chef 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32

data/spec/unit/compliance/profile_spec.rb

@@ -0,0 +1,120 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Profile do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "copyright" => "DevSec Hardening Framework Team", "copyright_email" => "hello@dev-sec.io", "license" => "Apache-2.0", "maintainer" => "DevSec Hardening Framework Team", "name" => "ssh-baseline", "summary" => "Test-suite for best-practice SSH hardening", "supports" => [{ "os-family" => "unix" }], "title" => "DevSec SSH Baseline", "version" => "2.6.4" } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename/inspec.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:profile) { Chef::Compliance::Profile.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(profile.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(profile.path).to eql(path)
+  end
+
+  it "has a name based on the yml" do
+    expect(profile.name).to eql("ssh-baseline")
+  end
+
+  it "has a pathname based on the path" do
+    expect(profile.pathname).to eql("thisdirectoryisnotthename")
+  end
+
+  it "is disabled" do
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(profile.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    profile.enable!
+    expect(profile.enabled).to eql(true)
+    expect(profile.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_profile_enabled).with(profile)
+    profile.enable!
+  end
+
+  it "can be disabled by disable!" do
+    profile.enable!
+    profile.disable!
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the path" do
+    expect(profile.inspec_data).to eql( { name: "ssh-baseline", path: "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename" } )
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(profile.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    newprofile = Chef::Compliance::Profile.from_yaml(events, string, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newprofile = Chef::Compliance::Profile.from_file(events, tempfile.path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newprofile = Chef::Compliance::Profile.from_hash(events, data, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+end

data/spec/unit/compliance/waiver_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Waiver do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:waiver) { Chef::Compliance::Waiver.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(waiver.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(waiver.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(waiver.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(waiver.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    waiver.enable!
+    expect(waiver.enabled).to eql(true)
+    expect(waiver.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_waiver_enabled).with(waiver)
+    waiver.enable!
+  end
+
+  it "can be disabled by disable!" do
+    waiver.enable!
+    waiver.disable!
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(waiver.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(waiver.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newwaiver = Chef::Compliance::Waiver.from_yaml(events, string, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newwaiver = Chef::Compliance::Waiver.from_file(events, tempfile.path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newwaiver = Chef::Compliance::Waiver.from_hash(events, data, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+end

data/spec/unit/http/basic_client_spec.rb

@@ -47,6 +47,36 @@ describe "HTTP Connection" do
       expect(Net::HTTP).to receive(:new).and_return(net_http_mock)
       expect(basic_client.http_client).to eql(net_http_mock)
     end
+
+    it "allows setting net-http accessor options" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        "continue_timeout" => 5,
+        "max_retries" => 5,
+        "read_timeout" => 5,
+        "write_timeout" => 5,
+        "ssl_timeout" => 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
+
+    it "allows setting net-http accssor options as symbols" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        continue_timeout: 5,
+        max_retries: 5,
+        read_timeout: 5,
+        write_timeout: 5,
+        ssl_timeout: 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
   end
 
   describe "#build_http_client" do

data/spec/unit/http_spec.rb

@@ -46,13 +46,19 @@ describe Chef::HTTP do
   describe "#initialize" do
     it "accepts a keepalive option and passes it to the http_client" do
       http = Chef::HTTP.new(uri, keepalives: true)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: true).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: true).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
 
     it "the default is not to use keepalives" do
       http = Chef::HTTP.new(uri)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: false).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: false).and_call_original
+      expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
+    end
+
+    it "allows setting the nethttp options hash" do
+      http = Chef::HTTP.new(uri, { nethttp: { "continue_timeout" => 5 } })
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: { "continue_timeout" => 5 }, keepalives: false).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
   end

data/spec/unit/provider/link_spec.rb

@@ -125,7 +125,7 @@ describe Chef::Resource::Link do
 
   describe "when the target doesn't exist" do
     before do
-      allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
+      allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
       allow(provider.file_class).to receive(:symlink?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
       provider.load_current_resource
     end
@@ -152,13 +152,16 @@ describe Chef::Resource::Link do
       allow(stat).to receive(:mode).and_return(0755)
       allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(stat)
 
-      allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(true)
+      # XXX: this might be broken?  it preserves prior behavior in the specs caused by File.exist?/exists? interactions
+      allow(Chef::ScanAccessControl).to receive(:new).and_return(instance_double(Chef::ScanAccessControl, set_all!: nil))
+
+      allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(true)
       allow(provider.file_class).to receive(:symlink?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
     end
 
     describe "and the source does not exist" do
       before do
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(false)
+        expect(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(false)
         provider.load_current_resource
       end
 
@@ -185,7 +188,7 @@ describe Chef::Resource::Link do
 
         allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile").and_return(stat)
 
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
+        allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
         provider.load_current_resource
       end
 
@@ -212,7 +215,7 @@ describe Chef::Resource::Link do
 
         allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile").and_return(stat)
 
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
+        allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
         provider.load_current_resource
       end
 
@@ -262,6 +265,9 @@ describe Chef::Resource::Link do
         "#{CHEF_SPEC_DATA}/fofile-link"
       ).and_return(stat)
 
+      # XXX: this might be broken?  it preserves prior behavior in the specs caused by File.exist?/exists? interactions
+      allow(Chef::ScanAccessControl).to receive(:new).and_return(instance_double(Chef::ScanAccessControl, set_all!: nil))
+
       provider.load_current_resource
     end
 
@@ -336,10 +342,10 @@ describe Chef::Resource::Link do
           "#{CHEF_SPEC_DATA}/fofile-link"
         ).and_return(false)
 
-        allow(File).to receive(:exists?).with(
+        allow(File).to receive(:exist?).with(
           "#{CHEF_SPEC_DATA}/fofile-link"
         ).and_return(true)
-        allow(File).to receive(:exists?).with(
+        allow(File).to receive(:exist?).with(
           "#{CHEF_SPEC_DATA}/fofile"
         ).and_return(true)
 

data/spec/unit/provider/remote_file/http_spec.rb

@@ -321,4 +321,14 @@ describe Chef::Provider::RemoteFile::HTTP do
 
   end
 
+  describe "#http_client_opts" do
+    before do
+      new_resource.http_options({ retries: 2, retry_delay: 3 })
+    end
+
+    it "should set http client options" do
+      expect(fetcher.send(:http_client_opts)).to eq({ retries: 2, retry_delay: 3 })
+    end
+  end
+
 end

data/spec/unit/provider/template_spec.rb

@@ -50,7 +50,7 @@ describe Chef::Provider::Template do
 
   let(:content) do
     content = double("Chef::Provider::File::Content::Template", template_location: "/foo/bar/baz")
-    allow(File).to receive(:exists?).with("/foo/bar/baz").and_return(true)
+    allow(File).to receive(:exist?).with("/foo/bar/baz").and_return(true)
     content
   end
 
@@ -76,7 +76,7 @@ describe Chef::Provider::Template do
     it "stops executing when the local template source can't be found" do
       setup_normal_file
       allow(content).to receive(:template_location).and_return("/baz/bar/foo")
-      allow(File).to receive(:exists?).with("/baz/bar/foo").and_return(false)
+      allow(File).to receive(:exist?).with("/baz/bar/foo").and_return(false)
       expect { provider.run_action(:create) }.to raise_error Chef::Mixin::WhyRun::ResourceRequirements::Assertion::AssertionFailure
     end