Cookstyle 5.5 released with 15 new Chef cops!

Hey everyone,

It's Friday which means we have a new Cookstyle release with a ton of great changes!

Chef Cops Broken Up Into Four Departments

The Chef cops have been broken up into four more grandular departments of cops. This makes it easier to pick and choose which cops to scan for, and makes disabling groups of cops simpler. Instead of just "Chef" we now have the following departments:

  • ChefDeprecations: Cops that detect (and in many cases correct) deprecations that will prevent cookbooks from running on modern versions of Chef Infra Client.
  • ChefStyle: Cops that help with the format and readability of your cookbooks.
  • ChefModernize: Cops that help you modernize your cookbooks to better use functionality introduced in new Chef Infra Client Releases.
  • ChefEffortless: Cops that help with the migration to the Effortless pattern. These are disabled by default.

You can run cookstyle with just a single department:

cookstyle --only ChefDeprecations

You can also exclude a specific group from the command line:

cookstyle --except ChefStyle

You can also add the following to your .rubocop.yml config to disable a specific department:

ChefStyle:
  Enabled: false

Chef Cop Documentation

Documentation for all Chef cops can now be found in the Cookstyle repos's docs directory

15 New Chef Cops

Chef/ResourceSetsInternalProperties

The ResourceSetsInternalProperties cop detects resources that set internal state properties used by built-in Chef Infra resources. These undocumented properties should not be set in a resource block and doing so will cause unexpected behavior when running Chef Infra Client.

Examples

Service resource setting the running property:

service 'foo' do
  running true
  action [:start, :enable]
end

Chef/ResourceSetsNameProperty

The ResourceSetsNameProperty cop detects a resource block with the name property set. The name property is a special property that is derived from the name of the resource block and should not be changed with the block. Changing the name within a resource block can cause issues with reporting and notifications. If you wish to give your resources a more friendly name, consider setting a name_property, which is available in all built-in Chef Infra resources. The name_property for each resource can be found in the resource reference documentation.

Examples

Service resource incorrectly setting the name property:

service 'Start the important service' do
  name 'foo'
  action [:start, :enable]
end

Service resource correctly setting the service_name name property:

service 'Start the important service' do
  service_name 'foo'
  action [:start, :enable]
end

Enabled by default: True

Autocorrects: No

Chef/ResourceWithNoneAction

The ResourceWithNoneAction cop detects the use of the :none action in a resource. The :none action is a common typo for the built-in :nothing action in all resources.

Examples

Service resource with the incorrect :none action:

service 'my_service' do
  action [:none]
end

Enabled by default: True

Autocorrects: Yes

Chef/ChocolateyPackageUninstallAction

The ChocolateyPackageUninstallAction cop detects a chocolatey_package resource that uses the :uninstall action. The uninstall action has been replaced with the :remove action and will error in Chef Infra Client 14+.

Examples

chocolatey_package incorrectly setting the :uninstall action:

chocolatey_package 'nginx' do
  action :uninstall
end

chocolatey_package correctly setting the :remove action:

chocolatey_package 'nginx' do
  action :remove
end

Enabled by default: True

Autocorrects: Yes

Chef/LaunchdDeprecatedHashProperty

The LaunchdDeprecatedHashProperty cop detects the use of the deprecated hash property in the launchd resource. The hash property was renamed to plist_hash in Chef Infra Client 13 and support for the hash name was removed in Chef Infra Client 14.

Examples

launchd with the deprecated hash property:

launchd 'foo' do
  hash foo: 'bar'
end

launchd with the correct plist_hash property:

launchd 'foo' do
  plist_hash foo: 'bar'
end

Enabled by default: True

Autocorrects: Yes

Chef/LocaleDeprecatedLcAllProperty

The LocaleDeprecatedLcAllProperty cop detects the use of the lc_all property in the locale resource. The lc_all property was deprecated in Chef Infra Client 15.0 and will be removed in the 16.0 release. Setting the LC_ALL variable is NOT recommended. As a system-wide setting, LANG should provide the desired behavior. LC_ALL is intended to be used for temporarily troubleshooting issues rather than an everyday system setting. Changing LC_ALL can break Chef’s parsing of command output in unexpected ways. Use one of the more specific LC_ properties as needed.

Examples

locale resource setting the lc_all property:

locale 'set locale' do
  lang 'en_gb.utf-8'
  lc_all 'en_gb.utf-8'
end

Enabled by default: True

Autocorrects: No

Chef/UserDeprecatedSupportsProperty

The UserDeprecatedSupportsProperty cop detects the usage of the deprecated supports property in the user resource.

Enabled by default: True

Autocorrects: No

Chef/PowershellScriptExpandArchive

The PowershellScriptExpandArchive op detects the usage of the powershell_script resource to run the Expand-Archive Cmdlet. The archive_file resource in Chef Infra Client 15.0 should be used instead.

Examples

powershell_script using Expand-Archive to setup a website:

powershell_script 'Expand website' do
  code 'Expand-Archive "C:\\file.zip" -DestinationPath "C:\\inetpub\\wwwroot\\mysite"'
  not_if { File.exist?("C:\\inetpub\\wwwroot\\mysite") }
end

The same archive handled by archive_file:

archive_file 'Expand website' do
  path 'C:\file.zip'
  destination 'C:\inetpub\wwwroot\mysite'
end

Enabled by default: True

Autocorrects: No

Chef/PowershellInstallPackage

The PowershellInstallPackage cop detects the usage of the powershell_script resource to run the Install-Package Cmdlet. The powershell_package resources should be used to install packages via the PowerShell Package Manager instead.

Installing Docker via powershell_script and Install-Package:

powershell_script 'Install Docker' do
  code 'Install-Package -Name docker'
  not_if { File.exist?("C:\\Program Files\\Docker") }
end

The same package installed with powershell_package:

powershell_package 'Install Docker' do
  package_name 'Docker'
end

Enabled by default: True

Autocorrects: No

Chef/PowershellInstallWindowsFeature

The PowershellInstallWindowsFeature cop detects the usage of the powershell_script resource to run the Install-WindowsFeature or Add-WindowsFeature Cmdlets. The windows_feature resource should be used to install Windows features.

Examples

powershell_script using Install-WindowsFeature to install a feature:

powershell_script 'Install Feature' do
  code 'Install-WindowsFeature -Name "Windows-Identity-Foundation"'
  not_if '(Get-WindowsFeature | where {$_.Name -eq "Windows-Identity-Foundation"}).IsInstalled -eq true'
end

The same feature install with windows_feature:

windows_feature 'Windows-Identity-Foundation' do
  action :install
  install_method :windows_feature_powershell
end

Enabled by default: True

Autocorrects: No

Chef/CookbookUsesNodeSave

The CookbookUsesNodeSave cop detects the usage of node.save within a cookbook. node.save is often used to ensure a run_list is saved, or so that other state information is immediately available for search by other nodes in your environment. The use of node.save can be incredibly problematic and should be avoided as a run failure will still result in the node data being saved to the Chef Infra Server. If search is used to put nodes into production state, this may result in non-functioning nodes being used.

Enabled by default: True

Autocorrects: No

Chef/SevenZipArchiveResource

The SevenZipArchiveResource cop detects the usage of the seven_zip_archive resource from the seven_zip community cookbook. The archive_file resource built into Chef Infra Client 15.0 should be used instead to avoid the need for extra cookbook dependencies.

Examples

Expanding a zip archive with seven_zip_archive:

seven_zip_archive 'seven_zip_source' do
  path      'C:\inetpub\wwwroot\mysite'
  source    'C:\file.zip'
end

The same archive handled by archive_file:

archive_file 'Expand website' do
  path 'C:\file.zip'
  destination 'C:\inetpub\wwwroot\mysite'
end

Enabled by default: True

Autocorrects: No

Chef/LibarchiveFile

The LibarchiveFile cop detects the usage of the libarchive_file resource from the libarchive community cookbook. The archive_file resource built into Chef Infra Client 15.0 is based on the libarchive_file resource and it should be used instead to avoid the need for extra cookbook dependencies.

Examples

Expanding a zip archive with libarchive_file:

libarchive_file 'seven_zip_source' do
  path 'C:\file.zip'
  destination 'C:\inetpub\wwwroot\mysite'
end

The same archive handled by archive_file:

archive_file 'Expand website' do
  path 'C:\file.zip'
  destination 'C:\inetpub\wwwroot\mysite'
end

Enabled by default: True

Autocorrects: No

Chef/ShellOutToChocolatey

The ShellOutToChocolatey cop detects the use of powershell_script or execute resources to shell out to Chocolatey's choco command line utility. Chef Infra Client ships with multiple chocolatey resources, which should be used instead to install packages, configure features, and setup sources:

Enabled by default: True

Autocorrects: No

Chef/UsesChefRESTHelpers

The UsesChefRESTHelpers cop detects the usage of the various Chef::REST helpers, which were removed in Chef Infra Client 13.0. For communicating with the Chef Infra Server directly, you may consider using the Chef::ServerAPI helpers instead.

Enabled by default: True

Autocorrects: No

Other fixes and changes

  • Chef/DefaultMetadataMaintainer now detects additional default maintainer and maintainer_email field values.
  • Chef/UsesDeprecatedMixins now inspects files in the resources directory in addition to the providers and libraries directories.

Enjoy,
Tim