chef 10.28.2 → 10.30.0.rc.0

data/lib/chef/provider/template.rb

@@ -34,12 +34,12 @@ class Chef
         @current_resource = Chef::Resource::Template.new(@new_resource.name)
         super
       end
-      
+
       def define_resource_requirements
         super
 
-        requirements.assert(:create, :create_if_missing) do |a| 
-          a.assertion { ::File::exist?(template_location) } 
+        requirements.assert(:create, :create_if_missing) do |a|
+          a.assertion { ::File::exist?(template_location) }
           a.failure_message "Template source #{template_location} could not be found."
           a.whyrun "Template source #{template_location} does not exist. Assuming it would have been created."
           a.block_action!
@@ -54,7 +54,7 @@ class Chef
             Chef::Log.debug("#{@new_resource} content has not changed.")
             set_all_access_controls
           else
-            description = [] 
+            description = []
             action_message = update ? "update #{@current_resource} from #{short_cksum(@current_resource.checksum)} to #{short_cksum(@new_resource.checksum)}" :
               "create #{@new_resource}"
             description << action_message
@@ -74,7 +74,7 @@ class Chef
               @new_resource.group(stat.gid)
             end
           end
-        end  
+        end
       end
 
 
@@ -112,6 +112,12 @@ class Chef
         render_template(IO.read(template_location), context, &block)
       end
 
+      def managing_content?
+        return true if @new_resource.checksum
+        return true if !@new_resource.source.nil? && @action != :create_if_missing
+        false
+      end
+
     end
   end
 end

data/lib/chef/provider/user/useradd.rb

@@ -51,7 +51,15 @@ class Chef
 
         def check_lock
           status = popen4("passwd -S #{@new_resource.username}") do |pid, stdin, stdout, stderr|
-            status_line = stdout.gets.split(' ')
+            output = stdout.gets
+            if whyrun_mode? && output.nil? && stderr.gets.match(/does not exist/)
+              # if we're in whyrun mode and the user is not yet created we assume it would be
+              return false
+            end
+
+            raise Chef::Exceptions::User, "Cannot determine if #{@new_resource} is locked!" if output.nil?
+
+            status_line = output.split(' ')
             case status_line[1]
             when /^P/
               @locked = false

data/lib/chef/provider/whyrun_safe_ruby_block.rb

@@ -0,0 +1,30 @@
+#
+# Author:: Phil Dibowitz (<phild@fb.com>)
+# Copyright:: Copyright (c) 2013 Facebook
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Provider
+    class WhyrunSafeRubyBlock < Chef::Provider::RubyBlock
+      def action_create
+        @new_resource.block.call
+        @new_resource.updated_by_last_action(true)
+        @run_context.events.resource_update_applied(@new_resource, :create, "execute the whyrun_safe_ruby_block #{@new_resource.name}")
+        Chef::Log.info("#{@new_resource} called")
+      end
+    end
+  end
+end

data/lib/chef/providers.rb

@@ -45,6 +45,7 @@ require 'chef/provider/service'
 require 'chef/provider/subversion'
 require 'chef/provider/template'
 require 'chef/provider/user'
+require 'chef/provider/whyrun_safe_ruby_block'
 
 require 'chef/provider/env/windows'
 

data/lib/chef/resource/group.rb

@@ -31,6 +31,7 @@ class Chef
         @group_name = name
         @gid = nil
         @members = []
+        @excluded_members = []
         @action = :create
         @append = false
         @allowed_actions.push(:create, :remove, :modify, :manage)
@@ -62,7 +63,16 @@ class Chef
       end
 
       alias_method :users, :members
- 
+
+      def excluded_members(arg=nil)
+        converted_members = arg.is_a?(String) ? [].push(arg) : arg
+        set_or_return(
+          :excluded_members,
+          converted_members,
+          :kind_of => [ Array ]
+        )
+      end
+
       def append(arg=nil)
         set_or_return(
           :append,

data/lib/chef/resource/whyrun_safe_ruby_block.rb

@@ -0,0 +1,31 @@
+#
+# Author:: Phil Dibowitz (<phild@fb.com>)
+# Copyright:: Copyright (c) 2013 Facebook
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Resource
+    class WhyrunSafeRubyBlock < Chef::Resource::RubyBlock
+
+      def initialize(name, run_context=nil)
+        super
+        @resource_name = :whyrun_safe_ruby_block
+        @provider = Chef::Provider::WhyrunSafeRubyBlock
+      end
+
+    end
+  end
+end

data/lib/chef/resources.rb

@@ -64,4 +64,5 @@ require 'chef/resource/smartos_package'
 require 'chef/resource/template'
 require 'chef/resource/timestamped_deploy'
 require 'chef/resource/user'
+require 'chef/resource/whyrun_safe_ruby_block'
 require 'chef/resource/yum_package'

data/lib/chef/rest.rb

@@ -275,7 +275,11 @@ class Chef
               response_body
             end
           elsif redirect_location = redirected_to(response)
-            follow_redirect {api_request(:GET, create_url(redirect_location))}
+            if [:GET, :HEAD].include?(method)
+              follow_redirect {api_request(method, create_url(redirect_location), headers)}
+            else
+              raise Exceptions::InvalidRedirect, "#{method} request was redirected from #{url} to #{redirect_location}. Only GET and HEAD support redirects."
+            end
           else
             # have to decompress the body before making an exception for it. But the body could be nil.
             response.body.replace(decompress_body(response)) if response.body.respond_to?(:replace)
@@ -332,7 +336,7 @@ class Chef
                 tempfile = stream_to_tempfile(url, r, &block)
                 yield tempfile
               ensure
-                tempfile.close!
+                tempfile && tempfile.close!
               end
             else
               tempfile = stream_to_tempfile(url, r)

data/lib/chef/rest/rest_request.rb

@@ -82,6 +82,10 @@ class Chef
         @url.host
       end
 
+      def hostname
+        @url.hostname
+      end
+
       def port
         @url.port
       end
@@ -155,12 +159,12 @@ class Chef
       def configure_http_client
         http_proxy = proxy_uri
         if http_proxy.nil?
-          @http_client = Net::HTTP.new(host, port)
+          @http_client = Net::HTTP.new(hostname, port)
         else
           Chef::Log.debug("Using #{http_proxy.host}:#{http_proxy.port} for proxy")
           user = Chef::Config["#{url.scheme}_proxy_user"]
           pass = Chef::Config["#{url.scheme}_proxy_pass"]
-          @http_client = Net::HTTP.Proxy(http_proxy.host, http_proxy.port, user, pass).new(host, port)
+          @http_client = Net::HTTP.Proxy(http_proxy.host, http_proxy.port, user, pass).new(hostname, port)
         end
         if url.scheme == HTTPS
           @http_client.use_ssl = true

data/lib/chef/util/windows/net_group.rb

@@ -63,7 +63,7 @@ class Chef::Util::Windows::NetGroup < Chef::Util::Windows
         members = 0.chr * (nread * (PTR_SIZE * 3)) #nread * sizeof(LOCALGROUP_MEMBERS_INFO_1)
         memcpy(members, ptr, members.size)
 
-        #3 pointer fields in LOCALGROUP_MEMBERS_INFO_1, offset 2*PTR_SIZE is lgrmi1_name
+        # 3 pointer fields in LOCALGROUP_MEMBERS_INFO_1, offset 2*PTR_SIZE is lgrmi1_name
         nread.times do |i|
           offset = (i * 3) + 2
           member = lpwstr_to_s(members, offset)
@@ -92,6 +92,10 @@ class Chef::Util::Windows::NetGroup < Chef::Util::Windows
     modify_members(members, NetLocalGroupAddMembers)
   end
 
+  def local_delete_members(members)
+    modify_members(members, NetLocalGroupDelMembers)
+  end
+
   def local_delete
     rc = NetLocalGroupDel.call(nil, @name)
     if rc != NERR_Success

data/lib/chef/version.rb

@@ -17,7 +17,7 @@
 
 class Chef
   CHEF_ROOT = File.dirname(File.expand_path(File.dirname(__FILE__)))
-  VERSION = '10.28.2'
+  VERSION = '10.30.0.rc.0'
 end
 
 # NOTE: the Chef::Version class is defined in version_class.rb

data/spec/functional/resource/base.rb

@@ -0,0 +1,40 @@
+#
+# Author:: Kaustubh Deorukhkar (<kaustubh@clogeny.com>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+def ohai
+  # provider is platform-dependent, we need platform ohai data:
+  @OHAI_SYSTEM ||= begin
+    ohai = Ohai::System.new
+    ohai.require_plugin("os")
+    ohai.require_plugin("platform")
+    ohai.require_plugin("passwd")
+    ohai
+  end
+end
+
+def run_context
+  @run_context ||= begin
+    node = Chef::Node.new
+    node.default[:platform] = ohai[:platform]
+    node.default[:platform_version] = ohai[:platform_version]
+    events = Chef::EventDispatch::Dispatcher.new
+    Chef::RunContext.new(node, {}, events)
+  end
+end

data/spec/functional/resource/group_spec.rb

@@ -0,0 +1,343 @@
+#
+# Author:: Chirag Jog (<chirag@clogeny.com>)
+# Author:: Siddheshwar More (<siddheshwar.more@clogeny.com>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'functional/resource/base'
+
+# Chef::Resource::Group are turned off on Mac OS X 10.6 due to caching
+# issues around Etc.getgrnam() not picking up the group membership
+# changes that are done on the system. Etc.endgrent is not functioning
+# correctly on certain 10.6 boxes.
+describe Chef::Resource::Group, :requires_root_or_running_windows, :not_supported_on_mac_osx_106 do
+  def group_should_exist(group)
+    case ohai[:platform_family]
+    when "debian", "fedora", "rhel", "suse", "gentoo", "slackware", "arch"
+      expect { Etc::getgrnam(group) }.to_not raise_error(ArgumentError, "can't find group for #{group}")
+      expect(group).to eq(Etc::getgrnam(group).name)
+    when "windows"
+      expect { Chef::Util::Windows::NetGroup.new(group).local_get_members }.to_not raise_error(ArgumentError, "The group name could not be found.")
+    end
+  end
+
+  def user_exist_in_group?(user)
+    case ohai[:platform_family]
+    when "windows"
+      Chef::Util::Windows::NetGroup.new(group_name).local_get_members.include?(user)
+    else
+      Etc::getgrnam(group_name).mem.include?(user)
+    end
+  end
+
+  def group_should_not_exist(group)
+    case ohai[:platform_family]
+    when "debian", "fedora", "rhel", "suse", "gentoo", "slackware", "arch"
+      expect { Etc::getgrnam(group) }.to raise_error(ArgumentError, "can't find group for #{group}")
+    when "windows"
+      expect { Chef::Util::Windows::NetGroup.new(group).local_get_members }.to raise_error(ArgumentError, "The group name could not be found.")
+    end
+  end
+
+  def compare_gid(resource, gid)
+    return resource.gid == Etc::getgrnam(resource.name).gid if unix?
+  end
+
+  def user(username)
+    usr = Chef::Resource::User.new("#{username}", run_context)
+    if ohai[:platform_family] == "windows"
+      usr.password("ComplexPass11!")
+    end
+    usr
+  end
+
+  def create_user(username)
+    user(username).run_action(:create)
+    # TODO: User shouldn't exist
+  end
+
+  def remove_user(username)
+    user(username).run_action(:remove)
+    # TODO: User shouldn't exist
+  end
+
+  shared_examples_for "correct group management" do
+    def add_members_to_group(members)
+      temp_resource = group_resource.dup
+      temp_resource.members(members)
+      temp_resource.excluded_members([ ])
+      temp_resource.append(true)
+      temp_resource.run_action(:modify)
+      members.each do |member|
+        user_exist_in_group?(member).should == true
+      end
+    end
+
+    def create_group
+      temp_resource = group_resource.dup
+      temp_resource.members([ ])
+      temp_resource.excluded_members([ ])
+      temp_resource.run_action(:create)
+      group_should_exist(group_name)
+      included_members.each do |member|
+        user_exist_in_group?(member).should == false
+      end
+    end
+
+    before(:each) do
+      create_group
+    end
+
+    after(:each) do
+      group_resource.run_action(:remove)
+      group_should_not_exist(group_name)
+    end
+
+    describe "when append is not set" do
+      let(:included_members) { ["spec-Eric"] }
+
+      before do
+        create_user("spec-Eric")
+        create_user("spec-Gordon")
+        add_members_to_group(["spec-Gordon"])
+      end
+
+      after do
+        remove_user("spec-Eric")
+        remove_user("spec-Gordon")
+      end
+
+      it "should remove the existing users and add the new users to the group" do
+        group_resource.run_action(tested_action)
+
+        user_exist_in_group?("spec-Eric").should == true
+        user_exist_in_group?("spec-Gordon").should == false
+      end
+    end
+
+    describe "when append is set" do
+      before(:each) do
+        group_resource.append(true)
+      end
+
+      describe "when the users exist" do
+        before do
+          (included_members + excluded_members).each do |member|
+            create_user(member)
+          end
+        end
+
+        after do
+          (included_members + excluded_members).each do |member|
+            remove_user(member)
+          end
+        end
+
+        it "should add included members to the group" do
+          group_resource.run_action(tested_action)
+
+          included_members.each do |member|
+            user_exist_in_group?(member).should == true
+          end
+          excluded_members.each do |member|
+            user_exist_in_group?(member).should == false
+          end
+        end
+
+        describe "when group contains some users" do
+          before(:each) do
+            add_members_to_group([ "spec-Gordon", "spec-Anthony" ])
+          end
+
+          it "should add the included users and remove excluded users" do
+            group_resource.run_action(tested_action)
+
+            included_members.each do |member|
+              user_exist_in_group?(member).should == true
+            end
+            excluded_members.each do |member|
+              user_exist_in_group?(member).should == false
+            end
+          end
+        end
+      end
+
+      describe "when the users doesn't exist" do
+        describe "when append is not set" do
+          it "should raise an error" do
+            lambda { @grp_resource.run_action(tested_action) }.should raise_error
+          end
+        end
+
+        describe "when append is set" do
+          it "should raise an error" do
+            lambda { @grp_resource.run_action(tested_action) }.should raise_error
+          end
+        end
+      end
+    end
+  end
+
+  let(:group_name) { "cheftest-#{SecureRandom.random_number(9999)}" }
+  let(:included_members) { nil }
+  let(:excluded_members) { nil }
+  let(:group_resource) {
+    group = Chef::Resource::Group.new(group_name, run_context)
+    group.members(included_members)
+    group.excluded_members(excluded_members)
+    group
+  }
+
+  it "append should be false by default" do
+    group_resource.append.should == false
+  end
+
+  describe "group create action" do
+    after(:each) do
+      group_resource.run_action(:remove)
+      group_should_not_exist(group_name)
+    end
+
+    it "should create a group" do
+      group_resource.run_action(:create)
+      group_should_exist(group_name)
+    end
+
+    describe "when group name is length 256", :windows_only do
+      let!(:group_name) { "theoldmanwalkingdownthestreetalwayshadagood\
+smileonhisfacetheoldmanwalkingdownthestreetalwayshadagoodsmileonhisface\
+theoldmanwalkingdownthestreetalwayshadagoodsmileonhisfacetheoldmanwalking\
+downthestreetalwayshadagoodsmileonhisfacetheoldmanwalkingdownthestree" }
+
+      it "should create a group" do
+        group_resource.run_action(:create)
+        group_should_exist(group_name)
+      end
+    end
+
+    describe "when group name length is more than 256", :windows_only do
+      let!(:group_name) { "theoldmanwalkingdownthestreetalwayshadagood\
+smileonhisfacetheoldmanwalkingdownthestreetalwayshadagoodsmileonhisface\
+theoldmanwalkingdownthestreetalwayshadagoodsmileonhisfacetheoldmanwalking\
+downthestreetalwayshadagoodsmileonhisfacetheoldmanwalkingdownthestreeQQQQQQ" }
+
+      it "should not create a group" do
+        lambda { group_resource.run_action(:create) }.should raise_error
+        group_should_not_exist(group_name)
+      end
+    end
+
+    # not_supported_on_solaris because of the use of excluded_members
+    describe "should raise an error when same member is included in the members and excluded_members", :not_supported_on_solaris do
+      it "should raise an error" do
+        invalid_resource = group_resource.dup
+        invalid_resource.members(["Jack"])
+        invalid_resource.excluded_members(["Jack"])
+        lambda { invalid_resource.run_action(:create)}.should raise_error(Chef::Exceptions::ConflictingMembersInGroup)
+      end
+    end
+  end
+
+  describe "group remove action" do
+    describe "when there is a group" do
+      before do
+        group_resource.run_action(:create)
+        group_should_exist(group_name)
+      end
+
+      it "should remove a group" do
+        group_resource.run_action(:remove)
+        group_should_not_exist(group_name)
+      end
+    end
+
+    describe "when there is no group" do
+      it "should be no-op" do
+        group_resource.run_action(:remove)
+        group_should_not_exist(group_name)
+      end
+    end
+  end
+
+  describe "group modify action", :not_supported_on_solaris do
+    let(:included_members) { ["spec-Gordon", "spec-Eric"] }
+    let(:excluded_members) { ["spec-Anthony"] }
+    let(:tested_action) { :modify }
+
+    describe "when there is no group" do
+      it "should raise an error" do
+        lambda { group_resource.run_action(:modify) }.should raise_error
+      end
+    end
+
+    describe "when there is a group" do
+      it_behaves_like "correct group management"
+    end
+  end
+
+  describe "group manage action", :not_supported_on_solaris do
+    let(:included_members) { ["spec-Gordon", "spec-Eric"] }
+    let(:excluded_members) { ["spec-Anthony"] }
+    let(:tested_action) { :manage }
+
+    describe "when there is no group" do
+      it "should raise an error" do
+        lambda { group_resource.run_action(:manage) }.should_not raise_error
+        group_should_not_exist(group_name)
+      end
+    end
+
+    describe "when there is a group" do
+      it_behaves_like "correct group management"
+    end
+  end
+
+  describe "group resource with Usermod provider", :solaris_only do
+    describe "when excluded_members is set" do
+      let(:excluded_members) { ["spec-Anthony"] }
+
+      it ":manage should raise an error" do
+        lambda {group_resource.run_action(:manage) }.should raise_error
+      end
+
+      it ":modify should raise an error" do
+        lambda {group_resource.run_action(:modify) }.should raise_error
+      end
+
+      it ":create should raise an error" do
+        lambda {group_resource.run_action(:create) }.should raise_error
+      end
+    end
+
+    describe "when append is not set" do
+      let(:included_members) { ["spec-Gordon", "spec-Eric"] }
+
+      before(:each) do
+        group_resource.append(false)
+      end
+
+      it ":manage should raise an error" do
+        lambda {group_resource.run_action(:manage) }.should raise_error
+      end
+
+      it ":modify should raise an error" do
+        lambda {group_resource.run_action(:modify) }.should raise_error
+      end
+    end
+  end
+end
+