chef 16.1.0-universal-mingw32 → 16.3.38-universal-mingw32

data/lib/chef/environment.rb

@@ -119,7 +119,7 @@ class Chef
     end
 
     def to_h
-      result = {
+      {
         "name" => @name,
         "description" => @description,
         "cookbook_versions" => @cookbook_versions,
@@ -128,7 +128,6 @@ class Chef
         "default_attributes" => @default_attributes,
         "override_attributes" => @override_attributes,
       }
-      result
     end
 
     alias_method :to_hash, :to_h

data/lib/chef/exceptions.rb

@@ -198,6 +198,7 @@ class Chef
     class MetadataNotFound < StandardError
       attr_reader :install_path
       attr_reader :cookbook_name
+
       def initialize(install_path, cookbook_name)
         @install_path = install_path
         @cookbook_name = cookbook_name
@@ -448,6 +449,7 @@ class Chef
     # to correctly populate the backtrace with the wrapped backtraces.
     class RunFailedWrappingError < RuntimeError
       attr_reader :wrapped_errors
+
       def initialize(*errors)
         errors = errors.select { |e| !e.nil? }
         output = "Found #{errors.size} errors, they are stored in the backtrace"
@@ -488,6 +490,7 @@ class Chef
 
     class MultipleDscResourcesFound < RuntimeError
       attr_reader :resources_found
+
       def initialize(resources_found)
         @resources_found = resources_found
         matches_info = @resources_found.each do |r|

data/lib/chef/file_access_control.rb

@@ -26,7 +26,7 @@ class Chef
   # the values specified by a value object, usually a Chef::Resource.
   class FileAccessControl
 
-    if RUBY_PLATFORM =~ /mswin|mingw|windows/
+    if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
       require_relative "file_access_control/windows"
       include FileAccessControl::Windows
     else

data/lib/chef/file_access_control/windows.rb

@@ -96,7 +96,7 @@ class Chef
             self_ace.mask = securable_object.predict_rights_mask(target_ace.mask)
             new_target_acl << self_ace
           end
-          # As there is no inheritence needed in case of WRITE permissions.
+          # As there is no inheritance needed in case of WRITE permissions.
           if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE && target_ace.flags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) != 0
             children_ace = target_ace.dup
             children_ace.flags |= INHERIT_ONLY_ACE
@@ -242,7 +242,7 @@ class Chef
         flags = 0
 
         #
-        # Configure child inheritence only if the resource is some
+        # Configure child inheritance only if the resource is some
         # type of a directory.
         #
         if resource.is_a? Chef::Resource::Directory

data/lib/chef/file_content_management/deploy/mv_unix.rb

@@ -51,7 +51,7 @@ class Chef
           # in the case where i'm running chef-solo on my homedir as myself and some root-shell
           # work has caused dotfiles of mine to change to root-owned, i'm fine with this not being
           # exceptional, and i think most use cases will consider this to not be exceptional, and
-          # the right thing is to fix the ownership of the file to the user running the commmand
+          # the right thing is to fix the ownership of the file to the user running the command
           # (which requires write perms to the directory, or mv will throw an exception)
           begin
             ::File.chown(uid, nil, src)

data/lib/chef/formatters/base.rb

@@ -142,7 +142,7 @@ class Chef
 
       # Generic callback for any attribute/library/lwrp/recipe file in a
       # cookbook getting loaded. The per-filetype callbacks for file load are
-      # overriden so that they call this instead. This means that a subclass of
+      # overridden so that they call this instead. This means that a subclass of
       # Formatters::Base can implement #file_loaded to do the same thing for
       # every kind of file that Chef loads from a recipe instead of
       # implementing all the per-filetype callbacks.

data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb

@@ -41,7 +41,7 @@ class Chef
 
           if found_error_in_cookbooks?
             traceback = filtered_bt.map { |line| "  #{line}" }.join("\n")
-            error_description.section("Cookbook Trace:", traceback)
+            error_description.section("Cookbook Trace: (most recent call first)", traceback)
             error_description.section("Relevant File Content:", context)
           end
 

data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb

@@ -37,7 +37,7 @@ class Chef
           error_description.section(exception.class.name, exception.message)
 
           unless filtered_bt.empty?
-            error_description.section("Cookbook Trace:", filtered_bt.join("\n"))
+            error_description.section("Cookbook Trace: (most recent call first)", filtered_bt.join("\n"))
           end
 
           unless dynamic_resource?
@@ -79,8 +79,8 @@ class Chef
               loop do
 
                 # low rent parser. try to gracefully handle nested blocks in resources
-                nesting += 1 if lines[current_line] =~ /[\s]+do[\s]*/
-                nesting -= 1 if lines[current_line] =~ /end[\s]*$/
+                nesting += 1 if /[\s]+do[\s]*/.match?(lines[current_line])
+                nesting -= 1 if /end[\s]*$/.match?(lines[current_line])
 
                 relevant_lines << format_line(current_line, lines[current_line])
 

data/lib/chef/http.rb

@@ -52,7 +52,7 @@ class Chef
 
       def handle_chunk(next_chunk)
         # stream handlers handle responses so must be applied in reverse order
-        # (same as #apply_stream_complete_middleware or #apply_response_midddleware)
+        # (same as #apply_stream_complete_middleware or #apply_response_middleware)
         @stream_handlers.reverse.inject(next_chunk) do |chunk, handler|
           Chef::Log.trace("Chef::HTTP::StreamHandler calling #{handler.class}#handle_chunk")
           handler.handle_chunk(chunk)
@@ -269,7 +269,7 @@ class Chef
       if keepalives && !base_url.nil?
         # only reuse the http_client if we want keepalives and have a base_url
         @http_client ||= {}
-        # the per-host per-port cache here gets peristent connections correct when
+        # the per-host per-port cache here gets persistent connections correct when
         # redirecting to different servers
         if base_url.is_a?(String) # sigh, this kind of abuse can't happen with strongly typed languages
           @http_client[base_url] ||= build_http_client(base_url)
@@ -291,6 +291,21 @@ class Chef
 
     private
 
+    # @api private
+    def ssl_policy
+      return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode]
+
+      case @options[:ssl_verify_mode]
+      when :verify_none
+        Chef::HTTP::VerifyNoneSSLPolicy
+      when :verify_peer
+        Chef::HTTP::VerifyPeerSSLPolicy
+      else
+        Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy")
+        Chef::HTTP::APISSLPolicy
+      end
+    end
+
     # @api private
     def build_http_client(base_url)
       if chef_zero_uri?(base_url)
@@ -304,7 +319,7 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        BasicClient.new(base_url, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: keepalives)
+        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
       end
     end
 
@@ -312,7 +327,7 @@ class Chef
     def create_url(path)
       return path if path.is_a?(URI)
 
-      if path =~ %r{^(http|https|chefzero)://}i
+      if %r{^(http|https|chefzero)://}i.match?(path)
         URI.parse(path)
       elsif path.nil? || path.empty?
         URI.parse(@url)

data/lib/chef/http/authenticator.rb

@@ -24,7 +24,7 @@ class Chef
   class HTTP
     class Authenticator
 
-      DEFAULT_SERVER_API_VERSION = "1".freeze
+      DEFAULT_SERVER_API_VERSION = "2".freeze
 
       attr_reader :signing_key_filename
       attr_reader :raw_key

data/lib/chef/http/decompressor.rb

@@ -22,7 +22,7 @@ require_relative "http_request"
 class Chef
   class HTTP
 
-    # Middleware-esque class for handling compression in HTTP responses.
+    # Middleware-ish class for handling compression in HTTP responses.
     class Decompressor
       class NoopInflater
         def inflate(chunk)

data/lib/chef/http/http_request.rb

@@ -128,7 +128,7 @@ class Chef
       rescue NoMethodError => e
         # http://redmine.ruby-lang.org/issues/show/2708
         # http://redmine.ruby-lang.org/issues/show/2758
-        if e.to_s =~ /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/
+        if /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/.match?(e.to_s)
           Chef::Log.trace("Rescued error in http connect, re-raising as Errno::ECONNREFUSED to hide bug in net/http")
           Chef::Log.trace("#{e.class.name}: #{e}")
           Chef::Log.trace(e.backtrace.join("\n"))

data/lib/chef/http/json_output.rb

@@ -47,7 +47,7 @@ class Chef
         # needed to keep conditional get stuff working correctly.
         return [http_response, rest_request, return_value] if return_value == false
 
-        if http_response["content-type"] =~ /json/
+        if /json/.match?(http_response["content-type"])
           if http_response.body.nil?
             return_value = nil
           elsif raw_output

data/lib/chef/http/ssl_policies.rb

@@ -129,5 +129,23 @@ class Chef
       end
     end
 
+    # This policy is used when we want to explicitly turn on verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_peer`
+    class VerifyPeerSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      end
+    end
+
+    # This policy is used when we want to explicitly turn off verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_none`
+    class VerifyNoneSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
   end
 end

data/lib/chef/json_compat.rb

@@ -28,7 +28,7 @@ class Chef
 
     class <<self
 
-      # API to use to avoid create_addtions
+      # API to use to avoid create_additions
       def parse(source, opts = {})
         FFI_Yajl::Parser.parse(source, opts)
       rescue FFI_Yajl::ParseError => e

data/lib/chef/key.rb

@@ -252,7 +252,7 @@ class Chef
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.n),
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.e),
         ])
-        OpenSSL::Digest::SHA1.hexdigest(data_string.to_der).scan(/../).join(":")
+        OpenSSL::Digest.hexdigest("SHA1", data_string.to_der).scan(/../).join(":")
       end
 
       def list(keys, actor, load_method_symbol, inflate)

data/lib/chef/knife.rb

@@ -20,10 +20,10 @@
 require "forwardable" unless defined?(Forwardable)
 require_relative "version"
 require "mixlib/cli" unless defined?(Mixlib::CLI)
-require "chef-utils/dsl/path_sanity" unless defined?(ChefUtils::DSL::PathSanity)
+require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
 require_relative "workstation_config_loader"
 require_relative "mixin/convert_to_class_name"
-require_relative "mixin/path_sanity"
+require_relative "mixin/default_paths"
 require_relative "knife/core/subcommand_loader"
 require_relative "knife/core/ui"
 require_relative "local_mode"
@@ -40,7 +40,7 @@ class Chef
     Chef::HTTP::HTTPRequest.user_agent = "#{Chef::Dist::PRODUCT} Knife#{Chef::HTTP::HTTPRequest::UA_COMMON}"
 
     include Mixlib::CLI
-    include ChefUtils::DSL::PathSanity
+    include ChefUtils::DSL::DefaultPaths
     extend Chef::Mixin::ConvertToClassName
     extend Forwardable
 
@@ -248,7 +248,7 @@ class Chef
         category_desc = preferred_category ? preferred_category + " " : ""
         msg "Available #{category_desc}subcommands: (for details, knife SUB-COMMAND --help)\n\n"
         subcommand_loader.list_commands(preferred_category).sort.each do |category, commands|
-          next if category =~ /deprecated/i
+          next if /deprecated/i.match?(category)
 
           msg "** #{category.upcase} COMMANDS **"
           commands.sort.each do |command|
@@ -327,7 +327,7 @@ class Chef
       end
 
       # Grab a copy before config merge occurs, so that we can later identify
-      # whare a given config value is sourced from.
+      # where a given config value is sourced from.
       @original_config = config.dup
 
       # copy Mixlib::CLI over so that it can be configured in config.rb/knife.rb
@@ -484,7 +484,7 @@ class Chef
       unless respond_to?(:run)
         ui.error "You need to add a #run method to your knife command before you can use it"
       end
-      ENV["PATH"] = sanitized_path if Chef::Config[:enforce_path_sanity]
+      ENV["PATH"] = default_paths if Chef::Config[:enforce_default_paths] || Chef::Config[:enforce_path_sanity]
       maybe_setup_fips
       Chef::LocalMode.with_server_connectivity do
         run

data/lib/chef/knife/bootstrap.rb

@@ -94,7 +94,7 @@ class Chef
         boolean: true
 
       # This option was provided in knife bootstrap windows winrm,
-      # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemeneted here.
+      # but it is ignored  in knife-windows/WinrmSession, and so remains unimplemented here.
       # option :kerberos_keytab_file,
       #   :short => "-T KEYTAB_FILE",
       #   :long => "--keytab-file KEYTAB_FILE",
@@ -275,7 +275,7 @@ class Chef
           accumulator
         }
 
-      # bootstrap override: url of a an installer shell script touse in place of omnitruck
+      # bootstrap override: url of a an installer shell script to use in place of omnitruck
       # Note that the bootstrap template _only_ references this out of Chef::Config, and not from
       # the provided options to knife bootstrap, so we set the Chef::Config option here.
       option :bootstrap_url,
@@ -538,7 +538,7 @@ class Chef
       end
 
       def run
-        check_license
+        check_license if ChefConfig::Dist::ENFORCE_LICENSE
 
         plugin_setup!
         validate_name_args!
@@ -580,11 +580,8 @@ class Chef
 
           bootstrap_context.client_pem = client_builder.client_path
         else
-          ui.info <<~EOM
-            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
-            Delete your validation key in order to use your user credentials for client registration instead.
-          EOM
-
+          ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
+          ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
         end
       end
 
@@ -602,7 +599,7 @@ class Chef
       end
 
       def connect!
-        ui.info("Connecting to #{ui.color(server_name, :bold)}")
+        ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
         opts ||= connection_opts.dup
         do_connect(opts)
       rescue Train::Error => e
@@ -633,9 +630,7 @@ class Chef
             raise
           else
             ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
-            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q|
-              q.echo = false
-            end
+            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
           end
 
           opts.merge! force_ssh_password_opts(password)
@@ -649,9 +644,7 @@ class Chef
             raise
           else
             ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
-            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q|
-              q.echo = false
-            end
+            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
           end
 
           opts.merge! force_winrm_password_opts(password)
@@ -684,9 +677,7 @@ class Chef
           retry
         elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3
           ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt")
-          sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:") do |q|
-            q.echo = false
-          end
+          sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:", echo: false)
           limit += 1
           conn_options[:sudo_password] = sudo_password
 
@@ -706,14 +697,23 @@ class Chef
         true
       end
 
+      # FIXME: someone needs to clean this up properly:  https://github.com/chef/chef/issues/9645
+      # This code is deliberately left without an abstraction around deprecating the config options to avoid knife plugins from
+      # using those methods (which will need to be deprecated and break them) via inheritance (ruby does not have a true `private`
+      # so the lack of any inheritable implementation is because of that).
+      #
       def winrm_auth_method
-        config_value(:winrm_auth_method, :winrm_authentication_protocol, "negotiate")
+        config.key?(:winrm_auth_method) ? config[:winrm_auth_method] : config.key?(:winrm_authentications_protocol) ? config[:winrm_authentication_protocol] : "negotiate" # rubocop:disable Style/NestedTernaryOperator
+      end
+
+      def ssh_verify_host_key
+        config.key?(:ssh_verify_host_key) ? config[:ssh_verify_host_key] : config.key?(:host_key_verify) ? config[:host_key_verify] : "always" # rubocop:disable Style/NestedTernaryOperator
       end
 
       # Fail if using plaintext auth without ssl because
       # this can expose keys in plaintext on the wire.
       # TODO test for this method
-      # TODO check that the protoocol is valid.
+      # TODO check that the protocol is valid.
       def validate_winrm_transport_opts!
         return true unless winrm?
 
@@ -908,7 +908,7 @@ class Chef
           { self_signed: config[:winrm_no_verify_cert] === true }
         elsif ssh?
           # Fall back to the old knife config key name for back compat.
-          { verify_host_key: config_value(:ssh_verify_host_key, :host_key_verify, "always") }
+          { verify_host_key: ssh_verify_host_key }
         else
           {}
         end
@@ -967,7 +967,7 @@ class Chef
             gw_host = split[1]
           end
           gw_host, gw_port = gw_host.split(":", 2)
-          # TODO - validate convertable port in config validation?
+          # TODO - validate convertible port in config validation?
           gw_port = Integer(gw_port) rescue nil
           opts[:bastion_host] = gw_host
           opts[:bastion_user] = gw_user
@@ -1054,7 +1054,7 @@ class Chef
       # @api deprecated
       #
       def config_value(key, fallback_key = nil, default = nil)
-        Chef.deprecated(:knife_bootstrap_apis, "Use of config_value without a fallback_key is deprecated.  Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.") if fallback_key.nil?
+        Chef.deprecated(:knife_bootstrap_apis, "Use of config_value is deprecated.  Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.")
         if config.key?(key)
           # the first key is the primary key so we check the merged hash first
           config[key]
@@ -1073,7 +1073,7 @@ class Chef
         remote_path
       end
 
-      # build the command string for bootrapping
+      # build the command string for bootstrapping
       # @return String
       def bootstrap_command(remote_path)
         if connection.windows?

data/lib/chef/knife/bootstrap/chef_vault_handler.rb

@@ -102,7 +102,7 @@ class Chef
           config[:bootstrap_vault_item]
         end
 
-        # Helper to return a ruby object represeting all the data bags and items
+        # Helper to return a ruby object representing all the data bags and items
         # to update via chef-vault.
         #
         # @return [Hash] deserialized ruby hash with all the vault items