chef 17.10.0 → 17.10.114

data/spec/unit/client_spec.rb

@@ -311,14 +311,17 @@ describe Chef::Client do
   describe "eol release warning" do
     it "warns when running an EOL release" do
       stub_const("Chef::VERSION", 15)
-      allow(Time).to receive(:now).and_return(Time.new(2021, 5, 1, 5))
-      expect(logger).to receive(:warn).with(/This release of.*became end of life \(EOL\) on May 1st 2021/)
+      # added a call to client because Time.now gets invoked multiple times during instantiation. Don't mock Time until after client initialized
+      client
+      expect(Time).to receive(:now).and_return(Time.new(2024, 12, 1, 5))
+      allow(client).to receive(:eol_override).and_return(false)
+      expect(logger).to receive(:warn).with("This release of Chef Infra Client became end of life (EOL) on Nov 30, 2024. Please update to a supported release to receive new features, bug fixes, and security updates.")
       client.warn_if_eol
     end
 
     it "does not warn when running an non-EOL release" do
       stub_const("Chef::VERSION", 15)
-      allow(Time).to receive(:now).and_return(Time.new(2021, 4, 31))
+      allow(Time).to receive(:now).and_return(Time.new(2021, 4, 30))
       expect(logger).to_not receive(:warn).with(/became end of life/)
       client.warn_if_eol
     end

data/spec/unit/compliance/reporter/chef_server_automate_spec.rb

@@ -170,7 +170,7 @@ describe Chef::Compliance::Reporter::ChefServerAutomate do
           "X-Ops-Userid" => "spec-node",
           "X-Remote-Request-Id" => /.+/,
         }
-      ).to_return(status: 200)
+      ).to_return(status: 200, body: "OK")
 
     expect(reporter.send_report(inspec_report)).to eq(true)
 

data/spec/unit/daemon_spec.rb

@@ -170,11 +170,7 @@ describe Chef::Daemon do
 
       it "should log an appropriate error message and fail miserably" do
         allow(Process).to receive(:initgroups).and_raise(Errno::EPERM)
-        error = "Operation not permitted"
-        if RUBY_PLATFORM.match("solaris2") || RUBY_PLATFORM.match("aix")
-          error = "Not owner"
-        end
-        expect(Chef::Application).to receive(:fatal!).with("Permission denied when trying to change 999:999 to 501:20. #{error}")
+        expect(Chef::Application).to receive(:fatal!).with(/Permission denied when trying to change 999:999 to 501:20/)
         Chef::Daemon._change_privilege(testuser)
       end
     end

data/spec/unit/dsl/secret_spec.rb

@@ -17,11 +17,14 @@
 #
 
 require "spec_helper"
+require "chef/exceptions"
 require "chef/dsl/secret"
 require "chef/secret_fetcher/base"
+
 class SecretDSLTester
   include Chef::DSL::Secret
-  # Because DSL is invoked in the context of a recipe,
+
+  # Because DSL is invoked in the context of a recipe or attribute file
   # we expect run_context to always be available when SecretFetcher::Base
   # requests it - making it safe to mock here
   def run_context
@@ -37,35 +40,136 @@ end
 
 describe Chef::DSL::Secret do
   let(:dsl) { SecretDSLTester.new }
-  it "responds to 'secret'" do
-    expect(dsl.respond_to?(:secret)).to eq true
+  let(:run_context) { Chef::RunContext.new(Chef::Node.new, {}, Chef::EventDispatch::Dispatcher.new) }
+
+  before do
+    allow(dsl).to receive(:run_context).and_return(run_context)
   end
 
-  it "uses SecretFetcher.for_service to find the fetcher" do
-    substitute_fetcher = SecretFetcherImpl.new({}, nil)
-    expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher)
-    expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
-    dsl.secret(name: "key1", service: :example, config: {})
+  %w{
+      secret
+      default_secret_service
+      default_secret_config
+      with_secret_service
+      with_secret_config
+    }.each do |m|
+      it "responds to ##{m}" do
+        expect(dsl.respond_to?(m)).to eq true
+      end
+    end
+
+  describe "#default_secret_service" do
+    let(:service) { :hashi_vault }
+
+    it "persists the service passed in as an argument" do
+      expect(dsl.default_secret_service).to eq(nil)
+      dsl.default_secret_service(service)
+      expect(dsl.default_secret_service).to eq(service)
+    end
+
+    it "returns run_context.default_secret_service value when no argument is given" do
+      run_context.default_secret_service = :my_thing
+      expect(dsl.default_secret_service).to eq(:my_thing)
+    end
+
+    it "raises exception when service given is not valid" do
+      stub_const("Chef::SecretFetcher::SECRET_FETCHERS", %i{service_a service_b})
+      expect { dsl.default_secret_service(:unknown_service) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
+    end
   end
 
-  it "resolves a secret when using the example fetcher" do
-    secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
-    expect(secret_value).to eq "secret value"
+  describe "#with_secret_config" do
+    let(:service) { :hashi_vault }
+
+    it "sets the service for the scope of the block only" do
+      expect(dsl.default_secret_service).to eq(nil)
+      dsl.with_secret_service(service) do
+        expect(dsl.default_secret_service).to eq(service)
+      end
+      expect(dsl.default_secret_service).to eq(nil)
+    end
+
+    it "raises exception when block is not given" do
+      expect { dsl.with_secret_service(service) }.to raise_error(ArgumentError)
+    end
   end
 
-  context "when used within a resource" do
-    let(:run_context) {
-      Chef::RunContext.new(Chef::Node.new,
-                           Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
-                           Chef::EventDispatch::Dispatcher.new)
-    }
-
-    it "marks that resource as 'sensitive'" do
-      recipe = Chef::Recipe.new("secrets", "test", run_context)
-      recipe.zen_master "secret_test" do
-        peace secret(name: "test1", service: :example, config: { "test1" => true })
+  describe "#default_secret_config" do
+    let(:config) { { my_key: "value" } }
+
+    it "persists the config passed in as argument" do
+      expect(dsl.default_secret_config).to eq({})
+      dsl.default_secret_config(**config)
+      expect(dsl.default_secret_config).to eq(config)
+    end
+
+    it "returns run_context.default_secret_config value when no argument is given" do
+      run_context.default_secret_config = { my_thing: "that" }
+      expect(dsl.default_secret_config).to eq({ my_thing: "that" })
+    end
+  end
+
+  describe "#with_secret_config" do
+    let(:config) { { my_key: "value" } }
+
+    it "sets the config for the scope of the block only" do
+      expect(dsl.default_secret_config).to eq({})
+      dsl.with_secret_config(**config) do
+        expect(dsl.default_secret_config).to eq(config)
       end
-      expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
+      expect(dsl.default_secret_config).to eq({})
+    end
+
+    it "raises exception when block is not given" do
+      expect { dsl.with_secret_config(**config) }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe "#secret" do
+    it "uses SecretFetcher.for_service to find the fetcher" do
+      substitute_fetcher = SecretFetcherImpl.new({}, nil)
+      expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, run_context).and_return(substitute_fetcher)
+      expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
+      dsl.secret(name: "key1", service: :example, config: {})
+    end
+
+    it "resolves a secret when using the example fetcher" do
+      secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
+      expect(secret_value).to eq "secret value"
+    end
+
+    context "when used within a resource" do
+      let(:run_context) {
+        Chef::RunContext.new(Chef::Node.new,
+                             Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
+                             Chef::EventDispatch::Dispatcher.new)
+      }
+
+      it "marks that resource as 'sensitive'" do
+        recipe = Chef::Recipe.new("secrets", "test", run_context)
+        recipe.zen_master "secret_test" do
+          peace secret(name: "test1", service: :example, config: { "test1" => true })
+        end
+        expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
+      end
+    end
+
+    it "passes default service to SecretFetcher.for_service" do
+      service = :example
+      dsl.default_secret_service(service)
+      substitute_fetcher = SecretFetcherImpl.new({}, nil)
+      expect(Chef::SecretFetcher).to receive(:for_service).with(service, {}, run_context).and_return(substitute_fetcher)
+      allow(substitute_fetcher).to receive(:fetch).with("key1", nil)
+      dsl.secret(name: "key1")
+    end
+
+    it "passes default config to SecretFetcher.for_service" do
+      config = { my_config: "value" }
+      dsl.default_secret_config(**config)
+      substitute_fetcher = SecretFetcherImpl.new({}, nil)
+      expect(Chef::SecretFetcher).to receive(:for_service).with(:example, config, run_context).and_return(substitute_fetcher)
+      allow(substitute_fetcher).to receive(:fetch).with("key1", nil)
+      dsl.secret(name: "key1", service: :example)
     end
   end
 end

data/spec/unit/mixin/checksum_spec.rb

@@ -51,4 +51,32 @@ describe Chef::Mixin::Checksum do
     end
   end
 
+  describe "checksum_match?" do
+    context "when checksum cases match" do
+      it "returns true" do
+        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
+      end
+    end
+
+    context "when one checksum is uppercase and other is lowercase" do
+      it "returns true" do
+        expect(@checksum_user.checksum_match?("U7GHBXIKK3I9BLSIMMY2Y2IONMXX", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
+      end
+    end
+
+    context "when checksums do not match" do
+      it "returns false" do
+        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "09ee9c8cc70501763563bcf9c218")).to be false
+      end
+    end
+
+    context "when checksum is nil" do
+      it "returns false" do
+        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", nil)).to be false
+        expect(@checksum_user.checksum_match?(nil, "09ee9c8cc70501763563bcf9c218")).to be false
+        expect(@checksum_user.checksum_match?(nil, nil)).to be false
+      end
+    end
+  end
+
 end

data/spec/unit/mixin/homebrew_user_spec.rb

@@ -47,6 +47,8 @@ describe Chef::Mixin::HomebrewUser do
     let(:user) { nil }
     let(:brew_owner) { 2001 }
     let(:default_brew_path) { "/usr/local/bin/brew" }
+    let(:default_brew_path_arm) { "/opt/homebrew/bin/brew" }
+    let(:default_brew_path_linux) { "/home/linuxbrew/.linuxbrew/bin/brew" }
     let(:stat_double) do
       d = double
       expect(d).to receive(:uid).and_return(brew_owner)
@@ -59,16 +61,38 @@ describe Chef::Mixin::HomebrewUser do
         expect(Etc).to receive(:getpwuid).with(brew_owner).and_return(OpenStruct.new(name: "name"))
       end
 
-      it "returns the owner of the brew executable when it is at a default location" do
-        expect(File).to receive(:exist?).with(default_brew_path).and_return(true)
-        expect(File).to receive(:stat).with(default_brew_path).and_return(stat_double)
+      def false_unless_specific_value(object, method, value)
+        allow(object).to receive(method).and_return(false)
+        allow(object).to receive(method).with(value).and_return(true)
+      end
+
+      it "returns the owner of the brew executable when it is at a default location for x86_64 machines" do
+        false_unless_specific_value(File, :exist?, default_brew_path)
+        false_unless_specific_value(File, :executable?, default_brew_path)
+        allow(File).to receive(:stat).with(default_brew_path).and_return(stat_double)
+        expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
+      end
+
+      it "returns the owner of the brew executable when it is at a default location for arm machines" do
+        false_unless_specific_value(File, :exist?, default_brew_path_arm)
+        false_unless_specific_value(File, :executable?, default_brew_path_arm)
+        allow(File).to receive(:stat).with(default_brew_path_arm).and_return(stat_double)
+        expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
+      end
+
+      it "returns the owner of the brew executable when it is at a default location for linux machines" do
+        false_unless_specific_value(File, :exist?, default_brew_path_linux)
+        false_unless_specific_value(File, :executable?, default_brew_path_linux)
+        allow(File).to receive(:stat).with(default_brew_path_linux).and_return(stat_double)
         expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
       end
 
       it "returns the owner of the brew executable when it is not at a default location" do
-        expect(File).to receive(:exist?).with(default_brew_path).and_return(false)
+        allow_any_instance_of(ExampleHomebrewUser).to receive(:which).and_return("/foo")
+        false_unless_specific_value(File, :exist?, "/foo")
+        false_unless_specific_value(File, :executable?, "/foo")
         allow(homebrew_user).to receive_message_chain(:shell_out, :stdout, :strip).and_return("/foo")
-        expect(File).to receive(:stat).with("/foo").and_return(stat_double)
+        allow(File).to receive(:stat).with("/foo").and_return(stat_double)
         expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
       end
 
@@ -78,8 +102,7 @@ describe Chef::Mixin::HomebrewUser do
   describe "when the homebrew user is not provided" do
 
     it "raises an error if no executable is found" do
-      expect(File).to receive(:exist?).with(default_brew_path).and_return(false)
-      allow(homebrew_user).to receive_message_chain(:shell_out, :stdout, :strip).and_return("")
+      expect(File).to receive(:exist?).and_return(nil).at_least(:once)
       expect { homebrew_user.find_homebrew_uid(user) }.to raise_error(Chef::Exceptions::CannotDetermineHomebrewOwner)
     end
 

data/spec/unit/provider/package/chocolatey_spec.rb

@@ -49,6 +49,10 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
     allow(provider).to receive(:shell_out_compacted!).with(choco_exe, "list", "-l", "-r", { returns: [0, 2], timeout: timeout }).and_return(local_list_obj)
   end
 
+  after(:each) do
+    described_class.instance_variable_set(:@get_choco_version, nil)
+  end
+
   def allow_remote_list(package_names, args = nil)
     remote_list_stdout = <<~EOF
       Chocolatey v0.9.9.11
@@ -61,9 +65,9 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
     remote_list_obj = double(stdout: remote_list_stdout)
     package_names.each do |pkg|
       if args
-        allow(provider).to receive(:shell_out_compacted!).with(choco_exe, "list", "-r", pkg, *args, { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
+        allow(provider).to receive(:shell_out_compacted!).with(choco_exe, described_class.query_command, "-r", pkg, *args, { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
       else
-        allow(provider).to receive(:shell_out_compacted!).with(choco_exe, "list", "-r", pkg, { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
+        allow(provider).to receive(:shell_out_compacted!).with(choco_exe, described_class.query_command, "-r", pkg, { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
       end
     end
   end
@@ -78,6 +82,18 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
     end
   end
 
+  describe "choco searches change with the version" do
+    it "Choco V1 uses List" do
+      allow(described_class).to receive(:get_choco_version).and_return("1.4.0")
+      expect(provider.query_command).to eql("list")
+    end
+
+    it "Choco V2 uses Search" do
+      allow(described_class).to receive(:get_choco_version).and_return("2.1.0")
+      expect(provider.query_command).to eql("search")
+    end
+  end
+
   describe "#candidate_version" do
     it "should set the candidate_version to the latest version when not pinning" do
       allow_remote_list(["git"])
@@ -150,7 +166,7 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
       new_resource.package_name("package-does-not-exist")
       new_resource.returns([0])
       allow(provider).to receive(:shell_out_compacted!)
-        .with(choco_exe, "list", "-r", new_resource.package_name.first, { returns: new_resource.returns, timeout: timeout })
+        .with(choco_exe, described_class.query_command, "-r", new_resource.package_name.first, { returns: new_resource.returns, timeout: timeout })
         .and_raise(Mixlib::ShellOut::ShellCommandFailed, "Expected process to exit with [0], but received '2'")
       expect { provider.send(:available_packages) }.to raise_error(Mixlib::ShellOut::ShellCommandFailed, "Expected process to exit with [0], but received '2'")
     end

data/spec/unit/provider/package/rubygems_spec.rb

@@ -143,7 +143,7 @@ describe Chef::Provider::Package::Rubygems::CurrentGemEnvironment do
         .to_return(status: 200, body: File.binread(File.join(CHEF_SPEC_DATA, "rubygems.org", "sexp_processor-4.15.1.gemspec.rz")))
 
       dep = Gem::Dependency.new("sexp_processor", ">= 0")
-      expect(@gem_env.candidate_version_from_remote(dep, "https://rubygems2.org")).to be_kind_of(Gem::Version)
+      expect(@gem_env.candidate_version_from_remote(dep, "https://rubygems2.org")).to be_nil
     end
   end
 

data/spec/unit/provider/user/linux_spec.rb

@@ -70,4 +70,59 @@ describe Chef::Provider::User::Linux do
       expect( provider.useradd_options ).to eql(["-m"])
     end
   end
+
+  describe "compare_user_linux" do
+    before(:each) do
+      @new_resource = Chef::Resource::User::LinuxUser.new("notarealuser")
+      @current_resource = Chef::Resource::User::LinuxUser.new("notarealuser")
+    end
+
+    let(:mapping) do
+      {
+        "username" => %w{notarealuser notarealuser},
+        "comment" => ["Nota Realuser", "Not a Realuser"],
+        "uid" => [1000, 1001],
+        "gid" => [1000, 1001],
+        "home" => ["/home/notarealuser", "/Users/notarealuser"],
+        "shell" => ["/usr/bin/zsh", "/bin/bash"],
+        "password" => %w{abcd 12345},
+        "sensitive" => [true],
+      }
+    end
+
+    %w{uid gid comment home shell password}.each do |property|
+      it "should return true if #{property} doesn't match" do
+        @new_resource.send(property, mapping[property][0])
+        @current_resource.send(property, mapping[property][1])
+        expect(provider.compare_user).to eql(true)
+      end
+    end
+
+    it "should show a blank for password if sensitive set to true" do
+      @new_resource.password mapping["password"][0]
+      @current_resource.password mapping["password"][1]
+      @new_resource.sensitive true
+      @current_resource.sensitive true
+      provider.compare_user
+      expect(provider.change_desc).to eql(["change password from ******** to ********"])
+    end
+
+    %w{uid gid}.each do |property|
+      it "should return false if string #{property} matches fixnum" do
+        @new_resource.send(property, "100")
+        @current_resource.send(property, 100)
+        expect(provider.compare_user).to eql(false)
+      end
+    end
+
+    it "should return false if the objects are identical" do
+      expect(provider.compare_user).to eql(false)
+    end
+
+    it "should ignore differences in trailing slash in home paths" do
+      @new_resource.home "/home/notarealuser"
+      @current_resource.home "/home/notarealuser/"
+      expect(provider.compare_user).to eql(false)
+    end
+  end
 end

data/spec/unit/resource/chef_client_config_spec.rb

@@ -134,4 +134,12 @@ describe Chef::Resource::ChefClientConfig do
       expect(provider.format_handler([{ "class" => "Foo", "arguments" => ["'one'", "two", "three"] }])).to eql(["Foo.new('one',two,three)"])
     end
   end
+
+  describe "rubygems_url property" do
+    it "accepts nil, a single URL, or an array of URLs" do
+      expect { resource.rubygems_url(nil) }.not_to raise_error
+      expect { resource.rubygems_url("https://rubygems.internal.example.com") }.not_to raise_error
+      expect { resource.rubygems_url(["https://rubygems.east.example.com", "https://rubygems.west.example.com"]) }.not_to raise_error
+    end
+  end
 end

data/spec/unit/resource/chef_client_systemd_timer_spec.rb

@@ -102,7 +102,7 @@ describe Chef::Resource::ChefClientSystemdTimer do
 
     it "sets CPUQuota if cpu_quota property is set" do
       resource.cpu_quota 50
-      expect(provider.service_content["Service"]["CPUQuota"]).to eq(50)
+      expect(provider.service_content["Service"]["CPUQuota"]).to eq("50%")
     end
   end
 end

data/spec/unit/resource/macos_user_defaults_spec.rb

@@ -39,12 +39,12 @@ describe Chef::Resource::MacosUserDefaults, :macos_only do
       expect(resource.domain).to eq("NSGlobalDomain")
     end
 
-    it "nil for the host property" do
-      expect(resource.host).to be_nil
+    it ":all for the host property" do
+      expect(resource.host).to eq(:all)
     end
 
-    it "nil for the user property" do
-      expect(resource.user).to be_nil
+    it ":current for the user property" do
+      expect(resource.user).to eq(:current)
     end
 
     it ":write for resource action" do

data/spec/unit/resource_spec.rb

@@ -371,6 +371,9 @@ describe Chef::Resource do
   end
 
   describe "to_text" do
+
+    let(:sensitive_property_masked_value) { "sensitive value suppressed" }
+
     it "prints nice message" do
       resource_class = Class.new(Chef::Resource) { property :foo, String }
       resource = resource_class.new("sensitive_property_tests")
@@ -383,7 +386,25 @@ describe Chef::Resource do
         resource_class = Class.new(Chef::Resource) { property :foo, String, sensitive: true }
         resource = resource_class.new("sensitive_property_tests")
         resource.foo = "some value"
-        expect(resource.to_text).to match(/foo "\*sensitive value suppressed\*"/)
+        expect(resource.to_text).to match(/foo "\*#{sensitive_property_masked_value}\*"/)
+      end
+
+      it "suppresses that properties value irrespective of desired state (false) " do
+        resource_class = Class.new(Chef::Resource) {
+          property :suppressed_content, String, sensitive: true, desired_state: false
+        }
+        resource = resource_class.new("desired_state_property_tests")
+        resource.suppressed_content = "some value"
+        expect(resource.to_text).to match(/suppressed_content "\*#{sensitive_property_masked_value}\*"/)
+      end
+
+      it "suppresses that properties value irrespective of desired state (true) " do
+        resource_class = Class.new(Chef::Resource) {
+          property :desired_state_content, String, sensitive: true, desired_state: true
+        }
+        resource = resource_class.new("desired_state_property_tests")
+        resource.desired_state_content = "some value"
+        expect(resource.to_text).to match(/desired_state_content "\*#{sensitive_property_masked_value}\*"/)
       end
     end
 

data/spec/unit/run_context_spec.rb

@@ -53,6 +53,22 @@ describe Chef::RunContext do
     expect(run_context.node).to eq(node)
   end
 
+  it "responds to #default_secret_service" do
+    expect(run_context).to respond_to(:default_secret_service)
+  end
+
+  it "responds to #default_secret_config" do
+    expect(run_context).to respond_to(:default_secret_config)
+  end
+
+  it "#default_secret_service defaults to nil" do
+    expect(run_context.default_secret_service).to eq(nil)
+  end
+
+  it "#default_secret_config defaults to {}" do
+    expect(run_context.default_secret_config).to eq({})
+  end
+
   it "loads up node[:cookbooks]" do
     expect(run_context.node[:cookbooks]).to eql(
       {