chef 15.17.4-universal-mingw32 → 16.0.257-universal-mingw32

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -0,0 +1,198 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require_relative "../dist"
+
+class Chef
+  class Resource
+    class ChefClientScheduledTask < Chef::Resource
+      unified_mode true
+
+      provides :chef_client_scheduled_task
+
+      description "Use the chef_client_cron resource to setup the #{Chef::Dist::PRODUCT} to run as a Windows scheduled task. This resource will also create the specified log directory if it doesn't already exist."
+      introduced "16.0"
+      examples <<~DOC
+      Setup #{Chef::Dist::PRODUCT} to run using the default 30 minute cadence
+      ```ruby
+        chef_client_scheduled_task "Run chef-client as a scheduled task"
+      ```
+
+      Run #{Chef::Dist::PRODUCT} on system start
+      ```ruby
+        chef_client_scheduled_task 'Chef Client on start' do
+          frequency 'onstart'
+        end
+      ```
+
+      Run #{Chef::Dist::PRODUCT} with extra options passed to the client
+      ```ruby
+        chef_client_scheduled_task "Run an override recipe" do
+          daemon_options ["--override-runlist mycorp_base::default"]
+        end
+      ```
+      DOC
+
+      resource_name :chef_client_scheduled_task
+
+      property :task_name, String,
+        description: "The name of the scheduled task to create.",
+        default: Chef::Dist::CLIENT
+
+      property :user, String,
+        description: "The name of the user that #{Chef::Dist::PRODUCT} runs as.",
+        default: "System", sensitive: true
+
+      property :password, String, sensitive: true,
+        description: "The password for the user that #{Chef::Dist::PRODUCT} runs as."
+
+      property :frequency, String,
+        description: "Frequency with which to run the task.",
+        default: "minute",
+        equal_to: %w{minute hourly daily monthly once on_logon onstart on_idle}
+
+      property :frequency_modifier, [Integer, String],
+        coerce: proc { |x| Integer(x) },
+        callbacks: { "should be a positive number" => proc { |v| v > 0 } },
+        description: "Numeric value to go with the scheduled task frequency",
+        default: 30
+
+      property :accept_chef_license, [true, false],
+        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
+        default: false
+
+      property :start_date, String,
+        description: "The start date for the task in m:d:Y format (ex: 12/17/2020).",
+        regex: [%r{^[0-1][0-9]\/[0-3][0-9]\/\d{4}$}]
+
+      property :start_time, String,
+        description: "The start time for the task in HH:mm format (ex: 14:00). If the frequency is minute default start time will be Time.now plus the frequency_modifier number of minutes.",
+        regex: [/^\d{2}:\d{2}$/]
+
+      property :splay, [Integer, String],
+        coerce: proc { |x| Integer(x) },
+        callbacks: { "should be a positive number" => proc { |v| v > 0 } },
+        description: "A random number of seconds between 0 and X to add to interval so that all #{Chef::Dist::CLIENT} commands don't execute at the same time.",
+        default: 300
+
+      property :run_on_battery, [true, false],
+        description: "Run the #{Chef::Dist::PRODUCT} task when the system is on batteries.",
+        default: true
+
+      property :config_directory, String,
+        description: "The path of the config directory.",
+        default: Chef::Dist::CONF_DIR
+
+      property :log_directory, String,
+        description: "The path of the directory to create the log file in.",
+        default: lazy { |r| "#{r.config_directory}/log" },
+        default_description: "CONFIG_DIRECTORY/log"
+
+      property :log_file_name, String,
+        description: "The name of the log file to use.",
+        default: "client.log"
+
+      property :chef_binary_path, String,
+        description: "The path to the #{Chef::Dist::CLIENT} binary.",
+        default: "C:/#{Chef::Dist::LEGACY_CONF_DIR}/#{Chef::Dist::DIR_SUFFIX}/bin/#{Chef::Dist::CLIENT}"
+
+      property :daemon_options, Array,
+        description: "An array of options to pass to the #{Chef::Dist::CLIENT} command.",
+        default: lazy { [] }
+
+      action :add do
+        # TODO: Replace this with a :create_if_missing action on directory when that exists
+        unless Dir.exist?(new_resource.log_directory)
+          directory new_resource.log_directory do
+            inherits true
+            recursive true
+            action :create
+          end
+        end
+
+        # According to https://docs.microsoft.com/en-us/windows/desktop/taskschd/schtasks,
+        # the :once, :onstart, :onlogon, and :onidle schedules don't accept schedule modifiers
+        windows_task new_resource.task_name do
+          run_level                      :highest
+          command                        full_command
+          user                           new_resource.user
+          password                       new_resource.password
+          frequency                      new_resource.frequency.to_sym
+          frequency_modifier             new_resource.frequency_modifier if frequency_supports_frequency_modifier?
+          start_time                     new_resource.start_time
+          start_day                      new_resource.start_date unless new_resource.start_date.nil?
+          random_delay                   new_resource.splay if frequency_supports_random_delay?
+          disallow_start_if_on_batteries new_resource.splay unless new_resource.run_on_battery
+          action                         %i{create enable}
+        end
+      end
+
+      action :remove do
+        windows_task new_resource.task_name do
+          action :delete
+        end
+      end
+
+      action_class do
+        #
+        # The full command to run in the scheduled task
+        #
+        # @return [String]
+        #
+        def full_command
+          # Fetch path of cmd.exe through environment variable comspec
+          cmd_path = ENV["COMSPEC"]
+
+          "#{cmd_path} /c \'#{client_cmd}\'"
+        end
+
+        # Build command line to pass to cmd.exe
+        #
+        # @return [String]
+        def client_cmd
+          cmd = new_resource.chef_binary_path.dup
+          cmd << " -L #{::File.join(new_resource.log_directory, new_resource.log_file_name)}"
+          cmd << " -c #{::File.join(new_resource.config_directory, "client.rb")}"
+
+          # Add custom options
+          cmd << " #{new_resource.daemon_options.join(" ")}" if new_resource.daemon_options.any?
+          cmd << " --chef-license accept" if new_resource.accept_chef_license
+          cmd
+        end
+
+        #
+        # not all frequencies in the windows_task resource support random_delay
+        #
+        # @return [boolean]
+        #
+        def frequency_supports_random_delay?
+          %w{once minute hourly daily weekly monthly}.include?(new_resource.frequency)
+        end
+
+        #
+        # not all frequencies in the windows_task resource support frequency_modifier
+        #
+        # @return [boolean]
+        #
+        def frequency_supports_frequency_modifier?
+          # these are the only ones that don't
+          !%w{once on_logon onstart on_idle}.include?(new_resource.frequency)
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/chef_client_systemd_timer.rb

@@ -0,0 +1,177 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require_relative "../dist"
+
+class Chef
+  class Resource
+    class ChefClientSystemdTimer < Chef::Resource
+      unified_mode true
+
+      provides :chef_client_systemd_timer
+
+      description "Use the chef_client_systemd_timer resource to setup the #{Chef::Dist::PRODUCT} to run as a systemd timer."
+      introduced "16.0"
+      examples <<~DOC
+      Setup #{Chef::Dist::PRODUCT} to run using the default 30 minute cadence
+      ```ruby
+      chef_client_systemd_timer "Run chef-client as a systemd timer"
+      ```
+
+      Run #{Chef::Dist::PRODUCT} every 1 hour
+      ```ruby
+      chef_client_systemd_timer "Run chef-client every 1 hour" do
+        interval "1hr"
+      end
+      ```
+
+      Run #{Chef::Dist::PRODUCT} with extra options passed to the client
+      ```ruby
+      chef_client_systemd_timer "Run an override recipe" do
+        daemon_options ["--override-runlist mycorp_base::default"]
+      end
+      ```
+      DOC
+
+      property :job_name, String,
+        description: "The name of the system timer to create.",
+        default: Chef::Dist::CLIENT
+
+      property :description, String,
+        description: "The description to add to the systemd timer. This will be displayed when running `systemctl status` for the timer.",
+        default: "#{Chef::Dist::PRODUCT} periodic execution"
+
+      property :user, String,
+        description: "The name of the user that #{Chef::Dist::PRODUCT} runs as.",
+        default: "root"
+
+      property :delay_after_boot, String,
+        description: "The time to wait after booting before the interval starts. This is expressed as a systemd time span such as `300seconds`, `1hr`, or `1m`. See <https://www.freedesktop.org/software/systemd/man/systemd.time.html> for a complete list of allowed time span values.",
+        default: "1min"
+
+      property :interval, String,
+        description: "The interval to wait between executions. This is expressed as a systemd time span such as `300seconds`, `1hr`, or `1m`. See <https://www.freedesktop.org/software/systemd/man/systemd.time.html> for a complete list of allowed time span values.",
+        default: "30min"
+
+      property :splay, String,
+        description: "A interval between 0 and X to add to the interval so that all #{Chef::Dist::CLIENT} commands don't execute at the same time. This is expressed as a systemd time span such as `300seconds`, `1hr`, or `1m`. See <https://www.freedesktop.org/software/systemd/man/systemd.time.html> for a complete list of allowed time span values.",
+        default: "5min"
+
+      property :accept_chef_license, [true, false],
+        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
+        default: false
+
+      property :run_on_battery, [true, false],
+        description: "Run the timer for #{Chef::Dist::PRODUCT} if the system is on battery.",
+        default: true
+
+      property :config_directory, String,
+        description: "The path of the config directory.",
+        default: Chef::Dist::CONF_DIR
+
+      property :chef_binary_path, String,
+        description: "The path to the #{Chef::Dist::CLIENT} binary.",
+        default: "/opt/#{Chef::Dist::DIR_SUFFIX}/bin/#{Chef::Dist::CLIENT}"
+
+      property :daemon_options, Array,
+        description: "An array of options to pass to the #{Chef::Dist::CLIENT} command.",
+        default: lazy { [] }
+
+      property :environment, Hash,
+        description: "A Hash containing additional arbitrary environment variables under which the systemd timer will be run in the form of ``({'ENV_VARIABLE' => 'VALUE'})``.",
+        default: lazy { {} }
+
+      action :add do
+        systemd_unit "#{new_resource.job_name}.service" do
+          content service_content
+          action :create
+        end
+
+        systemd_unit "#{new_resource.job_name}.timer" do
+          content timer_content
+          action %i{create enable start}
+        end
+      end
+
+      action :remove do
+        systemd_unit "#{new_resource.job_name}.service" do
+          action :remove
+        end
+
+        systemd_unit "#{new_resource.job_name}.timer" do
+          action :remove
+        end
+      end
+
+      action_class do
+        #
+        # The chef-client command to run in the systemd unit.
+        #
+        # @return [String]
+        #
+        def chef_client_cmd
+          cmd = "#{new_resource.chef_binary_path}"
+          cmd << " #{new_resource.daemon_options.join(" ")}" unless new_resource.daemon_options.empty?
+          cmd << " --chef-license accept" if new_resource.accept_chef_license
+          cmd << " -c #{::File.join(new_resource.config_directory, "client.rb")}"
+          cmd
+        end
+
+        #
+        # The timer content to pass to the systemd_unit
+        #
+        # @return [Hash]
+        #
+        def timer_content
+          {
+          "Unit" => { "Description" => new_resource.description },
+          "Timer" => {
+            "OnBootSec" => new_resource.delay_after_boot,
+            "OnUnitActiveSec" => new_resource.interval,
+            "RandomizedDelaySec" => new_resource.splay,
+            },
+          "Install" => { "WantedBy" => "timers.target" },
+          }
+        end
+
+        #
+        # The service content to pass to the systemd_unit
+        #
+        # @return [Hash]
+        #
+        def service_content
+          unit = {
+            "Unit" => {
+              "Description" => new_resource.description,
+              "After" => "network.target auditd.service",
+            },
+            "Service" => {
+              "Type" => "oneshot",
+              "ExecStart" => chef_client_cmd,
+              "SuccessExitStatus" => [3, 213, 35, 37, 41],
+            },
+            "Install" => { "WantedBy" => "multi-user.target" },
+          }
+
+          unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
+          unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?
+          unit
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/chef_gem.rb

@@ -35,28 +35,21 @@ class Chef
     #  - Runs Gem.clear_paths after the action, ensuring that gem is aware of changes so that it can be required
     #    immediately after it is installed
     class ChefGem < Chef::Resource::Package::GemPackage
-      resource_name :chef_gem
+      unified_mode true
+      provides :chef_gem
+
+      property :package_name, String,
+        description: "An optional property to set the package name if it differs from the resource block's name.",
+        identity: true
+
+      property :version, String,
+        description: "The version of a package to be installed or upgraded."
 
       property :gem_binary, default: "#{RbConfig::CONFIG["bindir"]}/gem", default_description: "Chef's built-in gem binary.",
                             description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by the #{Chef::Dist::CLIENT} will be installed.",
                             callbacks: {
                  "The chef_gem resource is restricted to the current gem environment, use gem_package to install to other environments." => proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
                }
-      property :compile_time, [TrueClass, FalseClass],
-        description: "Controls the phase during which a gem is installed on a node. Set to 'true' to install a gem while the resource collection is being built (the 'compile phase'). Set to 'false' to install a gem while the #{Chef::Dist::CLIENT} is configuring the node (the 'converge phase').",
-        default: false, desired_state: false
-
-      # force the resource to compile time if the compile time property has been set
-      #
-      # @return [void]
-      def after_created
-        if compile_time
-          Array(action).each do |action|
-            run_action(action)
-          end
-          Gem.clear_paths
-        end
-      end
     end
   end
 end

data/lib/chef/resource/chef_handler.rb

@@ -21,7 +21,8 @@ require_relative "../dist"
 class Chef
   class Resource
     class ChefHandler < Chef::Resource
-      resource_name :chef_handler
+      unified_mode true
+
       provides(:chef_handler) { true }
 
       description "Use the chef_handler resource to install or uninstall reporting/exception handlers."

data/lib/chef/resource/chef_sleep.rb

@@ -20,7 +20,6 @@ require_relative "../dist"
 class Chef
   class Resource
     class ChefSleep < Chef::Resource
-      resource_name :chef_sleep
       provides :chef_sleep
 
       unified_mode true

data/lib/chef/resource/chef_vault_secret.rb

@@ -0,0 +1,135 @@
+#
+# Author:: Joshua Timberman <joshua@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require "chef-vault"
+
+class Chef
+  class Resource
+    class ChefVaultSecret < Chef::Resource
+      unified_mode true
+
+      provides :chef_vault_secret
+
+      introduced "16.0"
+      description "Use the chef_vault_secret resource to store secrets in Chef Vault items. Where possible and relevant, this resource attempts to map behavior and functionality to the knife vault sub-commands."
+      examples <<~DOC
+        To create a 'foo' item in an existing 'bar' data bag:
+
+        ```ruby
+        chef_vault_secret 'foo' do
+          data_bag 'bar'
+          raw_data({'auth' => 'baz'})
+          admins 'jtimberman'
+          search '*:*'
+        end
+        ```
+
+        To allow multiple admins access to an item:
+
+        ```ruby
+        chef_vault_secret 'root-password' do
+          admins 'jtimberman,paulmooring'
+          data_bag 'secrets'
+          raw_data({'auth' => 'DontUseThisPasswordForRoot'})
+          search '*:*'
+        end
+        ```
+      DOC
+
+      property :id, String, name_property: true,
+        description: "The name of the data bag item if it differs from the name of the resource block"
+
+      property :data_bag, String, required: true, desired_state: false,
+        description: "The data bag that contains the item."
+
+      property :admins, [String, Array], required: true, desired_state: false,
+        description: "A list of admin users who should have access to the item. Corresponds to the 'admin' option when using the chef-vault knife plugin. Can be specified as a comma separated string or an array."
+
+      property :clients, [String, Array], desired_state: false,
+        description: "A search query for the nodes' API clients that should have access to the item."
+
+      property :search, String, default: "*:*", desired_state: false,
+        description: "Search query that would match the same used for the clients, gets stored as a field in the item."
+
+      property :raw_data, [Hash, Mash], default: {},
+        description: "The raw data, as a Ruby Hash, that will be stored in the item."
+
+      property :environment, [String, NilClass], desired_state: false,
+        description: "The Chef environment of the data if storing per environment values."
+
+      load_current_value do
+        begin
+          item = ChefVault::Item.load(data_bag, id)
+          raw_data item.raw_data
+          clients item.get_clients
+          admins item.get_admins
+          search item.search
+        rescue ChefVault::Exceptions::SecretDecryption
+          current_value_does_not_exist!
+        rescue ChefVault::Exceptions::KeysNotFound
+          current_value_does_not_exist!
+        rescue Net::HTTPClientException => e
+          current_value_does_not_exist! if e.response_code == "404"
+        end
+      end
+
+      action :create do
+        description "Creates the item, or updates it if it already exists."
+
+        converge_if_changed do
+          item = ChefVault::Item.new(new_resource.data_bag, new_resource.id)
+
+          Chef::Log.debug("#{new_resource.id} environment: '#{new_resource.environment}'")
+          item.raw_data = if new_resource.environment.nil?
+                            new_resource.raw_data.merge("id" => new_resource.id)
+                          else
+                            { "id" => new_resource.id, new_resource.environment => new_resource.raw_data }
+                          end
+
+          Chef::Log.debug("#{new_resource.id} search query: '#{new_resource.search}'")
+          item.search(new_resource.search)
+          Chef::Log.debug("#{new_resource.id} clients: '#{new_resource.clients}'")
+          item.clients([new_resource.clients].flatten.join(",")) unless new_resource.clients.nil?
+          Chef::Log.debug("#{new_resource.id} admins (users): '#{new_resource.admins}'")
+          item.admins([new_resource.admins].flatten.join(","))
+          item.save
+        end
+      end
+
+      action :create_if_missing do
+        description "Calls the create action unless it exists."
+
+        action_create if current_resource.nil?
+      end
+
+      action :delete do
+        description "Deletes the item and the item's keys ('id'_keys)."
+
+        chef_data_bag_item new_resource.id do
+          data_bag new_resource.data_bag
+          action :delete
+        end
+
+        chef_data_bag_item [new_resource.id, "keys"].join("_") do
+          data_bag new_resource.data_bag
+          action :delete
+        end
+      end
+    end
+  end
+end