chef 12.17.44-universal-mingw32 → 12.18.31-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +0 -1
- data/README.md +3 -2
- data/Rakefile +9 -0
- data/VERSION +1 -1
- data/acceptance/Gemfile.lock +17 -17
- data/distro/common/html/knife_environment.html +4 -8
- data/distro/common/man/man1/knife-environment.1 +4 -16
- data/distro/powershell/chef/chef.psm1 +139 -24
- data/lib/chef/application.rb +5 -4
- data/lib/chef/application/windows_service_manager.rb +6 -4
- data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
- data/lib/chef/chef_fs/command_line.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +8 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/nodes_dir.rb +1 -1
- data/lib/chef/cookbook/chefignore.rb +1 -1
- data/lib/chef/cookbook/cookbook_version_loader.rb +4 -4
- data/lib/chef/cookbook/metadata.rb +2 -2
- data/lib/chef/cookbook_loader.rb +1 -1
- data/lib/chef/data_collector.rb +24 -13
- data/lib/chef/data_collector/messages.rb +8 -6
- data/lib/chef/data_collector/messages/helpers.rb +1 -1
- data/lib/chef/deprecated.rb +30 -0
- data/lib/chef/dsl/platform_introspection.rb +2 -2
- data/lib/chef/encrypted_data_bag_item.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +2 -2
- data/lib/chef/environment.rb +1 -1
- data/lib/chef/exceptions.rb +5 -5
- data/lib/chef/file_access_control/unix.rb +5 -5
- data/lib/chef/formatters/error_description.rb +1 -1
- data/lib/chef/http/basic_client.rb +1 -1
- data/lib/chef/http/json_input.rb +2 -2
- data/lib/chef/knife.rb +1 -1
- data/lib/chef/knife/cookbook_site_install.rb +1 -1
- data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
- data/lib/chef/knife/core/ui.rb +1 -1
- data/lib/chef/mixin/command.rb +1 -0
- data/lib/chef/mixin/deep_merge.rb +1 -1
- data/lib/chef/mixin/shell_out.rb +58 -3
- data/lib/chef/mixin/which.rb +5 -9
- data/lib/chef/mixin/wide_string.rb +1 -1
- data/lib/chef/node.rb +1 -1
- data/lib/chef/node/attribute.rb +4 -5
- data/lib/chef/node_map.rb +18 -2
- data/lib/chef/platform/provider_handler_map.rb +2 -2
- data/lib/chef/platform/provider_mapping.rb +5 -0
- data/lib/chef/platform/resource_handler_map.rb +2 -2
- data/lib/chef/provider/env/windows.rb +1 -1
- data/lib/chef/provider/git.rb +1 -1
- data/lib/chef/provider/group.rb +41 -46
- data/lib/chef/provider/group/aix.rb +12 -19
- data/lib/chef/provider/group/dscl.rb +46 -43
- data/lib/chef/provider/group/gpasswd.rb +7 -7
- data/lib/chef/provider/group/groupadd.rb +29 -34
- data/lib/chef/provider/group/groupmod.rb +26 -31
- data/lib/chef/provider/group/pw.rb +28 -31
- data/lib/chef/provider/group/suse.rb +9 -9
- data/lib/chef/provider/group/usermod.rb +10 -11
- data/lib/chef/provider/group/windows.rb +18 -20
- data/lib/chef/provider/ifconfig.rb +52 -63
- data/lib/chef/provider/ifconfig/aix.rb +23 -28
- data/lib/chef/provider/ifconfig/debian.rb +23 -22
- data/lib/chef/provider/ifconfig/redhat.rb +12 -12
- data/lib/chef/provider/mount/mount.rb +1 -1
- data/lib/chef/provider/osx_profile.rb +4 -2
- data/lib/chef/provider/package.rb +16 -7
- data/lib/chef/provider/package/chocolatey.rb +3 -1
- data/lib/chef/provider/package/dnf.rb +183 -0
- data/lib/chef/provider/package/dnf/dnf_helper.py +91 -0
- data/lib/chef/provider/package/dnf/python_helper.rb +120 -0
- data/lib/chef/provider/package/dnf/version.rb +56 -0
- data/lib/chef/provider/package/easy_install.rb +1 -1
- data/lib/chef/provider/package/freebsd/base.rb +1 -1
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +3 -3
- data/lib/chef/provider/package/windows.rb +1 -1
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/route.rb +186 -184
- data/lib/chef/provider/service/arch.rb +2 -2
- data/lib/chef/provider/service/freebsd.rb +1 -1
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/insserv.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/openbsd.rb +1 -1
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/support/yum_repo.erb +10 -3
- data/lib/chef/provider/user.rb +17 -20
- data/lib/chef/provider/user/aix.rb +23 -24
- data/lib/chef/provider/user/dscl.rb +56 -53
- data/lib/chef/provider/user/linux.rb +13 -16
- data/lib/chef/provider/user/pw.rb +26 -30
- data/lib/chef/provider/user/solaris.rb +11 -12
- data/lib/chef/provider/user/useradd.rb +20 -22
- data/lib/chef/provider/user/windows.rb +19 -22
- data/lib/chef/provider_resolver.rb +4 -2
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource.rb +7 -0
- data/lib/chef/resource/chocolatey_package.rb +1 -0
- data/lib/chef/resource/dnf_package.rb +64 -0
- data/lib/chef/resource/file/verification.rb +6 -4
- data/lib/chef/resource/yum_package.rb +18 -14
- data/lib/chef/resource/yum_repository.rb +1 -1
- data/lib/chef/resource_reporter.rb +11 -0
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/scan_access_control.rb +4 -4
- data/lib/chef/util/dsc/resource_store.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/memory.rb +1 -1
- data/lib/chef/win32/security.rb +2 -2
- data/lib/chef/win32/security/sid.rb +2 -2
- data/spec/functional/assets/yumrepo/chef_rpm-1.10-1.fc24.i686.rpm +0 -0
- data/spec/functional/assets/yumrepo/chef_rpm-1.10-1.fc24.src.rpm +0 -0
- data/spec/functional/assets/yumrepo/chef_rpm-1.10-1.fc24.x86_64.rpm +0 -0
- data/spec/functional/assets/yumrepo/chef_rpm-1.2-1.fc24.i686.rpm +0 -0
- data/spec/functional/assets/yumrepo/chef_rpm-1.2-1.fc24.src.rpm +0 -0
- data/spec/functional/assets/yumrepo/chef_rpm-1.2-1.fc24.x86_64.rpm +0 -0
- data/spec/functional/assets/yumrepo/repodata/313329137b55fd333b2dc66394a6661a2befa6cc535d8460d92a4a78a9c581f0-primary.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo/repodata/31ac4db5d5ac593728fcc26aef82b7b93c4cc4dbec843786b1845b939b658553-other.xml.gz +0 -0
- data/spec/functional/assets/yumrepo/repodata/4ac40fa3c6728c1401318e2e20a997436624e83dcf7a5f952b851ef422637773-filelists.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo/repodata/66391e53f0510b98b3f0b79f40ba1048026d9a1ef20905d9c40ba6f5411f3243-primary.xml.gz +0 -0
- data/spec/functional/assets/yumrepo/repodata/8b34697595fcc87928e12d24644dda9462c3857bd932861e28bc77ae1f31be16-filelists.xml.gz +0 -0
- data/spec/functional/assets/yumrepo/repodata/b97cca3fe14bcf06c52be4449b6108f7731239ff221111dcce8aada5467f60dc-other.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo/repodata/repomd.xml +55 -0
- data/spec/functional/resource/dnf_package_spec.rb +686 -0
- data/spec/functional/resource/dsc_script_spec.rb +1 -0
- data/spec/functional/resource/user/useradd_spec.rb +10 -1
- data/spec/integration/knife/chef_repo_path_spec.rb +2 -2
- data/spec/integration/recipes/recipe_dsl_spec.rb +3 -0
- data/spec/integration/recipes/resource_load_spec.rb +3 -3
- data/spec/spec_helper.rb +5 -3
- data/spec/support/lib/chef/provider/snakeoil.rb +1 -0
- data/spec/support/lib/chef/resource/cat.rb +1 -0
- data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -0
- data/spec/support/lib/chef/resource/openldap_includer.rb +2 -0
- data/spec/support/lib/chef/resource/with_state.rb +2 -0
- data/spec/support/lib/chef/resource/zen_master.rb +1 -0
- data/spec/unit/cookbook/metadata_spec.rb +3 -3
- data/spec/unit/data_collector/messages/helpers_spec.rb +7 -0
- data/spec/unit/data_collector_spec.rb +56 -0
- data/spec/unit/decorator/lazy_spec.rb +1 -1
- data/spec/unit/environment_spec.rb +1 -1
- data/spec/unit/lwrp_spec.rb +3 -4
- data/spec/unit/node_spec.rb +23 -2
- data/spec/unit/platform_spec.rb +1 -0
- data/spec/unit/provider/group/dscl_spec.rb +29 -29
- data/spec/unit/provider/group/gpasswd_spec.rb +10 -10
- data/spec/unit/provider/group/groupadd_spec.rb +31 -30
- data/spec/unit/provider/group/groupmod_spec.rb +16 -16
- data/spec/unit/provider/group/pw_spec.rb +11 -11
- data/spec/unit/provider/group/suse_spec.rb +5 -5
- data/spec/unit/provider/group/usermod_spec.rb +15 -15
- data/spec/unit/provider/ifconfig/aix_spec.rb +14 -14
- data/spec/unit/provider/ifconfig/debian_spec.rb +10 -22
- data/spec/unit/provider/ifconfig/redhat_spec.rb +4 -4
- data/spec/unit/provider/ifconfig_spec.rb +18 -19
- data/spec/unit/provider/package/chocolatey_spec.rb +21 -21
- data/spec/unit/provider/package/msu_spec.rb +1 -1
- data/spec/unit/provider/route_spec.rb +21 -21
- data/spec/unit/provider/user/dscl_spec.rb +54 -57
- data/spec/unit/provider/user/linux_spec.rb +5 -5
- data/spec/unit/provider/user/pw_spec.rb +26 -22
- data/spec/unit/provider/user/windows_spec.rb +4 -4
- data/spec/unit/provider/user_spec.rb +19 -21
- data/spec/unit/provider_resolver_spec.rb +1 -0
- data/spec/unit/resource/chocolatey_package_spec.rb +12 -0
- data/spec/unit/resource/dnf_package_spec.rb +99 -0
- data/spec/unit/resource/remote_file_spec.rb +2 -2
- data/spec/unit/resource/yum_package_spec.rb +20 -0
- data/spec/unit/resource_reporter_spec.rb +24 -0
- data/spec/unit/resource_spec.rb +2 -0
- data/spec/unit/runner_spec.rb +1 -0
- data/tasks/bin/bundle-platform +1 -1
- data/tasks/gemfile_util.rb +2 -2
- data/tasks/templates/prerelease.md.erb +1 -10
- data/tasks/templates/release.md.erb +1 -9
- metadata +24 -5
- data/lib/chef/platform/handler_map.rb +0 -40
@@ -66,7 +66,7 @@ class Chef::Provider::Service::Arch < Chef::Provider::Service::Init
|
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
|
-
def enable_service
|
69
|
+
def enable_service
|
70
70
|
new_daemons = []
|
71
71
|
entries = daemons
|
72
72
|
|
@@ -92,7 +92,7 @@ class Chef::Provider::Service::Arch < Chef::Provider::Service::Init
|
|
92
92
|
end
|
93
93
|
end
|
94
94
|
|
95
|
-
def disable_service
|
95
|
+
def disable_service
|
96
96
|
new_daemons = []
|
97
97
|
entries = daemons
|
98
98
|
|
@@ -74,7 +74,7 @@ class Chef
|
|
74
74
|
end
|
75
75
|
|
76
76
|
requirements.assert(:start, :enable, :reload, :restart) do |a|
|
77
|
-
a.assertion { service_enable_variable_name
|
77
|
+
a.assertion { !service_enable_variable_name.nil? }
|
78
78
|
a.failure_message Chef::Exceptions::Service, "Could not find the service name in #{init_command} and rcvar"
|
79
79
|
# No recovery in whyrun mode - the init file is present but not correct.
|
80
80
|
end
|
@@ -61,11 +61,11 @@ class Chef::Provider::Service::Gentoo < Chef::Provider::Service::Init
|
|
61
61
|
end
|
62
62
|
end
|
63
63
|
|
64
|
-
def enable_service
|
64
|
+
def enable_service
|
65
65
|
shell_out!("/sbin/rc-update add #{@new_resource.service_name} default")
|
66
66
|
end
|
67
67
|
|
68
|
-
def disable_service
|
68
|
+
def disable_service
|
69
69
|
shell_out!("/sbin/rc-update del #{@new_resource.service_name} default")
|
70
70
|
end
|
71
71
|
end
|
@@ -45,12 +45,12 @@ class Chef
|
|
45
45
|
current_resource
|
46
46
|
end
|
47
47
|
|
48
|
-
def enable_service
|
48
|
+
def enable_service
|
49
49
|
shell_out!("/sbin/insserv -r -f #{new_resource.service_name}")
|
50
50
|
shell_out!("/sbin/insserv -d -f #{new_resource.service_name}")
|
51
51
|
end
|
52
52
|
|
53
|
-
def disable_service
|
53
|
+
def disable_service
|
54
54
|
shell_out!("/sbin/insserv -r -f #{new_resource.service_name}")
|
55
55
|
end
|
56
56
|
end
|
@@ -181,7 +181,7 @@ class Chef
|
|
181
181
|
end
|
182
182
|
|
183
183
|
def set_service_status
|
184
|
-
return if @plist
|
184
|
+
return if @plist.nil? || @service_label.to_s.empty?
|
185
185
|
|
186
186
|
cmd = "launchctl list #{@service_label}"
|
187
187
|
res = shell_out_as_user(cmd)
|
@@ -197,7 +197,7 @@ class Chef
|
|
197
197
|
case line.downcase
|
198
198
|
when /\s+\"pid\"\s+=\s+(\d+).*/
|
199
199
|
pid = $1
|
200
|
-
@current_resource.running(
|
200
|
+
@current_resource.running(pid.to_i != 0)
|
201
201
|
Chef::Log.debug("Current PID for #{@service_label} is #{pid}")
|
202
202
|
end
|
203
203
|
end
|
@@ -72,7 +72,7 @@ class Chef
|
|
72
72
|
end
|
73
73
|
|
74
74
|
requirements.assert(:start, :enable, :reload, :restart) do |a|
|
75
|
-
a.assertion { init_command && builtin_service_enable_variable_name
|
75
|
+
a.assertion { init_command && !builtin_service_enable_variable_name.nil? }
|
76
76
|
a.failure_message Chef::Exceptions::Service, "Could not find the service name in #{init_command} and rcvar"
|
77
77
|
# No recovery in whyrun mode - the init file is present but not correct.
|
78
78
|
end
|
@@ -109,7 +109,7 @@ class Chef
|
|
109
109
|
(run_levels.nil? || run_levels.empty?) ? "" : "--level #{run_levels.join('')} "
|
110
110
|
end
|
111
111
|
|
112
|
-
def enable_service
|
112
|
+
def enable_service
|
113
113
|
unless run_levels.nil? || run_levels.empty?
|
114
114
|
disable_levels = current_run_levels - run_levels
|
115
115
|
shell_out! "/sbin/chkconfig --level #{disable_levels.join('')} #{new_resource.service_name} off" unless disable_levels.empty?
|
@@ -117,7 +117,7 @@ class Chef
|
|
117
117
|
shell_out! "/sbin/chkconfig #{levels}#{new_resource.service_name} on"
|
118
118
|
end
|
119
119
|
|
120
|
-
def disable_service
|
120
|
+
def disable_service
|
121
121
|
shell_out! "/sbin/chkconfig #{levels}#{new_resource.service_name} off"
|
122
122
|
end
|
123
123
|
end
|
@@ -4,8 +4,13 @@
|
|
4
4
|
[<%= @config.repositoryid %>]
|
5
5
|
name=<%= @config.description %>
|
6
6
|
<% if @config.baseurl %>
|
7
|
-
baseurl=<%= @config.baseurl
|
8
|
-
|
7
|
+
baseurl=<%= case @config.baseurl
|
8
|
+
when Array
|
9
|
+
@config.baseurl.join("\n")
|
10
|
+
else
|
11
|
+
@config.baseurl
|
12
|
+
end %>
|
13
|
+
<% end -%>
|
9
14
|
<% if @config.cost %>
|
10
15
|
cost=<%= @config.cost %>
|
11
16
|
<% end %>
|
@@ -24,7 +29,9 @@ exclude=<%= @config.exclude %>
|
|
24
29
|
failovermethod=<%= @config.failovermethod %>
|
25
30
|
<% end %>
|
26
31
|
<% if @config.fastestmirror_enabled %>
|
27
|
-
fastestmirror_enabled
|
32
|
+
fastestmirror_enabled=1
|
33
|
+
<% else %>
|
34
|
+
fastestmirror_enabled=0
|
28
35
|
<% end %>
|
29
36
|
<% if @config.gpgcheck %>
|
30
37
|
gpgcheck=1
|
data/lib/chef/provider/user.rb
CHANGED
@@ -39,7 +39,7 @@ class Chef
|
|
39
39
|
if @new_resource.gid.is_a? String
|
40
40
|
@new_resource.gid(Etc.getgrnam(@new_resource.gid).gid)
|
41
41
|
end
|
42
|
-
rescue ArgumentError
|
42
|
+
rescue ArgumentError
|
43
43
|
@group_name_resolved = false
|
44
44
|
end
|
45
45
|
|
@@ -53,7 +53,7 @@ class Chef
|
|
53
53
|
|
54
54
|
begin
|
55
55
|
user_info = Etc.getpwnam(@new_resource.username)
|
56
|
-
rescue ArgumentError
|
56
|
+
rescue ArgumentError
|
57
57
|
@user_exists = false
|
58
58
|
Chef::Log.debug("#{@new_resource} user does not exist")
|
59
59
|
user_info = nil
|
@@ -97,7 +97,7 @@ class Chef
|
|
97
97
|
requirements.assert(:all_actions) do |a|
|
98
98
|
a.assertion { @shadow_lib_ok }
|
99
99
|
a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
|
100
|
-
a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure. Assuming that this gem will have been previously installed."
|
100
|
+
a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure. Assuming that this gem will have been previously installed." \
|
101
101
|
"Note that user update converge may report false-positive on the basis of mismatched password. "
|
102
102
|
end
|
103
103
|
requirements.assert(:modify, :lock, :unlock) do |a|
|
@@ -137,34 +137,31 @@ class Chef
|
|
137
137
|
end
|
138
138
|
|
139
139
|
def action_remove
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
end
|
140
|
+
return unless @user_exists
|
141
|
+
converge_by("remove user #{@new_resource.username}") do
|
142
|
+
remove_user
|
143
|
+
Chef::Log.info("#{@new_resource} removed")
|
145
144
|
end
|
146
145
|
end
|
147
146
|
|
148
147
|
def action_manage
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
end
|
148
|
+
return unless @user_exists && compare_user
|
149
|
+
converge_by("manage user #{@new_resource.username}") do
|
150
|
+
manage_user
|
151
|
+
Chef::Log.info("#{@new_resource} managed")
|
154
152
|
end
|
155
153
|
end
|
156
154
|
|
157
155
|
def action_modify
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
end
|
156
|
+
return unless compare_user
|
157
|
+
converge_by("modify user #{@new_resource.username}") do
|
158
|
+
manage_user
|
159
|
+
Chef::Log.info("#{@new_resource} modified")
|
163
160
|
end
|
164
161
|
end
|
165
162
|
|
166
163
|
def action_lock
|
167
|
-
if check_lock
|
164
|
+
if check_lock == false
|
168
165
|
converge_by("lock the user #{@new_resource.username}") do
|
169
166
|
lock_user
|
170
167
|
Chef::Log.info("#{@new_resource} locked")
|
@@ -175,7 +172,7 @@ class Chef
|
|
175
172
|
end
|
176
173
|
|
177
174
|
def action_unlock
|
178
|
-
if check_lock
|
175
|
+
if check_lock == true
|
179
176
|
converge_by("unlock user #{@new_resource.username}") do
|
180
177
|
unlock_user
|
181
178
|
Chef::Log.info("#{@new_resource} unlocked")
|
@@ -23,7 +23,7 @@ class Chef
|
|
23
23
|
provides :user, os: "aix"
|
24
24
|
provides :aix_user
|
25
25
|
|
26
|
-
UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]]
|
26
|
+
UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]].freeze
|
27
27
|
|
28
28
|
def create_user
|
29
29
|
super
|
@@ -44,53 +44,52 @@ class Chef
|
|
44
44
|
end
|
45
45
|
|
46
46
|
def check_lock
|
47
|
-
lock_info =
|
47
|
+
lock_info = shell_out_compact!("lsuser", "-a", "account_locked", new_resource.username)
|
48
48
|
if whyrun_mode? && passwd_s.stdout.empty? && lock_info.stderr.match(/does not exist/)
|
49
49
|
# if we're in whyrun mode and the user is not yet created we assume it would be
|
50
50
|
return false
|
51
51
|
end
|
52
|
-
raise Chef::Exceptions::User, "Cannot determine if #{
|
52
|
+
raise Chef::Exceptions::User, "Cannot determine if #{new_resource} is locked!" if lock_info.stdout.empty?
|
53
53
|
|
54
54
|
status = /\S+\s+account_locked=(\S+)/.match(lock_info.stdout)
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
55
|
+
@locked =
|
56
|
+
if status && status[1] == "true"
|
57
|
+
true
|
58
|
+
else
|
59
|
+
false
|
60
|
+
end
|
60
61
|
|
61
62
|
@locked
|
62
63
|
end
|
63
64
|
|
64
65
|
def lock_user
|
65
|
-
|
66
|
+
shell_out_compact!("chuser", "account_locked=true", new_resource.username)
|
66
67
|
end
|
67
68
|
|
68
69
|
def unlock_user
|
69
|
-
|
70
|
+
shell_out_compact!("chuser", "account_locked=false", new_resource.username)
|
70
71
|
end
|
71
72
|
|
72
73
|
private
|
73
74
|
|
74
75
|
def add_password
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
end
|
76
|
+
return unless current_resource.password != new_resource.password && new_resource.password
|
77
|
+
Chef::Log.debug("#{new_resource.username} setting password to #{new_resource.password}")
|
78
|
+
command = "echo '#{new_resource.username}:#{new_resource.password}' | chpasswd -e"
|
79
|
+
shell_out!(command)
|
80
80
|
end
|
81
81
|
|
82
82
|
# Aix specific handling to update users home directory.
|
83
83
|
def manage_home
|
84
|
+
return unless updating_home? && managing_home_dir?
|
84
85
|
# -m option does not work on aix, so move dir.
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
shell_out!("mkdir -p #{new_resource.home}")
|
93
|
-
end
|
86
|
+
universal_options.delete("-m")
|
87
|
+
if ::File.directory?(current_resource.home)
|
88
|
+
Chef::Log.debug("Changing users home directory from #{current_resource.home} to #{new_resource.home}")
|
89
|
+
FileUtils.mv current_resource.home, new_resource.home
|
90
|
+
else
|
91
|
+
Chef::Log.debug("Creating users home directory #{new_resource.home}")
|
92
|
+
FileUtils.mkdir_p new_resource.home
|
94
93
|
end
|
95
94
|
end
|
96
95
|
|
@@ -65,12 +65,12 @@ class Chef
|
|
65
65
|
end
|
66
66
|
|
67
67
|
requirements.assert(:all_actions) do |a|
|
68
|
-
a.assertion { ::File.
|
68
|
+
a.assertion { ::File.exist?("/usr/bin/dscl") }
|
69
69
|
a.failure_message(Chef::Exceptions::User, "Cannot find binary '/usr/bin/dscl' on the system for #{new_resource}!")
|
70
70
|
end
|
71
71
|
|
72
72
|
requirements.assert(:all_actions) do |a|
|
73
|
-
a.assertion { ::File.
|
73
|
+
a.assertion { ::File.exist?("/usr/bin/plutil") }
|
74
74
|
a.failure_message(Chef::Exceptions::User, "Cannot find binary '/usr/bin/plutil' on the system for #{new_resource}!")
|
75
75
|
end
|
76
76
|
|
@@ -199,7 +199,7 @@ user password using shadow hash.")
|
|
199
199
|
# Create a user using dscl
|
200
200
|
#
|
201
201
|
def dscl_create_user
|
202
|
-
run_dscl("create /Users/#{new_resource.username}")
|
202
|
+
run_dscl("create", "/Users/#{new_resource.username}")
|
203
203
|
end
|
204
204
|
|
205
205
|
#
|
@@ -208,7 +208,7 @@ user password using shadow hash.")
|
|
208
208
|
#
|
209
209
|
def dscl_create_comment
|
210
210
|
comment = new_resource.comment || new_resource.username
|
211
|
-
run_dscl("create /Users/#{new_resource.username} RealName
|
211
|
+
run_dscl("create", "/Users/#{new_resource.username}", "RealName", comment)
|
212
212
|
end
|
213
213
|
|
214
214
|
#
|
@@ -224,7 +224,7 @@ user password using shadow hash.")
|
|
224
224
|
raise(Chef::Exceptions::RequestedUIDUnavailable, "uid #{new_resource.uid} is already in use")
|
225
225
|
end
|
226
226
|
|
227
|
-
run_dscl("create /Users/#{new_resource.username} UniqueID
|
227
|
+
run_dscl("create", "/Users/#{new_resource.username}", "UniqueID", new_resource.uid)
|
228
228
|
end
|
229
229
|
|
230
230
|
#
|
@@ -235,7 +235,7 @@ user password using shadow hash.")
|
|
235
235
|
uid = nil
|
236
236
|
base_uid = new_resource.system ? 200 : 500
|
237
237
|
next_uid_guess = base_uid
|
238
|
-
users_uids = run_dscl("list /Users uid")
|
238
|
+
users_uids = run_dscl("list", "/Users", "uid")
|
239
239
|
while next_uid_guess < search_limit + base_uid
|
240
240
|
if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
|
241
241
|
next_uid_guess += 1
|
@@ -244,7 +244,7 @@ user password using shadow hash.")
|
|
244
244
|
break
|
245
245
|
end
|
246
246
|
end
|
247
|
-
|
247
|
+
uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
|
248
248
|
end
|
249
249
|
|
250
250
|
#
|
@@ -252,18 +252,18 @@ user password using shadow hash.")
|
|
252
252
|
#
|
253
253
|
def uid_used?(uid)
|
254
254
|
return false unless uid
|
255
|
-
users_uids = run_dscl("list /Users uid").split("\n")
|
256
|
-
uid_map = users_uids.
|
255
|
+
users_uids = run_dscl("list", "/Users", "uid").split("\n")
|
256
|
+
uid_map = users_uids.each_with_object({}) do |tuid, tmap|
|
257
257
|
x = tuid.split
|
258
258
|
tmap[x[1]] = x[0]
|
259
259
|
tmap
|
260
260
|
end
|
261
261
|
if uid_map[uid.to_s]
|
262
|
-
unless uid_map[uid.to_s] == new_resource.username
|
262
|
+
unless uid_map[uid.to_s] == new_resource.username
|
263
263
|
return true
|
264
264
|
end
|
265
265
|
end
|
266
|
-
|
266
|
+
false
|
267
267
|
end
|
268
268
|
|
269
269
|
#
|
@@ -277,14 +277,14 @@ user password using shadow hash.")
|
|
277
277
|
new_resource.gid(STAFF_GROUP_ID)
|
278
278
|
elsif !new_resource.gid.to_s.match(/^\d+$/)
|
279
279
|
begin
|
280
|
-
possible_gid = run_dscl("read /Groups/#{new_resource.gid} PrimaryGroupID").split(" ").last
|
281
|
-
rescue Chef::Exceptions::DsclCommandFailed
|
282
|
-
raise Chef::Exceptions::GroupIDNotFound
|
280
|
+
possible_gid = run_dscl("read", "/Groups/#{new_resource.gid}", "PrimaryGroupID").split(" ").last
|
281
|
+
rescue Chef::Exceptions::DsclCommandFailed
|
282
|
+
raise Chef::Exceptions::GroupIDNotFound, "Group not found for #{new_resource.gid} when creating user #{new_resource.username}"
|
283
283
|
end
|
284
284
|
# XXX: mutates the new resource
|
285
285
|
new_resource.gid(possible_gid) if possible_gid && possible_gid.match(/^\d+$/)
|
286
286
|
end
|
287
|
-
run_dscl("create /Users/#{new_resource.username} PrimaryGroupID
|
287
|
+
run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", new_resource.gid)
|
288
288
|
end
|
289
289
|
|
290
290
|
#
|
@@ -293,7 +293,7 @@ user password using shadow hash.")
|
|
293
293
|
#
|
294
294
|
def dscl_set_home
|
295
295
|
if new_resource.home.nil? || new_resource.home.empty?
|
296
|
-
run_dscl("delete /Users/#{new_resource.username} NFSHomeDirectory")
|
296
|
+
run_dscl("delete", "/Users/#{new_resource.username}", "NFSHomeDirectory")
|
297
297
|
return
|
298
298
|
end
|
299
299
|
|
@@ -308,7 +308,7 @@ user password using shadow hash.")
|
|
308
308
|
move_home
|
309
309
|
end
|
310
310
|
end
|
311
|
-
run_dscl("create /Users/#{new_resource.username} NFSHomeDirectory
|
311
|
+
run_dscl("create", "/Users/#{new_resource.username}", "NFSHomeDirectory", new_resource.home)
|
312
312
|
end
|
313
313
|
|
314
314
|
def validate_home_dir_specification!
|
@@ -318,17 +318,17 @@ user password using shadow hash.")
|
|
318
318
|
end
|
319
319
|
|
320
320
|
def current_home_exists?
|
321
|
-
::File.exist?(
|
321
|
+
::File.exist?(current_resource.home)
|
322
322
|
end
|
323
323
|
|
324
324
|
def new_home_exists?
|
325
|
-
::File.exist?(
|
325
|
+
::File.exist?(new_resource.home)
|
326
326
|
end
|
327
327
|
|
328
328
|
def ditto_home
|
329
329
|
skel = "/System/Library/User Template/English.lproj"
|
330
|
-
raise(Chef::Exceptions::User, "can't find skel at: #{skel}") unless ::File.
|
331
|
-
|
330
|
+
raise(Chef::Exceptions::User, "can't find skel at: #{skel}") unless ::File.exist?(skel)
|
331
|
+
shell_out_compact!("ditto", skel, new_resource.home)
|
332
332
|
::FileUtils.chown_R(new_resource.username, new_resource.gid.to_s, new_resource.home)
|
333
333
|
end
|
334
334
|
|
@@ -338,7 +338,7 @@ user password using shadow hash.")
|
|
338
338
|
src = current_resource.home
|
339
339
|
FileUtils.mkdir_p(new_resource.home)
|
340
340
|
files = ::Dir.glob("#{Chef::Util::PathHelper.escape_glob_dir(src)}/*", ::File::FNM_DOTMATCH) - ["#{src}/.", "#{src}/.."]
|
341
|
-
::FileUtils.mv(files, new_resource.home, :
|
341
|
+
::FileUtils.mv(files, new_resource.home, force: true)
|
342
342
|
::FileUtils.rmdir(src)
|
343
343
|
::FileUtils.chown_R(new_resource.username, new_resource.gid.to_s, new_resource.home)
|
344
344
|
end
|
@@ -347,10 +347,10 @@ user password using shadow hash.")
|
|
347
347
|
# Sets the shell for the user using dscl.
|
348
348
|
#
|
349
349
|
def dscl_set_shell
|
350
|
-
if new_resource.shell
|
351
|
-
run_dscl("create /Users/#{new_resource.username} UserShell
|
350
|
+
if new_resource.shell
|
351
|
+
run_dscl("create", "/Users/#{new_resource.username}", "UserShell", new_resource.shell)
|
352
352
|
else
|
353
|
-
run_dscl("create /Users/#{new_resource.username} UserShell
|
353
|
+
run_dscl("create", "/Users/#{new_resource.username}", "UserShell", "/usr/bin/false")
|
354
354
|
end
|
355
355
|
end
|
356
356
|
|
@@ -367,9 +367,8 @@ user password using shadow hash.")
|
|
367
367
|
|
368
368
|
# Shadow info is saved as binary plist. Convert the info to binary plist.
|
369
369
|
shadow_info_binary = StringIO.new
|
370
|
-
|
371
|
-
|
372
|
-
command.run_command
|
370
|
+
shell_out_compact("plutil", "-convert", "binary1", "-o", "-", "-",
|
371
|
+
input: shadow_info.to_plist, live_stream: shadow_info_binary)
|
373
372
|
|
374
373
|
if user_info.nil?
|
375
374
|
# User is just created. read_user_info() will read the fresh information
|
@@ -401,7 +400,7 @@ user password using shadow hash.")
|
|
401
400
|
# Create a random 4 byte salt
|
402
401
|
salt = OpenSSL::Random.random_bytes(4)
|
403
402
|
encoded_password = OpenSSL::Digest::SHA512.hexdigest(salt + new_resource.password)
|
404
|
-
|
403
|
+
salt.unpack("H*").first + encoded_password
|
405
404
|
end
|
406
405
|
|
407
406
|
shadow_info["SALTED-SHA512"] = StringIO.new
|
@@ -449,21 +448,21 @@ user password using shadow hash.")
|
|
449
448
|
end
|
450
449
|
|
451
450
|
# Remove the user from its groups
|
452
|
-
run_dscl("list /Groups").each_line do |group|
|
451
|
+
run_dscl("list", "/Groups").each_line do |group|
|
453
452
|
if member_of_group?(group.chomp)
|
454
|
-
run_dscl("delete /Groups/#{group.chomp} GroupMembership
|
453
|
+
run_dscl("delete", "/Groups/#{group.chomp}", "GroupMembership", new_resource.username)
|
455
454
|
end
|
456
455
|
end
|
457
456
|
|
458
457
|
# Remove user account
|
459
|
-
run_dscl("delete /Users/#{new_resource.username}")
|
458
|
+
run_dscl("delete", "/Users/#{new_resource.username}")
|
460
459
|
end
|
461
460
|
|
462
461
|
#
|
463
462
|
# Locks the user.
|
464
463
|
#
|
465
464
|
def lock_user
|
466
|
-
run_dscl("append /Users/#{new_resource.username} AuthenticationAuthority
|
465
|
+
run_dscl("append", "/Users/#{new_resource.username}", "AuthenticationAuthority", ";DisabledUser;")
|
467
466
|
end
|
468
467
|
|
469
468
|
#
|
@@ -471,7 +470,7 @@ user password using shadow hash.")
|
|
471
470
|
#
|
472
471
|
def unlock_user
|
473
472
|
auth_string = authentication_authority.gsub(/AuthenticationAuthority: /, "").gsub(/;DisabledUser;/, "").strip
|
474
|
-
run_dscl("create /Users/#{new_resource.username} AuthenticationAuthority
|
473
|
+
run_dscl("create", "/Users/#{new_resource.username}", "AuthenticationAuthority", auth_string)
|
475
474
|
end
|
476
475
|
|
477
476
|
#
|
@@ -489,7 +488,7 @@ user password using shadow hash.")
|
|
489
488
|
# This is the interface base User provider requires to provide idempotency.
|
490
489
|
#
|
491
490
|
def check_lock
|
492
|
-
|
491
|
+
@locked = locked?
|
493
492
|
end
|
494
493
|
|
495
494
|
#
|
@@ -501,11 +500,11 @@ user password using shadow hash.")
|
|
501
500
|
# given attribute.
|
502
501
|
#
|
503
502
|
def diverged?(parameter)
|
504
|
-
parameter_updated?(parameter) &&
|
503
|
+
parameter_updated?(parameter) && !new_resource.send(parameter).nil?
|
505
504
|
end
|
506
505
|
|
507
506
|
def parameter_updated?(parameter)
|
508
|
-
|
507
|
+
!(new_resource.send(parameter) == current_resource.send(parameter))
|
509
508
|
end
|
510
509
|
|
511
510
|
#
|
@@ -551,7 +550,7 @@ user password using shadow hash.")
|
|
551
550
|
def member_of_group?(group_name)
|
552
551
|
membership_info = ""
|
553
552
|
begin
|
554
|
-
membership_info = run_dscl("read /Groups/#{group_name}")
|
553
|
+
membership_info = run_dscl("read", "/Groups/#{group_name}")
|
555
554
|
rescue Chef::Exceptions::DsclCommandFailed
|
556
555
|
# Raised if the group doesn't contain any members
|
557
556
|
end
|
@@ -568,14 +567,14 @@ user password using shadow hash.")
|
|
568
567
|
|
569
568
|
# A simple map of Chef's terms to DSCL's terms.
|
570
569
|
DSCL_PROPERTY_MAP = {
|
571
|
-
:
|
572
|
-
:
|
573
|
-
:
|
574
|
-
:
|
575
|
-
:
|
576
|
-
:
|
577
|
-
:
|
578
|
-
:
|
570
|
+
uid: "uid",
|
571
|
+
gid: "gid",
|
572
|
+
home: "home",
|
573
|
+
shell: "shell",
|
574
|
+
comment: "realname",
|
575
|
+
password: "passwd",
|
576
|
+
auth_authority: "authentication_authority",
|
577
|
+
shadow_hash: "ShadowHashData",
|
579
578
|
}.freeze
|
580
579
|
|
581
580
|
# Directory where the user plist files are stored for versions 10.7 and above
|
@@ -590,11 +589,11 @@ user password using shadow hash.")
|
|
590
589
|
|
591
590
|
# We flush the cache here in order to make sure that we read fresh information
|
592
591
|
# for the user.
|
593
|
-
|
592
|
+
shell_out_compact("dscacheutil", "-flushcache") # FIXME: this is MacOS version dependent
|
594
593
|
|
595
594
|
begin
|
596
595
|
user_plist_file = "#{USER_PLIST_DIRECTORY}/#{new_resource.username}.plist"
|
597
|
-
user_plist_info = run_plutil("convert xml1 -o -
|
596
|
+
user_plist_info = run_plutil("convert", "xml1", "-o", "-", user_plist_file)
|
598
597
|
user_info = Plist.parse_xml(user_plist_info)
|
599
598
|
rescue Chef::Exceptions::PlistUtilCommandFailed
|
600
599
|
end
|
@@ -609,7 +608,7 @@ user password using shadow hash.")
|
|
609
608
|
def save_user_info(user_info)
|
610
609
|
user_plist_file = "#{USER_PLIST_DIRECTORY}/#{new_resource.username}.plist"
|
611
610
|
Plist::Emit.save_plist(user_info, user_plist_file)
|
612
|
-
run_plutil("convert binary1
|
611
|
+
run_plutil("convert", "binary1", user_plist_file)
|
613
612
|
end
|
614
613
|
|
615
614
|
#
|
@@ -658,7 +657,9 @@ user password using shadow hash.")
|
|
658
657
|
end
|
659
658
|
|
660
659
|
def run_dscl(*args)
|
661
|
-
|
660
|
+
argdup = args.dup
|
661
|
+
cmd = argdup.shift
|
662
|
+
result = shell_out_compact("dscl", ".", "-#{cmd}", argdup)
|
662
663
|
return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
|
663
664
|
raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") unless result.exitstatus == 0
|
664
665
|
raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
|
@@ -666,17 +667,19 @@ user password using shadow hash.")
|
|
666
667
|
end
|
667
668
|
|
668
669
|
def run_plutil(*args)
|
669
|
-
|
670
|
+
argdup = args.dup
|
671
|
+
cmd = argdup.shift
|
672
|
+
result = shell_out_compact("plutil", "-#{cmd}", argdup)
|
670
673
|
raise(Chef::Exceptions::PlistUtilCommandFailed, "plutil error: #{result.inspect}") unless result.exitstatus == 0
|
671
674
|
if result.stdout.encoding == Encoding::ASCII_8BIT
|
672
|
-
result.stdout.encode("utf-8", "binary", :
|
675
|
+
result.stdout.encode("utf-8", "binary", undef: :replace, invalid: :replace, replace: "?")
|
673
676
|
else
|
674
677
|
result.stdout
|
675
678
|
end
|
676
679
|
end
|
677
680
|
|
678
681
|
def convert_binary_plist_to_xml(binary_plist_string)
|
679
|
-
|
682
|
+
shell_out_compact("plutil", "-convert", "xml1", "-o", "-", "-", input: binary_plist_string).stdout
|
680
683
|
end
|
681
684
|
|
682
685
|
def convert_to_binary(string)
|