100644 --- a/lib/chef/rest.rb +++ b/lib/chef/rest.rb @@ -59,6 +59,8 @@ class Chef # HTTP GET request to http://localhost:4000/nodes def initialize(url, client_name=Chef::Config[:node_name], signing_key_filename=Chef::Config[:client_key], options={}) + Chef.log_deprecation("Chef::REST is deprecated. Please use Chef::ServerAPI, or investigate Ridley or ChefAPI.") + signing_key_filename = nil if chef_zero_uri?(url) options = options.dup diff --git a/lib/chef/role.rb b/lib/chef/role.rb index fa76129af2..d607a1be98 100644 --- a/lib/chef/role.rb +++ b/lib/chef/role.rb @@ -171,6 +171,7 @@ class Chef # Create a Chef::Role from JSON def self.json_create(o) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::Role#from_hash") from_hash(o) end diff --git a/lib/chef/server_api.rb b/lib/chef/server_api.rb index b7e460fa6e..35f81f88b2 100644 --- a/lib/chef/server_api.rb +++ b/lib/chef/server_api.rb @@ -48,6 +48,12 @@ class Chef # responses. use Chef::HTTP::ValidateContentLength + # for back compat with Chef::REST, expose `<verb>_rest` as an alias to `<verb>` + alias :get_rest :get + alias :delete_rest :delete + alias :post_rest :post + alias :put_rest :put + # Makes an HTTP request to +path+ with the given +method+, +headers+, and # +data+ (if applicable). Does not apply any middleware, besides that # needed for Authentication. diff --git a/lib/chef/user.rb b/lib/chef/user.rb index 37a104a537..bcbce76bf2 100644 --- a/lib/chef/user.rb +++ b/lib/chef/user.rb @@ -154,8 +154,9 @@ class Chef Chef::User.from_hash(Chef::JSONCompat.from_json(json)) end - class << self - alias_method :json_create, :from_json + def self.json_create(json) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::User#from_json or Chef::User#load.") + Chef::User.from_json(json) end def self.list(inflate=false) diff --git a/lib/chef/user_v1.rb b/lib/chef/user_v1.rb index 133087a089..bb594e3564 100644 --- a/lib/chef/user_v1.rb +++ b/lib/chef/user_v1.rb @@ -276,8 +276,9 @@ class Chef Chef::UserV1.from_hash(Chef::JSONCompat.from_json(json)) end - class << self - alias_method :json_create, :from_json + def self.json_create(json) + Chef.log_deprecation("Auto inflation of JSON data is deprecated. Please use Chef::UserV1#from_json or Chef::UserV1#load.") + Chef::UserV1.from_json(json) end def self.list(inflate=false) diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index 19c32fbccb..0f1423985e 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -1,12 +1,12 @@ GIT remote: git://github.com/chef/omnibus-software.git - revision: 1baba87d3fca8de9fbba0fb5971e116c6eee519e + revision: 56f4933c94cfcb85be7b3564ccab280769d90d12 specs: omnibus-software (4.0.0) GIT remote: git://github.com/chef/omnibus.git - revision: 88400e2feee1498e432b6c5f70707b14fb22e8c9 + revision: d66b7fcafd5f8fb55e974913999fd1b9db564f1e specs: omnibus (5.0.0) aws-sdk (~> 2) @@ -22,12 +22,12 @@ GEM remote: https://rubygems.org/ specs: addressable (2.3.8) - aws-sdk (2.2.10) - aws-sdk-resources (= 2.2.10) - aws-sdk-core (2.2.10) + aws-sdk (2.2.13) + aws-sdk-resources (= 2.2.13) + aws-sdk-core (2.2.13) jmespath (~> 1.0) - aws-sdk-resources (2.2.10) - aws-sdk-core (= 2.2.10) + aws-sdk-resources (2.2.13) + aws-sdk-core (= 2.2.13) berkshelf (3.2.4) addressable (~> 2.3.4) berkshelf-api-client (~> 1.2) diff --git a/omnibus/config/projects/chef-fips.rb b/omnibus/config/projects/chef-fips.rb index fbb28fa5cc..37410b0e49 100644 --- a/omnibus/config/projects/chef-fips.rb +++ b/omnibus/config/projects/chef-fips.rb @@ -38,7 +38,7 @@ end override :fips, enabled: true override :'ruby-windows', version: "2.0.0-p647" -override :chef, version: "jdm/1.3-fips" +override :chef, version: "local_source" override :ohai, version: "master" msi_upgrade_code = "819F5DB3-B818-4358-BB2B-54B8171D0A26" diff --git a/omnibus/config/projects/chef.rb b/omnibus/config/projects/chef.rb index a615069c9d..1c9d647f16 100644 --- a/omnibus/config/projects/chef.rb +++ b/omnibus/config/projects/chef.rb @@ -59,6 +59,7 @@ override :ohai, version: "master" dependency "preparation" dependency "chef" +dependency "nokogiri" dependency "shebang-cleanup" dependency "version-manifest" dependency "openssl-customization" diff --git a/omnibus/files/mapfiles/solaris b/omnibus/files/mapfiles/solaris index b33e54dcae..c0ca5c1ae3 100644 --- a/omnibus/files/mapfiles/solaris +++ b/omnibus/files/mapfiles/solaris @@ -8,7 +8,6 @@ DEPEND_VERSIONS libsocket.so { ALLOW = SUNWprivate_1.1; }; DEPEND_VERSIONS libdl.so { - ALLOW = SUNW_1.22.1; ALLOW = SUNW_1.4; ALLOW = SUNWprivate_1.1; }; diff --git a/spec/functional/resource/chocolatey_package_spec.rb b/spec/functional/resource/chocolatey_package_spec.rb index 201ab3238c..7cbaaf0d6b 100644 --- a/spec/functional/resource/chocolatey_package_spec.rb +++ b/spec/functional/resource/chocolatey_package_spec.rb @@ -22,11 +22,14 @@ describe Chef::Resource::ChocolateyPackage, :windows_only do include Chef::Mixin::PowershellOut before(:all) do - powershell_out("iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))") + powershell_out!("iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))") + unless ENV["PATH"] =~ /chocolatey\\bin/ + ENV["PATH"] = "C:\\ProgramData\\chocolatey\\bin;#{ENV["PATH"]}" + end end let(:package_name) { "test-A" } - let(:package_list) { proc { powershell_out("choco list -lo -r #{Array(package_name).join(' ')}").stdout.chomp } } + let(:package_list) { proc { powershell_out!("choco list -lo -r #{Array(package_name).join(' ')}").stdout.chomp } } let(:package_source) { File.join(CHEF_SPEC_ASSETS, "chocolatey_feed") } subject do diff --git a/spec/functional/resource/group_spec.rb b/spec/functional/resource/group_spec.rb index 418dad431d..846bd2ba44 100644 --- a/spec/functional/resource/group_spec.rb +++ b/spec/functional/resource/group_spec.rb @@ -361,7 +361,7 @@ downthestreetalwayshadagoodsmileonhisfacetheoldmanwalkingdownthestreeQQQQQQ" } end describe "group modify action", :not_supported_on_solaris do - let(:spec_members){ ["Gordon", "Eric", "Anthony"] } + let(:spec_members){ ["mnou5sdz", "htulrvwq", "x4c3g1lu"] } let(:included_members) { [spec_members[0], spec_members[1]] } let(:excluded_members) { [spec_members[2]] } let(:tested_action) { :modify } @@ -389,7 +389,7 @@ downthestreetalwayshadagoodsmileonhisfacetheoldmanwalkingdownthestreeQQQQQQ" } end describe "group manage action", :not_supported_on_solaris do - let(:spec_members){ ["Gordon", "Eric", "Anthony"] } + let(:spec_members){ ["mnou5sdz", "htulrvwq", "x4c3g1lu"] } let(:included_members) { [spec_members[0], spec_members[1]] } let(:excluded_members) { [spec_members[2]] } let(:tested_action) { :manage } @@ -427,7 +427,7 @@ downthestreetalwayshadagoodsmileonhisfacetheoldmanwalkingdownthestreeQQQQQQ" } describe "group resource with Usermod provider", :solaris_only do describe "when excluded_members is set" do - let(:excluded_members) { ["Anthony"] } + let(:excluded_members) { ["x4c3g1lu"] } it ":manage should raise an error" do expect {group_resource.run_action(:manage) }.to raise_error @@ -443,7 +443,7 @@ downthestreetalwayshadagoodsmileonhisfacetheoldmanwalkingdownthestreeQQQQQQ" } end describe "when append is not set" do - let(:included_members) { ["Gordon", "Eric"] } + let(:included_members) { ["gordon", "eric"] } before(:each) do group_resource.append(false) diff --git a/spec/functional/resource/user/useradd_spec.rb b/spec/functional/resource/user/useradd_spec.rb index 9335aa8505..d0ae40a35f 100644 --- a/spec/functional/resource/user/useradd_spec.rb +++ b/spec/functional/resource/user/useradd_spec.rb @@ -242,17 +242,17 @@ describe Chef::Provider::User::Useradd, metadata do let(:home) { "/home/#{username}" } it "ensures the user's home is set to the given path" do - expect(pw_entry.home).to eq("/home/#{username}") + expect(pw_entry.home).to eq(home) end - if %w{rhel fedora}.include?(OHAI_SYSTEM["platform_family"]) + if %w{rhel fedora wrlinux}.include?(OHAI_SYSTEM["platform_family"]) # Inconsistent behavior. See: CHEF-2205 it "creates the home dir when not explicitly asked to on RHEL (XXX)" do - expect(File).to exist("/home/#{username}") + expect(File).to exist(home) end else it "does not create the home dir without `manage_home'" do - expect(File).not_to exist("/home/#{username}") + expect(File).not_to exist(home) end end @@ -260,7 +260,7 @@ describe Chef::Provider::User::Useradd, metadata do let(:manage_home) { true } it "ensures the user's home directory exists" do - expect(File).to exist("/home/#{username}") + expect(File).to exist(home) end end end @@ -287,9 +287,9 @@ describe Chef::Provider::User::Useradd, metadata do let(:uid_min) do case ohai[:platform] when "aix" - # UIDs and GIDs below 100 are typically reserved for system accounts and services - # http://www.ibm.com/developerworks/aix/library/au-satuidgid/ - 100 + # UIDs and GIDs below 200 are typically reserved for system accounts and services + # https://abcofaix.wordpress.com/tag/usermod/ + 200 else # from `man useradd`, login user means uid will be between # UID_SYS_MIN and UID_SYS_MAX defined in /etc/login.defs. On my diff --git a/spec/functional/rest_spec.rb b/spec/functional/rest_spec.rb index e2d472c1d5..752e71d7e3 100644 --- a/spec/functional/rest_spec.rb +++ b/spec/functional/rest_spec.rb @@ -80,6 +80,7 @@ describe Chef::REST do before do Chef::Config[:node_name] = "webmonkey.example.com" Chef::Config[:client_key] = CHEF_SPEC_DATA + "/ssl/private_key.pem" + Chef::Config[:treat_deprecation_warnings_as_errors] = false end before(:all) do diff --git a/spec/integration/knife/chef_fs_data_store_spec.rb b/spec/integration/knife/chef_fs_data_store_spec.rb index b4f2d4ca71..145adc3e4c 100644 --- a/spec/integration/knife/chef_fs_data_store_spec.rb +++ b/spec/integration/knife/chef_fs_data_store_spec.rb @@ -29,22 +29,54 @@ describe "ChefFSDataStore tests", :workstation do let(:cookbook_x_100_metadata_rb) { cb_metadata("x", "1.0.0") } let(:cookbook_z_100_metadata_rb) { cb_metadata("z", "1.0.0") } - when_the_repository "has one of each thing" do + describe "with repo mode 'hosted_everything' (default)" do before do - file "clients/x.json", {} - file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb - file "data_bags/x/y.json", {} - file "environments/x.json", {} - file "nodes/x.json", {} - file "roles/x.json", {} - file "users/x.json", {} + Chef::Config.chef_zero.osc_compat = false end - context "GET /TYPE" do - it "knife list -z -R returns everything" do - knife("list -z -Rfp /").should_succeed <<EOM + when_the_repository "has one of each thing" do + before do + file "clients/x.json", {} + file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb + file "data_bags/x/y.json", {} + file "environments/x.json", {} + file "nodes/x.json", {} + file "roles/x.json", {} + # file "users/x.json", {} + file "containers/x.json", {} + file "groups/x.json", {} + file "containers/x.json", {} + file "groups/x.json", {} + file "policies/x.json", {} + file "policy_groups/x.json", {} + end + + context "GET /TYPE" do + it "knife list -z -R returns everything" do + knife("list -z -Rfp /").should_succeed <<EOM +/acls/ +/acls/clients/ +/acls/clients/x.json +/acls/containers/ +/acls/containers/x.json +/acls/cookbooks/ +/acls/cookbooks/x.json +/acls/data_bags/ +/acls/data_bags/x.json +/acls/environments/ +/acls/environments/x.json +/acls/groups/ +/acls/groups/x.json +/acls/nodes/ +/acls/nodes/x.json +/acls/organization.json +/acls/roles/ +/acls/roles/x.json /clients/ /clients/x.json +/containers/ +/containers/x.json +/cookbook_artifacts/ /cookbooks/ /cookbooks/x/ /cookbooks/x/metadata.rb @@ -53,317 +85,458 @@ describe "ChefFSDataStore tests", :workstation do /data_bags/x/y.json /environments/ /environments/x.json +/groups/ +/groups/x.json +/invitations.json +/members.json /nodes/ /nodes/x.json +/org.json +/policies/ +/policy_groups/ +/policy_groups/x.json /roles/ /roles/x.json -/users/ -/users/x.json EOM + end end - end - context "DELETE /TYPE/NAME" do - it "knife delete -z /clients/x.json works" do - knife("delete -z /clients/x.json").should_succeed "Deleted /clients/x.json\n" - knife("list -z -Rfp /clients").should_succeed "" - end + context "DELETE /TYPE/NAME" do + it "knife delete -z /clients/x.json works" do + knife("delete -z /clients/x.json").should_succeed "Deleted /clients/x.json\n" + knife("list -z -Rfp /clients").should_succeed "" + end - it "knife delete -z -r /cookbooks/x works" do - knife("delete -z -r /cookbooks/x").should_succeed "Deleted /cookbooks/x\n" - knife("list -z -Rfp /cookbooks").should_succeed "" - end + it "knife delete -z -r /cookbooks/x works" do + knife("delete -z -r /cookbooks/x").should_succeed "Deleted /cookbooks/x\n" + knife("list -z -Rfp /cookbooks").should_succeed "" + end - it "knife delete -z -r /data_bags/x works" do - knife("delete -z -r /data_bags/x").should_succeed "Deleted /data_bags/x\n" - knife("list -z -Rfp /data_bags").should_succeed "" - end + it "knife delete -z -r /data_bags/x works" do + knife("delete -z -r /data_bags/x").should_succeed "Deleted /data_bags/x\n" + knife("list -z -Rfp /data_bags").should_succeed "" + end - it "knife delete -z /data_bags/x/y.json works" do - knife("delete -z /data_bags/x/y.json").should_succeed "Deleted /data_bags/x/y.json\n" - knife("list -z -Rfp /data_bags").should_succeed "/data_bags/x/\n" - end + it "knife delete -z /data_bags/x/y.json works" do + knife("delete -z /data_bags/x/y.json").should_succeed "Deleted /data_bags/x/y.json\n" + knife("list -z -Rfp /data_bags").should_succeed "/data_bags/x/\n" + end - it "knife delete -z /environments/x.json works" do - knife("delete -z /environments/x.json").should_succeed "Deleted /environments/x.json\n" - knife("list -z -Rfp /environments").should_succeed "" - end + it "knife delete -z /environments/x.json works" do + knife("delete -z /environments/x.json").should_succeed "Deleted /environments/x.json\n" + knife("list -z -Rfp /environments").should_succeed "" + end - it "knife delete -z /nodes/x.json works" do - knife("delete -z /nodes/x.json").should_succeed "Deleted /nodes/x.json\n" - knife("list -z -Rfp /nodes").should_succeed "" - end + it "knife delete -z /nodes/x.json works" do + knife("delete -z /nodes/x.json").should_succeed "Deleted /nodes/x.json\n" + knife("list -z -Rfp /nodes").should_succeed "" + end - it "knife delete -z /roles/x.json works" do - knife("delete -z /roles/x.json").should_succeed "Deleted /roles/x.json\n" - knife("list -z -Rfp /roles").should_succeed "" - end + it "knife delete -z /roles/x.json works" do + knife("delete -z /roles/x.json").should_succeed "Deleted /roles/x.json\n" + knife("list -z -Rfp /roles").should_succeed "" + end - it "knife delete -z /users/x.json works" do - knife("delete -z /users/x.json").should_succeed "Deleted /users/x.json\n" - knife("list -z -Rfp /users").should_succeed "" end - end - context "GET /TYPE/NAME" do - it "knife show -z /clients/x.json works" do - knife("show -z /clients/x.json").should_succeed( /"x"/ ) - end + context "GET /TYPE/NAME" do + it "knife show -z /clients/x.json works" do + knife("show -z /clients/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /cookbooks/x/metadata.rb works" do - knife("show -z /cookbooks/x/metadata.rb").should_succeed "/cookbooks/x/metadata.rb:\n#{cookbook_x_100_metadata_rb}\n" - end + it "knife show -z /cookbooks/x/metadata.rb works" do + knife("show -z /cookbooks/x/metadata.rb").should_succeed "/cookbooks/x/metadata.rb:\n#{cookbook_x_100_metadata_rb}\n" + end - it "knife show -z /data_bags/x/y.json works" do - knife("show -z /data_bags/x/y.json").should_succeed( /"y"/ ) - end + it "knife show -z /data_bags/x/y.json works" do + knife("show -z /data_bags/x/y.json").should_succeed( /"y"/ ) + end - it "knife show -z /environments/x.json works" do - knife("show -z /environments/x.json").should_succeed( /"x"/ ) - end + it "knife show -z /environments/x.json works" do + knife("show -z /environments/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /nodes/x.json works" do - knife("show -z /nodes/x.json").should_succeed( /"x"/ ) - end + it "knife show -z /nodes/x.json works" do + knife("show -z /nodes/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /roles/x.json works" do - knife("show -z /roles/x.json").should_succeed( /"x"/ ) - end + it "knife show -z /roles/x.json works" do + knife("show -z /roles/x.json").should_succeed( /"x"/ ) + end - it "knife show -z /users/x.json works" do - knife("show -z /users/x.json").should_succeed( /"x"/ ) end - end - context "PUT /TYPE/NAME" do - before do - file "empty.json", {} - file "dummynode.json", { "name" => "x", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} - file "rolestuff.json", '{"description":"hi there","name":"x"}' - file "cookbooks_to_upload/x/metadata.rb", cookbook_x_100_metadata_rb - end + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + file "dummynode.json", { "name" => "x", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/x/metadata.rb", cookbook_x_100_metadata_rb + end - it "knife raw -z -i empty.json -m PUT /clients/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_succeed( /"x"/ ) - knife("list --local /clients").should_succeed "/clients/x.json\n" - end + it "knife raw -z -i empty.json -m PUT /clients/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_succeed( /"x"/ ) + knife("list --local /clients").should_succeed "/clients/x.json\n" + end - it "knife cookbook upload works" do - knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} x").should_succeed :stderr => <<EOM + it "knife cookbook upload works" do + knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} x").should_succeed :stderr => <<EOM Uploading x [1.0.0] Uploaded 1 cookbook. EOM - knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/x/\n/cookbooks/x/metadata.rb\n" - end - - it "knife raw -z -i empty.json -m PUT /data/x/y" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_succeed( /"y"/ ) - knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/y.json\n" - end - - it "knife raw -z -i empty.json -m PUT /environments/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_succeed( /"x"/ ) - knife("list --local /environments").should_succeed "/environments/x.json\n" - end - - it "knife raw -z -i dummynode.json -m PUT /nodes/x" do - knife("raw -z -i #{path_to('dummynode.json')} -m PUT /nodes/x").should_succeed( /"x"/ ) - knife("list --local /nodes").should_succeed "/nodes/x.json\n" - knife("show -z /nodes/x.json --verbose").should_succeed /"bar"/ - end - - it "knife raw -z -i empty.json -m PUT /roles/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_succeed( /"x"/ ) - knife("list --local /roles").should_succeed "/roles/x.json\n" - end - - it "knife raw -z -i empty.json -m PUT /users/x" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_succeed( /"x"/ ) - knife("list --local /users").should_succeed "/users/x.json\n" - end - - it "After knife raw -z -i rolestuff.json -m PUT /roles/x, the output is pretty", :skip => (RUBY_VERSION < "1.9") do - knife("raw -z -i #{path_to('rolestuff.json')} -m PUT /roles/x").should_succeed( /"x"/ ) - expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip + knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/x/\n/cookbooks/x/metadata.rb\n" + end + + it "knife raw -z -i empty.json -m PUT /data/x/y" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_succeed( /"y"/ ) + knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/y.json\n" + end + + it "knife raw -z -i empty.json -m PUT /environments/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_succeed( /"x"/ ) + knife("list --local /environments").should_succeed "/environments/x.json\n" + end + + it "knife raw -z -i dummynode.json -m PUT /nodes/x" do + knife("raw -z -i #{path_to('dummynode.json')} -m PUT /nodes/x").should_succeed( /"x"/ ) + knife("list --local /nodes").should_succeed "/nodes/x.json\n" + knife("show -z /nodes/x.json --verbose").should_succeed(/"bar"/) + end + + it "knife raw -z -i empty.json -m PUT /roles/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_succeed( /"x"/ ) + knife("list --local /roles").should_succeed "/roles/x.json\n" + end + + it "After knife raw -z -i rolestuff.json -m PUT /roles/x, the output is pretty", :skip => (RUBY_VERSION < "1.9") do + knife("raw -z -i #{path_to('rolestuff.json')} -m PUT /roles/x").should_succeed( /"x"/ ) + expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip { "name": "x", "description": "hi there" } EOM + end end end - end - when_the_repository "is empty" do - context "POST /TYPE/NAME" do - before do - file "empty.json", { "name" => "z" } - file "dummynode.json", { "name" => "z", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} - file "empty_x.json", { "name" => "x" } - file "empty_id.json", { "id" => "z" } - file "rolestuff.json", '{"description":"hi there","name":"x"}' - file "cookbooks_to_upload/z/metadata.rb", cookbook_z_100_metadata_rb - end - - it "knife raw -z -i empty.json -m POST /clients" do - knife("raw -z -i #{path_to('empty.json')} -m POST /clients").should_succeed( /uri/ ) - knife("list --local /clients").should_succeed "/clients/z.json\n" - end - - it "knife cookbook upload works" do - knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} z").should_succeed :stderr => <<EOM + when_the_repository "is empty" do + context "POST /TYPE/NAME" do + before do + file "empty.json", { "name" => "z" } + file "dummynode.json", { "name" => "z", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "empty_x.json", { "name" => "x" } + file "empty_id.json", { "id" => "z" } + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/z/metadata.rb", cookbook_z_100_metadata_rb + end + + it "knife raw -z -i empty.json -m POST /clients" do + knife("raw -z -i #{path_to('empty.json')} -m POST /clients").should_succeed( /uri/ ) + knife("list --local /clients").should_succeed "/clients/z.json\n" + end + + it "knife cookbook upload works" do + knife("cookbook upload -z --cookbook-path #{path_to('cookbooks_to_upload')} z").should_succeed :stderr => <<EOM Uploading z [1.0.0] Uploaded 1 cookbook. EOM - knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/z/\n/cookbooks/z/metadata.rb\n" - end - - it "knife raw -z -i empty.json -m POST /data" do - knife("raw -z -i #{path_to('empty.json')} -m POST /data").should_succeed( /uri/ ) - knife("list --local -Rfp /data_bags").should_succeed "/data_bags/z/\n" - end - - it "knife raw -z -i empty.json -m POST /data/x" do - knife("raw -z -i #{path_to('empty_x.json')} -m POST /data").should_succeed( /uri/ ) - knife("raw -z -i #{path_to('empty_id.json')} -m POST /data/x").should_succeed( /"z"/ ) - knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/z.json\n" - end - - it "knife raw -z -i empty.json -m POST /environments" do - knife("raw -z -i #{path_to('empty.json')} -m POST /environments").should_succeed( /uri/ ) - knife("list --local /environments").should_succeed "/environments/z.json\n" - end - - it "knife raw -z -i dummynode.json -m POST /nodes" do - knife("raw -z -i #{path_to('dummynode.json')} -m POST /nodes").should_succeed( /uri/ ) - knife("list --local /nodes").should_succeed "/nodes/z.json\n" - knife("show -z /nodes/z.json").should_succeed /"bar"/ - end - - it "knife raw -z -i empty.json -m POST /roles" do - knife("raw -z -i #{path_to('empty.json')} -m POST /roles").should_succeed( /uri/ ) - knife("list --local /roles").should_succeed "/roles/z.json\n" - end - - it "knife raw -z -i empty.json -m POST /users" do - knife("raw -z -i #{path_to('empty.json')} -m POST /users").should_succeed( /uri/ ) - knife("list --local /users").should_succeed "/users/z.json\n" - end - - it "After knife raw -z -i rolestuff.json -m POST /roles, the output is pretty", :skip => (RUBY_VERSION < "1.9") do - knife("raw -z -i #{path_to('rolestuff.json')} -m POST /roles").should_succeed( /uri/ ) - expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip + knife("list --local -Rfp /cookbooks").should_succeed "/cookbooks/z/\n/cookbooks/z/metadata.rb\n" + end + + it "knife raw -z -i empty.json -m POST /data" do + knife("raw -z -i #{path_to('empty.json')} -m POST /data").should_succeed( /uri/ ) + knife("list --local -Rfp /data_bags").should_succeed "/data_bags/z/\n" + end + + it "knife raw -z -i empty.json -m POST /data/x" do + knife("raw -z -i #{path_to('empty_x.json')} -m POST /data").should_succeed( /uri/ ) + knife("raw -z -i #{path_to('empty_id.json')} -m POST /data/x").should_succeed( /"z"/ ) + knife("list --local -Rfp /data_bags").should_succeed "/data_bags/x/\n/data_bags/x/z.json\n" + end + + it "knife raw -z -i empty.json -m POST /environments" do + knife("raw -z -i #{path_to('empty.json')} -m POST /environments").should_succeed( /uri/ ) + knife("list --local /environments").should_succeed "/environments/z.json\n" + end + + it "knife raw -z -i dummynode.json -m POST /nodes" do + knife("raw -z -i #{path_to('dummynode.json')} -m POST /nodes").should_succeed( /uri/ ) + knife("list --local /nodes").should_succeed "/nodes/z.json\n" + knife("show -z /nodes/z.json").should_succeed(/"bar"/) + end + + it "knife raw -z -i empty.json -m POST /roles" do + knife("raw -z -i #{path_to('empty.json')} -m POST /roles").should_succeed( /uri/ ) + knife("list --local /roles").should_succeed "/roles/z.json\n" + end + + it "After knife raw -z -i rolestuff.json -m POST /roles, the output is pretty", :skip => (RUBY_VERSION < "1.9") do + knife("raw -z -i #{path_to('rolestuff.json')} -m POST /roles").should_succeed( /uri/ ) + expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip { "name": "x", "description": "hi there" } EOM + end end - end - it "knife list -z -R returns nothing" do - knife("list -z -Rfp /").should_succeed <<EOM + it "knife list -z -R returns nothing" do + knife("list -z -Rfp /").should_succeed <<EOM +/acls/ +/acls/clients/ +/acls/containers/ +/acls/cookbooks/ +/acls/data_bags/ +/acls/environments/ +/acls/groups/ +/acls/nodes/ +/acls/organization.json +/acls/roles/ /clients/ +/containers/ +/cookbook_artifacts/ /cookbooks/ /data_bags/ /environments/ +/groups/ +/invitations.json +/members.json /nodes/ +/org.json +/policies/ +/policy_groups/ /roles/ -/users/ EOM - end - - context "DELETE /TYPE/NAME" do - it "knife delete -z /clients/x.json fails with an error" do - knife("delete -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" end - it "knife delete -z -r /cookbooks/x fails with an error" do - knife("delete -z -r /cookbooks/x").should_fail "ERROR: /cookbooks/x: No such file or directory\n" - end + context "DELETE /TYPE/NAME" do + it "knife delete -z /clients/x.json fails with an error" do + knife("delete -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" + end - it "knife delete -z -r /data_bags/x fails with an error" do - knife("delete -z -r /data_bags/x").should_fail "ERROR: /data_bags/x: No such file or directory\n" - end + it "knife delete -z -r /cookbooks/x fails with an error" do + knife("delete -z -r /cookbooks/x").should_fail "ERROR: /cookbooks/x: No such file or directory\n" + end - it "knife delete -z /data_bags/x/y.json fails with an error" do - knife("delete -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" - end + it "knife delete -z -r /data_bags/x fails with an error" do + knife("delete -z -r /data_bags/x").should_fail "ERROR: /data_bags/x: No such file or directory\n" + end - it "knife delete -z /environments/x.json fails with an error" do - knife("delete -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" - end + it "knife delete -z /data_bags/x/y.json fails with an error" do + knife("delete -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" + end + + it "knife delete -z /environments/x.json fails with an error" do + knife("delete -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" + end + + it "knife delete -z /nodes/x.json fails with an error" do + knife("delete -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" + end + + it "knife delete -z /roles/x.json fails with an error" do + knife("delete -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" + end - it "knife delete -z /nodes/x.json fails with an error" do - knife("delete -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" end - it "knife delete -z /roles/x.json fails with an error" do - knife("delete -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" + context "GET /TYPE/NAME" do + it "knife show -z /clients/x.json fails with an error" do + knife("show -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" + end + + it "knife show -z /cookbooks/x/metadata.rb fails with an error" do + knife("show -z /cookbooks/x/metadata.rb").should_fail "ERROR: /cookbooks/x/metadata.rb: No such file or directory\n" + end + + it "knife show -z /data_bags/x/y.json fails with an error" do + knife("show -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" + end + + it "knife show -z /environments/x.json fails with an error" do + knife("show -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" + end + + it "knife show -z /nodes/x.json fails with an error" do + knife("show -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" + end + + it "knife show -z /roles/x.json fails with an error" do + knife("show -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" + end + end - it "knife delete -z /users/x.json fails with an error" do - knife("delete -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + end + + it "knife raw -z -i empty.json -m PUT /clients/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /data/x/y fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /environments/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /nodes/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /nodes/x").should_fail( /404/ ) + end + + it "knife raw -z -i empty.json -m PUT /roles/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_fail( /404/ ) + end + end end + end - context "GET /TYPE/NAME" do - it "knife show -z /clients/x.json fails with an error" do - knife("show -z /clients/x.json").should_fail "ERROR: /clients/x.json: No such file or directory\n" - end + # We have to configure Zero for Chef 11 mode in order to test users because: + # 1. local mode overrides your `chef_server_url` to something like "http://localhost:PORT" + # 2. single org mode maps requests like "https://localhost:PORT/users" so + # they're functionally equivalent to "https://localhost:PORT/organizations/DEFAULT/users" + # 3. Users are global objects in Chef 12, and should be accessed at URLs like + # "https://localhost:PORT/users" (there is an org-specific users endpoint, + # but it's for listing users in an org, not for managing users). + # 4. Therefore you can't hit the _real_ users endpoint in local mode when + # configured for Chef Server 12 mode. + # + # Because of this, we have to configure Zero for Chef 11 OSC mode in order to + # test the users part of the data store with local mode. + describe "with repo mode 'everything'" do + before do + Chef::Config.repo_mode = "everything" + Chef::Config.chef_zero.osc_compat = true + end - it "knife show -z /cookbooks/x/metadata.rb fails with an error" do - knife("show -z /cookbooks/x/metadata.rb").should_fail "ERROR: /cookbooks/x/metadata.rb: No such file or directory\n" + when_the_repository "has one of each thing" do + before do + file "clients/x.json", {} + file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb + file "data_bags/x/y.json", {} + file "environments/x.json", {} + file "nodes/x.json", {} + file "roles/x.json", {} + file "users/x.json", {} + end + + context "GET /TYPE" do + it "knife list -z -R returns everything" do + knife("list -z -Rfp /").should_succeed <<EOM +/clients/ +/clients/x.json +/cookbooks/ +/cookbooks/x/ +/cookbooks/x/metadata.rb +/data_bags/ +/data_bags/x/ +/data_bags/x/y.json +/environments/ +/environments/x.json +/nodes/ +/nodes/x.json +/roles/ +/roles/x.json +/users/ +/users/x.json +EOM + end end - it "knife show -z /data_bags/x/y.json fails with an error" do - knife("show -z /data_bags/x/y.json").should_fail "ERROR: /data_bags/x/y.json: No such file or directory\n" + context "DELETE /TYPE/NAME" do + it "knife delete -z /users/x.json works" do + knife("delete -z /users/x.json").should_succeed "Deleted /users/x.json\n" + knife("list -z -Rfp /users").should_succeed "" + end end - it "knife show -z /environments/x.json fails with an error" do - knife("show -z /environments/x.json").should_fail "ERROR: /environments/x.json: No such file or directory\n" + context "GET /TYPE/NAME" do + it "knife show -z /users/x.json works" do + knife("show -z /users/x.json").should_succeed( /"x"/ ) + end end - it "knife show -z /nodes/x.json fails with an error" do - knife("show -z /nodes/x.json").should_fail "ERROR: /nodes/x.json: No such file or directory\n" - end + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + file "dummynode.json", { "name" => "x", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/x/metadata.rb", cookbook_x_100_metadata_rb + end - it "knife show -z /roles/x.json fails with an error" do - knife("show -z /roles/x.json").should_fail "ERROR: /roles/x.json: No such file or directory\n" - end + it "knife raw -z -i empty.json -m PUT /users/x" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_succeed( /"x"/ ) + knife("list --local /users").should_succeed "/users/x.json\n" + end - it "knife show -z /users/x.json fails with an error" do - knife("show -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + it "After knife raw -z -i rolestuff.json -m PUT /roles/x, the output is pretty", :skip => (RUBY_VERSION < "1.9") do + knife("raw -z -i #{path_to('rolestuff.json')} -m PUT /roles/x").should_succeed( /"x"/ ) + expect(IO.read(path_to("roles/x.json"))).to eq <<EOM.strip +{ + "name": "x", + "description": "hi there" +} +EOM + end end end - context "PUT /TYPE/NAME" do - before do - file "empty.json", {} - end + when_the_repository "is empty" do + context "POST /TYPE/NAME" do + before do + file "empty.json", { "name" => "z" } + file "dummynode.json", { "name" => "z", "chef_environment" => "rspec" , "json_class" => "Chef::Node", "normal" => {"foo" => "bar"}} + file "empty_x.json", { "name" => "x" } + file "empty_id.json", { "id" => "z" } + file "rolestuff.json", '{"description":"hi there","name":"x"}' + file "cookbooks_to_upload/z/metadata.rb", cookbook_z_100_metadata_rb + end - it "knife raw -z -i empty.json -m PUT /clients/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /clients/x").should_fail( /404/ ) + it "knife raw -z -i empty.json -m POST /users" do + knife("raw -z -i #{path_to('empty.json')} -m POST /users").should_succeed( /uri/ ) + knife("list --local /users").should_succeed "/users/z.json\n" + end end - it "knife raw -z -i empty.json -m PUT /data/x/y fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /data/x/y").should_fail( /404/ ) + it "knife list -z -R returns nothing" do + knife("list -z -Rfp /").should_succeed <<EOM +/clients/ +/cookbooks/ +/data_bags/ +/environments/ +/nodes/ +/roles/ +/users/ +EOM end - it "knife raw -z -i empty.json -m PUT /environments/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /environments/x").should_fail( /404/ ) + context "DELETE /TYPE/NAME" do + it "knife delete -z /users/x.json fails with an error" do + knife("delete -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + end end - it "knife raw -z -i empty.json -m PUT /nodes/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /nodes/x").should_fail( /404/ ) + context "GET /TYPE/NAME" do + it "knife show -z /users/x.json fails with an error" do + knife("show -z /users/x.json").should_fail "ERROR: /users/x.json: No such file or directory\n" + end end - it "knife raw -z -i empty.json -m PUT /roles/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /roles/x").should_fail( /404/ ) - end + context "PUT /TYPE/NAME" do + before do + file "empty.json", {} + end - it "knife raw -z -i empty.json -m PUT /users/x fails with 404" do - knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_fail( /404/ ) + it "knife raw -z -i empty.json -m PUT /users/x fails with 404" do + knife("raw -z -i #{path_to('empty.json')} -m PUT /users/x").should_fail( /404/ ) + end end end end diff --git a/spec/integration/recipes/resource_action_spec.rb b/spec/integration/recipes/resource_action_spec.rb index b8c533b31d..5778c467c5 100644 --- a/spec/integration/recipes/resource_action_spec.rb +++ b/spec/integration/recipes/resource_action_spec.rb @@ -9,8 +9,8 @@ describe "Resource.action" do shared_context "ActionJackson" do it "the default action is the first declared action" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" end EOM expect(ActionJackson.ran_action).to eq :access_recipe_dsl @@ -19,8 +19,8 @@ describe "Resource.action" do it "the action can access recipe DSL" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_recipe_dsl end EOM @@ -30,8 +30,8 @@ describe "Resource.action" do it "the action can access attributes" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_attribute end EOM @@ -41,8 +41,8 @@ describe "Resource.action" do it "the action can access public methods" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_method end EOM @@ -52,8 +52,8 @@ describe "Resource.action" do it "the action can access protected methods" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_protected_method end EOM @@ -64,8 +64,8 @@ describe "Resource.action" do it "the action cannot access private methods" do expect { converge(<<-EOM, __FILE__, __LINE__+1) - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_private_method end EOM @@ -75,8 +75,8 @@ describe "Resource.action" do it "the action cannot access resource instance variables" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_instance_variable end EOM @@ -86,14 +86,14 @@ describe "Resource.action" do it "the action does not compile until the prior resource has converged" do converge <<-EOM, __FILE__, __LINE__+1 - ruby_block 'wow' do + ruby_block "wow" do block do - ResourceActionSpec::ActionJackson.ruby_block_converged = 'ruby_block_converged!' + ResourceActionSpec::ActionJackson.ruby_block_converged = "ruby_block_converged!" end end - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_class_method end EOM @@ -103,12 +103,12 @@ describe "Resource.action" do it "the action's resources converge before the next resource converges" do converge <<-EOM, __FILE__, __LINE__+1 - #{resource_dsl} 'hi' do - foo 'foo!' + #{resource_dsl} "hi" do + foo "foo!" action :access_attribute end - ruby_block 'wow' do + ruby_block "wow" do block do ResourceActionSpec::ActionJackson.ruby_block_converged = ResourceActionSpec::ActionJackson.succeeded end @@ -436,6 +436,34 @@ describe "Resource.action" do end + context "With a resource with a set_or_return property named group (same name as a resource)" do + class ResourceActionSpecWithGroupAction < Chef::Resource + resource_name :resource_action_spec_set_group_to_nil + action :set_group_to_nil do + # Access x during converge to ensure that we emit no warnings there + resource_action_spec_with_group "hi" do + group nil + action :nothing + end + end + end + + class ResourceActionSpecWithGroup < Chef::Resource + resource_name :resource_action_spec_with_group + def group(value=nil) + set_or_return(:group, value, {}) + end + end + + it "Setting group to nil in an action does not emit a warning about it being defined in two places" do + expect_recipe { + resource_action_spec_set_group_to_nil "hi" do + action :set_group_to_nil + end + }.to emit_no_warnings_or_errors + end + end + context "When a resource has a property with the same name as another resource" do class HasPropertyNamedTemplate < Chef::Resource use_automatic_resource_name diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e69d61a7b3..34716e5fd8 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -67,6 +67,10 @@ require "chef/util/file_edit" require "chef/config" +if ENV["CHEF_FIPS"] == "1" + Chef::Config.init_openssl +end + # If you want to load anything into the testing environment # without versioning it, add it to spec/support/local_gems.rb require "spec/support/local_gems.rb" if File.exists?(File.join(File.dirname(__FILE__), "support", "local_gems.rb")) @@ -165,6 +169,7 @@ RSpec.configure do |config| config.filter_run_excluding :aes_256_gcm_only => true unless aes_256_gcm? config.filter_run_excluding :broken => true config.filter_run_excluding :not_wpar => true unless wpar? + config.filter_run_excluding :not_fips => true unless fips? running_platform_arch = `uname -m`.strip unless windows? diff --git a/spec/support/chef_helpers.rb b/spec/support/chef_helpers.rb index a792cd3c5f..cfc876ffd3 100644 --- a/spec/support/chef_helpers.rb +++ b/spec/support/chef_helpers.rb @@ -27,7 +27,7 @@ Chef::Config.solo(false) def sha256_checksum(path) - Digest::SHA256.hexdigest(File.read(path)) + OpenSSL::Digest::SHA256.hexdigest(File.read(path)) end # From Ruby 1.9.2+ diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 0259dc6dfb..a29cb61d00 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -204,6 +204,10 @@ def aes_256_gcm? OpenSSL::Cipher.ciphers.include?("aes-256-gcm") end +def fips? + ENV["CHEF_FIPS"] == "1" +end + class GCEDetector extend Ohai::Mixin::GCEMetadata end diff --git a/spec/unit/api_client/registration_spec.rb b/spec/unit/api_client/registration_spec.rb index bddb33fa0d..97ed1c719c 100644 --- a/spec/unit/api_client/registration_spec.rb +++ b/spec/unit/api_client/registration_spec.rb @@ -113,7 +113,7 @@ describe Chef::ApiClient::Registration do with("clients", expected_post_data). and_return(create_with_pkey_response) expect(registration.run.public_key).to eq(create_with_pkey_response["chef_key"]["public_key"]) - expect(registration.private_key).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(registration.private_key).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "puts a locally generated public key to the server to update a client" do @@ -124,7 +124,7 @@ describe Chef::ApiClient::Registration do with("clients/#{client_name}", expected_put_data). and_return(update_with_pkey_response) expect(registration.run.public_key).to eq(update_with_pkey_response["public_key"].to_pem) - expect(registration.private_key).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(registration.private_key).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "writes the generated private key to disk" do @@ -132,7 +132,7 @@ describe Chef::ApiClient::Registration do with("clients", expected_post_data). and_return(create_with_pkey_response) registration.run - expect(IO.read(key_location)).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(IO.read(key_location)).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end context "and the client already exists on a Chef 11 server" do @@ -142,7 +142,7 @@ describe Chef::ApiClient::Registration do with("clients/#{client_name}", expected_put_data). and_return(update_with_pkey_response) expect(registration.run.public_key).to eq(update_with_pkey_response["public_key"].to_pem) - expect(registration.private_key).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(registration.private_key).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end end @@ -247,7 +247,7 @@ describe Chef::ApiClient::Registration do it "creates the client on the server and writes the key" do expect(http_mock).to receive(:post).ordered.and_return(server_v10_response) registration.run - expect(IO.read(key_location)).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(IO.read(key_location)).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "retries up to 5 times" do @@ -262,7 +262,7 @@ describe Chef::ApiClient::Registration do expect(http_mock).to receive(:post).ordered.and_return(server_v10_response) registration.run - expect(IO.read(key_location)).to eq(generated_private_key_pem) + expect(OpenSSL::PKey::RSA.new(IO.read(key_location)).to_s).to eq(OpenSSL::PKey::RSA.new(generated_private_key_pem).to_s) end it "gives up retrying after the max attempts" do diff --git a/spec/unit/api_client_spec.rb b/spec/unit/api_client_spec.rb index 1f313d7447..0451541f14 100644 --- a/spec/unit/api_client_spec.rb +++ b/spec/unit/api_client_spec.rb @@ -181,7 +181,7 @@ describe Chef::ApiClient do end let(:client) do - Chef::JSONCompat.from_json(Chef::JSONCompat.to_json(client_hash)) + Chef::ApiClient.from_hash(Chef::JSONCompat.parse(Chef::JSONCompat.to_json(client_hash))) end it "should deserialize to a Chef::ApiClient object" do diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index 6a78e5c827..d66cc26927 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -136,6 +136,16 @@ describe Chef::Application do expect(Chef::Config.rspec_ran).to eq("true") end + context "when openssl fips" do + before do + allow(Chef::Config).to receive(:fips).and_return(true) + end + + it "sets openssl in fips mode" do + expect(OpenSSL).to receive(:'fips_mode=').with(true) + @app.configure_chef + end + end end describe "when there is no config_file defined" do diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb index 3b4d23da6e..60b274a774 100644 --- a/spec/unit/client_spec.rb +++ b/spec/unit/client_spec.rb @@ -45,8 +45,27 @@ describe Chef::Client do end describe "authentication protocol selection" do - it "defaults to 1.1" do - expect(Chef::Config[:authentication_protocol_version]).to eq("1.1") + context "when FIPS is disabled" do + before do + Chef::Config[:fips] = false + end + + it "defaults to 1.1" do + expect(Chef::Config[:authentication_protocol_version]).to eq("1.1") + end + end + context "when FIPS is enabled" do + before do + Chef::Config[:fips] = true + end + + it "defaults to 1.3" do + expect(Chef::Config[:authentication_protocol_version]).to eq("1.3") + end + + after do + Chef::Config[:fips] = false + end end end diff --git a/spec/unit/data_bag_item_spec.rb b/spec/unit/data_bag_item_spec.rb index 0329264718..5605763806 100644 --- a/spec/unit/data_bag_item_spec.rb +++ b/spec/unit/data_bag_item_spec.rb @@ -174,7 +174,7 @@ describe Chef::DataBagItem do data_bag_item } - let(:deserial) { Chef::JSONCompat.from_json(Chef::JSONCompat.to_json(data_bag_item)) } + let(:deserial) { Chef::DataBagItem.from_hash(Chef::JSONCompat.parse(Chef::JSONCompat.to_json(data_bag_item))) } it "should deserialize to a Chef::DataBagItem object" do diff --git a/spec/unit/data_bag_spec.rb b/spec/unit/data_bag_spec.rb index 4e06a31911..8dc716460b 100644 --- a/spec/unit/data_bag_spec.rb +++ b/spec/unit/data_bag_spec.rb @@ -59,7 +59,7 @@ describe Chef::DataBag do describe "deserialize" do before(:each) do @data_bag.name("mars_volta") - @deserial = Chef::JSONCompat.from_json(Chef::JSONCompat.to_json(@data_bag)) + @deserial = Chef::DataBag.from_hash(Chef::JSONCompat.parse(Chef::JSONCompat.to_json(@data_bag))) end it "should deserialize to a Chef::DataBag object" do diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 796ad8ff5b..ee69ecfddc 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -290,7 +290,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end - context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value" do + context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value", :not_fips do let(:encrypted_value) do Version0Encryptor.encrypt_value(plaintext_data, encryption_key) end diff --git a/spec/unit/environment_spec.rb b/spec/unit/environment_spec.rb index 04f54688de..ddbcf1d2b3 100644 --- a/spec/unit/environment_spec.rb +++ b/spec/unit/environment_spec.rb @@ -226,7 +226,7 @@ describe Chef::Environment do "json_class" => "Chef::Environment", "chef_type" => "environment", } - @environment = Chef::JSONCompat.from_json(Chef::JSONCompat.to_json(@data)) + @environment = Chef::Environment.from_hash(Chef::JSONCompat.parse(Chef::JSONCompat.to_json(@data))) end it "should return a Chef::Environment" do diff --git a/spec/unit/handler/json_file_spec.rb b/spec/unit/handler/json_file_spec.rb index 76098e2522..d66c3ef120 100644 --- a/spec/unit/handler/json_file_spec.rb +++ b/spec/unit/handler/json_file_spec.rb @@ -53,7 +53,7 @@ describe Chef::Handler::JsonFile do it "saves run status data to a file as JSON" do expect(@handler).to receive(:build_report_dir) @handler.run_report_unsafe(@run_status) - reported_data = Chef::JSONCompat.from_json(@file_mock.string) + reported_data = Chef::JSONCompat.parse(@file_mock.string) expect(reported_data["exception"]).to eq("Exception: Boy howdy!") expect(reported_data["start_time"]).to eq(@expected_time.to_s) expect(reported_data["end_time"]).to eq((@expected_time + 5).to_s) diff --git a/spec/unit/http/authenticator_spec.rb b/spec/unit/http/authenticator_spec.rb index 1289ebb61e..031a483fe9 100644 --- a/spec/unit/http/authenticator_spec.rb +++ b/spec/unit/http/authenticator_spec.rb @@ -70,7 +70,9 @@ describe Chef::HTTP::Authenticator do it_behaves_like "merging the server API version into the headers" it "calls authentication_headers with the proper input" do - expect(class_instance).to receive(:authentication_headers).with(method, url, data).and_return({}) + expect(class_instance).to receive(:authentication_headers).with( + method, url, data, + {"X-Ops-Server-API-Version" => Chef::HTTP::Authenticator::DEFAULT_SERVER_API_VERSION}).and_return({}) class_instance.handle_request(method, url, headers, data) end end diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb index 98f1fa9c37..510a1a66bc 100644 --- a/spec/unit/http/ssl_policies_spec.rb +++ b/spec/unit/http/ssl_policies_spec.rb @@ -109,7 +109,7 @@ describe "HTTP SSL Policy" do Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert" Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key" expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s) - expect(http_client.key.to_s).to eq(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")) + expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s) end end diff --git a/spec/unit/json_compat_spec.rb b/spec/unit/json_compat_spec.rb index 524b71f09a..042ac09069 100644 --- a/spec/unit/json_compat_spec.rb +++ b/spec/unit/json_compat_spec.rb @@ -20,10 +20,17 @@ require File.expand_path("../../spec_helper", __FILE__) require "chef/json_compat" describe Chef::JSONCompat do + before { Chef::Config[:treat_deprecation_warnings_as_errors] = false } describe "#from_json with JSON containing an existing class" do let(:json) { '{"json_class": "Chef::Role"}' } + it "emits a deprecation warning" do + Chef::Config[:treat_deprecation_warnings_as_errors] = true + expect { Chef::JSONCompat.from_json(json) }.to raise_error Chef::Exceptions::DeprecatedFeatureError, + /Auto inflation of JSON data is deprecated. Please use Chef::Role#from_hash/ + end + it "returns an instance of the class instead of a Hash" do expect(Chef::JSONCompat.from_json(json).class).to eq Chef::Role end diff --git a/spec/unit/node_spec.rb b/spec/unit/node_spec.rb index dcee5f8eb5..59bd1a1081 100644 --- a/spec/unit/node_spec.rb +++ b/spec/unit/node_spec.rb @@ -1207,7 +1207,7 @@ describe Chef::Node do it "should deserialize itself from json", :json => true do node.from_file(File.expand_path("nodes/test.example.com.rb", CHEF_SPEC_DATA)) json = Chef::JSONCompat.to_json(node) - serialized_node = Chef::JSONCompat.from_json(json) + serialized_node = Chef::Node.from_hash(Chef::JSONCompat.parse(json)) expect(serialized_node).to be_a_kind_of(Chef::Node) expect(serialized_node.name).to eql(node.name) expect(serialized_node.chef_environment).to eql(node.chef_environment) @@ -1246,7 +1246,7 @@ describe Chef::Node do end it "parses policyfile attributes from JSON" do - round_tripped_node = Chef::Node.json_create(node.for_json) + round_tripped_node = Chef::Node.from_hash(node.for_json) expect(round_tripped_node.policy_name).to eq("my-application") expect(round_tripped_node.policy_group).to eq("staging") diff --git a/spec/unit/provider/package/zypper_spec.rb b/spec/unit/provider/package/zypper_spec.rb index 0f39fde5cf..34cd5fe0ca 100644 --- a/spec/unit/provider/package/zypper_spec.rb +++ b/spec/unit/provider/package/zypper_spec.rb @@ -34,7 +34,7 @@ describe Chef::Provider::Package::Zypper do before(:each) do allow(Chef::Resource::Package).to receive(:new).and_return(current_resource) - allow(provider).to receive(:shell_out).and_return(status) + allow(provider).to receive(:shell_out!).and_return(status) allow(provider).to receive(:`).and_return("2.0") end @@ -60,7 +60,7 @@ describe Chef::Provider::Package::Zypper do end it "should run zypper info with the package name" do - shell_out_expectation( + shell_out_expectation!( "zypper --non-interactive info #{new_resource.package_name}" ).and_return(status) provider.load_current_resource @@ -68,33 +68,24 @@ describe Chef::Provider::Package::Zypper do it "should set the installed version to nil on the current resource if zypper info installed version is (none)" do allow(provider).to receive(:shell_out).and_return(status) + expect(current_resource).to receive(:version).with([nil]).and_return(true) provider.load_current_resource end it "should set the installed version if zypper info has one" do status = double(:stdout => "Version: 1.0\nInstalled: Yes\n", :exitstatus => 0) - allow(provider).to receive(:shell_out).and_return(status) - expect(current_resource).to receive(:version).with("1.0").and_return(true) + allow(provider).to receive(:shell_out!).and_return(status) + expect(current_resource).to receive(:version).with(["1.0"]).and_return(true) provider.load_current_resource end it "should set the candidate version if zypper info has one" do status = double(:stdout => "Version: 1.0\nInstalled: No\nStatus: out-of-date (version 0.9 installed)", :exitstatus => 0) - allow(provider).to receive(:shell_out).and_return(status) + allow(provider).to receive(:shell_out!).and_return(status) provider.load_current_resource - expect(provider.candidate_version).to eql("1.0") - end - - it "should raise an exception if zypper info fails" do - expect(status).to receive(:exitstatus).and_return(1) - expect { provider.load_current_resource }.to raise_error(Chef::Exceptions::Package) - end - - it "should not raise an exception if zypper info succeeds" do - expect(status).to receive(:exitstatus).and_return(0) - expect { provider.load_current_resource }.not_to raise_error + expect(provider.candidate_version).to eql(["1.0"]) end it "should return the current resouce" do @@ -108,7 +99,7 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --non-interactive install --auto-agree-with-licenses emacs=1.0" ) - provider.install_package("emacs", "1.0") + provider.install_package(["emacs"], ["1.0"]) end it "should run zypper install without gpg checks" do allow(Chef::Config).to receive(:[]).with(:zypper_check_gpg).and_return(false) @@ -116,7 +107,7 @@ describe Chef::Provider::Package::Zypper do "zypper --non-interactive --no-gpg-checks install "+ "--auto-agree-with-licenses emacs=1.0" ) - provider.install_package("emacs", "1.0") + provider.install_package(["emacs"], ["1.0"]) end it "should warn about gpg checks on zypper install" do expect(Chef::Log).to receive(:warn).with( @@ -126,7 +117,7 @@ describe Chef::Provider::Package::Zypper do "zypper --non-interactive --no-gpg-checks install "+ "--auto-agree-with-licenses emacs=1.0" ) - provider.install_package("emacs", "1.0") + provider.install_package(["emacs"], ["1.0"]) end end @@ -136,7 +127,7 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --non-interactive install --auto-agree-with-licenses emacs=1.0" ) - provider.upgrade_package("emacs", "1.0") + provider.upgrade_package(["emacs"], ["1.0"]) end it "should run zypper update without gpg checks" do allow(Chef::Config).to receive(:[]).with(:zypper_check_gpg).and_return(false) @@ -144,7 +135,7 @@ describe Chef::Provider::Package::Zypper do "zypper --non-interactive --no-gpg-checks install "+ "--auto-agree-with-licenses emacs=1.0" ) - provider.upgrade_package("emacs", "1.0") + provider.upgrade_package(["emacs"], ["1.0"]) end it "should warn about gpg checks on zypper upgrade" do expect(Chef::Log).to receive(:warn).with( @@ -154,14 +145,14 @@ describe Chef::Provider::Package::Zypper do "zypper --non-interactive --no-gpg-checks install "+ "--auto-agree-with-licenses emacs=1.0" ) - provider.upgrade_package("emacs", "1.0") + provider.upgrade_package(["emacs"], ["1.0"]) end it "should run zypper upgrade without gpg checks" do shell_out_expectation!( "zypper --non-interactive --no-gpg-checks install "+ "--auto-agree-with-licenses emacs=1.0" ) - provider.upgrade_package("emacs", "1.0") + provider.upgrade_package(["emacs"], ["1.0"]) end end @@ -173,7 +164,7 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --non-interactive remove emacs" ) - provider.remove_package("emacs", nil) + provider.remove_package(["emacs"], [nil]) end end @@ -183,14 +174,14 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --non-interactive remove emacs=1.0" ) - provider.remove_package("emacs", "1.0") + provider.remove_package(["emacs"], ["1.0"]) end it "should run zypper remove without gpg checks" do allow(Chef::Config).to receive(:[]).with(:zypper_check_gpg).and_return(false) shell_out_expectation!( "zypper --non-interactive --no-gpg-checks remove emacs=1.0" ) - provider.remove_package("emacs", "1.0") + provider.remove_package(["emacs"], ["1.0"]) end it "should warn about gpg checks on zypper remove" do expect(Chef::Log).to receive(:warn).with( @@ -199,24 +190,24 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --non-interactive --no-gpg-checks remove emacs=1.0" ) - provider.remove_package("emacs", "1.0") + provider.remove_package(["emacs"], ["1.0"]) end end end describe "purge_package" do - it "should run remove_package with the name and version" do + it "should run remove with the name and version and --clean-deps" do shell_out_expectation!( "zypper --non-interactive --no-gpg-checks remove --clean-deps emacs=1.0" ) - provider.purge_package("emacs", "1.0") + provider.purge_package(["emacs"], ["1.0"]) end it "should run zypper purge without gpg checks" do allow(Chef::Config).to receive(:[]).with(:zypper_check_gpg).and_return(false) shell_out_expectation!( "zypper --non-interactive --no-gpg-checks remove --clean-deps emacs=1.0" ) - provider.purge_package("emacs", "1.0") + provider.purge_package(["emacs"], ["1.0"]) end it "should warn about gpg checks on zypper purge" do expect(Chef::Log).to receive(:warn).with( @@ -225,7 +216,7 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --non-interactive --no-gpg-checks remove --clean-deps emacs=1.0" ) - provider.purge_package("emacs", "1.0") + provider.purge_package(["emacs"], ["1.0"]) end end @@ -239,7 +230,7 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --no-gpg-checks install --auto-agree-with-licenses -y emacs" ) - provider.install_package("emacs", "1.0") + provider.install_package(["emacs"], ["1.0"]) end end @@ -248,7 +239,7 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --no-gpg-checks install --auto-agree-with-licenses -y emacs" ) - provider.upgrade_package("emacs", "1.0") + provider.upgrade_package(["emacs"], ["1.0"]) end end @@ -257,8 +248,27 @@ describe Chef::Provider::Package::Zypper do shell_out_expectation!( "zypper --no-gpg-checks remove -y emacs" ) - provider.remove_package("emacs", "1.0") + provider.remove_package(["emacs"], ["1.0"]) end end end + + describe "when installing multiple packages" do # https://github.com/chef/chef/issues/3570 + it "should install an array of package names and versions" do + allow(Chef::Config).to receive(:[]).with(:zypper_check_gpg).and_return(false) + shell_out_expectation!( + "zypper --non-interactive --no-gpg-checks install "+ + "--auto-agree-with-licenses emacs=1.0 vim=2.0" + ) + provider.install_package(["emacs", "vim"], ["1.0", "2.0"]) + end + + it "should remove an array of package names and versions" do + allow(Chef::Config).to receive(:[]).with(:zypper_check_gpg).and_return(false) + shell_out_expectation!( + "zypper --non-interactive --no-gpg-checks remove emacs=1.0 vim=2.0" + ) + provider.remove_package(["emacs", "vim"], ["1.0", "2.0"]) + end + end end diff --git a/spec/unit/rest/auth_credentials_spec.rb b/spec/unit/rest/auth_credentials_spec.rb index 88da44319b..c3ce695387 100644 --- a/spec/unit/rest/auth_credentials_spec.rb +++ b/spec/unit/rest/auth_credentials_spec.rb @@ -23,37 +23,6 @@ require "spec_helper" require "uri" require "net/https" -KEY_DOT_PEM=<<-END_RSA_KEY ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA49TA0y81ps0zxkOpmf5V4/c4IeR5yVyQFpX3JpxO4TquwnRh -8VSUhrw8kkTLmB3cS39Db+3HadvhoqCEbqPE6915kXSuk/cWIcNozujLK7tkuPEy -YVsyTioQAddSdfe+8EhQVf3oHxaKmUd6waXrWqYCnhxgOjxocenREYNhZ/OETIei -PbOku47vB4nJK/0GhKBytL2XnsRgfKgDxf42BqAi1jglIdeq8lAWZNF9TbNBU21A -O1iuT7Pm6LyQujhggPznR5FJhXKRUARXBJZawxpGV4dGtdcahwXNE4601aXPra+x -PcRd2puCNoEDBzgVuTSsLYeKBDMSfs173W1QYwIDAQABAoIBAGF05q7vqOGbMaSD -2Q7YbuE/JTHKTBZIlBI1QC2x+0P5GDxyEFttNMOVzcs7xmNhkpRw8eX1LrInrpMk -WsIBKAFFEfWYlf0RWtRChJjNl+szE9jQxB5FJnWtJH/FHa78tR6PsF24aQyzVcJP -g0FGujBihwgfV0JSCNOBkz8MliQihjQA2i8PGGmo4R4RVzGfxYKTIq9vvRq/+QEa -Q4lpVLoBqnENpnY/9PTl6JMMjW2b0spbLjOPVwDaIzXJ0dChjNXo15K5SHI5mALJ -I5gN7ODGb8PKUf4619ez194FXq+eob5YJdilTFKensIUvt3YhP1ilGMM+Chi5Vi/ -/RCTw3ECgYEA9jTw4wv9pCswZ9wbzTaBj9yZS3YXspGg26y6Ohq3ZmvHz4jlT6uR -xK+DDcUiK4072gci8S4Np0fIVS7q6ivqcOdzXPrTF5/j+MufS32UrBbUTPiM1yoO -ECcy+1szl/KoLEV09bghPbvC58PFSXV71evkaTETYnA/F6RK12lEepcCgYEA7OSy -bsMrGDVU/MKJtwqyGP9ubA53BorM4Pp9VVVSCrGGVhb9G/XNsjO5wJC8J30QAo4A -s59ZzCpyNRy046AB8jwRQuSwEQbejSdeNgQGXhZ7aIVUtuDeFFdaIz/zjVgxsfj4 -DPOuzieMmJ2MLR4F71ocboxNoDI7xruPSE8dDhUCgYA3vx732cQxgtHwAkeNPJUz -dLiE/JU7CnxIoSB9fYUfPLI+THnXgzp7NV5QJN2qzMzLfigsQcg3oyo6F2h7Yzwv -GkjlualIRRzCPaCw4Btkp7qkPvbs1QngIHALt8fD1N69P3DPHkTwjG4COjKWgnJq -qoHKS6Fe/ZlbigikI6KsuwKBgQCTlSLoyGRHr6oj0hqz01EDK9ciMJzMkZp0Kvn8 -OKxlBxYW+jlzut4MQBdgNYtS2qInxUoAnaz2+hauqhSzntK3k955GznpUatCqx0R -b857vWviwPX2/P6+E3GPdl8IVsKXCvGWOBZWTuNTjQtwbDzsUepWoMgXnlQJSn5I -YSlLxQKBgQD16Gw9kajpKlzsPa6XoQeGmZALT6aKWJQlrKtUQIrsIWM0Z6eFtX12 -2jjHZ0awuCQ4ldqwl8IfRogWMBkHOXjTPVK0YKWWlxMpD/5+bGPARa5fir8O1Zpo -Y6S6MeZ69Rp89ma4ttMZ+kwi1+XyHqC/dlcVRW42Zl5Dc7BALRlJjQ== ------END RSA PRIVATE KEY----- - END_RSA_KEY - - describe Chef::REST::AuthCredentials do before do @key_file_fixture = CHEF_SPEC_DATA + "/ssl/private_key.pem" @@ -67,7 +36,7 @@ describe Chef::REST::AuthCredentials do it "loads the private key when initialized with the path to the key" do expect(@auth_credentials.key).to respond_to(:private_encrypt) - expect(@auth_credentials.key.to_s).to eq(KEY_DOT_PEM) + expect(@auth_credentials.key).to eq(@key) end describe "when loading the private key" do diff --git a/spec/unit/rest_spec.rb b/spec/unit/rest_spec.rb index 8e6a3be79c..86572c7034 100644 --- a/spec/unit/rest_spec.rb +++ b/spec/unit/rest_spec.rb @@ -74,6 +74,7 @@ describe Chef::REST do before(:each) do Chef::Log.init(log_stringio) + Chef::Config[:treat_deprecation_warnings_as_errors] = false end it "should have content length validation middleware after compressor middleware" do @@ -92,6 +93,12 @@ describe Chef::REST do Chef::REST.new(base_url, nil, nil, options) end + it "emits a deprecation warning" do + Chef::Config[:treat_deprecation_warnings_as_errors] = true + expect { Chef::REST.new(base_url) }.to raise_error Chef::Exceptions::DeprecatedFeatureError, + /Chef::REST is deprecated. Please use Chef::ServerAPI, or investigate Ridley or ChefAPI./ + end + context "when created with a chef zero URL" do let(:url) { "chefzero://localhost:1" } diff --git a/tasks/cbgb.rb b/tasks/cbgb.rb new file mode 100644 index 0000000000..97d374e297 --- /dev/null +++ b/tasks/cbgb.rb @@ -0,0 +1,78 @@ +# +# Author:: Thom May (tmay@chef.io) +# Author:: Nathen Harvey (nharvey@chef.io) +# Copyright:: Copyright (c) 2015-2016, Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "rake" +require "tomlrb" + +CBGB_SOURCE = File.join(File.dirname(__FILE__), "..", "CBGB.toml") +CBGB_TARGET = File.join(File.dirname(__FILE__), "..", "CBGB.md") + +task :default => :generate + +namespace :cbgb do + desc "Generate MarkDown version of CBGB file" + task :generate do + cbgb = Tomlrb.load_file CBGB_SOURCE + out = "<!-- This is a generated file. Please do not edit directly -->\n" + out << "<!-- Modify CBGB.toml file and run `rake cbgb:generate` to regenerate -->\n\n" + out << "# " + cbgb["Preamble"]["title"] + "\n\n" + out << cbgb["Preamble"]["text"] + "\n" + out << "# Board of Governors\n\n" + out << "## " + cbgb["Org"]["Lead"]["title"] + "\n\n" + out << person(cbgb["people"], cbgb["Org"]["Lead"]["person"]) + "\n\n" + out << "### " + cbgb["Org"]["Contributors"]["title"] + "\n\n" + out << cbgb(cbgb["people"], cbgb["Org"]["Contributors"]["governers"]) + "\n\n" + out << "### " + cbgb["Org"]["Corporate-Contributors"]["title"] + "\n\n" + out << cbgb(cbgb["corporations"], cbgb["Org"]["Corporate-Contributors"]["governers"]) + "\n\n" + out << "### " + cbgb["Org"]["Lieutenants"]["title"] + "\n\n" + out << cbgb(cbgb["people"], cbgb["Org"]["Lieutenants"]["governers"]) + "\n\n" + File.open(CBGB_TARGET, "w") { |fn| + fn.write out + } + end +end + +def components(list, cmp) + out = "" + cmp.each do |k,v| + out << "\n#### #{v['title'].gsub('#','\\#')}\n" + out << cbgb(list, v["cbgb"]) + end + out +end + +def cbgb(list, people) + o = "" + people.each do |p| + o << person(list, p) + "\n" + end + o +end + +def person(list, person) + if list[person].has_key?("GitHub") + out = "* [#{list[person]["Name"]}](https://github.com/#{list[person]["GitHub"]})" + else + out = "* #{list[person]["Name"]}" + end + if list[person].has_key?("Person") + out << " - #{list[person]["Person"]}" + end + out +end |