chef 18.0.185-x64-mingw-ucrt → 18.1.29-x64-mingw-ucrt

data/spec/unit/http/authenticator_spec.rb

@@ -18,6 +18,9 @@
 
 require "spec_helper"
 require "chef/http/authenticator"
+require "chef/mixin/powershell_exec"
+
+require_relative "../../../lib/chef/win32/registry"
 
 describe Chef::HTTP::Authenticator, :windows_only do
   let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
@@ -28,7 +31,7 @@ describe Chef::HTTP::Authenticator, :windows_only do
   let(:node_name) { "test" }
   let(:passwrd) { "some_insecure_password" }
 
-  before do
+  before(:each) do
     Chef::Config[:node_name] = node_name
     cert_name = "chef-#{node_name}"
     d = Time.now
@@ -36,6 +39,7 @@ describe Chef::HTTP::Authenticator, :windows_only do
     end_date = end_date.utc.iso8601
 
     my_client = Chef::Client.new
+    class_instance.get_cert_password
     pfx = my_client.generate_pfx_package(cert_name, end_date)
     my_client.import_pfx_to_store(pfx)
   end
@@ -47,10 +51,21 @@ describe Chef::HTTP::Authenticator, :windows_only do
     delete_certificate(cert_name)
   end
 
-  context "when retrieving a certificate from the certificate store" do
+  context "when retrieving a certificate from the certificate store it" do
+    it "properly creates the password hive in the registry when it doesn't exist" do
+      delete_registry_hive
+      class_instance.get_cert_password
+      win32registry = Chef::Win32::Registry.new
+      expected_path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+      path_created = win32registry.key_exists?(expected_path)
+      expect(path_created).to be(true)
+    end
+
     it "retrieves a certificate password from the registry when the hive does not already exist" do
       delete_registry_hive
+      password = class_instance.get_cert_password
       expect { class_instance.get_cert_password }.not_to raise_error
+      expect(password).not_to be(nil)
     end
 
     it "should return a password of at least 14 characters in length" do
@@ -58,7 +73,27 @@ describe Chef::HTTP::Authenticator, :windows_only do
       expect(password.length).to eql(14)
     end
 
-    it "correctly retrieves a valid certificate in pem format from the certstore" do
+    it "will retrieve a password from a partial registry hive and upgrades it while using the old decryptor" do
+      delete_registry_hive
+      load_partial_registry_hive
+      password = class_instance.get_cert_password
+      expect(password).to eql(passwrd)
+    end
+
+    it "verifies that the new password is now using a vector" do
+      win32registry = Chef::Win32::Registry.new
+      path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+      password_blob = win32registry.get_values(path)
+      if password_blob.nil? || password_blob.empty?
+        raise Chef::Exceptions::Win32RegKeyMissing
+      end
+
+      raw_data = password_blob.map { |x| x[:data] }
+      vector = raw_data[2]
+      expect(vector).not_to be(nil)
+    end
+
+    it "correctly retrieves a valid certificate in pem format from the LocalMachine certstore" do
       require "openssl"
       certificate = class_instance.retrieve_certificate_key(node_name)
       cert_object = OpenSSL::PKey::RSA.new(certificate)
@@ -66,21 +101,39 @@ describe Chef::HTTP::Authenticator, :windows_only do
     end
   end
 
-  def delete_certificate(cert_name)
+  def load_partial_registry_hive
+    extend Chef::Mixin::PowershellExec
+    password = "some_insecure_password"
     powershell_code = <<~CODE
-      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+      $encrypted_string = ConvertTo-SecureString "#{password}" -AsPlainText -Force
+      $secure_string = ConvertFrom-SecureString $encrypted_string
+      return $secure_string
     CODE
-    powershell_exec!(powershell_code)
+    encrypted_pass = powershell_exec!(powershell_code).result
+    Chef::Config[:auth_key_registry_type] == "user" ? store = "HKEY_CURRENT_USER" : store = "HKEY_LOCAL_MACHINE"
+    hive_path = "#{store}\\Software\\Progress\\Authentication"
+    win32registry = Chef::Win32::Registry.new
+    unless win32registry.key_exists?(hive_path)
+      win32registry.create_key(hive_path, true)
+    end
+    values = { name: "PfxPass", type: :string, data: encrypted_pass }
+    win32registry.set_value(hive_path, values)
   end
 
   def delete_registry_hive
-    @win32registry = Chef::Win32::Registry.new
-    path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
-    present = @win32registry.get_values(path)
-    unless present.nil? || present.empty?
-      @win32registry.delete_key(path, true)
+    win32registry = Chef::Win32::Registry.new
+    hive_path = "HKEY_LOCAL_MACHINE\\Software\\Progress"
+    if win32registry.key_exists?(hive_path)
+      win32registry.delete_key(hive_path, true)
     end
   end
+
+  def delete_certificate(cert_name)
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
 end
 
 describe Chef::HTTP::Authenticator do

data/spec/unit/property/validation_spec.rb

@@ -600,6 +600,36 @@ describe "Chef::Resource.property validation" do
       it "does not fail if it is not specified, on running the doit2 action" do
         expect { resource.run_action(:doit2) }.not_to raise_error
       end
+
+      context "when an action does not require it" do
+        before do
+          resource.action(:doit2)
+        end
+
+        it "retrieval succeeds if x is not set when resource uses the doit2 action" do
+          expect { resource.x }.not_to raise_error
+        end
+
+        it "succeeds with set to nil when resource uses the doit2 action" do
+          expect { resource.x nil }.not_to raise_error
+        end
+      end
+
+      context "when an action requires it" do
+        before do
+          # NOTE: this is already the default action, but it doesn't
+          # hurt to be clear about the situation.
+          resource.action(:doit)
+        end
+
+        it "if x is not specified, retrieval fails for the doit action" do
+          expect { resource.x }.to raise_error Chef::Exceptions::ValidationFailed
+        end
+
+        it "value nil is not valid for the doit action (required means 'not nil')" do
+          expect { resource.x nil }.to raise_error Chef::Exceptions::ValidationFailed
+        end
+      end
     end
 
     with_property ":x, String, required: true" do

data/spec/unit/provider/apt_repository_spec.rb

@@ -82,6 +82,15 @@ C5986B4F1257FFA86632CBA746181433FBB75451
 843938DF228D22F7B3742BC0D94AA3F0EFE21092}
   end
 
+  let(:apt_public_keys) do
+    %w{
+      pub:-:1024:17:40976EAF437D05B5:2004-09-12
+      pub:-:1024:17:46181433FBB75451:2004-12-30
+      pub:-:4096:1:3B4FE6ACC0B21F32:2012-05-11
+      pub:-:4096:1:D94AA3F0EFE21092:2012-05-11
+    }
+  end
+
   it "responds to load_current_resource" do
     expect(provider).to respond_to(:load_current_resource)
   end
@@ -113,6 +122,18 @@ C5986B4F1257FFA86632CBA746181433FBB75451
     end
   end
 
+  describe "#extract_public_keys_from_cmd" do
+    it "runs the desired command" do
+      expect(provider).to receive(:shell_out).and_return(apt_key_finger)
+      provider.extract_public_keys_from_cmd(*apt_key_finger_cmd)
+    end
+
+    it "returns a list of key fingerprints" do
+      expect(provider).to receive(:shell_out).and_return(apt_key_finger)
+      expect(provider.extract_public_keys_from_cmd(*apt_key_finger_cmd)).to eql(apt_public_keys)
+    end
+  end
+
   describe "#cookbook_name" do
     it "returns 'test' when the cookbook property is set" do
       new_resource.cookbook("test")
@@ -122,22 +143,22 @@ C5986B4F1257FFA86632CBA746181433FBB75451
 
   describe "#no_new_keys?" do
     before do
-      allow(provider).to receive(:extract_fingerprints_from_cmd).with(*apt_key_finger_cmd).and_return(apt_fingerprints)
+      allow(provider).to receive(:extract_public_keys_from_cmd).with(*apt_key_finger_cmd).and_return(apt_public_keys)
     end
 
     let(:file) { "/tmp/remote-gpg-keyfile" }
 
     it "matches a set of keys" do
-      allow(provider).to receive(:extract_fingerprints_from_cmd)
+      allow(provider).to receive(:extract_public_keys_from_cmd)
         .with("gpg", "--with-fingerprint", "--with-colons", file)
-        .and_return(Array(apt_fingerprints.first))
+        .and_return([apt_public_keys.first])
       expect(provider.no_new_keys?(file)).to be_truthy
     end
 
     it "notices missing keys" do
-      allow(provider).to receive(:extract_fingerprints_from_cmd)
+      allow(provider).to receive(:extract_public_keys_from_cmd)
         .with("gpg", "--with-fingerprint", "--with-colons", file)
-        .and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
+        .and_return(%w{pub:-:4096:1:871920D1991BC93C:1537196506})
       expect(provider.no_new_keys?(file)).to be_falsey
     end
   end

data/spec/unit/resource/yum_repository_spec.rb

@@ -68,6 +68,10 @@ describe Chef::Resource::YumRepository do
     expect(resource.make_cache).to eql(true)
   end
 
+  it "makecache_fast property defaults to false" do
+    expect(resource.makecache_fast).to eql(false)
+  end
+
   it "mode property defaults to '0644'" do
     expect(resource.mode).to eql("0644")
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 18.0.185
+  version: 18.1.29
 platform: x64-mingw-ucrt
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-11-15 00:00:00.000000000 Z
+date: 2023-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.0.185
+        version: 18.1.29
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.0.185
+        version: 18.1.29
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.0.185
+        version: 18.1.29
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.0.185
+        version: 18.1.29
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -336,20 +336,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.1.3
 - !ruby/object:Gem::Dependency
   name: chef-zero
   requirement: !ruby/object:Gem::Requirement
@@ -483,19 +483,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.3.4
 - !ruby/object:Gem::Dependency
-  name: proxifier
+  name: proxifier2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-s3
   requirement: !ruby/object:Gem::Requirement
@@ -734,7 +734,6 @@ files:
 - Rakefile
 - chef-universal-mingw-ucrt.gemspec
 - chef.gemspec
-- distro/powershell/chef/chef.psm1
 - distro/ruby_bin_folder/AMD64/Chef.PowerShell.Wrapper.dll
 - distro/ruby_bin_folder/AMD64/Chef.PowerShell.dll
 - distro/ruby_bin_folder/AMD64/Ijwhost.dll
@@ -2515,6 +2514,13 @@ files:
 - spec/functional/assets/mytest-1.0-1.noarch.rpm
 - spec/functional/assets/mytest-2.0-1.noarch.rpm
 - spec/functional/assets/testchefsubsys
+- spec/functional/assets/yumrepo-empty/repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2
+- spec/functional/assets/yumrepo-empty/repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz
+- spec/functional/assets/yumrepo-empty/repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2
+- spec/functional/assets/yumrepo-empty/repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz
+- spec/functional/assets/yumrepo-empty/repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2
+- spec/functional/assets/yumrepo-empty/repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz
+- spec/functional/assets/yumrepo-empty/repodata/repomd.xml
 - spec/functional/assets/yumrepo/chef_rpm-1.10-1.aarch64.rpm
 - spec/functional/assets/yumrepo/chef_rpm-1.10-1.i686.rpm
 - spec/functional/assets/yumrepo/chef_rpm-1.10-1.ppc64.rpm
@@ -2635,6 +2641,7 @@ files:
 - spec/functional/win32/versions_spec.rb
 - spec/integration/client/client_spec.rb
 - spec/integration/client/exit_code_spec.rb
+- spec/integration/client/fips_spec.rb
 - spec/integration/client/ipv6_spec.rb
 - spec/integration/compliance/compliance_spec.rb
 - spec/integration/ohai/ohai_spec.rb