chef 16.1.16 → 16.2.44

data/lib/chef/provider/zypper_repository.rb

@@ -115,28 +115,48 @@ class Chef
         end
       end
 
+      # the version of gpg installed on the system
+      #
+      # @return [Gem::Version] the version of GPG
+      def gpg_version
+        so = shell_out!("gpg --version")
+        # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp
+        version = /gpg \(GnuPG\)\s*(.*)/.match(so.stdout)[1]
+        logger.trace("GPG package version is #{version}")
+        Gem::Version.new(version)
+      end
+
       # is the provided key already installed
       # @param [String] key_path the path to the key on the local filesystem
       #
       # @return [boolean] is the key already known by rpm
       def key_installed?(key_path)
-        so = shell_out("rpm -qa gpg-pubkey*")
+        so = shell_out("/bin/rpm -qa gpg-pubkey*")
         # expected output & match: http://rubular.com/r/RdF7EcXEtb
-        status = /gpg-pubkey-#{key_fingerprint(key_path)}/.match(so.stdout)
+        status = /gpg-pubkey-#{short_key_id(key_path)}/.match(so.stdout)
         logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}")
         status
       end
 
-      # extract the gpg key fingerprint from a local file
+      # extract the gpg key's short key id from a local file. Learning moment: This 8 hex value ID
+      # is sometimes incorrectly called the fingerprint. The fingerprint is the full length value
+      # and googling for that will just result in sad times.
+      #
       # @param [String] key_path the path to the key on the local filesystem
       #
-      # @return [String] the fingerprint of the key
-      def key_fingerprint(key_path)
-        so = shell_out!("gpg --with-fingerprint #{key_path}")
-        # expected output and match: http://rubular.com/r/BpfMjxySQM
-        fingerprint = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
-        logger.trace("GPG fingerprint of key at #{key_path} is #{fingerprint}")
-        fingerprint
+      # @return [String] the short key id of the key
+      def short_key_id(key_path)
+        if gpg_version >= Gem::Version.new("2.2") # SLES 15+
+          so = shell_out!("gpg --import-options import-show --dry-run --import --with-colons #{key_path}")
+          # expected output and match: https://rubular.com/r/uXWJo3yfkli1qA
+          short_key_id = /fpr:*\h*(\h{8}):/.match(so.stdout)[1].downcase
+        else # SLES 12 and earlier
+          so = shell_out!("gpg --with-fingerprint #{key_path}")
+          # expected output and match: http://rubular.com/r/BpfMjxySQM
+          short_key_id = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
+        end
+        logger.trace("GPG short key ID of key at #{key_path} is #{short_key_id}")
+        short_key_id
       end
 
       # install the provided gpg key

data/lib/chef/resource.rb

@@ -451,6 +451,17 @@ class Chef
       description: "Determines whether or not the resource is executed during the compile time phase.",
       default: false, desired_state: false
 
+    # Set a umask to be used for the duration of converging the resource.
+    # Defaults to `nil`, which means to use the system umask.
+    #
+    # @param arg [String] The umask to apply while converging the resource.
+    # @return [Boolean] The umask to apply while converging the resource.
+    #
+    property :umask, String,
+      desired_state: false,
+      introduced: "16.2",
+      description: "Set a umask to be used for the duration of converging the resource. Defaults to `nil`, which means to use the system umask."
+
     # The time it took (in seconds) to run the most recently-run action.  Not
     # cumulative across actions.  This is set to 0 as soon as a new action starts
     # running, and set to the elapsed time at the end of the action.
@@ -588,7 +599,9 @@ class Chef
       begin
         return if should_skip?(action)
 
-        provider_for_action(action).run_action
+        with_umask do
+          provider_for_action(action).run_action
+        end
       rescue StandardError => e
         if ignore_failure
           logger.error("#{custom_exception_message(e)}; ignore_failure is set, continuing")
@@ -612,6 +625,13 @@ class Chef
       events.resource_completed(self)
     end
 
+    def with_umask
+      old_value = ::File.umask(umask.oct) if umask
+      yield
+    ensure
+      ::File.umask(old_value) if umask
+    end
+
     #
     # If we are currently initializing the resource, this will be true.
     #
@@ -950,16 +970,7 @@ class Chef
     def self.resource_name(name = NOT_PASSED)
       # Setter
       if name != NOT_PASSED
-        if name
-          @resource_name = name.to_sym
-          name = name.to_sym
-          # FIXME: determine a way to deprecate this magic behavior
-          unless Chef::ResourceResolver.includes_handler?(name, self)
-            provides name
-          end
-        else
-          @resource_name = nil
-        end
+        @resource_name = name.to_sym rescue nil
       end
 
       @resource_name = nil unless defined?(@resource_name)

data/lib/chef/resource/apt_package.rb

@@ -46,7 +46,7 @@ class Chef
       apt_package %(package1 package2 package3)
       ```
 
-      **Install without using recommend packages as a dependency**
+      **Install without using recommend packages as a dependency**:
 
       ```ruby
       package 'apache2' do

data/lib/chef/resource/archive_file.rb

@@ -19,6 +19,7 @@
 #
 
 require_relative "../resource"
+require "fileutils" unless defined?(FileUtils)
 
 class Chef
   class Resource
@@ -39,6 +40,18 @@ class Chef
           destination '/srv/files'
         end
         ```
+
+        **Set specific permissions on the extracted files**:
+
+        ```ruby
+        archive_file 'Precompiled.zip' do
+          owner 'tsmith'
+          group 'staff'
+          mode '700'
+          path '/tmp/Precompiled.zip'
+          destination '/srv/files'
+        end
+        ```
       DOC
 
       property :path, String,
@@ -53,7 +66,7 @@ class Chef
         description: "The group of the extracted files."
 
       property :mode, [String, Integer],
-        description: "The mode of the extracted files.",
+        description: "The mode of the extracted files. Integer values are deprecated as octal values (ex. 0755) would not be interpreted correctly.",
         default: "755"
 
       property :destination, String,
@@ -72,11 +85,11 @@ class Chef
       alias_method :extract_options, :options
       alias_method :extract_to, :destination
 
-      require "fileutils" unless defined?(FileUtils)
-
       action :extract do
         description "Extract and archive file."
 
+        require_libarchive
+
         unless ::File.exist?(new_resource.path)
           raise Errno::ENOENT, "No archive found at #{new_resource.path}! Cannot continue."
         end
@@ -85,7 +98,8 @@ class Chef
           Chef::Log.trace("File or directory does not exist at destination path: #{new_resource.destination}")
 
           converge_by("create directory #{new_resource.destination}") do
-            FileUtils.mkdir_p(new_resource.destination, mode: new_resource.mode.to_i)
+            # @todo when we remove the ability for mode to be an int we can remove the .to_s below
+            FileUtils.mkdir_p(new_resource.destination, mode: new_resource.mode.to_s.to_i(8))
           end
 
           extract(new_resource.path, new_resource.destination, Array(new_resource.options))
@@ -113,6 +127,16 @@ class Chef
       end
 
       action_class do
+        def require_libarchive
+          require "ffi-libarchive"
+        end
+
+        def define_resource_requirements
+          if new_resource.mode.is_a?(Integer)
+            Chef.deprecated(:archive_file_integer_file_mode, "The mode property should be passed to archive_file resources as a String and not an Integer to ensure the value is properly interpreted.")
+          end
+        end
+
         # This can't be a constant since we might not have required 'ffi-libarchive' yet.
         def extract_option_map
           {
@@ -136,8 +160,6 @@ class Chef
         #
         # @return [Boolean]
         def archive_differs_from_disk?(src, dest)
-          require "ffi-libarchive"
-
           modified = false
           Dir.chdir(dest) do
             archive = Archive::Reader.open_filename(src)
@@ -164,8 +186,6 @@ class Chef
         #
         # @return [void]
         def extract(src, dest, options = [])
-          require "ffi-libarchive"
-
           converge_by("extract #{src} to #{dest}") do
             flags = [options].flatten.map { |option| extract_option_map[option] }.compact.reduce(:|)
 

data/lib/chef/resource/bash.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "script"
-require_relative "../provider/script"
 
 class Chef
   class Resource

data/lib/chef/resource/batch.rb

@@ -27,8 +27,10 @@ class Chef
 
       description "Use the **batch** resource to execute a batch script using the cmd.exe interpreter on Windows. The batch resource creates and executes a temporary file (similar to how the script resource behaves), rather than running the command inline. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence."
 
-      def initialize(name, run_context = nil)
-        super(name, run_context, nil, "cmd.exe")
+      def initialize(*args)
+        super
+        @interpreter = "cmd.exe"
+        @default_guard_interpreter = resource_name
       end
 
     end

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -48,6 +48,16 @@ class Chef
           daemon_options ["--override-runlist mycorp_base::default"]
         end
       ```
+
+      **Run #{Chef::Dist::PRODUCT} daily at 01:00 am, specifying a named run-list**:
+
+      ```ruby
+        chef_client_scheduled_task "Run chef-client named run-list daily" do
+          frequency 'daily'
+          start_time '01:00'
+          daemon_options ['-n audit_only']
+        end
+      ```
       DOC
 
       resource_name :chef_client_scheduled_task
@@ -72,7 +82,8 @@ class Chef
         coerce: proc { |x| Integer(x) },
         callbacks: { "should be a positive number" => proc { |v| v > 0 } },
         description: "Numeric value to go with the scheduled task frequency",
-        default: 30
+        default: lazy { frequency == "minute" ? 30 : 1 },
+        default_description: "30 if frequency is 'minute', 1 otherwise"
 
       property :accept_chef_license, [true, false],
         description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
@@ -129,6 +140,7 @@ class Chef
 
         # According to https://docs.microsoft.com/en-us/windows/desktop/taskschd/schtasks,
         # the :once, :onstart, :onlogon, and :onidle schedules don't accept schedule modifiers
+
         windows_task new_resource.task_name do
           run_level                      :highest
           command                        full_command

data/lib/chef/resource/cron/_cron_shared.rb

@@ -0,0 +1,98 @@
+unified_mode true
+
+TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze
+TIMEOUT_REGEX = /\A\S+/.freeze
+WEEKDAYS = {
+  sunday: "0", monday: "1", tuesday: "2", wednesday: "3", thursday: "4", friday: "5", saturday: "6",
+  sun: "0", mon: "1", tue: "2", wed: "3", thu: "4", fri: "5", sat: "6"
+}.freeze
+
+property :minute, [Integer, String],
+  description: "The minute at which the cron entry should run (`0 - 59`).",
+  default: "*", callbacks: {
+    "should be a valid minute spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 59) },
+  }
+
+property :hour, [Integer, String],
+  description: "The hour at which the cron entry is to run (`0 - 23`).",
+  default: "*", callbacks: {
+    "should be a valid hour spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 23) },
+  }
+
+property :day, [Integer, String],
+  description: "The day of month at which the cron entry should run (`1 - 31`).",
+  default: "*", callbacks: {
+    "should be a valid day spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 1, 31) },
+  }
+
+property :month, [Integer, String],
+  description: "The month in the year on which a cron entry is to run (`1 - 12`, `jan-dec`, or `*`).",
+  default: "*", callbacks: {
+    "should be a valid month spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_month(spec) },
+  }
+
+property :weekday, [Integer, String, Symbol],
+  description: "The day of the week on which this entry is to run (`0-7`, `mon-sun`, `monday-sunday`, or `*`), where Sunday is both `0` and `7`.",
+  default: "*", coerce: proc { |day| weekday_in_crontab(day) },
+  callbacks: {
+    "should be a valid weekday spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_dow(spec) },
+  }
+
+property :shell, String,
+  description: "Set the `SHELL` environment variable."
+
+property :path, String,
+  description: "Set the `PATH` environment variable."
+
+property :home, String,
+  description: "Set the `HOME` environment variable."
+
+property :mailto, String,
+  description: "Set the `MAILTO` environment variable."
+
+property :command, String,
+  description: "The command to be run, or the path to a file that contains the command to be run.",
+  identity: true,
+  required: [:create]
+
+property :user, String,
+  description: "The name of the user that runs the command.",
+  default: "root"
+
+property :environment, Hash,
+  description: "A Hash containing additional arbitrary environment variables under which the cron job will be run in the form of `({'ENV_VARIABLE' => 'VALUE'})`. **Note**: These variables must exist for a command to be run successfully.",
+  default: lazy { {} }
+
+property :time_out, Hash,
+  description: "A Hash of timeouts in the form of `({'OPTION' => 'VALUE'})`. Accepted valid options are:
+  - `preserve-status` (BOOL, default: 'false'),
+  - `foreground` (BOOL, default: 'false'),
+  - `kill-after` (in seconds),
+  - `signal` (a name like 'HUP' or a number)",
+  default: lazy { {} },
+  introduced: "15.7",
+  coerce: proc { |h|
+    if h.is_a?(Hash)
+      invalid_keys = h.keys - TIMEOUT_OPTS
+      unless invalid_keys.empty?
+        error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"!  You passed \"#{invalid_keys.join(", ")}\"."
+        raise Chef::Exceptions::ValidationFailed, error_msg
+      end
+      unless h.values.all? { |x| x =~ TIMEOUT_REGEX }
+        error_msg = "Values of option time_out should be non-empty strings without any leading whitespace."
+        raise Chef::Exceptions::ValidationFailed, error_msg
+      end
+      h
+    elsif h.is_a?(Integer) || h.is_a?(String)
+      { "duration" => h }
+    end
+  }
+
+private
+# Convert weekday input value into crontab format that
+# could be written in the crontab
+# @return [Integer, String] A weekday formed as per the user inputs.
+def weekday_in_crontab(day)
+  weekday = day.to_s.downcase.to_sym
+  WEEKDAYS[weekday] || day
+end

data/lib/chef/resource/cron/cron.rb

@@ -0,0 +1,46 @@
+#
+# Author:: Bryan McLellan (btm@loftninjas.org)
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright 2009-2016, Bryan McLellan
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../resource"
+require_relative "../helpers/cron_validations"
+require_relative "../../provider/cron" # do not remove. we actually need this below
+
+class Chef
+  class Resource
+    class Cron < Chef::Resource
+      unified_mode true
+
+      use "cron_shared"
+
+      provides :cron
+
+      description "Use the **cron** resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron."
+
+      state_attrs :minute, :hour, :day, :month, :weekday, :user
+
+      default_action :create
+      allowed_actions :create, :delete
+
+      property :time, Symbol,
+        description: "A time interval.",
+        equal_to: Chef::Provider::Cron::SPECIAL_TIME_VALUES
+
+    end
+  end
+end

data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb}

@@ -15,15 +15,18 @@
 # limitations under the License.
 #
 
-require_relative "../resource"
-require_relative "helpers/cron_validations"
+require_relative "../../resource"
+require_relative "../helpers/cron_validations"
 require "shellwords" unless defined?(Shellwords)
-require_relative "../dist"
+require_relative "../../dist"
 
 class Chef
   class Resource
     class CronD < Chef::Resource
       unified_mode true
+
+      use "cron_shared"
+
       provides :cron_d
 
       introduced "14.4"
@@ -98,92 +101,9 @@ class Chef
         description: "Schedule your cron job with one of the special predefined value instead of ** * pattern.",
         equal_to: %w{ @reboot @yearly @annually @monthly @weekly @daily @midnight @hourly }
 
-      property :minute, [Integer, String],
-        description: "The minute at which the cron entry should run (`0 - 59`).",
-        default: "*", callbacks: {
-          "should be a valid minute spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 59) },
-        }
-
-      property :hour, [Integer, String],
-        description: "The hour at which the cron entry is to run (`0 - 23`).",
-        default: "*", callbacks: {
-          "should be a valid hour spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 23) },
-        }
-
-      property :day, [Integer, String],
-        description: "The day of month at which the cron entry should run (`1 - 31`).",
-        default: "*", callbacks: {
-          "should be a valid day spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 1, 31) },
-        }
-
-      property :month, [Integer, String],
-        description: "The month in the year on which a cron entry is to run (`1 - 12`, `jan-dec`, or `*`).",
-        default: "*", callbacks: {
-          "should be a valid month spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_month(spec) },
-        }
-
-      property :weekday, [Integer, String],
-        description: "The day of the week on which this entry is to run (`0-7`, `mon-sun`, or `*`), where Sunday is both `0` and `7`.",
-        default: "*", callbacks: {
-          "should be a valid weekday spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_dow(spec) },
-        }
-
-      property :command, String,
-        description: "The command to run.",
-        required: [:create]
-
-      property :user, String,
-        description: "The name of the user that runs the command.",
-        default: "root"
-
-      property :mailto, String,
-        description: "Set the `MAILTO` environment variable in the cron.d file."
-
-      property :path, String,
-        description: "Set the `PATH` environment variable in the cron.d file."
-
-      property :home, String,
-        description: "Set the `HOME` environment variable in the cron.d file."
-
-      property :shell, String,
-        description: "Set the `SHELL` environment variable in the cron.d file."
-
       property :comment, String,
         description: "A comment to place in the cron.d file."
 
-      property :environment, Hash,
-        description: "A Hash containing additional arbitrary environment variables under which the cron job will be run in the form of `({'ENV_VARIABLE' => 'VALUE'})`.",
-        default: lazy { {} }
-
-      TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze
-      TIMEOUT_REGEX = /\A\S+/.freeze
-
-      property :time_out, Hash,
-        description: "A Hash of timeouts in the form of `({'OPTION' => 'VALUE'})`.
-        Accepted valid options are:
-        `preserve-status` (BOOL, default: 'false'),
-        `foreground` (BOOL, default: 'false'),
-        `kill-after` (in seconds),
-        `signal` (a name like 'HUP' or a number)",
-        default: lazy { {} },
-        introduced: "15.7",
-        coerce: proc { |h|
-          if h.is_a?(Hash)
-            invalid_keys = h.keys - TIMEOUT_OPTS
-            unless invalid_keys.empty?
-              error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"!  You passed \"#{invalid_keys.join(", ")}\"."
-              raise Chef::Exceptions::ValidationFailed, error_msg
-            end
-            unless h.values.all? { |x| x =~ TIMEOUT_REGEX }
-              error_msg = "Values of option time_out should be non-empty string without any leading whitespace."
-              raise Chef::Exceptions::ValidationFailed, error_msg
-            end
-            h
-          elsif h.is_a?(Integer) || h.is_a?(String)
-            { "duration" => h }
-          end
-        }
-
       property :mode, [String, Integer],
         description: "The octal mode of the generated crontab file.",
         default: "0600"
@@ -238,7 +158,7 @@ class Chef
 
           # @todo this is Chef 12 era cleanup. Someday we should remove it all
           template "/etc/cron.d/#{sanitized_name}" do
-            source ::File.expand_path("../support/cron.d.erb", __FILE__)
+            source ::File.expand_path("../../support/cron.d.erb", __FILE__)
             local true
             mode new_resource.mode
             variables(