chef 18.0.185-x64-mingw-ucrt → 18.1.29-x64-mingw-ucrt

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +0 -3
  3. data/chef.gemspec +3 -2
  4. data/lib/chef/application/base.rb +18 -2
  5. data/lib/chef/chef_fs/file_system.rb +21 -7
  6. data/lib/chef/client.rb +23 -6
  7. data/lib/chef/http/authenticator.rb +117 -34
  8. data/lib/chef/mixin/proxified_socket.rb +1 -1
  9. data/lib/chef/property.rb +8 -3
  10. data/lib/chef/provider/launchd.rb +1 -0
  11. data/lib/chef/provider/package/yum/yum_helper.py +5 -17
  12. data/lib/chef/provider/yum_repository.rb +13 -1
  13. data/lib/chef/resource/apt_repository.rb +20 -2
  14. data/lib/chef/resource/bash.rb +13 -0
  15. data/lib/chef/resource/dsc_script.rb +1 -1
  16. data/lib/chef/resource/launchd.rb +4 -1
  17. data/lib/chef/resource/macos_userdefaults.rb +3 -3
  18. data/lib/chef/resource/rhsm_register.rb +2 -1
  19. data/lib/chef/resource/selinux_fcontext.rb +1 -1
  20. data/lib/chef/resource/selinux_permissive.rb +1 -1
  21. data/lib/chef/resource/selinux_port.rb +1 -1
  22. data/lib/chef/resource/selinux_state.rb +1 -1
  23. data/lib/chef/resource/service.rb +1 -1
  24. data/lib/chef/resource/user.rb +2 -2
  25. data/lib/chef/resource/windows_user_privilege.rb +14 -10
  26. data/lib/chef/resource/yum_repository.rb +4 -0
  27. data/lib/chef/version.rb +1 -1
  28. data/spec/functional/assets/yumrepo-empty/repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2 +0 -0
  29. data/spec/functional/assets/yumrepo-empty/repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz +0 -0
  30. data/spec/functional/assets/yumrepo-empty/repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2 +0 -0
  31. data/spec/functional/assets/yumrepo-empty/repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz +0 -0
  32. data/spec/functional/assets/yumrepo-empty/repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2 +0 -0
  33. data/spec/functional/assets/yumrepo-empty/repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz +0 -0
  34. data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml +55 -0
  35. data/spec/functional/resource/yum_package_spec.rb +16 -0
  36. data/spec/integration/client/client_spec.rb +22 -16
  37. data/spec/integration/client/fips_spec.rb +20 -0
  38. data/spec/spec_helper.rb +4 -0
  39. data/spec/support/platform_helpers.rb +4 -0
  40. data/spec/unit/chef_fs/file_system_spec.rb +2 -0
  41. data/spec/unit/client_spec.rb +26 -2
  42. data/spec/unit/compliance/runner_spec.rb +8 -0
  43. data/spec/unit/http/authenticator_spec.rb +64 -11
  44. data/spec/unit/property/validation_spec.rb +30 -0
  45. data/spec/unit/provider/apt_repository_spec.rb +26 -5
  46. data/spec/unit/resource/yum_repository_spec.rb +4 -0
  47. metadata +21 -14
  48. data/distro/powershell/chef/chef.psm1 +0 -459
data/spec/unit/http/authenticator_spec.rb CHANGED
@@ -18,6 +18,9 @@
18
18
 
19
19
  require "spec_helper"
20
20
  require "chef/http/authenticator"
21
+ require "chef/mixin/powershell_exec"
22
+
23
+ require_relative "../../../lib/chef/win32/registry"
21
24
 
22
25
  describe Chef::HTTP::Authenticator, :windows_only do
23
26
  let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
@@ -28,7 +31,7 @@ describe Chef::HTTP::Authenticator, :windows_only do
28
31
  let(:node_name) { "test" }
29
32
  let(:passwrd) { "some_insecure_password" }
30
33
 
31
- before do
34
+ before(:each) do
32
35
  Chef::Config[:node_name] = node_name
33
36
  cert_name = "chef-#{node_name}"
34
37
  d = Time.now
@@ -36,6 +39,7 @@ describe Chef::HTTP::Authenticator, :windows_only do
36
39
  end_date = end_date.utc.iso8601
37
40
 
38
41
  my_client = Chef::Client.new
42
+ class_instance.get_cert_password
39
43
  pfx = my_client.generate_pfx_package(cert_name, end_date)
40
44
  my_client.import_pfx_to_store(pfx)
41
45
  end
@@ -47,10 +51,21 @@ describe Chef::HTTP::Authenticator, :windows_only do
47
51
  delete_certificate(cert_name)
48
52
  end
49
53
 
50
- context "when retrieving a certificate from the certificate store" do
54
+ context "when retrieving a certificate from the certificate store it" do
55
+ it "properly creates the password hive in the registry when it doesn't exist" do
56
+ delete_registry_hive
57
+ class_instance.get_cert_password
58
+ win32registry = Chef::Win32::Registry.new
59
+ expected_path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
60
+ path_created = win32registry.key_exists?(expected_path)
61
+ expect(path_created).to be(true)
62
+ end
63
+
51
64
  it "retrieves a certificate password from the registry when the hive does not already exist" do
52
65
  delete_registry_hive
66
+ password = class_instance.get_cert_password
53
67
  expect { class_instance.get_cert_password }.not_to raise_error
68
+ expect(password).not_to be(nil)
54
69
  end
55
70
 
56
71
  it "should return a password of at least 14 characters in length" do
@@ -58,7 +73,27 @@ describe Chef::HTTP::Authenticator, :windows_only do
58
73
  expect(password.length).to eql(14)
59
74
  end
60
75
 
61
- it "correctly retrieves a valid certificate in pem format from the certstore" do
76
+ it "will retrieve a password from a partial registry hive and upgrades it while using the old decryptor" do
77
+ delete_registry_hive
78
+ load_partial_registry_hive
79
+ password = class_instance.get_cert_password
80
+ expect(password).to eql(passwrd)
81
+ end
82
+
83
+ it "verifies that the new password is now using a vector" do
84
+ win32registry = Chef::Win32::Registry.new
85
+ path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
86
+ password_blob = win32registry.get_values(path)
87
+ if password_blob.nil? || password_blob.empty?
88
+ raise Chef::Exceptions::Win32RegKeyMissing
89
+ end
90
+
91
+ raw_data = password_blob.map { |x| x[:data] }
92
+ vector = raw_data[2]
93
+ expect(vector).not_to be(nil)
94
+ end
95
+
96
+ it "correctly retrieves a valid certificate in pem format from the LocalMachine certstore" do
62
97
  require "openssl"
63
98
  certificate = class_instance.retrieve_certificate_key(node_name)
64
99
  cert_object = OpenSSL::PKey::RSA.new(certificate)
@@ -66,21 +101,39 @@ describe Chef::HTTP::Authenticator, :windows_only do
66
101
  end
67
102
  end
68
103
 
69
- def delete_certificate(cert_name)
104
+ def load_partial_registry_hive
105
+ extend Chef::Mixin::PowershellExec
106
+ password = "some_insecure_password"
70
107
  powershell_code = <<~CODE
71
- Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
108
+ $encrypted_string = ConvertTo-SecureString "#{password}" -AsPlainText -Force
109
+ $secure_string = ConvertFrom-SecureString $encrypted_string
110
+ return $secure_string
72
111
  CODE
73
- powershell_exec!(powershell_code)
112
+ encrypted_pass = powershell_exec!(powershell_code).result
113
+ Chef::Config[:auth_key_registry_type] == "user" ? store = "HKEY_CURRENT_USER" : store = "HKEY_LOCAL_MACHINE"
114
+ hive_path = "#{store}\\Software\\Progress\\Authentication"
115
+ win32registry = Chef::Win32::Registry.new
116
+ unless win32registry.key_exists?(hive_path)
117
+ win32registry.create_key(hive_path, true)
118
+ end
119
+ values = { name: "PfxPass", type: :string, data: encrypted_pass }
120
+ win32registry.set_value(hive_path, values)
74
121
  end
75
122
 
76
123
  def delete_registry_hive
77
- @win32registry = Chef::Win32::Registry.new
78
- path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
79
- present = @win32registry.get_values(path)
80
- unless present.nil? || present.empty?
81
- @win32registry.delete_key(path, true)
124
+ win32registry = Chef::Win32::Registry.new
125
+ hive_path = "HKEY_LOCAL_MACHINE\\Software\\Progress"
126
+ if win32registry.key_exists?(hive_path)
127
+ win32registry.delete_key(hive_path, true)
82
128
  end
83
129
  end
130
+
131
+ def delete_certificate(cert_name)
132
+ powershell_code = <<~CODE
133
+ Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
134
+ CODE
135
+ powershell_exec!(powershell_code)
136
+ end
84
137
  end
85
138
 
86
139
  describe Chef::HTTP::Authenticator do
data/spec/unit/property/validation_spec.rb CHANGED
@@ -600,6 +600,36 @@ describe "Chef::Resource.property validation" do
600
600
  it "does not fail if it is not specified, on running the doit2 action" do
601
601
  expect { resource.run_action(:doit2) }.not_to raise_error
602
602
  end
603
+
604
+ context "when an action does not require it" do
605
+ before do
606
+ resource.action(:doit2)
607
+ end
608
+
609
+ it "retrieval succeeds if x is not set when resource uses the doit2 action" do
610
+ expect { resource.x }.not_to raise_error
611
+ end
612
+
613
+ it "succeeds with set to nil when resource uses the doit2 action" do
614
+ expect { resource.x nil }.not_to raise_error
615
+ end
616
+ end
617
+
618
+ context "when an action requires it" do
619
+ before do
620
+ # NOTE: this is already the default action, but it doesn't
621
+ # hurt to be clear about the situation.
622
+ resource.action(:doit)
623
+ end
624
+
625
+ it "if x is not specified, retrieval fails for the doit action" do
626
+ expect { resource.x }.to raise_error Chef::Exceptions::ValidationFailed
627
+ end
628
+
629
+ it "value nil is not valid for the doit action (required means 'not nil')" do
630
+ expect { resource.x nil }.to raise_error Chef::Exceptions::ValidationFailed
631
+ end
632
+ end
603
633
  end
604
634
 
605
635
  with_property ":x, String, required: true" do
data/spec/unit/provider/apt_repository_spec.rb CHANGED
@@ -82,6 +82,15 @@ C5986B4F1257FFA86632CBA746181433FBB75451
82
82
  843938DF228D22F7B3742BC0D94AA3F0EFE21092}
83
83
  end
84
84
 
85
+ let(:apt_public_keys) do
86
+ %w{
87
+ pub:-:1024:17:40976EAF437D05B5:2004-09-12
88
+ pub:-:1024:17:46181433FBB75451:2004-12-30
89
+ pub:-:4096:1:3B4FE6ACC0B21F32:2012-05-11
90
+ pub:-:4096:1:D94AA3F0EFE21092:2012-05-11
91
+ }
92
+ end
93
+
85
94
  it "responds to load_current_resource" do
86
95
  expect(provider).to respond_to(:load_current_resource)
87
96
  end
@@ -113,6 +122,18 @@ C5986B4F1257FFA86632CBA746181433FBB75451
113
122
  end
114
123
  end
115
124
 
125
+ describe "#extract_public_keys_from_cmd" do
126
+ it "runs the desired command" do
127
+ expect(provider).to receive(:shell_out).and_return(apt_key_finger)
128
+ provider.extract_public_keys_from_cmd(*apt_key_finger_cmd)
129
+ end
130
+
131
+ it "returns a list of key fingerprints" do
132
+ expect(provider).to receive(:shell_out).and_return(apt_key_finger)
133
+ expect(provider.extract_public_keys_from_cmd(*apt_key_finger_cmd)).to eql(apt_public_keys)
134
+ end
135
+ end
136
+
116
137
  describe "#cookbook_name" do
117
138
  it "returns 'test' when the cookbook property is set" do
118
139
  new_resource.cookbook("test")
@@ -122,22 +143,22 @@ C5986B4F1257FFA86632CBA746181433FBB75451
122
143
 
123
144
  describe "#no_new_keys?" do
124
145
  before do
125
- allow(provider).to receive(:extract_fingerprints_from_cmd).with(*apt_key_finger_cmd).and_return(apt_fingerprints)
146
+ allow(provider).to receive(:extract_public_keys_from_cmd).with(*apt_key_finger_cmd).and_return(apt_public_keys)
126
147
  end
127
148
 
128
149
  let(:file) { "/tmp/remote-gpg-keyfile" }
129
150
 
130
151
  it "matches a set of keys" do
131
- allow(provider).to receive(:extract_fingerprints_from_cmd)
152
+ allow(provider).to receive(:extract_public_keys_from_cmd)
132
153
  .with("gpg", "--with-fingerprint", "--with-colons", file)
133
- .and_return(Array(apt_fingerprints.first))
154
+ .and_return([apt_public_keys.first])
134
155
  expect(provider.no_new_keys?(file)).to be_truthy
135
156
  end
136
157
 
137
158
  it "notices missing keys" do
138
- allow(provider).to receive(:extract_fingerprints_from_cmd)
159
+ allow(provider).to receive(:extract_public_keys_from_cmd)
139
160
  .with("gpg", "--with-fingerprint", "--with-colons", file)
140
- .and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
161
+ .and_return(%w{pub:-:4096:1:871920D1991BC93C:1537196506})
141
162
  expect(provider.no_new_keys?(file)).to be_falsey
142
163
  end
143
164
  end
data/spec/unit/resource/yum_repository_spec.rb CHANGED
@@ -68,6 +68,10 @@ describe Chef::Resource::YumRepository do
68
68
  expect(resource.make_cache).to eql(true)
69
69
  end
70
70
 
71
+ it "makecache_fast property defaults to false" do
72
+ expect(resource.makecache_fast).to eql(false)
73
+ end
74
+
71
75
  it "mode property defaults to '0644'" do
72
76
  expect(resource.mode).to eql("0644")
73
77
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 18.0.185
4
+ version: 18.1.29
5
5
  platform: x64-mingw-ucrt
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-15 00:00:00.000000000 Z
11
+ date: 2023-03-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 18.0.185
19
+ version: 18.1.29
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 18.0.185
26
+ version: 18.1.29
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: chef-utils
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 18.0.185
33
+ version: 18.1.29
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 18.0.185
40
+ version: 18.1.29
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: train-core
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -336,20 +336,20 @@ dependencies:
336
336
  requirements:
337
337
  - - "~>"
338
338
  - !ruby/object:Gem::Version
339
- version: '1.0'
339
+ version: '1.1'
340
340
  - - ">="
341
341
  - !ruby/object:Gem::Version
342
- version: 1.0.3
342
+ version: 1.1.3
343
343
  type: :runtime
344
344
  prerelease: false
345
345
  version_requirements: !ruby/object:Gem::Requirement
346
346
  requirements:
347
347
  - - "~>"
348
348
  - !ruby/object:Gem::Version
349
- version: '1.0'
349
+ version: '1.1'
350
350
  - - ">="
351
351
  - !ruby/object:Gem::Version
352
- version: 1.0.3
352
+ version: 1.1.3
353
353
  - !ruby/object:Gem::Dependency
354
354
  name: chef-zero
355
355
  requirement: !ruby/object:Gem::Requirement
@@ -483,19 +483,19 @@ dependencies:
483
483
  - !ruby/object:Gem::Version
484
484
  version: 0.3.4
485
485
  - !ruby/object:Gem::Dependency
486
- name: proxifier
486
+ name: proxifier2
487
487
  requirement: !ruby/object:Gem::Requirement
488
488
  requirements:
489
489
  - - "~>"
490
490
  - !ruby/object:Gem::Version
491
- version: '1.0'
491
+ version: '1.1'
492
492
  type: :runtime
493
493
  prerelease: false
494
494
  version_requirements: !ruby/object:Gem::Requirement
495
495
  requirements:
496
496
  - - "~>"
497
497
  - !ruby/object:Gem::Version
498
- version: '1.0'
498
+ version: '1.1'
499
499
  - !ruby/object:Gem::Dependency
500
500
  name: aws-sdk-s3
501
501
  requirement: !ruby/object:Gem::Requirement
@@ -734,7 +734,6 @@ files:
734
734
  - Rakefile
735
735
  - chef-universal-mingw-ucrt.gemspec
736
736
  - chef.gemspec
737
- - distro/powershell/chef/chef.psm1
738
737
  - distro/ruby_bin_folder/AMD64/Chef.PowerShell.Wrapper.dll
739
738
  - distro/ruby_bin_folder/AMD64/Chef.PowerShell.dll
740
739
  - distro/ruby_bin_folder/AMD64/Ijwhost.dll
@@ -2515,6 +2514,13 @@ files:
2515
2514
  - spec/functional/assets/mytest-1.0-1.noarch.rpm
2516
2515
  - spec/functional/assets/mytest-2.0-1.noarch.rpm
2517
2516
  - spec/functional/assets/testchefsubsys
2517
+ - spec/functional/assets/yumrepo-empty/repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2
2518
+ - spec/functional/assets/yumrepo-empty/repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz
2519
+ - spec/functional/assets/yumrepo-empty/repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2
2520
+ - spec/functional/assets/yumrepo-empty/repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz
2521
+ - spec/functional/assets/yumrepo-empty/repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2
2522
+ - spec/functional/assets/yumrepo-empty/repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz
2523
+ - spec/functional/assets/yumrepo-empty/repodata/repomd.xml
2518
2524
  - spec/functional/assets/yumrepo/chef_rpm-1.10-1.aarch64.rpm
2519
2525
  - spec/functional/assets/yumrepo/chef_rpm-1.10-1.i686.rpm
2520
2526
  - spec/functional/assets/yumrepo/chef_rpm-1.10-1.ppc64.rpm
@@ -2635,6 +2641,7 @@ files:
2635
2641
  - spec/functional/win32/versions_spec.rb
2636
2642
  - spec/integration/client/client_spec.rb
2637
2643
  - spec/integration/client/exit_code_spec.rb
2644
+ - spec/integration/client/fips_spec.rb
2638
2645
  - spec/integration/client/ipv6_spec.rb
2639
2646
  - spec/integration/compliance/compliance_spec.rb
2640
2647
  - spec/integration/ohai/ohai_spec.rb