cookstyle 6.4.4 → 6.9.0

data/lib/rubocop/cop/chef/correctness/invalid_version_metadata.rb

@@ -36,7 +36,7 @@ module RuboCop
 
           def on_send(node)
             version?(node) do |ver|
-              if ver.value !~ /\A\d+\.\d+(\.\d+)?\z/ # entirely borrowed from Foodcritic.
+              unless /\A\d+\.\d+(\.\d+)?\z/.match?(ver.value) # entirely borrowed from Foodcritic.
                 add_offense(ver, location: :expression, message: MSG, severity: :refactor)
               end
             end

data/lib/rubocop/cop/chef/correctness/lazy_eval_node_attribute_defaults.rb

@@ -0,0 +1,56 @@
+#
+# Copyright:: 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # When setting a node attribute as the default value for a custom resource property, wrap the node attribute in `lazy {}` so that its value is available when the resource executes.
+        #
+        # @example
+        #
+        #   # bad
+        #   property :Something, String, default: node['hostname']
+        #
+        #   # good
+        #   property :Something, String, default: lazy { node['hostname'] }
+        #
+        class LazyEvalNodeAttributeDefaults < Cop
+          include RuboCop::Chef::CookbookHelpers
+
+          MSG = 'When setting a node attribute as the default value for a custom resource property, wrap the node attribute in `lazy {}` so that its value is available when the resource executes.'.freeze
+
+          def_node_matcher :non_lazy_node_attribute_default?, <<-PATTERN
+            (send nil? :property (sym _) ... (hash <(pair (sym :default) $(send (send _ :node) :[] _) ) ...>))
+          PATTERN
+
+          def on_send(node)
+            non_lazy_node_attribute_default?(node) do |default|
+              add_offense(default, location: :expression, message: MSG, severity: :refactor)
+            end
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              corrector.replace(node.loc.expression, "lazy { #{node.loc.expression.source} }")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb

@@ -0,0 +1,45 @@
+
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # The openSSL cookbook provides a deprecated `secure_password` helper in the `Opscode::OpenSSL::Password` class, which should not longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.
+        #
+        #   # bad
+        #   ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
+        #   basic_auth_password = secure_password
+        #
+        class OpenSSLPasswordHelpers < Cop
+          MSG = 'The `secure_password` helper from the openssl cookbooks `Opscode::OpenSSL::Password` class should not be used to generate passwords.'.freeze
+
+          def_node_matcher :openssl_helper?, <<~PATTERN
+            (const
+              (const
+                (const nil? :Opscode) :OpenSSL) :Password)
+          PATTERN
+
+          def on_const(node)
+            openssl_helper?(node) do
+              add_offense(node, location: :expression, message: MSG, severity: :warning)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/deprecated_chefspec_platform.rb

@@ -47,22 +47,28 @@ module RuboCop
               '> 16.04, < 18.04' => true,
             },
             'fedora' => {
-              '< 30' => '30',
+              '< 31' => '31',
             },
             'freebsd' => {
-              '< 11' => '12',
+              '~> 11.0, < 11.2' => '11',
+              '= 12.0' => '12',
+              '< 11' => true,
             },
             'mac_os_x' => {
               '< 10.12' => '10.15',
             },
+            'suse' => {
+              '~> 12.0, < 12.4' => '12',
+              '< 12' => true,
+            },
             'opensuse' => {
               '< 14' => true,
               '~> 42.0' => true,
             },
             'debian' => {
               '< 8' => true,
-              '> 8.0, < 8.9' => '8',
-              '> 9.0, < 9.8' => '9',
+              '> 8.0, < 8.10' => '8',
+              '> 9.0, < 9.9' => '9',
             },
             'centos' => {
               '< 6.0' => true,

data/lib/rubocop/cop/chef/deprecation/hwrp_without_provides.rb

@@ -0,0 +1,141 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefDeprecations
+        # Chef Infra Client 16 and later a legacy HWRP resource must use `provides` to define how the resource is called in recipes or other resources. To maintain compatibility with Chef Infra Client < 16 use both `resource_name` and `provides`.
+        #
+        # @example
+        #
+        #   # bad
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #   # bad
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         resource_name :ulimit_rule
+        #
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #  # good when Chef Infra Client < 15 (but compatible with 16+ as well)
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         resource_name :ulimit_rule
+        #         provides :ulimit_rule
+        #
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #  # good when Chef Infra Client 16+
+        #   class Chef
+        #     class Resource
+        #       class UlimitRule < Chef::Resource
+        #         provides :ulimit_rule
+        #
+        #         property :type, [Symbol, String], required: true
+        #         property :item, [Symbol, String], required: true
+        #
+        #         # additional resource code
+        #       end
+        #     end
+        #   end
+        #
+        #  # better
+        #  Convert your legacy HWRPs to custom resources
+        #
+        class HWRPWithoutProvides < Cop
+          MSG = 'In Chef Infra Client 16 and later a legacy HWRP resource must use `provides` to define how the resource is called in recipes or other resources. To maintain compatibility with Chef Infra Client < 16 use both `resource_name` and `provides`.'.freeze
+
+          def_node_matcher :HWRP?, <<-PATTERN
+          (class
+            (const nil? :Chef) nil?
+            (class
+              (const nil? :Resource) nil?
+              $(class
+                (const nil? ... )
+                (const
+                  (const nil? :Chef) :Resource)
+                  (begin ... ))))
+          PATTERN
+
+          def_node_search :provides, '(send nil? :provides (sym $_) ...)'
+          def_node_search :resource_name_ast, '$(send nil? :resource_name ...)'
+          def_node_search :resource_name, '(send nil? :resource_name (sym $_))'
+
+          def on_class(node)
+            HWRP?(node) do |inherit|
+              add_offense(inherit, location: :expression, message: MSG, severity: :warning) unless has_provides?
+            end
+          end
+
+          def has_provides?
+            provides_ast = provides(processed_source.ast)
+            return false if provides_ast.count == 0
+
+            resource_ast = resource_name(processed_source.ast)
+
+            if resource_ast.count == 0
+              true # no resource_name, but provides
+            else
+              # since we have a resource and provides make sure the there is a provides that
+              # matches the resource name
+              provides_ast.include?(resource_ast.first)
+            end
+          end
+
+          def indentation(node)
+            node.source_range.source_line =~ /\S/
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              resource_name_ast(node) do |ast_match|
+                # build a new string to add after that includes the new line and the proper indentation
+                new_string = "\n" + ast_match.source.dup.gsub('resource_name', 'provides').prepend(' ' * indentation(ast_match))
+                corrector.insert_after(ast_match.source_range, new_string)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/resource_uses_only_resource_name.rb

@@ -0,0 +1,86 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefDeprecations
+        # Starting with Chef Infra Client 16, using `resource_name` without also using `provides` will result in resource failures. Make sure to use both `resource_name` and `provides` to change the name of the resource. You can also omit `resource_name` entirely if the value set matches the name Chef Infra Client automatically assigns based on COOKBOOKNAME_FILENAME.
+        #
+        # @example
+        #
+        #   # bad
+        #   mycookbook/resources/myresource.rb:
+        #   resource_name :mycookbook_myresource
+        #
+        class ResourceUsesOnlyResourceName < Cop
+          include RuboCop::Chef::CookbookHelpers
+          include RangeHelp
+
+          MSG = 'Starting with Chef Infra Client 16, using `resource_name` without also using `provides` will result in resource failures. Make sure to use both `resource_name` and `provides` to change the name of the resource. You can also omit `resource_name` entirely if the value set matches the name Chef Infra Client automatically assigns based on COOKBOOKNAME_FILENAME.'.freeze
+
+          def_node_matcher :resource_name?, '(send nil? :resource_name (sym $_ ))'
+
+          def_node_search :cb_name_match, '(send nil? :name (str $_))'
+
+          def_node_search :provides, '(send nil? :provides (sym $_) ...)'
+
+          # determine the cookbook name either by parsing metdata.rb or by parsing metata.json
+          #
+          # @returns [String] the cookbook name
+          def cookbook_name
+            cb_path = File.expand_path(File.join(processed_source.file_path, '../..'))
+
+            if File.exist?(File.join(cb_path, 'metadata.rb'))
+              cb_metadata_ast = ProcessedSource.from_file(File.join(cb_path, 'metadata.rb'), @config.target_ruby_version).ast
+              cb_name_match(cb_metadata_ast).first
+            elsif File.exist?(File.join(cb_path, 'metadata.json')) # this exists only for supermarket files that lack metadata.rb
+              JSON.parse(File.read(File.join(cb_path, 'metadata.json')))['name']
+            end
+          end
+
+          # given a resource name make sure there's a provides that matches that name
+          #
+          # @returns [TrueClass, FalseClass]
+          def valid_provides?(resource_name)
+            provides_ast = provides(processed_source.ast)
+            return false unless provides_ast
+
+            provides_ast.include?(resource_name)
+          end
+
+          def on_send(node)
+            resource_name?(node) do |r_name|
+              add_offense(node, location: :expression, message: MSG, severity: :warning) unless valid_provides?(r_name)
+            end
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              resource_name?(node) do |name|
+                if name.to_s == "#{cookbook_name}_#{File.basename(processed_source.path, '.rb')}"
+                  corrector.remove(range_with_surrounding_space(range: node.loc.expression, side: :left))
+                else
+                  corrector.insert_after(node.source_range, "\n#{node.source.gsub('resource_name', 'provides')}")
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/ruby_27_keyword_argument_warnings.rb

@@ -0,0 +1,59 @@
+#
+# Copyright:: 2020, Chef Software, Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefDeprecations
+        # Pass options to shell_out helpers without the brackets to avoid Ruby 2.7 deprecation warnings.
+        #
+        # @example
+        #
+        #   # bad
+        #   shell_out!('hostnamectl status', { returns: [0, 1] })
+        #   shell_out('hostnamectl status', { returns: [0, 1] })
+        #
+        #   # good
+        #   shell_out!('hostnamectl status', returns: [0, 1])
+        #   shell_out('hostnamectl status', returns: [0, 1])
+        #
+        class Ruby27KeywordArgumentWarnings < Cop
+          include RuboCop::Chef::CookbookHelpers
+
+          MSG = 'Pass options to shell_out helpers without the brackets to avoid Ruby 2.7 deprecation warnings.'.freeze
+
+          def_node_matcher :positional_shellout?, <<-PATTERN
+            (send nil? {:shell_out :shell_out!} ... $(hash ... ))
+          PATTERN
+
+          def on_send(node)
+            positional_shellout?(node) do |h|
+              add_offense(h, location: :expression, message: MSG, severity: :refactor) if h.braces?
+            end
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              # @todo when we drop ruby 2.4 support we can convert to to just delete_prefix delete_suffix
+              corrector.replace(node.loc.expression, node.loc.expression.source.gsub(/^{/, '').gsub(/}$/, ''))
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/xml_ruby_recipe.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: 2019, Chef Software, Inc.
+# Copyright:: 2019-2020, Chef Software, Inc.
 # Author:: Tim Smith (<tsmith@chef.io>)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,8 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Do not include the deprecated xml::ruby recipe to install the nokogiri gem.
-        # Chef Infra Client 12 and later ships with nokogiri included.
+        # Do not include the deprecated xml::ruby recipe to install the nokogiri gem. Chef Infra Client 12 and later ships with nokogiri included.
         #
         # @example
         #
@@ -35,6 +34,7 @@ module RuboCop
 
           def on_send(node)
             xml_ruby_recipe?(node) do
+              node = node.parent if node.parent&.conditional? && node.parent&.single_line_condition? # make sure we catch any inline conditionals
               add_offense(node, location: :expression, message: MSG, severity: :warning)
             end
           end