chef 17.10.0 → 18.0.185
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -8
- data/README.md +7 -7
- data/Rakefile +5 -24
- data/{chef-universal-mingw32.gemspec → chef-universal-mingw-ucrt.gemspec} +7 -6
- data/chef.gemspec +14 -7
- data/lib/chef/api_client_v1.rb +9 -1
- data/lib/chef/application/exit_code.rb +3 -3
- data/lib/chef/client.rb +167 -0
- data/lib/chef/compliance/input.rb +1 -1
- data/lib/chef/compliance/input_collection.rb +1 -1
- data/lib/chef/compliance/profile.rb +1 -1
- data/lib/chef/compliance/profile_collection.rb +1 -2
- data/lib/chef/compliance/waiver.rb +1 -1
- data/lib/chef/compliance/waiver_collection.rb +1 -1
- data/lib/chef/cookbook/syntax_check.rb +2 -2
- data/lib/chef/dsl/reader_helpers.rb +1 -1
- data/lib/chef/dsl/rest_resource.rb +77 -0
- data/lib/chef/dsl/secret.rb +113 -5
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +8 -0
- data/lib/chef/http/authenticator.rb +170 -3
- data/lib/chef/http/ssl_policies.rb +3 -3
- data/lib/chef/mixin/checksum.rb +6 -0
- data/lib/chef/mixin/powershell_exec.rb +5 -28
- data/lib/chef/mixin/properties.rb +6 -0
- data/lib/chef/node/attribute.rb +20 -3
- data/lib/chef/node/mixin/deep_merge_cache.rb +4 -4
- data/lib/chef/node/mixin/immutablize_array.rb +1 -0
- data/lib/chef/property.rb +5 -3
- data/lib/chef/provider/cron.rb +5 -1
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/http_request.rb +11 -9
- data/lib/chef/provider/mount/linux.rb +5 -0
- data/lib/chef/provider/mount/mount.rb +8 -0
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +1 -1
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/snap.rb +1 -1
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/package/windows.rb +1 -1
- data/lib/chef/provider/package/zypper/version.rb +60 -0
- data/lib/chef/provider/package/zypper.rb +47 -3
- data/lib/chef/provider/service/windows.rb +1 -1
- data/lib/chef/provider/user/aix.rb +5 -0
- data/lib/chef/provider/user/linux.rb +29 -0
- data/lib/chef/provider/user/mac.rb +1 -1
- data/lib/chef/provider/user.rb +45 -9
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource/_rest_resource.rb +389 -0
- data/lib/chef/resource/alternatives.rb +0 -1
- data/lib/chef/resource/apt_package.rb +2 -1
- data/lib/chef/resource/apt_preference.rb +0 -1
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/apt_update.rb +0 -1
- data/lib/chef/resource/archive_file.rb +0 -1
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +0 -1
- data/lib/chef/resource/bff_package.rb +0 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +0 -1
- data/lib/chef/resource/cab_package.rb +0 -1
- data/lib/chef/resource/chef_client_config.rb +17 -14
- data/lib/chef/resource/chef_client_cron.rb +1 -2
- data/lib/chef/resource/chef_client_launchd.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +3 -3
- data/lib/chef/resource/chef_client_systemd_timer.rb +0 -1
- data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +0 -1
- data/lib/chef/resource/chef_handler.rb +0 -1
- data/lib/chef/resource/chef_sleep.rb +1 -3
- data/lib/chef/resource/chef_vault_secret.rb +0 -1
- data/lib/chef/resource/chocolatey_config.rb +0 -1
- data/lib/chef/resource/chocolatey_feature.rb +0 -1
- data/lib/chef/resource/chocolatey_package.rb +0 -1
- data/lib/chef/resource/chocolatey_source.rb +0 -1
- data/lib/chef/resource/cookbook_file.rb +0 -1
- data/lib/chef/resource/cron/_cron_shared.rb +0 -1
- data/lib/chef/resource/cron/cron.rb +0 -1
- data/lib/chef/resource/cron/cron_d.rb +15 -1
- data/lib/chef/resource/cron_access.rb +0 -1
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/directory.rb +0 -1
- data/lib/chef/resource/dmg_package.rb +2 -1
- data/lib/chef/resource/dnf_package.rb +0 -1
- data/lib/chef/resource/dpkg_package.rb +0 -1
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +0 -1
- data/lib/chef/resource/execute.rb +0 -1
- data/lib/chef/resource/file.rb +0 -1
- data/lib/chef/resource/freebsd_package.rb +2 -1
- data/lib/chef/resource/gem_package.rb +2 -1
- data/lib/chef/resource/group.rb +25 -2
- data/lib/chef/resource/habitat/habitat_package.rb +0 -1
- data/lib/chef/resource/habitat/habitat_sup.rb +6 -7
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +1 -1
- data/lib/chef/resource/habitat_config.rb +0 -1
- data/lib/chef/resource/habitat_install.rb +0 -1
- data/lib/chef/resource/habitat_service.rb +0 -1
- data/lib/chef/resource/habitat_user_toml.rb +0 -1
- data/lib/chef/resource/homebrew_cask.rb +0 -1
- data/lib/chef/resource/homebrew_package.rb +2 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -1
- data/lib/chef/resource/homebrew_update.rb +0 -2
- data/lib/chef/resource/hostname.rb +0 -1
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +0 -1
- data/lib/chef/resource/inspec_input.rb +0 -1
- data/lib/chef/resource/inspec_waiver.rb +0 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -3
- data/lib/chef/resource/ips_package.rb +0 -1
- data/lib/chef/resource/kernel_module.rb +0 -1
- data/lib/chef/resource/ksh.rb +0 -1
- data/lib/chef/resource/launchd.rb +0 -1
- data/lib/chef/resource/link.rb +0 -1
- data/lib/chef/resource/locale.rb +1 -2
- data/lib/chef/resource/log.rb +0 -1
- data/lib/chef/resource/lwrp_base.rb +0 -4
- data/lib/chef/resource/macos_userdefaults.rb +0 -1
- data/lib/chef/resource/macosx_service.rb +0 -1
- data/lib/chef/resource/macports_package.rb +2 -1
- data/lib/chef/resource/mdadm.rb +0 -1
- data/lib/chef/resource/mount.rb +0 -1
- data/lib/chef/resource/msu_package.rb +0 -1
- data/lib/chef/resource/notify_group.rb +0 -2
- data/lib/chef/resource/ohai.rb +0 -1
- data/lib/chef/resource/ohai_hint.rb +0 -1
- data/lib/chef/resource/openbsd_package.rb +2 -1
- data/lib/chef/resource/openssl_dhparam.rb +0 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +0 -2
- data/lib/chef/resource/openssl_ec_public_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_public_key.rb +0 -2
- data/lib/chef/resource/openssl_x509_certificate.rb +0 -2
- data/lib/chef/resource/openssl_x509_crl.rb +0 -2
- data/lib/chef/resource/openssl_x509_request.rb +0 -2
- data/lib/chef/resource/osx_profile.rb +0 -1
- data/lib/chef/resource/package.rb +0 -1
- data/lib/chef/resource/pacman_package.rb +2 -1
- data/lib/chef/resource/paludis_package.rb +0 -1
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +7 -3
- data/lib/chef/resource/portage_package.rb +2 -1
- data/lib/chef/resource/powershell_package.rb +0 -1
- data/lib/chef/resource/powershell_package_source.rb +0 -1
- data/lib/chef/resource/powershell_script.rb +0 -1
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +0 -1
- data/lib/chef/resource/remote_directory.rb +0 -1
- data/lib/chef/resource/remote_file.rb +0 -1
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +17 -1
- data/lib/chef/resource/rhsm_repo.rb +0 -1
- data/lib/chef/resource/rhsm_subscription.rb +0 -1
- data/lib/chef/resource/route.rb +0 -1
- data/lib/chef/resource/rpm_package.rb +2 -1
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/ruby_block.rb +0 -1
- data/lib/chef/resource/scm/_scm.rb +0 -2
- data/lib/chef/resource/scm/git.rb +0 -2
- data/lib/chef/resource/scm/subversion.rb +0 -2
- data/lib/chef/resource/script.rb +0 -1
- data/lib/chef/resource/selinux/common_helpers.rb +47 -0
- data/lib/chef/resource/selinux/selinux_debian.erb +18 -0
- data/lib/chef/resource/selinux/selinux_default.erb +15 -0
- data/lib/chef/resource/selinux_boolean.rb +101 -0
- data/lib/chef/resource/selinux_fcontext.rb +160 -0
- data/lib/chef/resource/selinux_install.rb +107 -0
- data/lib/chef/resource/selinux_module.rb +143 -0
- data/lib/chef/resource/selinux_permissive.rb +64 -0
- data/lib/chef/resource/selinux_port.rb +118 -0
- data/lib/chef/resource/selinux_state.rb +166 -0
- data/lib/chef/resource/service.rb +0 -1
- data/lib/chef/resource/smartos_package.rb +2 -1
- data/lib/chef/resource/snap_package.rb +2 -1
- data/lib/chef/resource/solaris_package.rb +2 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +0 -1
- data/lib/chef/resource/sudo.rb +0 -1
- data/lib/chef/resource/support/client.erb +3 -4
- data/lib/chef/resource/swap_file.rb +0 -1
- data/lib/chef/resource/sysctl.rb +1 -2
- data/lib/chef/resource/systemd_unit.rb +0 -1
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +0 -1
- data/lib/chef/resource/user/aix_user.rb +0 -1
- data/lib/chef/resource/user/linux_user.rb +0 -1
- data/lib/chef/resource/user/mac_user.rb +0 -1
- data/lib/chef/resource/user/pw_user.rb +0 -1
- data/lib/chef/resource/user/solaris_user.rb +0 -1
- data/lib/chef/resource/user/windows_user.rb +0 -1
- data/lib/chef/resource/user.rb +10 -1
- data/lib/chef/resource/user_ulimit.rb +0 -1
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +0 -1
- data/lib/chef/resource/windows_ad_join.rb +0 -2
- data/lib/chef/resource/windows_audit_policy.rb +0 -2
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +54 -43
- data/lib/chef/resource/windows_defender.rb +0 -1
- data/lib/chef/resource/windows_defender_exclusion.rb +0 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +0 -1
- data/lib/chef/resource/windows_feature.rb +0 -1
- data/lib/chef/resource/windows_feature_dism.rb +0 -1
- data/lib/chef/resource/windows_feature_powershell.rb +0 -1
- data/lib/chef/resource/windows_firewall_profile.rb +0 -2
- data/lib/chef/resource/windows_firewall_rule.rb +0 -1
- data/lib/chef/resource/windows_font.rb +2 -3
- data/lib/chef/resource/windows_package.rb +3 -4
- data/lib/chef/resource/windows_pagefile.rb +27 -22
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +0 -2
- data/lib/chef/resource/windows_security_policy.rb +0 -1
- data/lib/chef/resource/windows_service.rb +0 -1
- data/lib/chef/resource/windows_share.rb +0 -1
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +0 -1
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_update_settings.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +36 -27
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +2 -1
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource/zypper_package.rb +2 -1
- data/lib/chef/resource/zypper_repository.rb +0 -1
- data/lib/chef/resource.rb +13 -5
- data/lib/chef/resources.rb +7 -0
- data/lib/chef/run_context.rb +19 -3
- data/lib/chef/secret_fetcher/azure_key_vault.rb +3 -3
- data/lib/chef/secret_fetcher/hashi_vault.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/handle.rb +6 -7
- data/lib/chef/win32/registry.rb +7 -3
- data/lib/chef/win32/version.rb +2 -1
- data/spec/data/rubygems.org/sexp_processor-info +2 -1
- data/spec/functional/resource/dsc_script_spec.rb +1 -1
- data/spec/functional/resource/group_spec.rb +10 -6
- data/spec/functional/resource/link_spec.rb +8 -8
- data/spec/functional/resource/plist_spec.rb +25 -0
- data/spec/functional/resource/user/linux_user_spec.rb +127 -0
- data/spec/functional/resource/windows_certificate_spec.rb +15 -12
- data/spec/functional/resource/windows_font_spec.rb +11 -8
- data/spec/functional/resource/windows_pagefile_spec.rb +31 -4
- data/spec/functional/resource/zypper_package_spec.rb +12 -0
- data/spec/functional/shell_spec.rb +7 -2
- data/spec/functional/version_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +82 -3
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +2 -1
- data/spec/integration/solo/solo_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +2 -2
- data/spec/unit/application/client_spec.rb +0 -10
- data/spec/unit/client_spec.rb +54 -2
- data/spec/unit/cookbook/syntax_check_spec.rb +3 -0
- data/spec/unit/daemon_spec.rb +1 -5
- data/spec/unit/dsl/secret_spec.rb +127 -23
- data/spec/unit/http/authenticator_spec.rb +68 -0
- data/spec/unit/mixin/checksum_spec.rb +28 -0
- data/spec/unit/mixin/powershell_exec_spec.rb +5 -5
- data/spec/unit/platform/query_helpers_spec.rb +2 -17
- data/spec/unit/provider/cron_spec.rb +36 -0
- data/spec/unit/provider/http_request_spec.rb +60 -72
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/package/rubygems_spec.rb +2 -2
- data/spec/unit/provider/package/zypper_spec.rb +32 -0
- data/spec/unit/provider/user/linux_spec.rb +96 -1
- data/spec/unit/provider/user_spec.rb +24 -6
- data/spec/unit/resource/archive_file_spec.rb +1 -1
- data/spec/unit/resource/chef_client_config_spec.rb +8 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +5 -0
- data/spec/unit/resource/chef_client_launchd_spec.rb +5 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +5 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +1 -1
- data/spec/unit/resource/cron_d_spec.rb +37 -1
- data/spec/unit/resource/rest_resource_spec.rb +381 -0
- data/spec/unit/resource/selinux_boolean_spec.rb +92 -0
- data/spec/unit/resource/selinux_fcontext_spec.rb +65 -0
- data/spec/unit/resource/selinux_install_spec.rb +60 -0
- data/spec/unit/resource/selinux_module_spec.rb +55 -0
- data/spec/unit/resource/selinux_permissive_spec.rb +39 -0
- data/spec/unit/resource/selinux_port_spec.rb +42 -0
- data/spec/unit/resource/selinux_state_spec.rb +46 -0
- data/spec/unit/resource/sysctl_spec.rb +2 -2
- data/spec/unit/resource/user/linux_user_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +21 -1
- data/spec/unit/run_context_spec.rb +16 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +1 -1
- data/tasks/rspec.rb +1 -1
- metadata +87 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e26d247c5f5a3d647c5fab3090148d07e5714d73f5b51e79ac836ef4abfb8cb
|
4
|
+
data.tar.gz: f31e1d3a651490f209276bf1583310940eaa67391d6879c50704504bdfdfe928
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 860f0b162f5ebbd6d8e40383aeb682df596dc0ac09207d5bb5be807ff5de0359e50f22f603a94e385b95b1c03cf87286c056dfc160a523ced7e6902960ae5b7c
|
7
|
+
data.tar.gz: 8e3c3dc548d6cabd651adb17a150a91dec76c09d1d93a2b3e9561d0ff3abf69ad9301b4368901a1dc2015241cec589da5861a3642e70ce05f0356bd045e10c86
|
data/Gemfile
CHANGED
@@ -2,8 +2,12 @@ source "https://rubygems.org"
|
|
2
2
|
|
3
3
|
gem "chef", path: "."
|
4
4
|
|
5
|
-
gem "ohai", git: "https://github.com/chef/ohai.git", branch: "
|
5
|
+
gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main"
|
6
6
|
|
7
|
+
# Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
|
8
|
+
gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
|
9
|
+
|
10
|
+
gem "ffi", ">= 1.15.5"
|
7
11
|
gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
|
8
12
|
gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
|
9
13
|
|
@@ -15,12 +19,12 @@ else
|
|
15
19
|
gem "chef-bin" # rubocop:disable Bundler/DuplicatedGem
|
16
20
|
end
|
17
21
|
|
18
|
-
gem "cheffish", "
|
22
|
+
gem "cheffish", ">= 17"
|
19
23
|
|
20
24
|
group(:omnibus_package) do
|
21
25
|
gem "appbundler"
|
22
26
|
gem "rb-readline"
|
23
|
-
gem "inspec-core-bin", "
|
27
|
+
gem "inspec-core-bin", ">= 5" # need to provide the binaries for inspec
|
24
28
|
gem "chef-vault"
|
25
29
|
end
|
26
30
|
|
@@ -33,10 +37,13 @@ group(:omnibus_package, :pry) do
|
|
33
37
|
gem "pry-stack_explorer"
|
34
38
|
end
|
35
39
|
|
40
|
+
# proxifier gem is busted on ruby 3.1 and seems abandoned so use git fork of gem
|
41
|
+
gem "proxifier", git: "https://github.com/chef/ruby-proxifier", branch: "lcg/ruby-3"
|
42
|
+
|
36
43
|
# Everything except AIX and Windows
|
37
44
|
group(:ruby_shadow) do
|
38
45
|
# if ruby-shadow does a release that supports ruby-3.0 this can be removed
|
39
|
-
gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby
|
46
|
+
gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby unless RUBY_PLATFORM == "x64-mingw-ucrt"
|
40
47
|
end
|
41
48
|
|
42
49
|
# deps that cannot be put in the knife gem because they require a compiler and fail on windows nodes
|
@@ -51,10 +58,11 @@ group(:development, :test) do
|
|
51
58
|
gem "fauxhai-ng" # for chef-utils gem
|
52
59
|
end
|
53
60
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
61
|
+
gem "chefstyle"
|
62
|
+
# group(:chefstyle) do
|
63
|
+
# # for testing new chefstyle rules
|
64
|
+
# gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "main"
|
65
|
+
# end
|
58
66
|
|
59
67
|
instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]
|
60
68
|
|
data/README.md
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
# Chef Infra
|
2
2
|
[![Code Climate](https://codeclimate.com/github/chef/chef.svg)](https://codeclimate.com/github/chef/chef)
|
3
|
-
[![Build Status](https://badge.buildkite.com/c82093430ceec7d27af05febb9dcafe3aa331fff9d74c0ab9d.svg?branch=
|
3
|
+
[![Build Status](https://badge.buildkite.com/c82093430ceec7d27af05febb9dcafe3aa331fff9d74c0ab9d.svg?branch=main)](https://buildkite.com/chef-oss/chef-chef-main-verify)
|
4
4
|
[![Gem Version](https://badge.fury.io/rb/chef.svg)](https://badge.fury.io/rb/chef)
|
5
|
-
[![](https://img.shields.io/badge/Release%20Policy-Cadence%20Release-brightgreen.svg)](https://github.com/chef/chef/blob/
|
5
|
+
[![](https://img.shields.io/badge/Release%20Policy-Cadence%20Release-brightgreen.svg)](https://github.com/chef/chef/blob/main/docs/dev/design_documents/client_release_cadence.md)
|
6
6
|
|
7
|
-
**Umbrella Project**: [Chef Infra](https://github.com/chef/chef-oss-practices/blob/
|
7
|
+
**Umbrella Project**: [Chef Infra](https://github.com/chef/chef-oss-practices/blob/main/projects/chef-infra.md)
|
8
8
|
|
9
|
-
**Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/
|
9
|
+
**Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md#active)
|
10
10
|
|
11
|
-
**Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/
|
11
|
+
**Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md)**: 14 days
|
12
12
|
|
13
|
-
**Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/
|
13
|
+
**Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md)**: 14 days
|
14
14
|
|
15
15
|
## Getting Started
|
16
16
|
|
@@ -23,7 +23,7 @@ For Chef Infra usage, please refer to [Learn Chef](https://learn.chef.io/), our
|
|
23
23
|
Other useful resources for Chef Infra users:
|
24
24
|
|
25
25
|
- Documentation: <https://docs.chef.io/>
|
26
|
-
- Source: <https://github.com/chef/chef/tree/
|
26
|
+
- Source: <https://github.com/chef/chef/tree/main>
|
27
27
|
- Tickets/Issues: <https://github.com/chef/chef/issues>
|
28
28
|
- Slack: [Chef Community Slack](https://community-slack.chef.io/)
|
29
29
|
- Mailing list/Forum: <https://discourse.chef.io>
|
data/Rakefile
CHANGED
@@ -40,7 +40,7 @@ namespace :pre_install do
|
|
40
40
|
%w{chef-utils chef-config}.each do |gem|
|
41
41
|
path = ::File.join(::File.dirname(__FILE__), gem)
|
42
42
|
Dir.chdir(path) do
|
43
|
-
|
43
|
+
system "rake install"
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
@@ -61,16 +61,16 @@ end
|
|
61
61
|
|
62
62
|
# hack in all the preinstall tasks to occur before the traditional install task
|
63
63
|
task install: "pre_install:all"
|
64
|
-
|
65
64
|
# make sure we build the correct gemspec on windows
|
66
|
-
gemspec = Gem.win_platform? ? "chef-universal-
|
65
|
+
gemspec = Gem.win_platform? ? "chef-universal-mingw-ucrt" : "chef"
|
66
|
+
|
67
67
|
Bundler::GemHelper.install_tasks name: gemspec
|
68
68
|
|
69
69
|
# this gets appended to the normal bundler install helper
|
70
70
|
task :install do
|
71
71
|
chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
|
72
72
|
Dir.chdir(chef_bin_path) do
|
73
|
-
|
73
|
+
system "rake install:force"
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
@@ -80,7 +80,7 @@ namespace :install do
|
|
80
80
|
task :local do
|
81
81
|
chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
|
82
82
|
Dir.chdir(chef_bin_path) do
|
83
|
-
|
83
|
+
system "rake install:local"
|
84
84
|
end
|
85
85
|
end
|
86
86
|
end
|
@@ -99,25 +99,6 @@ task :register_eventlog do
|
|
99
99
|
end
|
100
100
|
end
|
101
101
|
|
102
|
-
desc "Copies powershell_exec related binaries from the latest built Habitat Packages"
|
103
|
-
task :update_chef_exec_dll do
|
104
|
-
raise "This task must be run on Windows since we are installing a Windows targeted package!" unless Gem.win_platform?
|
105
|
-
|
106
|
-
require "mkmf"
|
107
|
-
raise "Unable to locate Habitat cli. Please install Habitat cli before invoking this task!" unless find_executable "hab"
|
108
|
-
|
109
|
-
sh("hab pkg install chef/chef-powershell-shim")
|
110
|
-
sh("hab pkg install chef/chef-powershell-shim-x86")
|
111
|
-
x64 = `hab pkg path chef/chef-powershell-shim`.chomp.tr("\\", "/")
|
112
|
-
x86 = `hab pkg path chef/chef-powershell-shim-x86`.chomp.tr("\\", "/")
|
113
|
-
FileUtils.rm_rf(Dir["distro/ruby_bin_folder/AMD64/*"])
|
114
|
-
FileUtils.rm_rf(Dir["distro/ruby_bin_folder/x86/*"])
|
115
|
-
puts "Copying #{x64}/bin/* to distro/ruby_bin_folder/AMD64"
|
116
|
-
FileUtils.cp_r(Dir["#{x64}/bin/*"], "distro/ruby_bin_folder/AMD64")
|
117
|
-
puts "Copying #{x86}/bin/* to distro/ruby_bin_folder/x86"
|
118
|
-
FileUtils.cp_r(Dir["#{x86}/bin/*"], "distro/ruby_bin_folder/x86")
|
119
|
-
end
|
120
|
-
|
121
102
|
begin
|
122
103
|
require "chefstyle"
|
123
104
|
require "rubocop/rake_task"
|
@@ -1,8 +1,8 @@
|
|
1
|
-
gemspec =
|
1
|
+
gemspec = instance_eval(File.read(File.expand_path("chef.gemspec", __dir__)))
|
2
2
|
|
3
|
-
gemspec.platform = Gem::Platform.new(%w{
|
3
|
+
gemspec.platform = Gem::Platform.new(%w{x64-mingw-ucrt})
|
4
4
|
|
5
|
-
gemspec.add_dependency "win32-api", "~> 1.
|
5
|
+
gemspec.add_dependency "win32-api", "~> 1.10.0"
|
6
6
|
gemspec.add_dependency "win32-event", "~> 0.6.1"
|
7
7
|
# TODO: Relax this pin and make the necessary updaets. The issue originally
|
8
8
|
# leading to this pin has been fixed in 0.6.5.
|
@@ -14,9 +14,10 @@ gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
|
|
14
14
|
gemspec.add_dependency "wmi-lite", "~> 1.0"
|
15
15
|
gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
|
16
16
|
gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
|
17
|
-
gemspec.add_dependency "win32-certstore", "~> 0.6.
|
18
|
-
gemspec.add_dependency "chef-powershell", "~> 1.0.12" #
|
17
|
+
gemspec.add_dependency "win32-certstore", "~> 0.6.15" # 0.5+ required for specifying user vs. system store
|
18
|
+
gemspec.add_dependency "chef-powershell", "~> 1.0.12" # The guts of the powershell_exec code have been moved to its own gem, chef-powershell. It's part of the chef-powershell-shim repo.
|
19
|
+
|
19
20
|
gemspec.extensions << "ext/win32-eventlog/Rakefile"
|
20
21
|
gemspec.files += Dir.glob("{distro,ext}/**/*")
|
21
22
|
|
22
|
-
gemspec
|
23
|
+
gemspec
|
data/chef.gemspec
CHANGED
@@ -22,12 +22,17 @@ Gem::Specification.new do |s|
|
|
22
22
|
s.email = "adam@chef.io"
|
23
23
|
s.homepage = "https://www.chef.io"
|
24
24
|
|
25
|
-
|
25
|
+
if RUBY_PLATFORM =~ /aix/
|
26
|
+
s.required_ruby_version = ">= 3.0.3"
|
27
|
+
else
|
28
|
+
s.required_ruby_version = ">= 3.1.0"
|
29
|
+
end
|
26
30
|
|
27
31
|
s.add_dependency "chef-config", "= #{Chef::VERSION}"
|
28
32
|
s.add_dependency "chef-utils", "= #{Chef::VERSION}"
|
29
|
-
s.add_dependency "train-core", "~> 3.
|
33
|
+
s.add_dependency "train-core", "~> 3.10" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
|
30
34
|
s.add_dependency "train-winrm", ">= 0.2.5"
|
35
|
+
s.add_dependency "train-rest", ">= 0.4.1" # target mode with rest APIs
|
31
36
|
|
32
37
|
s.add_dependency "license-acceptance", ">= 1.0.5", "< 3"
|
33
38
|
s.add_dependency "mixlib-cli", ">= 2.1.1", "< 3.0"
|
@@ -35,12 +40,13 @@ Gem::Specification.new do |s|
|
|
35
40
|
s.add_dependency "mixlib-authentication", ">= 2.1", "< 4"
|
36
41
|
s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
|
37
42
|
s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
|
38
|
-
s.add_dependency "ohai", "~>
|
39
|
-
s.add_dependency "inspec-core", "
|
43
|
+
s.add_dependency "ohai", "~> 18.0"
|
44
|
+
s.add_dependency "inspec-core", ">= 5"
|
40
45
|
|
41
|
-
s.add_dependency "ffi", ">= 1.5
|
46
|
+
s.add_dependency "ffi", ">= 1.15.5"
|
42
47
|
s.add_dependency "ffi-yajl", "~> 2.2"
|
43
|
-
s.add_dependency "net-sftp", ">= 2.1.2", "<
|
48
|
+
s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
|
49
|
+
s.add_dependency "net-ftp" # remote_file resource
|
44
50
|
s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
|
45
51
|
s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
|
46
52
|
s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
|
@@ -52,6 +58,7 @@ Gem::Specification.new do |s|
|
|
52
58
|
s.add_dependency "addressable"
|
53
59
|
s.add_dependency "syslog-logger", "~> 1.6"
|
54
60
|
s.add_dependency "uuidtools", ">= 2.1.5", "< 3.0" # osx_profile resource
|
61
|
+
s.add_dependency "unf_ext", ">= 0.0.8.2" # This is ruby31 compatible ucrt gem version
|
55
62
|
s.add_dependency "corefoundation", "~> 0.3.4" # macos_userdefaults resource
|
56
63
|
|
57
64
|
s.add_dependency "proxifier", "~> 1.0"
|
@@ -70,7 +77,7 @@ Gem::Specification.new do |s|
|
|
70
77
|
|
71
78
|
s.metadata = {
|
72
79
|
"bug_tracker_uri" => "https://github.com/chef/chef/issues",
|
73
|
-
"changelog_uri" => "https://github.com/chef/chef/blob/
|
80
|
+
"changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md",
|
74
81
|
"documentation_uri" => "https://docs.chef.io/",
|
75
82
|
"homepage_uri" => "https://www.chef.io",
|
76
83
|
"mailing_list_uri" => "https://discourse.chef.io/",
|
data/lib/chef/api_client_v1.rb
CHANGED
@@ -64,6 +64,10 @@ class Chef
|
|
64
64
|
@chef_rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { api_version: "1", inflate_json_class: false })
|
65
65
|
end
|
66
66
|
|
67
|
+
def chef_rest_v1_with_validator
|
68
|
+
@chef_rest_v1_with_validator ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { client_name: Chef::Config[:validation_client_name], signing_key_filename: Chef::Config[:validation_key], api_version: "1", inflate_json_class: false })
|
69
|
+
end
|
70
|
+
|
67
71
|
def self.http_api
|
68
72
|
Chef::ServerAPI.new(Chef::Config[:chef_server_url], { api_version: "1", inflate_json_class: false })
|
69
73
|
end
|
@@ -293,7 +297,11 @@ class Chef
|
|
293
297
|
payload[:public_key] = public_key unless public_key.nil?
|
294
298
|
payload[:create_key] = create_key unless create_key.nil?
|
295
299
|
|
296
|
-
new_client =
|
300
|
+
new_client = if Chef::Config[:migrate_key_to_keystore] == true
|
301
|
+
chef_rest_v1_with_validator.post("clients", payload)
|
302
|
+
else
|
303
|
+
chef_rest_v1.post("clients", payload)
|
304
|
+
end
|
297
305
|
|
298
306
|
# get the private_key out of the chef_key hash if it exists
|
299
307
|
if new_client["chef_key"]
|
@@ -19,8 +19,8 @@
|
|
19
19
|
class Chef
|
20
20
|
class Application
|
21
21
|
|
22
|
-
# These are the exit codes defined in
|
23
|
-
# https://github.com/chef/chef
|
22
|
+
# These are the exit codes defined in the exit codes design document
|
23
|
+
# https://github.com/chef/chef/blob/main/docs/dev/design_documents/client_exit_codes.md
|
24
24
|
class ExitCode
|
25
25
|
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
26
26
|
|
@@ -140,7 +140,7 @@ class Chef
|
|
140
140
|
|
141
141
|
def non_standard_exit_code_warning(exit_code)
|
142
142
|
"#{ChefUtils::Dist::Infra::CLIENT} attempted to exit with a non-standard exit code of #{exit_code}." \
|
143
|
-
" The #{ChefUtils::Dist::Infra::PRODUCT} Exit Codes design document (https://github.com/chef/chef
|
143
|
+
" The #{ChefUtils::Dist::Infra::PRODUCT} Exit Codes design document (https://github.com/chef/chef/blob/main/docs/dev/design_documents/client_exit_codes.md)" \
|
144
144
|
" defines the exit codes that should be used with #{ChefUtils::Dist::Infra::CLIENT}. Chef::Application::ExitCode defines" \
|
145
145
|
" valid exit codes Non-standard exit codes are redefined as GENERIC_FAILURE."
|
146
146
|
end
|
data/lib/chef/client.rb
CHANGED
@@ -64,6 +64,10 @@ class Chef
|
|
64
64
|
# The main object in a Chef run. Preps a Chef::Node and Chef::RunContext,
|
65
65
|
# syncs cookbooks if necessary, and triggers convergence.
|
66
66
|
class Client
|
67
|
+
CRYPT_EXPORTABLE = 0x00000001
|
68
|
+
|
69
|
+
attr_reader :local_context
|
70
|
+
|
67
71
|
extend Chef::Mixin::Deprecation
|
68
72
|
|
69
73
|
extend Forwardable
|
@@ -640,6 +644,16 @@ class Chef
|
|
640
644
|
if !config[:client_key]
|
641
645
|
events.skipping_registration(client_name, config)
|
642
646
|
logger.trace("Client key is unspecified - skipping registration")
|
647
|
+
elsif ::Chef::Config[:migrate_key_to_keystore] == true && ChefUtils.windows?
|
648
|
+
cert_name = "chef-#{client_name}"
|
649
|
+
result = check_certstore_for_key(cert_name)
|
650
|
+
if result.rassoc("#{cert_name}")
|
651
|
+
logger.trace("Client key #{config[:client_key]} is present in Certificate Store - skipping registration")
|
652
|
+
else
|
653
|
+
create_new_key_and_register(cert_name)
|
654
|
+
logger.trace("New client keys created in the Certificate Store - skipping registration")
|
655
|
+
end
|
656
|
+
events.skipping_registration(client_name, config)
|
643
657
|
elsif File.exists?(config[:client_key])
|
644
658
|
events.skipping_registration(client_name, config)
|
645
659
|
logger.trace("Client key #{config[:client_key]} is present - skipping registration")
|
@@ -658,6 +672,158 @@ class Chef
|
|
658
672
|
raise
|
659
673
|
end
|
660
674
|
|
675
|
+
# In the brave new world of No Certs On Disk, we want to put the pem file into Keychain or the Certstore
|
676
|
+
# But is it already there?
|
677
|
+
def check_certstore_for_key(cert_name)
|
678
|
+
require "win32-certstore"
|
679
|
+
win32certstore = ::Win32::Certstore.open("MY")
|
680
|
+
win32certstore.search("#{cert_name}")
|
681
|
+
end
|
682
|
+
|
683
|
+
def generate_pfx_package(cert_name, date)
|
684
|
+
self.class.generate_pfx_package(cert_name, date)
|
685
|
+
end
|
686
|
+
|
687
|
+
def self.generate_pfx_package(cert_name, date)
|
688
|
+
require "openssl" unless defined?(OpenSSL)
|
689
|
+
|
690
|
+
key = OpenSSL::PKey::RSA.new(2048)
|
691
|
+
public_key = key.public_key
|
692
|
+
|
693
|
+
subject = "CN=#{cert_name}"
|
694
|
+
|
695
|
+
cert = OpenSSL::X509::Certificate.new
|
696
|
+
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
|
697
|
+
cert.not_before = Time.now
|
698
|
+
cert.not_after = Time.parse(date)
|
699
|
+
cert.public_key = public_key
|
700
|
+
cert.serial = 0x0
|
701
|
+
cert.version = 2
|
702
|
+
|
703
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
704
|
+
ef.subject_certificate = cert
|
705
|
+
ef.issuer_certificate = cert
|
706
|
+
cert.extensions = [
|
707
|
+
ef.create_extension("subjectKeyIdentifier", "hash"),
|
708
|
+
ef.create_extension("keyUsage", "digitalSignature,keyEncipherment", true),
|
709
|
+
]
|
710
|
+
cert.add_extension(ef.create_ext_from_string("extendedKeyUsage=critical,serverAuth,clientAuth"))
|
711
|
+
|
712
|
+
cert.sign key, OpenSSL::Digest.new("SHA256")
|
713
|
+
password = ::Chef::HTTP::Authenticator.get_cert_password
|
714
|
+
pfx = OpenSSL::PKCS12.create(password, subject, key, cert)
|
715
|
+
pfx
|
716
|
+
end
|
717
|
+
|
718
|
+
def update_key_and_register(cert_name)
|
719
|
+
self.class.update_key_and_register(cert_name)
|
720
|
+
end
|
721
|
+
|
722
|
+
def self.update_key_and_register(cert_name, expiring_cert = nil)
|
723
|
+
# Chef client and node objects exist on Chef Server already
|
724
|
+
# Create a new public/private keypair in secure storage
|
725
|
+
# and register the new public cert with Chef Server
|
726
|
+
require "time" unless defined?(Time)
|
727
|
+
autoload :URI, "uri"
|
728
|
+
|
729
|
+
node = Chef::Config[:node_name]
|
730
|
+
end_date = Time.new + (3600 * 24 * 90)
|
731
|
+
end_date = end_date.utc.iso8601
|
732
|
+
|
733
|
+
new_cert_name = Time.now.utc.iso8601
|
734
|
+
payload = {
|
735
|
+
name: new_cert_name,
|
736
|
+
clientname: node,
|
737
|
+
public_key: "",
|
738
|
+
expiration_date: end_date,
|
739
|
+
}
|
740
|
+
|
741
|
+
new_pfx = generate_pfx_package(cert_name, end_date)
|
742
|
+
payload[:public_key] = new_pfx.certificate.public_key.to_pem
|
743
|
+
base_url = "#{Chef::Config[:chef_server_url]}"
|
744
|
+
|
745
|
+
@tmpdir = Dir.mktmpdir
|
746
|
+
file_path = File.join(@tmpdir, "#{node}.pem")
|
747
|
+
|
748
|
+
# The pfx files expire every 90 days.
|
749
|
+
# We check them in /http/authenticator to see if they are expiring when we extract the private key
|
750
|
+
# If they are, we come here to update Chef Server with a new public key
|
751
|
+
if expiring_cert
|
752
|
+
File.open(file_path, "w") { |f| f.write expiring_cert.key.to_pem }
|
753
|
+
signing_cert = file_path
|
754
|
+
client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:node_name], signing_key_filename: signing_cert )
|
755
|
+
File.delete(file_path)
|
756
|
+
else
|
757
|
+
client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:node_name], signing_key_filename: Chef::Config[:client_key] )
|
758
|
+
end
|
759
|
+
|
760
|
+
# Get the list of keys for this client
|
761
|
+
# Then add the new key we just created
|
762
|
+
# Then we delete the old one.
|
763
|
+
cert_list = client.get(base_url + "/clients/#{node}/keys")
|
764
|
+
client.post(base_url + "/clients/#{node}/keys", payload)
|
765
|
+
|
766
|
+
# We want to remove the old key for various reasons
|
767
|
+
# In the case where more than 1 certificate is returned we assume
|
768
|
+
# there is some special condition applied to the client so we won't delete the old
|
769
|
+
# certificates
|
770
|
+
if cert_list.count < 2
|
771
|
+
cert_hash = cert_list.reduce({}, :merge!)
|
772
|
+
old_cert_name = cert_hash["name"]
|
773
|
+
new_key = new_pfx.key.to_pem
|
774
|
+
File.open(file_path, "w") { |f| f.write new_key }
|
775
|
+
client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:node_name], signing_key_filename: file_path)
|
776
|
+
client.delete(base_url + "/clients/#{node}/keys/#{old_cert_name}")
|
777
|
+
File.delete(file_path)
|
778
|
+
end
|
779
|
+
import_pfx_to_store(new_pfx)
|
780
|
+
end
|
781
|
+
|
782
|
+
def create_new_key_and_register(cert_name)
|
783
|
+
require "time" unless defined?(Time)
|
784
|
+
autoload :URI, "uri"
|
785
|
+
|
786
|
+
# KeyMigration.instance.key_migrated = true
|
787
|
+
|
788
|
+
node = Chef::Config[:node_name]
|
789
|
+
d = Time.now
|
790
|
+
if d.month == 10 || d.month == 11 || d.month == 12
|
791
|
+
end_date = Time.new(d.year + 1, d.month - 9, d.day, d.hour, d.min, d.sec).utc.iso8601
|
792
|
+
else
|
793
|
+
end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
|
794
|
+
end
|
795
|
+
|
796
|
+
payload = {
|
797
|
+
name: node,
|
798
|
+
clientname: node,
|
799
|
+
public_key: "",
|
800
|
+
expiration_date: end_date,
|
801
|
+
}
|
802
|
+
|
803
|
+
new_pfx = generate_pfx_package(cert_name, end_date)
|
804
|
+
payload[:public_key] = new_pfx.certificate.public_key.to_pem
|
805
|
+
base_url = "#{Chef::Config[:chef_server_url]}"
|
806
|
+
client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:validation_client_name], signing_key_filename: Chef::Config[:validation_key])
|
807
|
+
client.post(base_url + "/clients", payload)
|
808
|
+
Chef::Log.trace("Updated client data: #{client.inspect}")
|
809
|
+
import_pfx_to_store(new_pfx)
|
810
|
+
end
|
811
|
+
|
812
|
+
def import_pfx_to_store(new_pfx)
|
813
|
+
self.class.import_pfx_to_store(new_pfx)
|
814
|
+
end
|
815
|
+
|
816
|
+
def self.import_pfx_to_store(new_pfx)
|
817
|
+
password = ::Chef::HTTP::Authenticator.get_cert_password
|
818
|
+
require "win32-certstore"
|
819
|
+
tempfile = Tempfile.new("#{Chef::Config[:node_name]}.pfx")
|
820
|
+
File.open(tempfile, "wb") { |f| f.print new_pfx.to_der }
|
821
|
+
|
822
|
+
store = ::Win32::Certstore.open("MY")
|
823
|
+
store.add_pfx(tempfile, password, CRYPT_EXPORTABLE)
|
824
|
+
tempfile.unlink
|
825
|
+
end
|
826
|
+
|
661
827
|
#
|
662
828
|
# Converges all compiled resources.
|
663
829
|
#
|
@@ -922,3 +1088,4 @@ end
|
|
922
1088
|
require_relative "cookbook_loader"
|
923
1089
|
require_relative "cookbook_version"
|
924
1090
|
require_relative "cookbook/synchronizer"
|
1091
|
+
|
@@ -101,7 +101,7 @@ class Chef
|
|
101
101
|
# and cookbook_name are required this is probably not externally useful.
|
102
102
|
#
|
103
103
|
def self.from_yaml(events, string, path = nil, cookbook_name = nil)
|
104
|
-
from_hash(events, YAML.
|
104
|
+
from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
|
105
105
|
end
|
106
106
|
|
107
107
|
# @param filename [String] full path to the yml file in the cookbook
|
@@ -40,7 +40,7 @@ class Chef
|
|
40
40
|
def from_file(filename, cookbook_name)
|
41
41
|
new_input = Input.from_file(events, filename, cookbook_name)
|
42
42
|
self << new_input
|
43
|
-
events
|
43
|
+
events&.compliance_input_loaded(new_input)
|
44
44
|
end
|
45
45
|
|
46
46
|
# Add a input from a raw hash. This input will be enabled by default.
|
@@ -108,7 +108,7 @@ class Chef
|
|
108
108
|
# and cookbook_name are required this is probably not externally useful.
|
109
109
|
#
|
110
110
|
def self.from_yaml(events, string, path, cookbook_name)
|
111
|
-
from_hash(events, YAML.
|
111
|
+
from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
|
112
112
|
end
|
113
113
|
|
114
114
|
# @param filename [String] full path to the inspec.yml file in the cookbook
|
@@ -41,11 +41,10 @@ class Chef
|
|
41
41
|
def from_file(path, cookbook_name)
|
42
42
|
new_profile = Profile.from_file(events, path, cookbook_name)
|
43
43
|
self << new_profile
|
44
|
-
events
|
44
|
+
events&.compliance_profile_loaded(new_profile)
|
45
45
|
end
|
46
46
|
|
47
47
|
# @return [Boolean] if any of the profiles are enabled
|
48
|
-
#
|
49
48
|
def using_profiles?
|
50
49
|
any?(&:enabled?)
|
51
50
|
end
|
@@ -101,7 +101,7 @@ class Chef
|
|
101
101
|
# and cookbook_name are required this is probably not externally useful.
|
102
102
|
#
|
103
103
|
def self.from_yaml(events, string, path = nil, cookbook_name = nil)
|
104
|
-
from_hash(events, YAML.
|
104
|
+
from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
|
105
105
|
end
|
106
106
|
|
107
107
|
# @param filename [String] full path to the yml file in the cookbook
|
@@ -40,7 +40,7 @@ class Chef
|
|
40
40
|
def from_file(filename, cookbook_name)
|
41
41
|
new_waiver = Waiver.from_file(events, filename, cookbook_name)
|
42
42
|
self << new_waiver
|
43
|
-
events
|
43
|
+
events&.compliance_waiver_loaded(new_waiver)
|
44
44
|
end
|
45
45
|
|
46
46
|
# Add a waiver from a raw hash. This waiver will be enabled by default.
|
@@ -248,8 +248,8 @@ class Chef
|
|
248
248
|
# Debugs ruby syntax errors by printing the path to the file and any
|
249
249
|
# diagnostic info given in +error_message+
|
250
250
|
def invalid_ruby_file(ruby_file, error_message)
|
251
|
-
file_relative_path = ruby_file[
|
252
|
-
Chef::Log.fatal("Cookbook file #{file_relative_path} has a ruby syntax error
|
251
|
+
file_relative_path = ruby_file[ruby_file.index(cookbook_path.split("/").last), ruby_file.length]
|
252
|
+
Chef::Log.fatal("Cookbook file #{file_relative_path} has a ruby syntax error.")
|
253
253
|
error_message.each_line { |l| Chef::Log.fatal(l.chomp) }
|
254
254
|
false
|
255
255
|
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright 2008-2016, Chef, Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "chef/constants" unless defined?(NOT_PASSED)
|
19
|
+
|
20
|
+
class Chef
|
21
|
+
module DSL
|
22
|
+
module RestResource
|
23
|
+
def rest_property_map(rest_property_map = NOT_PASSED)
|
24
|
+
if rest_property_map != NOT_PASSED
|
25
|
+
rest_property_map = rest_property_map.to_h { |k| [k.to_sym, k] } if rest_property_map.is_a? Array
|
26
|
+
|
27
|
+
@rest_property_map = rest_property_map
|
28
|
+
end
|
29
|
+
@rest_property_map
|
30
|
+
end
|
31
|
+
|
32
|
+
# URL to collection
|
33
|
+
def rest_api_collection(rest_api_collection = NOT_PASSED)
|
34
|
+
if rest_api_collection != NOT_PASSED
|
35
|
+
raise ArgumentError, "You must pass an absolute path to rest_api_collection" unless rest_api_collection.start_with? "/"
|
36
|
+
|
37
|
+
@rest_api_collection = rest_api_collection
|
38
|
+
end
|
39
|
+
|
40
|
+
@rest_api_collection
|
41
|
+
end
|
42
|
+
|
43
|
+
# RFC6570-Templated URL to document
|
44
|
+
def rest_api_document(rest_api_document = NOT_PASSED, first_element_only: false)
|
45
|
+
if rest_api_document != NOT_PASSED
|
46
|
+
raise ArgumentError, "You must pass an absolute path to rest_api_document" unless rest_api_document.start_with? "/"
|
47
|
+
|
48
|
+
@rest_api_document = rest_api_document
|
49
|
+
@rest_api_document_first_element_only = first_element_only
|
50
|
+
end
|
51
|
+
@rest_api_document
|
52
|
+
end
|
53
|
+
|
54
|
+
# Explicit REST document identity mapping
|
55
|
+
def rest_identity_map(rest_identity_map = NOT_PASSED)
|
56
|
+
@rest_identity_map = rest_identity_map if rest_identity_map != NOT_PASSED
|
57
|
+
@rest_identity_map
|
58
|
+
end
|
59
|
+
|
60
|
+
# Mark up properties for POST only, not PATCH/PUT
|
61
|
+
def rest_post_only_properties(rest_post_only_properties = NOT_PASSED)
|
62
|
+
if rest_post_only_properties != NOT_PASSED
|
63
|
+
@rest_post_only_properties = Array(rest_post_only_properties).map(&:to_sym)
|
64
|
+
end
|
65
|
+
@rest_post_only_properties || []
|
66
|
+
end
|
67
|
+
|
68
|
+
def rest_api_document_first_element_only(rest_api_document_first_element_only = NOT_PASSED)
|
69
|
+
if rest_api_document_first_element_only != NOT_PASSED
|
70
|
+
@rest_api_document_first_element_only = rest_api_document_first_element_only
|
71
|
+
end
|
72
|
+
@rest_api_document_first_element_only
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|