chef 12.18.31-universal-mingw32 → 12.19.33-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +5 -4
- data/README.md +12 -13
- data/VERSION +1 -1
- data/acceptance/Gemfile +4 -4
- data/acceptance/Gemfile.lock +70 -69
- data/chef-universal-mingw32.gemspec +2 -3
- data/chef.gemspec +6 -6
- data/lib/chef/api_client.rb +8 -10
- data/lib/chef/api_client_v1.rb +9 -11
- data/lib/chef/application/apply.rb +8 -10
- data/lib/chef/application/client.rb +1 -1
- data/lib/chef/application/exit_code.rb +3 -5
- data/lib/chef/application/knife.rb +2 -2
- data/lib/chef/application/windows_service.rb +29 -30
- data/lib/chef/application/windows_service_manager.rb +1 -1
- data/lib/chef/audit/audit_event_proxy.rb +2 -2
- data/lib/chef/audit/control_group_data.rb +1 -1
- data/lib/chef/chef_class.rb +1 -0
- data/lib/chef/chef_fs/chef_fs_data_store.rb +5 -7
- data/lib/chef/chef_fs/command_line.rb +15 -16
- data/lib/chef/chef_fs/data_handler/client_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/container_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/environment_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/group_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/node_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/role_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/user_data_handler.rb +1 -1
- data/lib/chef/chef_fs/file_pattern.rb +2 -2
- data/lib/chef/chef_fs/file_system.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb +5 -6
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +8 -10
- data/lib/chef/chef_fs/file_system/chef_server/data_bags_dir.rb +8 -10
- data/lib/chef/chef_fs/file_system/chef_server/nodes_dir.rb +10 -12
- data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +28 -30
- data/lib/chef/chef_fs/file_system/chef_server/policy_group_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +27 -29
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +18 -24
- data/lib/chef/chef_fs/file_system/memory/memory_file.rb +1 -1
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +10 -12
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +10 -12
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +9 -13
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +2 -0
- data/lib/chef/chef_fs/file_system/repository/cookbooks_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/nodes_dir.rb +3 -0
- data/lib/chef/chef_fs/parallelizer.rb +9 -11
- data/lib/chef/cookbook/cookbook_version_loader.rb +25 -31
- data/lib/chef/cookbook/metadata.rb +26 -26
- data/lib/chef/cookbook/syntax_check.rb +1 -1
- data/lib/chef/cookbook_version.rb +3 -3
- data/lib/chef/data_bag.rb +1 -1
- data/lib/chef/data_bag_item.rb +3 -3
- data/lib/chef/data_collector.rb +3 -4
- data/lib/chef/decorator.rb +1 -1
- data/lib/chef/deprecated.rb +30 -0
- data/lib/chef/dsl/audit.rb +2 -2
- data/lib/chef/dsl/declare_resource.rb +1 -1
- data/lib/chef/dsl/platform_introspection.rb +29 -31
- data/lib/chef/dsl/reboot_pending.rb +1 -1
- data/lib/chef/dsl/resources.rb +6 -8
- data/lib/chef/encrypted_data_bag_item.rb +2 -2
- data/lib/chef/environment.rb +9 -11
- data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
- data/lib/chef/exceptions.rb +4 -1
- data/lib/chef/file_access_control/unix.rb +14 -14
- data/lib/chef/file_access_control/windows.rb +1 -1
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +4 -5
- data/lib/chef/formatters/error_mapper.rb +6 -6
- data/lib/chef/http/api_versions.rb +50 -0
- data/lib/chef/http/validate_content_length.rb +2 -2
- data/lib/chef/json_compat.rb +6 -10
- data/lib/chef/key.rb +5 -5
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/cookbook_site_install.rb +2 -2
- data/lib/chef/knife/core/cookbook_scm_repo.rb +2 -2
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/status_presenter.rb +1 -1
- data/lib/chef/knife/core/ui.rb +19 -25
- data/lib/chef/knife/data_bag_secret_options.rb +1 -1
- data/lib/chef/knife/deps.rb +32 -34
- data/lib/chef/knife/help.rb +1 -1
- data/lib/chef/knife/list.rb +1 -1
- data/lib/chef/knife/search.rb +2 -2
- data/lib/chef/knife/ssh.rb +37 -27
- data/lib/chef/knife/ssl_check.rb +1 -1
- data/lib/chef/knife/user_delete.rb +1 -1
- data/lib/chef/mash.rb +1 -1
- data/lib/chef/mixin/command.rb +2 -2
- data/lib/chef/mixin/create_path.rb +3 -5
- data/lib/chef/mixin/from_file.rb +2 -2
- data/lib/chef/mixin/get_source_from_package.rb +2 -2
- data/lib/chef/mixin/notifying_block.rb +7 -9
- data/lib/chef/mixin/params_validate.rb +3 -3
- data/lib/chef/mixin/securable.rb +1 -1
- data/lib/chef/mixin/shell_out.rb +23 -3
- data/lib/chef/mixin/unformatter.rb +2 -2
- data/lib/chef/mixin/uris.rb +4 -6
- data/lib/chef/mixin/versioned_api.rb +69 -0
- data/lib/chef/mixin/which.rb +25 -8
- data/lib/chef/mixin/windows_architecture_helper.rb +2 -2
- data/lib/chef/mixin/xml_escape.rb +3 -5
- data/lib/chef/monkey_patches/webrick-utils.rb +1 -1
- data/lib/chef/node.rb +8 -8
- data/lib/chef/node/attribute.rb +4 -4
- data/lib/chef/node/common_api.rb +5 -7
- data/lib/chef/org.rb +10 -12
- data/lib/chef/platform/provider_mapping.rb +7 -7
- data/lib/chef/platform/query_helpers.rb +1 -1
- data/lib/chef/policy_builder/policyfile.rb +1 -0
- data/lib/chef/property.rb +31 -0
- data/lib/chef/provider/batch.rb +1 -1
- data/lib/chef/provider/breakpoint.rb +1 -1
- data/lib/chef/provider/cookbook_file.rb +3 -3
- data/lib/chef/provider/cron.rb +38 -38
- data/lib/chef/provider/deploy.rb +81 -81
- data/lib/chef/provider/deploy/revision.rb +3 -5
- data/lib/chef/provider/directory.rb +32 -32
- data/lib/chef/provider/dsc_resource.rb +22 -6
- data/lib/chef/provider/env.rb +28 -28
- data/lib/chef/provider/env/windows.rb +1 -1
- data/lib/chef/provider/erl_call.rb +13 -13
- data/lib/chef/provider/execute.rb +5 -2
- data/lib/chef/provider/file.rb +49 -51
- data/lib/chef/provider/git.rb +55 -55
- data/lib/chef/provider/http_request.rb +36 -36
- data/lib/chef/provider/launchd.rb +2 -2
- data/lib/chef/provider/link.rb +50 -50
- data/lib/chef/provider/log.rb +2 -2
- data/lib/chef/provider/mdadm.rb +25 -25
- data/lib/chef/provider/mount/aix.rb +2 -2
- data/lib/chef/provider/mount/mount.rb +2 -2
- data/lib/chef/provider/ohai.rb +1 -1
- data/lib/chef/provider/osx_profile.rb +23 -23
- data/lib/chef/provider/package.rb +74 -56
- data/lib/chef/provider/package/aix.rb +55 -52
- data/lib/chef/provider/package/apt.rb +15 -13
- data/lib/chef/provider/package/cab.rb +49 -20
- data/lib/chef/provider/package/chocolatey.rb +9 -10
- data/lib/chef/provider/package/dnf.rb +20 -18
- data/lib/chef/provider/package/dnf/dnf_helper.py +1 -1
- data/lib/chef/provider/package/dnf/python_helper.rb +63 -26
- data/lib/chef/provider/package/dnf/version.rb +1 -1
- data/lib/chef/provider/package/dpkg.rb +8 -9
- data/lib/chef/provider/package/easy_install.rb +22 -22
- data/lib/chef/provider/package/freebsd/base.rb +10 -10
- data/lib/chef/provider/package/freebsd/pkg.rb +15 -15
- data/lib/chef/provider/package/freebsd/pkgng.rb +13 -15
- data/lib/chef/provider/package/freebsd/port.rb +7 -7
- data/lib/chef/provider/package/homebrew.rb +11 -10
- data/lib/chef/provider/package/ips.rb +18 -23
- data/lib/chef/provider/package/macports.rb +23 -23
- data/lib/chef/provider/package/msu.rb +11 -11
- data/lib/chef/provider/package/openbsd.rb +25 -22
- data/lib/chef/provider/package/pacman.rb +16 -16
- data/lib/chef/provider/package/paludis.rb +26 -27
- data/lib/chef/provider/package/portage.rb +22 -22
- data/lib/chef/provider/package/powershell.rb +17 -17
- data/lib/chef/provider/package/rpm.rb +25 -25
- data/lib/chef/provider/package/rubygems.rb +60 -60
- data/lib/chef/provider/package/smartos.rb +16 -16
- data/lib/chef/provider/package/solaris.rb +44 -44
- data/lib/chef/provider/package/windows.rb +3 -3
- data/lib/chef/provider/package/windows/exe.rb +6 -6
- data/lib/chef/provider/package/windows/msi.rb +6 -6
- data/lib/chef/provider/package/yum.rb +318 -268
- data/lib/chef/provider/package/yum/rpm_utils.rb +34 -34
- data/lib/chef/provider/package/yum/yum_cache.rb +12 -12
- data/lib/chef/provider/package/zypper.rb +11 -11
- data/lib/chef/provider/powershell_script.rb +15 -7
- data/lib/chef/provider/reboot.rb +10 -10
- data/lib/chef/provider/registry_key.rb +39 -39
- data/lib/chef/provider/remote_directory.rb +3 -3
- data/lib/chef/provider/remote_file.rb +3 -3
- data/lib/chef/provider/route.rb +1 -1
- data/lib/chef/provider/ruby_block.rb +3 -3
- data/lib/chef/provider/script.rb +42 -6
- data/lib/chef/provider/service.rb +49 -49
- data/lib/chef/provider/service/solaris.rb +1 -1
- data/lib/chef/provider/service/systemd.rb +1 -1
- data/lib/chef/provider/subversion.rb +39 -39
- data/lib/chef/provider/systemd_unit.rb +2 -0
- data/lib/chef/provider/template.rb +3 -3
- data/lib/chef/provider/user.rb +42 -42
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +4 -4
- data/lib/chef/resource.rb +27 -16
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +1 -1
- data/lib/chef/resource/dnf_package.rb +6 -3
- data/lib/chef/resource/dsc_resource.rb +9 -1
- data/lib/chef/resource/execute.rb +70 -6
- data/lib/chef/resource/file/verification/systemd_unit.rb +67 -0
- data/lib/chef/resource/freebsd_package.rb +1 -1
- data/lib/chef/resource/gem_package.rb +1 -1
- data/lib/chef/resource/launchd.rb +13 -1
- data/lib/chef/resource/package.rb +2 -2
- data/lib/chef/resource/registry_key.rb +1 -1
- data/lib/chef/resource/yum_package.rb +12 -3
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource_collection/resource_collection_serialization.rb +3 -3
- data/lib/chef/resource_collection/resource_set.rb +2 -2
- data/lib/chef/resource_reporter.rb +1 -1
- data/lib/chef/run_context.rb +3 -3
- data/lib/chef/run_list/run_list_item.rb +1 -1
- data/lib/chef/run_list/versioned_recipe_list.rb +6 -6
- data/lib/chef/server_api.rb +2 -0
- data/lib/chef/server_api_versions.rb +40 -0
- data/lib/chef/shell.rb +1 -1
- data/lib/chef/shell/ext.rb +3 -3
- data/lib/chef/shell/shell_session.rb +1 -1
- data/lib/chef/user.rb +9 -11
- data/lib/chef/user_v1.rb +9 -11
- data/lib/chef/util/diff.rb +1 -1
- data/lib/chef/util/dsc/lcm_output_parser.rb +1 -1
- data/lib/chef/util/selinux.rb +1 -1
- data/lib/chef/util/windows/net_group.rb +18 -30
- data/lib/chef/util/windows/net_use.rb +7 -11
- data/lib/chef/util/windows/net_user.rb +11 -17
- data/lib/chef/util/windows/volume.rb +9 -15
- data/lib/chef/version.rb +1 -1
- data/lib/chef/version_class.rb +1 -1
- data/lib/chef/win32/api.rb +4 -6
- data/lib/chef/win32/api/file.rb +25 -31
- data/lib/chef/win32/api/installer.rb +2 -2
- data/lib/chef/win32/file.rb +4 -6
- data/lib/chef/win32/registry.rb +9 -9
- data/lib/chef/win32/security.rb +2 -2
- data/lib/chef/win32/security/acl.rb +2 -2
- data/lib/chef/win32/unicode.rb +2 -2
- data/lib/chef/win32/version.rb +1 -1
- data/spec/data/prefer_metadata_json/metadata.json +51 -0
- data/spec/data/prefer_metadata_json/metadata.rb +6 -0
- data/spec/data/prefer_metadata_json/recipes/default.rb +0 -0
- data/spec/functional/knife/ssh_spec.rb +5 -5
- data/spec/functional/resource/batch_spec.rb +5 -1
- data/spec/functional/resource/dsc_script_spec.rb +2 -4
- data/spec/functional/resource/execute_spec.rb +17 -0
- data/spec/functional/resource/user/dscl_spec.rb +2 -4
- data/spec/integration/client/client_spec.rb +33 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +58 -58
- data/spec/spec_helper.rb +4 -0
- data/spec/support/chef_helpers.rb +5 -7
- data/spec/support/platform_helpers.rb +6 -0
- data/spec/support/platforms/prof/gc.rb +4 -6
- data/spec/support/shared/context/client.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +150 -0
- data/spec/support/shared/functional/windows_script.rb +74 -4
- data/spec/support/shared/unit/execute_resource.rb +37 -0
- data/spec/support/shared/unit/provider/file.rb +10 -0
- data/spec/unit/cookbook/cookbook_version_loader_spec.rb +9 -0
- data/spec/unit/cookbook/syntax_check_spec.rb +8 -2
- data/spec/unit/http/api_versions_spec.rb +69 -0
- data/spec/unit/knife/ssh_spec.rb +34 -36
- data/spec/unit/mixin/versioned_api_spec.rb +107 -0
- data/spec/unit/mixin/which.rb +160 -0
- data/spec/unit/platform_spec.rb +28 -1
- data/spec/unit/provider/deploy_spec.rb +1 -1
- data/spec/unit/provider/directory_spec.rb +10 -0
- data/spec/unit/provider/dsc_resource_spec.rb +175 -0
- data/spec/unit/provider/execute_spec.rb +0 -1
- data/spec/unit/provider/launchd_spec.rb +2 -2
- data/spec/unit/provider/package/aix_spec.rb +22 -22
- data/spec/unit/provider/package/apt_spec.rb +27 -27
- data/spec/unit/provider/package/cab_spec.rb +59 -5
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +29 -0
- data/spec/unit/provider/package/dpkg_spec.rb +16 -16
- data/spec/unit/provider/package/easy_install_spec.rb +18 -18
- data/spec/unit/provider/package/freebsd/pkg_spec.rb +15 -15
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +9 -9
- data/spec/unit/provider/package/freebsd/port_spec.rb +9 -9
- data/spec/unit/provider/package/homebrew_spec.rb +9 -9
- data/spec/unit/provider/package/ips_spec.rb +37 -31
- data/spec/unit/provider/package/macports_spec.rb +10 -10
- data/spec/unit/provider/package/openbsd_spec.rb +10 -10
- data/spec/unit/provider/package/pacman_spec.rb +6 -6
- data/spec/unit/provider/package/paludis_spec.rb +7 -7
- data/spec/unit/provider/package/portage_spec.rb +6 -7
- data/spec/unit/provider/package/rpm_spec.rb +23 -23
- data/spec/unit/provider/package/rubygems_spec.rb +38 -38
- data/spec/unit/provider/package/solaris_spec.rb +15 -15
- data/spec/unit/provider/package/windows_spec.rb +2 -1
- data/spec/unit/provider/package/yum_spec.rb +51 -43
- data/spec/unit/provider/package/zypper_spec.rb +34 -34
- data/spec/unit/provider/package_spec.rb +8 -0
- data/spec/unit/provider/remote_file/sftp_spec.rb +3 -3
- data/spec/unit/provider/route_spec.rb +7 -1
- data/spec/unit/provider/script_spec.rb +49 -6
- data/spec/unit/resource/dsc_resource_spec.rb +6 -0
- data/spec/unit/resource/execute_spec.rb +214 -0
- data/spec/unit/resource/file/verification/systemd_unit_spec.rb +103 -0
- data/spec/unit/resource/freebsd_package_spec.rb +2 -2
- data/spec/unit/resource/package_spec.rb +5 -0
- data/spec/unit/resource/yum_package_spec.rb +42 -1
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +18 -0
- data/spec/unit/server_api_versions_spec.rb +44 -0
- data/spec/unit/util/selinux_spec.rb +3 -14
- data/spec/unit/win32/error_spec.rb +67 -0
- data/spec/unit/win32/security_spec.rb +66 -0
- data/tasks/changelog.rb +1 -1
- data/tasks/dependencies.rb +20 -4
- metadata +39 -18
- data/lib/chef/monkey_patches/net-ssh-multi.rb +0 -141
@@ -53,13 +53,11 @@ end
|
|
53
53
|
# This is a temporary fix to get tests passing on systems that have no `diff`
|
54
54
|
# until we can replace shelling out to `diff` with ruby diff-lcs
|
55
55
|
def has_diff?
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
false
|
62
|
-
end
|
56
|
+
diff_cmd = Mixlib::ShellOut.new("diff -v")
|
57
|
+
diff_cmd.run_command
|
58
|
+
true
|
59
|
+
rescue Errno::ENOENT
|
60
|
+
false
|
63
61
|
end
|
64
62
|
|
65
63
|
# This is a helper to determine if the ruby in the PATH contains
|
@@ -92,6 +92,12 @@ def windows_nano_server?
|
|
92
92
|
Chef::Platform.windows_nano_server?
|
93
93
|
end
|
94
94
|
|
95
|
+
def windows_user_right?(right)
|
96
|
+
return false unless windows?
|
97
|
+
require "chef/win32/security"
|
98
|
+
Chef::ReservedNames::Win32::Security.get_account_right(ENV["USERNAME"]).include?(right)
|
99
|
+
end
|
100
|
+
|
95
101
|
def mac_osx_106?
|
96
102
|
if File.exists? "/usr/bin/sw_vers"
|
97
103
|
result = ShellHelpers.shell_out("/usr/bin/sw_vers")
|
@@ -35,12 +35,10 @@ module RSpec
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def working_set_size
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
::GC::Profiler.clear
|
43
|
-
end
|
38
|
+
::GC.start
|
39
|
+
::GC::Profiler.result.scan(LINE_PATTERN)[-1][2].to_i if ::GC::Profiler.enabled?
|
40
|
+
ensure
|
41
|
+
::GC::Profiler.clear
|
44
42
|
end
|
45
43
|
|
46
44
|
def handle_count
|
@@ -95,7 +95,7 @@ shared_context "a client run" do
|
|
95
95
|
|
96
96
|
def stub_for_data_collector_init
|
97
97
|
expect(Chef::ServerAPI).to receive(:new).
|
98
|
-
with(Chef::Config[:data_collector][:server_url]).
|
98
|
+
with(Chef::Config[:data_collector][:server_url], validate_utf8: false).
|
99
99
|
exactly(:once).
|
100
100
|
and_return(http_data_collector)
|
101
101
|
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Adam Edwards (<adamed@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2015 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
shared_context "a non-admin Windows user" do
|
20
|
+
include Chef::Mixin::ShellOut
|
21
|
+
|
22
|
+
let(:windows_nonadmin_user_domain) { ENV["COMPUTERNAME"] }
|
23
|
+
let(:windows_nonadmin_user_qualified) { "#{windows_nonadmin_user_domain}\\#{windows_nonadmin_user}" }
|
24
|
+
let(:temp_profile_path) { "#{ENV['USERPROFILE']}\\..\\cheftesttempuser" }
|
25
|
+
before do
|
26
|
+
shell_out!("net.exe user /delete #{windows_nonadmin_user}", returns: [0, 2])
|
27
|
+
|
28
|
+
# Supply a profile path when creating a user to avoid an apparent Windows bug where deleting
|
29
|
+
# the user actually creates the profile when it did not immediately exist before executing
|
30
|
+
# net user /delete! For some reason, specifying an explicit path ensures that the path
|
31
|
+
# profile doesn't get created at deletion.
|
32
|
+
shell_out!("net.exe user /add #{windows_nonadmin_user} \"#{windows_nonadmin_user_password}\" /profilepath:#{temp_profile_path}")
|
33
|
+
end
|
34
|
+
|
35
|
+
after do
|
36
|
+
shell_out!("net.exe user /delete #{windows_nonadmin_user}", returns: [0, 2])
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
shared_context "alternate user identity" do
|
41
|
+
let(:windows_alternate_user) { "chef%02d%02d%02d" % [Time.now.year % 100, Time.now.month, Time.now.day] }
|
42
|
+
let(:windows_alternate_user_password) { "lj28;fx3T!x,2" }
|
43
|
+
let(:windows_alternate_user_qualified) { "#{ENV['COMPUTERNAME']}\\#{windows_alternate_user}" }
|
44
|
+
|
45
|
+
let(:windows_nonadmin_user) { windows_alternate_user }
|
46
|
+
let(:windows_nonadmin_user_password) { windows_alternate_user_password }
|
47
|
+
|
48
|
+
include_context "a non-admin Windows user"
|
49
|
+
end
|
50
|
+
|
51
|
+
shared_context "a command that can be executed as an alternate user" do
|
52
|
+
include_context "alternate user identity"
|
53
|
+
|
54
|
+
let(:script_output_dir) { Dir.mktmpdir }
|
55
|
+
let(:script_output_path) { File.join(script_output_dir, make_tmpname("chef_execute_identity_test")) }
|
56
|
+
let(:script_output) { File.read(script_output_path) }
|
57
|
+
|
58
|
+
include Chef::Mixin::ShellOut
|
59
|
+
|
60
|
+
before do
|
61
|
+
shell_out!("icacls \"#{script_output_dir.gsub(/\//, '\\')}\" /grant \"authenticated users:(F)\"")
|
62
|
+
end
|
63
|
+
|
64
|
+
after do
|
65
|
+
File.delete(script_output_path) if File.exists?(script_output_path)
|
66
|
+
Dir.rmdir(script_output_dir) if Dir.exists?(script_output_dir)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
shared_examples_for "an execute resource that supports alternate user identity" do
|
71
|
+
context "when running on Windows", :windows_only, :windows_service_requires_assign_token do
|
72
|
+
|
73
|
+
include_context "a command that can be executed as an alternate user"
|
74
|
+
|
75
|
+
let(:windows_current_user) { ENV["USERNAME"] }
|
76
|
+
let(:windows_current_user_qualified) { "#{ENV['USERDOMAIN'] || ENV['COMPUTERNAME']}\\#{windows_current_user}" }
|
77
|
+
let(:resource_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).identity.name | out-file -encoding ASCII '#{script_output_path}'\"" }
|
78
|
+
|
79
|
+
let(:execute_resource) do
|
80
|
+
resource.user(windows_alternate_user)
|
81
|
+
resource.password(windows_alternate_user_password)
|
82
|
+
resource.send(resource_command_property, resource_identity_command)
|
83
|
+
resource
|
84
|
+
end
|
85
|
+
|
86
|
+
it "executes the process as an alternate user" do
|
87
|
+
expect(windows_current_user.length).to be > 0
|
88
|
+
expect { execute_resource.run_action(:run) }.not_to raise_error
|
89
|
+
expect(script_output.chomp.length).to be > 0
|
90
|
+
expect(script_output.chomp.downcase).to eq(windows_alternate_user_qualified.downcase)
|
91
|
+
expect(script_output.chomp.downcase).not_to eq(windows_current_user.downcase)
|
92
|
+
expect(script_output.chomp.downcase).not_to eq(windows_current_user_qualified.downcase)
|
93
|
+
end
|
94
|
+
|
95
|
+
let(:windows_alternate_user_password_invalid) { "#{windows_alternate_user_password}x" }
|
96
|
+
|
97
|
+
it "raises an exception if the user's password is invalid" do
|
98
|
+
execute_resource.password(windows_alternate_user_password_invalid)
|
99
|
+
expect { execute_resource.run_action(:run) }.to raise_error(SystemCallError)
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
shared_examples_for "a resource with a guard specifying an alternate user identity" do
|
105
|
+
context "when running on Windows", :windows_only, :windows_service_requires_assign_token do
|
106
|
+
include_context "alternate user identity"
|
107
|
+
|
108
|
+
let(:resource_command_property) { :command }
|
109
|
+
|
110
|
+
let(:powershell_equal_to_alternate_user) { "-eq" }
|
111
|
+
let(:powershell_not_equal_to_alternate_user) { "-ne" }
|
112
|
+
let(:guard_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;exit @(392,0)[[int32](([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).Identity.Name #{comparison_to_alternate_user} '#{windows_alternate_user_qualified}')]\"" }
|
113
|
+
|
114
|
+
before do
|
115
|
+
resource.guard_interpreter(guard_interpreter_resource)
|
116
|
+
end
|
117
|
+
|
118
|
+
context "when the guard expression is true if the user is alternate and false otherwise" do
|
119
|
+
let(:comparison_to_alternate_user) { powershell_equal_to_alternate_user }
|
120
|
+
|
121
|
+
it "causes the resource to be updated for only_if" do
|
122
|
+
resource.only_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
123
|
+
resource.run_action(:run)
|
124
|
+
expect(resource).to be_updated_by_last_action
|
125
|
+
end
|
126
|
+
|
127
|
+
it "causes the resource to not be updated for not_if" do
|
128
|
+
resource.not_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
129
|
+
resource.run_action(:run)
|
130
|
+
expect(resource).not_to be_updated_by_last_action
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
context "when the guard expression is false if the user is alternate and true otherwise" do
|
135
|
+
let(:comparison_to_alternate_user) { powershell_not_equal_to_alternate_user }
|
136
|
+
|
137
|
+
it "causes the resource not to be updated for only_if" do
|
138
|
+
resource.only_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
139
|
+
resource.run_action(:run)
|
140
|
+
expect(resource).not_to be_updated_by_last_action
|
141
|
+
end
|
142
|
+
|
143
|
+
it "causes the resource to be updated for not_if" do
|
144
|
+
resource.not_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
145
|
+
resource.run_action(:run)
|
146
|
+
expect(resource).to be_updated_by_last_action
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
@@ -46,10 +46,6 @@ shared_context Chef::Resource::WindowsScript do
|
|
46
46
|
File.delete(script_output_path) if File.exists?(script_output_path)
|
47
47
|
end
|
48
48
|
|
49
|
-
let!(:resource) do
|
50
|
-
Chef::Resource::WindowsScript::Batch.new("Batch resource functional test", @run_context)
|
51
|
-
end
|
52
|
-
|
53
49
|
shared_examples_for "a script resource with architecture attribute" do
|
54
50
|
context "with the given architecture attribute value" do
|
55
51
|
let(:expected_architecture) do
|
@@ -125,6 +121,55 @@ shared_context Chef::Resource::WindowsScript do
|
|
125
121
|
end
|
126
122
|
|
127
123
|
shared_examples_for "a Windows script running on Windows" do
|
124
|
+
shared_examples_for "a script that cannot be accessed by other users if they are not administrators" do
|
125
|
+
include Chef::Mixin::ShellOut
|
126
|
+
|
127
|
+
let(:script_provider) { resource.provider_for_action(:run) }
|
128
|
+
let(:script_file) { script_provider.script_file }
|
129
|
+
let(:script_file_path) { script_file.to_path }
|
130
|
+
|
131
|
+
let(:read_access_denied_command) { "::File.read('#{script_file_path}')" }
|
132
|
+
let(:modify_access_denied_command) { "::File.write('#{script_file_path}', 'stuff')" }
|
133
|
+
let(:delete_access_denied_command) { "::File.delete('#{script_file_path}')" }
|
134
|
+
let(:access_denied_sentinel) { 7334 }
|
135
|
+
let(:access_allowed_sentinel) { 1586 }
|
136
|
+
let(:access_command_invalid) { 0 }
|
137
|
+
|
138
|
+
let(:ruby_interpreter_path) { RbConfig.ruby }
|
139
|
+
let(:ruby_command_template) { "require 'FileUtils';status = 0;begin; #{ruby_access_command};rescue Exception => e; puts e; status = e.class == Errno::EACCES ? #{access_denied_sentinel} : #{access_allowed_sentinel};end;exit status" }
|
140
|
+
let(:command_template) { "set BUNDLE_GEMFILE=&#{ruby_interpreter_path} -e \"#{ruby_command_template}\"" }
|
141
|
+
let(:access_command) { command_template }
|
142
|
+
|
143
|
+
before do
|
144
|
+
expect(script_provider).to receive(:unlink_script_file)
|
145
|
+
resource.code("echo hi")
|
146
|
+
script_provider.action_run
|
147
|
+
end
|
148
|
+
|
149
|
+
after do
|
150
|
+
script_file.close! if script_file
|
151
|
+
::File.delete(script_file.to_path) if script_file && ::File.exists?(script_file.to_path)
|
152
|
+
end
|
153
|
+
|
154
|
+
include_context "alternate user identity"
|
155
|
+
|
156
|
+
shared_examples_for "a script whose file system location cannot be accessed by other non-admin users" do
|
157
|
+
let(:ruby_access_command) { file_access_command }
|
158
|
+
it "generates a script in the local file system that prevents read access to other non-admin users" do
|
159
|
+
shell_out!(access_command, { user: windows_nonadmin_user, password: windows_nonadmin_user_password, returns: [access_denied_sentinel] })
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
context "when a different non-admin user attempts write (modify) to access the script" do
|
164
|
+
let(:file_access_command) { modify_access_denied_command }
|
165
|
+
it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
|
166
|
+
end
|
167
|
+
|
168
|
+
context "when a different non-admin user attempts write (delete) to access the script" do
|
169
|
+
let(:file_access_command) { delete_access_denied_command }
|
170
|
+
it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
|
171
|
+
end
|
172
|
+
end
|
128
173
|
|
129
174
|
describe "when the run action is invoked on Windows" do
|
130
175
|
it "executes the script code" do
|
@@ -132,6 +177,21 @@ shared_context Chef::Resource::WindowsScript do
|
|
132
177
|
resource.returns(0)
|
133
178
|
resource.run_action(:run)
|
134
179
|
end
|
180
|
+
|
181
|
+
context "the script is executed with the identity of the current user", :windows_service_requires_assign_token do
|
182
|
+
it_behaves_like "a script that cannot be accessed by other users if they are not administrators"
|
183
|
+
end
|
184
|
+
|
185
|
+
context "the script is executed with an alternate non-admin identity", :windows_service_requires_assign_token do
|
186
|
+
include_context "alternate user identity"
|
187
|
+
|
188
|
+
before do
|
189
|
+
resource.user(windows_alternate_user)
|
190
|
+
resource.password(windows_alternate_user_password)
|
191
|
+
end
|
192
|
+
|
193
|
+
it_behaves_like "a script that cannot be accessed by other users if they are not administrators"
|
194
|
+
end
|
135
195
|
end
|
136
196
|
|
137
197
|
context "when $env:TMP has a space" do
|
@@ -165,6 +225,11 @@ shared_context Chef::Resource::WindowsScript do
|
|
165
225
|
expect(resource.class).to receive(:new).and_call_original
|
166
226
|
expect(resource.should_skip?(:run)).to be_falsey
|
167
227
|
end
|
228
|
+
|
229
|
+
context "when this resource is used as a guard and it is specified with an alternate user identity" do
|
230
|
+
let(:guard_interpreter_resource) { resource.resource_name }
|
231
|
+
it_behaves_like "a resource with a guard specifying an alternate user identity"
|
232
|
+
end
|
168
233
|
end
|
169
234
|
|
170
235
|
context "when the architecture attribute is not set" do
|
@@ -181,6 +246,11 @@ shared_context Chef::Resource::WindowsScript do
|
|
181
246
|
let(:resource_architecture) { :x86_64 }
|
182
247
|
it_behaves_like "a script resource with architecture attribute"
|
183
248
|
end
|
249
|
+
|
250
|
+
describe "when running with an alternate user identity" do
|
251
|
+
let(:resource_command_property) { :code }
|
252
|
+
it_behaves_like "an execute resource that supports alternate user identity"
|
253
|
+
end
|
184
254
|
end
|
185
255
|
|
186
256
|
def get_windows_script_output(suffix = "")
|
@@ -106,6 +106,16 @@ shared_examples_for "an execute resource" do
|
|
106
106
|
expect(@resource.user).to eql(1)
|
107
107
|
end
|
108
108
|
|
109
|
+
it "should accept a string for the domain" do
|
110
|
+
@resource.domain "mothership"
|
111
|
+
expect(@resource.domain).to eql("mothership")
|
112
|
+
end
|
113
|
+
|
114
|
+
it "should accept a string for the password" do
|
115
|
+
@resource.password "we.funk!"
|
116
|
+
expect(@resource.password).to eql("we.funk!")
|
117
|
+
end
|
118
|
+
|
109
119
|
it "should accept a string for creates" do
|
110
120
|
@resource.creates "something"
|
111
121
|
expect(@resource.creates).to eql("something")
|
@@ -116,6 +126,33 @@ shared_examples_for "an execute resource" do
|
|
116
126
|
expect(@resource.live_stream).to be true
|
117
127
|
end
|
118
128
|
|
129
|
+
describe "the resource's sensitive attribute" do
|
130
|
+
it "should be false by default" do
|
131
|
+
expect(@resource.sensitive).to eq(false)
|
132
|
+
end
|
133
|
+
|
134
|
+
it "should be true if set to true" do
|
135
|
+
expect(@resource.sensitive).to eq(false)
|
136
|
+
@resource.sensitive true
|
137
|
+
expect(@resource.sensitive).to eq(true)
|
138
|
+
end
|
139
|
+
|
140
|
+
it "should be true if the password is non-nil" do
|
141
|
+
expect(@resource.sensitive).to eq(false)
|
142
|
+
@resource.password("we.funk!")
|
143
|
+
expect(@resource.sensitive).to eq(true)
|
144
|
+
end
|
145
|
+
|
146
|
+
it "should be true if the password is non-nil but the value is explicitly set to false" do
|
147
|
+
expect(@resource.sensitive).to eq(false)
|
148
|
+
@resource.password("we.funk!")
|
149
|
+
expect(@resource.sensitive).to eq(true)
|
150
|
+
@resource.sensitive false
|
151
|
+
expect(@resource.sensitive).to eq(true)
|
152
|
+
end
|
153
|
+
|
154
|
+
end
|
155
|
+
|
119
156
|
describe "when it has cwd, environment, group, path, return value, and a user" do
|
120
157
|
before do
|
121
158
|
@resource.command("grep")
|
@@ -683,6 +683,16 @@ shared_examples_for Chef::Provider::File do
|
|
683
683
|
end
|
684
684
|
end
|
685
685
|
|
686
|
+
context "in why run mode" do
|
687
|
+
before { Chef::Config[:why_run] = true }
|
688
|
+
after { Chef::Config[:why_run] = false }
|
689
|
+
|
690
|
+
it "does not modify new_resource" do
|
691
|
+
setup_missing_file
|
692
|
+
expect(provider).not_to receive(:load_resource_attributes_from_file).with(provider.new_resource)
|
693
|
+
provider.run_action(:create)
|
694
|
+
end
|
695
|
+
end
|
686
696
|
end
|
687
697
|
|
688
698
|
context "action delete" do
|
@@ -104,6 +104,15 @@ describe Chef::Cookbook::CookbookVersionLoader do
|
|
104
104
|
|
105
105
|
end
|
106
106
|
|
107
|
+
context "when a cookbook's metadata.rb does not parse but the compiled metadata.json is present" do
|
108
|
+
let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "prefer_metadata_json") }
|
109
|
+
|
110
|
+
it "reads the cookbook" do
|
111
|
+
expect(loaded_cookbook.metadata.name.to_s).to eq("prefer_metadata_json")
|
112
|
+
expect(loaded_cookbook.metadata.version.to_s).to eq("1.2.3")
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
107
116
|
context "when the given path is not actually a cookbook" do
|
108
117
|
|
109
118
|
let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks/NOTHING_HERE_FOLKS") }
|
@@ -25,6 +25,7 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
25
25
|
end
|
26
26
|
|
27
27
|
let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks", "openldap") }
|
28
|
+
let(:unsafe_cookbook_path) { 'C:\AGENT-HOME\xml-data\build-dir\76808194-76906499\artifact\cookbooks/java' }
|
28
29
|
let(:syntax_check) { Chef::Cookbook::SyntaxCheck.new(cookbook_path) }
|
29
30
|
|
30
31
|
let(:open_ldap_cookbook_files) do
|
@@ -53,7 +54,7 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
53
54
|
@recipes = %w{default.rb gigantor.rb one.rb return.rb}.map { |f| File.join(cookbook_path, "recipes", f) }
|
54
55
|
@spec_files = [ File.join(cookbook_path, "spec", "spec_helper.rb") ]
|
55
56
|
@ruby_files = @attr_files + @libr_files + @defn_files + @recipes + @spec_files + [File.join(cookbook_path, "metadata.rb")]
|
56
|
-
basenames = %w{ helpers_via_partial_test.erb
|
57
|
+
@basenames = %w{ helpers_via_partial_test.erb
|
57
58
|
helper_test.erb
|
58
59
|
helpers.erb
|
59
60
|
openldap_stuff.conf.erb
|
@@ -64,7 +65,7 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
64
65
|
some_windows_line_endings.erb
|
65
66
|
all_windows_line_endings.erb
|
66
67
|
no_windows_line_endings.erb }
|
67
|
-
@template_files = basenames.map { |f| File.join(cookbook_path, "templates", "default", f) }
|
68
|
+
@template_files = @basenames.map { |f| File.join(cookbook_path, "templates", "default", f) }
|
68
69
|
end
|
69
70
|
|
70
71
|
after do
|
@@ -94,6 +95,11 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
it "safely handles a path containing control characters" do
|
99
|
+
syntax_check = Chef::Cookbook::SyntaxCheck.new(unsafe_cookbook_path)
|
100
|
+
expect { syntax_check.remove_uninteresting_ruby_files(@basenames) }.not_to raise_error
|
101
|
+
end
|
102
|
+
|
97
103
|
describe "when first created" do
|
98
104
|
it "has the path to the cookbook to syntax check" do
|
99
105
|
expect(syntax_check.cookbook_path).to eq(cookbook_path)
|
@@ -0,0 +1,69 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright 2017, Chef Software, Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "spec_helper"
|
19
|
+
|
20
|
+
describe Chef::HTTP::APIVersions do
|
21
|
+
class TestVersionClient < Chef::HTTP
|
22
|
+
use Chef::HTTP::APIVersions
|
23
|
+
end
|
24
|
+
|
25
|
+
before do
|
26
|
+
Chef::ServerAPIVersions.instance.reset!
|
27
|
+
end
|
28
|
+
|
29
|
+
let(:method) { "GET" }
|
30
|
+
let(:url) { "http://dummy.com" }
|
31
|
+
let(:headers) { {} }
|
32
|
+
let(:data) { false }
|
33
|
+
|
34
|
+
let(:request) {}
|
35
|
+
let(:return_value) { "200" }
|
36
|
+
|
37
|
+
# Test Variables
|
38
|
+
let(:response_body) { "Thanks for checking in." }
|
39
|
+
let(:response_headers) do
|
40
|
+
{
|
41
|
+
"x-ops-server-api-version" => { "min_version" => 0, "max_version" => 2 },
|
42
|
+
}
|
43
|
+
end
|
44
|
+
|
45
|
+
let(:response) do
|
46
|
+
m = double("HttpResponse", :body => response_body)
|
47
|
+
allow(m).to receive(:key?).with("x-ops-server-api-version").and_return(true)
|
48
|
+
allow(m).to receive(:[]) do |key|
|
49
|
+
response_headers[key]
|
50
|
+
end
|
51
|
+
|
52
|
+
m
|
53
|
+
end
|
54
|
+
|
55
|
+
let(:middleware) do
|
56
|
+
client = TestVersionClient.new(url)
|
57
|
+
client.middlewares[0]
|
58
|
+
end
|
59
|
+
|
60
|
+
def run_api_version_handler
|
61
|
+
middleware.handle_request(method, url, headers, data)
|
62
|
+
middleware.handle_response(response, request, return_value)
|
63
|
+
end
|
64
|
+
|
65
|
+
it "correctly stores server api versions" do
|
66
|
+
run_api_version_handler
|
67
|
+
expect(Chef::ServerAPIVersions.instance.min_server_version).to eq(0)
|
68
|
+
end
|
69
|
+
end
|