chef 18.3.0 → 18.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3856e8d0d5224634cad3eb9d43ecf3e87cc504ee881474f7698a14eb90e15088
-  data.tar.gz: 7830af2c8acab4e76176876a2aaac1363d9a8ff706a78422ec98d6d522772856
+  metadata.gz: 1b0abf8303fae83df7a99b7731d5e3eedd3dcb5f533cbc9c784527682b3daaa6
+  data.tar.gz: a0fa3f6ee5de4413da2bc2a8e7f41d6d50d320f7c7d2cc080cbda5c9c7bf4604
 SHA512:
-  metadata.gz: 4503271efa5b5e0713e2753056c32f6c9fb044935802571d8ef3a4024788dd23f9b6ca7da74e1210d1eaedf03b2b44ecc6e7a0e28059078e815b78161ca4e502
-  data.tar.gz: 150281399db54afc60e2f910b3dd4322b0d6f287f97d57b9c530fea39d705bbc4dd0b89cb43807f642674c0ae0ce20d40964bba5fe757a76d4af71fa6b7dc7d1
+  metadata.gz: 961231927046fcc8965d79b9138e76d7659c666d3afaafe99b4cd1816169e888cb0f87cb57bb394c1d5a81e1f7d54f69f2dad7c9f51ff573c868429449aae808
+  data.tar.gz: '024394b552768952422587e0c0cd68bb617c51c1baa01ee7a5421952b3d1822ad6a553e0ad549047d53f3339c2483bb54f76f556a5a180d0999bb7fd1553a7ec'

data/Gemfile

@@ -7,7 +7,7 @@ gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main"
 # Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
 gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
 
-gem "ffi", ">= 1.15.5"
+gem "ffi", "~> 1.15.5"
 gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
 gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
 
@@ -24,7 +24,7 @@ gem "cheffish", ">= 17"
 group(:omnibus_package) do
   gem "appbundler"
   gem "rb-readline"
-  gem "inspec-core-bin", ">= 5" # need to provide the binaries for inspec
+  gem "inspec-core-bin", ">= 5", "< 6" # need to provide the binaries for inspec
   gem "chef-vault"
 end
 

data/chef.gemspec

@@ -41,9 +41,9 @@ Gem::Specification.new do |s|
   s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
   s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
   s.add_dependency "ohai", "~> 18.0"
-  s.add_dependency "inspec-core", ">= 5"
+  s.add_dependency "inspec-core", ">= 5", "< 6"
 
-  s.add_dependency "ffi", ">= 1.15.5"
+  s.add_dependency "ffi", "~> 1.15.5"
   s.add_dependency "ffi-yajl", "~> 2.2"
   s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
   s.add_dependency "net-ftp" # remote_file resource
@@ -58,7 +58,7 @@ Gem::Specification.new do |s|
   s.add_dependency "addressable"
   s.add_dependency "syslog-logger", "~> 1.6"
   s.add_dependency "uuidtools", ">= 2.1.5", "< 3.0" # osx_profile resource
-  s.add_dependency "unf_ext", ">= 0.0.8.2" # This is ruby31 compatible ucrt gem version
+  s.add_dependency "unf_ext", "~> 0.0.8.2" # older platforms
   s.add_dependency "corefoundation", "~> 0.3.4" # macos_userdefaults resource
 
   s.add_dependency "proxifier2", "~> 1.1"

data/lib/chef/chef_fs/file_pattern.rb

@@ -238,7 +238,7 @@ class Chef
             end
           end
 
-          @regexp = Regexp.new("^#{full_regexp_parts.join(Chef::ChefFS::PathUtils.regexp_path_separator)}$")
+          @regexp = Regexp.new("^#{full_regexp_parts.join(Chef::ChefFS::PathUtils::REGEXP_PATH_SEPARATOR)}$")
           @normalized_pattern = Chef::ChefFS::PathUtils.join(*normalized_parts)
           @normalized_pattern = Chef::ChefFS::PathUtils.join("", @normalized_pattern) if @is_absolute
         end

data/lib/chef/chef_fs/path_utils.rb

@@ -40,13 +40,15 @@ class Chef
       # path to discover the Chef-FS root path) are handled in accordance to the rules
       # of the local file-system and OS.
 
+      REGEXP_PATH_SEPARATOR = ChefUtils.windows? ? "[\\/\\\\]" : "/"
+
       def self.join(*parts)
         return "" if parts.length == 0
 
         # Determine if it started with a slash
-        absolute = parts[0].length == 0 || parts[0].length > 0 && parts[0] =~ /^#{regexp_path_separator}/
+        absolute = parts[0].length == 0 || parts[0].length > 0 && parts[0] =~ /^#{REGEXP_PATH_SEPARATOR}/
         # Remove leading and trailing slashes from each part so that the join will work (and the slash at the end will go away)
-        parts = parts.map { |part| part.gsub(/^#{regexp_path_separator}+|#{regexp_path_separator}+$/, "") }
+        parts = parts.map { |part| part.gsub(/^#{REGEXP_PATH_SEPARATOR}+|#{REGEXP_PATH_SEPARATOR}+$/, "") }
         # Don't join empty bits
         result = parts.select { |part| part != "" }.join("/")
         # Put the / back on
@@ -54,16 +56,12 @@ class Chef
       end
 
       def self.split(path)
-        path.split(Regexp.new(regexp_path_separator))
-      end
-
-      def self.regexp_path_separator
-        ChefUtils.windows? ? "[\\/\\\\]" : "/"
+        path.split(Regexp.new(REGEXP_PATH_SEPARATOR))
       end
 
       # Given a server path, determines if it is absolute.
       def self.is_absolute?(path)
-        !!(path =~ /^#{regexp_path_separator}/)
+        !!(path =~ /^#{REGEXP_PATH_SEPARATOR}/)
       end
 
       # Given a path which may only be partly real (i.e. /x/y/z when only /x exists,
@@ -118,7 +116,7 @@ class Chef
 
         if ancestor.length == path.length
           ""
-        elsif /#{PathUtils.regexp_path_separator}/.match?(path[ancestor.length, 1])
+        elsif /#{PathUtils::REGEXP_PATH_SEPARATOR}/.match?(path[ancestor.length, 1])
           path[ancestor.length + 1..-1]
         else
           nil

data/lib/chef/cookbook/synchronizer.rb

@@ -18,7 +18,6 @@ require_relative "../util/threaded_job_queue"
 require_relative "../server_api"
 require "singleton" unless defined?(Singleton)
 require "chef-utils/dist" unless defined?(ChefUtils::Dist)
-require "set" unless defined?(Set)
 
 class Chef
 
@@ -240,8 +239,8 @@ class Chef
       @cookbooks_by_name.each_key do |cookbook_name|
         cache_file_hash[cookbook_name].each_key do |segment|
           manifest_segment = cookbook_segment(cookbook_name, segment)
-          manifest_record_paths = manifest_segment.map { |manifest_record| manifest_record["path"] }.to_set
-          to_be_removed = cache_file_hash[cookbook_name][segment].keys.to_set - manifest_record_paths
+          manifest_record_paths = manifest_segment.map { |manifest_record| manifest_record["path"] }
+          to_be_removed = cache_file_hash[cookbook_name][segment].keys - manifest_record_paths
           to_be_removed.each do |path|
             cache_file = cache_file_hash[cookbook_name][segment][path]
 

data/lib/chef/delayed_evaluator.rb

@@ -21,5 +21,9 @@ class Chef
       # super returns a "Proc" (which seems buggy) so re-wrap it
       self.class.new(&super) # rubocop:disable Layout/SpaceAroundKeyword
     end
+
+    def inspect
+      "lazy { (evaluates to) #{call.inspect} }"
+    end
   end
 end

data/lib/chef/file_access_control/windows.rb

@@ -324,7 +324,10 @@ class Chef
           acls += mode_ace(SID.Everyone, (mode & 07))
         end
 
-        acls.nil? ? nil : Chef::ReservedNames::Win32::Security::ACL.create(acls)
+        # 'acls.nil?' is true if uninitialized, but false if the initial empty array value.
+        # 'acls.empty?' cannot be called if acls is nil but successfully guards against using the empty array value.
+        # either case should return nil from this method.
+        (acls.nil? || acls.empty?) ? nil : Chef::ReservedNames::Win32::Security::ACL.create(acls)
       end
 
       def target_group

data/lib/chef/guard_interpreter/resource_guard_interpreter.rb

@@ -77,6 +77,8 @@ class Chef
           @resource.updated
         rescue Mixlib::ShellOut::ShellCommandFailed
           nil
+        rescue ChefPowerShell::PowerShellExceptions::PowerShellCommandFailed
+          nil
         end
       end
 

data/lib/chef/mixin/homebrew_user.rb

@@ -61,8 +61,11 @@ class Chef
         if brew_bin_path && ::File.exist?(brew_bin_path)
           brew_bin_path
         else
-          brew_bin_path = [which("brew"), "/opt/homebrew/bin/brew", "/usr/local/bin/brew", "/home/linuxbrew/.linuxbrew/bin/brew"].uniq.select { |x| ::File.exist?(x) && ::File.executable?(x) }.first
-          brew_bin_path || nil
+          [which("brew"), "/opt/homebrew/bin/brew", "/usr/local/bin/brew", "/home/linuxbrew/.linuxbrew/bin/brew"].uniq.select do |x|
+            next if x == false
+
+            ::File.exist?(x) && ::File.executable?(x)
+          end.first || nil
         end
       end
 
@@ -75,7 +78,7 @@ class Chef
           owner = ::File.stat(brew_path).uid
         else
           raise Chef::Exceptions::CannotDetermineHomebrewOwner,
-            'Could not find the "brew" executable anywhere on the path.'
+            'Couldn\'t find the "brew" executable anywhere on the path.'
         end
 
         Chef::Log.debug "Found Homebrew owner #{Etc.getpwuid(owner).name}; executing `brew` commands as them"

data/lib/chef/monkey_patches/net-http.rb

@@ -23,7 +23,7 @@ if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
           conn_port = port
         end
 
-        puts "opening connection to #{conn_addr}:#{conn_port}..."
+        Chef::Log.debug("opening connection to #{conn_addr}:#{conn_port}...")
         s = Timeout.timeout(@open_timeout, Net::OpenTimeout) {
           begin
             TCPSocket.open(conn_addr, conn_port, @local_host, @local_port)
@@ -33,7 +33,7 @@ if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
           end
         }
         s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
-        puts "opened"
+        Chef::Log.debug("opened")
         if use_ssl?
           if proxy?
             plain_sock = BufferedIO.new(s, read_timeout: @read_timeout,
@@ -92,7 +92,7 @@ if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
             ssl_host_address = @address
           end
 
-          puts "starting SSL for #{conn_addr}:#{conn_port}..."
+          Chef::Log.debug("starting SSL for #{conn_addr}:#{conn_port}...")
           s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
           s.sync_close = true
           s.hostname = ssl_host_address if s.respond_to?(:hostname=) && ssl_host_address
@@ -105,7 +105,7 @@ if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
           if (@ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE) && verify_hostname
             s.post_connection_check(@address)
           end
-          puts "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"
+          Chef::Log.debug("SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}")
         end
         @socket = BufferedIO.new(s, read_timeout: @read_timeout,
                                 write_timeout: @write_timeout,
@@ -115,7 +115,7 @@ if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
         on_connect
       rescue => exception
         if s
-          puts "Conn close because of connect error #{exception}"
+          Chef::Log.debug("Conn close because of connect error #{exception}")
           s.close
         end
         raise

data/lib/chef/node/attribute_collections.rb

@@ -18,6 +18,7 @@
 
 require_relative "common_api"
 require_relative "mixin/state_tracking"
+require_relative "mixin/state_tracking_array"
 require_relative "mixin/immutablize_array"
 require_relative "mixin/immutablize_hash"
 require_relative "mixin/mashy_array"
@@ -97,7 +98,7 @@ class Chef
         key
       end
 
-      prepend Chef::Node::Mixin::StateTracking
+      prepend Chef::Node::Mixin::StateTrackingArray
     end
 
     # == VividMash

data/lib/chef/node/immutable_collections.rb

@@ -17,6 +17,7 @@
 
 require_relative "common_api"
 require_relative "mixin/state_tracking"
+require_relative "mixin/state_tracking_array"
 require_relative "mixin/immutablize_array"
 require_relative "mixin/immutablize_hash"
 require_relative "../delayed_evaluator"
@@ -119,7 +120,7 @@ class Chef
         value
       end
 
-      prepend Chef::Node::Mixin::StateTracking
+      prepend Chef::Node::Mixin::StateTrackingArray
       prepend Chef::Node::Mixin::ImmutablizeArray
     end
 

data/lib/chef/node/mixin/state_tracking_array.rb

@@ -0,0 +1,41 @@
+#--
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "immutablize_array"
+require_relative "state_tracking"
+
+class Chef
+  class Node
+    module Mixin
+      module StateTrackingArray
+        include ::Chef::Node::Mixin::StateTracking
+
+        MUTATOR_METHODS = Chef::Node::Mixin::ImmutablizeArray::DISALLOWED_MUTATOR_METHODS
+
+        # For all of the methods that may mutate an Array, we override them to
+        # also track the state and trigger attribute_changed event.
+        MUTATOR_METHODS.each do |mutator|
+          define_method(mutator) do |*args, &block|
+            ret = super(*args, &block)
+            send_attribute_changed_event(__path__, self)
+            ret
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/node.rb

@@ -401,6 +401,13 @@ class Chef
       normal[:tags]
     end
 
+    # Add the list of tags to the node.
+    #
+    # === Parameters
+    # tags<Array>:: A list of tags
+    #
+    # === Returns
+    # tags<Array>:: The current list of run_context.node.tags
     def tag(*args)
       args.each do |tag|
         tags.push(tag.to_s) unless tags.include? tag.to_s
@@ -409,6 +416,21 @@ class Chef
       tags
     end
 
+    # Removes the list of tags from the node.
+    #
+    # === Parameters
+    # tags<Array>:: A list of tags
+    #
+    # === Returns
+    # tags<Array>:: The current list of run_context.node.tags
+    def untag(*args)
+      args.each do |tag|
+        tags.delete(tag.to_s)
+      end
+
+      tags
+    end
+
     # Extracts the run list from +attrs+ and applies it. Returns the remaining attributes
     def consume_run_list(attrs)
       attrs = attrs ? attrs.dup : {}

data/lib/chef/provider/package/apt.rb

@@ -124,6 +124,11 @@ class Chef
 
         private
 
+        # @return [String] package name with or without anchors attached to it.
+        def resolve_package(pkg)
+          new_resource.anchor_package_regex ? "^#{pkg}$" : pkg
+        end
+
         # @return [String] version of apt-get which is installed
         def apt_version
           @apt_version ||= shell_out("apt-get --version").stdout.match(/^apt (\S+)/)[1]
@@ -174,10 +179,12 @@ class Chef
         end
 
         def resolve_package_versions(pkg)
+          # apt-cache considers package names as regex by default. The anchor_package_regex flag will decide whether to match name exact string or not
+          pkg_name = resolve_package(pkg)
           current_version = nil
           candidate_version = nil
           all_versions = []
-          run_noninteractive("apt-cache", default_release_options, "policy", pkg).stdout.each_line do |line|
+          run_noninteractive("apt-cache", default_release_options, "policy", pkg_name).stdout.each_line do |line|
             case line
             when /^\s{2}Installed: (.+)$/
               current_version = ( $1 != "(none)" ) ? $1 : nil
@@ -216,7 +223,9 @@ class Chef
         end
 
         def resolve_virtual_package_name(pkg)
-          showpkg = run_noninteractive("apt-cache", "showpkg", pkg).stdout
+          # apt-cache considers package names as regex by default. The anchor_package_regex flag will decide whether to match name exact string or not
+          pkg_name = resolve_package(pkg)
+          showpkg = run_noninteractive("apt-cache", "showpkg", pkg_name).stdout
           partitions = showpkg.rpartition(/Reverse Provides: ?#{$/}/)
           return nil if partitions[0] == "" && partitions[1] == "" # not found in output