RubyGems - chef - Versions diffs - 17.8.25 → 17.9.18 - Mend

chef 17.8.25 → 17.9.18

Files changed (28) hide show

checksums.yaml +4 -4
data/lib/chef/provider/cron.rb +2 -2
data/lib/chef/provider/directory.rb +2 -2
data/lib/chef/provider/ifconfig.rb +4 -4
data/lib/chef/provider/package/yum/python_helper.rb +81 -25
data/lib/chef/provider/package/yum.rb +39 -12
data/lib/chef/provider/package.rb +4 -4
data/lib/chef/provider.rb +4 -1
data/lib/chef/providers.rb +0 -1
data/lib/chef/resource/apt_package.rb +2 -2
data/lib/chef/resource/chef_client_config.rb +2 -3
data/lib/chef/resource/chocolatey_package.rb +3 -3
data/lib/chef/resource/cron/cron.rb +75 -1
data/lib/chef/resource/cron/cron_d.rb +2 -1
data/lib/chef/resource/homebrew_tap.rb +0 -4
data/lib/chef/resource/powershell_package_source.rb +8 -8
data/lib/chef/resource/rhsm_register.rb +3 -3
data/lib/chef/resource/windows_feature_powershell.rb +1 -2
data/lib/chef/resource/windows_task.rb +25 -10
data/lib/chef/secret_fetcher/azure_key_vault.rb +2 -0
data/lib/chef/secret_fetcher/hashi_vault.rb +37 -3
data/lib/chef/version.rb +1 -1
data/spec/functional/resource/dnf_package_spec.rb +107 -107
data/spec/functional/resource/yum_package_spec.rb +789 -129
data/spec/unit/secret_fetcher/hashi_vault_spec.rb +46 -0
metadata +6 -8
data/lib/chef/provider/group/suse.rb +0 -82
data/spec/unit/provider/group/suse_spec.rb +0 -90

data/spec/unit/secret_fetcher/hashi_vault_spec.rb CHANGED Viewed

@@ -65,6 +65,52 @@ describe Chef::SecretFetcher::HashiVault do
         fetcher.validate!
       end
     end
+    context "and using auth_method: :approle" do
+      it "raises ConfigurationInvalid message when :approle_name or :approle_id are not specified" do
+        fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :approle, vault_addr: "https://vault.example.com:8200" }, run_context)
+        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+      end
+      it "authenticates using the approle_id and approle_secret_id during validation when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new({
+          auth_method: :approle,
+          approle_id: "idguid",
+          approle_secret_id: "secretguid",
+          vault_addr: "https://vault.example.com:8200" },
+          run_context)
+        auth = instance_double(Vault::Authenticate)
+        allow(auth).to receive(:approle)
+        allow(Vault).to receive(:auth).and_return(auth)
+        expect(auth).to receive(:approle).with("idguid", "secretguid")
+        fetcher.validate!
+      end
+      it "looks up the :role_id and :secret_id when all configuration is correct" do
+        fetcher = Chef::SecretFetcher::HashiVault.new({
+          auth_method: :approle,
+          approle_name: "myapprole",
+          token: "t.1234abcd",
+          vault_addr: "https://vault.example.com:8200" },
+          run_context)
+        approle = instance_double(Vault::AppRole)
+        auth = instance_double(Vault::Authenticate)
+        allow(Vault).to receive(:approle).and_return(approle)
+        allow(approle).to receive(:role_id).with("myapprole").and_return("idguid")
+        allow(approle).to receive(:create_secret_id).with("myapprole").and_return(Vault::Secret.new({
+          data: {
+            secret_id: "secretguid",
+            secret_id_accessor: "accessor_guid",
+            secret_id_ttl: 0,
+          },
+          lease_duration: 0,
+          lease_id: "",
+        }))
+        allow(Vault).to receive(:auth).and_return(auth)
+        expect(auth).to receive(:approle).with("idguid", "secretguid")
+        fetcher.validate!
+      end
+    end
   end
   context "when fetching a secret from Hashi Vault" do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.8.25
+  version: 17.9.18
 platform: ruby
 authors:
 - Adam Jacob
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-01 00:00:00.000000000 Z
+date: 2021-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.8.25
+        version: 17.9.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.8.25
+        version: 17.9.18
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.8.25
+        version: 17.9.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.8.25
+        version: 17.9.18
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -869,7 +869,6 @@ files:
 - lib/chef/provider/group/groupmod.rb
 - lib/chef/provider/group/pw.rb
 - lib/chef/provider/group/solaris.rb
-- lib/chef/provider/group/suse.rb
 - lib/chef/provider/group/usermod.rb
 - lib/chef/provider/group/windows.rb
 - lib/chef/provider/http_request.rb
@@ -2041,7 +2040,6 @@ files:
 - spec/unit/provider/group/groupmod_spec.rb
 - spec/unit/provider/group/pw_spec.rb
 - spec/unit/provider/group/solaris_spec.rb
-- spec/unit/provider/group/suse_spec.rb
 - spec/unit/provider/group/usermod_spec.rb
 - spec/unit/provider/group/windows_spec.rb
 - spec/unit/provider/group_spec.rb

data/lib/chef/provider/group/suse.rb DELETED Viewed

@@ -1,82 +0,0 @@
-#
-# Author:: AJ Christensen (<aj@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require_relative "groupadd"
-require "etc" unless defined?(Etc)
-class Chef
-  class Provider
-    class Group
-      class Suse < Chef::Provider::Group::Groupadd
-        provides :group, platform: "suse", platform_version: "< 12.0"
-        def load_current_resource
-          super
-        end
-        def define_resource_requirements
-          super
-          requirements.assert(:all_actions) do |a|
-            a.assertion { ::File.exist?("/usr/sbin/groupmod") }
-            a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/sbin/groupmod for #{new_resource.name}"
-            # No whyrun alternative: this component should be available in the base install of any given system that uses it
-          end
-          requirements.assert(:create, :manage, :modify) do |a|
-            a.assertion do
-              to_add(new_resource.members).all? { |member| Etc.getpwnam(member) }
-            rescue
-              false
-            end
-            a.failure_message Chef::Exceptions::Group, "Could not add users #{to_add(new_resource.members).join(", ")} to #{new_resource.group_name}: one of these users does not exist"
-            a.whyrun "Could not find one of these users: #{to_add(new_resource.members).join(", ")}. Assuming it will be created by a prior step"
-          end
-        end
-        def set_members(members)
-          to_remove(members).each do |member|
-            remove_member(member)
-          end
-          to_add(members).each do |member|
-            add_member(member)
-          end
-        end
-        def to_add(members)
-          members - current_resource.members
-        end
-        def add_member(member)
-          shell_out!("groupmod", "-A", member, new_resource.group_name)
-        end
-        def to_remove(members)
-          current_resource.members - members
-        end
-        def remove_member(member)
-          shell_out!("groupmod", "-R", member, new_resource.group_name)
-        end
-      end
-    end
-  end
-end

data/spec/unit/provider/group/suse_spec.rb DELETED Viewed

@@ -1,90 +0,0 @@
-#
-# Author:: Tom Duffield (<tom@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require "spec_helper"
-describe Chef::Provider::Group::Suse do
-  let(:node) { Chef::Node.new }
-  let(:events) { Chef::EventDispatch::Dispatcher.new }
-  let(:run_context) { Chef::RunContext.new(node, {}, events) }
-  let(:new_members) { %w{root new_user} }
-  let(:new_resource) do
-    Chef::Resource::Group.new("new_group").tap do |r|
-      r.gid 50
-      r.members new_members
-      r.system false
-      r.non_unique false
-    end
-  end
-  let(:current_resource) do
-    Chef::Resource::Group.new("new_group").tap do |r|
-      r.gid 50
-      r.members %w{root}
-      r.system false
-      r.non_unique false
-    end
-  end
-  let(:provider) do
-    described_class.new(new_resource, run_context).tap do |p|
-      p.current_resource = current_resource
-    end
-  end
-  describe "when determining the current group state" do
-    before(:each) do
-      allow(File).to receive(:exist?).and_return(true)
-      provider.action = :create
-      provider.define_resource_requirements
-    end
-    # Checking for required binaries is already done in the spec
-    # for Chef::Provider::Group - no need to repeat it here.  We'll
-    # include only what's specific to this provider.
-    it "should raise an error if the required binary /usr/sbin/groupmod doesn't exist" do
-      expect(File).to receive(:exist?).with("/usr/sbin/groupmod").and_return(false)
-      expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
-    end
-    it "should raise error if one of the member users does not exist" do
-      expect(Etc).to receive(:getpwnam).with("new_user").and_raise ArgumentError
-      expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
-    end
-  end
-  describe "#set_members" do
-    it "should add missing members and remove deleted members" do
-      expect(provider).not_to receive(:remove_member)
-      expect(provider).to receive(:add_member).with("new_user")
-      provider.set_members(new_members)
-    end
-  end
-  describe "#add_member" do
-    it "should call out to groupmod to add user" do
-      expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-A", "new_user", "new_group")
-      provider.add_member("new_user")
-    end
-  end
-  describe "#remove_member" do
-    it "should call out to groupmod to remove user" do
-      expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-R", "new_user", "new_group")
-      provider.remove_member("new_user")
-    end
-  end
-end