chef 16.2.73-universal-mingw32 → 16.3.38-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/Rakefile +1 -1
- data/chef-universal-mingw32.gemspec +2 -2
- data/chef.gemspec +2 -1
- data/lib/chef/application.rb +12 -0
- data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
- data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/client.rb +3 -3
- data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
- data/lib/chef/cookbook/syntax_check.rb +1 -2
- data/lib/chef/cookbook_loader.rb +15 -29
- data/lib/chef/data_bag.rb +1 -2
- data/lib/chef/deprecated.rb +8 -0
- data/lib/chef/dsl/platform_introspection.rb +2 -0
- data/lib/chef/environment.rb +1 -2
- data/lib/chef/exceptions.rb +3 -0
- data/lib/chef/http/authenticator.rb +1 -1
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +4 -10
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
- data/lib/chef/knife/config_get.rb +1 -0
- data/lib/chef/knife/config_list_profiles.rb +4 -1
- data/lib/chef/knife/configure.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +5 -10
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +1 -0
- data/lib/chef/knife/core/subcommand_loader.rb +20 -1
- data/lib/chef/knife/core/ui.rb +8 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +1 -2
- data/lib/chef/knife/rehash.rb +3 -21
- data/lib/chef/knife/ssh.rb +5 -1
- data/lib/chef/log.rb +7 -2
- data/lib/chef/mixin/chef_utils_wiring.rb +40 -0
- data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
- data/lib/chef/mixin/openssl_helper.rb +27 -5
- data/lib/chef/mixin/path_sanity.rb +5 -4
- data/lib/chef/mixin/shell_out.rb +4 -188
- data/lib/chef/mixin/template.rb +1 -0
- data/lib/chef/mixin/which.rb +6 -3
- data/lib/chef/mixins.rb +1 -0
- data/lib/chef/node.rb +36 -12
- data/lib/chef/node_map.rb +21 -18
- data/lib/chef/platform/service_helpers.rb +31 -28
- data/lib/chef/provider/git.rb +12 -4
- data/lib/chef/provider/mount/solaris.rb +0 -1
- data/lib/chef/provider/package/snap.rb +2 -3
- data/lib/chef/provider/package/windows.rb +9 -4
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/service.rb +2 -2
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +1 -1
- data/lib/chef/resource.rb +2 -0
- data/lib/chef/resource/build_essential.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
- data/lib/chef/resource/chocolatey_feature.rb +1 -2
- data/lib/chef/resource/cron/cron_d.rb +1 -1
- data/lib/chef/resource/cron_access.rb +2 -2
- data/lib/chef/resource/execute.rb +2 -2
- data/lib/chef/resource/lwrp_base.rb +1 -0
- data/lib/chef/resource/macos_userdefaults.rb +176 -61
- data/lib/chef/resource/openssl_x509_certificate.rb +11 -14
- data/lib/chef/resource/openssl_x509_crl.rb +1 -2
- data/lib/chef/resource/service.rb +2 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
- data/lib/chef/resource/sudo.rb +1 -1
- data/lib/chef/resource/user_ulimit.rb +1 -1
- data/lib/chef/resource/windows_dns_record.rb +17 -0
- data/lib/chef/resource/windows_firewall_profile.rb +197 -0
- data/lib/chef/resource/windows_security_policy.rb +49 -20
- data/lib/chef/resource_inspector.rb +7 -1
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/role.rb +1 -2
- data/lib/chef/shell/shell_session.rb +2 -0
- data/lib/chef/util/diff.rb +0 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/win32/registry.rb +1 -2
- data/spec/functional/knife/ssh_spec.rb +5 -16
- data/spec/functional/resource/aix_service_spec.rb +0 -2
- data/spec/functional/resource/aixinit_service_spec.rb +0 -1
- data/spec/functional/resource/apt_package_spec.rb +0 -1
- data/spec/functional/resource/cron_spec.rb +0 -1
- data/spec/functional/resource/git_spec.rb +23 -1
- data/spec/functional/resource/group_spec.rb +6 -2
- data/spec/functional/resource/insserv_spec.rb +0 -1
- data/spec/functional/resource/remote_file_spec.rb +1 -7
- data/spec/functional/resource/windows_user_privilege_spec.rb +1 -1
- data/spec/functional/run_lock_spec.rb +2 -1
- data/spec/functional/shell_spec.rb +5 -5
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/integration/knife/config_list_profiles_spec.rb +30 -2
- data/spec/integration/knife/cookbook_upload_spec.rb +27 -0
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
- data/spec/integration/recipes/resource_load_spec.rb +2 -0
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +1 -1
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +10 -4
- data/spec/support/chef_helpers.rb +1 -20
- data/spec/support/platform_helpers.rb +0 -2
- data/spec/support/shared/functional/file_resource.rb +0 -1
- data/spec/support/shared/integration/knife_support.rb +2 -9
- data/spec/support/shared/unit/application_dot_d.rb +0 -1
- data/spec/unit/application_spec.rb +4 -2
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
- data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
- data/spec/unit/data_collector_spec.rb +1 -1
- data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
- data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +2 -6
- data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
- data/spec/unit/log/syslog_spec.rb +6 -10
- data/spec/unit/log/winevt_spec.rb +21 -13
- data/spec/unit/lwrp_spec.rb +4 -4
- data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
- data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +0 -1
- data/spec/unit/mixin/shell_out_spec.rb +25 -26
- data/spec/unit/mixin/which.rb +8 -0
- data/spec/unit/node_spec.rb +98 -11
- data/spec/unit/property_spec.rb +5 -5
- data/spec/unit/provider/execute_spec.rb +0 -7
- data/spec/unit/provider/ifconfig_spec.rb +0 -1
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
- data/spec/unit/provider/package/rubygems_spec.rb +5 -10
- data/spec/unit/provider/package/smartos_spec.rb +1 -1
- data/spec/unit/provider/package/windows_spec.rb +30 -53
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/windows_spec.rb +2 -6
- data/spec/unit/provider/systemd_unit_spec.rb +28 -24
- data/spec/unit/provider_spec.rb +1 -0
- data/spec/unit/resource/execute_spec.rb +10 -0
- data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
- data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
- data/spec/unit/resource/windows_package_spec.rb +1 -0
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_lock_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/util/diff_spec.rb +1 -15
- data/spec/unit/win32/security_spec.rb +4 -3
- metadata +38 -15
@@ -16,14 +16,15 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
+
require_relative "default_paths"
|
20
|
+
|
19
21
|
class Chef
|
20
22
|
module Mixin
|
21
|
-
# @ deprecated
|
22
23
|
module PathSanity
|
24
|
+
include Chef::Mixin::DefaultPaths
|
25
|
+
|
23
26
|
def enforce_path_sanity(env = ENV)
|
24
|
-
|
25
|
-
env["PATH"] = ChefUtils::DSL::PathSanity.sanitized_path(env)
|
26
|
-
end
|
27
|
+
enforce_default_paths(env)
|
27
28
|
end
|
28
29
|
end
|
29
30
|
end
|
data/lib/chef/mixin/shell_out.rb
CHANGED
@@ -15,198 +15,14 @@
|
|
15
15
|
# See the License for the specific language governing permissions and
|
16
16
|
# limitations under the License.
|
17
17
|
|
18
|
-
require "mixlib/shellout" unless defined?(Mixlib::ShellOut::
|
19
|
-
require "chef
|
18
|
+
require "mixlib/shellout/helper" unless defined?(Mixlib::ShellOut::Helper)
|
19
|
+
require "chef/mixin/chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
module Mixin
|
23
23
|
module ShellOut
|
24
|
-
|
25
|
-
|
26
|
-
#
|
27
|
-
# all consumers should now call shell_out!/shell_out.
|
28
|
-
#
|
29
|
-
# the shell_out_compacted/shell_out_compacted! APIs are private but are intended for use
|
30
|
-
# in rspec tests, and should ideally always be used to make code refactoring that do not
|
31
|
-
# change behavior easier:
|
32
|
-
#
|
33
|
-
# allow(provider).to receive(:shell_out_compacted!).with("foo", "bar", "baz")
|
34
|
-
# provider.shell_out!("foo", [ "bar", nil, "baz"])
|
35
|
-
# provider.shell_out!(["foo", nil, "bar" ], ["baz"])
|
36
|
-
#
|
37
|
-
# note that shell_out_compacted also includes adding the magical timeout option to force
|
38
|
-
# people to setup expectations on that value explicitly. it does not include the default_env
|
39
|
-
# mangling in order to avoid users having to setup an expectation on anything other than
|
40
|
-
# setting `default_env: false` and allow us to make tweak to the default_env without breaking
|
41
|
-
# a thousand unit tests.
|
42
|
-
#
|
43
|
-
|
44
|
-
def shell_out(*args, **options)
|
45
|
-
options = options.dup
|
46
|
-
options = Chef::Mixin::ShellOut.maybe_add_timeout(self, options)
|
47
|
-
if options.empty?
|
48
|
-
shell_out_compacted(*Chef::Mixin::ShellOut.clean_array(*args))
|
49
|
-
else
|
50
|
-
shell_out_compacted(*Chef::Mixin::ShellOut.clean_array(*args), **options)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
def shell_out!(*args, **options)
|
55
|
-
options = options.dup
|
56
|
-
options = Chef::Mixin::ShellOut.maybe_add_timeout(self, options)
|
57
|
-
if options.empty?
|
58
|
-
shell_out_compacted!(*Chef::Mixin::ShellOut.clean_array(*args))
|
59
|
-
else
|
60
|
-
shell_out_compacted!(*Chef::Mixin::ShellOut.clean_array(*args), **options)
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
# helper sugar for resources that support passing timeouts to shell_out
|
65
|
-
#
|
66
|
-
# module method to not pollute namespaces, but that means we need self injected as an arg
|
67
|
-
# @api private
|
68
|
-
def self.maybe_add_timeout(obj, options)
|
69
|
-
options = options.dup
|
70
|
-
# historically resources have not properly declared defaults on their timeouts, so a default default of 900s was enforced here
|
71
|
-
default_val = 900
|
72
|
-
return options if options.key?(:timeout)
|
73
|
-
|
74
|
-
# FIXME: need to nuke descendent tracker out of Chef::Provider so we can just define that class here without requiring the
|
75
|
-
# world, and then just use symbol lookup
|
76
|
-
if obj.class.ancestors.map(&:name).include?("Chef::Provider") && obj.respond_to?(:new_resource) && obj.new_resource.respond_to?(:timeout) && !options.key?(:timeout)
|
77
|
-
options[:timeout] = obj.new_resource.timeout ? obj.new_resource.timeout.to_f : default_val
|
78
|
-
end
|
79
|
-
options
|
80
|
-
end
|
81
|
-
|
82
|
-
# helper function to mangle options when `default_env` is true
|
83
|
-
#
|
84
|
-
# @api private
|
85
|
-
def self.apply_default_env(options)
|
86
|
-
options = options.dup
|
87
|
-
default_env = options.delete(:default_env)
|
88
|
-
default_env = true if default_env.nil?
|
89
|
-
if default_env
|
90
|
-
env_key = options.key?(:env) ? :env : :environment
|
91
|
-
options[env_key] = {
|
92
|
-
"LC_ALL" => Chef::Config[:internal_locale],
|
93
|
-
"LANGUAGE" => Chef::Config[:internal_locale],
|
94
|
-
"LANG" => Chef::Config[:internal_locale],
|
95
|
-
env_path => ChefUtils::DSL::PathSanity.sanitized_path,
|
96
|
-
}.update(options[env_key] || {})
|
97
|
-
end
|
98
|
-
options
|
99
|
-
end
|
100
|
-
|
101
|
-
private
|
102
|
-
|
103
|
-
# this SHOULD be used for setting up expectations in rspec, see banner comment at top.
|
104
|
-
#
|
105
|
-
# the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
|
106
|
-
#
|
107
|
-
def shell_out_compacted(*args, **options)
|
108
|
-
options = Chef::Mixin::ShellOut.apply_default_env(options)
|
109
|
-
if options.empty?
|
110
|
-
Chef::Mixin::ShellOut.shell_out_command(*args)
|
111
|
-
else
|
112
|
-
Chef::Mixin::ShellOut.shell_out_command(*args, **options)
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
# this SHOULD be used for setting up expectations in rspec, see banner comment at top.
|
117
|
-
#
|
118
|
-
# the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
|
119
|
-
#
|
120
|
-
def shell_out_compacted!(*args, **options)
|
121
|
-
options = Chef::Mixin::ShellOut.apply_default_env(options)
|
122
|
-
cmd = if options.empty?
|
123
|
-
Chef::Mixin::ShellOut.shell_out_command(*args)
|
124
|
-
else
|
125
|
-
Chef::Mixin::ShellOut.shell_out_command(*args, **options)
|
126
|
-
end
|
127
|
-
cmd.error!
|
128
|
-
cmd
|
129
|
-
end
|
130
|
-
|
131
|
-
# Helper for subclasses to reject nil out of an array. It allows
|
132
|
-
# using the array form of shell_out (which avoids the need to surround arguments with
|
133
|
-
# quote marks to deal with shells).
|
134
|
-
#
|
135
|
-
# Usage:
|
136
|
-
# shell_out!(*clean_array("useradd", universal_options, useradd_options, new_resource.username))
|
137
|
-
#
|
138
|
-
# universal_options and useradd_options can be nil, empty array, empty string, strings or arrays
|
139
|
-
# and the result makes sense.
|
140
|
-
#
|
141
|
-
# keeping this separate from shell_out!() makes it a bit easier to write expectations against the
|
142
|
-
# shell_out args and be able to omit nils and such in the tests (and to test that the nils are
|
143
|
-
# being rejected correctly).
|
144
|
-
#
|
145
|
-
# @param args [String] variable number of string arguments
|
146
|
-
# @return [Array] array of strings with nil and null string rejection
|
147
|
-
|
148
|
-
def self.clean_array(*args)
|
149
|
-
args.flatten.compact.map(&:to_s)
|
150
|
-
end
|
151
|
-
|
152
|
-
def self.transport_connection
|
153
|
-
Chef.run_context.transport_connection
|
154
|
-
end
|
155
|
-
|
156
|
-
def self.shell_out_command(*args, **options)
|
157
|
-
if Chef::Config.target_mode?
|
158
|
-
FakeShellOut.new(args, options, transport_connection.run_command(args.join(" "))) # FIXME: train should accept run_command(*args)
|
159
|
-
else
|
160
|
-
cmd = if options.empty?
|
161
|
-
Mixlib::ShellOut.new(*args)
|
162
|
-
else
|
163
|
-
Mixlib::ShellOut.new(*args, **options)
|
164
|
-
end
|
165
|
-
cmd.live_stream ||= io_for_live_stream
|
166
|
-
cmd.run_command
|
167
|
-
cmd
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def self.io_for_live_stream
|
172
|
-
if STDOUT.tty? && !Chef::Config[:daemon] && Chef::Log.debug?
|
173
|
-
STDOUT
|
174
|
-
else
|
175
|
-
nil
|
176
|
-
end
|
177
|
-
end
|
178
|
-
|
179
|
-
def self.env_path
|
180
|
-
if ChefUtils.windows?
|
181
|
-
"Path"
|
182
|
-
else
|
183
|
-
"PATH"
|
184
|
-
end
|
185
|
-
end
|
186
|
-
|
187
|
-
class FakeShellOut
|
188
|
-
attr_reader :stdout, :stderr, :exitstatus, :status
|
189
|
-
|
190
|
-
def initialize(args, options, result)
|
191
|
-
@args = args
|
192
|
-
@options = options
|
193
|
-
@stdout = result.stdout
|
194
|
-
@stderr = result.stderr
|
195
|
-
@exitstatus = result.exit_status
|
196
|
-
@status = OpenStruct.new(success?: ( exitstatus == 0 ))
|
197
|
-
end
|
198
|
-
|
199
|
-
def error?
|
200
|
-
exitstatus != 0
|
201
|
-
end
|
202
|
-
|
203
|
-
def error!
|
204
|
-
raise Mixlib::ShellOut::ShellCommandFailed, "Unexpected exit status of #{exitstatus} running #{@args}" if error?
|
205
|
-
end
|
206
|
-
end
|
24
|
+
include Mixlib::ShellOut::Helper
|
25
|
+
include Chef::Mixin::ChefUtilsWiring
|
207
26
|
end
|
208
27
|
end
|
209
28
|
end
|
210
|
-
|
211
|
-
# Break circular dep
|
212
|
-
require_relative "../config"
|
data/lib/chef/mixin/template.rb
CHANGED
data/lib/chef/mixin/which.rb
CHANGED
@@ -16,20 +16,23 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
|
18
18
|
require "chef-utils/dsl/which" unless defined?(ChefUtils::DSL::Which)
|
19
|
-
require "chef-utils/dsl/
|
19
|
+
require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
|
20
|
+
require "chef/mixin/chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
|
20
21
|
|
21
22
|
class Chef
|
22
23
|
module Mixin
|
23
24
|
module Which
|
24
25
|
include ChefUtils::DSL::Which
|
26
|
+
include ChefUtils::DSL::DefaultPaths
|
27
|
+
include ChefUtilsWiring
|
25
28
|
|
26
29
|
private
|
27
30
|
|
28
|
-
# we dep-inject
|
31
|
+
# we dep-inject default paths into this API for historical reasons
|
29
32
|
#
|
30
33
|
# @api private
|
31
34
|
def __extra_path
|
32
|
-
|
35
|
+
__default_paths
|
33
36
|
end
|
34
37
|
end
|
35
38
|
end
|
data/lib/chef/mixins.rb
CHANGED
@@ -6,6 +6,7 @@ require_relative "mixin/deep_merge"
|
|
6
6
|
require_relative "mixin/enforce_ownership_and_permissions"
|
7
7
|
require_relative "mixin/from_file"
|
8
8
|
require_relative "mixin/params_validate"
|
9
|
+
require_relative "mixin/default_paths"
|
9
10
|
require_relative "mixin/path_sanity"
|
10
11
|
require_relative "mixin/template"
|
11
12
|
require_relative "mixin/securable"
|
data/lib/chef/node.rb
CHANGED
@@ -34,8 +34,8 @@ require_relative "node/attribute"
|
|
34
34
|
require_relative "mash"
|
35
35
|
require_relative "json_compat"
|
36
36
|
require_relative "search/query"
|
37
|
-
require_relative "
|
38
|
-
require_relative "
|
37
|
+
require_relative "attribute_allowlist"
|
38
|
+
require_relative "attribute_blocklist"
|
39
39
|
|
40
40
|
class Chef
|
41
41
|
class Node
|
@@ -706,21 +706,45 @@ class Chef
|
|
706
706
|
end
|
707
707
|
end
|
708
708
|
|
709
|
+
# a method to handle the renamed configuration from whitelist -> allowed
|
710
|
+
# and to throw a deprecation warning when the old configuration is set
|
711
|
+
#
|
712
|
+
# @param [String] level the attribute level
|
713
|
+
def allowlist_or_whitelist_config(level)
|
714
|
+
if Chef::Config["#{level}_attribute_whitelist".to_sym]
|
715
|
+
Chef.deprecated(:attribute_blacklist_configuration, "Attribute whitelist configurations have been deprecated. Use the allowed_LEVEL_attribute configs instead")
|
716
|
+
Chef::Config["#{level}_attribute_whitelist".to_sym]
|
717
|
+
else
|
718
|
+
Chef::Config["allowed_#{level}_attributes".to_sym]
|
719
|
+
end
|
720
|
+
end
|
721
|
+
|
722
|
+
# a method to handle the renamed configuration from blacklist -> blocked
|
723
|
+
# and to throw a deprecation warning when the old configuration is set
|
724
|
+
#
|
725
|
+
# @param [String] level the attribute level
|
726
|
+
def blocklist_or_blacklist_config(level)
|
727
|
+
if Chef::Config["#{level}_attribute_blacklist".to_sym]
|
728
|
+
Chef.deprecated(:attribute_blacklist_configuration, "Attribute blacklist configurations have been deprecated. Use the blocked_LEVEL_attribute configs instead")
|
729
|
+
Chef::Config["#{level}_attribute_blacklist".to_sym]
|
730
|
+
else
|
731
|
+
Chef::Config["blocked_#{level}_attributes".to_sym]
|
732
|
+
end
|
733
|
+
end
|
734
|
+
|
709
735
|
def data_for_save
|
710
736
|
data = for_json
|
711
737
|
%w{automatic default normal override}.each do |level|
|
712
|
-
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
data[level] = Chef::Whitelist.filter(data[level], whitelist)
|
738
|
+
allowlist = allowlist_or_whitelist_config(level)
|
739
|
+
unless allowlist.nil? # nil => save everything
|
740
|
+
logger.info("Allowing #{level} node attributes for save.")
|
741
|
+
data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
|
717
742
|
end
|
718
743
|
|
719
|
-
|
720
|
-
|
721
|
-
|
722
|
-
|
723
|
-
data[level] = Chef::Blacklist.filter(data[level], blacklist)
|
744
|
+
blocklist = blocklist_or_blacklist_config(level)
|
745
|
+
unless blocklist.nil? # nil => remove nothing
|
746
|
+
logger.info("Blocking #{level} node attributes for save")
|
747
|
+
data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
|
724
748
|
end
|
725
749
|
end
|
726
750
|
data
|
data/lib/chef/node_map.rb
CHANGED
@@ -35,10 +35,13 @@
|
|
35
35
|
#
|
36
36
|
# XXX: confusingly, in the *_priority_map the :klass may be an array of Strings of class names
|
37
37
|
#
|
38
|
+
|
39
|
+
require_relative "dist"
|
40
|
+
|
38
41
|
class Chef
|
39
42
|
class NodeMap
|
40
43
|
COLLISION_WARNING = <<~EOH.gsub(/\s+/, " ").strip
|
41
|
-
%{type_caps} %{key}
|
44
|
+
%{type_caps} %{key} built into %{client_name} is being overridden by the %{type} from a cookbook. Please upgrade your cookbook
|
42
45
|
or remove the cookbook from your run_list.
|
43
46
|
EOH
|
44
47
|
|
@@ -83,7 +86,7 @@ class Chef
|
|
83
86
|
else
|
84
87
|
klass.superclass.to_s
|
85
88
|
end
|
86
|
-
Chef::Log.warn( COLLISION_WARNING % { type: type_of_thing, key: key, type_caps: type_of_thing.capitalize } )
|
89
|
+
Chef::Log.warn( COLLISION_WARNING % { type: type_of_thing, key: key, type_caps: type_of_thing.capitalize, client_name: Chef::Dist::PRODUCT } )
|
87
90
|
end
|
88
91
|
|
89
92
|
# The map is sorted in order of preference already; we just need to find
|
@@ -209,7 +212,7 @@ class Chef
|
|
209
212
|
# - no negative matches (!value)
|
210
213
|
# - at least one positive match (value or :all), or no positive filters
|
211
214
|
#
|
212
|
-
def
|
215
|
+
def matches_block_allow_list?(node, filters, attribute)
|
213
216
|
# It's super common for the filter to be nil. Catch that so we don't
|
214
217
|
# spend any time here.
|
215
218
|
return true unless filters[attribute]
|
@@ -217,21 +220,21 @@ class Chef
|
|
217
220
|
filter_values = Array(filters[attribute])
|
218
221
|
value = node[attribute]
|
219
222
|
|
220
|
-
# Split the
|
221
|
-
|
223
|
+
# Split the blocklist and allowlist
|
224
|
+
blocklist, allowlist = filter_values.partition { |v| v.is_a?(String) && v.start_with?("!") }
|
222
225
|
|
223
226
|
if attribute == :platform_family
|
224
|
-
# If any
|
225
|
-
return false if
|
227
|
+
# If any blocklist value matches, we don't match
|
228
|
+
return false if blocklist.any? { |v| v[1..-1] == value || platform_family_query_helper?(node, v[1..-1]) }
|
226
229
|
|
227
|
-
# If the
|
228
|
-
|
230
|
+
# If the allowlist is empty, or anything matches, we match.
|
231
|
+
allowlist.empty? || allowlist.any? { |v| v == :all || v == value || platform_family_query_helper?(node, v) }
|
229
232
|
else
|
230
|
-
# If any
|
231
|
-
return false if
|
233
|
+
# If any blocklist value matches, we don't match
|
234
|
+
return false if blocklist.any? { |v| v[1..-1] == value }
|
232
235
|
|
233
|
-
# If the
|
234
|
-
|
236
|
+
# If the allowlist is empty, or anything matches, we match.
|
237
|
+
allowlist.empty? || allowlist.any? { |v| v == :all || v == value }
|
235
238
|
end
|
236
239
|
end
|
237
240
|
|
@@ -260,9 +263,9 @@ class Chef
|
|
260
263
|
end
|
261
264
|
|
262
265
|
def filters_match?(node, filters)
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
+
matches_block_allow_list?(node, filters, :os) &&
|
267
|
+
matches_block_allow_list?(node, filters, :platform_family) &&
|
268
|
+
matches_block_allow_list?(node, filters, :platform) &&
|
266
269
|
matches_version_list?(node, filters, :platform_version) &&
|
267
270
|
matches_target_mode?(filters)
|
268
271
|
end
|
@@ -311,8 +314,8 @@ class Chef
|
|
311
314
|
return -1 if !b && a
|
312
315
|
return 0 if !a && !b
|
313
316
|
|
314
|
-
# Check for
|
315
|
-
#
|
317
|
+
# Check for blocklists ('!windows'). Those always come *after* positive
|
318
|
+
# allowlists.
|
316
319
|
a_negated = Array(a).any? { |f| f.is_a?(String) && f.start_with?("!") }
|
317
320
|
b_negated = Array(b).any? { |f| f.is_a?(String) && f.start_with?("!") }
|
318
321
|
return 1 if a_negated && !b_negated
|
@@ -17,38 +17,41 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require_relative "../chef_class"
|
20
|
-
require "chef-utils"
|
20
|
+
require "chef-utils" unless defined?(ChefUtils::CANARY)
|
21
|
+
require "chef/mixin/chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
|
21
22
|
|
22
23
|
class Chef
|
23
24
|
class Platform
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
25
|
+
module ServiceHelpers
|
26
|
+
include ChefUtils::DSL::Service
|
27
|
+
include Chef::Mixin::ChefUtilsWiring
|
28
|
+
|
29
|
+
def service_resource_providers
|
30
|
+
providers = []
|
31
|
+
|
32
|
+
providers << :debian if debianrcd?
|
33
|
+
providers << :invokercd if invokercd?
|
34
|
+
providers << :upstart if upstart?
|
35
|
+
providers << :insserv if insserv?
|
36
|
+
providers << :systemd if systemd?
|
37
|
+
providers << :redhat if redhatrcd?
|
38
|
+
|
39
|
+
providers
|
40
|
+
end
|
41
|
+
|
42
|
+
def config_for_service(service_name)
|
43
|
+
configs = []
|
44
|
+
|
45
|
+
configs << :initd if service_script_exist?(:initd, service_name)
|
46
|
+
configs << :upstart if service_script_exist?(:upstart, service_name)
|
47
|
+
configs << :xinetd if service_script_exist?(:xinetd, service_name)
|
48
|
+
configs << :systemd if service_script_exist?(:systemd, service_name)
|
49
|
+
configs << :etc_rcd if service_script_exist?(:etc_rcd, service_name)
|
50
|
+
|
51
|
+
configs
|
51
52
|
end
|
53
|
+
|
54
|
+
extend self
|
52
55
|
end
|
53
56
|
end
|
54
57
|
end
|