chef 18.4.12 → 18.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +9 -2
  3. data/chef-universal-mingw-ucrt.gemspec +1 -1
  4. data/chef.gemspec +8 -8
  5. data/lib/chef/client.rb +0 -15
  6. data/lib/chef/cookbook/chefignore.rb +4 -1
  7. data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
  8. data/lib/chef/cookbook/remote_file_vendor.rb +3 -2
  9. data/lib/chef/cookbook/synchronizer.rb +2 -1
  10. data/lib/chef/cookbook_manifest.rb +2 -2
  11. data/lib/chef/exceptions.rb +1 -1
  12. data/lib/chef/file_cache.rb +17 -2
  13. data/lib/chef/formatters/doc.rb +1 -1
  14. data/lib/chef/mixin/{homebrew_user.rb → homebrew.rb} +13 -16
  15. data/lib/chef/mixin/openssl_helper.rb +2 -13
  16. data/lib/chef/node/attribute.rb +3 -11
  17. data/lib/chef/node/immutable_collections.rb +15 -8
  18. data/lib/chef/node/mixin/state_tracking.rb +6 -3
  19. data/lib/chef/policy_builder/policyfile.rb +8 -0
  20. data/lib/chef/provider/package/chocolatey.rb +56 -26
  21. data/lib/chef/provider/package/homebrew.rb +6 -9
  22. data/lib/chef/provider/package/powershell.rb +1 -0
  23. data/lib/chef/provider/package/rubygems.rb +4 -0
  24. data/lib/chef/provider/package/snap.rb +1 -0
  25. data/lib/chef/provider/package/zypper.rb +0 -1
  26. data/lib/chef/provider/service/windows.rb +0 -1
  27. data/lib/chef/provider/user/windows.rb +5 -0
  28. data/lib/chef/resource/chef_client_config.rb +4 -2
  29. data/lib/chef/resource/chef_client_systemd_timer.rb +5 -0
  30. data/lib/chef/resource/chef_gem.rb +1 -1
  31. data/lib/chef/resource/execute.rb +8 -6
  32. data/lib/chef/resource/habitat_install.rb +2 -1
  33. data/lib/chef/resource/homebrew_cask.rb +19 -30
  34. data/lib/chef/resource/homebrew_tap.rb +32 -17
  35. data/lib/chef/resource/homebrew_update.rb +4 -4
  36. data/lib/chef/resource/powershell_package.rb +4 -0
  37. data/lib/chef/resource/snap_package.rb +23 -0
  38. data/lib/chef/resource/support/client.erb +4 -3
  39. data/lib/chef/resource/sysctl.rb +1 -0
  40. data/lib/chef/resource_inspector.rb +25 -7
  41. data/lib/chef/version.rb +1 -1
  42. data/lib/chef/win32/registry.rb +5 -0
  43. data/lib/chef/win32/security.rb +9 -0
  44. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  45. data/spec/functional/resource/remote_file_spec.rb +1 -1
  46. data/spec/integration/client/fips_spec.rb +11 -2
  47. data/spec/integration/client/open_ssl_spec.rb +20 -0
  48. data/spec/spec_helper.rb +4 -1
  49. data/spec/support/chef_helpers.rb +2 -2
  50. data/spec/support/platform_helpers.rb +28 -7
  51. data/spec/support/shared/functional/file_resource.rb +3 -3
  52. data/spec/unit/client_spec.rb +0 -16
  53. data/spec/unit/file_cache_spec.rb +64 -0
  54. data/spec/unit/mixin/homebrew_spec.rb +118 -0
  55. data/spec/unit/mixin/openssl_helper_spec.rb +6 -1
  56. data/spec/unit/provider/package/chocolatey_spec.rb +17 -12
  57. data/spec/unit/provider/package/homebrew_spec.rb +4 -1
  58. data/spec/unit/provider/package/windows_spec.rb +5 -5
  59. data/spec/unit/provider/package/zypper_spec.rb +0 -10
  60. data/spec/unit/provider/user/windows_spec.rb +1 -0
  61. data/spec/unit/resource_inspector_spec.rb +36 -0
  62. metadata +23 -10
  63. data/spec/unit/mixin/homebrew_user_spec.rb +0 -119
@@ -18,7 +18,7 @@
18
18
  #
19
19
 
20
20
  require "etc" unless defined?(Etc)
21
- require_relative "../../mixin/homebrew_user"
21
+ require_relative "../../mixin/homebrew"
22
22
 
23
23
  class Chef
24
24
  class Provider
@@ -30,7 +30,7 @@ class Chef
30
30
  provides :package, os: "darwin"
31
31
  provides :homebrew_package
32
32
 
33
- include Chef::Mixin::HomebrewUser
33
+ include Chef::Mixin::Homebrew
34
34
 
35
35
  def load_current_resource
36
36
  @current_resource = Chef::Resource::HomebrewPackage.new(new_resource.name)
@@ -63,9 +63,8 @@ class Chef
63
63
  # and which packages can be upgrades. We do this by checking if brew_info has an entry
64
64
  # via the installed_version helper.
65
65
  def upgrade_package(names, versions)
66
- # @todo when we no longer support Ruby 2.6 this can be simplified to be a .filter_map
67
- upgrade_pkgs = names.select { |x| x if installed_version(x) }.compact
68
- install_pkgs = names.select { |x| x unless installed_version(x) }.compact
66
+ upgrade_pkgs = names.filter_map { |x| x if installed_version(x) }
67
+ install_pkgs = names.filter_map { |x| x unless installed_version(x) }
69
68
 
70
69
  brew_cmd_output("upgrade", options, upgrade_pkgs) unless upgrade_pkgs.empty?
71
70
  brew_cmd_output("install", options, install_pkgs) unless install_pkgs.empty?
@@ -182,7 +181,7 @@ class Chef
182
181
  homebrew_uid = find_homebrew_uid(new_resource.respond_to?(:homebrew_user) && new_resource.homebrew_user)
183
182
  homebrew_user = Etc.getpwuid(homebrew_uid)
184
183
 
185
- logger.trace "Executing 'brew #{command.join(" ")}' as user '#{homebrew_user.name}'"
184
+ logger.trace "Executing '#{homebrew_bin_path} #{command.join(" ")}' as user '#{homebrew_user.name}'"
186
185
 
187
186
  # allow the calling method to decide if the cmd should raise or not
188
187
  # brew_info uses this when querying out available package info since a bad
@@ -190,11 +189,9 @@ class Chef
190
189
  # the package provider can magically handle that
191
190
  shell_out_cmd = options[:allow_failure] ? :shell_out : :shell_out!
192
191
 
193
- # FIXME: this 1800 second default timeout should be deprecated
194
- output = send(shell_out_cmd, "brew", *command, timeout: 1800, user: homebrew_uid, environment: { "HOME" => homebrew_user.dir, "RUBYOPT" => nil, "TMPDIR" => nil })
192
+ output = send(shell_out_cmd, homebrew_bin_path, *command, user: homebrew_uid, login: true, environment: { "HOME" => homebrew_user.dir, "RUBYOPT" => nil, "TMPDIR" => nil })
195
193
  output.stdout.chomp
196
194
  end
197
-
198
195
  end
199
196
  end
200
197
  end
@@ -127,6 +127,7 @@ class Chef
127
127
  command.push("-RequiredVersion #{version}") if version
128
128
  command.push("-Source #{new_resource.source}") if new_resource.source && cmdlet_name =~ Regexp.union(/Install-Package/, /Find-Package/)
129
129
  command.push("-SkipPublisherCheck") if new_resource.skip_publisher_check && cmdlet_name !~ /Find-Package/
130
+ command.push("-AllowClobber") if new_resource.allow_clobber
130
131
  if new_resource.options && cmdlet_name !~ Regexp.union(/Get-Package/, /Find-Package/)
131
132
  new_resource.options.each do |arg|
132
133
  command.push(arg) unless command.include?(arg)
@@ -136,6 +136,10 @@ class Chef
136
136
  if defined?(Gem::Format) && Gem::Package.respond_to?(:open)
137
137
  Gem::Format.from_file_by_path(file).spec
138
138
  else
139
+ # Gem::Package is getting defined as an empty class as of bundler 2.5.23
140
+ # and therefore won't autoload
141
+ # ["bundler-2.5.23/lib/bundler/rubygems_ext.rb", 457]
142
+ require "rubygems/package" if Gem::Package.method(:new).source_location.nil?
139
143
  Gem::Package.new(file).spec
140
144
  end
141
145
  end
@@ -218,6 +218,7 @@ class Chef
218
218
  waiting = true
219
219
  while waiting
220
220
  result = get_change_id(id)
221
+
221
222
  case result["result"]["status"]
222
223
  when "Do", "Doing", "Undoing", "Undo"
223
224
  # Continue
@@ -146,7 +146,6 @@ class Chef
146
146
  if md = line.match(/^(\S*)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(\S+)\s+\|\s+(.*)$/)
147
147
  (status, name, type, version, arch, repo) = [ md[1], md[2], md[3], md[4], md[5], md[6] ]
148
148
  next if version == "Version" # header
149
- next if name != package_name
150
149
 
151
150
  # sometimes even though we request a specific version in the search string above and have match exact, we wind up
152
151
  # with other versions in the output, particularly getting the installed version when downgrading.
@@ -74,7 +74,6 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
74
74
  current_resource.run_as_user(config_info.service_start_name) if config_info.service_start_name
75
75
  current_resource.display_name(config_info.display_name) if config_info.display_name
76
76
  current_resource.delayed_start(current_delayed_start) if current_delayed_start
77
- current_resource.description(config_info.description) if new_resource.description
78
77
  end
79
78
 
80
79
  current_resource
@@ -85,7 +85,12 @@ class Chef
85
85
  @net_user.update(**set_options)
86
86
  end
87
87
 
88
+ def clear_account_rights(name)
89
+ Chef::ReservedNames::Win32::Security.clear_account_rights(name)
90
+ end
91
+
88
92
  def remove_user
93
+ clear_account_rights(new_resource.username)
89
94
  @net_user.delete
90
95
  end
91
96
 
@@ -195,10 +195,12 @@ class Chef
195
195
 
196
196
  property :policy_persist_run_list, [true, false],
197
197
  description: "Override run lists defined in a Policyfile with the `run_list` defined on the #{ChefUtils::Dist::Server::PRODUCT}.",
198
- introduced: "17.3"
198
+ introduced: "17.3",
199
+ default: false
199
200
 
200
201
  property :minimal_ohai, [true, false],
201
- description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this this to true may break cookbooks that assume all Ohai data will be present."
202
+ description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this to true may break cookbooks that assume all Ohai data will be present.",
203
+ default: false
202
204
 
203
205
  property :start_handlers, Array,
204
206
  description: %q(An array of hashes that contain a report handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
@@ -103,6 +103,10 @@ class Chef
103
103
  coerce: proc { |x| Integer(x) },
104
104
  callbacks: { "should be a positive Integer" => proc { |v| v > 0 } }
105
105
 
106
+ property :service_umask, [Integer, String],
107
+ description: "Fix umask for hardened systems that have a changed default umask. This changes the chef-client umask so any files or folders are created with new umask. Recommend setting to stand install default of 0022.",
108
+ introduced: "18.5"
109
+
106
110
  action :add, description: "Add a systemd timer that runs #{ChefUtils::Dist::Infra::PRODUCT}." do
107
111
  systemd_unit "#{new_resource.job_name}.service" do
108
112
  content service_content
@@ -175,6 +179,7 @@ class Chef
175
179
  "Install" => { "WantedBy" => "multi-user.target" },
176
180
  }
177
181
 
182
+ unit["Service"]["UMask"] = new_resource.service_umask if new_resource.service_umask
178
183
  unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
179
184
  unit["Service"]["CPUQuota"] = "#{new_resource.cpu_quota}%" if new_resource.cpu_quota
180
185
  unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?
@@ -62,7 +62,7 @@ class Chef
62
62
  end
63
63
  ```
64
64
 
65
- **Install MySQL gem into #{ChefUtils::Dist::Infra::PRODUCT}***
65
+ **Install MySQL gem into #{ChefUtils::Dist::Infra::PRODUCT}**
66
66
  ```ruby
67
67
  apt_update
68
68
 
@@ -442,14 +442,14 @@ class Chef
442
442
  NetworkService have this right when running as a service. This is necessary
443
443
  even if the user is an Administrator.
444
444
 
445
- This right can be added and checked in a recipe using this example:
445
+ This right can be added and checked in a recipe using this example (will not take effect in the same Chef run):
446
446
 
447
447
  ```ruby
448
- # Add 'SeAssignPrimaryTokenPrivilege' for the user
449
- Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')
450
-
451
- # Check if the user has 'SeAssignPrimaryTokenPrivilege' rights
452
- Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege')
448
+ windows_user_privilege 'add assign token privilege' do
449
+ principal '<user>'
450
+ privilege 'SeAssignPrimaryTokenPrivilege'
451
+ action :add
452
+ end
453
453
  ```
454
454
 
455
455
  The following example shows how to run `mkdir test_dir` from a Chef Infra Client
@@ -492,9 +492,11 @@ class Chef
492
492
 
493
493
  **Run a command with an external input file**:
494
494
 
495
+ ```ruby
495
496
  execute 'md5sum' do
496
497
  input File.read(__FILE__)
497
498
  end
499
+ ```
498
500
  EXAMPLES
499
501
 
500
502
  # The ResourceGuardInterpreter wraps a resource's guards in another resource. That inner resource
@@ -127,6 +127,7 @@ class Chef
127
127
  remote_file ::File.join(Chef::Config[:file_cache_path], "hab-install.sh") do
128
128
  source new_resource.install_url
129
129
  sensitive true
130
+ mode 0755
130
131
  end
131
132
 
132
133
  execute "installing with hab-install.sh" do
@@ -235,7 +236,7 @@ class Chef
235
236
  end
236
237
 
237
238
  def hab_command
238
- cmd = "bash #{Chef::Config[:file_cache_path]}/hab-install.sh"
239
+ cmd = "#{Chef::Config[:file_cache_path]}/hab-install.sh"
239
240
  cmd << " -v #{new_resource.hab_version} " if new_resource.hab_version
240
241
  cmd << " -t x86_64-linux-kernel2" if node["kernel"]["release"].to_i < 3
241
242
  cmd
@@ -18,7 +18,7 @@
18
18
  #
19
19
 
20
20
  require_relative "../resource"
21
- require_relative "../mixin/homebrew_user"
21
+ require_relative "../mixin/homebrew"
22
22
 
23
23
  class Chef
24
24
  class Resource
@@ -29,7 +29,7 @@ class Chef
29
29
  description "Use the **homebrew_cask** resource to install binaries distributed via the Homebrew package manager."
30
30
  introduced "14.0"
31
31
 
32
- include Chef::Mixin::HomebrewUser
32
+ include Chef::Mixin::Homebrew
33
33
 
34
34
  property :cask_name, String,
35
35
  description: "An optional property to set the cask name if it differs from the resource block's name.",
@@ -40,10 +40,6 @@ class Chef
40
40
  property :options, String,
41
41
  description: "Options to pass to the brew command during installation."
42
42
 
43
- property :install_cask, [TrueClass, FalseClass],
44
- description: "Automatically install the Homebrew cask tap, if necessary.",
45
- default: true
46
-
47
43
  property :homebrew_path, String,
48
44
  description: "The path to the Homebrew binary."
49
45
 
@@ -53,37 +49,27 @@ class Chef
53
49
  default_description: "Calculated default username"\
54
50
 
55
51
  action :install, description: "Install an application that is packaged as a Homebrew cask." do
56
- if new_resource.install_cask
57
- homebrew_tap "homebrew/cask" do
58
- homebrew_path homebrew_bin_path(new_resource.homebrew_path)
59
- owner new_resource.owner
60
- end
61
- end
62
-
63
52
  unless casked?
64
53
  converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
65
- shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} install --cask #{new_resource.cask_name} #{new_resource.options}",
66
- user: new_resource.owner,
67
- env: { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
68
- cwd: ::Dir.home(new_resource.owner))
54
+ execute "install cask #{new_resource.cask_name}" do
55
+ command "#{homebrew_bin_path(new_resource.homebrew_path)} install --cask #{new_resource.cask_name} #{new_resource.options}"
56
+ user new_resource.owner
57
+ cwd ::Dir.home(new_resource.owner)
58
+ login true
59
+ end
69
60
  end
70
61
  end
71
62
  end
72
63
 
73
64
  action :remove, description: "Remove an application that is packaged as a Homebrew cask." do
74
- if new_resource.install_cask
75
- homebrew_tap "homebrew/cask" do
76
- homebrew_path homebrew_bin_path(new_resource.homebrew_path)
77
- owner new_resource.owner
78
- end
79
- end
80
-
81
65
  if casked?
82
66
  converge_by("uninstall cask #{new_resource.cask_name}") do
83
- shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} uninstall --cask #{new_resource.cask_name}",
84
- user: new_resource.owner,
85
- env: { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
86
- cwd: ::Dir.home(new_resource.owner))
67
+ execute "uninstall cask #{new_resource.cask_name}" do
68
+ command "#{homebrew_bin_path(new_resource.homebrew_path)} uninstall --cask #{new_resource.cask_name}"
69
+ user new_resource.owner
70
+ cwd ::Dir.home(new_resource.owner)
71
+ login true
72
+ end
87
73
  end
88
74
  end
89
75
  end
@@ -98,10 +84,13 @@ class Chef
98
84
  # @return [Boolean]
99
85
  def casked?
100
86
  unscoped_name = new_resource.cask_name.split("/").last
101
- shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} list --cask 2>/dev/null",
87
+ shell_out!(
88
+ "#{homebrew_bin_path(new_resource.homebrew_path)} list --cask 2>/dev/null",
102
89
  user: new_resource.owner,
103
90
  env: { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
104
- cwd: ::Dir.home(new_resource.owner)).stdout.split.include?(unscoped_name)
91
+ cwd: ::Dir.home(new_resource.owner),
92
+ login: true
93
+ ).stdout.split.include?(unscoped_name)
105
94
  end
106
95
  end
107
96
  end
@@ -18,7 +18,7 @@
18
18
  #
19
19
 
20
20
  require_relative "../resource"
21
- require_relative "../mixin/homebrew_user"
21
+ require_relative "../mixin/homebrew"
22
22
 
23
23
  class Chef
24
24
  class Resource
@@ -29,7 +29,7 @@ class Chef
29
29
  description "Use the **homebrew_tap** resource to add additional formula repositories to the Homebrew package manager."
30
30
  introduced "14.0"
31
31
 
32
- include Chef::Mixin::HomebrewUser
32
+ include Chef::Mixin::Homebrew
33
33
 
34
34
  property :tap_name, String,
35
35
  description: "An optional property to set the tap name if it differs from the resource block's name.",
@@ -51,10 +51,13 @@ class Chef
51
51
  action :tap, description: "Add a Homebrew tap." do
52
52
  unless tapped?(new_resource.tap_name)
53
53
  converge_by("tap #{new_resource.tap_name}") do
54
- shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} tap #{new_resource.tap_name} #{new_resource.url || ""}",
55
- user: new_resource.owner,
56
- env: { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
57
- cwd: ::Dir.home(new_resource.owner))
54
+ execute "tap #{new_resource.tap_name}" do
55
+ command "#{homebrew_bin_path(new_resource.homebrew_path)} tap #{new_resource.tap_name} #{new_resource.url || ""}"
56
+ user new_resource.owner
57
+ default_env true
58
+ cwd ::Dir.home(new_resource.owner)
59
+ login true
60
+ end
58
61
  end
59
62
  end
60
63
  end
@@ -62,21 +65,33 @@ class Chef
62
65
  action :untap, description: "Remove a Homebrew tap." do
63
66
  if tapped?(new_resource.tap_name)
64
67
  converge_by("untap #{new_resource.tap_name}") do
65
- shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} untap #{new_resource.tap_name}",
66
- user: new_resource.owner,
67
- env: { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
68
- cwd: ::Dir.home(new_resource.owner))
68
+ execute "untap #{new_resource.tap_name}" do
69
+ command "#{homebrew_bin_path(new_resource.homebrew_path)} untap #{new_resource.tap_name}"
70
+ user new_resource.owner
71
+ default_env true
72
+ cwd ::Dir.home(new_resource.owner)
73
+ login true
74
+ end
69
75
  end
70
76
  end
71
77
  end
72
78
 
73
- # Is the passed tap already tapped
74
- #
75
- # @return [Boolean]
76
- def tapped?(name)
77
- base_path = ["#{::File.dirname(which("brew"))}/../homebrew", "#{::File.dirname(which("brew"))}/../Homebrew", "/opt/homebrew", "/usr/local/Homebrew", "/home/linuxbrew/.linuxbrew"].uniq.select { |x| Dir.exist?(x) }.first
78
- tap_dir = name.gsub("/", "/homebrew-")
79
- ::File.directory?("#{base_path}/Library/Taps/#{tap_dir}")
79
+ action_class do
80
+ # Is the passed tap already tapped
81
+ #
82
+ # @return [Boolean]
83
+ def tapped?(name)
84
+ brew_path = ::File.dirname(homebrew_bin_path(new_resource.homebrew_path))
85
+ base_path = [
86
+ "#{brew_path}/../homebrew",
87
+ "#{brew_path}/../Homebrew",
88
+ "/opt/homebrew",
89
+ "/usr/local/Homebrew",
90
+ "/home/linuxbrew/.linuxbrew",
91
+ ].filter_map { |x| x if Dir.exist?(x) }.first
92
+ tap_dir = name.gsub("/", "/homebrew-")
93
+ ::File.directory?("#{base_path}/Library/Taps/#{tap_dir}")
94
+ end
80
95
  end
81
96
  end
82
97
  end
@@ -19,13 +19,13 @@
19
19
  #
20
20
 
21
21
  require_relative "../resource"
22
- require_relative "../mixin/homebrew_user"
22
+ require_relative "../mixin/homebrew"
23
23
  require "chef-utils/dist" unless defined?(ChefUtils::Dist)
24
24
 
25
25
  class Chef
26
26
  class Resource
27
27
  class HomebrewUpdate < Chef::Resource
28
- include Chef::Mixin::HomebrewUser
28
+ include Chef::Mixin::Homebrew
29
29
 
30
30
  provides(:homebrew_update) { true }
31
31
 
@@ -78,9 +78,9 @@ class Chef
78
78
  end
79
79
 
80
80
  execute "brew update" do
81
- command %w{brew update}
82
- default_env true
81
+ command "#{homebrew_bin_path} update"
83
82
  user find_homebrew_uid
83
+ login true
84
84
  notifies :touch, "file[#{BREW_STAMP}]", :immediately
85
85
  end
86
86
  end
@@ -44,6 +44,10 @@ class Chef
44
44
  description: "Skip validating module author.",
45
45
  default: false, introduced: "14.3", desired_state: false
46
46
 
47
+ property :allow_clobber, [TrueClass, FalseClass],
48
+ description: "Overrides warning messages about installation conflicts about existing commands on a computer.",
49
+ default: false, introduced: "18.5"
50
+
47
51
  end
48
52
  end
49
53
  end
@@ -26,6 +26,29 @@ class Chef
26
26
 
27
27
  description "Use the **snap_package** resource to manage snap packages on Debian and Ubuntu platforms."
28
28
  introduced "15.0"
29
+ examples <<~DOC
30
+ **Install a package**
31
+
32
+ ```ruby
33
+ snap_package 'hello'
34
+ ```
35
+
36
+ **Upgrade a package**
37
+
38
+ ```ruby
39
+ snap_package 'hello' do
40
+ action :upgrade
41
+ end
42
+ ```
43
+
44
+ **Install a package with classic confinement**
45
+
46
+ ```ruby
47
+ snap_package 'hello' do
48
+ options 'classic'
49
+ end
50
+ ```
51
+ DOC
29
52
 
30
53
  allowed_actions :install, :upgrade, :remove, :purge
31
54
 
@@ -10,18 +10,19 @@
10
10
  @https_proxy
11
11
  @ftp_proxy
12
12
  @log_level
13
- @minimal_ohai
14
13
  @named_run_list
15
14
  @no_proxy
16
15
  @pid_file
17
16
  @policy_group
18
17
  @policy_name
19
18
  @rubygems_url
20
- @ssl_verify_mode
21
- @policy_persist_run_list).each do |prop| -%>
19
+ @ssl_verify_mode).each do |prop| -%>
22
20
  <% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
23
21
  <%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
24
22
  <% end -%>
23
+ <%# boolean properties are neither .nil? nor respond to .empty? so they are included below %>
24
+ minimal_ohai <%= @minimal_ohai.inspect %>
25
+ policy_persist_run_list <%= @policy_persist_run_list.inspect %>
25
26
  <%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
26
27
  <% %w(@ohai_disabled_plugins
27
28
  @ohai_optional_plugins).each do |prop| -%>
@@ -103,6 +103,7 @@ class Chef
103
103
  property :comment, [Array, String],
104
104
  description: "Comments, placed above the resource setting in the generated file. For multi-line comments, use an array of strings, one per line.",
105
105
  default: [],
106
+ desired_state: false,
106
107
  introduced: "15.8"
107
108
 
108
109
  property :conf_dir, String,
@@ -79,19 +79,37 @@ class Chef
79
79
  Array(equal_to).map(&:inspect)
80
80
  end
81
81
 
82
+ def self.load_from_resources(resources, complete)
83
+ resources.each_with_object({}) do |r, res|
84
+ pth = r["full_path"]
85
+ # Here we do some magic to extract resources from files where there are multiple resources
86
+ # in a file - to do this, we load the file, and take the delta of which resources
87
+ # exist in object space
88
+ existing_classes = []
89
+ ObjectSpace.each_object(Class).select { |k| k < Chef::Resource }.each { |klass| existing_classes << klass }
90
+ # Load the set of resources from this file
91
+ Chef::Resource::LWRPBase.build_from_file(name, pth, Chef::RunContext.new(Chef::Node.new, nil, nil))
92
+ # Finally, process every new class added to the object space by that
93
+ ObjectSpace.each_object(Class).select { |k| k < Chef::Resource }.each do |klass|
94
+ unless existing_classes.include?(klass)
95
+ # Skip over anything which creates resources that start with exactly this - that happens
96
+ # because if there is no non-classed resource in here, LWRPBase.build_from_file builds a
97
+ # dummy object from it - we don't need that polluting out output!
98
+ next if klass.resource_name.start_with?("Chef__ResourceInspector")
99
+
100
+ res[klass.resource_name] = extract_resource(klass, complete)
101
+ end
102
+ end
103
+ end
104
+ end
105
+
82
106
  def self.extract_cookbook(path, complete)
83
107
  path = File.expand_path(path)
84
108
  dir, name = File.split(path)
85
109
  Chef::Cookbook::FileVendor.fetch_from_disk(path)
86
110
  loader = Chef::CookbookLoader.new(dir)
87
111
  cookbook = loader.load_cookbook(name)
88
- resources = cookbook.files_for(:resources)
89
-
90
- resources.each_with_object({}) do |r, res|
91
- pth = r["full_path"]
92
- cur = Chef::Resource::LWRPBase.build_from_file(name, pth, Chef::RunContext.new(Chef::Node.new, nil, nil))
93
- res[cur.resource_name] = extract_resource(cur, complete)
94
- end
112
+ load_from_resources(cookbook.files_for(:resources), complete)
95
113
  end
96
114
 
97
115
  # If we're given no resources, dump all of Chef's built ins
data/lib/chef/version.rb CHANGED
@@ -23,7 +23,7 @@ require_relative "version_string"
23
23
 
24
24
  class Chef
25
25
  CHEF_ROOT = File.expand_path("..", __dir__)
26
- VERSION = Chef::VersionString.new("18.4.12")
26
+ VERSION = Chef::VersionString.new("18.6.2")
27
27
  end
28
28
 
29
29
  #
@@ -26,6 +26,11 @@ if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
26
26
  autoload :Registry, File.expand_path("../monkey_patches/win32/registry", __dir__)
27
27
  end
28
28
  require_relative "api/registry"
29
+
30
+ require "win32/resolv"
31
+ ::Win32::Registry.define_method :export_string do |str, enc = (Encoding.default_internal || "utf-8")|
32
+ str.encode(enc)
33
+ end
29
34
  end
30
35
 
31
36
  class Chef
@@ -130,6 +130,15 @@ class Chef
130
130
  end
131
131
  end
132
132
 
133
+ def self.clear_account_rights(name)
134
+ return if get_account_right(name) == []
135
+
136
+ with_lsa_policy(name) do |policy_handle, sid|
137
+ result = LsaRemoveAccountRights(policy_handle.read_pointer, sid, true, nil, 1)
138
+ test_and_raise_lsa_nt_status(result)
139
+ end
140
+ end
141
+
133
142
  def self.adjust_token_privileges(token, privileges)
134
143
  token = token.handle if token.respond_to?(:handle)
135
144
  old_privileges_size = FFI::Buffer.new(:long).write_long(privileges.size_with_privileges)
@@ -57,7 +57,7 @@ describe Chef::Resource::CookbookFile do
57
57
  create_resource
58
58
  end
59
59
 
60
- it_behaves_like "a file resource"
60
+ it_behaves_like "a file resource", :not_supported_on_windows_11
61
61
 
62
62
  # These examples cover CHEF-3467 where unexpected and incorrect
63
63
  # permissions can result on Windows because CookbookFile's
@@ -245,7 +245,7 @@ describe Chef::Resource::RemoteFile do
245
245
  end
246
246
  end
247
247
 
248
- context "when the the file is only accessible as a specific alternate identity" do
248
+ context "when the file is only accessible as a specific alternate identity" do
249
249
  let(:windows_nonadmin_user) { "chefremfile2" }
250
250
  let(:windows_nonadmin_user_password) { "j82ajfxK3;2Xe2" }
251
251
  include_context "a non-admin Windows user"
@@ -9,12 +9,21 @@ describe "chef-client fips" do
9
9
  after { OpenSSL.fips_mode = false }
10
10
 
11
11
  # For non-FIPS OSes/builds of Ruby, enabling FIPS should error
12
- example "Error enabling fips_mode if FIPS not linked", fips_mode: false do
12
+ example "Error enabling fips_mode if FIPS not linked", :fips_mode_negative_test do
13
13
  expect { enable_fips }.to raise_error(OpenSSL::OpenSSLError)
14
14
  end
15
15
 
16
+ example "Do not error on MD5 if not fips_mode", :fips_mode_negative_test do
17
+ expect { OpenSSL::Digest.new("MD5", "test string for digesting") }.not_to raise_error
18
+ end
19
+
16
20
  # For FIPS OSes/builds of Ruby, enabling FIPS should not error
17
- example "Do not error enabling fips_mode if FIPS linked", fips_mode: true do
21
+ example "Do not error enabling fips_mode if FIPS linked", :fips_mode_test do
18
22
  expect { enable_fips }.not_to raise_error
19
23
  end
24
+
25
+ example "Error on MD5 if fips_mode", :fips_mode_test do
26
+ enable_fips
27
+ expect { OpenSSL::Digest.new("MD5", "test string for digesting") }.to raise_error(OpenSSL::Digest::DigestError)
28
+ end
20
29
  end
@@ -0,0 +1,20 @@
1
+ require "spec_helper"
2
+
3
+ describe "openssl checks" do
4
+ let(:openssl_version_default) do
5
+ if windows?
6
+ "3.0.9"
7
+ elsif macos?
8
+ "1.1.1m"
9
+ else
10
+ "3.0.9"
11
+ end
12
+ end
13
+
14
+ %w{version library_version}.each do |method|
15
+ # macOS just picks up its own for some reason, maybe it circumvents a build step
16
+ example "check #{method}", not_supported_on_macos: true do
17
+ expect(OpenSSL.const_get("OPENSSL_#{method.upcase}")).to match(openssl_version_default), "OpenSSL doesn't match omnibus_overrides.rb"
18
+ end
19
+ end
20
+ end