chef 16.13.16-universal-mingw32 → 17.0.242-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (614) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +9 -10
  3. data/README.md +1 -1
  4. data/Rakefile +2 -2
  5. data/chef-universal-mingw32.gemspec +1 -1
  6. data/chef.gemspec +6 -8
  7. data/lib/chef/application/base.rb +1 -1
  8. data/lib/chef/applications.rb +0 -1
  9. data/lib/chef/chef_fs/command_line.rb +5 -2
  10. data/lib/chef/chef_fs/file_system.rb +9 -10
  11. data/lib/chef/client.rb +2 -2
  12. data/lib/chef/compliance/default_attributes.rb +4 -3
  13. data/lib/chef/compliance/fetcher/automate.rb +0 -7
  14. data/lib/chef/compliance/reporter/automate.rb +17 -7
  15. data/lib/chef/compliance/reporter/chef_server_automate.rb +11 -6
  16. data/lib/chef/compliance/reporter/cli.rb +77 -0
  17. data/lib/chef/compliance/reporter/compliance_enforcer.rb +4 -0
  18. data/lib/chef/compliance/reporter/json_file.rb +8 -1
  19. data/lib/chef/compliance/runner.rb +65 -27
  20. data/lib/chef/cookbook/synchronizer.rb +3 -5
  21. data/lib/chef/cookbook_loader.rb +2 -4
  22. data/lib/chef/cookbook_uploader.rb +0 -1
  23. data/lib/chef/data_bag_item.rb +11 -2
  24. data/lib/chef/delayed_evaluator.rb +4 -0
  25. data/lib/chef/deprecated.rb +4 -0
  26. data/lib/chef/dsl/chef_vault.rb +6 -6
  27. data/lib/chef/dsl/reboot_pending.rb +1 -2
  28. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +20 -22
  29. data/lib/chef/group.rb +75 -0
  30. data/lib/chef/mixin/get_source_from_package.rb +1 -1
  31. data/lib/chef/node/attribute.rb +6 -4
  32. data/lib/chef/node/immutable_collections.rb +13 -0
  33. data/lib/chef/node/mixin/deep_merge_cache.rb +11 -7
  34. data/lib/chef/org.rb +3 -2
  35. data/lib/chef/property.rb +18 -0
  36. data/lib/chef/provider.rb +1 -1
  37. data/lib/chef/provider/cron.rb +1 -1
  38. data/lib/chef/provider/execute.rb +2 -1
  39. data/lib/chef/provider/file.rb +1 -1
  40. data/lib/chef/provider/git.rb +5 -7
  41. data/lib/chef/provider/group/groupadd.rb +3 -3
  42. data/lib/chef/provider/group/groupmod.rb +3 -3
  43. data/lib/chef/provider/group/pw.rb +3 -3
  44. data/lib/chef/provider/ifconfig.rb +2 -2
  45. data/lib/chef/provider/link.rb +2 -2
  46. data/lib/chef/provider/mount.rb +5 -5
  47. data/lib/chef/provider/mount/aix.rb +3 -3
  48. data/lib/chef/provider/mount/mount.rb +5 -5
  49. data/lib/chef/provider/mount/windows.rb +1 -1
  50. data/lib/chef/provider/package.rb +17 -21
  51. data/lib/chef/provider/package/apt.rb +27 -1
  52. data/lib/chef/provider/package/deb.rb +3 -3
  53. data/lib/chef/provider/package/dnf/dnf_helper.py +1 -1
  54. data/lib/chef/provider/package/portage.rb +2 -2
  55. data/lib/chef/provider/package/rubygems.rb +11 -17
  56. data/lib/chef/provider/package/windows.rb +2 -4
  57. data/lib/chef/provider/package/yum/yum_helper.py +1 -1
  58. data/lib/chef/provider/route.rb +2 -2
  59. data/lib/chef/provider/service.rb +6 -6
  60. data/lib/chef/provider/service/aixinit.rb +1 -1
  61. data/lib/chef/provider/service/debian.rb +1 -1
  62. data/lib/chef/provider/service/freebsd.rb +15 -21
  63. data/lib/chef/provider/service/macosx.rb +4 -4
  64. data/lib/chef/provider/service/systemd.rb +43 -14
  65. data/lib/chef/provider/service/upstart.rb +2 -13
  66. data/lib/chef/provider/service/windows.rb +12 -12
  67. data/lib/chef/provider/subversion.rb +10 -12
  68. data/lib/chef/provider/systemd_unit.rb +36 -10
  69. data/lib/chef/provider/template/content.rb +2 -6
  70. data/lib/chef/provider/user.rb +2 -2
  71. data/lib/chef/provider/user/dscl.rb +1 -1
  72. data/lib/chef/provider/user/mac.rb +17 -20
  73. data/lib/chef/provider/user/pw.rb +1 -1
  74. data/lib/chef/provider/user/windows.rb +1 -1
  75. data/lib/chef/provider/zypper_repository.rb +2 -2
  76. data/lib/chef/providers.rb +0 -1
  77. data/lib/chef/resource/alternatives.rb +6 -6
  78. data/lib/chef/resource/apt_package.rb +1 -1
  79. data/lib/chef/resource/apt_preference.rb +2 -2
  80. data/lib/chef/resource/apt_repository.rb +6 -6
  81. data/lib/chef/resource/apt_update.rb +3 -2
  82. data/lib/chef/resource/archive_file.rb +2 -3
  83. data/lib/chef/resource/breakpoint.rb +1 -1
  84. data/lib/chef/resource/build_essential.rb +2 -6
  85. data/lib/chef/resource/chef_client_config.rb +2 -2
  86. data/lib/chef/resource/chef_client_cron.rb +4 -4
  87. data/lib/chef/resource/chef_client_launchd.rb +3 -3
  88. data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
  89. data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
  90. data/lib/chef/resource/chef_handler.rb +3 -7
  91. data/lib/chef/resource/chef_sleep.rb +1 -1
  92. data/lib/chef/resource/chef_vault_secret.rb +3 -8
  93. data/lib/chef/resource/chocolatey_config.rb +2 -6
  94. data/lib/chef/resource/chocolatey_feature.rb +2 -6
  95. data/lib/chef/resource/chocolatey_source.rb +4 -10
  96. data/lib/chef/resource/cron/_cron_shared.rb +2 -2
  97. data/lib/chef/resource/cron_access.rb +2 -4
  98. data/lib/chef/resource/dmg_package.rb +6 -10
  99. data/lib/chef/resource/dpkg_package.rb +1 -1
  100. data/lib/chef/resource/execute.rb +6 -1
  101. data/lib/chef/resource/file.rb +1 -1
  102. data/lib/chef/resource/group.rb +2 -2
  103. data/lib/chef/resource/homebrew_cask.rb +2 -6
  104. data/lib/chef/resource/homebrew_tap.rb +2 -6
  105. data/lib/chef/resource/hostname.rb +21 -17
  106. data/lib/chef/resource/http_request.rb +1 -1
  107. data/lib/chef/resource/kernel_module.rb +6 -17
  108. data/lib/chef/resource/locale.rb +2 -3
  109. data/lib/chef/resource/lwrp_base.rb +4 -0
  110. data/lib/chef/resource/macos_userdefaults.rb +10 -14
  111. data/lib/chef/resource/mdadm.rb +53 -7
  112. data/lib/chef/resource/mount.rb +2 -1
  113. data/lib/chef/resource/openssl_ec_private_key.rb +2 -2
  114. data/lib/chef/resource/openssl_rsa_private_key.rb +1 -1
  115. data/lib/chef/resource/openssl_x509_certificate.rb +2 -2
  116. data/lib/chef/resource/plist.rb +7 -7
  117. data/lib/chef/resource/powershell_script.rb +1 -1
  118. data/lib/chef/resource/remote_file.rb +1 -1
  119. data/lib/chef/resource/rhsm_errata.rb +16 -1
  120. data/lib/chef/resource/rhsm_errata_level.rb +10 -1
  121. data/lib/chef/resource/rhsm_register.rb +12 -6
  122. data/lib/chef/resource/rhsm_repo.rb +2 -6
  123. data/lib/chef/resource/rhsm_subscription.rb +2 -6
  124. data/lib/chef/resource/scm/git.rb +1 -1
  125. data/lib/chef/resource/sudo.rb +6 -6
  126. data/lib/chef/resource/sysctl.rb +2 -6
  127. data/lib/chef/resource/systemd_unit.rb +2 -2
  128. data/lib/chef/resource/template.rb +1 -1
  129. data/lib/chef/resource/timezone.rb +1 -3
  130. data/lib/chef/resource/user/mac_user.rb +1 -1
  131. data/lib/chef/resource/user_ulimit.rb +2 -2
  132. data/lib/chef/resource/windows_ad_join.rb +2 -6
  133. data/lib/chef/resource/windows_audit_policy.rb +1 -1
  134. data/lib/chef/resource/windows_auto_run.rb +2 -5
  135. data/lib/chef/resource/windows_certificate.rb +207 -73
  136. data/lib/chef/resource/windows_dfs_folder.rb +2 -6
  137. data/lib/chef/resource/windows_dfs_namespace.rb +2 -6
  138. data/lib/chef/resource/windows_dfs_server.rb +1 -3
  139. data/lib/chef/resource/windows_dns_record.rb +2 -6
  140. data/lib/chef/resource/windows_dns_zone.rb +2 -6
  141. data/lib/chef/resource/windows_env.rb +5 -4
  142. data/lib/chef/resource/windows_feature.rb +3 -9
  143. data/lib/chef/resource/windows_feature_dism.rb +2 -6
  144. data/lib/chef/resource/windows_feature_powershell.rb +3 -3
  145. data/lib/chef/resource/windows_firewall_profile.rb +4 -4
  146. data/lib/chef/resource/windows_firewall_rule.rb +2 -5
  147. data/lib/chef/resource/windows_font.rb +2 -4
  148. data/lib/chef/resource/windows_pagefile.rb +2 -6
  149. data/lib/chef/resource/windows_path.rb +2 -2
  150. data/lib/chef/resource/windows_printer.rb +4 -4
  151. data/lib/chef/resource/windows_printer_port.rb +6 -6
  152. data/lib/chef/resource/windows_security_policy.rb +53 -40
  153. data/lib/chef/resource/windows_share.rb +14 -21
  154. data/lib/chef/resource/windows_shortcut.rb +4 -6
  155. data/lib/chef/resource/windows_task.rb +17 -5
  156. data/lib/chef/resource/windows_uac.rb +1 -1
  157. data/lib/chef/resource/windows_user_privilege.rb +4 -4
  158. data/lib/chef/resource/windows_workgroup.rb +1 -2
  159. data/lib/chef/resources.rb +0 -1
  160. data/lib/chef/user.rb +0 -1
  161. data/lib/chef/user_v1.rb +3 -4
  162. data/lib/chef/util/dsc/configuration_generator.rb +1 -0
  163. data/lib/chef/util/dsc/local_configuration_manager.rb +1 -1
  164. data/lib/chef/version.rb +1 -1
  165. data/lib/chef/win32/registry.rb +4 -2
  166. data/spec/data/cookbooks/openldap/libraries/openldap.rb +1 -1
  167. data/spec/data/lwrp/resources/bar.rb +2 -0
  168. data/spec/data/lwrp/resources/buck_passer.rb +1 -0
  169. data/spec/data/lwrp/resources/buck_passer_2.rb +1 -0
  170. data/spec/data/lwrp/resources/embedded_resource_accesses_providers_scope.rb +1 -0
  171. data/spec/data/lwrp/resources/foo.rb +2 -0
  172. data/spec/data/lwrp/resources/inline_compiler.rb +1 -0
  173. data/spec/data/lwrp/resources/monkey_name_printer.rb +1 -0
  174. data/spec/data/lwrp/resources/paint_drying_watcher.rb +1 -0
  175. data/spec/data/lwrp/resources/thumb_twiddler.rb +1 -0
  176. data/spec/data/lwrp/resources_with_default_attributes/nodeattr.rb +2 -0
  177. data/spec/data/lwrp_const_scoping/resources/conflict.rb +1 -0
  178. data/spec/data/lwrp_override/resources/foo.rb +1 -0
  179. data/spec/data/rubygems.org/nonexistent_gem-info +1 -0
  180. data/spec/data/rubygems.org/sexp_processor-info +49 -0
  181. data/spec/data/run_context/cookbooks/circular-dep1/resources/resource.rb +1 -0
  182. data/spec/data/run_context/cookbooks/circular-dep2/resources/resource.rb +1 -0
  183. data/spec/data/run_context/cookbooks/dependency1/resources/resource.rb +1 -0
  184. data/spec/data/run_context/cookbooks/dependency2/resources/resource.rb +1 -0
  185. data/spec/data/run_context/cookbooks/no-default-attr/resources/resource.rb +1 -0
  186. data/spec/data/run_context/cookbooks/test-with-circular-deps/resources/resource.rb +2 -0
  187. data/spec/data/run_context/cookbooks/test-with-deps/resources/resource.rb +1 -0
  188. data/spec/data/run_context/cookbooks/test/resources/resource.rb +2 -0
  189. data/spec/functional/dsl/registry_helper_spec.rb +1 -1
  190. data/spec/functional/resource/aixinit_service_spec.rb +7 -7
  191. data/spec/functional/resource/apt_package_spec.rb +1 -1
  192. data/spec/functional/resource/chocolatey_package_spec.rb +13 -0
  193. data/spec/functional/resource/dnf_package_spec.rb +4 -1
  194. data/spec/functional/resource/registry_spec.rb +8 -8
  195. data/spec/functional/resource/user/mac_user_spec.rb +2 -2
  196. data/spec/functional/resource/windows_certificate_spec.rb +92 -35
  197. data/spec/functional/version_spec.rb +1 -1
  198. data/spec/functional/win32/registry_spec.rb +1 -1
  199. data/spec/integration/client/client_spec.rb +5 -2
  200. data/spec/integration/client/exit_code_spec.rb +1 -1
  201. data/spec/integration/client/ipv6_spec.rb +1 -1
  202. data/spec/integration/compliance/compliance_spec.rb +1 -1
  203. data/spec/integration/ohai/ohai_spec.rb +7 -6
  204. data/spec/integration/recipes/accumulator_spec.rb +13 -1
  205. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -1
  206. data/spec/integration/recipes/lwrp_spec.rb +3 -1
  207. data/spec/integration/recipes/notifies_spec.rb +15 -1
  208. data/spec/integration/recipes/notifying_block_spec.rb +2 -1
  209. data/spec/integration/recipes/recipe_dsl_spec.rb +9 -9
  210. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  211. data/spec/integration/recipes/use_partial_spec.rb +4 -1
  212. data/spec/spec_helper.rb +10 -13
  213. data/spec/support/chef_helpers.rb +0 -16
  214. data/spec/support/lib/chef/resource/with_state.rb +0 -1
  215. data/spec/support/lib/chef/resource/zen_follower.rb +0 -1
  216. data/spec/support/lib/chef/resource/zen_master.rb +0 -1
  217. data/spec/support/matchers/leak.rb +7 -9
  218. data/spec/support/platform_helpers.rb +1 -8
  219. data/spec/support/shared/integration/integration_helper.rb +0 -1
  220. data/spec/support/shared/unit/script_resource.rb +2 -2
  221. data/spec/unit/application/solo_spec.rb +2 -2
  222. data/spec/unit/chef_fs/diff_spec.rb +1 -1
  223. data/spec/unit/chef_fs/file_system_spec.rb +1 -1
  224. data/spec/unit/compliance/fetcher/automate_spec.rb +0 -16
  225. data/spec/unit/compliance/reporter/automate_spec.rb +26 -2
  226. data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +20 -0
  227. data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +1 -0
  228. data/spec/unit/compliance/runner_spec.rb +30 -4
  229. data/spec/unit/data_bag_item_spec.rb +1 -6
  230. data/spec/unit/dsl/reboot_pending_spec.rb +2 -2
  231. data/spec/unit/dsl/registry_helper_spec.rb +1 -1
  232. data/spec/unit/lwrp_spec.rb +1 -1
  233. data/spec/unit/mixin/params_validate_spec.rb +4 -3
  234. data/spec/unit/node/attribute_spec.rb +1 -1
  235. data/spec/unit/node_spec.rb +78 -0
  236. data/spec/unit/org_group_spec.rb +45 -0
  237. data/spec/unit/property_spec.rb +23 -22
  238. data/spec/unit/provider/cron_spec.rb +1 -1
  239. data/spec/unit/provider/group/gpasswd_spec.rb +2 -2
  240. data/spec/unit/provider/group/groupmod_spec.rb +2 -2
  241. data/spec/unit/provider/group/pw_spec.rb +2 -2
  242. data/spec/unit/provider/group_spec.rb +1 -1
  243. data/spec/unit/provider/package/apt_spec.rb +84 -18
  244. data/spec/unit/provider/package/deb_spec.rb +3 -3
  245. data/spec/unit/provider/package/rubygems_spec.rb +21 -33
  246. data/spec/unit/provider/service/arch_service_spec.rb +1 -0
  247. data/spec/unit/provider/service/debian_service_spec.rb +1 -0
  248. data/spec/unit/provider/service/macosx_spec.rb +2 -2
  249. data/spec/unit/provider/service/systemd_service_spec.rb +138 -23
  250. data/spec/unit/provider/service/upstart_service_spec.rb +0 -29
  251. data/spec/unit/provider/service/windows_spec.rb +2 -2
  252. data/spec/unit/provider/subversion_spec.rb +2 -2
  253. data/spec/unit/provider/systemd_unit_spec.rb +79 -60
  254. data/spec/unit/provider/zypper_repository_spec.rb +2 -2
  255. data/spec/unit/provider_spec.rb +0 -8
  256. data/spec/unit/resource/powershell_script_spec.rb +2 -2
  257. data/spec/unit/resource/windows_task_spec.rb +1 -1
  258. data/spec/unit/user_spec.rb +1 -1
  259. data/spec/unit/user_v1_spec.rb +6 -4
  260. data/tasks/rspec.rb +16 -8
  261. metadata +19 -382
  262. data/bin/knife +0 -24
  263. data/lib/chef/application/knife.rb +0 -234
  264. data/lib/chef/application/windows_service.rb +0 -338
  265. data/lib/chef/application/windows_service_manager.rb +0 -205
  266. data/lib/chef/chef_fs/knife.rb +0 -160
  267. data/lib/chef/chef_fs/parallelizer.rb +0 -102
  268. data/lib/chef/chef_fs/parallelizer/flatten_enumerable.rb +0 -35
  269. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +0 -278
  270. data/lib/chef/cookbook_site_streaming_uploader.rb +0 -244
  271. data/lib/chef/knife.rb +0 -665
  272. data/lib/chef/knife/acl_add.rb +0 -57
  273. data/lib/chef/knife/acl_base.rb +0 -183
  274. data/lib/chef/knife/acl_bulk_add.rb +0 -78
  275. data/lib/chef/knife/acl_bulk_remove.rb +0 -83
  276. data/lib/chef/knife/acl_remove.rb +0 -62
  277. data/lib/chef/knife/acl_show.rb +0 -56
  278. data/lib/chef/knife/bootstrap.rb +0 -1192
  279. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +0 -162
  280. data/lib/chef/knife/bootstrap/client_builder.rb +0 -212
  281. data/lib/chef/knife/bootstrap/templates/README.md +0 -11
  282. data/lib/chef/knife/bootstrap/templates/chef-full.erb +0 -242
  283. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +0 -278
  284. data/lib/chef/knife/bootstrap/train_connector.rb +0 -336
  285. data/lib/chef/knife/client_bulk_delete.rb +0 -104
  286. data/lib/chef/knife/client_create.rb +0 -101
  287. data/lib/chef/knife/client_delete.rb +0 -62
  288. data/lib/chef/knife/client_edit.rb +0 -52
  289. data/lib/chef/knife/client_key_create.rb +0 -73
  290. data/lib/chef/knife/client_key_delete.rb +0 -80
  291. data/lib/chef/knife/client_key_edit.rb +0 -83
  292. data/lib/chef/knife/client_key_list.rb +0 -73
  293. data/lib/chef/knife/client_key_show.rb +0 -80
  294. data/lib/chef/knife/client_list.rb +0 -41
  295. data/lib/chef/knife/client_reregister.rb +0 -58
  296. data/lib/chef/knife/client_show.rb +0 -48
  297. data/lib/chef/knife/config_get.rb +0 -39
  298. data/lib/chef/knife/config_get_profile.rb +0 -37
  299. data/lib/chef/knife/config_list.rb +0 -139
  300. data/lib/chef/knife/config_list_profiles.rb +0 -37
  301. data/lib/chef/knife/config_show.rb +0 -127
  302. data/lib/chef/knife/config_use.rb +0 -61
  303. data/lib/chef/knife/config_use_profile.rb +0 -47
  304. data/lib/chef/knife/configure.rb +0 -150
  305. data/lib/chef/knife/configure_client.rb +0 -48
  306. data/lib/chef/knife/cookbook_bulk_delete.rb +0 -71
  307. data/lib/chef/knife/cookbook_delete.rb +0 -151
  308. data/lib/chef/knife/cookbook_download.rb +0 -142
  309. data/lib/chef/knife/cookbook_list.rb +0 -47
  310. data/lib/chef/knife/cookbook_metadata.rb +0 -106
  311. data/lib/chef/knife/cookbook_metadata_from_file.rb +0 -49
  312. data/lib/chef/knife/cookbook_show.rb +0 -98
  313. data/lib/chef/knife/cookbook_upload.rb +0 -292
  314. data/lib/chef/knife/core/bootstrap_context.rb +0 -264
  315. data/lib/chef/knife/core/cookbook_scm_repo.rb +0 -159
  316. data/lib/chef/knife/core/formatting_options.rb +0 -49
  317. data/lib/chef/knife/core/gem_glob_loader.rb +0 -138
  318. data/lib/chef/knife/core/generic_presenter.rb +0 -232
  319. data/lib/chef/knife/core/hashed_command_loader.rb +0 -100
  320. data/lib/chef/knife/core/node_editor.rb +0 -130
  321. data/lib/chef/knife/core/node_presenter.rb +0 -133
  322. data/lib/chef/knife/core/object_loader.rb +0 -115
  323. data/lib/chef/knife/core/status_presenter.rb +0 -147
  324. data/lib/chef/knife/core/subcommand_loader.rb +0 -203
  325. data/lib/chef/knife/core/text_formatter.rb +0 -85
  326. data/lib/chef/knife/core/ui.rb +0 -338
  327. data/lib/chef/knife/core/windows_bootstrap_context.rb +0 -406
  328. data/lib/chef/knife/data_bag_create.rb +0 -81
  329. data/lib/chef/knife/data_bag_delete.rb +0 -49
  330. data/lib/chef/knife/data_bag_edit.rb +0 -74
  331. data/lib/chef/knife/data_bag_from_file.rb +0 -113
  332. data/lib/chef/knife/data_bag_list.rb +0 -42
  333. data/lib/chef/knife/data_bag_secret_options.rb +0 -122
  334. data/lib/chef/knife/data_bag_show.rb +0 -69
  335. data/lib/chef/knife/delete.rb +0 -125
  336. data/lib/chef/knife/deps.rb +0 -156
  337. data/lib/chef/knife/diff.rb +0 -83
  338. data/lib/chef/knife/download.rb +0 -84
  339. data/lib/chef/knife/edit.rb +0 -88
  340. data/lib/chef/knife/environment_compare.rb +0 -128
  341. data/lib/chef/knife/environment_create.rb +0 -52
  342. data/lib/chef/knife/environment_delete.rb +0 -44
  343. data/lib/chef/knife/environment_edit.rb +0 -44
  344. data/lib/chef/knife/environment_from_file.rb +0 -84
  345. data/lib/chef/knife/environment_list.rb +0 -41
  346. data/lib/chef/knife/environment_show.rb +0 -47
  347. data/lib/chef/knife/exec.rb +0 -99
  348. data/lib/chef/knife/group_add.rb +0 -55
  349. data/lib/chef/knife/group_create.rb +0 -49
  350. data/lib/chef/knife/group_destroy.rb +0 -53
  351. data/lib/chef/knife/group_list.rb +0 -43
  352. data/lib/chef/knife/group_remove.rb +0 -56
  353. data/lib/chef/knife/group_show.rb +0 -49
  354. data/lib/chef/knife/key_create.rb +0 -112
  355. data/lib/chef/knife/key_create_base.rb +0 -50
  356. data/lib/chef/knife/key_delete.rb +0 -55
  357. data/lib/chef/knife/key_edit.rb +0 -118
  358. data/lib/chef/knife/key_edit_base.rb +0 -55
  359. data/lib/chef/knife/key_list.rb +0 -90
  360. data/lib/chef/knife/key_list_base.rb +0 -45
  361. data/lib/chef/knife/key_show.rb +0 -53
  362. data/lib/chef/knife/list.rb +0 -177
  363. data/lib/chef/knife/node_bulk_delete.rb +0 -75
  364. data/lib/chef/knife/node_create.rb +0 -47
  365. data/lib/chef/knife/node_delete.rb +0 -46
  366. data/lib/chef/knife/node_edit.rb +0 -70
  367. data/lib/chef/knife/node_environment_set.rb +0 -53
  368. data/lib/chef/knife/node_from_file.rb +0 -51
  369. data/lib/chef/knife/node_list.rb +0 -44
  370. data/lib/chef/knife/node_policy_set.rb +0 -79
  371. data/lib/chef/knife/node_run_list_add.rb +0 -104
  372. data/lib/chef/knife/node_run_list_remove.rb +0 -67
  373. data/lib/chef/knife/node_run_list_set.rb +0 -66
  374. data/lib/chef/knife/node_show.rb +0 -63
  375. data/lib/chef/knife/null.rb +0 -12
  376. data/lib/chef/knife/raw.rb +0 -123
  377. data/lib/chef/knife/recipe_list.rb +0 -32
  378. data/lib/chef/knife/rehash.rb +0 -50
  379. data/lib/chef/knife/role_bulk_delete.rb +0 -66
  380. data/lib/chef/knife/role_create.rb +0 -53
  381. data/lib/chef/knife/role_delete.rb +0 -46
  382. data/lib/chef/knife/role_edit.rb +0 -45
  383. data/lib/chef/knife/role_env_run_list_add.rb +0 -87
  384. data/lib/chef/knife/role_env_run_list_clear.rb +0 -55
  385. data/lib/chef/knife/role_env_run_list_remove.rb +0 -57
  386. data/lib/chef/knife/role_env_run_list_replace.rb +0 -60
  387. data/lib/chef/knife/role_env_run_list_set.rb +0 -70
  388. data/lib/chef/knife/role_from_file.rb +0 -51
  389. data/lib/chef/knife/role_list.rb +0 -42
  390. data/lib/chef/knife/role_run_list_add.rb +0 -87
  391. data/lib/chef/knife/role_run_list_clear.rb +0 -55
  392. data/lib/chef/knife/role_run_list_remove.rb +0 -56
  393. data/lib/chef/knife/role_run_list_replace.rb +0 -60
  394. data/lib/chef/knife/role_run_list_set.rb +0 -69
  395. data/lib/chef/knife/role_show.rb +0 -48
  396. data/lib/chef/knife/search.rb +0 -194
  397. data/lib/chef/knife/serve.rb +0 -65
  398. data/lib/chef/knife/show.rb +0 -72
  399. data/lib/chef/knife/ssh.rb +0 -645
  400. data/lib/chef/knife/ssl_check.rb +0 -284
  401. data/lib/chef/knife/ssl_fetch.rb +0 -161
  402. data/lib/chef/knife/status.rb +0 -95
  403. data/lib/chef/knife/supermarket_download.rb +0 -121
  404. data/lib/chef/knife/supermarket_install.rb +0 -192
  405. data/lib/chef/knife/supermarket_list.rb +0 -76
  406. data/lib/chef/knife/supermarket_search.rb +0 -53
  407. data/lib/chef/knife/supermarket_share.rb +0 -166
  408. data/lib/chef/knife/supermarket_show.rb +0 -66
  409. data/lib/chef/knife/supermarket_unshare.rb +0 -61
  410. data/lib/chef/knife/tag_create.rb +0 -52
  411. data/lib/chef/knife/tag_delete.rb +0 -60
  412. data/lib/chef/knife/tag_list.rb +0 -47
  413. data/lib/chef/knife/upload.rb +0 -86
  414. data/lib/chef/knife/user_create.rb +0 -107
  415. data/lib/chef/knife/user_delete.rb +0 -44
  416. data/lib/chef/knife/user_dissociate.rb +0 -42
  417. data/lib/chef/knife/user_edit.rb +0 -52
  418. data/lib/chef/knife/user_invite_add.rb +0 -43
  419. data/lib/chef/knife/user_invite_list.rb +0 -34
  420. data/lib/chef/knife/user_invite_rescind.rb +0 -63
  421. data/lib/chef/knife/user_key_create.rb +0 -73
  422. data/lib/chef/knife/user_key_delete.rb +0 -80
  423. data/lib/chef/knife/user_key_edit.rb +0 -83
  424. data/lib/chef/knife/user_key_list.rb +0 -73
  425. data/lib/chef/knife/user_key_show.rb +0 -80
  426. data/lib/chef/knife/user_list.rb +0 -42
  427. data/lib/chef/knife/user_reregister.rb +0 -59
  428. data/lib/chef/knife/user_show.rb +0 -48
  429. data/lib/chef/knife/xargs.rb +0 -282
  430. data/lib/chef/knife/yaml_convert.rb +0 -91
  431. data/lib/chef/resource/user/dscl_user.rb +0 -35
  432. data/spec/data/knife-home/.chef/plugins/knife/example_home_subcommand.rb +0 -0
  433. data/spec/data/knife-site-subcommands/plugins/knife/example_subcommand.rb +0 -0
  434. data/spec/data/knife_subcommand/test_explicit_category.rb +0 -7
  435. data/spec/data/knife_subcommand/test_name_mapping.rb +0 -4
  436. data/spec/data/knife_subcommand/test_yourself.rb +0 -21
  437. data/spec/functional/knife/configure_spec.rb +0 -33
  438. data/spec/functional/knife/cookbook_delete_spec.rb +0 -156
  439. data/spec/functional/knife/exec_spec.rb +0 -55
  440. data/spec/functional/knife/rehash_spec.rb +0 -39
  441. data/spec/functional/knife/smoke_test.rb +0 -42
  442. data/spec/functional/knife/ssh_spec.rb +0 -352
  443. data/spec/functional/resource/user/dscl_spec.rb +0 -188
  444. data/spec/functional/resource/windows_service_spec.rb +0 -105
  445. data/spec/functional/win32/service_manager_spec.rb +0 -220
  446. data/spec/integration/knife/chef_fs_data_store_spec.rb +0 -557
  447. data/spec/integration/knife/chef_repo_path_spec.rb +0 -962
  448. data/spec/integration/knife/chef_repository_file_system_spec.rb +0 -200
  449. data/spec/integration/knife/chefignore_spec.rb +0 -301
  450. data/spec/integration/knife/client_bulk_delete_spec.rb +0 -131
  451. data/spec/integration/knife/client_create_spec.rb +0 -70
  452. data/spec/integration/knife/client_delete_spec.rb +0 -64
  453. data/spec/integration/knife/client_key_create_spec.rb +0 -66
  454. data/spec/integration/knife/client_key_delete_spec.rb +0 -43
  455. data/spec/integration/knife/client_key_list_spec.rb +0 -61
  456. data/spec/integration/knife/client_key_show_spec.rb +0 -45
  457. data/spec/integration/knife/client_list_spec.rb +0 -49
  458. data/spec/integration/knife/client_show_spec.rb +0 -37
  459. data/spec/integration/knife/common_options_spec.rb +0 -174
  460. data/spec/integration/knife/config_list_spec.rb +0 -220
  461. data/spec/integration/knife/config_show_spec.rb +0 -192
  462. data/spec/integration/knife/config_use_spec.rb +0 -198
  463. data/spec/integration/knife/cookbook_api_ipv6_spec.rb +0 -113
  464. data/spec/integration/knife/cookbook_bulk_delete_spec.rb +0 -65
  465. data/spec/integration/knife/cookbook_download_spec.rb +0 -72
  466. data/spec/integration/knife/cookbook_list_spec.rb +0 -55
  467. data/spec/integration/knife/cookbook_show_spec.rb +0 -149
  468. data/spec/integration/knife/cookbook_upload_spec.rb +0 -128
  469. data/spec/integration/knife/data_bag_create_spec.rb +0 -125
  470. data/spec/integration/knife/data_bag_delete_spec.rb +0 -59
  471. data/spec/integration/knife/data_bag_edit_spec.rb +0 -105
  472. data/spec/integration/knife/data_bag_from_file_spec.rb +0 -116
  473. data/spec/integration/knife/data_bag_list_spec.rb +0 -44
  474. data/spec/integration/knife/data_bag_show_spec.rb +0 -95
  475. data/spec/integration/knife/delete_spec.rb +0 -1018
  476. data/spec/integration/knife/deps_spec.rb +0 -703
  477. data/spec/integration/knife/diff_spec.rb +0 -605
  478. data/spec/integration/knife/download_spec.rb +0 -1336
  479. data/spec/integration/knife/environment_compare_spec.rb +0 -75
  480. data/spec/integration/knife/environment_create_spec.rb +0 -41
  481. data/spec/integration/knife/environment_delete_spec.rb +0 -37
  482. data/spec/integration/knife/environment_from_file_spec.rb +0 -116
  483. data/spec/integration/knife/environment_list_spec.rb +0 -42
  484. data/spec/integration/knife/environment_show_spec.rb +0 -77
  485. data/spec/integration/knife/list_spec.rb +0 -1060
  486. data/spec/integration/knife/node_bulk_delete_spec.rb +0 -52
  487. data/spec/integration/knife/node_create_spec.rb +0 -47
  488. data/spec/integration/knife/node_delete_spec.rb +0 -48
  489. data/spec/integration/knife/node_environment_set_spec.rb +0 -46
  490. data/spec/integration/knife/node_from_file_spec.rb +0 -59
  491. data/spec/integration/knife/node_list_spec.rb +0 -45
  492. data/spec/integration/knife/node_run_list_add_spec.rb +0 -54
  493. data/spec/integration/knife/node_run_list_remove_spec.rb +0 -36
  494. data/spec/integration/knife/node_run_list_set_spec.rb +0 -41
  495. data/spec/integration/knife/node_show_spec.rb +0 -36
  496. data/spec/integration/knife/raw_spec.rb +0 -297
  497. data/spec/integration/knife/redirection_spec.rb +0 -64
  498. data/spec/integration/knife/role_bulk_delete_spec.rb +0 -52
  499. data/spec/integration/knife/role_create_spec.rb +0 -41
  500. data/spec/integration/knife/role_delete_spec.rb +0 -48
  501. data/spec/integration/knife/role_from_file_spec.rb +0 -96
  502. data/spec/integration/knife/role_list_spec.rb +0 -45
  503. data/spec/integration/knife/role_show_spec.rb +0 -51
  504. data/spec/integration/knife/search_node_spec.rb +0 -40
  505. data/spec/integration/knife/serve_spec.rb +0 -92
  506. data/spec/integration/knife/show_spec.rb +0 -197
  507. data/spec/integration/knife/upload_spec.rb +0 -1617
  508. data/spec/support/shared/functional/knife.rb +0 -37
  509. data/spec/support/shared/functional/win32_service.rb +0 -57
  510. data/spec/support/shared/integration/knife_support.rb +0 -192
  511. data/spec/support/shared/unit/knife_shared.rb +0 -39
  512. data/spec/unit/application/knife_spec.rb +0 -241
  513. data/spec/unit/chef_fs/parallelizer_spec.rb +0 -479
  514. data/spec/unit/cookbook_site_streaming_uploader_spec.rb +0 -198
  515. data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +0 -152
  516. data/spec/unit/knife/bootstrap/client_builder_spec.rb +0 -207
  517. data/spec/unit/knife/bootstrap/train_connector_spec.rb +0 -244
  518. data/spec/unit/knife/bootstrap_spec.rb +0 -2220
  519. data/spec/unit/knife/client_bulk_delete_spec.rb +0 -166
  520. data/spec/unit/knife/client_create_spec.rb +0 -169
  521. data/spec/unit/knife/client_delete_spec.rb +0 -99
  522. data/spec/unit/knife/client_edit_spec.rb +0 -53
  523. data/spec/unit/knife/client_list_spec.rb +0 -34
  524. data/spec/unit/knife/client_reregister_spec.rb +0 -62
  525. data/spec/unit/knife/client_show_spec.rb +0 -52
  526. data/spec/unit/knife/configure_client_spec.rb +0 -81
  527. data/spec/unit/knife/configure_spec.rb +0 -190
  528. data/spec/unit/knife/cookbook_bulk_delete_spec.rb +0 -87
  529. data/spec/unit/knife/cookbook_delete_spec.rb +0 -239
  530. data/spec/unit/knife/cookbook_download_spec.rb +0 -255
  531. data/spec/unit/knife/cookbook_list_spec.rb +0 -88
  532. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +0 -72
  533. data/spec/unit/knife/cookbook_metadata_spec.rb +0 -182
  534. data/spec/unit/knife/cookbook_show_spec.rb +0 -253
  535. data/spec/unit/knife/cookbook_upload_spec.rb +0 -364
  536. data/spec/unit/knife/core/bootstrap_context_spec.rb +0 -287
  537. data/spec/unit/knife/core/cookbook_scm_repo_spec.rb +0 -187
  538. data/spec/unit/knife/core/gem_glob_loader_spec.rb +0 -209
  539. data/spec/unit/knife/core/hashed_command_loader_spec.rb +0 -112
  540. data/spec/unit/knife/core/node_editor_spec.rb +0 -211
  541. data/spec/unit/knife/core/object_loader_spec.rb +0 -81
  542. data/spec/unit/knife/core/status_presenter_spec.rb +0 -54
  543. data/spec/unit/knife/core/subcommand_loader_spec.rb +0 -64
  544. data/spec/unit/knife/core/ui_spec.rb +0 -656
  545. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +0 -238
  546. data/spec/unit/knife/data_bag_create_spec.rb +0 -175
  547. data/spec/unit/knife/data_bag_edit_spec.rb +0 -126
  548. data/spec/unit/knife/data_bag_from_file_spec.rb +0 -174
  549. data/spec/unit/knife/data_bag_secret_options_spec.rb +0 -173
  550. data/spec/unit/knife/data_bag_show_spec.rb +0 -139
  551. data/spec/unit/knife/environment_compare_spec.rb +0 -112
  552. data/spec/unit/knife/environment_create_spec.rb +0 -91
  553. data/spec/unit/knife/environment_delete_spec.rb +0 -71
  554. data/spec/unit/knife/environment_edit_spec.rb +0 -79
  555. data/spec/unit/knife/environment_from_file_spec.rb +0 -90
  556. data/spec/unit/knife/environment_list_spec.rb +0 -54
  557. data/spec/unit/knife/environment_show_spec.rb +0 -52
  558. data/spec/unit/knife/key_create_spec.rb +0 -223
  559. data/spec/unit/knife/key_delete_spec.rb +0 -133
  560. data/spec/unit/knife/key_edit_spec.rb +0 -264
  561. data/spec/unit/knife/key_helper.rb +0 -74
  562. data/spec/unit/knife/key_list_spec.rb +0 -216
  563. data/spec/unit/knife/key_show_spec.rb +0 -126
  564. data/spec/unit/knife/node_bulk_delete_spec.rb +0 -94
  565. data/spec/unit/knife/node_delete_spec.rb +0 -77
  566. data/spec/unit/knife/node_edit_spec.rb +0 -116
  567. data/spec/unit/knife/node_environment_set_spec.rb +0 -61
  568. data/spec/unit/knife/node_from_file_spec.rb +0 -59
  569. data/spec/unit/knife/node_list_spec.rb +0 -62
  570. data/spec/unit/knife/node_policy_set_spec.rb +0 -122
  571. data/spec/unit/knife/node_run_list_add_spec.rb +0 -145
  572. data/spec/unit/knife/node_run_list_remove_spec.rb +0 -106
  573. data/spec/unit/knife/node_run_list_set_spec.rb +0 -115
  574. data/spec/unit/knife/node_show_spec.rb +0 -65
  575. data/spec/unit/knife/raw_spec.rb +0 -43
  576. data/spec/unit/knife/role_bulk_delete_spec.rb +0 -80
  577. data/spec/unit/knife/role_create_spec.rb +0 -80
  578. data/spec/unit/knife/role_delete_spec.rb +0 -67
  579. data/spec/unit/knife/role_edit_spec.rb +0 -77
  580. data/spec/unit/knife/role_env_run_list_add_spec.rb +0 -217
  581. data/spec/unit/knife/role_env_run_list_clear_spec.rb +0 -94
  582. data/spec/unit/knife/role_env_run_list_remove_spec.rb +0 -102
  583. data/spec/unit/knife/role_env_run_list_replace_spec.rb +0 -105
  584. data/spec/unit/knife/role_env_run_list_set_spec.rb +0 -99
  585. data/spec/unit/knife/role_from_file_spec.rb +0 -69
  586. data/spec/unit/knife/role_list_spec.rb +0 -54
  587. data/spec/unit/knife/role_run_list_add_spec.rb +0 -179
  588. data/spec/unit/knife/role_run_list_clear_spec.rb +0 -84
  589. data/spec/unit/knife/role_run_list_remove_spec.rb +0 -92
  590. data/spec/unit/knife/role_run_list_replace_spec.rb +0 -98
  591. data/spec/unit/knife/role_run_list_set_spec.rb +0 -89
  592. data/spec/unit/knife/role_show_spec.rb +0 -59
  593. data/spec/unit/knife/ssh_spec.rb +0 -403
  594. data/spec/unit/knife/ssl_check_spec.rb +0 -256
  595. data/spec/unit/knife/ssl_fetch_spec.rb +0 -222
  596. data/spec/unit/knife/status_spec.rb +0 -112
  597. data/spec/unit/knife/supermarket_download_spec.rb +0 -152
  598. data/spec/unit/knife/supermarket_install_spec.rb +0 -202
  599. data/spec/unit/knife/supermarket_list_spec.rb +0 -70
  600. data/spec/unit/knife/supermarket_search_spec.rb +0 -85
  601. data/spec/unit/knife/supermarket_share_spec.rb +0 -208
  602. data/spec/unit/knife/supermarket_unshare_spec.rb +0 -78
  603. data/spec/unit/knife/tag_create_spec.rb +0 -23
  604. data/spec/unit/knife/tag_delete_spec.rb +0 -25
  605. data/spec/unit/knife/tag_list_spec.rb +0 -23
  606. data/spec/unit/knife/user_create_spec.rb +0 -184
  607. data/spec/unit/knife/user_delete_spec.rb +0 -46
  608. data/spec/unit/knife/user_edit_spec.rb +0 -48
  609. data/spec/unit/knife/user_list_spec.rb +0 -36
  610. data/spec/unit/knife/user_reregister_spec.rb +0 -56
  611. data/spec/unit/knife/user_show_spec.rb +0 -46
  612. data/spec/unit/knife_spec.rb +0 -634
  613. data/spec/unit/provider/user/dscl_spec.rb +0 -699
  614. data/spec/unit/windows_service_spec.rb +0 -118
@@ -1,56 +0,0 @@
1
- #
2
- # Author:: Steven Danna (steve@chef.io)
3
- # Copyright:: Copyright (c) Chef Software Inc.
4
- # License:: Apache License, Version 2.0
5
- #
6
- # Licensed under the Apache License, Version 2.0 (the "License");
7
- # you may not use this file except in compliance with the License.
8
- # You may obtain a copy of the License at
9
- #
10
- # http://www.apache.org/licenses/LICENSE-2.0
11
- #
12
- # Unless required by applicable law or agreed to in writing, software
13
- # distributed under the License is distributed on an "AS IS" BASIS,
14
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
- # See the License for the specific language governing permissions and
16
- # limitations under the License.
17
- #
18
-
19
- require_relative "../knife"
20
-
21
- class Chef
22
- class Knife
23
- class AclShow < Chef::Knife
24
- category "acl"
25
- banner "knife acl show OBJECT_TYPE OBJECT_NAME"
26
-
27
- deps do
28
- require_relative "acl_base"
29
- include Chef::Knife::AclBase
30
- end
31
-
32
- def run
33
- object_type, object_name = name_args
34
-
35
- if name_args.length != 2
36
- show_usage
37
- ui.fatal "You must specify an object type and object name"
38
- exit 1
39
- end
40
-
41
- validate_object_type!(object_type)
42
- validate_object_name!(object_name)
43
- acl = get_acl(object_type, object_name)
44
- PERM_TYPES.each do |perm|
45
- # Filter out the actors field if we have
46
- # users and clients. Note that if one is present,
47
- # both will be - but we're checking both for completeness.
48
- if acl[perm].key?("users") && acl[perm].key?("clients")
49
- acl[perm].delete "actors"
50
- end
51
- end
52
- ui.output acl
53
- end
54
- end
55
- end
56
- end
@@ -1,1192 +0,0 @@
1
- #
2
- # Author:: Adam Jacob (<adam@chef.io>)
3
- # Copyright:: Copyright (c) Chef Software Inc.
4
- # License:: Apache License, Version 2.0
5
- #
6
- # Licensed under the Apache License, Version 2.0 (the "License");
7
- # you may not use this file except in compliance with the License.
8
- # You may obtain a copy of the License at
9
- #
10
- # http://www.apache.org/licenses/LICENSE-2.0
11
- #
12
- # Unless required by applicable law or agreed to in writing, software
13
- # distributed under the License is distributed on an "AS IS" BASIS,
14
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
- # See the License for the specific language governing permissions and
16
- # limitations under the License.
17
- #
18
-
19
- require_relative "../knife"
20
- require_relative "data_bag_secret_options"
21
- require "chef-utils/dist" unless defined?(ChefUtils::Dist)
22
- require "license_acceptance/cli_flags/mixlib_cli"
23
- module LicenseAcceptance
24
- autoload :Acceptor, "license_acceptance/acceptor"
25
- end
26
-
27
- class Chef
28
- class Knife
29
- class Bootstrap < Knife
30
- include DataBagSecretOptions
31
- include LicenseAcceptance::CLIFlags::MixlibCLI
32
-
33
- SUPPORTED_CONNECTION_PROTOCOLS ||= %w{ssh winrm}.freeze
34
- WINRM_AUTH_PROTOCOL_LIST ||= %w{plaintext kerberos ssl negotiate}.freeze
35
-
36
- # Common connectivity options
37
- option :connection_user,
38
- short: "-U USERNAME",
39
- long: "--connection-user USERNAME",
40
- description: "Authenticate to the target host with this user account."
41
-
42
- option :connection_password,
43
- short: "-P PASSWORD",
44
- long: "--connection-password PASSWORD",
45
- description: "Authenticate to the target host with this password."
46
-
47
- option :connection_port,
48
- short: "-p PORT",
49
- long: "--connection-port PORT",
50
- description: "The port on the target node to connect to."
51
-
52
- option :connection_protocol,
53
- short: "-o PROTOCOL",
54
- long: "--connection-protocol PROTOCOL",
55
- description: "The protocol to use to connect to the target node.",
56
- in: SUPPORTED_CONNECTION_PROTOCOLS
57
-
58
- option :max_wait,
59
- short: "-W SECONDS",
60
- long: "--max-wait SECONDS",
61
- description: "The maximum time to wait for the initial connection to be established."
62
-
63
- option :session_timeout,
64
- long: "--session-timeout SECONDS",
65
- description: "The number of seconds to wait for each connection operation to be acknowledged while running bootstrap.",
66
- default: 60
67
-
68
- # WinRM Authentication
69
- option :winrm_ssl_peer_fingerprint,
70
- long: "--winrm-ssl-peer-fingerprint FINGERPRINT",
71
- description: "SSL certificate fingerprint expected from the target."
72
-
73
- option :ca_trust_file,
74
- short: "-f CA_TRUST_PATH",
75
- long: "--ca-trust-file CA_TRUST_PATH",
76
- description: "The Certificate Authority (CA) trust file used for SSL transport."
77
-
78
- option :winrm_no_verify_cert,
79
- long: "--winrm-no-verify-cert",
80
- description: "Do not verify the SSL certificate of the target node for WinRM.",
81
- boolean: true
82
-
83
- option :winrm_ssl,
84
- long: "--winrm-ssl",
85
- description: "Use SSL in the WinRM connection."
86
-
87
- option :winrm_auth_method,
88
- short: "-w AUTH-METHOD",
89
- long: "--winrm-auth-method AUTH-METHOD",
90
- description: "The WinRM authentication method to use.",
91
- in: WINRM_AUTH_PROTOCOL_LIST
92
-
93
- option :winrm_basic_auth_only,
94
- long: "--winrm-basic-auth-only",
95
- description: "For WinRM basic authentication when using the 'ssl' auth method.",
96
- boolean: true
97
-
98
- # This option was provided in knife bootstrap windows winrm,
99
- # but it is ignored in knife-windows/WinrmSession, and so remains unimplemented here.
100
- # option :kerberos_keytab_file,
101
- # :short => "-T KEYTAB_FILE",
102
- # :long => "--keytab-file KEYTAB_FILE",
103
- # :description => "The Kerberos keytab file used for authentication"
104
-
105
- option :kerberos_realm,
106
- short: "-R KERBEROS_REALM",
107
- long: "--kerberos-realm KERBEROS_REALM",
108
- description: "The Kerberos realm used for authentication."
109
-
110
- option :kerberos_service,
111
- short: "-S KERBEROS_SERVICE",
112
- long: "--kerberos-service KERBEROS_SERVICE",
113
- description: "The Kerberos service used for authentication."
114
-
115
- ## SSH Authentication
116
- option :ssh_gateway,
117
- short: "-G GATEWAY",
118
- long: "--ssh-gateway GATEWAY",
119
- description: "The SSH gateway."
120
-
121
- option :ssh_gateway_identity,
122
- long: "--ssh-gateway-identity SSH_GATEWAY_IDENTITY",
123
- description: "The SSH identity file used for gateway authentication."
124
-
125
- option :ssh_forward_agent,
126
- short: "-A",
127
- long: "--ssh-forward-agent",
128
- description: "Enable SSH agent forwarding.",
129
- boolean: true
130
-
131
- option :ssh_identity_file,
132
- short: "-i IDENTITY_FILE",
133
- long: "--ssh-identity-file IDENTITY_FILE",
134
- description: "The SSH identity file used for authentication."
135
-
136
- option :ssh_verify_host_key,
137
- long: "--ssh-verify-host-key VALUE",
138
- description: "Verify host key. Default is 'always'.",
139
- in: %w{always accept_new accept_new_or_local_tunnel never},
140
- default: "always"
141
-
142
- #
143
- # bootstrap options
144
- #
145
-
146
- # client.rb content via chef-full/bootstrap_context
147
- option :bootstrap_version,
148
- long: "--bootstrap-version VERSION",
149
- description: "The version of #{ChefUtils::Dist::Infra::PRODUCT} to install."
150
-
151
- option :channel,
152
- long: "--channel CHANNEL",
153
- description: "Install from the given channel. Default is 'stable'.",
154
- default: "stable",
155
- in: %w{stable current unstable}
156
-
157
- # client.rb content via chef-full/bootstrap_context
158
- option :bootstrap_proxy,
159
- long: "--bootstrap-proxy PROXY_URL",
160
- description: "The proxy server for the node being bootstrapped."
161
-
162
- # client.rb content via bootstrap_context
163
- option :bootstrap_proxy_user,
164
- long: "--bootstrap-proxy-user PROXY_USER",
165
- description: "The proxy authentication username for the node being bootstrapped."
166
-
167
- # client.rb content via bootstrap_context
168
- option :bootstrap_proxy_pass,
169
- long: "--bootstrap-proxy-pass PROXY_PASS",
170
- description: "The proxy authentication password for the node being bootstrapped."
171
-
172
- # client.rb content via bootstrap_context
173
- option :bootstrap_no_proxy,
174
- long: "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
175
- description: "Do not proxy locations for the node being bootstrapped"
176
-
177
- # client.rb content via bootstrap_context
178
- option :bootstrap_template,
179
- short: "-t TEMPLATE",
180
- long: "--bootstrap-template TEMPLATE",
181
- description: "Bootstrap #{ChefUtils::Dist::Infra::PRODUCT} using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
182
-
183
- # client.rb content via bootstrap_context
184
- option :node_ssl_verify_mode,
185
- long: "--node-ssl-verify-mode [peer|none]",
186
- description: "Whether or not to verify the SSL cert for all HTTPS requests.",
187
- proc: Proc.new { |v|
188
- valid_values = %w{none peer}
189
- unless valid_values.include?(v)
190
- raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
191
- end
192
-
193
- v
194
- }
195
-
196
- # bootstrap_context - client.rb
197
- option :node_verify_api_cert,
198
- long: "--[no-]node-verify-api-cert",
199
- description: "Verify the SSL cert for HTTPS requests to the #{ChefUtils::Dist::Server::PRODUCT} API.",
200
- boolean: true
201
-
202
- # runtime - sudo settings (train handles sudo)
203
- option :use_sudo,
204
- long: "--sudo",
205
- description: "Execute the bootstrap via sudo.",
206
- boolean: true
207
-
208
- # runtime - sudo settings (train handles sudo)
209
- option :preserve_home,
210
- long: "--sudo-preserve-home",
211
- description: "Preserve non-root user HOME environment variable with sudo.",
212
- boolean: true
213
-
214
- # runtime - sudo settings (train handles sudo)
215
- option :use_sudo_password,
216
- long: "--use-sudo-password",
217
- description: "Execute the bootstrap via sudo with password.",
218
- boolean: false
219
-
220
- # runtime - su user
221
- option :su_user,
222
- long: "--su-user NAME",
223
- description: "The su - USER name to perform bootstrap command using a non-root user."
224
-
225
- # runtime - su user password
226
- option :su_password,
227
- long: "--su-password PASSWORD",
228
- description: "The su USER password for authentication."
229
-
230
- # runtime - client_builder
231
- option :chef_node_name,
232
- short: "-N NAME",
233
- long: "--node-name NAME",
234
- description: "The node name for your new node."
235
-
236
- # runtime - client_builder - set runlist when creating node
237
- option :run_list,
238
- short: "-r RUN_LIST",
239
- long: "--run-list RUN_LIST",
240
- description: "Comma separated list of roles/recipes to apply.",
241
- proc: lambda { |o| o.split(/[\s,]+/) },
242
- default: []
243
-
244
- # runtime - client_builder - set policy name when creating node
245
- option :policy_name,
246
- long: "--policy-name POLICY_NAME",
247
- description: "Policyfile name to use (--policy-group must also be given).",
248
- default: nil
249
-
250
- # runtime - client_builder - set policy group when creating node
251
- option :policy_group,
252
- long: "--policy-group POLICY_GROUP",
253
- description: "Policy group name to use (--policy-name must also be given).",
254
- default: nil
255
-
256
- # runtime - client_builder - node tags
257
- option :tags,
258
- long: "--tags TAGS",
259
- description: "Comma separated list of tags to apply to the node.",
260
- proc: lambda { |o| o.split(/[\s,]+/) },
261
- default: []
262
-
263
- # bootstrap template
264
- option :first_boot_attributes,
265
- short: "-j JSON_ATTRIBS",
266
- long: "--json-attributes",
267
- description: "A JSON string to be added to the first run of #{ChefUtils::Dist::Infra::CLIENT}.",
268
- proc: lambda { |o| Chef::JSONCompat.parse(o) },
269
- default: nil
270
-
271
- # bootstrap template
272
- option :first_boot_attributes_from_file,
273
- long: "--json-attribute-file FILE",
274
- description: "A JSON file to be used to the first run of #{ChefUtils::Dist::Infra::CLIENT}.",
275
- proc: lambda { |o| Chef::JSONCompat.parse(File.read(o)) },
276
- default: nil
277
-
278
- # bootstrap template
279
- # Create ohai hints in /etc/chef/ohai/hints, fname=hintname, content=value
280
- option :hints,
281
- long: "--hint HINT_NAME[=HINT_FILE]",
282
- description: "Specify an Ohai hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.",
283
- proc: Proc.new { |hint, accumulator|
284
- accumulator ||= {}
285
- name, path = hint.split("=", 2)
286
- accumulator[name] = path ? Chef::JSONCompat.parse(::File.read(path)) : {}
287
- accumulator
288
- }
289
-
290
- # bootstrap override: url of a an installer shell script to use in place of omnitruck
291
- # Note that the bootstrap template _only_ references this out of Chef::Config, and not from
292
- # the provided options to knife bootstrap, so we set the Chef::Config option here.
293
- option :bootstrap_url,
294
- long: "--bootstrap-url URL",
295
- description: "URL to a custom installation script."
296
-
297
- option :bootstrap_product,
298
- long: "--bootstrap-product PRODUCT",
299
- description: "Product to install.",
300
- default: "chef"
301
-
302
- option :msi_url, # Windows target only
303
- short: "-m URL",
304
- long: "--msi-url URL",
305
- description: "Location of the #{ChefUtils::Dist::Infra::PRODUCT} MSI. The default templates will prefer to download from this location. The MSI will be downloaded from #{ChefUtils::Dist::Org::WEBSITE} if not provided (Windows).",
306
- default: ""
307
-
308
- # bootstrap override: Do this instead of our own setup.sh from omnitruck. Causes bootstrap_url to be ignored.
309
- option :bootstrap_install_command,
310
- long: "--bootstrap-install-command COMMANDS",
311
- description: "Custom command to install #{ChefUtils::Dist::Infra::PRODUCT}."
312
-
313
- # bootstrap template: Run this command first in the bootstrap script
314
- option :bootstrap_preinstall_command,
315
- long: "--bootstrap-preinstall-command COMMANDS",
316
- description: "Custom commands to run before installing #{ChefUtils::Dist::Infra::PRODUCT}."
317
-
318
- # bootstrap template
319
- option :bootstrap_wget_options,
320
- long: "--bootstrap-wget-options OPTIONS",
321
- description: "Add options to wget when installing #{ChefUtils::Dist::Infra::PRODUCT}."
322
-
323
- # bootstrap template
324
- option :bootstrap_curl_options,
325
- long: "--bootstrap-curl-options OPTIONS",
326
- description: "Add options to curl when install #{ChefUtils::Dist::Infra::PRODUCT}."
327
-
328
- # chef_vault_handler
329
- option :bootstrap_vault_file,
330
- long: "--bootstrap-vault-file VAULT_FILE",
331
- description: "A JSON file with a list of vault(s) and item(s) to be updated."
332
-
333
- # chef_vault_handler
334
- option :bootstrap_vault_json,
335
- long: "--bootstrap-vault-json VAULT_JSON",
336
- description: "A JSON string with the vault(s) and item(s) to be updated."
337
-
338
- # chef_vault_handler
339
- option :bootstrap_vault_item,
340
- long: "--bootstrap-vault-item VAULT_ITEM",
341
- description: 'A single vault and item to update as "vault:item".',
342
- proc: Proc.new { |i, accumulator|
343
- (vault, item) = i.split(":")
344
- accumulator ||= {}
345
- accumulator[vault] ||= []
346
- accumulator[vault].push(item)
347
- accumulator
348
- }
349
-
350
- # Deprecated options. These must be declared after
351
- # regular options because they refer to the replacement
352
- # option definitions implicitly.
353
- deprecated_option :auth_timeout,
354
- replacement: :max_wait,
355
- long: "--max-wait SECONDS"
356
-
357
- deprecated_option :forward_agent,
358
- replacement: :ssh_forward_agent,
359
- boolean: true, long: "--forward-agent"
360
-
361
- deprecated_option :host_key_verify,
362
- replacement: :ssh_verify_host_key,
363
- boolean: true, long: "--[no-]host-key-verify",
364
- value_mapper: Proc.new { |verify| verify ? "always" : "never" }
365
-
366
- deprecated_option :prerelease,
367
- replacement: :channel,
368
- long: "--prerelease",
369
- boolean: true, value_mapper: Proc.new { "current" }
370
-
371
- deprecated_option :ssh_user,
372
- replacement: :connection_user,
373
- long: "--ssh-user USERNAME"
374
-
375
- deprecated_option :ssh_password,
376
- replacement: :connection_password,
377
- long: "--ssh-password PASSWORD"
378
-
379
- deprecated_option :ssh_port,
380
- replacement: :connection_port,
381
- long: "--ssh-port PASSWORD"
382
-
383
- deprecated_option :ssl_peer_fingerprint,
384
- replacement: :winrm_ssl_peer_fingerprint,
385
- long: "--ssl-peer-fingerprint FINGERPRINT"
386
-
387
- deprecated_option :winrm_user,
388
- replacement: :connection_user,
389
- long: "--winrm-user USERNAME", short: "-x USERNAME"
390
-
391
- deprecated_option :winrm_password,
392
- replacement: :connection_password,
393
- long: "--winrm-password PASSWORD"
394
-
395
- deprecated_option :winrm_port,
396
- replacement: :connection_port,
397
- long: "--winrm-port PORT"
398
-
399
- deprecated_option :winrm_authentication_protocol,
400
- replacement: :winrm_auth_method,
401
- long: "--winrm-authentication-protocol PROTOCOL"
402
-
403
- deprecated_option :winrm_session_timeout,
404
- replacement: :session_timeout,
405
- long: "--winrm-session-timeout MINUTES"
406
-
407
- deprecated_option :winrm_ssl_verify_mode,
408
- replacement: :winrm_no_verify_cert,
409
- long: "--winrm-ssl-verify-mode MODE"
410
-
411
- deprecated_option :winrm_transport, replacement: :winrm_ssl,
412
- long: "--winrm-transport TRANSPORT",
413
- value_mapper: Proc.new { |value| value == "ssl" }
414
-
415
- attr_reader :connection
416
-
417
- deps do
418
- require "erubis" unless defined?(Erubis)
419
-
420
- require "net/ssh" unless defined?(Net::SSH)
421
- require_relative "../json_compat"
422
- require_relative "../util/path_helper"
423
- require_relative "bootstrap/chef_vault_handler"
424
- require_relative "bootstrap/client_builder"
425
- require_relative "bootstrap/train_connector"
426
- end
427
-
428
- banner "knife bootstrap [PROTOCOL://][USER@]FQDN (options)"
429
-
430
- def client_builder
431
- @client_builder ||= Chef::Knife::Bootstrap::ClientBuilder.new(
432
- chef_config: Chef::Config,
433
- config: config,
434
- ui: ui
435
- )
436
- end
437
-
438
- def chef_vault_handler
439
- @chef_vault_handler ||= Chef::Knife::Bootstrap::ChefVaultHandler.new(
440
- config: config,
441
- ui: ui
442
- )
443
- end
444
-
445
- # Determine if we need to accept the Chef Infra license locally in order to successfully bootstrap
446
- # the remote node. Remote 'chef-client' run will fail if it is >= 15 and the license is not accepted locally.
447
- def check_license
448
- Chef::Log.debug("Checking if we need to accept Chef license to bootstrap node")
449
- version = config[:bootstrap_version] || Chef::VERSION.split(".").first
450
- acceptor = LicenseAcceptance::Acceptor.new(logger: Chef::Log, provided: Chef::Config[:chef_license])
451
- if acceptor.license_required?("chef", version)
452
- Chef::Log.debug("License acceptance required for chef version: #{version}")
453
- license_id = acceptor.id_from_mixlib("chef")
454
- acceptor.check_and_persist(license_id, version)
455
- Chef::Config[:chef_license] ||= acceptor.acceptance_value
456
- end
457
- end
458
-
459
- # The default bootstrap template to use to bootstrap a server.
460
- # This is a public API hook which knife plugins use or inherit and override.
461
- #
462
- # @return [String] Default bootstrap template
463
- def default_bootstrap_template
464
- if connection.windows?
465
- "windows-chef-client-msi"
466
- else
467
- "chef-full"
468
- end
469
- end
470
-
471
- def host_descriptor
472
- Array(@name_args).first
473
- end
474
-
475
- # The server_name is the DNS or IP we are going to connect to, it is not necessarily
476
- # the node name, the fqdn, or the hostname of the server. This is a public API hook
477
- # which knife plugins use or inherit and override.
478
- #
479
- # @return [String] The DNS or IP that bootstrap will connect to
480
- def server_name
481
- if host_descriptor
482
- @server_name ||= host_descriptor.split("@").reverse[0]
483
- end
484
- end
485
-
486
- # @return [String] The CLI specific bootstrap template or the default
487
- def bootstrap_template
488
- # Allow passing a bootstrap template or use the default
489
- config[:bootstrap_template] || default_bootstrap_template
490
- end
491
-
492
- def find_template
493
- template = bootstrap_template
494
-
495
- # Use the template directly if it's a path to an actual file
496
- if File.exist?(template)
497
- Chef::Log.trace("Using the specified bootstrap template: #{File.dirname(template)}")
498
- return template
499
- end
500
-
501
- # Otherwise search the template directories until we find the right one
502
- bootstrap_files = []
503
- bootstrap_files << File.join(__dir__, "bootstrap/templates", "#{template}.erb")
504
- bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
505
- Chef::Util::PathHelper.home(".chef", "bootstrap", "#{template}.erb") { |p| bootstrap_files << p }
506
- bootstrap_files << Gem.find_files(File.join("chef", "knife", "bootstrap", "#{template}.erb"))
507
- bootstrap_files.flatten!
508
-
509
- template_file = Array(bootstrap_files).find do |bootstrap_template|
510
- Chef::Log.trace("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
511
- File.exist?(bootstrap_template)
512
- end
513
-
514
- unless template_file
515
- ui.info("Can not find bootstrap definition for #{template}")
516
- raise Errno::ENOENT
517
- end
518
-
519
- Chef::Log.trace("Found bootstrap template: #{template_file}")
520
-
521
- template_file
522
- end
523
-
524
- def secret
525
- @secret ||= encryption_secret_provided_ignore_encrypt_flag? ? read_secret : nil
526
- end
527
-
528
- # Establish bootstrap context for template rendering.
529
- # Requires connection to be a live connection in order to determine
530
- # the correct platform.
531
- def bootstrap_context
532
- @bootstrap_context ||=
533
- if connection.windows?
534
- require_relative "core/windows_bootstrap_context"
535
- Knife::Core::WindowsBootstrapContext.new(config, config[:run_list], Chef::Config, secret)
536
- else
537
- require_relative "core/bootstrap_context"
538
- Knife::Core::BootstrapContext.new(config, config[:run_list], Chef::Config, secret)
539
- end
540
- end
541
-
542
- def first_boot_attributes
543
- @config[:first_boot_attributes] || @config[:first_boot_attributes_from_file] || {}
544
- end
545
-
546
- def render_template
547
- @config[:first_boot_attributes] = first_boot_attributes
548
- template_file = find_template
549
- template = IO.read(template_file).chomp
550
- Erubis::Eruby.new(template).evaluate(bootstrap_context)
551
- end
552
-
553
- def run
554
- check_license if ChefUtils::Dist::Org::ENFORCE_LICENSE
555
-
556
- plugin_setup!
557
- validate_name_args!
558
- validate_protocol!
559
- validate_first_boot_attributes!
560
- validate_winrm_transport_opts!
561
- validate_policy_options!
562
- plugin_validate_options!
563
-
564
- winrm_warn_no_ssl_verification
565
- warn_on_short_session_timeout
566
-
567
- plugin_create_instance!
568
- $stdout.sync = true
569
- connect!
570
- register_client
571
-
572
- content = render_template
573
- bootstrap_path = upload_bootstrap(content)
574
- perform_bootstrap(bootstrap_path)
575
- plugin_finalize
576
- ensure
577
- connection.del_file!(bootstrap_path) if connection && bootstrap_path
578
- end
579
-
580
- def register_client
581
- # chef-vault integration must use the new client-side hawtness, otherwise to use the
582
- # new client-side hawtness, just delete your validation key.
583
- if chef_vault_handler.doing_chef_vault? ||
584
- (Chef::Config[:validation_key] &&
585
- !File.exist?(File.expand_path(Chef::Config[:validation_key])))
586
-
587
- unless config[:chef_node_name]
588
- ui.error("You must pass a node name with -N when bootstrapping with user credentials")
589
- exit 1
590
- end
591
- client_builder.run
592
- chef_vault_handler.run(client_builder.client)
593
-
594
- bootstrap_context.client_pem = client_builder.client_path
595
- else
596
- ui.warn "Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
597
- ui.warn "Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration."
598
- end
599
- end
600
-
601
- def perform_bootstrap(remote_bootstrap_script_path)
602
- ui.info("Bootstrapping #{ui.color(server_name, :bold)}")
603
- cmd = bootstrap_command(remote_bootstrap_script_path)
604
- bootstrap_run_command(cmd)
605
- end
606
-
607
- # Actual bootstrap command to be run on the node.
608
- # Handles recursive calls if su USER failed to authenticate.
609
- def bootstrap_run_command(cmd)
610
- r = connection.run_command(cmd) do |data, channel|
611
- ui.msg("#{ui.color(" [#{connection.hostname}]", :cyan)} #{data}")
612
- channel.send_data("#{config[:su_password] || config[:connection_password]}\n") if data.match?("Password:")
613
- end
614
-
615
- if r.exit_status != 0
616
- ui.error("The following error occurred on #{server_name}:")
617
- ui.error("#{r.stdout} #{r.stderr}".strip)
618
- exit(r.exit_status)
619
- end
620
- rescue Train::UserError => e
621
- limit ||= 0
622
- if e.reason == :bad_su_user_password && limit < 3
623
- limit += 1
624
- ui.warn("Failed to authenticate su - #{config[:su_user]} to #{server_name}")
625
- config[:su_password] = ui.ask("Enter password for su - #{config[:su_user]}@#{server_name}:", echo: false)
626
- retry
627
- else
628
- raise
629
- end
630
- end
631
-
632
- def connect!
633
- ui.info("Connecting to #{ui.color(server_name, :bold)} using #{connection_protocol}")
634
- opts ||= connection_opts.dup
635
- do_connect(opts)
636
- rescue Train::Error => e
637
- # We handle these by message text only because train only loads the
638
- # transports and protocols that it needs - so the exceptions may not be defined,
639
- # and we don't want to require files internal to train.
640
- if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/ # Train::Transports::SSHFailed
641
- fingerprint = $1
642
- hostname, ip = $2.split(",")
643
- # TODO: convert the SHA256 base64 value to hex with colons
644
- # 'ssh' example output:
645
- # RSA key fingerprint is e5:cb:c0:e2:21:3b:12:52:f8:ce:cb:00:24:e2:0c:92.
646
- # ECDSA key fingerprint is 5d:67:61:08:a9:d7:01:fd:5e:ae:7e:09:40:ef:c0:3c.
647
- # will exit 3 on N
648
- ui.confirm <<~EOM
649
- The authenticity of host '#{hostname} (#{ip})' can't be established.
650
- fingerprint is #{fingerprint}.
651
-
652
- Are you sure you want to continue connecting
653
- EOM
654
- # FIXME: this should save the key to known_hosts but doesn't appear to be
655
- config[:ssh_verify_host_key] = :accept_new
656
- conn_opts = connection_opts(reset: true)
657
- opts.merge! conn_opts
658
- retry
659
- elsif (ssh? && e.cause && e.cause.class == Net::SSH::AuthenticationFailed) || (ssh? && e.class == Train::ClientError && e.reason == :no_ssh_password_or_key_available)
660
- if connection.password_auth?
661
- raise
662
- else
663
- ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
664
- password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
665
- end
666
-
667
- opts.merge! force_ssh_password_opts(password)
668
- retry
669
- else
670
- raise
671
- end
672
- rescue RuntimeError => e
673
- if winrm? && e.message == "password is a required option"
674
- if connection.password_auth?
675
- raise
676
- else
677
- ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
678
- password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
679
- end
680
-
681
- opts.merge! force_winrm_password_opts(password)
682
- retry
683
- else
684
- raise
685
- end
686
- end
687
-
688
- def handle_ssh_error(e); end
689
-
690
- # url values override CLI flags, if you provide both
691
- # we'll use the one that you gave in the URL.
692
- def connection_protocol
693
- return @connection_protocol if @connection_protocol
694
-
695
- from_url = host_descriptor =~ %r{^(.*)://} ? $1 : nil
696
- from_knife = config[:connection_protocol]
697
- @connection_protocol = from_url || from_knife || "ssh"
698
- end
699
-
700
- def do_connect(conn_options)
701
- @connection = TrainConnector.new(host_descriptor, connection_protocol, conn_options)
702
- connection.connect!
703
- rescue Train::UserError => e
704
- limit ||= 1
705
- if !conn_options.key?(:pty) && e.reason == :sudo_no_tty
706
- ui.warn("#{e.message} - trying with pty request")
707
- conn_options[:pty] = true # ensure we can talk to systems with requiretty set true in sshd config
708
- retry
709
- elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3
710
- ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt")
711
- sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:", echo: false)
712
- limit += 1
713
- conn_options[:sudo_password] = sudo_password
714
-
715
- retry
716
- else
717
- raise
718
- end
719
- end
720
-
721
- # Fail if both first_boot_attributes and first_boot_attributes_from_file
722
- # are set.
723
- def validate_first_boot_attributes!
724
- if @config[:first_boot_attributes] && @config[:first_boot_attributes_from_file]
725
- raise Chef::Exceptions::BootstrapCommandInputError
726
- end
727
-
728
- true
729
- end
730
-
731
- # FIXME: someone needs to clean this up properly: https://github.com/chef/chef/issues/9645
732
- # This code is deliberately left without an abstraction around deprecating the config options to avoid knife plugins from
733
- # using those methods (which will need to be deprecated and break them) via inheritance (ruby does not have a true `private`
734
- # so the lack of any inheritable implementation is because of that).
735
- #
736
- def winrm_auth_method
737
- config.key?(:winrm_auth_method) ? config[:winrm_auth_method] : config.key?(:winrm_authentications_protocol) ? config[:winrm_authentication_protocol] : "negotiate" # rubocop:disable Style/NestedTernaryOperator
738
- end
739
-
740
- def ssh_verify_host_key
741
- config.key?(:ssh_verify_host_key) ? config[:ssh_verify_host_key] : config.key?(:host_key_verify) ? config[:host_key_verify] : "always" # rubocop:disable Style/NestedTernaryOperator
742
- end
743
-
744
- # Fail if using plaintext auth without ssl because
745
- # this can expose keys in plaintext on the wire.
746
- # TODO test for this method
747
- # TODO check that the protocol is valid.
748
- def validate_winrm_transport_opts!
749
- return true unless winrm?
750
-
751
- if Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key]))
752
- if winrm_auth_method == "plaintext" &&
753
- config[:winrm_ssl] != true
754
- ui.error <<~EOM
755
- Validatorless bootstrap over unsecure winrm channels could expose your
756
- key to network sniffing.
757
- Please use a 'winrm_auth_method' other than 'plaintext',
758
- or enable ssl on #{server_name} then use the ---winrm-ssl flag
759
- to connect.
760
- EOM
761
-
762
- exit 1
763
- end
764
- end
765
- true
766
- end
767
-
768
- # fail if the server_name is nil
769
- def validate_name_args!
770
- if server_name.nil?
771
- ui.error("Must pass an FQDN or ip to bootstrap")
772
- exit 1
773
- end
774
- end
775
-
776
- # Ensure options are valid by checking policyfile values.
777
- #
778
- # The method call will cause the program to exit(1) if:
779
- # * Only one of --policy-name and --policy-group is specified
780
- # * Policyfile options are set and --run-list is set as well
781
- #
782
- # @return [TrueClass] If options are valid.
783
- def validate_policy_options!
784
- if incomplete_policyfile_options?
785
- ui.error("--policy-name and --policy-group must be specified together")
786
- exit 1
787
- elsif policyfile_and_run_list_given?
788
- ui.error("Policyfile options and --run-list are exclusive")
789
- exit 1
790
- end
791
- end
792
-
793
- # Ensure a valid protocol is provided for target host connection
794
- #
795
- # The method call will cause the program to exit(1) if:
796
- # * Conflicting protocols are given via the target URI and the --protocol option
797
- # * The protocol is not a supported protocol
798
- #
799
- # @return [TrueClass] If options are valid.
800
- def validate_protocol!
801
- from_cli = config[:connection_protocol]
802
- if from_cli && connection_protocol != from_cli
803
- # Hanging indent to align with the ERROR: prefix
804
- ui.error <<~EOM
805
- The URL '#{host_descriptor}' indicates protocol is '#{connection_protocol}'
806
- while the --protocol flag specifies '#{from_cli}'. Please include
807
- only one or the other.
808
- EOM
809
- exit 1
810
- end
811
-
812
- unless SUPPORTED_CONNECTION_PROTOCOLS.include?(connection_protocol)
813
- ui.error <<~EOM
814
- Unsupported protocol '#{connection_protocol}'.
815
-
816
- Supported protocols are: #{SUPPORTED_CONNECTION_PROTOCOLS.join(" ")}
817
- EOM
818
- exit 1
819
- end
820
- true
821
- end
822
-
823
- # Validate any additional options
824
- #
825
- # Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to validate any additional options before any other actions are executed
826
- #
827
- # @return [TrueClass] If options are valid or exits
828
- def plugin_validate_options!
829
- true
830
- end
831
-
832
- # Create the server that we will bootstrap, if necessary
833
- #
834
- # Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to call out to an API to build an instance of the server we wish to bootstrap
835
- #
836
- # @return [TrueClass] If instance successfully created, or exits
837
- def plugin_create_instance!
838
- true
839
- end
840
-
841
- # Perform any setup necessary by the plugin
842
- #
843
- # Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to create connection objects
844
- #
845
- # @return [TrueClass] If instance successfully created, or exits
846
- def plugin_setup!; end
847
-
848
- # Perform any teardown or cleanup necessary by the plugin
849
- #
850
- # Plugins that subclass bootstrap, e.g. knife-ec2, can use this method to display a message or perform any cleanup
851
- #
852
- # @return [void]
853
- def plugin_finalize; end
854
-
855
- # If session_timeout is too short, it is likely
856
- # a holdover from "--winrm-session-timeout" which used
857
- # minutes as its unit, instead of seconds.
858
- # Warn the human so that they are not surprised.
859
- #
860
- def warn_on_short_session_timeout
861
- if session_timeout && session_timeout <= 15
862
- ui.warn <<~EOM
863
- You provided '--session-timeout #{session_timeout}' second(s).
864
- Did you mean '--session-timeout #{session_timeout * 60}' seconds?
865
- EOM
866
- end
867
- end
868
-
869
- def winrm_warn_no_ssl_verification
870
- return unless winrm?
871
-
872
- # REVIEWER NOTE
873
- # The original check from knife plugin did not include winrm_ssl_peer_fingerprint
874
- # Reference:
875
- # https://github.com/chef/knife-windows/blob/92d151298142be4a4750c5b54bb264f8d5b81b8a/lib/chef/knife/winrm_knife_base.rb#L271-L273
876
- # TODO Seems like we should also do a similar warning if ssh_verify_host == false
877
- if config[:ca_trust_file].nil? &&
878
- config[:winrm_no_verify_cert] &&
879
- config[:winrm_ssl_peer_fingerprint].nil?
880
- ui.warn <<~WARN
881
- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
882
- SSL validation of HTTPS requests for the WinRM transport is disabled.
883
- HTTPS WinRM connections are still encrypted, but knife is not able
884
- to detect forged replies or spoofing attacks.
885
-
886
- To work around this issue you can use the flag `--winrm-no-verify-cert`
887
- or add an entry like this to your knife configuration file:
888
-
889
- # Verify all WinRM HTTPS connections
890
- knife[:winrm_no_verify_cert] = true
891
-
892
- You can also specify a ca_trust_file via --ca-trust-file,
893
- or the expected fingerprint of the target host's certificate
894
- via --winrm-ssl-peer-fingerprint.
895
- WARN
896
- end
897
- end
898
-
899
- # @return a configuration hash suitable for connecting to the remote
900
- # host via train
901
- def connection_opts(reset: false)
902
- return @connection_opts unless @connection_opts.nil? || reset == true
903
-
904
- @connection_opts = {}
905
- @connection_opts.merge! base_opts
906
- @connection_opts.merge! host_verify_opts
907
- @connection_opts.merge! gateway_opts
908
- @connection_opts.merge! sudo_opts
909
- @connection_opts.merge! winrm_opts
910
- @connection_opts.merge! ssh_opts
911
- @connection_opts.merge! ssh_identity_opts
912
- @connection_opts
913
- end
914
-
915
- def winrm?
916
- connection_protocol == "winrm"
917
- end
918
-
919
- def ssh?
920
- connection_protocol == "ssh"
921
- end
922
-
923
- # Common configuration for all protocols
924
- def base_opts
925
- port = config_for_protocol(:port)
926
- user = config_for_protocol(:user)
927
- {}.tap do |opts|
928
- opts[:logger] = Chef::Log
929
- opts[:password] = config[:connection_password] if config.key?(:connection_password)
930
- opts[:user] = user if user
931
- opts[:max_wait_until_ready] = config[:max_wait].to_f unless config[:max_wait].nil?
932
- # TODO - when would we need to provide rdp_port vs port? Or are they not mutually exclusive?
933
- opts[:port] = port if port
934
- end
935
- end
936
-
937
- def host_verify_opts
938
- if winrm?
939
- { self_signed: config[:winrm_no_verify_cert] === true }
940
- elsif ssh?
941
- # Fall back to the old knife config key name for back compat.
942
- { verify_host_key: ssh_verify_host_key }
943
- else
944
- {}
945
- end
946
- end
947
-
948
- def ssh_opts
949
- opts = {}
950
- return opts if winrm?
951
-
952
- opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
953
- opts[:forward_agent] = (config[:ssh_forward_agent] === true)
954
- opts[:connection_timeout] = session_timeout
955
- opts
956
- end
957
-
958
- def ssh_identity_opts
959
- opts = {}
960
- return opts if winrm?
961
-
962
- identity_file = config[:ssh_identity_file]
963
- if identity_file
964
- opts[:key_files] = [identity_file]
965
- # We only set keys_only based on the explicit ssh_identity_file;
966
- # someone may use a gateway key and still expect password auth
967
- # on the target. Similarly, someone may have a default key specified
968
- # in knife config, but have provided a password on the CLI.
969
-
970
- # REVIEW NOTE: this is a new behavior. Originally, ssh_identity_file
971
- # could only be populated from CLI options, so there was no need to check
972
- # for this. We will also set keys_only to false only if there are keys
973
- # and no password.
974
- # If both are present, train(via net/ssh) will prefer keys, falling back to password.
975
- # Reference: https://github.com/chef/chef/blob/master/lib/chef/knife/ssh.rb#L272
976
- opts[:keys_only] = config.key?(:connection_password) == false
977
- else
978
- opts[:key_files] = []
979
- opts[:keys_only] = false
980
- end
981
-
982
- gateway_identity_file = config[:ssh_gateway] ? config[:ssh_gateway_identity] : nil
983
- unless gateway_identity_file.nil?
984
- opts[:key_files] << gateway_identity_file
985
- end
986
-
987
- opts
988
- end
989
-
990
- def gateway_opts
991
- opts = {}
992
- if config[:ssh_gateway]
993
- split = config[:ssh_gateway].split("@", 2)
994
- if split.length == 1
995
- gw_host = split[0]
996
- else
997
- gw_user = split[0]
998
- gw_host = split[1]
999
- end
1000
- gw_host, gw_port = gw_host.split(":", 2)
1001
- # TODO - validate convertible port in config validation?
1002
- gw_port = Integer(gw_port) rescue nil
1003
- opts[:bastion_host] = gw_host
1004
- opts[:bastion_user] = gw_user
1005
- opts[:bastion_port] = gw_port
1006
- end
1007
- opts
1008
- end
1009
-
1010
- # use_sudo - tells bootstrap to use the sudo command to run bootstrap
1011
- # use_sudo_password - tells bootstrap to use the sudo command to run bootstrap
1012
- # and to use the password specified with --password
1013
- # TODO: I'd like to make our sudo options sane:
1014
- # --sudo (bool) - use sudo
1015
- # --sudo-password PASSWORD (default: :password) - use this password for sudo
1016
- # --sudo-options "opt,opt,opt" to pass into sudo
1017
- # --sudo-command COMMAND sudo command other than sudo
1018
- # REVIEW NOTE: knife bootstrap did not pull sudo values from Chef::Config,
1019
- # should we change that for consistency?
1020
- def sudo_opts
1021
- return {} if winrm?
1022
-
1023
- opts = { sudo: false }
1024
- if config[:use_sudo]
1025
- opts[:sudo] = true
1026
- if config[:use_sudo_password]
1027
- opts[:sudo_password] = config[:connection_password]
1028
- end
1029
- if config[:preserve_home]
1030
- opts[:sudo_options] = "-H"
1031
- end
1032
- end
1033
- opts
1034
- end
1035
-
1036
- def winrm_opts
1037
- return {} unless winrm?
1038
-
1039
- opts = {
1040
- winrm_transport: winrm_auth_method, # winrm gem and train calls auth method 'transport'
1041
- winrm_basic_auth_only: config[:winrm_basic_auth_only] || false,
1042
- ssl: config[:winrm_ssl] === true,
1043
- ssl_peer_fingerprint: config[:winrm_ssl_peer_fingerprint],
1044
- }
1045
-
1046
- if winrm_auth_method == "kerberos"
1047
- opts[:kerberos_service] = config[:kerberos_service] if config[:kerberos_service]
1048
- opts[:kerberos_realm] = config[:kerberos_realm] if config[:kerberos_service]
1049
- end
1050
-
1051
- if config[:ca_trust_file]
1052
- opts[:ca_trust_path] = config[:ca_trust_file]
1053
- end
1054
-
1055
- opts[:operation_timeout] = session_timeout
1056
-
1057
- opts
1058
- end
1059
-
1060
- # Config overrides to force password auth.
1061
- def force_ssh_password_opts(password)
1062
- {
1063
- password: password,
1064
- non_interactive: false,
1065
- keys_only: false,
1066
- key_files: [],
1067
- auth_methods: %i{password keyboard_interactive},
1068
- }
1069
- end
1070
-
1071
- def force_winrm_password_opts(password)
1072
- {
1073
- password: password,
1074
- }
1075
- end
1076
-
1077
- # This is for deprecating config options. The fallback_key can be used
1078
- # to pull an old knife config option out of the config file when the
1079
- # cli value has been renamed. This is different from the deprecated
1080
- # cli values, since these are for config options that have no corresponding
1081
- # cli value.
1082
- #
1083
- # DO NOT USE - this whole API is considered deprecated
1084
- #
1085
- # @api deprecated
1086
- #
1087
- def config_value(key, fallback_key = nil, default = nil)
1088
- Chef.deprecated(:knife_bootstrap_apis, "Use of config_value is deprecated. Knife plugin authors should access the config hash directly, which does correct merging of cli and config options.")
1089
- if config.key?(key)
1090
- # the first key is the primary key so we check the merged hash first
1091
- config[key]
1092
- elsif config.key?(fallback_key)
1093
- # we get the old config option here (the deprecated cli option shouldn't exist)
1094
- config[fallback_key]
1095
- else
1096
- default
1097
- end
1098
- end
1099
-
1100
- def upload_bootstrap(content)
1101
- script_name = connection.windows? ? "bootstrap.bat" : "bootstrap.sh"
1102
- remote_path = connection.normalize_path(File.join(connection.temp_dir, script_name))
1103
- connection.upload_file_content!(content, remote_path)
1104
- remote_path
1105
- end
1106
-
1107
- # build the command string for bootstrapping
1108
- # @return String
1109
- def bootstrap_command(remote_path)
1110
- if connection.windows?
1111
- "cmd.exe /C #{remote_path}"
1112
- else
1113
- cmd = "sh #{remote_path}"
1114
-
1115
- if config[:su_user]
1116
- # su - USER is subject to required an interactive console
1117
- # Otherwise, it will raise: su: must be run from a terminal
1118
- set_transport_options(pty: true)
1119
- cmd = "su - #{config[:su_user]} -c '#{cmd}'"
1120
- cmd = "sudo " << cmd if config[:use_sudo]
1121
- end
1122
-
1123
- cmd
1124
- end
1125
- end
1126
-
1127
- private
1128
-
1129
- # To avoid cluttering the CLI options, some flags (such as port and user)
1130
- # are shared between protocols. However, there is still a need to allow the operator
1131
- # to specify defaults separately, since they may not be the same values for different
1132
- # protocols.
1133
-
1134
- # These keys are available in Chef::Config, and are prefixed with the protocol name.
1135
- # For example, :user CLI option will map to :winrm_user and :ssh_user Chef::Config keys,
1136
- # based on the connection protocol in use.
1137
-
1138
- # @api private
1139
- def config_for_protocol(option)
1140
- if option == :port
1141
- config[:connection_port] || config[knife_key_for_protocol(option)]
1142
- else
1143
- config[:connection_user] || config[knife_key_for_protocol(option)]
1144
- end
1145
- end
1146
-
1147
- # @api private
1148
- def knife_key_for_protocol(option)
1149
- "#{connection_protocol}_#{option}".to_sym
1150
- end
1151
-
1152
- # True if policy_name and run_list are both given
1153
- def policyfile_and_run_list_given?
1154
- run_list_given? && policyfile_options_given?
1155
- end
1156
-
1157
- def run_list_given?
1158
- !config[:run_list].nil? && !config[:run_list].empty?
1159
- end
1160
-
1161
- def policyfile_options_given?
1162
- !!config[:policy_name]
1163
- end
1164
-
1165
- # True if one of policy_name or policy_group was given, but not both
1166
- def incomplete_policyfile_options?
1167
- (!!config[:policy_name] ^ config[:policy_group])
1168
- end
1169
-
1170
- # session_timeout option has a default that may not arrive, particularly if
1171
- # we're being invoked from a plugin that doesn't merge_config.
1172
- def session_timeout
1173
- timeout = config[:session_timeout]
1174
- return options[:session_timeout][:default] if timeout.nil?
1175
-
1176
- timeout.to_i
1177
- end
1178
-
1179
- # Train::Transports::SSH::Connection#transport_options
1180
- # Append the options to connection transport_options
1181
- #
1182
- # @param opts [Hash] the opts to be added to connection transport_options.
1183
- # @return [Hash] transport_options if the opts contains any option to be set.
1184
- #
1185
- def set_transport_options(opts)
1186
- return unless opts.is_a?(Hash) || !opts.empty?
1187
-
1188
- connection&.connection&.transport_options&.merge! opts
1189
- end
1190
- end
1191
- end
1192
- end