chef 14.6.47 → 14.7.17

data/lib/chef/resource/windows_task.rb

@@ -116,6 +116,10 @@ class Chef
                  introduced: "14.4", default: false,
                  description: "Scheduled task option when system is switching on battery."
 
+        property :description, String,
+                 introduced: "14.7",
+                 description: "The task description."
+
         attr_accessor :exists, :task, :command_arguments
 
         VALID_WEEK_DAYS = %w{ mon tue wed thu fri sat sun * }.freeze

data/lib/chef/resource/windows_workgroup.rb

@@ -36,20 +36,22 @@ class Chef
                name_property: true
 
       property :user, String,
-               description: "The local administrator user to use to change the workgroup."
+               description: "The local administrator user to use to change the workgroup.",
+               desired_state: false
 
       property :password, String,
-               description: "The password for the local administrator user."
+               description: "The password for the local administrator user.",
+               desired_state: false
 
       property :reboot, Symbol,
                equal_to: [:immediate, :delayed, :never, :request_reboot, :reboot_now],
                validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the Chef run completes), and :never (Don't reboot)",
                description: "Controls the system reboot behavior post workgroup joining. Reboot immediately, after the Chef run completes, or never. Note that a reboot is necessary for changes to take effect.",
-               default: :immediate
+               default: :immediate, desired_state: false
 
       # define this again so we can default it to true. Otherwise failures print the password
       property :sensitive, [TrueClass, FalseClass],
-               default: true
+               default: true, desired_state: false
 
       action :join do
         description "Update the workgroup."

data/lib/chef/resource/yum_repository.rb

@@ -45,7 +45,8 @@ class Chef
                default: true
 
       property :cost, String, regex: /^\d+$/,
-               description: "Relative cost of accessing this repository. Useful for weighing one repo's packages as greater/less than any other."
+               description: "Relative cost of accessing this repository. Useful for weighing one repo's packages as greater/less than any other.",
+               validation_message: "The cost property must be a numeric value!"
 
       property :description, String,
                description: "Descriptive name for the repository channel and maps to the 'name' parameter in a repository .conf.",
@@ -73,7 +74,7 @@ class Chef
                default: true
 
       property :gpgkey, [String, Array],
-               description: "URL pointing to the ASCII-armored GPG key file for the repository. This is used if Yum needs a public key to verify a package and the required key hasn't been imported into the RPM database. If this option is set, Yum will automatically import the key from the specified URL. Multiple URLs may be specified in the same manner as the baseurl option. If a GPG key is required to install a package from a repository, all keys specified for that repository will be installed."
+               description: "URL pointing to the ASCII-armored GPG key file for the repository. This is used if Yum needs a public key to verify a package and the required key hasn't been imported into the RPM database. If this option is set, Yum will automatically import the key from the specified URL. Multiple URLs may be specified in the same manner as the baseurl option. If a GPG key is required to install a package from a repository, all keys specified for that repository will be installed.\nMultiple URLs may be specified in the same manner as the baseurl option. If a GPG key is required to install a package from a repository, all keys specified for that repository will be installed."
 
       property :http_caching, String, equal_to: %w{packages all none},
                description: "Determines how upstream HTTP caches are instructed to handle any HTTP downloads that Yum does. This option can take the following values: all (all HTTP downloads should be cached), packages (only RPM package downloads should be cached, but not repository metadata downloads), or none (no HTTP downloads should be cached)"
@@ -95,16 +96,19 @@ class Chef
                description: "Number of times any attempt to retrieve a file should retry before returning an error. Setting this to '0' makes Yum try forever."
 
       property :metadata_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/],
-               description: "Time (in seconds) after which the metadata will expire. If the current metadata downloaded is less than the value specified, then Yum will not update the metadata against the repository. If you find that Yum is not downloading information on updates as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a 'd', 'h' or 'm' respectively. The default is six hours to compliment yum-updates running once per hour. It is also possible to use the word ``never``, meaning that the metadata will never expire. Note: When using a metalink file, the metalink must always be newer than the metadata for the repository due to the validation, so this timeout also applies to the metalink file."
+               description: "Time (in seconds) after which the metadata will expire. If the current metadata downloaded is less than the value specified, then Yum will not update the metadata against the repository. If you find that Yum is not downloading information on updates as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a 'd', 'h' or 'm' respectively. The default is six hours to compliment yum-updates running once per hour. It is also possible to use the word ``never``, meaning that the metadata will never expire. Note: When using a metalink file, the metalink must always be newer than the metadata for the repository due to the validation, so this timeout also applies to the metalink file.",
+               validation_message: "The metadata_expire property must be a numeric value for time in seconds, the string 'never', or a numeric value appended with with 'd', 'h', or 'm'!"
 
       property :metalink, String,
                description: "Specifies a URL to a metalink file for the repomd.xml, a list of mirrors for the entire repository are generated by converting the mirrors for the repomd.xml file to a baseurl."
 
       property :mirror_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/],
-               description: "Time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than this many seconds old then Yum will not download another copy of the mirrorlist, it has the same extra format as metadata_expire. If you find that Yum is not downloading the mirrorlists as often as you would like lower the value of this option."
+               description: "Time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than this many seconds old then Yum will not download another copy of the mirrorlist, it has the same extra format as metadata_expire. If you find that Yum is not downloading the mirrorlists as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a 'd', 'h' or 'm' respectively.",
+               validation_message: "The mirror_expire property must be a numeric value for time in seconds, the string 'never', or a numeric value appended with with 'd', 'h', or 'm'!"
 
       property :mirrorlist_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/],
-               description: "Specifies the time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than the value specified, then Yum will not download another copy of the mirrorlist."
+               description: "Specifies the time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than the value specified, then Yum will not download another copy of the mirrorlist. You can also change from the default of using seconds to using days, hours or minutes by appending a 'd', 'h' or 'm' respectively.",
+               validation_message: "The mirrorlist_expire property must be a numeric value for time in seconds, the string 'never', or a numeric value appended with with 'd', 'h', or 'm'!"
 
       property :mirrorlist, String,
                description: "URL to a file containing a list of baseurls. This can be used instead of or with the baseurl option. Substitution variables, described below, can be used with this option."
@@ -120,7 +124,8 @@ class Chef
                description: "Password to use with the username for basic authentication."
 
       property :priority, String, regex: /^(\d?[1-9]|[0-9][0-9])$/,
-               description: "Assigns a priority to a repository where the priority value is between '1' and '99' inclusive. Priorities are used to enforce ordered protection of repositories. Packages from repositories with a lower priority (higher numerical value) will never be used to upgrade packages that were installed from a repository with a higher priority (lower numerical value). The repositories with the lowest numerical priority number have the highest priority."
+               description: "Assigns a priority to a repository where the priority value is between '1' and '99' inclusive. Priorities are used to enforce ordered protection of repositories. Packages from repositories with a lower priority (higher numerical value) will never be used to upgrade packages that were installed from a repository with a higher priority (lower numerical value). The repositories with the lowest numerical priority number have the highest priority.",
+               validation_message: "The priority property must be a numeric value from 1-99!"
 
       property :proxy_password, String,
                description: "Password for this proxy."
@@ -164,7 +169,8 @@ class Chef
                description: "Enable bandwidth throttling for downloads."
 
       property :timeout, String, regex: /^\d+$/,
-               description: "Number of seconds to wait for a connection before timing out. Defaults to 30 seconds. This may be too short of a time for extremely overloaded sites."
+               description: "Number of seconds to wait for a connection before timing out. Defaults to 30 seconds. This may be too short of a time for extremely overloaded sites.",
+               validation_message: "The timeout property must be a numeric value!"
 
       property :username, String,
                description: "Username to use for basic authentication to a repository."

data/lib/chef/resource/zypper_package.rb

@@ -29,14 +29,14 @@ class Chef
 
       property :gpg_check, [ TrueClass, FalseClass ],
                description: "Verify the package's GPG signature. Can also be controlled site-wide using the ``zypper_check_gpg`` config option.",
-               default: lazy { Chef::Config[:zypper_check_gpg] }
+               default: lazy { Chef::Config[:zypper_check_gpg] }, default_description: "true"
 
       property :allow_downgrade, [ TrueClass, FalseClass ],
                description: "Allow downgrading a package to satisfy requested version requirements.",
                default: false, introduced: "13.6"
 
       property :global_options, [ String, Array ],
-               description: "One (or more) additional options that are passed to the package resource other than options to the command.",
+               description: "One (or more) additional command options that are passed to the command. For example, common zypper directives, such as '--no-recommends'. See the zypper man page at https://en.opensuse.org/SDB:Zypper_manual_(plain) for the full list.",
                coerce: proc { |x| x.is_a?(String) ? x.shellsplit : x },
                introduced: "14.6"
     end

data/lib/chef/resource/zypper_repository.rb

@@ -85,7 +85,8 @@ class Chef
                description: "The name of the template for the repository file. Only necessary if you're not using the built in template."
 
       property :cookbook, String,
-               description: "The cookbook to source the repository template file from. Only necessary if you're not using the built in template."
+               description: "The cookbook to source the repository template file from. Only necessary if you're not using the built in template.",
+               desired_state: false
 
       property :gpgautoimportkeys, [TrueClass, FalseClass],
                description: "Automatically import the specified key when setting up the repository.",

data/lib/chef/resource_inspector.rb

@@ -31,7 +31,7 @@ module ResourceInspector
       # code for the resource ourselves and just no
       "lazy default"
     else
-      default
+      default.is_a?(Symbol) ? default.inspect : default # inspect properly returns symbols
     end
   end
 
@@ -46,9 +46,9 @@ module ResourceInspector
     data[:preview] = resource.preview_resource
 
     properties = unless complete
-                   resource.properties.reject { |_, k| k.options[:declared_in] == Chef::Resource }
+                   resource.properties.reject { |_, k| k.options[:declared_in] == Chef::Resource || k.options[:skip_docs] }
                  else
-                   resource.properties
+                   resource.properties.reject { |_, k| k.options[:skip_docs] }
                  end
 
     data[:properties] = properties.each_with_object([]) do |(n, k), acc|
@@ -57,7 +57,7 @@ module ResourceInspector
                introduced: opts[:introduced], is: opts[:is],
                deprecated: opts[:deprecated] || false,
                required: opts[:required] || false,
-               default: get_default(opts[:default]),
+               default: opts[:default_description] || get_default(opts[:default]),
                name_property: opts[:name_property] || false }
     end
     data

data/lib/chef/resources.rb

@@ -130,14 +130,17 @@ require "chef/resource/powershell_package"
 require "chef/resource/msu_package"
 require "chef/resource/windows_ad_join"
 require "chef/resource/windows_auto_run"
+require "chef/resource/windows_certificate"
 require "chef/resource/windows_feature"
 require "chef/resource/windows_feature_dism"
 require "chef/resource/windows_feature_powershell"
+require "chef/resource/windows_firewall_rule"
 require "chef/resource/windows_font"
 require "chef/resource/windows_pagefile"
 require "chef/resource/windows_path"
 require "chef/resource/windows_printer"
 require "chef/resource/windows_printer_port"
+require "chef/resource/windows_share"
 require "chef/resource/windows_shortcut"
 require "chef/resource/windows_task"
 require "chef/resource/windows_workgroup"

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require "chef/version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = Chef::VersionString.new("14.6.47")
+  VERSION = Chef::VersionString.new("14.7.17")
 end
 
 #

data/spec/functional/resource/windows_task_spec.rb

@@ -132,6 +132,45 @@ describe Chef::Resource::WindowsTask, :windows_only do
       end
     end
 
+    context "when description is passed" do
+      subject do
+        new_resource = Chef::Resource::WindowsTask.new(task_name, run_context)
+        new_resource.execution_time_limit = 259200 / 60 # converting "PT72H" into minutes and passing here since win32-taskscheduler accespts this
+        new_resource.command task_name
+        # Make sure MM/DD/YYYY is accepted
+        new_resource.start_day "09/20/2017"
+        new_resource.frequency :hourly
+        new_resource
+      end
+
+      let(:some_description) { "this is test description" }
+
+      it "create the task and sets its description" do
+        subject.description some_description
+        call_for_create_action
+        # loading current resource again to check new task is creted and it matches task parameters
+        current_resource = call_for_load_current_resource
+        expect(current_resource.exists).to eq(true)
+        expect(current_resource.task.description).to eq(some_description)
+      end
+
+      it "does not converge the resource if it is already converged" do
+        subject.description some_description
+        subject.run_action(:create)
+        subject.description some_description
+        subject.run_action(:create)
+        expect(subject).not_to be_updated_by_last_action
+      end
+
+      it "updates task with new description if task already exist" do
+        subject.description some_description
+        subject.run_action(:create)
+        subject.description "test description"
+        subject.run_action(:create)
+        expect(subject).to be_updated_by_last_action
+      end
+    end
+
     context "when frequency_modifier are not passed" do
       subject do
         new_resource = Chef::Resource::WindowsTask.new(task_name, run_context)

data/spec/support/platform_helpers.rb

@@ -220,7 +220,8 @@ def selinux_enabled?
 end
 
 def suse?
-  File.exists?("/etc/SuSE-release")
+  ::File.exists?("/etc/SuSE-release") ||
+    ( ::File.exists?("/etc/os-release") && /sles|suse/.match?(File.read("/etc/os-release")) )
 end
 
 def root?

data/spec/unit/resource/windows_certificate.rb

@@ -0,0 +1,46 @@
+#
+# Copyright:: Copyright 2018, Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsCertificate do
+  let(:resource) { Chef::Resource::WindowsCertificate.new("foobar") }
+
+  it "sets resource name as :windows_certificate" do
+    expect(resource.resource_name).to eql(:windows_certificate)
+  end
+
+  it "the source property is the name_property" do
+    expect(resource.source).to eql("foobar")
+  end
+
+  it "sets the default action as :create" do
+    expect(resource.action).to eql([:create])
+  end
+
+  it "supports :create, :acl_add, :delete, and :verify actions" do
+    expect { resource.action :create }.not_to raise_error
+    expect { resource.action :acl_add }.not_to raise_error
+    expect { resource.action :delete }.not_to raise_error
+    expect { resource.action :verify }.not_to raise_error
+  end
+
+  it "sets sensitive to true if the pfx_password property is set" do
+    resource.pfx_password "foo"
+    expect(resource.sensitive).to be_truthy
+  end
+end

data/spec/unit/resource/windows_firewall_rule_spec.rb

@@ -0,0 +1,401 @@
+# Author:: Tor Magnus Rakvåg (tor.magnus@outlook.com)
+# Copyright:: 2018, Intility AS
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsFirewallRule do
+  let(:resource) { Chef::Resource::WindowsFirewallRule.new("rule") }
+  let(:provider) { resource.provider_for_action(:enable) }
+
+  it "has a resource name of :windows_firewall_rule" do
+    expect(resource.resource_name).to eql(:windows_firewall_rule)
+  end
+
+  it "the name_property is 'rule_name'" do
+    expect(resource.rule_name).to eql("rule")
+  end
+
+  it "the default action is :create" do
+    expect(resource.action).to eql([:create])
+  end
+
+  it "supports :create and :delete actions" do
+    expect { resource.action :create }.not_to raise_error
+    expect { resource.action :delete }.not_to raise_error
+  end
+
+  it "the rule_name property accepts strings" do
+    resource.rule_name("rule2")
+    expect(resource.rule_name).to eql("rule2")
+  end
+
+  it "the description property accepts strings" do
+    resource.description("firewall rule")
+    expect(resource.description).to eql("firewall rule")
+  end
+
+  it "the local_address property accepts strings" do
+    resource.local_address("192.168.1.1")
+    expect(resource.local_address).to eql("192.168.1.1")
+  end
+
+  it "the local_port property accepts integers" do
+    resource.local_port(8080)
+    expect(resource.local_port).to eql(["8080"])
+  end
+
+  it "the local_port property accepts strings" do
+    resource.local_port("8080")
+    expect(resource.local_port).to eql(["8080"])
+  end
+
+  it "the local_port property accepts comma separated lists without spaces" do
+    resource.local_port("8080,8081")
+    expect(resource.local_port).to eql(%w{8080 8081})
+  end
+
+  it "the local_port property accepts comma separated lists with spaces" do
+    resource.local_port("8080, 8081")
+    expect(resource.local_port).to eql(%w{8080 8081})
+  end
+
+  it "the local_port property accepts arrays and coerces to a sorta array of strings" do
+    resource.local_port([8081, 8080])
+    expect(resource.local_port).to eql(%w{8080 8081})
+  end
+
+  it "the remote_address property accepts strings" do
+    resource.remote_address("8.8.4.4")
+    expect(resource.remote_address).to eql("8.8.4.4")
+  end
+
+  it "the remote_port property accepts strings" do
+    resource.remote_port("8081")
+    expect(resource.remote_port).to eql(["8081"])
+  end
+
+  it "the remote_port property accepts integers" do
+    resource.remote_port(8081)
+    expect(resource.remote_port).to eql(["8081"])
+  end
+
+  it "the remote_port property accepts comma separated lists without spaces" do
+    resource.remote_port("8080,8081")
+    expect(resource.remote_port).to eql(%w{8080 8081})
+  end
+
+  it "the remote_port property accepts comma separated lists with spaces" do
+    resource.remote_port("8080, 8081")
+    expect(resource.remote_port).to eql(%w{8080 8081})
+  end
+
+  it "the remote_port property accepts arrays and coerces to a sorta array of strings" do
+    resource.remote_port([8081, 8080])
+    expect(resource.remote_port).to eql(%w{8080 8081})
+  end
+
+  it "the direction property accepts :inbound and :outbound" do
+    resource.direction(:inbound)
+    expect(resource.direction).to eql(:inbound)
+    resource.direction(:outbound)
+    expect(resource.direction).to eql(:outbound)
+  end
+
+  it "the direction property coerces strings to symbols" do
+    resource.direction("Inbound")
+    expect(resource.direction).to eql(:inbound)
+  end
+
+  it "the protocol property accepts strings" do
+    resource.protocol("TCP")
+    expect(resource.protocol).to eql("TCP")
+  end
+
+  it "the firewall_action property accepts :allow, :block and :notconfigured" do
+    resource.firewall_action(:allow)
+    expect(resource.firewall_action).to eql(:allow)
+    resource.firewall_action(:block)
+    expect(resource.firewall_action).to eql(:block)
+    resource.firewall_action(:notconfigured)
+    expect(resource.firewall_action).to eql(:notconfigured)
+  end
+
+  it "the firewall_action property coerces strings to symbols" do
+    resource.firewall_action("Allow")
+    expect(resource.firewall_action).to eql(:allow)
+  end
+
+  it "the profile property accepts :public, :private, :domain, :any and :notapplicable" do
+    resource.profile(:public)
+    expect(resource.profile).to eql(:public)
+    resource.profile(:private)
+    expect(resource.profile).to eql(:private)
+    resource.profile(:domain)
+    expect(resource.profile).to eql(:domain)
+    resource.profile(:any)
+    expect(resource.profile).to eql(:any)
+    resource.profile(:notapplicable)
+    expect(resource.profile).to eql(:notapplicable)
+  end
+
+  it "the profile property coerces strings to symbols" do
+    resource.profile("Public")
+    expect(resource.profile).to eql(:public)
+  end
+
+  it "the program property accepts strings" do
+    resource.program("C:/Test/test.exe")
+    expect(resource.program).to eql("C:/Test/test.exe")
+  end
+
+  it "the service property accepts strings" do
+    resource.service("Spooler")
+    expect(resource.service).to eql("Spooler")
+  end
+
+  it "the interface_type property accepts :any, :wireless, :wired and :remoteaccess" do
+    resource.interface_type(:any)
+    expect(resource.interface_type).to eql(:any)
+    resource.interface_type(:wireless)
+    expect(resource.interface_type).to eql(:wireless)
+    resource.interface_type(:wired)
+    expect(resource.interface_type).to eql(:wired)
+    resource.interface_type(:remoteaccess)
+    expect(resource.interface_type).to eql(:remoteaccess)
+  end
+
+  it "the interface_type property coerces strings to symbols" do
+    resource.interface_type("Any")
+    expect(resource.interface_type).to eql(:any)
+  end
+
+  it "the enabled property accepts true and false" do
+    resource.enabled(true)
+    expect(resource.enabled).to eql(true)
+    resource.enabled(false)
+    expect(resource.enabled).to eql(false)
+  end
+
+  it "aliases :localip to :local_address" do
+    resource.localip("192.168.30.30")
+    expect(resource.local_address).to eql("192.168.30.30")
+  end
+
+  it "aliases :remoteip to :remote_address" do
+    resource.remoteip("8.8.8.8")
+    expect(resource.remote_address).to eql("8.8.8.8")
+  end
+
+  it "aliases :localport to :local_port" do
+    resource.localport("80")
+    expect(resource.local_port).to eql(["80"])
+  end
+
+  it "aliases :remoteport to :remote_port" do
+    resource.remoteport("8080")
+    expect(resource.remote_port).to eql(["8080"])
+  end
+
+  it "aliases :interfacetype to :interface_type" do
+    resource.interfacetype(:any)
+    expect(resource.interface_type).to eql(:any)
+  end
+
+  describe "#firewall_command" do
+    before do
+      resource.rule_name("test_rule")
+    end
+
+    context "#new" do
+      it "build a minimal command" do
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets a description" do
+        resource.description("New description")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'New description' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets LocalAddress" do
+        resource.local_address("127.0.0.1")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -LocalAddress '127.0.0.1' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets LocalPort" do
+        resource.local_port("80")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -LocalPort 80 -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets RemoteAddress" do
+        resource.remote_address("8.8.8.8")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets RemotePort" do
+        resource.remote_port("443")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -RemotePort 443 -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Direction" do
+        resource.direction(:outbound)
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'outbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Protocol" do
+        resource.protocol("UDP")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'UDP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Action" do
+        resource.firewall_action(:block)
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'block' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Profile" do
+        resource.profile(:private)
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'private' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Program" do
+        resource.program("C:/calc.exe")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Program 'C:/calc.exe' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Service" do
+        resource.service("Spooler")
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Service 'Spooler' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets InterfaceType" do
+        resource.interface_type(:wired)
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'wired' -Enabled 'true'")
+      end
+
+      it "sets Enabled" do
+        resource.enabled(false)
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'false'")
+      end
+
+      it "sets all properties" do
+        resource.rule_name("test_rule_the_second")
+        resource.description("some other rule")
+        resource.local_address("192.168.40.40")
+        resource.local_port("80")
+        resource.remote_address("8.8.4.4")
+        resource.remote_port("8081")
+        resource.direction(:outbound)
+        resource.protocol("UDP")
+        resource.firewall_action(:notconfigured)
+        resource.profile(:domain)
+        resource.program('%WINDIR%\System32\lsass.exe')
+        resource.service("SomeService")
+        resource.interface_type(:remoteaccess)
+        resource.enabled(false)
+        expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule_the_second' -DisplayName 'test_rule_the_second' -Description 'some other rule' -LocalAddress '192.168.40.40' -LocalPort 80 -RemoteAddress '8.8.4.4' -RemotePort 8081 -Direction 'outbound' -Protocol 'UDP' -Action 'notconfigured' -Profile 'domain' -Program '%WINDIR%\\System32\\lsass.exe' -Service 'SomeService' -InterfaceType 'remoteaccess' -Enabled 'false'")
+      end
+    end
+
+    context "#set" do
+      it "build a minimal command" do
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets a description" do
+        resource.description("New description")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'New description' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets LocalAddress" do
+        resource.local_address("127.0.0.1")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -LocalAddress '127.0.0.1' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets LocalPort" do
+        resource.local_port("80")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -LocalPort 80 -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets RemoteAddress" do
+        resource.remote_address("8.8.8.8")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets RemotePort" do
+        resource.remote_port("443")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -RemotePort 443 -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Direction" do
+        resource.direction(:outbound)
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'outbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Protocol" do
+        resource.protocol("UDP")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'UDP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Action" do
+        resource.firewall_action(:block)
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'block' -Profile 'any' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Profile" do
+        resource.profile(:private)
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'private' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Program" do
+        resource.program("C:/calc.exe")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Program 'C:/calc.exe' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets Service" do
+        resource.service("Spooler")
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Service 'Spooler' -InterfaceType 'any' -Enabled 'true'")
+      end
+
+      it "sets InterfaceType" do
+        resource.interface_type(:wired)
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'wired' -Enabled 'true'")
+      end
+
+      it "sets Enabled" do
+        resource.enabled(false)
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'false'")
+      end
+
+      it "sets all properties" do
+        resource.rule_name("test_rule_the_second")
+        resource.description("some other rule")
+        resource.local_address("192.168.40.40")
+        resource.local_port("80")
+        resource.remote_address("8.8.4.4")
+        resource.remote_port("8081")
+        resource.direction(:outbound)
+        resource.protocol("UDP")
+        resource.firewall_action(:notconfigured)
+        resource.profile(:domain)
+        resource.program('%WINDIR%\System32\lsass.exe')
+        resource.service("SomeService")
+        resource.interface_type(:remoteaccess)
+        resource.enabled(false)
+        expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule_the_second' -Description 'some other rule' -LocalAddress '192.168.40.40' -LocalPort 80 -RemoteAddress '8.8.4.4' -RemotePort 8081 -Direction 'outbound' -Protocol 'UDP' -Action 'notconfigured' -Profile 'domain' -Program '%WINDIR%\\System32\\lsass.exe' -Service 'SomeService' -InterfaceType 'remoteaccess' -Enabled 'false'")
+      end
+    end
+  end
+end