chef 17.1.35-universal-mingw32 → 17.4.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (198) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -4
  3. data/chef.gemspec +1 -0
  4. data/lib/chef/action_collection.rb +6 -26
  5. data/lib/chef/application/base.rb +15 -0
  6. data/lib/chef/application.rb +4 -2
  7. data/lib/chef/client.rb +7 -1
  8. data/lib/chef/compliance/default_attributes.rb +5 -3
  9. data/lib/chef/compliance/reporter/automate.rb +1 -1
  10. data/lib/chef/compliance/runner.rb +16 -2
  11. data/lib/chef/cookbook_version.rb +26 -4
  12. data/lib/chef/data_collector/run_end_message.rb +1 -1
  13. data/lib/chef/data_collector.rb +0 -1
  14. data/lib/chef/deprecated.rb +14 -4
  15. data/lib/chef/dsl/render_helpers.rb +44 -0
  16. data/lib/chef/dsl/secret.rb +64 -0
  17. data/lib/chef/dsl/toml.rb +116 -0
  18. data/lib/chef/dsl/universal.rb +5 -0
  19. data/lib/chef/dsl.rb +1 -0
  20. data/lib/chef/event_dispatch/base.rb +2 -1
  21. data/lib/chef/exceptions.rb +23 -0
  22. data/lib/chef/formatters/doc.rb +14 -13
  23. data/lib/chef/formatters/error_mapper.rb +2 -2
  24. data/lib/chef/formatters/minimal.rb +6 -5
  25. data/lib/chef/handler/slow_report.rb +66 -0
  26. data/lib/chef/handler.rb +46 -8
  27. data/lib/chef/http.rb +5 -5
  28. data/lib/chef/json_compat.rb +1 -1
  29. data/lib/chef/node.rb +20 -19
  30. data/lib/chef/policy_builder/policyfile.rb +88 -45
  31. data/lib/chef/provider/execute.rb +1 -1
  32. data/lib/chef/provider/file.rb +2 -2
  33. data/lib/chef/provider/group/dscl.rb +1 -1
  34. data/lib/chef/provider/launchd.rb +6 -6
  35. data/lib/chef/provider/lwrp_base.rb +1 -1
  36. data/lib/chef/provider/package/habitat.rb +168 -0
  37. data/lib/chef/provider/package/powershell.rb +5 -0
  38. data/lib/chef/provider/subversion.rb +4 -4
  39. data/lib/chef/provider/support/yum_repo.erb +1 -1
  40. data/lib/chef/provider/support/zypper_repo.erb +4 -2
  41. data/lib/chef/provider/systemd_unit.rb +17 -16
  42. data/lib/chef/provider/user/mac.rb +3 -3
  43. data/lib/chef/provider/yum_repository.rb +27 -43
  44. data/lib/chef/provider/zypper_repository.rb +30 -34
  45. data/lib/chef/provider.rb +26 -1
  46. data/lib/chef/provider_resolver.rb +8 -2
  47. data/lib/chef/providers.rb +1 -0
  48. data/lib/chef/resource/alternatives.rb +5 -5
  49. data/lib/chef/resource/apt_preference.rb +2 -2
  50. data/lib/chef/resource/apt_repository.rb +2 -2
  51. data/lib/chef/resource/apt_update.rb +4 -4
  52. data/lib/chef/resource/build_essential.rb +1 -1
  53. data/lib/chef/resource/chef_client_config.rb +10 -5
  54. data/lib/chef/resource/chef_client_cron.rb +3 -3
  55. data/lib/chef/resource/chef_client_launchd.rb +3 -3
  56. data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
  57. data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
  58. data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
  59. data/lib/chef/resource/chef_handler.rb +2 -2
  60. data/lib/chef/resource/chef_sleep.rb +1 -1
  61. data/lib/chef/resource/chef_vault_secret.rb +2 -2
  62. data/lib/chef/resource/chocolatey_feature.rb +2 -2
  63. data/lib/chef/resource/chocolatey_source.rb +1 -1
  64. data/lib/chef/resource/cron/cron_d.rb +4 -6
  65. data/lib/chef/resource/cron_access.rb +1 -1
  66. data/lib/chef/resource/dmg_package.rb +1 -1
  67. data/lib/chef/resource/dsc_resource.rb +1 -1
  68. data/lib/chef/resource/execute.rb +5 -5
  69. data/lib/chef/resource/gem_package.rb +2 -1
  70. data/lib/chef/resource/group.rb +4 -4
  71. data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
  72. data/lib/chef/resource/habitat/habitat_package.rb +129 -0
  73. data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
  74. data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
  75. data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
  76. data/lib/chef/resource/habitat_config.rb +107 -0
  77. data/lib/chef/resource/habitat_install.rb +247 -0
  78. data/lib/chef/resource/habitat_service.rb +451 -0
  79. data/lib/chef/resource/habitat_user_toml.rb +92 -0
  80. data/lib/chef/resource/homebrew_cask.rb +18 -7
  81. data/lib/chef/resource/homebrew_package.rb +1 -1
  82. data/lib/chef/resource/homebrew_tap.rb +4 -3
  83. data/lib/chef/resource/homebrew_update.rb +2 -2
  84. data/lib/chef/resource/hostname.rb +49 -7
  85. data/lib/chef/resource/inspec_waiver_file_entry.rb +8 -7
  86. data/lib/chef/resource/kernel_module.rb +6 -6
  87. data/lib/chef/resource/launchd.rb +3 -3
  88. data/lib/chef/resource/locale.rb +1 -1
  89. data/lib/chef/resource/lwrp_base.rb +1 -1
  90. data/lib/chef/resource/macos_userdefaults.rb +2 -2
  91. data/lib/chef/resource/ohai_hint.rb +2 -6
  92. data/lib/chef/resource/openbsd_package.rb +17 -0
  93. data/lib/chef/resource/openssl_dhparam.rb +1 -2
  94. data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
  95. data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
  96. data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
  97. data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
  98. data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
  99. data/lib/chef/resource/openssl_x509_crl.rb +1 -3
  100. data/lib/chef/resource/openssl_x509_request.rb +1 -3
  101. data/lib/chef/resource/osx_profile.rb +3 -3
  102. data/lib/chef/resource/plist.rb +1 -1
  103. data/lib/chef/resource/powershell_package_source.rb +2 -4
  104. data/lib/chef/resource/reboot.rb +38 -9
  105. data/lib/chef/resource/remote_directory.rb +2 -2
  106. data/lib/chef/resource/remote_file.rb +1 -1
  107. data/lib/chef/resource/rhsm_errata.rb +0 -2
  108. data/lib/chef/resource/rhsm_errata_level.rb +1 -5
  109. data/lib/chef/resource/rhsm_repo.rb +15 -0
  110. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  111. data/lib/chef/resource/ruby_block.rb +100 -0
  112. data/lib/chef/resource/scm/subversion.rb +1 -1
  113. data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
  114. data/lib/chef/resource/sudo.rb +2 -6
  115. data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
  116. data/lib/chef/resource/support/client.erb +8 -1
  117. data/lib/chef/resource/support/sup.toml.erb +179 -0
  118. data/lib/chef/resource/swap_file.rb +2 -6
  119. data/lib/chef/resource/sysctl.rb +2 -2
  120. data/lib/chef/resource/systemd_unit.rb +3 -3
  121. data/lib/chef/resource/timezone.rb +1 -1
  122. data/lib/chef/resource/user_ulimit.rb +2 -2
  123. data/lib/chef/resource/windows_ad_join.rb +2 -2
  124. data/lib/chef/resource/windows_audit_policy.rb +2 -2
  125. data/lib/chef/resource/windows_auto_run.rb +2 -2
  126. data/lib/chef/resource/windows_certificate.rb +1 -1
  127. data/lib/chef/resource/windows_defender.rb +163 -0
  128. data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
  129. data/lib/chef/resource/windows_dfs_folder.rb +2 -2
  130. data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
  131. data/lib/chef/resource/windows_dns_record.rb +2 -2
  132. data/lib/chef/resource/windows_dns_zone.rb +2 -2
  133. data/lib/chef/resource/windows_feature.rb +3 -3
  134. data/lib/chef/resource/windows_feature_dism.rb +3 -5
  135. data/lib/chef/resource/windows_feature_powershell.rb +3 -3
  136. data/lib/chef/resource/windows_firewall_profile.rb +2 -2
  137. data/lib/chef/resource/windows_firewall_rule.rb +20 -6
  138. data/lib/chef/resource/windows_font.rb +1 -1
  139. data/lib/chef/resource/windows_pagefile.rb +103 -64
  140. data/lib/chef/resource/windows_path.rb +2 -2
  141. data/lib/chef/resource/windows_printer.rb +80 -61
  142. data/lib/chef/resource/windows_printer_port.rb +48 -65
  143. data/lib/chef/resource/windows_security_policy.rb +2 -2
  144. data/lib/chef/resource/windows_share.rb +2 -2
  145. data/lib/chef/resource/windows_shortcut.rb +1 -1
  146. data/lib/chef/resource/windows_task.rb +1 -1
  147. data/lib/chef/resource/windows_uac.rb +3 -5
  148. data/lib/chef/resource/windows_update_settings.rb +259 -0
  149. data/lib/chef/resource/windows_user_privilege.rb +2 -2
  150. data/lib/chef/resource/windows_workgroup.rb +2 -2
  151. data/lib/chef/resource/yum_package.rb +11 -15
  152. data/lib/chef/resource/zypper_package.rb +4 -4
  153. data/lib/chef/resource/zypper_repository.rb +28 -8
  154. data/lib/chef/resource.rb +13 -17
  155. data/lib/chef/resource_inspector.rb +6 -2
  156. data/lib/chef/resource_reporter.rb +0 -1
  157. data/lib/chef/resources.rb +12 -1
  158. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
  159. data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
  160. data/lib/chef/secret_fetcher/base.rb +76 -0
  161. data/lib/chef/secret_fetcher/example.rb +46 -0
  162. data/lib/chef/secret_fetcher.rb +55 -0
  163. data/lib/chef/version.rb +1 -1
  164. data/spec/functional/mixin/from_file_spec.rb +1 -1
  165. data/spec/functional/resource/windows_hostname_spec.rb +91 -0
  166. data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
  167. data/spec/integration/compliance/compliance_spec.rb +1 -0
  168. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  169. data/spec/integration/recipes/resource_action_spec.rb +6 -6
  170. data/spec/support/shared/unit/provider/file.rb +2 -8
  171. data/spec/unit/compliance/runner_spec.rb +46 -2
  172. data/spec/unit/cookbook_version_spec.rb +52 -0
  173. data/spec/unit/data_collector_spec.rb +47 -1
  174. data/spec/unit/dsl/render_helpers_spec.rb +102 -0
  175. data/spec/unit/dsl/secret_spec.rb +71 -0
  176. data/spec/unit/formatters/doc_spec.rb +1 -1
  177. data/spec/unit/handler_spec.rb +8 -2
  178. data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
  179. data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
  180. data/spec/unit/provider/apt_update_spec.rb +3 -1
  181. data/spec/unit/provider/mount/aix_spec.rb +1 -1
  182. data/spec/unit/provider/package/powershell_spec.rb +74 -12
  183. data/spec/unit/provider/zypper_repository_spec.rb +3 -10
  184. data/spec/unit/provider_spec.rb +23 -0
  185. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  186. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  187. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  188. data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
  189. data/spec/unit/resource/windows_defender_spec.rb +71 -0
  190. data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
  191. data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
  192. data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
  193. data/spec/unit/resource/zypper_repository_spec.rb +1 -1
  194. data/spec/unit/resource_spec.rb +19 -8
  195. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  196. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
  197. data/spec/unit/secret_fetcher_spec.rb +82 -0
  198. metadata +55 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d814772e55ced10ad9a25572951a3b2a947d99f34d04a8461832f98e9de30c82
4
- data.tar.gz: eaffd1bafbb17d03f396b57c2749ba9ab4cdce63167398bdeb73d3d655bb27b5
3
+ metadata.gz: 84ec7e8ea8d183bc0319fbf78ed7eb5f6ea0830020bde33233f96ca1c26947bc
4
+ data.tar.gz: e49b65d28c30682629d84258b8352d4076fe650156ef5f314507a9fe0adb2ba8
5
5
  SHA512:
6
- metadata.gz: b0d2752d08a72f130ef06263783ccb6c62b14edb653a19f9425c7cf7410a26668ebe6c8a8dbb845cc2705b5abe035ea9475b5c4e78eb43a5a5b43b1a4846c017
7
- data.tar.gz: 6d77cbb27f1ef920d28af4aeae4a5f39ee5841e523a16b65173c4cf8bff9d740b8e9e54ec66d02b17d73ec968595ffb27909033664415ca23461ac1e8e649125
6
+ metadata.gz: ad784e028b0347e81dfb3b75dd6c6d58c143d2d87a3bbd746eadbcf4d35f1c3cb242d4c4f1dcd2a2d16d66bb05232eb902ef65b4dd31bbc68f41dd5a81d9e5a1
7
+ data.tar.gz: f78342cb9b9410cc931f9158388faff31e1a34786e93c4e6892c7c903086b171a363f295adc203c473a3806de987a7a403b3699b105622d87dbe73085b1600f3
data/Gemfile CHANGED
@@ -2,7 +2,7 @@ source "https://rubygems.org"
2
2
 
3
3
  gem "chef", path: "."
4
4
 
5
- gem "ohai", git: "https://github.com/chef/ohai.git", branch: "master"
5
+ gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main"
6
6
 
7
7
  gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
8
8
  gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
@@ -25,9 +25,11 @@ group(:omnibus_package) do
25
25
  end
26
26
 
27
27
  group(:omnibus_package, :pry) do
28
- gem "pry"
28
+ # Locked because pry-byebug is broken with 13+.
29
+ # some work is ongoing? https://github.com/deivid-rodriguez/pry-byebug/issues/343
30
+ gem "pry", "= 0.13.0"
29
31
  # byebug does not install on freebsd on ruby 3.0
30
- # gem "pry-byebug"
32
+ gem "pry-byebug" unless RUBY_PLATFORM =~ /freebsd/i
31
33
  gem "pry-stack_explorer"
32
34
  end
33
35
 
@@ -46,7 +48,7 @@ end
46
48
 
47
49
  group(:chefstyle) do
48
50
  # for testing new chefstyle rules
49
- gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "master"
51
+ gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "main"
50
52
  end
51
53
 
52
54
  instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]
data/chef.gemspec CHANGED
@@ -55,6 +55,7 @@ Gem::Specification.new do |s|
55
55
 
56
56
  s.add_dependency "proxifier", "~> 1.0"
57
57
 
58
+ s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
58
59
  s.bindir = "bin"
59
60
  s.executables = %w{ }
60
61
 
@@ -87,13 +87,11 @@ class Chef
87
87
  attr_reader :action_records
88
88
  attr_reader :pending_updates
89
89
  attr_reader :run_context
90
- attr_reader :consumers
91
90
  attr_reader :events
92
91
 
93
92
  def initialize(events, run_context = nil, action_records = [])
94
93
  @action_records = action_records
95
94
  @pending_updates = []
96
- @consumers = []
97
95
  @events = events
98
96
  @run_context = run_context
99
97
  end
@@ -118,17 +116,17 @@ class Chef
118
116
  self.class.new(events, run_context, subrecords)
119
117
  end
120
118
 
119
+ def resources
120
+ action_records.map(&:new_resource)
121
+ end
122
+
121
123
  # This hook gives us the run_context immediately after it is created so that we can wire up this object to it.
122
124
  #
123
- # This also causes the action_collection_registration event to fire, all consumers that have not yet registered with the
124
- # action_collection must register via this callback. This is the latest point before resources actually start to get
125
- # evaluated.
126
- #
127
125
  # (see EventDispatch::Base#)
128
126
  #
129
127
  def cookbook_compilation_start(run_context)
130
128
  run_context.action_collection = self
131
- # fire the action_colleciton_registration hook after cookbook_compilation_start -- last chance for consumers to register
129
+ # this hook is now poorly named since it is just a callback that lets other consumers snag a reference to the action_collection
132
130
  run_context.events.enqueue(:action_collection_registration, self)
133
131
  @run_context = run_context
134
132
  end
@@ -139,7 +137,7 @@ class Chef
139
137
  # @params object [Object] callers should call with `self`
140
138
  #
141
139
  def register(object)
142
- consumers << object
140
+ Chef::Log.warn "the action collection no longer requires registration at #{caller[0]}"
143
141
  end
144
142
 
145
143
  # End of an unsuccessful converge used to fire off detect_unprocessed_resources.
@@ -147,8 +145,6 @@ class Chef
147
145
  # (see EventDispatch::Base#)
148
146
  #
149
147
  def converge_failed(exception)
150
- return if consumers.empty?
151
-
152
148
  detect_unprocessed_resources
153
149
  end
154
150
 
@@ -159,8 +155,6 @@ class Chef
159
155
  # (see EventDispatch::Base#)
160
156
  #
161
157
  def resource_action_start(new_resource, action, notification_type = nil, notifier = nil)
162
- return if consumers.empty?
163
-
164
158
  pending_updates << ActionRecord.new(new_resource, action, pending_updates.length)
165
159
  end
166
160
 
@@ -170,8 +164,6 @@ class Chef
170
164
  # (see EventDispatch::Base#)
171
165
  #
172
166
  def resource_current_state_loaded(new_resource, action, current_resource)
173
- return if consumers.empty?
174
-
175
167
  current_record.current_resource = current_resource
176
168
  end
177
169
 
@@ -181,8 +173,6 @@ class Chef
181
173
  # (see EventDispatch::Base#)
182
174
  #
183
175
  def resource_after_state_loaded(new_resource, action, after_resource)
184
- return if consumers.empty?
185
-
186
176
  current_record.after_resource = after_resource
187
177
  end
188
178
 
@@ -191,8 +181,6 @@ class Chef
191
181
  # (see EventDispatch::Base#)
192
182
  #
193
183
  def resource_up_to_date(new_resource, action)
194
- return if consumers.empty?
195
-
196
184
  current_record.status = :up_to_date
197
185
  end
198
186
 
@@ -201,8 +189,6 @@ class Chef
201
189
  # (see EventDispatch::Base#)
202
190
  #
203
191
  def resource_skipped(resource, action, conditional)
204
- return if consumers.empty?
205
-
206
192
  current_record.status = :skipped
207
193
  current_record.conditional = conditional
208
194
  end
@@ -212,8 +198,6 @@ class Chef
212
198
  # (see EventDispatch::Base#)
213
199
  #
214
200
  def resource_updated(new_resource, action)
215
- return if consumers.empty?
216
-
217
201
  current_record.status = :updated
218
202
  end
219
203
 
@@ -222,8 +206,6 @@ class Chef
222
206
  # (see EventDispatch::Base#)
223
207
  #
224
208
  def resource_failed(new_resource, action, exception)
225
- return if consumers.empty?
226
-
227
209
  current_record.status = :failed
228
210
  current_record.exception = exception
229
211
  current_record.error_description = Formatters::ErrorMapper.resource_failed(new_resource, action, exception).for_json
@@ -234,8 +216,6 @@ class Chef
234
216
  # (see EventDispatch::Base#)
235
217
  #
236
218
  def resource_completed(new_resource)
237
- return if consumers.empty?
238
-
239
219
  current_record.elapsed_time = new_resource.elapsed_time
240
220
 
241
221
  # Verify if the resource has sensitive data and create a new blank resource with only
@@ -297,6 +297,21 @@ class Chef::Application::Base < Chef::Application
297
297
  long: "--named-run-list NAMED_RUN_LIST",
298
298
  description: "Use a policyfile's named run list instead of the default run list."
299
299
 
300
+ option :slow_report,
301
+ long: "--[no-]slow-report [COUNT]",
302
+ description: "List the slowest resources at the end of the run (default: 10).",
303
+ boolean: true,
304
+ default: false,
305
+ proc: lambda { |argument|
306
+ if argument.nil?
307
+ true
308
+ elsif argument == false
309
+ false
310
+ else
311
+ Integer(argument)
312
+ end
313
+ }
314
+
300
315
  IMMEDIATE_RUN_SIGNAL = "1".freeze
301
316
  RECONFIGURE_SIGNAL = "H".freeze
302
317
 
@@ -310,7 +310,7 @@ class Chef
310
310
  logger.info "Forking #{ChefUtils::Dist::Infra::PRODUCT} instance to converge..."
311
311
  pid = fork do
312
312
  # Want to allow forked processes to finish converging when
313
- # TERM singal is received (exit gracefully)
313
+ # TERM signal is received (exit gracefully)
314
314
  trap("TERM") do
315
315
  logger.debug("SIGTERM received during converge," +
316
316
  " finishing converge to exit normally (send SIGINT to terminate immediately)")
@@ -377,7 +377,9 @@ class Chef
377
377
 
378
378
  Chef::FileCache.store("#{ChefUtils::Dist::Infra::SHORT}-stacktrace.out", chef_stacktrace_out)
379
379
  logger.fatal("Stacktrace dumped to #{Chef::FileCache.load("#{ChefUtils::Dist::Infra::SHORT}-stacktrace.out", false)}")
380
- logger.fatal("Please provide the contents of the stacktrace.out file if you file a bug report")
380
+ logger.fatal("---------------------------------------------------------------------------------------")
381
+ logger.fatal("PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT")
382
+ logger.fatal("---------------------------------------------------------------------------------------")
381
383
  if Chef::Config[:always_dump_stacktrace]
382
384
  logger.fatal(message)
383
385
  else
data/lib/chef/client.rb CHANGED
@@ -751,7 +751,7 @@ class Chef
751
751
  end
752
752
 
753
753
  # Notification registration
754
- class<<self
754
+ class << self
755
755
  #
756
756
  # Add a listener for the 'client run started' event.
757
757
  #
@@ -863,6 +863,12 @@ class Chef
863
863
  end
864
864
 
865
865
  def start_profiling
866
+ if Chef::Config[:slow_report]
867
+ require_relative "handler/slow_report"
868
+
869
+ Chef::Config.report_handlers << Chef::Handler::SlowReport.new(Chef::Config[:slow_report])
870
+ end
871
+
866
872
  return unless Chef::Config[:profile_ruby]
867
873
 
868
874
  profiling_prereqs!
@@ -28,7 +28,7 @@ class Chef
28
28
  # Controls what is done with the resulting report after the Chef InSpec run.
29
29
  # Accepts a single string value or an array of multiple values.
30
30
  # Accepted values: 'chef-server-automate', 'chef-automate', 'json-file', 'audit-enforcer', 'cli'
31
- "reporter" => %w{json-file cli},
31
+ "reporter" => "cli",
32
32
 
33
33
  # Controls if Chef InSpec profiles should be fetched from Chef Automate or Chef Infra Server
34
34
  # in addition to the default fetch locations provided by Chef Inspec.
@@ -47,8 +47,10 @@ class Chef
47
47
  "profiles" => {},
48
48
 
49
49
  # Extra inputs passed to Chef InSpec to allow finer-grained control over behavior.
50
- # These are mapped to Chef InSpec's inputs, but are named attributes here for legacy reasons.
51
50
  # See Chef Inspec's documentation for more information: https://docs.chef.io/inspec/inputs/
51
+ "inputs" => {},
52
+
53
+ # Legacy alias for inputs
52
54
  "attributes" => {},
53
55
 
54
56
  # A string path or an array of paths to Chef InSpec waiver files.
@@ -88,7 +90,7 @@ class Chef
88
90
 
89
91
  # If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input
90
92
  # named `chef_node`.
91
- "chef_node_attribute_enabled" => false,
93
+ "chef_node_attribute_enabled" => true,
92
94
 
93
95
  # Should the built-in compliance phase run. True and false force the behavior. Nil does magic based on if you have
94
96
  # profiles defined but do not have the audit cookbook enabled.
@@ -76,7 +76,7 @@ class Chef
76
76
 
77
77
  begin
78
78
  Chef::Log.info "Report to #{ChefUtils::Dist::Automate::PRODUCT}: #{@url}"
79
- Chef::Log.debug "Compliance Report: #{json_report}"
79
+ Chef::Log.debug "Compliance Phase report: #{json_report}"
80
80
  http_client.post(nil, json_report, headers)
81
81
  true
82
82
  rescue => e
@@ -113,8 +113,17 @@ class Chef
113
113
  logger.info "Chef Infra Compliance Phase Complete"
114
114
  end
115
115
 
116
+ def inputs_from_attributes
117
+ if !node["audit"]["inputs"].empty?
118
+ node["audit"]["inputs"].to_h
119
+ else
120
+ node["audit"]["attributes"].to_h
121
+ end
122
+ end
123
+
116
124
  def inspec_opts
117
- inputs = node["audit"]["attributes"].to_h
125
+ inputs = inputs_from_attributes
126
+
118
127
  if node["audit"]["chef_node_attribute_enabled"]
119
128
  inputs["chef_node"] = node.to_h
120
129
  inputs["chef_node"]["chef_environment"] = node.chef_environment
@@ -171,7 +180,7 @@ class Chef
171
180
  logger.info "Running profiles from: #{profiles.inspect}"
172
181
  runner.run
173
182
  runner.report.tap do |r|
174
- logger.debug "Compliance Report #{r}"
183
+ logger.debug "Compliance Phase report #{r}"
175
184
  end
176
185
  rescue Inspec::FetcherFailure => e
177
186
  failed_report("Cannot fetch all profiles: #{profiles}. Please make sure you're authenticated and the server is reachable. #{e.message}")
@@ -300,6 +309,11 @@ class Chef
300
309
  raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] = #{fetcher}). Supported fetchers are: #{SUPPORTED_FETCHERS.join(", ")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase#fetch-profiles"
301
310
  end
302
311
  end
312
+
313
+ if !node["audit"]["attributes"].empty? && !node["audit"]["inputs"].empty?
314
+ raise "CMPL011: both node['audit']['inputs'] and node['audit']['attributes'] are set. The node['audit']['attributes'] setting is deprecated and should not be used."
315
+ end
316
+
303
317
  @validation_passed = true
304
318
  end
305
319
  end
@@ -138,11 +138,14 @@ class Chef
138
138
  end
139
139
 
140
140
  def recipe_yml_filenames_by_name
141
- @recipe_ym_filenames_by_name ||= begin
141
+ @recipe_yml_filenames_by_name ||= begin
142
142
  name_map = yml_filenames_by_name(files_for("recipes"))
143
- root_alias = cookbook_manifest.root_files.find { |record| record[:name] == "root_files/recipe.yml" }
143
+ root_alias = cookbook_manifest.root_files.find { |record|
144
+ record[:name] == "root_files/recipe.yml" ||
145
+ record[:name] == "root_files/recipe.yaml"
146
+ }
144
147
  if root_alias
145
- Chef::Log.error("Cookbook #{name} contains both recipe.yml and and recipes/default.yml, ignoring recipes/default.yml") if name_map["default"]
148
+ Chef::Log.error("Cookbook #{name} contains both recipe.yml and recipes/default.yml, ignoring recipes/default.yml") if name_map["default"]
146
149
  name_map["default"] = root_alias[:full_path]
147
150
  end
148
151
  name_map
@@ -582,8 +585,27 @@ class Chef
582
585
  records.select { |record| record[:name] =~ /\.rb$/ }.inject({}) { |memo, record| memo[File.basename(record[:name], ".rb")] = record[:full_path]; memo }
583
586
  end
584
587
 
588
+ # Filters YAML files from the superset of provided files.
589
+ # Checks for duplicate basenames with differing extensions (eg yaml v yml)
590
+ # and raises error if any are detected.
591
+ # This prevents us from arbitrarily the ".yaml" or ".yml" version when both are present,
592
+ # because we don't know which is correct.
593
+ # This method runs in O(n^2) where N = number of yml files present. This number should be consistently
594
+ # low enough that there's no noticeable perf impact.
585
595
  def yml_filenames_by_name(records)
586
- records.select { |record| record[:name] =~ /\.yml$/ }.inject({}) { |memo, record| memo[File.basename(record[:name], ".yml")] = record[:full_path]; memo }
596
+ yml_files = records.select { |record| record[:name] =~ /\.(y[a]?ml)$/ }
597
+ result = yml_files.inject({}) do |acc, record|
598
+ filename = record[:name]
599
+ base_dup_name = File.join(File.dirname(filename), File.basename(filename, File.extname(filename)))
600
+ yml_files.each do |other|
601
+ if other[:name] =~ /#{(File.extname(filename) == ".yml") ? "#{base_dup_name}.yaml" : "#{base_dup_name}.yml"}$/
602
+ raise Chef::Exceptions::AmbiguousYAMLFile.new("Cookbook #{name}@#{version} contains ambiguous files: #{filename} and #{other[:name]}. Please update the cookbook to remove the incorrect file.")
603
+ end
604
+ end
605
+ acc[File.basename(record[:name], File.extname(record[:name]))] = record[:full_path]
606
+ acc
607
+ end
608
+ result
587
609
  end
588
610
 
589
611
  def file_vendor
@@ -51,7 +51,7 @@ class Chef
51
51
  "id" => run_status&.run_id,
52
52
  "message_version" => "1.1.0",
53
53
  "message_type" => "run_converge",
54
- "node" => node || {},
54
+ "node" => node&.data_for_save || {},
55
55
  "node_name" => node&.name || data_collector.node_name,
56
56
  "organization_name" => organization,
57
57
  "resources" => all_action_records(action_collection),
@@ -104,7 +104,6 @@ class Chef
104
104
  #
105
105
  def action_collection_registration(action_collection)
106
106
  @action_collection = action_collection
107
- action_collection.register(self)
108
107
  end
109
108
 
110
109
  # - Creates and writes our NodeUUID back to the node object
@@ -79,10 +79,12 @@ class Chef
79
79
  return true if location =~ /^(.*?):(\d+):in/ && begin
80
80
  # Don't buffer the whole file in memory, so read it one line at a time.
81
81
  line_no = $2.to_i
82
- location_file = ::File.open($1)
83
- (line_no - 1).times { location_file.readline } # Read all the lines we don't care about.
84
- relevant_line = location_file.readline
85
- relevant_line.match?(/#.*chef:silence_deprecation($|[^:]|:#{self.class.deprecation_key})/)
82
+ if File.exist?($1) # some stacktraces come from `eval` and not a file
83
+ location_file = ::File.open($1)
84
+ (line_no - 1).times { location_file.readline } # Read all the lines we don't care about.
85
+ relevant_line = location_file.readline
86
+ relevant_line.match?(/#.*chef:silence_deprecation($|[^:]|:#{self.class.deprecation_key})/)
87
+ end
86
88
  end
87
89
 
88
90
  false
@@ -253,6 +255,14 @@ class Chef
253
255
  target 33
254
256
  end
255
257
 
258
+ class AttributeWhitelistConfiguration < Base
259
+ target 34
260
+ end
261
+
262
+ class PolicyfileCompatMode < Base
263
+ target 35
264
+ end
265
+
256
266
  class Generic < Base
257
267
  def url
258
268
  "https://docs.chef.io/chef_deprecations_client/"
@@ -0,0 +1,44 @@
1
+ #
2
+ # Copyright:: Copyright (c) Chef Software Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ require_relative "toml"
17
+ require_relative "../json_compat"
18
+ autoload :YAML, "yaml"
19
+
20
+ class Chef
21
+ module DSL
22
+ module RenderHelpers
23
+
24
+ # pretty-print a hash as a JSON string
25
+ def render_json(hash)
26
+ JSON.pretty_generate(hash) + "\n"
27
+ end
28
+
29
+ # pretty-print a hash as a TOML string
30
+ def render_toml(hash)
31
+ Chef::DSL::Toml::Dumper.new(hash).toml_str
32
+ end
33
+
34
+ # pretty-print a hash as a YAML string
35
+ def render_yaml(hash)
36
+ yaml_content = hash.transform_keys(&:to_s).to_yaml
37
+ # above replaces first-level keys with strings, below the rest
38
+ yaml_content.gsub!(" :", " ")
39
+ end
40
+
41
+ extend self
42
+ end
43
+ end
44
+ end