chef 17.8.25-universal-mingw32 → 17.9.18-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/package/yum/python_helper.rb +81 -25
- data/lib/chef/provider/package/yum.rb +39 -12
- data/lib/chef/provider/package.rb +4 -4
- data/lib/chef/provider.rb +4 -1
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/resource/apt_package.rb +2 -2
- data/lib/chef/resource/chef_client_config.rb +2 -3
- data/lib/chef/resource/chocolatey_package.rb +3 -3
- data/lib/chef/resource/cron/cron.rb +75 -1
- data/lib/chef/resource/cron/cron_d.rb +2 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -4
- data/lib/chef/resource/powershell_package_source.rb +8 -8
- data/lib/chef/resource/rhsm_register.rb +3 -3
- data/lib/chef/resource/windows_feature_powershell.rb +1 -2
- data/lib/chef/resource/windows_task.rb +25 -10
- data/lib/chef/secret_fetcher/azure_key_vault.rb +2 -0
- data/lib/chef/secret_fetcher/hashi_vault.rb +37 -3
- data/lib/chef/version.rb +1 -1
- data/spec/functional/resource/dnf_package_spec.rb +107 -107
- data/spec/functional/resource/yum_package_spec.rb +789 -129
- data/spec/unit/secret_fetcher/hashi_vault_spec.rb +46 -0
- metadata +6 -8
- data/lib/chef/provider/group/suse.rb +0 -82
- data/spec/unit/provider/group/suse_spec.rb +0 -90
@@ -216,8 +216,7 @@ class Chef
|
|
216
216
|
def parsed_feature_list
|
217
217
|
# Grab raw feature information from WindowsFeature
|
218
218
|
raw_list_of_features = powershell_exec!("Get-WindowsFeature | Select-Object -Property Name,InstallState", timeout: new_resource.timeout).result
|
219
|
-
|
220
|
-
Chef::JSONCompat.from_json(raw_list_of_features)
|
219
|
+
raw_list_of_features || []
|
221
220
|
end
|
222
221
|
|
223
222
|
# add the features values to the appropriate array
|
@@ -149,7 +149,6 @@ class Chef
|
|
149
149
|
DOC
|
150
150
|
|
151
151
|
allowed_actions :create, :delete, :run, :end, :enable, :disable, :change
|
152
|
-
default_action :create
|
153
152
|
|
154
153
|
property :task_name, String, regex: [%r{\A[^/\:\*\?\<\>\|]+\z}],
|
155
154
|
description: "An optional property to set the task name if it differs from the resource block's name. Example: `Task Name` or `/Task Name`",
|
@@ -182,10 +181,19 @@ class Chef
|
|
182
181
|
default: false
|
183
182
|
|
184
183
|
property :frequency_modifier, [Integer, String],
|
185
|
-
default: 1
|
184
|
+
default: 1,
|
185
|
+
description: <<~DOCS
|
186
|
+
* For frequency `:minute` valid values are 1 to 1439
|
187
|
+
* For frequency `:hourly` valid values are 1 to 23
|
188
|
+
* For frequency `:daily` valid values are 1 to 365
|
189
|
+
* For frequency `:weekly` valid values are 1 to 52
|
190
|
+
* For frequency `:monthly` valid values are `('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST')` OR `1-12`.
|
191
|
+
* e.g. If user want to run the task on `second week of the month` use `frequency_modifier` value as `SECOND`. Multiple values for weeks of the month should be comma separated e.g. `"FIRST, THIRD, LAST"`.
|
192
|
+
* To run task every (n) months use values 1 to 12.
|
193
|
+
DOCS
|
186
194
|
|
187
195
|
property :frequency, Symbol, equal_to: %i{minute hourly daily weekly monthly once on_logon onstart on_idle none},
|
188
|
-
description: "The frequency with which to run the task."
|
196
|
+
description: "The frequency with which to run the task. Note: This property is required in Chef Infra Client 14.1 or later. Note: The `:once` value requires the `start_time` property to be set."
|
189
197
|
|
190
198
|
property :start_day, String,
|
191
199
|
description: "Specifies the first date on which the task runs in **MM/DD/YYYY** format.",
|
@@ -195,7 +203,14 @@ class Chef
|
|
195
203
|
description: "Specifies the start time to run the task, in **HH:mm** format."
|
196
204
|
|
197
205
|
property :day, [String, Integer],
|
198
|
-
description:
|
206
|
+
description: <<~DOCS
|
207
|
+
The day(s) on which the task runs.
|
208
|
+
* Use this property when setting `frequency` to `:monthly` or `:weekly`.
|
209
|
+
* Valid values with frequency `:weekly` are `MON`-`SUN` or `*`.
|
210
|
+
* Valid values with frequency `:monthly` are `1-31`, `MON`-`SUN`, and `LASTDAY`.
|
211
|
+
* Use `MON`-`SUN` or `LASTDAY` if you are setting `frequency_modifier` as "FIRST, SECOND, THIRD etc." else use 1-31.
|
212
|
+
* Multiple days should be comma separated. e.g `1, 2, 3` or `MON, WED, FRI`.
|
213
|
+
DOCS
|
199
214
|
|
200
215
|
property :months, String,
|
201
216
|
description: "The Months of the year on which the task runs, such as: `JAN, FEB` or `*`. Multiple months should be comma delimited. e.g. `Jan, Feb, Mar, Dec`."
|
@@ -961,7 +976,7 @@ class Chef
|
|
961
976
|
end
|
962
977
|
end
|
963
978
|
|
964
|
-
action :create do
|
979
|
+
action :create, description: "Creates a scheduled task, or updates an existing task if any property has changed." do
|
965
980
|
set_command_and_arguments if new_resource.command
|
966
981
|
|
967
982
|
if current_resource.exists
|
@@ -998,7 +1013,7 @@ class Chef
|
|
998
1013
|
end
|
999
1014
|
end
|
1000
1015
|
|
1001
|
-
action :run do
|
1016
|
+
action :run, description: "Runs a scheduled task." do
|
1002
1017
|
if current_resource.exists
|
1003
1018
|
logger.trace "#{new_resource} task exists"
|
1004
1019
|
if current_resource.task.status == "running"
|
@@ -1013,7 +1028,7 @@ class Chef
|
|
1013
1028
|
end
|
1014
1029
|
end
|
1015
1030
|
|
1016
|
-
action :delete do
|
1031
|
+
action :delete, description: "Deletes a scheduled task." do
|
1017
1032
|
if current_resource.exists
|
1018
1033
|
logger.trace "#{new_resource} task exists"
|
1019
1034
|
converge_by("delete scheduled task #{new_resource}") do
|
@@ -1026,7 +1041,7 @@ class Chef
|
|
1026
1041
|
end
|
1027
1042
|
end
|
1028
1043
|
|
1029
|
-
action :end do
|
1044
|
+
action :end, description: "Ends a scheduled task." do
|
1030
1045
|
if current_resource.exists
|
1031
1046
|
logger.trace "#{new_resource} task exists"
|
1032
1047
|
if current_resource.task.status != "running"
|
@@ -1041,7 +1056,7 @@ class Chef
|
|
1041
1056
|
end
|
1042
1057
|
end
|
1043
1058
|
|
1044
|
-
action :enable do
|
1059
|
+
action :enable, description: "Enables a scheduled task." do
|
1045
1060
|
if current_resource.exists
|
1046
1061
|
logger.trace "#{new_resource} task exists"
|
1047
1062
|
if current_resource.task.status == "not scheduled"
|
@@ -1058,7 +1073,7 @@ class Chef
|
|
1058
1073
|
end
|
1059
1074
|
end
|
1060
1075
|
|
1061
|
-
action :disable do
|
1076
|
+
action :disable, description: "Disables a scheduled task." do
|
1062
1077
|
if current_resource.exists
|
1063
1078
|
logger.info "#{new_resource} task exists"
|
1064
1079
|
if %w{ready running}.include?(current_resource.task.status)
|
@@ -31,6 +31,10 @@ class Chef
|
|
31
31
|
# :auth_method - one of :iam_role, :token. default: :iam_role
|
32
32
|
# :vault_addr - the address of a running Vault instance, eg https://vault.example.com:8200
|
33
33
|
#
|
34
|
+
# For `:approle`: one of `:approle_name` or `:approle_id`
|
35
|
+
# `:approle_name`: The name of the approle to use for authentication. When specified, associated `:approle_id` will be found via query to Vault instance.
|
36
|
+
# `:approle_id`: The ID of the approle to use for authentication, requires `:approle_secret_id`
|
37
|
+
# `:approle_secret_id`: The Vault `secret_id` associated with the provided `:approle_name` or `:approle_id`. When specified, prevents need to create `:secret_id` with `:approle_name`.
|
34
38
|
# For `:token` auth: `:token` - a Vault token valid for authentication.
|
35
39
|
#
|
36
40
|
# For `:iam_role`: `:role_name` - the name of the role in Vault that was created
|
@@ -47,14 +51,25 @@ class Chef
|
|
47
51
|
#
|
48
52
|
# @example
|
49
53
|
#
|
50
|
-
# fetcher = SecretFetcher.for_service(:hashi_vault, { role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
|
54
|
+
# fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :iam_role, role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
|
51
55
|
# fetcher.fetch("secretkey1")
|
52
56
|
#
|
53
57
|
# @example
|
54
58
|
#
|
55
|
-
# fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
|
59
|
+
# fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, approle: 'approle_name', run_context )
|
56
60
|
# fetcher.fetch("secretkey1")
|
57
|
-
|
61
|
+
#
|
62
|
+
# @example
|
63
|
+
#
|
64
|
+
# fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :approle, approle_id: "11111111-abcd-1111-abcd-111111111111", approle_secret_id: "22222222-abcd-2222-abcd-222222222222", vault_addr: https://localhost:8200}, run_context )
|
65
|
+
# fetcher.fetch("secretkey1")
|
66
|
+
#
|
67
|
+
# @example
|
68
|
+
#
|
69
|
+
# fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :approle, approle_name: "testing-role", token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
|
70
|
+
# fetcher.fetch("secretkey1")
|
71
|
+
#
|
72
|
+
SUPPORTED_AUTH_TYPES = %i{approle iam_role token}.freeze
|
58
73
|
class HashiVault < Base
|
59
74
|
|
60
75
|
# Validate and authenticate the current session using the configured auth strategy and parameters
|
@@ -67,6 +82,25 @@ class Chef
|
|
67
82
|
Vault.namespace = config[:namespace] unless config[:namespace].nil?
|
68
83
|
|
69
84
|
case config[:auth_method]
|
85
|
+
when :approle
|
86
|
+
unless config[:approle_name] || config[:approle_id]
|
87
|
+
raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the :approle_name or :approle_id in the configuration with :auth_method set to :approle")
|
88
|
+
end
|
89
|
+
|
90
|
+
# When :approle_id and :approle_secret_id are both specified, all pieces are present which are needed to authenticate using an approle.
|
91
|
+
# If either is missing, we need to authenticate to Vault to get the missing pieces with the :approle_name and optionally :token.
|
92
|
+
unless config[:approle_id] && config[:approle_secret_id]
|
93
|
+
if config[:approle_name].nil?
|
94
|
+
raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the :approle_name in the configuration when :approle_id and :approle_secret_id are not both present with :auth_method set to :approle")
|
95
|
+
end
|
96
|
+
|
97
|
+
Vault.token = config[:token] unless config[:token].nil?
|
98
|
+
end
|
99
|
+
|
100
|
+
approle_id = config[:approle_id] || Vault.approle.role_id(config[:approle_name])
|
101
|
+
approle_secret_id = config[:approle_secret_id] || Vault.approle.create_secret_id(config[:approle_name]).data[:secret_id]
|
102
|
+
|
103
|
+
Vault.auth.approle(approle_id, approle_secret_id)
|
70
104
|
when :token
|
71
105
|
if config[:token].nil?
|
72
106
|
raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the token in the configuration as :token")
|