chef 17.6.18 → 17.7.22

data/lib/chef/resource_reporter.rb

@@ -41,7 +41,7 @@ class Chef
       as_hash["result"] = action_record.action.to_s
       if new_resource.cookbook_name
         as_hash["cookbook_name"] = new_resource.cookbook_name
-        as_hash["cookbook_version"] = new_resource.cookbook_version.version
+        as_hash["cookbook_version"] = new_resource.cookbook_version&.version
       end
 
       as_hash

data/lib/chef/secret_fetcher/azure_key_vault.rb

@@ -1,4 +1,6 @@
 require_relative "base"
+require_relative "../exceptions"
+require "uri" unless defined?(URI)
 
 class Chef
   class SecretFetcher
@@ -14,13 +16,19 @@ class Chef
     #
     # @example
     #
-    # fetcher = SecretFetcher.for_service(:azure_key_vault, { vault: "my_vault" }, run_context )
+    # fetcher = SecretFetcher.for_service(:azure_key_vault, { vault: "my_vault" }, run_context)
     # fetcher.fetch("secretkey1", "v1")
     #
     # @example
     #
-    # fetcher = SecretFetcher.for_service(:azure_key_vault, {}, run_context )
+    # fetcher = SecretFetcher.for_service(:azure_key_vault, {}, run_context)
     # fetcher.fetch("my_vault/secretkey1", "v1")
+    #
+    # @example
+    #
+    # fetcher = SecretFetcher.for_service(:azure_key_vault, { client_id: "540d76b6-7f76-456c-b68b-ccae4dc9d99d" }, run_context)
+    # fetcher.fetch("my_vault/secretkey1", "v1")
+    #
     class AzureKeyVault < Base
 
       def do_fetch(name, version)
@@ -48,6 +56,12 @@ class Chef
         end
       end
 
+      def validate!
+        raise Chef::Exceptions::Secret::ConfigurationInvalid, "You may only specify one (these are mutually exclusive): :object_id, :client_id, or :mi_res_id" if [object_id, client_id, mi_res_id].select { |x| !x.nil? }.length > 1
+      end
+
+      private
+
       # Determine the vault name and secret name from the provided name.
       # If it is not in the provided name in the form "vault_name/secret_name"
       # it will determine the vault name from `config[:vault]`.
@@ -63,16 +77,56 @@ class Chef
         end
       end
 
+      def api_version
+        "2018-02-01"
+      end
+
+      def resource
+        "https://vault.azure.net"
+      end
+
+      def object_id
+        config[:object_id]
+      end
+
+      def client_id
+        config[:client_id]
+      end
+
+      def mi_res_id
+        config[:mi_res_id]
+      end
+
+      def token_query
+        @token_query ||= begin
+          p = {}
+          p["api-version"] = api_version
+          p["resource"] = resource
+          p["object_id"] = object_id if object_id
+          p["client_id"] = client_id if client_id
+          p["mi_res_id"] = mi_res_id if mi_res_id
+          URI.encode_www_form(p)
+        end
+      end
+
       def fetch_token
-        token_uri = URI.parse("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net")
+        token_uri = URI.parse("http://169.254.169.254/metadata/identity/oauth2/token")
+        token_uri.query = token_query
         http = Net::HTTP.new(token_uri.host, token_uri.port)
         response = http.get(token_uri, { "Metadata" => "true" })
-        body = JSON.parse(response.body)
-        body["access_token"]
+
+        case response
+        when Net::HTTPSuccess
+          body = JSON.parse(response.body)
+          body["access_token"]
+        when Net::HTTPBadRequest
+          body = JSON.parse(response.body)
+          raise Chef::Exceptions::Secret::Azure::IdentityNotFound if body["error_description"] =~ /identity not found/i
+        else
+          body = JSON.parse(response.body)
+          body["access_token"]
+        end
       end
     end
   end
 end
-
-
-

data/lib/chef/secret_fetcher.rb

@@ -58,4 +58,3 @@ class Chef
     end
   end
 end
-

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("17.6.18")
+  VERSION = Chef::VersionString.new("17.7.22")
 end
 
 #

data/spec/functional/dsl/reboot_pending_spec.rb

@@ -39,8 +39,8 @@ describe Chef::DSL::RebootPending, :windows_only do
     let(:reg_key) { nil }
     let(:original_set) { false }
 
-    describe 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations' do
-      let(:reg_key) { 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager' }
+    describe "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\PendingFileRenameOperations" do
+      let(:reg_key) { "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager" }
       let(:original_set) { registry.value_exists?(reg_key, { name: "PendingFileRenameOperations" }) }
 
       it "returns true if the registry value exists" do
@@ -78,7 +78,7 @@ describe Chef::DSL::RebootPending, :windows_only do
 
     describe "when there is nothing to indicate a reboot is pending" do
       it "should return false" do
-        skip "reboot pending" if registry_value_exists?('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager', { name: "PendingFileRenameOperations" }) ||
+        skip "reboot pending" if registry_value_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", { name: "PendingFileRenameOperations" }) ||
           registry_key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') ||
           registry_key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending')
         expect(recipe.reboot_pending?).to be_falsey

data/spec/functional/dsl/registry_helper_spec.rb

@@ -24,7 +24,7 @@ describe Chef::Resource::RegistryKey, :windows_only do
   before(:all) do
     ::Win32::Registry::HKEY_CURRENT_USER.create "Software\\Root"
     ::Win32::Registry::HKEY_CURRENT_USER.create "Software\\Root\\Branch"
-    ::Win32::Registry::HKEY_CURRENT_USER.open('Software\\Root', Win32::Registry::KEY_ALL_ACCESS) do |reg|
+    ::Win32::Registry::HKEY_CURRENT_USER.open("Software\\Root", Win32::Registry::KEY_ALL_ACCESS) do |reg|
       reg["RootType1", Win32::Registry::REG_SZ] = "fibrous"
       reg.write("Roots", Win32::Registry::REG_MULTI_SZ, ["strong roots", "healthy tree"])
     end

data/spec/functional/resource/dsc_script_spec.rb

@@ -85,7 +85,7 @@ describe Chef::Resource::DscScript, :windows_powershell_dsc_only, :ruby64_only d
   let(:dsc_test_resource_base) do
     Chef::Resource::DscScript.new(dsc_test_resource_name, dsc_test_run_context)
   end
-  let(:test_registry_key) { 'HKEY_LOCAL_MACHINE\Software\Chef\Spec\Functional\Resource\dsc_script_spec' }
+  let(:test_registry_key) { "HKEY_LOCAL_MACHINE\\Software\\Chef\\Spec\\Functional\\Resource\\dsc_script_spec" }
   let(:test_registry_value) { "Registration" }
   let(:test_registry_data1) { "LL927" }
   let(:test_registry_data2) { "LL928" }
@@ -394,7 +394,7 @@ describe Chef::Resource::DscScript, :windows_powershell_dsc_only, :ruby64_only d
       dsc_test_run_context.node.consume_external_attrs(OHAI_SYSTEM.data, {})
     end
 
-    let(:configuration_data_path) { 'C:\\configurationdata.psd1' }
+    let(:configuration_data_path) { "C:\\configurationdata.psd1" }
 
     let(:self_signed_cert_path) do
       File.join(CHEF_SPEC_DATA, "dsc_lcm.pfx")

data/spec/functional/resource/macos_userdefaults_spec.rb

@@ -0,0 +1,119 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require "spec_helper"
+
+describe Chef::Resource::MacosUserDefaults, :macos_only, requires_root: true do
+  def create_resource
+    node = Chef::Node.new
+    events = Chef::EventDispatch::Dispatcher.new
+    run_context = Chef::RunContext.new(node, {}, events)
+    resource = Chef::Resource::MacosUserDefaults.new("test", run_context)
+    resource
+  end
+
+  let(:resource) do
+    create_resource
+  end
+
+  context "has a default value" do
+    it ":macos_userdefaults for resource name" do
+      expect(resource.name).to eq("test")
+    end
+
+    it "NSGlobalDomain for the domain property" do
+      expect(resource.domain).to eq("NSGlobalDomain")
+    end
+
+    it "nil for the host property" do
+      expect(resource.host).to be_nil
+    end
+
+    it "nil for the user property" do
+      expect(resource.user).to be_nil
+    end
+
+    it ":write for resource action" do
+      expect(resource.action).to eq([:write])
+    end
+  end
+
+  it "supports :write, :delete actions" do
+    expect { resource.action :write }.not_to raise_error
+    expect { resource.action :delete }.not_to raise_error
+  end
+
+  context "can process expected data" do
+    it "set array values" do
+      resource.domain "/Library/Preferences/ManagedInstalls"
+      resource.key "TestArrayValues"
+      resource.value [ "/Library/Managed Installs/fake.log", "/Library/Managed Installs/also_fake.log"]
+      resource.run_action(:write)
+      expect(resource.get_preference resource).to eq([ "/Library/Managed Installs/fake.log", "/Library/Managed Installs/also_fake.log"])
+    end
+
+    it "set dictionary value" do
+      resource.domain "/Library/Preferences/ManagedInstalls"
+      resource.key "TestDictionaryValues"
+      resource.value "User": "/Library/Managed Installs/way_fake.log"
+      resource.run_action(:write)
+      expect(resource.get_preference resource).to eq("User" => "/Library/Managed Installs/way_fake.log")
+    end
+
+    it "set array of dictionaries" do
+      resource.domain "/Library/Preferences/ManagedInstalls"
+      resource.key "TestArrayWithDictionary"
+      resource.value [ { "User": "/Library/Managed Installs/way_fake.log" } ]
+      resource.run_action(:write)
+      expect(resource.get_preference resource).to eq([ { "User" => "/Library/Managed Installs/way_fake.log" } ])
+    end
+
+    it "set boolean for preference value" do
+      resource.domain "/Library/Preferences/ManagedInstalls"
+      resource.key "TestBooleanValue"
+      resource.value true
+      resource.run_action(:write)
+      expect(resource.get_preference resource).to eq(true)
+    end
+
+    it "sets value to global domain when domain is not passed" do
+      resource.key "TestKey"
+      resource.value 1
+      resource.run_action(:write)
+      expect(resource.get_preference resource).to eq(1)
+    end
+
+    it "short domain names" do
+      resource.domain "com.apple.dock"
+      resource.key "titlesize"
+      resource.value "20"
+      resource.run_action(:write)
+      expect(resource.get_preference resource).to eq("20")
+    end
+  end
+
+  it "we can delete a preference with full path" do
+    resource.domain "/Library/Preferences/ManagedInstalls"
+    resource.key "TestKey"
+    expect { resource.run_action(:delete) }. to_not raise_error
+  end
+
+  it "we can delete a preference with short name" do
+    resource.domain "com.apple.dock"
+    resource.key "titlesize"
+    expect { resource.run_action(:delete) }. to_not raise_error
+  end
+end