The Chef server relies on the client retrying in the case of 502 and 504s to ensure reliability. By default, the Chef::REST class handles these retries; however, they are disabled during cookbook uploading to work around poor API responses. This reimplements retries for 502s and 504s while leaving the current no-retry behavior for other errors.
Many files/classes depend on Chef::Platform just to use the `windows?` method. The part of Chef::Platform that maps providers to platforms has very heavy dependencies (which may trigger circular deps when loading some files) which are not needed for most users of Chef::Platform.
* Add an option to configure the version used when encrypting data bag items. This allows users to opt-in to newer encrypted data bag formats while the default remains compatible with earlier chef versions. * Add an option to set a minimum valid encrypted data bag item format. This is useful on the client so that, for example, a MITM attacker cannot downgrade a v2 EDBI to v1.
Authenticated encryption data bag items will be version 2 of the encrypted data bag item format instead of tacked on to the version 1 format. Authenticated encryption via OpenSSL cipher was considered, but older openssl versions do not have, e.g., aes-256-gcm, so we are implementing encrypt-then-mac with hmac-sha256 on top of existing aes cipher. Code passes tests but is not yet exposed in configuration. TODO: * Allow user to set desired version for encrypt. * Allow user to set minimum required version for decrypt. Without this change, a MITM could simply change the format version to 1 to bypass the hmac.
In Ci, we occasionally see test failures when decryption with an incorrect key does not raise an error, but instead returns garbage. This fixes that issue by adding an HMAC-SHA2-256 of the encrypted data to the version 1 format. For backwards compatibility, decryption will continue if the hmac is missing; therefore, this does not increase the security of encrypted data bag items.
Module.const_defined?() needs to be given an optional second argument to disable constant lookups on ancestor classes. Otherwise LWRP creation may attempt to remove a constant that does not exist.
Use a class (@@var) instead of class instance variable to track subclasses of Chef::Resource. This ensures that subclasses of subclasses will be added to the list.
…environment. Currently, Shef in client-mode will not properly process attributes set in roles or environments since we assume an empty runlist and the _default environment when building the node.