chef 17.3.48-universal-mingw32 → 17.4.25-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/chef/application.rb +3 -1
- data/lib/chef/compliance/default_attributes.rb +5 -3
- data/lib/chef/compliance/runner.rb +15 -1
- data/lib/chef/dsl/secret.rb +3 -3
- data/lib/chef/exceptions.rb +0 -2
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/provider/execute.rb +1 -1
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/launchd.rb +6 -6
- data/lib/chef/provider/subversion.rb +4 -4
- data/lib/chef/provider/support/yum_repo.erb +1 -1
- data/lib/chef/provider/systemd_unit.rb +17 -16
- data/lib/chef/provider/user/mac.rb +3 -3
- data/lib/chef/provider/yum_repository.rb +27 -43
- data/lib/chef/provider/zypper_repository.rb +3 -3
- data/lib/chef/provider.rb +26 -1
- data/lib/chef/provider_resolver.rb +8 -2
- data/lib/chef/resource/homebrew_cask.rb +1 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -2
- data/lib/chef/resource/launchd.rb +3 -3
- data/lib/chef/resource/remote_file.rb +1 -1
- data/lib/chef/resource/rhsm_subscription.rb +5 -5
- data/lib/chef/resource/ruby_block.rb +100 -0
- data/lib/chef/resource/scm/subversion.rb +1 -1
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +3 -3
- data/lib/chef/resource/yum_package.rb +1 -5
- data/lib/chef/resource.rb +14 -18
- data/lib/chef/resource_inspector.rb +6 -2
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +16 -4
- data/lib/chef/secret_fetcher/azure_key_vault.rb +31 -9
- data/lib/chef/secret_fetcher/base.rb +5 -1
- data/lib/chef/secret_fetcher.rb +5 -4
- data/lib/chef/version.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -0
- data/spec/integration/recipes/resource_action_spec.rb +2 -2
- data/spec/unit/compliance/runner_spec.rb +46 -2
- data/spec/unit/dsl/secret_spec.rb +8 -2
- data/spec/unit/provider_spec.rb +23 -0
- data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
- data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +19 -8
- data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +23 -16
- data/spec/unit/secret_fetcher_spec.rb +9 -9
- metadata +7 -6
@@ -0,0 +1,70 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Marc Paradise <marc@chef.io>
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../../spec_helper"
|
21
|
+
require "chef/secret_fetcher/aws_secrets_manager"
|
22
|
+
|
23
|
+
describe Chef::SecretFetcher::AWSSecretsManager do
|
24
|
+
let(:node) { {} }
|
25
|
+
let(:aws_global_config) { {} }
|
26
|
+
let(:fetcher_config) { {} }
|
27
|
+
let(:run_context) { double("run_context", node: node) }
|
28
|
+
let(:fetcher) {
|
29
|
+
Chef::SecretFetcher::AWSSecretsManager.new( fetcher_config, run_context )
|
30
|
+
}
|
31
|
+
|
32
|
+
before do
|
33
|
+
allow(Aws).to receive(:config).and_return(aws_global_config)
|
34
|
+
end
|
35
|
+
|
36
|
+
context "when region is provided" do
|
37
|
+
let(:fetcher_config) { { region: "region-from-caller" } }
|
38
|
+
it "uses the provided region" do
|
39
|
+
fetcher.validate!
|
40
|
+
expect(fetcher.config[:region]).to eq "region-from-caller"
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
context "when region is not provided" do
|
45
|
+
context "and no region exists in AWS config or node attributes" do
|
46
|
+
it "raises a ConfigurationInvalid error" do
|
47
|
+
expect { fetcher.validate! }.to raise_error Chef::Exceptions::Secret::ConfigurationInvalid
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context "and region exists in AWS config and node attributes" do
|
52
|
+
let(:aws_global_config) { { region: "region-from-aws-global-config" } }
|
53
|
+
let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
|
54
|
+
it "uses the region from AWS config" do
|
55
|
+
fetcher.validate!
|
56
|
+
expect(fetcher.config[:region]).to eq "region-from-aws-global-config"
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
context "and region exists only in node attributes" do
|
61
|
+
let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
|
62
|
+
it "uses the region from AWS config" do
|
63
|
+
fetcher.validate!
|
64
|
+
expect(fetcher.config[:region]).to eq "region-from-ohai-data"
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
end
|
@@ -22,20 +22,11 @@ require "chef/secret_fetcher"
|
|
22
22
|
require "chef/secret_fetcher/azure_key_vault"
|
23
23
|
|
24
24
|
describe Chef::SecretFetcher::AzureKeyVault do
|
25
|
-
let(:config) { { vault: "
|
26
|
-
let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config) }
|
27
|
-
|
28
|
-
context "when validating configuration and configuration is missing :vault" do
|
29
|
-
context "and configuration does not have a 'vault'" do
|
30
|
-
let(:config) { {} }
|
31
|
-
it "raises a MissingVaultError error on validate!" do
|
32
|
-
expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::MissingVaultName)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
25
|
+
let(:config) { { vault: "my_vault" } }
|
26
|
+
let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
|
36
27
|
|
37
28
|
context "when performing a fetch" do
|
38
|
-
let(:body) { "" }
|
29
|
+
let(:body) { '{ "value" : "my secret value" }' }
|
39
30
|
let(:response_mock) { double("response", body: body) }
|
40
31
|
let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
|
41
32
|
|
@@ -44,20 +35,36 @@ describe Chef::SecretFetcher::AzureKeyVault do
|
|
44
35
|
allow(Net::HTTP).to receive(:new).and_return(http_mock)
|
45
36
|
end
|
46
37
|
|
47
|
-
context "and
|
38
|
+
context "and vault name is only provided in the secret name" do
|
48
39
|
let(:body) { '{ "value" : "my secret value" }' }
|
49
|
-
|
50
|
-
|
40
|
+
let(:config) { {} }
|
41
|
+
it "fetches the value" do
|
42
|
+
expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
|
51
43
|
end
|
52
44
|
end
|
53
45
|
|
46
|
+
context "and vault name is not provided in the secret name" do
|
47
|
+
context "and vault name is not provided in config" do
|
48
|
+
let(:config) { {} }
|
49
|
+
it "raises a ConfigurationInvalid exception" do
|
50
|
+
expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
context "and vault name is provided in config" do
|
55
|
+
let(:config) { { vault: "my_vault" } }
|
56
|
+
it "fetches the value" do
|
57
|
+
expect(fetcher.fetch("value")).to eq "my secret value"
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
54
61
|
context "and an error response is received in the body" do
|
62
|
+
let(:config) { { vault: "my_vault" } }
|
55
63
|
let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
|
56
64
|
it "raises FetchFailed" do
|
57
65
|
expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
|
58
66
|
end
|
59
67
|
end
|
60
|
-
|
61
68
|
end
|
62
69
|
end
|
63
70
|
|
@@ -28,7 +28,7 @@ class SecretFetcherImpl < Chef::SecretFetcher::Base
|
|
28
28
|
end
|
29
29
|
|
30
30
|
describe Chef::SecretFetcher do
|
31
|
-
let(:fetcher_impl) { SecretFetcherImpl.new({}) }
|
31
|
+
let(:fetcher_impl) { SecretFetcherImpl.new({}, nil) }
|
32
32
|
|
33
33
|
before do
|
34
34
|
allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl
|
@@ -36,38 +36,38 @@ describe Chef::SecretFetcher do
|
|
36
36
|
|
37
37
|
context ".for_service" do
|
38
38
|
it "resolves the example fetcher without error" do
|
39
|
-
Chef::SecretFetcher.for_service(:example, {})
|
39
|
+
Chef::SecretFetcher.for_service(:example, {}, nil)
|
40
40
|
end
|
41
41
|
|
42
42
|
it "resolves the Azure Key Vault fetcher without error" do
|
43
|
-
Chef::SecretFetcher.for_service(:azure_key_vault, vault: "invalid")
|
43
|
+
Chef::SecretFetcher.for_service(:azure_key_vault, { vault: "invalid" }, nil)
|
44
44
|
end
|
45
45
|
|
46
46
|
it "resolves the AWS fetcher without error" do
|
47
|
-
Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid")
|
47
|
+
Chef::SecretFetcher.for_service(:aws_secrets_manager, { region: "invalid" }, nil)
|
48
48
|
end
|
49
49
|
|
50
50
|
it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
|
51
|
-
expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
|
51
|
+
expect { Chef::SecretFetcher.for_service(nil, {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
|
52
52
|
end
|
53
53
|
|
54
54
|
it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do
|
55
|
-
expect { Chef::SecretFetcher.for_service("", {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
|
55
|
+
expect { Chef::SecretFetcher.for_service("", {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
|
56
56
|
end
|
57
57
|
|
58
58
|
it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do
|
59
|
-
expect { Chef::SecretFetcher.for_service(:bad_example, {}) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
|
59
|
+
expect { Chef::SecretFetcher.for_service(:bad_example, {}, nil) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
|
60
60
|
end
|
61
61
|
|
62
62
|
it "ensures fetcher configuration is valid by invoking validate!" do
|
63
63
|
expect(fetcher_impl).to receive(:validate!)
|
64
|
-
Chef::SecretFetcher.for_service(:example, {})
|
64
|
+
Chef::SecretFetcher.for_service(:example, {}, nil)
|
65
65
|
end
|
66
66
|
end
|
67
67
|
|
68
68
|
context "#fetch" do
|
69
69
|
let(:fetcher) {
|
70
|
-
Chef::SecretFetcher.for_service(:example, { "key1" => "value1" })
|
70
|
+
Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }, nil)
|
71
71
|
}
|
72
72
|
|
73
73
|
it "fetches from the underlying service when secret name is provided " do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 17.
|
4
|
+
version: 17.4.25
|
5
5
|
platform: universal-mingw32
|
6
6
|
authors:
|
7
7
|
- Adam Jacob
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-config
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 17.
|
19
|
+
version: 17.4.25
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 17.
|
26
|
+
version: 17.4.25
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: chef-utils
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 17.
|
33
|
+
version: 17.4.25
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 17.
|
40
|
+
version: 17.4.25
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: train-core
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -3039,6 +3039,7 @@ files:
|
|
3039
3039
|
- spec/unit/runner_spec.rb
|
3040
3040
|
- spec/unit/scan_access_control_spec.rb
|
3041
3041
|
- spec/unit/search/query_spec.rb
|
3042
|
+
- spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
|
3042
3043
|
- spec/unit/secret_fetcher/azure_key_vault_spec.rb
|
3043
3044
|
- spec/unit/secret_fetcher_spec.rb
|
3044
3045
|
- spec/unit/server_api_spec.rb
|