chef 14.6.47 → 14.7.17

data/lib/chef/platform/rebooter.rb

@@ -20,6 +20,7 @@ require "chef/dsl/reboot_pending"
 require "chef/log"
 require "chef/platform"
 require "chef/application/exit_code"
+require "chef/mixin/shell_out"
 
 class Chef
   class Platform

data/lib/chef/property.rb

@@ -103,6 +103,10 @@ class Chef
     #     be run in the context of the instance (and able to access other
     #     properties) and cached. If not, the value will be frozen with Object#freeze
     #     to prevent users from modifying it in an instance.
+    #   @option options [String] :default_description The description of the default value
+    #     used in docs. Particularly useful when a default is computed or lazily eval'd.
+    #   @option options [Boolean] :skip_docs This property should not be included in any
+    #     documentation output
     #   @option options [Proc] :coerce A proc which will be called to
     #     transform the user input to canonical form. The value is passed in,
     #     and the transformed value returned as output. Lazy values will *not*
@@ -229,6 +233,15 @@ class Chef
       nil
     end
 
+    #
+    # A desciption of the default value of this property.
+    #
+    # @return [String]
+    #
+    def default_description
+      options[:default_description]
+    end
+
     #
     # Whether this is part of the resource's natural identity or not.
     #
@@ -277,6 +290,17 @@ class Chef
       options[:required]
     end
 
+    #
+    # Whether this property should be skipped for documentation purposes.
+    #
+    # Defaults to false.
+    #
+    # @return [Boolean]
+    #
+    def skip_docs?
+      options.fetch(:skip_docs, false)
+    end
+
     #
     # Whether this property is sensitive or not.
     #
@@ -295,7 +319,7 @@ class Chef
     #
     def validation_options
       @validation_options ||= options.reject do |k, v|
-        [:declared_in, :name, :instance_variable_name, :desired_state, :identity, :default, :name_property, :coerce, :required, :nillable, :sensitive, :description, :introduced, :deprecated].include?(k)
+        [:declared_in, :name, :instance_variable_name, :desired_state, :identity, :default, :name_property, :coerce, :required, :nillable, :sensitive, :description, :introduced, :deprecated, :default_description, :skip_docs].include?(k)
       end
     end
 

data/lib/chef/provider/windows_task.rb

@@ -135,10 +135,10 @@ class Chef
             converge_by("#{new_resource} task created") do
               task = TaskScheduler.new
               if new_resource.frequency == :none
-                task.new_work_item(new_resource.task_name, {}, { user: new_resource.user, password: new_resource.password })
+                task.new_work_item(new_resource.task_name, {}, { user: new_resource.user, password: new_resource.password, interactive: new_resource.interactive_enabled })
                 task.activate(new_resource.task_name)
               else
-                task.new_work_item(new_resource.task_name, trigger, { user: new_resource.user, password: new_resource.password })
+                task.new_work_item(new_resource.task_name, trigger, { user: new_resource.user, password: new_resource.password, interactive: new_resource.interactive_enabled })
               end
               task.application_name = new_resource.command
               task.parameters = new_resource.command_arguments if new_resource.command_arguments
@@ -147,6 +147,7 @@ class Chef
               task.configure_principals(principal_settings)
               task.set_account_information(new_resource.user, new_resource.password)
               task.creator = new_resource.user
+              task.description = new_resource.description unless new_resource.description.nil?
               task.activate(new_resource.task_name)
             end
           end
@@ -252,6 +253,7 @@ class Chef
             task.trigger = trigger unless new_resource.frequency == :none
             task.configure_settings(config_settings)
             task.creator = new_resource.user
+            task.description = new_resource.description unless new_resource.description.nil?
             task.configure_principals(principal_settings)
           end
         end
@@ -329,6 +331,7 @@ class Chef
           if new_resource.frequency == :none
             flag = (task.account_information != new_resource.user ||
             task.application_name != new_resource.command ||
+            description_needs_update?(task) ||
             task.parameters != new_resource.command_arguments.to_s ||
             task.principals[:run_level] != run_level ||
             task.settings[:disallow_start_if_on_batteries] != new_resource.disallow_start_if_on_batteries ||
@@ -349,8 +352,9 @@ class Chef
                   current_task_trigger[:type] != new_task_trigger[:type] ||
                   current_task_trigger[:random_minutes_interval].to_i != new_task_trigger[:random_minutes_interval].to_i ||
                   current_task_trigger[:minutes_interval].to_i != new_task_trigger[:minutes_interval].to_i ||
-                  task.account_information != new_resource.user ||
+                  task.account_information.to_s.casecmp(new_resource.user.to_s) != 0 ||
                   task.application_name != new_resource.command ||
+                  description_needs_update?(task) ||
                   task.parameters != new_resource.command_arguments.to_s ||
                   task.working_directory != new_resource.cwd.to_s ||
                   task.principals[:logon_type] != logon_type ||
@@ -567,16 +571,25 @@ class Chef
           settings
         end
 
+        def description_needs_update?(task)
+          task.description != new_resource.description unless new_resource.description.nil?
+        end
+
         def logon_type
           # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa383566(v=vs.85).aspx
           # if nothing is passed as logon_type the TASK_LOGON_SERVICE_ACCOUNT is getting set as default so using that for comparision.
-          user_id = new_resource.user
+          user_id = new_resource.user.to_s
+          password = new_resource.password.to_s
           if Chef::ReservedNames::Win32::Security::SID.service_account_user?(user_id)
             TaskScheduler::TASK_LOGON_SERVICE_ACCOUNT
           elsif Chef::ReservedNames::Win32::Security::SID.group_user?(user_id)
             TaskScheduler::TASK_LOGON_GROUP
-          elsif !new_resource.password.to_s.empty? # password is present
-            TaskScheduler::TASK_LOGON_PASSWORD
+          elsif !user_id.empty? && !password.empty?
+            if new_resource.interactive_enabled
+              TaskScheduler::TASK_LOGON_INTERACTIVE_TOKEN
+            else
+              TaskScheduler::TASK_LOGON_PASSWORD
+            end
           else
             TaskScheduler::TASK_LOGON_INTERACTIVE_TOKEN
           end

data/lib/chef/resource.rb

@@ -131,6 +131,7 @@ class Chef
       @only_if = []
       @source_line = nil
       @deprecated = false
+      @skip_docs = false
       # We would like to raise an error when the user gives us a guard
       # interpreter and a ruby_block to the guard. In order to achieve this
       # we need to understand when the user overrides the default guard
@@ -1183,8 +1184,8 @@ class Chef
     # Internal Resource Interface (for Chef)
     #
 
-    FORBIDDEN_IVARS = [:@run_context, :@logger, :@not_if, :@only_if, :@enclosing_provider, :@description, :@introduced, :@examples, :@validation_message, :@deprecated].freeze
-    HIDDEN_IVARS = [:@allowed_actions, :@resource_name, :@source_line, :@run_context, :@logger, :@name, :@not_if, :@only_if, :@elapsed_time, :@enclosing_provider, :@description, :@introduced, :@examples, :@validation_message, :@deprecated].freeze
+    FORBIDDEN_IVARS = [:@run_context, :@logger, :@not_if, :@only_if, :@enclosing_provider, :@description, :@introduced, :@examples, :@validation_message, :@deprecated, :@default_description, :@skip_docs].freeze
+    HIDDEN_IVARS = [:@allowed_actions, :@resource_name, :@source_line, :@run_context, :@logger, :@name, :@not_if, :@only_if, :@elapsed_time, :@enclosing_provider, :@description, :@introduced, :@examples, :@validation_message, :@deprecated, :@default_description, :@skip_docs].freeze
 
     include Chef::Mixin::ConvertToClassName
     extend Chef::Mixin::ConvertToClassName
@@ -1448,6 +1449,20 @@ class Chef
       @deprecated
     end
 
+    def self.skip_docs(skip_docs = "NOT_PASSED")
+      if skip_docs != "NOT_PASSED"
+        @skip_docs = skip_docs
+      end
+      @skip_docs
+    end
+
+    def self.default_description(default_description = "NOT_PASSED")
+      if default_description != "NOT_PASSED"
+        @default_description = default_description
+      end
+      @default_description
+    end
+
     #
     # The cookbook in which this Resource was defined (if any).
     #

data/lib/chef/resource/apt_preference.rb

@@ -31,7 +31,8 @@ class Chef
       property :package_name, String,
                name_property: true,
                description: "The name of the package.",
-               regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*|\+)+$/]
+               regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*|\+)+$/],
+               validation_message: "The provided package name is not valid. Package names can only contain alphanumeric characters as well as _, -, +, or *!"
 
       property :glob, String,
                description: "Pin by glob() expression or with regular expressions surrounded by /."

data/lib/chef/resource/apt_repository.rb

@@ -43,7 +43,7 @@ class Chef
 
       property :distribution, [ String, nil, FalseClass ],
                description: "Usually a distribution's codename, such as trusty, xenial or bionic. Default value: the codename of the node's distro.",
-               default: lazy { node["lsb"]["codename"] }
+               default: lazy { node["lsb"]["codename"] }, default_description: "The LSB codename of the host such as 'bionic'."
 
       property :components, Array,
                description: "Package groupings, such as 'main' and 'stable'.",

data/lib/chef/resource/apt_update.rb

@@ -29,6 +29,7 @@ class Chef
 
       # allow bare apt_update with no name
       property :name, String, default: ""
+
       property :frequency, Integer,
                 description: "Determines how frequently (in seconds) APT repository updates are made. Use this property when the :periodic action is specified.",
                 default: 86_400

data/lib/chef/resource/build_essential.rb

@@ -30,7 +30,7 @@ class Chef
 
       property :compile_time, [TrueClass, FalseClass],
                description: "Install the build essential packages at compile time.",
-               default: false
+               default: false, desired_state: false
 
       action :install do
 

data/lib/chef/resource/cab_package.rb

@@ -39,7 +39,7 @@ class Chef
                     uri_scheme?(s) ? s : Chef::Util::PathHelper.canonical_path(s, false)
                   end
                 end),
-                default: lazy { |r| r.package_name }
+                default: lazy { |r| r.package_name }, default_description: "The package name."
     end
   end
 end

data/lib/chef/resource/chef_gem.rb

@@ -36,7 +36,7 @@ class Chef
     class ChefGem < Chef::Resource::Package::GemPackage
       resource_name :chef_gem
 
-      property :gem_binary, default: "#{RbConfig::CONFIG['bindir']}/gem",
+      property :gem_binary, default: "#{RbConfig::CONFIG['bindir']}/gem", default_description: "Chef's built-in gem binary.",
                             description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by the chef-client will be installed.",
                             callbacks: {
                  "The chef_gem resource is restricted to the current gem environment, use gem_package to install to other environments." => proc { |v| v == "#{RbConfig::CONFIG['bindir']}/gem" },

data/lib/chef/resource/cookbook_file.rb

@@ -36,7 +36,8 @@ class Chef
                 default: lazy { ::File.basename(name) }
 
       property :cookbook, String,
-                description: "The cookbook in which a file is located (if it is not located in the current cookbook)."
+                description: "The cookbook in which a file is located (if it is not located in the current cookbook).",
+                desired_state: false
 
       default_action :create
     end

data/lib/chef/resource/cron_d.rb

@@ -91,7 +91,7 @@ class Chef
                description: "Set the name of the cron job. If this isn't specified we'll use the resource name.",
                name_property: true
 
-      property :cookbook, String
+      property :cookbook, String, desired_state: false
 
       property :predefined_value, String,
                description: 'Schedule your cron job with one of the special predefined value instead of ** * pattern. This correspond to "@reboot", "@yearly", "@annually", "@monthly", "@weekly", "@daily", "@midnight" or "@hourly".',

data/lib/chef/resource/dmg_package.rb

@@ -44,106 +44,101 @@ class Chef
                default: "/Applications"
 
       property :checksum, String,
-               description: "The sha256 checksum of the dmg to download"
+               description: "The sha256 checksum of the dmg to download."
 
       property :volumes_dir, String,
-               description: "The Directory under /Volumes where the dmg is mounted as not all dmgs are mounted into a /Volumes location matching the name of the dmg."
+               description: "The Directory under /Volumes where the dmg is mounted as not all dmgs are mounted into a /Volumes location matching the name of the dmg.",
+               default: lazy { |r| r.app }, default_description: "The value passed for the application name."
 
       property :dmg_name, String,
-               description: "The name of the dmg if it is not the same as app, or if the name has spaces."
+               description: "The name of the dmg if it is not the same as app, or if the name has spaces.",
+               desired_state: false,
+               default: lazy { |r| r.app }, default_description: "The value passed for the application name."
 
       property :type, String,
                description: "The type of package.",
                equal_to: %w{app pkg mpkg},
-               default: "app"
-
-      property :installed, [TrueClass, FalseClass],
-               default: false, desired_state: false
+               default: "app", desired_state: false
 
       property :package_id, String,
-               description: "The package id registered with pkgutil when a pkg or mpkg is installed"
+               description: "The package id registered with pkgutil when a pkg or mpkg is installed."
 
       property :dmg_passphrase, String,
-               description: "Specify a passphrase to use to unencrypt the dmg while mounting."
+               description: "Specify a passphrase to use to unencrypt the dmg while mounting.",
+               desired_state: false
 
       property :accept_eula, [TrueClass, FalseClass],
                description: "Specify whether to accept the EULA. Certain dmgs require acceptance of EULA before mounting.",
-               default: false
+               default: false, desired_state: false
 
-      property :headers, [Hash, nil],
+      property :headers, Hash,
                description: "Allows custom HTTP headers (like cookies) to be set on the remote_file resource.",
-               default: nil
+               desired_state: false
 
       property :allow_untrusted, [TrueClass, FalseClass],
-               description: "Allows packages with untrusted certs to be installed.",
-               default: false
+               description: "Allow installation of packages that do not have trusted certificates.",
+               default: false, desired_state: false
 
       load_current_value do |new_resource|
         if ::File.directory?("#{new_resource.destination}/#{new_resource.app}.app")
-          Chef::Log.info "Already installed; to upgrade, remove \"#{new_resource.destination}/#{new_resource.app}.app\""
-          installed true
-        elsif shell_out("pkgutil --pkgs='#{new_resource.package_id}'").exitstatus == 0
-          Chef::Log.info "Already installed; to upgrade, try \"sudo pkgutil --forget '#{new_resource.package_id}'\""
-          installed true
+          Chef::Log.info "#{new_resource.app} is already installed. To upgrade, remove \"#{new_resource.destination}/#{new_resource.app}.app\""
+        elsif shell_out("pkgutil --pkg-info '#{new_resource.package_id}'").exitstatus == 0
+          Chef::Log.info "#{new_resource.app} is already installed. To upgrade, try \"sudo pkgutil --forget '#{new_resource.package_id}'\""
         else
-          installed false
+          current_value_does_not_exist! # allows us to check for current_resource.nil? below
         end
       end
 
       action :install do
         description "Installs the application."
 
-        unless current_resource.installed
-
-          volumes_dir = new_resource.volumes_dir ? new_resource.volumes_dir : new_resource.app
-          dmg_name = new_resource.dmg_name ? new_resource.dmg_name : new_resource.app
-
+        if current_resource.nil?
           if new_resource.source
-            declare_resource(:remote_file, "#{dmg_file} - #{new_resource.name}") do
-              path dmg_file
+            remote_file dmg_file do
               source new_resource.source
               headers new_resource.headers if new_resource.headers
               checksum new_resource.checksum if new_resource.checksum
             end
           end
 
-          passphrase_cmd = new_resource.dmg_passphrase ? "-passphrase #{new_resource.dmg_passphrase}" : ""
           ruby_block "attach #{dmg_file}" do
             block do
-              cmd = shell_out("hdiutil imageinfo #{passphrase_cmd} '#{dmg_file}' | grep -q 'Software License Agreement: true'")
-              software_license_agreement = cmd.exitstatus == 0
-              raise "Requires EULA Acceptance; add 'accept_eula true' to package resource" if software_license_agreement && !new_resource.accept_eula
-              accept_eula_cmd = new_resource.accept_eula ? "echo Y | PAGER=true" : ""
-              shell_out!("#{accept_eula_cmd} hdiutil attach #{passphrase_cmd} '#{dmg_file}' -mountpoint '/Volumes/#{volumes_dir}' -quiet")
+              raise "This DMG package requires EULA acceptance. Add 'accept_eula true' to dmg_package resource to accept the EULA during installation." if software_license_agreement? && !new_resource.accept_eula
+
+              attach_cmd = new_resource.accept_eula ? "yes | " : ""
+              attach_cmd << "/usr/bin/hdiutil attach #{passphrase_cmd} '#{dmg_file}' -nobrowse -mountpoint '/Volumes/#{new_resource.volumes_dir}'"
+
+              shell_out!(attach_cmd, env: { "PAGER" => "true" })
             end
-            not_if "hdiutil info #{passphrase_cmd} | grep -q 'image-path.*#{dmg_file}'"
+            not_if { dmg_attached? }
           end
 
           case new_resource.type
           when "app"
-            declare_resource(:execute, "rsync --force --recursive --links --perms --executability --owner --group --times '/Volumes/#{volumes_dir}/#{new_resource.app}.app' '#{new_resource.destination}'") do
+            execute "rsync --force --recursive --links --perms --executability --owner --group --times '/Volumes/#{new_resource.volumes_dir}/#{new_resource.app}.app' '#{new_resource.destination}'" do
               user new_resource.owner if new_resource.owner
             end
 
-            declare_resource(:file, "#{new_resource.destination}/#{new_resource.app}.app/Contents/MacOS/#{new_resource.app}") do
-              mode "755"
+            file "#{new_resource.destination}/#{new_resource.app}.app/Contents/MacOS/#{new_resource.app}" do
+              mode "0755"
               ignore_failure true
             end
           when "mpkg", "pkg"
-            install_cmd = "installation_file=$(ls '/Volumes/#{volumes_dir}' | grep '.#{new_resource.type}$') && sudo installer -pkg \"/Volumes/#{volumes_dir}/$installation_file\" -target /"
+            install_cmd = "installation_file=$(ls '/Volumes/#{new_resource.volumes_dir}' | grep '.#{new_resource.type}$') && sudo installer -pkg \"/Volumes/#{new_resource.volumes_dir}/$installation_file\" -target /"
             install_cmd += " -allowUntrusted" if new_resource.allow_untrusted
 
-            declare_resource(:execute, install_cmd) do
+            execute install_cmd do
               # Prevent cfprefsd from holding up hdiutil detach for certain disk images
               environment("__CFPREFERENCES_AVOID_DAEMON" => "1")
             end
           end
 
-          declare_resource(:execute, "hdiutil detach '/Volumes/#{volumes_dir}' || hdiutil detach '/Volumes/#{volumes_dir}' -force")
+          execute "/usr/bin/hdiutil detach '/Volumes/#{new_resource.volumes_dir}' || /usr/bin/hdiutil detach '/Volumes/#{new_resource.volumes_dir}' -force"
         end
       end
 
       action_class do
+        # @return [String] the path to the dmg file
         def dmg_file
           @dmg_file ||= begin
             if new_resource.file.nil?
@@ -153,6 +148,23 @@ class Chef
             end
           end
         end
+
+        # @return [String] the hdiutil flag for handling DMGs with a password
+        def passphrase_cmd
+          @passphrase_cmd ||= new_resource.dmg_passphrase ? "-passphrase #{new_resource.dmg_passphrase}" : ""
+        end
+
+        # @return [Boolean] does the DMG require a software license agreement
+        def software_license_agreement?
+          # example hdiutil imageinfo output: http://rubular.com/r/0xvOaA6d8B
+          /Software License Agreement: true/.match?(shell_out!("/usr/bin/hdiutil imageinfo #{passphrase_cmd} '#{dmg_file}'").stdout)
+        end
+
+        # @return [Boolean] is the dmg file currently attached?
+        def dmg_attached?
+          # example hdiutil imageinfo output: http://rubular.com/r/CDcqenkixg
+          /image-path.*#{dmg_file}/.match?(shell_out!("/usr/bin/hdiutil info #{passphrase_cmd}").stdout)
+        end
       end
     end
   end

data/lib/chef/resource/execute.rb

@@ -62,7 +62,7 @@ class Chef
                description: "Prevent a command from creating a file when that file already exists."
 
       property :cwd, String,
-               description: "Set the current working directory before running a command."
+               description: "The current working directory from which the command will be run."
 
       property :environment, Hash,
                description: "Specify a Hash of environment variables to be set."
@@ -100,7 +100,7 @@ class Chef
       # lazy used to set default value of sensitive to true if password is set
       property :sensitive, [ TrueClass, FalseClass ],
                description: "Ensure that sensitive resource data is not logged by the chef-client.",
-               default: lazy { |r| r.password ? true : false }
+               default: lazy { |r| r.password ? true : false }, default_description: "True if the password property is set. False otherwise."
 
       property :elevated, [ TrueClass, FalseClass ], default: false,
                description: "Determines whether the script will run with elevated permissions to circumvent User Access Control (UAC) interactively blocking the process.\nThis will cause the process to be run under a batch login instead of an interactive login. The user running Chef needs the “Replace a process level token” and “Adjust Memory Quotas for a process” permissions. The user that is running the command needs the “Log on as a batch job” permission.\nBecause this requires a login, the user and password properties are required.",

data/lib/chef/resource/file.rb

@@ -66,7 +66,7 @@ class Chef
       property :content, [ String, nil ], desired_state: false,
                description: "A string that is written to the file. The contents of this property replace any previous content when this property has something other than the default value. The default behavior will not modify content."
 
-      property :diff, [ String, nil ], desired_state: false
+      property :diff, [ String, nil ], desired_state: false, skip_docs: true
 
       property :force_unlink, [ TrueClass, FalseClass ], desired_state: false, default: false,
                description: "How the chef-client handles certain situations when the target file turns out not to be a file. For example, when a target file is actually a symlink. Set to true for the chef-client delete the non-file target and replace it with the specified file. Set to false for the chef-client to raise an error."