chef 17.8.25-universal-mingw32 → 17.9.18-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/package/yum/python_helper.rb +81 -25
- data/lib/chef/provider/package/yum.rb +39 -12
- data/lib/chef/provider/package.rb +4 -4
- data/lib/chef/provider.rb +4 -1
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/resource/apt_package.rb +2 -2
- data/lib/chef/resource/chef_client_config.rb +2 -3
- data/lib/chef/resource/chocolatey_package.rb +3 -3
- data/lib/chef/resource/cron/cron.rb +75 -1
- data/lib/chef/resource/cron/cron_d.rb +2 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -4
- data/lib/chef/resource/powershell_package_source.rb +8 -8
- data/lib/chef/resource/rhsm_register.rb +3 -3
- data/lib/chef/resource/windows_feature_powershell.rb +1 -2
- data/lib/chef/resource/windows_task.rb +25 -10
- data/lib/chef/secret_fetcher/azure_key_vault.rb +2 -0
- data/lib/chef/secret_fetcher/hashi_vault.rb +37 -3
- data/lib/chef/version.rb +1 -1
- data/spec/functional/resource/dnf_package_spec.rb +107 -107
- data/spec/functional/resource/yum_package_spec.rb +789 -129
- data/spec/unit/secret_fetcher/hashi_vault_spec.rb +46 -0
- metadata +6 -8
- data/lib/chef/provider/group/suse.rb +0 -82
- data/spec/unit/provider/group/suse_spec.rb +0 -90
@@ -65,6 +65,52 @@ describe Chef::SecretFetcher::HashiVault do
|
|
65
65
|
fetcher.validate!
|
66
66
|
end
|
67
67
|
end
|
68
|
+
|
69
|
+
context "and using auth_method: :approle" do
|
70
|
+
it "raises ConfigurationInvalid message when :approle_name or :approle_id are not specified" do
|
71
|
+
fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :approle, vault_addr: "https://vault.example.com:8200" }, run_context)
|
72
|
+
expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
|
73
|
+
end
|
74
|
+
|
75
|
+
it "authenticates using the approle_id and approle_secret_id during validation when all configuration is correct" do
|
76
|
+
fetcher = Chef::SecretFetcher::HashiVault.new({
|
77
|
+
auth_method: :approle,
|
78
|
+
approle_id: "idguid",
|
79
|
+
approle_secret_id: "secretguid",
|
80
|
+
vault_addr: "https://vault.example.com:8200" },
|
81
|
+
run_context)
|
82
|
+
auth = instance_double(Vault::Authenticate)
|
83
|
+
allow(auth).to receive(:approle)
|
84
|
+
allow(Vault).to receive(:auth).and_return(auth)
|
85
|
+
expect(auth).to receive(:approle).with("idguid", "secretguid")
|
86
|
+
fetcher.validate!
|
87
|
+
end
|
88
|
+
|
89
|
+
it "looks up the :role_id and :secret_id when all configuration is correct" do
|
90
|
+
fetcher = Chef::SecretFetcher::HashiVault.new({
|
91
|
+
auth_method: :approle,
|
92
|
+
approle_name: "myapprole",
|
93
|
+
token: "t.1234abcd",
|
94
|
+
vault_addr: "https://vault.example.com:8200" },
|
95
|
+
run_context)
|
96
|
+
approle = instance_double(Vault::AppRole)
|
97
|
+
auth = instance_double(Vault::Authenticate)
|
98
|
+
allow(Vault).to receive(:approle).and_return(approle)
|
99
|
+
allow(approle).to receive(:role_id).with("myapprole").and_return("idguid")
|
100
|
+
allow(approle).to receive(:create_secret_id).with("myapprole").and_return(Vault::Secret.new({
|
101
|
+
data: {
|
102
|
+
secret_id: "secretguid",
|
103
|
+
secret_id_accessor: "accessor_guid",
|
104
|
+
secret_id_ttl: 0,
|
105
|
+
},
|
106
|
+
lease_duration: 0,
|
107
|
+
lease_id: "",
|
108
|
+
}))
|
109
|
+
allow(Vault).to receive(:auth).and_return(auth)
|
110
|
+
expect(auth).to receive(:approle).with("idguid", "secretguid")
|
111
|
+
fetcher.validate!
|
112
|
+
end
|
113
|
+
end
|
68
114
|
end
|
69
115
|
|
70
116
|
context "when fetching a secret from Hashi Vault" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 17.
|
4
|
+
version: 17.9.18
|
5
5
|
platform: universal-mingw32
|
6
6
|
authors:
|
7
7
|
- Adam Jacob
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-12-
|
11
|
+
date: 2021-12-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-config
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 17.
|
19
|
+
version: 17.9.18
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 17.
|
26
|
+
version: 17.9.18
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: chef-utils
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 17.
|
33
|
+
version: 17.9.18
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 17.
|
40
|
+
version: 17.9.18
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: train-core
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1648,7 +1648,6 @@ files:
|
|
1648
1648
|
- lib/chef/provider/group/groupmod.rb
|
1649
1649
|
- lib/chef/provider/group/pw.rb
|
1650
1650
|
- lib/chef/provider/group/solaris.rb
|
1651
|
-
- lib/chef/provider/group/suse.rb
|
1652
1651
|
- lib/chef/provider/group/usermod.rb
|
1653
1652
|
- lib/chef/provider/group/windows.rb
|
1654
1653
|
- lib/chef/provider/http_request.rb
|
@@ -2820,7 +2819,6 @@ files:
|
|
2820
2819
|
- spec/unit/provider/group/groupmod_spec.rb
|
2821
2820
|
- spec/unit/provider/group/pw_spec.rb
|
2822
2821
|
- spec/unit/provider/group/solaris_spec.rb
|
2823
|
-
- spec/unit/provider/group/suse_spec.rb
|
2824
2822
|
- spec/unit/provider/group/usermod_spec.rb
|
2825
2823
|
- spec/unit/provider/group/windows_spec.rb
|
2826
2824
|
- spec/unit/provider/group_spec.rb
|
@@ -1,82 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: AJ Christensen (<aj@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require_relative "groupadd"
|
20
|
-
require "etc" unless defined?(Etc)
|
21
|
-
|
22
|
-
class Chef
|
23
|
-
class Provider
|
24
|
-
class Group
|
25
|
-
class Suse < Chef::Provider::Group::Groupadd
|
26
|
-
provides :group, platform: "suse", platform_version: "< 12.0"
|
27
|
-
|
28
|
-
def load_current_resource
|
29
|
-
super
|
30
|
-
end
|
31
|
-
|
32
|
-
def define_resource_requirements
|
33
|
-
super
|
34
|
-
requirements.assert(:all_actions) do |a|
|
35
|
-
a.assertion { ::File.exist?("/usr/sbin/groupmod") }
|
36
|
-
a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/sbin/groupmod for #{new_resource.name}"
|
37
|
-
# No whyrun alternative: this component should be available in the base install of any given system that uses it
|
38
|
-
end
|
39
|
-
|
40
|
-
requirements.assert(:create, :manage, :modify) do |a|
|
41
|
-
a.assertion do
|
42
|
-
|
43
|
-
to_add(new_resource.members).all? { |member| Etc.getpwnam(member) }
|
44
|
-
rescue
|
45
|
-
false
|
46
|
-
|
47
|
-
end
|
48
|
-
a.failure_message Chef::Exceptions::Group, "Could not add users #{to_add(new_resource.members).join(", ")} to #{new_resource.group_name}: one of these users does not exist"
|
49
|
-
a.whyrun "Could not find one of these users: #{to_add(new_resource.members).join(", ")}. Assuming it will be created by a prior step"
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def set_members(members)
|
54
|
-
to_remove(members).each do |member|
|
55
|
-
remove_member(member)
|
56
|
-
end
|
57
|
-
|
58
|
-
to_add(members).each do |member|
|
59
|
-
add_member(member)
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
def to_add(members)
|
64
|
-
members - current_resource.members
|
65
|
-
end
|
66
|
-
|
67
|
-
def add_member(member)
|
68
|
-
shell_out!("groupmod", "-A", member, new_resource.group_name)
|
69
|
-
end
|
70
|
-
|
71
|
-
def to_remove(members)
|
72
|
-
current_resource.members - members
|
73
|
-
end
|
74
|
-
|
75
|
-
def remove_member(member)
|
76
|
-
shell_out!("groupmod", "-R", member, new_resource.group_name)
|
77
|
-
end
|
78
|
-
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
@@ -1,90 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Tom Duffield (<tom@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) Chef Software Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require "spec_helper"
|
20
|
-
|
21
|
-
describe Chef::Provider::Group::Suse do
|
22
|
-
let(:node) { Chef::Node.new }
|
23
|
-
let(:events) { Chef::EventDispatch::Dispatcher.new }
|
24
|
-
let(:run_context) { Chef::RunContext.new(node, {}, events) }
|
25
|
-
let(:new_members) { %w{root new_user} }
|
26
|
-
let(:new_resource) do
|
27
|
-
Chef::Resource::Group.new("new_group").tap do |r|
|
28
|
-
r.gid 50
|
29
|
-
r.members new_members
|
30
|
-
r.system false
|
31
|
-
r.non_unique false
|
32
|
-
end
|
33
|
-
end
|
34
|
-
let(:current_resource) do
|
35
|
-
Chef::Resource::Group.new("new_group").tap do |r|
|
36
|
-
r.gid 50
|
37
|
-
r.members %w{root}
|
38
|
-
r.system false
|
39
|
-
r.non_unique false
|
40
|
-
end
|
41
|
-
end
|
42
|
-
let(:provider) do
|
43
|
-
described_class.new(new_resource, run_context).tap do |p|
|
44
|
-
p.current_resource = current_resource
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
describe "when determining the current group state" do
|
49
|
-
before(:each) do
|
50
|
-
allow(File).to receive(:exist?).and_return(true)
|
51
|
-
provider.action = :create
|
52
|
-
provider.define_resource_requirements
|
53
|
-
end
|
54
|
-
|
55
|
-
# Checking for required binaries is already done in the spec
|
56
|
-
# for Chef::Provider::Group - no need to repeat it here. We'll
|
57
|
-
# include only what's specific to this provider.
|
58
|
-
it "should raise an error if the required binary /usr/sbin/groupmod doesn't exist" do
|
59
|
-
expect(File).to receive(:exist?).with("/usr/sbin/groupmod").and_return(false)
|
60
|
-
expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
|
61
|
-
end
|
62
|
-
|
63
|
-
it "should raise error if one of the member users does not exist" do
|
64
|
-
expect(Etc).to receive(:getpwnam).with("new_user").and_raise ArgumentError
|
65
|
-
expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
describe "#set_members" do
|
70
|
-
it "should add missing members and remove deleted members" do
|
71
|
-
expect(provider).not_to receive(:remove_member)
|
72
|
-
expect(provider).to receive(:add_member).with("new_user")
|
73
|
-
provider.set_members(new_members)
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
describe "#add_member" do
|
78
|
-
it "should call out to groupmod to add user" do
|
79
|
-
expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-A", "new_user", "new_group")
|
80
|
-
provider.add_member("new_user")
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
describe "#remove_member" do
|
85
|
-
it "should call out to groupmod to remove user" do
|
86
|
-
expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-R", "new_user", "new_group")
|
87
|
-
provider.remove_member("new_user")
|
88
|
-
end
|
89
|
-
end
|
90
|
-
end
|