chef 15.7.32 → 15.8.23

data/lib/chef/knife/user_key_delete.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../knife"
-require_relative "key_delete"
 
 class Chef
   class Knife
@@ -30,6 +29,10 @@ class Chef
     class UserKeyDelete < Knife
       banner "knife user key delete USER KEYNAME (options)"
 
+      deps do
+        require_relative "key_delete"
+      end
+
       attr_reader :actor
 
       def initialize(argv = [])

data/lib/chef/knife/user_key_edit.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../knife"
-require_relative "key_edit"
 require_relative "key_edit_base"
 
 class Chef
@@ -33,6 +32,10 @@ class Chef
 
       banner "knife user key edit USER KEYNAME (options)"
 
+      deps do
+        require_relative "key_edit"
+      end
+
       attr_reader :actor
 
       def initialize(argv = [])

data/lib/chef/knife/user_key_list.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../knife"
-require_relative "key_list"
 require_relative "key_list_base"
 
 class Chef
@@ -33,6 +32,10 @@ class Chef
 
       banner "knife user key list USER (options)"
 
+      deps do
+        require_relative "key_list"
+      end
+
       attr_reader :actor
 
       def initialize(argv = [])

data/lib/chef/knife/user_key_show.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../knife"
-require_relative "key_show"
 
 class Chef
   class Knife
@@ -30,6 +29,10 @@ class Chef
     class UserKeyShow < Knife
       banner "knife user key show USER KEYNAME (options)"
 
+      deps do
+        require_relative "key_show"
+      end
+
       attr_reader :actor
 
       def initialize(argv = [])

data/lib/chef/node/attribute.rb

@@ -1,7 +1,7 @@
 #--
 # Author:: Adam Jacob (<adam@chef.io>)
 # Author:: AJ Christensen (<aj@chef.io>)
-# Copyright:: Copyright 2008-2019, Chef Software Inc.
+# Copyright:: Copyright 2008-2020, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -453,6 +453,8 @@ class Chef
         merged_attributes.read(*path)
       end
 
+      alias :dig :read
+
       def read!(*path)
         merged_attributes.read!(*path)
       end

data/lib/chef/node/common_api.rb

@@ -1,5 +1,5 @@
 #--
-# Copyright:: Copyright 2016, Chef Software, Inc.
+# Copyright:: Copyright 2016-2020, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -98,6 +98,8 @@ class Chef
         nil
       end
 
+      alias :dig :read
+
       # non-autovivifying reader that throws an exception if the attribute does not exist
       def read!(*path)
         raise Chef::Exceptions::NoSuchAttribute.new(path.join ".") unless exist?(*path)

data/lib/chef/provider/ifconfig.rb

@@ -39,6 +39,10 @@ class Chef
       attr_accessor :config_template
       attr_accessor :config_path
 
+      # @api private
+      # @return [String] the major.minor of the net-tools version as a string
+      attr_accessor :ifconfig_version
+
       def initialize(new_resource, run_context)
         super(new_resource, run_context)
         @config_template = nil
@@ -54,15 +58,20 @@ class Chef
         @ifconfig_version = nil
 
         @net_tools_version = shell_out("ifconfig", "--version")
+        @net_tools_version.stdout.each_line do |line|
+          if line =~ /^net-tools (\d+\.\d+)/
+            @ifconfig_version = line.match(/^net-tools (\d+\.\d+)/)[1]
+          end
+        end
         @net_tools_version.stderr.each_line do |line|
-          if line =~ /^net-tools (\d+.\d+)/
-            @ifconfig_version = line.match(/^net-tools (\d+.\d+)/)[1]
+          if line =~ /^net-tools (\d+\.\d+)/
+            @ifconfig_version = line.match(/^net-tools (\d+\.\d+)/)[1]
           end
         end
 
         if @ifconfig_version.nil?
           raise "net-tools not found - this is required for ifconfig"
-        elsif @ifconfig_version.to_f < 2.0
+        elsif @ifconfig_version.to_i < 2
           # Example output for 1.60 is as follows: (sanitized but format intact)
           # eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
           #           inet addr:192.168.1.1  Bcast:192.168.0.1  Mask:255.255.248.0
@@ -99,7 +108,7 @@ class Chef
             current_resource.mtu(@interface["mtu"])
             current_resource.metric(@interface["metric"])
           end
-        elsif @ifconfig_version.to_f >= 2.0
+        elsif @ifconfig_version.to_i >= 2
           # Example output for 2.10-alpha is as follows: (sanitized but format intact)
           # eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
           #       inet 192.168.1.1  netmask 255.255.240.0  broadcast 192.168.0.1

data/lib/chef/provider/user/mac.rb

@@ -52,6 +52,10 @@ class Chef
             current_resource.shell(user_plist[:shell][0])
             current_resource.comment(user_plist[:comment][0])
 
+            if user_plist[:is_hidden]
+              current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false)
+            end
+
             shadow_hash = user_plist[:shadow_hash]
             if shadow_hash
               current_resource.password(shadow_hash[0]["SALTED-SHA512-PBKDF2"]["entropy"].string.unpack("H*")[0])
@@ -137,7 +141,7 @@ class Chef
         def create_user
           cmd = [-"-addUser", new_resource.username]
           cmd += ["-fullName", new_resource.comment] if prop_is_set?(:comment)
-          cmd += ["-UID", new_resource.uid]          if prop_is_set?(:uid)
+          cmd += ["-UID", prop_is_set?(:uid) ? new_resource.uid : get_free_uid]
           cmd += ["-shell", new_resource.shell]
           cmd += ["-home", new_resource.home]
           cmd += ["-admin"] if new_resource.admin
@@ -165,6 +169,10 @@ class Chef
           reload_user_plist
           reload_admin_group_plist
 
+          if prop_is_set?(:hidden)
+            set_hidden
+          end
+
           if prop_is_set?(:password)
             converge_by("set password") { set_password }
           end
@@ -196,7 +204,7 @@ class Chef
             end.run_action(group_action)
 
             converge_by("create primary group ID") do
-              run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", new_resource.gid)
+              run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", group_id)
             end
           end
 
@@ -208,7 +216,7 @@ class Chef
         end
 
         def compare_user
-          %i{comment shell uid gid salt password admin secure_token}.any? { |m| diverged?(m) }
+          %i{comment shell uid gid salt password admin secure_token hidden}.any? { |m| diverged?(m) }
         end
 
         def manage_user
@@ -272,7 +280,13 @@ class Chef
 
           if diverged?(:gid)
             converge_by("alter group membership") do
-              run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", new_resource.gid)
+              run_dscl("create", "/Users/#{new_resource.username}", "PrimaryGroupID", group_id)
+            end
+          end
+
+          if diverged?(:hidden)
+            converge_by("alter hidden") do
+              set_hidden
             end
           end
 
@@ -336,6 +350,8 @@ class Chef
             user_group_diverged?
           when :secure_token
             secure_token_diverged?
+          when :hidden
+            hidden_diverged?
           else
             # Other fields are have been set on current resource so just compare
             # them.
@@ -343,6 +359,24 @@ class Chef
           end
         end
 
+        # Find the next available uid on the system.
+        # Starting with 200 if `system` is set, 501 otherwise.
+        def get_free_uid(search_limit = 1000)
+          uid = nil
+          base_uid = new_resource.system ? 200 : 501
+          next_uid_guess = base_uid
+          users_uids = run_dscl("list", "/Users", "uid")
+          while next_uid_guess < search_limit + base_uid
+            if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
+              next_uid_guess += 1
+            else
+              uid = next_uid_guess
+              break
+            end
+          end
+          uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
+        end
+
         # Attempt to resolve the group name, gid, and the action required for
         # associated group resource. If a group exists we'll modify it, otherwise
         # create it.
@@ -410,12 +444,21 @@ class Chef
           return false unless prop_is_set?(:gid)
 
           group_name, group_id = user_group_info
+          current_resource.gid != group_id.to_i
+        end
 
-          if current_resource.gid.is_a?(String)
-            current_resource.gid != group_name
-          else
-            current_resource.gid != group_id.to_i
-          end
+        def hidden_diverged?
+          return false unless prop_is_set?(:hidden)
+
+          (current_resource.hidden ? 1 : 0) != hidden_value.to_i
+        end
+
+        def set_hidden
+          run_dscl("create", "/Users/#{new_resource.username}", "IsHidden", hidden_value.to_i)
+        end
+
+        def hidden_value
+          new_resource.hidden ? 1 : 0
         end
 
         def password_diverged?
@@ -593,6 +636,7 @@ class Chef
               auth_authority: "dsAttrTypeStandard:AuthenticationAuthority",
               shadow_hash: "dsAttrTypeNative:ShadowHashData",
               group_members: "dsAttrTypeStandard:GroupMembers",
+              is_hidden: "dsAttrTypeNative:IsHidden",
           }.freeze
 
           attr_accessor :plist_hash, :property_map

data/lib/chef/resource/notify_group.rb

@@ -0,0 +1,70 @@
+#
+# Copyright:: 2019-2020, Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require_relative "../dist"
+
+class Chef
+  class Resource
+    class NotifyGroup < Chef::Resource
+      resource_name :notify_group
+      provides :notify_group
+
+      unified_mode true
+
+      description "The notify_group resource does nothing, and always fires notifications which are set on it.  Use it to DRY blocks of notifications that are common to multiple resources, and provide a single target for other resources to notify.  Unlike most resources, its default action is :nothing."
+      introduced "15.8"
+
+      examples <<~DOC
+        Wire up a notification from a service resource to stop and start the service with a 60 second delay.
+
+        ```
+        service "crude" do
+          action [ :enable, :start ]
+        end
+
+        chef_sleep "60" do
+          action :nothing
+        end
+
+        # Example code for a hypothetical badly behaved service that requires
+        # 60 seconds between a stop and start in order to restart the service
+        # (due to race conditions, bleeding connections down, resources that only
+        # slowly unlock in the background, or other poor software behaviors that
+        # are sometimes encountered).
+        #
+        notify_group "crude_stop_and_start" do
+          notifies :stop, "service[crude]", :immediately
+          notifies :sleep, "chef_sleep[60]", :immediately
+          notifies :start, "service[crude]", :immediately
+        end
+
+        template "/etc/crude/crude.conf" do
+          source "crude.conf.erb"
+          variables node["crude"]
+          notifies :run, "notify_group[crude_stop_and_start]", :immediately
+        end
+        ```
+      DOC
+
+      action :run do
+        new_resource.updated_by_last_action(true)
+      end
+
+      default_action :nothing
+    end
+  end
+end

data/lib/chef/resource/sysctl.rb

@@ -1,6 +1,6 @@
 #
 # Copyright:: 2018, Webb Agile Solutions Ltd.
-# Copyright:: 2018-2018, Chef Software Inc.
+# Copyright:: 2018-2020, Chef Software Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -45,6 +45,11 @@ class Chef
         coerce: proc { |v| coerce_value(v) },
         required: true
 
+      property :comment, [Array, String],
+        description: "Comments, placed above the resource setting in the generated file. For multi-line comments, use an array of strings, one per line.",
+        default: [],
+        introduced: "15.8"
+
       property :conf_dir, String,
         description: "The configuration directory to write the config to.",
         default: "/etc/sysctl.d"
@@ -81,7 +86,7 @@ class Chef
           directory new_resource.conf_dir
 
           file "#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf" do
-            content "#{new_resource.key} = #{new_resource.value}"
+            content contruct_sysctl_content
           end
 
           execute "Load sysctl values" do
@@ -112,9 +117,28 @@ class Chef
       end
 
       action_class do
+        #
+        # Shell out to set the sysctl value
+        #
+        # @param [String] key The sysctl key
+        # @param [String] value The value of the sysctl key
+        #
         def set_sysctl_param(key, value)
           shell_out!("sysctl #{"-e " if new_resource.ignore_error}-w \"#{key}=#{value}\"")
         end
+
+        #
+        # construct a string, joining members of new_resource.comment and new_resource.value
+        #
+        # @return [String] The text file content
+        #
+        def contruct_sysctl_content
+          sysctl_lines = Array(new_resource.comment).map { |c| "# #{c.strip}" }
+
+          sysctl_lines << "#{new_resource.key} = #{new_resource.value}"
+
+          sysctl_lines.join("\n")
+        end
       end
 
       private

data/lib/chef/resource/user/mac_user.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Ryan Cragun (<ryan@chef.io>)
-# Copyright:: Copyright 2019, Chef Software Inc.
+# Copyright:: Copyright 2019-2020, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -100,6 +100,9 @@ class Chef
 
         property :admin, [TrueClass, FalseClass], description: "Create the user as an admin", default: false
 
+        # Hide a user account in the macOS login window
+        property :hidden, [TrueClass, FalseClass, nil], description: "Hide account from loginwindow and system preferences", default: nil, introduced: "15.8"
+
         # TCC on macOS >= 10.14 requires admin credentials of an Admin user that
         # has SecureToken enabled in order to toggle SecureToken.
         property :admin_username, String, description: "Admin username for superuser actions"

data/lib/chef/resource/windows_task.rb

@@ -77,7 +77,8 @@ class Chef
                description: "The frequency with which to run the task."
 
       property :start_day, String,
-        description: "Specifies the first date on which the task runs in MM/DD/YYYY format."
+        description: "Specifies the first date on which the task runs in MM/DD/YYYY format.",
+        default_description: "The current date."
 
       property :start_time, String,
         description: "Specifies the start time to run the task, in HH:mm format."

data/lib/chef/resources.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Daniel DeLeo (<dan@chef.io>)
-# Copyright:: Copyright 2010-2019, Chef Software, Inc.
+# Copyright:: Copyright 2010-2020, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -66,6 +66,7 @@ require_relative "resource/macports_package"
 require_relative "resource/macos_userdefaults"
 require_relative "resource/mdadm"
 require_relative "resource/mount"
+require_relative "resource/notify_group"
 require_relative "resource/ohai"
 require_relative "resource/ohai_hint"
 require_relative "resource/openbsd_package"