chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

data/lib/chef/dsl/toml.rb

@@ -0,0 +1,116 @@
+require "date"
+
+# imported from https://github.com/chef-cookbooks/habitat
+class Chef
+  module DSL
+    module Toml
+      class Dumper
+        attr_reader :toml_str
+
+        def initialize(hash)
+          @toml_str = ""
+
+          visit(hash, [])
+        end
+
+        private
+
+        def visit(hash, prefix, extra_brackets = false)
+          simple_pairs, nested_pairs, table_array_pairs = sort_pairs hash
+
+          if prefix.any? && (simple_pairs.any? || hash.empty?)
+            print_prefix prefix, extra_brackets
+          end
+
+          dump_pairs simple_pairs, nested_pairs, table_array_pairs, prefix
+        end
+
+        def sort_pairs(hash)
+          nested_pairs = []
+          simple_pairs = []
+          table_array_pairs = []
+
+          hash.keys.sort.each do |key|
+            val = hash[key]
+            element = [key, val]
+
+            if val.is_a? Hash
+              nested_pairs << element
+            elsif val.is_a?(Array) && val.first.is_a?(Hash)
+              table_array_pairs << element
+            else
+              simple_pairs << element
+            end
+          end
+
+          [simple_pairs, nested_pairs, table_array_pairs]
+        end
+
+        def dump_pairs(simple, nested, table_array, prefix = [])
+          # First add simple pairs, under the prefix
+          dump_simple_pairs simple
+          dump_nested_pairs nested, prefix
+          dump_table_array_pairs table_array, prefix
+        end
+
+        def dump_simple_pairs(simple_pairs)
+          simple_pairs.each do |key, val|
+            key = quote_key(key) unless bare_key? key
+            @toml_str << "#{key} = #{to_toml(val)}\n"
+          end
+        end
+
+        def dump_nested_pairs(nested_pairs, prefix)
+          nested_pairs.each do |key, val|
+            key = quote_key(key) unless bare_key? key
+
+            visit val, prefix + [key], false
+          end
+        end
+
+        def dump_table_array_pairs(table_array_pairs, prefix)
+          table_array_pairs.each do |key, val|
+            key = quote_key(key) unless bare_key? key
+            aux_prefix = prefix + [key]
+
+            val.each do |child|
+              print_prefix aux_prefix, true
+              args = sort_pairs(child) << aux_prefix
+
+              dump_pairs(*args)
+            end
+          end
+        end
+
+        def print_prefix(prefix, array = false)
+          new_prefix = prefix.join(".")
+          new_prefix = "[#{new_prefix}]" if array
+
+          @toml_str += "[#{new_prefix}]\n"
+        end
+
+        def to_toml(obj)
+          if obj.is_a?(Time) || obj.is_a?(DateTime)
+            obj.strftime("%Y-%m-%dT%H:%M:%SZ")
+          elsif obj.is_a?(Date)
+            obj.strftime("%Y-%m-%d")
+          elsif obj.is_a? Regexp
+            obj.inspect.inspect
+          elsif obj.is_a? String
+            obj.inspect.gsub(/\\(#[$@{])/, '\1')
+          else
+            obj.inspect
+          end
+        end
+
+        def bare_key?(key)
+          !!key.to_s.match(/^[a-zA-Z0-9_-]*$/)
+        end
+
+        def quote_key(key)
+          '"' + key.gsub('"', '\\"') + '"'
+        end
+      end
+    end
+  end
+end

data/lib/chef/dsl/universal.rb

@@ -22,6 +22,10 @@ require_relative "data_query"
 require_relative "chef_vault"
 require_relative "registry_helper"
 require_relative "powershell"
+require_relative "secret"
+require_relative "reader_helpers"
+require_relative "render_helpers"
+require_relative "toml"
 require_relative "../mixin/powershell_exec"
 require_relative "../mixin/powershell_out"
 require_relative "../mixin/shell_out"
@@ -47,6 +51,9 @@ class Chef
       include Chef::DSL::ChefVault
       include Chef::DSL::RegistryHelper
       include Chef::DSL::Powershell
+      include Chef::DSL::ReaderHelpers
+      include Chef::DSL::RenderHelpers
+      include Chef::DSL::Secret
       include Chef::Mixin::PowershellExec
       include Chef::Mixin::PowershellOut
       include Chef::Mixin::ShellOut

data/lib/chef/dsl.rb

@@ -4,3 +4,4 @@ require_relative "dsl/data_query"
 require_relative "dsl/include_recipe"
 require_relative "dsl/include_attribute"
 require_relative "dsl/registry_helper"
+require_relative "dsl/secret"

data/lib/chef/event_dispatch/base.rb

@@ -164,7 +164,7 @@ class Chef
       # Called when LWRPs are finished loading
       def lwrp_load_complete; end
 
-      # Called when an ohai plugin file loading starts
+      # Called when ohai plugin file loading starts
       def ohai_plugin_load_start(file_count); end
 
       # Called when an ohai plugin file has been loaded
@@ -173,9 +173,51 @@ class Chef
       # Called when an ohai plugin file has an error on load.
       def ohai_plugin_file_load_failed(path, exception); end
 
-      # Called when an ohai plugin file loading has finished
+      # Called when ohai plugin file loading has finished
       def ohai_plugin_load_complete; end
 
+      # Called when compliance file loading starts
+      def compliance_load_start; end
+
+      # Called when compliance file loading ends
+      def compliance_load_complete; end
+
+      # Called when compliance profile loading starts
+      def profiles_load_start; end
+
+      # Called when compliance profile loading end
+      def profiles_load_complete; end
+
+      # Called when compliance input loading starts
+      def inputs_load_start; end
+
+      # Called when compliance input loading end
+      def inputs_load_complete; end
+
+      # Called when compliance waiver loading starts
+      def waivers_load_start; end
+
+      # Called when compliance waiver loading end
+      def waivers_load_complete; end
+
+      # Called when a compliance profile is found in a cookbook by the cookbook_compiler
+      def compliance_profile_loaded(profile); end
+
+      # Called when a compliance waiver is found in a cookbook by the cookbook_compiler
+      def compliance_waiver_loaded(waiver); end
+
+      # Called when a compliance waiver is found in a cookbook by the cookbook_compiler
+      def compliance_input_loaded(input); end
+
+      # Called when a compliance profile is enabled (by include_profile)
+      def compliance_profile_enabled(profile); end
+
+      # Called when a compliance waiver is enabled (by include_waiver)
+      def compliance_waiver_enabled(waiver); end
+
+      # Called when a compliance input is enabled (by include_input)
+      def compliance_input_enabled(input); end
+
       # Called before attribute files are loaded
       def attribute_load_start(attribute_file_count); end
 

data/lib/chef/exceptions.rb

@@ -290,6 +290,26 @@ class Chef
 
     end
 
+    class Secret
+      class RetrievalError < RuntimeError; end
+      class ConfigurationInvalid < RuntimeError; end
+      class FetchFailed < RuntimeError; end
+      class MissingSecretName < RuntimeError; end
+      class InvalidSecretName < RuntimeError; end
+
+      class InvalidFetcherService < RuntimeError
+        def initialize(given, fetcher_service_names)
+          super("#{given} is not a supported secrets service.  Supported services are: :#{fetcher_service_names.join(" :")}")
+        end
+      end
+
+      class MissingFetcher < RuntimeError
+        def initialize(fetcher_service_names)
+          super("No secret service provided. Supported services are: :#{fetcher_service_names.join(" :")}")
+        end
+      end
+    end
+
     # Exception class for collecting multiple failures. Used when running
     # delayed notifications so that chef can process each delayed
     # notification even if chef client or other notifications fail.

data/lib/chef/formatters/doc.rb

@@ -41,10 +41,11 @@ class Chef
       end
 
       def run_start(version, run_status)
-        puts_line "Starting #{ChefUtils::Dist::Infra::PRODUCT}, version #{version}"
+        puts_line "#{ChefUtils::Dist::Infra::PRODUCT}, version #{version}"
         puts_line "Patents: #{ChefUtils::Dist::Org::PATENTS}"
-        puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode?
         puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips]
+        puts_line "Infra Phase starting"
+        puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode?
       end
 
       def total_resources
@@ -79,18 +80,18 @@ class Chef
           puts_line ""
         end
         if Chef::Config[:why_run]
-          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources would have been updated"
+          puts_line "Infra Phase complete, #{@updated_resources}/#{total_resources} resources would have been updated"
         else
-          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources}/#{total_resources} resources updated in #{pretty_elapsed_time}"
+          puts_line "Infra Phase complete, #{@updated_resources}/#{total_resources} resources updated in #{pretty_elapsed_time}"
         end
       end
 
       def run_failed(exception)
         @end_time = Time.now
         if Chef::Config[:why_run]
-          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources} resources would have been updated"
+          puts_line "Infra Phase failed. #{@updated_resources} resources would have been updated"
         else
-          puts_line "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources} resources updated in #{pretty_elapsed_time}"
+          puts_line "Infra Phase failed. #{@updated_resources} resources updated in #{pretty_elapsed_time}"
         end
       end
 
@@ -119,12 +120,12 @@ class Chef
       def node_load_completed(node, expanded_run_list, config); end
 
       def policyfile_loaded(policy)
-        puts_line "Using policy '#{policy["name"]}' at revision '#{policy["revision_id"]}'"
+        puts_line "Using Policyfile '#{policy["name"]}' at revision '#{policy["revision_id"]}'"
       end
 
       # Called before the cookbook collection is fetched from the server.
       def cookbook_resolution_start(expanded_run_list)
-        puts_line "resolving cookbooks for run list: #{expanded_run_list.inspect}"
+        puts_line "Resolving cookbooks for run list: #{expanded_run_list.inspect}"
       end
 
       # Called when there is an error getting the cookbook collection from the
@@ -149,7 +150,7 @@ class Chef
 
       # Called before cookbook sync starts
       def cookbook_sync_start(cookbook_count)
-        puts_line "Synchronizing Cookbooks:"
+        puts_line "Synchronizing cookbooks:"
         indent
       end
 
@@ -168,7 +169,7 @@ class Chef
 
       # Called when starting to collect gems from the cookbooks
       def cookbook_gem_start(gems)
-        puts_line "Installing Cookbook Gems:"
+        puts_line "Installing cookbook gem dependencies:"
         indent
       end
 
@@ -194,7 +195,7 @@ class Chef
 
       # Called when cookbook loading starts.
       def library_load_start(file_count)
-        puts_line "Compiling Cookbooks..."
+        puts_line "Compiling cookbooks..."
       end
 
       # Called after a file in a cookbook is loaded.
@@ -280,7 +281,7 @@ class Chef
       end
 
       def resource_bypassed(resource, action, provider)
-        puts " (Skipped: whyrun not supported by provider #{provider.class.name})", stream: resource
+        puts " (Skipped: Why-Run not supported by provider #{provider.class.name})", stream: resource
         unindent
       end
 
@@ -317,7 +318,7 @@ class Chef
       # Called when resource current state load is skipped due to the provider
       # not supporting whyrun mode.
       def resource_current_state_load_bypassed(resource, action, current_resource)
-        puts_line("* Whyrun not supported for #{resource}, bypassing load.", :yellow)
+        puts_line("* Why-Run not supported for #{resource}, bypassing load.", :yellow)
       end
 
       def stream_output(stream, output, options = {})
@@ -362,6 +363,52 @@ class Chef
         end
       end
 
+      # Called when compliance profile loading starts
+      def profiles_load_start
+        puts_line("Loading #{Inspec::Dist::PRODUCT_NAME} profile files:")
+      end
+
+      # Called when compliance input loading starts
+      def inputs_load_start
+        puts_line("Loading #{Inspec::Dist::PRODUCT_NAME} input files:")
+      end
+
+      # Called when compliance waiver loading starts
+      def waivers_load_start
+        puts_line("Loading #{Inspec::Dist::PRODUCT_NAME} waiver files:")
+      end
+
+      # Called when a compliance profile is found in a cookbook by the cookbook_compiler
+      def compliance_profile_loaded(profile)
+        start_line("  - #{profile.cookbook_name}::#{profile.pathname}", :cyan)
+        puts " (#{profile.version})", :cyan if profile.version
+      end
+
+      # Called when a compliance waiver is found in a cookbook by the cookbook_compiler
+      def compliance_input_loaded(input)
+        puts_line("  - #{input.cookbook_name}::#{input.pathname}", :cyan)
+      end
+
+      # Called when a compliance waiver is found in a cookbook by the cookbook_compiler
+      def compliance_waiver_loaded(waiver)
+        puts_line("  - #{waiver.cookbook_name}::#{waiver.pathname}", :cyan)
+      end
+
+      # Called when a compliance profile is enabled (by include_profile)
+      def compliance_profile_enabled(profile)
+        # puts_line("  * FIXME", :cyan)
+      end
+
+      # Called when a compliance waiver is enabled (by include_waiver)
+      def compliance_waiver_enabled(waiver)
+        # puts_line("  * FIXME", :cyan)
+      end
+
+      # Called when a compliance input is enabled (by include_input)
+      def compliance_input_enabled(input)
+        # puts_line("  * FIXME", :cyan)
+      end
+
       # (see Base#deprecation)
       def deprecation(deprecation, _location = nil)
         if Chef::Config[:treat_deprecation_warnings_as_errors]

data/lib/chef/formatters/error_mapper.rb

@@ -27,7 +27,7 @@ class Chef
       # Failed to register this client with the server.
       def self.registration_failed(node_name, exception, config)
         error_inspector = ErrorInspectors::RegistrationErrorInspector.new(node_name, exception, config)
-        headline = "Chef encountered an error attempting to create the client \"#{node_name}\""
+        headline = "Chef Infra Client encountered an error attempting to create the client \"#{node_name}\""
         description = ErrorDescription.new(headline)
         error_inspector.add_explanation(description)
         description
@@ -35,7 +35,7 @@ class Chef
 
       def self.node_load_failed(node_name, exception, config)
         error_inspector = ErrorInspectors::NodeLoadErrorInspector.new(node_name, exception, config)
-        headline = "Chef encountered an error attempting to load the node data for \"#{node_name}\""
+        headline = "Chef Infra Client encountered an error attempting to load the node data for \"#{node_name}\""
         description = ErrorDescription.new(headline)
         error_inspector.add_explanation(description)
         description

data/lib/chef/formatters/minimal.rb

@@ -28,20 +28,21 @@ class Chef
 
       # Called at the very start of a Chef Run
       def run_start(version, run_status)
-        puts_line "Starting #{ChefUtils::Dist::Infra::PRODUCT}, version #{version}"
+        puts_line "#{ChefUtils::Dist::Infra::PRODUCT}, version #{version}"
         puts_line "Patents: #{ChefUtils::Dist::Org::PATENTS}"
-        puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode?
         puts_line "OpenSSL FIPS 140 mode enabled" if Chef::Config[:fips]
+        puts_line "Infra Phase starting"
+        puts_line "Targeting node: #{Chef::Config.target_mode.host}" if Chef::Config.target_mode?
       end
 
       # Called at the end of the Chef run.
       def run_completed(node)
-        puts "#{ChefUtils::Dist::Infra::PRODUCT} finished, #{@updated_resources.size} resources updated"
+        puts "Infra phase complete, #{@updated_resources.size} resources updated"
       end
 
       # called at the end of a failed run
       def run_failed(exception)
-        puts "#{ChefUtils::Dist::Infra::PRODUCT} failed. #{@updated_resources.size} resources updated"
+        puts "Infra phase failed. #{@updated_resources.size} resources updated"
       end
 
       # Called right after ohai runs.
@@ -71,7 +72,7 @@ class Chef
 
       # Called before the cookbook collection is fetched from the server.
       def cookbook_resolution_start(expanded_run_list)
-        puts "resolving cookbooks for run list: #{expanded_run_list.inspect}"
+        puts "Resolving cookbooks for run list: #{expanded_run_list.inspect}"
       end
 
       # Called when there is an error getting the cookbook collection from the

data/lib/chef/handler/slow_report.rb

@@ -59,7 +59,7 @@ class Chef
 
       def stripped_source_line(resource)
         # strip the leading path off of the source line
-        resource.source_line.gsub(%r{.*/cookbooks/}, "").gsub(%r{.*/chef-[0-9\.]+/}, "")
+        resource.source_line&.gsub(%r{.*/cookbooks/}, "")&.gsub(%r{.*/chef-[0-9\.]+/}, "")
       end
     end
   end

data/lib/chef/http/basic_client.rb

@@ -36,16 +36,18 @@ class Chef
       attr_reader :url
       attr_reader :ssl_policy
       attr_reader :keepalives
+      attr_reader :nethttp_opts
 
       # Instantiate a BasicClient.
       # === Arguments:
       # url:: An URI for the remote server.
       # === Options:
       # ssl_policy:: The SSL Policy to use, defaults to DefaultSSLPolicy
-      def initialize(url, opts = {})
+      def initialize(url, ssl_policy: DefaultSSLPolicy, keepalives: false, nethttp_opts: {})
         @url = url
-        @ssl_policy = opts[:ssl_policy] || DefaultSSLPolicy
-        @keepalives = opts[:keepalives] || false
+        @ssl_policy = ssl_policy
+        @keepalives = keepalives
+        @nethttp_opts = ChefUtils::Mash.new(nethttp_opts)
       end
 
       def http_client
@@ -118,8 +120,14 @@ class Chef
           configure_ssl(http_client)
         end
 
-        http_client.read_timeout = config[:rest_timeout]
-        http_client.open_timeout = config[:rest_timeout]
+        opts = nethttp_opts.dup
+        opts["read_timeout"] ||= config[:rest_timeout]
+        opts["open_timeout"] ||= config[:rest_timeout]
+
+        opts.each do |key, value|
+          http_client.send(:"#{key}=", value)
+        end
+
         if keepalives
           http_client.start
         else
@@ -142,11 +150,11 @@ class Chef
       end
 
       def http_proxy_user(proxy_uri)
-        proxy_uri.user || Chef::Config["#{proxy_uri.scheme}_proxy_user"]
+        proxy_uri.user || config["#{proxy_uri.scheme}_proxy_user"]
       end
 
       def http_proxy_pass(proxy_uri)
-        proxy_uri.password || Chef::Config["#{proxy_uri.scheme}_proxy_pass"]
+        proxy_uri.password || config["#{proxy_uri.scheme}_proxy_pass"]
       end
 
       def configure_ssl(http_client)

data/lib/chef/http.rb

@@ -82,6 +82,9 @@ class Chef
     # [Boolean] if we're doing keepalives or not
     attr_reader :keepalives
 
+    # @returns [Hash] options for Net::HTTP to be sent to setters on the object
+    attr_reader :nethttp_opts
+
     # Create a HTTP client object. The supplied +url+ is used as the base for
     # all subsequent requests. For example, when initialized with a base url
     # http://localhost:4000, a call to +get+ with 'nodes' will make an
@@ -94,6 +97,7 @@ class Chef
       @redirect_limit = 10
       @keepalives = options[:keepalives] || false
       @options = options
+      @nethttp_opts = options[:nethttp] || {}
 
       @middlewares = []
       self.class.middlewares.each do |middleware_class|
@@ -311,7 +315,7 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
+        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives, nethttp_opts: nethttp_opts)
       end
     end
 
@@ -423,7 +427,7 @@ class Chef
           if response.is_a?(Net::HTTPServerError) && !Chef::Config.local_mode
             if http_retry_count - http_attempts >= 0
               sleep_time = 1 + (2**http_attempts) + rand(2**http_attempts)
-              Chef::Log.error("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s")
+              Chef::Log.warn("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s") # Updated from error to warn
               sleep(sleep_time)
               redo
             end
@@ -432,7 +436,7 @@ class Chef
         end
       rescue SocketError, Errno::ETIMEDOUT, Errno::ECONNRESET => e
         if http_retry_count - http_attempts >= 0
-          Chef::Log.error("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
+          Chef::Log.warn("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
           sleep(http_retry_delay)
           retry
         end
@@ -440,21 +444,21 @@ class Chef
         raise e
       rescue Errno::ECONNREFUSED
         if http_retry_count - http_attempts >= 0
-          Chef::Log.error("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
+          Chef::Log.warn("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
           sleep(http_retry_delay)
           retry
         end
         raise Errno::ECONNREFUSED, "Connection refused connecting to #{url}, giving up"
       rescue Timeout::Error
         if http_retry_count - http_attempts >= 0
-          Chef::Log.error("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
+          Chef::Log.warn("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
           sleep(http_retry_delay)
           retry
         end
         raise Timeout::Error, "Timeout connecting to #{url}, giving up"
       rescue OpenSSL::SSL::SSLError => e
         if (http_retry_count - http_attempts >= 0) && !e.message.include?("certificate verify failed")
-          Chef::Log.error("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}")
+          Chef::Log.warn("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
           sleep(http_retry_delay)
           retry
         end
@@ -468,12 +472,12 @@ class Chef
 
     # @api private
     def http_retry_delay
-      config[:http_retry_delay]
+      options[:http_retry_delay] || config[:http_retry_delay]
     end
 
     # @api private
     def http_retry_count
-      config[:http_retry_count]
+      options[:http_retry_count] || config[:http_retry_count]
     end
 
     # @api private

data/lib/chef/json_compat.rb

@@ -25,7 +25,7 @@ require "json" unless defined?(JSON)
 class Chef
   class JSONCompat
 
-    class <<self
+    class << self
 
       def parse(source, opts = {})
         FFI_Yajl::Parser.parse(source, opts)