chef 15.0.293 → 15.0.298
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/chef/knife/bootstrap.rb +32 -25
- data/lib/chef/version.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +41 -12
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b293f2dac872896fb4ac6d2dc09560081d1006de026029e49c6606221705ffdd
|
4
|
+
data.tar.gz: 5f7d52f20ee3cc309e7cfd39d0c56dae508932ee5bc09adc715c302add02f9c5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 44f5de263c381eae657200dec44bc46076b512ab16697e34a35932b02cdd2ea61e68a98c4ec46e52413959b7ed05b6305cd1770d79ddf5f5f2a0b7ada48ef683
|
7
|
+
data.tar.gz: 754dcd27ab528570a747ee28de3578274d1531044953b18f05aec2cd440281e88660958f2be91d5c04ef59ea46d50a7df315dcd215c333c1389d6f0f99209cb8
|
data/lib/chef/knife/bootstrap.rb
CHANGED
@@ -61,7 +61,6 @@ class Chef
|
|
61
61
|
option :session_timeout,
|
62
62
|
long: "--session-timeout SECONDS",
|
63
63
|
description: "The number of seconds to wait for each connection operation to be acknowledged while running bootstrap.",
|
64
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:session_timeout] = protocol },
|
65
64
|
default: 60
|
66
65
|
|
67
66
|
# WinRM Authentication
|
@@ -572,7 +571,7 @@ class Chef
|
|
572
571
|
chef_vault_handler.run(client_builder.client)
|
573
572
|
else
|
574
573
|
ui.info <<~EOM
|
575
|
-
Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
|
574
|
+
Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
|
576
575
|
Delete your validation key in order to use your user credentials for client registration instead.
|
577
576
|
EOM
|
578
577
|
|
@@ -596,27 +595,28 @@ class Chef
|
|
596
595
|
ui.info("Connecting to #{ui.color(server_name, :bold)}")
|
597
596
|
opts = connection_opts.dup
|
598
597
|
do_connect(opts)
|
599
|
-
rescue Train::
|
600
|
-
|
598
|
+
rescue Train::Error => e
|
599
|
+
# We handle these by message text only because train only loads the
|
600
|
+
# transports and protocols that it needs - so the exceptions may not be defined,
|
601
|
+
# and we don't want to require files internal to train.
|
602
|
+
if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/ # Train::Transports::SSHFailed
|
601
603
|
fingerprint = $1
|
602
604
|
hostname, ip = $2.split(",")
|
603
605
|
# TODO: convert the SHA256 base64 value to hex with colons
|
604
606
|
# 'ssh' example output:
|
605
607
|
# RSA key fingerprint is e5:cb:c0:e2:21:3b:12:52:f8:ce:cb:00:24:e2:0c:92.
|
606
608
|
# ECDSA key fingerprint is 5d:67:61:08:a9:d7:01:fd:5e:ae:7e:09:40:ef:c0:3c.
|
607
|
-
|
608
|
-
|
609
|
-
|
609
|
+
# will exit 3 on N
|
610
|
+
ui.confirm <<~EOM
|
611
|
+
The authenticity of host '#{hostname} (#{ip})' can't be established.
|
612
|
+
fingerprint is #{fingerprint}.
|
613
|
+
|
614
|
+
Are you sure you want to continue connecting
|
615
|
+
EOM
|
610
616
|
# FIXME: this should save the key to known_hosts but doesn't appear to be
|
611
617
|
config[:ssh_verify_host_key] = :accept_new
|
612
|
-
connection_opts(reset: true)
|
613
|
-
|
614
|
-
end
|
615
|
-
|
616
|
-
raise e
|
617
|
-
rescue Train::Error => e
|
618
|
-
require "net/ssh"
|
619
|
-
if e.cause && e.cause.class == Net::SSH::AuthenticationFailed
|
618
|
+
do_connect(connection_opts(reset: true))
|
619
|
+
elsif ssh? && e.cause && e.cause.class == Net::SSH::AuthenticationFailed
|
620
620
|
if connection.password_auth?
|
621
621
|
raise
|
622
622
|
else
|
@@ -632,6 +632,9 @@ class Chef
|
|
632
632
|
end
|
633
633
|
end
|
634
634
|
|
635
|
+
def handle_ssh_error(e)
|
636
|
+
end
|
637
|
+
|
635
638
|
# url values override CLI flags, if you provide both
|
636
639
|
# we'll use the one that you gave in the URL.
|
637
640
|
def connection_protocol
|
@@ -769,15 +772,11 @@ class Chef
|
|
769
772
|
# minutes as its unit, instead of seconds.
|
770
773
|
# Warn the human so that they are not surprised.
|
771
774
|
#
|
772
|
-
# This will also erroneously warn if a string value is given,
|
773
|
-
# but argument type validation is something that needs addressing
|
774
|
-
# more broadly.
|
775
775
|
def warn_on_short_session_timeout
|
776
|
-
|
777
|
-
if timeout <= 15
|
776
|
+
if session_timeout && session_timeout <= 15
|
778
777
|
ui.warn <<~EOM
|
779
|
-
--session-timeout
|
780
|
-
Did you mean
|
778
|
+
You provided '--session-timeout #{session_timeout}' second(s).
|
779
|
+
Did you mean '--session-timeout #{session_timeout * 60}' seconds?
|
781
780
|
EOM
|
782
781
|
end
|
783
782
|
end
|
@@ -868,7 +867,7 @@ class Chef
|
|
868
867
|
return opts if winrm?
|
869
868
|
opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
|
870
869
|
opts[:forward_agent] = (config_value(:ssh_forward_agent) === true)
|
871
|
-
opts[:connection_timeout] =
|
870
|
+
opts[:connection_timeout] = session_timeout
|
872
871
|
opts
|
873
872
|
end
|
874
873
|
|
@@ -964,10 +963,10 @@ class Chef
|
|
964
963
|
end
|
965
964
|
|
966
965
|
if config_value(:ca_trust_file)
|
967
|
-
opts[:
|
966
|
+
opts[:ca_trust_path] = config_value(:ca_trust_file)
|
968
967
|
end
|
969
968
|
|
970
|
-
opts[:operation_timeout] =
|
969
|
+
opts[:operation_timeout] = session_timeout
|
971
970
|
|
972
971
|
opts
|
973
972
|
end
|
@@ -1052,6 +1051,14 @@ class Chef
|
|
1052
1051
|
def incomplete_policyfile_options?
|
1053
1052
|
(!!config[:policy_name] ^ config[:policy_group])
|
1054
1053
|
end
|
1054
|
+
|
1055
|
+
# session_timeout option has a default that may not arrive, particularly if
|
1056
|
+
# we're being invoked from a plugin that doesn't merge_config.
|
1057
|
+
def session_timeout
|
1058
|
+
timeout = config_value(:session_timeout)
|
1059
|
+
return options[:session_timeout][:default] if timeout.nil?
|
1060
|
+
timeout.to_i
|
1061
|
+
end
|
1055
1062
|
end
|
1056
1063
|
end
|
1057
1064
|
end
|
data/lib/chef/version.rb
CHANGED
@@ -19,7 +19,6 @@
|
|
19
19
|
require "spec_helper"
|
20
20
|
|
21
21
|
Chef::Knife::Bootstrap.load_deps
|
22
|
-
require "net/ssh"
|
23
22
|
|
24
23
|
describe Chef::Knife::Bootstrap do
|
25
24
|
let(:bootstrap_template) { nil }
|
@@ -853,7 +852,7 @@ describe Chef::Knife::Bootstrap do
|
|
853
852
|
let(:expected_result) do
|
854
853
|
{
|
855
854
|
logger: Chef::Log, # not configurable
|
856
|
-
|
855
|
+
ca_trust_path: "trust.me",
|
857
856
|
max_wait_until_ready: 9999,
|
858
857
|
operation_timeout: 9999,
|
859
858
|
ssl_peer_fingerprint: "ABCDEF",
|
@@ -878,7 +877,7 @@ describe Chef::Knife::Bootstrap do
|
|
878
877
|
let(:expected_result) do
|
879
878
|
{
|
880
879
|
logger: Chef::Log, # not configurable
|
881
|
-
|
880
|
+
ca_trust_path: "no trust",
|
882
881
|
max_wait_until_ready: 9999,
|
883
882
|
operation_timeout: 60,
|
884
883
|
ssl_peer_fingerprint: "ABCDEF",
|
@@ -933,7 +932,7 @@ describe Chef::Knife::Bootstrap do
|
|
933
932
|
let(:expected_result) do
|
934
933
|
{
|
935
934
|
logger: Chef::Log, # not configurable
|
936
|
-
|
935
|
+
ca_trust_path: "trust.the.internet",
|
937
936
|
max_wait_until_ready: 1000,
|
938
937
|
operation_timeout: 1000,
|
939
938
|
ssl_peer_fingerprint: "FEDCBA",
|
@@ -1594,7 +1593,7 @@ describe Chef::Knife::Bootstrap do
|
|
1594
1593
|
|
1595
1594
|
context "with ca_trust_file" do
|
1596
1595
|
let(:ca_trust_expected) do
|
1597
|
-
expected.merge({
|
1596
|
+
expected.merge({ ca_trust_path: "/trust.me" })
|
1598
1597
|
end
|
1599
1598
|
before do
|
1600
1599
|
knife.config[:ca_trust_file] = "/trust.me"
|
@@ -1806,6 +1805,14 @@ describe Chef::Knife::Bootstrap do
|
|
1806
1805
|
end
|
1807
1806
|
|
1808
1807
|
describe "#connect!" do
|
1808
|
+
before do
|
1809
|
+
# These are not required at run-time because train will handle its own
|
1810
|
+
# protocol loading. In this case, we're simulating train failures and have to load
|
1811
|
+
# them ourselves.
|
1812
|
+
require "net/ssh"
|
1813
|
+
require "train/transports/ssh"
|
1814
|
+
end
|
1815
|
+
|
1809
1816
|
context "in the normal case" do
|
1810
1817
|
it "connects using the connection_opts and notifies the operator of progress" do
|
1811
1818
|
expect(knife.ui).to receive(:info).with(/Connecting to.*/)
|
@@ -1815,7 +1822,7 @@ describe Chef::Knife::Bootstrap do
|
|
1815
1822
|
end
|
1816
1823
|
end
|
1817
1824
|
|
1818
|
-
context "when a non-auth-failure occurs" do
|
1825
|
+
context "when a general non-auth-failure occurs" do
|
1819
1826
|
let(:expected_error) { RuntimeError.new }
|
1820
1827
|
before do
|
1821
1828
|
allow(knife).to receive(:do_connect).and_raise(expected_error)
|
@@ -1825,6 +1832,23 @@ describe Chef::Knife::Bootstrap do
|
|
1825
1832
|
end
|
1826
1833
|
end
|
1827
1834
|
|
1835
|
+
context "when ssh fingerprint is invalid" do
|
1836
|
+
let(:expected_error) { Train::Error.new("fingerprint AA:BB is unknown for \"blah,127.0.0.1\"") }
|
1837
|
+
before do
|
1838
|
+
allow(knife).to receive(:do_connect).and_raise(expected_error)
|
1839
|
+
end
|
1840
|
+
it "warns, prompts to accept, then connects with verify_host_key of accept_new" do
|
1841
|
+
expect(knife).to receive(:do_connect).and_raise(expected_error)
|
1842
|
+
expect(knife.ui).to receive(:confirm)
|
1843
|
+
.with(/.*host 'blah \(127.0.0.1\)'.*AA:BB.*Are you sure you want to continue.*/m)
|
1844
|
+
.and_return(true)
|
1845
|
+
expect(knife).to receive(:do_connect) do |opts|
|
1846
|
+
expect(opts[:verify_host_key]).to eq :accept_new
|
1847
|
+
end
|
1848
|
+
knife.connect!
|
1849
|
+
end
|
1850
|
+
end
|
1851
|
+
|
1828
1852
|
context "when an auth failure occurs" do
|
1829
1853
|
let(:expected_error) do
|
1830
1854
|
e = Train::Error.new
|
@@ -1835,10 +1859,6 @@ describe Chef::Knife::Bootstrap do
|
|
1835
1859
|
e
|
1836
1860
|
end
|
1837
1861
|
|
1838
|
-
before do
|
1839
|
-
require "net/ssh"
|
1840
|
-
end
|
1841
|
-
|
1842
1862
|
context "and password auth was used" do
|
1843
1863
|
before do
|
1844
1864
|
allow(connection).to receive(:password_auth?).and_return true
|
@@ -2136,9 +2156,18 @@ describe Chef::Knife::Bootstrap do
|
|
2136
2156
|
end
|
2137
2157
|
|
2138
2158
|
describe "#warn_on_short_session_timeout" do
|
2139
|
-
let(:session_timeout) {
|
2159
|
+
let(:session_timeout) { 60 }
|
2160
|
+
|
2140
2161
|
before do
|
2141
|
-
allow(knife).to receive(:
|
2162
|
+
allow(knife).to receive(:session_timeout).and_return(session_timeout)
|
2163
|
+
end
|
2164
|
+
|
2165
|
+
context "timeout is not set at all" do
|
2166
|
+
let(:session_timeout) { nil }
|
2167
|
+
it "does not issue a warning" do
|
2168
|
+
expect(knife.ui).to_not receive(:warn)
|
2169
|
+
knife.warn_on_short_session_timeout
|
2170
|
+
end
|
2142
2171
|
end
|
2143
2172
|
|
2144
2173
|
context "timeout is more than 15" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 15.0.
|
4
|
+
version: 15.0.298
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Jacob
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-05-
|
11
|
+
date: 2019-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-config
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 15.0.
|
19
|
+
version: 15.0.298
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 15.0.
|
26
|
+
version: 15.0.298
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: train-core
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|