chef 16.2.73 → 16.3.38

data/lib/chef/exceptions.rb

@@ -198,6 +198,7 @@ class Chef
     class MetadataNotFound < StandardError
       attr_reader :install_path
       attr_reader :cookbook_name
+
       def initialize(install_path, cookbook_name)
         @install_path = install_path
         @cookbook_name = cookbook_name
@@ -448,6 +449,7 @@ class Chef
     # to correctly populate the backtrace with the wrapped backtraces.
     class RunFailedWrappingError < RuntimeError
       attr_reader :wrapped_errors
+
       def initialize(*errors)
         errors = errors.select { |e| !e.nil? }
         output = "Found #{errors.size} errors, they are stored in the backtrace"
@@ -488,6 +490,7 @@ class Chef
 
     class MultipleDscResourcesFound < RuntimeError
       attr_reader :resources_found
+
       def initialize(resources_found)
         @resources_found = resources_found
         matches_info = @resources_found.each do |r|

data/lib/chef/http/authenticator.rb

@@ -24,7 +24,7 @@ class Chef
   class HTTP
     class Authenticator
 
-      DEFAULT_SERVER_API_VERSION = "1".freeze
+      DEFAULT_SERVER_API_VERSION = "2".freeze
 
       attr_reader :signing_key_filename
       attr_reader :raw_key

data/lib/chef/knife.rb

@@ -20,10 +20,10 @@
 require "forwardable" unless defined?(Forwardable)
 require_relative "version"
 require "mixlib/cli" unless defined?(Mixlib::CLI)
-require "chef-utils/dsl/path_sanity" unless defined?(ChefUtils::DSL::PathSanity)
+require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
 require_relative "workstation_config_loader"
 require_relative "mixin/convert_to_class_name"
-require_relative "mixin/path_sanity"
+require_relative "mixin/default_paths"
 require_relative "knife/core/subcommand_loader"
 require_relative "knife/core/ui"
 require_relative "local_mode"
@@ -40,7 +40,7 @@ class Chef
     Chef::HTTP::HTTPRequest.user_agent = "#{Chef::Dist::PRODUCT} Knife#{Chef::HTTP::HTTPRequest::UA_COMMON}"
 
     include Mixlib::CLI
-    include ChefUtils::DSL::PathSanity
+    include ChefUtils::DSL::DefaultPaths
     extend Chef::Mixin::ConvertToClassName
     extend Forwardable
 
@@ -484,7 +484,7 @@ class Chef
       unless respond_to?(:run)
         ui.error "You need to add a #run method to your knife command before you can use it"
       end
-      ENV["PATH"] = sanitized_path if Chef::Config[:enforce_path_sanity]
+      ENV["PATH"] = default_paths if Chef::Config[:enforce_default_paths] || Chef::Config[:enforce_path_sanity]
       maybe_setup_fips
       Chef::LocalMode.with_server_connectivity do
         run

data/lib/chef/knife/bootstrap.rb

@@ -538,7 +538,7 @@ class Chef
       end
 
       def run
-        check_license
+        check_license if ChefConfig::Dist::ENFORCE_LICENSE
 
         plugin_setup!
         validate_name_args!
@@ -630,9 +630,7 @@ class Chef
             raise
           else
             ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
-            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q|
-              q.echo = false
-            end
+            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
           end
 
           opts.merge! force_ssh_password_opts(password)
@@ -646,9 +644,7 @@ class Chef
             raise
           else
             ui.warn("Failed to authenticate #{opts[:user]} to #{server_name} - trying password auth")
-            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:") do |q|
-              q.echo = false
-            end
+            password = ui.ask("Enter password for #{opts[:user]}@#{server_name}:", echo: false)
           end
 
           opts.merge! force_winrm_password_opts(password)
@@ -681,9 +677,7 @@ class Chef
           retry
         elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3
           ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt")
-          sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:") do |q|
-            q.echo = false
-          end
+          sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:", echo: false)
           limit += 1
           conn_options[:sudo_password] = sudo_password
 

data/lib/chef/knife/bootstrap/train_connector.rb

@@ -322,6 +322,7 @@ class Chef
 
       class RemoteExecutionFailed < StandardError
         attr_reader :exit_status, :command, :hostname, :stdout, :stderr
+
         def initialize(hostname, command, result)
           @hostname = hostname
           @exit_status = result.exit_status

data/lib/chef/knife/config_get.rb

@@ -62,6 +62,7 @@ class Chef
           config_data.delete(:color)
           # Only keep these if true, false is much less important because it's the default.
           config_data.delete(:local_mode) unless config_data[:local_mode]
+          config_data.delete(:enforce_default_paths) unless config_data[:enforce_default_paths]
           config_data.delete(:enforce_path_sanity) unless config_data[:enforce_path_sanity]
         end
 

data/lib/chef/knife/config_list_profiles.rb

@@ -32,6 +32,10 @@ class Chef
         description: "Ignore the current config.rb/knife.rb configuration.",
         default: false
 
+      def configure_chef
+        apply_computed_config
+      end
+
       def run
         credentials_data = self.class.config_loader.parse_credentials_file
         if credentials_data.nil? || credentials_data.empty?
@@ -72,7 +76,6 @@ class Chef
         # Try to reset the config.
         unless config[:ignore_knife_rb]
           Chef::Config.reset
-          Chef::WorkstationConfigLoader.new(config[:config_file], Chef::Log, profile: config[:profile]).load
           apply_computed_config
         end
 

data/lib/chef/knife/configure.rb

@@ -92,7 +92,7 @@ class Chef
           user_create = Chef::Knife::UserCreate.new
           user_create.name_args = [ new_client_name ]
           user_create.config[:user_password] = config[:user_password] ||
-            ui.ask("Please enter a password for the new user: ") { |q| q.echo = false }
+            ui.ask("Please enter a password for the new user: ", echo: false)
           user_create.config[:admin] = true
           user_create.config[:file] = new_client_key
           user_create.config[:yes] = true

data/lib/chef/knife/cookbook_upload.rb

@@ -34,10 +34,10 @@ class Chef
       banner "knife cookbook upload [COOKBOOKS...] (options)"
 
       option :cookbook_path,
-        short: "-o PATH:PATH",
-        long: "--cookbook-path PATH:PATH",
-        description: "A colon-separated path to look for cookbooks in.",
-        proc: lambda { |o| o.split(":") }
+        short: "-o 'PATH:PATH'",
+        long: "--cookbook-path 'PATH:PATH'",
+        description: "A delimited path to search for cookbooks. On Unix the delimiter is ':', on Windows it is ';'.",
+        proc: lambda { |o| o.split(File::PATH_SEPARATOR) }
 
       option :freeze,
         long: "--freeze",
@@ -107,8 +107,7 @@ class Chef
           cookbook_path = config[:cookbook_path].respond_to?(:join) ? config[:cookbook_path].join(", ") : config[:cookbook_path]
           ui.warn("Could not find any cookbooks in your cookbook path: '#{File.expand_path(cookbook_path)}'. Use --cookbook-path to specify the desired path.")
         else
-          begin
-            tmp_cl = Chef::CookbookLoader.copy_to_tmp_dir_from_array(cookbooks)
+          Chef::CookbookLoader.copy_to_tmp_dir_from_array(cookbooks) do |tmp_cl|
             tmp_cl.load_cookbooks
             tmp_cl.compile_metadata
             tmp_cl.freeze_versions if config[:freeze]
@@ -127,7 +126,6 @@ class Chef
                   ui.error("Uploading of some of the cookbooks must be failed. Remove cookbook whose version is frozen from your cookbooks repo OR use --force option.")
                   upload_failures += 1
                 rescue SystemExit => e
-                  tmp_cl.unlink!
                   raise exit e.status
                 end
                 ui.info("Uploaded all cookbooks.") if upload_failures == 0
@@ -146,7 +144,6 @@ class Chef
                   ui.warn("Not updating version constraints for #{cookbook_name} in the environment as the cookbook is frozen.")
                   upload_failures += 1
                 rescue SystemExit => e
-                  tmp_cl.unlink!
                   raise exit e.status
                 end
               end
@@ -164,8 +161,6 @@ class Chef
             unless version_constraints_to_update.empty?
               update_version_constraints(version_constraints_to_update) if config[:environment]
             end
-          ensure
-            tmp_cl.unlink!
           end
         end
       end

data/lib/chef/knife/core/gem_glob_loader.rb

@@ -47,7 +47,7 @@ class Chef
 
         def find_subcommands_via_dirglob
           # The "require paths" of the core knife subcommands bundled with chef
-          files = Dir[File.join(Chef::Util::PathHelper.escape_glob_dir(File.expand_path("../../../knife", __FILE__)), "*.rb")]
+          files = Dir[File.join(Chef::Util::PathHelper.escape_glob_dir(File.expand_path("../../knife", __dir__)), "*.rb")]
           subcommand_files = {}
           files.each do |knife_file|
             rel_path = knife_file[/#{CHEF_ROOT}#{Regexp.escape(File::SEPARATOR)}(.*)\.rb/, 1]

data/lib/chef/knife/core/hashed_command_loader.rb

@@ -27,6 +27,7 @@ class Chef
         KEY = "_autogenerated_command_paths".freeze
 
         attr_accessor :manifest
+
         def initialize(chef_config_dir, plugin_manifest)
           super(chef_config_dir)
           @manifest = plugin_manifest

data/lib/chef/knife/core/subcommand_loader.rb

@@ -75,6 +75,25 @@ class Chef
         Chef::Util::PathHelper.home(".chef", "plugin_manifest.json")
       end
 
+      def self.generate_hash
+        output = if plugin_manifest?
+                   plugin_manifest
+                 else
+                   { Chef::Knife::SubcommandLoader::HashedCommandLoader::KEY => {} }
+                 end
+        output[Chef::Knife::SubcommandLoader::HashedCommandLoader::KEY]["plugins_paths"] = Chef::Knife.subcommand_files
+        output[Chef::Knife::SubcommandLoader::HashedCommandLoader::KEY]["plugins_by_category"] = Chef::Knife.subcommands_by_category
+        output
+      end
+
+      def self.write_hash(data)
+        plugin_manifest_dir = File.expand_path("..", plugin_manifest_path)
+        FileUtils.mkdir_p(plugin_manifest_dir) unless File.directory?(plugin_manifest_dir)
+        File.open(plugin_manifest_path, "w") do |f|
+          f.write(Chef::JSONCompat.to_json_pretty(data))
+        end
+      end
+
       def initialize(chef_config_dir)
         @chef_config_dir = chef_config_dir
       end
@@ -125,7 +144,7 @@ class Chef
       #
       def find_subcommands_via_dirglob
         # The "require paths" of the core knife subcommands bundled with chef
-        files = Dir[File.join(Chef::Util::PathHelper.escape_glob_dir(File.expand_path("../../../knife", __FILE__)), "*.rb")]
+        files = Dir[File.join(Chef::Util::PathHelper.escape_glob_dir(File.expand_path("../../knife", __dir__)), "*.rb")]
         subcommand_files = {}
         files.each do |knife_file|
           rel_path = knife_file[/#{CHEF_ROOT}#{Regexp.escape(File::SEPARATOR)}(.*)\.rb/, 1]

data/lib/chef/knife/core/ui.rb

@@ -61,6 +61,12 @@ class Chef
         end
       end
 
+      # Creates a new object of class TTY::Prompt
+      # with interrupt as exit so that it can be terminated with status code.
+      def prompt
+        @prompt ||= TTY::Prompt.new(interrupt: :exit)
+      end
+
       # pastel.decorate is a lightweight replacement for highline.color
       def pastel
         @pastel ||= begin
@@ -163,8 +169,8 @@ class Chef
         Chef::Config[:color] && stdout.tty?
       end
 
-      def ask(*args, &block)
-        highline.ask(*args, &block)
+      def ask(*args, **options, &block)
+        prompt.ask(*args, **options, &block)
       end
 
       def list(*args)

data/lib/chef/knife/core/windows_bootstrap_context.rb

@@ -52,8 +52,7 @@ class Chef
         # will be interpreted by ruby later and do the right thing.
         def cleanpath(path)
           path = Pathname.new(path).cleanpath.to_s
-          path = path.gsub(File::SEPARATOR, '\\')
-          path
+          path.gsub(File::SEPARATOR, '\\')
         end
 
         def validation_key

data/lib/chef/knife/rehash.rb

@@ -34,7 +34,9 @@ class Chef
         else
           reload_plugins
         end
-        write_hash(generate_hash)
+
+        ui.msg "Knife subcommands are cached in #{Chef::Knife::SubcommandLoader.plugin_manifest_path}. Delete this file to disable the caching."
+        Chef::Knife::SubcommandLoader.write_hash(Chef::Knife::SubcommandLoader.generate_hash)
       end
 
       def reload_plugins
@@ -43,26 +45,6 @@ class Chef
         # loaded plugins and `load_commands` shouldn't have an effect.
         Chef::Knife.subcommand_loader.load_commands
       end
-
-      def generate_hash
-        output = if Chef::Knife::SubcommandLoader.plugin_manifest?
-                   Chef::Knife::SubcommandLoader.plugin_manifest
-                 else
-                   { Chef::Knife::SubcommandLoader::HashedCommandLoader::KEY => {} }
-                 end
-        output[Chef::Knife::SubcommandLoader::HashedCommandLoader::KEY]["plugins_paths"] = Chef::Knife.subcommand_files
-        output[Chef::Knife::SubcommandLoader::HashedCommandLoader::KEY]["plugins_by_category"] = Chef::Knife.subcommands_by_category
-        output
-      end
-
-      def write_hash(data)
-        plugin_manifest_dir = File.expand_path("..", Chef::Knife::SubcommandLoader.plugin_manifest_path)
-        FileUtils.mkdir_p(plugin_manifest_dir) unless File.directory?(plugin_manifest_dir)
-        File.open(Chef::Knife::SubcommandLoader.plugin_manifest_path, "w") do |f|
-          f.write(Chef::JSONCompat.to_json_pretty(data))
-          ui.msg "Knife subcommands are cached in #{Chef::Knife::SubcommandLoader.plugin_manifest_path}. Delete this file to disable the caching."
-        end
-      end
     end
   end
 end

data/lib/chef/knife/ssh.rb

@@ -296,6 +296,10 @@ class Chef
             opts[:keepalive] = true
             opts[:keepalive_interval] = ssh_config[:keepalive_interval]
           end
+          # maintain support for legacy key types / ciphers / key exchange algorithms.
+          # most importantly this adds back support for DSS host keys
+          # See https://github.com/net-ssh/net-ssh/pull/709
+          opts[:append_all_supported_algorithms] = true
         end
       end
 
@@ -384,7 +388,7 @@ class Chef
       end
 
       def prompt_for_password(prompt = "Enter your password: ")
-        ui.ask(prompt) { |q| q.echo = false }
+        ui.ask(prompt, echo: false)
       end
 
       # Present the prompt and read a single line from the console. It also

data/lib/chef/log.rb

@@ -28,8 +28,13 @@ class Chef
   class Log
     extend Mixlib::Log
 
+    def self.setup!
+      init(MonoLogger.new(STDOUT))
+      nil
+    end
+
     # Force initialization of the primary log device (@logger)
-    init(MonoLogger.new(STDOUT))
+    setup!
 
     class Formatter
       def self.show_time=(*args)
@@ -47,7 +52,7 @@ class Chef
     def self.caller_location
       # Pick the first caller that is *not* part of the Chef gem, that's the
       # thing the user wrote. Or failing that, the most recent caller.
-      chef_gem_path = File.expand_path("../..", __FILE__)
+      chef_gem_path = File.expand_path("..", __dir__)
       caller(0..20).find { |c| !c.start_with?(chef_gem_path) } || caller(0..1)[0]
     end
 

data/lib/chef/mixin/chef_utils_wiring.rb

@@ -0,0 +1,40 @@
+#--
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative "../log"
+require_relative "../config"
+require_relative "../chef_class"
+
+class Chef
+  module Mixin
+    # Common Dependency Injection wiring for ChefUtils-related modules
+    module ChefUtilsWiring
+      private
+
+      def __config
+        Chef::Config
+      end
+
+      def __log
+        Chef::Log
+      end
+
+      def __transport_connection
+        Chef.run_context&.transport_connection
+      end
+    end
+  end
+end

data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb}

@@ -1,5 +1,4 @@
 #
-# Author:: Adam Jacob (<adam@chef.io>)
 # Copyright:: Copyright (c) Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
@@ -16,9 +15,18 @@
 # limitations under the License.
 #
 
-require "tempfile"
-require "logger"
-require "spec_helper"
+require "chef-utils/dsl/default_paths" unless defined?(ChefUtils::DSL::DefaultPaths)
 
-describe Chef::Log do
+class Chef
+  module Mixin
+    module DefaultPaths
+      include ChefUtils::DSL::DefaultPaths
+
+      def enforce_default_paths(env = ENV)
+        if Chef::Config[:enforce_default_paths] || Chef::Config[:enforce_path_sanity]
+          env["PATH"] = default_paths(env)
+        end
+      end
+    end
+  end
 end

data/lib/chef/mixin/openssl_helper.rb

@@ -282,7 +282,9 @@ class Chef
           ef.issuer_certificate = info["issuer"]
         end
         ef.subject_certificate = cert
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
 
         cert.extensions = extension
         cert.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
@@ -313,7 +315,9 @@ class Chef
         crl.last_update = Time.now
         crl.next_update = Time.now + 3600 * 24 * info["validity"]
 
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
         ef.issuer_certificate = info["issuer"]
 
         crl.add_extension ::OpenSSL::X509::Extension.new("crlNumber", ::OpenSSL::ASN1::Integer(1))
@@ -369,8 +373,7 @@ class Chef
         revoked.add_extension(ext)
         crl.add_revoked(revoked)
 
-        crl = renew_x509_crl(crl, ca_private_key, info)
-        crl
+        renew_x509_crl(crl, ca_private_key, info)
       end
 
       # renew a X509 crl given
@@ -391,7 +394,9 @@ class Chef
         crl.next_update = crl.last_update + 3600 * 24 * info["validity"]
 
         ef = ::OpenSSL::X509::ExtensionFactory.new
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
         ef.issuer_certificate = info["issuer"]
 
         crl.extensions = [ ::OpenSSL::X509::Extension.new("crlNumber",
@@ -422,6 +427,23 @@ class Chef
 
         resp
       end
+
+      private
+
+      def __openssl_config
+        path = if File.exist?(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+                 OpenSSL::Config::DEFAULT_CONFIG_FILE
+               else
+                 Dir[File.join(RbConfig::CONFIG["prefix"], "**", "openssl.cnf")].first
+               end
+
+        if File.exist?(path)
+          ::OpenSSL::Config.load(path)
+        else
+          Chef::Log.warn("Couldn't find OpenSSL config file")
+          nil
+        end
+      end
     end
   end
 end