chef 10.28.2 → 10.30.0.rc.0

data/lib/chef.rb

@@ -39,3 +39,4 @@ require 'chef/monkey_patches/dir'
 require 'chef/monkey_patches/string'
 require 'chef/monkey_patches/numeric'
 require 'chef/monkey_patches/object'
+require 'chef/monkey_patches/uri'

data/lib/chef/application/knife.rb

@@ -19,6 +19,8 @@ require 'chef/knife'
 require 'chef/application'
 require 'mixlib/log'
 require 'ohai/config'
+require 'chef/monkey_patches/net_http.rb'
+require 'chef/monkey_patches/uri.rb'
 
 class Chef::Application::Knife < Chef::Application
 

data/lib/chef/client.rb

@@ -160,7 +160,7 @@ class Chef
     # === Returns
     # boolean:: Return value from #do_run. Should always returns true.
     def run
-      if(Chef::Config[:client_fork] && Process.respond_to?(:fork))
+      if(Chef::Config[:client_fork] && Process.respond_to?(:fork) && !Chef::Platform.windows?)
         Chef::Log.info "Forking chef instance to converge..."
         pid = fork do
           Chef::Log.info "Forked instance now converging"

data/lib/chef/config.rb

@@ -204,7 +204,7 @@ class Chef
     client_fork false
     enable_reporting true
     enable_reporting_url_fatals false
-    
+
     # Set these to enable SSL authentication / mutual-authentication
     # with the server
     ssl_client_cert nil
@@ -326,5 +326,9 @@ class Chef
     # returns a platform specific path to the user home dir
     windows_home_path = ENV['SYSTEMDRIVE'] + ENV['HOMEPATH'] if ENV['SYSTEMDRIVE'] && ENV['HOMEPATH']
     user_home (ENV['HOME'] || windows_home_path || ENV['USERPROFILE'])
+
+    # CHEF-4631
+    # Enables the concatanation behavior instead of merging
+    deep_merge_array_concat true
   end
 end

data/lib/chef/cookbook_uploader.rb

@@ -134,24 +134,17 @@ class Chef
         # but we need the base64 encoding for the content-md5
         # header
         checksum64 = Base64.encode64([checksum].pack("H*")).strip
-        timestamp = Time.now.utc.iso8601
         file_contents = File.open(file, "rb") {|f| f.read}
-        # TODO - 5/28/2010, cw: make signing and sending the request streaming
-        sign_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(
-                                                                           :http_method => :put,
-                                                                           :path        => URI.parse(url).path,
-                                                                           :body        => file_contents,
-                                                                           :timestamp   => timestamp,
-                                                                           :user_id     => rest.client_name
-                                                                           )
-        headers = { 'content-type' => 'application/x-binary', 'content-md5' => checksum64, :accept => 'application/json' }
-        headers.merge!(sign_obj.sign(OpenSSL::PKey::RSA.new(rest.signing_key)))
+        headers = { 'content-type' => 'application/x-binary', 'content-md5' => checksum64, 'accept' => 'application/json' }
 
         begin
-          RestClient::Resource.new(url, :headers=>headers, :timeout=>1800, :open_timeout=>1800).put(file_contents)
+          url = rest.create_url(url)
+          rest.raw_http_request(:PUT, url, headers, file_contents)
           checksums_to_upload.delete(checksum)
-        rescue RestClient::Exception => e
-          Chef::Knife.ui.error("Failed to upload #@cookbook : #{e.message}\n#{e.response.body}")
+        rescue Net::HTTPServerException, Net::HTTPFatalError, Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError => e
+          error_message = "Failed to upload #{file} (#{checksum}) to #{url} : #{e.message}"
+          error_message << "\n#{e.response.body}" if e.respond_to?(:response)
+          Chef::Knife.ui.error(error_message)
           raise
         end
       end

data/lib/chef/data_bag.rb

@@ -196,11 +196,10 @@ class Chef
         if Chef::Config[:why_run]
           Chef::Log.warn("In whyrun mode, so NOT performing data bag save.")
         else
-          chef_server_rest.put_rest("data/#{@name}", self)
+          create
         end
       rescue Net::HTTPServerException => e
-        raise e unless e.response.code == "404"
-        chef_server_rest.post_rest("data", self)
+        raise e unless e.response.code == "409"
       end
       self
     end

data/lib/chef/exceptions.rb

@@ -62,6 +62,7 @@ class Chef
     class DsclCommandFailed < RuntimeError; end
     class UserIDNotFound < ArgumentError; end
     class GroupIDNotFound < ArgumentError; end
+    class ConflictingMembersInGroup < ArgumentError; end
     class InvalidResourceReference < RuntimeError; end
     class ResourceNotFound < RuntimeError; end
     class InvalidResourceSpecification < ArgumentError; end
@@ -187,6 +188,13 @@ class Chef
           result.to_json(*a)
         end
       end
-    end
+    end # CookbookVersionSelection
+
+    # When the server sends a redirect, RFC 2616 states a user-agent should
+    # not follow it with a method other than GET or HEAD, unless a specific
+    # action is taken by the user. A redirect received as response to a
+    # non-GET and non-HEAD request will thus raise an InvalidRedirect.
+    class InvalidRedirect < StandardError; end
+
   end
 end

data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb

@@ -40,6 +40,10 @@ readable by chef-client.
 E
             error_description.section("Relevant Config Settings:",<<-E)
 validation_key "#{api_key}"
+E
+          when Chef::Exceptions::InvalidRedirect
+            error_description.section("Invalid Redirect:",<<-E)
+Change your server location in client.rb to the server's FQDN to avoid unwanted redirections.
 E
           else
             "#{exception.class.name}: #{exception.message}"

data/lib/chef/knife.rb

@@ -429,6 +429,9 @@ class Chef
       when Chef::Exceptions::PrivateKeyMissing
         ui.error "Your private key could not be loaded from #{api_key}"
         ui.info  "Check your configuration file and ensure that your private key is readable"
+      when Chef::Exceptions::InvalidRedirect
+        ui.error "Invalid Redirect: #{e.message}"
+        ui.info  "Change your server location in knife.rb to the server's FQDN to avoid unwanted redirections."
       else
         ui.error "#{e.class.name}: #{e.message}"
       end

data/lib/chef/mixin/deep_merge.rb

@@ -8,9 +8,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -35,17 +35,24 @@ class Chef
         DeepMerge.deep_merge(second, first, {:preserve_unmergeables => false})
       end
 
+      def horizontal_merge(first, second)
+        first  = Mash.new(first)  unless first.kind_of?(Mash)
+        second = Mash.new(second) unless second.kind_of?(Mash)
+
+        DeepMerge.deep_merge(second, first, {:preserve_unmergeables => false, :horizontal_precedence => true})
+      end
+
       # Inherited roles use the knockout_prefix array subtraction functionality
       # This is likely to go away in Chef >= 0.11
       def role_merge(first, second)
         first  = Mash.new(first)  unless first.kind_of?(Mash)
         second = Mash.new(second) unless second.kind_of?(Mash)
 
-        DeepMerge.deep_merge(second, first, {:knockout_prefix => "!merge", :preserve_unmergeables => false})
+        DeepMerge.deep_merge(second, first, {:preserve_unmergeables => false, :knockout_prefix => "!merge", :horizontal_precedence => true})
       end
-    
+
       class InvalidParameter < StandardError; end
-      
+
       # Deep Merge core documentation.
       # deep_merge! method permits merging of arbitrary child elements. The two top level
       # elements must be hashes. These hashes can contain unlimited (to stack limit) levels
@@ -60,7 +67,7 @@ class Chef
       #   Results: {:x => [1,2,3,4,5,'6'], :y => 2}
       # By default, "deep_merge!" will overwrite any unmergeables and merge everything else.
       # To avoid this, use "deep_merge" (no bang/exclamation mark)
-      # 
+      #
       # Options:
       #   Options are specified in the last parameter passed, which should be in hash format:
       #   hash.deep_merge!({:x => [1,2]}, {:knockout_prefix => '!merge'})
@@ -78,7 +85,7 @@ class Chef
       #      Set to true to get console output of merge process for debugging
       #
       # Selected Options Details:
-      # :knockout_prefix => The purpose of this is to provide a way to remove elements 
+      # :knockout_prefix => The purpose of this is to provide a way to remove elements
       #   from existing Hash by specifying them in a special way in incoming hash
       #    source = {:x => ['!merge:1', '2']}
       #    dest   = {:x => ['1', '3']}
@@ -96,9 +103,9 @@ class Chef
       #   dest   = {:x => ['5','6','7,8']}
       #   dest.deep_merge!(source, {:unpack_arrays => ','})
       #   Results: {:x => ['1','2','3','4','5','6','7','8'}
-      #   Why: If receiving data from an HTML form, this makes it easy for a checkbox 
+      #   Why: If receiving data from an HTML form, this makes it easy for a checkbox
       #    to pass multiple values from within a single HTML element
-      # 
+      #
       # There are many tests for this library - and you can learn more about the features
       # and usages of deep_merge! by just browsing the test examples
       def deep_merge!(source, dest, options = {})
@@ -131,13 +138,15 @@ class Chef
                 dest[src_key] = deep_merge!(src_value, dest[src_key], options.merge(:debug_indent => di + '  '))
               else # dest[src_key] doesn't exist so we want to create and overwrite it (but we do this via deep_merge!)
                 puts "#{di} ==>merging over: #{src_key.inspect} => #{src_value.inspect}" if merge_debug
-                # note: we rescue here b/c some classes respond to "dup" but don't implement it (Numeric, TrueClass, FalseClass, NilClass among maybe others)
-                begin
-                  src_dup = src_value.dup # we dup src_value if possible because we're going to merge into it (since dest is empty)
-                rescue TypeError
-                  src_dup = src_value
-                end
-                dest[src_key] = deep_merge!(src_value, src_dup, options.merge(:debug_indent => di + '  '))
+                # NOTE: We are doing this via deep_merge! because the
+                # src_value can still contain merge directives such as
+                # knockout_prefix.
+                # Historically we have been dup'ing the src_value here
+                # and merging src_value with src_value.dup. This logic
+                # is not applicable anymore because it results in
+                # duplicates when merging two array values with
+                # :horizontal_precedence = true.
+                dest[src_key] = deep_merge!(src_value, { }, options.merge(:debug_indent => di + '  '))
               end
             else # dest isn't a hash, so we overwrite it completely (if permitted)
               if overwrite_unmergeable
@@ -181,7 +190,30 @@ class Chef
               puts if merge_debug
             end
             puts "#{di} merging arrays: #{source.inspect} :: #{dest.inspect}" if merge_debug
-            dest = dest | source
+            # Behavior of merging arrays has changed with CHEF-4631.
+            # Old behavior was to deduplicate and merge the
+            # arrays. New behavior is to concatanate the arrays if the
+            # merge is happening on the same attribute precedence
+            # level and pick the value from the higher precedence
+            # level if merge is being done across the precedence
+            # levels.
+            # Old behavior can still be used by setting
+            # :deep_merge_array_concat to false in config.
+            if Chef::Config[:deep_merge_array_concat]
+              # If :horizontal_precedence is set, this means we are
+              # merging two arrays at the same precendence level so
+              # concatanate them. Otherwise this is a merge across
+              # precedence levels which means we will pick the one
+              # from higher precedence level.
+              if options[:horizontal_precedence]
+                dest += source
+              else
+                dest = source
+              end
+            else
+              # Pre CHEF-4631 behavior for array merging
+              dest = dest | source
+            end
             dest.sort! if sort_merged_arrays
           elsif overwrite_unmergeable
             puts "#{di} overwriting dest: #{source.inspect} -over-> #{dest.inspect}" if merge_debug
@@ -194,7 +226,7 @@ class Chef
         puts "#{di}Returning #{dest.inspect}" if merge_debug
         dest
       end # deep_merge!
-     
+
       # allows deep_merge! to uniformly handle overwriting of unmergeable entities
       def overwrite_unmergeables(source, dest, options)
         merge_debug = options[:merge_debug] || false
@@ -229,7 +261,7 @@ class Chef
       def deep_merge(source, dest, options = {})
         deep_merge!(source.dup, dest.dup, options)
       end
-     
+
       def clear_or_nil(obj)
         if obj.respond_to?(:clear)
           obj.clear
@@ -238,9 +270,9 @@ class Chef
         end
         obj
       end
-     
+
     end
-     
+
   end
 end
 

data/lib/chef/monkey_patches/net_http.rb

@@ -20,3 +20,37 @@ module Net
     include ChefNetHTTPExceptionExtensions
   end
 end
+
+if Net::HTTP.instance_methods.map {|m| m.to_s}.include?("proxy_uri")
+  begin
+    # Ruby 2.0 changes the way proxy support is implemented in Net::HTTP.
+    # The implementation does not work correctly with IPv6 literals because it
+    # concatenates the address into a URI without adding square brackets for
+    # IPv6 addresses.
+    #
+    # If the bug is present, a call to Net::HTTP#proxy_uri when the host is an
+    # IPv6 address will fail by creating an invalid URI, like so:
+    #
+    #    ruby -r'net/http' -e 'Net::HTTP.new("::1", 80).proxy_uri'
+    #    /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/generic.rb:214:in `initialize': the scheme http does not accept registry part: ::1:80 (or bad hostname?) (URI::InvalidURIError)
+    #    	from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/http.rb:84:in `initialize'
+    #    	from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:214:in `new'
+    #    	from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:214:in `parse'
+    #    	from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:747:in `parse'
+    #    	from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/uri/common.rb:994:in `URI'
+    #    	from /Users/ddeleo/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:1027:in `proxy_uri'
+    #    	from -e:1:in `<main>'
+    #
+    # https://bugs.ruby-lang.org/issues/9129
+    Net::HTTP.new("::1", 80).proxy_uri
+  rescue URI::InvalidURIError
+    class Net::HTTP
+
+      def proxy_uri # :nodoc:
+        ipv6_safe_addr = address.to_s.include?(":") ? "[#{address}]" : address
+        @proxy_uri ||= URI("http://#{ipv6_safe_addr}:#{port}").find_proxy
+      end
+
+    end
+  end
+end

data/lib/chef/monkey_patches/uri.rb

@@ -0,0 +1,70 @@
+# Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+# You can redistribute it and/or modify it under either the terms of the
+# 2-clause BSDL (see the file BSDL), or the conditions below:
+#
+#   1. You may make and give away verbatim copies of the source form of the
+#      software without restriction, provided that you duplicate all of the
+#      original copyright notices and associated disclaimers.
+#
+#   2. You may modify your copy of the software in any way, provided that
+#      you do at least ONE of the following:
+#
+#        a) place your modifications in the Public Domain or otherwise
+#           make them Freely Available, such as by posting said
+# 	  modifications to Usenet or an equivalent medium, or by allowing
+# 	  the author to include your modifications in the software.
+#
+#        b) use the modified software only within your corporation or
+#           organization.
+#
+#        c) give non-standard binaries non-standard names, with
+#           instructions on where to get the original software distribution.
+#
+#        d) make other distribution arrangements with the author.
+#
+#   3. You may distribute the software in object code or binary form,
+#      provided that you do at least ONE of the following:
+#
+#        a) distribute the binaries and library files of the software,
+# 	  together with instructions (in the manual page or equivalent)
+# 	  on where to get the original distribution.
+#
+#        b) accompany the distribution with the machine-readable source of
+# 	  the software.
+#
+#        c) give non-standard binaries non-standard names, with
+#           instructions on where to get the original software distribution.
+#
+#        d) make other distribution arrangements with the author.
+#
+#   4. You may modify and include the part of the software into any other
+#      software (possibly commercial).  But some files in the distribution
+#      are not written by the author, so that they are not under these terms.
+#
+#      For the list of those files and their copying conditions, see the
+#      file LEGAL.
+#
+#   5. The scripts and library files supplied as input to or produced as
+#      output from the software do not automatically fall under the
+#      copyright of the software, but belong to whomever generated them,
+#      and may be sold commercially, and may be aggregated with this
+#      software.
+#
+#   6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+#      IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+#      WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+#      PURPOSE.
+
+require 'uri'
+
+unless URI::Generic.instance_methods.map {|m| m.to_s}.include?("hostname")
+
+  class URI::Generic
+    # Copied from the MRI source for Ruby 1.9.3
+    # File lib/uri/generic.rb, line 659
+    def hostname
+      v = self.host
+      /\A\[(.*)\]\z/ =~ v ? $1 : v
+    end
+  end
+end

data/lib/chef/node.rb

@@ -391,7 +391,7 @@ class Chef
     def consume_attributes(attrs)
       normal_attrs_to_merge = consume_run_list(attrs)
       Chef::Log.debug("Applying attributes from json file")
-      @normal_attrs = Chef::Mixin::DeepMerge.merge(@normal_attrs,normal_attrs_to_merge)
+      @normal_attrs = Chef::Mixin::DeepMerge.horizontal_merge(@normal_attrs,normal_attrs_to_merge)
       self.tags # make sure they're defined
     end
 
@@ -450,11 +450,11 @@ class Chef
     def apply_expansion_attributes(expansion)
       load_chef_environment_object = (chef_environment == "_default" ? nil : Chef::Environment.load(chef_environment))
       environment_default_attrs = load_chef_environment_object.nil? ? {} : load_chef_environment_object.default_attributes
-      default_before_roles = Chef::Mixin::DeepMerge.merge(default_attrs, environment_default_attrs)
-      @default_attrs = Chef::Mixin::DeepMerge.merge(default_before_roles, expansion.default_attrs)
+      default_before_roles = Chef::Mixin::DeepMerge.horizontal_merge(default_attrs, environment_default_attrs)
+      @default_attrs = Chef::Mixin::DeepMerge.horizontal_merge(default_before_roles, expansion.default_attrs)
       environment_override_attrs = load_chef_environment_object.nil? ? {} : load_chef_environment_object.override_attributes
-      overrides_before_environments = Chef::Mixin::DeepMerge.merge(override_attrs, expansion.override_attrs)
-      @override_attrs = Chef::Mixin::DeepMerge.merge(overrides_before_environments, environment_override_attrs)
+      overrides_before_environments = Chef::Mixin::DeepMerge.horizontal_merge(override_attrs, expansion.override_attrs)
+      @override_attrs = Chef::Mixin::DeepMerge.horizontal_merge(overrides_before_environments, environment_override_attrs)
     end
 
     # Transform the node to a Hash

data/lib/chef/platform.rb

@@ -331,6 +331,7 @@ class Chef
             :route => Chef::Provider::Route,
             :ifconfig => Chef::Provider::Ifconfig,
             :ruby_block => Chef::Provider::RubyBlock,
+            :whyrun_safe_ruby_block => Chef::Provider::WhyrunSafeRubyBlock,
             :erl_call => Chef::Provider::ErlCall,
             :log => Chef::Provider::Log::ChefLog
           }

data/lib/chef/provider/cookbook_file.rb

@@ -33,7 +33,7 @@ class Chef
       end
 
       def action_create
-        if file_cache_location && content_stale? 
+        if file_cache_location && content_stale?
           description = []
           description << "create a new cookbook_file #{@new_resource.path}"
           description << diff_current(file_cache_location)
@@ -83,22 +83,30 @@ class Chef
         # On the Windows platform, files in the temp directory
         # default to not inherit unless the new resource specifies rights of
         # some sort. Here we ensure that even when no rights are
-        # specified, the dacl's inheritance flag is set. 
+        # specified, the dacl's inheritance flag is set.
         if Chef::Platform.windows? &&
             @new_resource.rights.nil? &&
             @new_resource.group.nil? &&
             @new_resource.owner.nil? &&
             @new_resource.deny_rights.nil?
-          
+
           securable_tempfile = Chef::ReservedNames::Win32::Security::SecurableObject.new(tempfile_path)
 
           # No rights were specified, so the dacl will have no explicit aces
           default_dacl = Chef::ReservedNames::Win32::Security::ACL.create([])
 
-          # In setting this default dacl, set inheritance to true 
+          # In setting this default dacl, set inheritance to true
           securable_tempfile.set_dacl(default_dacl, true)
-        end        
-      end      
+        end
+      end
+
+      private
+
+      def managing_content?
+        return true if @new_resource.checksum
+        return true if !@new_resource.source.nil? && @action != :create_if_missing
+        false
+      end
 
     end
   end