chef 17.3.48 → 17.6.15

data/spec/unit/compliance/runner_spec.rb

@@ -202,6 +202,16 @@ describe Chef::Compliance::Runner do
       expect { runner.load_and_validate! }.to raise_error(/^CMPL002:/)
     end
 
+    it "raises CMPL004 if both the inputs and attributes node attributes are set" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+      }
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+      expect { runner.load_and_validate! }.to raise_error(/^CMPL011:/)
+    end
+
     it "validates configured reporters" do
       node.normal["audit"]["reporter"] = [ "chef-automate" ]
       reporter_double = double("reporter", validate_config!: nil)
@@ -212,6 +222,40 @@ describe Chef::Compliance::Runner do
   end
 
   describe "#inspec_opts" do
+    it "pulls inputs from the attributes setting" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
+    it "pulls inputs from the inputs setting" do
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
+    it "favors inputs over attributes" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "dinner",
+      }
+
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
     it "does not include chef_node in inputs by default" do
       node.normal["audit"]["attributes"] = {
         "tacos" => "lunch",
@@ -221,7 +265,7 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs.key?("chef_node")).to eq(false)
+      expect(inputs.key?("chef_node")).to eq(true)
     end
 
     it "includes chef_node in inputs with chef_node_attribute_enabled set" do
@@ -234,7 +278,7 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs["chef_node"]["audit"]["reporter"]).to eq(%w{json-file cli})
+      expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli")
       expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
     end
   end

data/spec/unit/compliance/waiver_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Waiver do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:waiver) { Chef::Compliance::Waiver.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(waiver.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(waiver.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(waiver.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(waiver.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    waiver.enable!
+    expect(waiver.enabled).to eql(true)
+    expect(waiver.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_waiver_enabled).with(waiver)
+    waiver.enable!
+  end
+
+  it "can be disabled by disable!" do
+    waiver.enable!
+    waiver.disable!
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(waiver.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(waiver.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newwaiver = Chef::Compliance::Waiver.from_yaml(events, string, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newwaiver = Chef::Compliance::Waiver.from_file(events, tempfile.path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newwaiver = Chef::Compliance::Waiver.from_hash(events, data, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+end

data/spec/unit/dsl/secret_spec.rb

@@ -21,6 +21,12 @@ require "chef/dsl/secret"
 require "chef/secret_fetcher/base"
 class SecretDSLTester
   include Chef::DSL::Secret
+  # Because DSL is invoked in the context of a recipe,
+  # we expect run_context to always be available when SecretFetcher::Base
+  # requests it - making it safe to mock here
+  def run_context
+    nil
+  end
 end
 
 class SecretFetcherImpl < Chef::SecretFetcher::Base
@@ -36,8 +42,8 @@ describe Chef::DSL::Secret do
   end
 
   it "uses SecretFetcher.for_service to find the fetcher" do
-    substitute_fetcher = SecretFetcherImpl.new({})
-    expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}).and_return(substitute_fetcher)
+    substitute_fetcher = SecretFetcherImpl.new({}, nil)
+    expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher)
     expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
     dsl.secret(name: "key1", service: :example, config: {})
   end

data/spec/unit/formatters/doc_spec.rb

@@ -40,7 +40,7 @@ describe Chef::Formatters::Base do
     }
 
     formatter.policyfile_loaded(minimal_policyfile)
-    expect(out.string).to include("Using policy 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'")
+    expect(out.string).to include("Using Policyfile 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'")
   end
 
   it "prints cookbook name and version" do

data/spec/unit/http/basic_client_spec.rb

@@ -47,6 +47,36 @@ describe "HTTP Connection" do
       expect(Net::HTTP).to receive(:new).and_return(net_http_mock)
       expect(basic_client.http_client).to eql(net_http_mock)
     end
+
+    it "allows setting net-http accessor options" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        "continue_timeout" => 5,
+        "max_retries" => 5,
+        "read_timeout" => 5,
+        "write_timeout" => 5,
+        "ssl_timeout" => 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
+
+    it "allows setting net-http accssor options as symbols" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        continue_timeout: 5,
+        max_retries: 5,
+        read_timeout: 5,
+        write_timeout: 5,
+        ssl_timeout: 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
   end
 
   describe "#build_http_client" do

data/spec/unit/http_spec.rb

@@ -46,13 +46,19 @@ describe Chef::HTTP do
   describe "#initialize" do
     it "accepts a keepalive option and passes it to the http_client" do
       http = Chef::HTTP.new(uri, keepalives: true)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: true).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: true).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
 
     it "the default is not to use keepalives" do
       http = Chef::HTTP.new(uri)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: false).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: false).and_call_original
+      expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
+    end
+
+    it "allows setting the nethttp options hash" do
+      http = Chef::HTTP.new(uri, { nethttp: { "continue_timeout" => 5 } })
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: { "continue_timeout" => 5 }, keepalives: false).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
   end

data/spec/unit/provider/link_spec.rb

@@ -125,7 +125,7 @@ describe Chef::Resource::Link do
 
   describe "when the target doesn't exist" do
     before do
-      allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
+      allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
       allow(provider.file_class).to receive(:symlink?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
       provider.load_current_resource
     end
@@ -152,13 +152,16 @@ describe Chef::Resource::Link do
       allow(stat).to receive(:mode).and_return(0755)
       allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(stat)
 
-      allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(true)
+      # XXX: this might be broken?  it preserves prior behavior in the specs caused by File.exist?/exists? interactions
+      allow(Chef::ScanAccessControl).to receive(:new).and_return(instance_double(Chef::ScanAccessControl, set_all!: nil))
+
+      allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(true)
       allow(provider.file_class).to receive(:symlink?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
     end
 
     describe "and the source does not exist" do
       before do
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(false)
+        expect(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(false)
         provider.load_current_resource
       end
 
@@ -185,7 +188,7 @@ describe Chef::Resource::Link do
 
         allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile").and_return(stat)
 
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
+        allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
         provider.load_current_resource
       end
 
@@ -212,7 +215,7 @@ describe Chef::Resource::Link do
 
         allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile").and_return(stat)
 
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
+        allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
         provider.load_current_resource
       end
 
@@ -262,6 +265,9 @@ describe Chef::Resource::Link do
         "#{CHEF_SPEC_DATA}/fofile-link"
       ).and_return(stat)
 
+      # XXX: this might be broken?  it preserves prior behavior in the specs caused by File.exist?/exists? interactions
+      allow(Chef::ScanAccessControl).to receive(:new).and_return(instance_double(Chef::ScanAccessControl, set_all!: nil))
+
       provider.load_current_resource
     end
 
@@ -336,10 +342,10 @@ describe Chef::Resource::Link do
           "#{CHEF_SPEC_DATA}/fofile-link"
         ).and_return(false)
 
-        allow(File).to receive(:exists?).with(
+        allow(File).to receive(:exist?).with(
           "#{CHEF_SPEC_DATA}/fofile-link"
         ).and_return(true)
-        allow(File).to receive(:exists?).with(
+        allow(File).to receive(:exist?).with(
           "#{CHEF_SPEC_DATA}/fofile"
         ).and_return(true)
 

data/spec/unit/provider/remote_file/http_spec.rb

@@ -321,4 +321,14 @@ describe Chef::Provider::RemoteFile::HTTP do
 
   end
 
+  describe "#http_client_opts" do
+    before do
+      new_resource.http_options({ retries: 2, retry_delay: 3 })
+    end
+
+    it "should set http client options" do
+      expect(fetcher.send(:http_client_opts)).to eq({ retries: 2, retry_delay: 3 })
+    end
+  end
+
 end

data/spec/unit/provider/template_spec.rb

@@ -50,7 +50,7 @@ describe Chef::Provider::Template do
 
   let(:content) do
     content = double("Chef::Provider::File::Content::Template", template_location: "/foo/bar/baz")
-    allow(File).to receive(:exists?).with("/foo/bar/baz").and_return(true)
+    allow(File).to receive(:exist?).with("/foo/bar/baz").and_return(true)
     content
   end
 
@@ -76,7 +76,7 @@ describe Chef::Provider::Template do
     it "stops executing when the local template source can't be found" do
       setup_normal_file
       allow(content).to receive(:template_location).and_return("/baz/bar/foo")
-      allow(File).to receive(:exists?).with("/baz/bar/foo").and_return(false)
+      allow(File).to receive(:exist?).with("/baz/bar/foo").and_return(false)
       expect { provider.run_action(:create) }.to raise_error Chef::Mixin::WhyRun::ResourceRequirements::Assertion::AssertionFailure
     end
 

data/spec/unit/provider_spec.rb

@@ -32,6 +32,21 @@ class NoWhyrunDemonstrator < Chef::Provider
   end
 end
 
+class ActionDescriptionDemonstrator < Chef::Provider
+  def load_current_resource; end
+
+  action :foo, description: "foo described" do
+    true
+  end
+
+  action :foo2 do
+    true
+  end
+
+end
+
+context "blah" do
+end
 class ConvergeActionDemonstrator < Chef::Provider
   attr_reader :system_state_altered
 
@@ -98,6 +113,14 @@ describe Chef::Provider do
     expect(@provider.action_nothing).to eql(true)
   end
 
+  it "should return an action description for action_description when one is available" do
+    expect(ActionDescriptionDemonstrator.action_description(:foo)).to eq "foo described"
+  end
+
+  it "should return nil for action_description when no description is available" do
+    expect(ActionDescriptionDemonstrator.action_description(:none)).to eq nil
+  end
+
   it "evals embedded recipes with a pristine resource collection" do
     @provider.run_context.instance_variable_set(:@resource_collection, "doesn't matter what this is")
     temporary_collection = nil