chef 16.4.41 → 16.5.64

data/spec/integration/knife/{config_get_spec.rb → config_show_spec.rb}

@@ -17,7 +17,7 @@ require "spec_helper"
 require "support/shared/integration/integration_helper"
 require "support/shared/context/config"
 
-describe "knife config get", :workstation do
+describe "knife config show", :workstation do
   include IntegrationSupport
   include KnifeSupport
 
@@ -27,7 +27,7 @@ describe "knife config get", :workstation do
 
   when_the_repository("has a custom env") do
     subject do
-      cmd = knife("config", "get", *cmd_args, instance_filter: lambda { |instance|
+      cmd = knife("config", "show", *cmd_args, instance_filter: lambda { |instance|
         # Clear the stub set up in KnifeSupport.
         allow(File).to receive(:file?).and_call_original
         # Lies, damn lies, and config files. We need to allow normal config loading
@@ -47,7 +47,7 @@ describe "knife config get", :workstation do
       ChefConfig::PathHelper.per_tool_home_environment = "KNIFE_HOME"
       # Clear these out because they are cached permanently.
       ChefConfig::PathHelper.class_exec { remove_class_variable(:@@home_dir) }
-      Chef::Knife::ConfigGet.reset_config_loader!
+      Chef::Knife::ConfigShow.reset_config_loader!
       begin
         ex.run
       ensure

data/spec/integration/knife/{config_use_profile_spec.rb → config_use_spec.rb}

@@ -17,7 +17,7 @@ require "spec_helper"
 require "support/shared/integration/integration_helper"
 require "support/shared/context/config"
 
-describe "knife config use-profile", :workstation do
+describe "knife config use", :workstation do
   include IntegrationSupport
   include KnifeSupport
 
@@ -26,15 +26,15 @@ describe "knife config use-profile", :workstation do
   let(:cmd_args) { [] }
 
   when_the_repository("has a custom env") do
-    let(:knife_use_profile) do
-      knife("config", "use-profile", *cmd_args, instance_filter: lambda { |instance|
+    let(:knife_use) do
+      knife("config", "use", *cmd_args, instance_filter: lambda { |instance|
         # Fake the failsafe check because this command doesn't actually process knife.rb.
         $__KNIFE_INTEGRATION_FAILSAFE_CHECK << " ole"
         allow(File).to receive(:file?).and_call_original
       })
     end
 
-    subject { knife_use_profile.stdout }
+    subject { knife_use.stdout }
 
     around do |ex|
       # Store and reset the value of some env vars.
@@ -45,7 +45,7 @@ describe "knife config use-profile", :workstation do
       ChefConfig::PathHelper.per_tool_home_environment = "KNIFE_HOME"
       # Clear these out because they are cached permanently.
       ChefConfig::PathHelper.class_exec { remove_class_variable(:@@home_dir) }
-      Chef::Knife::ConfigUseProfile.reset_config_loader!
+      Chef::Knife::ConfigUse.reset_config_loader!
       begin
         ex.run
       ensure
@@ -68,8 +68,51 @@ describe "knife config use-profile", :workstation do
     end
 
     context "with no argument" do
-      subject { knife_use_profile.stderr }
-      it { is_expected.to eq "FATAL: You must specify a profile\n" }
+      context "with no configuration" do
+        it { is_expected.to eq "default\n" }
+      end
+
+      context "with --profile" do
+        let(:cmd_args) { %w{--profile production} }
+        it { is_expected.to eq "production\n" }
+      end
+
+      context "with an environment variable" do
+        around do |ex|
+          old_chef_profile = ENV["CHEF_PROFILE"]
+          begin
+            ENV["CHEF_PROFILE"] = "staging"
+            ex.run
+          ensure
+            ENV["CHEF_PROFILE"] = old_chef_profile
+          end
+        end
+
+        it { is_expected.to eq "staging\n" }
+      end
+
+      context "with a context file" do
+        before { file(".chef/context", "development\n") }
+        it { is_expected.to eq "development\n" }
+      end
+
+      context "with a context file under $CHEF_HOME" do
+        before do
+          file("chefhome/.chef/context", "other\n")
+          ENV["CHEF_HOME"] = path_to("chefhome")
+        end
+
+        it { is_expected.to eq "other\n" }
+      end
+
+      context "with a context file under $KNIFE_HOME" do
+        before do
+          file("knifehome/.chef/context", "other\n")
+          ENV["KNIFE_HOME"] = path_to("knifehome")
+        end
+
+        it { is_expected.to eq "other\n" }
+      end
     end
 
     context "with an argument" do
@@ -88,14 +131,14 @@ describe "knife config use-profile", :workstation do
 
     context "with no credentials file" do
       let(:cmd_args) { %w{production} }
-      subject { knife_use_profile.stderr }
+      subject { knife_use.stderr }
       it { is_expected.to eq "FATAL: No profiles found, #{path_to(".chef/credentials")} does not exist or is empty\n" }
     end
 
     context "with an empty credentials file" do
       let(:cmd_args) { %w{production} }
       before { file(".chef/credentials", "") }
-      subject { knife_use_profile.stderr }
+      subject { knife_use.stderr }
       it { is_expected.to eq "FATAL: No profiles found, #{path_to(".chef/credentials")} does not exist or is empty\n" }
     end
 
@@ -107,7 +150,7 @@ describe "knife config use-profile", :workstation do
         client_key = "testkey.pem"
         chef_server_url = "https://example.com/organizations/testorg"
       EOH
-      subject { knife_use_profile }
+      subject { knife_use }
       it { expect { subject }.to raise_error ChefConfig::ConfigurationError, "Profile staging doesn't exist. Please add it to #{path_to(".chef/credentials")} and if it is profile with DNS name check that you are not missing single quotes around it as per docs https://docs.chef.io/workstation/knife_setup/#knife-profiles." }
     end
 

data/spec/integration/knife/cookbook_api_ipv6_spec.rb

@@ -62,7 +62,7 @@ describe "Knife cookbook API integration with IPv6", :workstation, :not_supporte
       Dir.mktmpdir
     end
 
-    let(:chef_dir) { File.join(File.dirname(__FILE__), "..", "..", "..", "bin") }
+    let(:chef_dir) { File.join(__dir__, "..", "..", "..", "bin") }
     let(:knife) { "ruby '#{chef_dir}/knife'" }
 
     let(:knife_config_flag) { "-c '#{path_to("config/knife.rb")}'" }

data/spec/integration/ohai/ohai_spec.rb

@@ -0,0 +1,61 @@
+require "spec_helper"
+require "chef/mixin/shell_out"
+require "benchmark" unless defined?(Benchmark)
+
+describe "ohai" do
+  include Chef::Mixin::ShellOut
+
+  let(:ohai) { "bundle exec ohai" }
+
+  describe "testing ohai performance" do
+    # The purpose of this test is to generally find misconfigured DNS on
+    # CI testers.  If this fails, it is probably because the forward+reverse
+    # DNS lookup that node[:hostname] needs is timing out and failing.
+    #
+    # If it is failing spuriously, it may mean DNS is failing spuriously, the
+    # best solution will be to make sure that `hostname -f`-like behavior hits
+    # /etc/hosts and not DNS.
+    #
+    # If it still fails supriously, it is possible that the server has high
+    # CPU load (e.g. due to background processes) which are contending with the
+    # running tests (disable the screensaver on servers, stop playing Fortnite
+    # while you're running tests, etc).
+    #
+    # If this just fails due to I/O being very slow and ruby being very slow to
+    # startup then that still indicates that the tester configuration needs
+    # fixing.  The fact that this will fail on a windows box on a virt that doesn't
+    # use an SSD is because we have a higher bar for the tests to run successfully
+    # and that configuration is broken, so this test is red for a reason.
+    #
+    # This will probably fail on raspberry pi's or something like that as well.  That
+    # is not a bug.  We will never accept a raspberry pi as a CI tester for our
+    # software.  Feel free to manually delete and thereby skip this file in your
+    # own testing harness, but that is not our concern, we are testing behavior
+    # that is critical to our infrastructure and must run in our tests.
+    #
+    # XXX: unfortunately this is so slow on our windows testers (~9 seconds on one
+    # tester) that we can't enable it for windows unless we get some better perf there.
+    #
+    it "the hostname plugin must return in under 4 seconds (see comments in code)" do
+      # unfortunately this doesn't look stable enough to enable
+      skip "we need to do more performance work on windows and s390x testers before this can be enabled"
+      delta = Benchmark.realtime do
+        shell_out!("#{ohai} hostname")
+      end
+      expect(delta).to be < 4
+    end
+
+    # The purpose of this is to give some indication of if shell_out is slow or
+    # if the hostname plugin itself is slow.  If this test is also failing that we
+    # almost certainly have some kind of issue with DNS timeouts, etc.  If this
+    # test succeeds and the other one fails, then it can be some kind of shelling-out
+    # issue or poor performance due to I/O on starting up ruby to run ohai, etc.
+    #
+    it "the hostname plugin must return in under 2 seconds when called from pure ruby" do
+      delta = Benchmark.realtime do
+        Ohai::System.new.all_plugins(["hostname"])
+      end
+      expect(delta).to be < 2
+    end
+  end
+end

data/spec/integration/recipes/remote_directory.rb

@@ -5,7 +5,7 @@ describe Chef::Resource::RemoteDirectory do
   include Chef::Mixin::ShellOut
 
   # Until Cheffish::RSpec has cookbook support, we have to run the whole client
-  let(:chef_dir) { File.join(File.dirname(__FILE__), "..", "..", "..", "bin") }
+  let(:chef_dir) { File.join(__dir__, "..", "..", "..", "bin") }
 
   # Invoke `chef-client` as `ruby PATH/TO/chef-client`. This ensures the
   # following constraints are satisfied:

data/spec/integration/solo/solo_spec.rb

@@ -5,20 +5,20 @@ require "chef/run_lock"
 require "chef/config"
 require "timeout"
 require "fileutils"
+require "chef-utils"
 require "chef/win32/security" if ChefUtils.windows?
-require "chef/dist"
 
-describe Chef::Dist::SOLOEXEC do
+describe ChefUtils::Dist::Solo::EXEC do
   include IntegrationSupport
   include Chef::Mixin::ShellOut
 
-  let(:chef_dir) { File.join(File.dirname(__FILE__), "..", "..", "..") }
+  let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
 
   let(:cookbook_x_100_metadata_rb) { cb_metadata("x", "1.0.0") }
 
   let(:cookbook_ancient_100_metadata_rb) { cb_metadata("ancient", "1.0.0") }
 
-  let(:chef_solo) { "bundle exec #{Chef::Dist::SOLOEXEC} --legacy-mode --minimal-ohai" }
+  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
 
   when_the_repository "creates nodes" do
     let(:nodes_dir) { File.join(@repository_dir, "nodes") }
@@ -183,7 +183,7 @@ describe Chef::Dist::SOLOEXEC do
       # run_lock gets stuck we can discover it.
       expect do
         Timeout.timeout(120) do
-          chef_dir = File.join(File.dirname(__FILE__), "..", "..", "..")
+          chef_dir = File.join(__dir__, "..", "..", "..")
 
           threads = []
 

data/spec/spec_helper.rb

@@ -141,9 +141,10 @@ RSpec.configure do |config|
 
   config.filter_run_excluding windows_only: true unless windows?
   config.filter_run_excluding not_supported_on_windows: true if windows?
-  config.filter_run_excluding not_supported_on_macos: true if mac_osx?
-  config.filter_run_excluding macos_only: true unless mac_osx?
-  config.filter_run_excluding macos_1014: true unless mac_osx_1014?
+  config.filter_run_excluding not_supported_on_macos: true if macos?
+  config.filter_run_excluding macos_only: true unless macos?
+  config.filter_run_excluding macos_1013: true unless macos_1013?
+  config.filter_run_excluding macos_gte_1014: true unless macos_gte_1014?
   config.filter_run_excluding not_supported_on_aix: true if aix?
   config.filter_run_excluding not_supported_on_solaris: true if solaris?
   config.filter_run_excluding not_supported_on_gce: true if gce?
@@ -242,6 +243,8 @@ RSpec.configure do |config|
 
     Chef::Log.setup!
 
+    Chef::ServerAPIVersions.instance.reset!
+
     Chef::Config[:log_level] = :fatal
     Chef::Log.level(Chef::Config[:log_level])
 

data/spec/stress/win32/file_spec.rb

@@ -21,7 +21,7 @@ require "chef/win32/file" if windows?
 
 describe "Chef::ReservedNames::Win32::File", :windows_only do
   before(:each) do
-    @path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "data", "old_home_dir", "my-dot-emacs"))
+    @path = File.expand_path(File.join(__dir__, "..", "..", "data", "old_home_dir", "my-dot-emacs"))
   end
 
   it "should not leak significant memory", :volatile do

data/spec/support/chef_helpers.rb

@@ -14,8 +14,8 @@
 # limitations under the License.
 #
 
-CHEF_SPEC_DATA = File.expand_path(File.dirname(__FILE__) + "/../data/")
-CHEF_SPEC_ASSETS = File.expand_path(File.dirname(__FILE__) + "/../functional/assets/")
+CHEF_SPEC_DATA = File.expand_path(__dir__ + "/../data/")
+CHEF_SPEC_ASSETS = File.expand_path(__dir__ + "/../functional/assets/")
 CHEF_SPEC_BACKUP_PATH = File.join(Dir.tmpdir, "test-backup-path")
 
 def sha256_checksum(path)

data/spec/support/matchers/leak.rb

@@ -61,10 +61,10 @@ module Matchers
     def profiler
       @profiler ||= begin
         if ChefUtils.windows?
-          require File.join(File.dirname(__FILE__), "..", "platforms", "prof", "win32")
+          require File.join(__dir__, "..", "platforms", "prof", "win32")
           RSpec::Prof::Win32::Profiler.new
         else
-          require File.join(File.dirname(__FILE__), "..", "prof", "gc")
+          require File.join(__dir__, "..", "prof", "gc")
           RSpec::Prof::GC::Profiler.new
         end
       end

data/spec/support/platform_helpers.rb

@@ -3,7 +3,6 @@ require "chef/mixin/shell_out"
 require "ohai/mixin/http_helper"
 require "ohai/mixin/gce_metadata"
 require "chef/mixin/powershell_out"
-require "chef/version_class"
 
 class ShellHelpers
   extend Chef::Mixin::ShellOut
@@ -27,11 +26,11 @@ class DependencyProc < Proc
 end
 
 def ruby_64bit?
-  !!(RbConfig::CONFIG["host_cpu"] =~ /x86_64/)
+  RbConfig::CONFIG["host_cpu"].include?("x86_64")
 end
 
 def ruby_32bit?
-  !!(RbConfig::CONFIG["host_cpu"] =~ /i686/)
+  RbConfig::CONFIG["host_cpu"].include?("i686")
 end
 
 def windows?
@@ -58,17 +57,17 @@ end
 def windows_2012r2?
   return false unless windows?
 
-  (host_version && host_version.start_with?("6.3"))
+  (win32_os_version && win32_os_version.start_with?("6.3"))
 end
 
 def windows_gte_10?
   return false unless windows?
 
-  Gem::Requirement.new(">= 10").satisfied_by?(Gem::Version.new(host_version))
+  Gem::Requirement.new(">= 10").satisfied_by?(Gem::Version.new(win32_os_version))
 end
 
-def host_version
-  @host_version ||= begin
+def win32_os_version
+  @win32_os_version ||= begin
     wmi = WmiLite::Wmi.new
     host = wmi.first_of("Win32_OperatingSystem")
     host["version"]
@@ -95,26 +94,12 @@ def windows_user_right?(right)
   Chef::ReservedNames::Win32::Security.get_account_right(ENV["USERNAME"]).include?(right)
 end
 
-def mac_osx_1014?
-  if mac_osx?
-    ver = Chef::Version.new(ohai[:platform_version])
-    return ver.major == 10 && ver.minor == 14
-  end
-
-  false
+def macos_1013?
+  macos? && Gem::Requirement.new("~> 10.13.0").satisfied_by?(Gem::Version.new(ohai[:platform_version]))
 end
 
-def mac_osx?
-  if File.exist? "/usr/bin/sw_vers"
-    result = ShellHelpers.shell_out("/usr/bin/sw_vers")
-    result.stdout.each_line do |line|
-      if /^ProductName:\sMac OS X.*$/.match?(line)
-        return true
-      end
-    end
-  end
-
-  false
+def macos_gte_1014?
+  macos? && Gem::Requirement.new(">= 10.14").satisfied_by?(Gem::Version.new(ohai[:platform_version]))
 end
 
 # detects if the hardware is 64-bit (evaluates to true in "WOW64" mode in a 32-bit app on a 64-bit system)
@@ -127,26 +112,24 @@ def windows32?
   windows? && !windows64?
 end
 
-# def jruby?
-
 def unix?
   !windows?
 end
 
 def linux?
-  RUBY_PLATFORM.match?(/linux/)
+  RUBY_PLATFORM.include?("linux")
 end
 
 def macos?
-  RUBY_PLATFORM.match?(/darwin/)
+  RUBY_PLATFORM.include?("darwin")
 end
 
 def solaris?
-  RUBY_PLATFORM.match?(/solaris/)
+  RUBY_PLATFORM.include?("solaris")
 end
 
 def freebsd?
-  RUBY_PLATFORM.match?(/freebsd/)
+  RUBY_PLATFORM.include?("freebsd")
 end
 
 def intel_64bit?
@@ -182,7 +165,7 @@ def debian_family?
 end
 
 def aix?
-  RUBY_PLATFORM.match?(/aix/)
+  RUBY_PLATFORM.include?("aix")
 end
 
 def wpar?
@@ -216,8 +199,7 @@ def selinux_enabled?
 end
 
 def suse?
-  ::File.exist?("/etc/SuSE-release") ||
-    ( ::File.exist?("/etc/os-release") && /sles|suse/.match?(File.read("/etc/os-release")) )
+  !!(ohai[:platform_family] == "suse")
 end
 
 def root?

data/spec/support/shared/functional/securable_resource.rb

@@ -242,48 +242,100 @@ shared_examples_for "a securable resource with existing target" do
     include_context "use Windows permissions"
 
     describe "when setting owner" do
-      before do
-        resource.owner(SID.admin_account_name)
-        resource.run_action(:create)
-      end
+      context "with user name" do
+        before do
+          resource.owner(SID.admin_account_name)
+          resource.run_action(:create)
+        end
 
-      it "should set the owner" do
-        expect(descriptor.owner).to eq(SID.Administrator)
+        it "should set the owner" do
+          expect(descriptor.owner).to eq(SID.Administrator)
+        end
+
+        it "is marked as updated only if changes are made" do
+          expect(resource.updated_by_last_action?).to eq(expect_updated?)
+        end
       end
 
-      it "is marked as updated only if changes are made" do
-        expect(resource.updated_by_last_action?).to eq(expect_updated?)
+      context "with SID" do
+        before do
+          resource.owner(SID.Administrator.to_s)
+          resource.run_action(:create)
+        end
+
+        it "should set the owner" do
+          expect(descriptor.owner).to eq(SID.Administrator)
+        end
+
+        it "is marked as updated only if changes are made" do
+          expect(resource.updated_by_last_action?).to eq(expect_updated?)
+        end
       end
     end
 
     describe "when setting group" do
-      before do
-        resource.group("Administrators")
-        resource.run_action(:create)
-      end
+      context "with group name" do
+        before do
+          resource.group("Administrators")
+          resource.run_action(:create)
+        end
+
+        it "should set the group" do
+          expect(descriptor.group).to eq(SID.Administrators)
+        end
 
-      it "should set the group" do
-        expect(descriptor.group).to eq(SID.Administrators)
+        it "is marked as updated only if changes are made" do
+          expect(resource.updated_by_last_action?).to eq(expect_updated?)
+        end
       end
 
-      it "is marked as updated only if changes are made" do
-        expect(resource.updated_by_last_action?).to eq(expect_updated?)
+      context "with group SID" do
+        before do
+          resource.group(SID.Administrators.to_s)
+          resource.run_action(:create)
+        end
+
+        it "should set the group" do
+          expect(descriptor.group).to eq(SID.Administrators)
+        end
+
+        it "is marked as updated only if changes are made" do
+          expect(resource.updated_by_last_action?).to eq(expect_updated?)
+        end
       end
     end
 
     describe "when setting rights and deny_rights" do
-      before do
-        resource.deny_rights(:modify, "Guest")
-        resource.rights(:read, "Guest")
-        resource.run_action(:create)
-      end
+      context "with user name" do
+        before do
+          resource.deny_rights(:modify, "Guest")
+          resource.rights(:read, "Guest")
+          resource.run_action(:create)
+        end
 
-      it "should set the rights and deny_rights" do
-        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms) + allowed_acl(SID.Guest, expected_read_perms))
+        it "should set the rights and deny_rights" do
+          expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms) + allowed_acl(SID.Guest, expected_read_perms))
+        end
+
+        it "is marked as updated only if changes are made" do
+          expect(resource.updated_by_last_action?).to eq(expect_updated?)
+        end
       end
 
-      it "is marked as updated only if changes are made" do
-        expect(resource.updated_by_last_action?).to eq(expect_updated?)
+      context "with SID" do
+        before do
+          resource.deny_rights(:modify, SID.Guest.to_s)
+          resource.rights(:read, SID.Guest.to_s)
+          resource.run_action(:create)
+        end
+
+        it "should set the rights and deny_rights" do
+          expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms) + allowed_acl(SID.Guest, expected_read_perms))
+        end
+
+        it "is marked as updated only if changes are made" do
+          expect(resource.updated_by_last_action?).to eq(expect_updated?)
+        end
       end
     end
   end
@@ -302,12 +354,18 @@ shared_examples_for "a securable resource without existing target" do
       expect(descriptor.owner).to eq(SID.default_security_object_owner)
     end
 
-    it "sets owner when owner is specified" do
+    it "sets owner when owner is specified by name" do
       resource.owner "Guest"
       resource.run_action(:create)
       expect(descriptor.owner).to eq(SID.Guest)
     end
 
+    it "sets owner when owner is specified by SID" do
+      resource.owner SID.Guest.to_s
+      resource.run_action(:create)
+      expect(descriptor.owner).to eq(SID.Guest)
+    end
+
     it "fails to set owner when owner has invalid characters" do
       expect { resource.owner 'Lance "The Nose" Glindenberry III' }.to raise_error(Chef::Exceptions::ValidationFailed)
     end
@@ -339,12 +397,18 @@ shared_examples_for "a securable resource without existing target" do
       expect(descriptor.group).to eq(SID.default_security_object_group)
     end
 
-    it "sets group when group is specified" do
+    it "sets group when group is specified by name" do
       resource.group "Everyone"
       resource.run_action(:create)
       expect(descriptor.group).to eq(SID.Everyone)
     end
 
+    it "sets group when group is specified by SID" do
+      resource.group SID.Everyone.to_s
+      resource.run_action(:create)
+      expect(descriptor.group).to eq(SID.Everyone)
+    end
+
     it "fails to set group when group has invalid characters" do
       expect { resource.group 'Lance "The Nose" Glindenberry III' }.to raise_error(Chef::Exceptions::ValidationFailed)
     end
@@ -406,6 +470,17 @@ shared_examples_for "a securable resource without existing target" do
             allowed_acl(SID.Guest, expected_modify_perms)
           )
         end
+
+        it "multiple rights with SID" do
+          resource.rights(:read, SID.Everyone.to_s)
+          resource.rights(:modify, SID.Guest.to_s)
+          resource.run_action(:create)
+
+          expect(explicit_aces).to eq(
+            allowed_acl(SID.Everyone, expected_read_perms) +
+            allowed_acl(SID.Guest, expected_modify_perms)
+          )
+        end
       end
     end
 
@@ -443,6 +518,12 @@ shared_examples_for "a securable resource without existing target" do
           expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_full_control_perms))
         end
 
+        it "using SID" do
+          resource.deny_rights(:full_control, SID.Guest.to_s)
+          resource.run_action(:create)
+          expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_full_control_perms))
+        end
+
         it "deny_rights ahead of rights" do
           resource.rights(:read, "Everyone")
           resource.deny_rights(:modify, "Guest")