chef 17.4.25 → 17.6.18

data/spec/unit/resource/powershell_package_source_spec.rb

@@ -33,14 +33,15 @@ describe Chef::Resource::PowershellPackageSource do
     expect(resource.action).to eql([:register])
   end
 
-  it "supports :register and :unregister actions" do
+  it "supports :register, :set and :unregister actions" do
     expect { resource.action :register }.not_to raise_error
+    expect { resource.action :set }.not_to raise_error
     expect { resource.action :unregister }.not_to raise_error
   end
 
   it "the url property accepts strings" do
-    resource.url("https://mygallery.company.co/api/v2/")
-    expect(resource.url).to eql("https://mygallery.company.co/api/v2/")
+    resource.source_location("https://mygallery.company.co/api/v2/")
+    expect(resource.source_location).to eql("https://mygallery.company.co/api/v2/")
   end
 
   it "the trusted property accepts true and false" do
@@ -54,7 +55,7 @@ describe Chef::Resource::PowershellPackageSource do
     expect(resource.trusted).to eql(false)
   end
 
-  it "provider_name accepts 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl', 'chocolatey'" do
+  it "provider_name accepts 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl', 'chocolatey', 'winget'" do
     expect { resource.provider_name("Programs") }.not_to raise_error
     expect { resource.provider_name("msi") }.not_to raise_error
     expect { resource.provider_name("NuGet") }.not_to raise_error
@@ -62,6 +63,7 @@ describe Chef::Resource::PowershellPackageSource do
     expect { resource.provider_name("PowerShellGet") }.not_to raise_error
     expect { resource.provider_name("psl") }.not_to raise_error
     expect { resource.provider_name("chocolatey") }.not_to raise_error
+    expect { resource.provider_name("winget") }.not_to raise_error
   end
 
   it "the publish_location property accepts strings" do
@@ -70,75 +72,76 @@ describe Chef::Resource::PowershellPackageSource do
   end
 
   it "the script_source_location property accepts strings" do
-    resource.publish_location("https://mygallery.company.co/api/v2/scripts")
-    expect(resource.publish_location).to eql("https://mygallery.company.co/api/v2/scripts")
+    resource.script_source_location("https://mygallery.company.co/api/v2/scripts")
+    expect(resource.script_source_location).to eql("https://mygallery.company.co/api/v2/scripts")
   end
 
   it "the script_publish_location property accepts strings" do
-    resource.publish_location("https://mygallery.company.co/api/v2/scripts")
-    expect(resource.publish_location).to eql("https://mygallery.company.co/api/v2/scripts")
+    resource.script_publish_location("https://mygallery.company.co/api/v2/scripts")
+    expect(resource.script_publish_location).to eql("https://mygallery.company.co/api/v2/scripts")
   end
 
   describe "#build_ps_repository_command" do
     before do
       resource.source_name("MyGallery")
-      resource.url("https://mygallery.company.co/api/v2/")
+      resource.source_location("https://github.com/chef/powershell_test")
+      resource.provider_name("PowerShellGet")
     end
 
     context "#register" do
       it "builds a minimal command" do
-        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' | Out-Null")
+        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' | Out-Null")
       end
 
       it "builds a command with trusted set to true" do
         resource.trusted(true)
-        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Trusted' | Out-Null")
+        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Trusted' | Out-Null")
       end
 
       it "builds a command with a publish location" do
-        resource.publish_location("https://mygallery.company.co/api/v2/package")
-        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' -PublishLocation 'https://mygallery.company.co/api/v2/package' | Out-Null")
+        resource.publish_location("https://github.com/chef/powershell_test/package")
+        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -PublishLocation 'https://github.com/chef/powershell_test/package' | Out-Null")
       end
 
       it "builds a command with a script source location" do
-        resource.script_source_location("https://mygallery.company.co/api/v2/scripts")
-        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' -ScriptSourceLocation 'https://mygallery.company.co/api/v2/scripts' | Out-Null")
+        resource.script_source_location("https://github.com/chef/powershell_test/scripts")
+        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptSourceLocation 'https://github.com/chef/powershell_test/scripts' | Out-Null")
       end
 
       it "builds a command with a script publish location" do
-        resource.script_publish_location("https://mygallery.company.co/api/v2/scripts/package")
-        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' -ScriptPublishLocation 'https://mygallery.company.co/api/v2/scripts/package' | Out-Null")
+        resource.script_publish_location("https://github.com/chef/powershell_test/scripts/package")
+        expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptPublishLocation 'https://github.com/chef/powershell_test/scripts/package' | Out-Null")
       end
     end
 
     context "#set" do
       it "builds a minimal command" do
-        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' | Out-Null")
+        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' | Out-Null")
       end
 
       it "builds a command to change the url" do
-        resource.url("https://othergallery.company.co/api/v2/")
+        resource.source_location("https://othergallery.company.co/api/v2/")
         expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://othergallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' | Out-Null")
       end
 
       it "builds a command with trusted set to true" do
         resource.trusted(true)
-        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Trusted' | Out-Null")
+        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Trusted' | Out-Null")
       end
 
       it "builds a command with a publish location" do
-        resource.publish_location("https://mygallery.company.co/api/v2/package")
-        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' -PublishLocation 'https://mygallery.company.co/api/v2/package' | Out-Null")
+        resource.publish_location("https://github.com/chef/powershell_test/package")
+        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -PublishLocation 'https://github.com/chef/powershell_test/package' | Out-Null")
       end
 
       it "builds a command with a script source location" do
-        resource.script_source_location("https://mygallery.company.co/api/v2/scripts")
-        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' -ScriptSourceLocation 'https://mygallery.company.co/api/v2/scripts' | Out-Null")
+        resource.script_source_location("https://github.com/chef/powershell_test/scripts")
+        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptSourceLocation 'https://github.com/chef/powershell_test/scripts' | Out-Null")
       end
 
       it "builds a command with a script publish location" do
-        resource.script_publish_location("https://mygallery.company.co/api/v2/scripts/package")
-        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://mygallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' -ScriptPublishLocation 'https://mygallery.company.co/api/v2/scripts/package' | Out-Null")
+        resource.script_publish_location("https://github.com/chef/powershell_test/scripts/package")
+        expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptPublishLocation 'https://github.com/chef/powershell_test/scripts/package' | Out-Null")
       end
     end
   end
@@ -146,74 +149,72 @@ describe Chef::Resource::PowershellPackageSource do
   describe "#build_package_source_command" do
     before do
       resource.source_name("NuGet")
-      resource.url("http://nuget.org/api/v2/")
+      resource.source_location("http://nuget.org/api/v2/")
     end
 
     context "#register" do
       it "builds a minimal command" do
-        expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted:$false -ProviderName 'NuGet' | Out-Null")
+        expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -ProviderName 'NuGet' | Out-Null")
       end
 
       it "builds a command with trusted set to true" do
         resource.trusted(true)
-        expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted:$true -ProviderName 'NuGet' | Out-Null")
+        expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted -ProviderName 'NuGet' | Out-Null")
       end
 
       it "builds a command with a different provider" do
         resource.source_name("choco")
-        resource.url("https://chocolatey.org/api/v2/")
+        resource.source_location("https://chocolatey.org/api/v2/")
         resource.provider_name("chocolatey")
-        expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -Trusted:$false -ProviderName 'chocolatey' | Out-Null")
+        expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -ProviderName 'chocolatey' | Out-Null")
       end
     end
 
     context "#set" do
       it "builds a minimal command" do
-        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted:$false -ProviderName 'NuGet' | Out-Null")
+        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -ProviderName 'NuGet' | Out-Null")
       end
 
       it "builds a command to change the url" do
-        resource.url("https://nuget.company.co/api/v2/")
-        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'https://nuget.company.co/api/v2/' -Trusted:$false -ProviderName 'NuGet' | Out-Null")
+        resource.source_location("https://nuget.company.co/api/v2/")
+        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'https://nuget.company.co/api/v2/' -ProviderName 'NuGet' | Out-Null")
       end
 
       it "builds a command with trusted set to true" do
         resource.trusted(true)
-        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted:$true -ProviderName 'NuGet' | Out-Null")
+        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted -ProviderName 'NuGet' | Out-Null")
       end
 
       it "builds a command with a different provider" do
         resource.source_name("choco")
-        resource.url("https://chocolatey.org/api/v2/")
+        resource.source_location("https://chocolatey.org/api/v2/")
         resource.provider_name("chocolatey")
-        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -Trusted:$false -ProviderName 'chocolatey' | Out-Null")
+        expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -ProviderName 'chocolatey' | Out-Null")
       end
     end
   end
 
-  describe "#psrepository_cmdlet_appropriate?" do
-    it "returns true if the provider_name is 'PowerShellGet'" do
-      resource.provider_name("PowerShellGet")
-      expect(provider.psrepository_cmdlet_appropriate?).to eql(true)
-    end
-
-    it "returns false if the provider_name is something else" do
-      resource.provider_name("NuGet")
-      expect(provider.psrepository_cmdlet_appropriate?).to eql(false)
-    end
-  end
-
-  describe "#package_source_exists?" do
-    it "returns true if it exists" do
-      allow(provider).to receive(:powershell_exec!).with("(Get-PackageSource -Name 'MyGallery' -ErrorAction SilentlyContinue).Name").and_return(double("powershell_exec!", result: "MyGallery\r\n"))
-      resource.source_name("MyGallery")
-      expect(provider.package_source_exists?).to eql(true)
-    end
-
-    it "returns false if it doesn't exist" do
-      allow(provider).to receive(:powershell_exec!).with("(Get-PackageSource -Name 'MyGallery' -ErrorAction SilentlyContinue).Name").and_return(double("powershell_exec!", result: ""))
-      resource.source_name("MyGallery")
-      expect(provider.package_source_exists?).to eql(false)
-    end
-  end
+  # describe "get_package_source_details" do
+  #   before do
+  #     resource.source_name("MyGallery")
+  #     resource.source_location("http://nuget.org/api/v2/")
+  #     provider.build_package_source_command("Register", resource)
+  #   end
+
+  #   # stub a call to the package_source_details
+  #   expect(provider).to receive(:get_package_source_details).and_return("PackageSource")
+  #   it "returns packagesource if it exists" do
+  #     # dbl = double("testing PackageSource")
+  #     # let(source_name)
+  #     # # allow(provider).to receive(:powershell_exec!).with("(Get-PackageSource -Name 'MyGallery' -ErrorAction SilentlyContinue).Name").and_return(double("powershell_exec!", result: "PackageSource"))
+  #     # resource.source_name("MyGallery")
+  #     expect(provider.get_package_source_details.result).to eql("PackageSource")
+  #   end
+
+  #   it "returns unregistered if it doesn't exist" do
+  #     # allow(provider).to receive(:powershell_exec!).with("(Get-PackageSource -Name 'Foo' -ErrorAction SilentlyContinue).Name").and_return(double("powershell_exec!", result: ""))
+  #     resource.source_name("Foo")
+  #     expect(provider.get_package_source_details.result).to eql("Unregistered")
+  #   end
+  # end
 end

data/spec/unit/resource/user_ulimit_spec.rb

@@ -17,7 +17,6 @@
 #
 
 require "spec_helper"
-
 describe Chef::Resource::UserUlimit do
   let(:node) { Chef::Node.new }
   let(:events) { Chef::EventDispatch::Dispatcher.new }
@@ -50,4 +49,18 @@ describe Chef::Resource::UserUlimit do
     expect { resource.action :create }.not_to raise_error
     expect { resource.action :delete }.not_to raise_error
   end
+
+  describe "sensitive attribute" do
+    context "should be insensitive by default" do
+      it { expect(resource.sensitive).to(be_falsey) }
+    end
+
+    context "when set" do
+      before { resource.sensitive(true) }
+
+      it "should be set on the resource" do
+        expect(resource.sensitive).to(be_truthy)
+      end
+    end
+  end
 end

data/spec/unit/secret_fetcher/akeyless_vault_spec.rb

@@ -0,0 +1,37 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/akeyless_vault"
+
+describe Chef::SecretFetcher::AKeylessVault do
+  let(:node) { {} }
+  let(:run_context) { double("run_context", node: node) }
+
+  context "when validating provided AKeyless Vault configuration" do
+    it "raises ConfigurationInvalid when :secret_access_key is not provided" do
+      fetcher = Chef::SecretFetcher::AKeylessVault.new( { access_id: "provided" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:secret_access_key/)
+    end
+
+    it "raises ConfigurationInvalid when :access_key_id is not provided" do
+      fetcher = Chef::SecretFetcher::AKeylessVault.new( { access_key: "provided" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:access_key_id/)
+    end
+  end
+end

data/spec/unit/secret_fetcher/hashi_vault_spec.rb

@@ -0,0 +1,80 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/hashi_vault"
+
+describe Chef::SecretFetcher::HashiVault do
+  let(:node) { {} }
+  let(:run_context) { double("run_context", node: node) }
+
+  context "when validating provided HashiVault configuration" do
+    it "raises ConfigurationInvalid when the :auth_method is not valid" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:auth_method/)
+    end
+
+    it "raises ConfigurationInvalid when the vault_addr is not provided" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, role_name: "example-role" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+
+    context "and using auth_method: :iam_role" do
+      it "raises ConfigurationInvalid when the role_name is not provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+
+      it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200", role_name: "example-role" }, run_context)
+        allow(Aws::InstanceProfileCredentials).to receive(:new).and_return instance_double(Aws::InstanceProfileCredentials)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:aws_iam)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+
+    context "and using auth_method: :token" do
+      it "raises ConfigurationInvalid when no token is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+
+      it "authenticates using the token during validation when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, token: "t.1234abcd", vault_addr: "https://vault.example.com:8200" }, run_context)
+        auth = instance_double(Vault::Authenticate)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:token)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+  end
+
+  context "when fetching a secret from Hashi Vault" do
+    it "raises an FetchFailed message when no secret is returned due to invalid engine path" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      logical_double = instance_double(Vault::Logical)
+      expect(logical_double).to receive(:read).and_return nil
+      expect(Vault).to receive(:logical).and_return(logical_double)
+      expect { fetcher.do_fetch("anything", nil) }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+    end
+  end
+end
+

data/tasks/rspec.rb

@@ -30,7 +30,8 @@ begin
         puts "--- Running #{gem} specs"
         Bundler.with_unbundled_env do
           puts "Executing tests in #{Dir.pwd}:"
-          sh("bundle install --jobs=3 --retry=3 --path=../vendor/bundle")
+          sh("bundle config set --local path 'vendor/bundle'")
+          sh("bundle install --jobs=3 --retry=3")
           sh("bundle exec rake spec")
         end
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.4.25
+  version: 17.6.18
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-23 00:00:00.000000000 Z
+date: 2021-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.25
+        version: 17.6.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.25
+        version: 17.6.18
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.25
+        version: 17.6.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.25
+        version: 17.6.18
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -440,6 +440,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-secretsmanager
   requirement: !ruby/object:Gem::Requirement
@@ -454,6 +468,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.46'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
 description: A systems integration framework, built to bring the benefits of configuration
   management to your entire infrastructure.
 email: adam@chef.io
@@ -587,12 +615,18 @@ files:
 - lib/chef/compliance/default_attributes.rb
 - lib/chef/compliance/fetcher/automate.rb
 - lib/chef/compliance/fetcher/chef_server.rb
+- lib/chef/compliance/input.rb
+- lib/chef/compliance/input_collection.rb
+- lib/chef/compliance/profile.rb
+- lib/chef/compliance/profile_collection.rb
 - lib/chef/compliance/reporter/automate.rb
 - lib/chef/compliance/reporter/chef_server_automate.rb
 - lib/chef/compliance/reporter/cli.rb
 - lib/chef/compliance/reporter/compliance_enforcer.rb
 - lib/chef/compliance/reporter/json_file.rb
 - lib/chef/compliance/runner.rb
+- lib/chef/compliance/waiver.rb
+- lib/chef/compliance/waiver_collection.rb
 - lib/chef/config.rb
 - lib/chef/config_fetcher.rb
 - lib/chef/constants.rb
@@ -632,6 +666,7 @@ files:
 - lib/chef/dsl.rb
 - lib/chef/dsl/chef_vault.rb
 - lib/chef/dsl/cheffish.rb
+- lib/chef/dsl/compliance.rb
 - lib/chef/dsl/data_query.rb
 - lib/chef/dsl/declare_resource.rb
 - lib/chef/dsl/definitions.rb
@@ -639,6 +674,7 @@ files:
 - lib/chef/dsl/include_recipe.rb
 - lib/chef/dsl/platform_introspection.rb
 - lib/chef/dsl/powershell.rb
+- lib/chef/dsl/reader_helpers.rb
 - lib/chef/dsl/reboot_pending.rb
 - lib/chef/dsl/recipe.rb
 - lib/chef/dsl/registry_helper.rb
@@ -981,7 +1017,9 @@ files:
 - lib/chef/resource/execute.rb
 - lib/chef/resource/file.rb
 - lib/chef/resource/file/verification.rb
+- lib/chef/resource/file/verification/json.rb
 - lib/chef/resource/file/verification/systemd_unit.rb
+- lib/chef/resource/file/verification/yaml.rb
 - lib/chef/resource/freebsd_package.rb
 - lib/chef/resource/gem_package.rb
 - lib/chef/resource/group.rb
@@ -1002,6 +1040,8 @@ files:
 - lib/chef/resource/hostname.rb
 - lib/chef/resource/http_request.rb
 - lib/chef/resource/ifconfig.rb
+- lib/chef/resource/inspec_input.rb
+- lib/chef/resource/inspec_waiver.rb
 - lib/chef/resource/inspec_waiver_file_entry.rb
 - lib/chef/resource/ips_package.rb
 - lib/chef/resource/kernel_module.rb
@@ -1149,10 +1189,12 @@ files:
 - lib/chef/scan_access_control.rb
 - lib/chef/search/query.rb
 - lib/chef/secret_fetcher.rb
+- lib/chef/secret_fetcher/akeyless_vault.rb
 - lib/chef/secret_fetcher/aws_secrets_manager.rb
 - lib/chef/secret_fetcher/azure_key_vault.rb
 - lib/chef/secret_fetcher/base.rb
 - lib/chef/secret_fetcher/example.rb
+- lib/chef/secret_fetcher/hashi_vault.rb
 - lib/chef/server_api.rb
 - lib/chef/server_api_versions.rb
 - lib/chef/shell.rb
@@ -1281,6 +1323,7 @@ files:
 - spec/data/apt/var/www/apt/dists/sid/main/binary-i386/Packages
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.0-1_amd64.deb
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.1-1_amd64.deb
+- spec/data/archive_file/test_archive.tar.gz
 - spec/data/bad-config.rb
 - spec/data/bootstrap/encrypted_data_bag_secret
 - spec/data/bootstrap/no_proxy.erb
@@ -1665,6 +1708,7 @@ files:
 - spec/functional/resource/aix_service_spec.rb
 - spec/functional/resource/aixinit_service_spec.rb
 - spec/functional/resource/apt_package_spec.rb
+- spec/functional/resource/archive_file_spec.rb
 - spec/functional/resource/bash_spec.rb
 - spec/functional/resource/batch_spec.rb
 - spec/functional/resource/bff_spec.rb
@@ -1769,6 +1813,7 @@ files:
 - spec/support/platforms/prof/win32.rb
 - spec/support/platforms/win32/spec_service.rb
 - spec/support/recipe_dsl_helper.rb
+- spec/support/ruby_installer.rb
 - spec/support/shared/context/config.rb
 - spec/support/shared/context/win32.rb
 - spec/support/shared/functional/diff_disabled.rb
@@ -1829,10 +1874,13 @@ files:
 - spec/unit/client_spec.rb
 - spec/unit/compliance/fetcher/automate_spec.rb
 - spec/unit/compliance/fetcher/chef_server_spec.rb
+- spec/unit/compliance/input_spec.rb
+- spec/unit/compliance/profile_spec.rb
 - spec/unit/compliance/reporter/automate_spec.rb
 - spec/unit/compliance/reporter/chef_server_automate_spec.rb
 - spec/unit/compliance/reporter/compliance_enforcer_spec.rb
 - spec/unit/compliance/runner_spec.rb
+- spec/unit/compliance/waiver_spec.rb
 - spec/unit/config_fetcher_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/cookbook/chefignore_spec.rb
@@ -2119,7 +2167,9 @@ files:
 - spec/unit/resource/dsc_resource_spec.rb
 - spec/unit/resource/dsc_script_spec.rb
 - spec/unit/resource/execute_spec.rb
+- spec/unit/resource/file/verification/json_spec.rb
 - spec/unit/resource/file/verification/systemd_unit_spec.rb
+- spec/unit/resource/file/verification/yaml_spec.rb
 - spec/unit/resource/file/verification_spec.rb
 - spec/unit/resource/file_spec.rb
 - spec/unit/resource/freebsd_package_spec.rb
@@ -2133,7 +2183,9 @@ files:
 - spec/unit/resource/hostname_spec.rb
 - spec/unit/resource/http_request_spec.rb
 - spec/unit/resource/ifconfig_spec.rb
+- spec/unit/resource/inspec_input_spec.rb
 - spec/unit/resource/inspec_waiver_file_entry_spec.rb
+- spec/unit/resource/inspec_waiver_spec.rb
 - spec/unit/resource/ips_package_spec.rb
 - spec/unit/resource/kernel_module_spec.rb
 - spec/unit/resource/ksh_spec.rb
@@ -2260,8 +2312,10 @@ files:
 - spec/unit/runner_spec.rb
 - spec/unit/scan_access_control_spec.rb
 - spec/unit/search/query_spec.rb
+- spec/unit/secret_fetcher/akeyless_vault_spec.rb
 - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
 - spec/unit/secret_fetcher/azure_key_vault_spec.rb
+- spec/unit/secret_fetcher/hashi_vault_spec.rb
 - spec/unit/secret_fetcher_spec.rb
 - spec/unit/server_api_spec.rb
 - spec/unit/server_api_versions_spec.rb