chef-config 12.6.0 → 12.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 657659650232e1f20d20c8cceda2319dbbee9275
-  data.tar.gz: 5f0cae5b96b02972dad1c301fd519d74f0ad65dc
+  metadata.gz: c047f779b038a699254b016224341f17dc101bf2
+  data.tar.gz: 3d11e2f9b0cd958b1f71011b3aeadc5670ec2c1c
 SHA512:
-  metadata.gz: 4fe4c7d72f78259fffa316f4702f76a6fe3e7bf56c4e144f987eab0006b791f379514e4d53ec3ad90024cc8545722be3e04cc221dbd21d4d930e958f5c8d7ef4
-  data.tar.gz: b5c0b623957b8b30a3e75631fb7f96d9780cda43cbef580467cbad299714633a97d50649dba996e13117115cd09b870a926d49ec894bc4ae1809362a5bedcd1d
+  metadata.gz: 55c5e6793906b877d0ad42830833d1926ca8b72c157e766579e7d8f9908ebcfe53846824f99f9200b5c4d9348387a8a46248a0121e27a6b824d33b6ff23c6351
+  data.tar.gz: 13952e4469c1830144d67531f10b8376acf7e11592edf10f05661c72d1bcd0160bd6531e12df093f340190306b277a26516d3aa5781eea266cc9f803f5d5e112

data/Rakefile

@@ -1,14 +1,13 @@
-require 'rspec/core/rake_task'
-require 'chef-config/package_task'
+require "rspec/core/rake_task"
+require "chef-config/package_task"
 
-ChefConfig::PackageTask.new(File.expand_path('..', __FILE__), 'ChefConfig') do |package|
-  package.module_path = 'chef-config'
+ChefConfig::PackageTask.new(File.expand_path("..", __FILE__), "ChefConfig") do |package|
+  package.module_path = "chef-config"
 end
 
 task :default => :spec
 
 desc "Run standard specs"
 RSpec::Core::RakeTask.new(:spec) do |t|
-  t.pattern = FileList['spec/**/*_spec.rb']
+  t.pattern = FileList["spec/**/*_spec.rb"]
 end
-

data/chef-config.gemspec

@@ -1,7 +1,7 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'chef-config/version'
+require "chef-config/version"
 
 Gem::Specification.new do |spec|
   spec.name          = "chef-config"
@@ -20,12 +20,12 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "rake", "~> 10.0"
 
-  %w(rspec-core rspec-expectations rspec-mocks).each do |rspec|
+  %w{rspec-core rspec-expectations rspec-mocks}.each do |rspec|
     spec.add_development_dependency(rspec, "~> 3.2")
   end
 
-  spec.files = %w(Rakefile LICENSE README.md) + Dir.glob("*.gemspec") +
-    Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject {|f| File.directory?(f) }
+  spec.files = %w{Rakefile LICENSE README.md} + Dir.glob("*.gemspec") +
+               Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
 
   spec.bindir        = "bin"
   spec.executables   = []

data/lib/chef-config.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# Copyright:: Copyright 2015-2016, Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef-config/config.rb

@@ -1,10 +1,10 @@
 #
-# Author:: Adam Jacob (<adam@opscode.com>)
-# Author:: Christopher Brown (<cb@opscode.com>)
-# Author:: AJ Christensen (<aj@opscode.com>)
-# Author:: Mark Mzyk (<mmzyk@opscode.com>)
+# Author:: Adam Jacob (<adam@chef.io>)
+# Author:: Christopher Brown (<cb@chef.io>)
+# Author:: AJ Christensen (<aj@chef.io>)
+# Author:: Mark Mzyk (<mmzyk@chef.io>)
 # Author:: Kyle Goodwin (<kgoodwin@primerevenue.com>)
-# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# Copyright:: Copyright 2008-2016, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,14 +19,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'mixlib/config'
-require 'pathname'
+require "mixlib/config"
+require "pathname"
 
-require 'chef-config/logger'
-require 'chef-config/windows'
-require 'chef-config/path_helper'
-require 'mixlib/shellout'
-require 'uri'
+require "chef-config/logger"
+require "chef-config/windows"
+require "chef-config/path_helper"
+require "mixlib/shellout"
+require "uri"
+require "openssl"
 
 module ChefConfig
 
@@ -49,14 +50,14 @@ module ChefConfig
       path = PathHelper.cleanpath(path)
       if ChefConfig.windows?
         # turns \etc\chef\client.rb and \var\chef\client.rb into C:/chef/client.rb
-        if env['SYSTEMDRIVE'] && path[0] == '\\' && path.split('\\')[2] == 'chef'
-          path = PathHelper.join(env['SYSTEMDRIVE'], path.split('\\', 3)[2])
+        if env["SYSTEMDRIVE"] && path[0] == '\\' && path.split('\\')[2] == "chef"
+          path = PathHelper.join(env["SYSTEMDRIVE"], path.split('\\', 3)[2])
         end
       end
       path
     end
 
-    def self.add_formatter(name, file_path=nil)
+    def self.add_formatter(name, file_path = nil)
       formatters << [name, file_path]
     end
 
@@ -77,7 +78,7 @@ module ChefConfig
 
     default :formatters, []
 
-    def self.is_valid_url? uri
+    def self.is_valid_url?(uri)
       url = uri.to_s.strip
       /^http:\/\// =~ url || /^https:\/\// =~ url || /^chefzero:/ =~ url
     end
@@ -107,12 +108,14 @@ module ChefConfig
     default :chef_repo_path do
       if self.configuration[:cookbook_path]
         if self.configuration[:cookbook_path].kind_of?(String)
-          File.expand_path('..', self.configuration[:cookbook_path])
+          File.expand_path("..", self.configuration[:cookbook_path])
         else
           self.configuration[:cookbook_path].map do |path|
-            File.expand_path('..', path)
+            File.expand_path("..", path)
           end
         end
+      elsif configuration[:cookbook_artifact_path]
+        File.expand_path("..", self.configuration[:cookbook_artifact_path])
       else
         cache_path
       end
@@ -122,8 +125,8 @@ module ChefConfig
       # In local mode, we auto-discover the repo root by looking for a path with "cookbooks" under it.
       # This allows us to run config-free.
       path = cwd
-      until File.directory?(PathHelper.join(path, "cookbooks"))
-        new_path = File.expand_path('..', path)
+      until File.directory?(PathHelper.join(path, "cookbooks")) || File.directory?(PathHelper.join(path, "cookbook_artifacts"))
+        new_path = File.expand_path("..", path)
         if new_path == path
           ChefConfig.logger.warn("No cookbooks directory found at or above current directory.  Assuming #{Dir.pwd}.")
           return Dir.pwd
@@ -138,65 +141,73 @@ module ChefConfig
       if chef_repo_path.kind_of?(String)
         PathHelper.join(chef_repo_path, child_path)
       else
-        chef_repo_path.uniq.map { |path| PathHelper.join(path, child_path)}
+        chef_repo_path.uniq.map { |path| PathHelper.join(path, child_path) }
       end
     end
 
     # Location of acls on disk. String or array of strings.
     # Defaults to <chef_repo_path>/acls.
-    # Only applies to Enterprise Chef commands.
-    default(:acl_path) { derive_path_from_chef_repo_path('acls') }
+    default(:acl_path) { derive_path_from_chef_repo_path("acls") }
 
     # Location of clients on disk. String or array of strings.
     # Defaults to <chef_repo_path>/acls.
-    default(:client_path) { derive_path_from_chef_repo_path('clients') }
+    default(:client_path) { derive_path_from_chef_repo_path("clients") }
+
+    # Location of containers on disk. String or array of strings.
+    # Defaults to <chef_repo_path>/containers.
+    default(:container_path) { derive_path_from_chef_repo_path("containers") }
+
+    # Location of cookbook_artifacts on disk. String or array of strings.
+    # Defaults to <chef_repo_path>/cookbook_artifacts.
+    default(:cookbook_artifact_path) { derive_path_from_chef_repo_path("cookbook_artifacts") }
 
     # Location of cookbooks on disk. String or array of strings.
     # Defaults to <chef_repo_path>/cookbooks.  If chef_repo_path
     # is not specified, this is set to [/var/chef/cookbooks, /var/chef/site-cookbooks]).
     default(:cookbook_path) do
       if self.configuration[:chef_repo_path]
-        derive_path_from_chef_repo_path('cookbooks')
+        derive_path_from_chef_repo_path("cookbooks")
       else
-        Array(derive_path_from_chef_repo_path('cookbooks')).flatten +
-          Array(derive_path_from_chef_repo_path('site-cookbooks')).flatten
+        Array(derive_path_from_chef_repo_path("cookbooks")).flatten +
+          Array(derive_path_from_chef_repo_path("site-cookbooks")).flatten
       end
     end
 
-    # Location of containers on disk. String or array of strings.
-    # Defaults to <chef_repo_path>/containers.
-    # Only applies to Enterprise Chef commands.
-    default(:container_path) { derive_path_from_chef_repo_path('containers') }
-
     # Location of data bags on disk. String or array of strings.
     # Defaults to <chef_repo_path>/data_bags.
-    default(:data_bag_path) { derive_path_from_chef_repo_path('data_bags') }
+    default(:data_bag_path) { derive_path_from_chef_repo_path("data_bags") }
 
     # Location of environments on disk. String or array of strings.
     # Defaults to <chef_repo_path>/environments.
-    default(:environment_path) { derive_path_from_chef_repo_path('environments') }
+    default(:environment_path) { derive_path_from_chef_repo_path("environments") }
 
     # Location of groups on disk. String or array of strings.
     # Defaults to <chef_repo_path>/groups.
-    # Only applies to Enterprise Chef commands.
-    default(:group_path) { derive_path_from_chef_repo_path('groups') }
+    default(:group_path) { derive_path_from_chef_repo_path("groups") }
 
     # Location of nodes on disk. String or array of strings.
     # Defaults to <chef_repo_path>/nodes.
-    default(:node_path) { derive_path_from_chef_repo_path('nodes') }
+    default(:node_path) { derive_path_from_chef_repo_path("nodes") }
+
+    # Location of policies on disk. String or array of strings.
+    # Defaults to <chef_repo_path>/policies.
+    default(:policy_path) { derive_path_from_chef_repo_path("policies") }
+
+    # Location of policy_groups on disk. String or array of strings.
+    # Defaults to <chef_repo_path>/policy_groups.
+    default(:policy_group_path) { derive_path_from_chef_repo_path("policy_groups") }
 
     # Location of roles on disk. String or array of strings.
     # Defaults to <chef_repo_path>/roles.
-    default(:role_path) { derive_path_from_chef_repo_path('roles') }
+    default(:role_path) { derive_path_from_chef_repo_path("roles") }
 
     # Location of users on disk. String or array of strings.
     # Defaults to <chef_repo_path>/users.
-    # Does not apply to Enterprise Chef commands.
-    default(:user_path) { derive_path_from_chef_repo_path('users') }
+    default(:user_path) { derive_path_from_chef_repo_path("users") }
 
     # Location of policies on disk. String or array of strings.
     # Defaults to <chef_repo_path>/policies.
-    default(:policy_path) { derive_path_from_chef_repo_path('policies') }
+    default(:policy_path) { derive_path_from_chef_repo_path("policies") }
 
     # Turn on "path sanity" by default. See also: http://wiki.opscode.com/display/chef/User+Environment+PATH+Sanity
     default :enforce_path_sanity, true
@@ -214,7 +225,7 @@ module ChefConfig
     # this is under the user's home directory.
     default(:cache_path) do
       if local_mode
-        PathHelper.join(config_dir, 'local-mode-cache')
+        PathHelper.join(config_dir, "local-mode-cache")
       else
         primary_cache_root = platform_specific_path("/var")
         primary_cache_path = platform_specific_path("/var/chef")
@@ -223,7 +234,7 @@ module ChefConfig
         # Otherwise, we'll create .chef under the user's home directory and use that as
         # the cache path.
         unless path_accessible?(primary_cache_path) || path_accessible?(primary_cache_root)
-          secondary_cache_path = PathHelper.join(user_home, '.chef')
+          secondary_cache_path = PathHelper.join(user_home, ".chef")
           ChefConfig.logger.info("Unable to access cache at #{primary_cache_path}. Switching cache to #{secondary_cache_path}")
           secondary_cache_path
         else
@@ -297,6 +308,28 @@ module ChefConfig
     default :diff_output_threshold,   1000000
     default :local_mode, false
 
+    # Configures the mode of operation for ChefFS, which is applied to the
+    # ChefFS-based knife commands and chef-client's local mode. (ChefFS-based
+    # knife commands include: knife delete, knife deps, knife diff, knife down,
+    # knife edit, knife list, knife show, knife upload, and knife xargs.)
+    #
+    # Valid values are:
+    # * "static": ChefFS only manages objects that exist in a traditional Chef
+    #   Repo as of Chef 11.
+    # * "everything": ChefFS manages all object types that existed on the OSS
+    #   Chef 11 server.
+    # * "hosted_everything": ChefFS manages all object types as of the Chef 12
+    #   Server, including RBAC objects and Policyfile objects (new to Chef 12).
+    default :repo_mode do
+      if local_mode && !chef_zero.osc_compat
+        "hosted_everything"
+      elsif chef_server_url =~ /\/+organizations\/.+/
+        "hosted_everything"
+      else
+        "everything"
+      end
+    end
+
     default :pid_file, nil
 
     # Whether Chef Zero local mode should bind to a port. All internal requests
@@ -310,8 +343,23 @@ module ChefConfig
     config_context :chef_zero do
       config_strict_mode true
       default(:enabled) { ChefConfig::Config.local_mode }
-      default :host, 'localhost'
+      default :host, "localhost"
       default :port, 8889.upto(9999) # Will try ports from 8889-9999 until one works
+
+      # When set to a String, Chef Zero disables multitenant support.  This is
+      # what you want when using Chef Zero to serve a single Chef Repo. Setting
+      # this to `false` enables multi-tenant.
+      default :single_org, "chef"
+
+      # Whether Chef Zero should operate in a mode analogous to OSS Chef Server
+      # 11 (true) or Chef Server 12 (false). Chef Zero can still serve
+      # policyfile objects in Chef 11 mode, as long as `repo_mode` is set to
+      # "hosted_everything". The primary differences are:
+      # * Chef 11 mode doesn't support multi-tennant, so there is no
+      #   distinction between global and org-specific objects (since there are
+      #   no orgs).
+      # * Chef 11 mode doesn't expose RBAC objects
+      default :osc_compat, false
     end
     default :chef_server_url, "https://localhost:443"
 
@@ -319,7 +367,7 @@ module ChefConfig
       # if the chef_server_url is a path to an organization, aka
       # 'some_url.../organizations/*' then remove the '/organization/*' by default
       if self.configuration[:chef_server_url] =~ /\/organizations\/\S*$/
-         self.configuration[:chef_server_url].split('/')[0..-3].join('/')
+        self.configuration[:chef_server_url].split("/")[0..-3].join("/")
       elsif self.configuration[:chef_server_url] # default to whatever chef_server_url is
         self.configuration[:chef_server_url]
       else
@@ -401,7 +449,6 @@ module ChefConfig
     # effect if `policy_document_native_api` is set to `false`.
     default :deployment_group, nil
 
-
     # Set these to enable SSL authentication / mutual-authentication
     # with the server
 
@@ -442,21 +489,26 @@ module ChefConfig
     # Where should chef-solo download recipes from?
     default :recipe_url, nil
 
+    # Set to true if Chef is to set OpenSSL to run in FIPS mode
+    default(:fips) { ENV["CHEF_FIPS"] == "1" }
+
+    # Initialize openssl
+    def self.init_openssl
+      if fips
+        self.enable_fips_mode
+      end
+    end
+
     # Sets the version of the signed header authentication protocol to use (see
     # the 'mixlib-authorization' project for more detail). Currently, versions
-    # 1.0 and 1.1 are available; however, the chef-server must first be
-    # upgraded to support version 1.1 before clients can begin using it.
-    #
-    # Version 1.1 of the protocol is required when using a `node_name` greater
-    # than ~90 bytes (~90 ascii characters), so chef-client will automatically
-    # switch to using version 1.1 when `node_name` is too large for the 1.0
-    # protocol. If you intend to use large node names, ensure that your server
-    # supports version 1.1. Automatic detection of large node names means that
-    # users will generally not need to manually configure this.
-    #
-    # In the future, this configuration option may be replaced with an
-    # automatic negotiation scheme.
-    default :authentication_protocol_version, "1.0"
+    # 1.0, 1.1, and 1.3 are available.
+    default :authentication_protocol_version do
+      if fips
+        "1.3"
+      else
+        "1.1"
+      end
+    end
 
     # This key will be used to sign requests to the Chef server. This location
     # must be writable by Chef during initial setup when generating a client
@@ -745,7 +797,7 @@ module ChefConfig
     #   pass = password
     # @api private
     def self.export_proxy(scheme, path, user, pass)
-      path = "#{scheme}://#{path}" unless path.include?('://')
+      path = "#{scheme}://#{path}" unless path.include?("://")
       # URI.split returns the following parts:
       # [scheme, userinfo, host, port, registry, path, opaque, query, fragment]
       parts = URI.split(URI.encode(path))
@@ -753,7 +805,7 @@ module ChefConfig
       # returns a string for the port.
       parts[3] = parts[3].to_i if parts[3]
       if user && !user.empty?
-        userinfo = URI.encode(URI.encode(user), '@:')
+        userinfo = URI.encode(URI.encode(user), "@:")
         if pass
           userinfo << ":#{URI.encode(URI.encode(pass), '@:')}"
         end
@@ -767,8 +819,8 @@ module ChefConfig
 
     # @api private
     def self.export_no_proxy(value)
-      ENV['no_proxy'] = value unless ENV['no_proxy']
-      ENV['NO_PROXY'] = value unless ENV['NO_PROXY']
+      ENV["no_proxy"] = value unless ENV["no_proxy"]
+      ENV["NO_PROXY"] = value unless ENV["NO_PROXY"]
     end
 
     # Chef requires an English-language UTF-8 locale to function properly.  We attempt
@@ -796,12 +848,12 @@ module ChefConfig
       cmd.error!
       locales = cmd.stdout.split
       case
-      when locales.include?('C.UTF-8')
-        'C.UTF-8'
-      when locales.include?('en_US.UTF-8'), locales.include?('en_US.utf8')
-        'en_US.UTF-8'
-      when locales.include?('en.UTF-8')
-        'en.UTF-8'
+      when locales.include?("C.UTF-8")
+        "C.UTF-8"
+      when locales.include?("en_US.UTF-8"), locales.include?("en_US.utf8")
+        "en_US.UTF-8"
+      when locales.include?("en.UTF-8")
+        "en.UTF-8"
       else
         # Will match en_ZZ.UTF-8, en_ZZ.utf-8, en_ZZ.UTF8, en_ZZ.utf8
         guesses = locales.select { |l| l =~ /^en_.*UTF-?8$/i }
@@ -811,7 +863,7 @@ module ChefConfig
           guessed_locale.gsub(/UTF-?8$/i, "UTF-8")
         else
           ChefConfig.logger.warn "Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support."
-          'C'
+          "C"
         end
       end
     rescue
@@ -820,7 +872,7 @@ module ChefConfig
       else
         ChefConfig.logger.debug "No usable locale -a command found, assuming you have en_US.UTF-8 installed."
       end
-      'en_US.UTF-8'
+      "en_US.UTF-8"
     end
 
     default :internal_locale, guess_internal_locale
@@ -851,5 +903,18 @@ module ChefConfig
     def self._this_file
       File.expand_path(__FILE__)
     end
+
+    # Set fips mode in openssl. Do any patching necessary to make
+    # sure Chef runs do not crash.
+    # @api private
+    def self.enable_fips_mode
+      ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete."
+      OpenSSL.fips_mode = true
+      require "digest"
+      require "digest/sha1"
+      require "digest/md5"
+      Digest.const_set("SHA1", OpenSSL::Digest::SHA1)
+      OpenSSL::Digest.const_set("MD5", Digest::MD5)
+    end
   end
 end