chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/Rakefile +3 -16
- data/chef-universal-mingw32.gemspec +2 -3
- data/chef.gemspec +4 -3
- data/lib/chef/action_collection.rb +4 -0
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +13 -1
- data/lib/chef/application/apply.rb +6 -5
- data/lib/chef/application/windows_service.rb +27 -27
- data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
- data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
- data/lib/chef/chef_class.rb +0 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
- data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
- data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/client.rb +14 -14
- data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
- data/lib/chef/cookbook/syntax_check.rb +1 -2
- data/lib/chef/cookbook_loader.rb +15 -29
- data/lib/chef/data_bag.rb +1 -2
- data/lib/chef/data_collector/run_end_message.rb +11 -1
- data/lib/chef/deprecated.rb +8 -0
- data/lib/chef/digester.rb +3 -2
- data/lib/chef/dsl/platform_introspection.rb +9 -7
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
- data/lib/chef/environment.rb +3 -4
- data/lib/chef/exceptions.rb +4 -1
- data/lib/chef/file_access_control/windows.rb +2 -2
- data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
- data/lib/chef/file_content_management/tempfile.rb +9 -9
- data/lib/chef/handler.rb +2 -0
- data/lib/chef/http.rb +12 -12
- data/lib/chef/http/authenticator.rb +3 -1
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +18 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
- data/lib/chef/knife/config_get.rb +1 -0
- data/lib/chef/knife/config_list_profiles.rb +4 -1
- data/lib/chef/knife/configure.rb +1 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +29 -37
- data/lib/chef/knife/core/bootstrap_context.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
- data/lib/chef/knife/core/subcommand_loader.rb +20 -1
- data/lib/chef/knife/core/ui.rb +8 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +33 -26
- data/lib/chef/knife/delete.rb +15 -15
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/rehash.rb +3 -21
- data/lib/chef/knife/ssh.rb +11 -7
- data/lib/chef/knife/xargs.rb +19 -19
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/log.rb +7 -2
- data/lib/chef/mixin/checksum.rb +0 -1
- data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
- data/lib/chef/mixin/deep_merge.rb +35 -6
- data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
- data/lib/chef/mixin/openssl_helper.rb +30 -6
- data/lib/chef/mixin/path_sanity.rb +5 -4
- data/lib/chef/mixin/shell_out.rb +4 -188
- data/lib/chef/mixin/template.rb +1 -0
- data/lib/chef/mixin/which.rb +6 -3
- data/lib/chef/mixins.rb +1 -0
- data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
- data/lib/chef/node.rb +36 -12
- data/lib/chef/node/attribute.rb +2 -4
- data/lib/chef/node_map.rb +21 -18
- data/lib/chef/platform/service_helpers.rb +31 -28
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider/cron/unix.rb +0 -2
- data/lib/chef/provider/git.rb +17 -9
- data/lib/chef/provider/group.rb +0 -2
- data/lib/chef/provider/group/suse.rb +5 -5
- data/lib/chef/provider/ifconfig.rb +1 -4
- data/lib/chef/provider/mount.rb +0 -2
- data/lib/chef/provider/mount/solaris.rb +0 -1
- data/lib/chef/provider/package.rb +0 -2
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/snap.rb +3 -4
- data/lib/chef/provider/package/windows.rb +9 -4
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/powershell_script.rb +21 -5
- data/lib/chef/provider/route.rb +1 -1
- data/lib/chef/provider/service.rb +2 -2
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +1 -1
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/openbsd.rb +1 -4
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +10 -10
- data/lib/chef/provider/systemd_unit.rb +0 -2
- data/lib/chef/provider/template/content.rb +1 -0
- data/lib/chef/provider/user/dscl.rb +2 -2
- data/lib/chef/provider/user/mac.rb +9 -9
- data/lib/chef/provider/windows_task.rb +0 -3
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +1 -2
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource.rb +9 -11
- data/lib/chef/resource/apt_repository.rb +1 -10
- data/lib/chef/resource/build_essential.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
- data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
- data/lib/chef/resource/chef_vault_secret.rb +13 -13
- data/lib/chef/resource/chocolatey_feature.rb +1 -2
- data/lib/chef/resource/cron/cron_d.rb +1 -1
- data/lib/chef/resource/cron_access.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +1 -1
- data/lib/chef/resource/execute.rb +4 -5
- data/lib/chef/resource/homebrew_update.rb +2 -2
- data/lib/chef/resource/hostname.rb +18 -18
- data/lib/chef/resource/launchd.rb +1 -1
- data/lib/chef/resource/lwrp_base.rb +1 -0
- data/lib/chef/resource/macos_userdefaults.rb +176 -61
- data/lib/chef/resource/openssl_dhparam.rb +2 -0
- data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
- data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
- data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
- data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
- data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
- data/lib/chef/resource/openssl_x509_crl.rb +3 -2
- data/lib/chef/resource/openssl_x509_request.rb +23 -20
- data/lib/chef/resource/osx_profile.rb +227 -5
- data/lib/chef/resource/powershell_package_source.rb +1 -1
- data/lib/chef/resource/powershell_script.rb +24 -30
- data/lib/chef/resource/service.rb +2 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
- data/lib/chef/resource/sudo.rb +2 -2
- data/lib/chef/resource/sysctl.rb +5 -5
- data/lib/chef/resource/user_ulimit.rb +1 -1
- data/lib/chef/resource/windows_ad_join.rb +2 -0
- data/lib/chef/resource/windows_audit_policy.rb +3 -0
- data/lib/chef/resource/windows_auto_run.rb +2 -0
- data/lib/chef/resource/windows_certificate.rb +2 -0
- data/lib/chef/resource/windows_dfs_folder.rb +2 -0
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
- data/lib/chef/resource/windows_dfs_server.rb +2 -0
- data/lib/chef/resource/windows_dns_record.rb +25 -5
- data/lib/chef/resource/windows_dns_zone.rb +12 -7
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_feature_dism.rb +10 -0
- data/lib/chef/resource/windows_feature_powershell.rb +14 -2
- data/lib/chef/resource/windows_firewall_profile.rb +199 -0
- data/lib/chef/resource/windows_firewall_rule.rb +5 -3
- data/lib/chef/resource/windows_font.rb +3 -1
- data/lib/chef/resource/windows_pagefile.rb +4 -0
- data/lib/chef/resource/windows_printer.rb +17 -18
- data/lib/chef/resource/windows_printer_port.rb +14 -13
- data/lib/chef/resource/windows_security_policy.rb +51 -20
- data/lib/chef/resource/windows_share.rb +5 -3
- data/lib/chef/resource/windows_shortcut.rb +2 -0
- data/lib/chef/resource/windows_uac.rb +2 -0
- data/lib/chef/resource/windows_user_privilege.rb +27 -2
- data/lib/chef/resource/windows_workgroup.rb +2 -3
- data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
- data/lib/chef/resource_inspector.rb +7 -1
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/role.rb +3 -4
- data/lib/chef/run_context/cookbook_compiler.rb +20 -20
- data/lib/chef/run_status.rb +2 -6
- data/lib/chef/server_api_versions.rb +4 -0
- data/lib/chef/shell.rb +1 -1
- data/lib/chef/shell/shell_session.rb +2 -0
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +11 -12
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/win32/file.rb +2 -2
- data/lib/chef/win32/file/version_info.rb +5 -5
- data/lib/chef/win32/registry.rb +1 -2
- data/spec/data/ssl/chef-rspec.cert +15 -15
- data/spec/functional/knife/configure_spec.rb +1 -1
- data/spec/functional/knife/ssh_spec.rb +5 -16
- data/spec/functional/resource/aix_service_spec.rb +9 -2
- data/spec/functional/resource/aixinit_service_spec.rb +8 -9
- data/spec/functional/resource/apt_package_spec.rb +0 -1
- data/spec/functional/resource/bash_spec.rb +3 -2
- data/spec/functional/resource/bff_spec.rb +3 -3
- data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +10 -2
- data/spec/functional/resource/dnf_package_spec.rb +4 -1
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/dsc_script_spec.rb +0 -1
- data/spec/functional/resource/execute_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +23 -1
- data/spec/functional/resource/group_spec.rb +21 -9
- data/spec/functional/resource/ifconfig_spec.rb +9 -1
- data/spec/functional/resource/insserv_spec.rb +7 -7
- data/spec/functional/resource/link_spec.rb +22 -25
- data/spec/functional/resource/mount_spec.rb +9 -1
- data/spec/functional/resource/msu_package_spec.rb +9 -3
- data/spec/functional/resource/powershell_script_spec.rb +8 -8
- data/spec/functional/resource/remote_file_spec.rb +7 -13
- data/spec/functional/resource/rpm_spec.rb +3 -3
- data/spec/functional/resource/timezone_spec.rb +2 -0
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_font_spec.rb +49 -0
- data/spec/functional/resource/windows_package_spec.rb +0 -1
- data/spec/functional/resource/windows_path_spec.rb +4 -0
- data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
- data/spec/functional/resource/windows_service_spec.rb +4 -0
- data/spec/functional/resource/windows_task_spec.rb +4 -3
- data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
- data/spec/functional/resource/yum_package_spec.rb +4 -1
- data/spec/functional/resource/zypper_package_spec.rb +4 -1
- data/spec/functional/run_lock_spec.rb +26 -25
- data/spec/functional/shell_spec.rb +5 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/crypto_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/knife/common_options_spec.rb +12 -12
- data/spec/integration/knife/config_get_profile_spec.rb +69 -68
- data/spec/integration/knife/config_get_spec.rb +126 -125
- data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
- data/spec/integration/knife/config_use_profile_spec.rb +110 -109
- data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
- data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
- data/spec/integration/knife/diff_spec.rb +3 -1
- data/spec/integration/knife/download_spec.rb +3 -1
- data/spec/integration/knife/environment_from_file_spec.rb +1 -1
- data/spec/integration/knife/node_from_file_spec.rb +1 -1
- data/spec/integration/knife/role_from_file_spec.rb +1 -1
- data/spec/integration/knife/serve_spec.rb +5 -5
- data/spec/integration/knife/upload_spec.rb +3 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
- data/spec/integration/recipes/resource_load_spec.rb +4 -2
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +1 -1
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +16 -10
- data/spec/support/chef_helpers.rb +1 -20
- data/spec/support/platform_helpers.rb +9 -11
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +20 -21
- data/spec/support/shared/functional/securable_resource.rb +1 -2
- data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -5
- data/spec/support/shared/integration/integration_helper.rb +22 -52
- data/spec/support/shared/integration/knife_support.rb +2 -9
- data/spec/support/shared/unit/application_dot_d.rb +0 -1
- data/spec/support/shared/unit/provider/file.rb +12 -8
- data/spec/support/shared/unit/script_resource.rb +6 -20
- data/spec/support/shared/unit/windows_script_resource.rb +15 -28
- data/spec/unit/application/solo_spec.rb +4 -2
- data/spec/unit/application_spec.rb +4 -2
- data/spec/unit/chef_fs/config_spec.rb +2 -2
- data/spec/unit/chef_fs/diff_spec.rb +8 -8
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
- data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
- data/spec/unit/client_spec.rb +4 -1
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
- data/spec/unit/data_bag_spec.rb +6 -3
- data/spec/unit/data_collector_spec.rb +29 -1
- data/spec/unit/decorator_spec.rb +23 -23
- data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
- data/spec/unit/environment_spec.rb +12 -8
- data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
- data/spec/unit/guard_interpreter_spec.rb +1 -1
- data/spec/unit/http/api_versions_spec.rb +20 -2
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +17 -20
- data/spec/unit/knife/cookbook_download_spec.rb +6 -6
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +6 -7
- data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
- data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +1 -1
- data/spec/unit/log/syslog_spec.rb +6 -10
- data/spec/unit/log/winevt_spec.rb +21 -13
- data/spec/unit/lwrp_spec.rb +9 -6
- data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
- data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
- data/spec/unit/mixin/powershell_out_spec.rb +2 -4
- data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +0 -1
- data/spec/unit/mixin/shell_out_spec.rb +25 -26
- data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
- data/spec/unit/mixin/template_spec.rb +30 -30
- data/spec/unit/mixin/unformatter_spec.rb +2 -2
- data/spec/unit/mixin/uris_spec.rb +1 -1
- data/spec/unit/mixin/which.rb +8 -0
- data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
- data/spec/unit/node/immutable_collections_spec.rb +6 -2
- data/spec/unit/node_spec.rb +103 -16
- data/spec/unit/property_spec.rb +5 -5
- data/spec/unit/provider/batch_spec.rb +1 -1
- data/spec/unit/provider/cron/unix_spec.rb +1 -1
- data/spec/unit/provider/dsc_resource_spec.rb +22 -38
- data/spec/unit/provider/dsc_script_spec.rb +10 -10
- data/spec/unit/provider/execute_spec.rb +1 -8
- data/spec/unit/provider/git_spec.rb +3 -3
- data/spec/unit/provider/ifconfig_spec.rb +0 -1
- data/spec/unit/provider/mdadm_spec.rb +1 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
- data/spec/unit/provider/package/openbsd_spec.rb +1 -1
- data/spec/unit/provider/package/pacman_spec.rb +17 -20
- data/spec/unit/provider/package/rubygems_spec.rb +5 -10
- data/spec/unit/provider/package/smartos_spec.rb +1 -1
- data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +30 -53
- data/spec/unit/provider/powershell_script_spec.rb +11 -4
- data/spec/unit/provider/remote_directory_spec.rb +9 -9
- data/spec/unit/provider/service/arch_service_spec.rb +3 -2
- data/spec/unit/provider/service/debian_service_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
- data/spec/unit/provider/service/macosx_spec.rb +3 -3
- data/spec/unit/provider/service/redhat_spec.rb +3 -3
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +2 -6
- data/spec/unit/provider/systemd_unit_spec.rb +28 -24
- data/spec/unit/provider/user/dscl_spec.rb +2 -2
- data/spec/unit/provider/windows_env_spec.rb +5 -4
- data/spec/unit/provider_resolver_spec.rb +6 -6
- data/spec/unit/provider_spec.rb +1 -0
- data/spec/unit/resource/batch_spec.rb +6 -6
- data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
- data/spec/unit/resource/execute_spec.rb +123 -118
- data/spec/unit/resource/file/verification_spec.rb +2 -1
- data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
- data/spec/unit/resource/osx_profile_spec.rb +233 -0
- data/spec/unit/resource/powershell_script_spec.rb +11 -29
- data/spec/unit/resource/script_spec.rb +6 -1
- data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
- data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
- data/spec/unit/resource/windows_package_spec.rb +1 -0
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +25 -8
- data/spec/unit/role_spec.rb +30 -28
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_lock_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/server_api_spec.rb +43 -16
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/util/diff_spec.rb +1 -15
- data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
- data/spec/unit/util/selinux_spec.rb +2 -1
- data/spec/unit/win32/security_spec.rb +4 -3
- data/tasks/rspec.rb +1 -1
- metadata +53 -40
- data/lib/chef/provider/osx_profile.rb +0 -255
- data/spec/unit/provider/osx_profile_spec.rb +0 -255
data/lib/chef/mixin/shell_out.rb
CHANGED
@@ -15,198 +15,14 @@
|
|
15
15
|
# See the License for the specific language governing permissions and
|
16
16
|
# limitations under the License.
|
17
17
|
|
18
|
-
require "mixlib/shellout" unless defined?(Mixlib::ShellOut::
|
19
|
-
|
18
|
+
require "mixlib/shellout/helper" unless defined?(Mixlib::ShellOut::Helper)
|
19
|
+
require_relative "chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
module Mixin
|
23
23
|
module ShellOut
|
24
|
-
|
25
|
-
|
26
|
-
#
|
27
|
-
# all consumers should now call shell_out!/shell_out.
|
28
|
-
#
|
29
|
-
# the shell_out_compacted/shell_out_compacted! APIs are private but are intended for use
|
30
|
-
# in rspec tests, and should ideally always be used to make code refactoring that do not
|
31
|
-
# change behavior easier:
|
32
|
-
#
|
33
|
-
# allow(provider).to receive(:shell_out_compacted!).with("foo", "bar", "baz")
|
34
|
-
# provider.shell_out!("foo", [ "bar", nil, "baz"])
|
35
|
-
# provider.shell_out!(["foo", nil, "bar" ], ["baz"])
|
36
|
-
#
|
37
|
-
# note that shell_out_compacted also includes adding the magical timeout option to force
|
38
|
-
# people to setup expectations on that value explicitly. it does not include the default_env
|
39
|
-
# mangling in order to avoid users having to setup an expectation on anything other than
|
40
|
-
# setting `default_env: false` and allow us to make tweak to the default_env without breaking
|
41
|
-
# a thousand unit tests.
|
42
|
-
#
|
43
|
-
|
44
|
-
def shell_out(*args, **options)
|
45
|
-
options = options.dup
|
46
|
-
options = Chef::Mixin::ShellOut.maybe_add_timeout(self, options)
|
47
|
-
if options.empty?
|
48
|
-
shell_out_compacted(*Chef::Mixin::ShellOut.clean_array(*args))
|
49
|
-
else
|
50
|
-
shell_out_compacted(*Chef::Mixin::ShellOut.clean_array(*args), **options)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
def shell_out!(*args, **options)
|
55
|
-
options = options.dup
|
56
|
-
options = Chef::Mixin::ShellOut.maybe_add_timeout(self, options)
|
57
|
-
if options.empty?
|
58
|
-
shell_out_compacted!(*Chef::Mixin::ShellOut.clean_array(*args))
|
59
|
-
else
|
60
|
-
shell_out_compacted!(*Chef::Mixin::ShellOut.clean_array(*args), **options)
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
# helper sugar for resources that support passing timeouts to shell_out
|
65
|
-
#
|
66
|
-
# module method to not pollute namespaces, but that means we need self injected as an arg
|
67
|
-
# @api private
|
68
|
-
def self.maybe_add_timeout(obj, options)
|
69
|
-
options = options.dup
|
70
|
-
# historically resources have not properly declared defaults on their timeouts, so a default default of 900s was enforced here
|
71
|
-
default_val = 900
|
72
|
-
return options if options.key?(:timeout)
|
73
|
-
|
74
|
-
# FIXME: need to nuke descendent tracker out of Chef::Provider so we can just define that class here without requiring the
|
75
|
-
# world, and then just use symbol lookup
|
76
|
-
if obj.class.ancestors.map(&:name).include?("Chef::Provider") && obj.respond_to?(:new_resource) && obj.new_resource.respond_to?(:timeout) && !options.key?(:timeout)
|
77
|
-
options[:timeout] = obj.new_resource.timeout ? obj.new_resource.timeout.to_f : default_val
|
78
|
-
end
|
79
|
-
options
|
80
|
-
end
|
81
|
-
|
82
|
-
# helper function to mangle options when `default_env` is true
|
83
|
-
#
|
84
|
-
# @api private
|
85
|
-
def self.apply_default_env(options)
|
86
|
-
options = options.dup
|
87
|
-
default_env = options.delete(:default_env)
|
88
|
-
default_env = true if default_env.nil?
|
89
|
-
if default_env
|
90
|
-
env_key = options.key?(:env) ? :env : :environment
|
91
|
-
options[env_key] = {
|
92
|
-
"LC_ALL" => Chef::Config[:internal_locale],
|
93
|
-
"LANGUAGE" => Chef::Config[:internal_locale],
|
94
|
-
"LANG" => Chef::Config[:internal_locale],
|
95
|
-
env_path => ChefUtils::DSL::PathSanity.sanitized_path,
|
96
|
-
}.update(options[env_key] || {})
|
97
|
-
end
|
98
|
-
options
|
99
|
-
end
|
100
|
-
|
101
|
-
private
|
102
|
-
|
103
|
-
# this SHOULD be used for setting up expectations in rspec, see banner comment at top.
|
104
|
-
#
|
105
|
-
# the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
|
106
|
-
#
|
107
|
-
def shell_out_compacted(*args, **options)
|
108
|
-
options = Chef::Mixin::ShellOut.apply_default_env(options)
|
109
|
-
if options.empty?
|
110
|
-
Chef::Mixin::ShellOut.shell_out_command(*args)
|
111
|
-
else
|
112
|
-
Chef::Mixin::ShellOut.shell_out_command(*args, **options)
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
# this SHOULD be used for setting up expectations in rspec, see banner comment at top.
|
117
|
-
#
|
118
|
-
# the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
|
119
|
-
#
|
120
|
-
def shell_out_compacted!(*args, **options)
|
121
|
-
options = Chef::Mixin::ShellOut.apply_default_env(options)
|
122
|
-
cmd = if options.empty?
|
123
|
-
Chef::Mixin::ShellOut.shell_out_command(*args)
|
124
|
-
else
|
125
|
-
Chef::Mixin::ShellOut.shell_out_command(*args, **options)
|
126
|
-
end
|
127
|
-
cmd.error!
|
128
|
-
cmd
|
129
|
-
end
|
130
|
-
|
131
|
-
# Helper for subclasses to reject nil out of an array. It allows
|
132
|
-
# using the array form of shell_out (which avoids the need to surround arguments with
|
133
|
-
# quote marks to deal with shells).
|
134
|
-
#
|
135
|
-
# Usage:
|
136
|
-
# shell_out!(*clean_array("useradd", universal_options, useradd_options, new_resource.username))
|
137
|
-
#
|
138
|
-
# universal_options and useradd_options can be nil, empty array, empty string, strings or arrays
|
139
|
-
# and the result makes sense.
|
140
|
-
#
|
141
|
-
# keeping this separate from shell_out!() makes it a bit easier to write expectations against the
|
142
|
-
# shell_out args and be able to omit nils and such in the tests (and to test that the nils are
|
143
|
-
# being rejected correctly).
|
144
|
-
#
|
145
|
-
# @param args [String] variable number of string arguments
|
146
|
-
# @return [Array] array of strings with nil and null string rejection
|
147
|
-
|
148
|
-
def self.clean_array(*args)
|
149
|
-
args.flatten.compact.map(&:to_s)
|
150
|
-
end
|
151
|
-
|
152
|
-
def self.transport_connection
|
153
|
-
Chef.run_context.transport_connection
|
154
|
-
end
|
155
|
-
|
156
|
-
def self.shell_out_command(*args, **options)
|
157
|
-
if Chef::Config.target_mode?
|
158
|
-
FakeShellOut.new(args, options, transport_connection.run_command(args.join(" "))) # FIXME: train should accept run_command(*args)
|
159
|
-
else
|
160
|
-
cmd = if options.empty?
|
161
|
-
Mixlib::ShellOut.new(*args)
|
162
|
-
else
|
163
|
-
Mixlib::ShellOut.new(*args, **options)
|
164
|
-
end
|
165
|
-
cmd.live_stream ||= io_for_live_stream
|
166
|
-
cmd.run_command
|
167
|
-
cmd
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def self.io_for_live_stream
|
172
|
-
if STDOUT.tty? && !Chef::Config[:daemon] && Chef::Log.debug?
|
173
|
-
STDOUT
|
174
|
-
else
|
175
|
-
nil
|
176
|
-
end
|
177
|
-
end
|
178
|
-
|
179
|
-
def self.env_path
|
180
|
-
if ChefUtils.windows?
|
181
|
-
"Path"
|
182
|
-
else
|
183
|
-
"PATH"
|
184
|
-
end
|
185
|
-
end
|
186
|
-
|
187
|
-
class FakeShellOut
|
188
|
-
attr_reader :stdout, :stderr, :exitstatus, :status
|
189
|
-
|
190
|
-
def initialize(args, options, result)
|
191
|
-
@args = args
|
192
|
-
@options = options
|
193
|
-
@stdout = result.stdout
|
194
|
-
@stderr = result.stderr
|
195
|
-
@exitstatus = result.exit_status
|
196
|
-
@status = OpenStruct.new(success?: ( exitstatus == 0 ))
|
197
|
-
end
|
198
|
-
|
199
|
-
def error?
|
200
|
-
exitstatus != 0
|
201
|
-
end
|
202
|
-
|
203
|
-
def error!
|
204
|
-
raise Mixlib::ShellOut::ShellCommandFailed, "Unexpected exit status of #{exitstatus} running #{@args}" if error?
|
205
|
-
end
|
206
|
-
end
|
24
|
+
include Mixlib::ShellOut::Helper
|
25
|
+
include Chef::Mixin::ChefUtilsWiring
|
207
26
|
end
|
208
27
|
end
|
209
28
|
end
|
210
|
-
|
211
|
-
# Break circular dep
|
212
|
-
require_relative "../config"
|
data/lib/chef/mixin/template.rb
CHANGED
data/lib/chef/mixin/which.rb
CHANGED
@@ -16,20 +16,23 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
|
18
18
|
require "chef-utils/dsl/which" unless defined?(ChefUtils::DSL::Which)
|
19
|
-
require "chef-utils/dsl/
|
19
|
+
require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
|
20
|
+
require_relative "chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
|
20
21
|
|
21
22
|
class Chef
|
22
23
|
module Mixin
|
23
24
|
module Which
|
24
25
|
include ChefUtils::DSL::Which
|
26
|
+
include ChefUtils::DSL::DefaultPaths
|
27
|
+
include ChefUtilsWiring
|
25
28
|
|
26
29
|
private
|
27
30
|
|
28
|
-
# we dep-inject
|
31
|
+
# we dep-inject default paths into this API for historical reasons
|
29
32
|
#
|
30
33
|
# @api private
|
31
34
|
def __extra_path
|
32
|
-
|
35
|
+
__default_paths
|
33
36
|
end
|
34
37
|
end
|
35
38
|
end
|
data/lib/chef/mixins.rb
CHANGED
@@ -6,6 +6,7 @@ require_relative "mixin/deep_merge"
|
|
6
6
|
require_relative "mixin/enforce_ownership_and_permissions"
|
7
7
|
require_relative "mixin/from_file"
|
8
8
|
require_relative "mixin/params_validate"
|
9
|
+
require_relative "mixin/default_paths"
|
9
10
|
require_relative "mixin/path_sanity"
|
10
11
|
require_relative "mixin/template"
|
11
12
|
require_relative "mixin/securable"
|
@@ -33,16 +33,16 @@ module WEBrick
|
|
33
33
|
last_error = nil
|
34
34
|
sockets = []
|
35
35
|
res.each do |ai|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
36
|
+
|
37
|
+
logger.debug("TCPServer.new(#{ai[3]}, #{port})") if logger
|
38
|
+
sock = TCPServer.new(ai[3], port)
|
39
|
+
port = sock.addr[1] if port == 0
|
40
|
+
Utils.set_close_on_exec(sock)
|
41
|
+
sockets << sock
|
42
|
+
rescue => ex
|
43
|
+
logger.warn("TCPServer Error: #{ex}") if logger
|
44
|
+
last_error = ex
|
45
|
+
|
46
46
|
end
|
47
47
|
raise last_error if sockets.empty?
|
48
48
|
|
data/lib/chef/node.rb
CHANGED
@@ -34,8 +34,8 @@ require_relative "node/attribute"
|
|
34
34
|
require_relative "mash"
|
35
35
|
require_relative "json_compat"
|
36
36
|
require_relative "search/query"
|
37
|
-
require_relative "
|
38
|
-
require_relative "
|
37
|
+
require_relative "attribute_allowlist"
|
38
|
+
require_relative "attribute_blocklist"
|
39
39
|
|
40
40
|
class Chef
|
41
41
|
class Node
|
@@ -706,21 +706,45 @@ class Chef
|
|
706
706
|
end
|
707
707
|
end
|
708
708
|
|
709
|
+
# a method to handle the renamed configuration from whitelist -> allowed
|
710
|
+
# and to throw a deprecation warning when the old configuration is set
|
711
|
+
#
|
712
|
+
# @param [String] level the attribute level
|
713
|
+
def allowlist_or_whitelist_config(level)
|
714
|
+
if Chef::Config["#{level}_attribute_whitelist".to_sym]
|
715
|
+
Chef.deprecated(:attribute_blacklist_configuration, "Attribute whitelist configurations have been deprecated. Use the allowed_LEVEL_attribute configs instead")
|
716
|
+
Chef::Config["#{level}_attribute_whitelist".to_sym]
|
717
|
+
else
|
718
|
+
Chef::Config["allowed_#{level}_attributes".to_sym]
|
719
|
+
end
|
720
|
+
end
|
721
|
+
|
722
|
+
# a method to handle the renamed configuration from blacklist -> blocked
|
723
|
+
# and to throw a deprecation warning when the old configuration is set
|
724
|
+
#
|
725
|
+
# @param [String] level the attribute level
|
726
|
+
def blocklist_or_blacklist_config(level)
|
727
|
+
if Chef::Config["#{level}_attribute_blacklist".to_sym]
|
728
|
+
Chef.deprecated(:attribute_blacklist_configuration, "Attribute blacklist configurations have been deprecated. Use the blocked_LEVEL_attribute configs instead")
|
729
|
+
Chef::Config["#{level}_attribute_blacklist".to_sym]
|
730
|
+
else
|
731
|
+
Chef::Config["blocked_#{level}_attributes".to_sym]
|
732
|
+
end
|
733
|
+
end
|
734
|
+
|
709
735
|
def data_for_save
|
710
736
|
data = for_json
|
711
737
|
%w{automatic default normal override}.each do |level|
|
712
|
-
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
data[level] = Chef::Whitelist.filter(data[level], whitelist)
|
738
|
+
allowlist = allowlist_or_whitelist_config(level)
|
739
|
+
unless allowlist.nil? # nil => save everything
|
740
|
+
logger.info("Allowing #{level} node attributes for save.")
|
741
|
+
data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
|
717
742
|
end
|
718
743
|
|
719
|
-
|
720
|
-
|
721
|
-
|
722
|
-
|
723
|
-
data[level] = Chef::Blacklist.filter(data[level], blacklist)
|
744
|
+
blocklist = blocklist_or_blacklist_config(level)
|
745
|
+
unless blocklist.nil? # nil => remove nothing
|
746
|
+
logger.info("Blocking #{level} node attributes for save")
|
747
|
+
data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
|
724
748
|
end
|
725
749
|
end
|
726
750
|
data
|
data/lib/chef/node/attribute.rb
CHANGED
@@ -563,11 +563,10 @@ class Chef
|
|
563
563
|
# @param path [Array] Array of args to method chain to descend into the node object
|
564
564
|
# @return [attr] Deep Merged values (may be VividMash, Hash, Array, etc) from the node object
|
565
565
|
def merge_defaults(path)
|
566
|
-
|
566
|
+
DEFAULT_COMPONENTS.inject(NIL) do |merged, component_ivar|
|
567
567
|
component_value = apply_path(instance_variable_get(component_ivar), path)
|
568
568
|
deep_merge!(merged, component_value)
|
569
569
|
end
|
570
|
-
ret
|
571
570
|
end
|
572
571
|
|
573
572
|
# Deep merge the override attribute levels with array merging.
|
@@ -577,11 +576,10 @@ class Chef
|
|
577
576
|
# @param path [Array] Array of args to method chain to descend into the node object
|
578
577
|
# @return [attr] Deep Merged values (may be VividMash, Hash, Array, etc) from the node object
|
579
578
|
def merge_overrides(path)
|
580
|
-
|
579
|
+
OVERRIDE_COMPONENTS.inject(NIL) do |merged, component_ivar|
|
581
580
|
component_value = apply_path(instance_variable_get(component_ivar), path)
|
582
581
|
deep_merge!(merged, component_value)
|
583
582
|
end
|
584
|
-
ret
|
585
583
|
end
|
586
584
|
|
587
585
|
# needed for __path__
|
data/lib/chef/node_map.rb
CHANGED
@@ -35,10 +35,13 @@
|
|
35
35
|
#
|
36
36
|
# XXX: confusingly, in the *_priority_map the :klass may be an array of Strings of class names
|
37
37
|
#
|
38
|
+
|
39
|
+
require_relative "dist"
|
40
|
+
|
38
41
|
class Chef
|
39
42
|
class NodeMap
|
40
43
|
COLLISION_WARNING = <<~EOH.gsub(/\s+/, " ").strip
|
41
|
-
%{type_caps} %{key}
|
44
|
+
%{type_caps} %{key} built into %{client_name} is being overridden by the %{type} from a cookbook. Please upgrade your cookbook
|
42
45
|
or remove the cookbook from your run_list.
|
43
46
|
EOH
|
44
47
|
|
@@ -83,7 +86,7 @@ class Chef
|
|
83
86
|
else
|
84
87
|
klass.superclass.to_s
|
85
88
|
end
|
86
|
-
Chef::Log.warn( COLLISION_WARNING % { type: type_of_thing, key: key, type_caps: type_of_thing.capitalize } )
|
89
|
+
Chef::Log.warn( COLLISION_WARNING % { type: type_of_thing, key: key, type_caps: type_of_thing.capitalize, client_name: Chef::Dist::PRODUCT } )
|
87
90
|
end
|
88
91
|
|
89
92
|
# The map is sorted in order of preference already; we just need to find
|
@@ -209,7 +212,7 @@ class Chef
|
|
209
212
|
# - no negative matches (!value)
|
210
213
|
# - at least one positive match (value or :all), or no positive filters
|
211
214
|
#
|
212
|
-
def
|
215
|
+
def matches_block_allow_list?(node, filters, attribute)
|
213
216
|
# It's super common for the filter to be nil. Catch that so we don't
|
214
217
|
# spend any time here.
|
215
218
|
return true unless filters[attribute]
|
@@ -217,21 +220,21 @@ class Chef
|
|
217
220
|
filter_values = Array(filters[attribute])
|
218
221
|
value = node[attribute]
|
219
222
|
|
220
|
-
# Split the
|
221
|
-
|
223
|
+
# Split the blocklist and allowlist
|
224
|
+
blocklist, allowlist = filter_values.partition { |v| v.is_a?(String) && v.start_with?("!") }
|
222
225
|
|
223
226
|
if attribute == :platform_family
|
224
|
-
# If any
|
225
|
-
return false if
|
227
|
+
# If any blocklist value matches, we don't match
|
228
|
+
return false if blocklist.any? { |v| v[1..-1] == value || platform_family_query_helper?(node, v[1..-1]) }
|
226
229
|
|
227
|
-
# If the
|
228
|
-
|
230
|
+
# If the allowlist is empty, or anything matches, we match.
|
231
|
+
allowlist.empty? || allowlist.any? { |v| v == :all || v == value || platform_family_query_helper?(node, v) }
|
229
232
|
else
|
230
|
-
# If any
|
231
|
-
return false if
|
233
|
+
# If any blocklist value matches, we don't match
|
234
|
+
return false if blocklist.any? { |v| v[1..-1] == value }
|
232
235
|
|
233
|
-
# If the
|
234
|
-
|
236
|
+
# If the allowlist is empty, or anything matches, we match.
|
237
|
+
allowlist.empty? || allowlist.any? { |v| v == :all || v == value }
|
235
238
|
end
|
236
239
|
end
|
237
240
|
|
@@ -260,9 +263,9 @@ class Chef
|
|
260
263
|
end
|
261
264
|
|
262
265
|
def filters_match?(node, filters)
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
+
matches_block_allow_list?(node, filters, :os) &&
|
267
|
+
matches_block_allow_list?(node, filters, :platform_family) &&
|
268
|
+
matches_block_allow_list?(node, filters, :platform) &&
|
266
269
|
matches_version_list?(node, filters, :platform_version) &&
|
267
270
|
matches_target_mode?(filters)
|
268
271
|
end
|
@@ -311,8 +314,8 @@ class Chef
|
|
311
314
|
return -1 if !b && a
|
312
315
|
return 0 if !a && !b
|
313
316
|
|
314
|
-
# Check for
|
315
|
-
#
|
317
|
+
# Check for blocklists ('!windows'). Those always come *after* positive
|
318
|
+
# allowlists.
|
316
319
|
a_negated = Array(a).any? { |f| f.is_a?(String) && f.start_with?("!") }
|
317
320
|
b_negated = Array(b).any? { |f| f.is_a?(String) && f.start_with?("!") }
|
318
321
|
return 1 if a_negated && !b_negated
|