chef 15.11.3-universal-mingw32 → 16.1.16-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +3 -7
- data/README.md +1 -1
- data/Rakefile +44 -16
- data/chef.gemspec +6 -4
- data/distro/powershell/chef/chef.psm1 +3 -3
- data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
- data/lib/chef/action_collection.rb +16 -5
- data/lib/chef/application.rb +33 -54
- data/lib/chef/application/apply.rb +18 -1
- data/lib/chef/application/base.rb +8 -3
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/chef_class.rb +4 -4
- data/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +3 -3
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +3 -3
- data/lib/chef/client.rb +16 -14
- data/lib/chef/config.rb +1 -1
- data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +45 -22
- data/lib/chef/cookbook_loader.rb +1 -1
- data/lib/chef/cookbook_manifest.rb +1 -1
- data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
- data/lib/chef/cookbook_version.rb +38 -3
- data/lib/chef/data_collector.rb +1 -1
- data/lib/chef/data_collector/error_handlers.rb +1 -1
- data/lib/chef/data_collector/run_end_message.rb +7 -1
- data/lib/chef/decorator/lazy_array.rb +2 -2
- data/lib/chef/deprecated.rb +4 -0
- data/lib/chef/digester.rb +4 -4
- data/lib/chef/dist.rb +8 -0
- data/lib/chef/dsl/chef_vault.rb +84 -0
- data/lib/chef/dsl/declare_resource.rb +7 -5
- data/lib/chef/dsl/platform_introspection.rb +3 -2
- data/lib/chef/dsl/recipe.rb +7 -12
- data/lib/chef/dsl/universal.rb +3 -7
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +1 -1
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/formatters/base.rb +1 -1
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/formatters/indentable_output_stream.rb +7 -16
- data/lib/chef/http.rb +1 -1
- data/lib/chef/http/decompressor.rb +1 -1
- data/lib/chef/http/http_request.rb +3 -2
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/key.rb +1 -1
- data/lib/chef/knife.rb +2 -4
- data/lib/chef/knife/acl_add.rb +57 -0
- data/lib/chef/knife/acl_base.rb +183 -0
- data/lib/chef/knife/acl_bulk_add.rb +78 -0
- data/lib/chef/knife/acl_bulk_remove.rb +83 -0
- data/lib/chef/knife/acl_remove.rb +62 -0
- data/lib/chef/knife/acl_show.rb +56 -0
- data/lib/chef/knife/bootstrap.rb +84 -90
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +2 -2
- data/lib/chef/knife/bootstrap/client_builder.rb +2 -2
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +11 -11
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +12 -12
- data/lib/chef/knife/core/bootstrap_context.rb +63 -60
- data/lib/chef/knife/core/generic_presenter.rb +4 -3
- data/lib/chef/knife/core/hashed_command_loader.rb +1 -1
- data/lib/chef/knife/core/node_presenter.rb +2 -2
- data/lib/chef/knife/core/status_presenter.rb +5 -5
- data/lib/chef/knife/core/subcommand_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +17 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +44 -42
- data/lib/chef/knife/data_bag_secret_options.rb +18 -45
- data/lib/chef/knife/group_add.rb +55 -0
- data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
- data/lib/chef/knife/group_destroy.rb +53 -0
- data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
- data/lib/chef/knife/group_remove.rb +56 -0
- data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
- data/lib/chef/knife/key_create_base.rb +1 -1
- data/lib/chef/knife/key_edit_base.rb +1 -1
- data/lib/chef/knife/ssh.rb +12 -31
- data/lib/chef/knife/status.rb +3 -3
- data/lib/chef/knife/supermarket_download.rb +1 -2
- data/lib/chef/knife/supermarket_install.rb +2 -3
- data/lib/chef/knife/supermarket_list.rb +1 -2
- data/lib/chef/knife/supermarket_search.rb +1 -2
- data/lib/chef/knife/supermarket_share.rb +1 -2
- data/lib/chef/knife/supermarket_show.rb +1 -2
- data/lib/chef/knife/supermarket_unshare.rb +1 -2
- data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
- data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
- data/lib/chef/knife/user_invite_list.rb +34 -0
- data/lib/chef/knife/user_invite_rescind.rb +63 -0
- data/lib/chef/knife/yaml_convert.rb +91 -0
- data/lib/chef/mixin/api_version_request_handling.rb +1 -1
- data/lib/chef/mixin/checksum.rb +0 -1
- data/lib/chef/mixin/openssl_helper.rb +4 -4
- data/lib/chef/mixin/powershell_exec.rb +10 -1
- data/lib/chef/mixin/powershell_out.rb +1 -1
- data/lib/chef/mixin/properties.rb +16 -2
- data/lib/chef/mixin/shell_out.rb +1 -5
- data/lib/chef/monkey_patches/net_http.rb +0 -4
- data/lib/chef/node.rb +18 -6
- data/lib/chef/node/attribute.rb +2 -2
- data/lib/chef/node/immutable_collections.rb +1 -1
- data/lib/chef/node/mixin/immutablize_array.rb +4 -0
- data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
- data/lib/chef/node_map.rb +5 -31
- data/lib/chef/platform/priority_map.rb +4 -4
- data/lib/chef/platform/query_helpers.rb +6 -34
- data/lib/chef/policy_builder/policyfile.rb +1 -1
- data/lib/chef/powershell.rb +14 -0
- data/lib/chef/property.rb +24 -6
- data/lib/chef/provider.rb +40 -6
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +3 -3
- data/lib/chef/provider/dsc_resource.rb +1 -1
- data/lib/chef/provider/dsc_script.rb +1 -1
- data/lib/chef/provider/execute.rb +3 -9
- data/lib/chef/provider/file.rb +6 -6
- data/lib/chef/provider/git.rb +84 -27
- data/lib/chef/provider/group.rb +4 -4
- data/lib/chef/provider/http_request.rb +6 -6
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/launchd.rb +45 -64
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/osx_profile.rb +7 -3
- data/lib/chef/provider/package.rb +2 -2
- data/lib/chef/provider/package/cab.rb +5 -6
- data/lib/chef/provider/package/chocolatey.rb +1 -3
- data/lib/chef/provider/package/dnf.rb +66 -10
- data/lib/chef/provider/package/dnf/dnf_helper.py +85 -26
- data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
- data/lib/chef/provider/package/dnf/version.rb +5 -1
- data/lib/chef/provider/package/dpkg.rb +1 -1
- data/lib/chef/provider/package/freebsd/base.rb +2 -1
- data/lib/chef/provider/package/homebrew.rb +107 -43
- data/lib/chef/provider/package/macports.rb +0 -2
- data/lib/chef/provider/package/msu.rb +4 -1
- data/lib/chef/provider/package/pacman.rb +25 -34
- data/lib/chef/provider/package/portage.rb +1 -0
- data/lib/chef/provider/package/powershell.rb +1 -1
- data/lib/chef/provider/package/rubygems.rb +30 -3
- data/lib/chef/provider/package/windows.rb +29 -53
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/yum.rb +1 -9
- data/lib/chef/provider/package/yum/yum_cache.rb +1 -1
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/powershell_script.rb +5 -11
- data/lib/chef/provider/registry_key.rb +4 -4
- data/lib/chef/provider/remote_directory.rb +5 -5
- data/lib/chef/provider/remote_file/ftp.rb +3 -2
- data/lib/chef/provider/remote_file/local_file.rb +2 -1
- data/lib/chef/provider/remote_file/sftp.rb +3 -2
- data/lib/chef/provider/route.rb +5 -3
- data/lib/chef/provider/ruby_block.rb +1 -1
- data/lib/chef/provider/script.rb +2 -2
- data/lib/chef/provider/service.rb +8 -8
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +30 -28
- data/lib/chef/provider/service/macosx.rb +16 -10
- data/lib/chef/provider/service/systemd.rb +12 -12
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +5 -11
- data/lib/chef/provider/subversion.rb +25 -5
- data/lib/chef/provider/systemd_unit.rb +26 -25
- data/lib/chef/provider/user.rb +6 -6
- data/lib/chef/provider/user/aix.rb +1 -1
- data/lib/chef/provider/user/dscl.rb +6 -6
- data/lib/chef/provider/user/mac.rb +20 -15
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
- data/lib/chef/provider/windows_env.rb +3 -3
- data/lib/chef/provider/windows_script.rb +2 -2
- data/lib/chef/provider/windows_task.rb +10 -10
- data/lib/chef/providers.rb +0 -6
- data/lib/chef/recipe.rb +36 -0
- data/lib/chef/resource.rb +44 -57
- data/lib/chef/resource/action_class.rb +24 -22
- data/lib/chef/resource/alternatives.rb +210 -0
- data/lib/chef/resource/apt_package.rb +33 -3
- data/lib/chef/resource/apt_preference.rb +103 -7
- data/lib/chef/resource/apt_repository.rb +357 -18
- data/lib/chef/resource/apt_update.rb +58 -5
- data/lib/chef/resource/archive_file.rb +6 -5
- data/lib/chef/resource/bash.rb +3 -1
- data/lib/chef/resource/batch.rb +1 -1
- data/lib/chef/resource/bff_package.rb +10 -2
- data/lib/chef/resource/breakpoint.rb +1 -2
- data/lib/chef/resource/build_essential.rb +49 -51
- data/lib/chef/resource/cab_package.rb +9 -2
- data/lib/chef/resource/chef_client_cron.rb +228 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +201 -0
- data/lib/chef/resource/chef_client_systemd_timer.rb +180 -0
- data/lib/chef/resource/chef_gem.rb +15 -18
- data/lib/chef/resource/chef_handler.rb +5 -4
- data/lib/chef/resource/chef_sleep.rb +7 -5
- data/lib/chef/resource/chef_vault_secret.rb +135 -0
- data/lib/chef/resource/chocolatey_config.rb +8 -4
- data/lib/chef/resource/chocolatey_feature.rb +7 -4
- data/lib/chef/resource/chocolatey_package.rb +7 -4
- data/lib/chef/resource/chocolatey_source.rb +7 -4
- data/lib/chef/resource/cookbook_file.rb +4 -3
- data/lib/chef/resource/cron.rb +34 -80
- data/lib/chef/resource/cron_access.rb +10 -6
- data/lib/chef/resource/cron_d.rb +44 -95
- data/lib/chef/resource/csh.rb +3 -1
- data/lib/chef/resource/directory.rb +3 -3
- data/lib/chef/resource/dmg_package.rb +22 -19
- data/lib/chef/resource/dnf_package.rb +3 -4
- data/lib/chef/resource/dpkg_package.rb +3 -2
- data/lib/chef/resource/dsc_resource.rb +6 -4
- data/lib/chef/resource/dsc_script.rb +3 -2
- data/lib/chef/resource/execute.rb +15 -14
- data/lib/chef/resource/file.rb +14 -9
- data/lib/chef/resource/freebsd_package.rb +3 -2
- data/lib/chef/resource/gem_package.rb +19 -11
- data/lib/chef/resource/group.rb +5 -2
- data/lib/chef/resource/helpers/cron_validations.rb +98 -0
- data/lib/chef/resource/homebrew_cask.rb +3 -2
- data/lib/chef/resource/homebrew_package.rb +5 -3
- data/lib/chef/resource/homebrew_tap.rb +3 -2
- data/lib/chef/resource/hostname.rb +26 -20
- data/lib/chef/resource/http_request.rb +1 -2
- data/lib/chef/resource/ifconfig.rb +8 -8
- data/lib/chef/resource/ips_package.rb +11 -3
- data/lib/chef/resource/kernel_module.rb +30 -30
- data/lib/chef/resource/ksh.rb +3 -1
- data/lib/chef/resource/launchd.rb +3 -3
- data/lib/chef/resource/link.rb +5 -27
- data/lib/chef/resource/locale.rb +60 -26
- data/lib/chef/resource/log.rb +13 -2
- data/lib/chef/resource/lwrp_base.rb +1 -1
- data/lib/chef/resource/macos_userdefaults.rb +18 -10
- data/lib/chef/resource/macosx_service.rb +3 -2
- data/lib/chef/resource/macports_package.rb +10 -2
- data/lib/chef/resource/mdadm.rb +63 -3
- data/lib/chef/resource/mount.rb +4 -1
- data/lib/chef/resource/msu_package.rb +19 -2
- data/lib/chef/resource/notify_group.rb +8 -3
- data/lib/chef/resource/ohai.rb +20 -4
- data/lib/chef/resource/ohai_hint.rb +4 -13
- data/lib/chef/resource/openbsd_package.rb +10 -2
- data/lib/chef/resource/openssl_dhparam.rb +11 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +24 -2
- data/lib/chef/resource/openssl_ec_public_key.rb +22 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +21 -2
- data/lib/chef/resource/openssl_rsa_public_key.rb +23 -2
- data/lib/chef/resource/openssl_x509_certificate.rb +38 -2
- data/lib/chef/resource/openssl_x509_crl.rb +13 -2
- data/lib/chef/resource/openssl_x509_request.rb +38 -2
- data/lib/chef/resource/osx_profile.rb +4 -3
- data/lib/chef/resource/package.rb +3 -2
- data/lib/chef/resource/pacman_package.rb +3 -2
- data/lib/chef/resource/paludis_package.rb +13 -4
- data/lib/chef/resource/perl.rb +3 -1
- data/lib/chef/resource/plist.rb +207 -0
- data/lib/chef/resource/portage_package.rb +14 -4
- data/lib/chef/resource/powershell_package.rb +2 -4
- data/lib/chef/resource/powershell_package_source.rb +4 -2
- data/lib/chef/resource/powershell_script.rb +8 -18
- data/lib/chef/resource/python.rb +3 -1
- data/lib/chef/resource/reboot.rb +1 -2
- data/lib/chef/resource/registry_key.rb +2 -3
- data/lib/chef/resource/remote_directory.rb +3 -1
- data/lib/chef/resource/remote_file.rb +3 -2
- data/lib/chef/resource/rhsm_errata.rb +1 -4
- data/lib/chef/resource/rhsm_errata_level.rb +1 -2
- data/lib/chef/resource/rhsm_register.rb +3 -3
- data/lib/chef/resource/rhsm_repo.rb +4 -3
- data/lib/chef/resource/rhsm_subscription.rb +5 -4
- data/lib/chef/resource/route.rb +6 -2
- data/lib/chef/resource/rpm_package.rb +13 -3
- data/lib/chef/resource/ruby.rb +3 -1
- data/lib/chef/resource/ruby_block.rb +2 -5
- data/lib/chef/resource/scm/_scm.rb +49 -0
- data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
- data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +10 -7
- data/lib/chef/resource/script.rb +7 -4
- data/lib/chef/resource/service.rb +7 -8
- data/lib/chef/resource/smartos_package.rb +10 -2
- data/lib/chef/resource/snap_package.rb +4 -2
- data/lib/chef/resource/solaris_package.rb +10 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
- data/lib/chef/resource/sudo.rb +11 -11
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -2
- data/lib/chef/resource/support/ulimit.erb +41 -0
- data/lib/chef/resource/swap_file.rb +7 -5
- data/lib/chef/resource/sysctl.rb +63 -4
- data/lib/chef/resource/systemd_unit.rb +6 -4
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +8 -19
- data/lib/chef/resource/user.rb +3 -5
- data/lib/chef/resource/user/aix_user.rb +0 -2
- data/lib/chef/resource/user/dscl_user.rb +1 -1
- data/lib/chef/resource/user/linux_user.rb +0 -2
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user/pw_user.rb +0 -2
- data/lib/chef/resource/user/solaris_user.rb +0 -2
- data/lib/chef/resource/user/windows_user.rb +0 -2
- data/lib/chef/resource/user_ulimit.rb +116 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
- data/lib/chef/resource/windows_ad_join.rb +20 -7
- data/lib/chef/resource/windows_auto_run.rb +2 -3
- data/lib/chef/resource/windows_certificate.rb +3 -3
- data/lib/chef/resource/windows_dfs_folder.rb +1 -2
- data/lib/chef/resource/windows_dfs_namespace.rb +1 -2
- data/lib/chef/resource/windows_dfs_server.rb +2 -3
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +12 -4
- data/lib/chef/resource/windows_feature.rb +59 -4
- data/lib/chef/resource/windows_feature_dism.rb +24 -24
- data/lib/chef/resource/windows_feature_powershell.rb +44 -78
- data/lib/chef/resource/windows_firewall_rule.rb +121 -8
- data/lib/chef/resource/windows_font.rb +10 -2
- data/lib/chef/resource/windows_package.rb +76 -7
- data/lib/chef/resource/windows_pagefile.rb +31 -4
- data/lib/chef/resource/windows_path.rb +18 -2
- data/lib/chef/resource/windows_printer.rb +26 -7
- data/lib/chef/resource/windows_printer_port.rb +29 -2
- data/lib/chef/resource/windows_script.rb +3 -4
- data/lib/chef/resource/windows_security_policy.rb +119 -0
- data/lib/chef/resource/windows_service.rb +46 -32
- data/lib/chef/resource/windows_share.rb +22 -6
- data/lib/chef/resource/windows_shortcut.rb +13 -3
- data/lib/chef/resource/windows_task.rb +129 -16
- data/lib/chef/resource/windows_uac.rb +20 -2
- data/lib/chef/resource/windows_user_privilege.rb +199 -0
- data/lib/chef/resource/windows_workgroup.rb +19 -4
- data/lib/chef/resource/yum_package.rb +91 -7
- data/lib/chef/resource/yum_repository.rb +30 -12
- data/lib/chef/resource/zypper_package.rb +32 -5
- data/lib/chef/resource/zypper_repository.rb +19 -6
- data/lib/chef/resource_builder.rb +8 -0
- data/lib/chef/resource_inspector.rb +3 -2
- data/lib/chef/resource_resolver.rb +7 -14
- data/lib/chef/resources.rb +11 -3
- data/lib/chef/run_context/cookbook_compiler.rb +29 -5
- data/lib/chef/scan_access_control.rb +1 -1
- data/lib/chef/shell.rb +22 -0
- data/lib/chef/shell/ext.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api.rb +2 -2
- data/lib/chef/win32/api/error.rb +3 -1
- data/lib/chef/win32/api/file.rb +1 -1
- data/lib/chef/win32/api/net.rb +1 -0
- data/lib/chef/win32/api/security.rb +6 -0
- data/lib/chef/win32/file.rb +1 -9
- data/lib/chef/win32/mutex.rb +1 -1
- data/lib/chef/win32/net.rb +1 -0
- data/lib/chef/win32/security.rb +40 -2
- data/lib/chef/win32/security/sid.rb +4 -4
- data/spec/functional/assets/inittest +8 -7
- data/spec/functional/knife/ssh_spec.rb +23 -19
- data/spec/functional/resource/cron_spec.rb +10 -29
- data/spec/functional/resource/dnf_package_spec.rb +441 -156
- data/spec/functional/resource/git_spec.rb +184 -134
- data/spec/functional/resource/insserv_spec.rb +1 -1
- data/spec/functional/resource/launchd_spec.rb +232 -0
- data/spec/functional/resource/link_spec.rb +3 -3
- data/spec/functional/resource/locale_spec.rb +13 -2
- data/spec/functional/resource/msu_package_spec.rb +5 -2
- data/spec/functional/resource/powershell_script_spec.rb +7 -68
- data/spec/functional/resource/remote_file_spec.rb +1 -1
- data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
- data/spec/functional/resource/windows_task_spec.rb +4 -4
- data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
- data/spec/functional/run_lock_spec.rb +1 -1
- data/spec/functional/shell_spec.rb +1 -1
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +0 -6
- data/spec/functional/win32/security_spec.rb +22 -0
- data/spec/integration/client/client_spec.rb +123 -2
- data/spec/integration/knife/cookbook_show_spec.rb +28 -26
- data/spec/integration/knife/data_bag_show_spec.rb +1 -1
- data/spec/integration/knife/raw_spec.rb +34 -6
- data/spec/integration/knife/redirection_spec.rb +2 -2
- data/spec/integration/knife/show_spec.rb +32 -3
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +3 -3
- data/spec/integration/recipes/noop_resource_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +49 -20
- data/spec/integration/recipes/notifying_block_spec.rb +8 -5
- data/spec/integration/recipes/provider_choice.rb +2 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +45 -143
- data/spec/integration/recipes/resource_action_spec.rb +16 -11
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -1
- data/spec/integration/recipes/resource_load_spec.rb +133 -12
- data/spec/integration/recipes/use_partial_spec.rb +112 -0
- data/spec/integration/solo/solo_spec.rb +3 -3
- data/spec/spec_helper.rb +18 -3
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
- data/spec/support/platform_helpers.rb +2 -20
- data/spec/support/recipe_dsl_helper.rb +83 -0
- data/spec/support/shared/functional/http.rb +2 -2
- data/spec/support/shared/functional/windows_script.rb +3 -16
- data/spec/support/shared/integration/knife_support.rb +9 -6
- data/spec/support/shared/unit/mock_shellout.rb +1 -1
- data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +4 -4
- data/spec/unit/application/apply_spec.rb +3 -0
- data/spec/unit/application/client_spec.rb +5 -1
- data/spec/unit/application_spec.rb +1 -2
- data/spec/unit/client_spec.rb +7 -5
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -2
- data/spec/unit/cookbook/metadata_spec.rb +38 -19
- data/spec/unit/data_collector_spec.rb +39 -18
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
- data/spec/unit/knife/bootstrap_spec.rb +20 -38
- data/spec/unit/knife/cookbook_show_spec.rb +1 -0
- data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
- data/spec/unit/knife/core/ui_spec.rb +16 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +9 -63
- data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
- data/spec/unit/knife/ssh_spec.rb +8 -111
- data/spec/unit/knife/status_spec.rb +1 -1
- data/spec/unit/knife_spec.rb +18 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +4 -4
- data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
- data/spec/unit/mixin/shell_out_spec.rb +25 -31
- data/spec/unit/node/attribute_spec.rb +3 -3
- data/spec/unit/node_spec.rb +24 -0
- data/spec/unit/platform/query_helpers_spec.rb +0 -143
- data/spec/unit/property/state_spec.rb +12 -7
- data/spec/unit/property/validation_spec.rb +25 -1
- data/spec/unit/property_spec.rb +12 -9
- data/spec/unit/provider/apt_preference_spec.rb +14 -10
- data/spec/unit/provider/apt_repository_spec.rb +34 -36
- data/spec/unit/provider/apt_update_spec.rb +12 -11
- data/spec/unit/provider/cookbook_file_spec.rb +4 -4
- data/spec/unit/provider/cron_spec.rb +2 -2
- data/spec/unit/provider/directory_spec.rb +4 -15
- data/spec/unit/provider/file_spec.rb +4 -4
- data/spec/unit/provider/git_spec.rb +41 -1
- data/spec/unit/provider/group/groupadd_spec.rb +1 -1
- data/spec/unit/provider/launchd_spec.rb +8 -50
- data/spec/unit/provider/link_spec.rb +0 -1
- data/spec/unit/provider/log_spec.rb +3 -3
- data/spec/unit/provider/mdadm_spec.rb +3 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
- data/spec/unit/provider/package/homebrew_spec.rb +280 -174
- data/spec/unit/provider/package/pacman_spec.rb +65 -147
- data/spec/unit/provider/package/portage_spec.rb +2 -2
- data/spec/unit/provider/package/powershell_spec.rb +3 -2
- data/spec/unit/provider/package/rubygems_spec.rb +211 -26
- data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
- data/spec/unit/provider/powershell_script_spec.rb +21 -61
- data/spec/unit/provider/remote_file_spec.rb +3 -4
- data/spec/unit/provider/service/debian_service_spec.rb +34 -13
- data/spec/unit/provider/service/macosx_spec.rb +210 -214
- data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
- data/spec/unit/provider/subversion_spec.rb +4 -2
- data/spec/unit/provider/template_spec.rb +3 -4
- data/spec/unit/provider/zypper_repository_spec.rb +17 -17
- data/spec/unit/provider_resolver_spec.rb +4 -4
- data/spec/unit/recipe_spec.rb +68 -0
- data/spec/unit/resource/alternatives_spec.rb +120 -0
- data/spec/unit/resource/apt_preference_spec.rb +0 -18
- data/spec/unit/resource/apt_repository_spec.rb +0 -18
- data/spec/unit/resource/apt_update_spec.rb +0 -18
- data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
- data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
- data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
- data/spec/unit/resource/cron_d_spec.rb +6 -48
- data/spec/unit/resource/cron_spec.rb +4 -10
- data/spec/unit/resource/gem_package_spec.rb +3 -3
- data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
- data/spec/unit/resource/link_spec.rb +0 -4
- data/spec/unit/resource/locale_spec.rb +0 -34
- data/spec/unit/resource/msu_package_spec.rb +4 -0
- data/spec/unit/resource/ohai_spec.rb +56 -2
- data/spec/unit/resource/plist_spec.rb +130 -0
- data/spec/unit/resource/powershell_script_spec.rb +0 -5
- data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
- data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
- data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
- data/spec/unit/resource/service_spec.rb +4 -0
- data/spec/unit/resource/user_spec.rb +2 -2
- data/spec/unit/resource/user_ulimit_spec.rb +53 -0
- data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
- data/spec/unit/resource/windows_feature_powershell_spec.rb +2 -17
- data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
- data/spec/unit/resource/windows_package_spec.rb +14 -0
- data/spec/unit/resource/windows_service_spec.rb +9 -0
- data/spec/unit/resource_reporter_spec.rb +2 -6
- data/spec/unit/resource_spec.rb +10 -3
- data/spec/unit/run_lock_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/search/query_spec.rb +1 -1
- data/spec/unit/win32/registry_spec.rb +1 -1
- data/tasks/rspec.rb +6 -14
- metadata +92 -37
- data/lib/chef/dsl/core.rb +0 -52
- data/lib/chef/knife/cookbook_site_share.rb +0 -41
- data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
- data/lib/chef/provider/apt_preference.rb +0 -93
- data/lib/chef/provider/apt_repository.rb +0 -358
- data/lib/chef/provider/apt_update.rb +0 -79
- data/lib/chef/provider/log.rb +0 -43
- data/lib/chef/provider/mdadm.rb +0 -85
- data/lib/chef/provider/ohai.rb +0 -45
- data/lib/chef/resource/git.rb +0 -37
- data/spec/unit/provider/ohai_spec.rb +0 -84
data/lib/chef/json_compat.rb
CHANGED
data/lib/chef/key.rb
CHANGED
@@ -252,7 +252,7 @@ class Chef
|
|
252
252
|
OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.n),
|
253
253
|
OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.e),
|
254
254
|
])
|
255
|
-
OpenSSL::Digest
|
255
|
+
OpenSSL::Digest.hexdigest("SHA1", data_string.to_der).scan(/../).join(":")
|
256
256
|
end
|
257
257
|
|
258
258
|
def list(keys, actor, load_method_symbol, inflate)
|
data/lib/chef/knife.rb
CHANGED
@@ -279,12 +279,10 @@ class Chef
|
|
279
279
|
|
280
280
|
if CHEF_ORGANIZATION_MANAGEMENT.include?(args[0])
|
281
281
|
list_commands("CHEF ORGANIZATION MANAGEMENT")
|
282
|
-
elsif OPSCODE_HOSTED_CHEF_ACCESS_CONTROL.include?(args[0])
|
283
|
-
list_commands("OPSCODE HOSTED CHEF ACCESS CONTROL")
|
284
282
|
elsif category_commands = guess_category(args)
|
285
283
|
list_commands(category_commands)
|
286
284
|
elsif OFFICIAL_PLUGINS.include?(args[0]) # command was an uninstalled official chef knife plugin
|
287
|
-
ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into
|
285
|
+
ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into Chef Workstation")
|
288
286
|
else
|
289
287
|
list_commands
|
290
288
|
end
|
@@ -329,7 +327,7 @@ class Chef
|
|
329
327
|
end
|
330
328
|
|
331
329
|
# Grab a copy before config merge occurs, so that we can later identify
|
332
|
-
#
|
330
|
+
# where a given config value is sourced from.
|
333
331
|
@original_config = config.dup
|
334
332
|
|
335
333
|
# copy Mixlib::CLI over so that it can be configured in config.rb/knife.rb
|
@@ -0,0 +1,57 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class AclAdd < Chef::Knife
|
25
|
+
category "acl"
|
26
|
+
banner "knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
|
27
|
+
|
28
|
+
deps do
|
29
|
+
require_relative "acl_base"
|
30
|
+
include Chef::Knife::AclBase
|
31
|
+
end
|
32
|
+
|
33
|
+
def run
|
34
|
+
member_type, member_name, object_type, object_name, perms = name_args
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
unless %w{client group}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
44
|
+
ui.fatal " See the knife-acl README for more information."
|
45
|
+
exit 1
|
46
|
+
end
|
47
|
+
validate_perm_type!(perms)
|
48
|
+
validate_member_name!(member_name)
|
49
|
+
validate_object_name!(object_name)
|
50
|
+
validate_object_type!(object_type)
|
51
|
+
validate_member_exists!(member_type, member_name)
|
52
|
+
|
53
|
+
add_to_acl!(member_type, member_name, object_type, object_name, perms)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,183 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
module AclBase
|
25
|
+
|
26
|
+
PERM_TYPES = %w{create read update delete grant}.freeze unless defined? PERM_TYPES
|
27
|
+
MEMBER_TYPES = %w{client group user}.freeze unless defined? MEMBER_TYPES
|
28
|
+
OBJECT_TYPES = %w{clients containers cookbooks data environments groups nodes roles policies policy_groups}.freeze unless defined? OBJECT_TYPES
|
29
|
+
OBJECT_NAME_SPEC = /^[\-[:alnum:]_\.]+$/.freeze unless defined? OBJECT_NAME_SPEC
|
30
|
+
|
31
|
+
def validate_object_type!(type)
|
32
|
+
unless OBJECT_TYPES.include?(type)
|
33
|
+
ui.fatal "Unknown object type \"#{type}\". The following types are permitted: #{OBJECT_TYPES.join(", ")}"
|
34
|
+
exit 1
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def validate_object_name!(name)
|
39
|
+
unless OBJECT_NAME_SPEC.match(name)
|
40
|
+
ui.fatal "Invalid name: #{name}"
|
41
|
+
exit 1
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def validate_member_type!(type)
|
46
|
+
unless MEMBER_TYPES.include?(type)
|
47
|
+
ui.fatal "Unknown member type \"#{type}\". The following types are permitted: #{MEMBER_TYPES.join(", ")}"
|
48
|
+
exit 1
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def validate_member_name!(name)
|
53
|
+
# Same rules apply to objects and members
|
54
|
+
validate_object_name!(name)
|
55
|
+
end
|
56
|
+
|
57
|
+
def validate_perm_type!(perms)
|
58
|
+
perms.split(",").each do |perm|
|
59
|
+
unless PERM_TYPES.include?(perm)
|
60
|
+
ui.fatal "Invalid permission \"#{perm}\". The following permissions are permitted: #{PERM_TYPES.join(",")}"
|
61
|
+
exit 1
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def validate_member_exists!(member_type, member_name)
|
67
|
+
true if rest.get_rest("#{member_type}s/#{member_name}")
|
68
|
+
rescue NameError
|
69
|
+
# ignore "NameError: uninitialized constant Chef::ApiClient" when finding a client
|
70
|
+
true
|
71
|
+
rescue
|
72
|
+
ui.fatal "#{member_type} '#{member_name}' does not exist"
|
73
|
+
exit 1
|
74
|
+
end
|
75
|
+
|
76
|
+
def is_usag?(gname)
|
77
|
+
gname.length == 32 && gname =~ /^[0-9a-f]+$/
|
78
|
+
end
|
79
|
+
|
80
|
+
def get_acl(object_type, object_name)
|
81
|
+
rest.get_rest("#{object_type}/#{object_name}/_acl?detail=granular")
|
82
|
+
end
|
83
|
+
|
84
|
+
def get_ace(object_type, object_name, perm)
|
85
|
+
get_acl(object_type, object_name)[perm]
|
86
|
+
end
|
87
|
+
|
88
|
+
def add_to_acl!(member_type, member_name, object_type, object_name, perms)
|
89
|
+
acl = get_acl(object_type, object_name)
|
90
|
+
perms.split(",").each do |perm|
|
91
|
+
ui.msg "Adding '#{member_name}' to '#{perm}' ACE of '#{object_name}'"
|
92
|
+
ace = acl[perm]
|
93
|
+
|
94
|
+
case member_type
|
95
|
+
when "client", "user"
|
96
|
+
# Our PUT body depends on the type of reply we get from _acl?detail=granular
|
97
|
+
# When the server replies with json attributes 'users' and 'clients',
|
98
|
+
# we'll want to modify entries under the same keys they arrived.- their presence
|
99
|
+
# in the body tells us that CS will accept them in a PUT.
|
100
|
+
# Older version of chef-server will continue to use 'actors' for a combined list
|
101
|
+
# and expect the same in the body.
|
102
|
+
key = "#{member_type}s"
|
103
|
+
key = "actors" unless ace.key? key
|
104
|
+
next if ace[key].include?(member_name)
|
105
|
+
|
106
|
+
ace[key] << member_name
|
107
|
+
when "group"
|
108
|
+
next if ace["groups"].include?(member_name)
|
109
|
+
|
110
|
+
ace["groups"] << member_name
|
111
|
+
end
|
112
|
+
|
113
|
+
update_ace!(object_type, object_name, perm, ace)
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
def remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
118
|
+
acl = get_acl(object_type, object_name)
|
119
|
+
perms.split(",").each do |perm|
|
120
|
+
ui.msg "Removing '#{member_name}' from '#{perm}' ACE of '#{object_name}'"
|
121
|
+
ace = acl[perm]
|
122
|
+
|
123
|
+
case member_type
|
124
|
+
when "client", "user"
|
125
|
+
key = "#{member_type}s"
|
126
|
+
key = "actors" unless ace.key? key
|
127
|
+
next unless ace[key].include?(member_name)
|
128
|
+
|
129
|
+
ace[key].delete(member_name)
|
130
|
+
when "group"
|
131
|
+
next unless ace["groups"].include?(member_name)
|
132
|
+
|
133
|
+
ace["groups"].delete(member_name)
|
134
|
+
end
|
135
|
+
|
136
|
+
update_ace!(object_type, object_name, perm, ace)
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
def update_ace!(object_type, object_name, ace_type, ace)
|
141
|
+
rest.put_rest("#{object_type}/#{object_name}/_acl/#{ace_type}", ace_type => ace)
|
142
|
+
end
|
143
|
+
|
144
|
+
def add_to_group!(member_type, member_name, group_name)
|
145
|
+
validate_member_exists!(member_type, member_name)
|
146
|
+
existing_group = rest.get_rest("groups/#{group_name}")
|
147
|
+
ui.msg "Adding '#{member_name}' to '#{group_name}' group"
|
148
|
+
unless existing_group["#{member_type}s"].include?(member_name)
|
149
|
+
existing_group["#{member_type}s"] << member_name
|
150
|
+
new_group = {
|
151
|
+
"groupname" => existing_group["groupname"],
|
152
|
+
"orgname" => existing_group["orgname"],
|
153
|
+
"actors" => {
|
154
|
+
"users" => existing_group["users"],
|
155
|
+
"clients" => existing_group["clients"],
|
156
|
+
"groups" => existing_group["groups"],
|
157
|
+
},
|
158
|
+
}
|
159
|
+
rest.put_rest("groups/#{group_name}", new_group)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
def remove_from_group!(member_type, member_name, group_name)
|
164
|
+
validate_member_exists!(member_type, member_name)
|
165
|
+
existing_group = rest.get_rest("groups/#{group_name}")
|
166
|
+
ui.msg "Removing '#{member_name}' from '#{group_name}' group"
|
167
|
+
if existing_group["#{member_type}s"].include?(member_name)
|
168
|
+
existing_group["#{member_type}s"].delete(member_name)
|
169
|
+
new_group = {
|
170
|
+
"groupname" => existing_group["groupname"],
|
171
|
+
"orgname" => existing_group["orgname"],
|
172
|
+
"actors" => {
|
173
|
+
"users" => existing_group["users"],
|
174
|
+
"clients" => existing_group["clients"],
|
175
|
+
"groups" => existing_group["groups"],
|
176
|
+
},
|
177
|
+
}
|
178
|
+
rest.put_rest("groups/#{group_name}", new_group)
|
179
|
+
end
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
@@ -0,0 +1,78 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclBulkAdd < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
member_type, member_name, object_type, regex, perms = name_args
|
34
|
+
object_name_matcher = /#{regex}/
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
unless %w{client group}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
44
|
+
ui.fatal " See the knife-acl README for more information."
|
45
|
+
exit 1
|
46
|
+
end
|
47
|
+
validate_perm_type!(perms)
|
48
|
+
validate_member_name!(member_name)
|
49
|
+
validate_object_type!(object_type)
|
50
|
+
validate_member_exists!(member_type, member_name)
|
51
|
+
|
52
|
+
if %w{containers groups}.include?(object_type)
|
53
|
+
ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
|
54
|
+
exit 1
|
55
|
+
end
|
56
|
+
|
57
|
+
objects_to_modify = []
|
58
|
+
all_objects = rest.get_rest(object_type)
|
59
|
+
objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
|
60
|
+
|
61
|
+
if objects_to_modify.empty?
|
62
|
+
ui.info "No #{object_type} match the expression /#{regex}/"
|
63
|
+
exit 0
|
64
|
+
end
|
65
|
+
|
66
|
+
ui.msg("The ACL of the following #{object_type} will be modified:")
|
67
|
+
ui.msg("")
|
68
|
+
ui.msg(ui.list(objects_to_modify.sort, :columns_down))
|
69
|
+
ui.msg("")
|
70
|
+
ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
|
71
|
+
|
72
|
+
objects_to_modify.each do |object_name|
|
73
|
+
add_to_acl!(member_type, member_name, object_type, object_name, perms)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclBulkRemove < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl bulk remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
member_type, member_name, object_type, regex, perms = name_args
|
34
|
+
object_name_matcher = /#{regex}/
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if member_name == "pivotal" && %w{client user}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
|
44
|
+
exit 1
|
45
|
+
end
|
46
|
+
if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
|
47
|
+
ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
|
48
|
+
ui.fatal " Removal could prevent future attempts to modify permissions."
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
validate_perm_type!(perms)
|
52
|
+
validate_member_type!(member_type)
|
53
|
+
validate_member_name!(member_name)
|
54
|
+
validate_object_type!(object_type)
|
55
|
+
validate_member_exists!(member_type, member_name)
|
56
|
+
|
57
|
+
if %w{containers groups}.include?(object_type)
|
58
|
+
ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
|
59
|
+
exit 1
|
60
|
+
end
|
61
|
+
|
62
|
+
objects_to_modify = []
|
63
|
+
all_objects = rest.get_rest(object_type)
|
64
|
+
objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
|
65
|
+
|
66
|
+
if objects_to_modify.empty?
|
67
|
+
ui.info "No #{object_type} match the expression /#{regex}/"
|
68
|
+
exit 0
|
69
|
+
end
|
70
|
+
|
71
|
+
ui.msg("The ACL of the following #{object_type} will be modified:")
|
72
|
+
ui.msg("")
|
73
|
+
ui.msg(ui.list(objects_to_modify.sort, :columns_down))
|
74
|
+
ui.msg("")
|
75
|
+
ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
|
76
|
+
|
77
|
+
objects_to_modify.each do |object_name|
|
78
|
+
remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class AclRemove < Chef::Knife
|
25
|
+
category "acl"
|
26
|
+
banner "knife acl remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
|
27
|
+
|
28
|
+
deps do
|
29
|
+
require_relative "acl_base"
|
30
|
+
include Chef::Knife::AclBase
|
31
|
+
end
|
32
|
+
|
33
|
+
def run
|
34
|
+
member_type, member_name, object_type, object_name, perms = name_args
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group|user], member name, object type, object name and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if member_name == "pivotal" && %w{client user}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
|
44
|
+
exit 1
|
45
|
+
end
|
46
|
+
if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
|
47
|
+
ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
|
48
|
+
ui.fatal " Removal could prevent future attempts to modify permissions."
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
validate_perm_type!(perms)
|
52
|
+
validate_member_type!(member_type)
|
53
|
+
validate_member_name!(member_name)
|
54
|
+
validate_object_name!(object_name)
|
55
|
+
validate_object_type!(object_type)
|
56
|
+
validate_member_exists!(member_type, member_name)
|
57
|
+
|
58
|
+
remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|