chef 17.0.242-universal-mingw32 → 17.4.25-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +4 -14
- data/Rakefile +2 -2
- data/chef.gemspec +10 -20
- data/lib/chef/action_collection.rb +6 -26
- data/lib/chef/application/base.rb +15 -0
- data/lib/chef/application.rb +4 -2
- data/lib/chef/chef_fs/file_pattern.rb +2 -2
- data/lib/chef/client.rb +7 -1
- data/lib/chef/compliance/default_attributes.rb +5 -3
- data/lib/chef/compliance/reporter/automate.rb +1 -1
- data/lib/chef/compliance/runner.rb +17 -3
- data/lib/chef/cookbook/cookbook_version_loader.rb +3 -3
- data/lib/chef/cookbook/gem_installer.rb +5 -1
- data/lib/chef/cookbook_version.rb +26 -4
- data/lib/chef/data_collector/run_end_message.rb +1 -1
- data/lib/chef/data_collector.rb +0 -1
- data/lib/chef/deprecated.rb +14 -4
- data/lib/chef/dsl/declare_resource.rb +5 -10
- data/lib/chef/dsl/render_helpers.rb +44 -0
- data/lib/chef/dsl/secret.rb +64 -0
- data/lib/chef/dsl/toml.rb +116 -0
- data/lib/chef/dsl/universal.rb +5 -0
- data/lib/chef/dsl.rb +1 -0
- data/lib/chef/event_dispatch/base.rb +2 -1
- data/lib/chef/exceptions.rb +23 -0
- data/lib/chef/formatters/doc.rb +2 -1
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/handler/slow_report.rb +66 -0
- data/lib/chef/handler.rb +46 -8
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/node.rb +21 -20
- data/lib/chef/policy_builder/policyfile.rb +88 -45
- data/lib/chef/provider/directory.rb +6 -6
- data/lib/chef/provider/execute.rb +1 -1
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/launchd.rb +6 -6
- data/lib/chef/provider/link.rb +1 -1
- data/lib/chef/provider/lwrp_base.rb +1 -1
- data/lib/chef/provider/package/dnf/dnf_helper.py +11 -10
- data/lib/chef/provider/package/dnf/python_helper.rb +9 -8
- data/lib/chef/provider/package/habitat.rb +168 -0
- data/lib/chef/provider/package/powershell.rb +5 -0
- data/lib/chef/provider/package/yum/python_helper.rb +15 -10
- data/lib/chef/provider/package/yum/yum_helper.py +46 -62
- data/lib/chef/provider/package/yum.rb +1 -4
- data/lib/chef/provider/registry_key.rb +1 -1
- data/lib/chef/provider/service/systemd.rb +1 -1
- data/lib/chef/provider/subversion.rb +4 -4
- data/lib/chef/provider/support/yum_repo.erb +1 -1
- data/lib/chef/provider/support/zypper_repo.erb +4 -2
- data/lib/chef/provider/systemd_unit.rb +18 -17
- data/lib/chef/provider/template/content.rb +1 -1
- data/lib/chef/provider/user/mac.rb +3 -3
- data/lib/chef/provider/windows_script.rb +1 -1
- data/lib/chef/provider/yum_repository.rb +27 -43
- data/lib/chef/provider/zypper_repository.rb +30 -34
- data/lib/chef/provider.rb +26 -1
- data/lib/chef/provider_resolver.rb +8 -2
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource/alternatives.rb +5 -5
- data/lib/chef/resource/apt_preference.rb +2 -2
- data/lib/chef/resource/apt_repository.rb +2 -2
- data/lib/chef/resource/apt_update.rb +4 -4
- data/lib/chef/resource/build_essential.rb +1 -1
- data/lib/chef/resource/chef_client_config.rb +10 -5
- data/lib/chef/resource/chef_client_cron.rb +3 -3
- data/lib/chef/resource/chef_client_launchd.rb +3 -3
- data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
- data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
- data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
- data/lib/chef/resource/chef_handler.rb +2 -2
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/chef_vault_secret.rb +2 -2
- data/lib/chef/resource/chocolatey_feature.rb +2 -2
- data/lib/chef/resource/chocolatey_source.rb +1 -1
- data/lib/chef/resource/cron/cron_d.rb +4 -6
- data/lib/chef/resource/cron_access.rb +1 -1
- data/lib/chef/resource/dmg_package.rb +1 -1
- data/lib/chef/resource/dsc_resource.rb +1 -1
- data/lib/chef/resource/execute.rb +5 -5
- data/lib/chef/resource/gem_package.rb +2 -1
- data/lib/chef/resource/group.rb +4 -4
- data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
- data/lib/chef/resource/habitat/habitat_package.rb +129 -0
- data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
- data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
- data/lib/chef/resource/habitat_config.rb +107 -0
- data/lib/chef/resource/habitat_install.rb +247 -0
- data/lib/chef/resource/habitat_service.rb +451 -0
- data/lib/chef/resource/habitat_user_toml.rb +92 -0
- data/lib/chef/resource/homebrew_cask.rb +18 -7
- data/lib/chef/resource/homebrew_package.rb +1 -1
- data/lib/chef/resource/homebrew_tap.rb +4 -3
- data/lib/chef/resource/homebrew_update.rb +2 -2
- data/lib/chef/resource/hostname.rb +49 -7
- data/lib/chef/resource/inspec_waiver_file_entry.rb +156 -0
- data/lib/chef/resource/kernel_module.rb +6 -6
- data/lib/chef/resource/launchd.rb +3 -3
- data/lib/chef/resource/locale.rb +1 -1
- data/lib/chef/resource/lwrp_base.rb +18 -3
- data/lib/chef/resource/macos_userdefaults.rb +2 -2
- data/lib/chef/resource/ohai_hint.rb +2 -6
- data/lib/chef/resource/openbsd_package.rb +17 -0
- data/lib/chef/resource/openssl_dhparam.rb +1 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
- data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
- data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
- data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
- data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
- data/lib/chef/resource/openssl_x509_crl.rb +1 -3
- data/lib/chef/resource/openssl_x509_request.rb +1 -3
- data/lib/chef/resource/osx_profile.rb +3 -3
- data/lib/chef/resource/plist.rb +1 -1
- data/lib/chef/resource/powershell_package_source.rb +2 -4
- data/lib/chef/resource/reboot.rb +38 -9
- data/lib/chef/resource/remote_directory.rb +2 -2
- data/lib/chef/resource/remote_file.rb +3 -3
- data/lib/chef/resource/rhsm_errata.rb +0 -2
- data/lib/chef/resource/rhsm_errata_level.rb +1 -5
- data/lib/chef/resource/rhsm_repo.rb +15 -0
- data/lib/chef/resource/rhsm_subscription.rb +5 -5
- data/lib/chef/resource/ruby_block.rb +100 -0
- data/lib/chef/resource/scm/subversion.rb +1 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
- data/lib/chef/resource/sudo.rb +2 -6
- data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
- data/lib/chef/resource/support/client.erb +8 -1
- data/lib/chef/resource/support/sup.toml.erb +179 -0
- data/lib/chef/resource/swap_file.rb +2 -6
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +3 -3
- data/lib/chef/resource/timezone.rb +1 -1
- data/lib/chef/resource/user_ulimit.rb +2 -2
- data/lib/chef/resource/windows_ad_join.rb +2 -2
- data/lib/chef/resource/windows_audit_policy.rb +2 -2
- data/lib/chef/resource/windows_auto_run.rb +2 -2
- data/lib/chef/resource/windows_certificate.rb +1 -1
- data/lib/chef/resource/windows_defender.rb +163 -0
- data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
- data/lib/chef/resource/windows_dfs_folder.rb +2 -2
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
- data/lib/chef/resource/windows_dns_record.rb +2 -2
- data/lib/chef/resource/windows_dns_zone.rb +2 -2
- data/lib/chef/resource/windows_env.rb +1 -1
- data/lib/chef/resource/windows_feature.rb +3 -3
- data/lib/chef/resource/windows_feature_dism.rb +3 -5
- data/lib/chef/resource/windows_feature_powershell.rb +3 -3
- data/lib/chef/resource/windows_firewall_profile.rb +2 -2
- data/lib/chef/resource/windows_firewall_rule.rb +20 -6
- data/lib/chef/resource/windows_font.rb +2 -2
- data/lib/chef/resource/windows_pagefile.rb +104 -65
- data/lib/chef/resource/windows_path.rb +4 -4
- data/lib/chef/resource/windows_printer.rb +80 -61
- data/lib/chef/resource/windows_printer_port.rb +48 -65
- data/lib/chef/resource/windows_security_policy.rb +7 -4
- data/lib/chef/resource/windows_share.rb +2 -2
- data/lib/chef/resource/windows_shortcut.rb +1 -1
- data/lib/chef/resource/windows_task.rb +2 -2
- data/lib/chef/resource/windows_uac.rb +3 -5
- data/lib/chef/resource/windows_update_settings.rb +259 -0
- data/lib/chef/resource/windows_user_privilege.rb +2 -2
- data/lib/chef/resource/windows_workgroup.rb +2 -2
- data/lib/chef/resource/yum_package.rb +11 -15
- data/lib/chef/resource/zypper_package.rb +4 -4
- data/lib/chef/resource/zypper_repository.rb +28 -8
- data/lib/chef/resource.rb +20 -25
- data/lib/chef/resource_builder.rb +8 -2
- data/lib/chef/resource_inspector.rb +6 -2
- data/lib/chef/resource_reporter.rb +0 -1
- data/lib/chef/resources.rb +13 -1
- data/lib/chef/run_lock.rb +1 -1
- data/lib/chef/runner.rb +1 -1
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
- data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
- data/lib/chef/secret_fetcher/base.rb +76 -0
- data/lib/chef/secret_fetcher/example.rb +46 -0
- data/lib/chef/secret_fetcher.rb +55 -0
- data/lib/chef/shell/ext.rb +3 -3
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api.rb +9 -2
- data/spec/data/knife-home/.chef/plugins/knife/example_home_subcommand.rb +0 -0
- data/spec/data/knife-site-subcommands/plugins/knife/example_subcommand.rb +0 -0
- data/spec/data/knife_subcommand/test_explicit_category.rb +7 -0
- data/spec/data/knife_subcommand/test_name_mapping.rb +4 -0
- data/spec/data/knife_subcommand/test_yourself.rb +21 -0
- data/spec/functional/mixin/from_file_spec.rb +1 -1
- data/spec/functional/resource/dnf_package_spec.rb +857 -537
- data/spec/functional/resource/group_spec.rb +1 -1
- data/spec/functional/resource/link_spec.rb +1 -1
- data/spec/functional/resource/remote_file_spec.rb +1 -1
- data/spec/functional/resource/windows_env_spec.rb +2 -2
- data/spec/functional/resource/windows_hostname_spec.rb +91 -0
- data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
- data/spec/functional/resource/yum_package_spec.rb +495 -428
- data/spec/integration/client/client_spec.rb +0 -20
- data/spec/integration/compliance/compliance_spec.rb +1 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
- data/spec/integration/recipes/resource_action_spec.rb +6 -6
- data/spec/integration/recipes/unified_mode_spec.rb +70 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/support/chef_helpers.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/knife.rb +37 -0
- data/spec/support/shared/integration/knife_support.rb +192 -0
- data/spec/support/shared/unit/knife_shared.rb +39 -0
- data/spec/support/shared/unit/provider/file.rb +3 -9
- data/spec/unit/chef_fs/file_system/repository/directory_spec.rb +1 -1
- data/spec/unit/compliance/runner_spec.rb +46 -2
- data/spec/unit/cookbook_version_spec.rb +52 -0
- data/spec/unit/data_collector_spec.rb +47 -1
- data/spec/unit/dsl/render_helpers_spec.rb +102 -0
- data/spec/unit/dsl/secret_spec.rb +71 -0
- data/spec/unit/handler_spec.rb +8 -2
- data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
- data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
- data/spec/unit/provider/apt_update_spec.rb +3 -1
- data/spec/unit/provider/link_spec.rb +1 -1
- data/spec/unit/provider/mount/aix_spec.rb +1 -1
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -0
- data/spec/unit/provider/package/powershell_spec.rb +74 -12
- data/spec/unit/provider/package/yum/python_helper_spec.rb +1 -0
- data/spec/unit/provider/service/systemd_service_spec.rb +2 -2
- data/spec/unit/provider/systemd_unit_spec.rb +2 -2
- data/spec/unit/provider/zypper_repository_spec.rb +3 -10
- data/spec/unit/provider_spec.rb +23 -0
- data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
- data/spec/unit/resource/inspec_waiver_file_entry_spec.rb +80 -0
- data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
- data/spec/unit/resource/windows_defender_spec.rb +71 -0
- data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
- data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
- data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
- data/spec/unit/resource/zypper_repository_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +19 -8
- data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
- data/spec/unit/secret_fetcher_spec.rb +82 -0
- data/tasks/rspec.rb +4 -9
- metadata +65 -161
- data/lib/chef/provider/package/yum/simplejson/LICENSE.txt +0 -79
- data/lib/chef/provider/package/yum/simplejson/__init__.py +0 -318
- data/lib/chef/provider/package/yum/simplejson/__init__.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/decoder.py +0 -354
- data/lib/chef/provider/package/yum/simplejson/decoder.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/encoder.py +0 -440
- data/lib/chef/provider/package/yum/simplejson/encoder.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/scanner.py +0 -65
- data/lib/chef/provider/package/yum/simplejson/scanner.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/tool.py +0 -37
@@ -36,14 +36,13 @@ end
|
|
36
36
|
|
37
37
|
# forwards-vs-reverse slashes on windows sucks
|
38
38
|
def windows_path
|
39
|
-
windows? ? normalized_path.tr(
|
39
|
+
windows? ? normalized_path.tr("\\", "/") : normalized_path
|
40
40
|
end
|
41
41
|
|
42
42
|
# this is all getting a bit stupid, CHEF-4802 cut to remove all this
|
43
43
|
def setup_normal_file
|
44
44
|
[ resource_path, normalized_path, windows_path].each do |path|
|
45
45
|
allow(File).to receive(:file?).with(path).and_return(true)
|
46
|
-
allow(File).to receive(:exists?).with(path).and_return(true)
|
47
46
|
allow(File).to receive(:exist?).with(path).and_return(true)
|
48
47
|
allow(File).to receive(:directory?).with(path).and_return(false)
|
49
48
|
allow(File).to receive(:writable?).with(path).and_return(true)
|
@@ -57,7 +56,6 @@ def setup_missing_file
|
|
57
56
|
[ resource_path, normalized_path, windows_path].each do |path|
|
58
57
|
allow(File).to receive(:file?).with(path).and_return(false)
|
59
58
|
allow(File).to receive(:realpath?).with(path).and_return(resource_path)
|
60
|
-
allow(File).to receive(:exists?).with(path).and_return(false)
|
61
59
|
allow(File).to receive(:exist?).with(path).and_return(false)
|
62
60
|
allow(File).to receive(:directory?).with(path).and_return(false)
|
63
61
|
allow(File).to receive(:writable?).with(path).and_return(false)
|
@@ -70,7 +68,6 @@ def setup_symlink
|
|
70
68
|
[ resource_path, normalized_path, windows_path].each do |path|
|
71
69
|
allow(File).to receive(:file?).with(path).and_return(true)
|
72
70
|
allow(File).to receive(:realpath?).with(path).and_return(normalized_path)
|
73
|
-
allow(File).to receive(:exists?).with(path).and_return(true)
|
74
71
|
allow(File).to receive(:exist?).with(path).and_return(true)
|
75
72
|
allow(File).to receive(:directory?).with(path).and_return(false)
|
76
73
|
allow(File).to receive(:writable?).with(path).and_return(true)
|
@@ -84,7 +81,6 @@ def setup_unwritable_file
|
|
84
81
|
[ resource_path, normalized_path, windows_path].each do |path|
|
85
82
|
allow(File).to receive(:file?).with(path).and_return(false)
|
86
83
|
allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
|
87
|
-
allow(File).to receive(:exists?).with(path).and_return(true)
|
88
84
|
allow(File).to receive(:exist?).with(path).and_return(true)
|
89
85
|
allow(File).to receive(:directory?).with(path).and_return(false)
|
90
86
|
allow(File).to receive(:writable?).with(path).and_return(false)
|
@@ -97,7 +93,6 @@ def setup_missing_enclosing_directory
|
|
97
93
|
[ resource_path, normalized_path, windows_path].each do |path|
|
98
94
|
allow(File).to receive(:file?).with(path).and_return(false)
|
99
95
|
allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
|
100
|
-
allow(File).to receive(:exists?).with(path).and_return(false)
|
101
96
|
allow(File).to receive(:exist?).with(path).and_return(false)
|
102
97
|
allow(File).to receive(:directory?).with(path).and_return(false)
|
103
98
|
allow(File).to receive(:writable?).with(path).and_return(false)
|
@@ -138,7 +133,6 @@ shared_examples_for Chef::Provider::File do
|
|
138
133
|
before(:each) do
|
139
134
|
allow(content).to receive(:tempfile).and_return(tempfile)
|
140
135
|
allow(File).to receive(:exist?).with(tempfile.path).and_call_original
|
141
|
-
allow(File).to receive(:exists?).with(tempfile.path).and_call_original
|
142
136
|
end
|
143
137
|
|
144
138
|
after do
|
@@ -547,7 +541,7 @@ shared_examples_for Chef::Provider::File do
|
|
547
541
|
provider.load_current_resource
|
548
542
|
tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
|
549
543
|
allow(content).to receive(:tempfile).and_return(tempfile)
|
550
|
-
expect(File).to receive(:
|
544
|
+
expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(true)
|
551
545
|
expect(tempfile).to receive(:close).once
|
552
546
|
expect(tempfile).to receive(:unlink).once
|
553
547
|
end
|
@@ -630,7 +624,7 @@ shared_examples_for Chef::Provider::File do
|
|
630
624
|
it "raises an exception when the content object returns a tempfile that does not exist" do
|
631
625
|
tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
|
632
626
|
expect(provider.send(:content)).to receive(:tempfile).at_least(:once).and_return(tempfile)
|
633
|
-
expect(File).to receive(:
|
627
|
+
expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(false)
|
634
628
|
expect { provider.send(:do_contents_changes) }.to raise_error(RuntimeError)
|
635
629
|
end
|
636
630
|
end
|
@@ -202,6 +202,16 @@ describe Chef::Compliance::Runner do
|
|
202
202
|
expect { runner.load_and_validate! }.to raise_error(/^CMPL002:/)
|
203
203
|
end
|
204
204
|
|
205
|
+
it "raises CMPL004 if both the inputs and attributes node attributes are set" do
|
206
|
+
node.normal["audit"]["attributes"] = {
|
207
|
+
"tacos" => "lunch",
|
208
|
+
}
|
209
|
+
node.normal["audit"]["inputs"] = {
|
210
|
+
"tacos" => "lunch",
|
211
|
+
}
|
212
|
+
expect { runner.load_and_validate! }.to raise_error(/^CMPL011:/)
|
213
|
+
end
|
214
|
+
|
205
215
|
it "validates configured reporters" do
|
206
216
|
node.normal["audit"]["reporter"] = [ "chef-automate" ]
|
207
217
|
reporter_double = double("reporter", validate_config!: nil)
|
@@ -212,6 +222,40 @@ describe Chef::Compliance::Runner do
|
|
212
222
|
end
|
213
223
|
|
214
224
|
describe "#inspec_opts" do
|
225
|
+
it "pulls inputs from the attributes setting" do
|
226
|
+
node.normal["audit"]["attributes"] = {
|
227
|
+
"tacos" => "lunch",
|
228
|
+
}
|
229
|
+
|
230
|
+
inputs = runner.inspec_opts[:inputs]
|
231
|
+
|
232
|
+
expect(inputs["tacos"]).to eq("lunch")
|
233
|
+
end
|
234
|
+
|
235
|
+
it "pulls inputs from the inputs setting" do
|
236
|
+
node.normal["audit"]["inputs"] = {
|
237
|
+
"tacos" => "lunch",
|
238
|
+
}
|
239
|
+
|
240
|
+
inputs = runner.inspec_opts[:inputs]
|
241
|
+
|
242
|
+
expect(inputs["tacos"]).to eq("lunch")
|
243
|
+
end
|
244
|
+
|
245
|
+
it "favors inputs over attributes" do
|
246
|
+
node.normal["audit"]["attributes"] = {
|
247
|
+
"tacos" => "dinner",
|
248
|
+
}
|
249
|
+
|
250
|
+
node.normal["audit"]["inputs"] = {
|
251
|
+
"tacos" => "lunch",
|
252
|
+
}
|
253
|
+
|
254
|
+
inputs = runner.inspec_opts[:inputs]
|
255
|
+
|
256
|
+
expect(inputs["tacos"]).to eq("lunch")
|
257
|
+
end
|
258
|
+
|
215
259
|
it "does not include chef_node in inputs by default" do
|
216
260
|
node.normal["audit"]["attributes"] = {
|
217
261
|
"tacos" => "lunch",
|
@@ -221,7 +265,7 @@ describe Chef::Compliance::Runner do
|
|
221
265
|
inputs = runner.inspec_opts[:inputs]
|
222
266
|
|
223
267
|
expect(inputs["tacos"]).to eq("lunch")
|
224
|
-
expect(inputs.key?("chef_node")).to eq(
|
268
|
+
expect(inputs.key?("chef_node")).to eq(true)
|
225
269
|
end
|
226
270
|
|
227
271
|
it "includes chef_node in inputs with chef_node_attribute_enabled set" do
|
@@ -234,7 +278,7 @@ describe Chef::Compliance::Runner do
|
|
234
278
|
inputs = runner.inspec_opts[:inputs]
|
235
279
|
|
236
280
|
expect(inputs["tacos"]).to eq("lunch")
|
237
|
-
expect(inputs["chef_node"]["audit"]["reporter"]).to eq("
|
281
|
+
expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli")
|
238
282
|
expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
|
239
283
|
end
|
240
284
|
end
|
@@ -41,7 +41,59 @@ describe Chef::CookbookVersion do
|
|
41
41
|
it "has empty metadata" do
|
42
42
|
expect(cookbook_version.metadata).to eq(Chef::Cookbook::Metadata.new)
|
43
43
|
end
|
44
|
+
end
|
45
|
+
|
46
|
+
describe "#recipe_yml_filenames_by_name" do
|
47
|
+
let(:cookbook_version) { Chef::CookbookVersion.new("mycb", "/tmp/mycb") }
|
48
|
+
|
49
|
+
def files_for_recipe(extension)
|
50
|
+
[
|
51
|
+
{ name: "recipes/default.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/default.#{extension}" },
|
52
|
+
{ name: "recipes/other.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/other.#{extension}" },
|
53
|
+
]
|
54
|
+
end
|
55
|
+
context "and YAML files present include both a recipes/default.yml and a recipes/default.yaml" do
|
56
|
+
before(:each) do
|
57
|
+
allow(cookbook_version).to receive(:files_for).with("recipes").and_return(
|
58
|
+
[
|
59
|
+
{ name: "recipes/default.yml", full_path: "/home/user/repo/cookbooks/test/recipes/default.yml" },
|
60
|
+
{ name: "recipes/default.yaml", full_path: "/home/user/repo/cookbooks/test/recipes/default.yaml" },
|
61
|
+
]
|
62
|
+
)
|
63
|
+
end
|
64
|
+
it "because both are valid and we can't pick, it raises an error that contains the info needed to fix the problem" do
|
65
|
+
expect { cookbook_version.recipe_yml_filenames_by_name }
|
66
|
+
.to raise_error(Chef::Exceptions::AmbiguousYAMLFile, /.*default.yml.*default.yaml.*update the cookbook to remove/)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
%w{yml yaml}.each do |extension|
|
71
|
+
|
72
|
+
context "and YAML files are present including a recipes/default.#{extension}" do
|
73
|
+
before(:each) do
|
74
|
+
allow(cookbook_version).to receive(:files_for).with("recipes").and_return(files_for_recipe(extension))
|
75
|
+
end
|
76
|
+
|
77
|
+
context "and manifest does not include a root_files/recipe.#{extension}" do
|
78
|
+
it "returns all YAML recipes with a correct default of default.#{extension}" do
|
79
|
+
expect(cookbook_version.recipe_yml_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipes/default.#{extension}",
|
80
|
+
"other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
context "and manifest also includes a root_files/recipe.#{extension}" do
|
85
|
+
let(:root_files) { [{ name: "root_files/recipe.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipe.#{extension}" } ] }
|
86
|
+
before(:each) do
|
87
|
+
allow(cookbook_version.cookbook_manifest).to receive(:root_files).and_return(root_files)
|
88
|
+
end
|
44
89
|
|
90
|
+
it "returns all YAML recipes with a correct default of recipe.#{extension}" do
|
91
|
+
expect(cookbook_version.recipe_yml_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipe.#{extension}",
|
92
|
+
"other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
45
97
|
end
|
46
98
|
|
47
99
|
describe "with a cookbook directory named tatft" do
|
@@ -142,11 +142,17 @@ describe Chef::DataCollector do
|
|
142
142
|
def expect_converge_message(keys)
|
143
143
|
keys["message_type"] = "run_converge"
|
144
144
|
keys["message_version"] = "1.1.0"
|
145
|
+
# if (keys.key?("node") && !keys["node"].empty?)
|
146
|
+
# expect(rest_client).to receive(:post) do |_a, hash, _b|
|
147
|
+
# require 'pry'; binding.pry
|
148
|
+
# end
|
149
|
+
# else
|
145
150
|
expect(rest_client).to receive(:post).with(
|
146
151
|
nil,
|
147
152
|
hash_including(keys),
|
148
153
|
{ "Content-Type" => "application/json" }
|
149
154
|
)
|
155
|
+
# end
|
150
156
|
end
|
151
157
|
|
152
158
|
def resource_has_diff(new_resource, status)
|
@@ -202,7 +208,7 @@ describe Chef::DataCollector do
|
|
202
208
|
end
|
203
209
|
|
204
210
|
it "has a node" do
|
205
|
-
expect_converge_message("node" => expected_node)
|
211
|
+
expect_converge_message("node" => expected_node.is_a?(Chef::Node) ? expected_node.data_for_save : expected_node)
|
206
212
|
send_run_failed_or_completed_event
|
207
213
|
end
|
208
214
|
|
@@ -808,6 +814,46 @@ describe Chef::DataCollector do
|
|
808
814
|
it_behaves_like "sends a converge message"
|
809
815
|
end
|
810
816
|
|
817
|
+
context "when node attributes are block-listed" do
|
818
|
+
let(:status) { "success" }
|
819
|
+
before do
|
820
|
+
Chef::Config[:blocked_default_attributes] = [
|
821
|
+
%w{secret key_to_the_kingdom},
|
822
|
+
]
|
823
|
+
node.default = {
|
824
|
+
"secret" => { "key_to_the_kingdom" => "under the flower pot to the left of the drawbridge" },
|
825
|
+
"publicinfo" => { "num_flower_pots" => 18 },
|
826
|
+
}
|
827
|
+
end
|
828
|
+
|
829
|
+
it "payload should exclude blocked attributes" do
|
830
|
+
expect(rest_client).to receive(:post) do |_addr, hash, _headers|
|
831
|
+
expect(hash["node"]["default"]).to eq({ "secret" => {}, "publicinfo" => { "num_flower_pots" => 18 } })
|
832
|
+
end
|
833
|
+
send_run_failed_or_completed_event
|
834
|
+
end
|
835
|
+
end
|
836
|
+
|
837
|
+
context "when node attributes are allow-listed" do
|
838
|
+
let(:status) { "success" }
|
839
|
+
before do
|
840
|
+
Chef::Config[:allowed_default_attributes] = [
|
841
|
+
%w{public entrance},
|
842
|
+
]
|
843
|
+
node.default = {
|
844
|
+
"public" => { "entrance" => "is the drawbridge" },
|
845
|
+
"secret" => { "entrance" => "is the tunnel" },
|
846
|
+
}
|
847
|
+
end
|
848
|
+
|
849
|
+
it "payload should include only allowed attributes" do
|
850
|
+
expect(rest_client).to receive(:post) do |_addr, hash, _headers|
|
851
|
+
expect(hash["node"]["default"]).to eq({ "public" => { "entrance" => "is the drawbridge" } })
|
852
|
+
end
|
853
|
+
send_run_failed_or_completed_event
|
854
|
+
end
|
855
|
+
end
|
856
|
+
|
811
857
|
end
|
812
858
|
end
|
813
859
|
|
@@ -0,0 +1,102 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "spec_helper"
|
19
|
+
require "chef/dsl/render_helpers"
|
20
|
+
|
21
|
+
describe Chef::DSL::RenderHelpers do
|
22
|
+
|
23
|
+
hash = {
|
24
|
+
"golf": "hotel",
|
25
|
+
"kilo": %w{lima mike},
|
26
|
+
"india": {
|
27
|
+
"juliett": "blue",
|
28
|
+
},
|
29
|
+
"alpha": {
|
30
|
+
"charlie": true,
|
31
|
+
"bravo": 10,
|
32
|
+
},
|
33
|
+
"echo": "foxtrot",
|
34
|
+
}
|
35
|
+
|
36
|
+
context "render_json" do
|
37
|
+
json = Chef::DSL::RenderHelpers.render_json(hash)
|
38
|
+
describe "JSON content" do
|
39
|
+
it "expected JSON output" do
|
40
|
+
expected = <<-EXPECTED
|
41
|
+
{
|
42
|
+
"golf": "hotel",
|
43
|
+
"kilo": [
|
44
|
+
"lima",
|
45
|
+
"mike"
|
46
|
+
],
|
47
|
+
"india": {
|
48
|
+
"juliett": "blue"
|
49
|
+
},
|
50
|
+
"alpha": {
|
51
|
+
"charlie": true,
|
52
|
+
"bravo": 10
|
53
|
+
},
|
54
|
+
"echo": "foxtrot"
|
55
|
+
}
|
56
|
+
EXPECTED
|
57
|
+
expect(json).to eq(expected)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
context "render_toml" do
|
63
|
+
toml = Chef::DSL::RenderHelpers.render_toml(hash)
|
64
|
+
describe "TOML content" do
|
65
|
+
it "expected TOML output" do
|
66
|
+
expected = <<-EXPECTED
|
67
|
+
echo = "foxtrot"
|
68
|
+
golf = "hotel"
|
69
|
+
kilo = ["lima", "mike"]
|
70
|
+
[alpha]
|
71
|
+
bravo = 10
|
72
|
+
charlie = true
|
73
|
+
[india]
|
74
|
+
juliett = "blue"
|
75
|
+
EXPECTED
|
76
|
+
expect(toml).to eq(expected)
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
context "render_yaml" do
|
82
|
+
yaml = Chef::DSL::RenderHelpers.render_yaml(hash)
|
83
|
+
describe "YAML content" do
|
84
|
+
it "expected YAML output" do
|
85
|
+
expected = <<-EXPECTED
|
86
|
+
---
|
87
|
+
golf: hotel
|
88
|
+
kilo:
|
89
|
+
- lima
|
90
|
+
- mike
|
91
|
+
india:
|
92
|
+
juliett: blue
|
93
|
+
alpha:
|
94
|
+
charlie: true
|
95
|
+
bravo: 10
|
96
|
+
echo: foxtrot
|
97
|
+
EXPECTED
|
98
|
+
expect(yaml).to eq(expected)
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Marc Paradise <marc@chef.io>
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require "spec_helper"
|
20
|
+
require "chef/dsl/secret"
|
21
|
+
require "chef/secret_fetcher/base"
|
22
|
+
class SecretDSLTester
|
23
|
+
include Chef::DSL::Secret
|
24
|
+
# Because DSL is invoked in the context of a recipe,
|
25
|
+
# we expect run_context to always be available when SecretFetcher::Base
|
26
|
+
# requests it - making it safe to mock here
|
27
|
+
def run_context
|
28
|
+
nil
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
class SecretFetcherImpl < Chef::SecretFetcher::Base
|
33
|
+
def do_fetch(name, version)
|
34
|
+
name
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
describe Chef::DSL::Secret do
|
39
|
+
let(:dsl) { SecretDSLTester.new }
|
40
|
+
it "responds to 'secret'" do
|
41
|
+
expect(dsl.respond_to?(:secret)).to eq true
|
42
|
+
end
|
43
|
+
|
44
|
+
it "uses SecretFetcher.for_service to find the fetcher" do
|
45
|
+
substitute_fetcher = SecretFetcherImpl.new({}, nil)
|
46
|
+
expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher)
|
47
|
+
expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
|
48
|
+
dsl.secret(name: "key1", service: :example, config: {})
|
49
|
+
end
|
50
|
+
|
51
|
+
it "resolves a secret when using the example fetcher" do
|
52
|
+
secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
|
53
|
+
expect(secret_value).to eq "secret value"
|
54
|
+
end
|
55
|
+
|
56
|
+
context "when used within a resource" do
|
57
|
+
let(:run_context) {
|
58
|
+
Chef::RunContext.new(Chef::Node.new,
|
59
|
+
Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
|
60
|
+
Chef::EventDispatch::Dispatcher.new)
|
61
|
+
}
|
62
|
+
|
63
|
+
it "marks that resource as 'sensitive'" do
|
64
|
+
recipe = Chef::Recipe.new("secrets", "test", run_context)
|
65
|
+
recipe.zen_master "secret_test" do
|
66
|
+
peace secret(name: "test1", service: :example, config: { "test1" => true })
|
67
|
+
end
|
68
|
+
expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|