chef 15.11.3-universal-mingw32 → 16.1.16-universal-mingw32

data/lib/chef/resource/openssl_ec_public_key.rb

@@ -24,10 +24,30 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
-      resource_name :openssl_ec_public_key
+      provides :openssl_ec_public_key
 
-      description "Use the openssl_ec_public_key resource to generate elliptic curve (EC) public key files from a given EC private key."
+      description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."
       introduced "14.4"
+      examples <<~DOC
+        Generate new ec public key from a private key on disk
+
+        ```ruby
+        openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3.pub' do
+          private_key_path '/etc/ssl_files/eckey_prime256v1_des3.pem'
+          private_key_pass 'something'
+          action :create
+        end
+        ```
+
+        Generate new ec public key by passing in a private key
+
+        ```ruby
+        openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3_2.pub' do
+          private_key_content "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEII2VAU9re44mAUzYPWCg+qqwdmP8CplsEg0b/DYPXLg2oAoGCCqGSM49\nAwEHoUQDQgAEKkpMCbIQ2C6Qlp/B+Odp1a9Y06Sm8yqPvCVIkWYP7M8PX5+RmoIv\njGBVf/+mVBx77ji3NpTilMUt2KPZ87lZ3w==\n-----END EC PRIVATE KEY-----\n"
+          action :create
+        end
+        ```
+      DOC
 
       property :path, String,
         description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.",

data/lib/chef/resource/openssl_rsa_private_key.rb

@@ -23,12 +23,31 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
-      resource_name :openssl_rsa_private_key
       provides(:openssl_rsa_private_key) { true }
       provides(:openssl_rsa_key) { true } # legacy cookbook resource name
 
-      description "Use the openssl_rsa_private_key resource to generate RSA private key files. If a valid RSA key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten."
+      description "Use the **openssl_rsa_private_key** resource to generate RSA private key files. If a valid RSA key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten."
       introduced "14.0"
+      examples <<~DOC
+        Generate new 2048bit key with the default des3 cipher
+
+        ```ruby
+        openssl_rsa_private_key '/etc/ssl_files/rsakey_des3.pem' do
+          key_length 2048
+          action :create
+        end
+        ```
+
+        Generate new 1024bit key with the aes-128-cbc cipher
+
+        ```ruby
+        openssl_rsa_key '/etc/ssl_files/rsakey_aes128cbc.pem' do
+          key_length 1024
+          key_cipher 'aes-128-cbc'
+          action :create
+        end
+        ```
+      DOC
 
       property :path, String,
         description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.",

data/lib/chef/resource/openssl_rsa_public_key.rb

@@ -23,10 +23,31 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
-      resource_name :openssl_rsa_public_key
       provides(:openssl_rsa_public_key) { true }
 
-      description "Use the openssl_rsa_public_key resource to generate RSA public key files for a given RSA private key."
+      examples <<~DOC
+        Generate new public key from a private key on disk
+
+        ```ruby
+        openssl_rsa_public_key '/etc/ssl_files/rsakey_des3.pub' do
+          private_key_path '/etc/ssl_files/rsakey_des3.pem'
+          private_key_pass 'something'
+          action :create
+        end
+        ```
+
+        Generate new public key by passing in a private key
+
+        ```ruby
+        openssl_rsa_public_key '/etc/ssl_files/rsakey_2.pub' do
+          private_key_pass 'something'
+          private_key_content "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,5EE0AE9A5FE3342E\n\nyb930kj5/4/nd738dPx6XdbDrMCvqkldaz0rHNw8xsWvwARrl/QSPwROG3WY7ROl\nEUttVlLaeVaqRPfQbmTUfzGI8kTMmDWKjw52gJUx2YJTYRgMHAB0dzYIRjeZAaeS\nypXnEfouVav+jKTmmehr1WuVKbzRhQDBSalzeUwsPi2+fb3Bfuo1dRW6xt8yFuc4\nAkv1hCglymPzPHE2L0nSGjcgA2DZu+/S8/wZ4E63442NHPzO4VlLvpNvJrYpEWq9\nB5mJzcdXPeOTjqd13olNTlOZMaKxu9QShu50GreCTVsl8VRkK8NtwbWuPGBZlIFa\njzlS/RaLuzNzfajaKMkcIYco9t7gN2DwnsACHKqEYT8248Ii3NQ+9/M5YcmpywQj\nWGr0UFCSAdCky1lRjwT+zGQKohr+dVR1GaLem+rSZH94df4YBxDYw4rjsKoEhvXB\nv2Vlx+G7Vl2NFiZzxUKh3MvQLr/NDElpG1pYWDiE0DIG13UqEG++cS870mcEyfFh\nSF2SXYHLWyAhDK0viRDChJyFMduC4E7a2P9DJhL3ZvM0KZ1SLMwROc1XuZ704GwO\nYUqtCX5OOIsTti1Z74jQm9uWFikhgWByhVtu6sYL1YTqtiPJDMFhA560zp/k/qLO\nFKiM4eUWV8AI8AVwT6A4o45N2Ru8S48NQyvh/ADFNrgJbVSeDoYE23+DYKpzbaW9\n00BD/EmUQqaQMc670vmI+CIdcdE7L1zqD6MZN7wtPaRIjx4FJBGsFoeDShr+LoTD\nrwbadwrbc2Rf4DWlvFwLJ4pvNvdtY3wtBu79UCOol0+t8DVVSPVASsh+tp8XncDE\nKRljj88WwBjX7/YlRWvQpe5y2UrsHI0pNy8TA1Xkf6GPr6aS2TvQD5gOrAVReSse\n/kktCzZQotjmY1odvo90Zi6A9NCzkI4ZLgAuhiKDPhxZg61IeLppnfFw0v3H4331\nV9SMYgr1Ftov0++x7q9hFPIHwZp6NHHOhdHNI80XkHqtY/hEvsh7MhFMYCgSY1pa\nK/gMcZ/5Wdg9LwOK6nYRmtPtg6fuqj+jB3Rue5/p9dt4kfom4etCSeJPdvP1Mx2I\neNmyQ/7JN9N87FsfZsIj5OK9OB0fPdj0N0m1mlHM/mFt5UM5x39u13QkCt7skEF+\nyOptXcL629/xwm8eg4EXnKFk330WcYSw+sYmAQ9ZTsBxpCMkz0K4PBTPWWXx63XS\nc4J0r88kbCkMCNv41of8ceeGzFrC74dG7i3IUqZzMzRP8cFeps8auhweUHD2hULs\nXwwtII0YQ6/Fw4hgGQ5//0ASdvAicvH0l1jOQScHzXC2QWNg3GttueB/kmhMeGGm\nsHOJ1rXQ4oEckFvBHOvzjP3kuRHSWFYDx35RjWLAwLCG9odQUApHjLBgFNg9yOR0\njW9a2SGxRvBAfdjTa9ZBBrbjlaF57hq7mXws90P88RpAL+xxCAZUElqeW2Rb2rQ6\nCbz4/AtPekV1CYVodGkPutOsew2zjNqlNH+M8XzfonA60UAH20TEqAgLKwgfgr+a\nc+rXp1AupBxat4EHYJiwXBB9XcVwyp5Z+/dXsYmLXzoMOnp8OFyQ9H8R7y9Y0PEu\n-----END RSA PRIVATE KEY-----\n"
+          action :create
+        end
+        ```
+      DOC
+
+      description "Use the **openssl_rsa_public_key** resource to generate RSA public key files for a given RSA private key."
       introduced "14.0"
 
       property :path, String,

data/lib/chef/resource/openssl_x509_certificate.rb

@@ -24,11 +24,47 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
-      resource_name :openssl_x509_certificate
+      provides :openssl_x509_certificate
       provides(:openssl_x509) { true } # legacy cookbook name.
 
-      description "Use the openssl_x509_certificate resource to generate signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. Note: This resource was renamed from openssl_x509 to openssl_x509_certificate. The legacy name will continue to function, but cookbook code should be updated for the new resource name."
+      description "Use the **openssl_x509_certificate** resource to generate signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. Note: This resource was renamed from openssl_x509 to openssl_x509_certificate. The legacy name will continue to function, but cookbook code should be updated for the new resource name."
       introduced "14.4"
+      examples <<~DOC
+        Create a simple self-signed certificate file
+
+        ```ruby
+        openssl_x509_certificate '/etc/httpd/ssl/mycert.pem' do
+          common_name 'www.f00bar.com'
+          org 'Foo Bar'
+          org_unit 'Lab'
+          country 'US'
+        end
+        ```
+
+        Create a certificate using additional options
+
+        ```ruby
+        openssl_x509_certificate '/etc/ssl_files/my_signed_cert.crt' do
+          common_name 'www.f00bar.com'
+          ca_key_file '/etc/ssl_files/my_ca.key'
+          ca_cert_file '/etc/ssl_files/my_ca.crt'
+          expire 365
+          extensions(
+            'keyUsage' => {
+              'values' => %w(
+                keyEncipherment
+                digitalSignature),
+              'critical' => true,
+            },
+            'extendedKeyUsage' => {
+              'values' => %w(serverAuth),
+              'critical' => false,
+            }
+          )
+          subject_alt_name ['IP:127.0.0.1', 'DNS:localhost.localdomain']
+        end
+        ```
+      DOC
 
       property :path, String,
         description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.",

data/lib/chef/resource/openssl_x509_crl.rb

@@ -24,10 +24,21 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
-      resource_name :openssl_x509_crl
+      provides :openssl_x509_crl
 
-      description "Use the openssl_x509_crl resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
+      description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
       introduced "14.4"
+      examples <<~DOC
+        Generate a CRL file given a cert file and key file
+
+        ```ruby
+        openssl_x509_crl '/etc/ssl_files/my_ca2.crl' do
+          ca_cert_file '/etc/ssl_files/my_ca2.crt'
+          ca_key_file '/etc/ssl_files/my_ca2.key'
+          expire 1
+        end
+        ```
+      DOC
 
       property :path, String,
         description: "An optional property for specifying the path to write the file to if it differs from the resource block's name.",

data/lib/chef/resource/openssl_x509_request.rb

@@ -24,10 +24,46 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
-      resource_name :openssl_x509_request
+      provides :openssl_x509_request
 
-      description "Use the openssl_x509_request resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
+      description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
       introduced "14.4"
+      examples <<~DOC
+        Generate new ec key and csr file
+
+        ```ruby
+        openssl_x509_request '/etc/ssl_files/my_ec_request.csr' do
+          common_name 'myecrequest.example.com'
+          org 'Test Kitchen Example'
+          org_unit 'Kitchens'
+          country 'UK'
+        end
+        ```
+
+        Generate a new csr file from an existing ec key
+
+        ```ruby
+        openssl_x509_request '/etc/ssl_files/my_ec_request2.csr' do
+          common_name 'myecrequest2.example.com'
+          org 'Test Kitchen Example'
+          org_unit 'Kitchens'
+          country 'UK'
+          key_file '/etc/ssl_files/my_ec_request.key'
+        end
+        ```
+
+        Generate new rsa key and csr file
+
+        ```ruby
+        openssl_x509_request '/etc/ssl_files/my_rsa_request.csr' do
+          common_name 'myrsarequest.example.com'
+          org 'Test Kitchen Example'
+          org_unit 'Kitchens'
+          country 'UK'
+          key_type 'rsa'
+        end
+        ```
+      DOC
 
       property :path, String, name_property: true,
                description: "An optional property for specifying the path to write the file to if it differs from the resource block's name."

data/lib/chef/resource/osx_profile.rb

@@ -21,11 +21,12 @@ require_relative "../resource"
 class Chef
   class Resource
     class OsxProfile < Chef::Resource
-      resource_name :osx_profile
+      unified_mode true
+
       provides :osx_profile
       provides :osx_config_profile
 
-      description "Use the osx_profile resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system."
+      description "Use the **osx_profile** resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system."
       introduced "12.7"
 
       default_action :install
@@ -33,7 +34,7 @@ class Chef
 
       property :profile_name, String,
         description: "Use to specify the name of the profile, if different from the name of the resource block.",
-        name_property: true, identity: true
+        name_property: true
 
       property :profile, [ String, Hash ],
         description: "Use to specify a profile. This may be the name of a profile contained in a cookbook or a Hash that contains the contents of the profile."

data/lib/chef/resource/package.rb

@@ -22,9 +22,10 @@ require_relative "../resource"
 class Chef
   class Resource
     class Package < Chef::Resource
-      resource_name :package
+      unified_mode true
+      provides :package
 
-      description "Use the package resource to manage packages. When the package is"\
+      description "Use the **package** resource to manage packages. When the package is"\
                   " installed from a local file (such as with RubyGems, dpkg, or RPM"\
                   " Package Manager), the file must be added to the node using the remote_file"\
                   " or cookbook_file resources.\n\nThis resource is the base resource for"\

data/lib/chef/resource/pacman_package.rb

@@ -21,10 +21,11 @@ require_relative "package"
 class Chef
   class Resource
     class PacmanPackage < Chef::Resource::Package
-      resource_name :pacman_package
+      unified_mode true
+
       provides :pacman_package
 
-      description "Use the pacman_package resource to manage packages (using pacman) on the Arch Linux platform."
+      description "Use the **pacman_package** resource to manage packages (using pacman) on the Arch Linux platform."
     end
   end
 end

data/lib/chef/resource/paludis_package.rb

@@ -22,17 +22,26 @@ require_relative "../provider/package/paludis"
 class Chef
   class Resource
     class PaludisPackage < Chef::Resource::Package
-      resource_name :paludis_package
+      unified_mode true
+
       provides :paludis_package
 
-      description "Use the paludis_package resource to manage packages for the Paludis platform."
+      description "Use the **paludis_package** resource to manage packages for the Paludis platform."
       introduced "12.1"
 
       allowed_actions :install, :remove, :upgrade
 
-      property :timeout, Integer,
+      property :package_name, String,
+        description: "An optional property to set the package name if it differs from the resource block's name.",
+        identity: true
+
+      property :version, String,
+        description: "The version of a package to be installed or upgraded."
+
+      property :timeout, [String, Integer],
         description: "The amount of time (in seconds) to wait before timing out.",
-        default: 3600
+        default: 3600,
+        desired_state: false
     end
   end
 end

data/lib/chef/resource/perl.rb

@@ -24,12 +24,14 @@ class Chef
     class Perl < Chef::Resource::Script
       unified_mode true
 
+      provides :perl
+
       def initialize(name, run_context = nil)
         super
         @interpreter = "perl"
       end
 
-      description "Use the perl resource to execute scripts using the Perl interpreter."\
+      description "Use the **perl** resource to execute scripts using the Perl interpreter."\
                   " This resource may also use any of the actions and properties that are"\
                   " available to the execute resource. Commands that are executed with this"\
                   " resource are (by their nature) not idempotent, as they are typically"\

data/lib/chef/resource/plist.rb

@@ -0,0 +1,207 @@
+#
+# Copyright:: Copyright 2017-2020, Microsoft Corporation
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../resource"
+require "plist"
+
+class Chef
+  class Resource
+
+    class PlistResource < Chef::Resource # we name this PlistResource to avoid confusion with Plist from the plist gem
+      unified_mode true
+
+      provides :plist
+
+      description "Use the **plist** resource to set config values in plist files on macOS systems."
+      introduced "16.0"
+
+      property :path, String, name_property: true
+      property :entry, String
+      property :value, [TrueClass, FalseClass, String, Integer, Float, Hash]
+      property :encoding, String, default: "binary"
+      property :owner, String, default: "root"
+      property :group, String, default: "wheel"
+      property :mode, [String, Integer]
+
+      PLISTBUDDY_EXECUTABLE = "/usr/libexec/PlistBuddy".freeze
+      DEFAULTS_EXECUTABLE = "/usr/bin/defaults".freeze
+      PLUTIL_EXECUTABLE = "/usr/bin/plutil".freeze
+      PLUTIL_FORMAT_MAP = { "us-ascii" => "xml1",
+                             "text/xml" => "xml1",
+                             "utf-8" => "xml1",
+                             "binary" => "binary1" }.freeze
+
+      load_current_value do |desired|
+        current_value_does_not_exist! unless ::File.exist? desired.path
+        entry desired.entry if entry_in_plist? desired.entry, desired.path
+
+        setting = setting_from_plist desired.entry, desired.path
+        value convert_to_data_type_from_string(setting[:key_type], setting[:key_value])
+
+        file_type_cmd = shell_out "/usr/bin/file", "--brief", "--mime-encoding", "--preserve-date", desired.path
+        encoding file_type_cmd.stdout.chomp
+
+        file_owner_cmd = shell_out("/usr/bin/stat", "-f", "%Su", desired.path)
+        owner file_owner_cmd.stdout.chomp
+
+        file_group_cmd = shell_out("/usr/bin/stat", "-f", "%Sg", desired.path)
+        group file_group_cmd.stdout.chomp
+      end
+
+      action :set do
+        converge_if_changed :path do
+          converge_by "create new plist: '#{new_resource.path}'" do
+            file new_resource.path do
+              content {}.to_plist
+              owner new_resource.owner
+              group new_resource.group
+              mode new_resource.mode if property_is_set?(:mode)
+            end
+          end
+        end
+
+        plist_file_name = ::File.basename(new_resource.path)
+
+        converge_if_changed :entry do
+          converge_by "add entry \"#{new_resource.entry}\" to #{plist_file_name}" do
+            shell_out!(plistbuddy_command(:add, new_resource.entry, new_resource.path, new_resource.value))
+          end
+        end
+
+        converge_if_changed :value do
+          converge_by "#{plist_file_name}: set #{new_resource.entry} to #{new_resource.value}" do
+            shell_out!(plistbuddy_command(:set, new_resource.entry, new_resource.path, new_resource.value))
+          end
+        end
+
+        converge_if_changed :encoding do
+          converge_by "change format" do
+            unless PLUTIL_FORMAT_MAP.key?(new_resource.encoding)
+              Chef::Application.fatal!(
+                "Option encoding must be equal to one of: #{PLUTIL_FORMAT_MAP.keys}!  You passed \"#{new_resource.encoding}\"."
+              )
+            end
+            shell_out!(PLUTIL_EXECUTABLE, "-convert", PLUTIL_FORMAT_MAP[new_resource.encoding], new_resource.path)
+          end
+        end
+
+        converge_if_changed :owner do
+          converge_by "update owner to #{new_resource.owner}" do
+            file new_resource.path do
+              owner new_resource.owner
+            end
+          end
+        end
+
+        converge_if_changed :group do
+          converge_by "update group to #{new_resource.group}" do
+            file new_resource.path do
+              group new_resource.group
+            end
+          end
+        end
+      end
+
+      ### Question: Should I refactor these methods into an action_class?
+      ### Answer: NO
+      ### Why: We need them in both the action and in load_current_value. If you put them in the
+      ###      action class then they're only in the Provider class and are not available to load_current_value
+
+      def convert_to_data_type_from_string(type, value)
+        case type
+        when "boolean"
+          # Since we've determined this is a boolean data type, we can assume that:
+          # If the value as an int is 1, return true
+          # If the value as an int is 0 (not 1), return false
+          value.to_i == 1
+        when "integer"
+          value.to_i
+        when "float"
+          value.to_f
+        when "string"
+          value
+        when "dictionary"
+          value
+        when nil
+          ""
+        else
+          raise "Unknown or unsupported data type: #{type.class}"
+        end
+      end
+
+      def type_to_commandline_string(value)
+        case value
+        when Array
+          "array"
+        when Integer
+          "integer"
+        when FalseClass
+          "bool"
+        when TrueClass
+          "bool"
+        when Hash
+          "dict"
+        when String
+          "string"
+        when Float
+          "float"
+        else
+          raise "Unknown or unsupported data type: #{value} of #{value.class}"
+        end
+      end
+
+      def entry_in_plist?(entry, path)
+        print_entry = plistbuddy_command :print, entry, path
+        cmd = shell_out print_entry
+        cmd.exitstatus == 0
+      end
+
+      def plistbuddy_command(subcommand, entry, path, value = nil)
+        sep = " "
+        arg = case subcommand.to_s
+              when "add"
+                type_to_commandline_string(value)
+              when "set"
+                if value.is_a?(Hash)
+                  sep = ":"
+                  value.map { |k, v| "#{k} #{v}" }
+                else
+                  value
+                end
+              else
+                ""
+              end
+        entry_with_arg = ["\"#{entry}\"", arg].join(sep).strip
+        subcommand = "#{subcommand.capitalize} :#{entry_with_arg}"
+        [PLISTBUDDY_EXECUTABLE, "-c", "\'#{subcommand}\'", "\"#{path}\""].join(" ")
+      end
+
+      def setting_from_plist(entry, path)
+        defaults_read_type_output = shell_out(DEFAULTS_EXECUTABLE, "read-type", path, entry).stdout
+        data_type = defaults_read_type_output.split.last
+
+        if value.class == Hash
+          plutil_output = shell_out(PLUTIL_EXECUTABLE, "-extract", entry, "xml1", "-o", "-", path).stdout.chomp
+          { key_type: data_type, key_value: ::Plist.parse_xml(plutil_output) }
+        else
+          defaults_read_output = shell_out(DEFAULTS_EXECUTABLE, "read", path, entry).stdout
+          { key_type: data_type, key_value: defaults_read_output.strip }
+        end
+      end
+    end
+  end
+end