chef 16.7.61 → 16.8.9

data/lib/chef/util/dsc/local_configuration_manager.rb

@@ -16,25 +16,27 @@
 # limitations under the License.
 #
 
-require_relative "../powershell/cmdlet"
+require_relative "../../mixin/powershell_exec"
 require_relative "lcm_output_parser"
 
 class Chef::Util::DSC
   class LocalConfigurationManager
+    include Chef::Mixin::PowershellExec
+
     def initialize(node, configuration_path)
       @node = node
       @configuration_path = configuration_path
       clear_execution_time
     end
 
-    def test_configuration(configuration_document, shellout_flags)
-      status = run_configuration_cmdlet(configuration_document, false, shellout_flags)
-      log_dsc_exception(status.stderr) unless status.succeeded?
-      configuration_update_required?(status.return_value)
+    def test_configuration(configuration_document)
+      status = run_configuration_cmdlet(configuration_document, false)
+      log_dsc_exception(status.errors.join("\n")) if status.error?
+      configuration_update_required?(status.result)
     end
 
-    def set_configuration(configuration_document, shellout_flags)
-      run_configuration_cmdlet(configuration_document, true, shellout_flags)
+    def set_configuration(configuration_document)
+      run_configuration_cmdlet(configuration_document, true)
     end
 
     def last_operation_execution_time_seconds
@@ -45,7 +47,7 @@ class Chef::Util::DSC
 
     private
 
-    def run_configuration_cmdlet(configuration_document, apply_configuration, shellout_flags)
+    def run_configuration_cmdlet(configuration_document, apply_configuration)
       Chef::Log.trace("DSC: Calling DSC Local Config Manager to #{apply_configuration ? "set" : "test"} configuration document.")
 
       start_operation_timing
@@ -53,11 +55,12 @@ class Chef::Util::DSC
 
       begin
         save_configuration_document(configuration_document)
-        cmdlet = ::Chef::Util::Powershell::Cmdlet.new(@node, lcm_command(apply_configuration))
+        cmd = lcm_command(apply_configuration)
+        Chef::Log.trace("DSC: Calling DSC Local Config Manager with:\n#{cmd}")
+
+        status = powershell_exec(cmd)
         if apply_configuration
-          status = cmdlet.run!({}, shellout_flags)
-        else
-          status = cmdlet.run({}, shellout_flags)
+          status.error!
         end
       ensure
         end_operation_timing
@@ -77,7 +80,7 @@ class Chef::Util::DSC
         ps4_base_command
       else
         if ps_version_gte_5?
-          "#{common_command_prefix} Test-DscConfiguration -path #{@configuration_path} | format-list"
+          "#{common_command_prefix} Test-DscConfiguration -path #{@configuration_path} | format-list | Out-String"
         else
           ps4_base_command + " -whatif; if (! $?) { exit 1 }"
         end
@@ -100,7 +103,7 @@ class Chef::Util::DSC
     end
 
     def whatif_not_supported?(dsc_exception_output)
-      !! (dsc_exception_output.gsub(/[\r\n]+/, "").gsub(/\s+/, " ") =~ /A parameter cannot be found that matches parameter name 'Whatif'/i)
+      !! (dsc_exception_output.gsub(/[\n]+/, "").gsub(/\s+/, " ") =~ /A parameter cannot be found that matches parameter name 'Whatif'/i)
     end
 
     def dsc_module_import_failure?(command_output)

data/lib/chef/util/dsc/resource_store.rb

@@ -16,14 +16,14 @@
 # limitations under the License.
 #
 
-require_relative "../powershell/cmdlet"
-require_relative "../powershell/cmdlet_result"
+require_relative "../../mixin/powershell_exec"
 require_relative "../../exceptions"
 
 class Chef
   class Util
     class DSC
       class ResourceStore
+        include Chef::Mixin::PowershellExec
 
         def self.instance
           @@instance ||= ResourceStore.new.tap do |store|
@@ -83,19 +83,13 @@ class Chef
 
         # Returns a list of dsc resources
         def query_resources
-          cmdlet = Chef::Util::Powershell::Cmdlet.new(nil, "get-dscresource",
-            :object)
-          result = cmdlet.run
-          result.return_value
+          powershell_exec("get-dscresource").result
         end
 
         # Returns a list of dsc resources matching the provided name
         def query_resource(resource_name)
-          cmdlet = Chef::Util::Powershell::Cmdlet.new(nil, "get-dscresource #{resource_name}",
-            :object)
-          result = cmdlet.run
-          ret_val = result.return_value
-          if ret_val.nil?
+          ret_val = powershell_exec("get-dscresource #{resource_name}").result
+          if ret_val.empty?
             []
           elsif ret_val.is_a? Array
             ret_val

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("16.7.61")
+  VERSION = Chef::VersionString.new("16.8.9")
 end
 
 #

data/lib/chef/win32/api/file.rb

@@ -316,6 +316,7 @@ typedef struct _REPARSE_DATA_BUFFER {
             string_pointer.read_wstring(self[:PrintNameLength] / 2)
           end
         end
+
         class REPARSE_DATA_BUFFER_MOUNT_POINT < FFI::Struct
           layout :SubstituteNameOffset, :ushort,
             :SubstituteNameLength, :ushort,
@@ -333,14 +334,17 @@ typedef struct _REPARSE_DATA_BUFFER {
             string_pointer.read_wstring(self[:PrintNameLength] / 2)
           end
         end
+
         class REPARSE_DATA_BUFFER_GENERIC < FFI::Struct
           layout :DataBuffer, :uchar
         end
+
         class REPARSE_DATA_BUFFER_UNION < FFI::Union
           layout :SymbolicLinkReparseBuffer, REPARSE_DATA_BUFFER_SYMBOLIC_LINK,
             :MountPointReparseBuffer, REPARSE_DATA_BUFFER_MOUNT_POINT,
             :GenericReparseBuffer, REPARSE_DATA_BUFFER_GENERIC
         end
+
         class REPARSE_DATA_BUFFER < FFI::Struct
           layout :ReparseTag, :uint32,
             :ReparseDataLength, :ushort,

data/spec/functional/resource/dsc_script_spec.rb

@@ -21,7 +21,7 @@ require "chef/mixin/powershell_exec"
 require "chef/mixin/windows_architecture_helper"
 require "support/shared/integration/integration_helper"
 
-describe Chef::Resource::DscScript, :windows_powershell_dsc_only do
+describe Chef::Resource::DscScript, :windows_powershell_dsc_only, :ruby64_only do
   include Chef::Mixin::WindowsArchitectureHelper
   include Chef::Mixin::PowershellExec
   before(:all) do
@@ -261,12 +261,9 @@ describe Chef::Resource::DscScript, :windows_powershell_dsc_only do
 
       it "should raise an exception if the cwd is etc" do
         dsc_test_resource.cwd(dsc_environment_fail_etc_directory)
-        expect { dsc_test_resource.run_action(:run) }.to raise_error(Chef::Exceptions::PowershellCmdletException)
-        begin
+        expect {
           dsc_test_resource.run_action(:run)
-        rescue Chef::Exceptions::PowershellCmdletException => e
-          expect(e.message).to match(exception_message_signature)
-        end
+        }.to raise_error(Chef::PowerShell::CommandFailed, /#{exception_message_signature}/)
       end
     end
   end

data/spec/integration/client/client_spec.rb

@@ -97,7 +97,8 @@ describe "chef-client" do
       before { file ".chef/knife.rb", "xxx.xxx" }
 
       it "should load .chef/knife.rb when -z is specified" do
-        result = shell_out("#{chef_client} -z -o 'x::default'", cwd: path_to(""))
+        # On Solaris shell_out will invoke /bin/sh which doesn't understand how to correctly update ENV['PWD']
+        result = shell_out("#{chef_client} -z -o 'x::default'", cwd: path_to(""), env: { "PWD" => nil })
         # FATAL: Configuration error NoMethodError: undefined method `xxx' for nil:NilClass
         expect(result.stdout).to include("xxx")
       end

data/spec/integration/compliance/compliance_spec.rb

@@ -0,0 +1,81 @@
+require "spec_helper"
+
+require "support/shared/integration/integration_helper"
+require "chef/mixin/shell_out"
+require "chef-utils/dist"
+
+describe "chef-client with audit mode" do
+
+  include IntegrationSupport
+  include Chef::Mixin::ShellOut
+
+  let(:chef_dir) { File.join(__dir__, "..", "..", "..", "bin") }
+
+  # Invoke `chef-client` as `ruby PATH/TO/chef-client`. This ensures the
+  # following constraints are satisfied:
+  # * Windows: windows can only run batch scripts as bare executables. Rubygems
+  # creates batch wrappers for installed gems, but we don't have batch wrappers
+  # in the source tree.
+  # * Other `chef-client` in PATH: A common case is running the tests on a
+  # machine that has omnibus chef installed. In that case we need to ensure
+  # we're running `chef-client` from the source tree and not the external one.
+  # cf. CHEF-4914
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
+
+  when_the_repository "has a custom profile" do
+    let(:report_file) { path_to("report_file.json") }
+
+    before do
+      directory "profiles/my-profile" do
+        file "inspec.yml", <<~FILE
+          ---
+          name: my-profile
+        FILE
+
+        directory "controls" do
+          file "my_control.rb", <<~FILE
+            control "my control" do
+              describe Dir.home do
+                it { should be_kind_of String }
+              end
+            end
+          FILE
+        end
+      end
+
+      file "attributes.json", <<~FILE
+        {
+          "audit": {
+            "json_file": {
+              "location": "#{report_file}"
+            },
+            "profiles": {
+              "my-profile": {
+                "path": "#{path_to("profiles/my-profile")}"
+              }
+            }
+          }
+        }
+      FILE
+    end
+
+    it "should complete with success" do
+      result = shell_out!("#{chef_client} --local-mode --json-attributes #{path_to("attributes.json")}", cwd: chef_dir)
+      result.error!
+
+      inspec_report = JSON.parse(File.read(report_file))
+      expect(inspec_report["profiles"].length).to eq(1)
+
+      profile = inspec_report["profiles"].first
+      expect(profile["name"]).to eq("my-profile")
+      expect(profile["controls"].length).to eq(1)
+
+      control = profile["controls"].first
+      expect(control["id"]).to eq("my control")
+      expect(control["results"].length).to eq(1)
+
+      result = control["results"].first
+      expect(result["status"]).to eq("passed")
+    end
+  end
+end

data/spec/integration/recipes/recipe_dsl_spec.rb

@@ -28,6 +28,7 @@ describe "Recipe DSL methods" do
         def provider
           Provider
         end
+
         class Provider < Chef::Provider
           def load_current_resource; end
 

data/spec/spec_helper.rb

@@ -31,7 +31,7 @@ $LOAD_PATH.unshift File.expand_path("../chef-utils/lib", __dir__)
 
 require "rubygems"
 require "rspec/mocks"
-
+require "rexml/document"
 require "webmock/rspec"
 
 require "chef"

data/spec/unit/client_spec.rb

@@ -129,6 +129,7 @@ shared_context "a client run" do
     expect(client.events).to receive(:register).with(instance_of(Chef::DataCollector::Reporter))
     expect(client.events).to receive(:register).with(instance_of(Chef::ResourceReporter))
     expect(client.events).to receive(:register).with(instance_of(Chef::ActionCollection))
+    expect(client.events).to receive(:register).with(instance_of(Chef::Compliance::Runner))
   end
 
   def stub_for_node_load

data/spec/unit/compliance/fetcher/automate_spec.rb

@@ -0,0 +1,134 @@
+require "spec_helper"
+require "chef/compliance/fetcher/automate"
+
+describe Chef::Compliance::Fetcher::Automate do
+  describe ".resolve" do
+    before do
+      Chef::Config[:data_collector] = {
+        server_url: "https://automate.test/data_collector",
+        token: token,
+      }
+    end
+
+    let(:token) { "fake_token" }
+
+    context "when target is a string" do
+      it "should resolve a compliance URL" do
+        res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "raises an exception with no data collector token" do
+        Chef::Config[:data_collector].delete(:token)
+
+        expect {
+          Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
+        }.to raise_error(/No data-collector token set/)
+      end
+
+      it "includes the data collector token" do
+        expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
+          "https://automate.test/compliance/profiles/namespace/profile_name/tar",
+          hash_including("token" => token)
+        ).and_call_original
+
+        res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-compliance URL" do
+        res = Chef::Compliance::Fetcher::Automate.resolve("http://github.com/chef-cookbooks/audit")
+
+        expect(res).to eq(nil)
+      end
+    end
+
+    context "when target is a hash" do
+      it "should resolve a target with a version" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/version/1.2.3/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "should resolve a target without a version" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "uses url key when present" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3",
+          url: "https://profile.server.test/profiles/profile_name/1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://profile.server.test/profiles/profile_name/1.2.3"
+        expect(res.target).to eq(expected)
+      end
+
+      it "does not include token in the config when url key is present" do
+        expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
+          "https://profile.server.test/profiles/profile_name/1.2.3",
+          hash_including("token" => nil)
+        ).and_call_original
+
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3",
+          url: "https://profile.server.test/profiles/profile_name/1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://profile.server.test/profiles/profile_name/1.2.3"
+        expect(res.target).to eq(expected)
+      end
+
+      it "raises an exception with no data collector token" do
+        Chef::Config[:data_collector].delete(:token)
+
+        expect {
+          Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
+        }.to raise_error(Inspec::FetcherFailure, /No data-collector token set/)
+      end
+
+      it "includes the data collector token" do
+        expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
+          "https://automate.test/compliance/profiles/namespace/profile_name/tar",
+          hash_including("token" => token)
+        ).and_call_original
+
+        res = Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-profile Hash" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          profile: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to eq(nil)
+      end
+    end
+  end
+end

data/spec/unit/compliance/fetcher/chef_server_spec.rb

@@ -0,0 +1,93 @@
+require "spec_helper"
+require "chef/compliance/fetcher/chef_server"
+
+describe Chef::Compliance::Fetcher::ChefServer do
+  let(:node) do
+    Chef::Node.new.tap do |n|
+      n.default["audit"] = {}
+    end
+  end
+
+  before :each do
+    allow(Chef).to receive(:node).and_return(node)
+
+    Chef::Config[:chef_server_url] = "http://127.0.0.1:8889/organizations/my_org"
+  end
+
+  describe ".resolve" do
+    context "when target is a string" do
+      it "should resolve a compliance URL" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "should add /compliance URL prefix if needed" do
+        node.default["audit"]["fetcher"] = "chef-server"
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/compliance/organizations/my_org/owners/namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "includes user in the URL if present" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://username@namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-compliance URL" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("http://github.com/chef-cookbooks/audit")
+
+        expect(res).to eq(nil)
+      end
+    end
+
+    context "when target is a hash" do
+      it "should resolve a target with a version" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/version/1.2.3/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "should resolve a target without a version" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          compliance: "namespace/profile_name"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "includes user in the URL if present" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          compliance: "username@namespace/profile_name"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-profile Hash" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          profile: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to eq(nil)
+      end
+    end
+  end
+end