chef 15.0.293 → 15.0.298

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8cee4da6ab232220c9ebeabbe7675cbaa3f40c755a90ea7b3fb608669e223af7
4
- data.tar.gz: 4a35e9ad22786e8a70b592c2187a828983db315749643b8bdcfd590616d354bc
3
+ metadata.gz: b293f2dac872896fb4ac6d2dc09560081d1006de026029e49c6606221705ffdd
4
+ data.tar.gz: 5f7d52f20ee3cc309e7cfd39d0c56dae508932ee5bc09adc715c302add02f9c5
5
5
  SHA512:
6
- metadata.gz: 52b7ef41e87f23118f765d73ef38031a0175bd916006c346f72c23b60aea1f272d1fe0885394c5691889c6de8c361111fcb90b40b024f59acb31656ef3c5c4da
7
- data.tar.gz: 6fdfe78d0a2c6054b7999e817b955964cd32849bc6393ab165f7a12e78520ca6523933bc1084bd9a88112fe86c35b834f440fd56f33d44852a842cc296981d68
6
+ metadata.gz: 44f5de263c381eae657200dec44bc46076b512ab16697e34a35932b02cdd2ea61e68a98c4ec46e52413959b7ed05b6305cd1770d79ddf5f5f2a0b7ada48ef683
7
+ data.tar.gz: 754dcd27ab528570a747ee28de3578274d1531044953b18f05aec2cd440281e88660958f2be91d5c04ef59ea46d50a7df315dcd215c333c1389d6f0f99209cb8
@@ -61,7 +61,6 @@ class Chef
61
61
  option :session_timeout,
62
62
  long: "--session-timeout SECONDS",
63
63
  description: "The number of seconds to wait for each connection operation to be acknowledged while running bootstrap.",
64
- proc: Proc.new { |protocol| Chef::Config[:knife][:session_timeout] = protocol },
65
64
  default: 60
66
65
 
67
66
  # WinRM Authentication
@@ -572,7 +571,7 @@ class Chef
572
571
  chef_vault_handler.run(client_builder.client)
573
572
  else
574
573
  ui.info <<~EOM
575
- Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}..."
574
+ Performing legacy client registration with the validation key at #{Chef::Config[:validation_key]}...
576
575
  Delete your validation key in order to use your user credentials for client registration instead.
577
576
  EOM
578
577
 
@@ -596,27 +595,28 @@ class Chef
596
595
  ui.info("Connecting to #{ui.color(server_name, :bold)}")
597
596
  opts = connection_opts.dup
598
597
  do_connect(opts)
599
- rescue Train::Transports::SSHFailed => e
600
- if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/
598
+ rescue Train::Error => e
599
+ # We handle these by message text only because train only loads the
600
+ # transports and protocols that it needs - so the exceptions may not be defined,
601
+ # and we don't want to require files internal to train.
602
+ if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/ # Train::Transports::SSHFailed
601
603
  fingerprint = $1
602
604
  hostname, ip = $2.split(",")
603
605
  # TODO: convert the SHA256 base64 value to hex with colons
604
606
  # 'ssh' example output:
605
607
  # RSA key fingerprint is e5:cb:c0:e2:21:3b:12:52:f8:ce:cb:00:24:e2:0c:92.
606
608
  # ECDSA key fingerprint is 5d:67:61:08:a9:d7:01:fd:5e:ae:7e:09:40:ef:c0:3c.
607
- puts "The authenticity of host '#{hostname} (#{ip})' can't be established."
608
- puts "fingerprint is #{fingerprint}."
609
- ui.confirm("Are you sure you want to continue connecting") # will exit 3 on N
609
+ # will exit 3 on N
610
+ ui.confirm <<~EOM
611
+ The authenticity of host '#{hostname} (#{ip})' can't be established.
612
+ fingerprint is #{fingerprint}.
613
+
614
+ Are you sure you want to continue connecting
615
+ EOM
610
616
  # FIXME: this should save the key to known_hosts but doesn't appear to be
611
617
  config[:ssh_verify_host_key] = :accept_new
612
- connection_opts(reset: true)
613
- retry
614
- end
615
-
616
- raise e
617
- rescue Train::Error => e
618
- require "net/ssh"
619
- if e.cause && e.cause.class == Net::SSH::AuthenticationFailed
618
+ do_connect(connection_opts(reset: true))
619
+ elsif ssh? && e.cause && e.cause.class == Net::SSH::AuthenticationFailed
620
620
  if connection.password_auth?
621
621
  raise
622
622
  else
@@ -632,6 +632,9 @@ class Chef
632
632
  end
633
633
  end
634
634
 
635
+ def handle_ssh_error(e)
636
+ end
637
+
635
638
  # url values override CLI flags, if you provide both
636
639
  # we'll use the one that you gave in the URL.
637
640
  def connection_protocol
@@ -769,15 +772,11 @@ class Chef
769
772
  # minutes as its unit, instead of seconds.
770
773
  # Warn the human so that they are not surprised.
771
774
  #
772
- # This will also erroneously warn if a string value is given,
773
- # but argument type validation is something that needs addressing
774
- # more broadly.
775
775
  def warn_on_short_session_timeout
776
- timeout = config_value(:session_timeout).to_i
777
- if timeout <= 15
776
+ if session_timeout && session_timeout <= 15
778
777
  ui.warn <<~EOM
779
- --session-timeout is set to #{config[:session_timeout]} minutes.
780
- Did you mean "--session-timeout #{config[:session_timeout] * 60}" seconds?
778
+ You provided '--session-timeout #{session_timeout}' second(s).
779
+ Did you mean '--session-timeout #{session_timeout * 60}' seconds?
781
780
  EOM
782
781
  end
783
782
  end
@@ -868,7 +867,7 @@ class Chef
868
867
  return opts if winrm?
869
868
  opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh
870
869
  opts[:forward_agent] = (config_value(:ssh_forward_agent) === true)
871
- opts[:connection_timeout] = config_value(:session_timeout).to_i
870
+ opts[:connection_timeout] = session_timeout
872
871
  opts
873
872
  end
874
873
 
@@ -964,10 +963,10 @@ class Chef
964
963
  end
965
964
 
966
965
  if config_value(:ca_trust_file)
967
- opts[:ca_trust_file] = config_value(:ca_trust_file)
966
+ opts[:ca_trust_path] = config_value(:ca_trust_file)
968
967
  end
969
968
 
970
- opts[:operation_timeout] = config_value(:session_timeout).to_i
969
+ opts[:operation_timeout] = session_timeout
971
970
 
972
971
  opts
973
972
  end
@@ -1052,6 +1051,14 @@ class Chef
1052
1051
  def incomplete_policyfile_options?
1053
1052
  (!!config[:policy_name] ^ config[:policy_group])
1054
1053
  end
1054
+
1055
+ # session_timeout option has a default that may not arrive, particularly if
1056
+ # we're being invoked from a plugin that doesn't merge_config.
1057
+ def session_timeout
1058
+ timeout = config_value(:session_timeout)
1059
+ return options[:session_timeout][:default] if timeout.nil?
1060
+ timeout.to_i
1061
+ end
1055
1062
  end
1056
1063
  end
1057
1064
  end
data/lib/chef/version.rb CHANGED
@@ -23,7 +23,7 @@ require_relative "version_string"
23
23
 
24
24
  class Chef
25
25
  CHEF_ROOT = File.expand_path("../..", __FILE__)
26
- VERSION = Chef::VersionString.new("15.0.293")
26
+ VERSION = Chef::VersionString.new("15.0.298")
27
27
  end
28
28
 
29
29
  #
@@ -19,7 +19,6 @@
19
19
  require "spec_helper"
20
20
 
21
21
  Chef::Knife::Bootstrap.load_deps
22
- require "net/ssh"
23
22
 
24
23
  describe Chef::Knife::Bootstrap do
25
24
  let(:bootstrap_template) { nil }
@@ -853,7 +852,7 @@ describe Chef::Knife::Bootstrap do
853
852
  let(:expected_result) do
854
853
  {
855
854
  logger: Chef::Log, # not configurable
856
- ca_trust_file: "trust.me",
855
+ ca_trust_path: "trust.me",
857
856
  max_wait_until_ready: 9999,
858
857
  operation_timeout: 9999,
859
858
  ssl_peer_fingerprint: "ABCDEF",
@@ -878,7 +877,7 @@ describe Chef::Knife::Bootstrap do
878
877
  let(:expected_result) do
879
878
  {
880
879
  logger: Chef::Log, # not configurable
881
- ca_trust_file: "no trust",
880
+ ca_trust_path: "no trust",
882
881
  max_wait_until_ready: 9999,
883
882
  operation_timeout: 60,
884
883
  ssl_peer_fingerprint: "ABCDEF",
@@ -933,7 +932,7 @@ describe Chef::Knife::Bootstrap do
933
932
  let(:expected_result) do
934
933
  {
935
934
  logger: Chef::Log, # not configurable
936
- ca_trust_file: "trust.the.internet",
935
+ ca_trust_path: "trust.the.internet",
937
936
  max_wait_until_ready: 1000,
938
937
  operation_timeout: 1000,
939
938
  ssl_peer_fingerprint: "FEDCBA",
@@ -1594,7 +1593,7 @@ describe Chef::Knife::Bootstrap do
1594
1593
 
1595
1594
  context "with ca_trust_file" do
1596
1595
  let(:ca_trust_expected) do
1597
- expected.merge({ ca_trust_file: "/trust.me" })
1596
+ expected.merge({ ca_trust_path: "/trust.me" })
1598
1597
  end
1599
1598
  before do
1600
1599
  knife.config[:ca_trust_file] = "/trust.me"
@@ -1806,6 +1805,14 @@ describe Chef::Knife::Bootstrap do
1806
1805
  end
1807
1806
 
1808
1807
  describe "#connect!" do
1808
+ before do
1809
+ # These are not required at run-time because train will handle its own
1810
+ # protocol loading. In this case, we're simulating train failures and have to load
1811
+ # them ourselves.
1812
+ require "net/ssh"
1813
+ require "train/transports/ssh"
1814
+ end
1815
+
1809
1816
  context "in the normal case" do
1810
1817
  it "connects using the connection_opts and notifies the operator of progress" do
1811
1818
  expect(knife.ui).to receive(:info).with(/Connecting to.*/)
@@ -1815,7 +1822,7 @@ describe Chef::Knife::Bootstrap do
1815
1822
  end
1816
1823
  end
1817
1824
 
1818
- context "when a non-auth-failure occurs" do
1825
+ context "when a general non-auth-failure occurs" do
1819
1826
  let(:expected_error) { RuntimeError.new }
1820
1827
  before do
1821
1828
  allow(knife).to receive(:do_connect).and_raise(expected_error)
@@ -1825,6 +1832,23 @@ describe Chef::Knife::Bootstrap do
1825
1832
  end
1826
1833
  end
1827
1834
 
1835
+ context "when ssh fingerprint is invalid" do
1836
+ let(:expected_error) { Train::Error.new("fingerprint AA:BB is unknown for \"blah,127.0.0.1\"") }
1837
+ before do
1838
+ allow(knife).to receive(:do_connect).and_raise(expected_error)
1839
+ end
1840
+ it "warns, prompts to accept, then connects with verify_host_key of accept_new" do
1841
+ expect(knife).to receive(:do_connect).and_raise(expected_error)
1842
+ expect(knife.ui).to receive(:confirm)
1843
+ .with(/.*host 'blah \(127.0.0.1\)'.*AA:BB.*Are you sure you want to continue.*/m)
1844
+ .and_return(true)
1845
+ expect(knife).to receive(:do_connect) do |opts|
1846
+ expect(opts[:verify_host_key]).to eq :accept_new
1847
+ end
1848
+ knife.connect!
1849
+ end
1850
+ end
1851
+
1828
1852
  context "when an auth failure occurs" do
1829
1853
  let(:expected_error) do
1830
1854
  e = Train::Error.new
@@ -1835,10 +1859,6 @@ describe Chef::Knife::Bootstrap do
1835
1859
  e
1836
1860
  end
1837
1861
 
1838
- before do
1839
- require "net/ssh"
1840
- end
1841
-
1842
1862
  context "and password auth was used" do
1843
1863
  before do
1844
1864
  allow(connection).to receive(:password_auth?).and_return true
@@ -2136,9 +2156,18 @@ describe Chef::Knife::Bootstrap do
2136
2156
  end
2137
2157
 
2138
2158
  describe "#warn_on_short_session_timeout" do
2139
- let(:session_timeout) { 0 }
2159
+ let(:session_timeout) { 60 }
2160
+
2140
2161
  before do
2141
- allow(knife).to receive(:config).and_return(session_timeout: session_timeout)
2162
+ allow(knife).to receive(:session_timeout).and_return(session_timeout)
2163
+ end
2164
+
2165
+ context "timeout is not set at all" do
2166
+ let(:session_timeout) { nil }
2167
+ it "does not issue a warning" do
2168
+ expect(knife.ui).to_not receive(:warn)
2169
+ knife.warn_on_short_session_timeout
2170
+ end
2142
2171
  end
2143
2172
 
2144
2173
  context "timeout is more than 15" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 15.0.293
4
+ version: 15.0.298
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-14 00:00:00.000000000 Z
11
+ date: 2019-05-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 15.0.293
19
+ version: 15.0.298
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 15.0.293
26
+ version: 15.0.298
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: train-core
29
29
  requirement: !ruby/object:Gem::Requirement