chef 17.10.0 → 18.0.185

data/lib/chef/provider/mount/linux.rb

@@ -71,6 +71,11 @@ class Chef
             when /\A#{Regexp.escape(real_mount_point)}\s+#{device_mount_regex}\[/
               mounted = true
               logger.trace("Network device #{device_logstring} mounted as #{real_mount_point}")
+            # Permalink for network device mounted with a space in device name https://rubular.com/r/CK5zWWms96CRES
+            # See the comment in "device_with_space_escape" for an explanation what's going here.
+            when /\A#{Regexp.escape(real_mount_point)}\s+#{device_with_space_escape}\s/
+              mounted = true
+              logger.trace("Network device #{device_logstring} mounted as #{real_mount_point}")
             end
           end
           @current_resource.mounted(mounted)

data/lib/chef/provider/mount/mount.rb

@@ -217,6 +217,14 @@ class Chef
           end
         end
 
+        def device_with_space_escape
+          # For CIFS (and perhaps other remote network mounts) when a space is in the "device name"
+          # It will appear with the space substituted with a special character. However, when mounting,
+          # The mount needs to be done with an actual space. This function provides the device name with
+          # The special character to determine if the device is mounted.
+          device_mount_regex.gsub(" ", "\\x20")
+        end
+
         def device_mount_regex
           if network_device?
             # ignore trailing slash

data/lib/chef/provider/mount/windows.rb

@@ -17,7 +17,7 @@
 #
 
 require_relative "../mount"
-if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
   require_relative "../../util/windows/net_use"
   require_relative "../../util/windows/volume"
 end

data/lib/chef/provider/package/powershell.rb

@@ -56,7 +56,7 @@ class Chef
           names.each_with_index do |name, index|
             cmd = powershell_exec(build_powershell_package_command("Install-Package '#{name}'", versions[index]), timeout: new_resource.timeout)
             next if cmd.nil?
-            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.error)
+            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.error!)
           end
         end
 

data/lib/chef/provider/package/rubygems.rb

@@ -92,7 +92,7 @@ class Chef
           #
           def installed_versions(gem_dep)
             rubygems_version = Gem::Version.new(Gem::VERSION)
-            if rubygems_version >= Gem::Version.new("2.7")
+            if rubygems_version >= Gem::Version.new("3.1")
               # In newer Rubygems, bundler is now a "default gem" which means
               # even with AlternateGemEnvironment when you try to get the
               # installed versions, you get the one from Chef's Ruby's default

data/lib/chef/provider/package/snap.rb

@@ -66,7 +66,7 @@ class Chef
           if new_resource.source
             install_snap_from_source(names, new_resource.source)
           else
-            install_snaps(names)
+            install_snaps(names, versions)
           end
         end
 

data/lib/chef/provider/package/windows/msi.rb

@@ -18,7 +18,7 @@
 
 # TODO: Allow new_resource.source to be a Product Code as a GUID for uninstall / network install
 
-require_relative "../../../win32/api/installer" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+require_relative "../../../win32/api/installer" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
 require_relative "../../../mixin/shell_out"
 
 class Chef
@@ -26,7 +26,7 @@ class Chef
     class Package
       class Windows
         class MSI
-          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
           include Chef::Mixin::ShellOut
 
           def initialize(resource, uninstall_entries)

data/lib/chef/provider/package/windows/registry_uninstall_entry.rb

@@ -18,7 +18,7 @@
 #
 
 module Win32
-  autoload :Registry, File.expand_path("../../../monkey_patches/win32/registry", __dir__) if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+  autoload :Registry, File.expand_path("../../../monkey_patches/win32/registry", __dir__) if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
 end
 
 class Chef

data/lib/chef/provider/package/windows.rb

@@ -38,7 +38,7 @@ class Chef
         def define_resource_requirements
           if new_resource.checksum
             requirements.assert(:install) do |a|
-              a.assertion { new_resource.checksum == checksum(source_location) }
+              a.assertion { checksum_match?(new_resource.checksum, checksum(source_location)) }
               a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})"
             end
           end

data/lib/chef/provider/package/zypper/version.rb

@@ -0,0 +1,60 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Provider
+    class Package
+      class Zypper < Chef::Provider::Package
+
+        # helper class to assist in passing around name/version/arch triples
+        class Version
+          attr_accessor :name
+          attr_accessor :version
+          attr_accessor :arch
+
+          def initialize(name, version, arch)
+            @name    = name
+            @version = version
+            @arch    = arch
+          end
+
+          def to_s
+            "#{name}-#{version}.#{arch}" unless version.nil?
+          end
+
+          def version_with_arch
+            "#{version}.#{arch}" unless version.nil?
+          end
+
+          def name_with_arch
+            "#{name}.#{arch}" unless name.nil?
+          end
+
+          def matches_name_and_arch?(other)
+            other.version == version && other.arch == arch
+          end
+
+          def ==(other)
+            name == other.name && version == other.version && arch == other.arch
+          end
+
+          alias eql? ==
+        end
+      end
+    end
+  end
+end

data/lib/chef/provider/package/zypper.rb

@@ -20,17 +20,28 @@
 
 require_relative "../package"
 require_relative "../../resource/zypper_package"
+require_relative "zypper/version"
 
 class Chef
   class Provider
     class Package
       class Zypper < Chef::Provider::Package
         use_multipackage_api
+        use_package_name_for_source
         allow_nils
 
         provides :package, platform_family: "suse"
         provides :zypper_package
 
+        def define_resource_requirements
+          super
+          requirements.assert(:install, :upgrade) do |a|
+            a.assertion { source_files_exist? }
+            a.failure_message Chef::Exceptions::Package, "#{new_resource} source file(s) do not exist: #{missing_sources}"
+            a.whyrun "Assuming they would have been previously created."
+          end
+        end
+
         def load_current_resource
           @current_resource = Chef::Resource::ZypperPackage.new(new_resource.name)
           current_resource.package_name(new_resource.package_name)
@@ -70,7 +81,35 @@ class Chef
         end
 
         def candidate_version
-          @candidate_version ||= package_name_array.each_with_index.map { |pkg, i| available_version(i) }
+          package_name_array.each_with_index.map do |pkg, i|
+            available_version(i)
+          end
+        end
+
+        # returns true if all sources exist.  Returns false if any do not, or if no
+        # sources were specified.
+        # @return [Boolean] True if all sources exist
+        def source_files_exist?
+          if !new_resource.source.nil?
+            resolved_source_array.all? { |s| s && ::File.exist?(s) }
+          else
+            true
+          end
+        end
+
+        # Helper to return all the names of the missing sources for error messages.
+        # @return [Array<String>] Array of missing sources
+        def missing_sources
+          resolved_source_array.select { |s| s.nil? || !::File.exist?(s) }
+        end
+
+        def resolve_source_to_version
+          shell_out!("rpm -qp --queryformat '%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH}\n' #{new_resource.source}").stdout.each_line do |line|
+            case line
+              when /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/
+                return Version.new($1, "#{$2 == "(none)" ? "0" : $2}:#{$3}-#{$4}", $5)
+            end
+          end
         end
 
         def resolve_current_version(package_name)
@@ -119,7 +158,12 @@ class Chef
 
         def available_version(index)
           @available_version ||= []
-          @available_version[index] ||= resolve_available_version(package_name_array[index], safe_version_array[index])
+
+          @available_version[index] ||= if new_resource.source
+                                          resolve_source_to_version
+                                        else
+                                          resolve_available_version(package_name_array[index], safe_version_array[index])
+                                        end
           @available_version[index]
         end
 
@@ -141,7 +185,7 @@ class Chef
         end
 
         def zypper_package(command, global_options, *options, names, versions)
-          zipped_names = zip(names, versions)
+          zipped_names = new_resource.source || zip(names, versions)
           if zypper_version < 1.0
             shell_out!("zypper", global_options, gpg_checks, command, *options, "-y", names)
           else

data/lib/chef/provider/service/windows.rb

@@ -20,7 +20,7 @@
 
 require_relative "simple"
 require_relative "../../win32_service_constants"
-if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
   require_relative "../../win32/error"
   require "win32/service"
 end

data/lib/chef/provider/user/aix.rb

@@ -23,6 +23,11 @@ class Chef
         provides :user, os: "aix"
         provides :aix_user
 
+        # The ruby-shadow gem is not supported on aix.
+        def supports_ruby_shadow?
+          false
+        end
+
         def create_user
           shell_out!("useradd", universal_options, useradd_options, new_resource.username)
           add_password

data/lib/chef/provider/user/linux.rb

@@ -23,6 +23,27 @@ class Chef
         provides :linux_user
         provides :user, os: "linux"
 
+        def load_current_resource
+          super
+          load_shadow_options
+        end
+
+        def compare_user
+          user_changed = super
+
+          @change_desc ||= []
+
+          %i{expire_date inactive}.each do |user_attrib|
+            new_val = new_resource.send(user_attrib)
+            cur_val = current_resource.send(user_attrib)
+            if !new_val.nil? && new_val.to_s != cur_val.to_s
+              @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+            end
+          end
+
+          user_changed || !@change_desc.empty?
+        end
+
         def create_user
           shell_out!("useradd", universal_options, useradd_options, new_resource.username)
         end
@@ -52,7 +73,9 @@ class Chef
         def universal_options
           opts = []
           opts << "-c" << new_resource.comment if should_set?(:comment)
+          opts << "-e" << new_resource.expire_date if prop_is_set?(:expire_date)
           opts << "-g" << new_resource.gid if should_set?(:gid)
+          opts << "-f" << new_resource.inactive if prop_is_set?(:inactive)
           opts << "-p" << new_resource.password if should_set?(:password)
           opts << "-s" << new_resource.shell if should_set?(:shell)
           opts << "-u" << new_resource.uid if should_set?(:uid)
@@ -116,6 +139,12 @@ class Chef
           # FIXME: should probably go on the current_resource
           @locked
         end
+
+        def prop_is_set?(prop)
+          v = new_resource.send(prop.to_sym)
+
+          !v.nil? && v != ""
+        end
       end
     end
   end

data/lib/chef/provider/user/mac.rb

@@ -48,7 +48,7 @@ class Chef
           if user_plist
             current_resource.uid(user_plist[:uid][0])
             current_resource.gid(user_plist[:gid][0])
-            current_resource.home(user_plist[:home][0])
+            current_resource.home(user_plist[:home]&.first) # use &.first since home can be nil
             current_resource.shell(user_plist[:shell]&.first) # use &.first since shell can be nil
             current_resource.comment(user_plist[:comment][0])
 

data/lib/chef/provider/user.rb

@@ -66,14 +66,23 @@ class Chef
           end
           current_resource.comment(user_info.gecos)
 
-          if new_resource.password && current_resource.password == "x"
-            begin
-              require "shadow"
-            rescue LoadError
-              @shadow_lib_ok = false
-            else
-              shadow_info = Shadow::Passwd.getspnam(new_resource.username)
-              current_resource.password(shadow_info.sp_pwdp)
+          begin
+            require "shadow"
+          rescue LoadError
+            @shadow_lib_ok = false
+          else
+            @shadow_info = Shadow::Passwd.getspnam(new_resource.username)
+            # This conditional remains in place until we can sort out whether we need it.
+            # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues.
+            # Some notes for context:
+            # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c),
+            #    which returns "x" for a nil password. on AIX it returns a "*"
+            #    (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file)
+            # 2. On AIX platforms ruby_shadow does not work as it does not
+            #    store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file.
+            #    The AIX provider for user currently declares it does not support ruby-shadow.
+            if new_resource.password && current_resource.password == "x"
+              current_resource.password(@shadow_info.sp_pwdp)
             end
           end
 
@@ -83,6 +92,27 @@ class Chef
         current_resource
       end
 
+      # An overridable for platforms that do not support ruby shadow. This way we
+      # can verify that the platform supports ruby shadow before requiring that
+      # it be available.
+      def supports_ruby_shadow?
+        true
+      end
+
+      def load_shadow_options
+        unless @shadow_info.nil?
+          current_resource.inactive(@shadow_info.sp_inact&.to_i)
+          # sp_expire gives time since epoch in days till expiration. Need to convert that
+          # to time in seconds since epoch and output date format for comparison
+          expire_date = if @shadow_info.sp_expire.nil?
+                          @shadow_info.sp_expire
+                        else
+                          Time.at(@shadow_info.sp_expire * 60 * 60 * 24).strftime("%Y-%m-%d")
+                        end
+          current_resource.expire_date(expire_date)
+        end
+      end
+
       def define_resource_requirements
         requirements.assert(:create, :modify, :manage, :lock, :unlock) do |a|
           a.assertion { @group_name_resolved }
@@ -90,11 +120,17 @@ class Chef
           a.whyrun "group name #{new_resource.gid} does not exist.  This will cause group assignment to fail.  Assuming this group will have been created previously."
         end
         requirements.assert(:all_actions) do |a|
-          a.assertion { @shadow_lib_ok }
+          a.assertion { !supports_ruby_shadow? || @shadow_lib_ok }
           a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
           a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure.  Assuming that this gem will have been previously installed." \
             "Note that user update converge may report false-positive on the basis of mismatched password. "
         end
+        requirements.assert(:all_actions) do |a|
+          # either neither linux-only value is set, or we need to be on Linux.
+          a.assertion { (!new_resource.expire_date && !new_resource.inactive) || linux? }
+          a.failure_message Chef::Exceptions::User, "Properties expire_date and inactive are not supported by this OS or have not been implemented for this OS yet."
+          a.whyrun "Properties expire_date and inactive are ignored as they are not supported by this OS or have not been implemented yet for this OS"
+        end
         requirements.assert(:modify, :lock, :unlock) do |a|
           a.assertion { @user_exists }
           a.failure_message(Chef::Exceptions::User, "Cannot modify user #{new_resource.username} - does not exist!")

data/lib/chef/provider.rb

@@ -113,7 +113,7 @@ class Chef
       dirname = ::File.dirname(partial)
       basename = ::File.basename(partial, ".rb")
       basename = basename[1..] if basename.start_with?("_")
-      class_eval IO.read(::File.expand_path("#{dirname}/_#{basename}.rb", ::File.dirname(caller_locations.first.absolute_path)))
+      class_eval IO.read(::File.expand_path("#{dirname}/_#{basename}.rb", ::File.dirname(caller_locations.first.path)))
     end
 
     # delegate to the resource

data/lib/chef/recipe.rb

@@ -101,7 +101,7 @@ class Chef
     end
 
     def from_yaml(string)
-      res = ::YAML.safe_load(string)
+      res = ::YAML.safe_load(string, permitted_classes: [Date])
       unless res.is_a?(Hash) && res.key?("resources")
         raise ArgumentError, "YAML recipe '#{source_file}' must contain a top-level 'resources' hash (YAML sequence), i.e. 'resources:'"
       end