chef 16.1.16 → 16.2.44

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 954f3cdcc1620ea83e221b545df48e0ad9b5ed578aa367b6faecd828e573e3e6
-  data.tar.gz: d3cd87dbbe1be501e576b4697e3a7fd609fb5df6f68163e1843a65deeaec7485
+  metadata.gz: 6996ed71a2c95519f3ec64ba83fec62bacb6944505504bb8fdd126e4a2f312a5
+  data.tar.gz: ecee3228486fa1cd0618eee10c7e77eac2f1a787e8f601f15391e5dca152e70c
 SHA512:
-  metadata.gz: 4c9bd8fff2699c41b1ffbfefeff88859d3f49f06d7d7d04f4e0e7c7bd9c1bb35240c48e30f0a8448e8238393ede67bf1a72ec3061106690e3661d8d359c62caf
-  data.tar.gz: 45fb0813908f4c7ce52198ad4c5c274545e1edc0493fe54b37a6a08595f625a2fe41e2f0b4ceedc578fab1c3acb04f8462a2ede20e3c6a229d2860878c222c57
+  metadata.gz: 5f622f40caea4d2fc817252c71918a5bdbc3bb66fb6afd18225c2a65cf29fd12b9449422ea7932f32b56dd66937a8b48d52f4fa37cdb80c831a5305005df50cd
+  data.tar.gz: 58de487e3f809781ea7ce1a9abebaf101f96598aaf1ad6175e28d10a7ca351bccf279fba12b943a232410565e2b36719c34c9bed3055f2b7e39ccc9efd4815a4

data/Gemfile

@@ -22,8 +22,7 @@ end
 
 gem "cheffish", ">= 14"
 
-# avoid bringing in the new http 4 gem that comes with other ffi baggage which breaks builds
-gem "chef-telemetry", "=1.0.3"
+gem "chef-telemetry", ">=1.0.8" # 1.0.8 removes the http dep
 
 group(:omnibus_package) do
   gem "appbundler"
@@ -85,7 +84,7 @@ eval_gemfile("./Gemfile.local") if File.exist?("./Gemfile.local")
 #
 # We copy (and overwrite) these files every time "bundle <exec|install>" is
 # executed, just in case they have changed.
-if RUBY_PLATFORM =~ /mswin|mingw|windows/
+if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
   instance_eval do
     ruby_exe_dir = RbConfig::CONFIG["bindir"]
     assemblies = Dir.glob(File.expand_path("distro/ruby_bin_folder", Dir.pwd) + "/*.dll")

data/README.md

@@ -18,7 +18,7 @@ Chef Infra is a configuration management tool designed to bring automation to yo
 
 ### Want to try Chef Infra?
 
-For Chef Infra usage, please refer to our [Learn Chef Rally](https://learn.chef.io/) website, which includes module-based training for Chef Infra, as well as Automate, Habitat, and InSpec.
+For Chef Infra usage, please refer to [Learn Chef](https://learn.chef.io/), our self-paced, entirely free learning platform. Learn Chef also includes module-based training for Chef Infra, as well as Chef Automate, Chef Habitat, and Chef InSpec.
 
 Other useful resources for Chef Infra users:
 
@@ -26,7 +26,7 @@ Other useful resources for Chef Infra users:
 - Source: <https://github.com/chef/chef/tree/master>
 - Tickets/Issues: <https://github.com/chef/chef/issues>
 - Slack: [Chef Community Slack](https://community-slack.chef.io/)
-- Mailing list: <https://discourse.chef.io>
+- Mailing list/Forum: <https://discourse.chef.io>
 
 ## Reporting Issues
 
@@ -46,7 +46,7 @@ We'd love to have your help developing Chef Infra. See our [Contributing Documen
 
 ## License and Copyright
 
-Copyright 2008-2019, Chef Software, Inc.
+Copyright 2008-2020, Chef Software, Inc.
 
 ```
 Licensed under the Apache License, Version 2.0 (the "License");

data/Rakefile

@@ -111,12 +111,12 @@ end
 
 namespace :spellcheck do
   task :run do
-    sh 'cspell "**/*" "*.md"'
+    sh 'cspell "**/*"'
   end
 
   desc "List the unique unrecognized words in the project."
   task :unknown_words do
-    sh 'cspell "**/*" "*.md" --wordsOnly --no-summary | sort | uniq'
+    sh 'cspell "**/*" --wordsOnly --no-summary | sort | uniq'
   end
 end
 

data/chef.gemspec

@@ -28,11 +28,11 @@ Gem::Specification.new do |s|
   s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
   s.add_dependency "ohai", "~> 16.0"
 
-  s.add_dependency "ffi", "~> 1.9", ">= 1.9.25"
+  s.add_dependency "ffi", ">= 1.9.25"
   s.add_dependency "ffi-yajl", "~> 2.2"
-  s.add_dependency "net-ssh", ">= 4.2", "< 6"
+  s.add_dependency "net-ssh", ">= 4.2", "< 7"
   s.add_dependency "net-ssh-multi", "~> 1.2", ">= 1.2.1"
-  s.add_dependency "net-sftp", "~> 2.1", ">= 2.1.2"
+  s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0"
   s.add_dependency "ed25519", "~> 1.2" # ed25519 ssh key support
   s.add_dependency "bcrypt_pbkdf", "= 1.1.0.rc1" # ed25519 ssh key support
   s.add_dependency "highline", ">= 1.6.9", "< 3"

data/lib/chef/application/apply.rb

@@ -233,7 +233,7 @@ class Chef::Application::Apply < Chef::Application
   end
 
   # Get this party started
-  def run(enforce_license = false)
+  def run(enforce_license: false)
     reconfigure
     check_license_acceptance if enforce_license
     run_application

data/lib/chef/application/base.rb

@@ -363,7 +363,7 @@ class Chef::Application::Base < Chef::Application
     Chef::Log.trace("Download recipes tarball from #{url} to #{path}")
     if File.exist?(url)
       FileUtils.cp(url, path)
-    elsif url =~ URI.regexp
+    elsif URI.regexp.match?(url)
       File.open(path, "wb") do |f|
         open(url) do |r|
           f.write(r.read)

data/lib/chef/application/client.rb

@@ -39,7 +39,7 @@ class Chef::Application::Client < Chef::Application::Base
       long: "--daemonize [WAIT]",
       description: "Daemonize the process. Accepts an optional integer which is the " \
         "number of seconds to wait before the first daemonized run.",
-      proc: lambda { |wait| wait =~ /^\d+$/ ? wait.to_i : true }
+      proc: lambda { |wait| /^\d+$/.match?(wait) ? wait.to_i : true }
   end
 
   option :pid_file,

data/lib/chef/application/windows_service_manager.rb

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
   require "win32/service"
 end
 require_relative "../config"

data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb

@@ -55,7 +55,7 @@ class Chef
           base_name = remove_dot_json(entry.name)
           if object["raw_data"]["id"] != base_name
             yield("ID in #{entry.path_for_printing} must be '#{base_name}' (is '#{object["raw_data"]["id"]}')")
-          elsif entry.parent.name =~ RESERVED_NAMES
+          elsif RESERVED_NAMES.match?(entry.parent.name)
             yield("Data bag name ('#{entry.parent.name}') must not match #{RESERVED_NAMES.inspect}")
           end
         end

data/lib/chef/chef_fs/path_utils.rb

@@ -118,7 +118,7 @@ class Chef
 
         if ancestor.length == path.length
           ""
-        elsif path[ancestor.length, 1] =~ /#{PathUtils.regexp_path_separator}/
+        elsif /#{PathUtils.regexp_path_separator}/.match?(path[ancestor.length, 1])
           path[ancestor.length + 1..-1]
         else
           nil

data/lib/chef/cookbook/chefignore.rb

@@ -50,7 +50,7 @@ class Chef
         ignore_globs = []
         if @ignore_file && readable_file_or_symlink?(@ignore_file)
           File.foreach(@ignore_file) do |line|
-            ignore_globs << line.strip unless line =~ COMMENTS_AND_WHITESPACE
+            ignore_globs << line.strip unless COMMENTS_AND_WHITESPACE.match?(line)
           end
         else
           Chef::Log.debug("No chefignore file found. No files will be ignored!")

data/lib/chef/cookbook/metadata.rb

@@ -391,7 +391,7 @@ class Chef
       def recipes_from_cookbook_version(cookbook)
         cookbook.fully_qualified_recipe_names.map do |recipe_name|
           unqualified_name =
-            if recipe_name =~ /::default$/
+            if /::default$/.match?(recipe_name)
               name.to_s
             else
               recipe_name

data/lib/chef/cookbook_version.rb

@@ -392,7 +392,7 @@ class Chef
                                    platform, version = Chef::Platform.find_platform_and_version(node)
                                  rescue ArgumentError => e
                                    # Skip platform/version if they were not found by find_platform_and_version
-                                   if e.message =~ /Cannot find a (?:platform|version)/
+                                   if /Cannot find a (?:platform|version)/.match?(e.message)
                                      platform = "/unknown_platform/"
                                      version = "/unknown_platform_version/"
                                    else
@@ -527,7 +527,7 @@ class Chef
         cb["version"]
       end
     rescue Net::HTTPClientException => e
-      if e.to_s =~ /^404/
+      if /^404/.match?(e.to_s)
         Chef::Log.error("Cannot find a cookbook named #{cookbook_name}")
         nil
       else

data/lib/chef/data_bag.rb

@@ -36,10 +36,10 @@ class Chef
     RESERVED_NAMES = /^(node|role|environment|client)$/.freeze
 
     def self.validate_name!(name)
-      unless name =~ VALID_NAME
+      unless VALID_NAME.match?(name)
         raise Exceptions::InvalidDataBagName, "DataBags must have a name matching #{VALID_NAME.inspect}, you gave #{name.inspect}"
       end
-      if name =~ RESERVED_NAMES
+      if RESERVED_NAMES.match?(name)
         raise Exceptions::InvalidDataBagName, "DataBags may not have a name matching #{RESERVED_NAMES.inspect}, you gave #{name.inspect}"
       end
     end
@@ -94,7 +94,7 @@ class Chef
         names = []
         paths.each do |path|
           unless File.directory?(path)
-            raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}' is invalid"
+            raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}' not found. Please create this directory."
           end
 
           names += Dir.glob(File.join(
@@ -122,7 +122,7 @@ class Chef
         data_bag = {}
         paths.each do |path|
           unless File.directory?(path)
-            raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}' is invalid"
+            raise Chef::Exceptions::InvalidDataBagPath, "Data bag path '#{path}' not found. Please create this directory."
           end
 
           Dir.glob(File.join(Chef::Util::PathHelper.escape_glob_dir(path, name.to_s), "*.json")).inject({}) do |bag, f|

data/lib/chef/deprecated.rb

@@ -237,6 +237,10 @@ class Chef
       target 29
     end
 
+    class ArchiveFileIntegerFileMode < Base
+      target 30
+    end
+
     class Generic < Base
       def url
         "https://docs.chef.io/chef_deprecations_client/"

data/lib/chef/file_access_control.rb

@@ -26,7 +26,7 @@ class Chef
   # the values specified by a value object, usually a Chef::Resource.
   class FileAccessControl
 
-    if RUBY_PLATFORM =~ /mswin|mingw|windows/
+    if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
       require_relative "file_access_control/windows"
       include FileAccessControl::Windows
     else

data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb

@@ -41,7 +41,7 @@ class Chef
 
           if found_error_in_cookbooks?
             traceback = filtered_bt.map { |line| "  #{line}" }.join("\n")
-            error_description.section("Cookbook Trace:", traceback)
+            error_description.section("Cookbook Trace: (most recent call first)", traceback)
             error_description.section("Relevant File Content:", context)
           end
 

data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb

@@ -37,7 +37,7 @@ class Chef
           error_description.section(exception.class.name, exception.message)
 
           unless filtered_bt.empty?
-            error_description.section("Cookbook Trace:", filtered_bt.join("\n"))
+            error_description.section("Cookbook Trace: (most recent call first)", filtered_bt.join("\n"))
           end
 
           unless dynamic_resource?
@@ -79,8 +79,8 @@ class Chef
               loop do
 
                 # low rent parser. try to gracefully handle nested blocks in resources
-                nesting += 1 if lines[current_line] =~ /[\s]+do[\s]*/
-                nesting -= 1 if lines[current_line] =~ /end[\s]*$/
+                nesting += 1 if /[\s]+do[\s]*/.match?(lines[current_line])
+                nesting -= 1 if /end[\s]*$/.match?(lines[current_line])
 
                 relevant_lines << format_line(current_line, lines[current_line])
 

data/lib/chef/http.rb

@@ -291,6 +291,21 @@ class Chef
 
     private
 
+    # @api private
+    def ssl_policy
+      return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode]
+
+      case @options[:ssl_verify_mode]
+      when :verify_none
+        Chef::HTTP::VerifyNoneSSLPolicy
+      when :verify_peer
+        Chef::HTTP::VerifyPeerSSLPolicy
+      else
+        Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy")
+        Chef::HTTP::APISSLPolicy
+      end
+    end
+
     # @api private
     def build_http_client(base_url)
       if chef_zero_uri?(base_url)
@@ -304,7 +319,7 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        BasicClient.new(base_url, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: keepalives)
+        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
       end
     end
 
@@ -312,7 +327,7 @@ class Chef
     def create_url(path)
       return path if path.is_a?(URI)
 
-      if path =~ %r{^(http|https|chefzero)://}i
+      if %r{^(http|https|chefzero)://}i.match?(path)
         URI.parse(path)
       elsif path.nil? || path.empty?
         URI.parse(@url)

data/lib/chef/http/http_request.rb

@@ -128,7 +128,7 @@ class Chef
       rescue NoMethodError => e
         # http://redmine.ruby-lang.org/issues/show/2708
         # http://redmine.ruby-lang.org/issues/show/2758
-        if e.to_s =~ /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/
+        if /#{Regexp.escape(%q{undefined method `closed?' for nil:NilClass})}/.match?(e.to_s)
           Chef::Log.trace("Rescued error in http connect, re-raising as Errno::ECONNREFUSED to hide bug in net/http")
           Chef::Log.trace("#{e.class.name}: #{e}")
           Chef::Log.trace(e.backtrace.join("\n"))

data/lib/chef/http/json_output.rb

@@ -47,7 +47,7 @@ class Chef
         # needed to keep conditional get stuff working correctly.
         return [http_response, rest_request, return_value] if return_value == false
 
-        if http_response["content-type"] =~ /json/
+        if /json/.match?(http_response["content-type"])
           if http_response.body.nil?
             return_value = nil
           elsif raw_output

data/lib/chef/http/ssl_policies.rb

@@ -129,5 +129,23 @@ class Chef
       end
     end
 
+    # This policy is used when we want to explicitly turn on verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_peer`
+    class VerifyPeerSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      end
+    end
+
+    # This policy is used when we want to explicitly turn off verification
+    # for a specific request regardless of the API Policy. For example, when
+    # doing a `remote_file` where the user specified `verify_mode :verify_none`
+    class VerifyNoneSSLPolicy < DefaultSSLPolicy
+      def set_verify_mode
+        http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
   end
 end

data/lib/chef/knife.rb

@@ -248,7 +248,7 @@ class Chef
         category_desc = preferred_category ? preferred_category + " " : ""
         msg "Available #{category_desc}subcommands: (for details, knife SUB-COMMAND --help)\n\n"
         subcommand_loader.list_commands(preferred_category).sort.each do |category, commands|
-          next if category =~ /deprecated/i
+          next if /deprecated/i.match?(category)
 
           msg "** #{category.upcase} COMMANDS **"
           commands.sort.each do |command|

data/lib/chef/knife/bootstrap.rb

@@ -580,11 +580,8 @@ class Chef
 
           bootstrap_context.client_pem = client_builder.client_path
         else
-          ui.info <<~EOM
-            Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
-            Delete your validation key in order to use your user credentials for client registration instead.
-          EOM
-
+          ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
+          ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
         end
       end
 
@@ -602,7 +599,7 @@ class Chef
       end
 
       def connect!
-        ui.info("Connecting to #{ui.color(server_name, :bold)}")
+        ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
         opts ||= connection_opts.dup
         do_connect(opts)
       rescue Train::Error => e

data/lib/chef/knife/bootstrap/templates/chef-full.erb

@@ -185,50 +185,50 @@ if test "x$tmp_dir" != "x"; then
   rm -r "$tmp_dir"
 fi
 
-mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>
+mkdir -p /etc/chef
 
 <% if client_pem -%>
-(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/client.pem <<'EOP'
+(umask 077 && (cat > /etc/chef/client.pem <<'EOP'
 <%= ::File.read(::File.expand_path(client_pem)) %>
 EOP
 )) || exit 1
 <% end -%>
 
 <% if validation_key -%>
-(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/validation.pem <<'EOP'
+(umask 077 && (cat > /etc/chef/validation.pem <<'EOP'
 <%= validation_key %>
 EOP
 )) || exit 1
 <% end -%>
 
 <% if encrypted_data_bag_secret -%>
-(umask 077 && (cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/encrypted_data_bag_secret <<'EOP'
+(umask 077 && (cat > /etc/chef/encrypted_data_bag_secret <<'EOP'
 <%= encrypted_data_bag_secret %>
 EOP
 )) || exit 1
 <% end -%>
 
 <% unless trusted_certs.empty? -%>
-mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>/trusted_certs
+mkdir -p /etc/chef/trusted_certs
 <%= trusted_certs %>
 <% end -%>
 
 <%# Generate Ohai Hints -%>
 <% unless @config[:hints].nil? || @config[:hints].empty? -%>
-mkdir -p <%= ChefConfig::Config.etc_chef_dir(false) %>/ohai/hints
+mkdir -p /etc/chef/ohai/hints
 
 <% @config[:hints].each do |name, hash| -%>
-cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/ohai/hints/<%= name %>.json <<'EOP'
+cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP'
 <%= Chef::JSONCompat.to_json(hash) %>
 EOP
 <% end -%>
 <% end -%>
 
-cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/client.rb <<'EOP'
+cat > /etc/chef/client.rb <<'EOP'
 <%= config_content %>
 EOP
 
-cat > <%= ChefConfig::Config.etc_chef_dir(false) %>/first-boot.json <<'EOP'
+cat > /etc/chef/first-boot.json <<'EOP'
 <%= Chef::JSONCompat.to_json(first_boot) %>
 EOP