Merge branch 'master' into ssh-agent

14 files changed, 137 insertions, 30 deletions

diff --git a/.expeditor/config.yml b/.expeditor/config.yml
new file mode 100644
index 0000000..1adc4e6
--- /dev/null
+++ b/.expeditor/config.yml
@@ -0,0 +1,43 @@
+# Documentation available at http://expeditor-docs.es.chef.io/
+
+# Slack channel in Chef Software slack to send notifications about build failures, etc
+slack:
+  notify_channel: chef-notify
+
+rubygems:
+  - mixlib-authentication
+
+github:
+  # The tag format to use (e.g. v1.0.0)
+  version_tag_format: "v{{version}}"
+  # The Github Team primarily responsible for handling incoming Pull Requests.
+  maintainer_group: chef/client-maintainers
+  # Which Github branches to build gems from, and what versions
+  # (as determined by the value in the VERSION file) those branches are responsible
+  # for building.
+  release_branch:
+    - master:
+        version_constraint: 1.*
+
+promote:
+  action:
+    - built_in:publish_rubygems
+    - built_in:rollover_changelog
+
+# These actions are taken, in order they are specified, anytime a Pull Request is merged.
+merge_actions:
+  - built_in:bump_version:
+      ignore_labels:
+        - "Version: Skip Bump"
+        - "Expeditor: Skip Version Bump"
+        - "Expeditor: Skip All"
+  - bash:.expeditor/update_version.sh:
+      only_if: built_in:bump_version
+  - built_in:update_changelog:
+      ignore_labels:
+        - "Meta: Exclude From Changelog"
+        - "Expeditor: Exclude From Changelog"
+        - "Expeditor: Skip All"
+  - built_in:build_gem:
+      only_if: built_in:bump_version
+
diff --git a/.expeditor/update_version.sh b/.expeditor/update_version.sh
new file mode 100755
index 0000000..ba30cda
--- /dev/null
+++ b/.expeditor/update_version.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# After a PR merge, Chef Expeditor will bump the PATCH version in the VERSION file.
+# It then executes this file to update any other files/components with that new version.
+#
+
+set -evx
+
+sed -i -r "s/^(\s*)VERSION = \".+\"/\1VERSION = \"$(cat VERSION)\"/" lib/mixlib/authentication/version.rb
+
+# Once Expeditor finshes executing this script, it will commit the changes and push
+# the commit as a new tag corresponding to the value in the VERSION file.
diff --git a/.travis.yml b/.travis.yml
index d730821..d5193e2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,9 +9,8 @@ before_install:
 
 matrix:
   include:
-    - rvm: 2.1.10
-    - rvm: 2.2.6
-    - rvm: 2.3.3
+    - rvm: 2.5.1
+    - rvm: 2.4.4
     - rvm: ruby-head
   allow_failures:
     - rvm: ruby-head
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f209c6..a417ec6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,17 @@
 # mixlib-authentication Changelog
 
-## Unreleased
+<!-- latest_release -->
+<!-- latest_release -->
+
+<!-- release_rollup -->
+<!-- release_rollup -->
+
+<!-- latest_stable_release -->
+## [v2.0.0](https://github.com/chef/mixlib-authentication/tree/v2.0.0) (2018-04-12)
+
+#### Merged Pull Requests
+- Move mixlib-auth debugging to trace level [#32](https://github.com/chef/mixlib-authentication/pull/32) ([thommay](https://github.com/thommay))
+<!-- latest_stable_release -->
 
 ## 1.4.2 (2017-08-17)
 
diff --git a/Gemfile b/Gemfile
index 7c45e79..c283b6a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,6 +3,6 @@ gemspec
 
 group(:development) do
   gem "pry"
-  gem "mixlib-log"
+  gem "mixlib-log", "~> 2"
   gem "net-ssh"
 end
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..227cea2
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+2.0.0
diff --git a/appveyor.yml b/appveyor.yml
new file mode 100644
index 0000000..ba49675
--- /dev/null
+++ b/appveyor.yml
@@ -0,0 +1,41 @@
+version: "master-{build}"
+
+os: Visual Studio 2017
+platform:
+  - x64
+
+cache:
+  - vendor/bundle
+
+environment:
+  matrix:
+    - ruby_version: "25-x64"
+
+clone_depth: 1
+skip_tags: true
+skip_branch_with_pr: true
+branches:
+  only:
+    - master
+
+install:
+  - systeminfo
+  - SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
+  - echo %PATH%
+  - appveyor DownloadFile http://curl.haxx.se/ca/cacert.pem -FileName C:\cacert.pem
+  - set SSL_CERT_FILE=C:\cacert.pem
+  - SET BUNDLE_WITHOUT=server:docgen:maintenance:pry:travis:integration:ci
+  - bundle config --local path vendor/bundle # use the cache we define above
+  - bundle install || bundle install || bundle install
+
+build: off
+
+before_test:
+  - ruby --version
+  - gem --version
+  - bundler --version
+  - bundle env
+
+test_script:
+  - SET SPEC_OPTS=--format progress
+  - bundle exec rake
diff --git a/lib/mixlib/authentication/http_authentication_request.rb b/lib/mixlib/authentication/http_authentication_request.rb
index b573d2d..32b8e72 100644
--- a/lib/mixlib/authentication/http_authentication_request.rb
+++ b/lib/mixlib/authentication/http_authentication_request.rb
@@ -72,7 +72,7 @@ module Mixlib
         unless @request_signature
           @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }
             .sort { |x, y| x.to_s[/\d+/].to_i <=> y.to_s[/\d+/].to_i }.map { |i| i[1] }.join("\n")
-          Mixlib::Authentication::Log.debug "Reconstituted (user-supplied) request signature: #{@request_signature}"
+          Mixlib::Authentication::Log.trace "Reconstituted (user-supplied) request signature: #{@request_signature}"
         end
         @request_signature
       end
diff --git a/lib/mixlib/authentication/null_logger.rb b/lib/mixlib/authentication/null_logger.rb
index 2bc9e31..579b1e2 100644
--- a/lib/mixlib/authentication/null_logger.rb
+++ b/lib/mixlib/authentication/null_logger.rb
@@ -4,7 +4,7 @@ module Mixlib
 
       attr_accessor :level
 
-      %i{debug info warn error fatal}.each do |method_name|
+      %i{trace debug info warn error fatal}.each do |method_name|
         class_eval(<<-METHOD_DEFN, __FILE__, __LINE__)
           def #{method_name}(msg=nil, &block)
             true
@@ -12,7 +12,7 @@ module Mixlib
         METHOD_DEFN
       end
 
-      %i{debug? info? warn? error? fatal?}.each do |method_name|
+      %i{trace? debug? info? warn? error? fatal?}.each do |method_name|
         class_eval(<<-METHOD_DEFN, __FILE__, __LINE__)
           def #{method_name}
             false
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb
index 898e05b..33094d2 100644
--- a/lib/mixlib/authentication/signatureverification.rb
+++ b/lib/mixlib/authentication/signatureverification.rb
@@ -76,7 +76,7 @@ module Mixlib
       # X-Ops-Content-Hash:
       # X-Ops-Authorization-#{line_number}
       def authenticate_request(user_secret, time_skew = (15 * 60))
-        Mixlib::Authentication.logger.debug "Initializing header auth : #{request.inspect}"
+        Mixlib::Authentication.logger.trace "Initializing header auth : #{request.inspect}"
 
         @user_secret       = user_secret
         @allowed_time_skew = time_skew # in seconds
@@ -149,15 +149,15 @@ module Mixlib
                              (request_decrypted_block == candidate_block)
                            end
 
-        # Keep the debug messages lined up so it's easy to scan them
-        Mixlib::Authentication.logger.debug("Verifying request signature:")
-        Mixlib::Authentication.logger.debug(" Expected Block is: '#{candidate_block}'")
-        Mixlib::Authentication.logger.debug("Decrypted block is: '#{request_decrypted_block}'")
-        Mixlib::Authentication.logger.debug("Signatures match? : '#{@valid_signature}'")
+        # Keep the trace messages lined up so it's easy to scan them
+        Mixlib::Authentication.logger.trace("Verifying request signature:")
+        Mixlib::Authentication.logger.trace(" Expected Block is: '#{candidate_block}'")
+        Mixlib::Authentication.logger.trace("Decrypted block is: '#{request_decrypted_block}'")
+        Mixlib::Authentication.logger.trace("Signatures match? : '#{@valid_signature}'")
 
         @valid_signature
       rescue => e
-        Mixlib::Authentication.logger.debug("Failed to verify request signature: #{e.class.name}: #{e.message}")
+        Mixlib::Authentication.logger.trace("Failed to verify request signature: #{e.class.name}: #{e.message}")
         @valid_signature = false
       end
 
@@ -168,10 +168,10 @@ module Mixlib
       def verify_content_hash
         @valid_content_hash = (content_hash == hashed_body)
 
-        # Keep the debug messages lined up so it's easy to scan them
-        Mixlib::Authentication.logger.debug("Expected content hash is: '#{hashed_body}'")
-        Mixlib::Authentication.logger.debug(" Request Content Hash is: '#{content_hash}'")
-        Mixlib::Authentication.logger.debug("           Hashes match?: #{@valid_content_hash}")
+        # Keep the trace messages lined up so it's easy to scan them
+        Mixlib::Authentication.logger.trace("Expected content hash is: '#{hashed_body}'")
+        Mixlib::Authentication.logger.trace(" Request Content Hash is: '#{content_hash}'")
+        Mixlib::Authentication.logger.trace("           Hashes match?: #{@valid_content_hash}")
 
         @valid_content_hash
       end
@@ -211,11 +211,11 @@ module Mixlib
           # Any file that's included in the request is hashed if it's there. Otherwise,
           # we hash the body.
           if file_param
-            Mixlib::Authentication.logger.debug "Digesting file_param: '#{file_param.inspect}'"
+            Mixlib::Authentication.logger.trace "Digesting file_param: '#{file_param.inspect}'"
             @hashed_body = digester.hash_file(file_param, digest)
           else
             body = request.raw_post
-            Mixlib::Authentication.logger.debug "Digesting body: '#{body}'"
+            Mixlib::Authentication.logger.trace "Digesting body: '#{body}'"
             @hashed_body = digester.hash_string(body, digest)
           end
         end
@@ -232,7 +232,7 @@ module Mixlib
       def timestamp_within_bounds?(time1, time2)
         time_diff = (time2 - time1).abs
         is_allowed = (time_diff < @allowed_time_skew)
-        Mixlib::Authentication.logger.debug "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
+        Mixlib::Authentication.logger.trace "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
         is_allowed
       end
     end
diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb
index 8cc8119..c9102dd 100644
--- a/lib/mixlib/authentication/signedheaderauth.rb
+++ b/lib/mixlib/authentication/signedheaderauth.rb
@@ -118,7 +118,7 @@ module Mixlib
           header_hash[key] = signature_lines[idx]
         end
 
-        Mixlib::Authentication.logger.debug "Header hash: #{header_hash.inspect}"
+        Mixlib::Authentication.logger.trace "Header hash: #{header_hash.inspect}"
 
         header_hash
       end
@@ -239,7 +239,7 @@ module Mixlib
           memo[field_name.to_sym] = field_value.strip
           memo
         end
-        Mixlib::Authentication.logger.debug "Parsed signing description: #{parts.inspect}"
+        Mixlib::Authentication.logger.trace "Parsed signing description: #{parts.inspect}"
         parts
       end
 
@@ -260,7 +260,7 @@ module Mixlib
       # @return [String]
       def do_sign(rsa_key, digest, sign_algorithm, sign_version, use_ssh_agent)
         string_to_sign = canonicalize_request(sign_algorithm, sign_version)
-        Mixlib::Authentication.logger.debug "String to sign: '#{string_to_sign}'"
+        Mixlib::Authentication.logger.trace "String to sign: '#{string_to_sign}'"
         case sign_version
         when "1.3"
           if use_ssh_agent
diff --git a/lib/mixlib/authentication/version.rb b/lib/mixlib/authentication/version.rb
index a1d0ffe..e631d07 100644
--- a/lib/mixlib/authentication/version.rb
+++ b/lib/mixlib/authentication/version.rb
@@ -15,6 +15,6 @@
 
 module Mixlib
   module Authentication
-    VERSION = "1.4.2"
+    VERSION = "2.0.0"
   end
 end
diff --git a/spec/mixlib/authentication/mixlib_authentication_spec.rb b/spec/mixlib/authentication/mixlib_authentication_spec.rb
index 237447d..4307470 100644
--- a/spec/mixlib/authentication/mixlib_authentication_spec.rb
+++ b/spec/mixlib/authentication/mixlib_authentication_spec.rb
@@ -64,7 +64,7 @@ class MockFile
 end
 
 # Uncomment this to get some more info from the methods we're testing.
-#Mixlib::Authentication.logger.level = :debug
+#Mixlib::Authentication.logger.level = :trace
 
 describe "Mixlib::Authentication::SignedHeaderAuth" do
 
diff --git a/spec/mixlib/authentication/mixlib_log_missing_spec.rb b/spec/mixlib/authentication/mixlib_log_missing_spec.rb
index 4b12b12..da5a885 100644
--- a/spec/mixlib/authentication/mixlib_log_missing_spec.rb
+++ b/spec/mixlib/authentication/mixlib_log_missing_spec.rb
@@ -25,7 +25,7 @@ describe "Mixlib::Authentication::Log" do
       expect(Mixlib::Authentication::Log.level).to eq(:error)
     end
 
-    %w{debug info warn error fatal}.each do |level|
+    %w{trace debug info warn error fatal}.each do |level|
       it "logs at level #{level}" do
         expect(Mixlib::Authentication::Log).to receive(level).with("foo")
 
@@ -44,9 +44,9 @@ describe "Mixlib::Authentication::Log" do
         .to include(Mixlib::Log)
     end
 
-    %w{debug info warn error fatal}.each do |level|
+    %w{trace debug info warn error fatal}.each do |level|
       it "forward #{level} to mixlib-log" do
-        expect(Mixlib::Authentication::Log.logger).to receive(level).with("foo")
+        expect_any_instance_of(Mixlib::Log).to receive(level).with("foo")
 
         Mixlib::Authentication.logger.send(level, "foo")
       end