cookstyle 6.3.4 → 6.8.0

data/lib/rubocop/cop/chef/correctness/invalid_platform_values_in_case.rb

@@ -0,0 +1,77 @@
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # Use valid platform values in case statements.
+        #
+        # @example
+        #
+        #   # bad
+        #   case node['platform']
+        #   when 'rhel'
+        #     puts "I'm on a Red Hat system!"
+        #   end
+        #
+        class InvalidPlatformInCase < Cop
+          include RangeHelp
+          include ::RuboCop::Chef::PlatformHelpers
+
+          MSG = 'Use valid platform values in case statements.'.freeze
+
+          def_node_matcher :node_platform?, <<-PATTERN
+            (send (send nil? :node) :[] (str "platform") )
+          PATTERN
+
+          def on_case(node)
+            node_platform?(node.condition) do
+              node.each_when do |when_node|
+                when_node.each_condition do |con|
+                  next unless con.str_type? # if the condition isn't a string we can't check so skip
+
+                  if INVALID_PLATFORMS[con.str_content]
+                    add_offense(con, location: :expression, message: MSG, severity: :refactor)
+                  end
+                end
+              end
+            end
+          end
+
+          def autocorrect(node)
+            new_value = INVALID_PLATFORMS[node.str_content]
+
+            # some invalid platform have no direct correction value and return nil instead
+            return unless new_value
+
+            # if the correct value already exists in the when statement then we just want to delete this node
+            if node.parent.conditions.any? { |x| x.str_content == new_value }
+              lambda do |corrector|
+                range = range_with_surrounding_comma(range_with_surrounding_space(range: node.loc.expression, side: :left), :both)
+                corrector.remove(range)
+              end
+            else
+              lambda do |corrector|
+                corrector.replace(node.loc.expression, "'#{new_value}'")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/lazy_eval_node_attribute_defaults.rb

@@ -0,0 +1,56 @@
+#
+# Copyright:: 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # When setting a node attribute as the default value for a custom resource property, wrap the node attribute in `lazy {}` so that its value is available when the resource executes.
+        #
+        # @example
+        #
+        #   # bad
+        #   property :Something, String, default: node['hostname']
+        #
+        #   # good
+        #   property :Something, String, default: lazy { node['hostname'] }
+        #
+        class LazyEvalNodeAttributeDefaults < Cop
+          include RuboCop::Chef::CookbookHelpers
+
+          MSG = 'When setting a node attribute as the default value for a custom resource property, wrap the node attribute in `lazy {}` so that its value is available when the resource executes.'.freeze
+
+          def_node_matcher :non_lazy_node_attribute_default?, <<-PATTERN
+            (send nil? :property (sym _) ... (hash <(pair (sym :default) $(send (send _ :node) :[] _) ) ...>))
+          PATTERN
+
+          def on_send(node)
+            non_lazy_node_attribute_default?(node) do |default|
+              add_offense(default, location: :expression, message: MSG, severity: :refactor)
+            end
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              corrector.replace(node.loc.expression, "lazy { #{node.loc.expression.source} }")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/node_normal.rb

@@ -18,7 +18,7 @@ module RuboCop
     module Chef
       module ChefCorrectness
         # Normal attributes are discouraged since their semantics differ importantly from the
-        # default and override levels.  Their values persist in the node object even after
+        # default and override levels. Their values persist in the node object even after
         # all code referencing them has been deleted, unlike default and override.
         #
         # Code should be updated to use default or override levels, but this will change

data/lib/rubocop/cop/chef/correctness/node_normal_unless.rb

@@ -18,7 +18,7 @@ module RuboCop
     module Chef
       module ChefCorrectness
         # Normal attributes are discouraged since their semantics differ importantly from the
-        # default and override levels.  Their values persist in the node object even after
+        # default and override levels. Their values persist in the node object even after
         # all code referencing them has been deleted, unlike default and override.
         #
         # Code should be updated to use default or override levels, but this will change

data/lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb

@@ -0,0 +1,45 @@
+
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # The openSSL cookbook provides a deprecated `secure_password` helper in the `Opscode::OpenSSL::Password` class, which should not longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.
+        #
+        #   # bad
+        #   ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
+        #   basic_auth_password = secure_password
+        #
+        class OpenSSLPasswordHelpers < Cop
+          MSG = 'The `secure_password` helper from the openssl cookbooks `Opscode::OpenSSL::Password` class should not be used to generate passwords.'.freeze
+
+          def_node_matcher :openssl_helper?, <<~PATTERN
+            (const
+              (const
+                (const nil? :Opscode) :OpenSSL) :Password)
+          PATTERN
+
+          def on_const(node)
+            openssl_helper?(node) do
+              add_offense(node, location: :expression, message: MSG, severity: :warning)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/depends_compat_resource.rb

@@ -18,7 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Don't depend on the deprecated compat_resource cookbook made obsolete by Chef 12.19+
+        # Don't depend on the deprecated compat_resource cookbook made obsolete by Chef Infra Client 12.19+
         #
         # @example
         #

data/lib/rubocop/cop/chef/deprecation/depends_partial_search.rb

@@ -18,7 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Don't depend on the partial_search cookbook made obsolete by Chef 13
+        # Don't depend on the partial_search cookbook made obsolete by Chef Infra Client 13
         #
         # @example
         #

data/lib/rubocop/cop/chef/deprecation/deprecated_chefspec_platform.rb

@@ -47,22 +47,28 @@ module RuboCop
               '> 16.04, < 18.04' => true,
             },
             'fedora' => {
-              '< 30' => '30',
+              '< 31' => '31',
             },
             'freebsd' => {
-              '< 11' => '12',
+              '~> 11.0, < 11.2' => '11',
+              '= 12.0' => '12',
+              '< 11' => true,
             },
             'mac_os_x' => {
               '< 10.12' => '10.15',
             },
+            'suse' => {
+              '~> 12.0, < 12.4' => '12',
+              '< 12' => true,
+            },
             'opensuse' => {
               '< 14' => true,
               '~> 42.0' => true,
             },
             'debian' => {
               '< 8' => true,
-              '> 8.0, < 8.9' => '8',
-              '> 9.0, < 9.8' => '9',
+              '> 8.0, < 8.10' => '8',
+              '> 9.0, < 9.9' => '9',
             },
             'centos' => {
               '< 6.0' => true,

data/lib/rubocop/cop/chef/deprecation/easy_install.rb

@@ -19,7 +19,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Don't use the deprecated easy_install resource removed in Chef 13
+        # Don't use the deprecated easy_install resource removed in Chef Infra Client 13
         #
         # @example
         #
@@ -29,7 +29,7 @@ module RuboCop
         #   end
         #
         class EasyInstallResource < Cop
-          MSG = "Don't use the deprecated easy_install resource removed in Chef 13".freeze
+          MSG = "Don't use the deprecated easy_install resource removed in Chef Infra Client 13".freeze
 
           def on_send(node)
             add_offense(node, location: :expression, message: MSG, severity: :warning) if node.method_name == :easy_install

data/lib/rubocop/cop/chef/deprecation/erl_call.rb

@@ -29,7 +29,7 @@ module RuboCop
         #   end
         #
         class ErlCallResource < Cop
-          MSG = "Don't use the deprecated erl_call resource removed in Chef 13".freeze
+          MSG = "Don't use the deprecated erl_call resource removed in Chef Infra Client 13".freeze
 
           def on_send(node)
             add_offense(node, location: :expression, message: MSG, severity: :warning) if node.method_name == :erl_call

data/lib/rubocop/cop/chef/deprecation/hwrp_without_provides.rb

@@ -0,0 +1,141 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefDeprecations
+        # Chef Infra Client 16 and later a legacy HWRP resource must use `provides` to define how the resource is called in recipes or other resources. To maintain compatibility with Chef Infra Client < 16 use both `resource_name` and `provides`.
+        #
+        # @example
+        #
+        #   # bad
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #   # bad
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         resource_name :ulimit_rule
+        #
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #  # good when Chef Infra Client < 15 (but compatible with 16+ as well)
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         resource_name :ulimit_rule
+        #         provides :ulimit_rule
+        #
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #  # good when Chef Infra Client 16+
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         provides :ulimit_rule
+        #
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #  # better
+        #  Convert your legacy HWRPs to custom resources
+        #
+        class HWRPWithoutProvides < Cop
+          MSG = 'In Chef Infra Client 16 and later a legacy HWRP resource must use `provides` to define how the resource is called in recipes or other resources. To maintain compatibility with Chef Infra Client < 16 use both `resource_name` and `provides`.'.freeze
+
+          def_node_matcher :HWRP?, <<-PATTERN
+          (class
+            (const nil? :Chef) nil?
+            (class
+              (const nil? :Resource) nil?
+              $(class
+                (const nil? ... )
+                (const
+                  (const nil? :Chef) :Resource)
+                  (begin ... ))))
+          PATTERN
+
+          def_node_search :provides, '(send nil? :provides (sym $_) ...)'
+          def_node_search :resource_name_ast, '$(send nil? :resource_name ...)'
+          def_node_search :resource_name, '(send nil? :resource_name (sym $_))'
+
+          def on_class(node)
+            HWRP?(node) do |inherit|
+              add_offense(inherit, location: :expression, message: MSG, severity: :warning) unless has_provides?
+            end
+          end
+
+          def has_provides?
+            provides_ast = provides(processed_source.ast)
+            return false if provides_ast.count == 0
+
+            resource_ast = resource_name(processed_source.ast)
+
+            if resource_ast.count == 0
+              true # no resource_name, but provides
+            else
+              # since we have a resource and provides make sure the there is a provides that
+              # matches the resource name
+              provides_ast.include?(resource_ast.first)
+            end
+          end
+
+          def indentation(node)
+            node.source_range.source_line =~ /\S/
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              resource_name_ast(node) do |ast_match|
+                # build a new string to add after that includes the new line and the proper indentation
+                new_string = "\n" + ast_match.source.dup.gsub('resource_name', 'provides').prepend(' ' * indentation(ast_match))
+                corrector.insert_after(ast_match.source_range, new_string)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/locale_lc_all_property.rb

@@ -18,7 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # The local resource's lc_all property has been deprecated and will be removed in Chef Infra Client 16
+        # The local resource's lc_all property has been deprecated and will be removed in Chef Infra Client 17
         #
         # @example
         #
@@ -31,7 +31,7 @@ module RuboCop
         class LocaleDeprecatedLcAllProperty < Cop
           include RuboCop::Chef::CookbookHelpers
 
-          MSG = "The local resource's lc_all property has been deprecated and will be removed in Chef Infra Client 16".freeze
+          MSG = "The local resource's lc_all property has been deprecated and will be removed in Chef Infra Client 17".freeze
 
           def on_block(node)
             match_property_in_resource?(:locale, 'lc_all', node) do |property|

data/lib/rubocop/cop/chef/deprecation/node_methods_not_attributes.rb

@@ -18,7 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Incorrectly using node methods for Ohai data when you really want node attributes
+        # Use node attributes to access data provided by Ohai instead of using node methods to access that data.
         #
         # @example
         #