chef-config 12.10.24 → 12.11.18

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b5b64a0c2aac9ccfc6649cd21d890a0775b1d6dd
4
- data.tar.gz: 800cb887bb4a949bf25daf837411088df9a8a541
3
+ metadata.gz: cc2f06a43b5fc09bba3685a683e0927527edee48
4
+ data.tar.gz: 8bbc83bbf7138e6a249e92c8ca1941ef90b65412
5
5
  SHA512:
6
- metadata.gz: dbcd7333d54a04a30926516fce8aa52f1f07b025bfc5d151c715dc973aa8cf452ac2b0ac80c43e68219fd46c4c5ef90ed92c9aef946f9e0f76315b3c8ea456a9
7
- data.tar.gz: 1d53ca040924063afd9528b6f8516f336d8d3df27eac0538167a88a6cc48af5c57b44f9dbde1fb0c34a1ae206cd6aeec8e57ae322affb755284347a5a2d91612
6
+ metadata.gz: ebccfbbbd37b448df12fccaacc9b3cd1d9ffca51a4595e4ebd79b5893da599bc0851c0be5eecdaa930b2ff433a7748a35a3ee074e03466764ba65df7ef059e74
7
+ data.tar.gz: 8106a58ccb358ed032c401c058ef05d4e0e67e9b38b9c51e1ec35dad8afe96ee971abc4da9732fae65ab36e8bca9790c7bf0ef0153706fddeef239767371328a
@@ -22,6 +22,7 @@
22
22
  require "mixlib/config"
23
23
  require "pathname"
24
24
 
25
+ require "chef-config/fips"
25
26
  require "chef-config/logger"
26
27
  require "chef-config/windows"
27
28
  require "chef-config/path_helper"
@@ -391,7 +392,11 @@ module ChefConfig
391
392
  default :rest_timeout, 300
392
393
  default :yum_timeout, 900
393
394
  default :yum_lock_timeout, 30
394
- default :solo, false
395
+ default :solo, false
396
+
397
+ # Are we running in old Chef Solo legacy mode?
398
+ default :solo_legacy_mode, false
399
+
395
400
  default :splay, nil
396
401
  default :why_run, false
397
402
  default :color, false
@@ -513,7 +518,9 @@ module ChefConfig
513
518
  default :recipe_url, nil
514
519
 
515
520
  # Set to true if Chef is to set OpenSSL to run in FIPS mode
516
- default(:fips) { ENV["CHEF_FIPS"] == "1" }
521
+ default(:fips) do
522
+ !ENV["CHEF_FIPS"].nil? || ChefConfig.fips?
523
+ end
517
524
 
518
525
  # Initialize openssl
519
526
  def self.init_openssl
@@ -789,6 +796,43 @@ module ChefConfig
789
796
  config_context :chefdk do
790
797
  end
791
798
 
799
+ # Configuration options for Data Collector reporting. These settings allow
800
+ # the user to configure where to send their Data Collector data, what token
801
+ # to send, and whether Data Collector should report its findings in client
802
+ # mode vs. solo mode.
803
+ config_context :data_collector do
804
+ # Full URL to the endpoint that will receive our data. If nil, the
805
+ # data collector will not run.
806
+ # Ex: http://my-data-collector.mycompany.com/ingest
807
+ default :server_url, nil
808
+
809
+ # An optional pre-shared token to pass as an HTTP header (x-data-collector-token)
810
+ # that can be used to determine whether or not the poster of this
811
+ # run data should be trusted.
812
+ # Ex: some-uuid-here
813
+ default :token, nil
814
+
815
+ # The Chef mode during which Data Collector is allowed to function. This
816
+ # can be used to run Data Collector only when running as Chef Solo but
817
+ # not when using Chef Client.
818
+ # Options: :solo (for both Solo Legacy Mode and Client Local Mode), :client, :both
819
+ default :mode, :both
820
+
821
+ # When the Data Collector cannot send the "starting a run" message to
822
+ # the Data Collector server, the Data Collector will be disabled for that
823
+ # run. In some situations, such as highly-regulated environments, it
824
+ # may be more reasonable to prevent Chef from performing the actual run.
825
+ # In these situations, setting this value to true will cause the Chef
826
+ # run to raise an exception before starting any converge activities.
827
+ default :raise_on_failure, false
828
+
829
+ # A user-supplied Organization string that can be sent in payloads
830
+ # generated by the DataCollector when Chef is run in Solo mode. This
831
+ # allows users to associate their Solo nodes with faux organizations
832
+ # without the nodes being connected to an actual Chef Server.
833
+ default :organization, nil
834
+ end
835
+
792
836
  configurable(:http_proxy)
793
837
  configurable(:http_proxy_user)
794
838
  configurable(:http_proxy_pass)
@@ -966,6 +1010,7 @@ module ChefConfig
966
1010
  Digest.const_set("SHA1", OpenSSL::Digest::SHA1)
967
1011
  OpenSSL::Digest.send(:remove_const, "MD5") if OpenSSL::Digest.const_defined?("MD5")
968
1012
  OpenSSL::Digest.const_set("MD5", Digest::MD5)
1013
+ ChefConfig.logger.debug "FIPS mode is enabled."
969
1014
  end
970
1015
  end
971
1016
  end
@@ -0,0 +1,51 @@
1
+ #
2
+ # Author:: Matt Wrock (<matt@mattwrock.com>)
3
+ # Copyright:: Copyright (c) 2016 Chef Software, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ module ChefConfig
20
+
21
+ def self.fips?
22
+ if ChefConfig.windows?
23
+ begin
24
+ require "win32/registry"
25
+ rescue LoadError
26
+ return false
27
+ end
28
+
29
+ # from http://msdn.microsoft.com/en-us/library/windows/desktop/aa384129(v=vs.85).aspx
30
+ reg_type =
31
+ case ::RbConfig::CONFIG["target_cpu"]
32
+ when "i386"
33
+ Win32::Registry::KEY_READ | 0x100
34
+ when "x86_64"
35
+ Win32::Registry::KEY_READ | 0x200
36
+ else
37
+ Win32::Registry::KEY_READ
38
+ end
39
+ begin
40
+ Win32::Registry::HKEY_LOCAL_MACHINE.open('System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy', reg_type) do |policy|
41
+ policy["Enabled"] != 0
42
+ end
43
+ rescue Win32::Registry::Error
44
+ false
45
+ end
46
+ else
47
+ fips_path = "/proc/sys/crypto/fips_enabled"
48
+ File.exist?(fips_path) && File.read(fips_path).chomp != "0"
49
+ end
50
+ end
51
+ end
@@ -21,7 +21,7 @@
21
21
 
22
22
  module ChefConfig
23
23
  CHEFCONFIG_ROOT = File.expand_path("../..", __FILE__)
24
- VERSION = "12.10.24"
24
+ VERSION = "12.11.18"
25
25
  end
26
26
 
27
27
  #
@@ -165,6 +165,46 @@ RSpec.describe ChefConfig::Config do
165
165
  allow(ChefConfig::Config).to receive(:path_accessible?).and_return(false)
166
166
  end
167
167
 
168
+ describe "ChefConfig::Config[:fips]" do
169
+ let(:fips_enabled) { false }
170
+
171
+ before(:all) do
172
+ @original_env = ENV.to_hash
173
+ end
174
+
175
+ after(:all) do
176
+ ENV.clear
177
+ ENV.update(@original_env)
178
+ end
179
+
180
+ before(:each) do
181
+ ENV["CHEF_FIPS"] = nil
182
+ allow(ChefConfig).to receive(:fips?).and_return(fips_enabled)
183
+ end
184
+
185
+ it "returns false when no environment is set and not enabled on system" do
186
+ expect(ChefConfig::Config[:fips]).to eq(false)
187
+ end
188
+
189
+ context "when ENV['CHEF_FIPS'] is set" do
190
+ before do
191
+ ENV["CHEF_FIPS"] = "1"
192
+ end
193
+
194
+ it "returns true" do
195
+ expect(ChefConfig::Config[:fips]).to eq(true)
196
+ end
197
+ end
198
+
199
+ context "when fips is enabled on system" do
200
+ let(:fips_enabled) { true }
201
+
202
+ it "returns true" do
203
+ expect(ChefConfig::Config[:fips]).to eq(true)
204
+ end
205
+ end
206
+ end
207
+
168
208
  describe "ChefConfig::Config[:chef_server_root]" do
169
209
  context "when chef_server_url isn't set manually" do
170
210
  it "returns the default of 'https://localhost:443'" do
@@ -0,0 +1,122 @@
1
+ #
2
+ # Author:: Matt Wrock (<matt@mattwrock.com>)
3
+ # Copyright:: Copyright (c) 2016 Chef Software, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require "chef-config/fips"
20
+ require "spec_helper"
21
+
22
+ RSpec.describe "ChefConfig.fips?" do
23
+ let(:enabled) { "0" }
24
+
25
+ context "on *nix" do
26
+ let(:fips_path) { "/proc/sys/crypto/fips_enabled" }
27
+
28
+ before(:each) do
29
+ allow(ChefConfig).to receive(:windows?).and_return(false)
30
+ allow(::File).to receive(:exist?).with(fips_path).and_return(true)
31
+ allow(::File).to receive(:read).with(fips_path).and_return(enabled)
32
+ end
33
+
34
+ context "fips file is present and contains 1" do
35
+ let(:enabled) { "1" }
36
+
37
+ it "returns true" do
38
+ expect(ChefConfig.fips?).to be(true)
39
+ end
40
+ end
41
+
42
+ context "fips file does not contain 1" do
43
+ let(:enabled) { "0" }
44
+
45
+ it "returns false" do
46
+ expect(ChefConfig.fips?).to be(false)
47
+ end
48
+ end
49
+
50
+ context "fips file is not present" do
51
+ before do
52
+ allow(::File).to receive(:exist?).with(fips_path).and_return(false)
53
+ end
54
+
55
+ it "returns false" do
56
+ expect(ChefConfig.fips?).to be(false)
57
+ end
58
+ end
59
+ end
60
+
61
+ context "on windows", :windows_only do
62
+ let(:fips_key) { 'System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy' }
63
+ let(:win_reg_entry) { { "Enabled" => enabled } }
64
+
65
+ before(:each) do
66
+ allow(ChefConfig).to receive(:windows?).and_return(true)
67
+ allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).with(fips_key, arch).and_yield(win_reg_entry)
68
+ end
69
+
70
+ shared_examples "fips_detection" do
71
+ context "fips enabled key is set to 1" do
72
+ let(:enabled) { 1 }
73
+
74
+ it "returns true" do
75
+ expect(ChefConfig.fips?).to be(true)
76
+ end
77
+ end
78
+
79
+ context "fips enabled key is set to 0" do
80
+ let(:enabled) { 0 }
81
+
82
+ it "returns false" do
83
+ expect(ChefConfig.fips?).to be(false)
84
+ end
85
+ end
86
+
87
+ context "fips key does not exist" do
88
+ before do
89
+ allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).and_raise(Win32::Registry::Error, 50)
90
+ end
91
+
92
+ it "returns false" do
93
+ expect(ChefConfig.fips?).to be(false)
94
+ end
95
+ end
96
+ end
97
+
98
+ context "on 32 bit ruby" do
99
+ let(:arch) { Win32::Registry::KEY_READ | 0x100 }
100
+
101
+ before { stub_const("::RbConfig::CONFIG", { "target_cpu" => "i386" } ) }
102
+
103
+ it_behaves_like "fips_detection"
104
+ end
105
+
106
+ context "on 64 bit ruby" do
107
+ let(:arch) { Win32::Registry::KEY_READ | 0x200 }
108
+
109
+ before { stub_const("::RbConfig::CONFIG", { "target_cpu" => "x86_64" } ) }
110
+
111
+ it_behaves_like "fips_detection"
112
+ end
113
+
114
+ context "on unknown ruby" do
115
+ let(:arch) { Win32::Registry::KEY_READ }
116
+
117
+ before { stub_const("::RbConfig::CONFIG", { "target_cpu" => nil } ) }
118
+
119
+ it_behaves_like "fips_detection"
120
+ end
121
+ end
122
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-config
3
3
  version: !ruby/object:Gem::Version
4
- version: 12.10.24
4
+ version: 12.11.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-16 00:00:00.000000000 Z
11
+ date: 2016-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: mixlib-shellout
@@ -122,6 +122,7 @@ files:
122
122
  - lib/chef-config.rb
123
123
  - lib/chef-config/config.rb
124
124
  - lib/chef-config/exceptions.rb
125
+ - lib/chef-config/fips.rb
125
126
  - lib/chef-config/logger.rb
126
127
  - lib/chef-config/mixin/dot_d.rb
127
128
  - lib/chef-config/mixin/fuzzy_hostname_matcher.rb
@@ -132,6 +133,7 @@ files:
132
133
  - lib/chef-config/workstation_config_loader.rb
133
134
  - spec/spec_helper.rb
134
135
  - spec/unit/config_spec.rb
136
+ - spec/unit/fips_spec.rb
135
137
  - spec/unit/path_helper_spec.rb
136
138
  - spec/unit/workstation_config_loader_spec.rb
137
139
  homepage: https://github.com/chef/chef
@@ -154,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
154
156
  version: '0'
155
157
  requirements: []
156
158
  rubyforge_project:
157
- rubygems_version: 2.5.2
159
+ rubygems_version: 2.6.4
158
160
  signing_key:
159
161
  specification_version: 4
160
162
  summary: Chef's default configuration and config loading