chef 18.4.12 → 18.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/chef.gemspec +6 -6
- data/lib/chef/application/client.rb +12 -0
- data/lib/chef/client.rb +10 -16
- data/lib/chef/compliance/runner.rb +10 -0
- data/lib/chef/cookbook/chefignore.rb +4 -1
- data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
- data/lib/chef/cookbook/synchronizer.rb +7 -1
- data/lib/chef/cookbook_manifest.rb +2 -2
- data/lib/chef/file_access_control/unix.rb +9 -9
- data/lib/chef/file_cache.rb +17 -2
- data/lib/chef/file_content_management/deploy/target_io.rb +29 -0
- data/lib/chef/file_content_management/deploy.rb +4 -1
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/mixin/file_class.rb +3 -1
- data/lib/chef/mixin/get_source_from_package.rb +1 -1
- data/lib/chef/mixin/openssl_helper.rb +1 -1
- data/lib/chef/node/attribute.rb +3 -11
- data/lib/chef/node/immutable_collections.rb +15 -8
- data/lib/chef/node/mixin/state_tracking.rb +6 -3
- data/lib/chef/policy_builder/policyfile.rb +8 -0
- data/lib/chef/provider/.gitkeep +0 -0
- data/lib/chef/provider/cookbook_file.rb +1 -1
- data/lib/chef/provider/cron.rb +1 -1
- data/lib/chef/provider/directory.rb +15 -15
- data/lib/chef/provider/file.rb +42 -29
- data/lib/chef/provider/git.rb +8 -8
- data/lib/chef/provider/group/aix.rb +1 -1
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/group/gpasswd.rb +2 -2
- data/lib/chef/provider/group/groupadd.rb +1 -1
- data/lib/chef/provider/group/groupmod.rb +2 -2
- data/lib/chef/provider/group/pw.rb +2 -2
- data/lib/chef/provider/group/solaris.rb +2 -2
- data/lib/chef/provider/group/usermod.rb +2 -2
- data/lib/chef/provider/group.rb +1 -1
- data/lib/chef/provider/http_request.rb +2 -3
- data/lib/chef/provider/ifconfig/aix.rb +1 -1
- data/lib/chef/provider/ifconfig/debian.rb +3 -3
- data/lib/chef/provider/ifconfig/redhat.rb +1 -1
- data/lib/chef/provider/ifconfig.rb +1 -1
- data/lib/chef/provider/link.rb +10 -10
- data/lib/chef/provider/mount/aix.rb +4 -4
- data/lib/chef/provider/mount/linux.rb +4 -4
- data/lib/chef/provider/mount/mount.rb +11 -11
- data/lib/chef/provider/package/apt.rb +2 -11
- data/lib/chef/provider/package/bff.rb +3 -3
- data/lib/chef/provider/package/chocolatey.rb +54 -24
- data/lib/chef/provider/package/dpkg.rb +3 -3
- data/lib/chef/provider/package/freebsd/base.rb +1 -1
- data/lib/chef/provider/package/habitat.rb +5 -3
- data/lib/chef/provider/package/ips.rb +2 -2
- data/lib/chef/provider/package/openbsd.rb +3 -2
- data/lib/chef/provider/package/pacman.rb +4 -4
- data/lib/chef/provider/package/paludis.rb +2 -2
- data/lib/chef/provider/package/portage.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +1 -0
- data/lib/chef/provider/package/rpm.rb +2 -2
- data/lib/chef/provider/package/smartos.rb +2 -2
- data/lib/chef/provider/package/snap.rb +2 -1
- data/lib/chef/provider/package/snap_tm.rb +79 -0
- data/lib/chef/provider/package/solaris.rb +4 -4
- data/lib/chef/provider/package/zypper.rb +4 -5
- data/lib/chef/provider/package.rb +1 -1
- data/lib/chef/provider/remote_directory.rb +5 -5
- data/lib/chef/provider/remote_file/http.rb +2 -3
- data/lib/chef/provider/remote_file.rb +1 -1
- data/lib/chef/provider/route.rb +9 -9
- data/lib/chef/provider/service/aix.rb +1 -1
- data/lib/chef/provider/service/aixinit.rb +4 -4
- data/lib/chef/provider/service/arch.rb +6 -6
- data/lib/chef/provider/service/debian.rb +5 -5
- data/lib/chef/provider/service/freebsd.rb +7 -7
- data/lib/chef/provider/service/gentoo.rb +5 -5
- data/lib/chef/provider/service/init.rb +2 -2
- data/lib/chef/provider/service/insserv.rb +2 -2
- data/lib/chef/provider/service/invokercd.rb +1 -1
- data/lib/chef/provider/service/openbsd.rb +7 -7
- data/lib/chef/provider/service/redhat.rb +3 -3
- data/lib/chef/provider/service/solaris.rb +2 -2
- data/lib/chef/provider/service/systemd.rb +2 -2
- data/lib/chef/provider/service/upstart.rb +2 -2
- data/lib/chef/provider/service/windows.rb +0 -1
- data/lib/chef/provider/subversion.rb +8 -8
- data/lib/chef/provider/systemd_unit.rb +3 -3
- data/lib/chef/provider/template.rb +1 -1
- data/lib/chef/provider/user/aix.rb +3 -3
- data/lib/chef/provider/user/linux.rb +7 -2
- data/lib/chef/provider/user/pw.rb +3 -3
- data/lib/chef/provider/user/solaris.rb +7 -7
- data/lib/chef/provider/user.rb +7 -8
- data/lib/chef/provider/yum_repository.rb +1 -3
- data/lib/chef/provider/zypper_repository.rb +1 -1
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource/.gitkeep +0 -0
- data/lib/chef/resource/alternatives.rb +2 -2
- data/lib/chef/resource/apt_preference.rb +1 -1
- data/lib/chef/resource/apt_repository.rb +7 -9
- data/lib/chef/resource/apt_update.rb +3 -3
- data/lib/chef/resource/bff_package.rb +1 -1
- data/lib/chef/resource/chef_client_config.rb +3 -2
- data/lib/chef/resource/chef_client_systemd_timer.rb +5 -0
- data/lib/chef/resource/chef_gem.rb +1 -1
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/cookbook_file.rb +1 -1
- data/lib/chef/resource/cron/cron.rb +1 -1
- data/lib/chef/resource/cron/cron_d.rb +1 -1
- data/lib/chef/resource/cron_access.rb +1 -1
- data/lib/chef/resource/directory.rb +1 -1
- data/lib/chef/resource/dpkg_package.rb +1 -1
- data/lib/chef/resource/execute.rb +8 -6
- data/lib/chef/resource/file/verification/json.rb +1 -1
- data/lib/chef/resource/file/verification/systemd_unit.rb +1 -1
- data/lib/chef/resource/file/verification/yaml.rb +1 -1
- data/lib/chef/resource/file.rb +1 -1
- data/lib/chef/resource/freebsd_package.rb +2 -2
- data/lib/chef/resource/group.rb +1 -1
- data/lib/chef/resource/habitat/habitat_package.rb +1 -1
- data/lib/chef/resource/habitat/habitat_sup.rb +9 -9
- data/lib/chef/resource/habitat/habitat_sup_systemd.rb +2 -2
- data/lib/chef/resource/habitat_install.rb +5 -4
- data/lib/chef/resource/hostname.rb +11 -10
- data/lib/chef/resource/http_request.rb +1 -1
- data/lib/chef/resource/ifconfig.rb +1 -1
- data/lib/chef/resource/inspec_input.rb +3 -1
- data/lib/chef/resource/inspec_waiver.rb +1 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +1 -1
- data/lib/chef/resource/ips_package.rb +2 -2
- data/lib/chef/resource/kernel_module.rb +2 -2
- data/lib/chef/resource/link.rb +1 -1
- data/lib/chef/resource/locale.rb +2 -2
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/notify_group.rb +1 -1
- data/lib/chef/resource/ohai.rb +1 -1
- data/lib/chef/resource/ohai_hint.rb +1 -1
- data/lib/chef/resource/openbsd_package.rb +2 -2
- data/lib/chef/resource/package.rb +1 -1
- data/lib/chef/resource/pacman_package.rb +1 -1
- data/lib/chef/resource/paludis_package.rb +1 -1
- data/lib/chef/resource/portage_package.rb +1 -1
- data/lib/chef/resource/powershell_package.rb +4 -0
- data/lib/chef/resource/reboot.rb +1 -1
- data/lib/chef/resource/remote_directory.rb +1 -1
- data/lib/chef/resource/remote_file.rb +1 -1
- data/lib/chef/resource/rhsm_errata.rb +1 -1
- data/lib/chef/resource/rhsm_errata_level.rb +1 -1
- data/lib/chef/resource/rhsm_register.rb +1 -1
- data/lib/chef/resource/rhsm_repo.rb +3 -4
- data/lib/chef/resource/rhsm_subscription.rb +8 -9
- data/lib/chef/resource/route.rb +1 -1
- data/lib/chef/resource/rpm_package.rb +1 -1
- data/lib/chef/resource/scm/git.rb +1 -1
- data/lib/chef/resource/scm/subversion.rb +1 -1
- data/lib/chef/resource/selinux/common_helpers.rb +1 -1
- data/lib/chef/resource/selinux_boolean.rb +1 -1
- data/lib/chef/resource/selinux_fcontext.rb +3 -3
- data/lib/chef/resource/selinux_install.rb +1 -1
- data/lib/chef/resource/selinux_login.rb +1 -1
- data/lib/chef/resource/selinux_module.rb +5 -5
- data/lib/chef/resource/selinux_permissive.rb +2 -2
- data/lib/chef/resource/selinux_port.rb +2 -2
- data/lib/chef/resource/selinux_state.rb +2 -2
- data/lib/chef/resource/selinux_user.rb +1 -1
- data/lib/chef/resource/smartos_package.rb +2 -2
- data/lib/chef/resource/snap_package.rb +24 -1
- data/lib/chef/resource/solaris_package.rb +1 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
- data/lib/chef/resource/sudo.rb +5 -5
- data/lib/chef/resource/support/client.erb +1 -1
- data/lib/chef/resource/swap_file.rb +6 -6
- data/lib/chef/resource/sysctl.rb +6 -5
- data/lib/chef/resource/systemd_unit.rb +1 -1
- data/lib/chef/resource/template.rb +1 -1
- data/lib/chef/resource/timezone.rb +5 -5
- data/lib/chef/resource/user/aix_user.rb +2 -2
- data/lib/chef/resource/user/linux_user.rb +2 -2
- data/lib/chef/resource/user/pw_user.rb +2 -2
- data/lib/chef/resource/user/solaris_user.rb +2 -2
- data/lib/chef/resource/user_ulimit.rb +1 -1
- data/lib/chef/resource/yum_repository.rb +1 -1
- data/lib/chef/resource/zypper_package.rb +2 -2
- data/lib/chef/resource/zypper_repository.rb +2 -2
- data/lib/chef/run_lock.rb +3 -0
- data/lib/chef/scan_access_control.rb +6 -6
- data/lib/chef/target_io/dir.rb +12 -0
- data/lib/chef/target_io/etc.rb +16 -0
- data/lib/chef/target_io/file.rb +12 -0
- data/lib/chef/target_io/fileutils.rb +12 -0
- data/lib/chef/target_io/http.rb +22 -0
- data/lib/chef/target_io/io.rb +12 -0
- data/lib/chef/target_io/shadow.rb +44 -0
- data/lib/chef/target_io/train/dir.rb +69 -0
- data/lib/chef/target_io/train/etc.rb +112 -0
- data/lib/chef/target_io/train/file.rb +219 -0
- data/lib/chef/target_io/train/fileutils.rb +220 -0
- data/lib/chef/target_io/train/http.rb +117 -0
- data/lib/chef/target_io/train/io.rb +13 -0
- data/lib/chef/target_io/train/shadow.rb +52 -0
- data/lib/chef/target_io/train_compat.rb +7 -0
- data/lib/chef/target_io.rb +9 -0
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +14 -1
- data/lib/chef/util/file_edit.rb +4 -4
- data/lib/chef/version.rb +1 -1
- data/lib/chef.rb +2 -0
- data/spec/functional/resource/remote_file_spec.rb +1 -1
- data/spec/integration/client/fips_spec.rb +11 -2
- data/spec/integration/client/open_ssl_spec.rb +20 -0
- data/spec/spec_helper.rb +3 -1
- data/spec/support/platform_helpers.rb +20 -7
- data/spec/unit/client_spec.rb +0 -16
- data/spec/unit/file_cache_spec.rb +64 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +6 -1
- data/spec/unit/provider/apt_repository_spec.rb +1 -1
- data/spec/unit/provider/package/chocolatey_spec.rb +17 -12
- data/spec/unit/provider/package/windows_spec.rb +5 -5
- data/spec/unit/provider/package/zypper_spec.rb +0 -10
- data/spec/unit/provider/route_spec.rb +6 -4
- data/spec/unit/resource/rhsm_repo_spec.rb +1 -0
- data/spec/unit/resource/rhsm_subscription_spec.rb +2 -0
- metadata +29 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6aeb4e21d11cdf70486e7d5c78992d1248331091782075950ed11103f16313eb
|
4
|
+
data.tar.gz: 0d0732e253f1ff220fa4460a98befd22879d206f09e3053527b0996c0a84c268
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '067286ca73d5381ce8ffca9e20694d03b8b5032769ebec6805fdf51c03aadf5d7f2c55c6b1b27d32b81085b378b4e917410fa6dffb9532cae2130f3c6da8160f'
|
7
|
+
data.tar.gz: 1e35e9df95757159af9ab8a22b1d59cbbf8c0e916fdc8ec032c8383921e7de9a9a05d5f6aaba138b3d53af9e4e8359c39bba0f64fb42e90201c704e8ce3bcfe4
|
data/Gemfile
CHANGED
@@ -10,6 +10,8 @@ gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt
|
|
10
10
|
gem "ffi", ">= 1.15.5"
|
11
11
|
gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
|
12
12
|
gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
|
13
|
+
# required for FIPS or bundler will pick up default openssl
|
14
|
+
gem "openssl", "= 3.2.0" unless Gem.platforms.any? { |platform| !platform.is_a?(String) && platform.os == "darwin" }
|
13
15
|
|
14
16
|
if File.exist?(File.expand_path("chef-bin", __dir__))
|
15
17
|
# bundling in a git checkout
|
data/chef.gemspec
CHANGED
@@ -2,12 +2,12 @@ $:.unshift(File.dirname(__FILE__) + "/lib")
|
|
2
2
|
vs_path = File.expand_path("chef-utils/lib/chef-utils/version_string.rb", __dir__)
|
3
3
|
|
4
4
|
if File.exist?(vs_path)
|
5
|
-
#
|
6
|
-
|
7
|
-
|
8
|
-
# if the path doesn't exist then we're just in the wild gem and not in the git repo
|
9
|
-
require "chef-utils/version_string"
|
5
|
+
# include chef-utils/lib in the path if we're inside of chef vs. chef-utils gem
|
6
|
+
# but add it to the end of the search path
|
7
|
+
$: << (File.dirname(__FILE__) + "/chef-utils/lib")
|
10
8
|
end
|
9
|
+
# if the path doesn't exist then we're just in the wild gem and not in the git repo
|
10
|
+
require "chef-utils/version_string"
|
11
11
|
require "chef/version"
|
12
12
|
|
13
13
|
Gem::Specification.new do |s|
|
@@ -65,7 +65,7 @@ Gem::Specification.new do |s|
|
|
65
65
|
|
66
66
|
s.add_dependency "aws-sdk-s3", "~> 1.91" # s3 recipe-url support
|
67
67
|
s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
|
68
|
-
s.add_dependency "vault", "~> 0.
|
68
|
+
s.add_dependency "vault", "~> 0.18.2" # hashi vault official client gem
|
69
69
|
s.bindir = "bin"
|
70
70
|
s.executables = %w{ }
|
71
71
|
|
@@ -40,6 +40,10 @@ class Chef::Application::Client < Chef::Application::Base
|
|
40
40
|
long: "--config CONFIG",
|
41
41
|
description: "The configuration file to use."
|
42
42
|
|
43
|
+
option :credentials,
|
44
|
+
long: "--credentials CREDENTIALS",
|
45
|
+
description: "Credentials file to use. Default: ~/.chef/credentials"
|
46
|
+
|
43
47
|
unless ChefUtils.windows?
|
44
48
|
option :daemonize,
|
45
49
|
short: "-d [WAIT]",
|
@@ -125,6 +129,14 @@ class Chef::Application::Client < Chef::Application::Base
|
|
125
129
|
Chef::Config.node_name = Chef::Config.target_mode.host unless Chef::Config.node_name
|
126
130
|
end
|
127
131
|
|
132
|
+
if config[:credentials]
|
133
|
+
unless File.exist?(config[:credentials])
|
134
|
+
Chef::Application.fatal!("credentials file #{config[:credentials]} not found")
|
135
|
+
end
|
136
|
+
|
137
|
+
Chef::Config.credentials = config[:credentials]
|
138
|
+
end
|
139
|
+
|
128
140
|
if Chef::Config[:daemonize]
|
129
141
|
Chef::Config[:interval] ||= 1800
|
130
142
|
end
|
data/lib/chef/client.rb
CHANGED
@@ -292,6 +292,7 @@ class Chef
|
|
292
292
|
Chef.provider_handler_map.lock!
|
293
293
|
|
294
294
|
setup_run_context
|
295
|
+
setup_targetmode if Chef::Config.target_mode?
|
295
296
|
|
296
297
|
load_required_recipe(@rest, run_context) unless Chef::Config[:solo_legacy_mode]
|
297
298
|
|
@@ -305,8 +306,6 @@ class Chef
|
|
305
306
|
# keep this inside the main loop to get exception backtraces
|
306
307
|
end_profiling
|
307
308
|
|
308
|
-
warn_if_eol
|
309
|
-
|
310
309
|
# rebooting has to be the last thing we do, no exceptions.
|
311
310
|
Chef::Platform::Rebooter.reboot_if_needed!(node)
|
312
311
|
rescue Exception => run_error
|
@@ -335,19 +334,6 @@ class Chef
|
|
335
334
|
# @todo make this stuff protected or private
|
336
335
|
#
|
337
336
|
|
338
|
-
# @api private
|
339
|
-
def warn_if_eol
|
340
|
-
require_relative "version"
|
341
|
-
|
342
|
-
# We make a release every year so take the version you're on + 2006 and you get
|
343
|
-
# the year it goes EOL
|
344
|
-
eol_year = 2006 + Gem::Version.new(Chef::VERSION).segments.first
|
345
|
-
|
346
|
-
if Time.now > Time.new(eol_year, 5, 01)
|
347
|
-
logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on May 1st #{eol_year}. Please update to a supported release to receive new features, bug fixes, and security updates.")
|
348
|
-
end
|
349
|
-
end
|
350
|
-
|
351
337
|
# @api private
|
352
338
|
def configure_formatters
|
353
339
|
formatters_for_run.map do |formatter_name, output_path|
|
@@ -586,6 +572,15 @@ class Chef
|
|
586
572
|
end
|
587
573
|
end
|
588
574
|
|
575
|
+
#
|
576
|
+
# Setup conditions for Target Mode.
|
577
|
+
#
|
578
|
+
# @api private
|
579
|
+
#
|
580
|
+
def setup_targetmode
|
581
|
+
TargetIO::FileUtils.mkdir_p(Chef::Config[:file_cache_path])
|
582
|
+
end
|
583
|
+
|
589
584
|
#
|
590
585
|
# Run ohai plugins. Runs all ohai plugins unless minimal_ohai is specified.
|
591
586
|
#
|
@@ -1105,4 +1100,3 @@ end
|
|
1105
1100
|
require_relative "cookbook_loader"
|
1106
1101
|
require_relative "cookbook_version"
|
1107
1102
|
require_relative "cookbook/synchronizer"
|
1108
|
-
|
@@ -208,6 +208,16 @@ class Chef
|
|
208
208
|
logger.debug "Options are set to: #{opts}"
|
209
209
|
runner = ::Inspec::Runner.new(opts)
|
210
210
|
|
211
|
+
# Switch from local to remote backend for Target Mode
|
212
|
+
if ChefConfig::Config.target_mode?
|
213
|
+
logger.info "Configure InSpec backend to use established connection"
|
214
|
+
|
215
|
+
connection = Chef.run_context.transport_connection
|
216
|
+
backend = Inspec::Backend.new(connection)
|
217
|
+
|
218
|
+
runner.set_backend(backend)
|
219
|
+
end
|
220
|
+
|
211
221
|
if profiles.empty?
|
212
222
|
failed_report("No #{Inspec::Dist::PRODUCT_NAME} profiles are defined.")
|
213
223
|
return
|
@@ -50,7 +50,10 @@ class Chef
|
|
50
50
|
ignore_globs = []
|
51
51
|
if @ignore_file && readable_file_or_symlink?(@ignore_file)
|
52
52
|
File.foreach(@ignore_file) do |line|
|
53
|
-
|
53
|
+
unless COMMENTS_AND_WHITESPACE.match?(line)
|
54
|
+
line.strip!
|
55
|
+
ignore_globs << line
|
56
|
+
end
|
54
57
|
end
|
55
58
|
else
|
56
59
|
Chef::Log.debug("No chefignore file found. No files will be ignored!")
|
@@ -215,7 +215,7 @@ class Chef
|
|
215
215
|
Dir.entries(cookbook_path).each do |top_filename|
|
216
216
|
# Skip top-level directories starting with "."
|
217
217
|
top_path = File.join(cookbook_path, top_filename)
|
218
|
-
next if
|
218
|
+
next if top_filename.start_with?(".") && File.directory?(top_path)
|
219
219
|
|
220
220
|
# Use Find.find because it:
|
221
221
|
# (a) returns any children, recursively
|
@@ -61,6 +61,11 @@ class Chef
|
|
61
61
|
|
62
62
|
def cleanup_file_cache
|
63
63
|
unless Chef::Config[:solo_legacy_mode] || skip_removal
|
64
|
+
if Chef::Config.target_mode?
|
65
|
+
TargetIO::FileUtils.rm_rf(Chef::Config[:file_cache_path])
|
66
|
+
return
|
67
|
+
end
|
68
|
+
|
64
69
|
# Delete each file in the cache that we didn't encounter in the
|
65
70
|
# manifest.
|
66
71
|
cache.find(File.join(%w{cookbooks ** {*,.*}})).each do |cache_filename|
|
@@ -280,8 +285,9 @@ class Chef
|
|
280
285
|
end
|
281
286
|
|
282
287
|
def ensure_cookbook_paths
|
288
|
+
cookbook_path = File.join(Chef::Config[:file_cache_path], "cookbooks")
|
283
289
|
cookbooks.each do |cookbook|
|
284
|
-
cb_dir = File.join(
|
290
|
+
cb_dir = File.join(cookbook_path, cookbook.name)
|
285
291
|
cookbook.root_paths = Array(cb_dir)
|
286
292
|
end
|
287
293
|
end
|
@@ -173,9 +173,9 @@ class Chef
|
|
173
173
|
def files_for(part)
|
174
174
|
return root_files if part.to_s == "root_files"
|
175
175
|
|
176
|
+
part_match = "#{part}/"
|
176
177
|
manifest[:all_files].select do |file|
|
177
|
-
|
178
|
-
part.to_s == seg
|
178
|
+
file[:name].start_with?(part_match)
|
179
179
|
end
|
180
180
|
end
|
181
181
|
|
@@ -29,7 +29,7 @@ class Chef
|
|
29
29
|
module ClassMethods
|
30
30
|
# We want to mix these in as class methods
|
31
31
|
def writable?(path)
|
32
|
-
::File.writable?(path)
|
32
|
+
::TargetIO::File.writable?(path)
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
@@ -120,7 +120,7 @@ class Chef
|
|
120
120
|
return nil if resource.nil? || resource.group.nil?
|
121
121
|
|
122
122
|
if resource.group.is_a?(String)
|
123
|
-
diminished_radix_complement( Etc.getgrnam(resource.group).gid )
|
123
|
+
diminished_radix_complement( TargetIO::Etc.getgrnam(resource.group).gid )
|
124
124
|
elsif resource.group.is_a?(Integer)
|
125
125
|
resource.group
|
126
126
|
else
|
@@ -222,9 +222,9 @@ class Chef
|
|
222
222
|
|
223
223
|
def stat
|
224
224
|
if manage_symlink_attrs?
|
225
|
-
@stat ||= File.lstat(file)
|
225
|
+
@stat ||= TargetIO::File.lstat(file)
|
226
226
|
else
|
227
|
-
@stat ||= File.stat(file)
|
227
|
+
@stat ||= TargetIO::File.stat(file)
|
228
228
|
end
|
229
229
|
end
|
230
230
|
|
@@ -237,20 +237,20 @@ class Chef
|
|
237
237
|
def chmod(mode, file)
|
238
238
|
if manage_symlink_attrs?
|
239
239
|
begin
|
240
|
-
File.lchmod(mode, file)
|
240
|
+
TargetIO::File.lchmod(mode, file)
|
241
241
|
rescue NotImplementedError
|
242
242
|
Chef::Log.warn("#{file} mode not changed: File.lchmod is unimplemented on this OS and Ruby version")
|
243
243
|
end
|
244
244
|
else
|
245
|
-
File.chmod(mode, file)
|
245
|
+
TargetIO::File.chmod(mode, file)
|
246
246
|
end
|
247
247
|
end
|
248
248
|
|
249
249
|
def chown(uid, gid, file)
|
250
250
|
if manage_symlink_attrs?
|
251
|
-
File.lchown(uid, gid, file)
|
251
|
+
TargetIO::File.lchown(uid, gid, file)
|
252
252
|
else
|
253
|
-
File.chown(uid, gid, file)
|
253
|
+
TargetIO::File.chown(uid, gid, file)
|
254
254
|
end
|
255
255
|
end
|
256
256
|
|
@@ -269,7 +269,7 @@ class Chef
|
|
269
269
|
return nil if resource.nil? || resource.owner.nil?
|
270
270
|
|
271
271
|
if resource.owner.is_a?(String)
|
272
|
-
diminished_radix_complement( Etc.getpwnam(resource.owner).uid )
|
272
|
+
diminished_radix_complement( TargetIO::Etc.getpwnam(resource.owner).uid )
|
273
273
|
elsif resource.owner.is_a?(Integer)
|
274
274
|
resource.owner
|
275
275
|
else
|
data/lib/chef/file_cache.rb
CHANGED
@@ -159,9 +159,24 @@ class Chef
|
|
159
159
|
# [String] - An array of file cache keys matching the glob
|
160
160
|
def find(glob_pattern)
|
161
161
|
keys = []
|
162
|
-
|
162
|
+
file_cache_dir = Chef::Util::PathHelper.escape_glob_dir(file_cache_path)
|
163
|
+
first_filename = Dir[file_cache_dir].first # directory of the cache
|
164
|
+
return keys unless first_filename
|
165
|
+
|
166
|
+
# TODO: The usage of Regexp.escape and the match here is likely
|
167
|
+
# vestigial, but since it's only getting called once per method, the
|
168
|
+
# effort needed to confirm that its removal won't break something else
|
169
|
+
# isn't worth it. A task for a brave soul ;-)
|
170
|
+
regexp_pattern = /^(#{Regexp.escape(first_filename) + File::Separator}).+/
|
171
|
+
|
172
|
+
files = Dir[File.join(file_cache_dir, glob_pattern)]
|
173
|
+
until files.empty?
|
174
|
+
f = files.shift
|
163
175
|
if File.file?(f)
|
164
|
-
|
176
|
+
# We remove the cache directory from the string of each entry
|
177
|
+
path_to_remove ||= f[regexp_pattern, 1]
|
178
|
+
f.delete_prefix!(path_to_remove)
|
179
|
+
keys << f
|
165
180
|
end
|
166
181
|
end
|
167
182
|
keys
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module TargetIO
|
2
|
+
class Deploy
|
3
|
+
def create(file)
|
4
|
+
Chef::Log.trace("Touching #{file} to create it")
|
5
|
+
TargetIO::FileUtils.touch(file)
|
6
|
+
end
|
7
|
+
|
8
|
+
def deploy(src, dst)
|
9
|
+
Chef::Log.trace("Reading modes from remote file #{dst}")
|
10
|
+
stat = ::TargetIO::File.stat(dst)
|
11
|
+
mode = stat.mode & 07777
|
12
|
+
uid = stat.uid
|
13
|
+
gid = stat.gid
|
14
|
+
|
15
|
+
# TODO: Switch to TargetIO::File.open as soon as writing is implemented
|
16
|
+
Chef::Log.trace("Uploading local temporary file #{src} as remote file #{dst}")
|
17
|
+
connection = Chef.run_context&.transport_connection
|
18
|
+
connection.upload(src, dst)
|
19
|
+
|
20
|
+
Chef::Log.trace("Applying mode = #{mode.to_s(8)}, uid = #{uid}, gid = #{gid} to #{dst}")
|
21
|
+
::TargetIO::File.chown(uid, nil, dst)
|
22
|
+
::TargetIO::File.chown(nil, gid, dst)
|
23
|
+
::TargetIO::File.chmod(mode, dst)
|
24
|
+
|
25
|
+
# Local clean up
|
26
|
+
File.delete(src)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -18,6 +18,7 @@
|
|
18
18
|
|
19
19
|
require_relative "deploy/cp"
|
20
20
|
require_relative "deploy/mv_unix"
|
21
|
+
require_relative "deploy/target_io"
|
21
22
|
if ChefUtils.windows?
|
22
23
|
require_relative "deploy/mv_windows"
|
23
24
|
end
|
@@ -26,7 +27,9 @@ class Chef
|
|
26
27
|
class FileContentManagement
|
27
28
|
class Deploy
|
28
29
|
def self.strategy(atomic_update)
|
29
|
-
if
|
30
|
+
if ChefConfig::Config.target_mode?
|
31
|
+
TargetIO::Deploy.new
|
32
|
+
elsif atomic_update
|
30
33
|
ChefUtils.windows? ? MvWindows.new : MvUnix.new
|
31
34
|
else
|
32
35
|
Cp.new
|
data/lib/chef/formatters/doc.rb
CHANGED
@@ -57,7 +57,7 @@ class Chef
|
|
57
57
|
# Print out deprecations.
|
58
58
|
unless deprecations.empty?
|
59
59
|
puts_line ""
|
60
|
-
puts_line "Deprecation warnings that must be addressed before upgrading to
|
60
|
+
puts_line "Deprecation warnings that must be addressed before upgrading to #{ChefUtils::Dist::Infra::PRODUCT} #{Chef::VERSION.to_i + 1}:"
|
61
61
|
puts_line ""
|
62
62
|
deprecations.each do |message, details|
|
63
63
|
locations = details[:locations]
|
@@ -23,7 +23,9 @@ class Chef
|
|
23
23
|
module FileClass
|
24
24
|
|
25
25
|
def file_class
|
26
|
-
@host_os_file ||= if
|
26
|
+
@host_os_file ||= if ChefConfig::Config.target_mode?
|
27
|
+
::TargetIO::File
|
28
|
+
elsif ChefUtils.windows?
|
27
29
|
require_relative "../win32/file"
|
28
30
|
Chef::ReservedNames::Win32::File
|
29
31
|
else
|
@@ -38,7 +38,7 @@ class Chef
|
|
38
38
|
|
39
39
|
# if we're passed something that looks like a filesystem path, with no source, use it
|
40
40
|
# - require at least one '/' in the path to avoid gem_package "foo" breaking if a file named 'foo' exists in the cwd
|
41
|
-
if new_resource.source.nil? && new_resource.package_name.include?(::File::SEPARATOR) && ::File.exist?(new_resource.package_name)
|
41
|
+
if new_resource.source.nil? && new_resource.package_name.include?(::File::SEPARATOR) && ::TargetIO::File.exist?(new_resource.package_name)
|
42
42
|
Chef::Log.trace("No package source specified, but #{new_resource.package_name} exists on the filesystem, copying to package source")
|
43
43
|
new_resource.source(new_resource.package_name)
|
44
44
|
end
|
@@ -157,7 +157,7 @@ class Chef
|
|
157
157
|
raise TypeError, "curve must be a string" unless curve.is_a?(String)
|
158
158
|
raise ArgumentError, "Specified curve is not available on this system" unless %w{prime256v1 secp384r1 secp521r1}.include?(curve)
|
159
159
|
|
160
|
-
::OpenSSL::PKey::EC.
|
160
|
+
::OpenSSL::PKey::EC.generate(curve)
|
161
161
|
end
|
162
162
|
|
163
163
|
# generate pem format of the public key given a private key
|
data/lib/chef/node/attribute.rb
CHANGED
@@ -570,7 +570,7 @@ class Chef
|
|
570
570
|
]
|
571
571
|
|
572
572
|
ret = components.inject(NIL) do |merged, component|
|
573
|
-
hash_only_merge!(merged, component)
|
573
|
+
component == NIL ? merged : hash_only_merge!(merged, component)
|
574
574
|
end
|
575
575
|
ret == NIL ? nil : ret
|
576
576
|
end
|
@@ -584,7 +584,7 @@ class Chef
|
|
584
584
|
def merge_defaults(path)
|
585
585
|
DEFAULT_COMPONENTS.inject(NIL) do |merged, component_ivar|
|
586
586
|
component_value = apply_path(instance_variable_get(component_ivar), path)
|
587
|
-
deep_merge!(merged, component_value)
|
587
|
+
component_value == NIL ? merged : deep_merge!(merged, component_value)
|
588
588
|
end
|
589
589
|
end
|
590
590
|
|
@@ -597,7 +597,7 @@ class Chef
|
|
597
597
|
def merge_overrides(path)
|
598
598
|
OVERRIDE_COMPONENTS.inject(NIL) do |merged, component_ivar|
|
599
599
|
component_value = apply_path(instance_variable_get(component_ivar), path)
|
600
|
-
deep_merge!(merged, component_value)
|
600
|
+
component_value == NIL ? merged : deep_merge!(merged, component_value)
|
601
601
|
end
|
602
602
|
end
|
603
603
|
|
@@ -628,10 +628,6 @@ class Chef
|
|
628
628
|
elsif merge_onto.is_a?(Array) && merge_with.is_a?(Array)
|
629
629
|
merge_onto |= merge_with
|
630
630
|
|
631
|
-
# If merge_with is NIL, don't replace merge_onto
|
632
|
-
elsif merge_with == NIL
|
633
|
-
merge_onto
|
634
|
-
|
635
631
|
# In all other cases, replace merge_onto with merge_with
|
636
632
|
else
|
637
633
|
if merge_with.is_a?(Hash)
|
@@ -661,10 +657,6 @@ class Chef
|
|
661
657
|
end
|
662
658
|
merge_onto
|
663
659
|
|
664
|
-
# If merge_with is NIL, don't replace merge_onto
|
665
|
-
elsif merge_with == NIL
|
666
|
-
merge_onto
|
667
|
-
|
668
660
|
# In all other cases, replace merge_onto with merge_with
|
669
661
|
else
|
670
662
|
if merge_with.is_a?(Hash)
|
@@ -33,18 +33,25 @@ class Chef
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def convert_value(value)
|
36
|
-
# The order in this case statement is *important*.
|
37
|
-
# ImmutableMash and ImmutableArray should be tested first,
|
38
|
-
# as this saves unnecessary creation of intermediate objects
|
39
36
|
case value
|
40
|
-
when ImmutableMash, ImmutableArray
|
41
|
-
value
|
42
37
|
when Hash
|
43
|
-
ImmutableMash
|
38
|
+
if ImmutableMash === value
|
39
|
+
# Save an object creation
|
40
|
+
value
|
41
|
+
else
|
42
|
+
ImmutableMash.new(value, __root__, __node__, __precedence__)
|
43
|
+
end
|
44
44
|
when Array
|
45
|
-
ImmutableArray
|
45
|
+
if ImmutableArray === value
|
46
|
+
# Save an object creation
|
47
|
+
value
|
48
|
+
else
|
49
|
+
ImmutableArray.new(value, __root__, __node__, __precedence__)
|
50
|
+
end
|
46
51
|
else
|
47
|
-
|
52
|
+
# We return any already frozen strings, since that's common over the course of a run.
|
53
|
+
# Check `frozen?` first since that's faster than a Class comparison
|
54
|
+
value.frozen? && String === value ? value : safe_dup(value).freeze
|
48
55
|
end
|
49
56
|
end
|
50
57
|
|
@@ -37,7 +37,8 @@ class Chef
|
|
37
37
|
def [](*args)
|
38
38
|
ret = super
|
39
39
|
key = args.first
|
40
|
-
next_path = [ __path__, convert_key(key) ].flatten
|
40
|
+
next_path = [ __path__, convert_key(key) ].flatten
|
41
|
+
next_path.compact!
|
41
42
|
copy_state_to(ret, next_path)
|
42
43
|
end
|
43
44
|
|
@@ -45,7 +46,8 @@ class Chef
|
|
45
46
|
ret = super
|
46
47
|
key = args.first
|
47
48
|
value = args.last
|
48
|
-
next_path = [ __path__, convert_key(key) ].flatten
|
49
|
+
next_path = [ __path__, convert_key(key) ].flatten
|
50
|
+
next_path.compact!
|
49
51
|
send_attribute_changed_event(next_path, value)
|
50
52
|
copy_state_to(ret, next_path)
|
51
53
|
end
|
@@ -77,7 +79,8 @@ class Chef
|
|
77
79
|
end
|
78
80
|
|
79
81
|
def send_reset_cache(path = nil, key = nil)
|
80
|
-
next_path = [ path, key ].flatten
|
82
|
+
next_path = [ path, key ].flatten
|
83
|
+
next_path.compact!
|
81
84
|
__root__.reset_cache(next_path.first) if !__root__.nil? && __root__.respond_to?(:reset_cache)
|
82
85
|
end
|
83
86
|
|
@@ -132,6 +132,9 @@ class Chef
|
|
132
132
|
|
133
133
|
node.consume_external_attrs(ohai_data, json_attribs)
|
134
134
|
|
135
|
+
# Preserve the fall back to loading an unencrypted data bag item if the item we're trying to load isn't actually a vault item.
|
136
|
+
set_databag_fallback
|
137
|
+
|
135
138
|
setup_run_list_override
|
136
139
|
|
137
140
|
expand_run_list
|
@@ -191,6 +194,11 @@ class Chef
|
|
191
194
|
run_context
|
192
195
|
end
|
193
196
|
|
197
|
+
# Preserve the fall back to loading an unencrypted data bag item if the item we're trying to load isn't actually a vault item.
|
198
|
+
def set_databag_fallback
|
199
|
+
node.default["chef-vault"]["databag_fallback"] = ChefUtils.kitchen?(node)
|
200
|
+
end
|
201
|
+
|
194
202
|
# Sets `run_list` on the node from the policy, sets `roles` and `recipes`
|
195
203
|
# attributes on the node accordingly.
|
196
204
|
#
|
File without changes
|
data/lib/chef/provider/cron.rb
CHANGED
@@ -22,7 +22,7 @@ class Chef
|
|
22
22
|
class Provider
|
23
23
|
class Cron < Chef::Provider
|
24
24
|
|
25
|
-
provides :cron, os: ["!aix", "!solaris2"]
|
25
|
+
provides :cron, os: ["!aix", "!solaris2"], target_mode: true
|
26
26
|
|
27
27
|
SPECIAL_TIME_VALUES = %i{reboot yearly annually monthly weekly daily midnight hourly}.freeze
|
28
28
|
CRON_ATTRIBUTES = %i{minute hour day month weekday time command mailto path shell home environment}.freeze
|
@@ -27,12 +27,12 @@ class Chef
|
|
27
27
|
class Provider
|
28
28
|
class Directory < Chef::Provider::File
|
29
29
|
|
30
|
-
provides :directory
|
30
|
+
provides :directory, target_mode: true
|
31
31
|
|
32
32
|
def load_current_resource
|
33
33
|
@current_resource = Chef::Resource::Directory.new(new_resource.name)
|
34
34
|
current_resource.path(new_resource.path)
|
35
|
-
if ::File.exist?(current_resource.path) && @action != :create_if_missing
|
35
|
+
if ::TargetIO::File.exist?(current_resource.path) && @action != :create_if_missing
|
36
36
|
load_resource_attributes_from_file(current_resource)
|
37
37
|
end
|
38
38
|
current_resource
|
@@ -50,15 +50,15 @@ class Chef
|
|
50
50
|
if new_resource.recursive
|
51
51
|
does_parent_exist = lambda do |base_dir|
|
52
52
|
base_dir = ::File.dirname(base_dir)
|
53
|
-
if ::File.exist?(base_dir)
|
54
|
-
::File.directory?(base_dir)
|
53
|
+
if ::TargetIO::File.exist?(base_dir)
|
54
|
+
::TargetIO::File.directory?(base_dir)
|
55
55
|
else
|
56
56
|
does_parent_exist.call(base_dir)
|
57
57
|
end
|
58
58
|
end
|
59
59
|
does_parent_exist.call(new_resource.path)
|
60
60
|
else
|
61
|
-
::File.directory?(parent_directory)
|
61
|
+
::TargetIO::File.directory?(parent_directory)
|
62
62
|
end
|
63
63
|
end
|
64
64
|
a.failure_message(Chef::Exceptions::EnclosingDirectoryDoesNotExist, "Parent directory #{parent_directory} does not exist, cannot create #{new_resource.path}")
|
@@ -73,7 +73,7 @@ class Chef
|
|
73
73
|
# make sure we have write permissions to that directory
|
74
74
|
is_parent_writable = lambda do |base_dir|
|
75
75
|
base_dir = ::File.dirname(base_dir)
|
76
|
-
if ::File.exist?(base_dir)
|
76
|
+
if ::TargetIO::File.exist?(base_dir)
|
77
77
|
if Chef::FileAccessControl.writable?(base_dir)
|
78
78
|
true
|
79
79
|
elsif Chef::Util::PathHelper.is_sip_path?(base_dir, node)
|
@@ -89,7 +89,7 @@ class Chef
|
|
89
89
|
else
|
90
90
|
# in why run mode & parent directory does not exist no permissions check is required
|
91
91
|
# If not in why run, permissions must be valid and we rely on prior assertion that dir exists
|
92
|
-
if !whyrun_mode? || ::File.exist?(parent_directory)
|
92
|
+
if !whyrun_mode? || ::TargetIO::File.exist?(parent_directory)
|
93
93
|
if Chef::FileAccessControl.writable?(parent_directory)
|
94
94
|
true
|
95
95
|
elsif Chef::Util::PathHelper.is_sip_path?(parent_directory, node)
|
@@ -108,8 +108,8 @@ class Chef
|
|
108
108
|
|
109
109
|
requirements.assert(:delete) do |a|
|
110
110
|
a.assertion do
|
111
|
-
if ::File.exist?(new_resource.path)
|
112
|
-
::File.directory?(new_resource.path) && Chef::FileAccessControl.writable?(new_resource.path)
|
111
|
+
if ::TargetIO::File.exist?(new_resource.path)
|
112
|
+
::TargetIO::File.directory?(new_resource.path) && Chef::FileAccessControl.writable?(new_resource.path)
|
113
113
|
else
|
114
114
|
true
|
115
115
|
end
|
@@ -122,12 +122,12 @@ class Chef
|
|
122
122
|
end
|
123
123
|
|
124
124
|
action :create, description: "Create a directory. If a directory already exists (but does not match), update that directory to match." do
|
125
|
-
unless ::File.exist?(new_resource.path)
|
125
|
+
unless ::TargetIO::File.exist?(new_resource.path)
|
126
126
|
converge_by("create new directory #{new_resource.path}") do
|
127
127
|
if new_resource.recursive == true
|
128
|
-
::FileUtils.mkdir_p(new_resource.path)
|
128
|
+
::TargetIO::FileUtils.mkdir_p(new_resource.path)
|
129
129
|
else
|
130
|
-
::Dir.mkdir(new_resource.path)
|
130
|
+
::TargetIO::Dir.mkdir(new_resource.path)
|
131
131
|
end
|
132
132
|
logger.info("#{new_resource} created directory #{new_resource.path}")
|
133
133
|
end
|
@@ -138,15 +138,15 @@ class Chef
|
|
138
138
|
end
|
139
139
|
|
140
140
|
action :delete, description: "Delete a directory." do
|
141
|
-
if ::File.exist?(new_resource.path)
|
141
|
+
if ::TargetIO::File.exist?(new_resource.path)
|
142
142
|
converge_by("delete existing directory #{new_resource.path}") do
|
143
143
|
if new_resource.recursive == true
|
144
144
|
# we don't use rm_rf here because it masks all errors, including
|
145
145
|
# IO errors or permission errors that would prevent the deletion
|
146
|
-
FileUtils.rm_r(new_resource.path)
|
146
|
+
::TargetIO::FileUtils.rm_r(new_resource.path)
|
147
147
|
logger.info("#{new_resource} deleted #{new_resource.path} recursively")
|
148
148
|
else
|
149
|
-
::Dir.delete(new_resource.path)
|
149
|
+
::TargetIO::Dir.delete(new_resource.path)
|
150
150
|
logger.info("#{new_resource} deleted #{new_resource.path}")
|
151
151
|
end
|
152
152
|
end
|