chef 17.8.25-universal-mingw32 → 17.9.18-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/package/yum/python_helper.rb +81 -25
- data/lib/chef/provider/package/yum.rb +39 -12
- data/lib/chef/provider/package.rb +4 -4
- data/lib/chef/provider.rb +4 -1
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/resource/apt_package.rb +2 -2
- data/lib/chef/resource/chef_client_config.rb +2 -3
- data/lib/chef/resource/chocolatey_package.rb +3 -3
- data/lib/chef/resource/cron/cron.rb +75 -1
- data/lib/chef/resource/cron/cron_d.rb +2 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -4
- data/lib/chef/resource/powershell_package_source.rb +8 -8
- data/lib/chef/resource/rhsm_register.rb +3 -3
- data/lib/chef/resource/windows_feature_powershell.rb +1 -2
- data/lib/chef/resource/windows_task.rb +25 -10
- data/lib/chef/secret_fetcher/azure_key_vault.rb +2 -0
- data/lib/chef/secret_fetcher/hashi_vault.rb +37 -3
- data/lib/chef/version.rb +1 -1
- data/spec/functional/resource/dnf_package_spec.rb +107 -107
- data/spec/functional/resource/yum_package_spec.rb +789 -129
- data/spec/unit/secret_fetcher/hashi_vault_spec.rb +46 -0
- metadata +6 -8
- data/lib/chef/provider/group/suse.rb +0 -82
- data/spec/unit/provider/group/suse_spec.rb +0 -90
@@ -65,6 +65,52 @@ describe Chef::SecretFetcher::HashiVault do
|
|
65
65
|
fetcher.validate!
|
66
66
|
end
|
67
67
|
end
|
68
|
+
|
69
|
+
context "and using auth_method: :approle" do
|
70
|
+
it "raises ConfigurationInvalid message when :approle_name or :approle_id are not specified" do
|
71
|
+
fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :approle, vault_addr: "https://vault.example.com:8200" }, run_context)
|
72
|
+
expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
73
|
+
end
|
74
|
+
|
75
|
+
it "authenticates using the approle_id and approle_secret_id during validation when all configuration is correct" do
|
76
|
+
fetcher = Chef::SecretFetcher::HashiVault.new({
|
77
|
+
auth_method: :approle,
|
78
|
+
approle_id: "idguid",
|
79
|
+
approle_secret_id: "secretguid",
|
80
|
+
vault_addr: "https://vault.example.com:8200" },
|
81
|
+
run_context)
|
82
|
+
auth = instance_double(Vault::Authenticate)
|
83
|
+
allow(auth).to receive(:approle)
|
84
|
+
allow(Vault).to receive(:auth).and_return(auth)
|
85
|
+
expect(auth).to receive(:approle).with("idguid", "secretguid")
|
86
|
+
fetcher.validate!
|
87
|
+
end
|
88
|
+
|
89
|
+
it "looks up the :role_id and :secret_id when all configuration is correct" do
|
90
|
+
fetcher = Chef::SecretFetcher::HashiVault.new({
|
91
|
+
auth_method: :approle,
|
92
|
+
approle_name: "myapprole",
|
93
|
+
token: "t.1234abcd",
|
94
|
+
vault_addr: "https://vault.example.com:8200" },
|
95
|
+
run_context)
|
96
|
+
approle = instance_double(Vault::AppRole)
|
97
|
+
auth = instance_double(Vault::Authenticate)
|
98
|
+
allow(Vault).to receive(:approle).and_return(approle)
|
99
|
+
allow(approle).to receive(:role_id).with("myapprole").and_return("idguid")
|
100
|
+
allow(approle).to receive(:create_secret_id).with("myapprole").and_return(Vault::Secret.new({
|
101
|
+
data: {
|
102
|
+
secret_id: "secretguid",
|
103
|
+
secret_id_accessor: "accessor_guid",
|
104
|
+
secret_id_ttl: 0,
|
105
|
+
},
|
106
|
+
lease_duration: 0,
|
107
|
+
lease_id: "",
|
108
|
+
}))
|
109
|
+
allow(Vault).to receive(:auth).and_return(auth)
|
110
|
+
expect(auth).to receive(:approle).with("idguid", "secretguid")
|
111
|
+
fetcher.validate!
|
112
|
+
end
|
113
|
+
end
|
68
114
|
end
|
69
115
|
|
70
116
|
context "when fetching a secret from Hashi Vault" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 17.
|
4
|
+
version: 17.9.18
|
5
5
|
platform: universal-mingw32
|
6
6
|
authors:
|
7
7
|
- Adam Jacob
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-12-
|
11
|
+
date: 2021-12-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-config
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 17.
|
19
|
+
version: 17.9.18
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 17.
|
26
|
+
version: 17.9.18
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: chef-utils
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 17.
|
33
|
+
version: 17.9.18
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 17.
|
40
|
+
version: 17.9.18
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: train-core
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1648,7 +1648,6 @@ files:
|
|
1648
1648
|
- lib/chef/provider/group/groupmod.rb
|
1649
1649
|
- lib/chef/provider/group/pw.rb
|
1650
1650
|
- lib/chef/provider/group/solaris.rb
|
1651
|
-
- lib/chef/provider/group/suse.rb
|
1652
1651
|
- lib/chef/provider/group/usermod.rb
|
1653
1652
|
- lib/chef/provider/group/windows.rb
|
1654
1653
|
- lib/chef/provider/http_request.rb
|
@@ -2820,7 +2819,6 @@ files:
|
|
2820
2819
|
- spec/unit/provider/group/groupmod_spec.rb
|
2821
2820
|
- spec/unit/provider/group/pw_spec.rb
|
2822
2821
|
- spec/unit/provider/group/solaris_spec.rb
|
2823
|
-
- spec/unit/provider/group/suse_spec.rb
|
2824
2822
|
- spec/unit/provider/group/usermod_spec.rb
|
2825
2823
|
- spec/unit/provider/group/windows_spec.rb
|
2826
2824
|
- spec/unit/provider/group_spec.rb
|
@@ -1,82 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: AJ Christensen (<aj@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require_relative "groupadd"
|
20
|
-
require "etc" unless defined?(Etc)
|
21
|
-
|
22
|
-
class Chef
|
23
|
-
class Provider
|
24
|
-
class Group
|
25
|
-
class Suse < Chef::Provider::Group::Groupadd
|
26
|
-
provides :group, platform: "suse", platform_version: "< 12.0"
|
27
|
-
|
28
|
-
def load_current_resource
|
29
|
-
super
|
30
|
-
end
|
31
|
-
|
32
|
-
def define_resource_requirements
|
33
|
-
super
|
34
|
-
requirements.assert(:all_actions) do |a|
|
35
|
-
a.assertion { ::File.exist?("/usr/sbin/groupmod") }
|
36
|
-
a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/sbin/groupmod for #{new_resource.name}"
|
37
|
-
# No whyrun alternative: this component should be available in the base install of any given system that uses it
|
38
|
-
end
|
39
|
-
|
40
|
-
requirements.assert(:create, :manage, :modify) do |a|
|
41
|
-
a.assertion do
|
42
|
-
|
43
|
-
to_add(new_resource.members).all? { |member| Etc.getpwnam(member) }
|
44
|
-
rescue
|
45
|
-
false
|
46
|
-
|
47
|
-
end
|
48
|
-
a.failure_message Chef::Exceptions::Group, "Could not add users #{to_add(new_resource.members).join(", ")} to #{new_resource.group_name}: one of these users does not exist"
|
49
|
-
a.whyrun "Could not find one of these users: #{to_add(new_resource.members).join(", ")}. Assuming it will be created by a prior step"
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def set_members(members)
|
54
|
-
to_remove(members).each do |member|
|
55
|
-
remove_member(member)
|
56
|
-
end
|
57
|
-
|
58
|
-
to_add(members).each do |member|
|
59
|
-
add_member(member)
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
def to_add(members)
|
64
|
-
members - current_resource.members
|
65
|
-
end
|
66
|
-
|
67
|
-
def add_member(member)
|
68
|
-
shell_out!("groupmod", "-A", member, new_resource.group_name)
|
69
|
-
end
|
70
|
-
|
71
|
-
def to_remove(members)
|
72
|
-
current_resource.members - members
|
73
|
-
end
|
74
|
-
|
75
|
-
def remove_member(member)
|
76
|
-
shell_out!("groupmod", "-R", member, new_resource.group_name)
|
77
|
-
end
|
78
|
-
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
@@ -1,90 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Tom Duffield (<tom@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require "spec_helper"
|
20
|
-
|
21
|
-
describe Chef::Provider::Group::Suse do
|
22
|
-
let(:node) { Chef::Node.new }
|
23
|
-
let(:events) { Chef::EventDispatch::Dispatcher.new }
|
24
|
-
let(:run_context) { Chef::RunContext.new(node, {}, events) }
|
25
|
-
let(:new_members) { %w{root new_user} }
|
26
|
-
let(:new_resource) do
|
27
|
-
Chef::Resource::Group.new("new_group").tap do |r|
|
28
|
-
r.gid 50
|
29
|
-
r.members new_members
|
30
|
-
r.system false
|
31
|
-
r.non_unique false
|
32
|
-
end
|
33
|
-
end
|
34
|
-
let(:current_resource) do
|
35
|
-
Chef::Resource::Group.new("new_group").tap do |r|
|
36
|
-
r.gid 50
|
37
|
-
r.members %w{root}
|
38
|
-
r.system false
|
39
|
-
r.non_unique false
|
40
|
-
end
|
41
|
-
end
|
42
|
-
let(:provider) do
|
43
|
-
described_class.new(new_resource, run_context).tap do |p|
|
44
|
-
p.current_resource = current_resource
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
describe "when determining the current group state" do
|
49
|
-
before(:each) do
|
50
|
-
allow(File).to receive(:exist?).and_return(true)
|
51
|
-
provider.action = :create
|
52
|
-
provider.define_resource_requirements
|
53
|
-
end
|
54
|
-
|
55
|
-
# Checking for required binaries is already done in the spec
|
56
|
-
# for Chef::Provider::Group - no need to repeat it here. We'll
|
57
|
-
# include only what's specific to this provider.
|
58
|
-
it "should raise an error if the required binary /usr/sbin/groupmod doesn't exist" do
|
59
|
-
expect(File).to receive(:exist?).with("/usr/sbin/groupmod").and_return(false)
|
60
|
-
expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
|
61
|
-
end
|
62
|
-
|
63
|
-
it "should raise error if one of the member users does not exist" do
|
64
|
-
expect(Etc).to receive(:getpwnam).with("new_user").and_raise ArgumentError
|
65
|
-
expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
describe "#set_members" do
|
70
|
-
it "should add missing members and remove deleted members" do
|
71
|
-
expect(provider).not_to receive(:remove_member)
|
72
|
-
expect(provider).to receive(:add_member).with("new_user")
|
73
|
-
provider.set_members(new_members)
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
describe "#add_member" do
|
78
|
-
it "should call out to groupmod to add user" do
|
79
|
-
expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-A", "new_user", "new_group")
|
80
|
-
provider.add_member("new_user")
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
describe "#remove_member" do
|
85
|
-
it "should call out to groupmod to remove user" do
|
86
|
-
expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-R", "new_user", "new_group")
|
87
|
-
provider.remove_member("new_user")
|
88
|
-
end
|
89
|
-
end
|
90
|
-
end
|