cookstyle 5.17.4 → 5.18.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9542dd1a3bbc3a2f0f4db8c2108e67ef70cec17da89557746489ccc9dd89d4f5
-  data.tar.gz: b2a67152f01ef162bfe42b833e15b627fe361403a2ad450b0f591bc490a1b551
+  metadata.gz: 56fb1dda6ccaeeb4a3f521c52407e12becf9f1b1625a89b4c893f415820e40c4
+  data.tar.gz: 46c9bf893653173d77d7282056dc81cb385ef2b6f7828cc5f76e0e4e8e51a3f4
 SHA512:
-  metadata.gz: 1432f849f9464fabd9e9b17c559889f1c537671175b5690fb48d2f311030dd51c12746fc1dbad60dfd084fde4377e48ea5ee4c8a3bdd991f486f46ffafa8627e
-  data.tar.gz: a0f4c2a88b75f3049967747a8fc183d922800ff0b84d0d11bcb853444d1755bc83c7ee90e02c70a0bdb04b4d65b208ee438093010fbcab184c5bbeb817f7ec62
+  metadata.gz: f3e1c5acbb968e895c0a8190c28635baa023574e797d0b56ba54bba776f97f24b7d0f718bb02b92080175f46f475500a02254db3bd6f92090fd89f5b2239ec4e
+  data.tar.gz: 44d2c68635670c76ac81c4941dd70a3fd99fa53cdf40654576584784fd88b256f6c94066716cdff8c8cb7b63b29f68b17524b654e7de4cba514d89803993941b

data/config/cookstyle.yml

@@ -2,8 +2,8 @@ AllCops:
   TargetRubyVersion: 2.4
   TargetChefVersion: ~
   Exclude:
-    - files/**/*
-    - vendor/**/*
+    - '**/files/**/*'
+    - '**/vendor/**/*'
     - Guardfile
   ChefAttributes:
     Patterns:
@@ -1064,8 +1064,26 @@ ChefModernize/DslIncludeInResource:
     - '**/resources/*.rb'
     - '**/providers/*.rb'
 
+ChefModernize/ResourceForcingCompileTime:
+  Description: The hostname, build_essential, chef_gem, and ohai_hint resources include 'compile_time' properties, which should be used to force the resources to run at compile time by setting `compile_time true`.
+  Enabled: true
+  VersionAdded: '5.18.0'
+  Exclude:
+    - '**/metadata.rb'
+    - '**/attributes/*.rb'
+    - '**/Berksfile'
+
+ChefModernize/ExecuteSysctl:
+  Description: Chef Infra Client 14.0 and later includes a sysctl resource that should be used to idempotently load sysctl values instead of templating files and using execute to load them.
+  Enabled: true
+  VersionAdded: '5.18.0'
+  Exclude:
+    - '**/metadata.rb'
+    - '**/attributes/*.rb'
+    - '**/Berksfile'
+
 ###############################
-# ChefRedundantCode: Cleanup unncessary code in your cookbooks regardless of chef-client release
+# ChefRedundantCode: Cleanup unnecessary code in your cookbooks regardless of Chef Infra Client release
 ###############################
 
 ChefRedundantCode/ConflictsMetadata:
@@ -1892,7 +1910,7 @@ Lint/BigDecimalNew:
 Lint/UnneededCopEnableDirective:
   Enabled: true
 
-# get people on a much simpler ruby 2.4 way of doing things
+# get people on a much simpler ruby 2.4+ way of doing things
 Style/UnpackFirst:
   Enabled: true
 

data/lib/cookstyle/version.rb

@@ -1,4 +1,4 @@
 module Cookstyle
-  VERSION = "5.17.4".freeze # rubocop: disable Style/StringLiterals
+  VERSION = "5.18.4".freeze # rubocop: disable Style/StringLiterals
   RUBOCOP_VERSION = '0.75.1'.freeze
 end

data/lib/rubocop/cop/chef/modernize/compile_time_resources.rb

@@ -0,0 +1,51 @@
+#
+# Copyright:: 2020, Chef Software, Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefModernize
+        # The hostname, build_essential, chef_gem, and ohai_hint resources include 'compile_time' properties, which should be used to force the resources to run at compile time by setting `compile_time true`.
+        #
+        # @example
+        #
+        #   # bad
+        #   build_essential 'install build tools' do
+        #    action :nothing
+        #   end.run_action(:install)
+        #
+        #   # good
+        #   build_essential 'install build tools' do
+        #    compile_time true
+        #   end
+        #
+        class ResourceForcingCompileTime < Cop
+          MSG = "Set 'compile_time true' in resources when available instead of forcing resources to run at compile time by setting an action on the block.".freeze
+
+          def_node_matcher :compile_time_resource?, <<-PATTERN
+            (send (block (send nil? {:build_essential :chef_gem :hostname :ohai_hint} (...)) (args) (...)) $:run_action (sym ...))
+          PATTERN
+
+          def on_send(node)
+            compile_time_resource?(node) do
+              add_offense(node, location: :expression, message: MSG, severity: :refactor)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/modernize/execute_sysctl.rb

@@ -0,0 +1,73 @@
+#
+# Copyright:: 2020, Chef Software, Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefModernize
+        # Chef Infra Client 14.0 and later includes a sysctl resource that should be used to idempotently load sysctl values instead of templating files and using execute to load them.
+        #
+        #   # bad
+        #   file '/etc/sysctl.d/ipv4.conf' do
+        #     owner 'root'
+        #     group 'root'
+        #     mode '0755'
+        #     notifies :run, 'service[sysctl -p /etc/sysctl.d/ipv4.conf]', :immediately
+        #     content '9000 65500'
+        #   end
+        #
+        #   execute 'sysctl -p /etc/sysctl.d/ipv4.conf' do
+        #     action :nothing
+        #   end
+        #
+        #   # good
+        #   sysctl 'net.ipv4.ip_local_port_range' do
+        #     value '9000 65500'
+        #   end
+        #
+        class ExecuteSysctl < Cop
+          include RuboCop::Chef::CookbookHelpers
+          extend TargetChefVersion
+
+          minimum_target_chef_version '14.0'
+
+          MSG = 'Chef Infra Client 14.0 and later includes a sysctl resource that should be used to idempotently load sysctl values instead of templating files and using execute to load them.'.freeze
+
+          # non block execute resources
+          def on_send(node)
+            return unless node.method_name == :execute
+
+            # use a regex on source instead of .value in case there's string interpolation which adds a complex dstr type
+            # with a nested string and a begin. Source allows us to avoid a lot of defensive programming here
+            if node&.arguments.first&.source&.match?(/^("|')sysctl -p/)
+              add_offense(node, location: :expression, message: MSG, severity: :refactor)
+            end
+          end
+
+          # block execute resources
+          def on_block(node)
+            match_property_in_resource?(:execute, 'command', node) do |code_property|
+              property_data = method_arg_ast_to_string(code_property)
+              if property_data && property_data.match?(/^sysctl -p/i)
+                add_offense(node, location: :expression, message: MSG, severity: :refactor)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/redundant/name_property_and_required.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright 2019, Chef Software Inc.
+# Copyright:: Copyright 2019-2020, Chef Software Inc.
 # Author:: Tim Smith (<tsmith@chef.io>)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -61,35 +61,18 @@ module RuboCop
         class NamePropertyIsRequired < Cop
           MSG = 'Resource properties marked as name properties should not also be required properties'.freeze
 
+          # match on a property or attribute that has any name and any type and a hash that
+          # contains name_property: true and required: true. These are wrapped in <> which means
+          # the order doesn't matter in the hash.
+          def_node_matcher :name_property_and_required?, <<-PATTERN
+            (send nil? {:property :attribute} (sym _) ... (hash <(pair (sym {:name_property :name_attribute}) (true)) $(pair (sym :required) (true) ) ...>))
+          PATTERN
+
           def on_send(node)
-            if required_property?(node) && property_is_name_property?(node)
+            name_property_and_required?(node) do
               add_offense(node, location: :expression, message: MSG, severity: :refactor)
             end
           end
-
-          private
-
-          def property_is_name_property?(node)
-            if %i(property attribute).include?(node.method_name)
-              node.arguments.each do |arg|
-                if arg.type == :hash
-                  return true if arg.source.match?(/name_(property|attribute):\s*true/)
-                end
-              end
-              false # no required: true found
-            end
-          end
-
-          def required_property?(node)
-            if %i(property attribute).include?(node.method_name)
-              node.arguments.each do |arg|
-                if arg.type == :hash
-                  return true if arg.source.match?(/required:\s*true/)
-                end
-              end
-              false # no default: found
-            end
-          end
         end
       end
     end

data/lib/rubocop/cop/chef/redundant/property_with_default_and_required.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright 2019, Chef Software Inc.
+# Copyright:: Copyright 2019-2020, Chef Software Inc.
 # Author:: Tim Smith (<tsmith@chef.io>)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,35 +32,29 @@ module RuboCop
         #   property :bob, String, required: true
         #
         class PropertyWithRequiredAndDefault < Cop
-          MSG = 'Resource property should not be both required and have a default value. This will fail on Chef Infra Client 13+'.freeze
+          include RangeHelp
 
-          def on_send(node)
-            if required_property?(node) && property_has_default?(node)
-              add_offense(node, location: :expression, message: MSG, severity: :refactor)
-            end
-          end
+          MSG = 'Resource properties should not be both required and have a default value. This will fail on Chef Infra Client 13+'.freeze
 
-          private
+          # match on a property or attribute that has any name and any type and a hash that
+          # contains default: true and required: true. These are wrapped in <> which means
+          # the order doesn't matter in the hash.
+          def_node_matcher :required_and_default?, <<-PATTERN
+            (send nil? {:property :attribute} (sym _) ... (hash <$(pair (sym :default) ...) (pair (sym :required) true) ...>))
+          PATTERN
 
-          def required_property?(node)
-            if node.method_name == :property
-              node.arguments.each do |arg|
-                if arg.type == :hash
-                  return true if arg.source.match?(/required:\s*true/)
-                end
-              end
-              false # no required: true found
+          def on_send(node)
+            required_and_default?(node) do
+              add_offense(node, location: :expression, message: MSG, severity: :refactor)
             end
           end
 
-          def property_has_default?(node)
-            if node.method_name == :property
-              node.arguments.each do |arg|
-                if arg.type == :hash
-                  return true if arg.source.match?(/default:/)
-                end
+          def autocorrect(node)
+            lambda do |corrector|
+              required_and_default?(node) do |default|
+                range = range_with_surrounding_comma(range_with_surrounding_space(range: default.loc.expression, side: :left), :left)
+                corrector.remove(range)
               end
-              false # no default: found
             end
           end
         end

data/lib/rubocop/cop/chef/style/true_false_resource_properties.rb

@@ -24,28 +24,39 @@ module RuboCop
         #
         #   # bad
         #   property :foo, [TrueClass, FalseClass]
+        #   attribute :foo, kind_of: [TrueClass, FalseClass]
         #
         #   # good
         #   property :foo, [true, false]
+        #   attribute :foo, kind_of: [true, false]
         #
         class TrueClassFalseClassResourceProperties < Cop
           MSG = "When setting the allowed types for a resource to accept either true or false values it's much simpler to use true and false instead of TrueClass and FalseClass.".freeze
 
+          def_node_matcher :trueclass_falseclass_array?, <<-PATTERN
+             (array (const nil? :TrueClass) (const nil? :FalseClass))
+          PATTERN
+
+          def_node_matcher :tf_in_kind_of_hash?, <<-PATTERN
+            (hash (pair (sym :kind_of) #trueclass_falseclass_array? ))
+          PATTERN
+
           def_node_matcher :trueclass_falseclass_property?, <<-PATTERN
-            (send nil? {:property :attribute} (sym _) $(array (const nil? :TrueClass) (const nil? :FalseClass)) ... )
+            (send nil? {:property :attribute} (sym _)
+
+            ${#tf_in_kind_of_hash? #trueclass_falseclass_array? } ... )
           PATTERN
 
           def on_send(node)
-            trueclass_falseclass_property?(node) do
-              add_offense(node, location: :expression, message: MSG, severity: :refactor)
+            trueclass_falseclass_property?(node) do |tf_match|
+              add_offense(tf_match, location: :expression, message: MSG, severity: :refactor)
             end
           end
 
           def autocorrect(node)
             lambda do |corrector|
-              trueclass_falseclass_property?(node) do |types|
-                corrector.replace(types.loc.expression, '[true, false]')
-              end
+              replacement_text = node.hash_type? ? 'kind_of: [true, false]' : '[true, false]'
+              corrector.replace(node.loc.expression, replacement_text)
             end
           end
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cookstyle
 version: !ruby/object:Gem::Version
-  version: 5.17.4
+  version: 5.18.4
 platform: ruby
 authors:
 - Thom May
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-20 00:00:00.000000000 Z
+date: 2020-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -129,6 +129,7 @@ files:
 - lib/rubocop/cop/chef/modernize/build_essential.rb
 - lib/rubocop/cop/chef/modernize/chef_14_resources.rb
 - lib/rubocop/cop/chef/modernize/chef_gem_nokogiri.rb
+- lib/rubocop/cop/chef/modernize/compile_time_resources.rb
 - lib/rubocop/cop/chef/modernize/cron_manage_resource.rb
 - lib/rubocop/cop/chef/modernize/default_action_initializer.rb
 - lib/rubocop/cop/chef/modernize/defines_chefspec_matchers.rb
@@ -139,6 +140,7 @@ files:
 - lib/rubocop/cop/chef/modernize/execute_apt_update.rb
 - lib/rubocop/cop/chef/modernize/execute_sc_exe.rb
 - lib/rubocop/cop/chef/modernize/execute_sleep.rb
+- lib/rubocop/cop/chef/modernize/execute_sysctl.rb
 - lib/rubocop/cop/chef/modernize/execute_tzutil.rb
 - lib/rubocop/cop/chef/modernize/foodcritic_comments.rb
 - lib/rubocop/cop/chef/modernize/if_provides_default_action.rb