chef 16.2.44 → 16.4.35

data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb}

@@ -1,5 +1,4 @@
 #
-# Author:: Adam Jacob (<adam@chef.io>)
 # Copyright:: Copyright (c) Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
@@ -16,9 +15,18 @@
 # limitations under the License.
 #
 
-require "tempfile"
-require "logger"
-require "spec_helper"
+require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
 
-describe Chef::Log do
+class Chef
+  module Mixin
+    module DefaultPaths
+      include ChefUtils::DSL::DefaultPaths
+
+      def enforce_default_paths(env = ENV)
+        if Chef::Config[:enforce_default_paths] || Chef::Config[:enforce_path_sanity]
+          env["PATH"] = default_paths(env)
+        end
+      end
+    end
+  end
 end

data/lib/chef/mixin/openssl_helper.rb

@@ -282,7 +282,9 @@ class Chef
           ef.issuer_certificate = info["issuer"]
         end
         ef.subject_certificate = cert
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
 
         cert.extensions = extension
         cert.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
@@ -313,7 +315,9 @@ class Chef
         crl.last_update = Time.now
         crl.next_update = Time.now + 3600 * 24 * info["validity"]
 
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
         ef.issuer_certificate = info["issuer"]
 
         crl.add_extension ::OpenSSL::X509::Extension.new("crlNumber", ::OpenSSL::ASN1::Integer(1))
@@ -369,8 +373,7 @@ class Chef
         revoked.add_extension(ext)
         crl.add_revoked(revoked)
 
-        crl = renew_x509_crl(crl, ca_private_key, info)
-        crl
+        renew_x509_crl(crl, ca_private_key, info)
       end
 
       # renew a X509 crl given
@@ -391,7 +394,9 @@ class Chef
         crl.next_update = crl.last_update + 3600 * 24 * info["validity"]
 
         ef = ::OpenSSL::X509::ExtensionFactory.new
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
         ef.issuer_certificate = info["issuer"]
 
         crl.extensions = [ ::OpenSSL::X509::Extension.new("crlNumber",
@@ -407,7 +412,7 @@ class Chef
       # @param [string] cert_file path of the cert file or cert content
       # @param [integer] renew_before_expiry number of days before expiration
       # @return [true, false]
-      def cert_need_renewall?(cert_file, renew_before_expiry)
+      def cert_need_renewal?(cert_file, renew_before_expiry)
         resp = true
         cert_content = ::File.exist?(cert_file) ? File.read(cert_file) : cert_file
         begin
@@ -422,6 +427,25 @@ class Chef
 
         resp
       end
+
+      alias_method :cert_need_renewall?, :cert_need_renewal?
+
+      private
+
+      def __openssl_config
+        path = if File.exist?(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+                 OpenSSL::Config::DEFAULT_CONFIG_FILE
+               else
+                 Dir[File.join(RbConfig::CONFIG["prefix"], "**", "openssl.cnf")].first
+               end
+
+        if File.exist?(path)
+          ::OpenSSL::Config.load(path)
+        else
+          Chef::Log.warn("Couldn't find OpenSSL config file")
+          nil
+        end
+      end
     end
   end
 end

data/lib/chef/mixin/path_sanity.rb

@@ -16,14 +16,15 @@
 # limitations under the License.
 #
 
+require_relative "default_paths"
+
 class Chef
   module Mixin
-    # @ deprecated
     module PathSanity
+      include Chef::Mixin::DefaultPaths
+
       def enforce_path_sanity(env = ENV)
-        if Chef::Config[:enforce_path_sanity]
-          env["PATH"] = ChefUtils::DSL::PathSanity.sanitized_path(env)
-        end
+        enforce_default_paths(env)
       end
     end
   end

data/lib/chef/mixin/shell_out.rb

@@ -15,198 +15,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "mixlib/shellout" unless defined?(Mixlib::ShellOut::DEFAULT_READ_TIMEOUT)
-require "chef-utils/dsl/path_sanity" unless defined?(ChefUtils::DSL::PathSanity)
+require "mixlib/shellout/helper" unless defined?(Mixlib::ShellOut::Helper)
+require_relative "chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
 
 class Chef
   module Mixin
     module ShellOut
-
-      # PREFERRED APIS:
-      #
-      # all consumers should now call shell_out!/shell_out.
-      #
-      # the shell_out_compacted/shell_out_compacted! APIs are private but are intended for use
-      # in rspec tests, and should ideally always be used to make code refactoring that do not
-      # change behavior easier:
-      #
-      # allow(provider).to receive(:shell_out_compacted!).with("foo", "bar", "baz")
-      # provider.shell_out!("foo", [ "bar", nil, "baz"])
-      # provider.shell_out!(["foo", nil, "bar" ], ["baz"])
-      #
-      # note that shell_out_compacted also includes adding the magical timeout option to force
-      # people to setup expectations on that value explicitly.  it does not include the default_env
-      # mangling in order to avoid users having to setup an expectation on anything other than
-      # setting `default_env: false` and allow us to make tweak to the default_env without breaking
-      # a thousand unit tests.
-      #
-
-      def shell_out(*args, **options)
-        options = options.dup
-        options = Chef::Mixin::ShellOut.maybe_add_timeout(self, options)
-        if options.empty?
-          shell_out_compacted(*Chef::Mixin::ShellOut.clean_array(*args))
-        else
-          shell_out_compacted(*Chef::Mixin::ShellOut.clean_array(*args), **options)
-        end
-      end
-
-      def shell_out!(*args, **options)
-        options = options.dup
-        options = Chef::Mixin::ShellOut.maybe_add_timeout(self, options)
-        if options.empty?
-          shell_out_compacted!(*Chef::Mixin::ShellOut.clean_array(*args))
-        else
-          shell_out_compacted!(*Chef::Mixin::ShellOut.clean_array(*args), **options)
-        end
-      end
-
-      # helper sugar for resources that support passing timeouts to shell_out
-      #
-      # module method to not pollute namespaces, but that means we need self injected as an arg
-      # @api private
-      def self.maybe_add_timeout(obj, options)
-        options = options.dup
-        # historically resources have not properly declared defaults on their timeouts, so a default default of 900s was enforced here
-        default_val = 900
-        return options if options.key?(:timeout)
-
-        # FIXME: need to nuke descendent tracker out of Chef::Provider so we can just define that class here without requiring the
-        # world, and then just use symbol lookup
-        if obj.class.ancestors.map(&:name).include?("Chef::Provider") && obj.respond_to?(:new_resource) && obj.new_resource.respond_to?(:timeout) && !options.key?(:timeout)
-          options[:timeout] = obj.new_resource.timeout ? obj.new_resource.timeout.to_f : default_val
-        end
-        options
-      end
-
-      # helper function to mangle options when `default_env` is true
-      #
-      # @api private
-      def self.apply_default_env(options)
-        options = options.dup
-        default_env = options.delete(:default_env)
-        default_env = true if default_env.nil?
-        if default_env
-          env_key = options.key?(:env) ? :env : :environment
-          options[env_key] = {
-            "LC_ALL" => Chef::Config[:internal_locale],
-            "LANGUAGE" => Chef::Config[:internal_locale],
-            "LANG" => Chef::Config[:internal_locale],
-            env_path => ChefUtils::DSL::PathSanity.sanitized_path,
-          }.update(options[env_key] || {})
-        end
-        options
-      end
-
-      private
-
-      # this SHOULD be used for setting up expectations in rspec, see banner comment at top.
-      #
-      # the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
-      #
-      def shell_out_compacted(*args, **options)
-        options = Chef::Mixin::ShellOut.apply_default_env(options)
-        if options.empty?
-          Chef::Mixin::ShellOut.shell_out_command(*args)
-        else
-          Chef::Mixin::ShellOut.shell_out_command(*args, **options)
-        end
-      end
-
-      # this SHOULD be used for setting up expectations in rspec, see banner comment at top.
-      #
-      # the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
-      #
-      def shell_out_compacted!(*args, **options)
-        options = Chef::Mixin::ShellOut.apply_default_env(options)
-        cmd = if options.empty?
-                Chef::Mixin::ShellOut.shell_out_command(*args)
-              else
-                Chef::Mixin::ShellOut.shell_out_command(*args, **options)
-              end
-        cmd.error!
-        cmd
-      end
-
-      # Helper for subclasses to reject nil out of an array.  It allows
-      # using the array form of shell_out (which avoids the need to surround arguments with
-      # quote marks to deal with shells).
-      #
-      # Usage:
-      #   shell_out!(*clean_array("useradd", universal_options, useradd_options, new_resource.username))
-      #
-      # universal_options and useradd_options can be nil, empty array, empty string, strings or arrays
-      # and the result makes sense.
-      #
-      # keeping this separate from shell_out!() makes it a bit easier to write expectations against the
-      # shell_out args and be able to omit nils and such in the tests (and to test that the nils are
-      # being rejected correctly).
-      #
-      # @param args [String] variable number of string arguments
-      # @return [Array] array of strings with nil and null string rejection
-
-      def self.clean_array(*args)
-        args.flatten.compact.map(&:to_s)
-      end
-
-      def self.transport_connection
-        Chef.run_context.transport_connection
-      end
-
-      def self.shell_out_command(*args, **options)
-        if Chef::Config.target_mode?
-          FakeShellOut.new(args, options, transport_connection.run_command(args.join(" "))) # FIXME: train should accept run_command(*args)
-        else
-          cmd = if options.empty?
-                  Mixlib::ShellOut.new(*args)
-                else
-                  Mixlib::ShellOut.new(*args, **options)
-                end
-          cmd.live_stream ||= io_for_live_stream
-          cmd.run_command
-          cmd
-        end
-      end
-
-      def self.io_for_live_stream
-        if STDOUT.tty? && !Chef::Config[:daemon] && Chef::Log.debug?
-          STDOUT
-        else
-          nil
-        end
-      end
-
-      def self.env_path
-        if ChefUtils.windows?
-          "Path"
-        else
-          "PATH"
-        end
-      end
-
-      class FakeShellOut
-        attr_reader :stdout, :stderr, :exitstatus, :status
-
-        def initialize(args, options, result)
-          @args = args
-          @options = options
-          @stdout = result.stdout
-          @stderr = result.stderr
-          @exitstatus = result.exit_status
-          @status = OpenStruct.new(success?: ( exitstatus == 0 ))
-        end
-
-        def error?
-          exitstatus != 0
-        end
-
-        def error!
-          raise Mixlib::ShellOut::ShellCommandFailed, "Unexpected exit status of #{exitstatus} running #{@args}" if error?
-        end
-      end
+      include Mixlib::ShellOut::Helper
+      include Chef::Mixin::ChefUtilsWiring
     end
   end
 end
-
-# Break circular dep
-require_relative "../config"

data/lib/chef/mixin/template.rb

@@ -213,6 +213,7 @@ class Chef
 
       class TemplateError < RuntimeError
         attr_reader :original_exception, :context, :options
+
         SOURCE_CONTEXT_WINDOW = 2
 
         def initialize(original_exception, template, context, options)

data/lib/chef/mixin/which.rb

@@ -16,20 +16,23 @@
 # limitations under the License.
 
 require "chef-utils/dsl/which" unless defined?(ChefUtils::DSL::Which)
-require "chef-utils/dsl/path_sanity" unless defined?(ChefUtils::DSL::PathSanity)
+require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
+require_relative "chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
 
 class Chef
   module Mixin
     module Which
       include ChefUtils::DSL::Which
+      include ChefUtils::DSL::DefaultPaths
+      include ChefUtilsWiring
 
       private
 
-      # we dep-inject path sanity into this API for historical reasons
+      # we dep-inject default paths into this API for historical reasons
       #
       # @api private
       def __extra_path
-        ChefUtils::DSL::PathSanity.sane_paths
+        __default_paths
       end
     end
   end

data/lib/chef/mixins.rb

@@ -6,6 +6,7 @@ require_relative "mixin/deep_merge"
 require_relative "mixin/enforce_ownership_and_permissions"
 require_relative "mixin/from_file"
 require_relative "mixin/params_validate"
+require_relative "mixin/default_paths"
 require_relative "mixin/path_sanity"
 require_relative "mixin/template"
 require_relative "mixin/securable"

data/lib/chef/monkey_patches/webrick-utils.rb

@@ -33,16 +33,16 @@ module WEBrick
       last_error = nil
       sockets = []
       res.each do |ai|
-        begin
-          logger.debug("TCPServer.new(#{ai[3]}, #{port})") if logger
-          sock = TCPServer.new(ai[3], port)
-          port = sock.addr[1] if port == 0
-          Utils.set_close_on_exec(sock)
-          sockets << sock
-        rescue => ex
-          logger.warn("TCPServer Error: #{ex}") if logger
-          last_error = ex
-        end
+
+        logger.debug("TCPServer.new(#{ai[3]}, #{port})") if logger
+        sock = TCPServer.new(ai[3], port)
+        port = sock.addr[1] if port == 0
+        Utils.set_close_on_exec(sock)
+        sockets << sock
+      rescue => ex
+        logger.warn("TCPServer Error: #{ex}") if logger
+        last_error = ex
+
       end
       raise last_error if sockets.empty?
 

data/lib/chef/node.rb

@@ -34,8 +34,8 @@ require_relative "node/attribute"
 require_relative "mash"
 require_relative "json_compat"
 require_relative "search/query"
-require_relative "whitelist"
-require_relative "blacklist"
+require_relative "attribute_allowlist"
+require_relative "attribute_blocklist"
 
 class Chef
   class Node
@@ -706,21 +706,45 @@ class Chef
       end
     end
 
+    # a method to handle the renamed configuration from whitelist -> allowed
+    # and to throw a deprecation warning when the old configuration is set
+    #
+    # @param [String] level the attribute level
+    def allowlist_or_whitelist_config(level)
+      if Chef::Config["#{level}_attribute_whitelist".to_sym]
+        Chef.deprecated(:attribute_blacklist_configuration, "Attribute whitelist configurations have been deprecated. Use the allowed_LEVEL_attribute configs instead")
+        Chef::Config["#{level}_attribute_whitelist".to_sym]
+      else
+        Chef::Config["allowed_#{level}_attributes".to_sym]
+      end
+    end
+
+    # a method to handle the renamed configuration from blacklist -> blocked
+    # and to throw a deprecation warning when the old configuration is set
+    #
+    # @param [String] level the attribute level
+    def blocklist_or_blacklist_config(level)
+      if Chef::Config["#{level}_attribute_blacklist".to_sym]
+        Chef.deprecated(:attribute_blacklist_configuration, "Attribute blacklist configurations have been deprecated. Use the blocked_LEVEL_attribute configs instead")
+        Chef::Config["#{level}_attribute_blacklist".to_sym]
+      else
+        Chef::Config["blocked_#{level}_attributes".to_sym]
+      end
+    end
+
     def data_for_save
       data = for_json
       %w{automatic default normal override}.each do |level|
-        whitelist_config_option = "#{level}_attribute_whitelist".to_sym
-        whitelist = Chef::Config[whitelist_config_option]
-        unless whitelist.nil? # nil => save everything
-          logger.info("Whitelisting #{level} node attributes for save.")
-          data[level] = Chef::Whitelist.filter(data[level], whitelist)
+        allowlist = allowlist_or_whitelist_config(level)
+        unless allowlist.nil? # nil => save everything
+          logger.info("Allowing #{level} node attributes for save.")
+          data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
         end
 
-        blacklist_config_option = "#{level}_attribute_blacklist".to_sym
-        blacklist = Chef::Config[blacklist_config_option]
-        unless blacklist.nil? # nil => remove nothing
-          logger.info("Blacklisting #{level} node attributes for save")
-          data[level] = Chef::Blacklist.filter(data[level], blacklist)
+        blocklist = blocklist_or_blacklist_config(level)
+        unless blocklist.nil? # nil => remove nothing
+          logger.info("Blocking #{level} node attributes for save")
+          data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
         end
       end
       data