chef 15.17.4 → 16.0.257

Sign up to get free protection for your applications and to get access to all the features.
Files changed (569) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +14 -20
  3. data/README.md +6 -6
  4. data/Rakefile +18 -23
  5. data/chef-universal-mingw32.gemspec +4 -4
  6. data/chef.gemspec +10 -26
  7. data/lib/chef/action_collection.rb +16 -5
  8. data/lib/chef/api_client/registration.rb +2 -2
  9. data/lib/chef/application.rb +33 -54
  10. data/lib/chef/application/apply.rb +20 -3
  11. data/lib/chef/application/base.rb +8 -3
  12. data/lib/chef/application/exit_code.rb +2 -2
  13. data/lib/chef/application/knife.rb +1 -1
  14. data/lib/chef/chef_class.rb +4 -4
  15. data/lib/chef/chef_fs/chef_fs_data_store.rb +3 -3
  16. data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +1 -1
  17. data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +1 -1
  18. data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
  19. data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +1 -1
  20. data/lib/chef/chef_fs/file_system/repository/base_file.rb +0 -1
  21. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
  22. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  23. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +5 -5
  24. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  25. data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
  26. data/lib/chef/chef_fs/path_utils.rb +3 -3
  27. data/lib/chef/client.rb +16 -14
  28. data/lib/chef/config.rb +1 -1
  29. data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
  30. data/lib/chef/cookbook/gem_installer.rb +1 -1
  31. data/lib/chef/cookbook/metadata.rb +45 -22
  32. data/lib/chef/cookbook_version.rb +40 -5
  33. data/lib/chef/data_bag.rb +2 -2
  34. data/lib/chef/data_collector/error_handlers.rb +1 -1
  35. data/lib/chef/data_collector/run_end_message.rb +7 -1
  36. data/lib/chef/deprecated.rb +1 -9
  37. data/lib/chef/dist.rb +8 -0
  38. data/lib/chef/dsl/chef_vault.rb +84 -0
  39. data/lib/chef/dsl/declare_resource.rb +7 -5
  40. data/lib/chef/dsl/platform_introspection.rb +2 -3
  41. data/lib/chef/dsl/recipe.rb +7 -12
  42. data/lib/chef/dsl/universal.rb +3 -7
  43. data/lib/chef/environment.rb +2 -2
  44. data/lib/chef/event_dispatch/base.rb +3 -0
  45. data/lib/chef/exceptions.rb +0 -3
  46. data/lib/chef/formatters/doc.rb +1 -1
  47. data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -2
  48. data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +7 -7
  49. data/lib/chef/formatters/indentable_output_stream.rb +7 -16
  50. data/lib/chef/http.rb +1 -2
  51. data/lib/chef/http/http_request.rb +3 -2
  52. data/lib/chef/knife.rb +1 -3
  53. data/lib/chef/knife/acl_add.rb +57 -0
  54. data/lib/chef/knife/acl_base.rb +183 -0
  55. data/lib/chef/knife/acl_bulk_add.rb +78 -0
  56. data/lib/chef/knife/acl_bulk_remove.rb +83 -0
  57. data/lib/chef/knife/acl_remove.rb +62 -0
  58. data/lib/chef/knife/acl_show.rb +56 -0
  59. data/lib/chef/knife/bootstrap.rb +93 -97
  60. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
  61. data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
  62. data/lib/chef/knife/bootstrap/templates/chef-full.erb +20 -20
  63. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +13 -15
  64. data/lib/chef/knife/bootstrap/train_connector.rb +0 -1
  65. data/lib/chef/knife/cookbook_download.rb +1 -1
  66. data/lib/chef/knife/cookbook_metadata.rb +1 -1
  67. data/lib/chef/knife/core/bootstrap_context.rb +63 -60
  68. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  69. data/lib/chef/knife/core/generic_presenter.rb +4 -3
  70. data/lib/chef/knife/core/hashed_command_loader.rb +2 -3
  71. data/lib/chef/knife/core/node_presenter.rb +2 -2
  72. data/lib/chef/knife/core/status_presenter.rb +5 -5
  73. data/lib/chef/knife/core/subcommand_loader.rb +1 -1
  74. data/lib/chef/knife/core/ui.rb +17 -1
  75. data/lib/chef/knife/core/windows_bootstrap_context.rb +45 -58
  76. data/lib/chef/knife/data_bag_secret_options.rb +18 -45
  77. data/lib/chef/knife/environment_compare.rb +1 -1
  78. data/lib/chef/knife/exec.rb +2 -2
  79. data/lib/chef/knife/group_add.rb +55 -0
  80. data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
  81. data/lib/chef/knife/group_destroy.rb +53 -0
  82. data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
  83. data/lib/chef/knife/group_remove.rb +56 -0
  84. data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
  85. data/lib/chef/knife/list.rb +1 -1
  86. data/lib/chef/knife/ssh.rb +12 -50
  87. data/lib/chef/knife/status.rb +3 -3
  88. data/lib/chef/knife/supermarket_download.rb +1 -2
  89. data/lib/chef/knife/supermarket_install.rb +1 -2
  90. data/lib/chef/knife/supermarket_list.rb +1 -2
  91. data/lib/chef/knife/supermarket_search.rb +1 -2
  92. data/lib/chef/knife/supermarket_share.rb +1 -2
  93. data/lib/chef/knife/supermarket_show.rb +1 -2
  94. data/lib/chef/knife/supermarket_unshare.rb +1 -2
  95. data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
  96. data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
  97. data/lib/chef/knife/user_invite_list.rb +34 -0
  98. data/lib/chef/knife/user_invite_recind.rb +63 -0
  99. data/lib/chef/knife/yaml_convert.rb +91 -0
  100. data/lib/chef/log.rb +1 -1
  101. data/lib/chef/mixin/create_path.rb +8 -8
  102. data/lib/chef/mixin/openssl_helper.rb +3 -26
  103. data/lib/chef/mixin/powershell_exec.rb +10 -1
  104. data/lib/chef/mixin/powershell_out.rb +1 -1
  105. data/lib/chef/mixin/properties.rb +13 -1
  106. data/lib/chef/mixin/shell_out.rb +0 -4
  107. data/lib/chef/mixin/template.rb +0 -1
  108. data/lib/chef/monkey_patches/net_http.rb +0 -4
  109. data/lib/chef/node.rb +18 -6
  110. data/lib/chef/node/mixin/deep_merge_cache.rb +7 -7
  111. data/lib/chef/node/mixin/immutablize_array.rb +4 -0
  112. data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
  113. data/lib/chef/node_map.rb +7 -36
  114. data/lib/chef/platform/priority_map.rb +4 -4
  115. data/lib/chef/platform/query_helpers.rb +6 -34
  116. data/lib/chef/powershell.rb +14 -0
  117. data/lib/chef/property.rb +22 -4
  118. data/lib/chef/provider.rb +40 -6
  119. data/lib/chef/provider/cron.rb +2 -2
  120. data/lib/chef/provider/directory.rb +2 -2
  121. data/lib/chef/provider/dsc_resource.rb +1 -1
  122. data/lib/chef/provider/dsc_script.rb +1 -1
  123. data/lib/chef/provider/execute.rb +2 -8
  124. data/lib/chef/provider/file.rb +5 -5
  125. data/lib/chef/provider/git.rb +84 -27
  126. data/lib/chef/provider/group.rb +4 -4
  127. data/lib/chef/provider/http_request.rb +6 -6
  128. data/lib/chef/provider/ifconfig.rb +4 -4
  129. data/lib/chef/provider/launchd.rb +36 -51
  130. data/lib/chef/provider/link.rb +2 -2
  131. data/lib/chef/provider/mount.rb +5 -5
  132. data/lib/chef/provider/mount/solaris.rb +1 -0
  133. data/lib/chef/provider/osx_profile.rb +7 -3
  134. data/lib/chef/provider/package.rb +2 -2
  135. data/lib/chef/provider/package/cab.rb +3 -4
  136. data/lib/chef/provider/package/chocolatey.rb +1 -3
  137. data/lib/chef/provider/package/dnf.rb +66 -10
  138. data/lib/chef/provider/package/dnf/dnf_helper.py +84 -30
  139. data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
  140. data/lib/chef/provider/package/dnf/version.rb +5 -1
  141. data/lib/chef/provider/package/freebsd/pkgng.rb +1 -3
  142. data/lib/chef/provider/package/homebrew.rb +106 -42
  143. data/lib/chef/provider/package/msu.rb +3 -1
  144. data/lib/chef/provider/package/pacman.rb +25 -34
  145. data/lib/chef/provider/package/powershell.rb +2 -6
  146. data/lib/chef/provider/package/rubygems.rb +29 -2
  147. data/lib/chef/provider/package/snap.rb +27 -96
  148. data/lib/chef/provider/package/windows.rb +3 -2
  149. data/lib/chef/provider/package/windows/msi.rb +2 -2
  150. data/lib/chef/provider/package/yum.rb +0 -8
  151. data/lib/chef/provider/package/yum/yum_helper.py +0 -4
  152. data/lib/chef/provider/package/zypper.rb +1 -1
  153. data/lib/chef/provider/powershell_script.rb +4 -10
  154. data/lib/chef/provider/registry_key.rb +4 -4
  155. data/lib/chef/provider/remote_directory.rb +3 -3
  156. data/lib/chef/provider/remote_file/ftp.rb +3 -2
  157. data/lib/chef/provider/remote_file/local_file.rb +2 -1
  158. data/lib/chef/provider/remote_file/sftp.rb +3 -2
  159. data/lib/chef/provider/route.rb +5 -3
  160. data/lib/chef/provider/ruby_block.rb +1 -1
  161. data/lib/chef/provider/script.rb +2 -2
  162. data/lib/chef/provider/service.rb +8 -8
  163. data/lib/chef/provider/service/aixinit.rb +1 -1
  164. data/lib/chef/provider/service/arch.rb +2 -2
  165. data/lib/chef/provider/service/debian.rb +31 -29
  166. data/lib/chef/provider/service/gentoo.rb +2 -2
  167. data/lib/chef/provider/service/macosx.rb +7 -12
  168. data/lib/chef/provider/service/openbsd.rb +1 -1
  169. data/lib/chef/provider/service/redhat.rb +2 -2
  170. data/lib/chef/provider/service/simple.rb +3 -3
  171. data/lib/chef/provider/service/systemd.rb +12 -12
  172. data/lib/chef/provider/service/upstart.rb +1 -1
  173. data/lib/chef/provider/service/windows.rb +5 -11
  174. data/lib/chef/provider/subversion.rb +25 -5
  175. data/lib/chef/provider/systemd_unit.rb +26 -25
  176. data/lib/chef/provider/user.rb +6 -6
  177. data/lib/chef/provider/user/dscl.rb +3 -3
  178. data/lib/chef/provider/user/mac.rb +10 -9
  179. data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
  180. data/lib/chef/provider/windows_env.rb +3 -3
  181. data/lib/chef/provider/windows_script.rb +2 -2
  182. data/lib/chef/provider/windows_task.rb +7 -9
  183. data/lib/chef/provider/yum_repository.rb +1 -1
  184. data/lib/chef/provider/zypper_repository.rb +11 -31
  185. data/lib/chef/providers.rb +0 -6
  186. data/lib/chef/recipe.rb +36 -0
  187. data/lib/chef/resource.rb +41 -56
  188. data/lib/chef/resource/action_class.rb +24 -22
  189. data/lib/chef/resource/alternatives.rb +149 -0
  190. data/lib/chef/resource/apt_package.rb +2 -1
  191. data/lib/chef/resource/apt_preference.rb +69 -2
  192. data/lib/chef/resource/apt_repository.rb +337 -5
  193. data/lib/chef/resource/apt_update.rb +52 -1
  194. data/lib/chef/resource/archive_file.rb +9 -29
  195. data/lib/chef/resource/bash.rb +2 -0
  196. data/lib/chef/resource/bff_package.rb +9 -1
  197. data/lib/chef/resource/breakpoint.rb +0 -1
  198. data/lib/chef/resource/build_essential.rb +42 -48
  199. data/lib/chef/resource/cab_package.rb +8 -1
  200. data/lib/chef/resource/chef_client_cron.rb +225 -0
  201. data/lib/chef/resource/chef_client_scheduled_task.rb +198 -0
  202. data/lib/chef/resource/chef_client_systemd_timer.rb +177 -0
  203. data/lib/chef/resource/chef_gem.rb +9 -16
  204. data/lib/chef/resource/chef_handler.rb +2 -1
  205. data/lib/chef/resource/chef_sleep.rb +0 -1
  206. data/lib/chef/resource/chef_vault_secret.rb +135 -0
  207. data/lib/chef/resource/chocolatey_config.rb +3 -1
  208. data/lib/chef/resource/chocolatey_feature.rb +2 -1
  209. data/lib/chef/resource/chocolatey_package.rb +2 -1
  210. data/lib/chef/resource/chocolatey_source.rb +2 -1
  211. data/lib/chef/resource/cookbook_file.rb +1 -1
  212. data/lib/chef/resource/cron.rb +22 -68
  213. data/lib/chef/resource/cron_access.rb +8 -15
  214. data/lib/chef/resource/cron_d.rb +9 -75
  215. data/lib/chef/resource/csh.rb +2 -0
  216. data/lib/chef/resource/directory.rb +2 -2
  217. data/lib/chef/resource/dmg_package.rb +4 -4
  218. data/lib/chef/resource/dnf_package.rb +2 -3
  219. data/lib/chef/resource/dpkg_package.rb +2 -1
  220. data/lib/chef/resource/dsc_resource.rb +6 -4
  221. data/lib/chef/resource/dsc_script.rb +3 -2
  222. data/lib/chef/resource/execute.rb +13 -12
  223. data/lib/chef/resource/file.rb +3 -1
  224. data/lib/chef/resource/freebsd_package.rb +2 -1
  225. data/lib/chef/resource/gem_package.rb +14 -6
  226. data/lib/chef/resource/group.rb +4 -1
  227. data/lib/chef/resource/helpers/cron_validations.rb +98 -0
  228. data/lib/chef/resource/homebrew_cask.rb +5 -4
  229. data/lib/chef/resource/homebrew_package.rb +4 -2
  230. data/lib/chef/resource/homebrew_tap.rb +2 -1
  231. data/lib/chef/resource/hostname.rb +41 -36
  232. data/lib/chef/resource/http_request.rb +0 -1
  233. data/lib/chef/resource/ifconfig.rb +1 -1
  234. data/lib/chef/resource/ips_package.rb +10 -2
  235. data/lib/chef/resource/kernel_module.rb +29 -29
  236. data/lib/chef/resource/ksh.rb +2 -0
  237. data/lib/chef/resource/launchd.rb +6 -6
  238. data/lib/chef/resource/link.rb +1 -23
  239. data/lib/chef/resource/locale.rb +58 -24
  240. data/lib/chef/resource/log.rb +12 -1
  241. data/lib/chef/resource/lwrp_base.rb +1 -8
  242. data/lib/chef/resource/macos_userdefaults.rb +9 -6
  243. data/lib/chef/resource/macosx_service.rb +2 -1
  244. data/lib/chef/resource/macports_package.rb +10 -2
  245. data/lib/chef/resource/mdadm.rb +62 -2
  246. data/lib/chef/resource/mount.rb +3 -0
  247. data/lib/chef/resource/msu_package.rb +13 -1
  248. data/lib/chef/resource/notify_group.rb +8 -3
  249. data/lib/chef/resource/ohai.rb +19 -3
  250. data/lib/chef/resource/ohai_hint.rb +3 -12
  251. data/lib/chef/resource/openbsd_package.rb +9 -1
  252. data/lib/chef/resource/openssl_dhparam.rb +10 -1
  253. data/lib/chef/resource/openssl_ec_private_key.rb +23 -1
  254. data/lib/chef/resource/openssl_ec_public_key.rb +21 -1
  255. data/lib/chef/resource/openssl_rsa_private_key.rb +20 -1
  256. data/lib/chef/resource/openssl_rsa_public_key.rb +22 -1
  257. data/lib/chef/resource/openssl_x509_certificate.rb +37 -1
  258. data/lib/chef/resource/openssl_x509_crl.rb +12 -1
  259. data/lib/chef/resource/openssl_x509_request.rb +37 -1
  260. data/lib/chef/resource/osx_profile.rb +3 -2
  261. data/lib/chef/resource/package.rb +2 -1
  262. data/lib/chef/resource/pacman_package.rb +2 -1
  263. data/lib/chef/resource/paludis_package.rb +12 -3
  264. data/lib/chef/resource/perl.rb +2 -0
  265. data/lib/chef/resource/plist.rb +207 -0
  266. data/lib/chef/resource/portage_package.rb +13 -3
  267. data/lib/chef/resource/powershell_package.rb +1 -3
  268. data/lib/chef/resource/powershell_package_source.rb +3 -1
  269. data/lib/chef/resource/powershell_script.rb +7 -17
  270. data/lib/chef/resource/python.rb +2 -0
  271. data/lib/chef/resource/reboot.rb +0 -1
  272. data/lib/chef/resource/registry_key.rb +1 -2
  273. data/lib/chef/resource/remote_directory.rb +2 -0
  274. data/lib/chef/resource/remote_file.rb +2 -0
  275. data/lib/chef/resource/rhsm_errata.rb +0 -1
  276. data/lib/chef/resource/rhsm_errata_level.rb +0 -1
  277. data/lib/chef/resource/rhsm_register.rb +2 -1
  278. data/lib/chef/resource/rhsm_repo.rb +3 -1
  279. data/lib/chef/resource/rhsm_subscription.rb +4 -1
  280. data/lib/chef/resource/route.rb +5 -1
  281. data/lib/chef/resource/rpm_package.rb +9 -2
  282. data/lib/chef/resource/ruby.rb +2 -0
  283. data/lib/chef/resource/ruby_block.rb +1 -1
  284. data/lib/chef/resource/scm/_scm.rb +48 -0
  285. data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
  286. data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +8 -5
  287. data/lib/chef/resource/script.rb +6 -3
  288. data/lib/chef/resource/service.rb +6 -7
  289. data/lib/chef/resource/smartos_package.rb +9 -1
  290. data/lib/chef/resource/snap_package.rb +3 -1
  291. data/lib/chef/resource/solaris_package.rb +9 -1
  292. data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
  293. data/lib/chef/resource/sudo.rb +9 -9
  294. data/lib/chef/resource/support/cron.d.erb +1 -1
  295. data/lib/chef/resource/support/cron_access.erb +1 -1
  296. data/lib/chef/resource/support/sudoer.erb +1 -2
  297. data/lib/chef/resource/support/ulimit.erb +41 -0
  298. data/lib/chef/resource/swap_file.rb +5 -3
  299. data/lib/chef/resource/sysctl.rb +2 -2
  300. data/lib/chef/resource/systemd_unit.rb +4 -2
  301. data/lib/chef/resource/template.rb +0 -1
  302. data/lib/chef/resource/timezone.rb +7 -18
  303. data/lib/chef/resource/user.rb +1 -3
  304. data/lib/chef/resource/user/aix_user.rb +0 -2
  305. data/lib/chef/resource/user/dscl_user.rb +1 -1
  306. data/lib/chef/resource/user/linux_user.rb +0 -2
  307. data/lib/chef/resource/user/mac_user.rb +1 -1
  308. data/lib/chef/resource/user/pw_user.rb +0 -2
  309. data/lib/chef/resource/user/solaris_user.rb +0 -2
  310. data/lib/chef/resource/user/windows_user.rb +0 -2
  311. data/lib/chef/resource/user_ulimit.rb +114 -0
  312. data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
  313. data/lib/chef/resource/windows_ad_join.rb +19 -6
  314. data/lib/chef/resource/windows_auto_run.rb +0 -1
  315. data/lib/chef/resource/windows_certificate.rb +1 -1
  316. data/lib/chef/resource/windows_dfs_folder.rb +0 -1
  317. data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
  318. data/lib/chef/resource/windows_dfs_server.rb +0 -1
  319. data/lib/chef/resource/windows_dns_record.rb +0 -1
  320. data/lib/chef/resource/windows_dns_zone.rb +0 -1
  321. data/lib/chef/resource/windows_env.rb +2 -3
  322. data/lib/chef/resource/windows_feature.rb +2 -2
  323. data/lib/chef/resource/windows_feature_dism.rb +9 -22
  324. data/lib/chef/resource/windows_feature_powershell.rb +17 -82
  325. data/lib/chef/resource/windows_firewall_rule.rb +119 -10
  326. data/lib/chef/resource/windows_font.rb +1 -3
  327. data/lib/chef/resource/windows_package.rb +13 -4
  328. data/lib/chef/resource/windows_pagefile.rb +0 -1
  329. data/lib/chef/resource/windows_path.rb +0 -1
  330. data/lib/chef/resource/windows_printer.rb +0 -1
  331. data/lib/chef/resource/windows_printer_port.rb +0 -1
  332. data/lib/chef/resource/windows_script.rb +3 -4
  333. data/lib/chef/resource/windows_security_policy.rb +90 -0
  334. data/lib/chef/resource/windows_service.rb +45 -31
  335. data/lib/chef/resource/windows_share.rb +3 -7
  336. data/lib/chef/resource/windows_shortcut.rb +0 -1
  337. data/lib/chef/resource/windows_task.rb +14 -15
  338. data/lib/chef/resource/windows_uac.rb +0 -1
  339. data/lib/chef/resource/windows_user_privilege.rb +157 -0
  340. data/lib/chef/resource/windows_workgroup.rb +0 -1
  341. data/lib/chef/resource/yum_package.rb +3 -1
  342. data/lib/chef/resource/yum_repository.rb +2 -1
  343. data/lib/chef/resource/zypper_package.rb +3 -2
  344. data/lib/chef/resource/zypper_repository.rb +2 -1
  345. data/lib/chef/resource_builder.rb +8 -0
  346. data/lib/chef/resource_inspector.rb +6 -6
  347. data/lib/chef/resource_resolver.rb +7 -14
  348. data/lib/chef/resources.rb +11 -3
  349. data/lib/chef/role.rb +2 -2
  350. data/lib/chef/run_context/cookbook_compiler.rb +29 -5
  351. data/lib/chef/shell.rb +23 -32
  352. data/lib/chef/shell/shell_session.rb +0 -2
  353. data/lib/chef/util/diff.rb +1 -1
  354. data/lib/chef/util/dsc/configuration_generator.rb +1 -1
  355. data/lib/chef/util/dsc/lcm_output_parser.rb +3 -3
  356. data/lib/chef/util/powershell/cmdlet.rb +1 -1
  357. data/lib/chef/version.rb +2 -2
  358. data/lib/chef/version_string.rb +1 -1
  359. data/lib/chef/win32/api/file.rb +18 -18
  360. data/lib/chef/win32/api/security.rb +6 -0
  361. data/lib/chef/win32/file.rb +3 -11
  362. data/lib/chef/win32/process.rb +2 -2
  363. data/lib/chef/win32/security.rb +40 -2
  364. data/spec/functional/assets/inittest +8 -7
  365. data/spec/functional/knife/ssh_spec.rb +27 -23
  366. data/spec/functional/resource/aix_service_spec.rb +1 -0
  367. data/spec/functional/resource/aixinit_service_spec.rb +8 -7
  368. data/spec/functional/resource/apt_package_spec.rb +1 -0
  369. data/spec/functional/resource/bff_spec.rb +2 -2
  370. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  371. data/spec/functional/resource/cron_spec.rb +11 -29
  372. data/spec/functional/resource/dnf_package_spec.rb +441 -156
  373. data/spec/functional/resource/dsc_resource_spec.rb +1 -1
  374. data/spec/functional/resource/git_spec.rb +184 -134
  375. data/spec/functional/resource/insserv_spec.rb +6 -5
  376. data/spec/functional/resource/link_spec.rb +17 -17
  377. data/spec/functional/resource/locale_spec.rb +13 -2
  378. data/spec/functional/resource/powershell_script_spec.rb +7 -68
  379. data/spec/functional/resource/rpm_spec.rb +2 -2
  380. data/spec/functional/resource/user/dscl_spec.rb +2 -2
  381. data/spec/functional/resource/user/mac_user_spec.rb +2 -2
  382. data/spec/functional/resource/windows_certificate_spec.rb +3 -3
  383. data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
  384. data/spec/functional/resource/windows_task_spec.rb +8 -8
  385. data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
  386. data/spec/functional/run_lock_spec.rb +1 -2
  387. data/spec/functional/shell_spec.rb +6 -6
  388. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  389. data/spec/functional/version_spec.rb +1 -1
  390. data/spec/functional/win32/registry_spec.rb +0 -6
  391. data/spec/functional/win32/security_spec.rb +22 -0
  392. data/spec/functional/win32/service_manager_spec.rb +1 -1
  393. data/spec/integration/client/client_spec.rb +123 -2
  394. data/spec/integration/knife/cookbook_show_spec.rb +28 -26
  395. data/spec/integration/knife/data_bag_show_spec.rb +1 -1
  396. data/spec/integration/knife/raw_spec.rb +30 -2
  397. data/spec/integration/knife/show_spec.rb +32 -3
  398. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  399. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -5
  400. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  401. data/spec/integration/recipes/noop_resource_spec.rb +1 -1
  402. data/spec/integration/recipes/notifies_spec.rb +50 -21
  403. data/spec/integration/recipes/notifying_block_spec.rb +9 -6
  404. data/spec/integration/recipes/provider_choice.rb +2 -0
  405. data/spec/integration/recipes/recipe_dsl_spec.rb +46 -144
  406. data/spec/integration/recipes/resource_action_spec.rb +16 -11
  407. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -3
  408. data/spec/integration/recipes/resource_load_spec.rb +133 -13
  409. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  410. data/spec/integration/recipes/use_partial_spec.rb +112 -0
  411. data/spec/integration/solo/solo_spec.rb +3 -3
  412. data/spec/scripts/ssl-serve.rb +1 -1
  413. data/spec/spec_helper.rb +11 -14
  414. data/spec/support/chef_helpers.rb +2 -2
  415. data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
  416. data/spec/support/platform_helpers.rb +44 -19
  417. data/spec/support/platforms/win32/spec_service.rb +1 -1
  418. data/spec/support/recipe_dsl_helper.rb +83 -0
  419. data/spec/support/shared/functional/directory_resource.rb +1 -1
  420. data/spec/support/shared/functional/execute_resource.rb +1 -1
  421. data/spec/support/shared/functional/file_resource.rb +3 -3
  422. data/spec/support/shared/functional/win32_service.rb +1 -1
  423. data/spec/support/shared/functional/windows_script.rb +5 -18
  424. data/spec/support/shared/integration/knife_support.rb +14 -8
  425. data/spec/unit/application/apply_spec.rb +3 -0
  426. data/spec/unit/application/client_spec.rb +5 -1
  427. data/spec/unit/application_spec.rb +1 -9
  428. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +4 -2
  429. data/spec/unit/client_spec.rb +7 -5
  430. data/spec/unit/cookbook/gem_installer_spec.rb +3 -4
  431. data/spec/unit/cookbook/metadata_spec.rb +38 -19
  432. data/spec/unit/data_bag_spec.rb +1 -1
  433. data/spec/unit/data_collector_spec.rb +38 -17
  434. data/spec/unit/dsl/platform_introspection_spec.rb +0 -1
  435. data/spec/unit/environment_spec.rb +7 -7
  436. data/spec/unit/event_dispatch/dispatcher_spec.rb +0 -3
  437. data/spec/unit/file_access_control_spec.rb +1 -1
  438. data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
  439. data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
  440. data/spec/unit/knife/bootstrap_spec.rb +36 -54
  441. data/spec/unit/knife/cookbook_download_spec.rb +4 -4
  442. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
  443. data/spec/unit/knife/cookbook_show_spec.rb +1 -0
  444. data/spec/unit/knife/cookbook_upload_spec.rb +6 -5
  445. data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
  446. data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
  447. data/spec/unit/knife/core/ui_spec.rb +16 -0
  448. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +8 -68
  449. data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
  450. data/spec/unit/knife/role_env_run_list_add_spec.rb +6 -6
  451. data/spec/unit/knife/role_env_run_list_clear_spec.rb +4 -4
  452. data/spec/unit/knife/role_env_run_list_remove_spec.rb +4 -4
  453. data/spec/unit/knife/role_env_run_list_replace_spec.rb +4 -4
  454. data/spec/unit/knife/role_env_run_list_set_spec.rb +4 -4
  455. data/spec/unit/knife/role_run_list_add_spec.rb +6 -6
  456. data/spec/unit/knife/role_run_list_clear_spec.rb +4 -4
  457. data/spec/unit/knife/role_run_list_remove_spec.rb +4 -4
  458. data/spec/unit/knife/role_run_list_replace_spec.rb +4 -4
  459. data/spec/unit/knife/role_run_list_set_spec.rb +4 -4
  460. data/spec/unit/knife/ssh_spec.rb +10 -113
  461. data/spec/unit/knife/status_spec.rb +1 -1
  462. data/spec/unit/knife/supermarket_share_spec.rb +3 -5
  463. data/spec/unit/knife_spec.rb +18 -0
  464. data/spec/unit/lwrp_spec.rb +4 -4
  465. data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
  466. data/spec/unit/mixin/securable_spec.rb +1 -0
  467. data/spec/unit/mixin/user_context_spec.rb +9 -1
  468. data/spec/unit/node/attribute_spec.rb +2 -2
  469. data/spec/unit/node_spec.rb +24 -0
  470. data/spec/unit/platform/query_helpers_spec.rb +0 -143
  471. data/spec/unit/property/state_spec.rb +12 -7
  472. data/spec/unit/property/validation_spec.rb +25 -1
  473. data/spec/unit/property_spec.rb +18 -15
  474. data/spec/unit/provider/apt_preference_spec.rb +14 -10
  475. data/spec/unit/provider/apt_repository_spec.rb +9 -11
  476. data/spec/unit/provider/apt_update_spec.rb +12 -11
  477. data/spec/unit/provider/cookbook_file_spec.rb +4 -4
  478. data/spec/unit/provider/cron_spec.rb +2 -2
  479. data/spec/unit/provider/directory_spec.rb +4 -15
  480. data/spec/unit/provider/file_spec.rb +4 -4
  481. data/spec/unit/provider/git_spec.rb +44 -4
  482. data/spec/unit/provider/link_spec.rb +0 -1
  483. data/spec/unit/provider/log_spec.rb +3 -3
  484. data/spec/unit/provider/mdadm_spec.rb +3 -3
  485. data/spec/unit/provider/osx_profile_spec.rb +2 -2
  486. data/spec/unit/provider/package/dnf/python_helper_spec.rb +2 -2
  487. data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
  488. data/spec/unit/provider/package/homebrew_spec.rb +280 -174
  489. data/spec/unit/provider/package/msu_spec.rb +3 -3
  490. data/spec/unit/provider/package/pacman_spec.rb +65 -147
  491. data/spec/unit/provider/package/powershell_spec.rb +88 -96
  492. data/spec/unit/provider/package/rubygems_spec.rb +221 -31
  493. data/spec/unit/provider/package/snap_spec.rb +1 -1
  494. data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
  495. data/spec/unit/provider/package/windows_spec.rb +53 -30
  496. data/spec/unit/provider/powershell_script_spec.rb +21 -61
  497. data/spec/unit/provider/remote_file_spec.rb +3 -4
  498. data/spec/unit/provider/service/arch_service_spec.rb +2 -3
  499. data/spec/unit/provider/service/debian_service_spec.rb +35 -14
  500. data/spec/unit/provider/service/gentoo_service_spec.rb +8 -8
  501. data/spec/unit/provider/service/macosx_spec.rb +210 -214
  502. data/spec/unit/provider/service/redhat_spec.rb +2 -2
  503. data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
  504. data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
  505. data/spec/unit/provider/service/windows_spec.rb +6 -2
  506. data/spec/unit/provider/subversion_spec.rb +4 -2
  507. data/spec/unit/provider/systemd_unit_spec.rb +24 -28
  508. data/spec/unit/provider/template_spec.rb +3 -4
  509. data/spec/unit/provider/zypper_repository_spec.rb +25 -75
  510. data/spec/unit/provider_resolver_spec.rb +11 -11
  511. data/spec/unit/provider_spec.rb +0 -1
  512. data/spec/unit/recipe_spec.rb +68 -0
  513. data/spec/unit/resource/alternatives_spec.rb +120 -0
  514. data/spec/unit/resource/apt_preference_spec.rb +0 -18
  515. data/spec/unit/resource/apt_repository_spec.rb +0 -18
  516. data/spec/unit/resource/apt_update_spec.rb +0 -18
  517. data/spec/unit/resource/archive_file_spec.rb +2 -11
  518. data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
  519. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
  520. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
  521. data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
  522. data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
  523. data/spec/unit/resource/cron_d_spec.rb +6 -48
  524. data/spec/unit/resource/cron_spec.rb +4 -10
  525. data/spec/unit/resource/gem_package_spec.rb +3 -3
  526. data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
  527. data/spec/unit/resource/link_spec.rb +0 -4
  528. data/spec/unit/resource/locale_spec.rb +0 -34
  529. data/spec/unit/resource/ohai_spec.rb +56 -2
  530. data/spec/unit/resource/plist_spec.rb +130 -0
  531. data/spec/unit/resource/powershell_script_spec.rb +0 -5
  532. data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
  533. data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
  534. data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
  535. data/spec/unit/resource/service_spec.rb +4 -0
  536. data/spec/unit/resource/user_spec.rb +2 -2
  537. data/spec/unit/resource/user_ulimit_spec.rb +53 -0
  538. data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
  539. data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
  540. data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
  541. data/spec/unit/resource/windows_feature_powershell_spec.rb +6 -47
  542. data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
  543. data/spec/unit/resource/windows_package_spec.rb +4 -1
  544. data/spec/unit/resource/windows_service_spec.rb +9 -0
  545. data/spec/unit/resource/windows_task_spec.rb +1 -1
  546. data/spec/unit/resource/windows_uac_spec.rb +2 -2
  547. data/spec/unit/resource/yum_repository_spec.rb +21 -21
  548. data/spec/unit/resource_reporter_spec.rb +1 -5
  549. data/spec/unit/resource_spec.rb +11 -4
  550. data/spec/unit/role_spec.rb +11 -11
  551. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  552. data/spec/unit/run_context_spec.rb +1 -1
  553. data/spec/unit/search/query_spec.rb +1 -1
  554. data/spec/unit/util/threaded_job_queue_spec.rb +0 -9
  555. data/spec/unit/win32/security_spec.rb +3 -4
  556. data/tasks/rspec.rb +1 -1
  557. metadata +110 -75
  558. data/lib/chef/dsl/core.rb +0 -52
  559. data/lib/chef/knife/cookbook_site_share.rb +0 -41
  560. data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
  561. data/lib/chef/provider/apt_preference.rb +0 -93
  562. data/lib/chef/provider/apt_repository.rb +0 -358
  563. data/lib/chef/provider/apt_update.rb +0 -79
  564. data/lib/chef/provider/log.rb +0 -43
  565. data/lib/chef/provider/mdadm.rb +0 -85
  566. data/lib/chef/provider/ohai.rb +0 -45
  567. data/lib/chef/resource/git.rb +0 -37
  568. data/spec/functional/resource/windows_font_spec.rb +0 -49
  569. data/spec/unit/provider/ohai_spec.rb +0 -84
data/lib/chef/formatters/doc.rb CHANGED
@@ -273,7 +273,7 @@ class Chef
273
273
  # Called when a resource has no converge actions, e.g., it was already correct.
274
274
  def resource_up_to_date(resource, action)
275
275
  @up_to_date_resources += 1
276
- puts " (up to date)", stream: resource
276
+ puts " (up to date)", stream: resource unless resource.suppress_up_to_date_messages?
277
277
  unindent
278
278
  end
279
279
 
data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb CHANGED
@@ -46,7 +46,7 @@ class Chef
46
46
  when Chef::Exceptions::PrivateKeyMissing
47
47
  error_description.section("Private Key Not Found:", <<~E)
48
48
  Your private key could not be loaded. If the key file exists, ensure that it is
49
- readable by #{Chef::Dist::PRODUCT}.
49
+ readable by #{Chef::Dist::CLIENT}.
50
50
  E
51
51
  error_description.section("Relevant Config Settings:", <<~E)
52
52
  client_key "#{api_key}"
@@ -99,7 +99,7 @@ class Chef
99
99
  # redirect.
100
100
  def describe_404_error(error_description)
101
101
  error_description.section("Resource Not Found:", <<~E)
102
- The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
102
+ The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
103
103
  E
104
104
  error_description.section("Relevant Config Settings:", <<~E)
105
105
  chef_server_url "#{server_url}"
data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb CHANGED
@@ -28,7 +28,7 @@ class Chef
28
28
  humanize_http_exception(error_description)
29
29
  when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
30
30
  error_description.section("Network Error:", <<~E)
31
- There was a network error connecting to the #{Chef::Dist::SERVER_PRODUCT}:
31
+ There was a network error connecting to the Chef Server:
32
32
  #{exception.message}
33
33
  E
34
34
  error_description.section("Relevant Config Settings:", <<~E)
@@ -39,14 +39,14 @@ class Chef
39
39
  when Chef::Exceptions::PrivateKeyMissing
40
40
  error_description.section("Private Key Not Found:", <<~E)
41
41
  Your private key could not be loaded. If the key file exists, ensure that it is
42
- readable by #{Chef::Dist::PRODUCT}.
42
+ readable by #{Chef::Dist::CLIENT}.
43
43
  E
44
44
  error_description.section("Relevant Config Settings:", <<~E)
45
45
  validation_key "#{api_key}"
46
46
  E
47
47
  when Chef::Exceptions::InvalidRedirect
48
48
  error_description.section("Invalid Redirect:", <<~E)
49
- Change your #{Chef::Dist::SERVER_PRODUCT} location in client.rb to the #{Chef::Dist::SERVER_PRODUCT}'s FQDN to avoid unwanted redirections.
49
+ Change your server location in client.rb to the server's FQDN to avoid unwanted redirections.
50
50
  E
51
51
  when EOFError
52
52
  describe_eof_error(error_description)
@@ -61,13 +61,13 @@ class Chef
61
61
  when Net::HTTPUnauthorized
62
62
  if clock_skew?
63
63
  error_description.section("Authentication Error:", <<~E)
64
- Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
64
+ Failed to authenticate to the chef server (http 401).
65
65
  The request failed because your clock has drifted by more than 15 minutes.
66
66
  Syncing your clock to an NTP Time source should resolve the issue.
67
67
  E
68
68
  else
69
69
  error_description.section("Authentication Error:", <<~E)
70
- Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
70
+ Failed to authenticate to the chef server (http 401).
71
71
  E
72
72
 
73
73
  error_description.section("Server Response:", format_rest_error)
@@ -81,7 +81,7 @@ class Chef
81
81
  end
82
82
  when Net::HTTPForbidden
83
83
  error_description.section("Authorization Error:", <<~E)
84
- Your validation client is not authorized to create the client for this node on the #{Chef::Dist::SERVER_PRODUCT} (HTTP 403).
84
+ Your validation client is not authorized to create the client for this node (HTTP 403).
85
85
  E
86
86
  error_description.section("Possible Causes:", <<~E)
87
87
  * There may already be a client named "#{config[:node_name]}"
@@ -94,7 +94,7 @@ class Chef
94
94
  error_description.section("Server Response:", format_rest_error)
95
95
  when Net::HTTPNotFound
96
96
  error_description.section("Resource Not Found:", <<~E)
97
- The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url configuration is incorrect.
97
+ The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
98
98
  E
99
99
  error_description.section("Relevant Config Settings:", <<~E)
100
100
  chef_server_url "#{server_url}"
data/lib/chef/formatters/indentable_output_stream.rb CHANGED
@@ -17,23 +17,14 @@ class Chef
17
17
  @semaphore = Mutex.new
18
18
  end
19
19
 
20
- def highline
21
- @highline ||= begin
22
- require "highline"
23
- HighLine.new
20
+ # pastel.decorate is a lightweight replacement for highline.color
21
+ def pastel
22
+ @pastel ||= begin
23
+ require "pastel"
24
+ Pastel.new
24
25
  end
25
26
  end
26
27
 
27
- # Print text. This will start a new line and indent if necessary
28
- # but will not terminate the line (future print and puts statements
29
- # will start off where this print left off).
30
- #
31
- # @param string [String]
32
- # @param args [Array<Hash,Symbol>]
33
- def color(string, *args)
34
- print(string, from_args(args))
35
- end
36
-
37
28
  # Print the start of a new line. This will terminate any existing lines and
38
29
  # cause indentation but will not move to the next line yet (future 'print'
39
30
  # and 'puts' statements will stay on this line).
@@ -83,7 +74,7 @@ class Chef
83
74
  #
84
75
  # == Alternative
85
76
  #
86
- # You may also call print('string', :red) (a list of colors a la Highline.color)
77
+ # You may also call print('string', :red) (https://github.com/piotrmurach/pastel#3-supported-colors)
87
78
  def print(string, *args)
88
79
  options = from_args(args)
89
80
 
@@ -140,7 +131,7 @@ class Chef
140
131
  end
141
132
 
142
133
  if Chef::Config[:color] && options[:colors]
143
- @out.print highline.color(line, *options[:colors])
134
+ @out.print pastel.decorate(line, *options[:colors])
144
135
  else
145
136
  @out.print line
146
137
  end
data/lib/chef/http.rb CHANGED
@@ -22,8 +22,7 @@
22
22
  #
23
23
 
24
24
  require "tempfile" unless defined?(Tempfile)
25
- require "openssl" unless defined?(OpenSSL)
26
- require "net/http" unless defined?(Net::HTTP)
25
+ require "net/https"
27
26
  require "uri" unless defined?(URI)
28
27
  require_relative "http/basic_client"
29
28
  require_relative "monkey_patches/net_http"
data/lib/chef/http/http_request.rb CHANGED
@@ -21,6 +21,7 @@
21
21
  # limitations under the License.
22
22
  #
23
23
  require "uri" unless defined?(URI)
24
+ require "cgi" unless defined?(CGI)
24
25
  require "net/http" unless defined?(Net::HTTP)
25
26
  require_relative "../dist"
26
27
 
@@ -176,8 +177,8 @@ class Chef
176
177
  @http_request.body = request_body if request_body && @http_request.request_body_permitted?
177
178
  # Optionally handle HTTP Basic Authentication
178
179
  if url.user
179
- user = URI.unescape(url.user)
180
- password = URI.unescape(url.password) if url.password
180
+ user = CGI.unescape(url.user)
181
+ password = CGI.unescape(url.password) if url.password
181
182
  @http_request.basic_auth(user, password)
182
183
  end
183
184
 
data/lib/chef/knife.rb CHANGED
@@ -279,12 +279,10 @@ class Chef
279
279
 
280
280
  if CHEF_ORGANIZATION_MANAGEMENT.include?(args[0])
281
281
  list_commands("CHEF ORGANIZATION MANAGEMENT")
282
- elsif OPSCODE_HOSTED_CHEF_ACCESS_CONTROL.include?(args[0])
283
- list_commands("OPSCODE HOSTED CHEF ACCESS CONTROL")
284
282
  elsif category_commands = guess_category(args)
285
283
  list_commands(category_commands)
286
284
  elsif OFFICIAL_PLUGINS.include?(args[0]) # command was an uninstalled official chef knife plugin
287
- ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into ChefDK / Chef Workstation")
285
+ ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into Chef Workstation")
288
286
  else
289
287
  list_commands
290
288
  end
data/lib/chef/knife/acl_add.rb ADDED
@@ -0,0 +1,57 @@
1
+ #
2
+ # Author:: Steven Danna (steve@chef.io)
3
+ # Author:: Jeremiah Snapp (jeremiah@chef.io)
4
+ # Copyright:: Copyright (c) Chef Software Inc.
5
+ # License:: Apache License, Version 2.0
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License");
8
+ # you may not use this file except in compliance with the License.
9
+ # You may obtain a copy of the License at
10
+ #
11
+ # http://www.apache.org/licenses/LICENSE-2.0
12
+ #
13
+ # Unless required by applicable law or agreed to in writing, software
14
+ # distributed under the License is distributed on an "AS IS" BASIS,
15
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+ # See the License for the specific language governing permissions and
17
+ # limitations under the License.
18
+ #
19
+
20
+ require_relative "../knife"
21
+
22
+ class Chef
23
+ class Knife
24
+ class AclAdd < Chef::Knife
25
+ category "acl"
26
+ banner "knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
27
+
28
+ deps do
29
+ require_relative "acl_base"
30
+ include Chef::Knife::AclBase
31
+ end
32
+
33
+ def run
34
+ member_type, member_name, object_type, object_name, perms = name_args
35
+
36
+ if name_args.length != 5
37
+ show_usage
38
+ ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms"
39
+ exit 1
40
+ end
41
+
42
+ unless %w{client group}.include?(member_type)
43
+ ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
44
+ ui.fatal " See the knife-acl README for more information."
45
+ exit 1
46
+ end
47
+ validate_perm_type!(perms)
48
+ validate_member_name!(member_name)
49
+ validate_object_name!(object_name)
50
+ validate_object_type!(object_type)
51
+ validate_member_exists!(member_type, member_name)
52
+
53
+ add_to_acl!(member_type, member_name, object_type, object_name, perms)
54
+ end
55
+ end
56
+ end
57
+ end
data/lib/chef/knife/acl_base.rb ADDED
@@ -0,0 +1,183 @@
1
+ #
2
+ # Author:: Steven Danna (steve@chef.io)
3
+ # Author:: Jeremiah Snapp (<jeremiah@chef.io>)
4
+ # Copyright:: Copyright (c) Chef Software Inc.
5
+ # License:: Apache License, Version 2.0
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License");
8
+ # you may not use this file except in compliance with the License.
9
+ # You may obtain a copy of the License at
10
+ #
11
+ # http://www.apache.org/licenses/LICENSE-2.0
12
+ #
13
+ # Unless required by applicable law or agreed to in writing, software
14
+ # distributed under the License is distributed on an "AS IS" BASIS,
15
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+ # See the License for the specific language governing permissions and
17
+ # limitations under the License.
18
+ #
19
+
20
+ require_relative "../knife"
21
+
22
+ class Chef
23
+ class Knife
24
+ module AclBase
25
+
26
+ PERM_TYPES = %w{create read update delete grant}.freeze unless defined? PERM_TYPES
27
+ MEMBER_TYPES = %w{client group user}.freeze unless defined? MEMBER_TYPES
28
+ OBJECT_TYPES = %w{clients containers cookbooks data environments groups nodes roles policies policy_groups}.freeze unless defined? OBJECT_TYPES
29
+ OBJECT_NAME_SPEC = /^[\-[:alnum:]_\.]+$/.freeze unless defined? OBJECT_NAME_SPEC
30
+
31
+ def validate_object_type!(type)
32
+ unless OBJECT_TYPES.include?(type)
33
+ ui.fatal "Unknown object type \"#{type}\". The following types are permitted: #{OBJECT_TYPES.join(", ")}"
34
+ exit 1
35
+ end
36
+ end
37
+
38
+ def validate_object_name!(name)
39
+ unless OBJECT_NAME_SPEC.match(name)
40
+ ui.fatal "Invalid name: #{name}"
41
+ exit 1
42
+ end
43
+ end
44
+
45
+ def validate_member_type!(type)
46
+ unless MEMBER_TYPES.include?(type)
47
+ ui.fatal "Unknown member type \"#{type}\". The following types are permitted: #{MEMBER_TYPES.join(", ")}"
48
+ exit 1
49
+ end
50
+ end
51
+
52
+ def validate_member_name!(name)
53
+ # Same rules apply to objects and members
54
+ validate_object_name!(name)
55
+ end
56
+
57
+ def validate_perm_type!(perms)
58
+ perms.split(",").each do |perm|
59
+ unless PERM_TYPES.include?(perm)
60
+ ui.fatal "Invalid permission \"#{perm}\". The following permissions are permitted: #{PERM_TYPES.join(",")}"
61
+ exit 1
62
+ end
63
+ end
64
+ end
65
+
66
+ def validate_member_exists!(member_type, member_name)
67
+ true if rest.get_rest("#{member_type}s/#{member_name}")
68
+ rescue NameError
69
+ # ignore "NameError: uninitialized constant Chef::ApiClient" when finding a client
70
+ true
71
+ rescue
72
+ ui.fatal "#{member_type} '#{member_name}' does not exist"
73
+ exit 1
74
+ end
75
+
76
+ def is_usag?(gname)
77
+ gname.length == 32 && gname =~ /^[0-9a-f]+$/
78
+ end
79
+
80
+ def get_acl(object_type, object_name)
81
+ rest.get_rest("#{object_type}/#{object_name}/_acl?detail=granular")
82
+ end
83
+
84
+ def get_ace(object_type, object_name, perm)
85
+ get_acl(object_type, object_name)[perm]
86
+ end
87
+
88
+ def add_to_acl!(member_type, member_name, object_type, object_name, perms)
89
+ acl = get_acl(object_type, object_name)
90
+ perms.split(",").each do |perm|
91
+ ui.msg "Adding '#{member_name}' to '#{perm}' ACE of '#{object_name}'"
92
+ ace = acl[perm]
93
+
94
+ case member_type
95
+ when "client", "user"
96
+ # Our PUT body depends on the type of reply we get from _acl?detail=granular
97
+ # When the server replies with json attributes 'users' and 'clients',
98
+ # we'll want to modify entries under the same keys they arrived.- their presence
99
+ # in the body tells us that CS will accept them in a PUT.
100
+ # Older version of chef-server will continue to use 'actors' for a combined list
101
+ # and expect the same in the body.
102
+ key = "#{member_type}s"
103
+ key = "actors" unless ace.key? key
104
+ next if ace[key].include?(member_name)
105
+
106
+ ace[key] << member_name
107
+ when "group"
108
+ next if ace["groups"].include?(member_name)
109
+
110
+ ace["groups"] << member_name
111
+ end
112
+
113
+ update_ace!(object_type, object_name, perm, ace)
114
+ end
115
+ end
116
+
117
+ def remove_from_acl!(member_type, member_name, object_type, object_name, perms)
118
+ acl = get_acl(object_type, object_name)
119
+ perms.split(",").each do |perm|
120
+ ui.msg "Removing '#{member_name}' from '#{perm}' ACE of '#{object_name}'"
121
+ ace = acl[perm]
122
+
123
+ case member_type
124
+ when "client", "user"
125
+ key = "#{member_type}s"
126
+ key = "actors" unless ace.key? key
127
+ next unless ace[key].include?(member_name)
128
+
129
+ ace[key].delete(member_name)
130
+ when "group"
131
+ next unless ace["groups"].include?(member_name)
132
+
133
+ ace["groups"].delete(member_name)
134
+ end
135
+
136
+ update_ace!(object_type, object_name, perm, ace)
137
+ end
138
+ end
139
+
140
+ def update_ace!(object_type, object_name, ace_type, ace)
141
+ rest.put_rest("#{object_type}/#{object_name}/_acl/#{ace_type}", ace_type => ace)
142
+ end
143
+
144
+ def add_to_group!(member_type, member_name, group_name)
145
+ validate_member_exists!(member_type, member_name)
146
+ existing_group = rest.get_rest("groups/#{group_name}")
147
+ ui.msg "Adding '#{member_name}' to '#{group_name}' group"
148
+ unless existing_group["#{member_type}s"].include?(member_name)
149
+ existing_group["#{member_type}s"] << member_name
150
+ new_group = {
151
+ "groupname" => existing_group["groupname"],
152
+ "orgname" => existing_group["orgname"],
153
+ "actors" => {
154
+ "users" => existing_group["users"],
155
+ "clients" => existing_group["clients"],
156
+ "groups" => existing_group["groups"],
157
+ },
158
+ }
159
+ rest.put_rest("groups/#{group_name}", new_group)
160
+ end
161
+ end
162
+
163
+ def remove_from_group!(member_type, member_name, group_name)
164
+ validate_member_exists!(member_type, member_name)
165
+ existing_group = rest.get_rest("groups/#{group_name}")
166
+ ui.msg "Removing '#{member_name}' from '#{group_name}' group"
167
+ if existing_group["#{member_type}s"].include?(member_name)
168
+ existing_group["#{member_type}s"].delete(member_name)
169
+ new_group = {
170
+ "groupname" => existing_group["groupname"],
171
+ "orgname" => existing_group["orgname"],
172
+ "actors" => {
173
+ "users" => existing_group["users"],
174
+ "clients" => existing_group["clients"],
175
+ "groups" => existing_group["groups"],
176
+ },
177
+ }
178
+ rest.put_rest("groups/#{group_name}", new_group)
179
+ end
180
+ end
181
+ end
182
+ end
183
+ end
data/lib/chef/knife/acl_bulk_add.rb ADDED
@@ -0,0 +1,78 @@
1
+ #
2
+ # Author:: Jeremiah Snapp (jeremiah@chef.io)
3
+ # Copyright:: Copyright (c) Chef Software Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require_relative "../knife"
20
+
21
+ class Chef
22
+ class Knife
23
+ class AclBulkAdd < Chef::Knife
24
+ category "acl"
25
+ banner "knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
26
+
27
+ deps do
28
+ require_relative "acl_base"
29
+ include Chef::Knife::AclBase
30
+ end
31
+
32
+ def run
33
+ member_type, member_name, object_type, regex, perms = name_args
34
+ object_name_matcher = /#{regex}/
35
+
36
+ if name_args.length != 5
37
+ show_usage
38
+ ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms"
39
+ exit 1
40
+ end
41
+
42
+ unless %w{client group}.include?(member_type)
43
+ ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
44
+ ui.fatal " See the knife-acl README for more information."
45
+ exit 1
46
+ end
47
+ validate_perm_type!(perms)
48
+ validate_member_name!(member_name)
49
+ validate_object_type!(object_type)
50
+ validate_member_exists!(member_type, member_name)
51
+
52
+ if %w{containers groups}.include?(object_type)
53
+ ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
54
+ exit 1
55
+ end
56
+
57
+ objects_to_modify = []
58
+ all_objects = rest.get_rest(object_type)
59
+ objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
60
+
61
+ if objects_to_modify.empty?
62
+ ui.info "No #{object_type} match the expression /#{regex}/"
63
+ exit 0
64
+ end
65
+
66
+ ui.msg("The ACL of the following #{object_type} will be modified:")
67
+ ui.msg("")
68
+ ui.msg(ui.list(objects_to_modify.sort, :columns_down))
69
+ ui.msg("")
70
+ ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
71
+
72
+ objects_to_modify.each do |object_name|
73
+ add_to_acl!(member_type, member_name, object_type, object_name, perms)
74
+ end
75
+ end
76
+ end
77
+ end
78
+ end