chef 16.4.41 → 16.5.64

data/lib/chef/data_collector/config_validation.rb

@@ -16,6 +16,7 @@
 #
 
 require "uri" unless defined?(URI)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class DataCollector
@@ -46,14 +47,14 @@ class Chef
           return unless output_locations
 
           # but deliberately setting an empty output_location we consider to be an error (XXX: but should we?)
-          if output_locations.empty?
+          unless valid_hash_with_keys?(output_locations, :urls, :files)
             raise Chef::Exceptions::ConfigurationError,
               "Chef::Config[:data_collector][:output_locations] is empty. Please supply an hash of valid URLs and / or local file paths."
           end
 
           # loop through all the types and locations and validate each one-by-one
           output_locations.each do |type, locations|
-            locations.each do |location|
+            Array(locations).each do |location|
               validate_url!(location) if type == :urls
               validate_file!(location) if type == :files
             end
@@ -86,15 +87,20 @@ class Chef
             false
           when running_mode == :client && Chef::Config[:data_collector][:token]
             Chef::Log.warn("Data collector token authentication is not recommended for client-server mode. " \
-                           "Please upgrade #{Chef::Dist::SERVER_PRODUCT} to 12.11 or later and remove the token from your config file " \
+                           "Please upgrade #{ChefUtils::Dist::Server::PRODUCT} to 12.11 or later and remove the token from your config file " \
                            "to use key based authentication instead")
             true
-          when Chef::Config[:data_collector][:output_locations] && Chef::Config[:data_collector][:output_locations][:files] && !Chef::Config[:data_collector][:output_locations][:files].empty?
+          when Chef::Config[:data_collector][:output_locations] && !valid_hash_with_keys?(Chef::Config[:data_collector][:output_locations], :urls)
             # we can run fine to a file without a token, even in solo mode.
+            unless valid_hash_with_keys?(Chef::Config[:data_collector][:output_locations], :files)
+              raise Chef::Exceptions::ConfigurationError,
+                "Chef::Config[:data_collector][:output_locations] is empty. Please supply an hash of valid URLs and / or local file paths."
+            end
+
             true
           when running_mode == :solo && !Chef::Config[:data_collector][:token]
             # we are in solo mode and are not logging to a file, so must have a token
-            Chef::Log.trace("Data collector token must be configured to use #{Chef::Dist::AUTOMATE} data collector with #{Chef::Dist::SOLO}")
+            Chef::Log.trace("Data collector token must be configured to use #{ChefUtils::Dist::Automate::PRODUCT} data collector with #{ChefUtils::Dist::Solo::PRODUCT}")
             false
           else
             true
@@ -105,16 +111,10 @@ class Chef
 
         # validate an output_location file
         def validate_file!(file)
-          open(file, "a") {}
-        rescue Errno::ENOENT
+          return true if Chef::Config.path_accessible?(File.expand_path(file))
+
           raise Chef::Exceptions::ConfigurationError,
             "Chef::Config[:data_collector][:output_locations][:files] contains the location #{file}, which is a non existent file path."
-        rescue Errno::EACCES
-          raise Chef::Exceptions::ConfigurationError,
-            "Chef::Config[:data_collector][:output_locations][:files] contains the location #{file}, which cannot be written to by Chef."
-        rescue Exception => e
-          raise Chef::Exceptions::ConfigurationError,
-            "Chef::Config[:data_collector][:output_locations][:files] contains the location #{file}, which is invalid: #{e.message}."
         end
 
         # validate an output_location url
@@ -125,6 +125,15 @@ class Chef
             "Chef::Config[:data_collector][:output_locations][:urls] contains the url #{url} which is not valid."
         end
 
+        # Validate the hash contains at least one of the given keys.
+        #
+        # @param hash [Hash] the hash to be validated.
+        # @param keys [Array] an array of keys to check existence of in the hash.
+        # @return [Boolean] true if the hash contains any of the given keys.
+        #
+        def valid_hash_with_keys?(hash, *keys)
+          hash.is_a?(Hash) && keys.any? { |k| hash.key?(k) }
+        end
       end
     end
   end

data/lib/chef/data_collector/run_end_message.rb

@@ -60,8 +60,8 @@ class Chef
             "cookbooks" => ( node && node["cookbooks"] ) || {},
             "policy_name" => node&.policy_name,
             "policy_group" => node&.policy_group,
-            "start_time" => run_status.start_time.utc.iso8601,
-            "end_time" => run_status.end_time.utc.iso8601,
+            "start_time" => run_status&.start_time&.utc&.iso8601,
+            "end_time" => run_status&.end_time&.utc&.iso8601,
             "source" => solo_run? ? "chef_solo" : "chef_client",
             "status" => status,
             "total_resource_count" => all_action_records(action_collection).count,

data/lib/chef/data_collector/run_start_message.rb

@@ -51,7 +51,7 @@ class Chef
             "organization_name" => organization,
             "run_id" => run_status&.run_id,
             "source" => solo_run? ? "chef_solo" : "chef_client",
-            "start_time" => run_status.start_time.utc.iso8601,
+            "start_time" => run_status&.start_time&.utc&.iso8601,
           }
         end
       end

data/lib/chef/deprecated.rb

@@ -113,7 +113,7 @@ class Chef
         # @return [void]
         def target(id, page = nil)
           @deprecation_id = id
-          @doc_page = page || "#{deprecation_key}"
+          @doc_page = page || deprecation_key.to_s
         end
       end
     end

data/lib/chef/deprecation/warnings.rb

@@ -21,12 +21,12 @@ class Chef
     module Warnings
 
       require_relative "../version"
-      require_relative "../dist"
+      require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
       def add_deprecation_warnings_for(method_names)
         method_names.each do |name|
           define_method(name) do |*args|
-            message = "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in #{Chef::Dist::PRODUCT} #{Chef::VERSION.to_i.next}."
+            message = "Method '#{name}' of '#{self.class}' is deprecated. It will be removed in #{ChefUtils::Dist::Infra::PRODUCT} #{Chef::VERSION.to_i.next}."
             message << " Please update your cookbooks accordingly."
             Chef.deprecated(:internal_api, message)
             super(*args)

data/lib/chef/digester.rb

@@ -18,8 +18,8 @@
 # limitations under the License.
 #
 
-require "openssl" unless defined?(OpenSSL)
-require "digest" unless defined?(Digest)
+autoload :OpenSSL, "openssl"
+autoload :Digest, "digest"
 require "singleton" unless defined?(Singleton)
 
 class Chef

data/lib/chef/dsl/chef_vault.rb

@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require "chef-vault"
+autoload :ChefVault, "chef-vault"
 require_relative "data_query"
 
 class Chef

data/lib/chef/dsl/data_query.rb

@@ -17,8 +17,8 @@
 #
 
 require_relative "../search/query"
-require_relative "../data_bag"
-require_relative "../data_bag_item"
+Chef.autoload :DataBag, File.expand_path("../data_bag", __dir__)
+Chef.autoload :DataBagItem, File.expand_path("../data_bag_item", __dir__)
 require_relative "../encrypted_data_bag_item"
 require_relative "../encrypted_data_bag_item/check_encrypted"
 

data/lib/chef/dsl/platform_introspection.rb

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-require "chef-utils" unless defined?(ChefUtils::CANARY)
+autoload :ChefUtils, "chef-utils"
 require_relative "../mixin/chef_utils_wiring" unless defined?(Chef::Mixin::ChefUtilsWiring)
 
 class Chef

data/lib/chef/encrypted_data_bag_item.rb

@@ -17,11 +17,9 @@
 #
 
 require_relative "config"
-require_relative "data_bag_item"
+Chef.autoload :DataBagItem, File.expand_path("data_bag_item", __dir__)
 require_relative "encrypted_data_bag_item/decryptor"
 require_relative "encrypted_data_bag_item/encryptor"
-require_relative "dist"
-require "open-uri"
 
 # An EncryptedDataBagItem represents a read-only data bag item where
 # all values, except for the value associated with the id key, have
@@ -129,9 +127,10 @@ class Chef::EncryptedDataBagItem
   end
 
   def self.load_secret(path = nil)
+    require "open-uri" unless defined?(OpenURI)
     path ||= Chef::Config[:encrypted_data_bag_secret]
     unless path
-      raise ArgumentError, "No secret specified and no secret found at #{Chef::Config.platform_specific_path(Chef::Dist::CONF_DIR + "/encrypted_data_bag_secret")}"
+      raise ArgumentError, "No secret specified and no secret found at #{Chef::Config.platform_specific_path(ChefConfig::Config.etc_chef_dir) + "/encrypted_data_bag_secret"}"
     end
 
     secret = case path

data/lib/chef/encrypted_data_bag_item/decryptor.rb

@@ -16,10 +16,10 @@
 # limitations under the License.
 #
 
-require "yaml" unless defined?(YAML)
+autoload :YAML, "yaml"
 require_relative "../json_compat"
-require "openssl" unless defined?(OpenSSL)
-require "base64"
+autoload :OpenSSL, "openssl"
+autoload :Base64, "base64"
 require "digest/sha2" unless defined?(Digest::SHA2)
 require_relative "../encrypted_data_bag_item"
 require_relative "unsupported_encrypted_data_bag_item_format"

data/lib/chef/encrypted_data_bag_item/encryptor.rb

@@ -16,10 +16,10 @@
 # limitations under the License.
 #
 
-require "base64"
+autoload :Base64, "base64"
 require "digest/sha2" unless defined?(Digest::SHA2)
-require "openssl" unless defined?(OpenSSL)
-require "ffi_yajl" unless defined?(FFI_Yajl)
+autoload :OpenSSL, "openssl"
+autoload :FFI_Yajl, "ffi_yajl"
 require_relative "../encrypted_data_bag_item"
 require_relative "unsupported_encrypted_data_bag_item_format"
 require_relative "encryption_failure"

data/lib/chef/environment.rb

@@ -25,7 +25,7 @@ require_relative "mixin/params_validate"
 require_relative "mixin/from_file"
 require_relative "version_constraint"
 require_relative "server_api"
-require_relative "dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Environment
@@ -308,7 +308,7 @@ class Chef
     def self.validate_cookbook_version(version)
       if Chef::Config[:solo_legacy_mode]
         raise Chef::Exceptions::IllegalVersionConstraint,
-          "Environment cookbook version constraints not allowed in #{Chef::Dist::SOLO}"
+          "Environment cookbook version constraints not allowed in #{ChefUtils::Dist::Solo::PRODUCT}"
       else
         Chef::VersionConstraint.new version
         true

data/lib/chef/event_loggers/windows_eventlog.rb

@@ -19,7 +19,7 @@
 require_relative "base"
 require_relative "../platform/query_helpers"
 require_relative "../win32/eventlog"
-require_relative "../dist"
+require "chef-utils" unless defined?(ChefUtils)
 
 class Chef
   module EventLoggers
@@ -36,7 +36,7 @@ class Chef
       LOG_CATEGORY_ID = 11001
 
       # Since we must install the event logger, this is not really configurable
-      SOURCE = Chef::Dist::SHORT.freeze
+      SOURCE = ChefUtils::Dist::Infra::SHORT.freeze
 
       def self.available?
         ChefUtils.windows?

data/lib/chef/exceptions.rb

@@ -18,7 +18,7 @@
 # limitations under the License.
 
 require "chef-config/exceptions"
-require_relative "dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require_relative "constants"
 
 class Chef
@@ -301,7 +301,7 @@ class Chef
 
       def client_run_failure(exception)
         set_backtrace(exception.backtrace)
-        @all_failures << [ "#{Chef::Dist::PRODUCT} run", exception ]
+        @all_failures << [ "#{ChefUtils::Dist::Infra::PRODUCT} run", exception ]
       end
 
       def notification_failure(exception)
@@ -402,7 +402,7 @@ class Chef
       def initialize(response_length, content_length)
         super <<~EOF
           Response body length #{response_length} does not match HTTP Content-Length header #{content_length}.
-          This error is most often caused by network issues (proxies, etc) outside of #{Chef::Dist::CLIENT}.
+          This error is most often caused by network issues (proxies, etc) outside of #{ChefUtils::Dist::Infra::CLIENT}.
         EOF
       end
     end
@@ -477,7 +477,7 @@ class Chef
     class CookbookChefVersionMismatch < RuntimeError
       def initialize(chef_version, cookbook_name, cookbook_version, *constraints)
         constraint_str = constraints.map { |c| c.requirement.as_list.to_s }.join(", ")
-        super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on #{Chef::Dist::PRODUCT} version #{constraint_str}, but the running #{Chef::Dist::PRODUCT} version is #{chef_version}"
+        super "Cookbook '#{cookbook_name}' version '#{cookbook_version}' depends on #{ChefUtils::Dist::Infra::PRODUCT} version #{constraint_str}, but the running #{ChefUtils::Dist::Infra::PRODUCT} version is #{chef_version}"
       end
     end
 

data/lib/chef/file_access_control/windows.rb

@@ -112,7 +112,11 @@ class Chef
 
       def get_sid(value)
         if value.is_a?(String)
-          SID.from_account(value)
+          begin
+            Security.convert_string_sid_to_sid(value)
+          rescue Chef::Exceptions::Win32APIError
+            SID.from_account(value)
+          end
         elsif value.is_a?(SID)
           value
         else

data/lib/chef/formatters/doc.rb

@@ -1,6 +1,6 @@
 require_relative "base"
 require_relative "../config"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   module Formatters
@@ -41,7 +41,8 @@ class Chef
       end
 
       def run_start(version, run_status)
-        puts_line "Starting #{Chef::Dist::PRODUCT}, version #{version}"
+        puts_line "Starting #{ChefUtils::Dist::Infra::PRODUCT}, version #{version}"
+        puts_line "Patents: #{ChefUtils::Dist::Org::PATENTS}"
         puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode?
         puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips]
       end
@@ -77,18 +78,18 @@ class Chef
           puts_line ""
         end
         if Chef::Config[:why_run]
-          puts_line "#{Chef::Dist::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources would have been updated"
+          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources would have been updated"
         else
-          puts_line "#{Chef::Dist::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources updated in #{pretty_elapsed_time}"
+          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources updated in #{pretty_elapsed_time}"
         end
       end
 
       def run_failed(exception)
         @end_time = Time.now
         if Chef::Config[:why_run]
-          puts_line "#{Chef::Dist::PRODUCT} failed. #{@updated_resources} resources would have been updated"
+          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources} resources would have been updated"
         else
-          puts_line "#{Chef::Dist::PRODUCT} failed. #{@updated_resources} resources updated in #{pretty_elapsed_time}"
+          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources} resources updated in #{pretty_elapsed_time}"
         end
       end
 

data/lib/chef/formatters/error_inspectors/api_error_formatting.rb

@@ -17,7 +17,8 @@
 #
 
 require_relative "../../http/authenticator"
-require_relative "../../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+require "timeout" unless defined?(Timeout)
 
 class Chef
   module Formatters
@@ -40,7 +41,7 @@ class Chef
       def describe_eof_error(error_description)
         error_description.section("Authentication Error:", <<~E)
           Received an EOF on transport socket.  This almost always indicates a network
-          error external to #{Chef::Dist::CLIENT}.  Some causes include:
+          error external to #{ChefUtils::Dist::Infra::CLIENT}.  Some causes include:
 
             - Blocking ICMP Dest Unreachable (breaking Path MTU Discovery)
             - IPsec or VPN tunnelling / TCP Encapsulation MTU issues
@@ -114,8 +115,8 @@ class Chef
           error_description.section("Incompatible server API version:", <<~E)
             This version of the API that this request specified is not supported by the server you sent this request to.
             The server supports a min API version of #{min_server_version} and a max API version of #{max_server_version}.
-            #{Chef::Dist::PRODUCT} just made a request with an API version of #{client_api_version}.
-            Please either update your #{Chef::Dist::PRODUCT} or the server to be a compatible set.
+            #{ChefUtils::Dist::Infra::PRODUCT} just made a request with an API version of #{client_api_version}.
+            Please either update your #{ChefUtils::Dist::Infra::PRODUCT} or the server to be a compatible set.
           E
         else
           describe_http_error(error_description)
@@ -130,7 +131,7 @@ class Chef
       end
 
       def describe_503_error(error_description)
-        error_description.section("Server Unavailable", "The #{Chef::Dist::SERVER_PRODUCT} is temporarily unavailable")
+        error_description.section("Server Unavailable", "The #{ChefUtils::Dist::Server::PRODUCT} is temporarily unavailable")
         error_description.section("Server Response:", format_rest_error)
       end
 

data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb

@@ -17,7 +17,7 @@
 #
 
 require_relative "api_error_formatting"
-require_relative "../../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   module Formatters
@@ -46,7 +46,7 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::PRODUCT}.
+              readable by #{ChefUtils::Dist::Infra::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               client_key        "#{api_key}"
@@ -99,7 +99,7 @@ class Chef
         # redirect.
         def describe_404_error(error_description)
           error_description.section("Resource Not Found:", <<~E)
-            The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
+            The #{ChefUtils::Dist::Server::PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
           E
           error_description.section("Relevant Config Settings:", <<~E)
             chef_server_url "#{server_url}"

data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb

@@ -1,4 +1,4 @@
-require_relative "../../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   module Formatters
@@ -28,7 +28,7 @@ class Chef
             humanize_http_exception(error_description)
           when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
             error_description.section("Network Error:", <<~E)
-              There was a network error connecting to the #{Chef::Dist::SERVER_PRODUCT}:
+              There was a network error connecting to the #{ChefUtils::Dist::Server::PRODUCT}:
               #{exception.message}
             E
             error_description.section("Relevant Config Settings:", <<~E)
@@ -39,14 +39,14 @@ class Chef
           when Chef::Exceptions::PrivateKeyMissing
             error_description.section("Private Key Not Found:", <<~E)
               Your private key could not be loaded. If the key file exists, ensure that it is
-              readable by #{Chef::Dist::PRODUCT}.
+              readable by #{ChefUtils::Dist::Infra::PRODUCT}.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               validation_key "#{api_key}"
             E
           when Chef::Exceptions::InvalidRedirect
             error_description.section("Invalid Redirect:", <<~E)
-              Change your #{Chef::Dist::SERVER_PRODUCT} location in client.rb to the #{Chef::Dist::SERVER_PRODUCT}'s FQDN to avoid unwanted redirections.
+              Change your #{ChefUtils::Dist::Server::PRODUCT} location in client.rb to the #{ChefUtils::Dist::Server::PRODUCT}'s FQDN to avoid unwanted redirections.
             E
           when EOFError
             describe_eof_error(error_description)
@@ -61,13 +61,13 @@ class Chef
           when Net::HTTPUnauthorized
             if clock_skew?
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
+                Failed to authenticate to the #{ChefUtils::Dist::Server::PRODUCT} (http 401).
                 The request failed because your clock has drifted by more than 15 minutes.
                 Syncing your clock to an NTP Time source should resolve the issue.
               E
             else
               error_description.section("Authentication Error:", <<~E)
-                Failed to authenticate to the #{Chef::Dist::SERVER_PRODUCT} (http 401).
+                Failed to authenticate to the #{ChefUtils::Dist::Server::PRODUCT} (http 401).
               E
 
               error_description.section("Server Response:", format_rest_error)
@@ -81,7 +81,7 @@ class Chef
             end
           when Net::HTTPForbidden
             error_description.section("Authorization Error:", <<~E)
-              Your validation client is not authorized to create the client for this node on the #{Chef::Dist::SERVER_PRODUCT} (HTTP 403).
+              Your validation client is not authorized to create the client for this node on the #{ChefUtils::Dist::Server::PRODUCT} (HTTP 403).
             E
             error_description.section("Possible Causes:", <<~E)
               * There may already be a client named "#{config[:node_name]}"
@@ -94,7 +94,7 @@ class Chef
             error_description.section("Server Response:", format_rest_error)
           when Net::HTTPNotFound
             error_description.section("Resource Not Found:", <<~E)
-              The #{Chef::Dist::SERVER_PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url configuration is incorrect.
+              The #{ChefUtils::Dist::Server::PRODUCT} returned a HTTP 404. This usually indicates that your chef_server_url configuration is incorrect.
             E
             error_description.section("Relevant Config Settings:", <<~E)
               chef_server_url "#{server_url}"
@@ -107,7 +107,7 @@ class Chef
             E
             error_description.section("Server Response:", format_rest_error)
           when Net::HTTPBadGateway, Net::HTTPServiceUnavailable
-            error_description.section("Server Unavailable", "The #{Chef::Dist::SERVER_PRODUCT} is temporarily unavailable")
+            error_description.section("Server Unavailable", "The #{ChefUtils::Dist::Server::PRODUCT} is temporarily unavailable")
             error_description.section("Server Response:", format_rest_error)
           else
             error_description.section("Unexpected API Request Failure:", format_rest_error)