RubyGems - chef - Versions diffs - 15.11.3-universal-mingw32 → 16.1.16-universal-mingw32 - Mend

chef 15.11.3-universal-mingw32 → 16.1.16-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (513) hide show

checksums.yaml +4 -4
data/Gemfile +3 -7
data/README.md +1 -1
data/Rakefile +44 -16
data/chef.gemspec +6 -4
data/distro/powershell/chef/chef.psm1 +3 -3
data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
data/lib/chef/action_collection.rb +16 -5
data/lib/chef/application.rb +33 -54
data/lib/chef/application/apply.rb +18 -1
data/lib/chef/application/base.rb +8 -3
data/lib/chef/application/knife.rb +1 -1
data/lib/chef/chef_class.rb +4 -4
data/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb +1 -1
data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +1 -1
data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +3 -3
data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
data/lib/chef/chef_fs/path_utils.rb +3 -3
data/lib/chef/client.rb +16 -14
data/lib/chef/config.rb +1 -1
data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
data/lib/chef/cookbook/gem_installer.rb +1 -1
data/lib/chef/cookbook/metadata.rb +45 -22
data/lib/chef/cookbook_loader.rb +1 -1
data/lib/chef/cookbook_manifest.rb +1 -1
data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
data/lib/chef/cookbook_version.rb +38 -3
data/lib/chef/data_collector.rb +1 -1
data/lib/chef/data_collector/error_handlers.rb +1 -1
data/lib/chef/data_collector/run_end_message.rb +7 -1
data/lib/chef/decorator/lazy_array.rb +2 -2
data/lib/chef/deprecated.rb +4 -0
data/lib/chef/digester.rb +4 -4
data/lib/chef/dist.rb +8 -0
data/lib/chef/dsl/chef_vault.rb +84 -0
data/lib/chef/dsl/declare_resource.rb +7 -5
data/lib/chef/dsl/platform_introspection.rb +3 -2
data/lib/chef/dsl/recipe.rb +7 -12
data/lib/chef/dsl/universal.rb +3 -7
data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
data/lib/chef/encrypted_data_bag_item/encryptor.rb +1 -1
data/lib/chef/event_dispatch/base.rb +3 -0
data/lib/chef/formatters/base.rb +1 -1
data/lib/chef/formatters/doc.rb +1 -1
data/lib/chef/formatters/indentable_output_stream.rb +7 -16
data/lib/chef/http.rb +1 -1
data/lib/chef/http/decompressor.rb +1 -1
data/lib/chef/http/http_request.rb +3 -2
data/lib/chef/json_compat.rb +1 -1
data/lib/chef/key.rb +1 -1
data/lib/chef/knife.rb +2 -4
data/lib/chef/knife/acl_add.rb +57 -0
data/lib/chef/knife/acl_base.rb +183 -0
data/lib/chef/knife/acl_bulk_add.rb +78 -0
data/lib/chef/knife/acl_bulk_remove.rb +83 -0
data/lib/chef/knife/acl_remove.rb +62 -0
data/lib/chef/knife/acl_show.rb +56 -0
data/lib/chef/knife/bootstrap.rb +84 -90
data/lib/chef/knife/bootstrap/chef_vault_handler.rb +2 -2
data/lib/chef/knife/bootstrap/client_builder.rb +2 -2
data/lib/chef/knife/bootstrap/templates/chef-full.erb +11 -11
data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +12 -12
data/lib/chef/knife/core/bootstrap_context.rb +63 -60
data/lib/chef/knife/core/generic_presenter.rb +4 -3
data/lib/chef/knife/core/hashed_command_loader.rb +1 -1
data/lib/chef/knife/core/node_presenter.rb +2 -2
data/lib/chef/knife/core/status_presenter.rb +5 -5
data/lib/chef/knife/core/subcommand_loader.rb +1 -1
data/lib/chef/knife/core/ui.rb +17 -1
data/lib/chef/knife/core/windows_bootstrap_context.rb +44 -42
data/lib/chef/knife/data_bag_secret_options.rb +18 -45
data/lib/chef/knife/group_add.rb +55 -0
data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
data/lib/chef/knife/group_destroy.rb +53 -0
data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
data/lib/chef/knife/group_remove.rb +56 -0
data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
data/lib/chef/knife/key_create_base.rb +1 -1
data/lib/chef/knife/key_edit_base.rb +1 -1
data/lib/chef/knife/ssh.rb +12 -31
data/lib/chef/knife/status.rb +3 -3
data/lib/chef/knife/supermarket_download.rb +1 -2
data/lib/chef/knife/supermarket_install.rb +2 -3
data/lib/chef/knife/supermarket_list.rb +1 -2
data/lib/chef/knife/supermarket_search.rb +1 -2
data/lib/chef/knife/supermarket_share.rb +1 -2
data/lib/chef/knife/supermarket_show.rb +1 -2
data/lib/chef/knife/supermarket_unshare.rb +1 -2
data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
data/lib/chef/knife/user_invite_list.rb +34 -0
data/lib/chef/knife/user_invite_rescind.rb +63 -0
data/lib/chef/knife/yaml_convert.rb +91 -0
data/lib/chef/mixin/api_version_request_handling.rb +1 -1
data/lib/chef/mixin/checksum.rb +0 -1
data/lib/chef/mixin/openssl_helper.rb +4 -4
data/lib/chef/mixin/powershell_exec.rb +10 -1
data/lib/chef/mixin/powershell_out.rb +1 -1
data/lib/chef/mixin/properties.rb +16 -2
data/lib/chef/mixin/shell_out.rb +1 -5
data/lib/chef/monkey_patches/net_http.rb +0 -4
data/lib/chef/node.rb +18 -6
data/lib/chef/node/attribute.rb +2 -2
data/lib/chef/node/immutable_collections.rb +1 -1
data/lib/chef/node/mixin/immutablize_array.rb +4 -0
data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
data/lib/chef/node_map.rb +5 -31
data/lib/chef/platform/priority_map.rb +4 -4
data/lib/chef/platform/query_helpers.rb +6 -34
data/lib/chef/policy_builder/policyfile.rb +1 -1
data/lib/chef/powershell.rb +14 -0
data/lib/chef/property.rb +24 -6
data/lib/chef/provider.rb +40 -6
data/lib/chef/provider/cron.rb +2 -2
data/lib/chef/provider/directory.rb +3 -3
data/lib/chef/provider/dsc_resource.rb +1 -1
data/lib/chef/provider/dsc_script.rb +1 -1
data/lib/chef/provider/execute.rb +3 -9
data/lib/chef/provider/file.rb +6 -6
data/lib/chef/provider/git.rb +84 -27
data/lib/chef/provider/group.rb +4 -4
data/lib/chef/provider/http_request.rb +6 -6
data/lib/chef/provider/ifconfig.rb +4 -4
data/lib/chef/provider/launchd.rb +45 -64
data/lib/chef/provider/link.rb +2 -2
data/lib/chef/provider/mount.rb +5 -5
data/lib/chef/provider/osx_profile.rb +7 -3
data/lib/chef/provider/package.rb +2 -2
data/lib/chef/provider/package/cab.rb +5 -6
data/lib/chef/provider/package/chocolatey.rb +1 -3
data/lib/chef/provider/package/dnf.rb +66 -10
data/lib/chef/provider/package/dnf/dnf_helper.py +85 -26
data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
data/lib/chef/provider/package/dnf/version.rb +5 -1
data/lib/chef/provider/package/dpkg.rb +1 -1
data/lib/chef/provider/package/freebsd/base.rb +2 -1
data/lib/chef/provider/package/homebrew.rb +107 -43
data/lib/chef/provider/package/macports.rb +0 -2
data/lib/chef/provider/package/msu.rb +4 -1
data/lib/chef/provider/package/pacman.rb +25 -34
data/lib/chef/provider/package/portage.rb +1 -0
data/lib/chef/provider/package/powershell.rb +1 -1
data/lib/chef/provider/package/rubygems.rb +30 -3
data/lib/chef/provider/package/windows.rb +29 -53
data/lib/chef/provider/package/windows/msi.rb +2 -2
data/lib/chef/provider/package/yum.rb +1 -9
data/lib/chef/provider/package/yum/yum_cache.rb +1 -1
data/lib/chef/provider/package/zypper.rb +0 -1
data/lib/chef/provider/powershell_script.rb +5 -11
data/lib/chef/provider/registry_key.rb +4 -4
data/lib/chef/provider/remote_directory.rb +5 -5
data/lib/chef/provider/remote_file/ftp.rb +3 -2
data/lib/chef/provider/remote_file/local_file.rb +2 -1
data/lib/chef/provider/remote_file/sftp.rb +3 -2
data/lib/chef/provider/route.rb +5 -3
data/lib/chef/provider/ruby_block.rb +1 -1
data/lib/chef/provider/script.rb +2 -2
data/lib/chef/provider/service.rb +8 -8
data/lib/chef/provider/service/aixinit.rb +1 -1
data/lib/chef/provider/service/arch.rb +1 -1
data/lib/chef/provider/service/debian.rb +30 -28
data/lib/chef/provider/service/macosx.rb +16 -10
data/lib/chef/provider/service/systemd.rb +12 -12
data/lib/chef/provider/service/upstart.rb +1 -1
data/lib/chef/provider/service/windows.rb +5 -11
data/lib/chef/provider/subversion.rb +25 -5
data/lib/chef/provider/systemd_unit.rb +26 -25
data/lib/chef/provider/user.rb +6 -6
data/lib/chef/provider/user/aix.rb +1 -1
data/lib/chef/provider/user/dscl.rb +6 -6
data/lib/chef/provider/user/mac.rb +20 -15
data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
data/lib/chef/provider/windows_env.rb +3 -3
data/lib/chef/provider/windows_script.rb +2 -2
data/lib/chef/provider/windows_task.rb +10 -10
data/lib/chef/providers.rb +0 -6
data/lib/chef/recipe.rb +36 -0
data/lib/chef/resource.rb +44 -57
data/lib/chef/resource/action_class.rb +24 -22
data/lib/chef/resource/alternatives.rb +210 -0
data/lib/chef/resource/apt_package.rb +33 -3
data/lib/chef/resource/apt_preference.rb +103 -7
data/lib/chef/resource/apt_repository.rb +357 -18
data/lib/chef/resource/apt_update.rb +58 -5
data/lib/chef/resource/archive_file.rb +6 -5
data/lib/chef/resource/bash.rb +3 -1
data/lib/chef/resource/batch.rb +1 -1
data/lib/chef/resource/bff_package.rb +10 -2
data/lib/chef/resource/breakpoint.rb +1 -2
data/lib/chef/resource/build_essential.rb +49 -51
data/lib/chef/resource/cab_package.rb +9 -2
data/lib/chef/resource/chef_client_cron.rb +228 -0
data/lib/chef/resource/chef_client_scheduled_task.rb +201 -0
data/lib/chef/resource/chef_client_systemd_timer.rb +180 -0
data/lib/chef/resource/chef_gem.rb +15 -18
data/lib/chef/resource/chef_handler.rb +5 -4
data/lib/chef/resource/chef_sleep.rb +7 -5
data/lib/chef/resource/chef_vault_secret.rb +135 -0
data/lib/chef/resource/chocolatey_config.rb +8 -4
data/lib/chef/resource/chocolatey_feature.rb +7 -4
data/lib/chef/resource/chocolatey_package.rb +7 -4
data/lib/chef/resource/chocolatey_source.rb +7 -4
data/lib/chef/resource/cookbook_file.rb +4 -3
data/lib/chef/resource/cron.rb +34 -80
data/lib/chef/resource/cron_access.rb +10 -6
data/lib/chef/resource/cron_d.rb +44 -95
data/lib/chef/resource/csh.rb +3 -1
data/lib/chef/resource/directory.rb +3 -3
data/lib/chef/resource/dmg_package.rb +22 -19
data/lib/chef/resource/dnf_package.rb +3 -4
data/lib/chef/resource/dpkg_package.rb +3 -2
data/lib/chef/resource/dsc_resource.rb +6 -4
data/lib/chef/resource/dsc_script.rb +3 -2
data/lib/chef/resource/execute.rb +15 -14
data/lib/chef/resource/file.rb +14 -9
data/lib/chef/resource/freebsd_package.rb +3 -2
data/lib/chef/resource/gem_package.rb +19 -11
data/lib/chef/resource/group.rb +5 -2
data/lib/chef/resource/helpers/cron_validations.rb +98 -0
data/lib/chef/resource/homebrew_cask.rb +3 -2
data/lib/chef/resource/homebrew_package.rb +5 -3
data/lib/chef/resource/homebrew_tap.rb +3 -2
data/lib/chef/resource/hostname.rb +26 -20
data/lib/chef/resource/http_request.rb +1 -2
data/lib/chef/resource/ifconfig.rb +8 -8
data/lib/chef/resource/ips_package.rb +11 -3
data/lib/chef/resource/kernel_module.rb +30 -30
data/lib/chef/resource/ksh.rb +3 -1
data/lib/chef/resource/launchd.rb +3 -3
data/lib/chef/resource/link.rb +5 -27
data/lib/chef/resource/locale.rb +60 -26
data/lib/chef/resource/log.rb +13 -2
data/lib/chef/resource/lwrp_base.rb +1 -1
data/lib/chef/resource/macos_userdefaults.rb +18 -10
data/lib/chef/resource/macosx_service.rb +3 -2
data/lib/chef/resource/macports_package.rb +10 -2
data/lib/chef/resource/mdadm.rb +63 -3
data/lib/chef/resource/mount.rb +4 -1
data/lib/chef/resource/msu_package.rb +19 -2
data/lib/chef/resource/notify_group.rb +8 -3
data/lib/chef/resource/ohai.rb +20 -4
data/lib/chef/resource/ohai_hint.rb +4 -13
data/lib/chef/resource/openbsd_package.rb +10 -2
data/lib/chef/resource/openssl_dhparam.rb +11 -2
data/lib/chef/resource/openssl_ec_private_key.rb +24 -2
data/lib/chef/resource/openssl_ec_public_key.rb +22 -2
data/lib/chef/resource/openssl_rsa_private_key.rb +21 -2
data/lib/chef/resource/openssl_rsa_public_key.rb +23 -2
data/lib/chef/resource/openssl_x509_certificate.rb +38 -2
data/lib/chef/resource/openssl_x509_crl.rb +13 -2
data/lib/chef/resource/openssl_x509_request.rb +38 -2
data/lib/chef/resource/osx_profile.rb +4 -3
data/lib/chef/resource/package.rb +3 -2
data/lib/chef/resource/pacman_package.rb +3 -2
data/lib/chef/resource/paludis_package.rb +13 -4
data/lib/chef/resource/perl.rb +3 -1
data/lib/chef/resource/plist.rb +207 -0
data/lib/chef/resource/portage_package.rb +14 -4
data/lib/chef/resource/powershell_package.rb +2 -4
data/lib/chef/resource/powershell_package_source.rb +4 -2
data/lib/chef/resource/powershell_script.rb +8 -18
data/lib/chef/resource/python.rb +3 -1
data/lib/chef/resource/reboot.rb +1 -2
data/lib/chef/resource/registry_key.rb +2 -3
data/lib/chef/resource/remote_directory.rb +3 -1
data/lib/chef/resource/remote_file.rb +3 -2
data/lib/chef/resource/rhsm_errata.rb +1 -4
data/lib/chef/resource/rhsm_errata_level.rb +1 -2
data/lib/chef/resource/rhsm_register.rb +3 -3
data/lib/chef/resource/rhsm_repo.rb +4 -3
data/lib/chef/resource/rhsm_subscription.rb +5 -4
data/lib/chef/resource/route.rb +6 -2
data/lib/chef/resource/rpm_package.rb +13 -3
data/lib/chef/resource/ruby.rb +3 -1
data/lib/chef/resource/ruby_block.rb +2 -5
data/lib/chef/resource/scm/_scm.rb +49 -0
data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +10 -7
data/lib/chef/resource/script.rb +7 -4
data/lib/chef/resource/service.rb +7 -8
data/lib/chef/resource/smartos_package.rb +10 -2
data/lib/chef/resource/snap_package.rb +4 -2
data/lib/chef/resource/solaris_package.rb +10 -2
data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
data/lib/chef/resource/sudo.rb +11 -11
data/lib/chef/resource/support/cron.d.erb +1 -1
data/lib/chef/resource/support/cron_access.erb +1 -1
data/lib/chef/resource/support/sudoer.erb +1 -2
data/lib/chef/resource/support/ulimit.erb +41 -0
data/lib/chef/resource/swap_file.rb +7 -5
data/lib/chef/resource/sysctl.rb +63 -4
data/lib/chef/resource/systemd_unit.rb +6 -4
data/lib/chef/resource/template.rb +0 -1
data/lib/chef/resource/timezone.rb +8 -19
data/lib/chef/resource/user.rb +3 -5
data/lib/chef/resource/user/aix_user.rb +0 -2
data/lib/chef/resource/user/dscl_user.rb +1 -1
data/lib/chef/resource/user/linux_user.rb +0 -2
data/lib/chef/resource/user/mac_user.rb +1 -1
data/lib/chef/resource/user/pw_user.rb +0 -2
data/lib/chef/resource/user/solaris_user.rb +0 -2
data/lib/chef/resource/user/windows_user.rb +0 -2
data/lib/chef/resource/user_ulimit.rb +116 -0
data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
data/lib/chef/resource/windows_ad_join.rb +20 -7
data/lib/chef/resource/windows_auto_run.rb +2 -3
data/lib/chef/resource/windows_certificate.rb +3 -3
data/lib/chef/resource/windows_dfs_folder.rb +1 -2
data/lib/chef/resource/windows_dfs_namespace.rb +1 -2
data/lib/chef/resource/windows_dfs_server.rb +2 -3
data/lib/chef/resource/windows_dns_record.rb +0 -1
data/lib/chef/resource/windows_dns_zone.rb +0 -1
data/lib/chef/resource/windows_env.rb +12 -4
data/lib/chef/resource/windows_feature.rb +59 -4
data/lib/chef/resource/windows_feature_dism.rb +24 -24
data/lib/chef/resource/windows_feature_powershell.rb +44 -78
data/lib/chef/resource/windows_firewall_rule.rb +121 -8
data/lib/chef/resource/windows_font.rb +10 -2
data/lib/chef/resource/windows_package.rb +76 -7
data/lib/chef/resource/windows_pagefile.rb +31 -4
data/lib/chef/resource/windows_path.rb +18 -2
data/lib/chef/resource/windows_printer.rb +26 -7
data/lib/chef/resource/windows_printer_port.rb +29 -2
data/lib/chef/resource/windows_script.rb +3 -4
data/lib/chef/resource/windows_security_policy.rb +119 -0
data/lib/chef/resource/windows_service.rb +46 -32
data/lib/chef/resource/windows_share.rb +22 -6
data/lib/chef/resource/windows_shortcut.rb +13 -3
data/lib/chef/resource/windows_task.rb +129 -16
data/lib/chef/resource/windows_uac.rb +20 -2
data/lib/chef/resource/windows_user_privilege.rb +199 -0
data/lib/chef/resource/windows_workgroup.rb +19 -4
data/lib/chef/resource/yum_package.rb +91 -7
data/lib/chef/resource/yum_repository.rb +30 -12
data/lib/chef/resource/zypper_package.rb +32 -5
data/lib/chef/resource/zypper_repository.rb +19 -6
data/lib/chef/resource_builder.rb +8 -0
data/lib/chef/resource_inspector.rb +3 -2
data/lib/chef/resource_resolver.rb +7 -14
data/lib/chef/resources.rb +11 -3
data/lib/chef/run_context/cookbook_compiler.rb +29 -5
data/lib/chef/scan_access_control.rb +1 -1
data/lib/chef/shell.rb +22 -0
data/lib/chef/shell/ext.rb +1 -1
data/lib/chef/version.rb +1 -1
data/lib/chef/win32/api.rb +2 -2
data/lib/chef/win32/api/error.rb +3 -1
data/lib/chef/win32/api/file.rb +1 -1
data/lib/chef/win32/api/net.rb +1 -0
data/lib/chef/win32/api/security.rb +6 -0
data/lib/chef/win32/file.rb +1 -9
data/lib/chef/win32/mutex.rb +1 -1
data/lib/chef/win32/net.rb +1 -0
data/lib/chef/win32/security.rb +40 -2
data/lib/chef/win32/security/sid.rb +4 -4
data/spec/functional/assets/inittest +8 -7
data/spec/functional/knife/ssh_spec.rb +23 -19
data/spec/functional/resource/cron_spec.rb +10 -29
data/spec/functional/resource/dnf_package_spec.rb +441 -156
data/spec/functional/resource/git_spec.rb +184 -134
data/spec/functional/resource/insserv_spec.rb +1 -1
data/spec/functional/resource/launchd_spec.rb +232 -0
data/spec/functional/resource/link_spec.rb +3 -3
data/spec/functional/resource/locale_spec.rb +13 -2
data/spec/functional/resource/msu_package_spec.rb +5 -2
data/spec/functional/resource/powershell_script_spec.rb +7 -68
data/spec/functional/resource/remote_file_spec.rb +1 -1
data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
data/spec/functional/resource/windows_task_spec.rb +4 -4
data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
data/spec/functional/run_lock_spec.rb +1 -1
data/spec/functional/shell_spec.rb +1 -1
data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
data/spec/functional/version_spec.rb +1 -1
data/spec/functional/win32/registry_spec.rb +0 -6
data/spec/functional/win32/security_spec.rb +22 -0
data/spec/integration/client/client_spec.rb +123 -2
data/spec/integration/knife/cookbook_show_spec.rb +28 -26
data/spec/integration/knife/data_bag_show_spec.rb +1 -1
data/spec/integration/knife/raw_spec.rb +34 -6
data/spec/integration/knife/redirection_spec.rb +2 -2
data/spec/integration/knife/show_spec.rb +32 -3
data/spec/integration/recipes/lwrp_inline_resources_spec.rb +3 -3
data/spec/integration/recipes/noop_resource_spec.rb +1 -1
data/spec/integration/recipes/notifies_spec.rb +49 -20
data/spec/integration/recipes/notifying_block_spec.rb +8 -5
data/spec/integration/recipes/provider_choice.rb +2 -0
data/spec/integration/recipes/recipe_dsl_spec.rb +45 -143
data/spec/integration/recipes/resource_action_spec.rb +16 -11
data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -1
data/spec/integration/recipes/resource_load_spec.rb +133 -12
data/spec/integration/recipes/use_partial_spec.rb +112 -0
data/spec/integration/solo/solo_spec.rb +3 -3
data/spec/spec_helper.rb +18 -3
data/spec/support/chef_helpers.rb +2 -2
data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
data/spec/support/platform_helpers.rb +2 -20
data/spec/support/recipe_dsl_helper.rb +83 -0
data/spec/support/shared/functional/http.rb +2 -2
data/spec/support/shared/functional/windows_script.rb +3 -16
data/spec/support/shared/integration/knife_support.rb +9 -6
data/spec/support/shared/unit/mock_shellout.rb +1 -1
data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +4 -4
data/spec/unit/application/apply_spec.rb +3 -0
data/spec/unit/application/client_spec.rb +5 -1
data/spec/unit/application_spec.rb +1 -2
data/spec/unit/client_spec.rb +7 -5
data/spec/unit/cookbook/gem_installer_spec.rb +2 -2
data/spec/unit/cookbook/metadata_spec.rb +38 -19
data/spec/unit/data_collector_spec.rb +39 -18
data/spec/unit/file_access_control_spec.rb +1 -1
data/spec/unit/json_compat_spec.rb +1 -1
data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
data/spec/unit/knife/bootstrap_spec.rb +20 -38
data/spec/unit/knife/cookbook_show_spec.rb +1 -0
data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
data/spec/unit/knife/core/ui_spec.rb +16 -0
data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +9 -63
data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
data/spec/unit/knife/ssh_spec.rb +8 -111
data/spec/unit/knife/status_spec.rb +1 -1
data/spec/unit/knife_spec.rb +18 -0
data/spec/unit/mixin/openssl_helper_spec.rb +4 -4
data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
data/spec/unit/mixin/shell_out_spec.rb +25 -31
data/spec/unit/node/attribute_spec.rb +3 -3
data/spec/unit/node_spec.rb +24 -0
data/spec/unit/platform/query_helpers_spec.rb +0 -143
data/spec/unit/property/state_spec.rb +12 -7
data/spec/unit/property/validation_spec.rb +25 -1
data/spec/unit/property_spec.rb +12 -9
data/spec/unit/provider/apt_preference_spec.rb +14 -10
data/spec/unit/provider/apt_repository_spec.rb +34 -36
data/spec/unit/provider/apt_update_spec.rb +12 -11
data/spec/unit/provider/cookbook_file_spec.rb +4 -4
data/spec/unit/provider/cron_spec.rb +2 -2
data/spec/unit/provider/directory_spec.rb +4 -15
data/spec/unit/provider/file_spec.rb +4 -4
data/spec/unit/provider/git_spec.rb +41 -1
data/spec/unit/provider/group/groupadd_spec.rb +1 -1
data/spec/unit/provider/launchd_spec.rb +8 -50
data/spec/unit/provider/link_spec.rb +0 -1
data/spec/unit/provider/log_spec.rb +3 -3
data/spec/unit/provider/mdadm_spec.rb +3 -3
data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
data/spec/unit/provider/package/homebrew_spec.rb +280 -174
data/spec/unit/provider/package/pacman_spec.rb +65 -147
data/spec/unit/provider/package/portage_spec.rb +2 -2
data/spec/unit/provider/package/powershell_spec.rb +3 -2
data/spec/unit/provider/package/rubygems_spec.rb +211 -26
data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
data/spec/unit/provider/powershell_script_spec.rb +21 -61
data/spec/unit/provider/remote_file_spec.rb +3 -4
data/spec/unit/provider/service/debian_service_spec.rb +34 -13
data/spec/unit/provider/service/macosx_spec.rb +210 -214
data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
data/spec/unit/provider/subversion_spec.rb +4 -2
data/spec/unit/provider/template_spec.rb +3 -4
data/spec/unit/provider/zypper_repository_spec.rb +17 -17
data/spec/unit/provider_resolver_spec.rb +4 -4
data/spec/unit/recipe_spec.rb +68 -0
data/spec/unit/resource/alternatives_spec.rb +120 -0
data/spec/unit/resource/apt_preference_spec.rb +0 -18
data/spec/unit/resource/apt_repository_spec.rb +0 -18
data/spec/unit/resource/apt_update_spec.rb +0 -18
data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
data/spec/unit/resource/cron_d_spec.rb +6 -48
data/spec/unit/resource/cron_spec.rb +4 -10
data/spec/unit/resource/gem_package_spec.rb +3 -3
data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
data/spec/unit/resource/link_spec.rb +0 -4
data/spec/unit/resource/locale_spec.rb +0 -34
data/spec/unit/resource/msu_package_spec.rb +4 -0
data/spec/unit/resource/ohai_spec.rb +56 -2
data/spec/unit/resource/plist_spec.rb +130 -0
data/spec/unit/resource/powershell_script_spec.rb +0 -5
data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
data/spec/unit/resource/service_spec.rb +4 -0
data/spec/unit/resource/user_spec.rb +2 -2
data/spec/unit/resource/user_ulimit_spec.rb +53 -0
data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
data/spec/unit/resource/windows_feature_powershell_spec.rb +2 -17
data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
data/spec/unit/resource/windows_package_spec.rb +14 -0
data/spec/unit/resource/windows_service_spec.rb +9 -0
data/spec/unit/resource_reporter_spec.rb +2 -6
data/spec/unit/resource_spec.rb +10 -3
data/spec/unit/run_lock_spec.rb +1 -1
data/spec/unit/scan_access_control_spec.rb +1 -1
data/spec/unit/search/query_spec.rb +1 -1
data/spec/unit/win32/registry_spec.rb +1 -1
data/tasks/rspec.rb +6 -14
metadata +92 -37
data/lib/chef/dsl/core.rb +0 -52
data/lib/chef/knife/cookbook_site_share.rb +0 -41
data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
data/lib/chef/provider/apt_preference.rb +0 -93
data/lib/chef/provider/apt_repository.rb +0 -358
data/lib/chef/provider/apt_update.rb +0 -79
data/lib/chef/provider/log.rb +0 -43
data/lib/chef/provider/mdadm.rb +0 -85
data/lib/chef/provider/ohai.rb +0 -45
data/lib/chef/resource/git.rb +0 -37
data/spec/unit/provider/ohai_spec.rb +0 -84

data/lib/chef/json_compat.rb CHANGED

@@ -28,7 +28,7 @@ class Chef
     class <<self
-      # API to use to avoid create_addtions
+      # API to use to avoid create_additions
       def parse(source, opts = {})
         FFI_Yajl::Parser.parse(source, opts)
       rescue FFI_Yajl::ParseError => e

data/lib/chef/key.rb CHANGED

@@ -252,7 +252,7 @@ class Chef
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.n),
           OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.e),
         ])
-        OpenSSL::Digest::SHA1.hexdigest(data_string.to_der).scan(/../).join(":")
+        OpenSSL::Digest.hexdigest("SHA1", data_string.to_der).scan(/../).join(":")
       end
       def list(keys, actor, load_method_symbol, inflate)

data/lib/chef/knife.rb CHANGED

@@ -279,12 +279,10 @@ class Chef
         if CHEF_ORGANIZATION_MANAGEMENT.include?(args[0])
           list_commands("CHEF ORGANIZATION MANAGEMENT")
-        elsif OPSCODE_HOSTED_CHEF_ACCESS_CONTROL.include?(args[0])
-          list_commands("OPSCODE HOSTED CHEF ACCESS CONTROL")
         elsif category_commands = guess_category(args)
           list_commands(category_commands)
         elsif OFFICIAL_PLUGINS.include?(args[0]) # command was an uninstalled official chef knife plugin
-          ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into ChefDK / Chef Workstation")
+          ui.info("Use `#{Chef::Dist::EXEC} gem install knife-#{args[0]}` to install the plugin into Chef Workstation")
         else
           list_commands
         end
@@ -329,7 +327,7 @@ class Chef
       end
       # Grab a copy before config merge occurs, so that we can later identify
-      # whare a given config value is sourced from.
+      # where a given config value is sourced from.
       @original_config = config.dup
       # copy Mixlib::CLI over so that it can be configured in config.rb/knife.rb

data/lib/chef/knife/acl_add.rb ADDED

@@ -0,0 +1,57 @@
+#
+# Author:: Steven Danna (steve@chef.io)
+# Author:: Jeremiah Snapp (jeremiah@chef.io)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../knife"
+class Chef
+  class Knife
+    class AclAdd < Chef::Knife
+      category "acl"
+      banner "knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
+      deps do
+        require_relative "acl_base"
+        include Chef::Knife::AclBase
+      end
+      def run
+        member_type, member_name, object_type, object_name, perms = name_args
+        if name_args.length != 5
+          show_usage
+          ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms"
+          exit 1
+        end
+        unless %w{client group}.include?(member_type)
+          ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
+          ui.fatal "       See the knife-acl README for more information."
+          exit 1
+        end
+        validate_perm_type!(perms)
+        validate_member_name!(member_name)
+        validate_object_name!(object_name)
+        validate_object_type!(object_type)
+        validate_member_exists!(member_type, member_name)
+        add_to_acl!(member_type, member_name, object_type, object_name, perms)
+      end
+    end
+  end
+end

data/lib/chef/knife/acl_base.rb ADDED

@@ -0,0 +1,183 @@
+#
+# Author:: Steven Danna (steve@chef.io)
+# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../knife"
+class Chef
+  class Knife
+    module AclBase
+      PERM_TYPES = %w{create read update delete grant}.freeze unless defined? PERM_TYPES
+      MEMBER_TYPES = %w{client group user}.freeze unless defined? MEMBER_TYPES
+      OBJECT_TYPES = %w{clients containers cookbooks data environments groups nodes roles policies policy_groups}.freeze unless defined? OBJECT_TYPES
+      OBJECT_NAME_SPEC = /^[\-[:alnum:]_\.]+$/.freeze unless defined? OBJECT_NAME_SPEC
+      def validate_object_type!(type)
+        unless OBJECT_TYPES.include?(type)
+          ui.fatal "Unknown object type \"#{type}\".  The following types are permitted: #{OBJECT_TYPES.join(", ")}"
+          exit 1
+        end
+      end
+      def validate_object_name!(name)
+        unless OBJECT_NAME_SPEC.match(name)
+          ui.fatal "Invalid name: #{name}"
+          exit 1
+        end
+      end
+      def validate_member_type!(type)
+        unless MEMBER_TYPES.include?(type)
+          ui.fatal "Unknown member type \"#{type}\". The following types are permitted: #{MEMBER_TYPES.join(", ")}"
+          exit 1
+        end
+      end
+      def validate_member_name!(name)
+        # Same rules apply to objects and members
+        validate_object_name!(name)
+      end
+      def validate_perm_type!(perms)
+        perms.split(",").each do |perm|
+          unless PERM_TYPES.include?(perm)
+            ui.fatal "Invalid permission \"#{perm}\". The following permissions are permitted: #{PERM_TYPES.join(",")}"
+            exit 1
+          end
+        end
+      end
+      def validate_member_exists!(member_type, member_name)
+        true if rest.get_rest("#{member_type}s/#{member_name}")
+      rescue NameError
+        # ignore "NameError: uninitialized constant Chef::ApiClient" when finding a client
+        true
+      rescue
+        ui.fatal "#{member_type} '#{member_name}' does not exist"
+        exit 1
+      end
+      def is_usag?(gname)
+        gname.length == 32 && gname =~ /^[0-9a-f]+$/
+      end
+      def get_acl(object_type, object_name)
+        rest.get_rest("#{object_type}/#{object_name}/_acl?detail=granular")
+      end
+      def get_ace(object_type, object_name, perm)
+        get_acl(object_type, object_name)[perm]
+      end
+      def add_to_acl!(member_type, member_name, object_type, object_name, perms)
+        acl = get_acl(object_type, object_name)
+        perms.split(",").each do |perm|
+          ui.msg "Adding '#{member_name}' to '#{perm}' ACE of '#{object_name}'"
+          ace = acl[perm]
+          case member_type
+          when "client", "user"
+            # Our PUT body depends on the type of reply we get from _acl?detail=granular
+            # When the server replies with json attributes  'users' and 'clients',
+            # we'll want to modify entries under the same keys they arrived.- their presence
+            # in the body tells us that CS will accept them in a PUT.
+            # Older version of chef-server will continue to use 'actors' for a combined list
+            # and expect the same in the body.
+            key = "#{member_type}s"
+            key = "actors" unless ace.key? key
+            next if ace[key].include?(member_name)
+            ace[key] << member_name
+          when "group"
+            next if ace["groups"].include?(member_name)
+            ace["groups"] << member_name
+          end
+          update_ace!(object_type, object_name, perm, ace)
+        end
+      end
+      def remove_from_acl!(member_type, member_name, object_type, object_name, perms)
+        acl = get_acl(object_type, object_name)
+        perms.split(",").each do |perm|
+          ui.msg "Removing '#{member_name}' from '#{perm}' ACE of '#{object_name}'"
+          ace = acl[perm]
+          case member_type
+          when "client", "user"
+            key = "#{member_type}s"
+            key = "actors" unless ace.key? key
+            next unless ace[key].include?(member_name)
+            ace[key].delete(member_name)
+          when "group"
+            next unless ace["groups"].include?(member_name)
+            ace["groups"].delete(member_name)
+          end
+          update_ace!(object_type, object_name, perm, ace)
+        end
+      end
+      def update_ace!(object_type, object_name, ace_type, ace)
+        rest.put_rest("#{object_type}/#{object_name}/_acl/#{ace_type}", ace_type => ace)
+      end
+      def add_to_group!(member_type, member_name, group_name)
+        validate_member_exists!(member_type, member_name)
+        existing_group = rest.get_rest("groups/#{group_name}")
+        ui.msg "Adding '#{member_name}' to '#{group_name}' group"
+        unless existing_group["#{member_type}s"].include?(member_name)
+          existing_group["#{member_type}s"] << member_name
+          new_group = {
+            "groupname" => existing_group["groupname"],
+            "orgname" => existing_group["orgname"],
+            "actors" => {
+              "users" => existing_group["users"],
+              "clients" => existing_group["clients"],
+              "groups" => existing_group["groups"],
+            },
+          }
+          rest.put_rest("groups/#{group_name}", new_group)
+        end
+      end
+      def remove_from_group!(member_type, member_name, group_name)
+        validate_member_exists!(member_type, member_name)
+        existing_group = rest.get_rest("groups/#{group_name}")
+        ui.msg "Removing '#{member_name}' from '#{group_name}' group"
+        if existing_group["#{member_type}s"].include?(member_name)
+          existing_group["#{member_type}s"].delete(member_name)
+          new_group = {
+            "groupname" => existing_group["groupname"],
+            "orgname" => existing_group["orgname"],
+            "actors" => {
+              "users" => existing_group["users"],
+              "clients" => existing_group["clients"],
+              "groups" => existing_group["groups"],
+            },
+          }
+          rest.put_rest("groups/#{group_name}", new_group)
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/acl_bulk_add.rb ADDED

@@ -0,0 +1,78 @@
+#
+# Author:: Jeremiah Snapp (jeremiah@chef.io)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../knife"
+class Chef
+  class Knife
+    class AclBulkAdd < Chef::Knife
+      category "acl"
+      banner "knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
+      deps do
+        require_relative "acl_base"
+        include Chef::Knife::AclBase
+      end
+      def run
+        member_type, member_name, object_type, regex, perms = name_args
+        object_name_matcher = /#{regex}/
+        if name_args.length != 5
+          show_usage
+          ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms"
+          exit 1
+        end
+        unless %w{client group}.include?(member_type)
+          ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
+          ui.fatal "       See the knife-acl README for more information."
+          exit 1
+        end
+        validate_perm_type!(perms)
+        validate_member_name!(member_name)
+        validate_object_type!(object_type)
+        validate_member_exists!(member_type, member_name)
+        if %w{containers groups}.include?(object_type)
+          ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
+          exit 1
+        end
+        objects_to_modify = []
+        all_objects = rest.get_rest(object_type)
+        objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
+        if objects_to_modify.empty?
+          ui.info "No #{object_type} match the expression /#{regex}/"
+          exit 0
+        end
+        ui.msg("The ACL of the following #{object_type} will be modified:")
+        ui.msg("")
+        ui.msg(ui.list(objects_to_modify.sort, :columns_down))
+        ui.msg("")
+        ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
+        objects_to_modify.each do |object_name|
+          add_to_acl!(member_type, member_name, object_type, object_name, perms)
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/acl_bulk_remove.rb ADDED

@@ -0,0 +1,83 @@
+#
+# Author:: Jeremiah Snapp (jeremiah@chef.io)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../knife"
+class Chef
+  class Knife
+    class AclBulkRemove < Chef::Knife
+      category "acl"
+      banner "knife acl bulk remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS"
+      deps do
+        require_relative "acl_base"
+        include Chef::Knife::AclBase
+      end
+      def run
+        member_type, member_name, object_type, regex, perms = name_args
+        object_name_matcher = /#{regex}/
+        if name_args.length != 5
+          show_usage
+          ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
+          exit 1
+        end
+        if member_name == "pivotal" && %w{client user}.include?(member_type)
+          ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
+          exit 1
+        end
+        if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
+          ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
+          ui.fatal "       Removal could prevent future attempts to modify permissions."
+          exit 1
+        end
+        validate_perm_type!(perms)
+        validate_member_type!(member_type)
+        validate_member_name!(member_name)
+        validate_object_type!(object_type)
+        validate_member_exists!(member_type, member_name)
+        if %w{containers groups}.include?(object_type)
+          ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
+          exit 1
+        end
+        objects_to_modify = []
+        all_objects = rest.get_rest(object_type)
+        objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }
+        if objects_to_modify.empty?
+          ui.info "No #{object_type} match the expression /#{regex}/"
+          exit 0
+        end
+        ui.msg("The ACL of the following #{object_type} will be modified:")
+        ui.msg("")
+        ui.msg(ui.list(objects_to_modify.sort, :columns_down))
+        ui.msg("")
+        ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")
+        objects_to_modify.each do |object_name|
+          remove_from_acl!(member_type, member_name, object_type, object_name, perms)
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/acl_remove.rb ADDED

@@ -0,0 +1,62 @@
+#
+# Author:: Steven Danna (steve@chef.io)
+# Author:: Jeremiah Snapp (jeremiah@chef.io)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../knife"
+class Chef
+  class Knife
+    class AclRemove < Chef::Knife
+      category "acl"
+      banner "knife acl remove MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS"
+      deps do
+        require_relative "acl_base"
+        include Chef::Knife::AclBase
+      end
+      def run
+        member_type, member_name, object_type, object_name, perms = name_args
+        if name_args.length != 5
+          show_usage
+          ui.fatal "You must specify the member type [client|group|user], member name, object type, object name and perms"
+          exit 1
+        end
+        if member_name == "pivotal" && %w{client user}.include?(member_type)
+          ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
+          exit 1
+        end
+        if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
+          ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
+          ui.fatal "       Removal could prevent future attempts to modify permissions."
+          exit 1
+        end
+        validate_perm_type!(perms)
+        validate_member_type!(member_type)
+        validate_member_name!(member_name)
+        validate_object_name!(object_name)
+        validate_object_type!(object_type)
+        validate_member_exists!(member_type, member_name)
+        remove_from_acl!(member_type, member_name, object_type, object_name, perms)
+      end
+    end
+  end
+end