chef 17.1.35-universal-mingw32 → 17.4.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (198) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -4
  3. data/chef.gemspec +1 -0
  4. data/lib/chef/action_collection.rb +6 -26
  5. data/lib/chef/application/base.rb +15 -0
  6. data/lib/chef/application.rb +4 -2
  7. data/lib/chef/client.rb +7 -1
  8. data/lib/chef/compliance/default_attributes.rb +5 -3
  9. data/lib/chef/compliance/reporter/automate.rb +1 -1
  10. data/lib/chef/compliance/runner.rb +16 -2
  11. data/lib/chef/cookbook_version.rb +26 -4
  12. data/lib/chef/data_collector/run_end_message.rb +1 -1
  13. data/lib/chef/data_collector.rb +0 -1
  14. data/lib/chef/deprecated.rb +14 -4
  15. data/lib/chef/dsl/render_helpers.rb +44 -0
  16. data/lib/chef/dsl/secret.rb +64 -0
  17. data/lib/chef/dsl/toml.rb +116 -0
  18. data/lib/chef/dsl/universal.rb +5 -0
  19. data/lib/chef/dsl.rb +1 -0
  20. data/lib/chef/event_dispatch/base.rb +2 -1
  21. data/lib/chef/exceptions.rb +23 -0
  22. data/lib/chef/formatters/doc.rb +14 -13
  23. data/lib/chef/formatters/error_mapper.rb +2 -2
  24. data/lib/chef/formatters/minimal.rb +6 -5
  25. data/lib/chef/handler/slow_report.rb +66 -0
  26. data/lib/chef/handler.rb +46 -8
  27. data/lib/chef/http.rb +5 -5
  28. data/lib/chef/json_compat.rb +1 -1
  29. data/lib/chef/node.rb +20 -19
  30. data/lib/chef/policy_builder/policyfile.rb +88 -45
  31. data/lib/chef/provider/execute.rb +1 -1
  32. data/lib/chef/provider/file.rb +2 -2
  33. data/lib/chef/provider/group/dscl.rb +1 -1
  34. data/lib/chef/provider/launchd.rb +6 -6
  35. data/lib/chef/provider/lwrp_base.rb +1 -1
  36. data/lib/chef/provider/package/habitat.rb +168 -0
  37. data/lib/chef/provider/package/powershell.rb +5 -0
  38. data/lib/chef/provider/subversion.rb +4 -4
  39. data/lib/chef/provider/support/yum_repo.erb +1 -1
  40. data/lib/chef/provider/support/zypper_repo.erb +4 -2
  41. data/lib/chef/provider/systemd_unit.rb +17 -16
  42. data/lib/chef/provider/user/mac.rb +3 -3
  43. data/lib/chef/provider/yum_repository.rb +27 -43
  44. data/lib/chef/provider/zypper_repository.rb +30 -34
  45. data/lib/chef/provider.rb +26 -1
  46. data/lib/chef/provider_resolver.rb +8 -2
  47. data/lib/chef/providers.rb +1 -0
  48. data/lib/chef/resource/alternatives.rb +5 -5
  49. data/lib/chef/resource/apt_preference.rb +2 -2
  50. data/lib/chef/resource/apt_repository.rb +2 -2
  51. data/lib/chef/resource/apt_update.rb +4 -4
  52. data/lib/chef/resource/build_essential.rb +1 -1
  53. data/lib/chef/resource/chef_client_config.rb +10 -5
  54. data/lib/chef/resource/chef_client_cron.rb +3 -3
  55. data/lib/chef/resource/chef_client_launchd.rb +3 -3
  56. data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
  57. data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
  58. data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
  59. data/lib/chef/resource/chef_handler.rb +2 -2
  60. data/lib/chef/resource/chef_sleep.rb +1 -1
  61. data/lib/chef/resource/chef_vault_secret.rb +2 -2
  62. data/lib/chef/resource/chocolatey_feature.rb +2 -2
  63. data/lib/chef/resource/chocolatey_source.rb +1 -1
  64. data/lib/chef/resource/cron/cron_d.rb +4 -6
  65. data/lib/chef/resource/cron_access.rb +1 -1
  66. data/lib/chef/resource/dmg_package.rb +1 -1
  67. data/lib/chef/resource/dsc_resource.rb +1 -1
  68. data/lib/chef/resource/execute.rb +5 -5
  69. data/lib/chef/resource/gem_package.rb +2 -1
  70. data/lib/chef/resource/group.rb +4 -4
  71. data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
  72. data/lib/chef/resource/habitat/habitat_package.rb +129 -0
  73. data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
  74. data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
  75. data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
  76. data/lib/chef/resource/habitat_config.rb +107 -0
  77. data/lib/chef/resource/habitat_install.rb +247 -0
  78. data/lib/chef/resource/habitat_service.rb +451 -0
  79. data/lib/chef/resource/habitat_user_toml.rb +92 -0
  80. data/lib/chef/resource/homebrew_cask.rb +18 -7
  81. data/lib/chef/resource/homebrew_package.rb +1 -1
  82. data/lib/chef/resource/homebrew_tap.rb +4 -3
  83. data/lib/chef/resource/homebrew_update.rb +2 -2
  84. data/lib/chef/resource/hostname.rb +49 -7
  85. data/lib/chef/resource/inspec_waiver_file_entry.rb +8 -7
  86. data/lib/chef/resource/kernel_module.rb +6 -6
  87. data/lib/chef/resource/launchd.rb +3 -3
  88. data/lib/chef/resource/locale.rb +1 -1
  89. data/lib/chef/resource/lwrp_base.rb +1 -1
  90. data/lib/chef/resource/macos_userdefaults.rb +2 -2
  91. data/lib/chef/resource/ohai_hint.rb +2 -6
  92. data/lib/chef/resource/openbsd_package.rb +17 -0
  93. data/lib/chef/resource/openssl_dhparam.rb +1 -2
  94. data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
  95. data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
  96. data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
  97. data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
  98. data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
  99. data/lib/chef/resource/openssl_x509_crl.rb +1 -3
  100. data/lib/chef/resource/openssl_x509_request.rb +1 -3
  101. data/lib/chef/resource/osx_profile.rb +3 -3
  102. data/lib/chef/resource/plist.rb +1 -1
  103. data/lib/chef/resource/powershell_package_source.rb +2 -4
  104. data/lib/chef/resource/reboot.rb +38 -9
  105. data/lib/chef/resource/remote_directory.rb +2 -2
  106. data/lib/chef/resource/remote_file.rb +1 -1
  107. data/lib/chef/resource/rhsm_errata.rb +0 -2
  108. data/lib/chef/resource/rhsm_errata_level.rb +1 -5
  109. data/lib/chef/resource/rhsm_repo.rb +15 -0
  110. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  111. data/lib/chef/resource/ruby_block.rb +100 -0
  112. data/lib/chef/resource/scm/subversion.rb +1 -1
  113. data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
  114. data/lib/chef/resource/sudo.rb +2 -6
  115. data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
  116. data/lib/chef/resource/support/client.erb +8 -1
  117. data/lib/chef/resource/support/sup.toml.erb +179 -0
  118. data/lib/chef/resource/swap_file.rb +2 -6
  119. data/lib/chef/resource/sysctl.rb +2 -2
  120. data/lib/chef/resource/systemd_unit.rb +3 -3
  121. data/lib/chef/resource/timezone.rb +1 -1
  122. data/lib/chef/resource/user_ulimit.rb +2 -2
  123. data/lib/chef/resource/windows_ad_join.rb +2 -2
  124. data/lib/chef/resource/windows_audit_policy.rb +2 -2
  125. data/lib/chef/resource/windows_auto_run.rb +2 -2
  126. data/lib/chef/resource/windows_certificate.rb +1 -1
  127. data/lib/chef/resource/windows_defender.rb +163 -0
  128. data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
  129. data/lib/chef/resource/windows_dfs_folder.rb +2 -2
  130. data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
  131. data/lib/chef/resource/windows_dns_record.rb +2 -2
  132. data/lib/chef/resource/windows_dns_zone.rb +2 -2
  133. data/lib/chef/resource/windows_feature.rb +3 -3
  134. data/lib/chef/resource/windows_feature_dism.rb +3 -5
  135. data/lib/chef/resource/windows_feature_powershell.rb +3 -3
  136. data/lib/chef/resource/windows_firewall_profile.rb +2 -2
  137. data/lib/chef/resource/windows_firewall_rule.rb +20 -6
  138. data/lib/chef/resource/windows_font.rb +1 -1
  139. data/lib/chef/resource/windows_pagefile.rb +103 -64
  140. data/lib/chef/resource/windows_path.rb +2 -2
  141. data/lib/chef/resource/windows_printer.rb +80 -61
  142. data/lib/chef/resource/windows_printer_port.rb +48 -65
  143. data/lib/chef/resource/windows_security_policy.rb +2 -2
  144. data/lib/chef/resource/windows_share.rb +2 -2
  145. data/lib/chef/resource/windows_shortcut.rb +1 -1
  146. data/lib/chef/resource/windows_task.rb +1 -1
  147. data/lib/chef/resource/windows_uac.rb +3 -5
  148. data/lib/chef/resource/windows_update_settings.rb +259 -0
  149. data/lib/chef/resource/windows_user_privilege.rb +2 -2
  150. data/lib/chef/resource/windows_workgroup.rb +2 -2
  151. data/lib/chef/resource/yum_package.rb +11 -15
  152. data/lib/chef/resource/zypper_package.rb +4 -4
  153. data/lib/chef/resource/zypper_repository.rb +28 -8
  154. data/lib/chef/resource.rb +13 -17
  155. data/lib/chef/resource_inspector.rb +6 -2
  156. data/lib/chef/resource_reporter.rb +0 -1
  157. data/lib/chef/resources.rb +12 -1
  158. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
  159. data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
  160. data/lib/chef/secret_fetcher/base.rb +76 -0
  161. data/lib/chef/secret_fetcher/example.rb +46 -0
  162. data/lib/chef/secret_fetcher.rb +55 -0
  163. data/lib/chef/version.rb +1 -1
  164. data/spec/functional/mixin/from_file_spec.rb +1 -1
  165. data/spec/functional/resource/windows_hostname_spec.rb +91 -0
  166. data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
  167. data/spec/integration/compliance/compliance_spec.rb +1 -0
  168. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  169. data/spec/integration/recipes/resource_action_spec.rb +6 -6
  170. data/spec/support/shared/unit/provider/file.rb +2 -8
  171. data/spec/unit/compliance/runner_spec.rb +46 -2
  172. data/spec/unit/cookbook_version_spec.rb +52 -0
  173. data/spec/unit/data_collector_spec.rb +47 -1
  174. data/spec/unit/dsl/render_helpers_spec.rb +102 -0
  175. data/spec/unit/dsl/secret_spec.rb +71 -0
  176. data/spec/unit/formatters/doc_spec.rb +1 -1
  177. data/spec/unit/handler_spec.rb +8 -2
  178. data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
  179. data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
  180. data/spec/unit/provider/apt_update_spec.rb +3 -1
  181. data/spec/unit/provider/mount/aix_spec.rb +1 -1
  182. data/spec/unit/provider/package/powershell_spec.rb +74 -12
  183. data/spec/unit/provider/zypper_repository_spec.rb +3 -10
  184. data/spec/unit/provider_spec.rb +23 -0
  185. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  186. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  187. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  188. data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
  189. data/spec/unit/resource/windows_defender_spec.rb +71 -0
  190. data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
  191. data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
  192. data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
  193. data/spec/unit/resource/zypper_repository_spec.rb +1 -1
  194. data/spec/unit/resource_spec.rb +19 -8
  195. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  196. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
  197. data/spec/unit/secret_fetcher_spec.rb +82 -0
  198. metadata +55 -7
@@ -43,7 +43,6 @@ end
43
43
  def setup_normal_file
44
44
  [ resource_path, normalized_path, windows_path].each do |path|
45
45
  allow(File).to receive(:file?).with(path).and_return(true)
46
- allow(File).to receive(:exists?).with(path).and_return(true)
47
46
  allow(File).to receive(:exist?).with(path).and_return(true)
48
47
  allow(File).to receive(:directory?).with(path).and_return(false)
49
48
  allow(File).to receive(:writable?).with(path).and_return(true)
@@ -57,7 +56,6 @@ def setup_missing_file
57
56
  [ resource_path, normalized_path, windows_path].each do |path|
58
57
  allow(File).to receive(:file?).with(path).and_return(false)
59
58
  allow(File).to receive(:realpath?).with(path).and_return(resource_path)
60
- allow(File).to receive(:exists?).with(path).and_return(false)
61
59
  allow(File).to receive(:exist?).with(path).and_return(false)
62
60
  allow(File).to receive(:directory?).with(path).and_return(false)
63
61
  allow(File).to receive(:writable?).with(path).and_return(false)
@@ -70,7 +68,6 @@ def setup_symlink
70
68
  [ resource_path, normalized_path, windows_path].each do |path|
71
69
  allow(File).to receive(:file?).with(path).and_return(true)
72
70
  allow(File).to receive(:realpath?).with(path).and_return(normalized_path)
73
- allow(File).to receive(:exists?).with(path).and_return(true)
74
71
  allow(File).to receive(:exist?).with(path).and_return(true)
75
72
  allow(File).to receive(:directory?).with(path).and_return(false)
76
73
  allow(File).to receive(:writable?).with(path).and_return(true)
@@ -84,7 +81,6 @@ def setup_unwritable_file
84
81
  [ resource_path, normalized_path, windows_path].each do |path|
85
82
  allow(File).to receive(:file?).with(path).and_return(false)
86
83
  allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
87
- allow(File).to receive(:exists?).with(path).and_return(true)
88
84
  allow(File).to receive(:exist?).with(path).and_return(true)
89
85
  allow(File).to receive(:directory?).with(path).and_return(false)
90
86
  allow(File).to receive(:writable?).with(path).and_return(false)
@@ -97,7 +93,6 @@ def setup_missing_enclosing_directory
97
93
  [ resource_path, normalized_path, windows_path].each do |path|
98
94
  allow(File).to receive(:file?).with(path).and_return(false)
99
95
  allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
100
- allow(File).to receive(:exists?).with(path).and_return(false)
101
96
  allow(File).to receive(:exist?).with(path).and_return(false)
102
97
  allow(File).to receive(:directory?).with(path).and_return(false)
103
98
  allow(File).to receive(:writable?).with(path).and_return(false)
@@ -138,7 +133,6 @@ shared_examples_for Chef::Provider::File do
138
133
  before(:each) do
139
134
  allow(content).to receive(:tempfile).and_return(tempfile)
140
135
  allow(File).to receive(:exist?).with(tempfile.path).and_call_original
141
- allow(File).to receive(:exists?).with(tempfile.path).and_call_original
142
136
  end
143
137
 
144
138
  after do
@@ -547,7 +541,7 @@ shared_examples_for Chef::Provider::File do
547
541
  provider.load_current_resource
548
542
  tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
549
543
  allow(content).to receive(:tempfile).and_return(tempfile)
550
- expect(File).to receive(:exists?).with("/tmp/foo-bar-baz").and_return(true)
544
+ expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(true)
551
545
  expect(tempfile).to receive(:close).once
552
546
  expect(tempfile).to receive(:unlink).once
553
547
  end
@@ -630,7 +624,7 @@ shared_examples_for Chef::Provider::File do
630
624
  it "raises an exception when the content object returns a tempfile that does not exist" do
631
625
  tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
632
626
  expect(provider.send(:content)).to receive(:tempfile).at_least(:once).and_return(tempfile)
633
- expect(File).to receive(:exists?).with("/tmp/foo-bar-baz").and_return(false)
627
+ expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(false)
634
628
  expect { provider.send(:do_contents_changes) }.to raise_error(RuntimeError)
635
629
  end
636
630
  end
@@ -202,6 +202,16 @@ describe Chef::Compliance::Runner do
202
202
  expect { runner.load_and_validate! }.to raise_error(/^CMPL002:/)
203
203
  end
204
204
 
205
+ it "raises CMPL004 if both the inputs and attributes node attributes are set" do
206
+ node.normal["audit"]["attributes"] = {
207
+ "tacos" => "lunch",
208
+ }
209
+ node.normal["audit"]["inputs"] = {
210
+ "tacos" => "lunch",
211
+ }
212
+ expect { runner.load_and_validate! }.to raise_error(/^CMPL011:/)
213
+ end
214
+
205
215
  it "validates configured reporters" do
206
216
  node.normal["audit"]["reporter"] = [ "chef-automate" ]
207
217
  reporter_double = double("reporter", validate_config!: nil)
@@ -212,6 +222,40 @@ describe Chef::Compliance::Runner do
212
222
  end
213
223
 
214
224
  describe "#inspec_opts" do
225
+ it "pulls inputs from the attributes setting" do
226
+ node.normal["audit"]["attributes"] = {
227
+ "tacos" => "lunch",
228
+ }
229
+
230
+ inputs = runner.inspec_opts[:inputs]
231
+
232
+ expect(inputs["tacos"]).to eq("lunch")
233
+ end
234
+
235
+ it "pulls inputs from the inputs setting" do
236
+ node.normal["audit"]["inputs"] = {
237
+ "tacos" => "lunch",
238
+ }
239
+
240
+ inputs = runner.inspec_opts[:inputs]
241
+
242
+ expect(inputs["tacos"]).to eq("lunch")
243
+ end
244
+
245
+ it "favors inputs over attributes" do
246
+ node.normal["audit"]["attributes"] = {
247
+ "tacos" => "dinner",
248
+ }
249
+
250
+ node.normal["audit"]["inputs"] = {
251
+ "tacos" => "lunch",
252
+ }
253
+
254
+ inputs = runner.inspec_opts[:inputs]
255
+
256
+ expect(inputs["tacos"]).to eq("lunch")
257
+ end
258
+
215
259
  it "does not include chef_node in inputs by default" do
216
260
  node.normal["audit"]["attributes"] = {
217
261
  "tacos" => "lunch",
@@ -221,7 +265,7 @@ describe Chef::Compliance::Runner do
221
265
  inputs = runner.inspec_opts[:inputs]
222
266
 
223
267
  expect(inputs["tacos"]).to eq("lunch")
224
- expect(inputs.key?("chef_node")).to eq(false)
268
+ expect(inputs.key?("chef_node")).to eq(true)
225
269
  end
226
270
 
227
271
  it "includes chef_node in inputs with chef_node_attribute_enabled set" do
@@ -234,7 +278,7 @@ describe Chef::Compliance::Runner do
234
278
  inputs = runner.inspec_opts[:inputs]
235
279
 
236
280
  expect(inputs["tacos"]).to eq("lunch")
237
- expect(inputs["chef_node"]["audit"]["reporter"]).to eq(%w{json-file cli})
281
+ expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli")
238
282
  expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
239
283
  end
240
284
  end
@@ -41,7 +41,59 @@ describe Chef::CookbookVersion do
41
41
  it "has empty metadata" do
42
42
  expect(cookbook_version.metadata).to eq(Chef::Cookbook::Metadata.new)
43
43
  end
44
+ end
45
+
46
+ describe "#recipe_yml_filenames_by_name" do
47
+ let(:cookbook_version) { Chef::CookbookVersion.new("mycb", "/tmp/mycb") }
48
+
49
+ def files_for_recipe(extension)
50
+ [
51
+ { name: "recipes/default.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/default.#{extension}" },
52
+ { name: "recipes/other.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/other.#{extension}" },
53
+ ]
54
+ end
55
+ context "and YAML files present include both a recipes/default.yml and a recipes/default.yaml" do
56
+ before(:each) do
57
+ allow(cookbook_version).to receive(:files_for).with("recipes").and_return(
58
+ [
59
+ { name: "recipes/default.yml", full_path: "/home/user/repo/cookbooks/test/recipes/default.yml" },
60
+ { name: "recipes/default.yaml", full_path: "/home/user/repo/cookbooks/test/recipes/default.yaml" },
61
+ ]
62
+ )
63
+ end
64
+ it "because both are valid and we can't pick, it raises an error that contains the info needed to fix the problem" do
65
+ expect { cookbook_version.recipe_yml_filenames_by_name }
66
+ .to raise_error(Chef::Exceptions::AmbiguousYAMLFile, /.*default.yml.*default.yaml.*update the cookbook to remove/)
67
+ end
68
+ end
69
+
70
+ %w{yml yaml}.each do |extension|
71
+
72
+ context "and YAML files are present including a recipes/default.#{extension}" do
73
+ before(:each) do
74
+ allow(cookbook_version).to receive(:files_for).with("recipes").and_return(files_for_recipe(extension))
75
+ end
76
+
77
+ context "and manifest does not include a root_files/recipe.#{extension}" do
78
+ it "returns all YAML recipes with a correct default of default.#{extension}" do
79
+ expect(cookbook_version.recipe_yml_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipes/default.#{extension}",
80
+ "other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
81
+ end
82
+ end
83
+
84
+ context "and manifest also includes a root_files/recipe.#{extension}" do
85
+ let(:root_files) { [{ name: "root_files/recipe.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipe.#{extension}" } ] }
86
+ before(:each) do
87
+ allow(cookbook_version.cookbook_manifest).to receive(:root_files).and_return(root_files)
88
+ end
44
89
 
90
+ it "returns all YAML recipes with a correct default of recipe.#{extension}" do
91
+ expect(cookbook_version.recipe_yml_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipe.#{extension}",
92
+ "other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
93
+ end
94
+ end
95
+ end
96
+ end
45
97
  end
46
98
 
47
99
  describe "with a cookbook directory named tatft" do
@@ -142,11 +142,17 @@ describe Chef::DataCollector do
142
142
  def expect_converge_message(keys)
143
143
  keys["message_type"] = "run_converge"
144
144
  keys["message_version"] = "1.1.0"
145
+ # if (keys.key?("node") && !keys["node"].empty?)
146
+ # expect(rest_client).to receive(:post) do |_a, hash, _b|
147
+ # require 'pry'; binding.pry
148
+ # end
149
+ # else
145
150
  expect(rest_client).to receive(:post).with(
146
151
  nil,
147
152
  hash_including(keys),
148
153
  { "Content-Type" => "application/json" }
149
154
  )
155
+ # end
150
156
  end
151
157
 
152
158
  def resource_has_diff(new_resource, status)
@@ -202,7 +208,7 @@ describe Chef::DataCollector do
202
208
  end
203
209
 
204
210
  it "has a node" do
205
- expect_converge_message("node" => expected_node)
211
+ expect_converge_message("node" => expected_node.is_a?(Chef::Node) ? expected_node.data_for_save : expected_node)
206
212
  send_run_failed_or_completed_event
207
213
  end
208
214
 
@@ -808,6 +814,46 @@ describe Chef::DataCollector do
808
814
  it_behaves_like "sends a converge message"
809
815
  end
810
816
 
817
+ context "when node attributes are block-listed" do
818
+ let(:status) { "success" }
819
+ before do
820
+ Chef::Config[:blocked_default_attributes] = [
821
+ %w{secret key_to_the_kingdom},
822
+ ]
823
+ node.default = {
824
+ "secret" => { "key_to_the_kingdom" => "under the flower pot to the left of the drawbridge" },
825
+ "publicinfo" => { "num_flower_pots" => 18 },
826
+ }
827
+ end
828
+
829
+ it "payload should exclude blocked attributes" do
830
+ expect(rest_client).to receive(:post) do |_addr, hash, _headers|
831
+ expect(hash["node"]["default"]).to eq({ "secret" => {}, "publicinfo" => { "num_flower_pots" => 18 } })
832
+ end
833
+ send_run_failed_or_completed_event
834
+ end
835
+ end
836
+
837
+ context "when node attributes are allow-listed" do
838
+ let(:status) { "success" }
839
+ before do
840
+ Chef::Config[:allowed_default_attributes] = [
841
+ %w{public entrance},
842
+ ]
843
+ node.default = {
844
+ "public" => { "entrance" => "is the drawbridge" },
845
+ "secret" => { "entrance" => "is the tunnel" },
846
+ }
847
+ end
848
+
849
+ it "payload should include only allowed attributes" do
850
+ expect(rest_client).to receive(:post) do |_addr, hash, _headers|
851
+ expect(hash["node"]["default"]).to eq({ "public" => { "entrance" => "is the drawbridge" } })
852
+ end
853
+ send_run_failed_or_completed_event
854
+ end
855
+ end
856
+
811
857
  end
812
858
  end
813
859
 
@@ -0,0 +1,102 @@
1
+ #
2
+ # Copyright:: Copyright (c) Chef Software Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require "spec_helper"
19
+ require "chef/dsl/render_helpers"
20
+
21
+ describe Chef::DSL::RenderHelpers do
22
+
23
+ hash = {
24
+ "golf": "hotel",
25
+ "kilo": %w{lima mike},
26
+ "india": {
27
+ "juliett": "blue",
28
+ },
29
+ "alpha": {
30
+ "charlie": true,
31
+ "bravo": 10,
32
+ },
33
+ "echo": "foxtrot",
34
+ }
35
+
36
+ context "render_json" do
37
+ json = Chef::DSL::RenderHelpers.render_json(hash)
38
+ describe "JSON content" do
39
+ it "expected JSON output" do
40
+ expected = <<-EXPECTED
41
+ {
42
+ "golf": "hotel",
43
+ "kilo": [
44
+ "lima",
45
+ "mike"
46
+ ],
47
+ "india": {
48
+ "juliett": "blue"
49
+ },
50
+ "alpha": {
51
+ "charlie": true,
52
+ "bravo": 10
53
+ },
54
+ "echo": "foxtrot"
55
+ }
56
+ EXPECTED
57
+ expect(json).to eq(expected)
58
+ end
59
+ end
60
+ end
61
+
62
+ context "render_toml" do
63
+ toml = Chef::DSL::RenderHelpers.render_toml(hash)
64
+ describe "TOML content" do
65
+ it "expected TOML output" do
66
+ expected = <<-EXPECTED
67
+ echo = "foxtrot"
68
+ golf = "hotel"
69
+ kilo = ["lima", "mike"]
70
+ [alpha]
71
+ bravo = 10
72
+ charlie = true
73
+ [india]
74
+ juliett = "blue"
75
+ EXPECTED
76
+ expect(toml).to eq(expected)
77
+ end
78
+ end
79
+ end
80
+
81
+ context "render_yaml" do
82
+ yaml = Chef::DSL::RenderHelpers.render_yaml(hash)
83
+ describe "YAML content" do
84
+ it "expected YAML output" do
85
+ expected = <<-EXPECTED
86
+ ---
87
+ golf: hotel
88
+ kilo:
89
+ - lima
90
+ - mike
91
+ india:
92
+ juliett: blue
93
+ alpha:
94
+ charlie: true
95
+ bravo: 10
96
+ echo: foxtrot
97
+ EXPECTED
98
+ expect(yaml).to eq(expected)
99
+ end
100
+ end
101
+ end
102
+ end
@@ -0,0 +1,71 @@
1
+ #
2
+ # Author:: Marc Paradise <marc@chef.io>
3
+ # Copyright:: Copyright (c) Chef Software Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require "spec_helper"
20
+ require "chef/dsl/secret"
21
+ require "chef/secret_fetcher/base"
22
+ class SecretDSLTester
23
+ include Chef::DSL::Secret
24
+ # Because DSL is invoked in the context of a recipe,
25
+ # we expect run_context to always be available when SecretFetcher::Base
26
+ # requests it - making it safe to mock here
27
+ def run_context
28
+ nil
29
+ end
30
+ end
31
+
32
+ class SecretFetcherImpl < Chef::SecretFetcher::Base
33
+ def do_fetch(name, version)
34
+ name
35
+ end
36
+ end
37
+
38
+ describe Chef::DSL::Secret do
39
+ let(:dsl) { SecretDSLTester.new }
40
+ it "responds to 'secret'" do
41
+ expect(dsl.respond_to?(:secret)).to eq true
42
+ end
43
+
44
+ it "uses SecretFetcher.for_service to find the fetcher" do
45
+ substitute_fetcher = SecretFetcherImpl.new({}, nil)
46
+ expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher)
47
+ expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
48
+ dsl.secret(name: "key1", service: :example, config: {})
49
+ end
50
+
51
+ it "resolves a secret when using the example fetcher" do
52
+ secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
53
+ expect(secret_value).to eq "secret value"
54
+ end
55
+
56
+ context "when used within a resource" do
57
+ let(:run_context) {
58
+ Chef::RunContext.new(Chef::Node.new,
59
+ Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
60
+ Chef::EventDispatch::Dispatcher.new)
61
+ }
62
+
63
+ it "marks that resource as 'sensitive'" do
64
+ recipe = Chef::Recipe.new("secrets", "test", run_context)
65
+ recipe.zen_master "secret_test" do
66
+ peace secret(name: "test1", service: :example, config: { "test1" => true })
67
+ end
68
+ expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
69
+ end
70
+ end
71
+ end
@@ -40,7 +40,7 @@ describe Chef::Formatters::Base do
40
40
  }
41
41
 
42
42
  formatter.policyfile_loaded(minimal_policyfile)
43
- expect(out.string).to include("Using policy 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'")
43
+ expect(out.string).to include("Using Policyfile 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'")
44
44
  end
45
45
 
46
46
  it "prints cookbook name and version" do