## Breaking Changes ### Chef CLI The `chef shell-init` CLI command checks for the Chef Workstation PATH variable before adding it, ensuring that it appears only once in your PATH. We removed two legacy Chef Workflow (Delivery) commands in the chef-cli (Chef Workflow reached end-of-life status in December 2020): - `chef generate cookbook --workflow` now warns that the `--workflow` flag is no longer supported and generates a Chef cookbook—without the Chef Workflow build-cookbook. - `chef generate build-cookbook` now alerts that build-cookbook generation is no longer supported and exits with an error. ### Knife Changes #### Renamed knife opc org commands We've rewritten our knife-opc plugin and merged it into the main knife codebase. As part of this rewrite, the `knife opc org` commands have been renamed to `knife org`, and several of the user commands have merged into the existing `knife user` commands. ##### Renamed Commands - knife opc org create -> knife org create - knife opc org delete -> knife org delete - knife opc org edit -> knife org edit - knife opc org list -> knife org list - knife opc org show -> knife org show - knife opc org user add -> knife org user add - knife opc org user remove -> knife org user remove ##### User Commands Now in Knife User - knife opc user create -> knife user create - knife opc user delete -> knife user delete - knife opc user edit -> knife user edit - knife opc user list -> knife user list - knife opc user password -> knife user password - knife opc user show -> knife user show #### Simplified knife user create syntax The `knife user create` command previously required passing the user's display name, first name, last name, e-mail, and password in order as arguments. Only the e-mail and password values are actually required by Chef Infra Server, so we've simplified the syntax to allow passing just the required values. New flags have been introduced for each of the values and only the `--email` and `--password` flags are now required. The existing positional argument syntax will continue to work with a warning message, but will be removed in a future release. ### Fauxhai updated to 9.0 The Fauxhai engine mocks Ohai data in ChefSpec tests. The 9.0 release removes all the deprecated Fauxhai definitions—the ones that warned you of their impending deprecation every time you used them this past year. The Fauxhai community team removed platforms that: - have reached end-of-life status and are no longer supported. - have newer minor release versions available in Fauxhai. The best practice for referencing platforms in ChefSpec tests is to use a platform's major version or no version at all, which lets Fauxhai automatically pick the latest version. This practice ensures that your specs will continue to run, even as new platforms are released and older ones are removed. To automatically migrate ChefSpec tests to use newer platforms, use the [Chef/Deprecations/DeprecatedChefSpecPlatform](https://docs.chef.io/workstation/cookstyle/chef_deprecations_deprecatedchefspecplatform/) Cookstyle cop. This cop will autocorrect many specs. Run it with: ``` cookstyle -a --only Chef/Deprecations/DeprecatedChefSpecPlatform ``` ### Fauxhai Platforms Removed - AIX 6.1 - Amazon Linux 2015.03 - Amazon Linux 2015.09 - Amazon Linux 2016.03 - Amazon Linux 2016.09 - Amazon Linux 2017.03 - Amazon Linux 2017.09 - CentOS 5.11 - CentOS 6.9 - CentOS 7.5.1804 - CentOS 7.6.1810 - Debian 8.11 - Debian 9.8 - Debian 9.9 - Fedora 29 - Fedora 30 - FreeBSD 11.1 - Linux Mint 18.3 - macOS 10.13 - OpenSUSE 15.0 - OpenSUSE 15.1 - Oracle Linux 5.11 - Oracle Linux 6.9 - Red Hat Linux 5.11 - Red Hat Linux 6.9 - Red Hat Linux 7.4 - Red Hat Linux 7.5 - Red Hat Linux 7.6 - Suse Enterprise Linux 12.3 - Ubuntu 14.04 - Windows 20008 R2 ## Improvements ### Chef Infra Client 17 Chef Workstation now includes Chef Infra Client 17 with the new Compliance Phase and many other improvements. For a complete list of what's new, see the [Chef Infra Client 17.0 Release Notes](https://docs.chef.io/release_notes_client/#whats-new-in-170) and our [Chef Infra Client 17 Launch Webinar](https://www.youtube.com/watch?v=cj29Io6vrCI). ## Chef InSpec Chef InSpec has been updated from 4.29.3 to 4.36.4 with the following improvements and bug fixes: ### New Features - Added the SELinux resource, which includes support for modules and booleans. - Added the pattern input option for DSL and metadata inputs. - Added the `members_array` property for group & groups resources. - Train now reads the username and port from the `.ssh/config` file and will use these values if present. - Added the new `--reporter-include-source` CLI option, which includes the source code of the controls in the output of the CLI reporter. - Added ability to pass inputs to InSpec shell using input file and cli. - Commands can now be set to timeout using the [command resource](https://docs.chef.io/inspec/resources/command/) or the [`--command timeout`](https://docs.chef.io/inspec/cli/) option in the CLI. Commands timeout by default after one hour. - Added the [`--docker-url`](https://docs.chef.io/inspec/cli/) CLI option, which can be used to specify the URI to connect to the Docker Engine. - Added support for targeting Linux and Windows containers running on Docker for Windows. ### Bug Fixes - Fix SSH Timeout PTY allocation. We fixed a bug that caused occasional failures in some command resources that use SSH transport and were mistakenly allocated a pseudoterminal (PTY) when setting a timeout. In some cases, the PTY changed how the resource was interpreted. This fix only uses PTY when explicitly requested. - Fixed the group resource when a member does not exist. - Hash inputs will now be loaded consistently and accessed as strings or symbols. ## Test Kitchen ### Digital Ocean Driver Update The `kitchen-digitalocean` driver update removes support for legacy platform values that no longer exist on Digital Ocean: `CoreOS`, `Ubuntu17`, `CentOS6` and it adds support for `RancherOS`. The Test Kitchen docs have a new [Digital Ocean getting started guide](https://kitchen.ci/docs/drivers/digitalocean/). ### Amazon AWS Driver Update The Amazon AWS `kitchen-ec2` driver update adds support for GP3 EBS volume types on instances and proper cleanup of EBS volumes on termination on RHEL-based platforms. Thanks for the GP3 fix [@bdwyertech](https://github.com/bdwyertech)! ### Cookstyle updated to 7.10.1 This update improves offense detection and autocorrelation in Ruby code. ## Platform Support Ubuntu 16.04 packages will no longer be produced for Chef Workstation as Ubuntu 16.04 became EOL at the end of April 2021. ## Security Updates ### Ruby updated to 2.7.3 This Ruby version provides a large number of bug fixes and resolves the following CVEs: - [CVE-2021-28966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28966) - [CVE-2021-28966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28966) ### git updated to 2.31.1 This update to the embedded git client in Chef Workstation resolves [CVE-2021-21300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300)