ohai 14.0.29 → 14.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7df4dd6c34ba7a1c5bb097c52ae9e0ffb6a7ce4048d9b1a86c6aaaafa254f121
-  data.tar.gz: e00d3d6086d05d0cbb5148fca5a50feb4173a6fbea67308de815e922ba01b19a
+  metadata.gz: 7aaa80eca02eed6b1bf25be0dab653f121320347693d75453dd3591306050aca
+  data.tar.gz: 62b76f41b745726f29d6a13c8dd5159ee2cd45a3b4742fe5fa64745dc8825a31
 SHA512:
-  metadata.gz: 1cebf6a450da08fc94f2b2ef08b7935acbc4a0e0006d574324ad15282a503454ff5afaa4babd0cb6a959f81a046d06c151bfa0b1f7fdf58fe4b87439ea205090
-  data.tar.gz: 29b5fed44d109190a2f1cfcdd52965f8aef6a9d15c74fac2c6412773142041b8433fbbb491072d0a2b54cabeeaad040a60c757196df1655ca1c81fb7ddc3a69d
+  metadata.gz: 678928cc6387c5613a03c63b1df7c2639a96991c850485096c0162a138cf56285a69eb9c4f4e2fce9d8bab48c8feadef741e2e7cf53b84e4cc980f6a7286a4ee
+  data.tar.gz: 633ba5a734a9e497593276781c53fb802096d2f1164c64896b78837615fb4f8ca9d7363b59029c06b28bf36bf92a472a84a2742d3890bbf6a23d6ad80f0c7e37

data/Gemfile

@@ -17,10 +17,6 @@ group :ci do
   gem "rspec_junit_formatter"
 end
 
-group :changelog do
-  gem "github_changelog_generator", git: "https://github.com/chef/github-changelog-generator"
-end
-
 instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]
 
 # If you want to load debugging tools into the bundle exec sandbox,

data/lib/ohai/common/dmi.rb

@@ -72,10 +72,22 @@ module Ohai
         127 => "end_of_table_marker",
       }
 
-      # list of IDs to collect, otherwise we generate pages of hashes about cache chip size and whatnot
-      # See OHAI-260. When we can give the user a choice, this will be a default.
+      # list of IDs to collect from config or default to a sane list that prunes
+      # away some of the less useful IDs
       ID_TO_CAPTURE = [ 0, 1, 2, 3, 4, 6, 11 ]
 
+      # return the list of DMI IDs to capture
+      def whitelisted_ids
+        if Ohai.config[:additional_dmi_ids]
+          if [ Integer, Array ].include?(Ohai.config[:additional_dmi_ids].class)
+            return ID_TO_CAPTURE + Array(Ohai.config[:additional_dmi_ids])
+          else
+            Ohai::Log.warn("The DMI plugin additional_dmi_ids config must be an array of IDs!")
+          end
+        end
+        ID_TO_CAPTURE
+      end
+
       # look up DMI ID
       def id_lookup(id)
         id = id.to_i
@@ -85,7 +97,7 @@ module Ohai
           id = DMI::ID_TO_DESCRIPTION[id]
         else
           Ohai::Log.debug("unrecognized header id; falling back to 'unknown'")
-          id = "unknown"
+          id = "unknown_dmi_id_#{id}"
         end
       rescue
         Ohai::Log.debug("failed to look up id #{id}, returning unchanged")
@@ -122,7 +134,7 @@ module Ohai
         end
       end
 
-      module_function :id_lookup, :convenience_keys
+      module_function :id_lookup, :convenience_keys, :whitelisted_ids
     end
   end
 end

data/lib/ohai/plugins/dmi.rb

@@ -75,8 +75,7 @@ Ohai.plugin(:DMI) do
           dmi[:table_location] = table_location[1]
 
         elsif ( handle = handle_line.match(line) )
-          # Don't overcapture for now (OHAI-260)
-          unless Ohai::Common::DMI::ID_TO_CAPTURE.include?(handle[2].to_i)
+          unless Ohai::Common::DMI.whitelisted_ids.include?(handle[2].to_i)
             dmi_record = nil
             next
           end

data/lib/ohai/plugins/linux/fips.rb

@@ -28,11 +28,18 @@ Ohai.plugin(:Fips) do
   collect_data(:linux) do
     fips Mash.new
 
-    begin
-      enabled = File.read("/proc/sys/crypto/fips_enabled").chomp
-      fips["kernel"] = { "enabled" => enabled == "0" ? false : true }
-    rescue Errno::ENOENT
-      fips["kernel"] = { "enabled" => false }
+    # Check for new fips_mode method added in Ruby 2.5. After we drop support
+    # for Ruby 2.4, clean up everything after this and collapse the FIPS plugins.
+    require "openssl"
+    if defined?(OpenSSL.fips_mode) && !$FIPS_TEST_MODE
+      fips["kernel"] = { "enabled" => OpenSSL.fips_mode }
+    else
+      begin
+        enabled = File.read("/proc/sys/crypto/fips_enabled").chomp
+        fips["kernel"] = { "enabled" => enabled == "0" ? false : true }
+      rescue Errno::ENOENT
+        fips["kernel"] = { "enabled" => false }
+      end
     end
   end
 end

data/lib/ohai/plugins/scsi.rb

@@ -0,0 +1,52 @@
+#
+# Author:: Phil Dibowitz <phil@ipom.com>
+# Copyright:: Copyright (c) 2018 Facebook, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+Ohai.plugin(:Lsscsi) do
+  depends "platform"
+  provides "scsi"
+  optional true
+
+  require "mixlib/shellout"
+
+  collect_data(:linux) do
+    devices = Mash.new
+    lsscsi = shell_out("lsscsi")
+
+    lsscsi.stdout.each_line do |line|
+      line_bits = line.split
+      info = {}
+
+      # The first three fields are consistent...
+      info["scsi_addr"] = line_bits.shift[1..-2]
+      info["type"] = line_bits.shift
+      info["transport"] = line_bits.shift
+
+      # After that the last two are consistent...
+      info["device"] = line_bits.pop
+      info["revision"] = line_bits.pop
+
+      # What"s in the middle is the make and model...
+      # which could have arbitrary spaces
+      info["name"] = line_bits.join(" ")
+
+      devices[info["scsi_addr"]] = info
+    end
+
+    scsi devices
+  end
+end

data/lib/ohai/plugins/shard.rb

@@ -17,10 +17,8 @@
 #
 
 Ohai.plugin(:ShardSeed) do
-  require "digest/md5"
-  depends "hostname", "dmi", "machine_id", "machinename"
+  depends "hostname", "dmi", "machine_id", "machinename", "fips", "hardware", "kernel"
   provides "shard_seed"
-  optional true
 
   def get_dmi_property(dmi, thing)
     %w{system base_board chassis}.each do |section|
@@ -31,7 +29,33 @@ Ohai.plugin(:ShardSeed) do
   end
 
   def default_sources
-    [:machinename, :serial, :uuid]
+    case collect_os
+    when :linux, :darwin, :windows
+      [:machinename, :serial, :uuid]
+    else
+      [:machinename]
+    end
+  end
+
+  def default_digest_algorithm
+    if fips["kernel"]["enabled"]
+      # Even though it is being used safely, FIPS-mode will still blow up on
+      # any use of MD5 so default to SHA2 instead.
+      "sha256"
+    else
+      "md5"
+    end
+  end
+
+  def digest_algorithm
+    case Ohai.config[:plugin][:shard_seed][:digest_algorithm] || default_digest_algorithm
+    when "md5"
+      require "digest/md5"
+      Digest::MD5
+    when "sha256"
+      require "digest/sha2"
+      Digest::SHA256
+    end
   end
 
   # Common sources go here. Put sources that need to be different per-platform
@@ -53,7 +77,31 @@ Ohai.plugin(:ShardSeed) do
                 yield(src)
               end
     end
-    shard_seed Digest::MD5.hexdigest(data)[0...7].to_i(16)
+    shard_seed digest_algorithm.hexdigest(data)[0...7].to_i(16)
+  end
+
+  collect_data do
+    create_seed do |src|
+      raise "No such shard_seed source: #{src}"
+    end
+  end
+
+  collect_data(:windows) do
+    require "wmi-lite/wmi"
+    wmi = WmiLite::Wmi.new
+
+    create_seed do |src|
+      case src
+      when :serial
+        wmi.first_of("Win32_BIOS")["SerialNumber"]
+      when :os_serial
+        kernel["os_info"]["serial_number"]
+      when :uuid
+        wmi.first_of("Win32_ComputerSystemProduct")["UUID"]
+      else
+        raise "No such shard_seed source: #{src}"
+      end
+    end
   end
 
   collect_data(:darwin) do
@@ -63,6 +111,8 @@ Ohai.plugin(:ShardSeed) do
         hardware["serial_number"]
       when :uuid
         hardware["platform_UUID"]
+      else
+        raise "No such shard_seed source: #{src}"
       end
     end
   end

data/lib/ohai/plugins/solaris2/dmi.rb

@@ -129,7 +129,7 @@ Ohai.plugin(:DMI) do
           id = smb_to_id[header_information[3]]
 
           # Don't overcapture for now (OHAI-260)
-          unless Ohai::Common::DMI::ID_TO_CAPTURE.include?(id)
+          unless Ohai::Common::DMI.whitelisted_ids.include?(id)
             dmi_record = nil
             next
           end

data/lib/ohai/plugins/windows/fips.rb

@@ -26,25 +26,32 @@ Ohai.plugin(:Fips) do
   provides "fips"
 
   collect_data(:windows) do
-    require "win32/registry"
     fips Mash.new
 
-    # from http://msdn.microsoft.com/en-us/library/windows/desktop/aa384129(v=vs.85).aspx
-    if ::RbConfig::CONFIG["target_cpu"] == "i386"
-      reg_type = Win32::Registry::KEY_READ | 0x100
-    elsif ::RbConfig::CONFIG["target_cpu"] == "x86_64"
-      reg_type = Win32::Registry::KEY_READ | 0x200
+    # Check for new fips_mode method added in Ruby 2.5. After we drop support
+    # for Ruby 2.4, clean up everything after this and collapse the FIPS plugins.
+    require "openssl"
+    if defined?(OpenSSL.fips_mode) && !$FIPS_TEST_MODE
+      fips["kernel"] = { "enabled" => OpenSSL.fips_mode }
     else
-      reg_type = Win32::Registry::KEY_READ
-    end
+      require "win32/registry"
+      # from http://msdn.microsoft.com/en-us/library/windows/desktop/aa384129(v=vs.85).aspx
+      if ::RbConfig::CONFIG["target_cpu"] == "i386"
+        reg_type = Win32::Registry::KEY_READ | 0x100
+      elsif ::RbConfig::CONFIG["target_cpu"] == "x86_64"
+        reg_type = Win32::Registry::KEY_READ | 0x200
+      else
+        reg_type = Win32::Registry::KEY_READ
+      end
 
-    begin
-      Win32::Registry::HKEY_LOCAL_MACHINE.open('System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy', reg_type) do |policy|
-        enabled = policy["Enabled"]
-        fips["kernel"] = { "enabled" => enabled == 0 ? false : true }
+      begin
+        Win32::Registry::HKEY_LOCAL_MACHINE.open('System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy', reg_type) do |policy|
+          enabled = policy["Enabled"]
+          fips["kernel"] = { "enabled" => enabled == 0 ? false : true }
+        end
+      rescue Win32::Registry::Error
+        fips["kernel"] = { "enabled" => false }
       end
-    rescue Win32::Registry::Error
-      fips["kernel"] = { "enabled" => false }
     end
   end
 end

data/lib/ohai/version.rb

@@ -18,5 +18,5 @@
 
 module Ohai
   OHAI_ROOT = File.expand_path(File.dirname(__FILE__))
-  VERSION = "14.0.29"
+  VERSION = "14.1.0"
 end

data/spec/unit/plugins/dmi_spec.rb

@@ -101,15 +101,16 @@ Chassis Information
 EOS
 
 describe Ohai::System, "plugin dmi" do
+  let(:plugin) { get_plugin("dmi") }
+  let(:stdout) { DMI_OUT }
+
   before(:each) do
-    @plugin = get_plugin("dmi")
-    @stdout = DMI_OUT
-    allow(@plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, @stdout, ""))
+    allow(plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, stdout, ""))
   end
 
-  it "should run dmidecode" do
-    expect(@plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, @stdout, ""))
-    @plugin.run
+  it "runs dmidecode" do
+    expect(plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, stdout, ""))
+    plugin.run
   end
 
   # Test some simple sample data
@@ -128,21 +129,28 @@ describe Ohai::System, "plugin dmi" do
     },
   }.each do |id, data|
     data.each do |attribute, value|
-      it "should have [:dmi][:#{id}][:#{attribute}] set" do
-        @plugin.run
-        expect(@plugin[:dmi][id][attribute]).to eql(value)
+      it "attribute [:dmi][:#{id}][:#{attribute}] is set" do
+        plugin.run
+        expect(plugin[:dmi][id][attribute]).to eql(value)
       end
-      it "should have [:dmi][:#{id}][:#{attribute}] set for windows output" do
-        @stdout = convert_windows_output(DMI_OUT)
-        expect(@plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, @stdout, ""))
-        @plugin.run
-        expect(@plugin[:dmi][id][attribute]).to eql(value)
+      it "attribute [:dmi][:#{id}][:#{attribute}] set for windows output" do
+        stdout = convert_windows_output(DMI_OUT)
+        expect(plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, stdout, ""))
+        plugin.run
+        expect(plugin[:dmi][id][attribute]).to eql(value)
       end
     end
   end
 
-  it "should correctly ignore unwanted data" do
-    @plugin.run
-    expect(@plugin[:dmi][:base_board]).not_to have_key(:error_correction_type)
+  it "allows capturing additional DMI data" do
+    Ohai.config[:additional_dmi_ids] = [ 16 ]
+    plugin.run
+    expect(plugin[:dmi]).to have_key(:physical_memory_array)
+  end
+
+  it "correctly ignores data in excluded DMI IDs" do
+    expect(plugin).to receive(:shell_out).with("dmidecode").and_return(mock_shell_out(0, stdout, ""))
+    plugin.run
+    expect(plugin[:dmi]).not_to have_key(:physical_memory_array)
   end
 end

data/spec/unit/plugins/linux/fips_spec.rb

@@ -17,23 +17,38 @@
 #
 
 require_relative "../../../spec_helper.rb"
+require "openssl"
 
 describe Ohai::System, "plugin fips" do
   let(:enabled) { "0" }
   let(:plugin) { get_plugin("linux/fips") }
   let(:fips_path) { "/proc/sys/crypto/fips_enabled" }
+  let(:openssl_test_mode) { true }
+
+  subject do
+    plugin.run
+    plugin["fips"]["kernel"]["enabled"]
+  end
 
   before(:each) do
     allow(plugin).to receive(:collect_os).and_return(:linux)
     allow(::File).to receive(:read).with(fips_path).and_return(enabled)
   end
 
+  around do |ex|
+    begin
+      $FIPS_TEST_MODE = openssl_test_mode
+      ex.run
+    ensure
+      $FIPS_TEST_MODE = false
+    end
+  end
+
   context "fips file is present and contains 1" do
     let(:enabled) { "1" }
 
     it "sets fips plugin" do
-      plugin.run
-      expect(plugin["fips"]["kernel"]["enabled"]).to be(true)
+      expect(subject).to be(true)
     end
   end
 
@@ -41,8 +56,7 @@ describe Ohai::System, "plugin fips" do
     let(:enabled) { "0" }
 
     it "does not set fips plugin" do
-      plugin.run
-      expect(plugin["fips"]["kernel"]["enabled"]).to be(false)
+      expect(subject).to be(false)
     end
   end
 
@@ -52,8 +66,25 @@ describe Ohai::System, "plugin fips" do
     end
 
     it "does not set fips plugin" do
-      plugin.run
-      expect(plugin["fips"]["kernel"]["enabled"]).to be(false)
+      expect(subject).to be(false)
+    end
+  end
+
+  context "with Ruby 2.5 or newer", if: defined?(OpenSSL.fips_mode) do
+    let(:openssl_test_mode) { false }
+
+    context "with OpenSSL.fips_mode == false" do
+      before { allow(OpenSSL).to receive(:fips_mode).and_return(false) }
+      it "does not set fips plugin" do
+        expect(subject).to be(false)
+      end
+    end
+
+    context "with OpenSSL.fips_mode == true" do
+      before { allow(OpenSSL).to receive(:fips_mode).and_return(true) }
+      it "sets fips plugin" do
+        expect(subject).to be(true)
+      end
     end
   end
 end

data/spec/unit/plugins/scsi_spec.rb

@@ -0,0 +1,67 @@
+#
+# Author:: Phil Dibowitz <phil@ipom.com>
+# Copyright:: Copyright (c) 2018 Facebook, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../spec_helper.rb"
+
+describe Ohai::System, "lsscsi plugin" do
+  let(:plugin) { get_plugin("scsi") }
+  before(:each) do
+    allow(plugin).to receive(:collect_os).and_return(:linux)
+    @stdout = <<LSSCSI
+[5:0:0:0]    disk    ATA      Hitachi HUA72205 A3EA  /dev/sda
+[6:2:0:0]    disk    LSI      MR9286CV-8e      3.41  /dev/sdb
+[6:2:1:0]    disk    LSI      MR9286CV-8e      3.41  /dev/sdc
+[6:2:2:0]    disk    LSI      MR9286CV-8e      3.41  /dev/sdd
+[6:2:3:0]    disk    LSI      MR9286CV-8e      3.41  /dev/sde
+[6:2:4:0]    disk    LSI      MR9286CV-8e      3.41  /dev/sdf
+LSSCSI
+    allow(plugin).to receive(:shell_out).with("lsscsi").and_return(
+      mock_shell_out(0, @stdout, ""))
+    plugin.run
+  end
+
+  describe "when gathering data from lsscsi" do
+    it "lists all devices" do
+      expect(plugin[:scsi].keys).to eq(
+        ["5:0:0:0", "6:2:0:0", "6:2:1:0", "6:2:2:0", "6:2:3:0", "6:2:4:0"]
+      )
+    end
+
+    it "parses out type" do
+      expect(plugin[:scsi]["6:2:0:0"]["type"]).to eq("disk")
+    end
+
+    it "parses out transport" do
+      expect(plugin[:scsi]["5:0:0:0"]["transport"]).to eq("ATA")
+      expect(plugin[:scsi]["6:2:0:0"]["transport"]).to eq("LSI")
+    end
+
+    it "parses out device" do
+      expect(plugin[:scsi]["6:2:0:0"]["device"]).to eq("/dev/sdb")
+    end
+
+    it "parses out revision" do
+      expect(plugin[:scsi]["6:2:3:0"]["revision"]).to eq("3.41")
+    end
+
+    it "parses out name" do
+      expect(plugin[:scsi]["5:0:0:0"]["name"]).to eq("Hitachi HUA72205")
+      expect(plugin[:scsi]["6:2:4:0"]["name"]).to eq("MR9286CV-8e")
+    end
+  end
+end

data/spec/unit/plugins/shard_spec.rb

@@ -26,35 +26,93 @@ describe Ohai::System, "shard plugin" do
   let(:serial) { "234du3m4i498xdjr2" }
   let(:machine_id) { "0a1f869f457a4c8080ab19faf80af9cc" }
   let(:machinename) { "somehost004" }
+  let(:fips) { false }
+  let(:os) { :linux }
+
+  subject do
+    plugin.run
+    plugin[:shard_seed]
+  end
 
   before(:each) do
-    allow(plugin).to receive(:collect_os).and_return(:linux)
     plugin["machinename"] = machinename
     plugin["machine_id"] = machine_id
     plugin["fqdn"] = fqdn
     plugin["dmi"] = { "system" => {} }
     plugin["dmi"]["system"]["uuid"] = uuid
     plugin["dmi"]["system"]["serial_number"] = serial
-    allow(plugin).to receive(:collect_os).and_return(:linux)
+    plugin["fips"] = { "kernel" => { "enabled" => fips } }
+    allow(plugin).to receive(:collect_os).and_return(os)
   end
 
   it "should provide a shard with a default-safe set of sources" do
-    plugin.run
-    result = Digest::MD5.hexdigest(
-      "#{machinename}#{serial}#{uuid}"
-    )[0...7].to_i(16)
-    expect(plugin[:shard_seed]).to eq(result)
+    expect(subject).to eq(27767217)
   end
 
   it "should provide a shard with a configured source" do
     Ohai.config[:plugin][:shard_seed][:sources] = [:fqdn]
-    plugin.run
-    result = Digest::MD5.hexdigest(fqdn)[0...7].to_i(16)
-    expect(plugin[:shard_seed]).to eq(result)
+    expect(subject).to eq(203669792)
   end
 
   it "fails on an unrecognized source" do
     Ohai.config[:plugin][:shard_seed][:sources] = [:GreatGooglyMoogly]
-    expect { plugin.run }.to raise_error(RuntimeError)
+    expect { subject }.to raise_error(RuntimeError)
+  end
+
+  it "should provide a shard with a configured algorithm" do
+    Ohai.config[:plugin][:shard_seed][:digest_algorithm] = "sha256"
+    expect(Digest::MD5).to_not receive(:new)
+    expect(subject).to eq(117055036)
+  end
+
+  context "with Darwin OS" do
+    let(:os) { :darwin }
+    before do
+      plugin["hardware"] = { "serial_number" => serial, "platform_UUID" => uuid }
+    end
+
+    it "should provide a shard with a default-safe set of sources" do
+      expect(subject).to eq(27767217)
+    end
+  end
+
+  context "with Windows OS" do
+    let(:os) { :windows }
+    before do
+      wmi = double("WmiLite::Wmi")
+      allow(WmiLite::Wmi).to receive(:new).and_return(wmi)
+      allow(wmi).to receive(:first_of).with("Win32_BIOS").and_return("SerialNumber" => serial)
+      allow(wmi).to receive(:first_of).with("Win32_ComputerSystemProduct").and_return("UUID" => uuid)
+      plugin["kernel"] = { "os_info" => { "serial_number" => serial + "0" } }
+      plugin.data.delete("dmi") # To make sure we aren't using the wrong data.
+    end
+
+    it "should provide a shard with a default-safe set of sources" do
+      expect(subject).to eq(27767217)
+    end
+
+    it "should allow os_serial source" do
+      Ohai.config[:plugin][:shard_seed][:sources] = [:machinename, :os_serial, :uuid]
+      # Different from above.
+      expect(subject).to eq(178738102)
+    end
+  end
+
+  context "with a weird OS" do
+    let(:os) { :aix }
+
+    it "should provide a shard with a default-safe set of sources" do
+      # Note: this is different than the other defaults.
+      expect(subject).to eq(253499154)
+    end
+  end
+
+  context "with FIPS mode enabled" do
+    let(:fips) { true }
+
+    it "should use SHA2" do
+      expect(Digest::MD5).to_not receive(:hexdigest)
+      expect(subject).to eq(117055036)
+    end
   end
 end

data/spec/unit/plugins/windows/fips_spec.rb

@@ -17,25 +17,40 @@
 #
 
 require_relative "../../../spec_helper.rb"
+require "openssl"
 
 describe Ohai::System, "plugin fips", :windows_only do
   let(:enabled) { 0 }
   let(:plugin) { get_plugin("windows/fips") }
   let(:fips_key) { 'System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy' }
   let(:win_reg_entry) { { "Enabled" => enabled } }
+  let(:openssl_test_mode) { true }
+
+  subject do
+    plugin.run
+    plugin["fips"]["kernel"]["enabled"]
+  end
 
   before(:each) do
     allow(plugin).to receive(:collect_os).and_return(:windows)
     allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).with(fips_key, arch).and_yield(win_reg_entry)
   end
 
+  around do |ex|
+    begin
+      $FIPS_TEST_MODE = openssl_test_mode
+      ex.run
+    ensure
+      $FIPS_TEST_MODE = false
+    end
+  end
+
   shared_examples "fips_plugin" do
     context "fips enabled key is set to 1" do
       let(:enabled) { 1 }
 
       it "sets fips plugin" do
-        plugin.run
-        expect(plugin["fips"]["kernel"]["enabled"]).to be(true)
+        expect(subject).to be(true)
       end
     end
 
@@ -43,8 +58,7 @@ describe Ohai::System, "plugin fips", :windows_only do
       let(:enabled) { 0 }
 
       it "does not set fips plugin" do
-        plugin.run
-        expect(plugin["fips"]["kernel"]["enabled"]).to be(false)
+        expect(subject).to be(false)
       end
     end
 
@@ -54,8 +68,7 @@ describe Ohai::System, "plugin fips", :windows_only do
       end
 
       it "does not set fips plugin" do
-        plugin.run
-        expect(plugin["fips"]["kernel"]["enabled"]).to be(false)
+        expect(subject).to be(false)
       end
     end
   end
@@ -83,4 +96,22 @@ describe Ohai::System, "plugin fips", :windows_only do
 
     it_behaves_like "fips_plugin"
   end
+
+  context "with Ruby 2.5 or newer", if: defined?(OpenSSL.fips_mode) do
+    let(:openssl_test_mode) { false }
+
+    context "with OpenSSL.fips_mode == false" do
+      before { allow(OpenSSL).to receive(:fips_mode).and_return(false) }
+      it "does not set fips plugin" do
+        expect(subject).to be(false)
+      end
+    end
+
+    context "with OpenSSL.fips_mode == true" do
+      before { allow(OpenSSL).to receive(:fips_mode).and_return(true) }
+      it "sets fips plugin" do
+        expect(subject).to be(true)
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ohai
 version: !ruby/object:Gem::Version
-  version: 14.0.29
+  version: 14.1.0
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-26 00:00:00.000000000 Z
+date: 2018-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: systemu
@@ -315,6 +315,7 @@ files:
 - lib/ohai/plugins/rust.rb
 - lib/ohai/plugins/scala.rb
 - lib/ohai/plugins/scaleway.rb
+- lib/ohai/plugins/scsi.rb
 - lib/ohai/plugins/shard.rb
 - lib/ohai/plugins/shells.rb
 - lib/ohai/plugins/softlayer.rb
@@ -493,6 +494,7 @@ files:
 - spec/unit/plugins/rust_spec.rb
 - spec/unit/plugins/scala_spec.rb
 - spec/unit/plugins/scaleway_spec.rb
+- spec/unit/plugins/scsi_spec.rb
 - spec/unit/plugins/shard_spec.rb
 - spec/unit/plugins/shells_spec.rb
 - spec/unit/plugins/softlayer_spec.rb
@@ -542,7 +544,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.5
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Ohai profiles your system and emits JSON