chef 16.8.9-universal-mingw32 → 16.9.29-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -4
- data/README.md +1 -1
- data/chef.gemspec +11 -2
- data/lib/chef/compliance/default_attributes.rb +5 -1
- data/lib/chef/compliance/fetcher/automate.rb +2 -2
- data/lib/chef/compliance/fetcher/chef_server.rb +2 -2
- data/lib/chef/compliance/reporter/automate.rb +1 -2
- data/lib/chef/compliance/reporter/chef_server_automate.rb +4 -2
- data/lib/chef/compliance/runner.rb +53 -39
- data/lib/chef/http/ssl_policies.rb +27 -14
- data/lib/chef/knife/core/formatting_options.rb +49 -0
- data/lib/chef/knife/core/node_presenter.rb +0 -25
- data/lib/chef/knife/core/status_presenter.rb +1 -26
- data/lib/chef/knife/core/windows_bootstrap_context.rb +1 -1
- data/lib/chef/knife/node_show.rb +2 -1
- data/lib/chef/knife/search.rb +2 -1
- data/lib/chef/knife/ssh.rb +2 -0
- data/lib/chef/knife/status.rb +8 -11
- data/lib/chef/policy_builder/policyfile.rb +1 -1
- data/lib/chef/provider/package.rb +53 -19
- data/lib/chef/provider/package/dnf.rb +39 -12
- data/lib/chef/provider/package/dnf/dnf_helper.py +18 -5
- data/lib/chef/provider/package/dnf/python_helper.rb +6 -6
- data/lib/chef/provider/package/freebsd/pkgng.rb +3 -1
- data/lib/chef/provider/yum_repository.rb +2 -2
- data/lib/chef/resource/chef_gem.rb +2 -2
- data/lib/chef/resource/cron/cron_d.rb +1 -0
- data/lib/chef/resource/file.rb +1 -1
- data/lib/chef/resource/gem_package.rb +2 -2
- data/lib/chef/resource/homebrew_cask.rb +3 -3
- data/lib/chef/resource/http_request.rb +1 -1
- data/lib/chef/resource/locale.rb +1 -1
- data/lib/chef/resource/mdadm.rb +2 -2
- data/lib/chef/resource/osx_profile.rb +7 -7
- data/lib/chef/resource/remote_directory.rb +1 -1
- data/lib/chef/resource/ruby.rb +1 -5
- data/lib/chef/resource/ruby_block.rb +1 -1
- data/lib/chef/resource/user/windows_user.rb +5 -0
- data/lib/chef/resource/windows_certificate.rb +2 -12
- data/lib/chef/resource/yum_repository.rb +5 -0
- data/lib/chef/shell.rb +32 -1
- data/lib/chef/version.rb +1 -1
- data/spec/data/rubygems.org/latest_specs.4.8.gz +0 -0
- data/spec/data/rubygems.org/nonexistent_gem +0 -0
- data/spec/data/rubygems.org/sexp_processor +0 -0
- data/spec/data/rubygems.org/sexp_processor-4.15.1.gemspec.rz +0 -0
- data/spec/data/ssl/binary/chef-rspec-der.cert +0 -0
- data/spec/data/ssl/binary/chef-rspec-der.key +0 -0
- data/spec/functional/resource/dnf_package_spec.rb +319 -16
- data/spec/functional/resource/ohai_spec.rb +2 -10
- data/spec/functional/resource/windows_certificate_spec.rb +204 -384
- data/spec/spec_helper.rb +1 -1
- data/spec/unit/compliance/runner_spec.rb +60 -7
- data/spec/unit/http/ssl_policies_spec.rb +106 -78
- data/spec/unit/knife/bootstrap_spec.rb +5 -17
- data/spec/unit/knife/core/status_presenter_spec.rb +54 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +0 -7
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
- data/spec/unit/provider/package/rubygems_spec.rb +39 -7
- data/spec/unit/resource/user/windows_user_spec.rb +36 -0
- metadata +32 -14
- data/spec/data/trusted_certs_empty/.gitkeep +0 -0
- data/spec/data/trusted_certs_empty/README.md +0 -1
- data/spec/scripts/ssl-serve.rb +0 -47
data/spec/spec_helper.rb
CHANGED
@@ -87,7 +87,7 @@ Dir["spec/support/**/*.rb"]
|
|
87
87
|
.each { |f| require f }
|
88
88
|
|
89
89
|
OHAI_SYSTEM = Ohai::System.new
|
90
|
-
OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell"])
|
90
|
+
OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell", "uptime"])
|
91
91
|
|
92
92
|
test_node = Chef::Node.new
|
93
93
|
test_node.automatic["os"] = (OHAI_SYSTEM["os"] || "unknown_os").dup.freeze
|
@@ -8,41 +8,39 @@ describe Chef::Compliance::Runner do
|
|
8
8
|
described_class.new.tap do |r|
|
9
9
|
r.node = node
|
10
10
|
r.run_id = "my_run_id"
|
11
|
-
r.recipes = []
|
12
11
|
end
|
13
12
|
end
|
14
13
|
|
15
14
|
describe "#enabled?" do
|
15
|
+
|
16
16
|
it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
|
17
17
|
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
18
|
-
runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
19
18
|
|
20
19
|
expect(runner).to be_enabled
|
21
20
|
end
|
22
21
|
|
23
22
|
it "is false if the node attributes have audit profiles and the audit cookbook is present" do
|
23
|
+
stub_const("::Reporter::ChefAutomate", true)
|
24
24
|
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
|
25
|
-
runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
|
26
25
|
|
27
26
|
expect(runner).not_to be_enabled
|
28
27
|
end
|
29
28
|
|
30
29
|
it "is false if the node attributes do not have audit profiles and the audit cookbook is not present" do
|
31
30
|
node.normal["audit"]["profiles"] = {}
|
32
|
-
runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
33
31
|
|
34
32
|
expect(runner).not_to be_enabled
|
35
33
|
end
|
36
34
|
|
37
35
|
it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
|
38
|
-
|
39
|
-
|
36
|
+
stub_const("::Reporter::ChefAutomate", true)
|
37
|
+
node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
|
40
38
|
|
41
39
|
expect(runner).not_to be_enabled
|
42
40
|
end
|
43
41
|
|
44
42
|
it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
|
45
|
-
|
43
|
+
node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
|
46
44
|
expect(runner).not_to be_enabled
|
47
45
|
end
|
48
46
|
end
|
@@ -110,4 +108,59 @@ describe Chef::Compliance::Runner do
|
|
110
108
|
runner.warn_for_deprecated_config_values!
|
111
109
|
end
|
112
110
|
end
|
111
|
+
|
112
|
+
describe "#reporter" do
|
113
|
+
context "chef-server-automate reporter" do
|
114
|
+
it "uses the correct URL when 'server' attribute is set" do
|
115
|
+
Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org"
|
116
|
+
node.normal["audit"]["server"] = "https://server_attribute_url.example.com/application/sub_application"
|
117
|
+
|
118
|
+
reporter = runner.reporter("chef-server-automate")
|
119
|
+
|
120
|
+
expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate)
|
121
|
+
expect(reporter.url).to eq(URI("https://server_attribute_url.example.com/application/sub_application/organizations/my_org/data-collector"))
|
122
|
+
end
|
123
|
+
|
124
|
+
it "falls back to chef_server_url for URL when 'server' attribute is not set" do
|
125
|
+
Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org"
|
126
|
+
|
127
|
+
reporter = runner.reporter("chef-server-automate")
|
128
|
+
|
129
|
+
expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate)
|
130
|
+
expect(reporter.url).to eq(URI("https://chef_config_url.example.com/organizations/my_org/data-collector"))
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
it "fails with unexpected reporter value" do
|
135
|
+
expect { runner.reporter("tacos") }.to raise_error(/'tacos' is not a supported reporter for Compliance Phase/)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
describe "#inspec_opts" do
|
140
|
+
it "does not include chef_node in inputs by default" do
|
141
|
+
node.normal["audit"]["attributes"] = {
|
142
|
+
"tacos" => "lunch",
|
143
|
+
"nachos" => "dinner",
|
144
|
+
}
|
145
|
+
|
146
|
+
inputs = runner.inspec_opts[:inputs]
|
147
|
+
|
148
|
+
expect(inputs["tacos"]).to eq("lunch")
|
149
|
+
expect(inputs.key?("chef_node")).to eq(false)
|
150
|
+
end
|
151
|
+
|
152
|
+
it "includes chef_node in inputs with chef_node_attribute_enabled set" do
|
153
|
+
node.normal["audit"]["chef_node_attribute_enabled"] = true
|
154
|
+
node.normal["audit"]["attributes"] = {
|
155
|
+
"tacos" => "lunch",
|
156
|
+
"nachos" => "dinner",
|
157
|
+
}
|
158
|
+
|
159
|
+
inputs = runner.inspec_opts[:inputs]
|
160
|
+
|
161
|
+
expect(inputs["tacos"]).to eq("lunch")
|
162
|
+
expect(inputs["chef_node"]["audit"]["reporter"]).to eq("json-file")
|
163
|
+
expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
|
164
|
+
end
|
165
|
+
end
|
113
166
|
end
|
@@ -29,91 +29,83 @@ describe "HTTP SSL Policy" do
|
|
29
29
|
ENV["SSL_CERT_FILE"] = nil
|
30
30
|
end
|
31
31
|
|
32
|
-
let(:unconfigured_http_client) { Net::HTTP.new("example.com", 443) }
|
33
32
|
let(:http_client) do
|
34
|
-
|
35
|
-
ssl_policy.apply
|
36
|
-
unconfigured_http_client
|
33
|
+
ssl_policy_class.apply_to(Net::HTTP.new("example.com"))
|
37
34
|
end
|
38
35
|
|
39
36
|
describe Chef::HTTP::DefaultSSLPolicy do
|
40
37
|
|
41
|
-
let(:
|
38
|
+
let(:ssl_policy_class) { Chef::HTTP::DefaultSSLPolicy }
|
42
39
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
it "configures the HTTP client to use SSL when given a URL with the https protocol" do
|
49
|
-
expect(http_client.use_ssl?).to be_truthy
|
50
|
-
end
|
51
|
-
|
52
|
-
it "sets the OpenSSL verify mode to verify_peer" do
|
53
|
-
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
54
|
-
end
|
55
|
-
|
56
|
-
it "raises a ConfigurationError if :ssl_ca_path is set to a path that doesn't exist" do
|
57
|
-
Chef::Config[:ssl_ca_path] = "/dev/null/nothing_here"
|
58
|
-
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
59
|
-
end
|
40
|
+
it "raises a ConfigurationError if :ssl_ca_path is set to a path that doesn't exist" do
|
41
|
+
Chef::Config[:ssl_ca_path] = "/dev/null/nothing_here"
|
42
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
43
|
+
end
|
60
44
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
45
|
+
it "should set the CA path if that is set in the configuration" do
|
46
|
+
Chef::Config[:ssl_ca_path] = File.join(CHEF_SPEC_DATA, "ssl")
|
47
|
+
expect(http_client.ca_path).to eq(File.join(CHEF_SPEC_DATA, "ssl"))
|
48
|
+
end
|
65
49
|
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
50
|
+
it "raises a ConfigurationError if :ssl_ca_file is set to a file that does not exist" do
|
51
|
+
Chef::Config[:ssl_ca_file] = "/dev/null/nothing_here"
|
52
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
53
|
+
end
|
70
54
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
55
|
+
it "should set the CA file if that is set in the configuration" do
|
56
|
+
Chef::Config[:ssl_ca_file] = CHEF_SPEC_DATA + "/ssl/5e707473.0"
|
57
|
+
expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/ssl/5e707473.0")
|
58
|
+
end
|
75
59
|
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
60
|
+
it "should set the custom CA file if SSL_CERT_FILE environment variable is set" do
|
61
|
+
ENV["SSL_CERT_FILE"] = CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem"
|
62
|
+
expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem")
|
63
|
+
end
|
80
64
|
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
end
|
65
|
+
it "raises a ConfigurationError if SSL_CERT_FILE environment variable is set to a file that does not exist" do
|
66
|
+
ENV["SSL_CERT_FILE"] = "/dev/null/nothing_here"
|
67
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
85
68
|
end
|
86
69
|
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
end
|
70
|
+
it "sets the OpenSSL verify mode to verify_peer when configured with :ssl_verify_mode set to :verify_peer" do
|
71
|
+
Chef::Config[:ssl_verify_mode] = :verify_peer
|
72
|
+
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
73
|
+
end
|
92
74
|
|
93
|
-
|
94
|
-
|
95
|
-
|
75
|
+
it "sets the OpenSSL verify mode to :verify_none when configured with :ssl_verify_mode set to :verify_none" do
|
76
|
+
Chef::Config[:ssl_verify_mode] = :verify_none
|
77
|
+
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
|
96
78
|
end
|
97
79
|
|
98
80
|
describe "when configured with a client certificate" do
|
99
|
-
before { @url = URI.parse("https://chef.example.com:4443/") }
|
100
|
-
|
101
81
|
it "raises ConfigurationError if the certificate file doesn't exist" do
|
102
82
|
Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
|
103
83
|
Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
|
104
|
-
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
84
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_cert .* does not exist/)
|
105
85
|
end
|
106
86
|
|
107
|
-
it "raises ConfigurationError if the
|
87
|
+
it "raises ConfigurationError if the private key file doesn't exist" do
|
108
88
|
Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
|
109
89
|
Chef::Config[:ssl_client_key] = "/dev/null/nothing_here"
|
110
|
-
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
90
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_key .* does not exist/)
|
111
91
|
end
|
112
92
|
|
113
93
|
it "raises a ConfigurationError if one of :ssl_client_cert and :ssl_client_key is set but not both" do
|
114
94
|
Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
|
115
95
|
Chef::Config[:ssl_client_key] = nil
|
116
|
-
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
|
96
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /configure ssl_client_cert and ssl_client_key together/)
|
97
|
+
end
|
98
|
+
|
99
|
+
it "raises a ConfigurationError with a bad cert file" do
|
100
|
+
Chef::Config[:ssl_client_cert] = __FILE__
|
101
|
+
Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
|
102
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file '#{__FILE__}'/)
|
103
|
+
end
|
104
|
+
|
105
|
+
it "raises a ConfigurationError with a bad key file" do
|
106
|
+
Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
|
107
|
+
Chef::Config[:ssl_client_key] = __FILE__
|
108
|
+
expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading key file '#{__FILE__}'/)
|
117
109
|
end
|
118
110
|
|
119
111
|
it "configures the HTTP client's cert and private key" do
|
@@ -122,20 +114,31 @@ describe "HTTP SSL Policy" do
|
|
122
114
|
expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
|
123
115
|
expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
|
124
116
|
end
|
125
|
-
end
|
126
117
|
|
127
|
-
|
128
|
-
|
129
|
-
|
118
|
+
it "configures the HTTP client's cert and private key with a DER encoded cert" do
|
119
|
+
Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.cert"
|
120
|
+
Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
|
121
|
+
expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
|
122
|
+
expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
|
123
|
+
end
|
130
124
|
|
131
|
-
|
132
|
-
|
125
|
+
it "configures the HTTP client's cert and private key with a DER encoded key" do
|
126
|
+
Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
|
127
|
+
Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.key"
|
128
|
+
expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
|
129
|
+
expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
|
130
|
+
end
|
131
|
+
end
|
133
132
|
|
133
|
+
context "when additional certs are located in the trusted_certs dir" do
|
134
134
|
before do
|
135
135
|
Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "trusted_certs")
|
136
136
|
end
|
137
137
|
|
138
138
|
it "enables verification of self-signed certificates" do
|
139
|
+
path = File.join(CHEF_SPEC_DATA, "trusted_certs", "example.crt")
|
140
|
+
self_signed_crt = OpenSSL::X509::Certificate.new(File.binread(path))
|
141
|
+
|
139
142
|
expect(http_client.cert_store.verify(self_signed_crt)).to be_truthy
|
140
143
|
end
|
141
144
|
|
@@ -148,39 +151,64 @@ describe "HTTP SSL Policy" do
|
|
148
151
|
# If the machine running the test doesn't have ruby SSL configured correctly,
|
149
152
|
# then the root cert also has to be loaded for the test to succeed.
|
150
153
|
# The system under test **SHOULD** do both of these things.
|
154
|
+
path = File.join(CHEF_SPEC_DATA, "trusted_certs", "opscode.pem")
|
155
|
+
additional_pem = OpenSSL::X509::Certificate.new(File.binread(path))
|
156
|
+
|
151
157
|
expect(http_client.cert_store.verify(additional_pem)).to be_truthy
|
152
158
|
end
|
153
159
|
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
+
it "skips duplicate certs" do
|
161
|
+
# For whatever reason, OpenSSL errors out when adding a
|
162
|
+
# cert you already have to the certificate store.
|
163
|
+
ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
|
164
|
+
ssl_policy.set_custom_certs
|
165
|
+
ssl_policy.set_custom_certs # should not raise an error
|
166
|
+
end
|
167
|
+
|
168
|
+
it "raises ConfigurationError with a bad cert file in the trusted_certs dir" do
|
169
|
+
ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
|
170
|
+
|
171
|
+
Dir.mktmpdir do |dir|
|
172
|
+
bad_cert_file = File.join(dir, "bad_cert_file.crt")
|
173
|
+
File.write(bad_cert_file, File.read(__FILE__))
|
174
|
+
|
175
|
+
Chef::Config.trusted_certs_dir = dir
|
176
|
+
expect { ssl_policy.set_custom_certs }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file/)
|
160
177
|
end
|
161
178
|
end
|
179
|
+
|
180
|
+
it "works with binary certs" do
|
181
|
+
Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "ssl", "binary")
|
182
|
+
|
183
|
+
ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
|
184
|
+
ssl_policy.set_custom_certs
|
185
|
+
end
|
162
186
|
end
|
163
187
|
end
|
164
188
|
|
165
189
|
describe Chef::HTTP::APISSLPolicy do
|
166
190
|
|
167
|
-
let(:
|
191
|
+
let(:ssl_policy_class) { Chef::HTTP::APISSLPolicy }
|
168
192
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
193
|
+
it "sets the OpenSSL verify mode to verify_peer when configured with :ssl_verify_mode set to :verify_peer" do
|
194
|
+
Chef::Config[:ssl_verify_mode] = :verify_peer
|
195
|
+
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
196
|
+
end
|
173
197
|
|
174
|
-
|
175
|
-
|
176
|
-
|
198
|
+
it "sets the OpenSSL verify mode to :verify_none when configured with :ssl_verify_mode set to :verify_none" do
|
199
|
+
Chef::Config[:ssl_verify_mode] = :verify_none
|
200
|
+
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
|
177
201
|
end
|
178
202
|
|
203
|
+
it "sets the OpenSSL verify mode to verify_peer when verify_api_cert is set" do
|
204
|
+
Chef::Config[:verify_api_cert] = true
|
205
|
+
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
206
|
+
end
|
179
207
|
end
|
180
208
|
|
181
209
|
describe Chef::HTTP::VerifyPeerSSLPolicy do
|
182
210
|
|
183
|
-
let(:
|
211
|
+
let(:ssl_policy_class) { Chef::HTTP::VerifyPeerSSLPolicy }
|
184
212
|
|
185
213
|
it "sets the OpenSSL verify mode to verify_peer" do
|
186
214
|
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
@@ -190,7 +218,7 @@ describe "HTTP SSL Policy" do
|
|
190
218
|
|
191
219
|
describe Chef::HTTP::VerifyNoneSSLPolicy do
|
192
220
|
|
193
|
-
let(:
|
221
|
+
let(:ssl_policy_class) { Chef::HTTP::VerifyNoneSSLPolicy }
|
194
222
|
|
195
223
|
it "sets the OpenSSL verify mode to verify_peer" do
|
196
224
|
expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
|
@@ -472,21 +472,13 @@ describe Chef::Knife::Bootstrap do
|
|
472
472
|
end
|
473
473
|
|
474
474
|
describe "when transferring trusted certificates" do
|
475
|
-
let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs")) }
|
476
|
-
|
477
475
|
let(:rendered_template) do
|
478
476
|
knife.merge_configs
|
479
477
|
knife.render_template
|
480
478
|
end
|
481
479
|
|
482
480
|
before do
|
483
|
-
Chef::Config[:trusted_certs_dir] =
|
484
|
-
allow(IO).to receive(:read).and_call_original
|
485
|
-
allow(IO).to receive(:read).with(File.expand_path(Chef::Config[:validation_key])).and_return("")
|
486
|
-
end
|
487
|
-
|
488
|
-
def certificates
|
489
|
-
Dir[File.join(trusted_certs_dir, "*.{crt,pem}")]
|
481
|
+
Chef::Config[:trusted_certs_dir] = Chef::Util::PathHelper.cleanpath(File.join(CHEF_SPEC_DATA, "trusted_certs"))
|
490
482
|
end
|
491
483
|
|
492
484
|
it "creates /etc/chef/trusted_certs" do
|
@@ -494,27 +486,23 @@ describe Chef::Knife::Bootstrap do
|
|
494
486
|
end
|
495
487
|
|
496
488
|
it "copies the certificates in the directory" do
|
497
|
-
certificates.
|
498
|
-
expect(IO).to receive(:read).with(File.expand_path(cert))
|
499
|
-
end
|
489
|
+
certificates = Dir[File.join(Chef::Config[:trusted_certs_dir], "*.{crt,pem}")]
|
500
490
|
|
501
491
|
certificates.each do |cert|
|
502
492
|
expect(rendered_template).to match(%r{cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'})
|
503
493
|
end
|
504
494
|
end
|
505
495
|
|
506
|
-
|
507
|
-
|
508
|
-
|
496
|
+
it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
|
497
|
+
Dir.mktmpdir do |dir|
|
498
|
+
Chef::Config[:trusted_certs_dir] = dir
|
509
499
|
expect(rendered_template).not_to match(%r{mkdir -p /etc/chef/trusted_certs})
|
510
500
|
end
|
511
501
|
end
|
512
|
-
|
513
502
|
end
|
514
503
|
|
515
504
|
context "when doing fips things" do
|
516
505
|
let(:template_file) { File.expand_path(File.join(CHEF_SPEC_DATA, "bootstrap", "no_proxy.erb")) }
|
517
|
-
let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs")) }
|
518
506
|
|
519
507
|
before do
|
520
508
|
Chef::Config[:knife][:bootstrap_template] = template_file
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
2
|
+
# License:: Apache License, Version 2.0
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
|
17
|
+
require "spec_helper"
|
18
|
+
|
19
|
+
describe Chef::Knife::Core::StatusPresenter do
|
20
|
+
describe "#summarize_json" do
|
21
|
+
let(:presenter) { Chef::Knife::Core::StatusPresenter.new(double(:ui), double(:config, :[] => "")) }
|
22
|
+
|
23
|
+
let(:node) do
|
24
|
+
Chef::Node.new.tap do |n|
|
25
|
+
n.automatic_attrs["name"] = "my_node"
|
26
|
+
n.automatic_attrs["ipaddress"] = "127.0.0.1"
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
let(:result) { JSON.parse(presenter.summarize_json([node])).first }
|
31
|
+
|
32
|
+
it "uses the first of public_ipv4_addrs when present" do
|
33
|
+
node.automatic_attrs["cloud"] = { "public_ipv4_addrs" => ["2.2.2.2"] }
|
34
|
+
|
35
|
+
expect(result["ip"]).to eq("2.2.2.2")
|
36
|
+
end
|
37
|
+
|
38
|
+
it "falls back to ipaddress when public_ipv4_addrs is empty" do
|
39
|
+
node.automatic_attrs["cloud"] = { "public_ipv4_addrs" => [] }
|
40
|
+
|
41
|
+
expect(result["ip"]).to eq("127.0.0.1")
|
42
|
+
end
|
43
|
+
|
44
|
+
it "falls back to ipaddress when cloud attributes are empty" do
|
45
|
+
node.automatic_attrs["cloud"] = {}
|
46
|
+
|
47
|
+
expect(result["ip"]).to eq("127.0.0.1")
|
48
|
+
end
|
49
|
+
|
50
|
+
it "falls back to ipaddress when cloud attributes is not present" do
|
51
|
+
expect(result["ip"]).to eq("127.0.0.1")
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|