chef 16.8.9-universal-mingw32 → 16.9.29-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (65) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -4
  3. data/README.md +1 -1
  4. data/chef.gemspec +11 -2
  5. data/lib/chef/compliance/default_attributes.rb +5 -1
  6. data/lib/chef/compliance/fetcher/automate.rb +2 -2
  7. data/lib/chef/compliance/fetcher/chef_server.rb +2 -2
  8. data/lib/chef/compliance/reporter/automate.rb +1 -2
  9. data/lib/chef/compliance/reporter/chef_server_automate.rb +4 -2
  10. data/lib/chef/compliance/runner.rb +53 -39
  11. data/lib/chef/http/ssl_policies.rb +27 -14
  12. data/lib/chef/knife/core/formatting_options.rb +49 -0
  13. data/lib/chef/knife/core/node_presenter.rb +0 -25
  14. data/lib/chef/knife/core/status_presenter.rb +1 -26
  15. data/lib/chef/knife/core/windows_bootstrap_context.rb +1 -1
  16. data/lib/chef/knife/node_show.rb +2 -1
  17. data/lib/chef/knife/search.rb +2 -1
  18. data/lib/chef/knife/ssh.rb +2 -0
  19. data/lib/chef/knife/status.rb +8 -11
  20. data/lib/chef/policy_builder/policyfile.rb +1 -1
  21. data/lib/chef/provider/package.rb +53 -19
  22. data/lib/chef/provider/package/dnf.rb +39 -12
  23. data/lib/chef/provider/package/dnf/dnf_helper.py +18 -5
  24. data/lib/chef/provider/package/dnf/python_helper.rb +6 -6
  25. data/lib/chef/provider/package/freebsd/pkgng.rb +3 -1
  26. data/lib/chef/provider/yum_repository.rb +2 -2
  27. data/lib/chef/resource/chef_gem.rb +2 -2
  28. data/lib/chef/resource/cron/cron_d.rb +1 -0
  29. data/lib/chef/resource/file.rb +1 -1
  30. data/lib/chef/resource/gem_package.rb +2 -2
  31. data/lib/chef/resource/homebrew_cask.rb +3 -3
  32. data/lib/chef/resource/http_request.rb +1 -1
  33. data/lib/chef/resource/locale.rb +1 -1
  34. data/lib/chef/resource/mdadm.rb +2 -2
  35. data/lib/chef/resource/osx_profile.rb +7 -7
  36. data/lib/chef/resource/remote_directory.rb +1 -1
  37. data/lib/chef/resource/ruby.rb +1 -5
  38. data/lib/chef/resource/ruby_block.rb +1 -1
  39. data/lib/chef/resource/user/windows_user.rb +5 -0
  40. data/lib/chef/resource/windows_certificate.rb +2 -12
  41. data/lib/chef/resource/yum_repository.rb +5 -0
  42. data/lib/chef/shell.rb +32 -1
  43. data/lib/chef/version.rb +1 -1
  44. data/spec/data/rubygems.org/latest_specs.4.8.gz +0 -0
  45. data/spec/data/rubygems.org/nonexistent_gem +0 -0
  46. data/spec/data/rubygems.org/sexp_processor +0 -0
  47. data/spec/data/rubygems.org/sexp_processor-4.15.1.gemspec.rz +0 -0
  48. data/spec/data/ssl/binary/chef-rspec-der.cert +0 -0
  49. data/spec/data/ssl/binary/chef-rspec-der.key +0 -0
  50. data/spec/functional/resource/dnf_package_spec.rb +319 -16
  51. data/spec/functional/resource/ohai_spec.rb +2 -10
  52. data/spec/functional/resource/windows_certificate_spec.rb +204 -384
  53. data/spec/spec_helper.rb +1 -1
  54. data/spec/unit/compliance/runner_spec.rb +60 -7
  55. data/spec/unit/http/ssl_policies_spec.rb +106 -78
  56. data/spec/unit/knife/bootstrap_spec.rb +5 -17
  57. data/spec/unit/knife/core/status_presenter_spec.rb +54 -0
  58. data/spec/unit/mixin/openssl_helper_spec.rb +0 -7
  59. data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
  60. data/spec/unit/provider/package/rubygems_spec.rb +39 -7
  61. data/spec/unit/resource/user/windows_user_spec.rb +36 -0
  62. metadata +32 -14
  63. data/spec/data/trusted_certs_empty/.gitkeep +0 -0
  64. data/spec/data/trusted_certs_empty/README.md +0 -1
  65. data/spec/scripts/ssl-serve.rb +0 -47
@@ -87,7 +87,7 @@ Dir["spec/support/**/*.rb"]
87
87
  .each { |f| require f }
88
88
 
89
89
  OHAI_SYSTEM = Ohai::System.new
90
- OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell"])
90
+ OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell", "uptime"])
91
91
 
92
92
  test_node = Chef::Node.new
93
93
  test_node.automatic["os"] = (OHAI_SYSTEM["os"] || "unknown_os").dup.freeze
@@ -8,41 +8,39 @@ describe Chef::Compliance::Runner do
8
8
  described_class.new.tap do |r|
9
9
  r.node = node
10
10
  r.run_id = "my_run_id"
11
- r.recipes = []
12
11
  end
13
12
  end
14
13
 
15
14
  describe "#enabled?" do
15
+
16
16
  it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
17
17
  node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
18
- runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
19
18
 
20
19
  expect(runner).to be_enabled
21
20
  end
22
21
 
23
22
  it "is false if the node attributes have audit profiles and the audit cookbook is present" do
23
+ stub_const("::Reporter::ChefAutomate", true)
24
24
  node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
25
- runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
26
25
 
27
26
  expect(runner).not_to be_enabled
28
27
  end
29
28
 
30
29
  it "is false if the node attributes do not have audit profiles and the audit cookbook is not present" do
31
30
  node.normal["audit"]["profiles"] = {}
32
- runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
33
31
 
34
32
  expect(runner).not_to be_enabled
35
33
  end
36
34
 
37
35
  it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
38
- node.normal["audit"]["profiles"] = {}
39
- runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
36
+ stub_const("::Reporter::ChefAutomate", true)
37
+ node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
40
38
 
41
39
  expect(runner).not_to be_enabled
42
40
  end
43
41
 
44
42
  it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
45
- runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
43
+ node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
46
44
  expect(runner).not_to be_enabled
47
45
  end
48
46
  end
@@ -110,4 +108,59 @@ describe Chef::Compliance::Runner do
110
108
  runner.warn_for_deprecated_config_values!
111
109
  end
112
110
  end
111
+
112
+ describe "#reporter" do
113
+ context "chef-server-automate reporter" do
114
+ it "uses the correct URL when 'server' attribute is set" do
115
+ Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org"
116
+ node.normal["audit"]["server"] = "https://server_attribute_url.example.com/application/sub_application"
117
+
118
+ reporter = runner.reporter("chef-server-automate")
119
+
120
+ expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate)
121
+ expect(reporter.url).to eq(URI("https://server_attribute_url.example.com/application/sub_application/organizations/my_org/data-collector"))
122
+ end
123
+
124
+ it "falls back to chef_server_url for URL when 'server' attribute is not set" do
125
+ Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org"
126
+
127
+ reporter = runner.reporter("chef-server-automate")
128
+
129
+ expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate)
130
+ expect(reporter.url).to eq(URI("https://chef_config_url.example.com/organizations/my_org/data-collector"))
131
+ end
132
+ end
133
+
134
+ it "fails with unexpected reporter value" do
135
+ expect { runner.reporter("tacos") }.to raise_error(/'tacos' is not a supported reporter for Compliance Phase/)
136
+ end
137
+ end
138
+
139
+ describe "#inspec_opts" do
140
+ it "does not include chef_node in inputs by default" do
141
+ node.normal["audit"]["attributes"] = {
142
+ "tacos" => "lunch",
143
+ "nachos" => "dinner",
144
+ }
145
+
146
+ inputs = runner.inspec_opts[:inputs]
147
+
148
+ expect(inputs["tacos"]).to eq("lunch")
149
+ expect(inputs.key?("chef_node")).to eq(false)
150
+ end
151
+
152
+ it "includes chef_node in inputs with chef_node_attribute_enabled set" do
153
+ node.normal["audit"]["chef_node_attribute_enabled"] = true
154
+ node.normal["audit"]["attributes"] = {
155
+ "tacos" => "lunch",
156
+ "nachos" => "dinner",
157
+ }
158
+
159
+ inputs = runner.inspec_opts[:inputs]
160
+
161
+ expect(inputs["tacos"]).to eq("lunch")
162
+ expect(inputs["chef_node"]["audit"]["reporter"]).to eq("json-file")
163
+ expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
164
+ end
165
+ end
113
166
  end
@@ -29,91 +29,83 @@ describe "HTTP SSL Policy" do
29
29
  ENV["SSL_CERT_FILE"] = nil
30
30
  end
31
31
 
32
- let(:unconfigured_http_client) { Net::HTTP.new("example.com", 443) }
33
32
  let(:http_client) do
34
- unconfigured_http_client.use_ssl = true
35
- ssl_policy.apply
36
- unconfigured_http_client
33
+ ssl_policy_class.apply_to(Net::HTTP.new("example.com"))
37
34
  end
38
35
 
39
36
  describe Chef::HTTP::DefaultSSLPolicy do
40
37
 
41
- let(:ssl_policy) { Chef::HTTP::DefaultSSLPolicy.new(unconfigured_http_client) }
38
+ let(:ssl_policy_class) { Chef::HTTP::DefaultSSLPolicy }
42
39
 
43
- describe "when configured with :ssl_verify_mode set to :verify peer" do
44
- before do
45
- Chef::Config[:ssl_verify_mode] = :verify_peer
46
- end
47
-
48
- it "configures the HTTP client to use SSL when given a URL with the https protocol" do
49
- expect(http_client.use_ssl?).to be_truthy
50
- end
51
-
52
- it "sets the OpenSSL verify mode to verify_peer" do
53
- expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
54
- end
55
-
56
- it "raises a ConfigurationError if :ssl_ca_path is set to a path that doesn't exist" do
57
- Chef::Config[:ssl_ca_path] = "/dev/null/nothing_here"
58
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
59
- end
40
+ it "raises a ConfigurationError if :ssl_ca_path is set to a path that doesn't exist" do
41
+ Chef::Config[:ssl_ca_path] = "/dev/null/nothing_here"
42
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
43
+ end
60
44
 
61
- it "should set the CA path if that is set in the configuration" do
62
- Chef::Config[:ssl_ca_path] = File.join(CHEF_SPEC_DATA, "ssl")
63
- expect(http_client.ca_path).to eq(File.join(CHEF_SPEC_DATA, "ssl"))
64
- end
45
+ it "should set the CA path if that is set in the configuration" do
46
+ Chef::Config[:ssl_ca_path] = File.join(CHEF_SPEC_DATA, "ssl")
47
+ expect(http_client.ca_path).to eq(File.join(CHEF_SPEC_DATA, "ssl"))
48
+ end
65
49
 
66
- it "raises a ConfigurationError if :ssl_ca_file is set to a file that does not exist" do
67
- Chef::Config[:ssl_ca_file] = "/dev/null/nothing_here"
68
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
69
- end
50
+ it "raises a ConfigurationError if :ssl_ca_file is set to a file that does not exist" do
51
+ Chef::Config[:ssl_ca_file] = "/dev/null/nothing_here"
52
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
53
+ end
70
54
 
71
- it "should set the CA file if that is set in the configuration" do
72
- Chef::Config[:ssl_ca_file] = CHEF_SPEC_DATA + "/ssl/5e707473.0"
73
- expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/ssl/5e707473.0")
74
- end
55
+ it "should set the CA file if that is set in the configuration" do
56
+ Chef::Config[:ssl_ca_file] = CHEF_SPEC_DATA + "/ssl/5e707473.0"
57
+ expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/ssl/5e707473.0")
58
+ end
75
59
 
76
- it "should set the custom CA file if SSL_CERT_FILE environment variable is set" do
77
- ENV["SSL_CERT_FILE"] = CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem"
78
- expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem")
79
- end
60
+ it "should set the custom CA file if SSL_CERT_FILE environment variable is set" do
61
+ ENV["SSL_CERT_FILE"] = CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem"
62
+ expect(http_client.ca_file).to eq(CHEF_SPEC_DATA + "/trusted_certs/intermediate.pem")
63
+ end
80
64
 
81
- it "raises a ConfigurationError if SSL_CERT_FILE environment variable is set to a file that does not exist" do
82
- ENV["SSL_CERT_FILE"] = "/dev/null/nothing_here"
83
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
84
- end
65
+ it "raises a ConfigurationError if SSL_CERT_FILE environment variable is set to a file that does not exist" do
66
+ ENV["SSL_CERT_FILE"] = "/dev/null/nothing_here"
67
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
85
68
  end
86
69
 
87
- describe "when configured with :ssl_verify_mode set to :verify peer" do
88
- before do
89
- @url = URI.parse("https://chef.example.com:4443/")
90
- Chef::Config[:ssl_verify_mode] = :verify_none
91
- end
70
+ it "sets the OpenSSL verify mode to verify_peer when configured with :ssl_verify_mode set to :verify_peer" do
71
+ Chef::Config[:ssl_verify_mode] = :verify_peer
72
+ expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
73
+ end
92
74
 
93
- it "sets the OpenSSL verify mode to :verify_none" do
94
- expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
95
- end
75
+ it "sets the OpenSSL verify mode to :verify_none when configured with :ssl_verify_mode set to :verify_none" do
76
+ Chef::Config[:ssl_verify_mode] = :verify_none
77
+ expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
96
78
  end
97
79
 
98
80
  describe "when configured with a client certificate" do
99
- before { @url = URI.parse("https://chef.example.com:4443/") }
100
-
101
81
  it "raises ConfigurationError if the certificate file doesn't exist" do
102
82
  Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
103
83
  Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
104
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
84
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_cert .* does not exist/)
105
85
  end
106
86
 
107
- it "raises ConfigurationError if the certificate file doesn't exist" do
87
+ it "raises ConfigurationError if the private key file doesn't exist" do
108
88
  Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
109
89
  Chef::Config[:ssl_client_key] = "/dev/null/nothing_here"
110
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
90
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_key .* does not exist/)
111
91
  end
112
92
 
113
93
  it "raises a ConfigurationError if one of :ssl_client_cert and :ssl_client_key is set but not both" do
114
94
  Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
115
95
  Chef::Config[:ssl_client_key] = nil
116
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
96
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /configure ssl_client_cert and ssl_client_key together/)
97
+ end
98
+
99
+ it "raises a ConfigurationError with a bad cert file" do
100
+ Chef::Config[:ssl_client_cert] = __FILE__
101
+ Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
102
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file '#{__FILE__}'/)
103
+ end
104
+
105
+ it "raises a ConfigurationError with a bad key file" do
106
+ Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
107
+ Chef::Config[:ssl_client_key] = __FILE__
108
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading key file '#{__FILE__}'/)
117
109
  end
118
110
 
119
111
  it "configures the HTTP client's cert and private key" do
@@ -122,20 +114,31 @@ describe "HTTP SSL Policy" do
122
114
  expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
123
115
  expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
124
116
  end
125
- end
126
117
 
127
- context "when additional certs are located in the trusted_certs dir" do
128
- let(:self_signed_crt_path) { File.join(CHEF_SPEC_DATA, "trusted_certs", "example.crt") }
129
- let(:self_signed_crt) { OpenSSL::X509::Certificate.new(File.read(self_signed_crt_path)) }
118
+ it "configures the HTTP client's cert and private key with a DER encoded cert" do
119
+ Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.cert"
120
+ Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
121
+ expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
122
+ expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
123
+ end
130
124
 
131
- let(:additional_pem_path) { File.join(CHEF_SPEC_DATA, "trusted_certs", "opscode.pem") }
132
- let(:additional_pem) { OpenSSL::X509::Certificate.new(File.read(additional_pem_path)) }
125
+ it "configures the HTTP client's cert and private key with a DER encoded key" do
126
+ Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
127
+ Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.key"
128
+ expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
129
+ expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
130
+ end
131
+ end
133
132
 
133
+ context "when additional certs are located in the trusted_certs dir" do
134
134
  before do
135
135
  Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "trusted_certs")
136
136
  end
137
137
 
138
138
  it "enables verification of self-signed certificates" do
139
+ path = File.join(CHEF_SPEC_DATA, "trusted_certs", "example.crt")
140
+ self_signed_crt = OpenSSL::X509::Certificate.new(File.binread(path))
141
+
139
142
  expect(http_client.cert_store.verify(self_signed_crt)).to be_truthy
140
143
  end
141
144
 
@@ -148,39 +151,64 @@ describe "HTTP SSL Policy" do
148
151
  # If the machine running the test doesn't have ruby SSL configured correctly,
149
152
  # then the root cert also has to be loaded for the test to succeed.
150
153
  # The system under test **SHOULD** do both of these things.
154
+ path = File.join(CHEF_SPEC_DATA, "trusted_certs", "opscode.pem")
155
+ additional_pem = OpenSSL::X509::Certificate.new(File.binread(path))
156
+
151
157
  expect(http_client.cert_store.verify(additional_pem)).to be_truthy
152
158
  end
153
159
 
154
- context "and some certs are duplicates" do
155
- it "skips duplicate certs" do
156
- # For whatever reason, OpenSSL errors out when adding a
157
- # cert you already have to the certificate store.
158
- ssl_policy.set_custom_certs
159
- ssl_policy.set_custom_certs # should not raise an error
160
+ it "skips duplicate certs" do
161
+ # For whatever reason, OpenSSL errors out when adding a
162
+ # cert you already have to the certificate store.
163
+ ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
164
+ ssl_policy.set_custom_certs
165
+ ssl_policy.set_custom_certs # should not raise an error
166
+ end
167
+
168
+ it "raises ConfigurationError with a bad cert file in the trusted_certs dir" do
169
+ ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
170
+
171
+ Dir.mktmpdir do |dir|
172
+ bad_cert_file = File.join(dir, "bad_cert_file.crt")
173
+ File.write(bad_cert_file, File.read(__FILE__))
174
+
175
+ Chef::Config.trusted_certs_dir = dir
176
+ expect { ssl_policy.set_custom_certs }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file/)
160
177
  end
161
178
  end
179
+
180
+ it "works with binary certs" do
181
+ Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "ssl", "binary")
182
+
183
+ ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
184
+ ssl_policy.set_custom_certs
185
+ end
162
186
  end
163
187
  end
164
188
 
165
189
  describe Chef::HTTP::APISSLPolicy do
166
190
 
167
- let(:ssl_policy) { Chef::HTTP::APISSLPolicy.new(unconfigured_http_client) }
191
+ let(:ssl_policy_class) { Chef::HTTP::APISSLPolicy }
168
192
 
169
- context "when verify_api_cert is set" do
170
- before do
171
- Chef::Config[:verify_api_cert] = true
172
- end
193
+ it "sets the OpenSSL verify mode to verify_peer when configured with :ssl_verify_mode set to :verify_peer" do
194
+ Chef::Config[:ssl_verify_mode] = :verify_peer
195
+ expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
196
+ end
173
197
 
174
- it "sets the OpenSSL verify mode to verify_peer" do
175
- expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
176
- end
198
+ it "sets the OpenSSL verify mode to :verify_none when configured with :ssl_verify_mode set to :verify_none" do
199
+ Chef::Config[:ssl_verify_mode] = :verify_none
200
+ expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
177
201
  end
178
202
 
203
+ it "sets the OpenSSL verify mode to verify_peer when verify_api_cert is set" do
204
+ Chef::Config[:verify_api_cert] = true
205
+ expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
206
+ end
179
207
  end
180
208
 
181
209
  describe Chef::HTTP::VerifyPeerSSLPolicy do
182
210
 
183
- let(:ssl_policy) { Chef::HTTP::VerifyPeerSSLPolicy.new(unconfigured_http_client) }
211
+ let(:ssl_policy_class) { Chef::HTTP::VerifyPeerSSLPolicy }
184
212
 
185
213
  it "sets the OpenSSL verify mode to verify_peer" do
186
214
  expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
@@ -190,7 +218,7 @@ describe "HTTP SSL Policy" do
190
218
 
191
219
  describe Chef::HTTP::VerifyNoneSSLPolicy do
192
220
 
193
- let(:ssl_policy) { Chef::HTTP::VerifyNoneSSLPolicy.new(unconfigured_http_client) }
221
+ let(:ssl_policy_class) { Chef::HTTP::VerifyNoneSSLPolicy }
194
222
 
195
223
  it "sets the OpenSSL verify mode to verify_peer" do
196
224
  expect(http_client.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
@@ -472,21 +472,13 @@ describe Chef::Knife::Bootstrap do
472
472
  end
473
473
 
474
474
  describe "when transferring trusted certificates" do
475
- let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs")) }
476
-
477
475
  let(:rendered_template) do
478
476
  knife.merge_configs
479
477
  knife.render_template
480
478
  end
481
479
 
482
480
  before do
483
- Chef::Config[:trusted_certs_dir] = trusted_certs_dir
484
- allow(IO).to receive(:read).and_call_original
485
- allow(IO).to receive(:read).with(File.expand_path(Chef::Config[:validation_key])).and_return("")
486
- end
487
-
488
- def certificates
489
- Dir[File.join(trusted_certs_dir, "*.{crt,pem}")]
481
+ Chef::Config[:trusted_certs_dir] = Chef::Util::PathHelper.cleanpath(File.join(CHEF_SPEC_DATA, "trusted_certs"))
490
482
  end
491
483
 
492
484
  it "creates /etc/chef/trusted_certs" do
@@ -494,27 +486,23 @@ describe Chef::Knife::Bootstrap do
494
486
  end
495
487
 
496
488
  it "copies the certificates in the directory" do
497
- certificates.each do |cert|
498
- expect(IO).to receive(:read).with(File.expand_path(cert))
499
- end
489
+ certificates = Dir[File.join(Chef::Config[:trusted_certs_dir], "*.{crt,pem}")]
500
490
 
501
491
  certificates.each do |cert|
502
492
  expect(rendered_template).to match(%r{cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'})
503
493
  end
504
494
  end
505
495
 
506
- context "when :trusted_cets_dir is empty" do
507
- let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs_empty")) }
508
- it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
496
+ it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
497
+ Dir.mktmpdir do |dir|
498
+ Chef::Config[:trusted_certs_dir] = dir
509
499
  expect(rendered_template).not_to match(%r{mkdir -p /etc/chef/trusted_certs})
510
500
  end
511
501
  end
512
-
513
502
  end
514
503
 
515
504
  context "when doing fips things" do
516
505
  let(:template_file) { File.expand_path(File.join(CHEF_SPEC_DATA, "bootstrap", "no_proxy.erb")) }
517
- let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(__dir__, "../../data/trusted_certs")) }
518
506
 
519
507
  before do
520
508
  Chef::Config[:knife][:bootstrap_template] = template_file
@@ -0,0 +1,54 @@
1
+ # Copyright:: Copyright (c) Chef Software Inc.
2
+ # License:: Apache License, Version 2.0
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+ #
16
+
17
+ require "spec_helper"
18
+
19
+ describe Chef::Knife::Core::StatusPresenter do
20
+ describe "#summarize_json" do
21
+ let(:presenter) { Chef::Knife::Core::StatusPresenter.new(double(:ui), double(:config, :[] => "")) }
22
+
23
+ let(:node) do
24
+ Chef::Node.new.tap do |n|
25
+ n.automatic_attrs["name"] = "my_node"
26
+ n.automatic_attrs["ipaddress"] = "127.0.0.1"
27
+ end
28
+ end
29
+
30
+ let(:result) { JSON.parse(presenter.summarize_json([node])).first }
31
+
32
+ it "uses the first of public_ipv4_addrs when present" do
33
+ node.automatic_attrs["cloud"] = { "public_ipv4_addrs" => ["2.2.2.2"] }
34
+
35
+ expect(result["ip"]).to eq("2.2.2.2")
36
+ end
37
+
38
+ it "falls back to ipaddress when public_ipv4_addrs is empty" do
39
+ node.automatic_attrs["cloud"] = { "public_ipv4_addrs" => [] }
40
+
41
+ expect(result["ip"]).to eq("127.0.0.1")
42
+ end
43
+
44
+ it "falls back to ipaddress when cloud attributes are empty" do
45
+ node.automatic_attrs["cloud"] = {}
46
+
47
+ expect(result["ip"]).to eq("127.0.0.1")
48
+ end
49
+
50
+ it "falls back to ipaddress when cloud attributes is not present" do
51
+ expect(result["ip"]).to eq("127.0.0.1")
52
+ end
53
+ end
54
+ end