chef 15.17.4-universal-mingw32 → 16.0.257-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +14 -20
- data/README.md +6 -6
- data/Rakefile +18 -23
- data/chef-universal-mingw32.gemspec +4 -4
- data/chef.gemspec +10 -26
- data/distro/powershell/chef/chef.psm1 +3 -3
- data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
- data/lib/chef/action_collection.rb +16 -5
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +33 -54
- data/lib/chef/application/apply.rb +20 -3
- data/lib/chef/application/base.rb +8 -3
- data/lib/chef/application/exit_code.rb +2 -2
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/chef_class.rb +4 -4
- data/lib/chef/chef_fs/chef_fs_data_store.rb +3 -3
- data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +0 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +5 -5
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +3 -3
- data/lib/chef/client.rb +16 -14
- data/lib/chef/config.rb +1 -1
- data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +45 -22
- data/lib/chef/cookbook_version.rb +40 -5
- data/lib/chef/data_bag.rb +2 -2
- data/lib/chef/data_collector/error_handlers.rb +1 -1
- data/lib/chef/data_collector/run_end_message.rb +7 -1
- data/lib/chef/deprecated.rb +1 -9
- data/lib/chef/dist.rb +8 -0
- data/lib/chef/dsl/chef_vault.rb +84 -0
- data/lib/chef/dsl/declare_resource.rb +7 -5
- data/lib/chef/dsl/platform_introspection.rb +2 -3
- data/lib/chef/dsl/recipe.rb +7 -12
- data/lib/chef/dsl/universal.rb +3 -7
- data/lib/chef/environment.rb +2 -2
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +0 -3
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +7 -7
- data/lib/chef/formatters/indentable_output_stream.rb +7 -16
- data/lib/chef/http.rb +1 -2
- data/lib/chef/http/http_request.rb +3 -2
- data/lib/chef/knife.rb +1 -3
- data/lib/chef/knife/acl_add.rb +57 -0
- data/lib/chef/knife/acl_base.rb +183 -0
- data/lib/chef/knife/acl_bulk_add.rb +78 -0
- data/lib/chef/knife/acl_bulk_remove.rb +83 -0
- data/lib/chef/knife/acl_remove.rb +62 -0
- data/lib/chef/knife/acl_show.rb +56 -0
- data/lib/chef/knife/bootstrap.rb +93 -97
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +20 -20
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +13 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +0 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/core/bootstrap_context.rb +63 -60
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +4 -3
- data/lib/chef/knife/core/hashed_command_loader.rb +2 -3
- data/lib/chef/knife/core/node_presenter.rb +2 -2
- data/lib/chef/knife/core/status_presenter.rb +5 -5
- data/lib/chef/knife/core/subcommand_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +17 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +45 -58
- data/lib/chef/knife/data_bag_secret_options.rb +18 -45
- data/lib/chef/knife/environment_compare.rb +1 -1
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/group_add.rb +55 -0
- data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
- data/lib/chef/knife/group_destroy.rb +53 -0
- data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
- data/lib/chef/knife/group_remove.rb +56 -0
- data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
- data/lib/chef/knife/list.rb +1 -1
- data/lib/chef/knife/ssh.rb +12 -50
- data/lib/chef/knife/status.rb +3 -3
- data/lib/chef/knife/supermarket_download.rb +1 -2
- data/lib/chef/knife/supermarket_install.rb +1 -2
- data/lib/chef/knife/supermarket_list.rb +1 -2
- data/lib/chef/knife/supermarket_search.rb +1 -2
- data/lib/chef/knife/supermarket_share.rb +1 -2
- data/lib/chef/knife/supermarket_show.rb +1 -2
- data/lib/chef/knife/supermarket_unshare.rb +1 -2
- data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
- data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
- data/lib/chef/knife/user_invite_list.rb +34 -0
- data/lib/chef/knife/user_invite_recind.rb +63 -0
- data/lib/chef/knife/yaml_convert.rb +91 -0
- data/lib/chef/log.rb +1 -1
- data/lib/chef/mixin/create_path.rb +8 -8
- data/lib/chef/mixin/openssl_helper.rb +3 -26
- data/lib/chef/mixin/powershell_exec.rb +10 -1
- data/lib/chef/mixin/powershell_out.rb +1 -1
- data/lib/chef/mixin/properties.rb +13 -1
- data/lib/chef/mixin/shell_out.rb +0 -4
- data/lib/chef/mixin/template.rb +0 -1
- data/lib/chef/monkey_patches/net_http.rb +0 -4
- data/lib/chef/node.rb +18 -6
- data/lib/chef/node/mixin/deep_merge_cache.rb +7 -7
- data/lib/chef/node/mixin/immutablize_array.rb +4 -0
- data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
- data/lib/chef/node_map.rb +7 -36
- data/lib/chef/platform/priority_map.rb +4 -4
- data/lib/chef/platform/query_helpers.rb +6 -34
- data/lib/chef/powershell.rb +14 -0
- data/lib/chef/property.rb +22 -4
- data/lib/chef/provider.rb +40 -6
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/dsc_resource.rb +1 -1
- data/lib/chef/provider/dsc_script.rb +1 -1
- data/lib/chef/provider/execute.rb +2 -8
- data/lib/chef/provider/file.rb +5 -5
- data/lib/chef/provider/git.rb +84 -27
- data/lib/chef/provider/group.rb +4 -4
- data/lib/chef/provider/http_request.rb +6 -6
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/launchd.rb +36 -51
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/mount/solaris.rb +1 -0
- data/lib/chef/provider/osx_profile.rb +7 -3
- data/lib/chef/provider/package.rb +2 -2
- data/lib/chef/provider/package/cab.rb +3 -4
- data/lib/chef/provider/package/chocolatey.rb +1 -3
- data/lib/chef/provider/package/dnf.rb +66 -10
- data/lib/chef/provider/package/dnf/dnf_helper.py +84 -30
- data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
- data/lib/chef/provider/package/dnf/version.rb +5 -1
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -3
- data/lib/chef/provider/package/homebrew.rb +106 -42
- data/lib/chef/provider/package/msu.rb +3 -1
- data/lib/chef/provider/package/pacman.rb +25 -34
- data/lib/chef/provider/package/powershell.rb +2 -6
- data/lib/chef/provider/package/rubygems.rb +29 -2
- data/lib/chef/provider/package/snap.rb +27 -96
- data/lib/chef/provider/package/windows.rb +3 -2
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/yum.rb +0 -8
- data/lib/chef/provider/package/yum/yum_helper.py +0 -4
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +4 -10
- data/lib/chef/provider/registry_key.rb +4 -4
- data/lib/chef/provider/remote_directory.rb +3 -3
- data/lib/chef/provider/remote_file/ftp.rb +3 -2
- data/lib/chef/provider/remote_file/local_file.rb +2 -1
- data/lib/chef/provider/remote_file/sftp.rb +3 -2
- data/lib/chef/provider/route.rb +5 -3
- data/lib/chef/provider/ruby_block.rb +1 -1
- data/lib/chef/provider/script.rb +2 -2
- data/lib/chef/provider/service.rb +8 -8
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/arch.rb +2 -2
- data/lib/chef/provider/service/debian.rb +31 -29
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +7 -12
- data/lib/chef/provider/service/openbsd.rb +1 -1
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/simple.rb +3 -3
- data/lib/chef/provider/service/systemd.rb +12 -12
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +5 -11
- data/lib/chef/provider/subversion.rb +25 -5
- data/lib/chef/provider/systemd_unit.rb +26 -25
- data/lib/chef/provider/user.rb +6 -6
- data/lib/chef/provider/user/dscl.rb +3 -3
- data/lib/chef/provider/user/mac.rb +10 -9
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
- data/lib/chef/provider/windows_env.rb +3 -3
- data/lib/chef/provider/windows_script.rb +2 -2
- data/lib/chef/provider/windows_task.rb +7 -9
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +11 -31
- data/lib/chef/providers.rb +0 -6
- data/lib/chef/recipe.rb +36 -0
- data/lib/chef/resource.rb +41 -56
- data/lib/chef/resource/action_class.rb +24 -22
- data/lib/chef/resource/alternatives.rb +149 -0
- data/lib/chef/resource/apt_package.rb +2 -1
- data/lib/chef/resource/apt_preference.rb +69 -2
- data/lib/chef/resource/apt_repository.rb +337 -5
- data/lib/chef/resource/apt_update.rb +52 -1
- data/lib/chef/resource/archive_file.rb +9 -29
- data/lib/chef/resource/bash.rb +2 -0
- data/lib/chef/resource/bff_package.rb +9 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +42 -48
- data/lib/chef/resource/cab_package.rb +8 -1
- data/lib/chef/resource/chef_client_cron.rb +225 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +198 -0
- data/lib/chef/resource/chef_client_systemd_timer.rb +177 -0
- data/lib/chef/resource/chef_gem.rb +9 -16
- data/lib/chef/resource/chef_handler.rb +2 -1
- data/lib/chef/resource/chef_sleep.rb +0 -1
- data/lib/chef/resource/chef_vault_secret.rb +135 -0
- data/lib/chef/resource/chocolatey_config.rb +3 -1
- data/lib/chef/resource/chocolatey_feature.rb +2 -1
- data/lib/chef/resource/chocolatey_package.rb +2 -1
- data/lib/chef/resource/chocolatey_source.rb +2 -1
- data/lib/chef/resource/cookbook_file.rb +1 -1
- data/lib/chef/resource/cron.rb +22 -68
- data/lib/chef/resource/cron_access.rb +8 -15
- data/lib/chef/resource/cron_d.rb +9 -75
- data/lib/chef/resource/csh.rb +2 -0
- data/lib/chef/resource/directory.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +4 -4
- data/lib/chef/resource/dnf_package.rb +2 -3
- data/lib/chef/resource/dpkg_package.rb +2 -1
- data/lib/chef/resource/dsc_resource.rb +6 -4
- data/lib/chef/resource/dsc_script.rb +3 -2
- data/lib/chef/resource/execute.rb +13 -12
- data/lib/chef/resource/file.rb +3 -1
- data/lib/chef/resource/freebsd_package.rb +2 -1
- data/lib/chef/resource/gem_package.rb +14 -6
- data/lib/chef/resource/group.rb +4 -1
- data/lib/chef/resource/helpers/cron_validations.rb +98 -0
- data/lib/chef/resource/homebrew_cask.rb +5 -4
- data/lib/chef/resource/homebrew_package.rb +4 -2
- data/lib/chef/resource/homebrew_tap.rb +2 -1
- data/lib/chef/resource/hostname.rb +41 -36
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +1 -1
- data/lib/chef/resource/ips_package.rb +10 -2
- data/lib/chef/resource/kernel_module.rb +29 -29
- data/lib/chef/resource/ksh.rb +2 -0
- data/lib/chef/resource/launchd.rb +6 -6
- data/lib/chef/resource/link.rb +1 -23
- data/lib/chef/resource/locale.rb +58 -24
- data/lib/chef/resource/log.rb +12 -1
- data/lib/chef/resource/lwrp_base.rb +1 -8
- data/lib/chef/resource/macos_userdefaults.rb +9 -6
- data/lib/chef/resource/macosx_service.rb +2 -1
- data/lib/chef/resource/macports_package.rb +10 -2
- data/lib/chef/resource/mdadm.rb +62 -2
- data/lib/chef/resource/mount.rb +3 -0
- data/lib/chef/resource/msu_package.rb +13 -1
- data/lib/chef/resource/notify_group.rb +8 -3
- data/lib/chef/resource/ohai.rb +19 -3
- data/lib/chef/resource/ohai_hint.rb +3 -12
- data/lib/chef/resource/openbsd_package.rb +9 -1
- data/lib/chef/resource/openssl_dhparam.rb +10 -1
- data/lib/chef/resource/openssl_ec_private_key.rb +23 -1
- data/lib/chef/resource/openssl_ec_public_key.rb +21 -1
- data/lib/chef/resource/openssl_rsa_private_key.rb +20 -1
- data/lib/chef/resource/openssl_rsa_public_key.rb +22 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +37 -1
- data/lib/chef/resource/openssl_x509_crl.rb +12 -1
- data/lib/chef/resource/openssl_x509_request.rb +37 -1
- data/lib/chef/resource/osx_profile.rb +3 -2
- data/lib/chef/resource/package.rb +2 -1
- data/lib/chef/resource/pacman_package.rb +2 -1
- data/lib/chef/resource/paludis_package.rb +12 -3
- data/lib/chef/resource/perl.rb +2 -0
- data/lib/chef/resource/plist.rb +207 -0
- data/lib/chef/resource/portage_package.rb +13 -3
- data/lib/chef/resource/powershell_package.rb +1 -3
- data/lib/chef/resource/powershell_package_source.rb +3 -1
- data/lib/chef/resource/powershell_script.rb +7 -17
- data/lib/chef/resource/python.rb +2 -0
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +1 -2
- data/lib/chef/resource/remote_directory.rb +2 -0
- data/lib/chef/resource/remote_file.rb +2 -0
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +2 -1
- data/lib/chef/resource/rhsm_repo.rb +3 -1
- data/lib/chef/resource/rhsm_subscription.rb +4 -1
- data/lib/chef/resource/route.rb +5 -1
- data/lib/chef/resource/rpm_package.rb +9 -2
- data/lib/chef/resource/ruby.rb +2 -0
- data/lib/chef/resource/ruby_block.rb +1 -1
- data/lib/chef/resource/scm/_scm.rb +48 -0
- data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
- data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +8 -5
- data/lib/chef/resource/script.rb +6 -3
- data/lib/chef/resource/service.rb +6 -7
- data/lib/chef/resource/smartos_package.rb +9 -1
- data/lib/chef/resource/snap_package.rb +3 -1
- data/lib/chef/resource/solaris_package.rb +9 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
- data/lib/chef/resource/sudo.rb +9 -9
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -2
- data/lib/chef/resource/support/ulimit.erb +41 -0
- data/lib/chef/resource/swap_file.rb +5 -3
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +4 -2
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +7 -18
- data/lib/chef/resource/user.rb +1 -3
- data/lib/chef/resource/user/aix_user.rb +0 -2
- data/lib/chef/resource/user/dscl_user.rb +1 -1
- data/lib/chef/resource/user/linux_user.rb +0 -2
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user/pw_user.rb +0 -2
- data/lib/chef/resource/user/solaris_user.rb +0 -2
- data/lib/chef/resource/user/windows_user.rb +0 -2
- data/lib/chef/resource/user_ulimit.rb +114 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
- data/lib/chef/resource/windows_ad_join.rb +19 -6
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +1 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +2 -3
- data/lib/chef/resource/windows_feature.rb +2 -2
- data/lib/chef/resource/windows_feature_dism.rb +9 -22
- data/lib/chef/resource/windows_feature_powershell.rb +17 -82
- data/lib/chef/resource/windows_firewall_rule.rb +119 -10
- data/lib/chef/resource/windows_font.rb +1 -3
- data/lib/chef/resource/windows_package.rb +13 -4
- data/lib/chef/resource/windows_pagefile.rb +0 -1
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +3 -4
- data/lib/chef/resource/windows_security_policy.rb +90 -0
- data/lib/chef/resource/windows_service.rb +45 -31
- data/lib/chef/resource/windows_share.rb +3 -7
- data/lib/chef/resource/windows_shortcut.rb +0 -1
- data/lib/chef/resource/windows_task.rb +14 -15
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +157 -0
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +3 -1
- data/lib/chef/resource/yum_repository.rb +2 -1
- data/lib/chef/resource/zypper_package.rb +3 -2
- data/lib/chef/resource/zypper_repository.rb +2 -1
- data/lib/chef/resource_builder.rb +8 -0
- data/lib/chef/resource_inspector.rb +6 -6
- data/lib/chef/resource_resolver.rb +7 -14
- data/lib/chef/resources.rb +11 -3
- data/lib/chef/role.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +29 -5
- data/lib/chef/shell.rb +23 -32
- data/lib/chef/shell/shell_session.rb +0 -2
- data/lib/chef/util/diff.rb +1 -1
- data/lib/chef/util/dsc/configuration_generator.rb +1 -1
- data/lib/chef/util/dsc/lcm_output_parser.rb +3 -3
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/version_string.rb +1 -1
- data/lib/chef/win32/api/file.rb +18 -18
- data/lib/chef/win32/api/security.rb +6 -0
- data/lib/chef/win32/file.rb +3 -11
- data/lib/chef/win32/process.rb +2 -2
- data/lib/chef/win32/security.rb +40 -2
- data/spec/functional/assets/inittest +8 -7
- data/spec/functional/knife/ssh_spec.rb +27 -23
- data/spec/functional/resource/aix_service_spec.rb +1 -0
- data/spec/functional/resource/aixinit_service_spec.rb +8 -7
- data/spec/functional/resource/apt_package_spec.rb +1 -0
- data/spec/functional/resource/bff_spec.rb +2 -2
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +11 -29
- data/spec/functional/resource/dnf_package_spec.rb +441 -156
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +184 -134
- data/spec/functional/resource/insserv_spec.rb +6 -5
- data/spec/functional/resource/link_spec.rb +17 -17
- data/spec/functional/resource/locale_spec.rb +13 -2
- data/spec/functional/resource/powershell_script_spec.rb +7 -68
- data/spec/functional/resource/rpm_spec.rb +2 -2
- data/spec/functional/resource/user/dscl_spec.rb +2 -2
- data/spec/functional/resource/user/mac_user_spec.rb +2 -2
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
- data/spec/functional/resource/windows_task_spec.rb +8 -8
- data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
- data/spec/functional/run_lock_spec.rb +1 -2
- data/spec/functional/shell_spec.rb +6 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +0 -6
- data/spec/functional/win32/security_spec.rb +22 -0
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +123 -2
- data/spec/integration/knife/cookbook_show_spec.rb +28 -26
- data/spec/integration/knife/data_bag_show_spec.rb +1 -1
- data/spec/integration/knife/raw_spec.rb +30 -2
- data/spec/integration/knife/show_spec.rb +32 -3
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -5
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/noop_resource_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +50 -21
- data/spec/integration/recipes/notifying_block_spec.rb +9 -6
- data/spec/integration/recipes/provider_choice.rb +2 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +46 -144
- data/spec/integration/recipes/resource_action_spec.rb +16 -11
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -3
- data/spec/integration/recipes/resource_load_spec.rb +133 -13
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +112 -0
- data/spec/integration/solo/solo_spec.rb +3 -3
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +11 -14
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
- data/spec/support/platform_helpers.rb +44 -19
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/recipe_dsl_helper.rb +83 -0
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +3 -3
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -18
- data/spec/support/shared/integration/knife_support.rb +14 -8
- data/spec/unit/application/apply_spec.rb +3 -0
- data/spec/unit/application/client_spec.rb +5 -1
- data/spec/unit/application_spec.rb +1 -9
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +4 -2
- data/spec/unit/client_spec.rb +7 -5
- data/spec/unit/cookbook/gem_installer_spec.rb +3 -4
- data/spec/unit/cookbook/metadata_spec.rb +38 -19
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/data_collector_spec.rb +38 -17
- data/spec/unit/dsl/platform_introspection_spec.rb +0 -1
- data/spec/unit/environment_spec.rb +7 -7
- data/spec/unit/event_dispatch/dispatcher_spec.rb +0 -3
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
- data/spec/unit/knife/bootstrap_spec.rb +36 -54
- data/spec/unit/knife/cookbook_download_spec.rb +4 -4
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +1 -0
- data/spec/unit/knife/cookbook_upload_spec.rb +6 -5
- data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/ui_spec.rb +16 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +8 -68
- data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
- data/spec/unit/knife/role_env_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_env_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/ssh_spec.rb +10 -113
- data/spec/unit/knife/status_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +3 -5
- data/spec/unit/knife_spec.rb +18 -0
- data/spec/unit/lwrp_spec.rb +4 -4
- data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
- data/spec/unit/mixin/securable_spec.rb +1 -0
- data/spec/unit/mixin/user_context_spec.rb +9 -1
- data/spec/unit/node/attribute_spec.rb +2 -2
- data/spec/unit/node_spec.rb +24 -0
- data/spec/unit/platform/query_helpers_spec.rb +0 -143
- data/spec/unit/property/state_spec.rb +12 -7
- data/spec/unit/property/validation_spec.rb +25 -1
- data/spec/unit/property_spec.rb +18 -15
- data/spec/unit/provider/apt_preference_spec.rb +14 -10
- data/spec/unit/provider/apt_repository_spec.rb +9 -11
- data/spec/unit/provider/apt_update_spec.rb +12 -11
- data/spec/unit/provider/cookbook_file_spec.rb +4 -4
- data/spec/unit/provider/cron_spec.rb +2 -2
- data/spec/unit/provider/directory_spec.rb +4 -15
- data/spec/unit/provider/file_spec.rb +4 -4
- data/spec/unit/provider/git_spec.rb +44 -4
- data/spec/unit/provider/link_spec.rb +0 -1
- data/spec/unit/provider/log_spec.rb +3 -3
- data/spec/unit/provider/mdadm_spec.rb +3 -3
- data/spec/unit/provider/osx_profile_spec.rb +2 -2
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +2 -2
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
- data/spec/unit/provider/package/homebrew_spec.rb +280 -174
- data/spec/unit/provider/package/msu_spec.rb +3 -3
- data/spec/unit/provider/package/pacman_spec.rb +65 -147
- data/spec/unit/provider/package/powershell_spec.rb +88 -96
- data/spec/unit/provider/package/rubygems_spec.rb +221 -31
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
- data/spec/unit/provider/package/windows_spec.rb +53 -30
- data/spec/unit/provider/powershell_script_spec.rb +21 -61
- data/spec/unit/provider/remote_file_spec.rb +3 -4
- data/spec/unit/provider/service/arch_service_spec.rb +2 -3
- data/spec/unit/provider/service/debian_service_spec.rb +35 -14
- data/spec/unit/provider/service/gentoo_service_spec.rb +8 -8
- data/spec/unit/provider/service/macosx_spec.rb +210 -214
- data/spec/unit/provider/service/redhat_spec.rb +2 -2
- data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +6 -2
- data/spec/unit/provider/subversion_spec.rb +4 -2
- data/spec/unit/provider/systemd_unit_spec.rb +24 -28
- data/spec/unit/provider/template_spec.rb +3 -4
- data/spec/unit/provider/zypper_repository_spec.rb +25 -75
- data/spec/unit/provider_resolver_spec.rb +11 -11
- data/spec/unit/provider_spec.rb +0 -1
- data/spec/unit/recipe_spec.rb +68 -0
- data/spec/unit/resource/alternatives_spec.rb +120 -0
- data/spec/unit/resource/apt_preference_spec.rb +0 -18
- data/spec/unit/resource/apt_repository_spec.rb +0 -18
- data/spec/unit/resource/apt_update_spec.rb +0 -18
- data/spec/unit/resource/archive_file_spec.rb +2 -11
- data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
- data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
- data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
- data/spec/unit/resource/cron_d_spec.rb +6 -48
- data/spec/unit/resource/cron_spec.rb +4 -10
- data/spec/unit/resource/gem_package_spec.rb +3 -3
- data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
- data/spec/unit/resource/link_spec.rb +0 -4
- data/spec/unit/resource/locale_spec.rb +0 -34
- data/spec/unit/resource/ohai_spec.rb +56 -2
- data/spec/unit/resource/plist_spec.rb +130 -0
- data/spec/unit/resource/powershell_script_spec.rb +0 -5
- data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
- data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
- data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
- data/spec/unit/resource/service_spec.rb +4 -0
- data/spec/unit/resource/user_spec.rb +2 -2
- data/spec/unit/resource/user_ulimit_spec.rb +53 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
- data/spec/unit/resource/windows_feature_powershell_spec.rb +6 -47
- data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
- data/spec/unit/resource/windows_package_spec.rb +4 -1
- data/spec/unit/resource/windows_service_spec.rb +9 -0
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +2 -2
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_reporter_spec.rb +1 -5
- data/spec/unit/resource_spec.rb +11 -4
- data/spec/unit/role_spec.rb +11 -11
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_context_spec.rb +1 -1
- data/spec/unit/search/query_spec.rb +1 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +0 -9
- data/spec/unit/win32/security_spec.rb +3 -4
- data/tasks/rspec.rb +1 -1
- metadata +116 -87
- data/lib/chef/dsl/core.rb +0 -52
- data/lib/chef/knife/cookbook_site_share.rb +0 -41
- data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
- data/lib/chef/provider/apt_preference.rb +0 -93
- data/lib/chef/provider/apt_repository.rb +0 -358
- data/lib/chef/provider/apt_update.rb +0 -79
- data/lib/chef/provider/log.rb +0 -43
- data/lib/chef/provider/mdadm.rb +0 -85
- data/lib/chef/provider/ohai.rb +0 -45
- data/lib/chef/resource/git.rb +0 -37
- data/spec/functional/resource/windows_font_spec.rb +0 -49
- data/spec/unit/provider/ohai_spec.rb +0 -84
@@ -0,0 +1,83 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclBulkRemove < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl bulk remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
member_type, member_name, object_type, regex, perms = name_args
|
34
|
+
object_name_matcher = /#{regex}/
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if member_name == "pivotal" && %w{client user}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
|
44
|
+
exit 1
|
45
|
+
end
|
46
|
+
if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
|
47
|
+
ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
|
48
|
+
ui.fatal " Removal could prevent future attempts to modify permissions."
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
validate_perm_type!(perms)
|
52
|
+
validate_member_type!(member_type)
|
53
|
+
validate_member_name!(member_name)
|
54
|
+
validate_object_type!(object_type)
|
55
|
+
validate_member_exists!(member_type, member_name)
|
56
|
+
|
57
|
+
if %w{containers groups}.include?(object_type)
|
58
|
+
ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
|
59
|
+
exit 1
|
60
|
+
end
|
61
|
+
|
62
|
+
objects_to_modify = []
|
63
|
+
all_objects = rest.get_rest(object_type)
|
64
|
+
objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
|
65
|
+
|
66
|
+
if objects_to_modify.empty?
|
67
|
+
ui.info "No #{object_type} match the expression /#{regex}/"
|
68
|
+
exit 0
|
69
|
+
end
|
70
|
+
|
71
|
+
ui.msg("The ACL of the following #{object_type} will be modified:")
|
72
|
+
ui.msg("")
|
73
|
+
ui.msg(ui.list(objects_to_modify.sort, :columns_down))
|
74
|
+
ui.msg("")
|
75
|
+
ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
|
76
|
+
|
77
|
+
objects_to_modify.each do |object_name|
|
78
|
+
remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class AclRemove < Chef::Knife
|
25
|
+
category "acl"
|
26
|
+
banner "knife acl remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
|
27
|
+
|
28
|
+
deps do
|
29
|
+
require_relative "acl_base"
|
30
|
+
include Chef::Knife::AclBase
|
31
|
+
end
|
32
|
+
|
33
|
+
def run
|
34
|
+
member_type, member_name, object_type, object_name, perms = name_args
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group|user], member name, object type, object name and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if member_name == "pivotal" && %w{client user}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
|
44
|
+
exit 1
|
45
|
+
end
|
46
|
+
if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
|
47
|
+
ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
|
48
|
+
ui.fatal " Removal could prevent future attempts to modify permissions."
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
validate_perm_type!(perms)
|
52
|
+
validate_member_type!(member_type)
|
53
|
+
validate_member_name!(member_name)
|
54
|
+
validate_object_name!(object_name)
|
55
|
+
validate_object_type!(object_type)
|
56
|
+
validate_member_exists!(member_type, member_name)
|
57
|
+
|
58
|
+
remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclShow < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl show OBJECT_TYPE OBJECT_NAME"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
object_type, object_name = name_args
|
34
|
+
|
35
|
+
if name_args.length != 2
|
36
|
+
show_usage
|
37
|
+
ui.fatal "You must specify an object type and object name"
|
38
|
+
exit 1
|
39
|
+
end
|
40
|
+
|
41
|
+
validate_object_type!(object_type)
|
42
|
+
validate_object_name!(object_name)
|
43
|
+
acl = get_acl(object_type, object_name)
|
44
|
+
PERM_TYPES.each do |perm|
|
45
|
+
# Filter out the actors field if we have
|
46
|
+
# users and clients. Note that if one is present,
|
47
|
+
# both will be - but we're checking both for completeness.
|
48
|
+
if acl[perm].key?("users") && acl[perm].key?("clients")
|
49
|
+
acl[perm].delete "actors"
|
50
|
+
end
|
51
|
+
end
|
52
|
+
ui.output acl
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
data/lib/chef/knife/bootstrap.rb
CHANGED
@@ -86,7 +86,6 @@ class Chef
|
|
86
86
|
short: "-w AUTH-METHOD",
|
87
87
|
long: "--winrm-auth-method AUTH-METHOD",
|
88
88
|
description: "The WinRM authentication method to use.",
|
89
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:winrm_auth_method] = protocol },
|
90
89
|
in: WINRM_AUTH_PROTOCOL_LIST
|
91
90
|
|
92
91
|
option :winrm_basic_auth_only,
|
@@ -94,37 +93,32 @@ class Chef
|
|
94
93
|
description: "For WinRM basic authentication when using the 'ssl' auth method.",
|
95
94
|
boolean: true
|
96
95
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
# :proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
96
|
+
# This option was provided in knife bootstrap windows winrm,
|
97
|
+
# but it is ignored in knife-windows/WinrmSession, and so remains unimplemeneted here.
|
98
|
+
# option :kerberos_keytab_file,
|
99
|
+
# :short => "-T KEYTAB_FILE",
|
100
|
+
# :long => "--keytab-file KEYTAB_FILE",
|
101
|
+
# :description => "The Kerberos keytab file used for authentication"
|
104
102
|
|
105
103
|
option :kerberos_realm,
|
106
104
|
short: "-R KERBEROS_REALM",
|
107
105
|
long: "--kerberos-realm KERBEROS_REALM",
|
108
|
-
description: "The Kerberos realm used for authentication."
|
109
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:kerberos_realm] = protocol }
|
106
|
+
description: "The Kerberos realm used for authentication."
|
110
107
|
|
111
108
|
option :kerberos_service,
|
112
109
|
short: "-S KERBEROS_SERVICE",
|
113
110
|
long: "--kerberos-service KERBEROS_SERVICE",
|
114
|
-
description: "The Kerberos service used for authentication."
|
115
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:kerberos_service] = protocol }
|
111
|
+
description: "The Kerberos service used for authentication."
|
116
112
|
|
117
113
|
## SSH Authentication
|
118
114
|
option :ssh_gateway,
|
119
115
|
short: "-G GATEWAY",
|
120
116
|
long: "--ssh-gateway GATEWAY",
|
121
|
-
description: "The SSH gateway."
|
122
|
-
proc: Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key }
|
117
|
+
description: "The SSH gateway."
|
123
118
|
|
124
119
|
option :ssh_gateway_identity,
|
125
120
|
long: "--ssh-gateway-identity SSH_GATEWAY_IDENTITY",
|
126
|
-
description: "The SSH identity file used for gateway authentication."
|
127
|
-
proc: Proc.new { |key| Chef::Config[:knife][:ssh_gateway_identity] = key }
|
121
|
+
description: "The SSH identity file used for gateway authentication."
|
128
122
|
|
129
123
|
option :ssh_forward_agent,
|
130
124
|
short: "-A",
|
@@ -140,7 +134,8 @@ class Chef
|
|
140
134
|
option :ssh_verify_host_key,
|
141
135
|
long: "--ssh-verify-host-key VALUE",
|
142
136
|
description: "Verify host key. Default is 'always'.",
|
143
|
-
in: %w{always accept_new accept_new_or_local_tunnel never}
|
137
|
+
in: %w{always accept_new accept_new_or_local_tunnel never},
|
138
|
+
default: "always"
|
144
139
|
|
145
140
|
#
|
146
141
|
# bootstrap options
|
@@ -160,8 +155,7 @@ class Chef
|
|
160
155
|
# client.rb content via chef-full/bootstrap_context
|
161
156
|
option :bootstrap_proxy,
|
162
157
|
long: "--bootstrap-proxy PROXY_URL",
|
163
|
-
description: "The proxy server for the node being bootstrapped."
|
164
|
-
proc: Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
|
158
|
+
description: "The proxy server for the node being bootstrapped."
|
165
159
|
|
166
160
|
# client.rb content via bootstrap_context
|
167
161
|
option :bootstrap_proxy_user,
|
@@ -176,8 +170,7 @@ class Chef
|
|
176
170
|
# client.rb content via bootstrap_context
|
177
171
|
option :bootstrap_no_proxy,
|
178
172
|
long: "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
|
179
|
-
description: "Do not proxy locations for the node being bootstrapped"
|
180
|
-
proc: Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
|
173
|
+
description: "Do not proxy locations for the node being bootstrapped"
|
181
174
|
|
182
175
|
# client.rb content via bootstrap_context
|
183
176
|
option :bootstrap_template,
|
@@ -270,21 +263,16 @@ class Chef
|
|
270
263
|
proc: lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
|
271
264
|
default: nil
|
272
265
|
|
273
|
-
# Note that several of the below options are used by bootstrap template,
|
274
|
-
# but only from the passed-in knife config; it does not use the
|
275
|
-
# config from the CLI for those values. We cannot always used the merged
|
276
|
-
# config, because in some cases the knife keys thIn those cases, the option
|
277
|
-
# will have a proc that assigns the value into Chef::Config[:knife]
|
278
|
-
|
279
266
|
# bootstrap template
|
280
267
|
# Create ohai hints in /etc/chef/ohai/hints, fname=hintname, content=value
|
281
|
-
option :
|
268
|
+
option :hints,
|
282
269
|
long: "--hint HINT_NAME[=HINT_FILE]",
|
283
270
|
description: "Specify an Ohai hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
|
284
|
-
proc: Proc.new { |
|
285
|
-
|
286
|
-
name, path =
|
287
|
-
|
271
|
+
proc: Proc.new { |hint, accumulator|
|
272
|
+
accumulator ||= {}
|
273
|
+
name, path = hint.split("=", 2)
|
274
|
+
accumulator[name] = path ? Chef::JSONCompat.parse(::File.read(path)) : {}
|
275
|
+
accumulator
|
288
276
|
}
|
289
277
|
|
290
278
|
# bootstrap override: url of a an installer shell script touse in place of omnitruck
|
@@ -292,8 +280,7 @@ class Chef
|
|
292
280
|
# the provided options to knife bootstrap, so we set the Chef::Config option here.
|
293
281
|
option :bootstrap_url,
|
294
282
|
long: "--bootstrap-url URL",
|
295
|
-
description: "URL to a custom installation script."
|
296
|
-
proc: Proc.new { |u| Chef::Config[:knife][:bootstrap_url] = u }
|
283
|
+
description: "URL to a custom installation script."
|
297
284
|
|
298
285
|
option :bootstrap_product,
|
299
286
|
long: "--bootstrap-product PRODUCT",
|
@@ -309,26 +296,22 @@ class Chef
|
|
309
296
|
# bootstrap override: Do this instead of our own setup.sh from omnitruck. Causes bootstrap_url to be ignored.
|
310
297
|
option :bootstrap_install_command,
|
311
298
|
long: "--bootstrap-install-command COMMANDS",
|
312
|
-
description: "Custom command to install #{Chef::Dist::PRODUCT}."
|
313
|
-
proc: Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
|
299
|
+
description: "Custom command to install #{Chef::Dist::PRODUCT}."
|
314
300
|
|
315
301
|
# bootstrap template: Run this command first in the bootstrap script
|
316
302
|
option :bootstrap_preinstall_command,
|
317
303
|
long: "--bootstrap-preinstall-command COMMANDS",
|
318
|
-
description: "Custom commands to run before installing #{Chef::Dist::PRODUCT}."
|
319
|
-
proc: Proc.new { |preic| Chef::Config[:knife][:bootstrap_preinstall_command] = preic }
|
304
|
+
description: "Custom commands to run before installing #{Chef::Dist::PRODUCT}."
|
320
305
|
|
321
306
|
# bootstrap template
|
322
307
|
option :bootstrap_wget_options,
|
323
308
|
long: "--bootstrap-wget-options OPTIONS",
|
324
|
-
description: "Add options to wget when installing #{Chef::Dist::PRODUCT}."
|
325
|
-
proc: Proc.new { |wo| Chef::Config[:knife][:bootstrap_wget_options] = wo }
|
309
|
+
description: "Add options to wget when installing #{Chef::Dist::PRODUCT}."
|
326
310
|
|
327
311
|
# bootstrap template
|
328
312
|
option :bootstrap_curl_options,
|
329
313
|
long: "--bootstrap-curl-options OPTIONS",
|
330
|
-
description: "Add options to curl when install #{Chef::Dist::PRODUCT}."
|
331
|
-
proc: Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co }
|
314
|
+
description: "Add options to curl when install #{Chef::Dist::PRODUCT}."
|
332
315
|
|
333
316
|
# chef_vault_handler
|
334
317
|
option :bootstrap_vault_file,
|
@@ -344,12 +327,12 @@ class Chef
|
|
344
327
|
option :bootstrap_vault_item,
|
345
328
|
long: "--bootstrap-vault-item VAULT_ITEM",
|
346
329
|
description: 'A single vault and item to update as "vault:item".',
|
347
|
-
proc: Proc.new { |i|
|
330
|
+
proc: Proc.new { |i, accumulator|
|
348
331
|
(vault, item) = i.split(/:/)
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
332
|
+
accumulator ||= {}
|
333
|
+
accumulator[vault] ||= []
|
334
|
+
accumulator[vault].push(item)
|
335
|
+
accumulator
|
353
336
|
}
|
354
337
|
|
355
338
|
# Deprecated options. These must be declared after
|
@@ -434,14 +417,14 @@ class Chef
|
|
434
417
|
def client_builder
|
435
418
|
@client_builder ||= Chef::Knife::Bootstrap::ClientBuilder.new(
|
436
419
|
chef_config: Chef::Config,
|
437
|
-
|
420
|
+
config: config,
|
438
421
|
ui: ui
|
439
422
|
)
|
440
423
|
end
|
441
424
|
|
442
425
|
def chef_vault_handler
|
443
426
|
@chef_vault_handler ||= Chef::Knife::Bootstrap::ChefVaultHandler.new(
|
444
|
-
|
427
|
+
config: config,
|
445
428
|
ui: ui
|
446
429
|
)
|
447
430
|
end
|
@@ -466,7 +449,7 @@ class Chef
|
|
466
449
|
# @return [String] Default bootstrap template
|
467
450
|
def default_bootstrap_template
|
468
451
|
if connection.windows?
|
469
|
-
"windows
|
452
|
+
"windows-chef-client-msi"
|
470
453
|
else
|
471
454
|
"chef-full"
|
472
455
|
end
|
@@ -497,7 +480,7 @@ class Chef
|
|
497
480
|
template = bootstrap_template
|
498
481
|
|
499
482
|
# Use the template directly if it's a path to an actual file
|
500
|
-
if File.
|
483
|
+
if File.exists?(template)
|
501
484
|
Chef::Log.trace("Using the specified bootstrap template: #{File.dirname(template)}")
|
502
485
|
return template
|
503
486
|
end
|
@@ -512,7 +495,7 @@ class Chef
|
|
512
495
|
|
513
496
|
template_file = Array(bootstrap_files).find do |bootstrap_template|
|
514
497
|
Chef::Log.trace("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
|
515
|
-
File.
|
498
|
+
File.exists?(bootstrap_template)
|
516
499
|
end
|
517
500
|
|
518
501
|
unless template_file
|
@@ -555,7 +538,7 @@ class Chef
|
|
555
538
|
end
|
556
539
|
|
557
540
|
def run
|
558
|
-
check_license
|
541
|
+
check_license
|
559
542
|
|
560
543
|
plugin_setup!
|
561
544
|
validate_name_args!
|
@@ -597,8 +580,11 @@ class Chef
|
|
597
580
|
|
598
581
|
bootstrap_context.client_pem = client_builder.client_path
|
599
582
|
else
|
600
|
-
ui.
|
601
|
-
|
583
|
+
ui.info <<~EOM
|
584
|
+
Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
|
585
|
+
Delete your validation key in order to use your user credentials for client registration instead.
|
586
|
+
EOM
|
587
|
+
|
602
588
|
end
|
603
589
|
end
|
604
590
|
|
@@ -616,7 +602,7 @@ class Chef
|
|
616
602
|
end
|
617
603
|
|
618
604
|
def connect!
|
619
|
-
ui.info("Connecting to #{ui.color(server_name, :bold)}
|
605
|
+
ui.info("Connecting to #{ui.color(server_name, :bold)}")
|
620
606
|
opts ||= connection_opts.dup
|
621
607
|
do_connect(opts)
|
622
608
|
rescue Train::Error => e
|
@@ -683,9 +669,8 @@ class Chef
|
|
683
669
|
return @connection_protocol if @connection_protocol
|
684
670
|
|
685
671
|
from_url = host_descriptor =~ %r{^(.*)://} ? $1 : nil
|
686
|
-
|
687
|
-
|
688
|
-
@connection_protocol = from_url || from_cli || from_knife || "ssh"
|
672
|
+
from_knife = config[:connection_protocol]
|
673
|
+
@connection_protocol = from_url || from_knife || "ssh"
|
689
674
|
end
|
690
675
|
|
691
676
|
def do_connect(conn_options)
|
@@ -721,6 +706,10 @@ class Chef
|
|
721
706
|
true
|
722
707
|
end
|
723
708
|
|
709
|
+
def winrm_auth_method
|
710
|
+
config_value(:winrm_auth_method, :winrm_authentication_protocol, "negotiate")
|
711
|
+
end
|
712
|
+
|
724
713
|
# Fail if using plaintext auth without ssl because
|
725
714
|
# this can expose keys in plaintext on the wire.
|
726
715
|
# TODO test for this method
|
@@ -729,8 +718,8 @@ class Chef
|
|
729
718
|
return true unless winrm?
|
730
719
|
|
731
720
|
if Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key]))
|
732
|
-
if
|
733
|
-
|
721
|
+
if winrm_auth_method == "plaintext" &&
|
722
|
+
config[:winrm_ssl] != true
|
734
723
|
ui.error <<~EOM
|
735
724
|
Validatorless bootstrap over unsecure winrm channels could expose your
|
736
725
|
key to network sniffing.
|
@@ -854,9 +843,9 @@ class Chef
|
|
854
843
|
# Reference:
|
855
844
|
# https://github.com/chef/knife-windows/blob/92d151298142be4a4750c5b54bb264f8d5b81b8a/lib/chef/knife/winrm_knife_base.rb#L271-L273
|
856
845
|
# TODO Seems like we should also do a similar warning if ssh_verify_host == false
|
857
|
-
if
|
858
|
-
|
859
|
-
|
846
|
+
if config[:ca_trust_file].nil? &&
|
847
|
+
config[:winrm_no_verify_cert] &&
|
848
|
+
config[:winrm_ssl_peer_fingerprint].nil?
|
860
849
|
ui.warn <<~WARN
|
861
850
|
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
862
851
|
SSL validation of HTTPS requests for the WinRM transport is disabled.
|
@@ -902,16 +891,13 @@ class Chef
|
|
902
891
|
|
903
892
|
# Common configuration for all protocols
|
904
893
|
def base_opts
|
905
|
-
port =
|
906
|
-
|
907
|
-
user = config_value(:connection_user,
|
908
|
-
knife_key_for_protocol(connection_protocol, :user))
|
894
|
+
port = config_for_protocol(:port)
|
895
|
+
user = config_for_protocol(:user)
|
909
896
|
{}.tap do |opts|
|
910
897
|
opts[:logger] = Chef::Log
|
911
|
-
# We do not store password in Chef::Config, so only use CLI `config` here
|
912
898
|
opts[:password] = config[:connection_password] if config.key?(:connection_password)
|
913
899
|
opts[:user] = user if user
|
914
|
-
opts[:max_wait_until_ready] =
|
900
|
+
opts[:max_wait_until_ready] = config[:max_wait].to_f unless config[:max_wait].nil?
|
915
901
|
# TODO - when would we need to provide rdp_port vs port? Or are they not mutually exclusive?
|
916
902
|
opts[:port] = port if port
|
917
903
|
end
|
@@ -919,7 +905,7 @@ class Chef
|
|
919
905
|
|
920
906
|
def host_verify_opts
|
921
907
|
if winrm?
|
922
|
-
{ self_signed:
|
908
|
+
{ self_signed: config[:winrm_no_verify_cert] === true }
|
923
909
|
elsif ssh?
|
924
910
|
# Fall back to the old knife config key name for back compat.
|
925
911
|
{ verify_host_key: config_value(:ssh_verify_host_key, :host_key_verify, "always") }
|
@@ -933,7 +919,7 @@ class Chef
|
|
933
919
|
return opts if winrm?
|
934
920
|
|
935
921
|
opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
|
936
|
-
opts[:forward_agent] = (
|
922
|
+
opts[:forward_agent] = (config[:ssh_forward_agent] === true)
|
937
923
|
opts[:connection_timeout] = session_timeout
|
938
924
|
opts
|
939
925
|
end
|
@@ -942,7 +928,7 @@ class Chef
|
|
942
928
|
opts = {}
|
943
929
|
return opts if winrm?
|
944
930
|
|
945
|
-
identity_file =
|
931
|
+
identity_file = config[:ssh_identity_file]
|
946
932
|
if identity_file
|
947
933
|
opts[:key_files] = [identity_file]
|
948
934
|
# We only set keys_only based on the explicit ssh_identity_file;
|
@@ -962,7 +948,7 @@ class Chef
|
|
962
948
|
opts[:keys_only] = false
|
963
949
|
end
|
964
950
|
|
965
|
-
gateway_identity_file =
|
951
|
+
gateway_identity_file = config[:ssh_gateway] ? config[:ssh_gateway_identity] : nil
|
966
952
|
unless gateway_identity_file.nil?
|
967
953
|
opts[:key_files] << gateway_identity_file
|
968
954
|
end
|
@@ -972,8 +958,8 @@ class Chef
|
|
972
958
|
|
973
959
|
def gateway_opts
|
974
960
|
opts = {}
|
975
|
-
if
|
976
|
-
split =
|
961
|
+
if config[:ssh_gateway]
|
962
|
+
split = config[:ssh_gateway].split("@", 2)
|
977
963
|
if split.length == 1
|
978
964
|
gw_host = split[0]
|
979
965
|
else
|
@@ -1019,21 +1005,20 @@ class Chef
|
|
1019
1005
|
def winrm_opts
|
1020
1006
|
return {} unless winrm?
|
1021
1007
|
|
1022
|
-
auth_method = config_value(:winrm_auth_method, :winrm_auth_method, "negotiate")
|
1023
1008
|
opts = {
|
1024
|
-
winrm_transport:
|
1025
|
-
winrm_basic_auth_only:
|
1026
|
-
ssl:
|
1027
|
-
ssl_peer_fingerprint:
|
1009
|
+
winrm_transport: winrm_auth_method, # winrm gem and train calls auth method 'transport'
|
1010
|
+
winrm_basic_auth_only: config[:winrm_basic_auth_only] || false,
|
1011
|
+
ssl: config[:winrm_ssl] === true,
|
1012
|
+
ssl_peer_fingerprint: config[:winrm_ssl_peer_fingerprint],
|
1028
1013
|
}
|
1029
1014
|
|
1030
|
-
if
|
1031
|
-
opts[:kerberos_service] =
|
1032
|
-
opts[:kerberos_realm] =
|
1015
|
+
if winrm_auth_method == "kerberos"
|
1016
|
+
opts[:kerberos_service] = config[:kerberos_service] if config[:kerberos_service]
|
1017
|
+
opts[:kerberos_realm] = config[:kerberos_realm] if config[:kerberos_service]
|
1033
1018
|
end
|
1034
1019
|
|
1035
|
-
if
|
1036
|
-
opts[:ca_trust_path] =
|
1020
|
+
if config[:ca_trust_file]
|
1021
|
+
opts[:ca_trust_path] = config[:ca_trust_file]
|
1037
1022
|
end
|
1038
1023
|
|
1039
1024
|
opts[:operation_timeout] = session_timeout
|
@@ -1058,17 +1043,18 @@ class Chef
|
|
1058
1043
|
}
|
1059
1044
|
end
|
1060
1045
|
|
1061
|
-
#
|
1062
|
-
#
|
1063
|
-
#
|
1046
|
+
# This is for deprecating config options. The fallback_key can be used
|
1047
|
+
# to pull an old knife config option out of the config file when the
|
1048
|
+
# cli value has been renamed. This is different from the deprecated
|
1049
|
+
# cli values, since these are for config options that have no corresponding
|
1050
|
+
# cli value.
|
1064
1051
|
#
|
1065
|
-
#
|
1066
|
-
# config_value(:whatver) should be converted to config[:whatever]. That never had
|
1067
|
-
# any purpose and never should have been used this way.
|
1052
|
+
# DO NOT USE - this whole API is considered deprecated
|
1068
1053
|
#
|
1069
1054
|
# @api deprecated
|
1070
1055
|
#
|
1071
1056
|
def config_value(key, fallback_key = nil, default = nil)
|
1057
|
+
Chef.deprecated(:knife_bootstrap_apis, "Use of config_value without a fallback_key is deprecated. Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.") if fallback_key.nil?
|
1072
1058
|
if config.key?(key)
|
1073
1059
|
# the first key is the primary key so we check the merged hash first
|
1074
1060
|
config[key]
|
@@ -1097,6 +1083,8 @@ class Chef
|
|
1097
1083
|
end
|
1098
1084
|
end
|
1099
1085
|
|
1086
|
+
private
|
1087
|
+
|
1100
1088
|
# To avoid cluttering the CLI options, some flags (such as port and user)
|
1101
1089
|
# are shared between protocols. However, there is still a need to allow the operator
|
1102
1090
|
# to specify defaults separately, since they may not be the same values for different
|
@@ -1105,12 +1093,20 @@ class Chef
|
|
1105
1093
|
# These keys are available in Chef::Config, and are prefixed with the protocol name.
|
1106
1094
|
# For example, :user CLI option will map to :winrm_user and :ssh_user Chef::Config keys,
|
1107
1095
|
# based on the connection protocol in use.
|
1108
|
-
|
1109
|
-
|
1110
|
-
|
1096
|
+
|
1097
|
+
# @api private
|
1098
|
+
def config_for_protocol(option)
|
1099
|
+
if option == :port
|
1100
|
+
config[:connection_port] || config[knife_key_for_protocol(option)]
|
1101
|
+
else
|
1102
|
+
config[:connection_user] || config[knife_key_for_protocol(option)]
|
1103
|
+
end
|
1111
1104
|
end
|
1112
1105
|
|
1113
|
-
private
|
1106
|
+
# @api private
|
1107
|
+
def knife_key_for_protocol(option)
|
1108
|
+
"#{connection_protocol}_#{option}".to_sym
|
1109
|
+
end
|
1114
1110
|
|
1115
1111
|
# True if policy_name and run_list are both given
|
1116
1112
|
def policyfile_and_run_list_given?
|
@@ -1133,7 +1129,7 @@ class Chef
|
|
1133
1129
|
# session_timeout option has a default that may not arrive, particularly if
|
1134
1130
|
# we're being invoked from a plugin that doesn't merge_config.
|
1135
1131
|
def session_timeout
|
1136
|
-
timeout =
|
1132
|
+
timeout = config[:session_timeout]
|
1137
1133
|
return options[:session_timeout][:default] if timeout.nil?
|
1138
1134
|
|
1139
1135
|
timeout.to_i
|