chef 14.12.9 → 14.13.11

data/lib/chef/provider/file.rb

@@ -227,7 +227,7 @@ class Chef
         elsif file_class.symlink?(path) && new_resource.manage_symlink_source
           verify_symlink_sanity(path)
         elsif file_class.symlink?(new_resource.path) && new_resource.manage_symlink_source.nil?
-          logger.warn("File #{path} managed by #{new_resource} is really a symlink. Managing the source file instead.")
+          logger.warn("File #{path} managed by #{new_resource} is really a symlink (to #{file_class.realpath(new_resource.path)}). Managing the source file instead.")
           logger.warn("Disable this warning by setting `manage_symlink_source true` on the resource")
           logger.warn("In a future Chef release, 'manage_symlink_source' will not be enabled by default")
           verify_symlink_sanity(path)

data/lib/chef/provider/service/insserv.rb

@@ -36,7 +36,9 @@ class Chef
           super
 
           # Look for a /etc/rc.*/SnnSERVICE link to signify that the service would be started in a runlevel
-          if Dir.glob("/etc/rc**/S*#{Chef::Util::PathHelper.escape_glob_dir(current_resource.service_name)}").empty?
+          service_name = Chef::Util::PathHelper.escape_glob_dir(current_resource.service_name)
+
+          if Dir.glob("/etc/rc*/**/S*#{service_name}").empty?
             current_resource.enabled false
           else
             current_resource.enabled true

data/lib/chef/resource.rb

@@ -1166,10 +1166,9 @@ class Chef
 
     # Set or return if this resource is in preview mode.
     #
-    # This is used in Chef core as part of the process of migrating resources
-    # from a cookbook into core. It should be set to `true` when a cookbook
-    # resource is added to core, and then removed (set to `false`) in the next
-    # major release.
+    # This only has value in the resource_inspector to mark a resource as being new-to-chef-core.
+    # Its meaning is probably more equivalent to "experimental" in that the API might change even
+    # in minor versions due to bugfixing and is NOT considered "stable" yet.
     #
     # @param value [nil, Boolean] If nil, get the current value. If not nil, set
     #   the value of the flag.
@@ -1346,12 +1345,6 @@ class Chef
         remove_canonical_dsl
       end
 
-      # If a resource is in preview mode, set allow_cookbook_override on all its
-      # mappings by default.
-      if preview_resource && !options.include?(:allow_cookbook_override)
-        options[:allow_cookbook_override] = true
-      end
-
       if @chef_version_for_provides && !options.include?(:chef_version)
         options[:chef_version] = @chef_version_for_provides
       end

data/lib/chef/resource/windows_feature_powershell.rb

@@ -226,7 +226,7 @@ class Chef
           # Grab raw feature information from dism command line
           # Windows < 2012 doesn't present a state value so we have to check if the feature is installed or not
           raw_list_of_features = if older_than_win_2012_or_8? # make the older format look like the new format, warts and all
-                                   powershell_out!('Get-WindowsFeature | Select-Object -Property Name, @{Name=\"InstallState\"; Expression = {If ($_.Installed) { 1 } Else { 0 }}} | ConvertTo-Json -Compress', timeout: new_resource.timeout).stdout
+                                   powershell_out!('Get-WindowsFeature | Select-Object -Property Name, @{Name="InstallState"; Expression = {If ($_.Installed) { 1 } Else { 0 }}} | ConvertTo-Json -Compress', timeout: new_resource.timeout).stdout
                                  else
                                    powershell_out!("Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress", timeout: new_resource.timeout).stdout
                                  end

data/lib/chef/resource_collection.rb

@@ -60,8 +60,9 @@ class Chef
     end
 
     def delete(key)
-      resource_list.delete(key)
-      resource_set.delete(key)
+      res = resource_set.delete(key)
+      resource_list.delete(res.to_s)
+      res
     end
 
     # @deprecated

data/lib/chef/shell.rb

@@ -214,6 +214,7 @@ module Shell
       * If no chef_shell.rb can be found, chef-shell falls back to load:
             /etc/chef/client.rb if -z option is given.
             /etc/chef/solo.rb   if --solo-legacy-mode option is given.
+            .chef/config.rb     if -s option is given.
             .chef/knife.rb      if -s option is given.
 FOOTER
 

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require "chef/version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = Chef::VersionString.new("14.12.9")
+  VERSION = Chef::VersionString.new("14.13.11")
 end
 
 #

data/lib/chef/win32/api/security.rb

@@ -140,6 +140,8 @@ class Chef
           FILE_READ_EA | SYNCHRONIZE
         FILE_GENERIC_WRITE         = STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE
         FILE_GENERIC_EXECUTE       = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE
+        WRITE                      = FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA
+        SUBFOLDERS_AND_FILES_ONLY  = INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
         # Access Token Rights (for OpenProcessToken)
         # Access Rights for Access-Token Objects (used in OpenProcessToken)
         TOKEN_ASSIGN_PRIMARY = 0x0001

data/lib/chef/win32/file.rb

@@ -89,6 +89,14 @@ class Chef
         is_symlink
       end
 
+      def self.realpath(file_name)
+        if symlink?(file_name)
+          readlink(file_name)
+        else
+          file_name
+        end
+      end
+
       # Returns the path of the of the symbolic link referred to by +file+.
       #
       # Requires Windows Vista or later. On older versions of Windows it

data/lib/chef/win32/security.rb

@@ -404,7 +404,7 @@ class Chef
         system_name = system_name.to_wstring if system_name
         if LookupAccountNameW(system_name, name.to_wstring, nil, sid_size, nil, referenced_domain_name_size, nil)
           raise "Expected ERROR_INSUFFICIENT_BUFFER from LookupAccountName, and got no error!"
-        elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
+        elsif !([NO_ERROR, ERROR_INSUFFICIENT_BUFFER].include?(FFI::LastError.error))
           Chef::ReservedNames::Win32::Error.raise!
         end
 

data/spec/data/templates/failed.erb

@@ -0,0 +1,5 @@
+This is a template
+
+Which includes some content
+
+And will fail <%= nil[] %>

data/spec/functional/assets/inittest

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+TMPDIR="${TMPDIR:-/tmp}"
+
+function create_chef_txt {
+        touch $TMPDIR/inittest.txt
+}
+
+function delete_chef_txt {
+        rm $TMPDIR/inittest.txt
+}
+
+function rename_chef_txt {
+        mv $TMPDIR/inittest.txt $TMPDIR/$1
+}
+
+case "$1" in
+start )
+        create_chef_txt
+        ;;
+stop )
+        delete_chef_txt
+        ;;
+status )
+        [ -f $TMPDIR/inittest.txt ] || [ -f $TMPDIR/inittest_reload.txt ] || [ -f $TMPDIR/inittest_restart.txt ]
+        ;;
+reload )
+        rename_chef_txt "inittest_reload.txt"
+        ;;
+restart )
+        rename_chef_txt "inittest_restart.txt"
+        ;;
+* )
+        echo "Usage: $0 (start | stop | restart | reload)"
+        exit 1
+esac

data/spec/functional/resource/insserv_spec.rb

@@ -0,0 +1,205 @@
+# encoding: UTF-8
+#
+# Author:: Dheeraj Dubey (<dheeraj.dubey@msystechnologies.com>)
+# Copyright:: Copyright 2009-2019, Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "functional/resource/base"
+require "chef/mixin/shell_out"
+require "fileutils"
+
+describe Chef::Resource::Service, :requires_root, :sles11 do
+
+  include Chef::Mixin::ShellOut
+
+  def service_should_be_enabled
+    expect(shell_out!("/sbin/insserv -r -f #{new_resource.service_name}").exitstatus).to eq(0)
+    expect(shell_out!("/sbin/insserv -d -f #{new_resource.service_name}").exitstatus).to eq(0)
+    !Dir.glob("/etc/rc*/**/S*#{service_name}").empty?
+  end
+
+  def service_should_be_disabled
+    expect(shell_out!("/sbin/insserv -r -f #{new_resource.service_name}").exitstatus).to eq(0)
+    Dir.glob("/etc/rc*/**/S*#{service_name}").empty?
+  end
+
+  # Platform specific validation routines.
+  def service_should_be_started(file_name)
+    # The existence of this file indicates that the service was started.
+    expect(File.exists?("#{Dir.tmpdir}/#{file_name}")).to be_truthy
+  end
+
+  def service_should_be_stopped(file_name)
+    expect(File.exists?("#{Dir.tmpdir}/#{file_name}")).to be_falsey
+  end
+
+  def delete_test_files
+    files = Dir.glob("#{Dir.tmpdir}/init[a-z_]*.txt")
+    File.delete(*files)
+  end
+
+  # Actual tests
+  let(:new_resource) do
+    new_resource = Chef::Resource::Service.new("inittest", run_context)
+    new_resource.provider Chef::Provider::Service::Insserv
+    new_resource.supports({ status: true, restart: true, reload: true })
+    new_resource
+  end
+
+  let(:provider) do
+    provider = new_resource.provider_for_action(new_resource.action)
+    provider
+  end
+
+  let (:service_name) { "Chef::Util::PathHelper.escape_glob_dir(current_resource.service_name)" }
+
+  let(:current_resource) do
+    provider.load_current_resource
+    provider.current_resource
+  end
+
+  before(:all) do
+    File.delete("/etc/init.d/inittest") if File.exists?("/etc/init.d/inittest")
+    FileUtils.cp((File.join(File.dirname(__FILE__), "/../assets/inittest")).to_s, "/etc/init.d/inittest")
+  end
+
+  after(:all) do
+    File.delete("/etc/init.d/inittest") if File.exists?("/etc/init.d/inittest")
+  end
+
+  before(:each) do
+    delete_test_files
+  end
+
+  after(:each) do
+    delete_test_files
+  end
+
+  describe "start service" do
+    it "should start the service" do
+      new_resource.run_action(:start)
+      service_should_be_started("inittest.txt")
+      expect(new_resource).to be_updated_by_last_action
+    end
+
+    it "should be idempotent" do
+      new_resource.run_action(:start)
+      service_should_be_started("inittest.txt")
+      expect(new_resource).to be_updated_by_last_action
+      new_resource.run_action(:start)
+      service_should_be_started("inittest.txt")
+      expect(new_resource).not_to be_updated_by_last_action
+    end
+  end
+
+  describe "stop service" do
+    before do
+      new_resource.run_action(:start)
+    end
+
+    it "should stop the service" do
+      new_resource.run_action(:stop)
+      service_should_be_stopped("inittest.txt")
+      expect(new_resource).to be_updated_by_last_action
+    end
+
+    it "should be idempotent" do
+      new_resource.run_action(:stop)
+      service_should_be_stopped("inittest.txt")
+      expect(new_resource).to be_updated_by_last_action
+      new_resource.run_action(:stop)
+      service_should_be_stopped("inittest.txt")
+      expect(new_resource).not_to be_updated_by_last_action
+    end
+  end
+
+  describe "restart service" do
+    before do
+      new_resource.run_action(:start)
+    end
+
+    it "should restart the service" do
+      new_resource.run_action(:restart)
+      service_should_be_started("inittest_restart.txt")
+      expect(new_resource).to be_updated_by_last_action
+    end
+
+    it "should be idempotent" do
+      skip "FIXME: restart is not idempotent"
+      new_resource.run_action(:restart)
+      service_should_be_disabled
+      expect(new_resource).to be_updated_by_last_action
+      new_resource.run_action(:restart)
+      service_should_be_disabled
+      expect(new_resource).not_to be_updated_by_last_action
+    end
+  end
+
+  describe "reload service" do
+    before do
+      new_resource.run_action(:start)
+    end
+
+    it "should reload the service" do
+      new_resource.run_action(:reload)
+      service_should_be_started("inittest_reload.txt")
+      expect(new_resource).to be_updated_by_last_action
+    end
+
+    it "should be idempotent" do
+      skip "FIXME: reload is not idempotent"
+      new_resource.run_action(:reload)
+      service_should_be_disabled
+      expect(new_resource).to be_updated_by_last_action
+      new_resource.run_action(:reload)
+      service_should_be_disabled
+      expect(new_resource).not_to be_updated_by_last_action
+    end
+  end
+
+  describe "enable service" do
+    it "should enable the service" do
+      new_resource.run_action(:enable)
+      service_should_be_enabled
+      expect(new_resource).to be_updated_by_last_action
+    end
+
+    it "should be idempotent" do
+      new_resource.run_action(:enable)
+      service_should_be_enabled
+      new_resource.run_action(:enable)
+      service_should_be_enabled
+      expect(new_resource).not_to be_updated_by_last_action
+    end
+  end
+
+  describe "disable_service" do
+    it "should disable the service" do
+      new_resource.run_action(:disable)
+      service_should_be_disabled
+      expect(new_resource).to be_updated_by_last_action
+    end
+
+    it "should be idempotent" do
+      new_resource.run_action(:disable)
+      service_should_be_disabled
+      new_resource.run_action(:disable)
+      service_should_be_disabled
+      expect(new_resource).not_to be_updated_by_last_action
+    end
+  end
+end

data/spec/functional/resource/link_spec.rb

@@ -417,11 +417,11 @@ describe Chef::Resource::Link do
 
         it_behaves_like "a securable resource without existing target" do
           let(:path) { target_file }
-          def allowed_acl(sid, expected_perms)
+          def allowed_acl(sid, expected_perms, _flags = 0)
             [ ACE.access_allowed(sid, expected_perms[:specific]) ]
           end
 
-          def denied_acl(sid, expected_perms)
+          def denied_acl(sid, expected_perms, _flags = 0)
             [ ACE.access_denied(sid, expected_perms[:specific]) ]
           end
 

data/spec/spec_helper.rb

@@ -172,6 +172,7 @@ RSpec.configure do |config|
   config.filter_run_excluding linux_only: true unless linux?
   config.filter_run_excluding aix_only: true unless aix?
   config.filter_run_excluding suse_only: true unless suse?
+  config.filter_run_excluding sles11: true unless sles11?
   config.filter_run_excluding debian_family_only: true unless debian_family?
   config.filter_run_excluding supports_cloexec: true unless supports_cloexec?
   config.filter_run_excluding selinux_only: true unless selinux_enabled?

data/spec/support/platform_helpers.rb

@@ -175,6 +175,10 @@ def rhel6?
   rhel? && !!(ohai[:platform_version].to_i == 6)
 end
 
+def sles11?
+  suse? && !!(ohai[:platform_version].to_i == 11)
+end
+
 def rhel7?
   rhel? && !!(ohai[:platform_version].to_i == 7)
 end

data/spec/support/shared/functional/directory_resource.rb

@@ -65,18 +65,20 @@ shared_examples_for "a directory resource" do
     end
 
     # Set up the context for security tests
-    def allowed_acl(sid, expected_perms)
-      [
-       ACE.access_allowed(sid, expected_perms[:specific]),
-       ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE)),
-      ]
+    def allowed_acl(sid, expected_perms, flags = 0)
+      acl = [ ACE.access_allowed(sid, expected_perms[:specific], flags) ]
+      if expected_perms[:generic]
+        acl << ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::SUBFOLDERS_AND_FILES_ONLY))
+      end
+      acl
     end
 
-    def denied_acl(sid, expected_perms)
-      [
-       ACE.access_denied(sid, expected_perms[:specific]),
-       ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE)),
-      ]
+    def denied_acl(sid, expected_perms, flags = 0)
+      acl = [ ACE.access_denied(sid, expected_perms[:specific], flags) ]
+      if expected_perms[:generic]
+        acl << ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::SUBFOLDERS_AND_FILES_ONLY))
+      end
+      acl
     end
 
     def parent_inheritable_acls

data/spec/support/shared/functional/file_resource.rb

@@ -899,11 +899,11 @@ shared_examples_for "a configured file resource" do
   end
 
   # Set up the context for security tests
-  def allowed_acl(sid, expected_perms)
+  def allowed_acl(sid, expected_perms, _flags = 0)
     [ ACE.access_allowed(sid, expected_perms[:specific]) ]
   end
 
-  def denied_acl(sid, expected_perms)
+  def denied_acl(sid, expected_perms, _flags = 0)
     [ ACE.access_denied(sid, expected_perms[:specific]) ]
   end