## Bug Fixes - Resolved Ruby crashes that occurred intermittently when running `knife ssh` or `knife bootstrap`. ## New Features ### Policyfile Improvements #### Policyfile.rb metadata Helper Policyfiles has a new `metadata` helper. This helper gets a local cookbook's `name` and `path` from the `metadata.rb` file instead of requiring them in the Policyfile. Existing Policyfile: ```ruby name "base" # cookbook name run_list "base::default" default_source :supermarket cookbook "base", path: "." # cookbook path ``` Policyfile using the `metadata` helper: ```ruby metadata # invokes the metadata helper run_list "base::default" default_source :supermarket ``` #### Defined Policy Groups in Exports The `chef export` command now includes a new `--policy_group` flag that allows you to define a policy group (a set of hosts in a deployed unit) in the exported tarball. ### Cookstyle 7.15.1 Cookstyle has been updated from 7.13 to 7.15.1 with additional cops and an updated RuboCop engine. #### RuboCop 1.18.3 The RuboCop engine that powers Cookstyle has been updated to 1.18.3. This new release improves autocorrection and resolves a large number of detection errors. #### New Cops We added Chef InSpec-specific Cookstyle Cops to the `InSpec/Deprecations` department. These cops help with the migration from InSpec `attributes` to `inputs`. Watch for additional deprecation and correctness cops for InSpec in the future. You can also [request a new cop](https://github.com/chef/cookstyle/issues/new?assignees=&labels=Status%3A+Untriaged%2C+New+Cop+Proposal&template=NEW_COP_REQUEST.md) for Chef InSpec! ##### InSpec/Deprecations/AttributeDefault The `Chef/Deprecations/AttributeDefault` cop detects Chef InSpec profiles that use the deprecated pattern of passing the `default` option to `attribute` or `input` helpers instead of passing it to the newer `value` option. `Enabled by default`: True `Autocorrects`: True ##### InSpec/Deprecations/AttributeHelper The `Chef/Deprecations/AttributeHelper` cop detects Chef InSpec profiles that use the deprecated `attribute` helper instead of the `input` helper. `Enabled by default`: True `Autocorrects`: True ##### Chef/Deprecations/PolicyfileCommunitySource The `Chef/Deprecations/PolicyfileCommunitySource` cop detects Policyfile.rb files that set a `default_source` of `:community`. This source is deprecated and is an alias to the `:supermarket` source, which should be used instead. `Enabled by default`: True `Autocorrects`: True ### Test Kitchen Improvements #### New default chef_infra Provisioner We renamed the `chef_zero` Test Kitchen provisioner to `chef_infra`, making it clear that it is the preferred provisioner for testing Chef Infra cookbooks. This change is backward-compatible, so your existing `kitchen.yml` configurations will still work. We also changed Test Kitchen's default provisioned from `chef_solo` to `chef_infra`. Even if you leave the provisioner configuration unassigned, you will still get Chef Infra cookbook testing. To test with Chef Solo, you need to set the provisioner to `chef_solo` explicitly. #### Berkshelf / Policyfiles Update Automatically We changed Test Kitchen to automatically run `berks update` or `chef update` before testing, so you're always testing the latest cookbook code on your workstation. If you prefer to test an existing `Policyfile.lock` without updating it, add `always_update_cookbooks false` to the provisioner section of your `kitchen.yml` file. #### Specifying Policy Groups We added a new `policy_group` configuration that allows setting the policy group for testing a cookbook. Set this in the provisioner block or individual suites. ```yaml suites: - name: default policy_group: production run_list: - recipe[base] ``` #### Attaching Elastic Network Interfaces in AWS We added a new `elastic_network_interface_id` configuration option that allows you to specify the Elastic Network Interface ID attached to new AWS test instances. ```yaml driver: name: ec2 elastic_network_interface_id: eni-0545666738adeed14 ``` ### Ubuntu FIPS Support Chef Workstation Ubuntu packages are now FIPS enabled for all your FedRAMP needs.