chef 16.10.17 → 16.11.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +1 -1
- data/lib/chef/compliance/default_attributes.rb +6 -2
- data/lib/chef/compliance/runner.rb +6 -1
- data/lib/chef/provider/package/dnf/dnf_helper.py +4 -0
- data/lib/chef/provider/package/yum/yum_helper.py +4 -0
- data/lib/chef/resource/chef_client_cron.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +2 -1
- data/spec/unit/compliance/runner_spec.rb +54 -5
- data/spec/unit/resource/chef_client_cron_spec.rb +8 -8
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fd448f5509acd697c105abf4cecd138c2846dfe37edb3902f4cf8ba812ccd1fe
|
|
4
|
+
data.tar.gz: cf9852050b81e6a11c6ae5f19f18fea7ecb1412ede3452f634c127aca6e2e66f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 25384138bddf56bfb46f290b1dae904bbc110d08f9e42377707d23339d12d8a5ecbdb925c66b2bc9f184869e0bd4c29f6a9ccb5423236fde942524471e713587
|
|
7
|
+
data.tar.gz: ad3b19bfb1fa756cd44a4af911e679be8ab0b079ef8b36ba363c4d2ff50540dced62f9e1d4192bab03e3576fd09430e71b0693025a49e4fcc0176f1c75ef1547
|
data/Gemfile
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
source "https://rubygems.org"
|
|
2
2
|
|
|
3
|
-
#
|
|
4
|
-
gem "ffi", "
|
|
3
|
+
# 1.15+ is required for M1 mac builds
|
|
4
|
+
gem "ffi", ">=1.15"
|
|
5
5
|
|
|
6
6
|
# Note we do not use the gemspec DSL which restricts to the
|
|
7
7
|
# gemspec for the current platform and filters out other platforms
|
|
@@ -14,7 +14,7 @@ gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
|
|
|
14
14
|
gemspec.add_dependency "wmi-lite", "~> 1.0"
|
|
15
15
|
gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
|
|
16
16
|
gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
|
|
17
|
-
gemspec.add_dependency "win32-certstore", "~> 0.5" # 0.5+ required for specifying user vs. system store
|
|
17
|
+
gemspec.add_dependency "win32-certstore", "~> 0.5.0" # 0.5+ required for specifying user vs. system store
|
|
18
18
|
gemspec.extensions << "ext/win32-eventlog/Rakefile"
|
|
19
19
|
gemspec.files += Dir.glob("{distro,ext}/**/*")
|
|
20
20
|
|
data/chef.gemspec
CHANGED
|
@@ -44,7 +44,7 @@ Gem::Specification.new do |s|
|
|
|
44
44
|
s.add_dependency "net-ssh-multi", "~> 1.2", ">= 1.2.1"
|
|
45
45
|
s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0"
|
|
46
46
|
s.add_dependency "ed25519", "~> 1.2" # ed25519 ssh key support
|
|
47
|
-
s.add_dependency "bcrypt_pbkdf", "
|
|
47
|
+
s.add_dependency "bcrypt_pbkdf", "~> 1.1" # ed25519 ssh key support
|
|
48
48
|
s.add_dependency "highline", ">= 1.6.9", "< 3"
|
|
49
49
|
s.add_dependency "tty-prompt", "~> 0.21" # knife ui.ask prompt
|
|
50
50
|
s.add_dependency "tty-screen", "~> 0.6" # knife list
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Author:: Stephan Renatus <srenatus@chef.io>
|
|
2
|
-
# Copyright:: (c)
|
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc. <legal@chef.io>
|
|
3
3
|
#
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
# you may not use this file except in compliance with the License.
|
|
@@ -87,7 +87,11 @@ class Chef
|
|
|
87
87
|
|
|
88
88
|
# If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input
|
|
89
89
|
# named `chef_node`.
|
|
90
|
-
"chef_node_attribute_enabled" => false
|
|
90
|
+
"chef_node_attribute_enabled" => false,
|
|
91
|
+
|
|
92
|
+
# Should the built-in compliance phase run. True and false force the behavior. Nil does magic based on if you have
|
|
93
|
+
# profiles defined but do not have the audit cookbook enabled.
|
|
94
|
+
"compliance_phase" => false
|
|
91
95
|
)
|
|
92
96
|
end
|
|
93
97
|
end
|
|
@@ -22,8 +22,13 @@ class Chef
|
|
|
22
22
|
|
|
23
23
|
logger.debug("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}")
|
|
24
24
|
logger.debug("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
|
|
25
|
+
logger.debug("#{self.class}##{__method__}: compliance phase attr? #{node["audit"]["compliance_phase"]}")
|
|
25
26
|
|
|
26
|
-
|
|
27
|
+
if node["audit"]["compliance_phase"].nil?
|
|
28
|
+
inspec_profiles.any? && !audit_cookbook_present
|
|
29
|
+
else
|
|
30
|
+
node["audit"]["compliance_phase"]
|
|
31
|
+
end
|
|
27
32
|
end
|
|
28
33
|
|
|
29
34
|
def node=(node)
|
|
@@ -213,7 +213,7 @@ class Chef
|
|
|
213
213
|
#
|
|
214
214
|
def log_command
|
|
215
215
|
if new_resource.append_log_file
|
|
216
|
-
"
|
|
216
|
+
">> #{::File.join(new_resource.log_directory, new_resource.log_file_name)} 2>&1"
|
|
217
217
|
else
|
|
218
218
|
"> #{::File.join(new_resource.log_directory, new_resource.log_file_name)} 2>&1"
|
|
219
219
|
end
|
data/lib/chef/version.rb
CHANGED
|
@@ -4,7 +4,7 @@ require "support/shared/integration/integration_helper"
|
|
|
4
4
|
require "chef/mixin/shell_out"
|
|
5
5
|
require "chef-utils/dist"
|
|
6
6
|
|
|
7
|
-
describe "chef-client with
|
|
7
|
+
describe "chef-client with compliance phase" do
|
|
8
8
|
|
|
9
9
|
include IntegrationSupport
|
|
10
10
|
include Chef::Mixin::ShellOut
|
|
@@ -46,6 +46,7 @@ describe "chef-client with audit mode" do
|
|
|
46
46
|
file "attributes.json", <<~FILE
|
|
47
47
|
{
|
|
48
48
|
"audit": {
|
|
49
|
+
"compliance_phase": true,
|
|
49
50
|
"json_file": {
|
|
50
51
|
"location": "#{report_file}"
|
|
51
52
|
},
|
|
@@ -13,36 +13,85 @@ describe Chef::Compliance::Runner do
|
|
|
13
13
|
|
|
14
14
|
describe "#enabled?" do
|
|
15
15
|
|
|
16
|
-
it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
|
|
16
|
+
it "is true if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is nil" do
|
|
17
17
|
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
|
18
|
+
node.normal["audit"]["compliance_phase"] = nil
|
|
18
19
|
|
|
19
20
|
expect(runner).to be_enabled
|
|
20
21
|
end
|
|
21
22
|
|
|
22
|
-
it "is
|
|
23
|
+
it "is true if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is true" do
|
|
24
|
+
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
|
25
|
+
node.normal["audit"]["compliance_phase"] = true
|
|
26
|
+
|
|
27
|
+
expect(runner).to be_enabled
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
it "is false if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is false" do
|
|
31
|
+
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
|
32
|
+
node.normal["audit"]["compliance_phase"] = false
|
|
33
|
+
|
|
34
|
+
expect(runner).not_to be_enabled
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it "is false if the node attributes have audit profiles and the audit cookbook is present, and the complince mode attribute is nil" do
|
|
23
38
|
stub_const("::Reporter::ChefAutomate", true)
|
|
24
39
|
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
|
40
|
+
node.normal["audit"]["compliance_phase"] = nil
|
|
25
41
|
|
|
26
42
|
expect(runner).not_to be_enabled
|
|
27
43
|
end
|
|
28
44
|
|
|
29
|
-
it "is
|
|
45
|
+
it "is true if the node attributes have audit profiles and the audit cookbook is present, and the complince mode attribute is true" do
|
|
46
|
+
stub_const("::Reporter::ChefAutomate", true)
|
|
47
|
+
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
|
48
|
+
node.normal["audit"]["compliance_phase"] = true
|
|
49
|
+
|
|
50
|
+
expect(runner).to be_enabled
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
it "is false if the node attributes do not have audit profiles and the audit cookbook is not present, and the complince mode attribute is nil" do
|
|
30
54
|
node.normal["audit"]["profiles"] = {}
|
|
55
|
+
node.normal["audit"]["compliance_phase"] = nil
|
|
31
56
|
|
|
32
57
|
expect(runner).not_to be_enabled
|
|
33
58
|
end
|
|
34
59
|
|
|
35
|
-
it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
|
|
60
|
+
it "is false if the node attributes do not have audit profiles and the audit cookbook is present, and the complince mode attribute is nil" do
|
|
36
61
|
stub_const("::Reporter::ChefAutomate", true)
|
|
37
62
|
node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
|
|
63
|
+
node.normal["audit"]["compliance_phase"] = nil
|
|
38
64
|
|
|
39
65
|
expect(runner).not_to be_enabled
|
|
40
66
|
end
|
|
41
67
|
|
|
42
|
-
it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
|
|
68
|
+
it "is false if the node attributes do not have audit attributes and the audit cookbook is not present, and the complince mode attribute is nil" do
|
|
43
69
|
node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
|
70
|
+
node.normal["audit"]["compliance_phase"] = nil
|
|
71
|
+
|
|
44
72
|
expect(runner).not_to be_enabled
|
|
45
73
|
end
|
|
74
|
+
|
|
75
|
+
it "is true if the node attributes do not have audit profiles and the audit cookbook is not present, and the complince mode attribute is true" do
|
|
76
|
+
node.normal["audit"]["profiles"] = {}
|
|
77
|
+
node.normal["audit"]["compliance_phase"] = true
|
|
78
|
+
|
|
79
|
+
expect(runner).to be_enabled
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
it "is true if the node attributes do not have audit profiles and the audit cookbook is present, and the complince mode attribute is true" do
|
|
83
|
+
stub_const("::Reporter::ChefAutomate", true)
|
|
84
|
+
node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
|
|
85
|
+
node.normal["audit"]["compliance_phase"] = true
|
|
86
|
+
|
|
87
|
+
expect(runner).to be_enabled
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
it "is true if the node attributes do not have audit attributes and the audit cookbook is not present, and the complince mode attribute is true" do
|
|
91
|
+
node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
|
92
|
+
node.normal["audit"]["compliance_phase"] = true
|
|
93
|
+
expect(runner).to be_enabled
|
|
94
|
+
end
|
|
46
95
|
end
|
|
47
96
|
|
|
48
97
|
describe "#inspec_profiles" do
|
|
@@ -93,41 +93,41 @@ describe Chef::Resource::ChefClientCron do
|
|
|
93
93
|
|
|
94
94
|
it "creates a valid command if using all default properties" do
|
|
95
95
|
expect(provider.client_command).to eql(
|
|
96
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path}
|
|
96
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
|
97
97
|
)
|
|
98
98
|
end
|
|
99
99
|
|
|
100
100
|
it "uses daemon_options if set" do
|
|
101
101
|
resource.daemon_options ["--foo 1", "--bar 2"]
|
|
102
102
|
expect(provider.client_command).to eql(
|
|
103
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client --foo 1 --bar 2 -c #{root_path}
|
|
103
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client --foo 1 --bar 2 -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
|
104
104
|
)
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
it "uses custom config dir if set" do
|
|
108
108
|
resource.config_directory "/etc/some_other_dir"
|
|
109
|
-
expect(provider.client_command).to eql("/bin/sleep 123; /opt/chef/bin/chef-client -c /etc/some_other_dir/client.rb
|
|
109
|
+
expect(provider.client_command).to eql("/bin/sleep 123; /opt/chef/bin/chef-client -c /etc/some_other_dir/client.rb >> /var/log/chef/client.log 2>&1")
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
it "uses custom log files / paths if set" do
|
|
113
113
|
resource.log_file_name "my-client.log"
|
|
114
114
|
resource.log_directory "/var/log/my-chef/"
|
|
115
115
|
expect(provider.client_command).to eql(
|
|
116
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path}
|
|
116
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} >> /var/log/my-chef/my-client.log 2>&1"
|
|
117
117
|
)
|
|
118
118
|
end
|
|
119
119
|
|
|
120
120
|
it "uses mailto if set" do
|
|
121
121
|
resource.mailto "bob@example.com"
|
|
122
122
|
expect(provider.client_command).to eql(
|
|
123
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path}
|
|
123
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1 || echo \"Chef Infra Client execution failed\""
|
|
124
124
|
)
|
|
125
125
|
end
|
|
126
126
|
|
|
127
127
|
it "uses custom chef-client binary if set" do
|
|
128
128
|
resource.chef_binary_path "/usr/local/bin/chef-client"
|
|
129
129
|
expect(provider.client_command).to eql(
|
|
130
|
-
"/bin/sleep 123; /usr/local/bin/chef-client -c #{root_path}
|
|
130
|
+
"/bin/sleep 123; /usr/local/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
|
131
131
|
)
|
|
132
132
|
end
|
|
133
133
|
|
|
@@ -141,7 +141,7 @@ describe Chef::Resource::ChefClientCron do
|
|
|
141
141
|
it "sets the license acceptance flag if set" do
|
|
142
142
|
resource.accept_chef_license true
|
|
143
143
|
expect(provider.client_command).to eql(
|
|
144
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} --chef-license accept
|
|
144
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} --chef-license accept >> /var/log/chef/client.log 2>&1"
|
|
145
145
|
)
|
|
146
146
|
end
|
|
147
147
|
|
|
@@ -149,7 +149,7 @@ describe Chef::Resource::ChefClientCron do
|
|
|
149
149
|
allow(provider).to receive(:which).with("nice").and_return("/usr/bin/nice")
|
|
150
150
|
resource.nice(-15)
|
|
151
151
|
expect(provider.client_command).to eql(
|
|
152
|
-
"/bin/sleep 123; /usr/bin/nice -n -15 /opt/chef/bin/chef-client -c #{root_path}
|
|
152
|
+
"/bin/sleep 123; /usr/bin/nice -n -15 /opt/chef/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
|
153
153
|
)
|
|
154
154
|
end
|
|
155
155
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 16.
|
|
4
|
+
version: 16.11.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Jacob
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-config
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 16.
|
|
19
|
+
version: 16.11.7
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 16.
|
|
26
|
+
version: 16.11.7
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: chef-utils
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 16.
|
|
33
|
+
version: 16.11.7
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 16.
|
|
40
|
+
version: 16.11.7
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: train-core
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -326,16 +326,16 @@ dependencies:
|
|
|
326
326
|
name: bcrypt_pbkdf
|
|
327
327
|
requirement: !ruby/object:Gem::Requirement
|
|
328
328
|
requirements:
|
|
329
|
-
- -
|
|
329
|
+
- - "~>"
|
|
330
330
|
- !ruby/object:Gem::Version
|
|
331
|
-
version: 1.1
|
|
331
|
+
version: '1.1'
|
|
332
332
|
type: :runtime
|
|
333
333
|
prerelease: false
|
|
334
334
|
version_requirements: !ruby/object:Gem::Requirement
|
|
335
335
|
requirements:
|
|
336
|
-
- -
|
|
336
|
+
- - "~>"
|
|
337
337
|
- !ruby/object:Gem::Version
|
|
338
|
-
version: 1.1
|
|
338
|
+
version: '1.1'
|
|
339
339
|
- !ruby/object:Gem::Dependency
|
|
340
340
|
name: highline
|
|
341
341
|
requirement: !ruby/object:Gem::Requirement
|