cheffish 14.0.13 → 16.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8fa7eb898e80ca43f014fe27f3366f6275a3b6e2ebbc1be28eb49085d492dfb0
-  data.tar.gz: b34eb3387c508db86d2aa31007462db83245f921cebe65e6e4a84203f5d49d97
+  metadata.gz: 2680862bc4ccaf4bb8516f6242dc1fe04afc77592d215ed897a7dcc4f925fa63
+  data.tar.gz: 710ca780d8975283f9a1e202e3055257af74238624a97ba3d6bc6c536d4f88aa
 SHA512:
-  metadata.gz: 307bc86092ac438c549016bfdc11197208cdf632e7e27cae0a69bf671d6053ad420eb87fe377807c203d078818018df343eb3a960109eff9becae451de300165
-  data.tar.gz: 0db75dca4ffd1ee075afcdceac2bb4b0f5d59a3685f51b022e62a8026bbf3316f262a5a650436602175aad60dd6c72ae3cd6084df2023e2df3bd745528c5d2ee
+  metadata.gz: b041113f8da4686453be3d9c84fa5dd205feb519fa5e2f3538252bedc18e4701f226452e24ca748d1905958039e8b4606b883b3e9c8ac05439f981b047ca5802
+  data.tar.gz: ab1425571b89f8fbe8bad89e4d4cdcbe617548c2adb2dd750242855810fbdb3bfcd350b99a66741aac785a2122f0deb4b8fbf280315b5e356577533ce1b7acec

data/Gemfile

@@ -3,7 +3,7 @@ source "https://rubygems.org"
 gemspec
 
 group :development do
-  gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "master"
+  gem "chefstyle", "1.2.1"
   gem "rake"
   gem "rspec", "~> 3.0"
 end
@@ -14,8 +14,8 @@ if ENV["GEMFILE_MOD"]
   instance_eval(ENV["GEMFILE_MOD"])
 else
   group :development do
-    gem "chef", "~> 14"
-    gem "ohai", "~> 14"
+    gem "chef", "~> 16"
+    gem "ohai", "~> 16"
   end
 end
 
@@ -31,9 +31,3 @@ group :debug do
   gem "pry-stack_explorer"
   gem "rb-readline"
 end
-
-instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]
-
-# If you want to load debugging tools into the bundle exec sandbox,
-# add these additional dependencies into Gemfile.local
-eval_gemfile(__FILE__ + ".local") if File.exist?(__FILE__ + ".local")

data/Rakefile

@@ -39,4 +39,4 @@ task :console do
   IRB.start
 end
 
-task default: [:style, :spec]
+task default: %i{style spec}

data/cheffish.gemspec

@@ -6,15 +6,15 @@ Gem::Specification.new do |s|
   s.version = Cheffish::VERSION
   s.platform = Gem::Platform::RUBY
   s.license = "Apache-2.0"
-  s.summary = "A set of Chef resources for configuring Chef."
+  s.summary = "A set of Chef resources for configuring Chef Infra."
   s.description = s.summary
   s.author = "Chef Software Inc."
   s.email = "oss@chef.io"
   s.homepage = "https://github.com/chef/cheffish"
 
-  s.required_ruby_version = ">= 2.4.0"
+  s.required_ruby_version = ">= 2.6.0"
 
-  s.add_dependency "chef-zero", "~> 14.0"
+  s.add_dependency "chef-zero", ">= 14.0"
   s.add_dependency "net-ssh"
 
   s.bindir       = "bin"

data/lib/chef/resource/chef_acl.rb

@@ -2,12 +2,12 @@ require_relative "../../cheffish"
 require_relative "../../cheffish/base_resource"
 require "chef/chef_fs/data_handler/acl_data_handler"
 require "chef/chef_fs/parallelizer"
-require "uri"
+require "uri" unless defined?(URI)
 
 class Chef
   class Resource
     class ChefAcl < Cheffish::BaseResource
-      resource_name :chef_acl
+      provides :chef_acl
 
       # Path of the thing being secured, e.g. nodes, nodes/*, nodes/mynode,
       # */*, **, roles/base, data/secrets, cookbooks/apache2, /users/*,
@@ -75,7 +75,7 @@ class Chef
         end
       end
 
-      action_class.class_eval do
+      action_class do
         # Update the ACL if necessary.
         def create_acl(path)
           changed = false
@@ -99,6 +99,7 @@ class Chef
                     # NOTE: if superusers exist, this should turn into a warning.
                     raise "chef_acl attempted to remove all actors from GRANT!  I'm sorry Dave, I can't let you remove access to an object with no hope of recovery."
                   end
+
                   modify[differences] ||= {}
                   modify[differences][permission] = desired_json
                 end
@@ -107,7 +108,7 @@ class Chef
               if modify.size > 0
                 changed = true
                 description = [ "update acl #{path} at #{rest_url(path)}" ] + modify.flat_map do |diffs, permissions|
-                  diffs.map { |diff| "  #{permissions.keys.join(', ')}:#{diff}" }
+                  diffs.map { |diff| "  #{permissions.keys.join(", ")}:#{diff}" }
                 end
                 converge_by description do
                   modify.values.each do |permissions|
@@ -127,11 +128,13 @@ class Chef
             children, _error = list(path, "*")
             Chef::ChefFS::Parallelizer.parallel_do(children) do |child|
               next if child.split("/")[-1] == "containers"
+
               create_acl(child)
             end
             # containers mess up our descent, so we do them last
             Chef::ChefFS::Parallelizer.parallel_do(children) do |child|
               next if child.split("/")[-1] != "containers"
+
               create_acl(child)
             end
 
@@ -141,10 +144,10 @@ class Chef
         # Get the current ACL for the given path
         def current_acl(acl_path)
           @current_acls ||= {}
-          if !@current_acls.key?(acl_path)
+          unless @current_acls.key?(acl_path)
             @current_acls[acl_path] = begin
               rest.get(rest_url(acl_path))
-                                      rescue Net::HTTPServerException => e
+                                      rescue Net::HTTPClientException => e
                                         unless e.response.code == "404" && new_resource.path.split("/").any? { |p| p == "*" }
                                           raise
                                         end
@@ -252,8 +255,7 @@ class Chef
           end
         end
 
-        def load_current_resource
-        end
+        def load_current_resource; end
 
         #
         # Matches chef_acl paths like nodes, nodes/*.
@@ -270,7 +272,7 @@ class Chef
         def match_paths(path)
           # Turn multiple slashes into one
           # nodes//x -> nodes/x
-          path = path.gsub(/[\/]+/, "/")
+          path = path.gsub(%r{[/]+}, "/")
           # If it's absolute, start the matching with /.  If it's relative, start with '' (relative root).
           if path[0] == "/"
             matches = [ "/" ]
@@ -305,6 +307,7 @@ class Chef
                 if parts[0..index - 1].all? { |p| p != "*" }
                   raise error
                 end
+
                 []
               else
                 found
@@ -421,21 +424,21 @@ class Chef
             when 1
               # /organizations/*, /users/*, roles/*, nodes/*, etc.
               results, error = rest_list(path)
-              if !error
+              unless error
                 results = results.map { |result| ::File.join(path, result) }
               end
 
             when 2
               # /organizations/NAME/*
               results, error = rest_list(::File.join(path, "containers"))
-              if !error
+              unless error
                 results = results.map { |result| ::File.join(path, result) }
               end
 
             when 3
               # /organizations/NAME/TYPE/*
               results, error = rest_list(path)
-              if !error
+              unless error
                 results = results.map { |result| ::File.join(path, result) }
               end
             end
@@ -466,9 +469,9 @@ class Chef
         end
 
         def rest_list(path)
-            # All our rest lists are hashes where the keys are the names
+          # All our rest lists are hashes where the keys are the names
           [ rest.get(rest_url(path)).keys, nil ]
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPClientException => e
           if e.response.code == "405" || e.response.code == "404"
             parts = path.split("/").select { |p| p != "" }.to_a
 

data/lib/chef/resource/chef_client.rb

@@ -4,7 +4,7 @@ require_relative "../../cheffish/chef_actor_base"
 class Chef
   class Resource
     class ChefClient < Cheffish::ChefActorBase
-      resource_name :chef_client
+      provides :chef_client
 
       # Client attributes
       property :chef_client_name, Cheffish::NAME_REGEX, name_property: true
@@ -18,7 +18,7 @@ class Chef
 
       # Output public key (if so desired)
       property :output_key_path, String
-      property :output_key_format, Symbol, default: :openssh, equal_to: [ :pem, :der, :openssh ]
+      property :output_key_format, Symbol, default: :openssh, equal_to: %i{pem der openssh}
 
       # Proc that runs just before the resource executes.  Called with (resource)
       def before(&block)
@@ -38,7 +38,7 @@ class Chef
         delete_actor
       end
 
-      action_class.class_eval do
+      action_class do
         def actor_type
           "client"
         end

data/lib/chef/resource/chef_container.rb

@@ -5,12 +5,12 @@ require "chef/chef_fs/data_handler/container_data_handler"
 class Chef
   class Resource
     class ChefContainer < Cheffish::BaseResource
-      resource_name :chef_container
+      provides :chef_container
 
       property :chef_container_name, Cheffish::NAME_REGEX, name_property: true
 
       action :create do
-        if !@current_exists
+        unless @current_exists
           converge_by "create container #{new_resource.chef_container_name} at #{rest.url}" do
             rest.post("containers", normalize_for_post(new_json))
           end
@@ -25,10 +25,10 @@ class Chef
         end
       end
 
-      action_class.class_eval do
+      action_class do
         def load_current_resource
           @current_exists = rest.get("containers/#{new_resource.chef_container_name}")
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPClientException => e
           if e.response.code == "404"
             @current_exists = false
           else

data/lib/chef/resource/chef_data_bag.rb

@@ -4,12 +4,12 @@ require_relative "../../cheffish/base_resource"
 class Chef
   class Resource
     class ChefDataBag < Cheffish::BaseResource
-      resource_name :chef_data_bag
+      provides :chef_data_bag
 
       property :data_bag_name, Cheffish::NAME_REGEX, name_property: true
 
       action :create do
-        if !current_resource_exists?
+        unless current_resource_exists?
           converge_by "create data bag #{new_resource.data_bag_name} at #{rest.url}" do
             rest.post("data", { "name" => new_resource.data_bag_name })
           end
@@ -27,7 +27,7 @@ class Chef
       action_class.class_eval do
         def load_current_resource
           @current_resource = json_to_resource(rest.get("data/#{new_resource.data_bag_name}"))
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPClientException => e
           if e.response.code == "404"
             @current_resource = not_found_resource
           else

data/lib/chef/resource/chef_data_bag_item.rb

@@ -7,7 +7,7 @@ require "chef/encrypted_data_bag_item"
 class Chef
   class Resource
     class ChefDataBagItem < Cheffish::BaseResource
-      resource_name :chef_data_bag_item
+      provides :chef_data_bag_item
 
       def initialize(*args)
         super
@@ -103,7 +103,7 @@ class Chef
             resource = Chef::Resource::ChefDataBagItem.new(new_resource.name, run_context)
             resource.raw_data json
             @current_resource = resource
-          rescue Net::HTTPServerException => e
+          rescue Net::HTTPClientException => e
             if e.response.code == "404"
               @current_resource = not_found_resource
             else
@@ -112,7 +112,7 @@ class Chef
           end
 
           # Determine if data bag is encrypted and if so, what its version is
-          _first_real_key, first_real_value = (current_resource.raw_data || {}).select { |key, value| key != "id" && !value.nil? }.first
+          _first_real_key, first_real_value = (current_resource.raw_data || {}).find { |key, value| key != "id" && !value.nil? }
           if first_real_value
             if first_real_value.is_a?(Hash) &&
                 first_real_value["version"].is_a?(Integer) &&
@@ -137,7 +137,7 @@ class Chef
 
               # If the current secret doesn't work, look through the specified old secrets
 
-              if !current_resource.secret
+              unless current_resource.secret
                 old_secrets = []
                 if new_resource.old_secret
                   old_secrets += Array(new_resource.old_secret)
@@ -148,17 +148,17 @@ class Chef
                   end
                 end
                 old_secrets.each do |secret|
-                  begin
-                    Chef::EncryptedDataBagItem::Decryptor.for(first_real_value, secret).for_decrypted_item
-                    current_resource.secret secret
-                  rescue Chef::EncryptedDataBagItem::DecryptionFailure
-                    decrypt_error = $!
-                  end
+
+                  Chef::EncryptedDataBagItem::Decryptor.for(first_real_value, secret).for_decrypted_item
+                  current_resource.secret secret
+                rescue Chef::EncryptedDataBagItem::DecryptionFailure
+                  decrypt_error = $!
+
                 end
 
                 # If we couldn't figure out the secret, emit a warning (this isn't a fatal flaw unless we
                 # need to reuse one of the values from the data bag)
-                if !current_resource.secret
+                unless current_resource.secret
                   if decrypt_error
                     Chef::Log.warn "Existing data bag is encrypted, but could not decrypt: #{decrypt_error.message}."
                   else
@@ -280,9 +280,10 @@ class Chef
             elsif current_resource.encrypt
               # Encryption is different and we can't read the old values.  Only allow the change
               # if we're overwriting the data bag item
-              if !new_resource.complete
+              unless new_resource.complete
                 raise "Cannot encrypt #{new_resource.name} due to failure to decrypt existing resource.  Set 'complete true' to overwrite or add the old secret as old_secret / old_secret_path."
               end
+
               _differences = [ "overwrite data bag item (cannot decrypt old data bag item)"]
               differences = (new_resource.raw_data.keys & current_resource.raw_data.keys).map { |key| "overwrite #{key}" }
               differences += (new_resource.raw_data.keys - current_resource.raw_data.keys).map { |key| "add #{key}" }

data/lib/chef/resource/chef_environment.rb

@@ -6,7 +6,7 @@ require "chef/chef_fs/data_handler/environment_data_handler"
 class Chef
   class Resource
     class ChefEnvironment < Cheffish::BaseResource
-      resource_name :chef_environment
+      provides :chef_environment
 
       property :environment_name, Cheffish::NAME_REGEX, name_property: true
       property :description, String
@@ -84,7 +84,7 @@ class Chef
       action_class.class_eval do
         def load_current_resource
           @current_resource = json_to_resource(rest.get("environments/#{new_resource.environment_name}"))
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPClientException => e
           if e.response.code == "404"
             @current_resource = not_found_resource
           else

data/lib/chef/resource/chef_group.rb

@@ -6,7 +6,7 @@ require "chef/chef_fs/data_handler/group_data_handler"
 class Chef
   class Resource
     class ChefGroup < Cheffish::BaseResource
-      resource_name :chef_group
+      provides :chef_group
 
       property :group_name, Cheffish::NAME_REGEX, name_property: true
       property :users, ArrayType
@@ -45,7 +45,7 @@ class Chef
       action_class.class_eval do
         def load_current_resource
           @current_resource = json_to_resource(rest.get("groups/#{new_resource.group_name}"))
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPClientException => e
           if e.response.code == "404"
             @current_resource = not_found_resource
           else

data/lib/chef/resource/chef_mirror.rb

@@ -9,7 +9,7 @@ require "chef/chef_fs/file_system/repository/chef_repository_file_system_root_di
 class Chef
   class Resource
     class ChefMirror < Cheffish::BaseResource
-      resource_name :chef_mirror
+      provides :chef_mirror
 
       # Path of the data to mirror, e.g. nodes, nodes/*, nodes/mynode,
       # */*, **, roles/base, data/secrets, cookbooks/apache2, etc.
@@ -95,6 +95,7 @@ class Chef
           if new_resource.concurrency <= 0
             raise "chef_mirror.concurrency must be above 0!  Was set to #{new_resource.concurrency}"
           end
+
           # Honor concurrency
           Chef::ChefFS::Parallelizer.threads = new_resource.concurrency - 1
 
@@ -103,13 +104,14 @@ class Chef
           if new_resource.path[0] == "/"
             raise "Absolute paths in chef_mirror not yet supported."
           end
+
           # Copy!
           path = Chef::ChefFS::FilePattern.new("/#{new_resource.path}")
           ui = CopyListener.new(self)
           error = Chef::ChefFS::FileSystem.copy_to(path, src_root, dest_root, nil, options, ui, proc { |p| p.path })
 
           if error
-            raise "Errors while copying:#{ui.errors.map { |e| "#{e}\n" }.join('')}"
+            raise "Errors while copying:#{ui.errors.map { |e| "#{e}\n" }.join("")}"
           end
         end
 
@@ -163,7 +165,7 @@ class Chef
         end
 
         def repo_mode
-          new_resource.chef_server[:chef_server_url] =~ /\/organizations\// ? "hosted_everything" : "everything"
+          %r{/organizations/}.match?(new_resource.chef_server[:chef_server_url]) ? "hosted_everything" : "everything"
         end
 
         def options
@@ -179,8 +181,7 @@ class Chef
           result
         end
 
-        def load_current_resource
-        end
+        def load_current_resource; end
 
         class CopyListener
           def initialize(mirror)

data/lib/chef/resource/chef_node.rb

@@ -6,7 +6,7 @@ require_relative "../../cheffish/node_properties"
 class Chef
   class Resource
     class ChefNode < Cheffish::BaseResource
-      resource_name :chef_node
+      provides :chef_node
 
       include Cheffish::NodeProperties
 
@@ -39,7 +39,7 @@ class Chef
       action_class.class_eval do
         def load_current_resource
           @current_resource = json_to_resource(rest.get("nodes/#{new_resource.name}"))
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPClientException => e
           if e.response.code == "404"
             @current_resource = not_found_resource
           else