chef 15.17.4-universal-mingw32 → 16.0.257-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +14 -20
- data/README.md +6 -6
- data/Rakefile +18 -23
- data/chef-universal-mingw32.gemspec +4 -4
- data/chef.gemspec +10 -26
- data/distro/powershell/chef/chef.psm1 +3 -3
- data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
- data/lib/chef/action_collection.rb +16 -5
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +33 -54
- data/lib/chef/application/apply.rb +20 -3
- data/lib/chef/application/base.rb +8 -3
- data/lib/chef/application/exit_code.rb +2 -2
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/chef_class.rb +4 -4
- data/lib/chef/chef_fs/chef_fs_data_store.rb +3 -3
- data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +0 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +5 -5
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +3 -3
- data/lib/chef/client.rb +16 -14
- data/lib/chef/config.rb +1 -1
- data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +45 -22
- data/lib/chef/cookbook_version.rb +40 -5
- data/lib/chef/data_bag.rb +2 -2
- data/lib/chef/data_collector/error_handlers.rb +1 -1
- data/lib/chef/data_collector/run_end_message.rb +7 -1
- data/lib/chef/deprecated.rb +1 -9
- data/lib/chef/dist.rb +8 -0
- data/lib/chef/dsl/chef_vault.rb +84 -0
- data/lib/chef/dsl/declare_resource.rb +7 -5
- data/lib/chef/dsl/platform_introspection.rb +2 -3
- data/lib/chef/dsl/recipe.rb +7 -12
- data/lib/chef/dsl/universal.rb +3 -7
- data/lib/chef/environment.rb +2 -2
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +0 -3
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +7 -7
- data/lib/chef/formatters/indentable_output_stream.rb +7 -16
- data/lib/chef/http.rb +1 -2
- data/lib/chef/http/http_request.rb +3 -2
- data/lib/chef/knife.rb +1 -3
- data/lib/chef/knife/acl_add.rb +57 -0
- data/lib/chef/knife/acl_base.rb +183 -0
- data/lib/chef/knife/acl_bulk_add.rb +78 -0
- data/lib/chef/knife/acl_bulk_remove.rb +83 -0
- data/lib/chef/knife/acl_remove.rb +62 -0
- data/lib/chef/knife/acl_show.rb +56 -0
- data/lib/chef/knife/bootstrap.rb +93 -97
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +20 -20
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +13 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +0 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/core/bootstrap_context.rb +63 -60
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +4 -3
- data/lib/chef/knife/core/hashed_command_loader.rb +2 -3
- data/lib/chef/knife/core/node_presenter.rb +2 -2
- data/lib/chef/knife/core/status_presenter.rb +5 -5
- data/lib/chef/knife/core/subcommand_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +17 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +45 -58
- data/lib/chef/knife/data_bag_secret_options.rb +18 -45
- data/lib/chef/knife/environment_compare.rb +1 -1
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/group_add.rb +55 -0
- data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
- data/lib/chef/knife/group_destroy.rb +53 -0
- data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
- data/lib/chef/knife/group_remove.rb +56 -0
- data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
- data/lib/chef/knife/list.rb +1 -1
- data/lib/chef/knife/ssh.rb +12 -50
- data/lib/chef/knife/status.rb +3 -3
- data/lib/chef/knife/supermarket_download.rb +1 -2
- data/lib/chef/knife/supermarket_install.rb +1 -2
- data/lib/chef/knife/supermarket_list.rb +1 -2
- data/lib/chef/knife/supermarket_search.rb +1 -2
- data/lib/chef/knife/supermarket_share.rb +1 -2
- data/lib/chef/knife/supermarket_show.rb +1 -2
- data/lib/chef/knife/supermarket_unshare.rb +1 -2
- data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
- data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
- data/lib/chef/knife/user_invite_list.rb +34 -0
- data/lib/chef/knife/user_invite_recind.rb +63 -0
- data/lib/chef/knife/yaml_convert.rb +91 -0
- data/lib/chef/log.rb +1 -1
- data/lib/chef/mixin/create_path.rb +8 -8
- data/lib/chef/mixin/openssl_helper.rb +3 -26
- data/lib/chef/mixin/powershell_exec.rb +10 -1
- data/lib/chef/mixin/powershell_out.rb +1 -1
- data/lib/chef/mixin/properties.rb +13 -1
- data/lib/chef/mixin/shell_out.rb +0 -4
- data/lib/chef/mixin/template.rb +0 -1
- data/lib/chef/monkey_patches/net_http.rb +0 -4
- data/lib/chef/node.rb +18 -6
- data/lib/chef/node/mixin/deep_merge_cache.rb +7 -7
- data/lib/chef/node/mixin/immutablize_array.rb +4 -0
- data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
- data/lib/chef/node_map.rb +7 -36
- data/lib/chef/platform/priority_map.rb +4 -4
- data/lib/chef/platform/query_helpers.rb +6 -34
- data/lib/chef/powershell.rb +14 -0
- data/lib/chef/property.rb +22 -4
- data/lib/chef/provider.rb +40 -6
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/dsc_resource.rb +1 -1
- data/lib/chef/provider/dsc_script.rb +1 -1
- data/lib/chef/provider/execute.rb +2 -8
- data/lib/chef/provider/file.rb +5 -5
- data/lib/chef/provider/git.rb +84 -27
- data/lib/chef/provider/group.rb +4 -4
- data/lib/chef/provider/http_request.rb +6 -6
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/launchd.rb +36 -51
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/mount/solaris.rb +1 -0
- data/lib/chef/provider/osx_profile.rb +7 -3
- data/lib/chef/provider/package.rb +2 -2
- data/lib/chef/provider/package/cab.rb +3 -4
- data/lib/chef/provider/package/chocolatey.rb +1 -3
- data/lib/chef/provider/package/dnf.rb +66 -10
- data/lib/chef/provider/package/dnf/dnf_helper.py +84 -30
- data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
- data/lib/chef/provider/package/dnf/version.rb +5 -1
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -3
- data/lib/chef/provider/package/homebrew.rb +106 -42
- data/lib/chef/provider/package/msu.rb +3 -1
- data/lib/chef/provider/package/pacman.rb +25 -34
- data/lib/chef/provider/package/powershell.rb +2 -6
- data/lib/chef/provider/package/rubygems.rb +29 -2
- data/lib/chef/provider/package/snap.rb +27 -96
- data/lib/chef/provider/package/windows.rb +3 -2
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/yum.rb +0 -8
- data/lib/chef/provider/package/yum/yum_helper.py +0 -4
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +4 -10
- data/lib/chef/provider/registry_key.rb +4 -4
- data/lib/chef/provider/remote_directory.rb +3 -3
- data/lib/chef/provider/remote_file/ftp.rb +3 -2
- data/lib/chef/provider/remote_file/local_file.rb +2 -1
- data/lib/chef/provider/remote_file/sftp.rb +3 -2
- data/lib/chef/provider/route.rb +5 -3
- data/lib/chef/provider/ruby_block.rb +1 -1
- data/lib/chef/provider/script.rb +2 -2
- data/lib/chef/provider/service.rb +8 -8
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/arch.rb +2 -2
- data/lib/chef/provider/service/debian.rb +31 -29
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +7 -12
- data/lib/chef/provider/service/openbsd.rb +1 -1
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/simple.rb +3 -3
- data/lib/chef/provider/service/systemd.rb +12 -12
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +5 -11
- data/lib/chef/provider/subversion.rb +25 -5
- data/lib/chef/provider/systemd_unit.rb +26 -25
- data/lib/chef/provider/user.rb +6 -6
- data/lib/chef/provider/user/dscl.rb +3 -3
- data/lib/chef/provider/user/mac.rb +10 -9
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
- data/lib/chef/provider/windows_env.rb +3 -3
- data/lib/chef/provider/windows_script.rb +2 -2
- data/lib/chef/provider/windows_task.rb +7 -9
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +11 -31
- data/lib/chef/providers.rb +0 -6
- data/lib/chef/recipe.rb +36 -0
- data/lib/chef/resource.rb +41 -56
- data/lib/chef/resource/action_class.rb +24 -22
- data/lib/chef/resource/alternatives.rb +149 -0
- data/lib/chef/resource/apt_package.rb +2 -1
- data/lib/chef/resource/apt_preference.rb +69 -2
- data/lib/chef/resource/apt_repository.rb +337 -5
- data/lib/chef/resource/apt_update.rb +52 -1
- data/lib/chef/resource/archive_file.rb +9 -29
- data/lib/chef/resource/bash.rb +2 -0
- data/lib/chef/resource/bff_package.rb +9 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +42 -48
- data/lib/chef/resource/cab_package.rb +8 -1
- data/lib/chef/resource/chef_client_cron.rb +225 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +198 -0
- data/lib/chef/resource/chef_client_systemd_timer.rb +177 -0
- data/lib/chef/resource/chef_gem.rb +9 -16
- data/lib/chef/resource/chef_handler.rb +2 -1
- data/lib/chef/resource/chef_sleep.rb +0 -1
- data/lib/chef/resource/chef_vault_secret.rb +135 -0
- data/lib/chef/resource/chocolatey_config.rb +3 -1
- data/lib/chef/resource/chocolatey_feature.rb +2 -1
- data/lib/chef/resource/chocolatey_package.rb +2 -1
- data/lib/chef/resource/chocolatey_source.rb +2 -1
- data/lib/chef/resource/cookbook_file.rb +1 -1
- data/lib/chef/resource/cron.rb +22 -68
- data/lib/chef/resource/cron_access.rb +8 -15
- data/lib/chef/resource/cron_d.rb +9 -75
- data/lib/chef/resource/csh.rb +2 -0
- data/lib/chef/resource/directory.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +4 -4
- data/lib/chef/resource/dnf_package.rb +2 -3
- data/lib/chef/resource/dpkg_package.rb +2 -1
- data/lib/chef/resource/dsc_resource.rb +6 -4
- data/lib/chef/resource/dsc_script.rb +3 -2
- data/lib/chef/resource/execute.rb +13 -12
- data/lib/chef/resource/file.rb +3 -1
- data/lib/chef/resource/freebsd_package.rb +2 -1
- data/lib/chef/resource/gem_package.rb +14 -6
- data/lib/chef/resource/group.rb +4 -1
- data/lib/chef/resource/helpers/cron_validations.rb +98 -0
- data/lib/chef/resource/homebrew_cask.rb +5 -4
- data/lib/chef/resource/homebrew_package.rb +4 -2
- data/lib/chef/resource/homebrew_tap.rb +2 -1
- data/lib/chef/resource/hostname.rb +41 -36
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +1 -1
- data/lib/chef/resource/ips_package.rb +10 -2
- data/lib/chef/resource/kernel_module.rb +29 -29
- data/lib/chef/resource/ksh.rb +2 -0
- data/lib/chef/resource/launchd.rb +6 -6
- data/lib/chef/resource/link.rb +1 -23
- data/lib/chef/resource/locale.rb +58 -24
- data/lib/chef/resource/log.rb +12 -1
- data/lib/chef/resource/lwrp_base.rb +1 -8
- data/lib/chef/resource/macos_userdefaults.rb +9 -6
- data/lib/chef/resource/macosx_service.rb +2 -1
- data/lib/chef/resource/macports_package.rb +10 -2
- data/lib/chef/resource/mdadm.rb +62 -2
- data/lib/chef/resource/mount.rb +3 -0
- data/lib/chef/resource/msu_package.rb +13 -1
- data/lib/chef/resource/notify_group.rb +8 -3
- data/lib/chef/resource/ohai.rb +19 -3
- data/lib/chef/resource/ohai_hint.rb +3 -12
- data/lib/chef/resource/openbsd_package.rb +9 -1
- data/lib/chef/resource/openssl_dhparam.rb +10 -1
- data/lib/chef/resource/openssl_ec_private_key.rb +23 -1
- data/lib/chef/resource/openssl_ec_public_key.rb +21 -1
- data/lib/chef/resource/openssl_rsa_private_key.rb +20 -1
- data/lib/chef/resource/openssl_rsa_public_key.rb +22 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +37 -1
- data/lib/chef/resource/openssl_x509_crl.rb +12 -1
- data/lib/chef/resource/openssl_x509_request.rb +37 -1
- data/lib/chef/resource/osx_profile.rb +3 -2
- data/lib/chef/resource/package.rb +2 -1
- data/lib/chef/resource/pacman_package.rb +2 -1
- data/lib/chef/resource/paludis_package.rb +12 -3
- data/lib/chef/resource/perl.rb +2 -0
- data/lib/chef/resource/plist.rb +207 -0
- data/lib/chef/resource/portage_package.rb +13 -3
- data/lib/chef/resource/powershell_package.rb +1 -3
- data/lib/chef/resource/powershell_package_source.rb +3 -1
- data/lib/chef/resource/powershell_script.rb +7 -17
- data/lib/chef/resource/python.rb +2 -0
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +1 -2
- data/lib/chef/resource/remote_directory.rb +2 -0
- data/lib/chef/resource/remote_file.rb +2 -0
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +2 -1
- data/lib/chef/resource/rhsm_repo.rb +3 -1
- data/lib/chef/resource/rhsm_subscription.rb +4 -1
- data/lib/chef/resource/route.rb +5 -1
- data/lib/chef/resource/rpm_package.rb +9 -2
- data/lib/chef/resource/ruby.rb +2 -0
- data/lib/chef/resource/ruby_block.rb +1 -1
- data/lib/chef/resource/scm/_scm.rb +48 -0
- data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
- data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +8 -5
- data/lib/chef/resource/script.rb +6 -3
- data/lib/chef/resource/service.rb +6 -7
- data/lib/chef/resource/smartos_package.rb +9 -1
- data/lib/chef/resource/snap_package.rb +3 -1
- data/lib/chef/resource/solaris_package.rb +9 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
- data/lib/chef/resource/sudo.rb +9 -9
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -2
- data/lib/chef/resource/support/ulimit.erb +41 -0
- data/lib/chef/resource/swap_file.rb +5 -3
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +4 -2
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +7 -18
- data/lib/chef/resource/user.rb +1 -3
- data/lib/chef/resource/user/aix_user.rb +0 -2
- data/lib/chef/resource/user/dscl_user.rb +1 -1
- data/lib/chef/resource/user/linux_user.rb +0 -2
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user/pw_user.rb +0 -2
- data/lib/chef/resource/user/solaris_user.rb +0 -2
- data/lib/chef/resource/user/windows_user.rb +0 -2
- data/lib/chef/resource/user_ulimit.rb +114 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
- data/lib/chef/resource/windows_ad_join.rb +19 -6
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +1 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +2 -3
- data/lib/chef/resource/windows_feature.rb +2 -2
- data/lib/chef/resource/windows_feature_dism.rb +9 -22
- data/lib/chef/resource/windows_feature_powershell.rb +17 -82
- data/lib/chef/resource/windows_firewall_rule.rb +119 -10
- data/lib/chef/resource/windows_font.rb +1 -3
- data/lib/chef/resource/windows_package.rb +13 -4
- data/lib/chef/resource/windows_pagefile.rb +0 -1
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +3 -4
- data/lib/chef/resource/windows_security_policy.rb +90 -0
- data/lib/chef/resource/windows_service.rb +45 -31
- data/lib/chef/resource/windows_share.rb +3 -7
- data/lib/chef/resource/windows_shortcut.rb +0 -1
- data/lib/chef/resource/windows_task.rb +14 -15
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +157 -0
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +3 -1
- data/lib/chef/resource/yum_repository.rb +2 -1
- data/lib/chef/resource/zypper_package.rb +3 -2
- data/lib/chef/resource/zypper_repository.rb +2 -1
- data/lib/chef/resource_builder.rb +8 -0
- data/lib/chef/resource_inspector.rb +6 -6
- data/lib/chef/resource_resolver.rb +7 -14
- data/lib/chef/resources.rb +11 -3
- data/lib/chef/role.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +29 -5
- data/lib/chef/shell.rb +23 -32
- data/lib/chef/shell/shell_session.rb +0 -2
- data/lib/chef/util/diff.rb +1 -1
- data/lib/chef/util/dsc/configuration_generator.rb +1 -1
- data/lib/chef/util/dsc/lcm_output_parser.rb +3 -3
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/version_string.rb +1 -1
- data/lib/chef/win32/api/file.rb +18 -18
- data/lib/chef/win32/api/security.rb +6 -0
- data/lib/chef/win32/file.rb +3 -11
- data/lib/chef/win32/process.rb +2 -2
- data/lib/chef/win32/security.rb +40 -2
- data/spec/functional/assets/inittest +8 -7
- data/spec/functional/knife/ssh_spec.rb +27 -23
- data/spec/functional/resource/aix_service_spec.rb +1 -0
- data/spec/functional/resource/aixinit_service_spec.rb +8 -7
- data/spec/functional/resource/apt_package_spec.rb +1 -0
- data/spec/functional/resource/bff_spec.rb +2 -2
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +11 -29
- data/spec/functional/resource/dnf_package_spec.rb +441 -156
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +184 -134
- data/spec/functional/resource/insserv_spec.rb +6 -5
- data/spec/functional/resource/link_spec.rb +17 -17
- data/spec/functional/resource/locale_spec.rb +13 -2
- data/spec/functional/resource/powershell_script_spec.rb +7 -68
- data/spec/functional/resource/rpm_spec.rb +2 -2
- data/spec/functional/resource/user/dscl_spec.rb +2 -2
- data/spec/functional/resource/user/mac_user_spec.rb +2 -2
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
- data/spec/functional/resource/windows_task_spec.rb +8 -8
- data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
- data/spec/functional/run_lock_spec.rb +1 -2
- data/spec/functional/shell_spec.rb +6 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +0 -6
- data/spec/functional/win32/security_spec.rb +22 -0
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +123 -2
- data/spec/integration/knife/cookbook_show_spec.rb +28 -26
- data/spec/integration/knife/data_bag_show_spec.rb +1 -1
- data/spec/integration/knife/raw_spec.rb +30 -2
- data/spec/integration/knife/show_spec.rb +32 -3
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -5
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/noop_resource_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +50 -21
- data/spec/integration/recipes/notifying_block_spec.rb +9 -6
- data/spec/integration/recipes/provider_choice.rb +2 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +46 -144
- data/spec/integration/recipes/resource_action_spec.rb +16 -11
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -3
- data/spec/integration/recipes/resource_load_spec.rb +133 -13
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +112 -0
- data/spec/integration/solo/solo_spec.rb +3 -3
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +11 -14
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
- data/spec/support/platform_helpers.rb +44 -19
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/recipe_dsl_helper.rb +83 -0
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +3 -3
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -18
- data/spec/support/shared/integration/knife_support.rb +14 -8
- data/spec/unit/application/apply_spec.rb +3 -0
- data/spec/unit/application/client_spec.rb +5 -1
- data/spec/unit/application_spec.rb +1 -9
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +4 -2
- data/spec/unit/client_spec.rb +7 -5
- data/spec/unit/cookbook/gem_installer_spec.rb +3 -4
- data/spec/unit/cookbook/metadata_spec.rb +38 -19
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/data_collector_spec.rb +38 -17
- data/spec/unit/dsl/platform_introspection_spec.rb +0 -1
- data/spec/unit/environment_spec.rb +7 -7
- data/spec/unit/event_dispatch/dispatcher_spec.rb +0 -3
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
- data/spec/unit/knife/bootstrap_spec.rb +36 -54
- data/spec/unit/knife/cookbook_download_spec.rb +4 -4
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +1 -0
- data/spec/unit/knife/cookbook_upload_spec.rb +6 -5
- data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/ui_spec.rb +16 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +8 -68
- data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
- data/spec/unit/knife/role_env_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_env_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/ssh_spec.rb +10 -113
- data/spec/unit/knife/status_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +3 -5
- data/spec/unit/knife_spec.rb +18 -0
- data/spec/unit/lwrp_spec.rb +4 -4
- data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
- data/spec/unit/mixin/securable_spec.rb +1 -0
- data/spec/unit/mixin/user_context_spec.rb +9 -1
- data/spec/unit/node/attribute_spec.rb +2 -2
- data/spec/unit/node_spec.rb +24 -0
- data/spec/unit/platform/query_helpers_spec.rb +0 -143
- data/spec/unit/property/state_spec.rb +12 -7
- data/spec/unit/property/validation_spec.rb +25 -1
- data/spec/unit/property_spec.rb +18 -15
- data/spec/unit/provider/apt_preference_spec.rb +14 -10
- data/spec/unit/provider/apt_repository_spec.rb +9 -11
- data/spec/unit/provider/apt_update_spec.rb +12 -11
- data/spec/unit/provider/cookbook_file_spec.rb +4 -4
- data/spec/unit/provider/cron_spec.rb +2 -2
- data/spec/unit/provider/directory_spec.rb +4 -15
- data/spec/unit/provider/file_spec.rb +4 -4
- data/spec/unit/provider/git_spec.rb +44 -4
- data/spec/unit/provider/link_spec.rb +0 -1
- data/spec/unit/provider/log_spec.rb +3 -3
- data/spec/unit/provider/mdadm_spec.rb +3 -3
- data/spec/unit/provider/osx_profile_spec.rb +2 -2
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +2 -2
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
- data/spec/unit/provider/package/homebrew_spec.rb +280 -174
- data/spec/unit/provider/package/msu_spec.rb +3 -3
- data/spec/unit/provider/package/pacman_spec.rb +65 -147
- data/spec/unit/provider/package/powershell_spec.rb +88 -96
- data/spec/unit/provider/package/rubygems_spec.rb +221 -31
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
- data/spec/unit/provider/package/windows_spec.rb +53 -30
- data/spec/unit/provider/powershell_script_spec.rb +21 -61
- data/spec/unit/provider/remote_file_spec.rb +3 -4
- data/spec/unit/provider/service/arch_service_spec.rb +2 -3
- data/spec/unit/provider/service/debian_service_spec.rb +35 -14
- data/spec/unit/provider/service/gentoo_service_spec.rb +8 -8
- data/spec/unit/provider/service/macosx_spec.rb +210 -214
- data/spec/unit/provider/service/redhat_spec.rb +2 -2
- data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +6 -2
- data/spec/unit/provider/subversion_spec.rb +4 -2
- data/spec/unit/provider/systemd_unit_spec.rb +24 -28
- data/spec/unit/provider/template_spec.rb +3 -4
- data/spec/unit/provider/zypper_repository_spec.rb +25 -75
- data/spec/unit/provider_resolver_spec.rb +11 -11
- data/spec/unit/provider_spec.rb +0 -1
- data/spec/unit/recipe_spec.rb +68 -0
- data/spec/unit/resource/alternatives_spec.rb +120 -0
- data/spec/unit/resource/apt_preference_spec.rb +0 -18
- data/spec/unit/resource/apt_repository_spec.rb +0 -18
- data/spec/unit/resource/apt_update_spec.rb +0 -18
- data/spec/unit/resource/archive_file_spec.rb +2 -11
- data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
- data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
- data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
- data/spec/unit/resource/cron_d_spec.rb +6 -48
- data/spec/unit/resource/cron_spec.rb +4 -10
- data/spec/unit/resource/gem_package_spec.rb +3 -3
- data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
- data/spec/unit/resource/link_spec.rb +0 -4
- data/spec/unit/resource/locale_spec.rb +0 -34
- data/spec/unit/resource/ohai_spec.rb +56 -2
- data/spec/unit/resource/plist_spec.rb +130 -0
- data/spec/unit/resource/powershell_script_spec.rb +0 -5
- data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
- data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
- data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
- data/spec/unit/resource/service_spec.rb +4 -0
- data/spec/unit/resource/user_spec.rb +2 -2
- data/spec/unit/resource/user_ulimit_spec.rb +53 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
- data/spec/unit/resource/windows_feature_powershell_spec.rb +6 -47
- data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
- data/spec/unit/resource/windows_package_spec.rb +4 -1
- data/spec/unit/resource/windows_service_spec.rb +9 -0
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +2 -2
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_reporter_spec.rb +1 -5
- data/spec/unit/resource_spec.rb +11 -4
- data/spec/unit/role_spec.rb +11 -11
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_context_spec.rb +1 -1
- data/spec/unit/search/query_spec.rb +1 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +0 -9
- data/spec/unit/win32/security_spec.rb +3 -4
- data/tasks/rspec.rb +1 -1
- metadata +116 -87
- data/lib/chef/dsl/core.rb +0 -52
- data/lib/chef/knife/cookbook_site_share.rb +0 -41
- data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
- data/lib/chef/provider/apt_preference.rb +0 -93
- data/lib/chef/provider/apt_repository.rb +0 -358
- data/lib/chef/provider/apt_update.rb +0 -79
- data/lib/chef/provider/log.rb +0 -43
- data/lib/chef/provider/mdadm.rb +0 -85
- data/lib/chef/provider/ohai.rb +0 -45
- data/lib/chef/resource/git.rb +0 -37
- data/spec/functional/resource/windows_font_spec.rb +0 -49
- data/spec/unit/provider/ohai_spec.rb +0 -84
@@ -0,0 +1,83 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclBulkRemove < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl bulk remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
member_type, member_name, object_type, regex, perms = name_args
|
34
|
+
object_name_matcher = /#{regex}/
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if member_name == "pivotal" && %w{client user}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
|
44
|
+
exit 1
|
45
|
+
end
|
46
|
+
if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
|
47
|
+
ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
|
48
|
+
ui.fatal " Removal could prevent future attempts to modify permissions."
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
validate_perm_type!(perms)
|
52
|
+
validate_member_type!(member_type)
|
53
|
+
validate_member_name!(member_name)
|
54
|
+
validate_object_type!(object_type)
|
55
|
+
validate_member_exists!(member_type, member_name)
|
56
|
+
|
57
|
+
if %w{containers groups}.include?(object_type)
|
58
|
+
ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
|
59
|
+
exit 1
|
60
|
+
end
|
61
|
+
|
62
|
+
objects_to_modify = []
|
63
|
+
all_objects = rest.get_rest(object_type)
|
64
|
+
objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
|
65
|
+
|
66
|
+
if objects_to_modify.empty?
|
67
|
+
ui.info "No #{object_type} match the expression /#{regex}/"
|
68
|
+
exit 0
|
69
|
+
end
|
70
|
+
|
71
|
+
ui.msg("The ACL of the following #{object_type} will be modified:")
|
72
|
+
ui.msg("")
|
73
|
+
ui.msg(ui.list(objects_to_modify.sort, :columns_down))
|
74
|
+
ui.msg("")
|
75
|
+
ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
|
76
|
+
|
77
|
+
objects_to_modify.each do |object_name|
|
78
|
+
remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../knife"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class AclRemove < Chef::Knife
|
25
|
+
category "acl"
|
26
|
+
banner "knife acl remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
|
27
|
+
|
28
|
+
deps do
|
29
|
+
require_relative "acl_base"
|
30
|
+
include Chef::Knife::AclBase
|
31
|
+
end
|
32
|
+
|
33
|
+
def run
|
34
|
+
member_type, member_name, object_type, object_name, perms = name_args
|
35
|
+
|
36
|
+
if name_args.length != 5
|
37
|
+
show_usage
|
38
|
+
ui.fatal "You must specify the member type [client|group|user], member name, object type, object name and perms"
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if member_name == "pivotal" && %w{client user}.include?(member_type)
|
43
|
+
ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
|
44
|
+
exit 1
|
45
|
+
end
|
46
|
+
if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
|
47
|
+
ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
|
48
|
+
ui.fatal " Removal could prevent future attempts to modify permissions."
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
validate_perm_type!(perms)
|
52
|
+
validate_member_type!(member_type)
|
53
|
+
validate_member_name!(member_name)
|
54
|
+
validate_object_name!(object_name)
|
55
|
+
validate_object_type!(object_type)
|
56
|
+
validate_member_exists!(member_type, member_name)
|
57
|
+
|
58
|
+
remove_from_acl!(member_type, member_name, object_type, object_name, perms)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../knife"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class AclShow < Chef::Knife
|
24
|
+
category "acl"
|
25
|
+
banner "knife acl show OBJECT_TYPE OBJECT_NAME"
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require_relative "acl_base"
|
29
|
+
include Chef::Knife::AclBase
|
30
|
+
end
|
31
|
+
|
32
|
+
def run
|
33
|
+
object_type, object_name = name_args
|
34
|
+
|
35
|
+
if name_args.length != 2
|
36
|
+
show_usage
|
37
|
+
ui.fatal "You must specify an object type and object name"
|
38
|
+
exit 1
|
39
|
+
end
|
40
|
+
|
41
|
+
validate_object_type!(object_type)
|
42
|
+
validate_object_name!(object_name)
|
43
|
+
acl = get_acl(object_type, object_name)
|
44
|
+
PERM_TYPES.each do |perm|
|
45
|
+
# Filter out the actors field if we have
|
46
|
+
# users and clients. Note that if one is present,
|
47
|
+
# both will be - but we're checking both for completeness.
|
48
|
+
if acl[perm].key?("users") && acl[perm].key?("clients")
|
49
|
+
acl[perm].delete "actors"
|
50
|
+
end
|
51
|
+
end
|
52
|
+
ui.output acl
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
data/lib/chef/knife/bootstrap.rb
CHANGED
@@ -86,7 +86,6 @@ class Chef
|
|
86
86
|
short: "-w AUTH-METHOD",
|
87
87
|
long: "--winrm-auth-method AUTH-METHOD",
|
88
88
|
description: "The WinRM authentication method to use.",
|
89
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:winrm_auth_method] = protocol },
|
90
89
|
in: WINRM_AUTH_PROTOCOL_LIST
|
91
90
|
|
92
91
|
option :winrm_basic_auth_only,
|
@@ -94,37 +93,32 @@ class Chef
|
|
94
93
|
description: "For WinRM basic authentication when using the 'ssl' auth method.",
|
95
94
|
boolean: true
|
96
95
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
# :proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
96
|
+
# This option was provided in knife bootstrap windows winrm,
|
97
|
+
# but it is ignored in knife-windows/WinrmSession, and so remains unimplemeneted here.
|
98
|
+
# option :kerberos_keytab_file,
|
99
|
+
# :short => "-T KEYTAB_FILE",
|
100
|
+
# :long => "--keytab-file KEYTAB_FILE",
|
101
|
+
# :description => "The Kerberos keytab file used for authentication"
|
104
102
|
|
105
103
|
option :kerberos_realm,
|
106
104
|
short: "-R KERBEROS_REALM",
|
107
105
|
long: "--kerberos-realm KERBEROS_REALM",
|
108
|
-
description: "The Kerberos realm used for authentication."
|
109
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:kerberos_realm] = protocol }
|
106
|
+
description: "The Kerberos realm used for authentication."
|
110
107
|
|
111
108
|
option :kerberos_service,
|
112
109
|
short: "-S KERBEROS_SERVICE",
|
113
110
|
long: "--kerberos-service KERBEROS_SERVICE",
|
114
|
-
description: "The Kerberos service used for authentication."
|
115
|
-
proc: Proc.new { |protocol| Chef::Config[:knife][:kerberos_service] = protocol }
|
111
|
+
description: "The Kerberos service used for authentication."
|
116
112
|
|
117
113
|
## SSH Authentication
|
118
114
|
option :ssh_gateway,
|
119
115
|
short: "-G GATEWAY",
|
120
116
|
long: "--ssh-gateway GATEWAY",
|
121
|
-
description: "The SSH gateway."
|
122
|
-
proc: Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key }
|
117
|
+
description: "The SSH gateway."
|
123
118
|
|
124
119
|
option :ssh_gateway_identity,
|
125
120
|
long: "--ssh-gateway-identity SSH_GATEWAY_IDENTITY",
|
126
|
-
description: "The SSH identity file used for gateway authentication."
|
127
|
-
proc: Proc.new { |key| Chef::Config[:knife][:ssh_gateway_identity] = key }
|
121
|
+
description: "The SSH identity file used for gateway authentication."
|
128
122
|
|
129
123
|
option :ssh_forward_agent,
|
130
124
|
short: "-A",
|
@@ -140,7 +134,8 @@ class Chef
|
|
140
134
|
option :ssh_verify_host_key,
|
141
135
|
long: "--ssh-verify-host-key VALUE",
|
142
136
|
description: "Verify host key. Default is 'always'.",
|
143
|
-
in: %w{always accept_new accept_new_or_local_tunnel never}
|
137
|
+
in: %w{always accept_new accept_new_or_local_tunnel never},
|
138
|
+
default: "always"
|
144
139
|
|
145
140
|
#
|
146
141
|
# bootstrap options
|
@@ -160,8 +155,7 @@ class Chef
|
|
160
155
|
# client.rb content via chef-full/bootstrap_context
|
161
156
|
option :bootstrap_proxy,
|
162
157
|
long: "--bootstrap-proxy PROXY_URL",
|
163
|
-
description: "The proxy server for the node being bootstrapped."
|
164
|
-
proc: Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
|
158
|
+
description: "The proxy server for the node being bootstrapped."
|
165
159
|
|
166
160
|
# client.rb content via bootstrap_context
|
167
161
|
option :bootstrap_proxy_user,
|
@@ -176,8 +170,7 @@ class Chef
|
|
176
170
|
# client.rb content via bootstrap_context
|
177
171
|
option :bootstrap_no_proxy,
|
178
172
|
long: "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
|
179
|
-
description: "Do not proxy locations for the node being bootstrapped"
|
180
|
-
proc: Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
|
173
|
+
description: "Do not proxy locations for the node being bootstrapped"
|
181
174
|
|
182
175
|
# client.rb content via bootstrap_context
|
183
176
|
option :bootstrap_template,
|
@@ -270,21 +263,16 @@ class Chef
|
|
270
263
|
proc: lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
|
271
264
|
default: nil
|
272
265
|
|
273
|
-
# Note that several of the below options are used by bootstrap template,
|
274
|
-
# but only from the passed-in knife config; it does not use the
|
275
|
-
# config from the CLI for those values. We cannot always used the merged
|
276
|
-
# config, because in some cases the knife keys thIn those cases, the option
|
277
|
-
# will have a proc that assigns the value into Chef::Config[:knife]
|
278
|
-
|
279
266
|
# bootstrap template
|
280
267
|
# Create ohai hints in /etc/chef/ohai/hints, fname=hintname, content=value
|
281
|
-
option :
|
268
|
+
option :hints,
|
282
269
|
long: "--hint HINT_NAME[=HINT_FILE]",
|
283
270
|
description: "Specify an Ohai hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
|
284
|
-
proc: Proc.new { |
|
285
|
-
|
286
|
-
name, path =
|
287
|
-
|
271
|
+
proc: Proc.new { |hint, accumulator|
|
272
|
+
accumulator ||= {}
|
273
|
+
name, path = hint.split("=", 2)
|
274
|
+
accumulator[name] = path ? Chef::JSONCompat.parse(::File.read(path)) : {}
|
275
|
+
accumulator
|
288
276
|
}
|
289
277
|
|
290
278
|
# bootstrap override: url of a an installer shell script touse in place of omnitruck
|
@@ -292,8 +280,7 @@ class Chef
|
|
292
280
|
# the provided options to knife bootstrap, so we set the Chef::Config option here.
|
293
281
|
option :bootstrap_url,
|
294
282
|
long: "--bootstrap-url URL",
|
295
|
-
description: "URL to a custom installation script."
|
296
|
-
proc: Proc.new { |u| Chef::Config[:knife][:bootstrap_url] = u }
|
283
|
+
description: "URL to a custom installation script."
|
297
284
|
|
298
285
|
option :bootstrap_product,
|
299
286
|
long: "--bootstrap-product PRODUCT",
|
@@ -309,26 +296,22 @@ class Chef
|
|
309
296
|
# bootstrap override: Do this instead of our own setup.sh from omnitruck. Causes bootstrap_url to be ignored.
|
310
297
|
option :bootstrap_install_command,
|
311
298
|
long: "--bootstrap-install-command COMMANDS",
|
312
|
-
description: "Custom command to install #{Chef::Dist::PRODUCT}."
|
313
|
-
proc: Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
|
299
|
+
description: "Custom command to install #{Chef::Dist::PRODUCT}."
|
314
300
|
|
315
301
|
# bootstrap template: Run this command first in the bootstrap script
|
316
302
|
option :bootstrap_preinstall_command,
|
317
303
|
long: "--bootstrap-preinstall-command COMMANDS",
|
318
|
-
description: "Custom commands to run before installing #{Chef::Dist::PRODUCT}."
|
319
|
-
proc: Proc.new { |preic| Chef::Config[:knife][:bootstrap_preinstall_command] = preic }
|
304
|
+
description: "Custom commands to run before installing #{Chef::Dist::PRODUCT}."
|
320
305
|
|
321
306
|
# bootstrap template
|
322
307
|
option :bootstrap_wget_options,
|
323
308
|
long: "--bootstrap-wget-options OPTIONS",
|
324
|
-
description: "Add options to wget when installing #{Chef::Dist::PRODUCT}."
|
325
|
-
proc: Proc.new { |wo| Chef::Config[:knife][:bootstrap_wget_options] = wo }
|
309
|
+
description: "Add options to wget when installing #{Chef::Dist::PRODUCT}."
|
326
310
|
|
327
311
|
# bootstrap template
|
328
312
|
option :bootstrap_curl_options,
|
329
313
|
long: "--bootstrap-curl-options OPTIONS",
|
330
|
-
description: "Add options to curl when install #{Chef::Dist::PRODUCT}."
|
331
|
-
proc: Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co }
|
314
|
+
description: "Add options to curl when install #{Chef::Dist::PRODUCT}."
|
332
315
|
|
333
316
|
# chef_vault_handler
|
334
317
|
option :bootstrap_vault_file,
|
@@ -344,12 +327,12 @@ class Chef
|
|
344
327
|
option :bootstrap_vault_item,
|
345
328
|
long: "--bootstrap-vault-item VAULT_ITEM",
|
346
329
|
description: 'A single vault and item to update as "vault:item".',
|
347
|
-
proc: Proc.new { |i|
|
330
|
+
proc: Proc.new { |i, accumulator|
|
348
331
|
(vault, item) = i.split(/:/)
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
332
|
+
accumulator ||= {}
|
333
|
+
accumulator[vault] ||= []
|
334
|
+
accumulator[vault].push(item)
|
335
|
+
accumulator
|
353
336
|
}
|
354
337
|
|
355
338
|
# Deprecated options. These must be declared after
|
@@ -434,14 +417,14 @@ class Chef
|
|
434
417
|
def client_builder
|
435
418
|
@client_builder ||= Chef::Knife::Bootstrap::ClientBuilder.new(
|
436
419
|
chef_config: Chef::Config,
|
437
|
-
|
420
|
+
config: config,
|
438
421
|
ui: ui
|
439
422
|
)
|
440
423
|
end
|
441
424
|
|
442
425
|
def chef_vault_handler
|
443
426
|
@chef_vault_handler ||= Chef::Knife::Bootstrap::ChefVaultHandler.new(
|
444
|
-
|
427
|
+
config: config,
|
445
428
|
ui: ui
|
446
429
|
)
|
447
430
|
end
|
@@ -466,7 +449,7 @@ class Chef
|
|
466
449
|
# @return [String] Default bootstrap template
|
467
450
|
def default_bootstrap_template
|
468
451
|
if connection.windows?
|
469
|
-
"windows
|
452
|
+
"windows-chef-client-msi"
|
470
453
|
else
|
471
454
|
"chef-full"
|
472
455
|
end
|
@@ -497,7 +480,7 @@ class Chef
|
|
497
480
|
template = bootstrap_template
|
498
481
|
|
499
482
|
# Use the template directly if it's a path to an actual file
|
500
|
-
if File.
|
483
|
+
if File.exists?(template)
|
501
484
|
Chef::Log.trace("Using the specified bootstrap template: #{File.dirname(template)}")
|
502
485
|
return template
|
503
486
|
end
|
@@ -512,7 +495,7 @@ class Chef
|
|
512
495
|
|
513
496
|
template_file = Array(bootstrap_files).find do |bootstrap_template|
|
514
497
|
Chef::Log.trace("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
|
515
|
-
File.
|
498
|
+
File.exists?(bootstrap_template)
|
516
499
|
end
|
517
500
|
|
518
501
|
unless template_file
|
@@ -555,7 +538,7 @@ class Chef
|
|
555
538
|
end
|
556
539
|
|
557
540
|
def run
|
558
|
-
check_license
|
541
|
+
check_license
|
559
542
|
|
560
543
|
plugin_setup!
|
561
544
|
validate_name_args!
|
@@ -597,8 +580,11 @@ class Chef
|
|
597
580
|
|
598
581
|
bootstrap_context.client_pem = client_builder.client_path
|
599
582
|
else
|
600
|
-
ui.
|
601
|
-
|
583
|
+
ui.info <<~EOM
|
584
|
+
Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
|
585
|
+
Delete your validation key in order to use your user credentials for client registration instead.
|
586
|
+
EOM
|
587
|
+
|
602
588
|
end
|
603
589
|
end
|
604
590
|
|
@@ -616,7 +602,7 @@ class Chef
|
|
616
602
|
end
|
617
603
|
|
618
604
|
def connect!
|
619
|
-
ui.info("Connecting to #{ui.color(server_name, :bold)}
|
605
|
+
ui.info("Connecting to #{ui.color(server_name, :bold)}")
|
620
606
|
opts ||= connection_opts.dup
|
621
607
|
do_connect(opts)
|
622
608
|
rescue Train::Error => e
|
@@ -683,9 +669,8 @@ class Chef
|
|
683
669
|
return @connection_protocol if @connection_protocol
|
684
670
|
|
685
671
|
from_url = host_descriptor =~ %r{^(.*)://} ? $1 : nil
|
686
|
-
|
687
|
-
|
688
|
-
@connection_protocol = from_url || from_cli || from_knife || "ssh"
|
672
|
+
from_knife = config[:connection_protocol]
|
673
|
+
@connection_protocol = from_url || from_knife || "ssh"
|
689
674
|
end
|
690
675
|
|
691
676
|
def do_connect(conn_options)
|
@@ -721,6 +706,10 @@ class Chef
|
|
721
706
|
true
|
722
707
|
end
|
723
708
|
|
709
|
+
def winrm_auth_method
|
710
|
+
config_value(:winrm_auth_method, :winrm_authentication_protocol, "negotiate")
|
711
|
+
end
|
712
|
+
|
724
713
|
# Fail if using plaintext auth without ssl because
|
725
714
|
# this can expose keys in plaintext on the wire.
|
726
715
|
# TODO test for this method
|
@@ -729,8 +718,8 @@ class Chef
|
|
729
718
|
return true unless winrm?
|
730
719
|
|
731
720
|
if Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key]))
|
732
|
-
if
|
733
|
-
|
721
|
+
if winrm_auth_method == "plaintext" &&
|
722
|
+
config[:winrm_ssl] != true
|
734
723
|
ui.error <<~EOM
|
735
724
|
Validatorless bootstrap over unsecure winrm channels could expose your
|
736
725
|
key to network sniffing.
|
@@ -854,9 +843,9 @@ class Chef
|
|
854
843
|
# Reference:
|
855
844
|
# https://github.com/chef/knife-windows/blob/92d151298142be4a4750c5b54bb264f8d5b81b8a/lib/chef/knife/winrm_knife_base.rb#L271-L273
|
856
845
|
# TODO Seems like we should also do a similar warning if ssh_verify_host == false
|
857
|
-
if
|
858
|
-
|
859
|
-
|
846
|
+
if config[:ca_trust_file].nil? &&
|
847
|
+
config[:winrm_no_verify_cert] &&
|
848
|
+
config[:winrm_ssl_peer_fingerprint].nil?
|
860
849
|
ui.warn <<~WARN
|
861
850
|
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
862
851
|
SSL validation of HTTPS requests for the WinRM transport is disabled.
|
@@ -902,16 +891,13 @@ class Chef
|
|
902
891
|
|
903
892
|
# Common configuration for all protocols
|
904
893
|
def base_opts
|
905
|
-
port =
|
906
|
-
|
907
|
-
user = config_value(:connection_user,
|
908
|
-
knife_key_for_protocol(connection_protocol, :user))
|
894
|
+
port = config_for_protocol(:port)
|
895
|
+
user = config_for_protocol(:user)
|
909
896
|
{}.tap do |opts|
|
910
897
|
opts[:logger] = Chef::Log
|
911
|
-
# We do not store password in Chef::Config, so only use CLI `config` here
|
912
898
|
opts[:password] = config[:connection_password] if config.key?(:connection_password)
|
913
899
|
opts[:user] = user if user
|
914
|
-
opts[:max_wait_until_ready] =
|
900
|
+
opts[:max_wait_until_ready] = config[:max_wait].to_f unless config[:max_wait].nil?
|
915
901
|
# TODO - when would we need to provide rdp_port vs port? Or are they not mutually exclusive?
|
916
902
|
opts[:port] = port if port
|
917
903
|
end
|
@@ -919,7 +905,7 @@ class Chef
|
|
919
905
|
|
920
906
|
def host_verify_opts
|
921
907
|
if winrm?
|
922
|
-
{ self_signed:
|
908
|
+
{ self_signed: config[:winrm_no_verify_cert] === true }
|
923
909
|
elsif ssh?
|
924
910
|
# Fall back to the old knife config key name for back compat.
|
925
911
|
{ verify_host_key: config_value(:ssh_verify_host_key, :host_key_verify, "always") }
|
@@ -933,7 +919,7 @@ class Chef
|
|
933
919
|
return opts if winrm?
|
934
920
|
|
935
921
|
opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
|
936
|
-
opts[:forward_agent] = (
|
922
|
+
opts[:forward_agent] = (config[:ssh_forward_agent] === true)
|
937
923
|
opts[:connection_timeout] = session_timeout
|
938
924
|
opts
|
939
925
|
end
|
@@ -942,7 +928,7 @@ class Chef
|
|
942
928
|
opts = {}
|
943
929
|
return opts if winrm?
|
944
930
|
|
945
|
-
identity_file =
|
931
|
+
identity_file = config[:ssh_identity_file]
|
946
932
|
if identity_file
|
947
933
|
opts[:key_files] = [identity_file]
|
948
934
|
# We only set keys_only based on the explicit ssh_identity_file;
|
@@ -962,7 +948,7 @@ class Chef
|
|
962
948
|
opts[:keys_only] = false
|
963
949
|
end
|
964
950
|
|
965
|
-
gateway_identity_file =
|
951
|
+
gateway_identity_file = config[:ssh_gateway] ? config[:ssh_gateway_identity] : nil
|
966
952
|
unless gateway_identity_file.nil?
|
967
953
|
opts[:key_files] << gateway_identity_file
|
968
954
|
end
|
@@ -972,8 +958,8 @@ class Chef
|
|
972
958
|
|
973
959
|
def gateway_opts
|
974
960
|
opts = {}
|
975
|
-
if
|
976
|
-
split =
|
961
|
+
if config[:ssh_gateway]
|
962
|
+
split = config[:ssh_gateway].split("@", 2)
|
977
963
|
if split.length == 1
|
978
964
|
gw_host = split[0]
|
979
965
|
else
|
@@ -1019,21 +1005,20 @@ class Chef
|
|
1019
1005
|
def winrm_opts
|
1020
1006
|
return {} unless winrm?
|
1021
1007
|
|
1022
|
-
auth_method = config_value(:winrm_auth_method, :winrm_auth_method, "negotiate")
|
1023
1008
|
opts = {
|
1024
|
-
winrm_transport:
|
1025
|
-
winrm_basic_auth_only:
|
1026
|
-
ssl:
|
1027
|
-
ssl_peer_fingerprint:
|
1009
|
+
winrm_transport: winrm_auth_method, # winrm gem and train calls auth method 'transport'
|
1010
|
+
winrm_basic_auth_only: config[:winrm_basic_auth_only] || false,
|
1011
|
+
ssl: config[:winrm_ssl] === true,
|
1012
|
+
ssl_peer_fingerprint: config[:winrm_ssl_peer_fingerprint],
|
1028
1013
|
}
|
1029
1014
|
|
1030
|
-
if
|
1031
|
-
opts[:kerberos_service] =
|
1032
|
-
opts[:kerberos_realm] =
|
1015
|
+
if winrm_auth_method == "kerberos"
|
1016
|
+
opts[:kerberos_service] = config[:kerberos_service] if config[:kerberos_service]
|
1017
|
+
opts[:kerberos_realm] = config[:kerberos_realm] if config[:kerberos_service]
|
1033
1018
|
end
|
1034
1019
|
|
1035
|
-
if
|
1036
|
-
opts[:ca_trust_path] =
|
1020
|
+
if config[:ca_trust_file]
|
1021
|
+
opts[:ca_trust_path] = config[:ca_trust_file]
|
1037
1022
|
end
|
1038
1023
|
|
1039
1024
|
opts[:operation_timeout] = session_timeout
|
@@ -1058,17 +1043,18 @@ class Chef
|
|
1058
1043
|
}
|
1059
1044
|
end
|
1060
1045
|
|
1061
|
-
#
|
1062
|
-
#
|
1063
|
-
#
|
1046
|
+
# This is for deprecating config options. The fallback_key can be used
|
1047
|
+
# to pull an old knife config option out of the config file when the
|
1048
|
+
# cli value has been renamed. This is different from the deprecated
|
1049
|
+
# cli values, since these are for config options that have no corresponding
|
1050
|
+
# cli value.
|
1064
1051
|
#
|
1065
|
-
#
|
1066
|
-
# config_value(:whatver) should be converted to config[:whatever]. That never had
|
1067
|
-
# any purpose and never should have been used this way.
|
1052
|
+
# DO NOT USE - this whole API is considered deprecated
|
1068
1053
|
#
|
1069
1054
|
# @api deprecated
|
1070
1055
|
#
|
1071
1056
|
def config_value(key, fallback_key = nil, default = nil)
|
1057
|
+
Chef.deprecated(:knife_bootstrap_apis, "Use of config_value without a fallback_key is deprecated. Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.") if fallback_key.nil?
|
1072
1058
|
if config.key?(key)
|
1073
1059
|
# the first key is the primary key so we check the merged hash first
|
1074
1060
|
config[key]
|
@@ -1097,6 +1083,8 @@ class Chef
|
|
1097
1083
|
end
|
1098
1084
|
end
|
1099
1085
|
|
1086
|
+
private
|
1087
|
+
|
1100
1088
|
# To avoid cluttering the CLI options, some flags (such as port and user)
|
1101
1089
|
# are shared between protocols. However, there is still a need to allow the operator
|
1102
1090
|
# to specify defaults separately, since they may not be the same values for different
|
@@ -1105,12 +1093,20 @@ class Chef
|
|
1105
1093
|
# These keys are available in Chef::Config, and are prefixed with the protocol name.
|
1106
1094
|
# For example, :user CLI option will map to :winrm_user and :ssh_user Chef::Config keys,
|
1107
1095
|
# based on the connection protocol in use.
|
1108
|
-
|
1109
|
-
|
1110
|
-
|
1096
|
+
|
1097
|
+
# @api private
|
1098
|
+
def config_for_protocol(option)
|
1099
|
+
if option == :port
|
1100
|
+
config[:connection_port] || config[knife_key_for_protocol(option)]
|
1101
|
+
else
|
1102
|
+
config[:connection_user] || config[knife_key_for_protocol(option)]
|
1103
|
+
end
|
1111
1104
|
end
|
1112
1105
|
|
1113
|
-
private
|
1106
|
+
# @api private
|
1107
|
+
def knife_key_for_protocol(option)
|
1108
|
+
"#{connection_protocol}_#{option}".to_sym
|
1109
|
+
end
|
1114
1110
|
|
1115
1111
|
# True if policy_name and run_list are both given
|
1116
1112
|
def policyfile_and_run_list_given?
|
@@ -1133,7 +1129,7 @@ class Chef
|
|
1133
1129
|
# session_timeout option has a default that may not arrive, particularly if
|
1134
1130
|
# we're being invoked from a plugin that doesn't merge_config.
|
1135
1131
|
def session_timeout
|
1136
|
-
timeout =
|
1132
|
+
timeout = config[:session_timeout]
|
1137
1133
|
return options[:session_timeout][:default] if timeout.nil?
|
1138
1134
|
|
1139
1135
|
timeout.to_i
|