chef 17.10.163 → 18.0.169

Sign up to get free protection for your applications and to get access to all the features.
Files changed (330) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +19 -20
  3. data/README.md +7 -7
  4. data/Rakefile +3 -22
  5. data/{chef-universal-mingw32.gemspec → chef-universal-mingw-ucrt.gemspec} +8 -7
  6. data/chef.gemspec +17 -15
  7. data/lib/chef/api_client_v1.rb +9 -1
  8. data/lib/chef/application/exit_code.rb +3 -3
  9. data/lib/chef/client.rb +182 -0
  10. data/lib/chef/compliance/input.rb +1 -1
  11. data/lib/chef/compliance/profile.rb +1 -1
  12. data/lib/chef/compliance/profile_collection.rb +0 -1
  13. data/lib/chef/compliance/waiver.rb +1 -1
  14. data/lib/chef/cookbook/syntax_check.rb +2 -2
  15. data/lib/chef/dsl/reader_helpers.rb +1 -1
  16. data/lib/chef/dsl/rest_resource.rb +77 -0
  17. data/lib/chef/event_dispatch/base.rb +3 -0
  18. data/lib/chef/exceptions.rb +8 -0
  19. data/lib/chef/http/authenticator.rb +170 -3
  20. data/lib/chef/http/ssl_policies.rb +4 -4
  21. data/lib/chef/mixin/checksum.rb +0 -6
  22. data/lib/chef/mixin/homebrew_user.rb +5 -15
  23. data/lib/chef/mixin/openssl_helper.rb +13 -17
  24. data/lib/chef/mixin/powershell_exec.rb +5 -28
  25. data/lib/chef/node/mixin/immutablize_array.rb +1 -0
  26. data/lib/chef/property.rb +5 -3
  27. data/lib/chef/provider/cron.rb +1 -5
  28. data/lib/chef/provider/file.rb +2 -2
  29. data/lib/chef/provider/group/windows.rb +1 -1
  30. data/lib/chef/provider/http_request.rb +11 -9
  31. data/lib/chef/provider/mount/linux.rb +5 -0
  32. data/lib/chef/provider/mount/mount.rb +8 -0
  33. data/lib/chef/provider/mount/windows.rb +1 -1
  34. data/lib/chef/provider/package/chocolatey.rb +1 -14
  35. data/lib/chef/provider/package/rubygems.rb +1 -1
  36. data/lib/chef/provider/package/windows/msi.rb +2 -2
  37. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
  38. data/lib/chef/provider/package/windows.rb +1 -1
  39. data/lib/chef/provider/package/yum/yum_helper.py +14 -2
  40. data/lib/chef/provider/package/zypper/version.rb +60 -0
  41. data/lib/chef/provider/package/zypper.rb +47 -8
  42. data/lib/chef/provider/service/windows.rb +1 -1
  43. data/lib/chef/provider/user/aix.rb +5 -0
  44. data/lib/chef/provider/user/linux.rb +29 -0
  45. data/lib/chef/provider/user/mac.rb +1 -1
  46. data/lib/chef/provider/user.rb +46 -14
  47. data/lib/chef/provider.rb +1 -1
  48. data/lib/chef/recipe.rb +1 -1
  49. data/lib/chef/resource/_rest_resource.rb +389 -0
  50. data/lib/chef/resource/alternatives.rb +0 -1
  51. data/lib/chef/resource/apt_package.rb +0 -1
  52. data/lib/chef/resource/apt_preference.rb +0 -1
  53. data/lib/chef/resource/apt_repository.rb +0 -1
  54. data/lib/chef/resource/apt_update.rb +0 -1
  55. data/lib/chef/resource/archive_file.rb +0 -1
  56. data/lib/chef/resource/bash.rb +0 -1
  57. data/lib/chef/resource/batch.rb +0 -1
  58. data/lib/chef/resource/bff_package.rb +0 -1
  59. data/lib/chef/resource/breakpoint.rb +0 -1
  60. data/lib/chef/resource/build_essential.rb +0 -1
  61. data/lib/chef/resource/cab_package.rb +0 -1
  62. data/lib/chef/resource/chef_client_config.rb +14 -18
  63. data/lib/chef/resource/chef_client_cron.rb +1 -2
  64. data/lib/chef/resource/chef_client_launchd.rb +2 -2
  65. data/lib/chef/resource/chef_client_scheduled_task.rb +3 -3
  66. data/lib/chef/resource/chef_client_systemd_timer.rb +1 -2
  67. data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
  68. data/lib/chef/resource/chef_gem.rb +0 -1
  69. data/lib/chef/resource/chef_handler.rb +0 -1
  70. data/lib/chef/resource/chef_sleep.rb +1 -3
  71. data/lib/chef/resource/chef_vault_secret.rb +0 -1
  72. data/lib/chef/resource/chocolatey_config.rb +0 -1
  73. data/lib/chef/resource/chocolatey_feature.rb +0 -1
  74. data/lib/chef/resource/chocolatey_package.rb +0 -1
  75. data/lib/chef/resource/chocolatey_source.rb +0 -1
  76. data/lib/chef/resource/cookbook_file.rb +0 -1
  77. data/lib/chef/resource/cron/_cron_shared.rb +0 -1
  78. data/lib/chef/resource/cron/cron.rb +0 -1
  79. data/lib/chef/resource/cron/cron_d.rb +15 -1
  80. data/lib/chef/resource/cron_access.rb +0 -1
  81. data/lib/chef/resource/csh.rb +0 -1
  82. data/lib/chef/resource/directory.rb +0 -1
  83. data/lib/chef/resource/dmg_package.rb +0 -1
  84. data/lib/chef/resource/dnf_package.rb +0 -1
  85. data/lib/chef/resource/dpkg_package.rb +0 -1
  86. data/lib/chef/resource/dsc_resource.rb +0 -1
  87. data/lib/chef/resource/dsc_script.rb +0 -1
  88. data/lib/chef/resource/execute.rb +0 -1
  89. data/lib/chef/resource/file.rb +0 -1
  90. data/lib/chef/resource/freebsd_package.rb +0 -1
  91. data/lib/chef/resource/gem_package.rb +0 -1
  92. data/lib/chef/resource/group.rb +25 -2
  93. data/lib/chef/resource/habitat/habitat_package.rb +0 -1
  94. data/lib/chef/resource/habitat/habitat_sup.rb +6 -7
  95. data/lib/chef/resource/habitat/habitat_sup_windows.rb +1 -1
  96. data/lib/chef/resource/habitat_config.rb +0 -1
  97. data/lib/chef/resource/habitat_install.rb +0 -1
  98. data/lib/chef/resource/habitat_service.rb +0 -1
  99. data/lib/chef/resource/habitat_user_toml.rb +0 -1
  100. data/lib/chef/resource/homebrew_cask.rb +8 -8
  101. data/lib/chef/resource/homebrew_package.rb +1 -2
  102. data/lib/chef/resource/homebrew_tap.rb +5 -6
  103. data/lib/chef/resource/homebrew_update.rb +0 -2
  104. data/lib/chef/resource/hostname.rb +0 -1
  105. data/lib/chef/resource/http_request.rb +0 -1
  106. data/lib/chef/resource/ifconfig.rb +0 -1
  107. data/lib/chef/resource/inspec_input.rb +0 -1
  108. data/lib/chef/resource/inspec_waiver.rb +0 -1
  109. data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -3
  110. data/lib/chef/resource/ips_package.rb +0 -1
  111. data/lib/chef/resource/kernel_module.rb +0 -1
  112. data/lib/chef/resource/ksh.rb +0 -1
  113. data/lib/chef/resource/launchd.rb +0 -1
  114. data/lib/chef/resource/link.rb +0 -1
  115. data/lib/chef/resource/locale.rb +2 -6
  116. data/lib/chef/resource/log.rb +0 -1
  117. data/lib/chef/resource/lwrp_base.rb +0 -4
  118. data/lib/chef/resource/macos_userdefaults.rb +5 -10
  119. data/lib/chef/resource/macosx_service.rb +0 -1
  120. data/lib/chef/resource/macports_package.rb +0 -1
  121. data/lib/chef/resource/mdadm.rb +0 -1
  122. data/lib/chef/resource/mount.rb +0 -1
  123. data/lib/chef/resource/msu_package.rb +0 -1
  124. data/lib/chef/resource/notify_group.rb +0 -2
  125. data/lib/chef/resource/ohai.rb +0 -1
  126. data/lib/chef/resource/ohai_hint.rb +0 -1
  127. data/lib/chef/resource/openbsd_package.rb +0 -1
  128. data/lib/chef/resource/openssl_dhparam.rb +0 -2
  129. data/lib/chef/resource/openssl_ec_private_key.rb +0 -2
  130. data/lib/chef/resource/openssl_ec_public_key.rb +0 -2
  131. data/lib/chef/resource/openssl_rsa_private_key.rb +0 -2
  132. data/lib/chef/resource/openssl_rsa_public_key.rb +0 -2
  133. data/lib/chef/resource/openssl_x509_certificate.rb +0 -2
  134. data/lib/chef/resource/openssl_x509_crl.rb +0 -2
  135. data/lib/chef/resource/openssl_x509_request.rb +0 -2
  136. data/lib/chef/resource/osx_profile.rb +0 -1
  137. data/lib/chef/resource/package.rb +0 -1
  138. data/lib/chef/resource/pacman_package.rb +0 -1
  139. data/lib/chef/resource/paludis_package.rb +0 -1
  140. data/lib/chef/resource/perl.rb +0 -1
  141. data/lib/chef/resource/plist.rb +7 -3
  142. data/lib/chef/resource/portage_package.rb +0 -1
  143. data/lib/chef/resource/powershell_package.rb +0 -1
  144. data/lib/chef/resource/powershell_package_source.rb +0 -1
  145. data/lib/chef/resource/powershell_script.rb +0 -1
  146. data/lib/chef/resource/python.rb +0 -1
  147. data/lib/chef/resource/reboot.rb +0 -1
  148. data/lib/chef/resource/registry_key.rb +0 -1
  149. data/lib/chef/resource/remote_directory.rb +0 -1
  150. data/lib/chef/resource/remote_file.rb +0 -1
  151. data/lib/chef/resource/rhsm_errata.rb +0 -1
  152. data/lib/chef/resource/rhsm_errata_level.rb +0 -1
  153. data/lib/chef/resource/rhsm_register.rb +0 -3
  154. data/lib/chef/resource/rhsm_repo.rb +0 -1
  155. data/lib/chef/resource/rhsm_subscription.rb +0 -1
  156. data/lib/chef/resource/route.rb +0 -1
  157. data/lib/chef/resource/rpm_package.rb +0 -1
  158. data/lib/chef/resource/ruby.rb +0 -1
  159. data/lib/chef/resource/ruby_block.rb +0 -1
  160. data/lib/chef/resource/scm/_scm.rb +0 -2
  161. data/lib/chef/resource/scm/git.rb +0 -2
  162. data/lib/chef/resource/scm/subversion.rb +0 -2
  163. data/lib/chef/resource/script.rb +0 -1
  164. data/lib/chef/resource/selinux/common_helpers.rb +47 -0
  165. data/lib/chef/resource/selinux/selinux_debian.erb +18 -0
  166. data/lib/chef/resource/selinux/selinux_default.erb +15 -0
  167. data/lib/chef/resource/selinux_boolean.rb +101 -0
  168. data/lib/chef/resource/selinux_fcontext.rb +160 -0
  169. data/lib/chef/resource/selinux_install.rb +107 -0
  170. data/lib/chef/resource/selinux_module.rb +143 -0
  171. data/lib/chef/resource/selinux_permissive.rb +64 -0
  172. data/lib/chef/resource/selinux_port.rb +118 -0
  173. data/lib/chef/resource/selinux_state.rb +166 -0
  174. data/lib/chef/resource/service.rb +0 -1
  175. data/lib/chef/resource/smartos_package.rb +0 -1
  176. data/lib/chef/resource/snap_package.rb +0 -1
  177. data/lib/chef/resource/solaris_package.rb +0 -1
  178. data/lib/chef/resource/ssh_known_hosts_entry.rb +0 -1
  179. data/lib/chef/resource/sudo.rb +0 -1
  180. data/lib/chef/resource/support/client.erb +5 -6
  181. data/lib/chef/resource/swap_file.rb +0 -1
  182. data/lib/chef/resource/sysctl.rb +1 -2
  183. data/lib/chef/resource/systemd_unit.rb +0 -1
  184. data/lib/chef/resource/template.rb +0 -1
  185. data/lib/chef/resource/timezone.rb +0 -1
  186. data/lib/chef/resource/user/aix_user.rb +0 -1
  187. data/lib/chef/resource/user/linux_user.rb +0 -1
  188. data/lib/chef/resource/user/mac_user.rb +0 -1
  189. data/lib/chef/resource/user/pw_user.rb +0 -1
  190. data/lib/chef/resource/user/solaris_user.rb +0 -1
  191. data/lib/chef/resource/user/windows_user.rb +0 -1
  192. data/lib/chef/resource/user.rb +10 -1
  193. data/lib/chef/resource/user_ulimit.rb +0 -1
  194. data/lib/chef/resource/whyrun_safe_ruby_block.rb +0 -1
  195. data/lib/chef/resource/windows_ad_join.rb +0 -2
  196. data/lib/chef/resource/windows_audit_policy.rb +0 -2
  197. data/lib/chef/resource/windows_auto_run.rb +0 -1
  198. data/lib/chef/resource/windows_defender.rb +0 -1
  199. data/lib/chef/resource/windows_defender_exclusion.rb +0 -1
  200. data/lib/chef/resource/windows_dfs_folder.rb +0 -1
  201. data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
  202. data/lib/chef/resource/windows_dfs_server.rb +0 -1
  203. data/lib/chef/resource/windows_dns_record.rb +0 -1
  204. data/lib/chef/resource/windows_dns_zone.rb +0 -1
  205. data/lib/chef/resource/windows_env.rb +0 -1
  206. data/lib/chef/resource/windows_feature.rb +0 -1
  207. data/lib/chef/resource/windows_feature_dism.rb +0 -1
  208. data/lib/chef/resource/windows_feature_powershell.rb +0 -1
  209. data/lib/chef/resource/windows_firewall_profile.rb +0 -2
  210. data/lib/chef/resource/windows_firewall_rule.rb +0 -1
  211. data/lib/chef/resource/windows_font.rb +2 -3
  212. data/lib/chef/resource/windows_package.rb +0 -1
  213. data/lib/chef/resource/windows_pagefile.rb +0 -2
  214. data/lib/chef/resource/windows_path.rb +0 -1
  215. data/lib/chef/resource/windows_printer.rb +0 -1
  216. data/lib/chef/resource/windows_printer_port.rb +0 -1
  217. data/lib/chef/resource/windows_script.rb +0 -2
  218. data/lib/chef/resource/windows_security_policy.rb +0 -1
  219. data/lib/chef/resource/windows_service.rb +0 -1
  220. data/lib/chef/resource/windows_share.rb +0 -1
  221. data/lib/chef/resource/windows_shortcut.rb +1 -2
  222. data/lib/chef/resource/windows_task.rb +0 -1
  223. data/lib/chef/resource/windows_uac.rb +0 -1
  224. data/lib/chef/resource/windows_update_settings.rb +0 -1
  225. data/lib/chef/resource/windows_user_privilege.rb +0 -1
  226. data/lib/chef/resource/windows_workgroup.rb +0 -1
  227. data/lib/chef/resource/yum_package.rb +0 -1
  228. data/lib/chef/resource/yum_repository.rb +0 -1
  229. data/lib/chef/resource/zypper_package.rb +0 -1
  230. data/lib/chef/resource/zypper_repository.rb +0 -1
  231. data/lib/chef/resource.rb +12 -5
  232. data/lib/chef/resources.rb +7 -0
  233. data/lib/chef/run_context.rb +3 -3
  234. data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
  235. data/lib/chef/version.rb +1 -1
  236. data/lib/chef/win32/handle.rb +6 -7
  237. data/lib/chef/win32/registry.rb +7 -3
  238. data/spec/data/rubygems.org/sexp_processor-info +2 -1
  239. data/spec/data/trusted_certs/example.crt +20 -29
  240. data/spec/data/trusted_certs/example_no_cn.crt +34 -30
  241. data/spec/data/trusted_certs/opscode.pem +54 -33
  242. data/spec/functional/resource/chocolatey_package_spec.rb +20 -32
  243. data/spec/functional/resource/dsc_script_spec.rb +1 -1
  244. data/spec/functional/resource/group_spec.rb +26 -42
  245. data/spec/functional/resource/link_spec.rb +8 -8
  246. data/spec/functional/resource/macos_userdefaults_spec.rb +4 -4
  247. data/spec/functional/resource/plist_spec.rb +25 -0
  248. data/spec/functional/resource/user/linux_user_spec.rb +127 -0
  249. data/spec/functional/resource/windows_certificate_spec.rb +1 -26
  250. data/spec/functional/resource/windows_font_spec.rb +12 -9
  251. data/spec/functional/resource/yum_package_spec.rb +1 -17
  252. data/spec/functional/resource/zypper_package_spec.rb +12 -10
  253. data/spec/functional/shell_spec.rb +1 -2
  254. data/spec/functional/version_spec.rb +1 -1
  255. data/spec/functional/win32/registry_spec.rb +0 -3
  256. data/spec/integration/client/client_spec.rb +82 -3
  257. data/spec/integration/client/exit_code_spec.rb +1 -1
  258. data/spec/integration/client/ipv6_spec.rb +1 -1
  259. data/spec/integration/compliance/compliance_spec.rb +1 -1
  260. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  261. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
  262. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  263. data/spec/integration/recipes/notifies_spec.rb +1 -1
  264. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  265. data/spec/integration/recipes/remote_directory.rb +1 -1
  266. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  267. data/spec/integration/recipes/use_partial_spec.rb +2 -1
  268. data/spec/integration/solo/solo_spec.rb +2 -2
  269. data/spec/spec_helper.rb +1 -5
  270. data/spec/support/platform_helpers.rb +0 -4
  271. data/spec/support/ruby_installer.rb +1 -1
  272. data/spec/support/shared/functional/windows_script.rb +2 -2
  273. data/spec/unit/application/client_spec.rb +0 -10
  274. data/spec/unit/client_spec.rb +70 -2
  275. data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +1 -1
  276. data/spec/unit/cookbook/syntax_check_spec.rb +3 -0
  277. data/spec/unit/http/authenticator_spec.rb +68 -0
  278. data/spec/unit/mixin/checksum_spec.rb +0 -28
  279. data/spec/unit/mixin/homebrew_user_spec.rb +7 -30
  280. data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
  281. data/spec/unit/mixin/powershell_exec_spec.rb +5 -5
  282. data/spec/unit/platform/query_helpers_spec.rb +2 -17
  283. data/spec/unit/provider/cron_spec.rb +0 -34
  284. data/spec/unit/provider/http_request_spec.rb +60 -72
  285. data/spec/unit/provider/mount/linux_spec.rb +10 -0
  286. data/spec/unit/provider/package/chocolatey_spec.rb +3 -20
  287. data/spec/unit/provider/package/rubygems_spec.rb +1 -1
  288. data/spec/unit/provider/package/zypper_spec.rb +32 -0
  289. data/spec/unit/provider/user/linux_spec.rb +51 -11
  290. data/spec/unit/provider/user_spec.rb +24 -6
  291. data/spec/unit/resource/archive_file_spec.rb +1 -1
  292. data/spec/unit/resource/chef_client_cron_spec.rb +5 -0
  293. data/spec/unit/resource/chef_client_launchd_spec.rb +5 -0
  294. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +5 -0
  295. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +2 -2
  296. data/spec/unit/resource/cron_d_spec.rb +37 -1
  297. data/spec/unit/resource/macos_user_defaults_spec.rb +4 -4
  298. data/spec/unit/resource/rest_resource_spec.rb +381 -0
  299. data/spec/unit/resource/selinux_boolean_spec.rb +92 -0
  300. data/spec/unit/resource/selinux_fcontext_spec.rb +65 -0
  301. data/spec/unit/resource/selinux_install_spec.rb +60 -0
  302. data/spec/unit/resource/selinux_module_spec.rb +55 -0
  303. data/spec/unit/resource/selinux_permissive_spec.rb +39 -0
  304. data/spec/unit/resource/selinux_port_spec.rb +42 -0
  305. data/spec/unit/resource/selinux_state_spec.rb +46 -0
  306. data/spec/unit/resource/sysctl_spec.rb +2 -2
  307. data/spec/unit/resource/user/linux_user_spec.rb +42 -0
  308. data/spec/unit/resource_spec.rb +8 -2
  309. data/spec/unit/util/dsc/local_configuration_manager_spec.rb +1 -1
  310. data/tasks/rspec.rb +1 -1
  311. metadata +106 -55
  312. data/spec/functional/assets/yumrepo-empty/repodata/01a3b-filelists.sqlite.bz2 +0 -0
  313. data/spec/functional/assets/yumrepo-empty/repodata/401dc-filelists.xml.gz +0 -0
  314. data/spec/functional/assets/yumrepo-empty/repodata/5dc1e-primary.sqlite.bz2 +0 -0
  315. data/spec/functional/assets/yumrepo-empty/repodata/6bf96-other.xml.gz +0 -0
  316. data/spec/functional/assets/yumrepo-empty/repodata/7c365-other.sqlite.bz2 +0 -0
  317. data/spec/functional/assets/yumrepo-empty/repodata/dabe2-primary.xml.gz +0 -0
  318. data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml +0 -55
  319. data/spec/integration/client/fips_spec.rb +0 -29
  320. data/spec/integration/client/open_ssl_spec.rb +0 -20
  321. /data/spec/functional/assets/chocolatey_feed/{test-A.1.0.0.nupkg → test-A.1.0.nupkg} +0 -0
  322. /data/spec/functional/assets/chocolatey_feed/{test-A.1.5.0.nupkg → test-A.1.5.nupkg} +0 -0
  323. /data/spec/functional/assets/chocolatey_feed/{test-A.2.0.0.nupkg → test-A.2.0.nupkg} +0 -0
  324. /data/spec/functional/assets/chocolatey_feed/{test-B.1.0.0.nupkg → test-B.1.0.nupkg} +0 -0
  325. /data/spec/functional/assets/yumrepo/repodata/{01a3b-filelists.sqlite.bz2 → 4632d67cb92636e7575d911c24f0e04d3505a944e97c483abe0c3e73a7c62d33-filelists.sqlite.bz2} +0 -0
  326. /data/spec/functional/assets/yumrepo/repodata/{6bf96-other.xml.gz → 74599b793e54d877323837d2d81a1c3c594c44e4335f9528234bb490f7b9b439-other.xml.gz} +0 -0
  327. /data/spec/functional/assets/yumrepo/repodata/{5dc1e-primary.sqlite.bz2 → a845d418f919d2115ab95a56b2c76f6825ad0d0bede49181a55c04f58995d057-primary.sqlite.bz2} +0 -0
  328. /data/spec/functional/assets/yumrepo/repodata/{7c365-other.sqlite.bz2 → af9b7cf9ef23bd7b43068d74a460f3b5d06753d638e58e4a0c9edc35bfb9cdc4-other.sqlite.bz2} +0 -0
  329. /data/spec/functional/assets/yumrepo/repodata/{401dc-filelists.xml.gz → bdb4f5f1492a3b9532f22c43110a81500dd744f23da0aec5c33b2a41317c737d-filelists.xml.gz} +0 -0
  330. /data/spec/functional/assets/yumrepo/repodata/{dabe2-primary.xml.gz → c10d1d34ce99e02f12ec96ef68360543ab1bb7c3cb81a4a2bf78df7d8597e9df-primary.xml.gz} +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 28b7b51e00a854a7faa87d094e44b46b0ec68a7d0951de058acfcc6bd180ce82
4
- data.tar.gz: 06f7cf2a6059778845b765f6f88855334d464002926b69b5303fbfae7162e9e7
3
+ metadata.gz: a87965b9d23cae217ee13ee9c4944a7558d55bfb6124eed4b09852305a4dc1c2
4
+ data.tar.gz: dfb528c686c6e0d708e2ce1610ed6e51f2a1b7e078548c472873bb15c942127d
5
5
  SHA512:
6
- metadata.gz: dadfcf3a6ac945b7b3c901e9ae58e540f439bd62cab6ed229df02a29c0f43cf7a74fdd0411e91168e0455d714783792c6badf0655150d03e6a444a249d178702
7
- data.tar.gz: aba33fe20cf50193f1326740170fb80c5989013721d67fdb95138fa4d7831072a672986f69392dfaa04ae008f5b635ad61077720e1f4c1cc9042c798e7aa47bb
6
+ metadata.gz: 66df75dfd9ed14186747c2f4f4f89abe73b1cd00d798a1e68ad4219a6694ac1aad5d05228c85d9af75b86bd14b30c5222342be69a6503ff44453192e0970e722
7
+ data.tar.gz: dcda678decee792fc8b144f846b3eb268c4e0aa619afbebd2b67c2ad3a71bb72ea3c0032f349060b461042cacc50eb1e27e5de00722f37e43274e1f89e627246
data/Gemfile CHANGED
@@ -2,8 +2,12 @@ source "https://rubygems.org"
2
2
 
3
3
  gem "chef", path: "."
4
4
 
5
- gem "ohai", git: "https://github.com/chef/ohai.git", branch: "17-stable"
5
+ gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main"
6
6
 
7
+ # Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
8
+ gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
9
+
10
+ gem "ffi", ">= 1.15.5"
7
11
  gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
8
12
  gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
9
13
 
@@ -15,36 +19,31 @@ else
15
19
  gem "chef-bin" # rubocop:disable Bundler/DuplicatedGem
16
20
  end
17
21
 
18
- gem "cheffish", "~> 17.0.0"
19
-
20
- gem "ast", "~> 2.4.2"
21
- gem "rubocop-ast", ">= 1.31.0"
22
-
23
- gem "rdoc", "~> 6.3.4" # 6.3.4.1 required for CVE-2024-27281, allow patch upgrades
24
-
25
- # Verify and macOS bring their own ruby setups are inconsistent with our OpenSSL configurations
26
- install_if -> { RUBY_PLATFORM !~ /darwin/ && ENV["BUILDKITE_PIPELINE_SLUG"] !~ /verify/ } do
27
- gem "openssl", "= 3.2.0"
28
- end
22
+ gem "cheffish", ">= 17"
29
23
 
30
24
  group(:omnibus_package) do
31
25
  gem "appbundler"
32
26
  gem "rb-readline"
33
- gem "inspec-core-bin", "~> 5.22.40" # need to provide the binaries for inspec
27
+ gem "inspec-core-bin", ">= 5" # need to provide the binaries for inspec
34
28
  gem "chef-vault"
35
29
  end
36
30
 
37
31
  group(:omnibus_package, :pry) do
38
- gem "pry", ">= 0.14.1"
32
+ # Locked because pry-byebug is broken with 13+.
33
+ # some work is ongoing? https://github.com/deivid-rodriguez/pry-byebug/issues/343
34
+ gem "pry", "= 0.13.0"
39
35
  # byebug does not install on freebsd on ruby 3.0
40
36
  gem "pry-byebug" unless RUBY_PLATFORM.match?(/freebsd/i)
41
37
  gem "pry-stack_explorer"
42
38
  end
43
39
 
40
+ # proxifier gem is busted on ruby 3.1 and seems abandoned so use git fork of gem
41
+ gem "proxifier", git: "https://github.com/chef/ruby-proxifier", branch: "lcg/ruby-3"
42
+
44
43
  # Everything except AIX and Windows
45
44
  group(:ruby_shadow) do
46
45
  # if ruby-shadow does a release that supports ruby-3.0 this can be removed
47
- gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby
46
+ gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby unless RUBY_PLATFORM == "x64-mingw-ucrt"
48
47
  end
49
48
 
50
49
  # deps that cannot be put in the knife gem because they require a compiler and fail on windows nodes
@@ -56,14 +55,14 @@ group(:development, :test) do
56
55
  gem "rake"
57
56
  gem "rspec"
58
57
  gem "webmock"
59
- gem "crack", "< 0.4.6" # due to https://github.com/jnunemaker/crack/pull/75
60
58
  gem "fauxhai-ng" # for chef-utils gem
61
59
  end
62
60
 
63
- group(:chefstyle) do
64
- # for testing new chefstyle rules
65
- gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "main"
66
- end
61
+ gem "chefstyle"
62
+ # group(:chefstyle) do
63
+ # # for testing new chefstyle rules
64
+ # gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "main"
65
+ # end
67
66
 
68
67
  instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]
69
68
 
data/README.md CHANGED
@@ -1,16 +1,16 @@
1
1
  # Chef Infra
2
2
  [![Code Climate](https://codeclimate.com/github/chef/chef.svg)](https://codeclimate.com/github/chef/chef)
3
- [![Build Status](https://badge.buildkite.com/c82093430ceec7d27af05febb9dcafe3aa331fff9d74c0ab9d.svg?branch=chef-17)](https://buildkite.com/chef-oss/chef-chef-chef-17-verify)
3
+ [![Build Status](https://badge.buildkite.com/c82093430ceec7d27af05febb9dcafe3aa331fff9d74c0ab9d.svg?branch=main)](https://buildkite.com/chef-oss/chef-chef-main-verify)
4
4
  [![Gem Version](https://badge.fury.io/rb/chef.svg)](https://badge.fury.io/rb/chef)
5
- [![](https://img.shields.io/badge/Release%20Policy-Cadence%20Release-brightgreen.svg)](https://github.com/chef/chef/blob/master/docs/dev/design_documents/client_release_cadence.md)
5
+ [![](https://img.shields.io/badge/Release%20Policy-Cadence%20Release-brightgreen.svg)](https://github.com/chef/chef/blob/main/docs/dev/design_documents/client_release_cadence.md)
6
6
 
7
- **Umbrella Project**: [Chef Infra](https://github.com/chef/chef-oss-practices/blob/master/projects/chef-infra.md)
7
+ **Umbrella Project**: [Chef Infra](https://github.com/chef/chef-oss-practices/blob/main/projects/chef-infra.md)
8
8
 
9
- **Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md#active)
9
+ **Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md#active)
10
10
 
11
- **Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days
11
+ **Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md)**: 14 days
12
12
 
13
- **Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days
13
+ **Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md)**: 14 days
14
14
 
15
15
  ## Getting Started
16
16
 
@@ -23,7 +23,7 @@ For Chef Infra usage, please refer to [Learn Chef](https://learn.chef.io/), our
23
23
  Other useful resources for Chef Infra users:
24
24
 
25
25
  - Documentation: <https://docs.chef.io/>
26
- - Source: <https://github.com/chef/chef/tree/master>
26
+ - Source: <https://github.com/chef/chef/tree/main>
27
27
  - Tickets/Issues: <https://github.com/chef/chef/issues>
28
28
  - Slack: [Chef Community Slack](https://community-slack.chef.io/)
29
29
  - Mailing list/Forum: <https://discourse.chef.io>
data/Rakefile CHANGED
@@ -40,7 +40,7 @@ namespace :pre_install do
40
40
  %w{chef-utils chef-config}.each do |gem|
41
41
  path = ::File.join(::File.dirname(__FILE__), gem)
42
42
  Dir.chdir(path) do
43
- sh("rake install")
43
+ system "rake install"
44
44
  end
45
45
  end
46
46
  end
@@ -61,9 +61,9 @@ end
61
61
 
62
62
  # hack in all the preinstall tasks to occur before the traditional install task
63
63
  task install: "pre_install:all"
64
-
65
64
  # make sure we build the correct gemspec on windows
66
- gemspec = Gem.win_platform? ? "chef-universal-mingw32" : "chef"
65
+ gemspec = Gem.win_platform? ? "chef-universal-mingw-ucrt" : "chef"
66
+
67
67
  Bundler::GemHelper.install_tasks name: gemspec
68
68
 
69
69
  # this gets appended to the normal bundler install helper
@@ -99,25 +99,6 @@ task :register_eventlog do
99
99
  end
100
100
  end
101
101
 
102
- desc "Copies powershell_exec related binaries from the latest built Habitat Packages"
103
- task :update_chef_exec_dll do
104
- raise "This task must be run on Windows since we are installing a Windows targeted package!" unless Gem.win_platform?
105
-
106
- require "mkmf"
107
- raise "Unable to locate Habitat cli. Please install Habitat cli before invoking this task!" unless find_executable "hab"
108
-
109
- sh("hab pkg install chef/chef-powershell-shim")
110
- sh("hab pkg install chef/chef-powershell-shim-x86")
111
- x64 = `hab pkg path chef/chef-powershell-shim`.chomp.tr("\\", "/")
112
- x86 = `hab pkg path chef/chef-powershell-shim-x86`.chomp.tr("\\", "/")
113
- FileUtils.rm_rf(Dir["distro/ruby_bin_folder/AMD64/*"])
114
- FileUtils.rm_rf(Dir["distro/ruby_bin_folder/x86/*"])
115
- puts "Copying #{x64}/bin/* to distro/ruby_bin_folder/AMD64"
116
- FileUtils.cp_r(Dir["#{x64}/bin/*"], "distro/ruby_bin_folder/AMD64")
117
- puts "Copying #{x86}/bin/* to distro/ruby_bin_folder/x86"
118
- FileUtils.cp_r(Dir["#{x86}/bin/*"], "distro/ruby_bin_folder/x86")
119
- end
120
-
121
102
  begin
122
103
  require "chefstyle"
123
104
  require "rubocop/rake_task"
@@ -1,8 +1,8 @@
1
- gemspec = eval(IO.read(File.expand_path("chef.gemspec", __dir__)))
1
+ gemspec = instance_eval(File.read(File.expand_path("chef.gemspec", __dir__)))
2
2
 
3
- gemspec.platform = Gem::Platform.new(%w{universal mingw32})
3
+ gemspec.platform = Gem::Platform.new(%w{x64-mingw-ucrt})
4
4
 
5
- gemspec.add_dependency "win32-api", "~> 1.5.3"
5
+ gemspec.add_dependency "win32-api", "~> 1.10.0"
6
6
  gemspec.add_dependency "win32-event", "~> 0.6.1"
7
7
  # TODO: Relax this pin and make the necessary updaets. The issue originally
8
8
  # leading to this pin has been fixed in 0.6.5.
@@ -11,12 +11,13 @@ gemspec.add_dependency "win32-mmap", "~> 0.4.1"
11
11
  gemspec.add_dependency "win32-mutex", "~> 0.4.2"
12
12
  gemspec.add_dependency "win32-process", "~> 0.9"
13
13
  gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
14
- gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
15
- gemspec.add_dependency "win32-certstore", "~> 0.6.15"
16
14
  gemspec.add_dependency "wmi-lite", "~> 1.0"
15
+ gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
17
16
  gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
18
- gemspec.add_dependency "chef-powershell" , "~> 18.1.0"
17
+ gemspec.add_dependency "win32-certstore", "~> 0.6.15" # 0.5+ required for specifying user vs. system store
18
+ gemspec.add_dependency "chef-powershell", "~> 1.0.12" # The guts of the powershell_exec code have been moved to its own gem, chef-powershell. It's part of the chef-powershell-shim repo.
19
+
19
20
  gemspec.extensions << "ext/win32-eventlog/Rakefile"
20
21
  gemspec.files += Dir.glob("{distro,ext}/**/*")
21
22
 
22
- gemspec
23
+ gemspec
data/chef.gemspec CHANGED
@@ -22,12 +22,17 @@ Gem::Specification.new do |s|
22
22
  s.email = "adam@chef.io"
23
23
  s.homepage = "https://www.chef.io"
24
24
 
25
- s.required_ruby_version = ">= 3.0.0"
25
+ if RUBY_PLATFORM =~ /aix/
26
+ s.required_ruby_version = ">= 3.0.3"
27
+ else
28
+ s.required_ruby_version = ">= 3.1.0"
29
+ end
26
30
 
27
31
  s.add_dependency "chef-config", "= #{Chef::VERSION}"
28
32
  s.add_dependency "chef-utils", "= #{Chef::VERSION}"
29
- s.add_dependency "train-core", "~> 3.10", "< 3.12.5"
33
+ s.add_dependency "train-core", "~> 3.10", ">= 3.2.28" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
30
34
  s.add_dependency "train-winrm", ">= 0.2.5"
35
+ s.add_dependency "train-rest", ">= 0.4.1" # target mode with rest APIs
31
36
 
32
37
  s.add_dependency "license-acceptance", ">= 1.0.5", "< 3"
33
38
  s.add_dependency "mixlib-cli", ">= 2.1.1", "< 3.0"
@@ -35,12 +40,13 @@ Gem::Specification.new do |s|
35
40
  s.add_dependency "mixlib-authentication", ">= 2.1", "< 4"
36
41
  s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
37
42
  s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
38
- s.add_dependency "ohai", "~> 17.9"
39
- s.add_dependency "inspec-core", "~> 5.22.40"
43
+ s.add_dependency "ohai", "~> 18.0"
44
+ s.add_dependency "inspec-core", ">= 5"
40
45
 
41
- s.add_dependency "ffi", "~> 1.15.5"
42
- s.add_dependency "ffi-yajl", ">= 2.2", "< 4.0"
43
- s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
46
+ s.add_dependency "ffi", ">= 1.15.5"
47
+ s.add_dependency "ffi-yajl", "~> 2.2"
48
+ s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0" # remote_file resource
49
+ s.add_dependency "net-ftp" # remote_file resource
44
50
  s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
45
51
  s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
46
52
  s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
@@ -52,21 +58,17 @@ Gem::Specification.new do |s|
52
58
  s.add_dependency "addressable"
53
59
  s.add_dependency "syslog-logger", "~> 1.6"
54
60
  s.add_dependency "uuidtools", ">= 2.1.5", "< 3.0" # osx_profile resource
61
+ s.add_dependency "unf_ext", ">= 0.0.8.2" # This is ruby31 compatible ucrt gem version
55
62
  s.add_dependency "corefoundation", "~> 0.3.4" # macos_userdefaults resource
56
63
 
57
- s.add_dependency "proxifier2", "~> 1.1"
64
+ s.add_dependency "proxifier", "~> 1.0"
58
65
 
59
66
  s.add_dependency "aws-sdk-s3", "~> 1.91" # s3 recipe-url support
60
67
  s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
61
- s.add_dependency "vault", "~> 0.18.2" # hashi vault official client gem
68
+ s.add_dependency "vault", "~> 0.16" # hashi vault official client gem
62
69
  s.bindir = "bin"
63
70
  s.executables = %w{ }
64
71
 
65
- if RUBY_VERSION.match?("3.0.0")
66
- # Ruby 3.0.0 on Fedora specifically makes trouble
67
- s.add_dependency "uri", "= 0.10.1"
68
- end
69
-
70
72
  s.require_paths = %w{ lib }
71
73
  s.files = %w{Gemfile Rakefile LICENSE README.md} +
72
74
  Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) } +
@@ -75,7 +77,7 @@ Gem::Specification.new do |s|
75
77
 
76
78
  s.metadata = {
77
79
  "bug_tracker_uri" => "https://github.com/chef/chef/issues",
78
- "changelog_uri" => "https://github.com/chef/chef/blob/master/CHANGELOG.md",
80
+ "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md",
79
81
  "documentation_uri" => "https://docs.chef.io/",
80
82
  "homepage_uri" => "https://www.chef.io",
81
83
  "mailing_list_uri" => "https://discourse.chef.io/",
@@ -64,6 +64,10 @@ class Chef
64
64
  @chef_rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { api_version: "1", inflate_json_class: false })
65
65
  end
66
66
 
67
+ def chef_rest_v1_with_validator
68
+ @chef_rest_v1_with_validator ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { client_name: Chef::Config[:validation_client_name], signing_key_filename: Chef::Config[:validation_key], api_version: "1", inflate_json_class: false })
69
+ end
70
+
67
71
  def self.http_api
68
72
  Chef::ServerAPI.new(Chef::Config[:chef_server_url], { api_version: "1", inflate_json_class: false })
69
73
  end
@@ -293,7 +297,11 @@ class Chef
293
297
  payload[:public_key] = public_key unless public_key.nil?
294
298
  payload[:create_key] = create_key unless create_key.nil?
295
299
 
296
- new_client = chef_rest_v1.post("clients", payload)
300
+ new_client = if Chef::Config[:migrate_key_to_keystore] == true
301
+ chef_rest_v1_with_validator.post("clients", payload)
302
+ else
303
+ chef_rest_v1.post("clients", payload)
304
+ end
297
305
 
298
306
  # get the private_key out of the chef_key hash if it exists
299
307
  if new_client["chef_key"]
@@ -19,8 +19,8 @@
19
19
  class Chef
20
20
  class Application
21
21
 
22
- # These are the exit codes defined in Chef RFC 062
23
- # https://github.com/chef/chef-rfc/blob/master/rfc062-exit-status.md
22
+ # These are the exit codes defined in the exit codes design document
23
+ # https://github.com/chef/chef/blob/main/docs/dev/design_documents/client_exit_codes.md
24
24
  class ExitCode
25
25
  require "chef-utils/dist" unless defined?(ChefUtils::Dist)
26
26
 
@@ -140,7 +140,7 @@ class Chef
140
140
 
141
141
  def non_standard_exit_code_warning(exit_code)
142
142
  "#{ChefUtils::Dist::Infra::CLIENT} attempted to exit with a non-standard exit code of #{exit_code}." \
143
- " The #{ChefUtils::Dist::Infra::PRODUCT} Exit Codes design document (https://github.com/chef/chef-rfc/blob/master/rfc062-exit-status.md)" \
143
+ " The #{ChefUtils::Dist::Infra::PRODUCT} Exit Codes design document (https://github.com/chef/chef/blob/main/docs/dev/design_documents/client_exit_codes.md)" \
144
144
  " defines the exit codes that should be used with #{ChefUtils::Dist::Infra::CLIENT}. Chef::Application::ExitCode defines" \
145
145
  " valid exit codes Non-standard exit codes are redefined as GENERIC_FAILURE."
146
146
  end
data/lib/chef/client.rb CHANGED
@@ -64,6 +64,10 @@ class Chef
64
64
  # The main object in a Chef run. Preps a Chef::Node and Chef::RunContext,
65
65
  # syncs cookbooks if necessary, and triggers convergence.
66
66
  class Client
67
+ CRYPT_EXPORTABLE = 0x00000001
68
+
69
+ attr_reader :local_context
70
+
67
71
  extend Chef::Mixin::Deprecation
68
72
 
69
73
  extend Forwardable
@@ -292,6 +296,8 @@ class Chef
292
296
  # keep this inside the main loop to get exception backtraces
293
297
  end_profiling
294
298
 
299
+ warn_if_eol
300
+
295
301
  # rebooting has to be the last thing we do, no exceptions.
296
302
  Chef::Platform::Rebooter.reboot_if_needed!(node)
297
303
  rescue Exception => run_error
@@ -320,6 +326,19 @@ class Chef
320
326
  # @todo make this stuff protected or private
321
327
  #
322
328
 
329
+ # @api private
330
+ def warn_if_eol
331
+ require_relative "version"
332
+
333
+ # We make a release every year so take the version you're on + 2006 and you get
334
+ # the year it goes EOL
335
+ eol_year = 2006 + Gem::Version.new(Chef::VERSION).segments.first
336
+
337
+ if Time.now > Time.new(eol_year, 5, 01)
338
+ logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on May 1st #{eol_year}. Please update to a supported release to receive new features, bug fixes, and security updates.")
339
+ end
340
+ end
341
+
323
342
  # @api private
324
343
  def configure_formatters
325
344
  formatters_for_run.map do |formatter_name, output_path|
@@ -625,6 +644,16 @@ class Chef
625
644
  if !config[:client_key]
626
645
  events.skipping_registration(client_name, config)
627
646
  logger.trace("Client key is unspecified - skipping registration")
647
+ elsif ::Chef::Config[:migrate_key_to_keystore] == true && ChefUtils.windows?
648
+ cert_name = "chef-#{client_name}"
649
+ result = check_certstore_for_key(cert_name)
650
+ if result.rassoc("#{cert_name}")
651
+ logger.trace("Client key #{config[:client_key]} is present in Certificate Store - skipping registration")
652
+ else
653
+ create_new_key_and_register(cert_name)
654
+ logger.trace("New client keys created in the Certificate Store - skipping registration")
655
+ end
656
+ events.skipping_registration(client_name, config)
628
657
  elsif File.exists?(config[:client_key])
629
658
  events.skipping_registration(client_name, config)
630
659
  logger.trace("Client key #{config[:client_key]} is present - skipping registration")
@@ -643,6 +672,158 @@ class Chef
643
672
  raise
644
673
  end
645
674
 
675
+ # In the brave new world of No Certs On Disk, we want to put the pem file into Keychain or the Certstore
676
+ # But is it already there?
677
+ def check_certstore_for_key(cert_name)
678
+ require "win32-certstore"
679
+ win32certstore = ::Win32::Certstore.open("MY")
680
+ win32certstore.search("#{cert_name}")
681
+ end
682
+
683
+ def generate_pfx_package(cert_name, date)
684
+ self.class.generate_pfx_package(cert_name, date)
685
+ end
686
+
687
+ def self.generate_pfx_package(cert_name, date)
688
+ require "openssl" unless defined?(OpenSSL)
689
+
690
+ key = OpenSSL::PKey::RSA.new(2048)
691
+ public_key = key.public_key
692
+
693
+ subject = "CN=#{cert_name}"
694
+
695
+ cert = OpenSSL::X509::Certificate.new
696
+ cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
697
+ cert.not_before = Time.now
698
+ cert.not_after = Time.parse(date)
699
+ cert.public_key = public_key
700
+ cert.serial = 0x0
701
+ cert.version = 2
702
+
703
+ ef = OpenSSL::X509::ExtensionFactory.new
704
+ ef.subject_certificate = cert
705
+ ef.issuer_certificate = cert
706
+ cert.extensions = [
707
+ ef.create_extension("subjectKeyIdentifier", "hash"),
708
+ ef.create_extension("keyUsage", "digitalSignature,keyEncipherment", true),
709
+ ]
710
+ cert.add_extension(ef.create_ext_from_string("extendedKeyUsage=critical,serverAuth,clientAuth"))
711
+
712
+ cert.sign key, OpenSSL::Digest.new("SHA256")
713
+ password = ::Chef::HTTP::Authenticator.get_cert_password
714
+ pfx = OpenSSL::PKCS12.create(password, subject, key, cert)
715
+ pfx
716
+ end
717
+
718
+ def update_key_and_register(cert_name)
719
+ self.class.update_key_and_register(cert_name)
720
+ end
721
+
722
+ def self.update_key_and_register(cert_name, expiring_cert = nil)
723
+ # Chef client and node objects exist on Chef Server already
724
+ # Create a new public/private keypair in secure storage
725
+ # and register the new public cert with Chef Server
726
+ require "time" unless defined?(Time)
727
+ autoload :URI, "uri"
728
+
729
+ node = Chef::Config[:node_name]
730
+ end_date = Time.new + (3600 * 24 * 90)
731
+ end_date = end_date.utc.iso8601
732
+
733
+ new_cert_name = Time.now.utc.iso8601
734
+ payload = {
735
+ name: new_cert_name,
736
+ clientname: node,
737
+ public_key: "",
738
+ expiration_date: end_date,
739
+ }
740
+
741
+ new_pfx = generate_pfx_package(cert_name, end_date)
742
+ payload[:public_key] = new_pfx.certificate.public_key.to_pem
743
+ base_url = "#{Chef::Config[:chef_server_url]}"
744
+
745
+ @tmpdir = Dir.mktmpdir
746
+ file_path = File.join(@tmpdir, "#{node}.pem")
747
+
748
+ # The pfx files expire every 90 days.
749
+ # We check them in /http/authenticator to see if they are expiring when we extract the private key
750
+ # If they are, we come here to update Chef Server with a new public key
751
+ if expiring_cert
752
+ File.open(file_path, "w") { |f| f.write expiring_cert.key.to_pem }
753
+ signing_cert = file_path
754
+ client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:node_name], signing_key_filename: signing_cert )
755
+ File.delete(file_path)
756
+ else
757
+ client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:node_name], signing_key_filename: Chef::Config[:client_key] )
758
+ end
759
+
760
+ # Get the list of keys for this client
761
+ # Then add the new key we just created
762
+ # Then we delete the old one.
763
+ cert_list = client.get(base_url + "/clients/#{node}/keys")
764
+ client.post(base_url + "/clients/#{node}/keys", payload)
765
+
766
+ # We want to remove the old key for various reasons
767
+ # In the case where more than 1 certificate is returned we assume
768
+ # there is some special condition applied to the client so we won't delete the old
769
+ # certificates
770
+ if cert_list.count < 2
771
+ cert_hash = cert_list.reduce({}, :merge!)
772
+ old_cert_name = cert_hash["name"]
773
+ new_key = new_pfx.key.to_pem
774
+ File.open(file_path, "w") { |f| f.write new_key }
775
+ client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:node_name], signing_key_filename: file_path)
776
+ client.delete(base_url + "/clients/#{node}/keys/#{old_cert_name}")
777
+ File.delete(file_path)
778
+ end
779
+ import_pfx_to_store(new_pfx)
780
+ end
781
+
782
+ def create_new_key_and_register(cert_name)
783
+ require "time" unless defined?(Time)
784
+ autoload :URI, "uri"
785
+
786
+ # KeyMigration.instance.key_migrated = true
787
+
788
+ node = Chef::Config[:node_name]
789
+ d = Time.now
790
+ if d.month == 10 || d.month == 11 || d.month == 12
791
+ end_date = Time.new(d.year + 1, d.month - 9, d.day, d.hour, d.min, d.sec).utc.iso8601
792
+ else
793
+ end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
794
+ end
795
+
796
+ payload = {
797
+ name: node,
798
+ clientname: node,
799
+ public_key: "",
800
+ expiration_date: end_date,
801
+ }
802
+
803
+ new_pfx = generate_pfx_package(cert_name, end_date)
804
+ payload[:public_key] = new_pfx.certificate.public_key.to_pem
805
+ base_url = "#{Chef::Config[:chef_server_url]}"
806
+ client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:validation_client_name], signing_key_filename: Chef::Config[:validation_key])
807
+ client.post(base_url + "/clients", payload)
808
+ Chef::Log.trace("Updated client data: #{client.inspect}")
809
+ import_pfx_to_store(new_pfx)
810
+ end
811
+
812
+ def import_pfx_to_store(new_pfx)
813
+ self.class.import_pfx_to_store(new_pfx)
814
+ end
815
+
816
+ def self.import_pfx_to_store(new_pfx)
817
+ password = ::Chef::HTTP::Authenticator.get_cert_password
818
+ require "win32-certstore"
819
+ tempfile = Tempfile.new("#{Chef::Config[:node_name]}.pfx")
820
+ File.open(tempfile, "wb") { |f| f.print new_pfx.to_der }
821
+
822
+ store = ::Win32::Certstore.open("MY")
823
+ store.add_pfx(tempfile, password, CRYPT_EXPORTABLE)
824
+ tempfile.unlink
825
+ end
826
+
646
827
  #
647
828
  # Converges all compiled resources.
648
829
  #
@@ -907,3 +1088,4 @@ end
907
1088
  require_relative "cookbook_loader"
908
1089
  require_relative "cookbook_version"
909
1090
  require_relative "cookbook/synchronizer"
1091
+
@@ -101,7 +101,7 @@ class Chef
101
101
  # and cookbook_name are required this is probably not externally useful.
102
102
  #
103
103
  def self.from_yaml(events, string, path = nil, cookbook_name = nil)
104
- from_hash(events, YAML.load(string), path, cookbook_name)
104
+ from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
105
105
  end
106
106
 
107
107
  # @param filename [String] full path to the yml file in the cookbook
@@ -108,7 +108,7 @@ class Chef
108
108
  # and cookbook_name are required this is probably not externally useful.
109
109
  #
110
110
  def self.from_yaml(events, string, path, cookbook_name)
111
- from_hash(events, YAML.load(string), path, cookbook_name)
111
+ from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
112
112
  end
113
113
 
114
114
  # @param filename [String] full path to the inspec.yml file in the cookbook
@@ -45,7 +45,6 @@ class Chef
45
45
  end
46
46
 
47
47
  # @return [Boolean] if any of the profiles are enabled
48
- #
49
48
  def using_profiles?
50
49
  any?(&:enabled?)
51
50
  end
@@ -101,7 +101,7 @@ class Chef
101
101
  # and cookbook_name are required this is probably not externally useful.
102
102
  #
103
103
  def self.from_yaml(events, string, path = nil, cookbook_name = nil)
104
- from_hash(events, YAML.load(string), path, cookbook_name)
104
+ from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
105
105
  end
106
106
 
107
107
  # @param filename [String] full path to the yml file in the cookbook
@@ -248,8 +248,8 @@ class Chef
248
248
  # Debugs ruby syntax errors by printing the path to the file and any
249
249
  # diagnostic info given in +error_message+
250
250
  def invalid_ruby_file(ruby_file, error_message)
251
- file_relative_path = ruby_file[/^#{Regexp.escape(cookbook_path + File::Separator)}(.*)/, 1]
252
- Chef::Log.fatal("Cookbook file #{file_relative_path} has a ruby syntax error:")
251
+ file_relative_path = ruby_file[ruby_file.index(cookbook_path.split("/").last), ruby_file.length]
252
+ Chef::Log.fatal("Cookbook file #{file_relative_path} has a ruby syntax error.")
253
253
  error_message.each_line { |l| Chef::Log.fatal(l.chomp) }
254
254
  false
255
255
  end
@@ -42,7 +42,7 @@ class Chef
42
42
  end
43
43
 
44
44
  def parse_yaml(filename)
45
- YAML.load(IO.read(filename))
45
+ YAML.safe_load_file(filename, permitted_classes: [Date])
46
46
  end
47
47
 
48
48
  extend self