chef-config 12.6.0 → 12.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 657659650232e1f20d20c8cceda2319dbbee9275
4
- data.tar.gz: 5f0cae5b96b02972dad1c301fd519d74f0ad65dc
3
+ metadata.gz: c047f779b038a699254b016224341f17dc101bf2
4
+ data.tar.gz: 3d11e2f9b0cd958b1f71011b3aeadc5670ec2c1c
5
5
  SHA512:
6
- metadata.gz: 4fe4c7d72f78259fffa316f4702f76a6fe3e7bf56c4e144f987eab0006b791f379514e4d53ec3ad90024cc8545722be3e04cc221dbd21d4d930e958f5c8d7ef4
7
- data.tar.gz: b5c0b623957b8b30a3e75631fb7f96d9780cda43cbef580467cbad299714633a97d50649dba996e13117115cd09b870a926d49ec894bc4ae1809362a5bedcd1d
6
+ metadata.gz: 55c5e6793906b877d0ad42830833d1926ca8b72c157e766579e7d8f9908ebcfe53846824f99f9200b5c4d9348387a8a46248a0121e27a6b824d33b6ff23c6351
7
+ data.tar.gz: 13952e4469c1830144d67531f10b8376acf7e11592edf10f05661c72d1bcd0160bd6531e12df093f340190306b277a26516d3aa5781eea266cc9f803f5d5e112
data/Rakefile CHANGED
@@ -1,14 +1,13 @@
1
- require 'rspec/core/rake_task'
2
- require 'chef-config/package_task'
1
+ require "rspec/core/rake_task"
2
+ require "chef-config/package_task"
3
3
 
4
- ChefConfig::PackageTask.new(File.expand_path('..', __FILE__), 'ChefConfig') do |package|
5
- package.module_path = 'chef-config'
4
+ ChefConfig::PackageTask.new(File.expand_path("..", __FILE__), "ChefConfig") do |package|
5
+ package.module_path = "chef-config"
6
6
  end
7
7
 
8
8
  task :default => :spec
9
9
 
10
10
  desc "Run standard specs"
11
11
  RSpec::Core::RakeTask.new(:spec) do |t|
12
- t.pattern = FileList['spec/**/*_spec.rb']
12
+ t.pattern = FileList["spec/**/*_spec.rb"]
13
13
  end
14
-
data/chef-config.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
2
+ lib = File.expand_path("../lib", __FILE__)
3
3
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'chef-config/version'
4
+ require "chef-config/version"
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "chef-config"
@@ -20,12 +20,12 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_development_dependency "rake", "~> 10.0"
22
22
 
23
- %w(rspec-core rspec-expectations rspec-mocks).each do |rspec|
23
+ %w{rspec-core rspec-expectations rspec-mocks}.each do |rspec|
24
24
  spec.add_development_dependency(rspec, "~> 3.2")
25
25
  end
26
26
 
27
- spec.files = %w(Rakefile LICENSE README.md) + Dir.glob("*.gemspec") +
28
- Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject {|f| File.directory?(f) }
27
+ spec.files = %w{Rakefile LICENSE README.md} + Dir.glob("*.gemspec") +
28
+ Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
29
29
 
30
30
  spec.bindir = "bin"
31
31
  spec.executables = []
data/lib/chef-config.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  #
2
- # Copyright:: Copyright (c) 2015 Chef Software, Inc.
2
+ # Copyright:: Copyright 2015-2016, Chef Software, Inc.
3
3
  # License:: Apache License, Version 2.0
4
4
  #
5
5
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,10 +1,10 @@
1
1
  #
2
- # Author:: Adam Jacob (<adam@opscode.com>)
3
- # Author:: Christopher Brown (<cb@opscode.com>)
4
- # Author:: AJ Christensen (<aj@opscode.com>)
5
- # Author:: Mark Mzyk (<mmzyk@opscode.com>)
2
+ # Author:: Adam Jacob (<adam@chef.io>)
3
+ # Author:: Christopher Brown (<cb@chef.io>)
4
+ # Author:: AJ Christensen (<aj@chef.io>)
5
+ # Author:: Mark Mzyk (<mmzyk@chef.io>)
6
6
  # Author:: Kyle Goodwin (<kgoodwin@primerevenue.com>)
7
- # Copyright:: Copyright (c) 2008 Opscode, Inc.
7
+ # Copyright:: Copyright 2008-2016, Chef Software Inc.
8
8
  # License:: Apache License, Version 2.0
9
9
  #
10
10
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,14 +19,15 @@
19
19
  # See the License for the specific language governing permissions and
20
20
  # limitations under the License.
21
21
 
22
- require 'mixlib/config'
23
- require 'pathname'
22
+ require "mixlib/config"
23
+ require "pathname"
24
24
 
25
- require 'chef-config/logger'
26
- require 'chef-config/windows'
27
- require 'chef-config/path_helper'
28
- require 'mixlib/shellout'
29
- require 'uri'
25
+ require "chef-config/logger"
26
+ require "chef-config/windows"
27
+ require "chef-config/path_helper"
28
+ require "mixlib/shellout"
29
+ require "uri"
30
+ require "openssl"
30
31
 
31
32
  module ChefConfig
32
33
 
@@ -49,14 +50,14 @@ module ChefConfig
49
50
  path = PathHelper.cleanpath(path)
50
51
  if ChefConfig.windows?
51
52
  # turns \etc\chef\client.rb and \var\chef\client.rb into C:/chef/client.rb
52
- if env['SYSTEMDRIVE'] && path[0] == '\\' && path.split('\\')[2] == 'chef'
53
- path = PathHelper.join(env['SYSTEMDRIVE'], path.split('\\', 3)[2])
53
+ if env["SYSTEMDRIVE"] && path[0] == '\\' && path.split('\\')[2] == "chef"
54
+ path = PathHelper.join(env["SYSTEMDRIVE"], path.split('\\', 3)[2])
54
55
  end
55
56
  end
56
57
  path
57
58
  end
58
59
 
59
- def self.add_formatter(name, file_path=nil)
60
+ def self.add_formatter(name, file_path = nil)
60
61
  formatters << [name, file_path]
61
62
  end
62
63
 
@@ -77,7 +78,7 @@ module ChefConfig
77
78
 
78
79
  default :formatters, []
79
80
 
80
- def self.is_valid_url? uri
81
+ def self.is_valid_url?(uri)
81
82
  url = uri.to_s.strip
82
83
  /^http:\/\// =~ url || /^https:\/\// =~ url || /^chefzero:/ =~ url
83
84
  end
@@ -107,12 +108,14 @@ module ChefConfig
107
108
  default :chef_repo_path do
108
109
  if self.configuration[:cookbook_path]
109
110
  if self.configuration[:cookbook_path].kind_of?(String)
110
- File.expand_path('..', self.configuration[:cookbook_path])
111
+ File.expand_path("..", self.configuration[:cookbook_path])
111
112
  else
112
113
  self.configuration[:cookbook_path].map do |path|
113
- File.expand_path('..', path)
114
+ File.expand_path("..", path)
114
115
  end
115
116
  end
117
+ elsif configuration[:cookbook_artifact_path]
118
+ File.expand_path("..", self.configuration[:cookbook_artifact_path])
116
119
  else
117
120
  cache_path
118
121
  end
@@ -122,8 +125,8 @@ module ChefConfig
122
125
  # In local mode, we auto-discover the repo root by looking for a path with "cookbooks" under it.
123
126
  # This allows us to run config-free.
124
127
  path = cwd
125
- until File.directory?(PathHelper.join(path, "cookbooks"))
126
- new_path = File.expand_path('..', path)
128
+ until File.directory?(PathHelper.join(path, "cookbooks")) || File.directory?(PathHelper.join(path, "cookbook_artifacts"))
129
+ new_path = File.expand_path("..", path)
127
130
  if new_path == path
128
131
  ChefConfig.logger.warn("No cookbooks directory found at or above current directory. Assuming #{Dir.pwd}.")
129
132
  return Dir.pwd
@@ -138,65 +141,73 @@ module ChefConfig
138
141
  if chef_repo_path.kind_of?(String)
139
142
  PathHelper.join(chef_repo_path, child_path)
140
143
  else
141
- chef_repo_path.uniq.map { |path| PathHelper.join(path, child_path)}
144
+ chef_repo_path.uniq.map { |path| PathHelper.join(path, child_path) }
142
145
  end
143
146
  end
144
147
 
145
148
  # Location of acls on disk. String or array of strings.
146
149
  # Defaults to <chef_repo_path>/acls.
147
- # Only applies to Enterprise Chef commands.
148
- default(:acl_path) { derive_path_from_chef_repo_path('acls') }
150
+ default(:acl_path) { derive_path_from_chef_repo_path("acls") }
149
151
 
150
152
  # Location of clients on disk. String or array of strings.
151
153
  # Defaults to <chef_repo_path>/acls.
152
- default(:client_path) { derive_path_from_chef_repo_path('clients') }
154
+ default(:client_path) { derive_path_from_chef_repo_path("clients") }
155
+
156
+ # Location of containers on disk. String or array of strings.
157
+ # Defaults to <chef_repo_path>/containers.
158
+ default(:container_path) { derive_path_from_chef_repo_path("containers") }
159
+
160
+ # Location of cookbook_artifacts on disk. String or array of strings.
161
+ # Defaults to <chef_repo_path>/cookbook_artifacts.
162
+ default(:cookbook_artifact_path) { derive_path_from_chef_repo_path("cookbook_artifacts") }
153
163
 
154
164
  # Location of cookbooks on disk. String or array of strings.
155
165
  # Defaults to <chef_repo_path>/cookbooks. If chef_repo_path
156
166
  # is not specified, this is set to [/var/chef/cookbooks, /var/chef/site-cookbooks]).
157
167
  default(:cookbook_path) do
158
168
  if self.configuration[:chef_repo_path]
159
- derive_path_from_chef_repo_path('cookbooks')
169
+ derive_path_from_chef_repo_path("cookbooks")
160
170
  else
161
- Array(derive_path_from_chef_repo_path('cookbooks')).flatten +
162
- Array(derive_path_from_chef_repo_path('site-cookbooks')).flatten
171
+ Array(derive_path_from_chef_repo_path("cookbooks")).flatten +
172
+ Array(derive_path_from_chef_repo_path("site-cookbooks")).flatten
163
173
  end
164
174
  end
165
175
 
166
- # Location of containers on disk. String or array of strings.
167
- # Defaults to <chef_repo_path>/containers.
168
- # Only applies to Enterprise Chef commands.
169
- default(:container_path) { derive_path_from_chef_repo_path('containers') }
170
-
171
176
  # Location of data bags on disk. String or array of strings.
172
177
  # Defaults to <chef_repo_path>/data_bags.
173
- default(:data_bag_path) { derive_path_from_chef_repo_path('data_bags') }
178
+ default(:data_bag_path) { derive_path_from_chef_repo_path("data_bags") }
174
179
 
175
180
  # Location of environments on disk. String or array of strings.
176
181
  # Defaults to <chef_repo_path>/environments.
177
- default(:environment_path) { derive_path_from_chef_repo_path('environments') }
182
+ default(:environment_path) { derive_path_from_chef_repo_path("environments") }
178
183
 
179
184
  # Location of groups on disk. String or array of strings.
180
185
  # Defaults to <chef_repo_path>/groups.
181
- # Only applies to Enterprise Chef commands.
182
- default(:group_path) { derive_path_from_chef_repo_path('groups') }
186
+ default(:group_path) { derive_path_from_chef_repo_path("groups") }
183
187
 
184
188
  # Location of nodes on disk. String or array of strings.
185
189
  # Defaults to <chef_repo_path>/nodes.
186
- default(:node_path) { derive_path_from_chef_repo_path('nodes') }
190
+ default(:node_path) { derive_path_from_chef_repo_path("nodes") }
191
+
192
+ # Location of policies on disk. String or array of strings.
193
+ # Defaults to <chef_repo_path>/policies.
194
+ default(:policy_path) { derive_path_from_chef_repo_path("policies") }
195
+
196
+ # Location of policy_groups on disk. String or array of strings.
197
+ # Defaults to <chef_repo_path>/policy_groups.
198
+ default(:policy_group_path) { derive_path_from_chef_repo_path("policy_groups") }
187
199
 
188
200
  # Location of roles on disk. String or array of strings.
189
201
  # Defaults to <chef_repo_path>/roles.
190
- default(:role_path) { derive_path_from_chef_repo_path('roles') }
202
+ default(:role_path) { derive_path_from_chef_repo_path("roles") }
191
203
 
192
204
  # Location of users on disk. String or array of strings.
193
205
  # Defaults to <chef_repo_path>/users.
194
- # Does not apply to Enterprise Chef commands.
195
- default(:user_path) { derive_path_from_chef_repo_path('users') }
206
+ default(:user_path) { derive_path_from_chef_repo_path("users") }
196
207
 
197
208
  # Location of policies on disk. String or array of strings.
198
209
  # Defaults to <chef_repo_path>/policies.
199
- default(:policy_path) { derive_path_from_chef_repo_path('policies') }
210
+ default(:policy_path) { derive_path_from_chef_repo_path("policies") }
200
211
 
201
212
  # Turn on "path sanity" by default. See also: http://wiki.opscode.com/display/chef/User+Environment+PATH+Sanity
202
213
  default :enforce_path_sanity, true
@@ -214,7 +225,7 @@ module ChefConfig
214
225
  # this is under the user's home directory.
215
226
  default(:cache_path) do
216
227
  if local_mode
217
- PathHelper.join(config_dir, 'local-mode-cache')
228
+ PathHelper.join(config_dir, "local-mode-cache")
218
229
  else
219
230
  primary_cache_root = platform_specific_path("/var")
220
231
  primary_cache_path = platform_specific_path("/var/chef")
@@ -223,7 +234,7 @@ module ChefConfig
223
234
  # Otherwise, we'll create .chef under the user's home directory and use that as
224
235
  # the cache path.
225
236
  unless path_accessible?(primary_cache_path) || path_accessible?(primary_cache_root)
226
- secondary_cache_path = PathHelper.join(user_home, '.chef')
237
+ secondary_cache_path = PathHelper.join(user_home, ".chef")
227
238
  ChefConfig.logger.info("Unable to access cache at #{primary_cache_path}. Switching cache to #{secondary_cache_path}")
228
239
  secondary_cache_path
229
240
  else
@@ -297,6 +308,28 @@ module ChefConfig
297
308
  default :diff_output_threshold, 1000000
298
309
  default :local_mode, false
299
310
 
311
+ # Configures the mode of operation for ChefFS, which is applied to the
312
+ # ChefFS-based knife commands and chef-client's local mode. (ChefFS-based
313
+ # knife commands include: knife delete, knife deps, knife diff, knife down,
314
+ # knife edit, knife list, knife show, knife upload, and knife xargs.)
315
+ #
316
+ # Valid values are:
317
+ # * "static": ChefFS only manages objects that exist in a traditional Chef
318
+ # Repo as of Chef 11.
319
+ # * "everything": ChefFS manages all object types that existed on the OSS
320
+ # Chef 11 server.
321
+ # * "hosted_everything": ChefFS manages all object types as of the Chef 12
322
+ # Server, including RBAC objects and Policyfile objects (new to Chef 12).
323
+ default :repo_mode do
324
+ if local_mode && !chef_zero.osc_compat
325
+ "hosted_everything"
326
+ elsif chef_server_url =~ /\/+organizations\/.+/
327
+ "hosted_everything"
328
+ else
329
+ "everything"
330
+ end
331
+ end
332
+
300
333
  default :pid_file, nil
301
334
 
302
335
  # Whether Chef Zero local mode should bind to a port. All internal requests
@@ -310,8 +343,23 @@ module ChefConfig
310
343
  config_context :chef_zero do
311
344
  config_strict_mode true
312
345
  default(:enabled) { ChefConfig::Config.local_mode }
313
- default :host, 'localhost'
346
+ default :host, "localhost"
314
347
  default :port, 8889.upto(9999) # Will try ports from 8889-9999 until one works
348
+
349
+ # When set to a String, Chef Zero disables multitenant support. This is
350
+ # what you want when using Chef Zero to serve a single Chef Repo. Setting
351
+ # this to `false` enables multi-tenant.
352
+ default :single_org, "chef"
353
+
354
+ # Whether Chef Zero should operate in a mode analogous to OSS Chef Server
355
+ # 11 (true) or Chef Server 12 (false). Chef Zero can still serve
356
+ # policyfile objects in Chef 11 mode, as long as `repo_mode` is set to
357
+ # "hosted_everything". The primary differences are:
358
+ # * Chef 11 mode doesn't support multi-tennant, so there is no
359
+ # distinction between global and org-specific objects (since there are
360
+ # no orgs).
361
+ # * Chef 11 mode doesn't expose RBAC objects
362
+ default :osc_compat, false
315
363
  end
316
364
  default :chef_server_url, "https://localhost:443"
317
365
 
@@ -319,7 +367,7 @@ module ChefConfig
319
367
  # if the chef_server_url is a path to an organization, aka
320
368
  # 'some_url.../organizations/*' then remove the '/organization/*' by default
321
369
  if self.configuration[:chef_server_url] =~ /\/organizations\/\S*$/
322
- self.configuration[:chef_server_url].split('/')[0..-3].join('/')
370
+ self.configuration[:chef_server_url].split("/")[0..-3].join("/")
323
371
  elsif self.configuration[:chef_server_url] # default to whatever chef_server_url is
324
372
  self.configuration[:chef_server_url]
325
373
  else
@@ -401,7 +449,6 @@ module ChefConfig
401
449
  # effect if `policy_document_native_api` is set to `false`.
402
450
  default :deployment_group, nil
403
451
 
404
-
405
452
  # Set these to enable SSL authentication / mutual-authentication
406
453
  # with the server
407
454
 
@@ -442,21 +489,26 @@ module ChefConfig
442
489
  # Where should chef-solo download recipes from?
443
490
  default :recipe_url, nil
444
491
 
492
+ # Set to true if Chef is to set OpenSSL to run in FIPS mode
493
+ default(:fips) { ENV["CHEF_FIPS"] == "1" }
494
+
495
+ # Initialize openssl
496
+ def self.init_openssl
497
+ if fips
498
+ self.enable_fips_mode
499
+ end
500
+ end
501
+
445
502
  # Sets the version of the signed header authentication protocol to use (see
446
503
  # the 'mixlib-authorization' project for more detail). Currently, versions
447
- # 1.0 and 1.1 are available; however, the chef-server must first be
448
- # upgraded to support version 1.1 before clients can begin using it.
449
- #
450
- # Version 1.1 of the protocol is required when using a `node_name` greater
451
- # than ~90 bytes (~90 ascii characters), so chef-client will automatically
452
- # switch to using version 1.1 when `node_name` is too large for the 1.0
453
- # protocol. If you intend to use large node names, ensure that your server
454
- # supports version 1.1. Automatic detection of large node names means that
455
- # users will generally not need to manually configure this.
456
- #
457
- # In the future, this configuration option may be replaced with an
458
- # automatic negotiation scheme.
459
- default :authentication_protocol_version, "1.0"
504
+ # 1.0, 1.1, and 1.3 are available.
505
+ default :authentication_protocol_version do
506
+ if fips
507
+ "1.3"
508
+ else
509
+ "1.1"
510
+ end
511
+ end
460
512
 
461
513
  # This key will be used to sign requests to the Chef server. This location
462
514
  # must be writable by Chef during initial setup when generating a client
@@ -745,7 +797,7 @@ module ChefConfig
745
797
  # pass = password
746
798
  # @api private
747
799
  def self.export_proxy(scheme, path, user, pass)
748
- path = "#{scheme}://#{path}" unless path.include?('://')
800
+ path = "#{scheme}://#{path}" unless path.include?("://")
749
801
  # URI.split returns the following parts:
750
802
  # [scheme, userinfo, host, port, registry, path, opaque, query, fragment]
751
803
  parts = URI.split(URI.encode(path))
@@ -753,7 +805,7 @@ module ChefConfig
753
805
  # returns a string for the port.
754
806
  parts[3] = parts[3].to_i if parts[3]
755
807
  if user && !user.empty?
756
- userinfo = URI.encode(URI.encode(user), '@:')
808
+ userinfo = URI.encode(URI.encode(user), "@:")
757
809
  if pass
758
810
  userinfo << ":#{URI.encode(URI.encode(pass), '@:')}"
759
811
  end
@@ -767,8 +819,8 @@ module ChefConfig
767
819
 
768
820
  # @api private
769
821
  def self.export_no_proxy(value)
770
- ENV['no_proxy'] = value unless ENV['no_proxy']
771
- ENV['NO_PROXY'] = value unless ENV['NO_PROXY']
822
+ ENV["no_proxy"] = value unless ENV["no_proxy"]
823
+ ENV["NO_PROXY"] = value unless ENV["NO_PROXY"]
772
824
  end
773
825
 
774
826
  # Chef requires an English-language UTF-8 locale to function properly. We attempt
@@ -796,12 +848,12 @@ module ChefConfig
796
848
  cmd.error!
797
849
  locales = cmd.stdout.split
798
850
  case
799
- when locales.include?('C.UTF-8')
800
- 'C.UTF-8'
801
- when locales.include?('en_US.UTF-8'), locales.include?('en_US.utf8')
802
- 'en_US.UTF-8'
803
- when locales.include?('en.UTF-8')
804
- 'en.UTF-8'
851
+ when locales.include?("C.UTF-8")
852
+ "C.UTF-8"
853
+ when locales.include?("en_US.UTF-8"), locales.include?("en_US.utf8")
854
+ "en_US.UTF-8"
855
+ when locales.include?("en.UTF-8")
856
+ "en.UTF-8"
805
857
  else
806
858
  # Will match en_ZZ.UTF-8, en_ZZ.utf-8, en_ZZ.UTF8, en_ZZ.utf8
807
859
  guesses = locales.select { |l| l =~ /^en_.*UTF-?8$/i }
@@ -811,7 +863,7 @@ module ChefConfig
811
863
  guessed_locale.gsub(/UTF-?8$/i, "UTF-8")
812
864
  else
813
865
  ChefConfig.logger.warn "Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support."
814
- 'C'
866
+ "C"
815
867
  end
816
868
  end
817
869
  rescue
@@ -820,7 +872,7 @@ module ChefConfig
820
872
  else
821
873
  ChefConfig.logger.debug "No usable locale -a command found, assuming you have en_US.UTF-8 installed."
822
874
  end
823
- 'en_US.UTF-8'
875
+ "en_US.UTF-8"
824
876
  end
825
877
 
826
878
  default :internal_locale, guess_internal_locale
@@ -851,5 +903,18 @@ module ChefConfig
851
903
  def self._this_file
852
904
  File.expand_path(__FILE__)
853
905
  end
906
+
907
+ # Set fips mode in openssl. Do any patching necessary to make
908
+ # sure Chef runs do not crash.
909
+ # @api private
910
+ def self.enable_fips_mode
911
+ ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete."
912
+ OpenSSL.fips_mode = true
913
+ require "digest"
914
+ require "digest/sha1"
915
+ require "digest/md5"
916
+ Digest.const_set("SHA1", OpenSSL::Digest::SHA1)
917
+ OpenSSL::Digest.const_set("MD5", Digest::MD5)
918
+ end
854
919
  end
855
920
  end