Release notes: Chef Workstation 0.18.3

New features

Kitchen OpenStack

Chef Workstation now ships with Kitchen OpenStack so you can test your Chef Infra cookbooks using instances in OpenStack clouds. See the Kitchen Openstack GitHub repo for usage information. Thanks @ramereth for all the work getting this driver ready to ship in Workstation.

Ubuntu 20.04 Packages

Chef Workstation packages are now created for Ubuntu 20.04! See the Workstation Downloads Page for a complete list of platforms we produce packages for.

Updated Components

Chef Infra Client 15.10

Chef Infra Client has been updated from 15.8 to 15.10 which includes improvements to resources, additional cookbook helpers, and critical bug fixes for bootstrapping nodes using knife bootstrap and SSHing to nodes with ed25519 keys from Windows hosts. For a complete list of changes, see the Chef Infra Client 15.10 release notes

Cookstyle 6.3

Cookstyle has been updated from 5.22 to 6.3. This new release includes an updated RuboCop engine which includes a large number of autocorrection improvements and bug fixes, plus compatibility with Ruby 2.7. Cookstyle also ships with a large number of autocorrection improvements and 18 new Chef Infra cops. Included in the new cops are cops to get your cookbooks ready for Chef Infra Client 16.

Note: The updated RuboCop engine has renamed many of the out-of-the-box Ruby cops which may require updating cop names in your .rubocop.yml config. Additionally, this release will now fail Cookstyle runs if any of the ChefDeprecations department cops that shipped at the time of Cookstyle 5.22 alert. Any new cops we add will be added at the warning level until Cookstyle 7.0 ships. This gives you time to update your cookbooks using the latest Cookstyle releases without immediately failing CI builds.

Fauxhai 8.1

Fauxhai has been updated from 7.6 to 8.1. Fauxhai is the engine that provides ChefSpec with mocked Ohai data, allowing you to writes ChefSpecs for multiple platforms. This release updates all of the mocked Ohai data to be generated with Chef Infra Client 16. It also updates the list of platforms that are included in the mocked data. We've added new platforms and removed deprecated platforms that have generated warnings for the last year. To avoid deprecation warnings in your ChefSpecs in the future, you can avoid specifying the minor versions of releases and instead let ChefSpec choose the latest platform for you. For example, instead of specifying platform: 'centos', version: '7.7.1908' you can instead set platform: 'centos' or platform: 'centos', version: '7'.

New Platforms

• Ubuntu 20.04
• openSUSE 15.1
• Raspbian 10
• Fedora 31
• Redhat 7.7
• CentOS 7.7.1908

Removed Platforms

• Raspbian 8.0
• Debian 9.2 / 9.3 / 9.4 / 9.5 / 9.6
• Fedora 26/27/28
• FreeBSD 10.4
• macOS 10.11 / 10.12
• openSUSE 42.2 / 42.3
• CentOS 6.8 / 7.3.1611 / 7.4.1708
• Debian 7.11
• FreeBSD 10.4
• Oracle Linux 6.8 / 7.3 / 7.4
• Redhat 6.8 / 7.3
• SUSE 11.4 / 12.1 / 12.2
• Ubuntu 17.10

Chef InSpec 4.18.111

Chef InSpec has been updated from 4.18.100 to 4.18.108. This update includes the following fixes and improvements:

• Resolved a regression that prevented the service resource from working correctly on Windows. Thanks @Axuba
• Implemented VMware and Hyper-V detection on Linux systems
• Implemented VMware, Hyper-V, Virtualbox, KVM and Xen detection on Windows systems
• Added helpers virtual_system? and physical_system?. Thanks @tecracer-theinen

Chef CLI

The Chef CLI has been updated from 2.0 to 2.0.10. This fixes chef update to properly add cookbooks from include_policies to the PolicyFile lockfile. This release also supports new Chef Infra 16 YAML recipes in the chef install command.

Test Kitchen

Test Kitchen itself has been updated to from 2.4.0 to 2.5.0. This release includes support for Ohai plugins stored in the ohai directory of cookbooks and also resolves failures using the PowerShell provisioner. Thanks @SAPDanJoe and @alanghartJC for these improvements.

Kitchen AzureRM

The Kitchen AzureRM driver was updated from 0.15.1 to 1.0. This release fixes several failures from running the Kitchen Azurerm driver. It also includes support for Azure Marketplace plans and Managed Service Identity (MSI). Thanks @jasonwbarnett, @zanecodes, @albertvaka, and @KSerrania for these improvements.

Kitchen Hyper-V

The Kitchen Hyper-V driver has been updated from 0.5.3 to 0.5.4 which resolves failures from getting the default VM Switch if there were spaces in the name. Thanks @kdoores for this improvement.

Kitchen DigitalOcean

The Kitchen DigitalOcean driver has been updated from 0.10.5 to 0.10.6. This release adds slugs for RHEL 8 / Fedora 31 support and updates the default instance memory size to 1GB. Thanks @zmaupin and @tolland for these improvements.

Kitchen EC2

The Kitchen EC2 driver has been updated from 3.3 to 3.5. This release lets the driver cleanly exit if the test instance was destroyed outside of the Test Kitchen run, either by automation or in the console. Test Kitchen will also now select the subnet with the most available IPs to better distribute systems across multiple Availability Zones. Thanks @bdwyertech and @kamaradclimber for these improvements.

Kitchen InSpec

The Kitchen InSpec verifier has been updated to allow setting Chef InSpec plugins for use during the verification. This new functionality can be enabled by adding load_plugins: true to your InSpec verifier config. Thanks @tecracer-theinen for this improvement.

Kitchen vCenter

The Kitchen vCenter driver has been updated from 2.6.4 to 2.7.0 which adds the ability to define transformations for VM IPs that are used in 1:1 NAT environments. This release also includes improved fallback for DC lookups to use methods that may work with less privileged users. Thanks @tecracer-theinen and @jasonwbarnett for these improvements.

Kitchen Dokken

The Kitchen Dokken driver has been updated from 2.8.1 to 2.9.0. This release adds a new provisioning configuration, clean_dokken_sandbox, that does not require cleaning the Chef Infra and Test Kitchen files between converges. This configuration will speed up repeatedly converging systems. This defaults to true which maintains the existing behavior. Thanks @chrisUsick

Knife Plugins

Knife Tidy

Knife Tidy has been updated from 2.0.9 to 2.0.12 which provides compatibility with Chef Infra Client 15 and improves error handling in JSON parsing.

Knife Azure

Knife Azure was updated from 2.0.13 to 2.0.17 which resolves issues from loading plugin requirements.

Knife EC2

Knife EC2 has been updated from 1.0.32 to 1.0.36. This update resolves failures from bootstrapping nodes in classic EC2 and avoids attempting to bootstrap nodes using private DNS which may not be accessible from the node running the bootstrap command.

Security Updates

Git

Git was updated from 2.24.1 to 2.26.2 to resolves the following CVEs:

• CVE-2020-5260: Heap exposure vulnerability in the socket library
• CVE-2020-11008: Heap exposure vulnerability in the socket library

libarchive

libarchive was updated from 3.4.0 to 3.4.2 to resolve the following CVEs:

• CVE-2019-19221: archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call
• CVE-2020-9308: archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header

Ruby

Ruby was updated from 2.6.5 to 2.6.6 to resolve the following CVEs:

• CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional fix)
• CVE-2020-10933: Heap exposure vulnerability in the socket library