chef 17.9.52 → 18.0.169

data/lib/chef/resource/_rest_resource.rb

@@ -0,0 +1,389 @@
+#
+# Copyright:: Copyright 2008-2016, Chef, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "addressable/template" unless defined?(Addressable::Template)
+require "rest-client" unless defined?(RestClient)
+require "jmespath" unless defined?(JMESPath)
+require "chef/dsl/rest_resource" unless defined?(Chef::DSL::RestResource)
+
+extend Chef::DSL::RestResource
+
+action_class do
+  def load_current_resource
+    @current_resource = new_resource.class.new(new_resource.name)
+
+    required_properties.each do |name|
+      requested = new_resource.send(name)
+      current_resource.send(name, requested)
+    end
+
+    return @current_resource if rest_get_all.data.empty?
+
+    resource_data = rest_get.data rescue nil
+    return @current_resource if resource_data.nil? || resource_data.empty?
+
+    @resource_exists = true
+
+    # Map JSON contents to defined properties
+    current_resource.class.rest_property_map.each do |property, match_instruction|
+      property_value = json_to_property(match_instruction, property, resource_data)
+      current_resource.send(property, property_value) unless property_value.nil?
+    end
+
+    current_resource
+  end
+end
+
+action :configure do
+  if resource_exists?
+    converge_if_changed do
+      data = {}
+
+      new_resource.class.rest_property_map.each do |property, match_instruction|
+        # Skip "creation-only" properties on modifications
+        next if new_resource.class.rest_post_only_properties.include?(property)
+
+        deep_merge! data, property_to_json(property, match_instruction)
+      end
+
+      deep_compact!(data)
+
+      rest_patch(data)
+    end
+  else
+    converge_by "creating resource" do
+      data = {}
+
+      new_resource.class.rest_property_map.each do |property, match_instruction|
+        deep_merge! data, property_to_json(property, match_instruction)
+      end
+
+      deep_compact!(data)
+
+      rest_post(data)
+    end
+  end
+end
+
+action :delete do
+  if resource_exists?
+    converge_by "deleting resource" do
+      rest_delete
+    end
+  else
+    logger.debug format("REST resource %<name>s of type %<type>s does not exist. Skipping.",
+                        type: new_resource.name, name: id_property)
+  end
+end
+
+action_class do
+  # Override this for postprocessing device-specifics (paging, data conversion)
+  def rest_postprocess(response)
+    response
+  end
+
+  # Override this for error handling of device-specifics (readable error messages)
+  def rest_errorhandler(error_obj)
+    error_obj
+  end
+
+  private
+
+  def resource_exists?
+    @resource_exists
+  end
+
+  def required_properties
+    current_resource.class.properties.select { |_, v| v.required? }.except(:name).keys
+  end
+
+  # Return changed value or nil for delta current->new
+  def changed_value(property)
+    new_value = new_resource.send(property)
+    return new_value if current_resource.nil?
+
+    current_value = current_resource.send(property)
+
+    return current_value if required_properties.include? property
+
+    new_value == current_value ? nil : new_value
+  end
+
+  def id_property
+    current_resource.class.identity_attr
+  end
+
+  # Map properties to their current values
+  def property_map
+    map = {}
+
+    current_resource.class.state_properties.each do |property|
+      name = property.options[:name]
+
+      map[name] = current_resource.send(name)
+    end
+
+    map[id_property] = current_resource.send(id_property)
+
+    map
+  end
+
+  # Map part of a JSON (Hash) to resource property via JMESPath or user-supplied function
+  def json_to_property(match_instruction, property, resource_data)
+    case match_instruction
+    when String
+      JMESPath.search(match_instruction, resource_data)
+    when Symbol
+      function = "#{property}_from_json".to_sym
+      raise "#{new_resource.name} missing #{function} method" unless self.class.protected_method_defined?(function)
+
+      send(function, resource_data) || {}
+    else
+      raise TypeError, "Did not expect match type #{match_instruction.class}"
+    end
+  end
+
+  # Map resource contents into a JSON (Hash) via JMESPath-like syntax or user-supplied function
+  def property_to_json(property, match_instruction)
+    case match_instruction
+    when String
+      bury(match_instruction, changed_value(property))
+    when Symbol
+      function = "#{property}_to_json".to_sym
+      raise "#{new_resource.name} missing #{function} method" unless self.class.protected_method_defined?(function)
+
+      value = new_resource.send(property)
+      changed_value(property).nil? ? {} : send(function, value)
+    else
+      raise TypeError, "Did not expect match type #{match_instruction.class}"
+    end
+  end
+
+  def rest_url_collection
+    current_resource.class.rest_api_collection
+  end
+
+  # Resource document URL after RFC 6570 template evaluation via properties substitution
+  def rest_url_document
+    template = ::Addressable::Template.new(current_resource.class.rest_api_document)
+    template.expand(property_map).to_s
+  end
+
+  # Convenience method for conditional requires
+  def conditionally_require_on_setting(property, dependent_properties)
+    dependent_properties = Array(dependent_properties)
+
+    requirements.assert(:configure) do |a|
+      a.assertion do
+        # Needs to be set and truthy to require dependent properties
+        if new_resource.send(property)
+          dependent_properties.all? { |dep_prop| new_resource.property_is_set?(dep_prop) }
+        else
+          true
+        end
+      end
+
+      message = format("Setting property :%<property>s requires properties :%<properties>s to be set as well on resource %<resource_name>s",
+                       property: property,
+                       properties: dependent_properties.join(", :"),
+                       resource_name: current_resource.to_s)
+
+      a.failure_message message
+    end
+  end
+
+  # Generic REST helpers
+
+  def rest_get_all
+    response = api_connection.get(rest_url_collection)
+
+    rest_postprocess(response)
+  rescue RestClient::Exception => e
+    rest_errorhandler(e)
+  end
+
+  def rest_get
+    response = api_connection.get(rest_url_document)
+
+    response = rest_postprocess(response)
+
+    first_only = current_resource.class.rest_api_document_first_element_only
+    response.data = response.data.first if first_only && response.data.is_a?(Array)
+
+    response
+  rescue RestClient::Exception => e
+    rest_errorhandler(e)
+  end
+
+  def rest_post(data)
+    data.merge! rest_identity_values
+
+    response = api_connection.post(rest_url_collection, data: data)
+
+    rest_postprocess(response)
+  rescue RestClient::Exception => e
+    rest_errorhandler(e)
+  end
+
+  def rest_put(data)
+    data.merge! rest_identity_values
+
+    response = api_connection.put(rest_url_collection, data: data)
+
+    rest_postprocess(response)
+  rescue RestClient::Exception => e
+    rest_errorhandler(e)
+  end
+
+  def rest_patch(data)
+    response = api_connection.patch(rest_url_document, data: data)
+
+    rest_postprocess(response)
+  rescue RestClient::Exception => e
+    rest_errorhandler(e)
+  end
+
+  def rest_delete
+    response = api_connection.delete(rest_url_document)
+
+    rest_postprocess(response)
+  rescue RestClient::Exception => e
+    rest_errorhandler(e)
+  end
+
+  # REST parameter mapping
+
+  # Return number of parameters needed to identify a resource (pre- and post-creation)
+  def rest_arity
+    rest_identity_map.keys.count
+  end
+
+  # Return mapping of template placeholders to property value of identity parameters
+  def rest_identity_values
+    data = {}
+
+    rest_identity_map.each do |rfc_template, property|
+      property_value = new_resource.send(property)
+      data.merge! bury(rfc_template, property_value)
+    end
+
+    data
+  end
+
+  def rest_identity_map
+    rest_identity_explicit || rest_identity_implicit
+  end
+
+  # Accept direct mapping like { "svm.name" => :name } for specifying the x-ary identity of a resource
+  def rest_identity_explicit
+    current_resource.class.rest_identity_map
+  end
+
+  # Parse document URL for RFC 6570 templates and map them to resource properties.
+  #
+  # Examples:
+  #   Query based: "/api/protocols/san/igroups?name={name}&svm.name={svm}": { "name" => :name, "svm.name" => :svm }
+  #   Path based:  "/api/v1/{address}": { "address" => :address }
+  #
+  def rest_identity_implicit
+    template_url = current_resource.class.rest_api_document
+
+    rfc_template = ::Addressable::Template.new(template_url)
+    rfc_template_vars = rfc_template.variables
+
+    # Shortcut for 0-ary resources
+    return {} if rfc_template_vars.empty?
+
+    if query_based_selection?
+      uri_query = URI.parse(template_url).query
+
+      if CGI.parse(uri_query).values.any?(&:empty?)
+        raise "Need explicit identity mapping, as URL does not contain query parameters for all templates"
+      end
+
+      path_variables = CGI.parse(uri_query).keys
+    elsif path_based_selection?
+      path_variables = rfc_template_vars
+    else
+      # There is also
+      raise "Unknown type of resource selection. Document URL does not seem to be path- or query-based?"
+    end
+
+    identity_map = {}
+    path_variables.each_with_index do |v, i|
+      next if rfc_template_vars[i].nil? # Not mapped to property, assume metaparameter
+
+      identity_map[v] = rfc_template_vars[i].to_sym
+    end
+
+    identity_map
+  end
+
+  def query_based_selection?
+    template_url = current_resource.class.rest_api_document
+
+    # Will throw exception on presence of RFC 6570 templates
+    URI.parse(template_url)
+    true
+  rescue URI::InvalidURIError => _e
+    false
+  end
+
+  def path_based_selection?
+    !query_based_selection?
+  end
+
+  def api_connection
+    Chef.run_context.transport.connection
+  end
+
+  # Remove all empty keys (recusively) from Hash.
+  # @see https://stackoverflow.com/questions/56457020/#answer-56458673
+  def deep_compact!(hsh)
+    raise TypeError unless hsh.is_a? Hash
+
+    hsh.each do |_, v|
+      deep_compact!(v) if v.is_a? Hash
+    end.reject! { |_, v| v.nil? || (v.respond_to?(:empty?) && v.empty?) }
+  end
+
+  # Deep merge two hashes
+  # @see https://stackoverflow.com/questions/41109599#answer-41109737
+  def deep_merge!(hsh1, hsh2)
+    raise TypeError unless hsh1.is_a?(Hash) && hsh2.is_a?(Hash)
+
+    hsh1.merge!(hsh2) { |_, v1, v2| deep_merge!(v1, v2) }
+  end
+
+  # Create nested hashes from JMESPath syntax.
+  def bury(path, value)
+    raise TypeError unless path.is_a?(String)
+
+    arr = path.split(".")
+    ret = {}
+
+    if arr.count == 1
+      ret[arr.first] = value
+
+      ret
+    else
+      partial_path = arr[0..-2].join(".")
+
+      bury(partial_path, bury(arr.last, value))
+    end
+  end
+end

data/lib/chef/resource/alternatives.rb

@@ -22,7 +22,6 @@ require_relative "../resource"
 class Chef
   class Resource
     class Alternatives < Chef::Resource
-      unified_mode true
 
       provides(:alternatives) { true }
 

data/lib/chef/resource/apt_package.rb

@@ -21,7 +21,6 @@ require_relative "package"
 class Chef
   class Resource
     class AptPackage < Chef::Resource::Package
-      unified_mode true
 
       provides :apt_package, target_mode: true
       provides :package, platform_family: "debian", target_mode: true

data/lib/chef/resource/apt_preference.rb

@@ -21,7 +21,6 @@ require_relative "../resource"
 class Chef
   class Resource
     class AptPreference < Chef::Resource
-      unified_mode true
 
       provides(:apt_preference) { true }
 

data/lib/chef/resource/apt_repository.rb

@@ -26,7 +26,6 @@ end
 class Chef
   class Resource
     class AptRepository < Chef::Resource
-      unified_mode true
 
       provides(:apt_repository) { true }
 

data/lib/chef/resource/apt_update.rb

@@ -22,7 +22,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class AptUpdate < Chef::Resource
-      unified_mode true
 
       provides(:apt_update) { true }
 

data/lib/chef/resource/archive_file.rb

@@ -30,7 +30,6 @@ end
 class Chef
   class Resource
     class ArchiveFile < Chef::Resource
-      unified_mode true
 
       provides :archive_file
       provides :libarchive_file # legacy cookbook name

data/lib/chef/resource/bash.rb

@@ -21,7 +21,6 @@ require_relative "script"
 class Chef
   class Resource
     class Bash < Chef::Resource::Script
-      unified_mode true
 
       provides :bash
 

data/lib/chef/resource/batch.rb

@@ -21,7 +21,6 @@ require_relative "windows_script"
 class Chef
   class Resource
     class Batch < Chef::Resource::WindowsScript
-      unified_mode true
 
       provides :batch
 

data/lib/chef/resource/bff_package.rb

@@ -22,7 +22,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class BffPackage < Chef::Resource::Package
-      unified_mode true
 
       provides :bff_package
 

data/lib/chef/resource/breakpoint.rb

@@ -22,7 +22,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class Breakpoint < Chef::Resource
-      unified_mode true
 
       provides :breakpoint, target_mode: true
 

data/lib/chef/resource/build_essential.rb

@@ -19,7 +19,6 @@ require_relative "../resource"
 class Chef
   class Resource
     class BuildEssential < Chef::Resource
-      unified_mode true
 
       provides(:build_essential) { true }
 

data/lib/chef/resource/cab_package.rb

@@ -23,7 +23,6 @@ class Chef
   class Resource
     class CabPackage < Chef::Resource::Package
       include Chef::Mixin::Uris
-      unified_mode true
 
       provides :cab_package
 

data/lib/chef/resource/chef_client_config.rb

@@ -20,7 +20,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefClientConfig < Chef::Resource
-      unified_mode true
 
       provides :chef_client_config
 
@@ -209,6 +208,10 @@ class Chef
         description: %q(An array of hashes that contain a report handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
         default: []
 
+      property :rubygems_url, [String, Array],
+        description: "The location to source rubygems. It can be set to a string or array of strings for URIs to set as rubygems sources. This allows individuals to setup an internal mirror of rubygems for “airgapped” environments.",
+        introduced: "17.11"
+
       property :exception_handlers, Array,
         description: %q(An array of hashes that contain a exception handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
         default: []
@@ -249,21 +252,20 @@ class Chef
         description: "The data collector token to interact with the data collector server URL (Automate). Note: If possible, use Chef Infra Server to do all data collection reporting, as this removes the need to distribute tokens to individual nodes.",
         introduced: "17.8"
 
-      action :create, description: "Create a client.rb config file for configuring #{ChefUtils::Dist::Infra::PRODUCT}." do
-        unless ::Dir.exist?(new_resource.config_directory)
-          directory new_resource.config_directory do
-            user new_resource.user unless new_resource.user.nil?
-            group new_resource.group unless new_resource.group.nil?
-            mode "0750"
-            recursive true
-          end
-        end
-
-        unless ::Dir.exist?(::File.join(new_resource.config_directory, "client.d"))
-          directory ::File.join(new_resource.config_directory, "client.d") do
+      action :create, description: "Create a client.rb config file and folders for configuring #{ChefUtils::Dist::Infra::PRODUCT}." do
+        [
+          new_resource.config_directory,
+          (::File.dirname(new_resource.log_location) unless new_resource.log_location.nil?),
+          new_resource.file_backup_path,
+          new_resource.file_cache_path,
+          ::File.join(new_resource.config_directory, "client.d"),
+          (::File.dirname(new_resource.pid_file) unless new_resource.pid_file.nil?),
+        ].compact.each do |dir_path|
+
+          directory dir_path do
             user new_resource.user unless new_resource.user.nil?
             group new_resource.group unless new_resource.group.nil?
-            mode "0750"
+            mode dir_path == ::File.dirname(new_resource.log_location) ? "0755" : "0750"
             recursive true
           end
         end
@@ -297,6 +299,7 @@ class Chef
             policy_group: new_resource.policy_group,
             policy_name: new_resource.policy_name,
             report_handlers: format_handler(new_resource.report_handlers),
+            rubygems_url: new_resource.rubygems_url,
             ssl_verify_mode: new_resource.ssl_verify_mode,
             start_handlers: format_handler(new_resource.start_handlers),
             additional_config: new_resource.additional_config,

data/lib/chef/resource/chef_client_cron.rb

@@ -22,7 +22,6 @@ require "digest/md5" unless defined?(Digest::MD5)
 class Chef
   class Resource
     class ChefClientCron < Chef::Resource
-      unified_mode true
 
       provides :chef_client_cron
 
@@ -99,7 +98,7 @@ class Chef
       property :splay, [Integer, String],
         default: 300,
         coerce: proc { |x| Integer(x) },
-        callbacks: { "should be a positive number" => proc { |v| v > 0 } },
+        callbacks: { "should be a positive number" => proc { |v| v >= 0 } },
         description: "A random number of seconds between 0 and X to add to interval so that all #{ChefUtils::Dist::Infra::CLIENT} commands don't execute at the same time."
 
       property :mailto, String,

data/lib/chef/resource/chef_client_launchd.rb

@@ -19,7 +19,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefClientLaunchd < Chef::Resource
-      unified_mode true
 
       provides :chef_client_launchd
 
@@ -61,7 +60,7 @@ class Chef
       property :splay, [Integer, String],
         default: 300,
         coerce: proc { |x| Integer(x) },
-        callbacks: { "should be a positive number" => proc { |v| v > 0 } },
+        callbacks: { "should be a positive number" => proc { |v| v >= 0 } },
         description: "A random number of seconds between 0 and X to add to interval so that all #{ChefUtils::Dist::Infra::CLIENT} commands don't execute at the same time."
 
       property :accept_chef_license, [true, false],
@@ -135,6 +134,7 @@ class Chef
           program_arguments ["/bin/bash",
                              "-c",
                              "echo; echo #{ChefUtils::Dist::Infra::PRODUCT} launchd daemon config has been updated. Manually unloading and reloading the daemon; echo Now unloading the daemon; sudo /bin/launchctl unload /Library/LaunchDaemons/com.#{ChefUtils::Dist::Infra::SHORT}.#{ChefUtils::Dist::Infra::CLIENT}.plist; sleep 2; echo Now loading the daemon; sudo /bin/launchctl load /Library/LaunchDaemons/com.#{ChefUtils::Dist::Infra::SHORT}.#{ChefUtils::Dist::Infra::CLIENT}.plist"]
+          run_at_load true
           action :enable # enable creates the plist & triggers service restarts on change
         end
 

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -20,7 +20,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefClientScheduledTask < Chef::Resource
-      unified_mode true
 
       provides :chef_client_scheduled_task
 
@@ -108,7 +107,7 @@ class Chef
 
       property :splay, [Integer, String],
         coerce: proc { |x| Integer(x) },
-        callbacks: { "should be a positive number" => proc { |v| v > 0 } },
+        callbacks: { "should be a positive number" => proc { |v| v >= 0 } },
         description: "A random number of seconds between 0 and X to add to interval so that all #{ChefUtils::Dist::Infra::CLIENT} commands don't execute at the same time.",
         default: 300
 
@@ -123,7 +122,8 @@ class Chef
 
       property :config_directory, String,
         description: "The path of the config directory.",
-        default: ChefConfig::Config.etc_chef_dir
+        default: ChefConfig::Config.etc_chef_dir,
+        default_description: ChefConfig::Config.c_chef_dir
 
       property :log_directory, String,
         description: "The path of the directory to create the log file in.",

data/lib/chef/resource/chef_client_systemd_timer.rb

@@ -20,7 +20,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefClientSystemdTimer < Chef::Resource
-      unified_mode true
 
       provides :chef_client_systemd_timer
 

data/lib/chef/resource/chef_client_trusted_certificate.rb

@@ -20,7 +20,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefClientTrustedCertificate < Chef::Resource
-      unified_mode true
 
       provides :chef_client_trusted_certificate
 

data/lib/chef/resource/chef_gem.rb

@@ -23,7 +23,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefGem < Chef::Resource::Package::GemPackage
-      unified_mode true
       provides :chef_gem
 
       description <<~DESC

data/lib/chef/resource/chef_handler.rb

@@ -21,7 +21,6 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefHandler < Chef::Resource
-      unified_mode true
 
       provides(:chef_handler) { true }
 

data/lib/chef/resource/chef_sleep.rb

@@ -22,8 +22,6 @@ class Chef
     class ChefSleep < Chef::Resource
       provides :chef_sleep
 
-      unified_mode true
-
       description "Use the **chef_sleep** resource to pause (sleep) for a number of seconds during a #{ChefUtils::Dist::Infra::PRODUCT} run. Only use this resource when a command or service exits successfully but is not ready for the next step in a recipe."
       introduced "15.5"
       examples <<~DOC
@@ -47,7 +45,7 @@ class Chef
         service 'Service that is slow to start and reports as started' do
           service_name 'my_database'
           action :start
-          notifies :sleep, chef_sleep['wait for service start']
+          notifies :sleep, 'chef_sleep[wait for service start]'
         end
 
         chef_sleep 'wait for service start' do