chef 18.6.2-universal-mingw-ucrt → 18.7.3-universal-mingw-ucrt

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +5 -5
  3. data/chef.gemspec +17 -13
  4. data/lib/chef/compliance/default_attributes.rb +2 -2
  5. data/lib/chef/compliance/runner.rb +6 -1
  6. data/lib/chef/cookbook/metadata.rb +1 -1
  7. data/lib/chef/cookbook/remote_file_vendor.rb +1 -4
  8. data/lib/chef/event_dispatch/dispatcher.rb +0 -1
  9. data/lib/chef/provider/package/dnf/dnf_helper.py +7 -0
  10. data/lib/chef/provider/package/snap.rb +1 -1
  11. data/lib/chef/provider/registry_key.rb +6 -0
  12. data/lib/chef/resource/apt_repository.rb +85 -12
  13. data/lib/chef/resource/registry_key.rb +18 -0
  14. data/lib/chef/resource.rb +1 -0
  15. data/lib/chef/resource_reporter.rb +1 -0
  16. data/lib/chef/util/powershell/ps_credential.rb +10 -0
  17. data/lib/chef/version.rb +1 -1
  18. data/lib/chef/win32/registry.rb +0 -1
  19. data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml +6 -6
  20. data/spec/functional/resource/registry_spec.rb +276 -609
  21. data/spec/tiny_server.rb +5 -2
  22. data/spec/unit/provider/apt_repository_spec.rb +13 -8
  23. data/spec/unit/provider/registry_key_spec.rb +18 -17
  24. data/spec/unit/util/powershell/ps_credential_spec.rb +6 -0
  25. metadata +22 -22
  26. /data/spec/functional/assets/yumrepo-empty/repodata/{01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2 → 01a3b-filelists.sqlite.bz2} +0 -0
  27. /data/spec/functional/assets/yumrepo-empty/repodata/{401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz → 401dc-filelists.xml.gz} +0 -0
  28. /data/spec/functional/assets/yumrepo-empty/repodata/{5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2 → 5dc1e-primary.sqlite.bz2} +0 -0
  29. /data/spec/functional/assets/yumrepo-empty/repodata/{6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz → 6bf96-other.xml.gz} +0 -0
  30. /data/spec/functional/assets/yumrepo-empty/repodata/{7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2 → 7c365-other.sqlite.bz2} +0 -0
  31. /data/spec/functional/assets/yumrepo-empty/repodata/{dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz → dabe2-primary.xml.gz} +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 275484c3b6a9cb842ace0e849662e09ae9d266b1a86e792c36636a12c18f4130
4
- data.tar.gz: 7492cbde1f73b5fbea4082e5dc7d9784985eda094712a9b1e283997841b04f02
3
+ metadata.gz: 9b252075aba8deae63fea0b1b82f99f9cb3701b4206d2148a40eccb8fdb05405
4
+ data.tar.gz: e7b4531f1f725094c3f799d662c5a677874cc114e76422664a8abd520e816b4f
5
5
  SHA512:
6
- metadata.gz: a8b890bc0819bc3c48ab2d6298c5865f82c5573f43160daacd5151a4db038bce760c064fbf1a815c2bf077ede5bb985bda7264901119b80d028853797aee082b
7
- data.tar.gz: 805e2a51953c0a8f53d515b180b0b4ea6a91aaaf4f883e12d09c9483f99934a75af80153b5367a92f785db9830406bcf660eaa3c23070612a634e9bbee7f08d9
6
+ metadata.gz: 56e2b8fea4d7c8d7aaba000619c87f9b2d444837524f567c6d77035ec8d9f232692e13e06a567ab8ff2438b1986e6f0b68160c151ed583392bbc46aa2de846d7
7
+ data.tar.gz: 063d5c9156b5ced6d7d42abb91fe1f75452ca7f8f1141d364e9b230a7f7fb7b53550afdf6620313599c6d69b96c20c3e3bf0421f5ce837259fce5dee02f0bc55
data/Gemfile CHANGED
@@ -7,7 +7,7 @@ gem "ohai", git: "https://github.com/chef/ohai.git", branch: "18-stable"
7
7
  # Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
8
8
  gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
9
9
 
10
- gem "ffi", ">= 1.15.5"
10
+ gem "ffi", ">= 1.15.5", "<= 1.17.0"
11
11
  gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
12
12
  gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
13
13
 
@@ -16,8 +16,6 @@ install_if -> { RUBY_PLATFORM !~ /darwin/ } do
16
16
  gem "openssl", "= 3.2.0"
17
17
  end
18
18
 
19
- gem "rdoc", "~> 6.4.1" # 6.4.1.1 required for CVE-2024-27281, allow patch upgrades
20
-
21
19
  if File.exist?(File.expand_path("chef-bin", __dir__))
22
20
  # bundling in a git checkout
23
21
  gem "chef-bin", path: File.expand_path("chef-bin", __dir__)
@@ -46,8 +44,10 @@ end
46
44
 
47
45
  # Everything except AIX and Windows
48
46
  group(:ruby_shadow) do
49
- # if ruby-shadow does a release that supports ruby-3.0 this can be removed
50
- gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby unless RUBY_PLATFORM == "x64-mingw-ucrt"
47
+ install_if -> { !RUBY_PLATFORM.match?(/mingw/) } do
48
+ # if ruby-shadow does a release that supports ruby-3.0 this can be removed
49
+ gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby
50
+ end
51
51
  end
52
52
 
53
53
  # deps that cannot be put in the knife gem because they require a compiler and fail on windows nodes
data/chef.gemspec CHANGED
@@ -1,10 +1,13 @@
1
- $:.unshift(File.dirname(__FILE__) + "/lib")
1
+ # on Windows, the directory location starts with "(eval at " because it's
2
+ # being evaled in
3
+ file_directory = File.dirname(__FILE__).gsub(/\(eval at /, "")
4
+ $:.unshift(File.join(file_directory, "lib"))
2
5
  vs_path = File.expand_path("chef-utils/lib/chef-utils/version_string.rb", __dir__)
3
6
 
4
7
  if File.exist?(vs_path)
5
8
  # include chef-utils/lib in the path if we're inside of chef vs. chef-utils gem
6
9
  # but add it to the end of the search path
7
- $: << (File.dirname(__FILE__) + "/chef-utils/lib")
10
+ $: << File.join(file_directory, "chef-utils", "lib")
8
11
  end
9
12
  # if the path doesn't exist then we're just in the wild gem and not in the git repo
10
13
  require "chef-utils/version_string"
@@ -14,7 +17,7 @@ Gem::Specification.new do |s|
14
17
  s.name = "chef"
15
18
  s.version = Chef::VERSION
16
19
  s.platform = Gem::Platform::RUBY
17
- s.extra_rdoc_files = ["README.md", "LICENSE" ]
20
+ s.extra_rdoc_files = ["README.md", "LICENSE"]
18
21
  s.summary = "A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure."
19
22
  s.description = s.summary
20
23
  s.license = "Apache-2.0"
@@ -31,12 +34,12 @@ Gem::Specification.new do |s|
31
34
  s.add_dependency "chef-config", "= #{Chef::VERSION}"
32
35
  s.add_dependency "chef-utils", "= #{Chef::VERSION}"
33
36
  s.add_dependency "train-core", "~> 3.10", "<= 3.12.7"
34
- s.add_dependency "train-winrm", ">= 0.2.5"
37
+ s.add_dependency "train-winrm", "~> 0.2.17"
35
38
  s.add_dependency "train-rest", ">= 0.4.1" # target mode with rest APIs
36
39
 
37
40
  s.add_dependency "license-acceptance", ">= 1.0.5", "< 3"
38
41
  s.add_dependency "mixlib-cli", ">= 2.1.1", "< 3.0"
39
- s.add_dependency "mixlib-log", ">= 2.0.3", "< 4.0"
42
+ s.add_dependency "mixlib-log", ">= 2.0.3", "<= 3.1.1"
40
43
  s.add_dependency "mixlib-authentication", ">= 2.1", "< 4"
41
44
  s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
42
45
  s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
@@ -50,7 +53,7 @@ Gem::Specification.new do |s|
50
53
  s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
51
54
  s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
52
55
  s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
53
- s.add_dependency "chef-zero", ">= 14.0.11"
56
+ s.add_dependency "chef-zero", ">= 15.0.17"
54
57
  s.add_dependency "chef-vault" # chef-vault resources and helpers
55
58
 
56
59
  s.add_dependency "plist", "~> 3.2" # launchd, dscl/mac user, macos_userdefaults, osx_profile and plist resources
@@ -66,8 +69,9 @@ Gem::Specification.new do |s|
66
69
  s.add_dependency "aws-sdk-s3", "~> 1.91" # s3 recipe-url support
67
70
  s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
68
71
  s.add_dependency "vault", "~> 0.18.2" # hashi vault official client gem
69
- s.bindir = "bin"
70
- s.executables = %w{ }
72
+
73
+ s.bindir = "bin"
74
+ s.executables = %w{ }
71
75
 
72
76
  s.require_paths = %w{ lib }
73
77
  s.files = %w{Gemfile Rakefile LICENSE README.md} +
@@ -76,11 +80,11 @@ Gem::Specification.new do |s|
76
80
  Dir.glob("tasks/rspec.rb")
77
81
 
78
82
  s.metadata = {
79
- "bug_tracker_uri" => "https://github.com/chef/chef/issues",
80
- "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md",
83
+ "bug_tracker_uri" => "https://github.com/chef/chef/issues",
84
+ "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md",
81
85
  "documentation_uri" => "https://docs.chef.io/",
82
- "homepage_uri" => "https://www.chef.io",
83
- "mailing_list_uri" => "https://discourse.chef.io/",
84
- "source_code_uri" => "https://github.com/chef/chef/",
86
+ "homepage_uri" => "https://www.chef.io",
87
+ "mailing_list_uri" => "https://discourse.chef.io/",
88
+ "source_code_uri" => "https://github.com/chef/chef/",
85
89
  }
86
90
  end
@@ -38,8 +38,8 @@ class Chef
38
38
  # Allow for connections to HTTPS endpoints using self-signed ssl certificates.
39
39
  "insecure" => nil,
40
40
 
41
- # Controls verbosity of Chef InSpec runner. See less output when true.
42
- "quiet" => true,
41
+ # When set to true, it will suppress CLI output for compliance phase.
42
+ "quiet" => false,
43
43
 
44
44
  # Chef Inspec Compliance profiles to be used for scan of node.
45
45
  # See Compliance Phase documentation for further details:
@@ -368,7 +368,12 @@ class Chef
368
368
  end
369
369
 
370
370
  def requested_reporters
371
- (Array(node["audit"]["reporter"]) + ["cli"]).uniq
371
+ if node["audit"]["quiet"]
372
+ logger.info "node[\"audit\"][\"quiet\"] is set to true, skipping cli reporter"
373
+ Array(node["audit"]["reporter"]).uniq - ["cli"]
374
+ else
375
+ (Array(node["audit"]["reporter"]) + ["cli"]).uniq
376
+ end
372
377
  end
373
378
 
374
379
  def create_timestamp_file
@@ -391,7 +391,7 @@ class Chef
391
391
  def recipes_from_cookbook_version(cookbook)
392
392
  cookbook.fully_qualified_recipe_names.map do |recipe_name|
393
393
  unqualified_name =
394
- if /::default$/.match?(recipe_name)
394
+ if recipe_name.end_with?("::default")
395
395
  name.to_s
396
396
  else
397
397
  recipe_name
@@ -43,10 +43,7 @@ class Chef
43
43
  raise "get_filename: Cannot determine segment/filename for incoming filename #{filename}"
44
44
  end
45
45
 
46
- files_for_segment = @manifest.files_for(segment)
47
- raise "No such segment #{segment} in cookbook #{@cookbook_name}" unless files_for_segment
48
-
49
- found_manifest_record = files_for_segment.find { |manifest_record| manifest_record[:path] == filename }
46
+ found_manifest_record = @manifest.manifest_records_by_path[filename]
50
47
  raise "No such file #{filename} in #{@cookbook_name}" unless found_manifest_record
51
48
 
52
49
  cache_filename = File.join("cookbooks", @cookbook_name, found_manifest_record["path"])
@@ -90,7 +90,6 @@ class Chef
90
90
  def process_events_until_done
91
91
  call_subscribers(*event_list.shift) until event_list.empty?
92
92
  end
93
-
94
93
  end
95
94
  end
96
95
  end
@@ -92,6 +92,13 @@ def query(command):
92
92
  q = subj.get_best_query(sack, with_provides=True)
93
93
 
94
94
  if command['action'] == "whatinstalled":
95
+ # When attempting to figure out what is installed, we should ignore any
96
+ # excludes that are configured, otherwise the "best" query for a given
97
+ # subject may refer to a package that is installed that provides that
98
+ # subject, but we really want to know if a package by that name exists
99
+ # in any available repository
100
+ q = subj.get_best_query(sack, with_provides=True, query=sack.query(flags=hawkey.IGNORE_EXCLUDES))
101
+
95
102
  q = q.installed()
96
103
 
97
104
  if command['action'] == "whatavailable":
@@ -223,7 +223,7 @@ class Chef
223
223
  when "Do", "Doing", "Undoing", "Undo"
224
224
  # Continue
225
225
  when "Abort", "Hold", "Error"
226
- raise result
226
+ raise "#{result["result"]["summary"]} - #{result["result"]["status"]} - #{result["result"]["err"]}"
227
227
  when "Done"
228
228
  waiting = false
229
229
  else
@@ -51,9 +51,14 @@ class Chef
51
51
  current_resource.recursive(new_resource.recursive)
52
52
  if registry.key_exists?(new_resource.key)
53
53
  current_registry_values = registry.get_values(new_resource.key) || []
54
+
55
+ if new_resource.only_record_changes
56
+ current_registry_values.select! { |v| new_resource.values.any? { |nv| nv[:name] == v[:name] } }
57
+ end
54
58
  current_resource.values(current_registry_values)
55
59
  end
56
60
  values_to_hash(current_resource.unscrubbed_values)
61
+
57
62
  current_resource
58
63
  end
59
64
 
@@ -122,6 +127,7 @@ class Chef
122
127
  registry.create_key(new_resource.key, new_resource.recursive)
123
128
  end
124
129
  end
130
+
125
131
  new_resource.unscrubbed_values.each do |value|
126
132
  if @name_hash.key?(value[:name].downcase)
127
133
  current_value = @name_hash[value[:name].downcase]
@@ -164,6 +164,10 @@ class Chef
164
164
  property :key_proxy, [String, nil, FalseClass],
165
165
  description: "If set, a specified proxy is passed to GPG via `http-proxy=`."
166
166
 
167
+ property :signed_by, [String, true, false, nil],
168
+ description: "If a string, specify the file and/or fingerprint the repo is signed with. If true, set Signed-With to use the specified key",
169
+ default: true
170
+
167
171
  property :cookbook, [String, nil, FalseClass],
168
172
  description: "If key should be a cookbook_file, specify a cookbook where the key is located for files/default. Default value is nil, so it will use the cookbook where the resource is used.",
169
173
  desired_state: false
@@ -233,6 +237,17 @@ class Chef
233
237
  valid
234
238
  end
235
239
 
240
+ # validate the key against the a gpg keyring to see if that version is expired
241
+ # @param [String] key
242
+ #
243
+ # @return [Boolean] is the key valid or not
244
+ def keyring_key_is_valid?(keyring, key)
245
+ valid = shell_out("gpg", "--no-default-keyring", "--keyring", keyring, "--list-public-keys", key).stdout.each_line.none?(/\[(expired|revoked):/)
246
+
247
+ logger.debug "key #{key} #{valid ? "is valid" : "is not valid"}"
248
+ valid
249
+ end
250
+
236
251
  # return the specified cookbook name or the cookbook containing the
237
252
  # resource.
238
253
  #
@@ -279,6 +294,10 @@ class Chef
279
294
  end
280
295
  end
281
296
 
297
+ def keyring_path
298
+ "/etc/apt/keyrings/#{new_resource.repo_name}.gpg"
299
+ end
300
+
282
301
  # Fetch the key using either cookbook_file or remote_file, validate it,
283
302
  # and install it with apt-key add
284
303
  # @param [String] key the key to install
@@ -288,11 +307,19 @@ class Chef
288
307
  # @return [void]
289
308
  def install_key_from_uri(key)
290
309
  key_name = key.gsub(/[^0-9A-Za-z\-]/, "_")
291
- cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name)
292
- tmp_dir = Dir.mktmpdir(".gpg")
293
- at_exit { FileUtils.remove_entry(tmp_dir) }
310
+ keyfile_path = ::File.join(Chef::Config[:file_cache_path], key_name)
311
+ tmp_dir = TargetIO::Dir.mktmpdir(".gpg")
312
+ at_exit { TargetIO::FileUtils.remove_entry(tmp_dir) }
294
313
 
295
- declare_resource(key_type(key), cached_keyfile) do
314
+ if new_resource.signed_by
315
+ keyfile_path = keyring_path
316
+
317
+ directory "/etc/apt/keyrings" do
318
+ mode "0755"
319
+ end
320
+ end
321
+
322
+ declare_resource(key_type(key), keyfile_path) do
296
323
  source key
297
324
  mode "0644"
298
325
  sensitive new_resource.sensitive
@@ -300,13 +327,17 @@ class Chef
300
327
  verify "gpg --homedir #{tmp_dir} %{path}"
301
328
  end
302
329
 
303
- execute "apt-key add #{cached_keyfile}" do
304
- command [ "apt-key", "add", cached_keyfile ]
305
- default_env true
306
- sensitive new_resource.sensitive
307
- action :run
308
- not_if { no_new_keys?(cached_keyfile) }
309
- notifies :run, "execute[apt-cache gencaches]", :immediately
330
+ # If signed by is true, then we don't need to
331
+ # add to the default keyring
332
+ unless new_resource.signed_by
333
+ execute "apt-key add #{keyfile_path}" do
334
+ command [ "apt-key", "add", keyfile_path ]
335
+ default_env true
336
+ sensitive new_resource.sensitive
337
+ action :run
338
+ not_if { no_new_keys?(keyfile_path) }
339
+ notifies :run, "execute[apt-cache gencaches]", :immediately
340
+ end
310
341
  end
311
342
  end
312
343
 
@@ -336,6 +367,10 @@ class Chef
336
367
  #
337
368
  # @return [void]
338
369
  def install_key_from_keyserver(key, keyserver = new_resource.keyserver)
370
+ if new_resource.signed_by
371
+ install_key_from_keyserver_to_keyring(key, keyserver, keyring_path)
372
+ return
373
+ end
339
374
  execute "install-key #{key}" do
340
375
  command keyserver_install_cmd(key, keyserver)
341
376
  default_env true
@@ -352,6 +387,31 @@ class Chef
352
387
  raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless key_is_valid?(key.upcase)
353
388
  end
354
389
 
390
+ # @param [String] key
391
+ # @param [String] keyserver
392
+ # @param [String] keyring
393
+ def install_key_from_keyserver_to_keyring(key, keyserver, keyring)
394
+ keyserver = "hkp://#{keyserver}:80" unless keyserver.start_with?("hkp://")
395
+
396
+ cmd = "gpg --no-default-keyring --keyring #{keyring}"
397
+ cmd << " --keyserver-options http-proxy=#{new_resource.key_proxy}" if new_resource.key_proxy
398
+ cmd << " --keyserver #{keyserver}"
399
+ cmd << " --recv #{key}"
400
+
401
+ execute "install-key #{key}" do
402
+ command cmd
403
+ default_env true
404
+ sensitive new_resource.sensitive
405
+ not_if do
406
+ present = shell_out(*%W{gpg --no-default-keyring --keyring #{keyring} --list-public-keys --with-fingerprint --with-colons #{key}}).exitstatus != 0
407
+ present && keyring_key_is_valid?(keyring, key.upcase)
408
+ end
409
+ notifies :run, "execute[apt-cache gencaches]", :immediately
410
+ end
411
+
412
+ raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless keyring_key_is_valid?(keyring, key.upcase)
413
+ end
414
+
355
415
  # @param [String] owner
356
416
  # @param [String] repo
357
417
  #
@@ -405,11 +465,12 @@ class Chef
405
465
  # @param [Array] components
406
466
  # @param [Boolean] trusted
407
467
  # @param [String] arch
468
+ # @param [String] signed_by
408
469
  # @param [Array] options
409
470
  # @param [Boolean] add_src
410
471
  #
411
472
  # @return [String] complete repo config text
412
- def build_repo(uri, distribution, components, trusted, arch, options, add_src = false)
473
+ def build_repo(uri, distribution, components, trusted, arch, signed_by, options, add_src = false)
413
474
  uri = make_ppa_url(uri) if is_ppa_url?(uri)
414
475
 
415
476
  uri = Addressable::URI.parse(uri)
@@ -417,6 +478,7 @@ class Chef
417
478
  options_list = []
418
479
  options_list << "arch=#{arch}" if arch
419
480
  options_list << "trusted=yes" if trusted
481
+ options_list << "signed-by=#{signed_by}" if signed_by
420
482
  options_list += options
421
483
  optstr = unless options_list.empty?
422
484
  "[" + options_list.join(" ") + "]"
@@ -474,12 +536,18 @@ class Chef
474
536
 
475
537
  cleanup_legacy_file!
476
538
 
539
+ signed_by = new_resource.signed_by
540
+ if signed_by == true
541
+ signed_by = keyring_path
542
+ end
543
+
477
544
  repo = build_repo(
478
545
  new_resource.uri,
479
546
  new_resource.distribution,
480
547
  repo_components,
481
548
  new_resource.trusted,
482
549
  new_resource.arch,
550
+ signed_by,
483
551
  new_resource.options,
484
552
  new_resource.deb_src
485
553
  )
@@ -507,6 +575,11 @@ class Chef
507
575
  action :nothing
508
576
  end
509
577
 
578
+ file keyring_path do
579
+ sensitive new_resource.sensitive
580
+ action :delete
581
+ end
582
+
510
583
  file "/etc/apt/sources.list.d/#{new_resource.repo_name}.list" do
511
584
  sensitive new_resource.sensitive
512
585
  action :delete
@@ -41,6 +41,19 @@ class Chef
41
41
  end
42
42
  ```
43
43
 
44
+ ```ruby
45
+ **Suppress reporting the sibling values of the values being updated in a registry key**
46
+ registry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\Session Manager' do
47
+ values [{
48
+ name: 'ProtectionMode',
49
+ type: :dword,
50
+ data: 1
51
+ }]
52
+ only_record_changes true
53
+ action :create
54
+ end
55
+ ```
56
+
44
57
  **Create a registry key with binary data: "\x01\x02\x03"**:
45
58
 
46
59
  ```ruby
@@ -50,6 +63,7 @@ class Chef
50
63
  :type => :binary,
51
64
  :data => [0, 1, 2].map(&:chr).join
52
65
  }]
66
+
53
67
  action :create
54
68
  end
55
69
  ```
@@ -150,6 +164,10 @@ class Chef
150
164
  }
151
165
  property :recursive, [TrueClass, FalseClass], default: false
152
166
  property :architecture, Symbol, default: :machine, equal_to: %i{machine x86_64 i386}
167
+ property :only_record_changes, [TrueClass, FalseClass],
168
+ default: true,
169
+ introduced: "19.0",
170
+ description: "Suppress reporting of the current value of sibling values in a registry key. Setting this to false may result in a large number of values reported."
153
171
 
154
172
  # Some registry key data types may not be safely reported as json.
155
173
  # Example (CHEF-5323):
data/lib/chef/resource.rb CHANGED
@@ -620,6 +620,7 @@ class Chef
620
620
  # Reporting endpoint doesn't accept a negative resource duration so set it to 0.
621
621
  # A negative value can occur when a resource changes the system time backwards
622
622
  @elapsed_time = 0 if @elapsed_time < 0
623
+
623
624
  events.resource_completed(self)
624
625
  end
625
626
 
@@ -190,6 +190,7 @@ class Chef
190
190
  def prepare_run_data
191
191
  run_data = {}
192
192
  run_data["action"] = "end"
193
+
193
194
  run_data["resources"] = updated_resources.map do |action_record|
194
195
  for_json(action_record)
195
196
  end
@@ -31,9 +31,19 @@ class Chef
31
31
  "New-Object System.Management.Automation.PSCredential('#{@username}',('#{encrypt(@password)}' | ConvertTo-SecureString))"
32
32
  end
33
33
 
34
+ def to_plaintext
35
+ "#<Chef::Util::Powershell::PSCredential:#{object_id} @username=#{@username.inspect}>"
36
+ end
37
+
38
+ # These leak an encrypted password, however we can't rely on no-one using
39
+ # these assuming that behavior.
34
40
  alias to_s to_psobject
35
41
  alias to_text to_psobject
36
42
 
43
+ # Inspect has no business leaking anything but the username, and to be honest
44
+ # even that one could be dicey
45
+ alias inspect to_plaintext
46
+
37
47
  private
38
48
 
39
49
  def encrypt(str)
data/lib/chef/version.rb CHANGED
@@ -23,7 +23,7 @@ require_relative "version_string"
23
23
 
24
24
  class Chef
25
25
  CHEF_ROOT = File.expand_path("..", __dir__)
26
- VERSION = Chef::VersionString.new("18.6.2")
26
+ VERSION = Chef::VersionString.new("18.7.3")
27
27
  end
28
28
 
29
29
  #
@@ -382,7 +382,6 @@ class Chef
382
382
  hive_name = reg_path.shift
383
383
  key = reg_path.join("\\")
384
384
  end
385
-
386
385
  end
387
386
  end
388
387
  end
@@ -4,7 +4,7 @@
4
4
  <data type="filelists">
5
5
  <checksum type="sha256">401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93</checksum>
6
6
  <open-checksum type="sha256">bf9808b81cb2dbc54b4b8e35adc584ddcaa73bd81f7088d73bf7dbbada961310</open-checksum>
7
- <location href="repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz"/>
7
+ <location href="repodata/401dc-filelists.xml.gz"/>
8
8
  <timestamp>1667508211</timestamp>
9
9
  <size>123</size>
10
10
  <open-size>125</open-size>
@@ -12,7 +12,7 @@
12
12
  <data type="primary">
13
13
  <checksum type="sha256">dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9</checksum>
14
14
  <open-checksum type="sha256">e1e2ffd2fb1ee76f87b70750d00ca5677a252b397ab6c2389137a0c33e7b359f</open-checksum>
15
- <location href="repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz"/>
15
+ <location href="repodata/dabe2-primary.xml.gz"/>
16
16
  <timestamp>1667508211</timestamp>
17
17
  <size>134</size>
18
18
  <open-size>167</open-size>
@@ -20,7 +20,7 @@
20
20
  <data type="primary_db">
21
21
  <checksum type="sha256">5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945</checksum>
22
22
  <open-checksum type="sha256">f0d550414e8f2e960e82e704549364299ca9e3e8664ad4faffd208262c3b6d12</open-checksum>
23
- <location href="repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2"/>
23
+ <location href="repodata/5dc1e-primary.sqlite.bz2"/>
24
24
  <timestamp>1667508211</timestamp>
25
25
  <database_version>10</database_version>
26
26
  <size>1131</size>
@@ -29,7 +29,7 @@
29
29
  <data type="other_db">
30
30
  <checksum type="sha256">7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4</checksum>
31
31
  <open-checksum type="sha256">4de0fe7c5dd2674849a7c63c326e42f33af0a0f46219bc6dd59f51dfa2ac8c68</open-checksum>
32
- <location href="repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2"/>
32
+ <location href="repodata/7c365-other.sqlite.bz2"/>
33
33
  <timestamp>1667508211</timestamp>
34
34
  <database_version>10</database_version>
35
35
  <size>575</size>
@@ -38,7 +38,7 @@
38
38
  <data type="other">
39
39
  <checksum type="sha256">6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670</checksum>
40
40
  <open-checksum type="sha256">e0ed5e0054194df036cf09c1a911e15bf2a4e7f26f2a788b6f47d53e80717ccc</open-checksum>
41
- <location href="repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz"/>
41
+ <location href="repodata/6bf96-other.xml.gz"/>
42
42
  <timestamp>1667508211</timestamp>
43
43
  <size>123</size>
44
44
  <open-size>121</open-size>
@@ -46,7 +46,7 @@
46
46
  <data type="filelists_db">
47
47
  <checksum type="sha256">01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523</checksum>
48
48
  <open-checksum type="sha256">c4211f57bdcbb142c9f93a6d32401539f775eb6a670ab7a423e13f435ce94689</open-checksum>
49
- <location href="repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2"/>
49
+ <location href="repodata/01a3b-filelists.sqlite.bz2"/>
50
50
  <timestamp>1667508211</timestamp>
51
51
  <database_version>10</database_version>
52
52
  <size>586</size>