From 3432692a73bb0546a08fe7f16a1b9b5b12af15a6 Mon Sep 17 00:00:00 2001 From: Salim Afiune Date: Thu, 9 Mar 2017 10:14:50 -0500 Subject: Changed EOP to 'EOP' to avoid content expansion [ZD-12489] This change fixes the content expansion of the bootstrap command in the option `--json-attributes`. Reference: https://www.gnu.org/software/bash/manual/html_node/Redirections.html It might be possible that some users are counting on this expansion to occur. Signed-off-by: Salim Afiune --- lib/chef/knife/bootstrap/templates/chef-full.erb | 12 +++++----- spec/unit/knife/bootstrap_spec.rb | 29 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/lib/chef/knife/bootstrap/templates/chef-full.erb b/lib/chef/knife/bootstrap/templates/chef-full.erb index 6007ff9859..145761a39e 100644 --- a/lib/chef/knife/bootstrap/templates/chef-full.erb +++ b/lib/chef/knife/bootstrap/templates/chef-full.erb @@ -182,21 +182,21 @@ fi mkdir -p /etc/chef <% if client_pem -%> -cat > /etc/chef/client.pem < /etc/chef/client.pem <<'EOP' <%= ::File.read(::File.expand_path(client_pem)) %> EOP chmod 0600 /etc/chef/client.pem <% end -%> <% if validation_key -%> -cat > /etc/chef/validation.pem < /etc/chef/validation.pem <<'EOP' <%= validation_key %> EOP chmod 0600 /etc/chef/validation.pem <% end -%> <% if encrypted_data_bag_secret -%> -cat > /etc/chef/encrypted_data_bag_secret < /etc/chef/encrypted_data_bag_secret <<'EOP' <%= encrypted_data_bag_secret %> EOP chmod 0600 /etc/chef/encrypted_data_bag_secret @@ -212,17 +212,17 @@ mkdir -p /etc/chef/trusted_certs mkdir -p /etc/chef/ohai/hints <% @chef_config[:knife][:hints].each do |name, hash| -%> -cat > /etc/chef/ohai/hints/<%= name %>.json < /etc/chef/ohai/hints/<%= name %>.json <<'EOP' <%= Chef::JSONCompat.to_json(hash) %> EOP <% end -%> <% end -%> -cat > /etc/chef/client.rb < /etc/chef/client.rb <<'EOP' <%= config_content %> EOP -cat > /etc/chef/first-boot.json < /etc/chef/first-boot.json <<'EOP' <%= Chef::JSONCompat.to_json(first_boot) %> EOP diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index c2f68277c5..4201963b7d 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -48,6 +48,35 @@ describe Chef::Knife::Bootstrap do expect(File.basename(knife.bootstrap_template)).to eq("chef-full") end + context "when using the chef-full default template" do + let(:rendered_template) do + knife.merge_configs + knife.render_template + end + + it "should render client.rb" do + expect(rendered_template).to match("cat > /etc/chef/client.rb <<'EOP'") + expect(rendered_template).to match("chef_server_url \"https://localhost:443\"") + expect(rendered_template).to match("validation_client_name \"chef-validator\"") + expect(rendered_template).to match("log_location STDOUT") + end + + it "should render first-boot.json" do + expect(rendered_template).to match("cat > /etc/chef/first-boot.json <<'EOP'") + expect(rendered_template).to match('{"run_list":\[\]}') + end + + context "and encrypted_data_bag_secret was provided" do + it "should render encrypted_data_bag_secret file" do + expect(knife).to receive(:encryption_secret_provided_ignore_encrypt_flag?).and_return(true) + expect(knife).to receive(:read_secret).and_return("secrets") + expect(rendered_template).to match("cat > /etc/chef/encrypted_data_bag_secret <<'EOP'") + expect(rendered_template).to match('{"run_list":\[\]}') + expect(rendered_template).to match(%r{secrets}) + end + end + end + context "with --bootstrap-vault-item" do let(:bootstrap_cli_options) { [ "--bootstrap-vault-item", "vault1:item1", "--bootstrap-vault-item", "vault1:item2", "--bootstrap-vault-item", "vault2:item1" ] } it "sets the knife config cli option correctly" do -- cgit v1.2.1