chef 16.4.35 → 16.6.14

data/lib/chef/cookbook/cookbook_version_loader.rb

@@ -17,7 +17,7 @@ require_relative "../cookbook_version"
 require_relative "chefignore"
 require_relative "metadata"
 require_relative "../util/path_helper"
-require "find"
+require "find" unless defined?(Find.find)
 
 class Chef
   class Cookbook

data/lib/chef/cookbook/gem_installer.rb

@@ -47,7 +47,7 @@ class Chef
                 v2
               end
             end
-            cookbook_gems[args.first] += args[1..-1]
+            cookbook_gems[args.first] += args[1..]
           end
         end
 

data/lib/chef/cookbook/synchronizer.rb

@@ -17,7 +17,7 @@ require_relative "../client"
 require_relative "../util/threaded_job_queue"
 require_relative "../server_api"
 require "singleton" unless defined?(Singleton)
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
 
@@ -65,7 +65,7 @@ class Chef
         # manifest.
         cache.find(File.join(%w{cookbooks ** {*,.*}})).each do |cache_filename|
           unless @valid_cache_entries[cache_filename]
-            Chef::Log.info("Removing #{cache_filename} from the cache; it is no longer needed by #{Chef::Dist::CLIENT}.")
+            Chef::Log.info("Removing #{cache_filename} from the cache; it is no longer needed by #{ChefUtils::Dist::Infra::CLIENT}.")
             cache.delete(cache_filename)
           end
         end

data/lib/chef/cookbook_site_streaming_uploader.rb

@@ -18,11 +18,17 @@
 # limitations under the License.
 #
 
-require "uri" unless defined?(URI)
-require "net/http" unless defined?(Net::HTTP)
-require "mixlib/authentication/signedheaderauth"
-require "openssl" unless defined?(OpenSSL)
-require_relative "dist"
+autoload :URI, "uri"
+module Net
+  autoload :HTTP, File.expand_path("monkey_patches/net_http", __dir__)
+end
+autoload :OpenSSL, "openssl"
+module Mixlib
+  module Authentication
+    autoload :SignedHeaderAuth, "mixlib/authentication/signedheaderauth"
+  end
+end
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   # == Chef::CookbookSiteStreamingUploader
@@ -37,7 +43,7 @@ class Chef
     class << self
 
       def create_build_dir(cookbook)
-        tmp_cookbook_path = Tempfile.new("#{Chef::Dist::SHORT}-#{cookbook.name}-build")
+        tmp_cookbook_path = Tempfile.new("#{ChefUtils::Dist::Infra::SHORT}-#{cookbook.name}-build")
         tmp_cookbook_path.close
         tmp_cookbook_dir = tmp_cookbook_path.path
         File.unlink(tmp_cookbook_dir)
@@ -225,11 +231,7 @@ class Chef
           @part_no += 1
           @part_offset = 0
           next_part = read(how_much_next_part)
-          result = current_part + if next_part
-                                    next_part
-                                  else
-                                    ""
-                                  end
+          result = current_part + (next_part || "")
         else
           @part_offset += how_much_current_part
           result = current_part

data/lib/chef/cookbook_uploader.rb

@@ -1,5 +1,5 @@
 
-require "set" unless defined?(Set)
+autoload :Set, "set"
 require_relative "exceptions"
 require_relative "knife/cookbook_metadata"
 require_relative "digester"

data/lib/chef/data_collector.rb

@@ -21,12 +21,12 @@
 require_relative "server_api"
 require_relative "http/simple_json"
 require_relative "event_dispatch/base"
-require "set" unless defined?(Set)
+autoload :Set, "set"
 require_relative "data_collector/run_end_message"
 require_relative "data_collector/run_start_message"
 require_relative "data_collector/config_validation"
 require_relative "data_collector/error_handlers"
-require_relative "dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class DataCollector
@@ -182,7 +182,7 @@ class Chef
         events.unregister(self) unless Chef::Config[:data_collector][:output_locations]
 
         begin
-          code = e&.response&.code&.to_s
+          code = e&.response&.code.to_s
         rescue
           # i really don't care
         end
@@ -197,7 +197,7 @@ class Chef
         else
           if code == "404"
             # Make the message non-scary for folks who don't have automate:
-            msg << " (This is normal if you do not have #{Chef::Dist::AUTOMATE})"
+            msg << " (This is normal if you do not have #{ChefUtils::Dist::Automate::PRODUCT})"
             Chef::Log.debug(msg)
           else
             Chef::Log.warn(msg)
@@ -212,8 +212,9 @@ class Chef
       def send_to_output_locations(message)
         return unless Chef::Config[:data_collector][:output_locations]
 
+        Chef::DataCollector::ConfigValidation.validate_output_locations!
         Chef::Config[:data_collector][:output_locations].each do |type, locations|
-          locations.each do |location|
+          Array(locations).each do |location|
             send_to_file_location(location, message) if type == :files
             send_to_http_location(location, message) if type == :urls
           end
@@ -226,7 +227,7 @@ class Chef
       # @param message [Hash] the message to render as JSON
       #
       def send_to_file_location(file_name, message)
-        File.open(file_name, "a") do |fh|
+        File.open(File.expand_path(file_name), "a") do |fh|
           fh.puts Chef::JSONCompat.to_json(message, validate_utf8: false)
         end
       end

data/lib/chef/data_collector/config_validation.rb

@@ -16,6 +16,7 @@
 #
 
 require "uri" unless defined?(URI)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class DataCollector
@@ -46,14 +47,14 @@ class Chef
           return unless output_locations
 
           # but deliberately setting an empty output_location we consider to be an error (XXX: but should we?)
-          if output_locations.empty?
+          unless valid_hash_with_keys?(output_locations, :urls, :files)
             raise Chef::Exceptions::ConfigurationError,
               "Chef::Config[:data_collector][:output_locations] is empty. Please supply an hash of valid URLs and / or local file paths."
           end
 
           # loop through all the types and locations and validate each one-by-one
           output_locations.each do |type, locations|
-            locations.each do |location|
+            Array(locations).each do |location|
               validate_url!(location) if type == :urls
               validate_file!(location) if type == :files
             end
@@ -86,15 +87,20 @@ class Chef
             false
           when running_mode == :client && Chef::Config[:data_collector][:token]
             Chef::Log.warn("Data collector token authentication is not recommended for client-server mode. " \
-                           "Please upgrade #{Chef::Dist::SERVER_PRODUCT} to 12.11 or later and remove the token from your config file " \
+                           "Please upgrade #{ChefUtils::Dist::Server::PRODUCT} to 12.11 or later and remove the token from your config file " \
                            "to use key based authentication instead")
             true
-          when Chef::Config[:data_collector][:output_locations] && Chef::Config[:data_collector][:output_locations][:files] && !Chef::Config[:data_collector][:output_locations][:files].empty?
+          when Chef::Config[:data_collector][:output_locations] && !valid_hash_with_keys?(Chef::Config[:data_collector][:output_locations], :urls)
             # we can run fine to a file without a token, even in solo mode.
+            unless valid_hash_with_keys?(Chef::Config[:data_collector][:output_locations], :files)
+              raise Chef::Exceptions::ConfigurationError,
+                "Chef::Config[:data_collector][:output_locations] is empty. Please supply an hash of valid URLs and / or local file paths."
+            end
+
             true
           when running_mode == :solo && !Chef::Config[:data_collector][:token]
             # we are in solo mode and are not logging to a file, so must have a token
-            Chef::Log.trace("Data collector token must be configured to use #{Chef::Dist::AUTOMATE} data collector with #{Chef::Dist::SOLO}")
+            Chef::Log.trace("Data collector token must be configured to use #{ChefUtils::Dist::Automate::PRODUCT} data collector with #{ChefUtils::Dist::Solo::PRODUCT}")
             false
           else
             true
@@ -105,16 +111,10 @@ class Chef
 
         # validate an output_location file
         def validate_file!(file)
-          open(file, "a") {}
-        rescue Errno::ENOENT
+          return true if Chef::Config.path_accessible?(File.expand_path(file))
+
           raise Chef::Exceptions::ConfigurationError,
             "Chef::Config[:data_collector][:output_locations][:files] contains the location #{file}, which is a non existent file path."
-        rescue Errno::EACCES
-          raise Chef::Exceptions::ConfigurationError,
-            "Chef::Config[:data_collector][:output_locations][:files] contains the location #{file}, which cannot be written to by Chef."
-        rescue Exception => e
-          raise Chef::Exceptions::ConfigurationError,
-            "Chef::Config[:data_collector][:output_locations][:files] contains the location #{file}, which is invalid: #{e.message}."
         end
 
         # validate an output_location url
@@ -125,6 +125,15 @@ class Chef
             "Chef::Config[:data_collector][:output_locations][:urls] contains the url #{url} which is not valid."
         end
 
+        # Validate the hash contains at least one of the given keys.
+        #
+        # @param hash [Hash] the hash to be validated.
+        # @param keys [Array] an array of keys to check existence of in the hash.
+        # @return [Boolean] true if the hash contains any of the given keys.
+        #
+        def valid_hash_with_keys?(hash, *keys)
+          hash.is_a?(Hash) && keys.any? { |k| hash.key?(k) }
+        end
       end
     end
   end

data/lib/chef/data_collector/run_end_message.rb

@@ -60,8 +60,8 @@ class Chef
             "cookbooks" => ( node && node["cookbooks"] ) || {},
             "policy_name" => node&.policy_name,
             "policy_group" => node&.policy_group,
-            "start_time" => run_status.start_time.utc.iso8601,
-            "end_time" => run_status.end_time.utc.iso8601,
+            "start_time" => run_status&.start_time&.utc&.iso8601,
+            "end_time" => run_status&.end_time&.utc&.iso8601,
             "source" => solo_run? ? "chef_solo" : "chef_client",
             "status" => status,
             "total_resource_count" => all_action_records(action_collection).count,

data/lib/chef/data_collector/run_start_message.rb

@@ -51,7 +51,7 @@ class Chef
             "organization_name" => organization,
             "run_id" => run_status&.run_id,
             "source" => solo_run? ? "chef_solo" : "chef_client",
-            "start_time" => run_status.start_time.utc.iso8601,
+            "start_time" => run_status&.start_time&.utc&.iso8601,
           }
         end
       end

data/lib/chef/deprecated.rb

@@ -113,7 +113,7 @@ class Chef
         # @return [void]
         def target(id, page = nil)
           @deprecation_id = id
-          @doc_page = page || "#{deprecation_key}"
+          @doc_page = page || deprecation_key.to_s
         end
       end
     end

data/lib/chef/deprecation/warnings.rb

@@ -21,12 +21,12 @@ class Chef
     module Warnings
 
       require_relative "../version"
-      require_relative "../dist"
+      require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
       def add_deprecation_warnings_for(method_names)
         method_names.each do |name|
           define_method(name) do |*args|
-            message = "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in #{Chef::Dist::PRODUCT} #{Chef::VERSION.to_i.next}."
+            message = "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in #{ChefUtils::Dist::Infra::PRODUCT} #{Chef::VERSION.to_i.next}."
             message << " Please update your cookbooks accordingly."
             Chef.deprecated(:internal_api, message)
             super(*args)

data/lib/chef/digester.rb

@@ -18,8 +18,8 @@
 # limitations under the License.
 #
 
-require "openssl" unless defined?(OpenSSL)
-require "digest" unless defined?(Digest)
+autoload :OpenSSL, "openssl"
+autoload :Digest, "digest"
 require "singleton" unless defined?(Singleton)
 
 class Chef

data/lib/chef/dsl/chef_vault.rb

@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require "chef-vault"
+autoload :ChefVault, "chef-vault"
 require_relative "data_query"
 
 class Chef

data/lib/chef/dsl/data_query.rb

@@ -17,8 +17,8 @@
 #
 
 require_relative "../search/query"
-require_relative "../data_bag"
-require_relative "../data_bag_item"
+Chef.autoload :DataBag, File.expand_path("../data_bag", __dir__)
+Chef.autoload :DataBagItem, File.expand_path("../data_bag_item", __dir__)
 require_relative "../encrypted_data_bag_item"
 require_relative "../encrypted_data_bag_item/check_encrypted"
 

data/lib/chef/dsl/platform_introspection.rb

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-require "chef-utils" unless defined?(ChefUtils::CANARY)
+autoload :ChefUtils, "chef-utils"
 require_relative "../mixin/chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
 
 class Chef

data/lib/chef/encrypted_data_bag_item.rb

@@ -17,11 +17,9 @@
 #
 
 require_relative "config"
-require_relative "data_bag_item"
+Chef.autoload :DataBagItem, File.expand_path("data_bag_item", __dir__)
 require_relative "encrypted_data_bag_item/decryptor"
 require_relative "encrypted_data_bag_item/encryptor"
-require_relative "dist"
-require "open-uri"
 
 # An EncryptedDataBagItem represents a read-only data bag item where
 # all values, except for the value associated with the id key, have
@@ -129,9 +127,10 @@ class Chef::EncryptedDataBagItem
   end
 
   def self.load_secret(path = nil)
+    require "open-uri" unless defined?(OpenURI)
     path ||= Chef::Config[:encrypted_data_bag_secret]
     unless path
-      raise ArgumentError, "No secret specified and no secret found at #{Chef::Config.platform_specific_path(Chef::Dist::CONF_DIR + "/encrypted_data_bag_secret")}"
+      raise ArgumentError, "No secret specified and no secret found at #{Chef::Config.platform_specific_path(ChefConfig::Config.etc_chef_dir) + "/encrypted_data_bag_secret"}"
     end
 
     secret = case path

data/lib/chef/encrypted_data_bag_item/decryptor.rb

@@ -16,10 +16,10 @@
 # limitations under the License.
 #
 
-require "yaml" unless defined?(YAML)
+autoload :YAML, "yaml"
 require_relative "../json_compat"
-require "openssl" unless defined?(OpenSSL)
-require "base64"
+autoload :OpenSSL, "openssl"
+autoload :Base64, "base64"
 require "digest/sha2" unless defined?(Digest::SHA2)
 require_relative "../encrypted_data_bag_item"
 require_relative "unsupported_encrypted_data_bag_item_format"

data/lib/chef/encrypted_data_bag_item/encryptor.rb

@@ -16,10 +16,10 @@
 # limitations under the License.
 #
 
-require "base64"
+autoload :Base64, "base64"
 require "digest/sha2" unless defined?(Digest::SHA2)
-require "openssl" unless defined?(OpenSSL)
-require "ffi_yajl" unless defined?(FFI_Yajl)
+autoload :OpenSSL, "openssl"
+autoload :FFI_Yajl, "ffi_yajl"
 require_relative "../encrypted_data_bag_item"
 require_relative "unsupported_encrypted_data_bag_item_format"
 require_relative "encryption_failure"

data/lib/chef/environment.rb

@@ -25,7 +25,7 @@ require_relative "mixin/params_validate"
 require_relative "mixin/from_file"
 require_relative "version_constraint"
 require_relative "server_api"
-require_relative "dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Environment
@@ -308,7 +308,7 @@ class Chef
     def self.validate_cookbook_version(version)
       if Chef::Config[:solo_legacy_mode]
         raise Chef::Exceptions::IllegalVersionConstraint,
-          "Environment cookbook version constraints not allowed in #{Chef::Dist::SOLO}"
+          "Environment cookbook version constraints not allowed in #{ChefUtils::Dist::Solo::PRODUCT}"
       else
         Chef::VersionConstraint.new version
         true

data/lib/chef/event_loggers/windows_eventlog.rb

@@ -19,7 +19,7 @@
 require_relative "base"
 require_relative "../platform/query_helpers"
 require_relative "../win32/eventlog"
-require_relative "../dist"
+require "chef-utils" unless defined?(ChefUtils::CANARY)
 
 class Chef
   module EventLoggers
@@ -36,7 +36,7 @@ class Chef
       LOG_CATEGORY_ID = 11001
 
       # Since we must install the event logger, this is not really configurable
-      SOURCE = Chef::Dist::SHORT.freeze
+      SOURCE = ChefUtils::Dist::Infra::SHORT.freeze
 
       def self.available?
         ChefUtils.windows?

data/lib/chef/exceptions.rb

@@ -18,7 +18,7 @@
 # limitations under the License.
 
 require "chef-config/exceptions"
-require_relative "dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require_relative "constants"
 
 class Chef
@@ -301,7 +301,7 @@ class Chef
 
       def client_run_failure(exception)
         set_backtrace(exception.backtrace)
-        @all_failures << [ "#{Chef::Dist::PRODUCT} run", exception ]
+        @all_failures << [ "#{ChefUtils::Dist::Infra::PRODUCT} run", exception ]
       end
 
       def notification_failure(exception)
@@ -402,7 +402,7 @@ class Chef
       def initialize(response_length, content_length)
         super <<~EOF
           Response body length #{response_length} does not match HTTP Content-Length header #{content_length}.
-          This error is most often caused by network issues (proxies, etc) outside of #{Chef::Dist::CLIENT}.
+          This error is most often caused by network issues (proxies, etc) outside of #{ChefUtils::Dist::Infra::CLIENT}.
         EOF
       end
     end
@@ -477,7 +477,7 @@ class Chef
     class CookbookChefVersionMismatch < RuntimeError
       def initialize(chef_version, cookbook_name, cookbook_version, *constraints)
         constraint_str = constraints.map { |c| c.requirement.as_list.to_s }.join(", ")
-        super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on #{Chef::Dist::PRODUCT} version #{constraint_str}, but the running #{Chef::Dist::PRODUCT} version is #{chef_version}"
+        super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on #{ChefUtils::Dist::Infra::PRODUCT} version #{constraint_str}, but the running #{ChefUtils::Dist::Infra::PRODUCT} version is #{chef_version}"
       end
     end
 

data/lib/chef/file_access_control/windows.rb

@@ -112,7 +112,11 @@ class Chef
 
       def get_sid(value)
         if value.is_a?(String)
-          SID.from_account(value)
+          begin
+            Security.convert_string_sid_to_sid(value)
+          rescue Chef::Exceptions::Win32APIError
+            SID.from_account(value)
+          end
         elsif value.is_a?(SID)
           value
         else