chef 16.5.64 → 16.8.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (317) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -14
  3. data/README.md +1 -1
  4. data/Rakefile +21 -14
  5. data/chef-universal-mingw32.gemspec +1 -1
  6. data/chef.gemspec +3 -2
  7. data/lib/chef/application.rb +2 -2
  8. data/lib/chef/application/base.rb +1 -1
  9. data/lib/chef/application/client.rb +7 -2
  10. data/lib/chef/application/knife.rb +1 -1
  11. data/lib/chef/application/solo.rb +1 -1
  12. data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
  13. data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
  14. data/lib/chef/chef_fs/file_pattern.rb +1 -1
  15. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  16. data/lib/chef/client.rb +6 -32
  17. data/lib/chef/compliance/default_attributes.rb +89 -0
  18. data/lib/chef/compliance/fetcher/automate.rb +69 -0
  19. data/lib/chef/compliance/fetcher/chef_server.rb +134 -0
  20. data/lib/chef/compliance/reporter/automate.rb +202 -0
  21. data/lib/chef/compliance/reporter/chef_server_automate.rb +94 -0
  22. data/lib/chef/compliance/reporter/compliance_enforcer.rb +20 -0
  23. data/lib/chef/compliance/reporter/json_file.rb +19 -0
  24. data/lib/chef/compliance/runner.rb +261 -0
  25. data/lib/chef/cookbook/gem_installer.rb +1 -1
  26. data/lib/chef/cookbook_manifest.rb +2 -1
  27. data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
  28. data/lib/chef/cookbook_version.rb +2 -5
  29. data/lib/chef/data_collector.rb +1 -1
  30. data/lib/chef/encrypted_data_bag_item/assertions.rb +1 -1
  31. data/lib/chef/environment.rb +1 -1
  32. data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
  33. data/lib/chef/exceptions.rb +5 -1
  34. data/lib/chef/file_access_control/windows.rb +1 -4
  35. data/lib/chef/file_content_management/tempfile.rb +1 -1
  36. data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +2 -2
  37. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +5 -5
  38. data/lib/chef/formatters/indentable_output_stream.rb +2 -2
  39. data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +28 -39
  40. data/lib/chef/http.rb +2 -12
  41. data/lib/chef/http/basic_client.rb +1 -1
  42. data/lib/chef/http/http_request.rb +1 -1
  43. data/lib/chef/http/socketless_chef_zero_client.rb +1 -1
  44. data/lib/chef/http/ssl_policies.rb +6 -0
  45. data/lib/chef/json_compat.rb +2 -7
  46. data/lib/chef/key.rb +1 -1
  47. data/lib/chef/knife/bootstrap.rb +2 -1
  48. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +2 -2
  49. data/lib/chef/knife/bootstrap/train_connector.rb +1 -1
  50. data/lib/chef/knife/config_show.rb +1 -1
  51. data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
  52. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  53. data/lib/chef/knife/core/ui.rb +5 -2
  54. data/lib/chef/knife/core/windows_bootstrap_context.rb +7 -4
  55. data/lib/chef/knife/node_policy_set.rb +2 -2
  56. data/lib/chef/knife/node_run_list_add.rb +1 -1
  57. data/lib/chef/knife/node_run_list_remove.rb +1 -1
  58. data/lib/chef/knife/node_run_list_set.rb +1 -1
  59. data/lib/chef/knife/role_env_run_list_add.rb +1 -1
  60. data/lib/chef/knife/role_env_run_list_set.rb +1 -1
  61. data/lib/chef/knife/role_run_list_add.rb +1 -1
  62. data/lib/chef/knife/role_run_list_set.rb +1 -1
  63. data/lib/chef/knife/search.rb +0 -1
  64. data/lib/chef/knife/ssh.rb +5 -3
  65. data/lib/chef/knife/tag_create.rb +1 -1
  66. data/lib/chef/knife/tag_delete.rb +1 -1
  67. data/lib/chef/local_mode.rb +1 -1
  68. data/lib/chef/mixin/convert_to_class_name.rb +0 -56
  69. data/lib/chef/mixin/openssl_helper.rb +1 -1
  70. data/lib/chef/mixin/powershell_exec.rb +24 -10
  71. data/lib/chef/mixin/powershell_out.rb +12 -5
  72. data/lib/chef/mixin/properties.rb +2 -0
  73. data/lib/chef/mixin/template.rb +1 -1
  74. data/lib/chef/mixin/unformatter.rb +1 -1
  75. data/lib/chef/mixin/uris.rb +3 -1
  76. data/lib/chef/node/attribute_collections.rb +2 -6
  77. data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
  78. data/lib/chef/node_map.rb +2 -2
  79. data/lib/chef/platform/query_helpers.rb +4 -4
  80. data/lib/chef/policy_builder/dynamic.rb +2 -0
  81. data/lib/chef/powershell.rb +10 -4
  82. data/lib/chef/property.rb +1 -1
  83. data/lib/chef/provider.rb +1 -1
  84. data/lib/chef/provider/cron.rb +2 -13
  85. data/lib/chef/provider/dsc_resource.rb +12 -24
  86. data/lib/chef/provider/dsc_script.rb +16 -20
  87. data/lib/chef/provider/file.rb +1 -1
  88. data/lib/chef/provider/git.rb +5 -5
  89. data/lib/chef/provider/group.rb +14 -6
  90. data/lib/chef/provider/group/windows.rb +12 -1
  91. data/lib/chef/provider/ifconfig.rb +8 -8
  92. data/lib/chef/provider/ifconfig/debian.rb +38 -22
  93. data/lib/chef/provider/ifconfig/redhat.rb +54 -18
  94. data/lib/chef/provider/launchd.rb +1 -11
  95. data/lib/chef/provider/link.rb +0 -9
  96. data/lib/chef/provider/mount.rb +18 -1
  97. data/lib/chef/provider/mount/linux.rb +4 -0
  98. data/lib/chef/provider/mount/mount.rb +41 -43
  99. data/lib/chef/provider/package.rb +3 -0
  100. data/lib/chef/provider/package/apt.rb +1 -1
  101. data/lib/chef/provider/package/chocolatey.rb +6 -6
  102. data/lib/chef/provider/package/dpkg.rb +3 -12
  103. data/lib/chef/provider/package/freebsd/base.rb +3 -2
  104. data/lib/chef/provider/package/freebsd/pkgng.rb +1 -1
  105. data/lib/chef/provider/package/homebrew.rb +1 -1
  106. data/lib/chef/provider/package/ips.rb +1 -1
  107. data/lib/chef/provider/package/powershell.rb +2 -3
  108. data/lib/chef/provider/package/rubygems.rb +1 -1
  109. data/lib/chef/provider/package/snap.rb +1 -3
  110. data/lib/chef/provider/package/solaris.rb +0 -2
  111. data/lib/chef/provider/package/yum/rpm_utils.rb +1 -1
  112. data/lib/chef/provider/package/zypper.rb +98 -71
  113. data/lib/chef/provider/powershell_script.rb +12 -1
  114. data/lib/chef/provider/registry_key.rb +4 -3
  115. data/lib/chef/provider/route.rb +2 -2
  116. data/lib/chef/provider/service/debian.rb +2 -1
  117. data/lib/chef/provider/service/redhat.rb +1 -1
  118. data/lib/chef/provider/user.rb +17 -9
  119. data/lib/chef/provider/user/aix.rb +1 -1
  120. data/lib/chef/provider/user/dscl.rb +2 -2
  121. data/lib/chef/provider/user/mac.rb +14 -6
  122. data/lib/chef/provider/user/solaris.rb +1 -1
  123. data/lib/chef/provider/user/windows.rb +10 -3
  124. data/lib/chef/providers.rb +0 -3
  125. data/lib/chef/pwsh.rb +71 -0
  126. data/lib/chef/resource.rb +1 -1
  127. data/lib/chef/resource/apt_repository.rb +6 -5
  128. data/lib/chef/resource/bash.rb +119 -1
  129. data/lib/chef/resource/batch.rb +1 -1
  130. data/lib/chef/resource/breakpoint.rb +3 -1
  131. data/lib/chef/resource/build_essential.rb +5 -8
  132. data/lib/chef/resource/chef_client_config.rb +313 -0
  133. data/lib/chef/resource/chef_client_cron.rb +5 -5
  134. data/lib/chef/resource/chef_client_scheduled_task.rb +4 -4
  135. data/lib/chef/resource/chef_client_systemd_timer.rb +5 -5
  136. data/lib/chef/resource/chef_handler.rb +1 -0
  137. data/lib/chef/resource/chef_sleep.rb +1 -1
  138. data/lib/chef/resource/cron/_cron_shared.rb +1 -0
  139. data/lib/chef/resource/cron/cron_d.rb +2 -2
  140. data/lib/chef/resource/csh.rb +2 -2
  141. data/lib/chef/resource/dsc_script.rb +8 -1
  142. data/lib/chef/resource/execute.rb +6 -4
  143. data/lib/chef/resource/file.rb +2 -2
  144. data/lib/chef/resource/homebrew_update.rb +4 -1
  145. data/lib/chef/resource/hostname.rb +5 -5
  146. data/lib/chef/resource/ifconfig.rb +52 -5
  147. data/lib/chef/resource/kernel_module.rb +1 -1
  148. data/lib/chef/resource/ksh.rb +3 -3
  149. data/lib/chef/resource/launchd.rb +15 -15
  150. data/lib/chef/resource/lwrp_base.rb +3 -5
  151. data/lib/chef/resource/mount.rb +8 -2
  152. data/lib/chef/resource/perl.rb +2 -2
  153. data/lib/chef/resource/plist.rb +2 -6
  154. data/lib/chef/resource/powershell_package_source.rb +19 -18
  155. data/lib/chef/resource/powershell_script.rb +14 -11
  156. data/lib/chef/resource/python.rb +2 -2
  157. data/lib/chef/resource/registry_key.rb +93 -2
  158. data/lib/chef/resource/route.rb +1 -1
  159. data/lib/chef/resource/ruby.rb +2 -2
  160. data/lib/chef/resource/scm/_scm.rb +2 -1
  161. data/lib/chef/resource/scm/git.rb +82 -1
  162. data/lib/chef/resource/scm/subversion.rb +12 -0
  163. data/lib/chef/resource/script.rb +2 -2
  164. data/lib/chef/resource/solaris_package.rb +0 -2
  165. data/lib/chef/resource/sudo.rb +1 -1
  166. data/lib/chef/resource/support/client.erb +64 -0
  167. data/lib/chef/resource/systemd_unit.rb +42 -1
  168. data/lib/chef/resource/template.rb +2 -2
  169. data/lib/chef/resource/windows_ad_join.rb +9 -9
  170. data/lib/chef/resource/windows_audit_policy.rb +26 -24
  171. data/lib/chef/resource/windows_certificate.rb +13 -7
  172. data/lib/chef/resource/windows_dfs_server.rb +7 -4
  173. data/lib/chef/resource/windows_env.rb +173 -0
  174. data/lib/chef/resource/windows_feature.rb +2 -0
  175. data/lib/chef/resource/windows_firewall_profile.rb +7 -12
  176. data/lib/chef/resource/windows_firewall_rule.rb +9 -11
  177. data/lib/chef/resource/windows_font.rb +1 -1
  178. data/lib/chef/resource/windows_package.rb +1 -0
  179. data/lib/chef/resource/windows_path.rb +38 -0
  180. data/lib/chef/resource/windows_security_policy.rb +5 -5
  181. data/lib/chef/resource/windows_service.rb +108 -0
  182. data/lib/chef/resource/windows_share.rb +18 -18
  183. data/lib/chef/resource/windows_task.rb +629 -28
  184. data/lib/chef/resource/windows_workgroup.rb +6 -4
  185. data/lib/chef/resource/yum_repository.rb +1 -1
  186. data/lib/chef/resource_collection/resource_set.rb +2 -6
  187. data/lib/chef/resource_inspector.rb +77 -75
  188. data/lib/chef/resource_reporter.rb +0 -2
  189. data/lib/chef/resources.rb +1 -0
  190. data/lib/chef/run_lock.rb +2 -2
  191. data/lib/chef/search/query.rb +3 -1
  192. data/lib/chef/server_api.rb +0 -4
  193. data/lib/chef/shell/ext.rb +1 -1
  194. data/lib/chef/util/backup.rb +1 -1
  195. data/lib/chef/util/dsc/configuration_generator.rb +52 -11
  196. data/lib/chef/util/dsc/lcm_output_parser.rb +4 -7
  197. data/lib/chef/util/dsc/local_configuration_manager.rb +18 -15
  198. data/lib/chef/util/dsc/resource_store.rb +5 -11
  199. data/lib/chef/version.rb +1 -1
  200. data/lib/chef/win32/api/file.rb +4 -0
  201. data/lib/chef/win32/file.rb +1 -1
  202. data/lib/chef/win32/security/sid.rb +1 -1
  203. data/lib/chef/win32/unicode.rb +1 -1
  204. data/spec/functional/mixin/powershell_out_spec.rb +11 -3
  205. data/spec/functional/resource/apt_package_spec.rb +4 -6
  206. data/spec/functional/resource/chocolatey_package_spec.rb +3 -3
  207. data/spec/functional/resource/cron_spec.rb +3 -3
  208. data/spec/functional/resource/dsc_script_spec.rb +6 -9
  209. data/spec/functional/resource/mount_spec.rb +10 -2
  210. data/spec/functional/resource/powershell_package_source_spec.rb +107 -0
  211. data/spec/functional/resource/powershell_script_spec.rb +57 -14
  212. data/spec/functional/resource/windows_certificate_spec.rb +10 -6
  213. data/spec/functional/resource/windows_firewall_rule_spec.rb +93 -0
  214. data/spec/functional/resource/windows_package_spec.rb +36 -10
  215. data/spec/functional/resource/windows_share_spec.rb +103 -0
  216. data/spec/functional/resource/windows_task_spec.rb +2 -3
  217. data/spec/functional/resource/zypper_package_spec.rb +11 -0
  218. data/spec/integration/client/client_spec.rb +2 -1
  219. data/spec/integration/compliance/compliance_spec.rb +81 -0
  220. data/spec/integration/knife/client_key_create_spec.rb +1 -1
  221. data/spec/integration/knife/node_create_spec.rb +1 -1
  222. data/spec/integration/knife/node_environment_set_spec.rb +1 -1
  223. data/spec/integration/knife/node_run_list_add_spec.rb +4 -4
  224. data/spec/integration/knife/node_run_list_remove_spec.rb +1 -1
  225. data/spec/integration/knife/node_run_list_set_spec.rb +1 -1
  226. data/spec/integration/knife/node_show_spec.rb +1 -1
  227. data/spec/integration/recipes/notifies_spec.rb +1 -1
  228. data/spec/integration/recipes/provider_choice.rb +2 -2
  229. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -0
  230. data/spec/spec_helper.rb +3 -4
  231. data/spec/support/lib/chef/resource/cat.rb +1 -1
  232. data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -1
  233. data/spec/support/mock/platform.rb +24 -16
  234. data/spec/support/platform_helpers.rb +11 -4
  235. data/spec/support/shared/unit/knife_shared.rb +1 -1
  236. data/spec/support/shared/unit/script_resource.rb +4 -4
  237. data/spec/support/shared/unit/windows_script_resource.rb +1 -1
  238. data/spec/unit/chef_fs/config_spec.rb +1 -1
  239. data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
  240. data/spec/unit/client_spec.rb +17 -0
  241. data/spec/unit/compliance/fetcher/automate_spec.rb +134 -0
  242. data/spec/unit/compliance/fetcher/chef_server_spec.rb +93 -0
  243. data/spec/unit/compliance/reporter/automate_spec.rb +427 -0
  244. data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +177 -0
  245. data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +48 -0
  246. data/spec/unit/compliance/runner_spec.rb +140 -0
  247. data/spec/unit/data_collector_spec.rb +0 -4
  248. data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +11 -11
  249. data/spec/unit/http/ssl_policies_spec.rb +11 -0
  250. data/spec/unit/knife/client_create_spec.rb +2 -2
  251. data/spec/unit/knife/configure_client_spec.rb +5 -5
  252. data/spec/unit/knife/configure_spec.rb +3 -3
  253. data/spec/unit/knife/cookbook_delete_spec.rb +2 -2
  254. data/spec/unit/knife/cookbook_download_spec.rb +2 -2
  255. data/spec/unit/knife/cookbook_list_spec.rb +2 -2
  256. data/spec/unit/knife/cookbook_metadata_spec.rb +3 -3
  257. data/spec/unit/knife/core/node_editor_spec.rb +1 -1
  258. data/spec/unit/knife/environment_compare_spec.rb +3 -3
  259. data/spec/unit/knife/supermarket_download_spec.rb +8 -8
  260. data/spec/unit/knife/supermarket_list_spec.rb +3 -3
  261. data/spec/unit/knife/supermarket_search_spec.rb +1 -1
  262. data/spec/unit/knife/tag_create_spec.rb +1 -1
  263. data/spec/unit/knife/tag_delete_spec.rb +1 -1
  264. data/spec/unit/knife/user_create_spec.rb +1 -1
  265. data/spec/unit/mixin/powershell_exec_spec.rb +41 -4
  266. data/spec/unit/mixin/powershell_out_spec.rb +14 -0
  267. data/spec/unit/mixin/which.rb +1 -1
  268. data/spec/unit/platform/query_helpers_spec.rb +11 -12
  269. data/spec/unit/provider/dsc_resource_spec.rb +10 -27
  270. data/spec/unit/provider/dsc_script_spec.rb +1 -1
  271. data/spec/unit/provider/group/windows_spec.rb +6 -0
  272. data/spec/unit/provider/group_spec.rb +1 -1
  273. data/spec/unit/provider/mount/linux_spec.rb +10 -0
  274. data/spec/unit/provider/mount/mount_spec.rb +21 -10
  275. data/spec/unit/provider/mount/solaris_spec.rb +1 -1
  276. data/spec/unit/provider/mount/windows_spec.rb +1 -0
  277. data/spec/unit/provider/mount_spec.rb +31 -0
  278. data/spec/unit/provider/package/chocolatey_spec.rb +1 -2
  279. data/spec/unit/provider/package/powershell_spec.rb +87 -95
  280. data/spec/unit/provider/package/zypper_spec.rb +0 -25
  281. data/spec/unit/provider/package_spec.rb +2 -2
  282. data/spec/unit/provider/powershell_script_spec.rb +11 -0
  283. data/spec/unit/provider/subversion_spec.rb +0 -3
  284. data/spec/unit/provider/systemd_unit_spec.rb +1 -1
  285. data/spec/unit/provider/user_spec.rb +7 -1
  286. data/spec/unit/provider/windows_env_spec.rb +18 -34
  287. data/spec/unit/provider/windows_path_spec.rb +6 -11
  288. data/spec/unit/provider/windows_task_spec.rb +7 -6
  289. data/spec/unit/resource/breakpoint_spec.rb +1 -1
  290. data/spec/unit/resource/build_essential_spec.rb +0 -12
  291. data/spec/unit/resource/chef_client_config_spec.rb +137 -0
  292. data/spec/unit/resource/ifconfig_spec.rb +2 -10
  293. data/spec/unit/resource/mount_spec.rb +18 -5
  294. data/spec/unit/resource/powershell_package_source_spec.rb +20 -20
  295. data/spec/unit/resource/powershell_script_spec.rb +4 -74
  296. data/spec/unit/resource/service_spec.rb +2 -2
  297. data/spec/unit/resource/solaris_package_spec.rb +8 -10
  298. data/spec/unit/resource/windows_certificate_spec.rb +12 -0
  299. data/spec/unit/resource_inspector_spec.rb +3 -3
  300. data/spec/unit/shell_spec.rb +2 -2
  301. data/spec/unit/util/dsc/configuration_generator_spec.rb +79 -0
  302. data/spec/unit/util/dsc/local_configuration_manager_spec.rb +27 -35
  303. data/tasks/rspec.rb +1 -1
  304. metadata +47 -24
  305. data/lib/chef/monkey_patches/net_http.rb +0 -22
  306. data/lib/chef/provider/windows_env.rb +0 -210
  307. data/lib/chef/provider/windows_path.rb +0 -61
  308. data/lib/chef/provider/windows_task.rb +0 -631
  309. data/lib/chef/util/powershell/cmdlet.rb +0 -175
  310. data/lib/chef/util/powershell/cmdlet_result.rb +0 -61
  311. data/spec/functional/util/powershell/cmdlet_spec.rb +0 -111
  312. data/spec/support/mock/constant.rb +0 -52
  313. data/spec/unit/monkey_patches/uri_spec.rb +0 -34
  314. data/spec/unit/provider_resolver_spec.rb +0 -885
  315. data/spec/unit/resource/data/InstallHistory_with_CLT.plist +0 -92
  316. data/spec/unit/resource/data/InstallHistory_without_CLT.plist +0 -38
  317. data/spec/unit/util/powershell/cmdlet_spec.rb +0 -106
@@ -0,0 +1,20 @@
1
+ class Chef
2
+ module Compliance
3
+ module Reporter
4
+ class AuditEnforcer
5
+ class ControlFailure < StandardError; end
6
+
7
+ def send_report(report)
8
+ report.fetch(:profiles, []).each do |profile|
9
+ profile.fetch(:controls, []).each do |control|
10
+ control.fetch(:results, []).each do |result|
11
+ raise ControlFailure, "Audit #{control[:id]} has failed. Aborting #{ChefUtils::Dist::Infra::CLIENT} run." if result[:status] == "failed"
12
+ end
13
+ end
14
+ end
15
+ true
16
+ end
17
+ end
18
+ end
19
+ end
20
+ end
@@ -0,0 +1,19 @@
1
+ require_relative "../../json_compat"
2
+
3
+ class Chef
4
+ module Compliance
5
+ module Reporter
6
+ class JsonFile
7
+ def initialize(opts)
8
+ @path = opts.fetch(:file)
9
+ end
10
+
11
+ def send_report(report)
12
+ FileUtils.mkdir_p(File.dirname(@path), mode: 0700)
13
+
14
+ File.write(@path, Chef::JSONCompat.to_json(report))
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,261 @@
1
+ autoload :Inspec, "inspec"
2
+
3
+ require_relative "default_attributes"
4
+ require_relative "reporter/automate"
5
+ require_relative "reporter/chef_server_automate"
6
+ require_relative "reporter/compliance_enforcer"
7
+ require_relative "reporter/json_file"
8
+
9
+ class Chef
10
+ module Compliance
11
+ class Runner < EventDispatch::Base
12
+ extend Forwardable
13
+
14
+ attr_accessor :run_id, :recipes
15
+ attr_reader :node
16
+ def_delegators :node, :logger
17
+
18
+ def enabled?
19
+ audit_cookbook_present = recipes.include?("audit::default")
20
+
21
+ logger.info("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}")
22
+ logger.info("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
23
+
24
+ inspec_profiles.any? && !audit_cookbook_present
25
+ end
26
+
27
+ def node=(node)
28
+ @node = node
29
+ node.default["audit"] = Chef::Compliance::DEFAULT_ATTRIBUTES.merge(node.default["audit"])
30
+ end
31
+
32
+ def node_load_completed(node, _expanded_run_list, _config)
33
+ self.node = node
34
+ end
35
+
36
+ def run_started(run_status)
37
+ self.run_id = run_status.run_id
38
+ end
39
+
40
+ def run_list_expanded(run_list_expansion)
41
+ self.recipes = run_list_expansion.recipes
42
+ end
43
+
44
+ def run_completed(_node, _run_status)
45
+ return unless enabled?
46
+
47
+ logger.info("#{self.class}##{__method__}: enabling Compliance Phase")
48
+
49
+ report
50
+ end
51
+
52
+ def run_failed(_exception, _run_status)
53
+ return unless enabled?
54
+
55
+ logger.info("#{self.class}##{__method__}: enabling Compliance Phase")
56
+
57
+ report
58
+ end
59
+
60
+ ### Below code adapted from audit cookbook's files/default/handler/audit_report.rb
61
+
62
+ DEPRECATED_CONFIG_VALUES = %w{
63
+ attributes_save
64
+ chef_node_attribute_enabled
65
+ fail_if_not_present
66
+ inspec_gem_source
67
+ inspec_version
68
+ interval
69
+ owner
70
+ raise_if_unreachable
71
+ }.freeze
72
+
73
+ def warn_for_deprecated_config_values!
74
+ deprecated_config_values = (node["audit"].keys & DEPRECATED_CONFIG_VALUES)
75
+
76
+ if deprecated_config_values.any?
77
+ values = deprecated_config_values.sort.map { |v| "'#{v}'" }.join(", ")
78
+ logger.warn "audit cookbook config values #{values} are not supported in #{ChefUtils::Dist::Infra::PRODUCT}'s Compliance Phase."
79
+ end
80
+ end
81
+
82
+ def report(report = generate_report)
83
+ warn_for_deprecated_config_values!
84
+
85
+ if report.empty?
86
+ logger.error "Compliance report was not generated properly, skipped reporting"
87
+ return
88
+ end
89
+
90
+ Array(node["audit"]["reporter"]).each do |reporter|
91
+ send_report(reporter, report)
92
+ end
93
+ end
94
+
95
+ def inspec_opts
96
+ {
97
+ backend_cache: node["audit"]["inspec_backend_cache"],
98
+ inputs: node["audit"]["attributes"],
99
+ logger: logger,
100
+ output: node["audit"]["quiet"] ? ::File::NULL : STDOUT,
101
+ report: true,
102
+ reporter: ["json-automate"],
103
+ reporter_backtrace_inclusion: node["audit"]["result_include_backtrace"],
104
+ reporter_message_truncation: node["audit"]["result_message_limit"],
105
+ waiver_file: Array(node["audit"]["waiver_file"]),
106
+ }
107
+ end
108
+
109
+ def inspec_profiles
110
+ profiles = node["audit"]["profiles"]
111
+
112
+ # TODO: Custom exception class here?
113
+ unless profiles.respond_to?(:map) && profiles.all? { |_, p| p.respond_to?(:transform_keys) && p.respond_to?(:update) }
114
+ raise "#{Inspec::Dist::PRODUCT_NAME} profiles specified in an unrecognized format, expected a hash of hashes."
115
+ end
116
+
117
+ profiles.map do |name, profile|
118
+ profile.transform_keys(&:to_sym).update(name: name)
119
+ end
120
+ end
121
+
122
+ def load_fetchers!
123
+ case node["audit"]["fetcher"]
124
+ when "chef-automate"
125
+ require_relative "fetcher/automate"
126
+ when "chef-server"
127
+ require_relative "fetcher/chef_server"
128
+ when nil
129
+ # intentionally blank
130
+ else
131
+ raise "Invalid value specified for Compliance Phase's fetcher: '#{node["audit"]["fetcher"]}'. Valid values are 'chef-automate', 'chef-server', or nil."
132
+ end
133
+ end
134
+
135
+ def generate_report(opts: inspec_opts, profiles: inspec_profiles)
136
+ load_fetchers!
137
+
138
+ logger.debug "Options are set to: #{opts}"
139
+ runner = ::Inspec::Runner.new(opts)
140
+
141
+ if profiles.empty?
142
+ failed_report("No #{Inspec::Dist::PRODUCT_NAME} profiles are defined.")
143
+ return
144
+ end
145
+
146
+ profiles.each { |target| runner.add_target(target) }
147
+
148
+ logger.info "Running profiles from: #{profiles.inspect}"
149
+ runner.run
150
+ runner.report.tap do |r|
151
+ logger.debug "Compliance Report #{r}"
152
+ end
153
+ rescue Inspec::FetcherFailure => e
154
+ failed_report("Cannot fetch all profiles: #{profiles}. Please make sure you're authenticated and the server is reachable. #{e.message}")
155
+ rescue => e
156
+ failed_report(e.message)
157
+ end
158
+
159
+ # In case InSpec raises a runtime exception without providing a valid report,
160
+ # we make one up and add two new fields to it: `status` and `status_message`
161
+ def failed_report(err)
162
+ logger.error "#{Inspec::Dist::PRODUCT_NAME} has raised a runtime exception. Generating a minimal failed report."
163
+ logger.error err
164
+ {
165
+ "platform": {
166
+ "name": "unknown",
167
+ "release": "unknown",
168
+ },
169
+ "profiles": [],
170
+ "statistics": {
171
+ "duration": 0.0000001,
172
+ },
173
+ "version": Inspec::VERSION,
174
+ "status": "failed",
175
+ "status_message": err,
176
+ }
177
+ end
178
+
179
+ # extracts relevant node data
180
+ def node_info
181
+ chef_server_uri = URI(Chef::Config[:chef_server_url])
182
+
183
+ runlist_roles = node.run_list.select { |item| item.type == :role }.map(&:name)
184
+ runlist_recipes = node.run_list.select { |item| item.type == :recipe }.map(&:name)
185
+ {
186
+ node: node.name,
187
+ os: {
188
+ release: node["platform_version"],
189
+ family: node["platform"],
190
+ },
191
+ environment: node.environment,
192
+ roles: runlist_roles,
193
+ recipes: runlist_recipes,
194
+ policy_name: node.policy_name || "",
195
+ policy_group: node.policy_group || "",
196
+ chef_tags: node.tags,
197
+ organization_name: chef_server_uri.path.split("/").last || "",
198
+ source_fqdn: chef_server_uri.host || "",
199
+ ipaddress: node["ipaddress"],
200
+ fqdn: node["fqdn"],
201
+ }
202
+ end
203
+
204
+ def send_report(reporter_type, report)
205
+ logger.info "Reporting to #{reporter_type}"
206
+
207
+ reporter = reporter(reporter_type)
208
+
209
+ reporter.send_report(report) if reporter
210
+ end
211
+
212
+ def reporter(reporter_type)
213
+ case reporter_type
214
+ when "chef-automate"
215
+ opts = {
216
+ control_results_limit: node["audit"]["control_results_limit"],
217
+ entity_uuid: node["chef_guid"],
218
+ insecure: node["audit"]["insecure"],
219
+ node_info: node_info,
220
+ run_id: run_id,
221
+ run_time_limit: node["audit"]["run_time_limit"],
222
+ }
223
+ Chef::Compliance::Reporter::Automate.new(opts)
224
+ when "chef-server-automate"
225
+ opts = {
226
+ control_results_limit: node["audit"]["control_results_limit"],
227
+ entity_uuid: node["chef_guid"],
228
+ insecure: node["audit"]["insecure"],
229
+ node_info: node_info,
230
+ run_id: run_id,
231
+ run_time_limit: node["audit"]["run_time_limit"],
232
+ url: chef_server_automate_url,
233
+ }
234
+ Chef::Compliance::Reporter::ChefServerAutomate.new(opts)
235
+ when "json-file"
236
+ path = node["audit"]["json_file"]["location"]
237
+ logger.info "Writing compliance report to #{path}"
238
+ Chef::Compliance::Reporter::JsonFile.new(file: path)
239
+ when "audit-enforcer"
240
+ Chef::Compliance::Reporter::ComplianceEnforcer.new
241
+ else
242
+ raise "'#{reporter_type}' is not a supported reporter for Compliance Phase."
243
+ end
244
+ end
245
+
246
+ def chef_server_automate_url
247
+ url = if node["audit"]["server"]
248
+ URI(node["audit"]["server"])
249
+ else
250
+ URI(Chef::Config[:chef_server_url]).tap do |u|
251
+ u.path = ""
252
+ end
253
+ end
254
+
255
+ org = Chef::Config[:chef_server_url].split("/").last
256
+ url.path = File.join(url.path, "organizations/#{org}/data-collector")
257
+ url
258
+ end
259
+ end
260
+ end
261
+ end
@@ -47,7 +47,7 @@ class Chef
47
47
  v2
48
48
  end
49
49
  end
50
- cookbook_gems[args.first] += args[1..-1]
50
+ cookbook_gems[args.first] += args[1..]
51
51
  end
52
52
  end
53
53
 
@@ -282,7 +282,7 @@ class Chef
282
282
 
283
283
  name = File.join(segment, pathname.basename.to_s)
284
284
 
285
- if segment == "templates" || segment == "files"
285
+ if %w{templates files}.include?(segment)
286
286
  # Check if pathname looks like files/foo or templates/foo (unscoped)
287
287
  if pathname.each_filename.to_a.length == 2
288
288
  # Use root_default in case the same path exists at root_default and default
@@ -317,6 +317,7 @@ class Chef
317
317
  end
318
318
 
319
319
  end
320
+
320
321
  class CookbookManifestVersions
321
322
 
322
323
  extend Chef::Mixin::VersionedAPIFactory
@@ -20,7 +20,7 @@
20
20
 
21
21
  autoload :URI, "uri"
22
22
  module Net
23
- autoload :HTTP, File.expand_path("monkey_patches/net_http", __dir__)
23
+ autoload :HTTP, "net/http"
24
24
  end
25
25
  autoload :OpenSSL, "openssl"
26
26
  module Mixlib
@@ -264,7 +264,7 @@ class Chef
264
264
  if found_pref
265
265
  manifest_records_by_path[found_pref]
266
266
  else
267
- if segment == :files || segment == :templates
267
+ if %i{files templates}.include?(segment)
268
268
  error_message = "Cookbook '#{name}' (#{version}) does not contain a file at any of these locations:\n"
269
269
  error_locations = if filename.is_a?(Array)
270
270
  filename.map { |name| " #{File.join(segment.to_s, name)}" }
@@ -587,10 +587,7 @@ class Chef
587
587
  end
588
588
 
589
589
  def file_vendor
590
- unless @file_vendor
591
- @file_vendor = Chef::Cookbook::FileVendor.create_from_manifest(cookbook_manifest)
592
- end
593
- @file_vendor
590
+ @file_vendor ||= Chef::Cookbook::FileVendor.create_from_manifest(cookbook_manifest)
594
591
  end
595
592
 
596
593
  end
@@ -182,7 +182,7 @@ class Chef
182
182
  events.unregister(self) unless Chef::Config[:data_collector][:output_locations]
183
183
 
184
184
  begin
185
- code = e&.response&.code&.to_s
185
+ code = e&.response&.code.to_s
186
186
  rescue
187
187
  # i really don't care
188
188
  end
@@ -30,7 +30,7 @@ class Chef::EncryptedDataBagItem
30
30
  unless format_version.is_a?(Integer) && format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
31
31
  raise UnacceptableEncryptedDataBagItemFormat,
32
32
  "The encrypted data bag item has format version `#{format_version}', " +
33
- "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
33
+ "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
34
34
  end
35
35
  end
36
36
 
@@ -35,7 +35,7 @@ class Chef
35
35
  include Chef::Mixin::ParamsValidate
36
36
  include Chef::Mixin::FromFile
37
37
 
38
- COMBINED_COOKBOOK_CONSTRAINT = /(.+)(?:[\s]+)((?:#{Chef::VersionConstraint::OPS.join('|')})(?:[\s]+).+)$/.freeze
38
+ COMBINED_COOKBOOK_CONSTRAINT = /(.+)(?:\s+)((?:#{Chef::VersionConstraint::OPS.join('|')})(?:\s+).+)$/.freeze
39
39
 
40
40
  def initialize(chef_server_rest: nil)
41
41
  @name = ""
@@ -19,7 +19,7 @@
19
19
  require_relative "base"
20
20
  require_relative "../platform/query_helpers"
21
21
  require_relative "../win32/eventlog"
22
- require "chef-utils" unless defined?(ChefUtils)
22
+ require "chef-utils" unless defined?(ChefUtils::CANARY)
23
23
 
24
24
  class Chef
25
25
  module EventLoggers
@@ -84,11 +84,13 @@ class Chef
84
84
  class InvalidPrivateKey < ArgumentError; end
85
85
  class MissingKeyAttribute < ArgumentError; end
86
86
  class KeyCommandInputError < ArgumentError; end
87
+
87
88
  class BootstrapCommandInputError < ArgumentError
88
89
  def initialize
89
90
  super "You cannot pass both --json-attributes and --json-attribute-file. Please pass one or none."
90
91
  end
91
92
  end
93
+
92
94
  class InvalidKeyArgument < ArgumentError; end
93
95
  class InvalidKeyAttribute < ArgumentError; end
94
96
  class InvalidUserAttribute < ArgumentError; end
@@ -195,6 +197,7 @@ class Chef
195
197
  class IllegalVersionConstraint < NotImplementedError; end # rubocop:disable Lint/InheritException
196
198
 
197
199
  class MetadataNotValid < StandardError; end
200
+
198
201
  class MetadataNotFound < StandardError
199
202
  attr_reader :install_path
200
203
  attr_reader :cookbook_name
@@ -283,6 +286,7 @@ class Chef
283
286
  end
284
287
 
285
288
  end
289
+
286
290
  # Exception class for collecting multiple failures. Used when running
287
291
  # delayed notifications so that chef can process each delayed
288
292
  # notification even if chef client or other notifications fail.
@@ -451,7 +455,7 @@ class Chef
451
455
  attr_reader :wrapped_errors
452
456
 
453
457
  def initialize(*errors)
454
- errors = errors.select { |e| !e.nil? }
458
+ errors = errors.compact
455
459
  output = "Found #{errors.size} errors, they are stored in the backtrace"
456
460
  @wrapped_errors = errors
457
461
  super output
@@ -255,10 +255,7 @@ class Chef
255
255
  flags |= CONTAINER_INHERIT_ACE
256
256
  when :objects_only
257
257
  flags |= OBJECT_INHERIT_ACE
258
- when true
259
- flags |= CONTAINER_INHERIT_ACE
260
- flags |= OBJECT_INHERIT_ACE
261
- when nil
258
+ when true, nil
262
259
  flags |= CONTAINER_INHERIT_ACE
263
260
  flags |= OBJECT_INHERIT_ACE
264
261
  end