chef 16.1.0-universal-mingw32 → 16.3.38-universal-mingw32

data/lib/chef/resource/file.rb

@@ -56,28 +56,30 @@ class Chef
       allowed_actions :create, :delete, :touch, :create_if_missing
 
       property :path, String, name_property: true,
-               description: "The full path to the file, including the file name and its extension. For example: /files/file.txt. Default value: the name of the resource block. Microsoft Windows: A path that begins with a forward slash (/) will point to the root of the current working directory of the #{Chef::Dist::CLIENT} process. This path can vary from system to system. Therefore, using a path that begins with a forward slash (/) is not recommended."
+        description: "The full path to the file, including the file name and its extension. For example: /files/file.txt. Default value: the name of the resource block. Microsoft Windows: A path that begins with a forward slash (/) will point to the root of the current working directory of the #{Chef::Dist::CLIENT} process. This path can vary from system to system. Therefore, using a path that begins with a forward slash (/) is not recommended."
 
       property :atomic_update, [ TrueClass, FalseClass ], desired_state: false, default: lazy { docker? && special_docker_files?(path) ? false : Chef::Config[:file_atomic_update] },
-               default_description: "False if modifying /etc/hosts, /etc/hostname, or /etc/resolv.conf within Docker containers. Otherwise default to the client.rb 'file_atomic_update' config value.",
-               description: "Perform atomic file updates on a per-resource basis. Set to true for atomic file updates. Set to false for non-atomic file updates. This setting overrides `file_atomic_update`, which is a global setting found in the `client.rb` file."
+        default_description: "False if modifying /etc/hosts, /etc/hostname, or /etc/resolv.conf within Docker containers. Otherwise default to the client.rb 'file_atomic_update' config value.",
+        description: "Perform atomic file updates on a per-resource basis. Set to true for atomic file updates. Set to false for non-atomic file updates. This setting overrides `file_atomic_update`, which is a global setting found in the `client.rb` file."
 
       property :backup, [ Integer, FalseClass ], desired_state: false, default: 5,
-               description: "The number of backups to be kept in `/var/chef/backup` (for UNIX- and Linux-based platforms) or `C:/chef/backup` (for the Microsoft Windows platform). Set to `false` to prevent backups from being kept."
+        description: "The number of backups to be kept in `/var/chef/backup` (for UNIX- and Linux-based platforms) or `C:/chef/backup` (for the Microsoft Windows platform). Set to `false` to prevent backups from being kept."
 
-      property :checksum, [ /^[a-zA-Z0-9]{64}$/, nil ],
+      property :checksum, [ String, nil ],
+        regex: /^\h{64}$/,
+        coerce: lambda { |s| s.is_a?(String) ? s.downcase : s },
         description: "The SHA-256 checksum of the file. Use to ensure that a specific file is used. If the checksum does not match, the file is not used."
 
       property :content, [ String, nil ], desired_state: false,
-               description: "A string that is written to the file. The contents of this property replace any previous content when this property has something other than the default value. The default behavior will not modify content."
+        description: "A string that is written to the file. The contents of this property replace any previous content when this property has something other than the default value. The default behavior will not modify content."
 
       property :diff, [ String, nil ], desired_state: false, skip_docs: true
 
       property :force_unlink, [ TrueClass, FalseClass ], desired_state: false, default: false,
-               description: "How #{Chef::Dist::PRODUCT} handles certain situations when the target file turns out not to be a file. For example, when a target file is actually a symlink. Set to true for #{Chef::Dist::PRODUCT} to delete the non-file target and replace it with the specified file. Set to false for #{Chef::Dist::PRODUCT} to raise an error."
+        description: "How #{Chef::Dist::PRODUCT} handles certain situations when the target file turns out not to be a file. For example, when a target file is actually a symlink. Set to `true` for #{Chef::Dist::PRODUCT} to delete the non-file target and replace it with the specified file. Set to `false` for #{Chef::Dist::PRODUCT} to raise an error."
 
       property :manage_symlink_source, [ TrueClass, FalseClass ], desired_state: false,
-               description: "Change the behavior of the file resource if it is pointed at a symlink. When this value is set to true, #{Chef::Dist::PRODUCT} will manage the symlink's permissions or will replace the symlink with a normal file if the resource has content. When this value is set to false, #{Chef::Dist::PRODUCT} will follow the symlink and will manage the permissions and content of symlink's target file. The default behavior is true but emits a warning that the default value will be changed to false in a future version; setting this explicitly to true or false suppresses this warning."
+        description: "Change the behavior of the file resource if it is pointed at a symlink. When this value is set to true, #{Chef::Dist::PRODUCT} will manage the symlink's permissions or will replace the symlink with a normal file if the resource has content. When this value is set to false, #{Chef::Dist::PRODUCT} will follow the symlink and will manage the permissions and content of symlink's target file. The default behavior is true but emits a warning that the default value will be changed to false in a future version; setting this explicitly to true or false suppresses this warning."
 
       property :verifications, Array, default: lazy { [] }
 

data/lib/chef/resource/freebsd_package.rb

@@ -42,7 +42,7 @@ class Chef
       private
 
       def assign_provider
-        @provider = if source.to_s =~ /^ports$/i
+        @provider = if /^ports$/i.match?(source.to_s)
                       Chef::Provider::Package::Freebsd::Port
                     else
                       Chef::Provider::Package::Freebsd::Pkgng

data/lib/chef/resource/gem_package.rb

@@ -25,7 +25,40 @@ class Chef
       unified_mode true
       provides :gem_package
 
-      description "Use the **gem_package** resource to manage gem packages that are only included in recipes. When a package is installed from a local file, it must be added to the node using the remote_file or cookbook_file resources."
+      description <<~DESC
+        Use the **gem_package** resource to manage gem packages that are only included in recipes.
+        When a gem is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources.
+
+        Note: The **gem_package** resource must be specified as `gem_package` and cannot be shortened to `package` in a recipe.
+
+        Warning: The **chef_gem** and **gem_package** resources are both used to install Ruby gems. For any machine on which #{Chef::Dist::PRODUCT} is
+        installed, there are two instances of Ruby. One is the standard, system-wide instance of Ruby and the other is a dedicated instance that is
+        available only to #{Chef::Dist::PRODUCT}.
+        Use the **chef_gem** resource to install gems into the instance of Ruby that is dedicated to #{Chef::Dist::PRODUCT}.
+        Use the **gem_package** resource to install all other gems (i.e. install gems system-wide).
+      DESC
+
+      examples <<~EXAMPLES
+        The following examples demonstrate various approaches for using the **gem_package** resource in recipes:
+
+        **Install a gem file from the local file system**
+
+        ```ruby
+        gem_package 'right_aws' do
+          source '/tmp/right_aws-1.11.0.gem'
+          action :install
+        end
+        ```
+
+        **Use the `ignore_failure` common attribute**
+
+        ```ruby
+        gem_package 'syntax' do
+          action :install
+          ignore_failure true
+        end
+        ```
+      EXAMPLES
 
       property :package_name, String,
         description: "An optional property to set the package name if it differs from the resource block's name.",
@@ -53,7 +86,7 @@ class Chef
         default: lazy { Chef::Config[:clear_gem_sources] }, desired_state: false
 
       property :gem_binary, String, desired_state: false,
-        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be installed."
+        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be used."
 
       property :include_default_source, [ TrueClass, FalseClass, nil ],
         description: "Set to `false` to not include `Chef::Config[:rubygems_url]` in the sources.",

data/lib/chef/resource/helpers/cron_validations.rb

@@ -35,7 +35,7 @@ class Chef
         # Lists of individual values, ranges, and step values all share the validity range for type
         spec.split(%r{\/|-|,}).each do |x|
           next if x == "*"
-          return false unless x =~ /^\d+$/
+          return false unless /^\d+$/.match?(x)
 
           x = x.to_i
           return false unless x >= min && x <= max
@@ -62,13 +62,16 @@ class Chef
         end
       end
 
-      # validate the provided day of the week is sun-sat, 0-7, or *
+      # validate the provided day of the week is sun-sat, sunday-saturday, 0-7, or *
+      # Added crontab param to check cron resource
       # @param spec the value to validate
       # @return [Boolean] valid or not?
       def validate_dow(spec)
+        spec = spec.to_s
         spec == "*" ||
           validate_numeric(spec, 0, 7) ||
-          %w{sun mon tue wed thu fri sat}.include?(String(spec).downcase)
+          %w{sun mon tue wed thu fri sat}.include?(spec.downcase) ||
+          %w{sunday monday tuesday wednesday thursday friday saturday}.include?(spec.downcase)
       end
 
       # validate the day of the month is 1-31

data/lib/chef/resource/homebrew_package.rb

@@ -29,8 +29,37 @@ class Chef
       provides :homebrew_package
       provides :package, os: "darwin"
 
-      description "Use the **homebrew_package** resource to manage packages for the macOS platform."
+      description "Use the **homebrew_package** resource to manage packages for the macOS platform. Note: Starting with #{Chef::Dist::PRODUCT} 16 the homebrew resource now accepts an array of packages for installing multiple packages at once."
       introduced "12.0"
+      examples <<~DOC
+      **Install a package**:
+
+      ```ruby
+      homebrew_package 'git'
+      ```
+
+      **Install multiple packages at once**:
+
+      ```ruby
+      homebrew_package %w(git fish ruby)
+      ```
+
+      **Specify the Homebrew user with a UUID**
+
+      ```ruby
+      homebrew_package 'git' do
+        homebrew_user 1001
+      end
+      ```
+
+      **Specify the Homebrew user with a string**:
+
+      ```ruby
+      homebrew_package 'vim' do
+        homebrew_user 'user1'
+      end
+      ```
+      DOC
 
       property :homebrew_user, [ String, Integer ],
         description: "The name or uid of the Homebrew owner to be used by #{Chef::Dist::PRODUCT} when executing a command."

data/lib/chef/resource/homebrew_update.rb

@@ -0,0 +1,107 @@
+#
+# Author:: Joshua Timberman (<jtimberman@chef.io>)
+# Author:: Dan Webb (<dan@webb-agile-solutions.ltd>)
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) Webb Agile Solutions Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require_relative "../dist"
+
+class Chef
+  class Resource
+    class HomebrewUpdate < Chef::Resource
+      unified_mode true
+
+      provides(:homebrew_update) { true }
+
+      description "Use the **homebrew_update** resource to manage Homebrew repository updates on macOS."
+      introduced "16.2"
+      examples <<~DOC
+        **Update the homebrew repository data at a specified interval**:
+        ```ruby
+        homebrew_update 'all platforms' do
+          frequency 86400
+          action :periodic
+        end
+        ```
+        **Update the Homebrew repository at the start of a #{Chef::Dist::PRODUCT} run**:
+        ```ruby
+        homebrew_update 'update'
+        ```
+      DOC
+
+      # allow bare homebrew_update with no name
+      property :name, String, default: ""
+
+      property :frequency, Integer,
+        description: "Determines how frequently (in seconds) Homebrew updates are made. Use this property when the `:periodic` action is specified.",
+        default: 86_400
+
+      default_action :periodic
+      allowed_actions :update, :periodic
+
+      action_class do
+        BREW_STAMP_DIR = "/var/lib/homebrew/periodic".freeze
+        BREW_STAMP = "#{BREW_STAMP_DIR}/update-success-stamp".freeze
+
+        # Determines whether we need to run `homebrew update`
+        #
+        # @return [Boolean]
+        def brew_up_to_date?
+          ::File.exist?("#{BREW_STAMP}") &&
+            ::File.mtime("#{BREW_STAMP}") > Time.now - new_resource.frequency
+        end
+
+        def do_update
+          directory BREW_STAMP_DIR do
+            recursive true
+          end
+
+          file "#{BREW_STAMP}" do
+            content "BREW::Update::Post-Invoke-Success\n"
+            action :create_if_missing
+          end
+
+          execute "brew update" do
+            command %w{brew update}
+            default_env true
+            user Homebrew.owner
+            notifies :touch, "file[#{BREW_STAMP}]", :immediately
+          end
+        end
+      end
+
+      action :periodic do
+        return unless mac_os_x?
+
+        unless brew_up_to_date?
+          converge_by "update new lists of packages" do
+            do_update
+          end
+        end
+      end
+
+      action :update do
+        return unless mac_os_x?
+
+        converge_by "force update new lists of packages" do
+          do_update
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/hostname.rb

@@ -1,4 +1,7 @@
 #
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -13,6 +16,7 @@
 #
 
 require_relative "../resource"
+require_relative "../dist"
 
 class Chef
   class Resource
@@ -149,7 +153,7 @@ class Chef
               # this must come before other methods like /etc/hostname and /etc/sysconfig/network
               declare_resource(:execute, "hostnamectl set-hostname #{new_resource.hostname}") do
                 notifies :reload, "ohai[reload hostname]"
-                not_if { shell_out!("hostnamectl status", { returns: [0, 1] }).stdout =~ /Static hostname:\s*#{new_resource.hostname}\s*$/ }
+                not_if { shell_out!("hostnamectl status", returns: [0, 1]).stdout =~ /Static hostname:\s*#{new_resource.hostname}\s*$/ }
               end
             when ::File.exist?("/etc/hostname")
               # debian family uses /etc/hostname
@@ -199,24 +203,7 @@ class Chef
               group node["root_group"]
               mode "0644"
             end
-          when ::File.exist?("/etc/nodename")
-            # Solaris <= 5.10 systems prior to svccfg taking over this functionality (must come before svccfg handling)
-            declare_resource(:file, "/etc/nodename") do
-              content "#{new_resource.hostname}\n"
-              owner "root"
-              group node["root_group"]
-              mode "0644"
-            end
-            # Solaris also has /etc/inet/hosts (copypasta alert)
-            unless new_resource.ipaddress.nil?
-              newline = "#{new_resource.ipaddress} #{new_resource.hostname}"
-              newline << " #{new_resource.aliases.join(" ")}" if new_resource.aliases && !new_resource.aliases.empty?
-              newline << " #{new_resource.hostname[/[^\.]*/]}"
-              r = append_replacing_matching_lines("/etc/inet/hosts", /^#{new_resource.ipaddress}\s+|\s+#{new_resource.hostname}\s+/, newline)
-              r.notifies :reload, "ohai[reload hostname]"
-            end
-          when ::File.exist?("/usr/sbin/svccfg")
-            # Solaris >= 5.11 systems using svccfg (must come after /etc/nodename handling)
+          when ::File.exist?("/usr/sbin/svccfg") # solaris 5.11
             declare_resource(:execute, "svccfg -s system/identity:node setprop config/nodename=\'#{new_resource.hostname}\'") do
               notifies :run, "execute[svcadm refresh]", :immediately
               notifies :run, "execute[svcadm restart]", :immediately
@@ -262,7 +249,7 @@ class Chef
 
           # reboot because $windows
           declare_resource(:reboot, "setting hostname") do
-            reason "chef setting hostname"
+            reason "#{Chef::Dist::PRODUCT} updated system hostname"
             action :nothing
             only_if { new_resource.windows_reboot }
           end

data/lib/chef/resource/kernel_module.rb

@@ -19,11 +19,14 @@ class Chef
       introduced "14.3"
       examples <<~DOC
         Install and load a kernel module, and ensure it loads on reboot.
+
         ```ruby
         kernel_module 'loop'
         ```
+
         Install and load a kernel with a specific set of options, and ensure it loads on reboot. Consult kernel module
         documentation for specific options that are supported.
+
         ```ruby
         kernel_module 'loop' do
           options [
@@ -32,31 +35,41 @@ class Chef
           ]
         end
         ```
+
         Load a kernel module.
+
         ```ruby
         kernel_module 'loop' do
           action :load
         end
         ```
-        Unload a kernel module and remove module config, so it doesn’t load on reboot.
+
+        Unload a kernel module and remove module config, so it doesn't load on reboot.
+
         ```ruby
         kernel_module 'loop' do
           action :uninstall
         end
         ```
+
         Unload kernel module.
+
         ```ruby
         kernel_module 'loop' do
           action :unload
         end
         ```
+
         Blacklist a module from loading.
+
         ```ruby
         kernel_module 'loop' do
           action :blacklist
         end
         ```
+
         Disable a kernel module.
+
         ```ruby
         kernel_module 'loop' do
           action :disable

data/lib/chef/resource/launchd.rb

@@ -68,7 +68,7 @@ class Chef
       # check.  According to `man 5 launchd.plist`:
       #   StartCalendarInterval <dictionary of integers or array of dictionaries of integers>
       #     ... Missing arguments are considered to be wildcard.
-      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctrl v3.4.0)
+      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctl v3.4.0)
       # Is that keys that are specified, but invalid, will also be treated as a wildcard
       # this means that an entry like:
       #   { "Hour"=>0, "Weekday"=>"6-7"}

data/lib/chef/resource/locale.rb

@@ -45,7 +45,7 @@ class Chef
       property :lang, String,
         description: "Sets the default system language.",
         regex: [LOCALE_REGEX],
-        validation_message: "The provided lang is not valid. It should be a non-empty string without any leading whitespaces."
+        validation_message: "The provided lang is not valid. It should be a non-empty string without any leading whitespace."
 
       property :lc_env, Hash,
         description: "A Hash of LC_* env variables in the form of `({ 'LC_ENV_VARIABLE' => 'VALUE' })`.",
@@ -59,7 +59,7 @@ class Chef
             end
           end
           unless h.values.all? { |x| x =~ LOCALE_REGEX }
-            error_msg = "Values of option lc_env should be non-empty string without any leading whitespaces."
+            error_msg = "Values of option lc_env should be non-empty string without any leading whitespace."
             raise Chef::Exceptions::ValidationFailed, error_msg
           end
           h
@@ -120,7 +120,7 @@ class Chef
           end
         end
 
-        # Generates the localisation files from templates using locale-gen.
+        # Generates the localization files from templates using locale-gen.
         # @see http://manpages.ubuntu.com/manpages/cosmic/man8/locale-gen.8.html
         # @raise [Mixlib::ShellOut::ShellCommandFailed] not a supported language or locale
         #

data/lib/chef/resource/lwrp_base.rb

@@ -103,6 +103,7 @@ class Chef
         protected
 
         attr_writer :loaded_lwrps
+
         def loaded_lwrps
           @loaded_lwrps ||= {}
         end

data/lib/chef/resource/macos_userdefaults.rb

@@ -16,6 +16,8 @@
 #
 
 require_relative "../resource"
+require_relative "../dist"
+require "plist"
 
 class Chef
   class Resource
@@ -28,94 +30,210 @@ class Chef
 
       description "Use the **macos_userdefaults** resource to manage the macOS user defaults system. The properties of this resource are passed to the defaults command, and the parameters follow the convention of that command. See the defaults(1) man page for details on how the tool works."
       introduced "14.0"
+      examples <<~DOC
+        **Specify a global domain value**
+
+        ```ruby
+        macos_userdefaults 'Full keyboard access to all controls' do
+          key 'AppleKeyboardUIMode'
+          value 2
+        end
+        ```
+
+        **Setting a value on a specific domain**
+
+        ```ruby
+        macos_userdefaults 'Enable macOS firewall' do
+          domain '/Library/Preferences/com.apple.alf'
+          key 'globalstate'
+          value 1
+        end
+        ```
+
+        **Specifying the type of a key to skip automatic type detection**
+
+        ```ruby
+        macos_userdefaults 'Finder expanded save dialogs' do
+          key 'NSNavPanelExpandedStateForSaveMode'
+          value 'TRUE'
+          type 'bool'
+        end
+        ```
+      DOC
 
       property :domain, String,
         description: "The domain that the user defaults belong to.",
-        required: true
+        default: "NSGlobalDomain",
+        default_description: "NSGlobalDomain: the global domain.",
+        desired_state: false
 
       property :global, [TrueClass, FalseClass],
         description: "Determines whether or not the domain is global.",
-        default: false
+        deprecated: true,
+        default: false,
+        desired_state: false
 
       property :key, String,
-        description: "The preference key."
+        description: "The preference key.",
+        required: true
+
+      property :host, [String, Symbol],
+        description: "Set either :current or a hostname to set the user default at the host level.",
+        desired_state: false,
+        introduced: "16.3"
 
       property :value, [Integer, Float, String, TrueClass, FalseClass, Hash, Array],
-        description: "The value of the key.",
-        required: true
+        description: "The value of the key. Note: With the `type` property set to `bool`, `String` forms of Boolean true/false values that Apple accepts in the defaults command will be coerced: 0/1, 'TRUE'/'FALSE,' 'true'/false', 'YES'/'NO', or 'yes'/'no'.",
+        required: [:write],
+        coerce: proc { |v| v.is_a?(Hash) ? v.transform_keys(&:to_s) : v } # make sure keys are all strings for comparison
 
       property :type, String,
         description: "The value type of the preference key.",
-        default: ""
+        equal_to: %w{bool string int float array dict},
+        desired_state: false
 
       property :user, String,
-        description: "The system user that the default will be applied to."
+        description: "The system user that the default will be applied to.",
+        desired_state: false
 
       property :sudo, [TrueClass, FalseClass],
-        description: "Set to true if the setting you wish to modify requires privileged access.",
+        description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{Chef::Dist::PRODUCT}.",
         default: false,
         desired_state: false
 
-      # @todo this should get refactored away: https://github.com/chef/chef/issues/7622
-      property :is_set, [TrueClass, FalseClass],
-        default: false,
-        desired_state: false,
-        skip_docs: true
+      load_current_value do |desired|
+        Chef::Log.debug "#load_current_value: shelling out \"#{defaults_export_cmd(desired).join(" ")}\" to determine state"
+        state = shell_out(defaults_export_cmd(desired), user: desired.user)
 
-      # coerce various ways of representing a boolean into either 0 (false) or 1 (true)
-      # which is what the defaults CLI expects. Why? Well defaults itself accepts a few
-      # different formats, but when you do a read command it all comes back as 1 or 0.
-      def coerce_booleans(val)
-        return 1 if [true, "TRUE", "1", "true", "YES", "yes"].include?(val)
-        return 0 if [false, "FALSE", "0", "false", "NO", "no"].include?(val)
+        if state.error? || state.stdout.empty?
+          Chef::Log.debug "#load_current_value: #{defaults_export_cmd(desired).join(" ")} returned stdout: #{state.stdout} and stderr: #{state.stderr}"
+          current_value_does_not_exist!
+        end
+
+        plist_data = ::Plist.parse_xml(state.stdout)
+
+        # handle the situation where the key doesn't exist in the domain
+        if plist_data.key?(desired.key)
+          key desired.key
+        else
+          current_value_does_not_exist!
+        end
 
-        val
+        value plist_data[desired.key]
       end
 
-      load_current_value do |desired|
-        value = coerce_booleans(desired.value)
-        drcmd = "defaults read '#{desired.domain}' "
-        drcmd << "'#{desired.key}' " if desired.key
-        shell_out_opts = {}
-        shell_out_opts[:user] = desired.user unless desired.user.nil?
-        vc = shell_out("#{drcmd} | grep -qx '#{value}'", shell_out_opts)
-        is_set vc.exitstatus == 0 ? true : false
+      #
+      # The defaults command to export a domain
+      #
+      # @return [Array] defaults command
+      #
+      def defaults_export_cmd(resource)
+        state_cmd = ["/usr/bin/defaults"]
+
+        if resource.host == "current"
+          state_cmd.concat(["-currentHost"])
+        elsif resource.host # they specified a non-nil value, which is a hostname
+          state_cmd.concat(["-host", resource.host])
+        end
+
+        state_cmd.concat(["export", resource.domain, "-"])
+        state_cmd
       end
 
       action :write do
-        description "Write the setting to the specified domain"
-
-        unless current_resource.is_set
-          cmd = ["defaults write"]
-          cmd.unshift("sudo") if new_resource.sudo
-
-          cmd << if new_resource.global
-                   "NSGlobalDomain"
-                 else
-                   "'#{new_resource.domain}'"
-                 end
-
-          cmd << "'#{new_resource.key}'" if new_resource.key
-          value = new_resource.value
-          type = new_resource.type.empty? ? value_type(value) : new_resource.type
-          # creates a string of Key1 Value1 Key2 Value2...
-          value = value.map { |k, v| "\"#{k}\" \"#{v}\"" }.join(" ") if type == "dict"
-          if type == "array"
-            value = value.join("' '")
-            value = "'#{value}'"
-          end
-          cmd << "-#{type}" if type
-          cmd << value
+        description "Write the value to the specified domain/key."
 
-          # FIXME: this should use cmd directly as an array argument, but then the quoting
-          # of individual args above needs to be removed as well.
-          execute cmd.join(" ") do
-            user new_resource.user unless new_resource.user.nil?
-          end
+        converge_if_changed do
+          cmd = defaults_modify_cmd
+          Chef::Log.debug("Updating defaults value by shelling out: #{cmd.join(" ")}")
+
+          shell_out!(cmd, user: new_resource.user)
+        end
+      end
+
+      action :delete do
+        description "Delete a key from a domain."
+
+        # if it's not there there's nothing to remove
+        return unless current_resource
+
+        converge_by("delete domain:#{new_resource.domain} key:#{new_resource.key}") do
+
+          cmd = defaults_modify_cmd
+          Chef::Log.debug("Removing defaults key by shelling out: #{cmd.join(" ")}")
+
+          shell_out!(cmd, user: new_resource.user)
         end
       end
 
       action_class do
+        #
+        # The command used to write or delete delete values from domains
+        #
+        # @return [Array] Array representation of defaults command to run
+        #
+        def defaults_modify_cmd
+          cmd = ["/usr/bin/defaults"]
+
+          if new_resource.host == :current
+            cmd.concat(["-currentHost"])
+          elsif new_resource.host # they specified a non-nil value, which is a hostname
+            cmd.concat(["-host", new_resource.host])
+          end
+
+          cmd.concat([action.to_s, new_resource.domain, new_resource.key])
+          cmd.concat(processed_value) if action == :write
+          cmd.prepend("sudo") if new_resource.sudo
+          cmd
+        end
+
+        #
+        # convert the provided value into the format defaults expects
+        #
+        # @return [array] array of values starting with the type if applicable
+        #
+        def processed_value
+          type = new_resource.type || value_type(new_resource.value)
+
+          # when dict this creates an array of values ["Key1", "Value1", "Key2", "Value2" ...]
+          cmd_values = ["-#{type}"]
+
+          case type
+          when "dict"
+            cmd_values.concat(new_resource.value.flatten)
+          when "array"
+            cmd_values.concat(new_resource.value)
+          when "bool"
+            cmd_values.concat(bool_to_defaults_bool(new_resource.value))
+          else
+            cmd_values.concat([new_resource.value])
+          end
+
+          cmd_values
+        end
+
+        #
+        # defaults booleans on the CLI must be 'TRUE' or 'FALSE' so convert various inputs to that
+        #
+        # @param [String, Integer, Boolean] input <description>
+        #
+        # @return [String] TRUE or FALSE
+        #
+        def bool_to_defaults_bool(input)
+          return ["TRUE"] if [true, "TRUE", "1", "true", "YES", "yes"].include?(input)
+          return ["FALSE"] if [false, "FALSE", "0", "false", "NO", "no"].include?(input)
+
+          # make sure it's very clear bad input was given
+          raise ArgumentError, "#{input} cannot be converted to a boolean value for use with Apple's defaults command. Acceptable values are: 'TRUE', 'YES', 'true, 'yes', '0', true, 'FALSE', 'false', 'NO', 'no', '1', or false."
+        end
+
+        #
+        # convert ruby type to defaults type
+        #
+        # @param [Integer, Float, String, TrueClass, FalseClass, Hash, Array] value The value being set
+        #
+        # @return [string, nil] the type value used by defaults or nil if not applicable
+        #
         def value_type(value)
           case value
           when true, false
@@ -128,6 +246,8 @@ class Chef
             "dict"
           when Array
             "array"
+          when String
+            "string"
           end
         end
       end