chef-dk 2.3.4 → 2.4.17

data/lib/chef-dk/policyfile_services/install.rb

@@ -115,9 +115,9 @@ module ChefDK
 
       def update_lock_and_install(cookbooks_to_update)
         ui.msg "Updating #{cookbooks_to_update.join(',')} cookbooks"
-
         to_update = policyfile_lock.solution_dependencies.transitive_deps(cookbooks_to_update)
         prepare_constraints_for_update(to_update)
+        prepare_constraints_for_policies
         generate_lock_and_install
       end
 
@@ -139,6 +139,12 @@ module ChefDK
         end
       end
 
+      def prepare_constraints_for_policies
+        Policyfile::LockApplier.
+          new(policyfile_lock, policyfile_compiler).
+          apply!
+      end
+
       def install_from_lock
         ui.msg "Installing cookbooks from lock"
 

data/lib/chef-dk/policyfile_services/update_attributes.rb

@@ -17,6 +17,7 @@
 
 require "chef-dk/helpers"
 require "chef-dk/policyfile/storage_config"
+require "chef-dk/policyfile/lock_applier"
 require "chef-dk/service_exceptions"
 require "chef-dk/policyfile_compiler"
 
@@ -30,18 +31,21 @@ module ChefDK
 
       attr_reader :ui
       attr_reader :storage_config
+      attr_reader :chef_config
 
-      def initialize(policyfile: nil, ui: nil, root_dir: nil)
+      def initialize(policyfile: nil, ui: nil, root_dir: nil, chef_config: nil)
         @ui = ui
 
         policyfile_rel_path = policyfile || "Policyfile.rb"
         policyfile_full_path = File.expand_path(policyfile_rel_path, root_dir)
         @storage_config = Policyfile::StorageConfig.new.use_policyfile(policyfile_full_path)
         @updated = false
+        @chef_config = chef_config
       end
 
       def run
         assert_policy_and_lock_present!
+        prepare_constraints
 
         if policyfile_compiler.default_attributes != policyfile_lock.default_attributes
           policyfile_lock.default_attributes = policyfile_compiler.default_attributes
@@ -74,7 +78,7 @@ module ChefDK
       end
 
       def policyfile_compiler
-        @policyfile_compiler ||= ChefDK::PolicyfileCompiler.evaluate(policyfile_content, policyfile_expanded_path, ui: ui)
+        @policyfile_compiler ||= ChefDK::PolicyfileCompiler.evaluate(policyfile_content, policyfile_expanded_path, ui: ui, chef_config: chef_config)
       end
 
       def policyfile_lock_content
@@ -97,6 +101,10 @@ module ChefDK
         end
       end
 
+      def prepare_constraints
+        Policyfile::LockApplier.new(policyfile_lock, policyfile_compiler).
+          apply!
+      end
     end
   end
 end

data/lib/chef-dk/skeletons/code_generator/templates/default/recipe_spec.rb.erb

@@ -7,7 +7,7 @@
 require 'spec_helper'
 
 describe '<%= cookbook_name %>::<%= recipe_name %>' do
-  context 'When all attributes are default, on an Ubuntu 16.04' do
+  context 'When all attributes are default, on Ubuntu 16.04' do
     let(:chef_run) do
       # for a complete list of available platforms and versions see:
       # https://github.com/customink/fauxhai/blob/master/PLATFORMS.md
@@ -19,4 +19,17 @@ describe '<%= cookbook_name %>::<%= recipe_name %>' do
       expect { chef_run }.to_not raise_error
     end
   end
+
+  context 'When all attributes are default, on CentOS 7.4.1708' do
+    let(:chef_run) do
+      # for a complete list of available platforms and versions see:
+      # https://github.com/customink/fauxhai/blob/master/PLATFORMS.md
+      runner = ChefSpec::ServerRunner.new(platform: 'centos', version: '7.4.1708')
+      runner.converge(described_recipe)
+    end
+
+    it 'converges successfully' do
+      expect { chef_run }.to_not raise_error
+    end
+  end
 end

data/lib/chef-dk/version.rb

@@ -16,5 +16,5 @@
 #
 
 module ChefDK
-  VERSION = "2.3.4"
+  VERSION = "2.4.17"
 end

data/omnibus_overrides.rb

@@ -1,15 +1,15 @@
 # THIS IS NOW HAND MANAGED, JUST EDIT THE THING
 # .travis.yml and appveyor.yml consume this,
 # try to keep it machine-parsable.
-override :rubygems, version: "2.6.13"
-override :bundler, version: "1.15.1"
+override :rubygems, version: "2.6.14"
+override :bundler, version: "1.15.4"
 override "libffi", version: "3.2.1"
 override "libiconv", version: "1.15"
 override "liblzma", version: "5.2.3"
 override "libtool", version: "2.4.2"
-override "libxml2", version: "2.9.4"
-override "libxslt", version: "1.1.29"
-override "libyaml", version: "0.1.6"
+override "libxml2", version: "2.9.5"
+override "libxslt", version: "1.1.30"
+override "libyaml", version: "0.1.7"
 override "makedepend", version: "1.0.5"
 override "ncurses", version: "5.9"
 override "pkg-config-lite", version: "0.28-1"
@@ -19,4 +19,4 @@ override "util-macros", version: "1.19.0"
 override "xproto", version: "7.0.28"
 override "zlib", version: "1.2.11"
 override "libzmq", version: "4.0.7"
-override "openssl", version: "1.0.2l"
+override "openssl", version: "1.0.2m"

data/spec/unit/chef_server_api_multi_spec.rb

@@ -0,0 +1,120 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef-dk/chef_server_api_multi"
+
+describe ChefDK::ChefServerAPIMulti do
+
+  let(:url) { "https://chef.example/organizations/myorg" }
+
+  let(:opts) do
+    {
+      signing_key_filename: "/path/to/key.pem",
+      client_name: "example-user",
+    }
+  end
+
+  let(:expected_server_api_opts) do
+    {
+      signing_key_filename: "/path/to/key.pem",
+      client_name: "example-user",
+      keepalives: true,
+    }
+  end
+
+  let(:chef_server_api) { instance_double("Chef::ServerAPI") }
+
+  subject(:server_api_multi) { described_class.new(url, opts) }
+
+  before do
+    # clean out thread local storage or else `chef_server_api` instance double
+    # will get re-used across test examples and rspec will complain:
+    Thread.current[:chef_server_api_multi] = nil
+    allow(Chef::ServerAPI).to receive(:new).with(url, expected_server_api_opts).and_return(chef_server_api)
+  end
+
+  it "has a url" do
+    expect(server_api_multi.url).to eq(url)
+  end
+
+  it "has an options hash for Chef::ServerAPI, with `keepalives: true` added" do
+    expect(server_api_multi.opts).to eq(expected_server_api_opts)
+  end
+
+  it "creates a thread-local Chef::ServerAPI object for requests" do
+    server_api_multi.client_for_thread # force `||=` to run
+    expect(server_api_multi.client_for_thread).to eq(Thread.current[:chef_server_api_multi])
+  end
+
+  describe "when keepalives are disabled" do
+
+    let(:opts) do
+      {
+        signing_key_filename: "/path/to/key.pem",
+        client_name: "example-user",
+        keepalives: false,
+      }
+    end
+
+    it "does not override disabling them" do
+      expect(server_api_multi.opts[:keepalives]).to be(false)
+    end
+
+  end
+
+  describe "delegating request methods to thread-local ServerAPI object" do
+
+    it "delegates #head" do
+      expect(chef_server_api).to receive(:head).with("/foo")
+      server_api_multi.head("/foo")
+    end
+
+    it "delegates #get" do
+      expect(chef_server_api).to receive(:get).with("/foo")
+      server_api_multi.get("/foo")
+    end
+
+    it "delegates #put" do
+      expect(chef_server_api).to receive(:put).with("/foo", "data")
+      server_api_multi.put("/foo", "data")
+    end
+
+    it "delegates #post" do
+      expect(chef_server_api).to receive(:post).with("/foo", "data")
+      server_api_multi.post("/foo", "data")
+    end
+
+    it "delegates #delete" do
+      expect(chef_server_api).to receive(:delete).with("/foo")
+      server_api_multi.delete("/foo")
+    end
+
+    it "delegates #streaming_request" do
+      expect(chef_server_api).to receive(:streaming_request).with("/foo")
+      server_api_multi.streaming_request("/foo")
+    end
+
+    it "passes a block argument to #streaming_request" do
+      expect(chef_server_api).to receive(:streaming_request).with("/foo").and_yield
+      x = 0
+      server_api_multi.streaming_request("/foo") { x = 5 }
+      expect(x).to eq(5)
+    end
+
+  end
+end

data/spec/unit/command/update_spec.rb

@@ -82,7 +82,7 @@ describe ChefDK::Command::Update do
 
     it "creates an attributes update service object" do
       expect(ChefDK::PolicyfileServices::UpdateAttributes).to receive(:new).
-        with(policyfile: nil, ui: command.ui, root_dir: Dir.pwd).
+        with(policyfile: nil, ui: command.ui, root_dir: Dir.pwd, chef_config: anything).
         and_return(update_attrs_service)
       expect(command.attributes_updater).to eq(update_attrs_service)
     end
@@ -133,7 +133,7 @@ describe ChefDK::Command::Update do
       before do
         expect(install_service).to receive(:run)
         expect(ChefDK::PolicyfileServices::UpdateAttributes).to receive(:new).
-          with(policyfile: nil, ui: command.ui, root_dir: Dir.pwd).
+          with(policyfile: nil, ui: command.ui, root_dir: Dir.pwd, chef_config: anything).
           and_return(update_attrs_service)
         expect(update_attrs_service).to receive(:run)
       end
@@ -160,7 +160,7 @@ describe ChefDK::Command::Update do
       before do
         expect(install_service).to receive(:run).and_raise(exception)
         expect(ChefDK::PolicyfileServices::UpdateAttributes).to receive(:new).
-          with(policyfile: nil, ui: command.ui, root_dir: Dir.pwd).
+          with(policyfile: nil, ui: command.ui, root_dir: Dir.pwd, chef_config: anything).
           and_return(update_attrs_service)
         expect(update_attrs_service).to receive(:run)
       end

data/spec/unit/configurable_spec.rb

@@ -23,6 +23,8 @@ describe ChefDK::Configurable do
 
   let(:includer) { TestConfigurable.new }
 
+  before { includer.reset_config! }
+
   it "provides chef_config" do
     expect(includer.chef_config).to eq Chef::Config
   end
@@ -38,4 +40,29 @@ describe ChefDK::Configurable do
   it "provides generator_config" do
     expect(includer.generator_config).to eq Chef::Config.chefdk.generator
   end
+
+  describe "loading Chef Config" do
+
+    let(:url) { "https://chef.example/organizations/myorg" }
+
+    let(:key_path) { "/path/to/my/key.pem" }
+
+    let(:username) { "my-username" }
+
+    before do
+      Chef::Config.chef_server_url(url)
+      Chef::Config.client_key(key_path)
+      Chef::Config.node_name(username)
+      includer.chef_config
+    end
+
+    it "creates a default chef server HTTP client for Omnifetch" do
+      client = CookbookOmnifetch.default_chef_server_http_client
+      expect(client).to be_a_kind_of(ChefDK::ChefServerAPIMulti)
+      expect(client.url).to eq(url)
+      expect(client.opts[:signing_key_filename]).to eq(key_path)
+      expect(client.opts[:client_name]).to eq(username)
+    end
+
+  end
 end

data/spec/unit/policyfile/attribute_merge_checker_spec.rb

@@ -0,0 +1,80 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef-dk/policyfile/attribute_merge_checker"
+
+describe ChefDK::Policyfile::AttributeMergeChecker do
+  let(:checker) { ChefDK::Policyfile::AttributeMergeChecker.new }
+
+  describe "when the same attribute is provided multiple times with the same value" do
+    describe "at the top level" do
+      before do
+        checker.with_attributes("foo", { "a" => "b" })
+        checker.with_attributes("bar", { "a" => "b", "c" => "d" })
+      end
+
+      it "does not raise an error" do
+        expect { checker.check! }.not_to raise_error
+      end
+    end
+
+    describe "deeply nested" do
+      before do
+        checker.with_attributes("foo", { "a" => { "b" => "c" } })
+        checker.with_attributes("bar", { "a" => { "b" => "c" } })
+      end
+
+      it "does not raise an error" do
+        expect { checker.check! }.not_to raise_error
+      end
+    end
+  end
+
+  describe "when conflicts are present" do
+    describe "at the top level" do
+      before do
+        checker.with_attributes("foo", { "a" => "b" })
+        checker.with_attributes("bar", { "a" => "c", "c" => "d" })
+      end
+
+      it "raises an error" do
+        expect { checker.check! }.to raise_error(
+          ChefDK::Policyfile::AttributeMergeChecker::ConflictError) do |e|
+            expect(e.attribute_path).to eq("[a]")
+            expect(e.provided_by).to include("foo", "bar")
+          end
+      end
+    end
+
+    describe "deeply nested" do
+      before do
+        checker.with_attributes("foo", { "a" => { "b" => "c" } })
+        checker.with_attributes("bar", { "a" => { "b" => "d" } })
+      end
+
+      it "raises an error" do
+        expect { checker.check! }.to raise_error(
+          ChefDK::Policyfile::AttributeMergeChecker::ConflictError) do |e|
+            expect(e.attribute_path).to eq("[a][b]")
+            expect(e.provided_by).to include("foo", "bar")
+          end
+      end
+    end
+  end
+
+end

data/spec/unit/policyfile/chef_server_lock_fetcher_spec.rb

@@ -0,0 +1,161 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef-dk/policyfile/chef_server_lock_fetcher"
+
+describe ChefDK::Policyfile::ChefServerLockFetcher do
+
+  let(:revision_id) { "6fe753184c8946052d3231bb4212116df28d89a3a5f7ae52832ad408419dd5eb" }
+  let(:identifier) { "fab501cfaf747901bd82c1bc706beae7dc3a350c" }
+  let(:minimal_lockfile_json) do
+    <<-E
+{
+  "revision_id": "#{revision_id}",
+  "name": "install-example",
+  "run_list": [
+    "recipe[local-cookbook::default]"
+  ],
+  "cookbook_locks": {
+    "local-cookbook": {
+      "version": "2.3.4",
+      "identifier": "#{identifier}",
+      "dotted_decimal_identifier": "70567763561641081.489844270461035.258281553147148",
+      "source": "cookbooks/local-cookbook",
+      "cache_key": null,
+      "scm_info": null,
+      "source_options": {
+        "path": "cookbooks/local-cookbook"
+      }
+    }
+  },
+  "default_attributes": {},
+  "override_attributes": {},
+  "solution_dependencies": {
+    "Policyfile": [
+      [
+        "local-cookbook",
+        ">= 0.0.0"
+      ]
+    ],
+    "dependencies": {
+      "local-cookbook (2.3.4)": [
+
+      ]
+    }
+  }
+}
+E
+  end
+
+  def minimal_lockfile
+    FFI_Yajl::Parser.parse(minimal_lockfile_json)
+  end
+
+  let(:policy_name) { "chatserver" }
+  let(:policy_revision_id) { "somerevisionid" }
+  let(:policy_group) { "somegroup" }
+  let(:url) { "https://chef.example/organizations/monkeynews" }
+
+  let(:chef_config) do
+    double("ChefConfig").tap do |double|
+      allow(double).to receive(:client_key).and_return("key")
+      allow(double).to receive(:node_name).and_return("node_name")
+    end
+  end
+  let(:http_client) { instance_double("Chef::ServerAPI", url: url ) }
+
+  let(:minimal_lockfile_modified) do
+    minimal_lockfile.tap do |lockfile|
+      lockfile["cookbook_locks"]["local-cookbook"]["source_options"] = {
+        "chef_server_artifact" => url,
+        "identifier" => identifier,
+      }
+    end
+  end
+
+  subject(:fetcher) { described_class.new(policy_name, source_options, chef_config) }
+
+  before do
+    allow(Chef::ServerAPI).to receive(:new).with(url, anything).and_return(http_client)
+  end
+
+  context "when using revision id" do
+    let(:source_options) do
+      {
+        server: url,
+        policy_name: policy_name,
+        policy_revision_id: policy_revision_id,
+      }
+    end
+
+    it "calls the chef server to get the policy" do
+      expect(http_client).to receive(:get).with("policies/#{policy_name}/revisions/#{policy_revision_id}").
+        and_return(minimal_lockfile)
+      expect(fetcher.lock_data).to eq(minimal_lockfile_modified)
+    end
+
+    context "and policy_name is not provided" do
+      let(:source_options) do
+        {
+          server: url,
+          policy_revision_id: policy_revision_id,
+        }
+      end
+
+      it "calls the chef server to get the policy with the dsl name" do
+        expect(http_client).to receive(:get).with("policies/#{policy_name}/revisions/#{policy_revision_id}").
+          and_return(minimal_lockfile)
+        expect(fetcher.lock_data).to eq(minimal_lockfile_modified)
+      end
+    end
+  end
+
+  context "when using policy group" do
+    let(:source_options) do
+      {
+        server: url,
+        policy_name: policy_name,
+        policy_group: policy_group,
+      }
+    end
+
+    let(:source_options_for_lock) do
+      source_options.merge({ policy_revision_id: revision_id })
+    end
+
+    it "calls the chef server to get the policy" do
+      expect(http_client).to receive(:get).with("policy_groups/#{policy_group}/policies/#{policy_name}").
+        and_return(minimal_lockfile)
+      expect(fetcher.lock_data).to eq(minimal_lockfile_modified)
+    end
+
+    it "includes the revision id in the source_options_for_lock" do
+      allow(http_client).to receive(:get).with(
+        "policy_groups/#{policy_group}/policies/#{policy_name}").and_return(minimal_lockfile)
+
+      expect(fetcher.source_options_for_lock).to eq(source_options_for_lock)
+    end
+
+    it "correctly applies source_options that were included in the lock" do
+      fetcher.apply_locked_source_options(source_options_for_lock)
+      expect(http_client).to receive(:get).with(
+        "policies/#{policy_name}/revisions/#{revision_id}").and_return(minimal_lockfile)
+      fetcher.lock_data
+    end
+  end
+end