knife 17.2.18 → 17.4.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dfdc3eb6fcda5623dfcc18f91ebb49ce954ad0601d07a2c8d4dfff3ef2a3ff09
-  data.tar.gz: 68dabbc229978345b7b1057a890ca6936d6209a3040a245d700071e76ecccc0d
+  metadata.gz: 70c4e18afa9b4762387d8a0a6c9c75bca9e1e42723a041147bea36c2efaae176
+  data.tar.gz: '00953cd3c86ab1e11eb9ddb9a8fdf8fffbae40705671090169411877fa72a069'
 SHA512:
-  metadata.gz: 19fabdab9e993be664662b6f7281ab8b81c65a75b2b7764a8945d48a31a301bd32e9abbda920b61fa7e764b5382ba6a97833827ad6e76f4049c57d768f231437
-  data.tar.gz: d865c45c0532429a8939ac61c6ca5af5f378719a9cc178d2ad6cfca40008e09188b7bf9f75a522ef149a532cd7a7886ed1c9cc7a21c54c3156673b645185a856
+  metadata.gz: f2d2130d599b56a3d43bbbbe5f64407dfc19aaec9df4ea87af2b835b950dda18ef1b9eb6cee28fae9ee05bafef8b6fe180219b36f1f7fbe5333b4efcd3236002
+  data.tar.gz: 0d500fcfd9e9aa0830d04bae3f9d4e3712ab52bf6fcd9b87c4f0e3bbb2149f8568d179c41656189b7614bdbdd91e8dbd5d14800c38771275466c5e3c9e0c78f0

data/knife.gemspec

@@ -30,6 +30,8 @@ Gem::Specification.new do |s|
   s.add_dependency "net-ssh-multi", "~> 1.2", ">= 1.2.1"
   s.add_dependency "ed25519", "~> 1.2" # ed25519 ssh key support
   s.add_dependency "bcrypt_pbkdf", "~> 1.1" # ed25519 ssh key support
+  # we can't use this gem until illegal instruction issues are resolved
+  # s.add_dependency "x25519" # ed25519 KEX module
   s.add_dependency "highline", ">= 1.6.9", "< 3" # Used in UI to present a list, no other usage.
 
   s.add_dependency "tty-prompt", "~> 0.21" # knife ui.ask prompt

data/lib/chef/knife/bootstrap.rb

@@ -20,6 +20,7 @@ require_relative "../knife"
 require_relative "data_bag_secret_options"
 require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require "license_acceptance/cli_flags/mixlib_cli"
+
 module LicenseAcceptance
   autoload :Acceptor, "license_acceptance/acceptor"
 end
@@ -705,6 +706,8 @@ class Chef
           ui.warn("#{e.message} - trying with pty request")
           conn_options[:pty] = true # ensure we can talk to systems with requiretty set true in sshd config
           retry
+        elsif e.reason == :sudo_missing_terminal
+          ui.error "Sudo password is required for this operation. Please enter password using -P or --ssh-password option"
         elsif config[:use_sudo_password] && (e.reason == :sudo_password_required || e.reason == :bad_sudo_password) && limit < 3
           ui.warn("Failed to authenticate #{conn_options[:user]} to #{server_name} - #{e.message} \n sudo: #{limit} incorrect password attempt")
           sudo_password = ui.ask("Enter sudo password for #{conn_options[:user]}@#{server_name}:", echo: false)

data/lib/chef/knife/bootstrap/train_connector.rb

@@ -240,7 +240,7 @@ class Chef
 
           # Now that everything is populated, fill in anything missing
           # that may be found in user ssh config
-          opts.merge!(missing_opts_from_ssh_config(opts, opts_in))
+          opts.merge!(missing_opts_from_ssh_config(opts))
 
           Train.target_config(opts)
         end
@@ -297,12 +297,12 @@ class Chef
         # in the configuration passed in.
         # This is necessary because train will default these values
         # itself - causing SSH config data to be ignored
-        def missing_opts_from_ssh_config(config, opts_in)
+        def missing_opts_from_ssh_config(config)
           return {} unless config[:backend] == "ssh"
 
           host_cfg = ssh_config_for_host(config[:host])
           opts_out = {}
-          opts_in.each do |key, _value|
+          host_cfg.each do |key, _value|
             if SSH_CONFIG_OVERRIDE_KEYS.include?(key) && !config.key?(key)
               opts_out[key] = host_cfg[key]
             end

data/lib/chef/knife/client_create.rb

@@ -81,6 +81,14 @@ class Chef
           client.public_key File.read(File.expand_path(config[:public_key]))
         end
 
+        # Check the file before creating the client so the api is more transactional.
+        if config[:file]
+          file = config[:file]
+          dir_name = File.dirname(file)
+          check_writable_or_exists(dir_name, "Directory")
+          check_writable_or_exists(file, "File")
+        end
+
         output = edit_hash(client)
         final_client = create_client(output)
         ui.info("Created #{final_client}")
@@ -96,6 +104,19 @@ class Chef
           end
         end
       end
+
+      # To check if file or directory exists or writable and raise exception accordingly
+      def check_writable_or_exists(file, type)
+        if File.exist?(file)
+          unless File.writable?(file)
+            ui.fatal "#{type} #{file} is not writable. Check permissions."
+            exit 1
+          end
+        else
+          ui.fatal "#{type} #{file} does not exist."
+          exit 1
+        end
+      end
     end
   end
 end

data/lib/chef/knife/core/bootstrap_context.rb

@@ -171,12 +171,12 @@ class Chef
             client_rb << "fips true\n"
           end
 
-          unless chef_config[:file_cache_path].nil?
-            client_rb << "file_cache_path \"#{chef_config[:file_cache_path]}\"\n"
+          unless chef_config[:unix_bootstrap_file_cache_path].nil?
+            client_rb << "file_cache_path \"#{chef_config[:unix_bootstrap_file_cache_path]}\"\n"
           end
 
-          unless chef_config[:file_backup_path].nil?
-            client_rb << "file_backup_path \"#{chef_config[:file_backup_path]}\"\n"
+          unless chef_config[:unix_bootstrap_file_backup_path].nil?
+            client_rb << "file_backup_path \"#{chef_config[:unix_bootstrap_file_backup_path]}\"\n"
           end
 
           client_rb

data/lib/chef/knife/core/windows_bootstrap_context.rb

@@ -71,8 +71,8 @@ class Chef
           client_rb = <<~CONFIG
             chef_server_url  "#{chef_config[:chef_server_url]}"
             validation_client_name "#{chef_config[:validation_client_name]}"
-            file_cache_path   "#{ChefConfig::PathHelper.escapepath(ChefConfig::Config.var_chef_dir(windows: true))}\\\\cache"
-            file_backup_path  "#{ChefConfig::PathHelper.escapepath(ChefConfig::Config.var_chef_dir(windows: true))}\\\\backup"
+            file_cache_path   "#{ChefConfig::PathHelper.escapepath(chef_config[:windows_bootstrap_file_cache_path] || "")}"
+            file_backup_path  "#{ChefConfig::PathHelper.escapepath(chef_config[:windows_bootstrap_file_backup_path] || "")}"
             cache_options     ({:path => "#{ChefConfig::PathHelper.escapepath(ChefConfig::Config.etc_chef_dir(windows: true))}\\\\cache\\\\checksums", :skip_expires => true})
           CONFIG
 
@@ -86,8 +86,8 @@ class Chef
             client_rb << "# Using default node name (fqdn)\n"
           end
 
-          if config[:config_log_level]
-            client_rb << %Q{log_level :#{config[:config_log_level]}\n}
+          if chef_config[:config_log_level]
+            client_rb << %Q{log_level :#{chef_config[:config_log_level]}\n}
           else
             client_rb << "log_level        :auto\n"
           end

data/lib/chef/knife/ssh.rb

@@ -134,6 +134,18 @@ class Chef
         boolean: true,
         default: false
 
+      option :pty,
+        long: "--[no-]pty",
+        description: "Request a PTY, enabled by default.",
+        boolean: true,
+        default: true
+
+      option :require_pty,
+        long: "--[no-]require-pty",
+        description: "Raise exception if a PTY cannot be acquired, disabled by default.",
+        boolean: true,
+        default: false
+
       def session
         ssh_error_handler = Proc.new do |server|
           if config[:on_error]
@@ -353,26 +365,26 @@ class Chef
         ui.msg(str)
       end
 
-      def ssh_command(command, subsession = nil)
+      # @param command [String] the command to run
+      # @param session_list [???] list of sessions, one per node
+      #
+      def ssh_command(command, session_list = session)
+        stderr = ""
         exit_status = 0
-        subsession ||= session
         command = fixup_sudo(command)
         command.force_encoding("binary") if command.respond_to?(:force_encoding)
-        begin
-          open_session(subsession, command)
-        rescue => e
-          open_session(subsession, command, true)
-        end
-      end
-
-      def open_session(subsession, command, pty = false)
-        stderr = ""
-        exit_status = 0
-        subsession.open_channel do |chan|
+        session_list.open_channel do |chan|
           if config[:on_error] && exit_status != 0
             chan.close
           else
-            chan.request_pty if pty
+            if config[:pty]
+              chan.request_pty do |ch, success|
+                unless success
+                  ui.warn("Failed to obtain a PTY from #{ch.connection.host}")
+                  raise ArgumentError, "Request for PTY failed" if config[:require_pty]
+                end
+              end
+            end
             chan.exec command do |ch, success|
               raise ArgumentError, "Cannot execute #{command}" unless success
 
@@ -383,13 +395,11 @@ class Chef
                   ichannel.send_data("#{get_password}\n")
                 end
               end
-
               ch.on_extended_data do |_, _type, data|
-                raise ArgumentError if data.eql?("sudo: no tty present and no askpass program specified\n")
+                raise ArgumentError, "No PTY present. If a PTY is required use --require-pty" if data.eql?("sudo: no tty present and no askpass program specified\n")
 
                 stderr += data
               end
-
               ch.on_request "exit-status" do |ichannel, data|
                 exit_status = [exit_status, data.read_long].max
               end
@@ -398,6 +408,8 @@ class Chef
         end
         session.loop
         exit_status
+      ensure
+        session_list.close
       end
 
       def get_password

data/lib/chef/knife/supermarket_unshare.rb

@@ -50,7 +50,8 @@ class Chef
         rescue Net::HTTPClientException => e
           raise e unless /Forbidden/.match?(e.message)
 
-          ui.error "Forbidden: You must be the maintainer of #{@cookbook_name} to unshare it."
+          ui.error "Forbidden: You must be the maintainer of #{@cookbook_name} to unshare it & #{config[:supermarket_site]} must allow maintainers to unshare cookbooks."
+          ui.warn "The default supermarket #{default_config[:supermarket_site]} does not allow maintainers to unshare cookbooks."
           exit 1
         end
 

data/lib/chef/knife/version.rb

@@ -17,7 +17,7 @@
 class Chef
   class Knife
     KNIFE_ROOT = File.expand_path("../..", __dir__)
-    VERSION = "17.2.18".freeze
+    VERSION = "17.4.18".freeze
   end
 end
 

data/spec/integration/client_create_spec.rb

@@ -50,6 +50,7 @@ describe "knife client create", :workstation do
 
     it "saves the private key to a file" do
       Dir.mktmpdir do |tgt|
+        File.open("#{tgt}/bah.pem", "w") { |pub| pub.write("test key") }
         knife("client create -f #{tgt}/bah.pem bah").should_succeed stderr: out
         expect(File).to exist("#{tgt}/bah.pem")
       end

data/spec/integration/commands_spec.rb

@@ -0,0 +1,55 @@
+#
+# Author:: Marc Pardise (<marc@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "chef/knife"
+
+Chef::Knife.subcommand_loader.load_commands
+commands = Chef::Knife::SubcommandLoader.generate_hash["_autogenerated_command_paths"]["plugins_paths"].keys
+
+# Directly execute each support knife command
+context "Command Sanity Check: executing ", :workstation do
+  describe "bundle exec knife" do
+    commands.each do |command|
+      command_name = command.gsub("_", " ")
+      modified_command, expected_result = case command_name
+                                          when /knife/
+                                            # because rspec is the actual executable running, the option parser error message
+                                            # is invalid from within the test.
+                                            next
+                                          when /config (use|get|list) profile.*/
+                                            # hyphenated special cases
+                                            [command_name, /^USAGE: knife config #{$1}-profile.*/]
+                                          when /(role|node|env) (env )?run list(.*)/
+                                            # underscored special cases...
+                                            env_part = $2.nil? ? "" : "env_"
+                                            ["#{$1} #{$2}run_list#{$3}", /^USAGE: knife #{$1} #{env_part}run_list#{$3}.*/]
+                                          else
+                                            [ command_name, /^USAGE: knife #{command_name}.*/]
+                                          end
+
+      # By using bundle exec knife instead of directly loading the command class or using the knife() helper,
+      # we ensure that this is a valid end-to-end test.  This operates on the assumption
+      # that we continue to require the command class to be fully loaded so that it can handle the parsing of
+      # its own options.
+      full_command = "#{modified_command} --invalid-option outputs usage for '#{modified_command}' to stdout"
+      it full_command do
+        result = `bundle exec knife #{full_command}`
+        expect(result).to match(expected_result)
+      end
+    end
+  end
+end

data/spec/integration/cookbook_download_spec.rb

@@ -66,7 +66,7 @@ describe "knife cookbook download", :workstation do
         Downloading root_files
         Cookbook downloaded to #{tmpdir}/x-1.0.1
       EOM
-                                                                            )
+      )
     end
   end
 end

data/spec/unit/knife/bootstrap_spec.rb

@@ -1307,7 +1307,7 @@ describe Chef::Knife::Bootstrap do
       context "when no identity file is specified" do
         it "generates the expected configuration (no keys, keys_only false)" do
           expect(knife.ssh_identity_opts).to eq( {
-            key_files: [ ],
+            key_files: [],
             keys_only: false,
           })
         end
@@ -2050,6 +2050,19 @@ describe Chef::Knife::Bootstrap do
         expect { knife.do_connect({}) }.to raise_error(expected_error)
       end
     end
+
+    context "when a train sudo error is thrown for missing terminal" do
+      let(:ui_error_msg) { "Sudo password is required for this operation. Please enter password using -P or --ssh-password option" }
+      let(:expected_error) { Train::UserError.new(ui_error_msg, :sudo_missing_terminal) }
+      before do
+        allow(connection).to receive(:connect!).and_raise(expected_error)
+      end
+      it "outputs user friendly error message" do
+        expect { knife.do_connect({}) }.not_to raise_error
+        expect(stderr.string).to include(ui_error_msg)
+      end
+    end
+
   end
 
   describe "validate_winrm_transport_opts!" do

data/spec/unit/knife/client_create_spec.rb

@@ -122,10 +122,12 @@ describe Chef::Knife::ClientCreate do
         end
 
         it "should write the private key to a file" do
-          knife.config[:file] = "/tmp/monkeypants"
+          file = Tempfile.new
+          file_path = file.path
+          knife.config[:file] = file_path
           filehandle = double("Filehandle")
           expect(filehandle).to receive(:print).with("woot")
-          expect(File).to receive(:open).with("/tmp/monkeypants", "w").and_yield(filehandle)
+          expect(File).to receive(:open).with(file_path, "w").and_yield(filehandle)
           knife.run
         end
       end
@@ -164,6 +166,39 @@ describe Chef::Knife::ClientCreate do
           expect(client.validator).to be_truthy
         end
       end
+
+      describe "with -f or --file when dir or file is not writable or does not exists" do
+        let(:dir_path) { File.expand_path(File.join(CHEF_SPEC_DATA, "knife", "temp_dir")) }
+        let(:file_path) { File.expand_path(File.join(dir_path, "tmp.pem")) }
+
+        it "when the directory does not exists" do
+          knife.config[:file] = "example/client1.pem"
+          expect(knife.ui).to receive(:fatal).with("Directory example does not exist.")
+          expect { knife.run }.to raise_error(SystemExit)
+        end
+
+        it "when the directory not writable" do
+          knife.config[:file] = file_path
+          File.chmod(777, dir_path)
+          expect(knife.ui).to receive(:fatal).with("Directory #{dir_path} is not writable. Check permissions.")
+          expect { knife.run }.to raise_error(SystemExit)
+        end
+
+        it "when the file does not exists" do
+          path = "#{dir_path}/client1.pem"
+          knife.config[:file] = path
+          File.chmod(0755, dir_path)
+          expect(knife.ui).to receive(:fatal).with("File #{path} does not exist.")
+          expect { knife.run }.to raise_error(SystemExit)
+        end
+
+        it "when the file is not writable" do
+          knife.config[:file] = file_path
+          File.chmod(777, file_path)
+          expect(knife.ui).to receive(:fatal).with("File #{file_path} is not writable. Check permissions.")
+          expect { knife.run }.to raise_error(SystemExit)
+        end
+      end
     end
   end
 end

data/spec/unit/knife/core/bootstrap_context_spec.rb

@@ -80,16 +80,16 @@ describe Chef::Knife::Core::BootstrapContext do
     end
   end
 
-  describe "when file_cache_path is set" do
-    let(:chef_config) { { file_cache_path: "/home/opscode/cache" } }
-    it "sets file_cache_path in the generated config file" do
+  describe "when unix_bootstrap_file_cache_path is set" do
+    let(:chef_config) { { unix_bootstrap_file_cache_path: "/home/opscode/cache" } }
+    it "sets unix_bootstrap_file_cache_path in the generated config file" do
       expect(bootstrap_context.config_content).to include("file_cache_path \"/home/opscode/cache\"")
     end
   end
 
-  describe "when file_backup_path is set" do
-    let(:chef_config) { { file_backup_path: "/home/opscode/backup" } }
-    it "sets file_backup_path in the generated config file" do
+  describe "when unix_bootstrap_file_backup_path is set" do
+    let(:chef_config) { { unix_bootstrap_file_backup_path: "/home/opscode/backup" } }
+    it "sets unix_bootstrap_file_backup_path in the generated config file" do
       expect(bootstrap_context.config_content).to include("file_backup_path \"/home/opscode/backup\"")
     end
   end

data/spec/unit/knife/core/windows_bootstrap_context_spec.rb

@@ -154,8 +154,8 @@ describe Chef::Knife::Core::WindowsBootstrapContext do
           config_log_location: STDOUT,
           chef_server_url: "http://chef.example.com:4444",
           validation_client_name: "chef-validator-testing",
-          file_cache_path: "c:/chef/cache",
-          file_backup_path: "c:/chef/backup",
+          windows_bootstrap_file_cache_path: "c:/chef/cache",
+          windows_bootstrap_file_backup_path: "c:/chef/backup",
           cache_options: ({ path: "c:/chef/cache/checksums", skip_expires: true })
         )
       )
@@ -165,11 +165,11 @@ describe Chef::Knife::Core::WindowsBootstrapContext do
       expected = <<~EXPECTED
         echo.chef_server_url  "http://chef.example.com:4444"
         echo.validation_client_name "chef-validator-testing"
-        echo.file_cache_path   "C:\\\\chef\\\\cache"
-        echo.file_backup_path  "C:\\\\chef\\\\backup"
+        echo.file_cache_path   "c:/chef/cache"
+        echo.file_backup_path  "c:/chef/backup"
         echo.cache_options     ^({:path =^> "C:\\\\chef\\\\cache\\\\checksums", :skip_expires =^> true}^)
         echo.# Using default node name ^(fqdn^)
-        echo.log_level        :auto
+        echo.log_level :info
         echo.log_location       STDOUT
       EXPECTED
       expect(bootstrap_context.config_content).to eq expected

data/spec/unit/knife/ssh_spec.rb

@@ -289,7 +289,7 @@ describe Chef::Knife::Ssh do
     let(:execution_channel2) { double(:execution_channel, on_data: nil, on_extended_data: nil) }
     let(:session_channel2) { double(:session_channel, request_pty: nil) }
 
-    let(:session) { double(:session, loop: nil) }
+    let(:session) { double(:session, loop: nil, close: nil) }
 
     let(:command) { "false" }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: knife
 version: !ruby/object:Gem::Version
-  version: 17.2.18
+  version: 17.4.18
 platform: ruby
 authors:
 - Adam Jacob
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-02 00:00:00.000000000 Z
+date: 2021-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -751,6 +751,7 @@ files:
 - spec/data/kitchen/openldap/recipes/woot.rb
 - spec/data/knife-home/.chef/plugins/knife/example_home_subcommand.rb
 - spec/data/knife-site-subcommands/plugins/knife/example_subcommand.rb
+- spec/data/knife/temp_dir/tmp.pem
 - spec/data/knife_subcommand/test_explicit_category.rb
 - spec/data/knife_subcommand/test_name_mapping.rb
 - spec/data/knife_subcommand/test_yourself.rb
@@ -950,6 +951,7 @@ files:
 - spec/integration/client_key_show_spec.rb
 - spec/integration/client_list_spec.rb
 - spec/integration/client_show_spec.rb
+- spec/integration/commands_spec.rb
 - spec/integration/common_options_spec.rb
 - spec/integration/config_list_spec.rb
 - spec/integration/config_show_spec.rb
@@ -1148,7 +1150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: The knife CLI for Chef Infra.