chef 17.0.242 → 17.4.25

data/spec/unit/resource/windows_firewall_rule_spec.rb

@@ -85,7 +85,12 @@ describe Chef::Resource::WindowsFirewallRule do
 
   it "the remote_address property accepts strings" do
     resource.remote_address("8.8.4.4")
-    expect(resource.remote_address).to eql("8.8.4.4")
+    expect(resource.remote_address).to eql(["8.8.4.4"])
+  end
+
+  it "the remote_address property accepts comma separated lists" do
+    resource.remote_address(["10.17.3.101", "172.7.7.53"])
+    expect(resource.remote_address).to eql(%w{10.17.3.101 172.7.7.53})
   end
 
   it "the remote_port property accepts strings" do
@@ -223,8 +228,8 @@ describe Chef::Resource::WindowsFirewallRule do
   end
 
   it "aliases :remoteip to :remote_address" do
-    resource.remoteip("8.8.8.8")
-    expect(resource.remote_address).to eql("8.8.8.8")
+    resource.remoteip(["8.8.8.8"])
+    expect(resource.remote_address).to eql(["8.8.8.8"])
   end
 
   it "aliases :localport to :local_port" do
@@ -288,7 +293,7 @@ describe Chef::Resource::WindowsFirewallRule do
       end
 
       it "sets RemoteAddress" do
-        resource.remote_address("8.8.8.8")
+        resource.remote_address(["8.8.8.8"])
         expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -IcmpType 'Any' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
       end
 
@@ -365,7 +370,7 @@ describe Chef::Resource::WindowsFirewallRule do
         resource.group("new group")
         resource.local_address("192.168.40.40")
         resource.local_port("80")
-        resource.remote_address("8.8.4.4")
+        resource.remote_address(["8.8.4.4"])
         resource.remote_port("8081")
         resource.direction(:outbound)
         resource.protocol("UDP")
@@ -416,7 +421,7 @@ describe Chef::Resource::WindowsFirewallRule do
       end
 
       it "sets RemoteAddress" do
-        resource.remote_address("8.8.8.8")
+        resource.remote_address(["8.8.8.8"])
         expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -NewDisplayName 'test_rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -IcmpType 'Any' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
       end
 
@@ -487,7 +492,7 @@ describe Chef::Resource::WindowsFirewallRule do
         resource.displayname("some cool display name")
         resource.local_address("192.168.40.40")
         resource.local_port("80")
-        resource.remote_address("8.8.4.4")
+        resource.remote_address(["8.8.4.4"])
         resource.remote_port("8081")
         resource.direction(:outbound)
         resource.protocol("UDP")

data/spec/unit/resource/windows_pagefile_spec.rb

@@ -18,14 +18,14 @@
 require "spec_helper"
 
 describe Chef::Resource::WindowsPagefile do
-  let(:resource) { Chef::Resource::WindowsPagefile.new("C:\\pagefile.sys") }
+  let(:resource) { Chef::Resource::WindowsPagefile.new("c:\\pagefile.sys") }
 
   it "sets resource name as :windows_pagefile" do
     expect(resource.resource_name).to eql(:windows_pagefile)
   end
 
   it "the path property is the name_property" do
-    expect(resource.path).to eql("C:\\pagefile.sys")
+    expect(resource.path).to eql("c:\\pagefile.sys")
   end
 
   it "sets the default action as :set" do
@@ -38,12 +38,7 @@ describe Chef::Resource::WindowsPagefile do
   end
 
   it "coerces forward slashes in the path property to back slashes" do
-    resource.path "C:/pagefile.sys"
-    expect(resource.path).to eql("C:\\pagefile.sys")
+    resource.path "c:/pagefile.sys"
+    expect(resource.path).to eql("c:\\pagefile.sys")
   end
-
-  it "automatic_managed property defaults to false" do
-    expect(resource.automatic_managed).to eql(false)
-  end
-
 end

data/spec/unit/resource/windows_update_settings_spec.rb

@@ -0,0 +1,64 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# Author:: Tim Smith (tsmith@chef.io)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsUpdateSettings do
+  let(:resource) { Chef::Resource::WindowsUpdateSettings.new("foobar") }
+
+  it "sets resource name as :windows_update_settings" do
+    expect(resource.resource_name).to eql(:windows_update_settings)
+  end
+
+  it "sets the default action as :set" do
+    expect(resource.action).to eql([:set])
+  end
+
+  it "supports :set and legacy :enable actions" do
+    expect { resource.action :set }.not_to raise_error
+    expect { resource.action :enable }.not_to raise_error
+  end
+
+  it "raises an error if scheduled_install_day isn't a validate day" do
+    expect { resource.scheduled_install_day "Saturday" }.not_to raise_error
+    expect { resource.scheduled_install_day "Sunday" }.not_to raise_error
+    expect { resource.scheduled_install_day "Extraday" }.to raise_error(ArgumentError)
+  end
+
+  it "raises an error if automatic_update_option isn't a validate option" do
+    expect { resource.automatic_update_option 2 }.not_to raise_error
+    expect { resource.automatic_update_option :notify }.not_to raise_error
+    expect { resource.automatic_update_option :nope }.to raise_error(ArgumentError)
+  end
+
+  it "coerces legacy Integer value in automatic_update_option to friendly symbol" do
+    resource.automatic_update_option 2
+    expect(resource.automatic_update_option).to eql(:notify)
+  end
+
+  it "raises an error if scheduled_install_hour isn't a 24 hour clock hour" do
+    expect { resource.scheduled_install_hour 2 }.not_to raise_error
+    expect { resource.scheduled_install_hour 0 }.to raise_error(ArgumentError)
+    expect { resource.scheduled_install_hour 25 }.to raise_error(ArgumentError)
+  end
+
+  it "raises an error if custom_detection_frequency isn't a valid frequency" do
+    expect { resource.custom_detection_frequency 0 }.not_to raise_error
+    expect { resource.custom_detection_frequency 23 }.to raise_error(ArgumentError)
+  end
+end

data/spec/unit/resource/zypper_repository_spec.rb

@@ -85,7 +85,7 @@ describe Chef::Resource::ZypperRepository do
 
   it "accepts the legacy 'key' property" do
     resource.key "foo"
-    expect(resource.gpgkey).to eql("foo")
+    expect(resource.gpgkey).to eql(["foo"])
   end
 
   it "accepts the legacy 'uri' property" do

data/spec/unit/resource_spec.rb

@@ -1172,21 +1172,23 @@ describe Chef::Resource do
       action :base_action3, description: "unmodified base action 3 desc" do; end
     end
 
+    let(:resource_inst) { TestResource.new("TestResource", nil) }
+
     it "returns nil when no description was provided for the action" do
-      expect(TestResource.action_description(:base_action0)).to eql(nil)
+      expect(resource_inst.action_description(:base_action0)).to eql(nil)
     end
 
     context "when action definition is a string" do
       it "returns the description whether a symbol or string is used to look it up" do
-        expect(TestResource.action_description("string_action")).to eql("a string test")
-        expect(TestResource.action_description(:string_action)).to eql("a string test")
+        expect(resource_inst.action_description("string_action")).to eql("a string test")
+        expect(resource_inst.action_description(:string_action)).to eql("a string test")
       end
     end
 
     context "when action definition is a symbol" do
       it "returns the description whether a symbol or string is used to look up" do
-        expect(TestResource.action_description("symbol_action")).to eql("a symbol test")
-        expect(TestResource.action_description(:symbol_action)).to eql("a symbol test")
+        expect(resource_inst.action_description("symbol_action")).to eql("a symbol test")
+        expect(resource_inst.action_description(:symbol_action)).to eql("a symbol test")
       end
     end
 
@@ -1196,14 +1198,23 @@ describe Chef::Resource do
         action :base_action3 do; end
       end
 
+      class TestResourceChild2 < TestResource
+        # We should never see this description
+        action :base_action2, description: "if you see this in an error, TestResourceChild was polluted with this description" do; end
+      end
+      let(:resource_inst) { TestResourceChild.new("TestResource", nil) }
+
       it "returns original description when a described action is not overridden in child resource" do
-        expect(TestResourceChild.action_description(:base_action1)).to eq "unmodified base action 1 desc"
+        expect(resource_inst.action_description(:base_action1)).to eq "unmodified base action 1 desc"
       end
       it "returns original description when the child resource overrides an inherited action but NOT its description" do
-        expect(TestResourceChild.action_description(:base_action3)).to eq "unmodified base action 3 desc"
+        expect(resource_inst.action_description(:base_action3)).to eq "unmodified base action 3 desc"
+      end
+      it "returns new description when the child resource overrides an inherited action and its description" do
+        expect(resource_inst.action_description(:base_action2)).to eq "modified base action 2 desc"
       end
       it "returns new description when the child resource overrides an inherited action and its description" do
-        expect(TestResourceChild.action_description(:base_action2)).to eq "modified base action 2 desc"
+        expect(resource_inst.action_description(:base_action2)).to eq "modified base action 2 desc"
       end
     end
   end

data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb

@@ -0,0 +1,70 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/aws_secrets_manager"
+
+describe Chef::SecretFetcher::AWSSecretsManager do
+  let(:node) { {} }
+  let(:aws_global_config) { {} }
+  let(:fetcher_config) { {} }
+  let(:run_context) { double("run_context", node: node) }
+  let(:fetcher) {
+    Chef::SecretFetcher::AWSSecretsManager.new( fetcher_config, run_context )
+  }
+
+  before do
+    allow(Aws).to receive(:config).and_return(aws_global_config)
+  end
+
+  context "when region is provided" do
+    let(:fetcher_config) { { region: "region-from-caller" } }
+    it "uses the provided region" do
+      fetcher.validate!
+      expect(fetcher.config[:region]).to eq "region-from-caller"
+    end
+  end
+
+  context "when region is not provided" do
+    context "and no region exists in AWS config or node attributes" do
+      it "raises a ConfigurationInvalid error" do
+        expect { fetcher.validate! }.to raise_error Chef::Exceptions::Secret::ConfigurationInvalid
+      end
+    end
+
+    context "and region exists in AWS config and node attributes" do
+      let(:aws_global_config)  { { region: "region-from-aws-global-config" } }
+      let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
+      it "uses the region from AWS config" do
+        fetcher.validate!
+        expect(fetcher.config[:region]).to eq "region-from-aws-global-config"
+      end
+    end
+
+    context "and region exists only in node attributes" do
+      let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
+      it "uses the region from AWS config" do
+        fetcher.validate!
+        expect(fetcher.config[:region]).to eq "region-from-ohai-data"
+      end
+
+    end
+
+  end
+end

data/spec/unit/secret_fetcher/azure_key_vault_spec.rb

@@ -0,0 +1,70 @@
+
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher"
+require "chef/secret_fetcher/azure_key_vault"
+
+describe Chef::SecretFetcher::AzureKeyVault do
+  let(:config) { { vault: "my_vault" } }
+  let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
+
+  context "when performing a fetch" do
+    let(:body) { '{ "value" : "my secret value" }' }
+    let(:response_mock) { double("response", body: body) }
+    let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
+
+    before do
+      allow(fetcher).to receive(:fetch_token).and_return "a token"
+      allow(Net::HTTP).to receive(:new).and_return(http_mock)
+    end
+
+    context "and vault name is only provided in the secret name" do
+      let(:body) { '{ "value" : "my secret value" }' }
+      let(:config) { {} }
+      it "fetches the value" do
+        expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
+      end
+    end
+
+    context "and vault name is not provided in the secret name" do
+      context "and vault name is not provided in config" do
+        let(:config) { {} }
+        it "raises a ConfigurationInvalid exception" do
+          expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+        end
+      end
+
+      context "and vault name is provided in config" do
+        let(:config) { { vault: "my_vault" } }
+        it "fetches the value" do
+          expect(fetcher.fetch("value")).to eq "my secret value"
+        end
+      end
+    end
+    context "and an error response is received in the body" do
+      let(:config) { { vault: "my_vault" } }
+      let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
+      it "raises FetchFailed" do
+        expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+      end
+    end
+  end
+end
+

data/spec/unit/secret_fetcher_spec.rb

@@ -0,0 +1,82 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/secret_fetcher"
+require "chef/secret_fetcher/example"
+
+class SecretFetcherImpl < Chef::SecretFetcher::Base
+  def do_fetch(name, version)
+    name
+  end
+
+  def validate!; end
+end
+
+describe Chef::SecretFetcher do
+  let(:fetcher_impl) { SecretFetcherImpl.new({}, nil) }
+
+  before do
+    allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl
+  end
+
+  context ".for_service" do
+    it "resolves the example fetcher without error" do
+      Chef::SecretFetcher.for_service(:example, {}, nil)
+    end
+
+    it "resolves the Azure Key Vault fetcher without error" do
+      Chef::SecretFetcher.for_service(:azure_key_vault, { vault: "invalid" }, nil)
+    end
+
+    it "resolves the AWS fetcher without error" do
+      Chef::SecretFetcher.for_service(:aws_secrets_manager, { region: "invalid" }, nil)
+    end
+
+    it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
+      expect { Chef::SecretFetcher.for_service(nil, {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
+    end
+
+    it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do
+      expect { Chef::SecretFetcher.for_service("", {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
+    end
+
+    it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do
+      expect { Chef::SecretFetcher.for_service(:bad_example, {}, nil) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
+    end
+
+    it "ensures fetcher configuration is valid by invoking validate!" do
+      expect(fetcher_impl).to receive(:validate!)
+      Chef::SecretFetcher.for_service(:example, {}, nil)
+    end
+  end
+
+  context "#fetch" do
+    let(:fetcher) {
+      Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }, nil)
+    }
+
+    it "fetches from the underlying service when secret name is provided " do
+      expect(fetcher_impl).to receive(:fetch).with("key1", "v1")
+      fetcher.fetch("key1", "v1")
+    end
+
+    it "raises an error when the secret name is not provided" do
+      expect { fetcher.fetch(nil) }.to raise_error(Chef::Exceptions::Secret::MissingSecretName)
+    end
+  end
+end