RubyGems - chef - Versions diffs - 17.6.18 → 17.9.18 - Mend

chef 17.6.18 → 17.9.18

Files changed (130) hide show

checksums.yaml +4 -4
data/Gemfile +5 -0
data/chef.gemspec +1 -0
data/lib/chef/application/base.rb +1 -1
data/lib/chef/chef_fs/file_pattern.rb +1 -1
data/lib/chef/chef_fs/path_utils.rb +1 -1
data/lib/chef/compliance/default_attributes.rb +12 -2
data/lib/chef/compliance/runner.rb +51 -5
data/lib/chef/data_collector/run_end_message.rb +1 -1
data/lib/chef/dsl/reboot_pending.rb +1 -1
data/lib/chef/exceptions.rb +10 -0
data/lib/chef/mixin/powershell_exec.rb +6 -5
data/lib/chef/mixin/why_run.rb +8 -2
data/lib/chef/powershell.rb +8 -6
data/lib/chef/provider/cron.rb +6 -3
data/lib/chef/provider/directory.rb +2 -2
data/lib/chef/provider/git.rb +1 -1
data/lib/chef/provider/ifconfig/debian.rb +1 -1
data/lib/chef/provider/ifconfig.rb +4 -4
data/lib/chef/provider/mount/linux.rb +16 -2
data/lib/chef/provider/mount/mount.rb +1 -1
data/lib/chef/provider/package/dnf.rb +1 -1
data/lib/chef/provider/package/habitat.rb +1 -1
data/lib/chef/provider/package/powershell.rb +13 -10
data/lib/chef/provider/package/yum/python_helper.rb +81 -25
data/lib/chef/provider/package/yum.rb +39 -12
data/lib/chef/provider/package/zypper.rb +2 -0
data/lib/chef/provider/package.rb +62 -27
data/lib/chef/provider/subversion.rb +5 -5
data/lib/chef/provider.rb +5 -2
data/lib/chef/providers.rb +0 -1
data/lib/chef/pwsh.rb +3 -2
data/lib/chef/resource/apt_package.rb +2 -2
data/lib/chef/resource/chef_client_config.rb +21 -1
data/lib/chef/resource/chef_client_launchd.rb +1 -1
data/lib/chef/resource/chef_client_trusted_certificate.rb +1 -0
data/lib/chef/resource/chocolatey_config.rb +1 -1
data/lib/chef/resource/chocolatey_feature.rb +1 -1
data/lib/chef/resource/chocolatey_package.rb +3 -3
data/lib/chef/resource/chocolatey_source.rb +24 -2
data/lib/chef/resource/cron/cron.rb +75 -1
data/lib/chef/resource/cron/cron_d.rb +2 -1
data/lib/chef/resource/directory.rb +1 -1
data/lib/chef/resource/dnf_package.rb +4 -6
data/lib/chef/resource/dpkg_package.rb +5 -0
data/lib/chef/resource/execute.rb +1 -4
data/lib/chef/resource/habitat_install.rb +5 -5
data/lib/chef/resource/homebrew_tap.rb +0 -4
data/lib/chef/resource/inspec_waiver.rb +1 -1
data/lib/chef/resource/inspec_waiver_file_entry.rb +1 -1
data/lib/chef/resource/kernel_module.rb +27 -2
data/lib/chef/resource/launchd.rb +0 -3
data/lib/chef/resource/macos_userdefaults.rb +41 -131
data/lib/chef/resource/powershell_package_source.rb +8 -8
data/lib/chef/resource/rhsm_register.rb +31 -0
data/lib/chef/resource/support/client.erb +7 -0
data/lib/chef/resource/windows_auto_run.rb +1 -1
data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
data/lib/chef/resource/windows_feature_powershell.rb +8 -9
data/lib/chef/resource/windows_task.rb +25 -10
data/lib/chef/resource/windows_update_settings.rb +3 -3
data/lib/chef/resource.rb +2 -2
data/lib/chef/resource_reporter.rb +1 -1
data/lib/chef/secret_fetcher/azure_key_vault.rb +64 -8
data/lib/chef/secret_fetcher/hashi_vault.rb +37 -3
data/lib/chef/secret_fetcher.rb +0 -1
data/lib/chef/version.rb +1 -1
data/spec/functional/dsl/reboot_pending_spec.rb +3 -3
data/spec/functional/dsl/registry_helper_spec.rb +1 -1
data/spec/functional/resource/dnf_package_spec.rb +138 -124
data/spec/functional/resource/dpkg_package_spec.rb +16 -0
data/spec/functional/resource/dsc_script_spec.rb +2 -2
data/spec/functional/resource/macos_userdefaults_spec.rb +139 -0
data/spec/functional/resource/registry_spec.rb +81 -81
data/spec/functional/resource/yum_package_spec.rb +789 -129
data/spec/functional/resource/zypper_package_spec.rb +7 -0
data/spec/functional/win32/registry_spec.rb +8 -8
data/spec/integration/client/client_spec.rb +31 -0
data/spec/unit/application/base_spec.rb +40 -0
data/spec/unit/compliance/runner_spec.rb +62 -1
data/spec/unit/data_collector_spec.rb +24 -1
data/spec/unit/dsl/reboot_pending_spec.rb +1 -1
data/spec/unit/file_access_control_spec.rb +1 -1
data/spec/unit/mixin/default_paths_spec.rb +1 -1
data/spec/unit/mixin/securable_spec.rb +3 -3
data/spec/unit/mixin/why_run_spec.rb +53 -0
data/spec/unit/provider/cron_spec.rb +45 -0
data/spec/unit/provider/group/groupadd_spec.rb +1 -0
data/spec/unit/provider/group/usermod_spec.rb +2 -2
data/spec/unit/provider/ifconfig_spec.rb +2 -0
data/spec/unit/provider/mount/linux_spec.rb +16 -3
data/spec/unit/provider/package/bff_spec.rb +1 -0
data/spec/unit/provider/package/powershell_spec.rb +114 -114
data/spec/unit/provider/package/rubygems_spec.rb +8 -5
data/spec/unit/provider/package/solaris_spec.rb +1 -0
data/spec/unit/provider/package/windows_spec.rb +1 -1
data/spec/unit/provider/registry_key_spec.rb +4 -4
data/spec/unit/provider/service/arch_service_spec.rb +2 -2
data/spec/unit/provider/service/debian_service_spec.rb +1 -0
data/spec/unit/provider/service/gentoo_service_spec.rb +1 -0
data/spec/unit/provider/service/macosx_spec.rb +1 -0
data/spec/unit/provider/service/redhat_spec.rb +4 -1
data/spec/unit/provider/service/simple_service_spec.rb +6 -4
data/spec/unit/provider/service/windows_spec.rb +5 -5
data/spec/unit/provider/subversion_spec.rb +4 -4
data/spec/unit/provider/user_spec.rb +2 -0
data/spec/unit/provider/windows_env_spec.rb +1 -1
data/spec/unit/provider/zypper_repository_spec.rb +1 -1
data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +14 -0
data/spec/unit/resource/chocolatey_config_spec.rb +1 -1
data/spec/unit/resource/chocolatey_feature_spec.rb +1 -1
data/spec/unit/resource/chocolatey_source_spec.rb +1 -1
data/spec/unit/resource/dpkg_package_spec.rb +12 -0
data/spec/unit/resource/kernel_module_spec.rb +2 -1
data/spec/unit/resource/macos_user_defaults_spec.rb +36 -96
data/spec/unit/resource/registry_key_spec.rb +10 -10
data/spec/unit/resource/rhsm_register_spec.rb +42 -0
data/spec/unit/resource/windows_auto_run_spec.rb +1 -1
data/spec/unit/resource/windows_feature_powershell_spec.rb +1 -1
data/spec/unit/resource/windows_firewall_rule_spec.rb +2 -2
data/spec/unit/resource/windows_task_spec.rb +3 -3
data/spec/unit/resource_reporter_spec.rb +2 -2
data/spec/unit/resource_spec.rb +5 -0
data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +99 -20
data/spec/unit/secret_fetcher/hashi_vault_spec.rb +46 -0
data/spec/unit/util/backup_spec.rb +1 -1
data/spec/unit/win32/registry_spec.rb +3 -3
metadata +24 -9
data/lib/chef/provider/group/suse.rb +0 -82
data/spec/unit/provider/group/suse_spec.rb +0 -90

data/spec/unit/resource/windows_firewall_rule_spec.rb CHANGED Viewed

@@ -377,7 +377,7 @@ describe Chef::Resource::WindowsFirewallRule do
         resource.icmp_type("Any")
         resource.firewall_action(:notconfigured)
         resource.profile(:domain)
-        resource.program('%WINDIR%\System32\lsass.exe')
+        resource.program("%WINDIR%\\System32\\lsass.exe")
         resource.service("SomeService")
         resource.interface_type(:remoteaccess)
         resource.enabled(false)
@@ -499,7 +499,7 @@ describe Chef::Resource::WindowsFirewallRule do
         resource.icmp_type("Any")
         resource.firewall_action(:notconfigured)
         resource.profile(:domain)
-        resource.program('%WINDIR%\System32\lsass.exe')
+        resource.program("%WINDIR%\\System32\\lsass.exe")
         resource.service("SomeService")
         resource.interface_type(:remoteaccess)
         resource.enabled(false)

data/spec/unit/resource/windows_task_spec.rb CHANGED Viewed

@@ -75,7 +75,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
     context "a System User" do
       before do
         resource.frequency :hourly
-        resource.user 'NT AUTHORITY\SYSTEM'
+        resource.user "NT AUTHORITY\\SYSTEM"
       end
       context "for an interactive task" do
@@ -88,7 +88,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
           expect { resource.after_created }.to raise_error(ArgumentError, "Password is not required for system users.")
         end
         it "does not raises an error even when user is in lowercase" do
-          resource.user 'nt authority\system'
+          resource.user "nt authority\\system"
           expect { resource.after_created }.to_not raise_error
         end
       end
@@ -103,7 +103,7 @@ describe Chef::Resource::WindowsTask, :windows_only do
           expect { resource.after_created }.to raise_error(ArgumentError, "Password is not required for system users.")
         end
         it "does not raises an error even when user is in lowercase" do
-          resource.user 'nt authority\system'
+          resource.user "nt authority\\system"
           expect { resource.after_created }.to_not raise_error
         end
       end

data/spec/unit/resource_reporter_spec.rb CHANGED Viewed

@@ -494,7 +494,7 @@ describe Chef::ResourceReporter do
     context "when the resource is a RegistryKey with binary data" do
       let(:new_resource) do
-        resource = Chef::Resource::RegistryKey.new('Wubba\Lubba\Dub\Dubs')
+        resource = Chef::Resource::RegistryKey.new("Wubba\\Lubba\\Dub\\Dubs")
         resource.values([ { name: "rick", type: :binary, data: 255.chr * 1 } ])
         allow(resource).to receive(:cookbook_name).and_return(cookbook_name)
         allow(resource).to receive(:cookbook_version).and_return(cookbook_version)
@@ -502,7 +502,7 @@ describe Chef::ResourceReporter do
       end
       let(:current_resource) do
-        resource = Chef::Resource::RegistryKey.new('Wubba\Lubba\Dub\Dubs')
+        resource = Chef::Resource::RegistryKey.new("Wubba\\Lubba\\Dub\\Dubs")
         resource.values([ { name: "rick", type: :binary, data: 255.chr * 1 } ])
         resource
       end

data/spec/unit/resource_spec.rb CHANGED Viewed

@@ -348,6 +348,11 @@ describe Chef::Resource do
     it "should recognize dynamically defined resources" do
       expect(resource.defined_at).to eq("dynamically defined")
     end
+    it "should return nil for the cookbook_version when the cookbook_name is @recipe_files" do
+      resource.cookbook_name = "@recipe_files"
+      expect(resource.cookbook_version).to be nil
+    end
   end
   describe "to_s" do

data/spec/unit/secret_fetcher/azure_key_vault_spec.rb CHANGED Viewed

@@ -20,51 +20,130 @@
 require_relative "../../spec_helper"
 require "chef/secret_fetcher"
 require "chef/secret_fetcher/azure_key_vault"
+require "net/http/responses"
 describe Chef::SecretFetcher::AzureKeyVault do
-  let(:config) { { vault: "my_vault" } }
+  let(:config) { { vault: "my-vault" } }
   let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
+  let(:secrets_response_body) { '{ "value" : "my secret value" }' }
+  let(:secrets_response_mock) do
+    rm = Net::HTTPSuccess.new("1.0", "400", "OK")
+    allow(rm).to receive(:body).and_return(secrets_response_body)
+    rm
+  end
+  let(:token_response_body) { %Q({"access_token":"#{access_token}","client_id":"#{client_id}","expires_in":"86294","expires_on":"1627761860","ext_expires_in":"86399","not_before":"1627675160","resource":"https://vault.azure.net","token_type":"Bearer"}) }
+  let(:access_token) { "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL3ZhdWx0LmF6dXJlLm5ldCIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2E5ZTY2ZDhkLTA1ZTAtNGMwMC1iOWRkLWM0Yjc3M2U5MWNhNi8iLCJpYXQiOjE2Mjc2NzUxNjAsIm5iZiI6MTYyNzY3NTE2MCwiZXhwIjoxNjI3NzYxODYwLCJhaW8iOiJFMlpnWUhCWGplaTdWS214eEh6bjdoSWpNZFlMQUE9PSIsImFwcGlkIjoiNjU2Mjc1MjEtMzYzYi00ZDk2LTkyMTctMjcIsIm9pZCI6IjNiZjI1NjVhLWY4NWQtNDBiNy1hZWJkLTNlZDA1ZDA0N2FmNiIsInJoIjoiMC5BUk1BalczbXFlQUZBRXk1M2NTM2Mta2NwaUYxWW1VN05wWk5raGNuRGpuZEwxb1RBQUEuIiwic3ViIjoiM2JmMjU2NWEtZjg1ZC00MGI3LWFlYmQtM2VkMDVkMDQ3YWY2IiwidGlkIjoiYTllNjZkOGQtMDVlMC00YzAwLWI5ZGQtYzRiNzczZTkxY2E2IiwidXRpIjoibXlzeHpSRTV3ay1ibTFlYkNqc09BQSIsInZlciI6IjEuMCIsInhtc19taXJpZCI6Ii9zdWJzY3JpcHRpb25zLzYzNDJkZDZkLTc1NTQtNDJjOS04NTM2LTdkZmU3MmY1MWZhZC9yZXNvdXJjZWdyb3Vwcy9pbWFnZS1waXBlbGluZS1ydW5uZXItcWEtZWFzdHVzMi1yZy9wcm92aWRlcnMvTWljcm9zb2Z0Lk1hbmFnZWRJZGVudGl0eS91c2VyQXNzaWduZWRJZGVudGl0aWVzL2ltYWdlLXBpcGVsaW5lLXJ1bm5lci1xYS1lYXN0dXMyLW1pIn0.BquzjN6d0g4zlvkbkdVwNEfRxIXSmxYwCHMk6UG3iza2fVioiOrcoP4Cp9P5--AB4G_CAhIXaP7YIZs3mq05QiDjSvkVAM0t67UPGhEr66sNXkV72iZBnKca_auh6EHsjPfxeVHkE1wdrsncrYdKhzgO4IAj8Jg4N5qjcE2q-OkliadmEuTwrhPhq" }
+  let(:token_response_mock) do
+    rm = Net::HTTPSuccess.new("1.0", "400", "OK")
+    allow(rm).to receive(:body).and_return(token_response_body)
+    rm
+  end
+  let(:client_id) { SecureRandom.uuid }
+  let(:http_mock) { instance_double("Net::HTTP", :use_ssl= => nil) }
+  let(:token_uri) { URI.parse("http://169.254.169.254/metadata/identity/oauth2/token") }
+  let(:vault_name) { "my-vault" }
+  let(:secret_name) { "my-secret" }
+  let(:vault_secret_uri) { URI.parse("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2") }
+  before do
+    # Cache these up front so we can pass into allow statements without hitting:
+    #   URI received :parse with unexpected arguments
+    token_uri
+    vault_secret_uri
+  end
+  before do
+    allow(Net::HTTP).to receive(:new).and_return(http_mock)
+    allow(URI).to receive(:parse).with("http://169.254.169.254/metadata/identity/oauth2/token").and_return(token_uri)
+    allow(URI).to receive(:parse).with("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}/?api-version=7.2").and_return(vault_secret_uri)
+    allow(http_mock).to receive(:get).with(token_uri, { "Metadata" => "true" }).and_return(token_response_mock)
+    allow(http_mock).to receive(:get).with(vault_secret_uri, { "Authorization" => "Bearer #{access_token}", "Content-Type" => "application/json" }).and_return(secrets_response_mock)
+  end
+  describe "#validate!" do
+    it "raises error when more than one is provided: :object_id, :client_id, :mi_res_id" do
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", client_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ object_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      expect { Chef::SecretFetcher::AzureKeyVault.new({ client_id: "abc", mi_res_id: "abc" }, nil).validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+    end
+  end
-  context "when performing a fetch" do
-    let(:body) { '{ "value" : "my secret value" }' }
-    let(:response_mock) { double("response", body: body) }
-    let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
+  describe "#fetch_token" do
+    context "when Net::HTTPBadRequest is returned and the error description contains \"Identity not found\"" do
+      let(:token_response_mock) { Net::HTTPBadRequest.new("1.0", "400", "Bad Request") }
+      before do
+        allow(fetcher).to receive(:fetch_token).and_call_original
+        allow(token_response_mock).to receive(:body).and_return('{"error":"invalid_request","error_description":"Identity not found"}')
+      end
-    before do
-      allow(fetcher).to receive(:fetch_token).and_return "a token"
-      allow(Net::HTTP).to receive(:new).and_return(http_mock)
+      it "raises Chef::Exceptions::Secret::Azure::IdentityNotFound" do
+        expect { fetcher.send(:fetch_token) }.to raise_error(Chef::Exceptions::Secret::Azure::IdentityNotFound)
+      end
     end
-    context "and vault name is only provided in the secret name" do
-      let(:body) { '{ "value" : "my secret value" }' }
+    context "when :object_id is provided" do
+      let(:object_id) { SecureRandom.uuid }
+      let(:config) { { vault: "my-vault", object_id: object_id } }
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/object_id=#{object_id}/)
+      end
+    end
+    context "when :client_id is provided" do
+      let(:config) { { vault: "my-vault", client_id: client_id } }
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/client_id=#{client_id}/)
+      end
+    end
+    context "when :mi_res_id is provided" do
+      let(:mi_res_id) { SecureRandom.uuid }
+      let(:config) { { vault: "my-vault", mi_res_id: mi_res_id } }
+      it "adds client_id to request params" do
+        fetcher.send(:fetch_token)
+        expect(token_uri.query).to match(/mi_res_id=#{mi_res_id}/)
+      end
+    end
+  end
+  describe "#fetch" do
+    context "when vault name is only provided in the secret name" do
+      let(:secrets_response_body) { '{ "value" : "my secret value" }' }
       let(:config) { {} }
       it "fetches the value" do
-        expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
+        expect(fetcher.fetch("my-vault/my-secret")).to eq "my secret value"
       end
     end
-    context "and vault name is not provided in the secret name" do
+    context "when vault name is not provided in the secret name" do
       context "and vault name is not provided in config" do
         let(:config) { {} }
         it "raises a ConfigurationInvalid exception" do
-          expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+          expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
         end
       end
       context "and vault name is provided in config" do
-        let(:config) { { vault: "my_vault" } }
+        let(:config) { { vault: "my-vault" } }
         it "fetches the value" do
-          expect(fetcher.fetch("value")).to eq "my secret value"
+          expect(fetcher.fetch("my-secret")).to eq "my secret value"
         end
       end
     end
-    context "and an error response is received in the body" do
-      let(:config) { { vault: "my_vault" } }
-      let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
+    context "when an error response is received in the response body" do
+      let(:config) { { vault: "my-vault" } }
+      let(:secrets_response_body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
       it "raises FetchFailed" do
-        expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
+        expect { fetcher.fetch("my-secret") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
       end
     end
   end
 end

data/spec/unit/secret_fetcher/hashi_vault_spec.rb CHANGED Viewed

@@ -65,6 +65,52 @@ describe Chef::SecretFetcher::HashiVault do
         fetcher.validate!
       end
     end
+    context "and using auth_method: :approle" do
+      it "raises ConfigurationInvalid message when :approle_name or :approle_id are not specified" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :approle, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+      it "authenticates using the approle_id and approle_secret_id during validation when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new({
+          auth_method: :approle,
+          approle_id: "idguid",
+          approle_secret_id: "secretguid",
+          vault_addr: "https://vault.example.com:8200" },
+          run_context)
+        auth = instance_double(Vault::Authenticate)
+        allow(auth).to receive(:approle)
+        allow(Vault).to receive(:auth).and_return(auth)
+        expect(auth).to receive(:approle).with("idguid", "secretguid")
+        fetcher.validate!
+      end
+      it "looks up the :role_id and :secret_id when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new({
+          auth_method: :approle,
+          approle_name: "myapprole",
+          token: "t.1234abcd",
+          vault_addr: "https://vault.example.com:8200" },
+          run_context)
+        approle = instance_double(Vault::AppRole)
+        auth = instance_double(Vault::Authenticate)
+        allow(Vault).to receive(:approle).and_return(approle)
+        allow(approle).to receive(:role_id).with("myapprole").and_return("idguid")
+        allow(approle).to receive(:create_secret_id).with("myapprole").and_return(Vault::Secret.new({
+          data: {
+            secret_id: "secretguid",
+            secret_id_accessor: "accessor_guid",
+            secret_id_ttl: 0,
+          },
+          lease_duration: 0,
+          lease_id: "",
+        }))
+        allow(Vault).to receive(:auth).and_return(auth)
+        expect(auth).to receive(:approle).with("idguid", "secretguid")
+        fetcher.validate!
+      end
+    end
   end
   context "when fetching a secret from Hashi Vault" do

data/spec/unit/util/backup_spec.rb CHANGED Viewed

@@ -132,7 +132,7 @@ describe Chef::Util::Backup do
     end
     it "uses the configured Chef::Config[:file_backup_path] and strips the drive on windows" do
-      expect(@backup).to receive(:path).and_return('c:\\a\\b\\c.txt')
+      expect(@backup).to receive(:path).and_return("c:\\a\\b\\c.txt")
       Chef::Config[:file_backup_path] = 'c:\backupdir'
       expect(@backup.send(:backup_path)).to match(%r|^c:\\backupdir[\\/]+a\\b\\c.txt.chef-\d{14}.\d{6}$|)
     end

data/spec/unit/win32/registry_spec.rb CHANGED Viewed

@@ -23,12 +23,12 @@ describe Chef::Win32::Registry do
   let(:value1) { { name: "one", type: :string, data: "1" } }
   let(:value1_upcase_name) { { name: "ONE", type: :string, data: "1" } }
-  let(:key_path) { 'HKCU\Software\OpscodeNumbers' }
-  let(:key) { 'Software\OpscodeNumbers' }
+  let(:key_path) { "HKCU\\Software\\OpscodeNumbers" }
+  let(:key) { "Software\\OpscodeNumbers" }
   let(:key_parent) { "Software" }
   let(:key_to_delete) { "OpscodeNumbers" }
   let(:sub_key) { "OpscodePrimes" }
-  let(:missing_key_path) { 'HKCU\Software' }
+  let(:missing_key_path) { "HKCU\\Software" }
   let(:registry) { Chef::Win32::Registry.new }
   let(:hive_mock) { double("::Win32::Registry::HKEY_CURRENT_USER") }
   let(:reg_mock) { double("reg") }

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.6.18
+  version: 17.9.18
 platform: ruby
 authors:
 - Adam Jacob
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-01 00:00:00.000000000 Z
+date: 2021-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.9.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.9.18
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.9.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.6.18
+        version: 17.9.18
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -426,6 +426,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: corefoundation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.4
 - !ruby/object:Gem::Dependency
   name: proxifier
   requirement: !ruby/object:Gem::Requirement
@@ -855,7 +869,6 @@ files:
 - lib/chef/provider/group/groupmod.rb
 - lib/chef/provider/group/pw.rb
 - lib/chef/provider/group/solaris.rb
-- lib/chef/provider/group/suse.rb
 - lib/chef/provider/group/usermod.rb
 - lib/chef/provider/group/windows.rb
 - lib/chef/provider/http_request.rb
@@ -1729,6 +1742,7 @@ files:
 - spec/functional/resource/launchd_spec.rb
 - spec/functional/resource/link_spec.rb
 - spec/functional/resource/locale_spec.rb
+- spec/functional/resource/macos_userdefaults_spec.rb
 - spec/functional/resource/mount_spec.rb
 - spec/functional/resource/msu_package_spec.rb
 - spec/functional/resource/ohai_spec.rb
@@ -1852,6 +1866,7 @@ files:
 - spec/unit/api_client_v1_spec.rb
 - spec/unit/application/agent_spec.rb
 - spec/unit/application/apply_spec.rb
+- spec/unit/application/base_spec.rb
 - spec/unit/application/client_spec.rb
 - spec/unit/application/exit_code_spec.rb
 - spec/unit/application/server_spec.rb
@@ -1985,6 +2000,7 @@ files:
 - spec/unit/mixin/user_context_spec.rb
 - spec/unit/mixin/versioned_api_spec.rb
 - spec/unit/mixin/which.rb
+- spec/unit/mixin/why_run_spec.rb
 - spec/unit/mixin/windows_architecture_helper_spec.rb
 - spec/unit/mixin/xml_escape_spec.rb
 - spec/unit/monologger_spec.rb
@@ -2024,7 +2040,6 @@ files:
 - spec/unit/provider/group/groupmod_spec.rb
 - spec/unit/provider/group/pw_spec.rb
 - spec/unit/provider/group/solaris_spec.rb
-- spec/unit/provider/group/suse_spec.rb
 - spec/unit/provider/group/usermod_spec.rb
 - spec/unit/provider/group/windows_spec.rb
 - spec/unit/provider/group_spec.rb
@@ -2373,7 +2388,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: A systems integration framework, built to bring the benefits of configuration

data/lib/chef/provider/group/suse.rb DELETED Viewed

@@ -1,82 +0,0 @@
-#
-# Author:: AJ Christensen (<aj@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require_relative "groupadd"
-require "etc" unless defined?(Etc)
-class Chef
-  class Provider
-    class Group
-      class Suse < Chef::Provider::Group::Groupadd
-        provides :group, platform: "suse", platform_version: "< 12.0"
-        def load_current_resource
-          super
-        end
-        def define_resource_requirements
-          super
-          requirements.assert(:all_actions) do |a|
-            a.assertion { ::File.exist?("/usr/sbin/groupmod") }
-            a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/sbin/groupmod for #{new_resource.name}"
-            # No whyrun alternative: this component should be available in the base install of any given system that uses it
-          end
-          requirements.assert(:create, :manage, :modify) do |a|
-            a.assertion do
-              to_add(new_resource.members).all? { |member| Etc.getpwnam(member) }
-            rescue
-              false
-            end
-            a.failure_message Chef::Exceptions::Group, "Could not add users #{to_add(new_resource.members).join(", ")} to #{new_resource.group_name}: one of these users does not exist"
-            a.whyrun "Could not find one of these users: #{to_add(new_resource.members).join(", ")}. Assuming it will be created by a prior step"
-          end
-        end
-        def set_members(members)
-          to_remove(members).each do |member|
-            remove_member(member)
-          end
-          to_add(members).each do |member|
-            add_member(member)
-          end
-        end
-        def to_add(members)
-          members - current_resource.members
-        end
-        def add_member(member)
-          shell_out!("groupmod", "-A", member, new_resource.group_name)
-        end
-        def to_remove(members)
-          current_resource.members - members
-        end
-        def remove_member(member)
-          shell_out!("groupmod", "-R", member, new_resource.group_name)
-        end
-      end
-    end
-  end
-end

data/spec/unit/provider/group/suse_spec.rb DELETED Viewed

@@ -1,90 +0,0 @@
-#
-# Author:: Tom Duffield (<tom@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require "spec_helper"
-describe Chef::Provider::Group::Suse do
-  let(:node) { Chef::Node.new }
-  let(:events) { Chef::EventDispatch::Dispatcher.new }
-  let(:run_context) { Chef::RunContext.new(node, {}, events) }
-  let(:new_members) { %w{root new_user} }
-  let(:new_resource) do
-    Chef::Resource::Group.new("new_group").tap do |r|
-      r.gid 50
-      r.members new_members
-      r.system false
-      r.non_unique false
-    end
-  end
-  let(:current_resource) do
-    Chef::Resource::Group.new("new_group").tap do |r|
-      r.gid 50
-      r.members %w{root}
-      r.system false
-      r.non_unique false
-    end
-  end
-  let(:provider) do
-    described_class.new(new_resource, run_context).tap do |p|
-      p.current_resource = current_resource
-    end
-  end
-  describe "when determining the current group state" do
-    before(:each) do
-      allow(File).to receive(:exist?).and_return(true)
-      provider.action = :create
-      provider.define_resource_requirements
-    end
-    # Checking for required binaries is already done in the spec
-    # for Chef::Provider::Group - no need to repeat it here.  We'll
-    # include only what's specific to this provider.
-    it "should raise an error if the required binary /usr/sbin/groupmod doesn't exist" do
-      expect(File).to receive(:exist?).with("/usr/sbin/groupmod").and_return(false)
-      expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
-    end
-    it "should raise error if one of the member users does not exist" do
-      expect(Etc).to receive(:getpwnam).with("new_user").and_raise ArgumentError
-      expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
-    end
-  end
-  describe "#set_members" do
-    it "should add missing members and remove deleted members" do
-      expect(provider).not_to receive(:remove_member)
-      expect(provider).to receive(:add_member).with("new_user")
-      provider.set_members(new_members)
-    end
-  end
-  describe "#add_member" do
-    it "should call out to groupmod to add user" do
-      expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-A", "new_user", "new_group")
-      provider.add_member("new_user")
-    end
-  end
-  describe "#remove_member" do
-    it "should call out to groupmod to remove user" do
-      expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-R", "new_user", "new_group")
-      provider.remove_member("new_user")
-    end
-  end
-end