cookstyle 5.0.4 → 5.1.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7cbe0d726d24711da59599a15be6d1a6b9904245cb68ad17aa07f390bbad1537
-  data.tar.gz: ec624080babc3e2f6295ed610c6700e69d5fae4a383696638d0344ee1e5eaf86
+  metadata.gz: 0bebad52b67940ef2ea18a69715758710d78e83d08e6fd3629647c44df467d79
+  data.tar.gz: 48af992c7bf5f18d5b3a948912ff57386439bbc57029ec3a6b962d5192b168f6
 SHA512:
-  metadata.gz: 5dac69031554a13e6f8df40ebb38dd816c3f7fd87dc32020d5387af42374066433704ac95db00f692ce1dc1970d2b4b11061fb1ea34a6ec2be459486626c25ec
-  data.tar.gz: 2b6f78c5b4859c6fe62f588725da64b40b12c08184a8ca8ce45bac215c771c744ae3ee5c99171a65e05e10177f1e188d0b457067ef1af5964039b333fddeff9f
+  metadata.gz: 31950bedb48fc769d8359183b7a7f8a95bb109cd446ed55748bcb90c97688735b4dc063d12660a3573e8a299eb145ca3f912100a2f0086038eaedf714194dce5
+  data.tar.gz: 721544b1d118f01f29be8d025e927df03fd588e5379f58e7c4748cbc4b3325c225b90a32d44f15c914794bb2faf0fd93c8c214c721d3341e02689fa92b1a3187

data/Gemfile

@@ -15,6 +15,15 @@ group :docs do
   gem 'yard'
 end
 
+group :development do
+  gem 'adamantium'
+  gem 'anima'
+  gem 'concord'
+  gem 'rake'
+  gem 'rspec', '>= 3.4'
+  gem 'simplecov'
+end
+
 instance_eval(ENV['GEMFILE_MOD']) if ENV['GEMFILE_MOD']
 
 # If you want to load debugging tools into the bundle exec sandbox,

data/bin/cookstyle

@@ -5,6 +5,13 @@ $LOAD_PATH.unshift File.join(File.dirname(__FILE__), %w(.. lib))
 
 require 'cookstyle'
 
+# force the fail level to :convention so that we can set all our new rules to
+# the lowest level of :refactor without failing everyone's CI jobs
+unless ARGV.include?('--fail-level')
+  ARGV << '--fail-level'
+  ARGV << 'C'
+end
+
 if ARGV.size == 1 && %w(-v --version).include?(ARGV.first)
   puts "Cookstyle #{Cookstyle::VERSION}"
   print '  * RuboCop '

data/config/cookstyle.yml

@@ -25,37 +25,225 @@ AllCops:
     Patterns:
     - resources/.*\.rb
 
+###############################
+# Making cookbooks look better
+###############################
+
 Chef/AttributeKeys:
   Description: Check which style of keys are used to access node attributes.
   Enabled: true
   EnforcedStyle: strings
+  VersionAdded: '5.0.0'
   SupportedStyles:
   - strings
   - symbols
 
+Chef/CopyrightCommentFormat:
+  Description: Properly format copyright dates in comment blocks and ensure dates are up to date
+  Enabled: false
+  VersionAdded: '5.0.0'
+
+Chef/CommentSentenceSpacing:
+  Description: Use a single space after sentences in comments
+  Enabled: false
+  VersionAdded: '5.1.0'
+
+Chef/CommentFormat:
+  Description: Use Chef's unique format for comment headers
+  Enabled: true
+  VersionAdded: '5.0.0'
+
+###############################
+# Avoiding potential problems
+###############################
+
 Chef/FileMode:
   Description: Use strings to represent file modes in Chef resources
   Enabled: true
+  VersionAdded: '5.0.0'
 
 Chef/ServiceResource:
   Description: Use a service resource to start and stop services instead of execute resources
   Enabled: true
+  VersionAdded: '5.0.0'
 
-Chef/CopyrightCommentFormat:
-  Description: Properly format copyright dates in comment blocks and ensure dates are up to date
-  Enabled: false
+Chef/NodeNormal:
+  Description: Do not use the node.normal method
+  Enabled: true
+  VersionAdded: '5.1.0'
 
-Chef/CommentFormat:
-  Description: Use Chef's unique format for comment headers
+Chef/NodeNormalUnless:
+  Description: Do not use the node.normal_unless method
   Enabled: true
+  VersionAdded: '5.1.0'
+
+Chef/TmpPath:
+  Description: Use file_cache_path rather than hard-coding tmp paths
+  Enabled: true
+  VersionAdded: '5.0.0'
+
+Chef/InsecureCookbookURL:
+  Description: Insecure http Github or Gitlab URLs for metadata source_url/issues_url fields
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/NamePropertyIsRequired:
+  Description: Resource properties marked as name properties should not also be required properties
+  Enabled: true
+  VersionAdded: '5.1.0'
+
+###############################
+# Resolving Deprecations
+###############################
 
 Chef/NodeSet:
   Description: Do not use the deprecated node.set method
   Enabled: true
+  VersionAdded: '5.0.0'
 
-Chef/TmpPath:
-  Description: Use file_cache_path rather than hard-coding tmp paths
+Chef/NodeSetUnless:
+  Description: Do not use the deprecated node.set_unless method
+  Enabled: true
+  VersionAdded: '5.1.0'
+
+Chef/EpicFail:
+  Description: Use ignore_failure method instead of the deprecated epic_fail method
+  Enabled: true
+  VersionAdded: '5.1.0'
+
+Chef/CookbookDependsOnPoise:
+  Description: Cookbooks should not depend on the deprecated Poise framework
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/ConflictsMetadata:
+  Description: Don't use the deprecated 'conflicts' metadata value
   Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/SuggestsMetadata:
+  Description: Don't use the deprecated 'suggests' metadata value
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/ProvidesMetadata:
+  Description: Don't use the deprecated 'provides' metadata value
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/ReplacesMetadata:
+  Description: Don't use the deprecated 'replaces' metadata value
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/AttributeMetadata:
+  Description: Don't use the deprecated 'attribute' metadata value
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/CookbookDependsOnCompatResource:
+  Description: Don't depend on the deprecated compat_resource cookbook made obsolete by Chef 12.19+
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/CookbookDependsOnPartialSearch:
+  Description: Don't depend on the deprecated partial_search cookbook made obsolete by Chef 13+
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+Chef/EasyInstallResource:
+  Description: Don't use the deprecated easy_install resource resource removed in Chef 13
+  Enabled: true
+  VersionAdded: '5.1.0'
+
+Chef/ErlCallResource:
+  Description: Don't use the deprecated erl_call resource removed in Chef 13
+  Enabled: true
+  VersionAdded: '5.1.0'
+
+###############################
+# Cleaning up Legacy Code
+###############################
+
+Chef/LegacyBerksfileSource:
+  Description: Do not use legacy Berksfile community sources. Use Chef Supermarket instead.
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/Berksfile'
+
+Chef/WhyRunSupportedTrue:
+  Description: why_run_supported? no longer needs to be set to true as it is the default in Chef 13+
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/resources/.*\.rb'
+    - '**/providers/.*\.rb'
+    - '**/libraries/.*\.rb'
+
+PropertyWithNameAttribute:
+  Description: Resource property sets name_attribute not name_property
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/resources/.*\.rb'
+    - '**/libraries/.*\.rb'
+
+PropertyWithRequiredAndDefault:
+  Description: Resource property should not be both required and have a default value
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/resources/.*\.rb'
+    - '**/libraries/.*\.rb'
+
+Chef/UnnecessaryDependsChef14:
+  Description: Don't depend on cookbooks made obsolete by Chef 14
+  Enabled: true
+  VersionAdded: '5.1.0'
+  Include:
+    - '**/metadata.rb'
+
+###############################
+# Utilize new built-in resources
+###############################
+
+Chef/UseBuildEssentialResource:
+  Description: Use the build_essential resource instead of the legacy build-essential recipe
+  Enabled: false
+  VersionAdded: '5.1.0'
+
+###############################
+# Migrating to new patterns
+###############################
+
+Chef/CookbookUsesSearch:
+  Description: Cookbook uses search, which cannot be used in the Effortless Infra pattern
+  Enabled: false
+  VersionAdded: '5.1.0'
+
+Chef/CookbookUsesDatabags:
+  Description: Cookbook uses data bags, which cannot be used in the Effortless Infra pattern
+  Enabled: false
+  VersionAdded: '5.1.0'
 
 #### The base rubocop 0.37 enabled.yml file we started with ####
 

data/config/upstream.yml

@@ -2344,7 +2344,7 @@ Style/ClassAndModuleChildren:
   StyleGuide: '#namespace-definition'
   # Moving from compact to nested children requires knowledge of whether the
   # outer parent is a module or a class. Moving from nested to compact requires
-  # verification that the outer parent is defined elsewhere. Rubocop does not
+  # verification that the outer parent is defined elsewhere. RuboCop does not
   # have the knowledge to perform either operation safely and thus requires
   # manual oversight.
   SafeAutoCorrect: false

data/lib/cookstyle.rb

@@ -36,5 +36,6 @@ require 'rubocop/chef/cookbook_only'
 # Chef specific cops
 Dir.glob(File.dirname(__FILE__) + '/rubocop/cop/chef/**/*.rb') do |file|
   next if File.directory?(file)
+
   require_relative file # not actually relative but require_relative is faster
 end

data/lib/cookstyle/version.rb

@@ -1,4 +1,4 @@
 module Cookstyle
-  VERSION = "5.0.4".freeze # rubocop: disable Style/StringLiterals
+  VERSION = "5.1.19".freeze # rubocop: disable Style/StringLiterals
   RUBOCOP_VERSION = '0.72.0'.freeze
 end

data/lib/rubocop/chef/cookbook_only.rb

@@ -4,15 +4,15 @@ module RuboCop
   module Chef
     # Mixin for cops that skips non-cookbook files
     #
-    # The criteria for whether rubocop-rspec analyzes a certain ruby file
-    # is configured via `AllCops/RSpec`. For example, if you want to
+    # The criteria for whether cookstyle analyzes a certain ruby file
+    # is configured via `AllCops/Chef`. For example, if you want to
     # customize your project to scan all files within a `test/` directory
     # then you could add this to your configuration:
     #
     # @example configuring analyzed paths
     #
     #   AllCops:
-    #     RSpec:
+    #     Chef:
     #       Patterns:
     #       - '_spec.rb$'
     #       - '(?:^|/)spec/'
@@ -31,6 +31,7 @@ module RuboCop
         patterns = []
         COOKBOOK_SEGMENTS.each do |segment|
           next unless self.class.cookbook_only_segments[segment.to_sym]
+
           cookbook_pattern_config(segment).each do |pattern|
             patterns << Regexp.new(pattern)
           end

data/lib/rubocop/cop/chef/correctness/insecure_cookbook_url.rb

@@ -0,0 +1,60 @@
+#
+# Copyright:: Copyright 2019, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      # Use secure Github and Gitlab URLs for source_url and issues_url
+      #
+      # @example
+      #
+      #   # bad
+      #   source_url 'http://github.com/something/something'
+      #   source_url 'http://www.github.com/something/something'
+      #   source_url 'http://www.gitlab.com/something/something'
+      #   source_url 'http://gitlab.com/something/something'
+      #
+      #   # good
+      #   source_url 'http://github.com/something/something'
+      #   source_url 'http://gitlab.com/something/something'
+      #
+      class InsecureCookbookURL < Cop
+        MSG = 'Insecure http Github or Gitlab URLs for metadata source_url/issues_url fields'.freeze
+
+        def_node_matcher :insecure_cb_url?, <<-PATTERN
+          (send nil? {:source_url :issues_url} (str #insecure_url?))
+        PATTERN
+
+        def insecure_url?(url)
+          # https://rubular.com/r/dS6L6bQZvwWxWq
+          url.match?(%r{http://(www.)*git(hub|lab)})
+        end
+
+        def on_send(node)
+          insecure_cb_url?(node) do
+            add_offense(node, location: :expression, message: MSG, severity: :refactor)
+          end
+        end
+
+        def autocorrect(node)
+          lambda do |corrector|
+            corrector.replace(node.loc.expression, node.source.gsub(%r{http://(www.)*}, 'https://'))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/name_property_and_required.rb

@@ -0,0 +1,94 @@
+#
+# Copyright:: Copyright 2019, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      # When using properties in a custom resource you shouldn't set a property to
+      # be both required and a name_property. Name properties are a way to optionally
+      # override the name given to the resource block in cookbook code. In your resource
+      # code you use the name_property and if the user doesn't pass in anything to that
+      # property its value will be populated with resource block's name. This
+      # allows users to provide more friendly resource names for logging that give
+      # additional context on the change being made.
+      #
+      # How about a nice example! Here we have a resource called ntp_config that has a
+      # name_property of config_file. All throughout the code of this resource we'd
+      # use new_resource.config_file when referencing the path to the config.
+      #
+      # We can use a friendly name for the block and specific a value to config_file
+      # ntp_config 'Configure the main config file' do
+      #   config_file '/etc/ntp/ntp.conf'
+      #   action :create
+      # end
+      #
+      # We can also just set the config path as the resource block and Chef will
+      # make sure to pass this in as new_resource.config_file as well.
+      # ntp_config '/etc/ntp/ntp.conf' do
+      #   action :create
+      # end
+      #
+      # The core tenant of the name property feature is that these properties are optional
+      # and making them required effectively turns off the functionality provided by name
+      # properties. If the goal is to always require the user to pass the config_file property
+      # then it should just be made a required property and not a name_property.
+      #
+      #
+      # @example
+      #
+      #
+      #   # bad
+      #   property :config_file, String, required: true, name_property: true
+      #
+      #
+      #   # good
+      #   property :config_file, String, required: true
+      class NamePropertyIsRequired < Cop
+        MSG = 'Resource properties marked as name properties should not also be required properties'.freeze
+
+        def on_send(node)
+          if required_property?(node) && property_is_name_property?(node)
+            add_offense(node, location: :expression, message: MSG, severity: :refactor)
+          end
+        end
+
+        private
+
+        def property_is_name_property?(node)
+          if node.method_name == :property
+            node.arguments.each do |arg|
+              if arg.type == :hash
+                return true if arg.source.match?(/name_property:\s*true/)
+              end
+            end
+            false # no required: true found
+          end
+        end
+
+        def required_property?(node)
+          if node.method_name == :property
+            node.arguments.each do |arg|
+              if arg.type == :hash
+                return true if arg.source.match?(/required:\s*true/)
+              end
+            end
+            false # no default: found
+          end
+        end
+      end
+    end
+  end
+end