From f99e6335594d360defc97f734cd4cc5599b98c8a Mon Sep 17 00:00:00 2001 From: tpowell-progress <104777878+tpowell-progress@users.noreply.github.com> Date: Tue, 7 Mar 2023 10:02:01 -0500 Subject: Update README.md Link to effortless debug doc --- docs/dev/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/dev/README.md b/docs/dev/README.md index 20a756b1f4..756fe808e8 100644 --- a/docs/dev/README.md +++ b/docs/dev/README.md @@ -10,6 +10,7 @@ A good first start is our [How Chef Infra Is Built](./design_documents/how_chef_ - [Branching and Backporting Changes](./how_to/branching_and_backporting.md) - [Updating Dependencies](./how_to/updating_dependencies.md) - [Bumping Major and Minor Versions](./how_to/bumping_minor_or_major_versions.md) +- [Debugging Effortless Chef from Export](./how_to/debugging_effortless.md) ## Design Documents -- cgit v1.2.1 From b73d00973326d882c712dd6d70f441f4660695d1 Mon Sep 17 00:00:00 2001 From: wheatevo <18470637+wheatevo@users.noreply.github.com> Date: Tue, 7 Mar 2023 14:15:50 -0600 Subject: Add selinux_user and selinux_login resources (#13511) * Add `selinux_user` resource to manage SELinux users. * Add `selinux_login` resource to manage OS login to SELinux user mapping. Related to PR https://github.com/sous-chefs/selinux/pull/92 Signed-off-by: Matthew Newell --- .../cookbooks/end_to_end/recipes/linux.rb | 25 ++++ lib/chef/resource/selinux_login.rb | 129 +++++++++++++++++++ lib/chef/resource/selinux_user.rb | 137 +++++++++++++++++++++ lib/chef/resources.rb | 2 + spec/unit/resource/selinux_login_spec.rb | 73 +++++++++++ spec/unit/resource/selinux_user_spec.rb | 92 ++++++++++++++ 6 files changed, 458 insertions(+) create mode 100644 lib/chef/resource/selinux_login.rb create mode 100644 lib/chef/resource/selinux_user.rb create mode 100644 spec/unit/resource/selinux_login_spec.rb create mode 100644 spec/unit/resource/selinux_user_spec.rb diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb b/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb index d8e824fde6..b1b907a6d5 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb @@ -34,6 +34,31 @@ if platform_family?("rhel", "fedora", "amazon") selinux_state "permissive" do action :permissive end + + user "se_map_test" + + selinux_user "se_map_test_u" do + level "s0" + range "s0" + roles %w{sysadm_r staff_r} + end + + selinux_login "se_map_test" do + user "se_map_test_u" + range "s0" + end + + selinux_login "se_map_test" do + action :delete + end + + selinux_user "se_map_test_u" do + action :delete + end + + user "se_map_test" do + action :remove + end end build_essential do diff --git a/lib/chef/resource/selinux_login.rb b/lib/chef/resource/selinux_login.rb new file mode 100644 index 0000000000..f634b2cb9c --- /dev/null +++ b/lib/chef/resource/selinux_login.rb @@ -0,0 +1,129 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require_relative "../resource" +require_relative "selinux/common_helpers" + +class Chef + class Resource + class SelinuxLogin < Chef::Resource + unified_mode true + + provides :selinux_login + + description "Use the **selinux_login** resource to add, update, or remove SELinux user to OS login mappings." + introduced "18.1" + examples <<~DOC + **Manage test OS user mapping with a range of s0 and associated SELinux user test_u**: + + ```ruby + selinux_login 'test' do + user 'test_u' + range 's0' + end + ``` + DOC + + property :login, String, + name_property: true, + description: "An optional property to set the OS user login value if it differs from the resource block's name." + + property :user, String, + description: "SELinux user to be mapped." + + property :range, String, + description: "MLS/MCS security range for the SELinux user." + + load_current_value do |new_resource| + logins = shell_out!("semanage login -l").stdout.split("\n") + + current_login = logins.grep(/^#{Regexp.escape(new_resource.login)}\s+/) do |l| + l.match(/^(?[^\s]+)\s+(?[^\s]+)\s+(?[^\s]+)/) + # match returns [] or [], shift converts that to or nil + end.shift + + current_value_does_not_exist! unless current_login + + # Existing resources should maintain their current configuration unless otherwise specified + new_resource.user ||= current_login[:user] + new_resource.range ||= current_login[:range] + + user current_login[:user] + range current_login[:range] + end + + action_class do + include Chef::SELinux::CommonHelpers + + def semanage_login_args + # Generate arguments for semanage login -a or -m + args = "" + + args += " -s #{new_resource.user}" if new_resource.user + args += " -r #{new_resource.range}" if new_resource.range + + args + end + end + + action :manage, description: "Sets the SELinux login mapping to the desired settings regardless of previous state." do + run_action(:add) + run_action(:modify) + end + + # Create if doesn't exist, do not touch if user already exists + action :add, description: "Creates the SELinux login mapping if not previously created." do + raise "The user property must be populated to create a new SELinux login" if new_resource.user.to_s.empty? + + if selinux_disabled? + Chef::Log.warn("Unable to add SELinux login #{new_resource.login} as SELinux is disabled") + return + end + + unless current_resource + converge_if_changed do + shell_out!("semanage login -a#{semanage_login_args} #{new_resource.login}") + end + end + end + + # Only modify port if it exists & doesn't have the correct context already + action :modify, description: "Updates the SELinux login mapping if previously created." do + if selinux_disabled? + Chef::Log.warn("Unable to modify SELinux login #{new_resource.login} as SELinux is disabled") + return + end + + if current_resource + converge_if_changed do + shell_out!("semanage login -m#{semanage_login_args} #{new_resource.login}") + end + end + end + + # Delete if exists + action :delete, description: "Removes the SELinux login mapping if previously created." do + if selinux_disabled? + Chef::Log.warn("Unable to delete SELinux login #{new_resource.login} as SELinux is disabled") + return + end + + if current_resource + converge_by "deleting SELinux login #{new_resource.login}" do + shell_out!("semanage login -d #{new_resource.login}") + end + end + end + end + end +end diff --git a/lib/chef/resource/selinux_user.rb b/lib/chef/resource/selinux_user.rb new file mode 100644 index 0000000000..ca8d69c919 --- /dev/null +++ b/lib/chef/resource/selinux_user.rb @@ -0,0 +1,137 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require_relative "../resource" +require_relative "selinux/common_helpers" + +class Chef + class Resource + class SelinuxUser < Chef::Resource + unified_mode true + + provides :selinux_user + + description "Use the **selinux_user** resource to add, update, or remove SELinux users." + introduced "18.1" + examples <<~DOC + **Manage test_u SELinux user with a level and range of s0 and roles sysadm_r and staff_r**: + + ```ruby + selinux_user 'test_u' do + level 's0' + range 's0' + roles %w(sysadm_r staff_r) + end + ``` + DOC + + property :user, String, + name_property: true, + description: "An optional property to set the SELinux user value if it differs from the resource block's name." + + property :level, String, + description: "MLS/MCS security level for the SELinux user." + + property :range, String, + description: "MLS/MCS security range for the SELinux user." + + property :roles, Array, + description: "Associated SELinux roles for the user.", + coerce: proc { |r| Array(r).sort } + + load_current_value do |new_resource| + users = shell_out!("semanage user -l").stdout.split("\n") + + current_user = users.grep(/^#{Regexp.escape(new_resource.user)}\s+/) do |u| + u.match(/^(?[^\s]+)\s+(?[^\s]+)\s+(?[^\s]+)\s+(?[^\s]+)\s+(?.*)$/) + # match returns [] or [], shift converts that to or nil + end.shift + + current_value_does_not_exist! unless current_user + + # Existing resources should maintain their current configuration unless otherwise specified + new_resource.level ||= current_user[:level] + new_resource.range ||= current_user[:range] + new_resource.roles ||= current_user[:roles].to_s.split.sort + + level current_user[:level] + range current_user[:range] + roles current_user[:roles].to_s.split.sort + end + + action_class do + include Chef::SELinux::CommonHelpers + + def semanage_user_args + # Generate arguments for semanage user -a or -m + args = "" + + args += " -L #{new_resource.level}" if new_resource.level + args += " -r #{new_resource.range}" if new_resource.range + args += " -R '#{new_resource.roles.join(" ")}'" unless new_resource.roles.to_a.empty? + + args + end + end + + action :manage, description: "Sets the SELinux user to the desired settings regardless of previous state." do + run_action(:add) + run_action(:modify) + end + + # Create if doesn't exist, do not touch if user already exists + action :add, description: "Creates the SELinux user if not previously created." do + raise "The roles property must be populated to create a new SELinux user" if new_resource.roles.to_a.empty? + + if selinux_disabled? + Chef::Log.warn("Unable to add SELinux user #{new_resource.user} as SELinux is disabled") + return + end + + unless current_resource + converge_if_changed do + shell_out!("semanage user -a#{semanage_user_args} #{new_resource.user}") + end + end + end + + # Only modify port if it exists & doesn't have the correct context already + action :modify, description: "Updates the SELinux user if previously created." do + if selinux_disabled? + Chef::Log.warn("Unable to modify SELinux user #{new_resource.user} as SELinux is disabled") + return + end + + if current_resource + converge_if_changed do + shell_out!("semanage user -m#{semanage_user_args} #{new_resource.user}") + end + end + end + + # Delete if exists + action :delete, description: "Removes the SELinux user if previously created." do + if selinux_disabled? + Chef::Log.warn("Unable to delete SELinux user #{new_resource.user} as SELinux is disabled") + return + end + + if current_resource + converge_by "deleting SELinux user #{new_resource.user}" do + shell_out!("semanage user -d #{new_resource.user}") + end + end + end + end + end +end diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index 0d310f8bea..ca8e5f28c3 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -127,10 +127,12 @@ require_relative "resource/script" require_relative "resource/selinux_boolean" require_relative "resource/selinux_fcontext" require_relative "resource/selinux_install" +require_relative "resource/selinux_login" require_relative "resource/selinux_module" require_relative "resource/selinux_permissive" require_relative "resource/selinux_port" require_relative "resource/selinux_state" +require_relative "resource/selinux_user" require_relative "resource/service" require_relative "resource/sudo" require_relative "resource/sysctl" diff --git a/spec/unit/resource/selinux_login_spec.rb b/spec/unit/resource/selinux_login_spec.rb new file mode 100644 index 0000000000..42aeb52391 --- /dev/null +++ b/spec/unit/resource/selinux_login_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright:: Copyright (c) Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::SelinuxLogin do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::SelinuxLogin.new("fakey_fakerton", run_context) } + let(:provider) { resource.provider_for_action(:manage) } + + it "sets login property as name_property" do + expect(resource.login).to eql("fakey_fakerton") + end + + it "sets the default action as :manage" do + expect(resource.action).to eql([:manage]) + end + + it "supports :manage, :add, :modify, :delete actions" do + expect { resource.action :manage }.not_to raise_error + expect { resource.action :add }.not_to raise_error + expect { resource.action :modify }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end + + describe "#semanage_login_args" do + let(:provider) { resource.provider_for_action(:modify) } + + context "when no parameters are provided" do + it "returns an empty string" do + expect(provider.semanage_login_args).to eq("") + end + end + + context "when all parameters are provided" do + it "returns all params" do + resource.user "user_u" + resource.range "s0" + expect(provider.semanage_login_args).to eq(" -s user_u -r s0") + end + end + + context "when no user is provided" do + it "returns range param" do + resource.range "s0" + expect(provider.semanage_login_args).to eq(" -r s0") + end + end + + context "when no range is provided" do + it "returns user param" do + resource.user "user_u" + expect(provider.semanage_login_args).to eq(" -s user_u") + end + end + end +end diff --git a/spec/unit/resource/selinux_user_spec.rb b/spec/unit/resource/selinux_user_spec.rb new file mode 100644 index 0000000000..227b79d8b9 --- /dev/null +++ b/spec/unit/resource/selinux_user_spec.rb @@ -0,0 +1,92 @@ +# +# Copyright:: Copyright (c) Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::SelinuxUser do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::SelinuxUser.new("fakey_fakerton", run_context) } + let(:provider) { resource.provider_for_action(:manage) } + let(:semanage_list) { double("shellout", stdout: "") } + + it "sets user property as name_property" do + expect(resource.user).to eql("fakey_fakerton") + end + + it "sets the default action as :manage" do + expect(resource.action).to eql([:manage]) + end + + it "supports :manage, :add, :modify, :delete actions" do + expect { resource.action :manage }.not_to raise_error + expect { resource.action :add }.not_to raise_error + expect { resource.action :modify }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end + + it "sorts roles property values" do + expect { resource.roles %w{c a b} }.not_to raise_error + expect(resource.roles).to eq(%w{a b c}) + end + + describe "#semanage_user_args" do + let(:provider) { resource.provider_for_action(:modify) } + + context "when no parameters are provided" do + it "returns an empty string" do + expect(provider.semanage_user_args).to eq("") + end + end + + context "when all parameters are provided" do + it "returns all params" do + resource.level "s0" + resource.range "s0" + resource.roles %w{sysadm_r staff_r} + expect(provider.semanage_user_args).to eq(" -L s0 -r s0 -R 'staff_r sysadm_r'") + end + end + + context "when no roles are provided" do + it "returns level and range params" do + resource.level "s0" + resource.range "s0" + resource.roles [] + + expect(provider.semanage_user_args).to eq(" -L s0 -r s0") + end + end + + context "when no range is provided" do + it "returns level and roles params" do + resource.level "s0" + resource.roles %w{sysadm_r staff_r} + expect(provider.semanage_user_args).to eq(" -L s0 -R 'staff_r sysadm_r'") + end + end + + context "when no level is provided" do + it "returns range and roles params" do + resource.range "s0" + resource.roles %w{sysadm_r staff_r} + expect(provider.semanage_user_args).to eq(" -r s0 -R 'staff_r sysadm_r'") + end + end + end +end -- cgit v1.2.1 From 8a78e532bd87a525bab5e414826aa31f13ae3125 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Tue, 7 Mar 2023 20:17:46 +0000 Subject: Bump version to 18.1.30 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 7 ++++--- Gemfile.lock | 22 +++++++++++----------- VERSION | 2 +- chef-bin/lib/chef-bin/version.rb | 2 +- chef-config/lib/chef-config/version.rb | 2 +- chef-utils/lib/chef-utils/version.rb | 2 +- knife/Gemfile.lock | 4 ++-- knife/lib/chef/knife/version.rb | 2 +- lib/chef/version.rb | 2 +- 9 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93e42f58c3..a220242dee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,17 +1,18 @@ This changelog lists individual merged pull requests to Chef Infra Client and geared towards developers. For a list of significant changes per release see the [Chef Infra Client Release Notes](https://docs.chef.io/release_notes_client/). - -## [v18.1.29](https://github.com/chef/chef/tree/v18.1.29) (2023-03-02) + +## [v18.1.30](https://github.com/chef/chef/tree/v18.1.30) (2023-03-07) #### Merged Pull Requests -- Correcting cert retrieval issues for multiple user scenarios [#13552](https://github.com/chef/chef/pull/13552) ([johnmccrae](https://github.com/johnmccrae)) +- Add selinux_user and selinux_login resources [#13511](https://github.com/chef/chef/pull/13511) ([wheatevo](https://github.com/wheatevo)) ### Changes not yet released to stable #### Merged Pull Requests +- Add selinux_user and selinux_login resources [#13511](https://github.com/chef/chef/pull/13511) ([wheatevo](https://github.com/wheatevo)) - Correcting cert retrieval issues for multiple user scenarios [#13552](https://github.com/chef/chef/pull/13552) ([johnmccrae](https://github.com/johnmccrae)) - Updated the proxifier dependency [#13617](https://github.com/chef/chef/pull/13617) ([nikhil2611](https://github.com/nikhil2611)) - chore: Use the `chef_dictionary` directly. [#13467](https://github.com/chef/chef/pull/13467) ([Jason3S](https://github.com/Jason3S)) diff --git a/Gemfile.lock b/Gemfile.lock index 754e17263b..8bd47349b2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -43,12 +43,12 @@ GIT PATH remote: . specs: - chef (18.1.29) + chef (18.1.30) addressable aws-sdk-s3 (~> 1.91) aws-sdk-secretsmanager (~> 1.46) - chef-config (= 18.1.29) - chef-utils (= 18.1.29) + chef-config (= 18.1.30) + chef-utils (= 18.1.30) chef-vault chef-zero (>= 14.0.11) corefoundation (~> 0.3.4) @@ -77,13 +77,13 @@ PATH unf_ext (>= 0.0.8.2) uuidtools (>= 2.1.5, < 3.0) vault (~> 0.16) - chef (18.1.29-x64-mingw-ucrt) + chef (18.1.30-x64-mingw-ucrt) addressable aws-sdk-s3 (~> 1.91) aws-sdk-secretsmanager (~> 1.46) - chef-config (= 18.1.29) + chef-config (= 18.1.30) chef-powershell (~> 1.0.12) - chef-utils (= 18.1.29) + chef-utils (= 18.1.30) chef-vault chef-zero (>= 14.0.11) corefoundation (~> 0.3.4) @@ -127,15 +127,15 @@ PATH PATH remote: chef-bin specs: - chef-bin (18.1.29) - chef (= 18.1.29) + chef-bin (18.1.30) + chef (= 18.1.30) PATH remote: chef-config specs: - chef-config (18.1.29) + chef-config (18.1.30) addressable - chef-utils (= 18.1.29) + chef-utils (= 18.1.30) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -144,7 +144,7 @@ PATH PATH remote: chef-utils specs: - chef-utils (18.1.29) + chef-utils (18.1.30) concurrent-ruby GEM diff --git a/VERSION b/VERSION index a1f06344ad..bc5aa1192c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -18.1.29 \ No newline at end of file +18.1.30 \ No newline at end of file diff --git a/chef-bin/lib/chef-bin/version.rb b/chef-bin/lib/chef-bin/version.rb index 6e70ce8220..4c98cce544 100644 --- a/chef-bin/lib/chef-bin/version.rb +++ b/chef-bin/lib/chef-bin/version.rb @@ -21,7 +21,7 @@ module ChefBin CHEFBIN_ROOT = File.expand_path("..", __dir__) - VERSION = "18.1.29".freeze + VERSION = "18.1.30".freeze end # diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index 7954afd499..a2a2cc9d8e 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -15,5 +15,5 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("..", __dir__) - VERSION = "18.1.29".freeze + VERSION = "18.1.30".freeze end diff --git a/chef-utils/lib/chef-utils/version.rb b/chef-utils/lib/chef-utils/version.rb index 0e8409c46d..c6fc59954f 100644 --- a/chef-utils/lib/chef-utils/version.rb +++ b/chef-utils/lib/chef-utils/version.rb @@ -16,5 +16,5 @@ module ChefUtils CHEFUTILS_ROOT = File.expand_path("..", __dir__) - VERSION = "18.1.29" + VERSION = "18.1.30" end diff --git a/knife/Gemfile.lock b/knife/Gemfile.lock index a26ea03366..4ba01241e7 100644 --- a/knife/Gemfile.lock +++ b/knife/Gemfile.lock @@ -1,8 +1,8 @@ PATH remote: .. specs: - chef (18.1.29) - chef (18.1.29-x64-mingw-ucrt) + chef (18.1.30) + chef (18.1.30-x64-mingw-ucrt) PLATFORMS ruby diff --git a/knife/lib/chef/knife/version.rb b/knife/lib/chef/knife/version.rb index 4c321f1fd7..ab4c52847f 100644 --- a/knife/lib/chef/knife/version.rb +++ b/knife/lib/chef/knife/version.rb @@ -17,7 +17,7 @@ class Chef class Knife KNIFE_ROOT = File.expand_path("../..", __dir__) - VERSION = "18.1.29".freeze + VERSION = "18.1.30".freeze end end diff --git a/lib/chef/version.rb b/lib/chef/version.rb index 4670020f8d..49d7950307 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -23,7 +23,7 @@ require_relative "version_string" class Chef CHEF_ROOT = File.expand_path("..", __dir__) - VERSION = Chef::VersionString.new("18.1.29") + VERSION = Chef::VersionString.new("18.1.30") end # -- cgit v1.2.1 From 364813a324b71cc4ee38238e096216b27491d6bb Mon Sep 17 00:00:00 2001 From: Rishi Kumar Chawda Date: Wed, 8 Mar 2023 01:58:55 +0530 Subject: set default values for user and host on userdefaults (#12791) * set default values for user and host on userdefaults Signed-off-by: rishichawda --- .github/workflows/func_spec.yml | 2 +- lib/chef/resource/macos_userdefaults.rb | 14 +++++++++----- spec/functional/resource/macos_userdefaults_spec.rb | 8 ++++---- spec/unit/resource/macos_user_defaults_spec.rb | 8 ++++---- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/.github/workflows/func_spec.yml b/.github/workflows/func_spec.yml index 3900bd1d00..f7a2c47b21 100644 --- a/.github/workflows/func_spec.yml +++ b/.github/workflows/func_spec.yml @@ -40,4 +40,4 @@ jobs: ruby-version: ${{ matrix.ruby }} bundler-cache: false - run: bundle install - - run: bundle exec rspec spec/functional/resource/macos_userdefaults_spec.rb + - run: sudo bundle exec rspec spec/functional/resource/macos_userdefaults_spec.rb diff --git a/lib/chef/resource/macos_userdefaults.rb b/lib/chef/resource/macos_userdefaults.rb index 7559990d3a..558188c932 100644 --- a/lib/chef/resource/macos_userdefaults.rb +++ b/lib/chef/resource/macos_userdefaults.rb @@ -50,15 +50,17 @@ class Chef end ``` - **Specifying the type of a key to skip automatic type detection** + **Setting a value for specific user and hosts** ```ruby - macos_userdefaults 'Finder expanded save dialogs' do - key 'NSNavPanelExpandedStateForSaveMode' - value 'TRUE' - type 'bool' + macos_userdefaults 'Enable macOS firewall' do + key 'globalstate' + value 1 + user 'jane' + host :current end ``` + DOC property :domain, String, @@ -79,6 +81,7 @@ class Chef property :host, [String, Symbol], description: "Set either :current, :all or a hostname to set the user default at the host level.", + default: :all, desired_state: false, introduced: "16.3" @@ -94,6 +97,7 @@ class Chef property :user, [String, Symbol], description: "The system user that the default will be applied to. Set :current for current user, :all for all users or pass a valid username", + default: :current, desired_state: false property :sudo, [TrueClass, FalseClass], diff --git a/spec/functional/resource/macos_userdefaults_spec.rb b/spec/functional/resource/macos_userdefaults_spec.rb index 0ed7839ad0..2d3f538cf2 100644 --- a/spec/functional/resource/macos_userdefaults_spec.rb +++ b/spec/functional/resource/macos_userdefaults_spec.rb @@ -38,12 +38,12 @@ describe Chef::Resource::MacosUserDefaults, :macos_only do expect(resource.domain).to eq("NSGlobalDomain") end - it "nil for the host property" do - expect(resource.host).to be_nil + it ":all for the host property" do + expect(resource.host).to eq(:all) end - it "nil for the user property" do - expect(resource.user).to be_nil + it ":current for the user property" do + expect(resource.user).to eq(:current) end it ":write for resource action" do diff --git a/spec/unit/resource/macos_user_defaults_spec.rb b/spec/unit/resource/macos_user_defaults_spec.rb index 8363b822ec..5252684df5 100644 --- a/spec/unit/resource/macos_user_defaults_spec.rb +++ b/spec/unit/resource/macos_user_defaults_spec.rb @@ -39,12 +39,12 @@ describe Chef::Resource::MacosUserDefaults, :macos_only do expect(resource.domain).to eq("NSGlobalDomain") end - it "nil for the host property" do - expect(resource.host).to be_nil + it ":all for the host property" do + expect(resource.host).to eq(:all) end - it "nil for the user property" do - expect(resource.user).to be_nil + it ":current for the user property" do + expect(resource.user).to eq(:current) end it ":write for resource action" do -- cgit v1.2.1 From 83ad814c23d2b55411bd2f8d9e412008cfb81368 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Tue, 7 Mar 2023 20:30:47 +0000 Subject: Bump version to 18.1.31 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 7 ++++--- Gemfile.lock | 22 +++++++++++----------- VERSION | 2 +- chef-bin/lib/chef-bin/version.rb | 2 +- chef-config/lib/chef-config/version.rb | 2 +- chef-utils/lib/chef-utils/version.rb | 2 +- knife/Gemfile.lock | 4 ++-- knife/lib/chef/knife/version.rb | 2 +- lib/chef/version.rb | 2 +- 9 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a220242dee..ff05fde037 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,17 +1,18 @@ This changelog lists individual merged pull requests to Chef Infra Client and geared towards developers. For a list of significant changes per release see the [Chef Infra Client Release Notes](https://docs.chef.io/release_notes_client/). - -## [v18.1.30](https://github.com/chef/chef/tree/v18.1.30) (2023-03-07) + +## [v18.1.31](https://github.com/chef/chef/tree/v18.1.31) (2023-03-07) #### Merged Pull Requests -- Add selinux_user and selinux_login resources [#13511](https://github.com/chef/chef/pull/13511) ([wheatevo](https://github.com/wheatevo)) +- set default values for user and host on userdefaults [#12791](https://github.com/chef/chef/pull/12791) ([rishichawda](https://github.com/rishichawda)) ### Changes not yet released to stable #### Merged Pull Requests +- set default values for user and host on userdefaults [#12791](https://github.com/chef/chef/pull/12791) ([rishichawda](https://github.com/rishichawda)) - Add selinux_user and selinux_login resources [#13511](https://github.com/chef/chef/pull/13511) ([wheatevo](https://github.com/wheatevo)) - Correcting cert retrieval issues for multiple user scenarios [#13552](https://github.com/chef/chef/pull/13552) ([johnmccrae](https://github.com/johnmccrae)) - Updated the proxifier dependency [#13617](https://github.com/chef/chef/pull/13617) ([nikhil2611](https://github.com/nikhil2611)) diff --git a/Gemfile.lock b/Gemfile.lock index 8bd47349b2..543f867c4a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -43,12 +43,12 @@ GIT PATH remote: . specs: - chef (18.1.30) + chef (18.1.31) addressable aws-sdk-s3 (~> 1.91) aws-sdk-secretsmanager (~> 1.46) - chef-config (= 18.1.30) - chef-utils (= 18.1.30) + chef-config (= 18.1.31) + chef-utils (= 18.1.31) chef-vault chef-zero (>= 14.0.11) corefoundation (~> 0.3.4) @@ -77,13 +77,13 @@ PATH unf_ext (>= 0.0.8.2) uuidtools (>= 2.1.5, < 3.0) vault (~> 0.16) - chef (18.1.30-x64-mingw-ucrt) + chef (18.1.31-x64-mingw-ucrt) addressable aws-sdk-s3 (~> 1.91) aws-sdk-secretsmanager (~> 1.46) - chef-config (= 18.1.30) + chef-config (= 18.1.31) chef-powershell (~> 1.0.12) - chef-utils (= 18.1.30) + chef-utils (= 18.1.31) chef-vault chef-zero (>= 14.0.11) corefoundation (~> 0.3.4) @@ -127,15 +127,15 @@ PATH PATH remote: chef-bin specs: - chef-bin (18.1.30) - chef (= 18.1.30) + chef-bin (18.1.31) + chef (= 18.1.31) PATH remote: chef-config specs: - chef-config (18.1.30) + chef-config (18.1.31) addressable - chef-utils (= 18.1.30) + chef-utils (= 18.1.31) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -144,7 +144,7 @@ PATH PATH remote: chef-utils specs: - chef-utils (18.1.30) + chef-utils (18.1.31) concurrent-ruby GEM diff --git a/VERSION b/VERSION index bc5aa1192c..e19a03f0a9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -18.1.30 \ No newline at end of file +18.1.31 \ No newline at end of file diff --git a/chef-bin/lib/chef-bin/version.rb b/chef-bin/lib/chef-bin/version.rb index 4c98cce544..ddd01a63f9 100644 --- a/chef-bin/lib/chef-bin/version.rb +++ b/chef-bin/lib/chef-bin/version.rb @@ -21,7 +21,7 @@ module ChefBin CHEFBIN_ROOT = File.expand_path("..", __dir__) - VERSION = "18.1.30".freeze + VERSION = "18.1.31".freeze end # diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index a2a2cc9d8e..35b4083a44 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -15,5 +15,5 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("..", __dir__) - VERSION = "18.1.30".freeze + VERSION = "18.1.31".freeze end diff --git a/chef-utils/lib/chef-utils/version.rb b/chef-utils/lib/chef-utils/version.rb index c6fc59954f..43435a03e2 100644 --- a/chef-utils/lib/chef-utils/version.rb +++ b/chef-utils/lib/chef-utils/version.rb @@ -16,5 +16,5 @@ module ChefUtils CHEFUTILS_ROOT = File.expand_path("..", __dir__) - VERSION = "18.1.30" + VERSION = "18.1.31" end diff --git a/knife/Gemfile.lock b/knife/Gemfile.lock index 4ba01241e7..c8db6fa2a7 100644 --- a/knife/Gemfile.lock +++ b/knife/Gemfile.lock @@ -1,8 +1,8 @@ PATH remote: .. specs: - chef (18.1.30) - chef (18.1.30-x64-mingw-ucrt) + chef (18.1.31) + chef (18.1.31-x64-mingw-ucrt) PLATFORMS ruby diff --git a/knife/lib/chef/knife/version.rb b/knife/lib/chef/knife/version.rb index ab4c52847f..803a8e95a2 100644 --- a/knife/lib/chef/knife/version.rb +++ b/knife/lib/chef/knife/version.rb @@ -17,7 +17,7 @@ class Chef class Knife KNIFE_ROOT = File.expand_path("../..", __dir__) - VERSION = "18.1.30".freeze + VERSION = "18.1.31".freeze end end diff --git a/lib/chef/version.rb b/lib/chef/version.rb index 49d7950307..08bc3df8ae 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -23,7 +23,7 @@ require_relative "version_string" class Chef CHEF_ROOT = File.expand_path("..", __dir__) - VERSION = Chef::VersionString.new("18.1.30") + VERSION = Chef::VersionString.new("18.1.31") end # -- cgit v1.2.1