chef 12.13.37 → 12.14.60

data/lib/chef/provider/user/aix.rb

@@ -14,11 +14,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "chef/provider/user/useradd"
+
 class Chef
   class Provider
     class User
       class Aix < Chef::Provider::User::Useradd
-        provides :user, platform: %w{aix}
+        provides :user, os: "aix"
+        provides :aix_user
 
         UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]]
 
@@ -66,7 +69,7 @@ class Chef
           shell_out!("chuser account_locked=false #{new_resource.username}")
         end
 
-      private
+        private
 
         def add_password
           if @current_resource.password != @new_resource.password && @new_resource.password

data/lib/chef/provider/user/dscl.rb

@@ -48,6 +48,7 @@ class Chef
         attr_accessor :authentication_authority
         attr_accessor :password_shadow_conversion_algorithm
 
+        provides :dscl_user
         provides :user, os: "darwin"
 
         def define_resource_requirements

data/lib/chef/provider/user/linux.rb

@@ -0,0 +1,128 @@
+#
+# Copyright:: Copyright 2016, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "chef/provider/user"
+
+class Chef
+  class Provider
+    class User
+      class Linux < Chef::Provider::User
+        provides :linux_user
+        provides :user, os: "linux"
+
+        def create_user
+          shell_out!(*clean_array("useradd", universal_options, useradd_options, new_resource.username))
+        end
+
+        def manage_user
+          shell_out!(*clean_array("usermod", universal_options, usermod_options, new_resource.username))
+        end
+
+        def remove_user
+          shell_out!(*clean_array("userdel", userdel_options, new_resource.username))
+        end
+
+        def lock_user
+          shell_out!(*clean_array("usermod", "-L", new_resource.username))
+        end
+
+        def unlock_user
+          shell_out!(*clean_array("usermod", "-U", new_resource.username))
+        end
+
+        # common to usermod and useradd
+        def universal_options
+          opts = []
+          opts << "-c" << new_resource.comment if should_set?(:comment)
+          opts << "-g" << new_resource.gid if should_set?(:gid)
+          opts << "-p" << new_resource.password if should_set?(:password)
+          opts << "-s" << new_resource.shell if should_set?(:shell)
+          opts << "-u" << new_resource.uid if should_set?(:uid)
+          opts << "-d" << new_resource.home if updating_home?
+          opts << "-o" if new_resource.non_unique
+          opts
+        end
+
+        def usermod_options
+          opts = []
+          if updating_home?
+            if new_resource.manage_home
+              opts << "-m"
+            end
+          end
+          opts
+        end
+
+        def useradd_options
+          opts = []
+          opts << "-r" if new_resource.system
+          if new_resource.manage_home
+            opts << "-m"
+          else
+            opts << "-M"
+          end
+          opts
+        end
+
+        def userdel_options
+          opts = []
+          opts << "-r" if new_resource.manage_home
+          opts << "-f" if new_resource.force
+          opts
+        end
+
+        def should_set?(sym)
+          current_resource.send(sym).to_s != new_resource.send(sym).to_s && new_resource.send(sym)
+        end
+
+        def updating_home?
+          return false unless new_resource.home
+          return true unless current_resource.home
+          new_resource.home && Pathname.new(current_resource.home).cleanpath != Pathname.new(new_resource.home).cleanpath
+        end
+
+        def check_lock
+          # there's an old bug in rhel (https://bugzilla.redhat.com/show_bug.cgi?id=578534)
+          # which means that both 0 and 1 can be success.
+          passwd_s = shell_out("passwd", "-S", new_resource.username, returns: [ 0, 1 ])
+
+          # checking "does not exist" has to come before exit code handling since centos and ubuntu differ in exit codes
+          if passwd_s.stderr =~ /does not exist/
+            if whyrun_mode?
+              return false
+            else
+              raise Chef::Exceptions::User, "User #{new_resource.username} does not exist when checking lock status for #{new_resource}"
+            end
+          end
+
+          # now raise if we didn't get a 0 or 1 (see above)
+          passwd_s.error!
+
+          # now the actual output parsing
+          @locked = nil
+          status_line = passwd_s.stdout.split(" ")
+          @locked = false if status_line[1] =~ /^[PN]/
+          @locked = true if status_line[1] =~ /^L/
+
+          raise Chef::Exceptions::User, "Cannot determine if user #{new_resource.username} is locked for #{new_resource}" if @locked.nil?
+
+          # FIXME: should probably go on the current_resource
+          @locked
+        end
+      end
+    end
+  end
+end

data/lib/chef/provider/user/pw.rb

@@ -22,7 +22,8 @@ class Chef
   class Provider
     class User
       class Pw < Chef::Provider::User
-        provides :user, platform: %w{freebsd}
+        provides :pw_user
+        provides :user, os: "freebsd"
 
         def load_current_resource
           super

data/lib/chef/provider/user/solaris.rb

@@ -24,7 +24,8 @@ class Chef
   class Provider
     class User
       class Solaris < Chef::Provider::User::Useradd
-        provides :user, platform: %w{omnios solaris2}
+        provides :solaris_user
+        provides :user, os: %w{omnios solaris2}
         UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]]
 
         attr_writer :password_file
@@ -70,7 +71,7 @@ class Chef
           shell_out!("passwd", "-u", new_resource.username)
         end
 
-      private
+        private
 
         def manage_password
           if @current_resource.password != @new_resource.password && @new_resource.password

data/lib/chef/provider/user/useradd.rb

@@ -23,7 +23,7 @@ class Chef
   class Provider
     class User
       class Useradd < Chef::Provider::User
-        provides :user
+        # MAJOR XXX: this should become the base class of all Useradd providers instead of the linux implementation
 
         UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:password, "-p"], [:shell, "-s"], [:uid, "-u"]]
 
@@ -116,15 +116,15 @@ class Chef
                 update_options(field, option, opts)
               end
               if updating_home?
+                opts << "-d" << new_resource.home
                 if managing_home_dir?
                   Chef::Log.debug("#{new_resource} managing the users home directory")
-                  opts << "-d" << new_resource.home << "-m"
+                  opts << "-m"
                 else
                   Chef::Log.debug("#{new_resource} setting home to #{new_resource.home}")
-                  opts << "-d" << new_resource.home
                 end
               end
-              opts << "-o" if new_resource.non_unique || new_resource.supports[:non_unique]
+              opts << "-o" if new_resource.non_unique
               opts
             end
         end
@@ -141,6 +141,7 @@ class Chef
         def useradd_options
           opts = []
           opts << "-r" if new_resource.system
+          opts << "-M" unless managing_home_dir?
           opts
         end
 

data/lib/chef/provider/user/windows.rb

@@ -26,7 +26,7 @@ class Chef
   class Provider
     class User
       class Windows < Chef::Provider::User
-
+        provides :windows_user
         provides :user, os: "windows"
 
         def initialize(new_resource, run_context)

data/lib/chef/provider/windows_script.rb

@@ -33,8 +33,11 @@ class Chef
         super( new_resource, run_context )
         @script_extension = script_extension
 
-        target_architecture = new_resource.architecture.nil? ?
-          node_windows_architecture(run_context.node) : new_resource.architecture
+        target_architecture = if new_resource.architecture.nil?
+                                node_windows_architecture(run_context.node)
+                              else
+                                new_resource.architecture
+                              end
 
         @is_wow64 = wow64_architecture_override_required?(run_context.node, target_architecture)
 

data/lib/chef/provider/yum_repository.rb

@@ -0,0 +1,121 @@
+#
+# Author:: Thom May (<thom@chef.io>)
+# Copyright:: Copyright (c) 2016 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+require "chef/dsl/declare_resource"
+require "chef/mixin/shell_out"
+require "chef/mixin/which"
+require "chef/http/simple"
+require "chef/provider/noop"
+
+class Chef
+  class Provider
+    class YumRepository < Chef::Provider
+      use_inline_resources
+
+      extend Chef::Mixin::Which
+
+      provides :yum_repository do
+        which "yum"
+      end
+
+      def whyrun_supported?; true; end
+
+      def load_current_resource; end
+
+      action :create do
+        declare_resource(:template, "/etc/yum.repos.d/#{new_resource.repositoryid}.repo") do
+          if template_available?(new_resource.source)
+            source new_resource.source
+          else
+            source ::File.expand_path("../support/yum_repo.erb", __FILE__)
+            local true
+          end
+          sensitive new_resource.sensitive
+          variables(config: new_resource)
+          mode new_resource.mode
+          if new_resource.make_cache
+            notifies :run, "execute[yum clean metadata #{new_resource.repositoryid}]", :immediately if new_resource.clean_metadata || new_resource.clean_headers
+            notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately
+            notifies :create, "ruby_block[yum-cache-reload-#{new_resource.repositoryid}]", :immediately
+          end
+        end
+
+        declare_resource(:execute, "yum clean metadata #{new_resource.repositoryid}") do
+          command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+          action :nothing
+        end
+
+        # get the metadata for this repo only
+        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
+          command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+          action :nothing
+          only_if { new_resource.enabled }
+        end
+
+        # reload internal Chef yum cache
+        declare_resource(:ruby_block, "yum-cache-reload-#{new_resource.repositoryid}") do
+          block { Chef::Provider::Package::Yum::YumCache.instance.reload }
+          action :nothing
+        end
+      end
+
+      action :delete do
+        declare_resource(:file, "/etc/yum.repos.d/#{new_resource.repositoryid}.repo") do
+          action :delete
+          notifies :run, "execute[yum clean all #{new_resource.repositoryid}]", :immediately
+          notifies :create, "ruby_block[yum-cache-reload-#{new_resource.repositoryid}]", :immediately
+        end
+
+        declare_resource(:execute, "yum clean all #{new_resource.repositoryid}") do
+          command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+          only_if "yum repolist | grep -P '^#{new_resource.repositoryid}([ \t]|$)'"
+          action :nothing
+        end
+
+        declare_resource(:ruby_block, "yum-cache-reload-#{new_resource.repositoryid}") do
+          block { Chef::Provider::Package::Yum::YumCache.instance.reload }
+          action :nothing
+        end
+      end
+
+      action :makecache do
+        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
+          command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+          action :run
+          only_if { new_resource.enabled }
+        end
+
+        declare_resource(:ruby_block, "yum-cache-reload-#{new_resource.repositoryid}") do
+          block { Chef::Provider::Package::Yum::YumCache.instance.reload }
+          action :run
+        end
+      end
+
+      alias_method :action_add, :action_create
+      alias_method :action_remove, :action_delete
+
+      def template_available?(path)
+        !path.nil? && run_context.has_template_in_cookbook?(new_resource.cookbook_name, path)
+      end
+
+    end
+  end
+end
+
+Chef::Provider::Noop.provides :yum_repository

data/lib/chef/providers.rb

@@ -58,6 +58,7 @@ require "chef/provider/systemd_unit"
 require "chef/provider/template"
 require "chef/provider/user"
 require "chef/provider/whyrun_safe_ruby_block"
+require "chef/provider/yum_repository"
 
 require "chef/provider/env/windows"
 
@@ -101,12 +102,13 @@ require "chef/provider/service/macosx"
 require "chef/provider/service/aixinit"
 require "chef/provider/service/aix"
 
+require "chef/provider/user/aix"
 require "chef/provider/user/dscl"
+require "chef/provider/user/linux"
 require "chef/provider/user/pw"
+require "chef/provider/user/solaris"
 require "chef/provider/user/useradd"
 require "chef/provider/user/windows"
-require "chef/provider/user/solaris"
-require "chef/provider/user/aix"
 
 require "chef/provider/group/aix"
 require "chef/provider/group/dscl"

data/lib/chef/resource.rb

@@ -497,7 +497,7 @@ class Chef
       state_properties = self.class.state_properties
       state_properties.each do |property|
         if property.identity? || property.is_set?(self)
-          state[property.name] = send(property.name)
+          state[property.name] = property.sensitive? ? "*sensitive value suppressed*" : send(property.name)
         end
       end
       state
@@ -1276,15 +1276,15 @@ class Chef
     # resolve_resource_reference on each in turn, causing them to
     # resolve lazy/forward references.
     def resolve_notification_references
-      run_context.before_notifications(self).each { |n|
+      run_context.before_notifications(self).each do |n|
         n.resolve_resource_reference(run_context.resource_collection)
-      }
-      run_context.immediate_notifications(self).each { |n|
+      end
+      run_context.immediate_notifications(self).each do |n|
         n.resolve_resource_reference(run_context.resource_collection)
-      }
-      run_context.delayed_notifications(self).each {|n|
+      end
+      run_context.delayed_notifications(self).each do |n|
         n.resolve_resource_reference(run_context.resource_collection)
-      }
+      end
     end
 
     # Helper for #notifies
@@ -1575,8 +1575,6 @@ class Chef
       end
     end
 
-    private
-
     def self.remove_canonical_dsl
       if @resource_name
         remaining = Chef.resource_handler_map.delete_canonical(@resource_name, self)

data/lib/chef/resource/conditional.rb

@@ -103,7 +103,15 @@ class Chef
       end
 
       def evaluate_block
-        @block.call
+        @block.call.tap do |rv|
+          if rv.is_a?(String) && !rv.empty?
+            # This is probably a mistake:
+            #   not_if { "command" }
+            sanitized_rv = @parent_resource.sensitive ? "a string" : rv.inspect
+            Chef::Log.warn("#{@positivity} block for #{@parent_resource} returned #{sanitized_rv}, did you mean to run a command?" +
+              (@parent_resource.sensitive ? "" : " If so use '#{@positivity} #{sanitized_rv}' in your code."))
+          end
+        end
       end
 
       def short_description