chef 11.4.4 → 11.6.0.hotfix.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -1
- data/Rakefile +18 -1
- data/bin/chef-service-manager +37 -0
- data/distro/common/html/chef-client.8.html +4 -4
- data/distro/common/html/chef-expander.8.html +4 -4
- data/distro/common/html/chef-expanderctl.8.html +4 -4
- data/distro/common/html/chef-server-webui.8.html +4 -4
- data/distro/common/html/chef-server.8.html +4 -4
- data/distro/common/html/chef-shell.1.html +4 -4
- data/distro/common/html/chef-solo.8.html +12 -18
- data/distro/common/html/chef-solr.8.html +4 -4
- data/distro/common/html/knife-bootstrap.1.html +4 -4
- data/distro/common/html/knife-client.1.html +4 -4
- data/distro/common/html/knife-configure.1.html +4 -4
- data/distro/common/html/knife-cookbook-site.1.html +4 -4
- data/distro/common/html/knife-cookbook.1.html +7 -10
- data/distro/common/html/knife-data-bag.1.html +7 -10
- data/distro/common/html/knife-environment.1.html +6 -8
- data/distro/common/html/knife-exec.1.html +4 -4
- data/distro/common/html/knife-index.1.html +4 -4
- data/distro/common/html/knife-node.1.html +4 -4
- data/distro/common/html/knife-role.1.html +4 -4
- data/distro/common/html/knife-search.1.html +4 -4
- data/distro/common/html/knife-ssh.1.html +4 -4
- data/distro/common/html/knife-status.1.html +4 -4
- data/distro/common/html/knife-tag.1.html +4 -4
- data/distro/common/html/knife.1.html +4 -4
- data/distro/common/man/man1/chef-shell.1 +1 -1
- data/distro/common/man/man1/knife-bootstrap.1 +1 -1
- data/distro/common/man/man1/knife-client.1 +1 -1
- data/distro/common/man/man1/knife-configure.1 +1 -1
- data/distro/common/man/man1/knife-cookbook-site.1 +1 -1
- data/distro/common/man/man1/knife-cookbook.1 +2 -15
- data/distro/common/man/man1/knife-data-bag.1 +2 -15
- data/distro/common/man/man1/knife-environment.1 +2 -12
- data/distro/common/man/man1/knife-exec.1 +1 -1
- data/distro/common/man/man1/knife-index.1 +1 -1
- data/distro/common/man/man1/knife-node.1 +1 -1
- data/distro/common/man/man1/knife-role.1 +1 -1
- data/distro/common/man/man1/knife-search.1 +1 -1
- data/distro/common/man/man1/knife-ssh.1 +1 -1
- data/distro/common/man/man1/knife-status.1 +1 -1
- data/distro/common/man/man1/knife-tag.1 +1 -1
- data/distro/common/man/man1/knife.1 +1 -1
- data/distro/common/man/man8/chef-client.8 +1 -1
- data/distro/common/man/man8/chef-expander.8 +1 -1
- data/distro/common/man/man8/chef-expanderctl.8 +1 -1
- data/distro/common/man/man8/chef-server-webui.8 +1 -1
- data/distro/common/man/man8/chef-server.8 +1 -1
- data/distro/common/man/man8/chef-solo.8 +4 -36
- data/distro/common/man/man8/chef-solr.8 +1 -1
- data/distro/debian/etc/init.d/chef-client +4 -2
- data/distro/windows/service_manager.rb +2 -146
- data/lib/chef.rb +1 -1
- data/lib/chef/application.rb +5 -12
- data/lib/chef/application/apply.rb +2 -0
- data/lib/chef/application/client.rb +12 -12
- data/lib/chef/application/knife.rb +2 -2
- data/lib/chef/application/solo.rb +4 -5
- data/lib/chef/application/windows_service.rb +113 -56
- data/lib/chef/application/windows_service_manager.rb +179 -0
- data/lib/chef/chef_fs.rb +2 -4
- data/lib/chef/chef_fs/chef_fs_data_store.rb +371 -0
- data/lib/chef/chef_fs/command_line.rb +145 -93
- data/lib/chef/chef_fs/config.rb +205 -0
- data/lib/chef/chef_fs/data_handler/acl_data_handler.rb +26 -0
- data/lib/chef/chef_fs/data_handler/client_data_handler.rb +38 -0
- data/lib/chef/chef_fs/data_handler/container_data_handler.rb +29 -0
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +38 -0
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +56 -0
- data/lib/chef/chef_fs/data_handler/data_handler_base.rb +128 -0
- data/lib/chef/chef_fs/data_handler/environment_data_handler.rb +40 -0
- data/lib/chef/chef_fs/data_handler/group_data_handler.rb +51 -0
- data/lib/chef/chef_fs/data_handler/node_data_handler.rb +36 -0
- data/lib/chef/chef_fs/data_handler/role_data_handler.rb +40 -0
- data/lib/chef/chef_fs/data_handler/user_data_handler.rb +27 -0
- data/lib/chef/chef_fs/file_system.rb +195 -127
- data/lib/chef/chef_fs/file_system/acl_dir.rb +64 -0
- data/lib/chef/chef_fs/file_system/acl_entry.rb +58 -0
- data/lib/chef/chef_fs/file_system/acls_dir.rb +68 -0
- data/lib/chef/chef_fs/file_system/already_exists_error.rb +31 -0
- data/lib/chef/chef_fs/file_system/base_fs_object.rb +98 -39
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_cookbook_dir.rb +85 -0
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_cookbook_entry.rb +71 -0
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_cookbooks_dir.rb +55 -0
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_data_bags_dir.rb +36 -0
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_entry.rb +14 -63
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_root_dir.rb +93 -3
- data/lib/chef/chef_fs/file_system/chef_server_root_dir.rb +35 -9
- data/lib/chef/chef_fs/file_system/cookbook_dir.rb +67 -32
- data/lib/chef/chef_fs/file_system/cookbook_file.rb +13 -6
- data/lib/chef/chef_fs/file_system/cookbook_frozen_error.rb +31 -0
- data/lib/chef/chef_fs/file_system/cookbooks_acl_dir.rb +41 -0
- data/lib/chef/chef_fs/file_system/cookbooks_dir.rb +102 -21
- data/lib/chef/chef_fs/file_system/data_bag_dir.rb +12 -21
- data/lib/chef/chef_fs/file_system/data_bags_dir.rb +14 -8
- data/lib/chef/chef_fs/file_system/default_environment_cannot_be_modified_error.rb +36 -0
- data/lib/chef/chef_fs/file_system/environments_dir.rb +60 -0
- data/lib/chef/chef_fs/file_system/file_system_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/file_system_error.rb +3 -1
- data/lib/chef/chef_fs/file_system/memory_dir.rb +52 -0
- data/lib/chef/chef_fs/file_system/memory_file.rb +17 -0
- data/lib/chef/chef_fs/file_system/memory_root.rb +21 -0
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +48 -0
- data/lib/chef/chef_fs/file_system/must_delete_recursively_error.rb +2 -2
- data/lib/chef/chef_fs/file_system/nodes_dir.rb +17 -9
- data/lib/chef/chef_fs/file_system/nonexistent_fs_object.rb +0 -4
- data/lib/chef/chef_fs/file_system/not_found_error.rb +2 -2
- data/lib/chef/chef_fs/file_system/operation_failed_error.rb +34 -0
- data/lib/chef/chef_fs/file_system/operation_not_allowed_error.rb +48 -0
- data/lib/chef/chef_fs/file_system/rest_list_dir.rb +42 -13
- data/lib/chef/chef_fs/file_system/rest_list_entry.rb +81 -27
- data/lib/chef/chef_fs/knife.rb +68 -29
- data/lib/chef/chef_fs/parallelizer.rb +129 -0
- data/lib/chef/chef_fs/path_utils.rb +29 -3
- data/lib/chef/chef_fs/raw_request.rb +79 -0
- data/lib/chef/client.rb +46 -20
- data/lib/chef/config.rb +59 -61
- data/lib/chef/cookbook/chefignore.rb +2 -1
- data/lib/chef/cookbook/synchronizer.rb +8 -6
- data/lib/chef/cookbook/syntax_check.rb +17 -2
- data/lib/chef/cookbook_uploader.rb +10 -1
- data/lib/chef/cookbook_version.rb +0 -109
- data/lib/chef/data_bag.rb +15 -6
- data/lib/chef/deprecation/mixin/template.rb +49 -0
- data/lib/chef/deprecation/provider/cookbook_file.rb +55 -0
- data/lib/chef/deprecation/provider/file.rb +197 -0
- data/lib/chef/deprecation/provider/remote_file.rb +86 -0
- data/lib/chef/deprecation/provider/template.rb +63 -0
- data/lib/chef/deprecation/warnings.rb +38 -0
- data/lib/chef/encrypted_data_bag_item.rb +153 -61
- data/lib/chef/environment.rb +34 -3
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +27 -2
- data/lib/chef/file_access_control/unix.rb +64 -7
- data/lib/chef/file_access_control/windows.rb +22 -11
- data/lib/chef/file_content_management/content_base.rb +56 -0
- data/lib/chef/file_content_management/deploy.rb +38 -0
- data/lib/chef/file_content_management/deploy/cp.rb +48 -0
- data/lib/chef/file_content_management/deploy/mv_unix.rb +77 -0
- data/lib/chef/file_content_management/deploy/mv_windows.rb +95 -0
- data/lib/chef/file_content_management/tempfile.rb +61 -0
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/formatters/error_descriptor.rb +5 -4
- data/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb +23 -3
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +4 -0
- data/lib/chef/json_compat.rb +3 -0
- data/lib/chef/knife.rb +12 -3
- data/lib/chef/knife/bootstrap.rb +46 -2
- data/lib/chef/knife/bootstrap/archlinux-gems.erb +3 -3
- data/lib/chef/knife/bootstrap/centos5-gems.erb +3 -3
- data/lib/chef/knife/bootstrap/chef-full.erb +4 -4
- data/lib/chef/knife/bootstrap/fedora13-gems.erb +3 -3
- data/lib/chef/knife/bootstrap/ubuntu10.04-apt.erb +3 -3
- data/lib/chef/knife/bootstrap/ubuntu10.04-gems.erb +3 -3
- data/lib/chef/knife/bootstrap/ubuntu12.04-gems.erb +3 -3
- data/lib/chef/knife/client_show.rb +2 -5
- data/lib/chef/knife/configure.rb +3 -3
- data/lib/chef/knife/cookbook_create.rb +6 -5
- data/lib/chef/knife/cookbook_download.rb +13 -5
- data/lib/chef/knife/cookbook_site_share.rb +1 -0
- data/lib/chef/knife/cookbook_test.rb +1 -0
- data/lib/chef/knife/cookbook_upload.rb +4 -9
- data/lib/chef/knife/core/bootstrap_context.rb +10 -4
- data/lib/chef/knife/core/generic_presenter.rb +16 -0
- data/lib/chef/knife/core/node_editor.rb +1 -1
- data/lib/chef/knife/core/subcommand_loader.rb +43 -12
- data/lib/chef/knife/core/ui.rb +19 -4
- data/lib/chef/knife/delete.rb +76 -9
- data/lib/chef/knife/deps.rb +139 -0
- data/lib/chef/knife/diff.rb +22 -5
- data/lib/chef/knife/download.rb +16 -3
- data/lib/chef/knife/edit.rb +76 -0
- data/lib/chef/knife/environment_show.rb +2 -7
- data/lib/chef/knife/list.rb +91 -47
- data/lib/chef/knife/node_run_list_set.rb +66 -0
- data/lib/chef/knife/node_show.rb +1 -7
- data/lib/chef/knife/raw.rb +20 -64
- data/lib/chef/knife/role_show.rb +2 -4
- data/lib/chef/knife/search.rb +5 -6
- data/lib/chef/knife/show.rb +34 -11
- data/lib/chef/knife/ssh.rb +8 -0
- data/lib/chef/knife/upload.rb +23 -4
- data/lib/chef/knife/user_show.rb +2 -5
- data/lib/chef/knife/xargs.rb +265 -0
- data/lib/chef/log.rb +2 -2
- data/lib/chef/mixin/file_class.rb +0 -9
- data/lib/chef/mixin/language_include_recipe.rb +1 -1
- data/lib/chef/mixin/params_validate.rb +19 -9
- data/lib/chef/mixin/template.rb +126 -36
- data/lib/chef/mixin/windows_architecture_helper.rb +91 -0
- data/lib/chef/monkey_patches/file.rb +26 -0
- data/lib/chef/monkey_patches/net-ssh-multi.rb +140 -0
- data/lib/chef/monkey_patches/securerandom.rb +44 -0
- data/lib/chef/monologger.rb +93 -0
- data/lib/chef/node.rb +4 -0
- data/lib/chef/platform.rb +4 -490
- data/lib/chef/platform/provider_mapping.rb +529 -0
- data/lib/chef/{monkey_patches/dir.rb → platform/query_helpers.rb} +25 -19
- data/lib/chef/provider.rb +12 -9
- data/lib/chef/provider/batch.rb +35 -0
- data/lib/chef/provider/cookbook_file.rb +9 -78
- data/lib/chef/provider/cookbook_file/content.rb +49 -0
- data/lib/chef/provider/deploy.rb +24 -20
- data/lib/chef/provider/deploy/revision.rb +27 -0
- data/lib/chef/provider/directory.rb +19 -22
- data/lib/chef/provider/execute.rb +22 -5
- data/lib/chef/provider/file.rb +299 -217
- data/lib/chef/provider/file/content.rb +39 -0
- data/lib/chef/provider/git.rb +76 -43
- data/lib/chef/provider/group/usermod.rb +2 -2
- data/lib/chef/provider/ifconfig.rb +25 -35
- data/lib/chef/provider/ifconfig/debian.rb +71 -0
- data/lib/chef/provider/ifconfig/redhat.rb +47 -0
- data/lib/chef/provider/link.rb +10 -3
- data/lib/chef/provider/mount.rb +1 -1
- data/lib/chef/provider/mount/mount.rb +8 -3
- data/lib/chef/provider/mount/windows.rb +4 -1
- data/lib/chef/provider/package/portage.rb +9 -4
- data/lib/chef/provider/package/rubygems.rb +45 -10
- data/lib/chef/provider/package/smartos.rb +47 -36
- data/lib/chef/provider/package/yum.rb +19 -12
- data/lib/chef/provider/package/zypper.rb +45 -55
- data/lib/chef/provider/powershell_script.rb +77 -0
- data/lib/chef/provider/remote_directory.rb +5 -6
- data/lib/chef/provider/remote_file.rb +12 -108
- data/lib/chef/provider/remote_file/cache_control_data.rb +165 -0
- data/lib/chef/provider/remote_file/content.rb +75 -0
- data/lib/chef/provider/remote_file/fetcher.rb +43 -0
- data/lib/chef/provider/remote_file/ftp.rb +183 -0
- data/lib/chef/provider/remote_file/http.rb +124 -0
- data/lib/chef/provider/remote_file/local_file.rb +47 -0
- data/lib/chef/provider/route.rb +6 -2
- data/lib/chef/provider/script.rb +14 -2
- data/lib/chef/provider/service/macosx.rb +16 -10
- data/lib/chef/provider/service/solaris.rb +6 -5
- data/lib/chef/provider/template.rb +16 -78
- data/lib/chef/provider/template/content.rb +61 -0
- data/lib/chef/provider/user/solaris.rb +90 -0
- data/lib/chef/provider/user/useradd.rb +76 -63
- data/lib/chef/provider/windows_script.rb +73 -0
- data/lib/chef/providers.rb +16 -0
- data/lib/chef/resource.rb +23 -2
- data/lib/chef/resource/batch.rb +31 -0
- data/lib/chef/resource/conditional.rb +4 -0
- data/lib/chef/resource/conditional_action_not_nothing.rb +48 -0
- data/lib/chef/resource/file.rb +31 -3
- data/lib/chef/resource/link.rb +17 -0
- data/lib/chef/resource/lwrp_base.rb +1 -1
- data/lib/chef/resource/mount.rb +29 -2
- data/lib/chef/resource/powershell_script.rb +31 -0
- data/lib/chef/resource/remote_file.rb +47 -1
- data/lib/chef/resource/route.rb +1 -1
- data/lib/chef/resource/template.rb +145 -0
- data/lib/chef/resource/windows_script.rb +62 -0
- data/lib/chef/resource_collection.rb +45 -11
- data/lib/chef/resource_reporter.rb +81 -52
- data/lib/chef/resources.rb +2 -0
- data/lib/chef/rest.rb +13 -4
- data/lib/chef/rest/rest_request.rb +5 -1
- data/lib/chef/run_context/cookbook_compiler.rb +3 -3
- data/lib/chef/run_list/run_list_expansion.rb +1 -1
- data/lib/chef/run_lock.rb +7 -1
- data/lib/chef/runner.rb +0 -1
- data/lib/chef/scan_access_control.rb +6 -1
- data/lib/chef/search/query.rb +2 -2
- data/lib/chef/shell/shell_session.rb +2 -2
- data/lib/chef/util/backup.rb +84 -0
- data/lib/chef/util/diff.rb +145 -0
- data/lib/chef/util/file_edit.rb +1 -1
- data/lib/chef/util/selinux.rb +100 -0
- data/lib/chef/util/windows/net_user.rb +14 -1
- data/lib/chef/util/windows/volume.rb +2 -2
- data/lib/chef/version.rb +1 -1
- data/lib/chef/version/platform.rb +42 -0
- data/lib/chef/version_class.rb +1 -1
- data/lib/chef/version_constraint.rb +6 -5
- data/lib/chef/version_constraint/platform.rb +26 -0
- data/lib/chef/win32/api/file.rb +8 -2
- data/lib/chef/win32/version.rb +25 -8
- data/spec/data/apt/chef-integration-test-1.0/debian/changelog +5 -0
- data/spec/data/apt/chef-integration-test-1.0/debian/compat +1 -0
- data/spec/data/apt/chef-integration-test-1.0/debian/control +13 -0
- data/spec/data/apt/chef-integration-test-1.0/debian/copyright +34 -0
- data/spec/data/apt/chef-integration-test-1.0/debian/files +1 -0
- data/spec/data/apt/chef-integration-test-1.0/debian/rules +13 -0
- data/spec/data/apt/chef-integration-test-1.0/debian/source/format +1 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/changelog +11 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/compat +1 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/control +13 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/copyright +34 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/files +1 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/rules +13 -0
- data/spec/data/apt/chef-integration-test-1.1/debian/source/format +1 -0
- data/spec/data/apt/chef-integration-test_1.0-1_amd64.changes +22 -0
- data/spec/data/apt/chef-integration-test_1.0-1_amd64.deb +0 -0
- data/spec/data/apt/chef-integration-test_1.0.orig.tar.gz +0 -0
- data/spec/data/apt/chef-integration-test_1.1-1_amd64.changes +22 -0
- data/spec/data/apt/chef-integration-test_1.1-1_amd64.deb +0 -0
- data/spec/data/apt/chef-integration-test_1.1.orig.tar.gz +0 -0
- data/spec/data/apt/var/www/apt/conf/distributions +7 -0
- data/spec/data/apt/var/www/apt/conf/incoming +4 -0
- data/spec/data/apt/var/www/apt/conf/pulls +3 -0
- data/spec/data/apt/var/www/apt/db/checksums.db +0 -0
- data/spec/data/apt/var/www/apt/db/contents.cache.db +0 -0
- data/spec/data/apt/var/www/apt/db/packages.db +0 -0
- data/spec/data/apt/var/www/apt/db/references.db +0 -0
- data/spec/data/apt/var/www/apt/db/release.caches.db +0 -0
- data/spec/data/apt/var/www/apt/db/version +4 -0
- data/spec/data/apt/var/www/apt/dists/sid/Release +19 -0
- data/spec/data/apt/var/www/apt/dists/sid/main/binary-amd64/Packages +16 -0
- data/spec/data/apt/var/www/apt/dists/sid/main/binary-amd64/Packages.gz +0 -0
- data/spec/data/apt/var/www/apt/dists/sid/main/binary-amd64/Release +5 -0
- data/spec/data/apt/var/www/apt/dists/sid/main/binary-i386/Packages +0 -0
- data/spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.0-1_amd64.deb +0 -0
- data/spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.1-1_amd64.deb +0 -0
- data/spec/data/bootstrap/encrypted_data_bag_secret +1 -0
- data/spec/data/bootstrap/secret.erb +9 -0
- data/spec/data/cookbooks/ignorken/recipes/default.rb +1 -0
- data/spec/data/cookbooks/ignorken/recipes/ignoreme.rb +2 -0
- data/spec/data/cookbooks/openldap/files/default/.dotfile +1 -0
- data/spec/data/cookbooks/openldap/files/default/.ssh/id_rsa +1 -0
- data/spec/data/cookbooks/openldap/files/default/remotedir/.a_dotdir/.a_dotfile_in_a_dotdir +1 -0
- data/spec/data/cookbooks/openldap/files/default/remotedir/remotesubdir/.a_dotfile +1 -0
- data/spec/data/cookbooks/openldap/templates/default/all_windows_line_endings.erb +4 -0
- data/spec/data/cookbooks/openldap/templates/default/helper_test.erb +1 -0
- data/spec/data/cookbooks/openldap/templates/default/helpers_via_partial_test.erb +1 -0
- data/spec/data/cookbooks/openldap/templates/default/no_windows_line_endings.erb +4 -0
- data/spec/data/cookbooks/openldap/templates/default/some_windows_line_endings.erb +4 -0
- data/spec/data/cookbooks/preseed/files/default/preseed-file.seed +1 -0
- data/spec/data/cookbooks/preseed/templates/default/preseed-template.seed +1 -0
- data/spec/data/file-providers-method-snapshot-chef-11-4.json +127 -0
- data/spec/data/git_bundles/example-repo.gitbundle +0 -0
- data/spec/data/knife-home/.chef/plugins/knife/example_home_subcommand.rb +0 -0
- data/spec/data/knife_subcommand/test_yourself.rb +8 -0
- data/spec/data/null_config.rb +1 -0
- data/spec/data/partial_one.erb +1 -1
- data/spec/data/remote_file/nyan_cat.png.gz +0 -0
- data/spec/functional/file_content_management/deploy_strategies_spec.rb +238 -0
- data/spec/functional/knife/exec_spec.rb +2 -2
- data/spec/functional/provider/remote_file/cache_control_data_spec.rb +101 -0
- data/spec/functional/resource/batch_spec.rb +64 -0
- data/spec/functional/resource/cookbook_file_spec.rb +2 -3
- data/spec/functional/resource/deploy_revision_spec.rb +180 -0
- data/spec/functional/resource/directory_spec.rb +2 -2
- data/spec/functional/resource/file_spec.rb +17 -1
- data/spec/functional/resource/git_spec.rb +259 -0
- data/spec/functional/resource/link_spec.rb +422 -388
- data/spec/functional/resource/package_spec.rb +297 -0
- data/spec/functional/resource/powershell_spec.rb +188 -0
- data/spec/functional/resource/registry_spec.rb +8 -4
- data/spec/functional/resource/remote_directory_spec.rb +2 -2
- data/spec/functional/resource/remote_file_spec.rb +97 -29
- data/spec/functional/resource/template_spec.rb +173 -17
- data/spec/functional/resource/user_spec.rb +547 -0
- data/spec/functional/run_lock_spec.rb +5 -0
- data/spec/functional/shell_spec.rb +2 -1
- data/spec/functional/win32/service_manager_spec.rb +269 -0
- data/spec/functional/win32/versions_spec.rb +78 -0
- data/spec/integration/knife/chef_repo_path_spec.rb +805 -0
- data/spec/integration/knife/chef_repository_file_system_spec.rb +276 -0
- data/spec/integration/knife/chefignore_spec.rb +271 -0
- data/spec/integration/knife/delete_spec.rb +944 -0
- data/spec/integration/knife/deps_spec.rb +648 -0
- data/spec/integration/knife/diff_spec.rb +536 -0
- data/spec/integration/knife/download_spec.rb +962 -0
- data/spec/integration/knife/list_spec.rb +633 -0
- data/spec/integration/knife/raw_spec.rb +166 -0
- data/spec/integration/knife/redirection_spec.rb +57 -0
- data/spec/integration/knife/show_spec.rb +158 -0
- data/spec/integration/knife/upload_spec.rb +1060 -0
- data/spec/integration/solo/solo_spec.rb +41 -0
- data/spec/spec_helper.rb +55 -1
- data/spec/support/chef_helpers.rb +32 -0
- data/spec/support/platform_helpers.rb +40 -0
- data/spec/support/platforms/win32/spec_service.rb +59 -0
- data/spec/support/shared/functional/directory_resource.rb +43 -16
- data/spec/support/shared/functional/file_resource.rb +661 -20
- data/spec/support/shared/functional/securable_resource.rb +109 -8
- data/spec/support/shared/functional/securable_resource_with_reporting.rb +39 -31
- data/spec/support/shared/integration/integration_helper.rb +166 -0
- data/spec/support/shared/integration/knife_support.rb +171 -0
- data/spec/support/shared/unit/execute_resource.rb +125 -0
- data/spec/support/shared/unit/file_system_support.rb +8 -48
- data/spec/support/shared/unit/provider/file.rb +609 -0
- data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +407 -0
- data/spec/support/shared/unit/script_resource.rb +52 -0
- data/spec/support/shared/unit/windows_script_resource.rb +48 -0
- data/spec/tiny_server.rb +13 -11
- data/spec/unit/application/client_spec.rb +39 -1
- data/spec/unit/application/knife_spec.rb +12 -0
- data/spec/unit/application/solo_spec.rb +1 -1
- data/spec/unit/application_spec.rb +57 -2
- data/spec/unit/chef_fs/diff_spec.rb +30 -31
- data/spec/unit/chef_fs/file_pattern_spec.rb +2 -2
- data/spec/unit/chef_fs/file_system_spec.rb +2 -3
- data/spec/unit/client_spec.rb +20 -1
- data/spec/unit/config_spec.rb +70 -52
- data/spec/unit/cookbook/synchronizer_spec.rb +49 -1
- data/spec/unit/cookbook/syntax_check_spec.rb +28 -3
- data/spec/unit/cookbook_loader_spec.rb +3 -2
- data/spec/unit/daemon_spec.rb +7 -7
- data/spec/unit/data_bag_spec.rb +7 -0
- data/spec/unit/deprecation_spec.rb +86 -0
- data/spec/unit/encrypted_data_bag_item_spec.rb +183 -88
- data/spec/unit/environment_spec.rb +98 -0
- data/spec/unit/exceptions_spec.rb +6 -1
- data/spec/unit/file_access_control_spec.rb +21 -1
- data/spec/unit/file_content_management/deploy/cp_spec.rb +46 -0
- data/spec/unit/file_content_management/deploy/mv_unix_spec.rb +103 -0
- data/spec/unit/file_content_management/deploy/mv_windows_spec.rb +179 -0
- data/spec/unit/formatters/error_inspectors/cookbook_resolve_error_inspector_spec.rb +38 -2
- data/spec/unit/formatters/error_inspectors/resource_failure_inspector_spec.rb +3 -2
- data/spec/unit/knife/bootstrap_spec.rb +128 -29
- data/spec/unit/knife/configure_spec.rb +42 -26
- data/spec/unit/knife/cookbook_download_spec.rb +24 -3
- data/spec/unit/knife/cookbook_upload_spec.rb +8 -4
- data/spec/unit/knife/core/bootstrap_context_spec.rb +78 -61
- data/spec/unit/knife/core/subcommand_loader_spec.rb +20 -0
- data/spec/unit/knife/core/ui_spec.rb +41 -0
- data/spec/unit/knife/node_run_list_set_spec.rb +140 -0
- data/spec/unit/knife_spec.rb +21 -0
- data/spec/unit/mixin/enforce_ownership_and_permissions_spec.rb +1 -0
- data/spec/unit/mixin/params_validate_spec.rb +35 -0
- data/spec/unit/mixin/template_spec.rb +69 -57
- data/spec/unit/mixin/windows_architecture_helper_spec.rb +83 -0
- data/spec/unit/node_spec.rb +7 -0
- data/spec/unit/platform_spec.rb +15 -1
- data/spec/unit/provider/cookbook_file/content_spec.rb +40 -0
- data/spec/unit/provider/cookbook_file_spec.rb +26 -183
- data/spec/unit/provider/cron/solaris_spec.rb +1 -1
- data/spec/unit/provider/deploy/revision_spec.rb +19 -11
- data/spec/unit/provider/deploy_spec.rb +2 -2
- data/spec/unit/provider/directory_spec.rb +23 -23
- data/spec/unit/provider/execute_spec.rb +27 -1
- data/spec/unit/provider/file/content_spec.rb +101 -0
- data/spec/unit/provider/file_spec.rb +25 -484
- data/spec/unit/provider/git_spec.rb +224 -28
- data/spec/unit/provider/group/usermod_spec.rb +3 -1
- data/spec/unit/provider/ifconfig/debian_spec.rb +89 -0
- data/spec/unit/provider/ifconfig/redhat_spec.rb +71 -0
- data/spec/unit/provider/ifconfig_spec.rb +0 -33
- data/spec/unit/provider/mount/mount_spec.rb +33 -2
- data/spec/unit/provider/mount/windows_spec.rb +4 -1
- data/spec/unit/provider/mount_spec.rb +16 -6
- data/spec/unit/provider/package/portage_spec.rb +44 -0
- data/spec/unit/provider/package/rubygems_spec.rb +44 -1
- data/spec/unit/provider/package/smartos_spec.rb +3 -2
- data/spec/unit/provider/package/yum_spec.rb +36 -39
- data/spec/unit/provider/package/zypper_spec.rb +84 -22
- data/spec/unit/provider/package_spec.rb +0 -4
- data/spec/unit/provider/powershell_spec.rb +38 -0
- data/spec/unit/provider/remote_directory_spec.rb +0 -4
- data/spec/unit/provider/remote_file/cache_control_data_spec.rb +211 -0
- data/spec/unit/provider/remote_file/content_spec.rb +230 -0
- data/spec/unit/provider/remote_file/fetcher_spec.rb +75 -0
- data/spec/unit/provider/remote_file/ftp_spec.rb +224 -0
- data/spec/unit/provider/remote_file/http_spec.rb +319 -0
- data/spec/unit/provider/remote_file/local_file_spec.rb +60 -0
- data/spec/unit/provider/remote_file_spec.rb +33 -295
- data/spec/unit/provider/route_spec.rb +25 -9
- data/spec/unit/provider/service/macosx_spec.rb +176 -152
- data/spec/unit/provider/service/solaris_smf_service_spec.rb +21 -18
- data/spec/unit/provider/service/systemd_service_spec.rb +2 -2
- data/spec/unit/provider/service/upstart_service_spec.rb +2 -2
- data/spec/unit/provider/service_spec.rb +3 -3
- data/spec/unit/provider/template/content_spec.rb +78 -0
- data/spec/unit/provider/template_spec.rb +52 -184
- data/spec/unit/provider/user/solaris_spec.rb +80 -0
- data/spec/unit/provider/user/useradd_spec.rb +12 -358
- data/spec/unit/resource/batch_spec.rb +48 -0
- data/spec/unit/resource/conditional_action_not_nothing_spec.rb +45 -0
- data/spec/unit/resource/execute_spec.rb +3 -101
- data/spec/unit/resource/file_spec.rb +0 -5
- data/spec/unit/resource/group_spec.rb +9 -0
- data/spec/unit/resource/ifconfig_spec.rb +60 -1
- data/spec/unit/resource/link_spec.rb +1 -0
- data/spec/unit/resource/mount_spec.rb +37 -0
- data/spec/unit/resource/powershell_spec.rb +48 -0
- data/spec/unit/resource/remote_file_spec.rb +44 -4
- data/spec/unit/resource/route_spec.rb +1 -1
- data/spec/unit/resource/script_spec.rb +13 -36
- data/spec/unit/resource/template_spec.rb +111 -8
- data/spec/unit/resource/user_spec.rb +7 -0
- data/spec/unit/resource_collection_spec.rb +61 -32
- data/spec/unit/resource_reporter_spec.rb +115 -102
- data/spec/unit/resource_spec.rb +170 -1
- data/spec/unit/rest/auth_credentials_spec.rb +2 -2
- data/spec/unit/rest_spec.rb +6 -2
- data/spec/unit/run_context/cookbook_compiler_spec.rb +9 -0
- data/spec/unit/runner_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +4 -2
- data/spec/unit/shell/shell_session_spec.rb +15 -2
- data/spec/unit/util/backup_spec.rb +149 -0
- data/spec/unit/util/diff_spec.rb +596 -0
- data/spec/unit/util/selinux_spec.rb +172 -0
- data/spec/unit/version/platform_spec.rb +61 -0
- data/spec/unit/version_constraint/platform_spec.rb +46 -0
- data/spec/unit/version_constraint_spec.rb +5 -0
- metadata +233 -10
- data/lib/chef/chef_fs/file_system/data_bag_item.rb +0 -59
- data/spec/unit/chef_fs/file_system/chef_server_root_dir_spec.rb +0 -237
- data/spec/unit/chef_fs/file_system/cookbooks_dir_spec.rb +0 -568
- data/spec/unit/chef_fs/file_system/data_bags_dir_spec.rb +0 -220
@@ -0,0 +1,86 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Serdar Sutay (<serdar@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2013 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
class Chef
|
20
|
+
module Deprecation
|
21
|
+
module Provider
|
22
|
+
|
23
|
+
# == Deprecation::Provider::RemoteFile
|
24
|
+
# This module contains the deprecated functions of
|
25
|
+
# Chef::Provider::RemoteFile. These functions are refactored to different
|
26
|
+
# components. They are frozen and will be removed in Chef 12.
|
27
|
+
#
|
28
|
+
module RemoteFile
|
29
|
+
|
30
|
+
def current_resource_matches_target_checksum?
|
31
|
+
@new_resource.checksum && @current_resource.checksum && @current_resource.checksum =~ /^#{Regexp.escape(@new_resource.checksum)}/
|
32
|
+
end
|
33
|
+
|
34
|
+
def matches_current_checksum?(candidate_file)
|
35
|
+
Chef::Log.debug "#{@new_resource} checking for file existence of #{@new_resource.path}"
|
36
|
+
if ::File.exists?(@new_resource.path)
|
37
|
+
Chef::Log.debug "#{@new_resource} file exists at #{@new_resource.path}"
|
38
|
+
@new_resource.checksum(checksum(candidate_file.path))
|
39
|
+
Chef::Log.debug "#{@new_resource} target checksum: #{@current_resource.checksum}"
|
40
|
+
Chef::Log.debug "#{@new_resource} source checksum: #{@new_resource.checksum}"
|
41
|
+
|
42
|
+
@new_resource.checksum == @current_resource.checksum
|
43
|
+
else
|
44
|
+
Chef::Log.debug "#{@new_resource} creating #{@new_resource.path}"
|
45
|
+
false
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def backup_new_resource
|
50
|
+
if ::File.exists?(@new_resource.path)
|
51
|
+
Chef::Log.debug "#{@new_resource} checksum changed from #{@current_resource.checksum} to #{@new_resource.checksum}"
|
52
|
+
backup @new_resource.path
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def source_file(source, current_checksum, &block)
|
57
|
+
if absolute_uri?(source)
|
58
|
+
fetch_from_uri(source, &block)
|
59
|
+
elsif !Chef::Config[:solo]
|
60
|
+
fetch_from_chef_server(source, current_checksum, &block)
|
61
|
+
else
|
62
|
+
fetch_from_local_cookbook(source, &block)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def http_client_opts(source)
|
67
|
+
opts={}
|
68
|
+
# CHEF-3140
|
69
|
+
# 1. If it's already compressed, trying to compress it more will
|
70
|
+
# probably be counter-productive.
|
71
|
+
# 2. Some servers are misconfigured so that you GET $URL/file.tgz but
|
72
|
+
# they respond with content type of tar and content encoding of gzip,
|
73
|
+
# which tricks Chef::REST into decompressing the response body. In this
|
74
|
+
# case you'd end up with a tar archive (no gzip) named, e.g., foo.tgz,
|
75
|
+
# which is not what you wanted.
|
76
|
+
if @new_resource.path =~ /gz$/ or source =~ /gz$/
|
77
|
+
opts[:disable_gzip] = true
|
78
|
+
end
|
79
|
+
opts
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
@@ -0,0 +1,63 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Serdar Sutay (<serdar@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2013 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/deprecation/mixin/template'
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
module Deprecation
|
23
|
+
module Provider
|
24
|
+
|
25
|
+
# == Deprecation::Provider::Template
|
26
|
+
# This module contains the deprecated functions of
|
27
|
+
# Chef::Provider::Template. These functions are refactored to different
|
28
|
+
# components. They are frozen and will be removed in Chef 12.
|
29
|
+
#
|
30
|
+
module Template
|
31
|
+
|
32
|
+
include Chef::Deprecation::Mixin::Template
|
33
|
+
|
34
|
+
def template_finder
|
35
|
+
@template_finder ||= begin
|
36
|
+
Chef::Provider::TemplateFinder.new(run_context, cookbook_name, node)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def template_location
|
41
|
+
@template_file_cache_location ||= begin
|
42
|
+
template_finder.find(@new_resource.source, :local => @new_resource.local, :cookbook => @new_resource.cookbook)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def resource_cookbook
|
47
|
+
@new_resource.cookbook || @new_resource.cookbook_name
|
48
|
+
end
|
49
|
+
|
50
|
+
def rendered(rendered_template)
|
51
|
+
@new_resource.checksum(checksum(rendered_template.path))
|
52
|
+
Chef::Log.debug("Current content's checksum: #{@current_resource.checksum}")
|
53
|
+
Chef::Log.debug("Rendered content's checksum: #{@new_resource.checksum}")
|
54
|
+
end
|
55
|
+
|
56
|
+
def content_matches?
|
57
|
+
@current_resource.checksum == @new_resource.checksum
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Serdar Sutay (<serdar@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2013 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
class Chef
|
20
|
+
module Deprecation
|
21
|
+
module Warnings
|
22
|
+
|
23
|
+
def add_deprecation_warnings_for(method_names)
|
24
|
+
method_names.each do |name|
|
25
|
+
m = instance_method(name)
|
26
|
+
define_method(name) do |*args|
|
27
|
+
Chef::Log.warn "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in Chef 12."
|
28
|
+
Chef::Log.warn "Please update your cookbooks accordingly. Accessed from:"
|
29
|
+
caller[0..3].each {|l| Chef::Log.warn l}
|
30
|
+
super(*args)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
@@ -48,9 +48,11 @@ require 'open-uri'
|
|
48
48
|
# such nodes in the infrastructure.
|
49
49
|
#
|
50
50
|
class Chef::EncryptedDataBagItem
|
51
|
-
DEFAULT_SECRET_FILE = "/etc/chef/encrypted_data_bag_secret"
|
52
51
|
ALGORITHM = 'aes-256-cbc'
|
53
52
|
|
53
|
+
class UnacceptableEncryptedDataBagItemFormat < StandardError
|
54
|
+
end
|
55
|
+
|
54
56
|
class UnsupportedEncryptedDataBagItemFormat < StandardError
|
55
57
|
end
|
56
58
|
|
@@ -62,73 +64,117 @@ class Chef::EncryptedDataBagItem
|
|
62
64
|
|
63
65
|
# Implementation class for converting plaintext data bag item values to an
|
64
66
|
# encrypted value, including any necessary wrappers and metadata.
|
65
|
-
|
66
|
-
|
67
|
-
attr_reader :key
|
68
|
-
attr_reader :plaintext_data
|
67
|
+
module Encryptor
|
69
68
|
|
70
|
-
#
|
71
|
-
#
|
69
|
+
# "factory" method that creates an encryptor object with the proper class
|
70
|
+
# for the desired encrypted data bag format version.
|
72
71
|
#
|
73
|
-
#
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
72
|
+
# +Chef::Config[:data_bag_encrypt_version]+ determines which version is used.
|
73
|
+
def self.new(value, secret, iv=nil)
|
74
|
+
format_version = Chef::Config[:data_bag_encrypt_version]
|
75
|
+
case format_version
|
76
|
+
when 1
|
77
|
+
Version1Encryptor.new(value, secret, iv)
|
78
|
+
when 2
|
79
|
+
Version2Encryptor.new(value, secret, iv)
|
80
|
+
else
|
81
|
+
raise UnsupportedEncryptedDataBagItemFormat,
|
82
|
+
"Invalid encrypted data bag format version `#{format_version}'. Supported versions are '1', '2'"
|
83
|
+
end
|
83
84
|
end
|
84
85
|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
86
|
+
class Version1Encryptor
|
87
|
+
attr_reader :key
|
88
|
+
attr_reader :plaintext_data
|
89
|
+
|
90
|
+
# Create a new Encryptor for +data+, which will be encrypted with the given
|
91
|
+
# +key+.
|
92
|
+
#
|
93
|
+
# === Arguments:
|
94
|
+
# * data: An object of any type that can be serialized to json
|
95
|
+
# * key: A String representing the desired passphrase
|
96
|
+
# * iv: The optional +iv+ parameter is intended for testing use only. When
|
97
|
+
# *not* supplied, Encryptor will use OpenSSL to generate a secure random
|
98
|
+
# IV, which is what you want.
|
99
|
+
def initialize(plaintext_data, key, iv=nil)
|
100
|
+
@plaintext_data = plaintext_data
|
101
|
+
@key = key
|
102
|
+
@iv = iv && Base64.decode64(iv)
|
103
|
+
end
|
95
104
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
105
|
+
# Returns a wrapped and encrypted version of +plaintext_data+ suitable for
|
106
|
+
# using as the value in an encrypted data bag item.
|
107
|
+
def for_encrypted_item
|
108
|
+
{
|
109
|
+
"encrypted_data" => encrypted_data,
|
110
|
+
"iv" => Base64.encode64(iv),
|
111
|
+
"version" => 1,
|
112
|
+
"cipher" => ALGORITHM
|
113
|
+
}
|
114
|
+
end
|
103
115
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
116
|
+
# Generates or returns the IV.
|
117
|
+
def iv
|
118
|
+
# Generated IV comes from OpenSSL::Cipher::Cipher#random_iv
|
119
|
+
# This gets generated when +openssl_encryptor+ gets created.
|
120
|
+
openssl_encryptor if @iv.nil?
|
121
|
+
@iv
|
122
|
+
end
|
123
|
+
|
124
|
+
# Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures
|
125
|
+
# it for the specified iv and encryption key.
|
126
|
+
def openssl_encryptor
|
127
|
+
@openssl_encryptor ||= begin
|
128
|
+
encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM)
|
129
|
+
encryptor.encrypt
|
130
|
+
@iv ||= encryptor.random_iv
|
131
|
+
encryptor.iv = @iv
|
132
|
+
encryptor.key = Digest::SHA256.digest(key)
|
133
|
+
encryptor
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
# Encrypts and Base64 encodes +serialized_data+
|
138
|
+
def encrypted_data
|
139
|
+
@encrypted_data ||= begin
|
140
|
+
enc_data = openssl_encryptor.update(serialized_data)
|
141
|
+
enc_data << openssl_encryptor.final
|
142
|
+
Base64.encode64(enc_data)
|
143
|
+
end
|
114
144
|
end
|
115
|
-
end
|
116
145
|
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
146
|
+
# Wraps the data in a single key Hash (JSON Object) and converts to JSON.
|
147
|
+
# The wrapper is required because we accept values (such as Integers or
|
148
|
+
# Strings) that do not produce valid JSON when serialized without the
|
149
|
+
# wrapper.
|
150
|
+
def serialized_data
|
151
|
+
Yajl::Encoder.encode(:json_wrapper => plaintext_data)
|
123
152
|
end
|
124
153
|
end
|
125
154
|
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
155
|
+
class Version2Encryptor < Version1Encryptor
|
156
|
+
|
157
|
+
# Returns a wrapped and encrypted version of +plaintext_data+ suitable for
|
158
|
+
# using as the value in an encrypted data bag item.
|
159
|
+
def for_encrypted_item
|
160
|
+
{
|
161
|
+
"encrypted_data" => encrypted_data,
|
162
|
+
"hmac" => hmac,
|
163
|
+
"iv" => Base64.encode64(iv),
|
164
|
+
"version" => 2,
|
165
|
+
"cipher" => ALGORITHM
|
166
|
+
}
|
167
|
+
end
|
168
|
+
|
169
|
+
# Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac)
|
170
|
+
def hmac
|
171
|
+
@hmac ||= begin
|
172
|
+
digest = OpenSSL::Digest::Digest.new("sha256")
|
173
|
+
raw_hmac = OpenSSL::HMAC.digest(digest, key, encrypted_data)
|
174
|
+
Base64.encode64(raw_hmac)
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
132
178
|
end
|
133
179
|
end
|
134
180
|
|
@@ -145,7 +191,11 @@ class Chef::EncryptedDataBagItem
|
|
145
191
|
# decryptor object for that version. Call #for_decrypted_item on the
|
146
192
|
# resulting object to decrypt and deserialize it.
|
147
193
|
def self.for(encrypted_value, key)
|
148
|
-
|
194
|
+
format_version = format_version_of(encrypted_value)
|
195
|
+
assert_format_version_acceptable!(format_version)
|
196
|
+
case format_version
|
197
|
+
when 2
|
198
|
+
Version2Decryptor.new(encrypted_value, key)
|
149
199
|
when 1
|
150
200
|
Version1Decryptor.new(encrypted_value, key)
|
151
201
|
when 0
|
@@ -164,6 +214,14 @@ class Chef::EncryptedDataBagItem
|
|
164
214
|
end
|
165
215
|
end
|
166
216
|
|
217
|
+
def self.assert_format_version_acceptable!(format_version)
|
218
|
+
unless format_version.kind_of?(Integer) and format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
|
219
|
+
raise UnacceptableEncryptedDataBagItemFormat,
|
220
|
+
"The encrypted data bag item has format version `#{format_version}', " +
|
221
|
+
"but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
|
222
|
+
end
|
223
|
+
end
|
224
|
+
|
167
225
|
class Version1Decryptor
|
168
226
|
|
169
227
|
attr_reader :encrypted_data
|
@@ -176,9 +234,13 @@ class Chef::EncryptedDataBagItem
|
|
176
234
|
|
177
235
|
def for_decrypted_item
|
178
236
|
Yajl::Parser.parse(decrypted_data)["json_wrapper"]
|
237
|
+
rescue Yajl::ParseError
|
238
|
+
# convert to a DecryptionFailure error because the most likely scenario
|
239
|
+
# here is that the decryption step was unsuccessful but returned bad
|
240
|
+
# data rather than raising an error.
|
241
|
+
raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect"
|
179
242
|
end
|
180
243
|
|
181
|
-
|
182
244
|
def encrypted_bytes
|
183
245
|
Base64.decode64(@encrypted_data["encrypted_data"])
|
184
246
|
end
|
@@ -219,6 +281,36 @@ class Chef::EncryptedDataBagItem
|
|
219
281
|
|
220
282
|
end
|
221
283
|
|
284
|
+
class Version2Decryptor < Version1Decryptor
|
285
|
+
|
286
|
+
def decrypted_data
|
287
|
+
validate_hmac! unless @decrypted_data
|
288
|
+
super
|
289
|
+
end
|
290
|
+
|
291
|
+
def validate_hmac!
|
292
|
+
digest = OpenSSL::Digest::Digest.new("sha256")
|
293
|
+
raw_hmac = OpenSSL::HMAC.digest(digest, key, @encrypted_data["encrypted_data"])
|
294
|
+
|
295
|
+
if candidate_hmac_matches?(raw_hmac)
|
296
|
+
true
|
297
|
+
else
|
298
|
+
raise DecryptionFailure, "Error decrypting data bag value: invalid hmac. Most likely the provided key is incorrect"
|
299
|
+
end
|
300
|
+
end
|
301
|
+
|
302
|
+
private
|
303
|
+
|
304
|
+
def candidate_hmac_matches?(expected_hmac)
|
305
|
+
return false unless @encrypted_data["hmac"]
|
306
|
+
expected_bytes = expected_hmac.bytes.to_a
|
307
|
+
candidate_hmac_bytes = Base64.decode64(@encrypted_data["hmac"]).bytes.to_a
|
308
|
+
valid = expected_bytes.size ^ candidate_hmac_bytes.size
|
309
|
+
expected_bytes.zip(candidate_hmac_bytes) { |x, y| valid |= x ^ y.to_i }
|
310
|
+
valid == 0
|
311
|
+
end
|
312
|
+
end
|
313
|
+
|
222
314
|
class Version0Decryptor
|
223
315
|
|
224
316
|
attr_reader :encrypted_data
|
@@ -297,7 +389,7 @@ class Chef::EncryptedDataBagItem
|
|
297
389
|
end
|
298
390
|
|
299
391
|
def self.load_secret(path=nil)
|
300
|
-
path
|
392
|
+
path ||= Chef::Config[:encrypted_data_bag_secret]
|
301
393
|
secret = case path
|
302
394
|
when /^\w+:\/\//
|
303
395
|
# We have a remote key
|
@@ -309,7 +401,7 @@ class Chef::EncryptedDataBagItem
|
|
309
401
|
raise ArgumentError, "Remote key not found at '#{path}'"
|
310
402
|
end
|
311
403
|
else
|
312
|
-
if !File.
|
404
|
+
if !File.exist?(path)
|
313
405
|
raise Errno::ENOENT, "file not found '#{path}'"
|
314
406
|
end
|
315
407
|
IO.read(path).strip
|