| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This pull request was triggered automatically via Expeditor when e241cfd3dc29468899540b84a0e071150f9b1931 was merged.
This change falls under the obvious fix policy so no Developer Certificate of Origin (DCO) sign-off is required.
|
|
|
|
| |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\
| |
| | |
chef_client_config: Add the ability to set policy_persist_run_list
|
|/
|
|
|
|
| |
Make this super simple to enable.
Signed-off-by: Tim Smith <tsmith@chef.io>
|
|
|
|
| |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\
| |
| | |
Secrets: Azure Key Vault fetcher; versioned secret support
|
| |
| |
| |
| | |
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Usage in a recipe looks like this:
value = secret(name: "test1", version: "v1",
service: :azure_key_vault,
config: { vault: "myvault" } )
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Versioning is commonly supported across most major secrets services.
This change allows the DSL to support fetching a specific secret
version. Implementations are expected to default to fetching the most
recent version when no version is provided.
Usage:
secret(name: 'secret1', version: 'version1', service: :example)
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \ |
|
| |\ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since I missed a clause in one check here, and it is duplicated,
it should probably be a helper method.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| | | |
| | | |
| | | | |
Co-authored-by: Tim Smith <tsmith@chef.io>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will allow temporarily setting the run list to a different
setting and still having the node saved (complimentary to setting
an override run list which does not save the node).
This can be used inside of test-kitchen for setting the run_list
to a fixture cookbook that is not in the policyfile without
needing to go through named_run_lists.
This can also be used with -j or -r on provisioning to run a
bootstrapping recipe, which will then be overridden by the
policyfile.
A switch is included to cause the node.run_list setting from the
-j or -r setting (or setting via code with `node.run_list <<`) to
persist and to override the policyfile. This is for sites which
have adopted complicated run_list mutating workflows to make it so
they can set Chef::Config[:policy_persist_run_list] to true and
will be able to migrate those workflows more easily to a policyfile
world. When it is run in this configuration it will always print
a WARN level message that the policyfile is being overridden since
it is not intended that the common state of the server would be
to ignore the policyfile run_list.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| | | |
| | | |
| | | |
| | | | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
chef/dependabot/bundler/omnibus/master/omnibus-software-237c0a4
Bump omnibus-software from `cdef22f` to `237c0a4` in /omnibus
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [omnibus-software](https://github.com/chef/omnibus-software) from `cdef22f` to `237c0a4`.
- [Release notes](https://github.com/chef/omnibus-software/releases)
- [Commits](https://github.com/chef/omnibus-software/compare/cdef22f0276e2e7272d3811bb459109b7e67a2bf...237c0a49b458da92cc6cdfbc488b8455f848f1c4)
---
updated-dependencies:
- dependency-name: omnibus-software
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/
|/|
| |
| |
| |
| | |
https://github.com/chef/chef/issues/8056
Signed-off-by: Vikram Karve <vikram.karve@progress.com>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \
| | |
| | |
| | |
| | | |
chef/dependabot/bundler/omnibus/master/omnibus-6d109b6
Bump omnibus from `5803fdc` to `6d109b6` in /omnibus
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [omnibus](https://github.com/chef/omnibus) from `5803fdc` to `6d109b6`.
- [Release notes](https://github.com/chef/omnibus/releases)
- [Commits](https://github.com/chef/omnibus/compare/5803fdc6bda3fab75877415d5e898b166632aec3...6d109b6cd7bf35e4d0f4ca0bb5378b1d430e44df)
---
updated-dependencies:
- dependency-name: omnibus
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
| |
| |
| | |
Signed-off-by: Tim Smith <tsmith@chef.io>
|
| |
| |
| | |
Signed-off-by: Tim Smith <tsmith@chef.io>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \
| | |
| | |
| | |
| | | |
chef/dependabot/bundler/omnibus/omnibus-software-cdef22f
Bump omnibus-software from `e9feb35` to `cdef22f` in /omnibus
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [omnibus-software](https://github.com/chef/omnibus-software) from `e9feb35` to `cdef22f`.
- [Release notes](https://github.com/chef/omnibus-software/releases)
- [Commits](https://github.com/chef/omnibus-software/compare/e9feb357a695b6d022e7da2bb535baf5d53e8e84...cdef22f0276e2e7272d3811bb459109b7e67a2bf)
---
updated-dependencies:
- dependency-name: omnibus-software
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |/ /
|/| | |
Bump omnibus from `5c1b453` to `5803fdc` in /omnibus
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [omnibus](https://github.com/chef/omnibus) from `5c1b453` to `5803fdc`.
- [Release notes](https://github.com/chef/omnibus/releases)
- [Commits](https://github.com/chef/omnibus/compare/5c1b453f577c54ab4b75c45e5949906bd916371a...5803fdc6bda3fab75877415d5e898b166632aec3)
---
updated-dependencies:
- dependency-name: omnibus
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \
| | |
| | | |
Add dependabot config
|
|/ /
| |
| |
| |
| |
| | |
They fixed their bundler issue by upgrading
Signed-off-by: Tim Smith <tsmith@chef.io>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \
| | |
| | | |
Don't cleanup the VERSION file in the aws gem install
|
|/ /
| |
| |
| |
| |
| |
| | |
We need that file. Also remove the fauxhai cleanup since we don't ship
that gem anymore.
Signed-off-by: Tim Smith <tsmith@chef.io>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \
| | |
| | | |
Fix busted ssh unit specs
|
|/ /
| |
| |
| | |
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \
| | |
| | | |
Experimental support for an AWS Secrets Fetcher
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The secret value is now returned instead of the object wrapper provided
by the AWS SKD.
Usage in recipe now looks like this:
value = secret(name: "test1", service: :aws_secrets_manager, config: { region: "us-west-1" })
log "My secret is #{value}"
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Smith <tsmith@chef.io>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Smith <tsmith@chef.io>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In a recipe, usage will look like the following:
value = secret(name: "test1", service: :aws_secrets_manager, config: { region: "us-west-1" })
log "My secret is #{value.secret_string}"
Note the use of `secret_string` to determine the secret value. The
returned object here is Aws::Types::GetSecretValueResponse from the AWS SDK.
This beta implementation supports ec2/imds instance profile
authentication but also checks standard locations for credentials
configuration -- see documentation [1] for a description of default credentials search behavior.
[1] https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager/Client.html#initialize-instance_method
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
|
| |
| |
| |
| | |
Obvious fix; these changes are the result of automation not creative thinking.
|
|\ \
| | |
| | | |
Deprecate the old policyfile compat mode
|
| | |
| | |
| | |
| | | |
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|