chef 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. checksums.yaml +4 -4
  2. data/chef.gemspec +2 -0
  3. data/lib/chef/application/base.rb +11 -1
  4. data/lib/chef/client.rb +1 -2
  5. data/lib/chef/compliance/input.rb +115 -0
  6. data/lib/chef/compliance/input_collection.rb +139 -0
  7. data/lib/chef/compliance/profile.rb +122 -0
  8. data/lib/chef/compliance/profile_collection.rb +109 -0
  9. data/lib/chef/compliance/runner.rb +47 -5
  10. data/lib/chef/compliance/waiver.rb +115 -0
  11. data/lib/chef/compliance/waiver_collection.rb +143 -0
  12. data/lib/chef/dsl/compliance.rb +38 -0
  13. data/lib/chef/dsl/reader_helpers.rb +51 -0
  14. data/lib/chef/dsl/recipe.rb +4 -2
  15. data/lib/chef/dsl/secret.rb +2 -4
  16. data/lib/chef/dsl/universal.rb +2 -0
  17. data/lib/chef/event_dispatch/base.rb +44 -2
  18. data/lib/chef/formatters/doc.rb +46 -0
  19. data/lib/chef/http/basic_client.rb +15 -7
  20. data/lib/chef/http.rb +7 -3
  21. data/lib/chef/provider/file.rb +2 -0
  22. data/lib/chef/provider/link.rb +2 -2
  23. data/lib/chef/provider/registry_key.rb +3 -2
  24. data/lib/chef/provider/remote_file/http.rb +1 -1
  25. data/lib/chef/provider/template.rb +1 -1
  26. data/lib/chef/resource/archive_file.rb +17 -14
  27. data/lib/chef/resource/chef_client_scheduled_task.rb +45 -2
  28. data/lib/chef/resource/chocolatey_config.rb +13 -13
  29. data/lib/chef/resource/file/verification/json.rb +50 -0
  30. data/lib/chef/resource/file/verification/yaml.rb +52 -0
  31. data/lib/chef/resource/inspec_input.rb +128 -0
  32. data/lib/chef/resource/inspec_waiver.rb +185 -0
  33. data/lib/chef/resource/mount.rb +1 -1
  34. data/lib/chef/resource/registry_key.rb +36 -48
  35. data/lib/chef/resource/remote_file.rb +98 -2
  36. data/lib/chef/resource/timezone.rb +2 -2
  37. data/lib/chef/resource/user_ulimit.rb +1 -0
  38. data/lib/chef/resource/windows_printer.rb +1 -1
  39. data/lib/chef/resource/windows_uac.rb +3 -1
  40. data/lib/chef/resource/windows_user_privilege.rb +1 -1
  41. data/lib/chef/resources.rb +2 -0
  42. data/lib/chef/run_context/cookbook_compiler.rb +112 -28
  43. data/lib/chef/run_context.rb +31 -1
  44. data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
  45. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +1 -1
  46. data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
  47. data/lib/chef/secret_fetcher/base.rb +1 -1
  48. data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
  49. data/lib/chef/secret_fetcher.rb +8 -2
  50. data/lib/chef/version.rb +1 -1
  51. data/spec/data/archive_file/test_archive.tar.gz +0 -0
  52. data/spec/functional/resource/archive_file_spec.rb +87 -0
  53. data/spec/functional/resource/group_spec.rb +5 -1
  54. data/spec/functional/resource/link_spec.rb +8 -0
  55. data/spec/integration/compliance/compliance_spec.rb +60 -0
  56. data/spec/spec_helper.rb +3 -0
  57. data/spec/support/platform_helpers.rb +4 -0
  58. data/spec/support/ruby_installer.rb +51 -0
  59. data/spec/unit/compliance/input_spec.rb +104 -0
  60. data/spec/unit/compliance/profile_spec.rb +120 -0
  61. data/spec/unit/compliance/waiver_spec.rb +104 -0
  62. data/spec/unit/http/basic_client_spec.rb +30 -0
  63. data/spec/unit/http_spec.rb +8 -2
  64. data/spec/unit/provider/link_spec.rb +13 -7
  65. data/spec/unit/provider/remote_file/http_spec.rb +10 -0
  66. data/spec/unit/provider/template_spec.rb +2 -2
  67. data/spec/unit/resource/archive_file_spec.rb +414 -3
  68. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
  69. data/spec/unit/resource/file/verification/json_spec.rb +72 -0
  70. data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
  71. data/spec/unit/resource/inspec_input_spec.rb +300 -0
  72. data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
  73. data/spec/unit/resource/mount_spec.rb +10 -0
  74. data/spec/unit/resource/user_ulimit_spec.rb +14 -1
  75. data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
  76. data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
  77. data/tasks/rspec.rb +2 -1
  78. metadata +60 -6
@@ -0,0 +1,80 @@
1
+ #
2
+ # Author:: Marc Paradise <marc@chef.io>
3
+ # Copyright:: Copyright (c) Chef Software Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require_relative "../../spec_helper"
20
+ require "chef/secret_fetcher/hashi_vault"
21
+
22
+ describe Chef::SecretFetcher::HashiVault do
23
+ let(:node) { {} }
24
+ let(:run_context) { double("run_context", node: node) }
25
+
26
+ context "when validating provided HashiVault configuration" do
27
+ it "raises ConfigurationInvalid when the :auth_method is not valid" do
28
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
29
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:auth_method/)
30
+ end
31
+
32
+ it "raises ConfigurationInvalid when the vault_addr is not provided" do
33
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, role_name: "example-role" }, run_context)
34
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
35
+ end
36
+
37
+ context "and using auth_method: :iam_role" do
38
+ it "raises ConfigurationInvalid when the role_name is not provided" do
39
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200" }, run_context)
40
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
41
+ end
42
+
43
+ it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do
44
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200", role_name: "example-role" }, run_context)
45
+ allow(Aws::InstanceProfileCredentials).to receive(:new).and_return instance_double(Aws::InstanceProfileCredentials)
46
+ auth_double = instance_double(Vault::Authenticate)
47
+ expect(auth_double).to receive(:aws_iam)
48
+ allow(Vault).to receive(:auth).and_return(auth_double)
49
+ fetcher.validate!
50
+ end
51
+ end
52
+
53
+ context "and using auth_method: :token" do
54
+ it "raises ConfigurationInvalid when no token is provided" do
55
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, vault_addr: "https://vault.example.com:8200" }, run_context)
56
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
57
+ end
58
+
59
+ it "authenticates using the token during validation when all configuration is correct" do
60
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, token: "t.1234abcd", vault_addr: "https://vault.example.com:8200" }, run_context)
61
+ auth = instance_double(Vault::Authenticate)
62
+ auth_double = instance_double(Vault::Authenticate)
63
+ expect(auth_double).to receive(:token)
64
+ allow(Vault).to receive(:auth).and_return(auth_double)
65
+ fetcher.validate!
66
+ end
67
+ end
68
+ end
69
+
70
+ context "when fetching a secret from Hashi Vault" do
71
+ it "raises an FetchFailed message when no secret is returned due to invalid engine path" do
72
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
73
+ logical_double = instance_double(Vault::Logical)
74
+ expect(logical_double).to receive(:read).and_return nil
75
+ expect(Vault).to receive(:logical).and_return(logical_double)
76
+ expect { fetcher.do_fetch("anything", nil) }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
77
+ end
78
+ end
79
+ end
80
+
data/tasks/rspec.rb CHANGED
@@ -30,7 +30,8 @@ begin
30
30
  puts "--- Running #{gem} specs"
31
31
  Bundler.with_unbundled_env do
32
32
  puts "Executing tests in #{Dir.pwd}:"
33
- sh("bundle install --jobs=3 --retry=3 --path=../vendor/bundle")
33
+ sh("bundle config set --local path 'vendor/bundle'")
34
+ sh("bundle install --jobs=3 --retry=3")
34
35
  sh("bundle exec rake spec")
35
36
  end
36
37
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 17.4.38
4
+ version: 17.5.22
5
5
  platform: universal-mingw32
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-27 00:00:00.000000000 Z
11
+ date: 2021-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 17.4.38
19
+ version: 17.5.22
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 17.4.38
26
+ version: 17.5.22
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: chef-utils
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 17.4.38
33
+ version: 17.5.22
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 17.4.38
40
+ version: 17.5.22
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: train-core
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -440,6 +440,20 @@ dependencies:
440
440
  - - "~>"
441
441
  - !ruby/object:Gem::Version
442
442
  version: '1.0'
443
+ - !ruby/object:Gem::Dependency
444
+ name: aws-sdk-s3
445
+ requirement: !ruby/object:Gem::Requirement
446
+ requirements:
447
+ - - "~>"
448
+ - !ruby/object:Gem::Version
449
+ version: '1.91'
450
+ type: :runtime
451
+ prerelease: false
452
+ version_requirements: !ruby/object:Gem::Requirement
453
+ requirements:
454
+ - - "~>"
455
+ - !ruby/object:Gem::Version
456
+ version: '1.91'
443
457
  - !ruby/object:Gem::Dependency
444
458
  name: aws-sdk-secretsmanager
445
459
  requirement: !ruby/object:Gem::Requirement
@@ -454,6 +468,20 @@ dependencies:
454
468
  - - "~>"
455
469
  - !ruby/object:Gem::Version
456
470
  version: '1.46'
471
+ - !ruby/object:Gem::Dependency
472
+ name: vault
473
+ requirement: !ruby/object:Gem::Requirement
474
+ requirements:
475
+ - - "~>"
476
+ - !ruby/object:Gem::Version
477
+ version: '0.16'
478
+ type: :runtime
479
+ prerelease: false
480
+ version_requirements: !ruby/object:Gem::Requirement
481
+ requirements:
482
+ - - "~>"
483
+ - !ruby/object:Gem::Version
484
+ version: '0.16'
457
485
  - !ruby/object:Gem::Dependency
458
486
  name: win32-api
459
487
  requirement: !ruby/object:Gem::Requirement
@@ -1366,12 +1394,18 @@ files:
1366
1394
  - lib/chef/compliance/default_attributes.rb
1367
1395
  - lib/chef/compliance/fetcher/automate.rb
1368
1396
  - lib/chef/compliance/fetcher/chef_server.rb
1397
+ - lib/chef/compliance/input.rb
1398
+ - lib/chef/compliance/input_collection.rb
1399
+ - lib/chef/compliance/profile.rb
1400
+ - lib/chef/compliance/profile_collection.rb
1369
1401
  - lib/chef/compliance/reporter/automate.rb
1370
1402
  - lib/chef/compliance/reporter/chef_server_automate.rb
1371
1403
  - lib/chef/compliance/reporter/cli.rb
1372
1404
  - lib/chef/compliance/reporter/compliance_enforcer.rb
1373
1405
  - lib/chef/compliance/reporter/json_file.rb
1374
1406
  - lib/chef/compliance/runner.rb
1407
+ - lib/chef/compliance/waiver.rb
1408
+ - lib/chef/compliance/waiver_collection.rb
1375
1409
  - lib/chef/config.rb
1376
1410
  - lib/chef/config_fetcher.rb
1377
1411
  - lib/chef/constants.rb
@@ -1411,6 +1445,7 @@ files:
1411
1445
  - lib/chef/dsl.rb
1412
1446
  - lib/chef/dsl/chef_vault.rb
1413
1447
  - lib/chef/dsl/cheffish.rb
1448
+ - lib/chef/dsl/compliance.rb
1414
1449
  - lib/chef/dsl/data_query.rb
1415
1450
  - lib/chef/dsl/declare_resource.rb
1416
1451
  - lib/chef/dsl/definitions.rb
@@ -1418,6 +1453,7 @@ files:
1418
1453
  - lib/chef/dsl/include_recipe.rb
1419
1454
  - lib/chef/dsl/platform_introspection.rb
1420
1455
  - lib/chef/dsl/powershell.rb
1456
+ - lib/chef/dsl/reader_helpers.rb
1421
1457
  - lib/chef/dsl/reboot_pending.rb
1422
1458
  - lib/chef/dsl/recipe.rb
1423
1459
  - lib/chef/dsl/registry_helper.rb
@@ -1760,7 +1796,9 @@ files:
1760
1796
  - lib/chef/resource/execute.rb
1761
1797
  - lib/chef/resource/file.rb
1762
1798
  - lib/chef/resource/file/verification.rb
1799
+ - lib/chef/resource/file/verification/json.rb
1763
1800
  - lib/chef/resource/file/verification/systemd_unit.rb
1801
+ - lib/chef/resource/file/verification/yaml.rb
1764
1802
  - lib/chef/resource/freebsd_package.rb
1765
1803
  - lib/chef/resource/gem_package.rb
1766
1804
  - lib/chef/resource/group.rb
@@ -1781,6 +1819,8 @@ files:
1781
1819
  - lib/chef/resource/hostname.rb
1782
1820
  - lib/chef/resource/http_request.rb
1783
1821
  - lib/chef/resource/ifconfig.rb
1822
+ - lib/chef/resource/inspec_input.rb
1823
+ - lib/chef/resource/inspec_waiver.rb
1784
1824
  - lib/chef/resource/inspec_waiver_file_entry.rb
1785
1825
  - lib/chef/resource/ips_package.rb
1786
1826
  - lib/chef/resource/kernel_module.rb
@@ -1928,10 +1968,12 @@ files:
1928
1968
  - lib/chef/scan_access_control.rb
1929
1969
  - lib/chef/search/query.rb
1930
1970
  - lib/chef/secret_fetcher.rb
1971
+ - lib/chef/secret_fetcher/akeyless_vault.rb
1931
1972
  - lib/chef/secret_fetcher/aws_secrets_manager.rb
1932
1973
  - lib/chef/secret_fetcher/azure_key_vault.rb
1933
1974
  - lib/chef/secret_fetcher/base.rb
1934
1975
  - lib/chef/secret_fetcher/example.rb
1976
+ - lib/chef/secret_fetcher/hashi_vault.rb
1935
1977
  - lib/chef/server_api.rb
1936
1978
  - lib/chef/server_api_versions.rb
1937
1979
  - lib/chef/shell.rb
@@ -2060,6 +2102,7 @@ files:
2060
2102
  - spec/data/apt/var/www/apt/dists/sid/main/binary-i386/Packages
2061
2103
  - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.0-1_amd64.deb
2062
2104
  - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.1-1_amd64.deb
2105
+ - spec/data/archive_file/test_archive.tar.gz
2063
2106
  - spec/data/bad-config.rb
2064
2107
  - spec/data/bootstrap/encrypted_data_bag_secret
2065
2108
  - spec/data/bootstrap/no_proxy.erb
@@ -2444,6 +2487,7 @@ files:
2444
2487
  - spec/functional/resource/aix_service_spec.rb
2445
2488
  - spec/functional/resource/aixinit_service_spec.rb
2446
2489
  - spec/functional/resource/apt_package_spec.rb
2490
+ - spec/functional/resource/archive_file_spec.rb
2447
2491
  - spec/functional/resource/bash_spec.rb
2448
2492
  - spec/functional/resource/batch_spec.rb
2449
2493
  - spec/functional/resource/bff_spec.rb
@@ -2548,6 +2592,7 @@ files:
2548
2592
  - spec/support/platforms/prof/win32.rb
2549
2593
  - spec/support/platforms/win32/spec_service.rb
2550
2594
  - spec/support/recipe_dsl_helper.rb
2595
+ - spec/support/ruby_installer.rb
2551
2596
  - spec/support/shared/context/config.rb
2552
2597
  - spec/support/shared/context/win32.rb
2553
2598
  - spec/support/shared/functional/diff_disabled.rb
@@ -2608,10 +2653,13 @@ files:
2608
2653
  - spec/unit/client_spec.rb
2609
2654
  - spec/unit/compliance/fetcher/automate_spec.rb
2610
2655
  - spec/unit/compliance/fetcher/chef_server_spec.rb
2656
+ - spec/unit/compliance/input_spec.rb
2657
+ - spec/unit/compliance/profile_spec.rb
2611
2658
  - spec/unit/compliance/reporter/automate_spec.rb
2612
2659
  - spec/unit/compliance/reporter/chef_server_automate_spec.rb
2613
2660
  - spec/unit/compliance/reporter/compliance_enforcer_spec.rb
2614
2661
  - spec/unit/compliance/runner_spec.rb
2662
+ - spec/unit/compliance/waiver_spec.rb
2615
2663
  - spec/unit/config_fetcher_spec.rb
2616
2664
  - spec/unit/config_spec.rb
2617
2665
  - spec/unit/cookbook/chefignore_spec.rb
@@ -2898,7 +2946,9 @@ files:
2898
2946
  - spec/unit/resource/dsc_resource_spec.rb
2899
2947
  - spec/unit/resource/dsc_script_spec.rb
2900
2948
  - spec/unit/resource/execute_spec.rb
2949
+ - spec/unit/resource/file/verification/json_spec.rb
2901
2950
  - spec/unit/resource/file/verification/systemd_unit_spec.rb
2951
+ - spec/unit/resource/file/verification/yaml_spec.rb
2902
2952
  - spec/unit/resource/file/verification_spec.rb
2903
2953
  - spec/unit/resource/file_spec.rb
2904
2954
  - spec/unit/resource/freebsd_package_spec.rb
@@ -2912,7 +2962,9 @@ files:
2912
2962
  - spec/unit/resource/hostname_spec.rb
2913
2963
  - spec/unit/resource/http_request_spec.rb
2914
2964
  - spec/unit/resource/ifconfig_spec.rb
2965
+ - spec/unit/resource/inspec_input_spec.rb
2915
2966
  - spec/unit/resource/inspec_waiver_file_entry_spec.rb
2967
+ - spec/unit/resource/inspec_waiver_spec.rb
2916
2968
  - spec/unit/resource/ips_package_spec.rb
2917
2969
  - spec/unit/resource/kernel_module_spec.rb
2918
2970
  - spec/unit/resource/ksh_spec.rb
@@ -3039,8 +3091,10 @@ files:
3039
3091
  - spec/unit/runner_spec.rb
3040
3092
  - spec/unit/scan_access_control_spec.rb
3041
3093
  - spec/unit/search/query_spec.rb
3094
+ - spec/unit/secret_fetcher/akeyless_vault_spec.rb
3042
3095
  - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
3043
3096
  - spec/unit/secret_fetcher/azure_key_vault_spec.rb
3097
+ - spec/unit/secret_fetcher/hashi_vault_spec.rb
3044
3098
  - spec/unit/secret_fetcher_spec.rb
3045
3099
  - spec/unit/server_api_spec.rb
3046
3100
  - spec/unit/server_api_versions_spec.rb