chef 16.0.287-universal-mingw32 → 16.2.73-universal-mingw32

data/lib/chef/digester.rb

@@ -19,6 +19,7 @@
 #
 
 require "openssl" unless defined?(OpenSSL)
+require "digest" unless defined?(Digest)
 require "singleton" unless defined?(Singleton)
 
 class Chef
@@ -39,9 +40,9 @@ class Chef
 
     def generate_checksum(file)
       if file.is_a?(StringIO)
-        checksum_io(file, OpenSSL::Digest::SHA256.new)
+        checksum_io(file, OpenSSL::Digest.new("SHA256"))
       else
-        checksum_file(file, OpenSSL::Digest::SHA256.new)
+        checksum_file(file, OpenSSL::Digest.new("SHA256"))
       end
     end
 
@@ -50,11 +51,11 @@ class Chef
     end
 
     def generate_md5_checksum_for_file(file)
-      checksum_file(file, OpenSSL::Digest::MD5.new)
+      checksum_file(file, ::Digest::MD5.new)
     end
 
     def generate_md5_checksum(io)
-      checksum_io(io, OpenSSL::Digest::MD5.new)
+      checksum_io(io, ::Digest::MD5.new)
     end
 
     private

data/lib/chef/dsl/declare_resource.rb

@@ -151,7 +151,7 @@ class Chef
       #     source "y.txt.erb"
       #     variables {}
       #   end
-      #   resource.variables.merge!({ home: "/home/klowns"  })
+      #   resource.variables.merge!({ home: "/home/clowns"  })
       #
       def edit_resource(type, name, created_at: nil, run_context: self.run_context, &resource_attrs_block)
         edit_resource!(type, name, created_at: created_at, run_context: run_context, &resource_attrs_block)

data/lib/chef/encrypted_data_bag_item/decryptor.rb

@@ -158,7 +158,7 @@ class Chef::EncryptedDataBagItem
             d = OpenSSL::Cipher.new(algorithm)
             d.decrypt
             # We must set key before iv: https://bugs.ruby-lang.org/issues/8221
-            d.key = OpenSSL::Digest::SHA256.digest(key)
+            d.key = OpenSSL::Digest.digest("SHA256", key)
             d.iv = iv
             d
           end

data/lib/chef/encrypted_data_bag_item/encryptor.rb

@@ -102,7 +102,7 @@ class Chef::EncryptedDataBagItem
           encryptor = OpenSSL::Cipher.new(algorithm)
           encryptor.encrypt
           # We must set key before iv: https://bugs.ruby-lang.org/issues/8221
-          encryptor.key = OpenSSL::Digest::SHA256.digest(key)
+          encryptor.key = OpenSSL::Digest.digest("SHA256", key)
           @iv ||= encryptor.random_iv
           encryptor.iv = @iv
           encryptor

data/lib/chef/file_access_control.rb

@@ -26,7 +26,7 @@ class Chef
   # the values specified by a value object, usually a Chef::Resource.
   class FileAccessControl
 
-    if RUBY_PLATFORM =~ /mswin|mingw|windows/
+    if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
       require_relative "file_access_control/windows"
       include FileAccessControl::Windows
     else

data/lib/chef/file_access_control/windows.rb

@@ -96,7 +96,7 @@ class Chef
             self_ace.mask = securable_object.predict_rights_mask(target_ace.mask)
             new_target_acl << self_ace
           end
-          # As there is no inheritence needed in case of WRITE permissions.
+          # As there is no inheritance needed in case of WRITE permissions.
           if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE && target_ace.flags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) != 0
             children_ace = target_ace.dup
             children_ace.flags |= INHERIT_ONLY_ACE
@@ -242,7 +242,7 @@ class Chef
         flags = 0
 
         #
-        # Configure child inheritence only if the resource is some
+        # Configure child inheritance only if the resource is some
         # type of a directory.
         #
         if resource.is_a? Chef::Resource::Directory

data/lib/chef/file_content_management/deploy/mv_unix.rb

@@ -51,7 +51,7 @@ class Chef
           # in the case where i'm running chef-solo on my homedir as myself and some root-shell
           # work has caused dotfiles of mine to change to root-owned, i'm fine with this not being
           # exceptional, and i think most use cases will consider this to not be exceptional, and
-          # the right thing is to fix the ownership of the file to the user running the commmand
+          # the right thing is to fix the ownership of the file to the user running the command
           # (which requires write perms to the directory, or mv will throw an exception)
           begin
             ::File.chown(uid, nil, src)

data/lib/chef/formatters/base.rb

@@ -142,7 +142,7 @@ class Chef
 
       # Generic callback for any attribute/library/lwrp/recipe file in a
       # cookbook getting loaded. The per-filetype callbacks for file load are
-      # overriden so that they call this instead. This means that a subclass of
+      # overridden so that they call this instead. This means that a subclass of
       # Formatters::Base can implement #file_loaded to do the same thing for
       # every kind of file that Chef loads from a recipe instead of
       # implementing all the per-filetype callbacks.

data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb

@@ -41,7 +41,7 @@ class Chef
 
           if found_error_in_cookbooks?
             traceback = filtered_bt.map { |line| "  #{line}" }.join("\n")
-            error_description.section("Cookbook Trace:", traceback)
+            error_description.section("Cookbook Trace: (most recent call first)", traceback)
             error_description.section("Relevant File Content:", context)
           end
 

data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb

@@ -46,7 +46,7 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::CLIENT}.
+              readable by #{Chef::Dist::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               client_key        "#{api_key}"
@@ -99,7 +99,7 @@ class Chef
         # redirect.
         def describe_404_error(error_description)
           error_description.section("Resource Not Found:", <<~E)
-            The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+            The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
           E
           error_description.section("Relevant Config Settings:", <<~E)
             chef_server_url "#{server_url}"

data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb

@@ -28,7 +28,7 @@ class Chef
             humanize_http_exception(error_description)
           when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
             error_description.section("Network Error:", <<~E)
-              There was a network error connecting to the Chef Server:
+              There was a network error connecting to the #{Chef::Dist::SERVER_PRODUCT}:
               #{exception.message}
             E
             error_description.section("Relevant Config Settings:", <<~E)
@@ -39,14 +39,14 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::CLIENT}.
+              readable by #{Chef::Dist::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               validation_key "#{api_key}"
             E
           when Chef::Exceptions::InvalidRedirect
             error_description.section("Invalid Redirect:", <<~E)
-              Change your server location in client.rb to the server's FQDN to avoid unwanted redirections.
+              Change your #{Chef::Dist::SERVER_PRODUCT} location in client.rb to the #{Chef::Dist::SERVER_PRODUCT}'s FQDN to avoid unwanted redirections.
             E
           when EOFError
             describe_eof_error(error_description)
@@ -61,13 +61,13 @@ class Chef
           when Net::HTTPUnauthorized
             if clock_skew?
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the chef server (http 401).
+                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
                 The request failed because your clock has drifted by more than 15 minutes.
                 Syncing your clock to an NTP Time source should resolve the issue.
               E
             else
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the chef server (http 401).
+                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
               E
 
               error_description.section("Server Response:", format_rest_error)
@@ -81,7 +81,7 @@ class Chef
             end
           when Net::HTTPForbidden
             error_description.section("Authorization Error:", <<~E)
-              Your validation client is not authorized to create the client for this node (HTTP 403).
+              Your validation client is not authorized to create the client for this node on the #{Chef::Dist::SERVER_PRODUCT} (HTTP 403).
             E
             error_description.section("Possible Causes:", <<~E)
               * There may already be a client named "#{config[:node_name]}"
@@ -94,7 +94,7 @@ class Chef
             error_description.section("Server Response:", format_rest_error)
           when Net::HTTPNotFound
             error_description.section("Resource Not Found:", <<~E)
-              The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+              The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url configuration is incorrect.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               chef_server_url "#{server_url}"

data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb

@@ -37,7 +37,7 @@ class Chef
           error_description.section(exception.class.name, exception.message)
 
           unless filtered_bt.empty?
-            error_description.section("Cookbook Trace:", filtered_bt.join("\n"))
+            error_description.section("Cookbook Trace: (most recent call first)", filtered_bt.join("\n"))
           end
 
           unless dynamic_resource?
@@ -79,8 +79,8 @@ class Chef
               loop do
 
                 # low rent parser. try to gracefully handle nested blocks in resources
-                nesting += 1 if lines[current_line] =~ /[\s]+do[\s]*/
-                nesting -= 1 if lines[current_line] =~ /end[\s]*$/
+                nesting += 1 if /[\s]+do[\s]*/.match?(lines[current_line])
+                nesting -= 1 if /end[\s]*$/.match?(lines[current_line])
 
                 relevant_lines << format_line(current_line, lines[current_line])
 

data/lib/chef/http.rb

@@ -52,7 +52,7 @@ class Chef
 
       def handle_chunk(next_chunk)
         # stream handlers handle responses so must be applied in reverse order
-        # (same as #apply_stream_complete_middleware or #apply_response_midddleware)
+        # (same as #apply_stream_complete_middleware or #apply_response_middleware)
         @stream_handlers.reverse.inject(next_chunk) do |chunk, handler|
           Chef::Log.trace("Chef::HTTP::StreamHandler calling #{handler.class}#handle_chunk")
           handler.handle_chunk(chunk)
@@ -269,7 +269,7 @@ class Chef
       if keepalives && !base_url.nil?
         # only reuse the http_client if we want keepalives and have a base_url
         @http_client ||= {}
-        # the per-host per-port cache here gets peristent connections correct when
+        # the per-host per-port cache here gets persistent connections correct when
         # redirecting to different servers
         if base_url.is_a?(String) # sigh, this kind of abuse can't happen with strongly typed languages
           @http_client[base_url] ||= build_http_client(base_url)
@@ -291,6 +291,21 @@ class Chef
 
     private
 
+    # @api private
+    def ssl_policy
+      return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode]
+
+      case @options[:ssl_verify_mode]
+      when :verify_none
+        Chef::HTTP::VerifyNoneSSLPolicy
+      when :verify_peer
+        Chef::HTTP::VerifyPeerSSLPolicy
+      else
+        Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy")
+        Chef::HTTP::APISSLPolicy
+      end
+    end
+
     # @api private
     def build_http_client(base_url)
       if chef_zero_uri?(base_url)
@@ -304,7 +319,7 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        BasicClient.new(base_url, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: keepalives)
+        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
       end
     end
 
@@ -312,7 +327,7 @@ class Chef
     def create_url(path)
       return path if path.is_a?(URI)
 
-      if path =~ %r{^(http|https|chefzero)://}i
+      if %r{^(http|https|chefzero)://}i.match?(path)
         URI.parse(path)
       elsif path.nil? || path.empty?
         URI.parse(@url)

data/lib/chef/http/decompressor.rb

@@ -22,7 +22,7 @@ require_relative "http_request"
 class Chef
   class HTTP
 
-    # Middleware-esque class for handling compression in HTTP responses.
+    # Middleware-ish class for handling compression in HTTP responses.
     class Decompressor
       class NoopInflater
         def inflate(chunk)

data/lib/chef/http/http_request.rb

@@ -128,7 +128,7 @@ class Chef
       rescue NoMethodError => e
         # http://redmine.ruby-lang.org/issues/show/2708
         # http://redmine.ruby-lang.org/issues/show/2758
-        if e.to_s =~ /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/
+        if /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/.match?(e.to_s)
           Chef::Log.trace("Rescued error in http connect, re-raising as Errno::ECONNREFUSED to hide bug in net/http")
           Chef::Log.trace("#{e.class.name}: #{e}")
           Chef::Log.trace(e.backtrace.join("\n"))

data/lib/chef/http/json_output.rb

@@ -47,7 +47,7 @@ class Chef
         # needed to keep conditional get stuff working correctly.
         return [http_response, rest_request, return_value] if return_value == false
 
-        if http_response["content-type"] =~ /json/
+        if /json/.match?(http_response["content-type"])
           if http_response.body.nil?
             return_value = nil
           elsif raw_output

data/lib/chef/http/ssl_policies.rb

@@ -129,5 +129,23 @@ class Chef
       end
     end
 
+    # This policy is used when we want to explicitly turn on verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_peer`
+    class VerifyPeerSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      end
+    end
+
+    # This policy is used when we want to explicitly turn off verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_none`
+    class VerifyNoneSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
   end
 end

data/lib/chef/json_compat.rb

@@ -28,7 +28,7 @@ class Chef
 
     class <<self
 
-      # API to use to avoid create_addtions
+      # API to use to avoid create_additions
       def parse(source, opts = {})
         FFI_Yajl::Parser.parse(source, opts)
       rescue FFI_Yajl::ParseError => e

data/lib/chef/key.rb

@@ -252,7 +252,7 @@ class Chef
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.n),
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.e),
         ])
-        OpenSSL::Digest::SHA1.hexdigest(data_string.to_der).scan(/../).join(":")
+        OpenSSL::Digest.hexdigest("SHA1", data_string.to_der).scan(/../).join(":")
       end
 
       def list(keys, actor, load_method_symbol, inflate)

data/lib/chef/knife.rb

@@ -248,7 +248,7 @@ class Chef
         category_desc = preferred_category ? preferred_category + " " : ""
         msg "Available #{category_desc}subcommands: (for details, knife SUB-COMMAND --help)\n\n"
         subcommand_loader.list_commands(preferred_category).sort.each do |category, commands|
-          next if category =~ /deprecated/i
+          next if /deprecated/i.match?(category)
 
           msg "** #{category.upcase} COMMANDS **"
           commands.sort.each do |command|
@@ -327,7 +327,7 @@ class Chef
       end
 
       # Grab a copy before config merge occurs, so that we can later identify
-      # whare a given config value is sourced from.
+      # where a given config value is sourced from.
       @original_config = config.dup
 
       # copy Mixlib::CLI over so that it can be configured in config.rb/knife.rb

data/lib/chef/knife/bootstrap.rb

@@ -94,7 +94,7 @@ class Chef
         boolean: true
 
       # This option was provided in knife bootstrap windows winrm,
-      # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemeneted here.
+      # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemented here.
       # option :kerberos_keytab_file,
       #   :short => "-T KEYTAB_FILE",
       #   :long => "--keytab-file KEYTAB_FILE",
@@ -275,7 +275,7 @@ class Chef
           accumulator
         }
 
-      # bootstrap override: url of a an installer shell script touse in place of omnitruck
+      # bootstrap override: url of a an installer shell script to use in place of omnitruck
       # Note that the bootstrap template _only_ references this out of Chef::Config, and not from
       # the provided options to knife bootstrap, so we set the Chef::Config option here.
       option :bootstrap_url,
@@ -580,11 +580,8 @@ class Chef
 
           bootstrap_context.client_pem = client_builder.client_path
         else
-          ui.info <<~EOM
-            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
-            Delete your validation key in order to use your user credentials for client registration instead.
-          EOM
-
+          ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
+          ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
         end
       end
 
@@ -602,7 +599,7 @@ class Chef
       end
 
       def connect!
-        ui.info("Connecting to #{ui.color(server_name, :bold)}")
+        ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
         opts ||= connection_opts.dup
         do_connect(opts)
       rescue Train::Error => e
@@ -706,14 +703,23 @@ class Chef
         true
       end
 
+      # FIXME: someone needs to clean this up properly:  https://github.com/chef/chef/issues/9645
+      # This code is deliberately left without an abstraction around deprecating the config options to avoid knife plugins from
+      # using those methods (which will need to be deprecated and break them) via inheritance (ruby does not have a true `private`
+      # so the lack of any inheritable implementation is because of that).
+      #
       def winrm_auth_method
-        config_value(:winrm_auth_method, :winrm_authentication_protocol, "negotiate")
+        config.key?(:winrm_auth_method) ? config[:winrm_auth_method] : config.key?(:winrm_authentications_protocol) ? config[:winrm_authentication_protocol] : "negotiate" # rubocop:disable Style/NestedTernaryOperator
+      end
+
+      def ssh_verify_host_key
+        config.key?(:ssh_verify_host_key) ? config[:ssh_verify_host_key] : config.key?(:host_key_verify) ? config[:host_key_verify] : "always" # rubocop:disable Style/NestedTernaryOperator
       end
 
       # Fail if using plaintext auth without ssl because
       # this can expose keys in plaintext on the wire.
       # TODO test for this method
-      # TODO check that the protoocol is valid.
+      # TODO check that the protocol is valid.
       def validate_winrm_transport_opts!
         return true unless winrm?
 
@@ -908,7 +914,7 @@ class Chef
           { self_signed: config[:winrm_no_verify_cert] === true }
         elsif ssh?
           # Fall back to the old knife config key name for back compat.
-          { verify_host_key: config_value(:ssh_verify_host_key, :host_key_verify, "always") }
+          { verify_host_key: ssh_verify_host_key }
         else
           {}
         end
@@ -967,7 +973,7 @@ class Chef
             gw_host = split[1]
           end
           gw_host, gw_port = gw_host.split(":", 2)
-          # TODO - validate convertable port in config validation?
+          # TODO - validate convertible port in config validation?
           gw_port = Integer(gw_port) rescue nil
           opts[:bastion_host] = gw_host
           opts[:bastion_user] = gw_user
@@ -1054,7 +1060,7 @@ class Chef
       # @api deprecated
       #
       def config_value(key, fallback_key = nil, default = nil)
-        Chef.deprecated(:knife_bootstrap_apis, "Use of config_value without a fallback_key is deprecated.  Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.") if fallback_key.nil?
+        Chef.deprecated(:knife_bootstrap_apis, "Use of config_value is deprecated.  Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.")
         if config.key?(key)
           # the first key is the primary key so we check the merged hash first
           config[key]
@@ -1073,7 +1079,7 @@ class Chef
         remote_path
       end
 
-      # build the command string for bootrapping
+      # build the command string for bootstrapping
       # @return String
       def bootstrap_command(remote_path)
         if connection.windows?