RubyGems - chef - Versions diffs - 12.3.0 → 12.4.0.rc.0 - Mend

chef 12.3.0 → 12.4.0.rc.0

Files changed (247) hide show

checksums.yaml +4 -4
data/Rakefile +86 -7
data/distro/common/markdown/man1/chef-shell.mkd +4 -4
data/distro/common/markdown/man1/knife-bootstrap.mkd +1 -1
data/distro/common/markdown/man1/knife-client.mkd +1 -1
data/distro/common/markdown/man1/knife-configure.mkd +1 -1
data/distro/common/markdown/man1/knife-cookbook-site.mkd +1 -1
data/distro/common/markdown/man1/knife-cookbook.mkd +4 -4
data/distro/common/markdown/man1/knife-data-bag.mkd +1 -1
data/distro/common/markdown/man1/knife-environment.mkd +3 -3
data/distro/common/markdown/man1/knife-exec.mkd +1 -1
data/distro/common/markdown/man1/knife-index.mkd +1 -1
data/distro/common/markdown/man1/knife-node.mkd +1 -1
data/distro/common/markdown/man1/knife-role.mkd +3 -3
data/distro/common/markdown/man1/knife-search.mkd +2 -2
data/distro/common/markdown/man1/knife-ssh.mkd +1 -1
data/distro/common/markdown/man1/knife-status.mkd +1 -1
data/distro/common/markdown/man1/knife-tag.mkd +1 -1
data/distro/common/markdown/man1/knife.mkd +2 -2
data/distro/common/markdown/man8/chef-client.mkd +1 -2
data/distro/common/markdown/man8/chef-expander.mkd +1 -2
data/distro/common/markdown/man8/chef-expanderctl.mkd +1 -2
data/distro/common/markdown/man8/chef-server-webui.mkd +1 -1
data/distro/common/markdown/man8/chef-server.mkd +1 -2
data/distro/common/markdown/man8/chef-solo.mkd +2 -2
data/distro/common/markdown/man8/chef-solr.mkd +1 -1
data/lib/chef/client.rb +2 -2
data/lib/chef/config.rb +17 -709
data/lib/chef/cookbook/metadata.rb +9 -5
data/lib/chef/cookbook_loader.rb +1 -1
data/lib/chef/cookbook_site_streaming_uploader.rb +2 -18
data/lib/chef/dsl/definitions.rb +44 -0
data/lib/chef/dsl/recipe.rb +50 -35
data/lib/chef/dsl/resources.rb +28 -0
data/lib/chef/event_dispatch/dispatcher.rb +2 -0
data/lib/chef/event_loggers/windows_eventlog.rb +1 -11
data/lib/chef/exceptions.rb +4 -0
data/lib/chef/file_access_control/unix.rb +5 -0
data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +17 -0
data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +21 -9
data/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb +2 -0
data/lib/chef/formatters/error_inspectors/cookbook_sync_error_inspector.rb +2 -0
data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -0
data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +4 -0
data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +11 -1
data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +2 -0
data/lib/chef/http/authenticator.rb +3 -0
data/lib/chef/http/basic_client.rb +10 -6
data/lib/chef/http/json_input.rb +6 -1
data/lib/chef/key.rb +271 -0
data/lib/chef/knife.rb +11 -1
data/lib/chef/knife/bootstrap.rb +6 -0
data/lib/chef/knife/bootstrap/templates/chef-full.erb +166 -23
data/lib/chef/knife/client_key_create.rb +67 -0
data/lib/chef/knife/client_key_delete.rb +76 -0
data/lib/chef/knife/client_key_edit.rb +80 -0
data/lib/chef/knife/client_key_list.rb +69 -0
data/lib/chef/knife/client_key_show.rb +76 -0
data/lib/chef/knife/key_create.rb +108 -0
data/lib/chef/knife/key_create_base.rb +50 -0
data/lib/chef/knife/key_delete.rb +55 -0
data/lib/chef/knife/key_edit.rb +114 -0
data/lib/chef/knife/key_edit_base.rb +55 -0
data/lib/chef/knife/key_list.rb +88 -0
data/lib/chef/knife/key_list_base.rb +45 -0
data/lib/chef/knife/key_show.rb +53 -0
data/lib/chef/knife/ssh.rb +26 -28
data/lib/chef/knife/user_key_create.rb +69 -0
data/lib/chef/knife/user_key_delete.rb +76 -0
data/lib/chef/knife/user_key_edit.rb +80 -0
data/lib/chef/knife/user_key_list.rb +69 -0
data/lib/chef/knife/user_key_show.rb +76 -0
data/lib/chef/log.rb +2 -0
data/lib/chef/log/syslog.rb +46 -0
data/lib/chef/log/winevt.rb +99 -0
data/lib/chef/mixin/provides.rb +8 -1
data/lib/chef/mixin/unformatter.rb +32 -0
data/lib/chef/mixin/uris.rb +33 -0
data/lib/chef/mixin/wstring.rb +31 -0
data/lib/chef/node.rb +21 -2
data/lib/chef/platform/provider_mapping.rb +8 -4
data/lib/chef/platform/query_helpers.rb +1 -5
data/lib/chef/platform/service_helpers.rb +21 -21
data/lib/chef/provider.rb +33 -0
data/lib/chef/provider/cron/unix.rb +1 -0
data/lib/chef/provider/file.rb +5 -3
data/lib/chef/provider/lwrp_base.rb +76 -58
data/lib/chef/provider/ohai.rb +1 -0
data/lib/chef/provider/package.rb +7 -4
data/lib/chef/provider/package/aix.rb +1 -0
data/lib/chef/provider/package/smartos.rb +5 -5
data/lib/chef/provider/package/windows.rb +90 -6
data/lib/chef/provider/package/yum.rb +102 -32
data/lib/chef/provider/reboot.rb +1 -0
data/lib/chef/provider/registry_key.rb +2 -0
data/lib/chef/provider/remote_file.rb +1 -0
data/lib/chef/provider/remote_file/content.rb +5 -1
data/lib/chef/provider/remote_file/fetcher.rb +22 -8
data/lib/chef/provider/remote_file/network_file.rb +48 -0
data/lib/chef/provider/service/aix.rb +13 -12
data/lib/chef/provider_resolver.rb +87 -0
data/lib/chef/providers.rb +1 -0
data/lib/chef/resource.rb +67 -8
data/lib/chef/resource/bash.rb +1 -0
data/lib/chef/resource/bff_package.rb +1 -2
data/lib/chef/resource/breakpoint.rb +1 -0
data/lib/chef/resource/csh.rb +1 -0
data/lib/chef/resource/deploy.rb +1 -0
data/lib/chef/resource/erl_call.rb +1 -0
data/lib/chef/resource/execute.rb +1 -0
data/lib/chef/resource/file.rb +18 -0
data/lib/chef/resource/http_request.rb +1 -0
data/lib/chef/resource/ifconfig.rb +1 -2
data/lib/chef/resource/log.rb +1 -2
data/lib/chef/resource/lwrp_base.rb +106 -87
data/lib/chef/resource/ohai.rb +1 -0
data/lib/chef/resource/package.rb +1 -0
data/lib/chef/resource/perl.rb +1 -0
data/lib/chef/resource/portage_package.rb +1 -0
data/lib/chef/resource/python.rb +1 -0
data/lib/chef/resource/reboot.rb +2 -0
data/lib/chef/resource/registry_key.rb +1 -0
data/lib/chef/resource/remote_file.rb +1 -1
data/lib/chef/resource/route.rb +1 -2
data/lib/chef/resource/ruby.rb +1 -0
data/lib/chef/resource/ruby_block.rb +1 -0
data/lib/chef/resource/scm.rb +1 -0
data/lib/chef/resource/script.rb +1 -0
data/lib/chef/resource/service.rb +1 -0
data/lib/chef/resource/subversion.rb +1 -0
data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
data/lib/chef/resource/windows_package.rb +24 -2
data/lib/chef/resource/windows_script.rb +1 -0
data/lib/chef/resource/yum_package.rb +1 -1
data/lib/chef/resource_definition.rb +1 -0
data/lib/chef/resource_reporter.rb +3 -10
data/lib/chef/resource_resolver.rb +20 -10
data/lib/chef/run_context.rb +1 -0
data/lib/chef/run_list/versioned_recipe_list.rb +18 -0
data/lib/chef/run_status.rb +2 -4
data/lib/chef/shell.rb +1 -1
data/lib/chef/util/path_helper.rb +3 -204
data/lib/chef/util/windows/net_user.rb +73 -118
data/lib/chef/version.rb +8 -4
data/lib/chef/win32/api.rb +2 -1
data/lib/chef/win32/api/installer.rb +1 -1
data/lib/chef/win32/api/net.rb +115 -2
data/lib/chef/win32/api/security.rb +24 -0
data/lib/chef/win32/api/unicode.rb +1 -1
data/lib/chef/win32/eventlog.rb +31 -0
data/lib/chef/win32/net.rb +190 -0
data/lib/chef/win32/security.rb +51 -2
data/lib/chef/win32/security/sid.rb +17 -0
data/spec/data/lwrp/providers/buck_passer.rb +18 -2
data/spec/data/lwrp/providers/buck_passer_2.rb +18 -2
data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +14 -2
data/spec/data/lwrp_override/resources/foo.rb +5 -0
data/spec/functional/knife/ssh_spec.rb +2 -2
data/spec/functional/rebooter_spec.rb +1 -1
data/spec/functional/resource/aixinit_service_spec.rb +1 -1
data/spec/functional/resource/user/windows_spec.rb +125 -0
data/spec/functional/shell_spec.rb +25 -10
data/spec/functional/win32/sid_spec.rb +55 -0
data/spec/integration/client/client_spec.rb +53 -29
data/spec/integration/knife/deps_spec.rb +8 -14
data/spec/integration/knife/upload_spec.rb +18 -0
data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
data/spec/integration/recipes/provider_choice.rb +41 -0
data/spec/integration/recipes/recipe_dsl_spec.rb +259 -0
data/spec/spec_helper.rb +6 -1
data/spec/support/key_helpers.rb +104 -0
data/spec/support/lib/chef/resource/cat.rb +1 -0
data/spec/support/lib/chef/resource/one_two_three_four.rb +2 -0
data/spec/support/lib/chef/resource/zen_follower.rb +1 -0
data/spec/support/lib/chef/resource/zen_master.rb +2 -0
data/spec/support/mock/platform.rb +1 -1
data/spec/support/pedant/Gemfile.lock +67 -0
data/spec/support/shared/functional/securable_resource.rb +34 -12
data/spec/support/shared/integration/integration_helper.rb +6 -5
data/spec/support/shared/unit/provider/file.rb +31 -8
data/spec/unit/application/client_spec.rb +2 -2
data/spec/unit/client_spec.rb +21 -4
data/spec/unit/cookbook/cookbook_version_loader_spec.rb +1 -1
data/spec/unit/cookbook/metadata_spec.rb +15 -0
data/spec/unit/cookbook/syntax_check_spec.rb +1 -1
data/spec/unit/cookbook_loader_spec.rb +1 -1
data/spec/unit/cookbook_site_streaming_uploader_spec.rb +0 -21
data/spec/unit/data_bag_spec.rb +1 -1
data/spec/unit/event_dispatch/dispatcher_spec.rb +61 -0
data/spec/unit/formatters/error_inspectors/api_error_formatting_spec.rb +75 -0
data/spec/unit/formatters/error_inspectors/compile_error_inspector_spec.rb +149 -112
data/spec/unit/formatters/error_inspectors/resource_failure_inspector_spec.rb +7 -0
data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +1 -1
data/spec/unit/http/authenticator_spec.rb +69 -0
data/spec/unit/http/basic_client_spec.rb +16 -0
data/spec/unit/key_spec.rb +634 -0
data/spec/unit/knife/bootstrap_spec.rb +14 -1
data/spec/unit/knife/core/subcommand_loader_spec.rb +1 -1
data/spec/unit/knife/core/ui_spec.rb +1 -1
data/spec/unit/knife/data_bag_from_file_spec.rb +1 -1
data/spec/unit/knife/environment_from_file_spec.rb +1 -1
data/spec/unit/knife/key_create_spec.rb +224 -0
data/spec/unit/knife/key_delete_spec.rb +135 -0
data/spec/unit/knife/key_edit_spec.rb +267 -0
data/spec/unit/knife/key_helper.rb +74 -0
data/spec/unit/knife/key_list_spec.rb +216 -0
data/spec/unit/knife/key_show_spec.rb +126 -0
data/spec/unit/knife/ssh_spec.rb +23 -26
data/spec/unit/knife_spec.rb +33 -1
data/spec/unit/log/syslog_spec.rb +53 -0
data/spec/unit/log/winevt_spec.rb +55 -0
data/spec/unit/lwrp_spec.rb +105 -51
data/spec/unit/mixin/path_sanity_spec.rb +2 -2
data/spec/unit/mixin/template_spec.rb +2 -2
data/spec/unit/mixin/unformatter_spec.rb +61 -0
data/spec/unit/mixin/uris_spec.rb +45 -0
data/spec/unit/platform/query_helpers_spec.rb +1 -1
data/spec/unit/policy_builder/policyfile_spec.rb +7 -3
data/spec/unit/provider/deploy/revision_spec.rb +1 -1
data/spec/unit/provider/deploy_spec.rb +1 -1
data/spec/unit/provider/directory_spec.rb +1 -1
data/spec/unit/provider/execute_spec.rb +1 -1
data/spec/unit/provider/package/aix_spec.rb +20 -8
data/spec/unit/provider/package/smartos_spec.rb +50 -40
data/spec/unit/provider/package/windows_spec.rb +104 -25
data/spec/unit/provider/package/yum_spec.rb +111 -1
data/spec/unit/provider/package_spec.rb +6 -0
data/spec/unit/provider/remote_file/fetcher_spec.rb +20 -1
data/spec/unit/provider/remote_file/network_file_spec.rb +45 -0
data/spec/unit/provider/service/aix_service_spec.rb +26 -11
data/spec/unit/provider/user/dscl_spec.rb +1 -1
data/spec/unit/provider_spec.rb +20 -0
data/spec/unit/recipe_spec.rb +1 -1
data/spec/unit/resource/batch_spec.rb +1 -0
data/spec/unit/resource/powershell_spec.rb +1 -0
data/spec/unit/resource/remote_file_spec.rb +10 -0
data/spec/unit/resource/windows_package_spec.rb +16 -2
data/spec/unit/resource_spec.rb +40 -24
data/spec/unit/rest_spec.rb +10 -20
data/spec/unit/role_spec.rb +1 -1
data/spec/unit/run_context_spec.rb +31 -0
data/spec/unit/shell_spec.rb +4 -4
data/tasks/external_tests.rb +29 -0
data/tasks/rspec.rb +14 -1
metadata +105 -28
data/spec/unit/config_spec.rb +0 -544
data/spec/unit/util/path_helper_spec.rb +0 -255

data/lib/chef/win32/api/unicode.rb CHANGED

@@ -139,7 +139,7 @@ int WideCharToMultiByte(
           ustring = (ustring + "").force_encoding('UTF-8') if ustring.respond_to?(:force_encoding) && ustring.encoding.name != "UTF-8"
           # ensure we have the double-null termination Windows Wide likes
-          ustring = ustring + "\000\000" if ustring[-1].chr != "\000"
+          ustring = ustring + "\000\000" if ustring.length == 0 or ustring[-1].chr != "\000"
           # encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
           ustring = begin

data/lib/chef/win32/eventlog.rb ADDED

@@ -0,0 +1,31 @@
+#
+# Author:: Jay Mundrawala (<jdm@chef.io>)
+#
+# Copyright:: 2015, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+if Chef::Platform::windows? and not Chef::Platform::windows_server_2003?
+  if !defined? Chef::Win32EventLogLoaded
+    if defined? Windows::Constants
+      [:INFINITE, :WAIT_FAILED, :FORMAT_MESSAGE_IGNORE_INSERTS, :ERROR_INSUFFICIENT_BUFFER].each do |c|
+        # These are redefined in 'win32/eventlog'
+        Windows::Constants.send(:remove_const, c) if Windows::Constants.const_defined? c
+      end
+    end
+    require 'win32/eventlog'
+    Chef::Win32EventLogLoaded = true
+  end
+end

data/lib/chef/win32/net.rb ADDED

@@ -0,0 +1,190 @@
+#
+# Author:: Jay Mundrawala(<jdm@chef.io>)
+# Copyright:: Copyright 2015 Chef Software
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'chef/win32/api/net'
+require 'chef/win32/error'
+require 'chef/mixin/wstring'
+class Chef
+  module ReservedNames::Win32
+    class NetUser
+      include Chef::ReservedNames::Win32::API::Error
+      extend Chef::ReservedNames::Win32::API::Error
+      include Chef::ReservedNames::Win32::API::Net
+      extend Chef::ReservedNames::Win32::API::Net
+      include Chef::Mixin::WideString
+      extend Chef::Mixin::WideString
+      def self.default_user_info_3
+        ui3 = USER_INFO_3.new.tap do |s|
+          { usri3_name: nil,
+            usri3_password: nil,
+            usri3_password_age: 0,
+            usri3_priv: 0,
+            usri3_home_dir: nil,
+            usri3_comment: nil,
+            usri3_flags: UF_SCRIPT|UF_DONT_EXPIRE_PASSWD|UF_NORMAL_ACCOUNT,
+            usri3_script_path: nil,
+            usri3_auth_flags: 0,
+            usri3_full_name: nil,
+            usri3_usr_comment: nil,
+            usri3_parms: nil,
+            usri3_workstations: nil,
+            usri3_last_logon: 0,
+            usri3_last_logoff: 0,
+            usri3_acct_expires: -1,
+            usri3_max_storage: -1,
+            usri3_units_per_week: 0,
+            usri3_logon_hours: nil,
+            usri3_bad_pw_count: 0,
+            usri3_num_logons: 0,
+            usri3_logon_server: nil,
+            usri3_country_code: 0,
+            usri3_code_page: 0,
+            usri3_user_id: 0,
+            usri3_primary_group_id: DOMAIN_GROUP_RID_USERS,
+            usri3_profile: nil,
+            usri3_home_dir_drive: nil,
+            usri3_password_expired: 0
+          }.each do |(k,v)|
+            s.set(k, v)
+          end
+        end
+      end
+      def self.net_api_error!(code)
+        msg = case code
+        when NERR_InvalidComputer
+          "The user does not have access to the requested information."
+        when NERR_NotPrimary
+          "The operation is allowed only on the primary domain controller of the domain."
+        when NERR_SpeGroupOp
+          "This operation is not allowed on this special group."
+        when NERR_LastAdmin
+          "This operation is not allowed on the last administrative account."
+        when NERR_BadUsername
+          "The user name or group name parameter is invalid."
+        when NERR_BadPassword
+          "The password parameter is invalid."
+        when NERR_UserNotFound
+          raise Chef::Exceptions::UserIDNotFound, code
+        when NERR_PasswordTooShort
+          <<END
+The password is shorter than required. (The password could also be too
+long, be too recent in its change history, not have enough unique characters,
+or not meet another password policy requirement.)
+END
+        when ERROR_ACCESS_DENIED
+          "The user does not have access to the requested information."
+        else
+          "Received unknown error code (#{code})"
+        end
+        formatted_message = ""
+        formatted_message << "---- Begin Win32 API output ----\n"
+        formatted_message << "Net Api Error Code: #{code}\n"
+        formatted_message << "Net Api Error Message: #{msg}\n"
+        formatted_message << "---- End Win32 API output ----\n"
+        raise Chef::Exceptions::Win32APIError, msg + "\n" + formatted_message
+      end
+      def self.net_user_add_l3(server_name, args)
+        buf = default_user_info_3
+        args.each do |k, v|
+          buf.set(k, v)
+        end
+        server_name = wstring(server_name)
+        rc = NetUserAdd(server_name, 3, buf, nil)
+        if rc != NERR_Success
+          net_api_error!(rc)
+        end
+      end
+      def self.net_user_get_info_l3(server_name, user_name)
+        server_name = wstring(server_name)
+        user_name = wstring(user_name)
+        ui3_p = FFI::MemoryPointer.new(:pointer)
+        rc = NetUserGetInfo(server_name, user_name, 3, ui3_p)
+        if rc != NERR_Success
+          net_api_error!(rc)
+        end
+        ui3 = USER_INFO_3.new(ui3_p.read_pointer).as_ruby
+        rc = NetApiBufferFree(ui3_p.read_pointer)
+        if rc != NERR_Success
+          net_api_error!(rc)
+        end
+        ui3
+      end
+      def self.net_user_set_info_l3(server_name, user_name, info)
+        buf = default_user_info_3
+        info.each do |k, v|
+          buf.set(k, v)
+        end
+        server_name = wstring(server_name)
+        user_name = wstring(user_name)
+        rc = NetUserSetInfo(server_name, user_name, 3, buf, nil)
+        if rc != NERR_Success
+          net_api_error!(rc)
+        end
+      end
+      def self.net_user_del(server_name, user_name)
+        server_name = wstring(server_name)
+        user_name = wstring(user_name)
+        rc = NetUserDel(server_name, user_name)
+        if rc != NERR_Success
+          net_api_error!(rc)
+        end
+      end
+      def self.net_local_group_add_member(server_name, group_name, domain_user)
+        server_name = wstring(server_name)
+        group_name = wstring(group_name)
+        domain_user = wstring(domain_user)
+        buf = LOCALGROUP_MEMBERS_INFO_3.new
+        buf[:lgrmi3_domainandname] = FFI::MemoryPointer.from_string(domain_user)
+        rc = NetLocalGroupAddMembers(server_name, group_name, 3, buf, 1)
+        if rc != NERR_Success
+          net_api_error!(rc)
+        end
+      end
+    end
+  end
+end

data/lib/chef/win32/security.rb CHANGED

@@ -22,6 +22,7 @@ require 'chef/win32/memory'
 require 'chef/win32/process'
 require 'chef/win32/unicode'
 require 'chef/win32/security/token'
+require 'chef/mixin/wstring'
 class Chef
   module ReservedNames::Win32
@@ -31,6 +32,8 @@ class Chef
       include Chef::ReservedNames::Win32::API::Security
       extend Chef::ReservedNames::Win32::API::Security
       extend Chef::ReservedNames::Win32::API::Macros
+      include Chef::Mixin::WideString
+      extend Chef::Mixin::WideString
       def self.access_check(security_descriptor, token, desired_access, generic_mapping)
         token_handle = token.handle.handle
@@ -270,6 +273,36 @@ class Chef
         [ present.read_char != 0, acl.null? ? nil : ACL.new(acl, security_descriptor), defaulted.read_char != 0 ]
       end
+      def self.get_token_information_owner(token)
+        owner_result_size = FFI::MemoryPointer.new(:ulong)
+        if GetTokenInformation(token.handle.handle, :TokenOwner, nil, 0, owner_result_size)
+          raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!"
+        elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        owner_result_storage = FFI::MemoryPointer.new owner_result_size.read_ulong
+        unless GetTokenInformation(token.handle.handle, :TokenOwner, owner_result_storage, owner_result_size.read_ulong, owner_result_size)
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        owner_result = TOKEN_OWNER.new owner_result_storage
+        SID.new(owner_result[:Owner], owner_result_storage)
+      end
+      def self.get_token_information_primary_group(token)
+        group_result_size = FFI::MemoryPointer.new(:ulong)
+        if GetTokenInformation(token.handle.handle, :TokenPrimaryGroup, nil, 0, group_result_size)
+          raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!"
+        elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        group_result_storage = FFI::MemoryPointer.new group_result_size.read_ulong
+        unless GetTokenInformation(token.handle.handle, :TokenPrimaryGroup, group_result_storage, group_result_size.read_ulong, group_result_size)
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        group_result = TOKEN_PRIMARY_GROUP.new group_result_storage
+        SID.new(group_result[:PrimaryGroup], group_result_storage)
+      end
       def self.initialize_acl(acl_size)
         acl = FFI::MemoryPointer.new acl_size
         unless InitializeAcl(acl, acl_size, ACL_REVISION)
@@ -415,6 +448,10 @@ class Chef
         [ SecurityDescriptor.new(absolute_sd), SID.new(owner), SID.new(group), ACL.new(dacl), ACL.new(sacl) ]
       end
+      def self.open_current_process_token(desired_access = TOKEN_READ)
+        open_process_token(Chef::ReservedNames::Win32::Process.get_current_process, desired_access)
+      end
       def self.open_process_token(process, desired_access)
         process = process.handle if process.respond_to?(:handle)
         process = process.handle if process.respond_to?(:handle)
@@ -513,7 +550,7 @@ class Chef
       def self.with_privileges(*privilege_names)
         # Set privileges
-        token = open_process_token(Chef::ReservedNames::Win32::Process.get_current_process, TOKEN_READ | TOKEN_ADJUST_PRIVILEGES)
+        token = open_current_process_token(TOKEN_READ | TOKEN_ADJUST_PRIVILEGES)
         old_privileges = token.enable_privileges(*privilege_names)
         # Let the caller do their privileged stuff
@@ -533,7 +570,7 @@ class Chef
           true
         else
-          process_token = open_process_token(Chef::ReservedNames::Win32::Process.get_current_process, TOKEN_READ)
+          process_token = open_current_process_token(TOKEN_READ)
           elevation_result = FFI::Buffer.new(:ulong)
           elevation_result_size = FFI::MemoryPointer.new(:uint32)
           success = GetTokenInformation(process_token.handle.handle, :TokenElevation, elevation_result, 4, elevation_result_size)
@@ -543,6 +580,18 @@ class Chef
           success && (elevation_result.read_ulong != 0)
         end
       end
+      def self.logon_user(username, domain, password, logon_type, logon_provider)
+        username = wstring(username)
+        domain = wstring(domain)
+        password = wstring(password)
+        token = FFI::Buffer.new(:pointer)
+        unless LogonUserW(username, domain, password, logon_type, logon_provider, token)
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        Token.new(Handle.new(token.read_pointer))
+      end
     end
   end
 end

data/lib/chef/win32/security/sid.rb CHANGED

@@ -203,6 +203,23 @@ class Chef
           SID.from_account("#{::ENV['USERDOMAIN']}\\#{::ENV['USERNAME']}")
         end
+        # See https://technet.microsoft.com/en-us/library/cc961992.aspx
+        # In practice, this is SID.Administrators if the current_user is an admin (even if not
+        # running elevated), and is current_user otherwise. On win2k3, it technically can be
+        # current_user in all cases if a certain group policy is set.
+        def self.default_security_object_owner
+          token = Chef::ReservedNames::Win32::Security.open_current_process_token
+          Chef::ReservedNames::Win32::Security.get_token_information_owner(token)
+        end
+        # See https://technet.microsoft.com/en-us/library/cc961996.aspx
+        # In practice, this seems to be SID.current_user for Microsoft Accounts, the current
+        # user's Domain Users group for domain accounts, and SID.None otherwise.
+        def self.default_security_object_group
+          token = Chef::ReservedNames::Win32::Security.open_current_process_token
+          Chef::ReservedNames::Win32::Security.get_token_information_primary_group(token)
+        end
         def self.admin_account_name
           @admin_account_name ||= begin
             admin_account_name = nil

data/spec/data/lwrp/providers/buck_passer.rb CHANGED

@@ -1,12 +1,28 @@
 provides :buck_passer
+def without_deprecation_warnings(&block)
+  old_treat_deprecation_warnings_as_errors = Chef::Config[:treat_deprecation_warnings_as_errors]
+  Chef::Config[:treat_deprecation_warnings_as_errors] = false
+  begin
+    block.call
+  ensure
+    Chef::Config[:treat_deprecation_warnings_as_errors] = old_treat_deprecation_warnings_as_errors
+  end
+end
 action :pass_buck do
   lwrp_foo :prepared_thumbs do
     action :prepare_thumbs
-    provider :lwrp_thumb_twiddler
+    # We know there will be a deprecation error here; head it off
+    without_deprecation_warnings do
+      provider :lwrp_thumb_twiddler
+    end
   end
   lwrp_foo :twiddled_thumbs do
     action :twiddle_thumbs
-    provider :lwrp_thumb_twiddler
+    # We know there will be a deprecation error here; head it off
+    without_deprecation_warnings do
+      provider :lwrp_thumb_twiddler
+    end
   end
 end

data/spec/data/lwrp/providers/buck_passer_2.rb CHANGED

@@ -1,10 +1,26 @@
+def without_deprecation_warnings(&block)
+  old_treat_deprecation_warnings_as_errors = Chef::Config[:treat_deprecation_warnings_as_errors]
+  Chef::Config[:treat_deprecation_warnings_as_errors] = false
+  begin
+    block.call
+  ensure
+    Chef::Config[:treat_deprecation_warnings_as_errors] = old_treat_deprecation_warnings_as_errors
+  end
+end
 action :pass_buck do
   lwrp_bar :prepared_eyes do
     action :prepare_eyes
-    provider :lwrp_paint_drying_watcher
+    # We know there will be a deprecation error here; head it off
+    without_deprecation_warnings do
+      provider :lwrp_paint_drying_watcher
+    end
   end
   lwrp_bar :dried_paint_watched do
     action :watch_paint_dry
-    provider :lwrp_paint_drying_watcher
+    # We know there will be a deprecation error here; head it off
+    without_deprecation_warnings do
+      provider :lwrp_paint_drying_watcher
+    end
   end
 end

data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb CHANGED

@@ -3,11 +3,23 @@
 # are passed properly (as demonstrated by the call to generate_new_name).
 attr_reader :enclosed_resource
+def without_deprecation_warnings(&block)
+  old_treat_deprecation_warnings_as_errors = Chef::Config[:treat_deprecation_warnings_as_errors]
+  Chef::Config[:treat_deprecation_warnings_as_errors] = false
+  begin
+    block.call
+  ensure
+    Chef::Config[:treat_deprecation_warnings_as_errors] = old_treat_deprecation_warnings_as_errors
+  end
+end
 action :twiddle_thumbs do
   @enclosed_resource = lwrp_foo :foo do
     monkey generate_new_name(new_resource.monkey){ 'the monkey' }
-    action :twiddle_thumbs
-    provider :lwrp_monkey_name_printer
+    # We know there will be a deprecation error here; head it off
+    without_deprecation_warnings do
+      provider :lwrp_monkey_name_printer
+    end
   end
 end

data/spec/data/lwrp_override/resources/foo.rb CHANGED

@@ -3,3 +3,8 @@
 actions :never_execute
 attribute :ever, :kind_of => String
+class ::Chef
+  def method_created_by_override_lwrp_foo
+  end
+end