chef 11.0.0.beta.0 → 11.0.0.beta.1

data/lib/chef/version.rb

@@ -17,7 +17,7 @@
 
 class Chef
   CHEF_ROOT = File.dirname(File.expand_path(File.dirname(__FILE__)))
-  VERSION = '11.0.0.beta.0'
+  VERSION = '11.0.0.beta.1'
 end
 
 # NOTE: the Chef::Version class is defined in version_class.rb

data/lib/chef/win32/api/security.rb

@@ -226,6 +226,50 @@ class Chef
              :SidTypeLabel
         ]
 
+        TOKEN_INFORMATION_CLASS = enum :TOKEN_INFORMATION_CLASS, [
+             :TokenUser, 1,
+             :TokenGroups,
+             :TokenPrivileges,
+             :TokenOwner,
+             :TokenPrimaryGroup,
+             :TokenDefaultDacl,
+             :TokenSource,
+             :TokenType,
+             :TokenImpersonationLevel,
+             :TokenStatistics,
+             :TokenRestrictedSids,
+             :TokenSessionId,
+             :TokenGroupsAndPrivileges,
+             :TokenSessionReference,
+             :TokenSandBoxInert,
+             :TokenAuditPolicy,
+             :TokenOrigin,
+             :TokenElevationType,
+             :TokenLinkedToken,
+             :TokenElevation,
+             :TokenHasRestrictions,
+             :TokenAccessInformation,
+             :TokenVirtualizationAllowed,
+             :TokenVirtualizationEnabled,
+             :TokenIntegrityLevel,
+             :TokenUIAccess,
+             :TokenMandatoryPolicy,
+             :TokenLogonSid,
+             :TokenIsAppContainer,
+             :TokenCapabilities,
+             :TokenAppContainerSid,
+             :TokenAppContainerNumber,
+             :TokenUserClaimAttributes,
+             :TokenDeviceClaimAttributes,
+             :TokenRestrictedUserClaimAttributes,
+             :TokenRestrictedDeviceClaimAttributes,
+             :TokenDeviceGroups,
+             :TokenRestrictedDeviceGroups,
+             :TokenSecurityAttributes,
+             :TokenIsRestricted,
+             :MaxTokenInfoClass
+        ]
+
         # SECURITY_DESCRIPTOR is an opaque structure whose contents can vary.  Pass the
         # pointer around and free it with LocalFree.
         # http://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
@@ -334,7 +378,7 @@ class Chef
         safe_attach_function :SetSecurityDescriptorGroup, [ :pointer, :pointer, :BOOL ], :BOOL
         safe_attach_function :SetSecurityDescriptorOwner, [ :pointer, :pointer, :BOOL ], :BOOL
         safe_attach_function :SetSecurityDescriptorSacl, [ :pointer, :BOOL, :pointer, :BOOL ], :BOOL
-
+        safe_attach_function :GetTokenInformation, [ :HANDLE, :TOKEN_INFORMATION_CLASS, :pointer, :DWORD, :PDWORD ], :BOOL
       end
     end
   end

data/lib/chef/win32/registry.rb

@@ -21,6 +21,7 @@ require 'chef/reserved_names'
 if RUBY_PLATFORM =~ /mswin|mingw32|windows/
   require 'win32/registry'
   require 'ruby-wmi'
+  require 'win32/api'
 end
 
 class Chef
@@ -115,28 +116,38 @@ class Chef
           Chef::Log.debug("Registry key #{key_path}, does not exist, not deleting")
           return true
         end
-        hive, key = get_hive_and_key(key_path)
-        key_parent = key.split("\\")
-        key_to_delete = key_parent.pop
-        key_parent = key_parent.join("\\")
+        #key_path is in the form "HKLM\Software\Opscode" for example, extracting
+        #hive = HKLM,
+        #hive_namespace = ::Win32::Registry::HKEY_LOCAL_MACHINE
+        hive = key_path.split("\\").shift
+        hive_namespace, key_including_parent = get_hive_and_key(key_path)
         if has_subkeys?(key_path)
           if recursive == true
-            hive.open(key_parent, ::Win32::Registry::KEY_WRITE | registry_system_architecture) do |reg|
+            subkeys = get_subkeys(key_path)
+            subkeys.each do |key|
+              keypath_to_check = hive+"\\"+key_including_parent+"\\"+key
               Chef::Log.debug("Deleting registry key #{key_path} recursively")
-              reg.delete_key(key_to_delete,recursive)
+              delete_key(keypath_to_check, true)
             end
+            delete_key_ex(hive_namespace, key_including_parent)
           else
             raise Chef::Exceptions::Win32RegNoRecursive, "Registry key #{key_path} has subkeys, and recursive not specified"
           end
         else
-          hive.open(key_parent, ::Win32::Registry::KEY_WRITE | registry_system_architecture) do |reg|
-            Chef::Log.debug("Deleting registry key #{key_path}")
-            reg.delete_key(key_to_delete)
-          end
+          delete_key_ex(hive_namespace, key_including_parent)
+          return true
         end
         true
       end
 
+      #Using the 'RegDeleteKeyEx' Windows API that correctly supports WOW64 systems (Win2003)
+      #instead of the 'RegDeleteKey'
+      def delete_key_ex(hive, key)
+        regDeleteKeyEx = ::Win32::API.new('RegDeleteKeyEx', 'LPLL', 'L', 'advapi32')
+        hive_num = hive.hkey - (1 << 32)
+        regDeleteKeyEx.call(hive_num, key, ::Win32::Registry::KEY_WRITE | registry_system_architecture, 0)
+      end
+
       def key_exists?(key_path)
         hive, key = get_hive_and_key(key_path)
         begin
@@ -204,8 +215,8 @@ class Chef
         hive.open(key, ::Win32::Registry::KEY_READ | registry_system_architecture) do |reg|
           reg.each do |val_name, val_type, val_data|
             if val_name == value[:name] &&
-               val_type == get_type_from_name(value[:type]) &&
-               val_data == value[:data]
+              val_type == get_type_from_name(value[:type]) &&
+              val_data == value[:data]
               return true
             end
           end

data/lib/chef/win32/security.rb

@@ -478,6 +478,25 @@ class Chef
           token.adjust_privileges(old_privileges)
         end
       end
+
+      # Checks if the caller has the admin privileges in their
+      # security token
+      def self.has_admin_privileges?
+        if Chef::Platform.windows_server_2003?
+          # Admin privileges do not exist on Windows Server 2003
+
+          true
+        else
+          process_token = open_process_token(Chef::ReservedNames::Win32::Process.get_current_process, TOKEN_READ)
+          elevation_result = FFI::Buffer.new(:ulong)
+          elevation_result_size = FFI::MemoryPointer.new(:uint32)
+          success = GetTokenInformation(process_token.handle.handle, :TokenElevation, elevation_result, 4, elevation_result_size)
+
+          # Assume process is not elevated if the call fails.
+          # Process is elevated if the result is different than 0.
+          success && (elevation_result.read_ulong != 0)
+        end
+      end
     end
   end
 end

data/spec/data/shef-config.rb

@@ -3,5 +3,8 @@ Ohai::Config[:disabled_plugins] <<  "virtualization" << "darwin::virtualization"
 Ohai::Config[:disabled_plugins] << 'darwin::uptime' << 'darwin::filesystem' << 'dmi' << 'lanuages' << 'perl' << 'python' << 'java' 
 Ohai::Config[:disabled_plugins] << "linux::block_device" << "linux::kernel" << "linux::ssh_host_key" << "linux::virtualization"
 Ohai::Config[:disabled_plugins] << "linux::cpu" << "linux::memory" << "ec2" << "rackspace" << "eucalyptus" << "ip_scopes"
+Ohai::Config[:disabled_plugins] << "solaris2::cpu" << "solaris2::dmi" << "solaris2::filesystem" << "solaris2::kernel"
+Ohai::Config[:disabled_plugins] << "solaris2::virtualization" << "solaris2::zpools"
 Ohai::Config[:disabled_plugins] << 'c' << 'php' << 'mono' << 'groovy' << 'lua' << 'erlang'
+Ohai::Config[:disabled_plugins] << "kernel" << "linux::filesystem" << "ruby"
 

data/spec/functional/knife/smoke_test.rb

@@ -0,0 +1,34 @@
+#
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+describe "knife smoke tests" do
+
+  # Since our specs load all code, there could be a case where knife does not
+  # run correctly b/c of a missing require, but is not caught by other tests.
+  #
+  # We run `knife -v` to verify that knife at least loads all its code.
+  it "can run and print its version" do
+    knife_path = File.expand_path("../../bin/knife", CHEF_SPEC_DATA)
+    knife_cmd = Mixlib::ShellOut.new("#{knife_path} -v")
+    knife_cmd.run_command
+    knife_cmd.error!
+    knife_cmd.stdout.should include(Chef::VERSION)
+  end
+end

data/spec/functional/resource/cookbook_file_spec.rb

@@ -60,4 +60,23 @@ describe Chef::Resource::CookbookFile do
   end
 
   it_behaves_like "a file resource"
+
+  # These examples cover CHEF-3467 where unexpected and incorrect
+  # permissions can result on Windows because CookbookFile's
+  # implementation
+  # stages files in temp.
+  context "targets a file outside of the system temp directory" do
+    let(:windows_non_temp_dir) { File.join(ENV['systemdrive'], make_tmpname(file_base, "non-temp")) }
+    let(:path) { File.join(windows_non_temp_dir, make_tmpname(file_base, nil)) }
+
+    before do
+      FileUtils::mkdir_p(windows_non_temp_dir) if Chef::Platform.windows?
+    end
+
+    after do
+      FileUtils.rm_r(windows_non_temp_dir) if Chef::Platform.windows? && File.exists?(windows_non_temp_dir)
+    end
+
+    it_behaves_like "a file that inherits permissions from a parent directory"
+  end
 end

data/spec/functional/resource/registry_spec.rb

@@ -54,20 +54,16 @@ describe Chef::Resource::RegistryKey, :windows_only do
   let(:resource_name) { "This is the name of my Resource" }
 
   def clean_registry
-    # clean 64-bit space on WOW64
-    begin
-      hive_class.open(key_parent, Win32::Registry::KEY_WRITE | 0x0100) do |reg|
-        reg.delete_key(child, true)
-      end
-    rescue
+    if windows64?
+      # clean 64-bit space on WOW64
+      @registry.architecture = :x86_64
+      @registry.delete_key(reg_parent, true)
+      @registry.architecture = :machine
     end
     # clean 32-bit space on WOW64
-    begin
-      hive_class.open(key_parent, Win32::Registry::KEY_WRITE | 0x0200) do |reg|
-        reg.delete_key(child, true)
-      end
-    rescue
-    end
+    @registry.architecture = :i386
+    @registry.delete_key(reg_parent, true)
+    @registry.architecture = :machine
   end
 
   def reset_registry

data/spec/functional/shell_spec.rb

@@ -33,8 +33,9 @@ describe Chef::Shell do
         begin
           buffer << io.read_nonblock(1)
         rescue Errno::EWOULDBLOCK, Errno::EAGAIN, Errno::EIO, EOFError
+          sleep 0.01
         end
-        if Time.new - start > 15
+        if Time.new - start > 30
           STDERR.puts "did not read expected value `#{expected_value}' within 15s"
           STDERR.puts "Buffer so far: `#{buffer}'"
           break
@@ -51,7 +52,7 @@ describe Chef::Shell do
           STDERR.puts("chef-shell tty did not exit cleanly, killing it")
           Process.kill(:KILL, pid)
         end
-        sleep 0.1
+        sleep 0.01
       end
       exitstatus[1]
     end
@@ -60,7 +61,7 @@ describe Chef::Shell do
       # Windows ruby installs don't (always?) have PTY,
       # so hide the require here
       require 'pty'
-      config = File.expand_path("chef-config.rb", CHEF_SPEC_DATA)
+      config = File.expand_path("shef-config.rb", CHEF_SPEC_DATA)
       path_to_chef_shell = File.expand_path("../../../bin/chef-shell", __FILE__)
       reader, writer, pid = PTY.spawn("#{path_to_chef_shell} -c #{config} #{options}")
       read_until(reader, "chef >")
@@ -69,7 +70,7 @@ describe Chef::Shell do
       output = read_until(reader, '=> "done"')
       writer.print("exit\n")
       read_until(reader, "exit")
-      read_until(reader, "exit")
+      read_until(reader, "\n")
       read_until(reader, "\n")
       writer.close
 

data/spec/functional/win32/security_spec.rb

@@ -0,0 +1,37 @@
+#
+# Author:: Serdar Sutay (<serdar@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+if Chef::Platform.windows?
+  require 'chef/win32/security'
+end
+
+describe 'Chef::Win32::Security', :windows_only do
+  it "has_admin_privileges? returns true when running as admin" do
+    Chef::ReservedNames::Win32::Security.has_admin_privileges?.should == true
+  end
+
+  # We've done some investigation adding a negative test and it turned
+  # out to be a lot of work since mixlib-shellout doesn't have user
+  # support for windows.
+  #
+  # TODO - Add negative tests once mixlib-shellout has user support
+  it "has_admin_privileges? returns false when running as non-admin" do
+    pending "requires user support in mixlib-shellout"
+  end
+end

data/spec/spec_helper.rb

@@ -18,6 +18,12 @@
 # If you need to add anything in here, don't.
 # Add it to one of the files in spec/support
 
+# Configure this first so it doesn't trigger annoying warning when we use it.
+# Main rspec configuration comes later
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+end
+
 # Abuse ruby's constant lookup to avoid undefined constant errors
 module Shell
   JUST_TESTING_MOVE_ALONG = true unless defined? JUST_TESTING_MOVE_ALONG

data/spec/support/lib/chef/resource/cat.rb

@@ -29,12 +29,10 @@ class Chef
       end
       
       def pretty_kitty(arg=nil)
-        set_if_args(@pretty_kitty, arg) do
-          case arg
-          when true, false
-            @pretty_kitty = arg
-          end
+        if arg == true or arg == false
+          @pretty_kitty = arg
         end
+        @pretty_kitty
       end
     end
   end

data/spec/support/lib/chef/resource/one_two_three_four.rb

@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,23 +20,21 @@ class Chef
   class Resource
     class OneTwoThreeFour < Chef::Resource
       attr_reader :i_can_count
-      
+
       def initialize(name, run_context)
         @resource_name = :one_two_three_four
         super
       end
-      
+
       def i_can_count(tf)
         @i_can_count = tf
       end
-      
+
       def something(arg=nil)
-        set_if_args(@something, arg) do
-          case arg
-          when true, false
-            @something = arg
-          end
+        if arg == true or arg == false
+          @something = arg
         end
+        @something
       end
     end
   end

data/spec/support/lib/chef/resource/zen_master.rb

@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -23,23 +23,21 @@ class Chef
   class Resource
     class ZenMaster < Chef::Resource
       attr_reader :peace
-      
+
       def initialize(name, run_context=nil)
         @resource_name = :zen_master
         super
       end
-      
+
       def peace(tf)
         @peace = tf
       end
-      
+
       def something(arg=nil)
-        set_if_args(@something, arg) do
-          case arg
-          when true, false
-            @something = arg
-          end
+        if arg == true or arg == false
+          @something = arg
         end
+        @something
       end
     end
   end