chef 12.5.1 → 12.6.0

data/lib/chef/application/windows_service_manager.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Chisamore (<schisamo@opscode.com>)
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
+# Copyright:: Copyright (c) 2011-2015 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -51,8 +51,7 @@ class Chef
       option :log_location,
         :short        => "-L LOGLOCATION",
         :long         => "--logfile LOGLOCATION",
-        :description  => "Set the log file location for chef-service",
-        :default => "#{ENV['SYSTEMDRIVE']}/chef/client.log"
+        :description  => "Set the log file location for chef-service"
 
       option :help,
         :short        => "-h",

data/lib/chef/audit/runner.rb

@@ -106,6 +106,7 @@ class Chef
         RSpec.configure do |c|
           c.color = Chef::Config[:color]
           c.expose_dsl_globally = false
+          c.project_source_dirs = Array(Chef::Config[:cookbook_path])
           c.backtrace_exclusion_patterns << exclusion_pattern
         end
       end

data/lib/chef/chef_class.rb

@@ -205,17 +205,7 @@ class Chef
     # @api private this will likely be removed in favor of an as-yet unwritten
     #      `Chef.log`
     def log_deprecation(message, location=nil)
-      if !location
-        # Pick the first caller that is *not* part of the Chef gem, that's the
-        # thing the user wrote.
-        chef_gem_path = File.expand_path("../..", __FILE__)
-        caller(0..10).each do |c|
-          if !c.start_with?(chef_gem_path)
-            location = c
-            break
-          end
-        end
-      end
+      location ||= Chef::Log.caller_location
       # `run_context.events` is the primary deprecation target if we're in a
       # run. If we are not yet in a run, print to `Chef::Log`.
       if run_context && run_context.events

data/lib/chef/chef_fs/chef_fs_data_store.rb

@@ -66,12 +66,65 @@ class Chef
     #   - ChefFSDataStore lets cookbooks be uploaded into a temporary memory
     #     storage, and when the cookbook is committed, copies the files onto the
     #     disk in the correct place (/cookbooks/apache2/recipes/default.rb).
+    #
     # 3. Data bags:
     #   - The Chef server expects data bags in /data/BAG/ITEM
     #   - The repository stores data bags in /data_bags/BAG/ITEM
     #
     # 4. JSON filenames are generally NAME.json in the repository (e.g. /nodes/foo.json).
     #
+    # 5. Org membership:
+    #    chef-zero stores user membership in an org as a series of empty files.
+    #    If an org has jkeiser and cdoherty as members, chef-zero expects these
+    #    files to exist:
+    #
+    #    - `users/jkeiser` (content: '{}')
+    #    - `users/cdoherty` (content: '{}')
+    #
+    #    ChefFS, on the other hand, stores user membership in an org as a single
+    #    file, `members.json`, with content:
+    #
+    #        ```json
+    #        [
+    #          { "user": { "username": "jkeiser" } },
+    #          { "user": { "username": "cdoherty" } }
+    #        ]
+    #        ```
+    #
+    #    To translate between the two, we need to intercept requests to `users`
+    #    like so:
+    #
+    #    - `list(users)` -> `get(/members.json)`
+    #    - `get(users/NAME)` -> `get(/members.json)`, see if it's in there
+    #    - `create(users/NAME)` -> `get(/members.json)`, add name, `set(/members.json)`
+    #    - `delete(users/NAME)` -> `get(/members.json)`, remove name, `set(/members.json)`
+    #
+    # 6. Org invitations:
+    #    chef-zero stores org membership invitations as a series of empty files.
+    #    If an org has invited jkeiser and cdoherty (and they have not yet accepted
+    #    the invite), chef-zero expects these files to exist:
+    #
+    #    - `association_requests/jkeiser` (content: '{}')
+    #    - `association_requests/cdoherty` (content: '{}')
+    #
+    #    ChefFS, on the other hand, stores invitations as a single file,
+    #    `invitations.json`, with content:
+    #
+    #        ```json
+    #        [
+    #          { "id" => "jkeiser-chef", 'username' => 'jkeiser' },
+    #          { "id" => "cdoherty-chef", 'username' => 'cdoherty' }
+    #        ]
+    #        ```
+    #
+    #    To translate between the two, we need to intercept requests to `users`
+    #    like so:
+    #
+    #    - `list(association_requests)` -> `get(/invitations.json)`
+    #    - `get(association_requests/NAME)` -> `get(/invitations.json)`, see if it's in there
+    #    - `create(association_requests/NAME)` -> `get(/invitations.json)`, add name, `set(/invitations.json)`
+    #    - `delete(association_requests/NAME)` -> `get(/invitations.json)`, remove name, `set(/invitations.json)`
+    #
     class ChefFSDataStore
       #
       # Create a new ChefFSDataStore
@@ -83,9 +136,10 @@ class Chef
       #   Generally will be a +ChefFS::FileSystem::ChefRepositoryFileSystemRoot+
       #   object, created from +ChefFS::Config.local_fs+.
       #
-      def initialize(chef_fs)
+      def initialize(chef_fs, chef_config=Chef::Config)
         @chef_fs = chef_fs
         @memory_store = ChefZero::DataStore::MemoryStore.new
+        @repo_mode = chef_config[:repo_mode]
       end
 
       def publish_description
@@ -93,6 +147,7 @@ class Chef
       end
 
       attr_reader :chef_fs
+      attr_reader :repo_mode
 
       def create_dir(path, name, *options)
         if use_memory_store?(path)
@@ -108,6 +163,24 @@ class Chef
         end
       end
 
+      #
+      # If you want to get the contents of /data/x/y from the server,
+      # you say chef_fs.child('data').child('x').child('y').read.
+      # It will make exactly one network request: GET /data/x/y
+      # And that will return 404 if it doesn't exist.
+      #
+      # ChefFS objects do not go to the network until you ask them for data.
+      # This means you can construct a /data/x/y ChefFS entry early.
+      #
+      # Alternative:
+      # chef_fs.child('data') could have done a GET /data preemptively,
+      # allowing it to know whether child('x') was valid (GET /data gives you
+      # a list of data bags). Then child('x') could have done a GET /data/x,
+      # allowing it to know whether child('y') (the item) existed. Finally,
+      # we would do the GET /data/x/y to read the contents. Three network
+      # requests instead of 1.
+      #
+
       def create(path, name, data, *options)
         if use_memory_store?(path)
           @memory_store.create(path, name, data, *options)
@@ -115,6 +188,32 @@ class Chef
         elsif path[0] == 'cookbooks' && path.length == 2
           # Do nothing.  The entry gets created when the cookbook is created.
 
+        # create [/organizations/ORG]/users/NAME (with content '{}')
+        # Manipulate the `members.json` file that contains a list of all users
+        elsif is_org? && path == [ 'users' ]
+          update_json('members.json', []) do |members|
+            # Format of each entry: { "user": { "username": "jkeiser" } }
+            if members.any? { |member| member['user']['username'] == name }
+              raise ChefZero::DataStore::DataAlreadyExistsError.new(path, entry)
+            end
+
+            # Actually add the user
+            members << { "user" => { "username" => name } }
+          end
+
+        # create [/organizations/ORG]/association_requests/NAME (with content '{}')
+        # Manipulate the `invitations.json` file that contains a list of all users
+        elsif is_org? && path == [ 'association_requests' ]
+          update_json('invitations.json', []) do |invitations|
+            # Format of each entry: { "id" => "jkeiser-chef", 'username' => 'jkeiser' }
+            if invitations.any? { |member| member['username'] == name }
+              raise ChefZero::DataStore::DataAlreadyExistsError.new(path)
+            end
+
+            # Actually add the user (TODO insert org name??)
+            invitations << { "username" => name }
+          end
+
         else
           if !data.is_a?(String)
             raise "set only works with strings"
@@ -142,6 +241,24 @@ class Chef
             raise ChefZero::DataStore::DataNotFoundError.new(to_zero_path(e.entry), e)
           end
 
+        # GET [/organizations/ORG]/users/NAME -> /users/NAME
+        # Manipulates members.json
+        elsif is_org? && path[0] == 'users' && path.length == 2
+          if get_json('members.json', []).any? { |member| member['user']['username'] == path[1] }
+            '{}'
+          else
+            raise ChefZero::DataStore::DataNotFoundError.new(path)
+          end
+
+        # GET [/organizations/ORG]/association_requests/NAME -> /users/NAME
+        # Manipulates invites.json
+        elsif is_org? && path[0] == 'association_requests' && path.length == 2
+          if get_json('invites.json', []).any? { |member| member['user']['username'] == path[1] }
+            '{}'
+          else
+            raise ChefZero::DataStore::DataNotFoundError.new(path)
+          end
+
         else
           with_entry(path) do |entry|
             if path[0] == 'cookbooks' && path.length == 3
@@ -209,6 +326,29 @@ class Chef
       def delete(path)
         if use_memory_store?(path)
           @memory_store.delete(path)
+
+        # DELETE [/organizations/ORG]/users/NAME
+        # Manipulates members.json
+        elsif is_org? && path[0] == 'users' && path.length == 2
+          update_json('members.json', []) do |members|
+            result = members.reject { |member| member['user']['username'] == path[1] }
+            if result.size == members.size
+              raise ChefZero::DataStore::DataNotFoundError.new(path)
+            end
+            result
+          end
+
+        # DELETE [/organizations/ORG]/users/NAME
+        # Manipulates members.json
+        elsif is_org? && path[0] == 'association_requests' && path.length == 2
+          update_json('invitations.json', []) do |invitations|
+            result = invitations.reject { |invitation| invitation['username'] == path[1] }
+            if result.size == invitations.size
+              raise ChefZero::DataStore::DataNotFoundError.new(path)
+            end
+            result
+          end
+
         else
           with_entry(path) do |entry|
             begin
@@ -394,9 +534,22 @@ class Chef
               end
             end
           end
+
+        elsif path[0] == 'acls'
+          # /acls/containers|nodes|.../x.json
+          # /acls/organization.json
+          if path.length == 3 || path == [ 'acls', 'organization' ]
+            path = path.dup
+            path[-1] = "#{path[-1]}.json"
+          end
+
+          # /acls/containers|nodes|... do NOT drop into the next elsif, and do
+          # not get .json appended
+
+        # /nodes|clients|.../x.json
         elsif path.length == 2
           path = path.dup
-          path[1] = "#{path[1]}.json"
+          path[-1] = "#{path[-1]}.json"
         end
         path
       end
@@ -477,6 +630,32 @@ class Chef
         metadata = ChefZero::CookbookData.metadata_from(dir, path[1], nil, [])
         metadata[:version] || '0.0.0'
       end
+
+      def update_json(path, default_value)
+        entry = Chef::ChefFS::FileSystem.resolve_path(chef_fs, path)
+        begin
+          input = Chef::JSONCompat.parse(entry.read)
+          output = yield input.dup
+          entry.write(Chef::JSONCompat.to_json_pretty(output)) if output != input
+        rescue Chef::ChefFS::FileSystem::NotFoundError
+          # Send the default value to the caller, and create the entry if the caller updates it
+          output = yield default_value
+          entry.parent.create_child(entry.name, Chef::JSONCompat.to_json_pretty(output)) if output != []
+        end
+      end
+
+      def get_json(path, default_value)
+        entry = Chef::ChefFS::FileSystem.resolve_path(chef_fs, path)
+        begin
+          Chef::JSONCompat.parse(entry.read)
+        rescue Chef::ChefFS::FileSystem::NotFoundError
+          default_value
+        end
+      end
+
+      def is_org?
+        repo_mode == 'hosted_everything'
+      end
     end
   end
 end

data/lib/chef/chef_fs/file_system/cookbook_subdir.rb

@@ -45,6 +45,11 @@ class Chef
           true
         end
 
+        def make_child_entry(name)
+          result = @children.select { |child| child.name == name }.first if @children
+          result || NonexistentFSObject.new(name, self)
+        end
+
         def rest
           parent.rest
         end

data/lib/chef/chef_fs/file_system/file_system_entry.rb

@@ -72,18 +72,22 @@ class Chef
         end
 
         def delete(recurse)
-          if dir?
-            if !recurse
-              raise MustDeleteRecursivelyError.new(self, $!)
+          begin
+            if dir?
+              if !recurse
+                raise MustDeleteRecursivelyError.new(self, $!)
+              end
+              FileUtils.rm_r(file_path)
+            else
+              File.delete(file_path)
             end
-            FileUtils.rm_rf(file_path)
-          else
-            File.delete(file_path)
+          rescue Errno::ENOENT
+            raise Chef::ChefFS::FileSystem::NotFoundError.new(self, $!)
           end
         end
 
         def exists?
-          File.exists?(file_path) && parent.can_have_child?(name, dir?)
+          File.exists?(file_path) && (parent.nil? || parent.can_have_child?(name, dir?))
         end
 
         def read

data/lib/chef/client.rb

@@ -232,6 +232,8 @@ class Chef
     # @return Always returns true.
     #
     def run
+      start_profiling
+
       run_error = nil
 
       runlock = RunLock.new(Chef::Config.lockfile)
@@ -271,7 +273,7 @@ class Chef
 
         if Chef::Config[:why_run] == true
           # why_run should probably be renamed to why_converge
-          Chef::Log.debug("Not running controls in 'why_run' mode - this mode is used to see potential converge changes")
+          Chef::Log.debug("Not running controls in 'why-run' mode - this mode is used to see potential converge changes")
         elsif Chef::Config[:audit_mode] != :disabled
           audit_error = run_audits(run_context)
         end
@@ -284,6 +286,9 @@ class Chef
         run_completed_successfully
         events.run_completed(node)
 
+        # keep this inside the main loop to get exception backtraces
+        end_profiling
+
         # rebooting has to be the last thing we do, no exceptions.
         Chef::Platform::Rebooter.reboot_if_needed!(node)
       rescue Exception => run_error
@@ -891,6 +896,28 @@ class Chef
     attr_reader :override_runlist
     attr_reader :specific_recipes
 
+    def profiling_prereqs!
+      require 'ruby-prof'
+    rescue LoadError
+      raise "You must have the ruby-prof gem installed in order to use --profile-ruby"
+    end
+
+    def start_profiling
+      return unless Chef::Config[:profile_ruby]
+      profiling_prereqs!
+      RubyProf.start
+    end
+
+    def end_profiling
+      return unless Chef::Config[:profile_ruby]
+      profiling_prereqs!
+      path = Chef::FileCache.create_cache_path("graph_profile.out", false)
+      File.open(path, "w+") do |file|
+        RubyProf::GraphPrinter.new(RubyProf.stop).print(file, {})
+      end
+      Chef::Log.warn("Ruby execution profile dumped to #{path}")
+    end
+
     def empty_directory?(path)
       !File.exists?(path) || (Dir.entries(path).size <= 2)
     end

data/lib/chef/cookbook/cookbook_collection.rb

@@ -1,7 +1,7 @@
 #--
 # Author:: Tim Hinderliter (<tim@opscode.com>)
 # Author:: Christopher Walters (<cw@opscode.com>)
-# Copyright:: Copyright (c) 2010 Opscode, Inc.
+# Copyright:: Copyright (c) 2010-2015 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,5 +41,18 @@ class Chef
       cookbook_versions.each{ |cookbook_name, cookbook_version| self[cookbook_name] = cookbook_version }
     end
 
+    # Validates that the cookbook metadata allows it to run on this instance.
+    #
+    # Currently checks chef_version and ohai_version in the cookbook metadata
+    # against the running Chef::VERSION and Ohai::VERSION.
+    #
+    # @raises [Chef::Exceptions::CookbookChefVersionMismatch] if the Chef::VERSION fails validation
+    # @raises [Chef::Exceptions::CookbookOhaiVersionMismatch] if the Ohai::VERSION fails validation
+    def validate!
+      each do |cookbook_name, cookbook_version|
+        cookbook_version.metadata.validate_chef_version!
+        cookbook_version.metadata.validate_ohai_version!
+      end
+    end
   end
 end

data/lib/chef/cookbook/cookbook_version_loader.rb

@@ -91,7 +91,7 @@ class Chef
         remove_ignored_files
 
         if empty?
-          Chef::Log.warn "found a directory #{cookbook_name} in the cookbook path, but it contains no cookbook files. skipping."
+          Chef::Log.warn "Found a directory #{cookbook_name} in the cookbook path, but it contains no cookbook files. skipping."
         end
         @cookbook_settings
       end

data/lib/chef/cookbook/metadata.rb

@@ -2,7 +2,7 @@
 # Author:: Adam Jacob (<adam@opscode.com>)
 # Author:: AJ Christensen (<aj@opscode.com>)
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2008-2010 Opscode, Inc.
+# Copyright:: Copyright 2008-2015 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -55,19 +55,23 @@ class Chef
       SOURCE_URL             = 'source_url'.freeze
       ISSUES_URL             = 'issues_url'.freeze
       PRIVACY                = 'privacy'.freeze
+      CHEF_VERSIONS          = 'chef_versions'.freeze
+      OHAI_VERSIONS          = 'ohai_versions'.freeze
 
       COMPARISON_FIELDS = [ :name, :description, :long_description, :maintainer,
                             :maintainer_email, :license, :platforms, :dependencies,
                             :recommendations, :suggestions, :conflicting, :providing,
                             :replacing, :attributes, :groupings, :recipes, :version,
-                            :source_url, :issues_url, :privacy ]
+                            :source_url, :issues_url, :privacy, :chef_versions, :ohai_versions ]
 
-      VERSION_CONSTRAINTS = {:depends     => DEPENDENCIES,
-                             :recommends  => RECOMMENDATIONS,
-                             :suggests    => SUGGESTIONS,
-                             :conflicts   => CONFLICTING,
-                             :provides    => PROVIDING,
-                             :replaces    => REPLACING }
+      VERSION_CONSTRAINTS = {:depends      => DEPENDENCIES,
+                             :recommends   => RECOMMENDATIONS,
+                             :suggests     => SUGGESTIONS,
+                             :conflicts    => CONFLICTING,
+                             :provides     => PROVIDING,
+                             :replaces     => REPLACING,
+                             :chef_version => CHEF_VERSIONS,
+                             :ohai_version => OHAI_VERSIONS }
 
       include Chef::Mixin::ParamsValidate
       include Chef::Mixin::FromFile
@@ -84,6 +88,11 @@ class Chef
       attr_reader :recipes
       attr_reader :version
 
+      # @return [Array<Gem::Dependency>] Array of supported Chef versions
+      attr_reader :chef_versions
+      # @return [Array<Gem::Dependency>] Array of supported Ohai versions
+      attr_reader :ohai_versions
+
       # Builds a new Chef::Cookbook::Metadata object.
       #
       # === Parameters
@@ -118,6 +127,8 @@ class Chef
         @source_url = ''
         @issues_url = ''
         @privacy = false
+        @chef_versions = []
+        @ohai_versions = []
 
         @errors = []
       end
@@ -386,6 +397,28 @@ class Chef
         @replacing[cookbook]
       end
 
+      # Metadata DSL to set a valid chef_version.  May be declared multiple times
+      # with the result being 'OR'd such that if any statements match, the version
+      # is considered supported.  Uses Gem::Requirement for its implementation.
+      #
+      # @param version_args [Array<String>] Version constraint in String form
+      # @return [Array<Gem::Dependency>] Current chef_versions array
+      def chef_version(*version_args)
+        @chef_versions << Gem::Dependency.new('chef', *version_args) unless version_args.empty?
+        @chef_versions
+      end
+
+      # Metadata DSL to set a valid ohai_version.  May be declared multiple times
+      # with the result being 'OR'd such that if any statements match, the version
+      # is considered supported.  Uses Gem::Requirement for its implementation.
+      #
+      # @param version_args [Array<String>] Version constraint in String form
+      # @return [Array<Gem::Dependency>] Current ohai_versions array
+      def ohai_version(*version_args)
+        @ohai_versions << Gem::Dependency.new('ohai', *version_args) unless version_args.empty?
+        @ohai_versions
+      end
+
       # Adds a description for a recipe.
       #
       # === Parameters
@@ -481,6 +514,40 @@ class Chef
         @groupings[name]
       end
 
+      # Convert an Array of Gem::Dependency objects (chef_version/ohai_version) to an Array.
+      #
+      # Gem::Dependencey#to_s is not useful, and there is no #to_json defined on it or its component
+      # objets, so we have to write our own rendering method.
+      #
+      # [ Gem::Dependency.new(">= 12.5"), Gem::Dependency.new(">= 11.18.0", "< 12.0") ]
+      #
+      # results in:
+      #
+      # [ [ ">= 12.5" ], [ ">= 11.18.0", "< 12.0" ] ]
+      #
+      # @param deps [Array<Gem::Dependency>] Multiple Gem-style version constraints
+      # @return [Array<Array<String>]] Simple object representation of version constraints (for json)
+      def gem_requirements_to_array(*deps)
+        deps.map do |dep|
+          dep.requirement.requirements.map do |op, version|
+            "#{op} #{version}"
+          end.sort
+        end
+      end
+
+      # Convert an Array of Gem::Dependency objects (chef_version/ohai_version) to a hash.
+      #
+      # This is the inverse of #gem_requirements_to_array
+      #
+      # @param what [String] What version constraint we are constructing ('chef' or 'ohai' presently)
+      # @param array [Array<Array<String>]] Simple object representation of version constraints (from json)
+      # @return [Array<Gem::Dependency>] Multiple Gem-style version constraints
+      def gem_requirements_from_array(what, array)
+        array.map do |dep|
+          Gem::Dependency.new(what, *dep)
+        end
+      end
+
       def to_hash
         {
           NAME                   => self.name,
@@ -502,7 +569,9 @@ class Chef
           VERSION                => self.version,
           SOURCE_URL             => self.source_url,
           ISSUES_URL             => self.issues_url,
-          PRIVACY                => self.privacy
+          PRIVACY                => self.privacy,
+          CHEF_VERSIONS          => gem_requirements_to_array(*self.chef_versions),
+          OHAI_VERSIONS          => gem_requirements_to_array(*self.ohai_versions)
         }
       end
 
@@ -537,6 +606,8 @@ class Chef
         @source_url                   = o[SOURCE_URL] if o.has_key?(SOURCE_URL)
         @issues_url                   = o[ISSUES_URL] if o.has_key?(ISSUES_URL)
         @privacy                      = o[PRIVACY] if o.has_key?(PRIVACY)
+        @chef_versions                = gem_requirements_from_array("chef", o[CHEF_VERSIONS]) if o.has_key?(CHEF_VERSIONS)
+        @ohai_versions                = gem_requirements_from_array("ohai", o[OHAI_VERSIONS]) if o.has_key?(OHAI_VERSIONS)
         self
       end
 
@@ -612,8 +683,43 @@ class Chef
         )
       end
 
+      # Validates that the Ohai::VERSION of the running chef-client matches one of the
+      # configured ohai_version statements in this cookbooks metadata.
+      #
+      # @raises [Chef::Exceptions::CookbookOhaiVersionMismatch] if the cookbook fails validation
+      def validate_ohai_version!
+        unless gem_dep_matches?("ohai", Gem::Version.new(Ohai::VERSION), *ohai_versions)
+          raise Exceptions::CookbookOhaiVersionMismatch.new(Ohai::VERSION, name, version, *ohai_versions)
+        end
+      end
+
+      # Validates that the Chef::VERSION of the running chef-client matches one of the
+      # configured chef_version statements in this cookbooks metadata.
+      #
+      # @raises [Chef::Exceptions::CookbookChefVersionMismatch] if the cookbook fails validation
+      def validate_chef_version!
+        unless gem_dep_matches?("chef", Gem::Version.new(Chef::VERSION), *chef_versions)
+          raise Exceptions::CookbookChefVersionMismatch.new(Chef::VERSION, name, version, *chef_versions)
+        end
+      end
+
     private
 
+      # Helper to match a gem style version (ohai_version/chef_version) against a set of
+      # Gem::Dependency version constraints.  If none are present, it always matches.  if
+      # multiple are present, one must match.  Returns false if none matches.
+      #
+      # @param what [String] the name of the constraint (e.g. 'chef' or 'ohai')
+      # @param version [String] the version to compare against the constraints
+      # @param deps [Array<Gem::Dependency>] Multiple Gem-style version constraints
+      # @return [Boolean] true if no constraints or a match, false if no match
+      def gem_dep_matches?(what, version, *deps)
+        # always match if we have no chef_version at all
+        return true unless deps.length > 0
+        # match if we match any of the chef_version lines
+        deps.any? { |dep| dep.match?(what, version) }
+      end
+
       def run_validation
         if name.nil?
           @errors = ["The `name' attribute is required in cookbook metadata"]