chef 13.3.42 → 13.4.19

data/lib/chef/provider/package/dnf.rb

@@ -35,10 +35,12 @@ class Chef
         use_multipackage_api
         use_package_name_for_source
 
-        provides :package, platform_family: %w{rhel fedora amazon} do
+        provides :package, platform_family: %w{fedora amazon} do
           which("dnf") && shell_out("rpm -q dnf").stdout =~ /^dnf-[1-9]/
         end
 
+        provides :package, platform_family: %w{rhel}, platform_version: ">= 8"
+
         provides :dnf_package, os: "linux"
 
         #

data/lib/chef/provider/remote_file.rb

@@ -29,6 +29,25 @@ class Chef
         super
       end
 
+      def define_resource_requirements
+        [ new_resource.remote_user, new_resource.remote_domain,
+          new_resource.remote_password ].each do |prop|
+          requirements.assert(:all_actions) do |a|
+            a.assertion do
+              if prop
+                node[:platform_family] == "windows"
+              else
+                true
+              end
+            end
+            a.failure_message Chef::Exceptions::UnsupportedPlatform, "'remote_user', 'remote_domain' and 'remote_password' properties are supported only for Windows platform"
+            a.whyrun("Assuming that the platform is Windows while passing 'remote_user', 'remote_domain' and 'remote_password' properties")
+          end
+        end
+
+        super
+      end
+
       def load_current_resource
         @current_resource = Chef::Resource::RemoteFile.new(new_resource.name)
         super

data/lib/chef/provider/remote_file/fetcher.rb

@@ -24,6 +24,9 @@ class Chef
 
         def self.for_resource(uri, new_resource, current_resource)
           if network_share?(uri)
+            if !Chef::Platform.windows?
+              raise Exceptions::UnsupportedPlatform, "Fetching the file on a network share is supported only on the Windows platform. Please change your source: #{uri}"
+            end
             Chef::Provider::RemoteFile::NetworkFile.new(uri, new_resource, current_resource)
           else
             case uri.scheme

data/lib/chef/provider/remote_file/network_file.rb

@@ -19,14 +19,18 @@
 require "uri"
 require "tempfile"
 require "chef/provider/remote_file"
+require "chef/mixin/user_context"
 
 class Chef
   class Provider
     class RemoteFile
       class NetworkFile
+        include Chef::Mixin::UserContext
 
         attr_reader :new_resource
 
+        TRANSFER_CHUNK_SIZE = 1048576
+
         def initialize(source, new_resource, current_resource)
           @new_resource = new_resource
           @source = source
@@ -35,13 +39,22 @@ class Chef
         # Fetches the file on a network share, returning a Tempfile-like File handle
         # windows only
         def fetch
-          tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
-          Chef::Log.debug("#{new_resource} staging #{@source} to #{tempfile.path}")
-          FileUtils.cp(@source, tempfile.path)
-          tempfile.close if tempfile
+          begin
+            tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
+            Chef::Log.debug("#{new_resource} staging #{@source} to #{tempfile.path}")
+
+            with_user_context(new_resource.remote_user, new_resource.remote_password, new_resource.remote_domain) do
+              ::File.open(@source, "rb") do |remote_file|
+                while data = remote_file.read(TRANSFER_CHUNK_SIZE)
+                  tempfile.write(data)
+                end
+              end
+            end
+          ensure
+            tempfile.close if tempfile
+          end
           tempfile
         end
-
       end
     end
   end

data/lib/chef/provider/service/macosx.rb

@@ -52,17 +52,18 @@ class Chef
           @plist_size = 0
           @plist = @new_resource.plist ? @new_resource.plist : find_service_plist
           @service_label = find_service_label
-          # LauchAgents should be loaded as the console user.
+          # LaunchAgents should be loaded as the console user.
           @console_user = @plist ? @plist.include?("LaunchAgents") : false
           @session_type = @new_resource.session_type
 
           if @console_user
-            @console_user = Etc.getlogin
+            @console_user = Etc.getpwuid(::File.stat("/dev/console").uid).name
             Chef::Log.debug("#{new_resource} console_user: '#{@console_user}'")
             cmd = "su "
             param = this_version_or_newer?("10.10") ? "" : "-l "
+            param = "-l " if this_version_or_newer?("10.12")
             @base_user_cmd = cmd + param + "#{@console_user} -c"
-            # Default LauchAgent session should be Aqua
+            # Default LaunchAgent session should be Aqua
             @session_type = "Aqua" if @session_type.nil?
           end
 

data/lib/chef/provider/windows_path.rb

@@ -0,0 +1,62 @@
+#
+# Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>)
+# Copyright:: Copyright 2008-2017, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/mixin/windows_env_helper" if Chef::Platform.windows?
+require "chef/mixin/wide_string"
+require "chef/exceptions"
+
+class Chef
+  class Provider
+    class WindowsPath < Chef::Provider
+
+      include Chef::Mixin::WindowsEnvHelper if Chef::Platform.windows?
+
+      def load_current_resource
+        @current_resource = Chef::Resource::WindowsPath.new(new_resource.name)
+        @current_resource.path(new_resource.path)
+        @current_resource
+      end
+
+      action :add do
+        # The windows Env provider does not correctly expand variables in
+        # the PATH environment variable. Ruby expects these to be expanded.
+        #
+        path = expand_path(new_resource.path)
+        converge_by "Adding #{new_resource.path} to path environment variable" do
+          declare_resource(:env, "path") do
+            action :modify
+            delim ::File::PATH_SEPARATOR
+            value path.tr("/", '\\')
+          end
+        end
+      end
+
+      action :remove do
+        # The windows Env provider does not correctly expand variables in
+        # the PATH environment variable. Ruby expects these to be expanded.
+        #
+        path = expand_path(new_resource.path)
+        declare_resource(:env, "path") do
+          action :delete
+          delim ::File::PATH_SEPARATOR
+          value path.tr("/", '\\')
+        end
+      end
+    end
+  end
+end

data/lib/chef/provider/zypper_repository.rb

@@ -57,7 +57,7 @@ class Chef
       end
 
       action :refresh do
-        declare_resource(:execute, "zypper refresh #{escaped_repo_name}") do
+        declare_resource(:execute, "zypper#{' --gpg-auto-import-keys' if new_resource.gpgautoimportkeys} refresh #{escaped_repo_name}") do
           only_if "zypper lr #{escaped_repo_name}"
         end
       end

data/lib/chef/providers.rb

@@ -61,6 +61,7 @@ require "chef/provider/whyrun_safe_ruby_block"
 require "chef/provider/yum_repository"
 require "chef/provider/windows_task"
 require "chef/provider/zypper_repository"
+require "chef/provider/windows_path"
 
 require "chef/provider/env/windows"
 

data/lib/chef/resource.rb

@@ -641,7 +641,11 @@ class Chef
 
       all_props = {}
       self.class.state_properties.map do |p|
-        all_props[p.name.to_s] = p.sensitive? ? '"*sensitive value suppressed*"' : value_to_text(p.get(self))
+        begin
+          all_props[p.name.to_s] = p.sensitive? ? '"*sensitive value suppressed*"' : value_to_text(p.get(self))
+        rescue Chef::Exceptions::ValidationFailed
+          # This space left intentionally blank, the property was probably required or had an invalid default.
+        end
       end
 
       ivars = instance_variables.map { |ivar| ivar.to_sym } - HIDDEN_IVARS

data/lib/chef/resource/apt_repository.rb

@@ -33,7 +33,7 @@ class Chef
       # whether or not to add the repository as a source repo, too
       property :deb_src, [TrueClass, FalseClass], default: false
       property :keyserver, [String, nil, false], default: "keyserver.ubuntu.com", nillable: true, coerce: proc { |x| x ? x : nil }
-      property :key, [String, nil, false], default: nil, nillable: true, coerce: proc { |x| x ? x : nil }
+      property :key, [String, Array, nil, false], default: [], coerce: proc { |x| x ? Array(x) : nil }
       property :key_proxy, [String, nil, false], default: nil, nillable: true, coerce: proc { |x| x ? x : nil }
 
       property :cookbook, [String, nil, false], default: nil, desired_state: false, nillable: true, coerce: proc { |x| x ? x : nil }

data/lib/chef/resource/ifconfig.rb

@@ -44,6 +44,10 @@ class Chef
         @network = nil
         @bootproto = nil
         @onparent = nil
+        @ethtool_opts = nil
+        @bonding_opts = nil
+        @master = nil
+        @slave = nil
       end
 
       def target(arg = nil)
@@ -141,6 +145,38 @@ class Chef
           :kind_of => String
         )
       end
+
+      def ethtool_opts(arg = nil)
+        set_or_return(
+          :ethtool_opts,
+          arg,
+          :kind_of => String
+        )
+      end
+
+      def bonding_opts(arg = nil)
+        set_or_return(
+          :bonding_opts,
+          arg,
+          :kind_of => String
+        )
+      end
+
+      def master(arg = nil)
+        set_or_return(
+          :master,
+          arg,
+          :kind_of => String
+        )
+      end
+
+      def slave(arg = nil)
+        set_or_return(
+          :slave,
+          arg,
+          :kind_of => String
+        )
+      end
     end
 
   end

data/lib/chef/resource/remote_file.rb

@@ -131,6 +131,66 @@ class Chef
         )
       end
 
+      property :remote_user, String
+
+      property :remote_domain, String
+
+      property :remote_password, String, sensitive: true
+
+      def after_created
+        validate_identity_platform(remote_user, remote_password, remote_domain)
+        identity = qualify_user(remote_user, remote_password, remote_domain)
+        remote_domain(identity[:domain])
+        remote_user(identity[:user])
+      end
+
+      def validate_identity_platform(specified_user, password = nil, specified_domain = nil)
+        if node[:platform_family] == "windows"
+          if specified_user && password.nil?
+            raise ArgumentError, "A value for `remote_password` must be specified when a value for `user` is specified on the Windows platform"
+          end
+        end
+      end
+
+      def qualify_user(specified_user, password = nil, specified_domain = nil)
+        domain = specified_domain
+        user = specified_user
+
+        if specified_user.nil? && ! specified_domain.nil?
+          raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given"
+        end
+
+        # if domain is provided in both username and domain
+        if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
+          raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
+        end
+
+        if ! specified_user.nil? && specified_domain.nil?
+          # Splitting username of format: Domain\Username
+          domain_and_user = user.split('\\')
+
+          if domain_and_user.length == 2
+            domain = domain_and_user[0]
+            user = domain_and_user[1]
+          elsif domain_and_user.length == 1
+            # Splitting username of format: Username@Domain
+            domain_and_user = user.split("@")
+            if domain_and_user.length == 2
+              domain = domain_and_user[1]
+              user = domain_and_user[0]
+            elsif domain_and_user.length != 1
+              raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
+            end
+          end
+        end
+
+        if ( password || domain ) && user.nil?
+          raise ArgumentError, "A value for `password` or `domain` was specified without specification of a value for `user`"
+        end
+
+        { domain: domain, user: user }
+      end
+
       private
 
       include Chef::Mixin::Uris

data/lib/chef/resource/windows_path.rb

@@ -0,0 +1,41 @@
+#
+# Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>)
+# Copyright:: Copyright 2008-2017, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+
+class Chef
+  class Resource
+    class WindowsPath < Chef::Resource
+
+      provides :windows_path, os: "windows"
+
+      allowed_actions :add, :remove
+      default_action :add
+
+      def initialize(name, run_context = nil)
+        super
+        @resource_name = :windows_path
+        @path = name
+        @provider = Chef::Provider::WindowsPath
+        @action = :add
+      end
+
+      property :path, String, name_property: true
+    end
+  end
+end

data/lib/chef/resource/zypper_repository.rb

@@ -39,6 +39,7 @@ class Chef
       property :mode, default: "0644"
       property :refresh_cache, [true, false], default: true
       property :source, String, regex: /.*/
+      property :gpgautoimportkeys, [true, false], default: true
 
       default_action :create
       allowed_actions :create, :remove, :add, :refresh

data/lib/chef/resources.rb

@@ -101,3 +101,4 @@ require "chef/resource/cab_package"
 require "chef/resource/powershell_package"
 require "chef/resource/msu_package"
 require "chef/resource/windows_task"
+require "chef/resource/windows_path"

data/lib/chef/shell.rb

@@ -138,6 +138,7 @@ module Shell
   def self.session
     unless client_type.instance.node_built?
       puts "Session type: #{client_type.session_type}"
+      client_type.instance.json_configuration = @json_attribs
       client_type.instance.reset!
     end
     client_type.instance

data/lib/chef/shell/shell_session.rb

@@ -38,7 +38,7 @@ module Shell
       @session_type
     end
 
-    attr_accessor :node, :compile, :recipe, :run_context
+    attr_accessor :node, :compile, :recipe, :run_context, :json_configuration
     attr_reader :node_attributes, :client
     def initialize
       @node_built = false
@@ -151,7 +151,7 @@ module Shell
 
     def rebuild_node
       Chef::Config[:solo_legacy_mode] = true
-      @client = Chef::Client.new(nil, Chef::Config[:shell_config])
+      @client = Chef::Client.new(json_configuration, Chef::Config[:shell_config])
       @client.run_ohai
       @client.load_node
       @client.build_node
@@ -183,7 +183,7 @@ module Shell
     def rebuild_node
       # Tell the client we're chef solo so it won't try to contact the server
       Chef::Config[:solo_legacy_mode] = true
-      @client = Chef::Client.new(nil, Chef::Config[:shell_config])
+      @client = Chef::Client.new(json_configuration, Chef::Config[:shell_config])
       @client.run_ohai
       @client.load_node
       @client.build_node
@@ -218,7 +218,7 @@ module Shell
     def rebuild_node
       # Make sure the client knows this is not chef solo
       Chef::Config[:solo_legacy_mode] = false
-      @client = Chef::Client.new(nil, Chef::Config[:shell_config])
+      @client = Chef::Client.new(json_configuration, Chef::Config[:shell_config])
       @client.run_ohai
       @client.register
       @client.load_node

data/lib/chef/util/windows/logon_session.rb

@@ -0,0 +1,126 @@
+#
+# Author:: Adam Edwards (<adamed@chef.io>)
+#
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/win32/api/security" if Chef::Platform.windows?
+require "chef/mixin/wide_string"
+
+class Chef
+  class Util
+    class Windows
+      class LogonSession
+        include Chef::Mixin::WideString
+
+        def initialize(username, password, domain = nil)
+          if username.nil? || password.nil?
+            raise ArgumentError, "The logon session must be initialize with non-nil user name and password parameters"
+          end
+
+          @original_username = username
+          @original_password = password
+          @original_domain = domain
+          @token = FFI::Buffer.new(:pointer)
+          @session_opened = false
+          @impersonating = false
+        end
+
+        def open
+          if session_opened
+            raise "Attempted to open a logon session that was already open."
+          end
+
+          username = wstring(original_username)
+          password = wstring(original_password)
+          domain = wstring(original_domain)
+
+          status = Chef::ReservedNames::Win32::API::Security.LogonUserW(username, domain, password, Chef::ReservedNames::Win32::API::Security::LOGON32_LOGON_NEW_CREDENTIALS, Chef::ReservedNames::Win32::API::Security::LOGON32_PROVIDER_DEFAULT, token)
+
+          if !status
+            last_error = FFI::LastError.error
+            raise Chef::Exceptions::Win32APIError, "Logon for user `#{original_username}` failed with Win32 status #{last_error}."
+          end
+
+          @session_opened = true
+        end
+
+        def close
+          validate_session_open!
+
+          if impersonating
+            restore_user_context
+          end
+
+          Chef::ReservedNames::Win32::API::System.CloseHandle(token.read_ulong)
+          @token = nil
+          @session_opened = false
+        end
+
+        def set_user_context
+          validate_session_open!
+
+          if ! session_opened
+            raise "Attempted to set the user context before opening a session."
+          end
+
+          if impersonating
+            raise "Attempt to set the user context when the user context is already set."
+          end
+
+          status = Chef::ReservedNames::Win32::API::Security.ImpersonateLoggedOnUser(token.read_ulong)
+
+          if !status
+            last_error = FFI::LastError.error
+            raise Chef::Exceptions::Win32APIError, "Attempt to impersonate user `#{original_username}` failed with Win32 status #{last_error}."
+          end
+
+          @impersonating = true
+        end
+
+        def restore_user_context
+          validate_session_open!
+
+          if impersonating
+            status = Chef::ReservedNames::Win32::API::Security.RevertToSelf
+
+            if !status
+              last_error = FFI::LastError.error
+              raise Chef::Exceptions::Win32APIError, "Unable to restore user context with Win32 status #{last_error}."
+            end
+          end
+
+          @impersonating = false
+        end
+
+        protected
+
+        attr_reader :original_username
+        attr_reader :original_password
+        attr_reader :original_domain
+
+        attr_reader :token
+        attr_reader :session_opened
+        attr_reader :impersonating
+
+        def validate_session_open!
+          if ! session_opened
+            raise "Attempted to set the user context before opening a session."
+          end
+        end
+      end
+    end
+  end
+end