chef 16.8.14-universal-mingw32 → 16.9.32-universal-mingw32

data/spec/spec_helper.rb

@@ -87,7 +87,7 @@ Dir["spec/support/**/*.rb"]
   .each { |f| require f }
 
 OHAI_SYSTEM = Ohai::System.new
-OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell"])
+OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell", "uptime"])
 
 test_node = Chef::Node.new
 test_node.automatic["os"] = (OHAI_SYSTEM["os"] || "unknown_os").dup.freeze

data/spec/unit/compliance/runner_spec.rb

@@ -8,41 +8,39 @@ describe Chef::Compliance::Runner do
     described_class.new.tap do |r|
       r.node = node
       r.run_id = "my_run_id"
-      r.recipes = []
     end
   end
 
   describe "#enabled?" do
+
     it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
       node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
-      runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).to be_enabled
     end
 
     it "is false if the node attributes have audit profiles and the audit cookbook is present" do
+      stub_const("::Reporter::ChefAutomate", true)
       node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
-      runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).not_to be_enabled
     end
 
     it "is false if the node attributes do not have audit profiles and the audit cookbook is not present" do
       node.normal["audit"]["profiles"] = {}
-      runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).not_to be_enabled
     end
 
     it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
-      node.normal["audit"]["profiles"] = {}
-      runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
+      stub_const("::Reporter::ChefAutomate", true)
+      node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).not_to be_enabled
     end
 
     it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
-      runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
+      node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
       expect(runner).not_to be_enabled
     end
   end
@@ -137,4 +135,32 @@ describe Chef::Compliance::Runner do
       expect { runner.reporter("tacos") }.to raise_error(/'tacos' is not a supported reporter for Compliance Phase/)
     end
   end
+
+  describe "#inspec_opts" do
+    it "does not include chef_node in inputs by default" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+        "nachos" => "dinner",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+      expect(inputs.key?("chef_node")).to eq(false)
+    end
+
+    it "includes chef_node in inputs with chef_node_attribute_enabled set" do
+      node.normal["audit"]["chef_node_attribute_enabled"] = true
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+        "nachos" => "dinner",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+      expect(inputs["chef_node"]["audit"]["reporter"]).to eq("json-file")
+      expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
+    end
+  end
 end

data/spec/unit/http/ssl_policies_spec.rb

@@ -29,91 +29,83 @@ describe "HTTP SSL Policy" do
     ENV["SSL_CERT_FILE"]           = nil
   end
 
-  let(:unconfigured_http_client) { Net::HTTP.new("example.com", 443) }
   let(:http_client) do
-    unconfigured_http_client.use_ssl = true
-    ssl_policy.apply
-    unconfigured_http_client
+    ssl_policy_class.apply_to(Net::HTTP.new("example.com"))
   end
 
   describe Chef::HTTP::DefaultSSLPolicy do
 
-    let(:ssl_policy) { Chef::HTTP::DefaultSSLPolicy.new(unconfigured_http_client) }
+    let(:ssl_policy_class) { Chef::HTTP::DefaultSSLPolicy }
 
-    describe "when configured with :ssl_verify_mode set to :verify peer" do
-      before do
-        Chef::Config[:ssl_verify_mode] = :verify_peer
-      end
-
-      it "configures the HTTP client to use SSL when given a URL with the https protocol" do
-        expect(http_client.use_ssl?).to be_truthy
-      end
-
-      it "sets the OpenSSL verify mode to verify_peer" do
-        expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
-      end
-
-      it "raises a ConfigurationError if :ssl_ca_path is set to a path that doesn't exist" do
-        Chef::Config[:ssl_ca_path] = "/dev/null/nothing_here"
-        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
-      end
+    it "raises a ConfigurationError if :ssl_ca_path is set to a path that doesn't exist" do
+      Chef::Config[:ssl_ca_path] = "/dev/null/nothing_here"
+      expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+    end
 
-      it "should set the CA path if that is set in the configuration" do
-        Chef::Config[:ssl_ca_path] = File.join(CHEF_SPEC_DATA, "ssl")
-        expect(http_client.ca_path).to eq(File.join(CHEF_SPEC_DATA, "ssl"))
-      end
+    it "should set the CA path if that is set in the configuration" do
+      Chef::Config[:ssl_ca_path] = File.join(CHEF_SPEC_DATA, "ssl")
+      expect(http_client.ca_path).to eq(File.join(CHEF_SPEC_DATA, "ssl"))
+    end
 
-      it "raises a ConfigurationError if :ssl_ca_file is set to a file that does not exist" do
-        Chef::Config[:ssl_ca_file] = "/dev/null/nothing_here"
-        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
-      end
+    it "raises a ConfigurationError if :ssl_ca_file is set to a file that does not exist" do
+      Chef::Config[:ssl_ca_file] = "/dev/null/nothing_here"
+      expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+    end
 
-      it "should set the CA file if that is set in the configuration" do
-        Chef::Config[:ssl_ca_file] = CHEF_SPEC_DATA + "/ssl/5e707473.0"
-        expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/ssl/5e707473.0")
-      end
+    it "should set the CA file if that is set in the configuration" do
+      Chef::Config[:ssl_ca_file] = CHEF_SPEC_DATA + "/ssl/5e707473.0"
+      expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/ssl/5e707473.0")
+    end
 
-      it "should set the custom CA file if SSL_CERT_FILE environment variable is set" do
-        ENV["SSL_CERT_FILE"] = CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem"
-        expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem")
-      end
+    it "should set the custom CA file if SSL_CERT_FILE environment variable is set" do
+      ENV["SSL_CERT_FILE"] = CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem"
+      expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem")
+    end
 
-      it "raises a ConfigurationError if SSL_CERT_FILE environment variable is set to a file that does not exist" do
-        ENV["SSL_CERT_FILE"] = "/dev/null/nothing_here"
-        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
-      end
+    it "raises a ConfigurationError if SSL_CERT_FILE environment variable is set to a file that does not exist" do
+      ENV["SSL_CERT_FILE"] = "/dev/null/nothing_here"
+      expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
     end
 
-    describe "when configured with :ssl_verify_mode set to :verify peer" do
-      before do
-        @url = URI.parse("https://chef.example.com:4443/")
-        Chef::Config[:ssl_verify_mode] = :verify_none
-      end
+    it "sets the OpenSSL verify mode to verify_peer when configured with :ssl_verify_mode set to :verify_peer" do
+      Chef::Config[:ssl_verify_mode] = :verify_peer
+      expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
+    end
 
-      it "sets the OpenSSL verify mode to :verify_none" do
-        expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
-      end
+    it "sets the OpenSSL verify mode to :verify_none when configured with :ssl_verify_mode set to :verify_none" do
+      Chef::Config[:ssl_verify_mode] = :verify_none
+      expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
     end
 
     describe "when configured with a client certificate" do
-      before { @url = URI.parse("https://chef.example.com:4443/") }
-
       it "raises ConfigurationError if the certificate file doesn't exist" do
         Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
         Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
-        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_cert .* does not exist/)
       end
 
-      it "raises ConfigurationError if the certificate file doesn't exist" do
+      it "raises ConfigurationError if the private key file doesn't exist" do
         Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
         Chef::Config[:ssl_client_key]  = "/dev/null/nothing_here"
-        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_key .* does not exist/)
       end
 
       it "raises a ConfigurationError if one of :ssl_client_cert and :ssl_client_key is set but not both" do
         Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
         Chef::Config[:ssl_client_key]  = nil
-        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /configure ssl_client_cert and ssl_client_key together/)
+      end
+
+      it "raises a ConfigurationError with a bad cert file" do
+        Chef::Config[:ssl_client_cert] = __FILE__
+        Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
+        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file '#{__FILE__}'/)
+      end
+
+      it "raises a ConfigurationError with a bad key file" do
+        Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
+        Chef::Config[:ssl_client_key]  = __FILE__
+        expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading key file '#{__FILE__}'/)
       end
 
       it "configures the HTTP client's cert and private key" do
@@ -122,20 +114,31 @@ describe "HTTP SSL Policy" do
         expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
         expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
       end
-    end
 
-    context "when additional certs are located in the trusted_certs dir" do
-      let(:self_signed_crt_path) { File.join(CHEF_SPEC_DATA, "trusted_certs", "example.crt") }
-      let(:self_signed_crt) { OpenSSL::X509::Certificate.new(File.read(self_signed_crt_path)) }
+      it "configures the HTTP client's cert and private key with a DER encoded cert" do
+        Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.cert"
+        Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
+        expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
+        expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
+      end
 
-      let(:additional_pem_path) { File.join(CHEF_SPEC_DATA, "trusted_certs", "opscode.pem") }
-      let(:additional_pem) { OpenSSL::X509::Certificate.new(File.read(additional_pem_path)) }
+      it "configures the HTTP client's cert and private key with a DER encoded key" do
+        Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
+        Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.key"
+        expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
+        expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
+      end
+    end
 
+    context "when additional certs are located in the trusted_certs dir" do
       before do
         Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "trusted_certs")
       end
 
       it "enables verification of self-signed certificates" do
+        path = File.join(CHEF_SPEC_DATA, "trusted_certs", "example.crt")
+        self_signed_crt = OpenSSL::X509::Certificate.new(File.binread(path))
+
         expect(http_client.cert_store.verify(self_signed_crt)).to be_truthy
       end
 
@@ -148,39 +151,64 @@ describe "HTTP SSL Policy" do
         # If the machine running the test doesn't have ruby SSL configured correctly,
         # then the root cert also has to be loaded for the test to succeed.
         # The system under test **SHOULD** do both of these things.
+        path = File.join(CHEF_SPEC_DATA, "trusted_certs", "opscode.pem")
+        additional_pem = OpenSSL::X509::Certificate.new(File.binread(path))
+
         expect(http_client.cert_store.verify(additional_pem)).to be_truthy
       end
 
-      context "and some certs are duplicates" do
-        it "skips duplicate certs" do
-          # For whatever reason, OpenSSL errors out when adding a
-          # cert you already have to the certificate store.
-          ssl_policy.set_custom_certs
-          ssl_policy.set_custom_certs # should not raise an error
+      it "skips duplicate certs" do
+        # For whatever reason, OpenSSL errors out when adding a
+        # cert you already have to the certificate store.
+        ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
+        ssl_policy.set_custom_certs
+        ssl_policy.set_custom_certs # should not raise an error
+      end
+
+      it "raises ConfigurationError with a bad cert file in the trusted_certs dir" do
+        ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
+
+        Dir.mktmpdir do |dir|
+          bad_cert_file = File.join(dir, "bad_cert_file.crt")
+          File.write(bad_cert_file, File.read(__FILE__))
+
+          Chef::Config.trusted_certs_dir = dir
+          expect { ssl_policy.set_custom_certs }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file/)
         end
       end
+
+      it "works with binary certs" do
+        Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "ssl", "binary")
+
+        ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
+        ssl_policy.set_custom_certs
+      end
     end
   end
 
   describe Chef::HTTP::APISSLPolicy do
 
-    let(:ssl_policy) { Chef::HTTP::APISSLPolicy.new(unconfigured_http_client) }
+    let(:ssl_policy_class) { Chef::HTTP::APISSLPolicy }
 
-    context "when verify_api_cert is set" do
-      before do
-        Chef::Config[:verify_api_cert] = true
-      end
+    it "sets the OpenSSL verify mode to verify_peer when configured with :ssl_verify_mode set to :verify_peer" do
+      Chef::Config[:ssl_verify_mode] = :verify_peer
+      expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
+    end
 
-      it "sets the OpenSSL verify mode to verify_peer" do
-        expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
-      end
+    it "sets the OpenSSL verify mode to :verify_none when configured with :ssl_verify_mode set to :verify_none" do
+      Chef::Config[:ssl_verify_mode] = :verify_none
+      expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
     end
 
+    it "sets the OpenSSL verify mode to verify_peer when verify_api_cert is set" do
+      Chef::Config[:verify_api_cert] = true
+      expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
+    end
   end
 
   describe Chef::HTTP::VerifyPeerSSLPolicy do
 
-    let(:ssl_policy) { Chef::HTTP::VerifyPeerSSLPolicy.new(unconfigured_http_client) }
+    let(:ssl_policy_class) { Chef::HTTP::VerifyPeerSSLPolicy }
 
     it "sets the OpenSSL verify mode to verify_peer" do
       expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
@@ -190,7 +218,7 @@ describe "HTTP SSL Policy" do
 
   describe Chef::HTTP::VerifyNoneSSLPolicy do
 
-    let(:ssl_policy) { Chef::HTTP::VerifyNoneSSLPolicy.new(unconfigured_http_client) }
+    let(:ssl_policy_class) { Chef::HTTP::VerifyNoneSSLPolicy }
 
     it "sets the OpenSSL verify mode to verify_peer" do
       expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)

data/spec/unit/knife/bootstrap_spec.rb

@@ -472,21 +472,13 @@ describe Chef::Knife::Bootstrap do
   end
 
   describe "when transferring trusted certificates" do
-    let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs")) }
-
     let(:rendered_template) do
       knife.merge_configs
       knife.render_template
     end
 
     before do
-      Chef::Config[:trusted_certs_dir] = trusted_certs_dir
-      allow(IO).to receive(:read).and_call_original
-      allow(IO).to receive(:read).with(File.expand_path(Chef::Config[:validation_key])).and_return("")
-    end
-
-    def certificates
-      Dir[File.join(trusted_certs_dir, "*.{crt,pem}")]
+      Chef::Config[:trusted_certs_dir] = Chef::Util::PathHelper.cleanpath(File.join(CHEF_SPEC_DATA, "trusted_certs"))
     end
 
     it "creates /etc/chef/trusted_certs" do
@@ -494,27 +486,23 @@ describe Chef::Knife::Bootstrap do
     end
 
     it "copies the certificates in the directory" do
-      certificates.each do |cert|
-        expect(IO).to receive(:read).with(File.expand_path(cert))
-      end
+      certificates = Dir[File.join(Chef::Config[:trusted_certs_dir], "*.{crt,pem}")]
 
       certificates.each do |cert|
         expect(rendered_template).to match(%r{cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'})
       end
     end
 
-    context "when :trusted_cets_dir is empty" do
-      let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs_empty")) }
-      it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
+    it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
+      Dir.mktmpdir do |dir|
+        Chef::Config[:trusted_certs_dir] = dir
         expect(rendered_template).not_to match(%r{mkdir -p /etc/chef/trusted_certs})
       end
     end
-
   end
 
   context "when doing fips things" do
     let(:template_file) { File.expand_path(File.join(CHEF_SPEC_DATA, "bootstrap", "no_proxy.erb")) }
-    let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs")) }
 
     before do
       Chef::Config[:knife][:bootstrap_template] = template_file

data/spec/unit/knife/core/status_presenter_spec.rb

@@ -0,0 +1,54 @@
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Knife::Core::StatusPresenter do
+  describe "#summarize_json" do
+    let(:presenter) { Chef::Knife::Core::StatusPresenter.new(double(:ui), double(:config, :[] => "")) }
+
+    let(:node) do
+      Chef::Node.new.tap do |n|
+        n.automatic_attrs["name"] = "my_node"
+        n.automatic_attrs["ipaddress"] = "127.0.0.1"
+      end
+    end
+
+    let(:result) { JSON.parse(presenter.summarize_json([node])).first }
+
+    it "uses the first of public_ipv4_addrs when present" do
+      node.automatic_attrs["cloud"] = { "public_ipv4_addrs" => ["2.2.2.2"] }
+
+      expect(result["ip"]).to eq("2.2.2.2")
+    end
+
+    it "falls back to ipaddress when public_ipv4_addrs is empty" do
+      node.automatic_attrs["cloud"] = { "public_ipv4_addrs" => [] }
+
+      expect(result["ip"]).to eq("127.0.0.1")
+    end
+
+    it "falls back to ipaddress when cloud attributes are empty" do
+      node.automatic_attrs["cloud"] = {}
+
+      expect(result["ip"]).to eq("127.0.0.1")
+    end
+
+    it "falls back to ipaddress when cloud attributes is not present" do
+      expect(result["ip"]).to eq("127.0.0.1")
+    end
+  end
+end