chef 13.3.42 → 13.4.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 244f9d815246c3d954e9794813133b95395fac26
-  data.tar.gz: beb5752e4b20493f5b754e20cbe118da4dadf2d6
+  metadata.gz: 103c769a6347776d48577798e5e82271b9f9b082
+  data.tar.gz: cfc8564484b034b788fbc8307f322c1acd3d61a9
 SHA512:
-  metadata.gz: '091dcc6ee3ea1710e4998795452dec480e07b36db38c0b7e33054ee50c96462358a108a44cb9a86a8632d5f3a41c3b2301f07bc37d3fd192e17dcedaade45049'
-  data.tar.gz: 488d579aed0dd49078cc89965ece8d61c815aa3cc0f085028ad6ef854272d494cf69b7fec18f0ce9a52f793d636c6612b6bb2d82f654fdd7614b2f2f699e4576
+  metadata.gz: a0b57f2f5e07eefa55e3510688b18a31bbb40dd2395b96cceb299a69fc8f434843afe64a4bea04eee8fe403e38a248a97b9504797ec10c2397ad46654e3143bf
+  data.tar.gz: 60446f65bc583b79e4a490cea2da2a221769aaae9d6c14298808970a44ff2a3c11f6fffaafc65760e16e59fb4d09af6e8f9d20955d8271ffcf35842ad0330c98

data/Gemfile

@@ -16,6 +16,7 @@ group(:omnibus_package) do
   gem "appbundler"
   gem "rb-readline"
   gem "inspec"
+  gem "chef-vault"
 end
 
 group(:omnibus_package, :pry) do

data/VERSION

@@ -1 +1 @@
-13.3.42
+13.4.19

data/lib/chef/knife/core/ui.rb

@@ -172,7 +172,7 @@ class Chef
             tf.sync = true
             tf.puts output
             tf.close
-            raise "Please set EDITOR environment variable" unless system("#{config[:editor]} #{tf.path}")
+            raise "Please set EDITOR environment variable. See https://docs.chef.io/knife_using.html for details." unless system("#{config[:editor]} #{tf.path}")
 
             output = IO.read(tf.path)
           end

data/lib/chef/mash.rb

@@ -105,6 +105,12 @@ class Mash < Hash
     regular_writer(convert_key(key), convert_value(value))
   end
 
+  # internal API for use by Chef's deep merge cache
+  # @api private
+  def internal_set(key, value)
+    regular_writer(key, convert_value(value))
+  end
+
   # @param other_hash<Hash>
   #   A hash to update values in the mash with. The keys and the values will be
   #   converted to Mash format.

data/lib/chef/mixin/deep_merge.rb

@@ -64,7 +64,7 @@ class Chef
         when Hash
           if dest.kind_of?(Hash)
             source.each do |src_key, src_value|
-              if dest[src_key]
+              if dest.key?(src_key)
                 dest[src_key] = deep_merge!(src_value, dest[src_key])
               else # dest[src_key] doesn't exist so we take whatever source has
                 dest[src_key] = src_value

data/lib/chef/mixin/user_context.rb

@@ -0,0 +1,52 @@
+#
+# Author:: Adam Edwards (<adamed@chef.io>)
+# Copyright:: Copyright (c) 2016 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/util/windows/logon_session" if Chef::Platform.windows?
+
+class Chef
+  module Mixin
+    module UserContext
+
+      def with_user_context(user, password, domain = nil, &block)
+        if node["platform_family"] != "windows"
+          raise Exceptions::UnsupportedPlatform, "User context impersonation is supported only on the Windows platform"
+        end
+
+        if ! block_given?
+          raise ArgumentError, "You must supply a block to `with_user_context`"
+        end
+
+        login_session = nil
+
+        begin
+          if user
+            logon_session = Chef::Util::Windows::LogonSession.new(user, password, domain)
+            logon_session.open
+            logon_session.set_user_context
+          end
+          yield
+        ensure
+          logon_session.close if logon_session
+        end
+      end
+
+      protected(:with_user_context)
+
+    end
+  end
+end

data/lib/chef/node/attribute.rb

@@ -399,7 +399,7 @@ class Chef
        #
 
       def merged_attributes(*path)
-        immutablize(merge_all(path))
+        merge_all(path)
       end
 
       def combined_override(*path)
@@ -536,15 +536,10 @@ class Chef
           apply_path(@automatic, path),
         ]
 
-        components.map! do |component|
-          safe_dup(component)
-        end
-
-        return nil if components.compact.empty?
-
-        components.inject(ImmutableMash.new({}, self, __node__, :merged)) do |merged, component|
-          Chef::Mixin::DeepMerge.hash_only_merge!(merged, component)
+        ret = components.inject(NIL) do |merged, component|
+          hash_only_merge!(merged, component)
         end
+        ret == NIL ? nil : ret
       end
 
        # Deep merge the default attribute levels with array merging.
@@ -554,10 +549,11 @@ class Chef
        # @param path [Array] Array of args to method chain to descend into the node object
        # @return [attr] Deep Merged values (may be VividMash, Hash, Array, etc) from the node object
       def merge_defaults(path)
-        DEFAULT_COMPONENTS.inject(nil) do |merged, component_ivar|
+        ret = DEFAULT_COMPONENTS.inject(NIL) do |merged, component_ivar|
           component_value = apply_path(instance_variable_get(component_ivar), path)
-          Chef::Mixin::DeepMerge.deep_merge(component_value, merged)
+          deep_merge!(merged, component_value)
         end
+        ret == NIL ? nil : ret
       end
 
        # Deep merge the override attribute levels with array merging.
@@ -567,10 +563,11 @@ class Chef
        # @param path [Array] Array of args to method chain to descend into the node object
        # @return [attr] Deep Merged values (may be VividMash, Hash, Array, etc) from the node object
       def merge_overrides(path)
-        OVERRIDE_COMPONENTS.inject(nil) do |merged, component_ivar|
+        ret = OVERRIDE_COMPONENTS.inject(NIL) do |merged, component_ivar|
           component_value = apply_path(instance_variable_get(component_ivar), path)
-          Chef::Mixin::DeepMerge.deep_merge(component_value, merged)
+          deep_merge!(merged, component_value)
         end
+        ret == NIL ? nil : ret
       end
 
        # needed for __path__
@@ -578,7 +575,76 @@ class Chef
         key.kind_of?(Symbol) ? key.to_s : key
       end
 
-    end
+      NIL = Object.new
+
+      # @api private
+      def deep_merge!(merge_onto, merge_with)
+        # If there are two Hashes, recursively merge.
+        if merge_onto.kind_of?(Hash) && merge_with.kind_of?(Hash)
+          merge_with.each do |key, merge_with_value|
+            value =
+              if merge_onto.has_key?(key)
+                deep_merge!(safe_dup(merge_onto[key]), merge_with_value)
+              else
+                merge_with_value
+              end
+
+            # internal_set bypasses converting keys, does convert values and allows writing to immutable mashes
+            merge_onto.internal_set(key, value)
+          end
+          merge_onto
+
+        elsif merge_onto.kind_of?(Array) && merge_with.kind_of?(Array)
+          merge_onto |= merge_with
+
+        # If merge_with is nil, don't replace merge_onto
+        elsif merge_with.nil?
+          merge_onto
+
+        # In all other cases, replace merge_onto with merge_with
+        else
+          if merge_with.kind_of?(Hash)
+            Chef::Node::VividMash.new(merge_with)
+          elsif merge_with.kind_of?(Array)
+            Chef::Node::AttrArray.new(merge_with)
+          else
+            merge_with
+          end
+        end
+      end
 
+      # @api private
+      def hash_only_merge!(merge_onto, merge_with)
+        # If there are two Hashes, recursively merge.
+        if merge_onto.kind_of?(Hash) && merge_with.kind_of?(Hash)
+          merge_with.each do |key, merge_with_value|
+            value =
+              if merge_onto.has_key?(key)
+                hash_only_merge!(safe_dup(merge_onto[key]), merge_with_value)
+              else
+                merge_with_value
+              end
+
+            # internal_set bypasses converting keys, does convert values and allows writing to immutable mashes
+            merge_onto.internal_set(key, value)
+          end
+          merge_onto
+
+        # If merge_with is nil, don't replace merge_onto
+        elsif merge_with.nil?
+          merge_onto
+
+        # In all other cases, replace merge_onto with merge_with
+        else
+          if merge_with.kind_of?(Hash)
+            Chef::Node::ImmutableMash.new(merge_with)
+          elsif merge_with.kind_of?(Array)
+            Chef::Node::ImmutableArray.new(merge_with)
+          else
+            merge_with
+          end
+        end
+      end
+    end
   end
 end

data/lib/chef/node/immutable_collections.rb

@@ -30,16 +30,22 @@ class Chef
         e
       end
 
-      def immutablize(value)
+      def convert_value(value)
         case value
         when Hash
           ImmutableMash.new(value, __root__, __node__, __precedence__)
         when Array
           ImmutableArray.new(value, __root__, __node__, __precedence__)
+        when ImmutableMash, ImmutableArray
+          value
         else
           safe_dup(value).freeze
         end
       end
+
+      def immutablize(value)
+        convert_value(value)
+      end
     end
 
     # == ImmutableArray
@@ -90,7 +96,9 @@ class Chef
 
       alias_method :to_array, :to_a
 
-      # for consistency's sake -- integers 'converted' to integers
+      private
+
+      # needed for __path__
       def convert_key(key)
         key
       end
@@ -115,31 +123,20 @@ class Chef
       include Immutablize
       include CommonAPI
 
-      alias :internal_set :[]=
-      private :internal_set
+      # this is for deep_merge usage, chef users must never touch this API
+      # @api private
+      def internal_set(key, value)
+        regular_writer(key, convert_value(value))
+      end
 
       def initialize(mash_data = {})
         mash_data.each do |key, value|
-          internal_set(key, immutablize(value))
+          internal_set(key, value)
         end
       end
 
-      def public_method_that_only_deep_merge_should_use(key, value)
-        internal_set(key, immutablize(value))
-      end
-
       alias :attribute? :has_key?
 
-      # Mash uses #convert_value to mashify values on input.
-      # Since we're handling this ourselves, override it to be a no-op
-      #
-      # FIXME?  this seems wrong to do and i think is responsible for
-      # #dup needing to be more complicated than Mash.new(self)?
-      #
-      def convert_value(value)
-        value
-      end
-
       # NOTE: #default and #default= are likely to be pretty confusing. For a
       # regular ruby Hash, they control what value is returned for, e.g.,
       #   hash[:no_such_key] #=> hash.default

data/lib/chef/provider/apt_repository.rb

@@ -41,10 +41,12 @@ class Chef
 
       action :add do
         unless new_resource.key.nil?
-          if is_key_id?(new_resource.key) && !has_cookbook_file?(new_resource.key)
-            install_key_from_keyserver
-          else
-            install_key_from_uri
+          new_resource.key.each do |k|
+            if is_key_id?(k) && !has_cookbook_file?(k)
+              install_key_from_keyserver(k)
+            else
+              install_key_from_uri(k)
+            end
           end
         end
 
@@ -151,19 +153,19 @@ class Chef
         (installed_keys & proposed_keys).sort == proposed_keys.sort
       end
 
-      def install_key_from_uri
-        key_name = new_resource.key.gsub(/[^0-9A-Za-z\-]/, "_")
+      def install_key_from_uri(key)
+        key_name = key.gsub(/[^0-9A-Za-z\-]/, "_")
         cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name)
-        type = if new_resource.key.start_with?("http")
+        type = if key.start_with?("http")
                  :remote_file
-               elsif has_cookbook_file?(new_resource.key)
+               elsif has_cookbook_file?(key)
                  :cookbook_file
                else
                  raise Chef::Exceptions::FileNotFound, "Cannot locate key file"
                end
 
         declare_resource(type, cached_keyfile) do
-          source new_resource.key
+          source key
           mode "0644"
           sensitive new_resource.sensitive
           action :create
@@ -181,7 +183,7 @@ class Chef
         end
       end
 
-      def install_key_from_keyserver(key = new_resource.key, keyserver = new_resource.keyserver)
+      def install_key_from_keyserver(key, keyserver = new_resource.keyserver)
         cmd = "apt-key adv --recv"
         cmd << " --keyserver-options http-proxy=#{new_resource.key_proxy}" if new_resource.key_proxy
         cmd << " --keyserver "

data/lib/chef/provider/git.rb

@@ -28,6 +28,8 @@ class Chef
       extend Forwardable
       provides :git
 
+      GIT_VERSION_PATTERN = Regexp.compile('git version (\d+\.\d+.\d+)')
+
       def_delegator :new_resource, :destination, :cwd
 
       def load_current_resource
@@ -103,8 +105,21 @@ class Chef
         end
       end
 
-      def git_minor_version
-        @git_minor_version ||= Gem::Version.new( git("--version").stdout.split.last )
+      def git_has_single_branch_option?
+        @git_has_single_branch_option ||= !git_gem_version.nil? && git_gem_version >= Gem::Version.new("1.7.10")
+      end
+
+      def git_gem_version
+        return @git_gem_version if defined?(@git_gem_version)
+        output = git("--version").stdout
+        match = GIT_VERSION_PATTERN.match(output)
+        if match
+          @git_gem_version = Gem::Version.new(match[1])
+        else
+          Chef::Log.warn "Unable to parse git version from '#{output}'"
+          @git_gem_version = nil
+        end
+        @git_gem_version
       end
 
       def existing_git_clone?
@@ -142,7 +157,7 @@ class Chef
           clone_cmd = ["clone"]
           clone_cmd << "-o #{remote}" unless remote == "origin"
           clone_cmd << "--depth #{new_resource.depth}" if new_resource.depth
-          clone_cmd << "--no-single-branch" if new_resource.depth && git_minor_version >= Gem::Version.new("1.7.10")
+          clone_cmd << "--no-single-branch" if new_resource.depth && git_has_single_branch_option?
           clone_cmd << "\"#{new_resource.repository}\""
           clone_cmd << "\"#{cwd}\""
 
@@ -285,6 +300,8 @@ class Chef
         refs.find_all { |m| m[1] == pattern }
       end
 
+      alias git_minor_version git_gem_version
+
       private
 
       def run_options(run_opts = {})

data/lib/chef/provider/ifconfig/redhat.rb

@@ -38,6 +38,10 @@ class Chef
 <% if new_resource.hwaddr %>HWADDR=<%= new_resource.hwaddr %><% end %>
 <% if new_resource.metric %>METRIC=<%= new_resource.metric %><% end %>
 <% if new_resource.mtu %>MTU=<%= new_resource.mtu %><% end %>
+<% if new_resource.ethtool_opts %>ETHTOOL_OPTS="<%= new_resource.ethtool_opts %>"<% end %>
+<% if new_resource.bonding_opts %>BONDING_OPTS="<%= new_resource.bonding_opts %>"<% end %>
+<% if new_resource.master %>MASTER=<%= new_resource.master %><% end %>
+<% if new_resource.slave %>SLAVE=<%= new_resource.slave %><% end %>
           }
           @config_path = "/etc/sysconfig/network-scripts/ifcfg-#{new_resource.device}"
         end

data/lib/chef/provider/launchd.rb

@@ -90,6 +90,7 @@ class Chef
       end
 
       def manage_plist(action)
+        return unless manage_agent?(action)
         if source
           res = cookbook_file_resource
         else
@@ -101,11 +102,30 @@ class Chef
       end
 
       def manage_service(action)
+        return unless manage_agent?(action)
         res = service_resource
         res.run_action(action)
         new_resource.updated_by_last_action(true) if res.updated?
       end
 
+      def manage_agent?(action)
+        # Gets UID of console_user and converts to string.
+        console_user = Etc.getpwuid(::File.stat("/dev/console").uid).name
+        root = console_user == "root"
+        agent = type == "agent"
+        invalid_action = [:delete, :disable, :enable, :restart].include?(action)
+        lltstype = ""
+        if new_resource.limit_load_to_session_type
+          lltstype = new_resource.limit_load_to_session_type
+        end
+        invalid_type = lltstype != "LoginWindow"
+        if root && agent && invalid_action && invalid_type
+          Chef::Log.debug("#{label}: Aqua LaunchAgents shouldn't be loaded as root")
+          return false
+        end
+        true
+      end
+
       def service_resource
         res = Chef::Resource::MacosxService.new(label, run_context)
         res.name(label) if label