RubyGems - chef - Versions diffs - 17.6.18 → 17.7.22 - Mend

chef 17.6.18 → 17.7.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

checksums.yaml +4 -4
data/Gemfile +5 -0
data/chef.gemspec +1 -0
data/lib/chef/chef_fs/file_pattern.rb +1 -1
data/lib/chef/chef_fs/path_utils.rb +1 -1
data/lib/chef/data_collector/run_end_message.rb +1 -1
data/lib/chef/dsl/reboot_pending.rb +1 -1
data/lib/chef/exceptions.rb +10 -0
data/lib/chef/provider/cron.rb +4 -1
data/lib/chef/provider/git.rb +1 -1
data/lib/chef/provider/ifconfig/debian.rb +1 -1
data/lib/chef/provider/subversion.rb +5 -5
data/lib/chef/resource/chocolatey_config.rb +1 -1
data/lib/chef/resource/chocolatey_feature.rb +1 -1
data/lib/chef/resource/chocolatey_source.rb +24 -2
data/lib/chef/resource/directory.rb +1 -1
data/lib/chef/resource/habitat_install.rb +3 -3
data/lib/chef/resource/inspec_waiver.rb +1 -1
data/lib/chef/resource/inspec_waiver_file_entry.rb +1 -1
data/lib/chef/resource/kernel_module.rb +27 -2
data/lib/chef/resource/macos_userdefaults.rb +43 -128
data/lib/chef/resource/windows_auto_run.rb +1 -1
data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
data/lib/chef/resource/windows_update_settings.rb +3 -3
data/lib/chef/resource.rb +1 -1
data/lib/chef/resource_reporter.rb +1 -1
data/lib/chef/secret_fetcher/azure_key_vault.rb +62 -8
data/lib/chef/secret_fetcher.rb +0 -1
data/lib/chef/version.rb +1 -1
data/spec/functional/dsl/reboot_pending_spec.rb +3 -3
data/spec/functional/dsl/registry_helper_spec.rb +1 -1
data/spec/functional/resource/dsc_script_spec.rb +2 -2
data/spec/functional/resource/macos_userdefaults_spec.rb +119 -0
data/spec/functional/resource/registry_spec.rb +81 -81
data/spec/functional/win32/registry_spec.rb +8 -8
data/spec/unit/data_collector_spec.rb +24 -1
data/spec/unit/dsl/reboot_pending_spec.rb +1 -1
data/spec/unit/mixin/default_paths_spec.rb +1 -1
data/spec/unit/mixin/securable_spec.rb +3 -3
data/spec/unit/provider/cron_spec.rb +45 -0
data/spec/unit/provider/package/rubygems_spec.rb +5 -5
data/spec/unit/provider/package/windows_spec.rb +1 -1
data/spec/unit/provider/registry_key_spec.rb +4 -4
data/spec/unit/provider/service/windows_spec.rb +5 -5
data/spec/unit/provider/subversion_spec.rb +4 -4
data/spec/unit/provider/windows_env_spec.rb +1 -1
data/spec/unit/provider/zypper_repository_spec.rb +1 -1
data/spec/unit/resource/chocolatey_config_spec.rb +1 -1
data/spec/unit/resource/chocolatey_feature_spec.rb +1 -1
data/spec/unit/resource/chocolatey_source_spec.rb +1 -1
data/spec/unit/resource/kernel_module_spec.rb +2 -1
data/spec/unit/resource/macos_user_defaults_spec.rb +36 -96
data/spec/unit/resource/registry_key_spec.rb +10 -10
data/spec/unit/resource/windows_auto_run_spec.rb +1 -1
data/spec/unit/resource/windows_feature_powershell_spec.rb +1 -1
data/spec/unit/resource/windows_firewall_rule_spec.rb +2 -2
data/spec/unit/resource/windows_task_spec.rb +3 -3
data/spec/unit/resource_reporter_spec.rb +2 -2
data/spec/unit/resource_spec.rb +5 -0
data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +99 -20
data/spec/unit/util/backup_spec.rb +1 -1
data/spec/unit/win32/registry_spec.rb +3 -3
metadata +21 -6

data/spec/unit/secret_fetcher/azure_key_vault_spec.rb CHANGED Viewed

@@ -20,51 +20,130 @@
 require_relative "../../spec_helper"
 require "chef/secret_fetcher"
 require "chef/secret_fetcher/azure_key_vault"
+require "net/http/responses"
 describe Chef::SecretFetcher::AzureKeyVault do
-  let(:config) { { vault: "my_vault" } }
+  let(:config) { { vault: "my-vault" } }
   let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
+  let(:secrets_response_body) { '{ "value" : "my secret value" }' }
+  let(:secrets_response_mock) do
+    rm = Net::HTTPSuccess.new("1.0", "400", "OK")
+    allow(rm).to receive(:body).and_return(secrets_response_body)
+    rm
+  end
+  let(:token_response_body) { %Q({"access_token":"#{access_token}","client_id":"#{client_id}","expires_in":"86294","expires_on":"1627761860","ext_expires_in":"86399","not_before":"1627675160","resource":"https://vault.azure.net","token_type":"Bearer"}) }
+  let(:access_token) { "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL3ZhdWx0LmF6dXJlLm5ldCIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2E5ZTY2ZDhkLTA1ZTAtNGMwMC1iOWRkLWM0Yjc3M2U5MWNhNi8iLCJpYXQiOjE2Mjc2NzUxNjAsIm5iZiI6MTYyNzY3NTE2MCwiZXhwIjoxNjI3NzYxODYwLCJhaW8iOiJFMlpnWUhCWGplaTdWS214eEh6bjdoSWpNZFlMQUE9PSIsImFwcGlkIjoiNjU2Mjc1MjEtMzYzYi00ZDk2LTkyMTctMjcIsIm9pZCI6IjNiZjI1NjVhLWY4NWQtNDBiNy1hZWJkLTNlZDA1ZDA0N2FmNiIsInJoIjoiMC5BUk1BalczbXFlQUZBRXk1M2NTM2Mta2NwaUYxWW1VN05wWk5raGNuRGpuZEwxb1RBQUEuIiwic3ViIjoiM2JmMjU2NWEtZjg1ZC00MGI3LWFlYmQtM2VkMDVkMDQ3YWY2IiwidGlkIjoiYTllNjZkOGQtMDVlMC00YzAwLWI5ZGQtYzRiNzczZTkxY2E2IiwidXRpIjoibXlzeHpSRTV3ay1ibTFlYkNqc09BQSIsInZlciI6IjEuMCIsInhtc19taXJpZCI6Ii9zdWJzY3JpcHRpb25zLzYzNDJkZDZkLTc1NTQtNDJjOS04NTM2LTdkZmU3MmY1MWZhZC9yZXNvdXJjZWdyb3Vwcy9pbWFnZS1waXBlbGluZS1ydW5uZXItcWEtZWFzdHVzMi1yZy9wcm92aWRlcnMvTWljcm9zb2Z0Lk1hbmFnZWRJZGVudGl0eS91c2VyQXNzaWduZWRJZGVudGl0aWVzL2ltYWdlLXBpcGVsaW5lLXJ1bm5lci1xYS1lYXN0dXMyLW1pIn0.BquzjN6d0g4zlvkbkdVwNEfRxIXSmxYwCHMk6UG3iza2fVioiOrcoP4Cp9P5--AB4G_CAhIXaP7YIZs3mq05QiDjSvkVAM0t67UPGhEr66sNXkV72iZBnKca_auh6EHsjPfxeVHkE1wdrsncrYdKhzgO4IAj8Jg4N5qjcE2q-OkliadmEuTwrhPhq" }
+  let(:token_response_mock) do
+    rm = Net::HTTPSuccess.new("1.0", "400", "OK")
+    allow(rm).to receive(:body).and_return(token_response_body)
+    rm
+  end
+  let(:client_id) { SecureRandom.uuid }
+  let(:http_mock) { instance_double("Net::HTTP", :use_ssl= => nil) }
+  let(:token_uri) { URI.parse("http://169.254.169.254/metadata/identity/oauth2/token") }
+  let(:vault_name) { "my-vault" }
+  let(:secret_name) { "my-secret" }
+  let(:vault_secret_uri) { URI.parse("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2") }
+  before do
+    # Cache these up front so we can pass into allow statements without hitting:
+    #   URI received :parse with unexpected arguments
+    token_uri
+    vault_secret_uri
+  end
+  before do
+    allow(Net::HTTP).to receive(:new).and_return(http_mock)
+    allow(URI).to receive(:parse).with("http://169.254.169.254/metadata/identity/oauth2/token").and_return(token_uri)
+    allow(URI).to receive(:parse).with("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2").and_return(vault_secret_uri)
+    allow(http_mock).to receive(:get).with(token_uri, { "Metadata" => "true" }).and_return(token_response_mock)
+    allow(http_mock).to receive(:get).with(vault_secret_uri, { "Authorization" => "Bearer #{access_token}", "Content-Type" => "application/json" }).and_return(secrets_response_mock)
+  end
+  describe "#validate!" do
+    it "raises error when more than one is provided: :object_id, :client_id, :mi_res_id" do
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+  end
-  context "when performing a fetch" do
-    let(:body) { '{ "value" : "my secret value" }' }
-    let(:response_mock) { double("response", body: body) }
-    let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
+  describe "#fetch_token" do
+    context "when Net::HTTPBadRequest is returned and the error description contains \"Identity not found\"" do
+      let(:token_response_mock) { Net::HTTPBadRequest.new("1.0", "400", "Bad Request") }
+      before do
+        allow(fetcher).to receive(:fetch_token).and_call_original
+        allow(token_response_mock).to receive(:body).and_return('{"error":"invalid_request","error_description":"Identity not found"}')
+      end
-    before do
-      allow(fetcher).to receive(:fetch_token).and_return "a token"
-      allow(Net::HTTP).to receive(:new).and_return(http_mock)
+      it "raises Chef::Exceptions::Secret::Azure::IdentityNotFound" do
+        expect { fetcher.send(:fetch_token) }.to raise_error(Chef::Exceptions::Secret::Azure::IdentityNotFound)
+      end
     end
-    context "and vault name is only provided in the secret name" do
-      let(:body) { '{ "value" : "my secret value" }' }
+    context "when :object_id is provided" do
+      let(:object_id) { SecureRandom.uuid }
+      let(:config) { { vault: "my-vault", object_id: object_id } }
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/object_id=#{object_id}/)
+      end
+    end
+    context "when :client_id is provided" do
+      let(:config) { { vault: "my-vault", client_id: client_id } }
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/client_id=#{client_id}/)
+      end
+    end
+    context "when :mi_res_id is provided" do
+      let(:mi_res_id) { SecureRandom.uuid }
+      let(:config) { { vault: "my-vault", mi_res_id: mi_res_id } }
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/mi_res_id=#{mi_res_id}/)
+      end
+    end
+  end
+  describe "#fetch" do
+    context "when vault name is only provided in the secret name" do
+      let(:secrets_response_body) { '{ "value" : "my secret value" }' }
       let(:config) { {} }
       it "fetches the value" do
-        expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
+        expect(fetcher.fetch("my-vault/my-secret")).to eq "my secret value"
       end
     end
-    context "and vault name is not provided in the secret name" do
+    context "when vault name is not provided in the secret name" do
       context "and vault name is not provided in config" do
         let(:config) { {} }
         it "raises a ConfigurationInvalid exception" do
-          expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+          expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
         end
       end
       context "and vault name is provided in config" do
-        let(:config) { { vault: "my_vault" } }
+        let(:config) { { vault: "my-vault" } }
         it "fetches the value" do
-          expect(fetcher.fetch("value")).to eq "my secret value"
+          expect(fetcher.fetch("my-secret")).to eq "my secret value"
         end
       end
     end
-    context "and an error response is received in the body" do
-      let(:config) { { vault: "my_vault" } }
-      let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
+    context "when an error response is received in the response body" do
+      let(:config) { { vault: "my-vault" } }
+      let(:secrets_response_body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
       it "raises FetchFailed" do
-        expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+        expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
       end
     end
   end
 end

data/spec/unit/util/backup_spec.rb CHANGED Viewed

@@ -132,7 +132,7 @@ describe Chef::Util::Backup do
     end
     it "uses the configured Chef::Config[:file_backup_path] and strips the drive on windows" do
-      expect(@backup).to receive(:path).and_return('c:\\a\\b\\c.txt')
+      expect(@backup).to receive(:path).and_return("c:\\a\\b\\c.txt")
       Chef::Config[:file_backup_path] = 'c:\backupdir'
       expect(@backup.send(:backup_path)).to match(%r|^c:\\backupdir[\\/]+a\\b\\c.txt.chef-\d{14}.\d{6}$|)
     end

data/spec/unit/win32/registry_spec.rb CHANGED Viewed

@@ -23,12 +23,12 @@ describe Chef::Win32::Registry do
   let(:value1) { { name: "one", type: :string, data: "1" } }
   let(:value1_upcase_name) { { name: "ONE", type: :string, data: "1" } }
-  let(:key_path) { 'HKCU\Software\OpscodeNumbers' }
-  let(:key) { 'Software\OpscodeNumbers' }
+  let(:key_path) { "HKCU\\Software\\OpscodeNumbers" }
+  let(:key) { "Software\\OpscodeNumbers" }
   let(:key_parent) { "Software" }
   let(:key_to_delete) { "OpscodeNumbers" }
   let(:sub_key) { "OpscodePrimes" }
-  let(:missing_key_path) { 'HKCU\Software' }
+  let(:missing_key_path) { "HKCU\\Software" }
   let(:registry) { Chef::Win32::Registry.new }
   let(:hive_mock) { double("::Win32::Registry::HKEY_CURRENT_USER") }
   let(:reg_mock) { double("reg") }

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.6.18
+  version: 17.7.22
 platform: ruby
 authors:
 - Adam Jacob
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-01 00:00:00.000000000 Z
+date: 2021-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.7.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.7.22
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.7.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.7.22
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -426,6 +426,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: corefoundation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.4
 - !ruby/object:Gem::Dependency
   name: proxifier
   requirement: !ruby/object:Gem::Requirement
@@ -1729,6 +1743,7 @@ files:
 - spec/functional/resource/launchd_spec.rb
 - spec/functional/resource/link_spec.rb
 - spec/functional/resource/locale_spec.rb
+- spec/functional/resource/macos_userdefaults_spec.rb
 - spec/functional/resource/mount_spec.rb
 - spec/functional/resource/msu_package_spec.rb
 - spec/functional/resource/ohai_spec.rb