chef 12.19.36-universal-mingw32 → 12.20.3-universal-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5fc9e425a52821d2132f9c35e148ba201e6f291d
-  data.tar.gz: 2cafadfbeea5999d646984789a267905500149ab
+  metadata.gz: db533086421a761c2b0cab6f6b7d15ca36644dd9
+  data.tar.gz: 5b6b35602acf79052fb0d3ae4407db12cdb4ab8b
 SHA512:
-  metadata.gz: 627595d883912ca598e30974e799525f7a8db3a750a8c8892f759a04857b48ad0d0bf7f60b9dd59f29fa7adf14bdcaac91f63e6c7c63f740578a220b21d24b66
-  data.tar.gz: 99012e152a7e361bb801206988469a19eb4a0769758e079754a123d2e08d295a5ab77e0ec99f383f5bc76dede3f116f1ca51febd79e64656ffd51e76be760568
+  metadata.gz: f139fd972f70410aa1eec342913d907310f50dd323834b7a01a1aafba40fc9e3d4f2d9b50c1a1bc055532fbcfcb0da55a2bdef2f80473058b63cbfbef95fa5e9
+  data.tar.gz: d67d8f9435643dba4444e3d7a90d15a8d2f650375d2688ccac1afc39519717c245f8cff637ccce005280452b3980d67e1a0330597d2fd31dc6fcdf396a2648d0

data/VERSION

@@ -1 +1 @@
-12.19.36
+12.20.3

data/lib/chef/client.rb

@@ -280,6 +280,8 @@ class Chef
 
         run_context = setup_run_context
 
+        load_required_recipe(@rest, run_context) unless Chef::Config[:solo_legacy_mode]
+
         if Chef::Config[:audit_mode] != :audit_only
           converge_error = converge_and_save(run_context)
         end
@@ -514,6 +516,49 @@ class Chef
       run_context
     end
 
+    #
+    # Adds a required recipe as specified by the Chef Server
+    #
+    # @return The modified run context
+    #
+    # @api private
+    #
+    # TODO: @rest doesn't appear to be used anywhere outside
+    # of client.register except for here. If it's common practice
+    # to create your own rest client, perhaps we should do that
+    # here but it seems more appropriate to reuse one that we
+    # know is already created. for ease of testing, we'll pass
+    # the existing rest client in as a parameter
+    #
+    def load_required_recipe(rest, run_context)
+      required_recipe_contents = rest.get("required_recipe")
+      Chef::Log.info("Required Recipe found, loading it")
+      Chef::FileCache.store("required_recipe", required_recipe_contents)
+      required_recipe_file = Chef::FileCache.load("required_recipe", false)
+
+      # TODO: add integration tests with resource reporting turned on
+      #       (presumably requires changes to chef-zero)
+      #
+      # Chef::Recipe.new takes a cookbook name and a recipe name along
+      # with the run context. These names are eventually used in the
+      # resource reporter, and if the cookbook name cannot be found in the
+      # cookbook collection then we will fail with an exception. Cases where
+      # we currently also fail:
+      #   - specific recipes
+      #   - chef-apply would fail if resource reporting was enabled
+      #
+      recipe = Chef::Recipe.new(nil, nil, run_context)
+      recipe.from_file(required_recipe_file)
+      run_context
+    rescue Net::HTTPServerException => e
+      case e.response
+      when Net::HTTPNotFound
+        Chef::Log.debug("Required Recipe not configured on the server, skipping it")
+      else
+        raise
+      end
+    end
+
     #
     # The PolicyBuilder strategy for figuring out run list and cookbooks.
     #

data/lib/chef/knife/data_bag_create.rb

@@ -49,13 +49,15 @@ class Chef
           exit(1)
         end
 
-        # create the data bag
+        # Verify if the data bag exists
         begin
+          rest.get("data/#{@data_bag_name}")
+          ui.info("Data bag #{@data_bag_name} already exists")
+        rescue Net::HTTPServerException => e
+          raise unless e.to_s =~ /^404/
+          # if it doesn't exists, try to create it
           rest.post("data", { "name" => @data_bag_name })
           ui.info("Created data_bag[#{@data_bag_name}]")
-        rescue Net::HTTPServerException => e
-          raise unless e.to_s =~ /^409/
-          ui.info("Data bag #{@data_bag_name} already exists")
         end
 
         # if an item is specified, create it, as well

data/lib/chef/provider/apt_repository.rb

@@ -115,7 +115,7 @@ class Chef
         so = shell_out(cmd)
         so.run_command
         so.stdout.split(/\n/).map do |t|
-          if z = t.match(/^ +Key fingerprint = ([0-9A-F ]+)/)
+          if z = t.match(/^fpr:+([0-9A-F]+):/)
             z[1].split.join
           end
         end.compact
@@ -147,8 +147,10 @@ class Chef
       end
 
       def no_new_keys?(file)
-        installed_keys = extract_fingerprints_from_cmd("apt-key finger")
-        proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint #{file}")
+        # Now we are using the option --with-colons that works across old os versions
+        # as well as the latest (16.10). This for both `apt-key` and `gpg` commands
+        installed_keys = extract_fingerprints_from_cmd("apt-key adv --list-public-keys --with-fingerprint --with-colons")
+        proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint --with-colons #{file}")
         (installed_keys & proposed_keys).sort == proposed_keys.sort
       end
 

data/lib/chef/version.rb

@@ -21,7 +21,7 @@
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = "12.19.36"
+  VERSION = "12.20.3"
 end
 
 #

data/spec/functional/resource/link_spec.rb

@@ -1,6 +1,6 @@
 #
 # Author:: John Keiser (<jkeiser@chef.io>)
-# Copyright:: Copyright 2011-2016, Chef Software Inc.
+# Copyright:: Copyright 2011-2017, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -654,7 +654,7 @@ describe Chef::Resource::Link do
           end
           context "and the link does not yet exist" do
             it "links to the target file" do
-              skip("OS X/FreeBSD/AIX symlink? and readlink working on hard links to symlinks") if os_x? || freebsd? || aix?
+              skip("OS X/FreeBSD/AIX/Solaris symlink? and readlink working on hard links to symlinks") if os_x? || freebsd? || aix? || solaris?
               resource.run_action(:create)
               expect(File.exists?(target_file)).to be_truthy
               # OS X gets angry about this sort of link.  Bug in OS X, IMO.
@@ -673,7 +673,7 @@ describe Chef::Resource::Link do
           end
           context "and the link does not yet exist" do
             it "links to the target file" do
-              skip("OS X/FreeBSD/AIX fails to create hardlinks to broken symlinks") if os_x? || freebsd? || aix?
+              skip("OS X/FreeBSD/AIX/Solaris fails to create hardlinks to broken symlinks") if os_x? || freebsd? || aix? || solaris?
               resource.run_action(:create)
               expect(File.exists?(target_file) || File.symlink?(target_file)).to be_truthy
               expect(symlink?(target_file)).to be_truthy

data/spec/support/shared/context/client.rb

@@ -135,6 +135,12 @@ shared_context "a client run" do
       and_return({})
   end
 
+  def stub_for_required_recipe
+    response = Net::HTTPNotFound.new("1.1", "404", "Not Found")
+    exception = Net::HTTPServerException.new('404 "Not Found"', response)
+    expect(http_node_load).to receive(:get).with("required_recipe").and_raise(exception)
+  end
+
   def stub_for_converge
     # define me
   end
@@ -165,6 +171,7 @@ shared_context "a client run" do
     stub_for_data_collector_init
     stub_for_node_load
     stub_for_sync_cookbooks
+    stub_for_required_recipe
     stub_for_converge
     stub_for_audit
     stub_for_node_save

data/spec/unit/client_spec.rb

@@ -402,6 +402,55 @@ describe Chef::Client do
     end
   end
 
+  describe "load_required_recipe" do
+    let(:rest)        { double("Chef::ServerAPI (required recipe)") }
+    let(:run_context) { double("Chef::RunContext") }
+    let(:recipe)      { double("Chef::Recipe (required recipe)") }
+    let(:required_recipe) do
+      <<EOM
+fake_recipe_variable = "for reals"
+EOM
+    end
+
+    context "when required_recipe is configured" do
+
+      before(:each) do
+        expect(rest).to receive(:get).with("required_recipe").and_return(required_recipe)
+        expect(Chef::Recipe).to receive(:new).with(nil, nil, run_context).and_return(recipe)
+        expect(recipe).to receive(:from_file)
+      end
+
+      it "fetches the recipe and adds it to the run context" do
+        client.load_required_recipe(rest, run_context)
+      end
+
+      context "when the required_recipe has bad contents" do
+        let(:required_recipe) do
+          <<EOM
+this is not a recipe
+EOM
+        end
+        it "should not raise an error" do
+          expect { client.load_required_recipe(rest, run_context) }.not_to raise_error()
+        end
+      end
+    end
+
+    context "when required_recipe returns 404" do
+      let(:http_response) { Net::HTTPNotFound.new("1.1", "404", "Not Found") }
+      let(:http_exception) { Net::HTTPServerException.new('404 "Not Found"', http_response) }
+
+      before(:each) do
+        expect(rest).to receive(:get).with("required_recipe").and_raise(http_exception)
+      end
+
+      it "should log and continue on" do
+        expect(Chef::Log).to receive(:debug)
+        client.load_required_recipe(rest, run_context)
+      end
+    end
+  end
+
   describe "windows_admin_check" do
     context "platform is not windows" do
       before do

data/spec/unit/knife/data_bag_create_spec.rb

@@ -46,64 +46,84 @@ describe Chef::Knife::DataBagCreate do
     allow(knife).to receive(:config).and_return(config)
   end
 
-  it "tries to create a data bag with an invalid name when given one argument" do
-    knife.name_args = ["invalid&char"]
-    expect(Chef::DataBag).to receive(:validate_name!).with(knife.name_args[0]).and_raise(Chef::Exceptions::InvalidDataBagName)
-    expect { knife.run }.to exit_with_code(1)
-  end
-
-  context "when given one argument" do
-    before do
-      knife.name_args = [bag_name]
-    end
-
-    it "creates a data bag" do
-      expect(rest).to receive(:post).with("data", { "name" => bag_name })
-      expect(knife.ui).to receive(:info).with("Created data_bag[#{bag_name}]")
+  context "when data_bag already exist" do
+    it "doesn't creates a data bag" do
+      expect(knife).to receive(:create_object).and_yield(raw_hash)
+      expect(rest).to receive(:get).with("data/#{bag_name}")
+      expect(rest).to_not receive(:post).with("data", { "name" => bag_name })
+      expect(knife.ui).to receive(:info).with("Data bag #{bag_name} already exists")
 
       knife.run
     end
   end
 
-  context "no secret is specified for encryption" do
-    let(:item) do
-      item = Chef::DataBagItem.from_hash(raw_hash)
-      item.data_bag(bag_name)
-      item
+  context "when data_bag doesn't exist" do
+    before do
+      # Data bag doesn't exist by default so we mock the GET request to return 404
+      exception = double("404 error", :code => "404")
+      allow(rest).to receive(:get)
+        .with("data/#{bag_name}")
+        .and_raise(Net::HTTPServerException.new("404", exception))
     end
 
-    it "creates a data bag item" do
-      expect(knife).to receive(:create_object).and_yield(raw_hash)
-      expect(knife).to receive(:encryption_secret_provided?).and_return(false)
-      expect(rest).to receive(:post).with("data", { "name" => bag_name }).ordered
-      expect(rest).to receive(:post).with("data/#{bag_name}", item).ordered
-
-      knife.run
+    it "tries to create a data bag with an invalid name when given one argument" do
+      knife.name_args = ["invalid&char"]
+      expect(Chef::DataBag).to receive(:validate_name!).with(knife.name_args[0]).and_raise(Chef::Exceptions::InvalidDataBagName)
+      expect { knife.run }.to exit_with_code(1)
     end
-  end
 
-  context "a secret is specified for encryption" do
-    let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_hash, secret) }
+    context "when given one argument" do
+      before do
+        knife.name_args = [bag_name]
+      end
+
+      it "creates a data bag" do
+        expect(rest).to receive(:post).with("data", { "name" => bag_name })
+        expect(knife.ui).to receive(:info).with("Created data_bag[#{bag_name}]")
 
-    let(:item) do
-      item = Chef::DataBagItem.from_hash(encoded_data)
-      item.data_bag(bag_name)
-      item
+        knife.run
+      end
     end
 
-    it "creates an encrypted data bag item" do
-      expect(knife).to receive(:create_object).and_yield(raw_hash)
-      expect(knife).to receive(:encryption_secret_provided?).and_return(true)
-      expect(knife).to receive(:read_secret).and_return(secret)
-      expect(Chef::EncryptedDataBagItem)
-        .to receive(:encrypt_data_bag_item)
-        .with(raw_hash, secret)
-        .and_return(encoded_data)
-      expect(rest).to receive(:post).with("data", { "name" => bag_name }).ordered
-      expect(rest).to receive(:post).with("data/#{bag_name}", item).ordered
+    context "no secret is specified for encryption" do
+      let(:item) do
+        item = Chef::DataBagItem.from_hash(raw_hash)
+        item.data_bag(bag_name)
+        item
+      end
+
+      it "creates a data bag item" do
+        expect(knife).to receive(:create_object).and_yield(raw_hash)
+        expect(knife).to receive(:encryption_secret_provided?).and_return(false)
+        expect(rest).to receive(:post).with("data", { "name" => bag_name }).ordered
+        expect(rest).to receive(:post).with("data/#{bag_name}", item).ordered
+
+        knife.run
+      end
+    end
 
-      knife.run
+    context "a secret is specified for encryption" do
+      let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_hash, secret) }
+
+      let(:item) do
+        item = Chef::DataBagItem.from_hash(encoded_data)
+        item.data_bag(bag_name)
+        item
+      end
+
+      it "creates an encrypted data bag item" do
+        expect(knife).to receive(:create_object).and_yield(raw_hash)
+        expect(knife).to receive(:encryption_secret_provided?).and_return(true)
+        expect(knife).to receive(:read_secret).and_return(secret)
+        expect(Chef::EncryptedDataBagItem)
+          .to receive(:encrypt_data_bag_item)
+          .with(raw_hash, secret)
+          .and_return(encoded_data)
+        expect(rest).to receive(:post).with("data", { "name" => bag_name }).ordered
+        expect(rest).to receive(:post).with("data/#{bag_name}", item).ordered
+
+        knife.run
+      end
     end
   end
-
 end

data/spec/unit/provider/apt_repository_spec.rb

@@ -18,32 +18,30 @@
 
 require "spec_helper"
 
+# Now we are using the option --with-colons that works across old os versions
+# as well as the latest (16.10). This for both `apt-key` and `gpg` commands
+#
+# Output of the command:
+# => apt-key adv --list-public-keys --with-fingerprint --with-colons
 APT_KEY_FINGER = <<-EOF
-/etc/apt/trusted.gpg
---------------------
-pub   1024D/437D05B5 2004-09-12
-      Key fingerprint = 6302 39CC 130E 1A7F D81A  27B1 4097 6EAF 437D 05B5
-uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
-sub   2048g/79164387 2004-09-12
-
-pub   1024D/FBB75451 2004-12-30
-      Key fingerprint = C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451
-uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
-
-pub   4096R/C0B21F32 2012-05-11
-      Key fingerprint = 790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
-uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
-
-pub   4096R/EFE21092 2012-05-11
-      Key fingerprint = 8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
-uid                  Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
-
+tru:t:1:1488924856:0:3:1:5
+pub:-:1024:17:40976EAF437D05B5:2004-09-12:::-:Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>::scESC:
+fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:
+sub:-:2048:16:251BEFF479164387:2004-09-12::::::e:
+pub:-:1024:17:46181433FBB75451:2004-12-30:::-:Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>::scSC:
+fpr:::::::::C5986B4F1257FFA86632CBA746181433FBB75451:
+pub:-:4096:1:3B4FE6ACC0B21F32:2012-05-11:::-:Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>::scSC:
+fpr:::::::::790BC7277767219C42C86F933B4FE6ACC0B21F32:
+pub:-:4096:1:D94AA3F0EFE21092:2012-05-11:::-:Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>::scSC:
+fpr:::::::::843938DF228D22F7B3742BC0D94AA3F0EFE21092:
 EOF
 
+# Output of the command:
+# => gpg --with-fingerprint --with-colons [FILE]
 GPG_FINGER = <<-EOF
-pub  1024D/02A818DD 2009-04-22 Cloudera Apt Repository
-      Key fingerprint = F36A 89E3 3CC1 BD0F 7107  9007 3275 74EE 02A8 18DD
-sub  2048g/D1CA74A1 2009-04-22
+pub:-:1024:17:327574EE02A818DD:2009-04-22:::-:Cloudera Apt Repository:
+fpr:::::::::F36A89E33CC1BD0F71079007327574EE02A818DD:
+sub:-:2048:16:84080586D1CA74A1:2009-04-22::::
 EOF
 
 describe Chef::Provider::AptRepository do
@@ -57,6 +55,10 @@ describe Chef::Provider::AptRepository do
     Chef::Provider::AptRepository.new(new_resource, run_context)
   end
 
+  let(:apt_key_finger_cmd) do
+    "apt-key adv --list-public-keys --with-fingerprint --with-colons"
+  end
+
   let(:apt_key_finger) do
     r = double("Mixlib::ShellOut", stdout: APT_KEY_FINGER, exitstatus: 0, live_stream: true)
     allow(r).to receive(:run_command)
@@ -102,28 +104,32 @@ C5986B4F1257FFA86632CBA746181433FBB75451
 
     it "should run the desired command" do
       expect(apt_key_finger).to receive(:run_command)
-      provider.extract_fingerprints_from_cmd("apt-key finger")
+      provider.extract_fingerprints_from_cmd(apt_key_finger_cmd)
     end
 
     it "should return a list of key fingerprints" do
-      expect(provider.extract_fingerprints_from_cmd("apt-key finger")).to eql(apt_fingerprints)
+      expect(provider.extract_fingerprints_from_cmd(apt_key_finger_cmd)).to eql(apt_fingerprints)
     end
   end
 
   describe "#no_new_keys?" do
     before do
-      allow(provider).to receive(:extract_fingerprints_from_cmd).with("apt-key finger").and_return(apt_fingerprints)
+      allow(provider).to receive(:extract_fingerprints_from_cmd).with(apt_key_finger_cmd).and_return(apt_fingerprints)
     end
 
     let(:file) { "/tmp/remote-gpg-keyfile" }
 
     it "should match a set of keys" do
-      allow(provider).to receive(:extract_fingerprints_from_cmd).with("gpg --with-fingerprint #{file}").and_return(Array(apt_fingerprints.first))
+      allow(provider).to receive(:extract_fingerprints_from_cmd)
+        .with("gpg --with-fingerprint --with-colons #{file}")
+        .and_return(Array(apt_fingerprints.first))
       expect(provider.no_new_keys?(file)).to be_truthy
     end
 
     it "should notice missing keys" do
-      allow(provider).to receive(:extract_fingerprints_from_cmd).with("gpg --with-fingerprint #{file}").and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
+      allow(provider).to receive(:extract_fingerprints_from_cmd)
+        .with("gpg --with-fingerprint --with-colons #{file}")
+        .and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
       expect(provider.no_new_keys?(file)).to be_falsey
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 12.19.36
+  version: 12.20.3
 platform: universal-mingw32
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-23 00:00:00.000000000 Z
+date: 2017-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 12.19.36
+        version: 12.20.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 12.19.36
+        version: 12.20.3
 - !ruby/object:Gem::Dependency
   name: mixlib-cli
   requirement: !ruby/object:Gem::Requirement