Today we released the long awaited ChefDK 4.7 with a ton of updated tools, performance / package improvements, and security fixes. Give it a try!
Berkshelf has been updated from 7.0.8 to 7.0.9, which resolves errors when running
berks verify and when using the
Chef Infra Client
Chef Infra Client has been updated from 15.5 to 15.7 which includes improvements to the
yum_repository resources as well as the usual collection of bug fixes and bootstrap improvements.
Chef InSpec has been updated from 4.18.39 to 4.18.51 with the following improvements:
- Example groups can now use InSpec resources
- The user resource can now check the last login date on Windows
- Improved the fetchers to fail consistently
Cookstyle has been updated from 5.13 to 5.20 with 30 new cops, improvements to existing cops, a new TargetChefVersion config option, and expanded cop departments.
Cookstyle now includes a new top-level configuration option
TargetChefVersion. This new configuration option works similarly to RuboCop's
TargetRubyVersion config option and allows you to specify a Chef Infra version that you want to target in your Cookstyle analysis. This prevents Cookstyle from autocorrecting cookbook code in a way that would make your cookbook incompatible with your desired Chef Infra Client version. It also makes it easier to perform staged upgrades of the Chef Infra Client by allowing you to step the
TargetChefVersion one major version at a time.
Example .rubocop.yml config specifying a TargetChefVersion of 14.0:
AllCops: TargetChefVersion: 14.0
New ChefSharing and ChefRedundantCode Departments
Cookstyle now includes two new Chef cop departments with a large number of existing cops moved into these more appropriate departments. Our goal is to have clearly defined cop departments that can be enabled or disabled to detect particular conditions in your cookbooks. Cops in the new ChefSharing department are focused around sharing cookbooks internally or on the public Supermarket. This includes things like ensuring proper license strings and complete metadata. Cops in the ChefRedundantCode category detect and correct unnecessary cookbook code. Anything detected by ChefRedundantCode cops can be removed regardless of the Chef Infra Client release you run in your infrastructure, so these are always safe to run.
With the addition of these new departments, we've moved many cops out of the ChefCorrectness department. Going forward only cops that detect code that may fail a Chef Infra Client run or cause it to behave incorrectly will be included in this category. We hope that ChefCorrectness along with ChefDeprecations are used in most cookbook CI pipelines.
kitchen-azurerm has been updated from 0.14.9 to 0.15.1 with the following improvements:
- Enable the WinRM HTTP listener by default. Thanks @sean-nixon
- Allow overriding of the
subscription_idby setting the
- Add a new
nic_nameconfig. Thanks @libertymutual
- Support for creating VM with Azure KeyVault certificate. Thanks @javgallegos
kitchen-dokken has been updated to 2.8.1 which fixes a bug that prevented ENV vars from being passed into containers.
kitchen-google and knife-google
kitchen-google and knife-google plugins have been updated to allow the updated google-api-client SDK v0.35.
knife-ec2 has been updated from 1.0.17 to 1.0.28 with the following fixes:
- Resolved a missing credential error when using aws-profile.
- Mask AWS access keys data in any error or debug logs.
- Resolved ssh_gateway uninitialised error.
- Fixed invalid format of auto generated keypair file name.
- Raises an error if password length is less than 8 characters on Windows and will stop warning on passwords over 14 characters.
knife-tidy has been updated from 2.0.1 to 2.0.6 to resolve issues if an org was named
cookbooks and to improve error messages.
mixlib-install has been updated from 3.11.21 to 3.11.24 and will now properly identify Windows 2019 hosts.
The chef-vault gem has been updated to 4.0.1. This release includes bug fixes from @MarkGibbons and @jeremy-clerc as well as a new way to update existing keys to sparse-mode by running
knife vault update --keys_mode sparse thanks to @jeunito.
kitchen-ec2 has been updated to 3.3.0. This new version improves how we search for security groups by tags, improves the logic that detects usage of the chef Test Kitchen provisioner, and improves security group and spot instance logic. Thanks @slapvanilla and @bdwyertech for these enhancements.
We continue to optimize the size of the ChefDK package with this release taking up 12% less space on disk and containing 7,000 fewer files.
ChefDK packages are no longer produced for Windows 2008 R2 as this release reached its end of life on January 14th, 2020.
OpenSSL has been updated to 1.0.2u to resolve CVE-2019-1551
The embedded git client has been updated to 2.24.1 to resolve the following CVEs: