chef 15.11.3-universal-mingw32 → 16.1.16-universal-mingw32

data/lib/chef/resource/windows_dns_record.rb

@@ -21,7 +21,6 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsDnsRecord < Chef::Resource
-      resource_name :windows_dns_record
       provides :windows_dns_record
 
       description "The windows_dns_record resource creates a DNS record for the given domain."

data/lib/chef/resource/windows_dns_zone.rb

@@ -21,7 +21,6 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsDnsZone < Chef::Resource
-      resource_name :windows_dns_zone
       provides :windows_dns_zone
 
       description "The windows_dns_zone resource creates an Active Directory Integrated DNS Zone on the local server."

data/lib/chef/resource/windows_env.rb

@@ -22,22 +22,30 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsEnv < Chef::Resource
-      resource_name :windows_env
       provides :windows_env
       provides :env # backwards compat with the pre-Chef 14 resource name
 
-      description "Use the windows_env resource to manage environment keys in Microsoft Windows. After an environment key is set, Microsoft Windows must be restarted before the environment key will be available to the Task Scheduler."
+      description "Use the **windows_env** resource to manage environment keys in Microsoft Windows. After an environment key is set, Microsoft Windows must be restarted before the environment key will be available to the Task Scheduler."
+      examples <<~DOC
+      **Set an environment variable**:
+
+      ```ruby
+      windows_env 'ComSpec' do
+        value 'C:\\Windows\\system32\\cmd.exe'
+      end
+      ```
+      DOC
 
       default_action :create
       allowed_actions :create, :delete, :modify
 
       property :key_name, String,
         description: "An optional property to set the name of the key that is to be created, deleted, or modified if it differs from the resource block's name.",
-        identity: true, name_property: true
+        name_property: true
 
       property :value, String,
         description: "The value of the environmental variable to set.",
-        required: true
+        required: %i{create modify}
 
       property :delim, [ String, nil, false ],
         description: "The delimiter that is used to separate multiple values for a single key.",

data/lib/chef/resource/windows_feature.rb

@@ -21,11 +21,65 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsFeature < Chef::Resource
-      resource_name :windows_feature
       provides(:windows_feature) { true }
 
-      description "Use the windows_feature resource to add, remove or entirely delete Windows features and roles. This resource calls the 'windows_feature_dism' or 'windows_feature_powershell' resources depending on the specified installation method, and defaults to DISM, which is available on both Workstation and Server editions of Windows."
+      description "Use the **windows_feature** resource to add, remove or entirely delete Windows features and roles. This resource calls the 'windows_feature_dism' or 'windows_feature_powershell' resources depending on the specified installation method, and defaults to DISM, which is available on both Workstation and Server editions of Windows."
       introduced "14.0"
+      examples <<~DOC
+      **Install the DHCP Server feature**:
+
+      ```ruby
+      windows_feature 'DHCPServer' do
+        action :install
+      end
+      ```
+
+      **Install the .Net 3.5.1 feature using repository files on DVD**:
+
+      ```ruby
+      windows_feature "NetFx3" do
+        action :install
+        source 'd:\\sources\\sxs'
+      end
+      ```
+
+      **Remove Telnet Server and Client features**:
+
+      ```ruby
+      windows_feature %w(TelnetServer TelnetClient) do
+        action :remove
+      end
+      ```
+
+      **Add the SMTP Server feature using the PowerShell provider**:
+
+      ```ruby
+      windows_feature 'smtp-server' do
+        action :install
+        all true
+        install_method :windows_feature_powershell
+      end
+      ```
+
+      **Install multiple features using one resource with the PowerShell provider**:
+
+      ```ruby
+      windows_feature %w(Web-Asp-Net45 Web-Net-Ext45) do
+        action :install
+        install_method :windows_feature_powershell
+      end
+      ```
+
+      **Install the Network Policy and Access Service feature, including the management tools**:
+
+      ```ruby
+      windows_feature 'NPAS' do
+        action :install
+        management_tools true
+        install_method :windows_feature_powershell
+      end
+      ```
+      DOC
 
       property :feature_name, [Array, String],
         description: "The name of the feature(s) or role(s) to install if they differ from the resource block's name. The same feature may have different names depending on the underlying installation method being used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).",
@@ -43,13 +97,14 @@ class Chef
         default: false
 
       property :install_method, Symbol,
-        description: "The underlying installation method to use for feature installation. Specify ':windows_feature_dism' for DISM or ':windows_feature_powershell' for PowerShell.",
+        description: "The underlying installation method to use for feature installation. Specify `:windows_feature_dism` for DISM or `:windows_feature_powershell` for PowerShell.",
         equal_to: %i{windows_feature_dism windows_feature_powershell windows_feature_servermanagercmd},
         default: :windows_feature_dism
 
       property :timeout, Integer,
         description: "Specifies a timeout (in seconds) for the feature installation.",
-        default: 600
+        default: 600,
+        desired_state: false
 
       action :install do
         description "Install a Windows role/feature"

data/lib/chef/resource/windows_feature_dism.rb

@@ -22,11 +22,23 @@ require_relative "../platform/query_helpers"
 class Chef
   class Resource
     class WindowsFeatureDism < Chef::Resource
-      resource_name :windows_feature_dism
       provides(:windows_feature_dism) { true }
 
-      description "Use the windows_feature_dism resource to add, remove, or entirely delete Windows features and roles using DISM."
+      description "Use the **windows_feature_dism** resource to add, remove, or entirely delete Windows features and roles using DISM."
       introduced "14.0"
+      examples <<~DOC
+      **Installing the TelnetClient service**:
+
+      ```ruby
+      windows_feature_dism "TelnetClient"
+      ```
+
+      **Installing two features by using an array**:
+
+      ```ruby
+      windows_feature_dism %w(TelnetClient TFTP)
+      ```
+      DOC
 
       property :feature_name, [Array, String],
         description: "The name of the feature(s) or role(s) to install if they differ from the resource name.",
@@ -37,19 +49,18 @@ class Chef
         description: "Specify a local repository for the feature install."
 
       property :all, [TrueClass, FalseClass],
-        description: "Install all sub-features. When set to 'true', this is the equivalent of specifying the /All switch to dism.exe",
+        description: "Install all sub-features. When set to `true`, this is the equivalent of specifying the `/All` switch to `dism.exe`",
         default: false
 
       property :timeout, Integer,
         description: "Specifies a timeout (in seconds) for the feature installation.",
-        default: 600
+        default: 600,
+        desired_state: false
 
-      # @return [Array] lowercase the array unless we're on < Windows 2012
+      # @return [Array] lowercase the array
       def to_formatted_array(x)
         x = x.split(/\s*,\s*/) if x.is_a?(String) # split multiple forms of a comma separated list
-
-        # feature installs on windows < 2012 are case sensitive so only downcase when on 2012+
-        older_than_win_2012_or_8? ? x : x.map(&:downcase)
+        x.map(&:downcase)
       end
 
       action :install do
@@ -98,8 +109,6 @@ class Chef
       action :delete do
         description "Remove a Windows role/feature from the image using DISM"
 
-        raise_if_delete_unsupported
-
         reload_cached_dism_data unless node["dism_features_cache"]
 
         fail_if_unavailable # fail if the features don't exist
@@ -193,27 +202,18 @@ class Chef
           logger.trace("The cache contains\n#{node["dism_features_cache"]}")
         end
 
-        # parse the feature string and add the values to the appropriate array
-        # in the
-        # strips trailing whitespace characters then split on n number of spaces
-        # + | +  n number of spaces
+        # parse the feature string and add the values to the appropriate array in the strips
+        # trailing whitespace characters then split on n number of spaces + | +  n number of spaces
         # @return [void]
         def add_to_feature_mash(feature_type, feature_string)
           feature_details = feature_string.strip.split(/\s+[|]\s+/).first
 
-          # dism on windows 2012+ isn't case sensitive so it's best to compare
-          # lowercase lists so the user input doesn't need to be case sensitive
-          # @todo when we're ready to remove windows 2008R2 the gating here can go away
-          feature_details.downcase! unless older_than_win_2012_or_8?
+          # dism isn't case sensitive so it's best to compare lowercase lists so the
+          # user input doesn't need to be case sensitive
+          feature_details.downcase!
           node.override["dism_features_cache"][feature_type] << feature_details
         end
 
-        # Fail unless we're on windows 8+ / 2012+ where deleting a feature is supported
-        # @return [void]
-        def raise_if_delete_unsupported
-          raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not supported on Windows releases before Windows 8/2012. Cannot continue!" if older_than_win_2012_or_8?
-        end
-
         def required_parent_feature?(error_message)
           error_message.include?("Error: 50") && error_message.include?("required parent feature")
         end

data/lib/chef/resource/windows_feature_powershell.rb

@@ -16,7 +16,6 @@
 # limitations under the License.
 #
 
-require_relative "../mixin/powershell_out"
 require_relative "../json_compat"
 require_relative "../resource"
 require_relative "../platform/query_helpers"
@@ -24,11 +23,37 @@ require_relative "../platform/query_helpers"
 class Chef
   class Resource
     class WindowsFeaturePowershell < Chef::Resource
-      resource_name :windows_feature_powershell
       provides(:windows_feature_powershell) { true }
 
-      description "Use the windows_feature_powershell resource to add, remove, or entirely delete Windows features and roles using PowerShell. This resource offers significant speed benefits over the windows_feature_dism resource, but requires installation of the Remote Server Administration Tools on non-server releases of Windows."
+      description "Use the **windows_feature_powershell** resource to add, remove, or entirely delete Windows features and roles using PowerShell. This resource offers significant speed benefits over the windows_feature_dism resource, but requires installation of the Remote Server Administration Tools on non-server releases of Windows."
       introduced "14.0"
+      examples <<~DOC
+      **Add the SMTP Server feature**:
+
+      ```ruby
+      windows_feature_powershell "smtp-server" do
+        action :install
+        all true
+      end
+      ```
+
+      **Install multiple features using one resource**:
+
+      ```ruby
+      windows_feature_powershell ['Web-Asp-Net45', 'Web-Net-Ext45'] do
+        action :install
+      end
+      ```
+
+      **Install the Network Policy and Access Service feature**:
+
+      ```ruby
+      windows_feature_powershell 'NPAS' do
+        action :install
+        management_tools true
+      end
+      ```
+      DOC
 
       property :feature_name, [Array, String],
         description: "The name of the feature(s) or role(s) to install if they differ from the resource block's name.",
@@ -39,31 +64,28 @@ class Chef
         description: "Specify a local repository for the feature install."
 
       property :all, [TrueClass, FalseClass],
-        description: "Install all subfeatures. When set to 'true', this is the equivalent of specifying the '-InstallAllSubFeatures' switch with 'Add-WindowsFeature'.",
+        description: "Install all subfeatures. When set to `true`, this is the equivalent of specifying the `-InstallAllSubFeatures` switch with `Add-WindowsFeature`.",
         default: false
 
       property :timeout, Integer,
         description: "Specifies a timeout (in seconds) for the feature installation.",
-        default: 600
+        default: 600,
+        desired_state: false
 
       property :management_tools, [TrueClass, FalseClass],
         description: "Install all applicable management tools for the roles, role services, or features.",
         default: false
 
-      # Converts strings of features into an Array. Array objects are lowercased unless we're on < 8/2k12+.
+      # Converts strings of features into an Array. Array objects are lowercased
       # @return [Array] array of features
       def to_formatted_array(x)
         x = x.split(/\s*,\s*/) if x.is_a?(String) # split multiple forms of a comma separated list
 
-        # feature installs on windows < 8/2012 are case sensitive so only downcase when on 2012+
-        older_than_win_2012_or_8? ? x : x.map(&:downcase)
+        # features aren't case sensitive so let's compare in lowercase
+        x.map(&:downcase)
       end
 
-      include Chef::Mixin::PowershellOut
-
       action :install do
-        raise_on_old_powershell
-
         reload_cached_powershell_data unless node["powershell_features_cache"]
         fail_if_unavailable # fail if the features don't exist
         fail_if_removed # fail if the features are in removed state
@@ -71,14 +93,10 @@ class Chef
         Chef::Log.debug("Windows features needing installation: #{features_to_install.empty? ? "none" : features_to_install.join(",")}")
         unless features_to_install.empty?
           converge_by("install Windows feature#{"s" if features_to_install.count > 1} #{features_to_install.join(",")}") do
-            install_command = "#{install_feature_cmdlet} #{features_to_install.join(",")}"
-            install_command << " -IncludeAllSubFeature"  if new_resource.all
-            if older_than_win_2012_or_8? && (new_resource.source || new_resource.management_tools)
-              Chef::Log.warn("The 'source' and 'management_tools' properties are only available on Windows 8/2012 or greater. Skipping these properties!")
-            else
-              install_command << " -Source \"#{new_resource.source}\"" if new_resource.source
-              install_command << " -IncludeManagementTools" if new_resource.management_tools
-            end
+            install_command = "Install-WindowsFeature #{features_to_install.join(",")}"
+            install_command << " -IncludeAllSubFeature" if new_resource.all
+            install_command << " -Source \"#{new_resource.source}\"" if new_resource.source
+            install_command << " -IncludeManagementTools" if new_resource.management_tools
 
             cmd = powershell_out!(install_command, timeout: new_resource.timeout)
             Chef::Log.info(cmd.stdout)
@@ -89,15 +107,13 @@ class Chef
       end
 
       action :remove do
-        raise_on_old_powershell
-
         reload_cached_powershell_data unless node["powershell_features_cache"]
 
         Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
 
         unless features_to_remove.empty?
           converge_by("remove Windows feature#{"s" if features_to_remove.count > 1} #{features_to_remove.join(",")}") do
-            cmd = powershell_out!("#{remove_feature_cmdlet} #{features_to_remove.join(",")}", timeout: new_resource.timeout)
+            cmd = powershell_out!("Uninstall-WindowsFeature #{features_to_remove.join(",")}", timeout: new_resource.timeout)
             Chef::Log.info(cmd.stdout)
 
             reload_cached_powershell_data # Reload cached powershell feature state
@@ -106,9 +122,6 @@ class Chef
       end
 
       action :delete do
-        raise_on_old_powershell
-        raise_if_delete_unsupported
-
         reload_cached_powershell_data unless node["powershell_features_cache"]
 
         fail_if_unavailable # fail if the features don't exist
@@ -126,41 +139,6 @@ class Chef
       end
 
       action_class do
-        # shellout to determine the actively installed version of powershell
-        # we have this same data in ohai, but it doesn't get updated if powershell is installed mid run
-        # @return [Integer] the powershell version or 0 for nothing
-        def powershell_version
-          cmd = powershell_out("$PSVersionTable.psversion.major")
-          return 1 if cmd.stdout.empty? # PowerShell 1.0 doesn't have a $PSVersionTable
-
-          Regexp.last_match(1).to_i if cmd.stdout =~ /^(\d+)/
-        rescue Errno::ENOENT
-          0 # zero as in nothing is installed
-        end
-
-        # raise if we're running powershell less than 3.0 since we need convertto-json
-        # check the powershell version via ohai data and if we're < 3.0 also shellout to make sure as
-        # a newer version could be installed post ohai run. Yes we're double checking. It's fine.
-        # @todo this can go away when we fully remove support for Windows 2008 R2
-        # @raise [RuntimeError] Raise if powershell is < 3.0
-        def raise_on_old_powershell
-          # be super defensive about the powershell lang plugin not being there
-          return if node["languages"] && node["languages"]["powershell"] && node["languages"]["powershell"]["version"].to_i >= 3
-          raise "The windows_feature_powershell resource requires PowerShell 3.0 or later. Please install PowerShell 3.0+ before running this resource." if powershell_version < 3
-        end
-
-        # The appropriate cmdlet to install a windows feature based on windows release
-        # @return [String]
-        def install_feature_cmdlet
-          older_than_win_2012_or_8? ? "Add-WindowsFeature" : "Install-WindowsFeature"
-        end
-
-        # The appropriate cmdlet to remove a windows feature based on windows release
-        # @return [String]
-        def remove_feature_cmdlet
-          older_than_win_2012_or_8? ? "Remove-WindowsFeature" : "Uninstall-WindowsFeature"
-        end
-
         # @return [Array] features the user has requested to install which need installation
         def features_to_install
           # the intersection of the features to install & disabled features are what needs installing
@@ -224,13 +202,8 @@ class Chef
 
         # fetch the list of available feature names and state in JSON and parse the JSON
         def parsed_feature_list
-          # Grab raw feature information from dism command line
-          # Windows < 2012 doesn't present a state value so we have to check if the feature is installed or not
-          raw_list_of_features = if older_than_win_2012_or_8? # make the older format look like the new format, warts and all
-                                   powershell_out!('Get-WindowsFeature | Select-Object -Property Name, @{Name="InstallState"; Expression = {If ($_.Installed) { 1 } Else { 0 }}} | ConvertTo-Json -Compress', timeout: new_resource.timeout).stdout
-                                 else
-                                   powershell_out!("Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress", timeout: new_resource.timeout).stdout
-                                 end
+          # Grab raw feature information from WindowsFeature
+          raw_list_of_features = powershell_out!("Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress", timeout: new_resource.timeout).stdout
 
           Chef::JSONCompat.from_json(raw_list_of_features)
         end
@@ -238,26 +211,19 @@ class Chef
         # add the features values to the appropriate array
         # @return [void]
         def add_to_feature_mash(feature_type, feature_details)
-          # add the lowercase feature name to the mash unless we're on < 2012 where they're case sensitive
-          node.override["powershell_features_cache"][feature_type] << (older_than_win_2012_or_8? ? feature_details : feature_details.downcase)
+          # add the lowercase feature name to the mash so we can compare it lowercase later
+          node.override["powershell_features_cache"][feature_type] << feature_details.downcase
         end
 
         # Fail if any of the packages are in a removed state
         # @return [void]
         def fail_if_removed
           return if new_resource.source # if someone provides a source then all is well
+          return if registry_key_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing') && registry_value_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing', name: "LocalSourcePath") # if source is defined in the registry, still fine
 
-          if node["platform_version"].to_f > 6.2 # 2012R2 or later
-            return if registry_key_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing') && registry_value_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing', name: "LocalSourcePath") # if source is defined in the registry, still fine
-          end
           removed = new_resource.feature_name & node["powershell_features_cache"]["removed"]
           raise "The Windows feature#{"s" if removed.count > 1} #{removed.join(",")} #{removed.count > 1 ? "are" : "is"} removed from the host and cannot be installed." unless removed.empty?
         end
-
-        # Fail unless we're on windows 8+ / 2012+ where deleting a feature is supported
-        def raise_if_delete_unsupported
-          raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not supported on Windows releases before Windows 8/2012. Cannot continue!" if older_than_win_2012_or_8?
-        end
       end
     end
   end

data/lib/chef/resource/windows_firewall_rule.rb

@@ -24,19 +24,71 @@ require_relative "../json_compat"
 class Chef
   class Resource
     class WindowsFirewallRule < Chef::Resource
-      resource_name :windows_firewall_rule
+      provides :windows_firewall_rule
 
-      description "Use the windows_firewall_rule resource to create, change or remove windows firewall rules."
+      description "Use the **windows_firewall_rule** resource to create, change or remove Windows firewall rules."
       introduced "14.7"
+      examples <<~DOC
+      **Allowing port 80 access**:
+
+      ```ruby
+      windows_firewall_rule 'IIS' do
+        local_port '80'
+        protocol 'TCP'
+        firewall_action :allow
+      end
+      ```
+
+      **Allow protocol ICMPv6 with ICMP Type**:
+
+      ```ruby
+      windows_firewall_rule 'CoreNet-Rule' do
+        rule_name 'CoreNet-ICMP6-LR2-In'
+        display_name 'Core Networking - Multicast Listener Report v2 (ICMPv6-In)'
+        local_port 'RPC'
+        protocol 'ICMPv6'
+        icmp_type '8'
+      end
+      ```
+
+      **Blocking WinRM over HTTP on a particular IP**:
+
+      ```ruby
+      windows_firewall_rule 'Disable WinRM over HTTP' do
+        local_port '5985'
+        protocol 'TCP'
+        firewall_action :block
+        local_address '192.168.1.1'
+      end
+      ```
+
+      **Deleting an existing rule**
+
+      ```ruby
+      windows_firewall_rule 'Remove the SSH rule' do
+        rule_name 'ssh'
+        action :delete
+      end
+      ```
+      DOC
 
       property :rule_name, String,
         name_property: true,
         description: "An optional property to set the name of the firewall rule to assign if it differs from the resource block's name."
 
       property :description, String,
-        default: "Firewall rule",
         description: "The description to assign to the firewall rule."
 
+      property :displayname, String,
+        description: "The displayname to assign to the firewall rule.",
+        default: lazy { rule_name },
+        default_description: "The rule_name property value.",
+        introduced: "16.0"
+
+      property :group, String,
+        description: "Specifies that only matching firewall rules of the indicated group association are copied.",
+        introduced: "16.0"
+
       property :local_address, String,
         description: "The local address the firewall rule applies to."
 
@@ -62,6 +114,11 @@ class Chef
         default: "TCP",
         description: "The protocol the firewall rule applies to."
 
+      property :icmp_type, [String, Integer],
+        description: "Specifies the ICMP Type parameter for using a protocol starting with ICMP",
+        default: "Any",
+        introduced: "16.0"
+
       property :firewall_action, [Symbol, String],
         default: :allow, equal_to: %i{allow block notconfigured},
         description: "The action of the firewall rule.",
@@ -110,12 +167,16 @@ class Chef
         # Need to reverse `$rule.Profile.ToString()` in powershell command
         current_profiles = state["profile"].split(", ").map(&:to_sym)
 
+        description state["description"]
+        displayname state["displayname"]
+        group state["group"]
         local_address state["local_address"]
         local_port Array(state["local_port"]).sort
         remote_address state["remote_address"]
         remote_port Array(state["remote_port"]).sort
         direction state["direction"]
         protocol state["protocol"]
+        icmp_type state["icmp_type"]
         firewall_action state["firewall_action"]
         profile current_profiles
         program state["program"]
@@ -126,13 +187,18 @@ class Chef
 
       action :create do
         description "Create a Windows firewall entry."
-
         if current_resource
-          converge_if_changed :rule_name, :local_address, :local_port, :remote_address, :remote_port, :direction,
-            :protocol, :firewall_action, :profile, :program, :service, :interface_type, :enabled do
+          converge_if_changed :rule_name, :description, :displayname, :local_address, :local_port, :remote_address,
+            :remote_port, :direction, :protocol, :icmp_type, :firewall_action, :profile, :program, :service,
+            :interface_type, :enabled do
               cmd = firewall_command("Set")
               powershell_out!(cmd)
             end
+          converge_if_changed :group do
+            powershell_out!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'")
+            cmd = firewall_command("New")
+            powershell_out!(cmd)
+          end
         else
           converge_by("create firewall rule #{new_resource.rule_name}") do
             cmd = firewall_command("New")
@@ -158,7 +224,9 @@ class Chef
         # @return [String] firewall create command
         def firewall_command(cmdlet_type)
           cmd = "#{cmdlet_type}-NetFirewallRule -Name '#{new_resource.rule_name}'"
-          cmd << " -DisplayName '#{new_resource.rule_name}'" if cmdlet_type == "New"
+          cmd << " -DisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "New"
+          cmd << " -NewDisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "Set"
+          cmd << " -Group '#{new_resource.group}'" if new_resource.group && cmdlet_type == "New"
           cmd << " -Description '#{new_resource.description}'" if new_resource.description
           cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
           cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port
@@ -166,6 +234,7 @@ class Chef
           cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port
           cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
           cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol
+          cmd << " -IcmpType '#{new_resource.icmp_type}'"
           cmd << " -Action '#{new_resource.firewall_action}'" if new_resource.firewall_action
           cmd << " -Profile '#{new_resource.profile.join("', '")}'" if new_resource.profile
           cmd << " -Program '#{new_resource.program}'" if new_resource.program
@@ -175,12 +244,53 @@ class Chef
 
           cmd
         end
+
+        def define_resource_requirements
+          requirements.assert(:create) do |a|
+            a.assertion do
+              if new_resource.icmp_type.is_a?(String)
+                !new_resource.icmp_type.empty?
+              elsif new_resource.icmp_type.is_a?(Integer)
+                !new_resource.icmp_type.nil?
+              end
+            end
+            a.failure_message("The :icmp_type property can not be empty in #{new_resource.rule_name}")
+          end
+
+          requirements.assert(:create) do |a|
+            a.assertion do
+              if new_resource.icmp_type.is_a?(Integer)
+                new_resource.protocol.start_with?("ICMP")
+              elsif new_resource.icmp_type.is_a?(String) && !new_resource.protocol.start_with?("ICMP")
+                new_resource.icmp_type == "Any"
+              else
+                true
+              end
+            end
+            a.failure_message("The :icmp_type property has a value of #{new_resource.icmp_type} set, but is not allowed for :protocol #{new_resource.protocol} in #{new_resource.rule_name}")
+          end
+
+          requirements.assert(:create) do |a|
+            a.assertion do
+              if new_resource.icmp_type.is_a?(Integer)
+                (0..255).include?(new_resource.icmp_type)
+              elsif new_resource.icmp_type.is_a?(String) && !new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
+                (0..255).include?(new_resource.icmp_type.to_i)
+              elsif new_resource.icmp_type.is_a?(String) && new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
+                new_resource.icmp_type.split(":").all? { |type| (0..255).include?(type.to_i) }
+              else
+                true
+              end
+            end
+            a.failure_message("Can not set :icmp_type to #{new_resource.icmp_type} as one value is out of range (0 to 255) in #{new_resource.rule_name}")
+          end
+        end
       end
 
       private
 
       # build the command to load the current resource
-      # # @return [String] current firewall state
+      # @return [String] current firewall state
       def load_firewall_state(rule_name)
         <<-EOH
           Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
@@ -193,12 +303,15 @@ class Chef
           ([PSCustomObject]@{
             rule_name = $rule.Name
             description = $rule.Description
+            displayname = $rule.DisplayName
+            group = $rule.Group
             local_address = $addressFilter.LocalAddress
             local_port = $portFilter.LocalPort
             remote_address = $addressFilter.RemoteAddress
             remote_port = $portFilter.RemotePort
             direction = $rule.Direction.ToString()
             protocol = $portFilter.Protocol
+            icmp_type = $portFilter.IcmpType
             firewall_action = $rule.Action.ToString()
             profile = $rule.Profile.ToString()
             program = $applicationFilter.Program