chef 16.17.18-universal-mingw32 → 17.0.242-universal-mingw32

data/lib/chef/knife/acl_bulk_remove.rb

@@ -1,83 +0,0 @@
-#
-# Author:: Jeremiah Snapp (jeremiah@chef.io)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require_relative "../knife"
-
-class Chef
-  class Knife
-    class AclBulkRemove < Chef::Knife
-      category "acl"
-      banner "knife acl bulk remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
-
-      deps do
-        require_relative "acl_base"
-        include Chef::Knife::AclBase
-      end
-
-      def run
-        member_type, member_name, object_type, regex, perms = name_args
-        object_name_matcher = /#{regex}/
-
-        if name_args.length != 5
-          show_usage
-          ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
-          exit 1
-        end
-
-        if member_name == "pivotal" && %w{client user}.include?(member_type)
-          ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
-          exit 1
-        end
-        if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
-          ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
-          ui.fatal "       Removal could prevent future attempts to modify permissions."
-          exit 1
-        end
-        validate_perm_type!(perms)
-        validate_member_type!(member_type)
-        validate_member_name!(member_name)
-        validate_object_type!(object_type)
-        validate_member_exists!(member_type, member_name)
-
-        if %w{containers groups}.include?(object_type)
-          ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
-          exit 1
-        end
-
-        objects_to_modify = []
-        all_objects = rest.get_rest(object_type)
-        objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
-
-        if objects_to_modify.empty?
-          ui.info "No #{object_type} match the expression /#{regex}/"
-          exit 0
-        end
-
-        ui.msg("The ACL of the following #{object_type} will be modified:")
-        ui.msg("")
-        ui.msg(ui.list(objects_to_modify.sort, :columns_down))
-        ui.msg("")
-        ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
-
-        objects_to_modify.each do |object_name|
-          remove_from_acl!(member_type, member_name, object_type, object_name, perms)
-        end
-      end
-    end
-  end
-end

data/lib/chef/knife/acl_remove.rb

@@ -1,62 +0,0 @@
-#
-# Author:: Steven Danna (steve@chef.io)
-# Author:: Jeremiah Snapp (jeremiah@chef.io)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require_relative "../knife"
-
-class Chef
-  class Knife
-    class AclRemove < Chef::Knife
-      category "acl"
-      banner "knife acl remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
-
-      deps do
-        require_relative "acl_base"
-        include Chef::Knife::AclBase
-      end
-
-      def run
-        member_type, member_name, object_type, object_name, perms = name_args
-
-        if name_args.length != 5
-          show_usage
-          ui.fatal "You must specify the member type [client|group|user], member name, object type, object name and perms"
-          exit 1
-        end
-
-        if member_name == "pivotal" && %w{client user}.include?(member_type)
-          ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
-          exit 1
-        end
-        if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
-          ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
-          ui.fatal "       Removal could prevent future attempts to modify permissions."
-          exit 1
-        end
-        validate_perm_type!(perms)
-        validate_member_type!(member_type)
-        validate_member_name!(member_name)
-        validate_object_name!(object_name)
-        validate_object_type!(object_type)
-        validate_member_exists!(member_type, member_name)
-
-        remove_from_acl!(member_type, member_name, object_type, object_name, perms)
-      end
-    end
-  end
-end

data/lib/chef/knife/acl_show.rb

@@ -1,56 +0,0 @@
-#
-# Author:: Steven Danna (steve@chef.io)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require_relative "../knife"
-
-class Chef
-  class Knife
-    class AclShow < Chef::Knife
-      category "acl"
-      banner "knife acl show OBJECT_TYPE OBJECT_NAME"
-
-      deps do
-        require_relative "acl_base"
-        include Chef::Knife::AclBase
-      end
-
-      def run
-        object_type, object_name = name_args
-
-        if name_args.length != 2
-          show_usage
-          ui.fatal "You must specify an object type and object name"
-          exit 1
-        end
-
-        validate_object_type!(object_type)
-        validate_object_name!(object_name)
-        acl = get_acl(object_type, object_name)
-        PERM_TYPES.each do |perm|
-          # Filter out the actors field if we have
-          # users and clients.  Note that if one is present,
-          # both will be - but we're checking both for completeness.
-          if acl[perm].key?("users") && acl[perm].key?("clients")
-            acl[perm].delete "actors"
-          end
-        end
-        ui.output acl
-      end
-    end
-  end
-end

data/lib/chef/knife/bootstrap/chef_vault_handler.rb

@@ -1,162 +0,0 @@
-#
-# Author:: Lamont Granquist (<lamont@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-class Chef
-  class Knife
-    class Bootstrap < Knife
-      class ChefVaultHandler
-
-        # @return [Hash] knife merged config, typically @config
-        attr_accessor :config
-
-        # @return [Chef::Knife::UI] ui object for output
-        attr_accessor :ui
-
-        # @return [Chef::ApiClient] vault client
-        attr_reader :client
-
-        # @param config [Hash] knife merged config, typically @config
-        # @param ui [Chef::Knife::UI] ui object for output
-        def initialize(config: {}, knife_config: nil, ui: nil)
-          @config = config
-          unless knife_config.nil?
-            @config = knife_config
-            Chef.deprecated(:knife_bootstrap_apis, "The knife_config option to the Bootstrap::ClientBuilder object is deprecated and has been renamed to just 'config'")
-          end
-          @ui = ui
-        end
-
-        # Updates the chef vault items for the newly created client.
-        #
-        # @param client [Chef::ApiClient] vault client
-        def run(client)
-          return unless doing_chef_vault?
-
-          sanity_check
-
-          @client = client
-
-          update_bootstrap_vault_json!
-        end
-
-        # Iterate through all the vault items to update.  Items may be either a String
-        # or an Array of Strings:
-        #
-        # {
-        #   "vault1":  "item",
-        #   "vault2":  [ "item1", "item2", "item2" ]
-        # }
-        #
-        def update_bootstrap_vault_json!
-          vault_json.each do |vault, items|
-            [ items ].flatten.each do |item|
-              update_vault(vault, item)
-            end
-          end
-        end
-
-        # @return [Boolean] if we've got chef vault options to act on or not
-        def doing_chef_vault?
-          !!(bootstrap_vault_json || bootstrap_vault_file || bootstrap_vault_item)
-        end
-
-        private
-
-        # warn if the user has given mutual conflicting options
-        def sanity_check
-          if bootstrap_vault_item && (bootstrap_vault_json || bootstrap_vault_file)
-            ui.warn "--vault-item given with --vault-list or --vault-file, ignoring the latter"
-          end
-
-          if bootstrap_vault_json && bootstrap_vault_file
-            ui.warn "--vault-list given with --vault-file, ignoring the latter"
-          end
-        end
-
-        # @return [String] string with serialized JSON representing the chef vault items
-        def bootstrap_vault_json
-          config[:bootstrap_vault_json]
-        end
-
-        # @return [String] JSON text in a file representing the chef vault items
-        def bootstrap_vault_file
-          config[:bootstrap_vault_file]
-        end
-
-        # @return [Hash] Ruby object representing the chef vault items to create
-        def bootstrap_vault_item
-          config[:bootstrap_vault_item]
-        end
-
-        # Helper to return a ruby object representing all the data bags and items
-        # to update via chef-vault.
-        #
-        # @return [Hash] deserialized ruby hash with all the vault items
-        def vault_json
-          @vault_json ||=
-            begin
-              if bootstrap_vault_item
-                bootstrap_vault_item
-              else
-                json = bootstrap_vault_json || File.read(bootstrap_vault_file)
-                Chef::JSONCompat.from_json(json)
-              end
-            end
-        end
-
-        # Update an individual vault item and save it
-        #
-        # @param vault [String] name of the chef-vault encrypted data bag
-        # @param item [String] name of the chef-vault encrypted item
-        def update_vault(vault, item)
-          require_chef_vault!
-          bootstrap_vault_item = load_chef_bootstrap_vault_item(vault, item)
-          bootstrap_vault_item.clients(client)
-          bootstrap_vault_item.save
-        end
-
-        # Hook to stub out ChefVault
-        #
-        # @param vault [String] name of the chef-vault encrypted data bag
-        # @param item [String] name of the chef-vault encrypted item
-        # @return [ChefVault::Item] ChefVault::Item object
-        def load_chef_bootstrap_vault_item(vault, item)
-          ChefVault::Item.load(vault, item)
-        end
-
-        public :load_chef_bootstrap_vault_item # for stubbing
-
-        # Helper to very lazily require the chef-vault gem
-        def require_chef_vault!
-          @require_chef_vault ||=
-            begin
-              error_message = "Knife bootstrap requires version 2.6.0 or higher of the chef-vault gem to configure vault items"
-              require "chef-vault"
-              if Gem::Version.new(ChefVault::VERSION) < Gem::Version.new("2.6.0")
-                raise error_message
-              end
-
-              true
-            rescue LoadError
-              raise error_message
-            end
-        end
-
-      end
-    end
-  end
-end

data/lib/chef/knife/bootstrap/client_builder.rb

@@ -1,212 +0,0 @@
-#
-# Author:: Lamont Granquist (<lamont@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require_relative "../../node"
-require_relative "../../server_api"
-require_relative "../../api_client/registration"
-require_relative "../../api_client"
-require "tmpdir" unless defined?(Dir.mktmpdir)
-
-class Chef
-  class Knife
-    class Bootstrap < Knife
-      class ClientBuilder
-
-        # @return [Hash] knife merged config, typically @config
-        attr_accessor :config
-        # @return [Hash] chef config object
-        attr_accessor :chef_config
-        # @return [Chef::Knife::UI] ui object for output
-        attr_accessor :ui
-        # @return [Chef::ApiClient] client saved on run
-        attr_reader :client
-
-        # @param config [Hash] Hash of knife config settings
-        # @param chef_config [Hash] Hash of chef config settings
-        # @param ui [Chef::Knife::UI] UI object for output
-        def initialize(config: {}, knife_config: nil, chef_config: {}, ui: nil)
-          @config = config
-          unless knife_config.nil?
-            @config = knife_config
-            Chef.deprecated(:knife_bootstrap_apis, "The knife_config option to the Bootstrap::ClientBuilder object is deprecated and has been renamed to just 'config'")
-          end
-          @chef_config = chef_config
-          @ui = ui
-        end
-
-        # Main entry.  Prompt the user to clean up any old client or node objects.  Then create
-        # the new client, then create the new node.
-        def run
-          sanity_check
-
-          ui.info("Creating new client for #{node_name}")
-
-          @client = create_client!
-
-          ui.info("Creating new node for #{node_name}")
-
-          create_node!
-        end
-
-        # Tempfile to use to write newly created client credentials to.
-        #
-        # This method is public so that the knife bootstrapper can read then and pass the value into
-        # the handler for chef vault which needs the client cert we create here.
-        #
-        # We hang onto the tmpdir as an ivar as well so that it will not get GC'd and removed
-        #
-        # @return [String] path to the generated client.pem
-        def client_path
-          @client_path ||=
-            begin
-              @tmpdir = Dir.mktmpdir
-              File.join(@tmpdir, "#{node_name}.pem")
-            end
-        end
-
-        private
-
-        # @return [String] node name from the config
-        def node_name
-          config[:chef_node_name]
-        end
-
-        # @return [String] environment from the config
-        def environment
-          config[:environment]
-        end
-
-        # @return [String] run_list from the config
-        def run_list
-          config[:run_list]
-        end
-
-        # @return [String] policy_name from the config
-        def policy_name
-          config[:policy_name]
-        end
-
-        # @return [String] policy_group from the config
-        def policy_group
-          config[:policy_group]
-        end
-
-        # @return [Hash,Array] Object representation of json first-boot attributes from the config
-        def first_boot_attributes
-          config[:first_boot_attributes]
-        end
-
-        # @return [String] chef server url from the Chef::Config
-        def chef_server_url
-          chef_config[:chef_server_url]
-        end
-
-        # Accesses the run_list and coerces it into an Array, changing nils into
-        # the empty Array, and splitting strings representations of run_lists into
-        # Arrays.
-        #
-        # @return [Array] run_list coerced into an array
-        def normalized_run_list
-          case run_list
-          when nil
-            []
-          when String
-            run_list.split(/\s*,\s*/)
-          when Array
-            run_list
-          end
-        end
-
-        # Create the client object and save it to the Chef API
-        def create_client!
-          Chef::ApiClient::Registration.new(node_name, client_path, http_api: rest).run
-        end
-
-        # Create the node object (via the lazy accessor) and save it to the Chef API
-        def create_node!
-          node.save
-        end
-
-        # Create a new Chef::Node.  Supports creating the node with its name, run_list, attributes
-        # and environment.  This injects a rest object into the Chef::Node which uses the client key
-        # for authentication so that the client creates the node and therefore we get the acls setup
-        # correctly.
-        #
-        # @return [Chef::Node] new chef node to create
-        def node
-          @node ||=
-            begin
-              node = Chef::Node.new(chef_server_rest: client_rest)
-              node.name(node_name)
-              node.run_list(normalized_run_list)
-              node.normal_attrs = first_boot_attributes if first_boot_attributes
-              node.environment(environment) if environment
-              node.policy_name = policy_name if policy_name
-              node.policy_group = policy_group if policy_group
-              (config[:tags] || []).each do |tag|
-                node.tags << tag
-              end
-              node
-            end
-        end
-
-        # Check for the existence of a node and/or client already on the server.  If the node
-        # already exists, we must delete it in order to proceed so that we can create a new node
-        # object with the permissions of the new client.  There is a use case for creating a new
-        # client and wiring it up to a precreated node object, but we do currently support that.
-        #
-        # We prompt the user about what to do and will fail hard if we do not get confirmation to
-        # delete any prior node/client objects.
-        def sanity_check
-          if resource_exists?("nodes/#{node_name}")
-            ui.confirm("Node #{node_name} exists, overwrite it")
-            rest.delete("nodes/#{node_name}")
-          end
-          if resource_exists?("clients/#{node_name}")
-            ui.confirm("Client #{node_name} exists, overwrite it")
-            rest.delete("clients/#{node_name}")
-          end
-        end
-
-        # Check if an relative path exists on the chef server
-        #
-        # @param relative_path [String] URI path relative to the chef organization
-        # @return [Boolean] if the relative path exists or returns a 404
-        def resource_exists?(relative_path)
-          rest.get(relative_path)
-          true
-        rescue Net::HTTPClientException => e
-          raise unless e.response.code == "404"
-
-          false
-        end
-
-        # @return [Chef::ServerAPI] REST client using the client credentials
-        def client_rest
-          @client_rest ||= Chef::ServerAPI.new(chef_server_url, client_name: node_name, signing_key_filename: client_path)
-        end
-
-        # @return [Chef::ServerAPI] REST client using the cli user's knife credentials
-        # this uses the users's credentials
-        def rest
-          @rest ||= Chef::ServerAPI.new(chef_server_url)
-        end
-      end
-    end
-  end
-end

data/lib/chef/knife/bootstrap/templates/README.md

@@ -1,11 +0,0 @@
-This directory contains bootstrap templates which can be used with the -d flag
-to 'knife bootstrap' to install Chef in different ways. To simplify installation,
-and reduce the matrix of common installation patterns to support, we have
-standardized on the [Omnibus](https://github.com/chef/omnibus) built installation
-packages.
-
-The 'chef-full' template downloads a script which is used to determine the correct
-Omnibus package for this system from the [Omnitruck](https://docs.chef.io/api_omnitruck/) API.
-
-You can still utilize custom bootstrap templates on your system if your installation
-needs are unique. Additional information can be found on the [docs site](https://docs.chef.io/knife_bootstrap/#custom-templates).