chef 18.0.185-x64-mingw-ucrt → 18.1.29-x64-mingw-ucrt

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +0 -3
  3. data/chef.gemspec +3 -2
  4. data/lib/chef/application/base.rb +18 -2
  5. data/lib/chef/chef_fs/file_system.rb +21 -7
  6. data/lib/chef/client.rb +23 -6
  7. data/lib/chef/http/authenticator.rb +117 -34
  8. data/lib/chef/mixin/proxified_socket.rb +1 -1
  9. data/lib/chef/property.rb +8 -3
  10. data/lib/chef/provider/launchd.rb +1 -0
  11. data/lib/chef/provider/package/yum/yum_helper.py +5 -17
  12. data/lib/chef/provider/yum_repository.rb +13 -1
  13. data/lib/chef/resource/apt_repository.rb +20 -2
  14. data/lib/chef/resource/bash.rb +13 -0
  15. data/lib/chef/resource/dsc_script.rb +1 -1
  16. data/lib/chef/resource/launchd.rb +4 -1
  17. data/lib/chef/resource/macos_userdefaults.rb +3 -3
  18. data/lib/chef/resource/rhsm_register.rb +2 -1
  19. data/lib/chef/resource/selinux_fcontext.rb +1 -1
  20. data/lib/chef/resource/selinux_permissive.rb +1 -1
  21. data/lib/chef/resource/selinux_port.rb +1 -1
  22. data/lib/chef/resource/selinux_state.rb +1 -1
  23. data/lib/chef/resource/service.rb +1 -1
  24. data/lib/chef/resource/user.rb +2 -2
  25. data/lib/chef/resource/windows_user_privilege.rb +14 -10
  26. data/lib/chef/resource/yum_repository.rb +4 -0
  27. data/lib/chef/version.rb +1 -1
  28. data/spec/functional/assets/yumrepo-empty/repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2 +0 -0
  29. data/spec/functional/assets/yumrepo-empty/repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz +0 -0
  30. data/spec/functional/assets/yumrepo-empty/repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2 +0 -0
  31. data/spec/functional/assets/yumrepo-empty/repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz +0 -0
  32. data/spec/functional/assets/yumrepo-empty/repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2 +0 -0
  33. data/spec/functional/assets/yumrepo-empty/repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz +0 -0
  34. data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml +55 -0
  35. data/spec/functional/resource/yum_package_spec.rb +16 -0
  36. data/spec/integration/client/client_spec.rb +22 -16
  37. data/spec/integration/client/fips_spec.rb +20 -0
  38. data/spec/spec_helper.rb +4 -0
  39. data/spec/support/platform_helpers.rb +4 -0
  40. data/spec/unit/chef_fs/file_system_spec.rb +2 -0
  41. data/spec/unit/client_spec.rb +26 -2
  42. data/spec/unit/compliance/runner_spec.rb +8 -0
  43. data/spec/unit/http/authenticator_spec.rb +64 -11
  44. data/spec/unit/property/validation_spec.rb +30 -0
  45. data/spec/unit/provider/apt_repository_spec.rb +26 -5
  46. data/spec/unit/resource/yum_repository_spec.rb +4 -0
  47. metadata +21 -14
  48. data/distro/powershell/chef/chef.psm1 +0 -459
@@ -18,6 +18,9 @@
18
18
 
19
19
  require "spec_helper"
20
20
  require "chef/http/authenticator"
21
+ require "chef/mixin/powershell_exec"
22
+
23
+ require_relative "../../../lib/chef/win32/registry"
21
24
 
22
25
  describe Chef::HTTP::Authenticator, :windows_only do
23
26
  let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
@@ -28,7 +31,7 @@ describe Chef::HTTP::Authenticator, :windows_only do
28
31
  let(:node_name) { "test" }
29
32
  let(:passwrd) { "some_insecure_password" }
30
33
 
31
- before do
34
+ before(:each) do
32
35
  Chef::Config[:node_name] = node_name
33
36
  cert_name = "chef-#{node_name}"
34
37
  d = Time.now
@@ -36,6 +39,7 @@ describe Chef::HTTP::Authenticator, :windows_only do
36
39
  end_date = end_date.utc.iso8601
37
40
 
38
41
  my_client = Chef::Client.new
42
+ class_instance.get_cert_password
39
43
  pfx = my_client.generate_pfx_package(cert_name, end_date)
40
44
  my_client.import_pfx_to_store(pfx)
41
45
  end
@@ -47,10 +51,21 @@ describe Chef::HTTP::Authenticator, :windows_only do
47
51
  delete_certificate(cert_name)
48
52
  end
49
53
 
50
- context "when retrieving a certificate from the certificate store" do
54
+ context "when retrieving a certificate from the certificate store it" do
55
+ it "properly creates the password hive in the registry when it doesn't exist" do
56
+ delete_registry_hive
57
+ class_instance.get_cert_password
58
+ win32registry = Chef::Win32::Registry.new
59
+ expected_path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
60
+ path_created = win32registry.key_exists?(expected_path)
61
+ expect(path_created).to be(true)
62
+ end
63
+
51
64
  it "retrieves a certificate password from the registry when the hive does not already exist" do
52
65
  delete_registry_hive
66
+ password = class_instance.get_cert_password
53
67
  expect { class_instance.get_cert_password }.not_to raise_error
68
+ expect(password).not_to be(nil)
54
69
  end
55
70
 
56
71
  it "should return a password of at least 14 characters in length" do
@@ -58,7 +73,27 @@ describe Chef::HTTP::Authenticator, :windows_only do
58
73
  expect(password.length).to eql(14)
59
74
  end
60
75
 
61
- it "correctly retrieves a valid certificate in pem format from the certstore" do
76
+ it "will retrieve a password from a partial registry hive and upgrades it while using the old decryptor" do
77
+ delete_registry_hive
78
+ load_partial_registry_hive
79
+ password = class_instance.get_cert_password
80
+ expect(password).to eql(passwrd)
81
+ end
82
+
83
+ it "verifies that the new password is now using a vector" do
84
+ win32registry = Chef::Win32::Registry.new
85
+ path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
86
+ password_blob = win32registry.get_values(path)
87
+ if password_blob.nil? || password_blob.empty?
88
+ raise Chef::Exceptions::Win32RegKeyMissing
89
+ end
90
+
91
+ raw_data = password_blob.map { |x| x[:data] }
92
+ vector = raw_data[2]
93
+ expect(vector).not_to be(nil)
94
+ end
95
+
96
+ it "correctly retrieves a valid certificate in pem format from the LocalMachine certstore" do
62
97
  require "openssl"
63
98
  certificate = class_instance.retrieve_certificate_key(node_name)
64
99
  cert_object = OpenSSL::PKey::RSA.new(certificate)
@@ -66,21 +101,39 @@ describe Chef::HTTP::Authenticator, :windows_only do
66
101
  end
67
102
  end
68
103
 
69
- def delete_certificate(cert_name)
104
+ def load_partial_registry_hive
105
+ extend Chef::Mixin::PowershellExec
106
+ password = "some_insecure_password"
70
107
  powershell_code = <<~CODE
71
- Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
108
+ $encrypted_string = ConvertTo-SecureString "#{password}" -AsPlainText -Force
109
+ $secure_string = ConvertFrom-SecureString $encrypted_string
110
+ return $secure_string
72
111
  CODE
73
- powershell_exec!(powershell_code)
112
+ encrypted_pass = powershell_exec!(powershell_code).result
113
+ Chef::Config[:auth_key_registry_type] == "user" ? store = "HKEY_CURRENT_USER" : store = "HKEY_LOCAL_MACHINE"
114
+ hive_path = "#{store}\\Software\\Progress\\Authentication"
115
+ win32registry = Chef::Win32::Registry.new
116
+ unless win32registry.key_exists?(hive_path)
117
+ win32registry.create_key(hive_path, true)
118
+ end
119
+ values = { name: "PfxPass", type: :string, data: encrypted_pass }
120
+ win32registry.set_value(hive_path, values)
74
121
  end
75
122
 
76
123
  def delete_registry_hive
77
- @win32registry = Chef::Win32::Registry.new
78
- path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
79
- present = @win32registry.get_values(path)
80
- unless present.nil? || present.empty?
81
- @win32registry.delete_key(path, true)
124
+ win32registry = Chef::Win32::Registry.new
125
+ hive_path = "HKEY_LOCAL_MACHINE\\Software\\Progress"
126
+ if win32registry.key_exists?(hive_path)
127
+ win32registry.delete_key(hive_path, true)
82
128
  end
83
129
  end
130
+
131
+ def delete_certificate(cert_name)
132
+ powershell_code = <<~CODE
133
+ Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
134
+ CODE
135
+ powershell_exec!(powershell_code)
136
+ end
84
137
  end
85
138
 
86
139
  describe Chef::HTTP::Authenticator do
@@ -600,6 +600,36 @@ describe "Chef::Resource.property validation" do
600
600
  it "does not fail if it is not specified, on running the doit2 action" do
601
601
  expect { resource.run_action(:doit2) }.not_to raise_error
602
602
  end
603
+
604
+ context "when an action does not require it" do
605
+ before do
606
+ resource.action(:doit2)
607
+ end
608
+
609
+ it "retrieval succeeds if x is not set when resource uses the doit2 action" do
610
+ expect { resource.x }.not_to raise_error
611
+ end
612
+
613
+ it "succeeds with set to nil when resource uses the doit2 action" do
614
+ expect { resource.x nil }.not_to raise_error
615
+ end
616
+ end
617
+
618
+ context "when an action requires it" do
619
+ before do
620
+ # NOTE: this is already the default action, but it doesn't
621
+ # hurt to be clear about the situation.
622
+ resource.action(:doit)
623
+ end
624
+
625
+ it "if x is not specified, retrieval fails for the doit action" do
626
+ expect { resource.x }.to raise_error Chef::Exceptions::ValidationFailed
627
+ end
628
+
629
+ it "value nil is not valid for the doit action (required means 'not nil')" do
630
+ expect { resource.x nil }.to raise_error Chef::Exceptions::ValidationFailed
631
+ end
632
+ end
603
633
  end
604
634
 
605
635
  with_property ":x, String, required: true" do
@@ -82,6 +82,15 @@ C5986B4F1257FFA86632CBA746181433FBB75451
82
82
  843938DF228D22F7B3742BC0D94AA3F0EFE21092}
83
83
  end
84
84
 
85
+ let(:apt_public_keys) do
86
+ %w{
87
+ pub:-:1024:17:40976EAF437D05B5:2004-09-12
88
+ pub:-:1024:17:46181433FBB75451:2004-12-30
89
+ pub:-:4096:1:3B4FE6ACC0B21F32:2012-05-11
90
+ pub:-:4096:1:D94AA3F0EFE21092:2012-05-11
91
+ }
92
+ end
93
+
85
94
  it "responds to load_current_resource" do
86
95
  expect(provider).to respond_to(:load_current_resource)
87
96
  end
@@ -113,6 +122,18 @@ C5986B4F1257FFA86632CBA746181433FBB75451
113
122
  end
114
123
  end
115
124
 
125
+ describe "#extract_public_keys_from_cmd" do
126
+ it "runs the desired command" do
127
+ expect(provider).to receive(:shell_out).and_return(apt_key_finger)
128
+ provider.extract_public_keys_from_cmd(*apt_key_finger_cmd)
129
+ end
130
+
131
+ it "returns a list of key fingerprints" do
132
+ expect(provider).to receive(:shell_out).and_return(apt_key_finger)
133
+ expect(provider.extract_public_keys_from_cmd(*apt_key_finger_cmd)).to eql(apt_public_keys)
134
+ end
135
+ end
136
+
116
137
  describe "#cookbook_name" do
117
138
  it "returns 'test' when the cookbook property is set" do
118
139
  new_resource.cookbook("test")
@@ -122,22 +143,22 @@ C5986B4F1257FFA86632CBA746181433FBB75451
122
143
 
123
144
  describe "#no_new_keys?" do
124
145
  before do
125
- allow(provider).to receive(:extract_fingerprints_from_cmd).with(*apt_key_finger_cmd).and_return(apt_fingerprints)
146
+ allow(provider).to receive(:extract_public_keys_from_cmd).with(*apt_key_finger_cmd).and_return(apt_public_keys)
126
147
  end
127
148
 
128
149
  let(:file) { "/tmp/remote-gpg-keyfile" }
129
150
 
130
151
  it "matches a set of keys" do
131
- allow(provider).to receive(:extract_fingerprints_from_cmd)
152
+ allow(provider).to receive(:extract_public_keys_from_cmd)
132
153
  .with("gpg", "--with-fingerprint", "--with-colons", file)
133
- .and_return(Array(apt_fingerprints.first))
154
+ .and_return([apt_public_keys.first])
134
155
  expect(provider.no_new_keys?(file)).to be_truthy
135
156
  end
136
157
 
137
158
  it "notices missing keys" do
138
- allow(provider).to receive(:extract_fingerprints_from_cmd)
159
+ allow(provider).to receive(:extract_public_keys_from_cmd)
139
160
  .with("gpg", "--with-fingerprint", "--with-colons", file)
140
- .and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
161
+ .and_return(%w{pub:-:4096:1:871920D1991BC93C:1537196506})
141
162
  expect(provider.no_new_keys?(file)).to be_falsey
142
163
  end
143
164
  end
@@ -68,6 +68,10 @@ describe Chef::Resource::YumRepository do
68
68
  expect(resource.make_cache).to eql(true)
69
69
  end
70
70
 
71
+ it "makecache_fast property defaults to false" do
72
+ expect(resource.makecache_fast).to eql(false)
73
+ end
74
+
71
75
  it "mode property defaults to '0644'" do
72
76
  expect(resource.mode).to eql("0644")
73
77
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 18.0.185
4
+ version: 18.1.29
5
5
  platform: x64-mingw-ucrt
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-15 00:00:00.000000000 Z
11
+ date: 2023-03-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 18.0.185
19
+ version: 18.1.29
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 18.0.185
26
+ version: 18.1.29
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: chef-utils
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 18.0.185
33
+ version: 18.1.29
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 18.0.185
40
+ version: 18.1.29
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: train-core
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -336,20 +336,20 @@ dependencies:
336
336
  requirements:
337
337
  - - "~>"
338
338
  - !ruby/object:Gem::Version
339
- version: '1.0'
339
+ version: '1.1'
340
340
  - - ">="
341
341
  - !ruby/object:Gem::Version
342
- version: 1.0.3
342
+ version: 1.1.3
343
343
  type: :runtime
344
344
  prerelease: false
345
345
  version_requirements: !ruby/object:Gem::Requirement
346
346
  requirements:
347
347
  - - "~>"
348
348
  - !ruby/object:Gem::Version
349
- version: '1.0'
349
+ version: '1.1'
350
350
  - - ">="
351
351
  - !ruby/object:Gem::Version
352
- version: 1.0.3
352
+ version: 1.1.3
353
353
  - !ruby/object:Gem::Dependency
354
354
  name: chef-zero
355
355
  requirement: !ruby/object:Gem::Requirement
@@ -483,19 +483,19 @@ dependencies:
483
483
  - !ruby/object:Gem::Version
484
484
  version: 0.3.4
485
485
  - !ruby/object:Gem::Dependency
486
- name: proxifier
486
+ name: proxifier2
487
487
  requirement: !ruby/object:Gem::Requirement
488
488
  requirements:
489
489
  - - "~>"
490
490
  - !ruby/object:Gem::Version
491
- version: '1.0'
491
+ version: '1.1'
492
492
  type: :runtime
493
493
  prerelease: false
494
494
  version_requirements: !ruby/object:Gem::Requirement
495
495
  requirements:
496
496
  - - "~>"
497
497
  - !ruby/object:Gem::Version
498
- version: '1.0'
498
+ version: '1.1'
499
499
  - !ruby/object:Gem::Dependency
500
500
  name: aws-sdk-s3
501
501
  requirement: !ruby/object:Gem::Requirement
@@ -734,7 +734,6 @@ files:
734
734
  - Rakefile
735
735
  - chef-universal-mingw-ucrt.gemspec
736
736
  - chef.gemspec
737
- - distro/powershell/chef/chef.psm1
738
737
  - distro/ruby_bin_folder/AMD64/Chef.PowerShell.Wrapper.dll
739
738
  - distro/ruby_bin_folder/AMD64/Chef.PowerShell.dll
740
739
  - distro/ruby_bin_folder/AMD64/Ijwhost.dll
@@ -2515,6 +2514,13 @@ files:
2515
2514
  - spec/functional/assets/mytest-1.0-1.noarch.rpm
2516
2515
  - spec/functional/assets/mytest-2.0-1.noarch.rpm
2517
2516
  - spec/functional/assets/testchefsubsys
2517
+ - spec/functional/assets/yumrepo-empty/repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2
2518
+ - spec/functional/assets/yumrepo-empty/repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz
2519
+ - spec/functional/assets/yumrepo-empty/repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2
2520
+ - spec/functional/assets/yumrepo-empty/repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz
2521
+ - spec/functional/assets/yumrepo-empty/repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2
2522
+ - spec/functional/assets/yumrepo-empty/repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz
2523
+ - spec/functional/assets/yumrepo-empty/repodata/repomd.xml
2518
2524
  - spec/functional/assets/yumrepo/chef_rpm-1.10-1.aarch64.rpm
2519
2525
  - spec/functional/assets/yumrepo/chef_rpm-1.10-1.i686.rpm
2520
2526
  - spec/functional/assets/yumrepo/chef_rpm-1.10-1.ppc64.rpm
@@ -2635,6 +2641,7 @@ files:
2635
2641
  - spec/functional/win32/versions_spec.rb
2636
2642
  - spec/integration/client/client_spec.rb
2637
2643
  - spec/integration/client/exit_code_spec.rb
2644
+ - spec/integration/client/fips_spec.rb
2638
2645
  - spec/integration/client/ipv6_spec.rb
2639
2646
  - spec/integration/compliance/compliance_spec.rb
2640
2647
  - spec/integration/ohai/ohai_spec.rb