chef 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. checksums.yaml +4 -4
  2. data/chef.gemspec +2 -0
  3. data/lib/chef/application/base.rb +11 -1
  4. data/lib/chef/client.rb +1 -2
  5. data/lib/chef/compliance/input.rb +115 -0
  6. data/lib/chef/compliance/input_collection.rb +139 -0
  7. data/lib/chef/compliance/profile.rb +122 -0
  8. data/lib/chef/compliance/profile_collection.rb +109 -0
  9. data/lib/chef/compliance/runner.rb +47 -5
  10. data/lib/chef/compliance/waiver.rb +115 -0
  11. data/lib/chef/compliance/waiver_collection.rb +143 -0
  12. data/lib/chef/dsl/compliance.rb +38 -0
  13. data/lib/chef/dsl/reader_helpers.rb +51 -0
  14. data/lib/chef/dsl/recipe.rb +4 -2
  15. data/lib/chef/dsl/secret.rb +2 -4
  16. data/lib/chef/dsl/universal.rb +2 -0
  17. data/lib/chef/event_dispatch/base.rb +44 -2
  18. data/lib/chef/formatters/doc.rb +46 -0
  19. data/lib/chef/http/basic_client.rb +15 -7
  20. data/lib/chef/http.rb +7 -3
  21. data/lib/chef/provider/file.rb +2 -0
  22. data/lib/chef/provider/link.rb +2 -2
  23. data/lib/chef/provider/registry_key.rb +3 -2
  24. data/lib/chef/provider/remote_file/http.rb +1 -1
  25. data/lib/chef/provider/template.rb +1 -1
  26. data/lib/chef/resource/archive_file.rb +17 -14
  27. data/lib/chef/resource/chef_client_scheduled_task.rb +45 -2
  28. data/lib/chef/resource/chocolatey_config.rb +13 -13
  29. data/lib/chef/resource/file/verification/json.rb +50 -0
  30. data/lib/chef/resource/file/verification/yaml.rb +52 -0
  31. data/lib/chef/resource/inspec_input.rb +128 -0
  32. data/lib/chef/resource/inspec_waiver.rb +185 -0
  33. data/lib/chef/resource/mount.rb +1 -1
  34. data/lib/chef/resource/registry_key.rb +36 -48
  35. data/lib/chef/resource/remote_file.rb +98 -2
  36. data/lib/chef/resource/timezone.rb +2 -2
  37. data/lib/chef/resource/user_ulimit.rb +1 -0
  38. data/lib/chef/resource/windows_printer.rb +1 -1
  39. data/lib/chef/resource/windows_uac.rb +3 -1
  40. data/lib/chef/resource/windows_user_privilege.rb +1 -1
  41. data/lib/chef/resources.rb +2 -0
  42. data/lib/chef/run_context/cookbook_compiler.rb +112 -28
  43. data/lib/chef/run_context.rb +31 -1
  44. data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
  45. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +1 -1
  46. data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
  47. data/lib/chef/secret_fetcher/base.rb +1 -1
  48. data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
  49. data/lib/chef/secret_fetcher.rb +8 -2
  50. data/lib/chef/version.rb +1 -1
  51. data/spec/data/archive_file/test_archive.tar.gz +0 -0
  52. data/spec/functional/resource/archive_file_spec.rb +87 -0
  53. data/spec/functional/resource/group_spec.rb +5 -1
  54. data/spec/functional/resource/link_spec.rb +8 -0
  55. data/spec/integration/compliance/compliance_spec.rb +60 -0
  56. data/spec/spec_helper.rb +3 -0
  57. data/spec/support/platform_helpers.rb +4 -0
  58. data/spec/support/ruby_installer.rb +51 -0
  59. data/spec/unit/compliance/input_spec.rb +104 -0
  60. data/spec/unit/compliance/profile_spec.rb +120 -0
  61. data/spec/unit/compliance/waiver_spec.rb +104 -0
  62. data/spec/unit/http/basic_client_spec.rb +30 -0
  63. data/spec/unit/http_spec.rb +8 -2
  64. data/spec/unit/provider/link_spec.rb +13 -7
  65. data/spec/unit/provider/remote_file/http_spec.rb +10 -0
  66. data/spec/unit/provider/template_spec.rb +2 -2
  67. data/spec/unit/resource/archive_file_spec.rb +414 -3
  68. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
  69. data/spec/unit/resource/file/verification/json_spec.rb +72 -0
  70. data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
  71. data/spec/unit/resource/inspec_input_spec.rb +300 -0
  72. data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
  73. data/spec/unit/resource/mount_spec.rb +10 -0
  74. data/spec/unit/resource/user_ulimit_spec.rb +14 -1
  75. data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
  76. data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
  77. data/tasks/rspec.rb +2 -1
  78. metadata +60 -6
@@ -0,0 +1,300 @@
1
+ #
2
+ # Copyright:: Copyright (c) Chef Software Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require "spec_helper"
19
+
20
+ describe Chef::Resource::InspecInput do
21
+ def load_input(filename)
22
+ path = "/var/chef/cache/cookbooks/acme_compliance/compliance/inputs/#{filename}"
23
+ run_context.input_collection << Chef::Compliance::Input.from_yaml(events, input_yaml, path, "acme_compliance")
24
+ end
25
+
26
+ let(:node) { Chef::Node.new }
27
+ let(:events) { Chef::EventDispatch::Dispatcher.new }
28
+ let(:run_context) do
29
+ Chef::RunContext.new(node, {}, events).tap do |rc|
30
+ end
31
+ end
32
+ let(:collection) { double("resource collection") }
33
+ let(:input_yaml) do
34
+ <<~EOH
35
+ ssh_custom_path: "/whatever2"
36
+ EOH
37
+ end
38
+ let(:input_json) do
39
+ <<~EOH
40
+ { "ssh_custom_path": "/whatever2" }
41
+ EOH
42
+ end
43
+ let(:input_toml) do
44
+ <<~EOH
45
+ ssh_custom_path = "/whatever2"
46
+ EOH
47
+ end
48
+ let(:input_hash) do
49
+ { ssh_custom_path: "/whatever2" }
50
+ end
51
+ let(:resource) do
52
+ Chef::Resource::InspecInput.new("ssh-01", run_context)
53
+ end
54
+ let(:provider) { resource.provider_for_action(:add) }
55
+
56
+ before do
57
+ allow(run_context).to receive(:resource_collection).and_return(collection)
58
+ end
59
+
60
+ it "sets the default action as :add" do
61
+ expect(resource.action).to eql([:add])
62
+ end
63
+
64
+ context "with a input in a cookbook" do
65
+ it "enables the input by the name of the cookbook" do
66
+ load_input("default.yml")
67
+ resource.name "acme_compliance"
68
+ resource.run_action(:add)
69
+ expect(run_context.input_collection.first).to be_enabled
70
+ expect(resource).not_to be_updated_by_last_action
71
+ end
72
+
73
+ it "enables the input with a regular expression for the cookbook" do
74
+ load_input("default.yml")
75
+ resource.name "acme_comp.*"
76
+ resource.run_action(:add)
77
+ expect(run_context.input_collection.first).to be_enabled
78
+ expect(resource).not_to be_updated_by_last_action
79
+ end
80
+
81
+ it "enables the input with an explicit name" do
82
+ load_input("default.yml")
83
+ resource.name "acme_compliance::default"
84
+ resource.run_action(:add)
85
+ expect(run_context.input_collection.first).to be_enabled
86
+ expect(resource).not_to be_updated_by_last_action
87
+ end
88
+
89
+ it "fails when the cookbook name is wrong" do
90
+ load_input("default.yml")
91
+ resource.name "evil_compliance"
92
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
93
+ expect(resource).not_to be_updated_by_last_action
94
+ end
95
+
96
+ it "enables the input when its not named default" do
97
+ load_input("ssh01.yml")
98
+ resource.name "acme_compliance::ssh01"
99
+ resource.run_action(:add)
100
+ expect(run_context.input_collection.first).to be_enabled
101
+ expect(resource).not_to be_updated_by_last_action
102
+ end
103
+
104
+ it "fails when it is not named default and you attempt to enable the default" do
105
+ load_input("ssh01.yml")
106
+ resource.name "acme_compliance"
107
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
108
+ expect(resource).not_to be_updated_by_last_action
109
+ end
110
+
111
+ it "succeeds with a regexp that matches the cookbook name" do
112
+ load_input("ssh01.yml")
113
+ resource.name "acme_comp.*::ssh01"
114
+ resource.run_action(:add)
115
+ expect(run_context.input_collection.first).to be_enabled
116
+ expect(resource).not_to be_updated_by_last_action
117
+ end
118
+
119
+ it "succeeds with a regexp that matches the file name" do
120
+ load_input("ssh01.yml")
121
+ resource.name "acme_compliance::ssh.*"
122
+ resource.run_action(:add)
123
+ expect(run_context.input_collection.first).to be_enabled
124
+ expect(resource).not_to be_updated_by_last_action
125
+ end
126
+
127
+ it "succeeds with a regexps for both the file name and cookbook name" do
128
+ load_input("ssh01.yml")
129
+ resource.name "acme_comp.*::ssh.*"
130
+ resource.run_action(:add)
131
+ expect(run_context.input_collection.first).to be_enabled
132
+ expect(resource).not_to be_updated_by_last_action
133
+ end
134
+
135
+ it "fails with regexps that do not match" do
136
+ load_input("ssh01.yml")
137
+ resource.name "evil_comp.*::etcd.*"
138
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
139
+ end
140
+
141
+ it "substring matches without regexps should fail when they are at the end" do
142
+ load_input("ssh01.yml")
143
+ resource.name "acme_complianc::ssh0"
144
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
145
+ end
146
+
147
+ it "substring matches without regexps should fail when they are at the start" do
148
+ load_input("ssh01.yml")
149
+ resource.name "cme_compliance::sh01"
150
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
151
+ end
152
+ end
153
+
154
+ context "with a input in a file" do
155
+ it "loads a YAML file" do
156
+ tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
157
+ tempfile.write input_yaml
158
+ tempfile.close
159
+ resource.name tempfile.path
160
+
161
+ resource.run_action(:add)
162
+
163
+ expect(run_context.input_collection.first).to be_enabled
164
+ expect(run_context.input_collection.size).to be 1
165
+ expect(run_context.input_collection.first.cookbook_name).to be nil
166
+ expect(run_context.input_collection.first.path).to be nil
167
+ expect(run_context.input_collection.first.pathname).to be nil
168
+ expect(resource).not_to be_updated_by_last_action
169
+ end
170
+
171
+ it "loads a YAML file in a source attribute" do
172
+ tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
173
+ tempfile.write input_yaml
174
+ tempfile.close
175
+ resource.name "my-resource-name"
176
+ resource.source tempfile.path
177
+
178
+ resource.run_action(:add)
179
+
180
+ expect(run_context.input_collection.first).to be_enabled
181
+ expect(run_context.input_collection.size).to be 1
182
+ expect(run_context.input_collection.first.cookbook_name).to be nil
183
+ expect(run_context.input_collection.first.path).to be nil
184
+ expect(run_context.input_collection.first.pathname).to be nil
185
+ expect(resource).not_to be_updated_by_last_action
186
+ end
187
+
188
+ it "loads a YML file" do
189
+ tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
190
+ tempfile.write input_yaml
191
+ tempfile.close
192
+ resource.name tempfile.path
193
+
194
+ resource.run_action(:add)
195
+
196
+ expect(run_context.input_collection.first).to be_enabled
197
+ expect(run_context.input_collection.size).to be 1
198
+ expect(run_context.input_collection.first.cookbook_name).to be nil
199
+ expect(run_context.input_collection.first.path).to be nil
200
+ expect(run_context.input_collection.first.pathname).to be nil
201
+ expect(resource).not_to be_updated_by_last_action
202
+ end
203
+
204
+ it "loads a YML file using the source attribute" do
205
+ tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
206
+ tempfile.write input_yaml
207
+ tempfile.close
208
+ resource.name "my-resource-name"
209
+ resource.source tempfile.path
210
+
211
+ resource.run_action(:add)
212
+
213
+ expect(run_context.input_collection.first).to be_enabled
214
+ expect(run_context.input_collection.size).to be 1
215
+ expect(run_context.input_collection.first.cookbook_name).to be nil
216
+ expect(run_context.input_collection.first.path).to be nil
217
+ expect(run_context.input_collection.first.pathname).to be nil
218
+ expect(resource).not_to be_updated_by_last_action
219
+ end
220
+
221
+ it "loads a JSON file" do
222
+ tempfile = Tempfile.new(["spec-compliance-test", ".json"])
223
+ tempfile.write input_json
224
+ tempfile.close
225
+ resource.name tempfile.path
226
+
227
+ resource.run_action(:add)
228
+
229
+ expect(run_context.input_collection.first).to be_enabled
230
+ expect(run_context.input_collection.size).to be 1
231
+ expect(run_context.input_collection.first.cookbook_name).to be nil
232
+ expect(run_context.input_collection.first.path).to be nil
233
+ expect(run_context.input_collection.first.pathname).to be nil
234
+ expect(resource).not_to be_updated_by_last_action
235
+ end
236
+
237
+ it "loads a JSON file using the source attribute" do
238
+ tempfile = Tempfile.new(["spec-compliance-test", ".json"])
239
+ tempfile.write input_json
240
+ tempfile.close
241
+ resource.name "my-resource-name"
242
+ resource.source tempfile.path
243
+
244
+ resource.run_action(:add)
245
+
246
+ expect(run_context.input_collection.first).to be_enabled
247
+ expect(run_context.input_collection.size).to be 1
248
+ expect(run_context.input_collection.first.cookbook_name).to be nil
249
+ expect(run_context.input_collection.first.path).to be nil
250
+ expect(run_context.input_collection.first.pathname).to be nil
251
+ expect(resource).not_to be_updated_by_last_action
252
+ end
253
+
254
+ it "loads a TOML file" do
255
+ tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
256
+ tempfile.write input_toml
257
+ tempfile.close
258
+ resource.name tempfile.path
259
+
260
+ resource.run_action(:add)
261
+
262
+ expect(run_context.input_collection.first).to be_enabled
263
+ expect(run_context.input_collection.size).to be 1
264
+ expect(run_context.input_collection.first.cookbook_name).to be nil
265
+ expect(run_context.input_collection.first.path).to be nil
266
+ expect(run_context.input_collection.first.pathname).to be nil
267
+ expect(resource).not_to be_updated_by_last_action
268
+ end
269
+
270
+ it "loads a TOML file using the source attribute" do
271
+ tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
272
+ tempfile.write input_toml
273
+ tempfile.close
274
+ resource.name "my-resource-name"
275
+ resource.source tempfile.path
276
+
277
+ resource.run_action(:add)
278
+
279
+ expect(run_context.input_collection.first).to be_enabled
280
+ expect(run_context.input_collection.size).to be 1
281
+ expect(run_context.input_collection.first.cookbook_name).to be nil
282
+ expect(run_context.input_collection.first.path).to be nil
283
+ expect(run_context.input_collection.first.pathname).to be nil
284
+ expect(resource).not_to be_updated_by_last_action
285
+ end
286
+
287
+ it "loads a Hash" do
288
+ resource.source input_hash
289
+
290
+ resource.run_action(:add)
291
+
292
+ expect(run_context.input_collection.first).to be_enabled
293
+ expect(run_context.input_collection.size).to be 1
294
+ expect(run_context.input_collection.first.cookbook_name).to be nil
295
+ expect(run_context.input_collection.first.path).to be nil
296
+ expect(run_context.input_collection.first.pathname).to be nil
297
+ expect(resource).not_to be_updated_by_last_action
298
+ end
299
+ end
300
+ end
@@ -0,0 +1,312 @@
1
+ #
2
+ # Copyright:: Copyright (c) Chef Software Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require "spec_helper"
19
+
20
+ describe Chef::Resource::InspecWaiver do
21
+ def load_waiver(filename)
22
+ path = "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/#{filename}"
23
+ run_context.waiver_collection << Chef::Compliance::Waiver.from_yaml(events, waiver_yaml, path, "acme_compliance")
24
+ end
25
+
26
+ let(:node) { Chef::Node.new }
27
+ let(:events) { Chef::EventDispatch::Dispatcher.new }
28
+ let(:run_context) do
29
+ Chef::RunContext.new(node, {}, events).tap do |rc|
30
+ end
31
+ end
32
+ let(:collection) { double("resource collection") }
33
+ let(:waiver_yaml) do
34
+ <<~EOH
35
+ ssh-01:
36
+ expiration_date: 2033-07-31
37
+ run: false
38
+ justification: "waived, yo"
39
+ EOH
40
+ end
41
+ let(:waiver_json) do
42
+ <<~EOH
43
+ { "ssh-01": {
44
+ "expiration_date": "2033-07-31",
45
+ "run": false,
46
+ "justification": "waived, yo"
47
+ } }
48
+ EOH
49
+ end
50
+ let(:waiver_toml) do
51
+ <<~EOH
52
+ [ssh-01]
53
+ expiration_date = 2033-07-31T00:00:00.000Z
54
+ run = false
55
+ justification = "waived, yo"
56
+ EOH
57
+ end
58
+ let(:waiver_hash) do
59
+ { "ssh-01" => {
60
+ "expiration_date" => "2033-07-31",
61
+ "run" => false,
62
+ "justification" => "waived, yo",
63
+ } }
64
+ end
65
+ let(:resource) do
66
+ Chef::Resource::InspecWaiver.new("ssh-01", run_context)
67
+ end
68
+ let(:provider) { resource.provider_for_action(:add) }
69
+
70
+ before do
71
+ allow(run_context).to receive(:resource_collection).and_return(collection)
72
+ end
73
+
74
+ it "sets the default action as :add" do
75
+ expect(resource.action).to eql([:add])
76
+ end
77
+
78
+ context "with a waiver in a cookbook" do
79
+ it "enables the waiver by the name of the cookbook" do
80
+ load_waiver("default.yml")
81
+ resource.name "acme_compliance"
82
+ resource.run_action(:add)
83
+ expect(run_context.waiver_collection.first).to be_enabled
84
+ expect(resource).not_to be_updated_by_last_action
85
+ end
86
+
87
+ it "enables the waiver with a regular expression for the cookbook" do
88
+ load_waiver("default.yml")
89
+ resource.name "acme_comp.*"
90
+ resource.run_action(:add)
91
+ expect(run_context.waiver_collection.first).to be_enabled
92
+ expect(resource).not_to be_updated_by_last_action
93
+ end
94
+
95
+ it "enables the waiver with an explicit name" do
96
+ load_waiver("default.yml")
97
+ resource.name "acme_compliance::default"
98
+ resource.run_action(:add)
99
+ expect(run_context.waiver_collection.first).to be_enabled
100
+ expect(resource).not_to be_updated_by_last_action
101
+ end
102
+
103
+ it "fails when the cookbook name is wrong" do
104
+ load_waiver("default.yml")
105
+ resource.name "evil_compliance"
106
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
107
+ end
108
+
109
+ it "enables the waiver when its not named default" do
110
+ load_waiver("ssh01.yml")
111
+ resource.name "acme_compliance::ssh01"
112
+ resource.run_action(:add)
113
+ expect(run_context.waiver_collection.first).to be_enabled
114
+ expect(resource).not_to be_updated_by_last_action
115
+ end
116
+
117
+ it "fails when it is not named default and you attempt to enable the default" do
118
+ load_waiver("ssh01.yml")
119
+ resource.name "acme_compliance"
120
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
121
+ end
122
+
123
+ it "succeeds with a regexp that matches the cookbook name" do
124
+ load_waiver("ssh01.yml")
125
+ resource.name "acme_comp.*::ssh01"
126
+ resource.run_action(:add)
127
+ expect(run_context.waiver_collection.first).to be_enabled
128
+ expect(resource).not_to be_updated_by_last_action
129
+ end
130
+
131
+ it "succeeds with a regexp that matches the file name" do
132
+ load_waiver("ssh01.yml")
133
+ resource.name "acme_compliance::ssh.*"
134
+ resource.run_action(:add)
135
+ expect(run_context.waiver_collection.first).to be_enabled
136
+ expect(resource).not_to be_updated_by_last_action
137
+ end
138
+
139
+ it "succeeds with a regexps for both the file name and cookbook name" do
140
+ load_waiver("ssh01.yml")
141
+ resource.name "acme_comp.*::ssh.*"
142
+ resource.run_action(:add)
143
+ expect(run_context.waiver_collection.first).to be_enabled
144
+ expect(resource).not_to be_updated_by_last_action
145
+ end
146
+
147
+ it "fails with regexps that do not match" do
148
+ load_waiver("ssh01.yml")
149
+ resource.name "evil_comp.*::etcd.*"
150
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
151
+ end
152
+
153
+ it "substring matches without regexps should fail when they are at the end" do
154
+ load_waiver("ssh01.yml")
155
+ resource.name "acme_complianc::ssh0"
156
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
157
+ end
158
+
159
+ it "substring matches without regexps should fail when they are at the start" do
160
+ load_waiver("ssh01.yml")
161
+ resource.name "cme_compliance::sh01"
162
+ expect { resource.run_action(:add) }.to raise_error(StandardError)
163
+ end
164
+ end
165
+
166
+ context "with a waiver in a file" do
167
+ it "loads a YAML file" do
168
+ tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
169
+ tempfile.write waiver_yaml
170
+ tempfile.close
171
+ resource.name tempfile.path
172
+
173
+ resource.run_action(:add)
174
+
175
+ expect(run_context.waiver_collection.first).to be_enabled
176
+ expect(run_context.waiver_collection.size).to be 1
177
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
178
+ expect(run_context.waiver_collection.first.path).to be nil
179
+ expect(run_context.waiver_collection.first.pathname).to be nil
180
+ expect(resource).not_to be_updated_by_last_action
181
+ end
182
+
183
+ it "loads a YAML file in a source attribute" do
184
+ tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
185
+ tempfile.write waiver_yaml
186
+ tempfile.close
187
+ resource.name "my-resource-name"
188
+ resource.source tempfile.path
189
+
190
+ resource.run_action(:add)
191
+
192
+ expect(run_context.waiver_collection.first).to be_enabled
193
+ expect(run_context.waiver_collection.size).to be 1
194
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
195
+ expect(run_context.waiver_collection.first.path).to be nil
196
+ expect(run_context.waiver_collection.first.pathname).to be nil
197
+ expect(resource).not_to be_updated_by_last_action
198
+ end
199
+
200
+ it "loads a YML file" do
201
+ tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
202
+ tempfile.write waiver_yaml
203
+ tempfile.close
204
+ resource.name tempfile.path
205
+
206
+ resource.run_action(:add)
207
+
208
+ expect(run_context.waiver_collection.first).to be_enabled
209
+ expect(run_context.waiver_collection.size).to be 1
210
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
211
+ expect(run_context.waiver_collection.first.path).to be nil
212
+ expect(run_context.waiver_collection.first.pathname).to be nil
213
+ expect(resource).not_to be_updated_by_last_action
214
+ end
215
+
216
+ it "loads a YML file using the source attribute" do
217
+ tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
218
+ tempfile.write waiver_yaml
219
+ tempfile.close
220
+ resource.name "my-resource-name"
221
+ resource.source tempfile.path
222
+
223
+ resource.run_action(:add)
224
+
225
+ expect(run_context.waiver_collection.first).to be_enabled
226
+ expect(run_context.waiver_collection.size).to be 1
227
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
228
+ expect(run_context.waiver_collection.first.path).to be nil
229
+ expect(run_context.waiver_collection.first.pathname).to be nil
230
+ expect(resource).not_to be_updated_by_last_action
231
+ end
232
+
233
+ it "loads a JSON file" do
234
+ tempfile = Tempfile.new(["spec-compliance-test", ".json"])
235
+ tempfile.write waiver_json
236
+ tempfile.close
237
+ resource.name tempfile.path
238
+
239
+ resource.run_action(:add)
240
+
241
+ expect(run_context.waiver_collection.first).to be_enabled
242
+ expect(run_context.waiver_collection.size).to be 1
243
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
244
+ expect(run_context.waiver_collection.first.path).to be nil
245
+ expect(run_context.waiver_collection.first.pathname).to be nil
246
+ expect(resource).not_to be_updated_by_last_action
247
+ end
248
+
249
+ it "loads a JSON file using the source attribute" do
250
+ tempfile = Tempfile.new(["spec-compliance-test", ".json"])
251
+ tempfile.write waiver_json
252
+ tempfile.close
253
+ resource.name "my-resource-name"
254
+ resource.source tempfile.path
255
+
256
+ resource.run_action(:add)
257
+
258
+ expect(run_context.waiver_collection.first).to be_enabled
259
+ expect(run_context.waiver_collection.size).to be 1
260
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
261
+ expect(run_context.waiver_collection.first.path).to be nil
262
+ expect(run_context.waiver_collection.first.pathname).to be nil
263
+ expect(resource).not_to be_updated_by_last_action
264
+ end
265
+
266
+ it "loads a TOML file" do
267
+ tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
268
+ tempfile.write waiver_toml
269
+ tempfile.close
270
+ resource.name tempfile.path
271
+
272
+ resource.run_action(:add)
273
+
274
+ expect(run_context.waiver_collection.first).to be_enabled
275
+ expect(run_context.waiver_collection.size).to be 1
276
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
277
+ expect(run_context.waiver_collection.first.path).to be nil
278
+ expect(run_context.waiver_collection.first.pathname).to be nil
279
+ expect(resource).not_to be_updated_by_last_action
280
+ end
281
+
282
+ it "loads a TOML file using the source attribute" do
283
+ tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
284
+ tempfile.write waiver_toml
285
+ tempfile.close
286
+ resource.name "my-resource-name"
287
+ resource.source tempfile.path
288
+
289
+ resource.run_action(:add)
290
+
291
+ expect(run_context.waiver_collection.first).to be_enabled
292
+ expect(run_context.waiver_collection.size).to be 1
293
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
294
+ expect(run_context.waiver_collection.first.path).to be nil
295
+ expect(run_context.waiver_collection.first.pathname).to be nil
296
+ expect(resource).not_to be_updated_by_last_action
297
+ end
298
+
299
+ it "loads a Hash" do
300
+ resource.source waiver_hash
301
+
302
+ resource.run_action(:add)
303
+
304
+ expect(run_context.waiver_collection.first).to be_enabled
305
+ expect(run_context.waiver_collection.size).to be 1
306
+ expect(run_context.waiver_collection.first.cookbook_name).to be nil
307
+ expect(run_context.waiver_collection.first.path).to be nil
308
+ expect(run_context.waiver_collection.first.pathname).to be nil
309
+ expect(resource).not_to be_updated_by_last_action
310
+ end
311
+ end
312
+ end
@@ -59,6 +59,16 @@ describe Chef::Resource::Mount do
59
59
  expect(resource.mount_point).to eql("//192.168.11.102/Share/backup")
60
60
  end
61
61
 
62
+ it "does not strip slash when mount_point is root directory" do
63
+ resource.mount_point "/"
64
+ expect(resource.mount_point).to eql("/")
65
+ end
66
+
67
+ it "does not strip slash when mount_point is root of network mount" do
68
+ resource.mount_point "127.0.0.1:/"
69
+ expect(resource.mount_point).to eql("127.0.0.1:/")
70
+ end
71
+
62
72
  it "raises error when mount_point property is not set" do
63
73
  expect { resource.mount_point nil }.to raise_error(Chef::Exceptions::ValidationFailed, "Property mount_point must be one of: String! You passed nil.")
64
74
  end
@@ -17,7 +17,6 @@
17
17
  #
18
18
 
19
19
  require "spec_helper"
20
-
21
20
  describe Chef::Resource::UserUlimit do
22
21
  let(:node) { Chef::Node.new }
23
22
  let(:events) { Chef::EventDispatch::Dispatcher.new }
@@ -50,4 +49,18 @@ describe Chef::Resource::UserUlimit do
50
49
  expect { resource.action :create }.not_to raise_error
51
50
  expect { resource.action :delete }.not_to raise_error
52
51
  end
52
+
53
+ describe "sensitive attribute" do
54
+ context "should be insensitive by default" do
55
+ it { expect(resource.sensitive).to(be_falsey) }
56
+ end
57
+
58
+ context "when set" do
59
+ before { resource.sensitive(true) }
60
+
61
+ it "should be set on the resource" do
62
+ expect(resource.sensitive).to(be_truthy)
63
+ end
64
+ end
65
+ end
53
66
  end
@@ -0,0 +1,37 @@
1
+ #
2
+ # Author:: Marc Paradise <marc@chef.io>
3
+ # Copyright:: Copyright (c) Chef Software Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require_relative "../../spec_helper"
20
+ require "chef/secret_fetcher/akeyless_vault"
21
+
22
+ describe Chef::SecretFetcher::AKeylessVault do
23
+ let(:node) { {} }
24
+ let(:run_context) { double("run_context", node: node) }
25
+
26
+ context "when validating provided AKeyless Vault configuration" do
27
+ it "raises ConfigurationInvalid when :secret_access_key is not provided" do
28
+ fetcher = Chef::SecretFetcher::AKeylessVault.new( { access_id: "provided" }, run_context)
29
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:secret_access_key/)
30
+ end
31
+
32
+ it "raises ConfigurationInvalid when :access_key_id is not provided" do
33
+ fetcher = Chef::SecretFetcher::AKeylessVault.new( { access_key: "provided" }, run_context)
34
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:access_key_id/)
35
+ end
36
+ end
37
+ end