chef 12.5.1 → 12.6.0

data/lib/chef/event_dispatch/base.rb

@@ -384,6 +384,9 @@ class Chef
       def deprecation(message, location=caller(2..2)[0])
       end
 
+      def run_list_expanded(run_list_expansion)
+      end
+
       # An uncategorized message. This supports the case that a user needs to
       # pass output that doesn't fit into one of the callbacks above. Note that
       # there's no semantic information about the content or importance of the

data/lib/chef/event_dispatch/dispatcher.rb

@@ -20,6 +20,11 @@ class Chef
         @subscribers << subscriber
       end
 
+      # Check to see if we are dispatching to a formatter
+      def formatter?
+        @subscribers.any? { |s| s.respond_to?(:is_formatter?) && s.is_formatter? }
+      end
+
       ####
       # All messages are unconditionally forwarded to all subscribers, so just
       # define the forwarding in one go:

data/lib/chef/event_dispatch/events_output_stream.rb

@@ -21,6 +21,14 @@ class Chef
         events.stream_output(self, str, options)
       end
 
+      def <<(str)
+        events.stream_output(self, str, options)
+      end
+
+      def write(str)
+        events.stream_output(self, str, options)
+      end
+
       def close
         events.stream_closed(self, options)
       end

data/lib/chef/exceptions.rb

@@ -2,7 +2,7 @@
 # Author:: Adam Jacob (<adam@opscode.com>)
 # Author:: Seth Falcon (<seth@opscode.com>)
 # Author:: Kyle Goodwin (<kgoodwin@primerevenue.com>)
-# Copyright:: Copyright 2008-2010 Opscode, Inc.
+# Copyright:: Copyright 2008-2015 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -74,6 +74,11 @@ class Chef
     class InvalidPrivateKey < ArgumentError; end
     class MissingKeyAttribute < ArgumentError; end
     class KeyCommandInputError < ArgumentError; end
+    class BootstrapCommandInputError < ArgumentError
+      def initialize
+        super "You cannot pass both --json-attributes and --json-attribute-file. Please pass one or none."
+      end
+    end
     class InvalidKeyArgument < ArgumentError; end
     class InvalidKeyAttribute < ArgumentError; end
     class InvalidUserAttribute < ArgumentError; end
@@ -164,6 +169,7 @@ class Chef
     class LCMParser < RuntimeError; end
 
     class CannotDetermineHomebrewOwner < Package; end
+    class CannotDetermineWindowsInstallerType < Package; end
 
     # Can not create staging file during file deployment
     class FileContentStagingError < RuntimeError
@@ -477,6 +483,20 @@ class Chef
       end
     end
 
+    class CookbookChefVersionMismatch < RuntimeError
+      def initialize(chef_version, cookbook_name, cookbook_version, *constraints)
+        constraint_str = constraints.map { |c| c.requirement.as_list.to_s }.join(', ')
+        super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on chef version #{constraint_str}, but the running chef version is #{chef_version}"
+      end
+    end
+
+    class CookbookOhaiVersionMismatch < RuntimeError
+      def initialize(ohai_version, cookbook_name, cookbook_version, *constraints)
+        constraint_str = constraints.map { |c| c.requirement.as_list.to_s }.join(', ')
+        super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on ohai version #{constraint_str}, but the running ohai version is #{ohai_version}"
+      end
+    end
+
     class MultipleDscResourcesFound < RuntimeError
       attr_reader :resources_found
       def initialize(resources_found)

data/lib/chef/file_access_control/unix.rb

@@ -79,18 +79,18 @@ class Chef
       def should_update_owner?
         if target_uid.nil?
           # the user has not specified a permission on the new resource, so we never manage it with FAC
-          Chef::Log.debug("found target_uid == nil, so no owner was specified on resource, not managing owner")
+          Chef::Log.debug("Found target_uid == nil, so no owner was specified on resource, not managing owner")
           return false
         elsif current_uid.nil?
           # the user has specified a permission, and we are creating a file, so always enforce permissions
-          Chef::Log.debug("found current_uid == nil, so we are creating a new file, updating owner")
+          Chef::Log.debug("Found current_uid == nil, so we are creating a new file, updating owner")
           return true
         elsif target_uid != current_uid
           # the user has specified a permission, and it does not match the file, so fix the permission
-          Chef::Log.debug("found target_uid != current_uid, updating owner")
+          Chef::Log.debug("Found target_uid != current_uid, updating owner")
           return true
         else
-          Chef::Log.debug("found target_uid == current_uid, not updating owner")
+          Chef::Log.debug("Found target_uid == current_uid, not updating owner")
           # the user has specified a permission, but it matches the file, so behave idempotently
           return false
         end
@@ -138,18 +138,18 @@ class Chef
       def should_update_group?
         if target_gid.nil?
           # the user has not specified a permission on the new resource, so we never manage it with FAC
-          Chef::Log.debug("found target_gid == nil, so no group was specified on resource, not managing group")
+          Chef::Log.debug("Found target_gid == nil, so no group was specified on resource, not managing group")
           return false
         elsif current_gid.nil?
           # the user has specified a permission, and we are creating a file, so always enforce permissions
-          Chef::Log.debug("found current_gid == nil, so we are creating a new file, updating group")
+          Chef::Log.debug("Found current_gid == nil, so we are creating a new file, updating group")
           return true
         elsif target_gid != current_gid
           # the user has specified a permission, and it does not match the file, so fix the permission
-          Chef::Log.debug("found target_gid != current_gid, updating group")
+          Chef::Log.debug("Found target_gid != current_gid, updating group")
           return true
         else
-          Chef::Log.debug("found target_gid == current_gid, not updating group")
+          Chef::Log.debug("Found target_gid == current_gid, not updating group")
           # the user has specified a permission, but it matches the file, so behave idempotently
           return false
         end
@@ -187,20 +187,20 @@ class Chef
       def should_update_mode?
         if target_mode.nil?
           # the user has not specified a permission on the new resource, so we never manage it with FAC
-          Chef::Log.debug("found target_mode == nil, so no mode was specified on resource, not managing mode")
+          Chef::Log.debug("Found target_mode == nil, so no mode was specified on resource, not managing mode")
           return false
         elsif current_mode.nil?
           # the user has specified a permission, and we are creating a file, so always enforce permissions
-          Chef::Log.debug("found current_mode == nil, so we are creating a new file, updating mode")
+          Chef::Log.debug("Found current_mode == nil, so we are creating a new file, updating mode")
           return true
         elsif target_mode != current_mode
           # the user has specified a permission, and it does not match the file, so fix the permission
-          Chef::Log.debug("found target_mode != current_mode, updating mode")
+          Chef::Log.debug("Found target_mode != current_mode, updating mode")
           return true
         elsif suid_bit_set? and (should_update_group? or should_update_owner?)
           return true
         else
-          Chef::Log.debug("found target_mode == current_mode, not updating mode")
+          Chef::Log.debug("Found target_mode == current_mode, not updating mode")
           # the user has specified a permission, but it matches the file, so behave idempotently
           return false
         end

data/lib/chef/file_content_management/deploy/cp.rb

@@ -34,12 +34,12 @@ class Chef
       #
       class Cp
         def create(file)
-          Chef::Log.debug("touching #{file} to create it")
+          Chef::Log.debug("Touching #{file} to create it")
           FileUtils.touch(file)
         end
 
         def deploy(src, dst)
-          Chef::Log.debug("copying temporary file #{src} into place at #{dst}")
+          Chef::Log.debug("Copying temporary file #{src} into place at #{dst}")
           FileUtils.cp(src, dst)
         end
       end

data/lib/chef/file_content_management/deploy/mv_unix.rb

@@ -30,19 +30,19 @@ class Chef
         def create(file)
           # this is very simple, but it ensures that ownership and file modes take
           # good defaults, in particular mode needs to obey umask on create
-          Chef::Log.debug("touching #{file} to create it")
+          Chef::Log.debug("Touching #{file} to create it")
           FileUtils.touch(file)
         end
 
         def deploy(src, dst)
           # we are only responsible for content so restore the dst files perms
-          Chef::Log.debug("reading modes from #{dst} file")
+          Chef::Log.debug("Reading modes from #{dst} file")
           stat = ::File.stat(dst)
           mode = stat.mode & 07777
           uid  = stat.uid
           gid  = stat.gid
 
-          Chef::Log.debug("applying mode = #{mode.to_s(8)}, uid = #{uid}, gid = #{gid} to #{src}")
+          Chef::Log.debug("Applying mode = #{mode.to_s(8)}, uid = #{uid}, gid = #{gid} to #{src}")
 
           # i own the inode, so should be able to at least chmod it
           ::File.chmod(mode, src)
@@ -67,7 +67,7 @@ class Chef
             Chef::Log.warn("Could not set gid = #{gid} on #{src}, file modes not preserved")
           end
 
-          Chef::Log.debug("moving temporary file #{src} into place at #{dst}")
+          Chef::Log.debug("Moving temporary file #{src} into place at #{dst}")
           FileUtils.mv(src, dst)
         end
       end

data/lib/chef/file_content_management/deploy/mv_windows.rb

@@ -35,7 +35,7 @@ class Chef
         ACL = Security::ACL
 
         def create(file)
-          Chef::Log.debug("touching #{file} to create it")
+          Chef::Log.debug("Touching #{file} to create it")
           FileUtils.touch(file)
         end
 

data/lib/chef/formatters/base.rb

@@ -215,6 +215,10 @@ class Chef
       def deprecation(message, location=caller(2..2)[0])
         Chef::Log.deprecation("#{message} at #{location}")
       end
+
+      def is_formatter?
+        true
+      end
     end
 
 
@@ -225,6 +229,9 @@ class Chef
 
       cli_name(:null)
 
+      def is_formatter?
+        false
+      end
     end
 
   end

data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb

@@ -108,7 +108,7 @@ class Chef
         def culprit_backtrace_entry
           @culprit_backtrace_entry ||= begin
              bt_entry = filtered_bt.first
-             Chef::Log.debug("backtrace entry for compile error: '#{bt_entry}'")
+             Chef::Log.debug("Backtrace entry for compile error: '#{bt_entry}'")
              bt_entry
           end
         end
@@ -138,7 +138,7 @@ class Chef
             begin
               filters = Array(Chef::Config.cookbook_path).map {|p| /^#{Regexp.escape(p)}/i }
               r = exception.backtrace.select {|line| filters.any? {|filter| line =~ filter }}
-              Chef::Log.debug("filtered backtrace of compile error: #{r.join(",")}")
+              Chef::Log.debug("Filtered backtrace of compile error: #{r.join(",")}")
               r
             end
         end

data/lib/chef/formatters/indentable_output_stream.rb

@@ -50,6 +50,11 @@ class Chef
         print(string, from_args(args, :start_line => true, :end_line => true))
       end
 
+      # Print a raw chunk
+      def <<(obj)
+        print(obj)
+      end
+
       # Print a string.
       #
       # == Arguments

data/lib/chef/http.rb

@@ -5,7 +5,7 @@
 # Author:: Christopher Brown (<cb@opscode.com>)
 # Author:: Christopher Walters (<cw@opscode.com>)
 # Author:: Daniel DeLeo (<dan@opscode.com>)
-# Copyright:: Copyright (c) 2009, 2010, 2013 Opscode, Inc.
+# Copyright:: Copyright (c) 2009, 2010, 2013-2015 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -25,7 +25,6 @@ require 'tempfile'
 require 'net/https'
 require 'uri'
 require 'chef/http/basic_client'
-require 'chef/http/socketless_chef_zero_client'
 require 'chef/monkey_patches/net_http'
 require 'chef/config'
 require 'chef/platform/query_helpers'
@@ -75,6 +74,7 @@ class Chef
     attr_reader :sign_on_redirect
     attr_reader :redirect_limit
 
+    attr_reader :options
     attr_reader :middlewares
 
     # Create a HTTP client object. The supplied +url+ is used as the base for
@@ -87,6 +87,7 @@ class Chef
       @sign_on_redirect = true
       @redirects_followed = 0
       @redirect_limit = 10
+      @options = options
 
       @middlewares = []
       self.class.middlewares.each do |middleware_class|
@@ -198,6 +199,14 @@ class Chef
     def http_client(base_url=nil)
       base_url ||= url
       if chef_zero_uri?(base_url)
+        # PERFORMANCE CRITICAL: *MUST* lazy require here otherwise we load up webrick
+        # via chef-zero and that hits DNS (at *require* time) which may timeout,
+        # when for most knife/chef-client work we never need/want this loaded.
+        Thread.exclusive {
+          unless defined?(SocketlessChefZeroClient)
+            require 'chef/http/socketless_chef_zero_client'
+          end
+        }
         SocketlessChefZeroClient.new(base_url)
       else
         BasicClient.new(base_url, :ssl_policy => Chef::HTTP::APISSLPolicy)
@@ -307,7 +316,7 @@ class Chef
           end
           return [response, request, return_value]
         end
-      rescue SocketError, Errno::ETIMEDOUT => e
+      rescue SocketError, Errno::ETIMEDOUT, Errno::ECONNRESET => e
         if http_retry_count - http_attempts + 1 > 0
           Chef::Log.error("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
           sleep(http_retry_delay)
@@ -329,6 +338,13 @@ class Chef
           retry
         end
         raise Timeout::Error, "Timeout connecting to #{url}, giving up"
+      rescue OpenSSL::SSL::SSLError => e
+        if (http_retry_count - http_attempts + 1 > 0) && !e.message.include?("certificate verify failed")
+          Chef::Log.error("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
+          sleep(http_retry_delay)
+          retry
+        end
+        raise OpenSSL::SSL::SSLError, "SSL Error connecting to #{url} - #{e.message}"
       end
     end
 

data/lib/chef/http/decompressor.rb

@@ -79,10 +79,10 @@ class Chef
         else
           case response[CONTENT_ENCODING]
           when GZIP
-            Chef::Log.debug "decompressing gzip response"
+            Chef::Log.debug "Decompressing gzip response"
             Zlib::Inflate.new(Zlib::MAX_WBITS + 16).inflate(response.body)
           when DEFLATE
-            Chef::Log.debug "decompressing deflate response"
+            Chef::Log.debug "Decompressing deflate response"
             Zlib::Inflate.inflate(response.body)
           else
             response.body

data/lib/chef/json_compat.rb

@@ -41,6 +41,7 @@ class Chef
     CHEF_RESOURCECOLLECTION = "Chef::ResourceCollection".freeze
     CHEF_RESOURCESET        = "Chef::ResourceCollection::ResourceSet".freeze
     CHEF_RESOURCELIST       = "Chef::ResourceCollection::ResourceList".freeze
+    CHEF_RUNLISTEXPANSION   = "Chef::RunListExpansion".freeze
 
     class <<self
 

data/lib/chef/knife.rb

@@ -87,7 +87,16 @@ class Chef
     def self.inherited(subclass)
       unless subclass.unnamed?
         subcommands[subclass.snake_case_name] = subclass
-        subcommand_files[subclass.snake_case_name] += [caller[0].split(/:\d+/).first]
+        subcommand_files[subclass.snake_case_name] +=
+          if subclass.superclass.to_s == "Chef::ChefFS::Knife"
+            # ChefFS-based commands have a superclass that defines an
+            # inhereited method which calls super. This means that the
+            # top of the call stack is not the class definition for
+            # our subcommand.  Try the second entry in the call stack.
+            [path_from_caller(caller[1])]
+          else
+            [path_from_caller(caller[0])]
+          end
       end
     end
 
@@ -221,6 +230,10 @@ class Chef
 
     OFFICIAL_PLUGINS = %w[ec2 rackspace windows openstack terremark bluebox]
 
+    def self.path_from_caller(caller_line)
+      caller_line.split(/:\d+/).first
+    end
+
     # :nodoc:
     # Error out and print usage. probably because the arguments given by the
     # user could not be resolved to a subcommand.
@@ -293,7 +306,7 @@ class Chef
 
       # copy Mixlib::CLI over so that it can be configured in knife.rb
       # config file
-      Chef::Config[:verbosity] = config[:verbosity]
+      Chef::Config[:verbosity] = config[:verbosity] if config[:verbosity]
     end
 
     def parse_options(args)
@@ -388,6 +401,7 @@ class Chef
 
       merge_configs
       apply_computed_config
+      Chef::Config.export_proxies
       # This has to be after apply_computed_config so that Mixlib::Log is configured
       Chef::Log.info("Using configuration from #{config[:config_file]}") if config[:config_file]
     end

data/lib/chef/knife/bootstrap.rb

@@ -42,7 +42,7 @@ class Chef
         Chef::Knife::Ssh.load_deps
       end
 
-      banner "knife bootstrap FQDN (options)"
+      banner "knife bootstrap [SSH_USER@]FQDN (options)"
 
       option :ssh_user,
         :short => "-x USERNAME",
@@ -74,8 +74,12 @@ class Chef
         :boolean => true
 
       option :identity_file,
-        :short => "-i IDENTITY_FILE",
         :long => "--identity-file IDENTITY_FILE",
+        :description => "The SSH identity file used for authentication. [DEPRECATED] Use --ssh-identity-file instead."
+
+      option :ssh_identity_file,
+        :short => "-i IDENTITY_FILE",
+        :long => "--ssh-identity-file IDENTITY_FILE",
         :description => "The SSH identity file used for authentication"
 
       option :chef_node_name,
@@ -122,6 +126,11 @@ class Chef
         :description => "Execute the bootstrap via sudo",
         :boolean => true
 
+      option :preserve_home,
+        :long => "--sudo-preserve-home",
+        :description => "Preserve non-root user HOME environment variable with sudo",
+        :boolean => true
+
       option :use_sudo_password,
         :long => "--use-sudo-password",
         :description => "Execute the bootstrap via sudo with password",
@@ -164,7 +173,13 @@ class Chef
         :long => "--json-attributes",
         :description => "A JSON string to be added to the first run of chef-client",
         :proc => lambda { |o| Chef::JSONCompat.parse(o) },
-        :default => {}
+        :default => nil
+
+      option :first_boot_attributes_from_file,
+        :long => "--json-attribute-file FILE",
+        :description => "A JSON file to be used to the first run of chef-client",
+        :proc => lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
+        :default => nil
 
       option :host_key_verify,
         :long => "--[no-]host-key-verify",
@@ -256,13 +271,25 @@ class Chef
         "chef-full"
       end
 
+      def host_descriptor
+        Array(@name_args).first
+      end
+
       # The server_name is the DNS or IP we are going to connect to, it is not necessarily
       # the node name, the fqdn, or the hostname of the server.  This is a public API hook
       # which knife plugins use or inherit and override.
       #
       # @return [String] The DNS or IP that bootstrap will connect to
       def server_name
-        Array(@name_args).first
+        if host_descriptor
+          @server_name ||= host_descriptor.split('@').reverse[0]
+        end
+      end
+
+      def user_name
+        if host_descriptor
+          @user_name ||= host_descriptor.split('@').reverse[1]
+        end
       end
 
       def bootstrap_template
@@ -317,13 +344,22 @@ class Chef
         )
       end
 
+      def first_boot_attributes
+        @config[:first_boot_attributes] || @config[:first_boot_attributes_from_file] || {}
+      end
+
       def render_template
+        @config[:first_boot_attributes] = first_boot_attributes
         template_file = find_template
         template = IO.read(template_file).chomp
         Erubis::Eruby.new(template).evaluate(bootstrap_context)
       end
 
       def run
+        if @config[:first_boot_attributes] && @config[:first_boot_attributes_from_file]
+          raise Chef::Exceptions::BootstrapCommandInputError
+        end
+
         validate_name_args!
         validate_options!
 
@@ -358,7 +394,7 @@ class Chef
           if config[:ssh_password]
             raise
           else
-            ui.info("Failed to authenticate #{config[:ssh_user]} - trying password auth")
+            ui.info("Failed to authenticate #{knife_ssh.config[:ssh_user]} - trying password auth")
             knife_ssh_with_password_auth.run
           end
         end
@@ -389,12 +425,12 @@ class Chef
         ssh = Chef::Knife::Ssh.new
         ssh.ui = ui
         ssh.name_args = [ server_name, ssh_command ]
-        ssh.config[:ssh_user] = config[:ssh_user]
+        ssh.config[:ssh_user] = user_name || config[:ssh_user]
         ssh.config[:ssh_password] = config[:ssh_password]
         ssh.config[:ssh_port] = config[:ssh_port]
         ssh.config[:ssh_gateway] = config[:ssh_gateway]
         ssh.config[:forward_agent] = config[:forward_agent]
-        ssh.config[:identity_file] = config[:identity_file]
+        ssh.config[:ssh_identity_file] = config[:ssh_identity_file] || config[:identity_file]
         ssh.config[:manual] = true
         ssh.config[:host_key_verify] = config[:host_key_verify]
         ssh.config[:on_error] = :raise
@@ -403,7 +439,7 @@ class Chef
 
       def knife_ssh_with_password_auth
         ssh = knife_ssh
-        ssh.config[:identity_file] = nil
+        ssh.config[:ssh_identity_file] = nil
         ssh.config[:ssh_password] = ssh.get_password
         ssh
       end
@@ -412,7 +448,8 @@ class Chef
         command = render_template
 
         if config[:use_sudo]
-          command = config[:use_sudo_password] ? "echo '#{config[:ssh_password]}' | sudo -SH #{command}" : "sudo -H #{command}"
+          sudo_prefix = config[:use_sudo_password] ? "echo '#{config[:ssh_password]}' | sudo -S " : "sudo "
+          command = config[:preserve_home] ? "#{sudo_prefix} #{command}" : "#{sudo_prefix} -H #{command}" 
         end
 
         command
@@ -422,7 +459,15 @@ class Chef
 
       # True if policy_name and run_list are both given
       def policyfile_and_run_list_given?
-        !config[:run_list].empty? && !!config[:policy_name]
+        run_list_given? && policyfile_options_given?
+      end
+
+      def run_list_given?
+        !config[:run_list].nil? && !config[:run_list].empty?
+      end
+
+      def policyfile_options_given?
+        !!config[:policy_name]
       end
 
       # True if one of policy_name or policy_group was given, but not both