chef-config 19.1.164 → 19.2.98

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 309b22099435d14e4f8be71a98aff1005772ac64dbf60c440e5d33f4fce10d53
-  data.tar.gz: 8c46f82f7c17fdb2330ca0f2182f9e9476b3d7f96c18b13728d8749d1b86831a
+  metadata.gz: ca5fb5fc3d18ac20b341fe25bcf9e8af0a1a90ae0cfd770ceb48a37a781f6dde
+  data.tar.gz: ae0031d5fa88a0043a7a3aa4d1a5a6f3c91d567c0b33be4a4a94dcefccafb5bd
 SHA512:
-  metadata.gz: c822ebbe0118452e6240c8d1c0818f90a13701694fa3d93fd700d123ce8150130ab911d076409c76989928678c0d3e04326c367499fc3bbea6902239833d8521
-  data.tar.gz: 968e6d6a478e2ec8ef34fe3651fb9c7badc6c1b6a5bf59c832a916ee3d48a398104fe6f64c47f275d082c72c609158b3bfdda802f1ced9de4bc1c3de9f9ffab5
+  metadata.gz: 20b103258efcd8180aec43c7d8a61bd777b7a38434655b135d137d517d9d862f18fa494bb6cabf01d554762341d07688a26ad955e905ea32437d2018e5824363
+  data.tar.gz: 4c4e0fed39c55cc995403b101df099257b45523988a1278f1320ffb78f247338aa0bf6dd71fedf513cddcfe41f90b276e2795e9e00c851a41e4148b5430a84cd

data/chef-config.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "mixlib-config", ">= 2.2.12", "< 4.0"
   spec.add_dependency "fuzzyurl"
   spec.add_dependency "addressable"
-  spec.add_dependency "tomlrb", "~> 1.2"
+  spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
   spec.add_dependency "racc"
 
   spec.files = %w{Rakefile LICENSE} + Dir.glob("*.gemspec") +

data/lib/chef-config/config.rb

@@ -484,6 +484,14 @@ module ChefConfig
     # toggle info level log items that can create a lot of output
     default :verbose_logging, true
     default :node_name, nil
+
+    # When target mode is active, these hold the operator's original Chef Server
+    # identity so that API auth uses the admin credentials rather than the
+    # target node name.  Set in Chef::Application::Client#reconfigure before
+    # target_mode.enabled is flipped to true.
+    default :api_client_name, nil
+    default :api_client_key, nil
+
     default :diff_disabled,           false
     default :diff_filesize_threshold, 10000000
     default :diff_output_threshold,   1000000
@@ -1306,7 +1314,9 @@ module ChefConfig
     # sure Chef runs do not crash.
     # @api private
     def self.enable_fips_mode
+      # Enable FIPS mode in OpenSSL.
       OpenSSL.fips_mode = true
+
       require "digest" unless defined?(Digest)
       require "digest/sha1" unless defined?(Digest::SHA1)
       require "digest/md5" unless defined?(Digest::MD5)
@@ -1314,8 +1324,6 @@ module ChefConfig
       # amount of log spam and warnings.
       Digest.send(:remove_const, "SHA1") if Digest.const_defined?(:SHA1)
       Digest.const_set(:SHA1, OpenSSL::Digest::SHA1)
-      OpenSSL::Digest.send(:remove_const, "MD5") if OpenSSL::Digest.const_defined?(:MD5)
-      OpenSSL::Digest.const_set(:MD5, Digest::MD5)
       ChefConfig.logger.debug "FIPS mode is enabled."
     end
   end

data/lib/chef-config/mixin/fuzzy_hostname_matcher.rb

@@ -42,6 +42,11 @@ module ChefConfig
         # Do greedy matching by adding wildcard if it is not specified
         match = "*" + match unless match.start_with?("*")
         Fuzzyurl.matches?(Fuzzyurl.mask(hostname: match), hostname)
+      rescue ArgumentError
+        # Fuzzyurl cannot parse certain URL formats, notably IPv6 addresses
+        # (bare, bracketed, or embedded in URLs). When parsing fails, the URL
+        # cannot match a no_proxy pattern, so return false.
+        false
       end
 
     end

data/lib/chef-config/version.rb

@@ -15,5 +15,5 @@
 
 module ChefConfig
   CHEFCONFIG_ROOT = File.expand_path("..", __dir__)
-  VERSION = "19.1.164".freeze
+  VERSION = "19.2.98".freeze
 end

data/spec/unit/config_spec.rb

@@ -26,6 +26,9 @@ RSpec.describe ChefConfig::Config do
 
   before(:each) do
     ChefConfig::Config.reset
+    ChefConfig::Config.instance_variable_set(:@var_chef_dir, nil)
+    ChefConfig::Config.instance_variable_set(:@etc_chef_dir, nil)
+    ChefConfig::Config.instance_variable_set(:@var_root_dir, nil)
 
     # By default, treat deprecation warnings as errors in tests.
     ChefConfig::Config.treat_deprecation_warnings_as_errors(true)
@@ -245,16 +248,18 @@ RSpec.describe ChefConfig::Config do
     end
 
     context "on windows", :windows_only do
-      it "var_chef_dir is C:\\chef" do
-        expect(ChefConfig::Config.var_chef_dir).to eql("C:\\#{dirname}")
+      let(:windows_drive) { ChefConfig::Config.windows_installation_drive || "C:" }
+
+      it "var_chef_dir is on the windows installation drive" do
+        expect(ChefConfig::Config.var_chef_dir).to eql("#{windows_drive}\\#{dirname}")
       end
 
       it "var_root_dir is C:\\" do
         expect(ChefConfig::Config.var_root_dir).to eql("C:\\")
       end
 
-      it "etc_chef_dir is C:\\chef" do
-        expect(ChefConfig::Config.etc_chef_dir).to eql("C:\\#{dirname}")
+      it "etc_chef_dir is on the windows installation drive" do
+        expect(ChefConfig::Config.etc_chef_dir).to eql("#{windows_drive}\\#{dirname}")
       end
     end
 
@@ -273,16 +278,18 @@ RSpec.describe ChefConfig::Config do
     end
 
     context "when forced to windows" do
-      it "var_chef_dir is C:\\chef" do
-        expect(ChefConfig::Config.var_chef_dir(windows: true)).to eql("C:\\#{dirname}")
+      let(:windows_drive) { ChefConfig::Config.windows_installation_drive || "C:" }
+
+      it "var_chef_dir is on the windows installation drive" do
+        expect(ChefConfig::Config.var_chef_dir(windows: true)).to eql("#{windows_drive}\\#{dirname}")
       end
 
       it "var_root_dir is C:\\" do
         expect(ChefConfig::Config.var_root_dir(windows: true)).to eql("C:\\")
       end
 
-      it "etc_chef_dir is C:\\chef" do
-        expect(ChefConfig::Config.etc_chef_dir(windows: true)).to eql("C:\\#{dirname}")
+      it "etc_chef_dir is on the windows installation drive" do
+        expect(ChefConfig::Config.etc_chef_dir(windows: true)).to eql("#{windows_drive}\\#{dirname}")
       end
     end
 
@@ -728,9 +735,9 @@ RSpec.describe ChefConfig::Config do
 
         end
 
-        # On Windows, we'll detect an omnibus build and set this to the
+        # On Windows, we'll detect embedded install and set this to the
         # cacert.pem included in the package, but it's nil if you're on Windows
-        # w/o omnibus (e.g., doing development on Windows, custom build, etc.)
+        # w/o embedded install (e.g., doing development on Windows, custom build, etc.)
         unless is_windows
           it "ChefConfig::Config[:ssl_ca_file] defaults to nil" do
             expect(ChefConfig::Config[:ssl_ca_file]).to be_nil
@@ -860,7 +867,7 @@ RSpec.describe ChefConfig::Config do
           describe "finding the windows embedded dir" do
             let(:default_config_location) { "c:/opscode/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/config.rb" }
             let(:alternate_install_location) { "c:/my/alternate/install/place/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/config.rb" }
-            let(:non_omnibus_location) { "c:/my/dev/stuff/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/config.rb" }
+            let(:non_package_location) { "c:/my/dev/stuff/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/config.rb" }
 
             let(:default_ca_file) { "c:/opscode/chef/embedded/ssl/certs/cacert.pem" }
 
@@ -874,8 +881,8 @@ RSpec.describe ChefConfig::Config do
               expect(ChefConfig::Config.embedded_dir).to eq("c:/my/alternate/install/place/chef/embedded")
             end
 
-            it "doesn't error when not in an omnibus install" do
-              allow(ChefConfig::Config).to receive(:_this_file).and_return(non_omnibus_location)
+            it "doesn't error when not in an package install" do
+              allow(ChefConfig::Config).to receive(:_this_file).and_return(non_package_location)
               expect(ChefConfig::Config.embedded_dir).to be_nil
             end
 

data/spec/unit/fuzzy_hostname_matcher_spec.rb

@@ -0,0 +1,70 @@
+#
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "spec_helper"
+require "chef-config/mixin/fuzzy_hostname_matcher"
+
+RSpec.describe ChefConfig::Mixin::FuzzyHostnameMatcher do
+  let(:matcher) do
+    Class.new { include ChefConfig::Mixin::FuzzyHostnameMatcher }.new
+  end
+
+  describe "#fuzzy_hostname_match?" do
+    it "matches a hostname with a wildcard pattern" do
+      expect(matcher.fuzzy_hostname_match?("foo.example.com", "example.com")).to be true
+    end
+
+    it "does not match unrelated hostnames" do
+      expect(matcher.fuzzy_hostname_match?("foo.example.com", "other.com")).to be false
+    end
+
+    it "returns false for bare IPv6 addresses instead of raising" do
+      expect(matcher.fuzzy_hostname_match?("2001:db8::1", "example.com")).to be false
+    end
+
+    it "returns false for bracketed IPv6 addresses instead of raising" do
+      expect(matcher.fuzzy_hostname_match?("[2001:db8::1]", "example.com")).to be false
+    end
+
+    it "returns false for IPv6 URLs instead of raising" do
+      expect(matcher.fuzzy_hostname_match?("https://[2001:db8::1]/path", "example.com")).to be false
+    end
+  end
+
+  describe "#fuzzy_hostname_match_any?" do
+    it "returns false when hostname is nil" do
+      expect(matcher.fuzzy_hostname_match_any?(nil, "example.com")).to be false
+    end
+
+    it "returns false when matches is nil" do
+      expect(matcher.fuzzy_hostname_match_any?("foo.example.com", nil)).to be false
+    end
+
+    it "matches against comma-separated patterns" do
+      expect(matcher.fuzzy_hostname_match_any?("foo.example.com", "other.com, example.com")).to be true
+    end
+
+    it "returns false for IPv6 URLs with hostname no_proxy patterns" do
+      ipv6_url = "https://[2001:db8:abcd:ef01::1]/organizations/o3"
+      no_proxy = "gateway.example.net,internal.example.com"
+      expect(matcher.fuzzy_hostname_match_any?(ipv6_url, no_proxy)).to be false
+    end
+
+    it "returns false for bare IPv6 with hostname no_proxy patterns" do
+      expect(matcher.fuzzy_hostname_match_any?("2001:db8::1", "example.com,other.net")).to be false
+    end
+  end
+end

data/spec/unit/workstation_config_loader_spec.rb

@@ -480,11 +480,10 @@ RSpec.describe ChefConfig::WorkstationConfigLoader do
             node_name = 'barney'
             client_key = "barney_rubble.pem"
             chef_server_url = "https://api.chef.io/organizations/bedrock"
-            knife = {
-              secret_file = "/home/barney/.chef/encrypted_data_bag_secret.pem"
-            }
+
             [default.knife]
             ssh_user = "knife_ssh_user"
+            secret_file = "/home/barney/.chef/encrypted_data_bag_secret.pem"
           EOH
           content
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chef-config
 version: !ruby/object:Gem::Version
-  version: 19.1.164
+  version: 19.2.98
 platform: ruby
 authors:
 - Adam Jacob
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 19.1.164
+        version: 19.2.98
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 19.1.164
+        version: 19.2.98
 - !ruby/object:Gem::Dependency
   name: mixlib-shellout
   requirement: !ruby/object:Gem::Requirement
@@ -95,16 +95,22 @@ dependencies:
   name: tomlrb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: racc
   requirement: !ruby/object:Gem::Requirement
@@ -145,6 +151,7 @@ files:
 - spec/unit/config_spec.rb
 - spec/unit/credentials_spec.rb
 - spec/unit/fips_spec.rb
+- spec/unit/fuzzy_hostname_matcher_spec.rb
 - spec/unit/path_helper_spec.rb
 - spec/unit/workstation_config_loader_spec.rb
 homepage: https://github.com/chef/chef