chef-config 14.15.6 → 15.0.293

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55079f92dd68138b4f81be9aa07dc08a05cb3259764e0ec6f273a6e48f275455
-  data.tar.gz: efb9197f2c66bf77a2461c150f611dedc72ccc38425e1479fcf5093044926d95
+  metadata.gz: a8d538e27a6a2e8c690ba80f45698f51387b0d26147b08b3f644bb8c00955f8a
+  data.tar.gz: b2c243f7dbf98a707ccab6aaa21b3a1344ed20e5b339e1d1854de173c303511e
 SHA512:
-  metadata.gz: 99cc071aa5cccc809a3a31f99b982b4aaf3c75283b5a6d0bc7cdbe1cf053fa1b7cfddcd5fc7f6c1c3d6855089e1ba3617c0f967d159df2ca3d341e66e2aaa2e4
-  data.tar.gz: 44aa4d5a7a2ca40189378229214b84bb56c78dd13eca8c0ee3a7ad2869db868c6608078bc9b7531d4e7424996b9aa9eccbe48bb5573a49a9d6c3af911397cf50
+  metadata.gz: 7b354e76b5774426d3cf185dd567e196b43d8553f742e690ad936fb2fd6f487d5130516f724f091d43f556d553cd40680781998fa1da4758a5a411652ca1f3a1
+  data.tar.gz: 9b5d22a239f07db27e9bbc6ca569fffe83ed55ccdfc2eee1394b1d6ca6f7a55c09613eaf47bc88c4ecc17cf512cbb6fe109a005ec3fd900cd8bd0ec93b7087bc

data/lib/chef-config/config.rb

@@ -4,7 +4,7 @@
 # Author:: AJ Christensen (<aj@chef.io>)
 # Author:: Mark Mzyk (<mmzyk@chef.io>)
 # Author:: Kyle Goodwin (<kgoodwin@primerevenue.com>)
-# Copyright:: Copyright 2008-2018, Chef Software Inc.
+# Copyright:: Copyright 2008-2019, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -85,10 +85,13 @@ module ChefConfig
       end
     end
 
+    # @param name [String]
+    # @param file_path [String]
     def self.add_formatter(name, file_path = nil)
       formatters << [name, file_path]
     end
 
+    # @param logger [String]
     def self.add_event_logger(logger)
       event_handlers << logger
     end
@@ -125,18 +128,21 @@ module ChefConfig
 
     default :formatters, []
 
+    # @param uri [String] the URI to validate
+    #
+    # @return [Boolean] is the URL valid
     def self.is_valid_url?(uri)
       url = uri.to_s.strip
       /^http:\/\// =~ url || /^https:\/\// =~ url || /^chefzero:/ =~ url
     end
+
     # Override the config dispatch to set the value of multiple server options simultaneously
     #
-    # === Parameters
-    # url<String>:: String to be set for all of the chef-server-api URL's
+    # @param [String] url String to be set for all of the chef-server-api URL's
     #
     configurable(:chef_server_url).writes_value do |uri|
       unless is_valid_url? uri
-        raise ConfigurationError, "#{uri} is an invalid chef_server_url."
+        raise ConfigurationError, "#{uri} is an invalid chef_server_url. The URL must start with http://, https://, or chefzero://."
       end
       uri.to_s.strip
     end
@@ -184,6 +190,7 @@ module ChefConfig
       path
     end
 
+    # @param child_path [String]
     def self.derive_path_from_chef_repo_path(child_path)
       if chef_repo_path.kind_of?(String)
         PathHelper.join(chef_repo_path, child_path)
@@ -286,15 +293,18 @@ module ChefConfig
         # the cache path.
         unless path_accessible?(primary_cache_path) || path_accessible?(primary_cache_root)
           secondary_cache_path = PathHelper.join(user_home, ".chef")
+          secondary_cache_path = target_mode? ? "#{secondary_cache_path}/#{target_mode.host}" : secondary_cache_path
           ChefConfig.logger.trace("Unable to access cache at #{primary_cache_path}. Switching cache to #{secondary_cache_path}")
           secondary_cache_path
         else
-          primary_cache_path
+          target_mode? ? "#{primary_cache_path}/#{target_mode.host}" : primary_cache_path
         end
       end
     end
 
     # Returns true only if the path exists and is readable and writeable for the user.
+    #
+    # @param path [String]
     def self.path_accessible?(path)
       File.exists?(path) && File.readable?(path) && File.writable?(path)
     end
@@ -358,7 +368,7 @@ module ChefConfig
     # Whether or not to send the Authorization header again on http redirects.
     # As per the plan in https://github.com/chef/chef/pull/7006, this will be
     # False in Chef 14, True in Chef 15, and will be removed entirely in Chef 16.
-    default :http_disable_auth_on_redirect, false
+    default :http_disable_auth_on_redirect, true
 
     default :interval, nil
     default :once, nil
@@ -369,6 +379,11 @@ module ChefConfig
     default :diff_disabled,           false
     default :diff_filesize_threshold, 10000000
     default :diff_output_threshold,   1000000
+
+    # This is true for "local mode" which uses a chef-zero server listening on
+    # localhost one way or another.  This is true for both `chef-solo` (without
+    # the --legacy-mode flag) or `chef-client -z` methods of starting a client run.
+    #
     default :local_mode, false
 
     # Configures the mode of operation for ChefFS, which is applied to the
@@ -421,6 +436,22 @@ module ChefConfig
       # * Chef 11 mode doesn't expose RBAC objects
       default :osc_compat, false
     end
+
+    # RFCxxx Target Mode support, value is the name of a remote device to Chef against
+    # --target exists as a shortcut to enabling target_mode and setting the host
+    configurable(:target)
+
+    config_context :target_mode do
+      config_strict_mode false # we don't want to have to add all train configuration keys here
+      default :enabled, false
+      default :protocol, "ssh"
+      # typical additional keys: host, user, password
+    end
+
+    def self.target_mode?
+      target_mode.enabled
+    end
+
     default :chef_server_url, "https://localhost:443"
 
     default(:chef_server_root) do
@@ -436,11 +467,29 @@ module ChefConfig
     end
 
     default :rest_timeout, 300
-    default :yum_timeout, 900
-    default :yum_lock_timeout, 30
+
+    # This solo setting is now almost entirely useless.  It is set to true if chef-solo was
+    # invoked that way from the command-line (i.e. from Application::Solo as opposed to
+    # Application::Client).  The more useful information is contained in the :solo_legacy_mode
+    # vs the :local_mode flags which will be set to true or false depending on how solo was
+    # invoked and actually change more of the behavior.  There might be slight differences in
+    # the behavior of :local_mode due to the behavioral differences in Application::Solo vs.
+    # Application::Client and `chef-solo` vs `chef-client -z`, but checking this value and
+    # switching based on it is almost certainly doing the wrong thing and papering over
+    # bugs that should be fixed in one or the other class, and will be brittle and destined
+    # to break in the future (and not necessarily on a major version bump). Checking this value
+    # is also not sufficent to determine if we are not running against a server since this can
+    # be unset but :local_mode may be set.  It would be accurate to check both :solo and :local_mode
+    # to determine if we're not running against a server, but the more semantically accurate test
+    # is going to be combining :solo_legacy_mode and :local_mode.
+    #
+    # TL;DR: `if Chef::Config[:solo]` is almost certainly buggy code, you should use:
+    #        `if Chef::Config[:local_mode] || Chef::Config[:solo_legacy_mode]`
+    #
+    # @api private
     default :solo, false
 
-    # Are we running in old Chef Solo legacy mode?
+    # This is true for old chef-solo legacy mode without any chef-zero server (chef-solo --legacy-mode)
     default :solo_legacy_mode, false
 
     default :splay, nil
@@ -450,14 +499,6 @@ module ChefConfig
     default :ez, false
     default :enable_reporting, true
     default :enable_reporting_url_fatals, false
-    # Possible values for :audit_mode
-    # :enabled, :disabled, :audit_only,
-    #
-    # TODO: 11 Dec 2014: Currently audit-mode is an experimental feature
-    # and is disabled by default. When users choose to enable audit-mode,
-    # a warning is issued in application/client#reconfigure.
-    # This can be removed when audit-mode is enabled by default.
-    default :audit_mode, :disabled
 
     # Chef only needs ohai to run the hostname plugin for the most basic
     # functionality. If the rest of the ohai plugins are not needed (like in
@@ -491,12 +532,6 @@ module ChefConfig
 
     default :named_run_list, nil
 
-    # During initial development, users were required to set `use_policyfile true`
-    # in `client.rb` to opt-in to policyfile use. Chef Client now examines
-    # configuration, node json, and the stored node to determine if policyfile
-    # usage is desired. This flag is still honored if set, but is unnecessary.
-    default :use_policyfile, false
-
     # Policyfiles can be used in a native mode (default) or compatibility mode.
     # Native mode requires Chef Server 12.1 (it can be enabled via feature flag
     # on some prior versions). In native mode, policies and associated
@@ -607,7 +642,15 @@ module ChefConfig
     # `node_name` of the client.
     #
     # If chef-zero is enabled, this defaults to nil (no authentication).
-    default(:client_key) { chef_zero.enabled ? nil : platform_specific_path("/etc/chef/client.pem") }
+    default(:client_key) do
+      if chef_zero.enabled
+        nil
+      elsif target_mode?
+        platform_specific_path("/etc/chef/#{target_mode.host}/client.pem")
+      else
+        platform_specific_path("/etc/chef/client.pem")
+      end
+    end
 
     # A credentials file may contain a complete client key, rather than the path
     # to one.
@@ -627,7 +670,9 @@ module ChefConfig
 
     # This secret is used to decrypt encrypted data bag items.
     default(:encrypted_data_bag_secret) do
-      if File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret"))
+      if target_mode? && File.exist?(platform_specific_path("/etc/chef/#{target_mode.host}/encrypted_data_bag_secret"))
+        platform_specific_path("/etc/chef/#{target_mode.host}/encrypted_data_bag_secret")
+      elsif File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret"))
         platform_specific_path("/etc/chef/encrypted_data_bag_secret")
       else
         nil
@@ -767,7 +812,6 @@ module ChefConfig
       default :bootstrap_template, nil
       default :secret, nil
       default :secret_file, nil
-      default :identity_file, nil
       default :host_key_verify, nil
       default :forward_agent, nil
       default :sort_status_reverse, nil
@@ -829,7 +873,6 @@ module ChefConfig
     #
     # NOTE: CHANGING THIS SETTING MAY CAUSE CORRUPTION, DATA LOSS AND
     # INSTABILITY.
-    #
     default :file_atomic_update, true
 
     # There are 3 possible values for this configuration setting.
@@ -837,28 +880,19 @@ module ChefConfig
     # false => file staging is done via tempfiles under ENV['TMP']
     # :auto => file staging will try using destination directory if possible and
     #   will fall back to ENV['TMP'] if destination directory is not usable.
-    #
     default :file_staging_uses_destdir, :auto
 
     # Exit if another run is in progress and the chef-client is unable to
     # get the lock before time expires. If nil, no timeout is enforced. (Exits
     # immediately if 0.)
-    #
     default :run_lock_timeout, nil
 
     # Number of worker threads for syncing cookbooks in parallel. Increasing
     # this number can result in gateway errors from the server (namely 503 and 504).
     # If you are seeing this behavior while using the default setting, reducing
     # the number of threads will help.
-    #
     default :cookbook_sync_threads, 10
 
-    # True if all resources by default default to unified mode, with all resources
-    # applying in "compile" mode, with no "converge" mode. False is backwards compatible
-    # setting for Chef 11-15 behavior.  This will break forward notifications.
-    #
-    default :resource_unified_mode_default, false
-
     # At the beginning of the Chef Client run, the cookbook manifests are downloaded which
     # contain URLs for every file in every relevant cookbook.  Most of the files
     # (recipes, resources, providers, libraries, etc) are immediately synchronized
@@ -884,9 +918,9 @@ module ChefConfig
     default :no_lazy_load, true
 
     # A whitelisted array of attributes you want sent over the wire when node
-    # data is saved. The default setting is nil, which collects all data. Setting
-    # to [] will not collect any data for save.
-    #
+    # data is saved.
+    # The default setting is nil, which collects all data. Setting to [] will not
+    # collect any data for save.
     default :automatic_attribute_whitelist, nil
     default :default_attribute_whitelist, nil
     default :normal_attribute_whitelist, nil
@@ -929,7 +963,7 @@ module ChefConfig
       # data collector will not run.
       # Ex: http://my-data-collector.mycompany.com/ingest
       default(:server_url) do
-        if config_parent.solo || config_parent.local_mode
+        if config_parent.solo_legacy_mode || config_parent.local_mode
           nil
         else
           File.join(config_parent.chef_server_url, "/data-collector")
@@ -960,7 +994,7 @@ module ChefConfig
       # generated by the DataCollector when Chef is run in Solo mode. This
       # allows users to associate their Solo nodes with faux organizations
       # without the nodes being connected to an actual Chef Server.
-      default :organization, nil
+      default :organization, "chef_solo"
     end
 
     configurable(:http_proxy)

data/lib/chef-config/mixin/credentials.rb

@@ -89,8 +89,7 @@ module ChefConfig
           # Unknown profile name. For "default" just silently ignore, otherwise
           # raise an error.
           return if profile == "default"
-
-          raise ChefConfig::ConfigurationError, "Profile #{profile} doesn't exist. Please add it to #{credentials_file_path}."
+          raise ChefConfig::ConfigurationError, "Profile #{profile} doesn't exist. Please add it to #{credentials_file}."
         end
         apply_credentials(config[profile], profile)
       end

data/lib/chef-config/version.rb

@@ -21,7 +21,7 @@
 
 module ChefConfig
   CHEFCONFIG_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = "14.15.6".freeze
+  VERSION = "15.0.293".freeze
 end
 
 #

data/spec/unit/config_spec.rb

@@ -1,7 +1,7 @@
 #
 # Author:: Adam Jacob (<adam@chef.io>)
 # Author:: Kyle Goodwin (<kgoodwin@primerevenue.com>)
-# Copyright:: Copyright 2008-2016, Chef Software Inc.
+# Copyright:: Copyright 2008-2019, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -248,9 +248,10 @@ RSpec.describe ChefConfig::Config do
       end
 
       describe "default values" do
+        let(:system_drive) { ChefConfig::Config.env["SYSTEMDRIVE"] } if is_windows
         let :primary_cache_path do
           if is_windows
-            "#{ChefConfig::Config.env['SYSTEMDRIVE']}\\chef"
+            "#{system_drive}\\chef"
           else
             "/var/chef"
           end
@@ -275,6 +276,35 @@ RSpec.describe ChefConfig::Config do
           allow(ChefConfig::Config).to receive(:path_accessible?).and_return(false)
         end
 
+        describe "ChefConfig::Config[:client_key]" do
+          let(:path_to_client_key) { to_platform("/etc/chef") + ChefConfig::PathHelper.path_separator }
+
+          it "sets the default path to the client key" do
+            expect(ChefConfig::Config.client_key).to eq(path_to_client_key + "client.pem")
+          end
+
+          context "when target mode is enabled" do
+            let(:target_mode_host) { "fluffy.kittens.org" }
+
+            before do
+              ChefConfig::Config.target_mode.enabled = true
+              ChefConfig::Config.target_mode.host = target_mode_host
+            end
+
+            it "sets the default path to the client key with the target host name" do
+              expect(ChefConfig::Config.client_key).to eq(path_to_client_key + target_mode_host + ChefConfig::PathHelper.path_separator + "client.pem")
+            end
+          end
+
+          context "when local mode is enabled" do
+            before { ChefConfig::Config[:local_mode] = true }
+
+            it "returns nil" do
+              expect(ChefConfig::Config.client_key).to be_nil
+            end
+          end
+        end
+
         describe "ChefConfig::Config[:fips]" do
           let(:fips_enabled) { false }
 
@@ -370,16 +400,32 @@ RSpec.describe ChefConfig::Config do
         end
 
         describe "ChefConfig::Config[:cache_path]" do
+          let(:target_mode_host) { "fluffy.kittens.org" }
+          let(:target_mode_primary_cache_path) { "#{primary_cache_path}/#{target_mode_host}" }
+          let(:target_mode_secondary_cache_path) { "#{secondary_cache_path}/#{target_mode_host}" }
+
           before do
             if is_windows
-              allow(File).to receive(:expand_path).and_return("#{ChefConfig::Config.env["SYSTEMDRIVE"]}/Path/To/Executable")
+              allow(File).to receive(:expand_path).and_return("#{system_drive}/Path/To/Executable")
             end
           end
+
           context "when /var/chef exists and is accessible" do
-            it "defaults to /var/chef" do
+            before do
               allow(ChefConfig::Config).to receive(:path_accessible?).with(to_platform("/var/chef")).and_return(true)
+            end
+
+            it "defaults to /var/chef" do
               expect(ChefConfig::Config[:cache_path]).to eq(primary_cache_path)
             end
+
+            context "and target mode is enabled" do
+              it "cache path includes the target host name" do
+                ChefConfig::Config.target_mode.enabled = true
+                ChefConfig::Config.target_mode.host = target_mode_host
+                expect(ChefConfig::Config[:cache_path]).to eq(target_mode_primary_cache_path)
+              end
+            end
           end
 
           context "when /var/chef does not exist and /var is accessible" do
@@ -399,13 +445,23 @@ RSpec.describe ChefConfig::Config do
           end
 
           context "when /var/chef exists and is not accessible" do
-            it "defaults to $HOME/.chef" do
+            before do
               allow(File).to receive(:exists?).with(to_platform("/var/chef")).and_return(true)
               allow(File).to receive(:readable?).with(to_platform("/var/chef")).and_return(true)
               allow(File).to receive(:writable?).with(to_platform("/var/chef")).and_return(false)
+            end
 
+            it "defaults to $HOME/.chef" do
               expect(ChefConfig::Config[:cache_path]).to eq(secondary_cache_path)
             end
+
+            context "and target mode is enabled" do
+              it "cache path defaults to $HOME/.chef with the target host name" do
+                ChefConfig::Config.target_mode.enabled = true
+                ChefConfig::Config.target_mode.host = target_mode_host
+                expect(ChefConfig::Config[:cache_path]).to eq(target_mode_secondary_cache_path)
+              end
+            end
           end
 
           context "when chef is running in local mode" do
@@ -1197,10 +1253,23 @@ RSpec.describe ChefConfig::Config do
 
       end
 
-      context "for Chef Solo" do
+      context "for Chef Solo legacy mode" do
+
+        before do
+          ChefConfig::Config[:solo_legacy_mode] = true
+        end
+
+        it "sets the data collector server URL to nil" do
+          ChefConfig::Config[:chef_server_url] = "https://chef.example/organizations/myorg"
+          expect(ChefConfig::Config[:data_collector][:server_url]).to be_nil
+        end
+
+      end
+
+      context "for local mode" do
 
         before do
-          ChefConfig::Config[:solo] = true
+          ChefConfig::Config[:local_mode] = true
         end
 
         it "sets the data collector server URL to nil" do

data/spec/unit/workstation_config_loader_spec.rb

@@ -459,7 +459,7 @@ RSpec.describe ChefConfig::WorkstationConfigLoader do
             client_key = "barney_rubble.pem"
             chef_server_url = "https://api.chef.io/organizations/bedrock"
             invalid_config_option1234 = "foobar"
-EOH
+          EOH
           content
         end
 
@@ -484,7 +484,7 @@ EOH
             }
             [default.knife]
             ssh_user = "knife_ssh_user"
-EOH
+          EOH
           content
         end
 
@@ -506,7 +506,7 @@ EOH
             -----BEGIN RSA PRIVATE KEY-----
             foo
             """
-EOH
+          EOH
           content
         end
 
@@ -515,7 +515,7 @@ EOH
           expect(ChefConfig::Config.client_key_contents).to eq(<<~EOH
             -----BEGIN RSA PRIVATE KEY-----
             foo
-EOH
+          EOH
 )
         end
       end
@@ -531,7 +531,7 @@ EOH
             client_name = "explicit"
             [context]
             client_name = "context"
-EOH
+          EOH
           content
         end
 
@@ -573,7 +573,7 @@ EOH
             [default]
             node_name = 'barney'
             client_name = 'barney'
-EOH
+          EOH
           content
         end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-config
 version: !ruby/object:Gem::Version
-  version: 14.15.6
+  version: 15.0.293
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-07 00:00:00.000000000 Z
+date: 2019-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mixlib-shellout
@@ -194,8 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.9
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Chef's default configuration and config loading