chef 12.18.31 → 12.19.33

Sign up to get free protection for your applications and to get access to all the features.
Files changed (305) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +5 -4
  3. data/README.md +12 -13
  4. data/VERSION +1 -1
  5. data/acceptance/Gemfile +4 -4
  6. data/acceptance/Gemfile.lock +70 -69
  7. data/chef-universal-mingw32.gemspec +2 -3
  8. data/chef.gemspec +6 -6
  9. data/lib/chef/api_client.rb +8 -10
  10. data/lib/chef/api_client_v1.rb +9 -11
  11. data/lib/chef/application/apply.rb +8 -10
  12. data/lib/chef/application/client.rb +1 -1
  13. data/lib/chef/application/exit_code.rb +3 -5
  14. data/lib/chef/application/knife.rb +2 -2
  15. data/lib/chef/application/windows_service.rb +29 -30
  16. data/lib/chef/application/windows_service_manager.rb +1 -1
  17. data/lib/chef/audit/audit_event_proxy.rb +2 -2
  18. data/lib/chef/audit/control_group_data.rb +1 -1
  19. data/lib/chef/chef_class.rb +1 -0
  20. data/lib/chef/chef_fs/chef_fs_data_store.rb +5 -7
  21. data/lib/chef/chef_fs/command_line.rb +15 -16
  22. data/lib/chef/chef_fs/data_handler/client_data_handler.rb +1 -1
  23. data/lib/chef/chef_fs/data_handler/container_data_handler.rb +1 -1
  24. data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
  25. data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
  26. data/lib/chef/chef_fs/data_handler/environment_data_handler.rb +1 -1
  27. data/lib/chef/chef_fs/data_handler/group_data_handler.rb +1 -1
  28. data/lib/chef/chef_fs/data_handler/node_data_handler.rb +1 -1
  29. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -1
  30. data/lib/chef/chef_fs/data_handler/role_data_handler.rb +1 -1
  31. data/lib/chef/chef_fs/data_handler/user_data_handler.rb +1 -1
  32. data/lib/chef/chef_fs/file_pattern.rb +2 -2
  33. data/lib/chef/chef_fs/file_system.rb +1 -1
  34. data/lib/chef/chef_fs/file_system/chef_server/cookbook_dir.rb +5 -6
  35. data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +8 -10
  36. data/lib/chef/chef_fs/file_system/chef_server/data_bags_dir.rb +8 -10
  37. data/lib/chef/chef_fs/file_system/chef_server/nodes_dir.rb +10 -12
  38. data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +28 -30
  39. data/lib/chef/chef_fs/file_system/chef_server/policy_group_entry.rb +1 -1
  40. data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +27 -29
  41. data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +18 -24
  42. data/lib/chef/chef_fs/file_system/memory/memory_file.rb +1 -1
  43. data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +10 -12
  44. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +10 -12
  45. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +9 -13
  46. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +2 -0
  47. data/lib/chef/chef_fs/file_system/repository/cookbooks_dir.rb +1 -1
  48. data/lib/chef/chef_fs/file_system/repository/nodes_dir.rb +3 -0
  49. data/lib/chef/chef_fs/parallelizer.rb +9 -11
  50. data/lib/chef/cookbook/cookbook_version_loader.rb +25 -31
  51. data/lib/chef/cookbook/metadata.rb +26 -26
  52. data/lib/chef/cookbook/syntax_check.rb +1 -1
  53. data/lib/chef/cookbook_version.rb +3 -3
  54. data/lib/chef/data_bag.rb +1 -1
  55. data/lib/chef/data_bag_item.rb +3 -3
  56. data/lib/chef/data_collector.rb +3 -4
  57. data/lib/chef/decorator.rb +1 -1
  58. data/lib/chef/deprecated.rb +30 -0
  59. data/lib/chef/dsl/audit.rb +2 -2
  60. data/lib/chef/dsl/declare_resource.rb +1 -1
  61. data/lib/chef/dsl/platform_introspection.rb +29 -31
  62. data/lib/chef/dsl/reboot_pending.rb +1 -1
  63. data/lib/chef/dsl/resources.rb +6 -8
  64. data/lib/chef/encrypted_data_bag_item.rb +2 -2
  65. data/lib/chef/environment.rb +9 -11
  66. data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
  67. data/lib/chef/exceptions.rb +4 -1
  68. data/lib/chef/file_access_control/unix.rb +14 -14
  69. data/lib/chef/file_access_control/windows.rb +1 -1
  70. data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +4 -5
  71. data/lib/chef/formatters/error_mapper.rb +6 -6
  72. data/lib/chef/http/api_versions.rb +50 -0
  73. data/lib/chef/http/validate_content_length.rb +2 -2
  74. data/lib/chef/json_compat.rb +6 -10
  75. data/lib/chef/key.rb +5 -5
  76. data/lib/chef/knife.rb +4 -4
  77. data/lib/chef/knife/cookbook_site_install.rb +2 -2
  78. data/lib/chef/knife/core/cookbook_scm_repo.rb +2 -2
  79. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  80. data/lib/chef/knife/core/status_presenter.rb +1 -1
  81. data/lib/chef/knife/core/ui.rb +19 -25
  82. data/lib/chef/knife/data_bag_secret_options.rb +1 -1
  83. data/lib/chef/knife/deps.rb +32 -34
  84. data/lib/chef/knife/help.rb +1 -1
  85. data/lib/chef/knife/list.rb +1 -1
  86. data/lib/chef/knife/search.rb +2 -2
  87. data/lib/chef/knife/ssh.rb +37 -27
  88. data/lib/chef/knife/ssl_check.rb +1 -1
  89. data/lib/chef/knife/user_delete.rb +1 -1
  90. data/lib/chef/mash.rb +1 -1
  91. data/lib/chef/mixin/command.rb +2 -2
  92. data/lib/chef/mixin/create_path.rb +3 -5
  93. data/lib/chef/mixin/from_file.rb +2 -2
  94. data/lib/chef/mixin/get_source_from_package.rb +2 -2
  95. data/lib/chef/mixin/notifying_block.rb +7 -9
  96. data/lib/chef/mixin/params_validate.rb +3 -3
  97. data/lib/chef/mixin/securable.rb +1 -1
  98. data/lib/chef/mixin/shell_out.rb +23 -3
  99. data/lib/chef/mixin/unformatter.rb +2 -2
  100. data/lib/chef/mixin/uris.rb +4 -6
  101. data/lib/chef/mixin/versioned_api.rb +69 -0
  102. data/lib/chef/mixin/which.rb +25 -8
  103. data/lib/chef/mixin/windows_architecture_helper.rb +2 -2
  104. data/lib/chef/mixin/xml_escape.rb +3 -5
  105. data/lib/chef/monkey_patches/webrick-utils.rb +1 -1
  106. data/lib/chef/node.rb +8 -8
  107. data/lib/chef/node/attribute.rb +4 -4
  108. data/lib/chef/node/common_api.rb +5 -7
  109. data/lib/chef/org.rb +10 -12
  110. data/lib/chef/platform/provider_mapping.rb +7 -7
  111. data/lib/chef/platform/query_helpers.rb +1 -1
  112. data/lib/chef/policy_builder/policyfile.rb +1 -0
  113. data/lib/chef/property.rb +31 -0
  114. data/lib/chef/provider/batch.rb +1 -1
  115. data/lib/chef/provider/breakpoint.rb +1 -1
  116. data/lib/chef/provider/cookbook_file.rb +3 -3
  117. data/lib/chef/provider/cron.rb +38 -38
  118. data/lib/chef/provider/deploy.rb +81 -81
  119. data/lib/chef/provider/deploy/revision.rb +3 -5
  120. data/lib/chef/provider/directory.rb +32 -32
  121. data/lib/chef/provider/dsc_resource.rb +22 -6
  122. data/lib/chef/provider/env.rb +28 -28
  123. data/lib/chef/provider/env/windows.rb +1 -1
  124. data/lib/chef/provider/erl_call.rb +13 -13
  125. data/lib/chef/provider/execute.rb +5 -2
  126. data/lib/chef/provider/file.rb +49 -51
  127. data/lib/chef/provider/git.rb +55 -55
  128. data/lib/chef/provider/http_request.rb +36 -36
  129. data/lib/chef/provider/launchd.rb +2 -2
  130. data/lib/chef/provider/link.rb +50 -50
  131. data/lib/chef/provider/log.rb +2 -2
  132. data/lib/chef/provider/mdadm.rb +25 -25
  133. data/lib/chef/provider/mount/aix.rb +2 -2
  134. data/lib/chef/provider/mount/mount.rb +2 -2
  135. data/lib/chef/provider/ohai.rb +1 -1
  136. data/lib/chef/provider/osx_profile.rb +23 -23
  137. data/lib/chef/provider/package.rb +74 -56
  138. data/lib/chef/provider/package/aix.rb +55 -52
  139. data/lib/chef/provider/package/apt.rb +15 -13
  140. data/lib/chef/provider/package/cab.rb +49 -20
  141. data/lib/chef/provider/package/chocolatey.rb +9 -10
  142. data/lib/chef/provider/package/dnf.rb +20 -18
  143. data/lib/chef/provider/package/dnf/dnf_helper.py +1 -1
  144. data/lib/chef/provider/package/dnf/python_helper.rb +63 -26
  145. data/lib/chef/provider/package/dnf/version.rb +1 -1
  146. data/lib/chef/provider/package/dpkg.rb +8 -9
  147. data/lib/chef/provider/package/easy_install.rb +22 -22
  148. data/lib/chef/provider/package/freebsd/base.rb +10 -10
  149. data/lib/chef/provider/package/freebsd/pkg.rb +15 -15
  150. data/lib/chef/provider/package/freebsd/pkgng.rb +13 -15
  151. data/lib/chef/provider/package/freebsd/port.rb +7 -7
  152. data/lib/chef/provider/package/homebrew.rb +11 -10
  153. data/lib/chef/provider/package/ips.rb +18 -23
  154. data/lib/chef/provider/package/macports.rb +23 -23
  155. data/lib/chef/provider/package/msu.rb +11 -11
  156. data/lib/chef/provider/package/openbsd.rb +25 -22
  157. data/lib/chef/provider/package/pacman.rb +16 -16
  158. data/lib/chef/provider/package/paludis.rb +26 -27
  159. data/lib/chef/provider/package/portage.rb +22 -22
  160. data/lib/chef/provider/package/powershell.rb +17 -17
  161. data/lib/chef/provider/package/rpm.rb +25 -25
  162. data/lib/chef/provider/package/rubygems.rb +60 -60
  163. data/lib/chef/provider/package/smartos.rb +16 -16
  164. data/lib/chef/provider/package/solaris.rb +44 -44
  165. data/lib/chef/provider/package/windows.rb +3 -3
  166. data/lib/chef/provider/package/windows/exe.rb +6 -6
  167. data/lib/chef/provider/package/windows/msi.rb +6 -6
  168. data/lib/chef/provider/package/yum.rb +318 -268
  169. data/lib/chef/provider/package/yum/rpm_utils.rb +34 -34
  170. data/lib/chef/provider/package/yum/yum_cache.rb +12 -12
  171. data/lib/chef/provider/package/zypper.rb +11 -11
  172. data/lib/chef/provider/powershell_script.rb +15 -7
  173. data/lib/chef/provider/reboot.rb +10 -10
  174. data/lib/chef/provider/registry_key.rb +39 -39
  175. data/lib/chef/provider/remote_directory.rb +3 -3
  176. data/lib/chef/provider/remote_file.rb +3 -3
  177. data/lib/chef/provider/route.rb +1 -1
  178. data/lib/chef/provider/ruby_block.rb +3 -3
  179. data/lib/chef/provider/script.rb +42 -6
  180. data/lib/chef/provider/service.rb +49 -49
  181. data/lib/chef/provider/service/solaris.rb +1 -1
  182. data/lib/chef/provider/service/systemd.rb +1 -1
  183. data/lib/chef/provider/subversion.rb +39 -39
  184. data/lib/chef/provider/systemd_unit.rb +2 -0
  185. data/lib/chef/provider/template.rb +3 -3
  186. data/lib/chef/provider/user.rb +42 -42
  187. data/lib/chef/provider/whyrun_safe_ruby_block.rb +4 -4
  188. data/lib/chef/resource.rb +27 -16
  189. data/lib/chef/resource/apt_repository.rb +0 -1
  190. data/lib/chef/resource/chef_gem.rb +1 -1
  191. data/lib/chef/resource/dnf_package.rb +6 -3
  192. data/lib/chef/resource/dsc_resource.rb +9 -1
  193. data/lib/chef/resource/execute.rb +70 -6
  194. data/lib/chef/resource/file/verification/systemd_unit.rb +67 -0
  195. data/lib/chef/resource/freebsd_package.rb +1 -1
  196. data/lib/chef/resource/gem_package.rb +1 -1
  197. data/lib/chef/resource/launchd.rb +13 -1
  198. data/lib/chef/resource/package.rb +2 -2
  199. data/lib/chef/resource/registry_key.rb +1 -1
  200. data/lib/chef/resource/yum_package.rb +12 -3
  201. data/lib/chef/resource/yum_repository.rb +0 -1
  202. data/lib/chef/resource_collection/resource_collection_serialization.rb +3 -3
  203. data/lib/chef/resource_collection/resource_set.rb +2 -2
  204. data/lib/chef/resource_reporter.rb +1 -1
  205. data/lib/chef/run_context.rb +3 -3
  206. data/lib/chef/run_list/run_list_item.rb +1 -1
  207. data/lib/chef/run_list/versioned_recipe_list.rb +6 -6
  208. data/lib/chef/server_api.rb +2 -0
  209. data/lib/chef/server_api_versions.rb +40 -0
  210. data/lib/chef/shell.rb +1 -1
  211. data/lib/chef/shell/ext.rb +3 -3
  212. data/lib/chef/shell/shell_session.rb +1 -1
  213. data/lib/chef/user.rb +9 -11
  214. data/lib/chef/user_v1.rb +9 -11
  215. data/lib/chef/util/diff.rb +1 -1
  216. data/lib/chef/util/dsc/lcm_output_parser.rb +1 -1
  217. data/lib/chef/util/selinux.rb +1 -1
  218. data/lib/chef/util/windows/net_group.rb +18 -30
  219. data/lib/chef/util/windows/net_use.rb +7 -11
  220. data/lib/chef/util/windows/net_user.rb +11 -17
  221. data/lib/chef/util/windows/volume.rb +9 -15
  222. data/lib/chef/version.rb +1 -1
  223. data/lib/chef/version_class.rb +1 -1
  224. data/lib/chef/win32/api.rb +4 -6
  225. data/lib/chef/win32/api/file.rb +25 -31
  226. data/lib/chef/win32/api/installer.rb +2 -2
  227. data/lib/chef/win32/file.rb +4 -6
  228. data/lib/chef/win32/registry.rb +9 -9
  229. data/lib/chef/win32/security.rb +2 -2
  230. data/lib/chef/win32/security/acl.rb +2 -2
  231. data/lib/chef/win32/unicode.rb +2 -2
  232. data/lib/chef/win32/version.rb +1 -1
  233. data/spec/data/prefer_metadata_json/metadata.json +51 -0
  234. data/spec/data/prefer_metadata_json/metadata.rb +6 -0
  235. data/spec/data/prefer_metadata_json/recipes/default.rb +0 -0
  236. data/spec/functional/knife/ssh_spec.rb +5 -5
  237. data/spec/functional/resource/batch_spec.rb +5 -1
  238. data/spec/functional/resource/dsc_script_spec.rb +2 -4
  239. data/spec/functional/resource/execute_spec.rb +17 -0
  240. data/spec/functional/resource/user/dscl_spec.rb +2 -4
  241. data/spec/integration/client/client_spec.rb +33 -0
  242. data/spec/integration/recipes/recipe_dsl_spec.rb +58 -58
  243. data/spec/spec_helper.rb +4 -0
  244. data/spec/support/chef_helpers.rb +5 -7
  245. data/spec/support/platform_helpers.rb +6 -0
  246. data/spec/support/platforms/prof/gc.rb +4 -6
  247. data/spec/support/shared/context/client.rb +1 -1
  248. data/spec/support/shared/functional/execute_resource.rb +150 -0
  249. data/spec/support/shared/functional/windows_script.rb +74 -4
  250. data/spec/support/shared/unit/execute_resource.rb +37 -0
  251. data/spec/support/shared/unit/provider/file.rb +10 -0
  252. data/spec/unit/cookbook/cookbook_version_loader_spec.rb +9 -0
  253. data/spec/unit/cookbook/syntax_check_spec.rb +8 -2
  254. data/spec/unit/http/api_versions_spec.rb +69 -0
  255. data/spec/unit/knife/ssh_spec.rb +34 -36
  256. data/spec/unit/mixin/versioned_api_spec.rb +107 -0
  257. data/spec/unit/mixin/which.rb +160 -0
  258. data/spec/unit/platform_spec.rb +28 -1
  259. data/spec/unit/provider/deploy_spec.rb +1 -1
  260. data/spec/unit/provider/directory_spec.rb +10 -0
  261. data/spec/unit/provider/dsc_resource_spec.rb +175 -0
  262. data/spec/unit/provider/execute_spec.rb +0 -1
  263. data/spec/unit/provider/launchd_spec.rb +2 -2
  264. data/spec/unit/provider/package/aix_spec.rb +22 -22
  265. data/spec/unit/provider/package/apt_spec.rb +27 -27
  266. data/spec/unit/provider/package/cab_spec.rb +59 -5
  267. data/spec/unit/provider/package/dnf/python_helper_spec.rb +29 -0
  268. data/spec/unit/provider/package/dpkg_spec.rb +16 -16
  269. data/spec/unit/provider/package/easy_install_spec.rb +18 -18
  270. data/spec/unit/provider/package/freebsd/pkg_spec.rb +15 -15
  271. data/spec/unit/provider/package/freebsd/pkgng_spec.rb +9 -9
  272. data/spec/unit/provider/package/freebsd/port_spec.rb +9 -9
  273. data/spec/unit/provider/package/homebrew_spec.rb +9 -9
  274. data/spec/unit/provider/package/ips_spec.rb +37 -31
  275. data/spec/unit/provider/package/macports_spec.rb +10 -10
  276. data/spec/unit/provider/package/openbsd_spec.rb +10 -10
  277. data/spec/unit/provider/package/pacman_spec.rb +6 -6
  278. data/spec/unit/provider/package/paludis_spec.rb +7 -7
  279. data/spec/unit/provider/package/portage_spec.rb +6 -7
  280. data/spec/unit/provider/package/rpm_spec.rb +23 -23
  281. data/spec/unit/provider/package/rubygems_spec.rb +38 -38
  282. data/spec/unit/provider/package/solaris_spec.rb +15 -15
  283. data/spec/unit/provider/package/windows_spec.rb +2 -1
  284. data/spec/unit/provider/package/yum_spec.rb +51 -43
  285. data/spec/unit/provider/package/zypper_spec.rb +34 -34
  286. data/spec/unit/provider/package_spec.rb +8 -0
  287. data/spec/unit/provider/remote_file/sftp_spec.rb +3 -3
  288. data/spec/unit/provider/route_spec.rb +7 -1
  289. data/spec/unit/provider/script_spec.rb +49 -6
  290. data/spec/unit/resource/dsc_resource_spec.rb +6 -0
  291. data/spec/unit/resource/execute_spec.rb +214 -0
  292. data/spec/unit/resource/file/verification/systemd_unit_spec.rb +103 -0
  293. data/spec/unit/resource/freebsd_package_spec.rb +2 -2
  294. data/spec/unit/resource/package_spec.rb +5 -0
  295. data/spec/unit/resource/yum_package_spec.rb +42 -1
  296. data/spec/unit/resource_reporter_spec.rb +1 -1
  297. data/spec/unit/resource_spec.rb +18 -0
  298. data/spec/unit/server_api_versions_spec.rb +44 -0
  299. data/spec/unit/util/selinux_spec.rb +3 -14
  300. data/spec/unit/win32/error_spec.rb +67 -0
  301. data/spec/unit/win32/security_spec.rb +66 -0
  302. data/tasks/changelog.rb +1 -1
  303. data/tasks/dependencies.rb +20 -4
  304. metadata +39 -18
  305. data/lib/chef/monkey_patches/net-ssh-multi.rb +0 -141
@@ -53,13 +53,11 @@ end
53
53
  # This is a temporary fix to get tests passing on systems that have no `diff`
54
54
  # until we can replace shelling out to `diff` with ruby diff-lcs
55
55
  def has_diff?
56
- begin
57
- diff_cmd = Mixlib::ShellOut.new("diff -v")
58
- diff_cmd.run_command
59
- true
60
- rescue Errno::ENOENT
61
- false
62
- end
56
+ diff_cmd = Mixlib::ShellOut.new("diff -v")
57
+ diff_cmd.run_command
58
+ true
59
+ rescue Errno::ENOENT
60
+ false
63
61
  end
64
62
 
65
63
  # This is a helper to determine if the ruby in the PATH contains
@@ -92,6 +92,12 @@ def windows_nano_server?
92
92
  Chef::Platform.windows_nano_server?
93
93
  end
94
94
 
95
+ def windows_user_right?(right)
96
+ return false unless windows?
97
+ require "chef/win32/security"
98
+ Chef::ReservedNames::Win32::Security.get_account_right(ENV["USERNAME"]).include?(right)
99
+ end
100
+
95
101
  def mac_osx_106?
96
102
  if File.exists? "/usr/bin/sw_vers"
97
103
  result = ShellHelpers.shell_out("/usr/bin/sw_vers")
@@ -35,12 +35,10 @@ module RSpec
35
35
  end
36
36
 
37
37
  def working_set_size
38
- begin
39
- ::GC.start
40
- ::GC::Profiler.result.scan(LINE_PATTERN)[-1][2].to_i if ::GC::Profiler.enabled?
41
- ensure
42
- ::GC::Profiler.clear
43
- end
38
+ ::GC.start
39
+ ::GC::Profiler.result.scan(LINE_PATTERN)[-1][2].to_i if ::GC::Profiler.enabled?
40
+ ensure
41
+ ::GC::Profiler.clear
44
42
  end
45
43
 
46
44
  def handle_count
@@ -95,7 +95,7 @@ shared_context "a client run" do
95
95
 
96
96
  def stub_for_data_collector_init
97
97
  expect(Chef::ServerAPI).to receive(:new).
98
- with(Chef::Config[:data_collector][:server_url]).
98
+ with(Chef::Config[:data_collector][:server_url], validate_utf8: false).
99
99
  exactly(:once).
100
100
  and_return(http_data_collector)
101
101
  end
@@ -0,0 +1,150 @@
1
+ #
2
+ # Author:: Adam Edwards (<adamed@chef.io>)
3
+ # Copyright:: Copyright (c) 2015 Chef Software, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ shared_context "a non-admin Windows user" do
20
+ include Chef::Mixin::ShellOut
21
+
22
+ let(:windows_nonadmin_user_domain) { ENV["COMPUTERNAME"] }
23
+ let(:windows_nonadmin_user_qualified) { "#{windows_nonadmin_user_domain}\\#{windows_nonadmin_user}" }
24
+ let(:temp_profile_path) { "#{ENV['USERPROFILE']}\\..\\cheftesttempuser" }
25
+ before do
26
+ shell_out!("net.exe user /delete #{windows_nonadmin_user}", returns: [0, 2])
27
+
28
+ # Supply a profile path when creating a user to avoid an apparent Windows bug where deleting
29
+ # the user actually creates the profile when it did not immediately exist before executing
30
+ # net user /delete! For some reason, specifying an explicit path ensures that the path
31
+ # profile doesn't get created at deletion.
32
+ shell_out!("net.exe user /add #{windows_nonadmin_user} \"#{windows_nonadmin_user_password}\" /profilepath:#{temp_profile_path}")
33
+ end
34
+
35
+ after do
36
+ shell_out!("net.exe user /delete #{windows_nonadmin_user}", returns: [0, 2])
37
+ end
38
+ end
39
+
40
+ shared_context "alternate user identity" do
41
+ let(:windows_alternate_user) { "chef%02d%02d%02d" % [Time.now.year % 100, Time.now.month, Time.now.day] }
42
+ let(:windows_alternate_user_password) { "lj28;fx3T!x,2" }
43
+ let(:windows_alternate_user_qualified) { "#{ENV['COMPUTERNAME']}\\#{windows_alternate_user}" }
44
+
45
+ let(:windows_nonadmin_user) { windows_alternate_user }
46
+ let(:windows_nonadmin_user_password) { windows_alternate_user_password }
47
+
48
+ include_context "a non-admin Windows user"
49
+ end
50
+
51
+ shared_context "a command that can be executed as an alternate user" do
52
+ include_context "alternate user identity"
53
+
54
+ let(:script_output_dir) { Dir.mktmpdir }
55
+ let(:script_output_path) { File.join(script_output_dir, make_tmpname("chef_execute_identity_test")) }
56
+ let(:script_output) { File.read(script_output_path) }
57
+
58
+ include Chef::Mixin::ShellOut
59
+
60
+ before do
61
+ shell_out!("icacls \"#{script_output_dir.gsub(/\//, '\\')}\" /grant \"authenticated users:(F)\"")
62
+ end
63
+
64
+ after do
65
+ File.delete(script_output_path) if File.exists?(script_output_path)
66
+ Dir.rmdir(script_output_dir) if Dir.exists?(script_output_dir)
67
+ end
68
+ end
69
+
70
+ shared_examples_for "an execute resource that supports alternate user identity" do
71
+ context "when running on Windows", :windows_only, :windows_service_requires_assign_token do
72
+
73
+ include_context "a command that can be executed as an alternate user"
74
+
75
+ let(:windows_current_user) { ENV["USERNAME"] }
76
+ let(:windows_current_user_qualified) { "#{ENV['USERDOMAIN'] || ENV['COMPUTERNAME']}\\#{windows_current_user}" }
77
+ let(:resource_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).identity.name | out-file -encoding ASCII '#{script_output_path}'\"" }
78
+
79
+ let(:execute_resource) do
80
+ resource.user(windows_alternate_user)
81
+ resource.password(windows_alternate_user_password)
82
+ resource.send(resource_command_property, resource_identity_command)
83
+ resource
84
+ end
85
+
86
+ it "executes the process as an alternate user" do
87
+ expect(windows_current_user.length).to be > 0
88
+ expect { execute_resource.run_action(:run) }.not_to raise_error
89
+ expect(script_output.chomp.length).to be > 0
90
+ expect(script_output.chomp.downcase).to eq(windows_alternate_user_qualified.downcase)
91
+ expect(script_output.chomp.downcase).not_to eq(windows_current_user.downcase)
92
+ expect(script_output.chomp.downcase).not_to eq(windows_current_user_qualified.downcase)
93
+ end
94
+
95
+ let(:windows_alternate_user_password_invalid) { "#{windows_alternate_user_password}x" }
96
+
97
+ it "raises an exception if the user's password is invalid" do
98
+ execute_resource.password(windows_alternate_user_password_invalid)
99
+ expect { execute_resource.run_action(:run) }.to raise_error(SystemCallError)
100
+ end
101
+ end
102
+ end
103
+
104
+ shared_examples_for "a resource with a guard specifying an alternate user identity" do
105
+ context "when running on Windows", :windows_only, :windows_service_requires_assign_token do
106
+ include_context "alternate user identity"
107
+
108
+ let(:resource_command_property) { :command }
109
+
110
+ let(:powershell_equal_to_alternate_user) { "-eq" }
111
+ let(:powershell_not_equal_to_alternate_user) { "-ne" }
112
+ let(:guard_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;exit @(392,0)[[int32](([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).Identity.Name #{comparison_to_alternate_user} '#{windows_alternate_user_qualified}')]\"" }
113
+
114
+ before do
115
+ resource.guard_interpreter(guard_interpreter_resource)
116
+ end
117
+
118
+ context "when the guard expression is true if the user is alternate and false otherwise" do
119
+ let(:comparison_to_alternate_user) { powershell_equal_to_alternate_user }
120
+
121
+ it "causes the resource to be updated for only_if" do
122
+ resource.only_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
123
+ resource.run_action(:run)
124
+ expect(resource).to be_updated_by_last_action
125
+ end
126
+
127
+ it "causes the resource to not be updated for not_if" do
128
+ resource.not_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
129
+ resource.run_action(:run)
130
+ expect(resource).not_to be_updated_by_last_action
131
+ end
132
+ end
133
+
134
+ context "when the guard expression is false if the user is alternate and true otherwise" do
135
+ let(:comparison_to_alternate_user) { powershell_not_equal_to_alternate_user }
136
+
137
+ it "causes the resource not to be updated for only_if" do
138
+ resource.only_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
139
+ resource.run_action(:run)
140
+ expect(resource).not_to be_updated_by_last_action
141
+ end
142
+
143
+ it "causes the resource to be updated for not_if" do
144
+ resource.not_if(guard_identity_command, { user: windows_alternate_user, password: windows_alternate_user_password })
145
+ resource.run_action(:run)
146
+ expect(resource).to be_updated_by_last_action
147
+ end
148
+ end
149
+ end
150
+ end
@@ -46,10 +46,6 @@ shared_context Chef::Resource::WindowsScript do
46
46
  File.delete(script_output_path) if File.exists?(script_output_path)
47
47
  end
48
48
 
49
- let!(:resource) do
50
- Chef::Resource::WindowsScript::Batch.new("Batch resource functional test", @run_context)
51
- end
52
-
53
49
  shared_examples_for "a script resource with architecture attribute" do
54
50
  context "with the given architecture attribute value" do
55
51
  let(:expected_architecture) do
@@ -125,6 +121,55 @@ shared_context Chef::Resource::WindowsScript do
125
121
  end
126
122
 
127
123
  shared_examples_for "a Windows script running on Windows" do
124
+ shared_examples_for "a script that cannot be accessed by other users if they are not administrators" do
125
+ include Chef::Mixin::ShellOut
126
+
127
+ let(:script_provider) { resource.provider_for_action(:run) }
128
+ let(:script_file) { script_provider.script_file }
129
+ let(:script_file_path) { script_file.to_path }
130
+
131
+ let(:read_access_denied_command) { "::File.read('#{script_file_path}')" }
132
+ let(:modify_access_denied_command) { "::File.write('#{script_file_path}', 'stuff')" }
133
+ let(:delete_access_denied_command) { "::File.delete('#{script_file_path}')" }
134
+ let(:access_denied_sentinel) { 7334 }
135
+ let(:access_allowed_sentinel) { 1586 }
136
+ let(:access_command_invalid) { 0 }
137
+
138
+ let(:ruby_interpreter_path) { RbConfig.ruby }
139
+ let(:ruby_command_template) { "require 'FileUtils';status = 0;begin; #{ruby_access_command};rescue Exception => e; puts e; status = e.class == Errno::EACCES ? #{access_denied_sentinel} : #{access_allowed_sentinel};end;exit status" }
140
+ let(:command_template) { "set BUNDLE_GEMFILE=&#{ruby_interpreter_path} -e \"#{ruby_command_template}\"" }
141
+ let(:access_command) { command_template }
142
+
143
+ before do
144
+ expect(script_provider).to receive(:unlink_script_file)
145
+ resource.code("echo hi")
146
+ script_provider.action_run
147
+ end
148
+
149
+ after do
150
+ script_file.close! if script_file
151
+ ::File.delete(script_file.to_path) if script_file && ::File.exists?(script_file.to_path)
152
+ end
153
+
154
+ include_context "alternate user identity"
155
+
156
+ shared_examples_for "a script whose file system location cannot be accessed by other non-admin users" do
157
+ let(:ruby_access_command) { file_access_command }
158
+ it "generates a script in the local file system that prevents read access to other non-admin users" do
159
+ shell_out!(access_command, { user: windows_nonadmin_user, password: windows_nonadmin_user_password, returns: [access_denied_sentinel] })
160
+ end
161
+ end
162
+
163
+ context "when a different non-admin user attempts write (modify) to access the script" do
164
+ let(:file_access_command) { modify_access_denied_command }
165
+ it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
166
+ end
167
+
168
+ context "when a different non-admin user attempts write (delete) to access the script" do
169
+ let(:file_access_command) { delete_access_denied_command }
170
+ it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
171
+ end
172
+ end
128
173
 
129
174
  describe "when the run action is invoked on Windows" do
130
175
  it "executes the script code" do
@@ -132,6 +177,21 @@ shared_context Chef::Resource::WindowsScript do
132
177
  resource.returns(0)
133
178
  resource.run_action(:run)
134
179
  end
180
+
181
+ context "the script is executed with the identity of the current user", :windows_service_requires_assign_token do
182
+ it_behaves_like "a script that cannot be accessed by other users if they are not administrators"
183
+ end
184
+
185
+ context "the script is executed with an alternate non-admin identity", :windows_service_requires_assign_token do
186
+ include_context "alternate user identity"
187
+
188
+ before do
189
+ resource.user(windows_alternate_user)
190
+ resource.password(windows_alternate_user_password)
191
+ end
192
+
193
+ it_behaves_like "a script that cannot be accessed by other users if they are not administrators"
194
+ end
135
195
  end
136
196
 
137
197
  context "when $env:TMP has a space" do
@@ -165,6 +225,11 @@ shared_context Chef::Resource::WindowsScript do
165
225
  expect(resource.class).to receive(:new).and_call_original
166
226
  expect(resource.should_skip?(:run)).to be_falsey
167
227
  end
228
+
229
+ context "when this resource is used as a guard and it is specified with an alternate user identity" do
230
+ let(:guard_interpreter_resource) { resource.resource_name }
231
+ it_behaves_like "a resource with a guard specifying an alternate user identity"
232
+ end
168
233
  end
169
234
 
170
235
  context "when the architecture attribute is not set" do
@@ -181,6 +246,11 @@ shared_context Chef::Resource::WindowsScript do
181
246
  let(:resource_architecture) { :x86_64 }
182
247
  it_behaves_like "a script resource with architecture attribute"
183
248
  end
249
+
250
+ describe "when running with an alternate user identity" do
251
+ let(:resource_command_property) { :code }
252
+ it_behaves_like "an execute resource that supports alternate user identity"
253
+ end
184
254
  end
185
255
 
186
256
  def get_windows_script_output(suffix = "")
@@ -106,6 +106,16 @@ shared_examples_for "an execute resource" do
106
106
  expect(@resource.user).to eql(1)
107
107
  end
108
108
 
109
+ it "should accept a string for the domain" do
110
+ @resource.domain "mothership"
111
+ expect(@resource.domain).to eql("mothership")
112
+ end
113
+
114
+ it "should accept a string for the password" do
115
+ @resource.password "we.funk!"
116
+ expect(@resource.password).to eql("we.funk!")
117
+ end
118
+
109
119
  it "should accept a string for creates" do
110
120
  @resource.creates "something"
111
121
  expect(@resource.creates).to eql("something")
@@ -116,6 +126,33 @@ shared_examples_for "an execute resource" do
116
126
  expect(@resource.live_stream).to be true
117
127
  end
118
128
 
129
+ describe "the resource's sensitive attribute" do
130
+ it "should be false by default" do
131
+ expect(@resource.sensitive).to eq(false)
132
+ end
133
+
134
+ it "should be true if set to true" do
135
+ expect(@resource.sensitive).to eq(false)
136
+ @resource.sensitive true
137
+ expect(@resource.sensitive).to eq(true)
138
+ end
139
+
140
+ it "should be true if the password is non-nil" do
141
+ expect(@resource.sensitive).to eq(false)
142
+ @resource.password("we.funk!")
143
+ expect(@resource.sensitive).to eq(true)
144
+ end
145
+
146
+ it "should be true if the password is non-nil but the value is explicitly set to false" do
147
+ expect(@resource.sensitive).to eq(false)
148
+ @resource.password("we.funk!")
149
+ expect(@resource.sensitive).to eq(true)
150
+ @resource.sensitive false
151
+ expect(@resource.sensitive).to eq(true)
152
+ end
153
+
154
+ end
155
+
119
156
  describe "when it has cwd, environment, group, path, return value, and a user" do
120
157
  before do
121
158
  @resource.command("grep")
@@ -683,6 +683,16 @@ shared_examples_for Chef::Provider::File do
683
683
  end
684
684
  end
685
685
 
686
+ context "in why run mode" do
687
+ before { Chef::Config[:why_run] = true }
688
+ after { Chef::Config[:why_run] = false }
689
+
690
+ it "does not modify new_resource" do
691
+ setup_missing_file
692
+ expect(provider).not_to receive(:load_resource_attributes_from_file).with(provider.new_resource)
693
+ provider.run_action(:create)
694
+ end
695
+ end
686
696
  end
687
697
 
688
698
  context "action delete" do
@@ -104,6 +104,15 @@ describe Chef::Cookbook::CookbookVersionLoader do
104
104
 
105
105
  end
106
106
 
107
+ context "when a cookbook's metadata.rb does not parse but the compiled metadata.json is present" do
108
+ let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "prefer_metadata_json") }
109
+
110
+ it "reads the cookbook" do
111
+ expect(loaded_cookbook.metadata.name.to_s).to eq("prefer_metadata_json")
112
+ expect(loaded_cookbook.metadata.version.to_s).to eq("1.2.3")
113
+ end
114
+ end
115
+
107
116
  context "when the given path is not actually a cookbook" do
108
117
 
109
118
  let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks/NOTHING_HERE_FOLKS") }
@@ -25,6 +25,7 @@ describe Chef::Cookbook::SyntaxCheck do
25
25
  end
26
26
 
27
27
  let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks", "openldap") }
28
+ let(:unsafe_cookbook_path) { 'C:\AGENT-HOME\xml-data\build-dir\76808194-76906499\artifact\cookbooks/java' }
28
29
  let(:syntax_check) { Chef::Cookbook::SyntaxCheck.new(cookbook_path) }
29
30
 
30
31
  let(:open_ldap_cookbook_files) do
@@ -53,7 +54,7 @@ describe Chef::Cookbook::SyntaxCheck do
53
54
  @recipes = %w{default.rb gigantor.rb one.rb return.rb}.map { |f| File.join(cookbook_path, "recipes", f) }
54
55
  @spec_files = [ File.join(cookbook_path, "spec", "spec_helper.rb") ]
55
56
  @ruby_files = @attr_files + @libr_files + @defn_files + @recipes + @spec_files + [File.join(cookbook_path, "metadata.rb")]
56
- basenames = %w{ helpers_via_partial_test.erb
57
+ @basenames = %w{ helpers_via_partial_test.erb
57
58
  helper_test.erb
58
59
  helpers.erb
59
60
  openldap_stuff.conf.erb
@@ -64,7 +65,7 @@ describe Chef::Cookbook::SyntaxCheck do
64
65
  some_windows_line_endings.erb
65
66
  all_windows_line_endings.erb
66
67
  no_windows_line_endings.erb }
67
- @template_files = basenames.map { |f| File.join(cookbook_path, "templates", "default", f) }
68
+ @template_files = @basenames.map { |f| File.join(cookbook_path, "templates", "default", f) }
68
69
  end
69
70
 
70
71
  after do
@@ -94,6 +95,11 @@ describe Chef::Cookbook::SyntaxCheck do
94
95
  end
95
96
  end
96
97
 
98
+ it "safely handles a path containing control characters" do
99
+ syntax_check = Chef::Cookbook::SyntaxCheck.new(unsafe_cookbook_path)
100
+ expect { syntax_check.remove_uninteresting_ruby_files(@basenames) }.not_to raise_error
101
+ end
102
+
97
103
  describe "when first created" do
98
104
  it "has the path to the cookbook to syntax check" do
99
105
  expect(syntax_check.cookbook_path).to eq(cookbook_path)
@@ -0,0 +1,69 @@
1
+ #
2
+ # Copyright:: Copyright 2017, Chef Software, Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require "spec_helper"
19
+
20
+ describe Chef::HTTP::APIVersions do
21
+ class TestVersionClient < Chef::HTTP
22
+ use Chef::HTTP::APIVersions
23
+ end
24
+
25
+ before do
26
+ Chef::ServerAPIVersions.instance.reset!
27
+ end
28
+
29
+ let(:method) { "GET" }
30
+ let(:url) { "http://dummy.com" }
31
+ let(:headers) { {} }
32
+ let(:data) { false }
33
+
34
+ let(:request) {}
35
+ let(:return_value) { "200" }
36
+
37
+ # Test Variables
38
+ let(:response_body) { "Thanks for checking in." }
39
+ let(:response_headers) do
40
+ {
41
+ "x-ops-server-api-version" => { "min_version" => 0, "max_version" => 2 },
42
+ }
43
+ end
44
+
45
+ let(:response) do
46
+ m = double("HttpResponse", :body => response_body)
47
+ allow(m).to receive(:key?).with("x-ops-server-api-version").and_return(true)
48
+ allow(m).to receive(:[]) do |key|
49
+ response_headers[key]
50
+ end
51
+
52
+ m
53
+ end
54
+
55
+ let(:middleware) do
56
+ client = TestVersionClient.new(url)
57
+ client.middlewares[0]
58
+ end
59
+
60
+ def run_api_version_handler
61
+ middleware.handle_request(method, url, headers, data)
62
+ middleware.handle_response(response, request, return_value)
63
+ end
64
+
65
+ it "correctly stores server api versions" do
66
+ run_api_version_handler
67
+ expect(Chef::ServerAPIVersions.instance.min_server_version).to eq(0)
68
+ end
69
+ end