chef 17.4.38-universal-mingw32 → 17.7.22-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +5 -0
- data/chef.gemspec +3 -0
- data/lib/chef/application/base.rb +11 -1
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +1 -1
- data/lib/chef/client.rb +1 -2
- data/lib/chef/compliance/input.rb +115 -0
- data/lib/chef/compliance/input_collection.rb +139 -0
- data/lib/chef/compliance/profile.rb +122 -0
- data/lib/chef/compliance/profile_collection.rb +109 -0
- data/lib/chef/compliance/runner.rb +47 -5
- data/lib/chef/compliance/waiver.rb +115 -0
- data/lib/chef/compliance/waiver_collection.rb +143 -0
- data/lib/chef/data_collector/run_end_message.rb +1 -1
- data/lib/chef/dsl/compliance.rb +38 -0
- data/lib/chef/dsl/reader_helpers.rb +51 -0
- data/lib/chef/dsl/reboot_pending.rb +1 -1
- data/lib/chef/dsl/recipe.rb +4 -2
- data/lib/chef/dsl/secret.rb +2 -4
- data/lib/chef/dsl/universal.rb +2 -0
- data/lib/chef/event_dispatch/base.rb +44 -2
- data/lib/chef/exceptions.rb +10 -0
- data/lib/chef/formatters/doc.rb +46 -0
- data/lib/chef/http/basic_client.rb +15 -7
- data/lib/chef/http.rb +7 -3
- data/lib/chef/provider/cron.rb +4 -1
- data/lib/chef/provider/file.rb +2 -0
- data/lib/chef/provider/git.rb +1 -1
- data/lib/chef/provider/ifconfig/debian.rb +1 -1
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/registry_key.rb +3 -2
- data/lib/chef/provider/remote_file/http.rb +1 -1
- data/lib/chef/provider/subversion.rb +5 -5
- data/lib/chef/provider/template.rb +1 -1
- data/lib/chef/resource/archive_file.rb +17 -14
- data/lib/chef/resource/chef_client_scheduled_task.rb +45 -2
- data/lib/chef/resource/chocolatey_config.rb +14 -14
- data/lib/chef/resource/chocolatey_feature.rb +1 -1
- data/lib/chef/resource/chocolatey_source.rb +24 -2
- data/lib/chef/resource/directory.rb +1 -1
- data/lib/chef/resource/file/verification/json.rb +50 -0
- data/lib/chef/resource/file/verification/yaml.rb +52 -0
- data/lib/chef/resource/habitat_install.rb +3 -3
- data/lib/chef/resource/inspec_input.rb +127 -0
- data/lib/chef/resource/inspec_waiver.rb +184 -0
- data/lib/chef/resource/inspec_waiver_file_entry.rb +1 -1
- data/lib/chef/resource/kernel_module.rb +27 -2
- data/lib/chef/resource/macos_userdefaults.rb +43 -128
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +1 -1
- data/lib/chef/resource/powershell_package_source.rb +234 -70
- data/lib/chef/resource/registry_key.rb +36 -48
- data/lib/chef/resource/remote_file.rb +98 -2
- data/lib/chef/resource/timezone.rb +2 -2
- data/lib/chef/resource/user_ulimit.rb +1 -0
- data/lib/chef/resource/windows_auto_run.rb +1 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
- data/lib/chef/resource/windows_printer.rb +1 -1
- data/lib/chef/resource/windows_uac.rb +3 -1
- data/lib/chef/resource/windows_update_settings.rb +3 -3
- data/lib/chef/resource/windows_user_privilege.rb +1 -1
- data/lib/chef/resource.rb +1 -1
- data/lib/chef/resource_reporter.rb +1 -1
- data/lib/chef/resources.rb +2 -0
- data/lib/chef/run_context/cookbook_compiler.rb +112 -28
- data/lib/chef/run_context.rb +31 -1
- data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +1 -1
- data/lib/chef/secret_fetcher/azure_key_vault.rb +63 -9
- data/lib/chef/secret_fetcher/base.rb +1 -1
- data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
- data/lib/chef/secret_fetcher.rb +8 -3
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/version.rb +2 -1
- data/spec/data/archive_file/test_archive.tar.gz +0 -0
- data/spec/functional/dsl/reboot_pending_spec.rb +3 -3
- data/spec/functional/dsl/registry_helper_spec.rb +1 -1
- data/spec/functional/resource/archive_file_spec.rb +87 -0
- data/spec/functional/resource/dsc_script_spec.rb +2 -2
- data/spec/functional/resource/group_spec.rb +5 -1
- data/spec/functional/resource/link_spec.rb +8 -0
- data/spec/functional/resource/macos_userdefaults_spec.rb +119 -0
- data/spec/functional/resource/powershell_package_source_spec.rb +5 -6
- data/spec/functional/resource/registry_spec.rb +81 -81
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/integration/compliance/compliance_spec.rb +60 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +51 -0
- data/spec/unit/compliance/input_spec.rb +104 -0
- data/spec/unit/compliance/profile_spec.rb +120 -0
- data/spec/unit/compliance/waiver_spec.rb +104 -0
- data/spec/unit/data_collector_spec.rb +24 -1
- data/spec/unit/dsl/reboot_pending_spec.rb +1 -1
- data/spec/unit/http/basic_client_spec.rb +30 -0
- data/spec/unit/http_spec.rb +8 -2
- data/spec/unit/mixin/default_paths_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +3 -3
- data/spec/unit/provider/cron_spec.rb +45 -0
- data/spec/unit/provider/link_spec.rb +13 -7
- data/spec/unit/provider/package/rubygems_spec.rb +5 -5
- data/spec/unit/provider/package/windows_spec.rb +1 -1
- data/spec/unit/provider/registry_key_spec.rb +4 -4
- data/spec/unit/provider/remote_file/http_spec.rb +10 -0
- data/spec/unit/provider/service/windows_spec.rb +5 -5
- data/spec/unit/provider/subversion_spec.rb +4 -4
- data/spec/unit/provider/template_spec.rb +2 -2
- data/spec/unit/provider/windows_env_spec.rb +1 -1
- data/spec/unit/provider/zypper_repository_spec.rb +1 -1
- data/spec/unit/resource/archive_file_spec.rb +414 -3
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
- data/spec/unit/resource/chocolatey_config_spec.rb +1 -1
- data/spec/unit/resource/chocolatey_feature_spec.rb +1 -1
- data/spec/unit/resource/chocolatey_source_spec.rb +1 -1
- data/spec/unit/resource/file/verification/json_spec.rb +72 -0
- data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
- data/spec/unit/resource/inspec_input_spec.rb +300 -0
- data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
- data/spec/unit/resource/kernel_module_spec.rb +2 -1
- data/spec/unit/resource/macos_user_defaults_spec.rb +36 -96
- data/spec/unit/resource/mount_spec.rb +10 -0
- data/spec/unit/resource/powershell_package_source_spec.rb +63 -62
- data/spec/unit/resource/registry_key_spec.rb +10 -10
- data/spec/unit/resource/user_ulimit_spec.rb +14 -1
- data/spec/unit/resource/windows_auto_run_spec.rb +1 -1
- data/spec/unit/resource/windows_feature_powershell_spec.rb +1 -1
- data/spec/unit/resource/windows_firewall_rule_spec.rb +2 -2
- data/spec/unit/resource/windows_task_spec.rb +3 -3
- data/spec/unit/resource_reporter_spec.rb +2 -2
- data/spec/unit/resource_spec.rb +5 -0
- data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +99 -20
- data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/win32/registry_spec.rb +3 -3
- data/tasks/rspec.rb +2 -1
- metadata +75 -6
@@ -0,0 +1,115 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "yaml"
|
19
|
+
|
20
|
+
class Chef
|
21
|
+
module Compliance
|
22
|
+
#
|
23
|
+
# Chef object that represents a single waiver file in the compliance
|
24
|
+
# segment of a cookbook
|
25
|
+
#
|
26
|
+
class Waiver
|
27
|
+
# @return [Boolean] if the waiver has been enabled
|
28
|
+
attr_reader :enabled
|
29
|
+
|
30
|
+
# @return [String] The name of the cookbook that the waiver is in
|
31
|
+
attr_reader :cookbook_name
|
32
|
+
|
33
|
+
# @return [String] The full path on the host to the waiver yml file
|
34
|
+
attr_reader :path
|
35
|
+
|
36
|
+
# @return [String] the pathname in the cookbook
|
37
|
+
attr_reader :pathname
|
38
|
+
|
39
|
+
# @api private
|
40
|
+
attr_reader :data
|
41
|
+
|
42
|
+
# Event dispatcher for this run.
|
43
|
+
#
|
44
|
+
# @return [Chef::EventDispatch::Dispatcher]
|
45
|
+
#
|
46
|
+
attr_accessor :events
|
47
|
+
|
48
|
+
def initialize(events, data, path, cookbook_name)
|
49
|
+
@events = events
|
50
|
+
@data = data
|
51
|
+
@cookbook_name = cookbook_name
|
52
|
+
@path = path
|
53
|
+
@pathname = File.basename(path, File.extname(path)) unless path.nil?
|
54
|
+
disable!
|
55
|
+
end
|
56
|
+
|
57
|
+
# @return [Boolean] if the waiver has been enabled
|
58
|
+
#
|
59
|
+
def enabled?
|
60
|
+
!!@enabled
|
61
|
+
end
|
62
|
+
|
63
|
+
# Set the waiver to being enabled
|
64
|
+
#
|
65
|
+
def enable!
|
66
|
+
events.compliance_waiver_enabled(self)
|
67
|
+
@enabled = true
|
68
|
+
end
|
69
|
+
|
70
|
+
# Set the waiver as being disabled
|
71
|
+
#
|
72
|
+
def disable!
|
73
|
+
@enabled = false
|
74
|
+
end
|
75
|
+
|
76
|
+
# Render the waiver in a way that it can be consumed by inspec
|
77
|
+
#
|
78
|
+
def inspec_data
|
79
|
+
data
|
80
|
+
end
|
81
|
+
|
82
|
+
HIDDEN_IVARS = [ :@events ].freeze
|
83
|
+
|
84
|
+
# Omit the event object from error output
|
85
|
+
#
|
86
|
+
def inspect
|
87
|
+
ivar_string = (instance_variables.map(&:to_sym) - HIDDEN_IVARS).map do |ivar|
|
88
|
+
"#{ivar}=#{instance_variable_get(ivar).inspect}"
|
89
|
+
end.join(", ")
|
90
|
+
"#<#{self.class}:#{object_id} #{ivar_string}>"
|
91
|
+
end
|
92
|
+
|
93
|
+
# Helper to construct a waiver object from a hash. Since the path and
|
94
|
+
# cookbook_name are required this is probably not externally useful.
|
95
|
+
#
|
96
|
+
def self.from_hash(events, hash, path = nil, cookbook_name = nil)
|
97
|
+
new(events, hash, path, cookbook_name)
|
98
|
+
end
|
99
|
+
|
100
|
+
# Helper to construct a waiver object from a yaml string. Since the path
|
101
|
+
# and cookbook_name are required this is probably not externally useful.
|
102
|
+
#
|
103
|
+
def self.from_yaml(events, string, path = nil, cookbook_name = nil)
|
104
|
+
from_hash(events, YAML.load(string), path, cookbook_name)
|
105
|
+
end
|
106
|
+
|
107
|
+
# @param filename [String] full path to the yml file in the cookbook
|
108
|
+
# @param cookbook_name [String] cookbook that the waiver is in
|
109
|
+
#
|
110
|
+
def self.from_file(events, filename, cookbook_name = nil)
|
111
|
+
from_yaml(events, IO.read(filename), filename, cookbook_name)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
@@ -0,0 +1,143 @@
|
|
1
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
2
|
+
# License:: Apache License, Version 2.0
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
|
17
|
+
require_relative "waiver"
|
18
|
+
|
19
|
+
class Chef
|
20
|
+
module Compliance
|
21
|
+
class WaiverCollection < Array
|
22
|
+
|
23
|
+
# Event dispatcher for this run.
|
24
|
+
#
|
25
|
+
# @return [Chef::EventDispatch::Dispatcher]
|
26
|
+
#
|
27
|
+
attr_reader :events
|
28
|
+
|
29
|
+
def initialize(events)
|
30
|
+
@events = events
|
31
|
+
end
|
32
|
+
|
33
|
+
# Add a waiver to the waiver collection. The cookbook_name needs to be determined by the
|
34
|
+
# caller and is used in the `include_waiver` API to match on. The path should be the complete
|
35
|
+
# path on the host of the yml file, including the filename.
|
36
|
+
#
|
37
|
+
# @param path [String]
|
38
|
+
# @param cookbook_name [String]
|
39
|
+
#
|
40
|
+
def from_file(filename, cookbook_name)
|
41
|
+
new_waiver = Waiver.from_file(events, filename, cookbook_name)
|
42
|
+
self << new_waiver
|
43
|
+
events.compliance_waiver_loaded(new_waiver)
|
44
|
+
end
|
45
|
+
|
46
|
+
# Add a waiver from a raw hash. This waiver will be enabled by default.
|
47
|
+
#
|
48
|
+
# @param path [String]
|
49
|
+
# @param cookbook_name [String]
|
50
|
+
#
|
51
|
+
def from_hash(hash)
|
52
|
+
new_waiver = Waiver.from_hash(events, hash)
|
53
|
+
new_waiver.enable!
|
54
|
+
self << new_waiver
|
55
|
+
end
|
56
|
+
|
57
|
+
# @return [Array<Waiver>] inspec waivers which are enabled in a form suitable to pass to inspec
|
58
|
+
#
|
59
|
+
def inspec_data
|
60
|
+
select(&:enabled?).each_with_object({}) { |waiver, hash| hash.merge(waiver.inspec_data) }
|
61
|
+
end
|
62
|
+
|
63
|
+
# DSL method to enable waiver files. This matches on the filename of the waiver file.
|
64
|
+
# If the specific waiver is omitted then it uses the default waiver. The string
|
65
|
+
# supports regular expression matching.
|
66
|
+
#
|
67
|
+
# @example Specific waiver file in a cookbook
|
68
|
+
#
|
69
|
+
# include_waiver "acme_cookbook::ssh-001"
|
70
|
+
#
|
71
|
+
# @example The compliance/waiver/default.rb waiver file in a cookbook
|
72
|
+
#
|
73
|
+
# include_waiver "acme_cookbook"
|
74
|
+
#
|
75
|
+
# @example Every waiver file in a cookbook
|
76
|
+
#
|
77
|
+
# include_waiver "acme_cookbook::.*"
|
78
|
+
#
|
79
|
+
# @example Matching waivers by regexp in a cookbook
|
80
|
+
#
|
81
|
+
# include_waiver "acme_cookbook::ssh.*"
|
82
|
+
#
|
83
|
+
# @example Matching waivers by regexp in any cookbook in the cookbook collection
|
84
|
+
#
|
85
|
+
# include_waiver ".*::ssh.*"
|
86
|
+
#
|
87
|
+
# @example Adding an arbitrary hash of data (not from any file in a cookbook)
|
88
|
+
#
|
89
|
+
# include_waiver({ "ssh-01" => {
|
90
|
+
# "expiration_date" => "2033-07-31",
|
91
|
+
# "run" => false,
|
92
|
+
# "justification" => "the reason it is waived",
|
93
|
+
# } })
|
94
|
+
#
|
95
|
+
def include_waiver(arg)
|
96
|
+
raise "include_waiver was given a nil value" if arg.nil?
|
97
|
+
|
98
|
+
# if we're given a hash argument just shove it in the collection
|
99
|
+
if arg.is_a?(Hash)
|
100
|
+
from_hash(arg)
|
101
|
+
return
|
102
|
+
end
|
103
|
+
|
104
|
+
matching_waivers!(arg).each(&:enable!)
|
105
|
+
end
|
106
|
+
|
107
|
+
def valid?(arg)
|
108
|
+
!matching_waivers(arg).empty?
|
109
|
+
end
|
110
|
+
|
111
|
+
HIDDEN_IVARS = [ :@events ].freeze
|
112
|
+
|
113
|
+
# Omit the event object from error output
|
114
|
+
#
|
115
|
+
def inspect
|
116
|
+
ivar_string = (instance_variables.map(&:to_sym) - HIDDEN_IVARS).map do |ivar|
|
117
|
+
"#{ivar}=#{instance_variable_get(ivar).inspect}"
|
118
|
+
end.join(", ")
|
119
|
+
"#<#{self.class}:#{object_id} #{ivar_string}>"
|
120
|
+
end
|
121
|
+
|
122
|
+
private
|
123
|
+
|
124
|
+
def matching_waivers(arg, should_raise: false)
|
125
|
+
(cookbook_name, waiver_name) = arg.split("::")
|
126
|
+
|
127
|
+
waiver_name = "default" if waiver_name.nil?
|
128
|
+
|
129
|
+
waivers = select { |waiver| /^#{cookbook_name}$/.match?(waiver.cookbook_name) && /^#{waiver_name}$/.match?(waiver.pathname) }
|
130
|
+
|
131
|
+
if waivers.empty? && should_raise
|
132
|
+
raise "No inspec waivers matching '#{waiver_name}' found in cookbooks matching '#{cookbook_name}'"
|
133
|
+
end
|
134
|
+
|
135
|
+
waivers
|
136
|
+
end
|
137
|
+
|
138
|
+
def matching_waivers!(arg)
|
139
|
+
matching_waivers(arg, should_raise: true)
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
@@ -128,7 +128,7 @@ class Chef
|
|
128
128
|
|
129
129
|
if new_resource.cookbook_name
|
130
130
|
hash["cookbook_name"] = new_resource.cookbook_name
|
131
|
-
hash["cookbook_version"] = new_resource.cookbook_version
|
131
|
+
hash["cookbook_version"] = new_resource.cookbook_version&.version
|
132
132
|
hash["recipe_name"] = new_resource.recipe_name
|
133
133
|
end
|
134
134
|
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
class Chef
|
19
|
+
module DSL
|
20
|
+
module Compliance
|
21
|
+
|
22
|
+
# @see Chef::Compliance::ProfileCollection#include_profile
|
23
|
+
def include_profile(*args)
|
24
|
+
run_context.profile_collection.include_profile(*args)
|
25
|
+
end
|
26
|
+
|
27
|
+
# @see Chef::Compliance::WaiverCollection#include_waiver
|
28
|
+
def include_waiver(*args)
|
29
|
+
run_context.waiver_collection.include_waiver(*args)
|
30
|
+
end
|
31
|
+
|
32
|
+
# @see Chef::Compliance::inputCollection#include_input
|
33
|
+
def include_input(*args)
|
34
|
+
run_context.input_collection.include_input(*args)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
autoload :TOML, "tomlrb"
|
18
|
+
require_relative "../json_compat"
|
19
|
+
autoload :YAML, "yaml"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
module DSL
|
23
|
+
module ReaderHelpers
|
24
|
+
|
25
|
+
def parse_file(filename)
|
26
|
+
case File.extname(filename)
|
27
|
+
when ".toml"
|
28
|
+
parse_toml(filename)
|
29
|
+
when ".yaml", ".yml"
|
30
|
+
parse_yaml(filename)
|
31
|
+
when ".json"
|
32
|
+
parse_json(filename)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def parse_json(filename)
|
37
|
+
JSONCompat.parse(IO.read(filename))
|
38
|
+
end
|
39
|
+
|
40
|
+
def parse_toml(filename)
|
41
|
+
Tomlrb.load_file(filename)
|
42
|
+
end
|
43
|
+
|
44
|
+
def parse_yaml(filename)
|
45
|
+
YAML.load(IO.read(filename))
|
46
|
+
end
|
47
|
+
|
48
|
+
extend self
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -37,7 +37,7 @@ class Chef
|
|
37
37
|
# due to a file being in use (usually a temporary file and a system file)
|
38
38
|
# \??\c:\temp\test.sys!\??\c:\winnt\system32\test.sys
|
39
39
|
# http://technet.microsoft.com/en-us/library/cc960241.aspx
|
40
|
-
registry_value_exists?(
|
40
|
+
registry_value_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", { name: "PendingFileRenameOperations" }) ||
|
41
41
|
|
42
42
|
# RebootRequired key contains Update IDs with a value of 1 if they require a reboot.
|
43
43
|
# The existence of RebootRequired alone is sufficient on my Windows 8.1 workstation in Windows Update
|
data/lib/chef/dsl/recipe.rb
CHANGED
@@ -18,12 +18,13 @@
|
|
18
18
|
#
|
19
19
|
|
20
20
|
require_relative "../exceptions"
|
21
|
-
require_relative "
|
21
|
+
require_relative "compliance"
|
22
|
+
require_relative "declare_resource"
|
22
23
|
require_relative "definitions"
|
23
24
|
require_relative "include_recipe"
|
24
25
|
require_relative "reboot_pending"
|
26
|
+
require_relative "resources"
|
25
27
|
require_relative "universal"
|
26
|
-
require_relative "declare_resource"
|
27
28
|
require_relative "../mixin/notifying_block"
|
28
29
|
require_relative "../mixin/lazy_module_include"
|
29
30
|
|
@@ -42,6 +43,7 @@ class Chef
|
|
42
43
|
# - it also pollutes the namespace of nearly every context, watch out.
|
43
44
|
#
|
44
45
|
module Recipe
|
46
|
+
include Chef::DSL::Compliance
|
45
47
|
include Chef::DSL::Universal
|
46
48
|
include Chef::DSL::DeclareResource
|
47
49
|
include Chef::Mixin::NotifyingBlock
|
data/lib/chef/dsl/secret.rb
CHANGED
@@ -51,10 +51,8 @@ class Chef
|
|
51
51
|
# log "My secret is #{value}"
|
52
52
|
def secret(name: nil, version: nil, service: nil, config: {})
|
53
53
|
Chef::Log.warn <<~EOM.gsub("\n", " ")
|
54
|
-
The secrets Chef Infra language helper is currently in beta.
|
55
|
-
|
56
|
-
If you have feedback or you'd like to be part of the future design of this
|
57
|
-
helper e-mail us at secrets_management_beta@progress.com"
|
54
|
+
The secrets Chef Infra language helper is currently in beta. If you have feedback or you would
|
55
|
+
like to be part of the future design of this helper e-mail us at secrets_management_beta@progress.com"
|
58
56
|
EOM
|
59
57
|
sensitive(true) if is_a?(Chef::Resource)
|
60
58
|
Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version)
|
data/lib/chef/dsl/universal.rb
CHANGED
@@ -23,6 +23,7 @@ require_relative "chef_vault"
|
|
23
23
|
require_relative "registry_helper"
|
24
24
|
require_relative "powershell"
|
25
25
|
require_relative "secret"
|
26
|
+
require_relative "reader_helpers"
|
26
27
|
require_relative "render_helpers"
|
27
28
|
require_relative "toml"
|
28
29
|
require_relative "../mixin/powershell_exec"
|
@@ -50,6 +51,7 @@ class Chef
|
|
50
51
|
include Chef::DSL::ChefVault
|
51
52
|
include Chef::DSL::RegistryHelper
|
52
53
|
include Chef::DSL::Powershell
|
54
|
+
include Chef::DSL::ReaderHelpers
|
53
55
|
include Chef::DSL::RenderHelpers
|
54
56
|
include Chef::DSL::Secret
|
55
57
|
include Chef::Mixin::PowershellExec
|
@@ -164,7 +164,7 @@ class Chef
|
|
164
164
|
# Called when LWRPs are finished loading
|
165
165
|
def lwrp_load_complete; end
|
166
166
|
|
167
|
-
# Called when
|
167
|
+
# Called when ohai plugin file loading starts
|
168
168
|
def ohai_plugin_load_start(file_count); end
|
169
169
|
|
170
170
|
# Called when an ohai plugin file has been loaded
|
@@ -173,9 +173,51 @@ class Chef
|
|
173
173
|
# Called when an ohai plugin file has an error on load.
|
174
174
|
def ohai_plugin_file_load_failed(path, exception); end
|
175
175
|
|
176
|
-
# Called when
|
176
|
+
# Called when ohai plugin file loading has finished
|
177
177
|
def ohai_plugin_load_complete; end
|
178
178
|
|
179
|
+
# Called when compliance file loading starts
|
180
|
+
def compliance_load_start; end
|
181
|
+
|
182
|
+
# Called when compliance file loading ends
|
183
|
+
def compliance_load_complete; end
|
184
|
+
|
185
|
+
# Called when compliance profile loading starts
|
186
|
+
def profiles_load_start; end
|
187
|
+
|
188
|
+
# Called when compliance profile loading end
|
189
|
+
def profiles_load_complete; end
|
190
|
+
|
191
|
+
# Called when compliance input loading starts
|
192
|
+
def inputs_load_start; end
|
193
|
+
|
194
|
+
# Called when compliance input loading end
|
195
|
+
def inputs_load_complete; end
|
196
|
+
|
197
|
+
# Called when compliance waiver loading starts
|
198
|
+
def waivers_load_start; end
|
199
|
+
|
200
|
+
# Called when compliance waiver loading end
|
201
|
+
def waivers_load_complete; end
|
202
|
+
|
203
|
+
# Called when a compliance profile is found in a cookbook by the cookbook_compiler
|
204
|
+
def compliance_profile_loaded(profile); end
|
205
|
+
|
206
|
+
# Called when a compliance waiver is found in a cookbook by the cookbook_compiler
|
207
|
+
def compliance_waiver_loaded(waiver); end
|
208
|
+
|
209
|
+
# Called when a compliance waiver is found in a cookbook by the cookbook_compiler
|
210
|
+
def compliance_input_loaded(input); end
|
211
|
+
|
212
|
+
# Called when a compliance profile is enabled (by include_profile)
|
213
|
+
def compliance_profile_enabled(profile); end
|
214
|
+
|
215
|
+
# Called when a compliance waiver is enabled (by include_waiver)
|
216
|
+
def compliance_waiver_enabled(waiver); end
|
217
|
+
|
218
|
+
# Called when a compliance input is enabled (by include_input)
|
219
|
+
def compliance_input_enabled(input); end
|
220
|
+
|
179
221
|
# Called before attribute files are loaded
|
180
222
|
def attribute_load_start(attribute_file_count); end
|
181
223
|
|
data/lib/chef/exceptions.rb
CHANGED
@@ -308,6 +308,16 @@ class Chef
|
|
308
308
|
super("No secret service provided. Supported services are: :#{fetcher_service_names.join(" :")}")
|
309
309
|
end
|
310
310
|
end
|
311
|
+
|
312
|
+
class Azure
|
313
|
+
class IdentityNotFound < RuntimeError
|
314
|
+
def initialize
|
315
|
+
super("The managed identity could not be found. This could mean one of the following things:\n\n" \
|
316
|
+
" 1. The VM has no system or user assigned identities.\n" \
|
317
|
+
" 2. The managed identity object_id or client_id that was specified is not assigned to the VM.\n")
|
318
|
+
end
|
319
|
+
end
|
320
|
+
end
|
311
321
|
end
|
312
322
|
|
313
323
|
# Exception class for collecting multiple failures. Used when running
|
data/lib/chef/formatters/doc.rb
CHANGED
@@ -363,6 +363,52 @@ class Chef
|
|
363
363
|
end
|
364
364
|
end
|
365
365
|
|
366
|
+
# Called when compliance profile loading starts
|
367
|
+
def profiles_load_start
|
368
|
+
puts_line("Loading #{Inspec::Dist::PRODUCT_NAME} profile files:")
|
369
|
+
end
|
370
|
+
|
371
|
+
# Called when compliance input loading starts
|
372
|
+
def inputs_load_start
|
373
|
+
puts_line("Loading #{Inspec::Dist::PRODUCT_NAME} input files:")
|
374
|
+
end
|
375
|
+
|
376
|
+
# Called when compliance waiver loading starts
|
377
|
+
def waivers_load_start
|
378
|
+
puts_line("Loading #{Inspec::Dist::PRODUCT_NAME} waiver files:")
|
379
|
+
end
|
380
|
+
|
381
|
+
# Called when a compliance profile is found in a cookbook by the cookbook_compiler
|
382
|
+
def compliance_profile_loaded(profile)
|
383
|
+
start_line(" - #{profile.cookbook_name}::#{profile.pathname}", :cyan)
|
384
|
+
puts " (#{profile.version})", :cyan if profile.version
|
385
|
+
end
|
386
|
+
|
387
|
+
# Called when a compliance waiver is found in a cookbook by the cookbook_compiler
|
388
|
+
def compliance_input_loaded(input)
|
389
|
+
puts_line(" - #{input.cookbook_name}::#{input.pathname}", :cyan)
|
390
|
+
end
|
391
|
+
|
392
|
+
# Called when a compliance waiver is found in a cookbook by the cookbook_compiler
|
393
|
+
def compliance_waiver_loaded(waiver)
|
394
|
+
puts_line(" - #{waiver.cookbook_name}::#{waiver.pathname}", :cyan)
|
395
|
+
end
|
396
|
+
|
397
|
+
# Called when a compliance profile is enabled (by include_profile)
|
398
|
+
def compliance_profile_enabled(profile)
|
399
|
+
# puts_line(" * FIXME", :cyan)
|
400
|
+
end
|
401
|
+
|
402
|
+
# Called when a compliance waiver is enabled (by include_waiver)
|
403
|
+
def compliance_waiver_enabled(waiver)
|
404
|
+
# puts_line(" * FIXME", :cyan)
|
405
|
+
end
|
406
|
+
|
407
|
+
# Called when a compliance input is enabled (by include_input)
|
408
|
+
def compliance_input_enabled(input)
|
409
|
+
# puts_line(" * FIXME", :cyan)
|
410
|
+
end
|
411
|
+
|
366
412
|
# (see Base#deprecation)
|
367
413
|
def deprecation(deprecation, _location = nil)
|
368
414
|
if Chef::Config[:treat_deprecation_warnings_as_errors]
|
@@ -36,16 +36,18 @@ class Chef
|
|
36
36
|
attr_reader :url
|
37
37
|
attr_reader :ssl_policy
|
38
38
|
attr_reader :keepalives
|
39
|
+
attr_reader :nethttp_opts
|
39
40
|
|
40
41
|
# Instantiate a BasicClient.
|
41
42
|
# === Arguments:
|
42
43
|
# url:: An URI for the remote server.
|
43
44
|
# === Options:
|
44
45
|
# ssl_policy:: The SSL Policy to use, defaults to DefaultSSLPolicy
|
45
|
-
def initialize(url,
|
46
|
+
def initialize(url, ssl_policy: DefaultSSLPolicy, keepalives: false, nethttp_opts: {})
|
46
47
|
@url = url
|
47
|
-
@ssl_policy =
|
48
|
-
@keepalives =
|
48
|
+
@ssl_policy = ssl_policy
|
49
|
+
@keepalives = keepalives
|
50
|
+
@nethttp_opts = ChefUtils::Mash.new(nethttp_opts)
|
49
51
|
end
|
50
52
|
|
51
53
|
def http_client
|
@@ -118,8 +120,14 @@ class Chef
|
|
118
120
|
configure_ssl(http_client)
|
119
121
|
end
|
120
122
|
|
121
|
-
|
122
|
-
|
123
|
+
opts = nethttp_opts.dup
|
124
|
+
opts["read_timeout"] ||= config[:rest_timeout]
|
125
|
+
opts["open_timeout"] ||= config[:rest_timeout]
|
126
|
+
|
127
|
+
opts.each do |key, value|
|
128
|
+
http_client.send(:"#{key}=", value)
|
129
|
+
end
|
130
|
+
|
123
131
|
if keepalives
|
124
132
|
http_client.start
|
125
133
|
else
|
@@ -142,11 +150,11 @@ class Chef
|
|
142
150
|
end
|
143
151
|
|
144
152
|
def http_proxy_user(proxy_uri)
|
145
|
-
proxy_uri.user ||
|
153
|
+
proxy_uri.user || config["#{proxy_uri.scheme}_proxy_user"]
|
146
154
|
end
|
147
155
|
|
148
156
|
def http_proxy_pass(proxy_uri)
|
149
|
-
proxy_uri.password ||
|
157
|
+
proxy_uri.password || config["#{proxy_uri.scheme}_proxy_pass"]
|
150
158
|
end
|
151
159
|
|
152
160
|
def configure_ssl(http_client)
|
data/lib/chef/http.rb
CHANGED
@@ -82,6 +82,9 @@ class Chef
|
|
82
82
|
# [Boolean] if we're doing keepalives or not
|
83
83
|
attr_reader :keepalives
|
84
84
|
|
85
|
+
# @returns [Hash] options for Net::HTTP to be sent to setters on the object
|
86
|
+
attr_reader :nethttp_opts
|
87
|
+
|
85
88
|
# Create a HTTP client object. The supplied +url+ is used as the base for
|
86
89
|
# all subsequent requests. For example, when initialized with a base url
|
87
90
|
# http://localhost:4000, a call to +get+ with 'nodes' will make an
|
@@ -94,6 +97,7 @@ class Chef
|
|
94
97
|
@redirect_limit = 10
|
95
98
|
@keepalives = options[:keepalives] || false
|
96
99
|
@options = options
|
100
|
+
@nethttp_opts = options[:nethttp] || {}
|
97
101
|
|
98
102
|
@middlewares = []
|
99
103
|
self.class.middlewares.each do |middleware_class|
|
@@ -311,7 +315,7 @@ class Chef
|
|
311
315
|
|
312
316
|
SocketlessChefZeroClient.new(base_url)
|
313
317
|
else
|
314
|
-
BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
|
318
|
+
BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives, nethttp_opts: nethttp_opts)
|
315
319
|
end
|
316
320
|
end
|
317
321
|
|
@@ -468,12 +472,12 @@ class Chef
|
|
468
472
|
|
469
473
|
# @api private
|
470
474
|
def http_retry_delay
|
471
|
-
config[:http_retry_delay]
|
475
|
+
options[:http_retry_delay] || config[:http_retry_delay]
|
472
476
|
end
|
473
477
|
|
474
478
|
# @api private
|
475
479
|
def http_retry_count
|
476
|
-
config[:http_retry_count]
|
480
|
+
options[:http_retry_count] || config[:http_retry_count]
|
477
481
|
end
|
478
482
|
|
479
483
|
# @api private
|
data/lib/chef/provider/cron.rb
CHANGED
@@ -100,7 +100,10 @@ class Chef
|
|
100
100
|
newcron = get_crontab_entry
|
101
101
|
|
102
102
|
if @cron_exists
|
103
|
-
|
103
|
+
# Only compare the crontab if the current resource has a set command.
|
104
|
+
# This may not be set in cases where the Chef comment exists but the
|
105
|
+
# crontab command was commented out.
|
106
|
+
if current_resource.property_is_set?(:command) && !cron_different?
|
104
107
|
logger.debug("#{new_resource}: Skipping existing cron entry")
|
105
108
|
return
|
106
109
|
end
|
data/lib/chef/provider/file.rb
CHANGED
@@ -27,6 +27,8 @@ require_relative "../scan_access_control"
|
|
27
27
|
require_relative "../mixin/checksum"
|
28
28
|
require_relative "../mixin/file_class"
|
29
29
|
require_relative "../mixin/enforce_ownership_and_permissions"
|
30
|
+
require_relative "../resource/file/verification/json"
|
31
|
+
require_relative "../resource/file/verification/yaml"
|
30
32
|
require_relative "../util/backup"
|
31
33
|
require_relative "../util/diff"
|
32
34
|
require_relative "../util/selinux"
|
data/lib/chef/provider/git.rb
CHANGED