RubyGems - chef - Versions diffs - 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32 - Mend

chef 17.4.38-universal-mingw32 → 17.5.22-universal-mingw32

Files changed (78) hide show

checksums.yaml +4 -4
data/chef.gemspec +2 -0
data/lib/chef/application/base.rb +11 -1
data/lib/chef/client.rb +1 -2
data/lib/chef/compliance/input.rb +115 -0
data/lib/chef/compliance/input_collection.rb +139 -0
data/lib/chef/compliance/profile.rb +122 -0
data/lib/chef/compliance/profile_collection.rb +109 -0
data/lib/chef/compliance/runner.rb +47 -5
data/lib/chef/compliance/waiver.rb +115 -0
data/lib/chef/compliance/waiver_collection.rb +143 -0
data/lib/chef/dsl/compliance.rb +38 -0
data/lib/chef/dsl/reader_helpers.rb +51 -0
data/lib/chef/dsl/recipe.rb +4 -2
data/lib/chef/dsl/secret.rb +2 -4
data/lib/chef/dsl/universal.rb +2 -0
data/lib/chef/event_dispatch/base.rb +44 -2
data/lib/chef/formatters/doc.rb +46 -0
data/lib/chef/http/basic_client.rb +15 -7
data/lib/chef/http.rb +7 -3
data/lib/chef/provider/file.rb +2 -0
data/lib/chef/provider/link.rb +2 -2
data/lib/chef/provider/registry_key.rb +3 -2
data/lib/chef/provider/remote_file/http.rb +1 -1
data/lib/chef/provider/template.rb +1 -1
data/lib/chef/resource/archive_file.rb +17 -14
data/lib/chef/resource/chef_client_scheduled_task.rb +45 -2
data/lib/chef/resource/chocolatey_config.rb +13 -13
data/lib/chef/resource/file/verification/json.rb +50 -0
data/lib/chef/resource/file/verification/yaml.rb +52 -0
data/lib/chef/resource/inspec_input.rb +128 -0
data/lib/chef/resource/inspec_waiver.rb +185 -0
data/lib/chef/resource/mount.rb +1 -1
data/lib/chef/resource/registry_key.rb +36 -48
data/lib/chef/resource/remote_file.rb +98 -2
data/lib/chef/resource/timezone.rb +2 -2
data/lib/chef/resource/user_ulimit.rb +1 -0
data/lib/chef/resource/windows_printer.rb +1 -1
data/lib/chef/resource/windows_uac.rb +3 -1
data/lib/chef/resource/windows_user_privilege.rb +1 -1
data/lib/chef/resources.rb +2 -0
data/lib/chef/run_context/cookbook_compiler.rb +112 -28
data/lib/chef/run_context.rb +31 -1
data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
data/lib/chef/secret_fetcher/aws_secrets_manager.rb +1 -1
data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
data/lib/chef/secret_fetcher/base.rb +1 -1
data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
data/lib/chef/secret_fetcher.rb +8 -2
data/lib/chef/version.rb +1 -1
data/spec/data/archive_file/test_archive.tar.gz +0 -0
data/spec/functional/resource/archive_file_spec.rb +87 -0
data/spec/functional/resource/group_spec.rb +5 -1
data/spec/functional/resource/link_spec.rb +8 -0
data/spec/integration/compliance/compliance_spec.rb +60 -0
data/spec/spec_helper.rb +3 -0
data/spec/support/platform_helpers.rb +4 -0
data/spec/support/ruby_installer.rb +51 -0
data/spec/unit/compliance/input_spec.rb +104 -0
data/spec/unit/compliance/profile_spec.rb +120 -0
data/spec/unit/compliance/waiver_spec.rb +104 -0
data/spec/unit/http/basic_client_spec.rb +30 -0
data/spec/unit/http_spec.rb +8 -2
data/spec/unit/provider/link_spec.rb +13 -7
data/spec/unit/provider/remote_file/http_spec.rb +10 -0
data/spec/unit/provider/template_spec.rb +2 -2
data/spec/unit/resource/archive_file_spec.rb +414 -3
data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
data/spec/unit/resource/file/verification/json_spec.rb +72 -0
data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
data/spec/unit/resource/inspec_input_spec.rb +300 -0
data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
data/spec/unit/resource/mount_spec.rb +10 -0
data/spec/unit/resource/user_ulimit_spec.rb +14 -1
data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
data/tasks/rspec.rb +2 -1
metadata +60 -6

data/spec/unit/secret_fetcher/hashi_vault_spec.rb ADDED Viewed

@@ -0,0 +1,80 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/hashi_vault"
+describe Chef::SecretFetcher::HashiVault do
+  let(:node) { {} }
+  let(:run_context) { double("run_context", node: node) }
+  context "when validating provided HashiVault configuration" do
+    it "raises ConfigurationInvalid when the :auth_method is not valid" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:auth_method/)
+    end
+    it "raises ConfigurationInvalid when the vault_addr is not provided" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, role_name: "example-role" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+    context "and using auth_method: :iam_role" do
+      it "raises ConfigurationInvalid when the role_name is not provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+      it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200", role_name: "example-role" }, run_context)
+        allow(Aws::InstanceProfileCredentials).to receive(:new).and_return instance_double(Aws::InstanceProfileCredentials)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:aws_iam)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+    context "and using auth_method: :token" do
+      it "raises ConfigurationInvalid when no token is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+      it "authenticates using the token during validation when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, token: "t.1234abcd", vault_addr: "https://vault.example.com:8200" }, run_context)
+        auth = instance_double(Vault::Authenticate)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:token)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+  end
+  context "when fetching a secret from Hashi Vault" do
+    it "raises an FetchFailed message when no secret is returned due to invalid engine path" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      logical_double = instance_double(Vault::Logical)
+      expect(logical_double).to receive(:read).and_return nil
+      expect(Vault).to receive(:logical).and_return(logical_double)
+      expect { fetcher.do_fetch("anything", nil) }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+    end
+  end
+end

data/tasks/rspec.rb CHANGED Viewed

@@ -30,7 +30,8 @@ begin
         puts "--- Running #{gem} specs"
         Bundler.with_unbundled_env do
           puts "Executing tests in #{Dir.pwd}:"
-          sh("bundle install --jobs=3 --retry=3 --path=../vendor/bundle")
+          sh("bundle config set --local path 'vendor/bundle'")
+          sh("bundle install --jobs=3 --retry=3")
           sh("bundle exec rake spec")
         end
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.4.38
+  version: 17.5.22
 platform: universal-mingw32
 authors:
 - Adam Jacob
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-27 00:00:00.000000000 Z
+date: 2021-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.5.22
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -440,6 +440,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-secretsmanager
   requirement: !ruby/object:Gem::Requirement
@@ -454,6 +468,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.46'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
 - !ruby/object:Gem::Dependency
   name: win32-api
   requirement: !ruby/object:Gem::Requirement
@@ -1366,12 +1394,18 @@ files:
 - lib/chef/compliance/default_attributes.rb
 - lib/chef/compliance/fetcher/automate.rb
 - lib/chef/compliance/fetcher/chef_server.rb
+- lib/chef/compliance/input.rb
+- lib/chef/compliance/input_collection.rb
+- lib/chef/compliance/profile.rb
+- lib/chef/compliance/profile_collection.rb
 - lib/chef/compliance/reporter/automate.rb
 - lib/chef/compliance/reporter/chef_server_automate.rb
 - lib/chef/compliance/reporter/cli.rb
 - lib/chef/compliance/reporter/compliance_enforcer.rb
 - lib/chef/compliance/reporter/json_file.rb
 - lib/chef/compliance/runner.rb
+- lib/chef/compliance/waiver.rb
+- lib/chef/compliance/waiver_collection.rb
 - lib/chef/config.rb
 - lib/chef/config_fetcher.rb
 - lib/chef/constants.rb
@@ -1411,6 +1445,7 @@ files:
 - lib/chef/dsl.rb
 - lib/chef/dsl/chef_vault.rb
 - lib/chef/dsl/cheffish.rb
+- lib/chef/dsl/compliance.rb
 - lib/chef/dsl/data_query.rb
 - lib/chef/dsl/declare_resource.rb
 - lib/chef/dsl/definitions.rb
@@ -1418,6 +1453,7 @@ files:
 - lib/chef/dsl/include_recipe.rb
 - lib/chef/dsl/platform_introspection.rb
 - lib/chef/dsl/powershell.rb
+- lib/chef/dsl/reader_helpers.rb
 - lib/chef/dsl/reboot_pending.rb
 - lib/chef/dsl/recipe.rb
 - lib/chef/dsl/registry_helper.rb
@@ -1760,7 +1796,9 @@ files:
 - lib/chef/resource/execute.rb
 - lib/chef/resource/file.rb
 - lib/chef/resource/file/verification.rb
+- lib/chef/resource/file/verification/json.rb
 - lib/chef/resource/file/verification/systemd_unit.rb
+- lib/chef/resource/file/verification/yaml.rb
 - lib/chef/resource/freebsd_package.rb
 - lib/chef/resource/gem_package.rb
 - lib/chef/resource/group.rb
@@ -1781,6 +1819,8 @@ files:
 - lib/chef/resource/hostname.rb
 - lib/chef/resource/http_request.rb
 - lib/chef/resource/ifconfig.rb
+- lib/chef/resource/inspec_input.rb
+- lib/chef/resource/inspec_waiver.rb
 - lib/chef/resource/inspec_waiver_file_entry.rb
 - lib/chef/resource/ips_package.rb
 - lib/chef/resource/kernel_module.rb
@@ -1928,10 +1968,12 @@ files:
 - lib/chef/scan_access_control.rb
 - lib/chef/search/query.rb
 - lib/chef/secret_fetcher.rb
+- lib/chef/secret_fetcher/akeyless_vault.rb
 - lib/chef/secret_fetcher/aws_secrets_manager.rb
 - lib/chef/secret_fetcher/azure_key_vault.rb
 - lib/chef/secret_fetcher/base.rb
 - lib/chef/secret_fetcher/example.rb
+- lib/chef/secret_fetcher/hashi_vault.rb
 - lib/chef/server_api.rb
 - lib/chef/server_api_versions.rb
 - lib/chef/shell.rb
@@ -2060,6 +2102,7 @@ files:
 - spec/data/apt/var/www/apt/dists/sid/main/binary-i386/Packages
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.0-1_amd64.deb
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.1-1_amd64.deb
+- spec/data/archive_file/test_archive.tar.gz
 - spec/data/bad-config.rb
 - spec/data/bootstrap/encrypted_data_bag_secret
 - spec/data/bootstrap/no_proxy.erb
@@ -2444,6 +2487,7 @@ files:
 - spec/functional/resource/aix_service_spec.rb
 - spec/functional/resource/aixinit_service_spec.rb
 - spec/functional/resource/apt_package_spec.rb
+- spec/functional/resource/archive_file_spec.rb
 - spec/functional/resource/bash_spec.rb
 - spec/functional/resource/batch_spec.rb
 - spec/functional/resource/bff_spec.rb
@@ -2548,6 +2592,7 @@ files:
 - spec/support/platforms/prof/win32.rb
 - spec/support/platforms/win32/spec_service.rb
 - spec/support/recipe_dsl_helper.rb
+- spec/support/ruby_installer.rb
 - spec/support/shared/context/config.rb
 - spec/support/shared/context/win32.rb
 - spec/support/shared/functional/diff_disabled.rb
@@ -2608,10 +2653,13 @@ files:
 - spec/unit/client_spec.rb
 - spec/unit/compliance/fetcher/automate_spec.rb
 - spec/unit/compliance/fetcher/chef_server_spec.rb
+- spec/unit/compliance/input_spec.rb
+- spec/unit/compliance/profile_spec.rb
 - spec/unit/compliance/reporter/automate_spec.rb
 - spec/unit/compliance/reporter/chef_server_automate_spec.rb
 - spec/unit/compliance/reporter/compliance_enforcer_spec.rb
 - spec/unit/compliance/runner_spec.rb
+- spec/unit/compliance/waiver_spec.rb
 - spec/unit/config_fetcher_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/cookbook/chefignore_spec.rb
@@ -2898,7 +2946,9 @@ files:
 - spec/unit/resource/dsc_resource_spec.rb
 - spec/unit/resource/dsc_script_spec.rb
 - spec/unit/resource/execute_spec.rb
+- spec/unit/resource/file/verification/json_spec.rb
 - spec/unit/resource/file/verification/systemd_unit_spec.rb
+- spec/unit/resource/file/verification/yaml_spec.rb
 - spec/unit/resource/file/verification_spec.rb
 - spec/unit/resource/file_spec.rb
 - spec/unit/resource/freebsd_package_spec.rb
@@ -2912,7 +2962,9 @@ files:
 - spec/unit/resource/hostname_spec.rb
 - spec/unit/resource/http_request_spec.rb
 - spec/unit/resource/ifconfig_spec.rb
+- spec/unit/resource/inspec_input_spec.rb
 - spec/unit/resource/inspec_waiver_file_entry_spec.rb
+- spec/unit/resource/inspec_waiver_spec.rb
 - spec/unit/resource/ips_package_spec.rb
 - spec/unit/resource/kernel_module_spec.rb
 - spec/unit/resource/ksh_spec.rb
@@ -3039,8 +3091,10 @@ files:
 - spec/unit/runner_spec.rb
 - spec/unit/scan_access_control_spec.rb
 - spec/unit/search/query_spec.rb
+- spec/unit/secret_fetcher/akeyless_vault_spec.rb
 - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
 - spec/unit/secret_fetcher/azure_key_vault_spec.rb
+- spec/unit/secret_fetcher/hashi_vault_spec.rb
 - spec/unit/secret_fetcher_spec.rb
 - spec/unit/server_api_spec.rb
 - spec/unit/server_api_versions_spec.rb