chef 17.8.25-universal-mingw32 → 17.9.18-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
@@ -216,8 +216,7 @@ class Chef
216
216
  def parsed_feature_list
217
217
  # Grab raw feature information from WindowsFeature
218
218
  raw_list_of_features = powershell_exec!("Get-WindowsFeature | Select-Object -Property Name,InstallState", timeout: new_resource.timeout).result
219
-
220
- Chef::JSONCompat.from_json(raw_list_of_features)
219
+ raw_list_of_features || []
221
220
  end
222
221
 
223
222
  # add the features values to the appropriate array
@@ -149,7 +149,6 @@ class Chef
149
149
  DOC
150
150
 
151
151
  allowed_actions :create, :delete, :run, :end, :enable, :disable, :change
152
- default_action :create
153
152
 
154
153
  property :task_name, String, regex: [%r{\A[^/\:\*\?\<\>\|]+\z}],
155
154
  description: "An optional property to set the task name if it differs from the resource block's name. Example: `Task Name` or `/Task Name`",
@@ -182,10 +181,19 @@ class Chef
182
181
  default: false
183
182
 
184
183
  property :frequency_modifier, [Integer, String],
185
- default: 1
184
+ default: 1,
185
+ description: <<~DOCS
186
+ * For frequency `:minute` valid values are 1 to 1439
187
+ * For frequency `:hourly` valid values are 1 to 23
188
+ * For frequency `:daily` valid values are 1 to 365
189
+ * For frequency `:weekly` valid values are 1 to 52
190
+ * For frequency `:monthly` valid values are `('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST')` OR `1-12`.
191
+ * e.g. If user want to run the task on `second week of the month` use `frequency_modifier` value as `SECOND`. Multiple values for weeks of the month should be comma separated e.g. `"FIRST, THIRD, LAST"`.
192
+ * To run task every (n) months use values 1 to 12.
193
+ DOCS
186
194
 
187
195
  property :frequency, Symbol, equal_to: %i{minute hourly daily weekly monthly once on_logon onstart on_idle none},
188
- description: "The frequency with which to run the task."
196
+ description: "The frequency with which to run the task. Note: This property is required in Chef Infra Client 14.1 or later. Note: The `:once` value requires the `start_time` property to be set."
189
197
 
190
198
  property :start_day, String,
191
199
  description: "Specifies the first date on which the task runs in **MM/DD/YYYY** format.",
@@ -195,7 +203,14 @@ class Chef
195
203
  description: "Specifies the start time to run the task, in **HH:mm** format."
196
204
 
197
205
  property :day, [String, Integer],
198
- description: "The day(s) on which the task runs."
206
+ description: <<~DOCS
207
+ The day(s) on which the task runs.
208
+ * Use this property when setting `frequency` to `:monthly` or `:weekly`.
209
+ * Valid values with frequency `:weekly` are `MON`-`SUN` or `*`.
210
+ * Valid values with frequency `:monthly` are `1-31`, `MON`-`SUN`, and `LASTDAY`.
211
+ * Use `MON`-`SUN` or `LASTDAY` if you are setting `frequency_modifier` as "FIRST, SECOND, THIRD etc." else use 1-31.
212
+ * Multiple days should be comma separated. e.g `1, 2, 3` or `MON, WED, FRI`.
213
+ DOCS
199
214
 
200
215
  property :months, String,
201
216
  description: "The Months of the year on which the task runs, such as: `JAN, FEB` or `*`. Multiple months should be comma delimited. e.g. `Jan, Feb, Mar, Dec`."
@@ -961,7 +976,7 @@ class Chef
961
976
  end
962
977
  end
963
978
 
964
- action :create do
979
+ action :create, description: "Creates a scheduled task, or updates an existing task if any property has changed." do
965
980
  set_command_and_arguments if new_resource.command
966
981
 
967
982
  if current_resource.exists
@@ -998,7 +1013,7 @@ class Chef
998
1013
  end
999
1014
  end
1000
1015
 
1001
- action :run do
1016
+ action :run, description: "Runs a scheduled task." do
1002
1017
  if current_resource.exists
1003
1018
  logger.trace "#{new_resource} task exists"
1004
1019
  if current_resource.task.status == "running"
@@ -1013,7 +1028,7 @@ class Chef
1013
1028
  end
1014
1029
  end
1015
1030
 
1016
- action :delete do
1031
+ action :delete, description: "Deletes a scheduled task." do
1017
1032
  if current_resource.exists
1018
1033
  logger.trace "#{new_resource} task exists"
1019
1034
  converge_by("delete scheduled task #{new_resource}") do
@@ -1026,7 +1041,7 @@ class Chef
1026
1041
  end
1027
1042
  end
1028
1043
 
1029
- action :end do
1044
+ action :end, description: "Ends a scheduled task." do
1030
1045
  if current_resource.exists
1031
1046
  logger.trace "#{new_resource} task exists"
1032
1047
  if current_resource.task.status != "running"
@@ -1041,7 +1056,7 @@ class Chef
1041
1056
  end
1042
1057
  end
1043
1058
 
1044
- action :enable do
1059
+ action :enable, description: "Enables a scheduled task." do
1045
1060
  if current_resource.exists
1046
1061
  logger.trace "#{new_resource} task exists"
1047
1062
  if current_resource.task.status == "not scheduled"
@@ -1058,7 +1073,7 @@ class Chef
1058
1073
  end
1059
1074
  end
1060
1075
 
1061
- action :disable do
1076
+ action :disable, description: "Disables a scheduled task." do
1062
1077
  if current_resource.exists
1063
1078
  logger.info "#{new_resource} task exists"
1064
1079
  if %w{ready running}.include?(current_resource.task.status)
@@ -1,5 +1,7 @@
1
1
  require_relative "base"
2
2
  require_relative "../exceptions"
3
+ require "json" unless defined?(JSON)
4
+ require "net/http" unless defined?(Net::HTTP)
3
5
  require "uri" unless defined?(URI)
4
6
 
5
7
  class Chef
@@ -31,6 +31,10 @@ class Chef
31
31
  # :auth_method - one of :iam_role, :token. default: :iam_role
32
32
  # :vault_addr - the address of a running Vault instance, eg https://vault.example.com:8200
33
33
  #
34
+ # For `:approle`: one of `:approle_name` or `:approle_id`
35
+ # `:approle_name`: The name of the approle to use for authentication. When specified, associated `:approle_id` will be found via query to Vault instance.
36
+ # `:approle_id`: The ID of the approle to use for authentication, requires `:approle_secret_id`
37
+ # `:approle_secret_id`: The Vault `secret_id` associated with the provided `:approle_name` or `:approle_id`. When specified, prevents need to create `:secret_id` with `:approle_name`.
34
38
  # For `:token` auth: `:token` - a Vault token valid for authentication.
35
39
  #
36
40
  # For `:iam_role`: `:role_name` - the name of the role in Vault that was created
@@ -47,14 +51,25 @@ class Chef
47
51
  #
48
52
  # @example
49
53
  #
50
- # fetcher = SecretFetcher.for_service(:hashi_vault, { role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
54
+ # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :iam_role, role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
51
55
  # fetcher.fetch("secretkey1")
52
56
  #
53
57
  # @example
54
58
  #
55
- # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
59
+ # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, approle: 'approle_name', run_context )
56
60
  # fetcher.fetch("secretkey1")
57
- SUPPORTED_AUTH_TYPES = %i{iam_role token}.freeze
61
+ #
62
+ # @example
63
+ #
64
+ # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :approle, approle_id: "11111111-abcd-1111-abcd-111111111111", approle_secret_id: "22222222-abcd-2222-abcd-222222222222", vault_addr: https://localhost:8200}, run_context )
65
+ # fetcher.fetch("secretkey1")
66
+ #
67
+ # @example
68
+ #
69
+ # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :approle, approle_name: "testing-role", token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
70
+ # fetcher.fetch("secretkey1")
71
+ #
72
+ SUPPORTED_AUTH_TYPES = %i{approle iam_role token}.freeze
58
73
  class HashiVault < Base
59
74
 
60
75
  # Validate and authenticate the current session using the configured auth strategy and parameters
@@ -67,6 +82,25 @@ class Chef
67
82
  Vault.namespace = config[:namespace] unless config[:namespace].nil?
68
83
 
69
84
  case config[:auth_method]
85
+ when :approle
86
+ unless config[:approle_name] || config[:approle_id]
87
+ raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the :approle_name or :approle_id in the configuration with :auth_method set to :approle")
88
+ end
89
+
90
+ # When :approle_id and :approle_secret_id are both specified, all pieces are present which are needed to authenticate using an approle.
91
+ # If either is missing, we need to authenticate to Vault to get the missing pieces with the :approle_name and optionally :token.
92
+ unless config[:approle_id] && config[:approle_secret_id]
93
+ if config[:approle_name].nil?
94
+ raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the :approle_name in the configuration when :approle_id and :approle_secret_id are not both present with :auth_method set to :approle")
95
+ end
96
+
97
+ Vault.token = config[:token] unless config[:token].nil?
98
+ end
99
+
100
+ approle_id = config[:approle_id] || Vault.approle.role_id(config[:approle_name])
101
+ approle_secret_id = config[:approle_secret_id] || Vault.approle.create_secret_id(config[:approle_name]).data[:secret_id]
102
+
103
+ Vault.auth.approle(approle_id, approle_secret_id)
70
104
  when :token
71
105
  if config[:token].nil?
72
106
  raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the token in the configuration as :token")
data/lib/chef/version.rb CHANGED
@@ -23,7 +23,7 @@ require_relative "version_string"
23
23
 
24
24
  class Chef
25
25
  CHEF_ROOT = File.expand_path("..", __dir__)
26
- VERSION = Chef::VersionString.new("17.8.25")
26
+ VERSION = Chef::VersionString.new("17.9.18")
27
27
  end
28
28
 
29
29
  #