chef 17.1.35-universal-mingw32 → 17.4.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (198) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -4
  3. data/chef.gemspec +1 -0
  4. data/lib/chef/action_collection.rb +6 -26
  5. data/lib/chef/application/base.rb +15 -0
  6. data/lib/chef/application.rb +4 -2
  7. data/lib/chef/client.rb +7 -1
  8. data/lib/chef/compliance/default_attributes.rb +5 -3
  9. data/lib/chef/compliance/reporter/automate.rb +1 -1
  10. data/lib/chef/compliance/runner.rb +16 -2
  11. data/lib/chef/cookbook_version.rb +26 -4
  12. data/lib/chef/data_collector/run_end_message.rb +1 -1
  13. data/lib/chef/data_collector.rb +0 -1
  14. data/lib/chef/deprecated.rb +14 -4
  15. data/lib/chef/dsl/render_helpers.rb +44 -0
  16. data/lib/chef/dsl/secret.rb +64 -0
  17. data/lib/chef/dsl/toml.rb +116 -0
  18. data/lib/chef/dsl/universal.rb +5 -0
  19. data/lib/chef/dsl.rb +1 -0
  20. data/lib/chef/event_dispatch/base.rb +2 -1
  21. data/lib/chef/exceptions.rb +23 -0
  22. data/lib/chef/formatters/doc.rb +14 -13
  23. data/lib/chef/formatters/error_mapper.rb +2 -2
  24. data/lib/chef/formatters/minimal.rb +6 -5
  25. data/lib/chef/handler/slow_report.rb +66 -0
  26. data/lib/chef/handler.rb +46 -8
  27. data/lib/chef/http.rb +5 -5
  28. data/lib/chef/json_compat.rb +1 -1
  29. data/lib/chef/node.rb +20 -19
  30. data/lib/chef/policy_builder/policyfile.rb +88 -45
  31. data/lib/chef/provider/execute.rb +1 -1
  32. data/lib/chef/provider/file.rb +2 -2
  33. data/lib/chef/provider/group/dscl.rb +1 -1
  34. data/lib/chef/provider/launchd.rb +6 -6
  35. data/lib/chef/provider/lwrp_base.rb +1 -1
  36. data/lib/chef/provider/package/habitat.rb +168 -0
  37. data/lib/chef/provider/package/powershell.rb +5 -0
  38. data/lib/chef/provider/subversion.rb +4 -4
  39. data/lib/chef/provider/support/yum_repo.erb +1 -1
  40. data/lib/chef/provider/support/zypper_repo.erb +4 -2
  41. data/lib/chef/provider/systemd_unit.rb +17 -16
  42. data/lib/chef/provider/user/mac.rb +3 -3
  43. data/lib/chef/provider/yum_repository.rb +27 -43
  44. data/lib/chef/provider/zypper_repository.rb +30 -34
  45. data/lib/chef/provider.rb +26 -1
  46. data/lib/chef/provider_resolver.rb +8 -2
  47. data/lib/chef/providers.rb +1 -0
  48. data/lib/chef/resource/alternatives.rb +5 -5
  49. data/lib/chef/resource/apt_preference.rb +2 -2
  50. data/lib/chef/resource/apt_repository.rb +2 -2
  51. data/lib/chef/resource/apt_update.rb +4 -4
  52. data/lib/chef/resource/build_essential.rb +1 -1
  53. data/lib/chef/resource/chef_client_config.rb +10 -5
  54. data/lib/chef/resource/chef_client_cron.rb +3 -3
  55. data/lib/chef/resource/chef_client_launchd.rb +3 -3
  56. data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
  57. data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
  58. data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
  59. data/lib/chef/resource/chef_handler.rb +2 -2
  60. data/lib/chef/resource/chef_sleep.rb +1 -1
  61. data/lib/chef/resource/chef_vault_secret.rb +2 -2
  62. data/lib/chef/resource/chocolatey_feature.rb +2 -2
  63. data/lib/chef/resource/chocolatey_source.rb +1 -1
  64. data/lib/chef/resource/cron/cron_d.rb +4 -6
  65. data/lib/chef/resource/cron_access.rb +1 -1
  66. data/lib/chef/resource/dmg_package.rb +1 -1
  67. data/lib/chef/resource/dsc_resource.rb +1 -1
  68. data/lib/chef/resource/execute.rb +5 -5
  69. data/lib/chef/resource/gem_package.rb +2 -1
  70. data/lib/chef/resource/group.rb +4 -4
  71. data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
  72. data/lib/chef/resource/habitat/habitat_package.rb +129 -0
  73. data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
  74. data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
  75. data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
  76. data/lib/chef/resource/habitat_config.rb +107 -0
  77. data/lib/chef/resource/habitat_install.rb +247 -0
  78. data/lib/chef/resource/habitat_service.rb +451 -0
  79. data/lib/chef/resource/habitat_user_toml.rb +92 -0
  80. data/lib/chef/resource/homebrew_cask.rb +18 -7
  81. data/lib/chef/resource/homebrew_package.rb +1 -1
  82. data/lib/chef/resource/homebrew_tap.rb +4 -3
  83. data/lib/chef/resource/homebrew_update.rb +2 -2
  84. data/lib/chef/resource/hostname.rb +49 -7
  85. data/lib/chef/resource/inspec_waiver_file_entry.rb +8 -7
  86. data/lib/chef/resource/kernel_module.rb +6 -6
  87. data/lib/chef/resource/launchd.rb +3 -3
  88. data/lib/chef/resource/locale.rb +1 -1
  89. data/lib/chef/resource/lwrp_base.rb +1 -1
  90. data/lib/chef/resource/macos_userdefaults.rb +2 -2
  91. data/lib/chef/resource/ohai_hint.rb +2 -6
  92. data/lib/chef/resource/openbsd_package.rb +17 -0
  93. data/lib/chef/resource/openssl_dhparam.rb +1 -2
  94. data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
  95. data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
  96. data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
  97. data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
  98. data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
  99. data/lib/chef/resource/openssl_x509_crl.rb +1 -3
  100. data/lib/chef/resource/openssl_x509_request.rb +1 -3
  101. data/lib/chef/resource/osx_profile.rb +3 -3
  102. data/lib/chef/resource/plist.rb +1 -1
  103. data/lib/chef/resource/powershell_package_source.rb +2 -4
  104. data/lib/chef/resource/reboot.rb +38 -9
  105. data/lib/chef/resource/remote_directory.rb +2 -2
  106. data/lib/chef/resource/remote_file.rb +1 -1
  107. data/lib/chef/resource/rhsm_errata.rb +0 -2
  108. data/lib/chef/resource/rhsm_errata_level.rb +1 -5
  109. data/lib/chef/resource/rhsm_repo.rb +15 -0
  110. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  111. data/lib/chef/resource/ruby_block.rb +100 -0
  112. data/lib/chef/resource/scm/subversion.rb +1 -1
  113. data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
  114. data/lib/chef/resource/sudo.rb +2 -6
  115. data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
  116. data/lib/chef/resource/support/client.erb +8 -1
  117. data/lib/chef/resource/support/sup.toml.erb +179 -0
  118. data/lib/chef/resource/swap_file.rb +2 -6
  119. data/lib/chef/resource/sysctl.rb +2 -2
  120. data/lib/chef/resource/systemd_unit.rb +3 -3
  121. data/lib/chef/resource/timezone.rb +1 -1
  122. data/lib/chef/resource/user_ulimit.rb +2 -2
  123. data/lib/chef/resource/windows_ad_join.rb +2 -2
  124. data/lib/chef/resource/windows_audit_policy.rb +2 -2
  125. data/lib/chef/resource/windows_auto_run.rb +2 -2
  126. data/lib/chef/resource/windows_certificate.rb +1 -1
  127. data/lib/chef/resource/windows_defender.rb +163 -0
  128. data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
  129. data/lib/chef/resource/windows_dfs_folder.rb +2 -2
  130. data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
  131. data/lib/chef/resource/windows_dns_record.rb +2 -2
  132. data/lib/chef/resource/windows_dns_zone.rb +2 -2
  133. data/lib/chef/resource/windows_feature.rb +3 -3
  134. data/lib/chef/resource/windows_feature_dism.rb +3 -5
  135. data/lib/chef/resource/windows_feature_powershell.rb +3 -3
  136. data/lib/chef/resource/windows_firewall_profile.rb +2 -2
  137. data/lib/chef/resource/windows_firewall_rule.rb +20 -6
  138. data/lib/chef/resource/windows_font.rb +1 -1
  139. data/lib/chef/resource/windows_pagefile.rb +103 -64
  140. data/lib/chef/resource/windows_path.rb +2 -2
  141. data/lib/chef/resource/windows_printer.rb +80 -61
  142. data/lib/chef/resource/windows_printer_port.rb +48 -65
  143. data/lib/chef/resource/windows_security_policy.rb +2 -2
  144. data/lib/chef/resource/windows_share.rb +2 -2
  145. data/lib/chef/resource/windows_shortcut.rb +1 -1
  146. data/lib/chef/resource/windows_task.rb +1 -1
  147. data/lib/chef/resource/windows_uac.rb +3 -5
  148. data/lib/chef/resource/windows_update_settings.rb +259 -0
  149. data/lib/chef/resource/windows_user_privilege.rb +2 -2
  150. data/lib/chef/resource/windows_workgroup.rb +2 -2
  151. data/lib/chef/resource/yum_package.rb +11 -15
  152. data/lib/chef/resource/zypper_package.rb +4 -4
  153. data/lib/chef/resource/zypper_repository.rb +28 -8
  154. data/lib/chef/resource.rb +13 -17
  155. data/lib/chef/resource_inspector.rb +6 -2
  156. data/lib/chef/resource_reporter.rb +0 -1
  157. data/lib/chef/resources.rb +12 -1
  158. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
  159. data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
  160. data/lib/chef/secret_fetcher/base.rb +76 -0
  161. data/lib/chef/secret_fetcher/example.rb +46 -0
  162. data/lib/chef/secret_fetcher.rb +55 -0
  163. data/lib/chef/version.rb +1 -1
  164. data/spec/functional/mixin/from_file_spec.rb +1 -1
  165. data/spec/functional/resource/windows_hostname_spec.rb +91 -0
  166. data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
  167. data/spec/integration/compliance/compliance_spec.rb +1 -0
  168. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  169. data/spec/integration/recipes/resource_action_spec.rb +6 -6
  170. data/spec/support/shared/unit/provider/file.rb +2 -8
  171. data/spec/unit/compliance/runner_spec.rb +46 -2
  172. data/spec/unit/cookbook_version_spec.rb +52 -0
  173. data/spec/unit/data_collector_spec.rb +47 -1
  174. data/spec/unit/dsl/render_helpers_spec.rb +102 -0
  175. data/spec/unit/dsl/secret_spec.rb +71 -0
  176. data/spec/unit/formatters/doc_spec.rb +1 -1
  177. data/spec/unit/handler_spec.rb +8 -2
  178. data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
  179. data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
  180. data/spec/unit/provider/apt_update_spec.rb +3 -1
  181. data/spec/unit/provider/mount/aix_spec.rb +1 -1
  182. data/spec/unit/provider/package/powershell_spec.rb +74 -12
  183. data/spec/unit/provider/zypper_repository_spec.rb +3 -10
  184. data/spec/unit/provider_spec.rb +23 -0
  185. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  186. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  187. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  188. data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
  189. data/spec/unit/resource/windows_defender_spec.rb +71 -0
  190. data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
  191. data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
  192. data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
  193. data/spec/unit/resource/zypper_repository_spec.rb +1 -1
  194. data/spec/unit/resource_spec.rb +19 -8
  195. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  196. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
  197. data/spec/unit/secret_fetcher_spec.rb +82 -0
  198. metadata +55 -7
data/lib/chef/handler.rb CHANGED
@@ -55,6 +55,12 @@ class Chef
55
55
  #
56
56
  class Handler
57
57
 
58
+ # FIXME: Chef::Handler should probably inherit from EventDispatch::Base
59
+ # and should wire up to those events rather than the "notifications" system
60
+ # which is hanging off of Chef::Client. Those "notifications" could then be
61
+ # deprecated in favor of events, and this class could become decoupled from
62
+ # the Chef::Client object.
63
+
58
64
  def self.handler_for(*args)
59
65
  if args.include?(:start)
60
66
  Chef::Config[:start_handlers] ||= []
@@ -207,17 +213,45 @@ class Chef
207
213
  # The Chef::Node for this client run
208
214
  def_delegator :@run_status, :node
209
215
 
210
- ##
211
- # :method: all_resources
216
+ # @return Array<Chef::Resource> all resources other than unprocessed
212
217
  #
213
- # An Array containing all resources in the chef run's resource_collection
214
- def_delegator :@run_status, :all_resources
218
+ def all_resources
219
+ @all_resources ||= action_collection&.filtered_collection(unprocessed: false)&.resources || []
220
+ end
215
221
 
216
- ##
217
- # :method: updated_resources
222
+ # @return Array<Chef::Resource> all updated resources
223
+ #
224
+ def updated_resources
225
+ @updated_resources ||= action_collection&.filtered_collection(up_to_date: false, skipped: false, failed: false, unprocessed: false)&.resources || []
226
+ end
227
+
228
+ # @return Array<Chef::Resource> all up_to_date resources
229
+ #
230
+ def up_to_date_resources
231
+ @up_to_date_resources ||= action_collection&.filtered_collection(updated: false, skipped: false, failed: false, unprocessed: false)&.resources || []
232
+ end
233
+
234
+ # @return Array<Chef::Resource> all failed resources
218
235
  #
219
- # An Array containing all resources that were updated during the chef run
220
- def_delegator :@run_status, :updated_resources
236
+ def failed_resources
237
+ @failed_resources ||= action_collection&.filtered_collection(updated: false, up_to_date: false, skipped: false, unprocessed: false)&.resources || []
238
+ end
239
+
240
+ # @return Array<Chef::Resource> all skipped resources
241
+ #
242
+ def skipped_resources
243
+ @skipped_resources ||= action_collection&.filtered_collection(updated: false, up_to_date: false, failed: false, unprocessed: false)&.resources || []
244
+ end
245
+
246
+ # Unprocessed resources are those which are left over in the outer recipe context when a run fails.
247
+ # Sub-resources of unprocessed resourced are impossible to capture because they would require processing
248
+ # the outer resource.
249
+ #
250
+ # @return Array<Chef::Resource> all unprocessed resources
251
+ #
252
+ def unprocessed_resources
253
+ @unprocessed_resources ||= action_collection&.filtered_collection(updated: false, up_to_date: false, failed: false, skipped: false)&.resources || []
254
+ end
221
255
 
222
256
  ##
223
257
  # :method: success?
@@ -232,6 +266,10 @@ class Chef
232
266
  # Did the chef run fail? True if the chef run raised an uncaught exception
233
267
  def_delegator :@run_status, :failed?
234
268
 
269
+ def action_collection
270
+ @run_status.run_context.action_collection
271
+ end
272
+
235
273
  # The main entry point for report handling. Subclasses should override this
236
274
  # method with their own report handling logic.
237
275
  def report; end
data/lib/chef/http.rb CHANGED
@@ -423,7 +423,7 @@ class Chef
423
423
  if response.is_a?(Net::HTTPServerError) && !Chef::Config.local_mode
424
424
  if http_retry_count - http_attempts >= 0
425
425
  sleep_time = 1 + (2**http_attempts) + rand(2**http_attempts)
426
- Chef::Log.error("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s")
426
+ Chef::Log.warn("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s") # Updated from error to warn
427
427
  sleep(sleep_time)
428
428
  redo
429
429
  end
@@ -432,7 +432,7 @@ class Chef
432
432
  end
433
433
  rescue SocketError, Errno::ETIMEDOUT, Errno::ECONNRESET => e
434
434
  if http_retry_count - http_attempts >= 0
435
- Chef::Log.error("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
435
+ Chef::Log.warn("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
436
436
  sleep(http_retry_delay)
437
437
  retry
438
438
  end
@@ -440,21 +440,21 @@ class Chef
440
440
  raise e
441
441
  rescue Errno::ECONNREFUSED
442
442
  if http_retry_count - http_attempts >= 0
443
- Chef::Log.error("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
443
+ Chef::Log.warn("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
444
444
  sleep(http_retry_delay)
445
445
  retry
446
446
  end
447
447
  raise Errno::ECONNREFUSED, "Connection refused connecting to #{url}, giving up"
448
448
  rescue Timeout::Error
449
449
  if http_retry_count - http_attempts >= 0
450
- Chef::Log.error("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
450
+ Chef::Log.warn("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
451
451
  sleep(http_retry_delay)
452
452
  retry
453
453
  end
454
454
  raise Timeout::Error, "Timeout connecting to #{url}, giving up"
455
455
  rescue OpenSSL::SSL::SSLError => e
456
456
  if (http_retry_count - http_attempts >= 0) && !e.message.include?("certificate verify failed")
457
- Chef::Log.error("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
457
+ Chef::Log.warn("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
458
458
  sleep(http_retry_delay)
459
459
  retry
460
460
  end
@@ -25,7 +25,7 @@ require "json" unless defined?(JSON)
25
25
  class Chef
26
26
  class JSONCompat
27
27
 
28
- class <<self
28
+ class << self
29
29
 
30
30
  def parse(source, opts = {})
31
31
  FFI_Yajl::Parser.parse(source, opts)
data/lib/chef/node.rb CHANGED
@@ -687,6 +687,25 @@ class Chef
687
687
  name <=> other.name
688
688
  end
689
689
 
690
+ # Returns hash of node data with attributes based on whitelist/blacklist rules.
691
+ def data_for_save
692
+ data = for_json
693
+ %w{automatic default normal override}.each do |level|
694
+ allowlist = allowlist_or_whitelist_config(level)
695
+ unless allowlist.nil? # nil => save everything
696
+ logger.info("Allowing #{level} node attributes for save.")
697
+ data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
698
+ end
699
+
700
+ blocklist = blocklist_or_blacklist_config(level)
701
+ unless blocklist.nil? # nil => remove nothing
702
+ logger.info("Blocking #{level} node attributes for save")
703
+ data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
704
+ end
705
+ end
706
+ data
707
+ end
708
+
690
709
  private
691
710
 
692
711
  def save_without_policyfile_attrs
@@ -712,7 +731,7 @@ class Chef
712
731
  # @param [String] level the attribute level
713
732
  def allowlist_or_whitelist_config(level)
714
733
  if Chef::Config["#{level}_attribute_whitelist".to_sym]
715
- Chef.deprecated(:attribute_blacklist_configuration, "Attribute whitelist configurations have been deprecated. Use the allowed_LEVEL_attribute configs instead")
734
+ Chef.deprecated(:attribute_whitelist_configuration, "Attribute whitelist configurations have been deprecated. Use the allowed_LEVEL_attribute configs instead")
716
735
  Chef::Config["#{level}_attribute_whitelist".to_sym]
717
736
  else
718
737
  Chef::Config["allowed_#{level}_attributes".to_sym]
@@ -732,24 +751,6 @@ class Chef
732
751
  end
733
752
  end
734
753
 
735
- def data_for_save
736
- data = for_json
737
- %w{automatic default normal override}.each do |level|
738
- allowlist = allowlist_or_whitelist_config(level)
739
- unless allowlist.nil? # nil => save everything
740
- logger.info("Allowing #{level} node attributes for save.")
741
- data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
742
- end
743
-
744
- blocklist = blocklist_or_blacklist_config(level)
745
- unless blocklist.nil? # nil => remove nothing
746
- logger.info("Blocking #{level} node attributes for save")
747
- data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
748
- end
749
- end
750
- data
751
- end
752
-
753
754
  # Returns a UUID that uniquely identifies this node for reporting reasons.
754
755
  #
755
756
  # The node is read in from disk if it exists, or it's generated if it does
@@ -32,14 +32,8 @@ class Chef
32
32
  # Policyfile is a policy builder implementation that gets run
33
33
  # list and cookbook version information from a single document.
34
34
  #
35
- # == Unsupported Options:
36
- # * override_runlist:: This could potentially be integrated into the
37
- # policyfile, or replaced with a similar feature that has different
38
- # semantics.
39
- # * specific_recipes:: put more design thought into this use case.
40
- # * run_list in json_attribs:: would be ignored anyway, so it raises an error.
41
- # * chef-solo:: not currently supported. Need more design thought around
42
- # how this should work.
35
+ # Does not support legacy chef-solo or roles/environments.
36
+ #
43
37
  class Policyfile
44
38
 
45
39
  class UnsupportedFeature < StandardError; end
@@ -81,10 +75,12 @@ class Chef
81
75
  attr_reader :ohai_data
82
76
  attr_reader :json_attribs
83
77
  attr_reader :run_context
78
+ attr_reader :override_runlist
84
79
 
85
80
  def initialize(node_name, ohai_data, json_attribs, override_runlist, events)
86
81
  @node_name = node_name
87
82
  @ohai_data = ohai_data
83
+ @override_runlist = override_runlist
88
84
  @json_attribs = json_attribs
89
85
  @events = events
90
86
 
@@ -94,32 +90,11 @@ class Chef
94
90
  raise UnsupportedFeature, "Policyfile does not support chef-solo. Use #{ChefUtils::Dist::Infra::CLIENT} local mode instead."
95
91
  end
96
92
 
97
- if override_runlist
98
- raise UnsupportedFeature, "Policyfile does not support override run lists. Use named run_lists instead."
99
- end
100
-
101
- if json_attribs && json_attribs.key?("run_list")
102
- raise UnsupportedFeature, "Policyfile does not support setting the run_list in json data."
103
- end
104
-
105
93
  if Chef::Config[:environment] && !Chef::Config[:environment].chomp.empty?
106
94
  raise UnsupportedFeature, "Policyfile does not work with an Environment configured."
107
95
  end
108
96
  end
109
97
 
110
- ## API Compat ##
111
- # Methods related to unsupported features
112
-
113
- # Override run_list is not supported.
114
- def original_runlist
115
- nil
116
- end
117
-
118
- # Override run_list is not supported.
119
- def override_runlist
120
- nil
121
- end
122
-
123
98
  # Policyfile gives you the run_list already expanded, but users of this
124
99
  # class may expect to get a run_list expansion compatible object by
125
100
  # calling this method.
@@ -148,17 +123,27 @@ class Chef
148
123
  # consume_external_attrs may add items to the run_list. Save the
149
124
  # expanded run_list, which we will pass to the server later to
150
125
  # determine which versions of cookbooks to use.
126
+
127
+ unless Chef::Config[:policy_document_native_api]
128
+ Chef.deprecated(:policyfile_compat_mode, "The chef-server 11 policyfile compat mode is deprecated, please set policy_document_native_api to true in your config")
129
+ end
130
+
151
131
  node.reset_defaults_and_overrides
152
132
 
153
133
  node.consume_external_attrs(ohai_data, json_attribs)
154
134
 
135
+ setup_run_list_override
136
+
155
137
  expand_run_list
156
138
  apply_policyfile_attributes
157
139
 
140
+ if persistent_run_list_set?
141
+ Chef::Log.warn("The node.run_list setting is overriding the Policyfile run_list")
142
+ end
158
143
  Chef::Log.info("Run List is [#{run_list}]")
159
- Chef::Log.info("Run List expands to [#{run_list_with_versions_for_display.join(", ")}]")
144
+ Chef::Log.info("Run List expands to [#{run_list_with_versions_for_display(run_list).join(", ")}]")
160
145
 
161
- events.node_load_completed(node, run_list_with_versions_for_display, Chef::Config)
146
+ events.node_load_completed(node, run_list_with_versions_for_display(run_list), Chef::Config)
162
147
  events.run_list_expanded(run_list_expansion_ish)
163
148
 
164
149
  # we must do this after `node.consume_external_attrs`
@@ -194,6 +179,11 @@ class Chef
194
179
  events.cookbook_compilation_start(run_context)
195
180
 
196
181
  run_context.load(run_list_expansion_ish)
182
+ if specific_recipes
183
+ specific_recipes.each do |recipe_file|
184
+ run_context.load_recipe_file(recipe_file)
185
+ end
186
+ end
197
187
 
198
188
  events.cookbook_compilation_complete(run_context)
199
189
 
@@ -206,7 +196,7 @@ class Chef
206
196
  #
207
197
  # @return [RunListExpansionIsh] A RunListExpansion duck-type.
208
198
  def expand_run_list
209
- CookbookCacheCleaner.instance.skip_removal = true if named_run_list_requested?
199
+ validate_run_list!(run_list)
210
200
 
211
201
  node.run_list(run_list)
212
202
  node.automatic_attrs[:policy_revision] = revision_id
@@ -231,21 +221,25 @@ class Chef
231
221
  cookbooks_to_sync
232
222
  end
233
223
 
234
- # Whether or not this is a temporary policy. Since PolicyBuilder doesn't
235
- # support override_runlist, this is always false.
224
+ ## Internal Public API ##
225
+
226
+ # @api private
236
227
  #
237
- # @return [false]
238
- def temporary_policy?
239
- false
228
+ # Validate run_list against policyfile cookbooks
229
+ #
230
+ def validate_run_list!(run_list)
231
+ run_list.map do |recipe_spec|
232
+ cookbook, recipe = parse_recipe_spec(recipe_spec)
233
+ lock_data = cookbook_lock_for(cookbook)
234
+ raise PolicyfileError, "invalid run_list item '#{recipe_spec}' not in cookbook set of PolicyFile #{policyfile_location}" unless lock_data
235
+ end
240
236
  end
241
237
 
242
- ## Internal Public API ##
243
-
244
238
  # @api private
245
239
  #
246
240
  # Generates an array of strings with recipe names including version and
247
241
  # identifier info.
248
- def run_list_with_versions_for_display
242
+ def run_list_with_versions_for_display(run_list)
249
243
  run_list.map do |recipe_spec|
250
244
  cookbook, recipe = parse_recipe_spec(recipe_spec)
251
245
  lock_data = cookbook_lock_for(cookbook)
@@ -287,9 +281,14 @@ class Chef
287
281
 
288
282
  # @api private
289
283
  def parse_recipe_spec(recipe_spec)
290
- rmatch = recipe_spec.match(/recipe\[([^:]+)::([^:]+)\]/)
284
+ rmatch = recipe_spec.to_s.match(/recipe\[([^:]+)::([^:]+)\]/)
291
285
  if rmatch.nil?
292
- raise PolicyfileError, "invalid recipe specification #{recipe_spec} in Policyfile from #{policyfile_location}"
286
+ rmatch = recipe_spec.to_s.match(/recipe\[([^:]+)\]/)
287
+ if rmatch.nil?
288
+ raise PolicyfileError, "invalid recipe specification #{recipe_spec} in Policyfile from #{policyfile_location}"
289
+ else
290
+ [rmatch[1], "default"]
291
+ end
293
292
  else
294
293
  [rmatch[1], rmatch[2]]
295
294
  end
@@ -301,8 +300,15 @@ class Chef
301
300
  end
302
301
 
303
302
  # @api private
303
+ # @return [Array<String>]
304
304
  def run_list
305
- if named_run_list_requested?
305
+ return override_runlist.map(&:to_s) if override_runlist
306
+
307
+ if json_attribs["run_list"]
308
+ json_attribs["run_list"]
309
+ elsif persistent_run_list_set?
310
+ node.run_list
311
+ elsif named_run_list_requested?
306
312
  named_run_list || raise(ConfigurationError,
307
313
  "Policy '#{retrieved_policy_name}' revision '#{revision_id}' does not have named_run_list '#{named_run_list_name}'" +
308
314
  "(available named_run_lists: [#{available_named_run_lists.join(", ")}])")
@@ -458,7 +464,7 @@ class Chef
458
464
  # should be reduced to a single call.
459
465
  def cookbooks_to_sync
460
466
  @cookbook_to_sync ||= begin
461
- events.cookbook_resolution_start(run_list_with_versions_for_display)
467
+ events.cookbook_resolution_start(run_list_with_versions_for_display(run_list))
462
468
 
463
469
  cookbook_versions_by_name = cookbook_locks.inject({}) do |cb_map, (name, lock_data)|
464
470
  cb_map[name] = manifest_for(name, lock_data)
@@ -470,7 +476,7 @@ class Chef
470
476
  end
471
477
  rescue Exception => e
472
478
  # TODO: wrap/munge exception to provide helpful error output
473
- events.cookbook_resolution_failed(run_list_with_versions_for_display, e)
479
+ events.cookbook_resolution_failed(run_list_with_versions_for_display(run_list), e)
474
480
  raise
475
481
  end
476
482
 
@@ -509,6 +515,13 @@ class Chef
509
515
  Chef::Config
510
516
  end
511
517
 
518
+ # Indicates whether the policy is temporary, which means an
519
+ # override_runlist was provided. Chef::Client uses this to decide whether
520
+ # to do the final node save at the end of the run or not.
521
+ def temporary_policy?
522
+ node.override_runlist_set?
523
+ end
524
+
512
525
  private
513
526
 
514
527
  # This method injects the run_context and into the Chef class.
@@ -533,6 +546,10 @@ class Chef
533
546
  (policy["named_run_lists"] || {}).keys
534
547
  end
535
548
 
549
+ def persistent_run_list_set?
550
+ Chef::Config[:policy_persist_run_list] && node.run_list && !node.run_list.empty?
551
+ end
552
+
536
553
  def named_run_list_requested?
537
554
  !!Chef::Config[:named_run_list]
538
555
  end
@@ -567,6 +584,32 @@ class Chef
567
584
  Chef::CookbookVersion.from_cb_artifact_data(raw_manifest)
568
585
  end
569
586
 
587
+ def setup_run_list_override
588
+ unless override_runlist.nil?
589
+ runlist_override_sanity_check!
590
+ node.override_runlist = override_runlist
591
+ Chef::Log.warn "Run List override has been provided."
592
+ Chef::Log.warn "Original Run List: [#{node.primary_runlist}]"
593
+ Chef::Log.warn "Overridden Run List: [#{node.run_list}]"
594
+ end
595
+ end
596
+
597
+ # Ensures runlist override contains RunListItem instances
598
+ def runlist_override_sanity_check!
599
+ # Convert to array and remove whitespace
600
+ if override_runlist.is_a?(String)
601
+ @override_runlist = override_runlist.split(",").map(&:strip)
602
+ end
603
+ @override_runlist = [override_runlist].flatten.compact
604
+ override_runlist.map! do |item|
605
+ if item.is_a?(Chef::RunList::RunListItem)
606
+ item
607
+ else
608
+ Chef::RunList::RunListItem.new(item)
609
+ end
610
+ end
611
+ end
612
+
570
613
  end
571
614
  end
572
615
  end
@@ -41,7 +41,7 @@ class Chef
41
41
  end
42
42
  end
43
43
 
44
- action :run do
44
+ action :run, description: "Run a command." do
45
45
  if creates && sentinel_file.exist?
46
46
  logger.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do")
47
47
  return false