chef 12.0.0.alpha.1 → 12.0.0.alpha.2

data/lib/chef/chef_fs/file_system/organization_invites_entry.rb

@@ -0,0 +1,58 @@
+require 'chef/chef_fs/file_system/rest_list_entry'
+require 'chef/chef_fs/data_handler/organization_invites_data_handler'
+
+class Chef
+  module ChefFS
+    module FileSystem
+      # /organizations/NAME/invitations.json
+      # read data from:
+      # - GET /organizations/NAME/association_requests
+      # write data to:
+      # - remove from list: DELETE /organizations/NAME/association_requests/id
+      # - add to list: POST /organizations/NAME/association_requests
+      class OrganizationInvitesEntry < RestListEntry
+        def initialize(name, parent, exists = nil)
+          super(name, parent)
+          @exists = exists
+        end
+
+        def data_handler
+          Chef::ChefFS::DataHandler::OrganizationInvitesDataHandler.new
+        end
+
+        # /organizations/foo/invites.json -> /organizations/foo/association_requests
+        def api_path
+          File.join(parent.api_path, 'association_requests')
+        end
+
+        def exists?
+          parent.exists?
+        end
+
+        def delete(recurse)
+          raise Chef::ChefFS::FileSystem::OperationNotAllowedError.new(:delete, self)
+        end
+
+        def write(contents)
+          desired_invites = minimize_value(JSON.parse(contents, :create_additions => false))
+          actual_invites = _read_json.inject({}) { |h,val| h[val['username']] = val['id']; h }
+          invites = actual_invites.keys
+          (desired_invites - invites).each do |invite|
+            begin
+              rest.post(api_path, { 'user' => invite })
+            rescue Net::HTTPServerException => e
+              if e.response.code == '409'
+                Chef::Log.warn("Could not invite #{invite} to organization #{org}: #{api_error_text(e.response)}")
+              else
+                raise
+              end
+            end
+          end
+          (invites - desired_invites).each do |invite|
+            rest.delete(File.join(api_path, actual_invites[invite]))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/chef_fs/file_system/organization_members_entry.rb

@@ -0,0 +1,57 @@
+require 'chef/chef_fs/file_system/rest_list_entry'
+require 'chef/chef_fs/data_handler/organization_members_data_handler'
+
+class Chef
+  module ChefFS
+    module FileSystem
+      # /organizations/NAME/members.json
+      # reads data from:
+      # - GET /organizations/NAME/users
+      # writes data to:
+      # - remove from list: DELETE /organizations/NAME/users/name
+      # - add to list: POST /organizations/NAME/users/name
+      class OrganizationMembersEntry < RestListEntry
+        def initialize(name, parent, exists = nil)
+          super(name, parent)
+          @exists = exists
+        end
+
+        def data_handler
+          Chef::ChefFS::DataHandler::OrganizationMembersDataHandler.new
+        end
+
+        # /organizations/foo/members.json -> /organizations/foo/users
+        def api_path
+          File.join(parent.api_path, 'users')
+        end
+
+        def exists?
+          parent.exists?
+        end
+
+        def delete(recurse)
+          raise Chef::ChefFS::FileSystem::OperationNotAllowedError.new(:delete, self)
+        end
+
+        def write(contents)
+          desired_members = minimize_value(JSON.parse(contents, :create_additions => false))
+          members = minimize_value(_read_json)
+          (desired_members - members).each do |member|
+            begin
+              rest.post(File.join(api_path, member), {})
+            rescue Net::HTTPServerException => e
+              if e.response.code == '404'
+                raise "Chef server at #{api_path} does not allow you to directly add members.  Please either upgrade your Chef server or move the users you want into invitations.json instead of members.json."
+              else
+                raise
+              end
+            end
+          end
+          (members - desired_members).each do |member|
+            rest.delete(File.join(api_path, member))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/chef_fs/file_system/rest_list_entry.rb

@@ -80,13 +80,13 @@ class Chef
         end
 
         def read
-          Chef::JSONCompat.to_json_pretty(_read_hash)
+          Chef::JSONCompat.to_json_pretty(minimize_value(_read_json))
         end
 
-        def _read_hash
+        def _read_json
           begin
             # Minimize the value (get rid of defaults) so the results don't look terrible
-            minimize_value(root.get_json(api_path))
+            root.get_json(api_path)
           rescue Timeout::Error => e
             raise Chef::ChefFS::FileSystem::OperationFailedError.new(:read, self, e), "Timeout reading: #{e}"
           rescue Net::HTTPServerException => e
@@ -119,7 +119,7 @@ class Chef
 
           # Grab this value
           begin
-            value = _read_hash
+            value = _read_json
           rescue Chef::ChefFS::FileSystem::NotFoundError
             return [ false, :none, other_value_json ]
           end
@@ -169,7 +169,16 @@ class Chef
             end
           end
         end
+
+        def api_error_text(response)
+          begin
+            JSON.parse(response.body)['error'].join("\n")
+          rescue
+            response.body
+          end
+        end
       end
+
     end
   end
 end

data/lib/chef/chef_fs/knife.rb

@@ -68,7 +68,7 @@ class Chef
           end
         end
 
-        @chef_fs_config = Chef::ChefFS::Config.new(Chef::Config, Dir.pwd, config)
+        @chef_fs_config = Chef::ChefFS::Config.new(Chef::Config, Dir.pwd, config, ui)
 
         Chef::ChefFS::Parallelizer.threads = (Chef::Config[:concurrency] || 10) - 1
       end

data/lib/chef/client.rb

@@ -25,7 +25,6 @@ require 'chef/log'
 require 'chef/rest'
 require 'chef/api_client'
 require 'chef/api_client/registration'
-require 'chef/platform/query_helpers'
 require 'chef/node'
 require 'chef/role'
 require 'chef/file_cache'
@@ -45,6 +44,7 @@ require 'chef/resource_reporter'
 require 'chef/run_lock'
 require 'chef/policy_builder'
 require 'chef/request_id'
+require 'chef/platform/rebooter'
 require 'ohai'
 require 'rbconfig'
 
@@ -428,7 +428,9 @@ class Chef
 
         run_context = setup_run_context
 
-        converge(run_context)
+        catch (:end_client_run_early) do
+          converge(run_context)
+        end
 
         save_updated_node
 
@@ -436,6 +438,10 @@ class Chef
         Chef::Log.info("Chef Run complete in #{run_status.elapsed_time} seconds")
         run_completed_successfully
         @events.run_completed(node)
+
+        # rebooting has to be the last thing we do, no exceptions.
+        Chef::Platform::Rebooter.reboot_if_needed!(node)
+
         true
       rescue Exception => e
         # CHEF-3336: Send the error first in case something goes wrong below and we don't know why

data/lib/chef/config.rb

@@ -23,6 +23,7 @@ require 'chef/log'
 require 'chef/exceptions'
 require 'mixlib/config'
 require 'chef/util/selinux'
+require 'chef/util/path_helper'
 require 'pathname'
 
 class Chef
@@ -30,6 +31,8 @@ class Chef
 
     extend Mixlib::Config
 
+    PathHelper = Chef::Util::PathHelper
+
     # Evaluates the given string as config.
     #
     # +filename+ is used for context in stacktraces, but doesn't need to be the name of an actual file.
@@ -58,37 +61,13 @@ class Chef
       configuration.inspect
     end
 
-    def self.on_windows?
-      RUBY_PLATFORM =~ /mswin|mingw|windows/
-    end
-
-    BACKSLASH = '\\'.freeze
-
-    def self.platform_path_separator
-      if on_windows?
-        File::ALT_SEPARATOR || BACKSLASH
-      else
-        File::SEPARATOR
-      end
-    end
-
-    def self.path_join(*args)
-      args = args.flatten
-      args.inject do |joined_path, component|
-        unless joined_path[-1,1] == platform_path_separator
-          joined_path += platform_path_separator
-        end
-        joined_path += component
-      end
-    end
-
     def self.platform_specific_path(path)
-      if on_windows?
-        # turns /etc/chef/client.rb into C:/chef/client.rb
-        system_drive = env['SYSTEMDRIVE'] ? env['SYSTEMDRIVE'] : ""
-        path = File.join(system_drive, path.split('/')[2..-1])
-        # ensure all forward slashes are backslashes
-        path.gsub!(File::SEPARATOR, (File::ALT_SEPARATOR || '\\'))
+      path = PathHelper.cleanpath(path)
+      if Chef::Platform.windows?
+        # turns \etc\chef\client.rb and \var\chef\client.rb into C:/chef/client.rb
+        if env['SYSTEMDRIVE'] && path[0] == '\\' && path.split('\\')[2] == 'chef'
+          path = PathHelper.join(env['SYSTEMDRIVE'], path.split('\\', 3)[2])
+        end
       end
       path
     end
@@ -101,17 +80,13 @@ class Chef
     configurable(:config_file)
 
     default(:config_dir) do
-      if local_mode
-        path_join(user_home, ".chef#{platform_path_separator}")
+      if config_file
+        PathHelper.dirname(config_file)
       else
-        config_file && ::File.dirname(config_file)
+        PathHelper.join(user_home, ".chef", "")
       end
     end
 
-    # No config file (client.rb / knife.rb / etc.) will be loaded outside this path.
-    # Major use case is tests, where we don't want to load the user's config files.
-    configurable(:config_file_jail)
-
     default :formatters, []
 
     # Override the config dispatch to set the value of multiple server options simultaneously
@@ -119,7 +94,7 @@ class Chef
     # === Parameters
     # url<String>:: String to be set for all of the chef-server-api URL's
     #
-    configurable(:chef_server_url).writes_value { |url| url.strip }
+    configurable(:chef_server_url).writes_value { |url| url.to_s.strip }
 
     # When you are using ActiveSupport, they monkey-patch 'daemonize' into Kernel.
     # So while this is basically identical to what method_missing would do, we pull
@@ -150,7 +125,7 @@ class Chef
       # In local mode, we auto-discover the repo root by looking for a path with "cookbooks" under it.
       # This allows us to run config-free.
       path = cwd
-      until File.directory?(path_join(path, "cookbooks"))
+      until File.directory?(PathHelper.join(path, "cookbooks"))
         new_path = File.expand_path('..', path)
         if new_path == path
           Chef::Log.warn("No cookbooks directory found at or above current directory.  Assuming #{Dir.pwd}.")
@@ -164,9 +139,9 @@ class Chef
 
     def self.derive_path_from_chef_repo_path(child_path)
       if chef_repo_path.kind_of?(String)
-        path_join(chef_repo_path, child_path)
+        PathHelper.join(chef_repo_path, child_path)
       else
-        chef_repo_path.map { |path| path_join(path, child_path)}
+        chef_repo_path.map { |path| PathHelper.join(path, child_path)}
       end
     end
 
@@ -238,7 +213,7 @@ class Chef
     # this is under the user's home directory.
     default(:cache_path) do
       if local_mode
-        "#{config_dir}local-mode-cache"
+        PathHelper.join(config_dir, 'local-mode-cache')
       else
         primary_cache_root = platform_specific_path("/var")
         primary_cache_path = platform_specific_path("/var/chef")
@@ -247,8 +222,7 @@ class Chef
         # Otherwise, we'll create .chef under the user's home directory and use that as
         # the cache path.
         unless path_accessible?(primary_cache_path) || path_accessible?(primary_cache_root)
-          secondary_cache_path = File.join(user_home, '.chef')
-          secondary_cache_path.gsub!(File::SEPARATOR, platform_path_separator) # Safety, mainly for Windows...
+          secondary_cache_path = PathHelper.join(user_home, '.chef')
           Chef::Log.info("Unable to access cache at #{primary_cache_path}. Switching cache to #{secondary_cache_path}")
           secondary_cache_path
         else
@@ -263,20 +237,20 @@ class Chef
     end
 
     # Where cookbook files are stored on the server (by content checksum)
-    default(:checksum_path) { path_join(cache_path, "checksums") }
+    default(:checksum_path) { PathHelper.join(cache_path, "checksums") }
 
     # Where chef's cache files should be stored
-    default(:file_cache_path) { path_join(cache_path, "cache") }
+    default(:file_cache_path) { PathHelper.join(cache_path, "cache") }
 
     # Where backups of chef-managed files should go
-    default(:file_backup_path) { path_join(cache_path, "backup") }
+    default(:file_backup_path) { PathHelper.join(cache_path, "backup") }
 
     # The chef-client (or solo) lockfile.
     #
     # If your `file_cache_path` resides on a NFS (or non-flock()-supporting
     # fs), it's recommended to set this to something like
     # '/tmp/chef-client-running.pid'
-    default(:lockfile) { path_join(file_cache_path, "chef-client-running.pid") }
+    default(:lockfile) { PathHelper.join(file_cache_path, "chef-client-running.pid") }
 
     ## Daemonization Settings ##
     # What user should Chef run as?
@@ -372,7 +346,7 @@ class Chef
     # Path to the default CA bundle files.
     default :ssl_ca_path, nil
     default(:ssl_ca_file) do
-      if on_windows? and embedded_path = embedded_dir
+      if Chef::Platform.windows? and embedded_path = embedded_dir
         cacert_path = File.join(embedded_path, "ssl/certs/cacert.pem")
         cacert_path if File.exist?(cacert_path)
       else
@@ -384,7 +358,7 @@ class Chef
     # certificates in this directory will be added to whatever CA bundle ruby
     # is using. Use this to add self-signed certs for your Chef Server or local
     # HTTP file servers.
-    default(:trusted_certs_dir) { config_dir && path_join(config_dir, "trusted_certs") }
+    default(:trusted_certs_dir) { PathHelper.join(config_dir, "trusted_certs") }
 
     # Where should chef-solo download recipes from?
     default :recipe_url, nil
@@ -417,10 +391,6 @@ class Chef
 
     # This secret is used to decrypt encrypted data bag items.
     default(:encrypted_data_bag_secret) do
-      # We have to check for the existence of the default file before setting it
-      # since +Chef::Config[:encrypted_data_bag_secret]+ is read by older
-      # bootstrap templates to determine if the local secret should be uploaded to
-      # node being bootstrapped. This should be removed in Chef 12.
       if File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret"))
         platform_specific_path("/etc/chef/encrypted_data_bag_secret")
       else
@@ -492,7 +462,7 @@ class Chef
     default(:syntax_check_cache_path) { cache_options[:path] }
 
     # Deprecated:
-    default(:cache_options) { { :path => path_join(file_cache_path, "checksums") } }
+    default(:cache_options) { { :path => PathHelper.join(file_cache_path, "checksums") } }
 
     # Set to false to silence Chef 11 deprecation warnings:
     default :chef11_deprecation_warnings, true
@@ -505,6 +475,9 @@ class Chef
       default :ssh_gateway, nil
       default :bootstrap_version, nil
       default :bootstrap_proxy, nil
+      default :bootstrap_template, "chef-full"
+      default :secret, nil
+      default :secret_file, nil
       default :identity_file, nil
       default :host_key_verify, nil
       default :forward_agent, nil
@@ -537,7 +510,7 @@ class Chef
 
     # Those lists of regular expressions define what chef considers a
     # valid user and group name
-    if on_windows?
+    if Chef::Platform.windows?
       set_defaults_for_windows
     else
       set_defaults_for_nix
@@ -550,7 +523,7 @@ class Chef
     end
 
     def self.windows_home_path
-      windows_home_path = env['SYSTEMDRIVE'] + env['HOMEPATH'] if env['SYSTEMDRIVE'] && env['HOMEPATH']
+      env['SYSTEMDRIVE'] + env['HOMEPATH'] if env['SYSTEMDRIVE'] && env['HOMEPATH']
     end
 
     # returns a platform specific path to the user home dir if set, otherwise default to current directory.
@@ -614,6 +587,51 @@ class Chef
     default :normal_attribute_whitelist, nil
     default :override_attribute_whitelist, nil
 
+    # Chef requires an English-language UTF-8 locale to function properly.  We attempt
+    # to use the 'locale -a' command and search through a list of preferences until we
+    # find one that we can use.  On Ubuntu systems we should find 'C.UTF-8' and be
+    # able to use that even if there is no English locale on the server, but Mac, Solaris,
+    # AIX, etc do not have that locale.  We then try to find an English locale and fall
+    # back to 'C' if we do not.  The choice of fallback is pick-your-poison.  If we try
+    # to do the work to return a non-US UTF-8 locale then we fail inside of providers when
+    # things like 'svn info' return Japanese and we can't parse them.  OTOH, if we pick 'C' then
+    # we will blow up on UTF-8 characters.  Between the warn we throw and the Encoding
+    # exception that ruby will throw it is more obvious what is broken if we drop UTF-8 by
+    # default rather than drop English.
+    #
+    # If there is no 'locale -a' then we return 'en_US.UTF-8' since that is the most commonly
+    # available English UTF-8 locale.  However, all modern POSIXen should support 'locale -a'.
+    default :internal_locale do
+      begin
+        locales = `locale -a`.split
+        case
+        when locales.include?('C.UTF-8')
+          'C.UTF-8'
+        when locales.include?('en_US.UTF-8')
+          'en_US.UTF-8'
+        when locales.include?('en.UTF-8')
+          'en.UTF-8'
+        when guesses = locales.select { |l| l =~ /^en_.*UTF-8$'/ }
+          guesses.first
+        else
+          Chef::Log.warn "Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support."
+          'C'
+        end
+      rescue
+        Chef::Log.warn "No usable locale -a command found, assuming you have en_US.UTF-8 installed."
+        'en_US.UTF-8'
+      end
+    end
+
+    # Force UTF-8 Encoding, for when we fire up in the 'C' locale or other strange locales (e.g.
+    # japanese windows encodings).  If we do not do this, then knife upload will fail when a cookbook's
+    # README.md has UTF-8 characters that do not encode in whatever surrounding encoding we have been
+    # passed.  Effectively, the Chef Ecosystem is globally UTF-8 by default.  Anyone who wants to be
+    # able to upload Shift_JIS or ISO-8859-1 files needs to mark *those* files explicitly with
+    # magic tags to make ruby correctly identify the encoding being used.  Changing this default will
+    # break Chef community cookbooks and is very highly discouraged.
+    default :ruby_encoding, Encoding::UTF_8
+
     # If installed via an omnibus installer, this gives the path to the
     # "embedded" directory which contains all of the software packaged with
     # omnibus. This is used to locate the cacert.pem file on windows.