chef 17.5.22 → 17.7.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +5 -0
- data/chef.gemspec +1 -0
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +1 -1
- data/lib/chef/data_collector/run_end_message.rb +1 -1
- data/lib/chef/dsl/reboot_pending.rb +1 -1
- data/lib/chef/exceptions.rb +10 -0
- data/lib/chef/provider/cron.rb +4 -1
- data/lib/chef/provider/git.rb +1 -1
- data/lib/chef/provider/ifconfig/debian.rb +1 -1
- data/lib/chef/provider/package/habitat.rb +1 -1
- data/lib/chef/provider/subversion.rb +5 -5
- data/lib/chef/resource/archive_file.rb +1 -1
- data/lib/chef/resource/chef_client_trusted_certificate.rb +1 -0
- data/lib/chef/resource/chocolatey_config.rb +1 -1
- data/lib/chef/resource/chocolatey_feature.rb +1 -1
- data/lib/chef/resource/chocolatey_source.rb +24 -2
- data/lib/chef/resource/directory.rb +1 -1
- data/lib/chef/resource/habitat_install.rb +5 -5
- data/lib/chef/resource/inspec_input.rb +7 -8
- data/lib/chef/resource/inspec_waiver.rb +7 -8
- data/lib/chef/resource/inspec_waiver_file_entry.rb +1 -1
- data/lib/chef/resource/kernel_module.rb +27 -2
- data/lib/chef/resource/macos_userdefaults.rb +45 -133
- data/lib/chef/resource/openssl_x509_certificate.rb +1 -1
- data/lib/chef/resource/powershell_package_source.rb +234 -70
- data/lib/chef/resource/windows_auto_run.rb +1 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
- data/lib/chef/resource/windows_update_settings.rb +3 -3
- data/lib/chef/resource.rb +1 -1
- data/lib/chef/resource_reporter.rb +1 -1
- data/lib/chef/secret_fetcher/azure_key_vault.rb +62 -8
- data/lib/chef/secret_fetcher.rb +0 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/version.rb +2 -1
- data/spec/functional/dsl/reboot_pending_spec.rb +3 -3
- data/spec/functional/dsl/registry_helper_spec.rb +1 -1
- data/spec/functional/resource/dsc_script_spec.rb +2 -2
- data/spec/functional/resource/macos_userdefaults_spec.rb +119 -0
- data/spec/functional/resource/powershell_package_source_spec.rb +5 -6
- data/spec/functional/resource/registry_spec.rb +81 -81
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/unit/data_collector_spec.rb +24 -1
- data/spec/unit/dsl/reboot_pending_spec.rb +1 -1
- data/spec/unit/mixin/default_paths_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +3 -3
- data/spec/unit/provider/cron_spec.rb +45 -0
- data/spec/unit/provider/package/rubygems_spec.rb +5 -5
- data/spec/unit/provider/package/windows_spec.rb +1 -1
- data/spec/unit/provider/registry_key_spec.rb +4 -4
- data/spec/unit/provider/service/windows_spec.rb +5 -5
- data/spec/unit/provider/subversion_spec.rb +4 -4
- data/spec/unit/provider/windows_env_spec.rb +1 -1
- data/spec/unit/provider/zypper_repository_spec.rb +1 -1
- data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +14 -0
- data/spec/unit/resource/chocolatey_config_spec.rb +1 -1
- data/spec/unit/resource/chocolatey_feature_spec.rb +1 -1
- data/spec/unit/resource/chocolatey_source_spec.rb +1 -1
- data/spec/unit/resource/kernel_module_spec.rb +2 -1
- data/spec/unit/resource/macos_user_defaults_spec.rb +36 -96
- data/spec/unit/resource/powershell_package_source_spec.rb +63 -62
- data/spec/unit/resource/registry_key_spec.rb +10 -10
- data/spec/unit/resource/windows_auto_run_spec.rb +1 -1
- data/spec/unit/resource/windows_feature_powershell_spec.rb +1 -1
- data/spec/unit/resource/windows_firewall_rule_spec.rb +2 -2
- data/spec/unit/resource/windows_task_spec.rb +3 -3
- data/spec/unit/resource_reporter_spec.rb +2 -2
- data/spec/unit/resource_spec.rb +5 -0
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +99 -20
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/win32/registry_spec.rb +3 -3
- metadata +21 -6
@@ -33,14 +33,15 @@ describe Chef::Resource::PowershellPackageSource do
|
|
33
33
|
expect(resource.action).to eql([:register])
|
34
34
|
end
|
35
35
|
|
36
|
-
it "supports :register and :unregister actions" do
|
36
|
+
it "supports :register, :set and :unregister actions" do
|
37
37
|
expect { resource.action :register }.not_to raise_error
|
38
|
+
expect { resource.action :set }.not_to raise_error
|
38
39
|
expect { resource.action :unregister }.not_to raise_error
|
39
40
|
end
|
40
41
|
|
41
42
|
it "the url property accepts strings" do
|
42
|
-
resource.
|
43
|
-
expect(resource.
|
43
|
+
resource.source_location("https://mygallery.company.co/api/v2/")
|
44
|
+
expect(resource.source_location).to eql("https://mygallery.company.co/api/v2/")
|
44
45
|
end
|
45
46
|
|
46
47
|
it "the trusted property accepts true and false" do
|
@@ -54,7 +55,7 @@ describe Chef::Resource::PowershellPackageSource do
|
|
54
55
|
expect(resource.trusted).to eql(false)
|
55
56
|
end
|
56
57
|
|
57
|
-
it "provider_name accepts 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl', 'chocolatey'" do
|
58
|
+
it "provider_name accepts 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl', 'chocolatey', 'winget'" do
|
58
59
|
expect { resource.provider_name("Programs") }.not_to raise_error
|
59
60
|
expect { resource.provider_name("msi") }.not_to raise_error
|
60
61
|
expect { resource.provider_name("NuGet") }.not_to raise_error
|
@@ -62,6 +63,7 @@ describe Chef::Resource::PowershellPackageSource do
|
|
62
63
|
expect { resource.provider_name("PowerShellGet") }.not_to raise_error
|
63
64
|
expect { resource.provider_name("psl") }.not_to raise_error
|
64
65
|
expect { resource.provider_name("chocolatey") }.not_to raise_error
|
66
|
+
expect { resource.provider_name("winget") }.not_to raise_error
|
65
67
|
end
|
66
68
|
|
67
69
|
it "the publish_location property accepts strings" do
|
@@ -70,75 +72,76 @@ describe Chef::Resource::PowershellPackageSource do
|
|
70
72
|
end
|
71
73
|
|
72
74
|
it "the script_source_location property accepts strings" do
|
73
|
-
resource.
|
74
|
-
expect(resource.
|
75
|
+
resource.script_source_location("https://mygallery.company.co/api/v2/scripts")
|
76
|
+
expect(resource.script_source_location).to eql("https://mygallery.company.co/api/v2/scripts")
|
75
77
|
end
|
76
78
|
|
77
79
|
it "the script_publish_location property accepts strings" do
|
78
|
-
resource.
|
79
|
-
expect(resource.
|
80
|
+
resource.script_publish_location("https://mygallery.company.co/api/v2/scripts")
|
81
|
+
expect(resource.script_publish_location).to eql("https://mygallery.company.co/api/v2/scripts")
|
80
82
|
end
|
81
83
|
|
82
84
|
describe "#build_ps_repository_command" do
|
83
85
|
before do
|
84
86
|
resource.source_name("MyGallery")
|
85
|
-
resource.
|
87
|
+
resource.source_location("https://github.com/chef/powershell_test")
|
88
|
+
resource.provider_name("PowerShellGet")
|
86
89
|
end
|
87
90
|
|
88
91
|
context "#register" do
|
89
92
|
it "builds a minimal command" do
|
90
|
-
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
93
|
+
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' | Out-Null")
|
91
94
|
end
|
92
95
|
|
93
96
|
it "builds a command with trusted set to true" do
|
94
97
|
resource.trusted(true)
|
95
|
-
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
98
|
+
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Trusted' | Out-Null")
|
96
99
|
end
|
97
100
|
|
98
101
|
it "builds a command with a publish location" do
|
99
|
-
resource.publish_location("https://
|
100
|
-
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
102
|
+
resource.publish_location("https://github.com/chef/powershell_test/package")
|
103
|
+
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -PublishLocation 'https://github.com/chef/powershell_test/package' | Out-Null")
|
101
104
|
end
|
102
105
|
|
103
106
|
it "builds a command with a script source location" do
|
104
|
-
resource.script_source_location("https://
|
105
|
-
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
107
|
+
resource.script_source_location("https://github.com/chef/powershell_test/scripts")
|
108
|
+
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptSourceLocation 'https://github.com/chef/powershell_test/scripts' | Out-Null")
|
106
109
|
end
|
107
110
|
|
108
111
|
it "builds a command with a script publish location" do
|
109
|
-
resource.script_publish_location("https://
|
110
|
-
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
112
|
+
resource.script_publish_location("https://github.com/chef/powershell_test/scripts/package")
|
113
|
+
expect(provider.build_ps_repository_command("Register", resource)).to eql("Register-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptPublishLocation 'https://github.com/chef/powershell_test/scripts/package' | Out-Null")
|
111
114
|
end
|
112
115
|
end
|
113
116
|
|
114
117
|
context "#set" do
|
115
118
|
it "builds a minimal command" do
|
116
|
-
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
119
|
+
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' | Out-Null")
|
117
120
|
end
|
118
121
|
|
119
122
|
it "builds a command to change the url" do
|
120
|
-
resource.
|
123
|
+
resource.source_location("https://othergallery.company.co/api/v2/")
|
121
124
|
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://othergallery.company.co/api/v2/' -InstallationPolicy 'Untrusted' | Out-Null")
|
122
125
|
end
|
123
126
|
|
124
127
|
it "builds a command with trusted set to true" do
|
125
128
|
resource.trusted(true)
|
126
|
-
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
129
|
+
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Trusted' | Out-Null")
|
127
130
|
end
|
128
131
|
|
129
132
|
it "builds a command with a publish location" do
|
130
|
-
resource.publish_location("https://
|
131
|
-
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
133
|
+
resource.publish_location("https://github.com/chef/powershell_test/package")
|
134
|
+
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -PublishLocation 'https://github.com/chef/powershell_test/package' | Out-Null")
|
132
135
|
end
|
133
136
|
|
134
137
|
it "builds a command with a script source location" do
|
135
|
-
resource.script_source_location("https://
|
136
|
-
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
138
|
+
resource.script_source_location("https://github.com/chef/powershell_test/scripts")
|
139
|
+
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptSourceLocation 'https://github.com/chef/powershell_test/scripts' | Out-Null")
|
137
140
|
end
|
138
141
|
|
139
142
|
it "builds a command with a script publish location" do
|
140
|
-
resource.script_publish_location("https://
|
141
|
-
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://
|
143
|
+
resource.script_publish_location("https://github.com/chef/powershell_test/scripts/package")
|
144
|
+
expect(provider.build_ps_repository_command("Set", resource)).to eql("Set-PSRepository -Name 'MyGallery' -SourceLocation 'https://github.com/chef/powershell_test' -InstallationPolicy 'Untrusted' -ScriptPublishLocation 'https://github.com/chef/powershell_test/scripts/package' | Out-Null")
|
142
145
|
end
|
143
146
|
end
|
144
147
|
end
|
@@ -146,74 +149,72 @@ describe Chef::Resource::PowershellPackageSource do
|
|
146
149
|
describe "#build_package_source_command" do
|
147
150
|
before do
|
148
151
|
resource.source_name("NuGet")
|
149
|
-
resource.
|
152
|
+
resource.source_location("http://nuget.org/api/v2/")
|
150
153
|
end
|
151
154
|
|
152
155
|
context "#register" do
|
153
156
|
it "builds a minimal command" do
|
154
|
-
expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -
|
157
|
+
expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -ProviderName 'NuGet' | Out-Null")
|
155
158
|
end
|
156
159
|
|
157
160
|
it "builds a command with trusted set to true" do
|
158
161
|
resource.trusted(true)
|
159
|
-
expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted
|
162
|
+
expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted -ProviderName 'NuGet' | Out-Null")
|
160
163
|
end
|
161
164
|
|
162
165
|
it "builds a command with a different provider" do
|
163
166
|
resource.source_name("choco")
|
164
|
-
resource.
|
167
|
+
resource.source_location("https://chocolatey.org/api/v2/")
|
165
168
|
resource.provider_name("chocolatey")
|
166
|
-
expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -
|
169
|
+
expect(provider.build_package_source_command("Register", resource)).to eql("Register-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -ProviderName 'chocolatey' | Out-Null")
|
167
170
|
end
|
168
171
|
end
|
169
172
|
|
170
173
|
context "#set" do
|
171
174
|
it "builds a minimal command" do
|
172
|
-
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -
|
175
|
+
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -ProviderName 'NuGet' | Out-Null")
|
173
176
|
end
|
174
177
|
|
175
178
|
it "builds a command to change the url" do
|
176
|
-
resource.
|
177
|
-
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'https://nuget.company.co/api/v2/' -
|
179
|
+
resource.source_location("https://nuget.company.co/api/v2/")
|
180
|
+
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'https://nuget.company.co/api/v2/' -ProviderName 'NuGet' | Out-Null")
|
178
181
|
end
|
179
182
|
|
180
183
|
it "builds a command with trusted set to true" do
|
181
184
|
resource.trusted(true)
|
182
|
-
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted
|
185
|
+
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'NuGet' -Location 'http://nuget.org/api/v2/' -Trusted -ProviderName 'NuGet' | Out-Null")
|
183
186
|
end
|
184
187
|
|
185
188
|
it "builds a command with a different provider" do
|
186
189
|
resource.source_name("choco")
|
187
|
-
resource.
|
190
|
+
resource.source_location("https://chocolatey.org/api/v2/")
|
188
191
|
resource.provider_name("chocolatey")
|
189
|
-
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -
|
192
|
+
expect(provider.build_package_source_command("Set", resource)).to eql("Set-PackageSource -Name 'choco' -Location 'https://chocolatey.org/api/v2/' -ProviderName 'chocolatey' | Out-Null")
|
190
193
|
end
|
191
194
|
end
|
192
195
|
end
|
193
196
|
|
194
|
-
describe "
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
end
|
218
|
-
end
|
197
|
+
# describe "get_package_source_details" do
|
198
|
+
# before do
|
199
|
+
# resource.source_name("MyGallery")
|
200
|
+
# resource.source_location("http://nuget.org/api/v2/")
|
201
|
+
# provider.build_package_source_command("Register", resource)
|
202
|
+
# end
|
203
|
+
|
204
|
+
# # stub a call to the package_source_details
|
205
|
+
# expect(provider).to receive(:get_package_source_details).and_return("PackageSource")
|
206
|
+
# it "returns packagesource if it exists" do
|
207
|
+
# # dbl = double("testing PackageSource")
|
208
|
+
# # let(source_name)
|
209
|
+
# # # allow(provider).to receive(:powershell_exec!).with("(Get-PackageSource -Name 'MyGallery' -ErrorAction SilentlyContinue).Name").and_return(double("powershell_exec!", result: "PackageSource"))
|
210
|
+
# # resource.source_name("MyGallery")
|
211
|
+
# expect(provider.get_package_source_details.result).to eql("PackageSource")
|
212
|
+
# end
|
213
|
+
|
214
|
+
# it "returns unregistered if it doesn't exist" do
|
215
|
+
# # allow(provider).to receive(:powershell_exec!).with("(Get-PackageSource -Name 'Foo' -ErrorAction SilentlyContinue).Name").and_return(double("powershell_exec!", result: ""))
|
216
|
+
# resource.source_name("Foo")
|
217
|
+
# expect(provider.get_package_source_details.result).to eql("Unregistered")
|
218
|
+
# end
|
219
|
+
# end
|
219
220
|
end
|
@@ -19,14 +19,14 @@
|
|
19
19
|
require "spec_helper"
|
20
20
|
|
21
21
|
describe Chef::Resource::RegistryKey, "initialize" do
|
22
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
22
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
23
23
|
|
24
24
|
it "sets the resource_name to :registry_key" do
|
25
25
|
expect(resource.resource_name).to eql(:registry_key)
|
26
26
|
end
|
27
27
|
|
28
28
|
it "the key property is the name_property" do
|
29
|
-
expect(resource.key).to eql(
|
29
|
+
expect(resource.key).to eql("HKCU\\Software\\Raxicoricofallapatorius")
|
30
30
|
end
|
31
31
|
|
32
32
|
it "sets the default action as :create" do
|
@@ -60,11 +60,11 @@ describe Chef::Resource::RegistryKey, "initialize" do
|
|
60
60
|
end
|
61
61
|
|
62
62
|
describe Chef::Resource::RegistryKey, "key" do
|
63
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
63
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
64
64
|
|
65
65
|
it "allows a string" do
|
66
|
-
resource.key
|
67
|
-
expect(resource.key).to eql(
|
66
|
+
resource.key "HKCU\\Software\\Poosh"
|
67
|
+
expect(resource.key).to eql("HKCU\\Software\\Poosh")
|
68
68
|
end
|
69
69
|
|
70
70
|
it "does not allow an integer" do
|
@@ -77,7 +77,7 @@ describe Chef::Resource::RegistryKey, "key" do
|
|
77
77
|
end
|
78
78
|
|
79
79
|
describe Chef::Resource::RegistryKey, "values" do
|
80
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
80
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
81
81
|
|
82
82
|
it "allows a single proper hash of registry values" do
|
83
83
|
resource.values( { name: "poosh", type: :string, data: "carmen" } )
|
@@ -140,7 +140,7 @@ describe Chef::Resource::RegistryKey, "values" do
|
|
140
140
|
end
|
141
141
|
|
142
142
|
describe Chef::Resource::RegistryKey, "recursive" do
|
143
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
143
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
144
144
|
|
145
145
|
it "allows a boolean" do
|
146
146
|
resource.recursive(true)
|
@@ -165,7 +165,7 @@ describe Chef::Resource::RegistryKey, "recursive" do
|
|
165
165
|
end
|
166
166
|
|
167
167
|
describe Chef::Resource::RegistryKey, "architecture" do
|
168
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
168
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
169
169
|
|
170
170
|
%i{i386 x86_64 machine}.each do |arch|
|
171
171
|
it "allows #{arch} as a symbol" do
|
@@ -196,7 +196,7 @@ describe Chef::Resource::RegistryKey, "architecture" do
|
|
196
196
|
end
|
197
197
|
|
198
198
|
describe Chef::Resource::RegistryKey, ":unscrubbed_values" do
|
199
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
199
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
200
200
|
|
201
201
|
it "returns unsafe data as-is" do
|
202
202
|
key_values = [ { name: "poosh", type: :binary, data: 255.chr * 1 } ]
|
@@ -206,7 +206,7 @@ describe Chef::Resource::RegistryKey, ":unscrubbed_values" do
|
|
206
206
|
end
|
207
207
|
|
208
208
|
describe Chef::Resource::RegistryKey, "state" do
|
209
|
-
let(:resource) { Chef::Resource::RegistryKey.new(
|
209
|
+
let(:resource) { Chef::Resource::RegistryKey.new("HKCU\\Software\\Raxicoricofallapatorius") }
|
210
210
|
|
211
211
|
it "returns scrubbed values" do
|
212
212
|
resource.values([ { name: "poosh", type: :binary, data: 255.chr * 1 } ])
|
@@ -45,6 +45,6 @@ describe Chef::Resource::WindowsAutorun do
|
|
45
45
|
|
46
46
|
it "coerces forward slashes to backslashes for the path" do
|
47
47
|
resource.path "C:/something.exe"
|
48
|
-
expect(resource.path).to eql(
|
48
|
+
expect(resource.path).to eql("C:\\something.exe")
|
49
49
|
end
|
50
50
|
end
|
@@ -76,7 +76,7 @@ describe Chef::Resource::WindowsFeaturePowershell do
|
|
76
76
|
node.default["powershell_features_cache"]["disabled"] = ["dhcp"]
|
77
77
|
node.default["powershell_features_cache"]["removed"] = ["snmp"]
|
78
78
|
resource.feature_name "dhcp, snmp"
|
79
|
-
resource.source
|
79
|
+
resource.source "D:\\sources\\sxs"
|
80
80
|
|
81
81
|
expect(provider.features_to_install).to eq(%w{dhcp snmp})
|
82
82
|
end
|
@@ -377,7 +377,7 @@ describe Chef::Resource::WindowsFirewallRule do
|
|
377
377
|
resource.icmp_type("Any")
|
378
378
|
resource.firewall_action(:notconfigured)
|
379
379
|
resource.profile(:domain)
|
380
|
-
resource.program(
|
380
|
+
resource.program("%WINDIR%\\System32\\lsass.exe")
|
381
381
|
resource.service("SomeService")
|
382
382
|
resource.interface_type(:remoteaccess)
|
383
383
|
resource.enabled(false)
|
@@ -499,7 +499,7 @@ describe Chef::Resource::WindowsFirewallRule do
|
|
499
499
|
resource.icmp_type("Any")
|
500
500
|
resource.firewall_action(:notconfigured)
|
501
501
|
resource.profile(:domain)
|
502
|
-
resource.program(
|
502
|
+
resource.program("%WINDIR%\\System32\\lsass.exe")
|
503
503
|
resource.service("SomeService")
|
504
504
|
resource.interface_type(:remoteaccess)
|
505
505
|
resource.enabled(false)
|
@@ -75,7 +75,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
|
|
75
75
|
context "a System User" do
|
76
76
|
before do
|
77
77
|
resource.frequency :hourly
|
78
|
-
resource.user
|
78
|
+
resource.user "NT AUTHORITY\\SYSTEM"
|
79
79
|
end
|
80
80
|
|
81
81
|
context "for an interactive task" do
|
@@ -88,7 +88,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
|
|
88
88
|
expect { resource.after_created }.to raise_error(ArgumentError, "Password is not required for system users.")
|
89
89
|
end
|
90
90
|
it "does not raises an error even when user is in lowercase" do
|
91
|
-
resource.user
|
91
|
+
resource.user "nt authority\\system"
|
92
92
|
expect { resource.after_created }.to_not raise_error
|
93
93
|
end
|
94
94
|
end
|
@@ -103,7 +103,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
|
|
103
103
|
expect { resource.after_created }.to raise_error(ArgumentError, "Password is not required for system users.")
|
104
104
|
end
|
105
105
|
it "does not raises an error even when user is in lowercase" do
|
106
|
-
resource.user
|
106
|
+
resource.user "nt authority\\system"
|
107
107
|
expect { resource.after_created }.to_not raise_error
|
108
108
|
end
|
109
109
|
end
|
@@ -494,7 +494,7 @@ describe Chef::ResourceReporter do
|
|
494
494
|
|
495
495
|
context "when the resource is a RegistryKey with binary data" do
|
496
496
|
let(:new_resource) do
|
497
|
-
resource = Chef::Resource::RegistryKey.new(
|
497
|
+
resource = Chef::Resource::RegistryKey.new("Wubba\\Lubba\\Dub\\Dubs")
|
498
498
|
resource.values([ { name: "rick", type: :binary, data: 255.chr * 1 } ])
|
499
499
|
allow(resource).to receive(:cookbook_name).and_return(cookbook_name)
|
500
500
|
allow(resource).to receive(:cookbook_version).and_return(cookbook_version)
|
@@ -502,7 +502,7 @@ describe Chef::ResourceReporter do
|
|
502
502
|
end
|
503
503
|
|
504
504
|
let(:current_resource) do
|
505
|
-
resource = Chef::Resource::RegistryKey.new(
|
505
|
+
resource = Chef::Resource::RegistryKey.new("Wubba\\Lubba\\Dub\\Dubs")
|
506
506
|
resource.values([ { name: "rick", type: :binary, data: 255.chr * 1 } ])
|
507
507
|
resource
|
508
508
|
end
|
data/spec/unit/resource_spec.rb
CHANGED
@@ -348,6 +348,11 @@ describe Chef::Resource do
|
|
348
348
|
it "should recognize dynamically defined resources" do
|
349
349
|
expect(resource.defined_at).to eq("dynamically defined")
|
350
350
|
end
|
351
|
+
|
352
|
+
it "should return nil for the cookbook_version when the cookbook_name is @recipe_files" do
|
353
|
+
resource.cookbook_name = "@recipe_files"
|
354
|
+
expect(resource.cookbook_version).to be nil
|
355
|
+
end
|
351
356
|
end
|
352
357
|
|
353
358
|
describe "to_s" do
|
@@ -20,51 +20,130 @@
|
|
20
20
|
require_relative "../../spec_helper"
|
21
21
|
require "chef/secret_fetcher"
|
22
22
|
require "chef/secret_fetcher/azure_key_vault"
|
23
|
+
require "net/http/responses"
|
23
24
|
|
24
25
|
describe Chef::SecretFetcher::AzureKeyVault do
|
25
|
-
let(:config) { { vault: "
|
26
|
+
let(:config) { { vault: "my-vault" } }
|
26
27
|
let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
|
28
|
+
let(:secrets_response_body) { '{ "value" : "my secret value" }' }
|
29
|
+
let(:secrets_response_mock) do
|
30
|
+
rm = Net::HTTPSuccess.new("1.0", "400", "OK")
|
31
|
+
allow(rm).to receive(:body).and_return(secrets_response_body)
|
32
|
+
rm
|
33
|
+
end
|
34
|
+
let(:token_response_body) { %Q({"access_token":"#{access_token}","client_id":"#{client_id}","expires_in":"86294","expires_on":"1627761860","ext_expires_in":"86399","not_before":"1627675160","resource":"https://vault.azure.net","token_type":"Bearer"}) }
|
35
|
+
let(:access_token) { "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL3ZhdWx0LmF6dXJlLm5ldCIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2E5ZTY2ZDhkLTA1ZTAtNGMwMC1iOWRkLWM0Yjc3M2U5MWNhNi8iLCJpYXQiOjE2Mjc2NzUxNjAsIm5iZiI6MTYyNzY3NTE2MCwiZXhwIjoxNjI3NzYxODYwLCJhaW8iOiJFMlpnWUhCWGplaTdWS214eEh6bjdoSWpNZFlMQUE9PSIsImFwcGlkIjoiNjU2Mjc1MjEtMzYzYi00ZDk2LTkyMTctMjcIsIm9pZCI6IjNiZjI1NjVhLWY4NWQtNDBiNy1hZWJkLTNlZDA1ZDA0N2FmNiIsInJoIjoiMC5BUk1BalczbXFlQUZBRXk1M2NTM2Mta2NwaUYxWW1VN05wWk5raGNuRGpuZEwxb1RBQUEuIiwic3ViIjoiM2JmMjU2NWEtZjg1ZC00MGI3LWFlYmQtM2VkMDVkMDQ3YWY2IiwidGlkIjoiYTllNjZkOGQtMDVlMC00YzAwLWI5ZGQtYzRiNzczZTkxY2E2IiwidXRpIjoibXlzeHpSRTV3ay1ibTFlYkNqc09BQSIsInZlciI6IjEuMCIsInhtc19taXJpZCI6Ii9zdWJzY3JpcHRpb25zLzYzNDJkZDZkLTc1NTQtNDJjOS04NTM2LTdkZmU3MmY1MWZhZC9yZXNvdXJjZWdyb3Vwcy9pbWFnZS1waXBlbGluZS1ydW5uZXItcWEtZWFzdHVzMi1yZy9wcm92aWRlcnMvTWljcm9zb2Z0Lk1hbmFnZWRJZGVudGl0eS91c2VyQXNzaWduZWRJZGVudGl0aWVzL2ltYWdlLXBpcGVsaW5lLXJ1bm5lci1xYS1lYXN0dXMyLW1pIn0.BquzjN6d0g4zlvkbkdVwNEfRxIXSmxYwCHMk6UG3iza2fVioiOrcoP4Cp9P5--AB4G_CAhIXaP7YIZs3mq05QiDjSvkVAM0t67UPGhEr66sNXkV72iZBnKca_auh6EHsjPfxeVHkE1wdrsncrYdKhzgO4IAj8Jg4N5qjcE2q-OkliadmEuTwrhPhq" }
|
36
|
+
let(:token_response_mock) do
|
37
|
+
rm = Net::HTTPSuccess.new("1.0", "400", "OK")
|
38
|
+
allow(rm).to receive(:body).and_return(token_response_body)
|
39
|
+
rm
|
40
|
+
end
|
41
|
+
let(:client_id) { SecureRandom.uuid }
|
42
|
+
let(:http_mock) { instance_double("Net::HTTP", :use_ssl= => nil) }
|
43
|
+
let(:token_uri) { URI.parse("http://169.254.169.254/metadata/identity/oauth2/token") }
|
44
|
+
let(:vault_name) { "my-vault" }
|
45
|
+
let(:secret_name) { "my-secret" }
|
46
|
+
let(:vault_secret_uri) { URI.parse("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2") }
|
47
|
+
|
48
|
+
before do
|
49
|
+
# Cache these up front so we can pass into allow statements without hitting:
|
50
|
+
# URI received :parse with unexpected arguments
|
51
|
+
token_uri
|
52
|
+
vault_secret_uri
|
53
|
+
end
|
54
|
+
|
55
|
+
before do
|
56
|
+
allow(Net::HTTP).to receive(:new).and_return(http_mock)
|
57
|
+
allow(URI).to receive(:parse).with("http://169.254.169.254/metadata/identity/oauth2/token").and_return(token_uri)
|
58
|
+
allow(URI).to receive(:parse).with("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2").and_return(vault_secret_uri)
|
59
|
+
allow(http_mock).to receive(:get).with(token_uri, { "Metadata" => "true" }).and_return(token_response_mock)
|
60
|
+
allow(http_mock).to receive(:get).with(vault_secret_uri, { "Authorization" => "Bearer #{access_token}", "Content-Type" => "application/json" }).and_return(secrets_response_mock)
|
61
|
+
end
|
62
|
+
|
63
|
+
describe "#validate!" do
|
64
|
+
it "raises error when more than one is provided: :object_id, :client_id, :mi_res_id" do
|
65
|
+
expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
66
|
+
expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
67
|
+
expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
68
|
+
expect { Chef::SecretFetcher::AzureKeyVault.new({ client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
69
|
+
end
|
70
|
+
end
|
27
71
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
72
|
+
describe "#fetch_token" do
|
73
|
+
context "when Net::HTTPBadRequest is returned and the error description contains \"Identity not found\"" do
|
74
|
+
let(:token_response_mock) { Net::HTTPBadRequest.new("1.0", "400", "Bad Request") }
|
75
|
+
|
76
|
+
before do
|
77
|
+
allow(fetcher).to receive(:fetch_token).and_call_original
|
78
|
+
allow(token_response_mock).to receive(:body).and_return('{"error":"invalid_request","error_description":"Identity not found"}')
|
79
|
+
end
|
32
80
|
|
33
|
-
|
34
|
-
|
35
|
-
|
81
|
+
it "raises Chef::Exceptions::Secret::Azure::IdentityNotFound" do
|
82
|
+
expect { fetcher.send(:fetch_token) }.to raise_error(Chef::Exceptions::Secret::Azure::IdentityNotFound)
|
83
|
+
end
|
36
84
|
end
|
37
85
|
|
38
|
-
context "
|
39
|
-
let(:
|
86
|
+
context "when :object_id is provided" do
|
87
|
+
let(:object_id) { SecureRandom.uuid }
|
88
|
+
let(:config) { { vault: "my-vault", object_id: object_id } }
|
89
|
+
|
90
|
+
it "adds client_id to request params" do
|
91
|
+
fetcher.send(:fetch_token)
|
92
|
+
expect(token_uri.query).to match(/object_id=#{object_id}/)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
context "when :client_id is provided" do
|
97
|
+
let(:config) { { vault: "my-vault", client_id: client_id } }
|
98
|
+
|
99
|
+
it "adds client_id to request params" do
|
100
|
+
fetcher.send(:fetch_token)
|
101
|
+
expect(token_uri.query).to match(/client_id=#{client_id}/)
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
context "when :mi_res_id is provided" do
|
106
|
+
let(:mi_res_id) { SecureRandom.uuid }
|
107
|
+
let(:config) { { vault: "my-vault", mi_res_id: mi_res_id } }
|
108
|
+
|
109
|
+
it "adds client_id to request params" do
|
110
|
+
fetcher.send(:fetch_token)
|
111
|
+
expect(token_uri.query).to match(/mi_res_id=#{mi_res_id}/)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
describe "#fetch" do
|
117
|
+
context "when vault name is only provided in the secret name" do
|
118
|
+
let(:secrets_response_body) { '{ "value" : "my secret value" }' }
|
40
119
|
let(:config) { {} }
|
41
120
|
it "fetches the value" do
|
42
|
-
expect(fetcher.fetch("
|
121
|
+
expect(fetcher.fetch("my-vault/my-secret")).to eq "my secret value"
|
43
122
|
end
|
44
123
|
end
|
45
124
|
|
46
|
-
context "
|
125
|
+
context "when vault name is not provided in the secret name" do
|
47
126
|
context "and vault name is not provided in config" do
|
48
127
|
let(:config) { {} }
|
49
128
|
it "raises a ConfigurationInvalid exception" do
|
50
|
-
expect { fetcher.fetch("
|
129
|
+
expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
51
130
|
end
|
52
131
|
end
|
53
132
|
|
54
133
|
context "and vault name is provided in config" do
|
55
|
-
let(:config) { { vault: "
|
134
|
+
let(:config) { { vault: "my-vault" } }
|
56
135
|
it "fetches the value" do
|
57
|
-
expect(fetcher.fetch("
|
136
|
+
expect(fetcher.fetch("my-secret")).to eq "my secret value"
|
58
137
|
end
|
59
138
|
end
|
60
139
|
end
|
61
|
-
|
62
|
-
|
63
|
-
let(:
|
140
|
+
|
141
|
+
context "when an error response is received in the response body" do
|
142
|
+
let(:config) { { vault: "my-vault" } }
|
143
|
+
let(:secrets_response_body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
|
64
144
|
it "raises FetchFailed" do
|
65
|
-
expect { fetcher.fetch("
|
145
|
+
expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
|
66
146
|
end
|
67
147
|
end
|
68
148
|
end
|
69
149
|
end
|
70
|
-
|
@@ -132,7 +132,7 @@ describe Chef::Util::Backup do
|
|
132
132
|
end
|
133
133
|
|
134
134
|
it "uses the configured Chef::Config[:file_backup_path] and strips the drive on windows" do
|
135
|
-
expect(@backup).to receive(:path).and_return(
|
135
|
+
expect(@backup).to receive(:path).and_return("c:\\a\\b\\c.txt")
|
136
136
|
Chef::Config[:file_backup_path] = 'c:\backupdir'
|
137
137
|
expect(@backup.send(:backup_path)).to match(%r|^c:\\backupdir[\\/]+a\\b\\c.txt.chef-\d{14}.\d{6}$|)
|
138
138
|
end
|
@@ -23,12 +23,12 @@ describe Chef::Win32::Registry do
|
|
23
23
|
|
24
24
|
let(:value1) { { name: "one", type: :string, data: "1" } }
|
25
25
|
let(:value1_upcase_name) { { name: "ONE", type: :string, data: "1" } }
|
26
|
-
let(:key_path) {
|
27
|
-
let(:key) {
|
26
|
+
let(:key_path) { "HKCU\\Software\\OpscodeNumbers" }
|
27
|
+
let(:key) { "Software\\OpscodeNumbers" }
|
28
28
|
let(:key_parent) { "Software" }
|
29
29
|
let(:key_to_delete) { "OpscodeNumbers" }
|
30
30
|
let(:sub_key) { "OpscodePrimes" }
|
31
|
-
let(:missing_key_path) {
|
31
|
+
let(:missing_key_path) { "HKCU\\Software" }
|
32
32
|
let(:registry) { Chef::Win32::Registry.new }
|
33
33
|
let(:hive_mock) { double("::Win32::Registry::HKEY_CURRENT_USER") }
|
34
34
|
let(:reg_mock) { double("reg") }
|