We are delighted to announce the availability of version 16.15.22 of Chef Infra Client.
Bug Fixes
- Removed ERROR logs when retrying failed communication with the Chef Infra Server.
- Several Ruby failures on Windows have been resolved.
- The
cookbook_namevariable is now available in templates as expected. - YAML recipes can now end in
.yamland.yml. - The data collector for sending data to Chef Automate now respects attribute
allowlistanddenylistconfigurations. - An edge condition in the deprecations system could cause failures running Chef Infra Client.
- Chef Vault has been updated to allow storing key data.
Chef InSpec 4.41.20
Chef InSpec has been updated from 4.38.9 to 4.41.20 with the following improvements:
- New Open Policy Agent resources
opa_cliandopa_api. - New
mongodb_sessionresource. - The
mssql_sessionresource now allows named connections by no longer forcing a port. - The PostgreSQL resources (
postgres_session,postgres_conf,postgres_hba_conf, andpostgres_ident_conf) now work with Windows. - Fixed a bug where the year in an expiration date was misinterpreted in waiver files.
- Added support for Alibaba Cloud Linux 3 to the Chef InSpec
serviceresource. - Replaced the WMI command-line (WMIC) utility in the Chef InSpec
security_identifierresource with Common Information Model (CIM) cmdlets as the WMIC utility will be deprecated soon. - Fixed range-based filtering in filter tables.
- Fixed an issue in the Chef InSpec
apache_confresource when the ServerRoot is not specified in the Apache configuration file. - Fixed an error in the Chef InSpec
postgres_sessionresource where the resource was unable to connect to a database. - Fixed an error in the Chef InSpec
apache_confresource where it would overwrite any Apache configurations from the main Apache configuration file with configurations from any included configuration files. - Fixed an error where the Chef InSpec
security_policyresource returned a comma-separated string of local groups (rather than SIDs) instead of an array. - Updated the Git fetcher to handle profiles with a default Git branch that is not
master.
Resource Updates
archive_file
We improved the archive_file resource has by upgrading the libarchive library it uses, which includes the following improvements:
- Support for PWB and v7 binary CPIO formats.
- Support for the deflate algorithm in symbolic link decompression with zip files.
- Various bug fixes when working with CAB, ZIP, 7zip, and RAR files.
chef_client_config
Updated the chef_client_config resource to properly format the client.rb config when the user sets the ohai_optional_plugins or ohai_disabled_plugins properties. Thanks for reporting this issue @caneylan.
homebrew_cask
The homebrew_cask resource now supports Homebrew Casks with '-' or '@' in their name. Thanks for this fix @byplayer! The resource also now passes the homebrew_path when creating or deleting taps. This change prevents failures when running Homebrew in a non-standard location or on an M1 system. Thanks for this fix @mattlqx!
mount
The mount resource no longer strips trailing / values when the mount point is just /. Thanks for this fix @jiokmiso!
powershell_package
Updated the powershell_package resource to allow passing an array of install options via the options property. Thanks for reporting this issue @kimbernator
rhsm_subscription
The rhsm_subscription resource now flushes all DNF or YUM caches after adding a new subscription so that subsequent package installs can use packages from the subscription. Thanks for fixing this @jasonwbarnett!
systemd_unit
The systemd_unit resource now generates valid unit files when passing a hash of data. Thanks for reporting this issue @gregkare
ulimit
The ulimit resource now supports setting sensitive true to prevent logging ulimit data as it is written to disk.
windows_security_policy
The windows_security_policy resource has been refactored to improve reliability and now supports setting AuditPolicyChange and LockoutDuration.
windows_uac
The windows_uac resource now sets the proper registry key value when using the consent_behavior_users property. Thanks for reporting this @ahembree!
windows_user_privilege
The windows_user_privilege resource no longer fails with an error stating that the privilege property needs to be set, even if it is set.
Security
OpenSSL 1.0.2za
OpenSSL has been updated from 1.0.2y to 1.0.2za on non-macOS systems to resolve CVE-2021-3712.
OpenSSL 1.1.1l
OpenSSL has been updated from 1.1.1k to 1.1.1l on macOS systems to resolve the following CVEs:
libarchive 3.5.2
Updated the libarchive library that powers the archive_file resource from 3.5.1 to 3.5.2 to resolve security vulnerabilities in libarchive's handling of symbolic links.
Package Improvements
Intel macOS Monterey Packages
We now produce Chef Infra Client packages for Apple's macOS Monterey preview release on Intel architecture in addition to M1 architecture.
Deprecations
Policyfile Compatibility Mode
The Chef Infra Server 11 era Policyfile Compatibility Mode is now deprecated. Users should upgrade to a newer release of Chef Infra Server 12+ that supports Policyfiles natively. With Chef Infra Server upgraded, you can remove policy_document_native_api from the client.rb config file or set it to true.
Attribute Whitelists
We deprecated the attribute whitelist feature in favor of attribute allowlists. Users will need to update whitelist configurations in their client.rb configuration file to be allowlist configurations.
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:
$ mixlib-install download chef -v 16.15.22
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 16.15.22
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 16.15.22
If you want to give this version a spin in Test Kitchen, create or add the following to your file:
provisioner:
product_name: chef
product_version: 16.15.22