chef 16.0.275 → 16.2.50

data/lib/chef/resource/batch.rb

@@ -27,8 +27,10 @@ class Chef
 
       description "Use the **batch** resource to execute a batch script using the cmd.exe interpreter on Windows. The batch resource creates and executes a temporary file (similar to how the script resource behaves), rather than running the command inline. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence."
 
-      def initialize(name, run_context = nil)
-        super(name, run_context, nil, "cmd.exe")
+      def initialize(*args)
+        super
+        @interpreter = "cmd.exe"
+        @default_guard_interpreter = resource_name
       end
 
     end

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -48,6 +48,16 @@ class Chef
           daemon_options ["--override-runlist mycorp_base::default"]
         end
       ```
+
+      **Run #{Chef::Dist::PRODUCT} daily at 01:00 am, specifying a named run-list**:
+
+      ```ruby
+        chef_client_scheduled_task "Run chef-client named run-list daily" do
+          frequency 'daily'
+          start_time '01:00'
+          daemon_options ['-n audit_only']
+        end
+      ```
       DOC
 
       resource_name :chef_client_scheduled_task
@@ -72,7 +82,8 @@ class Chef
         coerce: proc { |x| Integer(x) },
         callbacks: { "should be a positive number" => proc { |v| v > 0 } },
         description: "Numeric value to go with the scheduled task frequency",
-        default: 30
+        default: lazy { frequency == "minute" ? 30 : 1 },
+        default_description: "30 if frequency is 'minute', 1 otherwise"
 
       property :accept_chef_license, [true, false],
         description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
@@ -129,6 +140,7 @@ class Chef
 
         # According to https://docs.microsoft.com/en-us/windows/desktop/taskschd/schtasks,
         # the :once, :onstart, :onlogon, and :onidle schedules don't accept schedule modifiers
+
         windows_task new_resource.task_name do
           run_level                      :highest
           command                        full_command

data/lib/chef/resource/chef_gem.rb

@@ -22,26 +22,59 @@ require_relative "../dist"
 
 class Chef
   class Resource
-    # Use the chef_gem resource to install a gem only for the instance of Ruby that is dedicated to the chef-client.
-    # When a gem is installed from a local file, it must be added to the node using the remote_file or cookbook_file
-    # resources.
-    #
-    # The chef_gem resource works with all of the same properties and options as the gem_package resource, but does not
-    # accept the gem_binary property because it always uses the CurrentGemEnvironment under which the chef-client is
-    # running. In addition to performing actions similar to the gem_package resource, the chef_gem resource does the
-    # following:
-    #  - Runs its actions immediately, before convergence, allowing a gem to be used in a recipe immediately after it is
-    #    installed
-    #  - Runs Gem.clear_paths after the action, ensuring that gem is aware of changes so that it can be required
-    #    immediately after it is installed
-
-    require_relative "gem_package"
-    require_relative "../dist"
-
     class ChefGem < Chef::Resource::Package::GemPackage
       unified_mode true
       provides :chef_gem
 
+      description <<~DESC
+        Use the **chef_gem** resource to install a gem only for the instance of Ruby that is dedicated to the #{Chef::Dist::CLIENT}.
+        When a gem is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources.
+
+        The **chef_gem** resource works with all of the same properties and options as the **gem_package** resource, but does not
+        accept the `gem_binary` property because it always uses the `CurrentGemEnvironment` under which the `#{Chef::Dist::CLIENT}` is
+        running. In addition to performing actions similar to the **gem_package** resource, the **chef_gem** resource does the
+        following:
+        - Runs its actions immediately, before convergence, allowing a gem to be used in a recipe immediately after it is installed.
+        - Runs `Gem.clear_paths` after the action, ensuring that gem is aware of changes so that it can be required immediately after it is installed.
+
+        Warning: The **chef_gem** and **gem_package** resources are both used to install Ruby gems. For any machine on which #{Chef::Dist::PRODUCT} is
+        installed, there are two instances of Ruby. One is the standard, system-wide instance of Ruby and the other is a dedicated instance that is
+        available only to #{Chef::Dist::PRODUCT}.
+        Use the **chef_gem** resource to install gems into the instance of Ruby that is dedicated to #{Chef::Dist::PRODUCT}.
+        Use the **gem_package** resource to install all other gems (i.e. install gems system-wide).
+      DESC
+
+      examples <<~EXAMPLES
+        **Compile time vs. converge time installation of gems**
+
+        To install a gem while #{Chef::Dist::PRODUCT} is configuring the node (the converge phase), set the `compile_time` property to `false`:
+        ```ruby
+        chef_gem 'right_aws' do
+          compile_time false
+          action :install
+        end
+        ```
+
+        To install a gem while the resource collection is being built (the compile phase), set the `compile_time` property to `true`:
+        ```ruby
+        chef_gem 'right_aws' do
+          compile_time true
+          action :install
+        end
+        ```
+
+        Install MySQL for Chef
+        ```ruby
+        apt_update
+
+        build_essential 'install compilation tools' do
+          compile_time true
+        end
+
+        chef_gem 'mysql'
+        ```
+      EXAMPLES
+
       property :package_name, String,
         description: "An optional property to set the package name if it differs from the resource block's name.",
         identity: true
@@ -49,11 +82,14 @@ class Chef
       property :version, String,
         description: "The version of a package to be installed or upgraded."
 
-      property :gem_binary, default: "#{RbConfig::CONFIG["bindir"]}/gem", default_description: "The `gem` binary included with #{Chef::Dist::PRODUCT}.",
-                            description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be installed.",
-                            callbacks: {
-                 "The chef_gem resource is restricted to the current gem environment, use gem_package to install to other environments." => proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
-               }
+      property :gem_binary, String,
+        default: "#{RbConfig::CONFIG["bindir"]}/gem",
+        default_description: "The `gem` binary included with #{Chef::Dist::PRODUCT}.",
+        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be used.",
+        callbacks: {
+          "The `chef_gem` resource is restricted to the current gem environment, use `gem_package` to install to other environments." =>
+            proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
+        }
     end
   end
 end

data/lib/chef/resource/chef_handler.rb

@@ -107,7 +107,7 @@ class Chef
           end
         end
 
-        # Walks down the namespace heirarchy to return the class object for the given class name.
+        # Walks down the namespace hierarchy to return the class object for the given class name.
         # If the class is not available, NameError is thrown.
         #
         # @param class_full_name [String] full class name such as 'Chef::Handler::Foo' or 'MyHandler'.
@@ -118,7 +118,7 @@ class Chef
           class_name = ancestors.pop
 
           # We need to search the ancestors only for the first/uppermost namespace of the class, so we
-          # need to enable the #const_get inherit paramenter only when we are searching in Kernel scope
+          # need to enable the #const_get inherit parameter only when we are searching in Kernel scope
           # (see COOK-4117).
           parent = ancestors.inject(Kernel) { |scope, const_name| scope.const_get(const_name, scope === Kernel) }
           child = parent.const_get(class_name, parent === Kernel)

data/lib/chef/resource/chef_vault_secret.rb

@@ -45,7 +45,7 @@ class Chef
         chef_vault_secret 'root-password' do
           admins 'jtimberman,paulmooring'
           data_bag 'secrets'
-          raw_data({'auth' => 'DontUseThisPasswordForRoot'})
+          raw_data({'auth' => 'DoNotUseThisPasswordForRoot'})
           search '*:*'
         end
         ```

data/lib/chef/resource/cron/_cron_shared.rb

@@ -0,0 +1,98 @@
+unified_mode true
+
+TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze
+TIMEOUT_REGEX = /\A\S+/.freeze
+WEEKDAYS = {
+  sunday: "0", monday: "1", tuesday: "2", wednesday: "3", thursday: "4", friday: "5", saturday: "6",
+  sun: "0", mon: "1", tue: "2", wed: "3", thu: "4", fri: "5", sat: "6"
+}.freeze
+
+property :minute, [Integer, String],
+  description: "The minute at which the cron entry should run (`0 - 59`).",
+  default: "*", callbacks: {
+    "should be a valid minute spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 59) },
+  }
+
+property :hour, [Integer, String],
+  description: "The hour at which the cron entry is to run (`0 - 23`).",
+  default: "*", callbacks: {
+    "should be a valid hour spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 23) },
+  }
+
+property :day, [Integer, String],
+  description: "The day of month at which the cron entry should run (`1 - 31`).",
+  default: "*", callbacks: {
+    "should be a valid day spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 1, 31) },
+  }
+
+property :month, [Integer, String],
+  description: "The month in the year on which a cron entry is to run (`1 - 12`, `jan-dec`, or `*`).",
+  default: "*", callbacks: {
+    "should be a valid month spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_month(spec) },
+  }
+
+property :weekday, [Integer, String, Symbol],
+  description: "The day of the week on which this entry is to run (`0-7`, `mon-sun`, `monday-sunday`, or `*`), where Sunday is both `0` and `7`.",
+  default: "*", coerce: proc { |day| weekday_in_crontab(day) },
+  callbacks: {
+    "should be a valid weekday spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_dow(spec) },
+  }
+
+property :shell, String,
+  description: "Set the `SHELL` environment variable."
+
+property :path, String,
+  description: "Set the `PATH` environment variable."
+
+property :home, String,
+  description: "Set the `HOME` environment variable."
+
+property :mailto, String,
+  description: "Set the `MAILTO` environment variable."
+
+property :command, String,
+  description: "The command to be run, or the path to a file that contains the command to be run.",
+  identity: true,
+  required: [:create]
+
+property :user, String,
+  description: "The name of the user that runs the command.",
+  default: "root"
+
+property :environment, Hash,
+  description: "A Hash containing additional arbitrary environment variables under which the cron job will be run in the form of `({'ENV_VARIABLE' => 'VALUE'})`. **Note**: These variables must exist for a command to be run successfully.",
+  default: lazy { {} }
+
+property :time_out, Hash,
+  description: "A Hash of timeouts in the form of `({'OPTION' => 'VALUE'})`. Accepted valid options are:
+  - `preserve-status` (BOOL, default: 'false'),
+  - `foreground` (BOOL, default: 'false'),
+  - `kill-after` (in seconds),
+  - `signal` (a name like 'HUP' or a number)",
+  default: lazy { {} },
+  introduced: "15.7",
+  coerce: proc { |h|
+    if h.is_a?(Hash)
+      invalid_keys = h.keys - TIMEOUT_OPTS
+      unless invalid_keys.empty?
+        error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"!  You passed \"#{invalid_keys.join(", ")}\"."
+        raise Chef::Exceptions::ValidationFailed, error_msg
+      end
+      unless h.values.all? { |x| x =~ TIMEOUT_REGEX }
+        error_msg = "Values of option time_out should be non-empty strings without any leading whitespace."
+        raise Chef::Exceptions::ValidationFailed, error_msg
+      end
+      h
+    elsif h.is_a?(Integer) || h.is_a?(String)
+      { "duration" => h }
+    end
+  }
+
+private
+# Convert weekday input value into crontab format that
+# could be written in the crontab
+# @return [Integer, String] A weekday formed as per the user inputs.
+def weekday_in_crontab(day)
+  weekday = day.to_s.downcase.to_sym
+  WEEKDAYS[weekday] || day
+end

data/lib/chef/resource/cron/cron.rb

@@ -0,0 +1,46 @@
+#
+# Author:: Bryan McLellan (btm@loftninjas.org)
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright 2009-2016, Bryan McLellan
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../../resource"
+require_relative "../helpers/cron_validations"
+require_relative "../../provider/cron" # do not remove. we actually need this below
+
+class Chef
+  class Resource
+    class Cron < Chef::Resource
+      unified_mode true
+
+      use "cron_shared"
+
+      provides :cron
+
+      description "Use the **cron** resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron."
+
+      state_attrs :minute, :hour, :day, :month, :weekday, :user
+
+      default_action :create
+      allowed_actions :create, :delete
+
+      property :time, Symbol,
+        description: "A time interval.",
+        equal_to: Chef::Provider::Cron::SPECIAL_TIME_VALUES
+
+    end
+  end
+end

data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb}

@@ -15,15 +15,18 @@
 # limitations under the License.
 #
 
-require_relative "../resource"
-require_relative "helpers/cron_validations"
+require_relative "../../resource"
+require_relative "../helpers/cron_validations"
 require "shellwords" unless defined?(Shellwords)
-require_relative "../dist"
+require_relative "../../dist"
 
 class Chef
   class Resource
     class CronD < Chef::Resource
       unified_mode true
+
+      use "cron_shared"
+
       provides :cron_d
 
       introduced "14.4"
@@ -98,92 +101,9 @@ class Chef
         description: "Schedule your cron job with one of the special predefined value instead of ** * pattern.",
         equal_to: %w{ @reboot @yearly @annually @monthly @weekly @daily @midnight @hourly }
 
-      property :minute, [Integer, String],
-        description: "The minute at which the cron entry should run (`0 - 59`).",
-        default: "*", callbacks: {
-          "should be a valid minute spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 59) },
-        }
-
-      property :hour, [Integer, String],
-        description: "The hour at which the cron entry is to run (`0 - 23`).",
-        default: "*", callbacks: {
-          "should be a valid hour spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 23) },
-        }
-
-      property :day, [Integer, String],
-        description: "The day of month at which the cron entry should run (`1 - 31`).",
-        default: "*", callbacks: {
-          "should be a valid day spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 1, 31) },
-        }
-
-      property :month, [Integer, String],
-        description: "The month in the year on which a cron entry is to run (`1 - 12`, `jan-dec`, or `*`).",
-        default: "*", callbacks: {
-          "should be a valid month spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_month(spec) },
-        }
-
-      property :weekday, [Integer, String],
-        description: "The day of the week on which this entry is to run (`0-7`, `mon-sun`, or `*`), where Sunday is both `0` and `7`.",
-        default: "*", callbacks: {
-          "should be a valid weekday spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_dow(spec) },
-        }
-
-      property :command, String,
-        description: "The command to run.",
-        required: [:create]
-
-      property :user, String,
-        description: "The name of the user that runs the command.",
-        default: "root"
-
-      property :mailto, String,
-        description: "Set the `MAILTO` environment variable in the cron.d file."
-
-      property :path, String,
-        description: "Set the `PATH` environment variable in the cron.d file."
-
-      property :home, String,
-        description: "Set the `HOME` environment variable in the cron.d file."
-
-      property :shell, String,
-        description: "Set the `SHELL` environment variable in the cron.d file."
-
       property :comment, String,
         description: "A comment to place in the cron.d file."
 
-      property :environment, Hash,
-        description: "A Hash containing additional arbitrary environment variables under which the cron job will be run in the form of `({'ENV_VARIABLE' => 'VALUE'})`.",
-        default: lazy { {} }
-
-      TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze
-      TIMEOUT_REGEX = /\A\S+/.freeze
-
-      property :time_out, Hash,
-        description: "A Hash of timeouts in the form of `({'OPTION' => 'VALUE'})`.
-        Accepted valid options are:
-        `preserve-status` (BOOL, default: 'false'),
-        `foreground` (BOOL, default: 'false'),
-        `kill-after` (in seconds),
-        `signal` (a name like 'HUP' or a number)",
-        default: lazy { {} },
-        introduced: "15.7",
-        coerce: proc { |h|
-          if h.is_a?(Hash)
-            invalid_keys = h.keys - TIMEOUT_OPTS
-            unless invalid_keys.empty?
-              error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"!  You passed \"#{invalid_keys.join(", ")}\"."
-              raise Chef::Exceptions::ValidationFailed, error_msg
-            end
-            unless h.values.all? { |x| x =~ TIMEOUT_REGEX }
-              error_msg = "Values of option time_out should be non-empty string without any leading whitespaces."
-              raise Chef::Exceptions::ValidationFailed, error_msg
-            end
-            h
-          elsif h.is_a?(Integer) || h.is_a?(String)
-            { "duration" => h }
-          end
-        }
-
       property :mode, [String, Integer],
         description: "The octal mode of the generated crontab file.",
         default: "0600"
@@ -238,7 +158,7 @@ class Chef
 
           # @todo this is Chef 12 era cleanup. Someday we should remove it all
           template "/etc/cron.d/#{sanitized_name}" do
-            source ::File.expand_path("../support/cron.d.erb", __FILE__)
+            source ::File.expand_path("../../support/cron.d.erb", __FILE__)
             local true
             mode new_resource.mode
             variables(

data/lib/chef/resource/cron_access.rb

@@ -28,7 +28,7 @@ class Chef
       provides(:cron_manage) # legacy name @todo in Chef 15 we should { true } this so it wins over the cookbook
 
       introduced "14.4"
-      description "Use the **cron_access** resource to manage the /etc/cron.allow and /etc/cron.deny files. Note: This resource previously shipped in the `cron` cookbook as `cron_manage`, which it can still be used as for backwards compatibility with existing Chef Infra Client releases."
+      description "Use the **cron_access** resource to manage cron's cron.allow and cron.deny files. Note: This resource previously shipped in the `cron` cookbook as `cron_manage`, which it can still be used as for backwards compatibility with existing Chef Infra Client releases."
       examples <<~DOC
         **Add the mike user to cron.allow**
 
@@ -58,11 +58,18 @@ class Chef
         description: "An optional property to set the user name if it differs from the resource block's name.",
         name_property: true
 
+      CRON_PATHS = {
+          "aix" => "/var/adm/cron",
+          "solaris" => "/etc/cron.d",
+          "default" => "/etc",
+      }.freeze
+
       action :allow do
         description "Add the user to the cron.allow file."
+        allow_path = ::File.join(value_for_platform_family(CRON_PATHS), "cron.allow")
 
         with_run_context :root do
-          edit_resource(:template, "/etc/cron.allow") do |new_resource|
+          edit_resource(:template, allow_path) do |new_resource|
             source ::File.expand_path("../support/cron_access.erb", __FILE__)
             local true
             mode "0600"
@@ -76,9 +83,10 @@ class Chef
 
       action :deny do
         description "Add the user to the cron.deny file."
+        deny_path = ::File.join(value_for_platform_family(CRON_PATHS), "cron.deny")
 
         with_run_context :root do
-          edit_resource(:template, "/etc/cron.deny") do |new_resource|
+          edit_resource(:template, deny_path) do |new_resource|
             source ::File.expand_path("../support/cron_access.erb", __FILE__)
             local true
             mode "0600"