chef 17.3.48 → 17.4.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45a45627ed2995c171f44e97e524e17cdcc2b8a3c4566c6cba3e7e57a5810f71
-  data.tar.gz: 5bbe7e7fecc35ddfddc730addb9a944a798ff252a239e433f6894228c9af6359
+  metadata.gz: c159fb85af31dd6bd19924a07f00bf9b95d0dfb1d88fb61a31715a9bdd3e96ec
+  data.tar.gz: 9a98b549790322419a603d451b8d0ad612cdff4e43b7ea7b902b14838dbf02ee
 SHA512:
-  metadata.gz: 3ef336ebe43aa213491af9e263758101f040ee306537d8d3d0db4a6484fa33daf78c0a524525ee648688cfe9fa2c77d5163ce310d6977b85c0ccf761fcc763ba
-  data.tar.gz: 554e9acfa53f9bc83a3b04cd9efb913b984bf9f69cb58b924a3ad9744fd2af8ff8bf42b6b495ba243ad71364d59ba433f6c440b9768c59aa3a7d9239948e2c7e
+  metadata.gz: 7ba002628326ef955c31a01fd28e799591100f09eae310a289de0edb8cc6d412f6db37b2af090dbb6eabdf5a1aa87456ff305d3f4c0b343a16832d227f560381
+  data.tar.gz: 1dedaff5d73ff603b322f11282deefc699091e89c0544bff43cb039bbb9627269d0f7e2e43fffd604dfd7d22042b51efa43b54789098ed8e8931da1f1bfc7601

data/lib/chef/application.rb

@@ -377,7 +377,9 @@ class Chef
 
         Chef::FileCache.store("#{ChefUtils::Dist::Infra::SHORT}-stacktrace.out", chef_stacktrace_out)
         logger.fatal("Stacktrace dumped to #{Chef::FileCache.load("#{ChefUtils::Dist::Infra::SHORT}-stacktrace.out", false)}")
-        logger.fatal("Please provide the contents of the stacktrace.out file if you file a bug report")
+        logger.fatal("---------------------------------------------------------------------------------------")
+        logger.fatal("PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT")
+        logger.fatal("---------------------------------------------------------------------------------------")
         if Chef::Config[:always_dump_stacktrace]
           logger.fatal(message)
         else

data/lib/chef/compliance/default_attributes.rb

@@ -28,7 +28,7 @@ class Chef
       # Controls what is done with the resulting report after the Chef InSpec run.
       # Accepts a single string value or an array of multiple values.
       # Accepted values: 'chef-server-automate', 'chef-automate', 'json-file', 'audit-enforcer', 'cli'
-      "reporter" => %w{json-file cli},
+      "reporter" => "cli",
 
       # Controls if Chef InSpec profiles should be fetched from Chef Automate or Chef Infra Server
       # in addition to the default fetch locations provided by Chef Inspec.
@@ -47,8 +47,10 @@ class Chef
       "profiles" => {},
 
       # Extra inputs passed to Chef InSpec to allow finer-grained control over behavior.
-      # These are mapped to Chef InSpec's inputs, but are named attributes here for legacy reasons.
       # See Chef Inspec's documentation for more information: https://docs.chef.io/inspec/inputs/
+      "inputs" => {},
+
+      # Legacy alias for inputs
       "attributes" => {},
 
       # A string path or an array of paths to Chef InSpec waiver files.
@@ -88,7 +90,7 @@ class Chef
 
       # If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input
       # named `chef_node`.
-      "chef_node_attribute_enabled" => false,
+      "chef_node_attribute_enabled" => true,
 
       # Should the built-in compliance phase run. True and false force the behavior. Nil does magic based on if you have
       # profiles defined but do not have the audit cookbook enabled.

data/lib/chef/compliance/runner.rb

@@ -113,8 +113,17 @@ class Chef
         logger.info "Chef Infra Compliance Phase Complete"
       end
 
+      def inputs_from_attributes
+        if !node["audit"]["inputs"].empty?
+          node["audit"]["inputs"].to_h
+        else
+          node["audit"]["attributes"].to_h
+        end
+      end
+
       def inspec_opts
-        inputs = node["audit"]["attributes"].to_h
+        inputs = inputs_from_attributes
+
         if node["audit"]["chef_node_attribute_enabled"]
           inputs["chef_node"] = node.to_h
           inputs["chef_node"]["chef_environment"] = node.chef_environment
@@ -300,6 +309,11 @@ class Chef
             raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] = #{fetcher}). Supported fetchers are: #{SUPPORTED_FETCHERS.join(", ")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase#fetch-profiles"
           end
         end
+
+        if !node["audit"]["attributes"].empty? && !node["audit"]["inputs"].empty?
+          raise "CMPL011: both node['audit']['inputs'] and node['audit']['attributes'] are set.  The node['audit']['attributes'] setting is deprecated and should not be used."
+        end
+
         @validation_passed = true
       end
     end

data/lib/chef/dsl/secret.rb

@@ -49,15 +49,15 @@ class Chef
       #
       #   value = secret(name: "test1", service: :aws_secrets_manager, version: "v1", config: { region: "us-west-1" })
       #   log "My secret is #{value}"
-      def secret(name: nil, version: nil, service: nil, config: nil)
-        Chef::Log.warn <<~EOM.gsub("\n", "")
+      def secret(name: nil, version: nil, service: nil, config: {})
+        Chef::Log.warn <<~EOM.gsub("\n", " ")
           The secrets Chef Infra language helper is currently in beta.
           This helper will most likely change over time in potentially breaking ways.
           If you have feedback or you'd like to be part of the future design of this
           helper e-mail us at secrets_management_beta@progress.com"
         EOM
         sensitive(true) if is_a?(Chef::Resource)
-        Chef::SecretFetcher.for_service(service, config).fetch(name, version)
+        Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version)
       end
     end
   end

data/lib/chef/exceptions.rb

@@ -308,8 +308,6 @@ class Chef
           super("No secret service provided. Supported services are: :#{fetcher_service_names.join(" :")}")
         end
       end
-
-      class MissingVaultName < RuntimeError; end
     end
 
     # Exception class for collecting multiple failures. Used when running

data/lib/chef/formatters/error_mapper.rb

@@ -27,7 +27,7 @@ class Chef
       # Failed to register this client with the server.
       def self.registration_failed(node_name, exception, config)
         error_inspector = ErrorInspectors::RegistrationErrorInspector.new(node_name, exception, config)
-        headline = "Chef encountered an error attempting to create the client \"#{node_name}\""
+        headline = "Chef Infra Client encountered an error attempting to create the client \"#{node_name}\""
         description = ErrorDescription.new(headline)
         error_inspector.add_explanation(description)
         description
@@ -35,7 +35,7 @@ class Chef
 
       def self.node_load_failed(node_name, exception, config)
         error_inspector = ErrorInspectors::NodeLoadErrorInspector.new(node_name, exception, config)
-        headline = "Chef encountered an error attempting to load the node data for \"#{node_name}\""
+        headline = "Chef Infra Client encountered an error attempting to load the node data for \"#{node_name}\""
         description = ErrorDescription.new(headline)
         error_inspector.add_explanation(description)
         description

data/lib/chef/provider/execute.rb

@@ -41,7 +41,7 @@ class Chef
         end
       end
 
-      action :run do
+      action :run, description: "Run a command." do
         if creates && sentinel_file.exist?
           logger.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do")
           return false

data/lib/chef/provider/group/dscl.rb

@@ -158,7 +158,7 @@ class Chef
           if new_resource.group_name && (current_resource.group_name != new_resource.group_name)
             dscl_create_group
           end
-          if new_resource.gid && (current_resource.gid != new_resource.gid)
+          if new_resource.gid && (current_resource.gid != new_resource.gid.to_s)
             set_gid
           end
           if new_resource.members || new_resource.excluded_members

data/lib/chef/provider/launchd.rb

@@ -43,22 +43,22 @@ class Chef
         types[type]
       end
 
-      action :create do
+      action :create, description: "Create a launchd property list." do
         manage_plist(:create)
       end
 
-      action :create_if_missing do
+      action :create_if_missing, description: "Create a launchd property list, if it does not already exist." do
         manage_plist(:create_if_missing)
       end
 
-      action :delete do
+      action :delete, description: "Delete a launchd property list. This will unload a daemon or agent, if loaded." do
         if ::File.exists?(path)
           manage_service(:disable)
         end
         manage_plist(:delete)
       end
 
-      action :enable do
+      action :enable, description: "Create a launchd property list, and then ensure that it is enabled. If a launchd property list already exists, but does not match, updates the property list to match, and then restarts the daemon or agent." do
         manage_service(:nothing)
         manage_plist(:create) do
           notifies :restart, "macosx_service[#{label}]", :immediately
@@ -66,13 +66,13 @@ class Chef
         manage_service(:enable)
       end
 
-      action :disable do
+      action :disable, description: "Disable a launchd property list." do
         return unless ::File.exist?(path)
 
         manage_service(:disable)
       end
 
-      action :restart do
+      action :restart, description: "Restart a launchd managed daemon or agent." do
         manage_service(:restart)
       end
 

data/lib/chef/provider/subversion.rb

@@ -55,7 +55,7 @@ class Chef
         end
       end
 
-      action :checkout do
+      action :checkout, description: "Clone or check out the source. When a checkout is available, this provider does nothing." do
         if target_dir_non_existent_or_empty?
           converge_by("perform checkout of #{new_resource.repository} into #{new_resource.destination}") do
             shell_out!(checkout_command, run_options)
@@ -65,7 +65,7 @@ class Chef
         end
       end
 
-      action :export do
+      action :export, description: "Export the source, excluding or removing any version control artifacts." do
         if target_dir_non_existent_or_empty?
           action_force_export
         else
@@ -73,13 +73,13 @@ class Chef
         end
       end
 
-      action :force_export do
+      action :force_export, description: "Export the source, excluding or removing any version control artifacts and force an export of the source that is overwriting the existing copy (if it exists)." do
         converge_by("export #{new_resource.repository} into #{new_resource.destination}") do
           shell_out!(export_command, run_options)
         end
       end
 
-      action :sync do
+      action :sync, description: "Update the source to the specified version, or get a new clone or checkout. This action causes a hard reset of the index and working tree, discarding any uncommitted changes." do
         assert_target_directory_valid!
         if ::File.exist?(::File.join(new_resource.destination, ".svn"))
           current_rev = find_current_revision

data/lib/chef/provider/support/yum_repo.erb

@@ -1,4 +1,4 @@
-# This file was generated by Chef
+# This file was generated by Chef Infra
 # Do NOT modify this file by hand.
 
 [<%= @config.repositoryid %>]

data/lib/chef/provider/systemd_unit.rb

@@ -22,6 +22,7 @@ require_relative "../resource/file"
 require_relative "../resource/file/verification/systemd_unit"
 require "iniparse"
 require "shellwords" unless defined?(Shellwords)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Provider
@@ -75,7 +76,7 @@ class Chef
         end
       end
 
-      action :create do
+      action :create, description: "Create a systemd unit file, if it does not already exist." do
         if current_resource.content != new_resource.to_ini
           converge_by("creating unit: #{new_resource.unit_name}") do
             manage_unit_file(:create)
@@ -84,7 +85,7 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Delete a systemd unit file, if it exists." do
         if ::File.exist?(unit_path)
           converge_by("deleting unit: #{new_resource.unit_name}") do
             manage_unit_file(:delete)
@@ -93,19 +94,19 @@ class Chef
         end
       end
 
-      action :preset do
+      action :preset, description: "Restore the preset '`enable`/`disable`' configuration for a systemd unit. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do
         converge_by("restoring enable/disable preset configuration for unit: #{new_resource.unit_name}") do
           systemctl_execute!(:preset, new_resource.unit_name)
         end
       end
 
-      action :revert do
+      action :revert, description: "Revert to a vendor's version of a systemd unit file. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do
         converge_by("reverting to vendor version of unit: #{new_resource.unit_name}") do
           systemctl_execute!(:revert, new_resource.unit_name)
         end
       end
 
-      action :enable do
+      action :enable, description: "Ensure the unit will be started after the next system boot." do
         if current_resource.static
           logger.debug("#{new_resource.unit_name} is a static unit, enabling is a NOP.")
         end
@@ -121,7 +122,7 @@ class Chef
         end
       end
 
-      action :disable do
+      action :disable, description: "Ensure the unit will not be started after the next system boot." do
         if current_resource.static
           logger.debug("#{new_resource.unit_name} is a static unit, disabling is a NOP.")
         end
@@ -138,14 +139,14 @@ class Chef
         end
       end
 
-      action :reenable do
+      action :reenable, description: "Reenable a unit file. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do
         converge_by("reenabling unit: #{new_resource.unit_name}") do
           systemctl_execute!(:reenable, new_resource.unit_name)
           logger.info("#{new_resource} reenabled")
         end
       end
 
-      action :mask do
+      action :mask, description: "Ensure the unit will not start, even to satisfy dependencies." do
         unless current_resource.masked
           converge_by("masking unit: #{new_resource.unit_name}") do
             systemctl_execute!(:mask, new_resource.unit_name)
@@ -154,7 +155,7 @@ class Chef
         end
       end
 
-      action :unmask do
+      action :unmask, description: "Stop the unit from being masked and cause it to start as specified." do
         if current_resource.masked
           converge_by("unmasking unit: #{new_resource.unit_name}") do
             systemctl_execute!(:unmask, new_resource.unit_name)
@@ -163,7 +164,7 @@ class Chef
         end
       end
 
-      action :start do
+      action :start, description: "Start a systemd unit." do
         unless current_resource.active
           converge_by("starting unit: #{new_resource.unit_name}") do
             systemctl_execute!(:start, new_resource.unit_name, default_env: false)
@@ -172,7 +173,7 @@ class Chef
         end
       end
 
-      action :stop do
+      action :stop, description: "Stop a running systemd unit." do
         if current_resource.active
           converge_by("stopping unit: #{new_resource.unit_name}") do
             systemctl_execute!(:stop, new_resource.unit_name, default_env: false)
@@ -181,14 +182,14 @@ class Chef
         end
       end
 
-      action :restart do
+      action :restart, description: "Restart a systemd unit." do
         converge_by("restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!(:restart, new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} restarted")
         end
       end
 
-      action :reload do
+      action :reload, description: "Reload the configuration file for a systemd unit." do
         if current_resource.active
           converge_by("reloading unit: #{new_resource.unit_name}") do
             systemctl_execute!(:reload, new_resource.unit_name, default_env: false)
@@ -199,21 +200,21 @@ class Chef
         end
       end
 
-      action :try_restart do
+      action :try_restart, description: "Try to restart a systemd unit if the unit is running." do
         converge_by("try-restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!("try-restart", new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} try-restarted")
         end
       end
 
-      action :reload_or_restart do
+      action :reload_or_restart, description: "For systemd units that are services, this action reloads the configuration of the service without restarting, if possible; otherwise, it will restart the service so the new configuration is applied." do
         converge_by("reload-or-restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!("reload-or-restart", new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} reload-or-restarted")
         end
       end
 
-      action :reload_or_try_restart do
+      action :reload_or_try_restart, description: "For systemd units that are services, this action reloads the configuration of the service without restarting, if possible; otherwise, it will try to restart the service so the new configuration is applied." do
         converge_by("reload-or-try-restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!("reload-or-try-restart", new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} reload-or-try-restarted")

data/lib/chef/provider/user/mac.rb

@@ -28,7 +28,7 @@ class Chef
   class Provider
     class User
       # A macOS user provider that is compatible with default TCC restrictions
-      # in macOS 10.14. See resource/user/mac_user.rb for complete description
+      # in macOS 10.14+. See resource/user/mac_user.rb for complete description
       # of the mac_user resource
       class MacUser < Chef::Provider::User
         include Chef::Mixin::Which
@@ -49,11 +49,11 @@ class Chef
             current_resource.uid(user_plist[:uid][0])
             current_resource.gid(user_plist[:gid][0])
             current_resource.home(user_plist[:home][0])
-            current_resource.shell(user_plist[:shell][0])
+            current_resource.shell(user_plist[:shell]&.first) # use &.first since shell can be nil
             current_resource.comment(user_plist[:comment][0])
 
             if user_plist[:is_hidden]
-              current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false)
+              current_resource.hidden(user_plist[:is_hidden]&.first == "1" ? true : false) # when not hidden the value seems to be nil so &.first to handle that
             end
 
             shadow_hash = user_plist[:shadow_hash]

data/lib/chef/provider/yum_repository.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../resource"
-require_relative "../dsl/declare_resource"
 require_relative "../mixin/which"
 require_relative "noop"
 
@@ -32,8 +31,8 @@ class Chef
 
       def load_current_resource; end
 
-      action :create do
-        declare_resource(:template, ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo")) do
+      action :create, description: "Create a repository based on the properties." do
+        template ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do
           if template_available?(new_resource.source)
             source new_resource.source
           else
@@ -46,72 +45,57 @@ class Chef
           if new_resource.make_cache
             notifies :run, "execute[yum clean metadata #{new_resource.repositoryid}]", :immediately if new_resource.clean_metadata || new_resource.clean_headers
             notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately
-            notifies :create, "ruby_block[package-cache-reload-#{new_resource.repositoryid}]", :immediately
+            notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
           end
         end
 
-        declare_resource(:execute, "yum clean metadata #{new_resource.repositoryid}") do
-          command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
-          action :nothing
-        end
+        # avoid extra logging if make_cache property isn't set
+        if new_resource.make_cache
+          execute "yum clean metadata #{new_resource.repositoryid}" do
+            command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+            action :nothing
+          end
 
-        # get the metadata for this repo only
-        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
-          command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
-          action :nothing
-          only_if { new_resource.enabled }
-        end
+          # get the metadata for this repo only
+          execute "yum-makecache-#{new_resource.repositoryid}" do
+            command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+            action :nothing
+            only_if { new_resource.enabled }
+          end
 
-        # reload internal Chef yum/dnf cache
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
+          package "package-cache-reload-#{new_resource.repositoryid}" do
+            action :nothing
           end
-          action :nothing
         end
       end
 
-      action :delete do
+      action :delete, description: "Remove a repository." do
         # clean the repo cache first
-        declare_resource(:execute, "yum clean all #{new_resource.repositoryid}") do
+        execute "yum clean all #{new_resource.repositoryid}" do
           command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
           only_if "yum repolist all | grep -P '^#{new_resource.repositoryid}([ \t]|$)'"
         end
 
-        declare_resource(:file, ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo")) do
+        file ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do
           action :delete
-          notifies :create, "ruby_block[package-cache-reload-#{new_resource.repositoryid}]", :immediately
+          notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
         end
 
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
-          end
+        package "package-cache-reload-#{new_resource.repositoryid}" do
           action :nothing
         end
       end
 
-      action :makecache do
-        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
+      action :makecache, description: "Force the creation of the repository cache. This is also done automatically when a repository is updated." do
+        execute "yum-makecache-#{new_resource.repositoryid}" do
           command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
           action :run
           only_if { new_resource.enabled }
+          notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
         end
 
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
-          end
-          action :run
+        package "package-cache-reload-#{new_resource.repositoryid}" do
+          action :nothing
         end
       end