chef 11.8.4.ohai7.0 → 11.10.0.alpha.1

data/lib/chef/provider/cron.rb

@@ -85,7 +85,7 @@ class Chef
 
       def cron_different?
         CRON_ATTRIBUTES.any? do |cron_var|
-          !@new_resource.send(cron_var).nil? && @new_resource.send(cron_var) != @current_resource.send(cron_var)
+          @new_resource.send(cron_var) != @current_resource.send(cron_var)
         end
       end
 

data/lib/chef/provider/directory.rb

@@ -123,6 +123,13 @@ class Chef
           end
         end
       end
+
+      private
+
+      def managing_content?
+        false
+      end
+
     end
   end
 end

data/lib/chef/provider/file.rb

@@ -75,7 +75,8 @@ class Chef
         @current_resource ||= Chef::Resource::File.new(@new_resource.name)
         @current_resource.path(@new_resource.path)
         if ::File.exists?(@current_resource.path) && ::File.file?(::File.realpath(@current_resource.path))
-          if @action != :create_if_missing && @current_resource.respond_to?(:checksum)
+          if managing_content?
+            Chef::Log.debug("#{@new_resource} checksumming file at #{@new_resource.path}.")
             @current_resource.checksum(checksum(@current_resource.path))
           end
           load_resource_attributes_from_file(@current_resource)
@@ -159,6 +160,15 @@ class Chef
 
       private
 
+      # What to check in this resource to see if we're going to be actively managing
+      # content (for things like doing checksums in load_current_resource).  Expected to
+      # be overridden in subclasses.
+      def managing_content?
+        return true if @new_resource.checksum
+        return true if !@new_resource.content.nil? && @action != :create_if_missing
+        false
+      end
+
       # Handles resource requirements for action :create when some fs entry
       # already exists at the destination path. For actions other than create,
       # we don't care what kind of thing is at the destination path because:
@@ -240,8 +250,8 @@ class Chef
 
       def content
         @content ||= begin
-           load_current_resource if @current_resource.nil?
-           @content_class.new(@new_resource, @current_resource, @run_context)
+          load_current_resource if @current_resource.nil?
+          @content_class.new(@new_resource, @current_resource, @run_context)
         end
       end
 
@@ -330,7 +340,9 @@ class Chef
         do_backup unless file_created?
         deployment_strategy.deploy(tempfile.path, ::File.realpath(@new_resource.path))
         Chef::Log.info("#{@new_resource} updated file contents #{@new_resource.path}")
-        @new_resource.checksum(checksum(@new_resource.path)) # for reporting
+        if managing_content?
+          @new_resource.checksum(checksum(@new_resource.path)) # for reporting
+        end
       end
 
       def do_contents_changes
@@ -379,6 +391,7 @@ class Chef
       end
 
       def contents_changed?
+        Chef::Log.debug "calculating checksum of #{tempfile.path} to compare with #{@current_resource.checksum}"
         checksum(tempfile.path) != @current_resource.checksum
       end
 

data/lib/chef/provider/git.rb

@@ -17,6 +17,7 @@
 #
 
 
+require 'chef/exceptions'
 require 'chef/log'
 require 'chef/provider'
 require 'chef/mixin/shell_out'
@@ -75,7 +76,9 @@ class Chef
       def action_checkout
         if target_dir_non_existent_or_empty?
           clone
-          checkout
+          if @new_resource.enable_checkout
+            checkout
+          end
           enable_submodules
           add_remotes
         else
@@ -151,10 +154,11 @@ class Chef
 
       def checkout
         sha_ref = target_revision
+
         converge_by("checkout ref #{sha_ref} branch #{@new_resource.revision}") do
           # checkout into a local branch rather than a detached HEAD
-          shell_out!("git checkout -b deploy #{sha_ref}", run_options(:cwd => @new_resource.destination))
-          Chef::Log.info "#{@new_resource} checked out branch: #{@new_resource.revision} reference: #{sha_ref}"
+          shell_out!("git checkout -b #{@new_resource.checkout_branch} #{sha_ref}", run_options(:cwd => @new_resource.destination))
+          Chef::Log.info "#{@new_resource} checked out branch: #{@new_resource.revision} onto: #{@new_resource.checkout_branch} reference: #{sha_ref}"
         end
       end
 
@@ -269,12 +273,26 @@ class Chef
       private
 
       def run_options(run_opts={})
-        run_opts[:user] = @new_resource.user if @new_resource.user
+        env = {}
+        if @new_resource.user
+          run_opts[:user] = @new_resource.user
+          # Certain versions of `git` misbehave if git configuration is
+          # inaccessible in $HOME. We need to ensure $HOME matches the
+          # user who is executing `git` not the user running Chef.
+          env['HOME'] = begin
+            require 'etc'
+            Etc.getpwnam(@new_resource.user).dir
+          rescue ArgumentError # user not found
+            raise Chef::Exceptions::User, "Could not determine HOME for specified user '#{@new_resource.user}' for resource '#{@new_resource.name}'"
+          end
+        end
         run_opts[:group] = @new_resource.group if @new_resource.group
-        run_opts[:environment] = {"GIT_SSH" => @new_resource.ssh_wrapper} if @new_resource.ssh_wrapper
+        env['GIT_SSH'] = @new_resource.ssh_wrapper if @new_resource.ssh_wrapper
         run_opts[:log_tag] = @new_resource.to_s
         run_opts[:timeout] = @new_resource.timeout if @new_resource.timeout
+        run_opts[:environment] = env unless env.empty?
         run_opts
+
       end
 
       def cwd

data/lib/chef/provider/group.rb

@@ -63,6 +63,17 @@ class Chef
           a.failure_message(Chef::Exceptions::Group, "Cannot modify #{@new_resource} - group does not exist!")
           a.whyrun("Group #{@new_resource} does not exist. Unless it would have been created earlier in this run, this attempt to modify it would fail.")
         end
+
+        requirements.assert(:all_actions) do |a|
+          # Make sure that the resource doesn't contain any common
+          # user names in the members and exclude_members properties.
+          if !@new_resource.members.nil? && !@new_resource.excluded_members.nil?
+            common_members = @new_resource.members & @new_resource.excluded_members
+            a.assertion { common_members.empty? }
+            a.failure_message(Chef::Exceptions::ConflictingMembersInGroup, "Attempting to both add and remove users from a group: '#{common_members.join(', ')}'")
+            # No why-run alternative
+          end
+        end
       end
 
       # Check to see if a group needs any changes. Populate
@@ -72,10 +83,9 @@ class Chef
       # <true>:: If a change is required
       # <false>:: If a change is not required
       def compare_group
-        @change_desc = nil
+        @change_desc = [ ]
         if @new_resource.gid != @current_resource.gid
-          @change_desc = "change gid #{@current_resource.gid} to #{@new_resource.gid}"
-          return true
+          @change_desc << "change gid #{@current_resource.gid} to #{@new_resource.gid}"
         end
 
         if(@new_resource.append)
@@ -85,16 +95,25 @@ class Chef
             missing_members << member
           end
           if missing_members.length > 0
-            @change_desc = "add missing member(s): #{missing_members.join(", ")}"
-            return true
+            @change_desc << "add missing member(s): #{missing_members.join(", ")}"
+          end
+
+          members_to_be_removed = []
+          @new_resource.excluded_members.each do |member|
+            if @current_resource.members.include?(member)
+              members_to_be_removed << member
+            end
+          end
+          if members_to_be_removed.length > 0
+            @change_desc << "remove existing member(s): #{members_to_be_removed.join(", ")}"
           end
         else
           if @new_resource.members != @current_resource.members
-            @change_desc = "replace group members with new list of members"
-            return true
+            @change_desc << "replace group members with new list of members"
           end
         end
-        return false
+
+        !@change_desc.empty?
       end
 
       def action_create
@@ -106,7 +125,7 @@ class Chef
           end
         else
           if compare_group
-            converge_by(["alter group #{@new_resource}", @change_desc ]) do
+            converge_by(["alter group #{@new_resource}"] + change_desc) do
               manage_group
               Chef::Log.info("#{@new_resource} altered")
             end
@@ -125,7 +144,7 @@ class Chef
 
       def action_manage
         if @group_exists && compare_group
-          converge_by(["manage group #{@new_resource}", @change_desc]) do
+          converge_by(["manage group #{@new_resource}"] + change_desc) do
             manage_group
             Chef::Log.info("#{@new_resource} managed")
           end
@@ -134,7 +153,7 @@ class Chef
 
       def action_modify
         if compare_group
-          converge_by(["modify group #{@new_resource}", @change_desc]) do
+          converge_by(["modify group #{@new_resource}"] + change_desc) do
             manage_group
             Chef::Log.info("#{@new_resource} modified")
           end

data/lib/chef/provider/group/dscl.rb

@@ -73,14 +73,36 @@ class Chef
         end
 
         def set_members
+          # First reset the memberships if the append is not set
           unless @new_resource.append
             Chef::Log.debug("#{@new_resource} removing group members #{@current_resource.members.join(' ')}") unless @current_resource.members.empty?
             safe_dscl("create /Groups/#{@new_resource.group_name} GroupMembers ''") # clear guid list
             safe_dscl("create /Groups/#{@new_resource.group_name} GroupMembership ''") # clear user list
+            @current_resource.members([ ])
           end
-          unless @new_resource.members.empty?
-            Chef::Log.debug("#{@new_resource} setting group members #{@new_resource.members.join(', ')}")
-            safe_dscl("append /Groups/#{@new_resource.group_name} GroupMembership #{@new_resource.members.join(' ')}")
+
+          # Add any members that need to be added
+          if @new_resource.members && !@new_resource.members.empty?
+            members_to_be_added = [ ]
+            @new_resource.members.each do |member|
+              members_to_be_added << member if !@current_resource.members.include?(member)
+            end
+            unless members_to_be_added.empty?
+              Chef::Log.debug("#{@new_resource} setting group members #{members_to_be_added.join(', ')}")
+              safe_dscl("append /Groups/#{@new_resource.group_name} GroupMembership #{members_to_be_added.join(' ')}")
+            end
+          end
+
+          # Remove any members that need to be removed
+          if @new_resource.excluded_members && !@new_resource.excluded_members.empty?
+            members_to_be_removed = [ ]
+            @new_resource.excluded_members.each do |member|
+              members_to_be_removed << member if @current_resource.members.include?(member)
+            end
+            unless members_to_be_removed.empty?
+              Chef::Log.debug("#{@new_resource} removing group members #{members_to_be_removed.join(', ')}")
+              safe_dscl("delete /Groups/#{@new_resource.group_name} GroupMembership #{members_to_be_removed.join(' ')}")
+            end
           end
         end
 
@@ -110,7 +132,7 @@ class Chef
           if @new_resource.gid && (@current_resource.gid != @new_resource.gid)
             set_gid
           end
-          if @new_resource.members && (@current_resource.members != @new_resource.members)
+          if @new_resource.members || @new_resource.excluded_members
             set_members
           end
         end

data/lib/chef/provider/group/gpasswd.rb

@@ -39,25 +39,20 @@ class Chef
           end
         end
 
-        def modify_group_members
-            if(@new_resource.append)
-              unless @new_resource.members.empty?
-                @new_resource.members.each do |member|
-                  Chef::Log.debug("#{@new_resource} appending member #{member} to group #{@new_resource.group_name}")
-                  shell_out!("gpasswd -a #{member} #{@new_resource.group_name}")
-                end
-              else
-                Chef::Log.debug("#{@new_resource} not changing group members, the group has no members to add")
-              end
-            else
-              unless @new_resource.members.empty?
-                Chef::Log.debug("#{@new_resource} setting group members to #{@new_resource.members.join(', ')}")
-                shell_out!("gpasswd -M #{@new_resource.members.join(',')} #{@new_resource.group_name}")
-              else
-                Chef::Log.debug("#{@new_resource} setting group members to: none")
-                shell_out!("gpasswd -M \"\" #{@new_resource.group_name}")
-              end
-            end
+        def set_members(members)
+          unless members.empty?
+            shell_out!("gpasswd -M #{members.join(',')} #{@new_resource.group_name}")
+          else
+            shell_out!("gpasswd -M \"\" #{@new_resource.group_name}")
+          end
+        end
+
+        def add_member(member)
+          shell_out!("gpasswd -a #{member} #{@new_resource.group_name}")
+        end
+
+        def remove_member(member)
+          shell_out!("gpasswd -d #{member} #{@new_resource.group_name}")
         end
       end
     end

data/lib/chef/provider/group/groupadd.rb

@@ -65,8 +65,48 @@ class Chef
         end
 
         def modify_group_members
-          raise Chef::Exceptions::Group, "you must override modify_group_members in #{self.to_s}"
+          if @new_resource.append
+            if @new_resource.members && !@new_resource.members.empty?
+              members_to_be_added = [ ]
+              @new_resource.members.each do |member|
+                members_to_be_added << member if !@current_resource.members.include?(member)
+              end
+              members_to_be_added.each do |member|
+                Chef::Log.debug("#{@new_resource} appending member #{member} to group #{@new_resource.group_name}")
+                add_member(member)
+              end
+            end
+
+            if @new_resource.excluded_members && !@new_resource.excluded_members.empty?
+              members_to_be_removed = [ ]
+              @new_resource.excluded_members.each do |member|
+                members_to_be_removed << member if @current_resource.members.include?(member)
+              end
+
+              members_to_be_removed.each do |member|
+                Chef::Log.debug("#{@new_resource} removing member #{member} from group #{@new_resource.group_name}")
+                remove_member(member)
+              end
+            end
+          else
+            members_description = @new_resource.members.empty? ? "none" : @new_resource.members.join(", ")
+            Chef::Log.debug("#{@new_resource} setting group members to: #{members_description}")
+            set_members(@new_resource.members)
+          end
+        end
+
+        def add_member(member)
+          raise Chef::Exceptions::Group, "you must override add_member in #{self.to_s}"
+        end
+
+        def remove_member(member)
+          raise Chef::Exceptions::Group, "you must override remove_member in #{self.to_s}"
+        end
+
+        def set_members(members)
+          raise Chef::Exceptions::Group, "you must override set_members in #{self.to_s}"
         end
+
         # Little bit of magic as per Adam's useradd provider to pull the assign the command line flags
         #
         # ==== Returns

data/lib/chef/provider/group/groupmod.rb

@@ -44,45 +44,40 @@ class Chef
         # Manage the group when it already exists
         def manage_group
           if @new_resource.append
-            to_add = @new_resource.members.dup
-            to_add.reject! { |user| @current_resource.members.include?(user) }
-
-            to_delete = Array.new
-
-            Chef::Log.debug("#{@new_resource} not changing group members, the group has no members to add") if to_add.empty?
+            members_to_be_added = [ ]
+            if @new_resource.excluded_members && !@new_resource.excluded_members.empty?
+              # First find out if any member needs to be removed
+              members_to_be_removed = [ ]
+              @new_resource.excluded_members.each do |member|
+                members_to_be_removed << member if @current_resource.members.include?(member)
+              end
+
+              unless members_to_be_removed.empty?
+                # We are using a magic trick to remove the groups.
+                reset_group_membership
+
+                # Capture the members we need to add in
+                # members_to_be_added to be added later on.
+                @current_resource.members.each do |member|
+                  members_to_be_added << member unless members_to_be_removed.include?(member)
+                end
+              end
+            end
+
+            if @new_resource.members && !@new_resource.members.empty?
+              @new_resource.members.each do |member|
+                members_to_be_added << member if !@current_resource.members.include?(member)
+              end
+            end
+
+            Chef::Log.debug("#{@new_resource} not changing group members, the group has no members to add") if members_to_be_added.empty?
+
+            add_group_members(members_to_be_added)
           else
-            to_add = @new_resource.members.dup
-            to_add.reject! { |user| @current_resource.members.include?(user) }
-
-            to_delete = @current_resource.members.dup
-            to_delete.reject! { |user| @new_resource.members.include?(user) }
-
+            # We are resetting the members of a group so use the same trick
+            reset_group_membership
             Chef::Log.debug("#{@new_resource} setting group members to: none") if @new_resource.members.empty?
-          end
-
-          if to_delete.empty?
-            # If we are only adding new members to this group, then
-            # call add_group_members with only those users
-            add_group_members(to_add)
-          else
-            Chef::Log.debug("#{@new_resource} removing members #{to_delete.join(', ')}")
-
-            # This is tricky, but works: rename the existing group to
-            # "<name>_bak", create a new group with the same GID and
-            # "<name>", then set correct members on that group
-            rename = "group mod -n #{@new_resource.group_name}_bak #{@new_resource.group_name}"
-            shell_out!(rename)
-
-            create = "group add"
-            create << set_options(:overwrite_gid => true)
-            shell_out!(create)
-
-            # Ignore to_add here, since we're replacing the group we
-            # have to add all members who should be in the group.
             add_group_members(@new_resource.members)
-
-            remove = "group del #{@new_resource.group_name}_bak"
-            shell_out!(remove)
           end
         end
 
@@ -99,6 +94,21 @@ class Chef
           end
         end
 
+        # This is tricky, but works: rename the existing group to
+        # "<name>_bak", create a new group with the same GID and
+        # "<name>", then set correct members on that group
+        def reset_group_membership
+          rename = "group mod -n #{@new_resource.group_name}_bak #{@new_resource.group_name}"
+          shell_out!(rename)
+
+          create = "group add"
+          create << set_options(:overwrite_gid => true)
+          shell_out!(create)
+
+          remove = "group del #{@new_resource.group_name}_bak"
+          shell_out!(remove)
+        end
+
         # Little bit of magic as per Adam's useradd provider to pull and assign the command line flags
         #
         # ==== Returns