chef 14.1.12 → 14.2.0

data/lib/chef/provider/user/linux.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright 2016-2017, Chef Software Inc.
+# Copyright:: Copyright 2016-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -85,16 +85,6 @@ class Chef
           opts
         end
 
-        def should_set?(sym)
-          current_resource.send(sym).to_s != new_resource.send(sym).to_s && new_resource.send(sym)
-        end
-
-        def updating_home?
-          return false unless new_resource.home
-          return true unless current_resource.home
-          new_resource.home && Pathname.new(current_resource.home).cleanpath != Pathname.new(new_resource.home).cleanpath
-        end
-
         def check_lock
           # there's an old bug in rhel (https://bugzilla.redhat.com/show_bug.cgi?id=578534)
           # which means that both 0 and 1 can be success.

data/lib/chef/provider/user/solaris.rb

@@ -2,7 +2,7 @@
 # Author:: Stephen Nelson-Smith (<sns@chef.io>)
 # Author:: Jon Ramsey (<jonathon.ramsey@gmail.com>)
 # Author:: Dave Eddy (<dave@daveeddy.com>)
-# Copyright:: Copyright 2012-2017, Chef Software Inc.
+# Copyright:: Copyright 2012-2018, Chef Software Inc.
 # Copyright:: Copyright 2015-2016, Dave Eddy
 # License:: Apache License, Version 2.0
 #
@@ -18,35 +18,34 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef/provider/user/useradd"
+require "chef/provider/user"
 
 class Chef
   class Provider
     class User
-      class Solaris < Chef::Provider::User::Useradd
+      class Solaris < Chef::Provider::User
         provides :solaris_user
-        provides :user, os: %w{omnios solaris2}
-        UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]].freeze
+        provides :user, os: %w{openindiana opensolaris illumos omnios solaris2 smartos}
 
-        attr_writer :password_file
-
-        def initialize(new_resource, run_context)
-          @password_file = "/etc/shadow"
-          super
-        end
+        PASSWORD_FILE = "/etc/shadow"
 
         def create_user
-          super
+          shell_out_compact!("useradd", universal_options, useradd_options, new_resource.username)
           manage_password
         end
 
         def manage_user
           manage_password
-          super
+          return if universal_options.empty? && usermod_options.empty?
+          shell_out_compact!("usermod", universal_options, usermod_options, new_resource.username)
+        end
+
+        def remove_user
+          shell_out_compact!("userdel", userdel_options, new_resource.username)
         end
 
         def check_lock
-          user = IO.read(@password_file).match(/^#{Regexp.escape(new_resource.username)}:([^:]*):/)
+          user = IO.read(PASSWORD_FILE).match(/^#{Regexp.escape(new_resource.username)}:([^:]*):/)
 
           # If we're in whyrun mode, and the user is not created, we assume it will be
           return false if whyrun_mode? && user.nil?
@@ -66,15 +65,45 @@ class Chef
 
         private
 
-        # Override the version from {#Useradd} because Solaris doesn't support
-        # system users and therefore has no `-r` option. This also inverts the
-        # logic for manage_home as Solaris defaults to no-manage-home and only
-        # offers `-m`.
-        #
-        # @since 12.15
-        # @api private
-        # @see Useradd#useradd_options
-        # @return [Array<String>]
+        def universal_options
+          opts = []
+          opts << "-c" << new_resource.comment if should_set?(:comment)
+          opts << "-g" << new_resource.gid if should_set?(:gid)
+          opts << "-s" << new_resource.shell if should_set?(:shell)
+          opts << "-u" << new_resource.uid if should_set?(:uid)
+          opts << "-d" << new_resource.home if updating_home?
+          opts << "-o" if new_resource.non_unique
+          if updating_home?
+            if new_resource.manage_home
+              logger.trace("#{new_resource} managing the users home directory")
+              opts << "-m"
+            else
+              logger.trace("#{new_resource} setting home to #{new_resource.home}")
+            end
+          end
+          opts
+        end
+
+        def usermod_options
+          opts = []
+          opts += [ "-u", new_resource.uid ] if new_resource.non_unique
+          if updating_home?
+            if new_resource.manage_home
+              opts << "-m"
+            end
+          end
+          opts
+        end
+
+        def userdel_options
+          opts = []
+          opts << "-r" if new_resource.manage_home
+          opts << "-f" if new_resource.force
+          opts
+        end
+
+        # Solaris does not support system users and has no '-r' option, solaris also
+        # lacks '-M' and defaults to no-manage-home.
         def useradd_options
           opts = []
           opts << "-m" if new_resource.manage_home
@@ -87,9 +116,11 @@ class Chef
           write_shadow_file
         end
 
+        # XXX: this was straight copypasta'd back in 2013 and I don't think we've ever evaluted using
+        # a pipe to passwd(1) or evaluating modern ruby-shadow.  See https://github.com/chef/chef/pull/721
         def write_shadow_file
           buffer = Tempfile.new("shadow", "/etc")
-          ::File.open(@password_file) do |shadow_file|
+          ::File.open(PASSWORD_FILE) do |shadow_file|
             shadow_file.each do |entry|
               user = entry.split(":").first
               if user == new_resource.username
@@ -102,7 +133,7 @@ class Chef
           buffer.close
 
           # FIXME: mostly duplicates code with file provider deploying a file
-          s = ::File.stat(@password_file)
+          s = ::File.stat(PASSWORD_FILE)
           mode = s.mode & 0o7777
           uid  = s.uid
           gid  = s.gid
@@ -110,7 +141,7 @@ class Chef
           FileUtils.chown uid, gid, buffer.path
           FileUtils.chmod mode, buffer.path
 
-          FileUtils.mv buffer.path, @password_file
+          FileUtils.mv buffer.path, PASSWORD_FILE
         end
 
         def updated_password(entry)

data/lib/chef/provider/user/useradd.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Adam Jacob (<adam@chef.io>)
-# Copyright:: Copyright 2008-2017, Chef Software Inc.
+# Copyright:: Copyright 2008-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,6 +23,9 @@ class Chef
   class Provider
     class User
       class Useradd < Chef::Provider::User
+
+        Chef::Log.warn("the Chef::Provider::User::Useradd provider is deprecated, please subclass Chef::Provider::User directly")
+
         # the linux version of this has been forked off, this is the base class now of solaris and AIX and should be abandoned
         # and those provider should be rewritten like the linux version.
 

data/lib/chef/provider/windows_task.rb

@@ -231,6 +231,7 @@ class Chef
 
         # seprated command arguments from :command property
         def set_command_and_arguments
+          new_resource.command = new_resource.command.gsub(/\\/, '\&\&')
           cmd, *args = Shellwords.split(new_resource.command)
           new_resource.command = cmd
           new_resource.command_arguments = args.join(" ")

data/lib/chef/providers.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Daniel DeLeo (<dan@chef.io>)
-# Copyright:: Copyright 2010-2016, Chef Software, Inc.
+# Copyright:: Copyright 2010-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -109,7 +109,6 @@ require "chef/provider/user/dscl"
 require "chef/provider/user/linux"
 require "chef/provider/user/pw"
 require "chef/provider/user/solaris"
-require "chef/provider/user/useradd"
 require "chef/provider/user/windows"
 
 require "chef/provider/group/aix"

data/lib/chef/resource/execute.rb

@@ -1,7 +1,7 @@
 #
 # Author:: Adam Jacob (<adam@chef.io>)
 # Author:: Tyler Cloke (<tyler@chef.io>)
-# Copyright:: Copyright 2008-2017, Chef Software Inc.
+# Copyright:: Copyright 2008-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -64,6 +64,9 @@ class Chef
 
       property :group, [ String, Integer ]
       property :live_stream, [ TrueClass, FalseClass ], default: false
+      # default_env defaults to `false` so that the command execution more exactly matches what the user gets on the command line without magic
+      property :default_env, [ TrueClass, FalseClass ], desired_state: false, default: false,
+        description: "When true this enables ENV magic to add path_sanity to the PATH and force the locale to English+UTF-8 for parsing output"
       property :returns, [ Integer, Array ], default: 0
       property :timeout, [ Integer, Float ]
       property :user, [ String, Integer ]

data/lib/chef/resource/gem_package.rb

@@ -40,7 +40,7 @@ class Chef
       # FIXME? the array form of installing paths most likely does not work?
       #
       property :source, [ String, Array ]
-      property :clear_sources, [ TrueClass, FalseClass ], default: false, desired_state: false
+      property :clear_sources, [ TrueClass, FalseClass ], default: lazy { Chef::Config[:clear_gem_sources] }, desired_state: false
       # Sets a custom gem_binary to run for gem commands.
       property :gem_binary, String, desired_state: false
 

data/lib/chef/resource/hostname.rb

@@ -116,7 +116,7 @@ class Chef
               # this must come before other methods like /etc/hostname and /etc/sysconfig/network
               declare_resource(:execute, "hostnamectl set-hostname #{new_resource.hostname}") do
                 notifies :reload, "ohai[reload hostname]"
-                not_if { shell_out!("hostnamectl status", { :returns => [0, 1] }).stdout =~ /Static hostname:\s+#{new_resource.hostname}/ }
+                not_if { shell_out!("hostnamectl status", { :returns => [0, 1] }).stdout =~ /Static hostname:\s*#{new_resource.hostname}\s*$/ }
               end
             when ::File.exist?("/etc/hostname")
               # debian family uses /etc/hostname

data/lib/chef/resource/sysctl.rb

@@ -1,6 +1,6 @@
 #
 # Copyright:: 2018, Webb Agile Solutions Ltd.
-# Copyright:: 2018, Chef Software Inc.
+# Copyright:: 2018-2018, Chef Software Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -84,6 +84,7 @@ class Chef
 
           execute "Load sysctl values" do
             command "sysctl #{'-e ' if new_resource.ignore_error}-p"
+            default_env true
             action :run
           end
         end
@@ -98,6 +99,7 @@ class Chef
             end
 
             execute "Load sysctl values" do
+              default_env true
               command "sysctl -p"
               action :run
             end

data/lib/chef/resource/windows_ad_join.rb

@@ -47,7 +47,7 @@ class Chef
                description: "The path to the OU where you would like to place the host."
 
       property :reboot, Symbol,
-               equal_to: [:immediate, :delayed, :never],
+               equal_to: [:immediate, :delayed, :never, :request_reboot, :reboot_now],
                validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the Chef run completes), and :never (Don't reboot)",
                description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the Chef run completes, or never. Note that a reboot is necessary for changes to take effect.",
                default: :immediate
@@ -71,8 +71,8 @@ class Chef
             raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.stderr}}" if ps_run.error?
 
             unless new_resource.reboot == :never
-              declare_resource(:reboot, "Reboot to join domain #{new_resource.domain_name}") do
-                action new_resource.reboot
+              reboot "Reboot to join domain #{new_resource.domain_name}" do
+                action clarify_reboot(new_resource.reboot)
                 reason "Reboot to join domain #{new_resource.domain_name}"
               end
             end
@@ -86,6 +86,19 @@ class Chef
           raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.stderr}}" if node_domain.error?
           node_domain.stdout.downcase.strip == new_resource.domain_name.downcase
         end
+
+        # This resource historically took `:immediate` and `:delayed` as arguments to the reboot property but then
+        # tried to shove that straight to the `reboot` resource which objected strenuously
+        def clarify_reboot(reboot_action)
+          case reboot_action
+          when :immediate
+            :reboot_now
+          when :delayed
+            :request_reboot
+          else
+            reboot_action
+          end
+        end
       end
     end
   end

data/lib/chef/resource_inspector.rb

@@ -24,10 +24,22 @@ require "chef/resources"
 require "chef/json_compat"
 
 module ResourceInspector
+  def self.get_default(default)
+    if default.kind_of?(Chef::DelayedEvaluator)
+      # ideally we'd get the block we pass to `lazy`, but the best we can do
+      # is to get the source location, which then results in reparsing the source
+      # code for the resource ourselves and just no
+      "lazy default"
+    else
+      default
+    end
+  end
+
   def self.extract_resource(resource, complete = false)
     data = {}
     data[:description] = resource.description
     # data[:deprecated] = resource.deprecated || false
+    data[:default_action] = resource.default_action
     data[:actions] = resource.allowed_actions
     data[:examples] = resource.examples
     data[:introduced] = resource.introduced
@@ -43,6 +55,7 @@ module ResourceInspector
       acc << { name: n, description: opts[:description],
                introduced: opts[:introduced], is: opts[:is],
                deprecated: opts[:deprecated] || false,
+               default: get_default(opts[:default]),
                name_property: opts[:name_property] || false }
     end
     data

data/lib/chef/run_context/cookbook_compiler.rb

@@ -191,7 +191,7 @@ class Chef
 
       def load_attributes_from_cookbook(cookbook_name)
         list_of_attr_files = files_in_cookbook_by_segment(cookbook_name, :attributes).dup
-        root_alias = cookbook_collection[cookbook_name].files_for(:root_files).find { |record| record[:name] == "attributes.rb" }
+        root_alias = cookbook_collection[cookbook_name].files_for(:root_files).find { |record| record[:name] == "root_files/attributes.rb" }
         default_file = list_of_attr_files.find { |path| File.basename(path) == "default.rb" }
         if root_alias
           if default_file

data/lib/chef/server_api.rb

@@ -30,9 +30,11 @@ class Chef
   class ServerAPI < Chef::HTTP
 
     def initialize(url = Chef::Config[:chef_server_url], options = {})
+      # # If making a change here, also update Chef::Knife::Raw::RawInputServerAPI.
       options[:client_name] ||= Chef::Config[:node_name]
       options[:raw_key] ||= Chef::Config[:client_key_contents]
       options[:signing_key_filename] ||= Chef::Config[:client_key] unless options[:raw_key]
+      options[:ssh_agent_signing] ||= Chef::Config[:ssh_agent_signing]
       options[:signing_key_filename] = nil if chef_zero_uri?(url)
       options[:inflate_json_class] = false
       super(url, options)

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require "chef/version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = Chef::VersionString.new("14.1.12")
+  VERSION = Chef::VersionString.new("14.2.0")
 end
 
 #

data/spec/functional/mixin/shell_out_spec.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright 2014-2016, Chef Software, Inc.
+# Copyright:: Copyright 2014-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -45,4 +45,30 @@ describe Chef::Mixin::ShellOut do
       end
     end
   end
+
+  describe "shell_out default_env: false" do
+    describe "when environment['LC_ALL'] is not set" do
+      it "should use the default shell_out setting" do
+        cmd = if windows?
+                shell_out("echo %LC_ALL%", default_env: false)
+              else
+                shell_out("echo $LC_ALL", default_env: false)
+              end
+
+        expect(cmd.stdout.chomp).to match_environment_variable("LC_ALL")
+      end
+    end
+
+    describe "when environment['LC_ALL'] is set" do
+      it "should use the option's setting" do
+        cmd = if windows?
+                shell_out("echo %LC_ALL%", :environment => { "LC_ALL" => "POSIX" }, default_env: false)
+              else
+                shell_out("echo $LC_ALL", :environment => { "LC_ALL" => "POSIX" }, default_env: false)
+              end
+
+        expect(cmd.stdout.chomp).to eq "POSIX"
+      end
+    end
+  end
 end

data/spec/functional/resource/execute_spec.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Serdar Sutay (<serdar@chef.io>)
-# Copyright:: Copyright 2014-2017, Chef Software Inc.
+# Copyright:: Copyright 2014-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -51,7 +51,7 @@ describe Chef::Resource::Execute do
 
       # why_run mode doesn't disable the updated_by_last_action logic, so we really have to look at the provider action
       # to see if why_run correctly disabled the resource.  It should shell_out! for the guard but not the resource.
-      expect_any_instance_of(Chef::Provider::Execute).to receive(:shell_out_with_systems_locale!).once
+      expect_any_instance_of(Chef::Provider::Execute).to receive(:shell_out!).once
 
       resource.only_if guard
       resource.run_action(:run)

data/spec/functional/resource/windows_task_spec.rb

@@ -68,7 +68,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
         current_resource = call_for_load_current_resource
         expect(current_resource.exists).to eq(true)
         expect(current_resource.task.application_name).to eq("chef-client")
-        expect(current_resource.task.parameters).to eq("-W -L C:\\chef\\chef-ad-join.log")
+        expect(current_resource.task.parameters).to eq("-W -L C:\\\\chef\\\\chef-ad-join.log")
       end
 
       it "does not converge the resource if it is already converged" do

data/spec/support/shared/functional/securable_resource.rb

@@ -313,7 +313,7 @@ shared_examples_for "a securable resource without existing target" do
     end
 
     it "sets owner when owner is specified with a \\" do
-      resource.owner "#{ENV['USERDOMAIN']}\\Guest"
+      resource.owner "#{ENV['COMPUTERNAME']}\\Guest"
       resource.run_action(:create)
       expect(descriptor.owner).to eq(SID.Guest)
     end