chef 19.1.164 → 19.3.14

data/lib/chef/policy_builder/policyfile.rb

@@ -515,6 +515,8 @@ class Chef
       # @api private
       def api_service
         @api_service ||= Chef::ServerAPI.new(config[:chef_server_url],
+          client_name: api_client_name,
+          signing_key_filename: api_client_key,
           version_class: Chef::CookbookManifestVersions)
       end
 
@@ -523,6 +525,16 @@ class Chef
         Chef::Config
       end
 
+      # @api private
+      def api_client_name
+        config[:api_client_name] || config[:node_name]
+      end
+
+      # @api private
+      def api_client_key
+        config[:api_client_key] || config[:client_key]
+      end
+
       # Indicates whether the policy is temporary, which means an
       # override_runlist was provided. Chef::Client uses this to decide whether
       # to do the final node save at the end of the run or not.

data/lib/chef/property.rb

@@ -698,7 +698,7 @@ class Chef
       # Weeding out class methods avoids unnecessary deprecations such Chef::Resource
       # defining a `name` property when there's an already-existing `name` method
       # for a Module.
-      return false unless declared_in.instance_methods.include?(name)
+      return false unless declared_in.method_defined?(name)
 
       # Only emit deprecations for some well-known classes. This will still
       # allow more advanced users to subclass their own custom resources and

data/lib/chef/provider/file/content.rb

@@ -24,9 +24,10 @@ class Chef
     class File
       class Content < Chef::FileContentManagement::ContentBase
         def file_for_provider
-          if @new_resource.content
+          content = @new_resource.content
+          if content
             tempfile = Chef::FileContentManagement::Tempfile.new(@new_resource).tempfile
-            tempfile.write(@new_resource.content)
+            tempfile.write(content)
             tempfile.close
             tempfile
           else

data/lib/chef/provider/file.rb

@@ -197,7 +197,7 @@ class Chef
       # be overridden in subclasses.
       def managing_content?
         return true if new_resource.checksum
-        return true if !new_resource.content.nil? && @action != :create_if_missing
+        return true if new_resource.property_is_set?(:content) && @action != :create_if_missing
 
         false
       end
@@ -472,11 +472,14 @@ class Chef
       end
 
       def load_resource_attributes_from_file(resource)
-        if ChefUtils.windows?
+        if ChefUtils.windows? && !Chef::Config.target_mode?
           # This is a work around for CHEF-3554.
           # OC-6534: is tracking the real fix for this workaround.
           # Add support for Windows equivalent, or implicit resource
           # reporting won't work for Windows.
+          # In target mode on Windows, we still read remote attributes via
+          # TargetIO (ScanAccessControl is TargetIO-aware), so idempotency
+          # checks work correctly when targeting a remote Linux host.
           return
         end
 

data/lib/chef/provider/ifconfig/redhat.rb

@@ -22,7 +22,7 @@ class Chef
   class Provider
     class Ifconfig
       class Redhat < Chef::Provider::Ifconfig
-        provides :ifconfig, platform_family: "fedora_derived", target_mode: true
+        provides :ifconfig, platform_family: %w{fedora rhel amazon}, target_mode: true
 
         def initialize(new_resource, run_context)
           super(new_resource, run_context)

data/lib/chef/provider/package/chocolatey.rb

@@ -257,7 +257,8 @@ class Chef
           @choco_install_path ||= begin
             result = powershell_exec!(PATHFINDING_POWERSHELL_COMMAND).result
             result = "" if result.empty?
-            result
+            # Ensure consistent Windows path separators
+            result.empty? ? result : result.tr("/", "\\")
           end
         end
 
@@ -459,8 +460,10 @@ class Chef
         def get_local_pkg_dirs(base_dir)
           return [] unless Dir.exist?(base_dir)
 
-          Dir.entries(base_dir).select do |dir|
-            ::File.directory?(::File.join(base_dir, dir)) && !dir.start_with?(".")
+          with_file_lock_retry("reading chocolatey package directories") do
+            Dir.entries(base_dir).select do |dir|
+              ::File.directory?(::File.join(base_dir, dir)) && !dir.start_with?(".")
+            end
           end
         end
 
@@ -496,6 +499,60 @@ class Chef
           args
         end
 
+        # Wait for chocolatey to release file locks after package operations
+        # @param names [Array<String>] package names that were just installed/upgraded
+        def wait_for_chocolatey_lock_release(names)
+          return if names.empty?
+
+          Chef::Log.debug("Waiting for chocolatey to release file locks for packages: #{names.join(", ")}")
+
+          # Check for .chocolateyPending files and wait for them to be released
+          names.each do |name|
+            pending_file = ::File.join(choco_lib_path, name.downcase, ".chocolateyPending")
+            if ::File.exist?(pending_file)
+              with_file_lock_retry("waiting for .chocolateyPending file release: #{pending_file}") do
+                # Try to open the file exclusively - this will fail if it's locked
+                ::File.open(pending_file, "r") do |f|
+                  f.flock(::File::LOCK_EX | ::File::LOCK_NB) or raise Errno::EAGAIN
+                end
+              end
+            end
+          end
+        end
+
+        # Retry file operations that might encounter chocolatey process file locks
+        # @param operation_desc [String] description of the operation for logging
+        # @param max_retries [Integer] maximum number of retry attempts
+        # @param base_delay [Float] base delay between retries in seconds
+        def with_file_lock_retry(operation_desc, max_retries: 5, base_delay: 0.5)
+          retries = 0
+          begin
+            yield
+          rescue Errno::EACCES, Errno::EBUSY, Errno::EAGAIN, Errno::ENOENT => e
+            if retries < max_retries && file_lock_error?(e)
+              retries += 1
+              delay = base_delay * (2**(retries - 1)) # exponential backoff
+              Chef::Log.debug("Chocolatey file lock detected during #{operation_desc}, retrying in #{delay}s (attempt #{retries}/#{max_retries}): #{e.message}")
+              sleep(delay)
+              retry
+            else
+              Chef::Log.warn("Failed #{operation_desc} after #{retries} retries: #{e.message}")
+              raise e
+            end
+          end
+        end
+
+        # Check if the error is related to file locking by chocolatey processes
+        # @param error [Exception] the exception to check
+        # @return [Boolean] true if it's a chocolatey file lock related error
+        def file_lock_error?(error)
+          error.message&.include?("being used by another process") ||
+            error.message&.include?("chocolateyPending") ||
+            error.is_a?(Errno::EACCES) ||
+            error.is_a?(Errno::EBUSY) ||
+            error.is_a?(Errno::EAGAIN)
+        end
+
         # Fetch the local package versions from chocolatey
         def fetch_package_versions(base_dir, target_dirs, targets)
           pkg_versions = {}
@@ -511,25 +568,27 @@ class Chef
         # Grab the locally installed packages from the nupkg list
         # rather than shelling out to chocolatey
         def get_pkg_data(path)
-          t = ::File.join(path, "*.nupkg").gsub("\\", "/")
-          targets = Dir.glob(t)
-
-          # Extract package version from the first nuspec file in this nupkg
-          targets.each do |target|
-            Zip::File.open(target) do |zip_file|
-              zip_file.each do |entry|
-                next unless entry.name.end_with?(".nuspec")
-
-                f = entry.get_input_stream
-                doc = REXML::Document.new(f.read.to_s)
-                f.close
-                id = doc.elements["package/metadata/id"]
-                version = doc.elements["package/metadata/version"]
-                return { id.text.to_s.downcase => version.text } if id && version
+          with_file_lock_retry("get package data for #{path}") do
+            t = ::File.join(path, "*.nupkg")
+            targets = Dir.glob(t)
+
+            # Extract package version from the first nuspec file in this nupkg
+            targets.each do |target|
+              Zip::File.open(target) do |zip_file|
+                zip_file.each do |entry|
+                  next unless entry.name.end_with?(".nuspec")
+
+                  f = entry.get_input_stream
+                  doc = REXML::Document.new(f.read.to_s)
+                  f.close
+                  id = doc.elements["package/metadata/id"]
+                  version = doc.elements["package/metadata/version"]
+                  return { id.text.to_s.downcase => version.text } if id && version
+                end
               end
             end
+            {}
           end
-          {}
         rescue StandardError => e
           Chef::Log.warn("Failed to get package info for #{path}: #{e}")
           {}