chef 16.9.17-universal-mingw32 → 16.10.17-universal-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b05a4ae8661d19b5b08acd79c6a46b5fcffcad56804fa0767302ab6d0e938f85
-  data.tar.gz: 499bbad69cddee18a6a252550d8aa1a17e6f1a7d35033cf85a30cb78f61b8930
+  metadata.gz: 3d0782dad85cb7b76c159476d2e0f0187270cd9d1a08916a7ec1c9ea7ab60b42
+  data.tar.gz: 7f5545a34ba6fda007be0b7085ef819eaf3f686f4d4e1c151bd463db1c14b7ee
 SHA512:
-  metadata.gz: e0721739c59a5c3b539901b3c972f98161bf158f65940cbda1d32ead29340e397cb795e2b81a8be1952bae47171c597fbf8a41f31551dc7397e2ad5610704646
-  data.tar.gz: ddad3d5be284a73469295d250659957c03123f37a7c731c417af94ec3747678d72457971c8c73097610ed0813eeec8c3c9932ab8270b3abd1bd5beba2259cf0b
+  metadata.gz: 2ce9dffee18c6eb75c2db3efead108314581c42b0b4c9b212b08982bf328071ad67342312e201db3cb6b569ceb5a6d9bdf76d40d9c220ed121b6bdb331da121a
+  data.tar.gz: 802529997941fdbe9bcfbd508a5af9f93915274bb6510945aca3067e84f961c404b12a1624d2ab7f0ead11bee745cdaecc49e6bee4ccb6112a569702e09f3e5c

data/Gemfile

@@ -1,5 +1,8 @@
 source "https://rubygems.org"
 
+# pin until issues with Windows builds in 1.14.2 are resolved
+gem "ffi", "=1.13.1"
+
 # Note we do not use the gemspec DSL which restricts to the
 # gemspec for the current platform and filters out other platforms
 # during a bundle lock operation. We actually want dependencies from

data/chef-universal-mingw32.gemspec

@@ -14,7 +14,7 @@ gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
 gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
 gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
-gemspec.add_dependency "win32-certstore", "~> 0.3"
+gemspec.add_dependency "win32-certstore", "~> 0.5" # 0.5+ required for specifying user vs. system store
 gemspec.extensions << "ext/win32-eventlog/Rakefile"
 gemspec.files += Dir.glob("{distro,ext}/**/*")
 

data/chef.gemspec

@@ -1,4 +1,13 @@
 $:.unshift(File.dirname(__FILE__) + "/lib")
+vs_path = File.expand_path("chef-utils/lib/chef-utils/version_string.rb", __dir__)
+
+if File.exist?(vs_path)
+  # this is the moral equivalent of a require_relative since bundler makes require_relative here fail hard
+  eval(IO.read(vs_path))
+else
+  # if the path doesn't exist then we're just in the wild gem and not in the git repo
+  require "chef-utils/version_string"
+end
 require "chef/version"
 
 Gem::Specification.new do |s|
@@ -51,7 +60,7 @@ Gem::Specification.new do |s|
   s.add_dependency "iniparse", "~> 1.4"
   s.add_dependency "addressable"
   s.add_dependency "syslog-logger", "~> 1.6"
-  s.add_dependency "uuidtools", "~> 2.1.5"
+  s.add_dependency "uuidtools", ">= 2.1.5", "< 3.0"
 
   s.add_dependency "proxifier", "~> 1.0"
 

data/lib/chef/compliance/fetcher/automate.rb

@@ -32,12 +32,12 @@ class Chef
             profile_fetch_url = target[:url]
           else
             # verifies that the target e.g base/ssh exists
-            base_path = "/compliance/profiles/#{uri.host}#{uri.path}"
-
+            profile = sanitize_profile_name(uri)
+            owner, id = profile.split("/")
             profile_path = if target.respond_to?(:key?) && target.key?(:version)
-                             "#{base_path}/version/#{target[:version]}/tar"
+                             "/compliance/profiles/#{owner}/#{id}/version/#{target[:version]}/tar"
                            else
-                             "#{base_path}/tar"
+                             "/compliance/profiles/#{owner}/#{id}/tar"
                            end
 
             url = URI(Chef::Config[:data_collector][:server_url])
@@ -60,6 +60,17 @@ class Chef
           nil
         end
 
+        # returns a parsed url for `admin/profile` or `compliance://admin/profile`
+        # TODO: remove in future, copied from inspec to support older versions of inspec
+        def self.sanitize_profile_name(profile)
+          uri = if URI(profile).scheme == "compliance"
+                  URI(profile)
+                else
+                  URI("compliance://#{profile}")
+                end
+          uri.to_s.sub(%r{^compliance:\/\/}, "")
+        end
+
         def to_s
           "#{ChefUtils::Dist::Automate::PRODUCT} for #{ChefUtils::Dist::Solo::PRODUCT} Fetcher"
         end

data/lib/chef/compliance/runner.rb

@@ -11,15 +11,17 @@ class Chef
     class Runner < EventDispatch::Base
       extend Forwardable
 
-      attr_accessor :run_id, :recipes
+      attr_accessor :run_id
       attr_reader :node
       def_delegators :node, :logger
 
       def enabled?
-        audit_cookbook_present = recipes.include?("audit::default")
+        # Did we parse the libraries file from the audit cookbook?  This class dates back to when Chef Automate was
+        # renamed from Chef Visibility in 2017, so should capture all modern versions of the audit cookbook.
+        audit_cookbook_present = defined?(::Reporter::ChefAutomate)
 
-        logger.info("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}")
-        logger.info("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
+        logger.debug("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}")
+        logger.debug("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
 
         inspec_profiles.any? && !audit_cookbook_present
       end
@@ -37,10 +39,6 @@ class Chef
         self.run_id = run_status.run_id
       end
 
-      def run_list_expanded(run_list_expansion)
-        self.recipes = run_list_expansion.recipes
-      end
-
       def run_completed(_node, _run_status)
         return unless enabled?
 

data/lib/chef/dsl/reboot_pending.rb

@@ -47,7 +47,7 @@ class Chef
             registry_key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending')
         elsif platform?("ubuntu")
           # This should work for Debian as well if update-notifier-common happens to be installed. We need an API for that.
-          File.exists?("/var/run/reboot-required")
+          File.exist?("/var/run/reboot-required")
         else
           false
         end

data/lib/chef/file_access_control/windows.rb

@@ -33,7 +33,7 @@ class Chef
       module ClassMethods
         # We want to mix these in as class methods
         def writable?(path)
-          ::File.exists?(path) && Chef::ReservedNames::Win32::File.file_access_check(
+          ::File.exist?(path) && Chef::ReservedNames::Win32::File.file_access_check(
             path, Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE
           )
         end
@@ -136,7 +136,7 @@ class Chef
       end
 
       def should_update_dacl?
-        return true unless ::File.exists?(file) || ::File.symlink?(file)
+        return true unless ::File.exist?(file) || ::File.symlink?(file)
 
         dacl = target_dacl
         existing_dacl = existing_descriptor.dacl
@@ -170,7 +170,7 @@ class Chef
       end
 
       def should_update_group?
-        return true unless ::File.exists?(file) || ::File.symlink?(file)
+        return true unless ::File.exist?(file) || ::File.symlink?(file)
 
         (group = target_group) && (group != existing_descriptor.group)
       end
@@ -190,7 +190,7 @@ class Chef
       end
 
       def should_update_owner?
-        return true unless ::File.exists?(file) || ::File.symlink?(file)
+        return true unless ::File.exist?(file) || ::File.symlink?(file)
 
         (owner = target_owner) && (owner != existing_descriptor.owner)
       end

data/lib/chef/file_cache.rb

@@ -79,7 +79,7 @@ class Chef
 
         file_path_array = File.split(path)
         file_name = file_path_array.pop
-        if File.exists?(file) && File.writable?(file)
+        if File.exist?(file) && File.writable?(file)
           FileUtils.mv(
             file,
             File.join(create_cache_path(File.join(file_path_array), true), file_name)
@@ -112,7 +112,7 @@ class Chef
           }
         )
         cache_path = create_cache_path(path, false)
-        raise Chef::Exceptions::FileNotFound, "Cannot find #{cache_path} for #{path}!" unless File.exists?(cache_path)
+        raise Chef::Exceptions::FileNotFound, "Cannot find #{cache_path} for #{path}!" unless File.exist?(cache_path)
 
         if read
           File.read(cache_path)
@@ -139,7 +139,7 @@ class Chef
           }
         )
         cache_path = create_cache_path(path, false)
-        if File.exists?(cache_path)
+        if File.exist?(cache_path)
           File.unlink(cache_path)
         end
         true
@@ -186,7 +186,7 @@ class Chef
           }
         )
         full_path = create_cache_path(path, false)
-        if File.exists?(full_path)
+        if File.exist?(full_path)
           true
         else
           false

data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb

@@ -66,7 +66,7 @@ class Chef
 
           @snippet ||= begin
             if (file = parse_source) && (line = parse_line(file))
-              return nil unless ::File.exists?(file)
+              return nil unless ::File.exist?(file)
 
               lines = IO.readlines(file)
 

data/lib/chef/handler/json_file.rb

@@ -51,7 +51,7 @@ class Chef
       end
 
       def build_report_dir
-        unless File.exists?(config[:path])
+        unless File.exist?(config[:path])
           FileUtils.mkdir_p(config[:path])
           File.chmod(00700, config[:path])
         end

data/lib/chef/knife/bootstrap.rb

@@ -217,6 +217,16 @@ class Chef
         description: "Execute the bootstrap via sudo with password.",
         boolean: false
 
+      # runtime - su user
+      option :su_user,
+        long: "--su-user NAME",
+        description: "The su - USER name to perform bootstrap command using a non-root user."
+
+      # runtime - su user password
+      option :su_password,
+        long: "--su-password PASSWORD",
+        description: "The su USER password for authentication."
+
       # runtime - client_builder
       option :chef_node_name,
         short: "-N NAME",
@@ -591,13 +601,31 @@ class Chef
       def perform_bootstrap(remote_bootstrap_script_path)
         ui.info("Bootstrapping #{ui.color(server_name, :bold)}")
         cmd = bootstrap_command(remote_bootstrap_script_path)
-        r = connection.run_command(cmd) do |data|
+        bootstrap_run_command(cmd)
+      end
+
+      # Actual bootstrap command to be run on the node.
+      # Handles recursive calls if su USER failed to authenticate.
+      def bootstrap_run_command(cmd)
+        r = connection.run_command(cmd) do |data, channel|
           ui.msg("#{ui.color(" [#{connection.hostname}]", :cyan)} #{data}")
+          channel.send_data("#{config[:su_password] || config[:connection_password]}\n") if data.match?("Password:")
         end
+
         if r.exit_status != 0
           ui.error("The following error occurred on #{server_name}:")
-          ui.error(r.stderr)
-          exit 1
+          ui.error("#{r.stdout} #{r.stderr}".strip)
+          exit(r.exit_status)
+        end
+      rescue Train::UserError => e
+        limit ||= 0
+        if e.reason == :bad_su_user_password && limit < 3
+          limit += 1
+          ui.warn("Failed to authenticate su - #{config[:su_user]} to #{server_name}")
+          config[:su_password] = ui.ask("Enter password for su - #{config[:su_user]}@#{server_name}:", echo: false)
+          retry
+        else
+          raise
         end
       end
 
@@ -1082,7 +1110,17 @@ class Chef
         if connection.windows?
           "cmd.exe /C #{remote_path}"
         else
-          "sh #{remote_path}"
+          cmd = "sh #{remote_path}"
+
+          if config[:su_user]
+            # su - USER is subject to required an interactive console
+            # Otherwise, it will raise: su: must be run from a terminal
+            set_transport_options(pty: true)
+            cmd = "su - #{config[:su_user]} -c '#{cmd}'"
+            cmd = "sudo " << cmd if config[:use_sudo]
+          end
+
+          cmd
         end
       end
 
@@ -1137,6 +1175,18 @@ class Chef
 
         timeout.to_i
       end
+
+      # Train::Transports::SSH::Connection#transport_options
+      # Append the options to connection transport_options
+      #
+      # @param opts [Hash] the opts to be added to connection transport_options.
+      # @return [Hash] transport_options if the opts contains any option to be set.
+      #
+      def set_transport_options(opts)
+        return unless opts.is_a?(Hash) || !opts.empty?
+
+        connection&.connection&.transport_options&.merge! opts
+      end
     end
   end
 end

data/lib/chef/provider/mount/mount.rb

@@ -203,7 +203,7 @@ class Chef
             end
           end
           # Removed "/" from the end of str, because it was causing idempotency issue.
-          @real_device == "/" ? @real_device : @real_device.chomp("/")
+          (@real_device == "/" || @real_device.match?(":/$")) ? @real_device : @real_device.chomp("/")
         end
 
         def device_logstring

data/lib/chef/provider/package.rb

@@ -446,8 +446,8 @@ class Chef
                   # requested new_resource.version constraints
                   logger.trace("#{new_resource} has no existing installed version. Installing install #{candidate_version}")
                   target_version_array.push(candidate_version)
-                elsif version_equals?(current_version, new_version)
-                  # this is a short-circuit to avoid needing to (expensively) query the candidate_version which must come later
+                elsif !use_magic_version? && version_equals?(current_version, new_version)
+                  # this is a short-circuit (mostly for the rubygems provider) to avoid needing to expensively query the candidate_version which must come later
                   logger.trace("#{new_resource} #{package_name} #{new_version} is already installed")
                   target_version_array.push(nil)
                 elsif candidate_version.nil?

data/lib/chef/provider/package/dnf/dnf_helper.py

@@ -64,7 +64,7 @@ def version_tuple(versionstr):
         tmp = versionstr[colon_index + 1:dash_index]
         if tmp != '':
             v = tmp
-        arch_index = versionstr.find('.', dash_index)
+        arch_index = versionstr.rfind('.', dash_index)
         if arch_index > 0:
             r = versionstr[dash_index + 1:arch_index]
         else:

data/lib/chef/provider/package/freebsd/pkgng.rb

@@ -42,7 +42,9 @@ class Chef
           end
 
           def current_installed_version
-            pkg_info = shell_out!("pkg", "info", new_resource.package_name, env: nil, returns: [0, 70])
+            # pkgng up to version 1.15.99.7 returns 70 for pkg not found,
+            # later versions return 1
+            pkg_info = shell_out!("pkg", "info", new_resource.package_name, env: nil, returns: [0, 1, 70])
             pkg_info.stdout[/^Version +: (.+)$/, 1]
           end
 

data/lib/chef/resource.rb

@@ -1062,6 +1062,7 @@ class Chef
     # action for the resource.
     #
     # @param name [Symbol] The action name to define.
+    # @param description [String] optional description for the action
     # @param recipe_block The recipe to run when the action is taken. This block
     #   takes no parameters, and will be evaluated in a new context containing:
     #
@@ -1071,14 +1072,37 @@ class Chef
     #
     # @return The Action class implementing the action
     #
-    def self.action(action, &recipe_block)
+    def self.action(action, description: nil, &recipe_block)
       action = action.to_sym
       declare_action_class
       action_class.action(action, &recipe_block)
       self.allowed_actions += [ action ]
+      # Accept any non-nil description, which will correctly override
+      # any specific inherited description.
+      action_descriptions[action] = description unless description.nil?
       default_action action if Array(default_action) == [:nothing]
     end
 
+    # Retrieve the description for a resource's action, if
+    # any description has been included in the definition.
+    #
+    # @param action [Symbol,String] the action name
+    # @return the description of the action provided, or nil if no description
+    # was defined
+    def self.action_description(action)
+      action_descriptions[action.to_sym]
+    end
+
+    # @api private
+    #
+    # @return existing action description hash, or newly-initialized
+    # hash containing action descriptions inherited from parent Resource,
+    # if any.
+    def self.action_descriptions
+      @action_descriptions ||=
+        superclass.respond_to?(:action_descriptions) ? superclass.action_descriptions.dup : { nothing: nil }
+    end
+
     # Define a method to load up this resource's properties with the current
     # actual values.
     #
@@ -1196,9 +1220,9 @@ class Chef
     #
 
     # FORBIDDEN_IVARS do not show up when the resource is converted to JSON (ie. hidden from data_collector and sending to the chef server via #to_json/to_h/as_json/inspect)
-    FORBIDDEN_IVARS = %i{@run_context @logger @not_if @only_if @enclosing_provider @description @introduced @examples @validation_message @deprecated @default_description @skip_docs @executed_by_runner}.freeze
+    FORBIDDEN_IVARS = %i{@run_context @logger @not_if @only_if @enclosing_provider @description @introduced @examples @validation_message @deprecated @default_description @skip_docs @executed_by_runner @action_descriptions}.freeze
     # HIDDEN_IVARS do not show up when the resource is displayed to the user as text (ie. in the error inspector output via #to_text)
-    HIDDEN_IVARS = %i{@allowed_actions @resource_name @source_line @run_context @logger @name @not_if @only_if @elapsed_time @enclosing_provider @description @introduced @examples @validation_message @deprecated @default_description @skip_docs @executed_by_runner}.freeze
+    HIDDEN_IVARS = %i{@allowed_actions @resource_name @source_line @run_context @logger @name @not_if @only_if @elapsed_time @enclosing_provider @description @introduced @examples @validation_message @deprecated @default_description @skip_docs @executed_by_runner @action_descriptions}.freeze
 
     include Chef::Mixin::ConvertToClassName
     extend Chef::Mixin::ConvertToClassName

data/lib/chef/resource/windows_certificate.rb

@@ -76,7 +76,7 @@ class Chef
         default: "MY", equal_to: ["TRUSTEDPUBLISHER", "TrustedPublisher", "CLIENTAUTHISSUER", "REMOTE DESKTOP", "ROOT", "TRUSTEDDEVICES", "WEBHOSTING", "CA", "AUTHROOT", "TRUSTEDPEOPLE", "MY", "SMARTCARDROOT", "TRUST", "DISALLOWED"]
 
       property :user_store, [TrueClass, FalseClass],
-        description: "Use the user store of the local machine store if set to false.",
+        description: "Use the `CurrentUser` store instead of the default `LocalMachine` store. Note: Prior to #{ChefUtils::Dist::Infra::CLIENT}. 16.10 this property was ignored.",
         default: false
 
       property :cert_path, String,
@@ -119,7 +119,7 @@ class Chef
         code_script << acl_script(hash)
         guard_script << cert_exists_script(hash)
 
-        powershell_script "setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}" do
+        powershell_script "setting the acls on #{new_resource.source} in #{ps_cert_location}\\#{new_resource.store_name}" do
           convert_boolean_return true
           code code_script
           only_if guard_script
@@ -161,25 +161,47 @@ class Chef
       end
 
       action_class do
+
+        CERT_SYSTEM_STORE_LOCAL_MACHINE                    = 0x00020000
+        CERT_SYSTEM_STORE_CURRENT_USER                     = 0x00010000
+
         def add_cert(cert_obj)
-          store = ::Win32::Certstore.open(new_resource.store_name)
+          store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
           store.add(cert_obj)
         end
 
         def add_pfx_cert
           exportable = new_resource.exportable ? 1 : 0
-          store = ::Win32::Certstore.open(new_resource.store_name)
+          store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
           store.add_pfx(new_resource.source, new_resource.pfx_password, exportable)
         end
 
         def delete_cert
-          store = ::Win32::Certstore.open(new_resource.store_name)
-          store.delete(new_resource.source)
+          store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
+          store.delete(resolve_thumbprint(new_resource.source))
         end
 
         def fetch_cert
-          store = ::Win32::Certstore.open(new_resource.store_name)
-          store.get(new_resource.source)
+          store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
+          store.get(resolve_thumbprint(new_resource.source))
+        end
+
+        # Thumbprints should be exactly 40 Hex characters
+        def valid_thumbprint?(string)
+          string.scan(/\H/).empty? && string.length == 40
+        end
+
+        def get_thumbprint(store_name, location, source)
+          <<-GETTHUMBPRINTCODE
+            $content = Get-ChildItem  -Path Cert:\\#{location}\\#{store_name} | Where-Object {$_.Subject -Match "#{source}"} | Select-Object Thumbprint
+            $content.thumbprint
+          GETTHUMBPRINTCODE
+        end
+
+        def resolve_thumbprint(thumbprint)
+          return thumbprint if valid_thumbprint?(thumbprint)
+
+          powershell_exec!(get_thumbprint(new_resource.store_name, ps_cert_location, new_resource.source)).result
         end
 
         # Checks whether a certificate with the given thumbprint
@@ -187,9 +209,11 @@ class Chef
         # If the certificate is not present, verify_cert returns a String: "Certificate not found"
         # But if it is present but expired, it returns a Boolean: false
         # Otherwise, it returns a Boolean: true
+        # updated this method to accept either a subject name or a thumbprint - 1/29/2021
+
         def verify_cert(thumbprint = new_resource.source)
-          store = ::Win32::Certstore.open(new_resource.store_name)
-          store.valid?(thumbprint)
+          store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
+          store.valid?(resolve_thumbprint(thumbprint))
         end
 
         def show_or_store_cert(cert_obj)
@@ -230,13 +254,19 @@ class Chef
           out_file.close
         end
 
-        def cert_location
-          @location ||= new_resource.user_store ? "CurrentUser" : "LocalMachine"
+        # this array structure is solving 2 problems. The first is that we need to have support for both the CurrentUser AND LocalMachine stores
+        # Secondly, we need to pass the proper constant name for each store to win32-certstore but also pass the short name to powershell scripts used here
+        def ps_cert_location
+          new_resource.user_store ? "CurrentUser" : "LocalMachine"
+        end
+
+        def native_cert_location
+          new_resource.user_store ? CERT_SYSTEM_STORE_CURRENT_USER : CERT_SYSTEM_STORE_LOCAL_MACHINE
         end
 
         def cert_script(persist)
           cert_script = "$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2"
-          file = Chef::Util::PathHelper.cleanpath(new_resource.source)
+          file = Chef::Util::PathHelper.cleanpath(new_resource.source, ps_cert_location)
           cert_script << " \"#{file}\""
           if ::File.extname(file.downcase) == ".pfx"
             cert_script << ", \"#{new_resource.pfx_password}\""
@@ -252,14 +282,14 @@ class Chef
         def cert_exists_script(hash)
           <<-EOH
   $hash = #{hash}
-  Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash"
+  Test-Path "Cert:\\#{ps_cert_location}\\#{new_resource.store_name}\\$hash"
           EOH
         end
 
         def within_store_script
           inner_script = yield "$store"
           <<-EOH
-  $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location})
+  $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{ps_cert_location})
   $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
   #{inner_script}
   $store.Close()
@@ -273,7 +303,7 @@ class Chef
           # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx
           set_acl_script = <<-EOH
   $hash = #{hash}
-  $storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash"
+  $storeCert = Get-ChildItem "cert:\\#{ps_cert_location}\\#{new_resource.store_name}\\$hash"
   if ($storeCert -eq $null) { throw 'no key exists.' }
   $keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
   if ($keyname -eq $null) { throw 'no private key exists.' }
@@ -340,7 +370,7 @@ class Chef
             if verify_cert(thumbprint) == true
               Chef::Log.debug("Certificate is already present")
             else
-              converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do
+              converge_by("Adding certificate #{new_resource.source} into #{ps_cert_location} Store #{new_resource.store_name}") do
                 if is_pfx
                   add_pfx_cert
                 else

data/lib/chef/resource_inspector.rb

@@ -41,7 +41,11 @@ class Chef
       data[:description] = resource.description
       # data[:deprecated] = resource.deprecated || false
       data[:default_action] = resource.default_action
-      data[:actions] = resource.allowed_actions
+      data[:actions] = {}
+      resource.allowed_actions.each do |action|
+        data[:actions][action] = resource.action_description(action)
+      end
+
       data[:examples] = resource.examples
       data[:introduced] = resource.introduced
       data[:preview] = resource.preview_resource

data/lib/chef/shell.rb

@@ -25,6 +25,7 @@ require "pp" unless defined?(PP)
 require "etc" unless defined?(Etc)
 require "mixlib/cli" unless defined?(Mixlib::CLI)
 require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+require "chef-config/mixin/dot_d"
 
 require_relative "../chef"
 require_relative "version"
@@ -211,6 +212,7 @@ module Shell
 
   class Options
     include Mixlib::CLI
+    include ChefConfig::Mixin::DotD
 
     def self.footer(text = nil)
       @footer = text if text
@@ -341,15 +343,44 @@ module Shell
       # We have to nuke ARGV to make sure irb's option parser never sees it.
       # otherwise, IRB complains about command line switches it doesn't recognize.
       ARGV.clear
+
+      # This code should not exist.
+      # We should be using Application::Client and then calling load_config_file
+      # which does all this properly. However this will do for now.
       config[:config_file] = config_file_for_shell_mode(environment)
       config_msg = config[:config_file] || "none (standalone session)"
       puts "loading configuration: #{config_msg}"
-      Chef::Config.from_file(config[:config_file]) if !config[:config_file].nil? && File.exist?(config[:config_file]) && File.readable?(config[:config_file])
+
+      # load the config (if we have one)
+      unless config[:config_file].nil?
+        if File.exist?(config[:config_file]) && File.readable?(config[:config_file])
+          Chef::Config.from_file(config[:config_file])
+        end
+
+        # even if we couldn't load that, we need to tell Chef::Config what
+        # the file was so it sets conf dir and d_dir and such properly
+        Chef::Config[:config_file] = config[:config_file]
+
+        # now attempt to load any relevant dot-dirs
+        load_dot_d(Chef::Config[:client_d_dir]) if Chef::Config[:client_d_dir]
+      end
+
+      # finally merge command-line options in
       Chef::Config.merge!(config)
     end
 
     private
 
+    # shamelessly lifted from application.rb
+    def apply_config(config_content, config_file_path)
+      Chef::Config.from_string(config_content, config_file_path)
+    rescue Exception => error
+      logger.fatal("Configuration error #{error.class}: #{error.message}")
+      filtered_trace = error.backtrace.grep(/#{Regexp.escape(config_file_path)}/)
+      filtered_trace.each { |line| logger.fatal("  " + line ) }
+      raise Chef::Exceptions::ConfigurationError.new("Aborting due to error in '#{config_file_path}': #{error}")
+    end
+
     def config_file_for_shell_mode(environment)
       dot_chef_dir = Chef::Util::PathHelper.home(".chef")
       if config[:config_file]

data/lib/chef/util/dsc/configuration_generator.rb

@@ -105,7 +105,7 @@ class Chef::Util::DSC
     #   The name may not be null or empty, and should start with a letter.
     def validate_configuration_name!(configuration_name)
       if !!(configuration_name =~ /\A[A-Za-z]+[_a-zA-Z0-9]*\Z/) == false
-        raise ArgumentError, 'Configuration `#{configuration_name}` is not a valid PowerShell cmdlet name'
+        raise ArgumentError, "Configuration `#{configuration_name}` is not a valid PowerShell cmdlet name"
       end
     end
 

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("16.9.17")
+  VERSION = Chef::VersionString.new("16.10.17")
 end
 
 #

data/lib/chef/version_string.rb

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "chef-utils/version_string"
+require "chef-utils/version_string" unless defined?(ChefUtils::VersionString)
 
 class Chef
   VersionString = ChefUtils::VersionString

data/spec/functional/resource/ohai_spec.rb

@@ -19,10 +19,6 @@
 require "spec_helper"
 
 describe Chef::Resource::Ohai do
-  let(:ohai) do
-    OHAI_SYSTEM
-  end
-
   let(:node) { Chef::Node.new }
 
   let(:run_context) do
@@ -34,13 +30,9 @@ describe Chef::Resource::Ohai do
 
   shared_examples_for "reloaded :uptime" do
     it "should reload :uptime" do
-      initial_uptime = ohai[:uptime]
-
-      # Sleep for a second so the uptime gets updated.
-      sleep 1
-
+      expect(node[:uptime_seconds]).to be nil
       ohai_resource.run_action(:reload)
-      expect(node[:uptime]).not_to eq(initial_uptime)
+      expect(Integer(node[:uptime_seconds])).to be_an(Integer)
     end
   end
 

data/spec/integration/recipes/resource_action_spec.rb

@@ -223,6 +223,10 @@ module ResourceActionSpec
           ActionJackson.succeeded = ActionJackson.ruby_block_converged
         end
 
+        action :test1, description: "Original description" do
+          true
+        end
+
         def foo_public
           "foo_public!"
         end
@@ -293,7 +297,12 @@ module ResourceActionSpec
             ActionJackalope.jackalope_ran = :access_attribute
             ActionJackalope.succeeded = ActionJackson.succeeded
           end
+
+          action :test1, description: "An old action with a new description" do
+            super
+          end
         end
+
         before do
           ActionJackalope.jackalope_ran = nil
           ActionJackalope.load_current_resource_ran = nil
@@ -344,6 +353,11 @@ module ResourceActionSpec
           expect(ActionJackalope.succeeded).to eq "foo!alope blarghle! bar!alope"
         end
 
+        it "allows overridden action to have a description separate from the action defined in the base resource" do
+          expect(ActionJackson.action_description(:test1)).to eql "Original description"
+          expect(ActionJackalope.action_description(:test1)).to eql "An old action with a new description"
+        end
+
         it "non-overridden actions run and can access overridden and non-overridden variables (but not necessarily new ones)" do
           converge do
             action_jackalope "hi" do

data/spec/spec_helper.rb

@@ -87,7 +87,7 @@ Dir["spec/support/**/*.rb"]
   .each { |f| require f }
 
 OHAI_SYSTEM = Ohai::System.new
-OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell"])
+OHAI_SYSTEM.all_plugins(["platform", "hostname", "languages/powershell", "uptime"])
 
 test_node = Chef::Node.new
 test_node.automatic["os"] = (OHAI_SYSTEM["os"] || "unknown_os").dup.freeze

data/spec/unit/compliance/fetcher/automate_spec.rb

@@ -21,6 +21,14 @@ describe Chef::Compliance::Fetcher::Automate do
         expect(res.target).to eq(expected)
       end
 
+      it "should resolve a compliance URL with a @ in the namespace" do
+        res = Chef::Compliance::Fetcher::Automate.resolve("compliance://name@space/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/name@space/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
       it "raises an exception with no data collector token" do
         Chef::Config[:data_collector].delete(:token)
 

data/spec/unit/compliance/runner_spec.rb

@@ -8,41 +8,39 @@ describe Chef::Compliance::Runner do
     described_class.new.tap do |r|
       r.node = node
       r.run_id = "my_run_id"
-      r.recipes = []
     end
   end
 
   describe "#enabled?" do
+
     it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
       node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
-      runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).to be_enabled
     end
 
     it "is false if the node attributes have audit profiles and the audit cookbook is present" do
+      stub_const("::Reporter::ChefAutomate", true)
       node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
-      runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).not_to be_enabled
     end
 
     it "is false if the node attributes do not have audit profiles and the audit cookbook is not present" do
       node.normal["audit"]["profiles"] = {}
-      runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).not_to be_enabled
     end
 
     it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
-      node.normal["audit"]["profiles"] = {}
-      runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
+      stub_const("::Reporter::ChefAutomate", true)
+      node.automatic["recipes"] = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
 
       expect(runner).not_to be_enabled
     end
 
     it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
-      runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
+      node.automatic["recipes"] = %w{ fancy_cookbook::fanciness tacobell::nachos }
       expect(runner).not_to be_enabled
     end
   end

data/spec/unit/dsl/reboot_pending_spec.rb

@@ -57,12 +57,12 @@ describe Chef::DSL::RebootPending do
         end
 
         it "should return true if /var/run/reboot-required exists" do
-          allow(File).to receive(:exists?).with("/var/run/reboot-required").and_return(true)
+          allow(File).to receive(:exist?).with("/var/run/reboot-required").and_return(true)
           expect(recipe.reboot_pending?).to be_truthy
         end
 
         it "should return false if /var/run/reboot-required does not exist" do
-          allow(File).to receive(:exists?).with("/var/run/reboot-required").and_return(false)
+          allow(File).to receive(:exist?).with("/var/run/reboot-required").and_return(false)
           expect(recipe.reboot_pending?).to be_falsey
         end
       end

data/spec/unit/formatters/error_inspectors/resource_failure_inspector_spec.rb

@@ -115,7 +115,7 @@ describe Chef::Formatters::ErrorInspectors::ResourceFailureInspector do
         # fake code to run through #recipe_snippet
         source_file = [ "if true", "var = non_existent", "end" ]
         allow(IO).to receive(:readlines).and_return(source_file)
-        allow(File).to receive(:exists?).and_return(true)
+        allow(File).to receive(:exist?).and_return(true)
       end
 
       it "parses a Windows path" do
@@ -141,7 +141,7 @@ describe Chef::Formatters::ErrorInspectors::ResourceFailureInspector do
 
       context "when the recipe file does not exist" do
         before do
-          allow(File).to receive(:exists?).and_return(false)
+          allow(File).to receive(:exist?).and_return(false)
           allow(IO).to receive(:readlines).and_raise(Errno::ENOENT)
         end
 

data/spec/unit/knife/bootstrap_spec.rb

@@ -1726,7 +1726,8 @@ describe Chef::Knife::Bootstrap do
 
   describe "#perform_bootstrap" do
     let(:exit_status) { 0 }
-    let(:result_mock) { double("result", exit_status: exit_status, stderr: "A message") }
+    let(:stdout) { "" }
+    let(:result_mock) { double("result", exit_status: exit_status, stderr: "A message", stdout: stdout) }
 
     before do
       allow(connection).to receive(:hostname).and_return "testhost"
@@ -1739,12 +1740,13 @@ describe Chef::Knife::Bootstrap do
       expect(connection)
         .to receive(:run_command)
         .with("sh /path.sh")
-        .and_yield("output here")
+        .and_yield("output here", nil)
         .and_return result_mock
 
       expect(knife.ui).to receive(:msg).with(/testhost/)
       knife.perform_bootstrap("/path.sh")
     end
+
     context "when the remote command fails" do
       let(:exit_status) { 1 }
       it "shows an error and exits" do
@@ -1756,6 +1758,25 @@ describe Chef::Knife::Bootstrap do
         expect { knife.perform_bootstrap("/path.sh") }.to raise_error(SystemExit)
       end
     end
+
+    context "when the remote command failed due to su auth error" do
+      let(:exit_status) { 1 }
+      let(:stdout) { "su: Authentication failure" }
+      let(:connection_obj) { double("connection", transport_options: {}) }
+      it "shows an error and exits" do
+        allow(connection).to receive(:connection).and_return(connection_obj)
+        expect(knife.ui).to receive(:info).with(/Bootstrapping.*/)
+        expect(knife).to receive(:bootstrap_command)
+          .with("/path.sh")
+          .and_return("su - USER -c 'sh /path.sh'")
+        expect(connection)
+          .to receive(:run_command)
+          .with("su - USER -c 'sh /path.sh'")
+          .and_yield("output here", nil)
+          .and_raise(Train::UserError)
+        expect { knife.perform_bootstrap("/path.sh") }.to raise_error(Train::UserError)
+      end
+    end
   end
 
   describe "#connect!" do
@@ -1964,7 +1985,25 @@ describe Chef::Knife::Bootstrap do
     context "under Linux" do
       let(:linux_test) { true }
       it "prefixes the command to run under sh" do
-        expect(knife.bootstrap_command("bootstrap")).to eq "sh bootstrap"
+        expect(knife.bootstrap_command("bootstrap.sh")).to eq "sh bootstrap.sh"
+      end
+
+      context "with --su-user option" do
+        let(:connection_obj) { double("connection", transport_options: {}) }
+        before do
+          knife.config[:su_user] = "root"
+          allow(connection).to receive(:connection).and_return(connection_obj)
+        end
+        it "prefixes the command to run using su -USER -c" do
+          expect(knife.bootstrap_command("bootstrap.sh")).to eq "su - #{knife.config[:su_user]} -c 'sh bootstrap.sh'"
+          expect(connection_obj.transport_options.key?(:pty)).to eq true
+        end
+
+        it "sudo appended if --sudo option enabled" do
+          knife.config[:use_sudo] = true
+          expect(knife.bootstrap_command("bootstrap.sh")).to eq "sudo su - #{knife.config[:su_user]} -c 'sh bootstrap.sh'"
+          expect(connection_obj.transport_options.key?(:pty)).to eq true
+        end
       end
     end
   end

data/spec/unit/knife/supermarket_share_spec.rb

@@ -46,7 +46,9 @@ describe Chef::Knife::SupermarketShare do
 
     allow(@knife).to receive(:shell_out!).and_return(true)
     @stdout = StringIO.new
+    @stderr = StringIO.new
     allow(@knife.ui).to receive(:stdout).and_return(@stdout)
+    allow(@knife.ui).to receive(:stderr).and_return(@stderr)
   end
 
   describe "run" do
@@ -140,7 +142,9 @@ describe Chef::Knife::SupermarketShare do
       before do
         allow(Chef::CookbookSiteStreamingUploader).to receive(:create_build_dir).and_return("/var/tmp/dummy")
         @knife.config = { dry_run: true }
-        allow(@knife).to receive_message_chain(:shell_out!, :stdout).and_return("file")
+        @so = instance_double("Mixlib::ShellOut")
+        allow(@knife).to receive(:shell_out!).and_return(@so)
+        allow(@so).to receive(:stdout).and_return("file")
       end
 
       it "should list files in the tarball" do
@@ -151,7 +155,6 @@ describe Chef::Knife::SupermarketShare do
       end
 
       it "does not upload the cookbook" do
-        allow(@knife).to receive(:shell_out!).and_return(true)
         expect(@knife).not_to receive(:do_upload)
         @knife.run
       end
@@ -164,10 +167,6 @@ describe Chef::Knife::SupermarketShare do
       @upload_response = double("Net::HTTPResponse")
       allow(Chef::CookbookSiteStreamingUploader).to receive(:post).and_return(@upload_response)
 
-      @stdout = StringIO.new
-      @stderr = StringIO.new
-      allow(@knife.ui).to receive(:stdout).and_return(@stdout)
-      allow(@knife.ui).to receive(:stderr).and_return(@stderr)
       allow(File).to receive(:open).and_return(true)
     end
 

data/spec/unit/provider/mount/mount_spec.rb

@@ -66,6 +66,7 @@ describe Chef::Provider::Mount::Mount do
 
     describe "when dealing with network mounts" do
       { "nfs" => "nfsserver:/vol/path",
+        "cephfs" => "cephserver:6789:/",
         "cifs" => "//cifsserver/share" }.each do |type, fs_spec|
           it "should detect network fs_spec (#{type})" do
             @new_resource.device fs_spec

data/spec/unit/provider/package/dnf/python_helper_spec.rb

@@ -19,11 +19,17 @@ require "spec_helper"
 
 # NOTE: most of the tests of this functionality are baked into the func tests for the dnf package provider
 
-describe Chef::Provider::Package::Dnf::PythonHelper do
+# run this test only for following platforms.
+exclude_test = !(%w{rhel fedora amazon}.include?(ohai[:platform_family]) && File.exist?("/usr/bin/dnf"))
+describe Chef::Provider::Package::Dnf::PythonHelper, :requires_root, external: exclude_test do
   let(:helper) { Chef::Provider::Package::Dnf::PythonHelper.instance }
 
   it "propagates stacktraces on stderr from the forked subprocess", :rhel do
     allow(helper).to receive(:dnf_command).and_return("ruby -e 'raise \"your hands in the air\"'")
     expect { helper.package_query(:whatprovides, "tcpdump") }.to raise_error(/your hands in the air/)
   end
+
+  it "compares EVRAs with dots in the release correctly" do
+    expect(helper.compare_versions("0:1.8.29-6.el8.x86_64", "0:1.8.29-6.el8_3.1.x86_64")).to eql(-1)
+  end
 end

data/spec/unit/provider/package/freebsd/pkgng_spec.rb

@@ -66,7 +66,7 @@ describe Chef::Provider::Package::Freebsd::Port do
     end
 
     it "should query pkg database" do
-      expect(@provider).to receive(:shell_out_compacted!).with("pkg", "info", "zsh", env: nil, returns: [0, 70], timeout: 900).and_return(@pkg_info)
+      expect(@provider).to receive(:shell_out_compacted!).with("pkg", "info", "zsh", env: nil, returns: [0, 1, 70], timeout: 900).and_return(@pkg_info)
       expect(@provider.current_installed_version).to eq("3.1.7")
     end
   end

data/spec/unit/resource_inspector_spec.rb

@@ -28,7 +28,11 @@ class DummyResource < Chef::Resource
   introduced "14.0"
   property :first, String, description: "My First Property", introduced: "14.0"
 
-  action :dummy do
+  action :dummy, description: "Dummy action" do
+    return true
+  end
+
+  action :dummy_no_desc do
     return true
   end
 end
@@ -39,7 +43,8 @@ describe Chef::ResourceInspector do
 
     it "returns a hash with required data" do
       expect(subject[:description]).to eq "A dummy resource"
-      expect(subject[:actions]).to match_array %i{nothing dummy}
+      expect(subject[:actions]).to eq({ nothing: nil, dummy: "Dummy action",
+                                        dummy_no_desc: nil })
     end
 
     context "excluding built in properties" do

data/spec/unit/resource_spec.rb

@@ -1162,6 +1162,52 @@ describe Chef::Resource do
     end
   end
 
+  describe "#action_description" do
+    class TestResource < ::Chef::Resource
+      action :symbol_action, description: "a symbol test" do; end
+      action "string_action", description: "a string test" do; end
+      action :base_action0 do; end
+      action :base_action1, description: "unmodified base action 1 desc" do; end
+      action :base_action2, description: "unmodified base action 2 desc" do; end
+      action :base_action3, description: "unmodified base action 3 desc" do; end
+    end
+
+    it "returns nil when no description was provided for the action" do
+      expect(TestResource.action_description(:base_action0)).to eql(nil)
+    end
+
+    context "when action definition is a string" do
+      it "returns the description whether a symbol or string is used to look it up" do
+        expect(TestResource.action_description("string_action")).to eql("a string test")
+        expect(TestResource.action_description(:string_action)).to eql("a string test")
+      end
+    end
+
+    context "when action definition is a symbol" do
+      it "returns the description whether a symbol or string is used to look up" do
+        expect(TestResource.action_description("symbol_action")).to eql("a symbol test")
+        expect(TestResource.action_description(:symbol_action)).to eql("a symbol test")
+      end
+    end
+
+    context "when inheriting from an existing resource" do
+      class TestResourceChild < TestResource
+        action :base_action2, description: "modified base action 2 desc" do; end
+        action :base_action3 do; end
+      end
+
+      it "returns original description when a described action is not overridden in child resource" do
+        expect(TestResourceChild.action_description(:base_action1)).to eq "unmodified base action 1 desc"
+      end
+      it "returns original description when the child resource overrides an inherited action but NOT its description" do
+        expect(TestResourceChild.action_description(:base_action3)).to eq "unmodified base action 3 desc"
+      end
+      it "returns new description when the child resource overrides an inherited action and its description" do
+        expect(TestResourceChild.action_description(:base_action2)).to eq "modified base action 2 desc"
+      end
+    end
+  end
+
   describe ".default_action" do
     let(:default_action) {}
     let(:resource_class) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 16.9.17
+  version: 16.10.17
 platform: universal-mingw32
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-08 00:00:00.000000000 Z
+date: 2021-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.9.17
+        version: 16.10.17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.9.17
+        version: 16.10.17
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.9.17
+        version: 16.10.17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.9.17
+        version: 16.10.17
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -554,16 +554,22 @@ dependencies:
   name: uuidtools
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: proxifier
   requirement: !ruby/object:Gem::Requirement
@@ -750,14 +756,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '0.5'
 description: A systems integration framework, built to bring the benefits of configuration
   management to your entire infrastructure.
 email: adam@chef.io