chef 15.17.4-universal-mingw32 → 16.0.257-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +14 -20
- data/README.md +6 -6
- data/Rakefile +18 -23
- data/chef-universal-mingw32.gemspec +4 -4
- data/chef.gemspec +10 -26
- data/distro/powershell/chef/chef.psm1 +3 -3
- data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
- data/lib/chef/action_collection.rb +16 -5
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +33 -54
- data/lib/chef/application/apply.rb +20 -3
- data/lib/chef/application/base.rb +8 -3
- data/lib/chef/application/exit_code.rb +2 -2
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/chef_class.rb +4 -4
- data/lib/chef/chef_fs/chef_fs_data_store.rb +3 -3
- data/lib/chef/chef_fs/file_system/chef_server/policies_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/rest_list_entry.rb +6 -2
- data/lib/chef/chef_fs/file_system/multiplexed_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +0 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +5 -5
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +3 -3
- data/lib/chef/client.rb +16 -14
- data/lib/chef/config.rb +1 -1
- data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +45 -22
- data/lib/chef/cookbook_version.rb +40 -5
- data/lib/chef/data_bag.rb +2 -2
- data/lib/chef/data_collector/error_handlers.rb +1 -1
- data/lib/chef/data_collector/run_end_message.rb +7 -1
- data/lib/chef/deprecated.rb +1 -9
- data/lib/chef/dist.rb +8 -0
- data/lib/chef/dsl/chef_vault.rb +84 -0
- data/lib/chef/dsl/declare_resource.rb +7 -5
- data/lib/chef/dsl/platform_introspection.rb +2 -3
- data/lib/chef/dsl/recipe.rb +7 -12
- data/lib/chef/dsl/universal.rb +3 -7
- data/lib/chef/environment.rb +2 -2
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +0 -3
- data/lib/chef/formatters/doc.rb +1 -1
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +7 -7
- data/lib/chef/formatters/indentable_output_stream.rb +7 -16
- data/lib/chef/http.rb +1 -2
- data/lib/chef/http/http_request.rb +3 -2
- data/lib/chef/knife.rb +1 -3
- data/lib/chef/knife/acl_add.rb +57 -0
- data/lib/chef/knife/acl_base.rb +183 -0
- data/lib/chef/knife/acl_bulk_add.rb +78 -0
- data/lib/chef/knife/acl_bulk_remove.rb +83 -0
- data/lib/chef/knife/acl_remove.rb +62 -0
- data/lib/chef/knife/acl_show.rb +56 -0
- data/lib/chef/knife/bootstrap.rb +93 -97
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +20 -20
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +13 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +0 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/core/bootstrap_context.rb +63 -60
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +4 -3
- data/lib/chef/knife/core/hashed_command_loader.rb +2 -3
- data/lib/chef/knife/core/node_presenter.rb +2 -2
- data/lib/chef/knife/core/status_presenter.rb +5 -5
- data/lib/chef/knife/core/subcommand_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +17 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +45 -58
- data/lib/chef/knife/data_bag_secret_options.rb +18 -45
- data/lib/chef/knife/environment_compare.rb +1 -1
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/group_add.rb +55 -0
- data/lib/chef/knife/{cookbook_site_download.rb → group_create.rb} +21 -12
- data/lib/chef/knife/group_destroy.rb +53 -0
- data/lib/chef/knife/{cookbook_site_list.rb → group_list.rb} +14 -11
- data/lib/chef/knife/group_remove.rb +56 -0
- data/lib/chef/knife/{cookbook_site_install.rb → group_show.rb} +21 -12
- data/lib/chef/knife/list.rb +1 -1
- data/lib/chef/knife/ssh.rb +12 -50
- data/lib/chef/knife/status.rb +3 -3
- data/lib/chef/knife/supermarket_download.rb +1 -2
- data/lib/chef/knife/supermarket_install.rb +1 -2
- data/lib/chef/knife/supermarket_list.rb +1 -2
- data/lib/chef/knife/supermarket_search.rb +1 -2
- data/lib/chef/knife/supermarket_share.rb +1 -2
- data/lib/chef/knife/supermarket_show.rb +1 -2
- data/lib/chef/knife/supermarket_unshare.rb +1 -2
- data/lib/chef/knife/{cookbook_site_show.rb → user_dissociate.rb} +15 -13
- data/lib/chef/knife/{cookbook_site_search.rb → user_invite_add.rb} +16 -13
- data/lib/chef/knife/user_invite_list.rb +34 -0
- data/lib/chef/knife/user_invite_recind.rb +63 -0
- data/lib/chef/knife/yaml_convert.rb +91 -0
- data/lib/chef/log.rb +1 -1
- data/lib/chef/mixin/create_path.rb +8 -8
- data/lib/chef/mixin/openssl_helper.rb +3 -26
- data/lib/chef/mixin/powershell_exec.rb +10 -1
- data/lib/chef/mixin/powershell_out.rb +1 -1
- data/lib/chef/mixin/properties.rb +13 -1
- data/lib/chef/mixin/shell_out.rb +0 -4
- data/lib/chef/mixin/template.rb +0 -1
- data/lib/chef/monkey_patches/net_http.rb +0 -4
- data/lib/chef/node.rb +18 -6
- data/lib/chef/node/mixin/deep_merge_cache.rb +7 -7
- data/lib/chef/node/mixin/immutablize_array.rb +4 -0
- data/lib/chef/node/mixin/immutablize_hash.rb +3 -0
- data/lib/chef/node_map.rb +7 -36
- data/lib/chef/platform/priority_map.rb +4 -4
- data/lib/chef/platform/query_helpers.rb +6 -34
- data/lib/chef/powershell.rb +14 -0
- data/lib/chef/property.rb +22 -4
- data/lib/chef/provider.rb +40 -6
- data/lib/chef/provider/cron.rb +2 -2
- data/lib/chef/provider/directory.rb +2 -2
- data/lib/chef/provider/dsc_resource.rb +1 -1
- data/lib/chef/provider/dsc_script.rb +1 -1
- data/lib/chef/provider/execute.rb +2 -8
- data/lib/chef/provider/file.rb +5 -5
- data/lib/chef/provider/git.rb +84 -27
- data/lib/chef/provider/group.rb +4 -4
- data/lib/chef/provider/http_request.rb +6 -6
- data/lib/chef/provider/ifconfig.rb +4 -4
- data/lib/chef/provider/launchd.rb +36 -51
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/mount/solaris.rb +1 -0
- data/lib/chef/provider/osx_profile.rb +7 -3
- data/lib/chef/provider/package.rb +2 -2
- data/lib/chef/provider/package/cab.rb +3 -4
- data/lib/chef/provider/package/chocolatey.rb +1 -3
- data/lib/chef/provider/package/dnf.rb +66 -10
- data/lib/chef/provider/package/dnf/dnf_helper.py +84 -30
- data/lib/chef/provider/package/dnf/python_helper.rb +79 -36
- data/lib/chef/provider/package/dnf/version.rb +5 -1
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -3
- data/lib/chef/provider/package/homebrew.rb +106 -42
- data/lib/chef/provider/package/msu.rb +3 -1
- data/lib/chef/provider/package/pacman.rb +25 -34
- data/lib/chef/provider/package/powershell.rb +2 -6
- data/lib/chef/provider/package/rubygems.rb +29 -2
- data/lib/chef/provider/package/snap.rb +27 -96
- data/lib/chef/provider/package/windows.rb +3 -2
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/yum.rb +0 -8
- data/lib/chef/provider/package/yum/yum_helper.py +0 -4
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +4 -10
- data/lib/chef/provider/registry_key.rb +4 -4
- data/lib/chef/provider/remote_directory.rb +3 -3
- data/lib/chef/provider/remote_file/ftp.rb +3 -2
- data/lib/chef/provider/remote_file/local_file.rb +2 -1
- data/lib/chef/provider/remote_file/sftp.rb +3 -2
- data/lib/chef/provider/route.rb +5 -3
- data/lib/chef/provider/ruby_block.rb +1 -1
- data/lib/chef/provider/script.rb +2 -2
- data/lib/chef/provider/service.rb +8 -8
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/arch.rb +2 -2
- data/lib/chef/provider/service/debian.rb +31 -29
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +7 -12
- data/lib/chef/provider/service/openbsd.rb +1 -1
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/simple.rb +3 -3
- data/lib/chef/provider/service/systemd.rb +12 -12
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +5 -11
- data/lib/chef/provider/subversion.rb +25 -5
- data/lib/chef/provider/systemd_unit.rb +26 -25
- data/lib/chef/provider/user.rb +6 -6
- data/lib/chef/provider/user/dscl.rb +3 -3
- data/lib/chef/provider/user/mac.rb +10 -9
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
- data/lib/chef/provider/windows_env.rb +3 -3
- data/lib/chef/provider/windows_script.rb +2 -2
- data/lib/chef/provider/windows_task.rb +7 -9
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +11 -31
- data/lib/chef/providers.rb +0 -6
- data/lib/chef/recipe.rb +36 -0
- data/lib/chef/resource.rb +41 -56
- data/lib/chef/resource/action_class.rb +24 -22
- data/lib/chef/resource/alternatives.rb +149 -0
- data/lib/chef/resource/apt_package.rb +2 -1
- data/lib/chef/resource/apt_preference.rb +69 -2
- data/lib/chef/resource/apt_repository.rb +337 -5
- data/lib/chef/resource/apt_update.rb +52 -1
- data/lib/chef/resource/archive_file.rb +9 -29
- data/lib/chef/resource/bash.rb +2 -0
- data/lib/chef/resource/bff_package.rb +9 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +42 -48
- data/lib/chef/resource/cab_package.rb +8 -1
- data/lib/chef/resource/chef_client_cron.rb +225 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +198 -0
- data/lib/chef/resource/chef_client_systemd_timer.rb +177 -0
- data/lib/chef/resource/chef_gem.rb +9 -16
- data/lib/chef/resource/chef_handler.rb +2 -1
- data/lib/chef/resource/chef_sleep.rb +0 -1
- data/lib/chef/resource/chef_vault_secret.rb +135 -0
- data/lib/chef/resource/chocolatey_config.rb +3 -1
- data/lib/chef/resource/chocolatey_feature.rb +2 -1
- data/lib/chef/resource/chocolatey_package.rb +2 -1
- data/lib/chef/resource/chocolatey_source.rb +2 -1
- data/lib/chef/resource/cookbook_file.rb +1 -1
- data/lib/chef/resource/cron.rb +22 -68
- data/lib/chef/resource/cron_access.rb +8 -15
- data/lib/chef/resource/cron_d.rb +9 -75
- data/lib/chef/resource/csh.rb +2 -0
- data/lib/chef/resource/directory.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +4 -4
- data/lib/chef/resource/dnf_package.rb +2 -3
- data/lib/chef/resource/dpkg_package.rb +2 -1
- data/lib/chef/resource/dsc_resource.rb +6 -4
- data/lib/chef/resource/dsc_script.rb +3 -2
- data/lib/chef/resource/execute.rb +13 -12
- data/lib/chef/resource/file.rb +3 -1
- data/lib/chef/resource/freebsd_package.rb +2 -1
- data/lib/chef/resource/gem_package.rb +14 -6
- data/lib/chef/resource/group.rb +4 -1
- data/lib/chef/resource/helpers/cron_validations.rb +98 -0
- data/lib/chef/resource/homebrew_cask.rb +5 -4
- data/lib/chef/resource/homebrew_package.rb +4 -2
- data/lib/chef/resource/homebrew_tap.rb +2 -1
- data/lib/chef/resource/hostname.rb +41 -36
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +1 -1
- data/lib/chef/resource/ips_package.rb +10 -2
- data/lib/chef/resource/kernel_module.rb +29 -29
- data/lib/chef/resource/ksh.rb +2 -0
- data/lib/chef/resource/launchd.rb +6 -6
- data/lib/chef/resource/link.rb +1 -23
- data/lib/chef/resource/locale.rb +58 -24
- data/lib/chef/resource/log.rb +12 -1
- data/lib/chef/resource/lwrp_base.rb +1 -8
- data/lib/chef/resource/macos_userdefaults.rb +9 -6
- data/lib/chef/resource/macosx_service.rb +2 -1
- data/lib/chef/resource/macports_package.rb +10 -2
- data/lib/chef/resource/mdadm.rb +62 -2
- data/lib/chef/resource/mount.rb +3 -0
- data/lib/chef/resource/msu_package.rb +13 -1
- data/lib/chef/resource/notify_group.rb +8 -3
- data/lib/chef/resource/ohai.rb +19 -3
- data/lib/chef/resource/ohai_hint.rb +3 -12
- data/lib/chef/resource/openbsd_package.rb +9 -1
- data/lib/chef/resource/openssl_dhparam.rb +10 -1
- data/lib/chef/resource/openssl_ec_private_key.rb +23 -1
- data/lib/chef/resource/openssl_ec_public_key.rb +21 -1
- data/lib/chef/resource/openssl_rsa_private_key.rb +20 -1
- data/lib/chef/resource/openssl_rsa_public_key.rb +22 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +37 -1
- data/lib/chef/resource/openssl_x509_crl.rb +12 -1
- data/lib/chef/resource/openssl_x509_request.rb +37 -1
- data/lib/chef/resource/osx_profile.rb +3 -2
- data/lib/chef/resource/package.rb +2 -1
- data/lib/chef/resource/pacman_package.rb +2 -1
- data/lib/chef/resource/paludis_package.rb +12 -3
- data/lib/chef/resource/perl.rb +2 -0
- data/lib/chef/resource/plist.rb +207 -0
- data/lib/chef/resource/portage_package.rb +13 -3
- data/lib/chef/resource/powershell_package.rb +1 -3
- data/lib/chef/resource/powershell_package_source.rb +3 -1
- data/lib/chef/resource/powershell_script.rb +7 -17
- data/lib/chef/resource/python.rb +2 -0
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +1 -2
- data/lib/chef/resource/remote_directory.rb +2 -0
- data/lib/chef/resource/remote_file.rb +2 -0
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +2 -1
- data/lib/chef/resource/rhsm_repo.rb +3 -1
- data/lib/chef/resource/rhsm_subscription.rb +4 -1
- data/lib/chef/resource/route.rb +5 -1
- data/lib/chef/resource/rpm_package.rb +9 -2
- data/lib/chef/resource/ruby.rb +2 -0
- data/lib/chef/resource/ruby_block.rb +1 -1
- data/lib/chef/resource/scm/_scm.rb +48 -0
- data/lib/chef/resource/{scm.rb → scm/git.rb} +16 -30
- data/lib/chef/resource/{subversion.rb → scm/subversion.rb} +8 -5
- data/lib/chef/resource/script.rb +6 -3
- data/lib/chef/resource/service.rb +6 -7
- data/lib/chef/resource/smartos_package.rb +9 -1
- data/lib/chef/resource/snap_package.rb +3 -1
- data/lib/chef/resource/solaris_package.rb +9 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +6 -3
- data/lib/chef/resource/sudo.rb +9 -9
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -2
- data/lib/chef/resource/support/ulimit.erb +41 -0
- data/lib/chef/resource/swap_file.rb +5 -3
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +4 -2
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +7 -18
- data/lib/chef/resource/user.rb +1 -3
- data/lib/chef/resource/user/aix_user.rb +0 -2
- data/lib/chef/resource/user/dscl_user.rb +1 -1
- data/lib/chef/resource/user/linux_user.rb +0 -2
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user/pw_user.rb +0 -2
- data/lib/chef/resource/user/solaris_user.rb +0 -2
- data/lib/chef/resource/user/windows_user.rb +0 -2
- data/lib/chef/resource/user_ulimit.rb +114 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
- data/lib/chef/resource/windows_ad_join.rb +19 -6
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +1 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +2 -3
- data/lib/chef/resource/windows_feature.rb +2 -2
- data/lib/chef/resource/windows_feature_dism.rb +9 -22
- data/lib/chef/resource/windows_feature_powershell.rb +17 -82
- data/lib/chef/resource/windows_firewall_rule.rb +119 -10
- data/lib/chef/resource/windows_font.rb +1 -3
- data/lib/chef/resource/windows_package.rb +13 -4
- data/lib/chef/resource/windows_pagefile.rb +0 -1
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +3 -4
- data/lib/chef/resource/windows_security_policy.rb +90 -0
- data/lib/chef/resource/windows_service.rb +45 -31
- data/lib/chef/resource/windows_share.rb +3 -7
- data/lib/chef/resource/windows_shortcut.rb +0 -1
- data/lib/chef/resource/windows_task.rb +14 -15
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +157 -0
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +3 -1
- data/lib/chef/resource/yum_repository.rb +2 -1
- data/lib/chef/resource/zypper_package.rb +3 -2
- data/lib/chef/resource/zypper_repository.rb +2 -1
- data/lib/chef/resource_builder.rb +8 -0
- data/lib/chef/resource_inspector.rb +6 -6
- data/lib/chef/resource_resolver.rb +7 -14
- data/lib/chef/resources.rb +11 -3
- data/lib/chef/role.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +29 -5
- data/lib/chef/shell.rb +23 -32
- data/lib/chef/shell/shell_session.rb +0 -2
- data/lib/chef/util/diff.rb +1 -1
- data/lib/chef/util/dsc/configuration_generator.rb +1 -1
- data/lib/chef/util/dsc/lcm_output_parser.rb +3 -3
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/version_string.rb +1 -1
- data/lib/chef/win32/api/file.rb +18 -18
- data/lib/chef/win32/api/security.rb +6 -0
- data/lib/chef/win32/file.rb +3 -11
- data/lib/chef/win32/process.rb +2 -2
- data/lib/chef/win32/security.rb +40 -2
- data/spec/functional/assets/inittest +8 -7
- data/spec/functional/knife/ssh_spec.rb +27 -23
- data/spec/functional/resource/aix_service_spec.rb +1 -0
- data/spec/functional/resource/aixinit_service_spec.rb +8 -7
- data/spec/functional/resource/apt_package_spec.rb +1 -0
- data/spec/functional/resource/bff_spec.rb +2 -2
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +11 -29
- data/spec/functional/resource/dnf_package_spec.rb +441 -156
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +184 -134
- data/spec/functional/resource/insserv_spec.rb +6 -5
- data/spec/functional/resource/link_spec.rb +17 -17
- data/spec/functional/resource/locale_spec.rb +13 -2
- data/spec/functional/resource/powershell_script_spec.rb +7 -68
- data/spec/functional/resource/rpm_spec.rb +2 -2
- data/spec/functional/resource/user/dscl_spec.rb +2 -2
- data/spec/functional/resource/user/mac_user_spec.rb +2 -2
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_security_policy_spec.rb +90 -0
- data/spec/functional/resource/windows_task_spec.rb +8 -8
- data/spec/functional/resource/windows_user_privilege_spec.rb +193 -0
- data/spec/functional/run_lock_spec.rb +1 -2
- data/spec/functional/shell_spec.rb +6 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +0 -6
- data/spec/functional/win32/security_spec.rb +22 -0
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +123 -2
- data/spec/integration/knife/cookbook_show_spec.rb +28 -26
- data/spec/integration/knife/data_bag_show_spec.rb +1 -1
- data/spec/integration/knife/raw_spec.rb +30 -2
- data/spec/integration/knife/show_spec.rb +32 -3
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -5
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/noop_resource_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +50 -21
- data/spec/integration/recipes/notifying_block_spec.rb +9 -6
- data/spec/integration/recipes/provider_choice.rb +2 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +46 -144
- data/spec/integration/recipes/resource_action_spec.rb +16 -11
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +1 -3
- data/spec/integration/recipes/resource_load_spec.rb +133 -13
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +112 -0
- data/spec/integration/solo/solo_spec.rb +3 -3
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +11 -14
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/lib/chef/resource/zen_follower.rb +2 -0
- data/spec/support/platform_helpers.rb +44 -19
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/recipe_dsl_helper.rb +83 -0
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +3 -3
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -18
- data/spec/support/shared/integration/knife_support.rb +14 -8
- data/spec/unit/application/apply_spec.rb +3 -0
- data/spec/unit/application/client_spec.rb +5 -1
- data/spec/unit/application_spec.rb +1 -9
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +4 -2
- data/spec/unit/client_spec.rb +7 -5
- data/spec/unit/cookbook/gem_installer_spec.rb +3 -4
- data/spec/unit/cookbook/metadata_spec.rb +38 -19
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/data_collector_spec.rb +38 -17
- data/spec/unit/dsl/platform_introspection_spec.rb +0 -1
- data/spec/unit/environment_spec.rb +7 -7
- data/spec/unit/event_dispatch/dispatcher_spec.rb +0 -3
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +15 -15
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +9 -9
- data/spec/unit/knife/bootstrap_spec.rb +36 -54
- data/spec/unit/knife/cookbook_download_spec.rb +4 -4
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +1 -0
- data/spec/unit/knife/cookbook_upload_spec.rb +6 -5
- data/spec/unit/knife/core/bootstrap_context_spec.rb +23 -43
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/ui_spec.rb +16 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +8 -68
- data/spec/unit/knife/data_bag_secret_options_spec.rb +22 -14
- data/spec/unit/knife/role_env_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_env_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_env_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_add_spec.rb +6 -6
- data/spec/unit/knife/role_run_list_clear_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_remove_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_replace_spec.rb +4 -4
- data/spec/unit/knife/role_run_list_set_spec.rb +4 -4
- data/spec/unit/knife/ssh_spec.rb +10 -113
- data/spec/unit/knife/status_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +3 -5
- data/spec/unit/knife_spec.rb +18 -0
- data/spec/unit/lwrp_spec.rb +4 -4
- data/spec/unit/mixin/powershell_exec_spec.rb +10 -0
- data/spec/unit/mixin/securable_spec.rb +1 -0
- data/spec/unit/mixin/user_context_spec.rb +9 -1
- data/spec/unit/node/attribute_spec.rb +2 -2
- data/spec/unit/node_spec.rb +24 -0
- data/spec/unit/platform/query_helpers_spec.rb +0 -143
- data/spec/unit/property/state_spec.rb +12 -7
- data/spec/unit/property/validation_spec.rb +25 -1
- data/spec/unit/property_spec.rb +18 -15
- data/spec/unit/provider/apt_preference_spec.rb +14 -10
- data/spec/unit/provider/apt_repository_spec.rb +9 -11
- data/spec/unit/provider/apt_update_spec.rb +12 -11
- data/spec/unit/provider/cookbook_file_spec.rb +4 -4
- data/spec/unit/provider/cron_spec.rb +2 -2
- data/spec/unit/provider/directory_spec.rb +4 -15
- data/spec/unit/provider/file_spec.rb +4 -4
- data/spec/unit/provider/git_spec.rb +44 -4
- data/spec/unit/provider/link_spec.rb +0 -1
- data/spec/unit/provider/log_spec.rb +3 -3
- data/spec/unit/provider/mdadm_spec.rb +3 -3
- data/spec/unit/provider/osx_profile_spec.rb +2 -2
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +2 -2
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
- data/spec/unit/provider/package/homebrew_spec.rb +280 -174
- data/spec/unit/provider/package/msu_spec.rb +3 -3
- data/spec/unit/provider/package/pacman_spec.rb +65 -147
- data/spec/unit/provider/package/powershell_spec.rb +88 -96
- data/spec/unit/provider/package/rubygems_spec.rb +221 -31
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/package/windows/exe_spec.rb +1 -1
- data/spec/unit/provider/package/windows_spec.rb +53 -30
- data/spec/unit/provider/powershell_script_spec.rb +21 -61
- data/spec/unit/provider/remote_file_spec.rb +3 -4
- data/spec/unit/provider/service/arch_service_spec.rb +2 -3
- data/spec/unit/provider/service/debian_service_spec.rb +35 -14
- data/spec/unit/provider/service/gentoo_service_spec.rb +8 -8
- data/spec/unit/provider/service/macosx_spec.rb +210 -214
- data/spec/unit/provider/service/redhat_spec.rb +2 -2
- data/spec/unit/provider/service/systemd_service_spec.rb +23 -23
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +6 -2
- data/spec/unit/provider/subversion_spec.rb +4 -2
- data/spec/unit/provider/systemd_unit_spec.rb +24 -28
- data/spec/unit/provider/template_spec.rb +3 -4
- data/spec/unit/provider/zypper_repository_spec.rb +25 -75
- data/spec/unit/provider_resolver_spec.rb +11 -11
- data/spec/unit/provider_spec.rb +0 -1
- data/spec/unit/recipe_spec.rb +68 -0
- data/spec/unit/resource/alternatives_spec.rb +120 -0
- data/spec/unit/resource/apt_preference_spec.rb +0 -18
- data/spec/unit/resource/apt_repository_spec.rb +0 -18
- data/spec/unit/resource/apt_update_spec.rb +0 -18
- data/spec/unit/resource/archive_file_spec.rb +2 -11
- data/spec/unit/resource/chef_client_cron_spec.rb +119 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +102 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +70 -0
- data/spec/unit/resource/chef_vault_secret_spec.rb +40 -0
- data/spec/unit/resource/chocolatey_source_spec.rb +2 -1
- data/spec/unit/resource/cron_d_spec.rb +6 -48
- data/spec/unit/resource/cron_spec.rb +4 -10
- data/spec/unit/resource/gem_package_spec.rb +3 -3
- data/spec/unit/resource/helpers/cron_validations_spec.rb +77 -0
- data/spec/unit/resource/link_spec.rb +0 -4
- data/spec/unit/resource/locale_spec.rb +0 -34
- data/spec/unit/resource/ohai_spec.rb +56 -2
- data/spec/unit/resource/plist_spec.rb +130 -0
- data/spec/unit/resource/powershell_script_spec.rb +0 -5
- data/spec/unit/resource/{git_spec.rb → scm/git_spec.rb} +50 -2
- data/spec/unit/resource/{scm_spec.rb → scm/scm.rb} +1 -52
- data/spec/unit/resource/{subversion_spec.rb → scm/subversion_spec.rb} +2 -3
- data/spec/unit/resource/service_spec.rb +4 -0
- data/spec/unit/resource/user_spec.rb +2 -2
- data/spec/unit/resource/user_ulimit_spec.rb +53 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_feature_dism_spec.rb +2 -17
- data/spec/unit/resource/windows_feature_powershell_spec.rb +6 -47
- data/spec/unit/resource/windows_firewall_rule_spec.rb +88 -41
- data/spec/unit/resource/windows_package_spec.rb +4 -1
- data/spec/unit/resource/windows_service_spec.rb +9 -0
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +2 -2
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_reporter_spec.rb +1 -5
- data/spec/unit/resource_spec.rb +11 -4
- data/spec/unit/role_spec.rb +11 -11
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_context_spec.rb +1 -1
- data/spec/unit/search/query_spec.rb +1 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +0 -9
- data/spec/unit/win32/security_spec.rb +3 -4
- data/tasks/rspec.rb +1 -1
- metadata +116 -87
- data/lib/chef/dsl/core.rb +0 -52
- data/lib/chef/knife/cookbook_site_share.rb +0 -41
- data/lib/chef/knife/cookbook_site_unshare.rb +0 -41
- data/lib/chef/provider/apt_preference.rb +0 -93
- data/lib/chef/provider/apt_repository.rb +0 -358
- data/lib/chef/provider/apt_update.rb +0 -79
- data/lib/chef/provider/log.rb +0 -43
- data/lib/chef/provider/mdadm.rb +0 -85
- data/lib/chef/provider/ohai.rb +0 -45
- data/lib/chef/resource/git.rb +0 -37
- data/spec/functional/resource/windows_font_spec.rb +0 -49
- data/spec/unit/provider/ohai_spec.rb +0 -84
@@ -24,24 +24,72 @@ require_relative "../json_compat"
|
|
24
24
|
class Chef
|
25
25
|
class Resource
|
26
26
|
class WindowsFirewallRule < Chef::Resource
|
27
|
-
|
27
|
+
provides :windows_firewall_rule
|
28
28
|
|
29
|
-
description "Use the windows_firewall_rule resource to create, change or remove
|
29
|
+
description "Use the windows_firewall_rule resource to create, change or remove Windows firewall rules."
|
30
30
|
introduced "14.7"
|
31
|
+
examples <<~DOC
|
32
|
+
Allowing port 80 access
|
33
|
+
```ruby
|
34
|
+
windows_firewall_rule 'IIS' do
|
35
|
+
local_port '80'
|
36
|
+
protocol 'TCP'
|
37
|
+
firewall_action :allow
|
38
|
+
end
|
39
|
+
```
|
40
|
+
|
41
|
+
Allow protocol ICMPv6 with ICMP Type
|
42
|
+
```ruby
|
43
|
+
windows_firewall_rule 'CoreNet-Rule' do
|
44
|
+
rule_name 'CoreNet-ICMP6-LR2-In'
|
45
|
+
display_name 'Core Networking - Multicast Listener Report v2 (ICMPv6-In)'
|
46
|
+
local_port 'RPC'
|
47
|
+
protocol 'ICMPv6'
|
48
|
+
icmp_type '8'
|
49
|
+
end
|
50
|
+
```
|
51
|
+
|
52
|
+
Blocking WinRM over HTTP on a particular IP
|
53
|
+
```ruby
|
54
|
+
windows_firewall_rule 'Disable WinRM over HTTP' do
|
55
|
+
local_port '5985'
|
56
|
+
protocol 'TCP'
|
57
|
+
firewall_action :block
|
58
|
+
local_address '192.168.1.1'
|
59
|
+
end
|
60
|
+
```
|
61
|
+
|
62
|
+
Deleting an existing rule
|
63
|
+
```ruby
|
64
|
+
windows_firewall_rule 'Remove the SSH rule' do
|
65
|
+
rule_name 'ssh'
|
66
|
+
action :delete
|
67
|
+
end
|
68
|
+
```
|
69
|
+
DOC
|
31
70
|
|
32
71
|
property :rule_name, String,
|
33
72
|
name_property: true,
|
34
73
|
description: "An optional property to set the name of the firewall rule to assign if it differs from the resource block's name."
|
35
74
|
|
36
75
|
property :description, String,
|
37
|
-
default: "Firewall rule",
|
38
76
|
description: "The description to assign to the firewall rule."
|
39
77
|
|
78
|
+
property :displayname, String,
|
79
|
+
description: "The displayname to assign to the firewall rule.",
|
80
|
+
default: lazy { rule_name },
|
81
|
+
default_description: "The rule_name property value.",
|
82
|
+
introduced: "16.0"
|
83
|
+
|
84
|
+
property :group, String,
|
85
|
+
description: "Specifies that only matching firewall rules of the indicated group association are copied.",
|
86
|
+
introduced: "16.0"
|
87
|
+
|
40
88
|
property :local_address, String,
|
41
89
|
description: "The local address the firewall rule applies to."
|
42
90
|
|
43
91
|
property :local_port, [String, Integer, Array],
|
44
|
-
|
92
|
+
# split various formats of comma separated lists and provide a sorted array of strings to match PS output
|
45
93
|
coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
|
46
94
|
description: "The local port the firewall rule applies to."
|
47
95
|
|
@@ -49,7 +97,7 @@ class Chef
|
|
49
97
|
description: "The remote address the firewall rule applies to."
|
50
98
|
|
51
99
|
property :remote_port, [String, Integer, Array],
|
52
|
-
|
100
|
+
# split various formats of comma separated lists and provide a sorted array of strings to match PS output
|
53
101
|
coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
|
54
102
|
description: "The remote port the firewall rule applies to."
|
55
103
|
|
@@ -62,6 +110,11 @@ class Chef
|
|
62
110
|
default: "TCP",
|
63
111
|
description: "The protocol the firewall rule applies to."
|
64
112
|
|
113
|
+
property :icmp_type, [String, Integer],
|
114
|
+
description: "Specifies the ICMP Type parameter for using a protocol starting with ICMP",
|
115
|
+
default: "Any",
|
116
|
+
introduced: "16.0"
|
117
|
+
|
65
118
|
property :firewall_action, [Symbol, String],
|
66
119
|
default: :allow, equal_to: %i{allow block notconfigured},
|
67
120
|
description: "The action of the firewall rule.",
|
@@ -110,12 +163,16 @@ class Chef
|
|
110
163
|
# Need to reverse `$rule.Profile.ToString()` in powershell command
|
111
164
|
current_profiles = state["profile"].split(", ").map(&:to_sym)
|
112
165
|
|
166
|
+
description state["description"]
|
167
|
+
displayname state["displayname"]
|
168
|
+
group state["group"]
|
113
169
|
local_address state["local_address"]
|
114
170
|
local_port Array(state["local_port"]).sort
|
115
171
|
remote_address state["remote_address"]
|
116
172
|
remote_port Array(state["remote_port"]).sort
|
117
173
|
direction state["direction"]
|
118
174
|
protocol state["protocol"]
|
175
|
+
icmp_type state["icmp_type"]
|
119
176
|
firewall_action state["firewall_action"]
|
120
177
|
profile current_profiles
|
121
178
|
program state["program"]
|
@@ -126,13 +183,18 @@ class Chef
|
|
126
183
|
|
127
184
|
action :create do
|
128
185
|
description "Create a Windows firewall entry."
|
129
|
-
|
130
186
|
if current_resource
|
131
|
-
converge_if_changed :rule_name, :
|
132
|
-
:
|
187
|
+
converge_if_changed :rule_name, :description, :displayname, :local_address, :local_port, :remote_address,
|
188
|
+
:remote_port, :direction, :protocol, :icmp_type, :firewall_action, :profile, :program, :service,
|
189
|
+
:interface_type, :enabled do
|
133
190
|
cmd = firewall_command("Set")
|
134
191
|
powershell_out!(cmd)
|
135
192
|
end
|
193
|
+
converge_if_changed :group do
|
194
|
+
powershell_out!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'")
|
195
|
+
cmd = firewall_command("New")
|
196
|
+
powershell_out!(cmd)
|
197
|
+
end
|
136
198
|
else
|
137
199
|
converge_by("create firewall rule #{new_resource.rule_name}") do
|
138
200
|
cmd = firewall_command("New")
|
@@ -158,7 +220,9 @@ class Chef
|
|
158
220
|
# @return [String] firewall create command
|
159
221
|
def firewall_command(cmdlet_type)
|
160
222
|
cmd = "#{cmdlet_type}-NetFirewallRule -Name '#{new_resource.rule_name}'"
|
161
|
-
cmd << " -DisplayName '#{new_resource.
|
223
|
+
cmd << " -DisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "New"
|
224
|
+
cmd << " -NewDisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "Set"
|
225
|
+
cmd << " -Group '#{new_resource.group}'" if new_resource.group && cmdlet_type == "New"
|
162
226
|
cmd << " -Description '#{new_resource.description}'" if new_resource.description
|
163
227
|
cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
|
164
228
|
cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port
|
@@ -166,6 +230,7 @@ class Chef
|
|
166
230
|
cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port
|
167
231
|
cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
|
168
232
|
cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol
|
233
|
+
cmd << " -IcmpType '#{new_resource.icmp_type}'"
|
169
234
|
cmd << " -Action '#{new_resource.firewall_action}'" if new_resource.firewall_action
|
170
235
|
cmd << " -Profile '#{new_resource.profile.join("', '")}'" if new_resource.profile
|
171
236
|
cmd << " -Program '#{new_resource.program}'" if new_resource.program
|
@@ -175,12 +240,53 @@ class Chef
|
|
175
240
|
|
176
241
|
cmd
|
177
242
|
end
|
243
|
+
|
244
|
+
def define_resource_requirements
|
245
|
+
requirements.assert(:create) do |a|
|
246
|
+
a.assertion do
|
247
|
+
if new_resource.icmp_type.is_a?(String)
|
248
|
+
!new_resource.icmp_type.empty?
|
249
|
+
elsif new_resource.icmp_type.is_a?(Integer)
|
250
|
+
!new_resource.icmp_type.nil?
|
251
|
+
end
|
252
|
+
end
|
253
|
+
a.failure_message("The :icmp_type property can not be empty in #{new_resource.rule_name}")
|
254
|
+
end
|
255
|
+
|
256
|
+
requirements.assert(:create) do |a|
|
257
|
+
a.assertion do
|
258
|
+
if new_resource.icmp_type.is_a?(Integer)
|
259
|
+
new_resource.protocol.start_with?("ICMP")
|
260
|
+
elsif new_resource.icmp_type.is_a?(String) && !new_resource.protocol.start_with?("ICMP")
|
261
|
+
new_resource.icmp_type == "Any"
|
262
|
+
else
|
263
|
+
true
|
264
|
+
end
|
265
|
+
end
|
266
|
+
a.failure_message("The :icmp_type property has a value of #{new_resource.icmp_type} set, but is not allowed for :protocol #{new_resource.protocol} in #{new_resource.rule_name}")
|
267
|
+
end
|
268
|
+
|
269
|
+
requirements.assert(:create) do |a|
|
270
|
+
a.assertion do
|
271
|
+
if new_resource.icmp_type.is_a?(Integer)
|
272
|
+
(0..255).include?(new_resource.icmp_type)
|
273
|
+
elsif new_resource.icmp_type.is_a?(String) && !new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
|
274
|
+
(0..255).include?(new_resource.icmp_type.to_i)
|
275
|
+
elsif new_resource.icmp_type.is_a?(String) && new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
|
276
|
+
new_resource.icmp_type.split(":").all? { |type| (0..255).include?(type.to_i) }
|
277
|
+
else
|
278
|
+
true
|
279
|
+
end
|
280
|
+
end
|
281
|
+
a.failure_message("Can not set :icmp_type to #{new_resource.icmp_type} as one value is out of range (0 to 255) in #{new_resource.rule_name}")
|
282
|
+
end
|
283
|
+
end
|
178
284
|
end
|
179
285
|
|
180
286
|
private
|
181
287
|
|
182
288
|
# build the command to load the current resource
|
183
|
-
#
|
289
|
+
# @return [String] current firewall state
|
184
290
|
def load_firewall_state(rule_name)
|
185
291
|
<<-EOH
|
186
292
|
Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
|
@@ -193,12 +299,15 @@ class Chef
|
|
193
299
|
([PSCustomObject]@{
|
194
300
|
rule_name = $rule.Name
|
195
301
|
description = $rule.Description
|
302
|
+
displayname = $rule.DisplayName
|
303
|
+
group = $rule.Group
|
196
304
|
local_address = $addressFilter.LocalAddress
|
197
305
|
local_port = $portFilter.LocalPort
|
198
306
|
remote_address = $addressFilter.RemoteAddress
|
199
307
|
remote_port = $portFilter.RemotePort
|
200
308
|
direction = $rule.Direction.ToString()
|
201
309
|
protocol = $portFilter.Protocol
|
310
|
+
icmp_type = $portFilter.IcmpType
|
202
311
|
firewall_action = $rule.Action.ToString()
|
203
312
|
profile = $rule.Profile.ToString()
|
204
313
|
program = $applicationFilter.Program
|
@@ -22,7 +22,6 @@ class Chef
|
|
22
22
|
class WindowsFont < Chef::Resource
|
23
23
|
require_relative "../util/path_helper"
|
24
24
|
|
25
|
-
resource_name :windows_font
|
26
25
|
provides(:windows_font) { true }
|
27
26
|
|
28
27
|
description "Use the windows_font resource to install font files on Windows. By default, the font is sourced from the cookbook using the resource, but a URI source can be specified as well."
|
@@ -90,9 +89,8 @@ class Chef
|
|
90
89
|
def font_exists?
|
91
90
|
require "win32ole" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
|
92
91
|
fonts_dir = WIN32OLE.new("WScript.Shell").SpecialFolders("Fonts")
|
93
|
-
fonts_dir_local = Chef::Util::PathHelper.join(ENV["home"], "AppData/Local/Microsoft/Windows/fonts")
|
94
92
|
logger.trace("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists")
|
95
|
-
::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name))
|
93
|
+
::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name))
|
96
94
|
end
|
97
95
|
|
98
96
|
# Parse out the schema provided to us to see if it's one we support via remote_file.
|
@@ -27,7 +27,6 @@ class Chef
|
|
27
27
|
class WindowsPackage < Chef::Resource::Package
|
28
28
|
include Chef::Mixin::Uris
|
29
29
|
|
30
|
-
resource_name :windows_package
|
31
30
|
provides(:windows_package) { true }
|
32
31
|
provides :package, os: "windows"
|
33
32
|
|
@@ -41,6 +40,13 @@ class Chef
|
|
41
40
|
@source ||= source(@package_name) if @package_name.downcase.end_with?(".msi")
|
42
41
|
end
|
43
42
|
|
43
|
+
property :package_name, String,
|
44
|
+
description: "An optional property to set the package name if it differs from the resource block's name.",
|
45
|
+
identity: true
|
46
|
+
|
47
|
+
property :version, String,
|
48
|
+
description: "The version of a package to be installed or upgraded."
|
49
|
+
|
44
50
|
# windows can't take array options yet
|
45
51
|
property :options, String,
|
46
52
|
description: "One (or more) additional options that are passed to the command."
|
@@ -52,12 +58,15 @@ class Chef
|
|
52
58
|
|
53
59
|
property :timeout, [ String, Integer ], default: 600,
|
54
60
|
default_description: "600 (seconds)",
|
55
|
-
description: "The amount of time (in seconds) to wait before timing out."
|
61
|
+
description: "The amount of time (in seconds) to wait before timing out.",
|
62
|
+
desired_state: false
|
56
63
|
|
57
64
|
# In the past we accepted return code 127 for an unknown reason and 42 because of a bug
|
58
|
-
|
65
|
+
# we accept 3010 which means success, but a reboot is necessary
|
66
|
+
property :returns, [ String, Integer, Array ], default: [ 0, 3010 ],
|
59
67
|
desired_state: false,
|
60
|
-
description: "A comma-delimited list of return codes that indicate the success or failure of the package command that was run."
|
68
|
+
description: "A comma-delimited list of return codes that indicate the success or failure of the package command that was run.",
|
69
|
+
default_description: "0 (success) and 3010 (success where a reboot is necessary)"
|
61
70
|
|
62
71
|
property :source, String,
|
63
72
|
coerce: (proc do |s|
|
@@ -20,7 +20,6 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class WindowsPagefile < Chef::Resource
|
23
|
-
resource_name :windows_pagefile
|
24
23
|
provides(:windows_pagefile) { true }
|
25
24
|
|
26
25
|
description "Use the windows_pagefile resource to configure pagefile settings on Windows."
|
@@ -21,7 +21,6 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsPath < Chef::Resource
|
24
|
-
resource_name :windows_path
|
25
24
|
provides(:windows_path) { true }
|
26
25
|
|
27
26
|
description "Use the windows_path resource to manage the path environment variable on Microsoft Windows."
|
@@ -24,7 +24,6 @@ class Chef
|
|
24
24
|
class WindowsPrinter < Chef::Resource
|
25
25
|
require "resolv"
|
26
26
|
|
27
|
-
resource_name :windows_printer
|
28
27
|
provides(:windows_printer) { true }
|
29
28
|
|
30
29
|
description "Use the windows_printer resource to setup Windows printers. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system."
|
@@ -24,7 +24,6 @@ class Chef
|
|
24
24
|
class WindowsPrinterPort < Chef::Resource
|
25
25
|
require "resolv"
|
26
26
|
|
27
|
-
resource_name :windows_printer_port
|
28
27
|
provides(:windows_printer_port) { true }
|
29
28
|
|
30
29
|
description "Use the windows_printer_port resource to create and delete TCP/IPv4 printer ports on Windows."
|
@@ -25,6 +25,8 @@ class Chef
|
|
25
25
|
class WindowsScript < Chef::Resource::Script
|
26
26
|
unified_mode true
|
27
27
|
|
28
|
+
provides :windows_script
|
29
|
+
|
28
30
|
# This is an abstract resource meant to be subclasses; thus no 'provides'
|
29
31
|
|
30
32
|
set_guard_inherited_attributes(:architecture)
|
@@ -54,10 +56,7 @@ class Chef
|
|
54
56
|
protected
|
55
57
|
|
56
58
|
def assert_architecture_compatible!(desired_architecture)
|
57
|
-
|
58
|
-
raise Chef::Exceptions::Win32ArchitectureIncorrect,
|
59
|
-
"cannot execute script with requested architecture 'i386' on Windows Nano Server"
|
60
|
-
elsif ! node_supports_windows_architecture?(node, desired_architecture)
|
59
|
+
unless node_supports_windows_architecture?(node, desired_architecture)
|
61
60
|
raise Chef::Exceptions::Win32ArchitectureIncorrect,
|
62
61
|
"cannot execute script with requested architecture '#{desired_architecture}' on a system with architecture '#{node_windows_architecture(node)}'"
|
63
62
|
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Ashwini Nehate (<anehate@chef.io>)
|
3
|
+
# Author:: Davin Taddeo (<davin@chef.io>)
|
4
|
+
# Author:: Jeff Brimager (<jbrimager@chef.io>)
|
5
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
|
19
|
+
require_relative "../resource"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Resource
|
23
|
+
class WindowsSecurityPolicy < Chef::Resource
|
24
|
+
resource_name :windows_security_policy
|
25
|
+
|
26
|
+
# The valid policy_names options found here
|
27
|
+
# https://github.com/ChrisAWalker/cSecurityOptions under 'AccountSettings'
|
28
|
+
policy_names = %w{MinimumPasswordAge
|
29
|
+
MaximumPasswordAge
|
30
|
+
MinimumPasswordLength
|
31
|
+
PasswordComplexity
|
32
|
+
PasswordHistorySize
|
33
|
+
LockoutBadCount
|
34
|
+
RequireLogonToChangePassword
|
35
|
+
ForceLogoffWhenHourExpire
|
36
|
+
NewAdministratorName
|
37
|
+
NewGuestName
|
38
|
+
ClearTextPassword
|
39
|
+
LSAAnonymousNameLookup
|
40
|
+
EnableAdminAccount
|
41
|
+
EnableGuestAccount
|
42
|
+
}
|
43
|
+
description "Use the windows_security_policy resource to set a security policy on the Microsoft Windows platform."
|
44
|
+
introduced "16.0"
|
45
|
+
|
46
|
+
property :secoption, String, name_property: true, required: true, equal_to: policy_names,
|
47
|
+
description: "The name of the policy to be set on windows platform to maintain its security."
|
48
|
+
|
49
|
+
property :secvalue, String, required: true,
|
50
|
+
description: "Policy value to be set for policy name."
|
51
|
+
|
52
|
+
action :set do
|
53
|
+
security_option = new_resource.secoption
|
54
|
+
security_value = new_resource.secvalue
|
55
|
+
powershell_script "#{security_option} set to #{security_value}" do
|
56
|
+
convert_boolean_return true
|
57
|
+
code <<-EOH
|
58
|
+
$security_option = "#{security_option}"
|
59
|
+
if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
|
60
|
+
{
|
61
|
+
$#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
|
62
|
+
C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY
|
63
|
+
}
|
64
|
+
else
|
65
|
+
{
|
66
|
+
$#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace "#{security_option}\\s*=\\s*\\d*", "#{security_option} = #{security_value}" } | Set-Content $env:TEMP\\#{security_option}_Export.inf
|
67
|
+
C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY
|
68
|
+
}
|
69
|
+
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
70
|
+
EOH
|
71
|
+
not_if <<-EOH
|
72
|
+
$#{security_option}_Export = C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
|
73
|
+
$ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option})
|
74
|
+
$check_digit = $ExportAudit -match '#{security_option} = #{security_value}'
|
75
|
+
$check_string = $ExportAudit -match '#{security_option} = "#{security_value}"'
|
76
|
+
if ( $check_string -Or $check_digit )
|
77
|
+
{
|
78
|
+
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
79
|
+
$true
|
80
|
+
}
|
81
|
+
else
|
82
|
+
{
|
83
|
+
$false
|
84
|
+
}
|
85
|
+
EOH
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
@@ -41,41 +41,52 @@ class Chef
|
|
41
41
|
|
42
42
|
allowed_actions :configure_startup, :create, :delete, :configure
|
43
43
|
|
44
|
-
|
45
|
-
|
44
|
+
property :timeout, Integer,
|
45
|
+
description: "The amount of time (in seconds) to wait before timing out.",
|
46
|
+
default: 60,
|
47
|
+
desired_state: false
|
48
|
+
|
46
49
|
property :display_name, String, regex: /^.{1,256}$/,
|
47
|
-
|
48
|
-
|
50
|
+
description: "The display name to be used by user interface programs to identify the service. This string has a maximum length of 256 characters.",
|
51
|
+
validation_message: "The display_name can only be a maximum of 256 characters!",
|
52
|
+
introduced: "14.0"
|
49
53
|
|
50
54
|
# https://github.com/chef/win32-service/blob/ffi/lib/win32/windows/constants.rb#L19-L29
|
51
|
-
property :desired_access, Integer,
|
55
|
+
property :desired_access, Integer,
|
56
|
+
default: SERVICE_ALL_ACCESS,
|
57
|
+
introduced: "14.0"
|
52
58
|
|
53
59
|
# https://github.com/chef/win32-service/blob/ffi/lib/win32/windows/constants.rb#L31-L41
|
54
|
-
property :service_type, Integer, default: SERVICE_WIN32_OWN_PROCESS
|
60
|
+
property :service_type, Integer, default: SERVICE_WIN32_OWN_PROCESS,
|
61
|
+
introduced: "14.0"
|
55
62
|
|
56
63
|
# Valid options:
|
57
64
|
# - :automatic
|
58
65
|
# - :manual
|
59
66
|
# - :disabled
|
60
67
|
# Reference: https://github.com/chef/win32-service/blob/ffi/lib/win32/windows/constants.rb#L49-L54
|
61
|
-
property :startup_type, [Symbol],
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
68
|
+
property :startup_type, [Symbol],
|
69
|
+
equal_to: %i{automatic manual disabled},
|
70
|
+
default: :automatic,
|
71
|
+
description: "Use to specify the startup type of the service.",
|
72
|
+
coerce: proc { |x|
|
73
|
+
if x.is_a?(Integer)
|
74
|
+
ALLOWED_START_TYPES.invert.fetch(x) do
|
75
|
+
Chef::Log.warn("Unsupported startup_type #{x}, falling back to :automatic")
|
76
|
+
:automatic
|
77
|
+
end
|
78
|
+
elsif x.is_a?(String)
|
79
|
+
x.to_sym
|
80
|
+
else
|
81
|
+
x
|
66
82
|
end
|
67
|
-
|
68
|
-
|
69
|
-
else
|
70
|
-
x
|
71
|
-
end
|
72
|
-
}
|
73
|
-
|
74
|
-
# This only applies if startup_type is :automatic
|
83
|
+
}
|
84
|
+
|
75
85
|
# 1 == delayed start is enabled
|
76
86
|
# 0 == NO delayed start
|
77
87
|
property :delayed_start, [TrueClass, FalseClass],
|
78
88
|
introduced: "14.0",
|
89
|
+
description: "Set the startup type to delayed start. This only applies if `startup_type` is `:automatic`",
|
79
90
|
default: false, coerce: proc { |x|
|
80
91
|
if x.is_a?(Integer)
|
81
92
|
x == 0 ? false : true
|
@@ -85,31 +96,34 @@ class Chef
|
|
85
96
|
}
|
86
97
|
|
87
98
|
# https://github.com/chef/win32-service/blob/ffi/lib/win32/windows/constants.rb#L43-L47
|
88
|
-
property :error_control, Integer,
|
99
|
+
property :error_control, Integer,
|
100
|
+
default: SERVICE_ERROR_NORMAL,
|
101
|
+
introduced: "14.0"
|
89
102
|
|
90
103
|
property :binary_path_name, String,
|
91
104
|
introduced: "14.0",
|
92
|
-
description: "The fully qualified path to the service binary file. The path can also include arguments for an auto-start service. This is required for
|
105
|
+
description: "The fully qualified path to the service binary file. The path can also include arguments for an auto-start service. This is required for `:create` and `:configure` actions"
|
93
106
|
|
94
107
|
property :load_order_group, String,
|
95
108
|
introduced: "14.0",
|
96
|
-
description: "The
|
97
|
-
|
98
|
-
# A pointer to a double null-terminated array of null-separated names of
|
99
|
-
# services or load ordering groups that the system must start before this
|
100
|
-
# service. Specify nil or an empty string if the service has no
|
101
|
-
# dependencies. Dependency on a group means that this service can run if
|
102
|
-
# at least one member of the group is running after an attempt to start
|
103
|
-
# all members of the group.
|
109
|
+
description: "The name of the service's load ordering group(s)."
|
110
|
+
|
104
111
|
property :dependencies, [String, Array],
|
112
|
+
description: "A pointer to a double null-terminated array of null-separated names of services or load ordering groups that the system must start before this service. Specify `nil` or an empty string if the service has no dependencies. Dependency on a group means that this service can run if at least one member of the group is running after an attempt to start all members of the group.",
|
105
113
|
introduced: "14.0"
|
106
114
|
|
107
115
|
property :description, String,
|
108
116
|
description: "Description of the service.",
|
109
117
|
introduced: "14.0"
|
110
118
|
|
111
|
-
property :run_as_user, String,
|
112
|
-
|
119
|
+
property :run_as_user, String,
|
120
|
+
description: "The user under which a Microsoft Windows service runs.",
|
121
|
+
default: "localsystem",
|
122
|
+
coerce: proc { |x| x.downcase }
|
123
|
+
|
124
|
+
property :run_as_password, String,
|
125
|
+
description: "The password for the user specified by `run_as_user`.",
|
126
|
+
default: ""
|
113
127
|
end
|
114
128
|
end
|
115
129
|
end
|