chef 12.18.31-universal-mingw32 → 12.19.33-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +5 -4
- data/README.md +12 -13
- data/VERSION +1 -1
- data/acceptance/Gemfile +4 -4
- data/acceptance/Gemfile.lock +70 -69
- data/chef-universal-mingw32.gemspec +2 -3
- data/chef.gemspec +6 -6
- data/lib/chef/api_client.rb +8 -10
- data/lib/chef/api_client_v1.rb +9 -11
- data/lib/chef/application/apply.rb +8 -10
- data/lib/chef/application/client.rb +1 -1
- data/lib/chef/application/exit_code.rb +3 -5
- data/lib/chef/application/knife.rb +2 -2
- data/lib/chef/application/windows_service.rb +29 -30
- data/lib/chef/application/windows_service_manager.rb +1 -1
- data/lib/chef/audit/audit_event_proxy.rb +2 -2
- data/lib/chef/audit/control_group_data.rb +1 -1
- data/lib/chef/chef_class.rb +1 -0
- data/lib/chef/chef_fs/chef_fs_data_store.rb +5 -7
- data/lib/chef/chef_fs/command_line.rb +15 -16
- data/lib/chef/chef_fs/data_handler/client_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/container_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/environment_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/group_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/node_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/role_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/user_data_handler.rb +1 -1
- data/lib/chef/chef_fs/file_pattern.rb +2 -2
- data/lib/chef/chef_fs/file_system.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb +5 -6
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +8 -10
- data/lib/chef/chef_fs/file_system/chef_server/data_bags_dir.rb +8 -10
- data/lib/chef/chef_fs/file_system/chef_server/nodes_dir.rb +10 -12
- data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +28 -30
- data/lib/chef/chef_fs/file_system/chef_server/policy_group_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +27 -29
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +18 -24
- data/lib/chef/chef_fs/file_system/memory/memory_file.rb +1 -1
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +10 -12
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +10 -12
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +9 -13
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +2 -0
- data/lib/chef/chef_fs/file_system/repository/cookbooks_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/nodes_dir.rb +3 -0
- data/lib/chef/chef_fs/parallelizer.rb +9 -11
- data/lib/chef/cookbook/cookbook_version_loader.rb +25 -31
- data/lib/chef/cookbook/metadata.rb +26 -26
- data/lib/chef/cookbook/syntax_check.rb +1 -1
- data/lib/chef/cookbook_version.rb +3 -3
- data/lib/chef/data_bag.rb +1 -1
- data/lib/chef/data_bag_item.rb +3 -3
- data/lib/chef/data_collector.rb +3 -4
- data/lib/chef/decorator.rb +1 -1
- data/lib/chef/deprecated.rb +30 -0
- data/lib/chef/dsl/audit.rb +2 -2
- data/lib/chef/dsl/declare_resource.rb +1 -1
- data/lib/chef/dsl/platform_introspection.rb +29 -31
- data/lib/chef/dsl/reboot_pending.rb +1 -1
- data/lib/chef/dsl/resources.rb +6 -8
- data/lib/chef/encrypted_data_bag_item.rb +2 -2
- data/lib/chef/environment.rb +9 -11
- data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
- data/lib/chef/exceptions.rb +4 -1
- data/lib/chef/file_access_control/unix.rb +14 -14
- data/lib/chef/file_access_control/windows.rb +1 -1
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +4 -5
- data/lib/chef/formatters/error_mapper.rb +6 -6
- data/lib/chef/http/api_versions.rb +50 -0
- data/lib/chef/http/validate_content_length.rb +2 -2
- data/lib/chef/json_compat.rb +6 -10
- data/lib/chef/key.rb +5 -5
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/cookbook_site_install.rb +2 -2
- data/lib/chef/knife/core/cookbook_scm_repo.rb +2 -2
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/status_presenter.rb +1 -1
- data/lib/chef/knife/core/ui.rb +19 -25
- data/lib/chef/knife/data_bag_secret_options.rb +1 -1
- data/lib/chef/knife/deps.rb +32 -34
- data/lib/chef/knife/help.rb +1 -1
- data/lib/chef/knife/list.rb +1 -1
- data/lib/chef/knife/search.rb +2 -2
- data/lib/chef/knife/ssh.rb +37 -27
- data/lib/chef/knife/ssl_check.rb +1 -1
- data/lib/chef/knife/user_delete.rb +1 -1
- data/lib/chef/mash.rb +1 -1
- data/lib/chef/mixin/command.rb +2 -2
- data/lib/chef/mixin/create_path.rb +3 -5
- data/lib/chef/mixin/from_file.rb +2 -2
- data/lib/chef/mixin/get_source_from_package.rb +2 -2
- data/lib/chef/mixin/notifying_block.rb +7 -9
- data/lib/chef/mixin/params_validate.rb +3 -3
- data/lib/chef/mixin/securable.rb +1 -1
- data/lib/chef/mixin/shell_out.rb +23 -3
- data/lib/chef/mixin/unformatter.rb +2 -2
- data/lib/chef/mixin/uris.rb +4 -6
- data/lib/chef/mixin/versioned_api.rb +69 -0
- data/lib/chef/mixin/which.rb +25 -8
- data/lib/chef/mixin/windows_architecture_helper.rb +2 -2
- data/lib/chef/mixin/xml_escape.rb +3 -5
- data/lib/chef/monkey_patches/webrick-utils.rb +1 -1
- data/lib/chef/node.rb +8 -8
- data/lib/chef/node/attribute.rb +4 -4
- data/lib/chef/node/common_api.rb +5 -7
- data/lib/chef/org.rb +10 -12
- data/lib/chef/platform/provider_mapping.rb +7 -7
- data/lib/chef/platform/query_helpers.rb +1 -1
- data/lib/chef/policy_builder/policyfile.rb +1 -0
- data/lib/chef/property.rb +31 -0
- data/lib/chef/provider/batch.rb +1 -1
- data/lib/chef/provider/breakpoint.rb +1 -1
- data/lib/chef/provider/cookbook_file.rb +3 -3
- data/lib/chef/provider/cron.rb +38 -38
- data/lib/chef/provider/deploy.rb +81 -81
- data/lib/chef/provider/deploy/revision.rb +3 -5
- data/lib/chef/provider/directory.rb +32 -32
- data/lib/chef/provider/dsc_resource.rb +22 -6
- data/lib/chef/provider/env.rb +28 -28
- data/lib/chef/provider/env/windows.rb +1 -1
- data/lib/chef/provider/erl_call.rb +13 -13
- data/lib/chef/provider/execute.rb +5 -2
- data/lib/chef/provider/file.rb +49 -51
- data/lib/chef/provider/git.rb +55 -55
- data/lib/chef/provider/http_request.rb +36 -36
- data/lib/chef/provider/launchd.rb +2 -2
- data/lib/chef/provider/link.rb +50 -50
- data/lib/chef/provider/log.rb +2 -2
- data/lib/chef/provider/mdadm.rb +25 -25
- data/lib/chef/provider/mount/aix.rb +2 -2
- data/lib/chef/provider/mount/mount.rb +2 -2
- data/lib/chef/provider/ohai.rb +1 -1
- data/lib/chef/provider/osx_profile.rb +23 -23
- data/lib/chef/provider/package.rb +74 -56
- data/lib/chef/provider/package/aix.rb +55 -52
- data/lib/chef/provider/package/apt.rb +15 -13
- data/lib/chef/provider/package/cab.rb +49 -20
- data/lib/chef/provider/package/chocolatey.rb +9 -10
- data/lib/chef/provider/package/dnf.rb +20 -18
- data/lib/chef/provider/package/dnf/dnf_helper.py +1 -1
- data/lib/chef/provider/package/dnf/python_helper.rb +63 -26
- data/lib/chef/provider/package/dnf/version.rb +1 -1
- data/lib/chef/provider/package/dpkg.rb +8 -9
- data/lib/chef/provider/package/easy_install.rb +22 -22
- data/lib/chef/provider/package/freebsd/base.rb +10 -10
- data/lib/chef/provider/package/freebsd/pkg.rb +15 -15
- data/lib/chef/provider/package/freebsd/pkgng.rb +13 -15
- data/lib/chef/provider/package/freebsd/port.rb +7 -7
- data/lib/chef/provider/package/homebrew.rb +11 -10
- data/lib/chef/provider/package/ips.rb +18 -23
- data/lib/chef/provider/package/macports.rb +23 -23
- data/lib/chef/provider/package/msu.rb +11 -11
- data/lib/chef/provider/package/openbsd.rb +25 -22
- data/lib/chef/provider/package/pacman.rb +16 -16
- data/lib/chef/provider/package/paludis.rb +26 -27
- data/lib/chef/provider/package/portage.rb +22 -22
- data/lib/chef/provider/package/powershell.rb +17 -17
- data/lib/chef/provider/package/rpm.rb +25 -25
- data/lib/chef/provider/package/rubygems.rb +60 -60
- data/lib/chef/provider/package/smartos.rb +16 -16
- data/lib/chef/provider/package/solaris.rb +44 -44
- data/lib/chef/provider/package/windows.rb +3 -3
- data/lib/chef/provider/package/windows/exe.rb +6 -6
- data/lib/chef/provider/package/windows/msi.rb +6 -6
- data/lib/chef/provider/package/yum.rb +318 -268
- data/lib/chef/provider/package/yum/rpm_utils.rb +34 -34
- data/lib/chef/provider/package/yum/yum_cache.rb +12 -12
- data/lib/chef/provider/package/zypper.rb +11 -11
- data/lib/chef/provider/powershell_script.rb +15 -7
- data/lib/chef/provider/reboot.rb +10 -10
- data/lib/chef/provider/registry_key.rb +39 -39
- data/lib/chef/provider/remote_directory.rb +3 -3
- data/lib/chef/provider/remote_file.rb +3 -3
- data/lib/chef/provider/route.rb +1 -1
- data/lib/chef/provider/ruby_block.rb +3 -3
- data/lib/chef/provider/script.rb +42 -6
- data/lib/chef/provider/service.rb +49 -49
- data/lib/chef/provider/service/solaris.rb +1 -1
- data/lib/chef/provider/service/systemd.rb +1 -1
- data/lib/chef/provider/subversion.rb +39 -39
- data/lib/chef/provider/systemd_unit.rb +2 -0
- data/lib/chef/provider/template.rb +3 -3
- data/lib/chef/provider/user.rb +42 -42
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +4 -4
- data/lib/chef/resource.rb +27 -16
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +1 -1
- data/lib/chef/resource/dnf_package.rb +6 -3
- data/lib/chef/resource/dsc_resource.rb +9 -1
- data/lib/chef/resource/execute.rb +70 -6
- data/lib/chef/resource/file/verification/systemd_unit.rb +67 -0
- data/lib/chef/resource/freebsd_package.rb +1 -1
- data/lib/chef/resource/gem_package.rb +1 -1
- data/lib/chef/resource/launchd.rb +13 -1
- data/lib/chef/resource/package.rb +2 -2
- data/lib/chef/resource/registry_key.rb +1 -1
- data/lib/chef/resource/yum_package.rb +12 -3
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource_collection/resource_collection_serialization.rb +3 -3
- data/lib/chef/resource_collection/resource_set.rb +2 -2
- data/lib/chef/resource_reporter.rb +1 -1
- data/lib/chef/run_context.rb +3 -3
- data/lib/chef/run_list/run_list_item.rb +1 -1
- data/lib/chef/run_list/versioned_recipe_list.rb +6 -6
- data/lib/chef/server_api.rb +2 -0
- data/lib/chef/server_api_versions.rb +40 -0
- data/lib/chef/shell.rb +1 -1
- data/lib/chef/shell/ext.rb +3 -3
- data/lib/chef/shell/shell_session.rb +1 -1
- data/lib/chef/user.rb +9 -11
- data/lib/chef/user_v1.rb +9 -11
- data/lib/chef/util/diff.rb +1 -1
- data/lib/chef/util/dsc/lcm_output_parser.rb +1 -1
- data/lib/chef/util/selinux.rb +1 -1
- data/lib/chef/util/windows/net_group.rb +18 -30
- data/lib/chef/util/windows/net_use.rb +7 -11
- data/lib/chef/util/windows/net_user.rb +11 -17
- data/lib/chef/util/windows/volume.rb +9 -15
- data/lib/chef/version.rb +1 -1
- data/lib/chef/version_class.rb +1 -1
- data/lib/chef/win32/api.rb +4 -6
- data/lib/chef/win32/api/file.rb +25 -31
- data/lib/chef/win32/api/installer.rb +2 -2
- data/lib/chef/win32/file.rb +4 -6
- data/lib/chef/win32/registry.rb +9 -9
- data/lib/chef/win32/security.rb +2 -2
- data/lib/chef/win32/security/acl.rb +2 -2
- data/lib/chef/win32/unicode.rb +2 -2
- data/lib/chef/win32/version.rb +1 -1
- data/spec/data/prefer_metadata_json/metadata.json +51 -0
- data/spec/data/prefer_metadata_json/metadata.rb +6 -0
- data/spec/data/prefer_metadata_json/recipes/default.rb +0 -0
- data/spec/functional/knife/ssh_spec.rb +5 -5
- data/spec/functional/resource/batch_spec.rb +5 -1
- data/spec/functional/resource/dsc_script_spec.rb +2 -4
- data/spec/functional/resource/execute_spec.rb +17 -0
- data/spec/functional/resource/user/dscl_spec.rb +2 -4
- data/spec/integration/client/client_spec.rb +33 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +58 -58
- data/spec/spec_helper.rb +4 -0
- data/spec/support/chef_helpers.rb +5 -7
- data/spec/support/platform_helpers.rb +6 -0
- data/spec/support/platforms/prof/gc.rb +4 -6
- data/spec/support/shared/context/client.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +150 -0
- data/spec/support/shared/functional/windows_script.rb +74 -4
- data/spec/support/shared/unit/execute_resource.rb +37 -0
- data/spec/support/shared/unit/provider/file.rb +10 -0
- data/spec/unit/cookbook/cookbook_version_loader_spec.rb +9 -0
- data/spec/unit/cookbook/syntax_check_spec.rb +8 -2
- data/spec/unit/http/api_versions_spec.rb +69 -0
- data/spec/unit/knife/ssh_spec.rb +34 -36
- data/spec/unit/mixin/versioned_api_spec.rb +107 -0
- data/spec/unit/mixin/which.rb +160 -0
- data/spec/unit/platform_spec.rb +28 -1
- data/spec/unit/provider/deploy_spec.rb +1 -1
- data/spec/unit/provider/directory_spec.rb +10 -0
- data/spec/unit/provider/dsc_resource_spec.rb +175 -0
- data/spec/unit/provider/execute_spec.rb +0 -1
- data/spec/unit/provider/launchd_spec.rb +2 -2
- data/spec/unit/provider/package/aix_spec.rb +22 -22
- data/spec/unit/provider/package/apt_spec.rb +27 -27
- data/spec/unit/provider/package/cab_spec.rb +59 -5
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +29 -0
- data/spec/unit/provider/package/dpkg_spec.rb +16 -16
- data/spec/unit/provider/package/easy_install_spec.rb +18 -18
- data/spec/unit/provider/package/freebsd/pkg_spec.rb +15 -15
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +9 -9
- data/spec/unit/provider/package/freebsd/port_spec.rb +9 -9
- data/spec/unit/provider/package/homebrew_spec.rb +9 -9
- data/spec/unit/provider/package/ips_spec.rb +37 -31
- data/spec/unit/provider/package/macports_spec.rb +10 -10
- data/spec/unit/provider/package/openbsd_spec.rb +10 -10
- data/spec/unit/provider/package/pacman_spec.rb +6 -6
- data/spec/unit/provider/package/paludis_spec.rb +7 -7
- data/spec/unit/provider/package/portage_spec.rb +6 -7
- data/spec/unit/provider/package/rpm_spec.rb +23 -23
- data/spec/unit/provider/package/rubygems_spec.rb +38 -38
- data/spec/unit/provider/package/solaris_spec.rb +15 -15
- data/spec/unit/provider/package/windows_spec.rb +2 -1
- data/spec/unit/provider/package/yum_spec.rb +51 -43
- data/spec/unit/provider/package/zypper_spec.rb +34 -34
- data/spec/unit/provider/package_spec.rb +8 -0
- data/spec/unit/provider/remote_file/sftp_spec.rb +3 -3
- data/spec/unit/provider/route_spec.rb +7 -1
- data/spec/unit/provider/script_spec.rb +49 -6
- data/spec/unit/resource/dsc_resource_spec.rb +6 -0
- data/spec/unit/resource/execute_spec.rb +214 -0
- data/spec/unit/resource/file/verification/systemd_unit_spec.rb +103 -0
- data/spec/unit/resource/freebsd_package_spec.rb +2 -2
- data/spec/unit/resource/package_spec.rb +5 -0
- data/spec/unit/resource/yum_package_spec.rb +42 -1
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +18 -0
- data/spec/unit/server_api_versions_spec.rb +44 -0
- data/spec/unit/util/selinux_spec.rb +3 -14
- data/spec/unit/win32/error_spec.rb +67 -0
- data/spec/unit/win32/security_spec.rb +66 -0
- data/tasks/changelog.rb +1 -1
- data/tasks/dependencies.rb +20 -4
- metadata +39 -18
- data/lib/chef/monkey_patches/net-ssh-multi.rb +0 -141
@@ -53,13 +53,11 @@ end
|
|
53
53
|
# This is a temporary fix to get tests passing on systems that have no `diff`
|
54
54
|
# until we can replace shelling out to `diff` with ruby diff-lcs
|
55
55
|
def has_diff?
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
false
|
62
|
-
end
|
56
|
+
diff_cmd = Mixlib::ShellOut.new("diff -v")
|
57
|
+
diff_cmd.run_command
|
58
|
+
true
|
59
|
+
rescue Errno::ENOENT
|
60
|
+
false
|
63
61
|
end
|
64
62
|
|
65
63
|
# This is a helper to determine if the ruby in the PATH contains
|
@@ -92,6 +92,12 @@ def windows_nano_server?
|
|
92
92
|
Chef::Platform.windows_nano_server?
|
93
93
|
end
|
94
94
|
|
95
|
+
def windows_user_right?(right)
|
96
|
+
return false unless windows?
|
97
|
+
require "chef/win32/security"
|
98
|
+
Chef::ReservedNames::Win32::Security.get_account_right(ENV["USERNAME"]).include?(right)
|
99
|
+
end
|
100
|
+
|
95
101
|
def mac_osx_106?
|
96
102
|
if File.exists? "/usr/bin/sw_vers"
|
97
103
|
result = ShellHelpers.shell_out("/usr/bin/sw_vers")
|
@@ -35,12 +35,10 @@ module RSpec
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def working_set_size
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
::GC::Profiler.clear
|
43
|
-
end
|
38
|
+
::GC.start
|
39
|
+
::GC::Profiler.result.scan(LINE_PATTERN)[-1][2].to_i if ::GC::Profiler.enabled?
|
40
|
+
ensure
|
41
|
+
::GC::Profiler.clear
|
44
42
|
end
|
45
43
|
|
46
44
|
def handle_count
|
@@ -95,7 +95,7 @@ shared_context "a client run" do
|
|
95
95
|
|
96
96
|
def stub_for_data_collector_init
|
97
97
|
expect(Chef::ServerAPI).to receive(:new).
|
98
|
-
with(Chef::Config[:data_collector][:server_url]).
|
98
|
+
with(Chef::Config[:data_collector][:server_url], validate_utf8: false).
|
99
99
|
exactly(:once).
|
100
100
|
and_return(http_data_collector)
|
101
101
|
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Adam Edwards (<adamed@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2015 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
shared_context "a non-admin Windows user" do
|
20
|
+
include Chef::Mixin::ShellOut
|
21
|
+
|
22
|
+
let(:windows_nonadmin_user_domain) { ENV["COMPUTERNAME"] }
|
23
|
+
let(:windows_nonadmin_user_qualified) { "#{windows_nonadmin_user_domain}\\#{windows_nonadmin_user}" }
|
24
|
+
let(:temp_profile_path) { "#{ENV['USERPROFILE']}\\..\\cheftesttempuser" }
|
25
|
+
before do
|
26
|
+
shell_out!("net.exe user /delete #{windows_nonadmin_user}", returns: [0, 2])
|
27
|
+
|
28
|
+
# Supply a profile path when creating a user to avoid an apparent Windows bug where deleting
|
29
|
+
# the user actually creates the profile when it did not immediately exist before executing
|
30
|
+
# net user /delete! For some reason, specifying an explicit path ensures that the path
|
31
|
+
# profile doesn't get created at deletion.
|
32
|
+
shell_out!("net.exe user /add #{windows_nonadmin_user} \"#{windows_nonadmin_user_password}\" /profilepath:#{temp_profile_path}")
|
33
|
+
end
|
34
|
+
|
35
|
+
after do
|
36
|
+
shell_out!("net.exe user /delete #{windows_nonadmin_user}", returns: [0, 2])
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
shared_context "alternate user identity" do
|
41
|
+
let(:windows_alternate_user) { "chef%02d%02d%02d" % [Time.now.year % 100, Time.now.month, Time.now.day] }
|
42
|
+
let(:windows_alternate_user_password) { "lj28;fx3T!x,2" }
|
43
|
+
let(:windows_alternate_user_qualified) { "#{ENV['COMPUTERNAME']}\\#{windows_alternate_user}" }
|
44
|
+
|
45
|
+
let(:windows_nonadmin_user) { windows_alternate_user }
|
46
|
+
let(:windows_nonadmin_user_password) { windows_alternate_user_password }
|
47
|
+
|
48
|
+
include_context "a non-admin Windows user"
|
49
|
+
end
|
50
|
+
|
51
|
+
shared_context "a command that can be executed as an alternate user" do
|
52
|
+
include_context "alternate user identity"
|
53
|
+
|
54
|
+
let(:script_output_dir) { Dir.mktmpdir }
|
55
|
+
let(:script_output_path) { File.join(script_output_dir, make_tmpname("chef_execute_identity_test")) }
|
56
|
+
let(:script_output) { File.read(script_output_path) }
|
57
|
+
|
58
|
+
include Chef::Mixin::ShellOut
|
59
|
+
|
60
|
+
before do
|
61
|
+
shell_out!("icacls \"#{script_output_dir.gsub(/\//, '\\')}\" /grant \"authenticated users:(F)\"")
|
62
|
+
end
|
63
|
+
|
64
|
+
after do
|
65
|
+
File.delete(script_output_path) if File.exists?(script_output_path)
|
66
|
+
Dir.rmdir(script_output_dir) if Dir.exists?(script_output_dir)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
shared_examples_for "an execute resource that supports alternate user identity" do
|
71
|
+
context "when running on Windows", :windows_only, :windows_service_requires_assign_token do
|
72
|
+
|
73
|
+
include_context "a command that can be executed as an alternate user"
|
74
|
+
|
75
|
+
let(:windows_current_user) { ENV["USERNAME"] }
|
76
|
+
let(:windows_current_user_qualified) { "#{ENV['USERDOMAIN'] || ENV['COMPUTERNAME']}\\#{windows_current_user}" }
|
77
|
+
let(:resource_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).identity.name | out-file -encoding ASCII '#{script_output_path}'\"" }
|
78
|
+
|
79
|
+
let(:execute_resource) do
|
80
|
+
resource.user(windows_alternate_user)
|
81
|
+
resource.password(windows_alternate_user_password)
|
82
|
+
resource.send(resource_command_property, resource_identity_command)
|
83
|
+
resource
|
84
|
+
end
|
85
|
+
|
86
|
+
it "executes the process as an alternate user" do
|
87
|
+
expect(windows_current_user.length).to be > 0
|
88
|
+
expect { execute_resource.run_action(:run) }.not_to raise_error
|
89
|
+
expect(script_output.chomp.length).to be > 0
|
90
|
+
expect(script_output.chomp.downcase).to eq(windows_alternate_user_qualified.downcase)
|
91
|
+
expect(script_output.chomp.downcase).not_to eq(windows_current_user.downcase)
|
92
|
+
expect(script_output.chomp.downcase).not_to eq(windows_current_user_qualified.downcase)
|
93
|
+
end
|
94
|
+
|
95
|
+
let(:windows_alternate_user_password_invalid) { "#{windows_alternate_user_password}x" }
|
96
|
+
|
97
|
+
it "raises an exception if the user's password is invalid" do
|
98
|
+
execute_resource.password(windows_alternate_user_password_invalid)
|
99
|
+
expect { execute_resource.run_action(:run) }.to raise_error(SystemCallError)
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
shared_examples_for "a resource with a guard specifying an alternate user identity" do
|
105
|
+
context "when running on Windows", :windows_only, :windows_service_requires_assign_token do
|
106
|
+
include_context "alternate user identity"
|
107
|
+
|
108
|
+
let(:resource_command_property) { :command }
|
109
|
+
|
110
|
+
let(:powershell_equal_to_alternate_user) { "-eq" }
|
111
|
+
let(:powershell_not_equal_to_alternate_user) { "-ne" }
|
112
|
+
let(:guard_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;exit @(392,0)[[int32](([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).Identity.Name #{comparison_to_alternate_user} '#{windows_alternate_user_qualified}')]\"" }
|
113
|
+
|
114
|
+
before do
|
115
|
+
resource.guard_interpreter(guard_interpreter_resource)
|
116
|
+
end
|
117
|
+
|
118
|
+
context "when the guard expression is true if the user is alternate and false otherwise" do
|
119
|
+
let(:comparison_to_alternate_user) { powershell_equal_to_alternate_user }
|
120
|
+
|
121
|
+
it "causes the resource to be updated for only_if" do
|
122
|
+
resource.only_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
123
|
+
resource.run_action(:run)
|
124
|
+
expect(resource).to be_updated_by_last_action
|
125
|
+
end
|
126
|
+
|
127
|
+
it "causes the resource to not be updated for not_if" do
|
128
|
+
resource.not_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
129
|
+
resource.run_action(:run)
|
130
|
+
expect(resource).not_to be_updated_by_last_action
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
context "when the guard expression is false if the user is alternate and true otherwise" do
|
135
|
+
let(:comparison_to_alternate_user) { powershell_not_equal_to_alternate_user }
|
136
|
+
|
137
|
+
it "causes the resource not to be updated for only_if" do
|
138
|
+
resource.only_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
139
|
+
resource.run_action(:run)
|
140
|
+
expect(resource).not_to be_updated_by_last_action
|
141
|
+
end
|
142
|
+
|
143
|
+
it "causes the resource to be updated for not_if" do
|
144
|
+
resource.not_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
|
145
|
+
resource.run_action(:run)
|
146
|
+
expect(resource).to be_updated_by_last_action
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
@@ -46,10 +46,6 @@ shared_context Chef::Resource::WindowsScript do
|
|
46
46
|
File.delete(script_output_path) if File.exists?(script_output_path)
|
47
47
|
end
|
48
48
|
|
49
|
-
let!(:resource) do
|
50
|
-
Chef::Resource::WindowsScript::Batch.new("Batch resource functional test", @run_context)
|
51
|
-
end
|
52
|
-
|
53
49
|
shared_examples_for "a script resource with architecture attribute" do
|
54
50
|
context "with the given architecture attribute value" do
|
55
51
|
let(:expected_architecture) do
|
@@ -125,6 +121,55 @@ shared_context Chef::Resource::WindowsScript do
|
|
125
121
|
end
|
126
122
|
|
127
123
|
shared_examples_for "a Windows script running on Windows" do
|
124
|
+
shared_examples_for "a script that cannot be accessed by other users if they are not administrators" do
|
125
|
+
include Chef::Mixin::ShellOut
|
126
|
+
|
127
|
+
let(:script_provider) { resource.provider_for_action(:run) }
|
128
|
+
let(:script_file) { script_provider.script_file }
|
129
|
+
let(:script_file_path) { script_file.to_path }
|
130
|
+
|
131
|
+
let(:read_access_denied_command) { "::File.read('#{script_file_path}')" }
|
132
|
+
let(:modify_access_denied_command) { "::File.write('#{script_file_path}', 'stuff')" }
|
133
|
+
let(:delete_access_denied_command) { "::File.delete('#{script_file_path}')" }
|
134
|
+
let(:access_denied_sentinel) { 7334 }
|
135
|
+
let(:access_allowed_sentinel) { 1586 }
|
136
|
+
let(:access_command_invalid) { 0 }
|
137
|
+
|
138
|
+
let(:ruby_interpreter_path) { RbConfig.ruby }
|
139
|
+
let(:ruby_command_template) { "require 'FileUtils';status = 0;begin; #{ruby_access_command};rescue Exception => e; puts e; status = e.class == Errno::EACCES ? #{access_denied_sentinel} : #{access_allowed_sentinel};end;exit status" }
|
140
|
+
let(:command_template) { "set BUNDLE_GEMFILE=&#{ruby_interpreter_path} -e \"#{ruby_command_template}\"" }
|
141
|
+
let(:access_command) { command_template }
|
142
|
+
|
143
|
+
before do
|
144
|
+
expect(script_provider).to receive(:unlink_script_file)
|
145
|
+
resource.code("echo hi")
|
146
|
+
script_provider.action_run
|
147
|
+
end
|
148
|
+
|
149
|
+
after do
|
150
|
+
script_file.close! if script_file
|
151
|
+
::File.delete(script_file.to_path) if script_file && ::File.exists?(script_file.to_path)
|
152
|
+
end
|
153
|
+
|
154
|
+
include_context "alternate user identity"
|
155
|
+
|
156
|
+
shared_examples_for "a script whose file system location cannot be accessed by other non-admin users" do
|
157
|
+
let(:ruby_access_command) { file_access_command }
|
158
|
+
it "generates a script in the local file system that prevents read access to other non-admin users" do
|
159
|
+
shell_out!(access_command, { user: windows_nonadmin_user, password: windows_nonadmin_user_password, returns: [access_denied_sentinel] })
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
context "when a different non-admin user attempts write (modify) to access the script" do
|
164
|
+
let(:file_access_command) { modify_access_denied_command }
|
165
|
+
it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
|
166
|
+
end
|
167
|
+
|
168
|
+
context "when a different non-admin user attempts write (delete) to access the script" do
|
169
|
+
let(:file_access_command) { delete_access_denied_command }
|
170
|
+
it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
|
171
|
+
end
|
172
|
+
end
|
128
173
|
|
129
174
|
describe "when the run action is invoked on Windows" do
|
130
175
|
it "executes the script code" do
|
@@ -132,6 +177,21 @@ shared_context Chef::Resource::WindowsScript do
|
|
132
177
|
resource.returns(0)
|
133
178
|
resource.run_action(:run)
|
134
179
|
end
|
180
|
+
|
181
|
+
context "the script is executed with the identity of the current user", :windows_service_requires_assign_token do
|
182
|
+
it_behaves_like "a script that cannot be accessed by other users if they are not administrators"
|
183
|
+
end
|
184
|
+
|
185
|
+
context "the script is executed with an alternate non-admin identity", :windows_service_requires_assign_token do
|
186
|
+
include_context "alternate user identity"
|
187
|
+
|
188
|
+
before do
|
189
|
+
resource.user(windows_alternate_user)
|
190
|
+
resource.password(windows_alternate_user_password)
|
191
|
+
end
|
192
|
+
|
193
|
+
it_behaves_like "a script that cannot be accessed by other users if they are not administrators"
|
194
|
+
end
|
135
195
|
end
|
136
196
|
|
137
197
|
context "when $env:TMP has a space" do
|
@@ -165,6 +225,11 @@ shared_context Chef::Resource::WindowsScript do
|
|
165
225
|
expect(resource.class).to receive(:new).and_call_original
|
166
226
|
expect(resource.should_skip?(:run)).to be_falsey
|
167
227
|
end
|
228
|
+
|
229
|
+
context "when this resource is used as a guard and it is specified with an alternate user identity" do
|
230
|
+
let(:guard_interpreter_resource) { resource.resource_name }
|
231
|
+
it_behaves_like "a resource with a guard specifying an alternate user identity"
|
232
|
+
end
|
168
233
|
end
|
169
234
|
|
170
235
|
context "when the architecture attribute is not set" do
|
@@ -181,6 +246,11 @@ shared_context Chef::Resource::WindowsScript do
|
|
181
246
|
let(:resource_architecture) { :x86_64 }
|
182
247
|
it_behaves_like "a script resource with architecture attribute"
|
183
248
|
end
|
249
|
+
|
250
|
+
describe "when running with an alternate user identity" do
|
251
|
+
let(:resource_command_property) { :code }
|
252
|
+
it_behaves_like "an execute resource that supports alternate user identity"
|
253
|
+
end
|
184
254
|
end
|
185
255
|
|
186
256
|
def get_windows_script_output(suffix = "")
|
@@ -106,6 +106,16 @@ shared_examples_for "an execute resource" do
|
|
106
106
|
expect(@resource.user).to eql(1)
|
107
107
|
end
|
108
108
|
|
109
|
+
it "should accept a string for the domain" do
|
110
|
+
@resource.domain "mothership"
|
111
|
+
expect(@resource.domain).to eql("mothership")
|
112
|
+
end
|
113
|
+
|
114
|
+
it "should accept a string for the password" do
|
115
|
+
@resource.password "we.funk!"
|
116
|
+
expect(@resource.password).to eql("we.funk!")
|
117
|
+
end
|
118
|
+
|
109
119
|
it "should accept a string for creates" do
|
110
120
|
@resource.creates "something"
|
111
121
|
expect(@resource.creates).to eql("something")
|
@@ -116,6 +126,33 @@ shared_examples_for "an execute resource" do
|
|
116
126
|
expect(@resource.live_stream).to be true
|
117
127
|
end
|
118
128
|
|
129
|
+
describe "the resource's sensitive attribute" do
|
130
|
+
it "should be false by default" do
|
131
|
+
expect(@resource.sensitive).to eq(false)
|
132
|
+
end
|
133
|
+
|
134
|
+
it "should be true if set to true" do
|
135
|
+
expect(@resource.sensitive).to eq(false)
|
136
|
+
@resource.sensitive true
|
137
|
+
expect(@resource.sensitive).to eq(true)
|
138
|
+
end
|
139
|
+
|
140
|
+
it "should be true if the password is non-nil" do
|
141
|
+
expect(@resource.sensitive).to eq(false)
|
142
|
+
@resource.password("we.funk!")
|
143
|
+
expect(@resource.sensitive).to eq(true)
|
144
|
+
end
|
145
|
+
|
146
|
+
it "should be true if the password is non-nil but the value is explicitly set to false" do
|
147
|
+
expect(@resource.sensitive).to eq(false)
|
148
|
+
@resource.password("we.funk!")
|
149
|
+
expect(@resource.sensitive).to eq(true)
|
150
|
+
@resource.sensitive false
|
151
|
+
expect(@resource.sensitive).to eq(true)
|
152
|
+
end
|
153
|
+
|
154
|
+
end
|
155
|
+
|
119
156
|
describe "when it has cwd, environment, group, path, return value, and a user" do
|
120
157
|
before do
|
121
158
|
@resource.command("grep")
|
@@ -683,6 +683,16 @@ shared_examples_for Chef::Provider::File do
|
|
683
683
|
end
|
684
684
|
end
|
685
685
|
|
686
|
+
context "in why run mode" do
|
687
|
+
before { Chef::Config[:why_run] = true }
|
688
|
+
after { Chef::Config[:why_run] = false }
|
689
|
+
|
690
|
+
it "does not modify new_resource" do
|
691
|
+
setup_missing_file
|
692
|
+
expect(provider).not_to receive(:load_resource_attributes_from_file).with(provider.new_resource)
|
693
|
+
provider.run_action(:create)
|
694
|
+
end
|
695
|
+
end
|
686
696
|
end
|
687
697
|
|
688
698
|
context "action delete" do
|
@@ -104,6 +104,15 @@ describe Chef::Cookbook::CookbookVersionLoader do
|
|
104
104
|
|
105
105
|
end
|
106
106
|
|
107
|
+
context "when a cookbook's metadata.rb does not parse but the compiled metadata.json is present" do
|
108
|
+
let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "prefer_metadata_json") }
|
109
|
+
|
110
|
+
it "reads the cookbook" do
|
111
|
+
expect(loaded_cookbook.metadata.name.to_s).to eq("prefer_metadata_json")
|
112
|
+
expect(loaded_cookbook.metadata.version.to_s).to eq("1.2.3")
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
107
116
|
context "when the given path is not actually a cookbook" do
|
108
117
|
|
109
118
|
let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks/NOTHING_HERE_FOLKS") }
|
@@ -25,6 +25,7 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
25
25
|
end
|
26
26
|
|
27
27
|
let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks", "openldap") }
|
28
|
+
let(:unsafe_cookbook_path) { 'C:\AGENT-HOME\xml-data\build-dir\76808194-76906499\artifact\cookbooks/java' }
|
28
29
|
let(:syntax_check) { Chef::Cookbook::SyntaxCheck.new(cookbook_path) }
|
29
30
|
|
30
31
|
let(:open_ldap_cookbook_files) do
|
@@ -53,7 +54,7 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
53
54
|
@recipes = %w{default.rb gigantor.rb one.rb return.rb}.map { |f| File.join(cookbook_path, "recipes", f) }
|
54
55
|
@spec_files = [ File.join(cookbook_path, "spec", "spec_helper.rb") ]
|
55
56
|
@ruby_files = @attr_files + @libr_files + @defn_files + @recipes + @spec_files + [File.join(cookbook_path, "metadata.rb")]
|
56
|
-
basenames = %w{ helpers_via_partial_test.erb
|
57
|
+
@basenames = %w{ helpers_via_partial_test.erb
|
57
58
|
helper_test.erb
|
58
59
|
helpers.erb
|
59
60
|
openldap_stuff.conf.erb
|
@@ -64,7 +65,7 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
64
65
|
some_windows_line_endings.erb
|
65
66
|
all_windows_line_endings.erb
|
66
67
|
no_windows_line_endings.erb }
|
67
|
-
@template_files = basenames.map { |f| File.join(cookbook_path, "templates", "default", f) }
|
68
|
+
@template_files = @basenames.map { |f| File.join(cookbook_path, "templates", "default", f) }
|
68
69
|
end
|
69
70
|
|
70
71
|
after do
|
@@ -94,6 +95,11 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
it "safely handles a path containing control characters" do
|
99
|
+
syntax_check = Chef::Cookbook::SyntaxCheck.new(unsafe_cookbook_path)
|
100
|
+
expect { syntax_check.remove_uninteresting_ruby_files(@basenames) }.not_to raise_error
|
101
|
+
end
|
102
|
+
|
97
103
|
describe "when first created" do
|
98
104
|
it "has the path to the cookbook to syntax check" do
|
99
105
|
expect(syntax_check.cookbook_path).to eq(cookbook_path)
|
@@ -0,0 +1,69 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright 2017, Chef Software, Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "spec_helper"
|
19
|
+
|
20
|
+
describe Chef::HTTP::APIVersions do
|
21
|
+
class TestVersionClient < Chef::HTTP
|
22
|
+
use Chef::HTTP::APIVersions
|
23
|
+
end
|
24
|
+
|
25
|
+
before do
|
26
|
+
Chef::ServerAPIVersions.instance.reset!
|
27
|
+
end
|
28
|
+
|
29
|
+
let(:method) { "GET" }
|
30
|
+
let(:url) { "http://dummy.com" }
|
31
|
+
let(:headers) { {} }
|
32
|
+
let(:data) { false }
|
33
|
+
|
34
|
+
let(:request) {}
|
35
|
+
let(:return_value) { "200" }
|
36
|
+
|
37
|
+
# Test Variables
|
38
|
+
let(:response_body) { "Thanks for checking in." }
|
39
|
+
let(:response_headers) do
|
40
|
+
{
|
41
|
+
"x-ops-server-api-version" => { "min_version" => 0, "max_version" => 2 },
|
42
|
+
}
|
43
|
+
end
|
44
|
+
|
45
|
+
let(:response) do
|
46
|
+
m = double("HttpResponse", :body => response_body)
|
47
|
+
allow(m).to receive(:key?).with("x-ops-server-api-version").and_return(true)
|
48
|
+
allow(m).to receive(:[]) do |key|
|
49
|
+
response_headers[key]
|
50
|
+
end
|
51
|
+
|
52
|
+
m
|
53
|
+
end
|
54
|
+
|
55
|
+
let(:middleware) do
|
56
|
+
client = TestVersionClient.new(url)
|
57
|
+
client.middlewares[0]
|
58
|
+
end
|
59
|
+
|
60
|
+
def run_api_version_handler
|
61
|
+
middleware.handle_request(method, url, headers, data)
|
62
|
+
middleware.handle_response(response, request, return_value)
|
63
|
+
end
|
64
|
+
|
65
|
+
it "correctly stores server api versions" do
|
66
|
+
run_api_version_handler
|
67
|
+
expect(Chef::ServerAPIVersions.instance.min_server_version).to eq(0)
|
68
|
+
end
|
69
|
+
end
|