chef 11.12.0.alpha.1 → 11.12.0.rc.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/chef/api_client/registration.rb +46 -9
- data/lib/chef/application.rb +1 -0
- data/lib/chef/application/client.rb +25 -24
- data/lib/chef/client.rb +34 -0
- data/lib/chef/config.rb +11 -0
- data/lib/chef/cookbook/chefignore.rb +10 -2
- data/lib/chef/cookbook/metadata.rb +31 -3
- data/lib/chef/cookbook/synchronizer.rb +2 -2
- data/lib/chef/cookbook/syntax_check.rb +4 -4
- data/lib/chef/encrypted_data_bag_item.rb +37 -1
- data/lib/chef/exceptions.rb +1 -0
- data/lib/chef/guard_interpreter/default_guard_interpreter.rb +42 -0
- data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +122 -0
- data/lib/chef/http.rb +0 -1
- data/lib/chef/http/decompressor.rb +7 -4
- data/lib/chef/http/simple.rb +5 -0
- data/lib/chef/http/validate_content_length.rb +28 -12
- data/lib/chef/knife.rb +1 -0
- data/lib/chef/knife/client_bulk_delete.rb +48 -9
- data/lib/chef/knife/client_delete.rb +4 -4
- data/lib/chef/knife/cookbook_bulk_delete.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +17 -7
- data/lib/chef/knife/core/bootstrap_context.rb +1 -1
- data/lib/chef/knife/core/ui.rb +42 -5
- data/lib/chef/knife/node_run_list_add.rb +31 -2
- data/lib/chef/knife/ssh.rb +44 -31
- data/lib/chef/knife/ssl_check.rb +213 -0
- data/lib/chef/knife/ssl_fetch.rb +145 -0
- data/lib/chef/mixin/deep_merge.rb +13 -5
- data/lib/chef/mixin/shell_out.rb +9 -3
- data/lib/chef/node.rb +23 -4
- data/lib/chef/node/immutable_collections.rb +32 -0
- data/lib/chef/platform/provider_mapping.rb +21 -18
- data/lib/chef/platform/query_helpers.rb +10 -2
- data/lib/chef/policy_builder/expand_node_object.rb +3 -6
- data/lib/chef/provider/cron.rb +25 -3
- data/lib/chef/provider/mount/mount.rb +1 -1
- data/lib/chef/provider/package/dpkg.rb +2 -1
- data/lib/chef/provider/package/windows.rb +80 -0
- data/lib/chef/provider/package/windows/msi.rb +69 -0
- data/lib/chef/provider/powershell_script.rb +19 -6
- data/lib/chef/provider/service/solaris.rb +11 -7
- data/lib/chef/resource.rb +18 -5
- data/lib/chef/resource/conditional.rb +20 -7
- data/lib/chef/resource/cron.rb +18 -2
- data/lib/chef/resource/execute.rb +0 -2
- data/lib/chef/resource/powershell_script.rb +23 -1
- data/lib/chef/resource/script.rb +25 -0
- data/lib/chef/resource/subversion.rb +4 -0
- data/lib/chef/resource/windows_package.rb +79 -0
- data/lib/chef/resource/windows_script.rb +0 -5
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/rest.rb +6 -1
- data/lib/chef/run_context.rb +22 -2
- data/lib/chef/run_context/cookbook_compiler.rb +12 -0
- data/lib/chef/util/editor.rb +92 -0
- data/lib/chef/util/file_edit.rb +22 -54
- data/lib/chef/version.rb +2 -2
- data/lib/chef/win32/api/installer.rb +166 -0
- data/lib/chef/win32/version.rb +8 -0
- data/spec/data/standalone_cookbook/Gemfile +1 -0
- data/spec/data/standalone_cookbook/chefignore +9 -0
- data/spec/data/standalone_cookbook/recipes/default.rb +3 -0
- data/spec/data/standalone_cookbook/vendor/bundle/ruby/2.0.0/gems/multi_json-1.9.0/lib/multi_json.rb +1 -0
- data/spec/functional/resource/powershell_spec.rb +262 -1
- data/spec/functional/win32/versions_spec.rb +3 -3
- data/spec/integration/knife/chefignore_spec.rb +1 -2
- data/spec/integration/knife/raw_spec.rb +8 -13
- data/spec/integration/knife/redirection_spec.rb +6 -14
- data/spec/integration/solo/solo_spec.rb +19 -0
- data/spec/support/shared/functional/windows_script.rb +1 -1
- data/spec/support/shared/integration/app_server_support.rb +42 -0
- data/spec/support/shared/integration/integration_helper.rb +1 -0
- data/spec/support/shared/unit/script_resource.rb +38 -0
- data/spec/unit/api_client/registration_spec.rb +109 -38
- data/spec/unit/application/client_spec.rb +48 -1
- data/spec/unit/cookbook/chefignore_spec.rb +10 -0
- data/spec/unit/cookbook/metadata_spec.rb +45 -1
- data/spec/unit/cookbook/syntax_check_spec.rb +28 -0
- data/spec/unit/cookbook_spec.rb +0 -10
- data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +56 -0
- data/spec/unit/http/simple_spec.rb +32 -0
- data/spec/unit/http/validate_content_length_spec.rb +187 -0
- data/spec/unit/knife/bootstrap_spec.rb +13 -4
- data/spec/unit/knife/client_bulk_delete_spec.rb +123 -38
- data/spec/unit/knife/client_delete_spec.rb +4 -4
- data/spec/unit/knife/cookbook_upload_spec.rb +181 -88
- data/spec/unit/knife/core/bootstrap_context_spec.rb +11 -1
- data/spec/unit/knife/core/ui_spec.rb +109 -38
- data/spec/unit/knife/node_run_list_add_spec.rb +24 -1
- data/spec/unit/knife/ssh_spec.rb +17 -6
- data/spec/unit/knife/ssl_check_spec.rb +187 -0
- data/spec/unit/knife/ssl_fetch_spec.rb +151 -0
- data/spec/unit/mixin/deep_merge_spec.rb +17 -0
- data/spec/unit/node/immutable_collections_spec.rb +55 -0
- data/spec/unit/node_spec.rb +9 -0
- data/spec/unit/platform/query_helpers_spec.rb +32 -0
- data/spec/unit/platform_spec.rb +193 -175
- data/spec/unit/policy_builder/expand_node_object_spec.rb +1 -1
- data/spec/unit/provider/cron_spec.rb +175 -1
- data/spec/unit/provider/mount/mount_spec.rb +33 -3
- data/spec/unit/provider/package/dpkg_spec.rb +4 -0
- data/spec/unit/provider/package/windows/msi_spec.rb +60 -0
- data/spec/unit/provider/package/windows_spec.rb +80 -0
- data/spec/unit/provider/service/macosx_spec.rb +3 -3
- data/spec/unit/provider/service/solaris_smf_service_spec.rb +35 -10
- data/spec/unit/pure_application_spec.rb +32 -0
- data/spec/unit/recipe_spec.rb +4 -0
- data/spec/unit/resource/conditional_spec.rb +13 -12
- data/spec/unit/resource/cron_spec.rb +7 -2
- data/spec/unit/resource/powershell_spec.rb +85 -2
- data/spec/unit/resource/subversion_spec.rb +5 -0
- data/spec/unit/resource/windows_package_spec.rb +74 -0
- data/spec/unit/resource_spec.rb +23 -1
- data/spec/unit/rest_spec.rb +15 -0
- data/spec/unit/run_context/cookbook_compiler_spec.rb +12 -0
- data/spec/unit/run_context_spec.rb +7 -0
- data/spec/unit/util/editor_spec.rb +152 -0
- data/spec/unit/util/file_edit_spec.rb +37 -1
- metadata +41 -30
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 60391bafa32bf5cc32d6e20d2d7e4d73851b4831
|
4
|
+
data.tar.gz: 35fe3189610b04474bf26cf2e4b6d6f3285c383e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a1b8ef49c08c01859feaf9dbe315fa7d6be0e9c8c27db37008fd725ee84e96685180db220612289cec70b2757ba61a810f56380016db5529a4b37037fdb349e3
|
7
|
+
data.tar.gz: 24f43562e5917d82395fd74f9a5ef307890f3496264ace9369ef5f12ab82cd03809a1a86b7c4e26a5bb2a1b58cf4ab4ae3fdc5c11a5f581cfdb37c2d809678b9
|
@@ -30,14 +30,13 @@ class Chef
|
|
30
30
|
# a new client/node identity by borrowing the validator client identity
|
31
31
|
# when creating a new client.
|
32
32
|
class Registration
|
33
|
-
attr_reader :private_key
|
34
33
|
attr_reader :destination
|
35
34
|
attr_reader :name
|
36
35
|
|
37
36
|
def initialize(name, destination)
|
38
37
|
@name = name
|
39
38
|
@destination = destination
|
40
|
-
@
|
39
|
+
@server_generated_private_key = nil
|
41
40
|
end
|
42
41
|
|
43
42
|
# Runs the client registration process, including creating the client on
|
@@ -90,29 +89,67 @@ class Chef
|
|
90
89
|
end
|
91
90
|
|
92
91
|
def create
|
93
|
-
response = http_api.post("clients",
|
94
|
-
@
|
92
|
+
response = http_api.post("clients", post_data)
|
93
|
+
@server_generated_private_key = response["private_key"]
|
95
94
|
response
|
96
95
|
end
|
97
96
|
|
98
97
|
def update
|
99
|
-
response = http_api.put("clients/#{name}",
|
100
|
-
:admin => false,
|
101
|
-
:private_key => true)
|
98
|
+
response = http_api.put("clients/#{name}", put_data)
|
102
99
|
if response.respond_to?(:private_key) # Chef 11
|
103
|
-
@
|
100
|
+
@server_generated_private_key = response.private_key
|
104
101
|
else # Chef 10
|
105
|
-
@
|
102
|
+
@server_generated_private_key = response["private_key"]
|
106
103
|
end
|
107
104
|
response
|
108
105
|
end
|
109
106
|
|
107
|
+
def put_data
|
108
|
+
base_put_data = { :name => name, :admin => false }
|
109
|
+
if self_generate_keys?
|
110
|
+
base_put_data[:public_key] = generated_public_key
|
111
|
+
else
|
112
|
+
base_put_data[:private_key] = true
|
113
|
+
end
|
114
|
+
base_put_data
|
115
|
+
end
|
116
|
+
|
117
|
+
def post_data
|
118
|
+
post_data = { :name => name, :admin => false }
|
119
|
+
post_data[:public_key] = generated_public_key if self_generate_keys?
|
120
|
+
post_data
|
121
|
+
end
|
122
|
+
|
123
|
+
|
110
124
|
def http_api
|
111
125
|
@http_api_as_validator ||= Chef::REST.new(Chef::Config[:chef_server_url],
|
112
126
|
Chef::Config[:validation_client_name],
|
113
127
|
Chef::Config[:validation_key])
|
114
128
|
end
|
115
129
|
|
130
|
+
# Whether or not to generate keys locally and post the public key to the
|
131
|
+
# server. Delegates to `Chef::Config.local_key_generation`. Servers
|
132
|
+
# before 11.0 do not support this feature.
|
133
|
+
def self_generate_keys?
|
134
|
+
Chef::Config.local_key_generation
|
135
|
+
end
|
136
|
+
|
137
|
+
def private_key
|
138
|
+
if self_generate_keys?
|
139
|
+
generated_private_key.to_pem
|
140
|
+
else
|
141
|
+
@server_generated_private_key
|
142
|
+
end
|
143
|
+
end
|
144
|
+
|
145
|
+
def generated_private_key
|
146
|
+
@generated_key ||= OpenSSL::PKey::RSA.generate(2048)
|
147
|
+
end
|
148
|
+
|
149
|
+
def generated_public_key
|
150
|
+
generated_private_key.public_key.to_pem
|
151
|
+
end
|
152
|
+
|
116
153
|
def file_flags
|
117
154
|
base_flags = File::CREAT|File::TRUNC|File::RDWR
|
118
155
|
# Windows doesn't have symlinks, so it doesn't have NOFOLLOW
|
data/lib/chef/application.rb
CHANGED
@@ -25,7 +25,6 @@ require 'chef/log'
|
|
25
25
|
require 'chef/config_fetcher'
|
26
26
|
require 'chef/handler/error_report'
|
27
27
|
|
28
|
-
|
29
28
|
class Chef::Application::Client < Chef::Application
|
30
29
|
|
31
30
|
# Mimic self_pipe sleep from Unicorn to capture signals safely
|
@@ -228,12 +227,10 @@ class Chef::Application::Client < Chef::Application
|
|
228
227
|
:boolean => true
|
229
228
|
end
|
230
229
|
|
231
|
-
|
230
|
+
IMMEDIATE_RUN_SIGNAL = "1".freeze
|
231
|
+
GRACEFUL_EXIT_SIGNAL = "2".freeze
|
232
232
|
|
233
|
-
|
234
|
-
super
|
235
|
-
@exit_gracefully = false
|
236
|
-
end
|
233
|
+
attr_reader :chef_client_json
|
237
234
|
|
238
235
|
# Reconfigure the chef client
|
239
236
|
# Re-open the JSON attributes and load them into the node
|
@@ -295,13 +292,12 @@ class Chef::Application::Client < Chef::Application
|
|
295
292
|
|
296
293
|
trap("USR1") do
|
297
294
|
Chef::Log.info("SIGUSR1 received, waking up")
|
298
|
-
SELF_PIPE[1].putc(
|
295
|
+
SELF_PIPE[1].putc(IMMEDIATE_RUN_SIGNAL) # wakeup master process from select
|
299
296
|
end
|
300
297
|
|
301
298
|
trap("TERM") do
|
302
299
|
Chef::Log.info("SIGTERM received, exiting gracefully")
|
303
|
-
|
304
|
-
SELF_PIPE[1].putc('.')
|
300
|
+
SELF_PIPE[1].putc(GRACEFUL_EXIT_SIGNAL)
|
305
301
|
end
|
306
302
|
end
|
307
303
|
|
@@ -313,23 +309,24 @@ class Chef::Application::Client < Chef::Application
|
|
313
309
|
Chef::Daemon.daemonize("chef-client")
|
314
310
|
end
|
315
311
|
|
312
|
+
signal = nil
|
313
|
+
|
316
314
|
loop do
|
317
315
|
begin
|
318
|
-
Chef::Application.exit!("Exiting", 0) if
|
319
|
-
|
316
|
+
Chef::Application.exit!("Exiting", 0) if signal == GRACEFUL_EXIT_SIGNAL
|
317
|
+
|
318
|
+
if Chef::Config[:splay] and signal != IMMEDIATE_RUN_SIGNAL
|
320
319
|
splay = rand Chef::Config[:splay]
|
321
320
|
Chef::Log.debug("Splay sleep #{splay} seconds")
|
322
321
|
sleep splay
|
323
322
|
end
|
323
|
+
|
324
|
+
signal = nil
|
324
325
|
run_chef_client(Chef::Config[:specific_recipes])
|
326
|
+
|
325
327
|
if Chef::Config[:interval]
|
326
328
|
Chef::Log.debug("Sleeping for #{Chef::Config[:interval]} seconds")
|
327
|
-
|
328
|
-
client_sleep Chef::Config[:interval]
|
329
|
-
else
|
330
|
-
# Windows
|
331
|
-
sleep Chef::Config[:interval]
|
332
|
-
end
|
329
|
+
signal = interval_sleep
|
333
330
|
else
|
334
331
|
Chef::Application.exit! "Exiting", 0
|
335
332
|
end
|
@@ -339,12 +336,7 @@ class Chef::Application::Client < Chef::Application
|
|
339
336
|
if Chef::Config[:interval]
|
340
337
|
Chef::Log.error("#{e.class}: #{e}")
|
341
338
|
Chef::Log.error("Sleeping for #{Chef::Config[:interval]} seconds before trying again")
|
342
|
-
|
343
|
-
client_sleep Chef::Config[:interval]
|
344
|
-
else
|
345
|
-
# Windows
|
346
|
-
sleep Chef::Config[:interval]
|
347
|
-
end
|
339
|
+
signal = interval_sleep
|
348
340
|
retry
|
349
341
|
else
|
350
342
|
Chef::Application.fatal!("#{e.class}: #{e.message}", 1)
|
@@ -355,8 +347,17 @@ class Chef::Application::Client < Chef::Application
|
|
355
347
|
|
356
348
|
private
|
357
349
|
|
350
|
+
def interval_sleep
|
351
|
+
unless SELF_PIPE.empty?
|
352
|
+
client_sleep Chef::Config[:interval]
|
353
|
+
else
|
354
|
+
# Windows
|
355
|
+
sleep Chef::Config[:interval]
|
356
|
+
end
|
357
|
+
end
|
358
|
+
|
358
359
|
def client_sleep(sec)
|
359
360
|
IO.select([ SELF_PIPE[0] ], nil, nil, sec) or return
|
360
|
-
SELF_PIPE[0].getc
|
361
|
+
SELF_PIPE[0].getc.chr
|
361
362
|
end
|
362
363
|
end
|
data/lib/chef/client.rb
CHANGED
@@ -401,6 +401,9 @@ class Chef
|
|
401
401
|
# don't add code that may fail before entering this section to be sure to release lock
|
402
402
|
begin
|
403
403
|
runlock.save_pid
|
404
|
+
|
405
|
+
check_ssl_config
|
406
|
+
|
404
407
|
request_id = Chef::RequestID.instance.request_id
|
405
408
|
run_context = nil
|
406
409
|
@events.run_start(Chef::VERSION)
|
@@ -489,6 +492,37 @@ class Chef
|
|
489
492
|
Chef::ReservedNames::Win32::Security.has_admin_privileges?
|
490
493
|
end
|
491
494
|
|
495
|
+
def check_ssl_config
|
496
|
+
if Chef::Config[:ssl_verify_mode] == :verify_none and !Chef::Config[:verify_api_cert]
|
497
|
+
Chef::Log.warn(<<-WARN)
|
498
|
+
|
499
|
+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
500
|
+
SSL validation of HTTPS requests is disabled. HTTPS connections are still
|
501
|
+
encrypted, but chef is not able to detect forged replies or man in the middle
|
502
|
+
attacks.
|
503
|
+
|
504
|
+
To fix this issue add an entry like this to your configuration file:
|
505
|
+
|
506
|
+
```
|
507
|
+
# Verify all HTTPS connections (recommended)
|
508
|
+
ssl_verify_mode :verify_peer
|
509
|
+
|
510
|
+
# OR, Verify only connections to chef-server
|
511
|
+
verify_api_cert true
|
512
|
+
```
|
513
|
+
|
514
|
+
To check your SSL configuration, or troubleshoot errors, you can use the
|
515
|
+
`knife ssl check` command like so:
|
516
|
+
|
517
|
+
```
|
518
|
+
knife ssl check -c #{Chef::Config.config_file}
|
519
|
+
```
|
520
|
+
|
521
|
+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
522
|
+
WARN
|
523
|
+
end
|
524
|
+
end
|
525
|
+
|
492
526
|
end
|
493
527
|
end
|
494
528
|
|
data/lib/chef/config.rb
CHANGED
@@ -432,6 +432,17 @@ class Chef
|
|
432
432
|
default(:validation_key) { chef_zero.enabled ? nil : platform_specific_path("/etc/chef/validation.pem") }
|
433
433
|
default :validation_client_name, "chef-validator"
|
434
434
|
|
435
|
+
# When creating a new client via the validation_client account, Chef 11
|
436
|
+
# servers allow the client to generate a key pair locally and sent the
|
437
|
+
# public key to the server. This is more secure and helps offload work from
|
438
|
+
# the server, enhancing scalability. If enabled and the remote server
|
439
|
+
# implements only the Chef 10 API, client registration will not work
|
440
|
+
# properly.
|
441
|
+
#
|
442
|
+
# The default value is `false` (Server generates client keys). Set to
|
443
|
+
# `true` to enable client-side key generation.
|
444
|
+
default(:local_key_generation) { false }
|
445
|
+
|
435
446
|
# Zypper package provider gpg checks. Set to true to enable package
|
436
447
|
# gpg signature checking. This will be default in the
|
437
448
|
# future. Setting to false disables the warnings.
|
@@ -25,7 +25,11 @@ class Chef
|
|
25
25
|
attr_reader :ignores
|
26
26
|
|
27
27
|
def initialize(ignore_file_or_repo)
|
28
|
+
# Check the 'ignore_file_or_repo' path first and then look in the parent directory
|
29
|
+
# to handle both the chef repo cookbook layout and a standalone cookbook
|
28
30
|
@ignore_file = find_ignore_file(ignore_file_or_repo)
|
31
|
+
@ignore_file = find_ignore_file(File.dirname(ignore_file_or_repo)) unless readable_file_or_symlink?(@ignore_file)
|
32
|
+
|
29
33
|
@ignores = parse_ignore_file
|
30
34
|
end
|
31
35
|
|
@@ -43,8 +47,7 @@ class Chef
|
|
43
47
|
|
44
48
|
def parse_ignore_file
|
45
49
|
ignore_globs = []
|
46
|
-
if
|
47
|
-
(File.file?(@ignore_file) || File.symlink?(@ignore_file))
|
50
|
+
if readable_file_or_symlink?(@ignore_file)
|
48
51
|
File.foreach(@ignore_file) do |line|
|
49
52
|
ignore_globs << line.strip unless line =~ COMMENTS_AND_WHITESPACE
|
50
53
|
end
|
@@ -61,6 +64,11 @@ class Chef
|
|
61
64
|
File.join(path, 'chefignore')
|
62
65
|
end
|
63
66
|
end
|
67
|
+
|
68
|
+
def readable_file_or_symlink?(path)
|
69
|
+
File.exist?(@ignore_file) && File.readable?(@ignore_file) &&
|
70
|
+
(File.file?(@ignore_file) || File.symlink?(@ignore_file))
|
71
|
+
end
|
64
72
|
end
|
65
73
|
end
|
66
74
|
end
|
@@ -391,14 +391,14 @@ class Chef
|
|
391
391
|
:description => { :kind_of => String },
|
392
392
|
:choice => { :kind_of => [ Array ], :default => [] },
|
393
393
|
:calculated => { :equal_to => [ true, false ], :default => false },
|
394
|
-
:type => { :equal_to => [ "string", "array", "hash", "symbol" ], :default => "string" },
|
394
|
+
:type => { :equal_to => [ "string", "array", "hash", "symbol", "boolean", "numeric" ], :default => "string" },
|
395
395
|
:required => { :equal_to => [ "required", "recommended", "optional", true, false ], :default => "optional" },
|
396
396
|
:recipes => { :kind_of => [ Array ], :default => [] },
|
397
|
-
:default => { :kind_of => [ String, Array, Hash ] }
|
397
|
+
:default => { :kind_of => [ String, Array, Hash, Symbol, Numeric, TrueClass, FalseClass ] }
|
398
398
|
}
|
399
399
|
)
|
400
400
|
options[:required] = remap_required_attribute(options[:required]) unless options[:required].nil?
|
401
|
-
|
401
|
+
validate_choice_array(options)
|
402
402
|
validate_calculated_default_rule(options)
|
403
403
|
validate_choice_default_rule(options)
|
404
404
|
|
@@ -546,6 +546,34 @@ INVALID
|
|
546
546
|
end
|
547
547
|
end
|
548
548
|
|
549
|
+
# Validate the choice of the options hash
|
550
|
+
#
|
551
|
+
# Raise an exception if the members of the array do not match the defaults
|
552
|
+
# === Parameters
|
553
|
+
# opts<Hash>:: The options hash
|
554
|
+
def validate_choice_array(opts)
|
555
|
+
if opts[:choice].kind_of?(Array)
|
556
|
+
case opts[:type]
|
557
|
+
when "string"
|
558
|
+
validator = [ String ]
|
559
|
+
when "array"
|
560
|
+
validator = [ Array ]
|
561
|
+
when "hash"
|
562
|
+
validator = [ Hash ]
|
563
|
+
when "symbol"
|
564
|
+
validator = [ Symbol ]
|
565
|
+
when "boolean"
|
566
|
+
validator = [ TrueClass, FalseClass ]
|
567
|
+
when "numeric"
|
568
|
+
validator = [ Numeric ]
|
569
|
+
end
|
570
|
+
|
571
|
+
opts[:choice].each do |choice|
|
572
|
+
validate( {:choice => choice}, {:choice => {:kind_of => validator}} )
|
573
|
+
end
|
574
|
+
end
|
575
|
+
end
|
576
|
+
|
549
577
|
# For backwards compatibility, remap Boolean values to String
|
550
578
|
# true is mapped to "required"
|
551
579
|
# false is mapped to "optional"
|
@@ -92,7 +92,7 @@ class Chef
|
|
92
92
|
# === Returns
|
93
93
|
# true:: Always returns true
|
94
94
|
def sync_cookbooks
|
95
|
-
Chef::Log.info("Loading cookbooks [#{
|
95
|
+
Chef::Log.info("Loading cookbooks [#{cookbooks.map {|ckbk| ckbk.name + '@' + ckbk.version}.join(', ')}]")
|
96
96
|
Chef::Log.debug("Cookbooks detail: #{cookbooks.inspect}")
|
97
97
|
|
98
98
|
clear_obsoleted_cookbooks
|
@@ -136,7 +136,7 @@ class Chef
|
|
136
136
|
# valid_cache_entries<Hash>:: Out-param; Added to this hash are the files that
|
137
137
|
# were referred to by this cookbook
|
138
138
|
def sync_cookbook(cookbook)
|
139
|
-
Chef::Log.debug("Synchronizing cookbook #{cookbook.name}")
|
139
|
+
Chef::Log.debug("Synchronizing cookbook #{cookbook.name} #{cookbook.version}")
|
140
140
|
|
141
141
|
# files and templates are lazily loaded, and will be done later.
|
142
142
|
|
@@ -77,6 +77,8 @@ class Chef
|
|
77
77
|
# validated.
|
78
78
|
attr_reader :validated_files
|
79
79
|
|
80
|
+
attr_reader :chefignore
|
81
|
+
|
80
82
|
# Creates a new SyntaxCheck given the +cookbook_name+ and a +cookbook_path+.
|
81
83
|
# If no +cookbook_path+ is given, +Chef::Config.cookbook_path+ is used.
|
82
84
|
def self.for_cookbook(cookbook_name, cookbook_path=nil)
|
@@ -92,11 +94,9 @@ class Chef
|
|
92
94
|
# cookbook_path::: the (on disk) path to the cookbook
|
93
95
|
def initialize(cookbook_path)
|
94
96
|
@cookbook_path = cookbook_path
|
95
|
-
@
|
96
|
-
end
|
97
|
+
@chefignore ||= Chefignore.new(cookbook_path)
|
97
98
|
|
98
|
-
|
99
|
-
@chefignore ||= Chefignore.new(File.dirname(cookbook_path))
|
99
|
+
@validated_files = PersistentSet.new
|
100
100
|
end
|
101
101
|
|
102
102
|
def remove_ignored_files(file_list)
|
@@ -26,7 +26,7 @@ require 'open-uri'
|
|
26
26
|
# all values, except for the value associated with the id key, have
|
27
27
|
# been encrypted.
|
28
28
|
#
|
29
|
-
#
|
29
|
+
# EncryptedDataBagItem can be used in recipes to decrypt data bag item
|
30
30
|
# members.
|
31
31
|
#
|
32
32
|
# Data bag item values are assumed to have been encrypted using the
|
@@ -49,6 +49,22 @@ require 'open-uri'
|
|
49
49
|
class Chef::EncryptedDataBagItem
|
50
50
|
ALGORITHM = 'aes-256-cbc'
|
51
51
|
|
52
|
+
#
|
53
|
+
# === Synopsis
|
54
|
+
#
|
55
|
+
# EncryptedDataBagItem.new(hash, secret)
|
56
|
+
#
|
57
|
+
# === Args
|
58
|
+
#
|
59
|
+
# +enc_hash+::
|
60
|
+
# The encrypted hash to be decrypted
|
61
|
+
# +secret+::
|
62
|
+
# The raw secret key
|
63
|
+
#
|
64
|
+
# === Description
|
65
|
+
#
|
66
|
+
# Create a new encrypted data bag item for reading (decryption)
|
67
|
+
#
|
52
68
|
def initialize(enc_hash, secret)
|
53
69
|
@enc_hash = enc_hash
|
54
70
|
@secret = secret
|
@@ -82,6 +98,26 @@ class Chef::EncryptedDataBagItem
|
|
82
98
|
end
|
83
99
|
end
|
84
100
|
|
101
|
+
#
|
102
|
+
# === Synopsis
|
103
|
+
#
|
104
|
+
# EncryptedDataBagItem.load(data_bag, name, secret = nil)
|
105
|
+
#
|
106
|
+
# === Args
|
107
|
+
#
|
108
|
+
# +data_bag+::
|
109
|
+
# The name of the data bag to fetch
|
110
|
+
# +name+::
|
111
|
+
# The name of the data bag item to fetch
|
112
|
+
# +secret+::
|
113
|
+
# The raw secret key. If the +secret+ is nil, the value of the file at
|
114
|
+
# +Chef::Config[:encrypted_data_bag_secret]+ is loaded. See +load_secret+
|
115
|
+
# for more information.
|
116
|
+
#
|
117
|
+
# === Description
|
118
|
+
#
|
119
|
+
# Loads and decrypts the data bag item with the given name.
|
120
|
+
#
|
85
121
|
def self.load(data_bag, name, secret = nil)
|
86
122
|
raw_hash = Chef::DataBagItem.load(data_bag, name)
|
87
123
|
secret = secret || self.load_secret
|