chef 15.10.12 → 15.14.0

data/lib/chef/exceptions.rb

@@ -198,6 +198,7 @@ class Chef
     class MetadataNotFound < StandardError
       attr_reader :install_path
       attr_reader :cookbook_name
+
       def initialize(install_path, cookbook_name)
         @install_path = install_path
         @cookbook_name = cookbook_name
@@ -448,6 +449,7 @@ class Chef
     # to correctly populate the backtrace with the wrapped backtraces.
     class RunFailedWrappingError < RuntimeError
       attr_reader :wrapped_errors
+
       def initialize(*errors)
         errors = errors.select { |e| !e.nil? }
         output = "Found #{errors.size} errors, they are stored in the backtrace"
@@ -488,6 +490,7 @@ class Chef
 
     class MultipleDscResourcesFound < RuntimeError
       attr_reader :resources_found
+
       def initialize(resources_found)
         @resources_found = resources_found
         matches_info = @resources_found.each do |r|

data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb

@@ -46,7 +46,7 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::CLIENT}.
+              readable by #{Chef::Dist::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               client_key        "#{api_key}"
@@ -99,7 +99,7 @@ class Chef
         # redirect.
         def describe_404_error(error_description)
           error_description.section("Resource Not Found:", <<~E)
-            The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+            The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
           E
           error_description.section("Relevant Config Settings:", <<~E)
             chef_server_url "#{server_url}"

data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb

@@ -28,7 +28,7 @@ class Chef
             humanize_http_exception(error_description)
           when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
             error_description.section("Network Error:", <<~E)
-              There was a network error connecting to the Chef Server:
+              There was a network error connecting to the #{Chef::Dist::SERVER_PRODUCT}:
               #{exception.message}
             E
             error_description.section("Relevant Config Settings:", <<~E)
@@ -39,14 +39,14 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::CLIENT}.
+              readable by #{Chef::Dist::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               validation_key "#{api_key}"
             E
           when Chef::Exceptions::InvalidRedirect
             error_description.section("Invalid Redirect:", <<~E)
-              Change your server location in client.rb to the server's FQDN to avoid unwanted redirections.
+              Change your #{Chef::Dist::SERVER_PRODUCT} location in client.rb to the #{Chef::Dist::SERVER_PRODUCT}'s FQDN to avoid unwanted redirections.
             E
           when EOFError
             describe_eof_error(error_description)
@@ -61,13 +61,13 @@ class Chef
           when Net::HTTPUnauthorized
             if clock_skew?
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the chef server (http 401).
+                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
                 The request failed because your clock has drifted by more than 15 minutes.
                 Syncing your clock to an NTP Time source should resolve the issue.
               E
             else
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the chef server (http 401).
+                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
               E
 
               error_description.section("Server Response:", format_rest_error)
@@ -81,7 +81,7 @@ class Chef
             end
           when Net::HTTPForbidden
             error_description.section("Authorization Error:", <<~E)
-              Your validation client is not authorized to create the client for this node (HTTP 403).
+              Your validation client is not authorized to create the client for this node on the #{Chef::Dist::SERVER_PRODUCT} (HTTP 403).
             E
             error_description.section("Possible Causes:", <<~E)
               * There may already be a client named "#{config[:node_name]}"
@@ -94,7 +94,7 @@ class Chef
             error_description.section("Server Response:", format_rest_error)
           when Net::HTTPNotFound
             error_description.section("Resource Not Found:", <<~E)
-              The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+              The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url configuration is incorrect.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               chef_server_url "#{server_url}"

data/lib/chef/http.rb

@@ -22,7 +22,8 @@
 #
 
 require "tempfile" unless defined?(Tempfile)
-require "net/https"
+require "openssl" unless defined?(OpenSSL)
+require "net/http" unless defined?(Net::HTTP)
 require "uri" unless defined?(URI)
 require_relative "http/basic_client"
 require_relative "monkey_patches/net_http"

data/lib/chef/knife.rb

@@ -345,31 +345,35 @@ class Chef
       exit(1)
     end
 
-    # keys from mixlib-cli options
-    def cli_keys
-      self.class.options.keys
+    # This is all set and default mixlib-config values.  We only need the default
+    # values here (the set values are explicitly mixed in again later), but there is
+    # no mixlib-config API to get a Hash back with only the default values.
+    #
+    # Assumption:  since config_file_defaults is the lowest precedence it doesn't matter
+    # that we include the set values here, but this is a hack and makes the name of the
+    # method a lie.  FIXME: make the name not a lie by adding an API to mixlib-config.
+    #
+    # @api private
+    #
+    def config_file_defaults
+      Chef::Config[:knife].save(true) # this is like "dup" to a (real) Hash, and includes default values (and user set values)
     end
 
-    # extracts the settings from the Chef::Config[:knife] sub-hash that correspond
-    # to knife cli options -- in preparation for merging config values with cli values
+    # This is only the user-set mixlib-config values.  We do not include the defaults
+    # here so that the config defaults do not override the cli defaults.
+    #
+    # @api private
     #
-    # NOTE: due to weirdness in mixlib-config #has_key? is only true if the value has
-    # been set by the user -- the Chef::Config defaults return #has_key?() of false and
-    # this code DEPENDS on that functionality since applying the default values in
-    # Chef::Config[:knife] would break the defaults in the cli that we would otherwise
-    # overwrite.
     def config_file_settings
-      cli_keys.each_with_object({}) do |key, memo|
-        if Chef::Config[:knife].key?(key)
-          memo[key] = Chef::Config[:knife][key]
-        end
-      end
+      Chef::Config[:knife].save(false) # this is like "dup" to a (real) Hash, and does not include default values (just user set values)
     end
 
     # config is merged in this order (inverse of precedence)
-    #  default_config       - mixlib-cli defaults (accessor from the mixin)
-    #  config_file_settings - Chef::Config[:knife] sub-hash
-    #  config               - mixlib-cli settings (accessor from the mixin)
+    #  config_file_defaults - Chef::Config[:knife] defaults from chef-config (XXX: this also includes the settings, but they get overwritten)
+    #  default_config       - mixlib-cli defaults (accessor from mixlib-cli)
+    #  config_file_settings - Chef::Config[:knife] user settings from the client.rb file
+    #  config               - mixlib-cli settings (accessor from mixlib-cli)
+    #
     def merge_configs
       # Update our original_config - if someone has created a knife command
       # instance directly, they are likely ot have set cmd.config values directly
@@ -377,7 +381,7 @@ class Chef
       @original_config = config.dup
       # other code may have a handle to the config object, so use Hash#replace to deliberately
       # update-in-place.
-      config.replace(default_config.merge(config_file_settings).merge(config))
+      config.replace(config_file_defaults.merge(default_config).merge(config_file_settings).merge(config))
     end
 
     #
@@ -387,8 +391,9 @@ class Chef
     # @return [Symbol,NilClass] return the source of the config key,
     # one of:
     #   - :cli - this was explicitly provided on the CLI
-    #   - :config - this came from Chef::Config[:knife]
+    #   - :config - this came from Chef::Config[:knife] explicitly being set
     #   - :cli_default - came from a declared CLI `option`'s `default` value.
+    #   - :config_default - this came from Chef::Config[:knife]'s defaults
     #   - nil - if the key could not be found in any source.
     #           This can happen when it is invalid, or has been
     #           set directly into #config without then calling #merge_config
@@ -396,6 +401,7 @@ class Chef
       return :cli if @original_config.include? key
       return :config if config_file_settings.key? key
       return :cli_default if default_config.include? key
+      return :config_default if config_file_defaults.key? key # must come after :config check
 
       nil
     end

data/lib/chef/knife/bootstrap.rb

@@ -94,13 +94,13 @@ class Chef
         description: "For WinRM basic authentication when using the 'ssl' auth method.",
         boolean: true
 
-        # This option was provided in knife bootstrap windows winrm,
-        # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemeneted here.
-        # option :kerberos_keytab_file,
-        #   :short => "-T KEYTAB_FILE",
-        #   :long => "--keytab-file KEYTAB_FILE",
-        #   :description => "The Kerberos keytab file used for authentication",
-        #   :proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
+      # This option was provided in knife bootstrap windows winrm,
+      # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemeneted here.
+      # option :kerberos_keytab_file,
+      #   :short => "-T KEYTAB_FILE",
+      #   :long => "--keytab-file KEYTAB_FILE",
+      #   :description => "The Kerberos keytab file used for authentication",
+      #   :proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
 
       option :kerberos_realm,
         short: "-R KERBEROS_REALM",
@@ -497,7 +497,7 @@ class Chef
         template = bootstrap_template
 
         # Use the template directly if it's a path to an actual file
-        if File.exists?(template)
+        if File.exist?(template)
           Chef::Log.trace("Using the specified bootstrap template: #{File.dirname(template)}")
           return template
         end
@@ -512,7 +512,7 @@ class Chef
 
         template_file = Array(bootstrap_files).find do |bootstrap_template|
           Chef::Log.trace("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
-          File.exists?(bootstrap_template)
+          File.exist?(bootstrap_template)
         end
 
         unless template_file
@@ -555,7 +555,7 @@ class Chef
       end
 
       def run
-        check_license
+        check_license if ChefConfig::Dist::ENFORCE_LICENSE
 
         plugin_setup!
         validate_name_args!
@@ -597,11 +597,8 @@ class Chef
 
           bootstrap_context.client_pem = client_builder.client_path
         else
-          ui.info <<~EOM
-            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
-            Delete your validation key in order to use your user credentials for client registration instead.
-          EOM
-
+          ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
+          ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
         end
       end
 
@@ -619,7 +616,7 @@ class Chef
       end
 
       def connect!
-        ui.info("Connecting to #{ui.color(server_name, :bold)}")
+        ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
         opts ||= connection_opts.dup
         do_connect(opts)
       rescue Train::Error => e
@@ -1061,24 +1058,25 @@ class Chef
         }
       end
 
-      # Looks up configuration entries, first in the class member
-      # `config` which contains options populated from CLI flags.
-      # If the entry is not found there, Chef::Config[:knife][KEY]
-      # is checked.
+      # Knife plugins should just use the config hash and not call this method.  In the
+      # future there will be a way to deprecate Chef::Config options in addition to the
+      # CLI options, which will eliminate this methods primary purpose.
+      #
+      # In Chef-16 the single-argument verison of this function will be deprecated and
+      # config_value(:whatver) should be converted to config[:whatever].  That never had
+      # any purpose and never should have been used this way.
       #
-      # knife_config_key should be specified if the knife config lookup
-      # key is different from the CLI flag lookup key.
+      # @api deprecated
       #
-      def config_value(key, knife_config_key = nil, default = nil)
-        if config.key? key
+      def config_value(key, fallback_key = nil, default = nil)
+        if config.key?(key)
+          # the first key is the primary key so we check the merged hash first
           config[key]
+        elsif config.key?(fallback_key)
+          # we get the old config option here (the deprecated cli option shouldn't exist)
+          config[fallback_key]
         else
-          lookup_key = knife_config_key || key
-          if Chef::Config[:knife].key?(lookup_key) || config.key?(lookup_key)
-            Chef::Config[:knife][lookup_key] || config[lookup_key]
-          else
-            default
-          end
+          default
         end
       end
 
@@ -1107,7 +1105,8 @@ class Chef
       # These keys are available in Chef::Config, and are prefixed with the protocol name.
       # For example, :user CLI option will map to :winrm_user and :ssh_user Chef::Config keys,
       # based on the connection protocol in use.
-      def knife_key_for_protocol(protocol, option)
+      def knife_key_for_protocol(new_option, option = nil)
+        option = new_option if option.nil? # hacky compat with both old Chef-15 style and new Chef-16 style API signature
         "#{connection_protocol}_#{option}".to_sym
       end
 

data/lib/chef/knife/bootstrap/chef_vault_handler.rb

@@ -21,7 +21,7 @@ class Chef
       class ChefVaultHandler
 
         # @return [Hash] knife merged config, typically @config
-        attr_accessor :knife_config
+        attr_accessor :config
 
         # @return [Chef::Knife::UI] ui object for output
         attr_accessor :ui
@@ -29,11 +29,15 @@ class Chef
         # @return [Chef::ApiClient] vault client
         attr_reader :client
 
-        # @param knife_config [Hash] knife merged config, typically @config
+        # @param config [Hash] knife merged config, typically @config
         # @param ui [Chef::Knife::UI] ui object for output
-        def initialize(knife_config: {}, ui: nil)
-          @knife_config = knife_config
-          @ui           = ui
+        def initialize(config: {}, knife_config: nil, ui: nil)
+          @config = config
+          unless knife_config.nil?
+            # the knife_config argument becomes deprecated in Chef-16, don't use it
+            @config = knife_config
+          end
+          @ui = ui
         end
 
         # Updates the chef vault items for the newly created client.
@@ -85,17 +89,17 @@ class Chef
 
         # @return [String] string with serialized JSON representing the chef vault items
         def bootstrap_vault_json
-          knife_config[:bootstrap_vault_json]
+          config[:bootstrap_vault_json]
         end
 
         # @return [String] JSON text in a file representing the chef vault items
         def bootstrap_vault_file
-          knife_config[:bootstrap_vault_file]
+          config[:bootstrap_vault_file]
         end
 
         # @return [Hash] Ruby object representing the chef vault items to create
         def bootstrap_vault_item
-          knife_config[:bootstrap_vault_item]
+          config[:bootstrap_vault_item]
         end
 
         # Helper to return a ruby object represeting all the data bags and items

data/lib/chef/knife/bootstrap/client_builder.rb

@@ -28,7 +28,7 @@ class Chef
       class ClientBuilder
 
         # @return [Hash] knife merged config, typically @config
-        attr_accessor :knife_config
+        attr_accessor :config
         # @return [Hash] chef config object
         attr_accessor :chef_config
         # @return [Chef::Knife::UI] ui object for output
@@ -36,13 +36,17 @@ class Chef
         # @return [Chef::ApiClient] client saved on run
         attr_reader :client
 
-        # @param knife_config [Hash] Hash of knife config settings
+        # @param config [Hash] Hash of knife config settings
         # @param chef_config [Hash] Hash of chef config settings
         # @param ui [Chef::Knife::UI] UI object for output
-        def initialize(knife_config: {}, chef_config: {}, ui: nil)
-          @knife_config = knife_config
-          @chef_config  = chef_config
-          @ui           = ui
+        def initialize(config: {}, knife_config: nil, chef_config: {}, ui: nil)
+          @config = config
+          unless knife_config.nil?
+            # the knife_config argument becomes deprecated in Chef-16, don't use it
+            @config = knife_config
+          end
+          @chef_config = chef_config
+          @ui = ui
         end
 
         # Main entry.  Prompt the user to clean up any old client or node objects.  Then create
@@ -77,34 +81,34 @@ class Chef
 
         private
 
-        # @return [String] node name from the knife_config
+        # @return [String] node name from the config
         def node_name
-          knife_config[:chef_node_name]
+          config[:chef_node_name]
         end
 
-        # @return [String] enviroment from the knife_config
+        # @return [String] enviroment from the config
         def environment
-          knife_config[:environment]
+          config[:environment]
         end
 
-        # @return [String] run_list from the knife_config
+        # @return [String] run_list from the config
         def run_list
-          knife_config[:run_list]
+          config[:run_list]
         end
 
-        # @return [String] policy_name from the knife_config
+        # @return [String] policy_name from the config
         def policy_name
-          knife_config[:policy_name]
+          config[:policy_name]
         end
 
-        # @return [String] policy_group from the knife_config
+        # @return [String] policy_group from the config
         def policy_group
-          knife_config[:policy_group]
+          config[:policy_group]
         end
 
-        # @return [Hash,Array] Object representation of json first-boot attributes from the knife_config
+        # @return [Hash,Array] Object representation of json first-boot attributes from the config
         def first_boot_attributes
-          knife_config[:first_boot_attributes]
+          config[:first_boot_attributes]
         end
 
         # @return [String] chef server url from the Chef::Config
@@ -154,7 +158,7 @@ class Chef
               node.environment(environment) if environment
               node.policy_name = policy_name if policy_name
               node.policy_group = policy_group if policy_group
-              (knife_config[:tags] || []).each do |tag|
+              (config[:tags] || []).each do |tag|
                 node.tags << tag
               end
               node

data/lib/chef/knife/bootstrap/templates/chef-full.erb

@@ -185,50 +185,50 @@ if test "x$tmp_dir" != "x"; then
   rm -r "$tmp_dir"
 fi
 
-mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>
+mkdir -p /etc/chef
 
 <% if client_pem -%>
-(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/client.pem <<'EOP'
+(umask 077 && (cat > /etc/chef/client.pem <<'EOP'
 <%= ::File.read(::File.expand_path(client_pem)) %>
 EOP
 )) || exit 1
 <% end -%>
 
 <% if validation_key -%>
-(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/validation.pem <<'EOP'
+(umask 077 && (cat > /etc/chef/validation.pem <<'EOP'
 <%= validation_key %>
 EOP
 )) || exit 1
 <% end -%>
 
 <% if encrypted_data_bag_secret -%>
-(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/encrypted_data_bag_secret <<'EOP'
+(umask 077 && (cat > /etc/chef/encrypted_data_bag_secret <<'EOP'
 <%= encrypted_data_bag_secret %>
 EOP
 )) || exit 1
 <% end -%>
 
 <% unless trusted_certs.empty? -%>
-mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>/trusted_certs
+mkdir -p /etc/chef/trusted_certs
 <%= trusted_certs %>
 <% end -%>
 
 <%# Generate Ohai Hints -%>
 <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
-mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>/ohai/hints
+mkdir -p /etc/chef/ohai/hints
 
 <% @chef_config[:knife][:hints].each do |name, hash| -%>
-cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/ohai/hints/<%= name %>.json <<'EOP'
+cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP'
 <%= Chef::JSONCompat.to_json(hash) %>
 EOP
 <% end -%>
 <% end -%>
 
-cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/client.rb <<'EOP'
+cat > /etc/chef/client.rb <<'EOP'
 <%= config_content %>
 EOP
 
-cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/first-boot.json <<'EOP'
+cat > /etc/chef/first-boot.json <<'EOP'
 <%= Chef::JSONCompat.to_json(first_boot) %>
 EOP