chef 16.0.275-universal-mingw32 → 16.2.50-universal-mingw32

data/lib/chef/data_collector.rb

@@ -184,7 +184,7 @@ class Chef
         begin
           code = e&.response&.code&.to_s
         rescue
-          # i really dont care
+          # i really don't care
         end
 
         code ||= "No HTTP Code"

data/lib/chef/data_collector/error_handlers.rb

@@ -18,7 +18,7 @@
 class Chef
   class DataCollector
 
-    # This module isolates the handling of collecting error descriptions to insert into the data_colletor
+    # This module isolates the handling of collecting error descriptions to insert into the data_collector
     # report output.  For very early errors it is responsible for collecting the node_name for the report
     # to use.  For all failure conditions that have an ErrorMapper it collects the output.
     #

data/lib/chef/decorator/lazy_array.rb

@@ -21,8 +21,8 @@ class Chef
   class Decorator
     # Lazy Array around Lazy Objects
     #
-    # This only lazys access through `#[]`.  In order to implement #each we need to
-    # know how many items we have and what their indexes are, so we'd have to evalute
+    # This makes access lazy through `#[]`.  In order to implement #each we need to
+    # know how many items we have and what their indexes are, so we'd have to evaluate
     # the proc which makes that impossible.  You can call methods like #each and the
     # decorator will forward the method, but item access will not be lazy.
     #

data/lib/chef/deprecated.rb

@@ -72,7 +72,7 @@ class Chef
             # Just in case someone uses a symbol in the config by mistake.
             silence_spec = silence_spec.to_s
           end
-           # Check for a silence by deprecation name, or by location.
+          # Check for a silence by deprecation name, or by location.
           self.class.deprecation_key == silence_spec || self.class.deprecation_id.to_s == silence_spec || "chef-#{self.class.deprecation_id}" == silence_spec.downcase || location.include?(silence_spec)
         end
         # check if this warning has been silenced by inline comment.
@@ -237,6 +237,10 @@ class Chef
       target 29
     end
 
+    class ArchiveFileIntegerFileMode < Base
+      target 30
+    end
+
     class Generic < Base
       def url
         "https://docs.chef.io/chef_deprecations_client/"

data/lib/chef/digester.rb

@@ -39,9 +39,9 @@ class Chef
 
     def generate_checksum(file)
       if file.is_a?(StringIO)
-        checksum_io(file, OpenSSL::Digest::SHA256.new)
+        checksum_io(file, OpenSSL::Digest.new("SHA256"))
       else
-        checksum_file(file, OpenSSL::Digest::SHA256.new)
+        checksum_file(file, OpenSSL::Digest.new("SHA256"))
       end
     end
 
@@ -50,11 +50,11 @@ class Chef
     end
 
     def generate_md5_checksum_for_file(file)
-      checksum_file(file, OpenSSL::Digest::MD5.new)
+      checksum_file(file, OpenSSL::Digest.new("MD5"))
     end
 
     def generate_md5_checksum(io)
-      checksum_io(io, OpenSSL::Digest::MD5.new)
+      checksum_io(io, OpenSSL::Digest.new("MD5"))
     end
 
     private

data/lib/chef/dsl/declare_resource.rb

@@ -151,7 +151,7 @@ class Chef
       #     source "y.txt.erb"
       #     variables {}
       #   end
-      #   resource.variables.merge!({ home: "/home/klowns"  })
+      #   resource.variables.merge!({ home: "/home/clowns"  })
       #
       def edit_resource(type, name, created_at: nil, run_context: self.run_context, &resource_attrs_block)
         edit_resource!(type, name, created_at: created_at, run_context: run_context, &resource_attrs_block)

data/lib/chef/dsl/platform_introspection.rb

@@ -168,7 +168,7 @@ class Chef
         has_platform
       end
 
-     # Implementation class for determining platform family dependent values
+      # Implementation class for determining platform family dependent values
       class PlatformFamilyDependentValue
 
         # Create a platform family dependent value object.

data/lib/chef/encrypted_data_bag_item/decryptor.rb

@@ -158,7 +158,7 @@ class Chef::EncryptedDataBagItem
             d = OpenSSL::Cipher.new(algorithm)
             d.decrypt
             # We must set key before iv: https://bugs.ruby-lang.org/issues/8221
-            d.key = OpenSSL::Digest::SHA256.digest(key)
+            d.key = OpenSSL::Digest.digest("SHA256", key)
             d.iv = iv
             d
           end

data/lib/chef/encrypted_data_bag_item/encryptor.rb

@@ -102,7 +102,7 @@ class Chef::EncryptedDataBagItem
           encryptor = OpenSSL::Cipher.new(algorithm)
           encryptor.encrypt
           # We must set key before iv: https://bugs.ruby-lang.org/issues/8221
-          encryptor.key = OpenSSL::Digest::SHA256.digest(key)
+          encryptor.key = OpenSSL::Digest.digest("SHA256", key)
           @iv ||= encryptor.random_iv
           encryptor.iv = @iv
           encryptor

data/lib/chef/file_access_control.rb

@@ -26,7 +26,7 @@ class Chef
   # the values specified by a value object, usually a Chef::Resource.
   class FileAccessControl
 
-    if RUBY_PLATFORM =~ /mswin|mingw|windows/
+    if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
       require_relative "file_access_control/windows"
       include FileAccessControl::Windows
     else

data/lib/chef/formatters/base.rb

@@ -142,7 +142,7 @@ class Chef
 
       # Generic callback for any attribute/library/lwrp/recipe file in a
       # cookbook getting loaded. The per-filetype callbacks for file load are
-      # overriden so that they call this instead. This means that a subclass of
+      # overridden so that they call this instead. This means that a subclass of
       # Formatters::Base can implement #file_loaded to do the same thing for
       # every kind of file that Chef loads from a recipe instead of
       # implementing all the per-filetype callbacks.

data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb

@@ -41,7 +41,7 @@ class Chef
 
           if found_error_in_cookbooks?
             traceback = filtered_bt.map { |line| "  #{line}" }.join("\n")
-            error_description.section("Cookbook Trace:", traceback)
+            error_description.section("Cookbook Trace: (most recent call first)", traceback)
             error_description.section("Relevant File Content:", context)
           end
 

data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb

@@ -46,7 +46,7 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::CLIENT}.
+              readable by #{Chef::Dist::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               client_key        "#{api_key}"
@@ -99,7 +99,7 @@ class Chef
         # redirect.
         def describe_404_error(error_description)
           error_description.section("Resource Not Found:", <<~E)
-            The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+            The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
           E
           error_description.section("Relevant Config Settings:", <<~E)
             chef_server_url "#{server_url}"

data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb

@@ -28,7 +28,7 @@ class Chef
             humanize_http_exception(error_description)
           when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
             error_description.section("Network Error:", <<~E)
-              There was a network error connecting to the Chef Server:
+              There was a network error connecting to the #{Chef::Dist::SERVER_PRODUCT}:
               #{exception.message}
             E
             error_description.section("Relevant Config Settings:", <<~E)
@@ -39,14 +39,14 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::CLIENT}.
+              readable by #{Chef::Dist::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               validation_key "#{api_key}"
             E
           when Chef::Exceptions::InvalidRedirect
             error_description.section("Invalid Redirect:", <<~E)
-              Change your server location in client.rb to the server's FQDN to avoid unwanted redirections.
+              Change your #{Chef::Dist::SERVER_PRODUCT} location in client.rb to the #{Chef::Dist::SERVER_PRODUCT}'s FQDN to avoid unwanted redirections.
             E
           when EOFError
             describe_eof_error(error_description)
@@ -61,13 +61,13 @@ class Chef
           when Net::HTTPUnauthorized
             if clock_skew?
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the chef server (http 401).
+                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
                 The request failed because your clock has drifted by more than 15 minutes.
                 Syncing your clock to an NTP Time source should resolve the issue.
               E
             else
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the chef server (http 401).
+                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
               E
 
               error_description.section("Server Response:", format_rest_error)
@@ -81,7 +81,7 @@ class Chef
             end
           when Net::HTTPForbidden
             error_description.section("Authorization Error:", <<~E)
-              Your validation client is not authorized to create the client for this node (HTTP 403).
+              Your validation client is not authorized to create the client for this node on the #{Chef::Dist::SERVER_PRODUCT} (HTTP 403).
             E
             error_description.section("Possible Causes:", <<~E)
               * There may already be a client named "#{config[:node_name]}"
@@ -94,7 +94,7 @@ class Chef
             error_description.section("Server Response:", format_rest_error)
           when Net::HTTPNotFound
             error_description.section("Resource Not Found:", <<~E)
-              The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+              The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url configuration is incorrect.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               chef_server_url "#{server_url}"

data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb

@@ -37,7 +37,7 @@ class Chef
           error_description.section(exception.class.name, exception.message)
 
           unless filtered_bt.empty?
-            error_description.section("Cookbook Trace:", filtered_bt.join("\n"))
+            error_description.section("Cookbook Trace: (most recent call first)", filtered_bt.join("\n"))
           end
 
           unless dynamic_resource?
@@ -79,8 +79,8 @@ class Chef
               loop do
 
                 # low rent parser. try to gracefully handle nested blocks in resources
-                nesting += 1 if lines[current_line] =~ /[\s]+do[\s]*/
-                nesting -= 1 if lines[current_line] =~ /end[\s]*$/
+                nesting += 1 if /[\s]+do[\s]*/.match?(lines[current_line])
+                nesting -= 1 if /end[\s]*$/.match?(lines[current_line])
 
                 relevant_lines << format_line(current_line, lines[current_line])
 

data/lib/chef/http.rb

@@ -269,7 +269,7 @@ class Chef
       if keepalives && !base_url.nil?
         # only reuse the http_client if we want keepalives and have a base_url
         @http_client ||= {}
-        # the per-host per-port cache here gets peristent connections correct when
+        # the per-host per-port cache here gets persistent connections correct when
         # redirecting to different servers
         if base_url.is_a?(String) # sigh, this kind of abuse can't happen with strongly typed languages
           @http_client[base_url] ||= build_http_client(base_url)
@@ -291,6 +291,21 @@ class Chef
 
     private
 
+    # @api private
+    def ssl_policy
+      return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode]
+
+      case @options[:ssl_verify_mode]
+      when :verify_none
+        Chef::HTTP::VerifyNoneSSLPolicy
+      when :verify_peer
+        Chef::HTTP::VerifyPeerSSLPolicy
+      else
+        Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy")
+        Chef::HTTP::APISSLPolicy
+      end
+    end
+
     # @api private
     def build_http_client(base_url)
       if chef_zero_uri?(base_url)
@@ -304,7 +319,7 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        BasicClient.new(base_url, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: keepalives)
+        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
       end
     end
 
@@ -312,7 +327,7 @@ class Chef
     def create_url(path)
       return path if path.is_a?(URI)
 
-      if path =~ %r{^(http|https|chefzero)://}i
+      if %r{^(http|https|chefzero)://}i.match?(path)
         URI.parse(path)
       elsif path.nil? || path.empty?
         URI.parse(@url)

data/lib/chef/http/decompressor.rb

@@ -22,7 +22,7 @@ require_relative "http_request"
 class Chef
   class HTTP
 
-    # Middleware-esque class for handling compression in HTTP responses.
+    # Middleware-ish class for handling compression in HTTP responses.
     class Decompressor
       class NoopInflater
         def inflate(chunk)

data/lib/chef/http/http_request.rb

@@ -128,7 +128,7 @@ class Chef
       rescue NoMethodError => e
         # http://redmine.ruby-lang.org/issues/show/2708
         # http://redmine.ruby-lang.org/issues/show/2758
-        if e.to_s =~ /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/
+        if /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/.match?(e.to_s)
           Chef::Log.trace("Rescued error in http connect, re-raising as Errno::ECONNREFUSED to hide bug in net/http")
           Chef::Log.trace("#{e.class.name}: #{e}")
           Chef::Log.trace(e.backtrace.join("\n"))

data/lib/chef/http/json_output.rb

@@ -47,7 +47,7 @@ class Chef
         # needed to keep conditional get stuff working correctly.
         return [http_response, rest_request, return_value] if return_value == false
 
-        if http_response["content-type"] =~ /json/
+        if /json/.match?(http_response["content-type"])
           if http_response.body.nil?
             return_value = nil
           elsif raw_output

data/lib/chef/http/ssl_policies.rb

@@ -129,5 +129,23 @@ class Chef
       end
     end
 
+    # This policy is used when we want to explicitly turn on verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_peer`
+    class VerifyPeerSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      end
+    end
+
+    # This policy is used when we want to explicitly turn off verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_none`
+    class VerifyNoneSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
   end
 end

data/lib/chef/json_compat.rb

@@ -28,7 +28,7 @@ class Chef
 
     class <<self
 
-      # API to use to avoid create_addtions
+      # API to use to avoid create_additions
       def parse(source, opts = {})
         FFI_Yajl::Parser.parse(source, opts)
       rescue FFI_Yajl::ParseError => e

data/lib/chef/key.rb

@@ -252,7 +252,7 @@ class Chef
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.n),
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.e),
         ])
-        OpenSSL::Digest::SHA1.hexdigest(data_string.to_der).scan(/../).join(":")
+        OpenSSL::Digest.hexdigest("SHA1", data_string.to_der).scan(/../).join(":")
       end
 
       def list(keys, actor, load_method_symbol, inflate)

data/lib/chef/knife.rb

@@ -248,7 +248,7 @@ class Chef
         category_desc = preferred_category ? preferred_category + " " : ""
         msg "Available #{category_desc}subcommands: (for details, knife SUB-COMMAND --help)\n\n"
         subcommand_loader.list_commands(preferred_category).sort.each do |category, commands|
-          next if category =~ /deprecated/i
+          next if /deprecated/i.match?(category)
 
           msg "** #{category.upcase} COMMANDS **"
           commands.sort.each do |command|
@@ -327,7 +327,7 @@ class Chef
       end
 
       # Grab a copy before config merge occurs, so that we can later identify
-      # whare a given config value is sourced from.
+      # where a given config value is sourced from.
       @original_config = config.dup
 
       # copy Mixlib::CLI over so that it can be configured in config.rb/knife.rb

data/lib/chef/knife/bootstrap.rb

@@ -93,12 +93,12 @@ class Chef
         description: "For WinRM basic authentication when using the 'ssl' auth method.",
         boolean: true
 
-        # This option was provided in knife bootstrap windows winrm,
-        # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemeneted here.
-        # option :kerberos_keytab_file,
-        #   :short => "-T KEYTAB_FILE",
-        #   :long => "--keytab-file KEYTAB_FILE",
-        #   :description => "The Kerberos keytab file used for authentication"
+      # This option was provided in knife bootstrap windows winrm,
+      # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemented here.
+      # option :kerberos_keytab_file,
+      #   :short => "-T KEYTAB_FILE",
+      #   :long => "--keytab-file KEYTAB_FILE",
+      #   :description => "The Kerberos keytab file used for authentication"
 
       option :kerberos_realm,
         short: "-R KERBEROS_REALM",
@@ -275,7 +275,7 @@ class Chef
           accumulator
         }
 
-      # bootstrap override: url of a an installer shell script touse in place of omnitruck
+      # bootstrap override: url of a an installer shell script to use in place of omnitruck
       # Note that the bootstrap template _only_ references this out of Chef::Config, and not from
       # the provided options to knife bootstrap, so we set the Chef::Config option here.
       option :bootstrap_url,
@@ -580,11 +580,8 @@ class Chef
 
           bootstrap_context.client_pem = client_builder.client_path
         else
-          ui.info <<~EOM
-            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
-            Delete your validation key in order to use your user credentials for client registration instead.
-          EOM
-
+          ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
+          ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
         end
       end
 
@@ -602,7 +599,7 @@ class Chef
       end
 
       def connect!
-        ui.info("Connecting to #{ui.color(server_name, :bold)}")
+        ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
         opts ||= connection_opts.dup
         do_connect(opts)
       rescue Train::Error => e
@@ -713,7 +710,7 @@ class Chef
       # Fail if using plaintext auth without ssl because
       # this can expose keys in plaintext on the wire.
       # TODO test for this method
-      # TODO check that the protoocol is valid.
+      # TODO check that the protocol is valid.
       def validate_winrm_transport_opts!
         return true unless winrm?
 
@@ -967,7 +964,7 @@ class Chef
             gw_host = split[1]
           end
           gw_host, gw_port = gw_host.split(":", 2)
-          # TODO - validate convertable port in config validation?
+          # TODO - validate convertible port in config validation?
           gw_port = Integer(gw_port) rescue nil
           opts[:bastion_host] = gw_host
           opts[:bastion_user] = gw_user
@@ -1073,7 +1070,7 @@ class Chef
         remote_path
       end
 
-      # build the command string for bootrapping
+      # build the command string for bootstrapping
       # @return String
       def bootstrap_command(remote_path)
         if connection.windows?