chef 17.0.242-universal-mingw32 → 17.4.25-universal-mingw32

data/spec/support/shared/unit/provider/file.rb

@@ -36,14 +36,13 @@ end
 
 # forwards-vs-reverse slashes on windows sucks
 def windows_path
-  windows? ? normalized_path.tr('\\', "/") : normalized_path
+  windows? ? normalized_path.tr("\\", "/") : normalized_path
 end
 
 # this is all getting a bit stupid, CHEF-4802 cut to remove all this
 def setup_normal_file
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(true)
-    allow(File).to receive(:exists?).with(path).and_return(true)
     allow(File).to receive(:exist?).with(path).and_return(true)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(true)
@@ -57,7 +56,6 @@ def setup_missing_file
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(false)
     allow(File).to receive(:realpath?).with(path).and_return(resource_path)
-    allow(File).to receive(:exists?).with(path).and_return(false)
     allow(File).to receive(:exist?).with(path).and_return(false)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(false)
@@ -70,7 +68,6 @@ def setup_symlink
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(true)
     allow(File).to receive(:realpath?).with(path).and_return(normalized_path)
-    allow(File).to receive(:exists?).with(path).and_return(true)
     allow(File).to receive(:exist?).with(path).and_return(true)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(true)
@@ -84,7 +81,6 @@ def setup_unwritable_file
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(false)
     allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
-    allow(File).to receive(:exists?).with(path).and_return(true)
     allow(File).to receive(:exist?).with(path).and_return(true)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(false)
@@ -97,7 +93,6 @@ def setup_missing_enclosing_directory
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(false)
     allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
-    allow(File).to receive(:exists?).with(path).and_return(false)
     allow(File).to receive(:exist?).with(path).and_return(false)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(false)
@@ -138,7 +133,6 @@ shared_examples_for Chef::Provider::File do
   before(:each) do
     allow(content).to receive(:tempfile).and_return(tempfile)
     allow(File).to receive(:exist?).with(tempfile.path).and_call_original
-    allow(File).to receive(:exists?).with(tempfile.path).and_call_original
   end
 
   after do
@@ -547,7 +541,7 @@ shared_examples_for Chef::Provider::File do
           provider.load_current_resource
           tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
           allow(content).to receive(:tempfile).and_return(tempfile)
-          expect(File).to receive(:exists?).with("/tmp/foo-bar-baz").and_return(true)
+          expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(true)
           expect(tempfile).to receive(:close).once
           expect(tempfile).to receive(:unlink).once
         end
@@ -630,7 +624,7 @@ shared_examples_for Chef::Provider::File do
       it "raises an exception when the content object returns a tempfile that does not exist" do
         tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
         expect(provider.send(:content)).to receive(:tempfile).at_least(:once).and_return(tempfile)
-        expect(File).to receive(:exists?).with("/tmp/foo-bar-baz").and_return(false)
+        expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(false)
         expect { provider.send(:do_contents_changes) }.to raise_error(RuntimeError)
       end
     end

data/spec/unit/chef_fs/file_system/repository/directory_spec.rb

@@ -64,7 +64,7 @@ describe Chef::ChefFS::FileSystem::Repository::Directory do
   end
 
   let(:file_double) do
-    double(TestFile, create: true, exists?: false)
+    double(TestFile, create: true, exist?: false, exists?: false)
   end
 
   context "#make_child_entry" do

data/spec/unit/compliance/runner_spec.rb

@@ -202,6 +202,16 @@ describe Chef::Compliance::Runner do
       expect { runner.load_and_validate! }.to raise_error(/^CMPL002:/)
     end
 
+    it "raises CMPL004 if both the inputs and attributes node attributes are set" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+      }
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+      expect { runner.load_and_validate! }.to raise_error(/^CMPL011:/)
+    end
+
     it "validates configured reporters" do
       node.normal["audit"]["reporter"] = [ "chef-automate" ]
       reporter_double = double("reporter", validate_config!: nil)
@@ -212,6 +222,40 @@ describe Chef::Compliance::Runner do
   end
 
   describe "#inspec_opts" do
+    it "pulls inputs from the attributes setting" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
+    it "pulls inputs from the inputs setting" do
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
+    it "favors inputs over attributes" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "dinner",
+      }
+
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
     it "does not include chef_node in inputs by default" do
       node.normal["audit"]["attributes"] = {
         "tacos" => "lunch",
@@ -221,7 +265,7 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs.key?("chef_node")).to eq(false)
+      expect(inputs.key?("chef_node")).to eq(true)
     end
 
     it "includes chef_node in inputs with chef_node_attribute_enabled set" do
@@ -234,7 +278,7 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs["chef_node"]["audit"]["reporter"]).to eq("json-file")
+      expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli")
       expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
     end
   end

data/spec/unit/cookbook_version_spec.rb

@@ -41,7 +41,59 @@ describe Chef::CookbookVersion do
     it "has empty metadata" do
       expect(cookbook_version.metadata).to eq(Chef::Cookbook::Metadata.new)
     end
+  end
+
+  describe "#recipe_yml_filenames_by_name" do
+    let(:cookbook_version) { Chef::CookbookVersion.new("mycb", "/tmp/mycb") }
+
+    def files_for_recipe(extension)
+      [
+        { name: "recipes/default.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/default.#{extension}" },
+        { name: "recipes/other.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/other.#{extension}" },
+      ]
+    end
+    context "and YAML files present include both a recipes/default.yml and a recipes/default.yaml" do
+      before(:each) do
+        allow(cookbook_version).to receive(:files_for).with("recipes").and_return(
+          [
+            { name: "recipes/default.yml", full_path: "/home/user/repo/cookbooks/test/recipes/default.yml" },
+            { name: "recipes/default.yaml", full_path: "/home/user/repo/cookbooks/test/recipes/default.yaml" },
+          ]
+        )
+      end
+      it "because both are valid and we can't pick, it raises an error that contains the info needed to fix the problem" do
+        expect { cookbook_version.recipe_yml_filenames_by_name }
+          .to raise_error(Chef::Exceptions::AmbiguousYAMLFile, /.*default.yml.*default.yaml.*update the cookbook to remove/)
+      end
+    end
+
+    %w{yml yaml}.each do |extension|
+
+      context "and YAML files are present including a recipes/default.#{extension}" do
+        before(:each) do
+          allow(cookbook_version).to receive(:files_for).with("recipes").and_return(files_for_recipe(extension))
+        end
+
+        context "and manifest does not include a root_files/recipe.#{extension}" do
+          it "returns all YAML recipes with a correct default of default.#{extension}" do
+            expect(cookbook_version.recipe_yml_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipes/default.#{extension}",
+                                                                        "other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
+          end
+        end
+
+        context "and manifest also includes a root_files/recipe.#{extension}" do
+          let(:root_files) { [{ name: "root_files/recipe.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipe.#{extension}" } ] }
+          before(:each) do
+            allow(cookbook_version.cookbook_manifest).to receive(:root_files).and_return(root_files)
+          end
 
+          it "returns all YAML recipes with a correct default of recipe.#{extension}" do
+            expect(cookbook_version.recipe_yml_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipe.#{extension}",
+                                                                         "other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
+          end
+        end
+      end
+    end
   end
 
   describe "with a cookbook directory named tatft" do

data/spec/unit/data_collector_spec.rb

@@ -142,11 +142,17 @@ describe Chef::DataCollector do
   def expect_converge_message(keys)
     keys["message_type"] = "run_converge"
     keys["message_version"] = "1.1.0"
+    # if (keys.key?("node") && !keys["node"].empty?)
+    #   expect(rest_client).to receive(:post) do |_a, hash, _b|
+    #     require 'pry'; binding.pry
+    #   end
+    # else
     expect(rest_client).to receive(:post).with(
       nil,
       hash_including(keys),
       { "Content-Type" => "application/json" }
     )
+    # end
   end
 
   def resource_has_diff(new_resource, status)
@@ -202,7 +208,7 @@ describe Chef::DataCollector do
     end
 
     it "has a node" do
-      expect_converge_message("node" => expected_node)
+      expect_converge_message("node" => expected_node.is_a?(Chef::Node) ? expected_node.data_for_save : expected_node)
       send_run_failed_or_completed_event
     end
 
@@ -808,6 +814,46 @@ describe Chef::DataCollector do
         it_behaves_like "sends a converge message"
       end
 
+      context "when node attributes are block-listed" do
+        let(:status) { "success" }
+        before do
+          Chef::Config[:blocked_default_attributes] = [
+            %w{secret key_to_the_kingdom},
+          ]
+          node.default = {
+            "secret" => { "key_to_the_kingdom" => "under the flower pot to the left of the drawbridge" },
+            "publicinfo" => { "num_flower_pots" => 18 },
+          }
+        end
+
+        it "payload should exclude blocked attributes" do
+          expect(rest_client).to receive(:post) do |_addr, hash, _headers|
+            expect(hash["node"]["default"]).to eq({ "secret" => {}, "publicinfo" => { "num_flower_pots" => 18 } })
+          end
+          send_run_failed_or_completed_event
+        end
+      end
+
+      context "when node attributes are allow-listed" do
+        let(:status) { "success" }
+        before do
+          Chef::Config[:allowed_default_attributes] = [
+            %w{public entrance},
+          ]
+          node.default = {
+            "public" => { "entrance" => "is the drawbridge" },
+            "secret" => { "entrance" => "is the tunnel" },
+          }
+        end
+
+        it "payload should include only allowed attributes" do
+          expect(rest_client).to receive(:post) do |_addr, hash, _headers|
+            expect(hash["node"]["default"]).to eq({ "public" => { "entrance" => "is the drawbridge" } })
+          end
+          send_run_failed_or_completed_event
+        end
+      end
+
     end
   end
 

data/spec/unit/dsl/render_helpers_spec.rb

@@ -0,0 +1,102 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef/dsl/render_helpers"
+
+describe Chef::DSL::RenderHelpers do
+
+  hash = {
+          "golf": "hotel",
+          "kilo": %w{lima mike},
+          "india": {
+                    "juliett": "blue",
+                   },
+          "alpha": {
+                    "charlie": true,
+                    "bravo": 10,
+                   },
+          "echo": "foxtrot",
+         }
+
+  context "render_json" do
+    json = Chef::DSL::RenderHelpers.render_json(hash)
+    describe "JSON content" do
+      it "expected JSON output" do
+        expected = <<-EXPECTED
+{
+  "golf": "hotel",
+  "kilo": [
+    "lima",
+    "mike"
+  ],
+  "india": {
+    "juliett": "blue"
+  },
+  "alpha": {
+    "charlie": true,
+    "bravo": 10
+  },
+  "echo": "foxtrot"
+}
+        EXPECTED
+        expect(json).to eq(expected)
+      end
+    end
+  end
+
+  context "render_toml" do
+    toml = Chef::DSL::RenderHelpers.render_toml(hash)
+    describe "TOML content" do
+      it "expected TOML output" do
+        expected = <<-EXPECTED
+echo = "foxtrot"
+golf = "hotel"
+kilo = ["lima", "mike"]
+[alpha]
+bravo = 10
+charlie = true
+[india]
+juliett = "blue"
+        EXPECTED
+        expect(toml).to eq(expected)
+      end
+    end
+  end
+
+  context "render_yaml" do
+    yaml = Chef::DSL::RenderHelpers.render_yaml(hash)
+    describe "YAML content" do
+      it "expected YAML output" do
+        expected = <<-EXPECTED
+---
+golf: hotel
+kilo:
+- lima
+- mike
+india:
+  juliett: blue
+alpha:
+  charlie: true
+  bravo: 10
+echo: foxtrot
+        EXPECTED
+        expect(yaml).to eq(expected)
+      end
+    end
+  end
+end

data/spec/unit/dsl/secret_spec.rb

@@ -0,0 +1,71 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef/dsl/secret"
+require "chef/secret_fetcher/base"
+class SecretDSLTester
+  include Chef::DSL::Secret
+  # Because DSL is invoked in the context of a recipe,
+  # we expect run_context to always be available when SecretFetcher::Base
+  # requests it - making it safe to mock here
+  def run_context
+    nil
+  end
+end
+
+class SecretFetcherImpl < Chef::SecretFetcher::Base
+  def do_fetch(name, version)
+    name
+  end
+end
+
+describe Chef::DSL::Secret do
+  let(:dsl) { SecretDSLTester.new }
+  it "responds to 'secret'" do
+    expect(dsl.respond_to?(:secret)).to eq true
+  end
+
+  it "uses SecretFetcher.for_service to find the fetcher" do
+    substitute_fetcher = SecretFetcherImpl.new({}, nil)
+    expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher)
+    expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
+    dsl.secret(name: "key1", service: :example, config: {})
+  end
+
+  it "resolves a secret when using the example fetcher" do
+    secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
+    expect(secret_value).to eq "secret value"
+  end
+
+  context "when used within a resource" do
+    let(:run_context) {
+      Chef::RunContext.new(Chef::Node.new,
+                           Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
+                           Chef::EventDispatch::Dispatcher.new)
+    }
+
+    it "marks that resource as 'sensitive'" do
+      recipe = Chef::Recipe.new("secrets", "test", run_context)
+      recipe.zen_master "secret_test" do
+        peace secret(name: "test1", service: :example, config: { "test1" => true })
+      end
+      expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
+    end
+  end
+end