chef 17.3.48-universal-mingw32 → 17.4.25-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/lib/chef/application.rb +3 -1
  3. data/lib/chef/compliance/default_attributes.rb +5 -3
  4. data/lib/chef/compliance/runner.rb +15 -1
  5. data/lib/chef/dsl/secret.rb +3 -3
  6. data/lib/chef/exceptions.rb +0 -2
  7. data/lib/chef/formatters/error_mapper.rb +2 -2
  8. data/lib/chef/provider/execute.rb +1 -1
  9. data/lib/chef/provider/group/dscl.rb +1 -1
  10. data/lib/chef/provider/launchd.rb +6 -6
  11. data/lib/chef/provider/subversion.rb +4 -4
  12. data/lib/chef/provider/support/yum_repo.erb +1 -1
  13. data/lib/chef/provider/systemd_unit.rb +17 -16
  14. data/lib/chef/provider/user/mac.rb +3 -3
  15. data/lib/chef/provider/yum_repository.rb +27 -43
  16. data/lib/chef/provider/zypper_repository.rb +3 -3
  17. data/lib/chef/provider.rb +26 -1
  18. data/lib/chef/provider_resolver.rb +8 -2
  19. data/lib/chef/resource/homebrew_cask.rb +1 -1
  20. data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -2
  21. data/lib/chef/resource/launchd.rb +3 -3
  22. data/lib/chef/resource/remote_file.rb +1 -1
  23. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  24. data/lib/chef/resource/ruby_block.rb +100 -0
  25. data/lib/chef/resource/scm/subversion.rb +1 -1
  26. data/lib/chef/resource/sysctl.rb +2 -2
  27. data/lib/chef/resource/systemd_unit.rb +3 -3
  28. data/lib/chef/resource/yum_package.rb +1 -5
  29. data/lib/chef/resource.rb +14 -18
  30. data/lib/chef/resource_inspector.rb +6 -2
  31. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +16 -4
  32. data/lib/chef/secret_fetcher/azure_key_vault.rb +31 -9
  33. data/lib/chef/secret_fetcher/base.rb +5 -1
  34. data/lib/chef/secret_fetcher.rb +5 -4
  35. data/lib/chef/version.rb +1 -1
  36. data/spec/integration/compliance/compliance_spec.rb +1 -0
  37. data/spec/integration/recipes/resource_action_spec.rb +2 -2
  38. data/spec/unit/compliance/runner_spec.rb +46 -2
  39. data/spec/unit/dsl/secret_spec.rb +8 -2
  40. data/spec/unit/provider_spec.rb +23 -0
  41. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  42. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  43. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  44. data/spec/unit/resource_spec.rb +19 -8
  45. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  46. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +23 -16
  47. data/spec/unit/secret_fetcher_spec.rb +9 -9
  48. metadata +7 -6
@@ -0,0 +1,70 @@
1
+ #
2
+ # Author:: Marc Paradise <marc@chef.io>
3
+ # Copyright:: Copyright (c) Chef Software Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ #
19
+
20
+ require_relative "../../spec_helper"
21
+ require "chef/secret_fetcher/aws_secrets_manager"
22
+
23
+ describe Chef::SecretFetcher::AWSSecretsManager do
24
+ let(:node) { {} }
25
+ let(:aws_global_config) { {} }
26
+ let(:fetcher_config) { {} }
27
+ let(:run_context) { double("run_context", node: node) }
28
+ let(:fetcher) {
29
+ Chef::SecretFetcher::AWSSecretsManager.new( fetcher_config, run_context )
30
+ }
31
+
32
+ before do
33
+ allow(Aws).to receive(:config).and_return(aws_global_config)
34
+ end
35
+
36
+ context "when region is provided" do
37
+ let(:fetcher_config) { { region: "region-from-caller" } }
38
+ it "uses the provided region" do
39
+ fetcher.validate!
40
+ expect(fetcher.config[:region]).to eq "region-from-caller"
41
+ end
42
+ end
43
+
44
+ context "when region is not provided" do
45
+ context "and no region exists in AWS config or node attributes" do
46
+ it "raises a ConfigurationInvalid error" do
47
+ expect { fetcher.validate! }.to raise_error Chef::Exceptions::Secret::ConfigurationInvalid
48
+ end
49
+ end
50
+
51
+ context "and region exists in AWS config and node attributes" do
52
+ let(:aws_global_config) { { region: "region-from-aws-global-config" } }
53
+ let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
54
+ it "uses the region from AWS config" do
55
+ fetcher.validate!
56
+ expect(fetcher.config[:region]).to eq "region-from-aws-global-config"
57
+ end
58
+ end
59
+
60
+ context "and region exists only in node attributes" do
61
+ let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
62
+ it "uses the region from AWS config" do
63
+ fetcher.validate!
64
+ expect(fetcher.config[:region]).to eq "region-from-ohai-data"
65
+ end
66
+
67
+ end
68
+
69
+ end
70
+ end
@@ -22,20 +22,11 @@ require "chef/secret_fetcher"
22
22
  require "chef/secret_fetcher/azure_key_vault"
23
23
 
24
24
  describe Chef::SecretFetcher::AzureKeyVault do
25
- let(:config) { { vault: "myvault" } }
26
- let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config) }
27
-
28
- context "when validating configuration and configuration is missing :vault" do
29
- context "and configuration does not have a 'vault'" do
30
- let(:config) { {} }
31
- it "raises a MissingVaultError error on validate!" do
32
- expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::MissingVaultName)
33
- end
34
- end
35
- end
25
+ let(:config) { { vault: "my_vault" } }
26
+ let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
36
27
 
37
28
  context "when performing a fetch" do
38
- let(:body) { "" }
29
+ let(:body) { '{ "value" : "my secret value" }' }
39
30
  let(:response_mock) { double("response", body: body) }
40
31
  let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
41
32
 
@@ -44,20 +35,36 @@ describe Chef::SecretFetcher::AzureKeyVault do
44
35
  allow(Net::HTTP).to receive(:new).and_return(http_mock)
45
36
  end
46
37
 
47
- context "and a valid response is received" do
38
+ context "and vault name is only provided in the secret name" do
48
39
  let(:body) { '{ "value" : "my secret value" }' }
49
- it "returns the expected response" do
50
- expect(fetcher.fetch("value")).to eq "my secret value"
40
+ let(:config) { {} }
41
+ it "fetches the value" do
42
+ expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
51
43
  end
52
44
  end
53
45
 
46
+ context "and vault name is not provided in the secret name" do
47
+ context "and vault name is not provided in config" do
48
+ let(:config) { {} }
49
+ it "raises a ConfigurationInvalid exception" do
50
+ expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
51
+ end
52
+ end
53
+
54
+ context "and vault name is provided in config" do
55
+ let(:config) { { vault: "my_vault" } }
56
+ it "fetches the value" do
57
+ expect(fetcher.fetch("value")).to eq "my secret value"
58
+ end
59
+ end
60
+ end
54
61
  context "and an error response is received in the body" do
62
+ let(:config) { { vault: "my_vault" } }
55
63
  let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
56
64
  it "raises FetchFailed" do
57
65
  expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
58
66
  end
59
67
  end
60
-
61
68
  end
62
69
  end
63
70
 
@@ -28,7 +28,7 @@ class SecretFetcherImpl < Chef::SecretFetcher::Base
28
28
  end
29
29
 
30
30
  describe Chef::SecretFetcher do
31
- let(:fetcher_impl) { SecretFetcherImpl.new({}) }
31
+ let(:fetcher_impl) { SecretFetcherImpl.new({}, nil) }
32
32
 
33
33
  before do
34
34
  allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl
@@ -36,38 +36,38 @@ describe Chef::SecretFetcher do
36
36
 
37
37
  context ".for_service" do
38
38
  it "resolves the example fetcher without error" do
39
- Chef::SecretFetcher.for_service(:example, {})
39
+ Chef::SecretFetcher.for_service(:example, {}, nil)
40
40
  end
41
41
 
42
42
  it "resolves the Azure Key Vault fetcher without error" do
43
- Chef::SecretFetcher.for_service(:azure_key_vault, vault: "invalid")
43
+ Chef::SecretFetcher.for_service(:azure_key_vault, { vault: "invalid" }, nil)
44
44
  end
45
45
 
46
46
  it "resolves the AWS fetcher without error" do
47
- Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid")
47
+ Chef::SecretFetcher.for_service(:aws_secrets_manager, { region: "invalid" }, nil)
48
48
  end
49
49
 
50
50
  it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
51
- expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
51
+ expect { Chef::SecretFetcher.for_service(nil, {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
52
52
  end
53
53
 
54
54
  it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do
55
- expect { Chef::SecretFetcher.for_service("", {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
55
+ expect { Chef::SecretFetcher.for_service("", {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
56
56
  end
57
57
 
58
58
  it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do
59
- expect { Chef::SecretFetcher.for_service(:bad_example, {}) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
59
+ expect { Chef::SecretFetcher.for_service(:bad_example, {}, nil) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
60
60
  end
61
61
 
62
62
  it "ensures fetcher configuration is valid by invoking validate!" do
63
63
  expect(fetcher_impl).to receive(:validate!)
64
- Chef::SecretFetcher.for_service(:example, {})
64
+ Chef::SecretFetcher.for_service(:example, {}, nil)
65
65
  end
66
66
  end
67
67
 
68
68
  context "#fetch" do
69
69
  let(:fetcher) {
70
- Chef::SecretFetcher.for_service(:example, { "key1" => "value1" })
70
+ Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }, nil)
71
71
  }
72
72
 
73
73
  it "fetches from the underlying service when secret name is provided " do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 17.3.48
4
+ version: 17.4.25
5
5
  platform: universal-mingw32
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-21 00:00:00.000000000 Z
11
+ date: 2021-08-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 17.3.48
19
+ version: 17.4.25
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 17.3.48
26
+ version: 17.4.25
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: chef-utils
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 17.3.48
33
+ version: 17.4.25
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 17.3.48
40
+ version: 17.4.25
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: train-core
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -3039,6 +3039,7 @@ files:
3039
3039
  - spec/unit/runner_spec.rb
3040
3040
  - spec/unit/scan_access_control_spec.rb
3041
3041
  - spec/unit/search/query_spec.rb
3042
+ - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
3042
3043
  - spec/unit/secret_fetcher/azure_key_vault_spec.rb
3043
3044
  - spec/unit/secret_fetcher_spec.rb
3044
3045
  - spec/unit/server_api_spec.rb