chef 16.10.17 → 16.14.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -4
- data/Rakefile +11 -0
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +1 -1
- data/lib/chef/compliance/default_attributes.rb +6 -2
- data/lib/chef/compliance/runner.rb +6 -1
- data/lib/chef/cookbook/gem_installer.rb +5 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +2 -3
- data/lib/chef/provider/file.rb +1 -1
- data/lib/chef/provider/mount.rb +7 -2
- data/lib/chef/provider/package/dnf/dnf_helper.py +4 -0
- data/lib/chef/provider/package/rubygems.rb +2 -2
- data/lib/chef/provider/package/yum/yum_helper.py +4 -0
- data/lib/chef/provider/service/macosx.rb +3 -3
- data/lib/chef/resource/chef_client_cron.rb +1 -1
- data/lib/chef/resource/chef_client_launchd.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +2 -1
- data/spec/spec_helper.rb +1 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/shared/unit/provider/file.rb +14 -0
- data/spec/unit/compliance/runner_spec.rb +54 -5
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +3 -3
- data/spec/unit/provider/mount/mount_spec.rb +51 -0
- data/spec/unit/provider/package/rubygems_spec.rb +3 -3
- data/spec/unit/provider/service/macosx_spec.rb +3 -3
- data/spec/unit/resource/chef_client_cron_spec.rb +8 -8
- data/tasks/rspec.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1c9b7fb70681334021fb8862c446ed789da0782c21a3eecaf332dbe2d6b140fa
|
4
|
+
data.tar.gz: 2324b707db73fa2b895253c881911713e59b72905055590dcef5bcf63e1105db
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bf4e6692007a79c0ee84b88a10bd9f9a31df1458cbd00ae99922cca8a4c880a5739da83d103e44a263b55f035e8a7a822de84355bdf1124a4048b82f79649ae9
|
7
|
+
data.tar.gz: 4b296a37c1a5444c3100c31bb61c92e27c799b0082d8d8da3925eed2c641aa5faeea4c76127b2ec8c8c09ffacf1e610891a87138ce53e675d4c81fc1f1aaa353
|
data/Gemfile
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
source "https://rubygems.org"
|
2
2
|
|
3
|
-
#
|
4
|
-
gem "ffi", "
|
3
|
+
# 1.15+ is required for M1 mac builds
|
4
|
+
gem "ffi", ">=1.15"
|
5
5
|
|
6
6
|
# Note we do not use the gemspec DSL which restricts to the
|
7
7
|
# gemspec for the current platform and filters out other platforms
|
@@ -35,8 +35,11 @@ group(:omnibus_package) do
|
|
35
35
|
end
|
36
36
|
|
37
37
|
group(:omnibus_package, :pry) do
|
38
|
-
|
39
|
-
|
38
|
+
# Locked because pry-byebug is broken with 13+
|
39
|
+
# some work is ongoing? https://github.com/deivid-rodriguez/pry-byebug/issues/343
|
40
|
+
gem "pry", "= 0.13.0"
|
41
|
+
# byebug does not install on freebsd on ruby 3.0
|
42
|
+
gem "pry-byebug" unless RUBY_PLATFORM =~ /freebsd/i
|
40
43
|
gem "pry-stack_explorer"
|
41
44
|
end
|
42
45
|
|
data/Rakefile
CHANGED
@@ -74,6 +74,17 @@ task :install do
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
+
namespace :install do
|
78
|
+
task local: "pre_install:all"
|
79
|
+
|
80
|
+
task :local do
|
81
|
+
chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
|
82
|
+
Dir.chdir(chef_bin_path) do
|
83
|
+
sh("rake install:local")
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
77
88
|
task :pedant, :chef_zero_spec
|
78
89
|
|
79
90
|
task :build_eventlog do
|
@@ -14,7 +14,7 @@ gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
|
|
14
14
|
gemspec.add_dependency "wmi-lite", "~> 1.0"
|
15
15
|
gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
|
16
16
|
gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
|
17
|
-
gemspec.add_dependency "win32-certstore", "~> 0.5" # 0.5+ required for specifying user vs. system store
|
17
|
+
gemspec.add_dependency "win32-certstore", "~> 0.5.0" # 0.5+ required for specifying user vs. system store
|
18
18
|
gemspec.extensions << "ext/win32-eventlog/Rakefile"
|
19
19
|
gemspec.files += Dir.glob("{distro,ext}/**/*")
|
20
20
|
|
data/chef.gemspec
CHANGED
@@ -44,7 +44,7 @@ Gem::Specification.new do |s|
|
|
44
44
|
s.add_dependency "net-ssh-multi", "~> 1.2", ">= 1.2.1"
|
45
45
|
s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0"
|
46
46
|
s.add_dependency "ed25519", "~> 1.2" # ed25519 ssh key support
|
47
|
-
s.add_dependency "bcrypt_pbkdf", "
|
47
|
+
s.add_dependency "bcrypt_pbkdf", "~> 1.1" # ed25519 ssh key support
|
48
48
|
s.add_dependency "highline", ">= 1.6.9", "< 3"
|
49
49
|
s.add_dependency "tty-prompt", "~> 0.21" # knife ui.ask prompt
|
50
50
|
s.add_dependency "tty-screen", "~> 0.6" # knife list
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# Author:: Stephan Renatus <srenatus@chef.io>
|
2
|
-
# Copyright:: (c)
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc. <legal@chef.io>
|
3
3
|
#
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
# you may not use this file except in compliance with the License.
|
@@ -87,7 +87,11 @@ class Chef
|
|
87
87
|
|
88
88
|
# If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input
|
89
89
|
# named `chef_node`.
|
90
|
-
"chef_node_attribute_enabled" => false
|
90
|
+
"chef_node_attribute_enabled" => false,
|
91
|
+
|
92
|
+
# Should the built-in compliance phase run. True and false force the behavior. Nil does magic based on if you have
|
93
|
+
# profiles defined but do not have the audit cookbook enabled.
|
94
|
+
"compliance_phase" => false
|
91
95
|
)
|
92
96
|
end
|
93
97
|
end
|
@@ -22,8 +22,13 @@ class Chef
|
|
22
22
|
|
23
23
|
logger.debug("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}")
|
24
24
|
logger.debug("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
|
25
|
+
logger.debug("#{self.class}##{__method__}: compliance phase attr? #{node["audit"]["compliance_phase"]}")
|
25
26
|
|
26
|
-
|
27
|
+
if node["audit"]["compliance_phase"].nil?
|
28
|
+
inspec_profiles.any? && !audit_cookbook_present
|
29
|
+
else
|
30
|
+
node["audit"]["compliance_phase"]
|
31
|
+
end
|
27
32
|
end
|
28
33
|
|
29
34
|
def node=(node)
|
@@ -70,7 +70,11 @@ class Chef
|
|
70
70
|
unless Chef::Config[:skip_gem_metadata_installation]
|
71
71
|
# Add additional options to bundle install
|
72
72
|
cmd = [ "bundle", "install", Chef::Config[:gem_installer_bundler_options] ]
|
73
|
-
|
73
|
+
env = {
|
74
|
+
"PATH" => path_with_prepended_ruby_bin,
|
75
|
+
"BUNDLE_SILENCE_ROOT_WARNING" => "1",
|
76
|
+
}
|
77
|
+
so = shell_out!(cmd, cwd: dir, env: env)
|
74
78
|
Chef::Log.info(so.stdout)
|
75
79
|
end
|
76
80
|
end
|
@@ -294,11 +294,10 @@ class Chef
|
|
294
294
|
"%TEMP%\\#{ChefUtils::Dist::Infra::CLIENT}-latest.msi"
|
295
295
|
end
|
296
296
|
|
297
|
-
# Build a URL
|
298
|
-
# Chef Infra msi download.
|
297
|
+
# Build a URL that will redirect to the correct Chef Infra msi download.
|
299
298
|
def msi_url(machine_os = nil, machine_arch = nil, download_context = nil)
|
300
299
|
if config[:msi_url].nil? || config[:msi_url].empty?
|
301
|
-
url = "https://
|
300
|
+
url = "https://omnitruck.chef.io/chef/download?p=windows"
|
302
301
|
url += "&pv=#{machine_os}" unless machine_os.nil?
|
303
302
|
url += "&m=#{machine_arch}" unless machine_arch.nil?
|
304
303
|
url += "&DownloadContext=#{download_context}" unless download_context.nil?
|
data/lib/chef/provider/file.rb
CHANGED
@@ -338,7 +338,7 @@ class Chef
|
|
338
338
|
raise Chef::Exceptions::ChecksumMismatch.new(short_cksum(new_resource.checksum), short_cksum(tempfile_checksum))
|
339
339
|
end
|
340
340
|
|
341
|
-
if tempfile
|
341
|
+
if tempfile && contents_changed?
|
342
342
|
new_resource.verify.each do |v|
|
343
343
|
unless v.verify(tempfile.path)
|
344
344
|
backupfile = "#{Chef::Config[:file_cache_path]}/failed_validations/#{::File.basename(tempfile.path)}"
|
data/lib/chef/provider/mount.rb
CHANGED
@@ -175,8 +175,13 @@ class Chef
|
|
175
175
|
|
176
176
|
# Returns the new_resource device as per device_type
|
177
177
|
def device_fstab
|
178
|
-
# Removed "/" from the end of str, because it was causing idempotency issue.
|
179
|
-
device =
|
178
|
+
# Removed "/" from the end of str unless it's a network mount, because it was causing idempotency issue.
|
179
|
+
device =
|
180
|
+
if @new_resource.device == "/" || @new_resource.device.match?(":/$")
|
181
|
+
@new_resource.device
|
182
|
+
else
|
183
|
+
@new_resource.device.chomp("/")
|
184
|
+
end
|
180
185
|
case @new_resource.device_type
|
181
186
|
when :device
|
182
187
|
device
|
@@ -423,11 +423,11 @@ class Chef
|
|
423
423
|
end
|
424
424
|
|
425
425
|
def is_omnibus?
|
426
|
-
if %r{/(
|
426
|
+
if %r{/(#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}|#{ChefUtils::Dist::Infra::SHORT}|#{ChefUtils::Dist::Workstation::DIR_SUFFIX})/embedded/bin}.match?(RbConfig::CONFIG["bindir"])
|
427
427
|
logger.trace("#{new_resource} detected omnibus installation in #{RbConfig::CONFIG["bindir"]}")
|
428
428
|
# Omnibus installs to a static path because of linking on unix, find it.
|
429
429
|
true
|
430
|
-
elsif RbConfig::CONFIG["bindir"].sub(/^\w:/, "") == "/
|
430
|
+
elsif RbConfig::CONFIG["bindir"].sub(/^\w:/, "") == "/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/#{ChefUtils::Dist::Infra::SHORT}/embedded/bin"
|
431
431
|
logger.trace("#{new_resource} detected omnibus installation in #{RbConfig::CONFIG["bindir"]}")
|
432
432
|
# windows, with the drive letter removed
|
433
433
|
true
|
@@ -169,12 +169,12 @@ class Chef
|
|
169
169
|
|
170
170
|
def load_service
|
171
171
|
session = @session_type ? "-S #{@session_type} " : ""
|
172
|
-
cmd = "launchctl load -w " + session + @plist
|
172
|
+
cmd = "/bin/launchctl load -w " + session + @plist
|
173
173
|
shell_out_as_user(cmd)
|
174
174
|
end
|
175
175
|
|
176
176
|
def unload_service
|
177
|
-
cmd = "launchctl unload -w " + @plist
|
177
|
+
cmd = "/bin/launchctl unload -w " + @plist
|
178
178
|
shell_out_as_user(cmd)
|
179
179
|
end
|
180
180
|
|
@@ -190,7 +190,7 @@ class Chef
|
|
190
190
|
def set_service_status
|
191
191
|
return if @plist.nil? || @service_label.to_s.empty?
|
192
192
|
|
193
|
-
cmd = "launchctl list #{@service_label}"
|
193
|
+
cmd = "/bin/launchctl list #{@service_label}"
|
194
194
|
res = shell_out_as_user(cmd)
|
195
195
|
|
196
196
|
if res.exitstatus == 0
|
@@ -213,7 +213,7 @@ class Chef
|
|
213
213
|
#
|
214
214
|
def log_command
|
215
215
|
if new_resource.append_log_file
|
216
|
-
"
|
216
|
+
">> #{::File.join(new_resource.log_directory, new_resource.log_file_name)} 2>&1"
|
217
217
|
else
|
218
218
|
"> #{::File.join(new_resource.log_directory, new_resource.log_file_name)} 2>&1"
|
219
219
|
end
|
@@ -134,7 +134,7 @@ class Chef
|
|
134
134
|
standard_error_path ::File.join(new_resource.log_directory, new_resource.log_file_name)
|
135
135
|
program_arguments ["/bin/bash",
|
136
136
|
"-c",
|
137
|
-
"echo; echo #{ChefUtils::Dist::Infra::PRODUCT} launchd daemon config has been updated. Manually unloading and reloading the daemon; echo Now unloading the daemon; launchctl unload /Library/LaunchDaemons/com.#{ChefUtils::Dist::Infra::SHORT}.#{ChefUtils::Dist::Infra::CLIENT}.plist; sleep 2; echo Now loading the daemon; launchctl load /Library/LaunchDaemons/com.#{ChefUtils::Dist::Infra::SHORT}.#{ChefUtils::Dist::Infra::CLIENT}.plist"]
|
137
|
+
"echo; echo #{ChefUtils::Dist::Infra::PRODUCT} launchd daemon config has been updated. Manually unloading and reloading the daemon; echo Now unloading the daemon; /bin/launchctl unload /Library/LaunchDaemons/com.#{ChefUtils::Dist::Infra::SHORT}.#{ChefUtils::Dist::Infra::CLIENT}.plist; sleep 2; echo Now loading the daemon; /bin/launchctl load /Library/LaunchDaemons/com.#{ChefUtils::Dist::Infra::SHORT}.#{ChefUtils::Dist::Infra::CLIENT}.plist"]
|
138
138
|
action :enable # enable creates the plist & triggers service restarts on change
|
139
139
|
end
|
140
140
|
|
data/lib/chef/version.rb
CHANGED
@@ -4,7 +4,7 @@ require "support/shared/integration/integration_helper"
|
|
4
4
|
require "chef/mixin/shell_out"
|
5
5
|
require "chef-utils/dist"
|
6
6
|
|
7
|
-
describe "chef-client with
|
7
|
+
describe "chef-client with compliance phase" do
|
8
8
|
|
9
9
|
include IntegrationSupport
|
10
10
|
include Chef::Mixin::ShellOut
|
@@ -46,6 +46,7 @@ describe "chef-client with audit mode" do
|
|
46
46
|
file "attributes.json", <<~FILE
|
47
47
|
{
|
48
48
|
"audit": {
|
49
|
+
"compliance_phase": true,
|
49
50
|
"json_file": {
|
50
51
|
"location": "#{report_file}"
|
51
52
|
},
|
data/spec/spec_helper.rb
CHANGED
@@ -145,6 +145,7 @@ RSpec.configure do |config|
|
|
145
145
|
config.filter_run_excluding macos_only: true unless macos?
|
146
146
|
config.filter_run_excluding macos_1013: true unless macos_1013?
|
147
147
|
config.filter_run_excluding macos_gte_1014: true unless macos_gte_1014?
|
148
|
+
config.filter_run_excluding not_macos_gte_11: true if macos_gte_11?
|
148
149
|
config.filter_run_excluding not_supported_on_aix: true if aix?
|
149
150
|
config.filter_run_excluding not_supported_on_solaris: true if solaris?
|
150
151
|
config.filter_run_excluding not_supported_on_gce: true if gce?
|
@@ -479,12 +479,14 @@ shared_examples_for Chef::Provider::File do
|
|
479
479
|
it "calls #verify on each verification with tempfile path" do
|
480
480
|
provider.new_resource.verify windows? ? "REM" : "true"
|
481
481
|
provider.new_resource.verify windows? ? "REM" : "true"
|
482
|
+
allow(provider).to receive(:contents_changed?).and_return(true)
|
482
483
|
provider.send(:do_validate_content)
|
483
484
|
end
|
484
485
|
|
485
486
|
it "raises an exception if any verification fails" do
|
486
487
|
allow(File).to receive(:directory?).with("C:\\Windows\\system32/cmd.exe").and_return(false)
|
487
488
|
allow(provider).to receive(:tempfile).and_return(tempfile)
|
489
|
+
allow(provider).to receive(:contents_changed?).and_return(true)
|
488
490
|
provider.new_resource.verify windows? ? "cmd.exe c exit 1" : "false"
|
489
491
|
provider.new_resource.verify.each do |v|
|
490
492
|
allow(v).to receive(:verify).and_return(false)
|
@@ -492,9 +494,21 @@ shared_examples_for Chef::Provider::File do
|
|
492
494
|
expect { provider.send(:do_validate_content) }.to raise_error(Chef::Exceptions::ValidationFailed)
|
493
495
|
end
|
494
496
|
|
497
|
+
it "does not run verifications when the contents did not change" do
|
498
|
+
allow(File).to receive(:directory?).with("C:\\Windows\\system32/cmd.exe").and_return(false)
|
499
|
+
allow(provider).to receive(:tempfile).and_return(tempfile)
|
500
|
+
allow(provider).to receive(:contents_changed?).and_return(false)
|
501
|
+
provider.new_resource.verify windows? ? "cmd.exe c exit 1" : "false"
|
502
|
+
provider.new_resource.verify.each do |v|
|
503
|
+
expect(v).not_to receive(:verify)
|
504
|
+
end
|
505
|
+
provider.send(:do_validate_content)
|
506
|
+
end
|
507
|
+
|
495
508
|
it "does not show verification for sensitive resources" do
|
496
509
|
allow(File).to receive(:directory?).with("C:\\Windows\\system32/cmd.exe").and_return(false)
|
497
510
|
allow(provider).to receive(:tempfile).and_return(tempfile)
|
511
|
+
allow(provider).to receive(:contents_changed?).and_return(true)
|
498
512
|
provider.new_resource.sensitive true
|
499
513
|
provider.new_resource.verify windows? ? "cmd.exe c exit 1" : "false"
|
500
514
|
provider.new_resource.verify.each do |v|
|
@@ -13,36 +13,85 @@ describe Chef::Compliance::Runner do
|
|
13
13
|
|
14
14
|
describe "#enabled?" do
|
15
15
|
|
16
|
-
it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
|
16
|
+
it "is true if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is nil" do
|
17
17
|
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
18
|
+
node.normal["audit"]["compliance_phase"] = nil
|
18
19
|
|
19
20
|
expect(runner).to be_enabled
|
20
21
|
end
|
21
22
|
|
22
|
-
it "is
|
23
|
+
it "is true if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is true" do
|
24
|
+
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
25
|
+
node.normal["audit"]["compliance_phase"] = true
|
26
|
+
|
27
|
+
expect(runner).to be_enabled
|
28
|
+
end
|
29
|
+
|
30
|
+
it "is false if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is false" do
|
31
|
+
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
32
|
+
node.normal["audit"]["compliance_phase"] = false
|
33
|
+
|
34
|
+
expect(runner).not_to be_enabled
|
35
|
+
end
|
36
|
+
|
37
|
+
it "is false if the node attributes have audit profiles and the audit cookbook is present, and the complince mode attribute is nil" do
|
23
38
|
stub_const("::Reporter::ChefAutomate", true)
|
24
39
|
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
40
|
+
node.normal["audit"]["compliance_phase"] = nil
|
25
41
|
|
26
42
|
expect(runner).not_to be_enabled
|
27
43
|
end
|
28
44
|
|
29
|
-
it "is
|
45
|
+
it "is true if the node attributes have audit profiles and the audit cookbook is present, and the complince mode attribute is true" do
|
46
|
+
stub_const("::Reporter::ChefAutomate", true)
|
47
|
+
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
48
|
+
node.normal["audit"]["compliance_phase"] = true
|
49
|
+
|
50
|
+
expect(runner).to be_enabled
|
51
|
+
end
|
52
|
+
|
53
|
+
it "is false if the node attributes do not have audit profiles and the audit cookbook is not present, and the complince mode attribute is nil" do
|
30
54
|
node.normal["audit"]["profiles"] = {}
|
55
|
+
node.normal["audit"]["compliance_phase"] = nil
|
31
56
|
|
32
57
|
expect(runner).not_to be_enabled
|
33
58
|
end
|
34
59
|
|
35
|
-
it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
|
60
|
+
it "is false if the node attributes do not have audit profiles and the audit cookbook is present, and the complince mode attribute is nil" do
|
36
61
|
stub_const("::Reporter::ChefAutomate", true)
|
37
62
|
node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
|
63
|
+
node.normal["audit"]["compliance_phase"] = nil
|
38
64
|
|
39
65
|
expect(runner).not_to be_enabled
|
40
66
|
end
|
41
67
|
|
42
|
-
it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
|
68
|
+
it "is false if the node attributes do not have audit attributes and the audit cookbook is not present, and the complince mode attribute is nil" do
|
43
69
|
node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
70
|
+
node.normal["audit"]["compliance_phase"] = nil
|
71
|
+
|
44
72
|
expect(runner).not_to be_enabled
|
45
73
|
end
|
74
|
+
|
75
|
+
it "is true if the node attributes do not have audit profiles and the audit cookbook is not present, and the complince mode attribute is true" do
|
76
|
+
node.normal["audit"]["profiles"] = {}
|
77
|
+
node.normal["audit"]["compliance_phase"] = true
|
78
|
+
|
79
|
+
expect(runner).to be_enabled
|
80
|
+
end
|
81
|
+
|
82
|
+
it "is true if the node attributes do not have audit profiles and the audit cookbook is present, and the complince mode attribute is true" do
|
83
|
+
stub_const("::Reporter::ChefAutomate", true)
|
84
|
+
node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
|
85
|
+
node.normal["audit"]["compliance_phase"] = true
|
86
|
+
|
87
|
+
expect(runner).to be_enabled
|
88
|
+
end
|
89
|
+
|
90
|
+
it "is true if the node attributes do not have audit attributes and the audit cookbook is not present, and the complince mode attribute is true" do
|
91
|
+
node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
92
|
+
node.normal["audit"]["compliance_phase"] = true
|
93
|
+
expect(runner).to be_enabled
|
94
|
+
end
|
46
95
|
end
|
47
96
|
|
48
97
|
describe "#inspec_profiles" do
|
@@ -204,19 +204,19 @@ describe Chef::Knife::Core::WindowsBootstrapContext do
|
|
204
204
|
end
|
205
205
|
|
206
206
|
it "returns a chef.io msi url with minimal url parameters" do
|
207
|
-
reference_url = "https://
|
207
|
+
reference_url = "https://omnitruck.chef.io/chef/download?p=windows&channel=stable&v=something"
|
208
208
|
expect(bootstrap_context.msi_url).to eq(reference_url)
|
209
209
|
end
|
210
210
|
|
211
211
|
it "returns a chef.io msi url with provided url parameters substituted" do
|
212
|
-
reference_url = "https://
|
212
|
+
reference_url = "https://omnitruck.chef.io/chef/download?p=windows&pv=machine&m=arch&DownloadContext=ctx&channel=stable&v=something"
|
213
213
|
expect(bootstrap_context.msi_url("machine", "arch", "ctx")).to eq(reference_url)
|
214
214
|
end
|
215
215
|
|
216
216
|
context "when a channel is provided in config" do
|
217
217
|
let(:config) { { channel: "current" } }
|
218
218
|
it "returns a chef.io msi url with the requested channel" do
|
219
|
-
reference_url = "https://
|
219
|
+
reference_url = "https://omnitruck.chef.io/chef/download?p=windows&channel=current&v=something"
|
220
220
|
expect(bootstrap_context.msi_url).to eq(reference_url)
|
221
221
|
end
|
222
222
|
end
|
@@ -506,6 +506,57 @@ describe Chef::Provider::Mount::Mount do
|
|
506
506
|
end
|
507
507
|
end
|
508
508
|
|
509
|
+
context "network mount" do
|
510
|
+
before(:each) do
|
511
|
+
@node = Chef::Node.new
|
512
|
+
@events = Chef::EventDispatch::Dispatcher.new
|
513
|
+
@run_context = Chef::RunContext.new(@node, {}, @events)
|
514
|
+
|
515
|
+
@new_resource = Chef::Resource::Mount.new("/tmp/bar")
|
516
|
+
@new_resource.device "cephserver:6789:/"
|
517
|
+
@new_resource.device_type :device
|
518
|
+
@new_resource.fstype "cephfs"
|
519
|
+
|
520
|
+
@new_resource.supports remount: false
|
521
|
+
|
522
|
+
@provider = Chef::Provider::Mount::Mount.new(@new_resource, @run_context)
|
523
|
+
|
524
|
+
allow(::File).to receive(:exists?).with("cephserver:6789:/").and_return true
|
525
|
+
allow(::File).to receive(:exists?).with("/tmp/bar").and_return true
|
526
|
+
allow(::File).to receive(:realpath).with("cephserver:6789:/").and_return "cephserver:6789:/"
|
527
|
+
allow(::File).to receive(:realpath).with("/tmp/bar").and_return "/tmp/foo"
|
528
|
+
end
|
529
|
+
|
530
|
+
before do
|
531
|
+
@current_resource = Chef::Resource::Mount.new("/tmp/foo")
|
532
|
+
@current_resource.device "cephserver:6789:/"
|
533
|
+
@current_resource.device_type :device
|
534
|
+
@current_resource.fstype "cephfs"
|
535
|
+
|
536
|
+
@provider.current_resource = @current_resource
|
537
|
+
end
|
538
|
+
|
539
|
+
it "should enable network mount if enabled isn't true" do
|
540
|
+
@current_resource.enabled(false)
|
541
|
+
|
542
|
+
@fstab = StringIO.new
|
543
|
+
allow(::File).to receive(:open).with("/etc/fstab", "a").and_yield(@fstab)
|
544
|
+
@provider.enable_fs
|
545
|
+
expect(@fstab.string).to match(%r{^cephserver:6789:/\s+/tmp/bar\s+cephfs\s+defaults\s+0\s+2\s*$})
|
546
|
+
end
|
547
|
+
|
548
|
+
it "should not enable network if enabled is true and resources match" do
|
549
|
+
@current_resource.enabled(true)
|
550
|
+
@current_resource.fstype("cephfs")
|
551
|
+
@current_resource.options(["defaults"])
|
552
|
+
@current_resource.dump(0)
|
553
|
+
@current_resource.pass(2)
|
554
|
+
expect(::File).not_to receive(:open).with("/etc/fstab", "a")
|
555
|
+
|
556
|
+
@provider.enable_fs
|
557
|
+
end
|
558
|
+
end
|
559
|
+
|
509
560
|
# the fstab might contain the mount with the device as a device but the resource has a label.
|
510
561
|
# we should not create two mount lines, but update the existing one
|
511
562
|
# not supported on solaris because it can't cope with a UUID device type
|
@@ -482,10 +482,10 @@ describe Chef::Provider::Package::Rubygems do
|
|
482
482
|
end
|
483
483
|
end
|
484
484
|
|
485
|
-
context "when in omnibus
|
486
|
-
let(:bindir) { "/opt/
|
485
|
+
context "when in omnibus chef-workstation" do
|
486
|
+
let(:bindir) { "/opt/chef-workstation/embedded/bin" }
|
487
487
|
|
488
|
-
it "recognizes
|
488
|
+
it "recognizes chef-workstation as omnibus" do
|
489
489
|
expect(provider.is_omnibus?).to be true
|
490
490
|
end
|
491
491
|
end
|
@@ -78,7 +78,7 @@ describe Chef::Provider::Service::Macosx do
|
|
78
78
|
@getpwuid = double("Etc::Passwd", { name: "mikedodge04" })
|
79
79
|
allow(Etc).to receive(:getpwuid).and_return(@getpwuid)
|
80
80
|
allow(node).to receive(:[]).with("platform_version").and_return("10.11.1")
|
81
|
-
cmd = "launchctl list #{service_label}"
|
81
|
+
cmd = "/bin/launchctl list #{service_label}"
|
82
82
|
allow(provider).to receive(:shell_out)
|
83
83
|
.with(/(#{su_cmd} '#{cmd}'|#{cmd})/, default_env: false)
|
84
84
|
.and_return(double("Status",
|
@@ -265,7 +265,7 @@ describe Chef::Provider::Service::Macosx do
|
|
265
265
|
end
|
266
266
|
|
267
267
|
it "starts service via launchctl if service found" do
|
268
|
-
cmd = "launchctl load -w " + session + plist
|
268
|
+
cmd = "/bin/launchctl load -w " + session + plist
|
269
269
|
expect(provider).to receive(:shell_out)
|
270
270
|
.with(/(#{su_cmd} .#{cmd}.|#{cmd})/, default_env: false)
|
271
271
|
.and_return(0)
|
@@ -297,7 +297,7 @@ describe Chef::Provider::Service::Macosx do
|
|
297
297
|
end
|
298
298
|
|
299
299
|
it "stops the service via launchctl if service found" do
|
300
|
-
cmd = "launchctl unload -w " + plist
|
300
|
+
cmd = "/bin/launchctl unload -w " + plist
|
301
301
|
expect(provider).to receive(:shell_out)
|
302
302
|
.with(/(#{su_cmd} .#{cmd}.|#{cmd})/, default_env: false)
|
303
303
|
.and_return(0)
|
@@ -93,41 +93,41 @@ describe Chef::Resource::ChefClientCron do
|
|
93
93
|
|
94
94
|
it "creates a valid command if using all default properties" do
|
95
95
|
expect(provider.client_command).to eql(
|
96
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path}
|
96
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
97
97
|
)
|
98
98
|
end
|
99
99
|
|
100
100
|
it "uses daemon_options if set" do
|
101
101
|
resource.daemon_options ["--foo 1", "--bar 2"]
|
102
102
|
expect(provider.client_command).to eql(
|
103
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client --foo 1 --bar 2 -c #{root_path}
|
103
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client --foo 1 --bar 2 -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
104
104
|
)
|
105
105
|
end
|
106
106
|
|
107
107
|
it "uses custom config dir if set" do
|
108
108
|
resource.config_directory "/etc/some_other_dir"
|
109
|
-
expect(provider.client_command).to eql("/bin/sleep 123; /opt/chef/bin/chef-client -c /etc/some_other_dir/client.rb
|
109
|
+
expect(provider.client_command).to eql("/bin/sleep 123; /opt/chef/bin/chef-client -c /etc/some_other_dir/client.rb >> /var/log/chef/client.log 2>&1")
|
110
110
|
end
|
111
111
|
|
112
112
|
it "uses custom log files / paths if set" do
|
113
113
|
resource.log_file_name "my-client.log"
|
114
114
|
resource.log_directory "/var/log/my-chef/"
|
115
115
|
expect(provider.client_command).to eql(
|
116
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path}
|
116
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} >> /var/log/my-chef/my-client.log 2>&1"
|
117
117
|
)
|
118
118
|
end
|
119
119
|
|
120
120
|
it "uses mailto if set" do
|
121
121
|
resource.mailto "bob@example.com"
|
122
122
|
expect(provider.client_command).to eql(
|
123
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path}
|
123
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1 || echo \"Chef Infra Client execution failed\""
|
124
124
|
)
|
125
125
|
end
|
126
126
|
|
127
127
|
it "uses custom chef-client binary if set" do
|
128
128
|
resource.chef_binary_path "/usr/local/bin/chef-client"
|
129
129
|
expect(provider.client_command).to eql(
|
130
|
-
"/bin/sleep 123; /usr/local/bin/chef-client -c #{root_path}
|
130
|
+
"/bin/sleep 123; /usr/local/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
131
131
|
)
|
132
132
|
end
|
133
133
|
|
@@ -141,7 +141,7 @@ describe Chef::Resource::ChefClientCron do
|
|
141
141
|
it "sets the license acceptance flag if set" do
|
142
142
|
resource.accept_chef_license true
|
143
143
|
expect(provider.client_command).to eql(
|
144
|
-
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} --chef-license accept
|
144
|
+
"/bin/sleep 123; /opt/chef/bin/chef-client -c #{root_path} --chef-license accept >> /var/log/chef/client.log 2>&1"
|
145
145
|
)
|
146
146
|
end
|
147
147
|
|
@@ -149,7 +149,7 @@ describe Chef::Resource::ChefClientCron do
|
|
149
149
|
allow(provider).to receive(:which).with("nice").and_return("/usr/bin/nice")
|
150
150
|
resource.nice(-15)
|
151
151
|
expect(provider.client_command).to eql(
|
152
|
-
"/bin/sleep 123; /usr/bin/nice -n -15 /opt/chef/bin/chef-client -c #{root_path}
|
152
|
+
"/bin/sleep 123; /usr/bin/nice -n -15 /opt/chef/bin/chef-client -c #{root_path} >> /var/log/chef/client.log 2>&1"
|
153
153
|
)
|
154
154
|
end
|
155
155
|
end
|
data/tasks/rspec.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 16.
|
4
|
+
version: 16.14.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Jacob
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-config
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 16.
|
19
|
+
version: 16.14.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 16.
|
26
|
+
version: 16.14.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: chef-utils
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 16.
|
33
|
+
version: 16.14.1
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 16.
|
40
|
+
version: 16.14.1
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: train-core
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -326,16 +326,16 @@ dependencies:
|
|
326
326
|
name: bcrypt_pbkdf
|
327
327
|
requirement: !ruby/object:Gem::Requirement
|
328
328
|
requirements:
|
329
|
-
- -
|
329
|
+
- - "~>"
|
330
330
|
- !ruby/object:Gem::Version
|
331
|
-
version: 1.1
|
331
|
+
version: '1.1'
|
332
332
|
type: :runtime
|
333
333
|
prerelease: false
|
334
334
|
version_requirements: !ruby/object:Gem::Requirement
|
335
335
|
requirements:
|
336
|
-
- -
|
336
|
+
- - "~>"
|
337
337
|
- !ruby/object:Gem::Version
|
338
|
-
version: 1.1
|
338
|
+
version: '1.1'
|
339
339
|
- !ruby/object:Gem::Dependency
|
340
340
|
name: highline
|
341
341
|
requirement: !ruby/object:Gem::Requirement
|
@@ -2778,7 +2778,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
2778
2778
|
- !ruby/object:Gem::Version
|
2779
2779
|
version: '0'
|
2780
2780
|
requirements: []
|
2781
|
-
rubygems_version: 3.1.
|
2781
|
+
rubygems_version: 3.1.6
|
2782
2782
|
signing_key:
|
2783
2783
|
specification_version: 4
|
2784
2784
|
summary: A systems integration framework, built to bring the benefits of configuration
|