chef 15.0.293-universal-mingw32 → 15.0.298-universal-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e6a822d304cc36f7db133a02494760145395264d85b7867dbe8a0e2984b18ad6
-  data.tar.gz: 7c6a6b80779eab8964f88e565d27e4a53c7001015dc69fa021fd6c0ef12e2bcd
+  metadata.gz: c10389685690b3412374156b687dd8a87ff02bb495f32570a0fa33ef25dc9bdf
+  data.tar.gz: 729b33c025af44c37f7f9f6091c8a5ca03904b45a654307c89590d9d7a75fc03
 SHA512:
-  metadata.gz: ae068fc8b01f9f08d8d13781dec21fe4f9afc0a80dc32f6edf67bf47474477d7993e332f4a5bf2e5bf1f0bfb2ea3b2d4f5d26ae436531894e70062c9e5642c22
-  data.tar.gz: 4d63fd3ec06a938e0dba599a9bf4ed1e6f5a3bc06c3fae5e63cca4f53c2fc035e932101bf8706fbafed749ecfabe48627957ab9cc64a78faef60678830ad233d
+  metadata.gz: c2f72876a8a9d4e554eca0aa39722d06bf64906530a9c662129a1c6ec8877ec1bab3c1af68e4c898da854eb07194198eb3cf88846599008759ba3af99da80ee9
+  data.tar.gz: 93eefee2050f499f0c9c51744a95e40014f7c271171508905ca7441548995f147254f88e542607637a20a1dee71a8ac3df711bdf01f1e99e69bf3977bf5cec50

data/lib/chef/knife/bootstrap.rb

@@ -61,7 +61,6 @@ class Chef
       option :session_timeout,
         long: "--session-timeout SECONDS",
         description: "The number of seconds to wait for each connection operation to be acknowledged while running bootstrap.",
-        proc: Proc.new { |protocol| Chef::Config[:knife][:session_timeout] = protocol },
         default: 60
 
       # WinRM Authentication
@@ -572,7 +571,7 @@ class Chef
           chef_vault_handler.run(client_builder.client)
         else
           ui.info <<~EOM
-            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
+            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
             Delete your validation key in order to use your user credentials for client registration instead.
           EOM
 
@@ -596,27 +595,28 @@ class Chef
         ui.info("Connecting to #{ui.color(server_name, :bold)}")
         opts = connection_opts.dup
         do_connect(opts)
-      rescue Train::Transports::SSHFailed => e
-        if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/
+      rescue Train::Error => e
+        # We handle these by message text only because train only loads the
+        # transports and protocols that it needs - so the exceptions may not be defined,
+        # and we don't want to require files internal to train.
+        if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/ # Train::Transports::SSHFailed
           fingerprint = $1
           hostname, ip = $2.split(",")
           # TODO: convert the SHA256 base64 value to hex with colons
           # 'ssh' example output:
           # RSA key fingerprint is e5:cb:c0:e2:21:3b:12:52:f8:ce:cb:00:24:e2:0c:92.
           # ECDSA key fingerprint is 5d:67:61:08:a9:d7:01:fd:5e:ae:7e:09:40:ef:c0:3c.
-          puts "The authenticity of host '#{hostname} (#{ip})' can't be established."
-          puts "fingerprint is #{fingerprint}."
-          ui.confirm("Are you sure you want to continue connecting") # will exit 3 on N
+          # will exit 3 on N
+          ui.confirm <<~EOM
+            The authenticity of host '#{hostname} (#{ip})' can't be established.
+            fingerprint is #{fingerprint}.
+
+            Are you sure you want to continue connecting
+          EOM
           # FIXME: this should save the key to known_hosts but doesn't appear to be
           config[:ssh_verify_host_key] = :accept_new
-          connection_opts(reset: true)
-          retry
-        end
-
-        raise e
-      rescue Train::Error => e
-        require "net/ssh"
-        if e.cause && e.cause.class == Net::SSH::AuthenticationFailed
+          do_connect(connection_opts(reset: true))
+        elsif ssh? && e.cause && e.cause.class == Net::SSH::AuthenticationFailed
           if connection.password_auth?
             raise
           else
@@ -632,6 +632,9 @@ class Chef
         end
       end
 
+      def handle_ssh_error(e)
+      end
+
       # url values override CLI flags, if you provide both
       # we'll use the one that you gave in the URL.
       def connection_protocol
@@ -769,15 +772,11 @@ class Chef
       # minutes as its unit, instead of seconds.
       # Warn the human so that they are not surprised.
       #
-      # This will also erroneously warn if a string value is given,
-      # but argument type validation is something that needs addressing
-      # more broadly.
       def warn_on_short_session_timeout
-        timeout = config_value(:session_timeout).to_i
-        if timeout <= 15
+        if session_timeout && session_timeout <= 15
           ui.warn <<~EOM
-            --session-timeout is set to #{config[:session_timeout]} minutes.
-            Did you mean "--session-timeout #{config[:session_timeout] * 60}" seconds?
+            You provided '--session-timeout #{session_timeout}' second(s).
+            Did you mean '--session-timeout #{session_timeout * 60}' seconds?
           EOM
         end
       end
@@ -868,7 +867,7 @@ class Chef
         return opts if winrm?
         opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
         opts[:forward_agent] = (config_value(:ssh_forward_agent) === true)
-        opts[:connection_timeout] = config_value(:session_timeout).to_i
+        opts[:connection_timeout] = session_timeout
         opts
       end
 
@@ -964,10 +963,10 @@ class Chef
         end
 
         if config_value(:ca_trust_file)
-          opts[:ca_trust_file] = config_value(:ca_trust_file)
+          opts[:ca_trust_path] = config_value(:ca_trust_file)
         end
 
-        opts[:operation_timeout] = config_value(:session_timeout).to_i
+        opts[:operation_timeout] = session_timeout
 
         opts
       end
@@ -1052,6 +1051,14 @@ class Chef
       def incomplete_policyfile_options?
         (!!config[:policy_name] ^ config[:policy_group])
       end
+
+      # session_timeout option has a default that may not arrive, particularly if
+      # we're being invoked from a plugin that doesn't merge_config.
+      def session_timeout
+        timeout = config_value(:session_timeout)
+        return options[:session_timeout][:default] if timeout.nil?
+        timeout.to_i
+      end
     end
   end
 end

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = Chef::VersionString.new("15.0.293")
+  VERSION = Chef::VersionString.new("15.0.298")
 end
 
 #

data/spec/unit/knife/bootstrap_spec.rb

@@ -19,7 +19,6 @@
 require "spec_helper"
 
 Chef::Knife::Bootstrap.load_deps
-require "net/ssh"
 
 describe Chef::Knife::Bootstrap do
   let(:bootstrap_template) { nil }
@@ -853,7 +852,7 @@ describe Chef::Knife::Bootstrap do
             let(:expected_result) do
               {
                 logger: Chef::Log, # not configurable
-                ca_trust_file: "trust.me",
+                ca_trust_path: "trust.me",
                 max_wait_until_ready: 9999,
                 operation_timeout: 9999,
                 ssl_peer_fingerprint: "ABCDEF",
@@ -878,7 +877,7 @@ describe Chef::Knife::Bootstrap do
             let(:expected_result) do
               {
                 logger: Chef::Log, # not configurable
-                ca_trust_file: "no trust",
+                ca_trust_path: "no trust",
                 max_wait_until_ready: 9999,
                 operation_timeout: 60,
                 ssl_peer_fingerprint: "ABCDEF",
@@ -933,7 +932,7 @@ describe Chef::Knife::Bootstrap do
             let(:expected_result) do
               {
                 logger: Chef::Log, # not configurable
-                ca_trust_file: "trust.the.internet",
+                ca_trust_path: "trust.the.internet",
                 max_wait_until_ready: 1000,
                 operation_timeout: 1000,
                 ssl_peer_fingerprint: "FEDCBA",
@@ -1594,7 +1593,7 @@ describe Chef::Knife::Bootstrap do
 
       context "with ca_trust_file" do
         let(:ca_trust_expected) do
-          expected.merge({ ca_trust_file: "/trust.me" })
+          expected.merge({ ca_trust_path: "/trust.me" })
         end
         before do
           knife.config[:ca_trust_file] = "/trust.me"
@@ -1806,6 +1805,14 @@ describe Chef::Knife::Bootstrap do
   end
 
   describe "#connect!" do
+    before do
+      # These are not required at run-time because train will handle its own
+      # protocol loading. In this case, we're simulating train failures and have to load
+      # them ourselves.
+      require "net/ssh"
+      require "train/transports/ssh"
+    end
+
     context "in the normal case" do
       it "connects using the connection_opts and notifies the operator of progress" do
         expect(knife.ui).to receive(:info).with(/Connecting to.*/)
@@ -1815,7 +1822,7 @@ describe Chef::Knife::Bootstrap do
       end
     end
 
-    context "when a non-auth-failure occurs" do
+    context "when a general non-auth-failure occurs" do
       let(:expected_error) { RuntimeError.new }
       before do
         allow(knife).to receive(:do_connect).and_raise(expected_error)
@@ -1825,6 +1832,23 @@ describe Chef::Knife::Bootstrap do
       end
     end
 
+    context "when ssh fingerprint is invalid" do
+      let(:expected_error) { Train::Error.new("fingerprint AA:BB is unknown for \"blah,127.0.0.1\"") }
+      before do
+        allow(knife).to receive(:do_connect).and_raise(expected_error)
+      end
+      it "warns, prompts to accept, then connects with verify_host_key of accept_new" do
+        expect(knife).to receive(:do_connect).and_raise(expected_error)
+        expect(knife.ui).to receive(:confirm)
+          .with(/.*host 'blah \(127.0.0.1\)'.*AA:BB.*Are you sure you want to continue.*/m)
+          .and_return(true)
+        expect(knife).to receive(:do_connect) do |opts|
+          expect(opts[:verify_host_key]).to eq :accept_new
+        end
+        knife.connect!
+      end
+    end
+
     context "when an auth failure occurs" do
       let(:expected_error) do
         e = Train::Error.new
@@ -1835,10 +1859,6 @@ describe Chef::Knife::Bootstrap do
         e
       end
 
-      before do
-        require "net/ssh"
-      end
-
       context "and password auth was used" do
         before do
           allow(connection).to receive(:password_auth?).and_return true
@@ -2136,9 +2156,18 @@ describe Chef::Knife::Bootstrap do
   end
 
   describe "#warn_on_short_session_timeout" do
-    let(:session_timeout) { 0 }
+    let(:session_timeout) { 60 }
+
     before do
-      allow(knife).to receive(:config).and_return(session_timeout: session_timeout)
+      allow(knife).to receive(:session_timeout).and_return(session_timeout)
+    end
+
+    context "timeout is not set at all" do
+      let(:session_timeout) { nil }
+      it "does not issue a warning" do
+        expect(knife.ui).to_not receive(:warn)
+        knife.warn_on_short_session_timeout
+      end
     end
 
     context "timeout is more than 15" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 15.0.293
+  version: 15.0.298
 platform: universal-mingw32
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-14 00:00:00.000000000 Z
+date: 2019-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 15.0.293
+        version: 15.0.298
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 15.0.293
+        version: 15.0.298
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement