RubyGems - chef - Versions diffs - 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32 - Mend

chef 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

checksums.yaml +4 -4
data/chef.gemspec +2 -0
data/lib/chef/application/base.rb +11 -1
data/lib/chef/client.rb +1 -2
data/lib/chef/compliance/input.rb +115 -0
data/lib/chef/compliance/input_collection.rb +139 -0
data/lib/chef/compliance/profile.rb +122 -0
data/lib/chef/compliance/profile_collection.rb +109 -0
data/lib/chef/compliance/runner.rb +47 -5
data/lib/chef/compliance/waiver.rb +115 -0
data/lib/chef/compliance/waiver_collection.rb +143 -0
data/lib/chef/dsl/compliance.rb +38 -0
data/lib/chef/dsl/reader_helpers.rb +51 -0
data/lib/chef/dsl/recipe.rb +4 -2
data/lib/chef/dsl/secret.rb +2 -4
data/lib/chef/dsl/universal.rb +2 -0
data/lib/chef/event_dispatch/base.rb +44 -2
data/lib/chef/formatters/doc.rb +46 -0
data/lib/chef/http/basic_client.rb +15 -7
data/lib/chef/http.rb +7 -3
data/lib/chef/provider/file.rb +2 -0
data/lib/chef/provider/link.rb +2 -2
data/lib/chef/provider/registry_key.rb +3 -2
data/lib/chef/provider/remote_file/http.rb +1 -1
data/lib/chef/provider/template.rb +1 -1
data/lib/chef/resource/archive_file.rb +17 -14
data/lib/chef/resource/chef_client_scheduled_task.rb +45 -2
data/lib/chef/resource/chocolatey_config.rb +13 -13
data/lib/chef/resource/file/verification/json.rb +50 -0
data/lib/chef/resource/file/verification/yaml.rb +52 -0
data/lib/chef/resource/inspec_input.rb +128 -0
data/lib/chef/resource/inspec_waiver.rb +185 -0
data/lib/chef/resource/mount.rb +1 -1
data/lib/chef/resource/registry_key.rb +36 -48
data/lib/chef/resource/remote_file.rb +98 -2
data/lib/chef/resource/timezone.rb +2 -2
data/lib/chef/resource/user_ulimit.rb +1 -0
data/lib/chef/resource/windows_printer.rb +1 -1
data/lib/chef/resource/windows_uac.rb +3 -1
data/lib/chef/resource/windows_user_privilege.rb +1 -1
data/lib/chef/resources.rb +2 -0
data/lib/chef/run_context/cookbook_compiler.rb +112 -28
data/lib/chef/run_context.rb +31 -1
data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
data/lib/chef/secret_fetcher/aws_secrets_manager.rb +1 -1
data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
data/lib/chef/secret_fetcher/base.rb +1 -1
data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
data/lib/chef/secret_fetcher.rb +8 -2
data/lib/chef/version.rb +1 -1
data/spec/data/archive_file/test_archive.tar.gz +0 -0
data/spec/functional/resource/archive_file_spec.rb +87 -0
data/spec/functional/resource/group_spec.rb +5 -1
data/spec/functional/resource/link_spec.rb +8 -0
data/spec/integration/compliance/compliance_spec.rb +60 -0
data/spec/spec_helper.rb +3 -0
data/spec/support/platform_helpers.rb +4 -0
data/spec/support/ruby_installer.rb +51 -0
data/spec/unit/compliance/input_spec.rb +104 -0
data/spec/unit/compliance/profile_spec.rb +120 -0
data/spec/unit/compliance/waiver_spec.rb +104 -0
data/spec/unit/http/basic_client_spec.rb +30 -0
data/spec/unit/http_spec.rb +8 -2
data/spec/unit/provider/link_spec.rb +13 -7
data/spec/unit/provider/remote_file/http_spec.rb +10 -0
data/spec/unit/provider/template_spec.rb +2 -2
data/spec/unit/resource/archive_file_spec.rb +414 -3
data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
data/spec/unit/resource/file/verification/json_spec.rb +72 -0
data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
data/spec/unit/resource/inspec_input_spec.rb +300 -0
data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
data/spec/unit/resource/mount_spec.rb +10 -0
data/spec/unit/resource/user_ulimit_spec.rb +14 -1
data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
data/tasks/rspec.rb +2 -1
metadata +60 -6

data/spec/unit/secret_fetcher/hashi_vault_spec.rb ADDED Viewed

@@ -0,0 +1,80 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/hashi_vault"
+describe Chef::SecretFetcher::HashiVault do
+  let(:node) { {} }
+  let(:run_context) { double("run_context", node: node) }
+  context "when validating provided HashiVault configuration" do
+    it "raises ConfigurationInvalid when the :auth_method is not valid" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:auth_method/)
+    end
+    it "raises ConfigurationInvalid when the vault_addr is not provided" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, role_name: "example-role" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+    context "and using auth_method: :iam_role" do
+      it "raises ConfigurationInvalid when the role_name is not provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+      it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200", role_name: "example-role" }, run_context)
+        allow(Aws::InstanceProfileCredentials).to receive(:new).and_return instance_double(Aws::InstanceProfileCredentials)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:aws_iam)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+    context "and using auth_method: :token" do
+      it "raises ConfigurationInvalid when no token is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+      it "authenticates using the token during validation when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, token: "t.1234abcd", vault_addr: "https://vault.example.com:8200" }, run_context)
+        auth = instance_double(Vault::Authenticate)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:token)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+  end
+  context "when fetching a secret from Hashi Vault" do
+    it "raises an FetchFailed message when no secret is returned due to invalid engine path" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      logical_double = instance_double(Vault::Logical)
+      expect(logical_double).to receive(:read).and_return nil
+      expect(Vault).to receive(:logical).and_return(logical_double)
+      expect { fetcher.do_fetch("anything", nil) }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+    end
+  end
+end

data/tasks/rspec.rb CHANGED Viewed

@@ -30,7 +30,8 @@ begin
         puts "--- Running #{gem} specs"
         Bundler.with_unbundled_env do
           puts "Executing tests in #{Dir.pwd}:"
-          sh("bundle install --jobs=3 --retry=3 --path=../vendor/bundle")
+          sh("bundle config set --local path 'vendor/bundle'")
+          sh("bundle install --jobs=3 --retry=3")
           sh("bundle exec rake spec")
         end
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.4.38
+  version: 17.5.22
 platform: universal-mingw32
 authors:
 - Adam Jacob
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-27 00:00:00.000000000 Z
+date: 2021-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -440,6 +440,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-secretsmanager
   requirement: !ruby/object:Gem::Requirement
@@ -454,6 +468,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.46'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
 - !ruby/object:Gem::Dependency
   name: win32-api
   requirement: !ruby/object:Gem::Requirement
@@ -1366,12 +1394,18 @@ files:
 - lib/chef/compliance/default_attributes.rb
 - lib/chef/compliance/fetcher/automate.rb
 - lib/chef/compliance/fetcher/chef_server.rb
+- lib/chef/compliance/input.rb
+- lib/chef/compliance/input_collection.rb
+- lib/chef/compliance/profile.rb
+- lib/chef/compliance/profile_collection.rb
 - lib/chef/compliance/reporter/automate.rb
 - lib/chef/compliance/reporter/chef_server_automate.rb
 - lib/chef/compliance/reporter/cli.rb
 - lib/chef/compliance/reporter/compliance_enforcer.rb
 - lib/chef/compliance/reporter/json_file.rb
 - lib/chef/compliance/runner.rb
+- lib/chef/compliance/waiver.rb
+- lib/chef/compliance/waiver_collection.rb
 - lib/chef/config.rb
 - lib/chef/config_fetcher.rb
 - lib/chef/constants.rb
@@ -1411,6 +1445,7 @@ files:
 - lib/chef/dsl.rb
 - lib/chef/dsl/chef_vault.rb
 - lib/chef/dsl/cheffish.rb
+- lib/chef/dsl/compliance.rb
 - lib/chef/dsl/data_query.rb
 - lib/chef/dsl/declare_resource.rb
 - lib/chef/dsl/definitions.rb
@@ -1418,6 +1453,7 @@ files:
 - lib/chef/dsl/include_recipe.rb
 - lib/chef/dsl/platform_introspection.rb
 - lib/chef/dsl/powershell.rb
+- lib/chef/dsl/reader_helpers.rb
 - lib/chef/dsl/reboot_pending.rb
 - lib/chef/dsl/recipe.rb
 - lib/chef/dsl/registry_helper.rb
@@ -1760,7 +1796,9 @@ files:
 - lib/chef/resource/execute.rb
 - lib/chef/resource/file.rb
 - lib/chef/resource/file/verification.rb
+- lib/chef/resource/file/verification/json.rb
 - lib/chef/resource/file/verification/systemd_unit.rb
+- lib/chef/resource/file/verification/yaml.rb
 - lib/chef/resource/freebsd_package.rb
 - lib/chef/resource/gem_package.rb
 - lib/chef/resource/group.rb
@@ -1781,6 +1819,8 @@ files:
 - lib/chef/resource/hostname.rb
 - lib/chef/resource/http_request.rb
 - lib/chef/resource/ifconfig.rb
+- lib/chef/resource/inspec_input.rb
+- lib/chef/resource/inspec_waiver.rb
 - lib/chef/resource/inspec_waiver_file_entry.rb
 - lib/chef/resource/ips_package.rb
 - lib/chef/resource/kernel_module.rb
@@ -1928,10 +1968,12 @@ files:
 - lib/chef/scan_access_control.rb
 - lib/chef/search/query.rb
 - lib/chef/secret_fetcher.rb
+- lib/chef/secret_fetcher/akeyless_vault.rb
 - lib/chef/secret_fetcher/aws_secrets_manager.rb
 - lib/chef/secret_fetcher/azure_key_vault.rb
 - lib/chef/secret_fetcher/base.rb
 - lib/chef/secret_fetcher/example.rb
+- lib/chef/secret_fetcher/hashi_vault.rb
 - lib/chef/server_api.rb
 - lib/chef/server_api_versions.rb
 - lib/chef/shell.rb
@@ -2060,6 +2102,7 @@ files:
 - spec/data/apt/var/www/apt/dists/sid/main/binary-i386/Packages
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.0-1_amd64.deb
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.1-1_amd64.deb
+- spec/data/archive_file/test_archive.tar.gz
 - spec/data/bad-config.rb
 - spec/data/bootstrap/encrypted_data_bag_secret
 - spec/data/bootstrap/no_proxy.erb
@@ -2444,6 +2487,7 @@ files:
 - spec/functional/resource/aix_service_spec.rb
 - spec/functional/resource/aixinit_service_spec.rb
 - spec/functional/resource/apt_package_spec.rb
+- spec/functional/resource/archive_file_spec.rb
 - spec/functional/resource/bash_spec.rb
 - spec/functional/resource/batch_spec.rb
 - spec/functional/resource/bff_spec.rb
@@ -2548,6 +2592,7 @@ files:
 - spec/support/platforms/prof/win32.rb
 - spec/support/platforms/win32/spec_service.rb
 - spec/support/recipe_dsl_helper.rb
+- spec/support/ruby_installer.rb
 - spec/support/shared/context/config.rb
 - spec/support/shared/context/win32.rb
 - spec/support/shared/functional/diff_disabled.rb
@@ -2608,10 +2653,13 @@ files:
 - spec/unit/client_spec.rb
 - spec/unit/compliance/fetcher/automate_spec.rb
 - spec/unit/compliance/fetcher/chef_server_spec.rb
+- spec/unit/compliance/input_spec.rb
+- spec/unit/compliance/profile_spec.rb
 - spec/unit/compliance/reporter/automate_spec.rb
 - spec/unit/compliance/reporter/chef_server_automate_spec.rb
 - spec/unit/compliance/reporter/compliance_enforcer_spec.rb
 - spec/unit/compliance/runner_spec.rb
+- spec/unit/compliance/waiver_spec.rb
 - spec/unit/config_fetcher_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/cookbook/chefignore_spec.rb
@@ -2898,7 +2946,9 @@ files:
 - spec/unit/resource/dsc_resource_spec.rb
 - spec/unit/resource/dsc_script_spec.rb
 - spec/unit/resource/execute_spec.rb
+- spec/unit/resource/file/verification/json_spec.rb
 - spec/unit/resource/file/verification/systemd_unit_spec.rb
+- spec/unit/resource/file/verification/yaml_spec.rb
 - spec/unit/resource/file/verification_spec.rb
 - spec/unit/resource/file_spec.rb
 - spec/unit/resource/freebsd_package_spec.rb
@@ -2912,7 +2962,9 @@ files:
 - spec/unit/resource/hostname_spec.rb
 - spec/unit/resource/http_request_spec.rb
 - spec/unit/resource/ifconfig_spec.rb
+- spec/unit/resource/inspec_input_spec.rb
 - spec/unit/resource/inspec_waiver_file_entry_spec.rb
+- spec/unit/resource/inspec_waiver_spec.rb
 - spec/unit/resource/ips_package_spec.rb
 - spec/unit/resource/kernel_module_spec.rb
 - spec/unit/resource/ksh_spec.rb
@@ -3039,8 +3091,10 @@ files:
 - spec/unit/runner_spec.rb
 - spec/unit/scan_access_control_spec.rb
 - spec/unit/search/query_spec.rb
+- spec/unit/secret_fetcher/akeyless_vault_spec.rb
 - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
 - spec/unit/secret_fetcher/azure_key_vault_spec.rb
+- spec/unit/secret_fetcher/hashi_vault_spec.rb
 - spec/unit/secret_fetcher_spec.rb
 - spec/unit/server_api_spec.rb
 - spec/unit/server_api_versions_spec.rb