chef 16.0.287-universal-mingw32 → 16.2.73-universal-mingw32

data/lib/chef/provider/package/powershell.rb

@@ -53,10 +53,13 @@ class Chef
 
         # Installs the package specified with the version passed else latest version will be installed
         def install_package(names, versions)
+          # To enable tls 1.2, which is disabled by default in some OS
+          powershell_out("[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12")
+
           names.each_with_index do |name, index|
             cmd = powershell_out(build_powershell_package_command("Install-Package '#{name}'", versions[index]), timeout: new_resource.timeout)
             next if cmd.nil?
-            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if cmd.stderr =~ /SkipPublisherCheck/
+            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.stderr)
           end
         end
 
@@ -115,7 +118,8 @@ class Chef
           command = [command] unless command.is_a?(Array)
           cmdlet_name = command.first
           command.unshift("(")
-          %w{-Force -ForceBootstrap}.each do |arg|
+          # -WarningAction SilentlyContinue is used to suppress the warnings from stdout
+          %w{-Force -ForceBootstrap -WarningAction SilentlyContinue}.each do |arg|
             command.push(arg)
           end
           command.push("-RequiredVersion #{version}") if version

data/lib/chef/provider/package/rubygems.rb

@@ -250,7 +250,7 @@ class Chef
           private
 
           def logger
-            Chef::Log.with_child({ subsytem: "gem_installer_environment" })
+            Chef::Log.with_child({ subsystem: "gem_installer_environment" })
           end
 
         end
@@ -420,7 +420,7 @@ class Chef
         end
 
         def is_omnibus?
-          if RbConfig::CONFIG["bindir"] =~ %r{/(opscode|chef|chefdk)/embedded/bin}
+          if %r{/(opscode|chef|chefdk)/embedded/bin}.match?(RbConfig::CONFIG["bindir"])
             logger.trace("#{new_resource} detected omnibus installation in #{RbConfig::CONFIG["bindir"]}")
             # Omnibus installs to a static path because of linking on unix, find it.
             true
@@ -447,7 +447,7 @@ class Chef
 
           scheme = URI.parse(new_resource.source).scheme
           # URI.parse gets confused by MS Windows paths with forward slashes.
-          scheme = nil if scheme =~ /^[a-z]$/
+          scheme = nil if /^[a-z]$/.match?(scheme)
           %w{http https}.include?(scheme)
         rescue URI::InvalidURIError
           logger.trace("#{new_resource} failed to parse source '#{new_resource.source}' as a URI, assuming a local path")

data/lib/chef/provider/package/snap.rb

@@ -59,15 +59,14 @@ class Chef
         def get_current_versions
           package_name_array.each_with_index.map do |pkg, i|
             installed_version(i)
-          end
+          end.compact
         end
 
         def install_package(names, versions)
           if new_resource.source
             install_snap_from_source(names, new_resource.source)
           else
-            resolved_names = names.each_with_index.map { |name, i| available_version(i).to_s unless name.nil? }
-            install_snaps(resolved_names)
+            install_snaps(names)
           end
         end
 
@@ -75,14 +74,16 @@ class Chef
           if new_resource.source
             install_snap_from_source(names, new_resource.source)
           else
-            resolved_names = names.each_with_index.map { |name, i| available_version(i).to_s unless name.nil? }
-            update_snaps(resolved_names)
+            if get_current_versions.empty?
+              install_snaps(names, versions)
+            else
+              update_snaps(names)
+            end
           end
         end
 
         def remove_package(names, versions)
-          resolved_names = names.each_with_index.map { |name, i| installed_version(i).to_s unless name.nil? }
-          uninstall_snaps(resolved_names)
+          uninstall_snaps(names)
         end
 
         alias purge_package remove_package
@@ -129,19 +130,73 @@ class Chef
             "Accept: application/json\r\n" +
             "Content-Type: application/json\r\n"
           if method == "POST"
-            request.concat("Content-Length: #{post_data.bytesize}\r\n\r\n#{post_data}")
+            pdata = post_data.to_json.to_s
+            request.concat("Content-Length: #{pdata.bytesize}\r\n\r\n#{pdata}")
           end
           request.concat("\r\n")
-          # While it is expected to allow clients to connect using HTTPS over a TCP socket,
-          # at this point only a UNIX socket is supported. The socket is /run/snapd.socket
-          # Note - UNIXSocket is not defined on windows systems
+
+          # while it is expected to allow clients to connect using https over
+          # a tcp socket, at this point only a unix socket is supported. the
+          # socket is /run/snapd.socket note - unix socket is not defined on
+          # windows systems
           if defined?(::UNIXSocket)
             UNIXSocket.open("/run/snapd.socket") do |socket|
-              # Send request, read the response, split the response and parse the body
-              socket.print(request)
-              response = socket.read
-              headers, body = response.split("\r\n\r\n", 2)
-              JSON.parse(body)
+              # send request, read the response, split the response and parse
+              # the body
+              socket.write(request)
+
+              # WARNING!!! HERE BE DRAGONs
+              #
+              # So snapd doesn't return an EOF at the end of its body, so
+              # doing a normal read will just hang forever.
+              #
+              # Well, sort of. if, after it writes everything, you then send
+              # yet-another newline, it'll then send its EOF and promptly
+              # disconnect closing the pipe and preventing reading. so, you
+              # have to read first, and therein lies the EOF problem.
+              #
+              # So you can do non-blocking reads with selects, but it
+              # makes every read take about 5 seconds. If, instead, we
+              # read the last line char-by-char, it's about half a second.
+              #
+              # Reading a character at a time isn't efficient, and since we
+              # know that http headers always have a blank line after them,
+              # we can read lines until we find a blank line and *then* read
+              # a character at a time. snap returns all the json on a single
+              # line, so once you pass headers you must read a character a
+              # time.
+              #
+              # - jaymzh
+
+              Chef::Log.trace(
+                "snap_package[#{new_resource.package_name}]: reading headers"
+              )
+              loop do
+                response = socket.readline
+                break if response.strip.empty? # finished headers
+              end
+              Chef::Log.trace(
+                "snap_package[#{new_resource.package_name}]: past headers, " +
+                "onto the body..."
+              )
+              result = nil
+              body = ""
+              socket.each_char do |c|
+                body << c
+                # we know we're not done if we don't have a char that
+                # can end JSON
+                next unless ["}", "]"].include?(c)
+
+                begin
+                  result = JSON.parse(body)
+                  # if we get here, we were able to parse the json so we
+                  # are done reading
+                  break
+                rescue JSON::ParserError
+                  next
+                end
+              end
+              result
             end
           end
         end
@@ -211,20 +266,22 @@ class Chef
           response.error!
         end
 
-        def install_snaps(snap_names)
-          response = post_snaps(snap_names, "install", new_resource.channel, new_resource.options)
-          id = get_id_from_async_response(response)
-          wait_for_completion(id)
+        def install_snaps(snap_names, versions)
+          snap_names.each do |snap|
+            response = post_snap(snap, "install", new_resource.channel, new_resource.options)
+            id = get_id_from_async_response(response)
+            wait_for_completion(id)
+          end
         end
 
         def update_snaps(snap_names)
-          response = post_snaps(snap_names, "refresh", new_resource.channel, new_resource.options)
+          response = post_snaps(snap_names, "refresh", nil, new_resource.options)
           id = get_id_from_async_response(response)
           wait_for_completion(id)
         end
 
         def uninstall_snaps(snap_names)
-          response = post_snaps(snap_names, "remove", new_resource.channel, new_resource.options)
+          response = post_snaps(snap_names, "remove", nil, new_resource.options)
           id = get_id_from_async_response(response)
           wait_for_completion(id)
         end
@@ -278,18 +335,20 @@ class Chef
               "action" => action,
               "snaps" => snap_names,
           }
-          if %w{install refresh switch}.include?(action)
+          if %w{install refresh switch}.include?(action) && channel
             request["channel"] = channel
           end
 
           # No defensive handling of params
           # Snap will throw the proper exception if called improperly
           # And we can provide that exception to the end user
-          request["classic"] = true if options["classic"]
-          request["devmode"] = true if options["devmode"]
-          request["jailmode"] = true if options["jailmode"]
+          if options
+            request["classic"] = true if options.include?("classic")
+            request["devmode"] = true if options.include?("devmode")
+            request["jailmode"] = true if options.include?("jailmode")
+            request["ignore_validation"] = true if options.include?("ignore-validation")
+          end
           request["revision"] = revision unless revision.nil?
-          request["ignore_validation"] = true if options["ignore-validation"]
           request
         end
 
@@ -305,12 +364,22 @@ class Chef
           call_snap_api("POST", "/v2/snaps", json)
         end
 
+        def post_snap(snap_name, action, channel, options, revision = nil)
+          json = generate_snap_json(snap_name, action, channel, options, revision = nil)
+          json.delete("snaps")
+          call_snap_api("POST", "/v2/snaps/#{snap_name}", json)
+        end
+
         def get_latest_package_version(name, channel)
           json = call_snap_api("GET", "/v2/find?name=#{name}")
           if json["status-code"] != 200
             raise Chef::Exceptions::Package, json["result"], caller
           end
 
+          unless json["result"][0]["channels"]["latest/#{channel}"]
+            raise Chef::Exceptions::Package, "No version of #{name} in channel #{channel}", caller
+          end
+
           # Return the version matching the channel
           json["result"][0]["channels"]["latest/#{channel}"]["version"]
         end

data/lib/chef/provider/package/windows.rb

@@ -38,7 +38,7 @@ class Chef
         def define_resource_requirements
           if new_resource.checksum
             requirements.assert(:install) do |a|
-              a.assertion { new_resource.checksum.downcase == checksum(source_location) }
+              a.assertion { new_resource.checksum == checksum(source_location) }
               a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})"
             end
           end
@@ -169,7 +169,7 @@ class Chef
         # is not multipackage.  The existing implementation of package_provider.installed_version should probably
         # be what `uninstall_version_array` is, and then that list should be sorted and last/first'd into the
         # current_resource.version.  The current_version_array method was not intended to be overwritten by
-        # sublasses (but ruby provides no feature to block doing so -- it is already marked as private).
+        # subclasses (but ruby provides no feature to block doing so -- it is already marked as private).
         #
         def current_version_array
           [ current_resource.version ]

data/lib/chef/provider/package/windows/msi.rb

@@ -18,7 +18,7 @@
 
 # TODO: Allow new_resource.source to be a Product Code as a GUID for uninstall / network install
 
-require_relative "../../../win32/api/installer" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require_relative "../../../win32/api/installer" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 require_relative "../../../mixin/shell_out"
 
 class Chef
@@ -26,7 +26,7 @@ class Chef
     class Package
       class Windows
         class MSI
-          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
           include Chef::Mixin::ShellOut
 
           def initialize(resource, uninstall_entries)
@@ -84,7 +84,7 @@ class Chef
                 .map(&:uninstall_string).uniq.each do |uninstall_string|
                   uninstall_string = "msiexec /x #{uninstall_string.match(/{.*}/)}"
                   uninstall_string += expand_options(new_resource.options)
-                  uninstall_string += " /q" unless uninstall_string.downcase =~ %r{ /q}
+                  uninstall_string += " /q" unless %r{ /q}.match?(uninstall_string.downcase)
                   logger.trace("#{new_resource} removing MSI package version using '#{uninstall_string}'")
                   shell_out!(uninstall_string, default_env: false, timeout: new_resource.timeout, returns: new_resource.returns)
                 end

data/lib/chef/provider/package/windows/registry_uninstall_entry.rb

@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require "win32/registry" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require "win32/registry" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 
 class Chef
   class Provider

data/lib/chef/provider/package/yum.rb

@@ -100,7 +100,7 @@ class Chef
 
             # If this is a package like the kernel that can be installed multiple times, we'll skip over this logic
             if new_resource.allow_downgrade && version_gt?(iv.version_with_arch, av.version_with_arch) && !python_helper.install_only_packages(name)
-              # We allow downgrading only in the evenit of single-package
+              # We allow downgrading only in the event of single-package
               # rules where the user explicitly allowed it
               method = "downgrade"
             end

data/lib/chef/provider/package/yum/yum_cache.rb

@@ -22,7 +22,7 @@ require "singleton" unless defined?(Singleton)
 
 #
 # These are largely historical APIs, the YumCache object no longer exists and this is a
-# fascade over the python helper class.  It should be considered deprecated-lite and
+# facade over the python helper class.  It should be considered deprecated-lite and
 # no new APIs should be added and should be added to the python_helper instead.
 #
 

data/lib/chef/provider/powershell_script.rb

@@ -26,19 +26,12 @@ class Chef
 
       provides :powershell_script
 
-      def initialize(new_resource, run_context)
-        super(new_resource, run_context, ".ps1")
-        add_exit_status_wrapper
-      end
-
       action :run do
         validate_script_syntax!
         super()
       end
 
       def command
-        basepath = is_forced_32bit ? wow64_directory : run_context.node["kernel"]["os_info"]["system_directory"]
-
         # Powershell.exe is always in "v1.0" folder (for backwards compatibility)
         interpreter_path = Chef::Util::PathHelper.join(basepath, "WindowsPowerShell", "v1.0", interpreter)
 
@@ -48,21 +41,19 @@ class Chef
         # error status of a failed Windows process that ran at the
         # end of the script, it gets changed to '1'.
         #
-        "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file.path}\""
+        "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file_path}\""
       end
 
       protected
 
-      # Process exit codes are strange with PowerShell and require
-      # special handling to cover common use cases.
-      def add_exit_status_wrapper
-        self.code = wrapper_script
+      def code
+        code = wrapper_script
         logger.trace("powershell_script provider called with script code:\n\n#{new_resource.code}\n")
         logger.trace("powershell_script provider will execute transformed code:\n\n#{code}\n")
+        code
       end
 
       def validate_script_syntax!
-        interpreter_arguments = new_resource.flags
         Tempfile.open(["chef_powershell_script-user-code", ".ps1"]) do |user_script_file|
           # Wrap the user's code in a PowerShell script block so that
           # it isn't executed. However, syntactically invalid script
@@ -80,7 +71,7 @@ class Chef
           # written to the file system at this point, which is required since
           # the intent is to execute the code just written to it.
           user_script_file.close
-          validation_command = "\"#{interpreter}\" #{interpreter_arguments} -Command \". '#{user_script_file.path}'\""
+          validation_command = "\"#{interpreter}\" #{new_resource.flags} -Command \". '#{user_script_file.path}'\""
 
           # Note that other script providers like bash allow syntax errors
           # to be suppressed by setting 'returns' to a value that the
@@ -94,11 +85,13 @@ class Chef
           # means a non-zero return and thus a syntactically invalid script.
 
           with_os_architecture(node, architecture: new_resource.architecture) do
-            shell_out!(validation_command, { returns: [0] })
+            shell_out!(validation_command, returns: [0])
           end
         end
       end
 
+      # Process exit codes are strange with PowerShell and require
+      # special handling to cover common use cases.
       # A wrapper script is used to launch user-supplied script while
       # still obtaining useful process exit codes. Unless you
       # explicitly call exit in PowerShell, the powershell.exe
@@ -182,6 +175,9 @@ class Chef
         EOH
       end
 
+      def script_extension
+        ".ps1"
+      end
     end
   end
 end

data/lib/chef/provider/remote_directory.rb

@@ -147,7 +147,7 @@ class Chef
         new_resource.updated_by_last_action(true) if res.updated?
       end
 
-      # Get the files to tranfer.  This returns files in lexicographical sort order.
+      # Get the files to transfer.  This returns files in lexicographical sort order.
       #
       # FIXME: it should do breadth-first, see CHEF-5080 (please use a performant sort)
       #
@@ -245,7 +245,7 @@ class Chef
         res = Chef::Resource::Directory.new(dir, run_context)
         res.cookbook_name = resource_cookbook
         if ChefUtils.windows? && rights
-          # rights are only meant to be applied to the toppest-level directory;
+          # rights are only meant to be applied to the most top-level directory;
           # Windows will handle inheritance.
           if dir == path
             rights.each do |r|

data/lib/chef/provider/remote_file/http.rb

@@ -130,10 +130,13 @@ class Chef
           # which tricks Chef::REST into decompressing the response body. In this
           # case you'd end up with a tar archive (no gzip) named, e.g., foo.tgz,
           # which is not what you wanted.
-          if uri.to_s =~ /gz$/
+          if /gz$/.match?(uri.to_s)
             logger.trace("Turning gzip compression off due to filename ending in gz")
             opts[:disable_gzip] = true
           end
+          if new_resource.ssl_verify_mode
+            opts[:ssl_verify_mode] = new_resource.ssl_verify_mode
+          end
           opts
         end
 

data/lib/chef/provider/script.rb

@@ -16,9 +16,7 @@
 # limitations under the License.
 #
 
-require "tempfile" unless defined?(Tempfile)
 require_relative "execute"
-require_relative "../win32/security" if ChefUtils.windows?
 require "forwardable" unless defined?(Forwardable)
 
 class Chef
@@ -34,84 +32,15 @@ class Chef
       provides :ruby
       provides :script
 
-      def_delegators :new_resource, :interpreter, :flags
-
-      attr_accessor :code
-
-      def initialize(new_resource, run_context)
-        super
-        self.code = new_resource.code
-      end
+      def_delegators :new_resource, :interpreter, :flags, :code
 
       def command
-        "\"#{interpreter}\" #{flags} \"#{script_file.path}\""
-      end
-
-      def load_current_resource
-        super
-      end
-
-      action :run do
-        script_file.puts(code)
-        script_file.close
-
-        set_owner_and_group
-
-        super()
-
-        unlink_script_file
-      end
-
-      def set_owner_and_group
-        if ChefUtils.windows?
-          # And on Windows also this is a no-op if there is no user specified.
-          grant_alternate_user_read_access
-        else
-          # FileUtils itself implements a no-op if +user+ or +group+ are nil
-          # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file')
-          # as an unprivileged user.
-          FileUtils.chown(new_resource.user, new_resource.group, script_file.path)
-        end
+        "\"#{interpreter}\" #{flags}"
       end
 
-      def grant_alternate_user_read_access
-        # Do nothing if an alternate user isn't specified -- the file
-        # will already have the correct permissions for the user as part
-        # of the default ACL behavior on Windows.
-        return if new_resource.user.nil?
-
-        # Duplicate the script file's existing DACL
-        # so we can add an ACE later
-        securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path)
-        aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) }
-
-        username = new_resource.user
-
-        if new_resource.domain
-          username = new_resource.domain + '\\' + new_resource.user
-        end
-
-        # Create an ACE that allows the alternate user read access to the script
-        # file so it can be read and executed.
-        user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(username)
-        read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0)
-        aces.push(read_ace)
-        acl = Chef::ReservedNames::Win32::Security::ACL.create(aces)
-
-        # This actually applies the modified DACL to the file
-        # Use parentheses to bypass RuboCop / ChefStyle warning
-        # about useless setter
-        (securable_object.dacl = acl)
+      def input
+        code
       end
-
-      def script_file
-        @script_file ||= Tempfile.open("chef-script")
-      end
-
-      def unlink_script_file
-        script_file && script_file.close!
-      end
-
     end
   end
 end