chef 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/chef.gemspec +2 -0
- data/lib/chef/application/base.rb +11 -1
- data/lib/chef/client.rb +1 -2
- data/lib/chef/compliance/input.rb +115 -0
- data/lib/chef/compliance/input_collection.rb +139 -0
- data/lib/chef/compliance/profile.rb +122 -0
- data/lib/chef/compliance/profile_collection.rb +109 -0
- data/lib/chef/compliance/runner.rb +47 -5
- data/lib/chef/compliance/waiver.rb +115 -0
- data/lib/chef/compliance/waiver_collection.rb +143 -0
- data/lib/chef/dsl/compliance.rb +38 -0
- data/lib/chef/dsl/reader_helpers.rb +51 -0
- data/lib/chef/dsl/recipe.rb +4 -2
- data/lib/chef/dsl/secret.rb +2 -4
- data/lib/chef/dsl/universal.rb +2 -0
- data/lib/chef/event_dispatch/base.rb +44 -2
- data/lib/chef/formatters/doc.rb +46 -0
- data/lib/chef/http/basic_client.rb +15 -7
- data/lib/chef/http.rb +7 -3
- data/lib/chef/provider/file.rb +2 -0
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/registry_key.rb +3 -2
- data/lib/chef/provider/remote_file/http.rb +1 -1
- data/lib/chef/provider/template.rb +1 -1
- data/lib/chef/resource/archive_file.rb +17 -14
- data/lib/chef/resource/chef_client_scheduled_task.rb +45 -2
- data/lib/chef/resource/chocolatey_config.rb +13 -13
- data/lib/chef/resource/file/verification/json.rb +50 -0
- data/lib/chef/resource/file/verification/yaml.rb +52 -0
- data/lib/chef/resource/inspec_input.rb +128 -0
- data/lib/chef/resource/inspec_waiver.rb +185 -0
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/registry_key.rb +36 -48
- data/lib/chef/resource/remote_file.rb +98 -2
- data/lib/chef/resource/timezone.rb +2 -2
- data/lib/chef/resource/user_ulimit.rb +1 -0
- data/lib/chef/resource/windows_printer.rb +1 -1
- data/lib/chef/resource/windows_uac.rb +3 -1
- data/lib/chef/resource/windows_user_privilege.rb +1 -1
- data/lib/chef/resources.rb +2 -0
- data/lib/chef/run_context/cookbook_compiler.rb +112 -28
- data/lib/chef/run_context.rb +31 -1
- data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +1 -1
- data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
- data/lib/chef/secret_fetcher/base.rb +1 -1
- data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
- data/lib/chef/secret_fetcher.rb +8 -2
- data/lib/chef/version.rb +1 -1
- data/spec/data/archive_file/test_archive.tar.gz +0 -0
- data/spec/functional/resource/archive_file_spec.rb +87 -0
- data/spec/functional/resource/group_spec.rb +5 -1
- data/spec/functional/resource/link_spec.rb +8 -0
- data/spec/integration/compliance/compliance_spec.rb +60 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +51 -0
- data/spec/unit/compliance/input_spec.rb +104 -0
- data/spec/unit/compliance/profile_spec.rb +120 -0
- data/spec/unit/compliance/waiver_spec.rb +104 -0
- data/spec/unit/http/basic_client_spec.rb +30 -0
- data/spec/unit/http_spec.rb +8 -2
- data/spec/unit/provider/link_spec.rb +13 -7
- data/spec/unit/provider/remote_file/http_spec.rb +10 -0
- data/spec/unit/provider/template_spec.rb +2 -2
- data/spec/unit/resource/archive_file_spec.rb +414 -3
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
- data/spec/unit/resource/file/verification/json_spec.rb +72 -0
- data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
- data/spec/unit/resource/inspec_input_spec.rb +300 -0
- data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
- data/spec/unit/resource/mount_spec.rb +10 -0
- data/spec/unit/resource/user_ulimit_spec.rb +14 -1
- data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
- data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
- data/tasks/rspec.rb +2 -1
- metadata +60 -6
@@ -0,0 +1,300 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "spec_helper"
|
19
|
+
|
20
|
+
describe Chef::Resource::InspecInput do
|
21
|
+
def load_input(filename)
|
22
|
+
path = "/var/chef/cache/cookbooks/acme_compliance/compliance/inputs/#{filename}"
|
23
|
+
run_context.input_collection << Chef::Compliance::Input.from_yaml(events, input_yaml, path, "acme_compliance")
|
24
|
+
end
|
25
|
+
|
26
|
+
let(:node) { Chef::Node.new }
|
27
|
+
let(:events) { Chef::EventDispatch::Dispatcher.new }
|
28
|
+
let(:run_context) do
|
29
|
+
Chef::RunContext.new(node, {}, events).tap do |rc|
|
30
|
+
end
|
31
|
+
end
|
32
|
+
let(:collection) { double("resource collection") }
|
33
|
+
let(:input_yaml) do
|
34
|
+
<<~EOH
|
35
|
+
ssh_custom_path: "/whatever2"
|
36
|
+
EOH
|
37
|
+
end
|
38
|
+
let(:input_json) do
|
39
|
+
<<~EOH
|
40
|
+
{ "ssh_custom_path": "/whatever2" }
|
41
|
+
EOH
|
42
|
+
end
|
43
|
+
let(:input_toml) do
|
44
|
+
<<~EOH
|
45
|
+
ssh_custom_path = "/whatever2"
|
46
|
+
EOH
|
47
|
+
end
|
48
|
+
let(:input_hash) do
|
49
|
+
{ ssh_custom_path: "/whatever2" }
|
50
|
+
end
|
51
|
+
let(:resource) do
|
52
|
+
Chef::Resource::InspecInput.new("ssh-01", run_context)
|
53
|
+
end
|
54
|
+
let(:provider) { resource.provider_for_action(:add) }
|
55
|
+
|
56
|
+
before do
|
57
|
+
allow(run_context).to receive(:resource_collection).and_return(collection)
|
58
|
+
end
|
59
|
+
|
60
|
+
it "sets the default action as :add" do
|
61
|
+
expect(resource.action).to eql([:add])
|
62
|
+
end
|
63
|
+
|
64
|
+
context "with a input in a cookbook" do
|
65
|
+
it "enables the input by the name of the cookbook" do
|
66
|
+
load_input("default.yml")
|
67
|
+
resource.name "acme_compliance"
|
68
|
+
resource.run_action(:add)
|
69
|
+
expect(run_context.input_collection.first).to be_enabled
|
70
|
+
expect(resource).not_to be_updated_by_last_action
|
71
|
+
end
|
72
|
+
|
73
|
+
it "enables the input with a regular expression for the cookbook" do
|
74
|
+
load_input("default.yml")
|
75
|
+
resource.name "acme_comp.*"
|
76
|
+
resource.run_action(:add)
|
77
|
+
expect(run_context.input_collection.first).to be_enabled
|
78
|
+
expect(resource).not_to be_updated_by_last_action
|
79
|
+
end
|
80
|
+
|
81
|
+
it "enables the input with an explicit name" do
|
82
|
+
load_input("default.yml")
|
83
|
+
resource.name "acme_compliance::default"
|
84
|
+
resource.run_action(:add)
|
85
|
+
expect(run_context.input_collection.first).to be_enabled
|
86
|
+
expect(resource).not_to be_updated_by_last_action
|
87
|
+
end
|
88
|
+
|
89
|
+
it "fails when the cookbook name is wrong" do
|
90
|
+
load_input("default.yml")
|
91
|
+
resource.name "evil_compliance"
|
92
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
93
|
+
expect(resource).not_to be_updated_by_last_action
|
94
|
+
end
|
95
|
+
|
96
|
+
it "enables the input when its not named default" do
|
97
|
+
load_input("ssh01.yml")
|
98
|
+
resource.name "acme_compliance::ssh01"
|
99
|
+
resource.run_action(:add)
|
100
|
+
expect(run_context.input_collection.first).to be_enabled
|
101
|
+
expect(resource).not_to be_updated_by_last_action
|
102
|
+
end
|
103
|
+
|
104
|
+
it "fails when it is not named default and you attempt to enable the default" do
|
105
|
+
load_input("ssh01.yml")
|
106
|
+
resource.name "acme_compliance"
|
107
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
108
|
+
expect(resource).not_to be_updated_by_last_action
|
109
|
+
end
|
110
|
+
|
111
|
+
it "succeeds with a regexp that matches the cookbook name" do
|
112
|
+
load_input("ssh01.yml")
|
113
|
+
resource.name "acme_comp.*::ssh01"
|
114
|
+
resource.run_action(:add)
|
115
|
+
expect(run_context.input_collection.first).to be_enabled
|
116
|
+
expect(resource).not_to be_updated_by_last_action
|
117
|
+
end
|
118
|
+
|
119
|
+
it "succeeds with a regexp that matches the file name" do
|
120
|
+
load_input("ssh01.yml")
|
121
|
+
resource.name "acme_compliance::ssh.*"
|
122
|
+
resource.run_action(:add)
|
123
|
+
expect(run_context.input_collection.first).to be_enabled
|
124
|
+
expect(resource).not_to be_updated_by_last_action
|
125
|
+
end
|
126
|
+
|
127
|
+
it "succeeds with a regexps for both the file name and cookbook name" do
|
128
|
+
load_input("ssh01.yml")
|
129
|
+
resource.name "acme_comp.*::ssh.*"
|
130
|
+
resource.run_action(:add)
|
131
|
+
expect(run_context.input_collection.first).to be_enabled
|
132
|
+
expect(resource).not_to be_updated_by_last_action
|
133
|
+
end
|
134
|
+
|
135
|
+
it "fails with regexps that do not match" do
|
136
|
+
load_input("ssh01.yml")
|
137
|
+
resource.name "evil_comp.*::etcd.*"
|
138
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
139
|
+
end
|
140
|
+
|
141
|
+
it "substring matches without regexps should fail when they are at the end" do
|
142
|
+
load_input("ssh01.yml")
|
143
|
+
resource.name "acme_complianc::ssh0"
|
144
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
145
|
+
end
|
146
|
+
|
147
|
+
it "substring matches without regexps should fail when they are at the start" do
|
148
|
+
load_input("ssh01.yml")
|
149
|
+
resource.name "cme_compliance::sh01"
|
150
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
context "with a input in a file" do
|
155
|
+
it "loads a YAML file" do
|
156
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
|
157
|
+
tempfile.write input_yaml
|
158
|
+
tempfile.close
|
159
|
+
resource.name tempfile.path
|
160
|
+
|
161
|
+
resource.run_action(:add)
|
162
|
+
|
163
|
+
expect(run_context.input_collection.first).to be_enabled
|
164
|
+
expect(run_context.input_collection.size).to be 1
|
165
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
166
|
+
expect(run_context.input_collection.first.path).to be nil
|
167
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
168
|
+
expect(resource).not_to be_updated_by_last_action
|
169
|
+
end
|
170
|
+
|
171
|
+
it "loads a YAML file in a source attribute" do
|
172
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
|
173
|
+
tempfile.write input_yaml
|
174
|
+
tempfile.close
|
175
|
+
resource.name "my-resource-name"
|
176
|
+
resource.source tempfile.path
|
177
|
+
|
178
|
+
resource.run_action(:add)
|
179
|
+
|
180
|
+
expect(run_context.input_collection.first).to be_enabled
|
181
|
+
expect(run_context.input_collection.size).to be 1
|
182
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
183
|
+
expect(run_context.input_collection.first.path).to be nil
|
184
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
185
|
+
expect(resource).not_to be_updated_by_last_action
|
186
|
+
end
|
187
|
+
|
188
|
+
it "loads a YML file" do
|
189
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
|
190
|
+
tempfile.write input_yaml
|
191
|
+
tempfile.close
|
192
|
+
resource.name tempfile.path
|
193
|
+
|
194
|
+
resource.run_action(:add)
|
195
|
+
|
196
|
+
expect(run_context.input_collection.first).to be_enabled
|
197
|
+
expect(run_context.input_collection.size).to be 1
|
198
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
199
|
+
expect(run_context.input_collection.first.path).to be nil
|
200
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
201
|
+
expect(resource).not_to be_updated_by_last_action
|
202
|
+
end
|
203
|
+
|
204
|
+
it "loads a YML file using the source attribute" do
|
205
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
|
206
|
+
tempfile.write input_yaml
|
207
|
+
tempfile.close
|
208
|
+
resource.name "my-resource-name"
|
209
|
+
resource.source tempfile.path
|
210
|
+
|
211
|
+
resource.run_action(:add)
|
212
|
+
|
213
|
+
expect(run_context.input_collection.first).to be_enabled
|
214
|
+
expect(run_context.input_collection.size).to be 1
|
215
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
216
|
+
expect(run_context.input_collection.first.path).to be nil
|
217
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
218
|
+
expect(resource).not_to be_updated_by_last_action
|
219
|
+
end
|
220
|
+
|
221
|
+
it "loads a JSON file" do
|
222
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".json"])
|
223
|
+
tempfile.write input_json
|
224
|
+
tempfile.close
|
225
|
+
resource.name tempfile.path
|
226
|
+
|
227
|
+
resource.run_action(:add)
|
228
|
+
|
229
|
+
expect(run_context.input_collection.first).to be_enabled
|
230
|
+
expect(run_context.input_collection.size).to be 1
|
231
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
232
|
+
expect(run_context.input_collection.first.path).to be nil
|
233
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
234
|
+
expect(resource).not_to be_updated_by_last_action
|
235
|
+
end
|
236
|
+
|
237
|
+
it "loads a JSON file using the source attribute" do
|
238
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".json"])
|
239
|
+
tempfile.write input_json
|
240
|
+
tempfile.close
|
241
|
+
resource.name "my-resource-name"
|
242
|
+
resource.source tempfile.path
|
243
|
+
|
244
|
+
resource.run_action(:add)
|
245
|
+
|
246
|
+
expect(run_context.input_collection.first).to be_enabled
|
247
|
+
expect(run_context.input_collection.size).to be 1
|
248
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
249
|
+
expect(run_context.input_collection.first.path).to be nil
|
250
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
251
|
+
expect(resource).not_to be_updated_by_last_action
|
252
|
+
end
|
253
|
+
|
254
|
+
it "loads a TOML file" do
|
255
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
|
256
|
+
tempfile.write input_toml
|
257
|
+
tempfile.close
|
258
|
+
resource.name tempfile.path
|
259
|
+
|
260
|
+
resource.run_action(:add)
|
261
|
+
|
262
|
+
expect(run_context.input_collection.first).to be_enabled
|
263
|
+
expect(run_context.input_collection.size).to be 1
|
264
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
265
|
+
expect(run_context.input_collection.first.path).to be nil
|
266
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
267
|
+
expect(resource).not_to be_updated_by_last_action
|
268
|
+
end
|
269
|
+
|
270
|
+
it "loads a TOML file using the source attribute" do
|
271
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
|
272
|
+
tempfile.write input_toml
|
273
|
+
tempfile.close
|
274
|
+
resource.name "my-resource-name"
|
275
|
+
resource.source tempfile.path
|
276
|
+
|
277
|
+
resource.run_action(:add)
|
278
|
+
|
279
|
+
expect(run_context.input_collection.first).to be_enabled
|
280
|
+
expect(run_context.input_collection.size).to be 1
|
281
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
282
|
+
expect(run_context.input_collection.first.path).to be nil
|
283
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
284
|
+
expect(resource).not_to be_updated_by_last_action
|
285
|
+
end
|
286
|
+
|
287
|
+
it "loads a Hash" do
|
288
|
+
resource.source input_hash
|
289
|
+
|
290
|
+
resource.run_action(:add)
|
291
|
+
|
292
|
+
expect(run_context.input_collection.first).to be_enabled
|
293
|
+
expect(run_context.input_collection.size).to be 1
|
294
|
+
expect(run_context.input_collection.first.cookbook_name).to be nil
|
295
|
+
expect(run_context.input_collection.first.path).to be nil
|
296
|
+
expect(run_context.input_collection.first.pathname).to be nil
|
297
|
+
expect(resource).not_to be_updated_by_last_action
|
298
|
+
end
|
299
|
+
end
|
300
|
+
end
|
@@ -0,0 +1,312 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "spec_helper"
|
19
|
+
|
20
|
+
describe Chef::Resource::InspecWaiver do
|
21
|
+
def load_waiver(filename)
|
22
|
+
path = "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/#{filename}"
|
23
|
+
run_context.waiver_collection << Chef::Compliance::Waiver.from_yaml(events, waiver_yaml, path, "acme_compliance")
|
24
|
+
end
|
25
|
+
|
26
|
+
let(:node) { Chef::Node.new }
|
27
|
+
let(:events) { Chef::EventDispatch::Dispatcher.new }
|
28
|
+
let(:run_context) do
|
29
|
+
Chef::RunContext.new(node, {}, events).tap do |rc|
|
30
|
+
end
|
31
|
+
end
|
32
|
+
let(:collection) { double("resource collection") }
|
33
|
+
let(:waiver_yaml) do
|
34
|
+
<<~EOH
|
35
|
+
ssh-01:
|
36
|
+
expiration_date: 2033-07-31
|
37
|
+
run: false
|
38
|
+
justification: "waived, yo"
|
39
|
+
EOH
|
40
|
+
end
|
41
|
+
let(:waiver_json) do
|
42
|
+
<<~EOH
|
43
|
+
{ "ssh-01": {
|
44
|
+
"expiration_date": "2033-07-31",
|
45
|
+
"run": false,
|
46
|
+
"justification": "waived, yo"
|
47
|
+
} }
|
48
|
+
EOH
|
49
|
+
end
|
50
|
+
let(:waiver_toml) do
|
51
|
+
<<~EOH
|
52
|
+
[ssh-01]
|
53
|
+
expiration_date = 2033-07-31T00:00:00.000Z
|
54
|
+
run = false
|
55
|
+
justification = "waived, yo"
|
56
|
+
EOH
|
57
|
+
end
|
58
|
+
let(:waiver_hash) do
|
59
|
+
{ "ssh-01" => {
|
60
|
+
"expiration_date" => "2033-07-31",
|
61
|
+
"run" => false,
|
62
|
+
"justification" => "waived, yo",
|
63
|
+
} }
|
64
|
+
end
|
65
|
+
let(:resource) do
|
66
|
+
Chef::Resource::InspecWaiver.new("ssh-01", run_context)
|
67
|
+
end
|
68
|
+
let(:provider) { resource.provider_for_action(:add) }
|
69
|
+
|
70
|
+
before do
|
71
|
+
allow(run_context).to receive(:resource_collection).and_return(collection)
|
72
|
+
end
|
73
|
+
|
74
|
+
it "sets the default action as :add" do
|
75
|
+
expect(resource.action).to eql([:add])
|
76
|
+
end
|
77
|
+
|
78
|
+
context "with a waiver in a cookbook" do
|
79
|
+
it "enables the waiver by the name of the cookbook" do
|
80
|
+
load_waiver("default.yml")
|
81
|
+
resource.name "acme_compliance"
|
82
|
+
resource.run_action(:add)
|
83
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
84
|
+
expect(resource).not_to be_updated_by_last_action
|
85
|
+
end
|
86
|
+
|
87
|
+
it "enables the waiver with a regular expression for the cookbook" do
|
88
|
+
load_waiver("default.yml")
|
89
|
+
resource.name "acme_comp.*"
|
90
|
+
resource.run_action(:add)
|
91
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
92
|
+
expect(resource).not_to be_updated_by_last_action
|
93
|
+
end
|
94
|
+
|
95
|
+
it "enables the waiver with an explicit name" do
|
96
|
+
load_waiver("default.yml")
|
97
|
+
resource.name "acme_compliance::default"
|
98
|
+
resource.run_action(:add)
|
99
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
100
|
+
expect(resource).not_to be_updated_by_last_action
|
101
|
+
end
|
102
|
+
|
103
|
+
it "fails when the cookbook name is wrong" do
|
104
|
+
load_waiver("default.yml")
|
105
|
+
resource.name "evil_compliance"
|
106
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
107
|
+
end
|
108
|
+
|
109
|
+
it "enables the waiver when its not named default" do
|
110
|
+
load_waiver("ssh01.yml")
|
111
|
+
resource.name "acme_compliance::ssh01"
|
112
|
+
resource.run_action(:add)
|
113
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
114
|
+
expect(resource).not_to be_updated_by_last_action
|
115
|
+
end
|
116
|
+
|
117
|
+
it "fails when it is not named default and you attempt to enable the default" do
|
118
|
+
load_waiver("ssh01.yml")
|
119
|
+
resource.name "acme_compliance"
|
120
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
121
|
+
end
|
122
|
+
|
123
|
+
it "succeeds with a regexp that matches the cookbook name" do
|
124
|
+
load_waiver("ssh01.yml")
|
125
|
+
resource.name "acme_comp.*::ssh01"
|
126
|
+
resource.run_action(:add)
|
127
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
128
|
+
expect(resource).not_to be_updated_by_last_action
|
129
|
+
end
|
130
|
+
|
131
|
+
it "succeeds with a regexp that matches the file name" do
|
132
|
+
load_waiver("ssh01.yml")
|
133
|
+
resource.name "acme_compliance::ssh.*"
|
134
|
+
resource.run_action(:add)
|
135
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
136
|
+
expect(resource).not_to be_updated_by_last_action
|
137
|
+
end
|
138
|
+
|
139
|
+
it "succeeds with a regexps for both the file name and cookbook name" do
|
140
|
+
load_waiver("ssh01.yml")
|
141
|
+
resource.name "acme_comp.*::ssh.*"
|
142
|
+
resource.run_action(:add)
|
143
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
144
|
+
expect(resource).not_to be_updated_by_last_action
|
145
|
+
end
|
146
|
+
|
147
|
+
it "fails with regexps that do not match" do
|
148
|
+
load_waiver("ssh01.yml")
|
149
|
+
resource.name "evil_comp.*::etcd.*"
|
150
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
151
|
+
end
|
152
|
+
|
153
|
+
it "substring matches without regexps should fail when they are at the end" do
|
154
|
+
load_waiver("ssh01.yml")
|
155
|
+
resource.name "acme_complianc::ssh0"
|
156
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
157
|
+
end
|
158
|
+
|
159
|
+
it "substring matches without regexps should fail when they are at the start" do
|
160
|
+
load_waiver("ssh01.yml")
|
161
|
+
resource.name "cme_compliance::sh01"
|
162
|
+
expect { resource.run_action(:add) }.to raise_error(StandardError)
|
163
|
+
end
|
164
|
+
end
|
165
|
+
|
166
|
+
context "with a waiver in a file" do
|
167
|
+
it "loads a YAML file" do
|
168
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
|
169
|
+
tempfile.write waiver_yaml
|
170
|
+
tempfile.close
|
171
|
+
resource.name tempfile.path
|
172
|
+
|
173
|
+
resource.run_action(:add)
|
174
|
+
|
175
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
176
|
+
expect(run_context.waiver_collection.size).to be 1
|
177
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
178
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
179
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
180
|
+
expect(resource).not_to be_updated_by_last_action
|
181
|
+
end
|
182
|
+
|
183
|
+
it "loads a YAML file in a source attribute" do
|
184
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
|
185
|
+
tempfile.write waiver_yaml
|
186
|
+
tempfile.close
|
187
|
+
resource.name "my-resource-name"
|
188
|
+
resource.source tempfile.path
|
189
|
+
|
190
|
+
resource.run_action(:add)
|
191
|
+
|
192
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
193
|
+
expect(run_context.waiver_collection.size).to be 1
|
194
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
195
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
196
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
197
|
+
expect(resource).not_to be_updated_by_last_action
|
198
|
+
end
|
199
|
+
|
200
|
+
it "loads a YML file" do
|
201
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
|
202
|
+
tempfile.write waiver_yaml
|
203
|
+
tempfile.close
|
204
|
+
resource.name tempfile.path
|
205
|
+
|
206
|
+
resource.run_action(:add)
|
207
|
+
|
208
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
209
|
+
expect(run_context.waiver_collection.size).to be 1
|
210
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
211
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
212
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
213
|
+
expect(resource).not_to be_updated_by_last_action
|
214
|
+
end
|
215
|
+
|
216
|
+
it "loads a YML file using the source attribute" do
|
217
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
|
218
|
+
tempfile.write waiver_yaml
|
219
|
+
tempfile.close
|
220
|
+
resource.name "my-resource-name"
|
221
|
+
resource.source tempfile.path
|
222
|
+
|
223
|
+
resource.run_action(:add)
|
224
|
+
|
225
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
226
|
+
expect(run_context.waiver_collection.size).to be 1
|
227
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
228
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
229
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
230
|
+
expect(resource).not_to be_updated_by_last_action
|
231
|
+
end
|
232
|
+
|
233
|
+
it "loads a JSON file" do
|
234
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".json"])
|
235
|
+
tempfile.write waiver_json
|
236
|
+
tempfile.close
|
237
|
+
resource.name tempfile.path
|
238
|
+
|
239
|
+
resource.run_action(:add)
|
240
|
+
|
241
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
242
|
+
expect(run_context.waiver_collection.size).to be 1
|
243
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
244
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
245
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
246
|
+
expect(resource).not_to be_updated_by_last_action
|
247
|
+
end
|
248
|
+
|
249
|
+
it "loads a JSON file using the source attribute" do
|
250
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".json"])
|
251
|
+
tempfile.write waiver_json
|
252
|
+
tempfile.close
|
253
|
+
resource.name "my-resource-name"
|
254
|
+
resource.source tempfile.path
|
255
|
+
|
256
|
+
resource.run_action(:add)
|
257
|
+
|
258
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
259
|
+
expect(run_context.waiver_collection.size).to be 1
|
260
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
261
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
262
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
263
|
+
expect(resource).not_to be_updated_by_last_action
|
264
|
+
end
|
265
|
+
|
266
|
+
it "loads a TOML file" do
|
267
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
|
268
|
+
tempfile.write waiver_toml
|
269
|
+
tempfile.close
|
270
|
+
resource.name tempfile.path
|
271
|
+
|
272
|
+
resource.run_action(:add)
|
273
|
+
|
274
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
275
|
+
expect(run_context.waiver_collection.size).to be 1
|
276
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
277
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
278
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
279
|
+
expect(resource).not_to be_updated_by_last_action
|
280
|
+
end
|
281
|
+
|
282
|
+
it "loads a TOML file using the source attribute" do
|
283
|
+
tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
|
284
|
+
tempfile.write waiver_toml
|
285
|
+
tempfile.close
|
286
|
+
resource.name "my-resource-name"
|
287
|
+
resource.source tempfile.path
|
288
|
+
|
289
|
+
resource.run_action(:add)
|
290
|
+
|
291
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
292
|
+
expect(run_context.waiver_collection.size).to be 1
|
293
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
294
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
295
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
296
|
+
expect(resource).not_to be_updated_by_last_action
|
297
|
+
end
|
298
|
+
|
299
|
+
it "loads a Hash" do
|
300
|
+
resource.source waiver_hash
|
301
|
+
|
302
|
+
resource.run_action(:add)
|
303
|
+
|
304
|
+
expect(run_context.waiver_collection.first).to be_enabled
|
305
|
+
expect(run_context.waiver_collection.size).to be 1
|
306
|
+
expect(run_context.waiver_collection.first.cookbook_name).to be nil
|
307
|
+
expect(run_context.waiver_collection.first.path).to be nil
|
308
|
+
expect(run_context.waiver_collection.first.pathname).to be nil
|
309
|
+
expect(resource).not_to be_updated_by_last_action
|
310
|
+
end
|
311
|
+
end
|
312
|
+
end
|
@@ -59,6 +59,16 @@ describe Chef::Resource::Mount do
|
|
59
59
|
expect(resource.mount_point).to eql("//192.168.11.102/Share/backup")
|
60
60
|
end
|
61
61
|
|
62
|
+
it "does not strip slash when mount_point is root directory" do
|
63
|
+
resource.mount_point "/"
|
64
|
+
expect(resource.mount_point).to eql("/")
|
65
|
+
end
|
66
|
+
|
67
|
+
it "does not strip slash when mount_point is root of network mount" do
|
68
|
+
resource.mount_point "127.0.0.1:/"
|
69
|
+
expect(resource.mount_point).to eql("127.0.0.1:/")
|
70
|
+
end
|
71
|
+
|
62
72
|
it "raises error when mount_point property is not set" do
|
63
73
|
expect { resource.mount_point nil }.to raise_error(Chef::Exceptions::ValidationFailed, "Property mount_point must be one of: String! You passed nil.")
|
64
74
|
end
|
@@ -17,7 +17,6 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require "spec_helper"
|
20
|
-
|
21
20
|
describe Chef::Resource::UserUlimit do
|
22
21
|
let(:node) { Chef::Node.new }
|
23
22
|
let(:events) { Chef::EventDispatch::Dispatcher.new }
|
@@ -50,4 +49,18 @@ describe Chef::Resource::UserUlimit do
|
|
50
49
|
expect { resource.action :create }.not_to raise_error
|
51
50
|
expect { resource.action :delete }.not_to raise_error
|
52
51
|
end
|
52
|
+
|
53
|
+
describe "sensitive attribute" do
|
54
|
+
context "should be insensitive by default" do
|
55
|
+
it { expect(resource.sensitive).to(be_falsey) }
|
56
|
+
end
|
57
|
+
|
58
|
+
context "when set" do
|
59
|
+
before { resource.sensitive(true) }
|
60
|
+
|
61
|
+
it "should be set on the resource" do
|
62
|
+
expect(resource.sensitive).to(be_truthy)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
53
66
|
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Marc Paradise <marc@chef.io>
|
3
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../../spec_helper"
|
20
|
+
require "chef/secret_fetcher/akeyless_vault"
|
21
|
+
|
22
|
+
describe Chef::SecretFetcher::AKeylessVault do
|
23
|
+
let(:node) { {} }
|
24
|
+
let(:run_context) { double("run_context", node: node) }
|
25
|
+
|
26
|
+
context "when validating provided AKeyless Vault configuration" do
|
27
|
+
it "raises ConfigurationInvalid when :secret_access_key is not provided" do
|
28
|
+
fetcher = Chef::SecretFetcher::AKeylessVault.new( { access_id: "provided" }, run_context)
|
29
|
+
expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:secret_access_key/)
|
30
|
+
end
|
31
|
+
|
32
|
+
it "raises ConfigurationInvalid when :access_key_id is not provided" do
|
33
|
+
fetcher = Chef::SecretFetcher::AKeylessVault.new( { access_key: "provided" }, run_context)
|
34
|
+
expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:access_key_id/)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|