chef 17.3.48 → 17.4.25

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/lib/chef/application.rb +3 -1
  3. data/lib/chef/compliance/default_attributes.rb +5 -3
  4. data/lib/chef/compliance/runner.rb +15 -1
  5. data/lib/chef/dsl/secret.rb +3 -3
  6. data/lib/chef/exceptions.rb +0 -2
  7. data/lib/chef/formatters/error_mapper.rb +2 -2
  8. data/lib/chef/provider/execute.rb +1 -1
  9. data/lib/chef/provider/group/dscl.rb +1 -1
  10. data/lib/chef/provider/launchd.rb +6 -6
  11. data/lib/chef/provider/subversion.rb +4 -4
  12. data/lib/chef/provider/support/yum_repo.erb +1 -1
  13. data/lib/chef/provider/systemd_unit.rb +17 -16
  14. data/lib/chef/provider/user/mac.rb +3 -3
  15. data/lib/chef/provider/yum_repository.rb +27 -43
  16. data/lib/chef/provider/zypper_repository.rb +3 -3
  17. data/lib/chef/provider.rb +26 -1
  18. data/lib/chef/provider_resolver.rb +8 -2
  19. data/lib/chef/resource/homebrew_cask.rb +1 -1
  20. data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -2
  21. data/lib/chef/resource/launchd.rb +3 -3
  22. data/lib/chef/resource/remote_file.rb +1 -1
  23. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  24. data/lib/chef/resource/ruby_block.rb +100 -0
  25. data/lib/chef/resource/scm/subversion.rb +1 -1
  26. data/lib/chef/resource/sysctl.rb +2 -2
  27. data/lib/chef/resource/systemd_unit.rb +3 -3
  28. data/lib/chef/resource/yum_package.rb +1 -5
  29. data/lib/chef/resource.rb +14 -18
  30. data/lib/chef/resource_inspector.rb +6 -2
  31. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +16 -4
  32. data/lib/chef/secret_fetcher/azure_key_vault.rb +31 -9
  33. data/lib/chef/secret_fetcher/base.rb +5 -1
  34. data/lib/chef/secret_fetcher.rb +5 -4
  35. data/lib/chef/version.rb +1 -1
  36. data/spec/integration/compliance/compliance_spec.rb +1 -0
  37. data/spec/integration/recipes/resource_action_spec.rb +2 -2
  38. data/spec/unit/compliance/runner_spec.rb +46 -2
  39. data/spec/unit/dsl/secret_spec.rb +8 -2
  40. data/spec/unit/provider_spec.rb +23 -0
  41. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  42. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  43. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  44. data/spec/unit/resource_spec.rb +19 -8
  45. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  46. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +23 -16
  47. data/spec/unit/secret_fetcher_spec.rb +9 -9
  48. metadata +7 -6
@@ -0,0 +1,70 @@
1
+ #
2
+ # Author:: Marc Paradise <marc@chef.io>
3
+ # Copyright:: Copyright (c) Chef Software Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ #
19
+
20
+ require_relative "../../spec_helper"
21
+ require "chef/secret_fetcher/aws_secrets_manager"
22
+
23
+ describe Chef::SecretFetcher::AWSSecretsManager do
24
+ let(:node) { {} }
25
+ let(:aws_global_config) { {} }
26
+ let(:fetcher_config) { {} }
27
+ let(:run_context) { double("run_context", node: node) }
28
+ let(:fetcher) {
29
+ Chef::SecretFetcher::AWSSecretsManager.new( fetcher_config, run_context )
30
+ }
31
+
32
+ before do
33
+ allow(Aws).to receive(:config).and_return(aws_global_config)
34
+ end
35
+
36
+ context "when region is provided" do
37
+ let(:fetcher_config) { { region: "region-from-caller" } }
38
+ it "uses the provided region" do
39
+ fetcher.validate!
40
+ expect(fetcher.config[:region]).to eq "region-from-caller"
41
+ end
42
+ end
43
+
44
+ context "when region is not provided" do
45
+ context "and no region exists in AWS config or node attributes" do
46
+ it "raises a ConfigurationInvalid error" do
47
+ expect { fetcher.validate! }.to raise_error Chef::Exceptions::Secret::ConfigurationInvalid
48
+ end
49
+ end
50
+
51
+ context "and region exists in AWS config and node attributes" do
52
+ let(:aws_global_config) { { region: "region-from-aws-global-config" } }
53
+ let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
54
+ it "uses the region from AWS config" do
55
+ fetcher.validate!
56
+ expect(fetcher.config[:region]).to eq "region-from-aws-global-config"
57
+ end
58
+ end
59
+
60
+ context "and region exists only in node attributes" do
61
+ let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
62
+ it "uses the region from AWS config" do
63
+ fetcher.validate!
64
+ expect(fetcher.config[:region]).to eq "region-from-ohai-data"
65
+ end
66
+
67
+ end
68
+
69
+ end
70
+ end
@@ -22,20 +22,11 @@ require "chef/secret_fetcher"
22
22
  require "chef/secret_fetcher/azure_key_vault"
23
23
 
24
24
  describe Chef::SecretFetcher::AzureKeyVault do
25
- let(:config) { { vault: "myvault" } }
26
- let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config) }
27
-
28
- context "when validating configuration and configuration is missing :vault" do
29
- context "and configuration does not have a 'vault'" do
30
- let(:config) { {} }
31
- it "raises a MissingVaultError error on validate!" do
32
- expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::MissingVaultName)
33
- end
34
- end
35
- end
25
+ let(:config) { { vault: "my_vault" } }
26
+ let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
36
27
 
37
28
  context "when performing a fetch" do
38
- let(:body) { "" }
29
+ let(:body) { '{ "value" : "my secret value" }' }
39
30
  let(:response_mock) { double("response", body: body) }
40
31
  let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
41
32
 
@@ -44,20 +35,36 @@ describe Chef::SecretFetcher::AzureKeyVault do
44
35
  allow(Net::HTTP).to receive(:new).and_return(http_mock)
45
36
  end
46
37
 
47
- context "and a valid response is received" do
38
+ context "and vault name is only provided in the secret name" do
48
39
  let(:body) { '{ "value" : "my secret value" }' }
49
- it "returns the expected response" do
50
- expect(fetcher.fetch("value")).to eq "my secret value"
40
+ let(:config) { {} }
41
+ it "fetches the value" do
42
+ expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
51
43
  end
52
44
  end
53
45
 
46
+ context "and vault name is not provided in the secret name" do
47
+ context "and vault name is not provided in config" do
48
+ let(:config) { {} }
49
+ it "raises a ConfigurationInvalid exception" do
50
+ expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
51
+ end
52
+ end
53
+
54
+ context "and vault name is provided in config" do
55
+ let(:config) { { vault: "my_vault" } }
56
+ it "fetches the value" do
57
+ expect(fetcher.fetch("value")).to eq "my secret value"
58
+ end
59
+ end
60
+ end
54
61
  context "and an error response is received in the body" do
62
+ let(:config) { { vault: "my_vault" } }
55
63
  let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
56
64
  it "raises FetchFailed" do
57
65
  expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
58
66
  end
59
67
  end
60
-
61
68
  end
62
69
  end
63
70
 
@@ -28,7 +28,7 @@ class SecretFetcherImpl < Chef::SecretFetcher::Base
28
28
  end
29
29
 
30
30
  describe Chef::SecretFetcher do
31
- let(:fetcher_impl) { SecretFetcherImpl.new({}) }
31
+ let(:fetcher_impl) { SecretFetcherImpl.new({}, nil) }
32
32
 
33
33
  before do
34
34
  allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl
@@ -36,38 +36,38 @@ describe Chef::SecretFetcher do
36
36
 
37
37
  context ".for_service" do
38
38
  it "resolves the example fetcher without error" do
39
- Chef::SecretFetcher.for_service(:example, {})
39
+ Chef::SecretFetcher.for_service(:example, {}, nil)
40
40
  end
41
41
 
42
42
  it "resolves the Azure Key Vault fetcher without error" do
43
- Chef::SecretFetcher.for_service(:azure_key_vault, vault: "invalid")
43
+ Chef::SecretFetcher.for_service(:azure_key_vault, { vault: "invalid" }, nil)
44
44
  end
45
45
 
46
46
  it "resolves the AWS fetcher without error" do
47
- Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid")
47
+ Chef::SecretFetcher.for_service(:aws_secrets_manager, { region: "invalid" }, nil)
48
48
  end
49
49
 
50
50
  it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
51
- expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
51
+ expect { Chef::SecretFetcher.for_service(nil, {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
52
52
  end
53
53
 
54
54
  it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do
55
- expect { Chef::SecretFetcher.for_service("", {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
55
+ expect { Chef::SecretFetcher.for_service("", {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
56
56
  end
57
57
 
58
58
  it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do
59
- expect { Chef::SecretFetcher.for_service(:bad_example, {}) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
59
+ expect { Chef::SecretFetcher.for_service(:bad_example, {}, nil) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
60
60
  end
61
61
 
62
62
  it "ensures fetcher configuration is valid by invoking validate!" do
63
63
  expect(fetcher_impl).to receive(:validate!)
64
- Chef::SecretFetcher.for_service(:example, {})
64
+ Chef::SecretFetcher.for_service(:example, {}, nil)
65
65
  end
66
66
  end
67
67
 
68
68
  context "#fetch" do
69
69
  let(:fetcher) {
70
- Chef::SecretFetcher.for_service(:example, { "key1" => "value1" })
70
+ Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }, nil)
71
71
  }
72
72
 
73
73
  it "fetches from the underlying service when secret name is provided " do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 17.3.48
4
+ version: 17.4.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-21 00:00:00.000000000 Z
11
+ date: 2021-08-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 17.3.48
19
+ version: 17.4.25
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 17.3.48
26
+ version: 17.4.25
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: chef-utils
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 17.3.48
33
+ version: 17.4.25
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 17.3.48
40
+ version: 17.4.25
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: train-core
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -2260,6 +2260,7 @@ files:
2260
2260
  - spec/unit/runner_spec.rb
2261
2261
  - spec/unit/scan_access_control_spec.rb
2262
2262
  - spec/unit/search/query_spec.rb
2263
+ - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
2263
2264
  - spec/unit/secret_fetcher/azure_key_vault_spec.rb
2264
2265
  - spec/unit/secret_fetcher_spec.rb
2265
2266
  - spec/unit/server_api_spec.rb