chef 16.0.287-universal-mingw32 → 16.2.73-universal-mingw32

data/lib/chef/provider/windows_task.rb

@@ -72,6 +72,7 @@ class Chef
           6 => TaskScheduler::TASK_SIXTH,
           7 => TaskScheduler::TASK_SEVENTH,
           8 => TaskScheduler::TASK_EIGHTH,
+          # cspell:disable-next-line
           9 => TaskScheduler::TASK_NINETH,
           10 => TaskScheduler::TASK_TENTH,
           11 => TaskScheduler::TASK_ELEVENTH,
@@ -93,6 +94,7 @@ class Chef
           27 => TaskScheduler::TASK_TWENTY_SEVENTH,
           28 => TaskScheduler::TASK_TWENTY_EIGHTH,
           29 => TaskScheduler::TASK_TWENTY_NINTH,
+          # cspell:disable-next-line
           30 => TaskScheduler::TASK_THIRTYETH,
           31 => TaskScheduler::TASK_THIRTY_FIRST,
         }.freeze
@@ -229,7 +231,7 @@ class Chef
 
         private
 
-        # seprated command arguments from :command property
+        # separated command arguments from :command property
         def set_command_and_arguments
           cmd, *args = Chef::Util::PathHelper.split_args(new_resource.command)
           new_resource.command = cmd
@@ -577,7 +579,7 @@ class Chef
 
         def logon_type
           # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa383566(v=vs.85).aspx
-          # if nothing is passed as logon_type the TASK_LOGON_SERVICE_ACCOUNT is getting set as default so using that for comparision.
+          # if nothing is passed as logon_type the TASK_LOGON_SERVICE_ACCOUNT is getting set as default so using that for comparison.
           user_id = new_resource.user.to_s
           password = new_resource.password.to_s
           if Chef::ReservedNames::Win32::Security::SID.service_account_user?(user_id)

data/lib/chef/provider/zypper_repository.rb

@@ -115,28 +115,48 @@ class Chef
         end
       end
 
+      # the version of gpg installed on the system
+      #
+      # @return [Gem::Version] the version of GPG
+      def gpg_version
+        so = shell_out!("gpg --version")
+        # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp
+        version = /gpg \(GnuPG\)\s*(.*)/.match(so.stdout)[1]
+        logger.trace("GPG package version is #{version}")
+        Gem::Version.new(version)
+      end
+
       # is the provided key already installed
       # @param [String] key_path the path to the key on the local filesystem
       #
       # @return [boolean] is the key already known by rpm
       def key_installed?(key_path)
-        so = shell_out("rpm -qa gpg-pubkey*")
+        so = shell_out("/bin/rpm -qa gpg-pubkey*")
         # expected output & match: http://rubular.com/r/RdF7EcXEtb
-        status = /gpg-pubkey-#{key_fingerprint(key_path)}/.match(so.stdout)
+        status = /gpg-pubkey-#{short_key_id(key_path)}/.match(so.stdout)
         logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}")
         status
       end
 
-      # extract the gpg key fingerprint from a local file
+      # extract the gpg key's short key id from a local file. Learning moment: This 8 hex value ID
+      # is sometimes incorrectly called the fingerprint. The fingerprint is the full length value
+      # and googling for that will just result in sad times.
+      #
       # @param [String] key_path the path to the key on the local filesystem
       #
-      # @return [String] the fingerprint of the key
-      def key_fingerprint(key_path)
-        so = shell_out!("gpg --with-fingerprint #{key_path}")
-        # expected output and match: http://rubular.com/r/BpfMjxySQM
-        fingerprint = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
-        logger.trace("GPG fingerprint of key at #{key_path} is #{fingerprint}")
-        fingerprint
+      # @return [String] the short key id of the key
+      def short_key_id(key_path)
+        if gpg_version >= Gem::Version.new("2.2") # SLES 15+
+          so = shell_out!("gpg --import-options import-show --dry-run --import --with-colons #{key_path}")
+          # expected output and match: https://rubular.com/r/uXWJo3yfkli1qA
+          short_key_id = /fpr:*\h*(\h{8}):/.match(so.stdout)[1].downcase
+        else # SLES 12 and earlier
+          so = shell_out!("gpg --with-fingerprint #{key_path}")
+          # expected output and match: http://rubular.com/r/BpfMjxySQM
+          short_key_id = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
+        end
+        logger.trace("GPG short key ID of key at #{key_path} is #{short_key_id}")
+        short_key_id
       end
 
       # install the provided gpg key

data/lib/chef/resource.rb

@@ -451,6 +451,17 @@ class Chef
       description: "Determines whether or not the resource is executed during the compile time phase.",
       default: false, desired_state: false
 
+    # Set a umask to be used for the duration of converging the resource.
+    # Defaults to `nil`, which means to use the system umask.
+    #
+    # @param arg [String] The umask to apply while converging the resource.
+    # @return [Boolean] The umask to apply while converging the resource.
+    #
+    property :umask, String,
+      desired_state: false,
+      introduced: "16.2",
+      description: "Set a umask to be used for the duration of converging the resource. Defaults to `nil`, which means to use the system umask. Unsupported on Windows because Windows lacks a direct equivalent to UNIX's umask."
+
     # The time it took (in seconds) to run the most recently-run action.  Not
     # cumulative across actions.  This is set to 0 as soon as a new action starts
     # running, and set to the elapsed time at the end of the action.
@@ -588,7 +599,9 @@ class Chef
       begin
         return if should_skip?(action)
 
-        provider_for_action(action).run_action
+        with_umask do
+          provider_for_action(action).run_action
+        end
       rescue StandardError => e
         if ignore_failure
           logger.error("#{custom_exception_message(e)}; ignore_failure is set, continuing")
@@ -612,6 +625,13 @@ class Chef
       events.resource_completed(self)
     end
 
+    def with_umask
+      old_value = ::File.umask(umask.oct) if umask
+      yield
+    ensure
+      ::File.umask(old_value) if umask
+    end
+
     #
     # If we are currently initializing the resource, this will be true.
     #
@@ -930,7 +950,7 @@ class Chef
     end
 
     #
-    # A hook called after a resource is created.  Meant to be overriden by
+    # A hook called after a resource is created.  Meant to be overridden by
     # subclasses.
     #
     def after_created
@@ -950,16 +970,7 @@ class Chef
     def self.resource_name(name = NOT_PASSED)
       # Setter
       if name != NOT_PASSED
-        if name
-          @resource_name = name.to_sym
-          name = name.to_sym
-          # FIXME: determine a way to deprecate this magic behavior
-          unless Chef::ResourceResolver.includes_handler?(name, self)
-            provides name
-          end
-        else
-          @resource_name = nil
-        end
+        @resource_name = name.to_sym rescue nil
       end
 
       @resource_name = nil unless defined?(@resource_name)
@@ -1114,7 +1125,7 @@ class Chef
     # `action_class` method, the presence of either indicates that this is
     # going to be a Chef-12.5 custom resource.  If we never see one of these
     # directives then we are constructing an old-style Resource+Provider or
-    # LWRP or whatevs.
+    # LWRP or whatever.
     #
     # If a block is passed, the action_class is always created and the block is
     # run inside it.
@@ -1327,7 +1338,7 @@ class Chef
     # Once we no longer care about supporting chef < 14.4 then we can deprecate
     # this API.
     #
-    # @param arg [String] version constrant to match against (e.g. "> 14")
+    # @param arg [String] version constraint to match against (e.g. "> 14")
     #
     def self.chef_version_for_provides(constraint)
       @chef_version_for_provides = constraint

data/lib/chef/resource/alternatives.rb

@@ -89,7 +89,7 @@ class Chef
         description: "The path to the alternatives link."
 
       property :path, String,
-        description: "The full path to the original application binary such as `/usr/bin/ruby27`."
+        description: "The absolute path to the original application binary such as `/usr/bin/ruby27`."
 
       property :priority, [String, Integer],
         coerce: proc { |n| n.to_i },

data/lib/chef/resource/apt_package.rb

@@ -46,7 +46,7 @@ class Chef
       apt_package %(package1 package2 package3)
       ```
 
-      **Install without using recommend packages as a dependency**
+      **Install without using recommend packages as a dependency**:
 
       ```ruby
       package 'apache2' do

data/lib/chef/resource/archive_file.rb

@@ -19,6 +19,7 @@
 #
 
 require_relative "../resource"
+require "fileutils" unless defined?(FileUtils)
 
 class Chef
   class Resource
@@ -39,6 +40,18 @@ class Chef
           destination '/srv/files'
         end
         ```
+
+        **Set specific permissions on the extracted files**:
+
+        ```ruby
+        archive_file 'Precompiled.zip' do
+          owner 'tsmith'
+          group 'staff'
+          mode '700'
+          path '/tmp/Precompiled.zip'
+          destination '/srv/files'
+        end
+        ```
       DOC
 
       property :path, String,
@@ -53,7 +66,7 @@ class Chef
         description: "The group of the extracted files."
 
       property :mode, [String, Integer],
-        description: "The mode of the extracted files.",
+        description: "The mode of the extracted files. Integer values are deprecated as octal values (ex. 0755) would not be interpreted correctly.",
         default: "755"
 
       property :destination, String,
@@ -72,11 +85,11 @@ class Chef
       alias_method :extract_options, :options
       alias_method :extract_to, :destination
 
-      require "fileutils" unless defined?(FileUtils)
-
       action :extract do
         description "Extract and archive file."
 
+        require_libarchive
+
         unless ::File.exist?(new_resource.path)
           raise Errno::ENOENT, "No archive found at #{new_resource.path}! Cannot continue."
         end
@@ -85,7 +98,8 @@ class Chef
           Chef::Log.trace("File or directory does not exist at destination path: #{new_resource.destination}")
 
           converge_by("create directory #{new_resource.destination}") do
-            FileUtils.mkdir_p(new_resource.destination, mode: new_resource.mode.to_i)
+            # @todo when we remove the ability for mode to be an int we can remove the .to_s below
+            FileUtils.mkdir_p(new_resource.destination, mode: new_resource.mode.to_s.to_i(8))
           end
 
           extract(new_resource.path, new_resource.destination, Array(new_resource.options))
@@ -113,6 +127,16 @@ class Chef
       end
 
       action_class do
+        def require_libarchive
+          require "ffi-libarchive"
+        end
+
+        def define_resource_requirements
+          if new_resource.mode.is_a?(Integer)
+            Chef.deprecated(:archive_file_integer_file_mode, "The mode property should be passed to archive_file resources as a String and not an Integer to ensure the value is properly interpreted.")
+          end
+        end
+
         # This can't be a constant since we might not have required 'ffi-libarchive' yet.
         def extract_option_map
           {
@@ -136,8 +160,6 @@ class Chef
         #
         # @return [Boolean]
         def archive_differs_from_disk?(src, dest)
-          require "ffi-libarchive"
-
           modified = false
           Dir.chdir(dest) do
             archive = Archive::Reader.open_filename(src)
@@ -164,8 +186,6 @@ class Chef
         #
         # @return [void]
         def extract(src, dest, options = [])
-          require "ffi-libarchive"
-
           converge_by("extract #{src} to #{dest}") do
             flags = [options].flatten.map { |option| extract_option_map[option] }.compact.reduce(:|)
 

data/lib/chef/resource/bash.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "script"
-require_relative "../provider/script"
 
 class Chef
   class Resource

data/lib/chef/resource/batch.rb

@@ -27,8 +27,10 @@ class Chef
 
       description "Use the **batch** resource to execute a batch script using the cmd.exe interpreter on Windows. The batch resource creates and executes a temporary file (similar to how the script resource behaves), rather than running the command inline. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence."
 
-      def initialize(name, run_context = nil)
-        super(name, run_context, nil, "cmd.exe")
+      def initialize(*args)
+        super
+        @interpreter = "cmd.exe"
+        @default_guard_interpreter = resource_name
       end
 
     end

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -48,6 +48,16 @@ class Chef
           daemon_options ["--override-runlist mycorp_base::default"]
         end
       ```
+
+      **Run #{Chef::Dist::PRODUCT} daily at 01:00 am, specifying a named run-list**:
+
+      ```ruby
+        chef_client_scheduled_task "Run chef-client named run-list daily" do
+          frequency 'daily'
+          start_time '01:00'
+          daemon_options ['-n audit_only']
+        end
+      ```
       DOC
 
       resource_name :chef_client_scheduled_task
@@ -72,7 +82,8 @@ class Chef
         coerce: proc { |x| Integer(x) },
         callbacks: { "should be a positive number" => proc { |v| v > 0 } },
         description: "Numeric value to go with the scheduled task frequency",
-        default: 30
+        default: lazy { frequency == "minute" ? 30 : 1 },
+        default_description: "30 if frequency is 'minute', 1 otherwise"
 
       property :accept_chef_license, [true, false],
         description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
@@ -129,6 +140,7 @@ class Chef
 
         # According to https://docs.microsoft.com/en-us/windows/desktop/taskschd/schtasks,
         # the :once, :onstart, :onlogon, and :onidle schedules don't accept schedule modifiers
+
         windows_task new_resource.task_name do
           run_level                      :highest
           command                        full_command

data/lib/chef/resource/chef_gem.rb

@@ -22,26 +22,59 @@ require_relative "../dist"
 
 class Chef
   class Resource
-    # Use the chef_gem resource to install a gem only for the instance of Ruby that is dedicated to the chef-client.
-    # When a gem is installed from a local file, it must be added to the node using the remote_file or cookbook_file
-    # resources.
-    #
-    # The chef_gem resource works with all of the same properties and options as the gem_package resource, but does not
-    # accept the gem_binary property because it always uses the CurrentGemEnvironment under which the chef-client is
-    # running. In addition to performing actions similar to the gem_package resource, the chef_gem resource does the
-    # following:
-    #  - Runs its actions immediately, before convergence, allowing a gem to be used in a recipe immediately after it is
-    #    installed
-    #  - Runs Gem.clear_paths after the action, ensuring that gem is aware of changes so that it can be required
-    #    immediately after it is installed
-
-    require_relative "gem_package"
-    require_relative "../dist"
-
     class ChefGem < Chef::Resource::Package::GemPackage
       unified_mode true
       provides :chef_gem
 
+      description <<~DESC
+        Use the **chef_gem** resource to install a gem only for the instance of Ruby that is dedicated to the #{Chef::Dist::CLIENT}.
+        When a gem is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources.
+
+        The **chef_gem** resource works with all of the same properties and options as the **gem_package** resource, but does not
+        accept the `gem_binary` property because it always uses the `CurrentGemEnvironment` under which the `#{Chef::Dist::CLIENT}` is
+        running. In addition to performing actions similar to the **gem_package** resource, the **chef_gem** resource does the
+        following:
+        - Runs its actions immediately, before convergence, allowing a gem to be used in a recipe immediately after it is installed.
+        - Runs `Gem.clear_paths` after the action, ensuring that gem is aware of changes so that it can be required immediately after it is installed.
+
+        Warning: The **chef_gem** and **gem_package** resources are both used to install Ruby gems. For any machine on which #{Chef::Dist::PRODUCT} is
+        installed, there are two instances of Ruby. One is the standard, system-wide instance of Ruby and the other is a dedicated instance that is
+        available only to #{Chef::Dist::PRODUCT}.
+        Use the **chef_gem** resource to install gems into the instance of Ruby that is dedicated to #{Chef::Dist::PRODUCT}.
+        Use the **gem_package** resource to install all other gems (i.e. install gems system-wide).
+      DESC
+
+      examples <<~EXAMPLES
+        **Compile time vs. converge time installation of gems**
+
+        To install a gem while #{Chef::Dist::PRODUCT} is configuring the node (the converge phase), set the `compile_time` property to `false`:
+        ```ruby
+        chef_gem 'right_aws' do
+          compile_time false
+          action :install
+        end
+        ```
+
+        To install a gem while the resource collection is being built (the compile phase), set the `compile_time` property to `true`:
+        ```ruby
+        chef_gem 'right_aws' do
+          compile_time true
+          action :install
+        end
+        ```
+
+        Install MySQL for Chef
+        ```ruby
+        apt_update
+
+        build_essential 'install compilation tools' do
+          compile_time true
+        end
+
+        chef_gem 'mysql'
+        ```
+      EXAMPLES
+
       property :package_name, String,
         description: "An optional property to set the package name if it differs from the resource block's name.",
         identity: true
@@ -49,11 +82,14 @@ class Chef
       property :version, String,
         description: "The version of a package to be installed or upgraded."
 
-      property :gem_binary, default: "#{RbConfig::CONFIG["bindir"]}/gem", default_description: "The `gem` binary included with #{Chef::Dist::PRODUCT}.",
-                            description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be installed.",
-                            callbacks: {
-                 "The chef_gem resource is restricted to the current gem environment, use gem_package to install to other environments." => proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
-               }
+      property :gem_binary, String,
+        default: "#{RbConfig::CONFIG["bindir"]}/gem",
+        default_description: "The `gem` binary included with #{Chef::Dist::PRODUCT}.",
+        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be used.",
+        callbacks: {
+          "The `chef_gem` resource is restricted to the current gem environment, use `gem_package` to install to other environments." =>
+            proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
+        }
     end
   end
 end

data/lib/chef/resource/chef_handler.rb

@@ -107,7 +107,7 @@ class Chef
           end
         end
 
-        # Walks down the namespace heirarchy to return the class object for the given class name.
+        # Walks down the namespace hierarchy to return the class object for the given class name.
         # If the class is not available, NameError is thrown.
         #
         # @param class_full_name [String] full class name such as 'Chef::Handler::Foo' or 'MyHandler'.
@@ -118,7 +118,7 @@ class Chef
           class_name = ancestors.pop
 
           # We need to search the ancestors only for the first/uppermost namespace of the class, so we
-          # need to enable the #const_get inherit paramenter only when we are searching in Kernel scope
+          # need to enable the #const_get inherit parameter only when we are searching in Kernel scope
           # (see COOK-4117).
           parent = ancestors.inject(Kernel) { |scope, const_name| scope.const_get(const_name, scope === Kernel) }
           child = parent.const_get(class_name, parent === Kernel)