chef 17.10.0 → 18.0.169
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -8
- data/README.md +7 -7
- data/Rakefile +5 -24
- data/{chef-universal-mingw32.gemspec → chef-universal-mingw-ucrt.gemspec} +7 -6
- data/chef.gemspec +13 -6
- data/lib/chef/api_client_v1.rb +9 -1
- data/lib/chef/application/exit_code.rb +3 -3
- data/lib/chef/client.rb +167 -0
- data/lib/chef/compliance/input.rb +1 -1
- data/lib/chef/compliance/input_collection.rb +1 -1
- data/lib/chef/compliance/profile.rb +1 -1
- data/lib/chef/compliance/profile_collection.rb +1 -2
- data/lib/chef/compliance/waiver.rb +1 -1
- data/lib/chef/compliance/waiver_collection.rb +1 -1
- data/lib/chef/cookbook/syntax_check.rb +2 -2
- data/lib/chef/dsl/reader_helpers.rb +1 -1
- data/lib/chef/dsl/rest_resource.rb +77 -0
- data/lib/chef/dsl/secret.rb +113 -5
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +8 -0
- data/lib/chef/http/authenticator.rb +170 -3
- data/lib/chef/http/ssl_policies.rb +3 -3
- data/lib/chef/mixin/powershell_exec.rb +5 -28
- data/lib/chef/mixin/properties.rb +6 -0
- data/lib/chef/node/attribute.rb +20 -3
- data/lib/chef/node/mixin/deep_merge_cache.rb +4 -4
- data/lib/chef/node/mixin/immutablize_array.rb +1 -0
- data/lib/chef/property.rb +5 -3
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/http_request.rb +11 -9
- data/lib/chef/provider/mount/linux.rb +5 -0
- data/lib/chef/provider/mount/mount.rb +8 -0
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +1 -1
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/package/zypper/version.rb +60 -0
- data/lib/chef/provider/package/zypper.rb +47 -3
- data/lib/chef/provider/service/windows.rb +1 -1
- data/lib/chef/provider/user/aix.rb +5 -0
- data/lib/chef/provider/user/linux.rb +29 -0
- data/lib/chef/provider/user/mac.rb +1 -1
- data/lib/chef/provider/user.rb +45 -9
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource/_rest_resource.rb +389 -0
- data/lib/chef/resource/alternatives.rb +0 -1
- data/lib/chef/resource/apt_package.rb +0 -1
- data/lib/chef/resource/apt_preference.rb +0 -1
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/apt_update.rb +0 -1
- data/lib/chef/resource/archive_file.rb +0 -1
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +0 -1
- data/lib/chef/resource/bff_package.rb +0 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +0 -1
- data/lib/chef/resource/cab_package.rb +0 -1
- data/lib/chef/resource/chef_client_config.rb +17 -14
- data/lib/chef/resource/chef_client_cron.rb +1 -2
- data/lib/chef/resource/chef_client_launchd.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +3 -3
- data/lib/chef/resource/chef_client_systemd_timer.rb +0 -1
- data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +0 -1
- data/lib/chef/resource/chef_handler.rb +0 -1
- data/lib/chef/resource/chef_sleep.rb +1 -3
- data/lib/chef/resource/chef_vault_secret.rb +0 -1
- data/lib/chef/resource/chocolatey_config.rb +0 -1
- data/lib/chef/resource/chocolatey_feature.rb +0 -1
- data/lib/chef/resource/chocolatey_package.rb +0 -1
- data/lib/chef/resource/chocolatey_source.rb +0 -1
- data/lib/chef/resource/cookbook_file.rb +0 -1
- data/lib/chef/resource/cron/_cron_shared.rb +0 -1
- data/lib/chef/resource/cron/cron.rb +0 -1
- data/lib/chef/resource/cron/cron_d.rb +15 -1
- data/lib/chef/resource/cron_access.rb +0 -1
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/directory.rb +0 -1
- data/lib/chef/resource/dmg_package.rb +0 -1
- data/lib/chef/resource/dnf_package.rb +0 -1
- data/lib/chef/resource/dpkg_package.rb +0 -1
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +0 -1
- data/lib/chef/resource/execute.rb +0 -1
- data/lib/chef/resource/file.rb +0 -1
- data/lib/chef/resource/freebsd_package.rb +0 -1
- data/lib/chef/resource/gem_package.rb +0 -1
- data/lib/chef/resource/group.rb +25 -2
- data/lib/chef/resource/habitat/habitat_package.rb +0 -1
- data/lib/chef/resource/habitat/habitat_sup.rb +6 -7
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +1 -1
- data/lib/chef/resource/habitat_config.rb +0 -1
- data/lib/chef/resource/habitat_install.rb +0 -1
- data/lib/chef/resource/habitat_service.rb +0 -1
- data/lib/chef/resource/habitat_user_toml.rb +0 -1
- data/lib/chef/resource/homebrew_cask.rb +0 -1
- data/lib/chef/resource/homebrew_package.rb +0 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -1
- data/lib/chef/resource/homebrew_update.rb +0 -2
- data/lib/chef/resource/hostname.rb +0 -1
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +0 -1
- data/lib/chef/resource/inspec_input.rb +0 -1
- data/lib/chef/resource/inspec_waiver.rb +0 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -3
- data/lib/chef/resource/ips_package.rb +0 -1
- data/lib/chef/resource/kernel_module.rb +0 -1
- data/lib/chef/resource/ksh.rb +0 -1
- data/lib/chef/resource/launchd.rb +0 -1
- data/lib/chef/resource/link.rb +0 -1
- data/lib/chef/resource/locale.rb +1 -2
- data/lib/chef/resource/log.rb +0 -1
- data/lib/chef/resource/lwrp_base.rb +0 -4
- data/lib/chef/resource/macos_userdefaults.rb +0 -1
- data/lib/chef/resource/macosx_service.rb +0 -1
- data/lib/chef/resource/macports_package.rb +0 -1
- data/lib/chef/resource/mdadm.rb +0 -1
- data/lib/chef/resource/mount.rb +0 -1
- data/lib/chef/resource/msu_package.rb +0 -1
- data/lib/chef/resource/notify_group.rb +0 -2
- data/lib/chef/resource/ohai.rb +0 -1
- data/lib/chef/resource/ohai_hint.rb +0 -1
- data/lib/chef/resource/openbsd_package.rb +0 -1
- data/lib/chef/resource/openssl_dhparam.rb +0 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +0 -2
- data/lib/chef/resource/openssl_ec_public_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_public_key.rb +0 -2
- data/lib/chef/resource/openssl_x509_certificate.rb +0 -2
- data/lib/chef/resource/openssl_x509_crl.rb +0 -2
- data/lib/chef/resource/openssl_x509_request.rb +0 -2
- data/lib/chef/resource/osx_profile.rb +0 -1
- data/lib/chef/resource/package.rb +0 -1
- data/lib/chef/resource/pacman_package.rb +0 -1
- data/lib/chef/resource/paludis_package.rb +0 -1
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +7 -3
- data/lib/chef/resource/portage_package.rb +0 -1
- data/lib/chef/resource/powershell_package.rb +0 -1
- data/lib/chef/resource/powershell_package_source.rb +0 -1
- data/lib/chef/resource/powershell_script.rb +0 -1
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +0 -1
- data/lib/chef/resource/remote_directory.rb +0 -1
- data/lib/chef/resource/remote_file.rb +0 -1
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +17 -1
- data/lib/chef/resource/rhsm_repo.rb +0 -1
- data/lib/chef/resource/rhsm_subscription.rb +0 -1
- data/lib/chef/resource/route.rb +0 -1
- data/lib/chef/resource/rpm_package.rb +0 -1
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/ruby_block.rb +0 -1
- data/lib/chef/resource/scm/_scm.rb +0 -2
- data/lib/chef/resource/scm/git.rb +0 -2
- data/lib/chef/resource/scm/subversion.rb +0 -2
- data/lib/chef/resource/script.rb +0 -1
- data/lib/chef/resource/selinux/common_helpers.rb +47 -0
- data/lib/chef/resource/selinux/selinux_debian.erb +18 -0
- data/lib/chef/resource/selinux/selinux_default.erb +15 -0
- data/lib/chef/resource/selinux_boolean.rb +101 -0
- data/lib/chef/resource/selinux_fcontext.rb +160 -0
- data/lib/chef/resource/selinux_install.rb +107 -0
- data/lib/chef/resource/selinux_module.rb +143 -0
- data/lib/chef/resource/selinux_permissive.rb +64 -0
- data/lib/chef/resource/selinux_port.rb +118 -0
- data/lib/chef/resource/selinux_state.rb +166 -0
- data/lib/chef/resource/service.rb +0 -1
- data/lib/chef/resource/smartos_package.rb +0 -1
- data/lib/chef/resource/snap_package.rb +0 -1
- data/lib/chef/resource/solaris_package.rb +0 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +0 -1
- data/lib/chef/resource/sudo.rb +0 -1
- data/lib/chef/resource/support/client.erb +3 -4
- data/lib/chef/resource/swap_file.rb +0 -1
- data/lib/chef/resource/sysctl.rb +1 -2
- data/lib/chef/resource/systemd_unit.rb +0 -1
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +0 -1
- data/lib/chef/resource/user/aix_user.rb +0 -1
- data/lib/chef/resource/user/linux_user.rb +0 -1
- data/lib/chef/resource/user/mac_user.rb +0 -1
- data/lib/chef/resource/user/pw_user.rb +0 -1
- data/lib/chef/resource/user/solaris_user.rb +0 -1
- data/lib/chef/resource/user/windows_user.rb +0 -1
- data/lib/chef/resource/user.rb +10 -1
- data/lib/chef/resource/user_ulimit.rb +0 -1
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +0 -1
- data/lib/chef/resource/windows_ad_join.rb +0 -2
- data/lib/chef/resource/windows_audit_policy.rb +0 -2
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +54 -43
- data/lib/chef/resource/windows_defender.rb +0 -1
- data/lib/chef/resource/windows_defender_exclusion.rb +0 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +0 -1
- data/lib/chef/resource/windows_feature.rb +0 -1
- data/lib/chef/resource/windows_feature_dism.rb +0 -1
- data/lib/chef/resource/windows_feature_powershell.rb +0 -1
- data/lib/chef/resource/windows_firewall_profile.rb +0 -2
- data/lib/chef/resource/windows_firewall_rule.rb +0 -1
- data/lib/chef/resource/windows_font.rb +2 -3
- data/lib/chef/resource/windows_package.rb +0 -1
- data/lib/chef/resource/windows_pagefile.rb +27 -22
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +0 -2
- data/lib/chef/resource/windows_security_policy.rb +0 -1
- data/lib/chef/resource/windows_service.rb +0 -1
- data/lib/chef/resource/windows_share.rb +0 -1
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +0 -1
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_update_settings.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +36 -27
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +0 -1
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource/zypper_package.rb +0 -1
- data/lib/chef/resource/zypper_repository.rb +0 -1
- data/lib/chef/resource.rb +13 -5
- data/lib/chef/resources.rb +7 -0
- data/lib/chef/run_context.rb +19 -3
- data/lib/chef/secret_fetcher/azure_key_vault.rb +3 -3
- data/lib/chef/secret_fetcher/hashi_vault.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/handle.rb +6 -7
- data/lib/chef/win32/registry.rb +7 -3
- data/lib/chef/win32/version.rb +2 -1
- data/spec/data/rubygems.org/sexp_processor-info +2 -1
- data/spec/functional/resource/dsc_script_spec.rb +1 -1
- data/spec/functional/resource/group_spec.rb +10 -6
- data/spec/functional/resource/link_spec.rb +8 -8
- data/spec/functional/resource/plist_spec.rb +25 -0
- data/spec/functional/resource/user/linux_user_spec.rb +127 -0
- data/spec/functional/resource/windows_certificate_spec.rb +15 -12
- data/spec/functional/resource/windows_font_spec.rb +11 -8
- data/spec/functional/resource/windows_pagefile_spec.rb +31 -4
- data/spec/functional/resource/zypper_package_spec.rb +12 -0
- data/spec/functional/shell_spec.rb +7 -2
- data/spec/functional/version_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +82 -3
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +2 -1
- data/spec/integration/solo/solo_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +2 -2
- data/spec/unit/application/client_spec.rb +0 -10
- data/spec/unit/client_spec.rb +54 -2
- data/spec/unit/cookbook/syntax_check_spec.rb +3 -0
- data/spec/unit/daemon_spec.rb +1 -5
- data/spec/unit/dsl/secret_spec.rb +127 -23
- data/spec/unit/http/authenticator_spec.rb +68 -0
- data/spec/unit/mixin/powershell_exec_spec.rb +5 -5
- data/spec/unit/platform/query_helpers_spec.rb +2 -17
- data/spec/unit/provider/http_request_spec.rb +60 -72
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/package/rubygems_spec.rb +2 -2
- data/spec/unit/provider/package/zypper_spec.rb +32 -0
- data/spec/unit/provider/user/linux_spec.rb +96 -1
- data/spec/unit/provider/user_spec.rb +24 -6
- data/spec/unit/resource/archive_file_spec.rb +1 -1
- data/spec/unit/resource/chef_client_config_spec.rb +8 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +5 -0
- data/spec/unit/resource/chef_client_launchd_spec.rb +5 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +5 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +1 -1
- data/spec/unit/resource/cron_d_spec.rb +37 -1
- data/spec/unit/resource/rest_resource_spec.rb +381 -0
- data/spec/unit/resource/selinux_boolean_spec.rb +92 -0
- data/spec/unit/resource/selinux_fcontext_spec.rb +65 -0
- data/spec/unit/resource/selinux_install_spec.rb +60 -0
- data/spec/unit/resource/selinux_module_spec.rb +55 -0
- data/spec/unit/resource/selinux_permissive_spec.rb +39 -0
- data/spec/unit/resource/selinux_port_spec.rb +42 -0
- data/spec/unit/resource/selinux_state_spec.rb +46 -0
- data/spec/unit/resource/sysctl_spec.rb +2 -2
- data/spec/unit/resource/user/linux_user_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +21 -1
- data/spec/unit/run_context_spec.rb +16 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +1 -1
- data/tasks/rspec.rb +1 -1
- metadata +85 -19
@@ -4,6 +4,10 @@ require "chef/mixin/shell_out"
|
|
4
4
|
require "tiny_server"
|
5
5
|
require "tmpdir"
|
6
6
|
require "chef-utils/dist"
|
7
|
+
require "chef/mixin/powershell_exec"
|
8
|
+
|
9
|
+
# cspell:disable-next-line
|
10
|
+
SOME_CHARS = "~!@#%^&*_-+=`|\\(){}[<]:;'>,.?/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz".each_char.to_a.freeze
|
7
11
|
|
8
12
|
describe "chef-client" do
|
9
13
|
|
@@ -31,8 +35,56 @@ describe "chef-client" do
|
|
31
35
|
@server = @api = nil
|
32
36
|
end
|
33
37
|
|
38
|
+
def install_certificate_in_store(client_name)
|
39
|
+
if ChefUtils.windows?
|
40
|
+
powershell_exec! <<~EOH
|
41
|
+
if (-not (($PSVersionTable.PSVersion.Major -ge 5) -and ($PSVersionTable.PSVersion.Build -ge 22000)) ) {
|
42
|
+
New-SelfSignedCertificate -CertStoreLocation Cert:\\LocalMachine\\My -DnsName "#{client_name}"
|
43
|
+
}
|
44
|
+
else {
|
45
|
+
New-SelfSignedCertificate -CertStoreLocation Cert:\\LocalMachine\\My -Subject "#{client_name}" -FriendlyName "#{client_name}" -KeyExportPolicy Exportable
|
46
|
+
}
|
47
|
+
EOH
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def create_registry_key
|
52
|
+
::Chef::HTTP::Authenticator.get_cert_password
|
53
|
+
# @win32registry = Chef::Win32::Registry.new
|
54
|
+
# path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
|
55
|
+
# unless @win32registry.key_exists?(path)
|
56
|
+
# @win32registry.create_key(path, true)
|
57
|
+
# end
|
58
|
+
# password = SOME_CHARS.sample(1 + rand(SOME_CHARS.count)).join[0...14]
|
59
|
+
# values = { name: "PfxPass", type: :string, data: password }
|
60
|
+
# @win32registry.set_value(path, values)
|
61
|
+
end
|
62
|
+
|
63
|
+
def remove_certificate_from_store
|
64
|
+
powershell_exec! <<~EOH
|
65
|
+
Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force | Where-Object { $_.Subject -Match "#{client_name}" } -ErrorAction Stop | Remove-Item
|
66
|
+
EOH
|
67
|
+
end
|
68
|
+
|
69
|
+
def remove_registry_key
|
70
|
+
powershell_exec!("Remove-ItemProperty -Path HKLM:\\SOFTWARE\\Progress\\Authentication -Name 'PfxPass' ")
|
71
|
+
end
|
72
|
+
|
73
|
+
def verify_export_password_exists
|
74
|
+
powershell_exec! <<~EOH
|
75
|
+
Try {
|
76
|
+
$response = Get-ItemProperty -Path "HKLM:\\Software\\Progress\\Authentication" -Name "PfxPass" -ErrorAction Stop
|
77
|
+
if ($response) {return $true}
|
78
|
+
}
|
79
|
+
Catch {
|
80
|
+
return $false
|
81
|
+
}
|
82
|
+
EOH
|
83
|
+
end
|
84
|
+
|
34
85
|
include IntegrationSupport
|
35
86
|
include Chef::Mixin::ShellOut
|
87
|
+
include Chef::Mixin::PowershellExec
|
36
88
|
|
37
89
|
let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
|
38
90
|
|
@@ -45,8 +97,10 @@ describe "chef-client" do
|
|
45
97
|
# machine that has omnibus chef installed. In that case we need to ensure
|
46
98
|
# we're running `chef-client` from the source tree and not the external one.
|
47
99
|
# cf. CHEF-4914
|
48
|
-
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
|
49
|
-
let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
|
100
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
101
|
+
let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
|
102
|
+
let(:client_name) { "chef-973334" }
|
103
|
+
let(:hostname) { "973334" }
|
50
104
|
|
51
105
|
context "when validation.pem in current Directory" do
|
52
106
|
let(:validation_path) { "" }
|
@@ -133,7 +187,6 @@ describe "chef-client" do
|
|
133
187
|
# FATAL: Configuration error NoMethodError: undefined method `xxx' for nil:NilClass
|
134
188
|
expect(result.stdout).to include("xxx")
|
135
189
|
end
|
136
|
-
|
137
190
|
end
|
138
191
|
|
139
192
|
it "should complete with success" do
|
@@ -146,6 +199,32 @@ describe "chef-client" do
|
|
146
199
|
result.error!
|
147
200
|
end
|
148
201
|
|
202
|
+
if ChefUtils.windows?
|
203
|
+
context "and the private key is in the Windows CertStore" do
|
204
|
+
before do
|
205
|
+
install_certificate_in_store(client_name)
|
206
|
+
create_registry_key
|
207
|
+
end
|
208
|
+
|
209
|
+
after do
|
210
|
+
remove_certificate_from_store
|
211
|
+
remove_registry_key
|
212
|
+
end
|
213
|
+
|
214
|
+
it "should verify that the cert is loaded in the LocalMachine\\My" do
|
215
|
+
expect(Chef::HTTP::Authenticator.check_certstore_for_key(hostname)).to eq(true)
|
216
|
+
end
|
217
|
+
|
218
|
+
it "should verify that the export password for the pfx is loaded in the Registry" do
|
219
|
+
expect(verify_export_password_exists.result).to eq(true)
|
220
|
+
end
|
221
|
+
|
222
|
+
it "should verify that a private key is returned to me" do
|
223
|
+
expect(Chef::HTTP::Authenticator.retrieve_certificate_key(client_name)).not_to be nil
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
|
149
228
|
context "and a private key" do
|
150
229
|
before do
|
151
230
|
file "mykey.pem", <<~EOM
|
@@ -23,7 +23,7 @@ describe "chef-client" do
|
|
23
23
|
# machine that has omnibus chef installed. In that case we need to ensure
|
24
24
|
# we're running `chef-client` from the source tree and not the external one.
|
25
25
|
# cf. CHEF-4914
|
26
|
-
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --no-fork --minimal-ohai" }
|
26
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --no-fork --minimal-ohai --always-dump-stacktrace" }
|
27
27
|
|
28
28
|
let(:critical_env_vars) { %w{PATH RUBYOPT BUNDLE_GEMFILE GEM_PATH}.map { |o| "#{o}=#{ENV[o]}" } .join(" ") }
|
29
29
|
|
@@ -76,7 +76,7 @@ describe "chef-client" do
|
|
76
76
|
|
77
77
|
let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
|
78
78
|
|
79
|
-
let(:chef_client_cmd) { %Q{bundle exec
|
79
|
+
let(:chef_client_cmd) { %Q{bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai -c "#{path_to("config/client.rb")}" -lwarn --always-dump-stacktrace} }
|
80
80
|
|
81
81
|
after do
|
82
82
|
FileUtils.rm_rf(cache_path)
|
@@ -20,7 +20,7 @@ describe "chef-client with compliance phase" do
|
|
20
20
|
# machine that has omnibus chef installed. In that case we need to ensure
|
21
21
|
# we're running `chef-client` from the source tree and not the external one.
|
22
22
|
# cf. CHEF-4914
|
23
|
-
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
|
23
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
24
24
|
|
25
25
|
when_the_repository "has a custom profile" do
|
26
26
|
let(:report_file) { path_to("report_file.json") }
|
@@ -17,7 +17,7 @@ describe "Accumulators" do
|
|
17
17
|
# machine that has omnibus chef installed. In that case we need to ensure
|
18
18
|
# we're running `chef-client` from the source tree and not the external one.
|
19
19
|
# cf. CHEF-4914
|
20
|
-
let(:chef_client) { "bundle exec
|
20
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
21
21
|
|
22
22
|
let(:aliases_temppath) do
|
23
23
|
t = Tempfile.new("chef_accumulator_test")
|
@@ -17,7 +17,7 @@ describe "LWRPs with inline resources" do
|
|
17
17
|
# machine that has omnibus chef installed. In that case we need to ensure
|
18
18
|
# we're running `chef-client` from the source tree and not the external one.
|
19
19
|
# cf. CHEF-4914
|
20
|
-
let(:chef_client) { "bundle exec
|
20
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
21
21
|
|
22
22
|
context "with a use_inline_resources provider with 'def action_a' instead of action :a" do
|
23
23
|
class LwrpInlineResourcesTest < Chef::Resource
|
@@ -17,7 +17,7 @@ describe "LWRPs" do
|
|
17
17
|
# machine that has omnibus chef installed. In that case we need to ensure
|
18
18
|
# we're running `chef-client` from the source tree and not the external one.
|
19
19
|
# cf. CHEF-4914
|
20
|
-
let(:chef_client) { "bundle exec
|
20
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
21
21
|
|
22
22
|
when_the_repository "has a cookbook named l-w-r-p" do
|
23
23
|
before do
|
@@ -23,7 +23,7 @@ describe "notifications" do
|
|
23
23
|
include Chef::Mixin::ShellOut
|
24
24
|
|
25
25
|
let(:chef_dir) { File.expand_path("../../..", __dir__) }
|
26
|
-
let(:chef_client) { "bundle exec
|
26
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
27
27
|
|
28
28
|
when_the_repository "notifies a nameless resource" do
|
29
29
|
before do
|
@@ -24,7 +24,7 @@ describe "notifying_block" do
|
|
24
24
|
include Chef::Mixin::ShellOut
|
25
25
|
|
26
26
|
let(:chef_dir) { File.expand_path("../../..", __dir__) }
|
27
|
-
let(:chef_client) { "bundle exec
|
27
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
28
28
|
|
29
29
|
when_the_repository "notifying_block test one" do
|
30
30
|
before do
|
@@ -16,7 +16,7 @@ describe Chef::Resource::RemoteDirectory do
|
|
16
16
|
# machine that has omnibus chef installed. In that case we need to ensure
|
17
17
|
# we're running `chef-client` from the source tree and not the external one.
|
18
18
|
# cf. CHEF-4914
|
19
|
-
let(:chef_client) { "bundle exec
|
19
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
20
20
|
|
21
21
|
when_the_repository "has a cookbook with a source_dir with two subdirectories, each with one file and subdir in a different alphabetical order" do
|
22
22
|
before do
|
@@ -8,7 +8,7 @@ describe "Unified Mode" do
|
|
8
8
|
|
9
9
|
let(:chef_dir) { File.expand_path("../../..", __dir__) }
|
10
10
|
|
11
|
-
let(:chef_client) { "bundle exec
|
11
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
12
12
|
|
13
13
|
when_the_repository "has a cookbook with a unified_mode resource with a delayed notification from the second block to the first block" do
|
14
14
|
before do
|
@@ -23,10 +23,11 @@ describe "notifying_block" do
|
|
23
23
|
include Chef::Mixin::ShellOut
|
24
24
|
|
25
25
|
let(:chef_dir) { File.expand_path("../../..", __dir__) }
|
26
|
-
let(:chef_client) { "bundle exec
|
26
|
+
let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
|
27
27
|
|
28
28
|
when_the_repository "has a cookbook with partial resources" do
|
29
29
|
before do
|
30
|
+
::Chef::HTTP::Authenticator.get_cert_password if windows?
|
30
31
|
directory "cookbooks/x" do
|
31
32
|
file "resources/_shared_properties.rb", <<-EOM
|
32
33
|
property :content, String
|
@@ -18,7 +18,7 @@ describe ChefUtils::Dist::Solo::EXEC do
|
|
18
18
|
|
19
19
|
let(:cookbook_ancient_100_metadata_rb) { cb_metadata("ancient", "1.0.0") }
|
20
20
|
|
21
|
-
let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
|
21
|
+
let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
|
22
22
|
|
23
23
|
when_the_repository "creates nodes" do
|
24
24
|
let(:nodes_dir) { File.join(@repository_dir, "nodes") }
|
@@ -28,7 +28,7 @@ describe ChefUtils::Dist::Solo::EXEC do
|
|
28
28
|
file "config/solo.rb", <<~EOM
|
29
29
|
chef_repo_path "#{@repository_dir}"
|
30
30
|
EOM
|
31
|
-
result = shell_out("bundle exec
|
31
|
+
result = shell_out("bundle exec #{ChefUtils::Dist::Solo::EXEC} --minimal-ohai --always-dump-stacktrace -c \"#{path_to("config/solo.rb")}\" -l debug", cwd: chef_dir)
|
32
32
|
result.error!
|
33
33
|
end
|
34
34
|
|
data/spec/spec_helper.rb
CHANGED
@@ -144,6 +144,7 @@ RSpec.configure do |config|
|
|
144
144
|
config.filter_run_excluding macos_only: true unless macos?
|
145
145
|
config.filter_run_excluding not_macos_gte_11: true if macos_gte_11?
|
146
146
|
config.filter_run_excluding not_supported_on_aix: true if aix?
|
147
|
+
config.filter_run_excluding not_supported_on_freebsd_gte_12_3: true if freebsd_gte_12_3?
|
147
148
|
config.filter_run_excluding not_supported_on_solaris: true if solaris?
|
148
149
|
config.filter_run_excluding not_supported_on_gce: true if gce?
|
149
150
|
config.filter_run_excluding win2012r2_only: true unless windows_2012r2?
|
@@ -127,6 +127,10 @@ def freebsd?
|
|
127
127
|
RUBY_PLATFORM.include?("freebsd")
|
128
128
|
end
|
129
129
|
|
130
|
+
def freebsd_gte_12_3?
|
131
|
+
RUBY_PLATFORM.include?("freebsd") && !!(ohai[:platform_version].to_f >= 12.3)
|
132
|
+
end
|
133
|
+
|
130
134
|
def intel_64bit?
|
131
135
|
!!(ohai[:kernel][:machine] == "x86_64")
|
132
136
|
end
|
@@ -48,4 +48,4 @@ rescue LoadError
|
|
48
48
|
$stderr.puts "Failed to load ruby_installer. Assuming Ruby Installer is not being used."
|
49
49
|
end
|
50
50
|
|
51
|
-
add_libarchive_dll_directory if RUBY_PLATFORM.match?(/mswin|
|
51
|
+
add_libarchive_dll_directory if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
@@ -163,7 +163,7 @@ shared_context Chef::Resource::WindowsScript do
|
|
163
163
|
|
164
164
|
describe "when the run action is invoked on Windows" do
|
165
165
|
it "executes the script code" do
|
166
|
-
resource.code("
|
166
|
+
resource.code("chcp > \"#{script_output_path}\"")
|
167
167
|
resource.returns(0)
|
168
168
|
resource.run_action(:run)
|
169
169
|
end
|
@@ -199,7 +199,7 @@ shared_context Chef::Resource::WindowsScript do
|
|
199
199
|
end
|
200
200
|
|
201
201
|
it "executes the script code" do
|
202
|
-
resource.code("
|
202
|
+
resource.code("chcp > \"#{script_output_path}\"")
|
203
203
|
resource.returns(0)
|
204
204
|
resource.run_action(:run)
|
205
205
|
end
|
@@ -564,16 +564,6 @@ describe Chef::Application::Client, "run_application", :unix_only do
|
|
564
564
|
expect(IO.select([@pipe[0]], nil, nil, 0)).not_to be_nil
|
565
565
|
expect(@pipe[0].gets).to eq("finished\n")
|
566
566
|
end
|
567
|
-
|
568
|
-
it "should exit hard when sent before converge" do
|
569
|
-
pid = fork do
|
570
|
-
sleep 3
|
571
|
-
@app.run_application
|
572
|
-
end
|
573
|
-
Process.kill("TERM", pid)
|
574
|
-
_pid, result = Process.waitpid2(pid)
|
575
|
-
expect(result.exitstatus).to eq(3)
|
576
|
-
end
|
577
567
|
end
|
578
568
|
end
|
579
569
|
|
data/spec/unit/client_spec.rb
CHANGED
@@ -23,6 +23,11 @@ require "chef/run_context"
|
|
23
23
|
require "chef/server_api"
|
24
24
|
require "rbconfig"
|
25
25
|
|
26
|
+
begin
|
27
|
+
require "chef-powershell"
|
28
|
+
rescue LoadError
|
29
|
+
end
|
30
|
+
|
26
31
|
class FooError < RuntimeError
|
27
32
|
end
|
28
33
|
|
@@ -113,6 +118,7 @@ shared_context "a client run" do
|
|
113
118
|
# --Client.register
|
114
119
|
# Make sure Client#register thinks the client key doesn't
|
115
120
|
# exist, so it tries to register and create one.
|
121
|
+
allow(Chef::HTTP::Authenticator).to receive(:detect_certificate_key).with(fqdn).and_return(false)
|
116
122
|
allow(File).to receive(:exists?).and_call_original
|
117
123
|
expect(File).to receive(:exists?)
|
118
124
|
.with(Chef::Config[:client_key])
|
@@ -201,7 +207,6 @@ shared_context "a client run" do
|
|
201
207
|
|
202
208
|
# Post conditions: check that node has been filled in correctly
|
203
209
|
expect(client).to receive(:run_started)
|
204
|
-
|
205
210
|
stub_for_run
|
206
211
|
end
|
207
212
|
end
|
@@ -262,7 +267,7 @@ end
|
|
262
267
|
|
263
268
|
# requires platform and platform_version be defined
|
264
269
|
shared_examples "a completed run" do
|
265
|
-
include_context "run completed"
|
270
|
+
include_context "run completed" # should receive run_completed_successfully
|
266
271
|
|
267
272
|
it "runs ohai, sets up authentication, loads node state, synchronizes policy, converges" do
|
268
273
|
# This is what we're testing.
|
@@ -282,6 +287,53 @@ shared_examples "a failed run" do
|
|
282
287
|
end
|
283
288
|
end
|
284
289
|
|
290
|
+
describe Chef::Client, :windows_only do
|
291
|
+
let(:hostname) { "test" }
|
292
|
+
let(:my_client) { Chef::Client.new }
|
293
|
+
let(:cert_name) { "chef-#{hostname}" }
|
294
|
+
let(:node_name) { "#{hostname}" }
|
295
|
+
let(:end_date) do
|
296
|
+
d = Time.now
|
297
|
+
if d.month == 10 || d.month == 11 || d.month == 12
|
298
|
+
end_date = Time.new(d.year + 1, d.month - 9, d.day, d.hour, d.min, d.sec).utc.iso8601
|
299
|
+
else
|
300
|
+
end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
|
301
|
+
end
|
302
|
+
end
|
303
|
+
# include_context "client"
|
304
|
+
before(:each) do
|
305
|
+
Chef::Config[:migrate_key_to_keystore] = true
|
306
|
+
end
|
307
|
+
|
308
|
+
after(:each) do
|
309
|
+
delete_certificate(cert_name)
|
310
|
+
end
|
311
|
+
|
312
|
+
context "when the client intially boots the first time" do
|
313
|
+
it "verfies that a certificate was correctly created and exists in the Cert Store" do
|
314
|
+
new_pfx = my_client.generate_pfx_package(cert_name, end_date)
|
315
|
+
my_client.import_pfx_to_store(new_pfx)
|
316
|
+
expect(my_client.check_certstore_for_key(cert_name)).not_to be false
|
317
|
+
end
|
318
|
+
|
319
|
+
it "correctly returns a new Publc Key" do
|
320
|
+
new_pfx = my_client.generate_pfx_package(cert_name, end_date)
|
321
|
+
cert_object = new_pfx.certificate.public_key.to_pem
|
322
|
+
expect(cert_object.to_s).to match(/PUBLIC KEY/)
|
323
|
+
end
|
324
|
+
|
325
|
+
end
|
326
|
+
|
327
|
+
def delete_certificate(cert_name)
|
328
|
+
require "chef/mixin/powershell_exec"
|
329
|
+
extend Chef::Mixin::PowershellExec
|
330
|
+
powershell_code = <<~CODE
|
331
|
+
Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
|
332
|
+
CODE
|
333
|
+
powershell_exec!(powershell_code)
|
334
|
+
end
|
335
|
+
end
|
336
|
+
|
285
337
|
describe Chef::Client do
|
286
338
|
include_context "client"
|
287
339
|
|
@@ -159,12 +159,15 @@ describe Chef::Cookbook::SyntaxCheck do
|
|
159
159
|
end
|
160
160
|
|
161
161
|
describe "and a file has a syntax error" do
|
162
|
+
|
162
163
|
before do
|
163
164
|
cookbook_path = File.join(CHEF_SPEC_DATA, "cookbooks", "borken")
|
164
165
|
syntax_check.cookbook_path.replace(cookbook_path)
|
165
166
|
end
|
166
167
|
|
167
168
|
it "it indicates that a ruby file has a syntax error" do
|
169
|
+
expect(Chef::Log).to receive(:fatal).with("Cookbook file borken/recipes/default.rb has a ruby syntax error.")
|
170
|
+
allow(Chef::Log).to receive(:fatal)
|
168
171
|
expect(syntax_check.validate_ruby_files).to be_falsey
|
169
172
|
end
|
170
173
|
|
data/spec/unit/daemon_spec.rb
CHANGED
@@ -170,11 +170,7 @@ describe Chef::Daemon do
|
|
170
170
|
|
171
171
|
it "should log an appropriate error message and fail miserably" do
|
172
172
|
allow(Process).to receive(:initgroups).and_raise(Errno::EPERM)
|
173
|
-
|
174
|
-
if RUBY_PLATFORM.match("solaris2") || RUBY_PLATFORM.match("aix")
|
175
|
-
error = "Not owner"
|
176
|
-
end
|
177
|
-
expect(Chef::Application).to receive(:fatal!).with("Permission denied when trying to change 999:999 to 501:20. #{error}")
|
173
|
+
expect(Chef::Application).to receive(:fatal!).with(/Permission denied when trying to change 999:999 to 501:20/)
|
178
174
|
Chef::Daemon._change_privilege(testuser)
|
179
175
|
end
|
180
176
|
end
|
@@ -17,11 +17,14 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require "spec_helper"
|
20
|
+
require "chef/exceptions"
|
20
21
|
require "chef/dsl/secret"
|
21
22
|
require "chef/secret_fetcher/base"
|
23
|
+
|
22
24
|
class SecretDSLTester
|
23
25
|
include Chef::DSL::Secret
|
24
|
-
|
26
|
+
|
27
|
+
# Because DSL is invoked in the context of a recipe or attribute file
|
25
28
|
# we expect run_context to always be available when SecretFetcher::Base
|
26
29
|
# requests it - making it safe to mock here
|
27
30
|
def run_context
|
@@ -37,35 +40,136 @@ end
|
|
37
40
|
|
38
41
|
describe Chef::DSL::Secret do
|
39
42
|
let(:dsl) { SecretDSLTester.new }
|
40
|
-
|
41
|
-
|
43
|
+
let(:run_context) { Chef::RunContext.new(Chef::Node.new, {}, Chef::EventDispatch::Dispatcher.new) }
|
44
|
+
|
45
|
+
before do
|
46
|
+
allow(dsl).to receive(:run_context).and_return(run_context)
|
42
47
|
end
|
43
48
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
+
%w{
|
50
|
+
secret
|
51
|
+
default_secret_service
|
52
|
+
default_secret_config
|
53
|
+
with_secret_service
|
54
|
+
with_secret_config
|
55
|
+
}.each do |m|
|
56
|
+
it "responds to ##{m}" do
|
57
|
+
expect(dsl.respond_to?(m)).to eq true
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
describe "#default_secret_service" do
|
62
|
+
let(:service) { :hashi_vault }
|
63
|
+
|
64
|
+
it "persists the service passed in as an argument" do
|
65
|
+
expect(dsl.default_secret_service).to eq(nil)
|
66
|
+
dsl.default_secret_service(service)
|
67
|
+
expect(dsl.default_secret_service).to eq(service)
|
68
|
+
end
|
69
|
+
|
70
|
+
it "returns run_context.default_secret_service value when no argument is given" do
|
71
|
+
run_context.default_secret_service = :my_thing
|
72
|
+
expect(dsl.default_secret_service).to eq(:my_thing)
|
73
|
+
end
|
74
|
+
|
75
|
+
it "raises exception when service given is not valid" do
|
76
|
+
stub_const("Chef::SecretFetcher::SECRET_FETCHERS", %i{service_a service_b})
|
77
|
+
expect { dsl.default_secret_service(:unknown_service) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
|
78
|
+
end
|
49
79
|
end
|
50
80
|
|
51
|
-
|
52
|
-
|
53
|
-
|
81
|
+
describe "#with_secret_config" do
|
82
|
+
let(:service) { :hashi_vault }
|
83
|
+
|
84
|
+
it "sets the service for the scope of the block only" do
|
85
|
+
expect(dsl.default_secret_service).to eq(nil)
|
86
|
+
dsl.with_secret_service(service) do
|
87
|
+
expect(dsl.default_secret_service).to eq(service)
|
88
|
+
end
|
89
|
+
expect(dsl.default_secret_service).to eq(nil)
|
90
|
+
end
|
91
|
+
|
92
|
+
it "raises exception when block is not given" do
|
93
|
+
expect { dsl.with_secret_service(service) }.to raise_error(ArgumentError)
|
94
|
+
end
|
54
95
|
end
|
55
96
|
|
56
|
-
|
57
|
-
let(:
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
97
|
+
describe "#default_secret_config" do
|
98
|
+
let(:config) { { my_key: "value" } }
|
99
|
+
|
100
|
+
it "persists the config passed in as argument" do
|
101
|
+
expect(dsl.default_secret_config).to eq({})
|
102
|
+
dsl.default_secret_config(**config)
|
103
|
+
expect(dsl.default_secret_config).to eq(config)
|
104
|
+
end
|
105
|
+
|
106
|
+
it "returns run_context.default_secret_config value when no argument is given" do
|
107
|
+
run_context.default_secret_config = { my_thing: "that" }
|
108
|
+
expect(dsl.default_secret_config).to eq({ my_thing: "that" })
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
describe "#with_secret_config" do
|
113
|
+
let(:config) { { my_key: "value" } }
|
114
|
+
|
115
|
+
it "sets the config for the scope of the block only" do
|
116
|
+
expect(dsl.default_secret_config).to eq({})
|
117
|
+
dsl.with_secret_config(**config) do
|
118
|
+
expect(dsl.default_secret_config).to eq(config)
|
67
119
|
end
|
68
|
-
expect(
|
120
|
+
expect(dsl.default_secret_config).to eq({})
|
121
|
+
end
|
122
|
+
|
123
|
+
it "raises exception when block is not given" do
|
124
|
+
expect { dsl.with_secret_config(**config) }.to raise_error(ArgumentError)
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
describe "#secret" do
|
129
|
+
it "uses SecretFetcher.for_service to find the fetcher" do
|
130
|
+
substitute_fetcher = SecretFetcherImpl.new({}, nil)
|
131
|
+
expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, run_context).and_return(substitute_fetcher)
|
132
|
+
expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
|
133
|
+
dsl.secret(name: "key1", service: :example, config: {})
|
134
|
+
end
|
135
|
+
|
136
|
+
it "resolves a secret when using the example fetcher" do
|
137
|
+
secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
|
138
|
+
expect(secret_value).to eq "secret value"
|
139
|
+
end
|
140
|
+
|
141
|
+
context "when used within a resource" do
|
142
|
+
let(:run_context) {
|
143
|
+
Chef::RunContext.new(Chef::Node.new,
|
144
|
+
Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
|
145
|
+
Chef::EventDispatch::Dispatcher.new)
|
146
|
+
}
|
147
|
+
|
148
|
+
it "marks that resource as 'sensitive'" do
|
149
|
+
recipe = Chef::Recipe.new("secrets", "test", run_context)
|
150
|
+
recipe.zen_master "secret_test" do
|
151
|
+
peace secret(name: "test1", service: :example, config: { "test1" => true })
|
152
|
+
end
|
153
|
+
expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
it "passes default service to SecretFetcher.for_service" do
|
158
|
+
service = :example
|
159
|
+
dsl.default_secret_service(service)
|
160
|
+
substitute_fetcher = SecretFetcherImpl.new({}, nil)
|
161
|
+
expect(Chef::SecretFetcher).to receive(:for_service).with(service, {}, run_context).and_return(substitute_fetcher)
|
162
|
+
allow(substitute_fetcher).to receive(:fetch).with("key1", nil)
|
163
|
+
dsl.secret(name: "key1")
|
164
|
+
end
|
165
|
+
|
166
|
+
it "passes default config to SecretFetcher.for_service" do
|
167
|
+
config = { my_config: "value" }
|
168
|
+
dsl.default_secret_config(**config)
|
169
|
+
substitute_fetcher = SecretFetcherImpl.new({}, nil)
|
170
|
+
expect(Chef::SecretFetcher).to receive(:for_service).with(:example, config, run_context).and_return(substitute_fetcher)
|
171
|
+
allow(substitute_fetcher).to receive(:fetch).with("key1", nil)
|
172
|
+
dsl.secret(name: "key1", service: :example)
|
69
173
|
end
|
70
174
|
end
|
71
175
|
end
|