chef 15.17.4-universal-mingw32 → 16.0.257-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +14 -20
- data/README.md +6 -6
- data/Rakefile +18 -23
- data/chef-universal-mingw32.gemspec +4 -4
- data/chef.gemspec +10 -26
- data/distro/powershell/chef/chef.psm1 +3 -3
- data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
- data/lib/chef/action_collection.rb +16 -5
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +33 -54
- data/lib/chef/application/apply.rb +20 -3
- data/lib/chef/application/base.rb +8 -3
- data/lib/chef/application/exit_code.rb +2 -2
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/chef_class.rb +4 -4
- data/lib/chef/chef_fs/chef_fs_data_store.rb +3 -3
- data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +0 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +5 -5
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +3 -3
- data/lib/chef/client.rb +16 -14
- data/lib/chef/config.rb +1 -1
- data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +45 -22
- data/lib/chef/cookbook_version.rb +40 -5
- data/lib/chef/data_bag.rb +2 -2
- data/lib/chef/data_collector/error_handlers.rb +1 -1
- data/lib/chef/data_collector/run_end_message.rb +7 -1
- data/lib/chef/deprecated.rb +1 -9
- data/lib/chef/dist.rb +8 -0
- data/lib/chef/dsl/chef_vault.rb +84 -0
- data/lib/chef/dsl/declare_resource.rb +7 -5
- data/lib/chef/dsl/platform_introspection.rb +2 -3
- data/lib/chef/dsl/recipe.rb +7 -12
- data/lib/chef/dsl/universal.rb +3 -7
- data/lib/chef/environment.rb +2 -2
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +0 -3
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +7 -7
- data/lib/chef/formatters/indentable_output_stream.rb +7 -16
- data/lib/chef/http.rb +1 -2
- data/lib/chef/http/http_request.rb +3 -2
- data/lib/chef/knife.rb +1 -3
- data/lib/chef/knife/acl_add.rb +57 -0
- data/lib/chef/knife/acl_base.rb +183 -0
- data/lib/chef/knife/acl_bulk_add.rb +78 -0
- data/lib/chef/knife/acl_bulk_remove.rb +83 -0
- data/lib/chef/knife/acl_remove.rb +62 -0
- data/lib/chef/knife/acl_show.rb +56 -0
- data/lib/chef/knife/bootstrap.rb +93 -97
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +20 -20
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +13 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +0 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/core/bootstrap_context.rb +63 -60
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +4 -3
- data/lib/chef/knife/core/hashed_command_loader.rb +2 -3
- data/lib/chef/knife/core/node_presenter.rb +2 -2
- data/lib/chef/knife/core/status_presenter.rb +5 -5
- data/lib/chef/knife/core/subcommand_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +17 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +45 -58
- data/lib/chef/knife/data_bag_secret_options.rb +18 -45
- data/lib/chef/knife/environment_compare.rb +1 -1
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/group_add.rb +55 -0
- data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
- data/lib/chef/knife/group_destroy.rb +53 -0
- data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
- data/lib/chef/knife/group_remove.rb +56 -0
- data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
- data/lib/chef/knife/list.rb +1 -1
- data/lib/chef/knife/ssh.rb +12 -50
- data/lib/chef/knife/status.rb +3 -3
- data/lib/chef/knife/supermarket_download.rb +1 -2
- data/lib/chef/knife/supermarket_install.rb +1 -2
- data/lib/chef/knife/supermarket_list.rb +1 -2
- data/lib/chef/knife/supermarket_search.rb +1 -2
- data/lib/chef/knife/supermarket_share.rb +1 -2
- data/lib/chef/knife/supermarket_show.rb +1 -2
- data/lib/chef/knife/supermarket_unshare.rb +1 -2
- data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
- data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
- data/lib/chef/knife/user_invite_list.rb +34 -0
- data/lib/chef/knife/user_invite_recind.rb +63 -0
- data/lib/chef/knife/yaml_convert.rb +91 -0
- data/lib/chef/log.rb +1 -1
- data/lib/chef/mixin/create_path.rb +8 -8
- data/lib/chef/mixin/openssl_helper.rb +3 -26
- data/lib/chef/mixin/powershell_exec.rb +10 -1
- data/lib/chef/mixin/powershell_out.rb +1 -1
- data/lib/chef/mixin/properties.rb +13 -1
- data/lib/chef/mixin/shell_out.rb +0 -4
- data/lib/chef/mixin/template.rb +0 -1
- data/lib/chef/monkey_patches/net_http.rb +0 -4
- data/lib/chef/node.rb +18 -6
- data/lib/chef/node/mixin/deep_merge_cache.rb +7 -7
- data/lib/chef/node/mixin/immutablize_array.rb +4 -0
- data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
- data/lib/chef/node_map.rb +7 -36
- data/lib/chef/platform/priority_map.rb +4 -4
- data/lib/chef/platform/query_helpers.rb +6 -34
- data/lib/chef/powershell.rb +14 -0
- data/lib/chef/property.rb +22 -4
- data/lib/chef/provider.rb +40 -6
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/dsc_resource.rb +1 -1
- data/lib/chef/provider/dsc_script.rb +1 -1
- data/lib/chef/provider/execute.rb +2 -8
- data/lib/chef/provider/file.rb +5 -5
- data/lib/chef/provider/git.rb +84 -27
- data/lib/chef/provider/group.rb +4 -4
- data/lib/chef/provider/http_request.rb +6 -6
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/launchd.rb +36 -51
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/mount/solaris.rb +1 -0
- data/lib/chef/provider/osx_profile.rb +7 -3
- data/lib/chef/provider/package.rb +2 -2
- data/lib/chef/provider/package/cab.rb +3 -4
- data/lib/chef/provider/package/chocolatey.rb +1 -3
- data/lib/chef/provider/package/dnf.rb +66 -10
- data/lib/chef/provider/package/dnf/dnf_helper.py +84 -30
- data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
- data/lib/chef/provider/package/dnf/version.rb +5 -1
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -3
- data/lib/chef/provider/package/homebrew.rb +106 -42
- data/lib/chef/provider/package/msu.rb +3 -1
- data/lib/chef/provider/package/pacman.rb +25 -34
- data/lib/chef/provider/package/powershell.rb +2 -6
- data/lib/chef/provider/package/rubygems.rb +29 -2
- data/lib/chef/provider/package/snap.rb +27 -96
- data/lib/chef/provider/package/windows.rb +3 -2
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/yum.rb +0 -8
- data/lib/chef/provider/package/yum/yum_helper.py +0 -4
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +4 -10
- data/lib/chef/provider/registry_key.rb +4 -4
- data/lib/chef/provider/remote_directory.rb +3 -3
- data/lib/chef/provider/remote_file/ftp.rb +3 -2
- data/lib/chef/provider/remote_file/local_file.rb +2 -1
- data/lib/chef/provider/remote_file/sftp.rb +3 -2
- data/lib/chef/provider/route.rb +5 -3
- data/lib/chef/provider/ruby_block.rb +1 -1
- data/lib/chef/provider/script.rb +2 -2
- data/lib/chef/provider/service.rb +8 -8
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/arch.rb +2 -2
- data/lib/chef/provider/service/debian.rb +31 -29
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +7 -12
- data/lib/chef/provider/service/openbsd.rb +1 -1
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/simple.rb +3 -3
- data/lib/chef/provider/service/systemd.rb +12 -12
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +5 -11
- data/lib/chef/provider/subversion.rb +25 -5
- data/lib/chef/provider/systemd_unit.rb +26 -25
- data/lib/chef/provider/user.rb +6 -6
- data/lib/chef/provider/user/dscl.rb +3 -3
- data/lib/chef/provider/user/mac.rb +10 -9
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
- data/lib/chef/provider/windows_env.rb +3 -3
- data/lib/chef/provider/windows_script.rb +2 -2
- data/lib/chef/provider/windows_task.rb +7 -9
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +11 -31
- data/lib/chef/providers.rb +0 -6
- data/lib/chef/recipe.rb +36 -0
- data/lib/chef/resource.rb +41 -56
- data/lib/chef/resource/action_class.rb +24 -22
- data/lib/chef/resource/alternatives.rb +149 -0
- data/lib/chef/resource/apt_package.rb +2 -1
- data/lib/chef/resource/apt_preference.rb +69 -2
- data/lib/chef/resource/apt_repository.rb +337 -5
- data/lib/chef/resource/apt_update.rb +52 -1
- data/lib/chef/resource/archive_file.rb +9 -29
- data/lib/chef/resource/bash.rb +2 -0
- data/lib/chef/resource/bff_package.rb +9 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +42 -48
- data/lib/chef/resource/cab_package.rb +8 -1
- data/lib/chef/resource/chef_client_cron.rb +225 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +198 -0
- data/lib/chef/resource/chef_client_systemd_timer.rb +177 -0
- data/lib/chef/resource/chef_gem.rb +9 -16
- data/lib/chef/resource/chef_handler.rb +2 -1
- data/lib/chef/resource/chef_sleep.rb +0 -1
- data/lib/chef/resource/chef_vault_secret.rb +135 -0
- data/lib/chef/resource/chocolatey_config.rb +3 -1
- data/lib/chef/resource/chocolatey_feature.rb +2 -1
- data/lib/chef/resource/chocolatey_package.rb +2 -1
- data/lib/chef/resource/chocolatey_source.rb +2 -1
- data/lib/chef/resource/cookbook_file.rb +1 -1
- data/lib/chef/resource/cron.rb +22 -68
- data/lib/chef/resource/cron_access.rb +8 -15
- data/lib/chef/resource/cron_d.rb +9 -75
- data/lib/chef/resource/csh.rb +2 -0
- data/lib/chef/resource/directory.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +4 -4
- data/lib/chef/resource/dnf_package.rb +2 -3
- data/lib/chef/resource/dpkg_package.rb +2 -1
- data/lib/chef/resource/dsc_resource.rb +6 -4
- data/lib/chef/resource/dsc_script.rb +3 -2
- data/lib/chef/resource/execute.rb +13 -12
- data/lib/chef/resource/file.rb +3 -1
- data/lib/chef/resource/freebsd_package.rb +2 -1
- data/lib/chef/resource/gem_package.rb +14 -6
- data/lib/chef/resource/group.rb +4 -1
- data/lib/chef/resource/helpers/cron_validations.rb +98 -0
- data/lib/chef/resource/homebrew_cask.rb +5 -4
- data/lib/chef/resource/homebrew_package.rb +4 -2
- data/lib/chef/resource/homebrew_tap.rb +2 -1
- data/lib/chef/resource/hostname.rb +41 -36
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +1 -1
- data/lib/chef/resource/ips_package.rb +10 -2
- data/lib/chef/resource/kernel_module.rb +29 -29
- data/lib/chef/resource/ksh.rb +2 -0
- data/lib/chef/resource/launchd.rb +6 -6
- data/lib/chef/resource/link.rb +1 -23
- data/lib/chef/resource/locale.rb +58 -24
- data/lib/chef/resource/log.rb +12 -1
- data/lib/chef/resource/lwrp_base.rb +1 -8
- data/lib/chef/resource/macos_userdefaults.rb +9 -6
- data/lib/chef/resource/macosx_service.rb +2 -1
- data/lib/chef/resource/macports_package.rb +10 -2
- data/lib/chef/resource/mdadm.rb +62 -2
- data/lib/chef/resource/mount.rb +3 -0
- data/lib/chef/resource/msu_package.rb +13 -1
- data/lib/chef/resource/notify_group.rb +8 -3
- data/lib/chef/resource/ohai.rb +19 -3
- data/lib/chef/resource/ohai_hint.rb +3 -12
- data/lib/chef/resource/openbsd_package.rb +9 -1
- data/lib/chef/resource/openssl_dhparam.rb +10 -1
- data/lib/chef/resource/openssl_ec_private_key.rb +23 -1
- data/lib/chef/resource/openssl_ec_public_key.rb +21 -1
- data/lib/chef/resource/openssl_rsa_private_key.rb +20 -1
- data/lib/chef/resource/openssl_rsa_public_key.rb +22 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +37 -1
- data/lib/chef/resource/openssl_x509_crl.rb +12 -1
- data/lib/chef/resource/openssl_x509_request.rb +37 -1
- data/lib/chef/resource/osx_profile.rb +3 -2
- data/lib/chef/resource/package.rb +2 -1
- data/lib/chef/resource/pacman_package.rb +2 -1
- data/lib/chef/resource/paludis_package.rb +12 -3
- data/lib/chef/resource/perl.rb +2 -0
- data/lib/chef/resource/plist.rb +207 -0
- data/lib/chef/resource/portage_package.rb +13 -3
- data/lib/chef/resource/powershell_package.rb +1 -3
- data/lib/chef/resource/powershell_package_source.rb +3 -1
- data/lib/chef/resource/powershell_script.rb +7 -17
- data/lib/chef/resource/python.rb +2 -0
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +1 -2
- data/lib/chef/resource/remote_directory.rb +2 -0
- data/lib/chef/resource/remote_file.rb +2 -0
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +2 -1
- data/lib/chef/resource/rhsm_repo.rb +3 -1
- data/lib/chef/resource/rhsm_subscription.rb +4 -1
- data/lib/chef/resource/route.rb +5 -1
- data/lib/chef/resource/rpm_package.rb +9 -2
- data/lib/chef/resource/ruby.rb +2 -0
- data/lib/chef/resource/ruby_block.rb +1 -1
- data/lib/chef/resource/scm/_scm.rb +48 -0
- data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
- data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +8 -5
- data/lib/chef/resource/script.rb +6 -3
- data/lib/chef/resource/service.rb +6 -7
- data/lib/chef/resource/smartos_package.rb +9 -1
- data/lib/chef/resource/snap_package.rb +3 -1
- data/lib/chef/resource/solaris_package.rb +9 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
- data/lib/chef/resource/sudo.rb +9 -9
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -2
- data/lib/chef/resource/support/ulimit.erb +41 -0
- data/lib/chef/resource/swap_file.rb +5 -3
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +4 -2
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +7 -18
- data/lib/chef/resource/user.rb +1 -3
- data/lib/chef/resource/user/aix_user.rb +0 -2
- data/lib/chef/resource/user/dscl_user.rb +1 -1
- data/lib/chef/resource/user/linux_user.rb +0 -2
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user/pw_user.rb +0 -2
- data/lib/chef/resource/user/solaris_user.rb +0 -2
- data/lib/chef/resource/user/windows_user.rb +0 -2
- data/lib/chef/resource/user_ulimit.rb +114 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
- data/lib/chef/resource/windows_ad_join.rb +19 -6
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +1 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +2 -3
- data/lib/chef/resource/windows_feature.rb +2 -2
- data/lib/chef/resource/windows_feature_dism.rb +9 -22
- data/lib/chef/resource/windows_feature_powershell.rb +17 -82
- data/lib/chef/resource/windows_firewall_rule.rb +119 -10
- data/lib/chef/resource/windows_font.rb +1 -3
- data/lib/chef/resource/windows_package.rb +13 -4
- data/lib/chef/resource/windows_pagefile.rb +0 -1
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +3 -4
- data/lib/chef/resource/windows_security_policy.rb +90 -0
- data/lib/chef/resource/windows_service.rb +45 -31
- data/lib/chef/resource/windows_share.rb +3 -7
- data/lib/chef/resource/windows_shortcut.rb +0 -1
- data/lib/chef/resource/windows_task.rb +14 -15
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +157 -0
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +3 -1
- data/lib/chef/resource/yum_repository.rb +2 -1
- data/lib/chef/resource/zypper_package.rb +3 -2
- data/lib/chef/resource/zypper_repository.rb +2 -1
- data/lib/chef/resource_builder.rb +8 -0
- data/lib/chef/resource_inspector.rb +6 -6
- data/lib/chef/resource_resolver.rb +7 -14
- data/lib/chef/resources.rb +11 -3
- data/lib/chef/role.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +29 -5
- data/lib/chef/shell.rb +23 -32
- data/lib/chef/shell/shell_session.rb +0 -2
- data/lib/chef/util/diff.rb +1 -1
- data/lib/chef/util/dsc/configuration_generator.rb +1 -1
- data/lib/chef/util/dsc/lcm_output_parser.rb +3 -3
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/version_string.rb +1 -1
- data/lib/chef/win32/api/file.rb +18 -18
- data/lib/chef/win32/api/security.rb +6 -0
- data/lib/chef/win32/file.rb +3 -11
- data/lib/chef/win32/process.rb +2 -2
- data/lib/chef/win32/security.rb +40 -2
- data/spec/functional/assets/inittest +8 -7
- data/spec/functional/knife/ssh_spec.rb +27 -23
- data/spec/functional/resource/aix_service_spec.rb +1 -0
- data/spec/functional/resource/aixinit_service_spec.rb +8 -7
- data/spec/functional/resource/apt_package_spec.rb +1 -0
- data/spec/functional/resource/bff_spec.rb +2 -2
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +11 -29
- data/spec/functional/resource/dnf_package_spec.rb +441 -156
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +184 -134
- data/spec/functional/resource/insserv_spec.rb +6 -5
- data/spec/functional/resource/link_spec.rb +17 -17
- data/spec/functional/resource/locale_spec.rb +13 -2
- data/spec/functional/resource/powershell_script_spec.rb +7 -68
- data/spec/functional/resource/rpm_spec.rb +2 -2
- data/spec/functional/resource/user/dscl_spec.rb +2 -2
- data/spec/functional/resource/user/mac_user_spec.rb +2 -2
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
- data/spec/functional/resource/windows_task_spec.rb +8 -8
- data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
- data/spec/functional/run_lock_spec.rb +1 -2
- data/spec/functional/shell_spec.rb +6 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +0 -6
- data/spec/functional/win32/security_spec.rb +22 -0
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +123 -2
- data/spec/integration/knife/cookbook_show_spec.rb +28 -26
- data/spec/integration/knife/data_bag_show_spec.rb +1 -1
- data/spec/integration/knife/raw_spec.rb +30 -2
- data/spec/integration/knife/show_spec.rb +32 -3
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -5
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/noop_resource_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +50 -21
- data/spec/integration/recipes/notifying_block_spec.rb +9 -6
- data/spec/integration/recipes/provider_choice.rb +2 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +46 -144
- data/spec/integration/recipes/resource_action_spec.rb +16 -11
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -3
- data/spec/integration/recipes/resource_load_spec.rb +133 -13
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +112 -0
- data/spec/integration/solo/solo_spec.rb +3 -3
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +11 -14
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
- data/spec/support/platform_helpers.rb +44 -19
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/recipe_dsl_helper.rb +83 -0
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +3 -3
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -18
- data/spec/support/shared/integration/knife_support.rb +14 -8
- data/spec/unit/application/apply_spec.rb +3 -0
- data/spec/unit/application/client_spec.rb +5 -1
- data/spec/unit/application_spec.rb +1 -9
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +4 -2
- data/spec/unit/client_spec.rb +7 -5
- data/spec/unit/cookbook/gem_installer_spec.rb +3 -4
- data/spec/unit/cookbook/metadata_spec.rb +38 -19
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/data_collector_spec.rb +38 -17
- data/spec/unit/dsl/platform_introspection_spec.rb +0 -1
- data/spec/unit/environment_spec.rb +7 -7
- data/spec/unit/event_dispatch/dispatcher_spec.rb +0 -3
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
- data/spec/unit/knife/bootstrap_spec.rb +36 -54
- data/spec/unit/knife/cookbook_download_spec.rb +4 -4
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +1 -0
- data/spec/unit/knife/cookbook_upload_spec.rb +6 -5
- data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/ui_spec.rb +16 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +8 -68
- data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
- data/spec/unit/knife/role_env_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_env_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/ssh_spec.rb +10 -113
- data/spec/unit/knife/status_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +3 -5
- data/spec/unit/knife_spec.rb +18 -0
- data/spec/unit/lwrp_spec.rb +4 -4
- data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
- data/spec/unit/mixin/securable_spec.rb +1 -0
- data/spec/unit/mixin/user_context_spec.rb +9 -1
- data/spec/unit/node/attribute_spec.rb +2 -2
- data/spec/unit/node_spec.rb +24 -0
- data/spec/unit/platform/query_helpers_spec.rb +0 -143
- data/spec/unit/property/state_spec.rb +12 -7
- data/spec/unit/property/validation_spec.rb +25 -1
- data/spec/unit/property_spec.rb +18 -15
- data/spec/unit/provider/apt_preference_spec.rb +14 -10
- data/spec/unit/provider/apt_repository_spec.rb +9 -11
- data/spec/unit/provider/apt_update_spec.rb +12 -11
- data/spec/unit/provider/cookbook_file_spec.rb +4 -4
- data/spec/unit/provider/cron_spec.rb +2 -2
- data/spec/unit/provider/directory_spec.rb +4 -15
- data/spec/unit/provider/file_spec.rb +4 -4
- data/spec/unit/provider/git_spec.rb +44 -4
- data/spec/unit/provider/link_spec.rb +0 -1
- data/spec/unit/provider/log_spec.rb +3 -3
- data/spec/unit/provider/mdadm_spec.rb +3 -3
- data/spec/unit/provider/osx_profile_spec.rb +2 -2
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +2 -2
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
- data/spec/unit/provider/package/homebrew_spec.rb +280 -174
- data/spec/unit/provider/package/msu_spec.rb +3 -3
- data/spec/unit/provider/package/pacman_spec.rb +65 -147
- data/spec/unit/provider/package/powershell_spec.rb +88 -96
- data/spec/unit/provider/package/rubygems_spec.rb +221 -31
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
- data/spec/unit/provider/package/windows_spec.rb +53 -30
- data/spec/unit/provider/powershell_script_spec.rb +21 -61
- data/spec/unit/provider/remote_file_spec.rb +3 -4
- data/spec/unit/provider/service/arch_service_spec.rb +2 -3
- data/spec/unit/provider/service/debian_service_spec.rb +35 -14
- data/spec/unit/provider/service/gentoo_service_spec.rb +8 -8
- data/spec/unit/provider/service/macosx_spec.rb +210 -214
- data/spec/unit/provider/service/redhat_spec.rb +2 -2
- data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +6 -2
- data/spec/unit/provider/subversion_spec.rb +4 -2
- data/spec/unit/provider/systemd_unit_spec.rb +24 -28
- data/spec/unit/provider/template_spec.rb +3 -4
- data/spec/unit/provider/zypper_repository_spec.rb +25 -75
- data/spec/unit/provider_resolver_spec.rb +11 -11
- data/spec/unit/provider_spec.rb +0 -1
- data/spec/unit/recipe_spec.rb +68 -0
- data/spec/unit/resource/alternatives_spec.rb +120 -0
- data/spec/unit/resource/apt_preference_spec.rb +0 -18
- data/spec/unit/resource/apt_repository_spec.rb +0 -18
- data/spec/unit/resource/apt_update_spec.rb +0 -18
- data/spec/unit/resource/archive_file_spec.rb +2 -11
- data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
- data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
- data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
- data/spec/unit/resource/cron_d_spec.rb +6 -48
- data/spec/unit/resource/cron_spec.rb +4 -10
- data/spec/unit/resource/gem_package_spec.rb +3 -3
- data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
- data/spec/unit/resource/link_spec.rb +0 -4
- data/spec/unit/resource/locale_spec.rb +0 -34
- data/spec/unit/resource/ohai_spec.rb +56 -2
- data/spec/unit/resource/plist_spec.rb +130 -0
- data/spec/unit/resource/powershell_script_spec.rb +0 -5
- data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
- data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
- data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
- data/spec/unit/resource/service_spec.rb +4 -0
- data/spec/unit/resource/user_spec.rb +2 -2
- data/spec/unit/resource/user_ulimit_spec.rb +53 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
- data/spec/unit/resource/windows_feature_powershell_spec.rb +6 -47
- data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
- data/spec/unit/resource/windows_package_spec.rb +4 -1
- data/spec/unit/resource/windows_service_spec.rb +9 -0
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +2 -2
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_reporter_spec.rb +1 -5
- data/spec/unit/resource_spec.rb +11 -4
- data/spec/unit/role_spec.rb +11 -11
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_context_spec.rb +1 -1
- data/spec/unit/search/query_spec.rb +1 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +0 -9
- data/spec/unit/win32/security_spec.rb +3 -4
- data/tasks/rspec.rb +1 -1
- metadata +116 -87
- data/lib/chef/dsl/core.rb +0 -52
- data/lib/chef/knife/cookbook_site_share.rb +0 -41
- data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
- data/lib/chef/provider/apt_preference.rb +0 -93
- data/lib/chef/provider/apt_repository.rb +0 -358
- data/lib/chef/provider/apt_update.rb +0 -79
- data/lib/chef/provider/log.rb +0 -43
- data/lib/chef/provider/mdadm.rb +0 -85
- data/lib/chef/provider/ohai.rb +0 -45
- data/lib/chef/resource/git.rb +0 -37
- data/spec/functional/resource/windows_font_spec.rb +0 -49
- data/spec/unit/provider/ohai_spec.rb +0 -84
data/lib/chef/formatters/doc.rb
CHANGED
@@ -273,7 +273,7 @@ class Chef
|
|
273
273
|
# Called when a resource has no converge actions, e.g., it was already correct.
|
274
274
|
def resource_up_to_date(resource, action)
|
275
275
|
@up_to_date_resources += 1
|
276
|
-
puts " (up to date)", stream: resource
|
276
|
+
puts " (up to date)", stream: resource unless resource.suppress_up_to_date_messages?
|
277
277
|
unindent
|
278
278
|
end
|
279
279
|
|
@@ -46,7 +46,7 @@ class Chef
|
|
46
46
|
when Chef::Exceptions::PrivateKeyMissing
|
47
47
|
error_description.section("Private Key Not Found:", <<~E)
|
48
48
|
Your private key could not be loaded. If the key file exists, ensure that it is
|
49
|
-
readable by #{Chef::Dist::
|
49
|
+
readable by #{Chef::Dist::CLIENT}.
|
50
50
|
E
|
51
51
|
error_description.section("Relevant Config Settings:", <<~E)
|
52
52
|
client_key "#{api_key}"
|
@@ -99,7 +99,7 @@ class Chef
|
|
99
99
|
# redirect.
|
100
100
|
def describe_404_error(error_description)
|
101
101
|
error_description.section("Resource Not Found:", <<~E)
|
102
|
-
The
|
102
|
+
The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
|
103
103
|
E
|
104
104
|
error_description.section("Relevant Config Settings:", <<~E)
|
105
105
|
chef_server_url "#{server_url}"
|
@@ -28,7 +28,7 @@ class Chef
|
|
28
28
|
humanize_http_exception(error_description)
|
29
29
|
when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
|
30
30
|
error_description.section("Network Error:", <<~E)
|
31
|
-
There was a network error connecting to the
|
31
|
+
There was a network error connecting to the Chef Server:
|
32
32
|
#{exception.message}
|
33
33
|
E
|
34
34
|
error_description.section("Relevant Config Settings:", <<~E)
|
@@ -39,14 +39,14 @@ class Chef
|
|
39
39
|
when Chef::Exceptions::PrivateKeyMissing
|
40
40
|
error_description.section("Private Key Not Found:", <<~E)
|
41
41
|
Your private key could not be loaded. If the key file exists, ensure that it is
|
42
|
-
readable by #{Chef::Dist::
|
42
|
+
readable by #{Chef::Dist::CLIENT}.
|
43
43
|
E
|
44
44
|
error_description.section("Relevant Config Settings:", <<~E)
|
45
45
|
validation_key "#{api_key}"
|
46
46
|
E
|
47
47
|
when Chef::Exceptions::InvalidRedirect
|
48
48
|
error_description.section("Invalid Redirect:", <<~E)
|
49
|
-
Change your
|
49
|
+
Change your server location in client.rb to the server's FQDN to avoid unwanted redirections.
|
50
50
|
E
|
51
51
|
when EOFError
|
52
52
|
describe_eof_error(error_description)
|
@@ -61,13 +61,13 @@ class Chef
|
|
61
61
|
when Net::HTTPUnauthorized
|
62
62
|
if clock_skew?
|
63
63
|
error_description.section("Authentication Error:", <<~E)
|
64
|
-
Failed to authenticate to the
|
64
|
+
Failed to authenticate to the chef server (http 401).
|
65
65
|
The request failed because your clock has drifted by more than 15 minutes.
|
66
66
|
Syncing your clock to an NTP Time source should resolve the issue.
|
67
67
|
E
|
68
68
|
else
|
69
69
|
error_description.section("Authentication Error:", <<~E)
|
70
|
-
Failed to authenticate to the
|
70
|
+
Failed to authenticate to the chef server (http 401).
|
71
71
|
E
|
72
72
|
|
73
73
|
error_description.section("Server Response:", format_rest_error)
|
@@ -81,7 +81,7 @@ class Chef
|
|
81
81
|
end
|
82
82
|
when Net::HTTPForbidden
|
83
83
|
error_description.section("Authorization Error:", <<~E)
|
84
|
-
Your validation client is not authorized to create the client for this node
|
84
|
+
Your validation client is not authorized to create the client for this node (HTTP 403).
|
85
85
|
E
|
86
86
|
error_description.section("Possible Causes:", <<~E)
|
87
87
|
* There may already be a client named "#{config[:node_name]}"
|
@@ -94,7 +94,7 @@ class Chef
|
|
94
94
|
error_description.section("Server Response:", format_rest_error)
|
95
95
|
when Net::HTTPNotFound
|
96
96
|
error_description.section("Resource Not Found:", <<~E)
|
97
|
-
The
|
97
|
+
The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
|
98
98
|
E
|
99
99
|
error_description.section("Relevant Config Settings:", <<~E)
|
100
100
|
chef_server_url "#{server_url}"
|
@@ -17,23 +17,14 @@ class Chef
|
|
17
17
|
@semaphore = Mutex.new
|
18
18
|
end
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
20
|
+
# pastel.decorate is a lightweight replacement for highline.color
|
21
|
+
def pastel
|
22
|
+
@pastel ||= begin
|
23
|
+
require "pastel"
|
24
|
+
Pastel.new
|
24
25
|
end
|
25
26
|
end
|
26
27
|
|
27
|
-
# Print text. This will start a new line and indent if necessary
|
28
|
-
# but will not terminate the line (future print and puts statements
|
29
|
-
# will start off where this print left off).
|
30
|
-
#
|
31
|
-
# @param string [String]
|
32
|
-
# @param args [Array<Hash,Symbol>]
|
33
|
-
def color(string, *args)
|
34
|
-
print(string, from_args(args))
|
35
|
-
end
|
36
|
-
|
37
28
|
# Print the start of a new line. This will terminate any existing lines and
|
38
29
|
# cause indentation but will not move to the next line yet (future 'print'
|
39
30
|
# and 'puts' statements will stay on this line).
|
@@ -83,7 +74,7 @@ class Chef
|
|
83
74
|
#
|
84
75
|
# == Alternative
|
85
76
|
#
|
86
|
-
# You may also call print('string', :red) (
|
77
|
+
# You may also call print('string', :red) (https://github.com/piotrmurach/pastel#3-supported-colors)
|
87
78
|
def print(string, *args)
|
88
79
|
options = from_args(args)
|
89
80
|
|
@@ -140,7 +131,7 @@ class Chef
|
|
140
131
|
end
|
141
132
|
|
142
133
|
if Chef::Config[:color] && options[:colors]
|
143
|
-
@out.print
|
134
|
+
@out.print pastel.decorate(line, *options[:colors])
|
144
135
|
else
|
145
136
|
@out.print line
|
146
137
|
end
|
data/lib/chef/http.rb
CHANGED
@@ -22,8 +22,7 @@
|
|
22
22
|
#
|
23
23
|
|
24
24
|
require "tempfile" unless defined?(Tempfile)
|
25
|
-
require "
|
26
|
-
require "net/http" unless defined?(Net::HTTP)
|
25
|
+
require "net/https"
|
27
26
|
require "uri" unless defined?(URI)
|
28
27
|
require_relative "http/basic_client"
|
29
28
|
require_relative "monkey_patches/net_http"
|
@@ -21,6 +21,7 @@
|
|
21
21
|
# limitations under the License.
|
22
22
|
#
|
23
23
|
require "uri" unless defined?(URI)
|
24
|
+
require "cgi" unless defined?(CGI)
|
24
25
|
require "net/http" unless defined?(Net::HTTP)
|
25
26
|
require_relative "../dist"
|
26
27
|
|
@@ -176,8 +177,8 @@ class Chef
|
|
176
177
|
@http_request.body = request_body if request_body && @http_request.request_body_permitted?
|
177
178
|
# Optionally handle HTTP Basic Authentication
|
178
179
|
if url.user
|
179
|
-
user =
|
180
|
-
password =
|
180
|
+
user = CGI.unescape(url.user)
|
181
|
+
password = CGI.unescape(url.password) if url.password
|
181
182
|
@http_request.basic_auth(user, password)
|
182
183
|
end
|
183
184
|
|
data/lib/chef/knife.rb
CHANGED
@@ -279,12 +279,10 @@ class Chef
|
|
279
279
|
|
280
280
|
if CHEF_ORGANIZATION_MANAGEMENT.include?(args[0])
|
281
281
|
list_commands("CHEF ORGANIZATION MANAGEMENT")
|
282
|
-
elsif OPSCODE_HOSTED_CHEF_ACCESS_CONTROL.include?(args[0])
|
283
|
-
list_commands("OPSCODE HOSTED CHEF ACCESS CONTROL")
|
284
282
|
elsif category_commands = guess_category(args)
|
285
283
|
list_commands(category_commands)
|
286
284
|
elsif OFFICIAL_PLUGINS.include?(args[0]) # command was an uninstalled official chef knife plugin
|
287
|
-
ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into
|
285
|
+
ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into Chef Workstation")
|
288
286
|
else
|
289
287
|
list_commands
|
290
288
|
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class AclAdd < Chef::Knife
|
25
|
+
category "acl"
|
26
|
+
banner "knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
|
27
|
+
|
28
|
+
deps do
|
29
|
+
require_relative "acl_base"
|
30
|
+
include Chef::Knife::AclBase
|
31
|
+
end
|
32
|
+
|
33
|
+
def run
|
34
|
+
member_type, member_name, object_type, object_name, perms = name_args
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
unless %w{client group}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
44
|
+
ui.fatal " See the knife-acl README for more information."
|
45
|
+
exit 1
|
46
|
+
end
|
47
|
+
validate_perm_type!(perms)
|
48
|
+
validate_member_name!(member_name)
|
49
|
+
validate_object_name!(object_name)
|
50
|
+
validate_object_type!(object_type)
|
51
|
+
validate_member_exists!(member_type, member_name)
|
52
|
+
|
53
|
+
add_to_acl!(member_type, member_name, object_type, object_name, perms)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,183 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
module AclBase
|
25
|
+
|
26
|
+
PERM_TYPES = %w{create read update delete grant}.freeze unless defined? PERM_TYPES
|
27
|
+
MEMBER_TYPES = %w{client group user}.freeze unless defined? MEMBER_TYPES
|
28
|
+
OBJECT_TYPES = %w{clients containers cookbooks data environments groups nodes roles policies policy_groups}.freeze unless defined? OBJECT_TYPES
|
29
|
+
OBJECT_NAME_SPEC = /^[\-[:alnum:]_\.]+$/.freeze unless defined? OBJECT_NAME_SPEC
|
30
|
+
|
31
|
+
def validate_object_type!(type)
|
32
|
+
unless OBJECT_TYPES.include?(type)
|
33
|
+
ui.fatal "Unknown object type \"#{type}\". The following types are permitted: #{OBJECT_TYPES.join(", ")}"
|
34
|
+
exit 1
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def validate_object_name!(name)
|
39
|
+
unless OBJECT_NAME_SPEC.match(name)
|
40
|
+
ui.fatal "Invalid name: #{name}"
|
41
|
+
exit 1
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def validate_member_type!(type)
|
46
|
+
unless MEMBER_TYPES.include?(type)
|
47
|
+
ui.fatal "Unknown member type \"#{type}\". The following types are permitted: #{MEMBER_TYPES.join(", ")}"
|
48
|
+
exit 1
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def validate_member_name!(name)
|
53
|
+
# Same rules apply to objects and members
|
54
|
+
validate_object_name!(name)
|
55
|
+
end
|
56
|
+
|
57
|
+
def validate_perm_type!(perms)
|
58
|
+
perms.split(",").each do |perm|
|
59
|
+
unless PERM_TYPES.include?(perm)
|
60
|
+
ui.fatal "Invalid permission \"#{perm}\". The following permissions are permitted: #{PERM_TYPES.join(",")}"
|
61
|
+
exit 1
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def validate_member_exists!(member_type, member_name)
|
67
|
+
true if rest.get_rest("#{member_type}s/#{member_name}")
|
68
|
+
rescue NameError
|
69
|
+
# ignore "NameError: uninitialized constant Chef::ApiClient" when finding a client
|
70
|
+
true
|
71
|
+
rescue
|
72
|
+
ui.fatal "#{member_type} '#{member_name}' does not exist"
|
73
|
+
exit 1
|
74
|
+
end
|
75
|
+
|
76
|
+
def is_usag?(gname)
|
77
|
+
gname.length == 32 && gname =~ /^[0-9a-f]+$/
|
78
|
+
end
|
79
|
+
|
80
|
+
def get_acl(object_type, object_name)
|
81
|
+
rest.get_rest("#{object_type}/#{object_name}/_acl?detail=granular")
|
82
|
+
end
|
83
|
+
|
84
|
+
def get_ace(object_type, object_name, perm)
|
85
|
+
get_acl(object_type, object_name)[perm]
|
86
|
+
end
|
87
|
+
|
88
|
+
def add_to_acl!(member_type, member_name, object_type, object_name, perms)
|
89
|
+
acl = get_acl(object_type, object_name)
|
90
|
+
perms.split(",").each do |perm|
|
91
|
+
ui.msg "Adding '#{member_name}' to '#{perm}' ACE of '#{object_name}'"
|
92
|
+
ace = acl[perm]
|
93
|
+
|
94
|
+
case member_type
|
95
|
+
when "client", "user"
|
96
|
+
# Our PUT body depends on the type of reply we get from _acl?detail=granular
|
97
|
+
# When the server replies with json attributes 'users' and 'clients',
|
98
|
+
# we'll want to modify entries under the same keys they arrived.- their presence
|
99
|
+
# in the body tells us that CS will accept them in a PUT.
|
100
|
+
# Older version of chef-server will continue to use 'actors' for a combined list
|
101
|
+
# and expect the same in the body.
|
102
|
+
key = "#{member_type}s"
|
103
|
+
key = "actors" unless ace.key? key
|
104
|
+
next if ace[key].include?(member_name)
|
105
|
+
|
106
|
+
ace[key] << member_name
|
107
|
+
when "group"
|
108
|
+
next if ace["groups"].include?(member_name)
|
109
|
+
|
110
|
+
ace["groups"] << member_name
|
111
|
+
end
|
112
|
+
|
113
|
+
update_ace!(object_type, object_name, perm, ace)
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
def remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
118
|
+
acl = get_acl(object_type, object_name)
|
119
|
+
perms.split(",").each do |perm|
|
120
|
+
ui.msg "Removing '#{member_name}' from '#{perm}' ACE of '#{object_name}'"
|
121
|
+
ace = acl[perm]
|
122
|
+
|
123
|
+
case member_type
|
124
|
+
when "client", "user"
|
125
|
+
key = "#{member_type}s"
|
126
|
+
key = "actors" unless ace.key? key
|
127
|
+
next unless ace[key].include?(member_name)
|
128
|
+
|
129
|
+
ace[key].delete(member_name)
|
130
|
+
when "group"
|
131
|
+
next unless ace["groups"].include?(member_name)
|
132
|
+
|
133
|
+
ace["groups"].delete(member_name)
|
134
|
+
end
|
135
|
+
|
136
|
+
update_ace!(object_type, object_name, perm, ace)
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
def update_ace!(object_type, object_name, ace_type, ace)
|
141
|
+
rest.put_rest("#{object_type}/#{object_name}/_acl/#{ace_type}", ace_type => ace)
|
142
|
+
end
|
143
|
+
|
144
|
+
def add_to_group!(member_type, member_name, group_name)
|
145
|
+
validate_member_exists!(member_type, member_name)
|
146
|
+
existing_group = rest.get_rest("groups/#{group_name}")
|
147
|
+
ui.msg "Adding '#{member_name}' to '#{group_name}' group"
|
148
|
+
unless existing_group["#{member_type}s"].include?(member_name)
|
149
|
+
existing_group["#{member_type}s"] << member_name
|
150
|
+
new_group = {
|
151
|
+
"groupname" => existing_group["groupname"],
|
152
|
+
"orgname" => existing_group["orgname"],
|
153
|
+
"actors" => {
|
154
|
+
"users" => existing_group["users"],
|
155
|
+
"clients" => existing_group["clients"],
|
156
|
+
"groups" => existing_group["groups"],
|
157
|
+
},
|
158
|
+
}
|
159
|
+
rest.put_rest("groups/#{group_name}", new_group)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
def remove_from_group!(member_type, member_name, group_name)
|
164
|
+
validate_member_exists!(member_type, member_name)
|
165
|
+
existing_group = rest.get_rest("groups/#{group_name}")
|
166
|
+
ui.msg "Removing '#{member_name}' from '#{group_name}' group"
|
167
|
+
if existing_group["#{member_type}s"].include?(member_name)
|
168
|
+
existing_group["#{member_type}s"].delete(member_name)
|
169
|
+
new_group = {
|
170
|
+
"groupname" => existing_group["groupname"],
|
171
|
+
"orgname" => existing_group["orgname"],
|
172
|
+
"actors" => {
|
173
|
+
"users" => existing_group["users"],
|
174
|
+
"clients" => existing_group["clients"],
|
175
|
+
"groups" => existing_group["groups"],
|
176
|
+
},
|
177
|
+
}
|
178
|
+
rest.put_rest("groups/#{group_name}", new_group)
|
179
|
+
end
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
@@ -0,0 +1,78 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclBulkAdd < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
member_type, member_name, object_type, regex, perms = name_args
|
34
|
+
object_name_matcher = /#{regex}/
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
unless %w{client group}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
44
|
+
ui.fatal " See the knife-acl README for more information."
|
45
|
+
exit 1
|
46
|
+
end
|
47
|
+
validate_perm_type!(perms)
|
48
|
+
validate_member_name!(member_name)
|
49
|
+
validate_object_type!(object_type)
|
50
|
+
validate_member_exists!(member_type, member_name)
|
51
|
+
|
52
|
+
if %w{containers groups}.include?(object_type)
|
53
|
+
ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
|
54
|
+
exit 1
|
55
|
+
end
|
56
|
+
|
57
|
+
objects_to_modify = []
|
58
|
+
all_objects = rest.get_rest(object_type)
|
59
|
+
objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
|
60
|
+
|
61
|
+
if objects_to_modify.empty?
|
62
|
+
ui.info "No #{object_type} match the expression /#{regex}/"
|
63
|
+
exit 0
|
64
|
+
end
|
65
|
+
|
66
|
+
ui.msg("The ACL of the following #{object_type} will be modified:")
|
67
|
+
ui.msg("")
|
68
|
+
ui.msg(ui.list(objects_to_modify.sort, :columns_down))
|
69
|
+
ui.msg("")
|
70
|
+
ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
|
71
|
+
|
72
|
+
objects_to_modify.each do |object_name|
|
73
|
+
add_to_acl!(member_type, member_name, object_type, object_name, perms)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|