chef 18.1.29-x64-mingw-ucrt → 18.3.0-x64-mingw-ucrt

data/lib/chef/monkey_patches/net-http.rb

@@ -0,0 +1,127 @@
+if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
+  require "net/http" unless defined?(Net::HTTP)
+  # This is monkey-patch for ruby 3.1.x
+  # Due to change https://github.com/ruby/net-http/pull/10, when making net/http requests to a url which supports only IPv6 and not IPv4,
+  # ruby waits for IPv4 request to timeout first, then makes IPv6 request. This increased response time.
+  # NOTE 1: This is already reverted https://github.com/ruby/ruby/commit/f88bff770578583a708093f4a0d8b1483a1d2039 but under ruby 3.2.2
+  # NOTE 2: We are patching action `connect` from here https://github.com/ruby/ruby/blob/f88bff770578583a708093f4a0d8b1483a1d2039/lib/net/http.rb#L1000
+
+  module Net
+    class HTTP
+      def connect
+        if use_ssl?
+          # reference early to load OpenSSL before connecting,
+          # as OpenSSL may take time to load.
+          @ssl_context = OpenSSL::SSL::SSLContext.new
+        end
+
+        if proxy?
+          conn_addr = proxy_address
+          conn_port = proxy_port
+        else
+          conn_addr = conn_address
+          conn_port = port
+        end
+
+        puts "opening connection to #{conn_addr}:#{conn_port}..."
+        s = Timeout.timeout(@open_timeout, Net::OpenTimeout) {
+          begin
+            TCPSocket.open(conn_addr, conn_port, @local_host, @local_port)
+          rescue => e
+            raise e, "Failed to open TCP connection to " +
+              "#{conn_addr}:#{conn_port} (#{e.message})"
+          end
+        }
+        s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+        puts "opened"
+        if use_ssl?
+          if proxy?
+            plain_sock = BufferedIO.new(s, read_timeout: @read_timeout,
+                                        write_timeout: @write_timeout,
+                                        continue_timeout: @continue_timeout,
+                                        debug_output: @debug_output)
+            buf = "CONNECT #{conn_address}:#{@port} HTTP/#{HTTPVersion}\r\n"
+            buf << "Host: #{@address}:#{@port}\r\n"
+            if proxy_user
+              credential = ["#{proxy_user}:#{proxy_pass}"].pack("m0")
+              buf << "Proxy-Authorization: Basic #{credential}\r\n"
+            end
+            buf << "\r\n"
+            plain_sock.write(buf)
+            HTTPResponse.read_new(plain_sock).value
+            # assuming nothing left in buffers after successful CONNECT response
+          end
+
+          ssl_parameters = {}
+          iv_list = instance_variables
+          SSL_IVNAMES.each_with_index do |ivname, i|
+            if iv_list.include?(ivname)
+              value = instance_variable_get(ivname)
+              unless value.nil?
+                ssl_parameters[SSL_ATTRIBUTES[i]] = value
+              end
+            end
+          end
+          @ssl_context.set_params(ssl_parameters)
+          unless @ssl_context.session_cache_mode.nil? # a dummy method on JRuby
+            @ssl_context.session_cache_mode =
+                OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+                OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+          end
+          if @ssl_context.respond_to?(:session_new_cb) # not implemented under JRuby
+            @ssl_context.session_new_cb = proc { |sock, sess| @ssl_session = sess }
+          end
+
+          # Still do the post_connection_check below even if connecting
+          # to IP address
+          verify_hostname = @ssl_context.verify_hostname
+
+          # requiring 'resolv' near the top of the file causes registry.rb monkey patch to fail
+          # Windows 2012 R2 somehow fails to have Resolv defined unless we require it manually
+          require "resolv" unless defined?(Resolv)
+
+          # Server Name Indication (SNI) RFC 3546/6066
+          case @address
+          when ::Resolv::IPv4::Regex, ::Resolv::IPv6::Regex
+            # don't set SNI, as IP addresses in SNI is not valid
+            # per RFC 6066, section 3.
+
+            # Avoid openssl warning
+            @ssl_context.verify_hostname = false
+          else
+            ssl_host_address = @address
+          end
+
+          puts "starting SSL for #{conn_addr}:#{conn_port}..."
+          s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
+          s.sync_close = true
+          s.hostname = ssl_host_address if s.respond_to?(:hostname=) && ssl_host_address
+
+          if @ssl_session &&
+              (Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout)
+            s.session = @ssl_session
+          end
+          ssl_socket_connect(s, @open_timeout)
+          if (@ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE) && verify_hostname
+            s.post_connection_check(@address)
+          end
+          puts "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"
+        end
+        @socket = BufferedIO.new(s, read_timeout: @read_timeout,
+                                write_timeout: @write_timeout,
+                                continue_timeout: @continue_timeout,
+                                debug_output: @debug_output)
+        @last_communicated = nil
+        on_connect
+      rescue => exception
+        if s
+          puts "Conn close because of connect error #{exception}"
+          s.close
+        end
+        raise
+      end
+    end
+  end
+else
+  warn "Not applying net/http monkey patch needed for ruby 3.1"
+end

data/lib/chef/node/attribute_collections.rb

@@ -39,11 +39,19 @@ class Chef
       MUTATOR_METHODS.each do |mutator|
         define_method(mutator) do |*args, &block|
           ret = super(*args, &block)
+          # TODO: use `send_reset_cache(__path__)` for all mutator methods?
           send_reset_cache
           ret
         end
       end
 
+      def <<(obj)
+        ret = super(obj)
+        # NOTE: Expecting __path__ to be top-level attribute only
+        send_reset_cache(__path__)
+        ret
+      end
+
       def delete(key, &block)
         send_reset_cache(__path__, key)
         super

data/lib/chef/node/immutable_collections.rb

@@ -32,13 +32,16 @@ class Chef
       end
 
       def convert_value(value)
+        # The order in this case statement is *important*.
+        # ImmutableMash and ImmutableArray should be tested first,
+        # as this saves unnecessary creation of intermediate objects
         case value
+        when ImmutableMash, ImmutableArray
+          value
         when Hash
           ImmutableMash.new(value, __root__, __node__, __precedence__)
         when Array
           ImmutableArray.new(value, __root__, __node__, __precedence__)
-        when ImmutableMash, ImmutableArray
-          value
         else
           safe_dup(value).freeze
         end

data/lib/chef/node/mixin/state_tracking.rb

@@ -78,7 +78,7 @@ class Chef
 
         def send_reset_cache(path = nil, key = nil)
           next_path = [ path, key ].flatten.compact
-          __root__.reset_cache(next_path.first) if !__root__.nil? && __root__.respond_to?(:reset_cache) && !next_path.nil?
+          __root__.reset_cache(next_path.first) if !__root__.nil? && __root__.respond_to?(:reset_cache)
         end
 
         def copy_state_to(ret, next_path)

data/lib/chef/platform/query_helpers.rb

@@ -17,11 +17,14 @@
 #
 
 require "chef-utils" unless defined?(ChefUtils::CANARY)
+require_relative "../mixin/powershell_exec"
 
 class Chef
   class Platform
 
     class << self
+      include Chef::Mixin::PowershellExec
+
       def windows?
         ChefUtils.windows?
       end
@@ -58,8 +61,7 @@ class Chef
       end
 
       def dsc_refresh_mode_disabled?(node)
-        require_relative "../powershell"
-        exec = Chef::PowerShell.new("Get-DscLocalConfigurationManager")
+        exec = powershell_exec!("Get-DscLocalConfigurationManager")
         exec.error!
         exec.result["RefreshMode"] == "Disabled"
       end

data/lib/chef/provider/launchd.rb

@@ -52,7 +52,7 @@ class Chef
       end
 
       action :delete, description: "Delete a launchd property list. This will unload a daemon or agent, if loaded." do
-        if ::File.exists?(path)
+        if ::File.exist?(path)
           manage_service(:disable)
         end
         manage_plist(:delete)

data/lib/chef/provider/mount/linux.rb

@@ -39,7 +39,7 @@ class Chef
 
         def mounted?
           mounted = false
-          real_mount_point = if ::File.exists? @new_resource.mount_point
+          real_mount_point = if ::File.exist? @new_resource.mount_point
                                ::File.realpath(@new_resource.mount_point)
                              else
                                @new_resource.mount_point

data/lib/chef/provider/mount/mount.rb

@@ -42,9 +42,9 @@ class Chef
 
         def mountable?
           # only check for existence of non-remote devices
-          if device_should_exist? && !::File.exists?(device_real)
+          if device_should_exist? && !::File.exist?(device_real)
             raise Chef::Exceptions::Mount, "Device #{@new_resource.device} does not exist"
-          elsif @new_resource.mount_point != "none" && !::File.exists?(@new_resource.mount_point)
+          elsif @new_resource.mount_point != "none" && !::File.exist?(@new_resource.mount_point)
             raise Chef::Exceptions::Mount, "Mount point #{@new_resource.mount_point} does not exist"
           end
 
@@ -81,7 +81,7 @@ class Chef
           # "mount" outputs the mount points as real paths. Convert
           # the mount_point of the resource to a real path in case it
           # contains symlinks in its parents dirs.
-          real_mount_point = if ::File.exists? @new_resource.mount_point
+          real_mount_point = if ::File.exist? @new_resource.mount_point
                                ::File.realpath(@new_resource.mount_point)
                              else
                                @new_resource.mount_point
@@ -186,7 +186,7 @@ class Chef
         def device_should_exist?
           ( @new_resource.device != "none" ) &&
             ( not network_device? ) &&
-            ( not %w{ cgroup tmpfs fuse vboxsf zfs }.include? @new_resource.fstype )
+            ( not %w{ cgroup tmpfs fuse vboxsf zfs efivarfs }.include? @new_resource.fstype )
         end
 
         private
@@ -287,4 +287,4 @@ class Chef
       end
     end
   end
-end
+end

data/lib/chef/provider/package/chocolatey.rb

@@ -130,6 +130,21 @@ class Chef
         # install from, but like the rubygem provider's sources which are more like repos.
         def check_resource_semantics!; end
 
+        def self.get_choco_version
+          @get_choco_version ||= powershell_exec!("choco --version").result
+        end
+
+        # Choco V2 uses 'Search' for remote repositories and 'List' for local packages
+        def self.query_command
+          return "list" if get_choco_version.match?(/^1/)
+
+          "search"
+        end
+
+        def query_command
+          self.class.query_command
+        end
+
         private
 
         def version_compare(v1, v2)
@@ -225,7 +240,7 @@ class Chef
           package_name_array.each do |pkg|
             available_versions =
               begin
-                cmd = [ "list", "-r", pkg ]
+                cmd = [ query_command, "-r", pkg ]
                 cmd += common_options
                 cmd.push( new_resource.list_options ) if new_resource.list_options
 
@@ -242,6 +257,8 @@ class Chef
         # Installed packages in chocolatey as a Hash of names mapped to versions
         # (names are downcased for case-insensitive matching)
         #
+        # Beginning with Choco 2.0, "list" returns local packages only while "search" returns packages from external package sources
+        #
         # @return [Hash] name-to-version mapping of installed packages
         def installed_packages
           @installed_packages ||= Hash[*parse_list_output("list", "-l", "-r").flatten]

data/lib/chef/provider/package/zypper.rb

@@ -141,6 +141,7 @@ class Chef
             if md = line.match(/^(\S*)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(.*)$/)
               (status, name, type, version, arch, repo) = [ md[1], md[2], md[3], md[4], md[5], md[6] ]
               next if version == "Version" # header
+              next if name != package_name
 
               # sometimes even though we request a specific version in the search string above and have match exact, we wind up
               # with other versions in the output, particularly getting the installed version when downgrading.

data/lib/chef/provider/remote_file/http.rb

@@ -113,7 +113,7 @@ class Chef
         end
 
         def last_modified_time_from(response)
-          response["last_modified"] || response["date"]
+          response["last-modified"] || response["date"]
         end
 
         def etag_from(response)

data/lib/chef/provider/yum_repository.rb

@@ -45,7 +45,7 @@ class Chef
           if new_resource.make_cache
             notifies :run, "execute[yum clean metadata #{new_resource.repositoryid}]", :immediately if new_resource.clean_metadata || new_resource.clean_headers
             # makecache fast only works on non-dnf systems.
-            if !which "dnf" && new_resource.makecache_fast
+            if !which("dnf") && new_resource.makecache_fast
               notifies :run, "execute[yum-makecache-fast-#{new_resource.repositoryid}]", :immediately
             else
               notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately

data/lib/chef/resource/apt_repository.rb

@@ -98,6 +98,18 @@ class Chef
         end
         ```
 
+        **Add repository that needs custom options**:
+        ```ruby
+        apt_repository 'corretto' do
+          uri          'https://apt.corretto.aws'
+          arch         'amd64'
+          distribution 'stable'
+          components   ['main']
+          options      ['target-=Contents-deb']
+          key          'https://apt.corretto.aws/corretto.key'
+        end
+        ```
+
         **Remove a repository from the list**:
 
         ```ruby
@@ -159,6 +171,10 @@ class Chef
         description: "Determines whether to rebuild the APT package cache.",
         default: true, desired_state: false
 
+      property :options, [String, Array],
+        description: "Additional options to set for the repository",
+        default: [], coerce: proc { |x| Array(x) }
+
       default_action :add
       allowed_actions :add, :remove
 
@@ -388,19 +404,21 @@ class Chef
         # @param [Array] components
         # @param [Boolean] trusted
         # @param [String] arch
+        # @param [Array] options
         # @param [Boolean] add_src
         #
         # @return [String] complete repo config text
-        def build_repo(uri, distribution, components, trusted, arch, add_src = false)
+        def build_repo(uri, distribution, components, trusted, arch, options, add_src = false)
           uri = make_ppa_url(uri) if is_ppa_url?(uri)
 
           uri = Addressable::URI.parse(uri)
           components = Array(components).join(" ")
-          options = []
-          options << "arch=#{arch}" if arch
-          options << "trusted=yes" if trusted
-          optstr = unless options.empty?
-                     "[" + options.join(" ") + "]"
+          options_list = []
+          options_list << "arch=#{arch}" if arch
+          options_list << "trusted=yes" if trusted
+          options_list += options
+          optstr = unless options_list.empty?
+                     "[" + options_list.join(" ") + "]"
                    end
           info = [ optstr, uri.normalize.to_s, distribution, components ].compact.join(" ")
           repo =  "deb      #{info}\n"
@@ -461,6 +479,7 @@ class Chef
           repo_components,
           new_resource.trusted,
           new_resource.arch,
+          new_resource.options,
           new_resource.deb_src
         )
 

data/lib/chef/resource/homebrew_cask.rb

@@ -45,8 +45,7 @@ class Chef
         default: true
 
       property :homebrew_path, String,
-        description: "The path to the homebrew binary.",
-        default: "/usr/local/bin/brew"
+        description: "The path to the Homebrew binary."
 
       property :owner, [String, Integer],
         description: "The owner of the Homebrew installation.",
@@ -56,14 +55,14 @@ class Chef
       action :install, description: "Install an application that is packaged as a Homebrew cask." do
         if new_resource.install_cask
           homebrew_tap "homebrew/cask" do
-            homebrew_path new_resource.homebrew_path
+            homebrew_path homebrew_bin_path(new_resource.homebrew_path)
             owner new_resource.owner
           end
         end
 
         unless casked?
           converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
-            shell_out!("#{new_resource.homebrew_path} install --cask #{new_resource.cask_name} #{new_resource.options}",
+            shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} install --cask #{new_resource.cask_name} #{new_resource.options}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))
@@ -74,14 +73,14 @@ class Chef
       action :remove, description: "Remove an application that is packaged as a Homebrew cask." do
         if new_resource.install_cask
           homebrew_tap "homebrew/cask" do
-            homebrew_path new_resource.homebrew_path
+            homebrew_path homebrew_bin_path(new_resource.homebrew_path)
             owner new_resource.owner
           end
         end
 
         if casked?
           converge_by("uninstall cask #{new_resource.cask_name}") do
-            shell_out!("#{new_resource.homebrew_path} uninstall --cask #{new_resource.cask_name}",
+            shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} uninstall --cask #{new_resource.cask_name}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))
@@ -99,7 +98,7 @@ class Chef
         # @return [Boolean]
         def casked?
           unscoped_name = new_resource.cask_name.split("/").last
-          shell_out!("#{new_resource.homebrew_path} list --cask 2>/dev/null",
+          shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} list --cask 2>/dev/null",
             user: new_resource.owner,
             env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
             cwd: ::Dir.home(new_resource.owner)).stdout.split.include?(unscoped_name)

data/lib/chef/resource/homebrew_package.rb

@@ -63,7 +63,7 @@ class Chef
       allowed_actions :install, :upgrade, :remove, :purge
 
       property :homebrew_user, [ String, Integer ],
-        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
+        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable on x86_64 machines or `/opt/homebrew/bin/brew` executable on arm64 machines. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin, /opt/homebrew/bin, or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
 
     end
   end

data/lib/chef/resource/homebrew_tap.rb

@@ -41,8 +41,7 @@ class Chef
         description: "The URL of the tap."
 
       property :homebrew_path, String,
-        description: "The path to the Homebrew binary.",
-        default: "/usr/local/bin/brew"
+        description: "The path to the Homebrew binary."
 
       property :owner, String,
         description: "The owner of the Homebrew installation.",
@@ -52,7 +51,7 @@ class Chef
       action :tap, description: "Add a Homebrew tap." do
         unless tapped?(new_resource.tap_name)
           converge_by("tap #{new_resource.tap_name}") do
-            shell_out!("#{new_resource.homebrew_path} tap #{new_resource.tap_name} #{new_resource.url || ""}",
+            shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} tap #{new_resource.tap_name} #{new_resource.url || ""}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))
@@ -63,7 +62,7 @@ class Chef
       action :untap, description: "Remove a Homebrew tap." do
         if tapped?(new_resource.tap_name)
           converge_by("untap #{new_resource.tap_name}") do
-            shell_out!("#{new_resource.homebrew_path} untap #{new_resource.tap_name}",
+            shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} untap #{new_resource.tap_name}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))
@@ -75,8 +74,9 @@ class Chef
       #
       # @return [Boolean]
       def tapped?(name)
+        base_path = ["#{::File.dirname(which("brew"))}/../homebrew", "#{::File.dirname(which("brew"))}/../Homebrew", "/opt/homebrew", "/usr/local/Homebrew", "/home/linuxbrew/.linuxbrew"].uniq.select { |x| Dir.exist?(x) }.first
         tap_dir = name.gsub("/", "/homebrew-")
-        ::File.directory?("/usr/local/Homebrew/Library/Taps/#{tap_dir}")
+        ::File.directory?("#{base_path}/Library/Taps/#{tap_dir}")
       end
     end
   end

data/lib/chef/resource/launchd.rb

@@ -202,7 +202,11 @@ class Chef
         description: "The first argument of `execvp`, typically the file name associated with the file to be executed. This value must be specified if `program_arguments` is not specified, and vice-versa."
 
       property :program_arguments, Array,
-        description: "The second argument of `execvp`. If program is not specified, this property must be specified and will be handled as if it were the first argument."
+        description: "The second argument of `execvp`. If program is not specified, this property must be specified and will be handled as if it were the first argument.",
+        coerce: proc { |args|
+          # Cast all values to a string.  Launchd only supports string values
+          args.map(&:to_s)
+        }
 
       property :queue_directories, Array,
         description: "An array of non-empty directories which, if any are modified, will cause a job to be started."

data/lib/chef/resource/macos_userdefaults.rb

@@ -50,15 +50,17 @@ class Chef
         end
         ```
 
-        **Specifying the type of a key to skip automatic type detection**
+        **Setting a value for specific user and hosts**
 
         ```ruby
-        macos_userdefaults 'Finder expanded save dialogs' do
-          key 'NSNavPanelExpandedStateForSaveMode'
-          value 'TRUE'
-          type 'bool'
+        macos_userdefaults 'Enable macOS firewall' do
+          key 'globalstate'
+          value 1
+          user 'jane'
+          host :current
         end
         ```
+
       DOC
 
       property :domain, String,
@@ -79,6 +81,7 @@ class Chef
 
       property :host, [String, Symbol],
         description: "Set either :current, :all or a hostname to set the user default at the host level.",
+        default: :all,
         desired_state: false,
         introduced: "16.3"
 
@@ -94,6 +97,7 @@ class Chef
 
       property :user, [String, Symbol],
         description: "The system user that the default will be applied to. Set :current for current user, :all for all users or pass a valid username",
+        default: :current,
         desired_state: false
 
       property :sudo, [TrueClass, FalseClass],