chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

data/lib/chef/policy_builder/policyfile.rb

@@ -32,14 +32,8 @@ class Chef
     # Policyfile is a policy builder implementation that gets run
     # list and cookbook version information from a single document.
     #
-    # == Unsupported Options:
-    # * override_runlist:: This could potentially be integrated into the
-    # policyfile, or replaced with a similar feature that has different
-    # semantics.
-    # * specific_recipes:: put more design thought into this use case.
-    # * run_list in json_attribs:: would be ignored anyway, so it raises an error.
-    # * chef-solo:: not currently supported. Need more design thought around
-    # how this should work.
+    # Does not support legacy chef-solo or roles/environments.
+    #
     class Policyfile
 
       class UnsupportedFeature < StandardError; end
@@ -81,10 +75,12 @@ class Chef
       attr_reader :ohai_data
       attr_reader :json_attribs
       attr_reader :run_context
+      attr_reader :override_runlist
 
       def initialize(node_name, ohai_data, json_attribs, override_runlist, events)
         @node_name = node_name
         @ohai_data = ohai_data
+        @override_runlist = override_runlist
         @json_attribs = json_attribs
         @events = events
 
@@ -94,32 +90,11 @@ class Chef
           raise UnsupportedFeature, "Policyfile does not support chef-solo. Use #{ChefUtils::Dist::Infra::CLIENT} local mode instead."
         end
 
-        if override_runlist
-          raise UnsupportedFeature, "Policyfile does not support override run lists. Use named run_lists instead."
-        end
-
-        if json_attribs && json_attribs.key?("run_list")
-          raise UnsupportedFeature, "Policyfile does not support setting the run_list in json data."
-        end
-
         if Chef::Config[:environment] && !Chef::Config[:environment].chomp.empty?
           raise UnsupportedFeature, "Policyfile does not work with an Environment configured."
         end
       end
 
-      ## API Compat ##
-      # Methods related to unsupported features
-
-      # Override run_list is not supported.
-      def original_runlist
-        nil
-      end
-
-      # Override run_list is not supported.
-      def override_runlist
-        nil
-      end
-
       # Policyfile gives you the run_list already expanded, but users of this
       # class may expect to get a run_list expansion compatible object by
       # calling this method.
@@ -148,17 +123,27 @@ class Chef
         # consume_external_attrs may add items to the run_list. Save the
         # expanded run_list, which we will pass to the server later to
         # determine which versions of cookbooks to use.
+
+        unless Chef::Config[:policy_document_native_api]
+          Chef.deprecated(:policyfile_compat_mode, "The chef-server 11 policyfile compat mode is deprecated, please set policy_document_native_api to true in your config")
+        end
+
         node.reset_defaults_and_overrides
 
         node.consume_external_attrs(ohai_data, json_attribs)
 
+        setup_run_list_override
+
         expand_run_list
         apply_policyfile_attributes
 
+        if persistent_run_list_set?
+          Chef::Log.warn("The node.run_list setting is overriding the Policyfile run_list")
+        end
         Chef::Log.info("Run List is [#{run_list}]")
-        Chef::Log.info("Run List expands to [#{run_list_with_versions_for_display.join(", ")}]")
+        Chef::Log.info("Run List expands to [#{run_list_with_versions_for_display(run_list).join(", ")}]")
 
-        events.node_load_completed(node, run_list_with_versions_for_display, Chef::Config)
+        events.node_load_completed(node, run_list_with_versions_for_display(run_list), Chef::Config)
         events.run_list_expanded(run_list_expansion_ish)
 
         # we must do this after `node.consume_external_attrs`
@@ -194,6 +179,11 @@ class Chef
         events.cookbook_compilation_start(run_context)
 
         run_context.load(run_list_expansion_ish)
+        if specific_recipes
+          specific_recipes.each do |recipe_file|
+            run_context.load_recipe_file(recipe_file)
+          end
+        end
 
         events.cookbook_compilation_complete(run_context)
 
@@ -206,7 +196,7 @@ class Chef
       #
       # @return [RunListExpansionIsh] A RunListExpansion duck-type.
       def expand_run_list
-        CookbookCacheCleaner.instance.skip_removal = true if named_run_list_requested?
+        validate_run_list!(run_list)
 
         node.run_list(run_list)
         node.automatic_attrs[:policy_revision] = revision_id
@@ -231,21 +221,25 @@ class Chef
         cookbooks_to_sync
       end
 
-      # Whether or not this is a temporary policy. Since PolicyBuilder doesn't
-      # support override_runlist, this is always false.
+      ## Internal Public API ##
+
+      # @api private
       #
-      # @return [false]
-      def temporary_policy?
-        false
+      # Validate run_list against policyfile cookbooks
+      #
+      def validate_run_list!(run_list)
+        run_list.map do |recipe_spec|
+          cookbook, recipe = parse_recipe_spec(recipe_spec)
+          lock_data = cookbook_lock_for(cookbook)
+          raise PolicyfileError, "invalid run_list item '#{recipe_spec}' not in cookbook set of PolicyFile #{policyfile_location}" unless lock_data
+        end
       end
 
-      ## Internal Public API ##
-
       # @api private
       #
       # Generates an array of strings with recipe names including version and
       # identifier info.
-      def run_list_with_versions_for_display
+      def run_list_with_versions_for_display(run_list)
         run_list.map do |recipe_spec|
           cookbook, recipe = parse_recipe_spec(recipe_spec)
           lock_data = cookbook_lock_for(cookbook)
@@ -287,9 +281,14 @@ class Chef
 
       # @api private
       def parse_recipe_spec(recipe_spec)
-        rmatch = recipe_spec.match(/recipe\[([^:]+)::([^:]+)\]/)
+        rmatch = recipe_spec.to_s.match(/recipe\[([^:]+)::([^:]+)\]/)
         if rmatch.nil?
-          raise PolicyfileError, "invalid recipe specification #{recipe_spec} in Policyfile from #{policyfile_location}"
+          rmatch = recipe_spec.to_s.match(/recipe\[([^:]+)\]/)
+          if rmatch.nil?
+            raise PolicyfileError, "invalid recipe specification #{recipe_spec} in Policyfile from #{policyfile_location}"
+          else
+            [rmatch[1], "default"]
+          end
         else
           [rmatch[1], rmatch[2]]
         end
@@ -301,8 +300,15 @@ class Chef
       end
 
       # @api private
+      # @return [Array<String>]
       def run_list
-        if named_run_list_requested?
+        return override_runlist.map(&:to_s) if override_runlist
+
+        if json_attribs["run_list"]
+          json_attribs["run_list"]
+        elsif persistent_run_list_set?
+          node.run_list
+        elsif named_run_list_requested?
           named_run_list || raise(ConfigurationError,
             "Policy '#{retrieved_policy_name}' revision '#{revision_id}' does not have named_run_list '#{named_run_list_name}'" +
             "(available named_run_lists: [#{available_named_run_lists.join(", ")}])")
@@ -458,7 +464,7 @@ class Chef
       # should be reduced to a single call.
       def cookbooks_to_sync
         @cookbook_to_sync ||= begin
-          events.cookbook_resolution_start(run_list_with_versions_for_display)
+          events.cookbook_resolution_start(run_list_with_versions_for_display(run_list))
 
           cookbook_versions_by_name = cookbook_locks.inject({}) do |cb_map, (name, lock_data)|
             cb_map[name] = manifest_for(name, lock_data)
@@ -470,7 +476,7 @@ class Chef
         end
       rescue Exception => e
         # TODO: wrap/munge exception to provide helpful error output
-        events.cookbook_resolution_failed(run_list_with_versions_for_display, e)
+        events.cookbook_resolution_failed(run_list_with_versions_for_display(run_list), e)
         raise
       end
 
@@ -509,6 +515,13 @@ class Chef
         Chef::Config
       end
 
+      # Indicates whether the policy is temporary, which means an
+      # override_runlist was provided. Chef::Client uses this to decide whether
+      # to do the final node save at the end of the run or not.
+      def temporary_policy?
+        node.override_runlist_set?
+      end
+
       private
 
       # This method injects the run_context and into the Chef class.
@@ -533,6 +546,10 @@ class Chef
         (policy["named_run_lists"] || {}).keys
       end
 
+      def persistent_run_list_set?
+        Chef::Config[:policy_persist_run_list] && node.run_list && !node.run_list.empty?
+      end
+
       def named_run_list_requested?
         !!Chef::Config[:named_run_list]
       end
@@ -567,6 +584,32 @@ class Chef
         Chef::CookbookVersion.from_cb_artifact_data(raw_manifest)
       end
 
+      def setup_run_list_override
+        unless override_runlist.nil?
+          runlist_override_sanity_check!
+          node.override_runlist = override_runlist
+          Chef::Log.warn "Run List override has been provided."
+          Chef::Log.warn "Original Run List: [#{node.primary_runlist}]"
+          Chef::Log.warn "Overridden Run List: [#{node.run_list}]"
+        end
+      end
+
+      # Ensures runlist override contains RunListItem instances
+      def runlist_override_sanity_check!
+        # Convert to array and remove whitespace
+        if override_runlist.is_a?(String)
+          @override_runlist = override_runlist.split(",").map(&:strip)
+        end
+        @override_runlist = [override_runlist].flatten.compact
+        override_runlist.map! do |item|
+          if item.is_a?(Chef::RunList::RunListItem)
+            item
+          else
+            Chef::RunList::RunListItem.new(item)
+          end
+        end
+      end
+
     end
   end
 end

data/lib/chef/provider/execute.rb

@@ -41,7 +41,7 @@ class Chef
         end
       end
 
-      action :run do
+      action :run, description: "Run a command." do
         if creates && sentinel_file.exist?
           logger.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do")
           return false

data/lib/chef/provider/file.rb

@@ -27,6 +27,8 @@ require_relative "../scan_access_control"
 require_relative "../mixin/checksum"
 require_relative "../mixin/file_class"
 require_relative "../mixin/enforce_ownership_and_permissions"
+require_relative "../resource/file/verification/json"
+require_relative "../resource/file/verification/yaml"
 require_relative "../util/backup"
 require_relative "../util/diff"
 require_relative "../util/selinux"
@@ -157,7 +159,7 @@ class Chef
       end
 
       action :delete do
-        if ::File.exists?(new_resource.path)
+        if ::File.exist?(new_resource.path)
           converge_by("delete file #{new_resource.path}") do
             do_backup unless file_class.symlink?(new_resource.path)
             ::File.delete(new_resource.path)
@@ -393,7 +395,7 @@ class Chef
         # a nil tempfile is okay, means the resource has no content or no new content
         return if tempfile.nil?
         # but a tempfile that has no path or doesn't exist should not happen
-        if tempfile.path.nil? || !::File.exists?(tempfile.path)
+        if tempfile.path.nil? || !::File.exist?(tempfile.path)
           raise "#{ChefUtils::Dist::Infra::CLIENT} is confused, trying to deploy a file that has no path or does not exist..."
         end
 

data/lib/chef/provider/group/dscl.rb

@@ -158,7 +158,7 @@ class Chef
           if new_resource.group_name && (current_resource.group_name != new_resource.group_name)
             dscl_create_group
           end
-          if new_resource.gid && (current_resource.gid != new_resource.gid)
+          if new_resource.gid && (current_resource.gid != new_resource.gid.to_s)
             set_gid
           end
           if new_resource.members || new_resource.excluded_members

data/lib/chef/provider/launchd.rb

@@ -43,22 +43,22 @@ class Chef
         types[type]
       end
 
-      action :create do
+      action :create, description: "Create a launchd property list." do
         manage_plist(:create)
       end
 
-      action :create_if_missing do
+      action :create_if_missing, description: "Create a launchd property list, if it does not already exist." do
         manage_plist(:create_if_missing)
       end
 
-      action :delete do
+      action :delete, description: "Delete a launchd property list. This will unload a daemon or agent, if loaded." do
         if ::File.exists?(path)
           manage_service(:disable)
         end
         manage_plist(:delete)
       end
 
-      action :enable do
+      action :enable, description: "Create a launchd property list, and then ensure that it is enabled. If a launchd property list already exists, but does not match, updates the property list to match, and then restarts the daemon or agent." do
         manage_service(:nothing)
         manage_plist(:create) do
           notifies :restart, "macosx_service[#{label}]", :immediately
@@ -66,13 +66,13 @@ class Chef
         manage_service(:enable)
       end
 
-      action :disable do
+      action :disable, description: "Disable a launchd property list." do
         return unless ::File.exist?(path)
 
         manage_service(:disable)
       end
 
-      action :restart do
+      action :restart, description: "Restart a launchd managed daemon or agent." do
         manage_service(:restart)
       end
 

data/lib/chef/provider/link.rb

@@ -43,8 +43,8 @@ class Chef
           )
         else
           current_resource.link_type(:hard)
-          if ::File.exists?(current_resource.target_file)
-            if ::File.exists?(new_resource.to) &&
+          if ::File.exist?(current_resource.target_file)
+            if ::File.exist?(new_resource.to) &&
                 file_class.stat(current_resource.target_file).ino ==
                     file_class.stat(new_resource.to).ino
               current_resource.to(canonicalize(new_resource.to))

data/lib/chef/provider/lwrp_base.rb

@@ -45,7 +45,7 @@ class Chef
       def load_current_resource; end
 
       # class methods
-      class <<self
+      class << self
         include Chef::Mixin::ConvertToClassName
         include Chef::Mixin::FromFile
 

data/lib/chef/provider/package/habitat.rb

@@ -0,0 +1,168 @@
+#
+# Copyright:: Chef Software Inc.
+#
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../../http/simple"
+require_relative "../../json_compat"
+require_relative "../../exceptions"
+require_relative "../package"
+# Bring in needed shared methods
+
+class Chef
+  class Provider
+    class Package
+      class Habitat < Chef::Provider::Package
+        use_multipackage_api
+        use "../../resource/habitat/habitat_shared"
+        provides :habitat_package
+
+        def load_current_resource
+          @current_resource = Chef::Resource::HabitatPackage.new(new_resource.name)
+          current_resource.package_name(strip_version(new_resource.package_name))
+
+          @candidate_version = candidate_versions
+          current_resource.version(current_versions)
+
+          current_resource
+        end
+
+        def install_package(names, versions)
+          names.zip(versions).map do |n, v|
+            opts = ["pkg", "install", "--channel", new_resource.channel, "--url", new_resource.bldr_url]
+            opts += ["--auth", new_resource.auth_token] if new_resource.auth_token
+            opts += ["#{strip_version(n)}/#{v}", new_resource.options]
+            opts += ["--binlink"] if new_resource.binlink
+            opts += ["--force"] if new_resource.binlink.eql? :force
+            hab(opts)
+          end
+        end
+
+        alias_method :upgrade_package, :install_package
+
+        def remove_package(names, versions)
+          # raise 'It is too dangerous to :remove packages with the habitat_package resource right now. This functionality should be deferred to the hab cli.'
+          names.zip(versions).map do |n, v|
+            opts = %w{pkg uninstall}
+            opts += ["--keep-latest", new_resource.keep_latest ] if new_resource.keep_latest
+            opts += ["#{strip_version(n).chomp("/")}#{v}", new_resource.options]
+            opts += ["--exclude"] if new_resource.exclude
+            opts += ["--no-deps"] if new_resource.no_deps
+            hab(opts)
+            # action :remove
+          end
+        end
+
+        alias_method :purge_package, :remove_package
+
+        private
+
+        def validate_name!(name)
+          raise ArgumentError, "package name must be specified as 'origin/name', use the 'version' property to specify a version" unless name.squeeze("/").count("/") < 2
+        end
+
+        def strip_version(name)
+          validate_name!(name)
+          n = name.squeeze("/").chomp("/").sub(%r{^\/}, "")
+          n = n[0..(n.rindex("/") - 1)] while n.count("/") >= 2
+          n
+        end
+
+        def platform_target
+          if windows?
+            "target=x86_64-windows"
+          elsif node["kernel"]["release"].to_i < 3
+            "target=x86_64-linux-kernel2"
+          else
+            ""
+          end
+        end
+
+        def depot_package(name, version = nil)
+          @depot_package ||= {}
+          @depot_package[name] ||=
+            begin
+              origin, pkg_name = name.split("/")
+              name_version = [pkg_name, version].compact.join("/").squeeze("/").chomp("/").sub(%r{^\/}, "")
+              url = if new_resource.bldr_url.include?("/v1/")
+                      "#{new_resource.bldr_url.chomp("/")}/depot/channels/#{origin}/#{new_resource.channel}/pkgs/#{name_version}"
+                    else
+                      "#{new_resource.bldr_url.chomp("/")}/v1/depot/channels/#{origin}/#{new_resource.channel}/pkgs/#{name_version}"
+                    end
+              url << "/latest" unless name_version.count("/") >= 2
+              url << "?#{platform_target}" unless platform_target.empty?
+
+              headers = {}
+              headers["Authorization"] = "Bearer #{new_resource.auth_token}" if new_resource.auth_token
+
+              Chef::JSONCompat.parse(http.get(url, headers))
+            rescue Net::HTTPServerException
+              nil
+            end
+        end
+
+        def package_version(name, version = nil)
+          p = depot_package(name, version)
+          "#{p["ident"]["version"]}/#{p["ident"]["release"]}" unless p.nil?
+        end
+
+        def http
+          # FIXME: use SimpleJSON when the depot mime-type is fixed
+          @http ||= Chef::HTTP::Simple.new(new_resource.bldr_url.to_s)
+        end
+
+        def candidate_versions
+          package_name_array.zip(new_version_array).map do |n, v|
+            package_version(n, v)
+          end
+        end
+
+        def current_versions
+          package_name_array.map do |n|
+            installed_version(n)
+          end
+        end
+
+        def installed_version(ident)
+          hab("pkg", "path", ident).stdout.chomp.split(windows? ? "\\" : "/")[-2..-1].join("/")
+        rescue Mixlib::ShellOut::ShellCommandFailed
+          nil
+        end
+
+        # This is used by the superclass Chef::Provider::Package
+        def version_requirement_satisfied?(current_version, new_version)
+          return false if new_version.nil? || current_version.nil?
+
+          nv_parts = new_version.squeeze("/").split("/")
+
+          if nv_parts.count < 2
+            current_version.squeeze("/").split("/")[0] == new_version.squeeze("/")
+          else
+            current_version.squeeze("/") == new_resource.version.squeeze("/")
+          end
+        end
+
+        # This is used by the superclass Chef::Provider::Package
+        def version_compare(v1, v2)
+          require "mixlib/versioning" unless defined?(Mixlib::Versioning)
+          # Convert the package version (X.Y.Z/DATE) into a version that Mixlib::Versioning understands (X.Y.Z+DATE)
+          hab_v1 = Mixlib::Versioning.parse(v1.tr("/", "+"))
+          hab_v2 = Mixlib::Versioning.parse(v2.tr("/", "+"))
+          hab_v1 <=> hab_v2
+        end
+      end
+    end
+  end
+end

data/lib/chef/provider/package/powershell.rb

@@ -124,6 +124,11 @@ class Chef
           command.push("-RequiredVersion #{version}") if version
           command.push("-Source #{new_resource.source}") if new_resource.source && cmdlet_name =~ Regexp.union(/Install-Package/, /Find-Package/)
           command.push("-SkipPublisherCheck") if new_resource.skip_publisher_check && cmdlet_name !~ /Find-Package/
+          if new_resource.options && cmdlet_name !~ Regexp.union(/Get-Package/, /Find-Package/)
+            new_resource.options.each do |arg|
+              command.push(arg) unless command.include?(arg)
+            end
+          end
           command.push(").Version")
           command.join(" ")
         end

data/lib/chef/provider/registry_key.rb

@@ -19,7 +19,7 @@
 
 require_relative "../config"
 require_relative "../log"
-require_relative "../resource/file"
+require_relative "../resource/registry_key"
 require_relative "../mixin/checksum"
 require_relative "../provider"
 require "etc" unless defined?(Etc)
@@ -50,7 +50,8 @@ class Chef
         current_resource.architecture(new_resource.architecture)
         current_resource.recursive(new_resource.recursive)
         if registry.key_exists?(new_resource.key)
-          current_resource.values(registry.get_values(new_resource.key))
+          current_registry_values = registry.get_values(new_resource.key) || []
+          current_resource.values(current_registry_values)
         end
         values_to_hash(current_resource.unscrubbed_values)
         current_resource

data/lib/chef/provider/remote_file/http.rb

@@ -137,7 +137,7 @@ class Chef
           if new_resource.ssl_verify_mode
             opts[:ssl_verify_mode] = new_resource.ssl_verify_mode
           end
-          opts
+          opts.merge(new_resource.http_options)
         end
 
       end

data/lib/chef/provider/subversion.rb

@@ -55,7 +55,7 @@ class Chef
         end
       end
 
-      action :checkout do
+      action :checkout, description: "Clone or check out the source. When a checkout is available, this provider does nothing." do
         if target_dir_non_existent_or_empty?
           converge_by("perform checkout of #{new_resource.repository} into #{new_resource.destination}") do
             shell_out!(checkout_command, run_options)
@@ -65,7 +65,7 @@ class Chef
         end
       end
 
-      action :export do
+      action :export, description: "Export the source, excluding or removing any version control artifacts." do
         if target_dir_non_existent_or_empty?
           action_force_export
         else
@@ -73,13 +73,13 @@ class Chef
         end
       end
 
-      action :force_export do
+      action :force_export, description: "Export the source, excluding or removing any version control artifacts and force an export of the source that is overwriting the existing copy (if it exists)." do
         converge_by("export #{new_resource.repository} into #{new_resource.destination}") do
           shell_out!(export_command, run_options)
         end
       end
 
-      action :sync do
+      action :sync, description: "Update the source to the specified version, or get a new clone or checkout. This action causes a hard reset of the index and working tree, discarding any uncommitted changes." do
         assert_target_directory_valid!
         if ::File.exist?(::File.join(new_resource.destination, ".svn"))
           current_rev = find_current_revision

data/lib/chef/provider/support/yum_repo.erb

@@ -1,4 +1,4 @@
-# This file was generated by Chef
+# This file was generated by Chef Infra
 # Do NOT modify this file by hand.
 
 [<%= @config.repositoryid %>]