chef 18.4.12 → 18.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +9 -2
- data/chef-universal-mingw-ucrt.gemspec +1 -1
- data/chef.gemspec +8 -8
- data/lib/chef/client.rb +0 -15
- data/lib/chef/cookbook/chefignore.rb +4 -1
- data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
- data/lib/chef/cookbook/remote_file_vendor.rb +3 -2
- data/lib/chef/cookbook/synchronizer.rb +2 -1
- data/lib/chef/cookbook_manifest.rb +2 -2
- data/lib/chef/exceptions.rb +1 -1
- data/lib/chef/file_cache.rb +17 -2
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/mixin/{homebrew_user.rb → homebrew.rb} +13 -16
- data/lib/chef/mixin/openssl_helper.rb +2 -13
- data/lib/chef/node/attribute.rb +3 -11
- data/lib/chef/node/immutable_collections.rb +15 -8
- data/lib/chef/node/mixin/state_tracking.rb +6 -3
- data/lib/chef/policy_builder/policyfile.rb +8 -0
- data/lib/chef/provider/package/chocolatey.rb +56 -26
- data/lib/chef/provider/package/homebrew.rb +6 -9
- data/lib/chef/provider/package/powershell.rb +1 -0
- data/lib/chef/provider/package/rubygems.rb +4 -0
- data/lib/chef/provider/package/snap.rb +1 -0
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/service/windows.rb +0 -1
- data/lib/chef/provider/user/windows.rb +5 -0
- data/lib/chef/resource/chef_client_config.rb +4 -2
- data/lib/chef/resource/chef_client_systemd_timer.rb +5 -0
- data/lib/chef/resource/chef_gem.rb +1 -1
- data/lib/chef/resource/execute.rb +8 -6
- data/lib/chef/resource/habitat_install.rb +2 -1
- data/lib/chef/resource/homebrew_cask.rb +19 -30
- data/lib/chef/resource/homebrew_tap.rb +32 -17
- data/lib/chef/resource/homebrew_update.rb +4 -4
- data/lib/chef/resource/powershell_package.rb +4 -0
- data/lib/chef/resource/snap_package.rb +23 -0
- data/lib/chef/resource/support/client.erb +4 -3
- data/lib/chef/resource/sysctl.rb +1 -0
- data/lib/chef/resource_inspector.rb +25 -7
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/registry.rb +5 -0
- data/lib/chef/win32/security.rb +9 -0
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/remote_file_spec.rb +1 -1
- data/spec/integration/client/fips_spec.rb +11 -2
- data/spec/integration/client/open_ssl_spec.rb +20 -0
- data/spec/spec_helper.rb +4 -1
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/platform_helpers.rb +28 -7
- data/spec/support/shared/functional/file_resource.rb +3 -3
- data/spec/unit/client_spec.rb +0 -16
- data/spec/unit/file_cache_spec.rb +64 -0
- data/spec/unit/mixin/homebrew_spec.rb +118 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +6 -1
- data/spec/unit/provider/package/chocolatey_spec.rb +17 -12
- data/spec/unit/provider/package/homebrew_spec.rb +4 -1
- data/spec/unit/provider/package/windows_spec.rb +5 -5
- data/spec/unit/provider/package/zypper_spec.rb +0 -10
- data/spec/unit/provider/user/windows_spec.rb +1 -0
- data/spec/unit/resource_inspector_spec.rb +36 -0
- metadata +23 -10
- data/spec/unit/mixin/homebrew_user_spec.rb +0 -119
@@ -18,7 +18,7 @@
|
|
18
18
|
#
|
19
19
|
|
20
20
|
require "etc" unless defined?(Etc)
|
21
|
-
require_relative "../../mixin/
|
21
|
+
require_relative "../../mixin/homebrew"
|
22
22
|
|
23
23
|
class Chef
|
24
24
|
class Provider
|
@@ -30,7 +30,7 @@ class Chef
|
|
30
30
|
provides :package, os: "darwin"
|
31
31
|
provides :homebrew_package
|
32
32
|
|
33
|
-
include Chef::Mixin::
|
33
|
+
include Chef::Mixin::Homebrew
|
34
34
|
|
35
35
|
def load_current_resource
|
36
36
|
@current_resource = Chef::Resource::HomebrewPackage.new(new_resource.name)
|
@@ -63,9 +63,8 @@ class Chef
|
|
63
63
|
# and which packages can be upgrades. We do this by checking if brew_info has an entry
|
64
64
|
# via the installed_version helper.
|
65
65
|
def upgrade_package(names, versions)
|
66
|
-
|
67
|
-
|
68
|
-
install_pkgs = names.select { |x| x unless installed_version(x) }.compact
|
66
|
+
upgrade_pkgs = names.filter_map { |x| x if installed_version(x) }
|
67
|
+
install_pkgs = names.filter_map { |x| x unless installed_version(x) }
|
69
68
|
|
70
69
|
brew_cmd_output("upgrade", options, upgrade_pkgs) unless upgrade_pkgs.empty?
|
71
70
|
brew_cmd_output("install", options, install_pkgs) unless install_pkgs.empty?
|
@@ -182,7 +181,7 @@ class Chef
|
|
182
181
|
homebrew_uid = find_homebrew_uid(new_resource.respond_to?(:homebrew_user) && new_resource.homebrew_user)
|
183
182
|
homebrew_user = Etc.getpwuid(homebrew_uid)
|
184
183
|
|
185
|
-
logger.trace "Executing '
|
184
|
+
logger.trace "Executing '#{homebrew_bin_path} #{command.join(" ")}' as user '#{homebrew_user.name}'"
|
186
185
|
|
187
186
|
# allow the calling method to decide if the cmd should raise or not
|
188
187
|
# brew_info uses this when querying out available package info since a bad
|
@@ -190,11 +189,9 @@ class Chef
|
|
190
189
|
# the package provider can magically handle that
|
191
190
|
shell_out_cmd = options[:allow_failure] ? :shell_out : :shell_out!
|
192
191
|
|
193
|
-
|
194
|
-
output = send(shell_out_cmd, "brew", *command, timeout: 1800, user: homebrew_uid, environment: { "HOME" => homebrew_user.dir, "RUBYOPT" => nil, "TMPDIR" => nil })
|
192
|
+
output = send(shell_out_cmd, homebrew_bin_path, *command, user: homebrew_uid, login: true, environment: { "HOME" => homebrew_user.dir, "RUBYOPT" => nil, "TMPDIR" => nil })
|
195
193
|
output.stdout.chomp
|
196
194
|
end
|
197
|
-
|
198
195
|
end
|
199
196
|
end
|
200
197
|
end
|
@@ -127,6 +127,7 @@ class Chef
|
|
127
127
|
command.push("-RequiredVersion #{version}") if version
|
128
128
|
command.push("-Source #{new_resource.source}") if new_resource.source && cmdlet_name =~ Regexp.union(/Install-Package/, /Find-Package/)
|
129
129
|
command.push("-SkipPublisherCheck") if new_resource.skip_publisher_check && cmdlet_name !~ /Find-Package/
|
130
|
+
command.push("-AllowClobber") if new_resource.allow_clobber
|
130
131
|
if new_resource.options && cmdlet_name !~ Regexp.union(/Get-Package/, /Find-Package/)
|
131
132
|
new_resource.options.each do |arg|
|
132
133
|
command.push(arg) unless command.include?(arg)
|
@@ -136,6 +136,10 @@ class Chef
|
|
136
136
|
if defined?(Gem::Format) && Gem::Package.respond_to?(:open)
|
137
137
|
Gem::Format.from_file_by_path(file).spec
|
138
138
|
else
|
139
|
+
# Gem::Package is getting defined as an empty class as of bundler 2.5.23
|
140
|
+
# and therefore won't autoload
|
141
|
+
# ["bundler-2.5.23/lib/bundler/rubygems_ext.rb", 457]
|
142
|
+
require "rubygems/package" if Gem::Package.method(:new).source_location.nil?
|
139
143
|
Gem::Package.new(file).spec
|
140
144
|
end
|
141
145
|
end
|
@@ -146,7 +146,6 @@ class Chef
|
|
146
146
|
if md = line.match(/^(\S*)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(.*)$/)
|
147
147
|
(status, name, type, version, arch, repo) = [ md[1], md[2], md[3], md[4], md[5], md[6] ]
|
148
148
|
next if version == "Version" # header
|
149
|
-
next if name != package_name
|
150
149
|
|
151
150
|
# sometimes even though we request a specific version in the search string above and have match exact, we wind up
|
152
151
|
# with other versions in the output, particularly getting the installed version when downgrading.
|
@@ -74,7 +74,6 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
|
|
74
74
|
current_resource.run_as_user(config_info.service_start_name) if config_info.service_start_name
|
75
75
|
current_resource.display_name(config_info.display_name) if config_info.display_name
|
76
76
|
current_resource.delayed_start(current_delayed_start) if current_delayed_start
|
77
|
-
current_resource.description(config_info.description) if new_resource.description
|
78
77
|
end
|
79
78
|
|
80
79
|
current_resource
|
@@ -85,7 +85,12 @@ class Chef
|
|
85
85
|
@net_user.update(**set_options)
|
86
86
|
end
|
87
87
|
|
88
|
+
def clear_account_rights(name)
|
89
|
+
Chef::ReservedNames::Win32::Security.clear_account_rights(name)
|
90
|
+
end
|
91
|
+
|
88
92
|
def remove_user
|
93
|
+
clear_account_rights(new_resource.username)
|
89
94
|
@net_user.delete
|
90
95
|
end
|
91
96
|
|
@@ -195,10 +195,12 @@ class Chef
|
|
195
195
|
|
196
196
|
property :policy_persist_run_list, [true, false],
|
197
197
|
description: "Override run lists defined in a Policyfile with the `run_list` defined on the #{ChefUtils::Dist::Server::PRODUCT}.",
|
198
|
-
introduced: "17.3"
|
198
|
+
introduced: "17.3",
|
199
|
+
default: false
|
199
200
|
|
200
201
|
property :minimal_ohai, [true, false],
|
201
|
-
description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this
|
202
|
+
description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this to true may break cookbooks that assume all Ohai data will be present.",
|
203
|
+
default: false
|
202
204
|
|
203
205
|
property :start_handlers, Array,
|
204
206
|
description: %q(An array of hashes that contain a report handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
|
@@ -103,6 +103,10 @@ class Chef
|
|
103
103
|
coerce: proc { |x| Integer(x) },
|
104
104
|
callbacks: { "should be a positive Integer" => proc { |v| v > 0 } }
|
105
105
|
|
106
|
+
property :service_umask, [Integer, String],
|
107
|
+
description: "Fix umask for hardened systems that have a changed default umask. This changes the chef-client umask so any files or folders are created with new umask. Recommend setting to stand install default of 0022.",
|
108
|
+
introduced: "18.5"
|
109
|
+
|
106
110
|
action :add, description: "Add a systemd timer that runs #{ChefUtils::Dist::Infra::PRODUCT}." do
|
107
111
|
systemd_unit "#{new_resource.job_name}.service" do
|
108
112
|
content service_content
|
@@ -175,6 +179,7 @@ class Chef
|
|
175
179
|
"Install" => { "WantedBy" => "multi-user.target" },
|
176
180
|
}
|
177
181
|
|
182
|
+
unit["Service"]["UMask"] = new_resource.service_umask if new_resource.service_umask
|
178
183
|
unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
|
179
184
|
unit["Service"]["CPUQuota"] = "#{new_resource.cpu_quota}%" if new_resource.cpu_quota
|
180
185
|
unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?
|
@@ -442,14 +442,14 @@ class Chef
|
|
442
442
|
NetworkService have this right when running as a service. This is necessary
|
443
443
|
even if the user is an Administrator.
|
444
444
|
|
445
|
-
This right can be added and checked in a recipe using this example:
|
445
|
+
This right can be added and checked in a recipe using this example (will not take effect in the same Chef run):
|
446
446
|
|
447
447
|
```ruby
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
448
|
+
windows_user_privilege 'add assign token privilege' do
|
449
|
+
principal '<user>'
|
450
|
+
privilege 'SeAssignPrimaryTokenPrivilege'
|
451
|
+
action :add
|
452
|
+
end
|
453
453
|
```
|
454
454
|
|
455
455
|
The following example shows how to run `mkdir test_dir` from a Chef Infra Client
|
@@ -492,9 +492,11 @@ class Chef
|
|
492
492
|
|
493
493
|
**Run a command with an external input file**:
|
494
494
|
|
495
|
+
```ruby
|
495
496
|
execute 'md5sum' do
|
496
497
|
input File.read(__FILE__)
|
497
498
|
end
|
499
|
+
```
|
498
500
|
EXAMPLES
|
499
501
|
|
500
502
|
# The ResourceGuardInterpreter wraps a resource's guards in another resource. That inner resource
|
@@ -127,6 +127,7 @@ class Chef
|
|
127
127
|
remote_file ::File.join(Chef::Config[:file_cache_path], "hab-install.sh") do
|
128
128
|
source new_resource.install_url
|
129
129
|
sensitive true
|
130
|
+
mode 0755
|
130
131
|
end
|
131
132
|
|
132
133
|
execute "installing with hab-install.sh" do
|
@@ -235,7 +236,7 @@ class Chef
|
|
235
236
|
end
|
236
237
|
|
237
238
|
def hab_command
|
238
|
-
cmd = "
|
239
|
+
cmd = "#{Chef::Config[:file_cache_path]}/hab-install.sh"
|
239
240
|
cmd << " -v #{new_resource.hab_version} " if new_resource.hab_version
|
240
241
|
cmd << " -t x86_64-linux-kernel2" if node["kernel"]["release"].to_i < 3
|
241
242
|
cmd
|
@@ -18,7 +18,7 @@
|
|
18
18
|
#
|
19
19
|
|
20
20
|
require_relative "../resource"
|
21
|
-
require_relative "../mixin/
|
21
|
+
require_relative "../mixin/homebrew"
|
22
22
|
|
23
23
|
class Chef
|
24
24
|
class Resource
|
@@ -29,7 +29,7 @@ class Chef
|
|
29
29
|
description "Use the **homebrew_cask** resource to install binaries distributed via the Homebrew package manager."
|
30
30
|
introduced "14.0"
|
31
31
|
|
32
|
-
include Chef::Mixin::
|
32
|
+
include Chef::Mixin::Homebrew
|
33
33
|
|
34
34
|
property :cask_name, String,
|
35
35
|
description: "An optional property to set the cask name if it differs from the resource block's name.",
|
@@ -40,10 +40,6 @@ class Chef
|
|
40
40
|
property :options, String,
|
41
41
|
description: "Options to pass to the brew command during installation."
|
42
42
|
|
43
|
-
property :install_cask, [TrueClass, FalseClass],
|
44
|
-
description: "Automatically install the Homebrew cask tap, if necessary.",
|
45
|
-
default: true
|
46
|
-
|
47
43
|
property :homebrew_path, String,
|
48
44
|
description: "The path to the Homebrew binary."
|
49
45
|
|
@@ -53,37 +49,27 @@ class Chef
|
|
53
49
|
default_description: "Calculated default username"\
|
54
50
|
|
55
51
|
action :install, description: "Install an application that is packaged as a Homebrew cask." do
|
56
|
-
if new_resource.install_cask
|
57
|
-
homebrew_tap "homebrew/cask" do
|
58
|
-
homebrew_path homebrew_bin_path(new_resource.homebrew_path)
|
59
|
-
owner new_resource.owner
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
52
|
unless casked?
|
64
53
|
converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
cwd
|
54
|
+
execute "install cask #{new_resource.cask_name}" do
|
55
|
+
command "#{homebrew_bin_path(new_resource.homebrew_path)} install --cask #{new_resource.cask_name} #{new_resource.options}"
|
56
|
+
user new_resource.owner
|
57
|
+
cwd ::Dir.home(new_resource.owner)
|
58
|
+
login true
|
59
|
+
end
|
69
60
|
end
|
70
61
|
end
|
71
62
|
end
|
72
63
|
|
73
64
|
action :remove, description: "Remove an application that is packaged as a Homebrew cask." do
|
74
|
-
if new_resource.install_cask
|
75
|
-
homebrew_tap "homebrew/cask" do
|
76
|
-
homebrew_path homebrew_bin_path(new_resource.homebrew_path)
|
77
|
-
owner new_resource.owner
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
65
|
if casked?
|
82
66
|
converge_by("uninstall cask #{new_resource.cask_name}") do
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
cwd
|
67
|
+
execute "uninstall cask #{new_resource.cask_name}" do
|
68
|
+
command "#{homebrew_bin_path(new_resource.homebrew_path)} uninstall --cask #{new_resource.cask_name}"
|
69
|
+
user new_resource.owner
|
70
|
+
cwd ::Dir.home(new_resource.owner)
|
71
|
+
login true
|
72
|
+
end
|
87
73
|
end
|
88
74
|
end
|
89
75
|
end
|
@@ -98,10 +84,13 @@ class Chef
|
|
98
84
|
# @return [Boolean]
|
99
85
|
def casked?
|
100
86
|
unscoped_name = new_resource.cask_name.split("/").last
|
101
|
-
shell_out!(
|
87
|
+
shell_out!(
|
88
|
+
"#{homebrew_bin_path(new_resource.homebrew_path)} list --cask 2>/dev/null",
|
102
89
|
user: new_resource.owner,
|
103
90
|
env: { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
|
104
|
-
cwd: ::Dir.home(new_resource.owner)
|
91
|
+
cwd: ::Dir.home(new_resource.owner),
|
92
|
+
login: true
|
93
|
+
).stdout.split.include?(unscoped_name)
|
105
94
|
end
|
106
95
|
end
|
107
96
|
end
|
@@ -18,7 +18,7 @@
|
|
18
18
|
#
|
19
19
|
|
20
20
|
require_relative "../resource"
|
21
|
-
require_relative "../mixin/
|
21
|
+
require_relative "../mixin/homebrew"
|
22
22
|
|
23
23
|
class Chef
|
24
24
|
class Resource
|
@@ -29,7 +29,7 @@ class Chef
|
|
29
29
|
description "Use the **homebrew_tap** resource to add additional formula repositories to the Homebrew package manager."
|
30
30
|
introduced "14.0"
|
31
31
|
|
32
|
-
include Chef::Mixin::
|
32
|
+
include Chef::Mixin::Homebrew
|
33
33
|
|
34
34
|
property :tap_name, String,
|
35
35
|
description: "An optional property to set the tap name if it differs from the resource block's name.",
|
@@ -51,10 +51,13 @@ class Chef
|
|
51
51
|
action :tap, description: "Add a Homebrew tap." do
|
52
52
|
unless tapped?(new_resource.tap_name)
|
53
53
|
converge_by("tap #{new_resource.tap_name}") do
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
54
|
+
execute "tap #{new_resource.tap_name}" do
|
55
|
+
command "#{homebrew_bin_path(new_resource.homebrew_path)} tap #{new_resource.tap_name} #{new_resource.url || ""}"
|
56
|
+
user new_resource.owner
|
57
|
+
default_env true
|
58
|
+
cwd ::Dir.home(new_resource.owner)
|
59
|
+
login true
|
60
|
+
end
|
58
61
|
end
|
59
62
|
end
|
60
63
|
end
|
@@ -62,21 +65,33 @@ class Chef
|
|
62
65
|
action :untap, description: "Remove a Homebrew tap." do
|
63
66
|
if tapped?(new_resource.tap_name)
|
64
67
|
converge_by("untap #{new_resource.tap_name}") do
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
68
|
+
execute "untap #{new_resource.tap_name}" do
|
69
|
+
command "#{homebrew_bin_path(new_resource.homebrew_path)} untap #{new_resource.tap_name}"
|
70
|
+
user new_resource.owner
|
71
|
+
default_env true
|
72
|
+
cwd ::Dir.home(new_resource.owner)
|
73
|
+
login true
|
74
|
+
end
|
69
75
|
end
|
70
76
|
end
|
71
77
|
end
|
72
78
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
79
|
+
action_class do
|
80
|
+
# Is the passed tap already tapped
|
81
|
+
#
|
82
|
+
# @return [Boolean]
|
83
|
+
def tapped?(name)
|
84
|
+
brew_path = ::File.dirname(homebrew_bin_path(new_resource.homebrew_path))
|
85
|
+
base_path = [
|
86
|
+
"#{brew_path}/../homebrew",
|
87
|
+
"#{brew_path}/../Homebrew",
|
88
|
+
"/opt/homebrew",
|
89
|
+
"/usr/local/Homebrew",
|
90
|
+
"/home/linuxbrew/.linuxbrew",
|
91
|
+
].filter_map { |x| x if Dir.exist?(x) }.first
|
92
|
+
tap_dir = name.gsub("/", "/homebrew-")
|
93
|
+
::File.directory?("#{base_path}/Library/Taps/#{tap_dir}")
|
94
|
+
end
|
80
95
|
end
|
81
96
|
end
|
82
97
|
end
|
@@ -19,13 +19,13 @@
|
|
19
19
|
#
|
20
20
|
|
21
21
|
require_relative "../resource"
|
22
|
-
require_relative "../mixin/
|
22
|
+
require_relative "../mixin/homebrew"
|
23
23
|
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
24
24
|
|
25
25
|
class Chef
|
26
26
|
class Resource
|
27
27
|
class HomebrewUpdate < Chef::Resource
|
28
|
-
include Chef::Mixin::
|
28
|
+
include Chef::Mixin::Homebrew
|
29
29
|
|
30
30
|
provides(:homebrew_update) { true }
|
31
31
|
|
@@ -78,9 +78,9 @@ class Chef
|
|
78
78
|
end
|
79
79
|
|
80
80
|
execute "brew update" do
|
81
|
-
command
|
82
|
-
default_env true
|
81
|
+
command "#{homebrew_bin_path} update"
|
83
82
|
user find_homebrew_uid
|
83
|
+
login true
|
84
84
|
notifies :touch, "file[#{BREW_STAMP}]", :immediately
|
85
85
|
end
|
86
86
|
end
|
@@ -44,6 +44,10 @@ class Chef
|
|
44
44
|
description: "Skip validating module author.",
|
45
45
|
default: false, introduced: "14.3", desired_state: false
|
46
46
|
|
47
|
+
property :allow_clobber, [TrueClass, FalseClass],
|
48
|
+
description: "Overrides warning messages about installation conflicts about existing commands on a computer.",
|
49
|
+
default: false, introduced: "18.5"
|
50
|
+
|
47
51
|
end
|
48
52
|
end
|
49
53
|
end
|
@@ -26,6 +26,29 @@ class Chef
|
|
26
26
|
|
27
27
|
description "Use the **snap_package** resource to manage snap packages on Debian and Ubuntu platforms."
|
28
28
|
introduced "15.0"
|
29
|
+
examples <<~DOC
|
30
|
+
**Install a package**
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
snap_package 'hello'
|
34
|
+
```
|
35
|
+
|
36
|
+
**Upgrade a package**
|
37
|
+
|
38
|
+
```ruby
|
39
|
+
snap_package 'hello' do
|
40
|
+
action :upgrade
|
41
|
+
end
|
42
|
+
```
|
43
|
+
|
44
|
+
**Install a package with classic confinement**
|
45
|
+
|
46
|
+
```ruby
|
47
|
+
snap_package 'hello' do
|
48
|
+
options 'classic'
|
49
|
+
end
|
50
|
+
```
|
51
|
+
DOC
|
29
52
|
|
30
53
|
allowed_actions :install, :upgrade, :remove, :purge
|
31
54
|
|
@@ -10,18 +10,19 @@
|
|
10
10
|
@https_proxy
|
11
11
|
@ftp_proxy
|
12
12
|
@log_level
|
13
|
-
@minimal_ohai
|
14
13
|
@named_run_list
|
15
14
|
@no_proxy
|
16
15
|
@pid_file
|
17
16
|
@policy_group
|
18
17
|
@policy_name
|
19
18
|
@rubygems_url
|
20
|
-
@ssl_verify_mode
|
21
|
-
@policy_persist_run_list).each do |prop| -%>
|
19
|
+
@ssl_verify_mode).each do |prop| -%>
|
22
20
|
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
23
21
|
<%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
|
24
22
|
<% end -%>
|
23
|
+
<%# boolean properties are neither .nil? nor respond to .empty? so they are included below %>
|
24
|
+
minimal_ohai <%= @minimal_ohai.inspect %>
|
25
|
+
policy_persist_run_list <%= @policy_persist_run_list.inspect %>
|
25
26
|
<%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
|
26
27
|
<% %w(@ohai_disabled_plugins
|
27
28
|
@ohai_optional_plugins).each do |prop| -%>
|
data/lib/chef/resource/sysctl.rb
CHANGED
@@ -103,6 +103,7 @@ class Chef
|
|
103
103
|
property :comment, [Array, String],
|
104
104
|
description: "Comments, placed above the resource setting in the generated file. For multi-line comments, use an array of strings, one per line.",
|
105
105
|
default: [],
|
106
|
+
desired_state: false,
|
106
107
|
introduced: "15.8"
|
107
108
|
|
108
109
|
property :conf_dir, String,
|
@@ -79,19 +79,37 @@ class Chef
|
|
79
79
|
Array(equal_to).map(&:inspect)
|
80
80
|
end
|
81
81
|
|
82
|
+
def self.load_from_resources(resources, complete)
|
83
|
+
resources.each_with_object({}) do |r, res|
|
84
|
+
pth = r["full_path"]
|
85
|
+
# Here we do some magic to extract resources from files where there are multiple resources
|
86
|
+
# in a file - to do this, we load the file, and take the delta of which resources
|
87
|
+
# exist in object space
|
88
|
+
existing_classes = []
|
89
|
+
ObjectSpace.each_object(Class).select { |k| k < Chef::Resource }.each { |klass| existing_classes << klass }
|
90
|
+
# Load the set of resources from this file
|
91
|
+
Chef::Resource::LWRPBase.build_from_file(name, pth, Chef::RunContext.new(Chef::Node.new, nil, nil))
|
92
|
+
# Finally, process every new class added to the object space by that
|
93
|
+
ObjectSpace.each_object(Class).select { |k| k < Chef::Resource }.each do |klass|
|
94
|
+
unless existing_classes.include?(klass)
|
95
|
+
# Skip over anything which creates resources that start with exactly this - that happens
|
96
|
+
# because if there is no non-classed resource in here, LWRPBase.build_from_file builds a
|
97
|
+
# dummy object from it - we don't need that polluting out output!
|
98
|
+
next if klass.resource_name.start_with?("Chef__ResourceInspector")
|
99
|
+
|
100
|
+
res[klass.resource_name] = extract_resource(klass, complete)
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
82
106
|
def self.extract_cookbook(path, complete)
|
83
107
|
path = File.expand_path(path)
|
84
108
|
dir, name = File.split(path)
|
85
109
|
Chef::Cookbook::FileVendor.fetch_from_disk(path)
|
86
110
|
loader = Chef::CookbookLoader.new(dir)
|
87
111
|
cookbook = loader.load_cookbook(name)
|
88
|
-
|
89
|
-
|
90
|
-
resources.each_with_object({}) do |r, res|
|
91
|
-
pth = r["full_path"]
|
92
|
-
cur = Chef::Resource::LWRPBase.build_from_file(name, pth, Chef::RunContext.new(Chef::Node.new, nil, nil))
|
93
|
-
res[cur.resource_name] = extract_resource(cur, complete)
|
94
|
-
end
|
112
|
+
load_from_resources(cookbook.files_for(:resources), complete)
|
95
113
|
end
|
96
114
|
|
97
115
|
# If we're given no resources, dump all of Chef's built ins
|
data/lib/chef/version.rb
CHANGED
data/lib/chef/win32/registry.rb
CHANGED
@@ -26,6 +26,11 @@ if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
|
26
26
|
autoload :Registry, File.expand_path("../monkey_patches/win32/registry", __dir__)
|
27
27
|
end
|
28
28
|
require_relative "api/registry"
|
29
|
+
|
30
|
+
require "win32/resolv"
|
31
|
+
::Win32::Registry.define_method :export_string do |str, enc = (Encoding.default_internal || "utf-8")|
|
32
|
+
str.encode(enc)
|
33
|
+
end
|
29
34
|
end
|
30
35
|
|
31
36
|
class Chef
|
data/lib/chef/win32/security.rb
CHANGED
@@ -130,6 +130,15 @@ class Chef
|
|
130
130
|
end
|
131
131
|
end
|
132
132
|
|
133
|
+
def self.clear_account_rights(name)
|
134
|
+
return if get_account_right(name) == []
|
135
|
+
|
136
|
+
with_lsa_policy(name) do |policy_handle, sid|
|
137
|
+
result = LsaRemoveAccountRights(policy_handle.read_pointer, sid, true, nil, 1)
|
138
|
+
test_and_raise_lsa_nt_status(result)
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
133
142
|
def self.adjust_token_privileges(token, privileges)
|
134
143
|
token = token.handle if token.respond_to?(:handle)
|
135
144
|
old_privileges_size = FFI::Buffer.new(:long).write_long(privileges.size_with_privileges)
|
@@ -57,7 +57,7 @@ describe Chef::Resource::CookbookFile do
|
|
57
57
|
create_resource
|
58
58
|
end
|
59
59
|
|
60
|
-
it_behaves_like "a file resource"
|
60
|
+
it_behaves_like "a file resource", :not_supported_on_windows_11
|
61
61
|
|
62
62
|
# These examples cover CHEF-3467 where unexpected and incorrect
|
63
63
|
# permissions can result on Windows because CookbookFile's
|
@@ -245,7 +245,7 @@ describe Chef::Resource::RemoteFile do
|
|
245
245
|
end
|
246
246
|
end
|
247
247
|
|
248
|
-
context "when the
|
248
|
+
context "when the file is only accessible as a specific alternate identity" do
|
249
249
|
let(:windows_nonadmin_user) { "chefremfile2" }
|
250
250
|
let(:windows_nonadmin_user_password) { "j82ajfxK3;2Xe2" }
|
251
251
|
include_context "a non-admin Windows user"
|
@@ -9,12 +9,21 @@ describe "chef-client fips" do
|
|
9
9
|
after { OpenSSL.fips_mode = false }
|
10
10
|
|
11
11
|
# For non-FIPS OSes/builds of Ruby, enabling FIPS should error
|
12
|
-
example "Error enabling fips_mode if FIPS not linked",
|
12
|
+
example "Error enabling fips_mode if FIPS not linked", :fips_mode_negative_test do
|
13
13
|
expect { enable_fips }.to raise_error(OpenSSL::OpenSSLError)
|
14
14
|
end
|
15
15
|
|
16
|
+
example "Do not error on MD5 if not fips_mode", :fips_mode_negative_test do
|
17
|
+
expect { OpenSSL::Digest.new("MD5", "test string for digesting") }.not_to raise_error
|
18
|
+
end
|
19
|
+
|
16
20
|
# For FIPS OSes/builds of Ruby, enabling FIPS should not error
|
17
|
-
example "Do not error enabling fips_mode if FIPS linked",
|
21
|
+
example "Do not error enabling fips_mode if FIPS linked", :fips_mode_test do
|
18
22
|
expect { enable_fips }.not_to raise_error
|
19
23
|
end
|
24
|
+
|
25
|
+
example "Error on MD5 if fips_mode", :fips_mode_test do
|
26
|
+
enable_fips
|
27
|
+
expect { OpenSSL::Digest.new("MD5", "test string for digesting") }.to raise_error(OpenSSL::Digest::DigestError)
|
28
|
+
end
|
20
29
|
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "openssl checks" do
|
4
|
+
let(:openssl_version_default) do
|
5
|
+
if windows?
|
6
|
+
"3.0.9"
|
7
|
+
elsif macos?
|
8
|
+
"1.1.1m"
|
9
|
+
else
|
10
|
+
"3.0.9"
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
%w{version library_version}.each do |method|
|
15
|
+
# macOS just picks up its own for some reason, maybe it circumvents a build step
|
16
|
+
example "check #{method}", not_supported_on_macos: true do
|
17
|
+
expect(OpenSSL.const_get("OPENSSL_#{method.upcase}")).to match(openssl_version_default), "OpenSSL doesn't match omnibus_overrides.rb"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|