chef 17.2.29 → 17.3.48

data/spec/unit/provider/apt_update_spec.rb

@@ -75,7 +75,9 @@ describe "Chef::Provider::AptUpdate" do
 
   describe "#action_periodic" do
     before do
-      allow(File).to receive(:exist?)
+      allow(File).to receive(:exist?).with(config_file).and_return(true)
+      allow(File).to receive(:exist?).with(config_dir).and_return(true)
+      allow(File).to receive(:exist?).with(stamp_dir).and_return(true)
       allow(File).to receive(:exist?).with(Dir.tmpdir).and_return(true)
       expect(File).to receive(:exist?).with("#{stamp_dir}/update-success-stamp").and_return(true)
     end

data/spec/unit/provider/mount/aix_spec.rb

@@ -202,7 +202,7 @@ describe Chef::Provider::Mount::Aix do
     it "should enable mount if it is mounted and not enabled" do
       @new_resource.options("nodev,rw")
       stub_mounted_enabled(@provider, @mounted_output, "")
-      # Add existing mount to test enable action appends additional mount with seperating blank line
+      # Add existing mount to test enable action appends additional mount with separating blank line
       filesystems = StringIO.new
       filesystems.puts <<~ETCFILESYSTEMS
         /tmp/abc:

data/spec/unit/provider/package/powershell_spec.rb

@@ -105,6 +105,10 @@ describe Chef::Provider::Package::Powershell, :windows_only, :windows_gte_10 do
   let(:generated_install_cmdlet) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue ).Version" }
   let(:generated_install_cmdlet_with_version) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -RequiredVersion 1.0.0.0 ).Version" }
   let(:generated_install_cmdlet_with_source) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -Source MyGallery ).Version" }
+  let(:generated_install_cmdlet_with_options) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -AcceptLicense -Verbose ).Version" }
+  let(:generated_install_cmdlet_with_version_and_options) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -RequiredVersion 1.0.0.0 -AcceptLicense -Verbose ).Version" }
+  let(:generated_install_cmdlet_with_source_and_options) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -Source MyGallery -AcceptLicense -Verbose ).Version" }
+  let(:generated_install_cmdlet_with_source_and_version_and_options) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -RequiredVersion 1.0.0.0 -Source MyGallery -AcceptLicense -Verbose ).Version" }
   let(:generated_install_cmdlet_with_source_and_version) { "#{tls_set_command} ( Install-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -RequiredVersion 1.0.0.0 -Source MyGallery ).Version" }
   let(:generated_uninstall_cmdlet) { "#{tls_set_command} ( Uninstall-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue ).Version" }
   let(:generated_uninstall_cmdlet_with_version) { "#{tls_set_command} ( Uninstall-Package xNetworking -Force -ForceBootstrap -WarningAction SilentlyContinue -RequiredVersion 1.0.0.0 ).Version" }
@@ -204,11 +208,11 @@ describe Chef::Provider::Package::Powershell, :windows_only, :windows_gte_10 do
     end
 
     context "when source is nil" do
-      it "build get commands correctly" do
+      it "builds get commands correctly" do
         expect(provider.build_powershell_package_command("Get-Package xNetworking")).to eql(generated_get_cmdlet)
       end
 
-      it "build get commands correctly when a version is passed" do
+      it "builds get commands correctly when a version is passed" do
         expect(provider.build_powershell_package_command("Get-Package xNetworking", "1.0.0.0")).to eql(generated_get_cmdlet_with_version)
       end
 
@@ -220,30 +224,45 @@ describe Chef::Provider::Package::Powershell, :windows_only, :windows_gte_10 do
         expect(provider.build_powershell_package_command("Find-Package xNetworking", "1.0.0.0")).to eql(generated_find_cmdlet_with_version)
       end
 
-      it "build install commands correctly" do
+      it "builds install commands correctly" do
         expect(provider.build_powershell_package_command("Install-Package xNetworking")).to eql(generated_install_cmdlet)
       end
 
-      it "build install commands correctly when a version is passed" do
+      it "builds install commands correctly when a version is passed" do
         expect(provider.build_powershell_package_command("Install-Package xNetworking", "1.0.0.0")).to eql(generated_install_cmdlet_with_version)
       end
 
-      it "build install commands correctly" do
+      it "builds install commands correctly when options are passed" do
+        new_resource.options("-AcceptLicense -Verbose")
+        expect(provider.build_powershell_package_command("Install-Package xNetworking")).to eql(generated_install_cmdlet_with_options)
+      end
+
+      it "builds install commands correctly when duplicate options are passed" do
+        new_resource.options("-WarningAction SilentlyContinue")
+        expect(provider.build_powershell_package_command("Install-Package xNetworking")).to eql(generated_install_cmdlet)
+      end
+
+      it "builds install commands correctly when a version and options are passed" do
+        new_resource.options("-AcceptLicense -Verbose")
+        expect(provider.build_powershell_package_command("Install-Package xNetworking", "1.0.0.0")).to eql(generated_install_cmdlet_with_version_and_options)
+      end
+
+      it "builds install commands correctly" do
         expect(provider.build_powershell_package_command("Uninstall-Package xNetworking")).to eql(generated_uninstall_cmdlet)
       end
 
-      it "build install commands correctly when a version is passed" do
+      it "builds install commands correctly when a version is passed" do
         expect(provider.build_powershell_package_command("Uninstall-Package xNetworking", "1.0.0.0")).to eql(generated_uninstall_cmdlet_with_version)
       end
     end
 
     context "when source is set" do
-      it "build get commands correctly" do
+      it "builds get commands correctly" do
         new_resource.source("MyGallery")
         expect(provider.build_powershell_package_command("Get-Package xNetworking")).to eql(generated_get_cmdlet)
       end
 
-      it "build get commands correctly when a version is passed" do
+      it "builds get commands correctly when a version is passed" do
         new_resource.source("MyGallery")
         expect(provider.build_powershell_package_command("Get-Package xNetworking", "1.0.0.0")).to eql(generated_get_cmdlet_with_version)
       end
@@ -258,22 +277,40 @@ describe Chef::Provider::Package::Powershell, :windows_only, :windows_gte_10 do
         expect(provider.build_powershell_package_command("Find-Package xNetworking", "1.0.0.0")).to eql(generated_find_cmdlet_with_source_and_version)
       end
 
-      it "build install commands correctly" do
+      it "builds install commands correctly" do
         new_resource.source("MyGallery")
         expect(provider.build_powershell_package_command("Install-Package xNetworking")).to eql(generated_install_cmdlet_with_source)
       end
 
-      it "build install commands correctly when a version is passed" do
+      it "builds install commands correctly when a version is passed" do
         new_resource.source("MyGallery")
         expect(provider.build_powershell_package_command("Install-Package xNetworking", "1.0.0.0")).to eql(generated_install_cmdlet_with_source_and_version)
       end
 
-      it "build install commands correctly" do
+      it "builds install commands correctly when options are passed" do
+        new_resource.source("MyGallery")
+        new_resource.options("-AcceptLicense -Verbose")
+        expect(provider.build_powershell_package_command("Install-Package xNetworking")).to eql(generated_install_cmdlet_with_source_and_options)
+      end
+
+      it "builds install commands correctly when duplicate options are passed" do
+        new_resource.source("MyGallery")
+        new_resource.options("-Force -ForceBootstrap")
+        expect(provider.build_powershell_package_command("Install-Package xNetworking")).to eql(generated_install_cmdlet_with_source)
+      end
+
+      it "builds install commands correctly when a version and options are passed" do
+        new_resource.source("MyGallery")
+        new_resource.options("-AcceptLicense -Verbose")
+        expect(provider.build_powershell_package_command("Install-Package xNetworking", "1.0.0.0")).to eql(generated_install_cmdlet_with_source_and_version_and_options)
+      end
+
+      it "builds install commands correctly" do
         new_resource.source("MyGallery")
         expect(provider.build_powershell_package_command("Uninstall-Package xNetworking")).to eql(generated_uninstall_cmdlet)
       end
 
-      it "build install commands correctly when a version is passed" do
+      it "builds install commands correctly when a version is passed" do
         new_resource.source("MyGallery")
         expect(provider.build_powershell_package_command("Uninstall-Package xNetworking", "1.0.0.0")).to eql(generated_uninstall_cmdlet_with_version)
       end
@@ -434,6 +471,19 @@ describe Chef::Provider::Package::Powershell, :windows_only, :windows_gte_10 do
       provider.run_action(:install)
       expect(new_resource).to be_updated_by_last_action
     end
+
+    it "should install a package using provided options" do
+      provider.load_current_resource
+      new_resource.package_name(["xCertificate"])
+      new_resource.version(nil)
+      new_resource.options(%w{-AcceptLicense -Verbose})
+      allow(provider).to receive(:powershell_out).with("#{tls_set_command} ( Find-Package 'xCertificate' -Force -ForceBootstrap -WarningAction SilentlyContinue ).Version", { timeout: new_resource.timeout }).and_return(package_xcertificate_available)
+      allow(provider).to receive(:powershell_out).with("#{tls_set_command} ( Get-Package 'xCertificate' -Force -ForceBootstrap -WarningAction SilentlyContinue ).Version", { timeout: new_resource.timeout }).and_return(package_xcertificate_not_available)
+      allow(provider).to receive(:powershell_out).with("$PSVersionTable.PSVersion.Major").and_return(powershell_installed_version)
+      expect(provider).to receive(:powershell_out).with("#{tls_set_command} ( Install-Package 'xCertificate' -Force -ForceBootstrap -WarningAction SilentlyContinue -RequiredVersion 2.1.0.0 -AcceptLicense -Verbose ).Version", { timeout: new_resource.timeout })
+      provider.run_action(:install)
+      expect(new_resource).to be_updated_by_last_action
+    end
   end
 
   describe "#action_remove" do
@@ -499,5 +549,17 @@ describe Chef::Provider::Package::Powershell, :windows_only, :windows_gte_10 do
       provider.run_action(:remove)
       expect(new_resource).to be_updated_by_last_action
     end
+
+    it "should remove a package using provided options" do
+      new_resource.package_name(["xCertificate"])
+      new_resource.options(%w{-AllVersions})
+      allow(provider).to receive(:powershell_out).with("#{tls_set_command} ( Find-Package 'xCertificate' -Force -ForceBootstrap -WarningAction SilentlyContinue ).Version", { timeout: new_resource.timeout }).and_return(package_xcertificate_available)
+      allow(provider).to receive(:powershell_out).with("#{tls_set_command} ( Get-Package 'xCertificate' -Force -ForceBootstrap -WarningAction SilentlyContinue ).Version", { timeout: new_resource.timeout }).and_return(package_xcertificate_available)
+      allow(provider).to receive(:powershell_out).with("$PSVersionTable.PSVersion.Major").and_return(powershell_installed_version)
+      provider.load_current_resource
+      expect(provider).to receive(:powershell_out).with("#{tls_set_command} ( Uninstall-Package 'xCertificate' -Force -ForceBootstrap -WarningAction SilentlyContinue -AllVersions ).Version", { timeout: new_resource.timeout }).and_return(package_xcertificate_not_available)
+      provider.run_action(:remove)
+      expect(new_resource).to be_updated_by_last_action
+    end
   end
 end

data/spec/unit/resource/windows_defender_exclusion_spec.rb

@@ -0,0 +1,62 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsDefenderExclusion do
+  let(:resource) { Chef::Resource::WindowsDefenderExclusion.new("fakey_fakerton") }
+
+  it "sets resource name as :windows_defender_exclusion" do
+    expect(resource.resource_name).to eql(:windows_defender_exclusion)
+  end
+
+  it "sets the default action as :add" do
+    expect(resource.action).to eql([:add])
+  end
+
+  it "supports :add, :remove actions" do
+    expect { resource.action :add }.not_to raise_error
+    expect { resource.action :remove }.not_to raise_error
+  end
+
+  it "paths property defaults to []" do
+    expect(resource.paths).to eql([])
+  end
+
+  it "paths coerces strings to arrays" do
+    resource.paths "foo,bar"
+    expect(resource.paths).to eq(%w{foo bar})
+  end
+
+  it "extensions property defaults to []" do
+    expect(resource.extensions).to eql([])
+  end
+
+  it "extensions coerces strings to arrays" do
+    resource.extensions "foo,bar"
+    expect(resource.extensions).to eq(%w{foo bar})
+  end
+
+  it "process_paths property defaults to []" do
+    expect(resource.process_paths).to eql([])
+  end
+
+  it "process_paths coerces strings to arrays" do
+    resource.process_paths "foo,bar"
+    expect(resource.process_paths).to eq(%w{foo bar})
+  end
+end

data/spec/unit/resource/windows_defender_spec.rb

@@ -0,0 +1,71 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsDefender do
+  let(:resource) { Chef::Resource::WindowsDefender.new("fakey_fakerton") }
+
+  it "sets resource name as :windows_defender" do
+    expect(resource.resource_name).to eql(:windows_defender)
+  end
+
+  it "sets the default action as :enable" do
+    expect(resource.action).to eql([:enable])
+  end
+
+  it "supports :enable, :disable actions" do
+    expect { resource.action :enable }.not_to raise_error
+    expect { resource.action :disable }.not_to raise_error
+  end
+
+  it "realtime_protection property defaults to true" do
+    expect(resource.realtime_protection).to eql(true)
+  end
+
+  it "intrusion_protection_system property defaults to true" do
+    expect(resource.intrusion_protection_system).to eql(true)
+  end
+
+  it "lock_ui property defaults to true" do
+    expect(resource.lock_ui).to eql(false)
+  end
+
+  it "scan_archives property defaults to true" do
+    expect(resource.scan_archives).to eql(true)
+  end
+
+  it "scan_scripts property defaults to true" do
+    expect(resource.scan_scripts).to eql(false)
+  end
+
+  it "scan_email property defaults to true" do
+    expect(resource.scan_email).to eql(false)
+  end
+
+  it "scan_removable_drives property defaults to true" do
+    expect(resource.scan_removable_drives).to eql(false)
+  end
+
+  it "scan_network_files property defaults to true" do
+    expect(resource.scan_network_files).to eql(false)
+  end
+
+  it "scan_mapped_drives property defaults to true" do
+    expect(resource.scan_mapped_drives).to eql(true)
+  end
+end

data/spec/unit/resource/windows_update_settings_spec.rb

@@ -0,0 +1,64 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# Author:: Tim Smith (tsmith@chef.io)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsUpdateSettings do
+  let(:resource) { Chef::Resource::WindowsUpdateSettings.new("foobar") }
+
+  it "sets resource name as :windows_update_settings" do
+    expect(resource.resource_name).to eql(:windows_update_settings)
+  end
+
+  it "sets the default action as :set" do
+    expect(resource.action).to eql([:set])
+  end
+
+  it "supports :set and legacy :enable actions" do
+    expect { resource.action :set }.not_to raise_error
+    expect { resource.action :enable }.not_to raise_error
+  end
+
+  it "raises an error if scheduled_install_day isn't a validate day" do
+    expect { resource.scheduled_install_day "Saturday" }.not_to raise_error
+    expect { resource.scheduled_install_day "Sunday" }.not_to raise_error
+    expect { resource.scheduled_install_day "Extraday" }.to raise_error(ArgumentError)
+  end
+
+  it "raises an error if automatic_update_option isn't a validate option" do
+    expect { resource.automatic_update_option 2 }.not_to raise_error
+    expect { resource.automatic_update_option :notify }.not_to raise_error
+    expect { resource.automatic_update_option :nope }.to raise_error(ArgumentError)
+  end
+
+  it "coerces legacy Integer value in automatic_update_option to friendly symbol" do
+    resource.automatic_update_option 2
+    expect(resource.automatic_update_option).to eql(:notify)
+  end
+
+  it "raises an error if scheduled_install_hour isn't a 24 hour clock hour" do
+    expect { resource.scheduled_install_hour 2 }.not_to raise_error
+    expect { resource.scheduled_install_hour 0 }.to raise_error(ArgumentError)
+    expect { resource.scheduled_install_hour 25 }.to raise_error(ArgumentError)
+  end
+
+  it "raises an error if custom_detection_frequency isn't a valid frequency" do
+    expect { resource.custom_detection_frequency 0 }.not_to raise_error
+    expect { resource.custom_detection_frequency 23 }.to raise_error(ArgumentError)
+  end
+end

data/spec/unit/secret_fetcher/azure_key_vault_spec.rb

@@ -0,0 +1,63 @@
+
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher"
+require "chef/secret_fetcher/azure_key_vault"
+
+describe Chef::SecretFetcher::AzureKeyVault do
+  let(:config) { { vault: "myvault" } }
+  let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config) }
+
+  context "when validating configuration and configuration is missing :vault" do
+    context "and configuration does not have a 'vault'" do
+      let(:config) { {} }
+      it "raises a MissingVaultError error on validate!" do
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::MissingVaultName)
+      end
+    end
+  end
+
+  context "when performing a fetch" do
+    let(:body) { "" }
+    let(:response_mock) { double("response", body: body) }
+    let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
+
+    before do
+      allow(fetcher).to receive(:fetch_token).and_return "a token"
+      allow(Net::HTTP).to receive(:new).and_return(http_mock)
+    end
+
+    context "and a valid response is received" do
+      let(:body) { '{ "value" : "my secret value" }' }
+      it "returns the expected response" do
+        expect(fetcher.fetch("value")).to eq "my secret value"
+      end
+    end
+
+    context "and an error response is received in the body" do
+      let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
+      it "raises FetchFailed" do
+        expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+      end
+    end
+
+  end
+end
+

data/spec/unit/secret_fetcher_spec.rb

@@ -0,0 +1,82 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/secret_fetcher"
+require "chef/secret_fetcher/example"
+
+class SecretFetcherImpl < Chef::SecretFetcher::Base
+  def do_fetch(name, version)
+    name
+  end
+
+  def validate!; end
+end
+
+describe Chef::SecretFetcher do
+  let(:fetcher_impl) { SecretFetcherImpl.new({}) }
+
+  before do
+    allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl
+  end
+
+  context ".for_service" do
+    it "resolves the example fetcher without error" do
+      Chef::SecretFetcher.for_service(:example, {})
+    end
+
+    it "resolves the Azure Key Vault fetcher without error" do
+      Chef::SecretFetcher.for_service(:azure_key_vault, vault: "invalid")
+    end
+
+    it "resolves the AWS fetcher without error" do
+      Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid")
+    end
+
+    it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
+      expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
+    end
+
+    it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do
+      expect { Chef::SecretFetcher.for_service("", {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
+    end
+
+    it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do
+      expect { Chef::SecretFetcher.for_service(:bad_example, {}) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
+    end
+
+    it "ensures fetcher configuration is valid by invoking validate!" do
+      expect(fetcher_impl).to receive(:validate!)
+      Chef::SecretFetcher.for_service(:example, {})
+    end
+  end
+
+  context "#fetch" do
+    let(:fetcher) {
+      Chef::SecretFetcher.for_service(:example, { "key1" => "value1" })
+    }
+
+    it "fetches from the underlying service when secret name is provided " do
+      expect(fetcher_impl).to receive(:fetch).with("key1", "v1")
+      fetcher.fetch("key1", "v1")
+    end
+
+    it "raises an error when the secret name is not provided" do
+      expect { fetcher.fetch(nil) }.to raise_error(Chef::Exceptions::Secret::MissingSecretName)
+    end
+  end
+end