chef 17.4.38-universal-mingw32 → 17.7.22-universal-mingw32

data/spec/unit/secret_fetcher/azure_key_vault_spec.rb

@@ -20,51 +20,130 @@
 require_relative "../../spec_helper"
 require "chef/secret_fetcher"
 require "chef/secret_fetcher/azure_key_vault"
+require "net/http/responses"
 
 describe Chef::SecretFetcher::AzureKeyVault do
-  let(:config) { { vault: "my_vault" } }
+  let(:config) { { vault: "my-vault" } }
   let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
+  let(:secrets_response_body) { '{ "value" : "my secret value" }' }
+  let(:secrets_response_mock) do
+    rm = Net::HTTPSuccess.new("1.0", "400", "OK")
+    allow(rm).to receive(:body).and_return(secrets_response_body)
+    rm
+  end
+  let(:token_response_body) { %Q({"access_token":"#{access_token}","client_id":"#{client_id}","expires_in":"86294","expires_on":"1627761860","ext_expires_in":"86399","not_before":"1627675160","resource":"https://vault.azure.net","token_type":"Bearer"}) }
+  let(:access_token) { "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL3ZhdWx0LmF6dXJlLm5ldCIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2E5ZTY2ZDhkLTA1ZTAtNGMwMC1iOWRkLWM0Yjc3M2U5MWNhNi8iLCJpYXQiOjE2Mjc2NzUxNjAsIm5iZiI6MTYyNzY3NTE2MCwiZXhwIjoxNjI3NzYxODYwLCJhaW8iOiJFMlpnWUhCWGplaTdWS214eEh6bjdoSWpNZFlMQUE9PSIsImFwcGlkIjoiNjU2Mjc1MjEtMzYzYi00ZDk2LTkyMTctMjcIsIm9pZCI6IjNiZjI1NjVhLWY4NWQtNDBiNy1hZWJkLTNlZDA1ZDA0N2FmNiIsInJoIjoiMC5BUk1BalczbXFlQUZBRXk1M2NTM2Mta2NwaUYxWW1VN05wWk5raGNuRGpuZEwxb1RBQUEuIiwic3ViIjoiM2JmMjU2NWEtZjg1ZC00MGI3LWFlYmQtM2VkMDVkMDQ3YWY2IiwidGlkIjoiYTllNjZkOGQtMDVlMC00YzAwLWI5ZGQtYzRiNzczZTkxY2E2IiwidXRpIjoibXlzeHpSRTV3ay1ibTFlYkNqc09BQSIsInZlciI6IjEuMCIsInhtc19taXJpZCI6Ii9zdWJzY3JpcHRpb25zLzYzNDJkZDZkLTc1NTQtNDJjOS04NTM2LTdkZmU3MmY1MWZhZC9yZXNvdXJjZWdyb3Vwcy9pbWFnZS1waXBlbGluZS1ydW5uZXItcWEtZWFzdHVzMi1yZy9wcm92aWRlcnMvTWljcm9zb2Z0Lk1hbmFnZWRJZGVudGl0eS91c2VyQXNzaWduZWRJZGVudGl0aWVzL2ltYWdlLXBpcGVsaW5lLXJ1bm5lci1xYS1lYXN0dXMyLW1pIn0.BquzjN6d0g4zlvkbkdVwNEfRxIXSmxYwCHMk6UG3iza2fVioiOrcoP4Cp9P5--AB4G_CAhIXaP7YIZs3mq05QiDjSvkVAM0t67UPGhEr66sNXkV72iZBnKca_auh6EHsjPfxeVHkE1wdrsncrYdKhzgO4IAj8Jg4N5qjcE2q-OkliadmEuTwrhPhq" }
+  let(:token_response_mock) do
+    rm = Net::HTTPSuccess.new("1.0", "400", "OK")
+    allow(rm).to receive(:body).and_return(token_response_body)
+    rm
+  end
+  let(:client_id) { SecureRandom.uuid }
+  let(:http_mock) { instance_double("Net::HTTP", :use_ssl= => nil) }
+  let(:token_uri) { URI.parse("http://169.254.169.254/metadata/identity/oauth2/token") }
+  let(:vault_name) { "my-vault" }
+  let(:secret_name) { "my-secret" }
+  let(:vault_secret_uri) { URI.parse("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2") }
+
+  before do
+    # Cache these up front so we can pass into allow statements without hitting:
+    #   URI received :parse with unexpected arguments
+    token_uri
+    vault_secret_uri
+  end
+
+  before do
+    allow(Net::HTTP).to receive(:new).and_return(http_mock)
+    allow(URI).to receive(:parse).with("http://169.254.169.254/metadata/identity/oauth2/token").and_return(token_uri)
+    allow(URI).to receive(:parse).with("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2").and_return(vault_secret_uri)
+    allow(http_mock).to receive(:get).with(token_uri, { "Metadata" => "true" }).and_return(token_response_mock)
+    allow(http_mock).to receive(:get).with(vault_secret_uri, { "Authorization" => "Bearer #{access_token}", "Content-Type" => "application/json" }).and_return(secrets_response_mock)
+  end
+
+  describe "#validate!" do
+    it "raises error when more than one is provided: :object_id, :client_id, :mi_res_id" do
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+  end
 
-  context "when performing a fetch" do
-    let(:body) { '{ "value" : "my secret value" }' }
-    let(:response_mock) { double("response", body: body) }
-    let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
+  describe "#fetch_token" do
+    context "when Net::HTTPBadRequest is returned and the error description contains \"Identity not found\"" do
+      let(:token_response_mock) { Net::HTTPBadRequest.new("1.0", "400", "Bad Request") }
+
+      before do
+        allow(fetcher).to receive(:fetch_token).and_call_original
+        allow(token_response_mock).to receive(:body).and_return('{"error":"invalid_request","error_description":"Identity not found"}')
+      end
 
-    before do
-      allow(fetcher).to receive(:fetch_token).and_return "a token"
-      allow(Net::HTTP).to receive(:new).and_return(http_mock)
+      it "raises Chef::Exceptions::Secret::Azure::IdentityNotFound" do
+        expect { fetcher.send(:fetch_token) }.to raise_error(Chef::Exceptions::Secret::Azure::IdentityNotFound)
+      end
     end
 
-    context "and vault name is only provided in the secret name" do
-      let(:body) { '{ "value" : "my secret value" }' }
+    context "when :object_id is provided" do
+      let(:object_id) { SecureRandom.uuid }
+      let(:config) { { vault: "my-vault", object_id: object_id } }
+
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/object_id=#{object_id}/)
+      end
+    end
+
+    context "when :client_id is provided" do
+      let(:config) { { vault: "my-vault", client_id: client_id } }
+
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/client_id=#{client_id}/)
+      end
+    end
+
+    context "when :mi_res_id is provided" do
+      let(:mi_res_id) { SecureRandom.uuid }
+      let(:config) { { vault: "my-vault", mi_res_id: mi_res_id } }
+
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/mi_res_id=#{mi_res_id}/)
+      end
+    end
+  end
+
+  describe "#fetch" do
+    context "when vault name is only provided in the secret name" do
+      let(:secrets_response_body) { '{ "value" : "my secret value" }' }
       let(:config) { {} }
       it "fetches the value" do
-        expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
+        expect(fetcher.fetch("my-vault/my-secret")).to eq "my secret value"
       end
     end
 
-    context "and vault name is not provided in the secret name" do
+    context "when vault name is not provided in the secret name" do
       context "and vault name is not provided in config" do
         let(:config) { {} }
         it "raises a ConfigurationInvalid exception" do
-          expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+          expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
         end
       end
 
       context "and vault name is provided in config" do
-        let(:config) { { vault: "my_vault" } }
+        let(:config) { { vault: "my-vault" } }
         it "fetches the value" do
-          expect(fetcher.fetch("value")).to eq "my secret value"
+          expect(fetcher.fetch("my-secret")).to eq "my secret value"
         end
       end
     end
-    context "and an error response is received in the body" do
-      let(:config) { { vault: "my_vault" } }
-      let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
+
+    context "when an error response is received in the response body" do
+      let(:config) { { vault: "my-vault" } }
+      let(:secrets_response_body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
       it "raises FetchFailed" do
-        expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+        expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
       end
     end
   end
 end
-

data/spec/unit/secret_fetcher/hashi_vault_spec.rb

@@ -0,0 +1,80 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/hashi_vault"
+
+describe Chef::SecretFetcher::HashiVault do
+  let(:node) { {} }
+  let(:run_context) { double("run_context", node: node) }
+
+  context "when validating provided HashiVault configuration" do
+    it "raises ConfigurationInvalid when the :auth_method is not valid" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid, /:auth_method/)
+    end
+
+    it "raises ConfigurationInvalid when the vault_addr is not provided" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, role_name: "example-role" }, run_context)
+      expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+
+    context "and using auth_method: :iam_role" do
+      it "raises ConfigurationInvalid when the role_name is not provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+
+      it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :iam_role, vault_addr: "https://vault.example.com:8200", role_name: "example-role" }, run_context)
+        allow(Aws::InstanceProfileCredentials).to receive(:new).and_return instance_double(Aws::InstanceProfileCredentials)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:aws_iam)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+
+    context "and using auth_method: :token" do
+      it "raises ConfigurationInvalid when no token is provided" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+
+      it "authenticates using the token during validation when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :token, token: "t.1234abcd", vault_addr: "https://vault.example.com:8200" }, run_context)
+        auth = instance_double(Vault::Authenticate)
+        auth_double = instance_double(Vault::Authenticate)
+        expect(auth_double).to receive(:token)
+        allow(Vault).to receive(:auth).and_return(auth_double)
+        fetcher.validate!
+      end
+    end
+  end
+
+  context "when fetching a secret from Hashi Vault" do
+    it "raises an FetchFailed message when no secret is returned due to invalid engine path" do
+      fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :invalid, vault_addr: "https://vault.example.com:8200" }, run_context)
+      logical_double = instance_double(Vault::Logical)
+      expect(logical_double).to receive(:read).and_return nil
+      expect(Vault).to receive(:logical).and_return(logical_double)
+      expect { fetcher.do_fetch("anything", nil) }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+    end
+  end
+end
+

data/spec/unit/util/backup_spec.rb

@@ -132,7 +132,7 @@ describe Chef::Util::Backup do
     end
 
     it "uses the configured Chef::Config[:file_backup_path] and strips the drive on windows" do
-      expect(@backup).to receive(:path).and_return('c:\\a\\b\\c.txt')
+      expect(@backup).to receive(:path).and_return("c:\\a\\b\\c.txt")
       Chef::Config[:file_backup_path] = 'c:\backupdir'
       expect(@backup.send(:backup_path)).to match(%r|^c:\\backupdir[\\/]+a\\b\\c.txt.chef-\d{14}.\d{6}$|)
     end

data/spec/unit/win32/registry_spec.rb

@@ -23,12 +23,12 @@ describe Chef::Win32::Registry do
 
   let(:value1) { { name: "one", type: :string, data: "1" } }
   let(:value1_upcase_name) { { name: "ONE", type: :string, data: "1" } }
-  let(:key_path) { 'HKCU\Software\OpscodeNumbers' }
-  let(:key) { 'Software\OpscodeNumbers' }
+  let(:key_path) { "HKCU\\Software\\OpscodeNumbers" }
+  let(:key) { "Software\\OpscodeNumbers" }
   let(:key_parent) { "Software" }
   let(:key_to_delete) { "OpscodeNumbers" }
   let(:sub_key) { "OpscodePrimes" }
-  let(:missing_key_path) { 'HKCU\Software' }
+  let(:missing_key_path) { "HKCU\\Software" }
   let(:registry) { Chef::Win32::Registry.new }
   let(:hive_mock) { double("::Win32::Registry::HKEY_CURRENT_USER") }
   let(:reg_mock) { double("reg") }

data/tasks/rspec.rb

@@ -30,7 +30,8 @@ begin
         puts "--- Running #{gem} specs"
         Bundler.with_unbundled_env do
           puts "Executing tests in #{Dir.pwd}:"
-          sh("bundle install --jobs=3 --retry=3 --path=../vendor/bundle")
+          sh("bundle config set --local path 'vendor/bundle'")
+          sh("bundle install --jobs=3 --retry=3")
           sh("bundle exec rake spec")
         end
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.4.38
+  version: 17.7.22
 platform: universal-mingw32
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-27 00:00:00.000000000 Z
+date: 2021-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.7.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.7.22
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.7.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.4.38
+        version: 17.7.22
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -426,6 +426,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: corefoundation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.4
 - !ruby/object:Gem::Dependency
   name: proxifier
   requirement: !ruby/object:Gem::Requirement
@@ -440,6 +454,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.91'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-secretsmanager
   requirement: !ruby/object:Gem::Requirement
@@ -454,6 +482,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.46'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
 - !ruby/object:Gem::Dependency
   name: win32-api
   requirement: !ruby/object:Gem::Requirement
@@ -1366,12 +1408,18 @@ files:
 - lib/chef/compliance/default_attributes.rb
 - lib/chef/compliance/fetcher/automate.rb
 - lib/chef/compliance/fetcher/chef_server.rb
+- lib/chef/compliance/input.rb
+- lib/chef/compliance/input_collection.rb
+- lib/chef/compliance/profile.rb
+- lib/chef/compliance/profile_collection.rb
 - lib/chef/compliance/reporter/automate.rb
 - lib/chef/compliance/reporter/chef_server_automate.rb
 - lib/chef/compliance/reporter/cli.rb
 - lib/chef/compliance/reporter/compliance_enforcer.rb
 - lib/chef/compliance/reporter/json_file.rb
 - lib/chef/compliance/runner.rb
+- lib/chef/compliance/waiver.rb
+- lib/chef/compliance/waiver_collection.rb
 - lib/chef/config.rb
 - lib/chef/config_fetcher.rb
 - lib/chef/constants.rb
@@ -1411,6 +1459,7 @@ files:
 - lib/chef/dsl.rb
 - lib/chef/dsl/chef_vault.rb
 - lib/chef/dsl/cheffish.rb
+- lib/chef/dsl/compliance.rb
 - lib/chef/dsl/data_query.rb
 - lib/chef/dsl/declare_resource.rb
 - lib/chef/dsl/definitions.rb
@@ -1418,6 +1467,7 @@ files:
 - lib/chef/dsl/include_recipe.rb
 - lib/chef/dsl/platform_introspection.rb
 - lib/chef/dsl/powershell.rb
+- lib/chef/dsl/reader_helpers.rb
 - lib/chef/dsl/reboot_pending.rb
 - lib/chef/dsl/recipe.rb
 - lib/chef/dsl/registry_helper.rb
@@ -1760,7 +1810,9 @@ files:
 - lib/chef/resource/execute.rb
 - lib/chef/resource/file.rb
 - lib/chef/resource/file/verification.rb
+- lib/chef/resource/file/verification/json.rb
 - lib/chef/resource/file/verification/systemd_unit.rb
+- lib/chef/resource/file/verification/yaml.rb
 - lib/chef/resource/freebsd_package.rb
 - lib/chef/resource/gem_package.rb
 - lib/chef/resource/group.rb
@@ -1781,6 +1833,8 @@ files:
 - lib/chef/resource/hostname.rb
 - lib/chef/resource/http_request.rb
 - lib/chef/resource/ifconfig.rb
+- lib/chef/resource/inspec_input.rb
+- lib/chef/resource/inspec_waiver.rb
 - lib/chef/resource/inspec_waiver_file_entry.rb
 - lib/chef/resource/ips_package.rb
 - lib/chef/resource/kernel_module.rb
@@ -1928,10 +1982,12 @@ files:
 - lib/chef/scan_access_control.rb
 - lib/chef/search/query.rb
 - lib/chef/secret_fetcher.rb
+- lib/chef/secret_fetcher/akeyless_vault.rb
 - lib/chef/secret_fetcher/aws_secrets_manager.rb
 - lib/chef/secret_fetcher/azure_key_vault.rb
 - lib/chef/secret_fetcher/base.rb
 - lib/chef/secret_fetcher/example.rb
+- lib/chef/secret_fetcher/hashi_vault.rb
 - lib/chef/server_api.rb
 - lib/chef/server_api_versions.rb
 - lib/chef/shell.rb
@@ -2060,6 +2116,7 @@ files:
 - spec/data/apt/var/www/apt/dists/sid/main/binary-i386/Packages
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.0-1_amd64.deb
 - spec/data/apt/var/www/apt/pool/main/c/chef-integration-test/chef-integration-test_1.1-1_amd64.deb
+- spec/data/archive_file/test_archive.tar.gz
 - spec/data/bad-config.rb
 - spec/data/bootstrap/encrypted_data_bag_secret
 - spec/data/bootstrap/no_proxy.erb
@@ -2444,6 +2501,7 @@ files:
 - spec/functional/resource/aix_service_spec.rb
 - spec/functional/resource/aixinit_service_spec.rb
 - spec/functional/resource/apt_package_spec.rb
+- spec/functional/resource/archive_file_spec.rb
 - spec/functional/resource/bash_spec.rb
 - spec/functional/resource/batch_spec.rb
 - spec/functional/resource/bff_spec.rb
@@ -2464,6 +2522,7 @@ files:
 - spec/functional/resource/launchd_spec.rb
 - spec/functional/resource/link_spec.rb
 - spec/functional/resource/locale_spec.rb
+- spec/functional/resource/macos_userdefaults_spec.rb
 - spec/functional/resource/mount_spec.rb
 - spec/functional/resource/msu_package_spec.rb
 - spec/functional/resource/ohai_spec.rb
@@ -2548,6 +2607,7 @@ files:
 - spec/support/platforms/prof/win32.rb
 - spec/support/platforms/win32/spec_service.rb
 - spec/support/recipe_dsl_helper.rb
+- spec/support/ruby_installer.rb
 - spec/support/shared/context/config.rb
 - spec/support/shared/context/win32.rb
 - spec/support/shared/functional/diff_disabled.rb
@@ -2608,10 +2668,13 @@ files:
 - spec/unit/client_spec.rb
 - spec/unit/compliance/fetcher/automate_spec.rb
 - spec/unit/compliance/fetcher/chef_server_spec.rb
+- spec/unit/compliance/input_spec.rb
+- spec/unit/compliance/profile_spec.rb
 - spec/unit/compliance/reporter/automate_spec.rb
 - spec/unit/compliance/reporter/chef_server_automate_spec.rb
 - spec/unit/compliance/reporter/compliance_enforcer_spec.rb
 - spec/unit/compliance/runner_spec.rb
+- spec/unit/compliance/waiver_spec.rb
 - spec/unit/config_fetcher_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/cookbook/chefignore_spec.rb
@@ -2898,7 +2961,9 @@ files:
 - spec/unit/resource/dsc_resource_spec.rb
 - spec/unit/resource/dsc_script_spec.rb
 - spec/unit/resource/execute_spec.rb
+- spec/unit/resource/file/verification/json_spec.rb
 - spec/unit/resource/file/verification/systemd_unit_spec.rb
+- spec/unit/resource/file/verification/yaml_spec.rb
 - spec/unit/resource/file/verification_spec.rb
 - spec/unit/resource/file_spec.rb
 - spec/unit/resource/freebsd_package_spec.rb
@@ -2912,7 +2977,9 @@ files:
 - spec/unit/resource/hostname_spec.rb
 - spec/unit/resource/http_request_spec.rb
 - spec/unit/resource/ifconfig_spec.rb
+- spec/unit/resource/inspec_input_spec.rb
 - spec/unit/resource/inspec_waiver_file_entry_spec.rb
+- spec/unit/resource/inspec_waiver_spec.rb
 - spec/unit/resource/ips_package_spec.rb
 - spec/unit/resource/kernel_module_spec.rb
 - spec/unit/resource/ksh_spec.rb
@@ -3039,8 +3106,10 @@ files:
 - spec/unit/runner_spec.rb
 - spec/unit/scan_access_control_spec.rb
 - spec/unit/search/query_spec.rb
+- spec/unit/secret_fetcher/akeyless_vault_spec.rb
 - spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
 - spec/unit/secret_fetcher/azure_key_vault_spec.rb
+- spec/unit/secret_fetcher/hashi_vault_spec.rb
 - spec/unit/secret_fetcher_spec.rb
 - spec/unit/server_api_spec.rb
 - spec/unit/server_api_versions_spec.rb