chef 16.1.16-universal-mingw32 → 16.2.44-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -3
- data/README.md +3 -3
- data/Rakefile +2 -2
- data/chef.gemspec +3 -3
- data/lib/chef/application/apply.rb +1 -1
- data/lib/chef/application/base.rb +1 -1
- data/lib/chef/application/client.rb +1 -1
- data/lib/chef/application/windows_service_manager.rb +1 -1
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +1 -1
- data/lib/chef/cookbook/chefignore.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +1 -1
- data/lib/chef/cookbook_version.rb +2 -2
- data/lib/chef/data_bag.rb +4 -4
- data/lib/chef/deprecated.rb +4 -0
- data/lib/chef/file_access_control.rb +1 -1
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +1 -1
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +3 -3
- data/lib/chef/http.rb +17 -2
- data/lib/chef/http/http_request.rb +1 -1
- data/lib/chef/http/json_output.rb +1 -1
- data/lib/chef/http/ssl_policies.rb +18 -0
- data/lib/chef/knife.rb +1 -1
- data/lib/chef/knife/bootstrap.rb +3 -6
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +9 -9
- data/lib/chef/knife/client_bulk_delete.rb +1 -1
- data/lib/chef/knife/config_get.rb +1 -1
- data/lib/chef/knife/cookbook_delete.rb +1 -1
- data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
- data/lib/chef/knife/data_bag_create.rb +1 -1
- data/lib/chef/knife/node_bulk_delete.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +1 -1
- data/lib/chef/knife/role_bulk_delete.rb +1 -1
- data/lib/chef/knife/ssh.rb +1 -1
- data/lib/chef/knife/supermarket_share.rb +1 -1
- data/lib/chef/knife/supermarket_unshare.rb +1 -1
- data/lib/chef/log.rb +1 -1
- data/lib/chef/mixin/securable.rb +2 -2
- data/lib/chef/powershell.rb +1 -1
- data/lib/chef/provider/batch.rb +3 -10
- data/lib/chef/provider/cron.rb +2 -14
- data/lib/chef/provider/execute.rb +2 -1
- data/lib/chef/provider/group/dscl.rb +2 -2
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/ifconfig.rb +7 -7
- data/lib/chef/provider/mount/aix.rb +1 -1
- data/lib/chef/provider/mount/windows.rb +2 -2
- data/lib/chef/provider/noop.rb +1 -1
- data/lib/chef/provider/package/openbsd.rb +1 -1
- data/lib/chef/provider/package/portage.rb +2 -2
- data/lib/chef/provider/package/powershell.rb +6 -2
- data/lib/chef/provider/package/rubygems.rb +2 -2
- data/lib/chef/provider/package/snap.rb +96 -27
- data/lib/chef/provider/package/windows/msi.rb +3 -3
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +10 -14
- data/lib/chef/provider/remote_file/http.rb +4 -1
- data/lib/chef/provider/script.rb +4 -75
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +2 -2
- data/lib/chef/provider/service/openbsd.rb +4 -4
- data/lib/chef/provider/service/redhat.rb +1 -1
- data/lib/chef/provider/service/windows.rb +1 -1
- data/lib/chef/provider/subversion.rb +2 -2
- data/lib/chef/provider/user/dscl.rb +4 -4
- data/lib/chef/provider/user/linux.rb +3 -3
- data/lib/chef/provider/user/mac.rb +5 -5
- data/lib/chef/provider/windows_script.rb +87 -25
- data/lib/chef/provider/zypper_repository.rb +30 -10
- data/lib/chef/resource.rb +22 -11
- data/lib/chef/resource/apt_package.rb +1 -1
- data/lib/chef/resource/archive_file.rb +28 -8
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +4 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +13 -1
- data/lib/chef/resource/cron/_cron_shared.rb +98 -0
- data/lib/chef/resource/cron/cron.rb +46 -0
- data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb} +7 -87
- data/lib/chef/resource/cron_access.rb +11 -3
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/execute.rb +477 -7
- data/lib/chef/resource/file.rb +1 -1
- data/lib/chef/resource/freebsd_package.rb +1 -1
- data/lib/chef/resource/helpers/cron_validations.rb +6 -3
- data/lib/chef/resource/homebrew_package.rb +30 -1
- data/lib/chef/resource/homebrew_update.rb +107 -0
- data/lib/chef/resource/hostname.rb +6 -19
- data/lib/chef/resource/kernel_module.rb +14 -1
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +23 -4
- data/lib/chef/resource/powershell_script.rb +4 -2
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/remote_file.rb +26 -10
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/template.rb +1 -1
- data/lib/chef/resource/windows_ad_join.rb +30 -1
- data/lib/chef/resource/windows_audit_policy.rb +227 -0
- data/lib/chef/resource/windows_auto_run.rb +11 -0
- data/lib/chef/resource/windows_certificate.rb +26 -0
- data/lib/chef/resource/windows_font.rb +3 -3
- data/lib/chef/resource/windows_package.rb +1 -1
- data/lib/chef/resource/windows_pagefile.rb +1 -1
- data/lib/chef/resource/windows_script.rb +2 -16
- data/lib/chef/resource/windows_security_policy.rb +17 -15
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +4 -4
- data/lib/chef/resource/windows_user_privilege.rb +5 -5
- data/lib/chef/resource/yum_repository.rb +9 -9
- data/lib/chef/resources.rb +4 -2
- data/lib/chef/search/query.rb +1 -1
- data/lib/chef/util/diff.rb +2 -2
- data/lib/chef/util/windows/net_user.rb +1 -1
- data/lib/chef/util/windows/volume.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/file.rb +1 -1
- data/lib/chef/win32/registry.rb +2 -2
- data/lib/chef/win32/security.rb +1 -1
- data/spec/data/lwrp/providers/buck_passer.rb +1 -1
- data/spec/data/lwrp/providers/buck_passer_2.rb +1 -1
- data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +10 -0
- data/spec/functional/resource/remote_file_spec.rb +2 -2
- data/spec/functional/resource/windows_task_spec.rb +8 -8
- data/spec/support/platform_helpers.rb +1 -1
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/unit/execute_resource.rb +1 -1
- data/spec/unit/application_spec.rb +7 -0
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/http/ssl_policies_spec.rb +20 -0
- data/spec/unit/knife/bootstrap_spec.rb +2 -2
- data/spec/unit/mixin/user_context_spec.rb +1 -9
- data/spec/unit/property_spec.rb +1 -1
- data/spec/unit/provider/batch_spec.rb +130 -0
- data/spec/unit/provider/cron_spec.rb +9 -49
- data/spec/unit/provider/package/powershell_spec.rb +95 -86
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/powershell_script_spec.rb +3 -45
- data/spec/unit/provider/script_spec.rb +20 -110
- data/spec/unit/provider/zypper_repository_spec.rb +60 -10
- data/spec/unit/resource/archive_file_spec.rb +11 -2
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +17 -7
- data/spec/unit/resource/cron_spec.rb +2 -2
- data/spec/unit/resource/helpers/cron_validations_spec.rb +5 -1
- data/spec/unit/resource/homebrew_update_spec.rb +30 -0
- data/spec/unit/resource/powershell_script_spec.rb +10 -15
- data/spec/unit/resource/timezone_spec.rb +1 -1
- data/spec/unit/resource/windows_audit_policy_spec.rb +64 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +2 -2
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_spec.rb +67 -1
- data/spec/unit/util/dsc/configuration_generator_spec.rb +1 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +9 -0
- metadata +22 -22
- data/lib/chef/resource/cron.rb +0 -157
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a9c103ab2b384137278a132056b2566580ecba2d3942eb56eba020012e4bf97
|
4
|
+
data.tar.gz: 5f91a5094cd595e1c2a67a71cff72595facf60ba7541452726970217fce9cf27
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6be5b314ba811bcec98ba9a14ce924ea0847253f7dfd7d50a95f6262058cb1ac0f3bb0646ce866647360ee65a1eccfce0c88ce3af6f248aae077ef2acaa557f3
|
7
|
+
data.tar.gz: '069c49d69d1e6f79f5fa6f0dda745da26d20ab36cda607b4131624b893fb346e5688eb618036eaf96546b76bd93d11c54132fe00368e8dfe3e485f8e39b0930c'
|
data/Gemfile
CHANGED
@@ -22,8 +22,7 @@ end
|
|
22
22
|
|
23
23
|
gem "cheffish", ">= 14"
|
24
24
|
|
25
|
-
|
26
|
-
gem "chef-telemetry", "=1.0.3"
|
25
|
+
gem "chef-telemetry", ">=1.0.8" # 1.0.8 removes the http dep
|
27
26
|
|
28
27
|
group(:omnibus_package) do
|
29
28
|
gem "appbundler"
|
@@ -85,7 +84,7 @@ eval_gemfile("./Gemfile.local") if File.exist?("./Gemfile.local")
|
|
85
84
|
#
|
86
85
|
# We copy (and overwrite) these files every time "bundle <exec|install>" is
|
87
86
|
# executed, just in case they have changed.
|
88
|
-
if RUBY_PLATFORM
|
87
|
+
if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
89
88
|
instance_eval do
|
90
89
|
ruby_exe_dir = RbConfig::CONFIG["bindir"]
|
91
90
|
assemblies = Dir.glob(File.expand_path("distro/ruby_bin_folder", Dir.pwd) + "/*.dll")
|
data/README.md
CHANGED
@@ -18,7 +18,7 @@ Chef Infra is a configuration management tool designed to bring automation to yo
|
|
18
18
|
|
19
19
|
### Want to try Chef Infra?
|
20
20
|
|
21
|
-
For Chef Infra usage, please refer to
|
21
|
+
For Chef Infra usage, please refer to [Learn Chef](https://learn.chef.io/), our self-paced, entirely free learning platform. Learn Chef also includes module-based training for Chef Infra, as well as Chef Automate, Chef Habitat, and Chef InSpec.
|
22
22
|
|
23
23
|
Other useful resources for Chef Infra users:
|
24
24
|
|
@@ -26,7 +26,7 @@ Other useful resources for Chef Infra users:
|
|
26
26
|
- Source: <https://github.com/chef/chef/tree/master>
|
27
27
|
- Tickets/Issues: <https://github.com/chef/chef/issues>
|
28
28
|
- Slack: [Chef Community Slack](https://community-slack.chef.io/)
|
29
|
-
- Mailing list: <https://discourse.chef.io>
|
29
|
+
- Mailing list/Forum: <https://discourse.chef.io>
|
30
30
|
|
31
31
|
## Reporting Issues
|
32
32
|
|
@@ -46,7 +46,7 @@ We'd love to have your help developing Chef Infra. See our [Contributing Documen
|
|
46
46
|
|
47
47
|
## License and Copyright
|
48
48
|
|
49
|
-
Copyright 2008-
|
49
|
+
Copyright 2008-2020, Chef Software, Inc.
|
50
50
|
|
51
51
|
```
|
52
52
|
Licensed under the Apache License, Version 2.0 (the "License");
|
data/Rakefile
CHANGED
@@ -111,12 +111,12 @@ end
|
|
111
111
|
|
112
112
|
namespace :spellcheck do
|
113
113
|
task :run do
|
114
|
-
sh 'cspell "**/*"
|
114
|
+
sh 'cspell "**/*"'
|
115
115
|
end
|
116
116
|
|
117
117
|
desc "List the unique unrecognized words in the project."
|
118
118
|
task :unknown_words do
|
119
|
-
sh 'cspell "**/*"
|
119
|
+
sh 'cspell "**/*" --wordsOnly --no-summary | sort | uniq'
|
120
120
|
end
|
121
121
|
end
|
122
122
|
|
data/chef.gemspec
CHANGED
@@ -28,11 +28,11 @@ Gem::Specification.new do |s|
|
|
28
28
|
s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
|
29
29
|
s.add_dependency "ohai", "~> 16.0"
|
30
30
|
|
31
|
-
s.add_dependency "ffi", "
|
31
|
+
s.add_dependency "ffi", ">= 1.9.25"
|
32
32
|
s.add_dependency "ffi-yajl", "~> 2.2"
|
33
|
-
s.add_dependency "net-ssh", ">= 4.2", "<
|
33
|
+
s.add_dependency "net-ssh", ">= 4.2", "< 7"
|
34
34
|
s.add_dependency "net-ssh-multi", "~> 1.2", ">= 1.2.1"
|
35
|
-
s.add_dependency "net-sftp", "
|
35
|
+
s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0"
|
36
36
|
s.add_dependency "ed25519", "~> 1.2" # ed25519 ssh key support
|
37
37
|
s.add_dependency "bcrypt_pbkdf", "= 1.1.0.rc1" # ed25519 ssh key support
|
38
38
|
s.add_dependency "highline", ">= 1.6.9", "< 3"
|
@@ -363,7 +363,7 @@ class Chef::Application::Base < Chef::Application
|
|
363
363
|
Chef::Log.trace("Download recipes tarball from #{url} to #{path}")
|
364
364
|
if File.exist?(url)
|
365
365
|
FileUtils.cp(url, path)
|
366
|
-
elsif
|
366
|
+
elsif URI.regexp.match?(url)
|
367
367
|
File.open(path, "wb") do |f|
|
368
368
|
open(url) do |r|
|
369
369
|
f.write(r.read)
|
@@ -39,7 +39,7 @@ class Chef::Application::Client < Chef::Application::Base
|
|
39
39
|
long: "--daemonize [WAIT]",
|
40
40
|
description: "Daemonize the process. Accepts an optional integer which is the " \
|
41
41
|
"number of seconds to wait before the first daemonized run.",
|
42
|
-
proc: lambda { |wait|
|
42
|
+
proc: lambda { |wait| /^\d+$/.match?(wait) ? wait.to_i : true }
|
43
43
|
end
|
44
44
|
|
45
45
|
option :pid_file,
|
@@ -55,7 +55,7 @@ class Chef
|
|
55
55
|
base_name = remove_dot_json(entry.name)
|
56
56
|
if object["raw_data"]["id"] != base_name
|
57
57
|
yield("ID in #{entry.path_for_printing} must be '#{base_name}' (is '#{object["raw_data"]["id"]}')")
|
58
|
-
elsif entry.parent.name
|
58
|
+
elsif RESERVED_NAMES.match?(entry.parent.name)
|
59
59
|
yield("Data bag name ('#{entry.parent.name}') must not match #{RESERVED_NAMES.inspect}")
|
60
60
|
end
|
61
61
|
end
|
@@ -118,7 +118,7 @@ class Chef
|
|
118
118
|
|
119
119
|
if ancestor.length == path.length
|
120
120
|
""
|
121
|
-
elsif path[ancestor.length, 1]
|
121
|
+
elsif /#{PathUtils.regexp_path_separator}/.match?(path[ancestor.length, 1])
|
122
122
|
path[ancestor.length + 1..-1]
|
123
123
|
else
|
124
124
|
nil
|
@@ -50,7 +50,7 @@ class Chef
|
|
50
50
|
ignore_globs = []
|
51
51
|
if @ignore_file && readable_file_or_symlink?(@ignore_file)
|
52
52
|
File.foreach(@ignore_file) do |line|
|
53
|
-
ignore_globs << line.strip unless line
|
53
|
+
ignore_globs << line.strip unless COMMENTS_AND_WHITESPACE.match?(line)
|
54
54
|
end
|
55
55
|
else
|
56
56
|
Chef::Log.debug("No chefignore file found. No files will be ignored!")
|
@@ -391,7 +391,7 @@ class Chef
|
|
391
391
|
def recipes_from_cookbook_version(cookbook)
|
392
392
|
cookbook.fully_qualified_recipe_names.map do |recipe_name|
|
393
393
|
unqualified_name =
|
394
|
-
if
|
394
|
+
if /::default$/.match?(recipe_name)
|
395
395
|
name.to_s
|
396
396
|
else
|
397
397
|
recipe_name
|
@@ -392,7 +392,7 @@ class Chef
|
|
392
392
|
platform, version = Chef::Platform.find_platform_and_version(node)
|
393
393
|
rescue ArgumentError => e
|
394
394
|
# Skip platform/version if they were not found by find_platform_and_version
|
395
|
-
if
|
395
|
+
if /Cannot find a (?:platform|version)/.match?(e.message)
|
396
396
|
platform = "/unknown_platform/"
|
397
397
|
version = "/unknown_platform_version/"
|
398
398
|
else
|
@@ -527,7 +527,7 @@ class Chef
|
|
527
527
|
cb["version"]
|
528
528
|
end
|
529
529
|
rescue Net::HTTPClientException => e
|
530
|
-
if e.to_s
|
530
|
+
if /^404/.match?(e.to_s)
|
531
531
|
Chef::Log.error("Cannot find a cookbook named #{cookbook_name}")
|
532
532
|
nil
|
533
533
|
else
|
data/lib/chef/data_bag.rb
CHANGED
@@ -36,10 +36,10 @@ class Chef
|
|
36
36
|
RESERVED_NAMES = /^(node|role|environment|client)$/.freeze
|
37
37
|
|
38
38
|
def self.validate_name!(name)
|
39
|
-
unless name
|
39
|
+
unless VALID_NAME.match?(name)
|
40
40
|
raise Exceptions::InvalidDataBagName, "DataBags must have a name matching #{VALID_NAME.inspect}, you gave #{name.inspect}"
|
41
41
|
end
|
42
|
-
if name
|
42
|
+
if RESERVED_NAMES.match?(name)
|
43
43
|
raise Exceptions::InvalidDataBagName, "DataBags may not have a name matching #{RESERVED_NAMES.inspect}, you gave #{name.inspect}"
|
44
44
|
end
|
45
45
|
end
|
@@ -94,7 +94,7 @@ class Chef
|
|
94
94
|
names = []
|
95
95
|
paths.each do |path|
|
96
96
|
unless File.directory?(path)
|
97
|
-
raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}'
|
97
|
+
raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}' not found. Please create this directory."
|
98
98
|
end
|
99
99
|
|
100
100
|
names += Dir.glob(File.join(
|
@@ -122,7 +122,7 @@ class Chef
|
|
122
122
|
data_bag = {}
|
123
123
|
paths.each do |path|
|
124
124
|
unless File.directory?(path)
|
125
|
-
raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}'
|
125
|
+
raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}' not found. Please create this directory."
|
126
126
|
end
|
127
127
|
|
128
128
|
Dir.glob(File.join(Chef::Util::PathHelper.escape_glob_dir(path, name.to_s), "*.json")).inject({}) do |bag, f|
|
data/lib/chef/deprecated.rb
CHANGED
@@ -26,7 +26,7 @@ class Chef
|
|
26
26
|
# the values specified by a value object, usually a Chef::Resource.
|
27
27
|
class FileAccessControl
|
28
28
|
|
29
|
-
if RUBY_PLATFORM
|
29
|
+
if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
30
30
|
require_relative "file_access_control/windows"
|
31
31
|
include FileAccessControl::Windows
|
32
32
|
else
|
@@ -41,7 +41,7 @@ class Chef
|
|
41
41
|
|
42
42
|
if found_error_in_cookbooks?
|
43
43
|
traceback = filtered_bt.map { |line| " #{line}" }.join("\n")
|
44
|
-
error_description.section("Cookbook Trace:", traceback)
|
44
|
+
error_description.section("Cookbook Trace: (most recent call first)", traceback)
|
45
45
|
error_description.section("Relevant File Content:", context)
|
46
46
|
end
|
47
47
|
|
@@ -37,7 +37,7 @@ class Chef
|
|
37
37
|
error_description.section(exception.class.name, exception.message)
|
38
38
|
|
39
39
|
unless filtered_bt.empty?
|
40
|
-
error_description.section("Cookbook Trace:", filtered_bt.join("\n"))
|
40
|
+
error_description.section("Cookbook Trace: (most recent call first)", filtered_bt.join("\n"))
|
41
41
|
end
|
42
42
|
|
43
43
|
unless dynamic_resource?
|
@@ -79,8 +79,8 @@ class Chef
|
|
79
79
|
loop do
|
80
80
|
|
81
81
|
# low rent parser. try to gracefully handle nested blocks in resources
|
82
|
-
nesting += 1 if
|
83
|
-
nesting -= 1 if
|
82
|
+
nesting += 1 if /[\s]+do[\s]*/.match?(lines[current_line])
|
83
|
+
nesting -= 1 if /end[\s]*$/.match?(lines[current_line])
|
84
84
|
|
85
85
|
relevant_lines << format_line(current_line, lines[current_line])
|
86
86
|
|
data/lib/chef/http.rb
CHANGED
@@ -291,6 +291,21 @@ class Chef
|
|
291
291
|
|
292
292
|
private
|
293
293
|
|
294
|
+
# @api private
|
295
|
+
def ssl_policy
|
296
|
+
return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode]
|
297
|
+
|
298
|
+
case @options[:ssl_verify_mode]
|
299
|
+
when :verify_none
|
300
|
+
Chef::HTTP::VerifyNoneSSLPolicy
|
301
|
+
when :verify_peer
|
302
|
+
Chef::HTTP::VerifyPeerSSLPolicy
|
303
|
+
else
|
304
|
+
Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy")
|
305
|
+
Chef::HTTP::APISSLPolicy
|
306
|
+
end
|
307
|
+
end
|
308
|
+
|
294
309
|
# @api private
|
295
310
|
def build_http_client(base_url)
|
296
311
|
if chef_zero_uri?(base_url)
|
@@ -304,7 +319,7 @@ class Chef
|
|
304
319
|
|
305
320
|
SocketlessChefZeroClient.new(base_url)
|
306
321
|
else
|
307
|
-
BasicClient.new(base_url, ssl_policy:
|
322
|
+
BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
|
308
323
|
end
|
309
324
|
end
|
310
325
|
|
@@ -312,7 +327,7 @@ class Chef
|
|
312
327
|
def create_url(path)
|
313
328
|
return path if path.is_a?(URI)
|
314
329
|
|
315
|
-
if
|
330
|
+
if %r{^(http|https|chefzero)://}i.match?(path)
|
316
331
|
URI.parse(path)
|
317
332
|
elsif path.nil? || path.empty?
|
318
333
|
URI.parse(@url)
|
@@ -128,7 +128,7 @@ class Chef
|
|
128
128
|
rescue NoMethodError => e
|
129
129
|
# http://redmine.ruby-lang.org/issues/show/2708
|
130
130
|
# http://redmine.ruby-lang.org/issues/show/2758
|
131
|
-
if
|
131
|
+
if /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/.match?(e.to_s)
|
132
132
|
Chef::Log.trace("Rescued error in http connect, re-raising as Errno::ECONNREFUSED to hide bug in net/http")
|
133
133
|
Chef::Log.trace("#{e.class.name}: #{e}")
|
134
134
|
Chef::Log.trace(e.backtrace.join("\n"))
|
@@ -47,7 +47,7 @@ class Chef
|
|
47
47
|
# needed to keep conditional get stuff working correctly.
|
48
48
|
return [http_response, rest_request, return_value] if return_value == false
|
49
49
|
|
50
|
-
if http_response["content-type"]
|
50
|
+
if /json/.match?(http_response["content-type"])
|
51
51
|
if http_response.body.nil?
|
52
52
|
return_value = nil
|
53
53
|
elsif raw_output
|
@@ -129,5 +129,23 @@ class Chef
|
|
129
129
|
end
|
130
130
|
end
|
131
131
|
|
132
|
+
# This policy is used when we want to explicitly turn on verification
|
133
|
+
# for a specific request regardless of the API Policy. For example, when
|
134
|
+
# doing a `remote_file` where the user specified `verify_mode :verify_peer`
|
135
|
+
class VerifyPeerSSLPolicy < DefaultSSLPolicy
|
136
|
+
def set_verify_mode
|
137
|
+
http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
138
|
+
end
|
139
|
+
end
|
140
|
+
|
141
|
+
# This policy is used when we want to explicitly turn off verification
|
142
|
+
# for a specific request regardless of the API Policy. For example, when
|
143
|
+
# doing a `remote_file` where the user specified `verify_mode :verify_none`
|
144
|
+
class VerifyNoneSSLPolicy < DefaultSSLPolicy
|
145
|
+
def set_verify_mode
|
146
|
+
http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
132
150
|
end
|
133
151
|
end
|
data/lib/chef/knife.rb
CHANGED
@@ -248,7 +248,7 @@ class Chef
|
|
248
248
|
category_desc = preferred_category ? preferred_category + " " : ""
|
249
249
|
msg "Available #{category_desc}subcommands: (for details, knife SUB-COMMAND --help)\n\n"
|
250
250
|
subcommand_loader.list_commands(preferred_category).sort.each do |category, commands|
|
251
|
-
next if
|
251
|
+
next if /deprecated/i.match?(category)
|
252
252
|
|
253
253
|
msg "** #{category.upcase} COMMANDS **"
|
254
254
|
commands.sort.each do |command|
|
data/lib/chef/knife/bootstrap.rb
CHANGED
@@ -580,11 +580,8 @@ class Chef
|
|
580
580
|
|
581
581
|
bootstrap_context.client_pem = client_builder.client_path
|
582
582
|
else
|
583
|
-
ui.
|
584
|
-
|
585
|
-
Delete your validation key in order to use your user credentials for client registration instead.
|
586
|
-
EOM
|
587
|
-
|
583
|
+
ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
|
584
|
+
ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
|
588
585
|
end
|
589
586
|
end
|
590
587
|
|
@@ -602,7 +599,7 @@ class Chef
|
|
602
599
|
end
|
603
600
|
|
604
601
|
def connect!
|
605
|
-
ui.info("Connecting to #{ui.color(server_name, :bold)}")
|
602
|
+
ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
|
606
603
|
opts ||= connection_opts.dup
|
607
604
|
do_connect(opts)
|
608
605
|
rescue Train::Error => e
|
@@ -185,50 +185,50 @@ if test "x$tmp_dir" != "x"; then
|
|
185
185
|
rm -r "$tmp_dir"
|
186
186
|
fi
|
187
187
|
|
188
|
-
mkdir -p
|
188
|
+
mkdir -p /etc/chef
|
189
189
|
|
190
190
|
<% if client_pem -%>
|
191
|
-
(umask 077 && (cat >
|
191
|
+
(umask 077 && (cat > /etc/chef/client.pem <<'EOP'
|
192
192
|
<%= ::File.read(::File.expand_path(client_pem)) %>
|
193
193
|
EOP
|
194
194
|
)) || exit 1
|
195
195
|
<% end -%>
|
196
196
|
|
197
197
|
<% if validation_key -%>
|
198
|
-
(umask 077 && (cat >
|
198
|
+
(umask 077 && (cat > /etc/chef/validation.pem <<'EOP'
|
199
199
|
<%= validation_key %>
|
200
200
|
EOP
|
201
201
|
)) || exit 1
|
202
202
|
<% end -%>
|
203
203
|
|
204
204
|
<% if encrypted_data_bag_secret -%>
|
205
|
-
(umask 077 && (cat >
|
205
|
+
(umask 077 && (cat > /etc/chef/encrypted_data_bag_secret <<'EOP'
|
206
206
|
<%= encrypted_data_bag_secret %>
|
207
207
|
EOP
|
208
208
|
)) || exit 1
|
209
209
|
<% end -%>
|
210
210
|
|
211
211
|
<% unless trusted_certs.empty? -%>
|
212
|
-
mkdir -p
|
212
|
+
mkdir -p /etc/chef/trusted_certs
|
213
213
|
<%= trusted_certs %>
|
214
214
|
<% end -%>
|
215
215
|
|
216
216
|
<%# Generate Ohai Hints -%>
|
217
217
|
<% unless @config[:hints].nil? || @config[:hints].empty? -%>
|
218
|
-
mkdir -p
|
218
|
+
mkdir -p /etc/chef/ohai/hints
|
219
219
|
|
220
220
|
<% @config[:hints].each do |name, hash| -%>
|
221
|
-
cat >
|
221
|
+
cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP'
|
222
222
|
<%= Chef::JSONCompat.to_json(hash) %>
|
223
223
|
EOP
|
224
224
|
<% end -%>
|
225
225
|
<% end -%>
|
226
226
|
|
227
|
-
cat >
|
227
|
+
cat > /etc/chef/client.rb <<'EOP'
|
228
228
|
<%= config_content %>
|
229
229
|
EOP
|
230
230
|
|
231
|
-
cat >
|
231
|
+
cat > /etc/chef/first-boot.json <<'EOP'
|
232
232
|
<%= Chef::JSONCompat.to_json(first_boot) %>
|
233
233
|
EOP
|
234
234
|
|